From 719bc4b5243a24b5bdd897dbf83f4fc1a0e97ae4 Mon Sep 17 00:00:00 2001 From: Arvind Iyengar Date: Wed, 21 Apr 2021 15:18:22 -0700 Subject: [PATCH] Regenerate released/ directory from stage-release --- index.yaml | 6831 +--------------- released/assets/README.md | 3 + .../fleet-agent/fleet-agent-0.3.000.tgz | Bin 0 -> 2162 bytes .../fleet-agent/fleet-agent-0.3.100.tgz | Bin 0 -> 2164 bytes .../fleet-agent/fleet-agent-0.3.200.tgz | Bin 0 -> 2120 bytes .../fleet-agent/fleet-agent-0.3.300.tgz | Bin 0 -> 2120 bytes .../fleet-agent/fleet-agent-0.3.400.tgz | Bin 0 -> 2281 bytes .../fleet-agent/fleet-agent-0.3.500.tgz | Bin 0 -> 2316 bytes .../assets/fleet-crd/fleet-crd-0.3.000.tgz | Bin 0 -> 9676 bytes .../assets/fleet-crd/fleet-crd-0.3.100.tgz | Bin 0 -> 9676 bytes .../assets/fleet-crd/fleet-crd-0.3.200.tgz | Bin 0 -> 9718 bytes .../assets/fleet-crd/fleet-crd-0.3.300.tgz | Bin 0 -> 9718 bytes .../assets/fleet-crd/fleet-crd-0.3.400.tgz | Bin 0 -> 9990 bytes .../assets/fleet-crd/fleet-crd-0.3.500.tgz | Bin 0 -> 10050 bytes released/assets/fleet/fleet-0.3.000.tgz | Bin 0 -> 2798 bytes released/assets/fleet/fleet-0.3.100.tgz | Bin 0 -> 2800 bytes released/assets/fleet/fleet-0.3.200.tgz | Bin 0 -> 2878 bytes released/assets/fleet/fleet-0.3.300.tgz | Bin 0 -> 2875 bytes released/assets/fleet/fleet-0.3.400.tgz | Bin 0 -> 3002 bytes released/assets/fleet/fleet-0.3.500.tgz | Bin 0 -> 3005 bytes released/assets/logos/backup-restore.svg | 24 + released/assets/logos/cis-kube-bench.svg | 43 + released/assets/logos/fleet.svg | 1 + released/assets/logos/gatekeeper.svg | 30 + released/assets/logos/istio.svg | 11 + released/assets/logos/logging.svg | 31 + released/assets/logos/rio.svg | 21 + released/assets/logos/vsphere-cpi.svg | 23 + released/assets/logos/vsphere-csi.svg | 23 + released/assets/longhorn/longhorn-1.0.200.tgz | Bin 0 -> 11516 bytes released/assets/longhorn/longhorn-1.0.201.tgz | Bin 0 -> 11524 bytes released/assets/longhorn/longhorn-1.1.000.tgz | Bin 0 -> 14785 bytes released/assets/longhorn/longhorn-1.1.001.tgz | Bin 0 -> 14845 bytes .../assets/longhorn/longhorn-crd-1.0.200.tgz | Bin 0 -> 923 bytes .../assets/longhorn/longhorn-crd-1.0.201.tgz | Bin 0 -> 876 bytes .../assets/longhorn/longhorn-crd-1.1.000.tgz | Bin 0 -> 1631 bytes .../assets/longhorn/longhorn-crd-1.1.001.tgz | Bin 0 -> 1631 bytes .../rancher-alerting-drivers-1.0.100.tgz | Bin 0 -> 7269 bytes .../rancher-backup-crd-1.0.400.tgz | Bin 0 -> 1686 bytes .../rancher-backup/rancher-backup-1.0.200.tgz | Bin 0 -> 4658 bytes .../rancher-backup/rancher-backup-1.0.201.tgz | Bin 0 -> 5321 bytes .../rancher-backup/rancher-backup-1.0.300.tgz | Bin 0 -> 5308 bytes .../rancher-backup/rancher-backup-1.0.301.tgz | Bin 0 -> 5321 bytes .../rancher-backup/rancher-backup-1.0.400.tgz | Bin 0 -> 5741 bytes .../rancher-backup-crd-1.0.200.tgz | Bin 0 -> 1719 bytes .../rancher-backup-crd-1.0.201.tgz | Bin 0 -> 1675 bytes .../rancher-backup-crd-1.0.300.tgz | Bin 0 -> 1673 bytes .../rancher-backup-crd-1.0.301.tgz | Bin 0 -> 1673 bytes .../rancher-cis-benchmark-1.0.100.tgz | Bin 0 -> 3416 bytes .../rancher-cis-benchmark-1.0.200.tgz | Bin 0 -> 3944 bytes .../rancher-cis-benchmark-1.0.300.tgz | Bin 0 -> 4828 bytes .../rancher-cis-benchmark-1.0.301.tgz | Bin 0 -> 4835 bytes .../rancher-cis-benchmark-1.0.400.tgz | Bin 0 -> 4946 bytes .../rancher-cis-benchmark-1.0.402.tgz | Bin 0 -> 4945 bytes .../rancher-cis-benchmark-crd-1.0.100.tgz | Bin 0 -> 1333 bytes .../rancher-cis-benchmark-crd-1.0.200.tgz | Bin 0 -> 1280 bytes .../rancher-cis-benchmark-crd-1.0.300.tgz | Bin 0 -> 1448 bytes .../rancher-cis-benchmark-crd-1.0.301.tgz | Bin 0 -> 1448 bytes .../rancher-cis-benchmark-crd-1.0.400.tgz | Bin 0 -> 1448 bytes .../rancher-cis-benchmark-crd-1.0.402.tgz | Bin 0 -> 1448 bytes .../rancher-external-ip-webhook-0.1.400.tgz | Bin 0 -> 7296 bytes .../rancher-external-ip-webhook-0.1.600.tgz | Bin 0 -> 7541 bytes .../rancher-external-ip-webhook-0.1.601.tgz | Bin 0 -> 7545 bytes .../rancher-gatekeeper-3.1.100.tgz | Bin 0 -> 6114 bytes .../rancher-gatekeeper-3.1.101.tgz | Bin 0 -> 6727 bytes .../rancher-gatekeeper-3.2.101.tgz | Bin 0 -> 6994 bytes .../rancher-gatekeeper-3.3.000.tgz | Bin 0 -> 7397 bytes .../rancher-gatekeeper-3.3.001.tgz | Bin 0 -> 7397 bytes .../rancher-gatekeeper-crd-3.1.100.tgz | Bin 0 -> 2479 bytes .../rancher-gatekeeper-crd-3.1.101.tgz | Bin 0 -> 2439 bytes .../rancher-gatekeeper-crd-3.2.101.tgz | Bin 0 -> 3693 bytes .../rancher-gatekeeper-crd-3.3.000.tgz | Bin 0 -> 3682 bytes .../rancher-gatekeeper-crd-3.3.001.tgz | Bin 0 -> 3682 bytes .../rancher-grafana-6.6.401.tgz | Bin 0 -> 27607 bytes .../rancher-istio-1.8.301.tgz | Bin 0 -> 19350 bytes .../rancher-istio-1.8.400.tgz | Bin 0 -> 19480 bytes .../rancher-istio-1.8.500.tgz | Bin 0 -> 19480 bytes .../rancher-istio-1.9.200.tgz | Bin 0 -> 19482 bytes .../rancher-istio-1.9.300.tgz | Bin 0 -> 19482 bytes .../rancher-istio/rancher-istio-1.7.100.tgz | Bin 0 -> 13476 bytes .../rancher-istio/rancher-istio-1.7.300.tgz | Bin 0 -> 14077 bytes .../rancher-istio/rancher-istio-1.7.301.tgz | Bin 0 -> 17401 bytes .../rancher-istio/rancher-istio-1.8.300.tgz | Bin 0 -> 17610 bytes .../rancher-kiali-server-1.23.001.tgz | Bin 0 -> 9104 bytes .../rancher-kiali-server-1.24.001.tgz | Bin 0 -> 9100 bytes .../rancher-kiali-server-1.24.003.tgz | Bin 0 -> 9246 bytes .../rancher-kiali-server-1.29.000.tgz | Bin 0 -> 9763 bytes .../rancher-kiali-server-1.29.100.tgz | Bin 0 -> 10105 bytes .../rancher-kiali-server-1.32.100.tgz | Bin 0 -> 10200 bytes .../rancher-kiali-server-crd-1.23.001.tgz | Bin 0 -> 607 bytes .../rancher-kiali-server-crd-1.24.001.tgz | Bin 0 -> 561 bytes .../rancher-kiali-server-crd-1.24.003.tgz | Bin 0 -> 562 bytes .../rancher-kiali-server-crd-1.29.000.tgz | Bin 0 -> 561 bytes .../rancher-kiali-server-crd-1.29.100.tgz | Bin 0 -> 561 bytes .../rancher-kiali-server-crd-1.32.100.tgz | Bin 0 -> 612 bytes .../rancher-kube-state-metrics-2.13.101.tgz | Bin 0 -> 11613 bytes .../rancher-logging-3.6.000.tgz | Bin 0 -> 7694 bytes .../rancher-logging-3.6.001.tgz | Bin 0 -> 8488 bytes .../rancher-logging-3.8.201.tgz | Bin 0 -> 8769 bytes .../rancher-logging-3.9.000.tgz | Bin 0 -> 9660 bytes .../rancher-logging-3.9.001.tgz | Bin 0 -> 9470 bytes .../rancher-logging-3.9.002.tgz | Bin 0 -> 9717 bytes .../rancher-logging-3.9.400.tgz | Bin 0 -> 10163 bytes .../rancher-logging-crd-3.6.000.tgz | Bin 0 -> 21426 bytes .../rancher-logging-crd-3.6.001.tgz | Bin 0 -> 21372 bytes .../rancher-logging-crd-3.8.201.tgz | Bin 0 -> 24252 bytes .../rancher-logging-crd-3.9.000.tgz | Bin 0 -> 26805 bytes .../rancher-logging-crd-3.9.001.tgz | Bin 0 -> 26805 bytes .../rancher-logging-crd-3.9.002.tgz | Bin 0 -> 26805 bytes .../rancher-logging-crd-3.9.400.tgz | Bin 0 -> 36671 bytes .../rancher-monitoring-14.5.100.tgz | Bin 0 -> 278414 bytes .../rancher-monitoring-9.4.200.tgz | Bin 0 -> 220129 bytes .../rancher-monitoring-9.4.201.tgz | Bin 0 -> 221201 bytes .../rancher-monitoring-9.4.202.tgz | Bin 0 -> 217389 bytes .../rancher-monitoring-9.4.203.tgz | Bin 0 -> 233970 bytes .../rancher-monitoring-9.4.204.tgz | Bin 0 -> 253587 bytes .../rancher-monitoring-crd-14.5.100.tgz | Bin 0 -> 116441 bytes .../rancher-monitoring-crd-9.4.200.tgz | Bin 0 -> 113776 bytes .../rancher-monitoring-crd-9.4.201.tgz | Bin 0 -> 113735 bytes .../rancher-monitoring-crd-9.4.202.tgz | Bin 0 -> 113958 bytes .../rancher-monitoring-crd-9.4.203.tgz | Bin 0 -> 113953 bytes .../rancher-monitoring-crd-9.4.204.tgz | Bin 0 -> 114192 bytes .../rancher-node-exporter-1.16.201.tgz | Bin 0 -> 6668 bytes .../rancher-operator-crd-0.1.000.tgz | Bin 0 -> 7035 bytes .../rancher-operator-crd-0.1.100.tgz | Bin 0 -> 7033 bytes .../rancher-operator-crd-0.1.200.tgz | Bin 0 -> 7039 bytes .../rancher-operator-crd-0.1.300.tgz | Bin 0 -> 8634 bytes .../rancher-operator-crd-0.1.400.tgz | Bin 0 -> 8647 bytes .../rancher-operator-0.1.000.tgz | Bin 0 -> 1085 bytes .../rancher-operator-0.1.100.tgz | Bin 0 -> 1115 bytes .../rancher-operator-0.1.200.tgz | Bin 0 -> 1088 bytes .../rancher-operator-0.1.300.tgz | Bin 0 -> 1087 bytes .../rancher-operator-0.1.400.tgz | Bin 0 -> 1091 bytes .../rancher-prom2teams-0.2.000.tgz | Bin 0 -> 4289 bytes .../rancher-prometheus-adapter-2.12.101.tgz | Bin 0 -> 8358 bytes .../rancher-pushprox-0.1.0.tgz | Bin 0 -> 5934 bytes .../rancher-pushprox-0.1.1.tgz | Bin 0 -> 5926 bytes .../rancher-pushprox-0.1.2.tgz | Bin 0 -> 6095 bytes .../rancher-pushprox-0.1.201.tgz | Bin 0 -> 6104 bytes .../rancher-pushprox-0.1.300.tgz | Bin 0 -> 6318 bytes .../rancher-sachet/rancher-sachet-1.0.100.tgz | Bin 0 -> 3512 bytes .../rancher-tracing-1.20.001.tgz | Bin 0 -> 3268 bytes .../rancher-tracing-1.20.002.tgz | Bin 0 -> 3273 bytes .../rancher-tracing-1.20.100.tgz | Bin 0 -> 3691 bytes .../rancher-vsphere-cpi-1.0.000.tgz | Bin 0 -> 3594 bytes .../rancher-vsphere-csi-2.1.000.tgz | Bin 0 -> 5776 bytes .../rancher-webhook-0.1.0-beta500.tgz | Bin 0 -> 1224 bytes .../rancher-webhook-0.1.0-beta700.tgz | Bin 0 -> 1229 bytes .../rancher-webhook-0.1.0-beta900.tgz | Bin 0 -> 1215 bytes .../rancher-webhook-0.1.0-beta901.tgz | Bin 0 -> 1211 bytes .../rancher-webhook-0.1.000.tgz | Bin 0 -> 1213 bytes .../rancher-windows-exporter-0.1.000.tgz | Bin 0 -> 4955 bytes .../rancher-wins-upgrader-0.0.100.tgz | Bin 0 -> 5726 bytes released/assets/rio/rio-0.8.000.tgz | Bin 0 -> 3663 bytes released/assets/rio/rio-0.8.001.tgz | Bin 0 -> 3645 bytes released/charts/README.md | 3 + .../fleet-agent/0.3.000/Chart.yaml | 12 + .../0.3.000/templates/_helpers.tpl | 7 + .../0.3.000/templates/configmap.yaml | 12 + .../0.3.000/templates/deployment.yaml | 22 + .../templates/network_policy_allow_all.yaml | 15 + .../patch_default_serviceaccount.yaml | 20 + .../fleet-agent/0.3.000/templates/rbac.yaml | 25 + .../fleet-agent/0.3.000/templates/secret.yaml | 10 + .../0.3.000/templates/serviceaccount.yaml | 4 + .../0.3.000/templates/validate.yaml | 11 + .../fleet-agent/0.3.000/values.yaml | 39 + .../fleet-agent/0.3.100/Chart.yaml | 12 + .../0.3.100/templates/_helpers.tpl | 7 + .../0.3.100/templates/configmap.yaml | 12 + .../0.3.100/templates/deployment.yaml | 22 + .../templates/network_policy_allow_all.yaml | 15 + .../patch_default_serviceaccount.yaml | 20 + .../fleet-agent/0.3.100/templates/rbac.yaml | 25 + .../fleet-agent/0.3.100/templates/secret.yaml | 10 + .../0.3.100/templates/serviceaccount.yaml | 4 + .../0.3.100/templates/validate.yaml | 11 + .../fleet-agent/0.3.100/values.yaml | 39 + .../fleet-agent/0.3.200/Chart.yaml | 12 + .../0.3.200/templates/_helpers.tpl | 7 + .../0.3.200/templates/configmap.yaml | 12 + .../0.3.200/templates/deployment.yaml | 22 + .../templates/network_policy_allow_all.yaml | 15 + .../patch_default_serviceaccount.yaml | 20 + .../fleet-agent/0.3.200/templates/rbac.yaml | 25 + .../fleet-agent/0.3.200/templates/secret.yaml | 10 + .../0.3.200/templates/serviceaccount.yaml | 4 + .../0.3.200/templates/validate.yaml | 11 + .../fleet-agent/0.3.200/values.yaml | 39 + .../fleet-agent/0.3.300/Chart.yaml | 12 + .../0.3.300/templates/_helpers.tpl | 7 + .../0.3.300/templates/configmap.yaml | 12 + .../0.3.300/templates/deployment.yaml | 22 + .../templates/network_policy_allow_all.yaml | 15 + .../patch_default_serviceaccount.yaml | 20 + .../fleet-agent/0.3.300/templates/rbac.yaml | 25 + .../fleet-agent/0.3.300/templates/secret.yaml | 10 + .../0.3.300/templates/serviceaccount.yaml | 4 + .../0.3.300/templates/validate.yaml | 11 + .../fleet-agent/0.3.300/values.yaml | 39 + .../fleet-agent/0.3.400/Chart.yaml | 12 + .../0.3.400/templates/_helpers.tpl | 7 + .../0.3.400/templates/configmap.yaml | 12 + .../0.3.400/templates/deployment.yaml | 30 + .../templates/network_policy_allow_all.yaml | 15 + .../patch_default_serviceaccount.yaml | 28 + .../fleet-agent/0.3.400/templates/rbac.yaml | 25 + .../fleet-agent/0.3.400/templates/secret.yaml | 10 + .../0.3.400/templates/serviceaccount.yaml | 4 + .../0.3.400/templates/validate.yaml | 11 + .../fleet-agent/0.3.400/values.yaml | 52 + .../fleet-agent/0.3.500/Chart.yaml | 12 + .../0.3.500/templates/_helpers.tpl | 7 + .../0.3.500/templates/configmap.yaml | 12 + .../0.3.500/templates/deployment.yaml | 30 + .../templates/network_policy_allow_all.yaml | 15 + .../patch_default_serviceaccount.yaml | 28 + .../fleet-agent/0.3.500/templates/rbac.yaml | 25 + .../fleet-agent/0.3.500/templates/secret.yaml | 10 + .../0.3.500/templates/serviceaccount.yaml | 4 + .../0.3.500/templates/validate.yaml | 11 + .../fleet-agent/0.3.500/values.yaml | 56 + .../fleet-crd/fleet-crd/0.3.000/Chart.yaml | 11 + .../fleet-crd/0.3.000/templates/crds.yaml | 2143 +++++ .../0.3.000/templates/gitjobs-crds.yaml | 3208 ++++++++ .../fleet-crd/fleet-crd/0.3.100/Chart.yaml | 11 + .../fleet-crd/0.3.100/templates/crds.yaml | 2143 +++++ .../0.3.100/templates/gitjobs-crds.yaml | 3208 ++++++++ .../fleet-crd/fleet-crd/0.3.200/Chart.yaml | 12 + .../fleet-crd/0.3.200/templates/crds.yaml | 2168 +++++ .../0.3.200/templates/gitjobs-crds.yaml | 3208 ++++++++ .../fleet-crd/fleet-crd/0.3.300/Chart.yaml | 12 + .../fleet-crd/0.3.300/templates/crds.yaml | 2168 +++++ .../0.3.300/templates/gitjobs-crds.yaml | 3208 ++++++++ .../fleet-crd/fleet-crd/0.3.400/Chart.yaml | 12 + .../fleet-crd/0.3.400/templates/crds.yaml | 2275 ++++++ .../0.3.400/templates/gitjobs-crds.yaml | 3208 ++++++++ .../fleet-crd/fleet-crd/0.3.500/Chart.yaml | 12 + .../fleet-crd/0.3.500/templates/crds.yaml | 2314 ++++++ .../0.3.500/templates/gitjobs-crds.yaml | 3208 ++++++++ .../charts/fleet/fleet/0.3.000/Chart.yaml | 15 + .../fleet/0.3.000/charts/gitjob/.helmignore | 23 + .../fleet/0.3.000/charts/gitjob/Chart.yaml | 5 + .../charts/gitjob/templates/_helpers.tpl | 7 + .../charts/gitjob/templates/clusterrole.yaml | 44 + .../gitjob/templates/clusterrolebinding.yaml | 12 + .../charts/gitjob/templates/deployment.yaml | 26 + .../charts/gitjob/templates/service.yaml | 12 + .../gitjob/templates/serviceaccount.yaml | 4 + .../fleet/0.3.000/charts/gitjob/values.yaml | 11 + .../fleet/0.3.000/templates/_helpers.tpl | 7 + .../fleet/0.3.000/templates/configmap.yaml | 23 + .../fleet/0.3.000/templates/deployment.yaml | 23 + .../fleet/fleet/0.3.000/templates/rbac.yaml | 106 + .../0.3.000/templates/serviceaccount.yaml | 10 + .../charts/fleet/fleet/0.3.000/values.yaml | 38 + .../charts/fleet/fleet/0.3.100/Chart.yaml | 15 + .../fleet/0.3.100/charts/gitjob/.helmignore | 23 + .../fleet/0.3.100/charts/gitjob/Chart.yaml | 5 + .../charts/gitjob/templates/_helpers.tpl | 7 + .../charts/gitjob/templates/clusterrole.yaml | 44 + .../gitjob/templates/clusterrolebinding.yaml | 12 + .../charts/gitjob/templates/deployment.yaml | 26 + .../charts/gitjob/templates/service.yaml | 12 + .../gitjob/templates/serviceaccount.yaml | 4 + .../fleet/0.3.100/charts/gitjob/values.yaml | 11 + .../fleet/0.3.100/templates/_helpers.tpl | 7 + .../fleet/0.3.100/templates/configmap.yaml | 23 + .../fleet/0.3.100/templates/deployment.yaml | 23 + .../fleet/fleet/0.3.100/templates/rbac.yaml | 106 + .../0.3.100/templates/serviceaccount.yaml | 10 + .../charts/fleet/fleet/0.3.100/values.yaml | 38 + .../charts/fleet/fleet/0.3.200/Chart.yaml | 15 + .../fleet/0.3.200/charts/gitjob/.helmignore | 23 + .../fleet/0.3.200/charts/gitjob/Chart.yaml | 5 + .../charts/gitjob/templates/_helpers.tpl | 7 + .../charts/gitjob/templates/clusterrole.yaml | 38 + .../gitjob/templates/clusterrolebinding.yaml | 12 + .../charts/gitjob/templates/deployment.yaml | 34 + .../charts/gitjob/templates/service.yaml | 12 + .../gitjob/templates/serviceaccount.yaml | 4 + .../fleet/0.3.200/charts/gitjob/values.yaml | 17 + .../fleet/0.3.200/templates/_helpers.tpl | 7 + .../fleet/0.3.200/templates/configmap.yaml | 23 + .../fleet/0.3.200/templates/deployment.yaml | 23 + .../fleet/fleet/0.3.200/templates/rbac.yaml | 106 + .../0.3.200/templates/serviceaccount.yaml | 10 + .../charts/fleet/fleet/0.3.200/values.yaml | 38 + .../charts/fleet/fleet/0.3.300/Chart.yaml | 15 + .../fleet/0.3.300/charts/gitjob/.helmignore | 23 + .../fleet/0.3.300/charts/gitjob/Chart.yaml | 5 + .../charts/gitjob/templates/_helpers.tpl | 7 + .../charts/gitjob/templates/clusterrole.yaml | 38 + .../gitjob/templates/clusterrolebinding.yaml | 12 + .../charts/gitjob/templates/deployment.yaml | 34 + .../charts/gitjob/templates/service.yaml | 12 + .../gitjob/templates/serviceaccount.yaml | 4 + .../fleet/0.3.300/charts/gitjob/values.yaml | 17 + .../fleet/0.3.300/templates/_helpers.tpl | 7 + .../fleet/0.3.300/templates/configmap.yaml | 23 + .../fleet/0.3.300/templates/deployment.yaml | 23 + .../fleet/fleet/0.3.300/templates/rbac.yaml | 106 + .../0.3.300/templates/serviceaccount.yaml | 10 + .../charts/fleet/fleet/0.3.300/values.yaml | 38 + .../charts/fleet/fleet/0.3.400/Chart.yaml | 15 + .../fleet/0.3.400/charts/gitjob/.helmignore | 23 + .../fleet/0.3.400/charts/gitjob/Chart.yaml | 5 + .../charts/gitjob/templates/_helpers.tpl | 7 + .../charts/gitjob/templates/clusterrole.yaml | 38 + .../gitjob/templates/clusterrolebinding.yaml | 12 + .../charts/gitjob/templates/deployment.yaml | 42 + .../charts/gitjob/templates/service.yaml | 12 + .../gitjob/templates/serviceaccount.yaml | 4 + .../fleet/0.3.400/charts/gitjob/values.yaml | 26 + .../fleet/0.3.400/templates/_helpers.tpl | 7 + .../fleet/0.3.400/templates/configmap.yaml | 23 + .../fleet/0.3.400/templates/deployment.yaml | 31 + .../fleet/fleet/0.3.400/templates/rbac.yaml | 106 + .../0.3.400/templates/serviceaccount.yaml | 10 + .../charts/fleet/fleet/0.3.400/values.yaml | 47 + .../charts/fleet/fleet/0.3.500/Chart.yaml | 15 + .../fleet/0.3.500/charts/gitjob/.helmignore | 23 + .../fleet/0.3.500/charts/gitjob/Chart.yaml | 5 + .../charts/gitjob/templates/_helpers.tpl | 7 + .../charts/gitjob/templates/clusterrole.yaml | 38 + .../gitjob/templates/clusterrolebinding.yaml | 12 + .../charts/gitjob/templates/deployment.yaml | 42 + .../charts/gitjob/templates/service.yaml | 12 + .../gitjob/templates/serviceaccount.yaml | 4 + .../fleet/0.3.500/charts/gitjob/values.yaml | 26 + .../fleet/0.3.500/templates/_helpers.tpl | 7 + .../fleet/0.3.500/templates/configmap.yaml | 23 + .../fleet/0.3.500/templates/deployment.yaml | 31 + .../fleet/fleet/0.3.500/templates/rbac.yaml | 106 + .../0.3.500/templates/serviceaccount.yaml | 10 + .../charts/fleet/fleet/0.3.500/values.yaml | 47 + .../longhorn/longhorn-crd/1.0.200/Chart.yaml | 10 + .../longhorn/longhorn-crd/1.0.200/README.md | 2 + .../longhorn-crd/1.0.200/templates/crds.yaml | 172 + .../longhorn/longhorn-crd/1.0.201/Chart.yaml | 10 + .../longhorn/longhorn-crd/1.0.201/README.md | 2 + .../longhorn-crd/1.0.201/templates/crds.yaml | 172 + .../longhorn/longhorn-crd/1.1.000/Chart.yaml | 10 + .../longhorn/longhorn-crd/1.1.000/README.md | 2 + .../longhorn-crd/1.1.000/templates/crds.yaml | 420 + .../longhorn/longhorn-crd/1.1.001/Chart.yaml | 10 + .../longhorn/longhorn-crd/1.1.001/README.md | 2 + .../longhorn-crd/1.1.001/templates/crds.yaml | 420 + .../longhorn/longhorn/1.0.200/.helmignore | 21 + .../longhorn/longhorn/1.0.200/Chart.yaml | 35 + .../longhorn/longhorn/1.0.200/README.md | 49 + .../longhorn/longhorn/1.0.200/app-readme.md | 11 + .../longhorn/longhorn/1.0.200/questions.yml | 346 + .../longhorn/1.0.200/templates/NOTES.txt | 5 + .../longhorn/1.0.200/templates/_helpers.tpl | 47 + .../1.0.200/templates/clusterrole.yaml | 40 + .../1.0.200/templates/clusterrolebinding.yaml | 13 + .../1.0.200/templates/daemonset-sa.yaml | 112 + .../1.0.200/templates/default-setting.yaml | 28 + .../1.0.200/templates/deployment-driver.yaml | 84 + .../1.0.200/templates/deployment-ui.yaml | 61 + .../longhorn/1.0.200/templates/ingress.yaml | 30 + .../1.0.200/templates/postupgrade-job.yaml | 35 + .../longhorn/1.0.200/templates/psp.yaml | 66 + .../1.0.200/templates/registry-secret.yml | 10 + .../1.0.200/templates/serviceaccount.yaml | 6 + .../1.0.200/templates/storageclass.yaml | 14 + .../1.0.200/templates/tls-secrets.yaml | 15 + .../1.0.200/templates/uninstall-job.yaml | 36 + .../longhorn/1.0.200/templates/userroles.yaml | 35 + .../templates/validate-install-crd.yaml | 14 + .../longhorn/longhorn/1.0.200/values.yaml | 136 + .../longhorn/longhorn/1.0.201/.helmignore | 21 + .../longhorn/longhorn/1.0.201/Chart.yaml | 36 + .../longhorn/longhorn/1.0.201/README.md | 49 + .../longhorn/longhorn/1.0.201/app-readme.md | 11 + .../longhorn/longhorn/1.0.201/questions.yml | 346 + .../longhorn/1.0.201/templates/NOTES.txt | 5 + .../longhorn/1.0.201/templates/_helpers.tpl | 47 + .../1.0.201/templates/clusterrole.yaml | 40 + .../1.0.201/templates/clusterrolebinding.yaml | 13 + .../1.0.201/templates/daemonset-sa.yaml | 112 + .../1.0.201/templates/default-setting.yaml | 28 + .../1.0.201/templates/deployment-driver.yaml | 84 + .../1.0.201/templates/deployment-ui.yaml | 61 + .../longhorn/1.0.201/templates/ingress.yaml | 30 + .../1.0.201/templates/postupgrade-job.yaml | 35 + .../longhorn/1.0.201/templates/psp.yaml | 66 + .../1.0.201/templates/registry-secret.yml | 10 + .../1.0.201/templates/serviceaccount.yaml | 6 + .../1.0.201/templates/storageclass.yaml | 14 + .../1.0.201/templates/tls-secrets.yaml | 15 + .../1.0.201/templates/uninstall-job.yaml | 36 + .../longhorn/1.0.201/templates/userroles.yaml | 35 + .../templates/validate-install-crd.yaml | 14 + .../longhorn/longhorn/1.0.201/values.yaml | 136 + .../longhorn/longhorn/1.1.000/.helmignore | 21 + .../longhorn/longhorn/1.1.000/Chart.yaml | 37 + .../longhorn/longhorn/1.1.000/README.md | 32 + .../longhorn/longhorn/1.1.000/app-readme.md | 11 + .../longhorn/longhorn/1.1.000/questions.yml | 512 ++ .../longhorn/1.1.000/templates/NOTES.txt | 5 + .../longhorn/1.1.000/templates/_helpers.tpl | 66 + .../1.1.000/templates/clusterrole.yaml | 47 + .../1.1.000/templates/clusterrolebinding.yaml | 13 + .../1.1.000/templates/daemonset-sa.yaml | 114 + .../1.1.000/templates/default-setting.yaml | 38 + .../1.1.000/templates/deployment-driver.yaml | 93 + .../1.1.000/templates/deployment-ui.yaml | 61 + .../longhorn/1.1.000/templates/ingress.yaml | 31 + .../1.1.000/templates/postupgrade-job.yaml | 35 + .../longhorn/1.1.000/templates/psp.yaml | 66 + .../1.1.000/templates/registry-secret.yml | 11 + .../1.1.000/templates/serviceaccount.yaml | 6 + .../1.1.000/templates/storageclass.yaml | 26 + .../1.1.000/templates/tls-secrets.yaml | 16 + .../1.1.000/templates/uninstall-job.yaml | 36 + .../longhorn/1.1.000/templates/userroles.yaml | 38 + .../templates/validate-install-crd.yaml | 14 + .../longhorn/longhorn/1.1.000/values.yaml | 162 + .../longhorn/longhorn/1.1.001/.helmignore | 21 + .../longhorn/longhorn/1.1.001/Chart.yaml | 37 + .../longhorn/longhorn/1.1.001/README.md | 32 + .../longhorn/longhorn/1.1.001/app-readme.md | 11 + .../longhorn/longhorn/1.1.001/questions.yml | 512 ++ .../longhorn/1.1.001/templates/NOTES.txt | 5 + .../longhorn/1.1.001/templates/_helpers.tpl | 66 + .../1.1.001/templates/clusterrole.yaml | 47 + .../1.1.001/templates/clusterrolebinding.yaml | 13 + .../1.1.001/templates/daemonset-sa.yaml | 114 + .../1.1.001/templates/default-setting.yaml | 38 + .../1.1.001/templates/deployment-driver.yaml | 93 + .../1.1.001/templates/deployment-ui.yaml | 61 + .../longhorn/1.1.001/templates/ingress.yaml | 31 + .../1.1.001/templates/postupgrade-job.yaml | 35 + .../longhorn/1.1.001/templates/psp.yaml | 66 + .../1.1.001/templates/registry-secret.yml | 11 + .../1.1.001/templates/serviceaccount.yaml | 6 + .../1.1.001/templates/storageclass.yaml | 26 + .../1.1.001/templates/tls-secrets.yaml | 16 + .../1.1.001/templates/uninstall-job.yaml | 36 + .../longhorn/1.1.001/templates/userroles.yaml | 38 + .../templates/validate-install-crd.yaml | 21 + .../longhorn/longhorn/1.1.001/values.yaml | 162 + .../1.0.100/Chart.yaml | 21 + .../1.0.100/app-readme.md | 11 + .../1.0.100/charts/prom2teams/.helmignore | 22 + .../1.0.100/charts/prom2teams/Chart.yaml | 10 + .../1.0.100/charts/prom2teams/files/teams.j2 | 44 + .../charts/prom2teams/templates/NOTES.txt | 2 + .../charts/prom2teams/templates/_helpers.tpl | 73 + .../prom2teams/templates/configmap.yaml | 39 + .../prom2teams/templates/deployment.yaml | 77 + .../charts/prom2teams/templates/psp.yaml | 28 + .../charts/prom2teams/templates/role.yaml | 15 + .../prom2teams/templates/rolebinding.yaml | 13 + .../prom2teams/templates/service-account.yaml | 6 + .../charts/prom2teams/templates/service.yaml | 17 + .../1.0.100/charts/prom2teams/values.yaml | 62 + .../1.0.100/charts/sachet/.helmignore | 23 + .../1.0.100/charts/sachet/Chart.yaml | 11 + .../1.0.100/charts/sachet/files/template.tmpl | 1 + .../1.0.100/charts/sachet/templates/NOTES.txt | 3 + .../charts/sachet/templates/_helpers.tpl | 79 + .../templates/configmap-pre-install.yaml | 21 + .../charts/sachet/templates/deployment.yaml | 75 + .../1.0.100/charts/sachet/templates/psp.yaml | 28 + .../1.0.100/charts/sachet/templates/role.yaml | 15 + .../charts/sachet/templates/rolebinding.yaml | 13 + .../sachet/templates/service-account.yaml | 6 + .../charts/sachet/templates/service.yaml | 17 + .../1.0.100/charts/sachet/values.yaml | 63 + .../1.0.100/questions.yml | 14 + .../1.0.100/templates/NOTES.txt | 2 + .../1.0.100/templates/_helpers.tpl | 91 + .../1.0.100/templates/cluster-role.yaml | 50 + .../1.0.100/values.yaml | 17 + .../rancher-backup-crd/1.0.400/Chart.yaml | 11 + .../rancher-backup-crd/1.0.400/README.md | 3 + .../1.0.400/templates/backup.yaml | 119 + .../1.0.400/templates/resourceset.yaml | 94 + .../1.0.400/templates/restore.yaml | 102 + .../rancher-backup-crd/1.0.200/Chart.yaml | 10 + .../rancher-backup-crd/1.0.200/README.md | 2 + .../1.0.200/templates/backup.yaml | 119 + .../1.0.200/templates/resourceset.yaml | 94 + .../1.0.200/templates/restore.yaml | 102 + .../rancher-backup-crd/1.0.201/Chart.yaml | 10 + .../rancher-backup-crd/1.0.201/README.md | 2 + .../1.0.201/templates/backup.yaml | 119 + .../1.0.201/templates/resourceset.yaml | 94 + .../1.0.201/templates/restore.yaml | 102 + .../rancher-backup-crd/1.0.300/Chart.yaml | 10 + .../rancher-backup-crd/1.0.300/README.md | 2 + .../1.0.300/templates/backup.yaml | 119 + .../1.0.300/templates/resourceset.yaml | 94 + .../1.0.300/templates/restore.yaml | 102 + .../rancher-backup-crd/1.0.301/Chart.yaml | 10 + .../rancher-backup-crd/1.0.301/README.md | 2 + .../1.0.301/templates/backup.yaml | 119 + .../1.0.301/templates/resourceset.yaml | 94 + .../1.0.301/templates/restore.yaml | 102 + .../rancher-backup/1.0.200/Chart.yaml | 19 + .../rancher-backup/1.0.200/README.md | 69 + .../1.0.200/templates/_helpers.tpl | 76 + .../1.0.200/templates/clusterrolebinding.yaml | 14 + .../1.0.200/templates/deployment.yaml | 59 + .../rancher-backup/1.0.200/templates/pvc.yaml | 27 + .../templates/rancher-resourceset.yaml | 62 + .../1.0.200/templates/s3-secret.yaml | 31 + .../1.0.200/templates/serviceaccount.yaml | 7 + .../templates/validate-install-crd.yaml | 16 + .../rancher-backup/1.0.200/values.yaml | 49 + .../rancher-backup/1.0.201/Chart.yaml | 20 + .../rancher-backup/1.0.201/README.md | 69 + .../rancher-backup/1.0.201/app-readme.md | 15 + .../1.0.201/templates/_helpers.tpl | 76 + .../1.0.201/templates/clusterrolebinding.yaml | 14 + .../1.0.201/templates/deployment.yaml | 59 + .../rancher-backup/1.0.201/templates/pvc.yaml | 27 + .../templates/rancher-resourceset.yaml | 62 + .../1.0.201/templates/s3-secret.yaml | 31 + .../1.0.201/templates/serviceaccount.yaml | 7 + .../templates/validate-install-crd.yaml | 16 + .../rancher-backup/1.0.201/values.yaml | 49 + .../rancher-backup/1.0.300/Chart.yaml | 20 + .../rancher-backup/1.0.300/README.md | 69 + .../rancher-backup/1.0.300/app-readme.md | 15 + .../1.0.300/templates/_helpers.tpl | 76 + .../1.0.300/templates/clusterrolebinding.yaml | 14 + .../1.0.300/templates/deployment.yaml | 59 + .../rancher-backup/1.0.300/templates/pvc.yaml | 27 + .../templates/rancher-resourceset.yaml | 62 + .../1.0.300/templates/s3-secret.yaml | 31 + .../1.0.300/templates/serviceaccount.yaml | 7 + .../templates/validate-install-crd.yaml | 16 + .../rancher-backup/1.0.300/values.yaml | 49 + .../rancher-backup/1.0.301/Chart.yaml | 20 + .../rancher-backup/1.0.301/README.md | 69 + .../rancher-backup/1.0.301/app-readme.md | 15 + .../1.0.301/templates/_helpers.tpl | 76 + .../1.0.301/templates/clusterrolebinding.yaml | 14 + .../1.0.301/templates/deployment.yaml | 59 + .../rancher-backup/1.0.301/templates/pvc.yaml | 27 + .../templates/rancher-resourceset.yaml | 62 + .../1.0.301/templates/s3-secret.yaml | 31 + .../1.0.301/templates/serviceaccount.yaml | 7 + .../templates/validate-install-crd.yaml | 16 + .../rancher-backup/1.0.301/values.yaml | 49 + .../rancher-backup/1.0.400/Chart.yaml | 20 + .../rancher-backup/1.0.400/README.md | 69 + .../rancher-backup/1.0.400/app-readme.md | 15 + .../default-resourceset-contents/eks.yaml | 17 + .../default-resourceset-contents/fleet.yaml | 49 + .../default-resourceset-contents/gke.yaml | 17 + .../rancher-operator.yaml | 27 + .../default-resourceset-contents/rancher.yaml | 44 + .../1.0.400/templates/_helpers.tpl | 76 + .../1.0.400/templates/clusterrolebinding.yaml | 14 + .../1.0.400/templates/deployment.yaml | 59 + .../rancher-backup/1.0.400/templates/pvc.yaml | 27 + .../templates/rancher-resourceset.yaml | 13 + .../1.0.400/templates/s3-secret.yaml | 31 + .../1.0.400/templates/serviceaccount.yaml | 7 + .../templates/validate-install-crd.yaml | 16 + .../rancher-backup/1.0.400/values.yaml | 49 + .../1.0.100/Chart.yaml | 10 + .../1.0.100/README.md | 2 + .../1.0.100/templates/clusterscan.yaml | 112 + .../templates/clusterscanbenchmark.yaml | 49 + .../1.0.100/templates/clusterscanprofile.yaml | 37 + .../1.0.100/templates/clusterscanreport.yaml | 40 + .../1.0.200/Chart.yaml | 10 + .../1.0.200/README.md | 2 + .../1.0.200/templates/clusterscan.yaml | 112 + .../templates/clusterscanbenchmark.yaml | 49 + .../1.0.200/templates/clusterscanprofile.yaml | 37 + .../1.0.200/templates/clusterscanreport.yaml | 40 + .../1.0.300/Chart.yaml | 10 + .../1.0.300/README.md | 2 + .../1.0.300/templates/clusterscan.yaml | 149 + .../templates/clusterscanbenchmark.yaml | 55 + .../1.0.300/templates/clusterscanprofile.yaml | 37 + .../1.0.300/templates/clusterscanreport.yaml | 40 + .../1.0.301/Chart.yaml | 10 + .../1.0.301/README.md | 2 + .../1.0.301/templates/clusterscan.yaml | 149 + .../templates/clusterscanbenchmark.yaml | 55 + .../1.0.301/templates/clusterscanprofile.yaml | 37 + .../1.0.301/templates/clusterscanreport.yaml | 40 + .../1.0.400/Chart.yaml | 10 + .../1.0.400/README.md | 2 + .../1.0.400/templates/clusterscan.yaml | 149 + .../templates/clusterscanbenchmark.yaml | 55 + .../1.0.400/templates/clusterscanprofile.yaml | 37 + .../1.0.400/templates/clusterscanreport.yaml | 40 + .../1.0.402/Chart.yaml | 10 + .../1.0.402/README.md | 2 + .../1.0.402/templates/clusterscan.yaml | 149 + .../templates/clusterscanbenchmark.yaml | 55 + .../1.0.402/templates/clusterscanprofile.yaml | 37 + .../1.0.402/templates/clusterscanreport.yaml | 40 + .../rancher-cis-benchmark/1.0.100/Chart.yaml | 17 + .../rancher-cis-benchmark/1.0.100/README.md | 9 + .../1.0.100/templates/_helpers.tpl | 23 + .../1.0.100/templates/benchmark-cis-1.5.yaml | 8 + .../1.0.100/templates/benchmark-eks-1.0.yaml | 8 + .../1.0.100/templates/benchmark-gke-1.0.yaml | 8 + .../benchmark-rke-cis-1.5-hardened.yaml | 8 + .../benchmark-rke-cis-1.5-permissive.yaml | 8 + .../1.0.100/templates/cis-roles.yaml | 51 + .../1.0.100/templates/configmap.yaml | 11 + .../1.0.100/templates/deployment.yaml | 46 + .../templates/network_policy_allow_all.yaml | 15 + .../patch_default_serviceaccount.yaml | 20 + .../1.0.100/templates/rbac.yaml | 43 + .../1.0.100/templates/scanprofile-cis-1.5.yml | 9 + .../templates/scanprofile-rke-hardened.yml | 9 + .../templates/scanprofile-rke-permissive.yml | 9 + .../1.0.100/templates/scanprofileeks.yml | 9 + .../1.0.100/templates/scanprofilegke.yml | 9 + .../1.0.100/templates/serviceaccount.yaml | 14 + .../templates/validate-install-crd.yaml | 17 + .../rancher-cis-benchmark/1.0.100/values.yaml | 39 + .../rancher-cis-benchmark/1.0.200/Chart.yaml | 18 + .../rancher-cis-benchmark/1.0.200/README.md | 9 + .../1.0.200/app-readme.md | 12 + .../1.0.200/templates/_helpers.tpl | 23 + .../1.0.200/templates/benchmark-cis-1.5.yaml | 8 + .../1.0.200/templates/benchmark-eks-1.0.yaml | 8 + .../1.0.200/templates/benchmark-gke-1.0.yaml | 8 + .../benchmark-rke-cis-1.5-hardened.yaml | 8 + .../benchmark-rke-cis-1.5-permissive.yaml | 8 + .../1.0.200/templates/cis-roles.yaml | 28 + .../1.0.200/templates/configmap.yaml | 11 + .../1.0.200/templates/deployment.yaml | 46 + .../templates/network_policy_allow_all.yaml | 15 + .../patch_default_serviceaccount.yaml | 20 + .../1.0.200/templates/rbac.yaml | 43 + .../1.0.200/templates/scanprofile-cis-1.5.yml | 9 + .../templates/scanprofile-rke-hardened.yml | 9 + .../templates/scanprofile-rke-permissive.yml | 9 + .../1.0.200/templates/scanprofileeks.yml | 9 + .../1.0.200/templates/scanprofilegke.yml | 9 + .../1.0.200/templates/serviceaccount.yaml | 14 + .../templates/validate-install-crd.yaml | 17 + .../rancher-cis-benchmark/1.0.200/values.yaml | 39 + .../rancher-cis-benchmark/1.0.300/Chart.yaml | 18 + .../rancher-cis-benchmark/1.0.300/README.md | 9 + .../1.0.300/app-readme.md | 15 + .../1.0.300/templates/_helpers.tpl | 23 + .../1.0.300/templates/alertingrule.yaml | 14 + .../1.0.300/templates/benchmark-cis-1.5.yaml | 8 + .../1.0.300/templates/benchmark-cis-1.6.yaml | 8 + .../1.0.300/templates/benchmark-eks-1.0.yaml | 8 + .../1.0.300/templates/benchmark-gke-1.0.yaml | 8 + .../benchmark-rke-cis-1.5-hardened.yaml | 8 + .../benchmark-rke-cis-1.5-permissive.yaml | 8 + .../benchmark-rke-cis-1.6-hardened.yaml | 8 + .../benchmark-rke-cis-1.6-permissive.yaml | 8 + .../benchmark-rke2-cis-1.5-hardened.yaml | 8 + .../benchmark-rke2-cis-1.5-permissive.yaml | 8 + .../1.0.300/templates/cis-roles.yaml | 49 + .../1.0.300/templates/configmap.yaml | 14 + .../1.0.300/templates/deployment.yaml | 57 + .../templates/network_policy_allow_all.yaml | 15 + .../patch_default_serviceaccount.yaml | 20 + .../1.0.300/templates/rbac.yaml | 43 + .../1.0.300/templates/scanprofile-cis-1.5.yml | 9 + .../templates/scanprofile-cis-1.6.yaml | 9 + .../scanprofile-rke-1.5-hardened.yml | 9 + .../scanprofile-rke-1.5-permissive.yml | 9 + .../scanprofile-rke-1.6-hardened.yaml | 9 + .../scanprofile-rke-1.6-permissive.yaml | 9 + .../scanprofile-rke2-cis-1.5-hardened.yml | 9 + .../scanprofile-rke2-cis-1.5-permissive.yml | 9 + .../1.0.300/templates/scanprofileeks.yml | 9 + .../1.0.300/templates/scanprofilegke.yml | 9 + .../1.0.300/templates/serviceaccount.yaml | 14 + .../templates/validate-install-crd.yaml | 17 + .../rancher-cis-benchmark/1.0.300/values.yaml | 45 + .../rancher-cis-benchmark/1.0.301/Chart.yaml | 18 + .../rancher-cis-benchmark/1.0.301/README.md | 9 + .../1.0.301/app-readme.md | 15 + .../1.0.301/templates/_helpers.tpl | 23 + .../1.0.301/templates/alertingrule.yaml | 14 + .../1.0.301/templates/benchmark-cis-1.5.yaml | 8 + .../1.0.301/templates/benchmark-cis-1.6.yaml | 8 + .../1.0.301/templates/benchmark-eks-1.0.yaml | 8 + .../1.0.301/templates/benchmark-gke-1.0.yaml | 8 + .../benchmark-rke-cis-1.5-hardened.yaml | 8 + .../benchmark-rke-cis-1.5-permissive.yaml | 8 + .../benchmark-rke-cis-1.6-hardened.yaml | 8 + .../benchmark-rke-cis-1.6-permissive.yaml | 8 + .../benchmark-rke2-cis-1.5-hardened.yaml | 8 + .../benchmark-rke2-cis-1.5-permissive.yaml | 8 + .../1.0.301/templates/cis-roles.yaml | 49 + .../1.0.301/templates/configmap.yaml | 14 + .../1.0.301/templates/deployment.yaml | 57 + .../templates/network_policy_allow_all.yaml | 15 + .../patch_default_serviceaccount.yaml | 20 + .../1.0.301/templates/rbac.yaml | 43 + .../1.0.301/templates/scanprofile-cis-1.5.yml | 9 + .../templates/scanprofile-cis-1.6.yaml | 9 + .../scanprofile-rke-1.5-hardened.yml | 9 + .../scanprofile-rke-1.5-permissive.yml | 9 + .../scanprofile-rke-1.6-hardened.yaml | 9 + .../scanprofile-rke-1.6-permissive.yaml | 9 + .../scanprofile-rke2-cis-1.5-hardened.yml | 9 + .../scanprofile-rke2-cis-1.5-permissive.yml | 9 + .../1.0.301/templates/scanprofileeks.yml | 9 + .../1.0.301/templates/scanprofilegke.yml | 9 + .../1.0.301/templates/serviceaccount.yaml | 14 + .../templates/validate-install-crd.yaml | 17 + .../rancher-cis-benchmark/1.0.301/values.yaml | 45 + .../rancher-cis-benchmark/1.0.400/Chart.yaml | 18 + .../rancher-cis-benchmark/1.0.400/README.md | 9 + .../1.0.400/app-readme.md | 15 + .../1.0.400/templates/_helpers.tpl | 23 + .../1.0.400/templates/alertingrule.yaml | 14 + .../1.0.400/templates/benchmark-cis-1.5.yaml | 8 + .../1.0.400/templates/benchmark-cis-1.6.yaml | 8 + .../1.0.400/templates/benchmark-eks-1.0.yaml | 8 + .../1.0.400/templates/benchmark-gke-1.0.yaml | 8 + .../benchmark-rke-cis-1.5-hardened.yaml | 8 + .../benchmark-rke-cis-1.5-permissive.yaml | 8 + .../benchmark-rke-cis-1.6-hardened.yaml | 8 + .../benchmark-rke-cis-1.6-permissive.yaml | 8 + .../benchmark-rke2-cis-1.5-hardened.yaml | 8 + .../benchmark-rke2-cis-1.5-permissive.yaml | 8 + .../benchmark-rke2-cis-1.6-hardened.yaml | 8 + .../benchmark-rke2-cis-1.6-permissive.yaml | 8 + .../1.0.400/templates/cis-roles.yaml | 49 + .../1.0.400/templates/configmap.yaml | 16 + .../1.0.400/templates/deployment.yaml | 57 + .../templates/network_policy_allow_all.yaml | 15 + .../patch_default_serviceaccount.yaml | 20 + .../1.0.400/templates/rbac.yaml | 43 + .../1.0.400/templates/scanprofile-cis-1.5.yml | 9 + .../templates/scanprofile-cis-1.6.yaml | 9 + .../scanprofile-rke-1.5-hardened.yml | 9 + .../scanprofile-rke-1.5-permissive.yml | 9 + .../scanprofile-rke-1.6-hardened.yaml | 9 + .../scanprofile-rke-1.6-permissive.yaml | 9 + .../scanprofile-rke2-cis-1.5-hardened.yml | 9 + .../scanprofile-rke2-cis-1.5-permissive.yml | 9 + .../scanprofile-rke2-cis-1.6-hardened.yml | 9 + .../scanprofile-rke2-cis-1.6-permissive.yml | 9 + .../1.0.400/templates/scanprofileeks.yml | 9 + .../1.0.400/templates/scanprofilegke.yml | 9 + .../1.0.400/templates/serviceaccount.yaml | 14 + .../templates/validate-install-crd.yaml | 17 + .../rancher-cis-benchmark/1.0.400/values.yaml | 45 + .../rancher-cis-benchmark/1.0.402/Chart.yaml | 18 + .../rancher-cis-benchmark/1.0.402/README.md | 9 + .../1.0.402/app-readme.md | 15 + .../1.0.402/templates/_helpers.tpl | 23 + .../1.0.402/templates/alertingrule.yaml | 14 + .../1.0.402/templates/benchmark-cis-1.5.yaml | 8 + .../1.0.402/templates/benchmark-cis-1.6.yaml | 8 + .../1.0.402/templates/benchmark-eks-1.0.yaml | 8 + .../1.0.402/templates/benchmark-gke-1.0.yaml | 8 + .../benchmark-rke-cis-1.5-hardened.yaml | 8 + .../benchmark-rke-cis-1.5-permissive.yaml | 8 + .../benchmark-rke-cis-1.6-hardened.yaml | 8 + .../benchmark-rke-cis-1.6-permissive.yaml | 8 + .../benchmark-rke2-cis-1.5-hardened.yaml | 8 + .../benchmark-rke2-cis-1.5-permissive.yaml | 8 + .../benchmark-rke2-cis-1.6-hardened.yaml | 8 + .../benchmark-rke2-cis-1.6-permissive.yaml | 8 + .../1.0.402/templates/cis-roles.yaml | 49 + .../1.0.402/templates/configmap.yaml | 16 + .../1.0.402/templates/deployment.yaml | 57 + .../templates/network_policy_allow_all.yaml | 15 + .../patch_default_serviceaccount.yaml | 20 + .../1.0.402/templates/rbac.yaml | 43 + .../1.0.402/templates/scanprofile-cis-1.5.yml | 9 + .../templates/scanprofile-cis-1.6.yaml | 9 + .../scanprofile-rke-1.5-hardened.yml | 9 + .../scanprofile-rke-1.5-permissive.yml | 9 + .../scanprofile-rke-1.6-hardened.yaml | 9 + .../scanprofile-rke-1.6-permissive.yaml | 9 + .../scanprofile-rke2-cis-1.5-hardened.yml | 9 + .../scanprofile-rke2-cis-1.5-permissive.yml | 9 + .../scanprofile-rke2-cis-1.6-hardened.yml | 9 + .../scanprofile-rke2-cis-1.6-permissive.yml | 9 + .../1.0.402/templates/scanprofileeks.yml | 9 + .../1.0.402/templates/scanprofilegke.yml | 9 + .../1.0.402/templates/serviceaccount.yaml | 14 + .../templates/validate-install-crd.yaml | 17 + .../rancher-cis-benchmark/1.0.402/values.yaml | 45 + .../0.1.400/.helmignore | 21 + .../0.1.400/Chart.yaml | 24 + .../0.1.400/README.md | 70 + .../0.1.400/app-README.md | 9 + .../0.1.400/questions.yaml | 7 + .../0.1.400/templates/NOTES.txt | 3 + .../0.1.400/templates/_helpers.tpl | 50 + .../templates/admissionregistration.yaml | 30 + .../0.1.400/templates/clusterrole.yaml | 33 + .../0.1.400/templates/clusterrolebinding.yaml | 31 + .../0.1.400/templates/deployment.yaml | 107 + .../0.1.400/templates/issuer.yaml | 52 + .../0.1.400/templates/service.yaml | 35 + .../0.1.400/templates/serviceaccount.yaml | 7 + .../0.1.400/templates/servicemonitor.yaml | 16 + .../tests/admissionregistration_test.yaml | 32 + .../0.1.400/tests/clusterrole_test.yaml | 37 + .../tests/clusterrolebinding_test.yaml | 42 + .../0.1.400/tests/deployment_test.yaml | 202 + .../0.1.400/tests/issuer_test.yaml | 106 + .../0.1.400/tests/service_test.yaml | 69 + .../0.1.400/tests/serviceaccount_test.yaml | 9 + .../0.1.400/tests/servicemonitor_test.yaml | 20 + .../0.1.400/values.yaml | 67 + .../0.1.600/.helmignore | 21 + .../0.1.600/Chart.yaml | 24 + .../0.1.600/README.md | 69 + .../0.1.600/app-README.md | 12 + .../0.1.600/questions.yaml | 26 + .../0.1.600/templates/NOTES.txt | 3 + .../0.1.600/templates/_helpers.tpl | 50 + .../templates/admissionregistration.yaml | 30 + .../0.1.600/templates/clusterrole.yaml | 33 + .../0.1.600/templates/clusterrolebinding.yaml | 31 + .../0.1.600/templates/deployment.yaml | 107 + .../0.1.600/templates/issuer.yaml | 52 + .../0.1.600/templates/service.yaml | 35 + .../0.1.600/templates/serviceaccount.yaml | 7 + .../0.1.600/templates/servicemonitor.yaml | 16 + .../tests/admissionregistration_test.yaml | 32 + .../0.1.600/tests/clusterrole_test.yaml | 37 + .../tests/clusterrolebinding_test.yaml | 42 + .../0.1.600/tests/deployment_test.yaml | 202 + .../0.1.600/tests/issuer_test.yaml | 106 + .../0.1.600/tests/service_test.yaml | 69 + .../0.1.600/tests/serviceaccount_test.yaml | 9 + .../0.1.600/tests/servicemonitor_test.yaml | 20 + .../0.1.600/values.yaml | 67 + .../0.1.601/.helmignore | 21 + .../0.1.601/Chart.yaml | 24 + .../0.1.601/README.md | 69 + .../0.1.601/app-README.md | 12 + .../0.1.601/questions.yaml | 26 + .../0.1.601/templates/NOTES.txt | 3 + .../0.1.601/templates/_helpers.tpl | 50 + .../templates/admissionregistration.yaml | 30 + .../0.1.601/templates/clusterrole.yaml | 33 + .../0.1.601/templates/clusterrolebinding.yaml | 31 + .../0.1.601/templates/deployment.yaml | 107 + .../0.1.601/templates/issuer.yaml | 52 + .../0.1.601/templates/service.yaml | 35 + .../0.1.601/templates/serviceaccount.yaml | 7 + .../0.1.601/templates/servicemonitor.yaml | 16 + .../tests/admissionregistration_test.yaml | 32 + .../0.1.601/tests/clusterrole_test.yaml | 37 + .../tests/clusterrolebinding_test.yaml | 42 + .../0.1.601/tests/deployment_test.yaml | 202 + .../0.1.601/tests/issuer_test.yaml | 106 + .../0.1.601/tests/service_test.yaml | 69 + .../0.1.601/tests/serviceaccount_test.yaml | 9 + .../0.1.601/tests/servicemonitor_test.yaml | 20 + .../0.1.601/values.yaml | 67 + .../rancher-gatekeeper-crd/3.1.100/Chart.yaml | 11 + .../rancher-gatekeeper-crd/3.1.100/README.md | 2 + .../config-customresourcedefinition.yaml | 106 + ...intpodstatus-customresourcedefinition.yaml | 68 + ...ainttemplate-customresourcedefinition.yaml | 99 + ...atepodstatus-customresourcedefinition.yaml | 67 + .../rancher-gatekeeper-crd/3.1.101/Chart.yaml | 11 + .../rancher-gatekeeper-crd/3.1.101/README.md | 2 + .../config-customresourcedefinition.yaml | 106 + ...intpodstatus-customresourcedefinition.yaml | 68 + ...ainttemplate-customresourcedefinition.yaml | 99 + ...atepodstatus-customresourcedefinition.yaml | 67 + .../rancher-gatekeeper-crd/3.2.101/Chart.yaml | 11 + .../rancher-gatekeeper-crd/3.2.101/README.md | 2 + .../config-customresourcedefinition.yaml | 106 + ...intpodstatus-customresourcedefinition.yaml | 68 + ...ainttemplate-customresourcedefinition.yaml | 97 + ...atepodstatus-customresourcedefinition.yaml | 67 + .../3.2.101/templates/_helpers.tpl | 7 + .../3.2.101/templates/jobs.yaml | 92 + .../3.2.101/templates/manifest.yaml | 14 + .../3.2.101/templates/rbac.yaml | 72 + .../3.2.101/values.yaml | 11 + .../rancher-gatekeeper-crd/3.3.000/Chart.yaml | 10 + .../rancher-gatekeeper-crd/3.3.000/README.md | 2 + .../config-customresourcedefinition.yaml | 106 + ...intpodstatus-customresourcedefinition.yaml | 68 + ...ainttemplate-customresourcedefinition.yaml | 97 + ...atepodstatus-customresourcedefinition.yaml | 67 + .../3.3.000/templates/_helpers.tpl | 7 + .../3.3.000/templates/jobs.yaml | 92 + .../3.3.000/templates/manifest.yaml | 14 + .../3.3.000/templates/rbac.yaml | 72 + .../3.3.000/values.yaml | 11 + .../rancher-gatekeeper-crd/3.3.001/Chart.yaml | 10 + .../rancher-gatekeeper-crd/3.3.001/README.md | 2 + .../config-customresourcedefinition.yaml | 106 + ...intpodstatus-customresourcedefinition.yaml | 68 + ...ainttemplate-customresourcedefinition.yaml | 97 + ...atepodstatus-customresourcedefinition.yaml | 67 + .../3.3.001/templates/_helpers.tpl | 7 + .../3.3.001/templates/jobs.yaml | 92 + .../3.3.001/templates/manifest.yaml | 14 + .../3.3.001/templates/rbac.yaml | 72 + .../3.3.001/values.yaml | 11 + .../rancher-gatekeeper/3.1.100/.helmignore | 21 + .../rancher-gatekeeper/3.1.100/CHANGELOG.md | 15 + .../rancher-gatekeeper/3.1.100/Chart.yaml | 21 + .../rancher-gatekeeper/3.1.100/README.md | 33 + .../3.1.100/templates/_helpers.tpl | 52 + .../3.1.100/templates/allowedrepos.yaml | 35 + .../gatekeeper-admin-serviceaccount.yaml | 11 + .../gatekeeper-audit-deployment.yaml | 96 + ...ekeeper-controller-manager-deployment.yaml | 117 + .../gatekeeper-manager-role-clusterrole.yaml | 125 + .../gatekeeper-manager-role-role.yaml | 32 + ...anager-rolebinding-clusterrolebinding.yaml | 18 + ...eeper-manager-rolebinding-rolebinding.yaml | 19 + ...ration-validatingwebhookconfiguration.yaml | 58 + ...gatekeeper-webhook-server-cert-secret.yaml | 11 + .../gatekeeper-webhook-service-service.yaml | 23 + .../3.1.100/templates/requiredlabels.yaml | 57 + .../templates/validate-install-crd.yaml | 17 + .../rancher-gatekeeper/3.1.100/values.yaml | 31 + .../rancher-gatekeeper/3.1.101/.helmignore | 21 + .../rancher-gatekeeper/3.1.101/CHANGELOG.md | 15 + .../rancher-gatekeeper/3.1.101/Chart.yaml | 22 + .../rancher-gatekeeper/3.1.101/README.md | 33 + .../rancher-gatekeeper/3.1.101/app-readme.md | 14 + .../3.1.101/templates/_helpers.tpl | 52 + .../3.1.101/templates/allowedrepos.yaml | 35 + .../gatekeeper-admin-serviceaccount.yaml | 11 + .../gatekeeper-audit-deployment.yaml | 96 + ...ekeeper-controller-manager-deployment.yaml | 117 + .../gatekeeper-manager-role-clusterrole.yaml | 125 + .../gatekeeper-manager-role-role.yaml | 32 + ...anager-rolebinding-clusterrolebinding.yaml | 18 + ...eeper-manager-rolebinding-rolebinding.yaml | 19 + ...ration-validatingwebhookconfiguration.yaml | 58 + ...gatekeeper-webhook-server-cert-secret.yaml | 11 + .../gatekeeper-webhook-service-service.yaml | 23 + .../3.1.101/templates/requiredlabels.yaml | 57 + .../templates/validate-install-crd.yaml | 17 + .../rancher-gatekeeper/3.1.101/values.yaml | 31 + .../rancher-gatekeeper/3.2.101/.helmignore | 21 + .../rancher-gatekeeper/3.2.101/CHANGELOG.md | 15 + .../rancher-gatekeeper/3.2.101/Chart.yaml | 23 + .../rancher-gatekeeper/3.2.101/README.md | 33 + .../rancher-gatekeeper/3.2.101/app-readme.md | 14 + .../3.2.101/templates/_helpers.tpl | 52 + .../3.2.101/templates/allowedrepos.yaml | 35 + .../gatekeeper-admin-podsecuritypolicy.yaml | 35 + .../gatekeeper-admin-serviceaccount.yaml | 11 + .../gatekeeper-audit-deployment.yaml | 96 + ...ekeeper-controller-manager-deployment.yaml | 117 + .../gatekeeper-manager-role-clusterrole.yaml | 127 + .../gatekeeper-manager-role-role.yaml | 32 + ...anager-rolebinding-clusterrolebinding.yaml | 18 + ...eeper-manager-rolebinding-rolebinding.yaml | 19 + ...ration-validatingwebhookconfiguration.yaml | 58 + ...gatekeeper-webhook-server-cert-secret.yaml | 11 + .../gatekeeper-webhook-service-service.yaml | 23 + .../3.2.101/templates/requiredlabels.yaml | 57 + .../templates/validate-install-crd.yaml | 17 + .../rancher-gatekeeper/3.2.101/values.yaml | 40 + .../rancher-gatekeeper/3.3.000/.helmignore | 21 + .../rancher-gatekeeper/3.3.000/CHANGELOG.md | 15 + .../rancher-gatekeeper/3.3.000/Chart.yaml | 22 + .../rancher-gatekeeper/3.3.000/README.md | 39 + .../rancher-gatekeeper/3.3.000/app-readme.md | 14 + .../3.3.000/templates/_helpers.tpl | 52 + .../3.3.000/templates/allowedrepos.yaml | 35 + .../gatekeeper-admin-podsecuritypolicy.yaml | 35 + .../gatekeeper-admin-serviceaccount.yaml | 11 + .../gatekeeper-audit-deployment.yaml | 103 + ...ekeeper-controller-manager-deployment.yaml | 124 + .../gatekeeper-manager-role-clusterrole.yaml | 139 + .../gatekeeper-manager-role-role.yaml | 32 + ...anager-rolebinding-clusterrolebinding.yaml | 18 + ...eeper-manager-rolebinding-rolebinding.yaml | 19 + ...ration-validatingwebhookconfiguration.yaml | 61 + ...gatekeeper-webhook-server-cert-secret.yaml | 13 + .../gatekeeper-webhook-service-service.yaml | 23 + .../3.3.000/templates/requiredlabels.yaml | 57 + .../templates/validate-install-crd.yaml | 17 + .../rancher-gatekeeper/3.3.000/values.yaml | 60 + .../rancher-gatekeeper/3.3.001/.helmignore | 21 + .../rancher-gatekeeper/3.3.001/CHANGELOG.md | 15 + .../rancher-gatekeeper/3.3.001/Chart.yaml | 22 + .../rancher-gatekeeper/3.3.001/README.md | 39 + .../rancher-gatekeeper/3.3.001/app-readme.md | 14 + .../3.3.001/templates/_helpers.tpl | 52 + .../3.3.001/templates/allowedrepos.yaml | 35 + .../gatekeeper-admin-podsecuritypolicy.yaml | 35 + .../gatekeeper-admin-serviceaccount.yaml | 11 + .../gatekeeper-audit-deployment.yaml | 103 + ...ekeeper-controller-manager-deployment.yaml | 124 + .../gatekeeper-manager-role-clusterrole.yaml | 139 + .../gatekeeper-manager-role-role.yaml | 32 + ...anager-rolebinding-clusterrolebinding.yaml | 18 + ...eeper-manager-rolebinding-rolebinding.yaml | 19 + ...ration-validatingwebhookconfiguration.yaml | 61 + ...gatekeeper-webhook-server-cert-secret.yaml | 13 + .../gatekeeper-webhook-service-service.yaml | 23 + .../3.3.001/templates/requiredlabels.yaml | 57 + .../templates/validate-install-crd.yaml | 17 + .../rancher-gatekeeper/3.3.001/values.yaml | 60 + .../rancher-grafana/6.6.401/.helmignore | 23 + .../rancher-grafana/6.6.401/Chart.yaml | 28 + .../rancher-grafana/6.6.401/README.md | 514 ++ .../6.6.401/dashboards/custom-dashboard.json | 1 + .../6.6.401/templates/NOTES.txt | 54 + .../6.6.401/templates/_helpers.tpl | 145 + .../6.6.401/templates/_pod.tpl | 496 ++ .../6.6.401/templates/clusterrole.yaml | 25 + .../6.6.401/templates/clusterrolebinding.yaml | 24 + .../configmap-dashboard-provider.yaml | 29 + .../6.6.401/templates/configmap.yaml | 80 + .../templates/dashboards-json-configmap.yaml | 35 + .../6.6.401/templates/deployment.yaml | 48 + .../6.6.401/templates/headless-service.yaml | 18 + .../templates/image-renderer-deployment.yaml | 117 + .../image-renderer-network-policy.yaml | 76 + .../templates/image-renderer-service.yaml | 28 + .../6.6.401/templates/ingress.yaml | 80 + .../6.6.401/templates/nginx-config.yaml | 75 + .../templates/poddisruptionbudget.yaml | 22 + .../6.6.401/templates/podsecuritypolicy.yaml | 49 + .../6.6.401/templates/pvc.yaml | 33 + .../6.6.401/templates/role.yaml | 32 + .../6.6.401/templates/rolebinding.yaml | 25 + .../6.6.401/templates/secret-env.yaml | 14 + .../6.6.401/templates/secret.yaml | 22 + .../6.6.401/templates/service.yaml | 50 + .../6.6.401/templates/serviceaccount.yaml | 13 + .../6.6.401/templates/servicemonitor.yaml | 40 + .../6.6.401/templates/statefulset.yaml | 52 + .../templates/tests/test-configmap.yaml | 17 + .../tests/test-podsecuritypolicy.yaml | 30 + .../6.6.401/templates/tests/test-role.yaml | 14 + .../templates/tests/test-rolebinding.yaml | 17 + .../templates/tests/test-serviceaccount.yaml | 9 + .../6.6.401/templates/tests/test.yaml | 48 + .../rancher-grafana/6.6.401/values.yaml | 732 ++ .../rancher-istio/1.8.301/Chart.yaml | 21 + .../rancher-istio/1.8.301/README.md | 69 + .../rancher-istio/1.8.301/app-readme.md | 45 + .../1.8.301/charts/kiali/Chart.yaml | 31 + .../1.8.301/charts/kiali/templates/NOTES.txt | 5 + .../charts/kiali/templates/_helpers.tpl | 192 + .../charts/kiali/templates/cabundle.yaml | 13 + .../charts/kiali/templates/configmap.yaml | 24 + .../kiali/templates/dashboards/envoy.yaml | 55 + .../charts/kiali/templates/dashboards/go.yaml | 66 + .../kiali/templates/dashboards/kiali.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 42 + .../dashboards/micrometer-1.0.6-jvm.yaml | 64 + .../dashboards/micrometer-1.1-jvm.yaml | 67 + .../dashboards/microprofile-1.1.yaml | 58 + .../dashboards/microprofile-x.y.yaml | 37 + .../kiali/templates/dashboards/nodejs.yaml | 58 + .../kiali/templates/dashboards/quarkus.yaml | 32 + .../dashboards/springboot-jvm-pool.yaml | 15 + .../templates/dashboards/springboot-jvm.yaml | 15 + .../dashboards/springboot-tomcat.yaml | 15 + .../kiali/templates/dashboards/thorntail.yaml | 21 + .../kiali/templates/dashboards/tomcat.yaml | 66 + .../templates/dashboards/vertx-client.yaml | 59 + .../templates/dashboards/vertx-eventbus.yaml | 58 + .../kiali/templates/dashboards/vertx-jvm.yaml | 15 + .../templates/dashboards/vertx-pool.yaml | 67 + .../templates/dashboards/vertx-server.yaml | 61 + .../charts/kiali/templates/deployment.yaml | 174 + .../1.8.301/charts/kiali/templates/hpa.yaml | 17 + .../charts/kiali/templates/ingress.yaml | 40 + .../1.8.301/charts/kiali/templates/oauth.yaml | 17 + .../1.8.301/charts/kiali/templates/psp.yaml | 67 + .../kiali/templates/role-controlplane.yaml | 15 + .../charts/kiali/templates/role-viewer.yaml | 96 + .../1.8.301/charts/kiali/templates/role.yaml | 107 + .../templates/rolebinding-controlplane.yaml | 17 + .../charts/kiali/templates/rolebinding.yaml | 20 + .../1.8.301/charts/kiali/templates/route.yaml | 30 + .../charts/kiali/templates/service.yaml | 40 + .../kiali/templates/serviceaccount.yaml | 9 + .../kiali/templates/validate-install-crd.yaml | 14 + .../kiali/templates/web-root-configmap.yaml | 12 + .../1.8.301/charts/kiali/values.yaml | 93 + .../1.8.301/charts/tracing/.helmignore | 23 + .../1.8.301/charts/tracing/Chart.yaml | 12 + .../1.8.301/charts/tracing/README.md | 5 + .../charts/tracing/templates/_affinity.tpl | 92 + .../charts/tracing/templates/_helpers.tpl | 32 + .../charts/tracing/templates/deployment.yaml | 86 + .../1.8.301/charts/tracing/templates/psp.yaml | 86 + .../1.8.301/charts/tracing/templates/pvc.yaml | 16 + .../charts/tracing/templates/service.yaml | 63 + .../1.8.301/charts/tracing/values.yaml | 44 + .../1.8.301/configs/istio-base.yaml | 85 + .../rancher-istio/1.8.301/requirements.yaml | 17 + .../1.8.301/samples/overlay-example.yaml | 37 + .../1.8.301/templates/_helpers.tpl | 12 + .../1.8.301/templates/admin-role.yaml | 43 + .../1.8.301/templates/base-config-map.yaml | 7 + .../1.8.301/templates/clusterrole.yaml | 120 + .../1.8.301/templates/clusterrolebinding.yaml | 12 + .../1.8.301/templates/edit-role.yaml | 43 + .../1.8.301/templates/istio-cni-psp.yaml | 51 + .../1.8.301/templates/istio-install-job.yaml | 50 + .../1.8.301/templates/istio-install-psp.yaml | 30 + .../1.8.301/templates/istio-psp.yaml | 81 + .../templates/istio-uninstall-job.yaml | 45 + .../1.8.301/templates/overlay-config-map.yaml | 9 + .../1.8.301/templates/service-monitors.yaml | 51 + .../1.8.301/templates/serviceaccount.yaml | 5 + .../1.8.301/templates/view-role.yaml | 41 + .../rancher-istio/1.8.301/values.yaml | 94 + .../rancher-istio/1.8.400/Chart.yaml | 21 + .../rancher-istio/1.8.400/README.md | 69 + .../rancher-istio/1.8.400/app-readme.md | 45 + .../1.8.400/charts/kiali/Chart.yaml | 31 + .../1.8.400/charts/kiali/templates/NOTES.txt | 5 + .../charts/kiali/templates/_helpers.tpl | 192 + .../charts/kiali/templates/cabundle.yaml | 13 + .../charts/kiali/templates/configmap.yaml | 24 + .../kiali/templates/dashboards/envoy.yaml | 56 + .../charts/kiali/templates/dashboards/go.yaml | 67 + .../kiali/templates/dashboards/kiali.yaml | 44 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm.yaml | 65 + .../dashboards/micrometer-1.1-jvm.yaml | 68 + .../dashboards/microprofile-1.1.yaml | 59 + .../dashboards/microprofile-x.y.yaml | 38 + .../kiali/templates/dashboards/nodejs.yaml | 59 + .../kiali/templates/dashboards/quarkus.yaml | 33 + .../dashboards/springboot-jvm-pool.yaml | 16 + .../templates/dashboards/springboot-jvm.yaml | 16 + .../dashboards/springboot-tomcat.yaml | 16 + .../kiali/templates/dashboards/thorntail.yaml | 22 + .../kiali/templates/dashboards/tomcat.yaml | 67 + .../templates/dashboards/vertx-client.yaml | 60 + .../templates/dashboards/vertx-eventbus.yaml | 59 + .../kiali/templates/dashboards/vertx-jvm.yaml | 16 + .../templates/dashboards/vertx-pool.yaml | 68 + .../templates/dashboards/vertx-server.yaml | 62 + .../charts/kiali/templates/deployment.yaml | 174 + .../1.8.400/charts/kiali/templates/hpa.yaml | 17 + .../charts/kiali/templates/ingress.yaml | 40 + .../1.8.400/charts/kiali/templates/oauth.yaml | 17 + .../1.8.400/charts/kiali/templates/psp.yaml | 67 + .../kiali/templates/role-controlplane.yaml | 15 + .../charts/kiali/templates/role-viewer.yaml | 97 + .../1.8.400/charts/kiali/templates/role.yaml | 108 + .../templates/rolebinding-controlplane.yaml | 17 + .../charts/kiali/templates/rolebinding.yaml | 20 + .../1.8.400/charts/kiali/templates/route.yaml | 30 + .../charts/kiali/templates/service.yaml | 47 + .../kiali/templates/serviceaccount.yaml | 9 + .../kiali/templates/validate-install-crd.yaml | 14 + .../kiali/templates/web-root-configmap.yaml | 12 + .../1.8.400/charts/kiali/values.yaml | 93 + .../1.8.400/charts/tracing/.helmignore | 23 + .../1.8.400/charts/tracing/Chart.yaml | 12 + .../1.8.400/charts/tracing/README.md | 5 + .../charts/tracing/templates/_affinity.tpl | 92 + .../charts/tracing/templates/_helpers.tpl | 32 + .../charts/tracing/templates/deployment.yaml | 86 + .../1.8.400/charts/tracing/templates/psp.yaml | 86 + .../1.8.400/charts/tracing/templates/pvc.yaml | 16 + .../charts/tracing/templates/service.yaml | 63 + .../1.8.400/charts/tracing/values.yaml | 44 + .../1.8.400/configs/istio-base.yaml | 89 + .../rancher-istio/1.8.400/requirements.yaml | 17 + .../1.8.400/samples/overlay-example.yaml | 37 + .../1.8.400/templates/_helpers.tpl | 12 + .../1.8.400/templates/admin-role.yaml | 43 + .../1.8.400/templates/base-config-map.yaml | 7 + .../1.8.400/templates/clusterrole.yaml | 120 + .../1.8.400/templates/clusterrolebinding.yaml | 12 + .../1.8.400/templates/edit-role.yaml | 43 + .../1.8.400/templates/istio-cni-psp.yaml | 51 + .../1.8.400/templates/istio-install-job.yaml | 50 + .../1.8.400/templates/istio-install-psp.yaml | 30 + .../1.8.400/templates/istio-psp.yaml | 81 + .../templates/istio-uninstall-job.yaml | 45 + .../1.8.400/templates/overlay-config-map.yaml | 9 + .../1.8.400/templates/service-monitors.yaml | 51 + .../1.8.400/templates/serviceaccount.yaml | 5 + .../1.8.400/templates/view-role.yaml | 41 + .../rancher-istio/1.8.400/values.yaml | 95 + .../rancher-istio/1.8.500/Chart.yaml | 21 + .../rancher-istio/1.8.500/README.md | 69 + .../rancher-istio/1.8.500/app-readme.md | 45 + .../1.8.500/charts/kiali/Chart.yaml | 31 + .../1.8.500/charts/kiali/templates/NOTES.txt | 5 + .../charts/kiali/templates/_helpers.tpl | 192 + .../charts/kiali/templates/cabundle.yaml | 13 + .../charts/kiali/templates/configmap.yaml | 24 + .../kiali/templates/dashboards/envoy.yaml | 56 + .../charts/kiali/templates/dashboards/go.yaml | 67 + .../kiali/templates/dashboards/kiali.yaml | 44 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm.yaml | 65 + .../dashboards/micrometer-1.1-jvm.yaml | 68 + .../dashboards/microprofile-1.1.yaml | 59 + .../dashboards/microprofile-x.y.yaml | 38 + .../kiali/templates/dashboards/nodejs.yaml | 59 + .../kiali/templates/dashboards/quarkus.yaml | 33 + .../dashboards/springboot-jvm-pool.yaml | 16 + .../templates/dashboards/springboot-jvm.yaml | 16 + .../dashboards/springboot-tomcat.yaml | 16 + .../kiali/templates/dashboards/thorntail.yaml | 22 + .../kiali/templates/dashboards/tomcat.yaml | 67 + .../templates/dashboards/vertx-client.yaml | 60 + .../templates/dashboards/vertx-eventbus.yaml | 59 + .../kiali/templates/dashboards/vertx-jvm.yaml | 16 + .../templates/dashboards/vertx-pool.yaml | 68 + .../templates/dashboards/vertx-server.yaml | 62 + .../charts/kiali/templates/deployment.yaml | 174 + .../1.8.500/charts/kiali/templates/hpa.yaml | 17 + .../charts/kiali/templates/ingress.yaml | 40 + .../1.8.500/charts/kiali/templates/oauth.yaml | 17 + .../1.8.500/charts/kiali/templates/psp.yaml | 67 + .../kiali/templates/role-controlplane.yaml | 15 + .../charts/kiali/templates/role-viewer.yaml | 97 + .../1.8.500/charts/kiali/templates/role.yaml | 108 + .../templates/rolebinding-controlplane.yaml | 17 + .../charts/kiali/templates/rolebinding.yaml | 20 + .../1.8.500/charts/kiali/templates/route.yaml | 30 + .../charts/kiali/templates/service.yaml | 47 + .../kiali/templates/serviceaccount.yaml | 9 + .../kiali/templates/validate-install-crd.yaml | 14 + .../kiali/templates/web-root-configmap.yaml | 12 + .../1.8.500/charts/kiali/values.yaml | 93 + .../1.8.500/charts/tracing/.helmignore | 23 + .../1.8.500/charts/tracing/Chart.yaml | 12 + .../1.8.500/charts/tracing/README.md | 5 + .../charts/tracing/templates/_affinity.tpl | 92 + .../charts/tracing/templates/_helpers.tpl | 32 + .../charts/tracing/templates/deployment.yaml | 86 + .../1.8.500/charts/tracing/templates/psp.yaml | 86 + .../1.8.500/charts/tracing/templates/pvc.yaml | 16 + .../charts/tracing/templates/service.yaml | 63 + .../1.8.500/charts/tracing/values.yaml | 44 + .../1.8.500/configs/istio-base.yaml | 89 + .../rancher-istio/1.8.500/requirements.yaml | 17 + .../1.8.500/samples/overlay-example.yaml | 37 + .../1.8.500/templates/_helpers.tpl | 12 + .../1.8.500/templates/admin-role.yaml | 43 + .../1.8.500/templates/base-config-map.yaml | 7 + .../1.8.500/templates/clusterrole.yaml | 120 + .../1.8.500/templates/clusterrolebinding.yaml | 12 + .../1.8.500/templates/edit-role.yaml | 43 + .../1.8.500/templates/istio-cni-psp.yaml | 51 + .../1.8.500/templates/istio-install-job.yaml | 50 + .../1.8.500/templates/istio-install-psp.yaml | 30 + .../1.8.500/templates/istio-psp.yaml | 81 + .../templates/istio-uninstall-job.yaml | 45 + .../1.8.500/templates/overlay-config-map.yaml | 9 + .../1.8.500/templates/service-monitors.yaml | 51 + .../1.8.500/templates/serviceaccount.yaml | 5 + .../1.8.500/templates/view-role.yaml | 41 + .../rancher-istio/1.8.500/values.yaml | 95 + .../rancher-istio/1.9.200/Chart.yaml | 21 + .../rancher-istio/1.9.200/README.md | 69 + .../rancher-istio/1.9.200/app-readme.md | 45 + .../1.9.200/charts/kiali/Chart.yaml | 31 + .../1.9.200/charts/kiali/templates/NOTES.txt | 5 + .../charts/kiali/templates/_helpers.tpl | 192 + .../charts/kiali/templates/cabundle.yaml | 13 + .../charts/kiali/templates/configmap.yaml | 24 + .../kiali/templates/dashboards/envoy.yaml | 56 + .../charts/kiali/templates/dashboards/go.yaml | 67 + .../kiali/templates/dashboards/kiali.yaml | 44 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm.yaml | 65 + .../dashboards/micrometer-1.1-jvm.yaml | 68 + .../dashboards/microprofile-1.1.yaml | 59 + .../dashboards/microprofile-x.y.yaml | 38 + .../kiali/templates/dashboards/nodejs.yaml | 59 + .../kiali/templates/dashboards/quarkus.yaml | 33 + .../dashboards/springboot-jvm-pool.yaml | 16 + .../templates/dashboards/springboot-jvm.yaml | 16 + .../dashboards/springboot-tomcat.yaml | 16 + .../kiali/templates/dashboards/thorntail.yaml | 22 + .../kiali/templates/dashboards/tomcat.yaml | 67 + .../templates/dashboards/vertx-client.yaml | 60 + .../templates/dashboards/vertx-eventbus.yaml | 59 + .../kiali/templates/dashboards/vertx-jvm.yaml | 16 + .../templates/dashboards/vertx-pool.yaml | 68 + .../templates/dashboards/vertx-server.yaml | 62 + .../charts/kiali/templates/deployment.yaml | 174 + .../1.9.200/charts/kiali/templates/hpa.yaml | 17 + .../charts/kiali/templates/ingress.yaml | 40 + .../1.9.200/charts/kiali/templates/oauth.yaml | 17 + .../1.9.200/charts/kiali/templates/psp.yaml | 67 + .../kiali/templates/role-controlplane.yaml | 15 + .../charts/kiali/templates/role-viewer.yaml | 97 + .../1.9.200/charts/kiali/templates/role.yaml | 108 + .../templates/rolebinding-controlplane.yaml | 17 + .../charts/kiali/templates/rolebinding.yaml | 20 + .../1.9.200/charts/kiali/templates/route.yaml | 30 + .../charts/kiali/templates/service.yaml | 47 + .../kiali/templates/serviceaccount.yaml | 9 + .../kiali/templates/validate-install-crd.yaml | 14 + .../kiali/templates/web-root-configmap.yaml | 12 + .../1.9.200/charts/kiali/values.yaml | 93 + .../1.9.200/charts/tracing/.helmignore | 23 + .../1.9.200/charts/tracing/Chart.yaml | 12 + .../1.9.200/charts/tracing/README.md | 5 + .../charts/tracing/templates/_affinity.tpl | 92 + .../charts/tracing/templates/_helpers.tpl | 32 + .../charts/tracing/templates/deployment.yaml | 86 + .../1.9.200/charts/tracing/templates/psp.yaml | 86 + .../1.9.200/charts/tracing/templates/pvc.yaml | 16 + .../charts/tracing/templates/service.yaml | 63 + .../1.9.200/charts/tracing/values.yaml | 44 + .../1.9.200/configs/istio-base.yaml | 89 + .../rancher-istio/1.9.200/requirements.yaml | 17 + .../1.9.200/samples/overlay-example.yaml | 37 + .../1.9.200/templates/_helpers.tpl | 12 + .../1.9.200/templates/admin-role.yaml | 43 + .../1.9.200/templates/base-config-map.yaml | 7 + .../1.9.200/templates/clusterrole.yaml | 120 + .../1.9.200/templates/clusterrolebinding.yaml | 12 + .../1.9.200/templates/edit-role.yaml | 43 + .../1.9.200/templates/istio-cni-psp.yaml | 51 + .../1.9.200/templates/istio-install-job.yaml | 50 + .../1.9.200/templates/istio-install-psp.yaml | 30 + .../1.9.200/templates/istio-psp.yaml | 81 + .../templates/istio-uninstall-job.yaml | 45 + .../1.9.200/templates/overlay-config-map.yaml | 9 + .../1.9.200/templates/service-monitors.yaml | 51 + .../1.9.200/templates/serviceaccount.yaml | 5 + .../1.9.200/templates/view-role.yaml | 41 + .../rancher-istio/1.9.200/values.yaml | 95 + .../rancher-istio/1.9.300/Chart.yaml | 21 + .../rancher-istio/1.9.300/README.md | 69 + .../rancher-istio/1.9.300/app-readme.md | 45 + .../1.9.300/charts/kiali/Chart.yaml | 31 + .../1.9.300/charts/kiali/templates/NOTES.txt | 5 + .../charts/kiali/templates/_helpers.tpl | 192 + .../charts/kiali/templates/cabundle.yaml | 13 + .../charts/kiali/templates/configmap.yaml | 24 + .../kiali/templates/dashboards/envoy.yaml | 56 + .../charts/kiali/templates/dashboards/go.yaml | 67 + .../kiali/templates/dashboards/kiali.yaml | 44 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm.yaml | 65 + .../dashboards/micrometer-1.1-jvm.yaml | 68 + .../dashboards/microprofile-1.1.yaml | 59 + .../dashboards/microprofile-x.y.yaml | 38 + .../kiali/templates/dashboards/nodejs.yaml | 59 + .../kiali/templates/dashboards/quarkus.yaml | 33 + .../dashboards/springboot-jvm-pool.yaml | 16 + .../templates/dashboards/springboot-jvm.yaml | 16 + .../dashboards/springboot-tomcat.yaml | 16 + .../kiali/templates/dashboards/thorntail.yaml | 22 + .../kiali/templates/dashboards/tomcat.yaml | 67 + .../templates/dashboards/vertx-client.yaml | 60 + .../templates/dashboards/vertx-eventbus.yaml | 59 + .../kiali/templates/dashboards/vertx-jvm.yaml | 16 + .../templates/dashboards/vertx-pool.yaml | 68 + .../templates/dashboards/vertx-server.yaml | 62 + .../charts/kiali/templates/deployment.yaml | 174 + .../1.9.300/charts/kiali/templates/hpa.yaml | 17 + .../charts/kiali/templates/ingress.yaml | 40 + .../1.9.300/charts/kiali/templates/oauth.yaml | 17 + .../1.9.300/charts/kiali/templates/psp.yaml | 67 + .../kiali/templates/role-controlplane.yaml | 15 + .../charts/kiali/templates/role-viewer.yaml | 97 + .../1.9.300/charts/kiali/templates/role.yaml | 108 + .../templates/rolebinding-controlplane.yaml | 17 + .../charts/kiali/templates/rolebinding.yaml | 20 + .../1.9.300/charts/kiali/templates/route.yaml | 30 + .../charts/kiali/templates/service.yaml | 47 + .../kiali/templates/serviceaccount.yaml | 9 + .../kiali/templates/validate-install-crd.yaml | 14 + .../kiali/templates/web-root-configmap.yaml | 12 + .../1.9.300/charts/kiali/values.yaml | 93 + .../1.9.300/charts/tracing/.helmignore | 23 + .../1.9.300/charts/tracing/Chart.yaml | 12 + .../1.9.300/charts/tracing/README.md | 5 + .../charts/tracing/templates/_affinity.tpl | 92 + .../charts/tracing/templates/_helpers.tpl | 32 + .../charts/tracing/templates/deployment.yaml | 86 + .../1.9.300/charts/tracing/templates/psp.yaml | 86 + .../1.9.300/charts/tracing/templates/pvc.yaml | 16 + .../charts/tracing/templates/service.yaml | 63 + .../1.9.300/charts/tracing/values.yaml | 44 + .../1.9.300/configs/istio-base.yaml | 89 + .../rancher-istio/1.9.300/requirements.yaml | 17 + .../1.9.300/samples/overlay-example.yaml | 37 + .../1.9.300/templates/_helpers.tpl | 12 + .../1.9.300/templates/admin-role.yaml | 43 + .../1.9.300/templates/base-config-map.yaml | 7 + .../1.9.300/templates/clusterrole.yaml | 120 + .../1.9.300/templates/clusterrolebinding.yaml | 12 + .../1.9.300/templates/edit-role.yaml | 43 + .../1.9.300/templates/istio-cni-psp.yaml | 51 + .../1.9.300/templates/istio-install-job.yaml | 50 + .../1.9.300/templates/istio-install-psp.yaml | 30 + .../1.9.300/templates/istio-psp.yaml | 81 + .../templates/istio-uninstall-job.yaml | 45 + .../1.9.300/templates/overlay-config-map.yaml | 9 + .../1.9.300/templates/service-monitors.yaml | 51 + .../1.9.300/templates/serviceaccount.yaml | 5 + .../1.9.300/templates/view-role.yaml | 41 + .../rancher-istio/1.9.300/values.yaml | 95 + .../rancher-istio/1.7.100/Chart.yaml | 19 + .../rancher-istio/1.7.100/README.md | 28 + .../charts/rancher-kiali-server/Chart.yaml | 31 + .../rancher-kiali-server/templates/NOTES.txt | 5 + .../templates/_helpers.tpl | 176 + .../templates/cabundle.yaml | 13 + .../templates/configmap.yaml | 24 + .../templates/dashboards/envoy.yaml | 55 + .../templates/dashboards/go.yaml | 66 + .../templates/dashboards/kiali.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 42 + .../dashboards/micrometer-1.0.6-jvm.yaml | 64 + .../dashboards/micrometer-1.1-jvm.yaml | 67 + .../dashboards/microprofile-1.1.yaml | 58 + .../dashboards/microprofile-x.y.yaml | 37 + .../templates/dashboards/nodejs.yaml | 58 + .../templates/dashboards/quarkus.yaml | 32 + .../dashboards/springboot-jvm-pool.yaml | 15 + .../templates/dashboards/springboot-jvm.yaml | 15 + .../dashboards/springboot-tomcat.yaml | 15 + .../templates/dashboards/thorntail.yaml | 21 + .../templates/dashboards/tomcat.yaml | 66 + .../templates/dashboards/vertx-client.yaml | 59 + .../templates/dashboards/vertx-eventbus.yaml | 58 + .../templates/dashboards/vertx-jvm.yaml | 15 + .../templates/dashboards/vertx-pool.yaml | 67 + .../templates/dashboards/vertx-server.yaml | 61 + .../templates/deployment.yaml | 165 + .../templates/ingess.yaml | 40 + .../rancher-kiali-server/templates/oauth.yaml | 17 + .../templates/role-viewer.yaml | 101 + .../rancher-kiali-server/templates/role.yaml | 118 + .../templates/rolebinding.yaml | 20 + .../rancher-kiali-server/templates/route.yaml | 30 + .../templates/service.yaml | 40 + .../templates/serviceaccount.yaml | 9 + .../templates/validate-install-crd.yaml | 14 + .../templates/web-root-configmap.yaml | 12 + .../charts/rancher-kiali-server/values.yaml | 79 + .../1.7.100/configs/istio-base.yaml | 99 + .../rancher-istio/1.7.100/requirements.lock | 6 + .../rancher-istio/1.7.100/requirements.yaml | 7 + .../1.7.100/samples/overlay-example.yaml | 37 + .../1.7.100/templates/_helpers.tpl | 12 + .../1.7.100/templates/admin-role.yaml | 43 + .../1.7.100/templates/base-config-map.yaml | 7 + .../1.7.100/templates/clusterrole.yaml | 112 + .../1.7.100/templates/clusterrolebinding.yaml | 12 + .../1.7.100/templates/edit-role.yaml | 43 + .../1.7.100/templates/istio-install-job.yaml | 45 + .../templates/istio-uninstall-job.yaml | 42 + .../1.7.100/templates/overlay-config-map.yaml | 9 + .../1.7.100/templates/service-monitors.yaml | 51 + .../1.7.100/templates/serviceaccount.yaml | 5 + .../1.7.100/templates/view-role.yaml | 41 + .../rancher-istio/1.7.100/values.yaml | 95 + .../rancher-istio/1.7.300/Chart.yaml | 19 + .../rancher-istio/1.7.300/README.md | 36 + .../rancher-istio/1.7.300/app-readme.md | 30 + .../charts/rancher-kiali-server/Chart.yaml | 31 + .../rancher-kiali-server/templates/NOTES.txt | 5 + .../templates/_helpers.tpl | 176 + .../templates/cabundle.yaml | 13 + .../templates/configmap.yaml | 24 + .../templates/dashboards/envoy.yaml | 55 + .../templates/dashboards/go.yaml | 66 + .../templates/dashboards/kiali.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 42 + .../dashboards/micrometer-1.0.6-jvm.yaml | 64 + .../dashboards/micrometer-1.1-jvm.yaml | 67 + .../dashboards/microprofile-1.1.yaml | 58 + .../dashboards/microprofile-x.y.yaml | 37 + .../templates/dashboards/nodejs.yaml | 58 + .../templates/dashboards/quarkus.yaml | 32 + .../dashboards/springboot-jvm-pool.yaml | 15 + .../templates/dashboards/springboot-jvm.yaml | 15 + .../dashboards/springboot-tomcat.yaml | 15 + .../templates/dashboards/thorntail.yaml | 21 + .../templates/dashboards/tomcat.yaml | 66 + .../templates/dashboards/vertx-client.yaml | 59 + .../templates/dashboards/vertx-eventbus.yaml | 58 + .../templates/dashboards/vertx-jvm.yaml | 15 + .../templates/dashboards/vertx-pool.yaml | 67 + .../templates/dashboards/vertx-server.yaml | 61 + .../templates/deployment.yaml | 165 + .../templates/ingess.yaml | 40 + .../rancher-kiali-server/templates/oauth.yaml | 17 + .../templates/role-viewer.yaml | 101 + .../rancher-kiali-server/templates/role.yaml | 118 + .../templates/rolebinding.yaml | 20 + .../rancher-kiali-server/templates/route.yaml | 30 + .../templates/service.yaml | 40 + .../templates/serviceaccount.yaml | 9 + .../templates/validate-install-crd.yaml | 14 + .../templates/web-root-configmap.yaml | 12 + .../charts/rancher-kiali-server/values.yaml | 79 + .../1.7.300/configs/istio-base.yaml | 99 + .../rancher-istio/1.7.300/requirements.lock | 6 + .../rancher-istio/1.7.300/requirements.yaml | 7 + .../1.7.300/samples/overlay-example.yaml | 37 + .../1.7.300/templates/_helpers.tpl | 12 + .../1.7.300/templates/admin-role.yaml | 43 + .../1.7.300/templates/base-config-map.yaml | 7 + .../1.7.300/templates/clusterrole.yaml | 112 + .../1.7.300/templates/clusterrolebinding.yaml | 12 + .../1.7.300/templates/edit-role.yaml | 43 + .../1.7.300/templates/istio-install-job.yaml | 45 + .../templates/istio-uninstall-job.yaml | 42 + .../1.7.300/templates/overlay-config-map.yaml | 9 + .../1.7.300/templates/service-monitors.yaml | 51 + .../1.7.300/templates/serviceaccount.yaml | 5 + .../1.7.300/templates/view-role.yaml | 41 + .../rancher-istio/1.7.300/values.yaml | 96 + .../rancher-istio/1.7.301/Chart.yaml | 19 + .../rancher-istio/1.7.301/README.md | 46 + .../rancher-istio/1.7.301/app-readme.md | 31 + .../charts/rancher-kiali-server/Chart.yaml | 31 + .../rancher-kiali-server/templates/NOTES.txt | 5 + .../templates/_helpers.tpl | 176 + .../templates/cabundle.yaml | 13 + .../templates/configmap.yaml | 24 + .../templates/dashboards/envoy.yaml | 55 + .../templates/dashboards/go.yaml | 66 + .../templates/dashboards/kiali.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 42 + .../dashboards/micrometer-1.0.6-jvm.yaml | 64 + .../dashboards/micrometer-1.1-jvm.yaml | 67 + .../dashboards/microprofile-1.1.yaml | 58 + .../dashboards/microprofile-x.y.yaml | 37 + .../templates/dashboards/nodejs.yaml | 58 + .../templates/dashboards/quarkus.yaml | 32 + .../dashboards/springboot-jvm-pool.yaml | 15 + .../templates/dashboards/springboot-jvm.yaml | 15 + .../dashboards/springboot-tomcat.yaml | 15 + .../templates/dashboards/thorntail.yaml | 21 + .../templates/dashboards/tomcat.yaml | 66 + .../templates/dashboards/vertx-client.yaml | 59 + .../templates/dashboards/vertx-eventbus.yaml | 58 + .../templates/dashboards/vertx-jvm.yaml | 15 + .../templates/dashboards/vertx-pool.yaml | 67 + .../templates/dashboards/vertx-server.yaml | 61 + .../templates/deployment.yaml | 165 + .../templates/ingess.yaml | 40 + .../rancher-kiali-server/templates/oauth.yaml | 17 + .../templates/role-viewer.yaml | 101 + .../rancher-kiali-server/templates/role.yaml | 118 + .../templates/rolebinding.yaml | 20 + .../rancher-kiali-server/templates/route.yaml | 30 + .../templates/service.yaml | 40 + .../templates/serviceaccount.yaml | 9 + .../templates/validate-install-crd.yaml | 14 + .../templates/web-root-configmap.yaml | 12 + .../charts/rancher-kiali-server/values.yaml | 79 + .../charts/rancher-tracing/.helmignore | 23 + .../1.7.301/charts/rancher-tracing/Chart.yaml | 12 + .../1.7.301/charts/rancher-tracing/README.md | 5 + .../rancher-tracing/templates/_affinity.tpl | 92 + .../rancher-tracing/templates/_helpers.tpl | 32 + .../rancher-tracing/templates/deployment.yaml | 80 + .../charts/rancher-tracing/templates/pvc.yaml | 16 + .../rancher-tracing/templates/service.yaml | 63 + .../charts/rancher-tracing/values.yaml | 42 + .../1.7.301/configs/istio-base.yaml | 102 + .../rancher-istio/1.7.301/requirements.lock | 9 + .../rancher-istio/1.7.301/requirements.yaml | 13 + .../1.7.301/samples/overlay-example.yaml | 37 + .../1.7.301/templates/_helpers.tpl | 12 + .../1.7.301/templates/admin-role.yaml | 43 + .../1.7.301/templates/base-config-map.yaml | 7 + .../1.7.301/templates/clusterrole.yaml | 112 + .../1.7.301/templates/clusterrolebinding.yaml | 12 + .../1.7.301/templates/edit-role.yaml | 43 + .../1.7.301/templates/istio-install-job.yaml | 45 + .../templates/istio-uninstall-job.yaml | 42 + .../1.7.301/templates/overlay-config-map.yaml | 9 + .../1.7.301/templates/service-monitors.yaml | 51 + .../1.7.301/templates/serviceaccount.yaml | 5 + .../1.7.301/templates/view-role.yaml | 41 + .../rancher-istio/1.7.301/values.yaml | 106 + .../rancher-istio/1.8.300/Chart.yaml | 21 + .../rancher-istio/1.8.300/README.md | 69 + .../rancher-istio/1.8.300/app-readme.md | 45 + .../1.8.300/charts/kiali/Chart.yaml | 31 + .../1.8.300/charts/kiali/templates/NOTES.txt | 5 + .../charts/kiali/templates/_helpers.tpl | 192 + .../charts/kiali/templates/cabundle.yaml | 13 + .../charts/kiali/templates/configmap.yaml | 24 + .../kiali/templates/dashboards/envoy.yaml | 55 + .../charts/kiali/templates/dashboards/go.yaml | 66 + .../kiali/templates/dashboards/kiali.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 42 + .../dashboards/micrometer-1.0.6-jvm.yaml | 64 + .../dashboards/micrometer-1.1-jvm.yaml | 67 + .../dashboards/microprofile-1.1.yaml | 58 + .../dashboards/microprofile-x.y.yaml | 37 + .../kiali/templates/dashboards/nodejs.yaml | 58 + .../kiali/templates/dashboards/quarkus.yaml | 32 + .../dashboards/springboot-jvm-pool.yaml | 15 + .../templates/dashboards/springboot-jvm.yaml | 15 + .../dashboards/springboot-tomcat.yaml | 15 + .../kiali/templates/dashboards/thorntail.yaml | 21 + .../kiali/templates/dashboards/tomcat.yaml | 66 + .../templates/dashboards/vertx-client.yaml | 59 + .../templates/dashboards/vertx-eventbus.yaml | 58 + .../kiali/templates/dashboards/vertx-jvm.yaml | 15 + .../templates/dashboards/vertx-pool.yaml | 67 + .../templates/dashboards/vertx-server.yaml | 61 + .../charts/kiali/templates/deployment.yaml | 174 + .../1.8.300/charts/kiali/templates/hpa.yaml | 17 + .../charts/kiali/templates/ingress.yaml | 40 + .../1.8.300/charts/kiali/templates/oauth.yaml | 17 + .../kiali/templates/role-controlplane.yaml | 15 + .../charts/kiali/templates/role-viewer.yaml | 96 + .../1.8.300/charts/kiali/templates/role.yaml | 107 + .../templates/rolebinding-controlplane.yaml | 17 + .../charts/kiali/templates/rolebinding.yaml | 20 + .../1.8.300/charts/kiali/templates/route.yaml | 30 + .../charts/kiali/templates/service.yaml | 40 + .../kiali/templates/serviceaccount.yaml | 9 + .../kiali/templates/validate-install-crd.yaml | 14 + .../kiali/templates/web-root-configmap.yaml | 12 + .../1.8.300/charts/kiali/values.yaml | 91 + .../1.8.300/charts/tracing/.helmignore | 23 + .../1.8.300/charts/tracing/Chart.yaml | 12 + .../1.8.300/charts/tracing/README.md | 5 + .../charts/tracing/templates/_affinity.tpl | 92 + .../charts/tracing/templates/_helpers.tpl | 32 + .../charts/tracing/templates/deployment.yaml | 80 + .../1.8.300/charts/tracing/templates/pvc.yaml | 16 + .../charts/tracing/templates/service.yaml | 63 + .../1.8.300/charts/tracing/values.yaml | 42 + .../1.8.300/configs/istio-base.yaml | 85 + .../rancher-istio/1.8.300/requirements.yaml | 17 + .../1.8.300/samples/overlay-example.yaml | 37 + .../1.8.300/templates/_helpers.tpl | 12 + .../1.8.300/templates/admin-role.yaml | 43 + .../1.8.300/templates/base-config-map.yaml | 7 + .../1.8.300/templates/clusterrole.yaml | 112 + .../1.8.300/templates/clusterrolebinding.yaml | 12 + .../1.8.300/templates/edit-role.yaml | 43 + .../1.8.300/templates/istio-install-job.yaml | 45 + .../templates/istio-uninstall-job.yaml | 42 + .../1.8.300/templates/overlay-config-map.yaml | 9 + .../1.8.300/templates/service-monitors.yaml | 51 + .../1.8.300/templates/serviceaccount.yaml | 5 + .../1.8.300/templates/view-role.yaml | 41 + .../rancher-istio/1.8.300/values.yaml | 92 + .../1.23.001/Chart.yaml | 7 + .../1.23.001/README.md | 2 + .../1.23.001/templates/crds.yaml | 18 + .../1.24.001/Chart.yaml | 7 + .../1.24.001/README.md | 2 + .../1.24.001/templates/crds.yaml | 18 + .../1.24.003/Chart.yaml | 7 + .../1.24.003/README.md | 2 + .../1.24.003/templates/crds.yaml | 18 + .../1.29.000/Chart.yaml | 7 + .../1.29.000/README.md | 2 + .../1.29.000/templates/crds.yaml | 18 + .../1.29.100/Chart.yaml | 7 + .../1.29.100/README.md | 2 + .../1.29.100/templates/crds.yaml | 18 + .../1.32.100/Chart.yaml | 7 + .../1.32.100/README.md | 2 + .../1.32.100/templates/crds.yaml | 22 + .../rancher-kiali-server/1.23.001/Chart.yaml | 31 + .../1.23.001/templates/NOTES.txt | 5 + .../1.23.001/templates/_helpers.tpl | 176 + .../1.23.001/templates/cabundle.yaml | 13 + .../1.23.001/templates/configmap.yaml | 24 + .../1.23.001/templates/dashboards/envoy.yaml | 55 + .../1.23.001/templates/dashboards/go.yaml | 66 + .../1.23.001/templates/dashboards/kiali.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 42 + .../dashboards/micrometer-1.0.6-jvm.yaml | 64 + .../dashboards/micrometer-1.1-jvm.yaml | 67 + .../dashboards/microprofile-1.1.yaml | 58 + .../dashboards/microprofile-x.y.yaml | 37 + .../1.23.001/templates/dashboards/nodejs.yaml | 58 + .../templates/dashboards/quarkus.yaml | 32 + .../dashboards/springboot-jvm-pool.yaml | 15 + .../templates/dashboards/springboot-jvm.yaml | 15 + .../dashboards/springboot-tomcat.yaml | 15 + .../templates/dashboards/thorntail.yaml | 21 + .../1.23.001/templates/dashboards/tomcat.yaml | 66 + .../templates/dashboards/vertx-client.yaml | 59 + .../templates/dashboards/vertx-eventbus.yaml | 58 + .../templates/dashboards/vertx-jvm.yaml | 15 + .../templates/dashboards/vertx-pool.yaml | 67 + .../templates/dashboards/vertx-server.yaml | 61 + .../1.23.001/templates/deployment.yaml | 165 + .../1.23.001/templates/ingess.yaml | 40 + .../1.23.001/templates/oauth.yaml | 17 + .../1.23.001/templates/role-viewer.yaml | 101 + .../1.23.001/templates/role.yaml | 118 + .../1.23.001/templates/rolebinding.yaml | 20 + .../1.23.001/templates/route.yaml | 30 + .../1.23.001/templates/service.yaml | 40 + .../1.23.001/templates/serviceaccount.yaml | 9 + .../templates/validate-install-crd.yaml | 14 + .../templates/web-root-configmap.yaml | 12 + .../rancher-kiali-server/1.23.001/values.yaml | 79 + .../rancher-kiali-server/1.24.001/Chart.yaml | 31 + .../1.24.001/templates/NOTES.txt | 5 + .../1.24.001/templates/_helpers.tpl | 176 + .../1.24.001/templates/cabundle.yaml | 13 + .../1.24.001/templates/configmap.yaml | 24 + .../1.24.001/templates/dashboards/envoy.yaml | 55 + .../1.24.001/templates/dashboards/go.yaml | 66 + .../1.24.001/templates/dashboards/kiali.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 42 + .../dashboards/micrometer-1.0.6-jvm.yaml | 64 + .../dashboards/micrometer-1.1-jvm.yaml | 67 + .../dashboards/microprofile-1.1.yaml | 58 + .../dashboards/microprofile-x.y.yaml | 37 + .../1.24.001/templates/dashboards/nodejs.yaml | 58 + .../templates/dashboards/quarkus.yaml | 32 + .../dashboards/springboot-jvm-pool.yaml | 15 + .../templates/dashboards/springboot-jvm.yaml | 15 + .../dashboards/springboot-tomcat.yaml | 15 + .../templates/dashboards/thorntail.yaml | 21 + .../1.24.001/templates/dashboards/tomcat.yaml | 66 + .../templates/dashboards/vertx-client.yaml | 59 + .../templates/dashboards/vertx-eventbus.yaml | 58 + .../templates/dashboards/vertx-jvm.yaml | 15 + .../templates/dashboards/vertx-pool.yaml | 67 + .../templates/dashboards/vertx-server.yaml | 61 + .../1.24.001/templates/deployment.yaml | 165 + .../1.24.001/templates/ingess.yaml | 40 + .../1.24.001/templates/oauth.yaml | 17 + .../1.24.001/templates/role-viewer.yaml | 101 + .../1.24.001/templates/role.yaml | 118 + .../1.24.001/templates/rolebinding.yaml | 20 + .../1.24.001/templates/route.yaml | 30 + .../1.24.001/templates/service.yaml | 40 + .../1.24.001/templates/serviceaccount.yaml | 9 + .../templates/validate-install-crd.yaml | 14 + .../templates/web-root-configmap.yaml | 12 + .../rancher-kiali-server/1.24.001/values.yaml | 79 + .../rancher-kiali-server/1.24.003/Chart.yaml | 31 + .../1.24.003/templates/NOTES.txt | 5 + .../1.24.003/templates/_helpers.tpl | 176 + .../1.24.003/templates/cabundle.yaml | 13 + .../1.24.003/templates/configmap.yaml | 24 + .../1.24.003/templates/dashboards/envoy.yaml | 55 + .../1.24.003/templates/dashboards/go.yaml | 66 + .../1.24.003/templates/dashboards/kiali.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 42 + .../dashboards/micrometer-1.0.6-jvm.yaml | 64 + .../dashboards/micrometer-1.1-jvm.yaml | 67 + .../dashboards/microprofile-1.1.yaml | 58 + .../dashboards/microprofile-x.y.yaml | 37 + .../1.24.003/templates/dashboards/nodejs.yaml | 58 + .../templates/dashboards/quarkus.yaml | 32 + .../dashboards/springboot-jvm-pool.yaml | 15 + .../templates/dashboards/springboot-jvm.yaml | 15 + .../dashboards/springboot-tomcat.yaml | 15 + .../templates/dashboards/thorntail.yaml | 21 + .../1.24.003/templates/dashboards/tomcat.yaml | 66 + .../templates/dashboards/vertx-client.yaml | 59 + .../templates/dashboards/vertx-eventbus.yaml | 58 + .../templates/dashboards/vertx-jvm.yaml | 15 + .../templates/dashboards/vertx-pool.yaml | 67 + .../templates/dashboards/vertx-server.yaml | 61 + .../1.24.003/templates/deployment.yaml | 165 + .../1.24.003/templates/ingess.yaml | 40 + .../1.24.003/templates/oauth.yaml | 17 + .../1.24.003/templates/role-viewer.yaml | 101 + .../1.24.003/templates/role.yaml | 118 + .../1.24.003/templates/rolebinding.yaml | 20 + .../1.24.003/templates/route.yaml | 30 + .../1.24.003/templates/service.yaml | 40 + .../1.24.003/templates/serviceaccount.yaml | 9 + .../templates/validate-install-crd.yaml | 14 + .../templates/web-root-configmap.yaml | 12 + .../rancher-kiali-server/1.24.003/values.yaml | 79 + .../rancher-kiali-server/1.29.000/Chart.yaml | 31 + .../1.29.000/templates/NOTES.txt | 5 + .../1.29.000/templates/_helpers.tpl | 192 + .../1.29.000/templates/cabundle.yaml | 13 + .../1.29.000/templates/configmap.yaml | 24 + .../1.29.000/templates/dashboards/envoy.yaml | 55 + .../1.29.000/templates/dashboards/go.yaml | 66 + .../1.29.000/templates/dashboards/kiali.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 42 + .../dashboards/micrometer-1.0.6-jvm.yaml | 64 + .../dashboards/micrometer-1.1-jvm.yaml | 67 + .../dashboards/microprofile-1.1.yaml | 58 + .../dashboards/microprofile-x.y.yaml | 37 + .../1.29.000/templates/dashboards/nodejs.yaml | 58 + .../templates/dashboards/quarkus.yaml | 32 + .../dashboards/springboot-jvm-pool.yaml | 15 + .../templates/dashboards/springboot-jvm.yaml | 15 + .../dashboards/springboot-tomcat.yaml | 15 + .../templates/dashboards/thorntail.yaml | 21 + .../1.29.000/templates/dashboards/tomcat.yaml | 66 + .../templates/dashboards/vertx-client.yaml | 59 + .../templates/dashboards/vertx-eventbus.yaml | 58 + .../templates/dashboards/vertx-jvm.yaml | 15 + .../templates/dashboards/vertx-pool.yaml | 67 + .../templates/dashboards/vertx-server.yaml | 61 + .../1.29.000/templates/deployment.yaml | 174 + .../1.29.000/templates/hpa.yaml | 17 + .../1.29.000/templates/ingress.yaml | 40 + .../1.29.000/templates/oauth.yaml | 17 + .../1.29.000/templates/role-controlplane.yaml | 15 + .../1.29.000/templates/role-viewer.yaml | 96 + .../1.29.000/templates/role.yaml | 107 + .../templates/rolebinding-controlplane.yaml | 17 + .../1.29.000/templates/rolebinding.yaml | 20 + .../1.29.000/templates/route.yaml | 30 + .../1.29.000/templates/service.yaml | 40 + .../1.29.000/templates/serviceaccount.yaml | 9 + .../templates/validate-install-crd.yaml | 14 + .../templates/web-root-configmap.yaml | 12 + .../rancher-kiali-server/1.29.000/values.yaml | 91 + .../rancher-kiali-server/1.29.100/Chart.yaml | 31 + .../1.29.100/templates/NOTES.txt | 5 + .../1.29.100/templates/_helpers.tpl | 192 + .../1.29.100/templates/cabundle.yaml | 13 + .../1.29.100/templates/configmap.yaml | 24 + .../1.29.100/templates/dashboards/envoy.yaml | 55 + .../1.29.100/templates/dashboards/go.yaml | 66 + .../1.29.100/templates/dashboards/kiali.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 42 + .../dashboards/micrometer-1.0.6-jvm.yaml | 64 + .../dashboards/micrometer-1.1-jvm.yaml | 67 + .../dashboards/microprofile-1.1.yaml | 58 + .../dashboards/microprofile-x.y.yaml | 37 + .../1.29.100/templates/dashboards/nodejs.yaml | 58 + .../templates/dashboards/quarkus.yaml | 32 + .../dashboards/springboot-jvm-pool.yaml | 15 + .../templates/dashboards/springboot-jvm.yaml | 15 + .../dashboards/springboot-tomcat.yaml | 15 + .../templates/dashboards/thorntail.yaml | 21 + .../1.29.100/templates/dashboards/tomcat.yaml | 66 + .../templates/dashboards/vertx-client.yaml | 59 + .../templates/dashboards/vertx-eventbus.yaml | 58 + .../templates/dashboards/vertx-jvm.yaml | 15 + .../templates/dashboards/vertx-pool.yaml | 67 + .../templates/dashboards/vertx-server.yaml | 61 + .../1.29.100/templates/deployment.yaml | 174 + .../1.29.100/templates/hpa.yaml | 17 + .../1.29.100/templates/ingress.yaml | 40 + .../1.29.100/templates/oauth.yaml | 17 + .../1.29.100/templates/psp.yaml | 67 + .../1.29.100/templates/role-controlplane.yaml | 15 + .../1.29.100/templates/role-viewer.yaml | 96 + .../1.29.100/templates/role.yaml | 107 + .../templates/rolebinding-controlplane.yaml | 17 + .../1.29.100/templates/rolebinding.yaml | 20 + .../1.29.100/templates/route.yaml | 30 + .../1.29.100/templates/service.yaml | 40 + .../1.29.100/templates/serviceaccount.yaml | 9 + .../templates/validate-install-crd.yaml | 14 + .../templates/web-root-configmap.yaml | 12 + .../rancher-kiali-server/1.29.100/values.yaml | 93 + .../rancher-kiali-server/1.32.100/Chart.yaml | 31 + .../1.32.100/templates/NOTES.txt | 5 + .../1.32.100/templates/_helpers.tpl | 192 + .../1.32.100/templates/cabundle.yaml | 13 + .../1.32.100/templates/configmap.yaml | 24 + .../1.32.100/templates/dashboards/envoy.yaml | 56 + .../1.32.100/templates/dashboards/go.yaml | 67 + .../1.32.100/templates/dashboards/kiali.yaml | 44 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm.yaml | 65 + .../dashboards/micrometer-1.1-jvm.yaml | 68 + .../dashboards/microprofile-1.1.yaml | 59 + .../dashboards/microprofile-x.y.yaml | 38 + .../1.32.100/templates/dashboards/nodejs.yaml | 59 + .../templates/dashboards/quarkus.yaml | 33 + .../dashboards/springboot-jvm-pool.yaml | 16 + .../templates/dashboards/springboot-jvm.yaml | 16 + .../dashboards/springboot-tomcat.yaml | 16 + .../templates/dashboards/thorntail.yaml | 22 + .../1.32.100/templates/dashboards/tomcat.yaml | 67 + .../templates/dashboards/vertx-client.yaml | 60 + .../templates/dashboards/vertx-eventbus.yaml | 59 + .../templates/dashboards/vertx-jvm.yaml | 16 + .../templates/dashboards/vertx-pool.yaml | 68 + .../templates/dashboards/vertx-server.yaml | 62 + .../1.32.100/templates/deployment.yaml | 174 + .../1.32.100/templates/hpa.yaml | 17 + .../1.32.100/templates/ingress.yaml | 40 + .../1.32.100/templates/oauth.yaml | 17 + .../1.32.100/templates/psp.yaml | 67 + .../1.32.100/templates/role-controlplane.yaml | 15 + .../1.32.100/templates/role-viewer.yaml | 97 + .../1.32.100/templates/role.yaml | 108 + .../templates/rolebinding-controlplane.yaml | 17 + .../1.32.100/templates/rolebinding.yaml | 20 + .../1.32.100/templates/route.yaml | 30 + .../1.32.100/templates/service.yaml | 47 + .../1.32.100/templates/serviceaccount.yaml | 9 + .../templates/validate-install-crd.yaml | 14 + .../templates/web-root-configmap.yaml | 12 + .../rancher-kiali-server/1.32.100/values.yaml | 93 + .../2.13.101/.helmignore | 21 + .../2.13.101/Chart.yaml | 24 + .../2.13.101/LICENSE | 202 + .../2.13.101/OWNERS | 6 + .../2.13.101/README.md | 66 + .../2.13.101/templates/NOTES.txt | 10 + .../2.13.101/templates/_helpers.tpl | 76 + .../templates/clusterrolebinding.yaml | 23 + .../2.13.101/templates/deployment.yaml | 217 + .../2.13.101/templates/kubeconfig-secret.yaml | 15 + .../2.13.101/templates/pdb.yaml | 20 + .../2.13.101/templates/podsecuritypolicy.yaml | 42 + .../2.13.101/templates/psp-clusterrole.yaml | 22 + .../templates/psp-clusterrolebinding.yaml | 19 + .../2.13.101/templates/role.yaml | 192 + .../2.13.101/templates/rolebinding.yaml | 27 + .../2.13.101/templates/service.yaml | 42 + .../2.13.101/templates/serviceaccount.yaml | 18 + .../2.13.101/templates/servicemonitor.yaml | 34 + .../2.13.101/templates/stsdiscovery-role.yaml | 29 + .../templates/stsdiscovery-rolebinding.yaml | 20 + .../2.13.101/values.yaml | 184 + .../rancher-logging-crd/3.6.000/Chart.yaml | 10 + .../rancher-logging-crd/3.6.000/README.md | 2 + .../logging.banzaicloud.io_clusterflows.yaml | 552 ++ ...logging.banzaicloud.io_clusteroutputs.yaml | 4142 ++++++++++ .../logging.banzaicloud.io_flows.yaml | 548 ++ .../logging.banzaicloud.io_loggings.yaml | 2411 ++++++ .../logging.banzaicloud.io_outputs.yaml | 4136 ++++++++++ .../rancher-logging-crd/3.6.001/Chart.yaml | 10 + .../rancher-logging-crd/3.6.001/README.md | 2 + .../logging.banzaicloud.io_clusterflows.yaml | 552 ++ ...logging.banzaicloud.io_clusteroutputs.yaml | 4142 ++++++++++ .../logging.banzaicloud.io_flows.yaml | 548 ++ .../logging.banzaicloud.io_loggings.yaml | 2411 ++++++ .../logging.banzaicloud.io_outputs.yaml | 4136 ++++++++++ .../rancher-logging-crd/3.8.201/Chart.yaml | 10 + .../rancher-logging-crd/3.8.201/README.md | 2 + .../logging.banzaicloud.io_clusterflows.yaml | 627 ++ ...logging.banzaicloud.io_clusteroutputs.yaml | 4531 +++++++++++ .../logging.banzaicloud.io_flows.yaml | 623 ++ .../logging.banzaicloud.io_loggings.yaml | 2754 +++++++ .../logging.banzaicloud.io_outputs.yaml | 4525 +++++++++++ .../rancher-logging-crd/3.9.000/Chart.yaml | 10 + .../rancher-logging-crd/3.9.000/README.md | 2 + .../logging.banzaicloud.io_clusterflows.yaml | 765 ++ ...logging.banzaicloud.io_clusteroutputs.yaml | 4563 +++++++++++ .../logging.banzaicloud.io_flows.yaml | 761 ++ .../logging.banzaicloud.io_loggings.yaml | 3536 ++++++++ .../logging.banzaicloud.io_outputs.yaml | 4557 +++++++++++ .../rancher-logging-crd/3.9.001/Chart.yaml | 10 + .../rancher-logging-crd/3.9.001/README.md | 2 + .../logging.banzaicloud.io_clusterflows.yaml | 765 ++ ...logging.banzaicloud.io_clusteroutputs.yaml | 4563 +++++++++++ .../logging.banzaicloud.io_flows.yaml | 761 ++ .../logging.banzaicloud.io_loggings.yaml | 3536 ++++++++ .../logging.banzaicloud.io_outputs.yaml | 4557 +++++++++++ .../rancher-logging-crd/3.9.002/Chart.yaml | 10 + .../rancher-logging-crd/3.9.002/README.md | 2 + .../logging.banzaicloud.io_clusterflows.yaml | 765 ++ ...logging.banzaicloud.io_clusteroutputs.yaml | 4563 +++++++++++ .../logging.banzaicloud.io_flows.yaml | 761 ++ .../logging.banzaicloud.io_loggings.yaml | 3536 ++++++++ .../logging.banzaicloud.io_outputs.yaml | 4557 +++++++++++ .../rancher-logging-crd/3.9.400/Chart.yaml | 10 + .../rancher-logging-crd/3.9.400/README.md | 2 + .../logging.banzaicloud.io_clusterflows.yaml | 765 ++ ...logging.banzaicloud.io_clusteroutputs.yaml | 4721 +++++++++++ .../logging.banzaicloud.io_flows.yaml | 761 ++ .../logging.banzaicloud.io_loggings.yaml | 7095 +++++++++++++++++ .../logging.banzaicloud.io_outputs.yaml | 4715 +++++++++++ .../rancher-logging/3.6.000/.helmignore | 22 + .../rancher-logging/3.6.000/Chart.yaml | 19 + .../rancher-logging/3.6.000/README.md | 129 + .../rancher-logging/3.6.000/app-readme.md | 3 + .../3.6.000/templates/NOTES.txt | 0 .../3.6.000/templates/_helpers.tpl | 66 + .../3.6.000/templates/clusterrole.yaml | 156 + .../3.6.000/templates/clusterrolebinding.yaml | 21 + .../3.6.000/templates/crds.yaml | 6 + .../3.6.000/templates/deployment.yaml | 62 + .../templates/loggings/eks/logging.yaml | 31 + .../loggings/k3s/logging-k3s-openrc.yaml | 34 + .../loggings/k3s/logging-k3s-systemd.yaml | 34 + .../loggings/rke/logging-containers-rke.yaml | 33 + .../templates/loggings/rke/logging-rke.yaml | 34 + .../templates/loggings/rke2/configmap.yaml | 18 + .../templates/loggings/rke2/daemonset.yaml | 33 + .../rke2/logging-rke2-containers.yaml | 32 + .../loggings/rke2/logging-rke2-journald.yaml | 32 + .../templates/loggings/root/logging.yaml | 25 + .../3.6.000/templates/psp.yaml | 32 + .../3.6.000/templates/service.yaml | 20 + .../3.6.000/templates/serviceMonitor.yaml | 19 + .../3.6.000/templates/serviceaccount.yaml | 13 + .../3.6.000/templates/userroles.yaml | 35 + .../templates/validate-install-crd.yaml | 18 + .../rancher-logging/3.6.000/values.yaml | 118 + .../rancher-logging/3.6.001/.helmignore | 22 + .../rancher-logging/3.6.001/Chart.yaml | 20 + .../rancher-logging/3.6.001/README.md | 129 + .../rancher-logging/3.6.001/app-readme.md | 21 + .../3.6.001/templates/NOTES.txt | 0 .../3.6.001/templates/_helpers.tpl | 66 + .../3.6.001/templates/clusterrole.yaml | 156 + .../3.6.001/templates/clusterrolebinding.yaml | 21 + .../3.6.001/templates/crds.yaml | 6 + .../3.6.001/templates/deployment.yaml | 62 + .../templates/loggings/eks/logging.yaml | 44 + .../loggings/k3s/logging-k3s-openrc.yaml | 47 + .../loggings/k3s/logging-k3s-systemd.yaml | 47 + .../templates/loggings/rke/configmap.yaml | 26 + .../templates/loggings/rke/daemonset.yaml | 52 + .../templates/loggings/rke/logging-rke.yaml | 48 + .../templates/loggings/rke2/configmap.yaml | 18 + .../templates/loggings/rke2/daemonset.yaml | 41 + .../rke2/logging-rke2-containers.yaml | 45 + .../loggings/rke2/logging-rke2-journald.yaml | 45 + .../templates/loggings/root/logging.yaml | 38 + .../3.6.001/templates/psp.yaml | 32 + .../3.6.001/templates/service.yaml | 20 + .../3.6.001/templates/serviceMonitor.yaml | 19 + .../3.6.001/templates/serviceaccount.yaml | 13 + .../3.6.001/templates/userroles.yaml | 35 + .../templates/validate-install-crd.yaml | 18 + .../rancher-logging/3.6.001/values.yaml | 129 + .../rancher-logging/3.8.201/.helmignore | 22 + .../rancher-logging/3.8.201/Chart.yaml | 20 + .../rancher-logging/3.8.201/README.md | 129 + .../rancher-logging/3.8.201/app-readme.md | 22 + .../3.8.201/templates/NOTES.txt | 0 .../3.8.201/templates/_helpers.tpl | 66 + .../3.8.201/templates/clusterrole.yaml | 161 + .../3.8.201/templates/clusterrolebinding.yaml | 21 + .../3.8.201/templates/crds.yaml | 6 + .../3.8.201/templates/deployment.yaml | 62 + .../templates/loggings/aks/logging.yaml | 39 + .../templates/loggings/eks/logging.yaml | 40 + .../templates/loggings/gke/logging.yaml | 39 + .../loggings/k3s/logging-k3s-openrc.yaml | 47 + .../loggings/k3s/logging-k3s-systemd.yaml | 47 + .../templates/loggings/rke/configmap.yaml | 26 + .../templates/loggings/rke/daemonset.yaml | 52 + .../templates/loggings/rke/logging-rke.yaml | 48 + .../templates/loggings/rke2/configmap.yaml | 18 + .../templates/loggings/rke2/daemonset.yaml | 41 + .../rke2/logging-rke2-containers.yaml | 45 + .../loggings/rke2/logging-rke2-journald.yaml | 45 + .../templates/loggings/root/logging.yaml | 38 + .../3.8.201/templates/psp.yaml | 32 + .../3.8.201/templates/service.yaml | 20 + .../3.8.201/templates/serviceMonitor.yaml | 19 + .../3.8.201/templates/serviceaccount.yaml | 13 + .../3.8.201/templates/userroles.yaml | 35 + .../templates/validate-install-crd.yaml | 18 + .../rancher-logging/3.8.201/values.yaml | 130 + .../rancher-logging/3.9.000/.helmignore | 22 + .../rancher-logging/3.9.000/Chart.yaml | 20 + .../rancher-logging/3.9.000/README.md | 129 + .../rancher-logging/3.9.000/app-readme.md | 22 + .../3.9.000/templates/NOTES.txt | 0 .../3.9.000/templates/_helpers.tpl | 66 + .../3.9.000/templates/clusterrole.yaml | 167 + .../3.9.000/templates/clusterrolebinding.yaml | 18 + .../3.9.000/templates/crds.yaml | 6 + .../3.9.000/templates/deployment.yaml | 62 + .../templates/loggings/aks/logging.yaml | 55 + .../templates/loggings/eks/logging.yaml | 56 + .../templates/loggings/gke/logging.yaml | 55 + .../loggings/k3s/logging-k3s-openrc.yaml | 65 + .../loggings/k3s/logging-k3s-systemd.yaml | 65 + .../templates/loggings/rke/configmap.yaml | 26 + .../templates/loggings/rke/daemonset.yaml | 127 + .../templates/loggings/rke/logging-rke.yaml | 70 + .../templates/loggings/rke2/configmap.yaml | 18 + .../templates/loggings/rke2/daemonset.yaml | 101 + .../rke2/logging-rke2-containers.yaml | 63 + .../loggings/rke2/logging-rke2-journald.yaml | 63 + .../templates/loggings/root/logging.yaml | 64 + .../3.9.000/templates/psp.yaml | 33 + .../3.9.000/templates/service.yaml | 20 + .../3.9.000/templates/serviceMonitor.yaml | 30 + .../3.9.000/templates/serviceaccount.yaml | 10 + .../3.9.000/templates/userroles.yaml | 35 + .../templates/validate-install-crd.yaml | 18 + .../3.9.000/templates/validate-install.yaml | 5 + .../rancher-logging/3.9.000/values.yaml | 149 + .../rancher-logging/3.9.001/.helmignore | 22 + .../rancher-logging/3.9.001/Chart.yaml | 20 + .../rancher-logging/3.9.001/README.md | 129 + .../rancher-logging/3.9.001/app-readme.md | 22 + .../3.9.001/templates/NOTES.txt | 0 .../3.9.001/templates/_helpers.tpl | 66 + .../3.9.001/templates/clusterrole.yaml | 167 + .../3.9.001/templates/clusterrolebinding.yaml | 18 + .../3.9.001/templates/crds.yaml | 6 + .../3.9.001/templates/deployment.yaml | 62 + .../templates/loggings/aks/logging.yaml | 55 + .../templates/loggings/eks/logging.yaml | 56 + .../templates/loggings/gke/logging.yaml | 55 + .../loggings/k3s/logging-k3s-openrc.yaml | 65 + .../loggings/k3s/logging-k3s-systemd.yaml | 65 + .../templates/loggings/rke/configmap.yaml | 29 + .../templates/loggings/rke/daemonset.yaml | 119 + .../templates/loggings/rke2/configmap.yaml | 21 + .../templates/loggings/rke2/daemonset.yaml | 93 + .../rke2/logging-rke2-containers.yaml | 63 + .../templates/loggings/root/logging.yaml | 64 + .../3.9.001/templates/psp.yaml | 33 + .../3.9.001/templates/service.yaml | 20 + .../3.9.001/templates/serviceMonitor.yaml | 30 + .../3.9.001/templates/serviceaccount.yaml | 10 + .../3.9.001/templates/userroles.yaml | 35 + .../templates/validate-install-crd.yaml | 18 + .../3.9.001/templates/validate-install.yaml | 5 + .../rancher-logging/3.9.001/values.yaml | 149 + .../rancher-logging/3.9.002/.helmignore | 22 + .../rancher-logging/3.9.002/Chart.yaml | 20 + .../rancher-logging/3.9.002/README.md | 130 + .../rancher-logging/3.9.002/app-readme.md | 22 + .../3.9.002/templates/NOTES.txt | 0 .../3.9.002/templates/_helpers.tpl | 66 + .../3.9.002/templates/clusterrole.yaml | 167 + .../3.9.002/templates/clusterrolebinding.yaml | 18 + .../3.9.002/templates/crds.yaml | 6 + .../3.9.002/templates/deployment.yaml | 62 + .../templates/loggings/aks/logging.yaml | 58 + .../templates/loggings/eks/logging.yaml | 59 + .../templates/loggings/gke/logging.yaml | 58 + .../loggings/k3s/logging-k3s-openrc.yaml | 68 + .../loggings/k3s/logging-k3s-systemd.yaml | 68 + .../templates/loggings/rke/configmap.yaml | 29 + .../templates/loggings/rke/daemonset.yaml | 124 + .../templates/loggings/rke2/configmap.yaml | 21 + .../templates/loggings/rke2/daemonset.yaml | 104 + .../rke2/logging-rke2-containers.yaml | 73 + .../templates/loggings/root/logging.yaml | 74 + .../3.9.002/templates/psp.yaml | 33 + .../3.9.002/templates/service.yaml | 20 + .../3.9.002/templates/serviceMonitor.yaml | 30 + .../3.9.002/templates/serviceaccount.yaml | 10 + .../3.9.002/templates/userroles.yaml | 35 + .../templates/validate-install-crd.yaml | 18 + .../3.9.002/templates/validate-install.yaml | 5 + .../rancher-logging/3.9.002/values.yaml | 156 + .../rancher-logging/3.9.400/.helmignore | 22 + .../rancher-logging/3.9.400/Chart.yaml | 19 + .../rancher-logging/3.9.400/README.md | 131 + .../rancher-logging/3.9.400/app-readme.md | 22 + .../3.9.400/templates/NOTES.txt | 0 .../3.9.400/templates/_helpers.tpl | 66 + .../3.9.400/templates/clusterrole.yaml | 167 + .../3.9.400/templates/clusterrolebinding.yaml | 18 + .../3.9.400/templates/crds.yaml | 6 + .../3.9.400/templates/deployment.yaml | 68 + .../templates/loggings/aks/logging.yaml | 58 + .../templates/loggings/eks/logging.yaml | 59 + .../templates/loggings/gke/logging.yaml | 58 + .../loggings/k3s/logging-k3s-openrc.yaml | 68 + .../loggings/k3s/logging-k3s-systemd.yaml | 68 + .../templates/loggings/rke/configmap.yaml | 29 + .../templates/loggings/rke/daemonset.yaml | 124 + .../templates/loggings/rke2/configmap.yaml | 22 + .../templates/loggings/rke2/daemonset.yaml | 110 + .../rke2/logging-rke2-containers.yaml | 73 + .../templates/loggings/root/logging.yaml | 111 + .../3.9.400/templates/psp.yaml | 33 + .../3.9.400/templates/service.yaml | 20 + .../3.9.400/templates/serviceMonitor.yaml | 30 + .../3.9.400/templates/serviceaccount.yaml | 10 + .../3.9.400/templates/userroles.yaml | 35 + .../templates/validate-install-crd.yaml | 18 + .../3.9.400/templates/validate-install.yaml | 5 + .../rancher-logging/3.9.400/values.yaml | 171 + .../14.5.100/Chart.yaml | 10 + .../rancher-monitoring-crd/14.5.100/README.md | 2 + .../crd-manifest/crd-alertmanagerconfigs.yaml | 1869 +++++ .../crd-manifest/crd-alertmanagers.yaml | 3218 ++++++++ .../crd-manifest/crd-podmonitors.yaml | 358 + .../14.5.100/crd-manifest/crd-probes.yaml | 202 + .../crd-manifest/crd-prometheuses.yaml | 4432 ++++++++++ .../crd-manifest/crd-prometheusrules.yaml | 90 + .../crd-manifest/crd-servicemonitors.yaml | 375 + .../crd-manifest/crd-thanosrulers.yaml | 3342 ++++++++ .../14.5.100/templates/_helpers.tpl | 29 + .../14.5.100/templates/jobs.yaml | 110 + .../14.5.100/templates/manifest.yaml | 14 + .../14.5.100/templates/rbac.yaml | 72 + .../14.5.100/values.yaml | 11 + .../rancher-monitoring-crd/9.4.200/Chart.yaml | 10 + .../rancher-monitoring-crd/9.4.200/README.md | 2 + .../crd-manifest/crd-alertmanager.yaml | 4500 +++++++++++ .../9.4.200/crd-manifest/crd-podmonitor.yaml | 260 + .../9.4.200/crd-manifest/crd-prometheus.yaml | 6002 ++++++++++++++ .../crd-manifest/crd-prometheusrules.yaml | 91 + .../crd-manifest/crd-servicemonitor.yaml | 459 ++ .../crd-manifest/crd-thanosrulers.yaml | 4725 +++++++++++ .../9.4.200/templates/_helpers.tpl | 7 + .../9.4.200/templates/jobs.yaml | 92 + .../9.4.200/templates/manifest.yaml | 14 + .../9.4.200/templates/rbac.yaml | 35 + .../9.4.200/values.yaml | 11 + .../rancher-monitoring-crd/9.4.201/Chart.yaml | 10 + .../rancher-monitoring-crd/9.4.201/README.md | 2 + .../crd-manifest/crd-alertmanager.yaml | 4500 +++++++++++ .../9.4.201/crd-manifest/crd-podmonitor.yaml | 260 + .../9.4.201/crd-manifest/crd-prometheus.yaml | 6002 ++++++++++++++ .../crd-manifest/crd-prometheusrules.yaml | 91 + .../crd-manifest/crd-servicemonitor.yaml | 459 ++ .../crd-manifest/crd-thanosrulers.yaml | 4725 +++++++++++ .../9.4.201/templates/_helpers.tpl | 7 + .../9.4.201/templates/jobs.yaml | 92 + .../9.4.201/templates/manifest.yaml | 14 + .../9.4.201/templates/rbac.yaml | 35 + .../9.4.201/values.yaml | 11 + .../rancher-monitoring-crd/9.4.202/Chart.yaml | 10 + .../rancher-monitoring-crd/9.4.202/README.md | 2 + .../crd-manifest/crd-alertmanager.yaml | 4500 +++++++++++ .../9.4.202/crd-manifest/crd-podmonitor.yaml | 260 + .../9.4.202/crd-manifest/crd-prometheus.yaml | 6002 ++++++++++++++ .../crd-manifest/crd-prometheusrules.yaml | 91 + .../crd-manifest/crd-servicemonitor.yaml | 459 ++ .../crd-manifest/crd-thanosrulers.yaml | 4725 +++++++++++ .../9.4.202/templates/_helpers.tpl | 7 + .../9.4.202/templates/jobs.yaml | 92 + .../9.4.202/templates/manifest.yaml | 14 + .../9.4.202/templates/rbac.yaml | 72 + .../9.4.202/values.yaml | 11 + .../rancher-monitoring-crd/9.4.203/Chart.yaml | 10 + .../rancher-monitoring-crd/9.4.203/README.md | 2 + .../crd-manifest/crd-alertmanager.yaml | 4500 +++++++++++ .../9.4.203/crd-manifest/crd-podmonitor.yaml | 260 + .../9.4.203/crd-manifest/crd-prometheus.yaml | 6002 ++++++++++++++ .../crd-manifest/crd-prometheusrules.yaml | 91 + .../crd-manifest/crd-servicemonitor.yaml | 459 ++ .../crd-manifest/crd-thanosrulers.yaml | 4725 +++++++++++ .../9.4.203/templates/_helpers.tpl | 7 + .../9.4.203/templates/jobs.yaml | 92 + .../9.4.203/templates/manifest.yaml | 14 + .../9.4.203/templates/rbac.yaml | 72 + .../9.4.203/values.yaml | 11 + .../rancher-monitoring-crd/9.4.204/Chart.yaml | 10 + .../rancher-monitoring-crd/9.4.204/README.md | 2 + .../crd-manifest/crd-alertmanager.yaml | 4500 +++++++++++ .../9.4.204/crd-manifest/crd-podmonitor.yaml | 260 + .../9.4.204/crd-manifest/crd-prometheus.yaml | 6002 ++++++++++++++ .../crd-manifest/crd-prometheusrules.yaml | 91 + .../crd-manifest/crd-servicemonitor.yaml | 459 ++ .../crd-manifest/crd-thanosrulers.yaml | 4725 +++++++++++ .../9.4.204/templates/_helpers.tpl | 29 + .../9.4.204/templates/jobs.yaml | 96 + .../9.4.204/templates/manifest.yaml | 14 + .../9.4.204/templates/rbac.yaml | 72 + .../9.4.204/values.yaml | 11 + .../rancher-monitoring/14.5.100/.helmignore | 26 + .../rancher-monitoring/14.5.100/CHANGELOG.md | 47 + .../14.5.100/CONTRIBUTING.md | 12 + .../rancher-monitoring/14.5.100/Chart.yaml | 103 + .../rancher-monitoring/14.5.100/README.md | 455 ++ .../rancher-monitoring/14.5.100/app-README.md | 15 + .../14.5.100/charts/grafana/.helmignore | 23 + .../14.5.100/charts/grafana/Chart.yaml | 28 + .../14.5.100/charts/grafana/README.md | 514 ++ .../grafana/dashboards/custom-dashboard.json | 1 + .../charts/grafana/templates/NOTES.txt | 54 + .../charts/grafana/templates/_helpers.tpl | 145 + .../charts/grafana/templates/_pod.tpl | 496 ++ .../charts/grafana/templates/clusterrole.yaml | 25 + .../grafana/templates/clusterrolebinding.yaml | 24 + .../configmap-dashboard-provider.yaml | 29 + .../charts/grafana/templates/configmap.yaml | 80 + .../templates/dashboards-json-configmap.yaml | 35 + .../charts/grafana/templates/deployment.yaml | 48 + .../grafana/templates/headless-service.yaml | 18 + .../templates/image-renderer-deployment.yaml | 117 + .../image-renderer-network-policy.yaml | 76 + .../templates/image-renderer-service.yaml | 28 + .../charts/grafana/templates/ingress.yaml | 80 + .../grafana/templates/nginx-config.yaml | 75 + .../templates/poddisruptionbudget.yaml | 22 + .../grafana/templates/podsecuritypolicy.yaml | 49 + .../charts/grafana/templates/pvc.yaml | 33 + .../charts/grafana/templates/role.yaml | 32 + .../charts/grafana/templates/rolebinding.yaml | 25 + .../charts/grafana/templates/secret-env.yaml | 14 + .../charts/grafana/templates/secret.yaml | 22 + .../charts/grafana/templates/service.yaml | 50 + .../grafana/templates/serviceaccount.yaml | 13 + .../grafana/templates/servicemonitor.yaml | 40 + .../charts/grafana/templates/statefulset.yaml | 52 + .../templates/tests/test-configmap.yaml | 17 + .../tests/test-podsecuritypolicy.yaml | 30 + .../grafana/templates/tests/test-role.yaml | 14 + .../templates/tests/test-rolebinding.yaml | 17 + .../templates/tests/test-serviceaccount.yaml | 9 + .../charts/grafana/templates/tests/test.yaml | 48 + .../14.5.100/charts/grafana/values.yaml | 732 ++ .../14.5.100/charts/k3sServer/.helmignore | 23 + .../14.5.100/charts/k3sServer/Chart.yaml | 13 + .../14.5.100/charts/k3sServer/README.md | 54 + .../charts/k3sServer/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../k3sServer/templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../k3sServer/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../14.5.100/charts/k3sServer/values.yaml | 86 + .../charts/kube-state-metrics/.helmignore | 21 + .../charts/kube-state-metrics/Chart.yaml | 24 + .../charts/kube-state-metrics/LICENSE | 202 + .../charts/kube-state-metrics/README.md | 66 + .../kube-state-metrics/templates/NOTES.txt | 10 + .../kube-state-metrics/templates/_helpers.tpl | 76 + .../templates/clusterrolebinding.yaml | 23 + .../templates/deployment.yaml | 217 + .../templates/kubeconfig-secret.yaml | 15 + .../kube-state-metrics/templates/pdb.yaml | 20 + .../templates/podsecuritypolicy.yaml | 42 + .../templates/psp-clusterrole.yaml | 22 + .../templates/psp-clusterrolebinding.yaml | 19 + .../kube-state-metrics/templates/role.yaml | 192 + .../templates/rolebinding.yaml | 27 + .../kube-state-metrics/templates/service.yaml | 42 + .../templates/serviceaccount.yaml | 18 + .../templates/servicemonitor.yaml | 34 + .../templates/stsdiscovery-role.yaml | 29 + .../templates/stsdiscovery-rolebinding.yaml | 20 + .../charts/kube-state-metrics/values.yaml | 184 + .../kubeAdmControllerManager/.helmignore | 23 + .../kubeAdmControllerManager/Chart.yaml | 13 + .../charts/kubeAdmControllerManager/README.md | 54 + .../templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../kubeAdmControllerManager/values.yaml | 86 + .../14.5.100/charts/kubeAdmEtcd/.helmignore | 23 + .../14.5.100/charts/kubeAdmEtcd/Chart.yaml | 13 + .../14.5.100/charts/kubeAdmEtcd/README.md | 54 + .../charts/kubeAdmEtcd/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../kubeAdmEtcd/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../14.5.100/charts/kubeAdmEtcd/values.yaml | 86 + .../14.5.100/charts/kubeAdmProxy/.helmignore | 23 + .../14.5.100/charts/kubeAdmProxy/Chart.yaml | 13 + .../14.5.100/charts/kubeAdmProxy/README.md | 54 + .../kubeAdmProxy/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../14.5.100/charts/kubeAdmProxy/values.yaml | 86 + .../charts/kubeAdmScheduler/.helmignore | 23 + .../charts/kubeAdmScheduler/Chart.yaml | 13 + .../charts/kubeAdmScheduler/README.md | 54 + .../kubeAdmScheduler/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../charts/kubeAdmScheduler/values.yaml | 86 + .../charts/prometheus-adapter/.helmignore | 21 + .../charts/prometheus-adapter/Chart.yaml | 26 + .../charts/prometheus-adapter/README.md | 147 + .../prometheus-adapter/templates/NOTES.txt | 9 + .../prometheus-adapter/templates/_helpers.tpl | 72 + .../templates/certmanager.yaml | 48 + .../cluster-role-binding-auth-delegator.yaml | 19 + .../cluster-role-binding-resource-reader.yaml | 19 + .../cluster-role-resource-reader.yaml | 23 + .../templates/configmap.yaml | 96 + .../templates/custom-metrics-apiservice.yaml | 32 + ...stom-metrics-cluster-role-binding-hpa.yaml | 23 + .../custom-metrics-cluster-role.yaml | 16 + .../templates/deployment.yaml | 135 + .../external-metrics-apiservice.yaml | 32 + ...rnal-metrics-cluster-role-binding-hpa.yaml | 19 + .../external-metrics-cluster-role.yaml | 20 + .../prometheus-adapter/templates/pdb.yaml | 22 + .../prometheus-adapter/templates/psp.yaml | 68 + .../resource-metrics-apiservice.yaml | 32 + ...resource-metrics-cluster-role-binding.yaml | 19 + .../resource-metrics-cluster-role.yaml | 22 + .../templates/role-binding-auth-reader.yaml | 20 + .../prometheus-adapter/templates/secret.yaml | 15 + .../prometheus-adapter/templates/service.yaml | 22 + .../templates/serviceaccount.yaml | 12 + .../charts/prometheus-adapter/values.yaml | 180 + .../prometheus-node-exporter/.helmignore | 21 + .../prometheus-node-exporter/Chart.yaml | 23 + .../charts/prometheus-node-exporter/README.md | 63 + .../templates/NOTES.txt | 15 + .../templates/_helpers.tpl | 95 + .../templates/daemonset.yaml | 183 + .../templates/endpoints.yaml | 18 + .../templates/monitor.yaml | 32 + .../templates/psp-clusterrole.yaml | 15 + .../templates/psp-clusterrolebinding.yaml | 17 + .../templates/psp.yaml | 52 + .../templates/service.yaml | 23 + .../templates/serviceaccount.yaml | 18 + .../prometheus-node-exporter/values.yaml | 177 + .../charts/rke2ControllerManager/.helmignore | 23 + .../charts/rke2ControllerManager/Chart.yaml | 13 + .../charts/rke2ControllerManager/README.md | 54 + .../templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../charts/rke2ControllerManager/values.yaml | 86 + .../14.5.100/charts/rke2Etcd/.helmignore | 23 + .../14.5.100/charts/rke2Etcd/Chart.yaml | 13 + .../14.5.100/charts/rke2Etcd/README.md | 54 + .../charts/rke2Etcd/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../rke2Etcd/templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../rke2Etcd/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../14.5.100/charts/rke2Etcd/values.yaml | 86 + .../14.5.100/charts/rke2Proxy/.helmignore | 23 + .../14.5.100/charts/rke2Proxy/Chart.yaml | 13 + .../14.5.100/charts/rke2Proxy/README.md | 54 + .../charts/rke2Proxy/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../rke2Proxy/templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../rke2Proxy/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../14.5.100/charts/rke2Proxy/values.yaml | 86 + .../14.5.100/charts/rke2Scheduler/.helmignore | 23 + .../14.5.100/charts/rke2Scheduler/Chart.yaml | 13 + .../14.5.100/charts/rke2Scheduler/README.md | 54 + .../rke2Scheduler/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../14.5.100/charts/rke2Scheduler/values.yaml | 86 + .../charts/rkeControllerManager/.helmignore | 23 + .../charts/rkeControllerManager/Chart.yaml | 13 + .../charts/rkeControllerManager/README.md | 54 + .../templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../charts/rkeControllerManager/values.yaml | 86 + .../14.5.100/charts/rkeEtcd/.helmignore | 23 + .../14.5.100/charts/rkeEtcd/Chart.yaml | 13 + .../14.5.100/charts/rkeEtcd/README.md | 54 + .../charts/rkeEtcd/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../rkeEtcd/templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../rkeEtcd/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../14.5.100/charts/rkeEtcd/values.yaml | 86 + .../14.5.100/charts/rkeProxy/.helmignore | 23 + .../14.5.100/charts/rkeProxy/Chart.yaml | 13 + .../14.5.100/charts/rkeProxy/README.md | 54 + .../charts/rkeProxy/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../rkeProxy/templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../rkeProxy/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../14.5.100/charts/rkeProxy/values.yaml | 86 + .../14.5.100/charts/rkeScheduler/.helmignore | 23 + .../14.5.100/charts/rkeScheduler/Chart.yaml | 13 + .../14.5.100/charts/rkeScheduler/README.md | 54 + .../rkeScheduler/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../14.5.100/charts/rkeScheduler/values.yaml | 86 + .../charts/windowsExporter/.helmignore | 23 + .../charts/windowsExporter/Chart.yaml | 15 + .../14.5.100/charts/windowsExporter/README.md | 17 + .../scripts/check-wins-version.ps1 | 20 + .../windowsExporter/scripts/copy-binary.ps1 | 40 + .../windowsExporter/scripts/proxy-entry.ps1 | 11 + .../charts/windowsExporter/scripts/run.ps1 | 44 + .../windowsExporter/templates/_helpers.tpl | 64 + .../windowsExporter/templates/configmap.yaml | 8 + .../windowsExporter/templates/daemonset.yaml | 74 + .../windowsExporter/templates/rbac.yaml | 78 + .../windowsExporter/templates/service.yaml | 15 + .../templates/servicemonitor.yaml | 44 + .../charts/windowsExporter/values.yaml | 44 + .../14.5.100/files/ingress-nginx/nginx.json | 1463 ++++ .../request-handling-performance.json | 981 +++ .../cluster/rancher-cluster-nodes.json | 776 ++ .../rancher/cluster/rancher-cluster.json | 759 ++ .../rancher/etcd/etcd-metrics-detail.json | 662 ++ .../rancher/etcd/etcd-metrics-summary.json | 662 ++ .../rancher-default-home-with-windows.json | 1275 +++ .../rancher/home/rancher-default-home.json | 1273 +++ .../kubernetes-components-metrics-detail.json | 508 ++ ...kubernetes-components-metrics-summary.json | 508 ++ .../files/rancher/k8s/rancher-etcd-nodes.json | 670 ++ .../files/rancher/k8s/rancher-etcd.json | 652 ++ .../k8s/rancher-k8s-components-nodes.json | 510 ++ .../rancher/k8s/rancher-k8s-components.json | 502 ++ .../rancher/linux/linux-metrics-detail.json | 768 ++ .../rancher/linux/linux-metrics-summary.json | 768 ++ .../rancher/nodes/rancher-node-detail.json | 789 ++ .../files/rancher/nodes/rancher-node.json | 776 ++ .../rancher/pods/rancher-pod-containers.json | 620 ++ .../files/rancher/pods/rancher-pod.json | 620 ++ .../files/rancher/rancher-default-home.json | 1275 +++ .../windows/windows-metrics-detail.json | 768 ++ .../windows/windows-metrics-summary.json | 768 ++ .../workloads/rancher-workload-pods.json | 636 ++ .../rancher/workloads/rancher-workload.json | 636 ++ .../14.5.100/templates/NOTES.txt | 4 + .../14.5.100/templates/_helpers.tpl | 200 + .../templates/alertmanager/alertmanager.yaml | 147 + .../templates/alertmanager/cleanupSecret.yaml | 88 + .../templates/alertmanager/ingress.yaml | 65 + .../alertmanager/ingressperreplica.yaml | 62 + .../alertmanager/podDisruptionBudget.yaml | 21 + .../templates/alertmanager/psp-role.yaml | 21 + .../alertmanager/psp-rolebinding.yaml | 18 + .../14.5.100/templates/alertmanager/psp.yaml | 52 + .../templates/alertmanager/secret.yaml | 166 + .../templates/alertmanager/service.yaml | 50 + .../alertmanager/serviceaccount.yaml | 16 + .../alertmanager/servicemonitor.yaml | 42 + .../alertmanager/serviceperreplica.yaml | 46 + .../templates/exporters/core-dns/service.yaml | 24 + .../exporters/core-dns/servicemonitor.yaml | 33 + .../kube-api-server/servicemonitor.yaml | 36 + .../kube-controller-manager/endpoints.yaml | 20 + .../kube-controller-manager/service.yaml | 27 + .../servicemonitor.yaml | 44 + .../templates/exporters/kube-dns/service.yaml | 28 + .../exporters/kube-dns/servicemonitor.yaml | 46 + .../exporters/kube-etcd/endpoints.yaml | 20 + .../exporters/kube-etcd/service.yaml | 27 + .../exporters/kube-etcd/servicemonitor.yaml | 50 + .../exporters/kube-proxy/endpoints.yaml | 20 + .../exporters/kube-proxy/service.yaml | 27 + .../exporters/kube-proxy/servicemonitor.yaml | 38 + .../exporters/kube-scheduler/endpoints.yaml | 20 + .../exporters/kube-scheduler/service.yaml | 27 + .../kube-scheduler/servicemonitor.yaml | 44 + .../kube-state-metrics/serviceMonitor.yaml | 34 + .../exporters/kubelet/servicemonitor.yaml | 151 + .../node-exporter/servicemonitor.yaml | 32 + .../grafana/configmap-dashboards.yaml | 24 + .../grafana/configmaps-datasources.yaml | 43 + .../grafana/dashboards-1.14/apiserver.yaml | 1747 ++++ .../dashboards-1.14/cluster-total.yaml | 1882 +++++ .../dashboards-1.14/controller-manager.yaml | 1153 +++ .../grafana/dashboards-1.14/etcd.yaml | 1118 +++ .../grafana/dashboards-1.14/k8s-coredns.yaml | 1529 ++++ .../k8s-resources-cluster.yaml | 2582 ++++++ .../k8s-resources-namespace.yaml | 2286 ++++++ .../dashboards-1.14/k8s-resources-node.yaml | 978 +++ .../dashboards-1.14/k8s-resources-pod.yaml | 1772 ++++ .../k8s-resources-workload.yaml | 2034 +++++ .../k8s-resources-workloads-namespace.yaml | 2195 +++++ .../grafana/dashboards-1.14/kubelet.yaml | 2533 ++++++ .../dashboards-1.14/namespace-by-pod.yaml | 1464 ++++ .../namespace-by-workload.yaml | 1736 ++++ .../node-cluster-rsrc-use.yaml | 964 +++ .../dashboards-1.14/node-rsrc-use.yaml | 991 +++ .../grafana/dashboards-1.14/nodes.yaml | 997 +++ .../persistentvolumesusage.yaml | 577 ++ .../grafana/dashboards-1.14/pod-total.yaml | 1228 +++ .../prometheus-remote-write.yaml | 1670 ++++ .../grafana/dashboards-1.14/prometheus.yaml | 1227 +++ .../grafana/dashboards-1.14/proxy.yaml | 1232 +++ .../grafana/dashboards-1.14/scheduler.yaml | 1076 +++ .../grafana/dashboards-1.14/statefulset.yaml | 928 +++ .../dashboards-1.14/workload-total.yaml | 1438 ++++ .../templates/grafana/dashboards/etcd.yaml | 1118 +++ .../dashboards/k8s-cluster-rsrc-use.yaml | 959 +++ .../grafana/dashboards/k8s-node-rsrc-use.yaml | 986 +++ .../dashboards/k8s-resources-cluster.yaml | 1479 ++++ .../dashboards/k8s-resources-namespace.yaml | 963 +++ .../grafana/dashboards/k8s-resources-pod.yaml | 1006 +++ .../dashboards/k8s-resources-workload.yaml | 936 +++ .../k8s-resources-workloads-namespace.yaml | 972 +++ .../templates/grafana/dashboards/nodes.yaml | 1383 ++++ .../dashboards/persistentvolumesusage.yaml | 573 ++ .../templates/grafana/dashboards/pods.yaml | 680 ++ .../grafana/dashboards/statefulset.yaml | 926 +++ .../templates/grafana/namespaces.yaml | 13 + .../templates/grafana/servicemonitor.yaml | 32 + .../job-patch/clusterrole.yaml | 33 + .../job-patch/clusterrolebinding.yaml | 20 + .../job-patch/job-createSecret.yaml | 65 + .../job-patch/job-patchWebhook.yaml | 66 + .../admission-webhooks/job-patch/psp.yaml | 54 + .../admission-webhooks/job-patch/role.yaml | 21 + .../job-patch/rolebinding.yaml | 21 + .../job-patch/serviceaccount.yaml | 15 + .../mutatingWebhookConfiguration.yaml | 41 + .../validatingWebhookConfiguration.yaml | 41 + .../prometheus-operator/certmanager.yaml | 57 + .../prometheus-operator/clusterrole.yaml | 80 + .../clusterrolebinding.yaml | 17 + .../prometheus-operator/deployment.yaml | 145 + .../prometheus-operator/psp-clusterrole.yaml | 20 + .../psp-clusterrolebinding.yaml | 17 + .../templates/prometheus-operator/psp.yaml | 51 + .../prometheus-operator/service.yaml | 55 + .../prometheus-operator/serviceaccount.yaml | 12 + .../prometheus-operator/servicemonitor.yaml | 44 + .../14.5.100/templates/prometheus/_rules.tpl | 38 + .../additionalAlertRelabelConfigs.yaml | 16 + .../additionalAlertmanagerConfigs.yaml | 16 + .../prometheus/additionalPrometheusRules.yaml | 40 + .../prometheus/additionalScrapeConfigs.yaml | 16 + .../templates/prometheus/clusterrole.yaml | 30 + .../prometheus/clusterrolebinding.yaml | 18 + .../templates/prometheus/ingress.yaml | 65 + .../prometheus/ingressThanosSidecar.yaml | 64 + .../prometheus/ingressperreplica.yaml | 62 + .../templates/prometheus/nginx-config.yaml | 66 + .../prometheus/podDisruptionBudget.yaml | 21 + .../templates/prometheus/podmonitors.yaml | 37 + .../templates/prometheus/prometheus.yaml | 319 + .../templates/prometheus/psp-clusterrole.yaml | 20 + .../prometheus/psp-clusterrolebinding.yaml | 18 + .../14.5.100/templates/prometheus/psp.yaml | 62 + .../rules-1.14/alertmanager.rules.yaml | 70 + .../templates/prometheus/rules-1.14/etcd.yaml | 181 + .../prometheus/rules-1.14/general.rules.yaml | 56 + .../prometheus/rules-1.14/k8s.rules.yaml | 117 + .../kube-apiserver-availability.rules.yaml | 160 + .../rules-1.14/kube-apiserver-slos.yaml | 95 + .../rules-1.14/kube-apiserver.rules.yaml | 358 + .../kube-prometheus-general.rules.yaml | 31 + .../kube-prometheus-node-recording.rules.yaml | 39 + .../rules-1.14/kube-scheduler.rules.yaml | 65 + .../rules-1.14/kube-state-metrics.yaml | 59 + .../prometheus/rules-1.14/kubelet.rules.yaml | 39 + .../rules-1.14/kubernetes-apps.yaml | 298 + .../rules-1.14/kubernetes-resources.yaml | 159 + .../rules-1.14/kubernetes-storage.yaml | 75 + .../kubernetes-system-apiserver.yaml | 98 + .../kubernetes-system-controller-manager.yaml | 43 + .../rules-1.14/kubernetes-system-kubelet.yaml | 188 + .../kubernetes-system-scheduler.yaml | 43 + .../rules-1.14/kubernetes-system.yaml | 55 + .../rules-1.14/node-exporter.rules.yaml | 79 + .../prometheus/rules-1.14/node-exporter.yaml | 262 + .../prometheus/rules-1.14/node-network.yaml | 37 + .../prometheus/rules-1.14/node.rules.yaml | 51 + .../rules-1.14/prometheus-operator.yaml | 113 + .../prometheus/rules-1.14/prometheus.yaml | 258 + .../prometheus/rules/alertmanager.rules.yaml | 63 + .../templates/prometheus/rules/etcd.yaml | 181 + .../prometheus/rules/general.rules.yaml | 56 + .../templates/prometheus/rules/k8s.rules.yaml | 83 + .../rules/kube-apiserver.rules.yaml | 39 + .../kube-prometheus-node-alerting.rules.yaml | 47 + .../kube-prometheus-node-recording.rules.yaml | 41 + .../rules/kube-scheduler.rules.yaml | 65 + .../prometheus/rules/kubernetes-absent.yaml | 159 + .../prometheus/rules/kubernetes-apps.yaml | 200 + .../rules/kubernetes-resources.yaml | 121 + .../prometheus/rules/kubernetes-storage.yaml | 72 + .../prometheus/rules/kubernetes-system.yaml | 184 + .../prometheus/rules/node-network.yaml | 57 + .../templates/prometheus/rules/node-time.yaml | 37 + .../prometheus/rules/node.rules.yaml | 202 + .../prometheus/rules/prometheus-operator.yaml | 49 + .../prometheus/rules/prometheus.rules.yaml | 139 + .../templates/prometheus/service.yaml | 60 + .../prometheus/serviceThanosSidecar.yaml | 30 + .../templates/prometheus/serviceaccount.yaml | 16 + .../templates/prometheus/servicemonitor.yaml | 42 + .../templates/prometheus/servicemonitors.yaml | 38 + .../prometheus/serviceperreplica.yaml | 46 + .../rancher-monitoring/clusterrole.yaml | 131 + .../rancher-monitoring/config-role.yaml | 48 + .../rancher-monitoring/dashboard-role.yaml | 47 + .../addons/ingress-nginx-dashboard.yaml | 18 + .../rancher/cluster-dashboards.yaml | 17 + .../dashboards/rancher/default-dashboard.yaml | 17 + .../dashboards/rancher/etcd-dashboards.yaml | 17 + .../dashboards/rancher/k8s-dashboards.yaml | 17 + .../dashboards/rancher/linux-dashboards.yaml | 17 + .../dashboards/rancher/nodes-dashboards.yaml | 17 + .../dashboards/rancher/pods-dashboards.yaml | 17 + .../rancher/windows-dashboards.yaml | 17 + .../rancher/workload-dashboards.yaml | 17 + .../rancher-monitoring/default-dashboard.yaml | 17 + .../exporters/ingress-nginx/service.yaml | 24 + .../ingress-nginx/servicemonitor.yaml | 33 + .../rancher-monitoring/hardened.yaml | 124 + .../ingress-nginx-dashboard.yaml | 18 + .../templates/validate-install-crd.yaml | 21 + .../rancher-monitoring/14.5.100/values.yaml | 2954 +++++++ .../rancher-monitoring/9.4.200/.helmignore | 26 + .../rancher-monitoring/9.4.200/CHANGELOG.md | 46 + .../9.4.200/CONTRIBUTING.md | 12 + .../rancher-monitoring/9.4.200/Chart.yaml | 42 + .../rancher-monitoring/9.4.200/README.md | 348 + .../rancher-monitoring/9.4.200/app-README.md | 16 + .../9.4.200/charts/grafana/.helmignore | 23 + .../9.4.200/charts/grafana/Chart.yaml | 17 + .../9.4.200/charts/grafana/README.md | 424 + .../grafana/dashboards/custom-dashboard.json | 1 + .../charts/grafana/templates/NOTES.txt | 54 + .../charts/grafana/templates/_helpers.tpl | 82 + .../9.4.200/charts/grafana/templates/_pod.tpl | 447 ++ .../charts/grafana/templates/clusterrole.yaml | 25 + .../grafana/templates/clusterrolebinding.yaml | 20 + .../configmap-dashboard-provider.yaml | 25 + .../charts/grafana/templates/configmap.yaml | 69 + .../templates/dashboards-json-configmap.yaml | 35 + .../charts/grafana/templates/deployment.yaml | 47 + .../grafana/templates/headless-service.yaml | 18 + .../charts/grafana/templates/ingress.yaml | 55 + .../grafana/templates/nginx-config.yaml | 75 + .../templates/poddisruptionbudget.yaml | 22 + .../grafana/templates/podsecuritypolicy.yaml | 52 + .../9.4.200/charts/grafana/templates/pvc.yaml | 28 + .../charts/grafana/templates/role.yaml | 32 + .../charts/grafana/templates/rolebinding.yaml | 21 + .../charts/grafana/templates/secret-env.yaml | 14 + .../charts/grafana/templates/secret.yaml | 22 + .../charts/grafana/templates/service.yaml | 50 + .../grafana/templates/serviceaccount.yaml | 13 + .../grafana/templates/servicemonitor.yaml | 36 + .../charts/grafana/templates/statefulset.yaml | 47 + .../templates/tests/test-configmap.yaml | 17 + .../tests/test-podsecuritypolicy.yaml | 29 + .../grafana/templates/tests/test-role.yaml | 14 + .../templates/tests/test-rolebinding.yaml | 17 + .../templates/tests/test-serviceaccount.yaml | 9 + .../charts/grafana/templates/tests/test.yaml | 48 + .../9.4.200/charts/grafana/values.yaml | 552 ++ .../charts/kube-state-metrics/.helmignore | 21 + .../charts/kube-state-metrics/Chart.yaml | 20 + .../charts/kube-state-metrics/README.md | 80 + .../kube-state-metrics/templates/NOTES.txt | 10 + .../kube-state-metrics/templates/_helpers.tpl | 47 + .../templates/clusterrole.yaml | 180 + .../templates/clusterrolebinding.yaml | 19 + .../templates/deployment.yaml | 192 + .../kube-state-metrics/templates/pdb.yaml | 17 + .../templates/podsecuritypolicy.yaml | 42 + .../templates/psp-clusterrole.yaml | 22 + .../templates/psp-clusterrolebinding.yaml | 19 + .../kube-state-metrics/templates/service.yaml | 36 + .../templates/serviceaccount.yaml | 18 + .../templates/servicemonitor.yaml | 25 + .../templates/stsdiscovery-role.yaml | 29 + .../templates/stsdiscovery-rolebinding.yaml | 20 + .../charts/kube-state-metrics/values.yaml | 156 + .../charts/prometheus-adapter/.helmignore | 21 + .../charts/prometheus-adapter/Chart.yaml | 20 + .../charts/prometheus-adapter/README.md | 160 + .../prometheus-adapter/templates/NOTES.txt | 9 + .../prometheus-adapter/templates/_helpers.tpl | 43 + ...r-auth-delegator-cluster-role-binding.yaml | 19 + ...cs-apiserver-auth-reader-role-binding.yaml | 19 + .../custom-metrics-apiserver-deployment.yaml | 120 + ...-resource-reader-cluster-role-binding.yaml | 19 + ...tom-metrics-apiserver-service-account.yaml | 11 + .../custom-metrics-apiserver-service.yaml | 21 + .../templates/custom-metrics-apiservice.yaml | 23 + .../custom-metrics-cluster-role.yaml | 16 + .../templates/custom-metrics-configmap.yaml | 95 + ...-metrics-resource-reader-cluster-role.yaml | 23 + .../external-metrics-apiservice.yaml | 23 + .../external-metrics-cluster-role.yaml | 20 + ...a-custom-metrics-cluster-role-binding.yaml | 19 + ...external-metrics-cluster-role-binding.yaml | 19 + .../resource-metrics-apiservice.yaml | 23 + ...resource-metrics-cluster-role-binding.yaml | 19 + .../resource-metrics-cluster-role.yaml | 22 + .../prometheus-adapter/templates/secret.yaml | 15 + .../charts/prometheus-adapter/values.yaml | 145 + .../prometheus-node-exporter/.helmignore | 21 + .../prometheus-node-exporter/Chart.yaml | 16 + .../charts/prometheus-node-exporter/README.md | 63 + .../templates/NOTES.txt | 15 + .../templates/_helpers.tpl | 66 + .../templates/daemonset.yaml | 151 + .../templates/endpoints.yaml | 18 + .../templates/monitor.yaml | 25 + .../templates/psp-clusterrole.yaml | 15 + .../templates/psp-clusterrolebinding.yaml | 17 + .../templates/psp.yaml | 52 + .../templates/service.yaml | 23 + .../templates/serviceaccount.yaml | 16 + .../prometheus-node-exporter/values.yaml | 141 + .../charts/rancher-pushprox/.helmignore | 23 + .../charts/rancher-pushprox/Chart.yaml | 13 + .../9.4.200/charts/rancher-pushprox/README.md | 54 + .../rancher-pushprox/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 134 + .../templates/pushprox-proxy.yaml | 49 + .../templates/pushprox-servicemonitor.yaml | 39 + .../charts/rancher-pushprox/values.yaml | 86 + .../9.4.200/requirements.lock | 60 + .../9.4.200/requirements.yaml | 108 + .../9.4.200/templates/NOTES.txt | 4 + .../9.4.200/templates/_helpers.tpl | 127 + .../templates/alertmanager/alertmanager.yaml | 118 + .../templates/alertmanager/cleanupSecret.yaml | 86 + .../templates/alertmanager/ingress.yaml | 53 + .../alertmanager/ingressperreplica.yaml | 53 + .../alertmanager/podDisruptionBudget.yaml | 21 + .../templates/alertmanager/psp-role.yaml | 21 + .../alertmanager/psp-rolebinding.yaml | 18 + .../9.4.200/templates/alertmanager/psp.yaml | 52 + .../templates/alertmanager/secret.yaml | 124 + .../templates/alertmanager/service.yaml | 47 + .../alertmanager/serviceaccount.yaml | 16 + .../alertmanager/servicemonitor.yaml | 33 + .../alertmanager/serviceperreplica.yaml | 46 + .../templates/exporters/core-dns/service.yaml | 24 + .../exporters/core-dns/servicemonitor.yaml | 33 + .../kube-api-server/servicemonitor.yaml | 36 + .../kube-controller-manager/endpoints.yaml | 20 + .../kube-controller-manager/service.yaml | 27 + .../servicemonitor.yaml | 44 + .../templates/exporters/kube-dns/service.yaml | 28 + .../exporters/kube-dns/servicemonitor.yaml | 46 + .../exporters/kube-etcd/endpoints.yaml | 20 + .../exporters/kube-etcd/service.yaml | 27 + .../exporters/kube-etcd/servicemonitor.yaml | 50 + .../exporters/kube-proxy/endpoints.yaml | 20 + .../exporters/kube-proxy/service.yaml | 27 + .../exporters/kube-proxy/servicemonitor.yaml | 38 + .../exporters/kube-scheduler/endpoints.yaml | 20 + .../exporters/kube-scheduler/service.yaml | 27 + .../kube-scheduler/servicemonitor.yaml | 44 + .../kube-state-metrics/serviceMonitor.yaml | 30 + .../exporters/kubelet/servicemonitor.yaml | 151 + .../node-exporter/servicemonitor.yaml | 32 + .../grafana/configmap-dashboards.yaml | 24 + .../grafana/configmaps-datasources.yaml | 38 + .../grafana/dashboards-1.14/apiserver.yaml | 1734 ++++ .../dashboards-1.14/cluster-total.yaml | 1841 +++++ .../dashboards-1.14/controller-manager.yaml | 1144 +++ .../grafana/dashboards-1.14/etcd.yaml | 1118 +++ .../grafana/dashboards-1.14/k8s-coredns.yaml | 1340 ++++ .../k8s-resources-cluster.yaml | 2582 ++++++ .../k8s-resources-namespace.yaml | 2286 ++++++ .../dashboards-1.14/k8s-resources-node.yaml | 978 +++ .../dashboards-1.14/k8s-resources-pod.yaml | 1772 ++++ .../k8s-resources-workload.yaml | 2034 +++++ .../k8s-resources-workloads-namespace.yaml | 2195 +++++ .../grafana/dashboards-1.14/kubelet.yaml | 2515 ++++++ .../dashboards-1.14/namespace-by-pod.yaml | 1429 ++++ .../namespace-by-workload.yaml | 1697 ++++ .../node-cluster-rsrc-use.yaml | 964 +++ .../dashboards-1.14/node-rsrc-use.yaml | 991 +++ .../grafana/dashboards-1.14/nodes.yaml | 994 +++ .../persistentvolumesusage.yaml | 575 ++ .../grafana/dashboards-1.14/pod-total.yaml | 1196 +++ .../prometheus-remote-write.yaml | 1655 ++++ .../grafana/dashboards-1.14/prometheus.yaml | 1227 +++ .../grafana/dashboards-1.14/proxy.yaml | 1222 +++ .../grafana/dashboards-1.14/scheduler.yaml | 1068 +++ .../grafana/dashboards-1.14/statefulset.yaml | 927 +++ .../dashboards-1.14/workload-total.yaml | 1402 ++++ .../templates/grafana/dashboards/etcd.yaml | 1118 +++ .../dashboards/k8s-cluster-rsrc-use.yaml | 959 +++ .../grafana/dashboards/k8s-node-rsrc-use.yaml | 986 +++ .../dashboards/k8s-resources-cluster.yaml | 1479 ++++ .../dashboards/k8s-resources-namespace.yaml | 963 +++ .../grafana/dashboards/k8s-resources-pod.yaml | 1006 +++ .../dashboards/k8s-resources-workload.yaml | 936 +++ .../k8s-resources-workloads-namespace.yaml | 972 +++ .../templates/grafana/dashboards/nodes.yaml | 1383 ++++ .../dashboards/persistentvolumesusage.yaml | 573 ++ .../templates/grafana/dashboards/pods.yaml | 680 ++ .../grafana/dashboards/statefulset.yaml | 926 +++ .../9.4.200/templates/grafana/namespaces.yaml | 10 + .../templates/grafana/servicemonitor.yaml | 32 + .../job-patch/clusterrole.yaml | 33 + .../job-patch/clusterrolebinding.yaml | 20 + .../job-patch/job-createSecret.yaml | 65 + .../job-patch/job-patchWebhook.yaml | 66 + .../admission-webhooks/job-patch/psp.yaml | 54 + .../admission-webhooks/job-patch/role.yaml | 21 + .../job-patch/rolebinding.yaml | 21 + .../job-patch/serviceaccount.yaml | 15 + .../mutatingWebhookConfiguration.yaml | 31 + .../validatingWebhookConfiguration.yaml | 31 + .../prometheus-operator/clusterrole.yaml | 79 + .../clusterrolebinding.yaml | 17 + .../prometheus-operator/deployment.yaml | 145 + .../prometheus-operator/psp-clusterrole.yaml | 20 + .../psp-clusterrolebinding.yaml | 17 + .../templates/prometheus-operator/psp.yaml | 51 + .../prometheus-operator/service.yaml | 53 + .../prometheus-operator/serviceaccount.yaml | 12 + .../prometheus-operator/servicemonitor.yaml | 32 + .../additionalAlertRelabelConfigs.yaml | 16 + .../additionalAlertmanagerConfigs.yaml | 16 + .../prometheus/additionalPrometheusRules.yaml | 40 + .../prometheus/additionalScrapeConfigs.yaml | 16 + .../templates/prometheus/clusterrole.yaml | 36 + .../prometheus/clusterrolebinding.yaml | 18 + .../9.4.200/templates/prometheus/ingress.yaml | 53 + .../prometheus/ingressThanosSidecar.yaml | 48 + .../prometheus/ingressperreplica.yaml | 53 + .../templates/prometheus/nginx-config.yaml | 66 + .../prometheus/podDisruptionBudget.yaml | 21 + .../templates/prometheus/podmonitors.yaml | 37 + .../templates/prometheus/prometheus.yaml | 260 + .../templates/prometheus/psp-clusterrole.yaml | 20 + .../prometheus/psp-clusterrolebinding.yaml | 18 + .../9.4.200/templates/prometheus/psp.yaml | 55 + .../rules-1.14/alertmanager.rules.yaml | 61 + .../templates/prometheus/rules-1.14/etcd.yaml | 157 + .../prometheus/rules-1.14/general.rules.yaml | 50 + .../prometheus/rules-1.14/k8s.rules.yaml | 121 + .../kube-apiserver-availability.rules.yaml | 158 + .../rules-1.14/kube-apiserver-slos.yaml | 79 + .../rules-1.14/kube-apiserver.rules.yaml | 363 + .../kube-prometheus-general.rules.yaml | 31 + .../kube-prometheus-node-recording.rules.yaml | 39 + .../rules-1.14/kube-scheduler.rules.yaml | 65 + .../rules-1.14/kube-state-metrics.yaml | 51 + .../prometheus/rules-1.14/kubelet.rules.yaml | 39 + .../rules-1.14/kubernetes-apps.yaml | 210 + .../rules-1.14/kubernetes-resources.yaml | 103 + .../rules-1.14/kubernetes-storage.yaml | 63 + .../kubernetes-system-apiserver.yaml | 66 + .../kubernetes-system-controller-manager.yaml | 39 + .../rules-1.14/kubernetes-system-kubelet.yaml | 91 + .../kubernetes-system-scheduler.yaml | 39 + .../rules-1.14/kubernetes-system.yaml | 47 + .../rules-1.14/node-exporter.rules.yaml | 79 + .../prometheus/rules-1.14/node-exporter.yaml | 210 + .../prometheus/rules-1.14/node-network.yaml | 34 + .../prometheus/rules-1.14/node.rules.yaml | 53 + .../rules-1.14/prometheus-operator.yaml | 57 + .../prometheus/rules-1.14/prometheus.yaml | 202 + .../prometheus/rules/alertmanager.rules.yaml | 54 + .../templates/prometheus/rules/etcd.yaml | 157 + .../prometheus/rules/general.rules.yaml | 50 + .../templates/prometheus/rules/k8s.rules.yaml | 83 + .../rules/kube-apiserver.rules.yaml | 39 + .../kube-prometheus-node-alerting.rules.yaml | 41 + .../kube-prometheus-node-recording.rules.yaml | 41 + .../rules/kube-scheduler.rules.yaml | 65 + .../prometheus/rules/kubernetes-absent.yaml | 129 + .../prometheus/rules/kubernetes-apps.yaml | 161 + .../rules/kubernetes-resources.yaml | 103 + .../prometheus/rules/kubernetes-storage.yaml | 63 + .../prometheus/rules/kubernetes-system.yaml | 145 + .../prometheus/rules/node-network.yaml | 48 + .../templates/prometheus/rules/node-time.yaml | 34 + .../prometheus/rules/node.rules.yaml | 202 + .../prometheus/rules/prometheus-operator.yaml | 43 + .../prometheus/rules/prometheus.rules.yaml | 109 + .../9.4.200/templates/prometheus/service.yaml | 52 + .../templates/prometheus/serviceaccount.yaml | 16 + .../templates/prometheus/servicemonitor.yaml | 42 + .../templates/prometheus/servicemonitors.yaml | 34 + .../prometheus/serviceperreplica.yaml | 46 + .../rancher-monitoring/clusterrole.yaml | 93 + .../rancher-monitoring/config-role.yaml | 48 + .../rancher-monitoring/dashboard-role.yaml | 47 + .../rancher-monitoring/default-dashboard.yaml | 1292 +++ .../templates/validate-install-crd.yaml | 19 + .../rancher-monitoring/9.4.200/values.yaml | 2604 ++++++ .../rancher-monitoring/9.4.201/.helmignore | 26 + .../rancher-monitoring/9.4.201/CHANGELOG.md | 47 + .../9.4.201/CONTRIBUTING.md | 12 + .../rancher-monitoring/9.4.201/Chart.yaml | 43 + .../rancher-monitoring/9.4.201/README.md | 346 + .../rancher-monitoring/9.4.201/app-README.md | 15 + .../9.4.201/charts/grafana/.helmignore | 23 + .../9.4.201/charts/grafana/Chart.yaml | 17 + .../9.4.201/charts/grafana/README.md | 424 + .../grafana/dashboards/custom-dashboard.json | 1 + .../charts/grafana/templates/NOTES.txt | 54 + .../charts/grafana/templates/_helpers.tpl | 82 + .../9.4.201/charts/grafana/templates/_pod.tpl | 448 ++ .../charts/grafana/templates/clusterrole.yaml | 25 + .../grafana/templates/clusterrolebinding.yaml | 20 + .../configmap-dashboard-provider.yaml | 25 + .../charts/grafana/templates/configmap.yaml | 69 + .../templates/dashboards-json-configmap.yaml | 35 + .../charts/grafana/templates/deployment.yaml | 47 + .../grafana/templates/headless-service.yaml | 18 + .../charts/grafana/templates/ingress.yaml | 55 + .../grafana/templates/nginx-config.yaml | 75 + .../templates/poddisruptionbudget.yaml | 22 + .../grafana/templates/podsecuritypolicy.yaml | 48 + .../9.4.201/charts/grafana/templates/pvc.yaml | 28 + .../charts/grafana/templates/role.yaml | 32 + .../charts/grafana/templates/rolebinding.yaml | 21 + .../charts/grafana/templates/secret-env.yaml | 14 + .../charts/grafana/templates/secret.yaml | 22 + .../charts/grafana/templates/service.yaml | 50 + .../grafana/templates/serviceaccount.yaml | 13 + .../grafana/templates/servicemonitor.yaml | 36 + .../charts/grafana/templates/statefulset.yaml | 47 + .../templates/tests/test-configmap.yaml | 17 + .../tests/test-podsecuritypolicy.yaml | 29 + .../grafana/templates/tests/test-role.yaml | 14 + .../templates/tests/test-rolebinding.yaml | 17 + .../templates/tests/test-serviceaccount.yaml | 9 + .../charts/grafana/templates/tests/test.yaml | 48 + .../9.4.201/charts/grafana/values.yaml | 562 ++ .../charts/kube-state-metrics/.helmignore | 21 + .../charts/kube-state-metrics/Chart.yaml | 20 + .../charts/kube-state-metrics/README.md | 80 + .../kube-state-metrics/templates/NOTES.txt | 10 + .../kube-state-metrics/templates/_helpers.tpl | 47 + .../templates/clusterrole.yaml | 180 + .../templates/clusterrolebinding.yaml | 19 + .../templates/deployment.yaml | 192 + .../kube-state-metrics/templates/pdb.yaml | 17 + .../templates/podsecuritypolicy.yaml | 42 + .../templates/psp-clusterrole.yaml | 22 + .../templates/psp-clusterrolebinding.yaml | 19 + .../kube-state-metrics/templates/service.yaml | 36 + .../templates/serviceaccount.yaml | 18 + .../templates/servicemonitor.yaml | 25 + .../templates/stsdiscovery-role.yaml | 29 + .../templates/stsdiscovery-rolebinding.yaml | 20 + .../charts/kube-state-metrics/values.yaml | 156 + .../charts/prometheus-adapter/.helmignore | 21 + .../charts/prometheus-adapter/Chart.yaml | 20 + .../charts/prometheus-adapter/README.md | 160 + .../prometheus-adapter/templates/NOTES.txt | 9 + .../prometheus-adapter/templates/_helpers.tpl | 43 + ...r-auth-delegator-cluster-role-binding.yaml | 19 + ...cs-apiserver-auth-reader-role-binding.yaml | 19 + .../custom-metrics-apiserver-deployment.yaml | 120 + ...-resource-reader-cluster-role-binding.yaml | 19 + ...tom-metrics-apiserver-service-account.yaml | 11 + .../custom-metrics-apiserver-service.yaml | 21 + .../templates/custom-metrics-apiservice.yaml | 23 + .../custom-metrics-cluster-role.yaml | 16 + .../templates/custom-metrics-configmap.yaml | 95 + ...-metrics-resource-reader-cluster-role.yaml | 23 + .../external-metrics-apiservice.yaml | 23 + .../external-metrics-cluster-role.yaml | 20 + ...a-custom-metrics-cluster-role-binding.yaml | 19 + ...external-metrics-cluster-role-binding.yaml | 19 + .../resource-metrics-apiservice.yaml | 23 + ...resource-metrics-cluster-role-binding.yaml | 19 + .../resource-metrics-cluster-role.yaml | 22 + .../prometheus-adapter/templates/secret.yaml | 15 + .../charts/prometheus-adapter/values.yaml | 145 + .../prometheus-node-exporter/.helmignore | 21 + .../prometheus-node-exporter/Chart.yaml | 16 + .../charts/prometheus-node-exporter/README.md | 63 + .../templates/NOTES.txt | 15 + .../templates/_helpers.tpl | 66 + .../templates/daemonset.yaml | 151 + .../templates/endpoints.yaml | 18 + .../templates/monitor.yaml | 25 + .../templates/psp-clusterrole.yaml | 15 + .../templates/psp-clusterrolebinding.yaml | 17 + .../templates/psp.yaml | 52 + .../templates/service.yaml | 23 + .../templates/serviceaccount.yaml | 16 + .../prometheus-node-exporter/values.yaml | 141 + .../charts/rancher-pushprox/.helmignore | 23 + .../charts/rancher-pushprox/Chart.yaml | 13 + .../9.4.201/charts/rancher-pushprox/README.md | 54 + .../rancher-pushprox/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy.yaml | 49 + .../templates/pushprox-servicemonitor.yaml | 39 + .../charts/rancher-pushprox/values.yaml | 86 + .../9.4.201/requirements.lock | 54 + .../9.4.201/requirements.yaml | 96 + .../9.4.201/templates/NOTES.txt | 4 + .../9.4.201/templates/_helpers.tpl | 151 + .../templates/alertmanager/alertmanager.yaml | 118 + .../templates/alertmanager/cleanupSecret.yaml | 86 + .../templates/alertmanager/ingress.yaml | 53 + .../alertmanager/ingressperreplica.yaml | 53 + .../alertmanager/podDisruptionBudget.yaml | 21 + .../templates/alertmanager/psp-role.yaml | 21 + .../alertmanager/psp-rolebinding.yaml | 18 + .../9.4.201/templates/alertmanager/psp.yaml | 52 + .../templates/alertmanager/secret.yaml | 124 + .../templates/alertmanager/service.yaml | 47 + .../alertmanager/serviceaccount.yaml | 16 + .../alertmanager/servicemonitor.yaml | 33 + .../alertmanager/serviceperreplica.yaml | 46 + .../templates/exporters/core-dns/service.yaml | 24 + .../exporters/core-dns/servicemonitor.yaml | 33 + .../kube-api-server/servicemonitor.yaml | 36 + .../kube-controller-manager/endpoints.yaml | 20 + .../kube-controller-manager/service.yaml | 27 + .../servicemonitor.yaml | 44 + .../templates/exporters/kube-dns/service.yaml | 28 + .../exporters/kube-dns/servicemonitor.yaml | 46 + .../exporters/kube-etcd/endpoints.yaml | 20 + .../exporters/kube-etcd/service.yaml | 27 + .../exporters/kube-etcd/servicemonitor.yaml | 50 + .../exporters/kube-proxy/endpoints.yaml | 20 + .../exporters/kube-proxy/service.yaml | 27 + .../exporters/kube-proxy/servicemonitor.yaml | 38 + .../exporters/kube-scheduler/endpoints.yaml | 20 + .../exporters/kube-scheduler/service.yaml | 27 + .../kube-scheduler/servicemonitor.yaml | 44 + .../kube-state-metrics/serviceMonitor.yaml | 30 + .../exporters/kubelet/servicemonitor.yaml | 151 + .../node-exporter/servicemonitor.yaml | 32 + .../grafana/configmap-dashboards.yaml | 24 + .../grafana/configmaps-datasources.yaml | 38 + .../grafana/dashboards-1.14/apiserver.yaml | 1734 ++++ .../dashboards-1.14/cluster-total.yaml | 1841 +++++ .../dashboards-1.14/controller-manager.yaml | 1144 +++ .../grafana/dashboards-1.14/etcd.yaml | 1118 +++ .../grafana/dashboards-1.14/k8s-coredns.yaml | 1340 ++++ .../k8s-resources-cluster.yaml | 2582 ++++++ .../k8s-resources-namespace.yaml | 2286 ++++++ .../dashboards-1.14/k8s-resources-node.yaml | 978 +++ .../dashboards-1.14/k8s-resources-pod.yaml | 1772 ++++ .../k8s-resources-workload.yaml | 2034 +++++ .../k8s-resources-workloads-namespace.yaml | 2195 +++++ .../grafana/dashboards-1.14/kubelet.yaml | 2515 ++++++ .../dashboards-1.14/namespace-by-pod.yaml | 1429 ++++ .../namespace-by-workload.yaml | 1697 ++++ .../node-cluster-rsrc-use.yaml | 964 +++ .../dashboards-1.14/node-rsrc-use.yaml | 991 +++ .../grafana/dashboards-1.14/nodes.yaml | 994 +++ .../persistentvolumesusage.yaml | 575 ++ .../grafana/dashboards-1.14/pod-total.yaml | 1196 +++ .../prometheus-remote-write.yaml | 1655 ++++ .../grafana/dashboards-1.14/prometheus.yaml | 1227 +++ .../grafana/dashboards-1.14/proxy.yaml | 1222 +++ .../grafana/dashboards-1.14/scheduler.yaml | 1068 +++ .../grafana/dashboards-1.14/statefulset.yaml | 927 +++ .../dashboards-1.14/workload-total.yaml | 1402 ++++ .../templates/grafana/dashboards/etcd.yaml | 1118 +++ .../dashboards/k8s-cluster-rsrc-use.yaml | 959 +++ .../grafana/dashboards/k8s-node-rsrc-use.yaml | 986 +++ .../dashboards/k8s-resources-cluster.yaml | 1479 ++++ .../dashboards/k8s-resources-namespace.yaml | 963 +++ .../grafana/dashboards/k8s-resources-pod.yaml | 1006 +++ .../dashboards/k8s-resources-workload.yaml | 936 +++ .../k8s-resources-workloads-namespace.yaml | 972 +++ .../templates/grafana/dashboards/nodes.yaml | 1383 ++++ .../dashboards/persistentvolumesusage.yaml | 573 ++ .../templates/grafana/dashboards/pods.yaml | 680 ++ .../grafana/dashboards/statefulset.yaml | 926 +++ .../9.4.201/templates/grafana/namespaces.yaml | 10 + .../templates/grafana/servicemonitor.yaml | 32 + .../job-patch/clusterrole.yaml | 33 + .../job-patch/clusterrolebinding.yaml | 20 + .../job-patch/job-createSecret.yaml | 65 + .../job-patch/job-patchWebhook.yaml | 66 + .../admission-webhooks/job-patch/psp.yaml | 54 + .../admission-webhooks/job-patch/role.yaml | 21 + .../job-patch/rolebinding.yaml | 21 + .../job-patch/serviceaccount.yaml | 15 + .../mutatingWebhookConfiguration.yaml | 31 + .../validatingWebhookConfiguration.yaml | 31 + .../prometheus-operator/clusterrole.yaml | 79 + .../clusterrolebinding.yaml | 17 + .../prometheus-operator/deployment.yaml | 145 + .../prometheus-operator/psp-clusterrole.yaml | 20 + .../psp-clusterrolebinding.yaml | 17 + .../templates/prometheus-operator/psp.yaml | 51 + .../prometheus-operator/service.yaml | 53 + .../prometheus-operator/serviceaccount.yaml | 12 + .../prometheus-operator/servicemonitor.yaml | 32 + .../additionalAlertRelabelConfigs.yaml | 16 + .../additionalAlertmanagerConfigs.yaml | 16 + .../prometheus/additionalPrometheusRules.yaml | 40 + .../prometheus/additionalScrapeConfigs.yaml | 16 + .../templates/prometheus/clusterrole.yaml | 36 + .../prometheus/clusterrolebinding.yaml | 18 + .../9.4.201/templates/prometheus/ingress.yaml | 53 + .../prometheus/ingressThanosSidecar.yaml | 48 + .../prometheus/ingressperreplica.yaml | 53 + .../templates/prometheus/nginx-config.yaml | 66 + .../prometheus/podDisruptionBudget.yaml | 21 + .../templates/prometheus/podmonitors.yaml | 37 + .../templates/prometheus/prometheus.yaml | 260 + .../templates/prometheus/psp-clusterrole.yaml | 20 + .../prometheus/psp-clusterrolebinding.yaml | 18 + .../9.4.201/templates/prometheus/psp.yaml | 55 + .../rules-1.14/alertmanager.rules.yaml | 61 + .../templates/prometheus/rules-1.14/etcd.yaml | 157 + .../prometheus/rules-1.14/general.rules.yaml | 50 + .../prometheus/rules-1.14/k8s.rules.yaml | 121 + .../kube-apiserver-availability.rules.yaml | 158 + .../rules-1.14/kube-apiserver-slos.yaml | 79 + .../rules-1.14/kube-apiserver.rules.yaml | 363 + .../kube-prometheus-general.rules.yaml | 31 + .../kube-prometheus-node-recording.rules.yaml | 39 + .../rules-1.14/kube-scheduler.rules.yaml | 65 + .../rules-1.14/kube-state-metrics.yaml | 51 + .../prometheus/rules-1.14/kubelet.rules.yaml | 39 + .../rules-1.14/kubernetes-apps.yaml | 210 + .../rules-1.14/kubernetes-resources.yaml | 103 + .../rules-1.14/kubernetes-storage.yaml | 63 + .../kubernetes-system-apiserver.yaml | 66 + .../kubernetes-system-controller-manager.yaml | 39 + .../rules-1.14/kubernetes-system-kubelet.yaml | 91 + .../kubernetes-system-scheduler.yaml | 39 + .../rules-1.14/kubernetes-system.yaml | 47 + .../rules-1.14/node-exporter.rules.yaml | 79 + .../prometheus/rules-1.14/node-exporter.yaml | 210 + .../prometheus/rules-1.14/node-network.yaml | 34 + .../prometheus/rules-1.14/node.rules.yaml | 53 + .../rules-1.14/prometheus-operator.yaml | 57 + .../prometheus/rules-1.14/prometheus.yaml | 202 + .../prometheus/rules/alertmanager.rules.yaml | 54 + .../templates/prometheus/rules/etcd.yaml | 157 + .../prometheus/rules/general.rules.yaml | 50 + .../templates/prometheus/rules/k8s.rules.yaml | 83 + .../rules/kube-apiserver.rules.yaml | 39 + .../kube-prometheus-node-alerting.rules.yaml | 41 + .../kube-prometheus-node-recording.rules.yaml | 41 + .../rules/kube-scheduler.rules.yaml | 65 + .../prometheus/rules/kubernetes-absent.yaml | 129 + .../prometheus/rules/kubernetes-apps.yaml | 161 + .../rules/kubernetes-resources.yaml | 103 + .../prometheus/rules/kubernetes-storage.yaml | 63 + .../prometheus/rules/kubernetes-system.yaml | 145 + .../prometheus/rules/node-network.yaml | 48 + .../templates/prometheus/rules/node-time.yaml | 34 + .../prometheus/rules/node.rules.yaml | 202 + .../prometheus/rules/prometheus-operator.yaml | 43 + .../prometheus/rules/prometheus.rules.yaml | 109 + .../9.4.201/templates/prometheus/service.yaml | 52 + .../templates/prometheus/serviceaccount.yaml | 16 + .../templates/prometheus/servicemonitor.yaml | 42 + .../templates/prometheus/servicemonitors.yaml | 34 + .../prometheus/serviceperreplica.yaml | 46 + .../rancher-monitoring/clusterrole.yaml | 93 + .../rancher-monitoring/config-role.yaml | 48 + .../rancher-monitoring/dashboard-role.yaml | 47 + .../rancher-monitoring/default-dashboard.yaml | 1292 +++ .../rancher-monitoring/hardened.yaml | 87 + .../templates/validate-install-crd.yaml | 19 + .../rancher-monitoring/9.4.201/values.yaml | 2577 ++++++ .../rancher-monitoring/9.4.202/.helmignore | 26 + .../rancher-monitoring/9.4.202/CHANGELOG.md | 47 + .../9.4.202/CONTRIBUTING.md | 12 + .../rancher-monitoring/9.4.202/Chart.yaml | 43 + .../rancher-monitoring/9.4.202/README.md | 346 + .../rancher-monitoring/9.4.202/app-README.md | 15 + .../9.4.202/charts/grafana/.helmignore | 23 + .../9.4.202/charts/grafana/Chart.yaml | 17 + .../9.4.202/charts/grafana/README.md | 424 + .../grafana/dashboards/custom-dashboard.json | 1 + .../charts/grafana/templates/NOTES.txt | 54 + .../charts/grafana/templates/_helpers.tpl | 82 + .../9.4.202/charts/grafana/templates/_pod.tpl | 448 ++ .../charts/grafana/templates/clusterrole.yaml | 25 + .../grafana/templates/clusterrolebinding.yaml | 20 + .../configmap-dashboard-provider.yaml | 25 + .../charts/grafana/templates/configmap.yaml | 69 + .../templates/dashboards-json-configmap.yaml | 35 + .../charts/grafana/templates/deployment.yaml | 47 + .../grafana/templates/headless-service.yaml | 18 + .../charts/grafana/templates/ingress.yaml | 55 + .../grafana/templates/nginx-config.yaml | 75 + .../templates/poddisruptionbudget.yaml | 22 + .../grafana/templates/podsecuritypolicy.yaml | 48 + .../9.4.202/charts/grafana/templates/pvc.yaml | 28 + .../charts/grafana/templates/role.yaml | 32 + .../charts/grafana/templates/rolebinding.yaml | 21 + .../charts/grafana/templates/secret-env.yaml | 14 + .../charts/grafana/templates/secret.yaml | 22 + .../charts/grafana/templates/service.yaml | 50 + .../grafana/templates/serviceaccount.yaml | 13 + .../grafana/templates/servicemonitor.yaml | 36 + .../charts/grafana/templates/statefulset.yaml | 47 + .../templates/tests/test-configmap.yaml | 17 + .../tests/test-podsecuritypolicy.yaml | 29 + .../grafana/templates/tests/test-role.yaml | 14 + .../templates/tests/test-rolebinding.yaml | 17 + .../templates/tests/test-serviceaccount.yaml | 9 + .../charts/grafana/templates/tests/test.yaml | 48 + .../9.4.202/charts/grafana/values.yaml | 562 ++ .../charts/kube-state-metrics/.helmignore | 21 + .../charts/kube-state-metrics/Chart.yaml | 20 + .../charts/kube-state-metrics/README.md | 80 + .../kube-state-metrics/templates/NOTES.txt | 10 + .../kube-state-metrics/templates/_helpers.tpl | 47 + .../templates/clusterrole.yaml | 180 + .../templates/clusterrolebinding.yaml | 19 + .../templates/deployment.yaml | 192 + .../kube-state-metrics/templates/pdb.yaml | 17 + .../templates/podsecuritypolicy.yaml | 42 + .../templates/psp-clusterrole.yaml | 22 + .../templates/psp-clusterrolebinding.yaml | 19 + .../kube-state-metrics/templates/service.yaml | 36 + .../templates/serviceaccount.yaml | 18 + .../templates/servicemonitor.yaml | 25 + .../templates/stsdiscovery-role.yaml | 29 + .../templates/stsdiscovery-rolebinding.yaml | 20 + .../charts/kube-state-metrics/values.yaml | 156 + .../charts/prometheus-adapter/.helmignore | 21 + .../charts/prometheus-adapter/Chart.yaml | 20 + .../charts/prometheus-adapter/README.md | 147 + .../prometheus-adapter/templates/NOTES.txt | 9 + .../prometheus-adapter/templates/_helpers.tpl | 43 + ...r-auth-delegator-cluster-role-binding.yaml | 19 + ...cs-apiserver-auth-reader-role-binding.yaml | 20 + .../custom-metrics-apiserver-deployment.yaml | 121 + .../custom-metrics-apiserver-pdb.yaml | 22 + .../custom-metrics-apiserver-psp.yaml | 68 + ...-resource-reader-cluster-role-binding.yaml | 19 + ...tom-metrics-apiserver-service-account.yaml | 12 + .../custom-metrics-apiserver-service.yaml | 22 + .../templates/custom-metrics-apiservice.yaml | 23 + .../custom-metrics-cluster-role.yaml | 16 + .../templates/custom-metrics-configmap.yaml | 96 + ...-metrics-resource-reader-cluster-role.yaml | 23 + .../external-metrics-apiservice.yaml | 23 + .../external-metrics-cluster-role.yaml | 20 + ...a-custom-metrics-cluster-role-binding.yaml | 23 + ...external-metrics-cluster-role-binding.yaml | 19 + .../resource-metrics-apiservice.yaml | 23 + ...resource-metrics-cluster-role-binding.yaml | 19 + .../resource-metrics-cluster-role.yaml | 22 + .../prometheus-adapter/templates/secret.yaml | 15 + .../charts/prometheus-adapter/values.yaml | 152 + .../prometheus-node-exporter/.helmignore | 21 + .../prometheus-node-exporter/Chart.yaml | 16 + .../charts/prometheus-node-exporter/README.md | 63 + .../templates/NOTES.txt | 15 + .../templates/_helpers.tpl | 66 + .../templates/daemonset.yaml | 151 + .../templates/endpoints.yaml | 18 + .../templates/monitor.yaml | 25 + .../templates/psp-clusterrole.yaml | 15 + .../templates/psp-clusterrolebinding.yaml | 17 + .../templates/psp.yaml | 52 + .../templates/service.yaml | 23 + .../templates/serviceaccount.yaml | 16 + .../prometheus-node-exporter/values.yaml | 141 + .../charts/rancher-pushprox/.helmignore | 23 + .../charts/rancher-pushprox/Chart.yaml | 12 + .../9.4.202/charts/rancher-pushprox/README.md | 54 + .../rancher-pushprox/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../charts/rancher-pushprox/values.yaml | 86 + .../9.4.202/requirements.lock | 54 + .../9.4.202/requirements.yaml | 96 + .../9.4.202/templates/NOTES.txt | 4 + .../9.4.202/templates/_helpers.tpl | 151 + .../templates/alertmanager/alertmanager.yaml | 118 + .../templates/alertmanager/cleanupSecret.yaml | 86 + .../templates/alertmanager/ingress.yaml | 53 + .../alertmanager/ingressperreplica.yaml | 53 + .../alertmanager/podDisruptionBudget.yaml | 21 + .../templates/alertmanager/psp-role.yaml | 21 + .../alertmanager/psp-rolebinding.yaml | 18 + .../9.4.202/templates/alertmanager/psp.yaml | 52 + .../templates/alertmanager/secret.yaml | 164 + .../templates/alertmanager/service.yaml | 47 + .../alertmanager/serviceaccount.yaml | 16 + .../alertmanager/servicemonitor.yaml | 33 + .../alertmanager/serviceperreplica.yaml | 46 + .../templates/exporters/core-dns/service.yaml | 24 + .../exporters/core-dns/servicemonitor.yaml | 33 + .../kube-api-server/servicemonitor.yaml | 36 + .../kube-controller-manager/endpoints.yaml | 20 + .../kube-controller-manager/service.yaml | 27 + .../servicemonitor.yaml | 44 + .../templates/exporters/kube-dns/service.yaml | 28 + .../exporters/kube-dns/servicemonitor.yaml | 46 + .../exporters/kube-etcd/endpoints.yaml | 20 + .../exporters/kube-etcd/service.yaml | 27 + .../exporters/kube-etcd/servicemonitor.yaml | 50 + .../exporters/kube-proxy/endpoints.yaml | 20 + .../exporters/kube-proxy/service.yaml | 27 + .../exporters/kube-proxy/servicemonitor.yaml | 38 + .../exporters/kube-scheduler/endpoints.yaml | 20 + .../exporters/kube-scheduler/service.yaml | 27 + .../kube-scheduler/servicemonitor.yaml | 44 + .../kube-state-metrics/serviceMonitor.yaml | 30 + .../exporters/kubelet/servicemonitor.yaml | 151 + .../node-exporter/servicemonitor.yaml | 32 + .../grafana/configmap-dashboards.yaml | 24 + .../grafana/configmaps-datasources.yaml | 38 + .../grafana/dashboards-1.14/apiserver.yaml | 1734 ++++ .../dashboards-1.14/cluster-total.yaml | 1841 +++++ .../dashboards-1.14/controller-manager.yaml | 1144 +++ .../grafana/dashboards-1.14/etcd.yaml | 1118 +++ .../grafana/dashboards-1.14/k8s-coredns.yaml | 1340 ++++ .../k8s-resources-cluster.yaml | 2582 ++++++ .../k8s-resources-namespace.yaml | 2286 ++++++ .../dashboards-1.14/k8s-resources-node.yaml | 978 +++ .../dashboards-1.14/k8s-resources-pod.yaml | 1772 ++++ .../k8s-resources-workload.yaml | 2034 +++++ .../k8s-resources-workloads-namespace.yaml | 2195 +++++ .../grafana/dashboards-1.14/kubelet.yaml | 2515 ++++++ .../dashboards-1.14/namespace-by-pod.yaml | 1429 ++++ .../namespace-by-workload.yaml | 1697 ++++ .../node-cluster-rsrc-use.yaml | 964 +++ .../dashboards-1.14/node-rsrc-use.yaml | 991 +++ .../grafana/dashboards-1.14/nodes.yaml | 994 +++ .../persistentvolumesusage.yaml | 575 ++ .../grafana/dashboards-1.14/pod-total.yaml | 1196 +++ .../prometheus-remote-write.yaml | 1655 ++++ .../grafana/dashboards-1.14/prometheus.yaml | 1227 +++ .../grafana/dashboards-1.14/proxy.yaml | 1222 +++ .../grafana/dashboards-1.14/scheduler.yaml | 1068 +++ .../grafana/dashboards-1.14/statefulset.yaml | 927 +++ .../dashboards-1.14/workload-total.yaml | 1402 ++++ .../templates/grafana/dashboards/etcd.yaml | 1118 +++ .../dashboards/k8s-cluster-rsrc-use.yaml | 959 +++ .../grafana/dashboards/k8s-node-rsrc-use.yaml | 986 +++ .../dashboards/k8s-resources-cluster.yaml | 1479 ++++ .../dashboards/k8s-resources-namespace.yaml | 963 +++ .../grafana/dashboards/k8s-resources-pod.yaml | 1006 +++ .../dashboards/k8s-resources-workload.yaml | 936 +++ .../k8s-resources-workloads-namespace.yaml | 972 +++ .../templates/grafana/dashboards/nodes.yaml | 1383 ++++ .../dashboards/persistentvolumesusage.yaml | 573 ++ .../templates/grafana/dashboards/pods.yaml | 680 ++ .../grafana/dashboards/statefulset.yaml | 926 +++ .../9.4.202/templates/grafana/namespaces.yaml | 10 + .../templates/grafana/servicemonitor.yaml | 32 + .../job-patch/clusterrole.yaml | 33 + .../job-patch/clusterrolebinding.yaml | 20 + .../job-patch/job-createSecret.yaml | 65 + .../job-patch/job-patchWebhook.yaml | 66 + .../admission-webhooks/job-patch/psp.yaml | 54 + .../admission-webhooks/job-patch/role.yaml | 21 + .../job-patch/rolebinding.yaml | 21 + .../job-patch/serviceaccount.yaml | 15 + .../mutatingWebhookConfiguration.yaml | 31 + .../validatingWebhookConfiguration.yaml | 31 + .../prometheus-operator/clusterrole.yaml | 79 + .../clusterrolebinding.yaml | 17 + .../prometheus-operator/deployment.yaml | 145 + .../prometheus-operator/psp-clusterrole.yaml | 20 + .../psp-clusterrolebinding.yaml | 17 + .../templates/prometheus-operator/psp.yaml | 51 + .../prometheus-operator/service.yaml | 53 + .../prometheus-operator/serviceaccount.yaml | 12 + .../prometheus-operator/servicemonitor.yaml | 32 + .../additionalAlertRelabelConfigs.yaml | 16 + .../additionalAlertmanagerConfigs.yaml | 16 + .../prometheus/additionalPrometheusRules.yaml | 40 + .../prometheus/additionalScrapeConfigs.yaml | 16 + .../templates/prometheus/clusterrole.yaml | 36 + .../prometheus/clusterrolebinding.yaml | 18 + .../9.4.202/templates/prometheus/ingress.yaml | 53 + .../prometheus/ingressThanosSidecar.yaml | 48 + .../prometheus/ingressperreplica.yaml | 53 + .../templates/prometheus/nginx-config.yaml | 66 + .../prometheus/podDisruptionBudget.yaml | 21 + .../templates/prometheus/podmonitors.yaml | 37 + .../templates/prometheus/prometheus.yaml | 260 + .../templates/prometheus/psp-clusterrole.yaml | 20 + .../prometheus/psp-clusterrolebinding.yaml | 18 + .../9.4.202/templates/prometheus/psp.yaml | 55 + .../rules-1.14/alertmanager.rules.yaml | 61 + .../templates/prometheus/rules-1.14/etcd.yaml | 157 + .../prometheus/rules-1.14/general.rules.yaml | 50 + .../prometheus/rules-1.14/k8s.rules.yaml | 121 + .../kube-apiserver-availability.rules.yaml | 158 + .../rules-1.14/kube-apiserver-slos.yaml | 79 + .../rules-1.14/kube-apiserver.rules.yaml | 363 + .../kube-prometheus-general.rules.yaml | 31 + .../kube-prometheus-node-recording.rules.yaml | 39 + .../rules-1.14/kube-scheduler.rules.yaml | 65 + .../rules-1.14/kube-state-metrics.yaml | 51 + .../prometheus/rules-1.14/kubelet.rules.yaml | 39 + .../rules-1.14/kubernetes-apps.yaml | 210 + .../rules-1.14/kubernetes-resources.yaml | 103 + .../rules-1.14/kubernetes-storage.yaml | 63 + .../kubernetes-system-apiserver.yaml | 66 + .../kubernetes-system-controller-manager.yaml | 39 + .../rules-1.14/kubernetes-system-kubelet.yaml | 91 + .../kubernetes-system-scheduler.yaml | 39 + .../rules-1.14/kubernetes-system.yaml | 47 + .../rules-1.14/node-exporter.rules.yaml | 79 + .../prometheus/rules-1.14/node-exporter.yaml | 210 + .../prometheus/rules-1.14/node-network.yaml | 34 + .../prometheus/rules-1.14/node.rules.yaml | 53 + .../rules-1.14/prometheus-operator.yaml | 57 + .../prometheus/rules-1.14/prometheus.yaml | 202 + .../prometheus/rules/alertmanager.rules.yaml | 54 + .../templates/prometheus/rules/etcd.yaml | 157 + .../prometheus/rules/general.rules.yaml | 50 + .../templates/prometheus/rules/k8s.rules.yaml | 83 + .../rules/kube-apiserver.rules.yaml | 39 + .../kube-prometheus-node-alerting.rules.yaml | 41 + .../kube-prometheus-node-recording.rules.yaml | 41 + .../rules/kube-scheduler.rules.yaml | 65 + .../prometheus/rules/kubernetes-absent.yaml | 129 + .../prometheus/rules/kubernetes-apps.yaml | 161 + .../rules/kubernetes-resources.yaml | 103 + .../prometheus/rules/kubernetes-storage.yaml | 63 + .../prometheus/rules/kubernetes-system.yaml | 145 + .../prometheus/rules/node-network.yaml | 48 + .../templates/prometheus/rules/node-time.yaml | 34 + .../prometheus/rules/node.rules.yaml | 202 + .../prometheus/rules/prometheus-operator.yaml | 43 + .../prometheus/rules/prometheus.rules.yaml | 109 + .../9.4.202/templates/prometheus/service.yaml | 52 + .../templates/prometheus/serviceaccount.yaml | 16 + .../templates/prometheus/servicemonitor.yaml | 42 + .../templates/prometheus/servicemonitors.yaml | 34 + .../prometheus/serviceperreplica.yaml | 46 + .../rancher-monitoring/clusterrole.yaml | 93 + .../rancher-monitoring/config-role.yaml | 48 + .../rancher-monitoring/dashboard-role.yaml | 47 + .../rancher-monitoring/default-dashboard.yaml | 1292 +++ .../rancher-monitoring/hardened.yaml | 122 + .../templates/validate-install-crd.yaml | 19 + .../rancher-monitoring/9.4.202/values.yaml | 2579 ++++++ .../rancher-monitoring/9.4.203/.helmignore | 26 + .../rancher-monitoring/9.4.203/CHANGELOG.md | 47 + .../9.4.203/CONTRIBUTING.md | 12 + .../rancher-monitoring/9.4.203/Chart.yaml | 47 + .../rancher-monitoring/9.4.203/README.md | 346 + .../rancher-monitoring/9.4.203/app-README.md | 15 + .../9.4.203/charts/grafana/.helmignore | 23 + .../9.4.203/charts/grafana/Chart.yaml | 17 + .../9.4.203/charts/grafana/README.md | 424 + .../grafana/dashboards/custom-dashboard.json | 1 + .../charts/grafana/templates/NOTES.txt | 54 + .../charts/grafana/templates/_helpers.tpl | 82 + .../9.4.203/charts/grafana/templates/_pod.tpl | 448 ++ .../charts/grafana/templates/clusterrole.yaml | 25 + .../grafana/templates/clusterrolebinding.yaml | 20 + .../configmap-dashboard-provider.yaml | 25 + .../charts/grafana/templates/configmap.yaml | 69 + .../templates/dashboards-json-configmap.yaml | 35 + .../charts/grafana/templates/deployment.yaml | 47 + .../grafana/templates/headless-service.yaml | 18 + .../charts/grafana/templates/ingress.yaml | 55 + .../grafana/templates/nginx-config.yaml | 75 + .../templates/poddisruptionbudget.yaml | 22 + .../grafana/templates/podsecuritypolicy.yaml | 48 + .../9.4.203/charts/grafana/templates/pvc.yaml | 28 + .../charts/grafana/templates/role.yaml | 32 + .../charts/grafana/templates/rolebinding.yaml | 21 + .../charts/grafana/templates/secret-env.yaml | 14 + .../charts/grafana/templates/secret.yaml | 22 + .../charts/grafana/templates/service.yaml | 50 + .../grafana/templates/serviceaccount.yaml | 13 + .../grafana/templates/servicemonitor.yaml | 36 + .../charts/grafana/templates/statefulset.yaml | 47 + .../templates/tests/test-configmap.yaml | 17 + .../tests/test-podsecuritypolicy.yaml | 29 + .../grafana/templates/tests/test-role.yaml | 14 + .../templates/tests/test-rolebinding.yaml | 17 + .../templates/tests/test-serviceaccount.yaml | 9 + .../charts/grafana/templates/tests/test.yaml | 48 + .../9.4.203/charts/grafana/values.yaml | 562 ++ .../9.4.203/charts/k3sServer/.helmignore | 23 + .../9.4.203/charts/k3sServer/Chart.yaml | 12 + .../9.4.203/charts/k3sServer/README.md | 54 + .../charts/k3sServer/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../k3sServer/templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../k3sServer/templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.203/charts/k3sServer/values.yaml | 86 + .../charts/kube-state-metrics/.helmignore | 21 + .../charts/kube-state-metrics/Chart.yaml | 20 + .../charts/kube-state-metrics/README.md | 80 + .../kube-state-metrics/templates/NOTES.txt | 10 + .../kube-state-metrics/templates/_helpers.tpl | 47 + .../templates/clusterrole.yaml | 180 + .../templates/clusterrolebinding.yaml | 19 + .../templates/deployment.yaml | 192 + .../kube-state-metrics/templates/pdb.yaml | 17 + .../templates/podsecuritypolicy.yaml | 42 + .../templates/psp-clusterrole.yaml | 22 + .../templates/psp-clusterrolebinding.yaml | 19 + .../kube-state-metrics/templates/service.yaml | 36 + .../templates/serviceaccount.yaml | 18 + .../templates/servicemonitor.yaml | 25 + .../templates/stsdiscovery-role.yaml | 29 + .../templates/stsdiscovery-rolebinding.yaml | 20 + .../charts/kube-state-metrics/values.yaml | 156 + .../kubeAdmControllerManager/.helmignore | 23 + .../kubeAdmControllerManager/Chart.yaml | 12 + .../charts/kubeAdmControllerManager/README.md | 54 + .../templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../kubeAdmControllerManager/values.yaml | 86 + .../9.4.203/charts/kubeAdmEtcd/.helmignore | 23 + .../9.4.203/charts/kubeAdmEtcd/Chart.yaml | 12 + .../9.4.203/charts/kubeAdmEtcd/README.md | 54 + .../charts/kubeAdmEtcd/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../kubeAdmEtcd/templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.203/charts/kubeAdmEtcd/values.yaml | 86 + .../9.4.203/charts/kubeAdmProxy/.helmignore | 23 + .../9.4.203/charts/kubeAdmProxy/Chart.yaml | 12 + .../9.4.203/charts/kubeAdmProxy/README.md | 54 + .../kubeAdmProxy/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.203/charts/kubeAdmProxy/values.yaml | 86 + .../charts/kubeAdmScheduler/.helmignore | 23 + .../charts/kubeAdmScheduler/Chart.yaml | 12 + .../9.4.203/charts/kubeAdmScheduler/README.md | 54 + .../kubeAdmScheduler/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../charts/kubeAdmScheduler/values.yaml | 86 + .../charts/prometheus-adapter/.helmignore | 21 + .../charts/prometheus-adapter/Chart.yaml | 20 + .../charts/prometheus-adapter/README.md | 147 + .../prometheus-adapter/templates/NOTES.txt | 9 + .../prometheus-adapter/templates/_helpers.tpl | 43 + ...r-auth-delegator-cluster-role-binding.yaml | 19 + ...cs-apiserver-auth-reader-role-binding.yaml | 20 + .../custom-metrics-apiserver-deployment.yaml | 121 + .../custom-metrics-apiserver-pdb.yaml | 22 + .../custom-metrics-apiserver-psp.yaml | 68 + ...-resource-reader-cluster-role-binding.yaml | 19 + ...tom-metrics-apiserver-service-account.yaml | 12 + .../custom-metrics-apiserver-service.yaml | 22 + .../templates/custom-metrics-apiservice.yaml | 23 + .../custom-metrics-cluster-role.yaml | 16 + .../templates/custom-metrics-configmap.yaml | 96 + ...-metrics-resource-reader-cluster-role.yaml | 23 + .../external-metrics-apiservice.yaml | 23 + .../external-metrics-cluster-role.yaml | 20 + ...a-custom-metrics-cluster-role-binding.yaml | 23 + ...external-metrics-cluster-role-binding.yaml | 19 + .../resource-metrics-apiservice.yaml | 23 + ...resource-metrics-cluster-role-binding.yaml | 19 + .../resource-metrics-cluster-role.yaml | 22 + .../prometheus-adapter/templates/secret.yaml | 15 + .../charts/prometheus-adapter/values.yaml | 152 + .../prometheus-node-exporter/.helmignore | 21 + .../prometheus-node-exporter/Chart.yaml | 16 + .../charts/prometheus-node-exporter/README.md | 63 + .../templates/NOTES.txt | 15 + .../templates/_helpers.tpl | 66 + .../templates/daemonset.yaml | 151 + .../templates/endpoints.yaml | 18 + .../templates/monitor.yaml | 25 + .../templates/psp-clusterrole.yaml | 15 + .../templates/psp-clusterrolebinding.yaml | 17 + .../templates/psp.yaml | 52 + .../templates/service.yaml | 23 + .../templates/serviceaccount.yaml | 16 + .../prometheus-node-exporter/values.yaml | 143 + .../charts/rke2ControllerManager/.helmignore | 23 + .../charts/rke2ControllerManager/Chart.yaml | 12 + .../charts/rke2ControllerManager/README.md | 54 + .../templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../charts/rke2ControllerManager/values.yaml | 86 + .../9.4.203/charts/rke2Etcd/.helmignore | 23 + .../9.4.203/charts/rke2Etcd/Chart.yaml | 12 + .../9.4.203/charts/rke2Etcd/README.md | 54 + .../charts/rke2Etcd/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../rke2Etcd/templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../rke2Etcd/templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.203/charts/rke2Etcd/values.yaml | 86 + .../9.4.203/charts/rke2Proxy/.helmignore | 23 + .../9.4.203/charts/rke2Proxy/Chart.yaml | 12 + .../9.4.203/charts/rke2Proxy/README.md | 54 + .../charts/rke2Proxy/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../rke2Proxy/templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../rke2Proxy/templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.203/charts/rke2Proxy/values.yaml | 86 + .../9.4.203/charts/rke2Scheduler/.helmignore | 23 + .../9.4.203/charts/rke2Scheduler/Chart.yaml | 12 + .../9.4.203/charts/rke2Scheduler/README.md | 54 + .../rke2Scheduler/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.203/charts/rke2Scheduler/values.yaml | 86 + .../charts/rkeControllerManager/.helmignore | 23 + .../charts/rkeControllerManager/Chart.yaml | 12 + .../charts/rkeControllerManager/README.md | 54 + .../templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../charts/rkeControllerManager/values.yaml | 86 + .../9.4.203/charts/rkeEtcd/.helmignore | 23 + .../9.4.203/charts/rkeEtcd/Chart.yaml | 12 + .../9.4.203/charts/rkeEtcd/README.md | 54 + .../charts/rkeEtcd/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../rkeEtcd/templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../rkeEtcd/templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.203/charts/rkeEtcd/values.yaml | 86 + .../9.4.203/charts/rkeProxy/.helmignore | 23 + .../9.4.203/charts/rkeProxy/Chart.yaml | 12 + .../9.4.203/charts/rkeProxy/README.md | 54 + .../charts/rkeProxy/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../rkeProxy/templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../rkeProxy/templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.203/charts/rkeProxy/values.yaml | 86 + .../9.4.203/charts/rkeScheduler/.helmignore | 23 + .../9.4.203/charts/rkeScheduler/Chart.yaml | 12 + .../9.4.203/charts/rkeScheduler/README.md | 54 + .../rkeScheduler/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.203/charts/rkeScheduler/values.yaml | 86 + .../9.4.203/requirements.lock | 54 + .../9.4.203/requirements.yaml | 137 + .../9.4.203/templates/NOTES.txt | 4 + .../9.4.203/templates/_helpers.tpl | 162 + .../templates/alertmanager/alertmanager.yaml | 118 + .../templates/alertmanager/cleanupSecret.yaml | 86 + .../templates/alertmanager/ingress.yaml | 53 + .../alertmanager/ingressperreplica.yaml | 53 + .../alertmanager/podDisruptionBudget.yaml | 21 + .../templates/alertmanager/psp-role.yaml | 21 + .../alertmanager/psp-rolebinding.yaml | 18 + .../9.4.203/templates/alertmanager/psp.yaml | 52 + .../templates/alertmanager/secret.yaml | 164 + .../templates/alertmanager/service.yaml | 47 + .../alertmanager/serviceaccount.yaml | 16 + .../alertmanager/servicemonitor.yaml | 33 + .../alertmanager/serviceperreplica.yaml | 46 + .../templates/exporters/core-dns/service.yaml | 24 + .../exporters/core-dns/servicemonitor.yaml | 33 + .../kube-api-server/servicemonitor.yaml | 36 + .../kube-controller-manager/endpoints.yaml | 20 + .../kube-controller-manager/service.yaml | 27 + .../servicemonitor.yaml | 44 + .../templates/exporters/kube-dns/service.yaml | 28 + .../exporters/kube-dns/servicemonitor.yaml | 46 + .../exporters/kube-etcd/endpoints.yaml | 20 + .../exporters/kube-etcd/service.yaml | 27 + .../exporters/kube-etcd/servicemonitor.yaml | 50 + .../exporters/kube-proxy/endpoints.yaml | 20 + .../exporters/kube-proxy/service.yaml | 27 + .../exporters/kube-proxy/servicemonitor.yaml | 38 + .../exporters/kube-scheduler/endpoints.yaml | 20 + .../exporters/kube-scheduler/service.yaml | 27 + .../kube-scheduler/servicemonitor.yaml | 44 + .../kube-state-metrics/serviceMonitor.yaml | 30 + .../exporters/kubelet/servicemonitor.yaml | 151 + .../node-exporter/servicemonitor.yaml | 32 + .../grafana/configmap-dashboards.yaml | 24 + .../grafana/configmaps-datasources.yaml | 38 + .../grafana/dashboards-1.14/apiserver.yaml | 1734 ++++ .../dashboards-1.14/cluster-total.yaml | 1841 +++++ .../dashboards-1.14/controller-manager.yaml | 1144 +++ .../grafana/dashboards-1.14/etcd.yaml | 1118 +++ .../grafana/dashboards-1.14/k8s-coredns.yaml | 1340 ++++ .../k8s-resources-cluster.yaml | 2582 ++++++ .../k8s-resources-namespace.yaml | 2286 ++++++ .../dashboards-1.14/k8s-resources-node.yaml | 978 +++ .../dashboards-1.14/k8s-resources-pod.yaml | 1772 ++++ .../k8s-resources-workload.yaml | 2034 +++++ .../k8s-resources-workloads-namespace.yaml | 2195 +++++ .../grafana/dashboards-1.14/kubelet.yaml | 2515 ++++++ .../dashboards-1.14/namespace-by-pod.yaml | 1429 ++++ .../namespace-by-workload.yaml | 1697 ++++ .../node-cluster-rsrc-use.yaml | 964 +++ .../dashboards-1.14/node-rsrc-use.yaml | 991 +++ .../grafana/dashboards-1.14/nodes.yaml | 994 +++ .../persistentvolumesusage.yaml | 575 ++ .../grafana/dashboards-1.14/pod-total.yaml | 1196 +++ .../prometheus-remote-write.yaml | 1655 ++++ .../grafana/dashboards-1.14/prometheus.yaml | 1227 +++ .../grafana/dashboards-1.14/proxy.yaml | 1222 +++ .../grafana/dashboards-1.14/scheduler.yaml | 1068 +++ .../grafana/dashboards-1.14/statefulset.yaml | 927 +++ .../dashboards-1.14/workload-total.yaml | 1402 ++++ .../templates/grafana/dashboards/etcd.yaml | 1118 +++ .../dashboards/k8s-cluster-rsrc-use.yaml | 959 +++ .../grafana/dashboards/k8s-node-rsrc-use.yaml | 986 +++ .../dashboards/k8s-resources-cluster.yaml | 1479 ++++ .../dashboards/k8s-resources-namespace.yaml | 963 +++ .../grafana/dashboards/k8s-resources-pod.yaml | 1006 +++ .../dashboards/k8s-resources-workload.yaml | 936 +++ .../k8s-resources-workloads-namespace.yaml | 972 +++ .../templates/grafana/dashboards/nodes.yaml | 1383 ++++ .../dashboards/persistentvolumesusage.yaml | 573 ++ .../templates/grafana/dashboards/pods.yaml | 680 ++ .../grafana/dashboards/statefulset.yaml | 926 +++ .../9.4.203/templates/grafana/namespaces.yaml | 10 + .../templates/grafana/servicemonitor.yaml | 32 + .../job-patch/clusterrole.yaml | 33 + .../job-patch/clusterrolebinding.yaml | 20 + .../job-patch/job-createSecret.yaml | 65 + .../job-patch/job-patchWebhook.yaml | 66 + .../admission-webhooks/job-patch/psp.yaml | 54 + .../admission-webhooks/job-patch/role.yaml | 21 + .../job-patch/rolebinding.yaml | 21 + .../job-patch/serviceaccount.yaml | 15 + .../mutatingWebhookConfiguration.yaml | 31 + .../validatingWebhookConfiguration.yaml | 31 + .../prometheus-operator/clusterrole.yaml | 79 + .../clusterrolebinding.yaml | 17 + .../prometheus-operator/deployment.yaml | 145 + .../prometheus-operator/psp-clusterrole.yaml | 20 + .../psp-clusterrolebinding.yaml | 17 + .../templates/prometheus-operator/psp.yaml | 51 + .../prometheus-operator/service.yaml | 53 + .../prometheus-operator/serviceaccount.yaml | 12 + .../prometheus-operator/servicemonitor.yaml | 32 + .../additionalAlertRelabelConfigs.yaml | 16 + .../additionalAlertmanagerConfigs.yaml | 16 + .../prometheus/additionalPrometheusRules.yaml | 40 + .../prometheus/additionalScrapeConfigs.yaml | 16 + .../templates/prometheus/clusterrole.yaml | 36 + .../prometheus/clusterrolebinding.yaml | 18 + .../9.4.203/templates/prometheus/ingress.yaml | 53 + .../prometheus/ingressThanosSidecar.yaml | 48 + .../prometheus/ingressperreplica.yaml | 53 + .../templates/prometheus/nginx-config.yaml | 66 + .../prometheus/podDisruptionBudget.yaml | 21 + .../templates/prometheus/podmonitors.yaml | 37 + .../templates/prometheus/prometheus.yaml | 262 + .../templates/prometheus/psp-clusterrole.yaml | 20 + .../prometheus/psp-clusterrolebinding.yaml | 18 + .../9.4.203/templates/prometheus/psp.yaml | 55 + .../rules-1.14/alertmanager.rules.yaml | 61 + .../templates/prometheus/rules-1.14/etcd.yaml | 157 + .../prometheus/rules-1.14/general.rules.yaml | 50 + .../prometheus/rules-1.14/k8s.rules.yaml | 121 + .../kube-apiserver-availability.rules.yaml | 158 + .../rules-1.14/kube-apiserver-slos.yaml | 79 + .../rules-1.14/kube-apiserver.rules.yaml | 363 + .../kube-prometheus-general.rules.yaml | 31 + .../kube-prometheus-node-recording.rules.yaml | 39 + .../rules-1.14/kube-scheduler.rules.yaml | 65 + .../rules-1.14/kube-state-metrics.yaml | 51 + .../prometheus/rules-1.14/kubelet.rules.yaml | 39 + .../rules-1.14/kubernetes-apps.yaml | 210 + .../rules-1.14/kubernetes-resources.yaml | 103 + .../rules-1.14/kubernetes-storage.yaml | 63 + .../kubernetes-system-apiserver.yaml | 66 + .../kubernetes-system-controller-manager.yaml | 39 + .../rules-1.14/kubernetes-system-kubelet.yaml | 91 + .../kubernetes-system-scheduler.yaml | 39 + .../rules-1.14/kubernetes-system.yaml | 47 + .../rules-1.14/node-exporter.rules.yaml | 79 + .../prometheus/rules-1.14/node-exporter.yaml | 210 + .../prometheus/rules-1.14/node-network.yaml | 34 + .../prometheus/rules-1.14/node.rules.yaml | 53 + .../rules-1.14/prometheus-operator.yaml | 57 + .../prometheus/rules-1.14/prometheus.yaml | 202 + .../prometheus/rules/alertmanager.rules.yaml | 54 + .../templates/prometheus/rules/etcd.yaml | 157 + .../prometheus/rules/general.rules.yaml | 50 + .../templates/prometheus/rules/k8s.rules.yaml | 83 + .../rules/kube-apiserver.rules.yaml | 39 + .../kube-prometheus-node-alerting.rules.yaml | 41 + .../kube-prometheus-node-recording.rules.yaml | 41 + .../rules/kube-scheduler.rules.yaml | 65 + .../prometheus/rules/kubernetes-absent.yaml | 129 + .../prometheus/rules/kubernetes-apps.yaml | 161 + .../rules/kubernetes-resources.yaml | 103 + .../prometheus/rules/kubernetes-storage.yaml | 63 + .../prometheus/rules/kubernetes-system.yaml | 145 + .../prometheus/rules/node-network.yaml | 48 + .../templates/prometheus/rules/node-time.yaml | 34 + .../prometheus/rules/node.rules.yaml | 202 + .../prometheus/rules/prometheus-operator.yaml | 43 + .../prometheus/rules/prometheus.rules.yaml | 109 + .../9.4.203/templates/prometheus/service.yaml | 52 + .../templates/prometheus/serviceaccount.yaml | 16 + .../templates/prometheus/servicemonitor.yaml | 42 + .../templates/prometheus/servicemonitors.yaml | 34 + .../prometheus/serviceperreplica.yaml | 46 + .../rancher-monitoring/clusterrole.yaml | 93 + .../rancher-monitoring/config-role.yaml | 48 + .../rancher-monitoring/dashboard-role.yaml | 47 + .../rancher-monitoring/default-dashboard.yaml | 1292 +++ .../rancher-monitoring/hardened.yaml | 122 + .../templates/validate-install-crd.yaml | 19 + .../rancher-monitoring/9.4.203/values.yaml | 2579 ++++++ .../rancher-monitoring/9.4.204/.helmignore | 26 + .../rancher-monitoring/9.4.204/CHANGELOG.md | 47 + .../9.4.204/CONTRIBUTING.md | 12 + .../rancher-monitoring/9.4.204/Chart.yaml | 46 + .../rancher-monitoring/9.4.204/README.md | 346 + .../rancher-monitoring/9.4.204/app-README.md | 15 + .../9.4.204/charts/grafana/.helmignore | 23 + .../9.4.204/charts/grafana/Chart.yaml | 17 + .../9.4.204/charts/grafana/README.md | 424 + .../grafana/dashboards/custom-dashboard.json | 1 + .../charts/grafana/templates/NOTES.txt | 54 + .../charts/grafana/templates/_helpers.tpl | 82 + .../9.4.204/charts/grafana/templates/_pod.tpl | 448 ++ .../charts/grafana/templates/clusterrole.yaml | 25 + .../grafana/templates/clusterrolebinding.yaml | 20 + .../configmap-dashboard-provider.yaml | 25 + .../charts/grafana/templates/configmap.yaml | 69 + .../templates/dashboards-json-configmap.yaml | 35 + .../charts/grafana/templates/deployment.yaml | 47 + .../grafana/templates/headless-service.yaml | 18 + .../charts/grafana/templates/ingress.yaml | 55 + .../grafana/templates/nginx-config.yaml | 75 + .../templates/poddisruptionbudget.yaml | 22 + .../grafana/templates/podsecuritypolicy.yaml | 48 + .../9.4.204/charts/grafana/templates/pvc.yaml | 28 + .../charts/grafana/templates/role.yaml | 32 + .../charts/grafana/templates/rolebinding.yaml | 21 + .../charts/grafana/templates/secret-env.yaml | 14 + .../charts/grafana/templates/secret.yaml | 22 + .../charts/grafana/templates/service.yaml | 50 + .../grafana/templates/serviceaccount.yaml | 13 + .../grafana/templates/servicemonitor.yaml | 36 + .../charts/grafana/templates/statefulset.yaml | 47 + .../templates/tests/test-configmap.yaml | 17 + .../tests/test-podsecuritypolicy.yaml | 29 + .../grafana/templates/tests/test-role.yaml | 14 + .../templates/tests/test-rolebinding.yaml | 17 + .../templates/tests/test-serviceaccount.yaml | 9 + .../charts/grafana/templates/tests/test.yaml | 48 + .../9.4.204/charts/grafana/values.yaml | 562 ++ .../9.4.204/charts/k3sServer/.helmignore | 23 + .../9.4.204/charts/k3sServer/Chart.yaml | 13 + .../9.4.204/charts/k3sServer/README.md | 54 + .../charts/k3sServer/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../k3sServer/templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../k3sServer/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.204/charts/k3sServer/values.yaml | 86 + .../charts/kube-state-metrics/.helmignore | 21 + .../charts/kube-state-metrics/Chart.yaml | 20 + .../charts/kube-state-metrics/README.md | 80 + .../kube-state-metrics/templates/NOTES.txt | 10 + .../kube-state-metrics/templates/_helpers.tpl | 47 + .../templates/clusterrole.yaml | 180 + .../templates/clusterrolebinding.yaml | 19 + .../templates/deployment.yaml | 192 + .../kube-state-metrics/templates/pdb.yaml | 17 + .../templates/podsecuritypolicy.yaml | 42 + .../templates/psp-clusterrole.yaml | 22 + .../templates/psp-clusterrolebinding.yaml | 19 + .../kube-state-metrics/templates/service.yaml | 36 + .../templates/serviceaccount.yaml | 18 + .../templates/servicemonitor.yaml | 25 + .../templates/stsdiscovery-role.yaml | 29 + .../templates/stsdiscovery-rolebinding.yaml | 20 + .../charts/kube-state-metrics/values.yaml | 156 + .../kubeAdmControllerManager/.helmignore | 23 + .../kubeAdmControllerManager/Chart.yaml | 13 + .../charts/kubeAdmControllerManager/README.md | 54 + .../templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../kubeAdmControllerManager/values.yaml | 86 + .../9.4.204/charts/kubeAdmEtcd/.helmignore | 23 + .../9.4.204/charts/kubeAdmEtcd/Chart.yaml | 13 + .../9.4.204/charts/kubeAdmEtcd/README.md | 54 + .../charts/kubeAdmEtcd/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../kubeAdmEtcd/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.204/charts/kubeAdmEtcd/values.yaml | 86 + .../9.4.204/charts/kubeAdmProxy/.helmignore | 23 + .../9.4.204/charts/kubeAdmProxy/Chart.yaml | 13 + .../9.4.204/charts/kubeAdmProxy/README.md | 54 + .../kubeAdmProxy/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.204/charts/kubeAdmProxy/values.yaml | 86 + .../charts/kubeAdmScheduler/.helmignore | 23 + .../charts/kubeAdmScheduler/Chart.yaml | 13 + .../9.4.204/charts/kubeAdmScheduler/README.md | 54 + .../kubeAdmScheduler/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../charts/kubeAdmScheduler/values.yaml | 86 + .../charts/prometheus-adapter/.helmignore | 21 + .../charts/prometheus-adapter/Chart.yaml | 20 + .../charts/prometheus-adapter/README.md | 147 + .../prometheus-adapter/templates/NOTES.txt | 9 + .../prometheus-adapter/templates/_helpers.tpl | 43 + ...r-auth-delegator-cluster-role-binding.yaml | 19 + ...cs-apiserver-auth-reader-role-binding.yaml | 20 + .../custom-metrics-apiserver-deployment.yaml | 125 + .../custom-metrics-apiserver-pdb.yaml | 22 + .../custom-metrics-apiserver-psp.yaml | 68 + ...-resource-reader-cluster-role-binding.yaml | 19 + ...tom-metrics-apiserver-service-account.yaml | 12 + .../custom-metrics-apiserver-service.yaml | 22 + .../templates/custom-metrics-apiservice.yaml | 23 + .../custom-metrics-cluster-role.yaml | 16 + .../templates/custom-metrics-configmap.yaml | 96 + ...-metrics-resource-reader-cluster-role.yaml | 23 + .../external-metrics-apiservice.yaml | 23 + .../external-metrics-cluster-role.yaml | 20 + ...a-custom-metrics-cluster-role-binding.yaml | 23 + ...external-metrics-cluster-role-binding.yaml | 19 + .../resource-metrics-apiservice.yaml | 23 + ...resource-metrics-cluster-role-binding.yaml | 19 + .../resource-metrics-cluster-role.yaml | 22 + .../prometheus-adapter/templates/secret.yaml | 15 + .../charts/prometheus-adapter/values.yaml | 152 + .../prometheus-node-exporter/.helmignore | 21 + .../prometheus-node-exporter/Chart.yaml | 16 + .../charts/prometheus-node-exporter/README.md | 63 + .../templates/NOTES.txt | 15 + .../templates/_helpers.tpl | 66 + .../templates/daemonset.yaml | 151 + .../templates/endpoints.yaml | 18 + .../templates/monitor.yaml | 25 + .../templates/psp-clusterrole.yaml | 15 + .../templates/psp-clusterrolebinding.yaml | 17 + .../templates/psp.yaml | 52 + .../templates/service.yaml | 23 + .../templates/serviceaccount.yaml | 16 + .../prometheus-node-exporter/values.yaml | 143 + .../charts/rke2ControllerManager/.helmignore | 23 + .../charts/rke2ControllerManager/Chart.yaml | 13 + .../charts/rke2ControllerManager/README.md | 54 + .../templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../charts/rke2ControllerManager/values.yaml | 86 + .../9.4.204/charts/rke2Etcd/.helmignore | 23 + .../9.4.204/charts/rke2Etcd/Chart.yaml | 13 + .../9.4.204/charts/rke2Etcd/README.md | 54 + .../charts/rke2Etcd/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../rke2Etcd/templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../rke2Etcd/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.204/charts/rke2Etcd/values.yaml | 86 + .../9.4.204/charts/rke2Proxy/.helmignore | 23 + .../9.4.204/charts/rke2Proxy/Chart.yaml | 13 + .../9.4.204/charts/rke2Proxy/README.md | 54 + .../charts/rke2Proxy/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../rke2Proxy/templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../rke2Proxy/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.204/charts/rke2Proxy/values.yaml | 86 + .../9.4.204/charts/rke2Scheduler/.helmignore | 23 + .../9.4.204/charts/rke2Scheduler/Chart.yaml | 13 + .../9.4.204/charts/rke2Scheduler/README.md | 54 + .../rke2Scheduler/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.204/charts/rke2Scheduler/values.yaml | 86 + .../charts/rkeControllerManager/.helmignore | 23 + .../charts/rkeControllerManager/Chart.yaml | 13 + .../charts/rkeControllerManager/README.md | 54 + .../templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../charts/rkeControllerManager/values.yaml | 86 + .../9.4.204/charts/rkeEtcd/.helmignore | 23 + .../9.4.204/charts/rkeEtcd/Chart.yaml | 13 + .../9.4.204/charts/rkeEtcd/README.md | 54 + .../charts/rkeEtcd/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../rkeEtcd/templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../rkeEtcd/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.204/charts/rkeEtcd/values.yaml | 86 + .../9.4.204/charts/rkeProxy/.helmignore | 23 + .../9.4.204/charts/rkeProxy/Chart.yaml | 13 + .../9.4.204/charts/rkeProxy/README.md | 54 + .../charts/rkeProxy/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../rkeProxy/templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../rkeProxy/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.204/charts/rkeProxy/values.yaml | 86 + .../9.4.204/charts/rkeScheduler/.helmignore | 23 + .../9.4.204/charts/rkeScheduler/Chart.yaml | 13 + .../9.4.204/charts/rkeScheduler/README.md | 54 + .../rkeScheduler/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.204/charts/rkeScheduler/values.yaml | 86 + .../charts/windowsExporter/.helmignore | 23 + .../9.4.204/charts/windowsExporter/Chart.yaml | 15 + .../9.4.204/charts/windowsExporter/README.md | 17 + .../windowsExporter/scripts/copy-binary.ps1 | 40 + .../windowsExporter/scripts/proxy-entry.ps1 | 11 + .../windowsExporter/templates/_helpers.tpl | 64 + .../windowsExporter/templates/configmap.yaml | 11 + .../windowsExporter/templates/daemonset.yaml | 69 + .../windowsExporter/templates/rbac.yaml | 78 + .../windowsExporter/templates/service.yaml | 15 + .../templates/servicemonitor.yaml | 38 + .../templates/windows-relabel-rule.yaml | 58 + .../charts/windowsExporter/values.yaml | 44 + .../9.4.204/files/ingress-nginx/nginx.json | 1463 ++++ .../request-handling-performance.json | 981 +++ .../files/rancher/rancher-default-home.json | 1275 +++ .../9.4.204/requirements.lock | 54 + .../9.4.204/requirements.yaml | 145 + .../9.4.204/templates/NOTES.txt | 4 + .../9.4.204/templates/_helpers.tpl | 200 + .../templates/alertmanager/alertmanager.yaml | 118 + .../templates/alertmanager/cleanupSecret.yaml | 88 + .../templates/alertmanager/ingress.yaml | 53 + .../alertmanager/ingressperreplica.yaml | 53 + .../alertmanager/podDisruptionBudget.yaml | 21 + .../templates/alertmanager/psp-role.yaml | 21 + .../alertmanager/psp-rolebinding.yaml | 18 + .../9.4.204/templates/alertmanager/psp.yaml | 52 + .../templates/alertmanager/secret.yaml | 166 + .../templates/alertmanager/service.yaml | 47 + .../alertmanager/serviceaccount.yaml | 16 + .../alertmanager/servicemonitor.yaml | 33 + .../alertmanager/serviceperreplica.yaml | 46 + .../templates/exporters/core-dns/service.yaml | 24 + .../exporters/core-dns/servicemonitor.yaml | 33 + .../kube-api-server/servicemonitor.yaml | 36 + .../kube-controller-manager/endpoints.yaml | 20 + .../kube-controller-manager/service.yaml | 27 + .../servicemonitor.yaml | 44 + .../templates/exporters/kube-dns/service.yaml | 28 + .../exporters/kube-dns/servicemonitor.yaml | 46 + .../exporters/kube-etcd/endpoints.yaml | 20 + .../exporters/kube-etcd/service.yaml | 27 + .../exporters/kube-etcd/servicemonitor.yaml | 50 + .../exporters/kube-proxy/endpoints.yaml | 20 + .../exporters/kube-proxy/service.yaml | 27 + .../exporters/kube-proxy/servicemonitor.yaml | 38 + .../exporters/kube-scheduler/endpoints.yaml | 20 + .../exporters/kube-scheduler/service.yaml | 27 + .../kube-scheduler/servicemonitor.yaml | 44 + .../kube-state-metrics/serviceMonitor.yaml | 30 + .../exporters/kubelet/servicemonitor.yaml | 151 + .../node-exporter/servicemonitor.yaml | 32 + .../grafana/configmap-dashboards.yaml | 24 + .../grafana/configmaps-datasources.yaml | 38 + .../grafana/dashboards-1.14/apiserver.yaml | 1734 ++++ .../dashboards-1.14/cluster-total.yaml | 1841 +++++ .../dashboards-1.14/controller-manager.yaml | 1144 +++ .../grafana/dashboards-1.14/etcd.yaml | 1118 +++ .../grafana/dashboards-1.14/k8s-coredns.yaml | 1340 ++++ .../k8s-resources-cluster.yaml | 2582 ++++++ .../k8s-resources-namespace.yaml | 2286 ++++++ .../dashboards-1.14/k8s-resources-node.yaml | 978 +++ .../dashboards-1.14/k8s-resources-pod.yaml | 1772 ++++ .../k8s-resources-workload.yaml | 2034 +++++ .../k8s-resources-workloads-namespace.yaml | 2195 +++++ .../grafana/dashboards-1.14/kubelet.yaml | 2515 ++++++ .../dashboards-1.14/namespace-by-pod.yaml | 1429 ++++ .../namespace-by-workload.yaml | 1697 ++++ .../node-cluster-rsrc-use.yaml | 964 +++ .../dashboards-1.14/node-rsrc-use.yaml | 991 +++ .../grafana/dashboards-1.14/nodes.yaml | 994 +++ .../persistentvolumesusage.yaml | 575 ++ .../grafana/dashboards-1.14/pod-total.yaml | 1196 +++ .../prometheus-remote-write.yaml | 1655 ++++ .../grafana/dashboards-1.14/prometheus.yaml | 1227 +++ .../grafana/dashboards-1.14/proxy.yaml | 1222 +++ .../grafana/dashboards-1.14/scheduler.yaml | 1068 +++ .../grafana/dashboards-1.14/statefulset.yaml | 927 +++ .../dashboards-1.14/workload-total.yaml | 1402 ++++ .../templates/grafana/dashboards/etcd.yaml | 1118 +++ .../dashboards/k8s-cluster-rsrc-use.yaml | 959 +++ .../grafana/dashboards/k8s-node-rsrc-use.yaml | 986 +++ .../dashboards/k8s-resources-cluster.yaml | 1479 ++++ .../dashboards/k8s-resources-namespace.yaml | 963 +++ .../grafana/dashboards/k8s-resources-pod.yaml | 1006 +++ .../dashboards/k8s-resources-workload.yaml | 936 +++ .../k8s-resources-workloads-namespace.yaml | 972 +++ .../templates/grafana/dashboards/nodes.yaml | 1383 ++++ .../dashboards/persistentvolumesusage.yaml | 573 ++ .../templates/grafana/dashboards/pods.yaml | 680 ++ .../grafana/dashboards/statefulset.yaml | 926 +++ .../9.4.204/templates/grafana/namespaces.yaml | 13 + .../templates/grafana/servicemonitor.yaml | 32 + .../job-patch/clusterrole.yaml | 33 + .../job-patch/clusterrolebinding.yaml | 20 + .../job-patch/job-createSecret.yaml | 65 + .../job-patch/job-patchWebhook.yaml | 66 + .../admission-webhooks/job-patch/psp.yaml | 54 + .../admission-webhooks/job-patch/role.yaml | 21 + .../job-patch/rolebinding.yaml | 21 + .../job-patch/serviceaccount.yaml | 15 + .../mutatingWebhookConfiguration.yaml | 31 + .../validatingWebhookConfiguration.yaml | 31 + .../prometheus-operator/clusterrole.yaml | 79 + .../clusterrolebinding.yaml | 17 + .../prometheus-operator/deployment.yaml | 145 + .../prometheus-operator/psp-clusterrole.yaml | 20 + .../psp-clusterrolebinding.yaml | 17 + .../templates/prometheus-operator/psp.yaml | 51 + .../prometheus-operator/service.yaml | 53 + .../prometheus-operator/serviceaccount.yaml | 12 + .../prometheus-operator/servicemonitor.yaml | 32 + .../additionalAlertRelabelConfigs.yaml | 16 + .../additionalAlertmanagerConfigs.yaml | 16 + .../prometheus/additionalPrometheusRules.yaml | 40 + .../prometheus/additionalScrapeConfigs.yaml | 16 + .../templates/prometheus/clusterrole.yaml | 36 + .../prometheus/clusterrolebinding.yaml | 18 + .../9.4.204/templates/prometheus/ingress.yaml | 53 + .../prometheus/ingressThanosSidecar.yaml | 48 + .../prometheus/ingressperreplica.yaml | 53 + .../templates/prometheus/nginx-config.yaml | 66 + .../prometheus/podDisruptionBudget.yaml | 21 + .../templates/prometheus/podmonitors.yaml | 37 + .../templates/prometheus/prometheus.yaml | 262 + .../templates/prometheus/psp-clusterrole.yaml | 20 + .../prometheus/psp-clusterrolebinding.yaml | 18 + .../9.4.204/templates/prometheus/psp.yaml | 55 + .../rules-1.14/alertmanager.rules.yaml | 61 + .../templates/prometheus/rules-1.14/etcd.yaml | 157 + .../prometheus/rules-1.14/general.rules.yaml | 50 + .../prometheus/rules-1.14/k8s.rules.yaml | 121 + .../kube-apiserver-availability.rules.yaml | 158 + .../rules-1.14/kube-apiserver-slos.yaml | 79 + .../rules-1.14/kube-apiserver.rules.yaml | 363 + .../kube-prometheus-general.rules.yaml | 31 + .../kube-prometheus-node-recording.rules.yaml | 39 + .../rules-1.14/kube-scheduler.rules.yaml | 65 + .../rules-1.14/kube-state-metrics.yaml | 51 + .../prometheus/rules-1.14/kubelet.rules.yaml | 39 + .../rules-1.14/kubernetes-apps.yaml | 210 + .../rules-1.14/kubernetes-resources.yaml | 103 + .../rules-1.14/kubernetes-storage.yaml | 63 + .../kubernetes-system-apiserver.yaml | 66 + .../kubernetes-system-controller-manager.yaml | 39 + .../rules-1.14/kubernetes-system-kubelet.yaml | 91 + .../kubernetes-system-scheduler.yaml | 39 + .../rules-1.14/kubernetes-system.yaml | 47 + .../rules-1.14/node-exporter.rules.yaml | 79 + .../prometheus/rules-1.14/node-exporter.yaml | 210 + .../prometheus/rules-1.14/node-network.yaml | 34 + .../prometheus/rules-1.14/node.rules.yaml | 53 + .../rules-1.14/prometheus-operator.yaml | 57 + .../prometheus/rules-1.14/prometheus.yaml | 202 + .../prometheus/rules/alertmanager.rules.yaml | 54 + .../templates/prometheus/rules/etcd.yaml | 157 + .../prometheus/rules/general.rules.yaml | 50 + .../templates/prometheus/rules/k8s.rules.yaml | 83 + .../rules/kube-apiserver.rules.yaml | 39 + .../kube-prometheus-node-alerting.rules.yaml | 41 + .../kube-prometheus-node-recording.rules.yaml | 41 + .../rules/kube-scheduler.rules.yaml | 65 + .../prometheus/rules/kubernetes-absent.yaml | 129 + .../prometheus/rules/kubernetes-apps.yaml | 161 + .../rules/kubernetes-resources.yaml | 103 + .../prometheus/rules/kubernetes-storage.yaml | 63 + .../prometheus/rules/kubernetes-system.yaml | 145 + .../prometheus/rules/node-network.yaml | 48 + .../templates/prometheus/rules/node-time.yaml | 34 + .../prometheus/rules/node.rules.yaml | 202 + .../prometheus/rules/prometheus-operator.yaml | 43 + .../prometheus/rules/prometheus.rules.yaml | 109 + .../9.4.204/templates/prometheus/service.yaml | 52 + .../templates/prometheus/serviceaccount.yaml | 16 + .../templates/prometheus/servicemonitor.yaml | 42 + .../templates/prometheus/servicemonitors.yaml | 34 + .../prometheus/serviceperreplica.yaml | 46 + .../rancher-monitoring/clusterrole.yaml | 123 + .../rancher-monitoring/config-role.yaml | 48 + .../rancher-monitoring/dashboard-role.yaml | 47 + .../rancher-monitoring/default-dashboard.yaml | 17 + .../exporters/ingress-nginx/service.yaml | 24 + .../ingress-nginx/servicemonitor.yaml | 33 + .../rancher-monitoring/hardened.yaml | 124 + .../ingress-nginx-dashboard.yaml | 18 + .../templates/validate-install-crd.yaml | 19 + .../rancher-monitoring/9.4.204/values.yaml | 2635 ++++++ .../1.16.201/.helmignore | 21 + .../rancher-node-exporter/1.16.201/Chart.yaml | 23 + .../rancher-node-exporter/1.16.201/OWNERS | 6 + .../rancher-node-exporter/1.16.201/README.md | 63 + .../1.16.201/ci/port-values.yaml | 3 + .../1.16.201/templates/NOTES.txt | 15 + .../1.16.201/templates/_helpers.tpl | 95 + .../1.16.201/templates/daemonset.yaml | 183 + .../1.16.201/templates/endpoints.yaml | 18 + .../1.16.201/templates/monitor.yaml | 32 + .../1.16.201/templates/psp-clusterrole.yaml | 15 + .../templates/psp-clusterrolebinding.yaml | 17 + .../1.16.201/templates/psp.yaml | 52 + .../1.16.201/templates/service.yaml | 23 + .../1.16.201/templates/serviceaccount.yaml | 18 + .../1.16.201/values.yaml | 177 + .../rancher-operator-crd/0.1.000/Chart.yaml | 10 + .../0.1.000/templates/crds.yaml | 2626 ++++++ .../rancher-operator-crd/0.1.100/Chart.yaml | 10 + .../0.1.100/templates/crds.yaml | 2626 ++++++ .../rancher-operator-crd/0.1.200/Chart.yaml | 11 + .../0.1.200/templates/crds.yaml | 2626 ++++++ .../rancher-operator-crd/0.1.300/Chart.yaml | 11 + .../0.1.300/templates/crds.yaml | 3302 ++++++++ .../rancher-operator-crd/0.1.400/Chart.yaml | 11 + .../0.1.400/templates/crds.yaml | 3304 ++++++++ .../rancher-operator/0.1.000/Chart.yaml | 14 + .../0.1.000/templates/_helpers.tpl | 7 + .../0.1.000/templates/deployment.yaml | 23 + .../0.1.000/templates/rbac.yaml | 35 + .../0.1.000/templates/serviceaccount.yaml | 4 + .../rancher-operator/0.1.000/values.yaml | 8 + .../rancher-operator/0.1.100/Chart.yaml | 14 + .../0.1.100/templates/_helpers.tpl | 7 + .../0.1.100/templates/deployment.yaml | 23 + .../0.1.100/templates/rbac.yaml | 44 + .../0.1.100/templates/serviceaccount.yaml | 4 + .../rancher-operator/0.1.100/values.yaml | 8 + .../rancher-operator/0.1.200/Chart.yaml | 14 + .../0.1.200/templates/_helpers.tpl | 7 + .../0.1.200/templates/deployment.yaml | 23 + .../0.1.200/templates/rbac.yaml | 44 + .../0.1.200/templates/serviceaccount.yaml | 4 + .../rancher-operator/0.1.200/values.yaml | 8 + .../rancher-operator/0.1.300/Chart.yaml | 14 + .../0.1.300/templates/_helpers.tpl | 7 + .../0.1.300/templates/deployment.yaml | 23 + .../0.1.300/templates/rbac.yaml | 44 + .../0.1.300/templates/serviceaccount.yaml | 4 + .../rancher-operator/0.1.300/values.yaml | 8 + .../rancher-operator/0.1.400/Chart.yaml | 14 + .../0.1.400/templates/_helpers.tpl | 7 + .../0.1.400/templates/deployment.yaml | 23 + .../0.1.400/templates/rbac.yaml | 44 + .../0.1.400/templates/serviceaccount.yaml | 4 + .../rancher-operator/0.1.400/values.yaml | 8 + .../rancher-prom2teams/0.2.000/.helmignore | 22 + .../rancher-prom2teams/0.2.000/Chart.yaml | 10 + .../rancher-prom2teams/0.2.000/files/teams.j2 | 44 + .../0.2.000/templates/NOTES.txt | 2 + .../0.2.000/templates/_helpers.tpl | 73 + .../0.2.000/templates/configmap.yaml | 39 + .../0.2.000/templates/deployment.yaml | 77 + .../0.2.000/templates/psp.yaml | 28 + .../0.2.000/templates/role.yaml | 15 + .../0.2.000/templates/rolebinding.yaml | 13 + .../0.2.000/templates/service-account.yaml | 6 + .../0.2.000/templates/service.yaml | 17 + .../rancher-prom2teams/0.2.000/values.yaml | 62 + .../2.12.101/.helmignore | 21 + .../2.12.101/Chart.yaml | 26 + .../2.12.101/README.md | 147 + .../2.12.101/ci/default-values.yaml | 0 .../2.12.101/ci/external-rules-values.yaml | 9 + .../2.12.101/templates/NOTES.txt | 9 + .../2.12.101/templates/_helpers.tpl | 72 + .../2.12.101/templates/certmanager.yaml | 48 + .../cluster-role-binding-auth-delegator.yaml | 19 + .../cluster-role-binding-resource-reader.yaml | 19 + .../cluster-role-resource-reader.yaml | 23 + .../2.12.101/templates/configmap.yaml | 96 + .../templates/custom-metrics-apiservice.yaml | 32 + ...stom-metrics-cluster-role-binding-hpa.yaml | 23 + .../custom-metrics-cluster-role.yaml | 16 + .../2.12.101/templates/deployment.yaml | 135 + .../external-metrics-apiservice.yaml | 32 + ...rnal-metrics-cluster-role-binding-hpa.yaml | 19 + .../external-metrics-cluster-role.yaml | 20 + .../2.12.101/templates/pdb.yaml | 22 + .../2.12.101/templates/psp.yaml | 68 + .../resource-metrics-apiservice.yaml | 32 + ...resource-metrics-cluster-role-binding.yaml | 19 + .../resource-metrics-cluster-role.yaml | 22 + .../templates/role-binding-auth-reader.yaml | 20 + .../2.12.101/templates/secret.yaml | 15 + .../2.12.101/templates/service.yaml | 22 + .../2.12.101/templates/serviceaccount.yaml | 12 + .../2.12.101/values.yaml | 180 + .../rancher-pushprox/0.1.0/.helmignore | 23 + .../rancher-pushprox/0.1.0/Chart.yaml | 13 + .../rancher-pushprox/0.1.0/README.md | 54 + .../0.1.0/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../0.1.0/templates/pushprox-clients.yaml | 134 + .../0.1.0/templates/pushprox-proxy.yaml | 49 + .../templates/pushprox-servicemonitor.yaml | 39 + .../rancher-pushprox/0.1.0/values.yaml | 86 + .../rancher-pushprox/0.1.1/.helmignore | 23 + .../rancher-pushprox/0.1.1/Chart.yaml | 13 + .../rancher-pushprox/0.1.1/README.md | 54 + .../0.1.1/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../0.1.1/templates/pushprox-clients.yaml | 133 + .../0.1.1/templates/pushprox-proxy.yaml | 49 + .../templates/pushprox-servicemonitor.yaml | 39 + .../rancher-pushprox/0.1.1/values.yaml | 86 + .../rancher-pushprox/0.1.2/.helmignore | 23 + .../rancher-pushprox/0.1.2/Chart.yaml | 12 + .../rancher-pushprox/0.1.2/README.md | 54 + .../0.1.2/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../0.1.2/templates/pushprox-clients.yaml | 133 + .../0.1.2/templates/pushprox-proxy-rbac.yaml | 63 + .../0.1.2/templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../rancher-pushprox/0.1.2/values.yaml | 86 + .../rancher-pushprox/0.1.201/.helmignore | 23 + .../rancher-pushprox/0.1.201/Chart.yaml | 12 + .../rancher-pushprox/0.1.201/README.md | 54 + .../0.1.201/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../0.1.201/templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../0.1.201/templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../rancher-pushprox/0.1.201/values.yaml | 86 + .../rancher-pushprox/0.1.300/.helmignore | 23 + .../rancher-pushprox/0.1.300/Chart.yaml | 13 + .../rancher-pushprox/0.1.300/README.md | 54 + .../0.1.300/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../0.1.300/templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../0.1.300/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../rancher-pushprox/0.1.300/values.yaml | 86 + .../rancher-sachet/1.0.100/.helmignore | 23 + .../rancher-sachet/1.0.100/Chart.yaml | 11 + .../1.0.100/files/template.tmpl | 1 + .../1.0.100/templates/NOTES.txt | 3 + .../1.0.100/templates/_helpers.tpl | 79 + .../templates/configmap-pre-install.yaml | 21 + .../1.0.100/templates/deployment.yaml | 75 + .../rancher-sachet/1.0.100/templates/psp.yaml | 28 + .../1.0.100/templates/role.yaml | 15 + .../1.0.100/templates/rolebinding.yaml | 13 + .../1.0.100/templates/service-account.yaml | 6 + .../1.0.100/templates/service.yaml | 17 + .../rancher-sachet/1.0.100/values.yaml | 63 + .../rancher-tracing/1.20.001/.helmignore | 23 + .../rancher-tracing/1.20.001/Chart.yaml | 12 + .../rancher-tracing/1.20.001/README.md | 5 + .../1.20.001/templates/_affinity.tpl | 92 + .../1.20.001/templates/_helpers.tpl | 32 + .../1.20.001/templates/deployment.yaml | 80 + .../1.20.001/templates/pvc.yaml | 16 + .../1.20.001/templates/service.yaml | 63 + .../rancher-tracing/1.20.001/values.yaml | 42 + .../rancher-tracing/1.20.002/.helmignore | 23 + .../rancher-tracing/1.20.002/Chart.yaml | 12 + .../rancher-tracing/1.20.002/README.md | 5 + .../1.20.002/templates/_affinity.tpl | 92 + .../1.20.002/templates/_helpers.tpl | 32 + .../1.20.002/templates/deployment.yaml | 80 + .../1.20.002/templates/pvc.yaml | 16 + .../1.20.002/templates/service.yaml | 63 + .../rancher-tracing/1.20.002/values.yaml | 42 + .../rancher-tracing/1.20.100/.helmignore | 23 + .../rancher-tracing/1.20.100/Chart.yaml | 12 + .../rancher-tracing/1.20.100/README.md | 5 + .../1.20.100/templates/_affinity.tpl | 92 + .../1.20.100/templates/_helpers.tpl | 32 + .../1.20.100/templates/deployment.yaml | 86 + .../1.20.100/templates/psp.yaml | 86 + .../1.20.100/templates/pvc.yaml | 16 + .../1.20.100/templates/service.yaml | 63 + .../rancher-tracing/1.20.100/values.yaml | 44 + .../rancher-vsphere-cpi/1.0.000/Chart.yaml | 19 + .../rancher-vsphere-cpi/1.0.000/README.md | 57 + .../rancher-vsphere-cpi/1.0.000/app-readme.md | 9 + .../1.0.000/questions.yaml | 42 + .../1.0.000/templates/_helpers.tpl | 7 + .../templates/vsphere-cloud-config-cm.yaml | 15 + .../1.0.000/templates/vsphere-cpi-ds.yaml | 74 + .../1.0.000/templates/vsphere-cpi-rbac.yaml | 127 + .../templates/vsphere-creds-secret.yaml | 10 + .../rancher-vsphere-cpi/1.0.000/values.yaml | 20 + .../rancher-vsphere-csi/2.1.000/Chart.yaml | 19 + .../rancher-vsphere-csi/2.1.000/README.md | 73 + .../rancher-vsphere-csi/2.1.000/app-readme.md | 14 + .../2.1.000/questions.yaml | 91 + .../2.1.000/templates/_helpers.tpl | 7 + .../vsphere-csi-controller-deployment.yaml | 176 + .../vsphere-csi-controller-rbac.yaml | 55 + .../templates/vsphere-csi-node-ds.yaml | 139 + .../2.1.000/templates/vsphere-csi-secret.yaml | 9 + .../templates/vsphere-csi-storageclass.yaml | 16 + .../rancher-vsphere-csi/2.1.000/values.yaml | 70 + .../rancher-webhook/0.1.0-beta500/Chart.yaml | 11 + .../0.1.0-beta500/templates/_helpers.tpl | 7 + .../0.1.0-beta500/templates/deployment.yaml | 26 + .../0.1.0-beta500/templates/rbac.yaml | 12 + .../0.1.0-beta500/templates/service.yaml | 13 + .../templates/serviceaccount.yaml | 4 + .../0.1.0-beta500/templates/webhook.yaml | 18 + .../rancher-webhook/0.1.0-beta500/values.yaml | 8 + .../rancher-webhook/0.1.0-beta700/Chart.yaml | 11 + .../0.1.0-beta700/templates/_helpers.tpl | 7 + .../0.1.0-beta700/templates/deployment.yaml | 26 + .../0.1.0-beta700/templates/rbac.yaml | 12 + .../0.1.0-beta700/templates/service.yaml | 13 + .../templates/serviceaccount.yaml | 4 + .../0.1.0-beta700/templates/webhook.yaml | 19 + .../rancher-webhook/0.1.0-beta700/values.yaml | 8 + .../rancher-webhook/0.1.0-beta900/Chart.yaml | 11 + .../0.1.0-beta900/templates/_helpers.tpl | 7 + .../0.1.0-beta900/templates/deployment.yaml | 26 + .../0.1.0-beta900/templates/rbac.yaml | 12 + .../0.1.0-beta900/templates/service.yaml | 13 + .../templates/serviceaccount.yaml | 4 + .../0.1.0-beta900/templates/webhook.yaml | 19 + .../rancher-webhook/0.1.0-beta900/values.yaml | 8 + .../rancher-webhook/0.1.0-beta901/Chart.yaml | 11 + .../0.1.0-beta901/templates/_helpers.tpl | 7 + .../0.1.0-beta901/templates/deployment.yaml | 26 + .../0.1.0-beta901/templates/rbac.yaml | 12 + .../0.1.0-beta901/templates/service.yaml | 13 + .../templates/serviceaccount.yaml | 4 + .../0.1.0-beta901/templates/webhook.yaml | 19 + .../rancher-webhook/0.1.0-beta901/values.yaml | 8 + .../rancher-webhook/0.1.000/Chart.yaml | 11 + .../0.1.000/templates/_helpers.tpl | 7 + .../0.1.000/templates/deployment.yaml | 26 + .../0.1.000/templates/rbac.yaml | 12 + .../0.1.000/templates/service.yaml | 13 + .../0.1.000/templates/serviceaccount.yaml | 4 + .../0.1.000/templates/webhook.yaml | 19 + .../rancher-webhook/0.1.000/values.yaml | 8 + .../0.1.000/.helmignore | 23 + .../0.1.000/Chart.yaml | 15 + .../0.1.000/README.md | 17 + .../0.1.000/scripts/check-wins-version.ps1 | 20 + .../0.1.000/scripts/copy-binary.ps1 | 40 + .../0.1.000/scripts/proxy-entry.ps1 | 11 + .../0.1.000/scripts/run.ps1 | 44 + .../0.1.000/templates/_helpers.tpl | 64 + .../0.1.000/templates/configmap.yaml | 8 + .../0.1.000/templates/daemonset.yaml | 74 + .../0.1.000/templates/rbac.yaml | 78 + .../0.1.000/templates/service.yaml | 15 + .../0.1.000/templates/servicemonitor.yaml | 44 + .../templates/windows-relabel-rule.yaml | 58 + .../0.1.000/values.yaml | 44 + .../rancher-wins-upgrader/0.0.100/.helmignore | 23 + .../rancher-wins-upgrader/0.0.100/Chart.yaml | 15 + .../rancher-wins-upgrader/0.0.100/README.md | 41 + .../0.0.100/app-readme.md | 19 + .../0.0.100/scripts/noop.ps1 | 4 + .../0.0.100/scripts/upgrade.ps1 | 67 + .../0.0.100/templates/_helpers.tpl | 50 + .../0.0.100/templates/configmap.yaml | 16 + .../0.0.100/templates/daemonset.yaml | 70 + .../0.0.100/templates/rbac.yaml | 70 + .../rancher-wins-upgrader/0.0.100/values.yaml | 62 + released/charts/rio/rio/0.8.000/.helmignore | 22 + released/charts/rio/rio/0.8.000/Chart.yaml | 16 + released/charts/rio/rio/0.8.000/README.md | 46 + .../rio/rio/0.8.000/templates/NOTES.txt | 17 + .../rio/rio/0.8.000/templates/_helpers.tpl | 8 + .../rio/0.8.000/templates/clusterrole.yaml | 394 + .../0.8.000/templates/clusterrolebinding.yaml | 12 + .../rio/rio/0.8.000/templates/configmap.yaml | 7 + .../rio/rio/0.8.000/templates/deployment.yaml | 49 + .../rio/0.8.000/templates/envoyfilter.yaml | 26 + .../rio/rio/0.8.000/templates/secret.yaml | 5 + .../rio/rio/0.8.000/templates/service.yaml | 13 + .../rio/0.8.000/templates/serviceaccount.yaml | 5 + released/charts/rio/rio/0.8.000/values.yaml | 23 + released/charts/rio/rio/0.8.001/.helmignore | 22 + released/charts/rio/rio/0.8.001/Chart.yaml | 15 + released/charts/rio/rio/0.8.001/README.md | 46 + .../rio/rio/0.8.001/templates/NOTES.txt | 17 + .../rio/rio/0.8.001/templates/_helpers.tpl | 8 + .../rio/0.8.001/templates/clusterrole.yaml | 394 + .../0.8.001/templates/clusterrolebinding.yaml | 12 + .../rio/rio/0.8.001/templates/configmap.yaml | 7 + .../rio/rio/0.8.001/templates/deployment.yaml | 49 + .../rio/0.8.001/templates/envoyfilter.yaml | 26 + .../rio/rio/0.8.001/templates/secret.yaml | 5 + .../rio/rio/0.8.001/templates/service.yaml | 13 + .../rio/0.8.001/templates/serviceaccount.yaml | 5 + released/charts/rio/rio/0.8.001/values.yaml | 23 + released/index.yaml | 3538 ++++++++ 4661 files changed, 787204 insertions(+), 6394 deletions(-) mode change 100755 => 100644 index.yaml create mode 100755 released/assets/README.md create mode 100644 released/assets/fleet-agent/fleet-agent-0.3.000.tgz create mode 100644 released/assets/fleet-agent/fleet-agent-0.3.100.tgz create mode 100644 released/assets/fleet-agent/fleet-agent-0.3.200.tgz create mode 100644 released/assets/fleet-agent/fleet-agent-0.3.300.tgz create mode 100755 released/assets/fleet-agent/fleet-agent-0.3.400.tgz create mode 100755 released/assets/fleet-agent/fleet-agent-0.3.500.tgz create mode 100644 released/assets/fleet-crd/fleet-crd-0.3.000.tgz create mode 100644 released/assets/fleet-crd/fleet-crd-0.3.100.tgz create mode 100644 released/assets/fleet-crd/fleet-crd-0.3.200.tgz create mode 100644 released/assets/fleet-crd/fleet-crd-0.3.300.tgz create mode 100755 released/assets/fleet-crd/fleet-crd-0.3.400.tgz create mode 100755 released/assets/fleet-crd/fleet-crd-0.3.500.tgz create mode 100644 released/assets/fleet/fleet-0.3.000.tgz create mode 100644 released/assets/fleet/fleet-0.3.100.tgz create mode 100644 released/assets/fleet/fleet-0.3.200.tgz create mode 100644 released/assets/fleet/fleet-0.3.300.tgz create mode 100755 released/assets/fleet/fleet-0.3.400.tgz create mode 100755 released/assets/fleet/fleet-0.3.500.tgz create mode 100644 released/assets/logos/backup-restore.svg create mode 100644 released/assets/logos/cis-kube-bench.svg create mode 100644 released/assets/logos/fleet.svg create mode 100644 released/assets/logos/gatekeeper.svg create mode 100644 released/assets/logos/istio.svg create mode 100644 released/assets/logos/logging.svg create mode 100644 released/assets/logos/rio.svg create mode 100644 released/assets/logos/vsphere-cpi.svg create mode 100644 released/assets/logos/vsphere-csi.svg create mode 100644 released/assets/longhorn/longhorn-1.0.200.tgz create mode 100644 released/assets/longhorn/longhorn-1.0.201.tgz create mode 100644 released/assets/longhorn/longhorn-1.1.000.tgz create mode 100755 released/assets/longhorn/longhorn-1.1.001.tgz create mode 100644 released/assets/longhorn/longhorn-crd-1.0.200.tgz create mode 100644 released/assets/longhorn/longhorn-crd-1.0.201.tgz create mode 100644 released/assets/longhorn/longhorn-crd-1.1.000.tgz create mode 100755 released/assets/longhorn/longhorn-crd-1.1.001.tgz create mode 100755 released/assets/rancher-alerting-drivers/rancher-alerting-drivers-1.0.100.tgz create mode 100755 released/assets/rancher-backup-crd/rancher-backup-crd-1.0.400.tgz create mode 100644 released/assets/rancher-backup/rancher-backup-1.0.200.tgz create mode 100644 released/assets/rancher-backup/rancher-backup-1.0.201.tgz create mode 100644 released/assets/rancher-backup/rancher-backup-1.0.300.tgz create mode 100755 released/assets/rancher-backup/rancher-backup-1.0.301.tgz create mode 100755 released/assets/rancher-backup/rancher-backup-1.0.400.tgz create mode 100644 released/assets/rancher-backup/rancher-backup-crd-1.0.200.tgz create mode 100644 released/assets/rancher-backup/rancher-backup-crd-1.0.201.tgz create mode 100644 released/assets/rancher-backup/rancher-backup-crd-1.0.300.tgz create mode 100755 released/assets/rancher-backup/rancher-backup-crd-1.0.301.tgz create mode 100644 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.100.tgz create mode 100644 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.200.tgz create mode 100644 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.300.tgz create mode 100755 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.301.tgz create mode 100755 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.400.tgz create mode 100755 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.402.tgz create mode 100644 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.100.tgz create mode 100644 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.200.tgz create mode 100644 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.300.tgz create mode 100755 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.301.tgz create mode 100755 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.400.tgz create mode 100755 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.402.tgz create mode 100644 released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.400.tgz create mode 100644 released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.600.tgz create mode 100755 released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.601.tgz create mode 100644 released/assets/rancher-gatekeeper/rancher-gatekeeper-3.1.100.tgz create mode 100644 released/assets/rancher-gatekeeper/rancher-gatekeeper-3.1.101.tgz create mode 100644 released/assets/rancher-gatekeeper/rancher-gatekeeper-3.2.101.tgz create mode 100755 released/assets/rancher-gatekeeper/rancher-gatekeeper-3.3.000.tgz create mode 100755 released/assets/rancher-gatekeeper/rancher-gatekeeper-3.3.001.tgz create mode 100644 released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.1.100.tgz create mode 100644 released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.1.101.tgz create mode 100644 released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.2.101.tgz create mode 100755 released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.3.000.tgz create mode 100755 released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.3.001.tgz create mode 100755 released/assets/rancher-grafana/rancher-grafana-6.6.401.tgz create mode 100755 released/assets/rancher-istio-1.8/rancher-istio-1.8.301.tgz create mode 100755 released/assets/rancher-istio-1.8/rancher-istio-1.8.400.tgz create mode 100755 released/assets/rancher-istio-1.8/rancher-istio-1.8.500.tgz create mode 100755 released/assets/rancher-istio-1.9/rancher-istio-1.9.200.tgz create mode 100755 released/assets/rancher-istio-1.9/rancher-istio-1.9.300.tgz create mode 100644 released/assets/rancher-istio/rancher-istio-1.7.100.tgz create mode 100644 released/assets/rancher-istio/rancher-istio-1.7.300.tgz create mode 100644 released/assets/rancher-istio/rancher-istio-1.7.301.tgz create mode 100755 released/assets/rancher-istio/rancher-istio-1.8.300.tgz create mode 100644 released/assets/rancher-kiali-server/rancher-kiali-server-1.23.001.tgz create mode 100644 released/assets/rancher-kiali-server/rancher-kiali-server-1.24.001.tgz create mode 100644 released/assets/rancher-kiali-server/rancher-kiali-server-1.24.003.tgz create mode 100755 released/assets/rancher-kiali-server/rancher-kiali-server-1.29.000.tgz create mode 100755 released/assets/rancher-kiali-server/rancher-kiali-server-1.29.100.tgz create mode 100755 released/assets/rancher-kiali-server/rancher-kiali-server-1.32.100.tgz create mode 100644 released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.23.001.tgz create mode 100644 released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.24.001.tgz create mode 100644 released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.24.003.tgz create mode 100755 released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.29.000.tgz create mode 100755 released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.29.100.tgz create mode 100755 released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.32.100.tgz create mode 100755 released/assets/rancher-kube-state-metrics/rancher-kube-state-metrics-2.13.101.tgz create mode 100644 released/assets/rancher-logging/rancher-logging-3.6.000.tgz create mode 100644 released/assets/rancher-logging/rancher-logging-3.6.001.tgz create mode 100644 released/assets/rancher-logging/rancher-logging-3.8.201.tgz create mode 100755 released/assets/rancher-logging/rancher-logging-3.9.000.tgz create mode 100755 released/assets/rancher-logging/rancher-logging-3.9.001.tgz create mode 100755 released/assets/rancher-logging/rancher-logging-3.9.002.tgz create mode 100755 released/assets/rancher-logging/rancher-logging-3.9.400.tgz create mode 100644 released/assets/rancher-logging/rancher-logging-crd-3.6.000.tgz create mode 100644 released/assets/rancher-logging/rancher-logging-crd-3.6.001.tgz create mode 100644 released/assets/rancher-logging/rancher-logging-crd-3.8.201.tgz create mode 100755 released/assets/rancher-logging/rancher-logging-crd-3.9.000.tgz create mode 100755 released/assets/rancher-logging/rancher-logging-crd-3.9.001.tgz create mode 100755 released/assets/rancher-logging/rancher-logging-crd-3.9.002.tgz create mode 100755 released/assets/rancher-logging/rancher-logging-crd-3.9.400.tgz create mode 100755 released/assets/rancher-monitoring/rancher-monitoring-14.5.100.tgz create mode 100644 released/assets/rancher-monitoring/rancher-monitoring-9.4.200.tgz create mode 100644 released/assets/rancher-monitoring/rancher-monitoring-9.4.201.tgz create mode 100644 released/assets/rancher-monitoring/rancher-monitoring-9.4.202.tgz create mode 100755 released/assets/rancher-monitoring/rancher-monitoring-9.4.203.tgz create mode 100755 released/assets/rancher-monitoring/rancher-monitoring-9.4.204.tgz create mode 100755 released/assets/rancher-monitoring/rancher-monitoring-crd-14.5.100.tgz create mode 100644 released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.200.tgz create mode 100644 released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.201.tgz create mode 100644 released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.202.tgz create mode 100755 released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203.tgz create mode 100755 released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.204.tgz create mode 100755 released/assets/rancher-node-exporter/rancher-node-exporter-1.16.201.tgz create mode 100644 released/assets/rancher-operator-crd/rancher-operator-crd-0.1.000.tgz create mode 100644 released/assets/rancher-operator-crd/rancher-operator-crd-0.1.100.tgz create mode 100644 released/assets/rancher-operator-crd/rancher-operator-crd-0.1.200.tgz create mode 100755 released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300.tgz create mode 100755 released/assets/rancher-operator-crd/rancher-operator-crd-0.1.400.tgz create mode 100644 released/assets/rancher-operator/rancher-operator-0.1.000.tgz create mode 100644 released/assets/rancher-operator/rancher-operator-0.1.100.tgz create mode 100644 released/assets/rancher-operator/rancher-operator-0.1.200.tgz create mode 100755 released/assets/rancher-operator/rancher-operator-0.1.300.tgz create mode 100755 released/assets/rancher-operator/rancher-operator-0.1.400.tgz create mode 100755 released/assets/rancher-prom2teams/rancher-prom2teams-0.2.000.tgz create mode 100755 released/assets/rancher-prometheus-adapter/rancher-prometheus-adapter-2.12.101.tgz create mode 100644 released/assets/rancher-pushprox/rancher-pushprox-0.1.0.tgz create mode 100644 released/assets/rancher-pushprox/rancher-pushprox-0.1.1.tgz create mode 100644 released/assets/rancher-pushprox/rancher-pushprox-0.1.2.tgz create mode 100755 released/assets/rancher-pushprox/rancher-pushprox-0.1.201.tgz create mode 100755 released/assets/rancher-pushprox/rancher-pushprox-0.1.300.tgz create mode 100755 released/assets/rancher-sachet/rancher-sachet-1.0.100.tgz create mode 100644 released/assets/rancher-tracing/rancher-tracing-1.20.001.tgz create mode 100755 released/assets/rancher-tracing/rancher-tracing-1.20.002.tgz create mode 100755 released/assets/rancher-tracing/rancher-tracing-1.20.100.tgz create mode 100755 released/assets/rancher-vsphere-cpi/rancher-vsphere-cpi-1.0.000.tgz create mode 100755 released/assets/rancher-vsphere-csi/rancher-vsphere-csi-2.1.000.tgz create mode 100644 released/assets/rancher-webhook/rancher-webhook-0.1.0-beta500.tgz create mode 100644 released/assets/rancher-webhook/rancher-webhook-0.1.0-beta700.tgz create mode 100644 released/assets/rancher-webhook/rancher-webhook-0.1.0-beta900.tgz create mode 100755 released/assets/rancher-webhook/rancher-webhook-0.1.0-beta901.tgz create mode 100755 released/assets/rancher-webhook/rancher-webhook-0.1.000.tgz create mode 100755 released/assets/rancher-windows-exporter/rancher-windows-exporter-0.1.000.tgz create mode 100755 released/assets/rancher-wins-upgrader/rancher-wins-upgrader-0.0.100.tgz create mode 100644 released/assets/rio/rio-0.8.000.tgz create mode 100755 released/assets/rio/rio-0.8.001.tgz create mode 100755 released/charts/README.md create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.000/Chart.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.000/templates/_helpers.tpl create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.000/templates/configmap.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.000/templates/deployment.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.000/templates/network_policy_allow_all.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.000/templates/patch_default_serviceaccount.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.000/templates/rbac.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.000/templates/secret.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.000/templates/serviceaccount.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.000/templates/validate.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.000/values.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.100/Chart.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.100/templates/_helpers.tpl create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.100/templates/configmap.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.100/templates/deployment.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.100/templates/network_policy_allow_all.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.100/templates/patch_default_serviceaccount.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.100/templates/rbac.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.100/templates/secret.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.100/templates/serviceaccount.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.100/templates/validate.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.100/values.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.200/Chart.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.200/templates/_helpers.tpl create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.200/templates/configmap.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.200/templates/deployment.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.200/templates/network_policy_allow_all.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.200/templates/patch_default_serviceaccount.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.200/templates/rbac.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.200/templates/secret.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.200/templates/serviceaccount.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.200/templates/validate.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.200/values.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.300/Chart.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.300/templates/_helpers.tpl create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.300/templates/configmap.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.300/templates/deployment.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.300/templates/network_policy_allow_all.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.300/templates/patch_default_serviceaccount.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.300/templates/rbac.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.300/templates/secret.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.300/templates/serviceaccount.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.300/templates/validate.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.300/values.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.400/Chart.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.400/templates/_helpers.tpl create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.400/templates/configmap.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.400/templates/deployment.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.400/templates/network_policy_allow_all.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.400/templates/patch_default_serviceaccount.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.400/templates/rbac.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.400/templates/secret.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.400/templates/serviceaccount.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.400/templates/validate.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.400/values.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.500/Chart.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.500/templates/_helpers.tpl create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.500/templates/configmap.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.500/templates/deployment.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.500/templates/network_policy_allow_all.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.500/templates/patch_default_serviceaccount.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.500/templates/rbac.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.500/templates/secret.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.500/templates/serviceaccount.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.500/templates/validate.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.500/values.yaml create mode 100644 released/charts/fleet-crd/fleet-crd/0.3.000/Chart.yaml create mode 100644 released/charts/fleet-crd/fleet-crd/0.3.000/templates/crds.yaml create mode 100644 released/charts/fleet-crd/fleet-crd/0.3.000/templates/gitjobs-crds.yaml create mode 100644 released/charts/fleet-crd/fleet-crd/0.3.100/Chart.yaml create mode 100644 released/charts/fleet-crd/fleet-crd/0.3.100/templates/crds.yaml create mode 100644 released/charts/fleet-crd/fleet-crd/0.3.100/templates/gitjobs-crds.yaml create mode 100644 released/charts/fleet-crd/fleet-crd/0.3.200/Chart.yaml create mode 100644 released/charts/fleet-crd/fleet-crd/0.3.200/templates/crds.yaml create mode 100644 released/charts/fleet-crd/fleet-crd/0.3.200/templates/gitjobs-crds.yaml create mode 100644 released/charts/fleet-crd/fleet-crd/0.3.300/Chart.yaml create mode 100644 released/charts/fleet-crd/fleet-crd/0.3.300/templates/crds.yaml create mode 100644 released/charts/fleet-crd/fleet-crd/0.3.300/templates/gitjobs-crds.yaml create mode 100755 released/charts/fleet-crd/fleet-crd/0.3.400/Chart.yaml create mode 100755 released/charts/fleet-crd/fleet-crd/0.3.400/templates/crds.yaml create mode 100755 released/charts/fleet-crd/fleet-crd/0.3.400/templates/gitjobs-crds.yaml create mode 100755 released/charts/fleet-crd/fleet-crd/0.3.500/Chart.yaml create mode 100755 released/charts/fleet-crd/fleet-crd/0.3.500/templates/crds.yaml create mode 100755 released/charts/fleet-crd/fleet-crd/0.3.500/templates/gitjobs-crds.yaml create mode 100644 released/charts/fleet/fleet/0.3.000/Chart.yaml create mode 100644 released/charts/fleet/fleet/0.3.000/charts/gitjob/.helmignore create mode 100644 released/charts/fleet/fleet/0.3.000/charts/gitjob/Chart.yaml create mode 100644 released/charts/fleet/fleet/0.3.000/charts/gitjob/templates/_helpers.tpl create mode 100644 released/charts/fleet/fleet/0.3.000/charts/gitjob/templates/clusterrole.yaml create mode 100644 released/charts/fleet/fleet/0.3.000/charts/gitjob/templates/clusterrolebinding.yaml create mode 100644 released/charts/fleet/fleet/0.3.000/charts/gitjob/templates/deployment.yaml create mode 100644 released/charts/fleet/fleet/0.3.000/charts/gitjob/templates/service.yaml create mode 100644 released/charts/fleet/fleet/0.3.000/charts/gitjob/templates/serviceaccount.yaml create mode 100644 released/charts/fleet/fleet/0.3.000/charts/gitjob/values.yaml create mode 100644 released/charts/fleet/fleet/0.3.000/templates/_helpers.tpl create mode 100644 released/charts/fleet/fleet/0.3.000/templates/configmap.yaml create mode 100644 released/charts/fleet/fleet/0.3.000/templates/deployment.yaml create mode 100644 released/charts/fleet/fleet/0.3.000/templates/rbac.yaml create mode 100644 released/charts/fleet/fleet/0.3.000/templates/serviceaccount.yaml create mode 100644 released/charts/fleet/fleet/0.3.000/values.yaml create mode 100644 released/charts/fleet/fleet/0.3.100/Chart.yaml create mode 100644 released/charts/fleet/fleet/0.3.100/charts/gitjob/.helmignore create mode 100644 released/charts/fleet/fleet/0.3.100/charts/gitjob/Chart.yaml create mode 100644 released/charts/fleet/fleet/0.3.100/charts/gitjob/templates/_helpers.tpl create mode 100644 released/charts/fleet/fleet/0.3.100/charts/gitjob/templates/clusterrole.yaml create mode 100644 released/charts/fleet/fleet/0.3.100/charts/gitjob/templates/clusterrolebinding.yaml create mode 100644 released/charts/fleet/fleet/0.3.100/charts/gitjob/templates/deployment.yaml create mode 100644 released/charts/fleet/fleet/0.3.100/charts/gitjob/templates/service.yaml create mode 100644 released/charts/fleet/fleet/0.3.100/charts/gitjob/templates/serviceaccount.yaml create mode 100644 released/charts/fleet/fleet/0.3.100/charts/gitjob/values.yaml create mode 100644 released/charts/fleet/fleet/0.3.100/templates/_helpers.tpl create mode 100644 released/charts/fleet/fleet/0.3.100/templates/configmap.yaml create mode 100644 released/charts/fleet/fleet/0.3.100/templates/deployment.yaml create mode 100644 released/charts/fleet/fleet/0.3.100/templates/rbac.yaml create mode 100644 released/charts/fleet/fleet/0.3.100/templates/serviceaccount.yaml create mode 100644 released/charts/fleet/fleet/0.3.100/values.yaml create mode 100644 released/charts/fleet/fleet/0.3.200/Chart.yaml create mode 100644 released/charts/fleet/fleet/0.3.200/charts/gitjob/.helmignore create mode 100644 released/charts/fleet/fleet/0.3.200/charts/gitjob/Chart.yaml create mode 100644 released/charts/fleet/fleet/0.3.200/charts/gitjob/templates/_helpers.tpl create mode 100644 released/charts/fleet/fleet/0.3.200/charts/gitjob/templates/clusterrole.yaml create mode 100644 released/charts/fleet/fleet/0.3.200/charts/gitjob/templates/clusterrolebinding.yaml create mode 100644 released/charts/fleet/fleet/0.3.200/charts/gitjob/templates/deployment.yaml create mode 100644 released/charts/fleet/fleet/0.3.200/charts/gitjob/templates/service.yaml create mode 100644 released/charts/fleet/fleet/0.3.200/charts/gitjob/templates/serviceaccount.yaml create mode 100644 released/charts/fleet/fleet/0.3.200/charts/gitjob/values.yaml create mode 100644 released/charts/fleet/fleet/0.3.200/templates/_helpers.tpl create mode 100644 released/charts/fleet/fleet/0.3.200/templates/configmap.yaml create mode 100644 released/charts/fleet/fleet/0.3.200/templates/deployment.yaml create mode 100644 released/charts/fleet/fleet/0.3.200/templates/rbac.yaml create mode 100644 released/charts/fleet/fleet/0.3.200/templates/serviceaccount.yaml create mode 100644 released/charts/fleet/fleet/0.3.200/values.yaml create mode 100644 released/charts/fleet/fleet/0.3.300/Chart.yaml create mode 100644 released/charts/fleet/fleet/0.3.300/charts/gitjob/.helmignore create mode 100644 released/charts/fleet/fleet/0.3.300/charts/gitjob/Chart.yaml create mode 100644 released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/_helpers.tpl create mode 100644 released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/clusterrole.yaml create mode 100644 released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/clusterrolebinding.yaml create mode 100644 released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/deployment.yaml create mode 100644 released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/service.yaml create mode 100644 released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/serviceaccount.yaml create mode 100644 released/charts/fleet/fleet/0.3.300/charts/gitjob/values.yaml create mode 100644 released/charts/fleet/fleet/0.3.300/templates/_helpers.tpl create mode 100644 released/charts/fleet/fleet/0.3.300/templates/configmap.yaml create mode 100644 released/charts/fleet/fleet/0.3.300/templates/deployment.yaml create mode 100644 released/charts/fleet/fleet/0.3.300/templates/rbac.yaml create mode 100644 released/charts/fleet/fleet/0.3.300/templates/serviceaccount.yaml create mode 100644 released/charts/fleet/fleet/0.3.300/values.yaml create mode 100755 released/charts/fleet/fleet/0.3.400/Chart.yaml create mode 100755 released/charts/fleet/fleet/0.3.400/charts/gitjob/.helmignore create mode 100755 released/charts/fleet/fleet/0.3.400/charts/gitjob/Chart.yaml create mode 100755 released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/_helpers.tpl create mode 100755 released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/clusterrole.yaml create mode 100755 released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/clusterrolebinding.yaml create mode 100755 released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/deployment.yaml create mode 100755 released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/service.yaml create mode 100755 released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/serviceaccount.yaml create mode 100755 released/charts/fleet/fleet/0.3.400/charts/gitjob/values.yaml create mode 100755 released/charts/fleet/fleet/0.3.400/templates/_helpers.tpl create mode 100755 released/charts/fleet/fleet/0.3.400/templates/configmap.yaml create mode 100755 released/charts/fleet/fleet/0.3.400/templates/deployment.yaml create mode 100755 released/charts/fleet/fleet/0.3.400/templates/rbac.yaml create mode 100755 released/charts/fleet/fleet/0.3.400/templates/serviceaccount.yaml create mode 100755 released/charts/fleet/fleet/0.3.400/values.yaml create mode 100755 released/charts/fleet/fleet/0.3.500/Chart.yaml create mode 100755 released/charts/fleet/fleet/0.3.500/charts/gitjob/.helmignore create mode 100755 released/charts/fleet/fleet/0.3.500/charts/gitjob/Chart.yaml create mode 100755 released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/_helpers.tpl create mode 100755 released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/clusterrole.yaml create mode 100755 released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/clusterrolebinding.yaml create mode 100755 released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/deployment.yaml create mode 100755 released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/service.yaml create mode 100755 released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/serviceaccount.yaml create mode 100755 released/charts/fleet/fleet/0.3.500/charts/gitjob/values.yaml create mode 100755 released/charts/fleet/fleet/0.3.500/templates/_helpers.tpl create mode 100755 released/charts/fleet/fleet/0.3.500/templates/configmap.yaml create mode 100755 released/charts/fleet/fleet/0.3.500/templates/deployment.yaml create mode 100755 released/charts/fleet/fleet/0.3.500/templates/rbac.yaml create mode 100755 released/charts/fleet/fleet/0.3.500/templates/serviceaccount.yaml create mode 100755 released/charts/fleet/fleet/0.3.500/values.yaml create mode 100644 released/charts/longhorn/longhorn-crd/1.0.200/Chart.yaml create mode 100644 released/charts/longhorn/longhorn-crd/1.0.200/README.md create mode 100644 released/charts/longhorn/longhorn-crd/1.0.200/templates/crds.yaml create mode 100644 released/charts/longhorn/longhorn-crd/1.0.201/Chart.yaml create mode 100644 released/charts/longhorn/longhorn-crd/1.0.201/README.md create mode 100644 released/charts/longhorn/longhorn-crd/1.0.201/templates/crds.yaml create mode 100644 released/charts/longhorn/longhorn-crd/1.1.000/Chart.yaml create mode 100644 released/charts/longhorn/longhorn-crd/1.1.000/README.md create mode 100644 released/charts/longhorn/longhorn-crd/1.1.000/templates/crds.yaml create mode 100755 released/charts/longhorn/longhorn-crd/1.1.001/Chart.yaml create mode 100755 released/charts/longhorn/longhorn-crd/1.1.001/README.md create mode 100755 released/charts/longhorn/longhorn-crd/1.1.001/templates/crds.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/.helmignore create mode 100644 released/charts/longhorn/longhorn/1.0.200/Chart.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/README.md create mode 100644 released/charts/longhorn/longhorn/1.0.200/app-readme.md create mode 100644 released/charts/longhorn/longhorn/1.0.200/questions.yml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/NOTES.txt create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/_helpers.tpl create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/clusterrole.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/clusterrolebinding.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/daemonset-sa.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/default-setting.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/deployment-driver.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/deployment-ui.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/ingress.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/postupgrade-job.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/psp.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/registry-secret.yml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/serviceaccount.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/storageclass.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/tls-secrets.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/uninstall-job.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/userroles.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/validate-install-crd.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/values.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/.helmignore create mode 100644 released/charts/longhorn/longhorn/1.0.201/Chart.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/README.md create mode 100644 released/charts/longhorn/longhorn/1.0.201/app-readme.md create mode 100644 released/charts/longhorn/longhorn/1.0.201/questions.yml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/NOTES.txt create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/_helpers.tpl create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/clusterrole.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/clusterrolebinding.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/daemonset-sa.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/default-setting.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/deployment-driver.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/deployment-ui.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/ingress.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/postupgrade-job.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/psp.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/registry-secret.yml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/serviceaccount.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/storageclass.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/tls-secrets.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/uninstall-job.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/userroles.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/validate-install-crd.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/values.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/.helmignore create mode 100644 released/charts/longhorn/longhorn/1.1.000/Chart.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/README.md create mode 100644 released/charts/longhorn/longhorn/1.1.000/app-readme.md create mode 100644 released/charts/longhorn/longhorn/1.1.000/questions.yml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/NOTES.txt create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/_helpers.tpl create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/clusterrole.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/clusterrolebinding.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/daemonset-sa.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/default-setting.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/deployment-driver.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/deployment-ui.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/ingress.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/postupgrade-job.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/psp.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/registry-secret.yml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/serviceaccount.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/storageclass.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/tls-secrets.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/uninstall-job.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/userroles.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/validate-install-crd.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/values.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/.helmignore create mode 100755 released/charts/longhorn/longhorn/1.1.001/Chart.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/README.md create mode 100755 released/charts/longhorn/longhorn/1.1.001/app-readme.md create mode 100755 released/charts/longhorn/longhorn/1.1.001/questions.yml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/NOTES.txt create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/_helpers.tpl create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/clusterrole.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/clusterrolebinding.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/daemonset-sa.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/default-setting.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/deployment-driver.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/deployment-ui.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/ingress.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/postupgrade-job.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/psp.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/registry-secret.yml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/serviceaccount.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/storageclass.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/tls-secrets.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/uninstall-job.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/userroles.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/validate-install-crd.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/values.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/Chart.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/app-readme.md create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/.helmignore create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/Chart.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/files/teams.j2 create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/NOTES.txt create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/_helpers.tpl create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/configmap.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/deployment.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/psp.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/role.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/rolebinding.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/service-account.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/service.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/values.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/.helmignore create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/Chart.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/files/template.tmpl create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/NOTES.txt create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/_helpers.tpl create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/configmap-pre-install.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/deployment.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/psp.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/role.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/rolebinding.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/service-account.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/service.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/values.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/questions.yml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/templates/NOTES.txt create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/templates/_helpers.tpl create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/templates/cluster-role.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/values.yaml create mode 100755 released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/Chart.yaml create mode 100755 released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/README.md create mode 100755 released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/templates/backup.yaml create mode 100755 released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/templates/resourceset.yaml create mode 100755 released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/templates/restore.yaml create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.200/Chart.yaml create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.200/README.md create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.200/templates/backup.yaml create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.200/templates/resourceset.yaml create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.200/templates/restore.yaml create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.201/Chart.yaml create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.201/README.md create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.201/templates/backup.yaml create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.201/templates/resourceset.yaml create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.201/templates/restore.yaml create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.300/Chart.yaml create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.300/README.md create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.300/templates/backup.yaml create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.300/templates/resourceset.yaml create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.300/templates/restore.yaml create mode 100755 released/charts/rancher-backup/rancher-backup-crd/1.0.301/Chart.yaml create mode 100755 released/charts/rancher-backup/rancher-backup-crd/1.0.301/README.md create mode 100755 released/charts/rancher-backup/rancher-backup-crd/1.0.301/templates/backup.yaml create mode 100755 released/charts/rancher-backup/rancher-backup-crd/1.0.301/templates/resourceset.yaml create mode 100755 released/charts/rancher-backup/rancher-backup-crd/1.0.301/templates/restore.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.200/Chart.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.200/README.md create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.200/templates/_helpers.tpl create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.200/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.200/templates/deployment.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.200/templates/pvc.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.200/templates/rancher-resourceset.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.200/templates/s3-secret.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.200/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.200/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.200/values.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.201/Chart.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.201/README.md create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.201/app-readme.md create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.201/templates/_helpers.tpl create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.201/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.201/templates/deployment.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.201/templates/pvc.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.201/templates/rancher-resourceset.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.201/templates/s3-secret.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.201/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.201/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.201/values.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.300/Chart.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.300/README.md create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.300/app-readme.md create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.300/templates/_helpers.tpl create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.300/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.300/templates/deployment.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.300/templates/pvc.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.300/templates/rancher-resourceset.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.300/templates/s3-secret.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.300/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.300/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.300/values.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.301/Chart.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.301/README.md create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.301/app-readme.md create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.301/templates/_helpers.tpl create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.301/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.301/templates/deployment.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.301/templates/pvc.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.301/templates/rancher-resourceset.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.301/templates/s3-secret.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.301/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.301/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.301/values.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/Chart.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/README.md create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/app-readme.md create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/eks.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/fleet.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/gke.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/rancher-operator.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/rancher.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/templates/_helpers.tpl create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/templates/deployment.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/templates/pvc.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/templates/rancher-resourceset.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/templates/s3-secret.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/values.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/Chart.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/README.md create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscan.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscanbenchmark.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscanprofile.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscanreport.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/Chart.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/README.md create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscan.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscanbenchmark.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscanprofile.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscanreport.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/Chart.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/README.md create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscan.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscanbenchmark.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscanprofile.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscanreport.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/Chart.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/README.md create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscan.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscanbenchmark.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscanprofile.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscanreport.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/Chart.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/README.md create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscan.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscanbenchmark.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscanprofile.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscanreport.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/Chart.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/README.md create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscan.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscanbenchmark.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscanprofile.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscanreport.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/Chart.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/README.md create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/_helpers.tpl create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-cis-1.5.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-eks-1.0.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-gke-1.0.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-rke-cis-1.5-hardened.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-rke-cis-1.5-permissive.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/cis-roles.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/configmap.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/deployment.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/network_policy_allow_all.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/patch_default_serviceaccount.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/rbac.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofile-cis-1.5.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofile-rke-hardened.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofile-rke-permissive.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofileeks.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofilegke.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/values.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/Chart.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/README.md create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/app-readme.md create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/_helpers.tpl create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-cis-1.5.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-eks-1.0.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-gke-1.0.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-rke-cis-1.5-hardened.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-rke-cis-1.5-permissive.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/cis-roles.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/configmap.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/deployment.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/network_policy_allow_all.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/patch_default_serviceaccount.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/rbac.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofile-cis-1.5.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofile-rke-hardened.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofile-rke-permissive.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofileeks.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofilegke.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/values.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/Chart.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/README.md create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/app-readme.md create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/_helpers.tpl create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/alertingrule.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-cis-1.5.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-cis-1.6.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-eks-1.0.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-gke-1.0.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.5-hardened.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.5-permissive.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.6-hardened.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.6-permissive.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke2-cis-1.5-hardened.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke2-cis-1.5-permissive.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/cis-roles.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/configmap.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/deployment.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/network_policy_allow_all.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/patch_default_serviceaccount.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/rbac.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-cis-1.5.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-cis-1.6.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.5-hardened.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.5-permissive.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.6-hardened.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.6-permissive.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke2-cis-1.5-hardened.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke2-cis-1.5-permissive.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofileeks.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofilegke.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/values.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/Chart.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/README.md create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/app-readme.md create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/_helpers.tpl create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/alertingrule.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-cis-1.5.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-cis-1.6.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-eks-1.0.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-gke-1.0.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.5-hardened.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.5-permissive.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.6-hardened.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.6-permissive.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke2-cis-1.5-hardened.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke2-cis-1.5-permissive.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/cis-roles.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/configmap.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/deployment.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/network_policy_allow_all.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/patch_default_serviceaccount.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/rbac.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-cis-1.5.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-cis-1.6.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.5-hardened.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.5-permissive.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.6-hardened.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.6-permissive.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke2-cis-1.5-hardened.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke2-cis-1.5-permissive.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofileeks.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofilegke.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/values.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/Chart.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/README.md create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/app-readme.md create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/_helpers.tpl create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/alertingrule.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-cis-1.5.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-cis-1.6.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-eks-1.0.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-gke-1.0.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.5-hardened.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.5-permissive.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.6-hardened.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.6-permissive.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.5-hardened.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.5-permissive.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.6-hardened.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.6-permissive.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/cis-roles.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/configmap.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/deployment.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/network_policy_allow_all.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/patch_default_serviceaccount.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/rbac.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-cis-1.5.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-cis-1.6.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.5-hardened.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.5-permissive.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.6-hardened.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.6-permissive.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.5-hardened.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.5-permissive.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.6-hardened.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.6-permissive.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofileeks.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofilegke.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/values.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/Chart.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/README.md create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/app-readme.md create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/_helpers.tpl create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/alertingrule.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-cis-1.5.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-cis-1.6.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-eks-1.0.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-gke-1.0.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.5-hardened.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.5-permissive.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.6-hardened.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.6-permissive.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.5-hardened.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.5-permissive.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.6-hardened.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.6-permissive.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/cis-roles.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/configmap.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/deployment.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/network_policy_allow_all.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/patch_default_serviceaccount.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/rbac.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-cis-1.5.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-cis-1.6.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.5-hardened.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.5-permissive.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.6-hardened.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.6-permissive.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.5-hardened.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.5-permissive.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.6-hardened.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.6-permissive.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofileeks.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofilegke.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/values.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/.helmignore create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/Chart.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/README.md create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/app-README.md create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/questions.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/NOTES.txt create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/_helpers.tpl create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/admissionregistration.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/clusterrole.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/deployment.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/issuer.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/service.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/servicemonitor.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/admissionregistration_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/clusterrole_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/clusterrolebinding_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/deployment_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/issuer_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/service_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/serviceaccount_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/servicemonitor_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/values.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/.helmignore create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/Chart.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/README.md create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/app-README.md create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/questions.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/NOTES.txt create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/_helpers.tpl create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/admissionregistration.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/clusterrole.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/deployment.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/issuer.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/service.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/servicemonitor.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/admissionregistration_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/clusterrole_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/clusterrolebinding_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/deployment_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/issuer_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/service_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/serviceaccount_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/servicemonitor_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/values.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/.helmignore create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/Chart.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/README.md create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/app-README.md create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/questions.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/NOTES.txt create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/_helpers.tpl create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/admissionregistration.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/clusterrole.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/deployment.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/issuer.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/service.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/servicemonitor.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/admissionregistration_test.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/clusterrole_test.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/clusterrolebinding_test.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/deployment_test.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/issuer_test.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/service_test.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/serviceaccount_test.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/servicemonitor_test.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/values.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/Chart.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/README.md create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/config-customresourcedefinition.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/constraintpodstatus-customresourcedefinition.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/constrainttemplate-customresourcedefinition.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/constrainttemplatepodstatus-customresourcedefinition.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/Chart.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/README.md create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/config-customresourcedefinition.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/constraintpodstatus-customresourcedefinition.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/constrainttemplate-customresourcedefinition.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/constrainttemplatepodstatus-customresourcedefinition.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/Chart.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/README.md create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/config-customresourcedefinition.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/constraintpodstatus-customresourcedefinition.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/constrainttemplate-customresourcedefinition.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/_helpers.tpl create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/jobs.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/manifest.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/rbac.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/values.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/Chart.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/README.md create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/config-customresourcedefinition.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/constraintpodstatus-customresourcedefinition.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/constrainttemplate-customresourcedefinition.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/_helpers.tpl create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/jobs.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/manifest.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/rbac.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/values.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/Chart.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/README.md create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/config-customresourcedefinition.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/constraintpodstatus-customresourcedefinition.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/constrainttemplate-customresourcedefinition.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/_helpers.tpl create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/jobs.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/manifest.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/rbac.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/values.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/.helmignore create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/CHANGELOG.md create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/Chart.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/README.md create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/_helpers.tpl create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/allowedrepos.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-admin-serviceaccount.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-audit-deployment.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-controller-manager-deployment.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-role-clusterrole.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-role-role.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-rolebinding-rolebinding.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-webhook-server-cert-secret.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-webhook-service-service.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/requiredlabels.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/values.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/.helmignore create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/CHANGELOG.md create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/Chart.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/README.md create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/app-readme.md create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/_helpers.tpl create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/allowedrepos.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-admin-serviceaccount.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-audit-deployment.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-controller-manager-deployment.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-role-clusterrole.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-role-role.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-rolebinding-rolebinding.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-webhook-server-cert-secret.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-webhook-service-service.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/requiredlabels.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/values.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/.helmignore create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/CHANGELOG.md create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/Chart.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/README.md create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/app-readme.md create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/_helpers.tpl create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/allowedrepos.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-admin-podsecuritypolicy.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-admin-serviceaccount.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-audit-deployment.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-controller-manager-deployment.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-role-clusterrole.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-role-role.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-rolebinding-rolebinding.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-webhook-server-cert-secret.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-webhook-service-service.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/requiredlabels.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/values.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/.helmignore create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/CHANGELOG.md create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/Chart.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/README.md create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/app-readme.md create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/_helpers.tpl create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/allowedrepos.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-admin-podsecuritypolicy.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-admin-serviceaccount.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-audit-deployment.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-controller-manager-deployment.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-role-clusterrole.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-role-role.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-rolebinding-rolebinding.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-webhook-server-cert-secret.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-webhook-service-service.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/requiredlabels.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/values.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/.helmignore create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/CHANGELOG.md create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/Chart.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/README.md create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/app-readme.md create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/_helpers.tpl create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/allowedrepos.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-admin-podsecuritypolicy.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-admin-serviceaccount.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-audit-deployment.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-controller-manager-deployment.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-role-clusterrole.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-role-role.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-rolebinding-rolebinding.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-webhook-server-cert-secret.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-webhook-service-service.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/requiredlabels.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/values.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/.helmignore create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/Chart.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/README.md create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/dashboards/custom-dashboard.json create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/NOTES.txt create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/_helpers.tpl create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/_pod.tpl create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/clusterrole.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/configmap-dashboard-provider.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/configmap.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/dashboards-json-configmap.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/deployment.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/headless-service.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/image-renderer-deployment.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/image-renderer-network-policy.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/image-renderer-service.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/ingress.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/nginx-config.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/poddisruptionbudget.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/podsecuritypolicy.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/pvc.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/role.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/rolebinding.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/secret-env.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/secret.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/service.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/servicemonitor.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/statefulset.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-configmap.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-podsecuritypolicy.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-role.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-rolebinding.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-serviceaccount.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/values.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/Chart.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/README.md create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/app-readme.md create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/Chart.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/NOTES.txt create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/cabundle.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/configmap.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/envoy.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/go.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/kiali.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/microprofile-1.1.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/microprofile-x.y.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/nodejs.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/quarkus.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/springboot-jvm.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/springboot-tomcat.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/thorntail.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/tomcat.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-client.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-eventbus.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-jvm.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-pool.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-server.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/deployment.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/hpa.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/ingress.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/oauth.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/role-controlplane.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/role-viewer.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/role.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/rolebinding-controlplane.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/rolebinding.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/route.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/service.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/web-root-configmap.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/values.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/.helmignore create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/Chart.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/README.md create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/_affinity.tpl create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/deployment.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/pvc.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/service.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/values.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/configs/istio-base.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/requirements.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/samples/overlay-example.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/admin-role.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/base-config-map.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/clusterrole.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/edit-role.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-cni-psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-install-job.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-install-psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-uninstall-job.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/overlay-config-map.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/service-monitors.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/view-role.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/values.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/Chart.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/README.md create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/app-readme.md create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/Chart.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/NOTES.txt create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/cabundle.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/configmap.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/envoy.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/go.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/kiali.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/microprofile-1.1.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/microprofile-x.y.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/nodejs.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/quarkus.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/springboot-jvm.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/springboot-tomcat.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/thorntail.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/tomcat.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-client.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-eventbus.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-jvm.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-pool.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-server.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/deployment.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/hpa.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/ingress.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/oauth.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/role-controlplane.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/role-viewer.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/role.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/rolebinding-controlplane.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/rolebinding.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/route.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/service.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/web-root-configmap.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/values.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/.helmignore create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/Chart.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/README.md create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/_affinity.tpl create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/deployment.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/pvc.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/service.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/values.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/configs/istio-base.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/requirements.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/samples/overlay-example.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/admin-role.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/base-config-map.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/clusterrole.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/edit-role.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-cni-psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-install-job.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-install-psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-uninstall-job.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/overlay-config-map.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/service-monitors.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/view-role.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/values.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/Chart.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/README.md create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/app-readme.md create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/Chart.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/NOTES.txt create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/cabundle.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/configmap.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/envoy.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/go.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/kiali.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/microprofile-1.1.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/microprofile-x.y.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/nodejs.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/quarkus.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/springboot-jvm.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/springboot-tomcat.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/thorntail.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/tomcat.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-client.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-eventbus.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-jvm.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-pool.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-server.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/deployment.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/hpa.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/ingress.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/oauth.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/role-controlplane.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/role-viewer.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/role.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/rolebinding-controlplane.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/rolebinding.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/route.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/service.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/web-root-configmap.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/values.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/.helmignore create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/Chart.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/README.md create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/_affinity.tpl create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/deployment.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/pvc.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/service.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/values.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/configs/istio-base.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/requirements.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/samples/overlay-example.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/admin-role.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/base-config-map.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/clusterrole.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/edit-role.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-cni-psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-install-job.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-install-psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-uninstall-job.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/overlay-config-map.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/service-monitors.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/view-role.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/values.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/Chart.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/README.md create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/app-readme.md create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/Chart.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/NOTES.txt create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/cabundle.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/configmap.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/envoy.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/go.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/kiali.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/microprofile-1.1.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/microprofile-x.y.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/nodejs.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/quarkus.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/springboot-jvm.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/springboot-tomcat.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/thorntail.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/tomcat.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-client.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-eventbus.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-jvm.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-pool.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-server.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/deployment.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/hpa.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/ingress.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/oauth.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/psp.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/role-controlplane.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/role-viewer.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/role.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/rolebinding-controlplane.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/rolebinding.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/route.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/service.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/web-root-configmap.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/values.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/.helmignore create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/Chart.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/README.md create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/_affinity.tpl create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/deployment.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/psp.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/pvc.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/service.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/values.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/configs/istio-base.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/requirements.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/samples/overlay-example.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/admin-role.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/base-config-map.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/clusterrole.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/edit-role.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-cni-psp.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-install-job.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-install-psp.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-psp.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-uninstall-job.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/overlay-config-map.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/service-monitors.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/view-role.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/values.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/Chart.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/README.md create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/app-readme.md create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/Chart.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/NOTES.txt create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/cabundle.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/configmap.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/envoy.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/go.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/kiali.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/microprofile-1.1.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/microprofile-x.y.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/nodejs.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/quarkus.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/springboot-jvm.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/springboot-tomcat.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/thorntail.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/tomcat.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-client.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-eventbus.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-jvm.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-pool.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-server.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/deployment.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/hpa.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/ingress.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/oauth.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/psp.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/role-controlplane.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/role-viewer.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/role.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/rolebinding-controlplane.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/rolebinding.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/route.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/service.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/web-root-configmap.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/values.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/.helmignore create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/Chart.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/README.md create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/_affinity.tpl create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/deployment.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/psp.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/pvc.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/service.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/values.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/configs/istio-base.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/requirements.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/samples/overlay-example.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/admin-role.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/base-config-map.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/clusterrole.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/edit-role.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-cni-psp.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-install-job.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-install-psp.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-psp.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-uninstall-job.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/overlay-config-map.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/service-monitors.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/view-role.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/values.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/Chart.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/README.md create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/Chart.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/NOTES.txt create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/_helpers.tpl create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/cabundle.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/configmap.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/envoy.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/go.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/kiali.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/microprofile-1.1.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/microprofile-x.y.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/nodejs.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/quarkus.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/springboot-jvm-pool.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/springboot-jvm.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/springboot-tomcat.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/thorntail.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/tomcat.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-client.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-eventbus.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-jvm.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-pool.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-server.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/deployment.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/ingess.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/oauth.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/role-viewer.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/role.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/rolebinding.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/route.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/service.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/web-root-configmap.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/values.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/configs/istio-base.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/requirements.lock create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/requirements.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/samples/overlay-example.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/templates/_helpers.tpl create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/templates/admin-role.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/templates/base-config-map.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/templates/clusterrole.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/templates/edit-role.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/templates/istio-install-job.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/templates/istio-uninstall-job.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/templates/overlay-config-map.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/templates/service-monitors.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/templates/view-role.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/values.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/Chart.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/README.md create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/app-readme.md create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/Chart.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/NOTES.txt create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/_helpers.tpl create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/cabundle.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/configmap.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/envoy.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/go.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/kiali.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/microprofile-1.1.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/microprofile-x.y.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/nodejs.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/quarkus.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/springboot-jvm-pool.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/springboot-jvm.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/springboot-tomcat.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/thorntail.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/tomcat.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-client.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-eventbus.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-jvm.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-pool.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-server.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/deployment.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/ingess.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/oauth.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/role-viewer.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/role.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/rolebinding.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/route.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/service.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/web-root-configmap.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/values.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/configs/istio-base.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/requirements.lock create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/requirements.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/samples/overlay-example.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/templates/_helpers.tpl create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/templates/admin-role.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/templates/base-config-map.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/templates/clusterrole.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/templates/edit-role.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/templates/istio-install-job.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/templates/istio-uninstall-job.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/templates/overlay-config-map.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/templates/service-monitors.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/templates/view-role.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/values.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/Chart.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/README.md create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/app-readme.md create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/Chart.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/NOTES.txt create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/_helpers.tpl create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/cabundle.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/configmap.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/envoy.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/go.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/kiali.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/microprofile-1.1.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/microprofile-x.y.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/nodejs.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/quarkus.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/springboot-jvm-pool.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/springboot-jvm.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/springboot-tomcat.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/thorntail.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/tomcat.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-client.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-eventbus.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-jvm.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-pool.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-server.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/deployment.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/ingess.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/oauth.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/role-viewer.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/role.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/rolebinding.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/route.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/service.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/web-root-configmap.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/values.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/.helmignore create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/Chart.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/README.md create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/_affinity.tpl create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/_helpers.tpl create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/deployment.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/pvc.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/service.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/values.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/configs/istio-base.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/requirements.lock create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/requirements.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/samples/overlay-example.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/templates/_helpers.tpl create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/templates/admin-role.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/templates/base-config-map.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/templates/clusterrole.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/templates/edit-role.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/templates/istio-install-job.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/templates/istio-uninstall-job.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/templates/overlay-config-map.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/templates/service-monitors.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/templates/view-role.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/values.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/Chart.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/README.md create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/app-readme.md create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/Chart.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/NOTES.txt create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/cabundle.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/configmap.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/envoy.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/go.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/kiali.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/microprofile-1.1.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/microprofile-x.y.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/nodejs.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/quarkus.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/springboot-jvm.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/springboot-tomcat.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/thorntail.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/tomcat.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-client.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-eventbus.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-jvm.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-pool.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-server.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/deployment.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/hpa.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/ingress.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/oauth.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/role-controlplane.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/role-viewer.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/role.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/rolebinding-controlplane.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/rolebinding.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/route.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/service.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/web-root-configmap.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/values.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/.helmignore create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/Chart.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/README.md create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/_affinity.tpl create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/deployment.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/pvc.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/service.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/values.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/configs/istio-base.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/requirements.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/samples/overlay-example.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/templates/admin-role.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/templates/base-config-map.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/templates/clusterrole.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/templates/edit-role.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/templates/istio-install-job.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/templates/istio-uninstall-job.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/templates/overlay-config-map.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/templates/service-monitors.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/templates/view-role.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/values.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.23.001/Chart.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.23.001/README.md create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.23.001/templates/crds.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.001/Chart.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.001/README.md create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.001/templates/crds.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.003/Chart.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.003/README.md create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.003/templates/crds.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.000/Chart.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.000/README.md create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.000/templates/crds.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.100/Chart.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.100/README.md create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.100/templates/crds.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.32.100/Chart.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.32.100/README.md create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.32.100/templates/crds.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/Chart.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/NOTES.txt create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/_helpers.tpl create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/cabundle.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/configmap.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/envoy.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/go.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/kiali.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/microprofile-1.1.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/microprofile-x.y.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/nodejs.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/quarkus.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/springboot-jvm-pool.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/springboot-jvm.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/springboot-tomcat.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/thorntail.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/tomcat.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-client.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-eventbus.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-jvm.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-pool.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-server.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/deployment.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/ingess.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/oauth.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/role-viewer.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/role.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/rolebinding.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/route.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/service.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/web-root-configmap.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/values.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/Chart.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/NOTES.txt create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/_helpers.tpl create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/cabundle.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/configmap.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/envoy.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/go.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/kiali.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/microprofile-1.1.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/microprofile-x.y.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/nodejs.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/quarkus.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/springboot-jvm-pool.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/springboot-jvm.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/springboot-tomcat.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/thorntail.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/tomcat.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-client.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-eventbus.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-jvm.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-pool.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-server.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/deployment.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/ingess.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/oauth.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/role-viewer.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/role.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/rolebinding.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/route.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/service.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/web-root-configmap.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/values.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/Chart.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/NOTES.txt create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/_helpers.tpl create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/cabundle.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/configmap.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/envoy.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/go.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/kiali.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/microprofile-1.1.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/microprofile-x.y.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/nodejs.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/quarkus.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/springboot-jvm-pool.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/springboot-jvm.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/springboot-tomcat.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/thorntail.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/tomcat.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-client.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-eventbus.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-jvm.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-pool.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-server.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/deployment.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/ingess.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/oauth.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/role-viewer.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/role.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/rolebinding.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/route.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/service.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/web-root-configmap.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/values.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/Chart.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/NOTES.txt create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/_helpers.tpl create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/cabundle.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/configmap.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/envoy.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/go.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/kiali.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/microprofile-1.1.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/microprofile-x.y.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/nodejs.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/quarkus.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/springboot-jvm-pool.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/springboot-jvm.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/springboot-tomcat.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/thorntail.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/tomcat.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-client.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-eventbus.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-jvm.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-pool.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-server.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/deployment.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/hpa.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/ingress.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/oauth.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/role-controlplane.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/role-viewer.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/role.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/rolebinding-controlplane.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/rolebinding.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/route.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/service.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/web-root-configmap.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/values.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/Chart.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/NOTES.txt create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/_helpers.tpl create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/cabundle.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/configmap.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/envoy.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/go.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/kiali.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/microprofile-1.1.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/microprofile-x.y.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/nodejs.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/quarkus.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/springboot-jvm-pool.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/springboot-jvm.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/springboot-tomcat.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/thorntail.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/tomcat.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-client.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-eventbus.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-jvm.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-pool.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-server.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/deployment.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/hpa.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/ingress.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/oauth.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/psp.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/role-controlplane.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/role-viewer.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/role.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/rolebinding-controlplane.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/rolebinding.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/route.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/service.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/web-root-configmap.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/values.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/Chart.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/NOTES.txt create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/_helpers.tpl create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/cabundle.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/configmap.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/envoy.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/go.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/kiali.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/microprofile-1.1.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/microprofile-x.y.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/nodejs.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/quarkus.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/springboot-jvm-pool.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/springboot-jvm.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/springboot-tomcat.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/thorntail.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/tomcat.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-client.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-eventbus.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-jvm.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-pool.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-server.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/deployment.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/hpa.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/ingress.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/oauth.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/psp.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/role-controlplane.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/role-viewer.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/role.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/rolebinding-controlplane.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/rolebinding.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/route.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/service.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/web-root-configmap.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/values.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/.helmignore create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/Chart.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/LICENSE create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/OWNERS create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/README.md create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/NOTES.txt create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/_helpers.tpl create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/deployment.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/kubeconfig-secret.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/pdb.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/podsecuritypolicy.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/psp-clusterrole.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/psp-clusterrolebinding.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/role.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/rolebinding.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/service.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/servicemonitor.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/stsdiscovery-role.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/stsdiscovery-rolebinding.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/values.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.6.000/Chart.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.6.000/README.md create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_clusterflows.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_clusteroutputs.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_flows.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_loggings.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_outputs.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.6.001/Chart.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.6.001/README.md create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_clusterflows.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_clusteroutputs.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_flows.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_loggings.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_outputs.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.8.201/Chart.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.8.201/README.md create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_clusterflows.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_clusteroutputs.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_flows.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_loggings.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_outputs.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.000/Chart.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.000/README.md create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_clusterflows.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_clusteroutputs.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_flows.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_loggings.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_outputs.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.001/Chart.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.001/README.md create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_clusterflows.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_clusteroutputs.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_flows.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_loggings.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_outputs.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.002/Chart.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.002/README.md create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_clusterflows.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_clusteroutputs.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_flows.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_loggings.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_outputs.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.400/Chart.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.400/README.md create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_clusterflows.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_clusteroutputs.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_flows.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_loggings.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_outputs.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/.helmignore create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/Chart.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/README.md create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/app-readme.md create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/NOTES.txt create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/_helpers.tpl create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/clusterrole.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/crds.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/deployment.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/eks/logging.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/k3s/logging-k3s-openrc.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/k3s/logging-k3s-systemd.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke/logging-containers-rke.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke/logging-rke.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/configmap.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/daemonset.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/logging-rke2-containers.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/logging-rke2-journald.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/root/logging.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/psp.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/service.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/serviceMonitor.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/userroles.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/values.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/.helmignore create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/Chart.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/README.md create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/app-readme.md create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/NOTES.txt create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/_helpers.tpl create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/clusterrole.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/crds.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/deployment.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/eks/logging.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/k3s/logging-k3s-openrc.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/k3s/logging-k3s-systemd.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke/configmap.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke/daemonset.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke/logging-rke.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/configmap.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/daemonset.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/logging-rke2-containers.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/logging-rke2-journald.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/root/logging.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/psp.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/service.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/serviceMonitor.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/userroles.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/values.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/.helmignore create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/Chart.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/README.md create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/app-readme.md create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/NOTES.txt create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/_helpers.tpl create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/clusterrole.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/crds.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/deployment.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/aks/logging.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/eks/logging.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/gke/logging.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/k3s/logging-k3s-openrc.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/k3s/logging-k3s-systemd.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke/configmap.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke/daemonset.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke/logging-rke.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/configmap.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/daemonset.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/logging-rke2-containers.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/logging-rke2-journald.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/root/logging.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/psp.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/service.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/serviceMonitor.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/userroles.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/values.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/.helmignore create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/Chart.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/README.md create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/app-readme.md create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/NOTES.txt create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/_helpers.tpl create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/clusterrole.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/crds.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/deployment.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/aks/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/eks/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/gke/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/k3s/logging-k3s-openrc.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/k3s/logging-k3s-systemd.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke/configmap.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke/daemonset.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke/logging-rke.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/configmap.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/daemonset.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/logging-rke2-containers.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/logging-rke2-journald.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/root/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/psp.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/service.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/serviceMonitor.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/userroles.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/validate-install.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/values.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/.helmignore create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/Chart.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/README.md create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/app-readme.md create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/NOTES.txt create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/_helpers.tpl create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/clusterrole.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/crds.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/deployment.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/aks/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/eks/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/gke/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/k3s/logging-k3s-openrc.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/k3s/logging-k3s-systemd.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke/configmap.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke/daemonset.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke2/configmap.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke2/daemonset.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke2/logging-rke2-containers.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/root/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/psp.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/service.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/serviceMonitor.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/userroles.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/validate-install.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/values.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/.helmignore create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/Chart.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/README.md create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/app-readme.md create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/NOTES.txt create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/_helpers.tpl create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/clusterrole.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/crds.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/deployment.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/aks/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/eks/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/gke/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/k3s/logging-k3s-openrc.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/k3s/logging-k3s-systemd.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke/configmap.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke/daemonset.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke2/configmap.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke2/daemonset.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke2/logging-rke2-containers.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/root/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/psp.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/service.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/serviceMonitor.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/userroles.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/validate-install.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/values.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/.helmignore create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/Chart.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/README.md create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/app-readme.md create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/NOTES.txt create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/_helpers.tpl create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/clusterrole.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/crds.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/deployment.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/aks/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/eks/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/gke/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/k3s/logging-k3s-openrc.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/k3s/logging-k3s-systemd.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke/configmap.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke/daemonset.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke2/configmap.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke2/daemonset.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke2/logging-rke2-containers.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/root/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/psp.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/service.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/serviceMonitor.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/userroles.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/validate-install.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-alertmanagerconfigs.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-alertmanagers.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-podmonitors.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-probes.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-prometheuses.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-prometheusrules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-servicemonitors.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-thanosrulers.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/jobs.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/manifest.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-alertmanager.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-podmonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-prometheus.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-prometheusrules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-thanosrulers.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/jobs.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/manifest.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/rbac.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-alertmanager.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-podmonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-prometheus.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-prometheusrules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-thanosrulers.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/jobs.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/manifest.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/rbac.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-alertmanager.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-podmonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-prometheus.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-prometheusrules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-thanosrulers.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/jobs.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/manifest.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/rbac.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-alertmanager.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-podmonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-prometheus.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-prometheusrules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-thanosrulers.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/jobs.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/manifest.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-alertmanager.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-podmonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-prometheus.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-prometheusrules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-thanosrulers.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/jobs.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/manifest.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/CHANGELOG.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/CONTRIBUTING.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/app-README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/dashboards/custom-dashboard.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/_pod.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/configmap-dashboard-provider.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/configmap.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/dashboards-json-configmap.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/deployment.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/headless-service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/image-renderer-deployment.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/image-renderer-network-policy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/image-renderer-service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/ingress.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/nginx-config.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/poddisruptionbudget.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/podsecuritypolicy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/pvc.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/secret-env.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/secret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/statefulset.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-configmap.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-podsecuritypolicy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/LICENSE create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/deployment.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/kubeconfig-secret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/pdb.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/podsecuritypolicy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/psp-clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/stsdiscovery-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/certmanager.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/cluster-role-binding-auth-delegator.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/cluster-role-binding-resource-reader.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/cluster-role-resource-reader.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/configmap.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/custom-metrics-cluster-role-binding-hpa.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/deployment.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/external-metrics-cluster-role-binding-hpa.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/pdb.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/role-binding-auth-reader.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/secret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/daemonset.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/monitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/check-wins-version.ps1 create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/copy-binary.ps1 create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/proxy-entry.ps1 create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/run.ps1 create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/configmap.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/daemonset.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/ingress-nginx/nginx.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/ingress-nginx/request-handling-performance.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/cluster/rancher-cluster-nodes.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/cluster/rancher-cluster.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/etcd/etcd-metrics-detail.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/etcd/etcd-metrics-summary.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/home/rancher-default-home-with-windows.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/home/rancher-default-home.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/kubernetes-components-metrics-detail.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/kubernetes-components-metrics-summary.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-etcd-nodes.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-etcd.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-k8s-components-nodes.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-k8s-components.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/linux/linux-metrics-detail.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/linux/linux-metrics-summary.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/nodes/rancher-node-detail.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/nodes/rancher-node.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/pods/rancher-pod-containers.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/pods/rancher-pod.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/rancher-default-home.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/windows/windows-metrics-detail.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/windows/windows-metrics-summary.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/workloads/rancher-workload-pods.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/workloads/rancher-workload.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/alertmanager.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/cleanupSecret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/ingress.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/ingressperreplica.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/podDisruptionBudget.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/psp-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/psp-rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/secret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/serviceperreplica.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/core-dns/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/core-dns/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-api-server/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-controller-manager/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-controller-manager/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-controller-manager/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-dns/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-dns/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-etcd/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-etcd/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-etcd/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-proxy/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-proxy/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-proxy/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-scheduler/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-scheduler/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-scheduler/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-state-metrics/serviceMonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kubelet/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/node-exporter/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/configmap-dashboards.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/configmaps-datasources.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/apiserver.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/cluster-total.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/controller-manager.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/etcd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-coredns.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-node.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/kubelet.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/namespace-by-pod.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/namespace-by-workload.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/node-rsrc-use.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/nodes.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/pod-total.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/prometheus.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/scheduler.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/statefulset.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/workload-total.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/etcd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-cluster-rsrc-use.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-node-rsrc-use.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-cluster.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-namespace.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-pod.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-workload.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-workloads-namespace.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/nodes.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/persistentvolumesusage.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/pods.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/statefulset.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/namespaces.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/certmanager.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/deployment.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/psp-clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/psp-clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/_rules.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalAlertRelabelConfigs.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalAlertmanagerConfigs.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalPrometheusRules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalScrapeConfigs.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/ingress.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/ingressThanosSidecar.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/ingressperreplica.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/nginx-config.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/podDisruptionBudget.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/podmonitors.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/prometheus.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/psp-clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/psp-clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/alertmanager.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/etcd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/general.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/k8s.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-apiserver.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-state-metrics.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubelet.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-apps.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-resources.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-storage.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node-exporter.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node-exporter.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node-network.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/prometheus-operator.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/prometheus.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/alertmanager.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/etcd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/general.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/k8s.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-apiserver.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-prometheus-node-alerting.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-prometheus-node-recording.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-scheduler.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-absent.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-apps.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-resources.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-storage.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-system.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/node-network.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/node-time.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/node.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/prometheus-operator.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/prometheus.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/serviceThanosSidecar.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/servicemonitors.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/serviceperreplica.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/config-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboard-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/addons/ingress-nginx-dashboard.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/cluster-dashboards.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/default-dashboard.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/etcd-dashboards.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/k8s-dashboards.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/linux-dashboards.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/nodes-dashboards.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/pods-dashboards.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/windows-dashboards.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/workload-dashboards.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/default-dashboard.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/exporters/ingress-nginx/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/exporters/ingress-nginx/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/hardened.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/ingress-nginx-dashboard.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/CHANGELOG.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/CONTRIBUTING.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/app-README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/dashboards/custom-dashboard.json create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/_pod.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/configmap-dashboard-provider.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/configmap.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/dashboards-json-configmap.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/deployment.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/headless-service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/ingress.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/nginx-config.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/poddisruptionbudget.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/podsecuritypolicy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/pvc.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/secret-env.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/secret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/statefulset.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/tests/test-configmap.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/tests/test-podsecuritypolicy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/tests/test-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/tests/test-rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/tests/test-serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/tests/test.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/templates/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/templates/deployment.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/templates/pdb.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/templates/podsecuritypolicy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/templates/psp-clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/templates/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/templates/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/templates/stsdiscovery-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/custom-metrics-apiserver-auth-delegator-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/custom-metrics-apiserver-auth-reader-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/custom-metrics-apiserver-deployment.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/custom-metrics-apiserver-resource-reader-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/custom-metrics-apiserver-service-account.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/custom-metrics-apiserver-service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/custom-metrics-configmap.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/custom-metrics-resource-reader-cluster-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/hpa-custom-metrics-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/hpa-external-metrics-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/secret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-node-exporter/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-node-exporter/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-node-exporter/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-node-exporter/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-node-exporter/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-node-exporter/templates/daemonset.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-node-exporter/templates/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-node-exporter/templates/monitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-node-exporter/templates/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-node-exporter/templates/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-node-exporter/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-node-exporter/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/rancher-pushprox/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/rancher-pushprox/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/rancher-pushprox/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/rancher-pushprox/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/rancher-pushprox/templates/pushprox-clients-rbac.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/rancher-pushprox/templates/pushprox-clients.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/rancher-pushprox/templates/pushprox-proxy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/rancher-pushprox/templates/pushprox-servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/rancher-pushprox/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/requirements.lock create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/requirements.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/alertmanager/alertmanager.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/alertmanager/cleanupSecret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/alertmanager/ingress.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/alertmanager/ingressperreplica.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/alertmanager/podDisruptionBudget.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/alertmanager/psp-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/alertmanager/psp-rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/alertmanager/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/alertmanager/secret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/alertmanager/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/alertmanager/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/alertmanager/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/alertmanager/serviceperreplica.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/core-dns/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/core-dns/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-api-server/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-controller-manager/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-controller-manager/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-controller-manager/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-dns/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-dns/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-etcd/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-etcd/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-etcd/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-proxy/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-proxy/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-proxy/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-scheduler/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-scheduler/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-scheduler/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-state-metrics/serviceMonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kubelet/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/node-exporter/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/configmap-dashboards.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/configmaps-datasources.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/apiserver.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/cluster-total.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/controller-manager.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/etcd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/k8s-coredns.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/k8s-resources-node.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/kubelet.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/namespace-by-pod.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/namespace-by-workload.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/node-rsrc-use.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/nodes.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/pod-total.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/prometheus.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/proxy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/scheduler.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/statefulset.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/workload-total.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards/etcd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards/k8s-cluster-rsrc-use.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards/k8s-node-rsrc-use.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards/k8s-resources-cluster.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards/k8s-resources-namespace.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards/k8s-resources-pod.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards/k8s-resources-workload.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards/k8s-resources-workloads-namespace.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards/nodes.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards/persistentvolumesusage.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards/pods.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards/statefulset.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/namespaces.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/deployment.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/psp-clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/psp-clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/additionalAlertRelabelConfigs.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/additionalAlertmanagerConfigs.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/additionalPrometheusRules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/additionalScrapeConfigs.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/ingress.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/ingressThanosSidecar.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/ingressperreplica.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/nginx-config.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/podDisruptionBudget.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/podmonitors.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/prometheus.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/psp-clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/psp-clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/alertmanager.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/etcd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/general.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/k8s.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kube-apiserver.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kube-state-metrics.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kubelet.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kubernetes-apps.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kubernetes-resources.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kubernetes-storage.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kubernetes-system.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/node-exporter.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/node-exporter.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/node-network.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/node.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/prometheus-operator.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/prometheus.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/alertmanager.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/etcd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/general.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/k8s.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/kube-apiserver.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/kube-prometheus-node-alerting.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/kube-prometheus-node-recording.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/kube-scheduler.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/kubernetes-absent.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/kubernetes-apps.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/kubernetes-resources.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/kubernetes-storage.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/kubernetes-system.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/node-network.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/node-time.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/node.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/prometheus-operator.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/prometheus.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/servicemonitors.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/serviceperreplica.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/rancher-monitoring/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/rancher-monitoring/config-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/rancher-monitoring/dashboard-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/rancher-monitoring/default-dashboard.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/CHANGELOG.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/CONTRIBUTING.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/app-README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/dashboards/custom-dashboard.json create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/_pod.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/configmap-dashboard-provider.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/configmap.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/dashboards-json-configmap.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/deployment.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/headless-service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/ingress.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/nginx-config.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/poddisruptionbudget.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/podsecuritypolicy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/pvc.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/secret-env.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/secret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/statefulset.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/tests/test-configmap.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/tests/test-podsecuritypolicy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/tests/test-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/tests/test-rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/tests/test-serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/tests/test.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/templates/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/templates/deployment.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/templates/pdb.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/templates/podsecuritypolicy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/templates/psp-clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/templates/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/templates/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/templates/stsdiscovery-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/custom-metrics-apiserver-auth-delegator-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/custom-metrics-apiserver-auth-reader-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/custom-metrics-apiserver-deployment.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/custom-metrics-apiserver-resource-reader-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/custom-metrics-apiserver-service-account.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/custom-metrics-apiserver-service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/custom-metrics-configmap.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/custom-metrics-resource-reader-cluster-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/hpa-custom-metrics-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/hpa-external-metrics-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/secret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-node-exporter/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-node-exporter/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-node-exporter/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-node-exporter/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-node-exporter/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-node-exporter/templates/daemonset.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-node-exporter/templates/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-node-exporter/templates/monitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-node-exporter/templates/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-node-exporter/templates/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-node-exporter/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-node-exporter/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/rancher-pushprox/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/rancher-pushprox/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/rancher-pushprox/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/rancher-pushprox/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/rancher-pushprox/templates/pushprox-clients-rbac.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/rancher-pushprox/templates/pushprox-clients.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/rancher-pushprox/templates/pushprox-proxy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/rancher-pushprox/templates/pushprox-servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/rancher-pushprox/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/requirements.lock create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/requirements.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/alertmanager/alertmanager.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/alertmanager/cleanupSecret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/alertmanager/ingress.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/alertmanager/ingressperreplica.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/alertmanager/podDisruptionBudget.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/alertmanager/psp-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/alertmanager/psp-rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/alertmanager/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/alertmanager/secret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/alertmanager/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/alertmanager/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/alertmanager/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/alertmanager/serviceperreplica.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/core-dns/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/core-dns/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-api-server/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-controller-manager/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-controller-manager/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-controller-manager/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-dns/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-dns/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-etcd/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-etcd/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-etcd/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-proxy/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-proxy/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-proxy/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-scheduler/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-scheduler/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-scheduler/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-state-metrics/serviceMonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kubelet/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/node-exporter/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/configmap-dashboards.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/configmaps-datasources.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/apiserver.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/cluster-total.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/controller-manager.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/etcd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/k8s-coredns.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/k8s-resources-node.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/kubelet.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/namespace-by-pod.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/namespace-by-workload.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/node-rsrc-use.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/nodes.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/pod-total.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/prometheus.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/proxy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/scheduler.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/statefulset.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/workload-total.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards/etcd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards/k8s-cluster-rsrc-use.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards/k8s-node-rsrc-use.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards/k8s-resources-cluster.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards/k8s-resources-namespace.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards/k8s-resources-pod.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards/k8s-resources-workload.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards/k8s-resources-workloads-namespace.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards/nodes.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards/persistentvolumesusage.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards/pods.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards/statefulset.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/namespaces.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/deployment.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/psp-clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/psp-clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/additionalAlertRelabelConfigs.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/additionalAlertmanagerConfigs.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/additionalPrometheusRules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/additionalScrapeConfigs.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/ingress.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/ingressThanosSidecar.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/ingressperreplica.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/nginx-config.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/podDisruptionBudget.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/podmonitors.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/prometheus.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/psp-clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/psp-clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/alertmanager.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/etcd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/general.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/k8s.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kube-apiserver.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kube-state-metrics.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kubelet.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kubernetes-apps.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kubernetes-resources.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kubernetes-storage.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kubernetes-system.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/node-exporter.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/node-exporter.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/node-network.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/node.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/prometheus-operator.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/prometheus.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/alertmanager.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/etcd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/general.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/k8s.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/kube-apiserver.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/kube-prometheus-node-alerting.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/kube-prometheus-node-recording.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/kube-scheduler.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/kubernetes-absent.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/kubernetes-apps.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/kubernetes-resources.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/kubernetes-storage.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/kubernetes-system.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/node-network.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/node-time.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/node.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/prometheus-operator.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/prometheus.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/servicemonitors.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/serviceperreplica.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/rancher-monitoring/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/rancher-monitoring/config-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/rancher-monitoring/dashboard-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/rancher-monitoring/default-dashboard.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/rancher-monitoring/hardened.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/CHANGELOG.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/CONTRIBUTING.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/app-README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/dashboards/custom-dashboard.json create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/_pod.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/configmap-dashboard-provider.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/configmap.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/dashboards-json-configmap.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/deployment.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/headless-service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/ingress.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/nginx-config.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/poddisruptionbudget.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/podsecuritypolicy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/pvc.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/secret-env.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/secret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/statefulset.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/tests/test-configmap.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/tests/test-podsecuritypolicy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/tests/test-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/tests/test-rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/tests/test-serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/tests/test.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/templates/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/templates/deployment.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/templates/pdb.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/templates/podsecuritypolicy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/templates/psp-clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/templates/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/templates/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/templates/stsdiscovery-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/custom-metrics-apiserver-auth-delegator-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/custom-metrics-apiserver-auth-reader-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/custom-metrics-apiserver-deployment.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/custom-metrics-apiserver-pdb.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/custom-metrics-apiserver-psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/custom-metrics-apiserver-resource-reader-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/custom-metrics-apiserver-service-account.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/custom-metrics-apiserver-service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/custom-metrics-configmap.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/custom-metrics-resource-reader-cluster-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/hpa-custom-metrics-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/hpa-external-metrics-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/secret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-node-exporter/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-node-exporter/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-node-exporter/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-node-exporter/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-node-exporter/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-node-exporter/templates/daemonset.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-node-exporter/templates/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-node-exporter/templates/monitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-node-exporter/templates/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-node-exporter/templates/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-node-exporter/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-node-exporter/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/rancher-pushprox/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/rancher-pushprox/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/rancher-pushprox/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/rancher-pushprox/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/rancher-pushprox/templates/pushprox-clients-rbac.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/rancher-pushprox/templates/pushprox-clients.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/rancher-pushprox/templates/pushprox-proxy-rbac.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/rancher-pushprox/templates/pushprox-proxy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/rancher-pushprox/templates/pushprox-servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/rancher-pushprox/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/requirements.lock create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/requirements.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/alertmanager/alertmanager.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/alertmanager/cleanupSecret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/alertmanager/ingress.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/alertmanager/ingressperreplica.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/alertmanager/podDisruptionBudget.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/alertmanager/psp-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/alertmanager/psp-rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/alertmanager/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/alertmanager/secret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/alertmanager/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/alertmanager/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/alertmanager/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/alertmanager/serviceperreplica.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/core-dns/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/core-dns/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-api-server/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-controller-manager/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-controller-manager/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-controller-manager/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-dns/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-dns/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-etcd/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-etcd/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-etcd/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-proxy/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-proxy/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-proxy/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-scheduler/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-scheduler/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-scheduler/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-state-metrics/serviceMonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kubelet/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/node-exporter/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/configmap-dashboards.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/configmaps-datasources.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/apiserver.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/cluster-total.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/controller-manager.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/etcd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/k8s-coredns.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/k8s-resources-node.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/kubelet.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/namespace-by-pod.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/namespace-by-workload.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/node-rsrc-use.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/nodes.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/pod-total.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/prometheus.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/proxy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/scheduler.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/statefulset.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/workload-total.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards/etcd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards/k8s-cluster-rsrc-use.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards/k8s-node-rsrc-use.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards/k8s-resources-cluster.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards/k8s-resources-namespace.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards/k8s-resources-pod.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards/k8s-resources-workload.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards/k8s-resources-workloads-namespace.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards/nodes.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards/persistentvolumesusage.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards/pods.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards/statefulset.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/namespaces.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/deployment.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/psp-clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/psp-clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/additionalAlertRelabelConfigs.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/additionalAlertmanagerConfigs.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/additionalPrometheusRules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/additionalScrapeConfigs.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/ingress.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/ingressThanosSidecar.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/ingressperreplica.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/nginx-config.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/podDisruptionBudget.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/podmonitors.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/prometheus.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/psp-clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/psp-clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/alertmanager.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/etcd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/general.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/k8s.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kube-apiserver.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kube-state-metrics.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kubelet.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kubernetes-apps.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kubernetes-resources.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kubernetes-storage.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kubernetes-system.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/node-exporter.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/node-exporter.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/node-network.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/node.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/prometheus-operator.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/prometheus.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/alertmanager.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/etcd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/general.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/k8s.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/kube-apiserver.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/kube-prometheus-node-alerting.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/kube-prometheus-node-recording.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/kube-scheduler.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/kubernetes-absent.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/kubernetes-apps.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/kubernetes-resources.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/kubernetes-storage.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/kubernetes-system.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/node-network.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/node-time.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/node.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/prometheus-operator.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/prometheus.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/servicemonitors.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/serviceperreplica.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/rancher-monitoring/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/rancher-monitoring/config-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/rancher-monitoring/dashboard-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/rancher-monitoring/default-dashboard.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/rancher-monitoring/hardened.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/CHANGELOG.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/CONTRIBUTING.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/app-README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/dashboards/custom-dashboard.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/_pod.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/configmap-dashboard-provider.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/configmap.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/dashboards-json-configmap.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/deployment.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/headless-service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/ingress.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/nginx-config.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/poddisruptionbudget.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/podsecuritypolicy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/pvc.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/secret-env.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/secret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/statefulset.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/tests/test-configmap.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/tests/test-podsecuritypolicy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/tests/test-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/tests/test-rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/tests/test-serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/tests/test.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/k3sServer/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/k3sServer/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/k3sServer/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/k3sServer/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/k3sServer/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/k3sServer/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/k3sServer/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/k3sServer/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/k3sServer/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/k3sServer/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/templates/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/templates/deployment.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/templates/pdb.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/templates/podsecuritypolicy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/templates/psp-clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/templates/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/templates/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/templates/stsdiscovery-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmControllerManager/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmControllerManager/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmControllerManager/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmControllerManager/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmControllerManager/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmControllerManager/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmControllerManager/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmControllerManager/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmControllerManager/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmControllerManager/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmEtcd/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmEtcd/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmEtcd/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmEtcd/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmEtcd/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmEtcd/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmEtcd/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmEtcd/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmEtcd/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmEtcd/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmProxy/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmProxy/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmProxy/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmProxy/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmProxy/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmProxy/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmProxy/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmProxy/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmProxy/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmProxy/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmScheduler/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmScheduler/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmScheduler/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmScheduler/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmScheduler/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmScheduler/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmScheduler/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmScheduler/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmScheduler/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmScheduler/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/custom-metrics-apiserver-auth-delegator-cluster-role-binding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/custom-metrics-apiserver-auth-reader-role-binding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/custom-metrics-apiserver-deployment.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/custom-metrics-apiserver-pdb.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/custom-metrics-apiserver-psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/custom-metrics-apiserver-resource-reader-cluster-role-binding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/custom-metrics-apiserver-service-account.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/custom-metrics-apiserver-service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/custom-metrics-configmap.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/custom-metrics-resource-reader-cluster-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/hpa-custom-metrics-cluster-role-binding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/hpa-external-metrics-cluster-role-binding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/secret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-node-exporter/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-node-exporter/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-node-exporter/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-node-exporter/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-node-exporter/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-node-exporter/templates/daemonset.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-node-exporter/templates/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-node-exporter/templates/monitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-node-exporter/templates/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-node-exporter/templates/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-node-exporter/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-node-exporter/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2ControllerManager/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2ControllerManager/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2ControllerManager/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2ControllerManager/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2ControllerManager/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2ControllerManager/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2ControllerManager/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2ControllerManager/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2ControllerManager/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2ControllerManager/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Etcd/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Etcd/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Etcd/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Etcd/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Etcd/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Etcd/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Etcd/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Etcd/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Etcd/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Etcd/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Proxy/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Proxy/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Proxy/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Proxy/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Proxy/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Proxy/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Proxy/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Proxy/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Proxy/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Proxy/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Scheduler/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Scheduler/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Scheduler/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Scheduler/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Scheduler/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Scheduler/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Scheduler/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Scheduler/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Scheduler/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Scheduler/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeControllerManager/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeControllerManager/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeControllerManager/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeControllerManager/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeControllerManager/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeControllerManager/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeControllerManager/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeControllerManager/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeControllerManager/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeControllerManager/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeEtcd/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeEtcd/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeEtcd/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeEtcd/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeEtcd/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeEtcd/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeEtcd/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeEtcd/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeEtcd/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeEtcd/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeProxy/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeProxy/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeProxy/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeProxy/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeProxy/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeProxy/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeProxy/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeProxy/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeProxy/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeProxy/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeScheduler/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeScheduler/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeScheduler/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeScheduler/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeScheduler/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeScheduler/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeScheduler/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeScheduler/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeScheduler/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeScheduler/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/requirements.lock create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/requirements.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/alertmanager/alertmanager.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/alertmanager/cleanupSecret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/alertmanager/ingress.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/alertmanager/ingressperreplica.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/alertmanager/podDisruptionBudget.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/alertmanager/psp-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/alertmanager/psp-rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/alertmanager/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/alertmanager/secret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/alertmanager/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/alertmanager/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/alertmanager/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/alertmanager/serviceperreplica.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/core-dns/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/core-dns/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-api-server/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-controller-manager/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-controller-manager/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-controller-manager/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-dns/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-dns/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-etcd/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-etcd/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-etcd/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-proxy/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-proxy/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-proxy/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-scheduler/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-scheduler/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-scheduler/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-state-metrics/serviceMonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kubelet/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/node-exporter/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/configmap-dashboards.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/configmaps-datasources.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/apiserver.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/cluster-total.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/controller-manager.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/etcd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/k8s-coredns.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/k8s-resources-node.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/kubelet.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/namespace-by-pod.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/namespace-by-workload.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/node-rsrc-use.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/nodes.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/pod-total.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/prometheus.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/scheduler.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/statefulset.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/workload-total.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards/etcd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards/k8s-cluster-rsrc-use.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards/k8s-node-rsrc-use.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards/k8s-resources-cluster.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards/k8s-resources-namespace.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards/k8s-resources-pod.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards/k8s-resources-workload.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards/k8s-resources-workloads-namespace.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards/nodes.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards/persistentvolumesusage.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards/pods.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards/statefulset.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/namespaces.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/deployment.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/psp-clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/psp-clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/additionalAlertRelabelConfigs.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/additionalAlertmanagerConfigs.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/additionalPrometheusRules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/additionalScrapeConfigs.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/ingress.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/ingressThanosSidecar.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/ingressperreplica.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/nginx-config.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/podDisruptionBudget.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/podmonitors.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/prometheus.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/psp-clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/psp-clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/alertmanager.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/etcd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/general.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/k8s.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kube-apiserver.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kube-state-metrics.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kubelet.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kubernetes-apps.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kubernetes-resources.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kubernetes-storage.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kubernetes-system.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/node-exporter.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/node-exporter.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/node-network.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/node.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/prometheus-operator.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/prometheus.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/alertmanager.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/etcd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/general.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/k8s.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/kube-apiserver.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/kube-prometheus-node-alerting.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/kube-prometheus-node-recording.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/kube-scheduler.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/kubernetes-absent.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/kubernetes-apps.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/kubernetes-resources.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/kubernetes-storage.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/kubernetes-system.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/node-network.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/node-time.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/node.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/prometheus-operator.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/prometheus.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/servicemonitors.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/serviceperreplica.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/rancher-monitoring/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/rancher-monitoring/config-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/rancher-monitoring/dashboard-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/rancher-monitoring/default-dashboard.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/rancher-monitoring/hardened.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/CHANGELOG.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/CONTRIBUTING.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/app-README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/dashboards/custom-dashboard.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/_pod.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/configmap-dashboard-provider.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/configmap.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/dashboards-json-configmap.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/deployment.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/headless-service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/ingress.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/nginx-config.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/poddisruptionbudget.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/podsecuritypolicy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/pvc.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/secret-env.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/secret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/statefulset.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/tests/test-configmap.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/tests/test-podsecuritypolicy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/tests/test-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/tests/test-rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/tests/test-serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/tests/test.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/k3sServer/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/k3sServer/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/k3sServer/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/k3sServer/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/k3sServer/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/k3sServer/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/k3sServer/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/k3sServer/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/k3sServer/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/k3sServer/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/templates/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/templates/deployment.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/templates/pdb.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/templates/podsecuritypolicy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/templates/psp-clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/templates/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/templates/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/templates/stsdiscovery-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmControllerManager/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmControllerManager/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmControllerManager/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmControllerManager/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmControllerManager/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmControllerManager/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmControllerManager/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmControllerManager/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmControllerManager/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmControllerManager/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmEtcd/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmEtcd/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmEtcd/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmEtcd/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmEtcd/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmEtcd/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmEtcd/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmEtcd/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmEtcd/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmEtcd/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmProxy/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmProxy/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmProxy/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmProxy/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmProxy/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmProxy/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmProxy/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmProxy/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmProxy/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmProxy/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmScheduler/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmScheduler/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmScheduler/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmScheduler/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmScheduler/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmScheduler/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmScheduler/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmScheduler/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmScheduler/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmScheduler/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/custom-metrics-apiserver-auth-delegator-cluster-role-binding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/custom-metrics-apiserver-auth-reader-role-binding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/custom-metrics-apiserver-deployment.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/custom-metrics-apiserver-pdb.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/custom-metrics-apiserver-psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/custom-metrics-apiserver-resource-reader-cluster-role-binding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/custom-metrics-apiserver-service-account.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/custom-metrics-apiserver-service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/custom-metrics-configmap.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/custom-metrics-resource-reader-cluster-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/hpa-custom-metrics-cluster-role-binding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/hpa-external-metrics-cluster-role-binding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/secret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-node-exporter/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-node-exporter/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-node-exporter/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-node-exporter/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-node-exporter/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-node-exporter/templates/daemonset.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-node-exporter/templates/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-node-exporter/templates/monitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-node-exporter/templates/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-node-exporter/templates/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-node-exporter/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-node-exporter/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2ControllerManager/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2ControllerManager/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2ControllerManager/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2ControllerManager/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2ControllerManager/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2ControllerManager/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2ControllerManager/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2ControllerManager/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2ControllerManager/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2ControllerManager/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Etcd/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Etcd/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Etcd/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Etcd/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Etcd/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Etcd/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Etcd/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Etcd/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Etcd/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Etcd/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Proxy/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Proxy/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Proxy/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Proxy/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Proxy/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Proxy/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Proxy/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Proxy/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Proxy/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Proxy/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Scheduler/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Scheduler/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Scheduler/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Scheduler/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Scheduler/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Scheduler/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Scheduler/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Scheduler/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Scheduler/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Scheduler/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeControllerManager/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeControllerManager/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeControllerManager/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeControllerManager/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeControllerManager/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeControllerManager/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeControllerManager/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeControllerManager/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeControllerManager/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeControllerManager/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeEtcd/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeEtcd/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeEtcd/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeEtcd/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeEtcd/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeEtcd/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeEtcd/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeEtcd/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeEtcd/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeEtcd/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeProxy/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeProxy/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeProxy/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeProxy/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeProxy/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeProxy/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeProxy/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeProxy/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeProxy/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeProxy/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeScheduler/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeScheduler/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeScheduler/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeScheduler/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeScheduler/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeScheduler/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeScheduler/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeScheduler/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeScheduler/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeScheduler/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/windowsExporter/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/windowsExporter/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/windowsExporter/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/windowsExporter/scripts/copy-binary.ps1 create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/windowsExporter/scripts/proxy-entry.ps1 create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/windowsExporter/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/windowsExporter/templates/configmap.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/windowsExporter/templates/daemonset.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/windowsExporter/templates/rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/windowsExporter/templates/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/windowsExporter/templates/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/windowsExporter/templates/windows-relabel-rule.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/windowsExporter/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/files/ingress-nginx/nginx.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/files/ingress-nginx/request-handling-performance.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/files/rancher/rancher-default-home.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/requirements.lock create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/requirements.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/alertmanager/alertmanager.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/alertmanager/cleanupSecret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/alertmanager/ingress.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/alertmanager/ingressperreplica.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/alertmanager/podDisruptionBudget.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/alertmanager/psp-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/alertmanager/psp-rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/alertmanager/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/alertmanager/secret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/alertmanager/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/alertmanager/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/alertmanager/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/alertmanager/serviceperreplica.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/core-dns/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/core-dns/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-api-server/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-controller-manager/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-controller-manager/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-controller-manager/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-dns/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-dns/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-etcd/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-etcd/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-etcd/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-proxy/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-proxy/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-proxy/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-scheduler/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-scheduler/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-scheduler/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-state-metrics/serviceMonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kubelet/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/node-exporter/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/configmap-dashboards.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/configmaps-datasources.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/apiserver.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/cluster-total.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/controller-manager.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/etcd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/k8s-coredns.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/k8s-resources-node.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/kubelet.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/namespace-by-pod.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/namespace-by-workload.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/node-rsrc-use.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/nodes.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/pod-total.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/prometheus.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/scheduler.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/statefulset.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/workload-total.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards/etcd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards/k8s-cluster-rsrc-use.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards/k8s-node-rsrc-use.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards/k8s-resources-cluster.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards/k8s-resources-namespace.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards/k8s-resources-pod.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards/k8s-resources-workload.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards/k8s-resources-workloads-namespace.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards/nodes.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards/persistentvolumesusage.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards/pods.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards/statefulset.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/namespaces.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/deployment.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/psp-clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/psp-clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/additionalAlertRelabelConfigs.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/additionalAlertmanagerConfigs.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/additionalPrometheusRules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/additionalScrapeConfigs.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/ingress.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/ingressThanosSidecar.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/ingressperreplica.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/nginx-config.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/podDisruptionBudget.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/podmonitors.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/prometheus.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/psp-clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/psp-clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/alertmanager.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/etcd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/general.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/k8s.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kube-apiserver.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kube-state-metrics.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kubelet.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kubernetes-apps.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kubernetes-resources.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kubernetes-storage.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kubernetes-system.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/node-exporter.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/node-exporter.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/node-network.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/node.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/prometheus-operator.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/prometheus.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/alertmanager.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/etcd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/general.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/k8s.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/kube-apiserver.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/kube-prometheus-node-alerting.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/kube-prometheus-node-recording.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/kube-scheduler.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/kubernetes-absent.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/kubernetes-apps.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/kubernetes-resources.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/kubernetes-storage.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/kubernetes-system.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/node-network.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/node-time.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/node.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/prometheus-operator.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/prometheus.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/servicemonitors.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/serviceperreplica.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/rancher-monitoring/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/rancher-monitoring/config-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/rancher-monitoring/dashboard-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/rancher-monitoring/default-dashboard.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/rancher-monitoring/exporters/ingress-nginx/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/rancher-monitoring/exporters/ingress-nginx/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/rancher-monitoring/hardened.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/rancher-monitoring/ingress-nginx-dashboard.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/values.yaml create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/.helmignore create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/Chart.yaml create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/OWNERS create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/README.md create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/ci/port-values.yaml create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/templates/NOTES.txt create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/templates/_helpers.tpl create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/templates/daemonset.yaml create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/templates/endpoints.yaml create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/templates/monitor.yaml create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/templates/psp-clusterrole.yaml create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/templates/psp-clusterrolebinding.yaml create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/templates/psp.yaml create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/templates/service.yaml create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/values.yaml create mode 100644 released/charts/rancher-operator-crd/rancher-operator-crd/0.1.000/Chart.yaml create mode 100644 released/charts/rancher-operator-crd/rancher-operator-crd/0.1.000/templates/crds.yaml create mode 100644 released/charts/rancher-operator-crd/rancher-operator-crd/0.1.100/Chart.yaml create mode 100644 released/charts/rancher-operator-crd/rancher-operator-crd/0.1.100/templates/crds.yaml create mode 100644 released/charts/rancher-operator-crd/rancher-operator-crd/0.1.200/Chart.yaml create mode 100644 released/charts/rancher-operator-crd/rancher-operator-crd/0.1.200/templates/crds.yaml create mode 100755 released/charts/rancher-operator-crd/rancher-operator-crd/0.1.300/Chart.yaml create mode 100755 released/charts/rancher-operator-crd/rancher-operator-crd/0.1.300/templates/crds.yaml create mode 100755 released/charts/rancher-operator-crd/rancher-operator-crd/0.1.400/Chart.yaml create mode 100755 released/charts/rancher-operator-crd/rancher-operator-crd/0.1.400/templates/crds.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.000/Chart.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.000/templates/_helpers.tpl create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.000/templates/deployment.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.000/templates/rbac.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.000/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.000/values.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.100/Chart.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.100/templates/_helpers.tpl create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.100/templates/deployment.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.100/templates/rbac.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.100/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.100/values.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.200/Chart.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.200/templates/_helpers.tpl create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.200/templates/deployment.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.200/templates/rbac.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.200/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.200/values.yaml create mode 100755 released/charts/rancher-operator/rancher-operator/0.1.300/Chart.yaml create mode 100755 released/charts/rancher-operator/rancher-operator/0.1.300/templates/_helpers.tpl create mode 100755 released/charts/rancher-operator/rancher-operator/0.1.300/templates/deployment.yaml create mode 100755 released/charts/rancher-operator/rancher-operator/0.1.300/templates/rbac.yaml create mode 100755 released/charts/rancher-operator/rancher-operator/0.1.300/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-operator/rancher-operator/0.1.300/values.yaml create mode 100755 released/charts/rancher-operator/rancher-operator/0.1.400/Chart.yaml create mode 100755 released/charts/rancher-operator/rancher-operator/0.1.400/templates/_helpers.tpl create mode 100755 released/charts/rancher-operator/rancher-operator/0.1.400/templates/deployment.yaml create mode 100755 released/charts/rancher-operator/rancher-operator/0.1.400/templates/rbac.yaml create mode 100755 released/charts/rancher-operator/rancher-operator/0.1.400/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-operator/rancher-operator/0.1.400/values.yaml create mode 100755 released/charts/rancher-prom2teams/rancher-prom2teams/0.2.000/.helmignore create mode 100755 released/charts/rancher-prom2teams/rancher-prom2teams/0.2.000/Chart.yaml create mode 100755 released/charts/rancher-prom2teams/rancher-prom2teams/0.2.000/files/teams.j2 create mode 100755 released/charts/rancher-prom2teams/rancher-prom2teams/0.2.000/templates/NOTES.txt create mode 100755 released/charts/rancher-prom2teams/rancher-prom2teams/0.2.000/templates/_helpers.tpl create mode 100755 released/charts/rancher-prom2teams/rancher-prom2teams/0.2.000/templates/configmap.yaml create mode 100755 released/charts/rancher-prom2teams/rancher-prom2teams/0.2.000/templates/deployment.yaml create mode 100755 released/charts/rancher-prom2teams/rancher-prom2teams/0.2.000/templates/psp.yaml create mode 100755 released/charts/rancher-prom2teams/rancher-prom2teams/0.2.000/templates/role.yaml create mode 100755 released/charts/rancher-prom2teams/rancher-prom2teams/0.2.000/templates/rolebinding.yaml create mode 100755 released/charts/rancher-prom2teams/rancher-prom2teams/0.2.000/templates/service-account.yaml create mode 100755 released/charts/rancher-prom2teams/rancher-prom2teams/0.2.000/templates/service.yaml create mode 100755 released/charts/rancher-prom2teams/rancher-prom2teams/0.2.000/values.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/.helmignore create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/Chart.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/README.md create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/ci/default-values.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/ci/external-rules-values.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/NOTES.txt create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/_helpers.tpl create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/certmanager.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/cluster-role-binding-auth-delegator.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/cluster-role-binding-resource-reader.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/cluster-role-resource-reader.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/configmap.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/custom-metrics-apiservice.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/custom-metrics-cluster-role-binding-hpa.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/custom-metrics-cluster-role.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/deployment.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/external-metrics-apiservice.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/external-metrics-cluster-role-binding-hpa.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/external-metrics-cluster-role.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/pdb.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/psp.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/resource-metrics-apiservice.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/resource-metrics-cluster-role-binding.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/resource-metrics-cluster-role.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/role-binding-auth-reader.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/secret.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/service.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/values.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.0/.helmignore create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.0/Chart.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.0/README.md create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.0/templates/_helpers.tpl create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.0/templates/pushprox-clients-rbac.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.0/templates/pushprox-clients.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.0/templates/pushprox-proxy.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.0/templates/pushprox-servicemonitor.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.0/values.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.1/.helmignore create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.1/Chart.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.1/README.md create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.1/templates/_helpers.tpl create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.1/templates/pushprox-clients-rbac.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.1/templates/pushprox-clients.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.1/templates/pushprox-proxy.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.1/templates/pushprox-servicemonitor.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.1/values.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.2/.helmignore create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.2/Chart.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.2/README.md create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.2/templates/_helpers.tpl create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.2/templates/pushprox-clients-rbac.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.2/templates/pushprox-clients.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.2/templates/pushprox-proxy-rbac.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.2/templates/pushprox-proxy.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.2/templates/pushprox-servicemonitor.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.2/values.yaml create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.201/.helmignore create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.201/Chart.yaml create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.201/README.md create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.201/templates/_helpers.tpl create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.201/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.201/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.201/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.201/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.201/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.201/values.yaml create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.300/.helmignore create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.300/Chart.yaml create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.300/README.md create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.300/templates/_helpers.tpl create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.300/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.300/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.300/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.300/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.300/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.300/values.yaml create mode 100755 released/charts/rancher-sachet/rancher-sachet/1.0.100/.helmignore create mode 100755 released/charts/rancher-sachet/rancher-sachet/1.0.100/Chart.yaml create mode 100755 released/charts/rancher-sachet/rancher-sachet/1.0.100/files/template.tmpl create mode 100755 released/charts/rancher-sachet/rancher-sachet/1.0.100/templates/NOTES.txt create mode 100755 released/charts/rancher-sachet/rancher-sachet/1.0.100/templates/_helpers.tpl create mode 100755 released/charts/rancher-sachet/rancher-sachet/1.0.100/templates/configmap-pre-install.yaml create mode 100755 released/charts/rancher-sachet/rancher-sachet/1.0.100/templates/deployment.yaml create mode 100755 released/charts/rancher-sachet/rancher-sachet/1.0.100/templates/psp.yaml create mode 100755 released/charts/rancher-sachet/rancher-sachet/1.0.100/templates/role.yaml create mode 100755 released/charts/rancher-sachet/rancher-sachet/1.0.100/templates/rolebinding.yaml create mode 100755 released/charts/rancher-sachet/rancher-sachet/1.0.100/templates/service-account.yaml create mode 100755 released/charts/rancher-sachet/rancher-sachet/1.0.100/templates/service.yaml create mode 100755 released/charts/rancher-sachet/rancher-sachet/1.0.100/values.yaml create mode 100644 released/charts/rancher-tracing/rancher-tracing/1.20.001/.helmignore create mode 100644 released/charts/rancher-tracing/rancher-tracing/1.20.001/Chart.yaml create mode 100644 released/charts/rancher-tracing/rancher-tracing/1.20.001/README.md create mode 100644 released/charts/rancher-tracing/rancher-tracing/1.20.001/templates/_affinity.tpl create mode 100644 released/charts/rancher-tracing/rancher-tracing/1.20.001/templates/_helpers.tpl create mode 100644 released/charts/rancher-tracing/rancher-tracing/1.20.001/templates/deployment.yaml create mode 100644 released/charts/rancher-tracing/rancher-tracing/1.20.001/templates/pvc.yaml create mode 100644 released/charts/rancher-tracing/rancher-tracing/1.20.001/templates/service.yaml create mode 100644 released/charts/rancher-tracing/rancher-tracing/1.20.001/values.yaml create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.002/.helmignore create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.002/Chart.yaml create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.002/README.md create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.002/templates/_affinity.tpl create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.002/templates/_helpers.tpl create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.002/templates/deployment.yaml create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.002/templates/pvc.yaml create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.002/templates/service.yaml create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.002/values.yaml create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.100/.helmignore create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.100/Chart.yaml create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.100/README.md create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.100/templates/_affinity.tpl create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.100/templates/_helpers.tpl create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.100/templates/deployment.yaml create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.100/templates/psp.yaml create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.100/templates/pvc.yaml create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.100/templates/service.yaml create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.100/values.yaml create mode 100755 released/charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.000/Chart.yaml create mode 100755 released/charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.000/README.md create mode 100755 released/charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.000/app-readme.md create mode 100755 released/charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.000/questions.yaml create mode 100755 released/charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.000/templates/_helpers.tpl create mode 100755 released/charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.000/templates/vsphere-cloud-config-cm.yaml create mode 100755 released/charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.000/templates/vsphere-cpi-ds.yaml create mode 100755 released/charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.000/templates/vsphere-cpi-rbac.yaml create mode 100755 released/charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.000/templates/vsphere-creds-secret.yaml create mode 100755 released/charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.000/values.yaml create mode 100755 released/charts/rancher-vsphere-csi/rancher-vsphere-csi/2.1.000/Chart.yaml create mode 100755 released/charts/rancher-vsphere-csi/rancher-vsphere-csi/2.1.000/README.md create mode 100755 released/charts/rancher-vsphere-csi/rancher-vsphere-csi/2.1.000/app-readme.md create mode 100755 released/charts/rancher-vsphere-csi/rancher-vsphere-csi/2.1.000/questions.yaml create mode 100755 released/charts/rancher-vsphere-csi/rancher-vsphere-csi/2.1.000/templates/_helpers.tpl create mode 100755 released/charts/rancher-vsphere-csi/rancher-vsphere-csi/2.1.000/templates/vsphere-csi-controller-deployment.yaml create mode 100755 released/charts/rancher-vsphere-csi/rancher-vsphere-csi/2.1.000/templates/vsphere-csi-controller-rbac.yaml create mode 100755 released/charts/rancher-vsphere-csi/rancher-vsphere-csi/2.1.000/templates/vsphere-csi-node-ds.yaml create mode 100755 released/charts/rancher-vsphere-csi/rancher-vsphere-csi/2.1.000/templates/vsphere-csi-secret.yaml create mode 100755 released/charts/rancher-vsphere-csi/rancher-vsphere-csi/2.1.000/templates/vsphere-csi-storageclass.yaml create mode 100755 released/charts/rancher-vsphere-csi/rancher-vsphere-csi/2.1.000/values.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta500/Chart.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta500/templates/_helpers.tpl create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta500/templates/deployment.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta500/templates/rbac.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta500/templates/service.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta500/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta500/templates/webhook.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta500/values.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta700/Chart.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta700/templates/_helpers.tpl create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta700/templates/deployment.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta700/templates/rbac.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta700/templates/service.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta700/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta700/templates/webhook.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta700/values.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta900/Chart.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta900/templates/_helpers.tpl create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta900/templates/deployment.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta900/templates/rbac.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta900/templates/service.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta900/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta900/templates/webhook.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta900/values.yaml create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta901/Chart.yaml create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta901/templates/_helpers.tpl create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta901/templates/deployment.yaml create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta901/templates/rbac.yaml create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta901/templates/service.yaml create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta901/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta901/templates/webhook.yaml create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta901/values.yaml create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.000/Chart.yaml create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.000/templates/_helpers.tpl create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.000/templates/deployment.yaml create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.000/templates/rbac.yaml create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.000/templates/service.yaml create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.000/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.000/templates/webhook.yaml create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.000/values.yaml create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/.helmignore create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/Chart.yaml create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/README.md create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/scripts/check-wins-version.ps1 create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/scripts/copy-binary.ps1 create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/scripts/proxy-entry.ps1 create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/scripts/run.ps1 create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/templates/_helpers.tpl create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/templates/configmap.yaml create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/templates/daemonset.yaml create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/templates/rbac.yaml create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/templates/service.yaml create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/templates/servicemonitor.yaml create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/templates/windows-relabel-rule.yaml create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/values.yaml create mode 100755 released/charts/rancher-wins-upgrader/rancher-wins-upgrader/0.0.100/.helmignore create mode 100755 released/charts/rancher-wins-upgrader/rancher-wins-upgrader/0.0.100/Chart.yaml create mode 100755 released/charts/rancher-wins-upgrader/rancher-wins-upgrader/0.0.100/README.md create mode 100755 released/charts/rancher-wins-upgrader/rancher-wins-upgrader/0.0.100/app-readme.md create mode 100755 released/charts/rancher-wins-upgrader/rancher-wins-upgrader/0.0.100/scripts/noop.ps1 create mode 100755 released/charts/rancher-wins-upgrader/rancher-wins-upgrader/0.0.100/scripts/upgrade.ps1 create mode 100755 released/charts/rancher-wins-upgrader/rancher-wins-upgrader/0.0.100/templates/_helpers.tpl create mode 100755 released/charts/rancher-wins-upgrader/rancher-wins-upgrader/0.0.100/templates/configmap.yaml create mode 100755 released/charts/rancher-wins-upgrader/rancher-wins-upgrader/0.0.100/templates/daemonset.yaml create mode 100755 released/charts/rancher-wins-upgrader/rancher-wins-upgrader/0.0.100/templates/rbac.yaml create mode 100755 released/charts/rancher-wins-upgrader/rancher-wins-upgrader/0.0.100/values.yaml create mode 100644 released/charts/rio/rio/0.8.000/.helmignore create mode 100644 released/charts/rio/rio/0.8.000/Chart.yaml create mode 100644 released/charts/rio/rio/0.8.000/README.md create mode 100644 released/charts/rio/rio/0.8.000/templates/NOTES.txt create mode 100644 released/charts/rio/rio/0.8.000/templates/_helpers.tpl create mode 100644 released/charts/rio/rio/0.8.000/templates/clusterrole.yaml create mode 100644 released/charts/rio/rio/0.8.000/templates/clusterrolebinding.yaml create mode 100644 released/charts/rio/rio/0.8.000/templates/configmap.yaml create mode 100644 released/charts/rio/rio/0.8.000/templates/deployment.yaml create mode 100644 released/charts/rio/rio/0.8.000/templates/envoyfilter.yaml create mode 100644 released/charts/rio/rio/0.8.000/templates/secret.yaml create mode 100644 released/charts/rio/rio/0.8.000/templates/service.yaml create mode 100644 released/charts/rio/rio/0.8.000/templates/serviceaccount.yaml create mode 100644 released/charts/rio/rio/0.8.000/values.yaml create mode 100755 released/charts/rio/rio/0.8.001/.helmignore create mode 100755 released/charts/rio/rio/0.8.001/Chart.yaml create mode 100755 released/charts/rio/rio/0.8.001/README.md create mode 100755 released/charts/rio/rio/0.8.001/templates/NOTES.txt create mode 100755 released/charts/rio/rio/0.8.001/templates/_helpers.tpl create mode 100755 released/charts/rio/rio/0.8.001/templates/clusterrole.yaml create mode 100755 released/charts/rio/rio/0.8.001/templates/clusterrolebinding.yaml create mode 100755 released/charts/rio/rio/0.8.001/templates/configmap.yaml create mode 100755 released/charts/rio/rio/0.8.001/templates/deployment.yaml create mode 100755 released/charts/rio/rio/0.8.001/templates/envoyfilter.yaml create mode 100755 released/charts/rio/rio/0.8.001/templates/secret.yaml create mode 100755 released/charts/rio/rio/0.8.001/templates/service.yaml create mode 100755 released/charts/rio/rio/0.8.001/templates/serviceaccount.yaml create mode 100755 released/charts/rio/rio/0.8.001/values.yaml create mode 100755 released/index.yaml diff --git a/index.yaml b/index.yaml old mode 100755 new mode 100644 index 6e85deebc..c9c8bc160 --- a/index.yaml +++ b/index.yaml @@ -12,90 +12,14 @@ entries: catalog.cattle.io/release-name: fleet apiVersion: v2 appVersion: 0.3.5 - created: "2021-04-19T17:18:41.426840009Z" + created: "2021-04-21T15:17:43.274267-07:00" description: Fleet Manager - GitOps at Scale - digest: 0ef37b499661d5c3998c571bf3e25972b0bbd27b8249c384af313bef36ba6d61 + digest: f534c6ee948dc9a5ca2a2b9741ea71946708f8eac788572c24e39a24fedeab1e icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet urls: - - assets/fleet/fleet-0.3.500-rc05.tgz - version: 0.3.500-rc05 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.5 - created: "2021-04-10T01:22:19.627743142Z" - description: Fleet Manager - GitOps at Scale - digest: 56fdbfb76993a43c7e7efbc6e480a271b6bf88596163a629a785d6cb8ad37b20 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - assets/fleet/fleet-0.3.500-rc04.tgz - version: 0.3.500-rc04 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.5 - created: "2021-04-07T21:48:50.614239531Z" - description: Fleet Manager - GitOps at Scale - digest: a583464aed3ed3c6bd5a6d565decbd6e052a2a1176ae54208dc37660bf288010 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - assets/fleet/fleet-0.3.500-rc03.tgz - version: 0.3.500-rc03 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.5 - created: "2021-04-06T01:27:24.195359475Z" - description: Fleet Manager - GitOps at Scale - digest: 7d0614eaeaf5f1029a245ad6881f97719bf3caa44075901d9290810bb17a207c - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - assets/fleet/fleet-0.3.500-rc02.tgz - version: 0.3.500-rc02 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.5 - created: "2021-03-18T19:39:38.695305781Z" - description: Fleet Manager - GitOps at Scale - digest: 443c4a6b34b021406aed20df13848926328afa4790a817c9ada07dc47a8b8e71 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - assets/fleet/fleet-0.3.500-rc01.tgz - version: 0.3.500-rc01 + - released/assets/fleet/fleet-0.3.500.tgz + version: 0.3.500 - annotations: catalog.cattle.io/auto-install: fleet-crd=match catalog.cattle.io/certified: rancher @@ -107,128 +31,14 @@ entries: catalog.cattle.io/release-name: fleet apiVersion: v2 appVersion: 0.3.4 - created: "2021-03-04T09:47:44.975285-08:00" + created: "2021-04-21T15:17:43.273722-07:00" description: Fleet Manager - GitOps at Scale - digest: 277079329c521f3902a1d350526faa155b96760268841855b066a79c066e1fda + digest: 3dc07290740992da2a36c0d0cf2ef3592bcb1e2c5482a37a49336794795944f0 icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet urls: - - released/assets/fleet/fleet-0.3.400-rc08.tgz - version: 0.3.400-rc08 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.974668-08:00" - description: Fleet Manager - GitOps at Scale - digest: 7d9eb26b9a52d271fbb40a4bd5d0771bbef7b7b4e62202db83be9aef6df1b020 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.400-rc07.tgz - version: 0.3.400-rc07 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.974039-08:00" - description: Fleet Manager - GitOps at Scale - digest: 687574de3226ffeb9f1e0aa113221b1079b8ce4b7388deb9f4db21adf910cd7a - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.400-rc06.tgz - version: 0.3.400-rc06 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.973472-08:00" - description: Fleet Manager - GitOps at Scale - digest: cc93d58b20fe2ce8626f93af8a534eb80ee2c9001f1e864981b72c1766cd4ea3 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.400-rc05.tgz - version: 0.3.400-rc05 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.972882-08:00" - description: Fleet Manager - GitOps at Scale - digest: 118b165bf97d80b203e46b7899f619060e95b73a4e86be39230b6cfa24f37527 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.400-rc04.tgz - version: 0.3.400-rc04 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.972313-08:00" - description: Fleet Manager - GitOps at Scale - digest: 2c77e45b0d5c39ffbc45889ee92627fc97360fd002b01cf766efc963933d0734 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.400-rc03.tgz - version: 0.3.400-rc03 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.971747-08:00" - description: Fleet Manager - GitOps at Scale - digest: fb076be2e7e9d34b6fbb7cf6b975ee8dea69d118a91dbef29c77e3310718843b - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.400-rc00.tgz - version: 0.3.400-rc00 + - released/assets/fleet/fleet-0.3.400.tgz + version: 0.3.400 - annotations: catalog.cattle.io/auto-install: fleet-crd=match catalog.cattle.io/certified: rancher @@ -240,33 +50,14 @@ entries: catalog.cattle.io/release-name: fleet apiVersion: v2 appVersion: 0.3.3 - created: "2021-01-15T00:11:30.442452-08:00" + created: "2021-04-21T15:17:43.273203-07:00" description: Fleet Manager - GitOps at Scale - digest: 466158346d34e38bc22d1df190b8e8d031da76e6b189b104c3db439c84cefa57 + digest: f33de3f1deb1cdfe0ff8af7cde8919bbe3e594b30e423735caddfcf3117d3224 icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet urls: - released/assets/fleet/fleet-0.3.300.tgz version: 0.3.300 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.3-rc1 - created: "2021-01-15T00:11:30.442021-08:00" - description: Fleet Manager - GitOps at Scale - digest: 92c54b647c650213ed878a3aa37a1b121d773ea3df107eef1cb80ffba4fdd4a8 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.300-rc1.tgz - version: 0.3.300-rc1 - annotations: catalog.cattle.io/auto-install: fleet-crd=match catalog.cattle.io/certified: rancher @@ -278,71 +69,14 @@ entries: catalog.cattle.io/release-name: fleet apiVersion: v2 appVersion: 0.3.2 - created: "2021-01-15T00:11:30.441482-08:00" + created: "2021-04-21T15:17:43.272734-07:00" description: Fleet Manager - GitOps at Scale - digest: 13435d391c5cbc965b57ef20bc8fcf2d986ff7a3e931b69ee692ab9e1f182cee + digest: 7604d7eb2a6ef5b119b0ee102ea528e63db77caff3441bd47c116964ac530887 icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet urls: - released/assets/fleet/fleet-0.3.200.tgz version: 0.3.200 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.2-rc7 - created: "2021-01-15T00:11:30.441061-08:00" - description: Fleet Manager - GitOps at Scale - digest: 6bacaf33f64564316e3055a64e2be835e59db11c0e972bf724129f084e2347fe - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.200-rc7.tgz - version: 0.3.200-rc7 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.2-rc6 - created: "2021-01-15T00:11:30.440604-08:00" - description: Fleet Manager - GitOps at Scale - digest: a5ed0efb4922ac2095d632c6675bd0c15d12940cf3993eb744259154a7946ee4 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.200-rc6.tgz - version: 0.3.200-rc6 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.2-rc5 - created: "2021-01-15T00:11:30.440153-08:00" - description: Fleet Manager - GitOps at Scale - digest: 8532b8f9ea6cc1a58e75f12f500c50f1e504e2f1cd17dbea5302067f1e97fd8d - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.200-rc5.tgz - version: 0.3.200-rc5 - annotations: catalog.cattle.io/auto-install: fleet-crd=match catalog.cattle.io/certified: rancher @@ -354,128 +88,14 @@ entries: catalog.cattle.io/release-name: fleet apiVersion: v2 appVersion: 0.3.1 - created: "2021-01-15T00:11:30.435867-08:00" + created: "2021-04-21T15:17:43.271218-07:00" description: Fleet Manager - GitOps at Scale - digest: 2fe3aa2739e02cc80ab57ab538f553caab0c68e4d42c36c878418978378704ee + digest: 2b05e7779f54c0bd853594b798662be27043d401ee4df1ef2393d25ae4ebbdb8 icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet urls: - released/assets/fleet/fleet-0.3.100.tgz version: 0.3.100 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.2-rc5 - created: "2021-01-15T00:11:30.439622-08:00" - description: Fleet Manager - GitOps at Scale - digest: a4a06fb9cebe9efd606bede697cb3153ac90a525cea85d5669bebfec2bd46b60 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.2-rc500.tgz - version: 0.3.2-rc500 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.2-rc4 - created: "2021-01-15T00:11:30.439032-08:00" - description: Fleet Manager - GitOps at Scale - digest: 2c8db55082443d3001ee73001f2998709eb626d068ea1d01a9a2a876ab1fd6d5 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.2-rc400.tgz - version: 0.3.2-rc400 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.2-rc3 - created: "2021-01-15T00:11:30.438375-08:00" - description: Fleet Manager - GitOps at Scale - digest: 4cb7dc66d8fa56e7c72482a711690c4eec6df2b6039325b7573ff5832db6e2f1 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.2-rc300.tgz - version: 0.3.2-rc300 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.2-rc2 - created: "2021-01-15T00:11:30.436873-08:00" - description: Fleet Manager - GitOps at Scale - digest: 8eb35016316c813edec5b6a23e4e1b2ac977f70422abdaa17b27f04ef583b4a2 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.2-rc200.tgz - version: 0.3.2-rc200 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.2-rc1 - created: "2021-01-15T00:11:30.436381-08:00" - description: Fleet Manager - GitOps at Scale - digest: 2d931594dcc850c2ceddbc670c26ec624275471e827aea89c911a9c69b63680c - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.2-rc100.tgz - version: 0.3.2-rc100 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.1-rc2 - created: "2021-01-15T00:11:30.43539-08:00" - description: Fleet Manager - GitOps at Scale - digest: 8e2d0197e5351976855ab2a353624f83aae1dd20d111c640577c718dbc6e8d3d - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.1-rc200.tgz - version: 0.3.1-rc200 - annotations: catalog.cattle.io/auto-install: fleet-crd=match catalog.cattle.io/certified: rancher @@ -487,90 +107,14 @@ entries: catalog.cattle.io/release-name: fleet apiVersion: v2 appVersion: 0.3.0 - created: "2021-01-15T00:11:30.43486-08:00" + created: "2021-04-21T15:17:43.270749-07:00" description: Fleet Manager - GitOps at Scale - digest: 2ebf3211667f09636fe3ddedcf3f16527911039ad034234b3096a2d22648f08c + digest: 80ebb76232c4d9c17199901ccce179c86d78202872266fdec29c417c78ee1a9d icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet urls: - released/assets/fleet/fleet-0.3.000.tgz version: 0.3.000 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.0-rc3 - created: "2021-01-15T00:11:30.434357-08:00" - description: Fleet Manager - GitOps at Scale - digest: 8c0107095c9bd5fdaf1af65269cc3212e1d3b3cae7fd60310e33ed4f45f60c3e - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.0-rc300.tgz - version: 0.3.0-rc300 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.0-rc2 - created: "2021-01-15T00:11:30.433883-08:00" - description: Fleet Manager - GitOps at Scale - digest: 4fff27a9b7181abc19c19ed7c976001fd334bc398451c4f8e06f5175a5449b13 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.0-rc200.tgz - version: 0.3.0-rc200 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.0-rc1 - created: "2021-01-15T00:11:30.433435-08:00" - description: Fleet Manager - GitOps at Scale - digest: 9285c78e83af3aa9c41f78ccda82a629e1e5d0491657c928c70e35cdf398a4a1 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.0-rc100.tgz - version: 0.3.0-rc100 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.0-beta6 - created: "2021-01-15T00:11:30.432981-08:00" - description: Fleet Manager - GitOps at Scale - digest: daecd0f635b0d5e9cbe1661a0cbf9fa863559067380c018ee647c0541f036f54 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.0-beta600.tgz - version: 0.3.0-beta600 fleet-agent: - annotations: catalog.cattle.io/certified: rancher @@ -580,78 +124,14 @@ entries: catalog.cattle.io/release-name: fleet-agent apiVersion: v2 appVersion: 0.3.5 - created: "2021-04-19T17:18:41.429573195Z" + created: "2021-04-21T15:17:43.277304-07:00" description: Fleet Manager Agent - GitOps at Scale - digest: 79834f24e406e61945647546053a87191c05b677ad989cd99e6780bc1e066a93 + digest: 219941e90f69b539d3d2889684db86c67ef7a1f29a52dc65bfb6e4b43a633b64 icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet-agent urls: - - assets/fleet-agent/fleet-agent-0.3.500-rc05.tgz - version: 0.3.500-rc05 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.5 - created: "2021-04-10T01:22:19.630553271Z" - description: Fleet Manager Agent - GitOps at Scale - digest: b1b7573def4cf7549c16d4b35cd0224f9c318e2c4628b45ee229cbf1dcab2f8c - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - assets/fleet-agent/fleet-agent-0.3.500-rc04.tgz - version: 0.3.500-rc04 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.5 - created: "2021-04-07T21:48:50.616307916Z" - description: Fleet Manager Agent - GitOps at Scale - digest: f04117333c5f3ca7b41fa36a089fc2ee6ffba62a41c828677454dab9ca2495f3 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - assets/fleet-agent/fleet-agent-0.3.500-rc03.tgz - version: 0.3.500-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.5 - created: "2021-04-06T01:27:24.196753549Z" - description: Fleet Manager Agent - GitOps at Scale - digest: 1432bc0719b848dc41794610f905b82a53e485fcc74c7e7778088da60c269dfb - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - assets/fleet-agent/fleet-agent-0.3.500-rc02.tgz - version: 0.3.500-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.5 - created: "2021-03-18T19:39:38.696249674Z" - description: Fleet Manager Agent - GitOps at Scale - digest: 9abb1ab308acf5a714846b4fbf559d71f0914959593d89e58a82eb134a185a4e - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - assets/fleet-agent/fleet-agent-0.3.500-rc01.tgz - version: 0.3.500-rc01 + - released/assets/fleet-agent/fleet-agent-0.3.500.tgz + version: 0.3.500 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -660,110 +140,14 @@ entries: catalog.cattle.io/release-name: fleet-agent apiVersion: v2 appVersion: 0.3.4 - created: "2021-03-04T09:47:44.979264-08:00" + created: "2021-04-21T15:17:43.27695-07:00" description: Fleet Manager Agent - GitOps at Scale - digest: 92c389d9d8be695fb01d74e9d5522e4a594fe08b1631bf80433a43cfafc12130 + digest: 59fb278112c907eaf12dd963ded1aa6ae03be09bb795d2129fd35b6888fbd31c icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet-agent urls: - - released/assets/fleet-agent/fleet-agent-0.3.400-rc08.tgz - version: 0.3.400-rc08 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.978729-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 0309e8373110bc1bccf7822846cb39bfb3090079516fb597fc1bfd315d793bd6 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.400-rc07.tgz - version: 0.3.400-rc07 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.978306-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 3ea72c1023795f9f0d5044645ee0daf17728e7c2dfa8e09bad134f068d33e0bd - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.400-rc06.tgz - version: 0.3.400-rc06 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.97789-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 0ddcf88f7f969a054e665547afc3d051b6f7e889bdfa9f6117d1b54424bc0121 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.400-rc05.tgz - version: 0.3.400-rc05 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.976796-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 361ea8b3e2881fba58c75b4fa8f7a3dcd39e935cf53ffda8d16eae03b24b3e29 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.400-rc04.tgz - version: 0.3.400-rc04 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.976184-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: a8b5d0b5f1fa9fca85dcb543141dfc2b69d9f44e6a3f0e985e5d0d89c80abb0b - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.400-rc03.tgz - version: 0.3.400-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.975734-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 4f1e3b1be448bf6a3ce7519dbf4105469ba9ea60432f64ed7717269b4c1db495 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.400-rc00.tgz - version: 0.3.400-rc00 + - released/assets/fleet-agent/fleet-agent-0.3.400.tgz + version: 0.3.400 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -772,30 +156,14 @@ entries: catalog.cattle.io/release-name: fleet-agent apiVersion: v2 appVersion: 0.3.3 - created: "2021-01-15T00:11:30.450242-08:00" + created: "2021-04-21T15:17:43.276423-07:00" description: Fleet Manager Agent - GitOps at Scale - digest: c156f47b7093403a9567dd6607150dcec3d23bbc9089f24826edd255da3de163 + digest: f92cbe28d99ae754a590e3de5a3226109704c7a69376e1b824b5eb01e3997df3 icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet-agent urls: - released/assets/fleet-agent/fleet-agent-0.3.300.tgz version: 0.3.300 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.3-rc1 - created: "2021-01-15T00:11:30.449607-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 8ba8e519ae4e2597ce1a886fc236a6ba17884c26ee500f099ba25881fe07c472 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.300-rc1.tgz - version: 0.3.300-rc1 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -804,62 +172,14 @@ entries: catalog.cattle.io/release-name: fleet-agent apiVersion: v2 appVersion: 0.3.2 - created: "2021-01-15T00:11:30.449316-08:00" + created: "2021-04-21T15:17:43.275293-07:00" description: Fleet Manager Agent - GitOps at Scale - digest: d83092027ee970d35edf853bfebe76621e65e98a6451a984018ad50343de7662 + digest: 2be8d753ca9d2ddc9f0c152a81021b146838223796a497841850486bc26f6457 icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet-agent urls: - released/assets/fleet-agent/fleet-agent-0.3.200.tgz version: 0.3.200 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.2-rc7 - created: "2021-01-15T00:11:30.449024-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 64119f4e2708a02f6a7d196289154158a3069078eeb2ff6c4d610ff75553714d - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.200-rc7.tgz - version: 0.3.200-rc7 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.2-rc6 - created: "2021-01-15T00:11:30.448731-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: e4d4cec1d4f3a6cb6de231398213740ab6a63221ad8bb39b92ff359ab203c717 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.200-rc6.tgz - version: 0.3.200-rc6 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.2-rc5 - created: "2021-01-15T00:11:30.448438-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 901d1ac62ef11449a3a4322be4c361031901491457b285ea7ae50eb86b294c4d - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.200-rc5.tgz - version: 0.3.200-rc5 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -868,110 +188,14 @@ entries: catalog.cattle.io/release-name: fleet-agent apiVersion: v2 appVersion: 0.3.1 - created: "2021-01-15T00:11:30.44469-08:00" + created: "2021-04-21T15:17:43.274969-07:00" description: Fleet Manager Agent - GitOps at Scale - digest: 93e1c4ab4accfe23e9367bf0db876c469fa33df306d0c375c4f52cae384a12bd + digest: 1913e45bcda723490e3c1c1613f99a328b6414c472f9f7c490c087d7697563f1 icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet-agent urls: - released/assets/fleet-agent/fleet-agent-0.3.100.tgz version: 0.3.100 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.2-rc5 - created: "2021-01-15T00:11:30.448126-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 89a9c660a7e734b92e355c9cef6bc5ed6ea686a531bd7fbcc9e79740f11ecf97 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.2-rc500.tgz - version: 0.3.2-rc500 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.2-rc4 - created: "2021-01-15T00:11:30.447616-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 54b08cdc2b3d82df5f200b7ce248df6fd76fcc6bca65566597277223b392694a - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.2-rc400.tgz - version: 0.3.2-rc400 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.2-rc3 - created: "2021-01-15T00:11:30.446262-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 666b0fbd3cd2c66ec0876c4ab38179ff208ae30e6c1f624a9d86c63a94631c4f - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.2-rc300.tgz - version: 0.3.2-rc300 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.2-rc2 - created: "2021-01-15T00:11:30.445918-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: aabe665aeebc1df39898d541af5584b5c30de7702822690d6a51fe719700974c - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.2-rc200.tgz - version: 0.3.2-rc200 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.2-rc1 - created: "2021-01-15T00:11:30.445594-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: ff1f16b5df2234bab11727a056fd1133266d224739a552827d0c2ba7cce13351 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.2-rc100.tgz - version: 0.3.2-rc100 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.1-rc2 - created: "2021-01-15T00:11:30.444372-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 5710e0cd3a6d3c818ced59b6cf486579b5184aadac4dd8088fcac9fe5bb82588 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.1-rc200.tgz - version: 0.3.1-rc200 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -980,78 +204,14 @@ entries: catalog.cattle.io/release-name: fleet-agent apiVersion: v2 appVersion: 0.3.0 - created: "2021-01-15T00:11:30.444055-08:00" + created: "2021-04-21T15:17:43.274613-07:00" description: Fleet Manager Agent - GitOps at Scale - digest: ecc3783751af209842edc9e4687d01b2a355613b8232d993da9ad36c412ee351 + digest: 8b517f7d18f2aa1e34e5ac475684752dc8ff46f050cfd2b2d91fd343cab8cf50 icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet-agent urls: - released/assets/fleet-agent/fleet-agent-0.3.000.tgz version: 0.3.000 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.0-rc3 - created: "2021-01-15T00:11:30.443739-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 03d3d03b8ae0b079bca9ef661b5e3468a40056fc921ccca1dd75174c5763de3c - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.0-rc300.tgz - version: 0.3.0-rc300 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.0-rc2 - created: "2021-01-15T00:11:30.443423-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 751ff49e3a02afa1300ef25a9b98399dfa7aad6f3e7598225e3902890dc6ff59 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.0-rc200.tgz - version: 0.3.0-rc200 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.0-rc1 - created: "2021-01-15T00:11:30.443115-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 2f72018aba77b61c891e7ee430086b91a1d822ac276b2a483eeee00a0e32ecd2 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.0-rc100.tgz - version: 0.3.0-rc100 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.0-beta6 - created: "2021-01-15T00:11:30.442776-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: c698ce4c2749dfc4134d08ec4522af59022e3c17ebf1eabc8642a6de57d9a378 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.0-beta600.tgz - version: 0.3.0-beta600 fleet-crd: - annotations: catalog.cattle.io/certified: rancher @@ -1061,78 +221,14 @@ entries: catalog.cattle.io/release-name: fleet-crd apiVersion: v2 appVersion: 0.3.5 - created: "2021-04-19T17:18:41.434966663Z" + created: "2021-04-21T15:17:43.28141-07:00" description: Fleet Manager CustomResourceDefinitions - digest: 1ebf500a7032134e13e35ed17e88a1025efce673cd8b4f433b2459b0f38f2807 + digest: 7bf82d347fbdb3f4afa7360426d403f750fb62a75e64e442f95a8796a92589d5 icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet-crd urls: - - assets/fleet-crd/fleet-crd-0.3.500-rc05.tgz - version: 0.3.500-rc05 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.5 - created: "2021-04-10T01:22:19.634532712Z" - description: Fleet Manager CustomResourceDefinitions - digest: 97b10b9c6943cdc972a5a69fd96db4a75d4a0543f4588dd733ad4c9824dc5698 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - assets/fleet-crd/fleet-crd-0.3.500-rc04.tgz - version: 0.3.500-rc04 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.5 - created: "2021-04-07T21:48:50.62203095Z" - description: Fleet Manager CustomResourceDefinitions - digest: 92663c8f47355f313050b9043dd528905df6716c5e90bdaade7abe7fe1c15a99 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - assets/fleet-crd/fleet-crd-0.3.500-rc03.tgz - version: 0.3.500-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.5 - created: "2021-04-06T01:27:24.198922465Z" - description: Fleet Manager CustomResourceDefinitions - digest: ee5ae9f179dac626c18ca795b47a9b67ba4317f284c60c5e188d23f02cf5b2a6 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - assets/fleet-crd/fleet-crd-0.3.500-rc02.tgz - version: 0.3.500-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.5 - created: "2021-03-18T19:39:38.699012554Z" - description: Fleet Manager CustomResourceDefinitions - digest: 5a9971ba36b1565f22b4bababd5a5f862d2ca016a626283dfc79b30b8952f00c - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - assets/fleet-crd/fleet-crd-0.3.500-rc01.tgz - version: 0.3.500-rc01 + - released/assets/fleet-crd/fleet-crd-0.3.500.tgz + version: 0.3.500 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -1141,110 +237,14 @@ entries: catalog.cattle.io/release-name: fleet-crd apiVersion: v2 appVersion: 0.3.4 - created: "2021-03-04T09:47:44.985982-08:00" + created: "2021-04-21T15:17:43.280872-07:00" description: Fleet Manager CustomResourceDefinitions - digest: 08a71c3658b502abcac9967992089f06a2e7b945939173ab690109e31c879d78 + digest: 36c8f232f6d3f2698d0e43d7a95359555f0e8852cfb2c41d901eb09f807d291f icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet-crd urls: - - released/assets/fleet-crd/fleet-crd-0.3.400-rc08.tgz - version: 0.3.400-rc08 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.985281-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: 8dabeedc21780455b4dbdbf963ca9a78a6d075163c61a282832424a552aefaa0 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.400-rc07.tgz - version: 0.3.400-rc07 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.984535-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: 868f7b6e3caf84cc9d4c911ea03e3a01468ff3e9bb61764c890328e204f3afcc - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.400-rc06.tgz - version: 0.3.400-rc06 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.983697-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: 43f1202bb4e902d87c991ce6f784eba76bf293cf306ad8f4f86befb1af926c63 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.400-rc05.tgz - version: 0.3.400-rc05 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.98195-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: f1f0b41f0361f1dafc601a6b2113dc7956241df6f31392be86c263fab3020141 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.400-rc04.tgz - version: 0.3.400-rc04 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.981021-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: c5c909ed053603f81ab58c8292f197fc86cd7abd4c52c1be7fe6fbd971cc9317 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.400-rc03.tgz - version: 0.3.400-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.980036-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: b4bdaa0cf4bd59c0629e22da5822d03f4fe3b588d79ce4f17c85067cb266ea12 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.400-rc00.tgz - version: 0.3.400-rc00 + - released/assets/fleet-crd/fleet-crd-0.3.400.tgz + version: 0.3.400 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -1253,30 +253,14 @@ entries: catalog.cattle.io/release-name: fleet-crd apiVersion: v2 appVersion: 0.3.3 - created: "2021-01-15T00:11:30.460625-08:00" + created: "2021-04-21T15:17:43.280327-07:00" description: Fleet Manager CustomResourceDefinitions - digest: 9f7fd02d05da58beb8e5b10af0f0c22a5355532112f22d0f9150ed6f16e8d738 + digest: 35bbfc8e2276379965d8671b752530b4b3603cacab9106dad64f37839b2f1342 icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet-crd urls: - released/assets/fleet-crd/fleet-crd-0.3.300.tgz version: 0.3.300 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.3-rc1 - created: "2021-01-15T00:11:30.460163-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: 6c71754d009749043486ef5d51293781f0a140c23abc2e5e02b7b3d8a416e7a1 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.300-rc1.tgz - version: 0.3.300-rc1 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -1285,62 +269,14 @@ entries: catalog.cattle.io/release-name: fleet-crd apiVersion: v2 appVersion: 0.3.2 - created: "2021-01-15T00:11:30.459702-08:00" + created: "2021-04-21T15:17:43.279062-07:00" description: Fleet Manager CustomResourceDefinitions - digest: 170663b6c1b877803057699633b386d17bd8dd29dabe83c60a19fa160572e649 + digest: 025f0b2ee6f8b709c19ed2676faecba9579c9a14d526d9e16573eb8b98d5bc52 icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet-crd urls: - released/assets/fleet-crd/fleet-crd-0.3.200.tgz version: 0.3.200 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.2-rc7 - created: "2021-01-15T00:11:30.459237-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: e189bf956a74e6110d11ca8d333ed2eb8fca6bd38d9ad9f9aca85f50e9d13c44 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.200-rc7.tgz - version: 0.3.200-rc7 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.2-rc6 - created: "2021-01-15T00:11:30.458738-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: 910aa180969f7efa7707860d8003a8a8a4d64fa2943a9d35402fba0089ea53d1 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.200-rc6.tgz - version: 0.3.200-rc6 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.2-rc5 - created: "2021-01-15T00:11:30.457713-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: f452552ccb8c6ebd3138f24ad70c83936a271a6f1a58c57c1e8f3d7bf2d9428b - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.200-rc5.tgz - version: 0.3.200-rc5 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -1348,90 +284,14 @@ entries: catalog.cattle.io/release-name: fleet-crd apiVersion: v2 appVersion: 0.3.1 - created: "2021-01-15T00:11:30.453908-08:00" + created: "2021-04-21T15:17:43.278447-07:00" description: Fleet Manager CustomResourceDefinitions - digest: 54dba389fc02e3655fe4e47f05f149f4661440974f57e229d93c3828a6a23f95 + digest: f47abbbcd5b2ca28dcb8303e01a5562da698ec78423c0dc4aa249e6f6b3b7eb4 icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet-crd urls: - released/assets/fleet-crd/fleet-crd-0.3.100.tgz version: 0.3.100 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.2-rc5 - created: "2021-01-15T00:11:30.457197-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: 1f759371cea4364f8a193815c3f1fdd3a518d6431d0ebf24a274f88ee2793c5c - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.2-rc500.tgz - version: 0.3.2-rc500 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.2-rc4 - created: "2021-01-15T00:11:30.456675-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: 9b6e11bab284ac76e6e287b5912ecbebf1286ad23b703a90050167f9cb47965e - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.2-rc400.tgz - version: 0.3.2-rc400 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.2-rc3 - created: "2021-01-15T00:11:30.456173-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: 317da5d6523ceb6c34b82f5641ddb18dec5fc96ec841949b535979715463a692 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.2-rc300.tgz - version: 0.3.2-rc300 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.2-rc2 - created: "2021-01-15T00:11:30.455531-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: e0ce08e0a55def30a2c95edfcfcdfe0ee9ac9f5dc8666ef53626e31cebe4fb4c - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.2-rc200.tgz - version: 0.3.2-rc200 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.2-rc1 - created: "2021-01-15T00:11:30.454478-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: b21e1d17af28400b9aa8960c7ee6d090266114b4811c9c5c507ecc1a662dc30a - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.2-rc100.tgz - version: 0.3.2-rc100 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -1439,74 +299,14 @@ entries: catalog.cattle.io/release-name: fleet-crd apiVersion: v2 appVersion: 0.3.0 - created: "2021-01-15T00:11:30.453346-08:00" + created: "2021-04-21T15:17:43.277858-07:00" description: Fleet Manager CustomResourceDefinitions - digest: 0d24fc1805c045d86894e092454dbf2beffa3ad0ddadd10895f6db7821908715 + digest: 08e3af78da30602b47b60ebfb8e509703dbedc5b312f6aa3a9e9b0275adca75a icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet-crd urls: - released/assets/fleet-crd/fleet-crd-0.3.000.tgz version: 0.3.000 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.0-rc3 - created: "2021-01-15T00:11:30.452862-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: c9b099c6e5e83ab677bc9c38eed6bdbe3f15611c261c2868c38aac24f3628c6f - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.0-rc300.tgz - version: 0.3.0-rc300 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.0-rc2 - created: "2021-01-15T00:11:30.452386-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: 88e1db58de806e970fc5ee7fbd55dd389ca31360a81a9591b38f551b62157b20 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.0-rc200.tgz - version: 0.3.0-rc200 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.0-rc1 - created: "2021-01-15T00:11:30.451433-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: 0f037ac5744a26b7a382662121f934417f76484448e19f4d4b931f002df2b888 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.0-rc100.tgz - version: 0.3.0-rc100 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.0-beta6 - created: "2021-01-15T00:11:30.45084-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: a053cf9e74fb7f070c9f46127ae5f076c812dc5ae545449fe11212ae5426b85c - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.0-beta600.tgz - version: 0.3.0-beta600 longhorn: - annotations: catalog.cattle.io/auto-install: longhorn-crd=match @@ -1519,9 +319,9 @@ entries: catalog.cattle.io/ui-component: longhorn apiVersion: v1 appVersion: v1.1.0 - created: "2021-03-04T09:47:44.988379-08:00" + created: "2021-04-21T15:17:43.285501-07:00" description: Longhorn is a distributed block storage system for Kubernetes. - digest: c1138d74207f6296f07981ee2daadb9c6f08b1156de297e9b0f56620b5d7bb15 + digest: 98b46706eb8c7b6261c1aa03f5081429867076f8f8f28ff0e4fb2f7389d66ef3 home: https://github.com/longhorn/longhorn icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.svg?sanitize=true keywords: @@ -1547,8 +347,8 @@ entries: - https://github.com/longhorn/longhorn-ui - https://github.com/longhorn/longhorn-tests urls: - - released/assets/longhorn/longhorn-1.1.001-rc01.tgz - version: 1.1.001-rc01 + - released/assets/longhorn/longhorn-1.1.001.tgz + version: 1.1.001 - annotations: catalog.cattle.io/auto-install: longhorn-crd=match catalog.cattle.io/certified: rancher @@ -1560,50 +360,9 @@ entries: catalog.cattle.io/ui-component: longhorn apiVersion: v1 appVersion: v1.1.0 - created: "2021-03-04T09:47:44.987209-08:00" + created: "2021-04-21T15:17:43.284457-07:00" description: Longhorn is a distributed block storage system for Kubernetes. - digest: 13e6c2b046fb4d24da32f2d685ea51449eaa377a3e57924ef721387b891f8c47 - home: https://github.com/longhorn/longhorn - icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.svg?sanitize=true - keywords: - - longhorn - - storage - - distributed - - block - - device - - iscsi - kubeVersion: '>=v1.16.0-r0' - maintainers: - - email: maintainers@longhorn.io - name: Longhorn maintainers - - email: sheng@yasker.org - name: Sheng Yang - name: longhorn - sources: - - https://github.com/longhorn/longhorn - - https://github.com/longhorn/longhorn-engine - - https://github.com/longhorn/longhorn-instance-manager - - https://github.com/longhorn/longhorn-share-manager - - https://github.com/longhorn/longhorn-manager - - https://github.com/longhorn/longhorn-ui - - https://github.com/longhorn/longhorn-tests - urls: - - released/assets/longhorn/longhorn-1.1.001-rc00.tgz - version: 1.1.001-rc00 - - annotations: - catalog.cattle.io/auto-install: longhorn-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Longhorn - catalog.cattle.io/namespace: longhorn-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: longhorn.io/v1beta1 - catalog.cattle.io/release-name: longhorn - catalog.cattle.io/ui-component: longhorn - apiVersion: v1 - appVersion: v1.1.0 - created: "2021-01-15T00:11:30.464593-08:00" - description: Longhorn is a distributed block storage system for Kubernetes. - digest: 4d9c34af5cb6f983649c0da636853dcb363aa6aed1293bffb11ddfd04180d122 + digest: aba8166911b39cfe44529c1ff3fd910e437ade64e72f39edc20957442605f619 home: https://github.com/longhorn/longhorn icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.svg keywords: @@ -1642,49 +401,9 @@ entries: catalog.cattle.io/ui-component: longhorn apiVersion: v1 appVersion: v1.0.2 - created: "2021-01-15T00:11:30.463634-08:00" + created: "2021-04-21T15:17:43.283498-07:00" description: Longhorn is a distributed block storage system for Kubernetes. - digest: b5e9f517ae4bf542afd3f9717ad0c81dd3a1a99361a19ce51effe40a4696f045 - home: https://github.com/longhorn/longhorn - icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.svg - keywords: - - longhorn - - storage - - distributed - - block - - device - - iscsi - kubeVersion: '>=v1.14.0-r0' - maintainers: - - email: maintainers@longhorn.io - name: Longhorn maintainers - - email: sheng@yasker.org - name: Sheng Yang - name: longhorn - sources: - - https://github.com/longhorn/longhorn - - https://github.com/longhorn/longhorn-engine - - https://github.com/longhorn/longhorn-instance-manager - - https://github.com/longhorn/longhorn-manager - - https://github.com/longhorn/longhorn-ui - - https://github.com/longhorn/longhorn-tests - urls: - - released/assets/longhorn/longhorn-1.0.202.tgz - version: 1.0.202 - - annotations: - catalog.cattle.io/auto-install: longhorn-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Longhorn - catalog.cattle.io/namespace: longhorn-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: longhorn.io/v1beta1 - catalog.cattle.io/release-name: longhorn - catalog.cattle.io/ui-component: longhorn - apiVersion: v1 - appVersion: v1.0.2 - created: "2021-01-15T00:11:30.462831-08:00" - description: Longhorn is a distributed block storage system for Kubernetes. - digest: 8ab068f792fac6d4de81fdc6f66a7fa00c7d379e46d6715ee25c3c764f5b95f8 + digest: b18eda4e4b1170b7e9f488782fb6409da084b5beaa9945a3a3babe39f031e320 home: https://github.com/longhorn/longhorn icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.svg keywords: @@ -1721,9 +440,9 @@ entries: catalog.cattle.io/ui-component: longhorn apiVersion: v1 appVersion: v1.0.2 - created: "2021-01-15T00:11:30.461814-08:00" + created: "2021-04-21T15:17:43.28266-07:00" description: Longhorn is a distributed block storage system for Kubernetes. - digest: 49b5b8341fdc7a39337f20edac1667d1a2f36b579f9cb7ecdc2ebf987e03df3f + digest: 66189346fc24f5407f7a11a41faf9913144801a72472151702e28f808d557073 home: https://github.com/longhorn/longhorn icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.svg keywords: @@ -1757,37 +476,23 @@ entries: catalog.cattle.io/namespace: longhorn-system catalog.cattle.io/release-name: longhorn-crd apiVersion: v1 - created: "2021-03-04T09:47:44.988935-08:00" + created: "2021-04-21T15:17:43.28677-07:00" description: Installs the CRDs for longhorn. - digest: 2dde1bf0c307ab4fddaa36f7fec5c42495e6cd2356605e6fbff816a33303fd4a + digest: 305196027ef02e1f01519b99302321fbb48dd5faca8084751758c5954f83f488 name: longhorn-crd type: application urls: - - released/assets/longhorn/longhorn-crd-1.1.001-rc01.tgz - version: 1.1.001-rc01 + - released/assets/longhorn/longhorn-crd-1.1.001.tgz + version: 1.1.001 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: longhorn-system catalog.cattle.io/release-name: longhorn-crd apiVersion: v1 - created: "2021-03-04T09:47:44.988638-08:00" + created: "2021-04-21T15:17:43.286563-07:00" description: Installs the CRDs for longhorn. - digest: d5433891d9ca259d2eedb2d969adda94fe2e85b89dfa17e58785ef39a7ac0923 - name: longhorn-crd - type: application - urls: - - released/assets/longhorn/longhorn-crd-1.1.001-rc00.tgz - version: 1.1.001-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: longhorn-system - catalog.cattle.io/release-name: longhorn-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.46526-08:00" - description: Installs the CRDs for longhorn. - digest: 2ca9ca1b7af582f9c0e89684e4624a4d4cfc1484ceee74f3cab9c22c7b4e823f + digest: 5d5f3a3493810aa0dfd263757819e00a8a483c5410c5ff4ff61f5d5fee3561b9 name: longhorn-crd type: application urls: @@ -1799,23 +504,9 @@ entries: catalog.cattle.io/namespace: longhorn-system catalog.cattle.io/release-name: longhorn-crd apiVersion: v1 - created: "2021-01-15T00:11:30.465077-08:00" + created: "2021-04-21T15:17:43.286363-07:00" description: Installs the CRDs for longhorn. - digest: 585f1161f2d231cdfe9abc44c9f7ef257cc217f611a617be76b590a7f6a32350 - name: longhorn-crd - type: application - urls: - - released/assets/longhorn/longhorn-crd-1.0.202.tgz - version: 1.0.202 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: longhorn-system - catalog.cattle.io/release-name: longhorn-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.464922-08:00" - description: Installs the CRDs for longhorn. - digest: 3b8908fb3dec0f0b70a7775a70fd3f1fc8cb1a4c1b72a7f564e6ccb3c11f94b1 + digest: 4da0eeeef78a45c8b0111bb66cfca1734088bcd9bb15b8bfd6712b0ab6320ca1 name: longhorn-crd type: application urls: @@ -1827,9 +518,9 @@ entries: catalog.cattle.io/namespace: longhorn-system catalog.cattle.io/release-name: longhorn-crd apiVersion: v1 - created: "2021-01-15T00:11:30.464762-08:00" + created: "2021-04-21T15:17:43.286127-07:00" description: Installs the CRDs for longhorn. - digest: 815331159012c16c6cd9816a10a38fcf03972d2f3a9f5fc97b8e0f87e937d10b + digest: c3fc8df8818d884c9df73999999834cebe41ce6567f60222792c2593ad853d31 name: longhorn-crd type: application urls: @@ -1843,7 +534,7 @@ entries: catalog.cattle.io/release-name: rancher-alerting-drivers apiVersion: v2 appVersion: 1.16.0 - created: "2021-04-21T19:30:59.638973174Z" + created: "2021-04-21T15:17:43.287633-07:00" dependencies: - condition: prom2teams.enabled name: prom2teams @@ -1853,66 +544,15 @@ entries: repository: file://./charts/sachet description: The manager for third-party webhook receivers used in Prometheus Alertmanager - digest: 4e6ae29c5ace7253df6d3ab03f365586dee5886983840252760dd1f4f745c36b + digest: c2b4935dbe8dc711267336813fe7e9a1fb6ef6f510603c44359a0ebe2a3883a7 keywords: - monitoring - alertmanger - webhook name: rancher-alerting-drivers urls: - - assets/rancher-alerting-drivers/rancher-alerting-drivers-1.0.100-rc03.tgz - version: 1.0.100-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Alerting Drivers - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-alerting-drivers - apiVersion: v2 - appVersion: 1.16.0 - created: "2021-04-15T21:48:24.628282101Z" - dependencies: - - condition: prom2teams.enabled - name: prom2teams - repository: file://./charts/prom2teams - - condition: sachet.enabled - name: sachet - repository: file://./charts/sachet - description: The manager for third-party webhook receivers used in Prometheus - Alertmanager - digest: c9433565bc0a26dda6db36eea1ea2d6e854577c87e8c7a10c3c68c4fbd9da9d0 - keywords: - - monitoring - - alertmanger - - webhook - name: rancher-alerting-drivers - urls: - - assets/rancher-alerting-drivers/rancher-alerting-drivers-1.0.100-rc02.tgz - version: 1.0.100-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Alerting Drivers - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-alerting-drivers - apiVersion: v2 - appVersion: 1.16.0 - created: "2021-04-15T00:36:31.046758531Z" - dependencies: - - condition: prom2teams.enabled - name: prom2teams - repository: file://./charts/prom2teams - - condition: sachet.enabled - name: sachet - repository: file://./charts/sachet - description: The manager for third-party webhook receivers used in the Alertmanger - digest: 17792f352254ecec55f48a1e77ea2f1f73d534b7a56541286c52fb41b7f026b5 - keywords: - - monitoring - - alertmanger - - webhook - name: rancher-alerting-drivers - urls: - - assets/rancher-alerting-drivers/rancher-alerting-drivers-1.0.100-rc01.tgz - version: 1.0.100-rc01 + - released/assets/rancher-alerting-drivers/rancher-alerting-drivers-1.0.100.tgz + version: 1.0.100 rancher-backup: - annotations: catalog.cattle.io/auto-install: rancher-backup-crd=match @@ -1926,42 +566,18 @@ entries: catalog.cattle.io/ui-component: rancher-backup apiVersion: v2 appVersion: 1.0.4 - created: "2021-04-06T18:12:22.566984745Z" + created: "2021-04-21T15:17:43.29061-07:00" description: Provides ability to back up and restore the Rancher application running on any Kubernetes cluster - digest: af2c73d66f7808f710d47df3f0e0053a2e500a1c7fe02fd7805bb2b1457d47e6 + digest: 92f52749b1289e1e8dcbb48183e7e0ab0ef2578af95a51c59447dc49dc6eb4fa icon: https://charts.rancher.io/assets/logos/backup-restore.svg keywords: - applications - infrastructure name: rancher-backup urls: - - assets/rancher-backup/rancher-backup-1.0.400-rc03.tgz - version: 1.0.400-rc03 - - annotations: - catalog.cattle.io/auto-install: rancher-backup-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Rancher Backups - catalog.cattle.io/namespace: cattle-resources-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: resources.cattle.io.resourceset/v1 - catalog.cattle.io/release-name: rancher-backup - catalog.cattle.io/scope: management - catalog.cattle.io/ui-component: rancher-backup - apiVersion: v2 - appVersion: 1.0.4 - created: "2021-03-19T21:11:36.466433266Z" - description: Provides ability to back up and restore the Rancher application running - on any Kubernetes cluster - digest: 5fd539770144cff99063b15c0e7b07e7fa0d61b906f7f741976d1f9aff56bdfd - icon: https://charts.rancher.io/assets/logos/backup-restore.svg - keywords: - - applications - - infrastructure - name: rancher-backup - urls: - - assets/rancher-backup/rancher-backup-1.0.400-rc02.tgz - version: 1.0.400-rc02 + - released/assets/rancher-backup/rancher-backup-1.0.400.tgz + version: 1.0.400 - annotations: catalog.cattle.io/auto-install: rancher-backup-crd=match catalog.cattle.io/certified: rancher @@ -1974,18 +590,18 @@ entries: catalog.cattle.io/ui-component: rancher-backup apiVersion: v1 appVersion: v1.0.3 - created: "2021-03-04T09:47:44.990624-08:00" + created: "2021-04-21T15:17:43.290137-07:00" description: Provides ability to back up and restore the Rancher application running on any Kubernetes cluster - digest: 7d6296d4c459042bb7f85543691ba807ae03cda6d42db22fcdafd01dbf49edea + digest: 21e586d307c78cc6a1321adaa89bef78719f0beca7f181c719cbca27691e6f5a icon: https://charts.rancher.io/assets/logos/backup-restore.svg keywords: - applications - infrastructure name: rancher-backup urls: - - released/assets/rancher-backup/rancher-backup-1.0.301-rc01.tgz - version: 1.0.301-rc01 + - released/assets/rancher-backup/rancher-backup-1.0.301.tgz + version: 1.0.301 - annotations: catalog.cattle.io/auto-install: rancher-backup-crd=match catalog.cattle.io/certified: rancher @@ -1998,34 +614,10 @@ entries: catalog.cattle.io/ui-component: rancher-backup apiVersion: v1 appVersion: v1.0.3 - created: "2021-03-04T09:47:44.989572-08:00" + created: "2021-04-21T15:17:43.289711-07:00" description: Provides ability to back up and restore the Rancher application running on any Kubernetes cluster - digest: 9f44f0901b03b9349242bc2b0e9cb6ec6b3e10f6583f605e3c3d8b87dc5f490c - icon: https://charts.rancher.io/assets/logos/backup-restore.svg - keywords: - - applications - - infrastructure - name: rancher-backup - urls: - - released/assets/rancher-backup/rancher-backup-1.0.301-rc00.tgz - version: 1.0.301-rc00 - - annotations: - catalog.cattle.io/auto-install: rancher-backup-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Rancher Backups - catalog.cattle.io/namespace: cattle-resources-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: resources.cattle.io.resourceset/v1 - catalog.cattle.io/release-name: rancher-backup - catalog.cattle.io/scope: management - catalog.cattle.io/ui-component: rancher-backup - apiVersion: v1 - appVersion: v1.0.3 - created: "2021-01-15T00:11:30.466548-08:00" - description: Provides ability to back up and restore the Rancher application running - on any Kubernetes cluster - digest: 9fe775b7260bad706159af83c256b93662902bfef01cc071f3f3bb780d9e18bc + digest: 733d4515a014e6c6d99f73db30d3143f7cef04a870b19a3b2f5eef5b09dbfc55 icon: https://charts.rancher.io/assets/logos/backup-restore.svg keywords: - applications @@ -2046,10 +638,10 @@ entries: catalog.cattle.io/ui-component: rancher-backup apiVersion: v1 appVersion: v1.0.2 - created: "2021-01-15T00:11:30.466109-08:00" + created: "2021-04-21T15:17:43.289279-07:00" description: Provides ability to back up and restore the Rancher application running on any Kubernetes cluster - digest: 931b45edda48b555f6c5c1179776787b615129f92026658100104e8f9a9012c5 + digest: bd39f041d51be323dd59dbbb0bae5c21b7ebbdca5f777972080254eb996595b4 icon: https://charts.rancher.io/assets/logos/backup-restore.svg keywords: - applications @@ -2069,10 +661,10 @@ entries: catalog.cattle.io/ui-component: rancher-backup apiVersion: v1 appVersion: v1.0.2 - created: "2021-01-15T00:11:30.465667-08:00" + created: "2021-04-21T15:17:43.288836-07:00" description: Provides ability to back up and restore the Rancher application running on any Kubernetes cluster - digest: 8c5375832bcb54fb3bc4d708ca22248e381bf1fcde8013a48a0b37d9a60e2375 + digest: a3a4fcd83c7332bfafe1ee03c17dbdb43765364e97dc19f297884334486196c7 icon: https://charts.rancher.io/assets/logos/backup-restore.svg keywords: - applications @@ -2089,66 +681,37 @@ entries: catalog.cattle.io/release-name: rancher-backup-crd apiVersion: v2 appVersion: 1.0.4 - created: "2021-04-15T17:26:22.1833423Z" + created: "2021-04-21T15:17:43.291591-07:00" description: Installs the CRDs for rancher-backup. - digest: 0c8a620d826dce7c5ef2edffda3b51caf8dbce3f15f412c25e7abc31988b234c + digest: e09b3e5d037d604a10365ec814104582c6eccd91af0ed42a738345c57edf903a name: rancher-backup-crd type: application urls: - - assets/rancher-backup-crd/rancher-backup-crd-1.0.400-rc03.tgz - version: 1.0.400-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-resources-system - catalog.cattle.io/release-name: rancher-backup-crd - apiVersion: v2 - appVersion: 1.0.4 - created: "2021-03-19T21:11:36.467133912Z" - description: Installs the CRDs for rancher-backup. - digest: caafbea7cdbcc266d2fd3f5e9379fb471a700eef94f2cfc864926aed230a9817 - name: rancher-backup-crd - type: application - urls: - - assets/rancher-backup-crd/rancher-backup-crd-1.0.400-rc02.tgz - version: 1.0.400-rc02 + - released/assets/rancher-backup-crd/rancher-backup-crd-1.0.400.tgz + version: 1.0.400 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: cattle-resources-system catalog.cattle.io/release-name: rancher-backup-crd apiVersion: v1 - created: "2021-03-04T09:47:44.99116-08:00" + created: "2021-04-21T15:17:43.291396-07:00" description: Installs the CRDs for rancher-backup. - digest: bfc3f4d5d64a7989eec4d518c36276acdc21f5fbb98ace02a80678d5caf390d5 + digest: 3dedeb53130cb1050147156b87c770ab40a023be25f4d3342678eb7d8a33362d name: rancher-backup-crd type: application urls: - - released/assets/rancher-backup/rancher-backup-crd-1.0.301-rc01.tgz - version: 1.0.301-rc01 + - released/assets/rancher-backup/rancher-backup-crd-1.0.301.tgz + version: 1.0.301 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: cattle-resources-system catalog.cattle.io/release-name: rancher-backup-crd apiVersion: v1 - created: "2021-03-04T09:47:44.99088-08:00" + created: "2021-04-21T15:17:43.291204-07:00" description: Installs the CRDs for rancher-backup. - digest: 472492587c7403c45544ee70a9cdaa6c20afe8367415e35aa934f048a7071eba - name: rancher-backup-crd - type: application - urls: - - released/assets/rancher-backup/rancher-backup-crd-1.0.301-rc00.tgz - version: 1.0.301-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-resources-system - catalog.cattle.io/release-name: rancher-backup-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.467126-08:00" - description: Installs the CRDs for rancher-backup. - digest: 8d6e14dccabb8477c1e27b3bfbab4f8751252d492152a2ac2640bbbb3ec6d4c4 + digest: da8413d2ecc169ba43aa5f6f3cb9da45c297140a1af2e702f11c4645f644c7e4 name: rancher-backup-crd type: application urls: @@ -2160,9 +723,9 @@ entries: catalog.cattle.io/namespace: cattle-resources-system catalog.cattle.io/release-name: rancher-backup-crd apiVersion: v1 - created: "2021-01-15T00:11:30.466935-08:00" + created: "2021-04-21T15:17:43.291003-07:00" description: Installs the CRDs for rancher-backup. - digest: ebf8da7907c5fce5f9dccf4c3fa540f76c296955cd466a15f3f88b41b8f7d3dd + digest: b42794ee6663cb35c6f40c1b43ce51f6b82d2f8efe06421c9b2a1cb7cea18503 name: rancher-backup-crd type: application urls: @@ -2174,9 +737,9 @@ entries: catalog.cattle.io/namespace: cattle-resources-system catalog.cattle.io/release-name: rancher-backup-crd apiVersion: v1 - created: "2021-01-15T00:11:30.46675-08:00" + created: "2021-04-21T15:17:43.290806-07:00" description: Installs the CRDs for rancher-backup. - digest: 7021563a39672f11d7af57f1769da179d3f059d5f2fe9e72c6a1a486a52eed73 + digest: 4d2cfbd4b413d0a86cd3c94a10a3316c44a668c79730a2a4063933aa0eb6e332 name: rancher-backup-crd type: application urls: @@ -2194,17 +757,17 @@ entries: catalog.cattle.io/ui-component: rancher-cis-benchmark apiVersion: v1 appVersion: v1.0.4 - created: "2021-04-09T23:21:12.566741379Z" + created: "2021-04-21T15:17:43.295709-07:00" description: The cis-operator enables running CIS benchmark security scans on a kubernetes cluster - digest: 1b2f82001209464614552b9a068c356a3426f46ab859c3dd5e3bbf860259abb2 + digest: 52aa43c6ae9db78a53d019cf5283e8bcbc38134f91862496c4b2fa2b0c8548b5 icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg keywords: - security name: rancher-cis-benchmark urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.402-rc00.tgz - version: 1.0.402-rc00 + - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.402.tgz + version: 1.0.402 - annotations: catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match catalog.cattle.io/certified: rancher @@ -2216,61 +779,17 @@ entries: catalog.cattle.io/ui-component: rancher-cis-benchmark apiVersion: v1 appVersion: v1.0.4 - created: "2021-04-15T21:24:07.197772144Z" + created: "2021-04-21T15:17:43.294596-07:00" description: The cis-operator enables running CIS benchmark security scans on a kubernetes cluster - digest: c244a44f87f1da19aa659da94e4280bac53925594c7f915b39d9ec5a7ca864a2 + digest: 7df9c288b901b484b58ff44d619169069d0951e283749e20b6049d5dd4b0e289 icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg keywords: - security name: rancher-cis-benchmark urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.400-rc03.tgz - version: 1.0.400-rc03 - - annotations: - catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: CIS Benchmark - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 - catalog.cattle.io/release-name: rancher-cis-benchmark - catalog.cattle.io/ui-component: rancher-cis-benchmark - apiVersion: v1 - appVersion: v1.0.4 - created: "2021-04-12T17:32:41.161236616Z" - description: The cis-operator enables running CIS benchmark security scans on - a kubernetes cluster - digest: ef5a38f090505b3a993d9e399f7e132b13878c1a987c3d407553d96ad9b71f10 - icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg - keywords: - - security - name: rancher-cis-benchmark - urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.400-rc02.tgz - version: 1.0.400-rc02 - - annotations: - catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: CIS Benchmark - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 - catalog.cattle.io/release-name: rancher-cis-benchmark - catalog.cattle.io/ui-component: rancher-cis-benchmark - apiVersion: v1 - appVersion: v1.0.4 - created: "2021-04-06T22:40:50.996509533Z" - description: The cis-operator enables running CIS benchmark security scans on - a kubernetes cluster - digest: 6cf3883441691b96775bf5ef7a0a8983b4ce147651125ad5351f6d3373ebe236 - icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg - keywords: - - security - name: rancher-cis-benchmark - urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.400-rc01.tgz - version: 1.0.400-rc01 + - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.400.tgz + version: 1.0.400 - annotations: catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match catalog.cattle.io/certified: rancher @@ -2282,17 +801,17 @@ entries: catalog.cattle.io/ui-component: rancher-cis-benchmark apiVersion: v1 appVersion: v1.0.3 - created: "2021-03-19T19:06:09.747464838Z" + created: "2021-04-21T15:17:43.293828-07:00" description: The cis-operator enables running CIS benchmark security scans on a kubernetes cluster - digest: e4e71c09635bf2c56580c7031ba3c0336e1b3376b34049db60e9ceb755a26dbd + digest: c548033c5ec3822f2c89f0a1a19e3f4ce063f59a4ee021523642886ec3bf13a2 icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg keywords: - security name: rancher-cis-benchmark urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.400-rc00.tgz - version: 1.0.400-rc00 + - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.301.tgz + version: 1.0.301 - annotations: catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match catalog.cattle.io/certified: rancher @@ -2304,54 +823,10 @@ entries: catalog.cattle.io/ui-component: rancher-cis-benchmark apiVersion: v1 appVersion: v1.0.3 - created: "2021-03-04T09:47:44.992387-08:00" + created: "2021-04-21T15:17:43.293294-07:00" description: The cis-operator enables running CIS benchmark security scans on a kubernetes cluster - digest: 5e389e57302f2f4ee674490e0ca7dcd4d78b2afd0f038d840dac974b77d66ede - icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg - keywords: - - security - name: rancher-cis-benchmark - urls: - - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.301-rc01.tgz - version: 1.0.301-rc01 - - annotations: - catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: CIS Benchmark - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 - catalog.cattle.io/release-name: rancher-cis-benchmark - catalog.cattle.io/ui-component: rancher-cis-benchmark - apiVersion: v1 - appVersion: v1.0.3 - created: "2021-03-04T09:47:44.991803-08:00" - description: The cis-operator enables running CIS benchmark security scans on - a kubernetes cluster - digest: 6fec0634cd92f79fa192e7860fd99babb104e0350a9007a9923e8439b761ff08 - icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg - keywords: - - security - name: rancher-cis-benchmark - urls: - - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.301-rc00.tgz - version: 1.0.301-rc00 - - annotations: - catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: CIS Benchmark - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 - catalog.cattle.io/release-name: rancher-cis-benchmark - catalog.cattle.io/ui-component: rancher-cis-benchmark - apiVersion: v1 - appVersion: v1.0.3 - created: "2021-01-15T00:11:30.468452-08:00" - description: The cis-operator enables running CIS benchmark security scans on - a kubernetes cluster - digest: af499c4fbd67e594057e97ac025011c52f0e02d6f7571532b7f5a2b19ed19035 + digest: 2cce59f4f78b975edd93b0d707c5282fa44a6fa1f19d702ed4be8c221170c8d1 icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg keywords: - security @@ -2370,10 +845,10 @@ entries: catalog.cattle.io/ui-component: rancher-cis-benchmark apiVersion: v1 appVersion: v1.0.2 - created: "2021-01-15T00:11:30.46796-08:00" + created: "2021-04-21T15:17:43.292755-07:00" description: The cis-operator enables running CIS benchmark security scans on a kubernetes cluster - digest: b234bbf851d0c5bf1cb02e51ea647d95d53e9f2302b1e68518eadb694f345a1c + digest: b3a6ce49c5e6918a1658f682fdf25e241d9638fde4b8c046a70562c13228c8c0 icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg keywords: - security @@ -2391,10 +866,10 @@ entries: catalog.cattle.io/ui-component: rancher-cis-benchmark apiVersion: v1 appVersion: v1.0.1 - created: "2021-01-15T00:11:30.46754-08:00" + created: "2021-04-21T15:17:43.291987-07:00" description: The cis-operator enables running CIS benchmark security scans on a kubernetes cluster - digest: 0d4ff5981f5ee48fca8a887ab0608888f85f97285175c46d7320c6987f167d4f + digest: 407c19666ce5c083c50d8ef2cbc4fbc26b811106bbfc6b3d25a659a593c0aa3c icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg keywords: - security @@ -2409,107 +884,51 @@ entries: catalog.cattle.io/namespace: cis-operator-system catalog.cattle.io/release-name: rancher-cis-benchmark-crd apiVersion: v1 - created: "2021-04-09T23:21:12.567872557Z" + created: "2021-04-21T15:17:43.297146-07:00" description: Installs the CRDs for rancher-cis-benchmark. - digest: 00e60fe270f74e664daac82396f45704c317cbd3f469f8ec1cd66aa08206484b + digest: 6c83ac0192359d5c6e5fa4d64ab8564a42a98d42f26cf6a9c8cfaa1ffd025889 name: rancher-cis-benchmark-crd type: application urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.402-rc00.tgz - version: 1.0.402-rc00 + - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.402.tgz + version: 1.0.402 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: cis-operator-system catalog.cattle.io/release-name: rancher-cis-benchmark-crd apiVersion: v1 - created: "2021-04-15T21:24:07.199870681Z" + created: "2021-04-21T15:17:43.29692-07:00" description: Installs the CRDs for rancher-cis-benchmark. - digest: a59c001dfa8b2f6cf30bc02ee90b3cd7d8e514cf9828b1d16226f66a0c4f0451 + digest: d7b87dd4103e588bba20c87debe41617e75b55752c89d9a3dcc024eff3f775c7 name: rancher-cis-benchmark-crd type: application urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.400-rc03.tgz - version: 1.0.400-rc03 + - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.400.tgz + version: 1.0.400 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: cis-operator-system catalog.cattle.io/release-name: rancher-cis-benchmark-crd apiVersion: v1 - created: "2021-04-12T17:32:41.163425823Z" + created: "2021-04-21T15:17:43.296685-07:00" description: Installs the CRDs for rancher-cis-benchmark. - digest: 8c5e8bd0587f16309a9a586914117f613e0e451fc462cee7a1761d16656666ef + digest: cabb44716892582bee08bd13c48caa3863c9f53218f2ffa1f1bc123ae7234d5a name: rancher-cis-benchmark-crd type: application urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.400-rc02.tgz - version: 1.0.400-rc02 + - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.301.tgz + version: 1.0.301 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: cis-operator-system catalog.cattle.io/release-name: rancher-cis-benchmark-crd apiVersion: v1 - created: "2021-04-06T22:40:50.99747654Z" + created: "2021-04-21T15:17:43.296387-07:00" description: Installs the CRDs for rancher-cis-benchmark. - digest: c45c3c7e9a5500376c75f2c5b96f24c25abc1e0ca98524913a69ba8c0445f776 - name: rancher-cis-benchmark-crd - type: application - urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.400-rc01.tgz - version: 1.0.400-rc01 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd - apiVersion: v1 - created: "2021-04-05T19:37:04.719390435Z" - description: Installs the CRDs for rancher-cis-benchmark. - digest: f60d4f0e1c3d1c0824eb920b825f3d9ccd1b0738953c695acfa215974ac0d334 - name: rancher-cis-benchmark-crd - type: application - urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.400-rc00.tgz - version: 1.0.400-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd - apiVersion: v1 - created: "2021-03-04T09:47:44.992822-08:00" - description: Installs the CRDs for rancher-cis-benchmark. - digest: 2fa5d4eb62b76871efccfcdc5c0d4125b1bccc0e2bb498732938ba23ed3bd8fb - name: rancher-cis-benchmark-crd - type: application - urls: - - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.301-rc01.tgz - version: 1.0.301-rc01 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd - apiVersion: v1 - created: "2021-03-04T09:47:44.992608-08:00" - description: Installs the CRDs for rancher-cis-benchmark. - digest: 1f210946fe8e6b3b2b656ea6488536fb942f4ab8202ad6cf265a211e792260b4 - name: rancher-cis-benchmark-crd - type: application - urls: - - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.301-rc00.tgz - version: 1.0.301-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.469354-08:00" - description: Installs the CRDs for rancher-cis-benchmark. - digest: 4a4fbd34ab72796c4780acb6ad99de5dad5f5f54edbd9dad281fc886c3a8b184 + digest: 20d71a2ae15f77913229f809c4acf5924f988a0cfc09061306d65c45899618ce name: rancher-cis-benchmark-crd type: application urls: @@ -2521,23 +940,9 @@ entries: catalog.cattle.io/namespace: cis-operator-system catalog.cattle.io/release-name: rancher-cis-benchmark-crd apiVersion: v1 - created: "2021-03-19T19:06:09.747702548Z" + created: "2021-04-21T15:17:43.296154-07:00" description: Installs the CRDs for rancher-cis-benchmark. - digest: c1c3fe4a892be9bac7f9f262f1df424790110d606b08f6e059381b0681e68dc3 - name: rancher-cis-benchmark-crd - type: application - urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.300-rc00.tgz - version: 1.0.300-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.468842-08:00" - description: Installs the CRDs for rancher-cis-benchmark. - digest: 1da104dc221a9772a21e67ef787919cc191d6df3ccdf019f464e3091d6ed0703 + digest: b12e7bc934602f88087b34540446a2cdc8af5cb30ede6d4d3a48dc29ded1daaa name: rancher-cis-benchmark-crd type: application urls: @@ -2549,9 +954,9 @@ entries: catalog.cattle.io/namespace: cis-operator-system catalog.cattle.io/release-name: rancher-cis-benchmark-crd apiVersion: v1 - created: "2021-01-15T00:11:30.468647-08:00" + created: "2021-04-21T15:17:43.295939-07:00" description: Installs the CRDs for rancher-cis-benchmark. - digest: cc33de77923232bda5875b6568522cffe8950e2d9bb3793ee30978c5257f4354 + digest: 2be8b1e2aa24e83d8b20439d0b0343851fbd32495306d38d5d20c62d95b0a8b5 name: rancher-cis-benchmark-crd type: application urls: @@ -2567,10 +972,10 @@ entries: catalog.cattle.io/ui-component: rancher-external-ip-webhook apiVersion: v1 appVersion: v0.1.6 - created: "2021-03-04T09:47:44.994223-08:00" + created: "2021-04-21T15:17:43.299354-07:00" description: | Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 - digest: 7a196d304a2bad5e585fae961188861da5bb84679e576b6882ebf3fd6640137e + digest: 14ed8a7f5417a863a325a65d1f9ca1e6a686e36964a1b9bde249abe05d530fad home: https://github.com/rancher/externalip-webhook keywords: - cve @@ -2584,8 +989,8 @@ entries: sources: - https://github.com/rancher/externalip-webhook urls: - - released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.601-rc01.tgz - version: 0.1.601-rc01 + - released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.601.tgz + version: 0.1.601 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: External IP Webhook @@ -2595,38 +1000,10 @@ entries: catalog.cattle.io/ui-component: rancher-external-ip-webhook apiVersion: v1 appVersion: v0.1.6 - created: "2021-03-04T09:47:44.993541-08:00" + created: "2021-04-21T15:17:43.298627-07:00" description: | Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 - digest: 6294a812fd938166bfb8f0f9d84d3eeb47f9387040d74837ff0127b89e1850de - home: https://github.com/rancher/externalip-webhook - keywords: - - cve - - externalip - - webhook - - security - maintainers: - - email: raul@rancher.com - name: rawmind0 - name: rancher-external-ip-webhook - sources: - - https://github.com/rancher/externalip-webhook - urls: - - released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.601-rc00.tgz - version: 0.1.601-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: External IP Webhook - catalog.cattle.io/namespace: cattle-externalip-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-external-ip-webhook - catalog.cattle.io/ui-component: rancher-external-ip-webhook - apiVersion: v1 - appVersion: v0.1.6 - created: "2021-01-15T00:11:30.471579-08:00" - description: | - Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 - digest: 70c430a933e17279605936c73b17cbd192f7f86da0573d6c2a6dbdf745a5c7af + digest: 245d80daa0b7c6316217b2ec9df111060fe6762728a5d9adfb163d7afd02fc9b home: https://github.com/rancher/externalip-webhook keywords: - cve @@ -2642,34 +1019,6 @@ entries: urls: - released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.600.tgz version: 0.1.600 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: External IP Webhook - catalog.cattle.io/namespace: cattle-externalip-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-external-ip-webhook - catalog.cattle.io/ui-component: rancher-external-ip-webhook - apiVersion: v1 - appVersion: v0.1.5 - created: "2021-01-15T00:11:30.47095-08:00" - description: | - Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 - digest: a272ec4ad785095ed827d087b8976c7f327e1f28a6ab0cdb7a839580487c40fb - home: https://github.com/rancher/externalip-webhook - keywords: - - cve - - externalip - - webhook - - security - maintainers: - - email: raul@rancher.com - name: rawmind0 - name: rancher-external-ip-webhook - sources: - - https://github.com/rancher/externalip-webhook - urls: - - released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.500.tgz - version: 0.1.500 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: External IP Webhook @@ -2679,10 +1028,10 @@ entries: catalog.cattle.io/ui-component: rancher-external-ip-webhook apiVersion: v1 appVersion: v0.1.4 - created: "2021-01-15T00:11:30.47031-08:00" + created: "2021-04-21T15:17:43.297897-07:00" description: | Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 - digest: 207982df2b8b709b2ac2c9bc9ccda6955bebc6c7866e3531391e7905eafb154e + digest: 7fa93b5a3f3e9bd5ebcf0e8cc670441a5fd63dd611ee0843e08a6521fa315838 home: https://github.com/rancher/externalip-webhook keywords: - cve @@ -2710,10 +1059,10 @@ entries: catalog.cattle.io/ui-component: gatekeeper apiVersion: v1 appVersion: v3.3.0 - created: "2021-03-19T19:06:09.750843884Z" + created: "2021-04-21T15:17:43.302857-07:00" description: Modifies Open Policy Agent's upstream gatekeeper chart that provides policy-based control for cloud native environments - digest: 704bd0ff8114dd0786a67a16d3573d7d96b1abeab6d25a6741e5acaa439595c5 + digest: 5bc10dd9e274f48ed25eb3e37de512e9f89cb5e9a10f55bfc3ea9dad4b9c04cd home: https://github.com/open-policy-agent/gatekeeper icon: https://charts.rancher.io/assets/logos/gatekeeper.svg keywords: @@ -2723,8 +1072,8 @@ entries: sources: - https://github.com/open-policy-agent/gatekeeper.git urls: - - assets/rancher-gatekeeper/rancher-gatekeeper-3.3.001-rc00.tgz - version: 3.3.001-rc00 + - released/assets/rancher-gatekeeper/rancher-gatekeeper-3.3.001.tgz + version: 3.3.001 - annotations: catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match catalog.cattle.io/certified: rancher @@ -2736,10 +1085,10 @@ entries: catalog.cattle.io/ui-component: gatekeeper apiVersion: v1 appVersion: v3.3.0 - created: "2021-03-04T09:47:44.995577-08:00" + created: "2021-04-21T15:17:43.302108-07:00" description: Modifies Open Policy Agent's upstream gatekeeper chart that provides policy-based control for cloud native environments - digest: f912c6f2f214dca2e07810c0ca88904c58909f392e10cdf8a9c43dcafaf4de46 + digest: cdd2cb75ded06543e55124c5086a12c06e323c0398319e8c8984c73e19dd58bc home: https://github.com/open-policy-agent/gatekeeper icon: https://charts.rancher.io/assets/logos/gatekeeper.svg keywords: @@ -2749,34 +1098,8 @@ entries: sources: - https://github.com/open-policy-agent/gatekeeper.git urls: - - released/assets/rancher-gatekeeper/rancher-gatekeeper-3.3.000-rc02.tgz - version: 3.3.000-rc02 - - annotations: - catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: OPA Gatekeeper - catalog.cattle.io/namespace: cattle-gatekeeper-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1 - catalog.cattle.io/release-name: rancher-gatekeeper - catalog.cattle.io/ui-component: gatekeeper - apiVersion: v1 - appVersion: v3.3.0 - created: "2021-03-04T09:47:44.994894-08:00" - description: Modifies Open Policy Agent's upstream gatekeeper chart that provides - policy-based control for cloud native environments - digest: 9b6b061a749d2fd7d112753db206e27f472dda6d597fe7f5baea7bf37dcacec2 - home: https://github.com/open-policy-agent/gatekeeper - icon: https://charts.rancher.io/assets/logos/gatekeeper.svg - keywords: - - open policy agent - - security - name: rancher-gatekeeper - sources: - - https://github.com/open-policy-agent/gatekeeper.git - urls: - - released/assets/rancher-gatekeeper/rancher-gatekeeper-3.3.000-rc01.tgz - version: 3.3.000-rc01 + - released/assets/rancher-gatekeeper/rancher-gatekeeper-3.3.000.tgz + version: 3.3.000 - annotations: catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match catalog.cattle.io/certified: rancher @@ -2789,10 +1112,10 @@ entries: catalog.cattle.io/ui-component: gatekeeper apiVersion: v1 appVersion: v3.2.1 - created: "2021-01-15T00:11:30.47384-08:00" + created: "2021-04-21T15:17:43.301331-07:00" description: Modifies Open Policy Agent's upstream gatekeeper chart that provides policy-based control for cloud native environments - digest: f6da9f05a9bf5ffbe59780c578624db93979d6e3c4b3d69e90e5090007aec52d + digest: 3d0e961fc109e051f08edacf9e541e5ad1c0c65f046cae72459df0ca4aa22312 home: https://github.com/open-policy-agent/gatekeeper icon: https://charts.rancher.io/assets/logos/gatekeeper.svg keywords: @@ -2804,33 +1127,6 @@ entries: urls: - released/assets/rancher-gatekeeper/rancher-gatekeeper-3.2.101.tgz version: 3.2.101 - - annotations: - catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: OPA Gatekeeper - catalog.cattle.io/experimental: "true" - catalog.cattle.io/namespace: cattle-gatekeeper-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1 - catalog.cattle.io/release-name: rancher-gatekeeper - catalog.cattle.io/ui-component: gatekeeper - apiVersion: v1 - appVersion: v3.2.1 - created: "2021-01-15T00:11:30.473251-08:00" - description: Modifies Open Policy Agent's upstream gatekeeper chart that provides - policy-based control for cloud native environments - digest: 42a1e00cad97b74471506ba628366e005657b71fa38808c438faf239b082bb38 - home: https://github.com/open-policy-agent/gatekeeper - icon: https://charts.rancher.io/assets/logos/gatekeeper.svg - keywords: - - open policy agent - - security - name: rancher-gatekeeper - sources: - - https://github.com/open-policy-agent/gatekeeper.git - urls: - - released/assets/rancher-gatekeeper/rancher-gatekeeper-3.2.100.tgz - version: 3.2.100 - annotations: catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match catalog.cattle.io/certified: rancher @@ -2842,10 +1138,10 @@ entries: catalog.cattle.io/release-name: rancher-gatekeeper apiVersion: v1 appVersion: v3.1.1 - created: "2021-01-15T00:11:30.472662-08:00" + created: "2021-04-21T15:17:43.300624-07:00" description: Modifies Open Policy Agent's upstream gatekeeper chart that provides policy-based control for cloud native environments - digest: 8fdc03791c93b6d6f6d81edf27988c5a31c3c5bc113da8d8520ec534af087393 + digest: 36aebc7718e4afd4d9bb65775276d2288eb0de27192d0d290553a7c7087d7f3f home: https://github.com/open-policy-agent/gatekeeper icon: https://charts.rancher.io/assets/logos/gatekeeper.svg keywords: @@ -2867,10 +1163,10 @@ entries: catalog.cattle.io/release-name: rancher-gatekeeper apiVersion: v1 appVersion: v3.1.1 - created: "2021-01-15T00:11:30.472104-08:00" + created: "2021-04-21T15:17:43.299986-07:00" description: Modifies Open Policy Agent's upstream gatekeeper chart that provides policy-based control for cloud native environments - digest: 5c0c935a6935ce109015e1b86bb4f435c0fe1aad7ee2ad858e01bae57c3425c1 + digest: 15a4540b7e32c62157c37cfdb9230ce4b11c5837a2f3734378fcd7ec9c824559 home: https://github.com/open-policy-agent/gatekeeper icon: https://charts.rancher.io/assets/logos/gatekeeper.svg keywords: @@ -2889,42 +1185,28 @@ entries: catalog.cattle.io/namespace: cattle-gatekeeper-system catalog.cattle.io/release-name: rancher-gatekeeper-crd apiVersion: v1 - created: "2021-03-19T19:06:09.751643119Z" + created: "2021-04-21T15:17:43.305152-07:00" description: Installs the CRDs for rancher-gatekeeper. - digest: 3aa8a1c82e5ba772e1edee2a1c4cc38452eab2e3761a01bbaeea15dead79b03c + digest: 6313419fd955e77bc1590b16b3282541003a5842fc5bc40b4567ffd13bad2e55 name: rancher-gatekeeper-crd type: application urls: - - assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.3.001-rc00.tgz - version: 3.3.001-rc00 + - released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.3.001.tgz + version: 3.3.001 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: cattle-gatekeeper-system catalog.cattle.io/release-name: rancher-gatekeeper-crd apiVersion: v1 - created: "2021-03-04T09:47:44.996313-08:00" + created: "2021-04-21T15:17:43.304815-07:00" description: Installs the CRDs for rancher-gatekeeper. - digest: 03e26e336f2b82b0c09b1191e7cd6cebf5e3c5de46666307e9426e78ef487c18 + digest: 48a03a80fadacabc507fec107dbed749d94fafbef0d26e4eb37e92c974a7c56b name: rancher-gatekeeper-crd type: application urls: - - released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.3.000-rc02.tgz - version: 3.3.000-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-gatekeeper-system - catalog.cattle.io/release-name: rancher-gatekeeper-crd - apiVersion: v1 - created: "2021-03-04T09:47:44.995914-08:00" - description: Installs the CRDs for rancher-gatekeeper. - digest: ad678c2f7b1bf62c2d3f102847e2bf0920e6e41a6919dce6039385c6e70a8c52 - name: rancher-gatekeeper-crd - type: application - urls: - - released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.3.000-rc01.tgz - version: 3.3.000-rc01 + - released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.3.000.tgz + version: 3.3.000 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/experimental: "true" @@ -2932,9 +1214,9 @@ entries: catalog.cattle.io/namespace: cattle-gatekeeper-system catalog.cattle.io/release-name: rancher-gatekeeper-crd apiVersion: v1 - created: "2021-01-15T00:11:30.474788-08:00" + created: "2021-04-21T15:17:43.304479-07:00" description: Installs the CRDs for rancher-gatekeeper. - digest: 1118f66a1f8f8c192bb1793bcddb0b98af0db43b429df684b916c2e76b51486a + digest: 34f449b69d1b50ff1743ae3b1e81553aec3f0a70c8ac7572c60071a8271b53e2 name: rancher-gatekeeper-crd type: application urls: @@ -2947,24 +1229,9 @@ entries: catalog.cattle.io/namespace: cattle-gatekeeper-system catalog.cattle.io/release-name: rancher-gatekeeper-crd apiVersion: v1 - created: "2021-01-15T00:11:30.474498-08:00" + created: "2021-04-21T15:17:43.303565-07:00" description: Installs the CRDs for rancher-gatekeeper. - digest: 4900e53e49c6bdca47af9b37b3d7a7dfe4e16da027a3aaea69f4a211c5ced3c1 - name: rancher-gatekeeper-crd - type: application - urls: - - released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.2.100.tgz - version: 3.2.100 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-gatekeeper-system - catalog.cattle.io/release-name: rancher-gatekeeper-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.474283-08:00" - description: Installs the CRDs for rancher-gatekeeper. - digest: 25beb2fd49cefa59dfcee5e7a24866eb148ab264ee4c49f368589d3e92d7e269 + digest: e3da4139207bfa07850db780574a028b5e32c66c1ee57b706fb13fdec5311514 name: rancher-gatekeeper-crd type: application urls: @@ -2977,9 +1244,9 @@ entries: catalog.cattle.io/namespace: cattle-gatekeeper-system catalog.cattle.io/release-name: rancher-gatekeeper-crd apiVersion: v1 - created: "2021-01-15T00:11:30.474068-08:00" + created: "2021-04-21T15:17:43.303138-07:00" description: Installs the CRDs for rancher-gatekeeper. - digest: ea6fca92a928c90b9539825af19f69378a608e189fcd0f06043b1213bb94cdaf + digest: 89d80de1bea71d134b19e6092ae123c08173c172a5201d54b4baa6afedea3855 name: rancher-gatekeeper-crd type: application urls: @@ -2994,9 +1261,9 @@ entries: catalog.rancher.io/release-name: rancher-grafana apiVersion: v2 appVersion: 7.4.5 - created: "2021-04-07T19:45:48.128527365Z" + created: "2021-04-21T15:17:43.30701-07:00" description: The leading tool for querying and visualizing time series and metrics. - digest: 69f23123ec3971f85b620c12778dd63a092daf95feeba3ada0a616b77e0e2ab1 + digest: f6e7fd0c6148db8e20a986fd7d8cab5865cdce2f2d23bdd1489a28f7210b2ac5 home: https://grafana.net icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png kubeVersion: ^1.8.0-0 @@ -3016,11 +1283,11 @@ entries: - https://github.com/grafana/grafana type: application urls: - - assets/rancher-grafana/rancher-grafana-6.6.401-rc00.tgz - version: 6.6.401-rc00 + - released/assets/rancher-grafana/rancher-grafana-6.6.401.tgz + version: 6.6.401 rancher-istio: - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.32.100-rc01 + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.32.100 catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Istio catalog.cattle.io/namespace: istio-system @@ -3032,7 +1299,7 @@ entries: catalog.cattle.io/ui-component: istio apiVersion: v1 appVersion: 1.9.3 - created: "2021-04-19T16:16:38.168332974Z" + created: "2021-04-21T15:17:43.323625-07:00" dependencies: - condition: kiali.enabled name: kiali @@ -3042,17 +1309,17 @@ entries: repository: file://./charts/tracing description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ for details. - digest: 3059579374a09651dcd2d5ad98c40543fbd0fe840daa8cced51044445508cfa7 + digest: f5da2c5292b4ecfc72ba48b5ccdb9716df305aa2db7316de146dbd52d8b7f785 icon: https://charts.rancher.io/assets/logos/istio.svg keywords: - networking - infrastructure name: rancher-istio urls: - - assets/rancher-istio-1.9/rancher-istio-1.9.300-rc01.tgz - version: 1.9.300-rc01 + - released/assets/rancher-istio-1.9/rancher-istio-1.9.300.tgz + version: 1.9.300 - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.32.100-rc01 + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.32.100 catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Istio catalog.cattle.io/namespace: istio-system @@ -3064,7 +1331,7 @@ entries: catalog.cattle.io/ui-component: istio apiVersion: v1 appVersion: 1.9.2 - created: "2021-04-12T16:14:26.991925247Z" + created: "2021-04-21T15:17:43.321342-07:00" dependencies: - condition: kiali.enabled name: kiali @@ -3074,49 +1341,17 @@ entries: repository: file://./charts/tracing description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ for details. - digest: 5d90dffbb8b4bbb44e11e0754e5f7e729709342fb317da46f46d7f0c001e485e + digest: ba78e8e2d4188847e29b19d52ef7d3e534d9a15ed7198f6cdd64f6a89777e71c icon: https://charts.rancher.io/assets/logos/istio.svg keywords: - networking - infrastructure name: rancher-istio urls: - - assets/rancher-istio-1.9/rancher-istio-1.9.200-rc02.tgz - version: 1.9.200-rc02 + - released/assets/rancher-istio-1.9/rancher-istio-1.9.200.tgz + version: 1.9.200 - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.29.100-rc01 - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Istio - catalog.cattle.io/namespace: istio-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 - catalog.cattle.io/release-name: rancher-istio - catalog.cattle.io/requests-cpu: 710m - catalog.cattle.io/requests-memory: 2314Mi - catalog.cattle.io/ui-component: istio - apiVersion: v1 - appVersion: 1.9.2 - created: "2021-04-09T23:52:20.298357002Z" - dependencies: - - condition: kiali.enabled - name: kiali - repository: file://./charts/kiali - - condition: tracing.enabled - name: tracing - repository: file://./charts/tracing - description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ - for details. - digest: 831b0c704be191da3d0b1db1b0dd1dc8280515d04d4698b95090c5186a70d99c - icon: https://charts.rancher.io/assets/logos/istio.svg - keywords: - - networking - - infrastructure - name: rancher-istio - urls: - - assets/rancher-istio-1.9/rancher-istio-1.9.200-rc01.tgz - version: 1.9.200-rc01 - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.32.100-rc01 + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.32.100 catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Istio catalog.cattle.io/namespace: istio-system @@ -3128,7 +1363,7 @@ entries: catalog.cattle.io/ui-component: istio apiVersion: v1 appVersion: 1.8.5 - created: "2021-04-19T16:16:38.160496683Z" + created: "2021-04-21T15:17:43.319606-07:00" dependencies: - condition: kiali.enabled name: kiali @@ -3138,17 +1373,17 @@ entries: repository: file://./charts/tracing description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ for details. - digest: dc5046c45f15be0cfcd219d4d87bc73bd9e50f575260c4918a719c93e5f69c7d + digest: c3e7097d65a475fb2850ede67f6be8ded4b66f696b0a5ee2960fbb69da08c666 icon: https://charts.rancher.io/assets/logos/istio.svg keywords: - networking - infrastructure name: rancher-istio urls: - - assets/rancher-istio-1.8/rancher-istio-1.8.500-rc01.tgz - version: 1.8.500-rc01 + - released/assets/rancher-istio-1.8/rancher-istio-1.8.500.tgz + version: 1.8.500 - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.32.100-rc01 + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.32.100 catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Istio catalog.cattle.io/namespace: istio-system @@ -3160,7 +1395,7 @@ entries: catalog.cattle.io/ui-component: istio apiVersion: v1 appVersion: 1.8.4 - created: "2021-04-12T16:14:26.984823056Z" + created: "2021-04-21T15:17:43.317887-07:00" dependencies: - condition: kiali.enabled name: kiali @@ -3170,49 +1405,17 @@ entries: repository: file://./charts/tracing description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ for details. - digest: 8ee32e27c2dd471aeb9a3a1c3794738e6d795cad8fc8a92adb8ac74c61d60904 + digest: 4c3c054bef53e62ba840c3819cf1351d1381d8e2da20bbb959b17f52c3ea6423 icon: https://charts.rancher.io/assets/logos/istio.svg keywords: - networking - infrastructure name: rancher-istio urls: - - assets/rancher-istio-1.8/rancher-istio-1.8.400-rc02.tgz - version: 1.8.400-rc02 + - released/assets/rancher-istio-1.8/rancher-istio-1.8.400.tgz + version: 1.8.400 - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.29.100-rc01 - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Istio - catalog.cattle.io/namespace: istio-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 - catalog.cattle.io/release-name: rancher-istio - catalog.cattle.io/requests-cpu: 710m - catalog.cattle.io/requests-memory: 2314Mi - catalog.cattle.io/ui-component: istio - apiVersion: v1 - appVersion: 1.8.4 - created: "2021-04-09T23:52:20.295826839Z" - dependencies: - - condition: kiali.enabled - name: kiali - repository: file://./charts/kiali - - condition: tracing.enabled - name: tracing - repository: file://./charts/tracing - description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ - for details. - digest: 09298ac04dc8001c41b6c4366a660c8b12c6b52b699205ee0e5941cc20cf9b2a - icon: https://charts.rancher.io/assets/logos/istio.svg - keywords: - - networking - - infrastructure - name: rancher-istio - urls: - - assets/rancher-istio-1.8/rancher-istio-1.8.400-rc01.tgz - version: 1.8.400-rc01 - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.29.100-rc01 + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.29.100 catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Istio catalog.cattle.io/namespace: istio-system @@ -3224,7 +1427,7 @@ entries: catalog.cattle.io/ui-component: istio apiVersion: v1 appVersion: 1.8.3 - created: "2021-04-08T21:20:12.908647816Z" + created: "2021-04-21T15:17:43.316196-07:00" dependencies: - condition: kiali.enabled name: kiali @@ -3234,17 +1437,17 @@ entries: repository: file://./charts/tracing description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ for details. - digest: d4fd53635e7b3a8bc0c429ecbbb4d1003f854b7c7b94e58bc66f226593431611 + digest: c2dfe5130b838e4ae62daa5ee72783dee62c4ff93a32393a7598db8e70a11580 icon: https://charts.rancher.io/assets/logos/istio.svg keywords: - networking - infrastructure name: rancher-istio urls: - - assets/rancher-istio-1.8/rancher-istio-1.8.301-rc00.tgz - version: 1.8.301-rc00 + - released/assets/rancher-istio-1.8/rancher-istio-1.8.301.tgz + version: 1.8.301 - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.29.000-rc00 + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.29.000 catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Istio catalog.cattle.io/namespace: istio-system @@ -3256,7 +1459,7 @@ entries: catalog.cattle.io/ui-component: istio apiVersion: v1 appVersion: 1.8.3 - created: "2021-03-04T09:47:45.001169-08:00" + created: "2021-04-21T15:17:43.314487-07:00" dependencies: - condition: kiali.enabled name: kiali @@ -3266,81 +1469,15 @@ entries: repository: file://./charts/tracing description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ for details. - digest: fae8a77f05769320ce080c28656d5340be16b2fc1997702b444735623e8414c8 + digest: 3b5fdc7d06c6a3878c47030ff2a9e23ef1ab68ceddcb9fd7290f4e3ef3c99cb0 icon: https://charts.rancher.io/assets/logos/istio.svg keywords: - networking - infrastructure name: rancher-istio urls: - - released/assets/rancher-istio/rancher-istio-1.8.300-rc01.tgz - version: 1.8.300-rc01 - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.29.000-rc00 - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Istio - catalog.cattle.io/namespace: istio-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 - catalog.cattle.io/release-name: rancher-istio - catalog.cattle.io/requests-cpu: 710m - catalog.cattle.io/requests-memory: 2314Mi - catalog.cattle.io/ui-component: istio - apiVersion: v1 - appVersion: 1.8.3 - created: "2021-03-04T09:47:44.998358-08:00" - dependencies: - - condition: kiali.enabled - name: kiali - repository: file://./charts/kiali - - condition: tracing.enabled - name: tracing - repository: file://./charts/tracing - description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ - for details. - digest: e91424e345f8a654658f3f6a2f513aced8b3d65d86b4cda93fe5b4f7e3dbaabe - icon: https://charts.rancher.io/assets/logos/istio.svg - keywords: - - networking - - infrastructure - name: rancher-istio - urls: - - released/assets/rancher-istio/rancher-istio-1.8.300-rc00.tgz - version: 1.8.300-rc00 - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.24.003 - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Istio - catalog.cattle.io/namespace: istio-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 - catalog.cattle.io/release-name: rancher-istio - catalog.cattle.io/ui-component: istio - apiVersion: v1 - appVersion: 1.7.6 - created: "2021-01-15T00:11:30.48261-08:00" - dependencies: - - alias: kiali - condition: kiali.enabled - name: rancher-kiali-server - repository: file://../../rancher-kiali-server/charts - version: 1.24.0 - - alias: tracing - condition: tracing.enabled - name: rancher-tracing - repository: file://../../rancher-tracing/charts - version: 1.20.001 - description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ - for details. - digest: a3a4d39833cb8065099654aac034c344f531c5b0b164a0d1c96bea541d72e5bf - icon: https://charts.rancher.io/assets/logos/istio.svg - keywords: - - networking - - infrastructure - name: rancher-istio - urls: - - released/assets/rancher-istio/rancher-istio-1.7.600.tgz - version: 1.7.600 + - released/assets/rancher-istio/rancher-istio-1.8.300.tgz + version: 1.8.300 - annotations: catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.24.003 catalog.cattle.io/certified: rancher @@ -3352,7 +1489,7 @@ entries: catalog.cattle.io/ui-component: istio apiVersion: v1 appVersion: 1.7.3 - created: "2021-01-15T00:11:30.481016-08:00" + created: "2021-04-21T15:17:43.31218-07:00" dependencies: - alias: kiali condition: kiali.enabled @@ -3366,7 +1503,7 @@ entries: version: 1.20.001 description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ for details. - digest: 3f32923202198fc41c607b179d194d4b579d790246e0959bf41b82a407bf1786 + digest: ff28763d01f5b7b366ea0373bd052bbe579f17c009955c88e7cbb5eb66802e84 icon: https://charts.rancher.io/assets/logos/istio.svg keywords: - networking @@ -3386,7 +1523,7 @@ entries: catalog.cattle.io/ui-component: istio apiVersion: v1 appVersion: 1.7.3 - created: "2021-01-15T00:11:30.479382-08:00" + created: "2021-04-21T15:17:43.310569-07:00" dependencies: - alias: kiali condition: kiali.enabled @@ -3395,7 +1532,7 @@ entries: version: 1.24.0 description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ for details. - digest: 723e0ffa6ab03dde307bcb2848095b91f49d33eae05a4b29c26fe3e4066fc30c + digest: 1e4a14509830e72f8a3d10d6d3ffaf72683dc0243e2cd9d067934844163f9f80 icon: https://charts.rancher.io/assets/logos/istio.svg keywords: - networking @@ -3404,35 +1541,6 @@ entries: urls: - released/assets/rancher-istio/rancher-istio-1.7.300.tgz version: 1.7.300 - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.23.002 - catalog.cattle.io/certified: rancher - catalog.cattle.io/namespace: istio-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 - catalog.cattle.io/release-name: rancher-istio - catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/ui-component: istio - apiVersion: v1 - appVersion: 1.7.1 - created: "2021-01-15T00:11:30.478046-08:00" - dependencies: - - alias: kiali - condition: kiali.enabled - name: rancher-kiali-server - repository: file://../../rancher-kiali-server/charts - version: 1.23.0 - description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ - for details. - digest: 2aa1870dabf3548c4ef52dde4515ca6b1478d75e052b8154555c43931829250b - icon: https://charts.rancher.io/assets/logos/istio.svg - keywords: - - networking - - infrastructure - name: rancher-istio - urls: - - released/assets/rancher-istio/rancher-istio-1.7.101.tgz - version: 1.7.101 - annotations: catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.23.001 catalog.cattle.io/certified: rancher @@ -3444,7 +1552,7 @@ entries: catalog.cattle.io/ui-component: istio apiVersion: v1 appVersion: 1.7.1 - created: "2021-01-15T00:11:30.476142-08:00" + created: "2021-04-21T15:17:43.308891-07:00" dependencies: - alias: kiali condition: kiali.enabled @@ -3453,7 +1561,7 @@ entries: version: 1.23.0 description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ for details. - digest: a6a23976155b1c3375406c00b49c354238aa6b837f3b19bbf360279cef59f9ef + digest: 3a7a84aa165a472cf346a4d595ff84ac8190d7f050409b65f2a7168c8307ef28 icon: https://charts.rancher.io/assets/logos/istio.svg keywords: - networking @@ -3473,11 +1581,11 @@ entries: catalog.rancher.io/release-name: rancher-kiali-server apiVersion: v2 appVersion: v1.32.0 - created: "2021-04-12T16:14:26.995657395Z" + created: "2021-04-21T15:17:43.328384-07:00" description: Kiali is an open source project for service mesh observability, refer to https://www.kiali.io for details. This is installed as sub-chart with customized values in Rancher's Istio. - digest: 5c936508b33a984898c6c3d791625b4bb8cbab94326cae669c815965be8ee74c + digest: c02e1152206293d5743a3e86f2dd39a60e7073c3352dc3caa56b0a35cb9cf56e home: https://github.com/kiali/kiali icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png keywords: @@ -3496,8 +1604,8 @@ entries: - https://github.com/kiali/kiali-operator - https://github.com/kiali/helm-charts urls: - - assets/rancher-kiali-server/rancher-kiali-server-1.32.100-rc01.tgz - version: 1.32.100-rc01 + - released/assets/rancher-kiali-server/rancher-kiali-server-1.32.100.tgz + version: 1.32.100 - annotations: catalog.cattle.io/auto-install: rancher-kiali-server-crd=match catalog.cattle.io/hidden: "true" @@ -3508,11 +1616,11 @@ entries: catalog.rancher.io/release-name: rancher-kiali-server apiVersion: v2 appVersion: v1.29.0 - created: "2021-04-08T21:20:12.91127232Z" + created: "2021-04-21T15:17:43.327569-07:00" description: Kiali is an open source project for service mesh observability, refer to https://www.kiali.io for details. This is installed as sub-chart with customized values in Rancher's Istio. - digest: bf98263f3c467b94c57687a26e7de82a06835ba45680231a531d6f05ae0c39fd + digest: 668221244b6cfd762b15d7d67922bde5096585deff1c3a466ed07b7bfa750a70 home: https://github.com/kiali/kiali icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png keywords: @@ -3531,8 +1639,8 @@ entries: - https://github.com/kiali/kiali-operator - https://github.com/kiali/helm-charts urls: - - assets/rancher-kiali-server/rancher-kiali-server-1.29.100-rc01.tgz - version: 1.29.100-rc01 + - released/assets/rancher-kiali-server/rancher-kiali-server-1.29.100.tgz + version: 1.29.100 - annotations: catalog.cattle.io/auto-install: rancher-kiali-server-crd=match catalog.cattle.io/hidden: "true" @@ -3543,11 +1651,11 @@ entries: catalog.rancher.io/release-name: rancher-kiali-server apiVersion: v2 appVersion: v1.29.0 - created: "2021-03-04T09:47:45.002771-08:00" + created: "2021-04-21T15:17:43.326703-07:00" description: Kiali is an open source project for service mesh observability, refer to https://www.kiali.io for details. This is installed as sub-chart with customized values in Rancher's Istio. - digest: a3f8ceb754dba642cbd5fe638858e7ed18c56b2befc6284107cae9fc1a58dd1d + digest: 8cecd60c2fa1ae2dea0c4d3672b7ca73152835bfeb93906113ca4d05c02e9587 home: https://github.com/kiali/kiali icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png keywords: @@ -3566,43 +1674,8 @@ entries: - https://github.com/kiali/kiali-operator - https://github.com/kiali/helm-charts urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-1.29.000-rc01.tgz - version: 1.29.000-rc01 - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=match - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 - catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 - catalog.rancher.io/namespace: cattle-istio-system - catalog.rancher.io/release-name: rancher-kiali-server - apiVersion: v2 - appVersion: v1.29.0 - created: "2021-03-04T09:47:45.00196-08:00" - description: Kiali is an open source project for service mesh observability, refer - to https://www.kiali.io for details. This is installed as sub-chart with customized - values in Rancher's Istio. - digest: 280bd0454a03a112e544ecacd5a06b793a627198fa06cf6a6fcea261fc6d9f4c - home: https://github.com/kiali/kiali - icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png - keywords: - - istio - - kiali - - networking - - infrastructure - maintainers: - - email: kiali-users@googlegroups.com - name: Kiali - url: https://kiali.io - name: rancher-kiali-server - sources: - - https://github.com/kiali/kiali - - https://github.com/kiali/kiali-ui - - https://github.com/kiali/kiali-operator - - https://github.com/kiali/helm-charts - urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-1.29.000-rc00.tgz - version: 1.29.000-rc00 + - released/assets/rancher-kiali-server/rancher-kiali-server-1.29.000.tgz + version: 1.29.000 - annotations: catalog.cattle.io/auto-install: rancher-kiali-server-crd=match catalog.cattle.io/hidden: "true" @@ -3613,11 +1686,11 @@ entries: catalog.rancher.io/release-name: rancher-kiali-server apiVersion: v2 appVersion: v1.24.0 - created: "2021-01-15T00:11:30.487114-08:00" + created: "2021-04-21T15:17:43.325923-07:00" description: Kiali is an open source project for service mesh observability, refer to https://www.kiali.io for details. This is installed as sub-chart with customized values in Rancher's Istio. - digest: c8a46b8e964f50e93e4add0c0192743339355950862f49b0d2b0131c9c2acd88 + digest: 2b702639bc1b563fa3e9e0cdb5fff1ca4de696860566f1c863c04fb7ebc06038 home: https://github.com/kiali/kiali icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png keywords: @@ -3648,46 +1721,11 @@ entries: catalog.rancher.io/release-name: rancher-kiali-server apiVersion: v2 appVersion: v1.24.0 - created: "2021-01-15T00:11:30.48568-08:00" + created: "2021-04-21T15:17:43.32517-07:00" description: Kiali is an open source project for service mesh observability, refer to https://www.kiali.io for details. This is installed as sub-chart with customized values in Rancher's Istio. - digest: be2dd749ebeac4690827fdfac5b986d35ca3e9f9d1e9536ab093bb83da17d130 - home: https://github.com/kiali/kiali - icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png - keywords: - - istio - - kiali - - networking - - infrastructure - maintainers: - - email: kiali-users@googlegroups.com - name: Kiali - url: https://kiali.io - name: rancher-kiali-server - sources: - - https://github.com/kiali/kiali - - https://github.com/kiali/kiali-ui - - https://github.com/kiali/kiali-operator - - https://github.com/kiali/helm-charts - urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-1.24.002.tgz - version: 1.24.002 - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=match - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 - catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 - catalog.rancher.io/namespace: cattle-istio-system - catalog.rancher.io/release-name: rancher-kiali-server - apiVersion: v2 - appVersion: v1.24.0 - created: "2021-01-15T00:11:30.484905-08:00" - description: Kiali is an open source project for service mesh observability, refer - to https://www.kiali.io for details. This is installed as sub-chart with customized - values in Rancher's Istio. - digest: 5908c10ba62b92ba0f703ce91c2d0442f8e707622cdd7401cadf7cbbe523eb75 + digest: a86791daaf668b0f67db337a9f37f13d4a836d9bd689401ba2ef8f6e83d9a6a3 home: https://github.com/kiali/kiali icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png keywords: @@ -3718,46 +1756,11 @@ entries: catalog.rancher.io/release-name: rancher-kiali-server apiVersion: v2 appVersion: v1.23.0 - created: "2021-01-15T00:11:30.48414-08:00" + created: "2021-04-21T15:17:43.324387-07:00" description: Kiali is an open source project for service mesh observability, refer to https://www.kiali.io for details. This is installed as sub-chart with customized values in Rancher's Istio. - digest: 57b9db10136f85d6ca7325e69d6d62ae256293620c2654d5478609e1d78da472 - home: https://github.com/kiali/kiali - icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png - keywords: - - istio - - kiali - - networking - - infrastructure - maintainers: - - email: kiali-users@googlegroups.com - name: Kiali - url: https://kiali.io - name: rancher-kiali-server - sources: - - https://github.com/kiali/kiali - - https://github.com/kiali/kiali-ui - - https://github.com/kiali/kiali-operator - - https://github.com/kiali/helm-charts - urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-1.23.002.tgz - version: 1.23.002 - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=match - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 - catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 - catalog.rancher.io/namespace: cattle-istio-system - catalog.rancher.io/release-name: rancher-kiali-server - apiVersion: v2 - appVersion: v1.23.0 - created: "2021-01-15T00:11:30.483373-08:00" - description: Kiali is an open source project for service mesh observability, refer - to https://www.kiali.io for details. This is installed as sub-chart with customized - values in Rancher's Istio. - digest: 369f3f444dc357b6f3e574daf63103d556757ee30c9413fa0c1588f1432d899d + digest: 0aea4d28b274a7c2549f675c2a3fc1be165ef4acd72676a18ed5f92f1e7a2b1a home: https://github.com/kiali/kiali icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png keywords: @@ -3782,53 +1785,42 @@ entries: - annotations: catalog.cattle.io/hidden: "true" apiVersion: v2 - created: "2021-04-12T16:14:26.996135201Z" + created: "2021-04-21T15:17:43.329261-07:00" description: Installs the CRDs for rancher-kiali-server. - digest: 79fc00840cdd10b61ae09a3e964d915b10366f1f016fd02919a875469e3e6d0e + digest: 83ca0f23b43db63b7610d28d89098a78a9e6f8fea5748fd3dfec45d109f6d815 name: rancher-kiali-server-crd type: application urls: - - assets/rancher-kiali-server/rancher-kiali-server-crd-1.32.100-rc01.tgz - version: 1.32.100-rc01 + - released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.32.100.tgz + version: 1.32.100 - annotations: catalog.cattle.io/hidden: "true" apiVersion: v2 - created: "2021-04-09T23:52:20.300629849Z" + created: "2021-04-21T15:17:43.329104-07:00" description: Installs the CRDs for rancher-kiali-server. - digest: fca33d9256cbede5244784e9f8cf2d6b4ed3556b5cc59ed3178171887560826e + digest: 3ebe1e885b239795575270dbd4073408b43fb9158ad04f02937114e5b7ab75c6 name: rancher-kiali-server-crd type: application urls: - - assets/rancher-kiali-server/rancher-kiali-server-crd-1.29.100-rc01.tgz - version: 1.29.100-rc01 + - released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.29.100.tgz + version: 1.29.100 - annotations: catalog.cattle.io/hidden: "true" apiVersion: v2 - created: "2021-03-04T09:47:45.003061-08:00" + created: "2021-04-21T15:17:43.328957-07:00" description: Installs the CRDs for rancher-kiali-server. - digest: ebe2573bff65881bb5ac4442c1eb88648c942f9bb2340d6c409ac74d467f96b1 + digest: 4ddd8248707294cb91fdd1c2fd9994417bf265b7f649312e82a4f1a86b60e9b6 name: rancher-kiali-server-crd type: application urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.29.000-rc01.tgz - version: 1.29.000-rc01 + - released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.29.000.tgz + version: 1.29.000 - annotations: catalog.cattle.io/hidden: "true" apiVersion: v2 - created: "2021-03-04T09:47:45.002922-08:00" + created: "2021-04-21T15:17:43.328822-07:00" description: Installs the CRDs for rancher-kiali-server. - digest: 07d01d30e02215be110edd55afa1a9e52b3de9592b24151f6450d5f17139e81c - name: rancher-kiali-server-crd - type: application - urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.29.000-rc00.tgz - version: 1.29.000-rc00 - - annotations: - catalog.cattle.io/hidden: "true" - apiVersion: v2 - created: "2021-01-15T00:11:30.487854-08:00" - description: Installs the CRDs for rancher-kiali-server. - digest: 01aafd54277c2c010d382a92177391abe11c894ac5cdac331699518ba5616a0d + digest: c8635521da746674695c7833a5509ee92c615adabd47e511e1dd7c2617a4bf7b name: rancher-kiali-server-crd type: application urls: @@ -3837,20 +1829,9 @@ entries: - annotations: catalog.cattle.io/hidden: "true" apiVersion: v2 - created: "2021-01-15T00:11:30.487714-08:00" + created: "2021-04-21T15:17:43.328683-07:00" description: Installs the CRDs for rancher-kiali-server. - digest: d22c5d81a57cf38e56db65a9809167b16688cff39c226f209a8f8c2b616267cd - name: rancher-kiali-server-crd - type: application - urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.24.002.tgz - version: 1.24.002 - - annotations: - catalog.cattle.io/hidden: "true" - apiVersion: v2 - created: "2021-01-15T00:11:30.487574-08:00" - description: Installs the CRDs for rancher-kiali-server. - digest: d142e5634dafacd4ade2d93460b2926577ff87e4ba4a1100c1f280e22b8100fd + digest: bd55c5af7c26744e91922c6a9463c10e52ba65ddf0cf148107461f2983a71223 name: rancher-kiali-server-crd type: application urls: @@ -3859,20 +1840,9 @@ entries: - annotations: catalog.cattle.io/hidden: "true" apiVersion: v2 - created: "2021-01-15T00:11:30.487426-08:00" + created: "2021-04-21T15:17:43.328539-07:00" description: Installs the CRDs for rancher-kiali-server. - digest: 2100f0710b74ff80aafb679d626c44033ac77dbc9a050a56f3bb07ad35ac9cb3 - name: rancher-kiali-server-crd - type: application - urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.23.002.tgz - version: 1.23.002 - - annotations: - catalog.cattle.io/hidden: "true" - apiVersion: v2 - created: "2021-01-15T00:11:30.487274-08:00" - description: Installs the CRDs for rancher-kiali-server. - digest: e78efc9f5d5e5943b851678c563f445128927c4d5608d40ec233944baeee1bf6 + digest: 5d5ebb3498ac0b64cf1a73d743b0f3f45fd40c0a9ee3b26d94ae60176e523574 name: rancher-kiali-server-crd type: application urls: @@ -3887,9 +1857,9 @@ entries: catalog.rancher.io/release-name: rancher-kube-state-metrics apiVersion: v1 appVersion: 1.9.8 - created: "2021-04-07T19:45:48.13399446Z" + created: "2021-04-21T15:17:43.330146-07:00" description: Install kube-state-metrics to generate and expose cluster-level metrics - digest: d52d15d957bd8add7a1637511b74ebbac7d30104b903f655ba996d703eb6fc37 + digest: 49cee3cb6cf6e09924801f1a44dfb2a1d8e3f8bcac95b7c4e796211c2d41e41e home: https://github.com/kubernetes/kube-state-metrics/ keywords: - metric @@ -3905,8 +1875,8 @@ entries: sources: - https://github.com/kubernetes/kube-state-metrics/ urls: - - assets/rancher-kube-state-metrics/rancher-kube-state-metrics-2.13.101-rc00.tgz - version: 2.13.101-rc00 + - released/assets/rancher-kube-state-metrics/rancher-kube-state-metrics-2.13.101.tgz + version: 2.13.101 rancher-logging: - annotations: catalog.cattle.io/auto-install: rancher-logging-crd=match @@ -3918,10 +1888,10 @@ entries: catalog.cattle.io/ui-component: logging apiVersion: v1 appVersion: 3.9.4 - created: "2021-04-16T20:03:49.193802604Z" + created: "2021-04-21T15:17:43.336208-07:00" description: Collects and filter logs using highly configurable CRDs. Powered by Banzai Cloud Logging Operator. - digest: ab0fecb24b3b53694f21ddc81f52e7eb7b6ed8d7a12dda99969ce93b847a4115 + digest: 5c6bdf00cc42d58875172344fd141bbfa21917e1ef4d5efad80979d33ffde169 icon: https://charts.rancher.io/assets/logos/logging.svg keywords: - logging @@ -3929,100 +1899,8 @@ entries: - security name: rancher-logging urls: - - assets/rancher-logging/rancher-logging-3.9.400-rc04.tgz - version: 3.9.400-rc04 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.4 - created: "2021-04-12T18:41:37.101699289Z" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: e2149c7fa4a8612e80840aed76e33cfebd0170316b7c050a0cc7cf1ab18acff7 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - assets/rancher-logging/rancher-logging-3.9.400-rc03.tgz - version: 3.9.400-rc03 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.4 - created: "2021-04-06T01:21:46.069869939Z" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: f4714a3b0503729d9b5e4cda0ebe9efd48dd2d8e23afd1b6cb2365e65dc9c3dd - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - assets/rancher-logging/rancher-logging-3.9.400-rc02.tgz - version: 3.9.400-rc02 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.4 - created: "2021-04-05T22:44:50.101273899Z" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 30d4923f39a8aa6ace97de46f493bccd7eec8237d6dbdb7aec8068040d8c92e3 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - assets/rancher-logging/rancher-logging-3.9.400-rc01.tgz - version: 3.9.400-rc01 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.4 - created: "2021-04-05T21:37:25.589334866Z" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 4ea5580c3e30c9a1243ebcf5461ea1e7ea8d75967539d5f26d46a5b65eaffb0c - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - assets/rancher-logging/rancher-logging-3.9.400-rc00.tgz - version: 3.9.400-rc00 + - released/assets/rancher-logging/rancher-logging-3.9.400.tgz + version: 3.9.400 - annotations: catalog.cattle.io/auto-install: rancher-logging-crd=match catalog.cattle.io/certified: rancher @@ -4034,10 +1912,10 @@ entries: catalog.cattle.io/ui-component: logging apiVersion: v1 appVersion: 3.9.0 - created: "2021-04-02T17:23:23.032662482Z" + created: "2021-04-21T15:17:43.335339-07:00" description: Collects and filter logs using highly configurable CRDs. Powered by Banzai Cloud Logging Operator. - digest: 2dcaa4a7e544526058314d32ce5c63daab046205e760ba6dba2541ccc6028f63 + digest: c5d6f72e600a1710cc3330195604ab4e0bea2d51eaadf4885c63d529842b91ce icon: https://charts.rancher.io/assets/logos/logging.svg keywords: - logging @@ -4045,8 +1923,8 @@ entries: - security name: rancher-logging urls: - - assets/rancher-logging/rancher-logging-3.9.002-rc03.tgz - version: 3.9.002-rc03 + - released/assets/rancher-logging/rancher-logging-3.9.002.tgz + version: 3.9.002 - annotations: catalog.cattle.io/auto-install: rancher-logging-crd=match catalog.cattle.io/certified: rancher @@ -4058,10 +1936,10 @@ entries: catalog.cattle.io/ui-component: logging apiVersion: v1 appVersion: 3.9.0 - created: "2021-04-01T20:22:18.03796638Z" + created: "2021-04-21T15:17:43.334524-07:00" description: Collects and filter logs using highly configurable CRDs. Powered by Banzai Cloud Logging Operator. - digest: e8f5837404d3c24d8396b0676f21b100d9f2fde1f1c501786b330648986e9d1c + digest: 46f4617b0020c4cddcd6a0c3a8f39ac2ff56eebec0b4b4c13b4821bfb1ff411c icon: https://charts.rancher.io/assets/logos/logging.svg keywords: - logging @@ -4069,8 +1947,8 @@ entries: - security name: rancher-logging urls: - - assets/rancher-logging/rancher-logging-3.9.002-rc02.tgz - version: 3.9.002-rc02 + - released/assets/rancher-logging/rancher-logging-3.9.001.tgz + version: 3.9.001 - annotations: catalog.cattle.io/auto-install: rancher-logging-crd=match catalog.cattle.io/certified: rancher @@ -4082,10 +1960,10 @@ entries: catalog.cattle.io/ui-component: logging apiVersion: v1 appVersion: 3.9.0 - created: "2021-03-15T19:33:50.86544465Z" + created: "2021-04-21T15:17:43.333757-07:00" description: Collects and filter logs using highly configurable CRDs. Powered by Banzai Cloud Logging Operator. - digest: 3d9759eb846b9e8891bc40e1fc6b6fa9f6f998fc66f8a6736f0255f685cc64f8 + digest: b6b5e0c627f5594033b3558ff1f2d9c01b1f504a53cbc91b4e75d443ef81a784 icon: https://charts.rancher.io/assets/logos/logging.svg keywords: - logging @@ -4093,248 +1971,8 @@ entries: - security name: rancher-logging urls: - - assets/rancher-logging/rancher-logging-3.9.002-rc01.tgz - version: 3.9.002-rc01 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-12T17:14:00.950736124Z" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: d59d5206ab61e47dcf2ebf20dd72c5bb7dc01e21961aad70df7199a61b510998 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - assets/rancher-logging/rancher-logging-3.9.001-rc08.tgz - version: 3.9.001-rc08 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-04T09:47:45.011144-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: e5b5de6aaea6c3a4f3fd60b6045beafdd3e3db3a72278410110faadb8c6e9fd5 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.9.000-rc08.tgz - version: 3.9.000-rc08 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-04T09:47:45.010348-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 7e1d1f0e60e7695db920d8960ae4f50f12b2763584c7ae03c5cbf27248490c24 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.9.000-rc07.tgz - version: 3.9.000-rc07 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-04T09:47:45.009554-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 90596ebd741c5bd712796d8dd07954663e76e41adad3c8f5177176414d355492 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.9.000-rc06.tgz - version: 3.9.000-rc06 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-04T09:47:45.008754-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 261ac9ff48b610df1c610904cb7ff999a619fdcb23620cf90c094adb0e0a1f2e - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.9.000-rc05.tgz - version: 3.9.000-rc05 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-04T09:47:45.0078-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 0e2f0b1f53b4e81488ffdd41bb68693e332bf7eaf29488b310f5b7368858c603 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.9.000-rc04.tgz - version: 3.9.000-rc04 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-04T09:47:45.006305-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 7f35d0af785c25d20003daf0d0b78a2e72e5b6a9f5e727757ee753c84260ba78 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.9.000-rc03.tgz - version: 3.9.000-rc03 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-04T09:47:45.005471-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 9654d484b60c1aa9f999791a83ddc5068ec69b0e3becd61b4198e243be7957af - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.9.000-rc02.tgz - version: 3.9.000-rc02 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-04T09:47:45.004669-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 460e6154256f66ea1e91d41a16195aa5c5c16123bf9b3895c2186a8ec69b80f5 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.9.000-rc01.tgz - version: 3.9.000-rc01 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-04T09:47:45.00384-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 8950865836a669a9190792174befffb50ed1bf9b41be2831d63624ff385cf0f7 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.9.000-rc00.tgz - version: 3.9.000-rc00 + - released/assets/rancher-logging/rancher-logging-3.9.000.tgz + version: 3.9.000 - annotations: catalog.cattle.io/auto-install: rancher-logging-crd=match catalog.cattle.io/certified: rancher @@ -4346,10 +1984,10 @@ entries: catalog.cattle.io/ui-component: logging apiVersion: v1 appVersion: 3.8.2 - created: "2021-01-15T00:11:30.4918-08:00" + created: "2021-04-21T15:17:43.332942-07:00" description: Collects and filter logs using highly configurable CRDs. Powered by Banzai Cloud Logging Operator. - digest: a27ce10fdf883d5378255e99eddd7a7d5a3a9f6a9b00208ea182d27b98124932 + digest: 7ec4dfb2441832d22651e9263f4bbdcda9e1f064b9e32c70d0fb7c4f6641331a icon: https://charts.rancher.io/assets/logos/logging.svg keywords: - logging @@ -4359,54 +1997,6 @@ entries: urls: - released/assets/rancher-logging/rancher-logging-3.8.201.tgz version: 3.8.201 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.8.0 - created: "2021-01-15T00:11:30.491025-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: c643abc8d8fa9a6e86de5aa7f31de1aa427cbc1dbe12854696126f264ab45c5f - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.8.001.tgz - version: 3.8.001 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.7.3 - created: "2021-01-15T00:11:30.490244-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 825b35e6c8d6e5cb58cc27a83057dcf4b941c1cf9f1685ba8de9a581c50167b4 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.7.301.tgz - version: 3.7.301 - annotations: catalog.cattle.io/auto-install: rancher-logging-crd=match catalog.cattle.io/certified: rancher @@ -4418,10 +2008,10 @@ entries: catalog.cattle.io/ui-component: logging apiVersion: v1 appVersion: 3.6.0 - created: "2021-01-15T00:11:30.489493-08:00" + created: "2021-04-21T15:17:43.332199-07:00" description: Collects and filter logs using highly configurable CRDs. Powered by Banzai Cloud Logging Operator. - digest: d759335422822364d842d5b3320eb5984df94ed0aad16e4d33e52c193fa82a7d + digest: a89b3a4327484343c59a88949479c106e40b2587df194e18910cf83099291aa6 icon: https://charts.rancher.io/assets/logos/logging.svg keywords: - logging @@ -4441,10 +2031,10 @@ entries: catalog.cattle.io/ui-component: logging apiVersion: v1 appVersion: 3.6.0 - created: "2021-01-15T00:11:30.488715-08:00" + created: "2021-04-21T15:17:43.331446-07:00" description: Collects and filter logs using highly configurable CRDs. Powered by Banzai Cloud Logging Operator. - digest: 8b20ad589d1cf3e21b0235db0e93d6556aea4b94649a37f97544c65f55839ad2 + digest: 3f3cd871fe5c6708b3fcdcd7a9f6e87ee41eb8f5505bdaed3f01791ac2bf7faf icon: https://charts.rancher.io/assets/logos/logging.svg keywords: - logging @@ -4461,261 +2051,65 @@ entries: catalog.cattle.io/namespace: cattle-logging-system catalog.cattle.io/release-name: rancher-logging-crd apiVersion: v1 - created: "2021-04-16T20:03:49.214426724Z" + created: "2021-04-21T15:17:43.345691-07:00" description: Installs the CRDs for rancher-logging. - digest: 2394c454671389d697576f38532cde477f1f2409c3000245da02a68616d45c84 + digest: b73e869013770d0f462ac77e70b01d403779ad34de300384e0aca6b0ef644025 name: rancher-logging-crd type: application urls: - - assets/rancher-logging/rancher-logging-crd-3.9.400-rc04.tgz - version: 3.9.400-rc04 + - released/assets/rancher-logging/rancher-logging-crd-3.9.400.tgz + version: 3.9.400 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: cattle-logging-system catalog.cattle.io/release-name: rancher-logging-crd apiVersion: v1 - created: "2021-04-12T18:41:37.122146522Z" + created: "2021-04-21T15:17:43.343612-07:00" description: Installs the CRDs for rancher-logging. - digest: b184b7cd339799440349dec93f8068fb54af108b386c462032ea2a23f3ea6eb6 + digest: b8f7abc9fc43fbb262a581e6f55a174ff6d4da0ed0896e50cb3be64f5819e04f name: rancher-logging-crd type: application urls: - - assets/rancher-logging/rancher-logging-crd-3.9.400-rc03.tgz - version: 3.9.400-rc03 + - released/assets/rancher-logging/rancher-logging-crd-3.9.002.tgz + version: 3.9.002 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: cattle-logging-system catalog.cattle.io/release-name: rancher-logging-crd apiVersion: v1 - created: "2021-04-06T01:21:46.085881781Z" + created: "2021-04-21T15:17:43.342527-07:00" description: Installs the CRDs for rancher-logging. - digest: 51b7a28f0e9b297141bba104d0ca6c9766908e8d11bbcd6b829b894057bff970 + digest: b3d48c89d1f1d4b31e867388148bae2c96c398c9315c5f14fd5b6fc3000e0802 name: rancher-logging-crd type: application urls: - - assets/rancher-logging/rancher-logging-crd-3.9.400-rc02.tgz - version: 3.9.400-rc02 + - released/assets/rancher-logging/rancher-logging-crd-3.9.001.tgz + version: 3.9.001 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: cattle-logging-system catalog.cattle.io/release-name: rancher-logging-crd apiVersion: v1 - created: "2021-04-05T22:44:50.116160346Z" + created: "2021-04-21T15:17:43.34153-07:00" description: Installs the CRDs for rancher-logging. - digest: 05bcc4fdcf49baf692f5cda021e0482c11392c88adff434087142a14f2af780d + digest: 2ab6fc36daf86c405b536970d9ed4dcb68f84ac93df7ac3811dd123ba82448bd name: rancher-logging-crd type: application urls: - - assets/rancher-logging/rancher-logging-crd-3.9.400-rc01.tgz - version: 3.9.400-rc01 + - released/assets/rancher-logging/rancher-logging-crd-3.9.000.tgz + version: 3.9.000 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: cattle-logging-system catalog.cattle.io/release-name: rancher-logging-crd apiVersion: v1 - created: "2021-04-05T21:37:25.600140939Z" + created: "2021-04-21T15:17:43.339785-07:00" description: Installs the CRDs for rancher-logging. - digest: c05caeebb83f8b92a359a4824a5d0b4432060db03f3aef065536d527cac0963d - name: rancher-logging-crd - type: application - urls: - - assets/rancher-logging/rancher-logging-crd-3.9.400-rc00.tgz - version: 3.9.400-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-04-02T17:23:23.043909832Z" - description: Installs the CRDs for rancher-logging. - digest: 79a92ba93a3e12ab21904a2fbac1af5e02bb383bb0d0870098823ca3a3906d48 - name: rancher-logging-crd - type: application - urls: - - assets/rancher-logging/rancher-logging-crd-3.9.002-rc03.tgz - version: 3.9.002-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-04-01T20:22:18.045909344Z" - description: Installs the CRDs for rancher-logging. - digest: 07a532d77f5dd9659b180a0be6e69d4503a0604be096d60f71f9df3d0d9061fe - name: rancher-logging-crd - type: application - urls: - - assets/rancher-logging/rancher-logging-crd-3.9.002-rc02.tgz - version: 3.9.002-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-15T19:33:50.871226689Z" - description: Installs the CRDs for rancher-logging. - digest: 458d13cf6ad6f90488dc73a6a96744e8a7b32b15cef8d01647b8eb9e848127d7 - name: rancher-logging-crd - type: application - urls: - - assets/rancher-logging/rancher-logging-crd-3.9.002-rc01.tgz - version: 3.9.002-rc01 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-12T17:14:00.954344407Z" - description: Installs the CRDs for rancher-logging. - digest: 41510a9536773fea4e55775d5952bac7244b2980c49def8fbaf87d40e2455e30 - name: rancher-logging-crd - type: application - urls: - - assets/rancher-logging/rancher-logging-crd-3.9.001-rc08.tgz - version: 3.9.001-rc08 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-04T09:47:45.024289-08:00" - description: Installs the CRDs for rancher-logging. - digest: 352a9b536b5ba239f601ab34c1eff9d270d94f7f56f56f954dd1373f51345729 - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc08.tgz - version: 3.9.000-rc08 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-04T09:47:45.022557-08:00" - description: Installs the CRDs for rancher-logging. - digest: 1e60f77e39411099e3014c8b7549d14597c0d46c0d57389c9208c90e38c23608 - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc07.tgz - version: 3.9.000-rc07 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-04T09:47:45.021403-08:00" - description: Installs the CRDs for rancher-logging. - digest: c8bec736459bb23bbc1359c54181aa12671908bc67258332843b812527130441 - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc06.tgz - version: 3.9.000-rc06 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-04T09:47:45.019832-08:00" - description: Installs the CRDs for rancher-logging. - digest: b18dfb6108edf77d1611c6280fd6d781d35a3087096472ec138816d85636d098 - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc05.tgz - version: 3.9.000-rc05 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-04T09:47:45.018831-08:00" - description: Installs the CRDs for rancher-logging. - digest: 4dd87f71a05a2412fd2b4766d9ef9c7fb644f117d2dd19b7e39784b2748ff3b7 - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc04.tgz - version: 3.9.000-rc04 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-04T09:47:45.017765-08:00" - description: Installs the CRDs for rancher-logging. - digest: fed2e3420bb9e53c2324fff2c8ba0514f3fcaac55b6b92f66b4423b89101172d - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc03.tgz - version: 3.9.000-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-04T09:47:45.015616-08:00" - description: Installs the CRDs for rancher-logging. - digest: be0b8e51b55a6cf501af15dc549a5c38cf017ad3a473cea04fc020519ba7f844 - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc02.tgz - version: 3.9.000-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-04T09:47:45.014083-08:00" - description: Installs the CRDs for rancher-logging. - digest: b800deea73ac1792fba30d8d8e1bdfd1c3ab44351a4c60a765e1f2af39ca284e - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc01.tgz - version: 3.9.000-rc01 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-04T09:47:45.012692-08:00" - description: Installs the CRDs for rancher-logging. - digest: a2dc007bfb58a8725d054ab1adaaafa72b57680ae8f1e363aaa095970a27f040 - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc00.tgz - version: 3.9.000-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.497347-08:00" - description: Installs the CRDs for rancher-logging. - digest: 9a8baaed2f02e43b7eacb4c3cbcd6a33f84645b0d0b24f6f73867871dd41db23 + digest: 351b69ac821716e05b4648f6fe175bfc8b25fee5dc8b7088cc3b77a7d8596b76 name: rancher-logging-crd type: application urls: @@ -4727,37 +2121,9 @@ entries: catalog.cattle.io/namespace: cattle-logging-system catalog.cattle.io/release-name: rancher-logging-crd apiVersion: v1 - created: "2021-01-15T00:11:30.49633-08:00" + created: "2021-04-21T15:17:43.338692-07:00" description: Installs the CRDs for rancher-logging. - digest: 92eca9fef67bad369b311b07974a05d156546104119f6864ff9c46decb966909 - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.8.001.tgz - version: 3.8.001 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.494828-08:00" - description: Installs the CRDs for rancher-logging. - digest: 7f85f6ac9eabecaa9cf6e56cd3772b0d604afccc16411b3a61c02ef437ff7c1e - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.7.301.tgz - version: 3.7.301 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.493957-08:00" - description: Installs the CRDs for rancher-logging. - digest: e75790f7d4fc054e757526a2944475a6ff427f6d7b6726ade7a0db28c7fbc986 + digest: 582846a78f045a48088f355599a0abd62c98ce62698ef7fe59ed2180f2016441 name: rancher-logging-crd type: application urls: @@ -4769,9 +2135,9 @@ entries: catalog.cattle.io/namespace: cattle-logging-system catalog.cattle.io/release-name: rancher-logging-crd apiVersion: v1 - created: "2021-01-15T00:11:30.493121-08:00" + created: "2021-04-21T15:17:43.337645-07:00" description: Installs the CRDs for rancher-logging. - digest: 4947e5272f4f4f9f227691aa35c8c1bef980fbdde725bac1c358c6fe7229932e + digest: 1c24d7465ba9a4ae3613ffad12cea6d6a60df66a9fbf4d0f2674c4efec2616f2 name: rancher-logging-crd type: application urls: @@ -4796,7 +2162,7 @@ entries: catalog.cattle.io/ui-component: monitoring apiVersion: v2 appVersion: 0.46.0 - created: "2021-04-21T21:24:45.358266102Z" + created: "2021-04-21T15:17:43.365488-07:00" dependencies: - condition: grafana.enabled name: grafana @@ -4855,7 +2221,7 @@ entries: description: Collects several related Helm charts, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 00c5a9ad1ace7750417ed21deb6ba1dca497987d7818ad749414831da9b4420b + digest: bdef2a0dc8ea33e51c614ba9ba6f7d16dfcb30c99fa4749eed429893b1ff9727 home: https://github.com/prometheus-operator/kube-prometheus icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png keywords: @@ -4883,864 +2249,8 @@ entries: - https://github.com/prometheus-operator/kube-prometheus type: application urls: - - assets/rancher-monitoring/rancher-monitoring-14.5.100-rc08.tgz - version: 14.5.100-rc08 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v2 - appVersion: 0.46.0 - created: "2021-04-14T00:45:28.8835116Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - - condition: global.cattle.windows.enabled - name: windowsExporter - repository: file://./charts/windowsExporter - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: c582850ebf328511230bb5e54e67637b1a67d8f26b60e72c68798cc789ce8742 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - kubeVersion: '>=1.16.0-0' - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-14.5.100-rc07.tgz - version: 14.5.100-rc07 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v2 - appVersion: 0.46.0 - created: "2021-04-14T00:36:29.467386958Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - - condition: global.cattle.windows.enabled - name: windowsExporter - repository: file://./charts/windowsExporter - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: d83eace264cab91cb4c126a2ce523e683655a536be09e7eba1cce15dd3403b43 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - kubeVersion: '>=1.16.0-0' - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-14.5.100-rc06.tgz - version: 14.5.100-rc06 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v2 - appVersion: 0.46.0 - created: "2021-04-09T23:38:33.605775428Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - - condition: global.cattle.windows.enabled - name: windowsExporter - repository: file://./charts/windowsExporter - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: a2a9228357a52b8fedbb6e229547be80e4d25b500c0eb75f2f6b138ee8bf08bf - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - kubeVersion: '>=1.16.0-0' - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-14.5.100-rc05.tgz - version: 14.5.100-rc05 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v2 - appVersion: 0.46.0 - created: "2021-04-09T23:21:12.757524623Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - - condition: windowsExporter.enabled - name: windowsExporter - repository: file://./charts/windowsExporter - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: c312a0114ff600d20cc3ff277246a31fd03645db7185f08760555d99ac7231c2 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - kubeVersion: '>=1.16.0-0' - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-14.5.100-rc04.tgz - version: 14.5.100-rc04 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v2 - appVersion: 0.46.0 - created: "2021-04-09T19:01:47.090654763Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - - condition: windowsExporter.enabled - name: windowsExporter - repository: file://./charts/windowsExporter - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: b13ae71d6e417ff96529789ea798c6c4e4cdf95111f9d21955f5cca0ba278d16 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - kubeVersion: '>=1.16.0-0' - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-14.5.100-rc03.tgz - version: 14.5.100-rc03 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v2 - appVersion: 0.46.0 - created: "2021-04-09T18:57:12.724760925Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - - condition: windowsExporter.enabled - name: windowsExporter - repository: file://./charts/windowsExporter - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 4e6ec47c084a984ae656a10fc51bbb75cb75e29544a4ff9a73bd1fe1c69b8357 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - kubeVersion: '>=1.16.0-0' - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-14.5.100-rc02.tgz - version: 14.5.100-rc02 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v2 - appVersion: 0.46.0 - created: "2021-04-08T17:35:35.036795187Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - - condition: windowsExporter.enabled - name: windowsExporter - repository: file://./charts/windowsExporter - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 0c8c9c9bfaabce4a98ddd1bdf2b5061ffa03836b6596e3412c5a790bd28be209 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - kubeVersion: '>=1.16.0-0' - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-14.5.100-rc01.tgz - version: 14.5.100-rc01 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v2 - appVersion: 0.46.0 - created: "2021-04-07T19:45:48.197334994Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - - condition: windowsExporter.enabled - name: windowsExporter - repository: file://./charts/windowsExporter - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 240add26835de08eec696d8d8a02f8ad0a6e3816abe84981ac4c4118b95503fb - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - kubeVersion: '>=1.16.0-0' - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-14.5.100-rc00.tgz - version: 14.5.100-rc00 + - released/assets/rancher-monitoring/rancher-monitoring-14.5.100.tgz + version: 14.5.100 - annotations: artifacthub.io/links: | - name: Chart Source @@ -5759,7 +2269,7 @@ entries: catalog.cattle.io/ui-component: monitoring apiVersion: v1 appVersion: 0.38.1 - created: "2021-04-01T17:13:59.513019601Z" + created: "2021-04-21T15:17:43.446934-07:00" dependencies: - condition: grafana.enabled name: grafana @@ -5818,7 +2328,7 @@ entries: description: Collects several related Helm charts, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 3b19da9f6dba9ed6a22253e0c0a89ed7c92a5e51d68265f715a1edd581ef5be4 + digest: a4cc6951bf9d0c683b0f30ccffa87229e8f6d3a467eef1055b44533e00e594c3 home: https://github.com/prometheus-operator/kube-prometheus icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png keywords: @@ -5844,533 +2354,8 @@ entries: - https://github.com/prometheus-community/helm-charts - https://github.com/prometheus-operator/kube-prometheus urls: - - assets/rancher-monitoring/rancher-monitoring-9.4.204-rc09.tgz - version: 9.4.204-rc09 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-04-01T00:24:29.131143915Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - - condition: windowsExporter.enabled - name: windowsExporter - repository: file://./charts/windowsExporter - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 3e6782415cc47a7b900c4e5c57abd578e160c739991d571d94fc7da1f468c16e - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - assets/rancher-monitoring/rancher-monitoring-9.4.204-rc08.tgz - version: 9.4.204-rc08 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-29T19:11:34.094148142Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - - condition: windowsExporter.enabled - name: windowsExporter - repository: file://./charts/windowsExporter - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: e7d64d5bd68fe224dc59187410ff5ac4adb99788c1dbf256ef3249f6c37a0734 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - assets/rancher-monitoring/rancher-monitoring-9.4.204-rc07.tgz - version: 9.4.204-rc07 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-29T18:50:17.116905752Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - - condition: windowsExporter.enabled - name: windowsExporter - repository: file://./charts/windowsExporter - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 3b24326ffabbf3d4203981deb693b499d6231b71f5a6b73734fe83ce33c2269b - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - assets/rancher-monitoring/rancher-monitoring-9.4.204-rc06.tgz - version: 9.4.204-rc06 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-19T19:06:09.93979837Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - - condition: windowsExporter.enabled - name: windowsExporter - repository: file://./charts/windowsExporter - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: de33b0e74170ca8b9eabdac17c44becff154d274dcf09b947994be1c3d5e28bb - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - assets/rancher-monitoring/rancher-monitoring-9.4.204-rc05.tgz - version: 9.4.204-rc05 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-15T17:53:22.536978155Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - - condition: windowsExporter.enabled - name: windowsExporter - repository: file://./charts/windowsExporter - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: d8fec718599037d90c5a63c9ca9dedfcf3cae69e0a9aae90f75bdf14cebf97f5 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - assets/rancher-monitoring/rancher-monitoring-9.4.204-rc04.tgz - version: 9.4.204-rc04 + - released/assets/rancher-monitoring/rancher-monitoring-9.4.204.tgz + version: 9.4.204 - annotations: artifacthub.io/links: | - name: Chart Source @@ -6390,7 +2375,7 @@ entries: catalog.cattle.io/ui-component: monitoring apiVersion: v1 appVersion: 0.38.1 - created: "2021-03-11T19:24:36.934227524Z" + created: "2021-04-21T15:17:43.426785-07:00" dependencies: - condition: grafana.enabled name: grafana @@ -6446,7 +2431,7 @@ entries: description: Collects several related Helm charts, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 3e14ffafc25dd769c3b80db1102db1f1fa0deb64025bfae0323759e54209d52e + digest: 64604ea0359b468c9a768ec484ebfdf3f776da5524571c85dd42bc6e600aeead home: https://github.com/prometheus-operator/kube-prometheus icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png keywords: @@ -6472,826 +2457,8 @@ entries: - https://github.com/prometheus-community/helm-charts - https://github.com/prometheus-operator/kube-prometheus urls: - - assets/rancher-monitoring/rancher-monitoring-9.4.204-rc03.tgz - version: 9.4.204-rc03 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-11T07:21:44.739468733Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: f68e46357300451b582354dd838f80a68cbda4c4f3d2c0adc812096f563f8e4f - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - assets/rancher-monitoring/rancher-monitoring-9.4.204-rc02.tgz - version: 9.4.204-rc02 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-09T18:31:06.113312152Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 66b54a77c5fc817d9f0fba7918160a709debba453f3a5705a16a62324ed09235 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - assets/rancher-monitoring/rancher-monitoring-9.4.204-rc01.tgz - version: 9.4.204-rc01 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-04T22:24:38.312011609Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: aba45df29197c56e35ff1f0045261cb39efece2c91ce47ffc3e6b2ae70aa3f94 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - assets/rancher-monitoring/rancher-monitoring-9.4.204-rc00.tgz - version: 9.4.204-rc00 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-04T09:47:45.113244-08:00" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 92fe184bf72dc5b21d907a158b4e725f4f688d627e5b63448cd47f5e2ef119e0 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - released/assets/rancher-monitoring/rancher-monitoring-9.4.203-rc04.tgz - version: 9.4.203-rc04 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-04T09:47:45.096879-08:00" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 748ab12856c906c69fd6ec1a66369d790fbb53d8e54763cc737f4e0fb6d07998 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - released/assets/rancher-monitoring/rancher-monitoring-9.4.203-rc03.tgz - version: 9.4.203-rc03 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-04T09:47:45.08055-08:00" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: b452563b7f643a0b2e48720bc7b0d597e32d2c89764e897e896caac4c7b79154 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - released/assets/rancher-monitoring/rancher-monitoring-9.4.203-rc02.tgz - version: 9.4.203-rc02 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-04T09:47:45.063106-08:00" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 381a6a4c07867f5a4a737b49ac1c919ca62d72797054b7bdeeb0f9906acfaa93 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - released/assets/rancher-monitoring/rancher-monitoring-9.4.203-rc01.tgz - version: 9.4.203-rc01 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-04T09:47:45.043037-08:00" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 790ea3458c6170db492639981aeca7376b6b825eab4c623646a721f6405f3440 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - released/assets/rancher-monitoring/rancher-monitoring-9.4.203-rc00.tgz - version: 9.4.203-rc00 + - released/assets/rancher-monitoring/rancher-monitoring-9.4.203.tgz + version: 9.4.203 - annotations: artifacthub.io/links: | - name: Chart Source @@ -7309,7 +2476,7 @@ entries: catalog.cattle.io/ui-component: monitoring apiVersion: v1 appVersion: 0.38.1 - created: "2021-01-15T00:11:30.543558-08:00" + created: "2021-04-21T15:17:43.408432-07:00" dependencies: - condition: kubeStateMetrics.enabled name: kube-state-metrics @@ -7395,7 +2562,7 @@ entries: description: Collects several related Helm charts, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 7e211720b3d489c00426788abec352bc4561dd30c5c502112787a212100c46e7 + digest: 0e032ffa7397d564f3d00aa7719b62314e25f6e32e723de5db0f312f4a0034de home: https://github.com/prometheus-operator/kube-prometheus icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png keywords: @@ -7438,7 +2605,7 @@ entries: catalog.cattle.io/ui-component: monitoring apiVersion: v1 appVersion: 0.38.1 - created: "2021-01-15T00:11:30.528456-08:00" + created: "2021-04-21T15:17:43.39281-07:00" dependencies: - condition: kubeStateMetrics.enabled name: kube-state-metrics @@ -7524,7 +2691,7 @@ entries: description: Collects several related Helm charts, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 5b5adac2304f7f7cd7761a269a038b178cc34c48d098829c66e880fa8b4c31a7 + digest: 36890f0d8ae2f9c4990e61122d727a5df31dbe017f49d6334e7e13fb9c257cd8 home: https://github.com/prometheus-operator/kube-prometheus icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png keywords: @@ -7566,7 +2733,7 @@ entries: catalog.cattle.io/ui-component: monitoring apiVersion: v1 appVersion: 0.38.1 - created: "2021-01-15T00:11:30.512591-08:00" + created: "2021-04-21T15:17:43.379857-07:00" dependencies: - condition: kubeStateMetrics.enabled name: kube-state-metrics @@ -7662,7 +2829,7 @@ entries: description: Collects several related Helm charts, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: a36daf9841b3cd516ed127170d4a9fc85d1d9d1bdfb52128d232803e5276a0b2 + digest: 4c5845c1ca7c109052ce9cae5deea7dd0bc697cb334ba9d929f4c04f14835957 home: https://github.com/prometheus-operator/kube-prometheus icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png keywords: @@ -7695,345 +2862,51 @@ entries: catalog.cattle.io/namespace: cattle-monitoring-system catalog.cattle.io/release-name: rancher-monitoring-crd apiVersion: v1 - created: "2021-04-21T21:24:45.80518334Z" + created: "2021-04-21T15:17:43.450977-07:00" description: Installs the CRDs for rancher-monitoring. - digest: d8b89b435b7435e2b07c61f60e0fbe456d9a87abf10761ec09f30f39d8da5e0d + digest: aed740673c0445e09f4958a9dcda2369c049e64c1ab2b838eb84dbced3973e29 name: rancher-monitoring-crd type: application urls: - - assets/rancher-monitoring/rancher-monitoring-crd-14.5.100-rc08.tgz - version: 14.5.100-rc08 + - released/assets/rancher-monitoring/rancher-monitoring-crd-14.5.100.tgz + version: 14.5.100 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: cattle-monitoring-system catalog.cattle.io/release-name: rancher-monitoring-crd apiVersion: v1 - created: "2021-04-14T00:45:29.22965381Z" + created: "2021-04-21T15:17:43.470078-07:00" description: Installs the CRDs for rancher-monitoring. - digest: 364443857caa7fe5650f994304a7e6ff1e58ea41bafea99e9003e0bfdacab0d5 + digest: 037b4064bb46103113f1c591da57efc4959616cfca470742beddab724a28507a name: rancher-monitoring-crd type: application urls: - - assets/rancher-monitoring/rancher-monitoring-crd-14.5.100-rc07.tgz - version: 14.5.100-rc07 + - released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.204.tgz + version: 9.4.204 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: cattle-monitoring-system catalog.cattle.io/release-name: rancher-monitoring-crd apiVersion: v1 - created: "2021-04-14T00:36:29.787938598Z" + created: "2021-04-21T15:17:43.466486-07:00" description: Installs the CRDs for rancher-monitoring. - digest: ec7cb3a9f1b51ec866885c09962aef7793ba7b47f88f84ab16e32143c8c7dba6 + digest: 63a81f944774e646f6549c545f7c6b56635218bc135b9421eab224c6139dcbf7 name: rancher-monitoring-crd type: application urls: - - assets/rancher-monitoring/rancher-monitoring-crd-14.5.100-rc06.tgz - version: 14.5.100-rc06 + - released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203.tgz + version: 9.4.203 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: cattle-monitoring-system catalog.cattle.io/release-name: rancher-monitoring-crd apiVersion: v1 - created: "2021-04-09T23:38:33.929222266Z" + created: "2021-04-21T15:17:43.462778-07:00" description: Installs the CRDs for rancher-monitoring. - digest: f04ebf5d7eb8fd7eb8220cbe56c03ece901b92d37b0ac77b240bebb709ce2d82 - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-14.5.100-rc05.tgz - version: 14.5.100-rc05 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-04-09T23:21:13.060766912Z" - description: Installs the CRDs for rancher-monitoring. - digest: fb0a9d0a2f0d89323efc158bfec517dc496bac733cd5509b79f4280a564d2ac6 - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-14.5.100-rc04.tgz - version: 14.5.100-rc04 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-04-09T19:01:47.363964786Z" - description: Installs the CRDs for rancher-monitoring. - digest: 3d60d1156d5a23c991dffdf237ba4c4aa25b4af516804dd1b563411ea9bcfb7b - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-14.5.100-rc03.tgz - version: 14.5.100-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-04-09T18:57:13.034996398Z" - description: Installs the CRDs for rancher-monitoring. - digest: 0cd2c6315cbc1d9852bd48d5fb52ec4784c01cb05fae20f0da8ecd12afd01c71 - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-14.5.100-rc02.tgz - version: 14.5.100-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-04-08T17:35:35.357876912Z" - description: Installs the CRDs for rancher-monitoring. - digest: 138559f78af79f702a0f726dec6030b8ed90804d554157b5a63c4a67cc59d527 - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-14.5.100-rc01.tgz - version: 14.5.100-rc01 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-04-07T19:45:48.493958685Z" - description: Installs the CRDs for rancher-monitoring. - digest: f5c71f94ad841368b3b88b138efe73c3d5349ec5249dd535606b0fa0b2cbd258 - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-14.5.100-rc00.tgz - version: 14.5.100-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-04-01T17:13:59.563242946Z" - description: Installs the CRDs for rancher-monitoring. - digest: a391c51692369e92dbd9cce1eb831ce179a8c43c4badb7cae7e734853cf36e84 - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-9.4.204-rc09.tgz - version: 9.4.204-rc09 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-04-01T00:24:29.18136558Z" - description: Installs the CRDs for rancher-monitoring. - digest: 09406ed10fc925cecaf9aac55fda6a499568865cfd65a893a3dfc2cab08f58f0 - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-9.4.204-rc08.tgz - version: 9.4.204-rc08 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-29T19:11:34.132322217Z" - description: Installs the CRDs for rancher-monitoring. - digest: 82344e6f4b9bbae466037b995d076a068a35a43314f00dc0616e767b7a1b887c - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-9.4.204-rc07.tgz - version: 9.4.204-rc07 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-29T18:50:17.156704785Z" - description: Installs the CRDs for rancher-monitoring. - digest: 65ec05d07de3dbc8d0993db237f805f665e33792f5462e34c548ba5a2b49b964 - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-9.4.204-rc06.tgz - version: 9.4.204-rc06 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-19T19:06:09.973523331Z" - description: Installs the CRDs for rancher-monitoring. - digest: 0b11edae6bf47779275c19e845732f26972c2ef075f5cc36a17b136627c14cef - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-9.4.204-rc05.tgz - version: 9.4.204-rc05 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-15T17:53:22.567067722Z" - description: Installs the CRDs for rancher-monitoring. - digest: f6112dca3c4d7144a9ed6e9ab241985efce5d15df7f1f4587abd9f00d834fc07 - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-9.4.204-rc04.tgz - version: 9.4.204-rc04 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-11T19:24:36.957648484Z" - description: Installs the CRDs for rancher-monitoring. - digest: b4f526e853fe683f60c1835e90b2872c7e7b1d02a4e64495a654ef59eec4755f - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-9.4.204-rc03.tgz - version: 9.4.204-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-11T07:21:44.755209101Z" - description: Installs the CRDs for rancher-monitoring. - digest: 3a23783b0d8768bc11317fa90a709407c07e49f34b7a6bbfe55f1c67d82b83f8 - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-9.4.204-rc02.tgz - version: 9.4.204-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-09T18:31:06.124041014Z" - description: Installs the CRDs for rancher-monitoring. - digest: 6c652db827bfcc5a874f9bd8676547ba6c3e845dc04fcb2e8fe3e3ea6f6ded7d - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-9.4.204-rc01.tgz - version: 9.4.204-rc01 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-04T22:24:38.317889663Z" - description: Installs the CRDs for rancher-monitoring. - digest: f5eccbacc35a9935dc03dc32f929a1ed2c85bdcf7930c493270b1694e715d49a - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-9.4.204-rc00.tgz - version: 9.4.204-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-04T09:47:45.131189-08:00" - description: Installs the CRDs for rancher-monitoring. - digest: 94e3ca61ac75aae35d2739dc35b7e2c951ff755918fb946eccca6ad4f2ee153c - name: rancher-monitoring-crd - type: application - urls: - - released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203-rc04.tgz - version: 9.4.203-rc04 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-04T09:47:45.127453-08:00" - description: Installs the CRDs for rancher-monitoring. - digest: 338c5e30cceefa4cae16fe6d4ff545277dde72aec7cb1f48404792f4a2d56f1b - name: rancher-monitoring-crd - type: application - urls: - - released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203-rc03.tgz - version: 9.4.203-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-04T09:47:45.124231-08:00" - description: Installs the CRDs for rancher-monitoring. - digest: 0ca0dfc59cc434faddbe2ef552b9ab669d8de9c8a574abdfb8a8c3b185445e30 - name: rancher-monitoring-crd - type: application - urls: - - released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203-rc02.tgz - version: 9.4.203-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-04T09:47:45.120388-08:00" - description: Installs the CRDs for rancher-monitoring. - digest: 7ef29171739727ce9a9ee0a1db010c6104c33013855518bc092e85b6d8428242 - name: rancher-monitoring-crd - type: application - urls: - - released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203-rc01.tgz - version: 9.4.203-rc01 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-04T09:47:45.117158-08:00" - description: Installs the CRDs for rancher-monitoring. - digest: d9689596a9f3d92ca4752bce94937e41fe6330e7b34f5af4596ff85edec23d68 - name: rancher-monitoring-crd - type: application - urls: - - released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203-rc00.tgz - version: 9.4.203-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.555062-08:00" - description: Installs the CRDs for rancher-monitoring. - digest: 31251cec75ee29975f02f00032defce1dbd3cad5ce1dff44a63457fb3c6f475d + digest: 60945c2274b7c169ad84240e7facc9aa8d3a0a4e649c3dcd6e6b21f336a257d8 name: rancher-monitoring-crd type: application urls: @@ -8045,9 +2918,9 @@ entries: catalog.cattle.io/namespace: cattle-monitoring-system catalog.cattle.io/release-name: rancher-monitoring-crd apiVersion: v1 - created: "2021-01-15T00:11:30.551045-08:00" + created: "2021-04-21T15:17:43.459526-07:00" description: Installs the CRDs for rancher-monitoring. - digest: 3e2c6926b5e0384e25d76cc33fee1782c6cf444f4844901105bbfa251b9023ca + digest: 09532cc000ee5a78dbda15c879ad1af9f9c2f8bc08db4067a6756df1a0206de3 name: rancher-monitoring-crd type: application urls: @@ -8059,9 +2932,9 @@ entries: catalog.cattle.io/namespace: cattle-monitoring-system catalog.cattle.io/release-name: rancher-monitoring-crd apiVersion: v1 - created: "2021-01-15T00:11:30.547748-08:00" + created: "2021-04-21T15:17:43.455615-07:00" description: Installs the CRDs for rancher-monitoring. - digest: 1bbc909b84e9c10506c0c2f2ffa074ebfd49d58af2e3a123f802a668d6f78435 + digest: 101721abb2876816b54234568272d0372c274ed3e4851a9c94077f61fefb8a49 name: rancher-monitoring-crd type: application urls: @@ -8076,9 +2949,9 @@ entries: catalog.rancher.io/release-name: rancher-node-exporter apiVersion: v1 appVersion: 1.1.2 - created: "2021-04-07T19:45:48.554527222Z" + created: "2021-04-21T15:17:43.470733-07:00" description: A Helm chart for prometheus node-exporter - digest: 92884824f6b27ec8193c12ca9fc044b73d90a4fa2a77828cffe4a1f70eeab038 + digest: 8420dd3a73ca5b9658da3d878d755c470266281bd216f59027175a0c0575e851 home: https://github.com/prometheus/node_exporter/ keywords: - node-exporter @@ -8093,8 +2966,8 @@ entries: sources: - https://github.com/prometheus/node_exporter/ urls: - - assets/rancher-node-exporter/rancher-node-exporter-1.16.201-rc00.tgz - version: 1.16.201-rc00 + - released/assets/rancher-node-exporter/rancher-node-exporter-1.16.201.tgz + version: 1.16.201 rancher-operator: - annotations: catalog.cattle.io/auto-install: rancher-operator-crd=match @@ -8107,67 +2980,13 @@ entries: catalog.cattle.io/release-name: rancher-operator apiVersion: v2 appVersion: 0.1.4 - created: "2021-04-10T01:22:20.238571482Z" + created: "2021-04-21T15:17:43.472013-07:00" description: Control Rancher using GitOps - digest: 11f8951b4213501166fb7e7a92bf88a7b9bc42bee07ab1a7cce3c81c6ce3719f + digest: 9217c81bf6e0ff46aae4f53e35699eff092104cf160231d81ec1515c8aba01c2 name: rancher-operator urls: - - assets/rancher-operator/rancher-operator-0.1.400-rc04.tgz - version: 0.1.400-rc04 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.4 - created: "2021-04-09T17:59:11.009006785Z" - description: Control Rancher using GitOps - digest: ed678ca8a35ed9972ace87b69bc83deb7cf9c0b56e2f35625d571d03f4db7681 - name: rancher-operator - urls: - - assets/rancher-operator/rancher-operator-0.1.400-rc03.tgz - version: 0.1.400-rc03 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.4 - created: "2021-04-07T00:44:11.378767284Z" - description: Control Rancher using GitOps - digest: 26cd58e62c13a3475145b196a7c15b7556ef9a99815b5b3458ef6dc0080f5b80 - name: rancher-operator - urls: - - assets/rancher-operator/rancher-operator-0.1.400-rc02.tgz - version: 0.1.400-rc02 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.4 - created: "2021-04-06T20:03:07.172865613Z" - description: Control Rancher using GitOps - digest: cb979672008ecb7decf5bc4b818b17762296a9bcf3b22ce29b10aec0f34b605e - name: rancher-operator - urls: - - assets/rancher-operator/rancher-operator-0.1.400-rc01.tgz - version: 0.1.400-rc01 + - released/assets/rancher-operator/rancher-operator-0.1.400.tgz + version: 0.1.400 - annotations: catalog.cattle.io/auto-install: rancher-operator-crd=match catalog.cattle.io/certified: rancher @@ -8179,121 +2998,13 @@ entries: catalog.cattle.io/release-name: rancher-operator apiVersion: v2 appVersion: 0.1.3 - created: "2021-03-04T09:47:45.132758-08:00" + created: "2021-04-21T15:17:43.471792-07:00" description: Control Rancher using GitOps - digest: 2656b6dcd24f1fbbdd0775cb09932e18af415bf13c6e873ae35c5dbd384a3abc + digest: 73ebe2ffee0dd484246cef9e4eec8b4728a98253803ecebc2abc4bd5700eddc8 name: rancher-operator urls: - - released/assets/rancher-operator/rancher-operator-0.1.300-rc08.tgz - version: 0.1.300-rc08 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:45.132538-08:00" - description: Control Rancher using GitOps - digest: b3ce6f43a280702dc57ef54fafffd59e146bff22d5b3b0607e73ac11be7597c6 - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.300-rc07.tgz - version: 0.1.300-rc07 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:45.132321-08:00" - description: Control Rancher using GitOps - digest: 4da0891a485ccab47d970a1b3384c3d260b7f1d336e437991501330d9d7a558f - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.300-rc06.tgz - version: 0.1.300-rc06 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:45.132096-08:00" - description: Control Rancher using GitOps - digest: e22a7299a8219d1a6876472d263679cfad6cd684c0ce1774bd88c604d3823ae0 - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.300-rc05.tgz - version: 0.1.300-rc05 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:45.13188-08:00" - description: Control Rancher using GitOps - digest: d8b53650d168a955588b9489488b1af9f285959fc0f60028b6c802a8e192f571 - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.300-rc04.tgz - version: 0.1.300-rc04 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:45.131657-08:00" - description: Control Rancher using GitOps - digest: 227cf3caf125ed1f2d3329350fdd8b90a788727e620c2af43d8a2f11e035116d - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.300-rc03.tgz - version: 0.1.300-rc03 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:45.131436-08:00" - description: Control Rancher using GitOps - digest: c65dd65dceee1e0ffa7228b89ecac8b03b03b233c65009dcac778d3792e1698c - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.300-rc01.tgz - version: 0.1.300-rc01 + - released/assets/rancher-operator/rancher-operator-0.1.300.tgz + version: 0.1.300 - annotations: catalog.cattle.io/auto-install: rancher-operator-crd=match catalog.cattle.io/certified: rancher @@ -8305,31 +3016,13 @@ entries: catalog.cattle.io/release-name: rancher-operator apiVersion: v2 appVersion: 0.1.2 - created: "2021-01-15T00:11:30.557225-08:00" + created: "2021-04-21T15:17:43.471561-07:00" description: Control Rancher using GitOps - digest: 8427c5fb912002404267f7c349dac1f51b3fc5160aade214e35e7d5732a3e6d3 + digest: a431b39ca8d0046829be03765882af1f6676862ea1c301c7721defcfc8461fa9 name: rancher-operator urls: - released/assets/rancher-operator/rancher-operator-0.1.200.tgz version: 0.1.200 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.2-rc2 - created: "2021-01-15T00:11:30.556966-08:00" - description: Control Rancher using GitOps - digest: b0341792bfa98f4680bb6099c8bc5a739cd8fab1e7217acceda396cc0d640a26 - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.200-rc2.tgz - version: 0.1.200-rc2 - annotations: catalog.cattle.io/auto-install: rancher-operator-crd=match catalog.cattle.io/certified: rancher @@ -8341,49 +3034,13 @@ entries: catalog.cattle.io/release-name: rancher-operator apiVersion: v2 appVersion: 0.1.1 - created: "2021-01-15T00:11:30.555899-08:00" + created: "2021-04-21T15:17:43.471239-07:00" description: Control Rancher using GitOps - digest: 0a4132fbc7a014ee6e88ac95dc278723c591fe271529d37f529bfe819b8b03f1 + digest: 3ccc2bdbe07d4cbd710bc1ff9119a9f5acf5bbd9abb38878de214dd99c9b4a52 name: rancher-operator urls: - released/assets/rancher-operator/rancher-operator-0.1.100.tgz version: 0.1.100 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.2-rc2 - created: "2021-01-15T00:11:30.556665-08:00" - description: Control Rancher using GitOps - digest: e952722116cf3912eda2f542e2a703e3676983c6fb1b34e056d4e9c3e79d820d - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.2-rc200.tgz - version: 0.1.2-rc200 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.2-rc1 - created: "2021-01-15T00:11:30.556311-08:00" - description: Control Rancher using GitOps - digest: 1aed5f1bef466d930aaf0a715d1b305c366dc84de6b6c06d4f44db93ca40f2b8 - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.2-rc100.tgz - version: 0.1.2-rc100 - annotations: catalog.cattle.io/auto-install: rancher-operator-crd=match catalog.cattle.io/certified: rancher @@ -8395,31 +3052,13 @@ entries: catalog.cattle.io/release-name: rancher-operator apiVersion: v2 appVersion: 0.1.0 - created: "2021-01-15T00:11:30.555581-08:00" + created: "2021-04-21T15:17:43.471001-07:00" description: Control Rancher using GitOps - digest: f7524f717eb372fee5a5044cc473dda94e85125325dbf0a064669ebe206fbed0 + digest: 77aa64d9f0e5a9573497e0f4ae7fb509f4af4df825b64bce327dc97ac18ac222 name: rancher-operator urls: - released/assets/rancher-operator/rancher-operator-0.1.000.tgz version: 0.1.000 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.0-alpha8 - created: "2021-01-15T00:11:30.555334-08:00" - description: Control Rancher using GitOps - digest: d4d2be199ef6c0cd632e59c50e85c73fd80f0a1deebf10a558824d495fb8b723 - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.0-alpha800.tgz - version: 0.1.0-alpha800 rancher-operator-crd: - annotations: catalog.cattle.io/certified: rancher @@ -8429,58 +3068,13 @@ entries: catalog.cattle.io/release-name: rancher-operator-crd apiVersion: v2 appVersion: 0.1.4 - created: "2021-04-10T01:22:20.241438111Z" + created: "2021-04-21T15:17:43.473832-07:00" description: Rancher Operator CustomResourceDefinitions - digest: 66565c595f9acf9968f4ec7144efeb8e1cb4ed5a6a38c2150e28dc919a80d953 + digest: bbe268442f5fbd5a5615e1587cc6705bcc3208d44aeee31d4554535b5f8d0df5 name: rancher-operator-crd urls: - - assets/rancher-operator-crd/rancher-operator-crd-0.1.400-rc04.tgz - version: 0.1.400-rc04 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.4 - created: "2021-04-09T17:59:11.012588219Z" - description: Rancher Operator CustomResourceDefinitions - digest: 3a758f1d00e4f891165774a6510a4ec2f7d8c99f11480193b666d2c65d4670c5 - name: rancher-operator-crd - urls: - - assets/rancher-operator-crd/rancher-operator-crd-0.1.400-rc03.tgz - version: 0.1.400-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.4 - created: "2021-04-07T00:44:11.381186296Z" - description: Rancher Operator CustomResourceDefinitions - digest: cadf7abfc4f5e12efcc66ece8e2290345789f3e2c192f18d16e532d93cb2a7ee - name: rancher-operator-crd - urls: - - assets/rancher-operator-crd/rancher-operator-crd-0.1.400-rc02.tgz - version: 0.1.400-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.4 - created: "2021-04-06T20:03:07.174196964Z" - description: Rancher Operator CustomResourceDefinitions - digest: ccb9e8dfd344a6113e8406ea686f0d47825f8427f0c71651c5c319f89ad7e730 - name: rancher-operator-crd - urls: - - assets/rancher-operator-crd/rancher-operator-crd-0.1.400-rc01.tgz - version: 0.1.400-rc01 + - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.400.tgz + version: 0.1.400 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -8489,103 +3083,13 @@ entries: catalog.cattle.io/release-name: rancher-operator-crd apiVersion: v2 appVersion: 0.1.3 - created: "2021-03-04T09:47:45.136143-08:00" + created: "2021-04-21T15:17:43.473425-07:00" description: Rancher Operator CustomResourceDefinitions - digest: 4cc60bf056682d2f809a497f04857295e0150662c235bd4ddb7b1764b79285f8 + digest: b87b2406be42cbe1ca0ba6068bcf3ce16f42227de12997b64ebe6053de221c7d name: rancher-operator-crd urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc08.tgz - version: 0.1.300-rc08 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:45.135739-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: 36836da1bb6a195783cb0a25852f559a90e535d909d43220b93546a3343edfa9 - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc07.tgz - version: 0.1.300-rc07 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:45.135329-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: a794c3b33313978a0ca37f192f95d452312d3429f73f385aa8d9c3573cc04c38 - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc06.tgz - version: 0.1.300-rc06 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:45.134935-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: 08a8c134a36841aec3caa04ca848e31456ea6e68eba3c1d2f11c87a011de3c9a - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc05.tgz - version: 0.1.300-rc05 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:45.134525-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: e95190052c50fcfddc8582760f9512dd1eae2ad02682ae024f4d2f8c5de04b17 - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc04.tgz - version: 0.1.300-rc04 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:45.134112-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: f4254f3e706cd8d9526048d1cc64f3d91962b19994f95b30459fed456128cc75 - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc03.tgz - version: 0.1.300-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:45.133455-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: 88c0fb8ae620a707ddd889ce2805077d3a51284ce6fe25748526c0a70fb808dc - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc01.tgz - version: 0.1.300-rc01 + - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300.tgz + version: 0.1.300 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -8594,28 +3098,13 @@ entries: catalog.cattle.io/release-name: rancher-operator-crd apiVersion: v2 appVersion: 0.1.2 - created: "2021-01-15T00:11:30.560457-08:00" + created: "2021-04-21T15:17:43.473028-07:00" description: Rancher Operator CustomResourceDefinitions - digest: 181428fac5cf2576f1c35497c142607be81e19aa96b29976d5142cce9cf84027 + digest: 383784b8f509d7b8eeee1d46506f73d69f39ad8016915884ff7685ed882280c0 name: rancher-operator-crd urls: - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.200.tgz version: 0.1.200 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.2-rc2 - created: "2021-01-15T00:11:30.560063-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: 9e832ab034a2e088618f4df7291cff7c432c2212559a4add92bb81c3d6105f37 - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.200-rc2.tgz - version: 0.1.200-rc2 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -8623,42 +3112,13 @@ entries: catalog.cattle.io/release-name: rancher-operator-crd apiVersion: v2 appVersion: 0.1.1 - created: "2021-01-15T00:11:30.558445-08:00" + created: "2021-04-21T15:17:43.472683-07:00" description: Rancher Operator CustomResourceDefinitions - digest: 26e61ab160ebf89f91f82e0aa6cbd5378ee3d0436b67c4bdce120467483d7d80 + digest: 5133ec446717fde0269f25fa85858e17728f59cf054bb7de20099393b503d466 name: rancher-operator-crd urls: - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.100.tgz version: 0.1.100 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.2-rc2 - created: "2021-01-15T00:11:30.559476-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: e57f76009845b0bb3ebfd7d972fb41d87687264257235e9d35acc330f341cc1a - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.2-rc200.tgz - version: 0.1.2-rc200 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.2-rc1 - created: "2021-01-15T00:11:30.558798-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: a83e65bedd9b916651158896cc38c3d43e063d985e1cfcbbfb291efb7fe3a2f6 - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.2-rc100.tgz - version: 0.1.2-rc100 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -8666,27 +3126,13 @@ entries: catalog.cattle.io/release-name: rancher-operator-crd apiVersion: v2 appVersion: 0.1.0 - created: "2021-01-15T00:11:30.558084-08:00" + created: "2021-04-21T15:17:43.472354-07:00" description: Rancher Operator CustomResourceDefinitions - digest: 0ae1a90ebf8306537379912ee8db01c73436862a268ab9d2a1f95563f236007b + digest: 209d2cbcad3a3c15c31a2435bdfc46db77e6b6767b5dae1880cb9fc0035ad1fa name: rancher-operator-crd urls: - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.000.tgz version: 0.1.000 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.0-alpha8 - created: "2021-01-15T00:11:30.557694-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: 49c5479777388bde6cd834868ce1e9d664e3f830848dc629dbace9624a2fa07a - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.0-alpha800.tgz - version: 0.1.0-alpha800 rancher-prom2teams: - annotations: catalog.cattle.io/certified: rancher @@ -8695,41 +3141,13 @@ entries: catalog.cattle.io/release-name: rancher-prom2teams apiVersion: v1 appVersion: 3.2.1 - created: "2021-04-21T19:31:00.376394323Z" + created: "2021-04-21T15:17:43.474266-07:00" description: A Helm chart for Prom2Teams based on the upstream https://github.com/idealista/prom2teams - digest: 95e6b362dc67dc83e0359845ccad06a0d38cfbecf45203e6a4d361eea79f1d8e + digest: a8095a1d9ecc199eba61ec3a073bed760cd01670ce575e2b7fb988a6c8fe5341 name: rancher-prom2teams urls: - - assets/rancher-prom2teams/rancher-prom2teams-0.2.000-rc03.tgz - version: 0.2.000-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-prom2teams - apiVersion: v1 - appVersion: 3.2.1 - created: "2021-04-15T21:48:25.329691963Z" - description: A Helm chart for Prom2Teams based on the upstream https://github.com/idealista/prom2teams - digest: caa8a550e34b092781d1bd23a81bbf01b6104a2be02d0c7e054692fbbe8c634f - name: rancher-prom2teams - urls: - - assets/rancher-prom2teams/rancher-prom2teams-0.2.000-rc02.tgz - version: 0.2.000-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-prom2teams - apiVersion: v1 - appVersion: 3.2.1 - created: "2021-04-15T00:36:31.780601292Z" - description: A Helm chart for Prom2Teams based on the upstream https://github.com/idealista/prom2teams - digest: 8fb5e52c0680129fb8b4c4074567c909b6d8d38c2bff79d5183edf459cea5af3 - name: rancher-prom2teams - urls: - - assets/rancher-prom2teams/rancher-prom2teams-0.2.000-rc01.tgz - version: 0.2.000-rc01 + - released/assets/rancher-prom2teams/rancher-prom2teams-0.2.000.tgz + version: 0.2.000 rancher-prometheus-adapter: - annotations: catalog.cattle.io/hidden: "true" @@ -8739,9 +3157,9 @@ entries: catalog.rancher.io/release-name: rancher-prometheus-adapter apiVersion: v1 appVersion: v0.8.3 - created: "2021-04-09T23:21:13.122128036Z" + created: "2021-04-21T15:17:43.474985-07:00" description: A Helm chart for k8s prometheus adapter - digest: 504c418856052bc1798476b6a9ad3d2efcc5c3591502af296406a732ad2077a8 + digest: 7aea5a0a8e66a9ad02bcc4ec69350c35d15242524b8052fdf9598bba6bf3f6c9 home: https://github.com/DirectXMan12/k8s-prometheus-adapter keywords: - hpa @@ -8759,38 +3177,8 @@ entries: - https://github.com/kubernetes/charts - https://github.com/DirectXMan12/k8s-prometheus-adapter urls: - - assets/rancher-prometheus-adapter/rancher-prometheus-adapter-2.12.101-rc01.tgz - version: 2.12.101-rc01 - - annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-prometheus-adapter - apiVersion: v1 - appVersion: v0.8.3 - created: "2021-04-07T19:45:48.560309716Z" - description: A Helm chart for k8s prometheus adapter - digest: 85bd2042f013a1ac3773084faf6ed72c55cd7b444eff19778cd4c16e507bf2b5 - home: https://github.com/DirectXMan12/k8s-prometheus-adapter - keywords: - - hpa - - metrics - - prometheus - - adapter - maintainers: - - email: mattias.gees@jetstack.io - name: mattiasgees - - name: steven-sheehy - - email: hfernandez@mesosphere.com - name: hectorj2f - name: rancher-prometheus-adapter - sources: - - https://github.com/kubernetes/charts - - https://github.com/DirectXMan12/k8s-prometheus-adapter - urls: - - assets/rancher-prometheus-adapter/rancher-prometheus-adapter-2.12.101-rc00.tgz - version: 2.12.101-rc00 + - released/assets/rancher-prometheus-adapter/rancher-prometheus-adapter-2.12.101.tgz + version: 2.12.101 rancher-pushprox: - annotations: catalog.cattle.io/hidden: "true" @@ -8800,15 +3188,15 @@ entries: catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 appVersion: 0.1.0 - created: "2021-03-04T22:24:38.319811981Z" + created: "2021-04-21T15:17:43.477959-07:00" description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. - digest: 6ec2982d7ea75f763859c0d6e04c5ea537e21e450894c5e31d1e9fd3efd613dc + digest: 709cfe2bdf4036bb22ac660553d837d09d46ae3c650c2d4eb8454a6712fe3cbe name: rancher-pushprox type: application urls: - - assets/rancher-pushprox/rancher-pushprox-0.1.300-rc00.tgz - version: 0.1.300-rc00 + - released/assets/rancher-pushprox/rancher-pushprox-0.1.300.tgz + version: 0.1.300 - annotations: catalog.cattle.io/hidden: "true" catalog.rancher.io/certified: rancher @@ -8816,15 +3204,15 @@ entries: catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 appVersion: 0.1.0 - created: "2021-03-04T09:47:45.138198-08:00" + created: "2021-04-21T15:17:43.47749-07:00" description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. - digest: f66edae0a693decab1d2e1d60f20a3ddcb57fa757cf04368f4269d43ba45e6d8 + digest: cb9552eb4ee8899ef1af5583c8080c27227dd3b10d919748f2caf79cb8197198 name: rancher-pushprox type: application urls: - - released/assets/rancher-pushprox/rancher-pushprox-0.1.201-rc02.tgz - version: 0.1.201-rc02 + - released/assets/rancher-pushprox/rancher-pushprox-0.1.201.tgz + version: 0.1.201 - annotations: catalog.cattle.io/hidden: "true" catalog.rancher.io/certified: rancher @@ -8832,43 +3220,10 @@ entries: catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 appVersion: 0.1.0 - created: "2021-03-04T09:47:45.137724-08:00" + created: "2021-04-21T15:17:43.476409-07:00" description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. - digest: 4e990a9eb65941dbe2733310945efca11bc839a2543cb2d2ecc29c5dd3c691e9 - name: rancher-pushprox - type: application - urls: - - released/assets/rancher-pushprox/rancher-pushprox-0.1.201-rc01.tgz - version: 0.1.201-rc01 - - annotations: - catalog.cattle.io/hidden: "true" - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox - apiVersion: v1 - appVersion: 0.1.0 - created: "2021-03-04T09:47:45.137189-08:00" - description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. - digest: f9e10374f3d86fe4b9a13ec2ce5bd11d3c2d5314262689249cb1f0c4d4e8123f - name: rancher-pushprox - type: application - urls: - - released/assets/rancher-pushprox/rancher-pushprox-0.1.201-rc00.tgz - version: 0.1.201-rc00 - - annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox - apiVersion: v1 - appVersion: 0.1.0 - created: "2021-01-15T00:11:30.561927-08:00" - description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. - digest: bd7fc397cda47c5d5c5e0bd75a906536b195017fd7ed6876e7428230e6c48943 + digest: a4b3506a74ea6cc4e8c6610cb92451d3072f4f7bac7b503e2dea9423697eaf68 name: rancher-pushprox type: application urls: @@ -8882,10 +3237,10 @@ entries: catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 appVersion: 0.1.0 - created: "2021-01-15T00:11:30.561429-08:00" + created: "2021-04-21T15:17:43.475943-07:00" description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. - digest: ab34cc49dd50f2b2dbcee36447a3e2efd974bdce004834b0bfb0508a84ffa16c + digest: 4b53e4de2aede1f3d63c815ca36bd61f31d38c59769d9982b14aca3bbf575724 name: rancher-pushprox type: application urls: @@ -8899,10 +3254,10 @@ entries: catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 appVersion: 0.1.0 - created: "2021-01-15T00:11:30.560947-08:00" + created: "2021-04-21T15:17:43.475479-07:00" description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. - digest: d251c28f9e9b732a02e9c394b0d7bf3a3c98c723fb809b5015bd5728f05ee968 + digest: 73b11a51246c216a7587628fee346541d6b5e82246e11d586b4926254f7999fa name: rancher-pushprox type: application urls: @@ -8916,44 +3271,14 @@ entries: catalog.cattle.io/release-name: rancher-sachet apiVersion: v2 appVersion: 0.2.3 - created: "2021-04-21T19:31:00.381182575Z" + created: "2021-04-21T15:17:43.478347-07:00" description: A Helm chart for Sachet based on the upstream https://github.com/messagebird/sachet - digest: 9bf4bcf83bf17d0972fbca2c45284b1e010358c841d86bc04300c73bc5fe87eb + digest: 2c97d26c9944838012749bacc971e1ed07b54c56cd205c57cf61871d806a759d name: rancher-sachet type: application urls: - - assets/rancher-sachet/rancher-sachet-1.0.100-rc03.tgz - version: 1.0.100-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-sachet - apiVersion: v2 - appVersion: 0.2.3 - created: "2021-04-15T21:48:25.334591671Z" - description: A Helm chart for Sachet based on the upstream https://github.com/messagebird/sachet - digest: a861bcec2a0e88f9be44575db013807ca32dbed0c32e2c0f088e3bbd07819f33 - name: rancher-sachet - type: application - urls: - - assets/rancher-sachet/rancher-sachet-1.0.100-rc02.tgz - version: 1.0.100-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-sachet - apiVersion: v2 - appVersion: 0.2.3 - created: "2021-04-15T00:36:31.784073176Z" - description: A Helm chart for Sachet based on the upstream https://github.com/messagebird/sachet - digest: ed8e6d13d9fb29db5b477bc1876e0f2501d9aacaeb62d333e9033eda40211f65 - name: rancher-sachet - type: application - urls: - - assets/rancher-sachet/rancher-sachet-1.0.100-rc01.tgz - version: 1.0.100-rc01 + - released/assets/rancher-sachet/rancher-sachet-1.0.100.tgz + version: 1.0.100 rancher-tracing: - annotations: catalog.cattle.io/hidden: "true" @@ -8963,15 +3288,15 @@ entries: catalog.rancher.io/release-name: rancher-tracing apiVersion: v1 appVersion: 1.20.0 - created: "2021-04-09T23:52:20.836901295Z" + created: "2021-04-21T15:17:43.479475-07:00" description: A quick start Jaeger Tracing installation using the all-in-one demo. This is not production qualified. Refer to https://www.jaegertracing.io/ for details. - digest: 13b38c2242fa109a77d00cadb23347feac25ada3de37ec54f49bf0421d379b7b + digest: 96f1e9f82f4082461fca26d066ef79b477295546d46485e6b31ea7a01afc9522 name: rancher-tracing urls: - - assets/rancher-tracing/rancher-tracing-1.20.100-rc01.tgz - version: 1.20.100-rc01 + - released/assets/rancher-tracing/rancher-tracing-1.20.100.tgz + version: 1.20.100 - annotations: catalog.cattle.io/hidden: "true" catalog.cattle.io/os: linux @@ -8980,15 +3305,15 @@ entries: catalog.rancher.io/release-name: rancher-tracing apiVersion: v1 appVersion: 1.20.0 - created: "2021-04-08T21:20:13.414610431Z" + created: "2021-04-21T15:17:43.479089-07:00" description: A quick start Jaeger Tracing installation using the all-in-one demo. This is not production qualified. Refer to https://www.jaegertracing.io/ for details. - digest: f571aec5860233bd1d2e163d37b3cf8a54b19aaf29774a921e53f2559dab022e + digest: 509c4d245fb245157d16b643f55aa9437cbfe19e087326b0f609cae58d0b5499 name: rancher-tracing urls: - - assets/rancher-tracing/rancher-tracing-1.20.100-rc00.tgz - version: 1.20.100-rc00 + - released/assets/rancher-tracing/rancher-tracing-1.20.002.tgz + version: 1.20.002 - annotations: catalog.cattle.io/hidden: "true" catalog.cattle.io/os: linux @@ -8997,49 +3322,15 @@ entries: catalog.rancher.io/release-name: rancher-tracing apiVersion: v1 appVersion: 1.20.0 - created: "2021-03-04T09:47:45.138598-08:00" + created: "2021-04-21T15:17:43.478719-07:00" description: A quick start Jaeger Tracing installation using the all-in-one demo. This is not production qualified. Refer to https://www.jaegertracing.io/ for details. - digest: d20f48b0bec89328b18304896c3185a3d08b81ce4c09857aa07f4151e2d21375 - name: rancher-tracing - urls: - - released/assets/rancher-tracing/rancher-tracing-1.20.002-rc00.tgz - version: 1.20.002-rc00 - - annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: istio-system - catalog.rancher.io/release-name: rancher-tracing - apiVersion: v1 - appVersion: 1.20.0 - created: "2021-01-15T00:11:30.562327-08:00" - description: A quick start Jaeger Tracing installation using the all-in-one demo. - This is not production qualified. Refer to https://www.jaegertracing.io/ for - details. - digest: bf9ba6be02c6275ca6a3d850d6be8f012233d62f1614173bcf3e95ff84e9c7eb + digest: 1a64b24b3b320407191918acef460ceceebb462b01b7a820568e81a81f89e8b9 name: rancher-tracing urls: - released/assets/rancher-tracing/rancher-tracing-1.20.001.tgz version: 1.20.001 - - annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: istio-system - catalog.rancher.io/release-name: rancher-tracing - apiVersion: v1 - appVersion: 1.20.0 - created: "2021-03-01T16:56:35.108494-08:00" - description: A quick start Jaeger Tracing installation using the all-in-one demo. - This is not production qualified. Refer to https://www.jaegertracing.io/ for - details. - digest: dd999b5d6d78ace23520222e1d80c8e3b8298461a15e726bd41ee4eb58068d46 - name: rancher-tracing - urls: - - released/assets/rancher-tracing/rancher-tracing-1.20.001-rc00.tgz - version: 1.20.001-rc00 rancher-vsphere-cpi: - annotations: catalog.cattle.io/certified: rancher @@ -9049,9 +3340,9 @@ entries: catalog.cattle.io/release-name: vsphere-cpi apiVersion: v1 appVersion: 1.0.0 - created: "2021-03-04T09:47:45.138966-08:00" + created: "2021-04-21T15:17:43.479834-07:00" description: vSphere Cloud Provider Interface (CPI) - digest: 092bf7a60582eb190c1212699a9c277e01974d03e78e2121ecf8f6c460e36df7 + digest: 932e0f16481f28b34d4dd991323da85da272f3d5d4cce28832a7442d4f2ca1f7 icon: https://charts.rancher.io/assets/logos/vsphere-cpi.svg keywords: - infrastructure @@ -9062,8 +3353,8 @@ entries: sources: - https://github.com/kubernetes/cloud-provider-vsphere urls: - - released/assets/rancher-vsphere-cpi/rancher-vsphere-cpi-1.0.000-rc01.tgz - version: 1.0.000-rc01 + - released/assets/rancher-vsphere-cpi/rancher-vsphere-cpi-1.0.000.tgz + version: 1.0.000 rancher-vsphere-csi: - annotations: catalog.cattle.io/certified: rancher @@ -9073,9 +3364,9 @@ entries: catalog.cattle.io/release-name: vsphere-csi apiVersion: v1 appVersion: 2.1.0 - created: "2021-03-04T09:47:45.139518-08:00" + created: "2021-04-21T15:17:43.480358-07:00" description: vSphere Cloud Storage Interface (CSI) - digest: 99cee0399a41911b91f24ebecf94bb88ebdfbe3d82503add88afb5885ed4d1b9 + digest: 20bfaa758a97b0b89c51fefdf70d048a7e06b576932435ac03fc045a295c0535 icon: https://charts.rancher.io/assets/logos/vsphere-csi.svg keywords: - infrastructure @@ -9086,8 +3377,8 @@ entries: sources: - https://github.com/kubernetes-sigs/vsphere-csi-driver urls: - - released/assets/rancher-vsphere-csi/rancher-vsphere-csi-2.1.000-rc01.tgz - version: 2.1.000-rc01 + - released/assets/rancher-vsphere-csi/rancher-vsphere-csi-2.1.000.tgz + version: 2.1.000 rancher-webhook: - annotations: catalog.cattle.io/certified: rancher @@ -9097,28 +3388,13 @@ entries: catalog.cattle.io/release-name: rancher-webhook apiVersion: v2 appVersion: 0.1.0 - created: "2021-04-19T22:35:25.814804748Z" + created: "2021-04-21T15:17:43.481506-07:00" description: ValidatingAdmissionWebhook for Rancher types - digest: 3fb6016b78780b67ebb7a0eb1d9b3a269cbc97c7d079f3b918bc399e299e6392 + digest: bbf5c7240ecea194295dc15a541192b0c9484269314ab02bc4568b25abc1aff3 name: rancher-webhook urls: - - assets/rancher-webhook/rancher-webhook-0.1.000-rc02.tgz - version: 0.1.000-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-webhook - apiVersion: v2 - appVersion: 0.1.0 - created: "2021-04-12T19:25:21.650416035Z" - description: ValidatingAdmissionWebhook for Rancher types - digest: 83431cb23bac72a8513a5bc10c5d864eb1ba93e7ebf93e38fdac4a108dd3a1c9 - name: rancher-webhook - urls: - - assets/rancher-webhook/rancher-webhook-0.1.000-rc01.tgz - version: 0.1.000-rc01 + - released/assets/rancher-webhook/rancher-webhook-0.1.000.tgz + version: 0.1.000 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -9127,13 +3403,13 @@ entries: catalog.cattle.io/release-name: rancher-webhook apiVersion: v2 appVersion: 0.1.0-beta9 - created: "2021-03-04T09:47:45.139761-08:00" + created: "2021-04-21T15:17:43.481275-07:00" description: ValidatingAdmissionWebhook for Rancher types - digest: 6eb969054035ae7a3501d3e08b4a2d70ab38203e62fa5efbee16347fed34f653 + digest: 0d9ac76eff2b6e937e3e15970cd0192acff99a31aa1afa14941029088dc32f76 name: rancher-webhook urls: - - released/assets/rancher-webhook/rancher-webhook-0.1.0-beta901-rc00.tgz - version: 0.1.0-beta901-rc00 + - released/assets/rancher-webhook/rancher-webhook-0.1.0-beta901.tgz + version: 0.1.0-beta901 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -9142,28 +3418,13 @@ entries: catalog.cattle.io/release-name: rancher-webhook apiVersion: v2 appVersion: 0.1.0-beta9 - created: "2021-01-15T00:11:30.563834-08:00" + created: "2021-04-21T15:17:43.48106-07:00" description: ValidatingAdmissionWebhook for Rancher types - digest: 7e1a1ba8b4b83740d5b301cd81cd48f5ecd9a0bc7bb2ea8f5f021a22c294cc57 + digest: 8881f7cf8b50e3b48a967ce8af477c96f986d42d3c1f4bbb8c0bfc09202d23f4 name: rancher-webhook urls: - released/assets/rancher-webhook/rancher-webhook-0.1.0-beta900.tgz version: 0.1.0-beta900 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-webhook - apiVersion: v2 - appVersion: 0.1.0-beta8 - created: "2021-01-15T00:11:30.563574-08:00" - description: ValidatingAdmissionWebhook for Rancher types - digest: a1ce80a2a1b6915ab379624ac2cb49e1ce27a550951dc88b8f3e5668f792e0b5 - name: rancher-webhook - urls: - - released/assets/rancher-webhook/rancher-webhook-0.1.0-beta800.tgz - version: 0.1.0-beta800 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -9172,28 +3433,13 @@ entries: catalog.cattle.io/release-name: rancher-webhook apiVersion: v2 appVersion: 0.1.0-beta7 - created: "2021-01-15T00:11:30.563321-08:00" + created: "2021-04-21T15:17:43.480832-07:00" description: ValidatingAdmissionWebhook for Rancher types - digest: c7f3d94a86a1960a3bb477d5fa7ec1ce2cda1071f8f221fb7a215a0892b31ec2 + digest: e185c6765de0bb0694d6d12e16c2dcce7f4c785125e614cf6c0020e5982d5f0e name: rancher-webhook urls: - released/assets/rancher-webhook/rancher-webhook-0.1.0-beta700.tgz version: 0.1.0-beta700 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-webhook - apiVersion: v2 - appVersion: 0.1.0-beta6 - created: "2021-01-15T00:11:30.563072-08:00" - description: ValidatingAdmissionWebhook for Rancher types - digest: d0715c2f02663a29a0d98a27aadd7383c2d90c0507e9e7ce8768e0030240c15c - name: rancher-webhook - urls: - - released/assets/rancher-webhook/rancher-webhook-0.1.0-beta600.tgz - version: 0.1.0-beta600 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -9202,28 +3448,13 @@ entries: catalog.cattle.io/release-name: rancher-webhook apiVersion: v2 appVersion: 0.1.0-beta5 - created: "2021-01-15T00:11:30.562811-08:00" + created: "2021-04-21T15:17:43.480599-07:00" description: ValidatingAdmissionWebhook for Rancher types - digest: 748ed52b1d17cff221fb5609bb230467f0a16faf5130122ece6781841c2d569e + digest: 574407c23b5827bd1d4d4f20609a5dc9d4558d6d29ef179093288a4a730ab8c2 name: rancher-webhook urls: - released/assets/rancher-webhook/rancher-webhook-0.1.0-beta500.tgz version: 0.1.0-beta500 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/namespace: cattle-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-webhook - apiVersion: v2 - appVersion: 0.1.0-beta3 - created: "2021-01-15T00:11:30.56257-08:00" - description: ValidatingAdmissionWebhook for Rancher types - digest: 498aabf4bb200fca9d3a66be7d0606701a6be62208776effc83c894e576ed748 - name: rancher-webhook - urls: - - released/assets/rancher-webhook/rancher-webhook-0.1.0-beta300.tgz - version: 0.1.0-beta300 rancher-windows-exporter: - annotations: catalog.cattle.io/hidden: "true" @@ -9233,92 +3464,17 @@ entries: catalog.rancher.io/release-name: rancher-windows-exporter apiVersion: v1 appVersion: 0.0.4 - created: "2021-04-14T00:36:29.86189476Z" + created: "2021-04-21T15:17:43.48191-07:00" description: Sets up monitoring metrics from Windows nodes via Prometheus windows-exporter - digest: 1bf9bd8fb9e8171ea24f5b6321cc16c538f8dc94fa161c9044a033c6452d3089 + digest: 5581e9e756f86bf5fb9e47b4687fe502d43b8f22f0fcad38ea8b6e379caab5fb maintainers: - email: arvind.iyengar@rancher.com name: aiyengar2 name: rancher-windows-exporter type: application urls: - - assets/rancher-windows-exporter/rancher-windows-exporter-0.1.000-rc04.tgz - version: 0.1.000-rc04 - - annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: windows - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-windows-exporter - apiVersion: v1 - appVersion: 0.0.4 - created: "2021-04-01T17:13:59.568391312Z" - description: Sets up monitoring metrics from Windows nodes via Prometheus windows-exporter - digest: 22e1e05ee50870cc705e4e31d763994188d97219d50ebebab60de4d97a9d393d - maintainers: - - email: arvind.iyengar@rancher.com - name: aiyengar2 - name: rancher-windows-exporter - type: application - urls: - - assets/rancher-windows-exporter/rancher-windows-exporter-0.1.000-rc03.tgz - version: 0.1.000-rc03 - - annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: windows - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-windows-exporter - apiVersion: v1 - appVersion: 0.0.4 - created: "2021-04-01T00:24:29.187539249Z" - description: Sets up monitoring metrics from Windows nodes via Prometheus windows-exporter - digest: 64b9687f927aa8b2dfae478f739536e86319a50462a59a9aa4975803564b3163 - maintainers: - - email: arvind.iyengar@rancher.com - name: aiyengar2 - name: rancher-windows-exporter - type: application - urls: - - assets/rancher-windows-exporter/rancher-windows-exporter-0.1.000-rc02.tgz - version: 0.1.000-rc02 - - annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: windows - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-windows-exporter - apiVersion: v1 - appVersion: 0.0.4 - created: "2021-03-29T19:11:34.137176752Z" - description: Sets up monitoring metrics from Windows nodes via Prometheus windows-exporter - digest: f00af930f333b1458152ac6befb0a68f33112a54d5cb8aca6777436f342f50aa - maintainers: - - email: arvind.iyengar@rancher.com - name: aiyengar2 - name: rancher-windows-exporter - type: application - urls: - - assets/rancher-windows-exporter/rancher-windows-exporter-0.1.000-rc01.tgz - version: 0.1.000-rc01 - - annotations: - catalog.cattle.io/os: windows - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-windows-exporter - apiVersion: v1 - appVersion: 0.0.4 - created: "2021-03-15T17:53:22.571790878Z" - description: Sets up monitoring metrics from Windows nodes via Prometheus windows-exporter - digest: b90e452266b18882787703a371ff4ac135b51439d022e9e75370f17c7076fc69 - maintainers: - - email: arvind.iyengar@rancher.com - name: aiyengar2 - name: rancher-windows-exporter - type: application - urls: - - assets/rancher-windows-exporter/rancher-windows-exporter-0.1.000-rc00.tgz - version: 0.1.000-rc00 + - released/assets/rancher-windows-exporter/rancher-windows-exporter-0.1.000.tgz + version: 0.1.000 rancher-wins-upgrader: - annotations: catalog.cattle.io/certified: rancher @@ -9327,37 +3483,18 @@ entries: catalog.cattle.io/release-name: rancher-wins-upgrader apiVersion: v2 appVersion: 0.1.0 - created: "2021-04-14T00:36:29.863069235Z" + created: "2021-04-21T15:17:43.482314-07:00" description: Manages upgrading the wins server version and configuration across all of your Windows nodes - digest: daba3847de46b2af85db462d2f01f43a5d02cdf19ad8377c3966ea8afc1199d6 + digest: cdc33b05d156e0675fc5a4e19b6839a04945e45c31ea89a0837243d14fbe16f3 maintainers: - email: arvind.iyengar@suse.com name: aiyengar2 name: rancher-wins-upgrader type: application urls: - - assets/rancher-wins-upgrader/rancher-wins-upgrader-0.0.100-rc01.tgz - version: 0.0.100-rc01 - - annotations: - catalog.cattle.io/os: windows - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-wins-system - catalog.rancher.io/release-name: rancher-wins-upgrader - apiVersion: v2 - appVersion: 0.1.0 - created: "2021-03-15T17:15:15.620518014Z" - description: Manages upgrading the wins server version and configuration across - all of your Windows nodes - digest: 02c0c5e64d4bb535220c4a0027c30519663c94ac3b0c02062628073df8b8457f - maintainers: - - email: arvind.iyengar@suse.com - name: aiyengar2 - name: rancher-wins-upgrader - type: application - urls: - - assets/rancher-wins-upgrader/rancher-wins-upgrader-0.0.100-rc00.tgz - version: 0.0.100-rc00 + - released/assets/rancher-wins-upgrader/rancher-wins-upgrader-0.0.100.tgz + version: 0.0.100 rio: - annotations: catalog.cattle.io/certified: rancher @@ -9369,15 +3506,15 @@ entries: catalog.cattle.io/requires-gvr: networking.istio.io.virtualservice/v1beta1 apiVersion: v1 appVersion: 0.8.0 - created: "2021-03-04T09:47:45.140116-08:00" + created: "2021-04-21T15:17:43.48309-07:00" description: The application deployment engine for Kubernetes - digest: af6a84abcd481d2653db91960a69c9e235b619834cf81d0dfbd0f6c5427b7460 + digest: 8baa5c330cc152b3d3d87f918ed3ff96b927efad412f4b97bd7db90445e28602 home: https://rio.io icon: https://charts.rancher.io/assets/logos/rio.svg name: rio urls: - - released/assets/rio/rio-0.8.001-rc00.tgz - version: 0.8.001-rc00 + - released/assets/rio/rio-0.8.001.tgz + version: 0.8.001 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Rio @@ -9389,107 +3526,13 @@ entries: catalog.cattle.io/requires-gvr: networking.istio.io.virtualservice/v1beta1 apiVersion: v1 appVersion: 0.8.0 - created: "2021-01-15T00:11:30.564203-08:00" + created: "2021-04-21T15:17:43.482694-07:00" description: The application deployment engine for Kubernetes - digest: cec586f9ef5202b6030e1fbab082ef45c740ba749f4358f03ce3423acb310663 + digest: d58ca3b147627fec6d5f4b99fae680f97edaed98967f1fc1914a537dede0d897 home: https://rio.io icon: https://charts.rancher.io/assets/logos/rio.svg name: rio urls: - released/assets/rio/rio-0.8.000.tgz version: 0.8.000 - vsphere-cpi: - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: vSphere CPI - catalog.cattle.io/namespace: kube-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: vsphere-cpi - apiVersion: v1 - appVersion: 1.0.0 - created: "2021-03-03T21:20:36.729288-07:00" - description: vSphere Cloud Provider Interface (CPI) - digest: c989b10ab34b891887a3a1220921181aa3e357a1b1917ba2522848050fdab62a - icon: https://charts.rancher.io/assets/logos/vsphere-cpi.svg - keywords: - - infrastructure - maintainers: - - email: caleb@rancher.com - name: Rancher - name: vsphere-cpi - sources: - - https://github.com/kubernetes/cloud-provider-vsphere - urls: - - released/assets/vsphere-cpi/vsphere-cpi-1.0.000-rc01.tgz - version: 1.0.000-rc01 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: vSphere Cloud Provider Interface (CPI) - catalog.cattle.io/namespace: kube-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: vsphere-cpi - apiVersion: v1 - appVersion: 1.0.0 - created: "2021-03-03T21:20:31.221637-07:00" - description: vSphere CPI driver - digest: d78e5350401a9ae6ec67c160b4e7776eebda56a46756b0e6a38c9a2cc913c194 - icon: https://charts.rancher.io/assets/logos/vsphere-cpi.svg - keywords: - - infrastructure - maintainers: - - email: caleb@rancher.com - name: Rancher - name: vsphere-cpi - sources: - - https://github.com/kubernetes/cloud-provider-vsphere - urls: - - released/assets/vsphere-cpi/vsphere-cpi-1.0.000-rc00.tgz - version: 1.0.000-rc00 - vsphere-csi: - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: vSphere CSI - catalog.cattle.io/namespace: kube-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: vsphere-csi - apiVersion: v1 - appVersion: 2.1.0 - created: "2021-03-03T21:20:56.760876-07:00" - description: vSphere Cloud Storage Interface (CSI) - digest: 2a7e01ac4e05b4224c077c438e5e9a292840040659830ec7d8f9a07829c5b873 - icon: https://charts.rancher.io/assets/logos/vsphere-csi.svg - keywords: - - infrastructure - maintainers: - - email: caleb@rancher.com - name: Rancher - name: vsphere-csi - sources: - - https://github.com/kubernetes-sigs/vsphere-csi-driver - urls: - - released/assets/vsphere-csi/vsphere-csi-2.1.000-rc01.tgz - version: 2.1.000-rc01 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: vSphere Cloud Storage Interface (CSI) - catalog.cattle.io/namespace: kube-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: vsphere-csi - apiVersion: v1 - appVersion: 2.1.0 - created: "2021-03-03T21:20:53.303412-07:00" - description: vSphere CSI driver - digest: 42dae1c284c3c79b3c168f01841d0337f0b9d2bf703167374a184341e7d2bd09 - icon: https://charts.rancher.io/assets/logos/vsphere-csi.svg - keywords: - - infrastructure - maintainers: - - email: caleb@rancher.com - name: Rancher - name: vsphere-csi - sources: - - https://github.com/kubernetes-sigs/vsphere-csi-driver - urls: - - released/assets/vsphere-csi/vsphere-csi-2.1.000-rc00.tgz - version: 2.1.000-rc00 -generated: "2021-03-04T09:47:44.970939-08:00" +generated: "2021-04-21T15:17:43.269849-07:00" diff --git a/released/assets/README.md b/released/assets/README.md new file mode 100755 index 000000000..ccf5e5bfd --- /dev/null +++ b/released/assets/README.md @@ -0,0 +1,3 @@ +## Assets + +This folder contains Helm chart archives that are served from charts.rancher.io. \ No newline at end of file diff --git a/released/assets/fleet-agent/fleet-agent-0.3.000.tgz b/released/assets/fleet-agent/fleet-agent-0.3.000.tgz new file mode 100644 index 0000000000000000000000000000000000000000..ab117189dcd8a2b1de825d6cdda65505fb9be4e8 GIT binary patch literal 2162 zcmV-&2#xn2iwFS0;@n>V1MM4KbK|!0p7|><>}0O(m=yJ$(VOeLWSsgO&)LmO)A2wg zD4_-kmH_RjivD{S07;P)ZQc2FQf|t9FezYnvG~|e!XYC>I(R{1*?aSq!1KK6c#QOO zGSN?OFfz{^P=7d`O#2f+>?5x~n)XL;(D-W!RE11PoPsC;k7G)3fFse02WVmV0-t;y zRGDTxgCS7J`3%i*x|NM84|(~nSjb{LC4~^&r{Fx$6O~KLpkBVKPObF+ zP4XwAg)#!G--d(kyxs;4ZJfY0OH9js%ZWsN@`Cs&cxcPS8y_oO*UgZmU{J&+FyM`j zL{Px>s)75D7v`kFI`JoUaHSePiy09Dt#}55W5!l`uhG*I;t18KW*Bh5v}go&P@uR1+r1mPGHd zZ#~c$vb}fZ8L%QEVPPazHe)xf5ef0NEdwLvgDEkVCBo8QUggdNX#oDsT&_5BIZb68 z1*}Hi$^eGVhgXoh1DH_J;y^I)xaHvF@?W2Scz=6ye(}ESLB`AekV24AX#_7w2?GNh z)?4%T8!VTzQf{|&OeL;~uh84|x|}Prjd{KgjD5b(oz==lF4}C?Yxfruh-+GRYoa%s zS+f)D^Jeq59IY)~)@uZj2KC9g@AE8{yKdyvr?7)lLA(72RiJR7$zgKAz4m`NYTEzd zbkN!VW59Y%LlhI_<{_qA#-gaSGVjlF(n|BnIH_+Rfj&g7D(^uM}3;y!#Y)F+NIDY!88k&m2_m$QPr zgyB@1QbmJEDQ*SER~DR`Fpq}B+QXDJUlLf*`8wva^1lvuYxn{~MAky>N!pZ7rm4P0SFgd~$=#VaLUTjc?cg zJYT?u`IlOPecylk-k_oXgGs;B|D!K-%3pVZ&ig#&x_f6|QqM^mq>{~iUJ zxpcnskmBy-(ATExMxTk6$RM{Hjy^5wZ!-b?q>6I!IWOVCZSg@7t(EHsnNlM1LV#`| z%?5K`?^a1sK)5tC`u)9mJ@tzJvEaG`c483=x9HE>`3e>eUgkEYX3|BnGp|36ndzxDY)@p;RE z*T*9-QVXoqss3LikfK8Z8M$KFTXOzj0|gh-$v>T*nO|A5NO3@R(VYPNz9f!u=0L0) zMdtg21SB{^a}x5DIJy~BQjc544fPvE)yqNqF2NWqh!NmGNE79#pyyHl$IElKi_C)P zMW|i)u|Ma+PctdXZ(vrg{vdt#=Q%uy7pN$Elrr38j1{xkC2gQ=iz{lHQH0gz|I^L~ zu+NaK_guZyt$}LEr=?z_P@4wyV8YFLpm{V o__SD25zn#zz{Bv0MpVvF{~NKo9dyt^2d9Vs0U*U4{Qy1y0NFN6<^TWy literal 0 HcmV?d00001 diff --git a/released/assets/fleet-agent/fleet-agent-0.3.100.tgz b/released/assets/fleet-agent/fleet-agent-0.3.100.tgz new file mode 100644 index 0000000000000000000000000000000000000000..4b0f4f65180523e8ab255b196f698e1753e4b49c GIT binary patch literal 2164 zcmV-)2#fb0iwFP-BAWK)yezT94= zWDvG40&z$r>+|}*UrPcEn8Y&~kG)ezKNt|LR!iz{!TizQB_yTTDW>=>{flhNq;{U1-q+x?%a{hv(6<2R^(ST@?>|9t;(9CL{! z<*}Gq2>DoI#uqMJB_l57J)fkKhLi*|l;YT5lC%|VNrQmIGi1v&BX%oFj3Xiv?2{QX zQYThIlBg9oC5&J}9Mz{l*FxHg&BY8c8fU**IHA9gRKRp*=y3p#N%`1!hpuM@MEEI9 zq;C2_(M2C{45U+ZuIM8N{Yd4{i9lGQTOTuGQD5OMrA)-E*YlN<2sd8~H98i8NYMk9 zxaetCUGccEc3FR{vC{8br{4TGb^V9UNEntx9M}_lzWs+=ue1Nhfa?A~VwMqccn7e@ z{tx=&k=p<9U^pImASiur3IfyF|6>4+VDFXXPf5ZBl{{UQhQ3#~yAm(Js2VeB{R!PI z2}-g#qdxk_$1B7`B%$T+*_@;?0V9IWZ!VD_DOf#}X0W*NLSxj8ZUpO(<^&KWf*}bI ze*YT=J4Ci7mzW0E=g|xVX{fCHttJcugUhiCb`<%9M2N&b4@iKtKo^`{oWGJs7pPx` zh>=htu#j?vs6-STgb-N-qsS#ZG-%#k-6|A87cpSWR|umg!Wepp`BMz6xZ62goL8sd zGguJC4OvhjQ|+0}JS@o{w1?HWS9ngCK$0UI1nMFyowEcw)hO_otz0z#aFP-PK40|% z)^MmgsLmnwB}|oR!ZR2Gg`CgO9H(2}sPd4P?}~*i##3Af!F>wO13gi>v<&LyyXw?R z|KIHXL^M-|VfAb%=$F^qprMTtxMqoIxo>$VQJ=gZehMDiGV#X8%B$;UNKz0eViOqf zMn@tj;Cj`-{l^OKoZ7R5i}km8rb9iArhX{{r|w5j{BYeKL%72CdigV z@6od!XbjojyHW0C#d~M6XNcmt&jAe{^Y$Aom$Q;@w{%P;u8FVE+x5DfE3%Dwz7LFjzR#W2%0@2QY}RY{7ZZrL7>TDa>2d!e>iH| z|KViN+5cm}dQC$V6XfP0rd!6MsI)YByy`ZBRj^eSn6(g7hW?zSfEFVAP9;OSMpmYF zG={Zf43Z5R>%e&%zJI5(DBYG9{Per3X|ngS@fX7fi37M=t@GKXu^U&PYBsx^v`q*y zkD_Na`K>Z-*IrPS1N|qXDbd-X$*|85jsp~NmUH-27*LJ>^{(SgE_q7-tLr1~!}mgc;wY1X3sWEY$QgM# zE67V2PPHjjz0!;kh|V2lb$(2FmgrF3L2v*1R#zbf&r+Y%8o@HnD-D+8IM(a={u?x? zGR&*kcjkF-^^hk8#YA3UM3r53*6(vxO=R)p@H1vNk>38~n6sUbLEwrT}TQ8^or=CFvUjps=@AEjMiwGwN z2?F-%|8O_|8xJR){vQK!x1{&`15T`lJ$PC5i#JAGX6ScE*PGUP)d?~a$X$xO#T4^Y zeqr9)roo=A*OLDvc-+9;Y|gfHAR(#rEWR$;GkaSQD;hT&TjO>4%cnrQ{@*VNOF#@< znH(Sm*sK48X8i9B2BS{@j{)nog8~xL_@%P6ql*GgRh!Ls$KniD>-Wa8TTxBzOuPE; zQJ|Si=Q|H6?oJMUZC>4InP`a&a=YPZX;Ht;1oV?C%Ejlrga^092Sv12t{-?xiO359 zx`i|wjJ)2hlA?fcY5M5<_vZH0EB?oV=kkAbV&+g4zrcAx|3`sFykBVa zi$|p(=$=nTB=$>%egWNt<1MGTc8D}_OwZ!f+YY*ZVQ?Df0e4WV?;Abz>AUAUT%0TX zqAH@4Vo%+0&bd@;kbEO{rd|INb$Fu;1i!QzxUc@d8~=|X0O<7p7|`_pbG7qZpZ^n| zw+OrzkGx1Nuu`Y`zepfOhXgWm#j>~L{K1AETu3MXbb4l0r-7M9OKNP zvu+fb?-LS`;0(=4$W!9zW>85zZW%Y!PZU)T2kkoqW3V7b0D+Ju%27ejqyERsbEk{U zg6Ku49r&?7=fF=hDaub^R*wE4efH-$Jc$>mD0`GV++>Uuv)Jw0K-m^o)HI_AtIhwX zoeyB2AzSacx~W?O)sjz3-8zZ-UH@w1O!7z})N9Fi%4q)zdm3WM={EMiwr9K2g-}B} qF;MulSW$JJWB-AN;T4UjoFVTUvAP{}&_M^MhyMZc=6V4DJ^%pr+dr)U literal 0 HcmV?d00001 diff --git a/released/assets/fleet-agent/fleet-agent-0.3.200.tgz b/released/assets/fleet-agent/fleet-agent-0.3.200.tgz new file mode 100644 index 0000000000000000000000000000000000000000..0ce284876a7329a8f2166ae13a4aefde75860446 GIT binary patch literal 2120 zcmV-O2)FkiiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI@bZ{xTT&$IrDfr7)fMWo0dNe+5TvwMfV=C(nycQ3tSK}%zq z4MnOX<(#Yfe=kT%vMg)k{YaBr!1G{BivP6H7g_9grK@yC? ztva<*8uLM3p<-Z^m%k6zN@PeB21a9}%r0S%6!ce=iV7aXa_o_!XkVjn5{|tTRU&Dj zZP5=#5`HF}WGLa%Xn+8Ir26lL0;1tAAq+j57~X}}g^Ev469WlYew{)W!djuoBhNJAgg-A4g}?KK{?A2mC(^(VS#xkT0E$ZZm&ViK`#*gR?bjz)TrR{<}E0cOOzl> z&MD6<$2RElQfZhWDAce(iQX~1`JLni!wuxn6@-b%zQ3YJT306hqb)dWQI(E7C_R}{OOKx zSqQ$ZL2$MTO#>?+5`hbCp65HZY%+}K8qhkX0G8OWwR zV}(*8p+qA*P`&UR>)Y4euC@NZFaChmC}*&FcN%QvyG_s-(v%3U32o=C7E;@tSC~lD z%5(ANwo~=4ACejcO>FXx;l{=qNQE7>WI=f5R@w}icrXiBo90W-P$^i65+oAFR(7u8 zVL`MlG(AiO<(WshM#%{?sB_Kin9)YY+%CcN)&;zGJ0Zo(n3y?LEWKBrkuiYM6&?8X12pZ}jv zqR|2W&q4Q;r!idF`Tm&{+Z*VSm!l>r(Zpm6yBpf3#x0i^{u|h&p|ZaKRn_$vF0q95 zx~}zIfge|u7C$M$dz|a_$wrSs_eQeGF8$cAsz$0QT(5o0w?5=6pFqR-PqAQPl_P(W z`BE>vj$7@dB#A#O`H~VWNd}JBys?WN}?@ zCLL}`QEW>BG)u0Q>9k{rZHW&m0BD*wRBs1Swn8Q`SZ*`~wf*lde|~d!b9wcqtpT^o z{y~a7?i2#dDYEny=i8-q`3=#FxV1ZMH>NGGJ70lURn_+Okwhzm^?KvctZca1qOI3) zzfzNIy?)iUwmUhlT%laj1TT|Blw9v_BVT$I9_XcL*#C3X4?^C5CH}d+Jec1v ziw1l1zw`07{~wR0le2^We+~+QU@PaVXP)vby#HQ>RBQsmJ6CmM*Tg_fsNGp$SBv?r zYwDA&s%jIw<^(M49e)8WWg8c%wUf-_@tV`cI8THVSstpz=|YHmKZZgm9Z;?`VeG`cl|?2=io5JViVQUd4$OWGwosKx zf|z1@0yCToiGeLnB-(aczpNs!}`XcmNaUd}kZrTyalvFy?fh#iEjgwOw+ zgs*=nR-eFkQa`Y{-^chg$)MTxwl>_9j5WR3745NXHrJ+`c}~pa|HH2v@K3gtk0;ZE|9=kZ`hGj>q|^%`>3^(O-N^y3 z-1pI2!SL}@f%+3>&@GZiN|wwdX919c{wPIR)S23=zr3=y5R@oof?I`4l(SBO*N<7B zXZK$zPbts7%=}?VhwbXr?gFejA3pPD;9?-x{oy(8aV?X8b}Fa^r(#mUX}&F>TtWy|U- z{kE>_Ui`gg{Mp%oJYBCnZ?HeRI(F|>zEp2^Eg9;N(1XcL*JyvMf+~>s?~+Qiw}agc y>k}Y6gDc zVQyr3R8em|NM&qo0PI@bZ{xTT&$IrDfr7)fMI?X5Ip{6T?j81;+Xl(rz4VF&EsbS1 z6seMwbFS+Dy&x&cvaF5wBTa4r&x0+IGsEG>Z)Qkw!4P#oQsjDYwIou9Ym%{(C#B(V zIGjzV_J24WcK?Ux7w0FV$;HLRWO^|f%}$1+$#isn0>h^@qn`?;i98v8bz9xeeIrCT z7n*1)xQaZ0m}tU88pcFxh9MP$7^S8Qib({L@OX)`mu*Rt1bGC$mIeB~ESzMhauQ<% zZq=!^(wOz~3KapPy!gGhRw6^9FfbZxWp)XBB&WZkR8;T?R%4IkdGk69C*j0PP{oqw z+7|s_B;jYmNs1CKjRpwdN2>pxD^;&cJV)(9`XMyL^G12LB7OX zD5`~AH$We>7cYP&X#^_=BkvU6FA?%$&S(t3++KrNfLD7)%pJV&afz&a!g>p z1_BSr7~FI5z~SmL-1gz>vfYK46-paxFr`XM>zQ3YJT306hqb)dWR6UM7C@53{OOi( zkqf@7L2$MXO#^En5`hbC}^q zV}(*8rbHt=P`&gV>)Y4ut~LI@EB=7iC}*&FcN%QvyKT_u(-aG?32o-B5>mUJR~Spw z%5(ANwpI168!| z!)rT&0QbclW6d06AL=UxTkkMG3P<0Evp+((I?@wUJN|3Taz-?&!G|TX9Hk0%{sgJO zq5OX`9(LmY`NhTb82_Jx$})fi7nCFT&TD)~oZI+N`Oviw!DizbM!JCTSC=F@zfV%O&M{0sePt;D3<xaAVTe*>E|l=c^(EZZK#C6=(+ zRJFb<@T0QS;wL3|hjX(z+v+js-b&Wlr62iaSxeQ0n~iVzHphJB6R02m3Fb_!GvrTl z9C!f#qv3GY#sB$uc*Os6P#fEFUO?p-+r11jjJ1$%XOR&dFR!c3 zq{A)A^Ib`RddXEXt#%Bt9r0cT0Cn?*s_h`kM#v-vtF4Bhvj5%X&u{K-F0bA+HQ;vH zKS+^9twMkWMV8#+Vz;y^zae@VHFk&1#=wB7`hJ~bRr=P+*ylIy z@uf%nk463X&rR@d;!_nph>ISd?*k6ye|zUY~P#6DmGxJ-_|0L!;NVm%) zsE(?M2hjP74B#)3WuaOQmO|Y75#&PYfO4e?V`uKI$WuuY+-DCGWT-K4VD=-hg{p{S z!~~NwnBzi73~X^M(YD+8jopm0og5xYf*hAbvmmtda>nVc>=*BkWtVP1>>%tUeE#Po zeBDE_>IA-(`hm^;KE|g>3iYv>Ai^8_7gIhX1eI z@$J$f{EvoR{9jDYkMaLmsDuCB*z)-C|4aAaNMA$!_+Jr56Qc2HGJu2m|Ni&?(d2mk z`z%zJbO9V;KRNuQ)7r9x1)&W7RNwJ=zoZK69r@;JZ*}a02~ch?PHwMney4yaTUK4^ zw{>mz;vY2Q&(03y$!6nuz5UtOv45}frFye(NneMA?oDReM*BMzRDr~Q7gVCX9qevc yp8??sWI}0R^d8w72vee+4EgQ0UwUmG=}1R9(vkju^uGWA0RR7p(uSk}IsgC#q&SZN literal 0 HcmV?d00001 diff --git a/released/assets/fleet-agent/fleet-agent-0.3.400.tgz b/released/assets/fleet-agent/fleet-agent-0.3.400.tgz new file mode 100755 index 0000000000000000000000000000000000000000..fb2d54a67964877ecb78ad887d5cd68d4570e257 GIT binary patch literal 2281 zcmVDc zVQyr3R8em|NM&qo0PI?CZ{s%7&ue{(fr4V6=MX7!;y8ug<+9siduc96wgnDtv7n`q z%`-)+B<0lS`nw-UO0p~~ad$VH>>fNX{AV~b98&zv3@K&|Q3qs#TpwRfiPYhO%;Jy+f zoC{4f6plJI1TvR7V!$_f<&qrCj1w^brTqA)NPYh!i^d!(R0qf}Jz80IG)DT?NA6rP4dFGZC| zT4>Aq&S=7qgp&zMxG)wVfbXgPXQ6;-xJw8_k0wTTs&%2_JAd`R?k@h$uSY zn8J7g1n!YBm~nB>;qoF}kKyv7J%ognN*ix*LY0;_GP`kjTFh*OwX#=aj7)(RK+@EF z>6UU?2)=1SaJC3d2MZt)feUT)Fa?qs1*4piM2FrXvxZ~u5FisGhB1+A->8X@Z(r9F zS@&nWP)a0}XoP#Jr=Ami`?@`}CjNKT@6kHt95(-*1>1PNP8xld62Ud0&2y`i)aKw7 zCK9#sT)w$&HC=a8Qf;8lP2M5g*jxjtu(Os-37@!?Hby4y&BE2D`;s$M3KpUSiG;C* zeb#V4CE7C02vb4%#G_oJ*H&Wq1qKi?22-JSA*)0f|Y=6cQJ4f4!#XXUqbr+WNPPsjd{U{Ms@stimX7X zLR~yTDX^>lKRt;$`Ty*EIN0a^=b+^>fD|*z5qyV|_o;))`znSmd; zhAS*#wW?Zu$MECjQi~sy;2p`;>S%4ppnI)ZSC@Y5FPF7e&0MWqeX#nU$j_gf`tiRm z5}zUf?7;uv^!%iY|Ka%_|Ib2gypy6($Mb>bV#4e7M&a=&pbAXvUS?xEkQ1Fuud2MM&uD2wsRordV zWU^YlYI@s#IF7GS&S`=dNg_(Fx3`gXoDJ;Wy9vbW4Pw~dP&R>hYhzbi(c)huXAr`l zz$s77zVq9)T3xPfFdpi7V{6-JY;Qk5xa*fj-j_lB@t>o<7jpK#5R4{^_k=NVZ$3XR z8|LW%~w5n$|vFMTYHkzB!p|%bYs^iZ7Iu!m3@qz#UWl}F8b$d;qOy@Da2)J1+02z>j@&5zA!U^vyV%+H`O zpUYo;QfiSKfxC@aes~)w z#R@Pc$xLL~70s!RVekaGtUvzCF-e~89>A{nZ+>^q|IODv{yzh?W50dsq|{R(>3=Lj zwrapj_kQ$NFns(}pn8QFv{}+<$kEC5o_@1-bJwEHzwLnoU^nUS9=d;I^}m* zy+sb27`j?{{rGop%%3U(?ArgGop#Uv&d$!y_V|Ae>YVr2fOzz(guh&lM?>UEllmSJ zcXdh6ZH_G?T^XlY-+I{+w+&9Fb026+wB6p(u(xj>R=B({@-^ZND0ak+u@KtKLGhLB zGathLr|tMQX&3$nQ5XN`r-Oa|e-`TCzc;r$e*FK^BiPfYP(S|Xgwd2}e3}YiXZ^qZ z{y#e3pZ`7!EtfO{j<8)E{-x8}Bj#%Kai)ZmFM-2XWPd1y~>vw&9*0f0}{Hom}xuhZ!}N^5`QnL zM0-2f-LO8gcSCcbG%z|twgAGEXct3%yYH7?n|s>Rp7yk-&qx0a00960FY5z%06G8w D8nSp* literal 0 HcmV?d00001 diff --git a/released/assets/fleet-agent/fleet-agent-0.3.500.tgz b/released/assets/fleet-agent/fleet-agent-0.3.500.tgz new file mode 100755 index 0000000000000000000000000000000000000000..ad3b3c698fa76ebe36fbf285a200ea194be639b4 GIT binary patch literal 2316 zcmV+n3G?Dc zVQyr3R8em|NM&qo0PH$#Z{s%7`K(_tP*Cji93n+_UR>x~F1szZm*#?GTj0i<&;PrE=bM}o)n@e ziq20@?SB+S-T&xpbapT}jZUM%a5#uY2hrf<trS9fq<2@uYO zCYlPaVhp|LAR%$dD)ujKo@)HDQkw^kVFpsh=#j_F!X3*Xs22iDn33=jFYIanhT>1Q3|y>W?~}L zu~jBi^NF{u+YaoczSG?~OOx3(L|A1rUkAg*JSc0?7=6Va`aRL+_AT!LfG;kO>jPn8>wm)I`a* zuj`4d`!iZ7B@#+B!adbf&yl`;-5y$#1G?<@Xq9pbn|CL{HeRn2N1voba7}2lZWWW- z9K6CrqE?>EIk&B*>uy@A1=RV;JA@mXZy*(R){-gV6K82-Wa8c!t~TA5oS{;%5G6ul1?3Zua*dJ`W<1Yzv!zCp9dm1f>8(q8*IQ|&o)D4Z9WqR`kU+RG z2!?Km3Nqmq*m6LM1rv+hFk3-3^BGmzGGbV+jMuNF#PG{+-mDyBqS+R;2LLc@JfNGz z+hQzf05e>~&`$Xl4ZrBP*xz514fMdvQInKtV$=Or&CU&8kKi-&&yUl)i^5de1h|KMaa?E3%dXz%~e z0&RaMMWK%81JA{T*XvEf<555rnAm;H##SIFI+oec z0s!jn4OCk}lns+94CZSIL8bro#gA|9ZZ0n0G%Zzq|D6!BxKP?;VtpCnC@qaitjYj+U{~Qnm z!A8wjtvuzEaQ3Y|B54xBwQIVuHqnz4s&E!qYcao7OLeNXTsH1qpMHg%qc7u@bvQ3X z+Bu1$d?HcVNE0{=b`j2A-z^HPux}lYeSYH}UwX#BEa>)EGEt_G7R}RVE2yis=!IF%uF4i%ulkew(gDER!3DfqgFV%2ePtMmg~`#nUb$pq?cZ==Ia$yhy# zZPpISxXTB7+z{Mt%=$YqL;kBD zLq?dwmH*qiwwDuSx(v8~^ntnJw};BdW?r7PXsvtw+bULoF-c}3%dTinbqs?i$YuTU zUye!gboT&u#eehMIsYF<=ll5o9MF#acGXF#r$W*{t%q#YfS2yu=&fM*_^Ckk`7&su zq~Ve!GsRf|q@dqRQ5IFD_Ua$6>@5T(N}1pWa*lG`LU`Sr^>KRtlk$}E$)~9wj4N*Q zQXLA^19?Od4`6%#K4#WbIsPvu+D@F4v>8`>4`w>$cUXNv4x1RdT6z8c@4l8lRRq|z z|2sSBp8uVljrR9{o&`GR{k20pdQHM#F30Dm$de}ZJwop4lAfC!TSB@tj5ySuk&ad&s8Kq+p8;#S-bJ?!y)zxV$C zWhS$;nM`JOH_3dGEP2d35a2(0WdJal$f&ZJ$tdv1d+~Fda%!@ft8rWFs`2wEX=?H) zXxZ7AIGB5>t2heFSlHPEPW<#-SK4NcbDo*B_pR^x<2f@%?TU{o*GL3YSoe3gqf;Kp zT5jQJDNsg0{Rn|BLVAxItuk_d;t+{Hh>5%0eP-l{atIVFJQp5i(AY2kWoS4NsZ5Yy zp3{4Qp7utL{?E-1cUM;~cN=3HhOf8V3&$Hqy- zMoL3{%;9Fib}BekkUq|kC&fk%jjSAK^x>M4M(*Er@MRhUUbF(?#5!#-=rA^Va^ws1 znAIiELl!RHv)(=xFhflzIkiV&*?^9`xBxn737lX^y6*C~yzyjg;8bl8El-Rka7-Cu zwJc)Jeev^cscD6Q=sp_L?{JAa<4HSD4EG3qmKOrqL?Oj5G*CW6_*b|cgt7}1- zZ$`8{%p7qU`a1S6i`UWcH2c*kU<4|PX-7t{$^lcGDR{~4YI`MbSbvPs@=#CGvb?MM zwSJqE-^i~)O%**aUnET6p^@}Y-LPr@-=S6RXmZJo8ueJFmaIROc79pgwimbK-)XO_ zgq2z&hsexs1(qVpiev(!6bnT%Rz#Y=I~s^4`~2XFx~zA*n*InxcP& z^2t8Kc#`DmOqV%*f5&_$d+2@L4|p^pxB(F`iW0ao(qznH__j{?7z`=_ zYk$+2Ev0)tnsWA1Tc+=-ncbsslx4i1Ac)q?&X^@%C3Qqq8=gA#neqTb<*@4bTy_BT!{bF<)CmnN zU9yjYaB6#Ckig9awm=k`C?P{p+8;&&}(e-V;jOes!dyt1#yI*S$ zZ)x1eo^Yax{TFR(2%3kV$!3#Jk2z<5jmb*u8Q&BG!|hAYJZjH%U4;o3imuCRA)|{@ zuLwx}7t!%97L16Ar?gA8wFzHI;6dqCN=B2e2`aqVETXy7w@FhDzu2)cLas1F`Geoji zYYs_51FRBN!P^hQl=feju;N_Fkb+^J$MxeTQKCg`+b-8Y?95HGa zzHR)o!}Y^McqUoydYsf0I)jg`yJjl0te_M4gU@`)cCt;-g6q$>ol3;lD4&Uqm$FhW zqgH2D>n5}II1VPU3U733gG>zIupl}FF4dS~HO*+hnpdsGYW^kIW)vGU%@(k4ll4*3 zmTT9g_Iy?|JUz~FuxX++m0RG|ePuWWU9Mf56>5v>M}@^)0rd9-QT%bdIZF^&df9y8 zy|;i(Wng~li{QpCZ)O&rh|#Q?RCWbeAKLis6?`qKRdMxRg%0l^!iO2+b{Vu^pAuv2 z04_;%T+(J5j>RINn?zZv6e-&7V9Wj@m3c{)?SzlJls*^CZIKKBLitz|RRfCt&3d?X z53@ukv~@xdwOv~nTebwb3<+-IIwL7@BgGOQwYSW@GnyEZ{f3|?&Cph>V-jTx?_ft%NBqc;A>+3Md5NGN-;aTv9Zhi@)X(zOBW9tpj zU6|72uo-&UI*Dwr#NOu7L_Lhx06uZh55;nM+7?;;%wc^!(T)vo5BleQk?@hwUt)uZ{wqlyon~Jl_kbywY}ZD$c`kFMi9#`PDaV({zMaA4pxu! zu*hh9p0eYe%(k?5&J`~Nby@9QSF_GIVXTjr+y97N5s|9Sb$fz8pm)oWsRngeBGGjuUqXz$=?c4mW^*$5aGH0Hge!qetBgd5L_FYaddOq) zlFPVoC2vjaN07fBF*|~H{lM7o10?VZ;HuxXqq%o-SOX=s8w}A}S|#BLeE%3HB`gLH zYFYJP>7frGS)|$?Ea)OkTQnmbjcz02GvSs_m^oW7DA&t)E<>H?|14Hs<>g(;`TbZG z!9T1sk<+~<2noWZ3|HC@V*4k)#p63_lYTnbx>mbiF{`P;q0M*wep-+F`uvEQ2*xY^ zCr136p;!xQ0E^2G@DvAc8q=9W#f=S&@bpDUU!80^8j$<$T$;Y2oFvf&vbcwCLpNdOq0VGJ5x4Y?toq zA7g$a9>=A7S1`3~W84H49s&21eE`3psHiB~8XcA1UG>E}dm(A(A$h%oclX2GWY8i8 z_dZZf-!AUP>zKFC7}>75-T`a&$-47!c$hb`?RhwQIAKw9E4y3&N7@fdWygQ)r2tH{ zi=)pkobfivOUBj#NV2H3_!0}K$G_c%EB{t0-;Y>p(hO`O(&N0~NWOpUT0{&hz7G55 zoj>YpQVuA+45LP1F4S`r?X*i%PQ!f(N1YZCas-w^Ej^=9XJLNNl}g%=5-~tqBcZ8f0w#~n zfEU=VAC?n$te%P_nCI-Lu>5fNR+c6K%pUg)hJj0VAIp-s@^MK;i+2vuaAa5-)zJ5B zRQd4rBTVK%CPDUBwf}tQSK~`UNndvArg_58zS&=|V=wz&b_0xmvWhJ(GA(tpch_Gw zPkPS39J0oVo=Y9>jFz0yDiXLlz9w%GB=ks*UR-{?l{$^v9)Y3eh}~gqXHnS*g!REf2=@wg zumIg`JF|1nLr`2}Um@14Uh-Ejet#5`zeH8-_s{#ec6cH7w2P(&&u;7V?UtnEV|+GD zfp(Z3PeTslNt~*x1qZ1yrE9+HB0Ut^2KH`#tGJ~tJ?c$5j18qj*|&X%_rgW_t9iJj z%eT%i*V3+yd;x9p5QccQzr6I5A*$jS3hSGvYeL$E#!$kUxVBv(ErXh!mvqEyoPq>w zzfd1)J5<(}A6|4CegXdw+g-Lr1sx^Zm6d-Kj72X;+fM8pGnMh~fB{aCN9Zc{a50zFZ~V1zz|{A7(1g9`*;28-fdGF83ciRQx*r~R zvP)pb-)WSeZqU|~M*o7;gv31D3a1_Gm(b^1?q5RVI_mbeVzanc=5Lp^~iJ74Wf$dIj(Hmp~-Jcq|#dQnX_VPxR80Q=J zq-?^j#kLFkk7F=uJISik=GM{kB5bD&vcvf>XqQh|`IoWU-%Z}}E>f+`9TvGkdhUbI zmqF!@O}jpovjGy@Zb!FQ=|N;`bk@*=?jgU$#;kPeRURyuE1YA2D8X|(Bu}&zj0bal zjF1dCd*LiSAdv`Qfw>9-p4*Ye52ii^oSoetOs)CjKeq$)|J&Cn1=QrJ(Q4REXg=lO zzmRk_I4Am1Kq0*5(4B|5T1mg84W5Hn!?_KihMnxyT=S-Nx#C+J_l~9CNZxOjlB4`& z`|8=o=S1FdHSUPUs+Ax@+7lYJX0Hp#Y>6#r;}$76 zK=2B5S*+n5^H|km(=@)Pm}qMB!-H9LB~)kCTlhGy;p~~fTXvp#7R0#{n2@~B&s0Kw zT-f`;uqN_M^`wRhqMfGFe={(RH|!2p!(lIehM0z?=4Or(M+nC_f&By>a(IhHvzaZwTW?=$KPS5@Dj-mH=}{&RGR>-@+O~1 zo&G4z!{Bq%7nMWt=Y7g zUw&t5&65>zFf05%BS2_JDnu~@hTMA`|JBJX{HdmSr9(TS$s&U-9TXy~zy_H+I}_KXl;V<2M}!n?xWd5@d}}yP1I!GBp9LcX%dq}4EP{0j1rt6o%=(g zQGkpK2dbN{x#gKkBoEO+DEaPII5405vc=YH{+gi{t2Q!^D-SsYT)gzpC(q27*`Sns zw<_zKPi|u&PvOK@`z*za@9|U>FOu0!bv$6CIqGupqba$Vrk1zXTvW=RUlAN$&ptbh zg&DNn-Oey!#BI%Ri4^r%ox2!+8wVoFeI$0?kvzlnq83IY6%c)hsn11KrT1im$u?A3 zRD|c0GCG^OZ@elMJA@;xF|wmZD~uU`hn`y~nOV{xtc+optd+miF0dk;e~n@IH|so}R=H&Nc}# zcIKWze7i`WeppU@ZQI#*{15o2Ca^%YPL)^SCtU7tl8n+&$(-`i2Bn_<8s3L}d6-g5 z>Q;9%-215V;PQLE_x?v!z_aU{t;vmJX{|(rgnU3mew4`{xO* z^dpVl)sh^Cu9rK<^B(=@Qm?=su79<;q5)5se$PggY(L|0UM_FWTQ@fRUY%`8%$qw1 z%Ja_U&3c>q7@n(z}u&|iTrC=NsBu1 zohfO}9-(_R+LCh1eJcPeuxe3+nQ>T=HO;}PFjH?p$8!oQ&&*OgOunpm6YcwqqTthX z-`;bo8F`_5DLEFojywJXxqw40Ma$l2!3YRD2|_YsOWtCtIX}|@M8PWwBMNlh=(nD9 zoufpXt1V3%6S0*RlWers>!SF3^kI*X%gswrOGZpbhM^TnRqI zvRI~Wr-*q0wa;XO%;g$I2`6rlaqGml@^vmQdJ>z-X(x($?~q;-WQTHV;b#Dmn!2a( zVrBYm7FIOJ2^yH1vpZc)&zS(9CCn+~u)3=2~Gi+LVdJGXyhMR1~gb|IIA zj?!taCPd6!*!xj(`i~kIP0 zXN4Ac6k@QM7~6pHy_{hMP_4fNj3_42ys1OWc9%j6DHU>>UB@T=ZasfPD>Jqh4#(B0 zvf_l*{#|K}sCAN=XF{fjx9EKSti%TY^K3%0I{%XKpYg)nG-V)pL z{amY`YNI?b*Jx}oe%oGjQz49ZAsv+cq7b%SO_XS@4bKrb_k|eKO+dv;It!?=Dg8Mo zUt#f2NvC0>t|BJnfoDb(hR@~4wz<@{VKzv8WB$&E)a8NpjKFC-q84lKWRPWtI#Z|3 zXneG8jQ_G3kqp28c*Lo_Dusf;og>@dLDwBoJf6LEfazpeJPK*+e9 z*X;blSa{qWohGzDHxjUHXcNNFtWU~C3-0S>=P&a;p|2Bg5agn}L(mPM=HQ|QmO2s< zf6#|vGbgCK)j!p+?C~PQ&BCe#YD4CJ3z{}=EGPzVe>h^+q$J}X|6QU>AMUQvR0%8K z7Vl(S)|jb@c3(g|t+3K+{y=bAA(d^VWq`1(LG?XhrsgPV8h^UR2F*%K7yz`=S^z9- zAoPT~FWBq9Nm32)t_jOQxzLIw>!`~g8)~^j-0}^aPlE$sS>x($xme%9~|vMV1q zt*q3r(Zip>MFS|xNk1Xh`3@ajCJKn?J0T&zsqcy%xe<5X3`C6j>kl!h2$s5}t`bA$i zkteY0=QGnH(|vBLIg-b!NGw_WZovmy=Z`le;J+j93DtD7)JH^3X(9~EA_`SXIBk5o z;y;*c75{@MonMB_D0)5WI--ve$ca1RExPCGBcKk^gKV7(lu7sn#q$XP^q>&9ux%FN z!Zb!@dP9VDY(ebTTMQ_89_w2)k zW15WdT-FJA^6be*bJ;@hnV|FSAR}}dyjV+dm0yes<*7lAe4o3wbT*uw$qZM-DE@1} z!L`-^#UmVgjRI71Ws5MkitT?7#0~vvU=>#*FH7Kc2D1F&3j6WZmp`L;GrE+7#ElP0 z!x<41RgNPZDNIo;WB`eUi{5I>Efm5ykiNj%__Q=R79$t_&iko~Z z#I(UTZj5u`vBXvr=cp6e;EOIpz#lW9IOt_!bRL4gU#C%E>Yv}iV+B2<7=IA|W|6%A zv?Wys96LKblKkqIa6ZU*I`Sp9Slu57vK`lSDK zMUT+B|BkK=B=kI9NtrEU{qX$O{avICcp7eph5S<&k^2;+aVn+Fs)BdEi`-x7^cSN= zS6p(Iz;K=ke^KB$5u_bp9cqz${hp~J*C=Znk$p{*-#|G=7iFhhIam_+WTdpxi$S;J}$Zf!uI4GnI z^8KT1JSSs9o$F{0x9c2g)7n{bIYQzx$E7f}y}}962~IP&*+L4a5%fNlYy6B*&rr-< z*?HeGnp}1#`nit#<-sW(ndMA}z57dGGs@RBcrEx?GLFZpL@kA0xV5H!!hG~*Yfrf$ zcw>Ed4yY4l;=-?Kj1dzD>doELGj={nO!5U|6H+vVSOrw;NC*W3&f)kIiqfT6;2#mD zA{~kb^Z0O-xwrb_@80curn6==$EX!*tjT)0B>#`b+utxE^) zY;mL5t=pG;VoKd(q&yu9LC}_dsa63(zsEP7x}Tuoje@vw7?iE~hJN+uTO=};J05wDx6esH#Pv#rE4 zF4TKlk&tdf zMnr>2Bs{+bG3#|C@ft3B@zL)Zf1kE8r<2YYKacuzmWxYC>3FjZ15TYK4}!-tiO7MT zPJ;{m$Fo0~1D)A8<@-T~Spt9fvL-vpblPteo0p5XY|0V3?n+zMMAr2WX)$(MZp4hr zDiW%5`yE6KABldsZRpgLZb^zP4D{N2e~k5r#L8OmiR>OjEvW<6EY57j;_7X(!0Bx| zAhh%i;kSiY%ZKxkB#dx-A3dMHX<%lzVzl%v^dGDs>urY9;OlMP0-^!k+6jBqIUVne zkH-=Q?qeZNH<5Lt2Rva*@VwYMZGytekq{^3tr7e-rat_(4}A_sIrYoPV}el?OQ**u zB)uH&j~v0!2idxnG>GEK?N>tL`jti0i}0nO`_|f<;X0O^5QtNMphP_!9qLe0<9kpv zT%ZK|o41@5uzQ!ohi!9jV$>sCI&RcS)DI0V!M76B$;~0LRLvHJ&6OJmX=JtlD!Cr0 zL6ux4-)O65L5OIY)&jSKKI0mhbwHMuJ`A4Ydl!y+paZ!v+N%HmGVQ+IQMka@@15{^ zn@G@ZGcAlu-S`GYqzxa*j~5T}WRH=$lNKyT9&O`nsmPQ@-L2I92CPrC%a$XdJv zPvDoY_rJ_n((~{HK9i{ZbUDi$FpTN5bmqsg?Jw4rR~f103aQ zh-51~B*-A|J01>CG#elDn66iyDoLKWwn=$lxPDkMJh3reGHM+$U1h`gVK#pBE`~Jw z8GoMe$Z*-I)5i(jBHz^V-+l@slYGF|hEObx7ALO=+Tjuw`ACQf0XJc+W#`bla0}ft zoS-09{FVFOcWsOZ?6O0_#n%RznODTVG3QyH(wd}SK2C%C)s~Os8mPUc3uwGkR_QA{ zW2d6l>5e>pgB^Zi1s7c-5&zx%3o7tb1hQWV*ABlE$e5lFa4#4N0yfKHM)Vlco3d4f zmzX?n^|PZW{_LX`&SP_tb7vU(oC7`Fv1gzkt?{Jz_F;Te;Km!%)kWGhGO0H#Z)VrE zV0QTMQ*mgigZ8I}j*s=aw`%0PA4w*qFh7~NR#gXwlj>HWzZ?9DK0w+Q$%E7U=dx$A zgE+NfugJeb2l>0xMeZgiov7paVTh67@1u%`eUqV_2qK6-D4Cv?u1fr}isgw%$foP~ zhtRJ({-o&QfGIEUfXX&Lx5=fC15XK)``OdMBX`>xlFIK@^7QRgH*^?PGffbF;9_Fw{eXRF!jZ>r$- z-v}D-x61SC>!n)=55PY@rW#nKp^;hRlXpoe%A=>?5rv*u7CprEV_)2h z8v)3B3m3f9{%a?4!lkaEd82avH^h~i_S*V_i?(&()#4B_99%g4KlI+m zXgX&LImm~q3WwA0njZctB&w9)JqQ$ZSTeePpVcS>%h2|nMERg~O2kii#psq*sl7c7 z!cnVuIqvPrW9=d!BO`3u+lT6rfoW6baszm7!z7Qpt!|Ei4s$-hQ;~yMOfgm5)hnB! zW>4>c3qWivJ>^ccxPJ2W&Ipe8b*aMd7IW1ZiBH%QWQ(NOe2oR;rpv<=53LjN=0{-2 zL;hd%_X+~eRuQQ~iwy1N&MHmDPPRVsLaen#1>2kbi%q}e9Db*Il+ZYvcuZ0K`Dx_0c_wM7fU~;8%`=coSO|fN}3^%QY@lHdt{zMq%bOYwplxkE-CV-lT3URbqBs%Mh z$B1(zgck4!zg6K5LQcCg!`+r}1>nRP^_#|gSNdM}N6_`#d!&o<2s~n2VpCjON|o{7 zL|R>9D;A=se{nJkZAVXoV)(iWo&A)U2j@_VH*eHH%7eRq!xCHBL+TNe^r#bROs-`# zBL?E)S=;B9g5TgWF%mGWWs~IBa!wsj5=9s_h(u8&r7A-uPQpGt%xx_hzzsGZI#pIpM=-UTP(`XSxi>layRIwRttg z_fhoCYn1h=i1)GK)PB_zsOxO>G@fO`0xPNk_iN~I`?V8Zp=oyj7 z*?ks^TOq!Xl8zJP$}e;F=yRv*Jb%j3wbt2L+$iIairM+4qJ#@;H2>~5*p+fRfMeiE zp$WItza?A<-N5VhQIBxfR-}N;{Wy>@g=(P+Sf~!ApyykOU)w8=6w&6uCYh#ONanS( zt(-lq5?u7Rkl$*=8EjW2@?$zP3gk}u^t@f6U4!7BrKeb0cuKCum(Hl1Tgr#^5&3vRtlS_x+s882gSsoW zDdYkWc9v7Xkl}xpBfIOP__9Ew9GL~k_>~=r|6)<2Gn{-biX3;D{bFe>>?5k~72$>I z_%kH|zS#1$I)B)W=U;TneTn2Q916%V!nHOZj##)gWBv{rZ8+;lxRGFjc|9Y2P_^fNtN>kh}x)5{K- zhco!t=;^Eliq?*yMIL!4YOTwVY2dYs{Zzxioa~nev^Q(bvvZ(%@Q|8m$5G>^ThB?2 zhcrXyOfyu!F&kFDF8XFdHFd0B>zEsp?Gw8};@^9-yT#s!@7>eue;>DA$+!&a0l^4> F{{yRmx`qG% literal 0 HcmV?d00001 diff --git a/released/assets/fleet-crd/fleet-crd-0.3.100.tgz b/released/assets/fleet-crd/fleet-crd-0.3.100.tgz new file mode 100644 index 0000000000000000000000000000000000000000..e0869233d85f761dc35584b372f50216f81183d6 GIT binary patch literal 9676 zcma)i1y3AYu=e6!+}+*X-QBHaaVb!w6xXHD7I$|o?(VWs+}+*X7rVUQcYna0WHLFE z$s}{m%#$aRLmrNZ1Ncwg83D{@3R)Z%3aWf6UV^;l+s zzFB(dXgY~1SUETXPW_C(uLw<>X1y{S+|)mt4hkxcI}{$5twm(UvvapJZ}0k|8$Sc$ zV}5eVIs-JKZ0z5k@f3$zV^)rNp$izAslu+LI)#Bi^)3m9Myk5tTuXHSJ3M>P(C<)ouX~Q?h6%55* zAFj9Wz-4t2!#dSkyyCB#UCF+baH(3cpLMmao;;YmXtlgm>B~*W`X>yG#6`7B6D~|T zRZfB_*puoiN+`9oXo35_!+Rs4DJU%|S!Y;Hi&T5p*Qb-@_<)m}s>AltKY7JPRnnQAkJ!|&TgNYA(pr|bR0EDdj%hMZuTad7oTs`golh1B2tpU+Ov zH0wNuLUd$wuc<6*M~8Moa%g?hNlxi<3fizj%|D!kP@*eFtIo1j1c0Q1#BnvT_2@B;)jl;7HR-`~3GXbfXA ztkC$K-v22ZwRb(;9-OSW$sH8Daw;nIjHFdm4cHDC`X}MKiE2yB(H9KQVe760sK(_D ze|Jru@lf=`K7Dbq$>o!?ivKgG;I}&$bM2)F+d;{c`QueoF(vP2T>KE>o7v94TM@Gy zKeUdMno#Tfh`{2dS?aB$RRPMFxolU~RkvVk_IlHGOlC_+S1|oNw5hi;wC#;L%9myN9@L!%YHC@aG4L;Nh+TQ=*XTQHT?o1 z3tD8pNQzs4_Y?GwljgS->EDkw5QmO`x_2UE=uLD2Z-If*^JVx4e$*bd0V{uqTQf5` zIf?E%JhIZOb>ft!MRRiksLvE4>W<8 zEd-a$Mu{p!D;SgBTjaAwQJ^|)w-pMi;$Bz=>3N#7GjD&kMEJ{ct3qQJEQAXrf}##m?V46kvo=kf4aja_xqN>TM&M5vqSHGU2fl zUd$xuKeraA6IJ|9(Yni=4^R@8_2qwEWSB?SH{Z$=0VF@Efq*~PBaQ+`*io|sO+2Ak zkL5lgwQsUik%fnknOzq#TdBm0T|(D&w0D<58`+h$e4QV=1Sr(Yu}wp}V(wBA2Y%i~ z8k;hhGcG}w6}6oHR}iaMwQ0yy|>;`6M6C=HhR!G2pa zomT`frTp^KRWX9i-rvjLRFeU_&cNPOzT0J}#J2P%ei~wxkf-)LSi5MU3Fji!d|xh- zpmnEnlo9IG11JwDphj%`Af*%pikEdzd8%ox?SxqHSIkN0?|oxW0giPGWuX8Qy1A@W zeTz)KQ*eF^c8Nct)<5e}au$-463$l^?mSxsmXZ1+jXo45%MIPbAg}W?==+(*+s|;{ z;hlRWlKa5Wc-3Z-0ggRQ(C5uq~Y$aRD|JgyVeF>Q?#s* zLrNUpE7&wA`1jU~7ln$KMl%|)mdN_~((&P>rLPL zA%09nZ+7^qr=*VzT)lLL3J&S$0HBKy9X}DFo~pa}+M(}7LN5s8uRI>=Kq&^w?1g%0 zv8m~%WOx@WI1_|Edrujld`@F4|yf*iPjoNL@AG#cMF0 zJVwm-whFH}?O<`E0G1v5z5*N{pO~1CdKmgQ@5kKkF={*b4I*D2W8(By|9$g^^q5x< z4!*I4-x36kV-d>Ov3w<%Ct&$oYt0oJ)wiyiysMc8T>%?*{R685!dYXlQO3YN=ypil zdqjR34WGeswqzXWPl!fCZ!1^k)mJ`doHv&=-9H=xP)a`o`X~FvE_fx)82!u&O>DV< z229;{zLZ0Nk;8dojVc7FOAyDgi(L&s`~KG44%oWx%vYs6TW3Ht#x_}Wn2IYZ;hjY; z^y810KS!X}^(Zs6@*ubH(rt++p7wkOyEIl-^pCme9Mw)@UvC~ej~<(%ju`}NG=li8 z(8!Hsc>YJ96s%2D^HBL2-$~`d2X(Dj#<9wdGO@Gf4GpMe7@fd!mptfMsK0<*XiH^S zCW*g*rvhwTiUr1eXt%)BTMQ%eXY9UfB{zOi2g)(_}hwSd8;^g34!A;f> z08!45rhkZ>e}pHvF_cXayJ`|-RMt~@-cfN3X3AbQ1un;?BQ#1gKg2|nnYN7foF4j3 zw`oE=YfIYx%z#%{x-1{T`4<{ozP_0qnm+lDHJu>(Nx$I7{oiS7l+|w(p-;B+FcR#e z&9`o!ui9Y=$R|ejF9rilqJUBc?(p_({_jup#$eO*p#}qe@l1ZDbHl+wuBc^Xiu7Q% zfEwcOyAcTq3_^R`cKq2*(N2hZ`ov$zoBB&C*l`_`!cOfti$$G<{L$?g`2WiMYV^wx zf1O%o87F7cRu0?Ixkn4T$*q`*}z$L%v0Z zl-?U2V6(2My8#rGtju_v7+=v~!_g@|tj%lOHsTf>QMjdqTi~gb?hA)0tq@E$#@LI% zVG|$?r_%xZ^^lX~2}$c1cbog#f9TrZY69T9vq6N@d#ZN%X$bi71-{*!v$KXne1$q3 z{K$e`&oV!c8Jr4L0Tq7b2*BGRwhRKB`>GvpF$&YdJW-2!eQFwb8Lq3qOn+~Sq#tS@ zwG-_g@N623K2Yz19-!7X`Wv31@I%?IhI8JAYVK*q>FPT_2xPW)h*;;yKPWDXcssdl+?~?VAvKK!zkTjbKb(*a_=a*gaV8h?w)(a; zncen2$|&?}GCTZj^^-(EB@{R0`&4$Duo&cfQ?_gX8vy^m^T|v$^I?MGoKYQaS8<3q zLX`uFC2+`h1a0ZX^X>LT1GxKu1__wG<&QoUpnsqztZ33I=}60DYpe|-6N8jlngg+% zSx|54(V@pqAJKOb7(a;G&S@e~$KSzaf$tmo?{Hw;(E}C7cHf4#9zK9Y)6j;$=itCb zl!&aaUE=z-SXmVjYh4R=!J_^F>Bt118D5jggwWq|pZ5?GEZ%S)@F?GA{;t<}*ikX$ zko|Wub6y)x+ld0oyp@h~2Zvio&DwyDjEY@AcnW1O#AUgdn3qnf2S7i*q^a4UNNL?MBfy&_wwB zzpSP^E|CIXl5IOkW|zw6lBHRp8F|{jZvj3{+o*6kJ}aaqkAN8xVJ`cu1on)?J^NvM z++mP5wolpWHX*Z5KG8gtqh0hie$i?{x|%}SWq;PlHc#njNQX)XHr1LL>3H^SkQJN# zOsfS`a2O7VtdIUfx7&|nhf(S!9al}Ycf(bzgn#*!irtnwuX=h?lRuEL#K1LRY;cCD z4dZ+7wA!^IanrWG2e+I}kJNX-l!5;d-$0U49{1myfo`U*Iv4~E$<8Pj(B{sRP4Q%T z6oP7hJ6@5l0GSoMw(@*n3GLcnj)sB&0TtGzfPI{uS4?trgCI(Hv&8xHx&sc6)($=w!Zk+dYP)(2(y(FFSD1DYyC<(Z`bv>1egOcvoE$6}va zN@?36Rze?@IE7T=`lAhZytC(Pd`q=A5^<=wS4=bBdOdwWJjPB9uW^785~IxNWDJhc$Zm zyx0eU+zBDzVCg&Q`QwxE2k}SQ%O82s6`pOBs3YwJ-9*?>Bk~2egasYa_&0 zeS=F(?nWGsj|NTxp5NY1<^s|X4wbdv?)OHD$tM@yTacw!3AQda-rS#eUZb;{1|;>$ zd}5K6^vq_oV!c`zf2#81PDL=Z?$`Q|=Nhj=gu7M}YmS`=DvB0qP8uoK*`QKqUNO8f z_nL*h41MHn&%<~N3eeioIBF?ny#?U)6w>rS>+5ybg9j_(C8pSsnPn3{jgUJ{3D4^L z(9s;$)dlZ4zj{EfE@Q21V&8Lj?upFpJL|tMV)b!Sl$fJ5jlW`Juf?N~gCw zO};1v15x*Pxvlk#9t{G?@C?)n1KML8lwztlV@?*`d%d%%x})KGZF}MVW!8^m+!DAz zWdkpS?B3g_k=p1iMD~b@B=IGp*cp*471*Qwy+^se^Y(Au5Hpo?wxCOVP3g~a_% z6N$ds&Zl7P$OT=gP#XwLPkJn!VYvi8sT)YT-d|+7zcK?jE`psLL}#)ZjfhA+EYy8| z^u6Y)q|@+QPGwW^r^SO*?CufrTizs~`4~iaP{`KtYw!CCQg5TzH{Ur+9&dChhyYVc zWnTb@i6~8|6_$RRq`BVVND)Egk3H?Kj@r#72TBw%7}{M7PtuZL520KTp6DMMW&ue& zkK~)%H{%Z21!W`#4Bl$Ma00&4r3m`KS5r%gytZIGQs{oqU;XHa>Y}V{P1jZcwF2Nd zwVl}0XxQ@=2T^B*y5#_S%gMca6v{W8!->qqdpSBl@3J-OVZ$xcK_phkeP+MNf>*I=SU5B-6S>Xt@ z=Ko4OZpK%C3d4nlNHJ3lZAm2G%|mkNo8usKf?7J6%c0l{^BXzs2h(8})4r}s1KmQ> z)co};ljkl1?&XcW*P>?o8A5x>Wf4(4Xr`+~qn-C7ld?pS%d$#ekQzPmnQdJT@{8>d zcm2`wvfF~a-pEic?FJo0egjm54o^b-;Ny@|kcDbiCC#?c{|c@4a(UO2;kRg&A;XRG z5H3jQE=b>*)ZItr`AWc+{DW(^S1okrLQU}Rod)^hFD>^zGb>|u`-{spQlM{G7m>6q zaXsHS(8{et|0?dl7xIX{qU^{~m{b-#UbU&ShOutYzqBT}P<1QiL49St-$n zzdL!dvNaOrtn^oH8HkKJar?Uot}rX7|E14yU2|wjn(_ze8F04OXUQ6pbHZf^UQW5a ztaqaw>h!|ZCTodhV=JI#Y6B6CSVY)BKbR>0MonHDK6HDbxGyMVVaDD5TD-tGNMyl3 zW7q@#RPBnnCcnKB&WvzPZ2Ri+iD)(Gr)W60i-D5YQrHYa4&L&S=Yy!SWHX~9;q!PS zV;KIuWib`No&@|-#1|(G(h>~d)2bZAq+_ut#yFs)OMGcEtl`a)gZ1i6#Lfq+x zAUKI2wZ*Dtx8wWq-nFMy4;vEH^s%AaoV$8r=x?PWU0Z_6P+D37TCRM#M;6O#F0L4u z?!`5`T5C*Hfs$;W(pR&DCxNefe>-A!<@C%gG&W!($Y#1MXiLWvn8e*Z4o*Wg9|j|o zQKsQzlA8neyy4#C<3=~5R(?(O#eT-=r-}NTWkLPy32mWdAAkHPU%oqua_7u5>?Y?J zy@2`iw6wl`??`kVV~EiScoJ#$B*l1GvAujAZ!eKc5Ms`%h7(3@L(hN%0|+ta$kAAp zwYb%SLk8P-6PqJ!Z*-c4n1}!R-k1ZIcrAC?CQaPD<$A+l-ri6iu|)mnbv_FtNgwo< zg2ZGag22|~cwd<~D>{5$yOVFRH!q;HFfY8JTPl_%Kts<6v86hd8%?4HSoyXAdXr$J~ErDckE+4V!BgjqYh}k74eP=qkIxX+_m_QS9_}IG?W)f`dN| z<}gKdOG+vZOy*1?*=j6yhrq+JW<*toz=yC(1cTJ2rg8$|;dmHwBzy1`hZsrME%+G9 zU1uf7pdA`D$M;dqnH1pX4~XS4e{`F-FvGs;%hFaF05;kR>}XTG+qXmVx&Wv&e`{5) zGsIUB8%+f>r_s4+1%vR=$*RjQEr$~lcBA%2^HLTFJg|l|@|%)+xuGH#)tu)VvzmT~ z1Ies5?@6{`lR?EmPu-u`jI3SRIW*6DyU`nh`T^A$!}28z)un5QC$y#89WM-?xNL1b zdd#*8kl}D|@U~HLb{zBxdt|jroWHf~-HEYw21U^dQ!&a{O=dF@TqS1((CeccZxiJBm=?T~iRk zK@&vC4n&L*yEl<6fg({FXYLC;Zz(u$4@eSL~(l`rE|SXVbEe#lpSv2(Yh;44h9 z`hmZ}XNYyTrH|A&AWr`2rW-8ET(p2%&6itgyr~p8C2gIJdtG|OpOel^Li%xKnvb!FAx8rc5rKh{ZO>ULp&x)D-xDl=eH7+e66HE$%)r00mN${fRDG=z*lmt3z|}M^(uPjm*K^k z5ybHW`kpM4MuD2*1vA_JEEDGco!WWgzSbOczE(IGWH5XN1CIQ-ng#{PqlmhD_W%nUfPTgV{KlQw?XUajD2a zgfsd7XX}xQQLwPjXA~apqyFPr!*k>hJNgh6`K@NE0!d9Pe^9PT(Nh?aua#H)!|B-Y zai8Il-^Mn(L<+<$#BHIqb9axrZqK zuPK8~C4q-EkF-Lm0nyuA1f4JKjkfyXShh}Xg$VqfKVqu;KZ405Fmv!vrZW1q z@u3|2o-_%vYv3x$F!>1AiZF~f;i*tOiV=`&;La&tKGMN0LgT|Oo{ezpJ)3&bYvQ)~ zi3aWH4}1g4Ig5!Sxj)x}|EzU>lBRZlHiBBm5XN}FZ&)XoFZ8d5VxP2 zNpS)`8swu}zVOJg>*i>*!?#nqQ@ouK>oGKX5*TmZL+jZscZcYv)jJE}vQ#V0;F%`U zW&bo!q${8Pshb8e?O{?K^!JQzQNnKQ2IDpNSd#+P=o-7vU>t&0(EpFH`%%9}@wlu0 zhc)f=a0m)#byjtbBNA=wR_$GptcI(6a&ZW*H#~}+-HPfgoxU-ZMNKJuzJd= zhJI828Japz;AE$!UFalbL7r`O^(Anl-*rD!eGp$~lwpd=znK3-OGC)1-P+n^{z8oz zZU=NkYoHuKmuMGq%|x#i>d0D}H~)lQ z4YvHC#fj-(^0TITgVlR}=MwuuqkOGho_9VO!FryHz|pV|grN=GfkVGQuE*l*`TU7S z;-`=Ep7s7Tn30vT7X(m~tsCD7_s^-6X-x8L8Oz zErtP6g!+R;f(Fv4zlPxn(OkMMRY!}2#hZFbm$}1uY!{RLi?bm}HMFOB@WEFOO$0sF zDkGv)9G75o;&*%~eK=9N5`*f5PIYZIJHE_=dJ77f@tT zL+2)W%Ed(l=z9JTq!b|F$f*sn6?zVR7xQapg`-`rMGGxt#Y=p{3 zdUV7iJWs$V$a;{O^aOjk&Gp9+fUf7?u!VSq;m*N!_hA)D5s0l#|86rTv- z&4Bu11N1>A++G2j9Vu~c17Sz_S+aGM+;kUPPvtw4H#g742LJwq`>b-?HXeCe$wSY; z?5Q=bZldE!;8pLyo251sl;p_e9~1Rnqzvp5p-bWk(-rPHY;PD@*;Q`BX_KV6*%!{r zRbETX$#^o^I-E|OIrn)QaE)($V}Pj9V_M-a?}6mgzz9{b*w}rRvhbA8gm(TG9Izt( zlla|(7q&mv6F%07uTlW32T)dTgqlKP8K#>_b85eofcN@&mf&NVSMGRGuGaQssP8B^ zd?Fl6n}&kj_+j+Q5M68N)0iflaX%II0G$=CNIw7Em+{?GJlQ-BDox9zuEdCY6ULr% zCh4#hqDgs&E9U|7Fa)aF2Y$ee$Z)&~*^hX7`iOnPl#_-{7W@{yBWl{`cw{@xICGAY zKR%~pu9}X>{3LOo?T5G}6$5^WjPL?^Ax}F5dTVysEH>9l*wv-A9n1df~Q? z>9V-khW%#LeZK<&r|{QN(9uziZf>4fqtW7rj;h3opL=ufOzI(b&`n1jAa`;%IRpwu zq;Fmg+eRWC;+_CGIho)hrT(p?^caBtvBt?S zaCp;{NpHywCa>B#^l%M*M+*i?89RTnbnM~d@I_mBX20Jc35`F5pRFiyR^+cp; zWW;Zk@#g8-buTG4DQP&uX?@Dt%)EJ&45>cTc^rxnk z#;Tpi7_o$RhQMAN^dZSf$92wQz&Q~lU^Rvss3m;wT_oC04YLo;3FMj7CA^D=AdsVZzkv{YJ{r8p+(NX?C==7||DldEJ~F;t_T0>W2pp@psPcaUf! z_~|Q)T79!{y}V%MB@7?^jP381;^@2hnwa1(I4T;hWQzSv@ZujmMo9T6m?b<0a!!rQ z@P~x*55cSa$wQ|h8mhqgJXNm;TNT+cGgyGKl;H94hKmUaPrvetP!@H@AbpH%{}Kjf z&z%&fRb@QdeG|guv_Dnp25lp4H??#JzUABC8xw1LSvx$$3asc@utAfgOY*eh5nuf% zs5h%PYZyY$Od?2j4>Yg(FLVF;qD+Qrm?fd=6im48mw&EuaA1{YQO{|9*CerlxY|Z( zJzsh#vPF_HN`M$*(E`f}0ms+(a-B|8T2FCJotGYDI-50X05w?1urV3&$)G?rHW}O* zIL~i-V5)_w>&O`@<{o?PC7mzoDi)k?Ei@VPmp=^i#34tpv zsV@HScF}Fkksq5>kCms8)zC8Z{$D_z3Y@V@5m!Y21suE~v1w3ajj;w_Q{0Pi{^9EH zk~C~5b)~_iDc zVQyr3R8em|NM&qo0PKBRbKAJmV4nReSm$Z?A&x!C%xtCVtKA$slP~Aw;);{`9=7%Y zCLsyO6u|?4ay(o6-?vCg){O)jAV5KK_e&}=iEe<6Mx(EjoKp2N71^t+84>FIk<9ZK zp5fx+;^MbAZ<>EEE-rTez4-O_*Do$#|Ni^0zh3_O`uEEh7niRue!F~;T=*uW3o5CI zcyTcp*Y4zw1V~YEMHJ(Oe0!E8DN!Wn)AN)lmD6*^U!_ziHeob-n+Q^*Gb%bCo3SjT z#oOd>N>uc3osSe`PGw0_`Zj5~PCiOS=bg`T`8LT}QT^=vtDre0lD@1*Tn(0r?2MG` zPbwti#oJ`@%NZ%lr~h7@zdrxvETb|NtW?cUf7I_KpGiTcR3ulGRDAx8N?wVSUegIH zShFl=EUllODOJk1uU@6~Hj(GcwWz5fQc@*f<$TKJtA?0!xtN~q61UhQ<>KP((4W46 z_5N3MUgktm`6?Be^eG6m`~R2Ai(h`(-T!ZXfAa?S{}`~jWk|{BPeqIRfAakPf5@7< z7ngTbk;}7tR%CB`cgfkDDv}XJY9Z2c{#{jMIhE(_j(FOQZ-X`Z#5mm|ajL9-5kLQAt?C~nEq@qHeCCLik-y3|_w9NVA zoEA#H{8m5NJfR*-`ZkeDuwvRXe9DWK9{Ioj=YRWO=k*)^@gIL{hWOim|3Bw*DkYiH z4ScuFdtJj%1+U8G*58+Wu>j6jh#+yPUpF>XTsSk2?#sF)Eu(tVZf1uZEP*OCsnEQR%Gf?@7WG zop=60KX3~hTc+m;1MO?*U5_<1j4}eAhN(xw)5$m?kky}Zt=x2jh8J2ebHoan{_o(4 zwE&pjlD=Aw9R%}&4J*A+Zk#;o3HS`>P`U5ZJg`!2LPyoqXgNUa^ z$}?6>Lyh0B=L{WNvta<=dH;YAJkRUBuLMza`sj`GNu~G=5vsZE+;;3K&|+wpVorYk zD9D1ac8tK|KTT$cpzFa@YR4XQk4W1)?1$#IID#^~iSL%?G*!G)1X|&RDaZ5rD)#Cb zTagxx5%&NVF-gUOrSx5z@@oI?>2{4)L`O-IU@CVk)mW_x&nR|T}vR&&*?o8bYF zYK>B)1(YHvMK%DX$P=2Qv8uOPAF6sNq)|wtkY2&F5YnjXp%n2)B1(}xcotH`6aWk+ z#xSX_kYMoG0PnjoNVo-W0tyl~+(H;hp${YuiCJ%z4vpCmY#b6jB>cDqpn$e zTL|w2gM=uLMGGisc^qQE4!om3Kn=J60neM`^hLXN2S0-+0ys4K!lA)95*Uy421sv? z&=)k^f+1MiH^qJ7)4uT-1FAPi(yx#?xO#J}ex^$Rdbls;OdERbfXdy?+Z&P%roz16 zdV;h^oo6`Hrcpl`jzI4>_l4z=%=3U;z!y~H6u_c{9FOzD|%&W0Z8}{N+$ca?n1u0}R=64oO^wgMslo?SpB$j2`bg1D4C9>}* z^dLO9Fxm>)fAH!4vDrjjS*7Ulhu4q zM30jKpbAsT1kIX)6vM76RET$FnX`Qsu^VU3v$inMpiv55G;{jam!!A`Z>HF`#>Q=* z5ZNLxh+$BBECxru{BF0J<82K=ER%3scnjgJf*H-JnHx5T*4q{~0b+S?A^be&Ov>Ku z+U~L86NMQ1mrsVzyMUVh$0DdCDviVleptKnK^;QN(*|YV2E-(vP=shet3vLA9ako; zVhBt0Yr*z(NZ^Xk8Z2`8T5$LZEm(ewLD-;zat*yV-T-u2t$}*7R)N)u#EE$<4y_t0 z7Ku!IK2F~HcvT)QsJv2NC%2D9I&7Gd7X5`}po56v(|I6FdAM*JzGOAb_Tk%RxT-ny z&;77WC&Q3QYZ`8!>DPi{E;>Iorz2TCdjNcsC*E} zh~+Qt!l=1xFmTwBbV#n8Z0lD z9YHq!+(zEgY=e2E;-Z$h?Js99U%osG-FzimH$(B>hNT_5X-cv}dcFD6&W6_wHRlCW zTx^Z?dFwa8Uf|xTnjC#*f##+s3W78ZSHdpx(-3&MO@jHQ1L? zY8=(1vB7dl4Vn~8Erebxtjir5k7o0Q!aq*)RU!;dz$L;zVraIg_d>IuctIHTxU^V+d7yf=v@ZvAxR}>ve_AY!h6}WLpXQ4mAm`H$ zow{sKKNvuHp5_&S<#?LCuloE>iz#dNmm#y$$GU21&}MWF-aVRJ&fqiCp6LTqQH&Xu z!^ZE+tsMM4Oj(r%HN&H6KIoy+`zNW$lxEl7uRiU#U-1I82Y3Op#)%i84!{c#UVvy!6Az|k;nnHFu>c%)e;y3lWvau+gVMH|R%BJ7CMU9^GMvB{Bw7oU4FRQf-WJ`y_8 zZGy>JVX6ul;)@}nrN&s|<1Ef-j0g6o{{tg_0e5}<1-mzu{V@sXBSaq|`Uv+(*i>HpJM&Je zrNhbza^)m{cHV|cp`dq){t|r6Gg7$VbS#=s754>y zaER&*QEdT>@vQ-i@pYrZVtoC>VKKh_XHK!Q7Z&658}N$7_{PHgY_}{HTekUS+Cb`Bj-#&r#0kmPNPhGjPjpxIaEH^^KN%Z&mttNSsdH zUKumcqx+<79=*4??|61olY|@dpg$MzCi-*HpW6cZbGuQYKevB4^yltBbBfL(^yi{K zw*%0hYru^DT=eJej*tG_?Pt-S3&4f`T=eJq^ydmXWm2`)Y{l#;WW+_%+#L2(81Ia3=iU#)+z4ZzrK^0yz}vGKPfPZ3{QrMINd z>Z?X8Z0-ap_OJ7fZnn`UCC_tKOh49gXhFQ3SKW2tT}N85E(?e2>7}dE?KY+&VoLk_)eITbPXs}_ zQSc&^>v|JMS79S7TxRP9q-I46-i&S9Di$q-G5MJ5T7<-Is&vr;(1K%W)v&N>I85GT zu^HD$ZK#jY0=!Cw6?MRswwkME-3$*bMF~m~lp-ETL@BZd&q9iXD`)LDmTsVJr@i5O zx~5^^Dh94Tqrla^x;0({S9`sydY77p**t{0?%C`7;~6(Jb;{H~_+5A4g_|(scdZfG z#ki!c5rvVh7};uixtGsZEb_jVDv=r>MPE2-q)k;c@h_&Zhftj)l7tm0pO-mRy69UI zc|kiPh1G_Rx*JVN#ZvlfKA!fn3o$1w?Ia(yK{S5vZpKhCSey_bG|VsE#z0p~bcXA^ zG0MyD?7-1nkgsE$Ab5N9*(o%uinw%jm}9j-PjaI>ONUjua4oDK5*w zcXC{omb~61m;HeKPk+KR86K_a@3Tf7Rs3#2c~hx0qi$+BZ^UeC}(+jSsmy z|Oi7%dRJ!W!f^^=G%IOwnSRT0*)@xmJ4&WlgP5Qe>${#&93R$Grezg zX-G?|>czVuN>Ne7LC_9&9G0f#R@wb@Z{g$Z;P2dfuEQO_d`o$uXrX+xyuWIP+E!?m z!>_mex^D4+4ZR#T;?MR1VLWJ<^JOZsSBlQdoG2<^O_}-^zmxT^^8As^^MN=nE-o&9 zd-JCG_u}GW``fB*g0UoU@s{rlyMi_72MT>kbVx$rbcEmTqw@#11I zuHDHU2?SODYA!l&{~eqRK4oezA^iQ#SJ=h0e!0yO-gy1*-`;(>`cLx!eHrCnKY#xC z9s2seRzaE@BmCp*-*3Oa`~KtBILK;s&r?CkDyUp4GA}n()am9mJtK;)&!D}J(5;RB zgWv6Hp!GM5_8#42Lbn0%F5#-v{R9G?UA;TcTzi6QPSQ2><(zvM*^qxe90MqwJTV%W zOTiZ`qn%!gp<&GRct}8DamqH&|8}F zA{!D%-)9-VBk4V#Og^!WJRc9kFT+gx(jNzoJ|{&*a$PDX5JB&bA%f&N&6(V@`FS8; z4k6s+n}lYc8oY)u7pO7s)WQP=^gqEePW|JB5)t#_wGR9rLaUJ1(NB+A=Jkfye0~F|H4cdZNDY(N zyIhQix(Qxny!aqUN^huOJkux^jx_WgcDqCzVEz+UkevP1ku|po0O5Ub#?}k%X?shf z<1+TN_ing9l!-}lLydt`ltyz>kSWdnU^LfnNC1Pv1J~fek0C2#Oqxl5?@f&ulZrnt z1JMA8HXJw39gqKP#|hx;iV}rl;C+DOw_>0fW*EBEy)CkfDefu5WIU@Qf}qT z0PIM=(nr#K@`)Aq<6$&>Tc5~`Uvk&ivk4#@0n{ArI6KpYfJ_=EsMg8|MhQJS3ZBt- z0K`_vZ3t+etxrrrv+Js6fZKFNv#KenJ1zLr&+mWIw1OQfR*51uly1^npYYH(T(Bfo z^%c9oViATC+5(_9V;4B2>TH8$;?6ce>pFJ9VJU~zgzN$*&S+uqlm|}Q+oHqru)5v^ z-Ey~K0L^aHHj=|^XxRr88W2FCVFf5OjzDNQ(D^{wbk-SEp+jNPga;56G$&Wke^<<_ znrcn1t)Q*-`&IDBcPilf*K)I?dfN|pQsGH8CIzQ|QlWZl1{4~WfI{Q6g@yy2P88bF zWw_ix zu){csW)|)Tb2993PJAtaheh!EFo$VI!V5hvPJ*MN4_i1lN%t9m4~1+=T$0@_s% zKmpoSHGp>2fG?q4bsHDjRS#uX1wBS8#pk>#b{d9!=l9fSaSc;7my{QZuwr;=J&UqF zVhY%E;H~NSy@3qqRKf+qODUhv38aS3sV@XA79JPDI+YMqM`-!1d*HlQ(ssJIW9YqDOe8uYVkas%Rbs^Zj?&)G+AreNrwb<^iajlLn zJ8B?>c00*>7nOoe*w47`)a{vt-1*$OGY)~x=45)%dfE*EH&veB@SLRpEh!u+Ih)Y* zG41X+Ifw|m-B@y|ZWR&0AQuNFx0ep|XMZ_rFC@87#a%Q;uT`K@yaqfWb|8NC4XYGeJe;!yEvS??g5Mq5zzx@%M^WRgb!E&RN$gpB zLRel2`h6y-obepE+_u@fR$BKc++`<6$I7j7)UK^L-&LzVo;V~YE&6C8>_*E(v(uKx z+a`7@#&~quYQ>Qz?XiL>M)GT#lSe?4;$1xOgQ28?@hm6`S*0nJGVlp!d2e{uXIz|{ z*EUdy%_*-`K-RS&=+N!=>o4jviPRyyv`tyKv0yFx5;XOO`gjvp;9^Zv*jdMylUWL` zc*?;+hhtC`N8q5KBx7h$=mazuZUkGfoKER`nUb79iw6%_R(LXHN=kCaa%NG?Ym76AWO$>u*1|IZjo40b z)wZ6uh>KrtWgvTwu!Bp%)6cvr!l{&&-%n7IeJ%3GZ=9Z4cdsOL zoCF5D;VB|iRiZC+56~C7feU@1S~wj$G5SKc0DYl82}NHh`a;nc8UzdaLXUm(9bqNSFsM?pZOtW`MN`b=(410*oFq`>c>xO}_!%w80pm z0<~#)O2qOHGk?NU z+z_C(&kAY25LpUG!-Q#3kF{)b`-v6z+J(2oZBi&`IiqtbNPdNlZhejpR|>Gv?Gmuj z?KWVeTWoYYn8sv?Tk&`tpr_vD4jbL-z?p5Z(X9?fXCG{I8Kx83zdY}*+-44Q!jc!+fjc!4JJ-s|*wGWARQdP01 z*AqB?W$fu?1n2#eU{5bwoY>RrFf?LMuNB}4u>7xckKw_re}*nkt2;>g7b zD#ZXmr5FsT6nD`Wy;gxr@fz@i*n#-jH>^@@@h~>J?FFpGw1Eq2F=^p+>QrDYrY*o) zOg;(4T1;4r32QM0!Gg7zj(zhUb1f!pbc>B{gUvd=oJ?$V+XvX_wja=-uz?E=3R*ZF zWeW`oTYv@ypM;`80SyXhP(Xu%FOrf|+PueXP{2mFp>~}mS74*tV7_;3bc>B{O>mMo zdTex?gtvoWqg(Ui*yz^wR)CFevC*v=9K8BaJK2!WhoKR>eXRgbh#iQZ zeXSY8y3`N0zy$*;#RiogD#c(xrMQd6=(P$|ir0WA#16#IzG0POi-)lV zZZBY!rVU(JrAZ5?Q^5kOG;IM^Y4S-ZR%ya2O<1KV2o|i;bnKh=n5#5l3tVi08*J9` zt_#_k!3TRM3g8~{9e36u#(&jy8g95g| z4YlhmxdL0@2J^jR3tVi0Yl4%!(PInTB)lC2Ti}`>#}>G@w*qW|i!E@?;2=h^1unM0 zjc1!+3tYdHVhddKg>C`*LN{=sFH{SsV<$#m=oX+a)F+|n3q@Zj`a*+XL0{;xZ{B0} zg&t80TjMhc^skI*mKrQ7WSOQp0g05u;*+SJlCGH1<$C-&~1s(Fw+|2 zEzN1F^i62&CL(nl+GKknOU9n%W0)xTrj-`Yl+cx zWm=)U%88WY?yIMCwhu&&*g(3zbv7LP9prsJCD|!x<1`zatwmMTcm4ygm`rCht8%kz z)H7Om@F^HEl))#kpe8G}hFf2j*so@!fLa3_C;@CQcz9Q!m9Posav%Ys+=D~60xf}E zpq3R8HWy)VSeEtW!Rq1w4Z;db1vKO;EEUiItB_QHuW_;}%bd<>p-A3H6eG_8?Kw6^ zZHFytzD3GMnX25^bnJ{%a4SprP-P33cW7d4>cWIz3A?DlU^3e+Mlh_^sT}hTi??|*nZ_*oOb(iru(fdUG zPI<$P_(71A-asQ8Jexuk5rx#!gwK_?TM`p-_Z*s!2B$>Gq~3q=fu)zCDoKRh@l z!HF1{rUz6;PRTB%c*%1JR2F*4duk1)*dZ5zDRvP@l0_XyE z(jcs`mNXUAXjEN8c#dgIuJI6L!7(W?ZRA%T=rs|Z3L2Yu zblco88J3K*xf_bU(Md$vg?72%k!JD1YvjZvFj@K^IfolQff#GwuOn2Q&m7bT`hKwh@) znd7q_q>>$4q6)T%MJJ3+%PM$AZ>qbT$=NNcL}65-$Si*=9qpY`g56by6t^{?kJ#ej zj6W0)L}c%70H%4=C%ruCrcX{7%`>pnYr$DBa;?%wO7n+(~08Cx)E7j$?yVpq&?4AeS^irDV8 z7WB}0sUAZVaCZnK`@*5`y=e981#Z)O1?@iQj1E9j65R4?CAD~Z zfA9c|j3^@Gia}hG^y9}7di1AF%C=-u(LzNK%^ueo5ID1<%wl5Wkn-DxBboX}OMYlE z!$gx#9NHme@pVcrSzHt?7~I+(lg!I2si-)3@HH*6lAAK+ooPv2#NG3Vb++J@8JEBs z>_J&2rZ1zSIiM}RBa?@Zu}Np7d{?R2HIpe{P^cugy(z8G+_ohs!XSxDPiq@DDQ@9@ z8iA;PM{+bSx&LEPA9{w0RAW*FHZEK1)m$h7E$i_7ER|@g2|!XZLXceRqqu3fJC03k zF#*^Y2v@bEIJmwalM)wN0*Gk*3KlF{K3T$A@61(B7{I3w97uo=zwQub-lT8Ya&!guIOzj3tQNB6)NTqerqj6mE2U z$(_a)ER#IfFeoUr1?NE47Hk8<*WitI+hFlE*oKX-;m`~36vW?xhd^SRa-mD4M-xnL zmwM`zTANOxo9|h&fmO2B8c=@sf=g1>8a&97VdN)+Qm)qEVIs-!6Db*zkhO+bCNn_N zCwM*|PB9vi^tFa4WW%78ur!-$;y7~DlZ5^(nPuNF?_|43L>F0zRRDHy zc+cqkcg61>)uA1hQ%K8nCpwbY{FQ=EnN;y4LnvAheVfxUsfnk)^UAXv2Q?NuTHGDl zqa0WG0h^O)G{oG~$NI@w$iXfOCMY?NBw`hVp97GTj1c@B&zWXHxJ*e-KYqoNWCNx| z(FYQZ=2i->Xj)$cuZ_La$D|9zly{Pn5yX^~`TL@#3)oc6`ok$M$dty^?r%xbO+;tB ze3XhtQx31a0>u-=Z*zbF{YTF(wl=2n%-HTDaki<(Tm(2agJ^UuHsb3@X(L+OW0M~` zEita!0jj;;NlHdgdt*~^HYt*2G(`_AR&^oE85I;W;r8I^zLB%^F_x6I9kSxv3Gl$? zXf^@xK`^~$UB`e?`)8%{WhlYBiK5~URxmm1HUk(b*6FgnM99Y?ZHl}s_7$|g0Xqki zil}N!F!YIwl+Qb=ylbb|%PRHKvCf*iJr^jw49kgB-vudTGv;^Jw;uuAW8m%@(~mME ziiX58r&9L1;D!$`D3N_>9K%Q7=O~|}tKP$D=-8SK4`A|rNkbQOKT5!DyUaMh|F|bz z+{XGBzq{@HLTnpTQtR~{tDc zVQyr3R8em|NM&qo0PKBRbK5%7V4nReSo5^|V8=PhoNT4)tKE#9lP@#5xZ>n|4_o^H zlaPclMQ{L6j%REC`xZ&bx{*Kw1Sm-Een~|p(G9TCX!LcGQ>xBWk-fZ{5uq*~$vl7I z87?m`FMogYrup~s@^bgz%fG&T{o>W@w{PFRe)IPAtKVN-zIuK6`(Ixqm%a(5%N)*ZY^dcon<@AE_mnjvBO&HDIC4v;`jEc_3W-QBS z@h2s#i|N@eaf>ZdE-%jx{plN6 z?|((-Wlj{8FH@08pMpTU|9^XR`P*;1`~S_`zh2`09|JbG3@I7?rD#$APhQ;r4_R~f z;?*5hkUz}cgclRL{;)4W3tT2#>H0QAWViF!e}yIvFPfviei5m78wR@Inh_j#wen{~bKB z768**(pSr|gJ52eywZHfaH!kI_}xEgs{F7K5rRB+K4ZXT#L_>0@5mD_QhNJXq#tRq zWZ>OZZr`oX&1s{NuVF^>xj#`_Yr9=v7&z^oFWF46YuNU!JI-@TioL%t_5QCtqG}jT zf|lI>sEXXvZx00(a>hF4gMP+}%_*(z_% zzR^3`zwOiw9cO1uj7EL$ndhb~m86n%PbuhUq#ccM4LwJn{=iFlp=i-56hJc9AmV9} z@{ASJP~-ROIYYUK6>MPQYn5zglcX(w;g*5v>4i@n3G>W z3$h@r9V77gPm>uU=z1`f+OY@SBhvN``?0w#j-U*0;=83eO%?AHfmV27%JICuihcN1 z3M!>u8&4n_IUI2d_jGUfbb*zon%F4H$`ShpHY5X%x~Zq*w4PgfyypC`J5{h*D$^o`n=K1ptGI zF-)o}Bp5t4!250t5^lkpfP#b#w-82B=mUvEV%A%wLt{1s8;3*>2|sQDD4=cJhme5e z7Q#EhAR)?Q(EO>tlNv~N7dfa=YW^ebczuHGE0pXm~S9_~vy(}rF!=MZw;7twqR z4;#jNY)R+O%cR;f^J=WqhP`+caw63aK?>Q7`GbWMJvFAEWkwVYiDj8K9cp+%iR?QH zJqXV|F7P>e^XDLA`xYI`%==wpb)3AFq~A5mVObgVm+_uf(z|SP^6M*o*hSZ`73$;u zpzrl(we*ir(1-l-N>HNu^255`;&-*0Kr@$Y)BgMz$Ke*U`BIl=7!Co^|pmgfLPvJ2tUs`ld?Cv zwtH;&L?MR$<&)v_E}*9Wu?Q-ON+U6XAJ*=CP>0a+v_aXo0WrxZ6d@YWs*t;2$CXK| z7{U_$TChDG61d{C28&$27974p3zpwv5H_fwTtn}THvnB$YoMO2RbaIuabg~eL#u|0 zMIzIlkCV4PUX_OnDzDVH$?ap24jZPVMSmd~=pbVFbRGy(9xmL5FIf$@*d(sQ=n+@*h4XX4Vo2{LO9Djx(g zV)=`^FlufdQ2`B9Cli_pGd{spro)AL0?kYCsXW`*QINSP1nQAB#<9u{0}VeXBU3Qk zdvx?b^NfvQ25geCyH8t~VV+AdB?}Wv*g99%1{Ir64>m>s%qPcw_?Y58-9ydvh7kS5 zL2LZbzp62K=wIwLa_C<(7&de-_pZIhjL|<{H6&`LgOr`0o;vp|UXi?A8Z76_ zjvyOYz*^spSC->Y{B*s$ZQN?B@v?Id>a9HHywYJ&gMAsL z#!*cg8!VU9ph>~hLg=-^y4<1hXf|Ic{NprVCBonYTq67eG(<4KF}@fEOTZoOl810K5R<1;~~N zya3?^$S0k60dk!(UVsiTGrR!p!}GoXb^Z*mdqP^jum9^47F5wn;a>4@ueq2rT-J@BcUVR zCYYQRrmB!3z8Df(YK$d5&f<*5cwm3}KQQ7KaM#yguzO>AW0Py0@u>aNUmATpxo@<_ zH^7+BD#G+hzRgKlvSQjFXKEW%`Q!%s(vI9bupL^thkWz^%ViE`M?;-nM(LBurj|KQ z2Xk*zoZ$zLzU|HM@pbk_?TO;Y`U;*v_X*-#B5K;tz?#k&=A&5;0KG8d($jXu{Ssh& z+%KEIAOC(iehp#SZmv1_{pX)-RTyq2*J54$blzNY&pJMqanx1;*&KBFi`|$bXQZS= z(J2>C+0j=)oEVo5zT5#HHl9>T(_T$0VSS5PgK`BitilQ+e_4%sZ); z4l5_fm6QD0c^fK)g5D|mOYk+5vy4O^QgBVNZ-LhDW&oV*FVr?BU zm<7-puo&M4U@^Wy7FaCC=X5W*IVV#21k zG!=Bu_USfiNh)a*iY}Jb5#QJRWZ!*upzo>SVjI)fisAhmzXPUcuI^g({{Fh&3EL2B z&-QKdJ1GPlrbjw;;XLnNWvXHMRhd@LQO@X=MYrrTaLaDEKRz<`otAuWRr+^GoKD?d z88gtM`=o6iy|=jUcy?2hgd6jqKNs*O`g75r+XDJ?yHTM(w|_YF=k7mqiq0YQ=b}Hi z1JIvqz>NM}^ylu5kN({4XVISvz=i%?^ym8Y=L$MyQnl7>#qVk1&%rAj2iaFL-*Q7X zKb}ARI@A~WeS`iVHT}&aJI=}dNk;3fRBEqgr;Dv@pofqCDw){V1RM*)Jn=!GnH~RT zoH8Y7$$jj-lBO5+SQ~rp`|7`-xPtkdsg0Mf)<4(=VC**e+Yj&9_}h`Eh%c?uTheFs zRihO)cY+lA*LlbCv!wl`ooD%ixL)>cW> zEYf^8+vt;$=Q%5;pK3X@AYRU^?z-@nx@ZAt!LhVzSlBciCU3IX zjBBJe)W>K6UM0hdI^arM%~i8*h6k3S1f>W{5f3Dy6xoAkAw|NKv-TTHH_*1z-tawL z(=c!q16Q9>;A&sp8n1z?z1~&5OHIRU9ztFB>~;R}j2oIdW$N$zt~>C;O&IdK)`;w4 zT+-Hv!pK&PY&E^y%jYW=`A|!hNDYvpFB~<}rYf5F7gN|ns7?||!itp7%bY4*^sR}! zpq-JzYC}ieji#hxDg8AcPkY&gm=l(El26(o8ozfpW2hJ`P6!Yh=9g|`psOW1!*$*m z<>hyF;Ak$$*D+2IygmBt6q?oXa1$}Fg=rOz=Q4wNE^EL%mu^&;=h8nM=DF-YbBaOp znCF6dE*${oAIx(Z9X;l`V4jPH3e0nf>+mr-V=>QVbYpSH&pSUIVQ76v3W&cHm*wC) zIW9{}UT>1ie!%{6oHh(&W2B8A9HQ2H6J?seYI0=ajac_v%oJ1H_g_ch|ihuj_V zNE#?Qw4w4BqCXX+Q1D>%lN4FYyb(d`^+`QRtc*@bm8;vWaP|#RbKU;^yyF3#_#%1E zA85Ay)}{!1-#&2O^@OubTV~sQU$4-XNb6X@(Iwh)VXk%(S+@31hjy>oH9dQ#_l+(M zX-QSRcsE2TDvCG=+To7F(zM(vyPxhIe7qg}oqNx9xZ{^^DK8W)l#iD8SM5;S3e9r( z^_E}PEgrC;m%~Q<*EEFE6+Mee?V4-!FfA@#^*4w{Ks+dHed+?=LQ2{r={+-(Dn_p5~~9N-82=Tn@&y zJGmo)pz2@EMHlVAgOkChOzkCvf4KPuyO`E5w^_m)umA1)`>$93X&#_2qx{>KFQ0xu zU;pPSNONO^zkmDN?T`0Ae%=}fS*`9xDkxb6l}knD<)(@{-Mpq}MA7vbwD%FZwb8%x zyIl>m{)W-sqnk|VHUQowTy?siK%ld$cjuXFPf*QCx`w`-a}OgM^3R830Hu>BMgwyx z_=07$(@QZl?0Y{U+sCNg$=Sn4mYw|=hK}27rmp4E&Spyt+km8sE$B5RSvsz2}q3XV#JD<6-z^m}y`7~1Xu<`^EVauk z^%#!=pI`4fY5%;s6Lw9;xXU+g1YH2xzN9F)BE2&D=`qW^-VmG5Zy>eCAu#}{VG?_n zi}6r5!HbL+9|cM24Hb-M8pXnqhQ7mYmxu$*f5HlqvwwGF&20iecpsdx^+J2v-qPr} zj6LnW8}1KfVv^iYW8f5}(VP@yO0z#0&Gj1+z@YHJHF)r2$jTU#X3{@;QzOQt;?Gxs zXaK}=t+)UXNEmJzTFv^v9HDwkEsTL5_`$qNZBsC==Q=5n09?N)`9nd)cRHbh7CmV; zD>y+BcbD_@{#(5S*Gmm35H+yy(v%lU@H`JDYG7nQV&8+7WCBFMhr|yE-aRcTxAJ8G zcBEhFBWXVQ%!>Q*FdDwCPh`d~x$EoM1dxpYYL0fCo#{eACXEwRYh?tZgdQCQ&**yq zVk_h}1hmiAC#Im;byYLKZ91b_)s)no7X0bw55H(y!44IxL=hWGH|ecUc<380SQ4xH zid|r_2tx^N0Z^N<3mj5)w!t!SXB(h(9lPMLl*4L5c7YRTv@m$e11Ifm(P4R5U2lSJ zx!W*+W;bdZ$ze9M>;no72%ylg0u&lYAT%84e4uPP>kO*Up)hH}1BeQmlPl=ID&|#9 zwIDtP1v74ZFQx!F;@?FT%m@T3}(g3~{#P`xz+3Jps@p>f(m!+}mG3hijK zpbGqG$uqR++S+v2YgX&Yp*7zo`bXcOrw;~f8~1Z;n5Lc#5wAlI-^Bd@PW;IA!IFL0 zVVp!W3-^OL8Fn})zLvnlB6$56E{An8s4-I?*oRVf!(nw>FKh4c-5p zu8MY5U$iD@S4F!j+Evl6nxI`3?Wz{!qFvR96YZ*NK)Y(h`Z3y7Jrddi+Er}%MOhy) z1?)NS)^z;dKn8Rw;R4~Ml+Wh`QbXs|7lIZGkBeZPN(ibWw0zb*aNa`PHJWFHB>f@w z`{#Kj%jI^I@?yfKUr6~6`uLqrMmfq|Z*dMcxC1GB7JK5bl=8Awrw>3av=8*|dzOlD zQ`$0i&bBGk=ZVy02-`G^+BAu~2k7Hn;CmqyO_t-17$q)|8*n&xWyVhZd zT`|KkQ0v6)ZC4mn0rmh@fRNOVq5@dHV)b~)J00x05bR#}bTP0H38URwYNC#+e~XnIdY~ST zMw!m2?e;o?kX@CQw>-Va6Cycf_O)gV%NI&PZxz>epIief#i$f(aiUTjxi~?k7yzgg zg8`M|E*hiPDo`n21D+5&5I_5dRf;Vh&e?(%RLUE{?+$I?hU?9vsPWdiGG>n?_N+Z2 zEUyIpF%wkIcn(}{+w5H{t$P&ivXi4@<<>ZA*Vdfxs#PCP9Fmh3eKZkvqh+GmY0Kkn z6FU`SJi2VP;z*PBSiuw{`8CbSBcMs~E*|*7P*TBo78Hf7(v(UW_=K~(H$3YzF3!zs z8z{u)lvgSs>skJVPqrYzi8u$FxZntDThx```rv8E~PtmDhcECp9Q z<=~*hF{p|oa8OW^F*GQ20vZ%HaG^m#3#X%Op+R8_(4gRxP&6o@K>-a4Xi)G)QgTY0 z_m~X|s~mMuvj7`5%GsPjOa;ln`h4SDL>;hLa)qG(s;I;j3*dW~G_3?vk5{}<^cO&Y z1idViJm(KLf-P81r}TqNNlu`}g9j`tJee{jCAnicvnb{@#+gJiywO{0;hBI&Y$v#C zThCj>#V@xqkUdA(!KL8o7hV@8>?9}-TS-+*q~V2n_K z+B7_+VgWEN0fl)u707C2D8q4>8woghyK@XKki$ncSXjqG6JwJ?8iFMxB_f@fKjA5E z2+-PRg*0D?EQOr0DODs0J?EzE)da)kOPCRuL zz}90Qg~b~i-RcoxE75HVvC(ZHvXDDHP>79g2jRy?w=2L#w;;ftUY@bqhr~Ons@T)( z2^_yN_VhA>^ZrS&r3h;#3f%w_inlY>k`e375FrZRwz==w6X|*Rw=f47#rR80@h;Mz=gG#v~W6gDzFyQ7GNzV zpM+v9CalGTwU~ln!CFkmzIl(i785qQ#YVTmW*uKnCN{e518j8L4`@)>z=Z|{Eu4V58emyUvm;u+eQW-#a$C#YVR#ILRA5 zHo8s1+d;6=t@&|mbZdJnz(%*&=++DlViX(QVx!x5wh1=6^-C!>x0s2CH5{kZ1^o61?Gzb>-g&zCnJ!W6%5jDCcVoKGOUH$fOQQ_Ek7yIsF z-(BG2hmIV_zPo0!uoNC3T z;cBS^y!WTZZl7+hbd!cj+j^j{RMp$o&tNy7uKf&TI`1sk)9@jmYT@5DJtD^2#D~r5 zJp}Kvf+=i)>veRvpu`rqOTZSm+kh=_u?6m68j~Ro$K!F0o_hZ~Y=Nr-XSTr>xH=e} zeXs>?SYojSZV#Xe(2MnGcH*h40JgsTD2&h80#}a+n~ZK#h%Imfk%ippfkJG7I|x6v zz+C~hzy$$z`|^y{K3LvKRmE;!PvH2KvD=psocB+H-M(ybVz;lu(1_i>R)8nO4#dyC z){J3Y>IYlkf&rCc15Q+mBNr#A6axU2Vlbdm+(l#bS_LY_Yrqp?2jXYnuu8GT!`K41 z7qCjx1}?19q=nO|V1ZSdwg9U%`6LvpG+~t{tkM(&3sz}5_RV|DRhqB`F1El8HtYCu zGO-12A7BgIen5l51}-!xXyJ5}Ei@=>0U8v15{d=|G$^1!0SyYiNJ>s=^B%K70bAgP z+I5y(fh}-@`QEVwF1Elm!Aaieu?21t-VTB-aLtcn3tZb<0k*)!7Pw|`5Tn=v7hB-Q zvrVuCu3t*A1uptRw*Y;i8@SLHs)f_B6QeJ53(yzplTh@9qAwJEp+T^qFZ9?q?=kyA zkEjJM_MF9@v+*^Cj4gmXj!~_)RQlZuoS3LB)&`?Zxl(W?c$O=Z)9Qtj_x7v{EoGm|lam#Av!Q ztx#U&M9OjZ)l)j#N1{e-AYI=&8;<<}@;;xE>=d+dnvKoYqAKb;{{dJ`rZbvVx!E=9 z87(~c6pR?k;1gI-lNDRTtuIULS2I#TtpN^{0JaxAyerU3*aUMqkN{Ec!J%7$mcTAh z%Zdn_i!eAW%lh(Qb#Z_OVTGjv8gdnu3TS{;NGibBI9ZitPUo~xByS{&k>`N+92=vy z!xlB)BITn@Rqks#cE%~Vl_h+rvW3e#G%+@HVM4HkUDRMOne7%M7*=SxM+62wSZw3} zB9N+}$0QXCmeTiWYRYTyt-f#K9r@}oBZA%tp3?TNBuk=qBwC_3>5a0w%lMq=eWHG+ zyx~UtC`d|gppgxpO(BZsR1l-w^J0SWuhfaOmrWA_l{1Xd2cZ9vqY4 zL<~&R11ck@WS3IBC<%_i)kU@$iFK=ubI3* zFfXPgov~v2g=f()WX9w@JfC$OdVYTY6bm_VNsoI5%{Cpc>_}jGpwh`!8vMZm=mK`q zAgr*KG!@inR9!=Oj%iG;@epLeF)1x)6aUsKOLGM;nBvf+TdPZL1=envOHF$4l`Kj;hK?RT_y-jo*; zHvK{XW%q*a!i-Kxm8%i%yl^v#g>v+~-92;gSMx%hO+%%`p$++%ix;04C8kI~UbgO; zVN{~XEPpE6-T*y7=g zKNJr{WbbbPrg_vSy*%osPfi%kGqBWa!C5bItq zxz?Izf|~vgd6sLwYV`BRG3>pkHotadj0aMi4B37eTQF%Cba*&oSIlq>)H;ZY*zUC! z^w4>!9zzszv2^6oj8&l%YFDFT58X9vHOd=kr@08zGa^Uw=0Cg+t$a(dyR=+@|*m+I`R&9e|`HxaHMKYVq{` z-~kvJQAEZSgSaH==g%Yb=uexJZONpfg^D1WJ+3n#aArlB#l*%T<+lw-GWDI7{Lo^C zi6)&mv_s0`>y%uwxF}jMxV1ednU_~mQE~9#Yg%L_H)YB@(~`J|yXO(>Y{4rtE`c@J zgR)9YUq(f9KwErACJ!HDlg>!_zEZPmCR4tkP)TlkQ(B?9ZA(yuK@yjq);4ZZ+`|1d z0#W~pj9Glo; z0p%>mMh`$97fy6fDLYGL7CYanV z_0%i1Hl0E@-?L-`t7NS;p#1Iym!zsSc#tK-$WI2PT&=;wM3UhrQZghVYYnkXW`Lwm z@O(a;Vl*V_YYkDzhCwM|Ylvk>IVX&*A)cwYrjxB9mbnZPbjPI+J5k&E;!tB-0^Yc- z0Z(+iafc=pZ`>WQ-O26;zo%BWtnuq_R2ieiapb5c3H?uXgIyF%P;wqg#3}|q2OudKA^16-GtGif z44#S9A0|`iYJKQ<^TiwkDgs@ZA|5vvE4`FY*UT72yko$(db%i#MhD1MzpraCO>pq zVqCWaRC~RXl#HPE#-`$IQY6c0iXK?3>Oz(?Dkx^c?ZMN1BWLMjEGcU{WW~1=;DOE2 zYy#keV0z8Ejsc_g&r0RXP=fapMa3ViU~<-N1~5{r(`9>!kdH;$6nRLbpJhfA z4T)t=rR;UV4If@mBKy)fhL66_Q9egky@%7#u{9eWz~uXqhA!xSlz`iInQ?yqX-~Si zjrC7{ciZ`e+=i<+#D`xrtrX3!JW2?D*Ay1XKGK4=v0G3vx6=GOqv+g-shS;cPf7<% z?fkS@rc@=1SL^>ZpXR*1EVO@EmRZR*$X==-%U{l3ARr(h90dM<00030|6i?MbO43} E0E%7c`v3p{ literal 0 HcmV?d00001 diff --git a/released/assets/fleet-crd/fleet-crd-0.3.400.tgz b/released/assets/fleet-crd/fleet-crd-0.3.400.tgz new file mode 100755 index 0000000000000000000000000000000000000000..c1974f4e29026b9394c8142d799668f2b9d9248e GIT binary patch literal 9990 zcma)i1ydb7ur^-c;O-Q6E$;4C+`SZccXuo9?i4tLye7hr zy5DeUb?}h=dVbo9y4#vE$o-{S5|~`^d}8vhf18Y9DkJWwB|Uf~Shk-mb>hWi1Z|aa z5MBIl{ztLQ^TS|Ng8=2NcPkbPHepHrXtM@F56C?I~z1}XCPLZx|7U9c0Cs5!s za%wz_n%1C*G*JLI;Nh*?^ZE6vX7fDjbGiHT0dM*f2k2ocHG14xApS1s;rlB1tFs-O z$*zo)Y1&rnPv-?c#c!tyDG7}7bgA|`y9(0ray~o7fxR96L<;${QmGX7nuIqQpvX^$ z(L2k{y8NS2!J2Nrc2dg+4(`;*GMSv;aw*&%T-Zsb$f+I_n3%Wp(&|qio7-NB<5_|e z7Ww;k#Qzc}(NFV>?9j`h=t}teOFPU@{(K(!y*GdQ=y%@`f8I2kg?GO{etHR%Dksov z^tf$wEVI9Cb)9zWMmSLb)b>^={6m5jz(G}qu0Ltqn9=vv(nvC z?_jI+tF#@sjiQ&dJG$q1_WS&#m&PLht<}G~CU~2GbyY3!`Ml=BQ|L7Jkw#v;{cG|} z!-Q>*zIzeAEvKBM5MBA;^iRb_H>LE?1Mb$*leMBQBG-?WdQbeqy3qm4B7s{=spk&z zKz-EYskVf_X_D&27DpPTkaPsjJRFVYExJs& z7A{QQ4w*74W+Z3)$HR;L-ZuYG=@#9;<&J79#UMx6zpMN_&sv zQli641UNlzo87ul(|0fDbix?fm$kA-*^0D-HQ`Dzj_w-{B|=g8dXe0%pK9^YMi)2% z!+u#4C=$y-~`BrxaBdgOas*2jROC5s4EMurv}QDr|zSN zvmr~a_c2^xaJcr$jLBOEpYQ*Sn`L;`Ou7d^w}ZW)#gglwU35_M40^vx2QeB;Ln3%N zv3AAdXW%b+%(uaAJR7k|oUt?irQ6P@I1{N}1RrU11#eB^MI32-b6}{)uol;5gV~1E zoF~Twq|CWlj8*z<%*)59i^-M02%iZSXOnhi`dVY0h0)d8|0MDs_onJ)60r+)?>WE@ zRTN_C@LzH#3xm?PPtk}Q96V(9m``Rc;RSOKSkc%2b}wMLGDtKO+l~OMp6oJoWR8VulJx8!=af7K zWZDW7TXu0Pd^%Dd0`IWiCOeo=HaLk)%wG>qy~;Z8|eCpm?Z%}9QK>bn&>^yty+!B*Yh-`Q8DZ^WN&{+54+&;4!h ztSkIb$DNCLv(TBxPoL5@H(kRdyXJC`GZDSq7hZY9Y$BJQ;H;eGo%Tn8xfK1l_q$R* zK*n@S?Kr^W@&Y2akkb!|waIR&mi`$i``4DrPA%*>;{f=U@-ptOICG-c^o2NyE7#e7 zvLP?9GRI!;&%*Cy825~REf`5<;>RxL+^wbeW0Z^@1&WO058A~`>ZX#xip4k90!D_dgQG9cp zD1X`II6i`|BSZ*b#;N*$1BLWpO;Ar*aUUhK^pHWj)<`3VUoD@ z+GexTQGidro34`*Y9T7Y6?7-UoE(!5#SN0f-?>2bQ zGgjfzV!4_xt}n6nY*&?Y?b}2o*F3jLpNQ* zQw@hR9k|7IGfG#&uO~?8={l< zp(vfZdF;N&28%d+_e>9X-1jxO2>5NOUd#F>L&wB5cxdeN!edj4aSVl6Ow#&OBjf+< z5L1rE)!Fdd%W_9LsyUQix%B3{0B*x&|YN9#^R+xH08_&`Hmo5X$drMkD8 z2CZ)RAoM(~XGsM4!GHS0I4QyS>X`l|TcO1eS?>4=2*BOl=WxjDK;}~ii(0Tm>wk5g z27wpX{i`}!P@nAnDKIFzpLBWv;}d5;2I9qLMWy)G}LpstXO_c z;<6V_yl84LAg-#e^inA$lH+@uX}200#>TO@xPYE~q$`8E!)WvtzgM{5dq8!jd47^( zrq7*sx)s+FKJr$?dihrrk_D9U#0H_O4f_Z!I*_v}xriQdv}dqMroak?~WeG2xWVB$MnDqFq=c*a=Q~ z<`1E`_}vOJ!xHA5onfADGT(uow10;?f8M7`5G%$qRe>WjA11t;q=?QimqLoLaNSBiewzuc8^7j5TJ$@5~ zIv$!B48|Q z^R6JTooK6)l1pKCh3OCOaRPr5b}060$^Ixvcvv0{6x4%g3`Q=(Gk?`Vo8Bt|Qdv<9 zl-`#FtDcvHjWS@D>8HJ>f#YX7Gn}}l0os}DWq<88#$P6G9?!o_7U|?>wN0@&6A0#r zUrLa`uKn)-`lVE7Wn{$_1Kbg{lhN`P_CwAbn;6jBmJOfu;V*?VaE_sNTVL;wCptqu z*5VMJ=?K;3BrJRr9};DLzc&Vf$CH$(hUZ_yysLXSF-ugd-Vw-yyNVD^BBvBN@x2Qf zP;QDrei$7;Uh#r^=;2E`(tsx#${)hSzB5y#l!n&K(GjCj)&UFwTW?|1KC>y@6xpo> zkk=VvEdKF7jM%1!UN^%k8Rq5g$21Z8IgNX$G;3Gl_Ix9gup@zi@Or`!bRBSSR;Jdy zMbbO>ajuOEvlrmfD#Dm`o2C7pjmS@~Ev4LdX)t~|8#Ch)x-GU%Rk=T9m8COvg=_z& zeNzaqF$1PuH{;K`=2pwhh2)fxVH8HwAd` zrAV^uHv1emrYno4w~EG~BQ~~Zul|;1DwM}2RD;`ya^i-4ugW<;k=^KwvjY}L(LLGxcct%J=cOEOUtXhfOn(H%w(mPvzmpIgM(4UN(CiWx5 zJO5`A^pVT{K1s$qYw((Az3jzFV13nUzSp0$>U7$cwgAHeapE&N(ABf8xqao(4wbQT zlewZc@ zXKJb{Gel&FYsd6(I2Z4GOhuj?W$-dQh$iY1ioWXk=}Kw?8Slc+vP;f-cR5N(jb&b6 zxsY%d6rY6KewNcGZF!+fYKY6w>6*=dD=N?gY|^_7p$sZLkUA~a#)ITtMzp~){OILL zv0zZcMl&b)_q1CO7ss{zmznDekXq){om^r#d`u}u#N(sfzyDtXSK`Ng5a~f+d?S*kA2Q6 zi=4u;`*T(kNUlOf@x!jT1(a$ z#$^+S^w7<9TZwsOnMDD`oA2cuBV+L+p>3*og2%%-9^SUVBkC9 zc%2QEUQAKLDQYGd?Z>TvA6m;YH-wB-d)}$VF=@aK$Kk)8VQ#Yez6Adjp@k!@yFF{q z!trxG-A2exVlHMR77S26RpUi^`xg}x${EmQp{kat{te8t@{p)iS2sg!a;D9`K3q-n z63wu1B^3QdAc!y~L9W3c`c(vM-!8Gg5wAJkEE9#5D(X-`TezxxFDUAA}Ty zoE~{%-TvfVXp(Cn@YO)_^mZPFUAmx!A-FpzL-m{ZZD_vq>OotF{eSm)x%8K)t&tZE zk1wi&+q*@f_31_uWpx@)%H9u9XG>r-o(^!0Q*Jf2T?C+nk9?R>rNUhDUb zzw4u@Dx=<<8#7mLj1s~@VS1eEId6XOayfX8E$H9ghgDuNyHxqMPG)bozh4P%`n11= zdH8popIsSr`+mUryw|85?+(F!zI{BNZ)AD%HU^rbJGR%hy`Bm3Nql z&9dukyuxmvfdro?s~6P#`psR2DFs^)0d8=+S(jmpXMZO*R+hCNYFc5IW>OIZvg9K2$h*$q~?ts{1D;#F&* zeH5ir>I3!XldxCfk8cIMP7tN-o=tBTWb`L6_+pIy=o7s^rTuEM3hzJS?9em`CiY)o zj^IBq=39`LBHkOM5?1yUhu%w<0NNMjU)8Nq?1J6p0t5HYw+LHJGr)IZS zgJnr|uS?E(--ci|?-{Xq>*S6^8#pd6*Ta3s2VWq#;Nndb5u%JiSGD>DRT!*K2t9qw z3ua8W&jHmiy~J6PxAI!C3ATI^ZKkGT?y7w~oGZ9K-w>!rtA2vckz_lkvvobgsS6}m zSNqo9V~iS#whEDFY=q544zv#X#WT(!R7vRCYeW;KCUXu^nmyaMO@o}(&@3MIi^`=F zZqBjU2yD`Jfg`Km+I;1kDISVYi4pV&TdcnY*Nlhcit`e#YQCsZLhv^fOg0s@89%j& z$}~&)YKFq9gIBfd5k=bVqvcy*q5B%LyULC{J0*0fpGv;F6^tofioe`mLwYD=wgSfL zteG(8(`>?T^ZCZclj`NaDT$)8UGn#FT{iN>2wWVOk054ge%wC&Fx{?*SLm##owFeB zSKv5Tgc;T)wiD~Qqk=a>K$!UT3yUt}ndwMKHbUuEwxd#efdCM>_&l_KtVw@qbEloR z>j}q?Jv5TT+$O7g?AWtrmty+)eg}C?)`qz_r7~#96!M9a@>_BoA+-9iP1xbSuh2M( zcIZ&i_C13rWUwr8;K83r#+0qa!MDTjLfW}%M=ti-9+K7%?W@vC1Y+5PG6Q5`S}Ur6 z!I|nvS2cqMN^=eIcG^|7+3JiuJ#RW<&v?O0W_0l%pD zmIroGf%nzllR8t~76Z7b2&=0MBqB@Rb<)S=V^LY}cD%3rw*3JroarqMqO9Mvdk;9Av> z(!Po?EL1gbYuDbF2Mhd04G~=AihwR`hWj>IJT3$subiwv%jEjNQ@Y)MI?72qB~Rjh-P; zv_VMq4b{jEPnL19krV=Fe-}7<(F)ml#UyzVLe5!-h9C4oX?UOZK}h%0r9}0)yq)(q zXLOsOnXYy`hkwVwJKZwf6S53z5U(w<1hS;#Pn1Ni0?*i(^F6p|nkxBuE~QKp6d zS?YP*Mt*%sl)B2f+lyJ9tXh%rWFBiB#r*sSb4B?K^x z$X&Cu_VL)b*kqkOYCWARZ;kR7_ucrcqT|8{AU*^7q=Gil zRT?M)XK(fw9j0VP!!Uda&gj;B79Us!#?@|s0RjbP^l#yxBee46Ndb0TvYk89TMiCH z`fEZY9Hkw~;LX+0!eO@E27W(trHhbuifzXFk_VUSn1oe`%ceCPpc$9gLb6@Fxzmfc zBTESgoVj4s9H5ZkWmrRDLKK98`d}E@sLgkrgBjSUt-th@_exs-evjPRSxFX9SvBvdCj=O1T9R?wuHYw!kdKdaBm@qoO zF~{ePv5q?Vx>0}v51eHLN0RoTwE5h7>iQCCRFo6&Q+`Al>zk}glZ(b|YQs-Mu^IFB zs;zl$k}~>wBn7NF1*7Z2=lC9|p(+$Ly!i$uoO}HdeB0LbG38E1R{m+I){eR)t2)U0 zEPYL@>l#$0J`;Z*gZ(dZuu-9#9D2zB&nTVzy)W|g!%HRWd&wGYDZuh4oe>|VjJ;Ig z`;#+!jhK`M^ya0>+%FHwjat$@H`Xo_)@)fv8gmK2pp>s(Z2Zgt@Y_RqLuDH0?uov` zF&7*{$qo&vs#*b)Gx7{}TL8c(Uz>}Nm*qvI8O$eN08ZS1`bA_G8xIQbA`JF9cQLmECDmq)u7!c=^}B)g{Oun4+Iq6nU`tdxux&kw&o z6+V=_#%Xv9^>F(1LZiNhvSIC})-NmTT=ePea=>9UWX*D8l6MbCGz&BRY9VA)waS4sv~i8a%F4H+=fw{a36V(rWeE6CBN2hPz34gPR{8@(t%zA3Fbn4=%J z{ghl=nu?k=tr*DPY3*RFSkpff&flr-&pCiJ(EXpEy9g6oI|E=aA`$<8JbXx^xzoQf zjl&N%dfGjBV|#4Nz-1H8CQ_ z_7x0&;{g&6gTp>wSQt=BW}Po=1enR&PE`6ow=!3{7FTwZ342UKg#TLqLV5i<=2x9| zMToy)T&RPdRU{D?W1D#Giel|-Dc{{-SZRXD&$Zc5;>tSQCs~x2Pcx8*tx7gL*SaQwyTkO;$Z@DCveX8WH zT2kG%Q>Dt)qDA`@?CQPTrg>T;wN1Le#fE=|v*Og`>^HD-`sy9QwC#$1dH$M&*lNds zlb>{mcOY!?lz(9J7qkipV)^XYULu0QKGmPWz8PF++ZeFk%SI_m5Iekw$N%rc4FsX_ zZE6ihXZzIf{vwFMz8@`$!QKl@++Y8%q!XH=9u)B3fuxc55LSz)7|7H)Q^Yy|Km6;I zA)+3@Y6-eF0jy&h0(4Ofo0+CHFMjO747XXFPSpUB8@%gKP{32O zon}60*T_0x4WLG%SK21+c2VwF$Xn}216PdaWg(g(G=d8;s@0VS!13@jO{C75I5 zSyJ4Wt)6nfU&R)}5sR#<>Q`z7g*T5>cC!OH6zXf68_OcKj|6+L693DJZCztLB>>0* z&}5;u*KqV@qn0}TRZOzysXvs3s=$$wz+$oaI_PF(Ku}KH@nEQzz4{V{{^ZFiB|V1gChdrrJ*%r64kU0ofQD$x1ohNj|4M0CMFB6Tm@zf z$^s**2VEs5zq0~$wEDtmby_+^(M?paDF;%3QFsVL^&7@e{j3a+;XOUrQ8sS|P`a4+ zX+_4p$}f!a@*ap?gOBnZWR*xiNRN}ZX>435w9q=qX3;vOZIc$|hmORq(EsrsAad^h zclUvgvA(v3|H)Sxi1VDIVFHycXMQTkJGA9VA_`%y8{9cZ1)0h%#zU%H0cpA!WIq6tB}0 zU(a+rkCtQW+AKe~{(_u13kPdN&<6K|*{O3DLbgIBW869ud7nwBlxy#=xE1YcFtNj? za5JUSK4$~s2R^n_#i(JB2kWM+o8b-X5DhHd=8qm7=u4o($Udu~e5Us=0v?TJ=5Xms z3_P$VLnqQYLXPTVMW<_sb4^I77%v^h^Hxgsk_qADkdt^<9E0NM{pk&d5&KxJz9_;N ziADC{EtZ&3cA`LfS2>ySm4WWYu{qsdKnWMy$&yTYjP5}|MZ~r03AByi$c~XqoNEQjYJT6K%aXXGK6)1%VYA7+nPP?pkbo4en|!!yM*Qs z!Of1R)gU|Wu>TPeVt?PT!S8gfaVL^3FIqg1kNBJxg`JB{Q6eRz-*lP2S5H)wK$uYo z-xMxR87)6X>n>4Kk(o8R!X7DRBvvp&??;Dwk*yrKp&E+O%$^qq+TDrX!gLcey{ZN) z@kpZTJnDBw* zkz&Xn*cXA z1ns-K6NWg%#L<)Y+!&vo8BZqdch7*edwt<{WS&CE_#~+24s8d9oJ}G=Ffy{pkrrc= zRPy&1mtdlIi^MvHbkznWRI&PDmv2y0f2r%!njEA)Z0gCmYxLd1A8bq8nQu1Jf$Qik-Y}SifLS8MP3O+DL7hBff zbE977eyA4VCDH;NRb(iB_yB*?rReds@1peaSdRh`}+jgtMNt# zjlZ(MIplNuhY!^l){2iy%4(ivw@$!8J}vaa$FL)^M6my%Ham!>)6cu8%Y8V9ot$ml zcO4cd*qm+YqDt9030A&-p@A;xdkX&Z=B(D_Rkr+;0x3KR0N|zCX z0!4J}kxXrRIhef>H_e+7u?&K2Ku>r`o!1J&Zw&6RCCPi+Fr;+wH}$^~2S`T_%z`O;6rIFdB9aA_w!rzYms;T<0-p@LMS7O)Gq z+uYjY|4~SVt%I-PVP^gKhigsMgb{)uQ<$v{3;)KYsKKb}qHz>CI|V1z)!(@0zmW$v zL1J0*k*2uvvyf40dLxb!(1UU<{O${!jwu2I33W}P>fTh~L?D7m5->61RVSohck^ zclGSlDc0v%(sF8+44AtEW=Z{1i5KB8`7rf4LIrvuw6_o4S5AZ%kkn3;Cv`Hm?ELqT zZ-6&^J^SdEG(D?!b-?CqJsI%L`qoE56x&%)rstw%f~)(zV_0u}=!+}Wb@L@@-Z_Q5 z*~uwME?6m+MC!H6=p$XB(w^aP1&kf4C;0uw$i`<;bK1R-J^?B73Nob7sEzI(y!cI) rdTi1HE{Icpsn;RarIL=^rq=(4{gQ71pYUH_-ag~I`?SH5Ai@3z_N!<8 literal 0 HcmV?d00001 diff --git a/released/assets/fleet-crd/fleet-crd-0.3.500.tgz b/released/assets/fleet-crd/fleet-crd-0.3.500.tgz new file mode 100755 index 0000000000000000000000000000000000000000..f9a4dec9b9b05f4768c58f451b295f99b0b34797 GIT binary patch literal 10050 zcma)iWl&vBur2NcKX`C==im@LSa5ge;O-8=U4jL7cXvW?cXtWy9PIMl`|JICQ#I97 zvv*DP^mMQ4Sv@3C2-pz+wGTQ71|w-@RugG?ZaGgNmobMrtEmc?m9`3yTTxw|TV4ZX zZDeQasrtiSP}&S+3vuTA-FcmNHg^h)6Ae87$~b1H_!vgfy?p;S?z)i#Y3u?BI)fzt zp=Mc!@C72ZaC7;iTeM#Go;(l+p;oDAJZgXn^A|**c(-$+N_kERxwj*bLM&T2-t&E& zL-(`2g2Ar0mqSBC7d^QCALnTnECvRh-5$@U3u94RIeMM12fJw+Q;Eo1Augg+I2cpR zaC@uS>j@BaNYy`$JLByq6Dg@8_kFx_FpHeLCZD2`k%p+F&FwKoBV8mVj!ZaG%^E$D zUgaYq->YsDg2u}jWn{M~&#RNrlxIAT8g#p5oYYkxv;A>6OT=f7?tfPFDJNtnB)*A; zns$05G3sY0)cd?%4n4CR`3sMg%E2`<4v*rH>Qsad+Mm6!jn#NN>N z9Va^t_(Qc@T7ue_9qRnq|NeA=rKf8Z_)+8UeeW*tVbXh;Kt@&Y7zw!l*nd9%h`+zk z@9fNr>=fuQlXxh8OwO7pBgg+yXik1U*;5wDSaQ=Th!Ge5D3{7v^_yI4u~YVjp$|!7 zh-#|Bb1W=}=A-@n;Xbl-C39bwKA+w*hfV8ne@9m-QBe0VMOF201Eto^i&XF>F_ZH< zYe{J0RL_zkw_<5{Vz*2oW@Y*V%I}-}BB}SwkLRuTCC|4%{%=cL8D#GdTOU);S+X+4 zF3?-9xB5$0Dt#4Bo_9Rdo88OfEHbMHAS*jR+FRN9SI3o%ElP%BHHE>`r3T6bx*A7c zz3bV^_o{Y`F_wCwuI#zY{g3yaPd(zZ%uu83KmLB#?(72J4YMqrL{G}Rm?S0#rE%35 z#LPrDys9%CdliR8D@dnQNR>B#WKc?^9PLw=*e8O$mY??~Pi><|sj(^&z<(>q4sH_> zyd+fl{(-#{StX9L{io5^`~Lt>J^Mvo2)vd|Q2k}~b*~TS@01I(<8eeu6B$dSLP*gB zr#LN4LexN$*U}z*aS{lo_mX;J&Krj7c!zJ@V#OaFLxAtOYn6F5<{R*Rour;c&#^m7 zEpgYG!dB&CB%;vF6shmm-cmUZ3A6vg$={@-4&XNR4jwi#PUH!xOi?*9rrz|hn*z4( zLj&h7o)afvI>KzX+IIv>3YTAAverM6WQK;meRSx3R~}H72d@qshD}IKC%%xVCFp?9 zt8>LBHEHZ;YEq4zM;Tn@ZLF%3+)p$rfg9PEkR=Pw=Btjvwd>k95LuSc(D)A8Nv1O_ zb12W#T~V%U$GB%K{D{i#Ssc`o1>KMN?n(aNm1Wv#5bu8n5K|eV3ch^zA1mopYCPT# z5o)GlQqHL}CIGEHBDsGXUd(dob>9@W2s-kdXiO%JRCs*qyq%;;+0_s)m8|Hx;8n>T znr0sQRG;y0P_0{Z@1C%NIYRhFpQ`on*Fu8gs;XTR6C6BI=;c9odFKrJ%@L@otA5TP z&nms19v0XX<(eQ$bS{|K)=-^QI;!)a6px%`OZbrjsA8R)I@*&ob2rF4Dk7O?%2m%F zE`ZQ;8dTY2Dpc09iIFEcJ4-vwBl!kem!t3>u2oCDwbcRPsg)IqCUyD9lXM9(ZV>Dv zdLq;(3efB_{&KU7E;h<2jb%*nv*aK*lOe=_Ot2huq6#u?H6hbJ>Ev`3n*8h$IT26!5`27(iSn#Uh610GSBQ zJ$w>%aiM?>p$Ow(`%v^Hz>%_6a5ht}7AR&A?}H2;44QBRr*W{+;5TmDANpFscVFXS zVQ@>$)-(d?jGP(YtTQtUeDhOG^fz+rQd9e!eXMAH{st! zBTmP<&b*?w=8d5ybZ3`doTrGec)W+OlOiDznYd#xloyj0d=$W(>H)NJR9Kugkzka$ zfl_q)F?Nd=ok6=S;MD4_b+9Cz$ISSNw*k}@L8sQ)TBP`rubgRAC+VWfc@rMd^G%1I zO?3+w4BJ+}9yL=4PqsN{$>ByVuyNC&9ufUf9C_ymXrcUIUhN)-`kQu;u-=E=ClO;_ zm>nQW^}~uXCuo4+2EV2%p+=EC0f)bBFX44N+mfmK|!Azcxp=S zVf2Tl^{-2-hi0xPqEHGAp&>FmZm5W0{UEP8v2*Uuk*NpLpTW4;ua-G=Y~um)>~7%3 zQ2fI()h`XKb-c=uO}NVhsvsf3WjsjM-$XA5CXp{LXk2rIVt0|ji%)s}Y9?3HJ>;_pkw_DJ?|L&0{>2H>3KPLI(}h6H({MlN>3mK%Tf=QW)4dSz3ppTOlQ%`pTmU6 zsEniLo-9HC_g6+2=nBw=(x^8>h1*$i_#Dzn$HZ^9FP(O!K$i4fW1C7AogPRyenYfM z*RAS9#kGxE?rzZzR5!4(StiTyDw&PMZi#zG$!OIiDGPsG=_Z2dq{3H#>T+5dh-iUw zx{o~(H3%SQ9b!!kaOb%?46`5$rW_SP3Oa9;Pb|GM>IM_iYU%`+Lh-NZnq0e^BE5nmx;QXKE#W zBs}f+4rs5X2rNa83&wKY@fFeYpk!CVmDJO`H-1tBhSKJy&ubFOd8TwHi(Hgyxdht_PFms&h1^^9rdU^*>}E6VR1DL_0~1S z!rT^DFzq$?TOgIW50u6GaaNKEFNot%t=zAQ3^{2KdwZTMuWwINW7km_V}2zuF5AKl zwiRxk9BqJqrzJ-*)IN*XbRFMj89_tfRYr{N+HDfVuD?02; zi)pI~jocpq+l$Pzld=lIsP+noSy6W-JyP2qU4L*%8-KO1Zt>)gVJk*f+RfmbDO5e% zoi~u6W`p4^-VAD+sX&@u_0c;i>K$8t9ENYSHzjD4>peS=W8mzwXWJnq%?CQ7lnEe}b-sIwnPC zREKa?MpIld!2hduGE&ycb*PbJ8?*enWh)?aXr}NFlKW4GouAM96N8}udr>IgRD|kM zGJw#;ms(lS|CLGT@gy~>@!4#ce{~NpW|3yqC*pBv7Y(Xe?35}ezHdGw+E+2yAH9we*gH)uQGK->ng22ngLiZ4aVT) zfxte&7zgV;9bGHz_X1?7#VJkv1{>JZf7%Pna4|b}jkVQ6dw(-t6_6koBPp`m9dg`R zF0Gnh%b&xJI60%e2U=Tb&>x#I3~mz2E*tl~D`x%0cB3=?9k4-vJN!D~DMb>yeYoe?9GDY_;0v=@r1|P z^2P`^4(VXjO9VImjFOJ!GFoU|wGz2C+iw7)_iyP<_E5)Be;3WyP$ymAmy+WrFl)65Q z!DQv7AJ^o_*;Dh59C?{F^=sAR+379Vmh{Xn{PB%-EvARq6X$o)wO5o(Rrl!^MeTPY zCggUE!sQm&*6g?BMv~PzOZma!CJjHR)2MkCopDQ{M|pGxN_hs+8hfqhz1w>d)!GON z*TuwAtwNkHpaCP_7Il*3G2$Ze}|Zdh+7No|S`m z(YFxJLc)b9vFBMHM;EoW#(p#I5|Q%crtJx^1&TL{Sunc>J95N^>RKgiuFS~nxUrF` zV|wRE2xs-ex)MeetcM;a!)XA6Etkd;!lIP=EQ#Jlj1Jjnns*Q=ZmQ~iMTw`@+9=X< z9Sn`CR@K&@gx#=^@Fb^?mkc)yy#IeRY#vz?kZa;VIrU6D(Y&>4>SVtLpW`mLGk%{sBC)l^&^UC*2XF{KIu~Z+8`G&? zKTtrLT7>+kgw8o!ex!8YJws*6R93F>7)dK3fdMbdzjjp1$uu>4QQ{3vVh`_swBtg2 z@q}+UiY$S=Fm=zkU*J}1`^yseT1|BKbexD$*#Sb~JskT%@t!_~o+IeJcvf^&_E(>l zkHtB^)Q8RNRMC&(pTWU1^sggm$Nz^WdFZL}e>+%;(wNfk?)LD#zFDY9!|f65@Ob{m z()0en*mlJ!#iXi?aeZdYTD>tsj0l5sbgJjF`OeRq<~usCFZA+KVb7}8=+`E1vFY(f zvbE*c^;+T?&>iw*Z_w=nhV*@#Qqw&AgYW@=5$DY)Q#}w0yCFyLlJ*kYqkSxw@D-OFjD86 zfm3IA0&2v~09%05JXV2B8@5j$`|3#=9>HFV#B zFyzOAY~t|(CBUTYm^rvamT+{t8%eQSc~rlCOMb{cC%L!1P}8&^pPE43lV+^N7fnb% zL3BwhW)bExJ?gSy1nj3*uO*q6qZEZ@F8n>Zt!adI2qzzz9}W^;o_BjDslPhOzWm;r zwleXBq$v!OIithf%d_jp!DkUdN}Oe&$D85|3Z+2xP1|6`fKUGj!J)M9cikVcg$nQ_ z@iF=L>!ERB_PCYMd$oe_0?lldvMsN?m(HmG_(><3%cD)@5n_KWheLBm(Lye;s-pM5 zqy82xGep7yJp=J`Q~MlB(QmYTKzBMzeq-E=r%A+MY0O|)cGOfI49?aCOVI`a-9ObH@B?h&~xVQ9c zfWyYzt`ma++_pIQKq&DrX{xf77_DGu4J>Z{n%L2uBM-5Hkb7u3yz&bhirp$JSDS$X zkLvD})@aN9vHjdkiJAf2m)F(oLO z;3PVB$)AqpMlSD-OBMK*SzRUX-eumDMWlUWo9}O z*&akQAQ@i?*ZU*G+2GKVo@A8fylaCfz!$E8csAvlA)7WRCAjzIo0Pu|CcMi%lEvIAT<)Ad0$%q)xTNPwLcm zNZv%p7or*WkmP98>oyi7<6?2YiH&ZZ47l^*AJDrm>=JRdLL+(uEOu*?Z|ZSM&_tLT zZ*MQWQ-d5-R@oo2ZBui?N+1PF>?kWw}k{DerY(G>iuToPP{+;`V5HPjnK6bw%EDwIql&15;k#Y>NV}PiVCTrmSb?8RRlpt zM??qAoW3JFzu*P_MCh2)bSkUH!RRH$4VSl@B0l!@2U@dGwk4!2 zpTUG0L*y!?9lhn2w56LFB5`0Fh~%+yD$tM@kI5fBy4BoVZr=0!j2k+VqDYi0pVc0g*fqF_&+K78) zN95>Kl9vjJ({N;z%iQB_SgMq^hVG4e z77zW26aIEX(s0jO+Na9A-r|IQX`!vZP=EIj7VO;R_u_#2#a0O9xBNmM^BFTdAvy`MOw^E2CNvH1=|*kGNu!&bxK37S4=k+Ed@ zLAP54vx(tb&s`-)!uGbpm>%wklU5|;5ylRzOZSefZJ0QO5eb#|_45HT@G`My(RIX> z$!C8(W994yLR9&xOE-v_ju4?@6-x*%)=!*UsIOb&Zeq5`crR!VINLD4<~*7p#dseJ+PoJHv!fTaso``9OB9 zkWc?`=LIud6D`;kz3t=0^JdUz}GWgAEIGSaX#?z5gE( z&dS|>4qG|Y7>I1cX0_vTs%pqo%+#wbCxkepEvFfUXu}5E7u1v<`*!u!nTZaWCCV2NHsQvn89ZVUKMnnz zj=NpL;24n0;sT8e7He|gb2GjRwSxqU`C>+PE8T_Wvv48+?n1x5>lvp0C%D1?ilxMO#i7 z+OsC|NBao|+a{S1Nd1!Rftew_AJD2V70w|G3haRS?5N97xH{WkirMgY9R$8E9hW`! z3;`6d@gsGaKz%^)Es5@i9j3kd!@_;H9VWd5d=H3O0e(HiXY-8kg z5!0QEI}x(xUg8iEo$YD}o$Vlq4qwkd)+CIVl;y@PHBt_*qs!-G2$M%NeRc-Tymf0! zMwWwi1`NG~#_+pa-HU_+?el2Oy|B(|Ga_6A&*5Bxx|D<@_(IWo+j@YS;F8Gw1N#q4UX$bHccKv zzy3hhJp)DwTI|`N;Ojtm66LKfJ1@!s97!*wh_~;a|C-_ z6ISJS@|I_N4UFB$SDBiV>sKdFL6P`W+C!Ij=6Xo7M=?v|jFaFEt0F^P)-D*Eh?zq6 zDkc3x@lnUA1rxqCseDNgsh&;tMC=>njnHq*OYBC+jF_$}3AK5?56I?pxzDWFsljHR zL)+tu4v){7{)}w$2BEo{^ z0Sqpigd5Rf`bREe{ypsVQA{D#mHq?bPb6$-C2J1Rn>S?5IR{YSrCPN~!N7HEg7!Yh zx65;fDRGcfXIreSM{TZ{y6ty~wOrFNL~CFattuEs5|4=^Qjg`G3M%c`g=oBfmu}J7 zw_*tYclWV04YpAExeLS@{QKBRKyhp;rt+~80e}b0Qv->>UU@(JY6&vJ?!)1SDS0uV zlkNig|I)1#VgGO1yHu1**|8t08pIm>Z~h-}d<1oZO!6HNB$+f7Axl_-n}V6sZiF*( ziaBJxqUgJh?#N3B#15UPYeph)vn*pLMOk7)aNj0h6`$80e&PFPtyG?o1a31Y*6i=| z51PtaH`tox?{Q0BP`iCG8p`RwXYvCi(o)k@ie48ozj6y$cmB&>A9(~OL>7Jg_4M+t zYUOpATo&(tjr$Tp`2gQTDaPhOo9b%bp$3s;`=s2FDby8Z!p6i)^jv{?N1W6GzZpd* zWAVu-?PzflvYXrha;Esc2nzT3M}}s#whl7|n`g#qxKXkSDqWb4p$gSP)CUmrAdFQ~ z$-{CHs4b!U4Rca2c_7p;v(YhGV0|poe|LuctT#*->M#^>JEg#vQ}?TgnwZ4dg%kc6 zNOb(-{%yvcFM_sXni*GMmQlzfCMz9}nt>f*MN#^eFqmxnI=CA`$WN-`_Wx*4DB2F( zJ8bj+2#}cE+x`hkK>y5~+v9kj!344^H);xIIQPB@v%ZghaymJr=SsUp?37o$tea&l z{W3Y=7b`bi#WsFdxt$ZW#S$%MC`JT%!)ujkV~Z@Jn+m@2`eJ~Paa1^mpT;^yLRS}5 z`r(h9yPMKX0pKT#+N)awYti<%NtT3eg+x_4DiJ$aMtINm_{w3hntOmv>0d9s@th6Qao(-6UApgJled+pFr7V61ba%;SlAI&QXa=s;0!kn2#`7$(L&g1K! z_^8qtnIi!xcD8X5M+cwJDu@K0G5}g5^1p5-8!4I3F02Ombk0)n(|QTcL|bI#3?wC- zMRk0nsL@DFk|w2}o0S{f<%)eo^Rm{}RkZWk?7l07h+?K?Eppo_ulK)kLjCxN*tgcb zcvqD0J;A3}j*-DxZUr%EIOicWRu0THsOFbZL&%IEh&olp?Ut`>I1(90A@+8Qw3ZVO z^&PyWhqO);iHPrM)Gp^A6i`*(PwF0qK>C~-h5pG1OCQXT#%^%>gTpfIwxa0m7IJv3 z?bNYH{^inAcMEIm%0-OM;|&{jp4HQdY~Oa=kWq9WFj8QHCz!a9=TNZs{erXE@YjA@ zn5bwT6EA#yvmqf~H=KRr8eCLOA2-McHC*4Lg!COC0E4-fjI2j4m|^JDF|SfHzv_at z;WOn#s7Ym01^MjG(n_gT)d$UjFX_ildti#X!an z+1MULK1nT6A6dRre6Ola7qaLPGT&hwMNF!odkgfiakV!Ac2{)Np(fR zYw}m8HweS*%%-Imstp>^YQgW7u2V=orxFvwwo=(Qt7FN%M_mS{tBR}XMCZln75Z%c zIMCzo+N@G$A^um{wpJi=;;E@n2qu#z%VhJf?Y>1=77W|aGXZOvi_gSs9;%M&xV)YP+9hGz*us*>9x~a v&*7YaeM;y9+88^-3f#(f4AbYa6%H5}n2_M!546wcav#vS2h0!|&=CIvF!Q*1 literal 0 HcmV?d00001 diff --git a/released/assets/fleet/fleet-0.3.000.tgz b/released/assets/fleet/fleet-0.3.000.tgz new file mode 100644 index 0000000000000000000000000000000000000000..0b9167db0339b1507f1807352af4d805f1bdceee GIT binary patch literal 2798 zcmVnb79~fa&Ef_w(SNGs7W=9Q{ZQ$3CU9@#>`1Y&QGdF6h6# zp8nfxb?VjVjg6?U}G879*A~eP0LBJ^S$V`;-A=`MoMNiU? z^zRQsW9|Rpltj{AkePpqHgG(8oz6!8J58sx@_$$PzuRqhUqSN}#uVu%_df{&E{SA3 z5CaRqC6f4jV&h-wQ=9Pyi6yVI0K4z|1JKi@?nd4}W<J@e}*xG4AP$?Q{ z3>OX4Gcli7S##&P=9^9HrDtMAFF_{$n;CQ}81VG>e-{O+_y0M__#b0s=o3j#GX)Ot zf3MlE{C^HI{+|;+rs7lpa0mWtIsKmUf4kR1+}CfR|9dzED*Sg2Vl#vo3i(Ae z+EDp~2^nel3UW#zj7KO1|GN1Ie5^};i$^pHD26t;yuJcKBLqG$LwOice3XC|QPlhX zJHZ%8SE!1b0^8-Y0Z!kxf^fH59MvNlt?jmk&VU9k_oxSYg)NO5UOw5pt1wA_8o`^4$Vbh9 zIG6Z>TGohjsj5OX9bdy29QAa&fGQDF-!mK-9B#GMaU<*pju;6%?I52c;7-k3avBTK zGaj%2)voP7w3u%1Qje4FsplyKpX{YT;@&6IzDGl!FBIQevo;#7+^t4RXr(-$igS$X zWC3XhP1|pAc3cR+9m1GRmhM#DQH|;<52pYMP%=xmKUymbv|@Cxw3DT)X9nOz#Bq_y z!$_~=0nCUJ#e$H?sW5YB;`0%@+-!z$6Quq_alIRRN5>@gW#X!Z5_sw8S5XoFnQ5qY z<;OzTQHTG(D8Dy$u>RU@3j@{6>^4gSg* zl*L=MHH`%p)Lu)(6wk32l8`yOD{dcE80fI_#cgkd+dGSj`-hhJKe(muitU{ zRs25(W#hm0J%ZpVkJz6YH`;f<2y+;oycCvjoBMR1w?Y*A6k~54<2Cy=;&G@0aUCX1 z{=rA9gK~{F1&rl)Xdf2bM_YYUQT>=ybl33bGTI&q*p8|*@ZUT3m z|MhzP;`v{vSFQiEQ0bZ->PhekSKuB?e_3s2&H(*?>7%a_4oN1DkF~e!t*;KSYWYL1jBv?G*Gg07>z~n(D#+B7N(?WJz^K=ufeUML z!^<_33*XQR4VG|ZHSG8@R@3-tdBnG!_wg~+nucX1pPnDq^v9pPeJQ7{D>J4czjEOw zc2$?>HXG(m{H8W9VZKhGM7fBm&WohLa#K6O3S*{ntAV+vqbcWiH`Jx9Y<{fQXPq@+ zavG1Y@H(Pn_B}6Js9c`B9ueslZ7_mT(q4rnNs2!vL0})LhYAbta;1&OW>GAy0 zD3||fj%AOY1Nij(zh1lBuJZrRL1q3w_HB?|@!wg;|LyAg&v|I;y#&YZf%`tP8o(%KzWSg5xbeBeEvK-p*Cr8B#G%UkREeM} zrBop~lj(!pZy}<%lfaFRP7BPGlfXj-0iBqP#J`1lOM_A49ydAgm%rQad*Cm024ZMT z0^EqG>r>RW?02`{ZgJnQQelUDHbVtphqvIdNLXr@)X=}ie9IpF88!6pvS2!CsGsGd zmE{xDWAnMDFlc&eZ=L^;mEIixOW+#CR;=>fL*6H;lOYtYO*A zqoiTjvBjv@gKhbyVd>Qvrw7;k9`|tSNw0adu#E(TgCsg zka78@n;HptTV2vn*v*pkP9l`sAY*Flv1Go;Nj9IH9$vx3lhgM2f1GUa9qZp|^^5zz zcBeZ3I}aV0|D6Per)7QDj8yHgZ10S8KFhl-3pov3iq_M>RmM${iv6TdQjj^AR|$+8 zbFq_plZ;(UTP+OVs@O#+iU2vAR9;`_szbe=gja2SuIjLk7k3%Z2gyJvXT|U09KC?m)zz40KN>blQJCs36<9?#{A197yDm&wEq8S`})tMjz1#? z?8JYa;`v{@=T!Iq&O%4cj!vROk_oM1LM|6N!6_pJ4-J&aWks9n3-vw0TwhDmqmvq) zGhME8v$~Lb8`SxTh%Q!-7=$uU_sYma+Doo@oU_SQ(tmlY=1%*?o@T_Mm*?JLSMe^- zMmrNuQCll%;Np^TQc?ppur`G2i`)2Y_~IjGA2`?+cF{aRORNw#3LZ`TI zYNk;=nK8$_W4b(kO7D}Z9m0kir6p(Wxf`UgeuWgO_)$?s75zN)KMfnC8~|bf07<{7 A_y7O^ literal 0 HcmV?d00001 diff --git a/released/assets/fleet/fleet-0.3.100.tgz b/released/assets/fleet/fleet-0.3.100.tgz new file mode 100644 index 0000000000000000000000000000000000000000..9938532587235c07df479057d4e4490deea83396 GIT binary patch literal 2800 zcmV)kiwFSJ;oM&U1MOSgZ`(K$-)H?5JQs)D6_qUcvoLTEIk#N|+jfJb*Ly4| ziMF|sMM0#TdULtI{f49@OS1eC$9B-G=D~@`;c&rQ9oy-w?C(hX_xoM2zkLd2s`QiFABQ0mSWp)7 zk%5qh1rFHMg1;gl7G-Um2xig{njZusq=t*>#r{9$Sa`GA5*~>KolxSBP>e%wM&epF z@;xFkos$qUMyMs?gtTfIXVmvexRoWubHXF+kxWCr-}z_xI35Y4btDm!pbnD@O7}S$oGa({AYPUT(d%2Z%wlW&$MDR8! z!+2Y_j4!4}QQbwUdfPT$dL%aV5~TgV9zmyq0Z(85`>-Z7>;E}O+aG*o6ktJ4GXxH> z|G?=s_CE({`!8^i5Pm8ExC8%noZ&#)zu)QhdrrRx_8-`Gga6J#bPfm&%SSwKBtznXkz;yNZAu$*B)W+<+9iZvDAQ-!}mA6T4$ zHV{6gT*L~#A~7QGYTd<4U{Ds-EUxYTyO+CgbAHy=9JBmm8vWsh5!^Gc%E;6lvElj!C+otrBhdp3?iBt%%uxE@2(fVp6Dy%~Z{ko*sdtKHZ;GQmk8Qd2EuftU7v4OQ`< z9)@yPempd=>-@**b;|31#~$>1&H8^1DxOQ=DB|sfV}SGaN9bKX5{x+!&@lp!QdgIs z1F=xVEC|30NFO~?o+2O~Ecbfit3#sHAFBi;E2$|CFd!X*X~9B`l7f&x-`JO}9&`$G(?e<2Z}2_=DlLnh_aH2oSp;V4($ z%9n+lSHmrI@$is07`3!}{N`)__$^)jmMvtV$4B6_zG`@`3R^2g1-YZOY=Bdcev#L> z!CobWig>HFCb7Z-(pzb930J5`E1(@T%=hPF}F|Hm%&j=c}u;s3i`r(fCs z4SV*m@&D(bqW@R62M|1CG5u5FM(ge^*N5ThqL9ID7La{bg*XWa_+AtIHT^YaNu(UH ziKbNi!Q9nBxk8(qC9y|Rj*HjQg~9H`EhMbTsT|rLDn`NDO3B=JbM=|JI;>qCKTxQ~ z(ORMg=yM$HBW$B-*6T z?l?$r2mZ4G_f_`)PG8>tH2ClIREkT;yh>$u?&0{?eAnT!3UmIYJLe~$>io|E#1S`v zyUzaxgJJdjuh(zp|5>PZ&W_a}_yjX>kEx$!>ya};|51lS59tw6Yjqvi(uYfXpL=De zP%8+>Espe#(ycw(~wd=2COFEX(KThb?vaQ`Rr%v{Yt6HQ<*f z+{7;P%G`Rxyoq1umP_c{DJW52L}!d#t=H*r$b5GnEV|O>iBeZUOtmhYv zHKk&fxR7`qlL`G^E?UXVPF|0QbgTaV+l&N}jE5A_(T)Ij;lFOjuKItc)13dEg&rPE z1P+*n+x)Q!dn?IEC%N;|7roihTkQpJUMz}fC?=@&SKe+NBmf){$v;{veMsn6|9|QJ z{L!cs|EZ5#*Nr+&?aO7f6e8fU|vxCS&hKZ%G4fL2QJ~xn3U%J^1rBpZnEx>?ty)igS9lPd# zzuT+M|Gv{{=Kne96}kolM&gjmfI@9_bUz~@auXWJ3k3ulpF7xca?5z70}*)=$;eL` z2r5HLC6d#TKEVA3#RPT|u+dRrfrWG&`XC@AQyr1`w@7Viz-!#YCI|iH?-u$!43;Va zG14j_*oesIQ^Yc?cemeeVc#!9VaIGf2LWHlx5%e4H{>p3K?8PaZTJ7ji3Z;>|DDdT zy8r9;n)AQ&(1G#asbhFr)OSmlY8@8sT_|0S@~(?Q&K;Me^)PT5ag&B(Kj}&e6%OWQ z0OQ73>@;5oW4H2JE8VwB_5g|kKrRNAo9kRAGR@SzD(y>Ihc!ft+uV>ef4w24IC`zY z=2&`38{+9DZHlSS^ESrSzx4F^;c2`7Pp8&1q2NyZ*RSHg4r~J&|9=kJ7PGV4@2g_~ zJ!`Y+FQ3nvZ|!s@ONJ3zea1{Mj|C(2Wqh5cLHAFIxLz@q7n73jf9c-(|D)~mzYse9 z3?Hx)|MjZpf8BxIy#G539W^>S^$uwywDbw3Sm+d|xDp;}C{c=v*4Y>GK0!ZU%fqA7 z92GNNFLSfFi1{1D1%QYyR-fR63Sak9$wTT(pLm?J%2m*ReXaUU`^BDWB#~d{-l13Z zEzd?hQ%>GmOKHR85=oj-(Z2P%@%ksEz3|^NqrrFKKYLh>|L%4A&Hn!^bXd%G>gZou z`G%fN+voprq5*f!|MmF4&S2;?^Zy*w#Q*)=wD literal 0 HcmV?d00001 diff --git a/released/assets/fleet/fleet-0.3.200.tgz b/released/assets/fleet/fleet-0.3.200.tgz new file mode 100644 index 0000000000000000000000000000000000000000..35946b921bf1c0533f4d10126f5bd2fda2d91e69 GIT binary patch literal 2878 zcmV-E3&HdsiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH+}Z`(SO{ac@6&cUH~MJ-EqZ1;p-vDvimZLxiAko0wTu~-ze zG?v&p18>PXRX~XNE(O^Mk{&#|%+-&J!ZFJ0&T5@&Mp@ zo;Nr>HUE2_*Zkl2{O%LKHyrl+e!n;Lo_Kz@I~+a%?;(U~LasECPrUCQt2wzJ1PJFs z6HNtIfddc{O_+$?kZ8@&rJ_S}E!vbTO&ANnY?pQ@qyJBd4wJPMAxcfh6r%tn;bDSu zEgF8!P|_5+CM8Ioiz`$BjPm^J+TKix35`&- zyRv~9zD0`cAW@S zC~2lm(@zBr{6aX1Q9>JjrusvsfM~c12}6g51y-VUrh-lU1SO=o(lA0$s3Ad# z&I!EvO45ws!m6Tea6^#>gVWPqVZyHr`LCDn0%*0iOM@vO4@HC#7!8{Xb$<5E;=LUM z!?6ZTGd%^Wfhr(M6RMh=KEAsuP!x?hMlhNJfg5BDuDQ73aDL`4rgMHapUoLW zc`3irlJXeFLP8>LK#VnVFiWODB_d~$Sz4)qK!QZ-5fW|J{yf3(n)0_?qnsGu?)Ou} z|1SyZ1SL#G4mX5r&;kf!;--3sc_w({MG87uOe-Nu zjDT_nU?u)AWM;fG^PbF1qp0xUWh@1nruFe7%$S%Kcq_xY@Ud87^QM$xDmWIHsgKL@IxDhLH1(|Ep|#dL~6O;;ptxY80yS_L?UE9Hi~s`EKP zmK71N&h{1xZ1MkIuj@7Z|LI`ZJNo}a!0l}tA{Y=re2YJ-|`?25Wj|NTsw{9aP*&YuA z+wwny!LXtK{jPt^{~QFC@)EvtO?ec+x!DB2kjzO@lZa>%ltE6F0TNtG!5B(s-feeI z0RJ>D|JHm0v=+yKRsgNrTbS>)JM4`Mv)S$K+)^w!xQo-oY!u1&YW({J&EmBXM79|*P5UoLB;5Bsz!v-8 z>-qiW`QPs!&;JL3y8Sn6Pja0INq;jzpnLs7+3U{v$)F4r1;hJz1(`Ecfzt+((VwNr zGh>L`5L5j{j22g>Cfle)E<-Fao<1u~*aYRM*092-aV@(m8xHPL{lqp>)SSfm~VMKXEd2HJk7>%xmFiyMOc6Q$&0`^}hRlaVps99euA7t=nLC zZK_>meE0=?sFnN9oqLZNx2r?q#$~c5=w5c|Kzdde`r$OLHpK7?H}{M2Z6Qu--dSH!|<=zuHAXnbpEkl&hG%M{@V(|jt$HA zUJblW|NWug%>Q|(gQNZ*0`9C!^i_#a@ARnuhXA|en<_O+-CY!E8r5|)UTeWO z5!v2$t|?PXq~15zhdIuPsmJ`g`UhlEe4UmRlFo^JwAGqHr}HvbC<}Y@>JKk7qSTF$ z(W~HPF4?Q#WhSJ4Rj>+0ni5c$5owD27*!g?7$T7p$`uF+Gy@Vv5|u(#tIp#>L$1)4 zbrvH#TwGWQ{O-{8ihrFK&wX$4=dkPg1M}c_pZot;JiV}wgXgZAgwNf1d7mv7e4O=P zr~mt|2HU3ptMy;Q(_a6m|A&BM{nzgs?$-ZW>i9dtfi3#)`(8u;yI!w%JpUgA_L?0n z!-X;v3ed=f+8g)Qi0Ck}SIA3QQQQ5rI8NB>>nc53_L!XMdY+rvWg^IS4$&eUsfr?Q+NL^Ny)>FpK-7!U}D;QEJf48>$;5SiM4m-(UQA zxBl;^8gyIyHyHMs@t=SE{?B1x$NJB?B7RfVXBkqocB}TRQ7>0{uB$?-xg!GYNetpHfb(mni3w>i%Q$8SZ!#x%j}wweyMA>iCA`< zCsOvWPGqT$7Pi#V!sdEfxTB^Pw${})vJy5&IGe2%>`xy*UVOf|{P5Smt&_~Ug!}Tj z+6SZeAMVMe%r!zS)v>Q?hr8{6saoH86|gP->kd})f2ZA}{XYcUb!Wfb?q@>k(x}ci zb)t3Fe&LmSx;KsA>puyj5!_Inz<>R(3m-U}nqQ#FtVocd1V%Z!j{ExR^OY9n zr;yG?nhFk|&aWV%QaQz8t7AT`_>MdJO?J%ZydjA@#mD?nO?YR)Xhg#6JcBW1sGMi6 zy2+ep?ucAF&s?1re+x-t=h?rU6Zk|V6}f`9uiq%A2=2dNs2!I^NIDi>iZ6~kQK5*i c^Vn;9gd-f`2zSB10{{U3|GF}(Dc zVQyr3R8em|NM&qo0PH+}Z`(SO{ac@6&cUH~MJ@k~-4lAnX5GHG#rCy9(%0R^Vo}i2 zSYktw0!cab%X&ZiLZmFqvK%LlA_784g9x4-UtkFht!NMMP?MMq>8t5un{} zw+H>c`M=$6SO4#{JKblU-f%eV^@qLA>9cmH+iUlpLHjX;sY0qWk9;-UJ9|Q>J zLK95|SDpjl6HS;1U7u*p(50e9QZ1U4D@_>lz-*VMFN6P&iT0yf3LmAW6N-Tcl5jsl zS&N3>6O=SYt_ky?p=FAVTEvJ30rFc>IEhgu#K(n%YNj;CwYWlgz$j0@*Y+k-Olg3s z8BV1KK1-EGsa(Uggf{IEmPDje%R?eVqOh4sl?&vMgnmJ(sNfz z6ZlEUg;@rPAyrx$_XRpaNYXK*KKy#|0mQ_#{5c(?+4*}=D5oePPL+l+f~#)+N*)j$;xrP3G!&=FNtPM<$qW+;k=90M57fWS2}23K5Ma~Peu%jt~H7PC2n zAkF1hT2dauL`aClHHe8u4ra*|s7RzNFiR^n5QvaSJw~GK+K(diuPA@dHOi^+?VZ!u z@c&DMIzkCEk-|0M8nghyn7A(9VVVeDd65ECfil7B z^w@)#WTXy2LUg3;9txQl6P8Dkni&%SV570OI3X$1`BKd?f~U5AN3i~1W1KLeQMJBC z$dWAL)ydvMfi3>O-Rrh1{=YvM4v+r-5O8zTga9X$BQ&g z1l%t+RJ4k|IP}yictMs(%Jl>q|E*e$ofsffSUfbA@*oeYe?Rs6{L!GQ|JH59B-!I( zU|arYFc?Zzp|omqnMppV>#HM-H+n#h$Hx-wu5Mw!Ew$hhIblGhg8 z`Mls-gqazA-U!ez!QZNU1*U5{OQHcZvL)Pvp7pI_+rV=ZzU^J5u+eG5gL)F%y-HF< z@0-Rc5K45*7juo{NQkQo^pV!>kM;iYVue&k>G;=+59bmm^!qAlrE@-S7_#~Pl66)4 zZ;v4{@;zP$Y_tEJel`Dp+VA#{_Wux2w*MqaRI6|TZ;PF97cY>V(LHlgWaw)l?ZMAn z66ELce8ZC@sUe5LE#!oy5i?*bJT`LySO}6q)e<@#g&NKd`Pk8m4Q?Y|rof8X~2TkL-? zv-y?tf9Ldg{yzwm?Y~)jlIloE`kM&?-K$s1UUx1|26><;7~aJz$dsY-oF0^%Z{6%KMrYOgyhBZEwYuR1dn6zevvasFCJm#j3SW~BV zWNHIe%dt3V--X%6rCA>%Pw7g*a?wi-W6A@{L)*T@sB~3?ahlDhv->{zqh)-j?IIZF zu5~g0TSjvL);Hzm03{uNLtmTSXvr>Dyw_&RmGu72jeB9Q_uY@nQ^8K}=%Gqfx4~}P zRJ+Rf_zU=0EBC;idxse}i$mhZWwIvdPIl=)dR7+t@ieY9%FZiT;&B%(d}?R<141?a zTlI7Mi3GRZ|8#rR_;1i19P_^if!h3UMLX|c_}6UL?z~Dm|I{z%cK}xZZ3SV=hUI&& z2HvLsonfb%|7)LikNSTIxV0{|<952Mg{h-LO>OClOgVfLV+CWPFaW``qaENBvon&_ zZ@a0=^`?gHQ&0Q|2I};G-_@Yo^nb8c|9{%+w2%6K2(U}OsZul7-DQ!cQC&yll@@#x zk?n1!nliOYdhhx$$2l?en15IQfJBP#v%EsmIkAtnTGMN_UZ)CWW^dm7;dMfkx)w5c zp%tNR9vh#o0(<}Qpcr&<3x z{oi*r*f#xNum2kM`<7jQR%pYGQiW#GP~0HF`V|uV{^G~m z^?yIrpxffV!LV12|2oI-{~QK(tp8jn;=QUq^N^ykTeWA2dbP^4t_rcF^mS#Rnc2uo zG4J)21Sl0|XMxqmTFkuP7GpL_rJ`##X(3`96CRX{N}KCgO=vdr?3$5&rE9l|SazEy zlJ~DqWTlQ4w$#$X=6YJVrKT3P*40+B5;jLTpVtcZr_Z0yzn))w`s?57B(pBzu6!={ z!RX_sJ95c$jZjK;?5o=0cKe^J)&s8sw#9$lK~4T|aJ2u2fZOiux7+H`n5|qFwN7r%RUVgpQ!u%A{ zNW`(=@MUxf0hP+h4qGkrX~lQk@o%zaJ{Jv9*vdW@k7~+WOGabjU!@65C`0AEaMg9< zyl}_l%6Z}HIQv^j8aglj<($A5BB@9fynp*nIazT34SnsnG(gg_=u&)h+^ODc zVQyr3R8em|NM&qo0PH+}Z`(Ms{ac@6o`Z+JSJblPI7y$-S6nXb?iJTdpE-`$42EOR^oOj^o^3Jq6r|oEZ*9&JPa99x+7SJ4=Yv?u4Z5$pe7r zdEW70VE*?!ul>L8`TZyU!0UV7vETQOpLl-1f8;*_?;(U~L#{NDPrQ4N)t=n%1PJFs z6HNtIfddc{O_+$?kZ8@&rJ_f2ExME|O&ANnY?p2*qyJBd4wI!6Axce06r%tn;bDSu zDH?vwP|_5+CM93#>%zOa;AOSZJ?u%a?5yO)1o>$3!et z&&saGu~Qdl+!)^ToX6gYdw2}6_J2%Rj_RQtz#9ACANYrD`+wvg?d|_AfTkqI!tzVZ zgrZu=NoBUJ+bxn&}Bp4O9V9Do-&2olw>0^zq$gfud;4F@oU)2wWp$aK*(nhqF_6KAp4E*=$ZB z%1il`mXyaZ5)u+|4PvB`gIO{KDiJx0%+g8?1QH}t50PlQ_Gbx(SCqfy8s*sdcK;|f z{Qr`mPEf)`Vy)B#s~|;f!?Y5j z#0V&N02bm8LuST1HSfvHG>QrjUdB?OX<8pY!i&5Q{Eu+i9S9Fd&qa;YYkfQtw(kzuHXERe6NZQP92 z94#2id7#>bE1U#S59`cOA}g?j450JoA30$i(`vLYfR5p1n{YJ3PzUf{T!sloIm5>` z#g78k|7%P$Ml`D4=LA_+M7%oNS}3r_|9gjhujT&-$Ai89-wE8@bRohK

?Crk^9L zr=LqRJn2ApI&}&}Is*5T4Hd1T&kj9H6}%$LB;|Spo&Q$7&PEK7DXbnkb9sy{w;@!L9J&g#o4JP7#7%@uEMvy zO$r;Gb^=&VV!N9pRrJ1UoC={vH-9nLI821Ny1)?Wvi-5xUtg@4>LefjeDUsF;)s52 zlD0ahQyaTZx0kGI+kbluNs({yI$)jsKl0k~-_hZTx3~YhfV%xBS*CiG6L?+igu8fw z;*1`clj8g=2VgD<%JX=+;YpS)A&1H>l!Ubr3t$Z%tGNKo1Sz2CB9x=7D2q68JZIA_ zr}O^wr#F}9r)O`fp7PB2gA{2{YXlfkWYGnVnyqE~Inl+zxDh|BPJ;`+mNBp?md0+3U{P$)F4r1;e{|1(`Ec zfzt(&(I2JAvod!VQ~gB@=U1jC+o(h?Lo6|#J}XSv80E0mu)wEvExRcjlh$leR<>K2 z$I{dhYwFa7Ol`nwIaVj_yD(e1G>c=DDP1X8DSEA8NO?qgY}@A;t*(|ZPPf~2Hs2?I zw2bexT?E6@wa(^$%V-Y3;-*|3pyb0Z7;3W{E!kzmd#$Eyr1x)b+zWfX@4la(3O0I2 z_f?{08|=1CwW*8`zkm<5a`)W1cbIXvIwY=KCToK3WS4fNXLX?;PUC8$Y`lUs9(U2g z$9AT_Luki;O+UAtNO0Z#PyetT{~h-a_xazQz|#D0OFQpi_!n%~=Dcb;|JX0*I{>Ty zwt}!{!}6_H1FzG6|HNRF|xwsb}29KML5f+0~Df#Ai_ z4seXc8OiFm-Bk5@Q^WSLC%y**%k+QS)u8M0|6YIL{N*;)wBW0VY;QN$l&L1^2K8YFrXKTe>hF+A@pV#GNID1h(N=2)z23`Qp)Bmpt3SNV zh*H-=Mz4aGxn!?`mzj|IRlzD0X-Yt0Mx-h7V^nDnBZx#wC|4jP&(|~aB*%W@cSpOSN!X}c*Bw~`oEKbx3~X0fqnho_YJq}f9>kv9^v4+_|I?GfAqaW zf1m%^32ZexUWSWhCcKDD8o6*=anTtP9VRyNXk^80_tWAyY0DR?^my50a^}l`g=NmjIsW7T?o0!c;yw}7H2TO)A?qm?R(ahgOr%6v(VC0n&`ajXbs(Y)_Lsx zyNCP1o$Y^lKfH+>SQq~d+VNlCKR(*$|8@coao=dSQMcSN+q`2e9nAbb(VTvl-zc_d zW)0O1A}n4Z!uJ3fCmz4n*W}_^{{id&^K&>#p2&`7t;+Flk7`Ia^6<)AOGZE92@Tgu?++D=# zLbqFHSB>S?~8VA$4gyW~MCBI_tjhO64sO0+>Hap+zWI03XlJXJ&}V81;FH zXi%HsM8o?(_WSxzgFET}J*xrN>A!cf5dWW??7#o96WFX~uQUUXE&Lwt4a@Z3O^~Jb zi{V=tW1apV9S#=ie-8Kgzn#DVoD;24as^s|U39okki#&iETTMyjD%MtM&&vO_J^oc zo*BmvDnZ5|W@2d1{FKMfK_VlXj?w%qRIQ!x$T|vvA?aCkDZV)FScM|O-ea%r9`>+@J=_NW3IG8A|Au{uLjYU=0CGp^tpET3 literal 0 HcmV?d00001 diff --git a/released/assets/fleet/fleet-0.3.500.tgz b/released/assets/fleet/fleet-0.3.500.tgz new file mode 100755 index 0000000000000000000000000000000000000000..b0d228060840f31e56c865b4c984ac4dde9e6e64 GIT binary patch literal 3005 zcmV;u3qtfCiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH+}Z`(Ms{ac@6o`Z+JSJblP*h!zzS6t5R?iJTdpE-`$42E%d#D(j^o^3Jq6r|oEZ*9&JPa99x+7S86-q%cS2J3So4gsL5n zWdI?|l}4#t!?lJs_6f@p;;-Z(ks(poE~F|2a!5u$p;T1x0LER1WLfp-xyNqbiBN@- zX4*9UP|(0ngp(L0wBbjpKV%AshRcvJbZA&$C0b`H=ybwDdzD+hY_n)ep;jFxVxc-# zb~TQjxaj&_qb{Q`~Jzn{_g{5N@6T5zr;)^ zs)d|XX4_g02SAfJfUz+YZ5j3*07G`3Gj=W*4JQG-9laO&T%tm*9f!oo_1lfC+Xio& z0gm7YA!p_pB*s)}Y1|m-1R=|ZjE3;@#XArq)AHwhh?1j51!w1PL7^O@gfv$gh6oBZ zBq-52f;V4DnlYSPSF{aoDAM4h*E=pu`K2NM`Qlvwt=48~Fa_kHh%f@9X)~b)XWuN| z+YvAvX}~no6QCNX0-{u&Vgx#&s>$i&yUPMa(U@Zd!wC?$M#kWZi)#*pGj~3n!P#s! zXAtG3{7Os8V;BhuiMR$a(#XLqn*x=HoJD4Nr3L~C5~+tsv|ax}g5eeAZ@ES}Ha_0( zr-uJu64VJwn1~#%3D=+n5XQuH^$zn)@WzW2pfU{UXi~f|DuIz9GUYln=0f7Y5?<6u z-Wh}dMuaJJoS_i9=*o&Mc?2I5geq(Roe&Mzl(FJ<7a>n5k!Xy7@W?C>6Cq)hcr#2Z zAxeyZatB~34l!hAyfgEj%uJ)G@Z@Do1)8Sy@gvNbm=t(R!@BUXSYh*~lwm437MP=) zu?bWYv|~R9s-G$d1s~CPww%Ruia||RB(AyA5=mMGI)*FdhOtV7c1!g&I|D#rC{dRW zL!-+9q@*Bq05YNzW%p3b#E`HuqSVZo0RS77y~YvAnJ$-VVhOm2@Ddq@TF3(Vs@lej zF`J_WLpcvv+i-=G0P5kL8A@aYmXHCo-uxpctYun__65)~ylfMWMi}Y<-iymH!6;|= z*d}?eVEwU>U+WktlRvz>(k8~nd_-1Qp%zjxB>AN>D5;O3?c5soNFXj%3A z99jMRT$0fZeX_8Zm~BmOs6+DGfOe&;LcAH z(`m30Lz8$qZ9QKeeSVfG`i(nB7?65ZfzN#sWC z+!$~LMxDckh`1HNoYw~2>9pcng_i|=*$B`wLEoZ$6{c%CYoYgk0!S~Kae#dwdczxRcv z{g*=$?)n~JgZ)1~_WRBAzu!Ha|MvoQ`)}5sgVk5c4WnX`+j{vw9+D^rtYR3eulmKaZ;6(($qa#(9v;?ua6-Ik3>XErD+ z+pWxFY3hhIb!tndHej_JtCRL!n5|u!hGzVaLQ?3tC^5GW@wb_l9>~g_-t*2Z_>)+hC7xsGJeLp`H zZ1s-rt3<0d*ln9?TNxjI0Uv7R?zwaCFynT0NL;&2)&$+jF6~Lr>Ow!9#??mIdIf7d z?xKZ{?M#1%(2V~U{oHOM!A^Q!6mW51m5 z0IdGo3c`*J%XeN4yh;E4Q@@%2^SX!p-(KL>x>Vow8-=NZN=hHK)o;70>h-3E?PE{;00vg+|E{Y+H|77m?$Z5lw|{!j|9ya6@^w|3rS8rP zG>z&y8n3kA>xgV`JJ*z{Mba(m!j4QG=HJxcA(P_kq^yi|j_jkY(hNGCm$^b&*qc{> zc$pEUu7!+V1ut{SUIi~RA@!?*RVdPwfWnMOQ{2a>(jZ0E*tL*=-s{uE~f6MiMr#->m=W zddL1D|Faj^X?DB}7t2g|5t%IH!fnMxYe;mM*vMlcD{i}=7RO0jzEGvd%N~<6U(Itp zyG%rD*cH*=)A?hJ^{4AX$Zf_eulRO2gZZ7#H#2SCv#uSa#8j=NmX6Xy=VeD@=+?8= zWAEPs+z;+-|I7Q~ZQQ`7_^;QD|GNH3|B(ON3p~VqquoaBa>wlQjekP;=^BmStX-&4tM2qxeG?`KirW^nRQ;|v$_2FP;7mG)o{E2FHP$`uL3v4 z|J{@2{IB0T`2T&tZ8bZa{eC8-E{(^`lqFhc?H69Dyahr4^G7MP2n7q^f@QTE!T<6IC z0F}x!35+W* + + + + + + diff --git a/released/assets/logos/cis-kube-bench.svg b/released/assets/logos/cis-kube-bench.svg new file mode 100644 index 000000000..6597051f1 --- /dev/null +++ b/released/assets/logos/cis-kube-bench.svg @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + + + diff --git a/released/assets/logos/fleet.svg b/released/assets/logos/fleet.svg new file mode 100644 index 000000000..07fc4af5b --- /dev/null +++ b/released/assets/logos/fleet.svg @@ -0,0 +1 @@ +sub-project-brand-logos-FINAL-with-wordmark \ No newline at end of file diff --git a/released/assets/logos/gatekeeper.svg b/released/assets/logos/gatekeeper.svg new file mode 100644 index 000000000..8fb3fec28 --- /dev/null +++ b/released/assets/logos/gatekeeper.svg @@ -0,0 +1,30 @@ + + + + + + + + + + + + + diff --git a/released/assets/logos/istio.svg b/released/assets/logos/istio.svg new file mode 100644 index 000000000..4c6c80aa2 --- /dev/null +++ b/released/assets/logos/istio.svg @@ -0,0 +1,11 @@ + + + + + + diff --git a/released/assets/logos/logging.svg b/released/assets/logos/logging.svg new file mode 100644 index 000000000..2d1ba6453 --- /dev/null +++ b/released/assets/logos/logging.svg @@ -0,0 +1,31 @@ + + + + + + + + + diff --git a/released/assets/logos/rio.svg b/released/assets/logos/rio.svg new file mode 100644 index 000000000..a37e395f7 --- /dev/null +++ b/released/assets/logos/rio.svg @@ -0,0 +1,21 @@ + + + + + + + diff --git a/released/assets/logos/vsphere-cpi.svg b/released/assets/logos/vsphere-cpi.svg new file mode 100644 index 000000000..7e22a5fc5 --- /dev/null +++ b/released/assets/logos/vsphere-cpi.svg @@ -0,0 +1,23 @@ + + + + + + + + diff --git a/released/assets/logos/vsphere-csi.svg b/released/assets/logos/vsphere-csi.svg new file mode 100644 index 000000000..7e22a5fc5 --- /dev/null +++ b/released/assets/logos/vsphere-csi.svg @@ -0,0 +1,23 @@ + + + + + + + + diff --git a/released/assets/longhorn/longhorn-1.0.200.tgz b/released/assets/longhorn/longhorn-1.0.200.tgz new file mode 100644 index 0000000000000000000000000000000000000000..6a695b018c3440e2fb901753e1d0d8c3b3a738a8 GIT binary patch literal 11516 zcmV3-`~mOtMNY?+i}{N+7o}}Z2&#?c6Mfte{XB2myiE` z55|A5x4-)*)?GO!HP0V>{OuqJQ#M7F~Xz{xa8`J}dZ6o+@7%M)vK z7w0wb%iY$1r}kEDt(g1VPPm1Q<+W;yW}fAQlPC;$kj^O@CQ!f&vJWjg^4{|}0SX?l zyDj(`89zJSPOk+hJFyp~^zMy>%DjZx%=MBq_6AwXT{iGT=awaD7~3Px1RdBgjM?|u zfX4w(dD3Z(L+r&kO{3&sb93aS<806Yq&M|M)@XYUwx^25_I*bb&k`QPrxZF#HJ!j2 zZo=fh598a-i4D!hNa`QClO{P>gtqB~ei-X_7QVCST_?F4wQl(oV7S0YR!%%i^$7kl zdJDg(zxbBlc@BQ|5-0Imx6oTn!I%H>6%cW2r_;6K?#tH1_JS1t51+9S4!?mZjko`4 za0QH;7;{Z>qhMY;8S`NDpHn-z<#8vBN4i=cKd`^q!KhW@og~a+hZ715jl^QbENBjJ zTeLLI$-v>(#14SG@uKyXES`CbmIVGxlh&OYI^z9qxAmzd-1F1)=wSr8WyPTXCcHCo zSKG!M{SVgO7V7`)-QHGjpX|TAy=VQup67*@j;&TvHTm9XoZfT%cY}cv_3VMqnH{(c z)ajI^Ap=FSv;t%2AhJN@M}9cv?gqk$6VR^#^ErqPtQesLNl-npyU@?TL|{_$LlaYt zZ^uB`0nP>Js8G4F)Qf-!vQ$ECKvQ9me+xnvyLkn*YcRkTb!|K5*vcf~{v9+J#$YG`H3|DH z@j&^Qgwvf(vM37U6j~4LC>e)ovcU$nbDKqp7@j*GFtFCb`-Dxy3`Z&f$ZkfMJ6Rkf zXkD4=$ohY7wZ8b`bb{dRApPQt19m~i6O#sDj)a5m0=#B7CClxGX{!$C;!isW@&`K( zpiu;F>Bz+jGn`G9CrrC>*ZEyMf#6#)M`IWFutbYP?c zVaopV)glUO6ZmzY3?Ayw=HL z&i>A`{9niOf?a@5141Uj=_SUW-Gk-J2ASv6WQ3`F3t|kMj~5`;KsV$92zbV4BbY{v zd_gEpssbkA9msJz9UJdK%m9FZk7$arS5eG|-UkqM_b^A~(m{|@Y1_&1%v-~S6m-`lYV8iJi3pFo4sJ8E@6C)t~#9K8BH$_zdK zwdh-Y8*}FWPH%U=H2-(^w!6>se;v;Yb}0fhxnd@T+G_m=djeAcfj*%zfL7NqMAHW= zy3!^V9H@&mk_bI4Wlq{G$R=Rlv2chsVVE4WT3d#lcS7L+W?9g7Y+8|< z(t?EUk346o*h0^Me<}kA?5&6hh?Xjis5k>i;vsjY4p@;Qgg~TySg2y#K*MNVzspTw z7}pIz!SORNtJzWil({h|m$>9tEEoFNF`9pOiY*`8$#@XjvAb|k1X<%E<}v>%^AZnG zputl-bl2-_{ROEFcIhqt-s)^^{{{PP;7pONzaTbm?OR}<3`Y3|>~sHSgWU|hz?}ps z{yBo7!2jC!w>M<1-wga)&%I$|a3TgA7*NhhP^KQ4{=y4E#zMw6nglwcx!Y;&78*q^ zwkZ7e7@+JM7?W?mKS3J+=mz|OF5A077Ni*isG|(Vl%4mPHz5bnL$2~t;%u6p1w3pY zC(Be!!gqnhhB$&qeHDURh`tU;3!4DK?5@XbgWdBSC-4z{o}vuEP8p>!0P2Ufn@I0V z^N4aoUtMU|^gX@WVC6SQzU@smSYNn)@GAlD?3mnLoGJrZ}wxdW8?kWy5@Y})D z3$e@i?gcxQ3G|U?(CP0}5qn-;^td$i;1U+;ITuiX8T9;h7_f+gv0xCdB z=+}j|kY5mDBRFOc!aLp(c!OAlzDyEfG9FzX!=yVMqLUlrFD;9t@xgP^j2~%g1zhR^`5?s{VsL6Wm#5BS`7*3?C)U9-!A5xzowCypx*NW_;W&R(fK`E*uU*Z zQ~oCu&d7qD>8h82o9+MYy}kW%{C9tAd;8h`U&n*7&QTb9Vl_)G)io^4YCgg8ciNu`ET9 z6Zn=+BWQIHhA4pGHz>IK>m(Z}^sc?(0UO$Wf_RKT2}aOfZu;srj4HGMUhR`!QIytW zhir8ZC^d!hMkiH4FRWUeqM+ILe#9MbIIY^jgd4lmjkKw<=r6|FgAu)u#F<;23eO+_ z1Iq)g0;0qMJx}dXvCDFSd+FX?*`o(_>q;W<$o>dtXsLme{?h_Im2TSuhjB*j754fO zgIGXr@i8n{TSaFwZ|3mTjvshz3v>_+-Up6bP0bZ`^AY2vky?DL%qpwsfUTdI6R zuQ3*+iphvV4!pzOaQlw4fo})56f4Zq&;|F)NjnSD0^uJj_=}A`Ryh{osocVtLy+p2 z_h5Q=m+LqHd72*29Qh@>N{jdC{x3fKMwK~)FiJiZ6I>Wgteg)_;?zm{ow=+~rNHXA zq1yFTFa*XCMbS$>!u%0?VaC9!mWTjbv8p_WKxY_zm#FCmpNd)P8(TTs)RC}`eR^}* zr-?eNW27dstb(Oto_IemE?;EvIi%6}QsJlKm{Kb%XB9=7DtmN0+jH5YmIkZii`vdF z!w_blBlu*eT=LhnBL&3tUF_%4gbPuKsgLa4<(q0?;_?kfyrWXtwh>EEa8zprBdFB( zJPxuT!U^%_EQ~Ypxe`l>@rx@5W6Xn;GTHF=r|QUsoh0{eLsud!5XNq$I~Vf9Q+27( zaDAt=nJx=lCjv^L3Wb=ek*%XFNy7>7G%X~k7?%Wq3kpLK+NLFs;&QZHx)^$KlCspB z@Q%p32?@4XYQWWWTCQTASdEhlUATCMD;)XKoz9jt0%`_!Dy~)~(45d32K4G8Yjpsd zVr-H$s<`HyK6hfCnsTGUJ4s%oNc^kfBA@_8xd`ogxl)I8jQ}$lrPvFUv$$`;=jmk_ zrpI1fsL&u|Wi1v%HOuwlhs)LPB_u?E0R~WG5%n?4cQc)oOOXn26lOtc;NS&mwVM+U zbN|Jk_6PX0NyDfd0|z0a#5G-z4*Pnlr_Q$QeWTA(0Qab#8%FhdJ8xLr3-{l&(pN(Q zor3M?m_99Km!^S=>Q{OQY-lGMcXKg(#tfW+Q&ku-Mj00|ZY`5CNE79_*d9|TFVeHh zC|7$_950m9tLtEyo7i>}KQ;B2$(}IPl_qH`QXjAEcvO_NUyGDT<3m-#^1zKkz&qE_ zj>8j?H!su4F=4aA&c5l>GIxKQGTvp17k4|Wk;Y4O@d(%kZ3x@1s+U5SSzeO$o74;{ zm70tgp_*V0B%$L`K0jqFLQ3G>)XZr@;+xrk^n(1CbwUatU+@p z2w9k-w8z&8;~!u;ci8C=e`EjMje^aErG(Km;Bub`ZP=iMCVnrInkeI$wuS^US5Meq zw(A0;zFdBkOo>%vEjA68{C#Yv_Jy5}>t;NDWBOxpG*lT%zm~gnP*~w?q^wA+iv(cf z5GiLUnf4}Nwds3n z?MPxz|0cG8DA7K;W%hme%y#q3GilzM0T z84U-CYCD)>Dcs5xX1h0XvlCa5IN2h@3sP zgAp2@XjCE)y=P*gMn_tl_)!@e!Xzyk%0PVZ4A42s+dMvJXXjV!=)1$SZ%^3Occ*>U zKe@VsZ|sNDtMAz1)z#tAcPGc}{rQ`BZ%_K2mcjbn4hZiDNS7gywB(W^sKq3UY5{ZI zJ;$7ub#g}IBZ?QMF*^fGYliH3nHUAJ+)Esbk%!x#VdyX3i|p!)_eZEZ?UcMvErdec zjGbG0rCfh8R|=SrtB2+c7-b=j9QnOAZI#CkZ7_K4rHDfmCW(i7Nt)lb*+&B;d>(j! zqOF;j{AdHMi}z%ahFK~wr(Fw$;HC*L9N?~_g6Mmh=Wh~qU#`gIWbG2*c}m9!30#D} ze+m*R23b^f!KnztGOSRjWIF}uWQTz(_u3oaf&5U{lXV#ePveQUPQg6@{?Oef6QB~b z&^Cd5*Fm!2*mUt9>1a|VYzz8VR5zf5A{e}7k5l)8#c#r17)Bb8c7X;BW<+00eOU~TUB&op7e^q6Nth5s3@@u`GJ}7 z@unzYu>#F4j&@6tqxAHVmJ#v?8AfW$TeYOHs|OtU4NugfQ$zw6<|IW&F2JP;;P!Gx>i$dM?b+qg}I0|DItayqb7fd>-8S}F2JYcFc)5VKp zrfTVaNUOPYa*Z(GVWt$^LqBQPm8penCN zgxaOlrFbPZXeZU^rUKHDm4KqOOA;+SVUSKmWi^pfSR##4H_2;Z?g;JX##|ThDA`Sb+gwSt zn=2&7bQ(ri+VyWwfgJlV!GZO@wtbA_ z#4x53c3p;)Lc0$hr>Ayx8}*^8k$$yUi>>CwtHynck_tGaB^LeQMPS|6L}A$ESp?Qa9DbNqhfj#)!u}-*jj+u}OV0Pg zY=_BwBogONFWTx2>cERIPW21yfWlwDte{o1kxH_I8c7_zc8Np3(puVJf9utF&=rx72VbuKCV=J7 z|KHo**?m6$e;rSLum{G9k|((UV9xn(`@37)BJ9Mm#eHd0v9*e!0BaVMIYp54@Ic8VLvNd8Z#hTl39v-AP(67wsQ6< z*1<0`lI+DtNw4yUR>`5pR?QS&QMoDUSCnYXi4{dkd6){V+N4DBac(MJq1f!)GEuCU z^;E#AO0JqLlR}NzOY$bgD$BFtV`*(sjh?Y2qKIQ|-jTzf$MPjY&Eez%nd@SyqCj(? zPn4;~T8M*6o7D~s#NWk!u_w5zuJ}f5X(K?uqVggT_RB{o@&Z>Dvm}$59BPFTSHaL* zlG{F1;7ZpPYkeU`%P=hx^(|!;IN-oJcd2r)~IZN_vnnVd1OwU&6HV|IkQ1rl^T!5NC!?vGiLiuDa>K!=q!54;;r77Z#~&Ta)}o$5B7#|)2aLmwfK*M5dSMYL=|SC zk&a!t@+}wDrF*ZAplZP@44WJ<5rAnKaB&C~a1W0@b;ZhuY~|`rU#$)n8x$Z8S>m}| zCMt>0s+X^LQQC{jZ4j&7!U5I^@nQiBWBJm(-`T;0w$x8F?$i!&0b(NZo)o?t#2FJD zR##eqc$lKv{y>e0%mKNCtS*M46x@I@gYJ8xWAg$ot5q5+T( zL|$8DdlV`a7z1`MX^jn|Y{<=)&qtxaS{&IZIoftzIn;$!@J(pmvK_qpM=HS=FGMkn zo7!v$$`&{=A;RmVAFqn(28;ADhyp;&hqc!@;52m;Z1P7Fyits*Q22N*1Fatu}}@bc|3sYA>GRj=`581`#>3b-{zCZaJeKCfL5(8u-C?-MY zs}&2bf8c&?WcC-AN173|J1fC zxvup1kkFj?&-U)tUNQdD>uvY;pW{F4cuKby-g*HTEn>2~wWF3=rNe1eoP1V^O=JOi zYUnS&u+F8pc(HS)r_#rdD)@~i^DmY<*ga1s?TD{!)?vRg@SV_eV>?(;VNu7O2kcji zyjtPKSgCXc5sUXCuGzFLRNz&rZ8_R+v=V8YEC{dcaVq#V+ZrujxSbSyNE%yc^jK9B z8a7bNipXni09o>I6%grsS$Lm;Wn)^3t$nWsXfs@61yy>zR%IWV6&a3i1N^z(b-AU9 zaIh`CJ7>w3W;^JrCF!DDj`GnPfEL~P@_;FtJHn-(KWJtMKmp5x05ZmDk*CuDtR`$w z#;la*Z7J$XlWsnyvqKNXiASD-g$dP`r^63(r(7jup@34*!b**(MFXr-ghRnlF^&Z~ zTL_2bGf4yu7Lg#u;E94j*Y74Oe$r6gh_mPs6pw8RkBr`G1n zKQ;E>+4WO%9ml zhOrNRkI5TZD%T9f_K$pDjk-rW(IG{;yhrCjf~Rht3!R8CVC}ZX0lI=7+Ed=oxHGQx z9&g-X=>EIrwT~FXQXv)dI0*`u{0`^lI-Z*OFBLqgyp`kw%$xuF-O~LJJ-h(odH%2C z5e{Eri>B!kN?z#Peo0|E@DOKvgw=4MHpK-ml|qAw_Jpd|)vRNhz$^SI3)9EBlIHTW zyiUwKex^m?9+Aj>@*%PVK?;iT80G=?zqAwmfVCIsL&+q>ptKAy{3nz&QSAgDLoZu zizyDkMCLRd5)cIgkOV4XBv)se;zbhl!>28|Ls3)#CuBga9`Lf%Z zH&nP5sXMGQx99X*INSoAnxgsY3Y0g|MH_{i?4qWo%(xv>em11 zQsRWCR${Ls{Z`Rh2(8W!SF0HA{YV3EQqzfAvR4J8qb%cK5htyP+d3u$x zmspTz8TD?t#t$LN%&%%;+?%NLW5kE{Do9zmSG1Xu`GuS^447kC-lp?3_|CqZu^I82 zdkZT)cv8e4$FoI5%Qi|4m(41I3Dbpuik`_Lxbg41a$B=_#GEd(EVw!@X2>UayFE8& zMCwHS(7EMl(V~p1u*E9(TSP9Y+OaObGXPAmlrTp(F=Da_pEoOYqBwM#D&hBPtvfr8 zvtUL&JOCWNZdN|WVPubFj>gxXOIMfB$r2U##!|zq779mgA^KDCQc zY*cOodu(f%6O<*LD0B^gs-3g*;}h!LYMKI#Nv9U*BSFo!j!(WheD~(+S{`6_eQ|j8 zUAft&VX8|jl=bB?VrAWI&MKS|gr%v^1Y;Ppt9EWRR5j<=j2YHYyENTqPN6v<>gLnJ zbHq`Jq$co%>i(;EyiA_^*iZ4y#?e$D6pK?s-_a+99l8U0_9P0 z|6?srga5DD;Atcbop4YRF8bY~awXQ87hB5*0jRY#`v3Awhb3KqeGy@{QZ^3D0#x8I##o?X8^JUjgM+>~_vDFO<-^hxv|{3g%rjL6)a=BI z()2J=43-fb55&59lm_AEC*1sAV*@CtRI1RQCYy#xTrp=f&qpeS0)Lp6j4m<5j4{rC zTgZZ`DPQb&%@HKO4g2Q#X?|+#KRFY@N8zi<0i2iru?Ig&>p#2u&*y)wfh^YkqFrc#{k`4(X8{_#!F}HC4c4YJ_vtU4)SJq%P~A(% zx4j8`neky$M9r`!ZTln;sAM+tpU^NEA|w1;o>CzG6o-QnPV)X$`XK@>6FW+%6QZBc zfiK|a++J$ES*i@`1YzR=7gaFmEL1`1wPS%U^pg)WU;Q?Af6PUbl98$n{1^^Ihe7Sr z-}B()o8KhI)Qqy+x<_f~Wg^@Y9y7^MOpvd_HWT2*xCu@$&e5jsB%U67_**2U&+nWQ zhOtZMZ|k{QMS-lK`k^g$jz$P`wD2zxwi2YqjmOo-jgLXO1Vxs%0b2a7n{xDr@jsXM#s-l^hGHZTZlo$|j%|Krh8D8N^? z17N=X@0Rs{Z)fjW|F7d&ss7LJ1hd_V7qoK|Kt#P~!na2waC7l+gftX&wf|=%yqhzO z6~qtwr)a>KUF;Kxpmj?j*=;2}(58V`poSS*SH8&ZM?W5gwcwl%BoNv{KexJW*s|D^?!4jp?L-;`}@me{Bnc6 zv>g2Re(d=igyCne@W@wYP1qK*5@v-WYX;-U%(`do&ws&q_O%1@_hXwit^ zinV*)E=beA;;FUV8HYqQPy~NviO+e&dVi&}Ltp-L<}zGel1t6V{dQ@-*cx3;c5P#R zZ7IW+a%_nnk~+nLGm=1mb7`POWPuk8U*<5JQFg}qYMmk=e^iTi$DLJtQ z)mhXkBD^StOc7ak_s0Ta>+l#@M>)&J^m3Xmaez&MHBh{^t==Q07{ko?n{!==%v@?C|BG8=pPj{z$ z{$sD#+j?IASsdO3(j^xjf{j`gzXjKh?mp=E8M_ zl%MjHAG0&~tnY}Qa?8KPVC8Dh_o?<6gL}g;cIF)Sqqhk>pZW8A=FcDHsXPB!44@pp z6&L{X?EhZ%{J-ALv;JSp)3mc#&hMt>->N(Oq`LZ3Q|n*vsXPBOiB@|J{5<;~=6(76 zXL$KM|JU)9tPFjpUD?$ac6;g6=Znzo%gC3oVwyw+u+`&@^qNDW=(P3=_5LJrY+oMm zA`9T`prx!=X7Z<0;ISM)q*b-4eJm29GUmgZiN?>{81=)ugUxx`L)6J@zMUl_x5)41z zEmKp_ILE}wPv)RsZg?Nu+p&9iaZ0~I7NpZ-FQy+NAVPmearh%$7u!Amy_C!2@{K|Lb^ONCRM$vR6J2;GZzO%_7!rl1OdV zHj>NRcx^zt{rWZQG7ILy3z9aU4PiRDcpHN2IjQjhuQQe(&CGCRT5O72q1r;18ui3g z3msEEcR*iB5tAka_6-y_irUs3PtEH_8cBg>{-9$1rXO8 z>@)tsOVR{;EMXQfdc}XzMW|~9Oq7kn+L!9Dqs!xj;g#wWFTp#WJLCHqqW@svkm{N-2b!t z?EkIh`Q?|*FW8+oIS|*(gAav^sb5WyEY28Ao-a1ZyxIJsMR#GjBzEZDdb-q|OTp5T ztk7zy6CdLZlVifSES8n)C{W3MTw+pf?ph@ zL)QL0u|7wG-ZWAr*rn)MkFi{AIlVAYR=q&9UsYXTi2YWj_a9-=bN*M|CH}HMQpJO8);628`w#bsWAvb3!ftl6VlFlfld%KU(=4X~ID_aa#|1RPDcj zp>o}3wFn3dW6L&pb!-Fp3nW&73!DF;x-Vh_{XWaA5l# zkVC1@JEG>Xy5L*XtC{1Q?FRwi%Am#{?dk-2Hv9f~PmTST`iV^aThR#+^Va`%tM`BG zJm3Ggo@f63kB0AEDkPa?`K&veI7o?AGo|= i9(z%LFx|RV7(VsbK0nXT^Yi>PJ^u&m*1h5Y1OWi=U#wXG literal 0 HcmV?d00001 diff --git a/released/assets/longhorn/longhorn-1.0.201.tgz b/released/assets/longhorn/longhorn-1.0.201.tgz new file mode 100644 index 0000000000000000000000000000000000000000..ac9aa44be039dc77b5253d91de58817101e0189b GIT binary patch literal 11524 zcmV+fE&I|RiwFSq3-`~mOtMNY?+i}{N+7o}}Z2&#?c6Mftf3LT-tH*zT zdk4mUueZPVC)Qm#CN<9=eEjVo2va-t!XP=YZ6$}tsW7Xz20TdT6b%z7 z;04)-mK}NTd7J>T57^xn{EUpBoo=Vs0+gNDi&A>02*SLC*$jx4#@--HxyuHA=-jd- z4P$%6nV!S+@8?siqS+!%dJA_hEdyIkBPH7)kvjchV#Wi_kWm&<|t%&cb&Vz3U`*qt-2- z0t^>;&dP~rsUE>!MsML4^%vjrJI}$-Ug9KP>lS*eDfsd~z5*g{?R2_U+!r?dYukrRj4X%K3EApUOFt44Ac`*9Vsh!;NxD&=BU9FEF*x&46)GF~#5@xZ( z35A75VzFWtGzYjXTAHSB;BaeV2SDC<(Rxc3&%8xT0)M7S>rM?F@qTx!^{Iv7AMnv* z1H#CPLH|v7XX385jXC-sti3JN|GT~I-JPx7J=FjE-K}T+zmDfcu6A2RedBwhaeB}3 z-wg(u(X$6WXLjH+(2-M?h77dB(prg~gB$`m9{J&vyBi22PC#h}%;z8vuwsN_AwiwP z?m|BUz0agNhbE>P-;RN>1Dp%cQA={y1Jw&f6&|R+;?VbbOt^5{8B4g-nPdv~NgM`Y zmiSZXXXI1;gr#Gy%Qe_b9v6V@} z{X1wdjKNR>Y7+KY;();sLHflP2ke3@A|?&M90>>A1$fPFO6J%N z)215G#h-Q%Mj?qQCyKfgxR z01_BHDy)epp(a4jiFaC^*eIe7JZlo@*dYtgs*Hs;L#o!;(#Y5wo-ZSOqK|8+bs*rf>2K@sK-H2dqdD7a-C; zEdH=olWIPD%*j+f% zfvj;6^O*mXd5H%o(BLT^y6bhe{({s7yYv=+Z*{h||APHCaHeq8Ul5zO_ARha2BUlf z_PKwv!ET0L;7)=R{~W3ymTdTNG1!3{dtBjLEm(pP&r@bOZiCm+jpk3(|}M)KLaw%Fg@Dn~;O( zAy;`RaW+lQ0v@)HlVvI<;k!U$LmWY*z6!xDL|+G_g-rlqcGqLJ!R~pE6ZnWePf-S7 zr;O4V)$~K#O{Djwc|^IPuP(G}`kr2Gu=1ND-}WXOtS?+Y_?3Wnc1-Rr&KLXw{@pP1 z`y758+Z-$q`je;5Yv?Pm%r_{I6eGPm-2f?i=YiEk9lSXb@nv=xMad0I?E!HFb&2N~ z+fgJ4cNK>j`0e27h1g|$_kx|u@-ER!R|1ei8s?1?6QIn3QO^Y{*2)Saf*!g9E+$x4 ztxGQ4dn)!S0TrMm^y@-f$S(-75gfAz;T`V?yg{r&UnYq#8ILZHVbYxr(aDYRmljp% zOA}NqV!GIljY?*~b^lR{+>e2_C{lpm5)?O}BB(a<3lJBl1ECoLKXE%?8K8b-XCg?S zqD6e~0Vmyi5oZO>nBZ80PknQ912*Kb7^5PhV(?(Hd$b1A!s*YfWPwfn?BDjIDgP4+XJo<7bk$41&G!HH-rjyW{<{x9pY8v3JQ(X7g|R1=sMPvf z!)mMM6D)rRZZU?14}?nZfF!dsKRv}CEym=}1J+LCjJN5HvA)@UhXG_!##rpc$_WLY^ntks_-0_CfsvS(Yu}j@Zn<|U`VyrzF z(F;kOxz(xg3<5B)JkTm2N-WUx)E*VPELW|U?%kC=dQi8nBm$4@k8p;T8c69sEzncx zwmondXVhL{uOBgp1>_bV!*aD%bSCp=4qxr~fycH$2f^Td;JDS)Tv0b4FHOyc5q9v!YmD4aKD_ivmh-H{-J`u*yv-G zV-cRpEsQw?sg8LMrgwL_jsuXV>G8~wU!tqDc#rP?;=^xLnL`Mps2tz2qazAF&r^46JI22(T5a%5w;GhS7J4nr`r^n5Dk4 zm9tG93G3LWHBe@#15Kuq7oejZJ@5QUif$lhJPsRkx4-(bW$DwS;; zu>=K2wN@~KN`24cAPXX#5O2=HI1`^Mv6L9UxNCj$GJDa_=^DCBgz> z>{hySAwN7-mkJHncS@V-vcPpBpcJZ5h^ZRcI?9qXoB&VLLV}8MNdUN@FchI}TJk6^ zN6V#)p%*79OT7v2h^(8CV2h;&TurCtD&~pRIJwY;i+8xfkuTlpY)K=aW?-k{YE=Tw z39Vs3uP(Ay2e2u|CP|};YtHF&C+4XsH!8f7V}`LIfCK05uj-AG3Tn(@D7$sQ^b| z7NiCaUXWJ1Iq@)|U;Jr*fIpiwjLI=^5HdH6+j}*p80r(^7V68mOp#rH8GGMyX~HaqO>n?5ab_qQqIU8Z<(x3d~)yhIm|fNju*u>Gof zDRi0TC0V~o&7e}L$%qlE3Fbf&Iv(ZoQ^rD08Ze=;o%N7F?2eEykGd>6cqyy7W;Ik>xM=Ty88Q|23P2(VIW4GJ)<$R62#SJ>MgT1d z5Y%FF`xVI=GoLZ3w`J3m!YTA7)fgkxEryX=WB@rSer#7h=pUGOI+oib!F?G)y4t zB!g+B_deMHPCVR>B(`Pg?Ex}dZ;VNo6w!N$`B{pP)+Us^7A}5tfB^}x=QWiii zM%A~#K@;0Qyt6$Y3pP_#mS(zmGgVIoGfl8oHet4|MKVj#0=UuP+!cz|cG3(QFenck zIisSKgZOHIxsNbBSs;0yN`rmi`69_mBx$4Ai#hH-i;5$#yP^S*Mof7$cIOO67GW+p zKN@pPrZp*l5>QXxi2}?lQJnFm5<(+5_=AKaYJxo7Q>K^$mA%jvDy+kPKox0m*7;E4m)t1Anr3*d z^Yn1`HEi%+iF>!_P#2hD~sbmxU>&V-jB2z6^2EWEpcm(#J0_k+g!Dv;)saY3OET#o%rb zVXLXEZLk4TVQ9j1^F5v@4O2qjz&htidx+69Qte{gpmKQ2_;84Um(~x5muIJE-yX0- zSq?XI$b!h(V>=k3;fY2i0?~UWCTet~#fcx4p&?AtqM;1L2hRYVqrA=Ib9Q!q#g4u^ zJp1;9U43`jXZ@3_EBMBKIKBFg9bR1>9({Lm%-)~BdH43D-)R}F-|c|#et>it0!d3Q zDS}!|vZxj?*WGi>X;~*{G(MtuVH&eDu(W2#o|lPH5X-&9u^4%{{TYV-;=RbOzIcCx zy3eNTYtvSF?9c{-*ItS^L}8M6sF$Sq zZJT{GK*HyN2PoQ_iOG*P(7Jd}7HOEJ0(086PzY|C@WKJ^Ix2|1mwEmsQTOGFTu#<5 z0iLIHjF7-Z==-N2p<<9lRTrF!Ff79gg-W(lfKGN8xN@((0UpQ?bv;>^VemAbXzLW* z1KHQe?@h(dV_U)uEC1ZGQ9$mK&Z@eWLUDx z6_#S9Vns!B73xD2q^QCJ1c)lS8~G6ibe;k2brVkchz9`L&-c=7pr8a0s>Ot8n{QM> z_IH8r5wS$Cekk`ro~CeU?y69`adMRfLyQ4nSFNi|z-k*#g%nrq>ctnZd)s#00m-rVx()>owKw+_z2zC8couMFPz;Kj)Y?qn&y0lt+T zy1C8In()FK6k|%jA@)#@v~_XEl(u1W95+w~%At|eAUM)Ss~eCBu`EILIbaA8hT zbmRg|3*77n?EheDKh^SCnc8R*^=<#ItWQg?pawtz1t9y-xc>kDFCP+Y4_7FmFgYccEO6L2y(%slbSIv z%gzI)N;6%&IA*Gr?uWFRODER|^BrbN!A+E)DTe%M=_E1yZ@_1fm?f55B4*jH#4OQ1 zxikWkVgsu3dPJyQN?nRqQiFCsM}#}x>u^VsX3njMC)>sj zVDgqJ{64fjUvuuwz3rtp47%-V$5rf8hO$z1sMDx&l<^3v5P>Dq7GlvF<3To|pCYd&5exXpU2O!}&VLdijNiJ0?Gl5kdQA*Exg91a zAJUx*u;C`?nG_e`C^3g&p$>;qEGibOkqCJp0?cUIL=4t9on<49QgRzHnyEpF$PR!P zMq}usk${UqVC4ZL_z9YD6Fm40Cp#!OupDfm&P>-w5Dr=+OaZiwOH0>Il7Rw)Mp5sf zi7L_^5W^emoc+(<&cI7I{-;p><`JevA?q<1p_$W>CO~U}Os$g-;H`6v8L3_W_7upm z4-*_%?`zw~I8F>>Dq+`UNGY`Y;Bk6tSGQ3gsv7B6i?!HlPP}T|w8svI;FhNCia>>@HBieZl2pEGy`ErGtOrHzhR!sVReD_Rh)X#clfjR##3 z`FQZ<>Td#A{`~*F?VbJS^Z(cJsHL&#!e!UR$1T+HdWcatDxumT8-@L zC4iPUh32$TnQIK7Ol=!4wsp$N4$>}O?5V+KS^GD~p} z!~y%?R?a@fI{0NqlD+sS=~e#FDmm2Hs+r;|DmNwliV}@Ev7$&R4^yF4o0KR%&P~ND z6q}t}CW;lao(ecs$yJkOQm8R|N#3MbWqDS7EUhi7(KD7r6miVWJ97B*SiVH4Ih0yw&^ittUH3F7cw}!QK#VI+cH+7XMKY z;(vvQsKP8X(y=R7zU892bnn#>R4sUgVUq(U0x&HDE)Jmr?%~m=u2}hytz5n7tJT3` zg95}MOFWm$L?sbg_3{-jN_$bc4Pv!hIKVm~UMyf?EML0!J3E-rmimdto!S8|Kukp5 zlfrj{IAemt>PjmR4^vdzAE*(LIUtvi)x}VhT!5?$Fhy%hWN6b9v(|hIz9bfu=Z}Iy!}lH$3l7jp>SD&8#>9R z0lqVF4csuT*iR}$m6z86!eVDBfWa-vDv1hu$Q0JX+NnrYKesg+scy&T=Vd@G2O*V zC!bYf6Ino>8v4sGtaB-DQ|z4Ssr2!q3Vx%>{EMXycF&VZJK}4bb=a>Ad?)nW*bY`y zSk!Un0sGY=uU2?5Rw`XV#Nxe(Yc_2Q6?m0uTaNY{twb6p3&JaVoCoNL6u&wRoO>oMTXF~qcDOU+uD4-Oyuu>yx(EzIy z;ZQJCjAMb$7Q!LUPZmPa^zg)N$A*vr?GaYPf!Y)oyi^JeCfXCKT354opSa-=5qP| z%A4>o!-d)HE`GypJz{61OwSvD6egKTzaKgNHS=G^Y*&^FG-v*A?QECyf3N#||M!|6 znmR+xv!(P@oGqp}027(hbVxuH3_ud7h>={KX^Iy~&<~%sdfad ztye548Un}6`&J;(9#UB<7!T6>91wyI5a|P;+7)1t5f~DWq|Jfxim8Rgv*MV8?83{$ z+`6J7`{c`RYu-@dTBPo<&fK2UZ{ctYbZUy`t1D36AhYr3r=FSXd1~Z;1Y}f!tsld| zlgIyiDD%tl|DEUizt{4Z(tUt;b#Llbfd2{y1$kbPv29$=>m=jNaTwmV4{&iXwIt_M z3s~aLMH#ed<31923C^J-mMO*FeT&|zO-ofRQflK#mmHML#T|Zk{1})6*J%6V*og!7 z@3dzDrC~T6zQKGHaZZq$N%BZogMyTJ*VrF?mdEx>E%hYEwAvtURh6cy5SsHFXX1!= zBB$yIYm3a>YpEu#^_km%#mA4Pc%64+8tS|G1cGt2GZL6(4m!!lKz(;En9s3 zgXq-X(^I$pPnQxWJhc*g9r2&Nz3zTF{E~~NMfs!t4WKgA4+SL*I zg&$H=Rp#kc#$IAUo@La#i49&W{lv+N&UCi!FYwj(q^x#Pme;m&i5iQ#&HC#5U2qsJy0xEhYi{Qq;@5*h>;t_MY%(CF> zxR@cI;O+L@oDr!L^+V^Dr$vi0s=^kl+;0)Nq-w{y{LTO{!BWB;-NcB=CVbwk)QRHI zX{v#%&ywG)lk)(V>4!0L+#RZ zn>mH%fT){K3(pZpC6b!J7pnWO;_)(h?qfg2GaE-!flw??4Sh$S6pj=7!@EG|Dju-* zR=4|kyM;RjYO{3J@gnOr&t>#~N%LH6K{cqaPVLZ|843tY5>SQE(R{n#k?#SbBwvbF z{w$2OTDEFbZb^HJWM84K&0;0~E2FEn&nn{O+i4s6Sg!P2SZt`x|5rIWR_3iD05C8A ze`}}g|M$AR=lqYgJPrQ8W`n1ZFm%E}Nx0~Di^`Q)XI^YA9|WM**69DsGaZ(6{q;!@ zEA{#_Z(-*N4^~>SuMc*~VIuZc=T6K#Z|ci#jW>ns+w~@PPRcjuXWxEzetCBN_VDcR z+mp+p@vDu)Hm#NCse?+@9iXyMKI3oFEQNemo1bv=dyNgCpi-$qf0}F>B5}o>(L5ii6bk%d zS~9xC3^T?!|7{@)rlx$c-!(^&{5I^H=coCpvH#>u1RsU3CI@g{{>L8tD6RkO?mwUZ zwU)Mau&fKTJ zbW(3B!$Ng09pCmQ@MXq_O%XN2nzZecK%kP@%zr||V2F(HZ+S|A_){DXN;t{;SLufc zv`p+Mp-zZ?LI=KppL2Vu^=7Fus1t;Z2V7LaptDc~rPq!Hy3kKP%zX9R*!?jVO-e?p zHt=IO5FG}!Pk+yYlW%^L98)vOa_b(Yp_hqpPk78ELoq?V3foM87vm;4!8k{ox|4W% z?BQ>bls><6P8h~6oxiQ;Y83^tg6fC1*f|;@%+bQXMA%A@8aEzS8#hwstBo47L;h)S zy;%4%|1>@-m(Kj#_^fUXX>XK5#S#=*+6HLxyKc(SAI1l@s-^Dis(Yu3KiR+_taZx& z8vTz)OQ8T?*$#mD`oCM&|GnMbv;JSlvr_$^-w9^B6EA4zCV+@~&xCJ}M&Rb+;RtCc z>T3VbNO(7A7%PY$_D|7(F}v6&5JBsfLbBURc%V%KugVJsD;!qtiW?3dFsfMfc~F0g zgL>!j`v(pxR(&4ShYYG|TWdp%tylNs)4cv8H%C6w4w$3=_jh;8{(o-qerwLD9& z|CCqn#d*nsXBN)deDs!#N3Hu*abDvhP_^;miV#LCjw-7{dGHsHUzm05IMx5nWrpS% zob2x}lkv+9_R@0j-}|xWa}b7~y}~13nKfZs%u1LQimVxoBQxuswLkv_6a7Nh~>yNXN{AOmu&CZ8g zG}W&;3GcBD*Qes;ZT3$t-=7|xTpu1CoxeM~T6N3S1T3RUX~oM)yiV~{`rytMpSJ#*4=U3Oqrv&hBWYlv%KmSQnS)?@#-u=VwnzuNi31B3Tvr z$5E~3VvJ_$)m3PuB8i#f%hUHj#mkd#Py1Jwhfhe)IUSls*V)~A9DU_w70onNg&OI2 zdD1`q@2BL%8dPUdtBCNT6f#9*-Q6Dxh^@<$i#Ml7hu1T-M@16XHd8uFV>!fUTuri= z6j>JiS&coa2Q~Mn%;&mgF|TW6F|2=+c~s)XlKI`D%8XRELZaKJ_Vw$Yn)pxY(9+KI zv5P=+;y>M;^7)TFe4gV!>v)!)hcmV!;OCk+(USA=fl(ombyv(MbaCfgEb=0LOu|4P zAl@l|DLd|jkIHn>NeR%x#^sFUL z%Q)ldeHh=W3sS|)(~G0xi;L6a90eT)Y>B8Kp6_spFAsw$C9u5lg6zYLufv3r>1Nf< zqR8iT35K8VmZ>RdoMU3;Cv(s*H@pw-?btoMIHlhp3)1Pa7t;?B5TQS#IQ)^Wi*2d% zn9;_4NOI!59Ynw_kK9GHm@1mJ*GTYttFpTYH|9u|ry{^4t-`*dEa65iYD;`5OoRtg z>}&W7&q$d=xPdJ8)U*rn(gN~*6!jW<0;PaOFlLFA6#7z_x@Na4Cut}qYQ#M`hTmtQ`Z06z25Ww&$T=+qyaEW*(;w1@J|@t zW)W*QNu)Mw8_DHuyf&cSe*KztnFVv<1xcIFhA^F6ybZzioYeS$*BQ%?W@flDEjGoi zP;H@0je6p$g^sD7JD{(m2u+NV(4DcJe9xz0*LDk_8I@+C24{^mM{w#z2ZOVBGk14Cdx)(?MwC7(dBW%@JjWGm*5@G9d%o> zoR)MumzIGrN5#d;Oq`>xN@0)a>Sg-ap|P6VGxNu%X3*#7NuL_|e?8_tZd~r9(OT~R z*@pj>{lC4vXa8?4&o94he!=d%$$_|L9(*WVO#NztWO2q|@_eyL=FR38ExHTKC9y;I z*3+f#Tnd(!EQk5PL%h{5m+e?s2p##EuA1o_Q9ZPxwD*Z6@p|7F?~MNy#c<%Ty>0r_ zoAk5c(EGsJRt`)FDS_aTypUeEG0c2_%6`hgpc#4~Qtc=r)H|&oxPVUOQ)~mfk$~`Y z>yCQ8qqh?TL zE=nX-6a3;J9kTZ4iS;=e^rn$2!7fG5dW_{_%jt!Ivg!q*{i^C>f^_c`AtX|a{xY(8G}>3O!6-F z*{huJ2SoUJb--7dTj;`0l6x0AJlNaef%97bRmw=9zk%;d{u~?e0Pisdwndi24QVd; z_Ut?EPozVLY-!HO;xH?>(4rVnRJtKcFC*p4hoz}bnGZp> zM!aq0hXdR1fE-GF-VrsA)dk<8Ud8mWQX$DC%Vz}|XHc)|G{V{(K;UGZ_6L7=9HogI9;aXu zlKE#US5fSiOU;58G@73=YWpvCSzz<|Z!(blNHH*X{%@D}e{XL+pZ~j_=iz5cEU*@V q?DOzB{=nr0^Vo~}gXz|_!tklb_W5~!o}cHZ>G?la480cs1OWh@ft<Dc zVQyr3R8em|NM&qo0PKD1b{jX6@cjMw6c~Eu*w(5k>SBAAbFya@NlCP0%RHhSpV@5I z0=q#HQ8&;5(2_Vw_F2AX`JU`MC|nwS;YAW7XR_*<6N}xr6bgm9p-@OUo6fjkJ4Z7t zRBw*6^bebU`u%?Y^}zxB+wb@5|L*Pg_x`ZE|K`oBSG%wF-|YUOzq{Yx-}?jVZyb`A zr;rMZKlC5mSAB5*BoAhcE37DIa?n92#tNr=+KaJLDd|zZgA2tY%A~?+IzWzGqF5wf zWLU+s)=DuEicTm=21sBQ&xmL(mQb0ecpfpFkpX&Z+ioqYi^v?uB!EHAr6O5taV`fa zrL4GZ{hAAYO%o!c>9r`^(_gN4$3)@X)>?w31WRI}O_xDi&?x3v&KY4UD2j9XEfJD( zHbB?A9h~RE&)#mY-${s!16zk%BqHWa5vHJK%;L!o z7V3tJtDOu>MTAD?4WLTN;)x zi%FDWhNncVTTjlgxO1gD7BA?!B^8lMcCOug!-DDeJD;0_{&PPb&DS_Bi2PL)faUUk zcXxkxw=Vzp-t?d3|6@GQ&@q|dB2~x`07wzf89UF=#f(ZLfc}2??rk*TBEw3{pb1Th zE^tiZ6bpi`v7mUI5{VQ?V}f!lB}ouvilaF%1X3i+Qw*YMn({GDt-_&FqW?lxj#+rl z$yAGg`2cmhoes_L6iPYJObx>Z&EE(Kl5O>dcngZ278iGFIH*;d1g%`Swi!>zv7pyPSW?Az=|k6! z5~v;tSHITVUeKE$lK$gPqp&q9ZT5Sw0_;eJb2;Nm-KpK6Rt@vJzU{n7(;-i3JRhLb z$r)EeK_p?S(~(4I6;Ai(7KNJUWPpy+LaURfLyz1c7ixf5k*1y6vRqz6^NU<-2~rVe zx=IXBIZCmV1EfSjYA?@8p3)c}@j@%?`yGvmIK?z`qc|ohQN+A2grIEtAABqw7t(xh zfF?MVhOPX-$8V`r1N7bZosOk(t*oX*opY{^sTiRD>6BDo?OuNgXt4RwPHpo;FgNv& z9Xs3+QHruDfIi0YRgqs{F(tNv@Xe7R31N!jbVOp|O5il*H|GHoKF(-LzU66=kz)eG zNleLD5Uhx0=f_lDy~P>>$r(?GG({{-$5`PZR-uvRdY9N7}AJO)FD&!a5ACH zf3&8<`)eYG4tJDIheX7LDJ?z1V(%!U8BPzcF-`U4)r%GRRN#ah%}9JjLJHG7Mt z`i9_C&E^*Uret6!!phVy~c`o^$3P!{{A3RH%9wHI+)#?A(rwcslF>$cSjIsucDuR=^*qBeI%%m z1y0ks=6pQM2ul#-N-KFXCo!GO9hoCv8)25{0x7}Q1SzdSVy!{OoXME-LPFE=jMJEa z!l`Du8zOo}-NdQnh%(JUB#|hdX^jQ`6-pveFvJ-m?3xPB^!!P5L)8qWRO^z^wg+V! z$s(TV?)8$_Jh+EWCt4vz2}d`WRYnq2E0`Ir0^lZGPbXzlXg#G&7s1I7g@o^!?tqb) zNQuRK8^$k4#$ogX#f3=cXe=<`W}=8d&r4K4@7YE(s(>v&LnzLR0ov{NGxIYe8HnWF zy}!Jpc7Q(?+8$oBe5XU%R1j&(KSLt|S6N~MP#`Z=8dBvc|-i}OfZdrL_D%HX)QmJ$R*ue)bSfshFrll(~AAmuI za!iHv5YKt>T zQlu$LsRYF5TuK_!MF8nG%E23oBr&ZZK_;!<#^bb#=wA!Ib8=nHI>v+{St&O0(grL;M-4A<*>{ z8_^3xX)9Mlw3Zt{5N-vQlWDxsdP2cW<~IxlL{(zCki@SooFs;`1O+wS*govclR0pr zkVNH-7iof|!a^CY8R_TCldn(D(9y~H#pze4M~4?D@D_1lS_;aXj}FoB{Pf$yixc#> zlfT24V5%6-d?%Vsq9Qll;BrmCEKUlcW<;POUrF4`x*!V12uVn?tw&1jYBX9VAj2+F zy$bbupc7q)N)T6Oay>!8dk{08$Q5^OX`C5*qlsf)C}2;HFU?4r8Np;)9{N>*&QA`H z-<|Zb1R%;Z)1b`wPYg?ah9XpT7Y957NDBCX{WAb#(CIuwN1RRQv=9Vglyl7p<3j6% zCb6yR-_h|ba6rdk1&a@hNO;a)@iEcr541*qyhK^`8N4KI;D{(@P+_$rB#im_B zewHMe6e*0^%%mF}&}T7@47Q#<13XhL(9On50HK{U4gY0ryXUgwi@moXfywu|9cllh zkN5w2@7&JW`-_uNPu;3b^|50Ax4-|YzW;mhYX8lX|MxMTaF3Dk8)SESN#azr*mzm~ z*y&i-c7v(XngY2&8D)jCK4T8t+&Aa9Kc!c|k4C2`A$iK@ptElyV=W^vpQKTmPpx|r zS+}EeCTjze;*|b_B)v}OTPmqST39ALE_7=~3&6@NAmOGiC>Ku*qV;K6|DR?g&54jb zm2YM%XvO;9f3y3#w*FroJgxu7d4Bq7XA51^Y+#f!ni4h7$rsuJ!tsm@(ALf`zjSn| z&dF^KcKysqYNG-Xqx|$bwp@e~GSREL>sO#I+(l9O8Jq<@6L55rCiE6{qp~q=0P4RDfJat+^L=P*W{!R=a0;N$?k=f!vq$T&V5>9Shw(aO=wWq8rh zRdMqt=w|T6`bcs$b3vJ!pzfb#^k>;cy>p{dnVP2AJK?h(V(WxI9R?t~QE0GVP!^{} z(mu%E%LcTXSr2x0{w$q|Hu%?9{eCxS^!`8_W1x#_UH0!H5mjM`&lO zQ(6yrOj7CmHbfe$NMV*>k)Ut1sbY#~vJ6*bb(&2XgJ7KJHKW>CEI<9^_j4Ody{CcG zhEY$>c7Q!V`H+}@`6Vjf*bpA{GdO3p{@?wVF6w@Q$!h{&s4$7fbJMJ&^^x@iwN`Tb zp4BQAmX`89%%lYK(1&ZG<&+0@$|t*qKe<^g36@Sg37Cy=7dh6t0p7C4ce?j#fTXhI z7~SRqs&UkEL~aP53X!%BW7!f}3jR731F(^2Fbk2~t4~g2R6AQ8H!{6Gym{I%L)#XK zE%eD3YQ;yxMD>MMm#EBAg;I@eylmF)F8^EfKdbQzo|4Uk1Fh2k_73_r{qObu{=t*} z_ZUwYk}AeH?rA~D1^owDRK2Ue7;d=RxuPubd+z5vC7p~YoM43qJ`B>kYBcS1kQFwX zheoKW8aOf2Lq8)%SwfgX2YU62A~g|{IHz9=UgY32g`ebB5hlSyY(O)+;V#Hhmx>Fi zc;;Thx~1UG?I3hb#Ml<=Zgnd?pzpff?<=jL@47ipWOo~N$+fmv^l6r$p(tQz})n8Jyd`DorJrWSmI{uEL5;iq!oMtpAl@j4jE8T`Gf9pepco!W#-Q9!KqxJagC4WOjo8@J@w(yrZ_hy8&%MsHwH3vp_L6Bf2@ zzq_WlQP+?a_Pgx{He~KD4~DvE)m>xV5ng*ucND z5Wt|9V9A;2zwpoCqm2%z{2hFjHh8AHZ9|{jW1E67#h_{PyKTM0AHfHwpIQ^E^_?$X z?;L{d!kU#A>!LK~TqKl*jK7Im&_-6bl@TRqEElg5%UBIQmT;ZVEgygH&vN~5Oj)9t z-NV$tRsR212XAWn-<#KOUO(x7kMZ1J|NGL=#xgZflg|UxK%SCwGSTfi-m(P74nj>8 zwOuil#TZU3X%*Adv95!|IOYXY&1zQfig2ZXJ&zWer7h+m7^I(jnioDT>)-2ek;EG@ z09UO4H~szk`hUIudiQDlKgJWTf34D&OZ^zgU_?}9h2L{6Lx_K#2TQ6v8c_ZTLZP#n-&4$mVm7oj9Nc;ANgP0$d`4Bkb_%4S`BuG7R{S_ zh)C^B1w!U%Ow}PlnYWh z((3-L8U&hb8I0m%(;QB+46~#x8!bjggrX$)VOUxC)gJzd0Nmh1_ulw34X%woTijr; zTLGj`l{a#mYd-!_4OkNPP9oZhk}nuxI9&yk9d4VDr?sCT5H>w-0w7S6?jaK z3Aqj$$aE=l^kZknrP@iz^-iNsE_l4GlK$STb&Z86*n)c3SnP;`?KD0Mp5v)KYVjpa zs35Wafzw9&K?ZA$ zj3?v_XU#DkpL})r;qAqz(aFWd>DkwxhKCp5)Vp0aO|@ADCEV7x{;axo5Uwh{Bml}# zxEjI;R#)rVT2eJ!V+&T;lG?T9wr~lpXrgUBt-VH!kNh3Z2Msp3qVAfzoi@7JD@9%< z8kLdXA;f`*ShvYw_ussb70dN(mDyV4307pJ1Xg4^HvkEqrj$)Tz$XV|hHpPG?2g9` zPFegcaiLfXuh4efp1}I6S9&>rx?I@*$DPT2K zlVcI^UP4DL(zhl^6&%4dk~=I`BgHzn?i8%UV|gle$r$UE0wVj|=IPV(D?e@ipBCx! zpgvake_p-rH~hc5{U`s=qdcw5{K!elWzOBEsJtT&zPEsI0JRb70R0>R6ElaZBV`Y_ z2kftQ5WW|ld3P+ZQag(MN%%EaORK9*Roc1X58%IZvXS8DVuk7ZsI!6e~JdGp~gw0F%uj zD#Ldo$VO%hHC*!+V`Z?9mLHH?Bg(DMeMtw)^Kyjt zLX_|u1{0OoHc46R z`Qyl)u1I_)td;C)d0LmxYG=3Fe=bVXCMbKT1-RV)+wC9h*WQ_~^Uma`t>1J&$7jUod#lcj!+q;zFb-%Fr%~B#OA%s9;5!qUZ*7|NPTTsr*yS z6Y@(J*+YYMA21vp+_~O;iT?Nn>hAUXUG)85QNj_4XB<#P+4QeSriA2Z@2`+)=lS;w z!!FwP6v8%2xJI zSMQ)M+-h9B*|_dL>hc}Vhj!e)&sp|4IywLL^yuW%;nC6i4`&yf?zy?U6;!Ehg~XEf zsyQ~RYr}#3w+~;Qygj-2bpHPR#i!%b^Crv{eQs5=jUBlFG|ZA3f$G*=($A2Xmy~KO zayO8p(dnndi;KgfZ%)oXoxVH#x@F=AcVBahKx|uYEr50(gqtAk>2mah1(#xIc>ey| z)6wbsvyCHZ0j!Jg)P(q9sA|bSyc}h16_%n77|QYa>9;56pUzLdJ{?`0A8s0nD@L&h znTyBrFr?bdy2}yi3N1z6`N`a7KP?cR4MEh}&Clq^f-ADVSPENQkY{>5 zetK8%7j^ca5ws-3UcD;s3VB;64}y9@rtb9?%w3^h)Y+;L{O-b^(6SJ8QLsa4QYQcJ zxm9Ml|F58%H~_RN|HJOa)DRo?fbK@zj=Rt z_UYZ>+2Pk(;T*PVo6Fok-QTh-jH0L(hFc5k`t=sD#|Zhc5nrkaXPy((JvTSWL_@)E z=UvxYHQ|;$b?$_=%hla!i2d4{mh#W5H-GYW&%2&tTa(T~FNbzs>Y0>{&hWm|O1-L^0+kLgW z-^l-Z@Ra}SQJxxCaC2{O`!Kl?OHop$-|{!*8o6WdvRJlLY@2?>9pWYvEn%o#^Uz?A z4iPH#AwYM!W1=ay%uj*Yl%PLdk@+_Ileytz@I|B7@JbM08ER=&4gNNDYZiRap;wDd zGBw!Vg8N!RMbCDpKe#4939>3ij@7K9k@=urm!P)WZ8Vk#!Mx^idQ?T}vhw6?p)_w4 zby{FO*~w+ZY%t7~IH$w~5mL{Ziyr272ydZEdlN;uH_7$dSA;@pp_fQeh>-ph7 zH_v-|%BM~K%Y3ufz^{`3uin(}|2TNvf6D*&C{K;2_#43LmYx?laQWMkBnra%hwlA}jB#pDN!bE|{8&&yl4HU1Bb=KMf9i~)vy+QY=Z7C%LnLVy z8U20q>G1g7>6yLr@{Fh(F0RT8pY_Yr;ZgO)@btI@!TY;`Uuv6dfX?;HLpBG;-&@Lx z+XY`I(j-4zP`AkQl)xoOX_+m%rC^XcBr20(z^{bgup2Cr!{I6XCRwiL$5g-%V;RAp zx!^y**(z^dX^Gaz3b95a$yFJ|bD2Ldi};;Auf|0(|GQJ!VVyqv^a zqGCK)$liMie{RJ6PM)^)AKWtX82P_w`D_r}h6B&;9d1g=F#>l0P-5bbx*~ zVMT_81<6_LMsPXM>IFCMWZ!c4ybBwwZ-O9HgQa%wp!6x1nweMp^-wW!c>_$+mD;v$ z5H~+S_Dp_o0gf48ncV;`YL%f2L|dV7_mp!jcNaiWDdx{Y7|(&VINw3Gl+!FD3B}5^ z9;DZB$Sblj5$`AGJ}Prjm*K!`q3|x~PAcrvXk5^Y@Innxci#u)O$5)rgd93>6})*l z#*&M8%rqdXgp z{}99mdE7brqva@wqr%@=lt(x&^r#^o^`3v%@g2>)%DT$2_VqyDuIu&G!6^Rr# zb$uLt5WgPYFpDZT0Hg1%ljE~q0{oe;0lw2kz~zOzsJo@{caJcHb%}u_RNa#nbk!$P z`2CQ=H6=IqBn4gdi4-1>6vBJBw~@WN9zEU2{rh@a^uKGI(nK#h=LU*J@*q`k)&5`q zpt1k|=FOA;=TV+#*1()9^dcn;y+}E~Dst3a#`L?W8!-GX>gxZ$e2Mxf`sJ6-GcXnZ zG~oqH(BKP{&{zc@BvI~T$gN#y@s7E^p=)AkgL>8n9fs%j4u_{!O39!kouC<(eDaMy_dG!|EYmeDWYXe(4Mw>7yYv5IX`WqKapE1mDD4)ZB`(9L4Nc_U}zOc zT#Pd6p1Z$}&W|O+f}o5_N!hfAhT!f(c3C1dBc;6^iv-0pEEF>5s9Y&MA~mDZeC)wo ztsGhS<8u?})AOr7p8xk|B+clQaX~iS$IAV`-B&gKzrS~||HS_v<9UXLSSccyM2aIb z|LA5$7=qg>H2cVLe5EzjUgsIQ(5yrjIV2)Maz@e=O;bKL8I~xUZX-cbtmrj?!{Whv z%#zMC#E7}^7QM&?nb2F3pc|@Y=#MXZ=sip4h%>0EK|(nZD5Z?_I=$o3r;*}u30zXtqHZ~PCj1OIg|X44)0ANNyUvz@XbbNddO(3Hr|R!`pK zovq#&Uv;*6D$6@t|I>MfzQuy_LZZ{-6WQt6V-TGlO$gpGM09 zmnEC;W0n7JZ?C@o_x7LkzsGr=A$O@2I?@_Kr}J-UYwI-A3mh}GwKZr{JA56Za!>|u zFH7$~+;nnTZrmZx(s|D`{t*jC*;F^}+etW)?74ER1r8)l1qS{z5j;Z}&FFMSgf>vM zzNfhrMk&83U-dejXV1_GY<+aZ6VmDU_Nhd>{r;a3&j~}u9e^aCs2eOu4-L(Fb{}G% z5M4v&g5U(ortRAlacHp#Mv%hy5|W?~oE&R3d0 z+6;Bh5sOZ4^OOrB(1+7)#PBtpVg*Q}(F1SM1|LC1w6 z2^yz7zH-6v_Ljh!fYnA`OzibRB-z$&2#I3MP)e=|RP+JW%5zcBFSJ+~&po`o0AO=H zv4%P!2}Efo9*$BG16T--XSQ7!jGVK0COG4TOy@3%ux?As1y{~!fLW0$ny1948iqbd zf;cO`fw=3Tiy3KyK={kr*!|8qJuchXOhWmhd^FXaXXJM6148Zvq-#vh- zHvE)p487q+z305HZ0FZNQp=Qo+UxK2clUN*KVb0dQ^Dc}HZfdq?mmPds@~x>5K?t! z-;)%UH?ncWEGB~f!F|WPJ_RhO{eV#}xNmgjtjCf@uHKSyAB|3tD`s8DWhXuKmf&lG z#wli3U|$xBCq$80_0~j)ZvW7=zux5QD(3RaKoMPmnC7hS_4azZQ99eb+u#+R{yL*x zNCkHoZu^z0Ymq`wbp=Ag&8lCCAcjE~8>fldMY0Vg;B~LR23a(*usOb^J?9- zNXk}Qfg%q#6#liSr`F5H$tJi`xJD}d-mA5QQ7axcMqmBI7QE6XIaeiRup`ExnpUQwX__=)?Kjri1kS zE#ec`pfB4Tc%G+ox8vqKs=jnLaDlpR9dH%pyoRpQeY@uPB#`)`0T$+S!v!q#m&DHB zj4)-=tSH_X_hSuYh^4$qmJB7=1-M8W!x`ESzt)f{9p7zGBbUZ|(V$E^AK1QYjLVb$ z4NX&6XBpOmO4B)-5=Mk>35Ss}wlxUug#!q>UD#_ZB*gD%WE5#?{rzUkZ_W$Rr1niu zySJ-tflv1AUZo1`9W=KrjtZ%GM*jgjw|=R)!+$M@FFfWZTtJ-(6;dHZGtx8R)EwG2 znB^>;Lr@W-CSb~jBcU0F&C)Wu%5Q@QJ0$^hZo{OBo)vp0He+0a=e0GsZ1Y5mfU9Cm zQlic|S01ZE* z!hv?1Wf0#E(C#uft&8M@#2K3XhsJgfeL44Jw{OS4)H<&;_n@&axW4}}h96jzYhxg^ zLN|v5s{=na0<22A_TZfgyt#n~`rKm=K2XipMnI^}Z3YRpSNFMRVrDMjuH6s}lZg@q zAF4yWm=Q!+l5@&bsVBrSktXQK#^NY0NDrc`wa^^xL%5I)mLZ89`C4qcg+T^vc-r>H3~!}vbh+y(K02>%B5=9 z8cUGESEP&-+p!3Q171|=)^&NUjA$ZEcuRnot<&qAajnA6unPOoiXGRs22SRn;<$)t zloY}oK81)r$`jLTQ1=GQ_E97~^wBi~W1VUFuQ z?@kw`Qq-ygE+Y^VduSU!rt<2oCIph4@r1~bGLE322SXP{oFQ8rmF24xVXGx!wJO%Q zIX7ooC>INKYm!NX*@AZrz&eT5Zs;C4vLXJ#;$JzbzStimxtZ zrf5uT6efg2Lf}8SvBCc^@ep{)?9m#d1mh$j$s*L`qk8w)Xd?79> z1*-V?NRY&HgzG0C;6Mls*A4Q-VT4El2e9T7d}Y5(lizQ7{;zm4j{{PR&7;@T3T2NiW>#q9RYg#-9;% znFLt9bjRZ=Dap0`!`GOm5LKPQGQoljIuY91a%*jC%bJL^ItpVkLXfc_D8qBa1^lB~ z@mL$;9HMFu|&mi?vGT}KLC_ac~@ZjA|qWtS~| zi>48us6(dc;Y3T$>hiZ5zS(qnORh-Yky=(VS{1cUlZX?Ny?@}B4WaniE#A@vx^()(kLvBYUP`1 zFux|E+`fhr_r8h-iZUY6jNhQFh-c-Y0?c5kr<&L`&+_N)E#1$sNX#k6=Mu#@$1zp& z3R3s_{rl+9&ddY5u3yFM9;C=!1FP>SqZv*Q9SdBJRa+YQ;>)pmYKSS*wTdj@v#?Md zE)cnm2}vwVidBKr5c7PpsG?PY^s6z6c}65En5B6rZ8TIk*JchvXpKh@lAt25&cLe; zO@KA5>$CA{#bnqEkdJ00zOvg>7V{_O0)!8y018V~SA4C6VcW6(0eX>E0!!7v9^^3g zfYDxi=%Y0YoMxb_xRQPbw)F>YbFh1NDb90(g%hw^MhD2%I_>6IhKpcdL#JxEM`}8i zW3FX^CR1>OsGK=BtnydWTIzRpv}!J`4w(CsZ{Qc&>o>he%dkByu)s_al9+(vqv3}T z+h6<7F5uV|sAAiQtc4+tkQW8)&$2(=lHY-C*j82^ADX7>+VwV z#zj`7Sho`6G%g^?Ifetyg6D$jpJt-W{!D2>3_8zSNeF!bvrD9+84M)Dw{`1hr{>0F zz`YWJw)EsY?}7R+hy-PRg7BDM6Az!}ZtifLo<{JwJU3!0!?z&PG#oy!Wp&M$N78Ll zu^zhMXi}u9mUwx}sj616s65?yuNgBO!)98=bx3t8#*SYAMzmF7xTd&*zFy~4Yv|9V zQAD(wZ7~+;@-;j$ep7av!ln;Zr9;ClF_^DyZSy$L(C*G(K!xNArvMnxJGegdY%$-e zDwt`sB6Ju>qF|tVdH+@Wf&O0SDkuaB}sm`zEtja;r2pOC{P+;sjC z{n6>h#(`3G>)6cjBq_T*evi)HU!bFJ4$rVl`l=ydfBa7!*1x)iDvt1T_=kI!4iq_{caUSh30ybdSXA#IXz7@IJVw3I*F zkY7{z9wp$`x1<}uNrC`;>BA$OeQVCqcMiit=Pn&UsX`@oC&dL`WIUmhxltxuzdkyn z*ZCOcbSc%25<;uZb@7ya;b|BE{y;Sux0-w5|L{n=4z&g;RdfcRF(cm) z4dd3cqHAa^p_RKw>59KBxh$C+Oft_JE7fIV*hbdOnMbp&IRRys(C{=5A6q3 zep$YCTde>*gDB_wZK|c#0?~9228dJcTNGF@XvahoAi1WX_ZLjt1mKn&3L<5p_1j0) zkM4zSt=WxmdR_Bx9Xf>%$>3wdndNtY9RqAv7;PJNqt&UHo?{zd6#~HK#<^`B;EX7U zIZLRFIb$RStM>o>->NU(`uM?nK#*2U%wCM`;Dvk%T&j@9UjuohEW^w^dvEdWf}iFd z6LEh(jYiusB)=N+URDIZ)T?R*4YAVn+D2_>Y>}=*6X9W*N+;lHa7m(+UU1Q zyEHDn>X`Gy=($u{D+5FX4l~cZFcTi66_Yltm?UZ&C6HE3+O%T5UhkzDOx;SPvXr?+ zFe2B!k$M3`wJyeOm(xy=G3N@bwxyAzSEY_d9X)k`I@CQ6L3OV_H+sv6Lj~ zp-bQ-m-UE+U^$J+3|~_Ydl~`T(Ztf|9DHTQh&LV(-FpvRQg{3KLq?+&q$;=6>Pt@G zmh%dYX}sNs#uo1C>jwRfJ|MyW@M(vE{ouWj!RX9|xPcZH3O;s2o<~XvSvSgXEa9 za%)M~L*G<&l@=CQ%7nVPU~->=%PCeVN_6v=jysl2&YtRmzkLF06Ray$Ju1p*19mcaJqW}wlUpnt)Q&zY9dc=)xi)8oDoGtHN+auzad?yM{d;t%B#g% zwA~V+I7z7ff>U!Bh;{A4<_l**Q)a*ZRvj4ED^C+5Alw&S>1CTrL>0>DbOydcMq(l* zHqMi91Hr67oI+Fng6L1NEHX49SQUbRqt~2_(GXrn@6mt1J{VKA{oj@Hmk)Aetznqi zC2>yRR+u((%$Xcvk-Fb7G+u2rM^VC5LnhNM7_u{-k}@4TH~=9eh$Xc!UWcq3uqn#Z zlhwrnh64JsP=0gW7{qLjXqMwxIWr_KgwQOu4w^B~&3=dmUz(#uR-ykat3kMF$y36p z1QquqrmAg^t(>5sFw&*(vfH+3a}DgcDjR~s8dzx!T|%m0AI~9(+eqdL~_E=mY^oD$DDZT8_o^|&n;SJIxhtp%XfAfT+`xjcmZ znX;h_&n>4l-d2Bal7Z$1&i>doVl3}PBFi=iU$5LC^lR8em_pcDHQKLS#HI)e%Pd*N z)M8K%)hRJSd{Q+aZ`+`a+WYSyw#9n+L}~Zy^+qiev4H~Ev57Lr@s-(@LN|gc?}%`7 zb8Os?))DR&CvA{sPW^P{dWu00NU@j_sapESpob+iv4{9=y8)YW0Gv*cAhp`sY*^xC zTz62$1yUbay+yaMo}1dyjNl}?y}j+xZ2H_F5+piol)6|-u;Mj)gYObfxAO{;Opwl6 zICxwRXr#0WFiVC!k&uvMSfpvw@EsY6ZVQ9?X%cg6f*xJLmI8?FKs0+Io}=A_*&< z8aTbdbJ^zOC?~jCb)~XzZ%nZ|nb!D^Ew{I!;k15`$>{vnG2tqj1@Ee&M%^U@U=!;X z(ugv{?MyI(_2N6Pll8rax<-9V&Uv17$6wH*Djc;!5HbcW*`P6QR2; z^i_$_M{wTRJGUyKU188nkn7{PTGsE@H-=UzP#K`Rbk-;RsE&8h*aV4FOf%0fYiBh~ zKj#F3ihZFrS0b`4q1-UD7q$`?c60S*cOwI`yer^bkp@BcU{*xeblk1Xlq;~#6xSmD zo0D6ObFIWdg_FH%ej7&z?tq+7lk}nYWkQA^?0(6_`&00;XVz`Uf=r53 zi-aEwuFOShl;wr$fiAI)zWb@ma7Ma=u8COeZlkWk@~ZM87Myhl-L0KHv}OLM-wH$Z zgWc^eAXat<=%=o;@VbNUUe^8Pm+zlfbg0ERM}F*gn9*g487g_@*i;bds4iJ2RnrOF zK?qlw*;sBoCjz}eZ#hoTmpIirm_U(hyDdeM8_9@>YZ}`awxGUsQaZX^tH%eBp2Nb7 z%UXzb_m<{8%DXL6HfROP4!sh3#uGC1=Vl{KpEz;w`|FC0ui|6KploGy1mjGqzY zM`Q+5Ax1MZ!_ja(jjYHKhK)d}xg1q9gncNy0h(26!KN3NFFffg~B_u%0wx#H)( b6X@xAdY+#D9nb#{00960@a)XA06GBxRK^cr literal 0 HcmV?d00001 diff --git a/released/assets/longhorn/longhorn-1.1.001.tgz b/released/assets/longhorn/longhorn-1.1.001.tgz new file mode 100755 index 0000000000000000000000000000000000000000..beb49a3fe33ef89ac8831cbd66f0664fb2f0fc93 GIT binary patch literal 14845 zcmVDc zVQyr3R8em|NM&qo0PMZ{b{jX6Fh2kO_!Jm==GfM%De7W-mUFVdRU{?RjxFV`rgUA-+#Tk*MI$o{_cLizyAl+-#8>K zPazc+f9OBBulnHrNgm7?S6ETb|; zN?CE+`ZX8)nkGa>(`!+-r@vh9j)}s%t+fP636{h{n=XU4pi#`ToHN2yP!#9%TOuUo zY=EwJJ2=mSpS|5)zmpId3z{o<=MaLZL>MJhDnZAEA_*F&JibCwae=1<89bl~7wB)r zmK-g8Kz8O%7}nY zNQP-TK*8I852&DnP?aLXf@N(vBW(Kbb1bij=y5Ui)kgXQ`a5RRPK{P1FGNfLgtg{n zy!08+&B!p<{vF{9E5puZo! zdmBx-$gt8fXhKt>3mlU;#e$$~EGQnQL?Xq}n4la>NfJbv;%LqbffUK|6oY7*rhJT3 zt8l24=)aJaV-}usGSy6fK0w`Wr$aM5g;EYQQ^PPm^EX0*||63E=Ur& zij+rnzG-SJJoRE&|F)d#-i#s&%^;bSsFY|G3|{Y}HER{obnpagyO&&bU(d z>maCJo1IUYu)DL|8mP$21-+kZd*ae{#-;}6x&ebs$1N1+g za*0&C*IxqiY<{$J-24#CP5ooX4tGS9qHGGFk8yleiESW!b0kPYn4&lxkyyAA zI8FJ@d4PnEGn$fbd0J%Tn80unQ!*9=D`Ex3F_l+uvBp4h#uFk<5ew5XR(OcjtnuKffvbu2X@Lc1ijd?4MAgyoL#2i@P)6E>k4FXqON%AaHDqMS)AW=n zBCc_2K5BzTUGS6$Z0t=#9h3{I=0PL4P<({bYd-}2!cgsyCm&~oRp;mfBeyw;6-iQy z!GubUijn?Wq?AqHvm-7N&diim=HNd$Bkl8W4ZR!!VP}M?a}x7wBIa%(=`z4o`3)QL z1R$iGg`a`M&Vch`%05yxdyA#|hTv4q<`(^?WOg-?C%5Wghy~7w(spAw6kGP3j0>73 zl>z8agi#4Fe#BH&vF;l%ganiA=)fpIMw%u=p2$exw%y-joL31&q;f*!smOiwyVMs`)hGR_6P#)^2w3x;I={vc8}M*BiKnBAKpmhvX4 zzAIOEM-XTGqMv^0AoL7!V#i`_oGR;6Fktm*NJqP|3N+MA(#2F&& znhMVJ{7G~})eNOnYpKw-2W1<{BA)5)^^(^-xQ9+BTGd4fM>m*NMiNvjm>I1C;3iy8 zCuLJ;J*7++!O0JWgzuT|fRUI;iN$;y#xF?5Ve|yWg-GXUEHL0^qKH7xOH@Da*+w&} zfGs~mD9(!k+U@r<^D`qE$mZR>zr3S%fIk-6wqCP*r$gCP5NXOkLn8v?){;>FYa|%5 zWniX7f~JN5DQ6ug&T#L9{n)fL01nuf6bd6JnxJZZydbxNz((|VgQ|-_+ zafl>M2qKdSi521#)7}kDQ*E!P88$PbnWm;it5Em?F=q_e8o~Z$!Ow~$F|8m$Car$Vvi}|1 zPNb#e?anymW9Obscr15<=6hKZz;-&(2yIMNS>8d|s}5FbHHAc$ROA44b;Yj1l;*dY z7RbQd#(E@5v*D_%{TZqu(Df7>(F;RqD_29bmK#72ZUvT;Y5d%JLcsv%Hw*F3LnuTRg=(aHJ6=~t&mhZiUC z7I9%(3d)?14$<)Z^xMOW6ZE%}zr&Ycsu<3ECz?&7A~)UOa!tT2P70xBM4%#HN!-dh zHwwlGNl3D-M@sE#G+HJg!!A<23iW!R6J3Z(5Lae$Jwd^H5Hp_06?biEoEdwgiDOPY#dYo%FH26B2;xf2Rs5u3iyEiGXP`I z={!S6oK5Jo5CmbAbIl0jLhFPm2Q5T%UJbqXj{ChCpdT&Hv>JI$Q!*uqZb5bogC35C zj%YPUx1v!iaYB#Wx3g`gPmL!=JDU8|7q#GR2XEBZpww^r$JX0;u&6Z67p`A1h z|7C3>>9XUCy|*BN$@jTkbieB3{lDHjw{!OX;$+lQw`x;;tl0nU@4wos`F{^y?e?Gi zzmM^RdyI_VAiL8`5~oPT#uxI(PRBB!8%&j!=i~-uloiVQj5+XJ-<;q6lwM6f8l9qq zNk(Thd(5)F+jg?mu z!cARJ0e;`h_})*;`u{W|X-`88 zn4=#HoI)@P!g&s$_c|YmX&uTd-G?5AL}L?GLFwix~x`CvP#ZN!^{oKYIAHfRU^3@%iyrFZ|Oi@Kj+ z@|pk`DompB+%)TGePsPLt(DxKX0?iirKP+NEGfY}^x;})Ipu*h@yV{?Pi|IAf~6Br z0%jxJMUJ&@fVZsio$kFFAgL@lMz^_uY8XXwL)y`JOjZCi(Z$vhX#kNIa3w`p1TJg~^Bz>XPB`UL2p;TkRE}ONx%l{Vr&uaXF zr(`qXK&$k>y@PuE@9X{kt0(>MF`h6aRg7`m(}Iu-`VX+EdRKoj+;F#ZMOor^#?N_5 zIvG(o!3qz2;G=h_Xxix@D{M3mjZjlHaAKy1enyP4gfN8;^y(EwYGNdDPQMns$icG- zKgq2kOoAWRfM)irU09_q6&F(R%)NwlOTp>dLFk%@u`Sl!>Q;I{-*vm+S6V~gb#tD` z?l$U@Yi+UWzx?*UGTV`@FJXUQcDEON*pUjW0%|gz*d_$Oo$r)Cc_MdGKGlC)&#U

;nZ(vXhacV;d7Pf7_yQa5M*N_$Vd*TK+l6pdlB{k7OYYfhA2KQEhVJY7h zZ$RTdw7jyhf4{{L48Z)*DAo7YeA-;eX$U;q2k(8e+~P?OIC z)Igq+b28EGI^MDb#tuSF6}4S4mBkoNENK`HUCV`MS8dG)1RvmU4J3sy8T~APOZ)k<`}E9F8-j>sCOkpS#&0khP;hYeQSF*9Law^v(uh4v!YC4REDW8?>8; z^I;39hRcSc(IELnMRG2b3>S&#CFbzTzrO1CgXLzpN`3tZf)i~L%c0<75-v{_=OZ3p zk;G}V?wTj1~OgB9MIUAajA9^a=p{2lM5a%tE9g-Yh7a@3bvr$ zH5NOfU^|V^g6DW@4@7)P6Dmlof8eyyevkoRQ4c8{mq(X3&{bsjJ0k0dShH(ayaa); z>*mx9-yeTEJA8LC8Xg{<1WiM@@K=Io)v1T=aI2s<-Wy1q3@x`iT06A|tsdH&@pJTY zo&*iLe$L(>pTOug(^XF59^(l)!&!4o$0uJMet3KFX>@XNaeDUkr{UqnH}!6pO;c@_ zK?%3@tv{=-9fYe&FA0D$6t0Fag4NZ!ww6>4*Vuv;wxo7#xh-5mE1GCqPiwCc<0F5E z^Ff0RuBf}_Zl{ew_DYdgiAH67b_j7GBGzp(*!?#zWW{nlTV=Kud4d%gDS;K4&J93< zrzvIA5AeysnBm(G47)>Y1JvE^_y64OL{U`FVp6f7AK6y0VI%jq70h|hU?MEaN+CVZ zi2+IysmENNNjpj@VG3AH)#O+NyqC~Xi}bAtQUwPkjpPoC)kv`pt~;yh@K~N*T{6ac zrGUsjw|V;X{K`+8|EERzJgAQq{-0N``wjnZ|J9TK=TV+kW`5)(%{xOZLnwz0yI z(b|?YSv#Tc8nL^sk>nEvd>}hcx0oRkwBoM_emB5llt62x?6XtLpo6G~NCoRlW&^r66Pp_~Z1-Nt! zuCX%lfpgfwIpigcwWLa@Lssg=kS-x|Q)Lfau7-4Rx`is=fOEW2&eJra{_y`wj?qZd z;2MQQ4Uq~mH7seXmes+v;lfhZ7;Gg4glAZV;*oS&AeQl@GFwEYZUPA-qMRqu&5W=* zpNoo0)`%4yteJhn6M)IN5S8IO5o9AYDJX#bEua47`77$I>mQtvd-AWg>=&+ii?K4; zN6Qb$fDz@^=f0$a<=Hbrdm&2r4TFhFYzmEa+FzJ?qbl-jz9LLnbVJoFO0iVY%p~A& zd}y`ITam)Ub(vjFWJGS&L6iq+JeD-x%=%F$AveduW&T)AHq~4qbz%`=x{&AwQ?(w? zSe0$03AhnjhRLrG7wt((yoiI?>&V67=RA?dogU>ynyy1Es}h}5X~q(MY?GZB!bxnp z6DMHlN^x_CyeSpV6`Ry4_LOksPFEy8U)4%>wLJOCXSK6i?LQZ#X%mY*)B;>?|Lyh< z_UrNAZw_{!?7v5OmhAs~GFWN_n$&ZKX700Ve{U<$x$s<=<^b*9ee=Hw{v!qfG&`>b z18C`g)CdSD-G?A77H)l2R7j88!-fUcVA9eW-=R-Sg-{&m*9G#qhdwO*8>G0_2 z{fD!QP50c~-3qGIwnAb_d(}*s)wSV3{@aHyPu`wfd^&&s{^HZ|>3I|8iaxih*~X4s z02*dVjX-s4E;VOJ%u7l&7P%Y9(dhKk;l;(_(KjdOpHAN$e%&(hgS)S}MIg4Vw-!LV z55i55oOC&Q!h%aNG(3O*?djPx+vJ8G>MJ-|7!wYmizw-x`_iotMWhWzOLv0d;RL*DgW1_Ja_j0Z7iq{ zt}&^(Sp2(tgz`Pe4+tGUqU+Dz;c~~LKmO*Ihr65#y0$N+pc_ByQ(?94<*EY=f9baz zV3;YD`6Xef`b*^RrLy4$lt1)(YpaRoh(V{^|afWnmOWwJ_XTSl6$&fIUXY zkB#_JO*r$MpzgW3_$3+&emn2F)~X4&?5T4nv|UE+PDAY1*2F|W=7?*(&`rq!W-TM81uMT#f@_#+bQ{xJ5?(Ll%CO2X!O3L(G{-#_bckGQ5 z%XW%w(~r1A++?C947JM`8tl;_LZv4--==QOf)6_MYOzVC2HRV3t4gTo+3xfQ*90g*R>jD%npHG1AJpp-)ONd# z#_}MT*E~*-swiDno}4X|=8d9G3#=zwY)q9(g8^IkqgCTJf!$|yZ7gWKRKNl>|Fa9W z7XF`esa$OF4}AQqpa0m~eSOe8|M7JH`=dM|cZZaFr32tU__)H)8!WTya{SIXzv>Q< zCY;DpPP0H60SpQG1_)ltB96_~D`PU@f<*Avh59w6NUe{@4mQHEqSxe@;3TDtj7ZFZ z=l?5Mrkc<3$>c4~s4`xNr^ZwK zJzaIn&q(c>)i>nH$U1oq&st{xM14%-&3SM$`=#SLLRpTjY64;1Z;?%$D6!Fi0H|mB}#RSHf@D z4Hn7a@DzTNELZbmD&U8)jNs2)@E_o8l{c@nL~CS)SR;|-stn?}%paIV{LaeZqO{|N z^qYysbDp>@4k$uNEyZ{tNl*(i_?r)vHE~bmt&x6Ht>Iz9PcN#UCVRKFvh0{-tISyPKwJi~DoW?0Qej`nQbJ^34sH0;|^l z-kaUV`hWct|MMu%vSeOP;w@1z9xP<;K?j_i6n< z#&iGtPa&CnhU8BTDjlGoO<0j(VL@^hyAfOtw0gmfJK49~J@3K>>zg15)nKXJJ1Bk1 zrDo<8e?3%8T;2eabfvbf8^p~IkUf(hT!3T7S7tYWi&|yq0?}3|+&$%7%iRS~REqht z5XN(0EzWn4E#)-JNJ6nPtq18f9P)~6OvL-ixsS?R)MYsES}42=x|0g~G#VE)BfL-p z)ZO<%c@x32FCm8xT-a`2jd=!C+3(cx{prq~s+nP;xZyz)7UqThJ1NXz;!7-aoV)6GPG ztP%h5sf7;}~G?zba>;%9H`M=+9od10F=Jiwj$D=$Oz5m zW!+K|8z02N_VIKo$P_CQDQ@ceIQk%dJ-lHSRc-)A-&-fgXT1dYGhYLIr;C8g3wKd> zOXKezVF>FI14*d5CoSlzPo(hsA%$y7Zth76y6O`tJRT{8_i%3`dv!f}x{>?$^|a`J z*Epq#UUbe46pQ3Rs^F^qzc>B*{@ku;-I#s%3BYw^#@{lDE;HU7W9w|nr!{~zOd zhK5)vBA7&qBQyW#W=0r-+bT45<~Y96nrg4}3|(kSl|>GTNRXV7G)2>tk4=Up%BI^$ zkQ6I=P2jM2@E)_I^9(U!ZoEY=azQ5amL%wgsu}v@%N}~q(mCP`YHE;BP6SFRBfU=V zc=TzcxFDTp=!j<-XXx9b5lX0#o!*qH9r&*SztbE4L+rqR-HX|DNB_tDl-F#hY{=Zc zgC;a3va{8bH+g5PH^x_;t)9yA&es2Qo}q8CpuCXi^!P+}diEGZr$-ZlcT73KfB0uq zjs5yRKRG;pchbv}&G)g&|F^eSU;lgi2T%KdkMcZ2?oumsqyon5~95c1G zHE0uUzK)S-l)>A}()$lLom`e1cZjoe-ZPDV#DY;a)lK_$5>6z0t{iKD14&bXf&WYd z&k#m4I-L=r4OFdDXl{j3%5Tb7y-w%ZGc*EQA06?8bUMC$D$#Dg|7XN=!jN$XAjv1{ z1`E87AME&yhzvwx6hpz~dg&^oM zE<}2{jV>pYB^gut6}{ukd|T|!#t%W--|lS{3CqcI`Ot!R?y1+14g_?(v}| zX>+snG{S>U^5p-X(CBA zaZ}}Xyk!**oa!|@H@x73+XObrBsv!y<$_%6g^*xqP4NX_ZKE4f0))&>Xlx223QFH_ zag}nMNK|M$ph@p9hAuo%8FO(P)!!VYm}c9Rh}G>N`=& zve)T+rTL@HQ0E-6=;Ss}xgY|4INe4JU(+d8FxtfY_x zB~&Uw$AuyZ8mBzIa>4NSmcW{T)ka=S?Dat;+170ciDJx9O0Ef1^a0h%b5YPQv{)F= zJ-odDU~@gOhB_e$L}?}-j#3c=SO|`1wp|#EoU?c)IOBy(=Prq`ZcEDrSI%gFS&=H5 zr^KfkhCWDwI4i$_xa*;d8EJz+_vmYDMM}*`CP{j&MWokONMglFh&Vsk()_k*-Q~8s zch*eLHDTsBfJAd%=$Wz?pOP|;y{rs%Z2doWI?I*+rsBVb(*LWf{NI7uqBW)hav*34 zvYzzW8K-=_lVL3{cVIlF5&ZIhiwyF}_))7_lr#D8^WODmIsbpX|9Y>U|84*EtEcl{ zkMd|i3!Fv__*%X4aPezQM=oR|rbv7ouh&(i&% z1&GZgSqdMsP40pO21u8(H_szzS^DhCW6o28SqC9G<2RpVF?Qg6qLVTm%hV*H=$5v$ z?<1&U;|c0xS`zIFJLZ0n!l>Y$zfj(OIb#(EqnyNaGH)8P03$m0otZOCX513CL*Ru) z(#q;kcmX1iyREjn9tISiR)?-_(q8}Wqr1SaB?o-Tt9#f4#}qRm|m;fg-vBG0j=u>+SV+qja`= zx4|ns{dGpYkP7ZF-1aL~*CK_W>I#H}n^nIOK@5W~Hck_@i)0&0!0TRr4YFurVRMwx z9R4PVWBFCFYY~ZV!rkL8Tq7$Gb;c9oK=d8|T7=Wy*~Up|!S%TfQrcUKl$K#=b40Za zHJc!>=GD4uk(8~r0!1EfDEwL0`5x@H|iFZpY1eRDJ1g-~x5sI^ZhGc@15q`*zLoNg(k>11!wv zh6`BeFNvMM8DYw#Sy8+(?#CL)5KDQJEE!6!3viJ%hBLGueyt%@I=L)1WB|egHx|bv=14TB~ehci3HFHnt{PqbHGyam_jg=RU#Z}?ES`%g8~So zIuG)Cew@*in8@8@0z5VeQE{ltBVPgi2OlG-f=nHBDp93g1uxG}Cq`Sc8U>;f*<6g< zXqggb$<#FMl=y7yd^-)*6DT5xK?3jScQFP#g1!R z11ED(aa=?+N(y1lHbO)n<%#JvsC$ED`zVqg`skX0vCg#oR~+47s!+icHOEj&V1M9a zG@*>j8Iir`cc+U|DQeXLml24GJ+zGvDiuJxQsyT-ec@7EUdNZ_3`kQ z$2g^Gz7Q9c0#$r`BuL^p!u696a3BPbk=n}Eq7lS~7wgwvGFvHN>vF>;q?QjrG1%~_ z9GD1=XSxX!AzRk!buL22DM6v2mLqz4tw02Hi33*VC>V^<%0ager{nWlcm{9fh$NA;?$| zl;Jtz0{+pgc&rU^kJkm5bd1)G{e@%OF9Cotkt!mS2^Y%4V9iu*fr=tl!Pzdwk+#GY zM^}X859+;F6LNY$Qt>>P=WP?&-N_t3?&6f6~eBm;0zAPr8J|; z&M4_kdjJ7pyqL}mvxBfmI7`N}94o4)4?ZY7m2f8KJ`9bpB7>g>%l^{pt|Nu6dl5`c zx5fm*vdfmfMbn5+)FD&!aH1t=b@^Kj-)y?PCD$ZHx;WD1qe_J;J22Xh4L8@zkTWL( zv{(XhqF>JlPStE)#==_$0Hk8qbI3b^wLh|?u)(nJuZi%cBxTbf5iw!PM7Vl{*~N`? zX%rSmwen3hm|qi7ZePQRdtXHZMH!K3#&1wo#Iy2H0cNn&Q%&reXZdsYmhNX*B<7Uk zbBSV{1*v=e{(W?4XXb%j*RNuB4^rf=fz@}E(F~`Djs-5qsx6It@#R=OHN=$Z zT16J{Sy-qJ7l_=(gd~opy69!$q*K zp;I;7BQ>4MG1sy{lPS1CRL-0mR{5)GE%iG)S~Zte2h9D+H}DJX^_$+KW!Rn;SYW0I zNlZZT(eOiv?XUf37jWzfRIzPD*1`}+$cqB@XW5@_$#Gs#!~&G`dwZ|U@h?agt>*`L zH)eBPO(HqtMVe^dEr=xIT2Guimu3KUsjQmemP4NS*$$7w!6cJgoaK6@^n1G~BbZ6V z8Hp5OY6jd)_ivRsV^xzhM;WGYjvAS8a3qyU;WT#!{ESYm-R2ah9y(RV=)`%Rf{JZK z&KlsC)QTsHm>m(PvMbK75SdI!ta_bOhPX&{iSp2P!N_e6_s=@&j|G;qZ8+wp1){db zV2_3CNrjVSTx3Oxbt^GW;{uYLV>sX}crK{^X(r0-&y*I#p!2+ygwPi-yF@CQ!9X&6 zTep68YHmyh+$$kyOHa=89;p9Y)pcCPkWRiI=CGs%iy`%F~_qnlZyMY^GIQhg7Fx?Dz#>L|YYxYlvc}GhW=a{MMSIF7Gr@fU&9mQH)XdeZ2C}DIyBr8gZbLlHje`h?e6>qR7kFH3V;E< zgX=@j7W1vDf|*7uLWglA3I@8D_g}Ri=iX@a*dobn(sU2#roIE>6$BMjuZv zzCni<7l%jRoE)QX-@pCv?qqZy_B=^BuKDpbPg_s)xgJK^hKd`PaMc818C49$D{=;% znSJOs;rLtz1$DXS8uL@C?Lx)T@LO}Jb@=U(G!9EFO7E0j=a`kINNt7<@2)@sermH4 zB-irdOAs#UP4Nm?!*7A`d7%vCkbEK( zTrkM9+hp+B9~bZ^&OBWb-u*ueVPE`x!%?rl(91agEdF{s9z0x(uomswwvj zNpmBInW~_9lu{1C(k2;) zu?Yi7OZl@6IUJSmQ37s#OS%D^BnZHlK0LzNx8@vu=P*2U?$QC2DpX>3Qe5Cg#uGZ3 z8)d@v>!UMzosVHoms0I0A+$PAc}U%-VbP`@cKStm7T<(iSvS;}Af6L*fIry&FgkXx z^Umc62z#`4yhfFlM%!lBW=3SS7;OHL91ExWNs`f+r@X5C4LV!s@`}uNzW^b*J2>Mb zd-ngY=!(qu250=_mc)f3m%8ZS(g?5sTlP;P5xFK}u4Z}|Zt$8zWx1N`wv1pl1Lgu< zov8MS%r_c1$z@l4}Zjf5Eg(0B*^l zAW{}uzkO8w=w8^?n%xMe*ERpvp;P#f3_doTS$+rDF~D|((Y9eXTAhmNIkxdtApmS{ zoZHp`&WM7TvxLf+Ge%;tYX9&5srurrj~~1T1Zl;@?8Vp)UdWfgr3z{MHIPTjGR(}g z_ZHtS_-XDj5%>4gXtW(e@~a_FKF$cMZs&jSW@b8Xoh`t&X`tMw9=aWFy*`?I{ixAu zW8;6VjeeW7OXJe3jyX?^o=c^*GC)M&F!Rg{GvPs6F=^9^Nust<0%^shO)J*x^tft?Iqd`)bFRR8Ym(hdOBgoUn%(o$3|NL^v6fM}DX1k& zn8gpXB-J*lfmy518e|aTMsLaBYWq%QU%R>UbWdFO(BFAc4P3}DD?+2rL$0_7F9fZ! zuer5##uXWCZK28zXTpgIzA(|>)&~;;YOSAyLotA*3a1}3)3V-<7toqLvgg#y!pLtN zy=O;UB%GNzii+`Qb?~w*de4w6jePMc7j?D#IIJ~Z%Z}vtEh`>V+q7{fd{)k7A^cCy z$U571y4)SM@4AicJ8cP_2YYmuuUT3%0Vg!r<%JHhY;N?qMtZhV!r61JN@-itn7(sU z*@-sg+=R^zKJy%yWqIgX$~lR-)|AZ^e&IA&Y?VckD~p1{HA1x;eih{j$7avNc>cfj ztXQfdzA_3h4pK&fECQ$F1k==0?&S@p>Jp_y>sEFO4X@>_7J(5mOo=4djd^w}%UTdQ zrZx2(OG%O*x&%&gS&vu1b+?Z{WHeeq zs&Y%MzT^b*^;c+2A6k8P-_==0nsBa@->@N1jx8#hRH=!> zeYJFG_TbKJaF%Xiqm&sWFx_dRQgDqsp_=d;)-z!+JYpQ|&#kRH5fohWS(4R)?wfQq zg50uBG+PU%0UV;>n%9#0x}rDu9LL&Lhw=O92k(UpMrSU>4YaT*=gHPqO%DmiLc)A!wkusGF0Rs4{>ZVM+1gJz)MwfHQYIM}}{0F|M|@)`iK1)7=xWjp<%%1!ZMd6M1s04u)9Zj3^?iA=YsI4e3HX za;pwdUM<$5?Uo3|Nka7(oSM5ptZNrGUpNbzGW+$n>cF^Od72Ob;lAifFWXcis!&F! zGw>BM5)&!0ah`-52xbN16q@oEM1P89k)a8}st^Pmz2;<$hVU|akN*4h!I-M;|E`q3 ze2^n+4a3YXiE{$C!nB!V&g2M-)cuB`@oK9%iV~(8GMRS4ke%_Alf^Gcn(3_MvAu+ z%eZ-KvUu!c*j-XH%uoVHIMaE!BdRS_R~EK*Q9{7ulz7f*vkwod$8EW|lJ>l9EdZ?s z0c91>ZdE$Qw(}Qip7*j)zUu(JuIP#J;ZO@4cL?e;B>Z>+*bc6zG0u2kyqeE7J1mn17$MkJwn^?b)MwA(DXM!257vFiEtnWS4HR@Y(&hxA*mnSj##A}_8zb|&A>lV3LD_`5x z9*H|my?8s!)^m%@*F=@7OAu>}nd-5k>eg3my9mg8>br5rRqYa}D{tVtVH@`pR}!zd zdn;m}2;FU=uS$eIg7ePaxm5}63WH{XTp!2PvVOO|F|oZM=hYb6dUoa|Ne+c-LK2jqmBqz}C>6EXy0_e&<;pMsY?vtApcwFgIP zN3)j=_zq*J9!{yFCOC56lI_M1(A^5KEd9;0%r=Wr@&g~grLu+7JwLCYBc*Z)5%|l5 z$J$^JWKyJBB>Y%#WiC>qEH6|Kbct>B-A`SHGtwP&O~hh%8+8?ySCtpB;H*37Ztd)$ zE%QJ9Rv4-u>~41fv9dcrKXsjj*Bx~CvhFXxeE+0lj-ffYxY3s0c6F@k@B)E6*s=-XlJS(jYe&Z^K084{6$X7ql zt9OFfE9;`6;J5SU^jR4ZoMm#Y0kqvE>>YTzy$SDh=#|hjo{*tGHydgC#EFC7zifcj zk_z9FgPTb`d)*p^e&MNdO&V&Yi3-fiC?h~LvsGF`)ap2Pts}UB$(;XsVFUQctrj&@ zrSokR&$uRRC^aVPh7gAK`~7}D+TVNg`pwIQz6vO0eribrrQv6Zw;G9j;b8jt=lYlC zbh#U1{EQ$!A~To@F`Ahfj)v=LWJQiJYy?Wp<*1rFJ*C3A%ecmXRZ4i00960ix6OW06GBxMdTMx literal 0 HcmV?d00001 diff --git a/released/assets/longhorn/longhorn-crd-1.0.200.tgz b/released/assets/longhorn/longhorn-crd-1.0.200.tgz new file mode 100644 index 0000000000000000000000000000000000000000..7a01c2d4b875cbea0e17d37b55f60eb06d7ce47e GIT binary patch literal 923 zcmV;M17!RkiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PL7eZ{s!)hJDtr7;G=?!TNBVxX^8p1ZdE14lb~lq6b=4-hC=8yE~Do*(JmGegAH` ztbTppAO8Bw!D4k6%>3Zy&JSkbU-T}HL_sX<%s<;}xVZmG2(1kZmPS+P z07Qa?GKm`rW`(XaUWAtAi^MntD|D2iJvc0taf~{I4{QtkaBzqg8B#7H456crcEp$+ z9BxseAe@)edNU#$J0h2#(ULSegl*u&NRgE}SM4WFER-VP6ybjTK=5L0H{Ep($nh@6 z5Ja9U8C8$M*|zF|>$?lzcdq@K{?`G0#m<^TIc zKb1r-@ef8_w#a?`k;*jO1{-7%IImL2A>0?lCR-z!!bbRjFH*}YV=`nB3l?P&QDTFt zDko58mHS$3&}w9)whZhOuo{%2%3MmlsQmu)lC#RbBQlxLBEfjR*@f^Es_e)xS(XDG z4IRe=xBG(9xpp^Fo7oT^bs{x70QD-cYLeTP7ik>IF)G)dSX1PC+wxL9t$8x_1MLI> zlqCMS*ZGSit}f)NutIfiRUf6s^7CE|U=Av+g-Gh8P{Ot|8~}<;S>vAD5*#}Ky%pE5 z7=Vh6ZQgC8ODwpc5dQqjna}6Wgv(dqvc~G0((z*J_Bp`pCHurQy(45=!xPNd0W-EU zn4q}|G`}LV)JX>o)$Mbj*-Q4JX?jP{w1y|3p#e118T=z?CMv#~iqA$B+5XG3t(xaB z(FyjEs5?hQG;Sw=*bac$w(3(6x#C9UDHF+Xw<62F^S3Om^myM=T{*IOsm)LAVC2Cq zjBMN{nyy0Avx)Z@X%nBtPb1a`r|cRLQ~8`gMGr{PweEz-RSX6 z#uj~s23JQo4R7QGSuz`-HJE!L%C7z2e>Ob-SwDV!`1I&z@nt=}bpE>tM(4l5;%++s zd5`$+?NR7QSl5TVP*oh@RB%oInDc zVQyr3R8em|NM&qo0PL90Z>vTS$9?9n7`>j2!Lj3t+fx#$QTuXmrFUP$1Xfvg(avDi zs`|fI{3c-gHL@G)NzBFCVRybPd}dgWGCEF-)$`Csi-$y5b`K&|vum2?dEWhMRsMRO zH~jThtIf>6+pL#&>y^L0pLzb>y|l%h4%Xq)3?vF@TmjIuK)ebh<@_ zf^c3e>#YcF3_3#`OlbUN-)wQv=Lpc5d0wjH|x!6kpJuTl>eV&{ZtZ} z#J?DIF(UWvS1QtQ@9&U>@4QJJ1@Mp)n{a3C1wM7(y`R&093oca!77lUZim-!?4(UY)zhZvc;upS^Z?H2igV%P?Grf zp7Re$TwcgjZiQ;qN*^W0@=F&DU=Av&0+G~lu7qt?H~6B{*^bdONOOF#zQ| zTff^nF0tU80{HtMXFi`h6D}XZWsBuErRBv|<4b_)LiUNNy(45A!86R*0W-E0n4q}{ zG=Czq)Nu<9RpU#b=|c9Qsl6j;8o@Kr&;S~01^yE>6BQq(;=56K+I@NUwDO@9BN}V&P=m9CZiaQ~46GWctaNjCNOG_hDPrL-2u|%Jt z!POB?!y7q6mP`j|4c1Dc zVQyr3R8em|NM&qo0PI^$Z`(K%&e^|$=zGY!2P;xOnuTxKq`(H-28C1PQuIJe6N?Q+ z3LMI5y4e4|AgOOzja9obf)y`@C~}_Rkn_xtw73+@SSm3MRdjS2Q>DEpn(%{N7T@>% zx2LD}*Z2MQuYY=aeh{3TpP!utXD8>ufghZ_4g3S*?^KJPlA)&Rz~36HJ-Am=s1Q<9 z&7{EDgpiPG%H`4vsn#4kCXYf;n%y&qW<*gD#-P?Vi&+$bn2|SHW$6ev;|7%E6PBq|Bs3P1M5&YQykI#;e z+x~xc=AVrI{}QF{N;GBgO@lB`=so<7#tm1&aJ@*c7UC;=L;$eIgn$T18OY3+&ViGFo5~AtiX-578 zp7b9}#4_Vl740X4U?>f_-4xs# zO$f=yYr9YL;jDrMXc{;%pjL+O4VAkJEfrlty(Wwyp$?xAnS!|Zczt(r+o&eQF{@mB zg;1B3sgkJ)Duw>86t=6%w`ny^(^P>~Ynq7%As@x`o&k@rrcy3OQ=Q>ff-qaCe3h4i zaZZwv+1p-y3oy80<~gdnO8N!)~6Uqm?;H9TQDH< z-i9!!RtX_rQHqaL$1~zNjl8^11yz9G$Y=<*kP#3aQ(Xfk42cwLpi>Av)8YE60ePJ} z+z00}1JDasCAqh4IC$0sG>g2cP(qhKGXc!>8#VzIQ~`d`f{v=iP?J)Srxz-)xyL7# z0BV|~lj(Fi8R>abdY*$#-%5T~?s*%6u0+-uIM*z*ca;Qv7~{!$4ZzjC1cO&xZKk%Cs+h4r_*Qc+0AkI(pe&yzI`*b+toY z*~e{stQ1&xF<05~upF(|!B#B?TNSd$e$UyY<|RjrP7u@^hZ)?6+!)B+F(K&rCS zhPbMUQVunYAPNt?HnKCVym%M^|lI*VwW%@`dSPTMRP!q5(A0 z^j>H>kJ4@oCI)Xq%w@>07}->HsMzB4aW@Cb!}YJsNd2fAHO6YcMs3qa0-~b z;WjM2?tH!??AF^3cefSkrE!+Dc)Znfr1ZT~`c}s=?Teb{w&UH)uuo6v5OmX~51jlz zPdBA1sPMNQde#N%P7WzLikJYG31MQzkW0FeVqf-xD5k2zuV^ZFK&~y}jr*e7tL~*y z9lw`TvCXOVZX=<-UP86=_$-@t4=J|duLh{S<$n|qkwt%kZW^dvv)8`=7W{x%006Y88I%A3 literal 0 HcmV?d00001 diff --git a/released/assets/longhorn/longhorn-crd-1.1.001.tgz b/released/assets/longhorn/longhorn-crd-1.1.001.tgz new file mode 100755 index 0000000000000000000000000000000000000000..3dfe234aa4c0a087c6d0013731c5492c8a51c264 GIT binary patch literal 1631 zcmV-l2B7&LiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI^&Z`(Q&&)J`X=pM3rup*~Uy6`QV6xiUkLE#j+6g|+=#9~8{ z0*7+yKD_V#KvMr@)mH7s2%dN`M3M6w4mrOWk`|X@8A&C^feO#ABdWBwrZGP`Wbu99 zzno6(ukZWKUw=A%cQTp!=e~bAIrlG5{K?yk%gG7x52{5+Nl{aE;_r>s9Na4@R0yf5 zW>Vm6L`Xn2<#Oo-RBH|%lV<@a%^n$qGoq*nB2XKfMJx}PN1(zHP1pk{WKzt?YBCA|1H}?;pKk?f$~h7p0lA*vAbFIk z=lyh! z@VKKHGfW_YCStqcs^pRawNS)?sTp}MmQ28i5H||2kLVT5!sG}O2+Y`*N~TE(YhJl- znPr?o3xR}ihWd|6PIJ)f%VbNyuk0eq_Kytf-WU(Nw3nmmo|RDqH1+ zpiC_J^DnoC!qBdL%0DS4G^lII(^wP};%s`asm^tCmO!nTSY}nVu=P0t5~NCj&=w4c ze6%49%2h(hHD-_e^uS@_l{rXKn36+CiHK4l=sT2)rc z%dvEZ+Lxwp7(VsD3>iN4!!$j9duZ5Z@)wB>JI?zM9F80u?m=rew{95dp7#k3rO0Y< z$ZA``AqVUX4%i3|ScpGvaOg?PyK(LVs;wv*GGFs?DnRKTItX?dFN9 zebaHQ>cBfA2e3xysPr1*$E%4S_w7?v!YZ49edF&81fWMos-qGF5F$-$yQ!NN%$xc7M6I|mxBcjUrb5wgH=!E*#U z0%ZxoW_JvUstEddCTk%(v)C)n<#U#1mwGtW7E*GcVrSh_1VuuIbipA!17UxQ!%r+g z?4L{W!E_Ki-Jn-vS75~dsws;Y6Hrm?7>e5nBE`@2YumV@QMaWBK7L6)ZXcez;p8w` z!+ltK)A@W!*p0U>?rtj5N#iVT@OY!=Km6M#|y0WNkxj56Dpro d9D5u?8Ol(GGL(Mh?*IS*|Nq`H@SOlU006}I8Uz3U literal 0 HcmV?d00001 diff --git a/released/assets/rancher-alerting-drivers/rancher-alerting-drivers-1.0.100.tgz b/released/assets/rancher-alerting-drivers/rancher-alerting-drivers-1.0.100.tgz new file mode 100755 index 0000000000000000000000000000000000000000..9ee9fb312573274b99b64b45f3f41a1228a356fa GIT binary patch literal 7269 zcmV-r9Gc@FiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKDHZ`-)?Z-3TbF-N^co8C%(t<|z4<2>)+I#Izx7%qSK5BOk+6SFS(Eei1 z4MHj;;*Z*2%&S_t?n55FGX(8!NTRLLw51 zCSHsp+=HWRG{I{#nrgE!(F022^iypt#}p%hGlKJmse=;o8|H$rxCi5|gOa3p?D(An zzwLxL!EuP=fMC&cJP24E5~))poJC!UQ6zjEqdvu<17H|VqZ|N^6DEjceA0sfp}5y- z`K>?+h-g^}OSA-qi?0gkm(r90rVo91$LR3F2}Bx41uI z>;^avux=Je1rCA4aL!qTkOFCgZ zZSuC?X}6uPJ*u~%X_%}3$B3p_JjevFME|!B4tJ~if4958)&H9akKr{Qpp;559jgFc1?38RxFg9%GH zNE{^;Ni2NF8B*3qG@F1V#p)NpV~`^Z91n?*d;+&4%rPKJfkbGC1>6!!HR+U6RRYc; zoli`J#8FnSi!6H&T-Q-F1(r&A3R7Vq163TjMX}WEMB4X^8qNw%Vj+=cpvtaEAg#s?{*F=@_)F0u)CH2O@w*|!k5W0n4i!l5`K)@lD#Bih|Dn z(Pi(wYTlvKG8V01i1-(#iA>(SoTZm57B1l=mIH8~2=9q-E3^#L=EJN0XKBz`y{RN5 zTj;8u)IFLF50i?bKBfzLRi~PEX|*bLE1TchP6m7ijuWbkP51x0;9k3{ix7(<7Ml`^ z`6V>*riddGBdSrw0p{TdaAlEl9$ zq|+y?RqQO>-PL6I41c9e;!2fgshC}l(CbeOp?uU_Vm>B8HNR=H%dGHA8?9PPueJzg z2c@o+jG+7VCD-Ox9N==fZE>m_wN*tfvU;K*V5wT?Fg1J^RY|8mGRe>8X`*s6KQPQI z)4{Wu3Qx70zcY_kY}e3||D39u{csx*m?PsODHG9awT48F(!L+CsHH}|`9p+Av1sk> z@9sa=zXKL2i`LsaJUl#nx%*Sc`Bk7{rBee$sTX4*ap=M`N`wR-+{<5oKK|wC;_CYB z==6;X?$w*q^Y=$rZ`>VK80-)I21JG&4N#2S;@7kxHJO>-ERo5Td&s2H?IaHIC-9+N zM2NI+)R-09fzKckO5}T02G^gG$*n^>b+?Gkwi0@;G{3Be@>q`IA-4EcGUfF0XTPQw z^Ol+x<5@@o3GT7cNZFGaxX&mOa>{RK2V7Gix8UJsg5{d>W>4TAqXhK{C6egWD$ahj zQyo=iSiQq$CqZ`{8)Pe;Q7<_F2s290jvej+|8oJB5-OAVR@ClAv^`1Qz3b*C$GaRO&C+Ad=;~OV(-=N(QVV zS~}w6eH8d8l_SQM#9$BrrSqGVBq855SXB;BNF?_ULO5pd*3FRVl zLV=T5;-NX;5q~_(7u!kUk)qv(SRh&~!75oiY!NF<>oKy(dzmYWm;1Qvz%$}wKQHZ$ zugc3rZfyt%P^_#CiTDspvsZ^=z@LcFwG44W*+i}A)f%l-6Ujg*>qGO`i?*0aG9ZCD ztBPEwldE}W$h+VB}LO4+T| z@;%3cQxb3{*g(RSva?=59|>~^_i<`{OLdsY2^ z*xCC3Y$OCo;vwTCx3ny0z`|RlmwDxQ(@4+w*f_-~F}ZW6pE<6Tkni8-E-dPmwi|o! zMyIOkJ)J^M65NA6V-%xUzZoiHum|ot9Al2CTVX!qd)a{T<>_TpW?#F{9x}|8{~7nz z^*zFu$^U-0JG1|@yOsZqgopC~9+5D_)7^}R^7pp9t4p5Vosy^buHW@LWq0W#_yyA_ zGq;pgajqz7oia6oN`^^8Q_7j~4=>Ir+kV&o-h7`|kpHzkf|u?89`1Ik@_%r6xRw7+ zgj)Y!Yx3T(%kLuB-8tT~wkt}nbl&7tU13ZHjuT1(bj;FN_Mqc9+MT#pxs#CzMk^wm zGmb;APzGM>iQ{BP-zuH4Ub5}JlXF!h#$^v)wqO2Kbu=C^A(hh7 z|H>&rEy7~$*3eU0(kmXllv6ue^x*DZJ4I_V>DsKBultjH{jE0)20Fzv*X$^M2G`Qn z`Z@P=&<_HSF(-0j9wd^fFhA2MLfpI_ka&o>_My?wJdOK|-CU=fx;qY3OViT@plnF- z7}Iju;MwapKmYm;KEuh`+Yj&=em}Z6J2_J?-dtRKxPZ@ad~tGha(wh&QO=3sm*^riHYMphD#izs!iaS#S(v#N=6f< zvaxVP7MDety5^@WT5tyx4V6&h%+{?Cvwh3e{H+P_G(Hl)3bp7r`xL4Aee&9PK1rq$ zn1dVR^ra1hB2y0z_V;)9rj+#lZB8oTMD?WUr7BHCsj6Loh0sp^aztW4@np&<_iIU5 znDcyRjPxnfL78L02?@ahf|UMJq-Sa{m?gzA3O~eja>1B40Z&&93-Okqj-%PN~;t>+i$2gw){QGb`!odv?DZuDq=uecq#UvgoHFJ~paUdyp z-t|-UwJC|9jot%Kg9YUVC?Y z|7RoN?ymJ5#w6?-$@*@TajO0GH&@O3=4l!HT|1?0=+{4YPJVM_Bm1WaI?qBGl?I@VLMo<-fw{OfM8TK(92C~767 zmukH%uX=$8102X6xM%D#D}Z`!4%U>t;J*1QMbxb}O>Hr9hvrg;3LK3wKW0&)R(kIL z>-e2LukAv~A=3YM+Q-?hjQ@_v+)rE4>0^m18h^SWRJi%7lnWEh?cx>huvkmnzu_87 zeGz}0i!611o{jFZcwcgv#j_p8y|u5icn$Bfcq?CMsV(3aUTImR{AP#X5mm~}T&tdT zx-rqrrVTUA5MpyU8>Lhd%etE$n+qT@1T5;47>8!G)ZCJ&$eAXR7kb(yv-V;||Ih6G z%ygy$WIa6p>c}^I4aeJhe{UwNW&aoca?K6{ zmhS&o@jtqIyL;RH|BZzF>J16i9H}pDxOzL(1^49a?FSd!Y&+BiS8s>9;O5(*r8zxj z5}u8asPhspHeL;@s<-$_Y)U}c5Og}XW+KbH)N800o6(y8zwu;YA_4Ak{@a~bl9CTn z$(zBV6QKC1gb^Amn{HYNH9v$<@POM9j%z6Z5o*;nTiMogux|1d(q<^BSDD8gixmkq z2^F67xeaXG-mJVKQ)VKQ#skiWVsgy8jxu(WCg6@cu5KZ7XUVlL@YT=dKJ3(|vG4iq zm>HpTf}6P}=bUC7lQZ9w1+#Eb0_~%_aMCXOGtY5luCWhlyqPOU<^XPP28U4De$gj9YO0-;hY=Gp_ia9Bd~Ujg@gm*Fig%9Tq6U%PN?$0N8HwZRxsu|S zzqag#{4u*Hc!MV|wAxVmX|Y@vnRPC>zt=o;-g-74%@Kii{>&=#R;{7twMF%aD<|`w z4NdO%=3uBkccBFHY**QYYVw}zel_7RiGo}VR|9QwGxe}^Tw1NE~wYEnk!)H<6s zKw)34HUCc+0gViRCG-FO{$bVsXK(*td;e=A!PdzrNyPNd$m^n$ms}ZHq-EF9 zk>DUZ#it}dq9jcAp}%31Z*v(P9w8Zw%oYCpCdvBC!g=`@uh*t0$yt%CRxkV&i_(30 z`PL~RK;Fvw_Y6)z^N~?AZ)iV^^OVv{9B?efw5Zh>%|^2Spoo^n!OJ;{9$?I98eyyT zylf*cEBJ|kpKm20?8*U@&{T9qxcn!Dw$*jb}oXZ5FUENTv%iI!+s z!|>d4U75);^=m2T)R!2_?UdJWBxO>Huo~pt_B63W!kJ_NqdmAfKDXjb@13eqHiz9z zH>wb+4Cl+-GOSEE9^2$|;z#G_*T)~u-k!X>etYu%O^Hjk7hgYb8xHmc$t>~niw~#W zt2aldm)GYXF0Psr*OpmR(!YGTT!A!68WTSLaCY|Q`0B&OO0AL^g-w~fyZG?y`SsEJ zHy2lz*FXQKIjgG0R?Been`Nt&V&cdmEj82W+5~1$QA*x81z_l4X<3_SIZ>t0N(tvuuBkd;s__ct&D5mwMqpwxgkG^f#)0B|7{}J z>p!#8)EamCSfYFxc+SGyUDQ~B>#hd9L?jQex~rQUmrryfCgd5Gw~XJEU!I&FmtUNp zyq><8sulw!kW$=(r>Ciq7nX8+s#lZml{PP>(`k<4iH=W`gkpX1mD*4SRgwlsK<|B7 zkOmqkq*G{~2z@gCsr#10>I0EmW?qyQQXV`lmP_9e=)pD=VJ-c?A`;Xx|KEd7b^mX7 zckBPRnXn>|Oala&WfQ4$ z_i_C9wOjK03|}JuO_u=6So*;9in>n$pJE<%ke3sn{zU-`i)pPn4`hNxa_eYpUWEeA!R~uu? zrzk%==&XJUun+t8Gca5KEKP6Pz`H-OC1`Y8P3#33V6eCP23@Pgy z{}~bwUjWBc10jNTR-3*@ap*jT7!Qr(>a&F70r`|)!~fTg4Hq zMBjZB&U0VfCeCxek8YgjzKjy*`TsbN;WxwyO9h;~ej^+|;Y?Zhj!#02S|%N5e>(nH z1T4g@@5mNeLH^60g)8t_BLBO)?W+HOw{x(?f89v9d*Xr6A0(C|9O3JLQN{(lf;&C) zJmpw0I>zBs=)u$O>*K@j>!&YFRKSTO0irtU<#FezbCgGE1Q%Qraf^6N;-QXt`}U`! z_Ro1t8sEh1Hr6r6Iy`j%?j7&Rz2lg|xc^^G-5eY~Ef*VR2%wN*Lpp6E-i8sp&AE34K|?)7=U)i!<}3HSGK_r#n{ z&nEjAiQ%U@LAsN7v`@AGMtj*$LJiEvqc5E7VcQEB+=)iqJSrSQgds&}> z)`AYr8Bsf3(MeD4;aP?Vk-gigtr`xDPeTtr-WBIfE(#FT!gJ;i*X}Y@+iEGN-x*BdSql&7duDs8kPsk{n%| z<%X&JfN{9N6Cm;2R4?Wf?d}fDU4%xZvx$DZ!CGaM3yR}VmFCI4)hbgrth$O=*HxC) zrkwO4t7K7bUavoF`fh~yO~`Izx4@_Zxc|f1Zv1>vSZ4njDBbn3UmvZt{%ap}w);OD z3Ew#Ws~LXfn}gjF_G{bk`nyZ8Uk%oMbKKWi0Q?N~HG42yO(@Y$LZ``#&2AwfL_Ye)@NZ{hEE=a1QRP@l?COl%ddg^ex1D z{gXry2`7TZUU7@s<2v^uq}L1)cHH*&{I=tmBK0yH$pPkA@7gv}I;}os{Z@p8#Jq(+ zp(vpR_<|Ni?GDMtB*YmGtFDvzK1zlOxhB}HRhV1{FR!yv#m?+yEme?&g-6z0qf47i zeM<}P@j5h9%fq|VZnvGPZ+T`9+TPqcT@z&7pI#mwIOf8F+2r4Cx7!^Xur~*|{T)Lp zQbg%QHM0I1Y^bl!OQvtdk-?-uw3*%-(HHU=P>jadU@>X*q=3aDAS@M{bTDEhzy(Zb zDlqqr>>(-`kT~FKa@3$qaey;$CZXX{SqwNH6V76T%A>baDN%Bjjk>HTFF>ThNU=X9 zF}X?m*oTvWl1>O2+@iQt6DwO9XWzapf3C(r>XKL`LE)dN(D9LC5aU1%AU@ICzQA$B z#u=DF%IO699O<^v-;{YeZR)3fMl{Dgeq2FFemo13tgAQ$R9>Fr?}AeOElWDc+Xi;sIAmqE`u*GBD%XXqwaWFtaJ6-X z`*FZ(vvyq#sP;>6YHbwQwNYyS!63CuP+YVAvJqT2io;q0W-(>SHS7DrNAcT-SS^~n zKuTEB;MGbth0ZPMEq@&(Tf4~HRl$RXmF@rOUZ@3gxcFdTiT&T%-LIbi?H}%M?|*D0 zC=H-D8V7`8z0;p0R88+|VvRl!)aa}YR)!g!nX?}ZVziF)9C*>$Ld?IxQkk^Aaad6$ z&IPXM3^-0!m*VIlcT=~|B5E;m4i>79)1fA|sa$K`n5x(#hyz ze6bpYu>~!+s17gdFg-Vj-1acoZJPyHdk~1VhXtH#LjD1vRcqKS!-1WrA?C?Q#VKGu z)?5uvEl~@<9wLzK0+ya%6B!3+2*Uam}4)d^IDH-D!3vtd_AD8(lKJT!sVpC=x z;`Lf8Yc)=@uN07D6p}T0sJxRVOcr6-+Ca5f2D#N$A!{SudWM{pVn&drJ}3`~c3LAj zRTSRLOGzaFiJe&!6f>JXn> zu|;Ei34-^mKr{yOUNk+KkPWL-7UCYX4-XIjF)PWH*MBQwe?Dr0|Jk1P|Ji>3X*1!$ z@jq*YX#w_U(-qzp_j8N;xeX5hgW!eOAL-^1lN1=c6Y0pWT`7f3^3v{@)u3e;fYiS62fMjQKggK5OHB)~`D^ z+y5)e|BBe3kDA>7IGn}*-QVK>Y$SX+{^!>`{`=ak_x*=;<^LhS|I%((@jrLF?d|-( zk?;lhpWni{{{}!mtz(>}pr0^3MJ~Lu-Lvd!vAdv<0QME+n)2n5a}F>??TLK@AAqeI z{jozs{l7N$>!T+7Kf6`^-)VQZ-+$gn*y6t~#eek~C&Pa#3~WRB&#_;P6{srufcw9l z8T_yAetYZxzmf1zs5BB&Jme_SL*siG_}j1z+prBkc=+D{00960_AcH|0N4NkOKyn+ literal 0 HcmV?d00001 diff --git a/released/assets/rancher-backup-crd/rancher-backup-crd-1.0.400.tgz b/released/assets/rancher-backup-crd/rancher-backup-crd-1.0.400.tgz new file mode 100755 index 0000000000000000000000000000000000000000..3ba8d42ca14deaa419abd7a7f9c23fa19b9e489e GIT binary patch literal 1686 zcmV;H25I>piwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI>{Z`(Ey&$B-Tkv()9U{!XUWH3;ynbQp&x~{OZz6=9OQ)inC zMRFu%#2EJ72a2*SOVl4bX_BqJKBOXfKmNHp-W|^hbFu){onmsE$SzUQ%h3WW6RdE| zP9BEBFbppSgY<70hQ+_(dH?LBHwXt|uix*5mnUIwaM3$ELE!_STDC`3b)>56yQf<_VWAv!fGfm81gj$_ag z6Br`b*j1oKq6p}&UTFidmrVf!tf6b!H*3i0YX?jE5tOEa57DyU!BTEMdqEfsIuU51 zs5EKQTdoaeOe3=ZG#X!PG!v=-8+0lsGb;&0gr#JZq{r4-?o1Yjou?M*UgWWV1F>Y- zfPR^s#(l4X2K&D_yXY6}|1#_kj`sf;ls6tMDcl+0_Dcu1-)U=p%ia_W?saY{kA`TJ zXd~irX1CWcqnxHz5QD)HHrQSw&Ul>i=wM^yTbu4^3B-=XQIxV{_CZl@K#c@TVs{mF z(a)1#-+#bnF+_nj*d#j8MkqXocOtVrgx0g|G&v*HMo~VmKys_QSxLx&Y(856%qRoP zm0yE38q@tDg>J@?KsJXn0rP$rY`pDhgjyedKoq2>a6@Cz2FEf7cs0-OEy4yWc18qu zQqjME|Mly@j(_#)bPPCJoqqF25QEluo?q%D<@2p_u0$e-$fp91Ih8a*PPuXiCt0E} z+bB^7Ax(sZ9_o`Rq9qog3suD0z^4E?v6uf#{<~`NX$|PLiqLh2E0i9h7q4R)aXMd^7o~v{ zgL#Bigov`To2E*mhbTlL`qutydt`+xt+*tfFovfLhR6n1h0ZF)OmWZ3Z4Gcukd~$i zx%Deo<4)H^6hu}_FsnA0dx5zi^H4lV{Lff%n%l)4oBl~4sye!_0?YU?z>WWJ!qExwHe ziaV^_+15iAS*U^7V>$I!#jrLv3Uf`@zT1D+4JU13ev{U*9}JQC_Jep8U|ppp4XkBh zwPrOQxwT-d(aPE@GE4uI!mFL0bu`#og{-h9980|r=BBjuN;VF68@8*`6;;V5rW(`| zqMv|+^7@$?7hLb4svTPr$5@rFor>`uffSlHdG@lm{mL>07l$rgT;aBw6JNH2tmUaQ zuIELy`Tr)qhI_pSHst?<%ij5J{@=I%JLdn7L7y-G&nZv+Bfx%1VlgjXXNvjh9yeXI z$(s_4ff~aM6mYWZ<~=b%bv%%hM}^b!dNiN!X=JE~lWVvXr0<>{S6%Htwpr;OQ&srq zO5g1B%iD;N0ZB8uM;3}zSkF;a#E14JnR{|@SCRM^qqg%X1`X26&HKk)ssYJ(`QYo(U z_<$OeeM?Fc@1w`DsI(977hP1kPt_)K-y;!A2B`+LFESk~H(w5U^1tz$tLtCh1ab6G zb2R<_yVt)g{{Fi+I6vlpk3nCdvD1Jo??I#Sb*FQ+X(bD+3^EIBYy?pF<#eJULemxc gw5vs*f}^P(=}1R9(sQSO0{{U3|Ktc6*Z?*F04zu*6aWAK literal 0 HcmV?d00001 diff --git a/released/assets/rancher-backup/rancher-backup-1.0.200.tgz b/released/assets/rancher-backup/rancher-backup-1.0.200.tgz new file mode 100644 index 0000000000000000000000000000000000000000..9e997cd665c00442dfc60c899bd6b70ef0c690e1 GIT binary patch literal 4658 zcmV-263y)&iwFR?)-ZQC}BTwmWw@PumS=Z#@k~~RW z&CWUy1xZ{}BtwvPJaPW}b>l&TFUgJ_=XOu1#Nq?!7l1~0qrsR4?vlm!l)9H`)c)aH zluoB}^z0cCzk`AJ?eq@iuPUV5KN=i$2ff~5hjhBn4m;f+$g^)kO{t_jp)rs$3xmL8 zbVgUawjNZQ&)2|Fd}P1>A|)>N|M8N>iE~3&{v+Z5c?=E@8~eZ88yp(_e+2!1)IaR} zKst{|Lu2`W-v2ZR!h|MX81P|>5SJ#@4;K#nCO&h#uuan>w7me>_x&L$4j0>vXMbMN z#9h`lby=KvbC1okcD2<4x?(({E*ld0(2f}o)7WL)<~KZHtJ-E!9A0@dsI$0=0fBCk z*Ko3DENNeLYk|bfXOuG=X()47+km@a1T|MQpbNHQK~h^Q^=vm>MPUFH?gTdEL*jcu z`l&@D?;VRdbjXkZ(KL#TTc_jnTEMd#dr=~uohd00I`w=nxgkkN5D!TsLW3E~B?)6j zk|iT!Ne2O#zUPWgCvghHK3D)za6^L|@^d<6aljG)>H07^pwm1TF)foM;=^{^MHRsv z#grH#93;%!z){HCYGf$94!>HoF4@g>7|&pU*(Podw_Y%hDNo|mP12aPYP;b|^Do%% zbXwng&ip%-lKvl`j9$DxaaOa(#IZsD5Bh^1>i_;T_&0#-PIqwB+3No%DLa`~crIsK z>wM|K)W=CqqQ_A#&8o#|wZ?1?t$s}a>u-Bn$1J>LnNA(hp=~ulOM1lyEgVz0+6N+{ zkb7`>L*`*jyjA22#Vkpfv4na)2ShfOR%>TxhrDD78ACI28qCAihYufGOXjZxBtmDi zOaVzLG%7x$RT|A`!UQN2(WzWFi7=~jL~1#$Sxt+m+cg#JplOvPHdJ6hhMldb>(H%5 zwFXUv$>T7Xdy6y{0*B$lpdWlcyvCkS=+tMhvhjqAQR3>l_&B055DLS9lW;Cxmxz$^ z$B_mvy%;)kPE$W2SJY1#EGMm7a;9MrLT-sDFY@(KKDfnavgK{-*3OD?S-6KvFpOY* zcZ{(GK!8ygOaY7KTT*ztVVsg2XhIi~)G|DLA>Led99Zk@*zJmDyzj68B{qY%TH1_E z`UH&(5IYJ}%LdURFh7)&&>_cZ9K(DdY8@p!jiL}nG6F!^zV?FCx00ec^*PfxVKB|0 zok#r%gX`oC2pX!1AJt#-1@L4K$@GU5NE~Y8oU4ya(=^3r|bXQgIv0xU3UVwm4 z^d(ZKc+rDTEgZ3EUTu9mQY3)m#{xH;0oU*h{e`vA3UuXQLBBBr=ys|7AI=9n?bC^^$r67nweQxGwgx~zG|or2PWVHd$1 zV<22y70E=_I`+X@Ca9osm`i<)NZuVE!00D47y)kL-(>9((b+pSCFIbr5(HCd6{bM~ z#M6X)XkXE|?R!(Di}(kkx;IlsQ8;T912+jpA)5DUYGNnNZh#ArsSnhO9zx|JCSM(m z2jqI`xl0&qunRYO;-Yj8s;?uFvz+SJnsE2AmN+?MGd5gCu;6g z;qQ&4RfCH58gvn0LmWy31@?`h8Nk4vfP?7@{h!$pmzf!a&eJS(c^lM-=x%T?mu!}T zC%CZLmFMDcLifsB1UB@UjS$;A_?PE!KYtO}5>S|68Tx z|AUkwAC@Hkm^%UYkN+R_kB+wS|EDOW{+FKBBX0m~i2wAC2Axv;2cGn{@t>zC!t=z) zf9}iGpV}9@P3jT3pyWV5!LXeZ9Q~tj6{t1sAKG z8Oez)ZEoI10H<@)d`5pmb;?2RQwYo6bZCTQDIJqD3Rh*fq-B5{l4?iGt^m~FXn6tR zGF=lXtp7G2{UvK5Iw~ZVZPhihEbWcVJdP-NttFp9O9Mp#*)#mUee~B9q9FBsbl5A% z2#=Tx@{+KK9G~to47v7{v=^CSX0b!a-XiLu9SXw}IRMj`f@u>58qUj~PY%S`{R4R$ zv0##bNcSBgUrX!wP6oOpx31fFT;##-3Xt%} z!l*5Il>m^?X?O*5O~S=sjRp!DdI5r_7%@ydH}z=@1MENt1`1PL)s<`@tlW1L(?vpm z8-Uk}@dk_=nI0|%yD^G{v2E{nr1b0^|F5+oo%-RT-RpFJYIly>-CkR_w5w9Jh2LoB z?b|3>a6N~l_tI;%S_?m%QeW-Ff(?sTP(zrnO2=XVi6^M0ksH&;9D=*lY8igu5d5}Q zOS@Czby@#6+J7?^`QZ%)(jROMY*_yfJ763Z)_<@92iyIhCn=vl+qiDxY;)d8qm8AvM*m+*mzDopICnn{vI5QT!Jjb56gN8TA#}x^Vz$)=!~VIz?z1a=H@qzB97bk zmtFu%!i#J;wpJ{GZb~T54Y^_b`7^A6uAhP`uq5QM+J2scV#YcaaS*<2pq621<&5S2 zzmvyzMJ=CBna}0q6B4S2E~_EzTLKCW*L!k^5K!x5YaOMLkVK}$D+Bae;JWRr8YBZr zrk}_6C-$Nkqrj`abu~B?+j+f zS?GH%tP3Omn%?m2Jqxb#?$zWU|7|orzj!lxeKI*49iL?HiQJ7_JDmz6a9*cqjA|O; zi<7^OetC6%G3j4CA07Yv%h|=`{Ox%3^5o*x+vCys>DxE8G&FTvKR3e*9j5708mN)j z1{K&u_1VdIaymIbd2@Vnaq?#L{ME^eD!G;c)K);PteUhLUgI$1W`ATBH2^5v)Ruun z5)@t8%GPR`V0pEND>bp?HjE5~gOTK|hDHS#^7v@ew1Ek^LG(mDEm$;J&7#Sbr%UBf zgtwu4s}OoO5Msq7{2$N^O**bJ7Aml_@N}*hwT1N%Jf_`Nw>k)ZMa_NJs+d{zBpW?YSgEvVR6dJ%rbC&?zWKb+&fgO-8~`oGifbxZoc-|sxz>i?%G4IZ8um8t1=$VH~3U zS|zY?|F>fQ9rm6Lw)6ifiaGyl&QRwYuw(UdQXBdyj}{w-ODoQr$UwZ9)p!IrM`>Mk z<(35^;bXR7pCWkrk4#taT}v5M5*BKUyqZe%z5Pc7|6TYmQkme#uC_8ZWv|uNEdtTfg0dO>@bAFuQj{D#ITu8ddO_9i}kKUC|ogG3YM`&xwVx_q#lWbNLgO z1GpA#9QrV}ZpH5uUU|Xdu^GNMP3ll=4M`hDf3+bzl&M5?w(Tozkbe^**Ppw$ zie&Rq_duQK7v>LiT(X zz@IS0-KF&lJ+Y3ZTF2877M^#tto?n`5pm)j;kWP3!HArZ;h)LOa}(nQrp&9C4a&bQ zKSg4x1IqVmYOE1o+aBW!)wVEE7K}K@G?E`f@u21C>{KadZqx*6E-8L-K;zm=!im^; zCeFU9_a7y43RRLgH8Eq5wCPS#wR>?ucG)NKl?@QMf?1#lgUGsyV68w&zHOO(g+QEu zr7i;JxILqYerZqXowy_1I_PnHbsdZ=V0hO$o zNYtJa>qp+Uz6t=-su*vqoF1(n%xk!5|EcvJ%=qv+`_7a+oQ9uv(n%EJI|m~FLgZD7 ztW$nKT3Bbw@Bol}Zl+BpA-N9YOFyJDfUM6Ls*fCi%EXgO%aAh@Wb03DMWB{)QywQ0 zuj4)DhXK)g*ZIPttvCZXpM&QnqCXRbA0HcGp_7j(hPVo%k+M0~XY{lz@Q}m}!TREB zjd=1xcnePJJ;TK)a7F!u4EjQYb70%0ctDbeD`tMyOB}=!ha=_M;d?7D(UJlEzo!m- zzIZdiy5b;M#N2(SDyF7$9J;^FT>4u{CDMnN-fEK0=iVo=Yg*iCEJ#2uRf1;R|JL6} zqFjERMA0g1iOAhXGDTghX5iaD;$DS8vbt901AadWd^p?$vHla5#|!KJJcX+j0FwJ6 zo9NWLCrBs;2_3$apEp~#wWFAGREo}>kCGV5Loz+ezG*4X{6tPMyF2^fV}4}9Xi~qi zT!kWoBQtw?Q`~P-n_IO)%u>ehCdM+ab}b?IJfl+*BP?89w;8IE^u6! z3+0p2Di%ysFj#$IXR|=6yMOlD;ZkD0L|-GGLO$sorkln4)?-XEDJ(qPEQBRL1EfA8 zt3HV+kGql}T}|-=hZ`i8Wxv!hfytSL?#}MU8cm7Hd$0eE_Fpxo{M9)CoA&<){a)Gs z?;iEH_TN(!xw&U}^Uq~x7qY$9#R4979P`0xT}oREVmAh}&LZz+9H!A4(QbX-ZP}J>`Nrjc0VnsAkN{)=0Bv>UoB#j- literal 0 HcmV?d00001 diff --git a/released/assets/rancher-backup/rancher-backup-1.0.201.tgz b/released/assets/rancher-backup/rancher-backup-1.0.201.tgz new file mode 100644 index 0000000000000000000000000000000000000000..16af46f919625070a9252628b7804025b8a45df0 GIT binary patch literal 5321 zcmV;)6gKN0iwFSV1WC+rZCeDA~?gl`DFUgJ_XLnDinXyO${Q}VFZZt5l6S!AAw#JTookpFX zzDMbHyZgJljQ;NJ(cf-=NB&iX^#=QU`@OyXpx0;J-tJDf_Y>RwF4UAtDiS9KQYK*# zc-)ydb5UCls!gX$;3z(_zyBm9F82T7l@llS!kPO|hy&!Yx3kmO|GmM^Uf%!x0rda= zV6gKO>pme3jphG&|2shtCQjmofjDR}<~oVvhcg@gCO)^lu;ZjjXn6s!@B0U=I9x0@ zp8R?4B<@vhQ2=_Yv%JA22I&P}ftNX&ii2(G9t%A>Y{aKi{{&Yi%S z@i`BY+FGe+x#2tt1E_E>u%S3$z89pQTTbM?=dpk;JYYby6Gg_O-L?BI;MtA6D4}Fw^J{@>r(U+e$pC>te(+iIO(c`%W2$}%1}W51{=TqnYL$K-esESxqf3R9U( z<8Y1@Mb^@01|ru9*qF0a@ChQBd$ZU{a;VfARAY^*!Rij1c+)A5L3P&Duv@LagfW{V z8K6AEcrM9Dt@OihhWfugh)=?qRg}xu&f+}U1<_CobD(+)ZBU-S2fH=Z9Ct~I$SLv8&(C8c5 zY=NG(K-8S+H|z>J2747-Aa>OIzHdq{TL!5Q56_N}U?<7?!vz(QsIPKe6Il;4KXe^G z6Fxgh*vx_Vu~7Y=10OHgr!J0JnX3)VCH3k`q3Lq27I410>u++#j+5%2Fru7s6@S_2( z-T(yV3k%2p$K6EM5=^A-6?1^44n1?# z7KRz)4$v=om5^^ekTS@`_vT(A1(FJ+)>$S9DO(r~5eNl)R*`fY@c4|=?8P2My#e5} zF5YHW_yLBQ7bNhnk_rzd@Y=&c#FJaj1BFZIE(FH2KGb#}=rcE7NEwJUiozJg3e>CD zs0U&uBJPsWY7SIB#SVu7rH1NUk0~{faLmzA2N04k0d|RrPY)m|Sei{hqE>iP(Xx-m z3^>l);>?3-olpPktQy(RsD%L)f0L0uvCm@}PbDfR*ZG4M%qMi?iJaA;+A^<}IO3`l0LFo8fwzl#0 zBtz)H?F96)%b?!`D4R*@OA%$?J^TkayK#Jh?3}432Kmv;jlq!mT;<5ihIO_Ege#5T zB((pvjLDMycXm8HdUO1QwjY)i_TS!MuV1qN_V)JsYy0mx%2N9;dKy=;*--@Rh;%>u zm;lyqvTuNhC=?$2T!2LtGjAUGORKf9vB6$()TmL&PQV^)U0zvYmY}IHd1x+et@DCqo6x%E!;&NlHW(Tg)f z1yp~^(N?}=ry2%h?2b`6%A+0f#T~wrE$>=)R#uFkg=eS)!w4)P+ZbB_1QM!{LdsW+JNL1ENJ9)Sq2TU*g zU@dWfVzbe;2TL!0rx&=ehw(%@Ubq~e4BxP`5RLg1Z~;Kg(0Pt|4r)ZBH;3JA$gcSU zY?MpKg`q2c;fqUR_EJzodM1|J?PdJZEK*F%-}mIa3_RvDl>Hs(9r~fc4A{%my#`2| zXZ%y@p@V^1Y&6(rK}aLrlW(Y(w#s0~)VQW+6x336kPr&^4wSv1X^Ky1>`+B+)HRxWFuMY(07DjsGtkZ>*@Q$Z8Ui&Faq4fUu5kO(dm0NCFIbr5(HCd9;N|0 zV_@Q5c5a-w<9lNrin!F?O70PblSVNJlTZ|*`K+cUcG6@4T!2h{pq6?Fm5X-eD>QB^ zi(5O7i(4naR*%I#!)ChHVN4Y!z$Kp4hi^B?EJg-gznO?m5_8^}JJL)4?4aEWL@A|g zEG&XPVW7>Max|p0ibNta!xn|}Ycz|U3AQO2oGE=M+gB^>$z@INX&(|%fmg7C4XT0$ z%XB484GmW@M3nt#kLw?+l>C2?QsiT7_bD?$9-jZPKiJ=2=YKp$DfPefte!XlWJUa^ zzrWWl@Bi)Yuk$~irI6=|nIE|`d$7uvh1%e%X4wUxNSU(B52U>cF92VyZ|Y59Nl&(!xC&G7C&w}{6)g2vaaYE4SS9%Lq6fOo zV08R3LFk6VifI`&WE_C`*YHW@tk8Gq5UPjVjZ-hA6`&rp+f;fy9I6+!{*M+H_6}Go zG8?1bUc-G4YnFnG)yemwEVUQaK>#OH(|ksMLv_k_?o*IuZ#pz``-mKqQwM&P-IA68 z@_WYm_tN&v{5ad-oBO~R!uBn1>S^b7>;V8k%-+|+ks7+~8vFi@D{ zs;*=MVdcIfO&1CMT>xGy#v3qhWO}%An>oD2*tYjOQhNGc{O3}Uj{R`f>34fSce?wX zUcaMTT2-l9)H!oNjS=eV{6V62Y0h^Zpie%FJE8{bo~@mL0dvryT0}m6f@RoGaKQ{ z25K3GR`!|9=Ct$pF4gj#G53X>d?cZI=&~BZzGI-^aJ^?c2m!S|w$@P^35hagUmKv8 z0@rO{*C5%GWa`zjo?g6MAqX9m;aqkZwDldhsJBWVs_{MYj&~?#NdAnjn zRcmKsi^$b`I+=v5e305Qy`BsMgGFhBV+GxztSwdkg|ZGVVx{yYE(E1!W@Vr1>(_(I zXWUpS<2!|!aT@xb3+uv=QiQVaJh;ibSCfDEKf|;0i?_o!$D`BX;c@nz$=$f6)2T25 zr*(?PsHPDf9sgzc>+AE2(ct3c@bH&kPcKI2@6Lv=jxS!nI~<;$yn9Z-EH~-p7%mx}qb&S0S8QD78^Ws!<>KLpB=Pu;n2^ zXc_DLkM;-LVV1ECik_}aHra+cGE+oz(wxge88hQ7sbbQuC)wzM!b+t@qw-nkoepIp z`{w&XLo>u#;C5Id-AHNiL|zZQN9|f_3FO&NItQban$eKw4?G)K3Vf;US9+&|u*g^T zo|PHPqq9rd$}(rZBU2fU0!v2LjU?X;AR}*;3bj36pJhW;8UoM=yQx(z8ub9})&|Ej zmB#g7d(cmSW7YZZezzR|>veb6`+v_;YT|!&o^GQta9ZadKFBsGdxp;&p_A#MZ!n`u z0>c9(&g4VvCHx&ofR;CvMxxxZirHXpjVZS&mWgGVC#RIPWJzV8eM-ZG>i{Tf*utJj z{(h5xqV18w_brL3ZgWcpR57)$p$gGZ%o3Hk50e|`S@SxSS4XU4c6=IJ$u$Dc>B|7d~!laI`i`YDeV3x-Q8&YH+TJk4sn z&?QINzUj#=3q&H$_>6y!;O*ZsT_Ikyl|dz8p|;4YsYKtqzeVt`3;$9o6a2BNt&9!1 zHr-LszBe^85UNSZXj?)DA$U=thqP8f99U>y`1ms(j2FedRSQos0RlQDZ|?2rtSk8T zHcUR3^UMztvOEV%m&G^xu93?ut6Lwxfpl$yn|K&d7K-WycrI8nB8 zRW8wSP(lBrjgWQuVWrXjr`-!wvFfN5o~`;u2ViCVcc;AnyVGBv|9GCVp+bAJgl+mf zfd7Oc?k+7~=vn(vs&zaa(Z=(x?e^9d>r$L}gZ%avQ!pYY?BLIA;<<_O0aNDH#|Gu! zkynwl)dA%PH8s|VZ*7n9g=$-vC^OFNLno4#p?J`8czU9gvoLCcG_M@IaX{nROu`Xu zJTrSs)%&*+IfW`ooSK+1NZRxysd{m-&0g@&bjt<^T)`|*gh6Cog;*<4l5bmPw-C?? zSSRLe?g>mdLbY`W&rI17;-(Rdr{FA;r<<1K99zZ~klOQ--lf)^wFgwPW|XKs zW$izRPWzhxaIK2*p`FvC)r0vP9y)(&eE>5)yv=V3rNe1>wUbVwpnDD||AO)=DeF{h zvliAFb36bf-(W86h`U>M zRZLCiICOuTx%79EN~8~edh<~_oqC^X*R;6PSdf5Rs)%OX|JL^-IqF_UMXRhuk-L>- zQr&jVz_bEi<@ct<9;cyeA{U5MAUbG+1Q#hXkAh|EHicYMn|p>g z|5A2#A=_(NEZ}j+F&~}AmC9?M@qZLio4fGcGZt`yobf5LP?2SZT}>v7c4IK>Eb?B( bVHzzF?b_#Emvvc}?_B;4Q!@c)0B!&P4mnv% literal 0 HcmV?d00001 diff --git a/released/assets/rancher-backup/rancher-backup-1.0.300.tgz b/released/assets/rancher-backup/rancher-backup-1.0.300.tgz new file mode 100644 index 0000000000000000000000000000000000000000..1123aeda6040db849330ac95d01f4e135ce90875 GIT binary patch literal 5308 zcmV;t6hrGDiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH<$Z`(SS_v`vs94MXLWHyqWI86uModw)9b2qqs1a@zWMd!Aq zrDK~DnN&&2sc+o>zTiVLCCg6IWYU>Ihysx%^1Mi%7atXb#ZwgFh{P9p);^gMp`rzu zr9a(Y>2x}sA};YXQVWk(5uOm?)KEM0uO!iiea*Mbfkf)!`DxBKh--sCe4g zG)AH5m|{}4Ypj+~nWbbAGBU#+3~Wt!ZZOEk7P_X)NQ^zOFGGQn=ORWK%7s)oYi!14 z4^qnVuZ>?b!RItV8BXS+2PME&ji`Kwsy#nw1R^j+BGK_ul~!W|8S@N#Fe8jiaE44Z z*2-xZ^I66jGPMSlWb_>hNjdAm{Gdg$%=;O2qHZfe84H>z^X}a731mc5surL)Xh@J} zKv<$VS6m>dDVCiggDKmLeZkJ#xzwblf8C3 z)=EW2j%+iiq(mj#DW7oJc4NumjpTgNy1>OH7m4h(LLawmg+SR@5UE5St6X5KQPA^( zf5U#K)B4e~>>sz(^#7csIm&xB0N3dM!)M2xy8iDTbsqKqLlinA6V#etV8$g?TrA4z zRGXP0&rlG>wH8-oQfimh&JMi5G09T}vJ0a;zCZIJ3AUcf=p484lx#}UXvLD9fL%*4|2-$G=Y)TVOm1~ zADd@e8Dh>9p<0VU|NYPdCL;^}Er(npob_M9fTy?*31|PIG;~l?Dq&19O|+(NAfpFC zu;G)lS?0UIiBVDJhn1Pvdd$-Vh5Lal$vD-Tzw+~>?_N+QG0p|PeK{OnP_6yxcu|N; z_m04^)yBPc`=Zp=#`f}9wsVOhoa8jYcBVC_RLE2~=V?Ae+13Eg#!!BV5vVLWWgm*p zf=imFu493~`MVRiq-qK?o-=h$)D+rtBHAe(xnU(+9>^Z7ceL$_voRz%rcC3~!-Gul zBqdT>Vg0xN>VL`>rlU9nVbIhl2=?J}O5-UcRBDtGk_96(8iR2HwC%7K&O*zXqX2gG zAWH05-vd3uEh3hu={_*Nh74qeF;Hn?fgPXmlyj*Ep9gJ)8ASxJJIM~UeeJ&=Y7PiX zh)9650?yCBobH>k`|t23LpD?-zSxVvejeZ$MQME-Iy~kq#!Sh!Be$vBcVf*$cwj)b zpu$;COLo;i3!cLzVMY>8qKyL8(_Nxc`q2mHx(djM&vD-|prM} z5pe!)ADqipnc}XlWkbWVPvzXQ(BH6h0op$$l)=!WMf*i*$}hDWM1R+mp1+g-wN<2} zluz1+or6EMJI~q&hwY+exGvQ&*Zm%@+PAf2>F?Ns!=GuZ)taPyL{jI8tJG*_0PE8_ z9Xr4Yl}f8=%?;xT4l%`8anXaTZ>^T%sh*L>qlXW_wOV96ri`kE`CQlkHT$n{mZd}! z_GyZ#W*}18U0s1|?0@&!!LyqEKYrSIwEquMuC79-Um>u=?32?-pM)D|0fgVawRA-~ zhUlI35bZ!MLX^eVw|Vx0(5;7t?P)(sMM(S9zltm#iqW3<1Xk}PQnOdq8%j3XXwX& zMiCq5NCFXB5HqR@$xsQq&f$CUdZ_CfLy%#-7p;rQDx`r63N?uu_^R(Co2oKKc4?{9 z^yx=B8|LFN{c4PgH$2MG;Ur+G8b z?4Dhu4omHSrzA!Q{xg8!Q*e8p_-w|RrL$qwRq3>~ETL0OXOW!RD7^<)S3p^u=E)}J zB8z@gE$NKWONSx?PkC6T`(=hgeq&E~}o!79D5SyadEV0$tj+!|!**D`P`+S&T^zB=#Ayd^}>49o! zRpGcY7wVCcbW$R5tQ~kggL8@33&gbQ+eWXw34254YxHfz(_IBsH=1sN><0HS$*iz+ zaASmJ+&OSbKbJkT?k=!=HbQZ&#>nRJW+sxL*4^c=L4l@5<*n`iM*q)QPQgRc@*3!0A~V0iQP@6kR&szV|bF$p9RmeEuwv(ob|@}pJ0~q z#SGcqmjkbv|3{stPiyhtv%`bq$NB#d#d&7hbQO`A>_#pVSHAKxb>%l_dB%jM5d4+> zm7SQiM2I;X(@8E6MqEunb`9|Jca@B=O99rctgm!PmPxH&?5uiG4#&GGoSRJPdr(Um z#=3RkAX-RfrSzo-dMogCM|y?i*pgYyRtMgbi!Nye(|6Vc2H-o*g(252EubhR6s`uT?~!^e+BFzmq3F;pxfqR0gK{&|w2fAaH}LISZ|$=p zlQn$jd77T{l*Wr5^wUeSkmYw|^Huj2;9|L;d%e$wESKsC$>zd$_N}c zDH^X@f$+uYU;4kkeEVtG{q($l^2@L1pN4PW4EjHxetP-lr2qEp&Fe-QHg#JiVu;r1 zavEqOu^Uw2CaTX*2g9@B+tb%4r=Lz=_n*H!eX&k%-~kOC(4eelbH=aqFq3|Nlq)Jd z2{Kz<=)Fi|G%)H_kiQN{eOp@y8r+5`0#Q4=Rrz?|KDWk!kTkl`sL?M z_Tg48dfhTStcOnG7^Qs0lfoi~FhG*L7gXUJ7Ngmz;S#J)Ew8Coe`|zOn*zV&C|7pd z8CJ`Zq`zZ5jjcV6%9{A<{Vskn3CYU$J&UPnbHi%MY(o`8gO95@rCxi~6t33NEo^^n zT|@Q0-w5WTUHQ>vqy8^Gc$;3o*B)G(|EcT$!-LMj(WCx$_vPYl*c3uZcL3$RTQL@v~8ioAb7Gyk1KONPRa?YxEl*Ib>kpdMVx9()LEr)Gg<-k+DCgmmf31|Aw*B70gO($eLi@f*q1k{Hl6K&yOb%tZ5 zKc6fe$^NUg^Bqr?cp?3t4Vw5#1NBW9+w<;5!fVafNV`Sb^)o8h^gm`?Hu2DGbQ(c< zCa4KgMTQ$-G_m3q8X8fqR>5vE(5x=2jJKQVvzRj_c$%Ux8%=d2(PS(uloo{aAn>SM z;ncFVR=Gw;Zw>vAc0wM@4=Wq}|LO|Oop4-t{^#(hp8q*MK6?7-|35_8yd<+RA2`I2KxDnZ%gg`;{ckt4enXCaivQ%0sn^T8j@#)dYq{YcQ& zl}Q;o!>z`WM2co@xy2{~gLLntlI$rJ;Ysslsi)M*6BEP`Ro%=AztMP)LB!GNR}x#UjZCL{<*fxI<^f zSM5=1mo)$%ONB3c@XEd`4q<7&%J)!bY;`(oD_cdizb8{AjtWbw^J0#C{{WfhZLLCM zk2jt&vsE@6K+~|BTY1UB25e=5@G(F5cQ2dmeNNB9Q4-!@JaYOQ_ zZSQ^w>^bn;HT7~t-`ig6m-V)Sun9tRLNa@A3Pl<9&(ECllwM6bhAEN1;G)2_tN73a z9uV!hdjD1DwWg%cQ7jy?c$fRiearn$;xdV6i+9E z7xoO_j7mw_B!Y8$%Ejpez11S zADs4IygH3$$$jFuM*kmok89_D4!TF($Nm2gQg&(=Znau(%ZXa#2=01S)aHw#qE^e^ ztnfjrhu?OK3l=6+P4iI{^I7|vyJ+^ji)&0cO=nqZmP9NG2`WNU8MRuWF0Izi&JO&H z3I>>QIAdep`uzE`IRtAUnM2~mq_9%hc#W0UD$lg9WI*|d&YZ3^`@UC*3KiO*J}ao( z4HZJR>CQ6FOAkWmw}|l?3lyUMP2yZ%*47f;8xU7~6oSTBuP?HLEPR^4SWm+)MBa_-k9Ra46RR=Y)4t>G&(j7vBz9yN82mtyca z!y!!b_0}hSN5b(DAd7jT{ms6)k7p~i3SBF(n{teHgbjx;_0Xr|!YVDjVcxXY)y{M` z$%wbZ73>z*dOmi2#+@m%uQXE*3TUQqlFrRfd*Lqim!6))JMif!;rucc{2!|NC_l>O+4 z>mRGs;(wCqfl87Y-eV5nn)ttablk1q|N8XcasB5(%GUVbdPJ4*KPH(nXZxLbbtbbZ z`u8&gW5H*-qAXjw(7+;!2`ilf#bHJ#LiY{($!>I4!xHrwV@bB^IJT)@oc zBP&{d$}bDoK{GK%qIuhQnq6_=xquJarmYlw5&mlpZ>(LR=I4je*EX`k>C(TSw)din zKnn|E(Usv!dAGNYX+!w1!D4(@e#Gn|eCs=ZQ^FG6tGb28o@eHQUQcqR;xv7@vV}!| zShv-FwR=!y*~7*SPD|lyUwA^a4=i2(uYivh@FhpFD4a%*g8uoLIhT)OA2JeO7!+mJ zxrE@m(29tWt}&*my^2YaIZB|a@P5mSDUwZFD57;?xsmC$RrZ$G)fAu%hTYH$#kskY z#@3P`^LVO5hW`6uCF0&UkCb^wtc$bR5xlVbK~@_(_suP5}=I zUQMb{+x4Q0_hD+z)y=eD>Kvj3Gh_*}nCd}<>JpJTT(amwD!pi@NMj<4#lp(KB|-Kz z_3pLS1H#-4VXr~-2C7}nkYw(L>Z}-3-mTVVsOQr0C3URg;fwtwnVn5kmI}`*TKM42 zfYVi5J@Zhi)%0)hxfPKYvTb(zQ*+gjn}BUcLzoanv^ol%qK6Rr1^IfE=xGkSpY6xb zdzM6dXPLAykGY8Vq8#@+qSHgHoDZHn%;mirfF}W`Xjd_ORQw+g#U#_v8IS~~JT{jr z`!{Qr->LqmP|VGB-66OYJHt<5ZajwE=XH)~IjlWPK literal 0 HcmV?d00001 diff --git a/released/assets/rancher-backup/rancher-backup-1.0.301.tgz b/released/assets/rancher-backup/rancher-backup-1.0.301.tgz new file mode 100755 index 0000000000000000000000000000000000000000..258047bb894433002ac92aba343e36a0ea0ba9d3 GIT binary patch literal 5321 zcmV;)6gKN0iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH<$bK5$0_iObl&d}M`-kOwbInIvS?Tq4hZ#_2;kCmHDCwr4X zmJRBP|=di z)1U6I^m@JC;lY9V+w1k3fA{(ahd=Ed^!9tb!@d39;ZME2gWl7*gKjt0 zN<~JFY%{2&L?yc^pK{rCW69x-yHIo% zT+lRi9Sa0b-yOjPRWq3LoT*cyX3$*_(M{>t4J+C4Kn`HNqit85Od!DtWg3?r9%PC~ zDUs3&>p%Th|5dgy9mOFCgSJLNunQM68qXl1QlpfREE$>87>pC3ZHKjR7Fy061+c9L zQDVpX4(JhX5wSc?cY*OWWFRw)fl3Pt?D&jloJ&3UJZKeW6cNDoG~3tqb@+ayIUp<{ zA_2|{I6wb#ylckpzrvdg*+`N2d?y0?`3xs0O6%Lw;W1}1W=eJ)xozFP6>A>CJp-}> zHO>ZFvQ_^qc@7tZ8A&*awhB~FcZo{rM<1N)Dj;LNz+K0Lc0~%HiijyHAdnHEXq=}+ z!0EePa4uVIio3d&4Gqgam2=BNf5XxxX#bQ@1|yFa?H8pfztC={m}R9a1IZWvE+gek^~ive7I>vR-P^^7zgJ$(4B(;<@yWmGNA=cfK|*nfrdEG3$- zPcuw41Ch$^>Iz(A|NGDOo;B?M;la~K`~M*2@-lS#6#_fVJ~@r_Nw|R)K=|!jM^~g1 zh~8Nb(GJuiL}?wMWwT6BrX~>lL3V@h0)VN+@<&k7gDhEl?p$7W|JZp?S;8;MfW#Un zk|d?N)f3-3DJCKWJ&)urbab6DY6W25d$UPvq6;q0Q%({Iap7agc!o)yVq!Gaj7#)E zcK+CP1Qt>@A4B~y^nhEYLO4e~vHh4;TX^G^4_sU01573uYlq-9A36N`bzzJL5FCHW zNgC8eV`Xzx*yutQlRQnApzE7xT}NC-rAD3i2ukEEHuV)8_Cd#T62=%4?I1}$M?d~E zir6?u5{S@(m{V0qhDz9W4&RH{BVE@Rf(+xGXkAQJA)UFPP?M;ESA8GZRFyHZD@&!O zPe0Q6D4$H|S7TJX;ZcqbCjk?eTAH=BaZw`>shz*lIkmM?GRE{;GELo}W#ET@kU@=P z_v|8dSZV(|B{4$q?*Rm#g4^@N=X1_1oh_rTPN%J937ug&kL1io=>xdD1j^zxPc|_Z zS@fG~NoR~+IusFj%EK}}EHf1P8_BY$Zcxkc{qnM<$qK&YTwy~9>riY;B?-q%3+T+I zW}*>_1&y2Stq==KdP6Zbc@0|$u_=np6062`)Xs^?z8NRk=fe!6Z{IpCnW}E32kN0! zjpN!}XhurXNr}X>Qq{Xb_p1y6BISwh+L zyR$;q_H{MQRl5QG&QezZPYJM@eC)Lg*920*xh6bNiwH8h9?>QS@1l&LbMN*v)(xW6UcD$)(Iu^6`fgl*vbc0pr|BtAX}lc3Fufp4S$;>hsJgcx|LDJmXKz2f9=~18-bHH zMdMW~5WYD6%kbBiZ$FLtpPmnoe);wE)9CG+v*FLjpI*K>8ooVw^SYIWP2E;@IMiR#niv(d@u?eXiQ<4?!0htFRgzgQM=7E6fmZ<_)~~LcHf5Z%QS{*6)-u{< z&3Z)a@8l?;nAN7Dw|pQzLS0eu{~_~qla5;(3u~~8e7dI>iwyf+@c4QAHtVn{Z&-uB znQA|g`Mm=9(ay?ax%aZs|1T`)J>a-*|KEPE>Hj}{`s{K2=Rrz~|KDcm!iIBR`sJr> z_Tg48debsItcOnG7^Qs0lfoi~aE2s#FQ~#dEJm|a!zEaqT3%DF{?-VmHU)mkQC4=_ z8CJ`Zq`zY`jjcV6+M0OvejC4-gkXirxuIGz+fc>O;NxmfsW%=qh1FWRh3&7c zYpCA$8^L_ED?hqy)c?f?Z`14d+JkHJKTZ9=-+Oj=@TmVEqSVs7Eh|Z-qCayVN7$Bu zX^xgqqAFLW3P;>%!w`Iw!D7#bEESp>Dhg6c+OD9(Ab7Gyk1% zDfR>K3x>jv?YxEl*Ib>jpc!1s0elE%n9hUWZo#HWZMY@BJF|N;q&8hRC)pZ4zr!3x zn-ysRe$@&^D_X%*luuS4z4fj8X86`LtuMLVaP+S?3|AlR1{<^D5IQoaVjNyKHSk=P z8*uNLsawuvBV&I~uRdmi{|#fME0~qokhQ_Q1v@08_*Ee@^RD7#jEc0f6J5bUb%vwT zpHEhfWdGIL`Hm+mJeU5@7ES!5h59y(-9>*R;f>~Nq}`(J`WcmL`X4hc+jwXD49r3E1a2s|n) zoLaWlDmUmDtfBwWPRL{VVP&KLUtgiQ6OQZ7|Lh+$^FN1&dru$z|A#1>mt;1keC$HX zt#UlAt1l0e=uyiI2k<5%Uvlh7B`BM|a8$1)a%A7)EQHc}%E;7cKlr2B*w6;9J`!|! zX;Ma1U;@GW88Uaa!JM9IIkq(F`=^$6foQLvRyn+ls9>H;1!FAEP9#A)$zBiCRw@e7 z*yBs~U2&92v+uvJHS~`-)wmrtNUtgal~uh77vO~Y<)my==DswPe7ZoPg{0fA;tHn)$!pUjNblKSbGJ z;cI&+Z)NH4wwvRSV9$ZyuBn$J`rh_hzpS?vgiR5mBa+#BQz*)4czWWLr}S#l3CxK61(yY`ZN*0> z@PKH?)%%wQIkhTEO(Qt9r(B#quxI1A5GXTla?ZMmJ1sZH2^VEmd(@pu`!NcNBb-;V=l%H6 zbL5}7H1z-3@$ki~<7l4TCys0M|KY)2^Zu{?!K40vn6lNlaI4dKTh7!XM{w7xqBdU? z6?HoHW`z%0Km4{`T(B^uYL<_qn9sY{+(onFU0h?rX*$nRvm|0kNKg@)%Ba%`b?J1r zwzlABRB(nFhZ8p8ozI^?n?tY$k~t(^ObRQ7jn`Ott@2F!N(PjV=)~ztv+uh?RH)GP z+tli)yDb$$w&~6@2*YAktZ=EXLU$#qE6}VldE^opM&O;dGlU6GQ+{F8zPSt}HD<>e z3|Cjb&WIp$R48O|>a;)_$)#D_GlCzXHvu-P>=!Lhb7{;}j~OicBr3O?di)`LgImdr>bG@t$esC1qEo zw6T#aDrD143q^303!%fK;(WWzvy2NRH2^K!SCpN+u@qUS$Kh#t6O$1b zZ9*jw2HbQBN$mvz5sc1h=3S=*lmQnB3U}7HynP9@7pegk485%|n{1{-?+?2R4(GU( zyYSg=@cRXqpAEC0?V^VHZCDP1tN68nsb$(e-;VQ`Fc_oJe&wW$nuuM_bOmSjp+M1x z=k_kG?K3}NIO^{LKre{z;s4MnC9!PkA{wf!vjDT^F;fiLvvTpmC$N*RbV&eAMNNHjb7?$ zK_`X9T6t5TZ6B=F0&W5lZ}%(M?XS&T?fPsyQD)C+rX(O$#$whkAhHL`6|Y^TwF_K8 zLIuVuU6$=NqSJS7y4Y#4P7sy$zz8Nl6nt(T82JpYdrL)?@noYI8oNg8gu7|0JIUSt zMACFwzX3|M(OBHZWiDwMqrH8j<+Nbcu|7?;J*O=K@W{FmJhwX+&g>RmOw0vM#oSqk zzdf`bk5c-^DH?iM3~x0@GW#h{F+S#v0-}M8O_ayrtfu)uX$C|8~TohC`M}@vPTu$ z;I&>$(}srEF=QzF(b3q$mqz?gGCdecGRJ$&0bCRR_YV&H&HG>VtH=2N0m_x}zx8@* z;eSjrWzP0H6Y9)jTlDW|2quEhbwydWEF5Hm$hpbJ@GA~;Iu+XYDWICxoMB4_L02b` z(23bLr`mH2f8he=HX&Kl*Z%I5Xg^oF{;z_( z*J=t-2BUuHh2q@YNn>kCka;}QVZreIs1|YWnn%jKBi6;)>7#GsmliT)64p<$l)XC07Z; z%JxJ-CeZY(Bk6+qn_f+-P}}aJi+5pW&ehGe@9CVL1T$m_vY6^Ygz5s3Ib5>nLMpw8 zrbuHVi^bB)z$HO;HTCYb)&s)a3}LT9^aiS3&X8o`hU&Z+Q{JuCW~k@V@g;RU;^B+^ zB$=H}RF(?QDq8s9&4A;ot)6)(RW7y?<|uxt}z$!o|ofZM{RnDmGi-qhq=601Mno^6m1o!N5%i~ zP)srnodHQ;#$$82vVXH?`JL*23dO=)*Bydeu`~P>=Eh^leO~8?mczQV0sPvGw&KzM bLnraEJeJ4uPg(vq00960`|_H)0BQgLit2gE literal 0 HcmV?d00001 diff --git a/released/assets/rancher-backup/rancher-backup-1.0.400.tgz b/released/assets/rancher-backup/rancher-backup-1.0.400.tgz new file mode 100755 index 0000000000000000000000000000000000000000..446148c4a1dcad134a754c51b13842ff361a6b5a GIT binary patch literal 5741 zcmV-z7Lw^7iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH<$Z`(SS_v`vs94MXLWHyqWI7tWIodw)9b2qrXZ4h@_EIPL> zEgjpO$f8P8PJQG4_XQu4sfX>n>dp*86sRnb=fTH$@sQyp2`9+?AqlUtw0$}uTn2M8 zjemN)(&=}&wJo@vL$Z*ow zG(;}xh+>fPGDQTIYCWffKq=ZW8#B?iQ_12D#BAKU!ud7hk?6I27q@8nK$8(CLh>w>8OK&* zKhH|+cRH;fy~zH7OGW9Z6$kxWT(Nya^x>GkFFu-j_w?7&MLkt~)Vx-iVbE0i!|98^=9jDf^47iNpwob1iFD;Sya%9VTQLD@8IQvA`C<&W-{QVInDs2N-gcugMgFjzFN?2Qgt; z9Kp~CG9@N}jr6mr3?WM-p-PlN|NX!LCISQgErU!TocDi)OBUlkL@fCasi1?LPyr)~ zaipYm0~tN=ycM6U-qPPWjv5_U#Lr2n;ihZ(j`t zS5#>LI-2L*rACM2$cW@#yM0xNY^{G;DB77o?vFDXVLMggQ%FptKVxw=MbTCO&PPyu z2@$Bs2W21f!GdcV$97cEj@1f5K*B}3W(+jnbHunA)pk9 zQF8`bmRJg4S52bG%=JA`Gu$9bvN+y{gw>FNNHGK|3@kA7Gn_Cc)Z}xZEioex0Cvae zp;EH__XEWNNg~1{U`Y<==U>kD_1yh;c#~o>kR-g?3&4E7#1ZmB1vdKGK=z_CD1!Tx(xNn(I_DBv? z5jM)0iltK20!I#0N5cs41{P|977sJg?~glcOj9Z#(7Y#<#K+JTt{US!wi% z+ezku|Lt2#Riq;b-WdzgOw!y%X`Gxzvy{_Bj==kaXnXepfU&^hhqt5$lc@IGy18lp zvGtxN5xXut5~G+%6cwUYEqY_1Xpa!o8WQ`^Qgw!?7QcD#tRy9ct{K0I8HoghxqTtR z2}W6rk(N>uCeQ`h`eWM?nD?^&=&O&u1Kcp>!xgGU?fR@ryKA$&XWMH1KN?}EjDgo| zVDYQhxgzd?clISCu~+UI(>JHNe$M-1l*REJRDJEOE0;@))1dVpLGmmKb$tmZT~N-P zfFXuN8ApOm(RBc|5Y~o~0K!#AOsUL!h6>oV#@@@<165ZmffU2Npx#YJAYEFoP?4yB zFULMGp(?Fl7lukjpL(RzK{guEuUerv)1#Ojwg zWa_$J!^HRhAiNUE_St&suu%4QOhN?jKRxh1d3WcDO{Xj|bT-VoGM%QDA#{TAG!PTx zruX3H251t-S+t6|z@T4MOIStp%AyFs5gvx=ei5Ni-$9FMO&0JaV-hQ! zP={hdDv>{&8$g#PG!qPv&uCa}Z#ps8qPOhEDzAPcAtpw#y2qAtJ80%aN8hx8?DC-QId#AqTG}_iaM}z)_6EtNi?^M3uUr^geDOt5{?uE zkq!Tjq12IL!^)r}f^I=mlgzTzIr|J%$*W&$@ylYo#F1j5)|Ul#yO?|uO{wzVNlJg_ zEKApP?UsVpE7yO7Y0TzROdh@+xMBStb&jk1f6ot2PM+5PHj1^(l%HRbNsH4DMTXcP)EjTS)ygiLkOvvH!iO8l) zj1Ks87Tz9yIt$lA&Id?8*A&1#)rBV4Y%3ryddOc+Qr9ANSTuVuszN@XYhp19mjY#1 zrfwT7H*etEw_feDB;y*si!6>WSWLrt5Bl*nnTz5(CbQ-6=H#FLZ~yY`r`P>o&juI$ z)3f4x5u8}FoJuor)Ffz}YB|D}XMgGc_0`)?gYKsn{nKCmdhu!S_RVGg=d(|*-kkQ| zp1*nBNW-dOD|rk-oh~bZRua2H1g@g`;_Py8K6rcf`t-R?9dblP(&0EFt* zre#z3IV-y!?AuZ_yQo?Ah}}$%9E#p)%16ru;v!TPCHp@zjaSLI+FYo?&SUA0T+E~E z55eQc?3=X1s<>eZ{%We-K<0frYGhonJA|3%mTHNk81lM6YUw?ONz03{i+*S(Ix;A1;wZ?>UwDCJ9kzY1ja(70Wfz z>ZV0lvB~jEhGMC=tztDS3Hm!$!`RBwDD8(Y-|ylV9gr-2-!qt+5*wCVW-F>_8eCk> zA@$0mqHwv7ZeY9n>I$m!{Z=ra^vaJeE9HOw!AW|(uRhom|2;lAuEl?!cc0|{HcBbX z+pv>V2>MI=aez$`nCfit1dQHqhf)!D#^Wz*|Njty^PI zc^235U7k{BbHR=4>=hehxgQ{UTIO()j1iutL{9eM*(d1z8G^si7)9`N%!c6U?8LTp zyxr;VD}EF;?LV5>g4T*gA3V!JpfsQzeREjLQTWk=?v$15zZ{`?5ROgxzlXK+A15aV z$4~2j8)bD!W~Iqz0x5U0@fxEq+cEUyJjEWoNy(QCTS9W0j9*%+YlfWYLb0M%r!;05 z>l)2Tzlx0&ZD4&m@Xd`j87apIy!R7KY+j?zoNh>29(3J|<$WM9BQagt@GDWlG!qhr znCDGKUNgzg2$UifdDocKW%DjiV^-|D?@JBc^yU(`{R-*Jia^D(-iYyHYa#CeHcg47 z!x(cT7l8=!?xg7-mQC?+egC67^q;J(T>n~o5sCTPUq9s0J*B|L`0r8W z{NLe0r}LEmv6Zr8)%#e&Zj1@+#*8WJ!dsW~<$>p9IeFlze|vk-(N4pT@rXw(OCsf6 zM>Leq2ccYK^U-ULIJC{#Z_k_oyIWHyOmW}#O1{+Fny^7|N>X!hnxY8$7w1-Z3a2I= z!GwrkaGvAZm299L4+!>by??8aQ>r3)=3>sH22H%N$0dR0x`k1Gq3*u2vqH+<3-0ij?V;LDj@&%MWqHcv00HbECq1 z47~gZ$6EHBA3u7H{41A={J%Wwzx?$qm`0C@V}txZIqIHN;y>M^gQxw!t(2Y0g&VEb z+hV2WF@lHQ6|wrJh@jOnrz$@v`S9CrezTAx3E9uhIp2VpcceNZf47^Wvy-euvm%2H)7 zDR3oZ=T=_o+^;gST$I*tRVkxyH&pPGRd=6&@0%moeqnL1L$?;y8ZD&b zj30}$F`~JE*K6-oCZ9vC{=ynui=k7hahAGAc)laNKqChhC< z`fH(;=vsnZ6^AslZ!mbJmIWQa! zQftoAB?RVxnPjEwH1>gUh$zQU#`B`RLUi%YE*G;b>I6|?5=SutBH?p2ar86T;VlGJ z%A%FsP{|%C6K4OZ!n1me7)=T%jykVZCmoYemCNOlj(Vw0HLXOU3^ushWf&n&KnI05dF7#LRsto8*8WJ{)Z%$`fQ(7omL$-dH-&NV8q!}RTM?b+%VRNta+>zzGN_^ zW3FtT9I9^35^RVdsOkhFI?@SdvN^`^7sg>~0+J;OK4I6nS)iC0AyK^TTd6G>u#Ce8 zrLUI4J9qt+^wydz7vZzR;At^d^Oi>h+>4bi5nN4uk740QTDB{ z6Bu-T#|3BlOuDHhKxE-WxdZ+8gOaDcuODgR9I?vJ zW(Dxl z6U(cCoSWy)zM|f~R&s#rlcDAsBxjO?cB)SE zIpy4Fsi%4-EMG$TAr8LK4UU=BL`5O+jG%=N&I&kNwpA++g!i#ftUd z^oPEe;(v_Jm-r{K~I20Fkzv-Skb*%tN2dUKZ$&%uj=%{?$~L5a&_Y{ zWIxwAqQ$f>bO75J(UvUu*D?w#_TMd%pYiIh_XBUr|9O5~-Tyy4K6u*y-%6?E;;X@R z_rpDVt%PIJo|C#5Uq|#B;{J53E=^OD_SS<}WD1Mcg=)Lx3 zBEk?QX{ND^toTym?^zAa+N6g%f6g6An;2Zl+5J)4Yng73xoQ0GzWzrs-tkbtru_fs zM-~6?u-oZA`F~p}mD$)h=ZYPR`czw1($m6UACn=6KPwc;5IU~PQ#eWzq8?EBHxU4 zwWK%Hd^f#Wne5LN2H!eeT3sKr0}`i`6=*AMtI!|a61kI;nzm4*pN;E!Hx|A6J*^8XGt;Kuk*b^rgc+dX;8|KCb^wD^zBqgi}R zm5bspKI*?Hw)mK>@lf+g*RAWq2{j9>^b|X=b7&5vIdk+a8-F9fc zW7Oy#EPmGrQbA9>nZNjG{xFi>$@MLPV?OjBmB>3SWZhftf?j+~Ir}??Iv8P3nuxjr ze=J*J`L}W10F))ceO3Frxz832r#$O~HX&%wy0@`=YgF8_UHwn|t{pN=SwjamA7O0( f;~a{8_GAS;m8bGlZ2A8H00960S9TZD0Du4hipWi> literal 0 HcmV?d00001 diff --git a/released/assets/rancher-backup/rancher-backup-crd-1.0.200.tgz b/released/assets/rancher-backup/rancher-backup-crd-1.0.200.tgz new file mode 100644 index 0000000000000000000000000000000000000000..71debc5df5c03ac04ce461f60125e18280cfc7d1 GIT binary patch literal 1719 zcmV;o21xlIiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI>{Z`-yO&$B-Tk^9j00+!{(PA&u#x0%xo9lEZtv%VC4ps8b- z3q@)qWyBcv-3N-YElboNCu!2HK6wZ%@%%`hKRoB~NMcTwAp3JnZquYsWH^{CvDDrg z$L!>B$oGB!Vl>MB`@UcP?~ncA$?*L0e0+I6zPLC$@rR>}(eMQMk2HTHrAlLY;y-w< z^5*^_ggF-)Ybv-3dI%A$F%ywTu+|JbDh33krV9#TfO1=L4qMVN1RkJMEmJsk4&gWk zm0$t^vJd+blt?83)mLk!A$GD!V1O0$4f}Qt1$*t`gnk04sNexw4SOLdB59(t-|x86 zm@$R)63}FNt}-V7Q8F zFixZUKV;DDI0=xgaAu%C?1N2rZ(5-?!uN=TObRzN2BmSF6acTH;@(26p=M`9aH|#d z`TsB9cxL?T*QZm!;rjH|7cT~-a8z9CEaP*nGLj-q0^~9Q%baN%A!}R(!6ht}m~D-y zhmaz|Ku=hzbQXhDI^W`26ubTa{rOi9p%rE{%!FZIiUj!8$9JF3XJiR6whs|Xq)1GJ z+hAlkxpi*HHO3HdBG*}R@>Opz8SRgi_s`A#RD=GVZjKvJ&D)5nz4IE@1|bmEx}*0tSu>6kwG{fMvh`Xv4tHC&tI82o%O>Uurs*F85n_ALQ#zG@-CI%`Hrl6C$M&DiA;HAbcef0*Twy@r*!NoRp{7Ls^oQ! z7|?)nXiI74y!1FWl@8(kuA52^>DuJsdm`e5L1qEnn@q>f&G$o&`fvL7>iU^7xj`Vft?*IS* N|NjL{T{-|Z0041bO%(tD literal 0 HcmV?d00001 diff --git a/released/assets/rancher-backup/rancher-backup-crd-1.0.201.tgz b/released/assets/rancher-backup/rancher-backup-crd-1.0.201.tgz new file mode 100644 index 0000000000000000000000000000000000000000..cb12b3f3ea1cd40d43cde6bf6d48e1e1e4d72f3c GIT binary patch literal 1675 zcmV;626Xu!iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI>{Z`-yO&$B-Tk^9hlFJM(lYA>a4?$!L`Q_kF+o-yi$IS#bGkd~rD*1>?z?AB-lKmuJX-r1={uRT|4P|G{&W zH}?-A%(>85Q^8d@K!{+CnOJ!QYt6u;;w1s8>5@VeqTE)T!`3v4fQRT@%M{L?LpY8> zC73{n?8Bi1B~nR14b@g@h@ET_7+?iM!@gfb!CnVAp`So1DtL%C!5{)fBu#Yo`yE#r zGp3MU1DejR6}deUqhTQtUDzM|pcEKlt=OB|ywb97P#BW*;Tx8st>4G`2_45dAp+ z`NK!7*CFzh#yVA=(n8`DycfAQBD9r6uL78YH{An{5IGkp0gN087fia23~J zoJJ47%b?qF5+Hlw%t3!R2Adt;v_kEK?-2=^6mDn?O5->w0A8(%dyBA!nw=5Btya{p z-~RWFXU4yNeLe#mZO{Mrn-_ypcvW2LJmYh%awSEYgvezAmO0ZjLe{tnf=gH`G20u_ z03k($fu6Ed=`04Rbg{>^D0clJ`tz>=LL1CzlnKMW6bbOFkMBNR&dC~LY#$<&NRgNb zx5LPAa_iiYYm6b_L~gS{GZlPES92iJ>hX9SLPs&l3_xO;g(S;@h~OGiPWdW(dH^ngI+kyc(3PZ`4t1|c$uRq17&VP?3O)n_emZIFf*DYFul4r#8R*b2lkQwh)2==FTw^Ru0STxElLfEPe-~ojy@{CE<^hN{EUR4$DW|pamw61szWDLnct( zVeQTi5wgreHN+0jY4$3HmA;XfE4qu_ZdtcT+Q9shn81E-h&;C6i&p|xbym{CT2)qO zR_)MR2gU}gY&;_Kf>27lJ$kdt20NROQP!N}M6HFsscgNLjlzHwUQtz?Q}_mX%|tX1qforAM1WjlchuR|+-{-PpXsZndDkde&lg&&M2ef|Fw^!e)lg7Gw80-RPPmh0kOrC6NqY0E`Z zyh*_r$Qdj_0w>2|-jNg3=K}?O)C4VOM03TSR)(59xq(YUb`$Cd)%Ee?P?erARZV=Z zjm@sOe8?CXkgTG6Vx<^^b%?4aM{LPhS}M1?#3WzE3|4TLoV0p|7r>md>$ITelsCqj ztl!=x5|nb~(Uxi@)jmPKcc?9UP?tgq*^@wGEo!T=&OjT?(x%0>?DvG3I@I~ccrLp+ z9^p)tJI~cTOJ)r3jk(oqzIaXCru0?;bzW}GmYYh4-JyC9ciZzm|B10XI8B{>kDV0R zpL;W>#u4}3!{PjI3^`@yVKoGOaivXL{;!3Ehc*CP^8fM0cvSBHT};M({{Iy8S@VBm zJdfJ|v}QWb@G=LmbJ@<(u<*RK^JbC0uXgcrEc2!n>0i=#n^{$r>#0nAUuNs=SbLrC zq#|HouSZ3y=U@b02}Lo!%ez#5=R30Qoxs|qB{Joe(H-t0T^IL#PpR)IRjBVNRq{GV z3}`?(wWTz7UV8LRrBisn>ZZ~|x;ASnY5m{rYkzQkM5`faD)Tx39Ew+`Dc zVQyr3R8em|NM&qo0PI>{Z`(Ey&$B-Tkv()9U{y-uco0ymnbQp&x~{OZz6^Vysk6<6 zA~ljSVhsE414Y@ECF+lpH0f4d9s*0eAIbZ}yW>e>PF5g?b4+g2WJqN6ar1TX7Cs(I^5QqEjtXICT!;I0ltq z0wJ;whZ2-XB>^>58>Jz3vPoco6$}mgZVd%{9pHq11gWUtAzBB62o#Yt(b?~}Txrah zLV5*gGQC!4A!G@}8`MJUO#&gpNx~?}gfv)hX9_&uJNNy;b1U$Hw zLyv+M|GzxHJS+MC*dJZ={{IwIbRL{gxYNMRFXi2Sr;PipgE?p%3~nipLNrO07V$Lq z+iO@*PBXuVLE{K(Yz`6YPS$vow{!BnPY+ZA#EisIl(A#>K~k^!r1w>HbYC)K>T&k&sE@hQ^>Yj*|l5)v~y^2y3X>84=uSMg9K$ z*RMS@{?)6~Dd1>x`pq9+3`*f;ajCP6&$Y^>6loG7mkC(rOw$Ni<0=R)VX4GyXG8;p z6cGk`!cwKP7^Kqq4%edC^@r&1e+CGxF{4o?4Es_fz^^{M{dhhjD~Pduh)^O$Vj|oY zBg4t9b4#u>o%^| zooVqBR_`zm0<%fxeG!32iJ(>MJsMzgb#I7;U=hfBvs12&1HjF@+3c1kA3@T^ zrWtK61Ov>SV_baayY#zF{d4=6-L4ElS@+Z$-aeZFY zSpV7#! zf-#U&Sbzjh4#T`7C#cT{3i_xCTF!{(iao6iHF;;f_(2#TlSzXg%q+Ufy7$WR%4xk)|jPDi*4EO5i@nD^AGV{c5^tw znJRalt9h2p7~UCktJ!?R?wo3{L43keTx0Jh}+qqEUPx&L=I4*LB6Dd>~t|HgP8 zw*hF)be7>|4q)f9ougsld28p*BK=tH;^kQ8O)Jv>r13Vjsw&r0nfgA@*4v@>I^Rh} zz`$OQid4_Q2)q)CVtki(sr=4&WZgS~wM$E6$}6Kg+(o)B?)#on-&3kk-&3mOb&eR& zfO2e0Y3982=$lH%@P5%vrH6EF^6)(oal#<8fbLDEzH{^CkfZ*azPY;o<&76dk2Ocz z_us);x&FHd#(n?iN$4xrXU|t?Y9Au9!crr>!rCMNrBA6-1reHWDxXt7_nvy{si&TL TYNvk#00960hRUdt05$*sMl3C- literal 0 HcmV?d00001 diff --git a/released/assets/rancher-backup/rancher-backup-crd-1.0.301.tgz b/released/assets/rancher-backup/rancher-backup-crd-1.0.301.tgz new file mode 100755 index 0000000000000000000000000000000000000000..8ad1c1afafa4f5774f443d97ab2cfa6c38ffdbf4 GIT binary patch literal 1673 zcmV;426p)$iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI>{Z`-yO&$B-Tk^9hlFJM)2oOBRSteMjd9lEZtv%U;_ps8b< z3q@)qWyBcv-3N-YElboN$7#~7I(Y~z@%%`hKRoB~NMcS_Acu2I?$TsPWb|^f!cu!1 z9J8~>A>a4?tMNGd@B4oFzklfmXTjJX`TkWf@~_VPV0`7jIz#>=&EH6=(paAPC(l*h z+&_dc=R#vm1y|t!A%Zn#V(AgAH3N@|mjtAy3kp$)a$9i@ThS;29-?zCQ#f}H;W!4B zU;-hs4~G(zNF@O^R2!uscCtxefE5f4`)&;ddmZ3}egdhe;2~NEg9sFnG|}1bcU)=A zm_m95XfnM~Xdz??#2eH?>rDb7!b!p?$%HgmZ)XZT-@EXG!E-C{L~{7QhB#qZgL;|E z=hUO1#s9A^u0|#Qf8~$Hz5hQ26`cns6z(-}^GkVm-zejL>tGHV2ZKAxqYzC}rA0i= z{q_bHl+(;FV$e9k8kr{D43yGKTUgX}0&~~q}QE@7#}Y-dCR zgcK15dcsnrvlyh(`3~2j*!73#&%Xu;tudofCJg&hB*3pfzWa1BBP)opeTYyZMPee{ z79+#St#eDRF@}H>xyb^}MDPV&&VWd($HQ?59mFIv0EtBwk}L}%f@@4U<;(2p9@xBD z&}9j(B;`Go%&GG-3dV*eQ=|n-6=b1uzSl{o`89AWkd*84^fBc$PU8>-PCRn}EHl;a zNs$#qDQn)zL<+teX#+fvRGQTl4Cp{}_c%_fs0iKUxI(HBy?7JTh|}dtzo-nHY0M)m zBSfUp-8?fI6(S$`=>O)gtH?@6T6sx4Wem?5gvcaTrI&Svnc-ekpS8fXK^mH;pdD^a{XY4g!``PS{CZ9mk z#iki;E(8P2ons^{9hTW~HTJcb{|-bueWLP8!XGJ>5EUmJmXEeU3rrphI-KJBOrX5O z+MVqqWSNC(h#j8O>{SdaeJe3nbQ`tfYmts;the z+M%}&j15-Vctqv}p_F)Y@MfD0b~YiStQp6NS_yqy*?KJ-hx;Adb>)bvWfOA+at+ZB zz(G3WOhX864p8-hEsbL=E5}aFc!xqtkJg16fA=e|6l@;4wt0o!YC(PZ4)Q0@U2%O` z)L8%T@@qKhKCq?!AHNDN59|MtAB;wQ{r?p7`Rf0I@iboo99JZk>*8&tSe))@%SBVX zNx>M%DJ(z&Cx>C)krUMC0|kB51TAMobH$!khMGLNflESm6Y2=n_3>k0l^!uwO?Y{^(!D!01CBwxi8mT;dOwR(orp31G_lTJ~)cJ>aF1tA# z;Y^h~&(%CjW(@C*xz%jGcum}<^i~0NUT)2nn@Wf6q51%K+wngCiLpI6O`ZLKofO%h zdo#zz5%=B0{`_wYIc4TyH3WTerA=G@uZ4tD8-OkO|K;d%T<-sk#zCL|KLvf({NEVQ z<2C@Tna(o2%mM6NwsSNrJa6s1S)}i)UA!F2ylF-Hmo(m{R#oMCDpTK=*?K$FUgtZh z2pHJwQIYBy7=c$pQH<~NE|uT;j;wnpuy$#QOnGH=hr3AE#eLsX>U&BR>U&C+yv`8= z8c>dHDb1Xh9(_~k7~ZeCsdP%$CJ)~e5hn~X3+Uct>N_`I4>{_;>D%j@pWb?L^jLGW zeg7Sd%Jttk82A03C!zniK6}1KQ~MB+6_y(571kyJD1AzuDu~d0Q~8|wx%bplPd)Y2 TQ#<_~00960SOYI=05$*s!E+@d literal 0 HcmV?d00001 diff --git a/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.100.tgz b/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.100.tgz new file mode 100644 index 0000000000000000000000000000000000000000..3f245c1fea6a06d2d5decd61afb93de49ba813f6 GIT binary patch literal 3416 zcmV-e4X5%SiwFQ*<=kHY1MMAaZ{s$yUr)b+P8WlU8Z2U4B8QLRJW0+5)U#$RFf2zHV+P+BG?=$O zJ1DfEG#Q>E8kRciV$u|1;7) zMB`QP52ru%JT9qpxF^muLM$q&%cmxMN|%`qZ_!Y4!|`DFu6ssGmy2Nq_E!rktyw7s ziv`k|ILuC~mlpHrf(f5m?2I6G?z4bO9vEUJBwLhL@dLheY$lB9GElYF?@Y@D%CbOM z)Dx{`r?h^+Tt)>mu<0#hE3FqghQ${?_n0U5smH|`aUC!GL!-X)BXka?{ft28sPAWf znr*YA!LY2r@uhn9ZpLzxLYPO#E)ygOVbyw5a&dJ_(zc0URv0*PMbzjC_Xs8PaLfXa zNhYvs(d1~3h1h3O`r@qBvXJYA8IMO1UkD~e3r4|33p;>VqCuKsIo0NDbcY9 z^Lx+b)MmD+X(!|=(nLyQY1(hU{ie;ByCAWGDwjIMY!L&L6oclBRLu~>D^)az^Vn3W z56bx;=D~+KX5t{8z~1(M7vx2+vH$CUa{4c+8!~Yy2cXLSA9V)>`QK^x8~eW&I3cgu zgodsp5zWa2gna3uFhTmhn>m8OKT6)8zxmF9vS9X0W|N5n7OsZKESClhkOfYpC?rQI z?xQ7XgP4Y&D;@?Ul`tUHodumT<$X9Jk;eFwD1{&#__<0A%2rlpt3r}aQ>&SzD(DvU z$95!1DFYQ%220!QMp(GV$01)mf*~$pBwun^IzzLkX#o>3R*Qkz|L_6cpOBvz2}KB+ zY6VC^^DP*tLh!(FnuO0RXR;!8Opvs;(w9&GoRuX5<%k488i4UGEQg0ep|)n+0j-Ag zlQV1vO!$ak)D;}29u=TKEj&YIt3FZLf+j~r&Ag=(a1S~J&+Z*L15XA07KJottpi<@aDeDD2=8VG(No7nl*>FR%fR zK}A7>)u|ePz!qGM9xR41fcYB-RL#uh;e!^0uuidkgTRo!33%wo-N8q>@KDTCiOg6RT1SmiZV+W}{eYv+D}7h`F!pWK zt0fD@C?xdAC(%!d9{P6t%?7Cwee*G-rl0ClCh_Ne^pof=ND2K{?YN|4wj&Fa+m%jP zIwP8faCH)H>9G3)5Dw9Nf`lt4$+4yI@t{io+st?Q3JtfX8vqshzX$$)QU8xRoksuH z0a-ajeP66a&g+!&If=8D02wE2KOvG8S~(ffO1-~)1L#kjDc>$OxK&lP_y%Mu~QMvK9n?njDkC=vYBzY&9#pKCC?r$3hoA!d6DnQ+t792a@VoI zM>%)z=}M&U!Mj{fXfmeT%ZndwuHL=ByS+HSzPoyJ{>^1thD7m*!g|_oY}rsiesH^V zKTqq>*S^HnD$y{r%TJeEYY=!LCC~a2JNPp~Vp%9t?2(--C`w zv8)3ae-aO53VQ#Y?iy3hhfYzg_Y3k{rt4-@bRuaai)4*D+nY@5uks}@_>y~&!<_i< z>msQ~|MXU}QG!ev#{ zfC5-JLO4riu68vCtM-3;y`ud$9QGUguNEl!qIqMd=zpS;dmF8W5~EP9k9e)D*9p8X z95Ny$Zk?HLcpN&e%!Gy#(<)t}Yv&mn#l_n(2iZoCJ+Ge%RPlf2kXJOxPjCaP_`loj z75KkD=yx0buLJhy|MZN=7Pk=ANXo7;pTCXH=>_q|#=`NwO^v*?WxZo|24-7tShr5t zo&TpGXmOMEIrzW7!T;T1!~b=_VfjB^Bis2O3N!-XV}jlJzueH;MI2P}f4`{zM}zjL z;r}||u>8Np7~d)mf<_!18LIeSZ7Tl7bAXlS{|2K1|APV0@P93^>pt`tczvJEXzKfB zK9c+RC7ZGu>QJ|bn@ZV>I;DG1>Wosd9bMRrHpq*YxKoh}TPF{rjp6jcK3nr!rsQjQ zfG68NrkNSXeZucIY=Rw0rs$C|;u*9Jf^VOF5sv@MEU5?()w|7Yg5|1iY=7;ug@{zz zI`2E5tayA^Gr9A|g8c@zeS>eWqfBc;Jwk%$S$bA#2a;~^|I_Th84YaaF?%=7P;LKp ziuPZ7)Wm;lf#`0udWZS22V;JNmHQtq#B_a|xc z*i-sRK_&m^teB^Hf>r!K=x@e<2TlC97APblC^c`3oc@&K!rRQ^qWn30ACBOA6~=gM z8b1cR+y87XYTW;6_J8Yv!`lDx8rg30Gj+DVG5J3lsN(-6bsfCml7vGr*U!Eppep{` z8y5M0Fz7e=KWc#!b^3HdrjmT&G7tW6J`a7OKNdREiJpl^!7u#x<(H&Q3{bfz>Nx4= z6VQD&Is1y(jwLfM1e3{2y(n#389Aeq33UZ~Ld{e{Jsm~t=3soWH$_g`mik1ftBS_?E4b_P&t(RtA`K#r!fZ_pd^iaz)U0%HYHEz1x08 zz54v_lzh(qaD)^{w-{%xM_;ht(;{kUxt`!1YA0YYH8;t(i<{SiU`7D77wAn*@>Us5 zX~q`3(7iRQSae4n{Jsef(keJSbqQX*G}ZE}9A@^%v3c%ef_>sY=?TC+4ZzCyPrF;R z|3-tx{;LHJ8UIOl{^JtQ8~RDk8XkKFKW(VY|G>S8GhI;s`SL%s`y2Z|y+OOl|4<9W z?5(K$hWf==%qEk^_tK2=o7ww>W)i&X6hxa+Mi8F`Y2LUv-)BJN%17}M%%L5<{MrE? zGzM=I-lJ0*zsHADRcX4egb(9UovEH?g_wS90zETS@&Db7xiG21l>U>C09E;a-A+;e z_d277|7(GVht^AS>4^~R>vd{GFs{+7K-*lvL&BCUSlz=qVdP~CSQo8nU>V2TWNkwQ zU9o_96U9f(>lE*wX>u#QB=urcIcurs8rpg>HmL>vNpcS|%C?l)6{T60(rP|9Omaf> ze~Xs>Bm^vR@$iSfIf}xFS}(PqKZ+_b)v(Bz zx%@tUoW1TTIl1S-9CKv?Vjj9!lnCH%J9L>!AO_An^fZG}+o0yQ`={7+W5aWYU2O3z#;iR<5N8||Ht>tjy-vQ z1E}JEk4dyD?|hZl=Z<3DR{Xn9IH)rIJ1Fk|4Trtv{7)@VicE%_1JU$F+vsp zt5lY$&;7L1fR+3I8|QyU{f7VRfg=Bpk=|>b{|_IRaJpI)hM;9yUdR8B!xXdDjPtn; zWx0^a;gQqmSLjazYO~GaMwCL;h?p5FtA`@AEXHhRpT--(hI*`0u;Tv$lE{sGR=>ZV zj1Oc6EDf1tw7bS2SY@6*H7OCq+4=M*Wp|6?PjQOx?Wy?+<)Tb&`u4nhn^g-%vWea> zWjn=X@UtE_kjZWfW68~0lmb@`3%?pZ{(bmG$NxZVfd%p>I^Xd*^L_yut78No^k36f uX)sl(S`7~{RA~*YHm25`PbS}C#`iPQY21sm?PSu9 z1Cfx#iXs?-w5oIaF83_=WVZ`|pQ233v8ANPoz@~jU;!+47rXe_gw(fZEHrIbm}3Ud z3mVSbU)?KoI-Qf@kjUTBNd9(u1NEzcbo(cxlkTWD9E?b(I~oo9Uy;Y97L`SUkYBqF6Xx_fl%=w7mhAy2uu$047wzkAW%-bKj0&ckSV@b@a&L&hXyEw&D^Xb@Qf`l<} zxj&WUP3tCt*>UJbDyt#EESF0Q_)zDucsOlm zESc$}_L0?U{S(kGc*uzBLk$Z#gQ4P@@g<2kG=#~9O&E>hkR6kdO`tLGg~uUz?{GU; zZ=%3JN4N1ylF+{HS--cLFEyE-7<$%F)}Nz}o*ad$kb53qA{A1N584jY-TS;g&g!1J z(JUUzs*_st8IOp$uFPlDcW^j78bb-F>%afOs^4eIwh}-67}JEf?JVyRP=$NYcpBmK zAVBwv*o_#DEe<45Jd$$)*5PxQXYk7k>G)kbCJ6^v$_rhtXL%9gDLaz ziD6|(C(nhxGZ>_R13_g|00A%warn~rICYp~0TC}HT9cf~3W$s4&o7>nCm+sL{g~my zk;33Gs2{3W&X|uQABFC8su?|<=hld zgTOhmo&cyOD^A)i>9$xf#|4UdD;)C}hXLB9_&XafBx$Ol$WKZCkhp8z-azKGcom_G zMp1$Y8UkXWRa+)DghI!d=ix6FzNVh*l*THcA=ox(RqA2;6#8aOU!$;fceAK^{=ax} z_Wae0`zbNA>-q>2_*Q8ERr>wmFv0%$z~ zQ$h-gl&@Cn!-o&88S@s2{8W1p#A*}MR65&C-9}>im5w9gJoKpS531!K=m5Sr+FJKf z$Ik12z0PRZZPx$x0oCIVlUWSY$~`Rr)~)}Y^oC{suhSnj`hOqrh&V;L4B#Y8qap>yT;~(CY4j zPMKVNbVZ_#@s-F4LAda`N*9ONj=ZY>Ug@|=8OyF3;WwLRmm%~JmWjOb9CnA8&-NRJbsVAA6BZKf?xIg{f= z&HQUO6OX&^5L`{~|FZ3i=3@mxs+o*l>~Tiw$CgIAa3i^< z{Rqaz4&qbN?Q|CUeF4~TG`qcLuUy^5k1_fs+m&dcBYep`W+SiS=(Zy6u~4t1llQ;2 zTA(k0M$t-ro_c&tJ-x;bbXAI?-T=svSXyO=L^ z^FOAC(6djO4C?fMcQ`2N|NfxgtpDu=Ow%lEE`(!hTQrVlJaqppx!IaO6S%g2-EGZX z-#I1PC%pi!Xn}VNB#S6AsanTJhM~^F^;=;KY=a+60yTUa@;DHRnK7xb`=VJq5#cOT zwkeY>7*>7Niz}7iDigJZGnR0rbj{FAQlrzF}d+|3nsclaT)J^F(gIMHGG=n`lW}a3~1?|;Nt^Z;LXiuI> z+g=-7vZy?9@O=)~me@$zK#eEYI|Q$Qa%-f7B+Zo1EW8GD{LHp_>_@NHh-T^xRAoro z&;5vkH5}$tcO}6UD94FBF3?<=lvmn|xC*sVsi+S*t)G;0FAG~am&?j*Ovrh9YgRBf zATjSKmPFUA^NDj&$|8xN>>tDjor2z9x0him_)saTY`wU61SYFSdZ$Sxc_bO?d~0&G zKP%=y=ev+lz?}GRS(enJyL&BpFEN(~ymK#h7+Olu*DLJQRW7Sh#J{=CxiWVn#-Zn< z2KEbe_Fv8?FvB@BVFFmVLb%t=T5W3%*6siG`(^uYH0n3@-(H~XwHA$?vZtEc=dUmd zC4XpM$@m05mkybd3Ww7wRy>YfFLI$hMij=(NG-sWMKd=WDn;h)TEl#$hoxL^6#JhEB-Aw#18J}1~-{;LhG zZPY=n{13|W|H-h^?Emcr?pOXd7~>n&LD;B+14Ets%U#S*JO@^L{%csi{{sdoj4PP5ccc`34g3WYgzFnXzsYK3}j2HY6d@Eq%l@NNWSWnff9g|HkY{4uC3m zS=atkk=b44Ob!_tn-!47O4b&||pwjelo2`a)P5$p@ z|IKLVFrPWw%?$PSU$<=kbw{{<`NZk}MB{0|4~>%YTh{dX@=3M^A;-j*eO`;&h4 zW^q~n+{4Ys%c*<9>#|EJmi-4EQa{jYgsv&qlot%Jto|7@U6{$*GT zyf?3xLon9ct}38z{kK0V%l~lLZ{k1f1s=)MrxP-b$Pp$rUz#R?1+V!7KuWbLF3>y1yFL0mhKk3fD&hfBIKgn6cLsRg}hT8l8GN9Rl1`l`t zzcX0d|LG4-dX4<=1GIR{QGP{(@>lE)FX>cQ>BJ`droVU~q6>Yp2o0J0oB)JEvqU|Jh zMP-zov{(QRQ#2vQ-$mQF69SgFc=%$h_oCFJ_S4qSpmq5&3y8RMF_5U^q~yU{;E{~w zBrk-jxVy(K%ra&kU+U!ibCB@gEqD-pxc#vW!R0;JoCJrz(DoOx(z4r6O=G&kKp z#kQMd&M-JpK0rMxPknz_m6dvTGGR6<)7Sh`*N@5B)p_H^$C!FXtMSSX4LkUMFpuu+ z`bnr=|34|m{~HXN_#gX$`}F^EhSmf7etMtb(8T)-zz*^cCiC9pzdvf$|Mvp-DgQa2 z>Vf57-!nTj@%{o(C;vW+(5k!&WL%#sig7#f?=H(hwd=oY@gGN{eslh3FHn|$J>Ixe zQ;t^nT76Oxo^Dwgl01TccU%uj#693nA+jnV(3+45eN98AuyTUp&$p`}x!&M)mvjV0@r6fHk5dqTOp;1gnkHCyAm!N9Qx{6x~g)Kj{$9n?v)J@~KE|#^$(u z>qSdh@`2tkWH&`NcyH(ma&d5>F9oWpV7ane_-F?B_vRM^{{hJbW+Gd#?+qk$>e*C_Dc zVQyr3R8em|NM&qo0PJ0TZ`(MN-+#}aVxT^Uwu@MPOX9+~=YVXQTjaLs7D;y>Ecz@` zS{mDYERiZn#p}!FyWD5FPj(I3c{6TIaX#b1mxD$#E3|Q+yl&D~nnt$Uji<)Tw?^gq|AquH%7-!l8}xs- zebg)J|D*n4t^cc_XYd+FBn}kVK8Fz(_ge|osmn~+twaQd(#Djp(C>tB@ z0cAP~@&6S|^FGuCF!WGLBIXCC{Q^U7T94qxBACNa5F?wBLIKYgqJHisOhc-SPxA}_ zyeJ+(r`-;d?;(b!H#^-|7c^<&rx@k7IU0=nc!dFadaUZ+Z73e-L1{cG`0#t9K}I9W zsG8f?xAY?NtZQ>nRQle74_$(f^4Gegu}H+ zwB;ff9fA9+^<1sCO($8US~klT3Ch$6oPU=sXDPW$KyaJ1?f%Dj{`Ig zgqm=Pd5(>h-ZU?-^~>uVbK9mSOi>%B{DfK?CF3~`lDzr>jz;LI0XT2@RZ_lwocVU( zoPCN(;4Dezsgdy4q)qzYcny?|MI7M1^T7@JzkS&6EbISnyWj8D`o9V)=uPV+x`~Hq zQQvGXEkA{vX`hp_vFmYxT)G|)TQ{A?lrnz+@3?v{bGQ>dI2e7<`*IKBb!W1&%{)P2+&zK)^ z%B-8*gvdC*9+inRoaw7?M_p~ge{PYN%4Wws+CvF!!hg40SpVsEy8V8Q|0<}6?q$ei zs6Mrh%9TghVpV<>-^m!s5SsWm@9fIDNG7o%Wj|%B%UQ`z$L$=sZRcA-*4IJ1;{UiB z{P)`J8vj+$W8nXIZ~PzE_^+6@$3ISW-?kqG|A)2xe|JUyHYy4M2Mf{5)@mvzC2^aK#%;A4``bw7Rf=eFYnj=8O z4=HPiIKbo}Es5xlg2z#IGPk*`Xp-w}=@q_3qQ$lQY;el5w~^o@8er+W(uV>gE|h(B zgJLKL@WJr}5{1qIIC11BpL`6^eu{|lCeDE~My0>b>{oCCDwXs5+IAN2`xn{@9~=@z z(lA&&H&#o1RlTK;0= zU_Jk*)?qd6PaExjIusty{=~aD%1D+;aJzq881rE4-?T1?B!RpMw-5Svi{$Me;=cO z&qHLN5e{qv{(Jqy761RRKL1w@g%I_vp0Zd>jK-7c^P2y&P7wz{JC&=>yF z3MPDVtxq2kGQ*)t7?0~X_>}IuutFzNzF3;cpc71hv^7i`t;^fD( zTv5r*_0N!BKHSi<0Jo{i_4|__ORIBFAy)LO+<$)i^AErL{M%!+F^O=rseMZ|*tTgY z?={UjJ-@m>d2@F8{_6VT?EU5W>DBeSpD*99a(=#PoIJme_tn|2XS#3ht#QIOjh3^a zx@T`set2{CdK-@Eb?aPs3=^8ifj{9>%oUav_2!qW_h*;aZ%;1DySqG;MJ}dLp6kji zP}A*g6BPfAgh9q^5tQmrV3hgD6m+@^PD^o-GFFRVg2gb5X)z|^R9Z-$$%1vhHo4MY zEvHDXXRqO$#$;L~$)YsvUrIjmQ!Wi#*Um|V7zghIo9ED}4bz2>< z0so!e%KfjyPL2O+sEGfe?(YTW|CkZuM=Q<4TiA$~M~Gr=Hq<)k&?eCiA!;!>sY zqYv!2I2sG$<7)Dz-E3)EFgpV<4`u9mh(7uUFvJlT*ffvLW)0;m(;LgPy3e1C3DiSF zr8Anh+U?soPcuTXl+4bYy*%&4X-mR6uAiC}(pfLsSwAmZ&00v3cM3fohC~m84^C1* zZXXPsWvSWCGSe*mu^H+AZ~y6#Sn*INxLWFk_k4=%pH32l@-ErRFdms0o85*ca}G9I z4V`UByeS`z-q4V$0d#6TzXNU3|7L^lGvh#S(*OOVelh-Iw^QH$sf4!O%pIa4n|5^b z3uh#X+~rx{{bBLTau}<@wC|V?tzWtZY0jvmd&q^|PP=nmnBt}nvpw$J_qW%G58Nxx~Gi|fYlCPFMSyg|An419boeq#KIc~F6m#*M{lm5@`?=2$0?Pv`)&i~upV*H1r zc76Y=659RzXRPbCv)zzv6-)_+0=b%34YzQ zJN|c%0JjJJkB{o}AC=I< z694%FRp}T>&RspGA}9+w^VDMfYG@z)=P!S4qX9PJzqhjg*KgPB|CP{V;eX}iWmOs= zckAq_W&1VI?)cv|`pY)>Zx``@SpWV{HB^E9Kdub@xu7#oE!VGw_QC&d(O>ql|A*~5 z{!2AfiT$rq1Jw3^C)yGJWf5RLJN{Fzcf4}`r;h(t4LvaaS1(It7WvUtKuP48rr>Z4jvi*$?wcO zweY?H+KB(XZu~6MCj1|*#DD1YI`#fvB~*y_QhL0#i1h6vJ#0P}Thu=fUxz0+dtGSb zQ}^+Gv!32dSdH+zmzuMztcM|;=kK#*Y>{>dY1eE{8+(@02#apIG@H5 zIQJc$cfiS=M|Z%{|6aa?w)w&MXXfhp-$p!UJ`Da2KJ`@Yg+!IUbc)_aE9Yl8_GZ`~ zIkO10`?E-#oc$SGnuvj``2}HP1oxCgWJm+5C`$L_-Fc$_WG*Eg!Gy@4aGsX;Lh&ml zC>w+OGD-Jug(@v2(N0v3A2NUKH(RT}T_3>T@DD1L)cuz5T&mFv{FEgzOXxjVY)>$(SA~adS zGc{MU4bP|UmFlP*|0If<0*N2uL+F4F_&1xq%lJR)AJzD;gx26+YUrmXHUs?1f0qN&&jiHZdtfWQ$7{f5T^KKR_rm78F| z^?2CQZ_)>?o38su3z-RmZ#0^Ia%9TSNhi@g(iX^rfX}oPv|i&3nUaG>qX{4Kx@J-K zn5s!UG)1SS<`cezCamb-31PnOj)26>n@~3XzyH-mf6yYbATH%kKE)&zZflYDB`D4V zt8+!nBoL4>RjB(`ccen?>~UtA$GDGDznN<}{ZNn13N_WEl8EW zE^I~ruT}p|xH4>;aAFDos`H;-zJ?bcbFTNtmzIN%Bg#<1Y=TVpyb^RgP6m2rpYo%3 zNF@5{Lz~-&bg2?f((37sH@3tFVj8QHr}Z(dL1n9(1+mpNP8hAJbdt1KcT+tRoHw>1 zzzm-B)3g-_Fq=?sqS@-l3!`_FPAL*NXroKm+yq9UBkCm`t2oFhjes&+a>l@gvN29z zgtIJ6U0Dmji>2b>;<~+!X2xte5&E{^wBAN;VTe8@3WK@s^H_I-;>q}4^p_Ut!b4e1 znc!r#*=xj{WiJ!-vM-Y|Qe49#QEdy@0Ff}mAkcqxX0uRI=&Ohb5~4yOlWzMQ`7Wxy zB4I6W&LQ>D7 zY}`VNtUT1+hK+@DZWIK}2vb^q)_$b96gR-efZm{RjD1H*`+9TCW6EYJ$_ z!=iB)oKeNiyjNE-6~zu3KFl~YNs>F!^-Hp%5+aeUg=q!AeAD|MF405X9%&w3@>t<6 z7G`bvO9QI)%)ATuRCCLWlD zgO64rAlP6*@Y~778;#gtX&TN2*kDeDIr(46fv%~hnriw=>Hh-&0RR84XZ(BstN;KI C`LPuM literal 0 HcmV?d00001 diff --git a/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.301.tgz b/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.301.tgz new file mode 100755 index 0000000000000000000000000000000000000000..f1dd6d76f61b3bc00e9ca4850c56f63d3b2c5a3d GIT binary patch literal 4835 zcmV<95*+OxiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PJ0TZ`(MN-+#}aVxaD!?IM<6;y8tIdq6hLEppp*izK@biav{! zmc}+8OQcFt_WH820ku^`MFp{RRQ*89l3 zQAotNaXKPGxib<5-#q{|o6Tmo(=mUW&1Ug$tKDsW*XlIe&1SdNZg#(GwvG;)N8ds7 zAqw9_u~bBS*Zl0VijDh9h%m+#QIs>;s{wdKk$?|fk0=$OOL>FDiq|QViUdIqRt}fC zC;T5nqP)>c4ju|c2NeA*`^scKl~F)ubw)z$!Rh%G{FD~3GQCbGBjRBXbZvNqf+#NP zawZjqE3;W>ZjdO<7|3h5Ch8vFO&G!S#qrpb`kYKe>2QA8-*8rO<}~4Nxa| zjb1uJ*L!vecj z*FCJ&1WFzY4`mN-?`ip+^TZ@ROd&asy$$P7olO zASm4#M0bYAne-@+rD5%jIQ7tUq#EgBP`I||NFX^-<_T@5BzPmjJo{HDV;i*UM>e5? zvk;k*Fr{h)0oA6;@Xo4o05bMQy7&vqs8;hXoDX#0g3n<}*g{Kk*EKFEHe$^$1=pf*JG$F|rvb6!3g5>gR64G^ENn zH_rgTi{c)%n$0lz9%5*^wbg!gL6ataicxNxqsF+8R~VqD2d(bin&N>ToyMht4}a8Z zWH6wNs+oN~40xXeiL<2wv_s5#EeRGcaY&`og*c9Ro7msC#!{MRTH>Ax){oC5!2&{B zuiS2}MgkPJdDbiNdoUn@L<61)3RBZ55zKZ=h)PgTzT-mm;8pWgv$Db85UsZVnRag6 zj4+5$NLNLBy8;{Mf30@G{vUUbtNC9kbbH(Q0nV6=1wuBX(k5P_)zFfJ2wE-7rXv&x zKQ!*{YPYv_ZJj7XaP&ke%jrP@Y@ zlW@2ZiISY>q62V$x1Ot2vgssirE<-(MS?Ol0O#Lj!`X`g1`@L`&T=aXEo%Hw`v+w{ zpUPCP!;}UA5Z}+lqX=cnm~b;+1#M;IK}{#=W5B1$gst3+newCE3 zA7{QDIA@}UTZ{U?-8}BJEB#*v74)X{ z4c){sw5YGw7nYww&a|sZ+0ga4KrUU6hmA?AHm1z)!8`6>*c7!874eB8+SOcMXkoABRm9~SW6YIlw+{FgyR zbT2|CL-nb3RIWV2=Bx6{_)f-1hS0>nd1qJFMKX5{Df=Z`UCv5&T5jveZ93lyvc3-5 z7609m@PE{-@LvW!2L8Ky4nCu3wi{)c0%@c$*z_V^cLOxFPFBO-ic=x?VCHsZfiT>m>f zITkQ#K#(#1C-)Xlx75>Yh$HV`8j8q!n z%cXtr-z~%bSM&c;=&|tMeE|Dktp+|m?T7yo?0KuQb48(@ywr@3#Q3 zJN^&5-Rk^LDfHm@Umhd(!oPhl{$Ex2e`MMd|2sJVoAG~CwEu_AYX83!dPMwh=>Sw3 z;3;Vn{`GUggU`AQx&i;~RjL*eo4f3w>>F53Tgt5wHH)wYdiKzRzv@Ow{fAvHv}=$_jdD{Eb1gxq z`_CUYChS_)?H)Lb6Pl&O=Cb2h_Q1ihOyBE=LtQgxI4?mzOhnhSmtV~qY5MZX`hOGt zeT)J=3z27jtmoIbZMhqCyTBeG$X(Lg>Wbb& zU-(NanDEK9PE)YJa%-jlX*JDf6cg&7?PU#!WyI0)YHfO@kYoCH%c zli7RYKF>v(YgKx+5;Dq!U_*}N>XF<|%|#@!1IiMz$#Mx-XQ#hio?pMexjH?0dvktq z^7C1)sO0AQXUH!fZfH?}+f?P|`sC-8)w!n-EBa;bzrOwTr{8{k{}^pd0vl~=-$D(x zZCc8EO|wqVuWnA>oLydD-CUeqU!I>{-Mstt@_L!`^G)OA`F*^v&VE1BeRFS(6SirP zoDJ1IdwcTJo3q#3a7?dT=fY!{h&&Gb1)pNBaAi?%e!IFpyS#aOa6zohrv6nFJv;Uj?KZa_` z#rP&Ndi{n30iWvscku={&HoOMivHi>VW;x{N}=L{Uee!`4VM=3-r85z!rwD9G-E{n zzh_v7i2Dlx)c`0P3Y5v}pm~DD2X=g3&!Th@@!aMypU>>arR9Y<_18O>Ym_HCS}8KGE8W@pY`o_FH3B~cvLPt6MHtQYO9pO-CXEhNc1g&q$>qKCl; zCn+Ge4+hSn)a+)NX_o$2kM#ey|8z*Kc&HOxE%d@QA0zvxlf<69OSUqMM<#}5x1r9Q zgN;^0XX_Jh%m;%vG^DBrRgCCeXp{ao8+@M`2YQqKKR!Ax#(!*etNTBt(6*boeN<%A zj&6S8j6{*UIP1GVEdHt-#%eI_JLW^{uUvyPXH?QX+MN$#n)5aRWa)+;%zKr|-LQk0vu=y4>{zBFzi@VEALHE*H zxo>?u;r>+Gpz`!&$+_}?}9%QpCLF75wUzyDJXm0^0?cQ}e>yzuF5$n5|5gq?F#eY>OJx@M(N(~T$TLqZ z-7lZ^#{UkB02}e&DX#x_j#^dxhf?U#@t?EDC2D}m3)qr&z(0=V&RhS6HsQa0T#WzJ zYPG8P@1@W~;y-r>`jN4o{Lai%3-24C9q>OKZ@J!Iqd zQi8G}xG$4*|5m8dLK5vn<@h1<*M76L`u^qszQ;eQR8sd_!gHZUFYr^A#58T8CIUaj zRG<&eW%}v#^0fpa5X^E68@lk$C{0N838)c*$Av%{adUw~X8~_Sgi5Y^rb+cXHKNkK zbj`5a*u31Ar-s@WNvrk$<=M&Wi!(QTm~(WS{J&1Su>aHQbUW4juM~O)mv#ie>G>68 zniEbn#%i@|jn16=1~ycU1Q9c4zhV!4FXw20}4*UZZvQZRb^s2?S(J73#j#9jQ<|dz_i(G47+(Z)RGKzbvVC7fuGc*RB2^P)6nG zzz&go3sU8;3tQ6vYt?@pt_<5coR|WD>ipVWeDN{odVhRrIruoB3?)oQ$aK#uL5IU+ zpl9|eKYIH_qMtsrxqV2ND&Zupp6+;KOMD=vu{wELAJZCCwz^pmTV3OX(V9vpNsD#2 z-Z2}{VQfQy89eEyX)6w3I-=f4v(=C1MsJc%DH1qnqf6M#1V*6)>LnekILI-LfHGTh z#=wPDW1PSMr&*Y~RV@H7mWqe->-IL98MEa?=-YzRdKUqwWa5ETlU zbld01cV6`+32VWe1SpiQ;$%Yt`Dq9~xAtz>{oYB-x#k_-%HKpO{6dL#7X z01wO%l6p2};}%+E<)QA@Y%H8}qaa{Pn9}mI_9M-uxB)f>bb@+{Xt)##PGKYu3?qhi zL?Dx~Kr6@(^Tu6pMin>nUR}jh6gz16Fyl}sN$y0~FUX2Yh(xv)rWFA5P49oWL=Sa) zq3E45-F4^D-oi47JZ@-n}%_>olE}lj$TLt3>2!x19Js)qF@0%oYVJ zQNc%>xMvm)K3auDc zVQyr3R8em|NM&qo0PJ0TZ`(MN-+#}aVxT^Uwu?x9iQ^Q;JqKjd+#XfwvN7o z)?-w@juNSe_^$QYb(K5!l@MW!E21c8vflvki6S8%c|K7pM33?&NfdV}lZu34AC^uR z*B8OxBclBAQVu=}MTZoFy!g^=0hMt`rY<89_TlvW3Vz5cSejqwlQHqJ54trxMnM!8 zuAEAR(b6JZ_93J!`D1BnEch)AP`aaAVR+8cJU>jNLLq&^Wb?MYw7kF&iNv%6OC`0m zTtZ!+M=@u})T(kMroW<)l(RnEwi_gl3tzpK*KGtSeL-Vop1mLAoKOH68H6Z7B#cou zGUCm-gG4_OR87J34>$t?H^~46LxoZ|+IGJ|ea(HWR4n_=rmwYx^wJia$s#2x*$nxJ z%cgFC=3=|y$=gxm2B#A)0@-i4d8Lhqs z46o4-i9om|f?AEEI1CVCtr-HKOmUdu+i8QSJF{eJ70aasN4GPbWAPFT0%6y^il>~oGm~a0I zWo(2t0myEt;4DI>BuuCpLrAsBGQ9Jq9Dq#xv9A7tGOE?R2j@dQ#t?9r5H{D7La~I| z-YV0$ArC`7p=@Nhhm`3oB=}b%O?sp&VCbWiL`)A%{{=?e^d7-aL^y?kAVxMrg#w<> zME%@LnMPC@C+8Ue_;J#QcB>Vo-y@97u(ms|E@;}tPYKFROEee{@Crlp_2ku~+fY2z zv(&g&@ZtAHgA9k1Q8l&6qmU0sm^xi5L_5W-_mX1r5=T@jU5VqE)YJ~YH5Su6(-QYp zxO#r38Rn4EX?dMSgM=t-_pEmi^kGOsi3UKoC`?NyL@+xn5h_7_`HlaJ5b_n3Ht`azW|kyE z(CT118KXe>zIlJ&xVv+;RiX^R(F>)#qyz4~Hf%bBcWD-k zLH&8IBAe+tr z56)YDmDaBx=e`{{XP*)hI&+eFY9#zMX`TKzP6A~kk%YMGdT@>YZ*`B`^ZH+}2s^d@ zuYyW?)B1#7>JVDgyYAffQ^c8eF)15)J{QQP=kus}+iu)Y7WCmA4=!wuMudt4L=o*` zE^hL~JaAK9X?nVwcXyYs4i~J82lw|4y_)D7FEw?yjdN=@Am5MyhSENO`8~YmO#PIW zkTDM~taE$Df|yfgy;bD#cD(G?XpU#oh_#fS1jsGu+HpjoX!E6t}9TO2C!(cOIuonN_ z^8Vl9(Q&WFe--q&_+K_hRx1NhD}yJe-S8iyh^UnGcB3W~_u>bY@UzO1Q@c$V0zt#ZzrmgVb z*=+-0d;A~vdiDE1mC&Q(e{qgH2>;H5_HAE6(dXa|2^hd#yIKP?W&MTVq_Ih?>f0k($b|;^la#?CD_>hLUG;Qfa zfiV}#Cf%YK$Ub~Cs-w*)Uy!&QXl_wqrx6O= zpGZ(1$-=qon@B9v9j($h1X;C5X9} zsPp~j-`8gBS=OB*Z@myH?{6-Y%_~^Q-CLd;Z)6`FypdV5R>>pXD`zxooqm{#y>A0& z6c~Qy>S!JQ1B^pHjgWmtIM6ltKRoU(`2XGd{r_sHh1_3`N*$u+X^@6w}CxC zSh%FW(G~s2zVM$lFy&L|ou+V(<;F|_vSymkC~m2bC%(@Urrs_H%}p~9n;~mIXNpjU zqTq}z6}TlEI1irB$$Vv)94-C3yFAo`DeM(O?s>EDVQ_!ne=w^eBe=hRKHrjeNf^H4 zA@!$yI0+|YD)V&XKF>s2=v5Y40dmTPU_*@++L1=5C`2N&6Uq{@+r=8L&Q5>1Jb(Y& z_0{Rg+w1d-lON9tRi%+@K0|)RP=oUV+@vYj?@xYQ+MEX}v7%q({`1?PfB5C+-}ceR zG@#+S{>`;u)2?N_S9I(2{ObDT&DrJqtLuxi_m}6VSJ&@;zI?yP`T4qe^86v*S7*PT z>9KjR#VOk?INqA(p1nQ!;mz6WO*m%ZRtn*gvbe2z3c%L>j}2*z2KJSgMtwG;zA7V=Q$he_~2OszTotJ_=*^0kvN z95dtx~UFWga7v7!u{`VyT*StRL1{6kM|7o|IG(WkZvZ0D@g;O^!pJ2&KSeU zljG)?^BboRF_$X){fGnmEr~~h1h|;pwTCUP1+&u!^H3(fj~HNZ00SIyfv$OM4r?f9 zx!#yx)qVbAOrV|`DqGRK)o$O~b(#^1rF3=X?Bsc;PFotidG*q)l+Sw6&gym9V$o8T zqEqPeC?a|qd~nhV3g=+p%uCH4mYHtpk8Z60zx$^{62&8(;c9La-t!w||8&xr)A#97 zhVjV6$ecE~%sE(VHFU87@o)HW_=ZMQ^`Tws`7LOj{x=7FpZPlw>-7Ke(Q!HcbGujH z|E+{JJ{?lvn0JxVL(zVYh`5ASMcJ`0NNI=0%U*rtbtfqGyF?6dTBn~jEa0srgtf8l&@ z76EokYp{0x-|Cd(KXs4l``?w&_V0hDC$p=gzh)Ni!C*Wx=$^^ubZ~V|Mn4JcffzIQ@{UR2|YgkdzIq9SL6S)XdCNME!MAwcENw~^4BIBU@iU+7ta5B zNA>=HCA2U6FT8nKl?EuhU-{Is{TgU{{BIlmZ4>;r7S8|c-~X$IDzN{(%Fti9bN%0&*Qh@ z3GQB%`uNmi{1C0f|1Ak=Kon-zp~xOm{l7}+nTb?0gpq<5 zAu@Ooa(A7&H<-zAI$+r|9kloTHxN_H=dc$Gk+WMgay$5I|S5Mg#?KzOLWTK zMzi2&IQC}v4khyl^}Dl3ot)hnT$+f%i{%AjBLwf1#AHB2swhhD1*9WzkMlfgiG9< zSyr8<##Guw&rG|u-79=~YN&mYv|RsRo}IkDIP;>%d5?ab|JUu5&VSn7UbkNVRYK3; z(#`-lJ->onbHb^{SflY?qqE??felqBK_rYBu%2Jd)@P6fDg+Zr9XJD0i2atw@g*#P z5i-qEgFlKxsy!-5!>ofE69qnDFhB_SgoT_07YsNtYmz6wI6Pm^FeCkoDj+Wz}#IY-o1Q9-l4p@W#Zo7Q{t9^9bsqtS4 zt-!z3(9cY54*EHG8~F2~HQ*_*6K&$*gJ$*O6q$ZB1dVSyfwkR;3>Q#Sg)|J7B0&?2%R zUdo?*N=PQ$<}B|^P@IQW=Zb_$ARrT}P>-!1NQK(jMdj~{fkUg}e1IV^2;UsIG9(ZF*0wAWdI(yb0(;HN_xp@$K-Qtwd zibkhd%Wb#bF&olRVncu$Jn5%dFAiWbrv6y7)sJUJ?>1Xfq;Swim$0b`j7EplPX|_U zkT*02%52R!0}qzXaRNh}JaY%jJ$Pks(a5lXpIT*}@ zHV&Nh#~36b9+)X4^=it-Ew;!iLfvcFSa|0~LBNDCrR8VsM^;L418fZGE$Str;ZmwN zgONNij2PM(flMX>tsp8 Q2LJ&7|6);LH~_o=0Hz!MtN;K2 literal 0 HcmV?d00001 diff --git a/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.402.tgz b/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.402.tgz new file mode 100755 index 0000000000000000000000000000000000000000..a776fadf849f43ad9435c785bc08e0633c8bc5b2 GIT binary patch literal 4945 zcmV-X6RzwZiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PJ0TZ`(MN-+#}aVxT^Uwu?x9iQ^Q;JqKjd+#XfwvN7o z)?-w@juNSe_^$QYb(K5!l@MW!E21c8vflvki6S8%c|K7pM33?&NfdV}lZu34AC^uR z*B8OxBclBAQVu=}MTZoFy!g^=0hMt`rY<89_TlvW3Vz5cSejqwlQHqJ54trxMnM!8 zuAEAR(b6JZ_93J!`D1BnEch)AP`aaAVR+8cJU>jNLLq&^Wb?MYw7kF&iNv%6OC`0m zTtZ!+M=@u})T(kMroW<)l(RnEwi_gl3tzpK*KGtSeL-Vop1mLAoKOH68H6Z7B#cou zGUCm-gG4_OR87J34>$t?H^~46LxoZ|+IGJ|ea(HWR4n_=rmwYx^wJia$s#2x*$nxJ z%cgFC=3=|y$=gxm2B#A)0@-i4d8Lhqs z46o4-i9om|f?AEEI1CVCtr-HKOmUdOGJg>0s}Y8 zntzyM+3tCVjfOzU6XB!m!`*!Y;2Hb_A(06Q!zl>#c@!ZFfN`beCS&yJa0)>>LV0N* zEYKN3B)14k4+_zP;&Uc_$`ff=`(sXhGy|%}x*8Oo9YGRG4wU&q+baqFm@wb|70TEM zZ32+pQo&h-Oi7qfHHMIClVy14O*sIW_+wrD1!YvLdk@ZsdW<39Fd=NNCxv1Ov%OWO zaYG)4d_vjCa1SZdSxE4&M4I$SSHRFmDT$aKnEnflxamEDpNMb@13`>zh6)8dpNaap zmokm0GEUAj0Py3a5A9YfO20=KnPF{rUR}_%i=Psdo0e!W9^e&*=DA&jRqMGDWhs?lSd&RkT7++RETzpS??vqPPuUfS&{sw5d z{m->?^LmV7j6!-U-q{scyZ&o;O7{P_cU-UkDxtf(=J#;MWFipq6_qye60K&IBtp>Y zU^*G2K={6Sf8V&fbG22X48hS0rM#pA?!7i_I)is<7ewCMobR8xEpwKv*=%85R2xD4 zd9EUx={n_bEmGw;D@BLk{c1f|t6Z~1)>5UK7mEdDY6#B1%cipv0}LhRU!28WlzPK!VSc zP-g|{k1H2#7bbBRTcjfK%PiPt*uy1?A_$%Px#wy3zE);7p^j{UT(et^Rv`l=7k zTYi<+uOH{W9XMy75)wLdl6h(*{55Hv{x?nnWh0Sq~RiUdRv?P4x& z^29uFQ(kF$x|?@*m#+>NtcwTt_YJ+8=o>FJb+?UkYc?R?kO79$K7jc>yyi^(l$MY& z4=${8d&Yv8Q)azl7h>b<`c$UAZ?3Pt9d)%1|AkFnD&4ksw1W~@hyPCJu!R41r{4dm zhRW!khfI#@Q|qW)`Gn1OL*X*>t_L0|ez7=GB z9kea}dlljTs8!>?3fc$$dpqO5SL458+8qCQqsO+j7yNf?`~O7rxcE=!$ZGuKjjSDj zFNrqC|L6uQ#Q))8jsGg>aq*wdk=6Jg-C&LXFNrqCzqr9{55OH05g@~0Gi9(A|K0Nb z-{H}5uf~5B^tkw6Hb+(~15qo3C#T);AESt{BP(0 z)EeL^X(#+|xdE_~{jbmeDxtmMf5Q!c2hrbYc}F$+_ewkBfB*KsUE{wB+9UoS!~WMA zV9&G;|N6P$;b#SdScCsgyH$Swr`7J({(mJ@#=jU4-y?|{b3y;dT>kTJUdd&;;F5>9 z;uT;LM3gl|5@LFhhQ#zo!IL<@nd8nYn)LR1c4L2*X%==TpPX`8YApDWhPX6s=|h1r z7s@8xq8P|Nd~ke$M4@v4P7(*{rvO8=pJJl?v2);zQ0cD|`xTs!O6B~%vY+L6Kc&9H z2ZzM5Gz@0X&6Qc5wiKUf=Dgk8wJ41xuuR;X4e2N%aZxUL>htfPFI)zDl<9Iyaq<<; zmcQ6MSk3>bby!Wi(^~tVO@;m0|JHGTJ`&Xl~Agq%_v`xxEyG1QDLVM3f$%D zben6u8Q)n5s=_McUCI+;6nU70G(w*MHI1&rA$UZoDBeP_!l1I8%&S=&;{V)}K-v-Vo zF#OEb(K`GG7>9fsA^VJQplk4dc-&p^|GV}3|J6_t@7n*E`E9TBkze7q6>iXP1ABn5 za7lloEBcRp;Xi9&%BRpfP2n8NjhO;u%`~4;+)^J;e4i&wyQDP{5>Cie=IO?Lo{6;3t1PqvjQ@ci?-}O*n-7*C-AoEsk_JHO_agwDF@}*R z$IUV4H%=d7E>-sX5eN2L5|0E4a51}U4_jOdW~UG4p-g-qF~Hye1~}vbUGvx+)=FUhc$@5N~wlsS4>ZMsJpY@`h)$6jwqNOZF zr_kq7MD#TH;G`84&cVQ$mzq5+Gu_f3-B|yB_fLl;ibp!b)!Zn&=Qqgy>7+5I@6)3U zHp)S<8u7xcCWtw zTM2D?m^(m4)}81UH_k{Ld-JQlhkq7lSqWn`nD!luKdrNL57NA&lAR%!PCM<%b!my4 zJL7VD0+9)hWk+>K@hizbm2b-~UWcW>-gl%}yqltqvAXjlKCA2MG-oWqojzNYKfh z`+RN|TWStuT3<-TKpd_od5NX z>iz#pXkYkWc=NI<4N!Q$@~LI}HPH6>-!}T&CirhHod4Iq|5puFVE=oSp}%nF{Hf*o zwa_m3-!A&wF806Ms^h;^LzUS7Dm6fD|F@zo@xLqr+-JvsJUr|z;J=RlS`9ri{uggY zdV>PrV{P&*F{@1$zThPw<-?#m*&;Kf+z2pBW?0>xrurY0cf4q@fzxror9sWDV z<@k^7cDs)MQVBgK{tIzT_KfxPcV?ejc;5hRf&bCXhUfid+6Diu`u86yp~u93A!N~> z@t^+A>{AQx8=$rL-|5EhJgvk3(L(&EcBhX2UJaGvy)C`oQbzjbk)GCHiz(}$$8WNM&rFkXTf~~8>&u%NEkC-OIQFS zWSXT0e-wvQdsL8ySqC*H3Vgy~fDrHr3poie@EVP0aBg*hjr`L1`0-<7jA4{(lcm!c zye7CdUW|3tjDrX+D|x0SG>hT+)T2@zEyq8JV^<&vB76)Tum=C#cKQBS`{=k+L&FaM|GW}@C1)S?o3>93Z3|`K3hW!1-SgBa{ zo6X5&;`ubI#N%Q#`}wKnOpP>OdX2_^aRHHa4u)JrMjvQ>Gv*Ue91@A9VM8P;5qJOs zhbVLkPXv4jxL>F@#enDYsHs!32hH1#_eT?%`4JqW(e#reQ-47^sqT@sLLP>EqNSkq z8fVCq>^B-Nd?@OgS=}S5#>v1`oz+^*_!3-L(7|KE0zDidNti#TZ1jKstE>K?MPxy| zlt1~DkW9GES>BhRI1jDP6$z6-Kqge79$P(-3bnJxndu(m0ZN@R)pGo4LA85uGSs7P z_5YAED#r(QiWGa0DSutrg8pBr{$02-Y+X1p6#&)cwY&J@W5M zkynC_M(IS)?Nf2~4v54cduU4skZo1MN!C0)@Wz$|Kul+K_N+aoH>hlL^C0%R#VMl| zjZU+c+ityMHl(A(h5$8q(oeHq9Kd8u{jp}NAJ2^5ZMLLH;h>E!VN(+rjSi`w4y@uJ zZ)gmZ*_v|(9xR*V1co@t!_+S80r-hjJeq~uvC&MKttZC7R-Col$SsO6phRIf)nlIM zVNg7s-?Q=3BAt0Cvn3OpEOvW^nDgSx1U>J|WQ-Kout-(g3^qU{OfU@fUtQR2l$6FQ zCW1t$P{?%HK1aT@rY}fX3+5z5p>z{3bGf^jZhtOI-W`eKkovZfAu6fiY`!jy4SF=@Xn2bfC*tr%g@@6td!yg*cj4V)JsIerBrbS zBY9vLF|;!RnM?#)L4KHZ?t(L_xLNn=CT618Lc>Qn2bZL!Q(ZqND=Hxt`Cgb-04y-0 z|KSpS)cuj>(Irn5Zew9q);~9)n$JvPL>L)qpUtGbG|THOpOuptB%Y{LDc zVQyr3R8em|NM&qo0PI>#lj1fLo-@BfweRK40b}zuDQ>f~o75)R%@i})ODcy(Za^7Z zQb}!UsZ{=Z${&C+HsHlDlPrCqq?R6iJ>9JqHX!*NO`8kbo}lFO5X^I%8^3cu2Sd&h z!r$=5XchK$Lc)i=+pnuyR4Er~(H}u@$4RcQ&_!x;Sfw^%{9;>*x ze~EyUihzWYcGO~w13{o>4hNzD9iciL4T-5hf5bAbls20S-$yxOZ^%UWrnHHK5UmD| zBNnqwX*58}wC&OohNWE$1_&10ao6?uyIgI77N5~rq2!1yyq1ra8=)yFe~^|S2rQ#H zvitEn%cjbdV>zuu1JP3Bh=JCD;K{DF7OQbR$8|i{ZN2n~){|=cCk%A}gto(j$PyaM zL4K7#IAH&SL4UAq|6Q-|_OAAS3CUXyXn|h{Wn8k(^Y=D3!G$+L0!Vt{T zAw>}65TDlN8Xy|1&0##OiZvjnAoA1rVO6XFVV{N0K|HRCH6Wy-yVTcBg8V*zQp5_1 zBT%#BdlDg9f-pb1U&>Sk$eB@*PGU!nN-03X7{)S=Zb*>S>L4-@Y!kA@nB_`uC=*vi z6O$1;!%OEqVt@VJVr&6{@Drb(DwRfg_weC!?~%_jgtU?|ZQ{U2Vug|5WPD#qS(~KY zHnF#rjL9en;{6`6ILH>1h0WToR+B%G(`G*Dx{jC;S28tGTbzs_40kH4fl`SX@MJ*R z1T#MEvQ`IHx_7<#k$%%Y5T0|C5UqvT+29R=UD2(1^j#J-iJqv>f?Z1KBcQXpn=!E5 z()hya0G73^Z6D3i7-hQ4s)tUSaY7?@4L0o>UvOqgpxHE~i|VvfF8TZ%Gu4r3}a&mnCIlV@_*c`jWp#YUY2N zRJleXcp(4l_PSmn|Lb-8*Zl7ya*_OR&6?8_L5Dc zVQyr3R8em|NM&qo0PI>{bK*7-&oiGwbA85V8%R35<;b;jZId!2z4t|4K#eVFB$+v; z)9>DqZNL~C@L@?No#67p;QzX^~)Qx*~U&YD&PXss@ z1`HEi4?BcVFc6BlL&2C39VR|fREEtM21Al@rS!7}3j*Xr^1-MWKa_sLAwn&I;*eOj z35g1fP+h&!2BXp@3PS{qUE6fi|2|hcAlX+`nh8E6ORp24riw|El)rFoAPhAz3nZh- zgC;Yf%CVfzv5w42;*fxpA*0Evb(ZUXJ;!x?*X_LZj@FZE`!^WL5De;%G>o-Dr77_5 z@&`xke=z6|cJ1G{rPlthA$iLI$?%&&ZcEyE{aITRTzXS9;B{UZ4~AqEYa^lwY7r}n z4>)6-C1wzzfdC9xCz2Xbjy2k$OmEG)qa{-NAp}9v8p5$++@KnXFpg4B)FrZl zh%cLR4G;-h=P<_WVhxBHu>3H7Sr=lj zy|4(ifha$?Kgv`E$hi`+OkzilN-03X7(z0RZb^{T$}m*?h^9hrDPt?*smh3* z;icmql7If~5VC}j1&Pm3l|mxFAAkAUd!`GFAgv@sDjV1gTVo_R8Q<4Z_D%BLF0pr& zgzz{F?RpQ14YCDgVX=0r#q@8aW;>pAUMGx*3Z9y%E)IqnjP@$4fl{#ycu~N0f@ycV z?5iU)JviTdPk+e(3|_LA2(^a!#o!f!Uem34^nDgIiJqu0f?Z1K6QHxRn^Lga(F9D( z5LUIU?GVjTDWS@yo(^CtM2MMd%F6*R9bK`5>t*-(0bJ6| zllrZa<5}Hi6=W-^E>taZIpwC5oletpOQIkoWk7Dbv=Pc0b6WG(hx`LlGymJB$~6+f zBl(}-^Swg;*YkUA{&y9*O8&QD&H0I-MCxS7V$gF)Q|J%_VOiV0X#Q5*=6ctB< zI$Mk!=3|xmI52!W2wbH;KkxapUht{}XuBitGZQLoaWj#cCgk0$%}DSWn?HhV?u2ou zhv($#vypDfh}95s3E3}{hW>c5_B~3?_%G8ldA)1kBk|ws-`y7CzkfGq!>t{M(pGL@{!P$Krd;jJ2i|@Y%{a*Y2>nifofyYkwWRmI#U4Syg qEWi-9_na!$7?A0z>PgjG&#;wNT4|+~GWjn60RR63p4JQiE&u=yXK~&D literal 0 HcmV?d00001 diff --git a/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.300.tgz b/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.300.tgz new file mode 100644 index 0000000000000000000000000000000000000000..234a1ee3e838d108e66b8f0d8c2134b6799d48d3 GIT binary patch literal 1448 zcmV;Z1y}kXiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI@La@#f#_E}GXNzY=aUw3qKl(dt!aXhk{o>$~rLQMh~V5vsa z>AQEpABmz!(UfQuLY(bP1ZAHH5*{ ziQ>AhJ01?>U)ObuzwW5tzv>OHuScWaXmH)Xa(m;RJGf%*sfM2;ks;7m?#Z@_FZW6W zgpdTpr7)8YV;&F$a^ZMD6rjW9TMsqyM~?o4rCcc;w&cE#V#3~#j_^(C5CI_?1s+bA zWt&u}fu!!5wIK{kr)Ufi40i3*js1PDc0lnjs1285!dAVGkH*tnQQZD03_%bWMoVPV z*?Yqtr7p*EI(3Fm6+-)&5TyssIShTQ7(Vp*9|f zqvAo0|6h;$!(IRH_lB-}@&9v3-g7{4{7NWn%Q#Oz8|#9r-W&;fohL5*37bZSWH>`3 zBkkdPeB^@1ZV)1Y4+J)dBuNOuW{R=3-F+ZK5y)y>>_v z1UbZqO}hbz0%LL*cUiLm#3S(hWBige8$g&Ru5u9fS+fDeKcGbp;;*dP076K*Ny6nk z$ZyrHBvw#712tv90}s&-dmEw^v98XJepZ4d;RqQT+ zFSLwQoZE6#PbSBVW-RrgElJ~E6+{|>U5Du~W<063l(rqwT&Iqg;w6hRVgLTuVQd8f z_v4(DD5XMibNBJfz&>*bNhf1U+r&#e!-#QGf6Sz8OgwJa@phGri6{u{W=@zr1Qe8o z#ma;3?LZ^os)x0b-^qP#4e-IIwxW?x*ae@;NKhGmGTnx@MZAT(VwdwKKuxn_AMen+ zTLFvySxjZ90;EzK+sB+s8DPrE3LqPXB7HPYqL=f((W6p&l&Fj+HQK<##U3wEL}9V7 z%Qn$B-?@pWTRDcVrH`4q;WHfQ7Qd3E`OO|%j`N-Sj6qy1EQ#9lN>7R;H}5fv6NV*p zJ4{6zw;wbJ6Jy#KUCyCe#@D!HV(Cxi1K~?r3DFo>ycoPjFj*XLAAO&%ZKB8O7r{Od zKAu5x&>Ge|8lM{#z`C_;gIY^nod&An;sGw5mY?iCzW^+4{J10}*S&7#9+sc&+X-gH zQ)4@*a&Azs(Ek+$>fFJrIJGSOr>EoAsAtn#^8?7v*}VC5n`np$C4S%X4QP5q}o z9*qk1pFw}rztn%uA!n)oY*=%8A;{j@Q{+1>SKLqCcc=cdqp2+cgk1a{%~1;^H0fgG zFh5nP>w)3xLEtKNEwC5w!n-c(tYi~>c6~&Dr)Qk}Ur8nTCVRW@GusrGtEHm-6ITyt=(*Lwnu^1L zdczTwomU-@&nyk&zeXh+e-%_0|Hu77G5(MHqf7ihhnyw;C#-2F{I~uO@cHw}EMAVP zbdoOCkCaVbraqf2q}}cx{*+%W)$xD!;pY9P4^HTxY@_b`&)%^3{pV;nxP1S47WwJG z$Bs8_mgtzb1Wk;VK#cEwP8k{W*?e8~N#(bG!;4(xA{V(xnfxCB0RR8dSBBmIG5`QZ CD$%k4 literal 0 HcmV?d00001 diff --git a/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.301.tgz b/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.301.tgz new file mode 100755 index 0000000000000000000000000000000000000000..ca0b7e3854cec14839ff0aa0138852f9e586b2c8 GIT binary patch literal 1448 zcmV;Z1y}kXiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI@La@#f#_E}GXNzY=aUw3qKl(dt!aXhk{o>$~rLQMh~V5vsa z>AQEpABmz!(UfQuLY(bP1ZAHH5*{ ziQ>AhJ01?>U)ObuzwW5tzv>O$zUz*AeRq82_QvjLaK+qH4L?UBL!htRlWi4W?v)4# zAqj{}VJ02MJRk_9%|x`9Q_GPxl%f8$$cNiguNjh;hWMS0zxzjJe)Ag zHmOhpN!>MTLl~A$(HI~Y?Aoat`}%AmdK{F z_l7-6U5@2+>I~6Z;e>%w0r%on>#Q=nJ;!whZm;vLceI&Q`#)i*0w6SRy&y7#+IS$2 ziU&3Re?9IGcm2QL8;snG|DQwho&$>GS3+T1#(DbLSQlLN=19=%JaOSq*fcUE!x*_!;iCSKwhMvRmCVs@0NF4U>7#KHy`2Az9+lFgL}fgw(FPta_IQCJ3X6SR zwu!#^&P_bs$}w~;eazGipW#5a_?0ZpZ}!-7obTLc4B}#8Nz|TKdQv30d5>9~Ff5_l zVJh0V{h&dZ7}Lh+at_rpzQ!dJOMfaK2w&1lh{nL;#o#r9$>MnX==*$a6FpYH2=;;S z@eGoK*0A2u_}r)f)~#h5)LQE5G*A^64{+(U{ABm}1z>68$0Z@T?sY5ou>5S_PB1H; z8rwmYbAx(?{;w!d=MG-Qsb%RuJsr13J)7Q|A3%1_=FO+uM0>=k=ZWuaK>e)vUeOcMQ zXjG{G4Ep{4rT%jcIZOR#!GGv4-8)q0#~VPfxUPa-es$rT$(?DDpbR2hn-|7F6BSd+IH;eHIt2ns^ZC(ZQo}V zr9j`7?rR5D|K%+tf9tejrp#$tLN0OSHjrQS!JuLOSIN=5+224l`M)>39vAX||9Wuw z|K}`nmi(Wxrk(7+Vd;KGeOIPBJ>%s6N-D`W+1q`e*`~N$EfwvbxOzZC&#eyDR2&Y} z8;+>#yy}2_W@#AzH7eQotDw60Kkg5T@qctZy2Sr;$XVil!kTu%f9wAMpFf|>;^nAH zC+TASNZI6N>a)p0+U@?~Px;kS9sg$^Zr*?T;Dr9kHtN3r>Dc zVQyr3R8em|NM&qo0PI>(bK*7-&NIJ4bA85V2qYcea@@6ZZ7-K0>GgTBH=stAG}4+L z)9HWj$Tnb%jbm`Q%N+Z{NGpA7OW*EFiw($Nj;0%M+nu5e<`I~uZeYT<<2e}emJo@H zBgOZ9|7tKuetq9B{`$jy|DreW2Y#>L@A=mke(%a3US2T&Si{ee*bc5!nt1^b3G}#n8=xWn$T1wTj4P$X<~$5hj@TPAF}^7sA|XPnA;1xH zY*QKykTPAnw1iRV6oUf6V%JSw+u!AC2Q>eJ#&RV`Y|-n4XamDFCGC&W5(r@#&5?~K z?=5>&rX0)b)ET0s#t{Rp1rL%{>nv7wd!FwNe82OpceI&Q`#)i%1rXY|fru@ku>r_~ z;z5o7UtjeH+y3A0T@L-T|DQtgo&%cWS3>Dp)_eNdIu~5@rby81JaHM0*f_SNq6u0R zn*iVABbPjJg9r&iAaFq>b)p<=tQT;*aqEuN7`TBDhRJLYcZN$sGgcyw(n!>0zukYn zy#tz$m}dznww?e>lUUvdAn%NNe-2g;`wK(7&`*j)gh z85Qd!x8D@!#c_D$_C1y3p`xz@B(EV75lnu z9ewki>v+16L+D!in3)?s!+~z`D><6q?6Bo9-??8gh|8HHQF~q)D4FKw9cFRDsDy6& zsp#VNg8^w1Oc$feIaJH|8kbBh{i#DBd`T-2S_`umgEt6v70260-{otY=!yD8u=j+I zXOJ9>f#sGatZ$liTMPfTgt`mxScH*R9;c^0R$A!K`>{ zYzI|MEt&;}zoJBwJ9rhRmZksfble*CTzYGM0NFa5H=phj?E$BrC%&@*^|O+DS@UV` z0@HL>1w~7`3tfv`32NQSF0<(sB2h4w@+P;*mXvWJAniHj{l8)TXHzO`Pzb82|Mahh z!$SS%vfuBY>p!QElhl9KtU10Af1aFx0iI7oKk-D*|SOY42J)*u7&OfPIz5^<`x~ex|Mv#hSB3oFzrH;G z|8o*KN&e4R(@yqZvvfD3zAIB5pKQ6eENJcNtUB3 zon(vkBW079sn4bh>9+faKjl|Tb^M=vxOxBSgBOKI+o=2gvo|Py|2Z7^=kGsHB0uf< z*ztxDc zVQyr3R8em|NM&qo0PI>(bK*7-&NIJ4bA85V2qYcea@@6ZZ7-K0>GgTBH=stAG}4+L z)9HWj$Tnb%jbm`Q%N+Z{NGpA7OW*EFiw($Nj;0%M+nu5e<`I~uZeYT<<2e}emJo@H zBgOZ9|7tKuetq9B{`$jy|DreW2Y#>L@A=mke(%a3US2T&Si{ee*bc5!nt1^b3G}#n8=xWn$T1wTj4P$X<~$5hj@TPAF}^7sA|XPnA;1xH zY*QKykTPAnw1iRV6oUf6V%JSw+u!AC2Q>eJ#&RV`Y|-n4XamDFCGC&W5(r@#&5?~K z?=5>&rX0)b)ET0s#t{Rp1rL%{>nv7wd!FwN{C?+K?`Sir_J6`i3m~*_0})$7V*`)} z#e*9EzrN}Zw*9}~yBzvw|38J~JqI+$uY}UItoQV@buPH*O_8A2dEzo0v2kokMH93t zHUYlJM=p8d1`!g3K;VK%>O?u#STEpqnJR43pU)?hKcNW~@XUrID!1e!KsC zdj~WhG0zfEY&`*%Cb7H^K;9Yk$OYa)gdN6KHpi*W+<-)xdaWhH<*WkQ#!&=j>5(E3 zImCx`y8(y>YjYTPt7Zd;N8tI#_+`~>0AZiF&OzL-nhhZS0V8t|f32DgAf%$3G+a(a zeyeU3v4Y|ms2Kwuc!ZW9%D>+qWvac98UxP;a|~mFq2tV0$wxl(0;A-8)}JR=vAY01 zGb+|eZp%?Uot!Y5vCM}yBu#p?hz*Eshv_h81En{Vb{+B5WR92NrHe9R|NhruYypCY zNlr?YN~65F`}pP3J#z$UCu7>U#7lgIk>F(hxRSCl$+&ID+g36rV7l zQ_;ok2LsY3m@Y<_bEuZ_H7=Q2`csEM_>xv4v=(MB25%7TDvr00zRTA((G&HHVDAYZ z&mcJ%1IsN<$gLKzY%SZMG0Ie@fvUK;hfBxhC%4Zp0848>E(ytXuUol?9{rOx%Afj0J3#9Z$8~6+5=8KPkd(s>SrbQvgXs= z1*Yk&3W}C=7rGX?64bhtU1rlOM516U1 zhlTpjWxwA)*MCkSC#nCeS#x|L$lcj9c(U(MTk;*<$1{ zKUJygf#K_3;3{=3aFFc6yVa_um*!8P3)QgNVMiHCO8L*Uwi$bT&17w%s(7+t+xJ;T zDbTm2``Vt>e|Zb(-#V?BDRY{ZkV_o74dhpSFld!_BT*X{_hR0uL}9Ue|>rW z|K}uflKh{srk(7+X6bH5eOIPBKI7#7N-D`WtGD|;vrTciS}NK{F6N6IEIQ=d&2(rxz-f6A|x>i9qTaP$7t2QLbbwo&)}XKzsa{&P6+&)_KIJ_CG+q#V{MwT`Ua)m`kUBqynq zD`i38ki-fE5CD{{wS9Ge6*Yq?3)3s(a(CLSW z2CnJowy)pO>zU`>wEwiB(&==L1_Q$W9uC>xonD{+Eeh!#9u1GW!`@N%kaT+Re()zU z*c1R|Wf4YZ0HBOL*R`oRHs@h(J*YOBl=LI;i2wddN>DQYCo?mMjC*tLtTzVGW7zK( z&VRQD599go;rw@xhMhl=&Sp?7FMsg)H(l3@%*giKaHJ7pnUU#uQv?2v9BSBJ+oC~a zPi#6K5wTWstBvi@cg%a;HRp6hPQ_{>XXoS>zM67dVeQa2Eoj0Y#_JH4VR#=#be`KT zpbj-dDn=_=!?~>&wr+WI-*c%OHE->OBjVWZ;)7=T_Rlm3fp#Nu+l8Ng^0Q-fjlMRf zp%vJE#GZYE?p{&f@$N}9qa1a7@5O68~;)yW@^lJr|+32rSBaZHC0HBrBt8r=vaeu6aDAjQ{_> zpdsT7Ys!EM{@*$5^%(!}1LGeY9s&RF9UUI-`Ts6TJjWxV9T3xTygNFU?ECEe#2yDB z?AKc}u+3`+Hh4i5LLBp&0;71z-^XkQMSvx$q}bsljbvx3$|q;9E<#{Oz8L@;9FyyN zViI5wa}#=q?tOqEi~`%8!p~{oE&LHV@!W|$T?9;yJv2qXu2Q!DBUl>Y2CRVQ`hT}O zJlgC3yC`Mz4+@Qbar*Mr>r-PsUSo_Z{U26Gmj8G5`u}dq0m;#~w6`-mBo>-~1lfbcmY)OLYhLAm;np`Ep3`v0K2#Q)*%J^$ZDIUwg|gi{|P!{d_;%!Rt-dSN?bWN^M| z-I!Av8ekwW!4NKd-wTil!vb;0)bXwfFb)ei&lFjQ15D(WLc3_DJO}0s9k_JLSPXdr ztbAgB0LFwoi~P$|gZzjL(Q{c#1c~^-1RdL@hGx9Fe18cHi$WJCU<*J8Kc8HZu??); znA%aB{mH@CjO%{}ZT6>pFq^jV5BW2^b=yft*MQ%`CllMDq4vxO?|k_4+Pr~3qdENh zzoF{SVE=fFket0bg#rD*`vHatnM*!UgTZ#@!fZGWGAGnf7^nau@Gt&?J(a)$b7ATbcNsIU zCAlhD_E#fK)2^f+xRlX1KDnq#D4!#Y}+EuG{RaGn72vHNqU9gv6jaugS3wP|$Oi!Q4*@R$4 zeQvs-83nMZBRb_9360pX9pXM2KW97x_Ac0A)R~YF6c9kzG7Ss1hK;I6NQZsG4X@pz z20vbN=nd*JXs=lBr|btqkK~{S2DSPooOugpjE1u5fJ7MIOa6vdbHrE!@^DKS;gzUG z!6HlTHIWl%M;y5n?BWdy9I)~m4%)bEXx>5!k~ew-Tr<^IgC)5Dd2NnaWq52xCV9da z9~Qw@*erz{Fmwt+Wf7i!$RZj~-FaLIv`MUGkiRl>g}mdx!EDh*k2+{ndeUoh zI&lqDGH$>IW!^1jtF;3<0S(QyXj{TFi{{QjRi{sJ2k=TvAl_x>U?bCRE}|JA{^34n zdB>E&O2o%ns7dZ-jc*vc<>j3$Y6ZPrt!rG=ofn;}%8Hq0`N%D61G&iUO8z&O{n-wx z(3HwSC7N6v2)BUbI;ubsYN~QjhT7KE0Yq(TG3KT4GWKshxHc`Ffs=>)Mpmez4Q!_% zezzTCV07|uC~umNAgpvAd}uiK+>XG^@fTNeupCTfeFF6eYqD_!yPeK_Yv|4CTQDFZ+2U`fR#04$Q5%)rT>fV^2Jgp*V=U@98wwKV!M2?6w0-DW(kK> zM!486Uo3@kL$kNUA(aubv$sPG*W;NY{L2uc;XKdQUpDeZt6dmG>lpbGIbk1HASe7z zJH!oT6*@*n=Ef}RxgG7SJD2jJV zqu-t=Kb|&=LMy-j0R+cW$2ISOG{67R>+}xy_dj+~%I05LRcnn=5&wHQ81}RAzrF50 z{&y$k;GpEjUVfaLQ0#UrAgCWu$!2w+6s{RU4GUwC{&Jnx=2L8o$jdHz7G4b%m) zXIk1pte845di)dJ%A zVo__N1H?RDPfR68d_f-^5j2oAWkF}p1LaYnr<`PBL#h3U14IYW_`EvdI z1MLX&7LaFy;~q5UV_1=9V9lVj*rXVx_k2Le9^XU=9y5m6=J67f{RrHQsgu%xQkHCRt^Tg2NyF|I}g9~~TQ&<@s? zyBJB;7)M&i9@P|+m#yXuP2)jrNR`|GH6{)oTIQ>zp8hY$J@;JP&rLPL z%KN{)Zbttb9QF72KXy_+e$;WtAwPLy{LB^pOhnbwp8N6DH7~~Vw8>6?P zPXGwUrO-5IJ&1TRrWSqvtS3(dpwJk^l!F#}>)%_X^}faX;K^*Dy4(Y~Fib%1VNHYr zdKWm0<|3~V4tc@vo-i=DI{*ejKM7YSxJn~fuFmewjff0Jk|LI|7$$d^IwwR3=hAq` z?gvgbQQh?YYVZ@#HCzS&2>kP*7v#R|wAADO$tABaexo?_3LgmKKY#B6GYOdw{Mjz2Svv}z0*6Bq%Ys@ZeemWtX}%l&+u*;M&Oz`+cnG&7gSq)4F)$uweb#-$*2Gb=x?ilQUBV|pg;o>Smv6F=l z76>)x$EZbs@!IVju@1U<9i&5Zp{sVPFUOlkUKovO5FE#DHTm-PxZ8;za6dwtD%>=B zFP6^xKp01yBBj7&12I2;E(boo^q>-hJv>)j8m$_ABrXu>sulOe5+SIQ6)!bz6xNs< z$$_L_F0J^nK>{!GEYBH{wUzI|WG+D?uAc087^ryB!1l)RD`nL<_AT8hDCjnXE%tT> zWSV)-I0elTq=y}ajc~nrEiSN;-IBjIjsb%|=AJ(etNeJ=RK$Q{c_tcf3p6n_N zs32(o!jrQ9>-m4){P_0t(uh7pEBP3z^1t<#@_!!o_xay;Q{H+Q4S}(OEO;*`kI&2u z3DPLS-~_PxM;fd?bO>0HqlUO07kNR*lty@D782bdEz|dp>w7Vti?mHkoimm5p^5hh zN~80?6+^))_J6N)n2rDHANITZ{lANni8n}{&OMG}xrVOV*ig}n?F~Px?&sWbkVr4< z^RV84BUYO|X^-#W_3UR&9^sORtz9v1n_42OHCMPslxUg8 zYh>B1+|DA|9|iwWNtHSs^Wi!{bBa}w>Q|w|Lmk}>>Ml`0K_j#Lp?9B z|H&h{Z(gwDL-hzWeWMy#5*IguA6>wLdn6)<9r5Y7gS24b@ULJ2=6}O4*a%^Q)B;e^ zXivzcWx`=~5_vb&__CB(BH*?J!)>#&MsrRPg`7u#^4%SHIWY z$N%i4WK4pp9I=eeb2sTX_*&d%fn7vK#~5?r*b!+Nt?CYCc8sJ$0K*GF)|{BWd2K^S zHZ*y8ekQhPX#Cv_NlU#%gDmE@+X4Z_qq4naNHpbqZB=Zpfdy^`rA`G(-C-S^7(AOmj71Xlc7s{B4rUyn)lici z2{|V^+uXc4QFH7HVA9fuz6Y3>n|)o0vGyoVQv;~USgv}joF9`2A)ajWM@@9x4>9Z6fB4bB5NRob54n+F z*Bq?&|7Fkrj}8y_=YKmXsrw(fvmCPw&h7c0{yF|gr??uM{+Lj**PGgxY-cWAO~^7D z+eJ^6ZkalM3!-=jw%1VlQlUUHH^5sPI*-h`KO!zPU6qR@-#CrK@2nI7#Z%@svK$*Y zA1823&{V);6;Phl-Qa%Rqf_w7&0>EJ(LpOb&Az^60P~JPMAK@5?P)M$+Wn$9B z&;ziPEHMmq=))QFFRru9I{dSx?9=E^#CO(Ty}87?XiTFS__Q8{5}qXy`-TlTI<8MH z*%GxxD%z)GXJrjPu-#}vT7M4pKO?hFRpJe6(H`9g%YC+*bRnj1X)4Lzcw#w<8P;q| z=4PrxODThxJEU1$6mUd45;yT;stBow??qH{>a}!QDq1sNjK6>Y^zM?6AhPf0VkS8` zqbxxYOXI{YKd?(2;d7#49YDdm6VKJl3$Wboyx;~?#X-+9Cte6!cD!)pa`Zx~cDcL) zi!NIr`E|?=J0dNfxfHD~FGO9JWrZAxw)lWfCSZ)glQ-U_7#|;Vy%(>cv`%s3wX&0& z3r2D`1#6}6oqM2nu&Tv972cIpHig_YW#1pnS%2widzUOP?aTpG|So}H$L}|DM!~vOf1(Xm@lZR+(kdp+1 z^(TU^n4>4x_}Z$qv&k$NTZ;;NT&pRG0~DNelS^v#n8b%)hx?fGhbZOpKaBEZ|9gDV zKmn+d|NSNV|ESa1%m1B}Z~@lqh`hzqUcpfavJ@h?Zm7jtAU})9RRpz&=Zpnu0xVVJ z=nh~3yogg3vlD})fxLdr zt(Ib;1l=}--hwyYyeaT_inb*LSl1~e@RX9D4t$tIUxQO*>9SfMV1?PM5i9tHB4t3+FvPCI3s%UCy*Dp}c@ zhx9`)+I`trspkJl?&no_KbCU--#r`-v-iISy`#aN|L>xx{6ER~oMHW$^xtLHUeX8G zCJS>eVh%{=d(6+bXybQz(CZ|R+LQ|j*)^N`f>6vW3qM}feco%;P$cox){tZ{*smmw z@Vm}$1}3q5*ZnQ6W|n1{gn?_(OlsiBzn`a4y74bRDaU{%617UUNNL!Vz-!YD$H?gB zW#g?j2+Pp{|40ucevxeE#&7vYYj`P5Gnq}*Q5QO8(y~y+ednCFCJ-+jyYfc)n!)zZo%Pf(fL z)eo9Bx-!$B0ouhPU707X1YUO+8@0Qujk+pZuFyNb_$^Vu!#AeN=E1Ps3BD_>%(`V8 z>LFC*O>E^HZ5ewVsYvaFNvtX>zGx<~9b2S1_gT#r*{uJ+`urz1D?p>8psMr#qki`L z&qsrO{)gQZ_5A0hoN02QOm+Gws5lcy*{M)L&#OoC)Jj!R9}*?w1QWm*!w_de09jp` zwqj+uoQjVY%m-yP=NeVx)>c+!?7X3*)<{t_VNw;THW0>kiS$e7O@k>2-z=OAG%~vd z3M4hVMVx)2$<)R3BqvUp%X(9%MwjH#Jx-btt0~pdKt`E2)30!o7Ia6*k>Ed#XYFmWoOq zgJ}eRHZ*HBR^1@Hw-9=~xGz9gZc?S(F)CAEALs^hIyXbyx>%{5lJAa57e7`>79mEo zTS|I9jii3cPh{A)nM6IgKt3`Wb&T$C!$gwVA0LuZ5{501tGi)x#VI8pl3p(p081dM$)IoLjUv{?V`Wq;(uDW%sCm-rl<7VkWtwvzheqM4 zYX$dy)QAPGOrCFdNuB15X5;#Q?fX9>_um%o|8#o8to=9a_V)LGc2e^0|A>1l`S*X+ z9FS!$zf5Nh44;ASpnTO=%KeC4U}zU<3Z%Krmc<}P&r@&Ew;He9#> literal 0 HcmV?d00001 diff --git a/released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.600.tgz b/released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.600.tgz new file mode 100644 index 0000000000000000000000000000000000000000..3194e2d06c2b5f6663f2ee88723e11776b2356cf GIT binary patch literal 7541 zcmV-*9g5-~iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKDJa@#nP`25YM=%2j%yCfG2ywxj@17q~CS!+*cjBucVMTW`YRHV(vQt0TCo(BQGFAMCei04losT zNHO%m@JeH~kn$uVH*QQO=);-eCU|`gf7jg9_?4{96B3{g`eDI`G;#S27dUDBj&UC% z8fPCH-=-KL;b>r4z~PNwXVeYYBw;beV)54`p+95FDT{rWb{&!=<;}Xbp`k?(3?@|25fKPi&p5pN`ONKgdL8%K@$r!}W)h#V5DE9&?GY8@ zY~TfK(l$W0E#l=cUg6C(OGEBEE(B9_Tqr9!F67l*;22~n6*ta=&{z-}W2!#F389gs zLl*tJ=|}eI0OaJop3pe#ILoQcS(XN$;-4(zR z`G0tPa#WZ9rzeMd`M-;DZ~!l&h+Sh?2nH#%0~)5>A^J@&&0n9tl#hLAwVZ9aVT`HLBQRuXAy)#cj?yofiZ>)CBTVH_fCD&-$sj`Y1}6Fy&{*I|H|ME-iZ^`B zvM7WB0*O*2;SJE33lc>b0uf5EO2HXK85c@b0ifz2^g*Nqil#=<$s?FzsN6&(7ejSoXYBMd*J z_*;ftd=JQe$BW5G9@%poy$2$CgI5ukTe)Opguj9U;5QKk#|;L(RtQUKZ}7@@8%D7 z{<=EgvNR3)RW?939gx6PXqcM$s2_W}?-UDDL05>V9OV2Lzyv3%*~88oT09Jr%!h8L zGb#F4EYR>-ulcis19;0qgoq3<;);d|3xRMs+b0s;g9Et0VQGU&bkZ0Fa%BUvfVVS_ zsXNMOi0zn#=yHrOkfYRg4h|go=u$mlsSlrSRf~Uq@zRkrk$~20N-1W~e^L|vjRIbi zLOn3}DL5M@Q-z2&0cVJ36Rt|M8G@Bn&8(62411p2)4)KXpUFoDB|Do>Uj%A$N}=Sz ze@On#IEFxnd4pcTw4UKtcy1VWwh13X9Fi1|*VH(aV=t8mJ2#Q7$AY zTdgn3dR=7y37jO6)ZFd2KfXJ=^u$N8Q6Ed}zfSM;xN86PI=$ZB{@Y1;$D}nxhjL9y zM1vfGG2tL-B&2bYX0h)$08;P;A_CVftc>TMK7n_km)_pn{3+bt!U%<&G926pS|mwi z&78NOHQS{p+iZacx3^EtT7IT+xV`)1#Q~fgsz2%EG8+!*M`*ca zV;G0(Zw=~8Y04vzqK{z~MK|zUMk3|Q1d=2Q3D5aE>ef|#A^VUBaTs7gGLFF61Z^up zp+2M-g&atV+Oon>nHSO|e>BkUy;pB9WnH;=;RyzhSEG=Gvr45us1E(-tCK7Lk`5t8 z^L(43{uCTpXMhpAHqR}?RI=MOORpkELJmRh6XC%a!z{|#k#V$}oaI3E z(pBpet8qOnE?l9sS8cC*%K=bcLEn5UAK-9^f$*XAmR*|u^l zlueXqZ(Mq`m&yE6-%7b(afw=T917pyJ32uw$RzP0&Z4N;1zWS9X+gfch8t7}XrAhA zyNF^eG=U3(#!SGYRjK+|BVl``CB+)QHZ^LROnz*6d}P@KaqCmF?K^Mea?c_WV;|av zUg#Pa9DpIAQI=xil^n$^#SO>9n+Ju*r-1{IW|4NIxj+*7*OX<6VN6%M_ievj@n+gp ze-u9C;>F90vls8q%#WYWU*$h)ZcjI-IKRjFznc6vrc25q++aI!x%{uifAo5t-qBwE z@1huSA{TarILY0wh4h$tGvkdOZ4bU#aD9PYyI+4Gu#D> z&{8H~%zrh%X&gjZxY+df;4{!T#8|*lAp_;|NedopC3So2mQQkUK0}I0Bt=2%Ut7@n z(9&&eB=XgMhbw20W5h{Kn7C?>24f*5aY-(xCKp@~>+NW`VG_ z{2$Obr15ASHL%S8*Xwm^^8fJgXfOYFQto9Q|5@|MH!__K^Se?YI&unJ;LvQ$PL59Z`hORt;{Qt$-k#hBuKR?AKBQSJ=mgt&pw3q;##fYUJV6!JCHtiT;T6AI{!llU zZ+w`*D*GN)+#bBO_qL+-<|jTferg~cn2Ya%+uoq}Sv6W)zegV=wf%cys4Qnp8=<)NUD>4PTkp9=Nk06S5Zp; z=j+MtTJI_{VNvUAD3-b8s6ARkPR<$fx|q~^wM(VsYKp$HojPCJKdzE(ce1{LqEi-S z6MQ2V=M}>04(y%mvhj(meXjRZ#UyE8J>zbbo^7?~7?0GKHe6CW{1`_!)-ftrriAWW z<;<|aeTn(IDx{qOT0382S>cT_R?_~CXASV0h_V~i-kSPAS86nw^fUZhIb<;h&Pqs{ z4eH4}NbLx@MnLTf1)L`f;A}c*vXO4r)3unXi{`05tY`C+QQ~h{h&~+kY)-IG_RS0G zu+9eF-d3aLSM&c+&NECmJqf(T|8soO>DAAFoSy9cKRYSw#%H;Tp;chAd~IT~e#R91 z=W@**Q2{NlwY))d2G?qk4uPfc$a_f=GN2I^6uI}}{B<5zW}g`q<5Z$*CIs2XKi((0Bw& zw2S;OJP=--pj?g1wVE`WQROuMM)v8dig_JpZy0m+Tt{+jHxhBH?RjQr+lyF0A_qXL zd9xRp?=!wu57mQ>2ubtr*SAz$*WK%ey>8g+hOb&T7yWV~o1< zp>lfZfe$gSw*E7#;0+gm%i{k!hexyLfA{Bqc2a8hjZ{K^zKton=3Fft)$V+Mb5eKr z=JTV$bv^6P6(k*@Snl?&Mg(lI{eP374=ocX_WHb4KaAC|O;Hcx`!-pk*zG8f6K#b> zY;XQt9{wLZCzOEUtME`e=X5#;QNBjF9cT*M#`#kjb zn~?b{%J_#Kk6o9w=KqAnRIs)8ftH>B?DV?z`G4Hqpa0oO*(?sSere_G@lV4lG#+^Y zOObJP$8%l6ywSD34GH5KoY%A_^D9k@Q{U#ydo?sfo0IC^$@>Tv-Wz?t)3QkZdt;0y zR9&oar#_b1f5+Y9nft%@_do8Y9Kbmda_H5SQhKn}Ey*y*XcW?T1PKYQ$OyUT9Ozqz zd6uXpFz_)(5sV@>&@za|qo%!Zj6R_wRlpGitt#^Lp= zGww+B_bUd%@o0#ot?Q-i*RRodTr~eL&R)EFbLLILJNB`7{`Y#FUavm?J4eU+`M-;D z&~$aQx^`NcN%^Jlj-w{Nva9s{bwPQ zU~Xg%7w16n6l|~cmH$#Wi7{$W9p@d(a{-k1QflEMf0`@%^!<(f1#I8<9jD*#4+tMS ze*mch)lKH=#=iVB-FAKpxcbGtJUa?ymGAUb^7*42!UX_SducDKXqt&ETAS6km^dYS*fPI4KI zT0>5m1=uRQ7G0v+FYr3gq6k73TuGcJav1`{lueqmD{L|_3#h;Gkk!w}H8t|No>amh zDZhe5AFI2!B2lyRxGYDrhL_3q((u_ryfh!(6H;3kvhwicIzy)OB$eN837LB5{nq@{ zNehv-5ENvzpypx(1sOqZ4k>TJ_7ODB*)o&ja=dEJ>c;woTC1m#+A<2wP(okjtl5Yy z?G68V4Sb%-6P4$u*#h)Sp@jakqoc#SAy?Z?=vUe|LsurvGMThI_={SuzLOHi|&|->1Ofe2H_qcmwF^LYAHTqc2fIO$ycsAYFR)&4% z1Zuy5GG$gUb%*>;czny)&9ZmN)E0WX;%mv&ooAgbAvbFcG$OYv{lC8MUl+~XI9Q6N zHV62IdH@Z$XSj{QrJ%gyd)x6q}9X4 z{mR9KP;P1TW+bH5Lw)pih~eF2X2Z#VnRaFu`FYyv9W03MvdC{Z8nXa7<9FI2ZW6gW z;$~eAGuzDPEv7x*1h6X{VX$HghzifosB8DtmpOg9dj!>@# zCG@}Fh%=qb1Oqy}0VKh=+^vU<=MfWq*X1bS3U8jP{rLA!i$8zq14&1jvcm*}z8$sD z_Z;U%q`~#cuHpw=BjUsI&MJk_A47t{z7ogD7t ze|J)v^NsuNKme1DF*^& zZbTJ&kW16+F_p?J#VJbjB2SH{qXD#LOGzBEi5+ajJ#b8zp~`L<>$H~4=pSzMWMu3Y z9h#H}EeR$Slrqi;uY@oSZt_oMxBa>I%Jxfz=fOK`lSqY7vN*cYot4;VERl+_+I@}x z_rL!~sLb3}_fLVPaIKR2+Ni2*)F#wY1w4{?goQd*aaQtig$!QvIM^X4s@Xg^Q(+X?B%^U)ap$FIGhWpNwN*s!>BgQGOXfMrKm5i5n3M_J-n6MT(94fNKhgUk{1^TMp zH?v_eeHEN2Y1`Ku7AmGiKkdJK0eS2f5uh8%Dbfdyfr8m_q-8Q;sWe=46c=UjQ_#uN z6qJ9Hc7+zAI#@EFSl*YRXcx(UwbWL3+iZC8qbbYe|H3cG#)tsBb_X%8p>=#yDaF@ zDehJ+?lrCexwUY}l0c@(d19$Ra==)GBrdUR*+Qu0fb8!21J4He7=EBbUporq%ksIo zt6~mS%Gf@2cCa8vLr9;gVA1C%j#X`;gY#6A9vHc5$buhLIJr?zBuUC3!lyb;f3=`Q z1%)A|CAsyz8CCv(LUR?vJD)pDv~M$#b^vdo96Wd}tU)iQmEgVi`M>!5 zHy3kqzkiVLR#gkj`ynGXJzktjdGtWQCg+im$Z+9b+w#Z>jHLt-UEQubfW zM3E~U=y0hTf#%PqT6tfmuP)&v|DX30&3m^1B_9gumQf(O>^8@ytmG!AY z(K3CL)iBe5nxIp>aEUH11XSaXf`Ngxd+m|wUjiD>XDIYj%ELR)4LS@dO zdyzEXjL$0LlDD~RV3w1j!uJM(X0kR8@{;+#T>e|Rf7g=wWmzKsd)?Fe{eQjQKL7h} ziY@2J_pQGaJW* zzhZ&f>ELCexGWYv=mZNz{=8ZAo8;39I7?}*#0me;wVFALuyCbYD z_}s&j4oD!CcM%2i1(IV8b7Ouk<7u;*(LkCYUCAQL5itS9U!8f@oo}sFxN`LYT|kJh(PrC_3cptq?xBV71D56bzr5gQ z!{z@H{og%2IjQG=>+SD<+EKCff0^;Wru9n}SgP&IHncRE8yf*69jTi~oAd2bF2%(L z4%I@)G&k%+tNXOqT0xNT1OqQ8gQtF#Y2@E`e(^{;;_th^RK?7qEW_QWy_IN|OW=g1 z;%OzNr@l|g%3--cbuSajxzb&iz;~uwu~}Ej=0*K&)`_~H@O`H?I;EGpnz{G;qoc#( z-NH1(^{e_bHFWPxizppDA?9!amA^|nEuk3y^tn$zFKonZ+*C=R4fLp zakv%?R?|?`)A>40beFy6l;2Oz-^t{(0q(8{aD_d;CVA5Q-sbyNB#sdIy$Yqg(nqv zSTx_6zviv7zYd1^(sV=Y|wd;do#YOn46=;2=}=u=nSAm~~#`i3#pYeaF{ zs5GhYwcxMsX>S&)zsC0dT1MW2iE(bx{+ zx`#^_LDCTl%b&b1ZH%LMi==7x$9|Cnlc23YFcOD#$D?&;);tcgUFkZOa<1EbYy0L8 z!Ey3oXuJro;}Ab;*T;5%obmI{?j9`%^Vu9Qo6p>=J@^e%Xv<^2*3QQl$tXF%UpS-8 z0rU5KMB`q|%Jv`8*H&+01}?GxI=z#+|G#%~db+p&c2OGaKQK3xH`{@R50;vPwZ`sn zy059@hbG%MQ&yh;6Bbj!HrfYVGXJ}slluAZ-f3??|94WF=KmW#)XnqX@WDzOg0%)$ zJZM}`2f5)n<9ai9-#=`kzzU*orw3Dc zVQyr3R8em|NM&qo0PKDLa@#nP@chlE=uh7LF3yD%CEId_b=kVC35xtFPHg;< z<0L|%O=9~7kEWDfch9CM;m$3Zh2Pz)xUTCCj*sR4UDvJtztLOG?R^LC{kmPPq>Q8FJNMpwRgwEj3W_4i5hpZao(13|jzT(de8hQ(9YVW4PBJ_c!lGT-U6RusA&;6g&E;wf;fij=M2t%KDYaB-?g8goE%$ID)59|a3Vj#Gekl` zhcx_m-H+(g0?5dFGb2&pTJ6+kG);UgTU`%{c}7-ARkvq7_N@7KN|XGbqcFwn{tBQ) z{vVy3o>b-k>Cy3C{_mn39Kg#kq&GOo1%nXUJ_!rJ z73PS94A6+CijZW6CRpgC5r#MwBz7$MObnfPa6v=j-+J(R{Fd^I1T!3Q{pw0~$UJ!e ziv^J2m@>j?a+_<2Iyn!((Ii)%2bwoXG=UlB3Go@=D2OSExOI@(6@X`iGZ^YNK8z6w zaquC*zonS*4?ayJKFq(rnc@h~1^GE7_*d+6LAhj3d<=eq)o{=R(l`)0n8uo^E!}{? zJm;q|3Yj2oOcU%qj zzFR)n+3WIvi&8h}Gm<1U!GV39jwiynwFNUjY9UNHV(Up8c6AwP!$rk_o^2`!65r9^V zOCfJBev&i)jRaniLO#&=NjPg}Rf&iu0T+m860S_N1%ee-_4E<-G@o9W^Fc$Qo{2{X z1z+n=U;1*E3hCs)e+WiS84iGqvj&}VaiC)m z3Fcy^Ft9`Dpg0yaGv0#EVwa9+vjYy?-96K5`Gv;e?(U12KVN%UZT^3l;xNVub9lVL zQm|$I_Xlou{`cI$e*W*IeEQUV3Ue~^fME_}5@LQE;}TDZ{|%44cM*M14$f7%)HyRt6Ogq*WnI@+TwZ-h1`-O4JpL7Zzjxa5V}EILlP} zgY3|Iu{yc3FUc4ptiLbI&a6h9kcf|=^G9a?k##DS)Q2n4K4f)mcGhV^58uL2!e5nR z0gDwj@iUWr6C=|RDtiW&s58PLz0uDNdsML74Na~?iUJ0H<`ZH5 z6bEUTu_I;JY;utUWItuTve|S}>Si6Db(V%c{cbzqBP~Yk$y`{g7yDyJJp@Y|1L=O=p`KxI=B zN}f{z42gclKDT{jj}tnRqP=$M(QT9Yg}xPXzvL1%3rZ ze&#v(vKqEuBA|Y%w(UZKBd!RX6Evb6o~%mMLxqItl@=7M{aV+kXfpA!;ph=%6U2>A z^|tS_k;^=bh)+G}YIcsR?TaM;|p0FpFR-ZL9eO#YhC zG}er1EBC(XuFK!dd-9Lmhn&ASyF7pS?p*))>Ec!PqvGwfGm5hZod2uIe{H%XG{hTh z2e!-qL3RCidU~{%|GOw!oQQ>8E>1G9Yc4$&-YocI52Z;$6#C&h3_G`iFz|LO7v zP1CNfU8eK|^W7{E)|USx5(OlhtfL0n{D1wvTao`qN4>rL-${9pdHiR^Bj3n$*354U zfoO>-aEZryhgJ&N2EthYi$X2~L$;@du9Od|>Q!k+b3>r5)r{<|Y5%*shtmq*7B>}k zfR?1&WU0+#mwbFcSdH8!PtLgthhAq!Z7X5#EIykDX{|3FmUjOf+l>C2j z%)0Z;#rG;7^OEFU@Xayo`*apNSpd0%!gz|Dvgjmu-CLcq_#H=?{uJ+7-6$9v0*^vkEDqlcg9)0F+FOA+f=><#1p-B#h(8MnRBZ#$LFN z{LeFZDg#u8ni>QZjifQ-2}ZLQQ_f?r+wJvFWdpss1`14dQ{7TqA)Ro_cz~1SMIKh2 zy_~=3x%mSXM_Q)J(p@@1kw#!-YfceadUw|hysFR9#3Y7%cwvOJc2;Pk2!WNMM_F5f zI;FwNSxv-3Wq@6NkTdGY3RYbvy1$>;l2^nrT;*)umO#{dNJpEt_eqi zQ9vTh*hNA|*faX)etbp!Ys}4uS;X*iut`KXLE$SLqT4I%(bUh8QunNH&!MTbV8ObE6VA@-jc9R{3t7Inp>Id^($< zC@|+lw+Qf8Wl_RqLnj9Eh0&D}SZjh;*;cGSs8SVxx>m{7l?PqS4%?er81n^iDvG2$ z*_YH^3~{bNpLrF9^nbCQ?5^}KBNLihUqi7hB}e7a8gg>UkXOZ|+N*7qlB+5D(st@{ zZGTuM+wNq24MpcPOlSCwSe%y#t2!`uvWv!NqV|Q_Q{}U`d;Of*WqNkyo?|qTUz%_U z?eJq1-WtcKpiK!qw8~jvfrk?F_f<$c1GI9i#IV9^W2}Vz9W5H*6%l1Ns=PJTfiBgk zGwB!jw{*5*37n;nG!xXpGDyt`xmrNY3OSsE1~}`^mu#fl)pX5gYSTPbhxJT;(n|ad z4X_8teUlT+lYPsAI*hY{cX#Ee`PKYCgs~JSo1O%2@&B9*+t~#R_d=|>L&BlsblMx#XK;-M$rxw?Pn$@`x8{tzk=4vUaj zhJCduHZsa?D=4`wDD?)b;H0Adwt$%QB=vWLS#K506hNDymNk?IN6N;wH*O(cAG;+m zS!JXD0Io3SB$|K}?L0dS4~XRlCs*Tgr6%=eR58uJk$t+dVqVAD8$?V#SCJgsjYQmP zdyd}Oc0%f-&;n3uUhhR_`;4#UL-}AMLXzzJ^(__Kw)eVWuN(Hd;j7jST7Y~TY9W_q z>u3aq!||28F-BhXP&&Qz$cLC$TmR`*@P-S(w)j8y=y>t`@BaMHPDOX+uh#fh=2{Y|8HaLK}W}ly}syF4`bDAQ&fZa zzD<_McRPyXL|b7I)0@APM~q8y*5;ALZH0$nl6@@R@1?Az|B>>7uWJUh=zsTkA^yLA ze6+v+V<)9a*k_@?--OIxQN};^cb=Ko-S{%0p;vpC4= zrIm}vKQ*h6XyW)Z!Ia56o~sh(jjHu+NEln=yrwmoU1^%1`qpRO%b_94oRrs1K18ta z-sth?6;%a?E&+qQE+U2v5`{%TMA2 zkI6?IzzyM3_pHtH8IM(La-}{5N|ropi-N*-ti)xPaSp>TTh)4y0)G=d=^_z z|I0dnpHV_+%HZ{@b7l$k_bc|f<&XfQuBw;NU%y7VD_w1v2{`dQC zzh9mIZf}48|4zz5-Hp-mwrOD|WtYNRmYn#~u2T2c`Na*3*)cJoV;C;BHk1>bL~u*f z#JovS`;L>tamia1yI~esf3I8sjuu)_csn3 z*na3))^Io+AvU%C073=Io6O~nec5NK?dIwQvqu?(4FHsT={D6g zuHRjnKnLtG7@0f-Zfbx_7fxC4rWnRF4C##|tGq=%B#bjf%&f9_9HRuyFvkhY?f|X1 zHdv8JUl>Y~{2YP?#j>o=aFI0x4dpYuDzfM_ReXpdI#+P7^O5x#?A9V%Z?E=HWuwj| zYQy>?62l7Nt}q8wlUn5L^{Yz;3=1yeIDpYDAa!VDi=#H|bcXAGBv7lp3vF0!eXV>U zQ=H&cl7{RSwZ+iRp=|vjv$3?J#*?&4?Rz4pBN!BNCD^mr22LSmc+F1NE?XM6B0g$Z zZhf2SW&Zy<$z>F3H92J(u$6c zs^{bC8u?t!C83cNUqP&n)je1dsF`_O+R?1wrL(=%eAbAU;-d#bY70YF9G+Zf$W)%B z;@d4DQ|)}%S)Mwn5orTKjwTH?n-Sz_0+~4^y#?DxP&;RfOp5JzRh-qe^>ejWO(V5s z6zZXbp-fe?5nGxY{>vKpypSgf=0 zT&}=-^_xVKJg#F*6T4{jmnYduZA9s{yv#y6w^Yz#g2y<)k&iQvyEEmp@Sv^HLooxg zoL zzV2Ta&CEDxMN^pr?7`67E^4N6(1hB9n*##1i7$nhA9!V~(B>a>*QR(RuiAqnD$Xjo(V6w`B|kdi{+@&%6m>xxw0;U2_XaG(ZW% zPj?%kR=KNm$x7pLgnW2;@p{MpCCKDvZ?kc0kdQ|Emk%o!8=<_{tZR^vMh}+{D;FD~ zyqC;ukdQ_Xmk%o!8=>6N=q*S{qlfC~?GVHJ$;_IQ0SoOcF7mUq)jL=a-Did*WtX4zt+I=PhPC-UPRf-gw=NHI4gnmVW>FURjpc#%Te=_rGj}S`$MS ztuIOVd{3xXgA#_{Z^W6_Rg8Tyz6Ff@X|Y=mDa#@zhPKTxhiiQMLhi@Ef0qCG%Meg9 zNu?deDGbf1g`s0vFGJ~j=46h;+h>5_A1~khAcLn=24N=qCRoJ{sNH^PcKx~Dk&u_NI{S+ zisHTTQQ_X45I#*uGSYhaRzY_Z(ouJY7{`gCPSs zC@eAIQ@Q&Z{qKMO50{y_jqaZTP2ff*_cc+K*{F4>r3`pP(FEt}SjJh2$0ag2_2XcM zoXBRg;7p0dZKk^?IyG|uB!WKNpj+lyPfKwqo{AVJtfajZXO%Ku-Yc-kdaA=(#Bj*S z77t#jh!+^jcHb<9#SCR|qM+?iZCJ>d7WH&^_7bw#FT_DLl2K#`4Eqvh%MzB!j3&Zx zQBhokM$bScPm@soP1qGmh^k=8Y+^ZIhN5kf|8l7<@3z_S;zwQDdlMZOPs>y;s%5ZY6o=_YY zL4?m#oc?M-i4qD;Oha<3do#-X0lDVNhj%%5=xE=1B+UTcTsb)Knj3?juVt&Dy(Yx@ z$1B16;Pb!v{5RuEa=(8N?^aa{ZSw#0xO)EkxWCW;zMH~Q!m$VMFyrtt8)>*ShT6)n z0gx$cYjea)--TosQHO9Zn-vL;0-P*s82~Yc^UHMbZz&416U^!qbg|u*U89Y{6t9@7 zesxHUWJuEfizv@?r2`qasu6gRi5Gp$$TRNCtWGgwp#|k+=z@asbT{`v9b|9mHq|T3na%H=Em||#`AhJqlPqo$~c{Usgwbzgg1Gh%%}&V znrQm5W#7K6ssDAx>UGV4HvNC>o>cSypY-?oeddp=a%-i;m8%bE10lXfn{7iX{9aAC#}>km zSlab}aly}q%l{Vr-#Z!%s`=mg`}?1ER80L}Wc;sa{elHrwSCcsk|s-IBLF26dGly} zzFoqExY)pp@3_iVDR7RPP!vb{+F8d^`y7+}6*(jwvr;U);;|3`BM!OENOADNEMT zX~iu(3BSjp`QH4sY?b|WFwB>xBkG{58vo0nd%hgH@-6?Hu$>lcUpm(nZ&WIS=V~VI znQ`aLxLgF@pBc9-12+t++KHoatDI>IIMls8J7Us}Wzt6A^>#5)d%K#bn~LQYyYq{m z5=&(G)=b$t7#155?;0!1X61x>3=?@9Q@O@k7Oi?FQace6o9c=$T1Y(1T4a6cv)Ni? zyZ-<7{U4R_degn1@7m)(P6j8Z)%?%BlYRWhPKvqzqY|}O_I}jxuN3sDs%{W;Eg5~o znCdm6I89XQRQOu(SNF6x3)Np^dw(hP4D$^1V)MIfj+;UK_Xm27UH9r~f_XJ`V-u`O z7v0NiWL(G9XTW_FqY()SCs^nv^JkVKndpFq+>u`kTQ`^D2%75|H$;pf!Hd+{%t$-${@|-awN37XR+mQJf!5xuZma+-+2~MD4Y0J1=WT$ zQEhzFGHG+l^d65g>r0;yb9Ns2$!*Nn5pz{8yRrbxF7RxN{44t|@+&+`>kz|F*s%4!Qb74iKD}Cp%!)o2 z>7y|n#8nTMDjX#f%ng6?y0p=b;w_S<-XHr#5=?-$0>MxeR2`4TomtB`%ygxzSjwet z_pR-lKL*E%hk^DYyp96=QMo?01LT6AcX9Wq9n9xTz^p%Wv-aTEOrb50{aQO8UnHYs z0Ds|(vINZE^AU{)Ei2o9NL^dKi5b{p|GE7^)&Jig91r&P-!4jx{RjGn@_IW^^FgaQ zSZVAYr~B$Uer&RRGiBxZKcf-hbfbO1migav2i5c6{lV#e{_mvJ&Hp!QsO#sy=7W_s z1S<`$c+j|-4syeD#?@x-zkgUqffYpGP7ls5V!h_J;}YpxLi(|pc3<{oU-o5R?p^*b P00960pIb+z0Pp|+vBm8X literal 0 HcmV?d00001 diff --git a/released/assets/rancher-gatekeeper/rancher-gatekeeper-3.1.100.tgz b/released/assets/rancher-gatekeeper/rancher-gatekeeper-3.1.100.tgz new file mode 100644 index 0000000000000000000000000000000000000000..32dddd9b365135c0eddea9a89dd86df8edd9c541 GIT binary patch literal 6114 zcmV<87aiyyiwFP+=GecgDwdb24obkDa7* zCX=x!5t4Y#R|!(K>-hfmy9vcXs&S*5;P@D+_6Nc6WB$JDUj5g13C}t|kk(RKpHseb{;!dPu^o)47mkd5&m%#Y*nN+Z0e{NKFb;i^j44SYmc-Qd z$-Coy@=DDX1dJ1M;X>U$CAQ;Gha@3XaiOy7QNvhUBcG1#!MQ!66krz|-t582p=@GA0~*^&7!x-jy+|Omu591y8NB+N&~b+@ z$M7L?pob0#Y@ad!rP!t3z)lj6YE#{0S1h4^PpdHm{Qst&Pda1}`jMTueb;l7D}z8W zp^XUu4Pu80jPQ>haom^=pko=(3H3P`zBb(eW{&6e$T$qo8L{UWJh2`VPGi!*R6j9=g5~d$L6g6_Ex8p z$^Q=g#P#3a-CV8z`zUsRD<0%#PfC1Qgpu*6ca+^}hQ~Zc-Wk@Z7&+z?OHT3^{CA#UxanksI3&TF7ezTy)^8|l@hQ^CT;i`o%JsHyNjWAdue-p(mz9Xk$;B+Th&*_ByM@ zJHsqVBtDlIqX}yQbwbwEi9Z<`=k)3#1WDKh>4%NTUK8F3JY#f_#wduVlAeWW3?dH^ z+_K{qz!{T_6PyvPmN9?v{0&Nt{I|xS|J+d!#&kJt%(MTt+uLRPZ>zPk|L&!%kz=Uj50D6Ofh!g?^ zjHj{o9BdOn5YQ3VHe@}D>Cn9diF5&rl>FnlMcxJ86$t}g6T3uEq=De1mSG*9o}Ge; zMFGV@==*@+evJ6~6xvn|8koh1_qbzeEoN{*RxXJ4PCf&sL>RI)EOu>z&f2K45 zYmw`ci?KTxi@F5VRh&M7+4zO@!1wJf2NzHdEOBrTY&S?gx}k9T+3&9JsyQtv=i8UA zpZa8tghNTOiGl}Jj(Q$cG^}S^L%Eb*E~^0LHkU-We9rwEhyH;Lnz6RQ_x3sE(Wy9O zC=h{mF_rEIno)v~Ds+Ysv%wT(4_Sb6L)&Atw+vhv@*V(@Xy zz;8l1Tw!%o6Aj*qa%JW5IH)EDvRuk};plguNUcF48+_viT(1Hs@n*t4>H?H|{r1;) zy`|s+%DF!7*+i-5$zW!+L9|LZ7(uWs3i#v-Qf~M*OpZaN!P@D46)r_NG{~5XTTL|$ zzUEY$0rE5oP!40Yg7M`@ZSR)2G|KV7eSL%ZoXfxxdxVBuT3_Rl7BH{UI0k~LVW^mP zPi!yr7RLpY%dN4g4Im_<(L$c{1bhvDSpnO76rOX-FP=ubNT6!}?MEtyvZ{v1MwfYy#tq+-$l zw^oVmK_{Fmi+q5WrpeCT$mB^+Jidzi!wMPTxC&EpVM8@wDuRlnEgS|q(m**(=jbhk z3w&SV08<#;e#%2fB7Kb+2H%?G1D5$tj9~7HOdG@0t}Gs>O*)3tazKDr?hq8ch11o@ zGtCC5W;}NSCQuqU0N)$*)k?|7%J0DYc z$C(c^=YpgW`tVTC=w;AnK!OnvQcGjw$g_;T2&fh&RIS)Jgn7~vxgC1y8@>zZB}@XC z>%=a~NHK8W$RJIur?^e}w=FgMzbZX(S()Is&i~$QZSHhd`QP_ZYWUA}2U}tS=)C;T z&CX^e|EJSl?f>6L$?VrI=@^CGR(Q~A8B@0ryJWLv6t~K{ghyG8X`30@`{FiHm$Zy5 zpxPxEZ8U0P`dQsl&^mj}0}GhHnn%A>ieR%8O)6$$cP0Dmu- z0jzjo?X0YXdnq&Zzm{4pr=1zYjPAPuCI*^v*H(K}uQcY#f6xF$`QPcZR{3A|Q}m4V zxNi?E@R`P8ocSf^FSyW|w2gD%aF-kimY)F2|0P&%_%s2kB{mm2cAt7uj@VJuCC{#} z)o~Zn&@!%Z^RPiIa&z-cNF8)2ZUJ9N-ERsB1S02(vIc(-bJ|T%DR7k5iEu%zQ_yYh zfGRZ7H7P;8g~lX^$Tpw75DfhH2_53Nfu678FpXwV6QyFAnDbgPSlY*wQ=Z)}YRjSQ zgU$d=P=^3Fvjh1;o|&i&Q*7YkSRZ;OuF6A{Mdd#?+DsAQ#L&cT+=Dste|xvJQ?mbe zwzpa<`F|fpm;WHKSuW}i6|Wyi#LJUPCO`(XoBi~1$ylQZz}6S`c2^{%JglzBy0Dl4 zW)U4oA4a-l=#pgHgM#AxIK}T83vSDV+q0p<2q6k`c1WlN7%`s}3o~N@c4VWIl+)%g zC!6Mn5###WBuV%mkZHvFDB>Tby^Sv>*~!tzxFQ;*6-~g(H(^Vd*tg z7FP*44|$k*Hk--aX}$XN1nUw$(P!LzFnJPirPq0`ac#{3MoLUfnXS~!b8SmCF-#(> zi_|^6YB}+*R98)qz2f{RzQc`^l$EKRge-BuBh==o55n5fx!BaDHx?R9^!GxF9=|(0 zd%OSU==6C1;7GkCVq*&_*3}*oGIXiuNE2Kyr31Icm%P%kos7FmI#^0nPwmm&J2S04 z1t!8+B`F|Q;+YKdoW(M}BBX)F)=Gxh%}uxR8uOa;Rmz_pYf-Ofl`2}co?a7o#RAIM zaUAxkK2kh;`-&#T!AE@5%`vsTWc*k0Rfv-BW$R^2Jr)En&l7&;P@gGEW*l=AFQ90c zB@zl^d%(2kQ5+`WAoRNA{lW2cY=sVG*sA@n$A-J7?yafA_gv=^Cy(->+A3?UJZI|* zk&3F_(wBG^T*OUOdRgd*?RnwFaqLc9kB;aO8`z%I6e7x+Lk{f7=J#T_lof~K#9>r? zVj^DcNt_1zO!~+#U%o8Ac^d{NVF-i9P2=**4-6xp7|E1xigDQ*dK5CT6iGDQt>U#c zl~saKT}3^%TT@rhv#G1j3hw*cX}&veiN^4Q<9Zc?XgUTh96F~IW~>9VVCQR&s^2C4 zrw9HP@dM}hf1Rz}Rw@36H$biYzxyb6kN*|C!Yte4y$k9yv3*$ELCTl?cNP*f;?xs& zP-KxnK6aBl`}vun3vcb=gvNdOU_=xC7Y|19e_ZgJRVvuvCkSsEFrG4`;)*5oBFQLw z=;TR8#YRQO5&x$H!OHT~mIkE}OMW!l#8rP69$ThcFJ z^BSyh{~HWlYM|HVtJ+lPjvu!4OyW8zjU5I zwBBA;nQ8xVhk!cVr~Hb1pgH#6W@opY|I^u7?f>3S(e1w}!UC+nKA3vS1XPmZy@W4V zg2Fn2Wv)*i726)fG8UxA{(?*dh$5Q#?FHKx7*03_@h)5C&|L+;MowW0`?gBF??vk3 zlAZ{jf6Ah&u%U=xtuJEY|)!h*d<>Set9`lh2RQ6#V|izH+(i~bP4?b<}h6K78l{O9(}_zjtdQ?ITgWXd57B-)`>fSwfS%zMe^~p|C=4CK&s2mYLzeSH#HXM> z`ESA@_t2(@6NZW9>v<{^4?S&gEYJ0}FiG7GuGUqX&$X8@Fzf=0fXK;ky^#;=e}0<$ zLdG^;zX@I9lSm!-gMQ-c4I=3$7|v7Tf0{Hl$fvwlI8ir9rI+=C{G4~~=3B4>ZTW*0 zOYY2)hnBpLqs-L*m>B5B)Db@Xoh^X*@t;mf|8KRowpRN8KFYV#|Ha93Hw)lI;t)ID z4`%~F@0iRm)=NpL=cT+Mtb^a$Xb?ib@^V^VB?;+O-QyX37RAnNt`WUl2*J0oWJ*&< zfdJ++$%^%yzZ)dm9D5GB3pLJlNj+(LKvu7+s0>G)(!NW(677tp=UD|Cq~XBAayEAAv~|C zuW>w-hc9_>m^vE-@7L!>83^~}swyZ{V+Ab#*c0jgSwWOBJ>yNT*H+mOG7%_+aTofvlP@8$y-xn*HQiULmehYq23Hs-+37PyDeXH z{%h{RFIncw|E<#f-yLxOSMvW}${pnY>fo0;__eUizuN(^)yc3``Nm~Y`Je5=%e2Mp z??PU{Jo&%5S^oaZ?(Xht|My->DM7vQ)!|(cK~b5d zE*=(-bv^2XbdoIh$eV{=6yH&)754M8uguxWR%N9yFaM{q|F;D`!S)lE|5e5MZTkO} z1rI*DLmpDiPA*LS7{Sd=;RA-V68uVgh80`~g=D@}KxxsmNBNW+`vcFVK_VzAukNw` zmEsp*yX0WBwe042rJm0>p zYzwMpPif`Q^U)<pJsqR#hh zKU!Y%6LVi zIqQFCcYCKC|KIGazW;kKKvw+$#$x~aU$GO`S|FP4$@*u zu{$~^mNcNmpE`}j4N zKG91|cQln`-qU2bnBE2O{2rt-RaX}tEzq6Ho`6JvHUWp70w`cQ^$&FaKj}yIsov*lw@R z|KCqplN*4egsgisfd9dqNh8vjl?>P*4ecT*_=W#He@K5a*9WSTXzzi{lOw z?FFMr_OelTF%RJ9-@Rxz#db$S$jvDj>TaaTHXob$QN?3ei5zk^wmByto7J-UQ#{0aF5&*G)X@S63T_P_?siQ3 zC3^Ma*#`NM;*J_aeoLH%9<9?q6$l?%p(pB4SR*^|DZWpK2fpPIE{hz?kBDg>v8xI% zlu+{fZ+$uh|1N{avGFhC@s}2#vvbF&|9I$y`i;uM_rIg2%XSWJp$->S1@rfR%JP4= zv$cx<-bt{dd}}a{lk;_Rj8V{ohBq zzHa_(99>58d!l^Oi?7I1sVa@1o1p$s6^b*$HH+5F0r;oLtOH(?FEZug!H;*~h{SkG z8-wI&Fd#b}881Ig!HK&h4KqiUDPDtj@j!eP*H&!|Q_s61f2QD~@QZFh81c?q#vfE* z=kN)(fdgS+5DaYm+%*fKTfeDLrx-F1RSAoOU-h1S@DwbD_5Kwn$Kl&kghfjNqtVYT z8)I3-RRKQZ$sFq(_lM7y_{YSaE*n1UK_anVeK z_C&sN{>sTBphUjYOdfN<#?%q%1Q-97>RMdrgkK6KjemkUd)BzistSD{P|15XW_45E zI>GD0QY(FwQ0P!ll5Q~YQfHcCH}IRusLiD_WHR{K$u zk*gNhBr|;wRi(-o5HDe((8{#0Di#s9bjiwFQ6=GEu=Y&Fo;4}Svg|~6o+_{H$);wKxa>@} zwo)mJq9BQ9isTTaY>(sn?bnSLL5h0VQT*5ll~@u1G#cGNqr1@n6F2mRG_eP6N-rpl zX;S-P*{NQy@3mTlf9~$`&-(U`_>_q>ntQu@jooH_yH4tj-R+&$52UqpOe#{wQa1rq zdQlkq)a|(=R#^^;_4_m6$bRV0XOfah{vZDH;N9!v-`~G>M!lu90rc42*_qCN;5_ob zwcTv(G+KKE#z1{Mo`6v%6>pCYki%3I&r-VcRUyNh*HOM(=?#QP`BANOX;X%)aV2Jf6`z?n#7Anv77o` zKk(CQi$JoWjWHDRk{%Nf;Y)|~{DgXdm@0HiN4ywj+kOZmCkQ%Z7)2M1xFPh5j^Y4X zlhj2Zq6e~~Wq_DK*4BLzeJ3s>r(zNl;8`yKu(}B2{Sow&h(M2`(9-;`n*Ugw17Fe@ zn=}6#t;UWa|64f!K?1Di|3f4<#2Jrcg0*4z!W3~q6gXn4IDS-fvounJxJ@R9iw(nf zf8?g#u(G;Gla$X&UAMAW&u1_tuKD0@mqbiu1$qTJ{)mQ<(I#tYlF_xwf_g5r$+Y=j zSuakavEQT29*h&H8ijp-;N(>uHgv?p+PL8c@z8Blf=OsVT}EZcCdpS>DPnCB_+fTs zxv?)rW}A!~@H5VTHl2pkumD9b@#B;~lOm9j_c0C0Nfh|rH8}vunZ97T1Rs>8cRF-a zqB;y1#k`{31;l&U^)!hBAxVNLL#dkjV@hZ^_LC??9x!VdVgH6{8nbq-Ht^G7)&&BM zY7t;!OMot7QZqX5dx*8F#gSo-BoZHdjM0?UfI1PYnZzFttP6U58G-0*gSf;-B-VsC z0?!!rvIHgfRMN93OF%{qZ+tW)G@*f774dbLYqDxW$=g9wN zv(+f;f4hz5O8!4YTGz@$N$6T1P=k}I10zBfMEySeFY1GziWNU^+;J||01T~-T#&?x z6ahx=ra-~5tY1O?jG}~sA_Jmm#MdkW|Ax^e>S7tA9Irlg(=4G|B%yui739DyC!cze z$8yw^h(X*iM?I*Gx1FmR4FO?SP6@S7e4Fl<{OQA%p^ zp^%~hOtrUe2sB8@L>VBntE3nW2YyJo&=rCin~-^e7XwfblMwJ0rGCr0@ROoe=>-`Q zlR1PVty|79cd?~UV>j?Y>qW>g+kM70bEEhr?V{3}lkGyc!Pjg~IHWQKBx)5CYe)e8%~qG3H$x`;o90^zcyj78o9|1_B)5s3?V+ z9Pb#6IGCZ(WJ*3rgX8Yq^fVA#TP>p3>ZcgBXr^s+@+MV_olVh$9__<$7E^}7OdGkJ zwWo9t5m?=UctAGYJD9X+OU7~FD{C?*X!qKfGoaSY8oD?Gaw(=qKM09SM9Iy9lvH6& zJZK9{GtImbMZboSl79IELBUdsRb+z(kWBfAx*Yo65bCm+dZ71tCQ!{EHjJ{M$Ek^w zRYC!BadJqC0}7(89@5vv{H`BL8QZU-5!k&OzC#^A!WCm$gWBZ0HR=@0=3R^wR(b6- z+MF-zh2jlTp4a5&I%lyV^mWGR@xjsCW9L~aXAh7n^gm|^bn^!x(0@5?%=7=X8m+Sa zw^LvF{~jc*lM^sIVO8f2Ex~n|reIEWGd~bohj6ul3|trDlx1-oftm)Qg~Bp42%;|G z9snqfQ!o(rVeF-ElZU;*WFOW>n63xD@Vz8=$pawGT3A7vx5&h0NwvD}P= zr5x9J^!tR|CeX&kQ%XR&?IjT|A9KGZ(df{Hm9etH5AKC9J(7r*Ii z9&ZY;$4o%Ez8f$wcb5Q5QSNYJrQ0~pUU*C6@0t+bTk1%E@&VoShO;0w6S_v;ku$XcSKD&gJ z>%WWA6Ijw%p%JDdi>IU;M zr;4TSKy4~Mp9JbvmLxzh-3=Y0&=JuhoyB1R<#KIoYJ*5Q?a!C{akT*L457lMasv{q z2Hbz-G=72!WID&WO&a9zvn=_^%;N zF))ien&g5mH}hpE1BP8N2csz51OvaB2tM%{8M{G7w}eA~-2A(U7g4ojTs_!xSULi* zZh|5eV?epKO56Yg0IwbL2V~kdyYOS12fcIuD((+!U;yJf%E+aQF$WRBq9SM?yMcx@ zP!6MWJ4@jL-UXAaJ*7z=Y|GEQpA^>nf$%seadig*{R#++!V~fOs zhZGHEST%6~__isJ5GbpoN}mG>20%#T7y}2cB8+07T9oEtI7tNKq$A?=%%cyO7t$*j z1TfZ#Ta=Na;~0sPrK?bkr<5x8e|4bOvQ7ft`TXBDWH(pm{~jV$@Sm?8Y>5Ye=AHl9 zZf;M+|1?{x{r`tZN`GyWrd8N&g$MPzHFX=YO}6V+ajUFNxR=$Mwwa;wi`ztPQn!>t zwN235XjS<1Ro#-)T0Q2D1w6l$d%yIFk6Ou_R6KkGi=RG9LrCtK1XK+7on;#IZE{1V z*u3P{QbsA1y0r{rt4%(Awu<^PB78%Zq*g-H+Fyf!r9*=sN%Z23dob!F{&Pe}oIu>k z!HFil9EHNgvfS-qVW<}j4RL5G4XCIgPEpC22~b9T7&1_04G&}?@?IKqp+1$e$- z2C(9#v%As~9wg0N|BaJ!a@g4kjOeZ(Vql;xcWsSF)r-bF`41~VQT{iZ^;P`W!zA;7 zVbXOy2TyK9iLy&BUUH!`Zdez<;WjxGEI$R7|3k3c8qpM}mbzT%xLq1ZIpW4~o4mNW z$s^I%j01GIdALR#a(nwiNF6jN?ohsP60;^G5Qv;>%GP*3jA=i`MS+8KPK62LoWa`W zdsKswrb(&PJ7`Q65r+q7PXr6UpVB_|8|e8uiL!VGHBl;-i8-$&i)CF5Ipv2HMQz!Y z16VU)C8z>`o7thvkVjxAx+ykrv9FIk5?ARl(xUR8D{Z#$aH4DCF6O};`QO^B@0Rrc z-PX>|O8!4YGUY!=Y?h1qBhBka67ljlmklLD+BQyiDalx|5P+^P^zF6?NO|0~LZPsj z0LD{X(uR>H8JZ+&dr(lEAE)@;V8LCPaCbILFhYoeoE@^%0*si?iiMf606SFgB;|}T z%*kfhVZ^$*u}K>J8)O=BJ_`RwX>a2TNfUnrA0f;R^pU@WW+bejz>vGMwLSR;F?qv9t#kp)p2BAgp^P7i*^U#ze!hnJ=X1$@`=8 zcL#5e&rS{wk995)8(T=Rw(*dVzE6XmRKd+ux<93u$t#_>>9DP(gQG?DRE+MA%(V7& zG2zB4NdYkv&!wB^JdyqtAq@<+PDF^^-nJ*QF|Ns+rTpoM;q`hkQN@VXGi&0mSV$Q= zNun+_dx|HcU(>YM`Iz^*Hl%Kl4*x11V?prpIN@gw&5@#I#t8@U5|RN~ z0-+$bJ!U+QlPHb6C}@)phbPma6%bO;Ch@O^hP$W!ovFk3T;~!e_wwPgRbI97n5{2F zE>w-WImMN85jRokRRIwfud+Bv{IMU<0X=4(8_1PHcv^qVP0|pwqZ%T+aN1q307lnKGy7m#v^jArecI#8|tvzqX>X z4lt^!X!>?5>Y8yjRn=L+e1A91cIPe8WF!yczfM3jo$w1M&M1u79*lzB`d8TQ_woOk zj=x3hz{|F2*bs%Vc7J}jT9JA%0#W_;RzXD&f2$pUeu znDPYjzT4!*&o3-fcpDGLH0jC*1Df(rJQ&5lT=JXsCZNGj5Z*LoJY-1w6-(enkdb=W z%Y%%Hjf#jP{#9I=Q;kY2FZr|O6+5%=tGX|*0zY2riD6UIs%-^dCR(j(OWk@hufYlK ze}k@zjnB!pG1^XQ0_qB)A}$%L=$s(UQ|Omoq!!?+-z^By|I@>5>wj70AsW zjbDYy*G&X{lulYKr7aNEKKFr1*ttl}uL!ec7_F@?{Sg<~PIMrzAuANhFP-O)y>2fn z&D8(6K|p)lru>R{pgH>Ac5|;B|I^%E?f*VZGWEYH!UD9vE~t811)R7Fte^=B?Fgp1 zIe4^h+e@S`$n^b%N(6``n)&S|I}i{~IRufXW;vj%%de9&aig3Hyzj*N;*ySVy6CbP z3v_Vu=3`S-F)dZF zItd;7^wNp=uCs&Oa&i~#r}NK7Z3f^OUh#~zKMkU&NBEhFh$vt=KZJh@>XZK_yyQOW z6iLc3uzVvAh2pNKEe>VVYzu?b-SB!tx4CI#LdOsV76Xyf{>EC~t^fIH{0kZ4t(PI7 z#0QZ+@CSHe_7;)!6Ab4e@js2%w#cU(D;%g>WCF|TPJYf&yZsjIKwbWD#gcooAb#Q>pKlFNiVp=);F7re>bh6C|Y16)K6z({fL?R9p8} z;rPz*H1(}ac%YW4P~odhyi`zqI*ltTAlb?OKF)n3cb)ViJ_~s45T4gG=Qtk9!%TVm z^A_Hl?sKIKgnN2DDJXPf1t@>p7vcUYA;^TD^CmYct857xZO&mZm;9&=B1?aPu26xm z&^E6P4G{&FWIGUGOC5o&Yc|Go12-*#KOtMgwElJ2ebCyTQNP^fl+d<{tc#X|DX= zDc%3wZ0zi;!$ z%JF|tU?u+_B9#K<3j*YOlklZ6zOZ~$o@^bUZp*msot-8}ML0!el)89WJl6H357J4p zJRol#ds2KysZ!X_i@vgF2V0dFg?aHm6Z?NV^+u!d%;o>&!uoCS|H_01AN@Xesj8C; zQ(s1Kds}!P^{fED(w^Z2tiwVu-^!u1XxO8C%9VXD@M)L|O3JHy+<#E*H~Ow0WC_(5DT%kPsmAl|+lg&K-Rv2iIP`pc zg_lz@b#D?bvbe`-Y%~_R=BrjQiPa2`2pvU~y^GT0E8*Od&NvxTpF7d=FlO@%;Y5~R zC3Vi>>G8pbWBKEclOy$`;Eu~dFuzBS`+aV|k#|vu2;;3zQI_iSJ*_9pYd#|<8U8E$ z)a(W!=v~-?8#b>n8HzlE336BI+weeloh{4?l$SK@p)7oC(Y=&(ANvn}dNfIG;ZvS( z0?t|g>#h1;+5X#UuI#@DNmJ}UWbF5B{>dT!pYI}DbpB5ojf-CfG-v+r?zMKy{{QXf z>ixeDlKyk=|9N<~MTJbMMEbth0U1{_=+_SL^W;zOj-V;bT993vq;$_531^C0yPCNeM_lJ;qm(B4sok!)xB9Vfypm5-0FsFxK(isdO;1@i+v98dkdlpn zhVTc*Ocs;1S;2s7WX-q;3Vz|g%}r7#Hq4xLf-ryV!;Il)SbDyf8X1hHDs!#sVjh6c z-+R%hiS3RxAvdQ$sJf9xZ9dlWqlzam6M4zm(B_?Va5N+|jMw=V62eW%J} z-}syHc&5Y0?A$(@KOTFcextPT{qMNashvYtEQgCO1@rfR%JP4&xwG>BK1iAs|EB_o zzq5Uy?dd$zE6}7 zdhr%nDwj&@=Nc@3xD<*r!WEO&&I|BYkvWIFCZA;5#DgF2!4OIClr}oav(O{EP3bQ` z%fN`cB5QUIOf9??NAXa+71z~m^s^wiCVysNqVS7uKp1i49qV6IKf!^p%$9mJ(?>6N?r1L{6 z8RD6r>Q|{ko(5PKlGXpP2mm0F=CEV-}k7)(Ku0rdsKxgklYa zMbZzwAnQ$A*e!f#GOp%Q7no8(lEfjEZE=M@^hA5*1zk@PL92r}R^+OLHCCz*f|{uE z1;k5~YOpfwYZ8j^+xG14brGjr6)BTGC-GEgcg2hsZ(nr8s~4Thw=PzUquScN02Jog d+U&XV*o)XItDc zVQyr3R8em|NM&qo0PKDJZyUF=Xn%eCSIm`9k+?TnNtQoSy_*C0+HP;qCNZ3}2NyvQ z(Yqsw$GhYnk}F%a{r>g`e(a}Kmh31_aw4K=q*^ix4XZ)YyRzayY+v2dk4KAdi{fgy}jOE|DgXvx3_z+*ZTpwYij?_ zluAX!58Y30tKPY9BoW5AB8qY*2OdB`6p8rQ4~S9``jmG_s(70+sYnzJV1Br?0};N6 zi3%o-)dLiYjwptC-Ns@el}SWqZAM}oz?;)U_%&~#u>xKtC}@mKk!S!dB~olP7Ss@B zLINCs{aD6b&ZNS)u^yKLh$u_18gmoDr!+*_9#6#p0?tNs>=%H2Iq~hs&a_9OWI}q4 zU<5`;B)V?T6SuKaO4|XC6V8yS0h9`pg#L*_QqBf2?Rg|gia-1Qj^Fb_l!2g$GT&bD zP;*AYn*5QqGr00IX;|@=dwH-jBG3k`LM+1#@R?8qG zeMd7hQl&&CI}smq*(vj4I`%GbcF9F32VNU=BMxgYjd*R47^H%#nYWM=lBXg-1K^&B z`(vuSX~qe|h;GmO(i7jM2KhfFQHpYn3&1k@zq`LvlmB}=-TjUHe~ctBiD*FN0Qw$D zL#kdfg<`6OYQNj{0?woogfjIf<&j+{ey1^21K8=>3cm;*ACX{!0~nD=q8Cz0&LjMj zL^LFdvhhFge8TxfmTzhuO;UF8mi~nU=z0+!|Bh3P2JrIrFK;}IsX7c}D)o#xnQD=d z)iqhVe)Thr$r$zeB{1QVDlTUEBsO!?PE9j2tKwCWaV{MJk~E5}ARNHU(QB?w1xhU; z7!UC+Mi?kA25=1*={X993T0)jfLo7@MwC%C8^HCgr+9?It*-F?gO~8|u)5%08<9yU z(}D^EE!h1`82M)9@T+abgpo0d0f>|-8e=EK5lJHjx1JNe5sFu?kfBH}xc~qn%{=!T zAV|^y^t#<{>^{U88`|ylc3x5QP2j&$l=D^UHFoy)Us223$8UBV@pBS61x7_^YuVNP z*wW_=$5bj^rKJ@GP1Ha|1J~I6sBr~Mz8xezzxUkV|5^n1no@)OR~RP|Q7AhfCm1Ct zq_2`sSqhfO|9-E#SCjt-{r#zV7_wom?e^g`g$~TK@q)GQW+A<$FJMZg0Ko z>o$Zqq70!`Qf+kc7PN~3MilwhgnX@G`F~n1af+ zpw%vbAq&lK&!BiDkSGL_w=qhiXa@gENo33mAW347_q~6hg>K3#-G=UngmVl?DiI`) z5q`^ss_pWKViZas097(kOy+gj8$DL;^9$J8bWwt}a%kFdgLt%`$VMW@Q!@Sc&S9EFk^O^kDE}b;g$P z%!y&4_-B?Oax_W1g#%s`$yTTL9^}NXQ(auT^WKU-s(x?6no8A!(TU8 zY^jKxV{|uiZ-PA~qv{f|Tuzr@g}$DiO2Sfc;!^bczG|4w&zWB)%+ zD*Fs`##cR=ooVkJ73p~wl!XI0%3T8QTzM}>MM9#8wx;Y-aPeH02al%}CS#t7(Aj40 zgHFapoBaV`oB8dzJhTwb3cjMGuCy~BhE5~D&PhgPx6%kl)- z;pxji`?g8}1RxPSL7`|FmE1V2egaUl1P4HbAhTKyRT$3|&nieIC>tBMgBW9G-L~DI z10b2#!@qc5Ap?xFBPkBY0k5n)z+sU$5KLbZU%Wz`}{5WkrgZBkidZ0doIV_ty`Jq7V_H(d~1I?|o%e`%*oOD5J%c$hgStw(hwtzen|zrR;s|9AHf_BQMPW2Ex>Z&_Mf?oWC6 z*0J1r#w)9RZTlEtB_Fn%)~AAxXoRoL@()jbdg6gIMJ+6nBm;PIeVr>N3(U$VrnIvu zS1w=GajY>kfYuCU%j8c`P({XQK{gn5Pn_@Ae6N*q=IE1LA*xTMTq82HI2CkCBOK$2 z42WGHvaJn(k^EKgG;ywK!p4~E4KcYI!2aG|e=l>3Q#OE}Ety6*fLEzhXDK_Bp7p6y zf#I>>$q`A&IgMzh@3i6Y_uq9HUG@)Y_YUTOyyonTbLDA1|4vzYRW4;p95SsC$uvnK zw7c^LdHLzsPkEHa8M1bB{S`^fUy0y)UBuA*B{2}F%+HWtvP&Yu!_$`=dEc1sC;z1# z{3Hl?%2tjMS|b0ud);1L{`Y$Qjr@O%RErt0GT+I#L(Arh!2fRKvolL=wDSB&aXZ2(R%&EHXZ6BG$Xh#i*2%UB3Mf}!7#UZGXK@}09=8J$ zOmGhCJb*fRGMRj~s^Q0mwm31mB zE>(y^l*VWr6Bd@a*eOeIosdn-`BsXazB&H*`ta4s+tb6NlafQx1gC0>RbA}H%YTNW zy5qg3-c~bBrBk9NgIqfJxu{-<(Zi8h)Lvf9hB4Npz``A3Ee%R+HI@A$lnrig2Xonq zj4QL$d_65iJwBPMQp7}7YDRR545d63{2a?YohX(3imKZA#Pqr|K@zFSU)3zGCEw58 zpS$^IOYr(Q(FH5=AeR}Z2E_B{&!3n5(iR9RK?7Oc=TSW1(E#2Zoi2t}K`4VZkAE{X zfh45&rjD*PTS}ZFvQjTw^;OHvSwAlWH{h15Ubj5aGxyvPX9}+>=qz_gWhtonkct!v zo>afIHQdq{<7cvdE%^E8pX)i!(KG-hQmkhh_mqhr%{CA#(YXy&DHkY6Qd+_DsNE)# zy1d4Uat>Kzg}dDnwC(+lo?pR3KHNc3Tk|_oP}}#``rhbqO00}^V;|7 z#^4hB??C^q+JAco`#T%^?=jN9ul;vvPaS+&3$PLChnj<>r8)a(CCS%kBQ9XpitO6h ziJ#F#bU9}02m%9dN`M%6*L^75Eve(g0k`3V1i*9Q8s=#W<39Va)m)! z4J$GmOFYbAzC#h$6?((Zx0T6PPG%yWTqOccOix2pP#Z3AHdsXWx#A{%Nf4vuyll$0 zNB8F2(Jj?^Xp`azkN9}@o5rKMOFQ9GRm>BeE|HEW%4lErvfQ;I`{McTZhxuCSlF*w zFw`O&wt7VDlZ<}6!Z=awTr$6CIwV{aFYMqtRW}Cj3hiwS-t`!~<>{0GaRbt9)s|qb zZ1--gXzSdoo}~QVEb1)W;*~Z_D`PO$U+kPVmpjNg_Uf7ISG7{stFhLFEeaS7&_&JQ{c#Q{)|V}sQ*Bqsql`*C>4p5 z0kG7Fr|%$Oq&zn~kw*5G5R%X$^sVi}8!N}+vyW30=kCMU1+GO@+8>wZW}P``B%yev zkQuweacLfWkV?hl?4vnyMvY{vHforMHee1TbU)`%N!%qrZAgZ>w=2~rP%k2x!AK+NV{m;;K8`E2A`!&gfC>xfo8iw_FZ;Ca#q_TkomVjSF z?-!hCYUI7+T3+R=My@lWj70P=6g4~>kXt@xKM9jhn=ZML@65dNva@v5PV*~fa^1#G z;xu=l)H+bqa1|=$*Us}Vy}BN9&Z2tw`KYFb~>bCB6#|@+y2Nz@g3CkvMUbC&Xi@Vi%iYYZ?kYT9@6>V z53+31gVLwS|D}T8rKR$Jw|@R-f2X(6{~skiK>yze{#@{{tn)u?f!M4JoAjB}J-lh{ zyPao?mw+Yme`oigUzPv;-Tl39egE&Sg>^lcuO+!F1{qiR4)~(`yY1zNrEuXpT(`AL zMCM=}Rot{2htjGJZTHm(`yisol%=GlN zZC$WsUD(aE*Ug38gx12N1ZK;;8D#S+MrQqn*PLmD6^)UnDvuNCf3>_eGjg8czYrSb><%UvT(m7W+V(!&xlN`!n9yo{ zMjqr{mn*ZPbP?>A7Ts$}tJ;4Ju|sX^Q(nFiv}FD7?se!0GyfkY-F5%d_bdRcessT+dU?El+eMsb z@%i?8-%8Ma^~m1lAZ3L&UwTq}N9j)apIsPf=l+9lfL|j2`*Z%Eo$f(zcO(BFBYnR6 z->ZY?VK=~^IT-ddb9P+f@$Z0-QA+p1TshS)buUu=pl`YOy)TWomwwM>F2dE35NA!F z@4(q6lHIvK#;cV8e2$y!YeOe5GDh{$vEpgL-)E4W72Jjw=Em{zW$KJ8DBT0@s+S75 zE6Ot%dCu*pwd=s%(e$!g;h#Y(L`7&MTLZXm8G5quNB0uX0NjV$+U@b~X;yRf`?V=- z&N0p3BA*}0v=HB$e?Ht+j&4~#R6yB(2Mrg=J2)Rd_!l@U!*Q7EN;$}Oj%fM(8&8>f z>WXi}-=SMQ@bs~MpZtuc5T`PKkT#on?w)uD=|jVn^ktsbd-5!6>%mv}n}f28uJ5lC z{sL#^3-$3TF_#(NP2+|Nn(Xl6g`WGR+${*XnFYp;3UpMN<3Od!wC@px&wva4i7>!8 zQL}kLkvCR>@*giUPhBzV1b#G4K5eY>%+hFk34@K~hyVIoEii8fj(Ez93=3(XN*NMWmf31L zn3cbn-m%*qEqh9O0feTrMw!CeDOA-{9= zn%@p)1*50^8Yc?7Mv2LP%sIK zgXKD0PLRQQN~2Iu8)ukF-`j$BdJ4%jF|JOK6O1AlNBrC>mz0g4fk3StPtj}^m%bAg zdRxG7Y!(xEng|@xD-7Y1stNqZwhwPuGy~2|O^p&HC?KK?ea}CB`|+*f0=+G8kCy&< z^cF%Yr00*R>X`q#J%9iFFVQjo&pu4X9sR%TPdR0s0?;`L^olp45lZhTUtT8OPyRW% z@P6`DoOnO|KW_{EB!co(!pq|m>G|%x5znU~l8!AW_&>iz8PPERkN)TI^{*$tzxmaV z!?m=rZ2lkY*Y@2!TVF^+{vES?RGyv8+N)o-FElqcCYJgZEeA! zuI#npglQD)d*nxF$F7MnG8@DLl)=ymC1Z^YJyZP^56x5HUK{=}=hVVt|3;%UwC~=w z=dSh|mTHW+fd9cLhCT#5PKcsL-I_V~)+;{65CRcO3sHn}sHKqE%gG9zVQh-&?96l; zf{EKQPe$ijrlqb1Vte2!dLkw?{zox|1r{5c`loQZ=S(6v-ULie|X+a@fR#eH*kzH z5HvCC`!}3)N9=p|Yk=k5z@UA1g5^cNjkL~=7|K;&b!cSOy9vTb8<5C?nbjpPCp4JY zx{p#`VEFR&FK^Z&>NMr%E?Ay# zP-`Xj9e7>L-Cwtk_8&KC%8g!gbt+IIQ=de^f^wzHuIC$knZKUDpvbq8ZeYk0WR~${ zj7*i{(C{QDcL}n9GVOGS-S*+Fau+O*e3q3V}@J-I!*feZy(r-|>4Zkxvt? zP{bCtrHPgmGdp-FRmVJ&C-W%0{5Eh$-mfs-fW>(LJvci3;~DJrc3#nES&yW-7CSaM zJA3=D=$){2@NB4QvL!qOnLkqTxq7{hbOXccgArT~Afhb2y1%qD z=0kRC_u>X~%H?IhRmxr8uF+&I-&ww(K~1@Gv2T)YhH~#etdVm0J4%ZiG-ED}&#j$b z@|Nax6$kqkS}yl4zdqCK28OGN|5adlH&A=_sHs6sxzh7V#xoMS-61SfGU4H34t()+ z1H*hB^CboWj}t$;7TGsej$ajo?pVzLM9LJ6vE$-|ht@S`Zsk66OXqQME4Od&V}u*{ z#{|^`?O4jzayj8?6z1_SM`y>G zC7Ku;6C-UERUnahK*NVWBtp9_FKE&>`(4JhI?+%wU~~jCp28(zN;6d#wflAM3I|O& zCDOInU2tQzB#t;!f}W?wYh-sWrRSNb1k+)+)g^(Xin|>{3=3CWY0ybMECYxMqa&2c z*TdB-HW>rG%tUmG5>ghTfMF1a9TODMF#$58+0ch~9Aa{T5SzWnpcv?y6<)T{_Y4xt zL)13%@WKp$EUM1!;;|5hTB48uV>FkC^Py{5O^EXHO-8$gI6-C{+e6#D>x3No@V`72 z`Sz`0zMSw&NE2lajukGY+-(=I>3P3!0kMtf9B~ob6^1j=!p&*38ZYN>)CSxLjb)|f;royWvOvv^ zdV`zJ$v$+ZJN{J%S%)XYO$m+Rwy(*7)j$eqo8wW$FU=kXj}y+&JeTCP>tQlS#i3jG zq!i4R(aTom@Ip4G%<1RmXp4!&vw4;mV?IT}2y_0|-*OEk+f9*XNh=-qEifm#rT4{c zLnXg=skqZ(3$j(U97{M&Wn=+%ND!cuZIY@9GyngqQ@r3;K$V@XqTRfJYie6F)Hn{@ zhLB#4%ya(%CQ5?VIto-X6WuJ3?lS9V?v85U!rf^Nq;ONv3UuFV!+YZbzxSZsGVbne zXu}~S=2<5iI2X8^AM;yUWK1*zOfKp%9AF69vl>1evKg2NY0ZxuW79S3Rmals$d+h< z0T&^Lnxlp9-E^!7FNZ9?{Qli6_I%rU)ROIWe)8OmTCMgy9nMFz54UX(?C~NyWu!f+ zsabo5V-67?)4=RMXT4M0#F8aRL<{XBBk1|8G-sa3JBO|hWhs`Aei-3p_I?&LVeNGE zf_XKHehMKS{Yty(hJv*go5;o!tZp^CKnHV_R;!<7pgDh>-Jq$dDVqs}I5CsMQJl)` z1em5T(fQ}@=`!791C8Vmo>CuuxYUSh1anZ^R+}yARLd4!Dc zVQyr3R8em|NM&qo0PKDHZyPtWXn(!?SIm*WB5{wklKe`ld-4H3w%Zdl55rFT;UEYi zdUqu8^Den1xw6&R_iw-8W1m`CvaL7{DxzqtB{>|cfYsY-T$H6+kMg7{sFoxYX8=h zN=3vE-3PZ-@7#Bi2xD9kMLCmw4?r*0SZNj6vMo3W3iCRBqGx`BQf^j{mB9RnzztcK^K$>39t|LV;Lnml?vm=dR+D) zqAa~?%uNKJ&=6&NG!cCWI2+QDUjX*y*tZ`$lOBnZG3hme5f~wn=z23tv&Kp(Z3jF~ zI76oTP%2Ck`UeV0IqSou=aD2Se(v}?e%A|827)Hae0$47O>hbC6J&70BN|NMV1!IP zlaMA-2_$g|J_LHcgBlYBS^qtN#8hmb6N#awgc3Z0Ar}xtJPm;nMJEWzCRA`1BU92F zbKTvsQi<$$IwPva>A4^9xWf}dobZ>^kv=##HrTyK5`_B6xgAf-&}CNFs?|NF_Os@DCEvkSNMV|HAVz=NDQ2 zq@MAC#>i83h5=`x!33FxaD)*me4n6j3zP$3nmrt+?Bb06g?;FH5g)z52}XT*{qC3d z9>!E1gfW$RZXQpxaLVeMEM33)nZ{&S^=c6wFhvh4A2mcAq7WD!rGm22Sun;h zjVK$v9xrHH(+42GBMT9kdT9;v!3@h@4||h7ksei)t2tQAUoh5`l*QvYxM@ zU*NR7#`5&KExQC zsj%1EeoM_afq$kbXRFj}Z13&ArFN>`e{AWY`h9hH6!CKsIaOLkXlvQ79@$BGiX$qO zuF`6GU~msq)OU@|iXT_N|A$p4b;Wn!=wciOlvANRk-jeeYjrp_}qbx1l>C;T!{!N(9Mcgx_+BVY@t} z7=;puKr10I1jRv(sf6d}Q$voUcW1gRWh0OY2AjV3dI)Z-XMwm?Te>Zk`9>97(kOy+ zgj8>(hy-Ggci7%WU0tk7VLHqSnq}rh&C1LzuoTrJSwQ-S=|TV1@{BFvnG?f8@lP$K zY~>u+%GWz1mk%TSy5cV!5cc&jIk+W~668veS$VoMo4<#ryM zf~~ndDihrP?Kb~#trv@k1PHDFY(eXD>pruJ$1!IXO?fMtwups8lBA}8+U@n1FF;uk zrD2nd@Zsjh8)Fn}UCVTOZUsjYQ)9L*V~b*eZLiAl(j>98I>>D$&9L(Ay9PB= zxyr$6(ltV{+IQGKpH^`?LouO2rM@G5L1L>Je0CG;vv9gWqTsx?wxMc|40<^OAL)t`T%>-BKyzIi|wlZx82>@+gs~@kCDp8<(%6p7I7h};LAj4i*| zJ=GSlQ>nHjib|t{_g}%s5$B=RO*mx03V!$oyN{ng!T$wQ@)hX$ zr{pD7-aLtl?v*cS#-lvgn zUH?l*s#-F!cEZEV4sGq=OKAm*&i{Az>g)fmF1}v>A0d_3f6LO^a(}|ZGskj!o>5ut zYwiO8OC49ZX?-I2kVg2^oQ_N&4{Y%a>d+nX|2YW=gv~<kTov>cjrt-p*cTjHav)JzFx3un%ujsZLXNAU$izrUJtw!IMLh zkaHT*Oy6n4!J9X_j4u1TM0cuE1M-fuQ_hvA`TT~m^r~FSlsI5oA(Cm5L>MDeBr?d$ zhhsnCQ5t8+S}%;ZBr(4d!S%X`q4{M`yv&~=zhsw0ga;?D*YdtG-A(>WJNQWu@RTj> zBep>PclWxzy8Q3%ul>IsCDojZtju>Z?!dCSBJlq<^4V=mt&7=AUGv=l_|^=3U|M?q zry*7C5R-^cwOqf8IcUNB-=Ee0cDC2{pT|k%`A?EWc5)$bl=J!<2>|D#(oQ16un%?w z7LF?oLLztJaHYSo9C0WtCr2`UuyDxg88xfy<6=Bp-jo<{R~Foz3CpozDMl=2#nQ}J zf*o1!9OX(Q*pRL44`t3W6#rimNBL1n)hWxJr@=Ka%0grcUc$|dgB4X6a(9;8hbhal zWl6>?!goR};W4d0pKNll@F4N~?bbn;#wU-yO&Z;$WG4~)@i;WUnO=Z9EGlQF({!F$aqsnwP zUr$Odt*IwFQDo&_Gs?gA@;V)Q1m;C-b3I5Xzv<;@=ESAPMQ6 zsiSL67ZRs%d(`V&eR(r;*3ZkpHMn)H*DX)<%!+r&nZm0II*aXASqf^VrXq!cC)F=) z4Y%|~_w_xCrl*{%UucBc!cQ&jXQ_XsllLdYucQRHzY1K5;XL^9D%8{B?zDkZN8iw&59n-lEM0SKs=I z)LgyfWRnfQvNrH;-bUR}3q?$sp~SC(1bBji8q2l4Qn3I1-OPEMwCw)B&@9_d;4W_r zSg`+pvA0vZ|FgaKVt2j&f0Xq7?Ehy+;O!QG^0kX^W&>zM`o0E%k`&E8T3Pw@tORqI zwIsXNmV&QnDVWQerJ3{1tp&APW^=Ef!9%W~Exd%b;2PS~x`@_%4ehQM(dt*xVD+{e zy_I?Oa(8!Uq0ykQU}Ro%^Q;)vtDp}u``{JEiE8H}{8iJl14Z$|5>hAs+T^iBdux-& zYD^yG>68I+1Ja!7mtZYz`B>Xgta-P3k9uuWX|$@~|su91Ua2I*gSkjayRQ z@(}y5yIqz{w(tyYRcYEb@W1umewnna{UBm0~bNoe8v+IH^EmB%Quj}sKQNuj64zuRTon}-L_sClt(j?3(%)zhe>9hv?OsOY^O(#FIZs5yI zt4(dW1OM3zT#LB>6}ld$&M@^9kg*pGN^QR*xkq=yI$y)Ee))uAjY+9&;D_brQ|SGi z>y?cI(G8)z%9BQ}Go*|}^e+@OJR6W(Jb@mB$;0MuZb)*bgz_4=aMTvhn&rx%l_+U$ z&8u~wsNpJ9%CDT~jqCrt^uJ{lKbIEW|LVSYQTPAd>2}xp-(#dZ>VIp+Z?59E?77}N z1<^bPR+A9co;_C(B+atC36kBmK8{RTr|&1-NB*Bv7V2fLWCn1bniqwI^1oNV|M6mP zegETe(*5`U|7}_Rce@?dFcCccw>#C!MDZ=u^s*;T%EpvMtBXv{(+_6hXuPENcfZKC zPWMU=k^c(?ze@|{|8Cv?Z@;&{*8d+R-9!Ih3;ta2FRk<6Z-H2^4D0lj(;W<0?c42D z^Ot}H@_+k9-T!-McYphPfB)yUg>^NUuOvAq0LE2*dOt6IgMIw8ZAFcD9EuKuQa*bxKLd9+N zh@*VR)$x@zZaHI|J5nt_Rg|3xl|3bAvUn*riOV`XJwEtw?0)=ya+Lk3dD}EcILTaL z+HiFI=D1W7S?IEA;S4fdBn|O+I5dg?yyHywT-D;Llst46#9+~QJkwOZ)#hc^5TP_ z1?zuzf4gq~+w1MF<3Bx0n)CjXc|mR7Lw}9eU}oYB&EACBwc_n>u#Pu*13t~&)_vwb z4KVw6CGUT3Z|~Lp|Mq%o`~Rb)+uncsyIFWi*x|{dN4$$4Or={zG-}+%E#ese@r} zvu9U29zO;|j8eJ)q2*Ky>QJQmMelO)I|q%hkN(eO&coG_5T{L_Z^79nlEvH@;nh+A zzD6XA+R(|1j8J`ctax7VcMGyBpquc@L>wpwQ(#;{DGq?EUMk>16l5^+oSTQW>%iX9 z^rEN`ThIzo5gN%>AHK885hk&hnuG%KqDL2qfX)eE#HL;Is_KVX7bWbv3IBv{^-|X7dOV3K zPa#fa9=SZ5c`iB(Bt@C0^`2~HZQVPBhq?beFMLOx@E15O2h_l;#5`txJB=GE zXtKkrS9JTD$rqNjsuk@)5aqUw}1=%i7>!8QPWvLkvCR>@*l4oI3DZ&G@clKz!?^ zdnM^s{m-qm*fufuqNp8+@E%&=qW%BwZe9QD?eDGQzdlOZaOV;u1P&hjW=OANPaazK z^7|YJP1k!eg|$p-*n~vPYuyZ5hc=c%UO`ere7ATe|+A8f8Z6BN@{*Pm=%nku@*M;-mY?5CWtP66ng1bW3A(g>yZlP@n5?_G|b5db|6*_56R7v;l`>y@*GAnn)#(#PI&) z0DjF!i(7HC5cebuOOf;Sl=8fd4fuHCj5}Fq?QZuIv|+ou-EDV&Zuh$0#>NI5=*nIj zj*V|jXqqh+^${}b!~>MUzzHR@8yR?}`dc2-AvF+wH}}-S;`~OVG_Y~6+cPh=4N5hJ zT)_We6vGY#JWhzBM%|h^^VVBF!4LuwN()hha-gMFjLlGyvnbWkSa1 zTBfD024Z{QDtaXlGsqTC&)L2Mk#K4!F^mZdBfUY+T}(`WEd3lJ){iXbf5ZGgJw7;k zd%UX2zi|F<_qsdX`uyMCUC;kVNgL(4YzDpwgKuW-NpAn}yzAl@%um;Fgfb8`F-!b+ zoODNwX?GQ{yld#U7baM$)OV0p*%3p$YS5N>4Er!f80wuQvS4bJ%F8hg#-kH!JJoOng>p*d}u z0w8q>t*k^;D!uD;m&;3p)VY?D&y9f)hDcN@aB~IdK0IB+U{wRp5O3}+j7pnFwv-uG zg>!J`va=#|zJ6Nu$Xnzm4Y|y7&epl#Km!pe16iu~%G0VxUekNyvuz&h<@dLj(mn8^hgh)zEA3j1$jhLW7vrZP0ly0IN+IW( z+q@I;>RQaxARK%J;^i;a-`eI|%8ZT|@exFeia*_S4TIP3etEwVv8RbQ^PqcUn|i@8 zB|(>T&l#=)g~v^rc*A#God}f3)Psmv5U=#Ueq)=j4dHGt^&O;Z81Mv{AMX zcO+$*c=mL2UYo_p%StLT(p!skZl$M~uHi5h0-4IYG0B`y2a_Ft$6rQ;uFlu&ZS$ta z&Jqmha0-N3uS>l#tG}H7HM+UtbPa=#pH{f3Ew)s*wW)_(R??i%qf{Le-&W?@avsFN z4bCT+uEFBmhaMcB{JsTyz3sPjE9;RoVG3fCv%RyRJkUnBS%*o-Uc+^T_6^ zrd+~9ka--UuhQ!krE3^eV*+v6hlsND>h8nQSOl^l3AeVH6E83Ry%O)s%?hV&IVQyX zHqEBCRPwtd-RfoDG9f9h;lzD|Kz}rQ344N;*Un<^tOm2Ml&)dm4hx+XtsMxeXh5QS zPTM&#TdQr(Bc9!Zl}Pxs)2fM=hibgFO(XNt_}p5LOJ{O9zA;?*)#ca;qdtg~ zDH>zPT}T-i;>}*kZ)$UC;>jniFt2*GwXri!odSGR#Ln>TtI4*_e~nR%(N4!~OC!fT zjl$ef_3-pa`f!RPBEkrz)brbT$G8g$=Fokz^Pkp-rtIEod|;_A%_SOVSaX@l?%IJw zCV-g_ze|L6TVBwlZ5&g~(dSr0&4AG%OnC~IgelEeUDP_(xVM%x@svncVv2%m<2!Ju z#XUVwjb+%n7)j4F?t`Yo&L>5h@R8272gBlwtUT`Y$PDztONS_xuScv`cmoAmQ;g^Y zC8R7w0fQh8JH~slV?0@h(}52kIK<=vAvR7zK{3`fE4<7jXA2U`L)1&w;KGc7%>CWD z+prJ@S}2nMV>D4d_`tQS#zc9!H<0!986z_X&jZ`M>x3Nm@V`72xu2C`z8v#QNE4t; z*YgHh>CaM;5oM#2tC0bod0i!f$6R4PX$9vB28P5H_avRi@Jg9e40{~awm4)g6?glKf^1dg z(-KZo8CifG5(Fq^o1|*Y%>V!D6oHuwsIs$Bw3`=jO>Jt18pERV{?Mx&WeP=riISj| znF7_!glE=W7tCVI#i)Sd5SkQbOj?2Ndu{k=&KvJMXgAEJb`#og0Er1bNdvdhb@OA^ ze}#;QW`M~>J%$4eA&X??!vULuxgn+bkz;JSX3sCNG(57EUtqvRh@s|aamr~rR$MQG z?0(tZyIHt-wR5j!+w1)088d3NHu-!od!uczX?tL=7uzW#?Mn@swWm1Z5b+TWjLTWp zJH?GJd6Go5P--%Qo=;12=9#>8==xBWV)^KYAzo%NKA{O~r~Mbqt5NhJgmm;PInWsj z)>>>L8&9z6TIT#4%~Kj$t1Sb~`Qx@DnwpxjnNWxmGdUc^smyMGYx)wMf9}Go>Lwd# zBnR-E`sl-@MpPr1gW9x8a#5#Rw&)_yuqtXRzPVV|XK$ifiC^p|NDc zVQyr3R8em|NM&qo0PKDHZyPtWXn(!?SIm*WB5{wklKe`ld-4H3w%Zdl55rFT;UEYi zdUqu8^Den1xw6&R_iw-8W1m`CvLibVDxzqtB{>|s75B8+iG6y;3zJ%E5H67i8A5TzpYDesU}@it{rktpiJ>~LuZB77AS z6^t9J2PhOBQVjFDjm1JLlZZ^)jKtW7_a_JNYu-X*1zk`kB)~q{k7bnPR4R-c>v7qK zh_dvmF*gx>LPM18(M0qi;A}`oegW8*W8Z%4OnM|r#-!H>Mqq?QqU+5p%^EAEv>os` z;S8DTL#Z%H=pQH~<*W~ro=1|T__^cn_+2kV83>vv^X)AUHNhpkPmsY0k7zK3gAp?I zOhTGSC6L4=_z>v%4r)vkWc~L55>v5#P9%n!5=!t0hFm}p@iYWR6rCU-n^3`7j7&*y z%yoCiN+q)2>5Qlvr{{ja;|@=dwH-jBG3k`LM+1#@R?8qGeMd7h0Hs7FI}smo*(vj4 zGV(5PddWp7`(7J#BMxgYjd*R47^H%#sW+DslBXg-1K^H``y;BnNyZ7oh;GmO*7NzU zsX_ivNR*;n;R3Kg{%`NU*saO`z25%LTK+#q5|~6ZAhHiT9!W#0UNePaLZUwGbh}=_ znN)&Mrv9Kjvg^bf8dKGW?XIoxi{SAg3C7rmA&DeoL^-5 zlX}Jn8Y55D83vq%1`}i&!VyNO@O^^9El>`CY4&iOvWqkN7xtm+MSS!ICm8kN^}Ao* zdl*x75XMyMxp_R%!YQk3vUL6GXBv|c>IG0>!X;H)OmlJ3iK!4=VA$5;z)Axn45|`c zkx?#?0g^O|tnBT>>)|`DP6SFVlx)@+1_E{SA3u2s4-cxV@E0R+31wQ$VW5`?I%5@Wm z5s~tpk(hQRZ3j^*m09blq5+9K05Tj>M%7eT)T>2!z!W{GeAEzeh(cg^lnTm5XTcc5 zG@@+udc=7C`S=Qh)GS`E8bI4XbkIJah>I+pB65z=8Acc=E~;4oMj1K2N(37I%X+?s zeu2~S8tcokmi2a=%@hZ)d0h12byK#Ln6vHJwl3``ujDG8@Q9D5ziB+Gyc~0>^m0`y ze~EN7R(i5;*QN+(laS{=Qvh#V2QG!DHD)|~!V8Qyo z)9dcl*8dkf-Tn3Y{}}1Zm(EY#@l`@t2x^R=B@ghS`P=B?zV}n-=EnQ-r41ntDMM(L zK3#-G=UngmVl?DiI`)5q`@hhVAl@ zViZas0mj(Uo(1AoZRxgD<{MRTNuvnP z5mLRCA`*x}-eG$ib#<{Sh3POSXqK51H7hf>z*1C?WC7_PrU(63%QLowXHE9><(nH07;m+9DPXNs^lWX}8y3z5r!G zl!i?*!iSq1Z;Vl_buH8BxfL8qOpV#Lj4g@L9n3G{efb?;6xhm23Dj z7mHLkK1&OU@@YzkU&%)^jjWgcr7MaPYQKx7aN1fKa z0958#>-M?wtrxL%x_7!&|07YvFEKPq=~vi;7TJGxUTjzOzwPeM-ridOdyG^zF6WG| zn!G!c-Z?7L^DZb0`*4_>gg&_PUW|%_L=nA*u}i_lOIaQ~o>rL5rbvWtN8~=}WNi7x z?%6i;+e>+1A)Fcr`A*x|j>@)z4LA$N7!zZi)@$z|A%euHP{@H*?7Y%Oo*kUL{$s~h zDR0>mp?CR;);IE|1NFVVnkLu>A_SS%a;U<%!4zOCNF^v68Do(cVYa7iyPtg^nbFF> zcv<6umtiyFeYnoyCnUHaBb*_4USN{h?LK~K#d6f@Lo7!(pWsUg#oXGYbv??GRQUoY z6fb>#{%;JFues&trR2xYpGvhQQB)coy#ES5jyMmkZo(l0R`A0&*nRx`3H~pblCMC| zKP4}z8b2?rUdA4`WuR=9+hSY+VbkY%o13M~SdKIb(yo2aTSd42>&MAIVXRee29%jW z1f~g#r_SC2M?cGOvlIAn(%OQL1y*{XZov$e&7J&Ipmy^R?4XRQ!!=9p&5~~|d7nnQ zb^R|LscOl@+6fOcJG8ZfFQpYMI{)9v%l!!t&m7C`c}8Wm zuelEZEOlJrruB*7LmJ^bv;4!epPqTnvhQG#BNs{Y z)Q8p-Wy|D`QBXxjXhAk?>Yh1^t@&On<+h{Ga)qcqm2!>9(BeeU35{@s$1)&xeaKFx z0EY5c!PCSUhzT2Et~bQwst@~ndpmoXF`BYI^lZsA!alrBr8-U7f%L2;n+gn%1Wyi0 zLe6PKGkvEG2XEf!GP>;V65Xjv4ahsrPB~Ye=JOlM(yMYQQ{sSWg-E7J5@C!?k;ot~ zzaIMukJ30p)_P&QC5ic!2(H&f49zcl;${8}`6as~B0M;Gy_WZl>2C60+QCnPfTwI} zAF&1Uzq{A%)#ZP8f9?PED5>ULWM#gSaR-*o6@mY^kYDEcz_(`LSEi-s ze;QKN4l#-NRLk|dn1dF~|NUA0Z)baL|9PBLp8q6CWG5E_M>(&*kpOT$D(xg94Etb5 zVBxsZAS7}Z4p;gc%Mpjda&jco2MdR+o>8;PJ}${(b)Jl` zGzyNb6&J^Xg|=G6N9_nFSgDb@7S;DBe?m4X=UZ`m^8V=ayMwpKXD0`T$0fU?@yOE@t6JjCVZbR4>-PDY z7F^9Vl}?Bn_j57g=Q4dRM)yZ%UVC{l>#SN67jqAiwb&@J)l~KiKQp+w>Ca>H{cgIs2u7!WUCzI<6WUt1uk1Px^MI7sn;M}7EkcrqVa1)&VuEdI^V1d@>6 znL4`GbRlsHw@1Cc)t5IjXZ^ekT!UNJdfoCw&#ZWdoGHAjptIO+m8GC&YARAFcvAh+ z)^JN-bYI`IXnM-I`h`ZAEli~)!4yl`fwPjq&p-cM&v9m}=4!^+Wqd%h0IKK zixu=M=>>&{^gIw*iN@+>uh+Q{N`)GMI4@5SzV|NkiI``Q1`j=Qki1d980wpP$eYCRj=~)Tp zFl$M6tt|x)XepS>nx&cZ&8-EsTV`{wpTXB$L0fnUZNW9Pr*#pn`5M|?FQV12qQUBI zH+n1c>gDe4&O)O>VZq3}=H^*3s#ih3%It$z7$>Toi||)X&khvD3rk3y{A-iP678)` z9;-2Vl&4b$#0^MureA`!wB=)MN3rJJ>OJbUO{LMMlDY4^)k{NVsG6n2PJQ!OjGP$- z`fCIFm6jLUY-SntRrZ@%a9?A~nT7TZ>^ieZ+}p;pB&dhA_mqcSN#kf3Q`TXuJZapL z@|K6#hu!V6WU_^4aH~qwwt@ex_x8)AW$izi(MRwIvn%`h?`8Zz7Ty1TvA0wA|9a6~ z+kYM4p5KCslRI)4L) zvGUyTL>k%Wq)0*w*VndlZ>~H>k$s$?ICmdL&T%!O(*AL2URIldMiPow3YpngIxfwE z4^pXkoP9J`PN`W_s*M`vp>>!wPwq6MlDJ3S+K?t;R$&f)O;4va;AcubF>E^dnRNqS zW?F4(%N_X7Uf^29{RilJoI1nQQ$WUEFetVCj^rNQ4eNXj!}{eDiZv#svVk9#n@^$l zbFNo54n#ME@+wanxz3O>64Ad<)bMOTZt(>ADonm^?&gLhXG$oqfeS}%@vK>{3|fhj z=GMGg2Z|c5LZ$r5dEU7G-%I~nR`GLb(fzOPix+kO-<@uEt^Yknx}*NLR{Z8Fe#@Tg z%~KG~V_-E2VeQ#-1wqm*%bOtCZR_L6ly&-k(tYIrIc1?<=1OJ&_o;bNSSbH{_4^+$ z_SW}59w*&@|Nq~X<$t%^VGR?((|@~DtxOc(LQOAw;-qX$S+u&y)I9xQ7LLYCdVlwe zZ0mHd^fmH-q2PCEq5R*i`~U6t_SgFVqojN2|7*dY3;v~b{`)Nu>y=@h9yr~>fYrX; zUNwISSRntmU)24-cXs!;zxVflZd+JagZWC5a{^#o<)`=a;y2jGPfPCNw^&PSj|k1c zI;>bm*9N6!ZOHDc5%xhukts__OO=59cgn&D`*1jV^~x)`RAkN#GcA_=7HIC^R$INIjjEuL_kG4SWjp3OS6&-l?g-`V2H#46Wl)+$uo zW{)_^cU&D`S>u*7#50GnNZnNawdzHVw1S6!_(t~56AAu?Yne&t=455l&RQ`Iu^f7$(CgMU-o+LRX` z1T9$qyZhU9``=z~cOC!fQPQ0EpUewt^B($ZyaqE9XK3~&%&rx0e}i?r$s6!#?zZkT z|7n2PzbkqFb9;NQ?*F&fTigF1CEfP^+uzN?GpnlH?WSga4WsQY5@gpd?DO80yBO6g zo9m0T72bU7N%1#Ix61$Q!B{)@?;QbRf&AaueNp%S?(VPSe?CrnxcCp%!E?U|5T_1? zz0ICo>3IAY5HU*W0)&=REvQ40>KDDs#qS(6!an*xlQ|DpM?#!7eZB=}n@AROV}w^r z0eFZ=7PX<17a5`Y>{#)<;O`b>S3o!6m5De|4yM4kf>Im+SG`ogg(%2igY)^5e}U679EYi{l!I*Nh?WYP1FPq*_$K@ly46crpX>1? zraXl>m3idyZ05N*5f0L)hL99xp4NM^m9=&65FY0K^StmKb;4iZv>Z?auM+c^`Rz1r zsG!LXuU_f7U&`HpkegXx%&0(zl{pSnnoJvyEZhPv^e4gq<3vqo1x4Oi1Z#Cn)k^%9p zm+qCMTlGJ;(qh}h+>4@iAi{fSfs6M4ySsJ$ueZOqj{o{7X~UgMj1)YNkiqka^NTcr z)@{xpEohZ|*ILlh|7~tU*F*!{FeeuO81j@E85Yt&l`gF{?A_nV2EHjy-v3 z*~{;9AT(X?$rRR3p{kzn@XVCF9ohm7xHGH!t^~Ub*ezI^$Qj_5!*=*uiFM}_rIK_A zV;4<|Ozt`kKz$SM~CWx|a!j;`XuuAbwNi@d1LGl6_< zJmXdt&GOdnm41BdDf*zPLH_$=jADCswwg8;o&W6h>hZt#dfV&xACHnY;DjiJf=N&u zEZ5<3j110G8ku?JHfGZIHsFJvM>0)}sT1TFqXnseLIcfvw% z0~n6XVgk<-fkS$QAzV^5hX2^~;XR9{z?rG3QGx^oM3kZL`A27;&lDHvZGa0}{Kw%L zgj7h+A5qmY|95Bp{`p^`WB#9g7>_#of7wqtVVwfdISKTNH>43t?QI8Km9*%1O6a_@>Ig>qhsm$F5Zym(-29=mJ|Hn-=jv@F#iw#=iuG1$8X;M>c`nY`V8yoQP#2I(8(AwSZCuqZVce~r}{@m_$y^W0xIM9{7 zHXIw@n9wv^Eb1d<)`T{BG{4g~j=eMrmNOb>^+Ne1ahaB9s=Q2<1RaA#;|K6*|S(6w}$+)@cC7Z_9*? z&$UcTT@A$cz*Y20AZCy)o}ROP2O{CrPGT4n7Djr5oV%Eq{#g1sM64fK&i{t_e|mgy z^!9jFlYim--|lsHy7l?Ly}O?OkCHaZbJ+}h69(VR+LPS=;d$4^FPNXM;Rt0QXkwQ5 z?>Om>7}M@5V0qWjZ!b)+RH^SEt+FGAc-5dS^BDGFj4;$YNo2v)DwUUG8jNjqpb|v- z9gN9q80>VrgB1buu3>%znsTF>dNH}8aT>!0@S&qx5!%MYU>16bS{1uQM!h~ z_9}^2i@Yw=gPg9@$c6 zSQXB}naj?K(0TZ@>XEm|Pa1NW=bWu`zkvoKQU-VytrH&AFOTYtwGhn&_oT zX`d4*xyi2xzm=y|kG!V$#%J3+*30j2FQt3nMGvuJ16JC#8j+VlD=)@RLjpbs@k$}* zn%le+@#u+uIEoDZ>i}(nlMa7?Px`x5)cfY(}iP+P`n|aW^u}!^T zn3AANy5|g6fx_b^O}ybdu1*9>Wa_JkSP-xDzJ6nyuMOdDFZCUyYZ&kZndLnhAycJm z5_cqJnRxbeb6%Up$jeG9GSXX%bZ(`mn6BY46#|*cyD`a}PY077f5%@&g|5!m>}~U= z#?BH9=x_>zS+7gIF{{6v{t(??n4g_Pk!Hmz25d)x|Q`vnlJ^i$=Tl9e@kzL%q(S!7QMd=y_)tEqB_93Dyy}J8wG!}s@NW!gc=ETd3f3L**avZE56~ zr%{+Ysve#mNgqyeL_`>&lzM&}?-+MM!5q3zcK*})(3IU3ZHEEB#q2GNNo$ay2r*Gq0;e@R%#iC#~RI!N8EX;+~}Q7+xuJ>H(y>%sBUI2|=p- z@6nZUo$iqu{J%(&w6$o7aYa60i|&8#?DgvY-#gpu`#+D8Hge~|s$Zv*)w!5HClW*8 z!=YWiO8%f9s}(;zA1jr}ey1~{YMh??0gpR8LDse=({|lv+ED_r6BDg!cdX1R}-LF`>b=cnEe>?Ko+REQEzb5IoXHKWZS>$ zAnWjixGAAA-1Id$uw;Nqxfm5t972=Aj7cldeXk84&3WUU2knO0)NVo>4j?h1Cu!g|x^8~V z`mc}?(F`!TsK;=CA!L!Pd^liJFgK($KXQys*X;QvmWD^R@(T>O2r<+gElxR2$BOG^ zklio4dp8R=uXgUWY@bc{PfD4Iv%Dc zVQyr3R8em|NM&qo0PGxVZzH$yKKoY;oDbIm)=Kg-&^O0E1V)oP!@dhp6a_*pM_Sfg za>IvxYSI5*47qx(_95NbzBJK%u|y7s!`YePJk~Nyr5T#ulsSArEYS2)!~0hmGcK92 zT)z2w7z_r3^V8GtcQ6=K{|?U1FWwAKE>6ylhsPJ^$8QG1v$NsJ8yGyp-kspBW9H4^ ztM{rN?*9asQra;mw6dcEfRs5V^)yMDa}pDw`zabHCIa~gN?oZ%!_Ng8k)v`-*1$4OiBwbL%6!TwlLAAhEQ_Qx`mq+I09A_Qlvq&2aod|Pm*CW91IS=^b;TZS){lN+1cx)U zZ*qywnZ*P7%xlc39SsVmd z^JR@vn(u@P|~xCe~;l}{Hr*toNv zfXjphgM~p$7X}faVWvQj|Anbb;2sSvB$;{1iOWYc4h*Jxs>Ht+)GRn1wh7M4flv;O zVv+>q@d%jWkh2*WB)Z_$3Wb1T6Zlyh1feE+1etS%9rgQD;pY0E>OA*KxLH4Fu^4-& zjqP)MMA^4u+G8fogu~Q%gMC(rUSL)Q^-psC-P~u|w=1HHSA=y&sOe%js8^$WNzdpZ zvT|AEekph(i>&Llp z^yGf?XdTHufvaHcFh=kNXAXG+Hwvy;j`E6Gd~xxTByEpG*Dc^xC$)|kCA1ixdxqL4 z5$)-|z;sQ~Ia*;zF&%SA>b&A7nk_4^#ax=L57lnzO*9p<-9?N9_&JrHOsqmcILvL8 zYBLiN0x^z!;dE-T8i}{aeiMNi!)7(}h0!Tm`}$kgszUoRgN%~~Y%tXE_!jHH8J0eT zpt>T1#-~IIX5T3`mdNYm5P2PIEs<4~qVb4!rqUhHKugH!JbXX*Fm{(y%vAb8$ywbA z)`Rj1D6M*!7jAY0TFDt8c?z_kRrFeP4a1X=lH8EN7j_cmN;bPI&k_qp|l`@BVc*4V$4RtNlW$1Lua54V@_BwQ9o z%j4Xmqr?4rDdn&9A*{kjG&7e8HBDYlU)MM$qmC>sWgcQago&0?KatP)ku0bT7b&o5 zB;74c=r+hL57~Xt9SC(A=+?A443&U%_$waIBI;Xce4zOI@h$a1nq$t}t}rbitp#d& zY$^C{i_~iNs|+oZ)*+Kc#)iwWz*4VFKv$*#;=Utr#$z0C+OR2>Bi|zb-=_X!onb<` zLh~r{U5h~-^`Eoh;H*;rxwtq!+t+_y1OE8+pQ`qvP2z|4YEUgseKn}u;a2nLZ8l3o zRgAhi(I%gpg`q0W^HzzfTsD`CHhJ9_koEBxai z92y`kxVpQBCq_q>NHf~Is6JltfN~VA(fDGan@`N8S#8W%6OE#pXo^p&M{X{VpfTEP zWEu^*-kRjz(aIGAAuAJVDlyW8l=*4q;3*RlfpJa;S`$@6rJ_CmNj1m%xW6MrmpZLY z)VErkqqP*Z?!J}`UzobGRWF>SX1Lt!If`|nK@)12otxf|sL<3(YNAcf+=x{4{Ir%V zDettBMbX1tjf_^9t5>oXan>Jmr_?2ec1@YfeD-&lxa{FsV2Au~KDP6_03G??`SHnl zHUB$19_;hK*MOJE|6U?}TPS3*{M4GiHKDbpa39M>4Y}EZX7qt|{rnPhB{RE{-nwuN zSU+CG@}ts?hA*rMyO zRiB{hkLsbdeZIqPU0rz!1yA;MR6N3TLSdUbcbWt)`yplAg%GgT=}UG=*WJNQUTEW(awE9&3J!DjfQRG_4NhYsgn`Sl)1PZDCbQ@x$j*htx3!%7 zp}MfJ=s$G5a`EZrIyzS(6m!!|OK#^$?9Fv~UmSr@sr2E^flr@qu5AMF1E$PdgeL^9 z)msN2-v9J>ppk%a6lG526)-8{trd?ER>!vx!pNllIpx)qEVdH3xsXo t8N`0htV7c;So*-GX#1Pw{+jHKcMp5m!ycXw{uclM|NmOhP4NIq005R9+-(2= literal 0 HcmV?d00001 diff --git a/released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.1.101.tgz b/released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.1.101.tgz new file mode 100644 index 0000000000000000000000000000000000000000..9ac972e5e8e442fc982058dd4154d9cacce4b3bd GIT binary patch literal 2439 zcmV;233&D&iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PGxHbK5pD&;AuV?n7QIT8b>Yqc_*ibUfE49y{sGy%i!>BF-Sd z0-zn;&HeYA1*k8IUrKDJ*K%Jh;bV8P++FMkEyGltpcyQf!w19+%^)`X^eSP-MN5{- zH{TA!;c$3gk=7d&udIS(N$E03FF>_90B=l*F#)-K=K7~S8DwpAx42?)pIVPuY>`acw zl?xNWIjY7bilt~X7ULAc;I?+!rFEEA?lUNnSsc**HMb?rK4O{p4UH9AP2q8L#L>n^ zWX^xTQPwdjEw}{X>h9XYT$>6+(NQA_x6E(~EX$;by=adfR}{z5C>jk%N8kIguc5~N z9j2LN4((~I)m$tFac-SX4O*R>7&*>`5_GgKKBC3`FV072yY~NXGMv2Y?f*4k+ZNW*8Hyh0%GoT3cEZ5ET>)8TfU6Knm;ru{HRMu+C3pGB@N13;KS{ zCfc|U8*GDOHcSe&$R#t=&7h4n`H>GRZ^(}T9+?!}%O>E^8LG?Mo8QLwae^reg8(~T zEwBb6xV5m*J2v`SFbJ2oH^tt}=!|^+icNwoEm@D1sJtaM!W!`I0Rz3_=^_UkDC;@6 zL|8DG8MJg^5CR%z3iRw>7`q7W(a=VcSuQzo`H04W!B{Vp`1cx{1*bh3@2ngM<ajNzdpZ zvSM4{eD^;O+n?c4&1NIndd3@`A;0%i& zd{AAILG4o_1+(uJn@QwVatOT6w3f)qN>O`6yHxRkXP_x`yFNNJ(zUV2Hbs(`}&PI>92(^e_PG5I8CZi54ZDj6aK7_fJQa_Q;_?axI2p1`^ zsYTr`OlUXAj)!bN=mCgY4YV_^7DFW<9sY*LvyS@K8t*awd3;NCkmi`nZCjY;7wrUU zdS)s3ZHm+?=#_>xN$ZHoEMcR~m}hBFB%oW<0Dkdqe`3wCI__@?(WQ;6i^@<`$0r z6ZChc-s(Mz__{Y*DpUGKgk8`EsL#Ixbh4!8T>Jn;jd^)zJoPzxfSOEw zHCdOhZ_{t^2+fMWpTP&%xrrI%O8k){2u}CVT%cLkt~1TSCCtH-(GJ%=^}PJ%$~H5# z(rPaf1ZXN1Y!j*~7_-5+P<*x^6(Y;|G|CWw*K$YUX1PUpLf~4x zb@1`SFaHD@@heV(%n7{$CPlcl!ZG~r@D_rn9J7o(o%I4!&R<{&%8Weq1A@&>!5ty? zvpxg@u7TX}0-gU~Lg_tmw+Gy}s=q(f`Xte$Q!)Sa~{{4sHxc~i! zSAieue#GDs?!pAb2{SI(zS#SLgxn&B*|PFS62AA@dg!5t9(t&U{{;X5|NrbrcR>J3 F00631!+!t( literal 0 HcmV?d00001 diff --git a/released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.2.101.tgz b/released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.2.101.tgz new file mode 100644 index 0000000000000000000000000000000000000000..46e06d282f6da1f2746ed708100a131b0a54d3fa GIT binary patch literal 3693 zcmV-z4wCU7iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI}rbK^FWpU?U$x-_}c-Ihg3mLDlq-3P~>P5CY}7sJ~bS@n|%=8~y8sBnkIJl*1*_c#9aL9QraC zorgqfZ$%>Z=C{*$JRYAM9ofI*@wobTe0*~HW->iJJwBcsPfw?B#*^dY!|59sKf&6a zlqgN)oAGa6tGc=02@%ePCYlPaW<3C(Xu`zO^NH3BJt{^%N=+9OgBhf{Qritb$0%up zToX2fzLp90YdeNC2#~jS;Uq#86CY>b8jISgR!U=3J5C})qHt)&=iF8_yGLUB6G}w| zpTXUv7ohSbjkW#%k}FLZQ=mhH^Xm%*3n6PJ@_MaH=v9m}AaTs7Z$;a?%T}Cvhu&m7 z>Am)A&#A%w?+8m!J&^`iw|~J0dBWGgP1j%n@Ru6b3-K7O)bD1dUP5h(_i0 zdP^qegr)vRGc=z7oTaDiUE`7}Emt$>_j^4Wk)`b=F&2tyVIHJhk8YDW`kM6sG+7!W z_a@(ZCtr`reO1(8|M}Y){SqRJQ7TWzk97r|_CG!<+yCKsGTxv6FG6qOIz82UU%m_> zzy;+9eP?^W1kU(=k*W3dVfgT1JJJPsKejl)aY4U zu#GD5eZ&BRo{G^oi)J?97${1@P^UBu75Cb@Uw~{?`x)gO_3_O2MZ)!mhLs}1$#q^ zRQ?RWg=2=rOlB=7hzAc3W;3btw`09^90v~%vyI1^EHgP3R=i3WyRt8F2A7KuLSIQ# z$aSHgFQSO>U{+`v!e~x;Axd07FpzCkY8fudBT@S!U+@K8j(i!IS3no2T&ASZ^G>iN z!uRIwsp8s2L9R!aI+&Q21RptDRbG~($jo^~bT}(A)5}I0XQnfmeB^&6lqE8o!*P`} z)XIvR_dSV=>^JFrK6*GD_MX6_I0JoYk0Nos@Qb>P!m7Vhmq9tz=PhnSVkGWxxS*Uc z`YX!4^Z5FlN1NME)&CFb_DlBndwg}T?)P6iirv#=sT2Q|RQ+*lbk=`P$JPAL;mLT9 z|6YPBz?Yc!o>P9 zWQ(G96T!cMQyw7KaFiWbCKS$QOA}RJW6rA6{^gwb&zt|5jt{H#-_z;IzW(zfRJ4El zs!5_lA?dFcDtWixDvydaf;(r4(kQP5!)<*-3OKq!THaYE%tR|Dq^93Xk;HbG{TDxL zQN+i<9w3nYKEuyT^CbX%AeLa9XlyfzMp9e0FF*tz161Djg8>DJJxL|Pb z_tNt4^T0vB!QV>@+V&vBQML<3Wjm!y8TxsUC@hV%4$-mOEQTtW-tF~#M|nW`@)_Tf zV0euS(>D`T3y(d3O%3YiNG0=sqOYwsxbZh7pu5$kwmFrm!p=onS#LLSK2`prQ74>M zj_xLN)Ffm1N(48lN;*jJ+FWOeidfP+%5aIn3>JhbqXC35aetLPc&B{Ah`WuE^$3O1 zA5h;5d0TG0ygDy8TwPwQ8`hZ$%c5~AGZ?&2l)f&cHwHZbg+EZ9d@l8~ea`sGK2PG9 zp}X6%_D7pj4qU4VFbZHRqI?FE98E>!^9)XokEh2yfQ52)^F-5S2-0lKhA0+{uSHS< zf-sjl+eU#~PI4@;L0yVUkc zqhYsVF*{}(7*+cJ3ynX}G?gB+L=u*-@5*(dkop5D1Ym_EzM_1YFd}E`M&*kbXOM^8 zfr;PDX9`7^S9I zDnjO3QYZ_QRv8#JT%Yt7nOiS?yBL6SD~ko_kSdTEySk0tj%g+wgoS&aMO`SBky*k5 z!{r@H4HA8^Z=77>DIbrTL>j4lRKtxs`(aZ}8FU*kMafbIoB2c~% zGYGYg)oe6cQl06)FQO>nRIf%>i|IVkLaI@KcgRMHE{8<=A=T*XMB<3VbZD97R{gyw zc$;Sn1_jZ%E8e)d^nOsp~i)flPjtj$a~vXccE_25d0Y@%r*{pe6Bd^D7wz88p5nqhRVCCv%2Dog5smb0HX# zs!}v=QLVVY;~vZq<8*Gn%{+|SWfv>%+iG{s4$5E3SpXM&h*7Lp2Ov0G0UA$%3Iumv z%N)aSPZ=|ANTU1RP4;brk5^|kOSEWFyM-89u9G%()TxAv#F0vW@pe?_I$Oh{(DapBN%Lp}IT=n(peLfN;0Lf@VueTWie4>WTM z*ss1lwf+Q2)S^Bm_Rp9Sw!b}N^0VdR)tReNn$~nXH>l0#{&B|GKgI&0rr&6FM=E?-WZIN2ddX=U%Xq^xihh(yD zOAC7rfEFIROPUxI?sq9Iq`gCDTV4bIZ<+s5S`x~2ECMI>osvP_-~Tu+=YOW->13b( zeG&TO=YOiIi^_8!+Ot8med@D8=?YgOaNcG!HB{|UmnYifb2Bki?enx*qAHioDWgqZ z_X(tZ0%@N>+95Wn8r!ykO0BbLHoVmRrlUSxUbI598!cp}2J2Dq>GHze(@>CDg9*?G z6aq;X`T$hohd>nEhsc2x2Zlt!9FZHlvp22+APbEWj24_Gk^nM53MgBs{QP z4xBa0B+hm7o@hU;jTvjAQRE9@f|Kf&n-e4`rH~s)qXFxcB=^pYEEtHfGRl_>-JIZ) zWEpC>4=F<+L0~pi5>-Q{q8oa#sCHVTyvquTGB2|j85NkTSF#py)^Bqs z=;A`VCghSm{VIXWo}Pqu!++Ve@ZIhLbl|^}$>~uQ|4sJa|9=^J4*d5V@NNBbLF-Sg z_^qj1D}?(o9n^r$@;TSIE4|KaZ;8%JH_`JT5WYNYkIDAnX%C+M^x&ydeQ(4yawDK? ztvFVu-DV6x$zSX~7`CV>Y*huQ-X5x_*5ddMt98}rVVk-{b3Jg&DLP~Pnn#+*C04(E z{m9!8jLu)-{)5D&coZ&kTYtpRow3xGIgcjk&R17r!y+DcU!@kXw@$dtw2qq5wWF;p zsU2zWFi|V&-g=&91n#H-hi4C)(0FnE7LU-b_?!6LQRyTmkZ}611c3(T99mG6d1g8m zfxD-EFNMauVxCm*r4*TIlvZ~Nz)@Qwptw+7I-o;nP2x&(Y1`(to*n=1T<&yVNP2DT zv!}=6|J~}qUG?ATN#*w+ribI>!#)0g3HsC2e>YV3+3LVq5}~^uywS6zE?mRE^QkrU z;f=n}QYYTvzO!Cjvxj}%c%S;%r#@OR)V9XAWBs_^Ni`cH{HE&YxeZv)uP?SNlLm=Z zw3tZq^Zq?%*Dc zVQyr3R8em|NM&qo0PI}rZ`-)C?`QuN19vZc??Eifd39mne#j<0i`?5skhBXNEDm~T zX>9R?BDExy)Z5Mfen3)^C0VlUG>>-I^Cb?&$8a<=oZk#>Nq7*U9L|ZxYs3WQFp%Ns zG$K-a3lg&zUr)a8`^Sfe_OI{z^}qhn`1r;6(BJp{^FAdBu15x04LxY%SxvfN@LtOP9j61aA?LCOw<&%M-uuAN<{^qz|FW9q6#EUwEh2_ zD@_k2yU-#@I{|Gw`Z?eFaWDd;6!W~X}Z%augnwYcJ1;<~$falQR zI}#(@-3^OBc7>ezqCz?s@=>Opz&f#FHdxn6U>?gCzj{2wCi@XcP%? z-Jd`rlpazS*zdXj(qt}4h}nNqFg7K@_3G$hhzvCj6TxV(=uf~lsx$}?LkxQ=!N4q< z+kj)BED1xM(lAus>)QPSb-vtF(# zQ+}e}34SSro`8X8)khx{$_b1Od~vOT;F?g5vc&i>+ppW5aS^I`2H?Um!(uM8H7AG% zcXwtpne(?}y=5E+cXyMO$C}J@Ih9ttNEy4ZFL46rvv)#YNL0vmsb3)CnDB5?Y8t|5 zN_iXQ*7Jq}209ur$WE=IyES+GRm5M^`$S zn3ja^Ia}0TmZR9rc|mkEDKpc{M;d3QbD6y7eYm;2KX(+nqx(`P{;R0^{nqHL|Ge_+`Jes$S3CUo6jZC5xH#=JcLEzl zYb77DNxYU%x8g@9@Q3v|U%m|Chai;_xxNZSf-w1C@NA}M`B;X^H2=5vcgj$CKQl1} z=$Gdl{q1jd+W!AkhDyTc2tOo5M|<$YCo@SlUAfmS)lrR!DHv|*8#2Jr4bqCvGG!)OF(EbmS&B5V!|cEKStB>xs*E*T15zTD0cO2| zRA~|CjW(f8E$r(7+@PGQ3H&;6d5pmx4CbiKpTrr!s-T+f?bxQhH<115o&e^7M11pY3zP7xsCYBn)HZny{rmTAgy>T1|ja z0$VZV6Brk0Dkh&NaC~%haMS~sDQ7niG+mA$&BknqV!`-QBo!bygh2uJ26>CZK%yRe zGvUdO9+_I=zsuJrXK!D7arh8xbm718!D0RWk3Zhk|DS|jw%v9+$u9;#V0=30h-jcI zH|bJ^AxsyIx9OgHZ#(Ly7W=ONX?IKv+XCxObl744ua3v{`#(pA{=v@vpMuK4WD~xs zg_fsQ2QD)mI4g9Z5@D{C+5*9~6pR@?L+)LtQ=F!hg(&R`Ma=Dc2cBqZpCtT%r-Ep^#7L{ z-_R_Tp0HFBR;=&Jb&-(z9VrE1r6j(he4a8QC(A|^hy*84gx#Tu;0U9ki;wLvksv?0 zIRE9~Du^&HDvg!v&yF>q&TG4l_L`^pH)9Y^F3z*Di4+M+O|ephEVQIl7O1Q;Fl@L! z*)1}+UiNk|1m#v1Gtd!LATe=u8@nCTOgIP&_dJWbP%0y{l!b=N8^R5lQIKGRv*{dvW-($QBGrqH}l2m6isg z=Z#jqTIFl>%w4^8!yNxhF`6bLiObhlABseS6Sb4-va4DO*a(O68A{i4CPi##K^`W8 za_y9aQREs_I*q9|Z|=7gl{T{X;M7_>OcBx~BpO2x&N-Zt7}=>ojgKu}BS|$hqU#oL zy&%8r=pnCP*L;{6_rLYHPL9)`LtZ3YqKne;dBs9Y6ZWBB~$54#n^6v z(E&dPEHx%pn}BMJRejcWCLGzxLJSM1)7YzZ@-?zw?Led?i-zZk6agyr^h-CY!unwb zaT^U-VW{Kv72`ll5?mKoGDqGR7`4qV7Cf-k?uH#yzr8a9F8C1RL@)M0aJB$6o&psJ?!1;chT)bnX55fO_XVB& z+XnA1P8yb2qebg2#L#@1v}vMFC0up&TTgJadK_;##~N*iwT99N1Gi8h zV>r#PsIr;~$&5EH9a?Uv2R{iNK|fU}`!-PM+f$?uajNWrW=;Y7)whS%pD>Nrs85Cc z6Q+diZ_k+GY8>4nCEoE+F zK7^TIOxzluVbh*jxM%{K)~UON3Ec*{;U>E`y2V7D2D9p%>O7Y3FSHwp_BSn$)N7Rh&`j8=KwC6IOrq+J4Oi`b-Y zY?}rujn1as@G|$Cjrw?gwicRQX(4kpSdM~^=V$JohJw@@Oo&FH5K21Jd!W)F0;1qH zLJp)nFd_=3h}_tny>S%+nQ4?@wBYpe3~q_auHT0sQti|y<)Q7e=d4ktNuis!LU4JL$jfZ zs9G`=>+w$@LTrxvJ3@3Of<~ae(cl=B%6@-g%dy7rsccGH4eeeUnzO|oB3VaUG@*gn z-1L4%jcnOJFlTA^D@hkQHi-`C0irT=51~TU0i6_hFtQe-z0F^ z(Sy)-_%FW}zTI7b4*YjKesx&KfBx?K|4&1Yf&U%@zAb+)X!&U^erxNt7Q%hV2DMA-&=8wTnXsbRvc^7ZZZa-;xD!z z3>(xGHmU;DZx1!o+T!>Yt98}rVUxNAaS!AXY5xRTow^C>P#?4;Ta5x%NAdTImK)626B%cNmy6)hpsJl%sp#0h2g zBkExFChM+B`j}PHsyjH36CpL>dIFazhki`1v2VPg#JPh?Xt~TP{jmt?Y~g%_v2)6B z(8$T3stUXODbTJf7az~hoO3l3IrJI{7OEWPo}Xps#U4-|u+-ih`1tYsOnCr5VL(!a zaElNMKG5*~-J5@aX|X-_oXpMi90;TC)NfuW0Da9M AdH?_b literal 0 HcmV?d00001 diff --git a/released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.3.001.tgz b/released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.3.001.tgz new file mode 100755 index 0000000000000000000000000000000000000000..91bf8e91823978aee7d6509e10efdda6e1129388 GIT binary patch literal 3682 zcmV-o4xRBIiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI}rZ{s+U@6Y}#3hp`hZV}6Jo(lu_A(QkDa@UU_=^kJ)SoG3T z+2V#GwIr3ar#Jumf}|u%vSiumJi2FHU*b@F6iZdb`c=`Ega;AI;hbo^K}=8%0~wCa zA|kc7ATfLO?d1Eue|&go|N6dP|LY%(k6(=s{X>7ezd!a*Uissr!{ftO;6K9Jos=p~ zCVKk}w)riS=&t6%V`v&-cf@mwubuQ;YrI5|*NR zBnQxC{|86=b^AZr_jmUH9P}E_aYj<6!M*Yp(=bZm^kW*-P_?z$e3u2 zAScp`D#yDX_qw;#aITKUDGXJ9)noj`E zC1mVf;hZWh7Zd3Bdp#PHx$Pw}5sGSI9%NjPZqg|Rn)LuQnHz85?fc&T4``duK`r)Q zyq(eK2w8$sc{+KhE9kU;|FCNR`@Vm)zq9}6px1Dfo$9@>UxyIljBa_oVi0QY+ z0Uh>#H1_N9|H;A8@y`CAgUWI9l;|KD-Hv-Vl!p`eKQZmas7XjPF=wp{j=z2d&!NNj zBu2Qu9|jVM#;ijY;G14oE^fE|Y%|>7_W&4~B2(^&CrQ#UV-KJPO91*2ve;A6C=%kP zKY>IjJ)|zM-*f+^$y|~Uv;U-EY)XQg)zQNc8EPCRg3(~npMY&tX%HZW81__xfmt-S z0mndD5{5dZVW_;czixNNMX2H#fD6YAi@D6!oFE?D z-3&fkvpmT?^1-%nN^YckK}R9f*eW$emm$QqNn#(iq>Fx2MW$mj$^TUFl$A zS`vQXY*Bkzj$$+CCDGBO%uFvIX`GqPW%7alg;18td=AG|!O&V(+`R8dQf9wR=Zn$9 z;js4z9>p2xb9)qt%Y~oSWt3L^L0tyrRG+PJ8xmu2i^Cb^gwfwo?wrT>=RDTA{Y?G; zpl-ine?Q`@dvU-2(oyV=9!j0~ucGP?Tcfl7bK=+YKl}S9JN)+?RI8h~IPENV0vknZ zB_Fa$yp~V5;zuX&FY9x@ejUP3K`JG3eI1AdVe-G=*-X#!u?&@I{%`Lul%eu|VPXo< zFV8vp)1U0L{r{;9m4wd`eoBar_TZ<_W|C~Wa<4n8qZ$*-$B-|I+D!!i0#12|T*G00 zV3|-jpDjyNeUCY-PWzWr5u&)Pji*l+a@Y}%UF$Q}un4>m-5`$FD2Nw(u{#IEYej7OGH~3p+LE9eY zILdaRsBEWfDMP;vQiYX~)*(7}+r>}^)7!nCpD7P1pFiPS5)7|!X8PuWTEk-xU{!;< zIa2BL9~fw>4Q~8(1?XmNJ}UIDr{q%4h&#Ox#`O58kMNFygLl5V}TK;c`;(=U~Nw$CYF*ym}IFpQCF!j}GMb;^NjH33Em zY{isMU|gW7n0%SQ@zK%2Q4e6IoZURqbUA`F8?zyb1>;MRRDj?R1_js~rhDnV?Wmht?7sq}-7zt23#>cQVTb*n9FObwe~u3QgPr|92bF`#CVW*3 zEzhhDTxB|NUg$t2!dxk}1%hiS7&Cf?+`CDqI87-FQQ8%XnA`UbJm02<&<_7dV^o^N z$pm=HSS{!*xf&IX@>r+8K-Dk8T&KFqbAP?ckRmLdJM7ZfCyR#NiskH>ZD3UC|1UMZ zrCBOHVW}jnSl^ZFA|dsAQVPIINqj~5JY_^qmW?V92~MC0yF(Mf5k^B7AKPIfL4JC9 z@$12L5Mf+Y8Y|bI9cw_H*LEH4HBa+z#vq(tUSwkvDH4>LVxNa zTV!s%?CoL*%B?JBpd+e4V&dvHb~~n-a1a*mc@}k{R7Peg3k{dIC^bk7#GKRLi`ne; zQnQRrR+$4zqvV9S+pK#)cnC3BfJ8Gdq`WjkcE=gs35h`YOiUosI#H9+Xijym|AC0( zlvBMJSuLj1R12v_A>JYzDLNk#8AMcLpi_w>lF*@LmRt4r;_!8mEf|zU=kAg#Ee%A^ z8?Ab^%Gc97KDBs_B-PM}u3NzM zg8Z_hlTguIuB^A%({+MDMbSf4R2s$9M59sXvvP^9&9WSZ(?K+;75o~OOrxUV{ zZ8Ttop^n#Ai~}u6a8q2#D9NDpEg1z6sSOO=e5i+40n_<Ehg$T(2eKnFjPZnk>+lq&eu~!eTBx` z8NVOj(j25|qEposrrA!FKut`Q34Yf_Y7OhvnwFq-Ojr_;@v^T5hdh9M~VpzK0 zrL>Ut4xMdz3H-ld{zqv^DA$Pyoz%BV26cb`(7clqCEp+A29r>?rFJojOJ zHmI>rb2cbj;ZlUo+pMOB>OGqBM5}zRCWh*L9yd!==dwLzw94x)fwW5??Gi{^#3prP z+cZ#VbT;jVm$~0;)TfK{wb1NZ3z@6Iauj^JICu9n6r|Q*LNo$}P|}&+1C<655CwM; zavj{XPVdYNtLa4{et{XN@vV3f;UTI*1x$ z#)fDV`AnGLq`u|$1PMwhwz0i(HY}6JkmtYvHtDr2i}HYbov7KA0*Dj zgK(MK`U8e;jiolsd9+D)y0{c87V)tADvf}B?Sz|5>!=-FJKD&S)+6mLCR&TSH=d^* zfjer!;rYWhG+thRjYn9o_^bHbQRO5ikaGIZ6oH239GX#-MP@n?p}VJkCxynMVxHFT zrIeXzl~#8Oz|p!yKzX62bU=sD+QgOR(l*U&Jvsj0y4>l$ko3~nXGagk|J&7pyXwCO z$F<*oIN101$2Rm7olkA353lrnk~;AU_nr0P zhCS@+#=F$VF7>enLv3n&Th@=8om9Ia!Z%e%&uqYYc6GjCnKVqTq9sI{r+W~HIHAmb zL>;W&WZhLspR!6?bq5!5BBUlsbFOA0hh8JWLY2eZi}UQf*aOM~mfD*GpFUljD-Ymj3`nXF z?hr!32O2)SfBRQ3Ew;y=lew9m17XyiT5cP5w7Z31R}M&GJe{%vKg== z%8WZRv3+VoAP5B*H#|peze~uhC*JG@?@HA>+R=`7^m6p?00030|2XvnivVr_0Dvzv AJOBUy literal 0 HcmV?d00001 diff --git a/released/assets/rancher-grafana/rancher-grafana-6.6.401.tgz b/released/assets/rancher-grafana/rancher-grafana-6.6.401.tgz new file mode 100755 index 0000000000000000000000000000000000000000..b2024b4ac32a3dd8d438ae09356d4bc36162b385 GIT binary patch literal 27607 zcmV)8K*qlxiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvHd)qelAdb)9dKDNsJF&YaCHa<&=9Br2YdfibO&qW7v^!6> zYeOU?p(Y6q0LpRV>}&r%xDvcdvRpUq$DC(Ui^S#N;Nalga6n-aOcC`a6pmp6dk0fU zxql1e=r0fU^!xq(-p-EvZ@=F!|97yvwf&dDPJgFA*xDNOU;L#%*xBm${{s3C2SW3c zF%Icp`YZQU9^4<~fk{F*HC>6%0iqm_F$#x3zpXEqz!G#-zl-0Al}`DrrgTxTO> z2l;;o{!72_^*b@d35PgAlnpx`KrzJ85PXKolwmae*F^jlU3UObm^7dA!ZgZ)YmELC zU>1->L7pjN?W9n4El&}cS{3#4SPcfR+fb_pPp4?L6 z_JX5-aY7kK$qkG+qJD^M@xq5rJ$*2e(Ev%5*!hw(Qa249ew(5pfN2`xKrWlk%piKt z-}86+gU;{0q?dZi{C@_c46%pZ0NVNg?)LW9R+<0r>});p|HpVH5gEZqvwj{S@fQG! z+a97Z%p!hVv`xr(Hb?68NvN4Jv7YmSPVl}R< zfe#D;m;m$%GcH)?L6ixGc19x96aRqq5Tz)QjF%)pH00YIAym!xL~|RWJ&-YUq?;18 zhjPJtWb82#BX2!Wt#42giT+cT9vMJ2NGVJAoxKly`KsVNPf>u!w;&}Ua5hKv@eGY~ z-YvK+O%O*+Y(gOkST7(+fKtwSDT#1!+e=C4F%)DJ^IK29TZ3r|X-wz?Hpx&BkT`wF z7H?U=BiW$Dx9-6=1$`K$Q|K3)hfzdsPY@6oy z^TnIjHJs*$pxnG_&Y(DNZ-n?_(AI*tP@Roc^=lcH<0ZU8`^IE8|g&$37W^6?kh zvj<>`-%ygJ`8xn8GP_p(ZieW{{FaS5D{S>P8KN^Bp#2~qS;A|UxZGUze=iW@!_FE2 z1?f^W2+%e2VGKW$1l};Y!-^&9L7EJK_y^vwA%^jAIM~|W+1-2b^6&kAe<;fIFpND} zST6M`qNvlMNN&Vz2nL;wSiJ~=D={qrj{y3VMi3`rDTkQROp17;ESwm9LirGE z_xt@$C&DwdLVW;mf;ooKA&TJbISNP;vLVVwfgAxAOi`Fch;9PpPkhj2oY3p8zc}TOf{;*4=HLLi1oCfiVaBm_7Ce2Q}3sOv3;TxS`Q&=WK*6`h_KiYFoRQi^AgBadov zrk8JSX%6jBb3PBmw_5P|5#6efVg@=Lju?MUVT{BYDu_Uu6ROz&-O2=vAZPNQuEBkG zHt+|2ziVopHentBv-2DX9r2T15j0Eo*$GL`2;sJW{rUq#RM4|nS2dMut2z~TUTm2c za;q?J#_rFK#q@c#hc90{9kmh3$%$e5PV61-KBP3V08!4oz?9N65R1a6YRMxWSWS$v zsHcmtY@`Zk6GH$6WdxLiHLy-JnQrL9s{MB`ZR${PulGrGtFfVhKZ;X+dx&WR>?tKP zEc8E|OuU3hLkDGZhTvA}<&`>}HL#zi(XHCQK?FxAVt^A6kT@oZe&H*?-pU_xcM(iz zpD{d100gHL6FCzRWK58(Xdopa19%J=;+-{+mWvEKosirlVn;ZHY&s&4hU|DDt`cN4 zlC;a@pE*}~vF-O4WGmIa)w-H#u^c6{*ObI+73$U;aYbX`l!U+$>BTrnSeEfkL4`e4 z#>Hex!c#)IVz!1;ib{ue8!V^=YXup{^lj7A}^K z`+8^aasVzQ)-r)HF;)P@!uzBb%7I}*9Z;DKpcjq)k=nV{5Oxfx@06`^sCJ#>v19_9 z0D|+vcW`ia2r#p|mXN+AFfrm&lrcb3L?JiYU5!O4AQTbS%d2>WDpj4@3O?GpsF;gm zEzQlOKxolYK9Fo9(==$y0zMV6Pa)-E5K6Q|A>d@Aj47OOL}xG>fv_K5|u6DWTN<{W~g#)h`H6=G-syQ=r)K5yzWTuX~;wniummk zh4Z#VUY#{SW{6T8A|@8M5|^ih@%;!xhL{mF%)-p&+vlo|oSevi{3=nniXf7{>b zY6dS#O5_@`K?n}r_*V8OW?Kkn$%G=tYK$eK%4fu;yO-LYvd7OBB ziagUNOtFU(FK@sTkoMLzd}99-#RJi`N5&pZOjQX)8L}ZrCOG*dzx^bQjv#=ESmhkW zX(Sd`?Q$07i-XWD`?BY}*=j)^F%Je(iZ;%SB6Cp7tfOQ?$fp;AJz@q(65Yy`e*Kbx ze~KCUyDokqsqd7cG5#d#iFs#AHuKav^Ux<4rxEfa5bO{uhei9gW{ z(OcOHFe0rSy$>$L%Ee5q>2Vf;n<+|wkU+(%S1i$@3XGs&l!hVu#vmXh5tpL%c)!!M zJA%PAO2V9!bpx7TvdE(-#1sX*TtcnMj3F-vLhA~&inp4sE2wOTD1TuL{k70(7UKN2 z#SQaUtSq;9ctXzBqW-WrfgX>HT$fL?Zn%D~J4G2~4S)#8m>W|_kY-XokJZl@#Ztl= zY`uJk#Vd;blOeWPaj{jOkPsP}Q6ODfFr`!|*7G8Ys-X z?nZ(I6OKLeMgV619_EVAae}!OPI7RSDOxDa#@KAtD6u&eWg3<*{TRVSN@&t@31Ap1 zpCo`8pQ40oo0JxfL^-?3r6lZ>+8u(sPC<|PbSo)KtFQmb;H|*W1jZv0{r&GfvpIXR z=umKI#$^piCz?n-;7Q#kMD&#sdCcn|!YJV$4quhtsP$&ws#+eQlUM)s{_M@=$^N^e zf0~cd=jVkahB$fkoo$GaYmCYbiTUcdol@?(8zWm=%h?J&WmNHHejJ=FTrrcob zg)BK3N}1FMBW5KQk>=f?QO7VCJCV8UDyRG>5@j)BfKMSe`<#?!aUyM2c|~3321gM{ zh%%K3HBw4xjKduNPQSAi6fr-(AlI7$LBU_q~^<_*_a0S6JpFNQmryeuiN9GsPUePXf^Z!=I60$#1Z75>#ZBF-~BFKTC(Z zYN9x(bQXy9!WEO%ju6FR-@1ayT5jp+D$&!p(Io1I9jmms=*CPEkRJD@lKmy?kWz=7 zSRp#9%5uvx7y&r()CMC;YN=2(J|;AVYV=Z7!O1(d56SUWP%K-%m?99vPdLtEkTKCZ zN%ZywVie*m2FAz&ZluUNvUP=I8{EH90GD9 zTAbpvu#hQYhy%z0;c@cVet{F;IoNAi^%@QN&0Z2!fQ%G+G7pW?a%77(X zF97RqG=k0BX*8yuImVs{k3^^5C}X!HqNHqP$Q=0F1Aov}-eYU>nQKcfLTBV9EBeS8 zRP$BxZO&y70g2O0ntQbjX6?O2sZ7dnMlRC=T`p?r7e!%9zRabw#VSeTo^}C9Z65>_ zg<{u+5mVy4pc2I+T}QcM#bBKwLHrT9+2}}Df-=*}KRavczo(F~8$!b&V4RXXvWaMV zP3gB%B((FYn3%F)asm#-y!;G#Fclla{?F&&=*RP+s5|hrolW2g!x&H!A;Gw%-Lm^L z8UZYq5WnrJR*m!t2o3`uT{HhXu$~Z(3};ne1=R}ymdaV)@&O95vW#{wXvVlSUCEt% zic{8=T~3kgepATZ0D?%6Gfu4C_MB6kOpgAOiRBzbFk?pG5nJrq8elL+5-fnOSq=)6 zyEGD;-k4AX)@3=UwgS6aMQ;*T7%{Rbm~;dK1cY>ae!72fBpGFmNzp6d+%^3|<;iz! zgQ5xXOHUl=S{!D~Ly&QAP;%Ylu=l^`JVTa^x19v>c^TpVBg`|{%bk4Gn$uaDmz4MA@Pso+CB&G~xOkc{Fi^*Fgki38rz zo8$Kw4`SB`St1x8QgWqO#)2VBoz&>HYAZ3$G`XLNx_jlijy20^!XaQ2i2~q= z%;dOZcr8RdDt#_g~lO_Mhe@02U3y{2c)QrKEH!dlNf51OMKC_x7Ixg+JLE)_kO$6H*vA zB8i!2@jf4;!>DeiIGCDIC^(q$s~H?i?wQX{$H>{a?mf;_a5u~ZXA~sPHUZ*+uguY6 z&$pInzf*NVs!*MTVKL_mY?Lla5_DrmOGZKrSpq%*ikeIVjPU@6AyzK$g40oY4`o+U z<6|8oj4^3J(lyjKMf{pE`1gs~s9EGCkGVE22tldIPp$zlUVg_eVPaTn8Y#K&OA!J} zZH*BesK$8s0C3Zn5Qxou1Py=VgK+NY1lS7#zG|p5Q5pWmZSGEbna_ zTS|!_9pu=@wfW*53DFSjZ1r=)xe0R5ZQ)*tlU@jri^g&QU>0I&OaY9SAT5e0oz zgK?w0Rq+`xY)2nbJQLbgp?N=G*uQ=$n6fEXJ1^Saw$C}mql_1@t{Obm!ry`NSasp` z%tmLiG%(&pkdP3aW}^tRsajG}{jGo2fB;0QrC4wosZlBc)QEg3#Yuoux!OZi@u3(9 z1T;c7We?FwJ7ZFqYGq7?BAUM_yI})=ktK|6vbqA}g!c*`Yv-_NUo#feK>Si6Btq+v zDn*n{aKfbQc>@zJ8HJKGA(LtXlYtZ+UC;qH#1o2xsW-|-qX;PnQVJ6k>F;Jff`|my z`itoMz-V;23mbB%S9sZqDx?SBoIfITVpT-#Jwd&o+e z*4>i2keQ)VE9)E6v$oS#-e)wjBXKl@iiOOSS4ySp%>V#krqy^o!v$D!b->#2H8lCo zkbkLdAAk&p_2q?HsX}{|Mbv)yl@V<{TyvSN@q#+0A-6!7AIK1h&IRxyS>zFAD-i>X z5al|iO?j5QU<#8&#!antY%hj1>O? z6Af7iv9U7qPERSK7XO~{2q>5)} z`#)d)|Igo_m;l_2aT3?n6>~XsAnuim`l9t*?6u6FLpKa#k{~WIv^$YNytCkYxxb{x5#uhTK*_n1c59pWMv$Sso#lJ+MteK$JpnM<+tKHV zjXy~FPm~=&1{-~nmgh**@;jIoNX3^H>N--9My$M&`64xOX*Sr;t2uONxR5cQD=rR3 zw>6M3Kx8n4a~^e5I!JH=MuboOd<_Z^q|;3!Y-m@2++USAr$Ts&1SKON6tXO-7S=!x zjpci0yU+%JH`e^0QXE5iTMXOE*T1$>-~_}lwKjo(Br`;{ZyzTZNdGFIy9sC^vv>q4 zkC8D&aUxY38EB@wdlDygJdQ*8Jt7lkzLQBWKPm!%6<{m1^_Pz2^LjsOiF%izeK5M^ zIM9#n5-^Kk6_V2vVx$f@?yaeTnXnq1jE&IKwi8J;AUSz7$W0+NcU${3nlA|qFQ%dER+NfY8kYZJsV&AE*yq2mT1mjCAj~wKqMd2l(6PV!7HaCWH z^2(qkA#4_3*if1^@b+;3^r5KCvX3{`jT1%k)S3*`=Q564`KFZJRXVmpnEIT=5x|1s z%wU8=6`&&KTYNPePWj~0T6MCWFN)7xs?EBvvTctgo+wdKVTc#Tswz0Y0Nt2b#qzkE zq9_&OBu}G)^rT>QBew;H?4Du;Cv!l+jMdkJT!p8uiPk*P+H$Rk8ojk50u26Z!jZ0u z{`M;|e=v6^$cVnG2VdL4wWm?eehKHs#%72}#<_@X{7Mw|#Kc|sP450RaHU$4;K&mu zN~!>4tQwFre^oSgOM{uU4;yo_4n8xaWP30_?>y(+F=6O3B9n<2*sDCE1px5zqhh`6 zmtUMXeDDf%<6AjP+A3h|X!2moE3mh{r(a|YT{0G#X0>1|R?{Vq7^^mm+Ts+ zmor51__p+Qgp=?xOho4y4qyEbwn?&Ag1fNIFnAT;5;_rosG|Ud#c}@bqGoZF=zVh` zVrMab7&;dXb;Lizha*VQTsuKF(w+@9>59L)Q?_gzV`OrNp{qAV1;j}PMjTOAqx@~U_B7d)qwz5{^5GJZT-W#pPbdz( z>zB;a_49D9fj{W`FG|5&^G>K%qTP$(?&SdXJU&WB)hSbKA>v)t*sWC9?du>cu`Dkl z_LEwe@^BlGOIq%Z*Ej`YIm>lxc4B!NAsZnfA;^#bR&B}ddTL31Nbr9$^cqJ<9rdy6 zKP((qtPOuWKQJ@s9M4_TWGCsgjy@fo2~q@NNU!x$S3iK^jaY!R3}AH3y!Y1RFerS@G1n^s@+PZgAxQA5OIU z+wBiCK(i!KM}gD^EclCQ>zF@h%F2`yru@}nedx0X`)}W>Q=bxCAsa+d-l4+0`goEb zIb0kK5h2&gkDW(!X!%!|FYBGm5U{_9cNTEDp)13-B;g#dl~lKUrKrhc$c@wmh{`BE*?hM0LcXKv;>+ zO%u6lX<{VYAhu1j@WgCO7Nv`8�ON!+tusVSIw6Z^{uO@;JthHNq-;x~Y{f{ha!o z)ssV_?4EUPI)+@+stn^R4XaZz@|x1Fl~>6gVjEV=U3KfpgL)%0g)>Yt(^R3J%bcZ7 zB#+WalY>}3)<#j}Uhx5_ld# zhO8jo7Bi&?vYNWV@r&J;W^EITP^|SbE=yIW;-8GB*4Ds#eMDX{@;n~VHXuE`=7%Y5 z&E6*}mX(Zw5cW>i|W9+(ZM${qh4A+SRQ-MWa(J?aMG~hGev_(5qs?ky0{D ztQ>VfGl5Ym+0mIUp!C$E+%}|g{nXS4f3v54Ye>$`BUVtN*2*m&YXFUIHDA>#pZKvq50DM(xs#Jt`}#_!wRk?t*L zu8(OL`n@yi{;{5N{%0e;vEIr1i=%U&f8s0mF(?23?(X14DgX2Ci^1S2|MO!!10TFW zT%C7${^bksRW2Ui9x(-9zdo0Scq{S?=C9>edGZ{XT%{AljcVd~x$OJpOYY(8TCcqM z+yy@P`nA5$IEx}tP?zzDj4~42#H;QXU+5x!@u=z7F1Q0Ks76Q_C?FvM{{SeMl1^vK zmul3TVhFO{aFC&QIbXj2`qgX}x%c+)*sWu0s0%NKyh7GRSS$vB+9%FIc}V;P7r!b#4#IRP*Gn;?}pC@4D!a)MQy@Edh< z4Qcn0+_bK)t~#J0HKm(NvhTdn*(3Ffj;_nzkGUZs%?O0gOQ6tbx=NBz1X2jHeX?}jM&aQ1ecZ3uOD*!l9s6Kci;RVG{} zCeqUlj0;duvUn$|p(Ip)0u(W%OTN)*0nO6*a3*z2A--^DwTm*$p5bN%`vaRIK@^G% zwZ(yf?gaguSwYyyEoy2|5IBea|3*1k4s0&BvT zq4J7=sMP~JRVOGzN&VD*RsF~P%L9pzm_WX;P@yNlZS=?gs zar*W7MqzP3%RwGCZCReP;tOP8(>Cz8FCWHs{Wa}5XhI=Z@+%+Hm&VveSjNhl0!~&SS0q?_ z=ts8*0QhZD_)2#owk$9{1(XRgu`u*KON&nm1-Fxw*|2@XD2F~=I zY=VkaWWLGPVGc)Knw0rny_0yZuAy!aGS|V?-W+7Br4%Q847&e=^}6?JKrFNJ-<>t^ zv$P&FaGs^|*iGllm)>_B^VX!qmdpl*p$#FCNhVdyEKagdN_yMuh$1pGg?{a%oHW5) z^6m@}7_YZUprh@Rf}c4pcE0Nw#%vHQzsj_dPJTI zk5RyfLdrhZ0EpKnf65SaWjdN}5nByln8b61Ic6xHA$maK6jB7b|26OjJ6^vF`~#T6 z5som&i1|O}*UkBFFxP*|c51H4$!`mkUq2nmVhRV)^C zFhxTku`UVW=u>JoP}dGDkKFnlT`tE;QQ+|Muaandbw#F>Eer{ZlGdem2RO}=0PJnc zKXH7XjmP*C=z87yQFIPW)RK*D%A)8Nh{;o7iZE5DZ2Zp8NVP7@bJ2$w1p^}#$dp5j z#K=u3t*jClMLNn$T3!vEVg}ZA47Rpl$S}?n1si_ncntK#imDMSHLCRC@*U;{&!sx@ zEYCnFXd6+R3&AxU#eB3FHDwwLEQE4HY2wE-3I6ca;!>U9j6_4(LUqg?DQ6D&)08;9d!Tm5ag#+^;w)BT@a z(7o*5e?67gdnxr*Gw@YMVJ)2&i}^Zc%-A%(e6hr}t|N+TmB5Xr_7bJN6ltT>vbheZ zqQloVQcnPjjQ;{Lz9J4J3Cu%9*W;q6R-6b}9t1Cih8h>gzKrEkq2D<>)YmCUBZt0k zAVey>SmxPtRL9&esuH(?q`s@sOi>j3Y}%7ZklJj8Ff`}V%y+*lgJ3Gz9d zhzeCxg1ykyQL*zXcjYa^>EI6hCnFq{bo^=$D)ck-Mz^XHgLQq?2&gVI=f)q64o?0J zl6~coan&gU&|LF;^ zm26b}kU_?x6Y_8*RgR-tox;u#Zgz%->KrC5sDHk*Yyt~-K3jo>3+=S7Q~WkFrq zKRwoknEwN0rm8;vs;>J`X{LI!K^M3Z)V#9IqGWqbp{5PmrN-aeQ1SHqCQpm~FD2pX zw!gp3wg2sG?+kV-@gH0LC;Q)HJars9C1Jg+@1}_se5rglsq23#mF>D4Qe7Zst%Idb z5%X)rqf!Kd>Z25tP?ed=weA2;LX>c@RU<+618MP zlEBBVq?PU_=z3@3--5Tj(2Z|fDUH9joQ!}HDA)wua&DdOFZz6eJ>^wpFhxw*qB*nK zGuW89c{BBZZ6;N9^NS7BaB^l=p{npJXD#ZKyEb&d&BE*QtNJSSZt_xh4sR-~XmgLO zS2|Exu3mrD?SrlCruG|`MN@^w72ZCA-(ZzL@Q{{X?M=;9SG==cdn26m*i^3}c}p4i z2)bS%R$6==VhX%;k%WKXZ+`>2v0~yI16F`+IhcZa2X* zb@X!hs;yO&%<{EpR*Ikk(T1H10CEST_@-Je$!&AjkzY9O=fJM=#2XlxO=jH5qcg0| z&(l^c6}u=0HqK*nDps?e%PlaoRhCv?@SA6@X8jezNGsXftCS;pF;0b=;fT-nr&}gZ zvn-03UoI$f*?yb+S=a~WgpYYF@Z3ztHCu$~>S0B`Vylh3vskQg6R3mnH(>oM0KGJu zFEnym;q432!^1M5`F;2`G;BF`aqYZ2y7=M!VVU2)JwCrE6@0t@{n6VxzT5_uIx?Lz z^aZe$pS!OvbP2=dPy25_9F-yY@?B+$!+aEF=Wky|i-Qo%*7{<#s;T)g%5YsWGO{jT=(UtPtb%I5T3gdr%I+-oHcNBO?5 zy5;65eA|O${Y&UMw!wwfoMMd!)pA;!URKFzAFj^4C#b|z zhs0V6R}xl&uV2ma-yE#}W_z=1n0sJ-siomR%{C{|kG>%1Dk0_xn?qJD|w8{4=8iA(ywfs@3^O<&^~DO{IQ z$7tN^8LAvbUbiq81bYEN4FLJI6fKOe#sP9*l1)Ce52WC#F@Bjmp10dw++orpW_)|j zrdId8Az1$@$Z>Opu=x(J*v)`;H`oD1+oLjdFXkEWXx2(PV9bkm= z{V1Knx!CgWi6y_z58Xssd5+-fveCSz@{eEDgeJGfM&1=c)=?ZZH7+v^o?;;ezP zSYVN*YA>RAFtp}D7WH>Y)*`pI&x?_gAZrN7yrK8KYVw5a{1x>=&XwD`f^3Pf*aNW?EU&bqT5nz2dIu#W=-;o z_f9#)HRqtRgCFt8j2)H6_5D>Y$*O#n@;a*)QC?$C=$GsB(RaFke*W|Ov%`&L3SUZN zT#d}uT;-31dgr3BD*ElcVe_ZJt_^+9e;vAxPtGs)-@d&(ef#0f@yU5RngSy`w_<8u z+PEqP+)G#&u<^+ouwZYYlRP~{5!fu4Q1yxaoxT(fDigL zBFREPRblDsFi8o}v!*C=Q9|eaQ0;E$vNh6}>ui7E7|zAwHLF0V`CSc+c`FMgvpQfR zJVOa$?39ubs&jM{3e-3`g#3$JTPT*OZKB1|(&S*NcqxrVwG=fWrUyK04vk1ih)lwP zVkUsvoMpaa?cS=jwdBo#+Q5xMiPngX!tmgDj1$bIo?-qj;H$YUC-Gb32n)&K<_*%# zQ&&4iw?HFUO6`>@N{xlbiZ6!T7Z+KUv9>oUT+QA4_EW{#(Q1A!a^@zBXN{e6j*atv zh!X74YiO~~r8H-NMZ>P%lAcjQxa9CPJCkFAH!0HQH@l#5yagp069ldZs&b?6|1*lwJG_)$H??!ur^E2}M~9a`kCJVM4HN8>DF zh^vvVfrRiWP9~k=4422>;#I@RJ9%AAS$;>__GB;=qY!8D5UA1%waD;iB(E8A$j-cK z#B+V^vfs!hW(z6!(w=4T9S7BFfXXmTFdzRMSRb(#N`TLJk^&F@I43pp>!EWuAH`Bhy|-3o;*HUw_i zMP9ouz{2zqFg!<+VYt|?sL>pDweG3WlT!R}zYl>h0)&Woq~?~n4-2!b+EoKECg za45(R)?OBF)O^htI?^2Dj6_JvOxHLGhd^I7BHniLGsrkXuDFB+8hor+eugnW>%BsV?ee936NwperWC5cPL|8i`fWf4*t zmZJ+dKUt|KA$)x1aL=J<78Z|F2{2-z!?VACJEmPu0}< z&214Z8wo{0TT&IG&dYaFw~o0n{h_I+uXSI%IV$EBg*BUGo*2@swc@iHk8VAPIq+)Ru!i=@#d3&s}ZCzVb^i`IC(8+N) zFHqT5CUk&lGr5we9A{1|`|NI0ac_Pvzbai9h#B3ik(8b9NMmX%|HJoS>@d|wX z3SM>U0vie?Oen{?i9poNsj$DMpu3t|kt+c$g;RYsF)Z`L7%L|ObM&dHC_-L}o!r@Q zBU74u-g8d)%?Gklp$uXJbjyL&bf|9;BsSIjZ2@IKRjg08EBX|~wD#9t#;8oxjFK79 zS$G-Zz(d)%F37X(c;o%CQK>I$T1m;4vMH#AyrLyCKP{bss*U8YUqPLwNUlW=Q@0QK zS+%f5X5F#sNrL!sSaYyCqmgs2I>=}QJa#<>|3@i4Lib#cS_n*BNF_q_XZDH{S3_h5?4=h0OIYW7rYzB<|{zPg>7_oD5*o_(ujZ{7L8S>rabcGr2S zPC4jCaz-uolsmvs2%h&m5BT2!&+GjauwFMW(;fQXZ5CfR3CxR)bvJvH=N6U40Xbyj z$!jQKB|GQgd``=)1@Ff2~ z#?u-bEeLlkba}aLNUa{Ml(FNXwT+r^=~C435{k&PB^8lpWkp09m@2k%b#TXp%5a_{ zZgQ0)|L~e*Nhr`Muc!f!mh+?zidTTs%w#mshkDd;Bqy>;GB~R^)%9x-b?0?*HZ8u? z93&~mP1b>1^y05;a`oRJD-VblV8anX=cY=@dz4~D2@Q%nH&ygJucF9&)6r!u{NG+% zys80c4*%cY-FZ>A|7>sVKJov@c$DZRxrA%-uL+gkSmZRoMw!dQG-W-@>JKeV{b4Li z?kSO$`pOkfhm}x;F@KzHpLeX37TWI{)HZ<|2(emWMn)lT z%&lc{-?Z@8D*sIp3?sytXVM_tTMC?~|M#~_{=cpM_LKhqI8ROdXYDb`M&ZysA2d%y zEF7n7G6(1o$$Q3y8mj#h_#h3}(IJ$_r$cZ;5>ye%mKI&Ku|kE>9GKSs5bWyddElp+ z{}*%qcq^C#+WG&Wzti8T*ngkSe?88#V1lXNPNgs9mile@c5z&b>ic!I>b3vcl8f5{ ziq(H>%RsTWCG7;|$`5NbC?^VA)`n25{|#Cc79U`}eW6(Yk78|@KaABhv-+eiC0qwn z6lReP5;e&M+}FihO4{o$dYejZ?mOp1j{{2OTPr+uEp=Pc&r};<{>;(x!>zs6qUK@? z8|ToY@E2 zoKoTTJ9}zj@0JE!WEbDckSb8R(+w86^{0m5iuc^jo$<;|KcIX&&|(x{+fMo3pvIw= zi64}6iC4+JZQrQPFJ4+jl`P|}d0b1a)a4up#r)t!h<~`aIK4c5e|Ax7sCvs_3m7%I zQ5T8iEbBe9>Lkt0!CHpa#=bT{R3YVtJyA~zOyLMem}69$aR5R}(joZx97fUeUkcyk zL8DWOXE;I=bi@J}>F`AvP*NysGUlHV!eywBT@V zR^V|uc9T}Oh>3a1(E{4))08@CZ`*d^71E5pTyXDfNj+MUZ5v>mr!G1fNcF6@=OJzD zYo(l|i(;fXPw8SnIvGk0<;|rn(3EWIzqz$@Vf$Z#_zj`gUMe@wrEGxn&VTLf?Uw9+ z+x@|l{qIp8$N#h5Y6aYA`mPB>2~~cCW6Y0}2}MjL9r8S{U_I2uaWZjofGAVqiQCeH zSQ9<0Ai0-Sv0^0=0vt;C5GXrWu`8gv0-Or|8-Ot-u{rQ%4RR?7&mY4wwg49{7>^8# zoTujIl^Q$D52GknadDd>d#?T1&WA>q`A`yN)r)%xpLK%gxNzx%mlH#AGR#vmDMcY> zK?<@Um1li{j+XZ74R)&1Xo&!7r@VRU>n6LY7i-!spW%C0&T{mvFc$P^d<7NR3MWrY zrNmT@%v>OcrK~CC2ZRZeDngVAjJI=}-R)XF^5O7w(V~XstN{+AYe16d)}67|-kWb8 znZw;UdE#x4%G-W#q3r>mh2{ShqQK_Gf9>s*^FIxC_MY-TJj!zq|NjF;YW-3C{)X@u z_y3n_+&2!uH1mM*0OgRc#k`fijX+cVI{|5PnY8`TW=3-r(u{*P}e;^{*%0uzr)F3QN)!*8R$e64x)I!I4QZ>Iw@zps9lVW-G}g(4q>fEAM=@ zH4=2Qe|juSA2{9@fB*DY?}g0&0W#37(>#0H($RHqGcZkhr5&|ab^YRAC$T&LBgCNt z#R5Ib8igdSZVmK_qeP{GC=^v(N(ltUx>G9<7veBAF-EbP%QAwlHOY4H>IzJIaZpvDCEklD8TOP5e%+TG5%qG$2JVDT& zRo()SWbw#kT5$KBdUd`M>Eb|kvH%=T4~ur$c!`}0j8{)Wc~jmW6YWdU+wVU|Wu&&O zvxOI9g#f&7;HYRRnGsgyZvtOdd_boE3SclrYMrQm{S=4)P|@gUh7!)e7sClONIJcpl;j5etsT|JS5-%F ze_O*KLidMwpnHmOtj<%if9RqSnOu$ujUflp?v4}i{Npo@V{{pj07gJ)V;u5~{Q{m* z6cdgvVHi^JUjNJ(qTDoe(aM?#Ob9R5!fnylBA-3bM%S#(nt_U zA@d-dK^9P)^1|y+p7TLg4Hzqyh$HpEDJTtHyux>HIl0s${5Wju5y&NP)mrf?-C zv0hKEA1U!~_xsLNer;-$o;Qly0*gw_3PL3`vzdt@XygWZT`|0@L$a#IX z|Ffy`@AJ!pAI{#tztAt<{dn@;w737^@c82L=djP%{x zO-08{-J06;z3K3$0`_U|{nI`z`~NI>fY`6UETI3rsKkHmzIgKgJkIl|`5$G9@TO?u z(>nh8hY%%dj%d4MccXWf3gE4A9XEC|#tDq@XGBdO`HO|SFtUmAQ@kS~szfT)jxR5s zM>5Eq7Hxq@&ar*DCn=MkRT3E|RHh$sl~JcthCi2bE0mRAx3Frg6pvJX+uT=e^)H3% zds-)_sNBv~lWV7IuQFX<9^#twX8un}v_j5b_nD{v4R*K7@xT2SPxpU6%2UJtr9u-> zB=}{4@7G<>zflQhEwEd4Nx%K7nXO{@qWT|#zgO1w1DweCVl&P+sov|AIk963<%JzK zqPqFc_WEM>B1~JZ(2Wd96q9q7MTl*vbn-fsa=y9112Dx}8&RzMiF$G?fd^o5NEPt_}^UpZ@ZlTdGKOq>uLXgl&6lN>%D)a zjs1H?Isa|fT&{(Qdn(GgNLYjMztUi6y0l<-o^qedpds$R1hSp+ab>+}yT_0uh zbvF7H1wu{pK;aOu&KKJbPD^gtW#{`rl%J=kh5whX+gYKHIsCuBySrQF|67A6|KFoL zU*_K3)Nu4)e7@(&f0WD~nZv7d@9$IipA0z{t(H&Uxo7WcZ?P(!x|4P8z-Vs=C4p;= z`qoZ)G(Yp!|3g@S=E;A1<@m3`-p+RaY5hOO^X1QX^WB3ptlytmS?l(LU z+@`)Ax`h}u8H6zPIEkbD$go>Q8Fb_+<~cC@M%zdm|6lRiKl{w#|J(f+dzJhj{ipm- zkMcZxVyE9Xj%$%@P4~{v^xzqpzBrfkJDzi!XGnU@ZMvrJ23VJIO|=EhwXbt?JS~;g zX-*y|H%Uq30NxT9eh(v<1c-KBAZz;J_DFcs#5#=`Xo~M@+pVkCmd2y5-nlfyp9!Ub zRXcXS4%?`%sl_JGyjQW@%*9@FOt>kDK5;}77#*MLp*Szvpm*!FWZr1c?zKcduaz@+ z)#vQe*WOEUs*!F_NGS6KbhUKUu=o;PY{R{H*}N36G*u|%`KnN$bjTciN(qyNSzf3v zDN4EY#=K~fhqy!ZTU2PDo~53-@*h;j+Ev8B`S!m`{QqG0DgN(Kp8D-UTj-4^Xifr9 zWBYf-#Rv4plwf)Q;p?%T6yK)lPd;=%*C1i;^%USl`Gc;O2_7N|Q=(daH{ zmI3?$cIe;sY1#idLsFG>)_RG5@!J01DCa^oH0su>80YhJrI+Is(=y2r|eE?LBCDt8HT=;mR zZFK3wfwGIrty=RB398KDd8hMZ2b$$SF2*eXE%B12WsG_D-xn_`_djiIJ=uRA)s`oC5n(~}_B&+_rdi^%sm&PtF98bZUWk8xKrrIduFVyg(dboI zXJuSqR5A_dRJCC;8wMmqub!>nOb`d2r_#oH6tR>f42d_X*d2lAnMAmQzW6~gVqgHC zeaUF_6>RazfGgGXF215^X%=m>c)*pZMYT*a39rgSxy1YP0)Ya~epD z{BnQBy72m6;VAe#`LDmbSJwY_pW=TW=lQ+X|4Qe>e-}2e!h!CkhxX9Ntc70tXO3ce zdhYuy#Q#?e1)V4V?UeI>ZEbD6csl>{D9_UT{~L%9ePVtO_bjshf8+cQTf2LMO8$qv zC;9JDo|WwXrzBiWfLnzJR6O?GDT-pBO?y*9uDe5^wysP%3h%MtkjqTIi+j+A}=3F=);{@|tO-cIKDlKvnA?n8aI4_oHHy{azIFVU<%jhe`R+=>= z9*KS(f>}!$vcT7`!^Q#}PISDcZBI8^##LrxsEk- z7b6vxU}+SI4TT%TouC<_->?)>-v52UMDZjc6g^lU^W^{C?Q;H?ot^$u{=Y|g*1##` z9MOaUPJo(ta5F^-7-cvLaWVlZ46fk>F~740E~c1CACo+h%BCoaz$79g6`O*S$)*fA z=Xi!>NWSwPCShj{Bxs^;mRwIM8skqWRDATW8$J-r6p%#L6d-{VQ4rw-`5pi8{PLU= ziaKlHfW$FLz)uI~AjFh){0Zhg`L6=M2nN?#3dT4> ztn;1EZqm+o{s>-ozVmsUcE0<6oi*?iq?lw393LLBjz41o2~o$_zOIgsLj-%OJSD$& z}db+-H{)M57sZx9D(C?()H z8Iw-u>gp;W2_q5eh>ZqN@d<{ZxmH}>e#)GdCYVpNk&j7Fl=lJwA9LzvX$UzI?RGks z=Lmt1_M3uAG-ecokOWNrkpEnYLcI+zCe#QkAS6L1o#)b)dnt#YQ6a`HkfBj@K>$`C zRNiLsR!frkT8y!G^(t8s6F(_>kZxU^4Tm7orGpBtJV% zhA555tr%Mk2)asMT=jS%6H+V8P!y9HV!#ae$83aXf;eKLNJF|)^pTI z?8c)E1gg%DGMgRgwg^n@QRHIf&|@w82(Bqm?=H9)7jTAR0sOC_$4%x^$1@h zFdO(={x`i5LmwcoZQpq6l6KD0F)XLK46jCK-$X zRF}9*@Ylcv0Xw33u)d#!VA~&T`GXCCKg=v#`tB~K7TP~wfh|$2pSQ3pTIh8CO)@Zr zGd1im1fDl0G>|`UNk)O3uuLK>pB<=>st*m4v4eQomKsEucebZGYlm>#A7}t|s9&Zu znoj2qoI;@jaQD{ZhUX3(B6T^q=w$wLXRk3^_POiad5b^Gl)X=Rr)K94T$vLaSM$ez zlEouL#WW@|zLXh7H3}T$%IEz7k7ibx-1V{IQtQoGt z)uUHUaKTR!t}LmAY(=&^;rP%YTsj zTNiw7gIB^8;TcL0W2cmiP-|)MRu=`bEMSOpdDycJF0q%sLA*NzUqDxg_5w&Z)^!tf zg;vlVg6)34559sfPB6zXIz$n?Jx2jaLe?FEz5XWX>NwZ@?Y4M3hB(S7x|mYLrX&ix zLmAP21@rP0^`eK+9 z+O&Q|KgXgd$cxTt9bAHk~^f0~eb@uudd1gi!^W0$f|8-M#VNpuZP}!S;*2(P(Ec{QHZYt?hoeyWM}W zyE7W^?ZUmCemEWlyIVWEgTD{L7hB=>Xy@-}9PC}WAg0y~ICn}#Q5`HiXGmAa;}gP9 zDPkyTSzOhcMYyzGx_JpWaOsOx=D_u(l_$5uaZUFIGbE5Kz^&9&gGhQ3U#dbn0${WTdh>)X0Bp#z|BePVO# z53?SX0@W&89Au1>*r-}_TYnh1f_ZEDP9=R2^rg$%**re2hwCBcv6xn~rnx)OJq$yN z3gQGOGIu5z>AGMYkBwa!g&X$)uMsXc$)=;sM3`~GCyr0S!SUf4Q%5{dsE?mY5Jxp| zef(twzUrjUY@&NJZKkM$z#3KX9ss#;mD5JH@QM8}#7d&DASy4wm{6eaK6Ct+_XbSD zH6@JiM;J0RM_;}ZxMA}6ikvdV^~2{3^bikvq8(N&zY@N1G7%GDA|u*leH9?fz_F?_ zuXS)GkN@0PMAUFCz*h}CE?-@rN!Kob6j?`SxB*t@Uk0vkjjtNGgq}A?&awCk0+ezT zD!*0>T)h>HF)myeZL(nwmlOucxE(A3*Qs>4Ee%`&F1eoCjSCfgi8?a4rU9;xU1_NF z&?gwDk>K3{jJgl8NCk5{g?!osaSp63Dp4r8NJ>$Pl2H7KW{BR(G3ej`Z3Fee2ZqL3 zq@1PZ6HX@JW1uKmn~0SmeE;Wju>baZ+o4eVDTyLPb2r7cmBc)TC(QAEz#HblXyoaU zd4a9nn`AgdJ^i7VFY4Z!?tjC7D5l3-S8xHJ7jMst=xQjx5?uDo&3wK1;PgZ99f}FP zwWn-sUWZV;xfm_z1HwUg&@FkhTaf11Qm1>$dRm>gX$M|lvKw_Mm0?vnmYaUFhpYw`b z)&|;x!liEUuZ8Xo=#R<=7r+FJkc#a>A;3wEIC)PR%i(%EPXehCLIiC|&n!&v7_o{) zXjSDdn4&O?5N)++RE!$eFBz~^!8+knLkPs0XNoy`p9E-OMplKZO~G^E;y>ldxEf7pEAlTF zt}#wvgg@7BM@?|$mCEI>K7wv84hs=DodsS>2}e?@?Sgs~R_QAnoi^%tcR)rM0|;0) z0wJc>Zd@TZ1J^^*7fzHoTFYSXz;TgvVJ2@I(`7e>&Y`$IQM;xJ{t$YT$xH@t;>Akf zcrYb5$sy#h zZ3B~NmN?i1AxWNdp&KC0?Z}M~JEk}VkOLXgou%MT29ZAqTrEz}J0OaBfhg-qV5}UZ zBJ)cQ(K~Q8%Gm9QEUnx(!d2@8oevj>lS28cfxkWQmyb?qgsavGIv=j0L-Y<@b-Sym z!&SIyJ)iU8DtbXz^>r5DYEh1>a0%(Zq8Ed|0j(L|d!JZV%-xTq&6^`fz?C7C4dqwj z6DXN2R`(7ZN%Ig&W|$JCW6mJO%D$UI#*oyfOpL^;YE&|lCv9F+QjyfkaMeOIrX&V1 zN2Q_zADkl<6}o?V3_=nxKoaorNc5(CBz2}JvG>ZjS&GJp3TEG%pafCKQRrH%V2XRQ zfj@ZBTSLig2C3@Sn+?2xP^7|a<>tddh&aR%^DU~(xW$l_qkb`U2o}AU^4iVySjS_i zNX_ULs58n^v6PNrQQ4mM+c1k#h`rhj&WWfG!w^|L*_nGE94Lj=TFQauC}tS$#nG+W zIZBueHeHCaU=k{|N``yt(Jn-5xfZNoQs=6gU5SpX$Jhr{&O+0x6grqKzq$+RC+ED^ zec;kk+JnP&U^1V!fYt_=Jx^AGa8+x@kxseRhOsudOv<(g0ZWU6Q8vNzEQ<=RQ&m*2 zvxq>k&|pN8i87X(BMGMbO7kc-xP|P*cQ(j5H;Xxy!Ma(GQ%bVQ6!0|KxF4_AR$`9F zxYd5w44183TYjbO#~$=J)k(XXy(e|}(v^Wp`OO|2u6YQ%1BbS#R(=}8Y#tOYn+~^$ zPvixF-A%O#RP8}5N8k!lmx9Zjpux!;1Ja#YZ_gP>DUKn%ZS~!(2$!2keXe*TW4GTP z?w{$7-f`M@OI#qJwIglQ_DPhYU9XpJE22 zn4%7POcA(7x2mALEd0tZh!oCM;fqhD#M&Gm+=`me+-QTmA1Cs8fq<@6No)aIe-*9; zA`ezIm=%)pw?;#pl5oMuw}*ji5%-9JYrznW2Z8H!UcjgB$90h8KCL|Z)41L&TuTOs z7vR$FsWuyq>Bl(W>g+ak8m1Kh^r%sb#x3qoE-nJ4@dG+mXrN=N9VN)@Io7U0j^wlY7j8; zs62T-QU}W3;1B_ZAPuI{O5w<0@@!=ovYt9;%zDld))?T#@|rTNO>mtb7_s`Q7A|S4 z5PLNlTQ9f~r3>@OX?7peeG^>vhMvS_ws$~HvXyoU?6m?G$lIB~2@4#_r zz#()36U-#mHif)@GsS^AdF)Iio02RFbFTcTI0fQ9@w}x}}8bxp2uS z>kn9+Yh)5I@kSlwm+3}CNrp*M1VkD&1;ihY?<48Yg{u%ya0d+iww<+cS_fA`vi~jC zqaq~snvz(sT6WH97VwO^z$y$Hs|hFO$~f*U0l-W}g-V(3M5b}@7aHC@U4>2KyMa8I zzC(OU!h**{y%J-{)XD!4aTM@eb=F7OnGb%(da=_UPyoV6Mu^LjW*}9MxQ?XD9(ILMWBn!Cqe|b|eXz)XHS5SH*#`Yn)z0>?cI= zxHgPUZiv#BOfwZ9bB$BLBYF59kBwF&CR-T`q6=h++ySPjl^BGKm}cCaQ$+|A$=ogou1t4IIJGwyTWRBX zEHBQ(V~oPh>IBuvw0fpIIaN4eYL+m|Jz_q1FMz+nOwC_@W4e`Q+@3H4G)ttl%MfD5 z1Qj0h=M2Dz5s(t5{9JU@~V(U=C+1rhuvN2s)l*ar@I#1w?B1oDcQSTaXwITxjA#LFCl4ceMQS?5w4`s z^W@~G&;ZFbpzIc#>QJZ*vay_)DFc8BMl;p$xDgvl)dMI}mXIs0zFdhxUNypdfmqE_ zZG~4wWh2HP0dTpKsN7_`iM4Gjp{Lx6ks{r*9V$74krkZ{@Uul0<-f{V#po+NZ< z`Aun7_tSQ2qkQW0JhqDZ?c9mQY>>PWrDSH$BtWhuE(bMZ=twgW(MkiG*7hd|C{Yd@ zGxwGOi4VY&mZ{YKR{n@&0z5FvIAB~^*A#M(ZQO)K>~ z;LrJKA8n*kw=yCXd|YCLD{{Y@+Z~#4C(C+cQ~0V92u zNu8_X4qVL!{=i>8*H#n0>LUpn;c|ir{9^f4VhCDqhM5CbYi`O_!zIa05)l|4y1x3l zgBVSx8`KibW84SIvQhZ~OE?%`obtNbbOy;Hof~I=I@xrew~~7u)w`D@|}!f~V@> zY73iMF=VOhU4KBXiU0zk$9NfCwO!^+XlCAgBZb<=^%4pS@a0YAb!#|K4FqYo^gh#jFG)I%R3A2Dg8@zD`t_JPL>6U@3Id9k< zIE8#F?Wu0}&8>s0UW_=!!IDx@EnF;^qI#3X9XOZYT$NwJ*mqoM;h_sT5YpwNDTuNluh29K?NbGjOba-z^lvAB0H_!?I`sc!L(6^O-U4t4 zI$JDFzHnFiza7BEJ80OyEA)^#WXJxYOWW-r*>{rJ0cwxiwY=R;X8+M|2buc}+xLK{tRNGR=l{*#|7;{4W7eYHbbzR@}DA z4AX?1mgS7*S45wa_w?rN2YtwQ?nBF;qtmmyz2=6W0}c#5WDd!3A4ugyw+@lUz?~=~ z#$7SCKA6mX@?8&^6{~NAyu#ft0azRZb^F!}a+LfSCIbX{0KMYXOf*$NYDwpFp5w7z zR9Y%tGN&L6pg7e*YW&0Kd~V1*fKJiWZ9;3YkIXwtoI{>%cvtD*hztf%&(^*!#KDW_ zLHiH{$9s-2)Wo13qrI7CjadPXrmny%@NEq9e=1RB z2iE&=o!`k37G3kYgjjZ$y4_A=JUR&zHN4PC=qxWLr(d46Kbpvtql`@4>yH?y9e{eb z+iF5ob494ze<@PyEG%1&fd!WU)V&G6W8_Tt$&{^2$%4FTmxx4n4J7tD+gR1q$FRRo zUa@($73DS;tH4FhEKTs)xhP9<1C~MglC5Y)zOwUdBO1AYLU628 zn!Y!|(__6Cd`xE;h+L)b@xPcCA5$nleXsw(Z`18hOsuhX5fEVBr6rBR>sL+P!}OuK ze&y2MvI3eK^vQ<2czyY^o|Iauq&c1?9-Mw-Mn9}Y_o!oy6XIyq?~z5IU_(WFdlnB9^dj$Fr8d8skGFJ zj^GtTX)U4%QKC200_=N$jNM+52^i(#Yz{KiOQBi7Q>6Fs8_DaMRT1th=qCnZAfQ0E zY=#o@41HBC^L2_cf)^{G06dDJ2X+)f5J=;t%?jglQ6y1xP9)34YQ?Go?@YL|QiG_1 zn#h_3qkN*fgc8Y$CbwSStEQ~EmgQRhYr3zZc1e278Y%I%O)oQRDb`Gu8?xe3LOZaH^Ivd_&&c&8y5d!lc~{(M#cHZ|IK6kF$cR@6PLT7AL<}m8+2*!< zQZq7|j3Qgu)nnD!wKMV|jtF^^B*|}XFKcs(a~B$Bl^z!~$14>euil+gO0H_;6C0xP zNXTGXo#;8+ES6>mH4}stef$&cpF>0n5(G;ISn0gj+m{dza1Yt2uR)7lS{I|SE)tY`%{8oEyd?(#-M zv?xf3SV(9=ApjGo8{U}n2x7cuDS*0KWmY2OA_cbs4uPtCWSfD;#%>o zr0XTG*-(K&Z`GT1wlw8TtC5pI0lBZJKDDNx&`r>%2 zQY2Ki<}luwM_ zBQ;PcWJVRw0Z7m!gcs*cz3i#cCw6??&GovU)*z?tg>KHDwtJ_SVpxp>XDPB|v|v)1 zZ2I#v|8=Xh6_r<(7ldB$zE= zU^r?N@oF*t3C9wx)94A)Rbzz$jPpSq5?^}Uh5yHdm#*XSCly_g7z6&2 zFKJb=a!`f=Vl7qH)Yxj~@mL?dU9xgzjq={&A(vt=c|YXNQ0jUB3#azw{}}=kEt#x$ zG_xZ>MMi)kUVsAE*8hkU703a`*L*;D+S1&K-0PvyU}RXBf?kQkUWsk5gp!mStx##+ zmn+6K1cen<()^~cr85cN4^Q9@KXWD^yXGq5EnbWG~e682$j6D4H*Iyr6(NA2lDkBfyiFY&m zu349Y7GMn1+HqP+RTu!c(uwfgKE3Tg_6%G&R)Zzj!L)n6%{XzJ!gqMV0BR+7Uu~97 zP?@hGP%JsJbNV=nE-E5qfj&t68BHFRERqw{Vr6L>+$Y(>o*bW`vsX)FSPQZdjaAOU zNg?r!FmRO>TwmaLwj)>A(4}B#k&#ig;MF_ag5lr9CTM4qOt1DV#<2bwNxzuv&C@6r zOSWL|GBVP{jUso0<`##)A0_{P+`WLidaT^VTfwfQp*uu>LAWKTe>onHZAIihF2@+Q z7WWXBa(g0ZiKpBInB;bc3G_L<;!y-Ux}jAs%*ssz`0)m`%MSVd&Z}k18aTZV+EiQW zu~`DZ+a}QEf*VjzjElBq@w}u9a&%yPi{o~DEx#>Zw7Ml&u{$I8Mjrwa2$#b1snEZE z^K+Q|%}(MRM8qlAufCX0b$j1K_;OQas&h_T<)kjpM_+)U{?>(HijO!kp0@!UPV}MG z`F{Ht4O++uS{}!7zcvp?qeqpe35X3jF_05ujS=o+FW2<k2!}5ia688xh02iR_U=GO)xMYBe5Zan*hy3YL-a*_k%LWhl4q9} zq>vn9izJJLNLEYEuKhf+RlPa?S0fqufo;eyut8a*&0w{_xYv5IfW)@BF&r)9T=5vI za*IMtb-Lq&hpk;8uS#CAEi(k!RJP`*r&IN-TyZN!AVr;`lU(scukTzqVPmThVuG-o z*R|xcruI58J9TUqJu|!5YU5gNkCT-s*iX%@eXjHWicJ1d!O{dYeZ>pRMLIc4R@(yJRXl9ot?qo@p#<*J06cu?@i9eXXDA~>16!Z zd*jpbU&fE_k@273-0i2)2lad7KU`P0asMUH`;VWRg3r(A=kxRV`TTr}=idPU0RR8Z Kf4(CCQUU-g&50ub literal 0 HcmV?d00001 diff --git a/released/assets/rancher-istio-1.8/rancher-istio-1.8.301.tgz b/released/assets/rancher-istio-1.8/rancher-istio-1.8.301.tgz new file mode 100755 index 0000000000000000000000000000000000000000..b65aac380a750ccfff50f9c4b44c2de89567e26d GIT binary patch literal 19350 zcmV*pKt{hGiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ{cjGqFC^)~a{t8@mzLRd>7A5(a=x*+=$L&e{O+WnEPG;xJ z$tn<8k`R*w1AwwMo!-BF4<01Jmqb0Rc4vf>leS2(P$&R}szRZP;n1A|>kuvo?OseV z6V4n5{$I9Odc9un^!Ql)+w1j;|Mrj04*$|W?j85~hll;%*; ztm888yS{Vyt<&%IDq*<51Q`?XQUI0JJi;R%&pROwV1TaVjI69D-}4B&FhFYBcKDnN z2rBDRK0rPR-VaAkX8#Iplm)she!S6ccijzOgb(NA{s&{3~^dG zB0mA+goXn&>$h+er9b=5H_lPZ1MV^s3H9h4jW8#!ras~z;s}W;7RXEijvk1ZA~6LG z-W9%sZeR=y35updM10WgCgkh-SO6E@7D8jnkOu-2pF1t$%C?f)uH-u0F%(mij&l&a z>(dG41{j}BTK6!2pv>cgR>vBwRtJ%A%rF-$c16sfRW$;$T&H{e*5_V%&!gn|{|x&v z@NI7ZOZfkB@3_eSkNc-5d;Y(RLTA8yJpUW1LZ;7-B4SBqTDBxIHw`aeJFksnV;c-0V`Mn3_nzs+Fw zoI_Ki@AO-(5$2FXUJg;K<%XoPOAQ(}bnCbw$x*I_kWVLXVFvy{a$UKz!K3TP9=uO> zWkttMacl0N`*;M&?-ooLaQ;0O@POyllo#^|2IxKY;F>ZahrIq9)!~XyBo5vU1XMsp z8?A`=R8#?KKqB>Ro;WQ5J_I1xyb9**P>*|IlqNnMVc!T}!Z(vc)9DS2aqNp5m=G?Z z$`y)G#OUL^@f=dMXNUHL)B~wr3`t1D=CC}C=r#4;5YA#HO#C(WCLpT%j1U`PSHFpP zbXgdc7f4JAM=lQ02n>_)5D8J=IYXEuA`sz8ldS;w^n!+CGRcU3&1e8(3Ne2NYyt_X zU!cEBxfStvq+|{>W;CdjX7^gVAv($B1G3wtmCPrg$EsF@H$>Y*cz@xavVmd%=tEc*} z1`AqOG;MSwuP0%LhG4Jl!=BUI%gKN0l9&Gl1d&qNy2B~>5istEXk%4iiTvL?IXNoG z|EEWXd-;DS<>SZh0lEx%%mAf!6}i1~5K6G;H~<7QVDpD5FhB?0PoG*JKX&B)OF}?x zt)8dfwo&KPrxrr8igTk)B2FqBqCb*-+k9xap8iUH1EHt>&b6T{4b7)RX5^vlD>6pT zPg;4^@>F6Jsg$GA&mu-bF-GnG;NA9G0Kn&v{%DtbVgLQPhq|)Vt$*wVBwg!e)9K_agiM`$`IoW_JNMskhtTe<-?}HEH$WF!aJr#B zv;q*=!$QebJ|2N@oYDE1_&GXGjP9O3Fxm@* zf)VRuPCRh2^9*Y%Tw8#5y2%O`|AlOyUA*TyyiV6p~; zg1GuDB^w=Wy{~#*f#>eme;xlHVGbR=Tsi@cHrfQ1$$y8ZMgD(wdf40Z|6P>A>5$>@ zYTV!9D97Jz=A7D9J946|%%wF*Suyg_OXqLI2kw0D(-CUxImf#P?N`n@*O(v&{eeg* zS2;RF&sCKAB1_%+H`bA@2!Ko0|IyLWNpbxj9v$u1|1QdwWWP$@kO*Th%$d+cZNII; zR;+i|Y;&|Xuz?g1q45wO{S__mKpiO~P2|Y~!y+HTh@cJ?I z0>b4qGP=1veaa04vA}|alLr`0DZSSt7PC}1>Yy3+iMO!MvVP)-z@varBE@Sl(dO~w zp|Up+)q+#={en*#Ar@G%lq3@dX6f8X1u>qGBm1KZkKpQGa!23-LNTL$9DwU%67Yn3uyj6U+F1Gn zyDp8xMno-*k+KrnhsXBmeR&`gMrP?_R+BM@y_mSXG?4$y)LdT-T&DjWpY-zb-(m0M zw7-}Cc2P=V-Cy-+H#Z6{7Xx`b`VCy6-1c;Px0+d;Yi3dV;mXE8>cb6;B_?HYwZ4&r zFD>ZkpO%%>t$*-{*pm6bf&KruX#YPs+53O*qRM}dWyvt&Q74^QD>Hn_`6Mjt`}EMz2Qrlf$C^e|WS%|J_Nk zSIkJthuP}*Pdcho?p@(;pr#{KxOIw9dkTKw@M(8S>3v)7FkB=pyjDNrXu_}u<=UMG zAd{(R4^X>v(yn;#fe!*Ydi}KrXar-*prhU?`!S*6YxRrAt_$FSmu@v9?B3Jy_$>*f zqS9}nv~%VTfT<^oOGAN42rT9MiN&>sYDv*ojPjJL^>~yN{P;25uv2(W=IxC>eHv6& z5qP5MpA-mZ1M6pk?ak%e%k$gI;rsJW;tb$fU9LBY7aKEJ2~ zw0yD@;r{Kz&Bf*L>izBA`P;X3=$XFTcgJksQ{_kBMt>-ks(`;sg8<6~@N>I6B4L+L z+ppUlS1C+M!EB;5t8UC$*QYM_yEuxv`XVjwvN&}3H1~zx^4}@rcoof!uZ^yj>s27X z(VqUQ5zU%MlK7G*=j!r!q-)k!DoA|R1;A=@n+i=ZOR5@0yB@p66|X%)b$$y*K0G8?h{eJ2E=kR1N|LvsgR{!7hfF}{R zqD1+(uEgb(di&wk^+o={_0=2eGIU<=*Q)y0?_w^LzW$zuHuZ=A zb>Iqfl+`hkc?YMp8-g*OdK<$D$Rn`zKc^8eEGX+p>Z#}sjlcEQZ`B;|bx0_wPuIsk ziI1|z_euDO?U{`?nAB^SjP2IeF&7v6y`fCEPPdnz=Ohxzn6eS^JP2>++!cP#O}Tj3 zlM{rLC}hh%sX%1QM_QyxB`QVH-($kSd&6jSfg?O3J`p4#u(mtZoEQ~F$5u{lu5EEu zA#Q`ysI5>acZ9Xz+$v&JE^_dSXI&nB2p=%>&abZuPNzR9&=)=?!Cu0A;<8x&i^FZ4 z04c?u+Df117mTUxovu~E9Mq+N4i{MP zWL~YIIoQ`sGK^9?6r+y>cq-y^@Rf^3qb%MM${Xo z+RiYdOblhG5(yf++7fpU5T#3DWCWLx142Ly8kUf?eBl@?|-k^>F016ydLSNTmO0fe{*^M=G~Yb`WKr&czrpsayMV zG>VDusbR`@fok7Jg@Q`5gng&gx*Ds_o78RzQUYDvywQmAtnaFl>~{{Zp&p(i2$cdM z@tFb|Q{Sf#vN|wE*>Qb;l?RTlQ;0@-}5yi}FOOhtJ?An$IM;l6&ScLs( ziu>(ftWLt6$$5KjCDZJExYF0x+ljln!^%@a9@jR+h1WvI|EXX0h zoDz-Gd#$OKfU;(fN;5dd#COnD4rb)z5YZ6DJVo`j%5(B-&g}i2@;dw#Jxn3A`=*x5Hn8= zd9RhTM#9h1Z{=_%qp7KrJ=jx9*>Fp z8kuBfY6(pkj;09{Gt!y~k*a5$p6VGYvg;K2Bp^a#BYQ8Xa{nP?;#yVB>{x>!Qlt4* z;fFmB(GU#r@7(#>+k zl1P1+0b|4i^y!nG=dMsop>9=GN!~tww9@rC1}!I|Oi1lkHYw4Um}xe^CGXN)LEmE6 zD5|0V)yC!5*ZOy^)n8w$>GEq$lfR-7$l)*)s2i!=t(CmDe6b&9*i)HiwXwnX|Q zt6oF8C)IaF^s4r@N%1?K#&0pjO|CypafMbwsw9u1l~wT9!kFYm$GQ;Raw;&D5Pe6-dXqi(EjBq%flMIH!X z0SO_&$wpJ{G%95@80-}3GZfVeUQ#Iagp>+rwd&@ej*k1HQ}ye8t`p`H7XSL|ub*2r z-$}{ae{d9a7+^1eZQ6jA*ndvWPW#3D???Ol|GOy#`%kO&A!g`j^>?<=6PsxFRjQvb z^uTabZT&H>-CB54Ci1yu0D6r`==!mzl#Vd*@IzzbgVBm4XHYEC7y=$m%7x@40bL1% zeNGJ^;DgoyIym@QX-65>sfzyU;9wxRnPwtNU{;(`i_>Taj7NY;6Uq{)@x-oz|68ERGAR6Ju2}6GIn&9#COIB&$;-lc0K#riMk)0gD5BC zB1meoLO#Hy8| zb%ob(F8hA0+<7XmMstBh%scXZ?mBIh+(bF-=bjhtspQ@!FeTeMtbq1SuNKrdy~4|o zdZ1q&^^bDz>{fV1E62x2_01Gt=9>Aosu|%%6^$JAk9+mKDZjPb$-hh6@vA!1KUvhB z?5z&hbOQku3zv{xuQ<)rg^WcXs|xwArtv6OMH@HXXsz9zq;%CBX4PT(3t=neTGwkdRfq>&B@4)(Z{FWtZ4xWR79G?m<*A!*>DrGcB-~niQ3h^7sFu1fazkqn zyelxaitbsT73M<)^DVIKO{TGiUfWImx`3QD{sMdmK(P6u?IW#Jo=&sF#WOVfbaq($ zxo}x9fDZPk1-^!lj`;Z!ka-cB@5qK0rVJ(z4ii65x{rQl&|+fB&MQ zf)dPC%c&M*yqs3SEBnU6EHTY(0k_XRew&v3`sX-^d@K4BJgNszod5CksCfVL?09eg z+fCWr{#P{AEi-MIpbeHr>W?~kMbx?n8gn^0^TD#yJ9Rn3R_U&ueyHx;@q9QqH;M=7 zu-6OLvWf{e>bOK;5B$!AMQ*3sI`d8MbdgExw8oy)@xm%-Cr2koMQqQDF*Hr@d>VVs zgwlx*>Qum|*z1h2k3$z&N9*`16h?^srK6(`QR>IX#X|Vd$@$Lh2WMM@^YrV#aQ#a<=cqS8S#L3CNpM-QA#hsac9xRyh@lx(J8^SLNi&uCEb|~B{^^< zw7ZlMR(!*BsNIfcDpdr{hh02u;V80Vv^a;~I=z+$Its3Om|nEQA)*n4Ca_f!dtIHc z=dKjek^HHn+Rx4LvXp`;vfUgLQkol;0u!HSo{5>89p;F~qmI5@sGJiLe@!J@n?rsQ zCO&Rob1h0Zttm|pYX;r!gotT8Qe07UAgxpoSN1VG?tXA|MJXDn!}U-UzmaqfFc-kO zVhRByERD;l?siEq(GP|`ozS7IIR)%FQ8;Pc!~B6VPbot>+EvG>Lv~~Y`7#_c%ms^G z5i@87m}DWNI|u?ye4_((B&PiT)=Yn*0uM-p(*PEKH@Z{I{H&izKU%g%mTsb*Wkg$6 zp%XW#lLY5lRC5Y`pogBfQngG?(*75(9Q_-V1^d6{!n0W$OZNZcqvKNkr<3FT{=buA zJFyK=TaA3XHI9A1`c3Oax&h=IxZ85y;ZrgeZ51K~alx>F$=qqZK>ti`C<}`2L;8TQ zWVg!ymIQzvrdVhvt{WN)KtJBRO`VfX_=DC9#K>eSP^f(M!Maa?TpWHakaFAw?TAfd zfv`X<4i)^DM4$&6`(Eos8aCkp6TL4=V0!=5jq8vKsmm@7b^ks@5Z=n}wO%N{SRq>` z0>#lQEK|pb2)izD<;JXl$^E7E0HYzJR19f4v`Xb`y=c8axBA8w z*RTQ-5Z9v5#f|YM#|)5)f9WN@e`!c)Ioj{3Fxb%0pCd7)JoWTbmmfxR_0bQKA{Rzz z(4##C22SfmtEB__TjEu_jb5aV0)(RnSv3=UQemXklCw{Rj*cKC-T;04WPYgGX?`cO zQqfwl^PQ1BI>^wBZ97VtaqGMp1 zFA&Ut&BavR#Fs6m4uMjjVboW{s+&y)paj~*p>92K7t|P}1{!2002%p^k~I7EAL>A{$_S;KwXML33uHhTqYOMF zUMEIsb53Aoukt-f1n|_*H7wdrd^(vVNuhi?8EOwt zsQ|&FXs3^TeNxvZ;h5^Dl35MM1bi?1=CId0?ezMc-r-&UWY9Yv^iKY}cQ)wtO#hXA zmJQ`>9-ww#MNy+34AW4oX8xPiK1`6-S9c|dG=!V3sRuJt3bUsszMFZ#2xUafhpvyg zj>el=<9*^{u9HV)h99%=6h)KzW>ZOxCKW9wZ?t7ZwIHYuEUBbM#>^CrqCG}40uMvE zl81qsz1pVVD!D%o7R=k+@V1Btp^$4rqxZrECWh+NLH>#unPCCLdzhPtEuT(EI280A zLKTpjOhOV)hAIfIWIkHwQ(0}5G3l_^QyC%5jgr#zN}lW5-|A@430qILi3=J8RI&%d z&=uds0SzZwsgVks7WSN0=Ew5_-KuS6o^CTHfXJ2FtP`rGF4fvySbbQbA83&>H6|0z zW8mH6{_*Jx^|wm{$#Of#-yWSDAN7t7wZ1I;Bp*+eyO@~*D8o!vW+QA;_hd;clfnMn z64vuB3*`SS80h;CcbB)0cogfkvF!Z!`1rUO|G(GY-~Zi7`G=M_rCg%KhyRg@BF5r_ zXqerEgbD+Ny1tl6Kfut>A3q{Tn~%>^+ZFos=@%sqjUbDwq(#W=a@)_vWK{a`r%%7A zTfd2%$N+nD#Hk9o^im3v11(8@XEkkdS^e@F8GzrFpzGHLLHk<^=U0Df4$^4-52xTq zz_=r#bxZ+^*MI-$?5vdk@2tP~|JX_S__2F{W+WJ>8)8yqk%HEDfh3DNg#kL~e)`mE z$!e|3$4IKf$#vA^{;Ub>s49N^*wIl6!3cN8q^*2^+bYz)siG7)d!<%htNTMrJ)w(E zkJO(exQ)kS@`&1-rvf)Dq>6o?klHtHAcqhuYs6!8z%Cdenv9p zre!sbutMHoyO_F(y(Xiu<@8uI=4dBCS*f;06SDi9$1!pa$&1aQQ81B9-nbcSUFR#h|VW;k~w+PTi=H;_M)Tp_6aKijB1Y_B|} zuav?uCMMKssyb#D!KtshIHDYsnuF3+3J+F&mxi2pz`$G9+r(Y8ayn(k5+~PaQnhJ4 zHGvjas4XO1gtd>QFVv%6HZnCaNcaqw^v~3u@}M=;-mR zsgr2vZw)4@c53pl9C-7D%=BFA=1f`G`a=Z^H%Z(gCkvCRjz)LViVkk-bw=}ij?u)9 zRryhbnds1QW*aDtauU&@**F)e+^K9;n|0`a)4P!NIdgkI&9iqem-jBRyGBam2X8;n5KaFH6>o2n7W z-fnXQs@mMm2#_&)DR8LN7xq znnFvvT?g&eE4vqpGN=s+AIN%S(bTHgF7>%A|JhX+$!Bj;u4jj6R3=iSOr(i@6y3wT zftZq5RvpW%TFKdJ>Xv2U1r^KPW;pcD{b-8c#{ue}uGjkq7$HXKQWeVllbCudyIH7% z%Ka3(Y3a8mPsZaAix{~hMp zUA_dPwpG0}GG&-gITpG*vZ=1{x#LR7wtjTBIxgmrL@x2C9-iWPOtVoce^ozN#kxBj zGsWwkX3X>CO&Halg7v+o{EoX z5YPD~kP5Gzmz@p=feO&Sa~$WDgZ@E;iL~mK!&T0S*56Muflp3X%=x~KAA1u+I!&@>(+!&Fy80YQBca3 z#cq2o06DW-yIpHFGg)sNo&UI4XK-257j)_U-{V63ufu+?f4V>a*+touaTW7NW?3Q= zm%xft*0qMV>>R^EpFVYxc~?peS-rpKQ&6g&Rkq@%7S}9_!m$Q`i?_CtKz}0;I8Oi) z{syi{aZE3`IF4g;jn6&6OG>l#uf{UK(RvJE+5NARs7$1KjrBtnAyV!q?#*79jE$i_#fyQhV^JVp1D%Epxnoqv>N=j{Ks#y)pf&#Y; zVz!&0w(AoJ#gKTzh{2dV*0y0Sum#{N?M-!*sIX);gI%_gENi0t#iEuhODt;V?7KDX z)Y^j=wPIF5J2R`+KrfkJ^H5FHCOHcW>`4j)pPS9smPY%3b~e;iiJeyz1D5Xp#rVI6 zhbR61e*fP^NeoDJY_fc8tfzfZZdjZf)yNbT305nl3pK@ZQo$NBK@y!r5FusrO9>Ob z)2{Qa7YKQTyL1NZgT!66IMg7AaU@8fE~*m&fw?ZDT|;t#G1}ME<0z}GucP3Q574ps zsa^Ho>*_U)$RhiHr|&l~{Lrp#@!a>Rs}eB>5KuNxzK=s92Bp=^K(`+cZj6-dt_UWuE4dgR{Fhj0tj@(CAGz#Dogy!8oY z;q=4Z-Srw2OVODM5!pDg-&dg7m!;n?E35AR6S}$$VA=kEcG@fI|7WNB``vRCH- zRPWPI*st#?qp=`ivp!7da8mkU=Qt~o$w*&>hRB`*_Na85_9=jX3oN)6>GX(v?g{t( zMXq1VM#UX^CJS4-V$_}Y&)0$X@F>vt7waw;dssqv6tauESt?7!l~wnD&D*!D|M&aF z`(KC0$4C49e;4H$?*B=YhHZ)f+7sf+#8tG!fh8OL`SletTb)YPYPeE?4HzEPgb`>f zKaR*S16yKt6-;4DxS$h;gJ!Hj9V687g`4DMb)Wwhhg#8lik?sCaBSc|Ed`QR>WJ{S z!h4IYV)q_T>bYw6x`uw3_%SQ(3;n}pR2iGk7i`%L_lKt^!JkVP{&y^^?*9RCRai`5 zoxam^PCLKNf=)!Kzd$Bfvj6wbP73kA4^PgH_WS=%$}`;mYp2+@WP;QL@Si`u%S43# z{OKLKrqmV=a@K+0X2Eb2kH^3?XCAsZ!Y&b(&b#!$fci*-Fa~^e9eG_-xrLBXz9qEH z)e7R(D-_hP-}mh9CA8T>-|C3{S-WQ|qZ{Xxh*!-P3(36#s`LZcjC^l5h6>5&hFa#>A_F64^ z>g!e8d`qzh9#SCyoAW+Xedw#N>)Nbs^xbxL&aG~lm;tV1#OKz#CXD-5IixM?zDolY zer5|K(4fSZNrwPGZh-^=etedle|r6Tqy4|%WcOdX{~z@ZkBa;MX>Wi3V<+Xg@BjU0 zwfhgP?RAM1u-~Tk+tk0yHuc1!@UZahE=A&X+rHDEAujL=!NhAsS5qN9&5D3Y(Hx zuC8e;5l?G`Wc;`_eB{WikBN%Txh+(b(zYCz&nkXxwEsUkjjjSNJO4jDEBgN*pX~kr zcT=AG{{QG~`zqkZ`~Sq1OfT|5z>vFm2I0g$%3UH3{FBDv1bu&j>`OL%} z&Ly~^xkj%X=u(VSI;nbpx`li&#j2rP!@Zr$tj}hr7h8 z{6C}~{I+6J(53oczjXim^k~ojcT%1q|JPG&>o))Q)B{JsH5-9>P-pwsXqd~Y!zm6u z-*(Df<~Xje&6>}eNRCU|TZJo`#%pfKHfTNha=qp+XIkH-5%Te*5zk(P6G(6p+R(?7 z%^3A`h3o0n{@Mm7eI-4@E~ty?Mit)JHqVp81OsA~lZI4vY1+X`CBLSB+c|&QqlY;4;s?70r}02tCR+GE{DCkTN*fp;TgyCrg>!0(3$ecD9F7NW+!TGSfg# zxq_kKx$x94sjSNXc_f$bh*Hty=8rB*_;I&8wAcT3Ql9tv*HdgaEZ|PHwTugBjK2JJpOjVCznD@M3QU$u z{aIPI{?AJB|BsGN&-Uwo7v&kQ|8$CNecj(#kdsxPJgPeeGR6wy;}%da_Dh%jYfKV- zr(bVLF?S~|fXmF*wU|^{N}BSgmDhjMP2Va@*8fqj(Zf1L~9h(kG82N6x&t7v_0m#qQ2WagxdNebPH_egIK)-Tz|N`9{gEUnSEKKtSbM_ zfQiSB&R5h_3S1)p9iE+*?*I3Cd--oCECX<4EApvhAAo}N_&w2@2mQLYn`JxFX4>01?y@zJ0Sjvbz z@QaO68Py8cdthzov!}=lu7mcTzt8-TVLVraW8uPh+qv3Gi0IX>k6l8(i`H z*FfL?`LDs|&vE{nQfcewzbTovdj9KDuXaPcWQ;Oo*ZAyo-T2(Ndg@n;B26$^``p+d zveCJ*L1nAw#s;qq&y91KZSmaL#%}X-<9+#alxFfDL_VDdE4cjS%3}Gie=OhS<-h*% z(cb>IlTwu9a1`POMT?rfDf31^FDd3 zYh{AoW}+TMK5;SEZT*D(7`S82;N-n-l!FhhpiDO#VBt>RT6iqNB>D7h1xBX^x^l#y z%r!7ZeV>GrA0rP7NZ<$f@it}?7@&Uk8l!ASX+BP} z__^M%IuhSxfXt`ksxgSDH`JdO>kIl%9QaGVShE(Lmw-Q#SGkVwLL(poD z4K`8-KvRgh)M>cOu-YgEi!JdlUn!zY)7{i^&6XWF&s`{Re+t0 zaX3q`%{_2wC@=|uS;~@XXMoxtKc>72wfUS22!1b46H^aF5iQ& zA0Z?)^#vns{&|4WkWni1PAC`&ZsYNoJfe2DjnJo0-6>#SO#hV!t@>6m94S5POmdP_ z5;1pNU}88XJ|reN8wPi$AW8hg-QD$V33_phDSlD@AWuewNJs?1{u}V|{8k&B2I$19 z5CJ39OJ5!J(sw?Y!F~un>kvRVE3=04i@U3zE{E^W-(B8bpI=;BkY;lE{f*HeKQ?0m zzIOxT{8RJ%S`AzxkvgdgP-^$>hwq1PFMqmxTWnD88a1*foxFt^_?pSKD}ny)!_B+% zyK1Nv+kj6e6AgJdrYyjs7VzEGyUXFejLC%DLmB+#>tu*(it#DJg8#f>3+ni4;Fqr9_a}H;Y&T9K_ey^;?qjFm<4}IenA;(Rs8UiNPhp*+e#VzPM?b6s@ z;0TY1PXqz(oL^rVy`MWjV2;|1#sVA~LCB|MEc6jhdn4-OQ5<@?sZm7_Q>(pb;Om8B zmY%8SwtDk$&`>SOpkxY3f3ZNJ*HPY7&}acIUOsvrzQd8tSQoFi^Z+UwsC$@KEWcz& z&AljfY&(l=K|fZLo;O;7dMVf_Y-=$juvbz*6>{Y@TrCsW@RfzuY0e~+irm3kM=rKh z6ebKwLMk>9dT1oaANvC&SPYBW+>qy$$FwjK73*8qC@A!`SZ`;JY|Jh<3bF~78fIfuSFm>p>YMyw)~0Sfw71-PTx}?oR>l=D zl2c}wnEbO3|C>g5t%E;Pmfin3J1U<4^?Ln%{;!>s z`Ux)wok!qSd3#mwu<{EWk>N~NlOO71#2+Xl|DvJ5{x$W^V?nu#ePCbCnWDn?4zme} z)ZS5bYKqjUO5x;m6QK6|??jW$FF@v(oxMJKV4T zofKQ}UrX3ka@~T1D?N4WV}K$v2|+wicCS1~zu_9}2n0@?5Uwh)(s%>#+^n)t{Y5cQnHp3_4y2dRq13_2t1-b3hd$G~~X!JPTPYcmym2i_z$I zx`gu>c=zbIfBHiG?b1MYv2%R%&EfIcx5wYST8^VZ42K?)%#0}%4Q`!?Q9)hmJN96$ zr2wl|liBWMT~cTEd4lA82Nr!-#BzYz>M)^QIZ~@(V7U*hfr5oWCOum}lYMi&>5tm- z`*xF^uzIpr?Ttl(vDgRWvMuLiBD+UeOs(VV)sLSn1;`LDZ>CUYnRQ$itj`yo)MkCn zGzjZwK|W}-|5F@`>G~SLQu)7EjQ`v_I^Ey@*h$&c&Q;j?)yx^H>cg1%RolIuOa)kG ztN(Bwi>VHrwf=VBS+K+JL=Ir!5eBaK@#cyTS{-|#R?ug{a4577{{Z1w&=&T6`fwi3 zZ(SOJu}Usp#p{p$Yr6YBqmC&$J7Z@u2h-v4(erLcZ=^kj#Pu zegjt+2|@$A&ABC7dcSt5EHc7|RNM{uv^3O7iDx>d9pYNqajN=CzgrE9+?xs? zh`DNm0B<2FwU11Nm_vzT8k>T8c&&U~6eR8Ew-bUT60YLa*Nn`F4->fLF80+>4v>$MsA#BA)Wr%z5nv_;G+vPfm_($DV+MnYXwcxdD0? zb8!=g=PIu){2mhq-Wx_Edt28HpTB*p??ayRA33Bp>jIefG`!K-kyOn*mZcWUxOehM zqI^dZnkODsTv)Q;k3R&m&o$QEB{emD8^EZU)Ny?~BKcIf4 zXOJD_(TDH>Gw=NRN>`LKlnV&OPYU#fk4a!{(x02l*Ox~7zhtf*mxh8-Kk{)1Th0H{ zJLwhee}|`M`}p5GDZAg4?0HmTwsqIg1);;VW~vr%DyNq>J@j+C{Y!bbGA{D@9m*$M zJo)+DQn2Q1ualV0eSDHCJLqzICSt5Zgqid+-{!lQst=Yx8U+Bk}MRTG(gmD|1JV19Ff z1&m{#msn!6Zeeo*Ou|W3^V9USIHDd-Pm9-TY9t?4P6kH9-{?qp$o#PybUjb9vn%bN zr*z8>N^~3hX@&v%xqYCJTAg%J#B;W@#p9=^{92SVvhUKyOudRW3INMC#42#A)^cDK z(PpZkW!16}Mhl2hXoLu0-#CI&zjB$tV+4#O%cLPp$yy;4hFKWiS_NIudk7gwHpwg3 z_;w_Z#{2&U2EZlz|55LxU$p-n_WJw%e;4I*?f?6Y-!R`uG2cJ22(YAsU!pLus7qTG z3#`%fzz6f^%0zw&v0+J@djVo?0b)yo{>(&;eR+nZvHUmEhk5ImftUJ!9G(>8e;)4h zfA6NOY5(2)X!jYJfwypUoZidK`jnjz*PahQg%|6Jyn5C3{{;5me(&V0WdA+h`+x1E zY^MKh%mzN&>a~^FMc2NhP&A~WKOY9^1;jNC-Fg4hb#8`9rySAePnbGNZgv$>) zvNar$&J6p+Q#>3!Od&)h{?faZz{gVVl%_#jxG~z|MrlET6sz7 zN$(SVF_%I_GGGE&Ktkim#{fc?%_Hs7NkV;_=F*$MT~;lLF?eH~za=y}ux^B!Jz9fT zS4o#&?tkvje|A%foHJ#U$#ne!7-ik9%Z-A!By)ZQ z0_Q8KH{rw%Lrf`uijms;yKgBiEYm@e?a$OxGngJI%GE~LFQJt%b-@BN# zR()uX$8xs60H{RY@L|=Fx;Q??+Bx#2flt@J&6z~)5pGo4A?(6MW&)cXi|9kZc z^-xDyc_hrQ#xxE+H24mA#1+;H4kCHEFlk`7B3ocv->S2qnFI%QlD<_lGdY;nUkZ9F zBzP(K>3aW10l{1q!D72*DO}Y3(pY^pe2u<>N5Tb{bTBY;7`=qw(<-WKIZTq9e5ies z{B?2jh9k@X1%z`+H*~GIX<`;bVhYHmOs53&B-(!;AFVY*{oc zMycM30GOblBU=y99}3U|2|fDY{NwVk!TOy-*v& z29ZB>S+@SqdIkG$|MYaf{&!Ofwo?}i?9)lI3JC2^RqO&QW?8ukY3icyKKbxXVbS4|vYe z?=f-jk(>$w{U?SAFm$J3CDM{UfsDD9ngB^Ph=d&)0`efBP79$sDNGTrf+ulnzx8yEvaf~NM|hldB}H`Sg&UG@!)DMKCzOnmONj4jgi0o@8B^=y{wM}K4H zv2gv*G-uqD0W8!1O7VaCXZ_yke*N#FM2yae2W)`!G;Fyv6!4fN=xDcc0j|-JLW7Q0*jEquj%m-joez628e7r5VE;o%id;WRFuHpd=gE zO?Io|qZBSmx!|tG@2R+Ez;%e;QW8ChBtn?EQxont@J^2h=ujhY^lk4k`4L6#>9G&` zr)mCuk!nc!q-juDV5KBVOiL4gpwpL{M0Y7$>js1|%E0U7SVbpeK`n#?o}|nTp%*GE z^sS%_PvCAIfzB9&TpXeipmqQOW%ITQi`gDwZvw2X*p9{46iHgB2x)+H{o*|Wlw@vC z!?Upp)-OEB$F@T~tGjT^BfiN9AO>0qp&Q5drV8 z3L&FAs4)rf<51E}PKFb?I9vZB(LD*}+uvhgbA1s1?Qy@~GVUE#=Qg0W8G62HHP8{pR!;8zvX>|4aiMreXg@wB`KIy_0hM$Nt{`Ye(hd$L>Lz zki*16RR_(vFt8qVdDo?(3z6X6eELbuIhll=h zIPYQp8htgxJ{o*iRHP+vRF!0CBG60q%^!$_;uY%UYpK9;5^`07g3TSU$5HfwqVMp2k0vf z^RfZ%pa&q6sdh}rYGj?zixNWDN({QYiM?R%<)&BzLKkFU+f~+@U5iBNx=JN++IYQG zB=afQ_7=8g`nfR|E;Q1B5m!VJUr42D0&Ih!7aCf|)9cqs-I!IwJx zI_h78`#;6_KmEhwef;m86q_Mwv)a(e!$W2aYuYQII#9Sd1gJE~rJqHNgkp@^|G~TM zwE#fk^C5qI>P1 z>;*?7aIs3aLjyp6PsLx|UzJ>3JBs)uAVOcTQr;dfM{`AsH}7v{T@p?ZkHCH9w64a; z9II#`E)4}Hp>Yt=&xk+|#P`t%P|PKs9ASmL!M2vPnO9)NY$_Um(>k>k8j;+dHeV_9 zZ7p!ws9JcYl+aLeN52`axu+{5n5~k|fADqznr?TMc~Zd`=?0<)) z`#)++*z^A#l&UO-r3{9Poqx+Kd~Ls997VZH3(4tJA`?x45upwSY=Fj9In!a)<8q_+ zZIt{)2PN9RwGdf`O0qJ{=N5fZ5!w;wph#!SmTVeWPLtI$)*NqUvbj3m8lbks!i?qu5lBvHYXl9V*fpj&L zu3T-6K>hvlp9=xq!@RxB3XlN5`0)0v0z3TgtLwjCy&wK?cXvI!{%~_w*~GWU{eBgW z?=Ig-%-)^&MHRe-8h8etS8*KEL~+3c6(9 z*#fnW{L!aR_KYmQF*o5*x0;=)Dn$ zN+x5yVSqidZSWheE1h8E9gRa#uu&v~Bqwm8{XkaNeivqT7I|IL;q=tKn$xBg7Bbna zR?1)dhsc&pE5FVkn%pb|Vq;!R`d@pLrd>M?uv3&z&0b@wt@)-}XRSzXrCUg%b6)6K zpA8(dQsS6=Y`Iq|kq+wjjGZREJZvscm9st8icF|%=2>$ZS~+e?^R8xtuJX}vph%@U zXAWzIy7GbUwf5xGEp(!p+xl2YTPjPEbVs>aJcX5OU+PLj{cocTfJ^khqmz@0_&eA#^54vTy8Q2_rSsq3(b@j|cPC{{RnV~O%K2W96w4gEq!VtN zU#CX?(!GJQRjpV@x0GEiFwJ!;KFumsY>VaV5b33cj~^S6+thzrMY!Sm-zWm$lJ$Rh zR*wIDxX=H-o3di;zvLQX(-m78ns1R;aWc^=Bhw|W(}OxU=$zH@^GJ84&~-_VvUqiA zh`P)yS5ZIA9qCoZbCcEV>qfRCbul1ZKIo{vmQ*|jT|^}*zrRTC#*)AYTU@!4{I|MJ zh0d?99CSyOEGDtx4>*cQI6*WPs-BrWXoTH+2))z5HH9hK>sE_tp z(KoHq+De}mS79yO35(o3+>>4vT=TRDxB0M^`2WKF-dhZV&bd#Q4x0U@dUWjdZ9xc82-)?pMvkBiBCt`gNB5Y z*K+Y;L1v&%S*_5Ybit*XXyL(Z5(%{Xcmyopj~@lAnAQb~8Y7 zH;N-PCO+`ifx{o7)`2s^_pJj*1oCgn$fR}f|FvGApD-gd=IH9pC2u(i_+IG5$+`umA6+BqCj_b&hWITu6e& zVGbUmp_1H;+-F4x&=FH|!BMCRr{ZWPp@Ar0VP)_{a~dljWG4509C}G^MdT4K7#YO^ zJQNU@(IkeF(`x;1ba3#V3K$$5pt~tZq=;*ykqD$V9uHIEPLn_^nM?JUGAk^LgMQ?o z`u1}^;L9&B7X@c|g*@uU%Fd|T5)^r$vjsrXu#JoCwIYH_av@Qe)7ZvCz2N)UrTelk V`?B-${|5j7|Nl9<{MrCE0stOxzlQ(- literal 0 HcmV?d00001 diff --git a/released/assets/rancher-istio-1.8/rancher-istio-1.8.400.tgz b/released/assets/rancher-istio-1.8/rancher-istio-1.8.400.tgz new file mode 100755 index 0000000000000000000000000000000000000000..aab05dc76a1260c1e6a7e8cc65545bedc785e182 GIT binary patch literal 19480 zcmV)~KzhF)iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYccjGqlC^-MFJ_W9vIo<8sq8@&AbT@a`<8~6y^us^f$!vZ( zSv5pL5@Hfy1E6fB92^Z}Q1O?{A>9NhGRD#06x3 z>#W^YzH?tmfrL;21*U}e8vwXaK%b5s7YgAc2h%o;1Z`o$1@!$sh^NafhCXg_#HNU~ zT;_e(bq;z?x6>(w;UXsR2qP~6P+HByJoMqLMPPvX;6l#G(t7ee521_tKuy~gpK*bL z(z=xQfsaXaU-~v=bc#L1TjMF~1A@dIWw)4&9R=6H)R|%?BIwJWVi&ci-60aNTMCRJ zA3=@``k94QQU7yd`3}LXKTceZY~3LLeqk05b(RxWi%s!~|*Z zuJ9djg+_=0LBT|bkoVi|n0##?3dBXb0lcP$$2k(b z?b9*k1{j}?8@Fh7N14a_jg~c7jTXRU#2^oi%?Crfp zAww<{$ODiAI+9gh0|Et}BEX|Cq)Y&_QFvfD1Bk$(FUj)BBivEHkoTRW%BP0riIgEv z@2BQ%j5Yu`fMX=zlw%!W#^l#610()dePB9p?DQG{gnl%}2ZX*67dOX*PqYcqx|m*C7OHURMH_#K)e zzb|(Hxyzz^*N;5(A(jvnimkku&;qy75XHY6Xv`4jKR|)*;H-Su#4JR8@PT^hk}@Hu zU-dVt!zG_c9K0(OP=U$_7h<1^GC(y*q`u7(ry-D!0wmb14Cb__CrxgY#y%ZF-w1-j zH#1Aq=`9+;$QM^=jJbp=xdo65<9=3q0;<~6o;{oOK&lr5Ot4rVmZuTDq~2T1S)>G; ze?;CGiLyQez=qJ(Z$ciP=SF1@{7Z_ufJZ|mrhpNnL8%zrP(R9u4I?ozloSjKG@kVV zB$Uho8gYei=+jvsWj0mIOs+v;7A~NR#zy@=rOH%E<{h;*1Y!jG10&3G(`iNnBqk^_ zzX5O~E@&{2lLxze5HY_Gno?Nnx7%^g14<+sn2cK~03(UoFZJAU_|)xx+xfQBG)-(C zreM&;WE}SalY!Y#viO^7j?EDir0((Yo8$KH5RDPj5XTITAc2b@mSAtboR9jO+Qg_0 zu3-_OFnL@`1iBZOP)z!uY4ue9Rb$=hil&X0WXYJcC_(lT>~)--X#EwHto$!f5Gs|e zJ(wUrM2tHkTw4`bApducjt+A2|M5ZZXea+~qkQ?&-UsJ|M+||)t^zQZs=pHKISdd$ zQ^aO>6T}eMZ$CUVzIMO$!8(MM2tZ5@4Vey2>|jrN`5qp zy|Dj&>Y*+zRqG#m0VXX*eYCzcV3GazxO<#m|0ms@{=b#dYPB*JLMaS8QedSF|Do){ z&g~oSVA`H`8@HHveQ>6wpeyR5Mt}tLpin}R4~NJ%LS!`OM$p}`_QR{CIwe_%8U6S=k}WuOsGt-D6#;WT22 zIIO<(U?>pd=>s7c9!3HMkl+#GB7HT1#PjXCQjUWm<{@&2n0T0sOW&mrm3~WHls@?! zQ2|QjK%WCg1yQ^bb64}NWqk!ZdK%{wUEiTuOITr_{HB2$SWyoyvF;sO&j z!dXNRnbO$^`x!cpjlP^bFscY5f??}pjy>c;>%*)WK7B6H^eOag0J_sjl^6Rjs`|;1 z8!;?qizkFVlSArb*TyzPh{+m=2<+;!lyr2o^}g(N37*?u|5f~d2svu$<s*)wsWhVTQlk%sH{Ew&X-vnoDbtvSR3im(KUtN8I_r zr$f-xbB?$7o3ETxt}y`)_!D3vS2^f`=PF8lm8EL^8&k(d1i%IB|KQ*tfBtjQJ2=>_ z|80~F$$q80Ar{8=%$d+wZNH7&R;+i|baS*fZt@Xj^yuP}v)>YQd@ae$FSgkP3DGQqV=5Jct5HI1;*QdOT40 z-5y~Aef)=(v0L%U0n)!13VrOt1P~Wcpi$(T2MckH1m!ODF&P(eR6K$b0sWAAaZQcJ zBDksj+HomElshgBiY*vf-_*_l9wVX0f*~kSu?;1o&x$}p>Uqhb&`=!;)j_$EGnP!K zbmO$Nx6E@hI+?$$x{Hue=Wh8{)#?afJiCY&QXEehG)?ACB8c&r9O)lzbdOy9OYR6< zAR?yJj{@ZS5C=Tw9xRzpsWz7UfUZj;Qj4gCF;Z4S`@q&dy)O=A%*ZT#%xW^?XeTBv zE;ZyoGc{Ki0~hIkhew^P{MYLo9d~!~-!@7?tow%^?fOQ+#bO|jhQA|MD7QV`-nC{H zr&pkNW5ejU*;TakaXUm@m!g=wFtVRIPvHVX-0ee+~QpVc!0KbhPvT-b#5| z`@fuJIrD%0)t+6@64cK6zq9`Dtp7`uD*kUAMhR|(d_C*`V*Y>9%k%$}gX7~J|KCO_ zcb-t}JN1T?+}7SCwC0vvhSA%?CH1b&in`RAT~RU&dDu#3*3t}Lay|(Q`aZq8WO#~w zG)Cv#g+A1`SB%5uh--PytS-r#`rs-er~H&ig>yo=_@KF5>IEua|HNZQxRS3pdWT7L zU;RD`Lmvf*2 zH^HAurOM&&(jb6x0sPu*4>4);N%M8Hva6x2aGE zv$(2Jw5ze3UoqXu8aC}pmQ@we5;>}$X@9N<%QDniNSmb)Fi;wm{pT6!=R<`VvjqKW zaXtpDrHV6sHzY+im4-pL)6G6MGG6+;fG?9eFB4h~=z|Yvir8P)g8Frrdh*|THh@L? zf45sW|LGm=FXaTxuR6O$m{>6UaZrt`hWNMxVyXm zx0SLI|6kkWn9QyxF*l~IuV8A_!6M92R?A4{Etu4<3C4Kptqmu@_lT|jISmnmg0hyR zo{FeY`&)1IR?Pul3lm9wx;p-GK$8`|H>Q9MnvK_()GL^b?bcQ?7w7xErcAd=w-=x1 z#1hGfvLW_7M6PGt6@JD|Ie*xb5rmW|WXnE@KxE5DTBJ%ODn-%H5oXAH%V>B8Lpa1f z7C0ubwmVgv80AIBMn-L}Y;jp3ZjIBZjZi3agf-{fDr8hHa^&UDx;%PE?jZ9{FE4UV zr#~yuXFkNiPQrZTGGG3S$R&+h&8c;ovw>5Vg#H87*dUIEv^#iN`QYV0{M=>LW0%dGqvVcFK9cVt z_9OPF_gJd-|LjCrF9g7X{l9aNkN?!`92_6+_Wx~^`Ri`&=m6;wTO~jMDC1Z9d-@9u z{8F^Dkpir<$)_guvn*BXKenjE*Du#G122;Q4?8FM_1`_&#edpL$*q4CJT#7JoaX?g z7k5*A!I;|K>slquL0t-HaRCL7=hX_DgMG~;#VD~uF?x>?Pego!5K?cDXghyiX~|1YD?TLLSZ7NjM04`ym0ngx)&dwu>49= z>trHCXoboxSuxK(HsdzRg8kndsH}Ggyh#4<7V`g`ob2p>+bN|Ie(uoB=0(+>Jj?Q- zr|$W#{B6$qpJH^kwfoot^%_mGZRrzvV33(EV=-YIpy8cmI3EPCtjs;MGV! z-uln-|Eu%Ux9`uLz}sjW3;6%Z;XywB|3U9$=l{KxvInm83@{o0E@Fv}HyWqOI~``t z13Cqc$_E%i_ZE&3&!hqbLrfr>S=qb56hi>P1o?sf+G#ZQ;#SlO09V@AMg_D3jmF*{ zP-#fPTNEPVA)*#ot1|VZ1}mZd6rTr{!M&jX=`;tKDG!oEL=Ifa7;=R_dktnZ0zt$@ z`a1VnlBF!EfXUd<$FmRzFF8UWgBP>$8c|mA)hh?wOfUzSgCTNZ#1W7vSg{5HLCBNs z4-tSF`nbfWQ85l;`_tY?DyFj(?qe4Mta)Z9pXk3g`=S^z27%2hH zuHI@ydD?eXN%lJf*iaA703u3(koZgx7*XG+cd|NSjIw^e(fD+({z{3cDdf^1^pTu! zD%oULfAEsOk~LLFWye*wQe#b~KiUDnuFjB4#{~a@K(pBgglh8y($%G41Dfv>Yr$K{ zCqoLE*OVlUbJ;a56OJ~NDzOOq;RJS@pX3xg^*qVblqZ$pJK1#W`aYYzGfs|EL zM!WzLIF9q+B?re|yfK0R@d*$UMx*frKmritYH`U4;l()06}7jw2dWlKinW<(lmRN_ zvc62rjF}nQXsF3&#@?N!xj)q;GOlrQMri6;3qbYO0oRzg$Yjovb2ySxlFA&X22`^e zOn{K>D5PEktS6pFRf@m~)QJT-$}Xo^PtJ*`v}7jv)3OaFKx-`j7xhK*SSN zU#mPPpE73e@08c!CvZ1G#O|AJN_H3m1G-9DK5JZ>4`;hsbrbJ^Vx7BF9sTVRr%o1ZBs3--R z4QH`Gu3>z-YkI-Bkmwa77#xkT`x=e6Eo7936ZL2oSy0_DzfVo_&C5q zVqyoFU~JlnM_%%ROX?**)ta<30VUafwZ&JD$Q>j?kxUJylRzi3w`zZa z{}yTZdFwo+rE6Ua_>0?Ek`BX ze0WezO7taWnhkKtyEIqOx7am`YUn@NxO{r8e`i|#^jb}qPZdpm0z)K+!%(1Vw34l( zWCWdf0DjQ<>gH45B(>WR>Ejf6HR&E#-xkr!+S??>Z*)$+`4l&a`!vNBS~02Oq=;6E zz)!g`$%>9uBNPLwISg@~m@F~QmwGtt0WU#u#Q`fFpm~_g8z_TTI!f__%n*Tps?3Rv zhWgYP z_eH1b*ZW+HWRnDc`t<3kRr9Tsto;XuVT&Q?1!$8tpau4yqm$!qKL7i{?*9LFO3wb% zXnc$q_*MO#F7((Y+J2SjCk)&%7?xXqjBB?R-js=aW*LB9158{$@|4m+Vh=ws!ag!u zk>m`DMH)lEy-B$cpCo__0ie&R0fczJu@Cn5e^uI1iglu*zuMpLOKzr_h!U6;r_|y! z7|E85l1(F>^-?O{8mMM|3z(j2;S_w1uzL#>zk6*n;S5`gVnpJt!shmx`vj@^N9nC8 z$4j{NYY=KBkfD*b_h_V6;IRRmX%;KrAZY9fS!+ULe?Oilmd?1)lCZz8^-SxvvKl~U z*%8W22+l5)(#+lx1!1%5^NK3m zli3!MAv4hV-N z6M`aQ=yfXO$)5fyRqRwCH62&p#7g-#58Bh7bKgcpOYid6QTvsXcO}T`e{u57+$F{} zb&Li2-*M-pnE(HHm;Z4q#rFNmXFN>KHjU$#lB7QxhwU_ahv!jpmN<=TPZ>KpOYA#i zgy&3rR=b{k?L^%V&OnrtaULW!Sy48?rAzR02GH=?Vo@%w0luz5Fy&7c%C3tSV%`nnc4)6>Z#jtF_82 z69d7H%Is117BL6YrUno)I>NpctV#B8oPn7HL11W#H5;?u#t(Is0P%@de{@F-RQr)? z^M3X|U10x^CLnGLEo9Q@Kde zWm1Iv`S!#0#X3<|Y@tJqQkJ^emM;BhjLF8@3sZ1&g1l6Hkr`Tp;7yJtmUPehEH@uY z*mjQDuQQD`^vZ7P*E!^@@fXNP0TOIBZ{tZS6{pj*H-CnvpH6%EuXA)NkrgfJavd5; z$dwe5FEe9~?$wb;!Y;YJMdhL*D4g^4!JmMb010nWus$8XLsR4zar^v zC|UjAc1_-d=C8}5`=3XhT>SU$(c$j?*LI5ST-$HN`i3$R>X@NgrZzdpV=mQK$F==- z+i7c`@OJ!#ONl;jFhF9asYQ3*2fzN-u$XZi;1dT@rAe-T|E8jXV#rm?i56tMoR+~W z{l>y9HqC7Sx2GPzbxU^ra~Ooa75xd_s|Syq|MB=BfB*C3aF_pgJ7s^pTx~+2S%$v^fJd@UOg*~a|kuqpU2S*2aY)|tsG)?b(8hOr`(y@=!sen(R*BU|} z5*M+S*3?xf3jELLinha@txZZ&ZY+E@z;Ou{KwkN+v*nH7S4Zq-GigT z`A=t;|6wa77l+q{0{V39=w+?$>qjDq^U<%og!!GiO;-wFq5`*DR?uP<%KN~_B)Tts z8!|e@9^$R>l-XgFk_&L$nRhX-6sA#h3NWqEOqOp+dul_84_q;AFJy!z-!L6&x22g% z89}pQ7kdpDhE|Lg=b-0w8XnS7aMi=)q8%iFhKQKJR&nfgb-tdtQb>pLr;chrGsnwP z3Z}qzbBsx8Zd3}0eV%$IrfznS10D@q`f{OiPKfLt)@x(I{(pFISjhi$bhz99w^D2;wmxX8k#9Cek?)tk zY3wB%K*oW)Dfb;d!6VUBAyNPr3<@-!IgLH=OMF9FP;g7=9e|SED*sy?AaFNlcQo?7 z#$FOO;SOTGFG^r~|J04^kP3;*E+o2tA45d0W%n9;$}d*Pmaza)_)0mEa~dE@km?>! z{J3HlI?Qc^1#RpBkE-Xd0R)#<8a>(Y9r9foAg7`CCnj+ksEwhih;PKaXBCp8t7 z!`v)Whk*dPF5=3KSpk##OXCg=2aHlNpvllGm9Mea*aO%4#unGG0vur1qR-it@g|21 z0Tut!i+%r+kkE3pKTu(?p~Rm7F`+#1^i!7~hBNiikCGy1MrhEZJwXgPjlD)g2lThZ zt7a4IC5{4^gF9I@6?_t5q|uPGPlb*S5y4&`e0eZG)a*3B+pW8Lp65 zKIvS~P;)Usq6&pTL8v{h5qb@VQT#gg<~FhOzyxv-A{JmB1Jir~&=j$mn5dihvc<$9 zPzp4R`f6Bpv+)2FK)aCW)?;@;jX`3d0cHZ=p^s8hn($c7{r#qP-ZI|du_x%j#Mo9z zIz}qqh&g^ERL+(!=7^Ab_TK|Y1U3(}@Ha@sbN#tFiQ;|m>x&n^8BgvRFr zhIo)#d8HDpZq~K}$1acoW{fiA8Sy$cQmf;-K^Xb|AT+`D zo2ULAobhJ%txi`ITYZ)9Ni2XThOR;0cH-0VI8F-X)A2xicuEBb-HT@O*w^Q6O-x2q zKb6dCFv7_9(rx7>2I+E(|CcYo$giY+BfJ z8mTwV9=KN9$}HJtOaPG!wOPkhOI)h8yRiDOL_g3XWnxUmoJWYa54(rQd+KkO29o8r z4!=D(Iy~qc^t8S#{5T&^nY);o0wBdqR%SzJQum}uE91d_Y6r60t= zuV20ZN1KmN6WbMdc=%0;Lqn9tRnj74db#b_d@?Hi_~GF%`^Z(dN`SPW`52iTis~cicWRZf_cY!2}J3)Q0-+p*#G-S2L`F$wW;rKdge1F!2 zbyO9v@nW%e`W6B<6;Di(O&~G={8K{JN*o&%uUN`96*J1{GUzG95k1n(ickM7-17?HBlYYi{R8( zT^v%5l$ryQRf_Jc`Yt6Ldx#-#QEy|X&(i6X8cUo^qjA-`_0$BK^O07gofQ9;MV(gZ z;A^Ev>#2*ns4D3W#;HTqAS(}8W0)wP1dh&&6waxs*P^4xv!YI{p}#YjsM?9i!*avT z5;E0ut(!ANVe3y7EZih<3!OAfsyZ6oN-H|Jsn;6LvN=X$J67pOA!MRON2zU~Fv@X6 zhkE0jr*f;bRc(%_Gn~b5lWXFoiBt>dt2i{7uq=3#UfxcO58$Qlj*^d^8zYJ-u&)50 z#OC7IPQ7SFW1fVxHR^Hc+AdxTFBnC#Uhs4YyhJeiJmE{igls|B{cIuX1-( zlFe^Ho4UbOTOnTQ#fZX>Z;WkqLn9DdYHN%@+Hjs4>6@|^UtfoDk4Dj-~*3?Fain+EFJ!1am*C2dz>-TheTF*)H-MH zi-pk4p?)a?%hf3%e6d22+@&VuCAy#SV2LC0WN6S-J490%$5R`T6aj2cm}TayY}1L` zETv7RMv3f!K37z=P%@H5Cf{%BWs(&XMiBd;`3sGJhdmV^(IB4jOTZ;wJ1<);js(a- z|ITroR}T0$7ADT74l(^&8!=)ObHvvXfT>W)o*ZzFRZu4#&I+nr7CQQshespC5XpZ( z#ZbZ57-i@p@i8Gso#JB2PP+o_A7_o@5tuVPS>g0686I>W`q;(7p8-rftnIBt$L7ky zN&*=!H)f@xy1fdkS)^ISwfSVabSrOnm#kY82*G%tmq$SQl>lVSYRzV))y!nQ zt#$t6LY={7MPJZ`_kRy_@t=F$PWO0s{f#x8*+sjMpvZRt6N10Eh) z@w_XfhAiLTvneQ5&q`bI6N_sa3*k@$fcaZnaiG5;5->{uOnyhMNN`LpxHyhubB(7S z;02}L`d4Eaz;HDNu;~8R(cwvc{r7g~zuPH~xqi2`Y-8k1epl_l`ey>Iy${|~E&xq- zWR=?l2cbX9dM|^P6h?3e;xO>HXl9(DAwxPsxJsZl%6+FK`@{_C2B7~PpaD(###$8yGRVUGq zm9w1~$UaE%>l-()%*DDVaV)Ni@l24ura|KRT_Bny=@=0t1v^jU9T*>fA*EEUV!P0P z4MvOx2`#JfG~vQ*74v2JTq@LaGMZ1e_ex4_rm9&5%$x$Z2x7XMfTrtXM8p7lgOH&S zzOQVcvB~1G zv7YvMxnX{8R3lTABv>txF4PoTL3UU{a)@J?2rQ%oe=b`F@3n({0{{YY4d$JL0Ls|kb102{dX0}XH4u}shrR6suo zn6d^c?DIgu%8{Ohyc9Qqs*!t3@5lzIK7S7QWNcK;vK`M?dM0Y@$+9?x>>622@89FG|qX9G>OfVl|S45_EI z+-Bk^)QUc@6Is>45qkhDG{XiLw1Sa+RFs6fX z;e)N?tYju5eql<0Jq7GhY1i#jfC4U{;992BBl6S}?uWBXzZQ*(JMc`dwq(VqoAFQA zfe+|jfFI6QT`u;p5OgnO7q_!iz8ZODS2kOgmH+hKzFGTE_xK=h|2aI|o&Rp7JVW^} zj?%Gx5m5WfT$t#amN>XT&^x`n07leN34P73l-mZ(9#v-}&}Ts~#Df%UVY4gQ6egGp zI%Y7aw>7B4rmB76Dt=ks=kFt;HT}ov`Irty2L9txAa13K2;b-4TiYshZ{fIlS5046 z&<|oiVgE+{p9G&!b@jtdwp5gvqImNas6C@^}fByVF6%qdV^Lubfsb6(U^!qdz45QHq zG0m9=E)1cIg=O{!MdpA-`~OKVum2yO9G&d;|8117WdDCITmPJ0 zUrZQ+9v}GT*m}V>f1^(HWo2N#th+1Z8!F!wD$d6t3RLd>m0I-F*UPr~jzSN4Km`h| zzxSEy17Cez)n;X*?>8ekZB%4}48f|6_|$q=XXCzBZmWyB@6td8soDSuG$`?P(jkEN z8z4ad@1JGo*Ad^=+W)(CcK;gwA1C?yUx&xto&U#H%5&fUyI6hWhMD9WORgm zB)8`}t{{u-KgTDXy!>}?xU>Ikr94;p&zfRS;tKL!B5|paDDw-p-{^p9xpHc| zU*szsF%`VVpJyy7^_Wntsru?$HgGj4V>vMiS{9rkR9rtH8$d^&%tT~;bo6eSJyw~w zSC)>$3JnJEeziuWB(_e&TDVxPZ6lbh)cjd2M1u)};i@93!lodWt9x1t#M25P8QyOU zA2~9sW1?dCZVDBpv@OQvk;JdH_WygQ)>YsI`+xT&pZ~vicyzM!|JX`-?)(3}^E6k1 z*WUlfu4H|26`%}*4g9(;pJJhNOt+rt*6T-&mRWfqx&?&)gX*$iDLL1p7mgWD1dg%8hlL9Z) z|BmwUpL)kT{ck(v8S;NU#h%FK|ABhQQLUSez&xn3{cB{+ZS}zf63@4tvKL(((D&xe zXLTgU1??@vl}zImSLAE79)G!7^XF5o@6r(Xa9oRL&%+5xa1z?UhvW4a^<;_o6y^T< z1}7bpLQYi`nZl^TYun~|e3)QBEOXM3s4jIoSgPb#^lvlgPwRB=bPBOA8P%ip5ymZS zr=yQ;bzgS>{~SSf8!aaQEYklDJ9+=VgU;bD{^M54Gu;2p6nhf2@4s~0Wg6dqC1@@3 z>|4@IIYq>yY%N3O+6F0ugB?pL;&8l>$<0BBP}15QN`#W7&@$6NPRyJ+VRw>gmu2}s z59RV5QYz}){L*Cs|L+`k3irPbI=lFPTPe?w|Cda$CsGEl6(-;xl#01Gz^n}+$9KxE zu{|pWwBGu!Ck8HB|3}C9{LhC6hdckzt(0fK{-4{@Ut!fhs|BAcYpj1k0~d-KEMVdK zKgzHFqt3y>ZvAhgJn!|dr`U610XGVxMO;AR{hZf*T$Ww`VnP`a5HFVc)3V6^)9L2d z|G~l0&i=EN@(kC1GR2-~-QQU4$E!YmRCNqwj1|VmEudcH7lJ)hm?XMRx7w0o?oL_& z7n!XqF)6c@Jb(VQE00^2=KpntKC3L?{|B9d|99{BaA*J7N_md_|0#vOo4D~Rc`w8E zHL3%SxJs5ca2bLEd9}~~ug!_0*EonYKceLuBh+U523jF2wfvK^^sV<16+T&y&mjD#lK`(R{onJChl80 zUtL`(aH0HnkdOaxaB{NK|F=?}q5Nl0u_uxOe@09=_o)=9e}glHQ?(6%iF=(k$mDa( zl9kVOMQA>uK8q^QVqoNSH3?k7FeL?F~oV5 z{E<+=s<)^|AtD|oV-O(D;dq(7Ea{m6@!UF=rasw(w4U}hfxB5@{SinIOD=FtsU_*V z5n12@apg(7d&jU4D4*tLtseh73v!E{-U)vH!DTi1ueR&2DvSO93iiK)?k@k^R?4%L z|DMkEH!u1v>-F1x?moYES#AB-y7rTlMfzW_Q&|6p$Gi2vmGW%Y{}W#OsnGo{DfJg9 zeiG?HlJa|j#`lxdg*K2f(P~;>j@+DWU&5?&xLxv@n1z*}-I#at=u$gzdKu-x%DIxC zqQn0cp$KJS71ZqSXZhj4{_yMRv{Y;XCP4LJBa>fK!$UrteeFx&3UL}S7x7GF_?mRU zvQfVggV&mVBN@y#=r>|xxAPnM>z8`+9}0as3zl&C&6N4_U-$6%Fz^4-Jv`XO z|K3W;%W*Iad3)M50^8eU;7jDRFJCI;tWo6qN__;57S5Ix;nox4Q0QY9a^2R?(2o#z ztQj1?*Nt-IBUezSn+>3FC+{pg=3x?l`mO|{V*_1Xu^G=aFh+eJlkrcX2L+1Z2k`zn zVq???-So*%BndMaKNpJeUfCd|d}`LHLEjpqbg!sCPO|u!-Y+{6Z&ES$+zA})0r?lP#hK*1tQ zu*+5oDHECbmup472Y-Uk5f!M=1D~TB&5xkZ7qs7OR+9#RL`yST5ATC9eXX9>96^h` z%MGLbVZE`87q|Kwu_<=ZsjFoF4=c>^Io)EIGAw2$O^y6A{VaZYCf_CP)`U_R?ZS{$ zV}%1aMuRZ&eW|xGBrJNXcbAdxU+XtE-(rxA(Xs$rDcf)sV4Hd1QX(KGh*?UIYNrpH zU%n)q3N-nQ3lt1IG=h;Y1`Lfc7i^|SsFG(>js;~i@bJ(tuOr|XJUpaRJ|WB{^|3pv z8Y_zwp{fY}1O_$GJoWG3j5qCxxe8AOD#IltUdn}9pxLIOFrt?Ff75>1aw!?%apsw> zX5N@%qqhE~_-4d4Sdc>n}6=maKI=PdLI-F z2iMVPgzrJK-2~v_p*=y+7n47-pjF>Wh9jY8l|fE&N-SoMiUO_8seY_k;T_aCp`pWc*1E!hTqIv#7tgAru`6qSH) zF5aIHzP~ts_jbiLR3;fkC95e=+Sc{y`^$IdSA(n5o5F}JYKFrg^bs3K4J6Z*7j#0v~$%EIC^_Cngr2}<~W+lrn-cd6z3LV?bBAe5X<)r7eR-j%A zHVT_s3^DAb6i|g+aSfNt1U7tSpLOap38f;ppw^M|E#-v?LlQ#8IzkT(<@iIt4+M+Q zyf)Y5dBri!jYP@%)-`epeI?eLnImhn%k`H~9%hx%fim#2glcd!l7i;UA=E>!z{`qi zA@yEWy%<0u@GEPo#4syGkE-@FS~&I4X(^y;7M}%Ho6Xn4FQi$MA@x?qPJ-Gva%vRv z7!rZk!BWGljp`EiEjFB5V>XEUgdkN`~rq} zFxA!Mhx!=tN6PRYlnCfwQtvbpl)KPJ?CUvGRQTRNHbx?`c$A%*0(GvEJ2_o?({3zc zBFWIC==NfEv7{?Tt@V$|m?6Go*4MNwSpU6~lfwEx>Fw74R*Eh9uO#j&$!^Zkm7Y5G zK|r3F5G3v>yH%c}Z@30KL;}W62p1Z}^XC>N2hN5t6UhICW@Yq=tpkIYP;!kqaaTdp zf|zI)^O?hZh)((0>!A(X)Cb6d%UOqc4;8H z*g8CT(>px*_VCTC#W)(oAn|}?W=x@IaBGE(3hGkdu?K4<6rOmVMAv#|h2Sky;J|%Y9%46f6u<`Pupz@0+Vlf6$cQH|y+#<&(W^Z_E>nMLsgl z*m6$B(t8NS#5%xU{s78Sfei7oh6-hvS;c9=`h4zLZQ9pVhp>L;a+<|G&<`@y`EmD`j0vS8nH5GiRWx4f3#5&JMp7 zIe;M#Gvtb&t}b}L(Xtn634O*45~02G`v69QHlXj*yHhf|c4>%=U2^^^UcJ;>{~-?_ zQUC899Ud3-|D#?0hpm*{`qgpK9X5on6Y}spmD=qktX|7yEcJRNOQw>$S;<$_NB_Vo zX4e`kIpkr@Ma!sM+dfRPk>44EiOl{58g*yTt(zmWh_UZBg~NZmeJ7O z)^)?D@80Q~j;H)5juNYN4$KEiu5{izRWplap~WKZtt^rt+Yyf5VG`YE0V-gpL{2sy zg`tn6fDiq2Hg1kW*2#Sz%WmG2?QNNN?$QJPE9l3+dJH5Qn73B=& z0uk}E0)6H~99Wz5Q*-(1QfvR0%(dlGA{g~U9}=|D{7;>uLjLdG@yW?<|KCR0{-$Kl zqXM(7x`r+=9V9gqwRl}Qy}0RtUz^R}io2C@lF#l?KIUQzCv=Zn>aYJPMtAjNKGj?*6@qxUoQ)7&YPzq)sn%%an-`Wl{vm z!qv&(Ohqp80MWfbL}z+?4Vo|vd07)4L;)on8PcTYR&IATdCvtDXcYOpz#;4P5}E^H zOvYu{Op?Rnka{pVJYK1(p?p|6Hy95^Yj5UIWYuVDaO zu>Y6jf0h63_Wx~^r`rE_8^7VUq2jjxIU>M<{(g1AOEv=xby$qN?FnVyZ+JcGcp5j z@#r|y>+}q{@&x%Y{9H5ad)f8>2=?D@=P1AayGMsR|F5l-_4L2B*}#*nUR#NsckxR~ zK?6$s*&s-+Ag*ZW&ibFOaw8=6u6+i4V^{tfr6&KEs@7xq|8`G~^XGq^!|sm%Z>4P5 z|9Ae)pFMEO0Ud#lAtKij5IA&>UIT)V2Lx3&Gg>VVbNN9_wgyAonnE9Yiid-{2_gU! zE})8n38ol=ACVsvUF*v5O~ltotY^5~(q*E}-yYIXOD`!s>V2ZG=2D1=2TULqU}8M^ z7(&ElvrxNqVxn);oO@$*lU9qP3|<-MZwZa|ts9|ckJjMTRno=RIMxyqYPpQp;{V2! z{Ydve4-Ptc`M-10+2#M(O38E1giXfN^($bMRktqJ3f~gX`5_W8TS>hkV>^^jYxxL8 zc2Jw#MY<$1uiX9=*G#TW+OLXrb&P0+xUk6pi3eV)3%<&^HP3DC&~PyN?2%Wm7S&P_ z3Sk<{#lWwuZ}YJPPjoL3BhYU}%r9epX+z-Qq2F$o*N_P7Xt7DG)@E5fMyaT}+WI&s z^~>KHT73EPaxucMN;c1mpXH*LnY(2Hn&v?@?jzILYD zNo3pAFYCr(nS>h_1OPiYZN6z0WZT?=y*bk{I;#SGXK!NGjE`Fx8Ml7Bnc%oZ>Sd$d zuNK<=u(V%xj3Cd$I;Pej9!w>`)sWn(KDEWRQaR_Tx6!Y*EF=G!XmU%7fs4+64hsIi zz24F8{AVj=k^C2%6ra5qxZ?sVm0IiHm|#%L*j`#L^EQ|NzuP%E$mjpwo&RpB?3sOh zEWk@25%AKd^fn4XbKXHv6Ev;!lcp49o6T3RKnJvxl~2O_W<(?6f&O>E!>+Jia3tcF zbCX84OR_~a^{q+^nn`g{rRiBUQmeNPnFOAhV zgV*32bdR~bcoy>tG3 z{*S@c$B#GPy=dRQ;cZv%Ufee2n9vt46v9W2sc|7S%r*>hd)jTMuHx;gZp5k*Z>ykE z3iH0onWLS?_0oFrzn)FT%+mEQ7<4fix6jnZutww;T^6nXlTPmb0h0@C^hfvjc(?wy zQ*yR*7YgXpal8sJZBJC}3M*z^u?ppV;A0ZqTW`(0lCNFF1Ri1J^?`X>UeDqZYBsiX zqOkJHOfNoTc#mhXnYek51;a4;*;VlX8y?~=!=XOlI|ZL3?A`)76$JPvL}SFjjfNFV zOZo&l;#z7#K&nBQv?xKqLjiRf0NhAn3Ud`qGi20@RMKJaIfB0GzXPt&2r(dNV$Z+3 zyK{b5?HSZ%-@u46;2{CA&z*)bR+^qoGyUkU%{=C=|EcDT>oR~v`d=abQ}?91yZ^nN z5;8i)9%6lVuRklRwbpyY%9x$u*iUQn)B&1H2f0pyHAtu0u2z(kMzK z0f5Y%m~hX5cYN3fJ&nM@x1Ia=M;N-thd$CjP4ge}R0GNQDdkUdny7(xkB{FRKV!q>T>hVG zfP*CQg9taA|GRTkjQ`o)`TuRHeEHJePg1g&Sh&j3AQJ}Iqb_f|l(;Aqyq!%z3OUDP z(h8~9l6yrP?6-}#k%vZ@AkegvwHW`3V*ZvSYFWfE8DF~-Z~TQw%7~C{G?P0|jY8bF zTn?&QgpX;XX;+>+yx{9sIo;+=+2n+M$zfhJz%6ix@OYv<7t$JOC-kC3#I;hxZf|1G znR}TjR)f$v8Q6A}wr1BnQM#&9L7X;jF(v7oa<;v>t(ktV&4qJ~)L_KrUQNpqU=s{I z*U%!KUcKgO&WeQ$-&%s0cu&DYI2AZ$8GMx_|B0#LHEOl$8eB@YD+sZYnVe`Tm+ zJ)J)>=FNsh{CJh=P*^MJl(16N$yzD>E9T0)*-~S^EHPth%$c%Tv%90 z`ndKC0?B6C?R4hMsrBUly87P)`BH~pMg6OB|ErtV|9XeJ_)l9YHbc^8wSkd`2h14O zv{yiRpm=i#P->7%J_{KpVg#Ch=k4Z708s4nA%8Sed}6Nz`|pO-XdCDEAtatM)T@-Q zbfg_4)PYu`prOXbckQ;;O5bXIL7#(tkbn}!z%o^WKY?Hoal!F{`V$A&(P)J4L9TZ8Oi@^`VtkO)~e9zI@4F1u3ukC$N(w=Va=5K!MJeF4;6<8BJEtSaZCY z%I4~Ls}GtI3p1K?L?B1sHp?NJ9@gbE{N4>ek<0T%DiYe7yQ)@bl@rpUQ!>HI%koZM8uC>-?9wfNs&OxyT9-13&xt z?wtZV`0tC$e_ebS{CIP7Ik^0IbyM2Jw};(s8IJGI-%HHipZ-6Co2%2a^Xt;Di<3zo zX*%g?W^QW5@c-+l^Q&J5|2VxqA6%Z^{8$EEvhQ?(T1Woi;lZAf#W&`v9B7xbGgT!| zKOavKL7ZPQIz(BOeIi8o0}|PXz@%Ml=b!2mRmo(mHw-}!ZyNlX>q;k>c~2uEayE*1 zkmLl;wI9gp+V8^5&OEP+JDi-lmvh>r!dxbs)=Kzmw+C#=wDjxjp~=-;AU5VOW160G zl%`!f4Y1=Bz&ulJ#W&?TYe{l5-9j9W^-RzDbl{kk63OJ_%e+#Flt8y*>@>;cadUa9 znC-JtWCBGq&x+H~%5hYfcNH6SnU98p@>HsF=CEd{D<9}yYfnDiLMxoQjr=WaS>mKi z%FW_2tX#WNRch*gYh{33p#L2l9hJm?+Ub8=DYaST`jecIUraDJ!aihFzD=_nf3yNl>c+RqcN%gI+m3EUHfK5(_jf}R&%t>ymSstn7p@hpnSZ=tN zB){3vUFz#bp1B%Uyt$W*RI8##EfW^fJ}Y|DD6FmIX?_(}!X2~F&B8tEl)*Jm^Kk1A zYk~jI-T$2l@&l~g=hxX|7Rmod2S@q)-<{q5zn!uNE}@V+2nT`!J=QwT{xHJ6iXRn1 z_ZE&3cN%*-#DU@O9PkP9eK7XvPIXN*N# z{a>TsaE5=dw)%hkU@~sY|HVJ~l(bVoayN=XFv33KjeUpTg^hh@2yYwvjtJ!6l;Lq> z|Nm?3fuAA6G~(dm?Ky8aCRJg>!5)HbU7gY28_txw)I;sB;m~UC`oB6qef$303B2{% zSg8MZyZQJp-JSlwof3<5jm9as(sLmW76&=<03}LtGjg959Y9A+$plBCDx8X=nS=(S ze1(<46U=C&e2|&k_aX7(WSYRkTrfP01oA+DT}I;=N=~Ekzrp_g2P#m1e;?dTkVFc* zHX5-&YU6P?!R{mu#FDyHk0`UkvN+%;j#S@%%?5n=?d81SEU$n^-ALIPRa=4r59w?X vC~nxsMfO?|K_xknD9mVNDc zVQyr3R8em|NM&qo0PMYccjGqlC^-MFJ_W9vIo<8sq8@&AbT@a`<8~6y^us^f$!vZ( zSv5pL5@Hfy1E6fB92^Z}Q1O?{A>9NhGRD#06x3 z>#W^YzH?tmfrL;21*U}e8vwXaK%b5s7YgAc2h%o;1Z`o$1@!$sh^NafhCXg_#HNU~ zT;_e(bq;z?x6>(w;UXsR2qP~6P+HByJoMqLMPPvX;6l#G(t7ee521_tKuy~gpK*bL z(z=xQfsaXaU-~v=bc#L1TjMF~1A@dIWw)4&9R=6H)R|%?BIwJWVi&ci-60aNTMCRJ zA3=@``k94QQU7yd`3}LXKTceZY~3LLeqk05b(RxWi%s!~|*Z zuJ9djg+_=0LBT|bkoVi|n0##?3dBXb0lcP$$2k(b z?b9*k1{j}?8@Fh7N14a_jg~c7jTXRU#2^oi%?Crfp zAww<{$ODiAI+9gh0|Et}BEX|Cq)Y&_QFvfD1Bk$(FUj)BBivEHkoTRW%BP0riIgEv z@2BQ%j5Yu`fMX=zlw%!W#^l#610()dePB9p?DQG{gnl%}2ZX*67dOX*PqYcqx|m*C7OHURMH_#K)e zzb|(Hxyzz^*N;5(A(jvnimkku&;qy75XHY6Xv`4jKR|)*;H-Su#4JR8@PT^hk}@Hu zU-dVt!zG_c9K0(OP=U$_7h<1^GC(y*q`u7(ry-D!0wmb14Cb__CrxgY#y%ZF-w1-j zH#1Aq=`9+;$QM^=jJbp=xdo65<9=3q0;<~6o;{oOK&lr5Ot4rVmZuTDq~2T1S)>G; ze?;CGiLyQez=qJ(Z$ciP=SF1@{7Z_ufJZ|mrhpNnL8%zrP(R9u4I?ozloSjKG@kVV zB$Uho8gYei=+jvsWj0mIOs+v;7A~NR#zy@=rOH%E<{h;*1Y!jG10&3G(`iNnBqk^_ zzX5O~E@&{2lLxze5HY_Gno?Nnx7%^g14<+sn2cK~03(UoFZJAU_|)xx+xfQBG)-(C zreM&;WE}SalY!Y#viO^7j?EDir0((Yo8$KH5RDPj5XTITAc2b@mSAtboR9jO+Qg_0 zu3-_OFnL@`1iBZOP)z!uY4ue9Rb$=hil&X0WXYJcC_(lT>~)--X#EwHto$!f5Gs|e zJ(wUrM2tHkTw4`bApducjt+A2|M5ZZXea+~qkQ?&-UsJ|M+||)t^zQZs=pHKISdd$ zQ^aO>6T}eMZ$CUVzIMO$!8(MM2tZ5@4Vey2>|jrN`5qp zy|Dj&>Y*+zRqG#m0VXX*eYCzcV3GazxO<#m|0ms@{=b#dYPB*JLMaS8QedSF|Do){ z&g~oSVA`H`8@HHveQ>6wpeyR5Mt}tLpin}R4~NJ%LS!`OM$p}`_QR{CIwe_%8U6S=k}WuOsGt-D6#;WT22 zIIO<(U?>pd=>s7c9!3HMkl+#GB7HT1#PjXCQjUWm<{@&2n0T0sOW&mrm3~WHls@?! zQ2|QjK%WCg1yQ^bb64}NWqk!ZdK%{wUEiTuOITr_{HB2$SWyoyvF;sO&j z!dXNRnbO$^`x!cpjlP^bFscY5f??}pjy>c;>%*)WK7B6H^eOag0J_sjl^6Rjs`|;1 z8!;?qizkFVlSArb*TyzPh{+m=2<+;!lyr2o^}g(N37*?u|5f~d2svu$<s*)wsWhVTQlk%sH{Ew&X-vnoDbtvSR3im(KUtN8I_r zr$f-xbB?$7o3ETxt}y`)_!D3vS2^f`=PF8lm8EL^8&k(d1i%IB|KQ*tfBtjQJ2=>_ z|80~F$$q80Ar{8=%$d+wZNH7&R;+i|baS*fZt@Xj^yuP}v)>YQd@ae$FSgkP3DGQqV=5Jct5HI1;*QdOT40 z-5y~Aef)=(v0L%U0n)!13VrOt1P~Wcpi$(T2MckH1m!ODF&P(eR6K$b0sWAAaZQcJ zBDksj+HomElshgBiY*vf-_*_l9wVX0f*~kSu?;1o&x$}p>Uqhb&`=!;)j_$EGnP!K zbmO$Nx6E@hI+?$$x{Hue=Wh8{)#?afJiCY&QXEehG)?ACB8c&r9O)lzbdOy9OYR6< zAR?yJj{@ZS5C=Tw9xRzpsWz7UfUZj;Qj4gCF;Z4S`@q&dy)O=A%*ZT#%xW^?XeTBv zE;ZyoGc{Ki0~hIkhew^P{MYLo9d~!~-!@7?tow%^?fOQ+#bO|jhQA|MD7QV`-nC{H zr&pkNW5ejU*;TakaXUm@m!g=wFtVRIPvHVX-0ee+~QpVc!0KbhPvT-b#5| z`@fuJIrD%0)t+6@64cK6zq9`Dtp7`uD*kUAMhR|(d_C*`V*Y>9%k%$}gX7~J|KCO_ zcb-t}JN1T?+}7SCwC0vvhSA%?CH1b&in`RAT~RU&dDu#3*3t}Lay|(Q`aZq8WO#~w zG)Cv#g+A1`SB%5uh--PytS-r#`rs-er~H&ig>yo=_@KF5>IEua|HNZQxRS3pdWT7L zU;RD`Lmvf*2 zH^HAurOM&&(jb6x0sPu*4>4);N%M8Hva6x2aGE zv$(2Jw5ze3UoqXu8aC}pmQ@we5;>}$X@9N<%QDniNSmb)Fi;wm{pT6!=R<`VvjqKW zaXtpDrHV6sHzY+im4-pL)6G6MGG6+;fG?9eFB4h~=z|Yvir8P)g8Frrdh*|THh@L? zf45sW|LGm=FXaTxuR6O$m{>6UaZrt`hWNMxVyXm zx0SLI|6kkWn9QyxF*l~IuV8A_!6M92R?A4{Etu4<3C4Kptqmu@_lT|jISmnmg0hyR zo{FeY`&)1IR?Pul3lm9wx;p-GK$8`|H>Q9MnvK_()GL^b?bcQ?7w7xErcAd=w-=x1 z#1hGfvLW_7M6PGt6@JD|Ie*xb5rmW|WXnE@KxE5DTBJ%ODn-%H5oXAH%V>B8Lpa1f z7C0ubwmVgv80AIBMn-L}Y;jp3ZjIBZjZi3agf-{fDr8hHa^&UDx;%PE?jZ9{FE4UV zr#~yuXFkNiPQrZTGGG3S$R&+h&8c;ovw>5Vg#H87*dUIEv^#iN`QYV0{M=>LW0%dGqvVcFK9cVt z_9OPF_gJd-|LjCrF9g7X{l9aNkN?!`92_6+_Wx~^`Ri`&=m6;wTO~jMDC1Z9d-@9u z{8F^Dkpir<$)_guvn*BXKenjE*Du#G122;Q4?8FM_1`_&#edpL$*q4CJT#7JoaX?g z7k5*A!I;|K>slquL0t-HaRCL7=hX_DgMG~;#VD~uF?x>?Pego!5K?cDXghyiX~|1YD?TLLSZ7NjM04`ym0ngx)&dwu>49= z>trHCXoboxSuxK(HsdzRg8kndsH}Ggyh#4<7V`g`ob2p>+bN|Ie(uoB=0(+>Jj?Q- zr|$W#{B6$qpJH^kwfoot^%_mGZRrzvV33(EV=-YIpy8cmI3EPCtjs;MGV! z-uln-|Eu%Ux9`uLz}sjW3;6%Z;XywB|3U9$=l{KxvInm83@{o0E@Fv}HyWqOI~``t z13Cqc$_E%i_ZE&3&!hqbLrfr>S=qb56hi>P1o?sf+G#ZQ;#SlO09V@AMg_D3jmF*{ zP-#fPTNEPVA)*#ot1|VZ1}mZd6rTr{!M&jX=`;tKDG!oEL=Ifa7;=R_dktnZ0zt$@ z`a1VnlBF!EfXUd<$FmRzFF8UWgBP>$8c|mA)hh?wOfUzSgCTNZ#1W7vSg{5HLCBNs z4-tSF`nbfWQ85l;`_tY?DyFj(?qe4Mta)Z9pXk3g`=S^z27%2hH zuHI@ydD?eXN%lJf*iaA703u3(koZgx7*XG+cd|NSjIw^e(fD+({z{3cDdf^1^pTu! zD%oULfAEsOk~LLFWye*wQe#b~KiUDnuFjB4#{~a@K(pBgglh8y($%G41Dfv>Yr$K{ zCqoLE*OVlUbJ;a56OJ~NDzOOq;RJS@pX3xg^*qVblqZ$pJK1#W`aYYzGfs|EL zM!WzLIF9q+B?re|yfK0R@d*$UMx*frKmritYH`U4;l()06}7jw2dWlKinW<(lmRN_ zvc62rjF}nQXsF3&#@?N!xj)q;GOlrQMri6;3qbYO0oRzg$Yjovb2ySxlFA&X22`^e zOn{K>D5PEktS6pFRf@m~)QJT-$}Xo^PtJ*`v}7jv)3OaFKx-`j7xhK*SSN zU#mPPpE73e@08c!CvZ1G#O|AJN_H3m1G-9DK5JZ>4`;hsbrbJ^Vx7BF9sTVRr%o1ZBs3--R z4QH`Gu3>z-YkI-Bkmwa77#xkT`x=e6Eo7936ZL2oSy0_DzfVo_&C5q zVqyoFU~JlnM_%%ROX?**)ta<30VUafwZ&JD$Q>j?kxUJylRzi3w`zZa z{}yTZdFwo+rE6Ua_>0?Ek`BX ze0WezO7taWnhkKtyEIqOx7am`YUn@NxO{r8e`i|#^jb}qPZdpm0z)K+!%(1Vw34l( zWCWdf0DjQ<>gH45B(>WR>Ejf6HR&E#-xkr!+S??>Z*)$+`4l&a`!vNBS~02Oq=;6E zz)!g`$%>9uBNPLwISg@~m@F~QmwGtt0WU#u#Q`fFpm~_g8z_TTI!f__%n*Tps?3Rv zhWgYP z_eH1b*ZW+HWRnDc`t<3kRr9Tsto;XuVT&Q?1!$8tpau4yqm$!qKL7i{?*9LFO3wb% zXnc$q_*MO#F7((Y+J2SjCk)&%7?xXqjBB?R-js=aW*LB9158{$@|4m+Vh=ws!ag!u zk>m`DMH)lEy-B$cpCo__0ie&R0fczJu@Cn5e^uI1iglu*zuMpLOKzr_h!U6;r_|y! z7|E85l1(F>^-?O{8mMM|3z(j2;S_w1uzL#>zk6*n;S5`gVnpJt!shmx`vj@^N9nC8 z$4j{NYY=KBkfD*b_h_V6;IRRmX%;KrAZY9fS!+ULe?Oilmd?1)lCZz8^-SxvvKl~U z*%8W22+l5)(#+lx1!1%5^NK3m zli3!MAv4hV-N z6M`aQ=yfXO$)5fyRqRwCH62&p#7g-#58Bh7bKgcpOYid6QTvsXcO}T`e{u57+$F{} zb&Li2-*M-pnE(HHm;Z4q#rFNmXFN>KHjU$#lB7QxhwU_ahv!jpmN<=TPZ>KpOYA#i zgy&3rR=b{k?L^%V&OnrtaULW!Sy48?rAzR02GH=?Vo@%w0luz5Fy&7c%C3tSV%`nnc4)6>Z#jtF_82 z69d7H%Is117BL6YrUno)I>NpctV#B8oPn7HL11W#H5;?u#t(Is0P%@de{@F-RQr)? z^M3X|U10x^CLnGLEo9Q@Kde zWm1Iv`S!#0#X3<|Y@tJqQkJ^emM;BhjLF8@3sZ1&g1l6Hkr`Tp;7yJtmUPehEH@uY z*mjQDuQQD`^vZ7P*E!^@@fXNP0TOIBZ{tZS6{pj*H-CnvpH6%EuXA)NkrgfJavd5; z$dwe5FEe9~?$wb;!Y;YJMdhL*D4g^4!JmMb010nWus$8XLsR4zar^v zC|UjAc1_-d=C8}5`=3XhT>SU$(c$j?*LI5ST-$HN`i3$R>X@NgrZzdpV=mQK$F==- z+i7c`@OJ!#ONl;jFhF9asYQ3*2fzN-u$XZi;1dT@rAe-T|E8jXV#rm?i56tMoR+~W z{l>y9HqC7Sx2GPzbxU^ra~Ooa75xd_s|Syq|MB=BfB*C3aF_pgJ7s^pTx~+2S%$v^fJd@UOg*~a|kuqpU2S*2aY)|tsG)?b(8hOr`(y@=!sen(R*BU|} z5*M+S*3?xf3jELLinha@txZZ&ZY+E@z;Ou{KwkN+v*nH7S4Zq-GigT z`A=t;|6wa77l+q{0{V39=w+?$>qjDq^U<%og!!GiO;-wFq5`*DR?uP<%KN~_B)Tts z8!|e@9^$R>l-XgFk_&L$nRhX-6sA#h3NWqEOqOp+dul_84_q;AFJy!z-!L6&x22g% z89}pQ7kdpDhE|Lg=b-0w8XnS7aMi=)q8%iFhKQKJR&nfgb-tdtQb>pLr;chrGsnwP z3Z}qzbBsx8Zd3}0eV%$IrfznS10D@q`f{OiPKfLt)@x(I{(pFISjhi$bhz99w^D2;wmxX8k#9Cek?)tk zY3wB%K*oW)Dfb;d!6VUBAyNPr3<@-!IgLH=OMF9FP;g7=9e|SED*sy?AaFNlcQo?7 z#$FOO;SOTGFG^r~|J04^kP3;*E+o2tA45d0W%n9;$}d*Pmaza)_)0mEa~dE@km?>! z{J3HlI?Qc^1#RpBkE-Xd0R)#<8a>(Y9r9foAg7`CCnj+ksEwhih;PKaXBCp8t7 z!`v)Whk*dPF5=3KSpk##OXCg=2aHlNpvllGm9Mea*aO%4#unGG0vur1qR-it@g|21 z0Tut!i+%r+kkE3pKTu(?p~Rm7F`+#1^i!7~hBNiikCGy1MrhEZJwXgPjlD)g2lThZ zt7a4IC5{4^gF9I@6?_t5q|uPGPlb*S5y4&`e0eZG)a*3B+pW8Lp65 zKIvS~P;)Usq6&pTL8v{h5qb@VQT#gg<~FhOzyxv-A{JmB1Jir~&=j$mn5dihvc<$9 zPzp4R`f6Bpv+)2FK)aCW)?;@;jX`3d0cHZ=p^s8hn($c7{r#qP-ZI|du_x%j#Mo9z zIz}qqh&g^ERL+(!=7^Ab_TK|Y1U3(}@Ha@sbN#tFiQ;|m>x&n^8BgvRFr zhIo)#d8HDpZq~K}$1acoW{fiA8Sy$cQmf;-K^Xb|AT+`D zo2ULAobhJ%txi`ITYZ)9Ni2XThOR;0cH-0VI8F-X)A2xicuEBb-HT@O*w^Q6O-x2q zKb6dCFv7_9(rx7>2I+E(|CcYo$giY+BfJ z8mTwV9=KN9$}HJtOaPG!wOPkhOI)h8yRiDOL_g3XWnxUmoJWYa54(rQd+KkO29o8r z4!=D(Iy~qc^t8S#{5T&^nY);o0wBdqR%SzJQum}uE91d_Y6r60t= zuV20ZN1KmN6WbMdc=%0;Lqn9tRnj74db#b_d@?Hi_~GF%`^Z(dN`SPW`52iTis~cicWRZf_cY!2}J3)Q0-+p*#G-S2L`F$wW;rKdge1F!2 zbyO9v@nW%e`W6B<6;Di(O&~G={8K{JN*o&%uUN`96*J1{GUzG95k1n(ickM7-17?HBlYYi{R8( zT^v%5l$ryQRf_Jc`Yt6Ldx#-#QEy|X&(i6X8cUo^qjA-`_0$BK^O07gofQ9;MV(gZ z;A^Ev>#2*ns4D3W#;HTqAS(}8W0)wP1dh&&6waxs*P^4xv!YI{p}#YjsM?9i!*avT z5;E0ut(!ANVe3y7EZih<3!OAfsyZ6oN-H|Jsn;6LvN=X$J67pOA!MRON2zU~Fv@X6 zhkE0jr*f;bRc(%_Gn~b5lWXFoiBt>dt2i{7uq=3#UfxcO58$Qlj*^d^8zYJ-u&)50 z#OC7IPQ7SFW1fVxHR^Hc+AdxTFBnC#Uhs4YyhJeiJmE{igls|B{cIuX1-( zlFe^Ho4UbOTOnTQ#fZX>Z;WkqLn9DdYHN%@+Hjs4>6@|^UtfoDk4Dj-~*3?Fain+EFJ!1am*C2dz>-TheTF*)H-MH zi-pk4p?)a?%hf3%e6d22+@&VuCAy#SV2LC0WN6S-J490%$5R`T6aj2cm}TayY}1L` zETv7RMv3f!K37z=P%@H5Cf{%BWs(&XMiBd;`3sGJhdmV^(IB4jOTZ;wJ1<);js(a- z|ITroR}T0$7ADT74l(^&8!=)ObHvvXfT>W)o*ZzFRZu4#&I+nr7CQQshespC5XpZ( z#ZbZ57-i@p@i8Gso#JB2PP+o_A7_o@5tuVPS>g0686I>W`q;(7p8-rftnIBt$L7ky zN&*=!H)f@xy1fdkS)^ISwfSVabSrOnm#kY82*G%tmq$SQl>lVSYRzV))y!nQ zt#$t6LY={7MPJZ`_kRy_@t=F$PWO0s{f#x8*+sjMpvZRt6N10Eh) z@w_XfhAiLTvneQ5&q`bI6N_sa3*k@$fcaZnaiG5;5->{uOnyhMNN`LpxHyhubB(7S z;02}L`d4Eaz;HDNu;~8R(cwvc{r7g~zuPH~xqi2`Y-8k1epl_l`ey>Iy${|~E&xq- zWR=?l2cbX9dM|^P6h?3e;xO>HXl9(DAwxPsxJsZl%6+FK`@{_C2B7~PpaD(###$8yGRVUGq zm9w1~$UaE%>l-()%*DDVaV)Ni@l24ura|KRT_Bny=@=0t1v^jU9T*>fA*EEUV!P0P z4MvOx2`#JfG~vQ*74v2JTq@LaGMZ1e_ex4_rm9&5%$x$Z2x7XMfTrtXM8p7lgOH&S zzOQVcvB~1G zv7YvMxnX{8R3lTABv>txF4PoTL3UU{a)@J?2rQ%oe=b`F@3n({0{{YY4d$JL0Ls|kb102{dX0}XH4u}shrR6suo zn6d^c?DIgu%8{Ohyc9Qqs*!t3@5lzIK7S7QWNcK;vK`M?dM0Y@$+9?x>>622@89FG|qX9G>OfVl|S45_EI z+-Bk^)QUc@6Is>45qkhDG{XiLw1Sa+RFs6fX z;e)N?tYju5eql<0Jq7GhY1i#jfC4U{;992BBl6S}?uWBXzZQ*(JMc`dwq(VqoAFQA zfe+|jfFI6QT`u;p5OgnO7q_!iz8ZODS2kOgmH+hKzFGTE_xK=h|2aI|o&Rp7JVW^} zj?%Gx5m5WfT$t#amN>XT&^x`n07leN34P73l-mZ(9#v-}&}Ts~#Df%UVY4gQ6egGp zI%Y7aw>7B4rmB76Dt=ks=kFt;HT}ov`Irty2L9txAa13K2;b-4TiYshZ{fIlS5046 z&<|oiVgE+{p9G&!b@jtdwp5gvqImNas6C@^}fByVF6%qdV^Lubfsb6(U^!qdz45QHq zG0m9=E)1cIg=O{!MdpA-`~OKVum2yO9G&d;|8117WdDCITmPJ0 zUrZQ+9v}GT*m}V>f1^(HWo2N#th+1Z8!F!wD$d6t3RLd>m0I-F*UPr~jzSN4Km`h| zzxSEy17Cez)n;X*?>8ekZB%4}48f|6_|$q=XXCzBZmWyB@6td8soDSuG$`?P(jkEN z8z4ad@1JGo*Ad^=+W)(CcK;gwA1C?yUx&xto&U#H%5&fUyI6hWhMD9WORgm zB)8`}t{{u-KgTDXy!>}?xU>Ikr94;p&zfRS;tKL!B5|paDDw-p-{^p9xpHc| zU*szsF%`VVpJyy7^_Wntsru?$HgGj4V>vMiS{9rkR9rtH8$d^&%tT~;bo6eSJyw~w zSC)>$3JnJEeziuWB(_e&TDVxPZ6lbh)cjd2M1u)};i@93!lodWt9x1t#M25P8QyOU zA2~9sW1?dCZVDBpv@OQvk;JdH_WygQ)>YsI`+xT&pZ~vicyzM!|JX`-?)(3}^E6k1 z*WUlfu4H|26`%}*4g9(;pJJhNOt+rt*6T-&mRWfqx&?&)gX*$iDLL1p7mgWD1dg%8hlL9Z) z|BmwUpL)kT{ck(v8S;NU#h%FK|ABhQQLUSez&xn3{cB{+ZS}zf63@4tvKL(((D&xe zXLTgU1??@vl}zImSLAE79)G!7^XF5o@6r(Xa9oRL&%+5xa1z?UhvW4a^<;_o6y^T< z1}7bpLQYi`nZl^TYun~|e3)QBEOXM3s4jIoSgPb#^lvlgPwRB=bPBOA8P%ip5ymZS zr=yQ;bzgS>{~SSf8!aaQEYklDJ9+=VgU;bD{^M54Gu;2p6nhf2@4s~0Wg6dqC1@@3 z>|4@IIYq>yY%N3O+6F0ugB?pL;&8l>$<0BBP}15QN`#W7&@$6NPRyJ+VRw>gmu2}s z59RV5QYz}){L*Cs|L+`k3irPbI=lFPTPe?w|Cda$CsGEl6(-;xl#01Gz^n}+$9KxE zu{|pWwBGu!Ck8HB|3}C9{LhC6hdckzt(0fK{-4{@Ut!fhs|BAcYpj1k0~d-KEMVdK zKgzHFqt3y>ZvAhgJn!|dr`U610XGVxMO;AR{hZf*T$Ww`VnP`a5HFVc)3V6^)9L2d z|G~l0&i=EN@(kC1GR2-~-QQU4$E!YmRCNqwj1|VmEudcH7lJ)hm?XMRx7w0o?oL_& z7n!XqF)6c@Jb(VQE00^2=KpntKC3L?{|B9d|99{BaA*J7N_md_|0#vOo4D~Rc`w8E zHL3%SxJs5ca2bLEd9}~~ug!_0*EonYKceLuBh+U523jF2wfvK^^sV<16+T&y&mjD#lK`(R{onJChl80 zUtL`(aH0HnkdOaxaB{NK|F=?}q5Nl0u_uxOe@09=_o)=9e}glHQ?(6%iF=(k$mDa( zl9kVOMQA>uK8q^QVqoNSH3?k7FeL?F~oV5 z{E<+=s<)^|AtD|oV-O(D;dq(7Ea{m6@!UF=rasw(w4U}hfxB5@{SinIOD=FtsU_*V z5n12@apg(7d&jU4D4*tLtseh73v!E{-U)vH!DTi1ueR&2DvSO93iiK)?k@k^R?4%L z|DMkEH!u1v>-F1x?moYES#AB-y7rTlMfzW_Q&|6p$Gi2vmGW%Y{}W#OsnGo{DfJg9 zeiG?HlJa|j#`lxdg*K2f(P~;>j@+DWU&5?&xLxv@n1z*}-I#at=u$gzdKu-x%DIxC zqQn0cp$KJS71ZqSXZhj4{_yMRv{Y;XCP4LJBa>fK!$UrteeFx&3UL}S7x7GF_?mRU zvQfVggV&mVBN@y#=r>|xxAPnM>z8`+9}0as3zl&C&6N4_U-$6%Fz^4-Jv`XO z|K3W;%W*Iad3)M50^8eU;7jDRFJCI;tWo6qN__;57S5Ix;nox4Q0QY9a^2R?(2o#z ztQj1?*Nt-IBUezSn+>3FC+{pg=3x?l`mO|{V*_1Xu^G=aFh+eJlkrcX2L+1Z2k`zn zVq???-So*%BndMaKNpJeUfCd|d}`LHLEjpqbg!sCPO|u!-Y+{6Z&ES$+zA})0r?lP#hK*1tQ zu*+5oDHECbmup472Y-Uk5f!M=1D~TB&5xkZ7qs7OR+9#RL`yST5ATC9eXX9>96^h` z%MGLbVZE`87q|Kwu_<=ZsjFoF4=c>^Io)EIGAw2$O^y6A{VaZYCf_CP)`U_R?ZS{$ zV}%1aMuRZ&eW|xGBrJNXcbAdxU+XtE-(rxA(Xs$rDcf)sV4Hd1QX(KGh*?UIYNrpH zU%n)q3N-nQ3lt1IG=h;Y1`Lfc7i^|SsFG(>js;~i@bJ(tuOr|XJUpaRJ|WB{^|3pv z8Y_zwp{fY}1O_$GJoWG3j5qCxxe8AOD#IltUdn}9pxLIOFrt?Ff75>1aw!?%apsw> zX5N@%qqhE~_-4d4Sdc>n}6=maKI=PdLI-F z2iMVPgzrJK-2~v_p*=y+7n47-pjF>Wh9jY8l|fE&N-SoMiUO_8seY_k;T_aCp`pWc*1E!hTqIv#7tgAru`6qSH) zF5aIHzP~ts_jbiLR3;fkC95e=+Sc{y`^$IdSA(n5o5F}JYKFrg^bs3K4J6Z*7j#0v~$%EIC^_Cngr2}<~W+lrn-cd6z3LV?bBAe5X<)r7eR-j%A zHVT_s3^DAb6i|g+aSfNt1U7tSpLOap38f;ppw^M|E#-v?LlQ#8IzkT(<@iIt4+M+Q zyf)Y5dBri!jYP@%)-`epeI?eLnImhn%k`H~9%hx%fim#2glcd!l7i;UA=E>!z{`qi zA@yEWy%<0u@GEPo#4syGkE-@FS~&I4X(^y;7M}%Ho6Xn4FQi$MA@x?qPJ-Gva%vRv z7!rZk!BWGljp`EiEjFB5V>XEUgdkN`~rq} zFxA!Mhx!=tN6PRYlnCfwQtvbpl)KPJ?CUvGRQTRNHbx?`c$A%*0(GvEJ2_o?({3zc zBFWIC==NfEv7{?Tt@V$|m?6Go*4MNwSpU6~lfwEx>Fw74R*Eh9uO#j&$!^Zkm7Y5G zK|r3F5G3v>yH%c}Z@30KL;}W62p1Z}^XC>N2hN5t6UhICW@Yq=tpkIYP;!kqaaTdp zf|zI)^O?hZh)((0>!A(X)Cb6d%UOqc4;8H z*g8CT(>px*_VCTC#W)(oAn|}?W=x@IaBGE(3hGkdu?K4<6rOmVMAv#|h2Sky;J|%Y9%46f6u<`Pupz@0+Vlf6$cQH|y+#<&(W^Z_E>nMLsgl z*m6$B(t8NS#5%xU{s78Sfei7oh6-hvS;c9=`h4zLZQ9pVhp>L;a+<|G&<`@y`EmD`j0vS8nH5GiRWx4f3#5&JMp7 zIe;M#Gvtb&t}b}L(Xtn634O*45~02G`v69QHlXj*yHhf|c4>%=U2^^^UcJ;>{~-?_ zQUC899Ud3-|D#?0hpm*{`qgpK9X5on6Y}spmD=qktX|7yEcJRNOQw>$S;<$_NB_Vo zX4e`kIpkr@Ma!sM+dfRPk>44EiOl{58g*yTt(zmWh_UZBg~NZmeJ7O z)^)?D@80Q~j;H)5juNYN4$KEiu5{izRWplap~WKZtt^rt+Yyf5VG`YE0V-gpL{2sy zg`tn6fDiq2Hg1kW*2#Sz%WmG2?QNNN?$QJPE9l3+dJH5Qn73B=& z0uk}E0)6H~99Wz5Q*-(1QfvR0%(dlGA{g~U9}=|D{7;>uLjLdG@yW?<|KCR0{-$Kl zqXM(7x`r+=9V9gqwRl}Qy}0RtUz^R}io2C@lF#l?KIUQzCv=Zn>aYJPMtAjNKGj?*6@qxUoQ)7&YPzq)sn%%an-`Wl{vm z!qv&(Ohqp80MWfbL}z+?4Vo|vd07)4L;)on8PcTYR&IATdCvtDXcYOpz#;4P5}E^H zOvYu{Op?Rnka{pVJYK1(p?p|6Hy95^Yj5UIWYuVDaO zu>Y6jf0h63_Wx~^r`rE_8^7VUq2jjxIU>M<{(g1AOEv=xby$qN?FnVyZ+JcGcp5j z@#r|y>+}q{@&x%Y{9H5ad)f8>2=?D@=P1AayGMsR|F5l-_4L2B*}#*nUR#NsckxR~ zK?6$s*&s-+Ag*ZW&ibFOaw8=6u6+i4V^{tfr6&KEs@7xq|8`G~^XGq^!|sm%Z>4P5 z|9Ae)pFMEO0Ud#lAtKij5IA&>UIT)V2Lx3&Gg>VVbNN9_wgyAonnE9Yiid-{2_gU! zE})8n38ol=ACVsvUF*v5O~ltotY^5~(q*E}-yYIXOD`!s>V2ZG=2D1=2TULqU}8M^ z7(&ElvrxNqVxn);oO@$*lU9qP3|<-MZwZa|ts9|ckJjMTRno=RIMxyqYPpQp;{V2! z{Ydve4-Ptc`M-10+2#M(O38E1giXfN^($bMRktqJ3f~gX`5_W8TS>hkV>^^jYxxL8 zc2Jw#MY<$1uiX9=*G#TW+OLXrb&P0+xUk6pi3eV)3%<&^HP3DC&~PyN?2%Wm7S&P_ z3Sk<{#lWwuZ}YJPPjoL3BhYU}%r9epX+z-Qq2F$o*N_P7Xt7DG)@E5fMyaT}+WI&s z^~>KHT73EPaxucMN;c1mpXH*LnY(2Hn&v?@?jzILYD zNo3pAFYCr(nS>h_1OPiYZN6z0WZT?=y*bk{I;#SGXK!NGjE`Fx8Ml7Bnc%oZ>Sd$d zuNK<=u(V%xj3Cd$I;Pej9!w>`)sWn(KDEWRQaR_Tx6!Y*EF=G!XmU%7fs4+64hsIi zz24F8{AVj=k^C2%6ra5qxZ?sVm0IiHm|#%L*j`#L^EQ|NzuP%E$mjpwo&RpB?3sOh zEWk@25%AKd^fn4XbKXHv6Ev;!lcp49o6T3RKnJvxl~2O_W<(?6f&O>E!>+Jia3tcF zbCX84OR_~a^{q+^nn`g{rRiBUQmeNPnFOAhV zgV*32bdR~bcoy>tG3 z{*S@c$B#GPy=dRQ;cZv%Ufee2n9vt46v9W2sc|7S%r*>hd)jTMuHx;gZp5k*Z>ykE z3iH0onWLS?_0oFrzn)FT%+mEQ7<4fix6jnZutww;T^6nXlTPmb0h0@C^hfvjc(?wy zQ*yR*7YgXpal8sJZBJC}3M*z^u?ppV;A0ZqTW`(0lCNFF1Ri1J^?`X>UeDqZYBsiX zqOkJHOfNoTc#mhXnYek51;a4;*;VlX8y?~=!=XOlI|ZL3?A`)76$JPvL}SFjjfNFV zOZo&l;#z7#K&nBQv?xKqLjiRf0NhAn3Ud`qGi20@RMKJaIfB0GzXPt&2r(dNV$Z+3 zyK{b5?HSZ%-@u46;2{CA&z*)bR+^qoGyUkU%{=C=|EcDT>oR~v`d=abQ}?91yZ^nN z5;8i)9%6lVuRklRwbpyY%9x$u*iUQn)B&1H2f0pyHAtu0u2z(kMzK z0f5Y%m~hX5cYN3fJ&nM@x1Ia=M;N-thd$CjP4ge}R0GNQDdkUdny7(xkB{FRKV!q>T>hVG zfP*CQg9taA|GRTkjQ`o)`TuRHeEHJePg1g&Sh&j3AQJ}Iqb_f|l(;Aqyq!%z3OUDP z(h8~9l6yrP?6-}#k%vZ@AkegvwHW`3V*ZvSYFWfE8DF~-Z~TQw%7~C{G?P0|jY8bF zTn?&QgpX;XX;+>+yx{9sIo;+=+2n+M$zfhJz%6ix@OYv<7t$JOC-kC3#I;hxZf|1G znR}TjR)f$v8Q6A}wr1BnQM#&9L7X;jF(v7oa<;v>t(ktV&4qJ~)L_KrUQNpqU=s{I z*U%!KUcKgO&WeQ$-&%s0cu&DYI2AZ$8GMx_|B0#LHEOl$8eB@YD+sZYnVe`Tm+ zJ)J)>=FNsh{CJh=P*^MJl(16N$yzD>E9T0)*-~S^EHPth%$c%Tv%90 z`ndKC0?B6C?R4hMsrBUly87P)`BH~pMg6OB|ErtV|9XeJ_)l9YHbc^8wSkd`2h14O zv{yiRpm=i#P->7%J_{KpVg#Ch=k4Z708s4nA%8Sed}6Nz`|pO-XdCDEAtatM)T@-Q zbfg_4)PYu`prOXbckQ;;O5bXIL7#(tkbn}!z%o^WKY?Hoal!F{`V$A&(P)J4L9TZ8Oi@^`VtkO)~e9zI@4F1u3ukC$N(w=Va=5K!MJeF4;6<8BJEtSaZCY z%I4~Ls}GtI3p1K?L?B1sHp?NJ9@gbE{N4>ek<0T%DiYe7yQ)@bl@rpUQ!>HI%koZM8uC>-?9wfNs&OxyT9-13&xt z?wtZV`0tC$e_ebS{CIP7Ik^0IbyM2Jw};(s8IJGI-%HHipZ-6Co2%2a^Xt;Di<3zo zX*%g?W^QW5@c-+l^Q&J5|2VxqA6%Z^{8$EEvhQ?(T1Woi;lZAf#W&`v9B7xbGgT!| zKOavKL7ZPQIz(BOeIi8o0}|PXz@%Ml=b!2mRmo(mHw-}!ZyNlX>q;k>c~2uEayE*1 zkmLl;wI9gp+V8^5&OEP+JDi-lmvh>r!dxbs)=Kzmw+C#=wDjxjp~=-;AU5VOW160G zl%`!f4Y1=Bz&ulJ#W&?TYe{l5-9j9W^-RzDbl{kk63OJ_%e+#Flt8y*>@>;cadUa9 znC-JtWCBGq&x+H~%5hYfcNH6SnU98p@>HsF=CEd{D<9}yYfnDiLMxoQjr=WaS>mKi z%FW_2tX#WNRch*gYh{33p#L2l9hJm?+Ub8=DYaST`jecIUraDJ!aihFzD=_nf3yNl>c+RqcN%gI+m3EUHfK5(_jf}R&%t>ymSstn7p@hpnSZ=tN zB){3vUFz#bp1B%Uyt$W*RI8##EfW^fJ}Y|DD6FmIX?_(}!X2~F&B8tEl)*Jm^Kk1A zYk~jI-T$2l@&l~g=hxX|7Rmod2S@q)-<{q5zn!uNE}@V+2nT`!J=QwT{xHJ6iXRn1 z_ZE&3cN%*-#DU@O9PkP9eK7XvPIXN*N# z{a>TsaE5=dw)%hkU@~sY|HVJ~l(bVoayN=XFv33KjeUpTg^hh@2yYwvjtJ!6l;Lq> z|Nm?3fuAA6G~(dm?Ky8aCRJg>!5)HbU7gY28_txw)I;sB;m~UC`oB6qef$303B2{% zSg8MZyZQJp-JSlwof3<5jm9as(sLmW76&=<03}LtGjg959Y9A+$plBCDx8X=nS=(S ze1(<46U=C&e2|&k_aX7(WSYRkTrfP01oA+DT}I;=N=~Ekzrp_g2P#m1e;?dTkVFc* zHX5-&YU6P?!R{mu#FDyHk0`UkvN+%;j#S@%%?5n=?d81SEU$n^-ALIPRa=4r59w?X vC~nxsMfO?|K_xknD9mVNDc zVQyr3R8em|NM&qo0PMYccjGqlC^-MFJ_W9vIo<8sq8@&AbT@a`<8~6y^us^f$!vZ( zSv5pL5@Hfy1E6fB92^Z}Q1O?{A>9NhGRD#06x3 z>#W^YzH?tmfrL;21*U}e8vwXaK%b5s7YgAc2h%o;1Z`o$1@!$sh^NafhCXg_#HNU~ zT;_e(bq;z?x6>(w;UXsR2qP~6P+HByJoMqLMPPvX;6l#G(t7ee521_tKuy~gpK*bL z(z=xQfsaXaU-~v=bc#L1TjMF~1A@dIWw)4&9R=6H)R|%?BIwJWVi&ci-60aNTMCRJ zA3=@``k94QQU7yd`3}LXKTceZY~3LLeqk05b(RxWi%s!~|*Z zuJ9djg+_=0LBT|bkoVi|n0##?3dBXb0lcP$$2k(b z?b9*k1{j}?8@Fh7N14a_jg~c7jTXRU#2^oi%?Crfp zAww<{$ODiAIs#qi&1*oQz*7Wx6o!-uU^WU53}*llIP@i1K6!*Y>KF39lT`WC&^(bc ziOK>SYYG7@~u;mh*8N~(wJ{`Y9 zQ{?yM4j^|~bnp6+hd#s-fftW51W{Us1H6+4_#6w zL46N!U&g#s#28R0_gQ&9$}28qiMV@=<^Uo0Y+w_VlF5jndesL+Bep zQ21tMX*#_{BN+MO3XL(BP$jnja$(%hYEM8_d)l*SvmQwGVt@%2>%;OiqL`Q_ZnCf`ZgNK7MoD{vDz*VjAL@!4V{I5yTSg&6o30e^Z+n zwZSzkA`~W%ONl`D;u4BUA2h9=>c48NJ6+MV(UL3~lNKe&UV^=jvlFeqqLP*W1qwo? zvb6^j~4Y>0{iWUhsKvLExFBNfv=nqjebfk$fF2Y|Nb=zj`9_GW1_Q@qhQ?5!mY^*)%le=x z1!XCUXv3Xm4CK}0ZYeax|kTxflmHN&URC7M2ko(({EI;rwv|3y_l zIdUV0#cc6}uxD~eeeBxUh6piP0}+8;eU_4rj<(*Hy)MCX`|H1o{|_NYExlY?0SwpL z1QyAEz2iLpKRNDocKm-EC3iYxIJ_G7_b|-xcbhpUcGZ@gC`)r`4N_JNeelxx9{Y$p zKlpSAntIOh_I~q~bILU)zyW^(OynvDJ@8ybsjsqBt$$0fWr%Xer9rU;BkP;mIlyBi^jI(i1uC|oWb|1PXh=OTITRYIL!mk-S8~RZ z36*Y~miCr;Zbm2bmsNKWGV0td->O<20gPuC@j{B@34^A|+(`s69+M;eqmAy7tAEKI zfeS>$l=@MCTp!|q$J~P@^C{KFk{{4@X+&xfwJ=7?N@yS0+Nbx$fs7fMrH@%nMjY+L z#KonC{AZ@->SEv`{qOLola>E^oulLKPX60QDTsCd(4$@7D7aV*m|HvUl`U7?Z0q$sXdHxl!uIUW7WvXZLxk31|kWd5&V|3A#z|BsG#{@+_E zPiy~|vn*%+ufN)}3tEEOS^sy||DE-JsZz!Njl(Fxt&p#0{a?)gPkMR&e{yhqyyO4d zDCN!*ihZZvkdoWln}pWflFKl9Tezg&wOLV@TC*!kh9M7I$;?`s;Y-dZVL{)gcb5!L zv5&^+oV(D6`u2)(xEygU&zaRFSyLZeMdXy95~*-bC>I|zmrK1s@8--;KG&fUSowF+m`D$Jt&sU zT}O_NCG(6(p2Z+l7nG-Vxx$d${N-mW(q;1m(K5(V=8k-es~9_CSEGlAW!C?E{vW&E z|4xT%>;a3;f4WD#y#C)i*q#4wrPwQGDCNU+b^MbKtCV|J_-m-?0OW3+0??cwKXCY@ zJ)!irDR&qy;uc=3A5l1F&_l)AtviIr6VdF0X6vX~^4>!}5~!uuU$YN}Xha!msdvhL zj464oe(}h45%Q3iY&ApZ-qO+N9S)?T(rtjGbH<_H)RV=fL_kasOZa|lajl?QT=bow zEafUa9wi08d`UL!1fG++Zi9!1erXi}$D00eL1fyue#Y2doxeLjy*?j&IDLO^y#_$t z4^)_DTsyNsV<;EbHy0ljjO)wOvnoJ~Crcjg_aCp$&IcDCu5V7?y{kgc^xeKYX8WEh zr}!rLQ>j!r{9PIZP%eO9o9!VcZ9ZwfZnj*dFvSJ3vC^#C5oc|my3lXKFl_6Kw7ktC z;_yl43%%vPSH|%&nj2pmT`kkAKz^g$_EjUAH4i26B~Q-O<WRM z>R=XEHHvmMcJnKyJ6Xe~UCFYlB3dFx^)v0y^m9ky^f87I~SlkL@<=?vBmQm{MhZmP;*$0;wZ>M!0$ zTqu4010`3KiWhnP-_(nB`WJKb|2)VS`Y9x1+sLRK;ZsfJEmMOm8_YPB(vSNz>8!vdl5g;CW{v<>YTgse9C5L$t=_6R;A>$bsZUqOKMrWJ!uQ4$utBr&8k2ejld;{}D(2#Rzt@!MR_XTQ z^PE^B8BsRGo`=ZwjJv|mxGCokdoqHM5`}EpClQEj`ACaYiA1F+`Z>Z3d2bmF&tM3L z*vA6L1lD$^iW8%}=-9}p&6O=KE5xmF8nqD$Wsb1soLhyA%0-U6{8^Vr@5miw-s$B< z>}L1^Uc~IM_*;k6h-m)Sg`+h4)XDzdYyyg!`=SBjWU1TtsNa8U1F;Q2modLN`Fs( zfq`F&b~aLgbvF6bq<)sAYW>F+mH7JQI%eQS^8aDyB)|TA`T|wq-WYN z_)gOd{5lxOVHw;;L&OLYhz~;Q4H9i<5K<-vvQx1H4P9-CyG1BW#FR0*?}Hc4eoOaA zVjCX~#`P5<9;3OBn&k+n+Jl$Q|9sV~i+4i#Jf;kVK6GQDP?OFKK=REp#3`f3oHpW5 z3I^77S5F+m+oX4Rv=x-JkS?Nh3dh+jtS(E+!7%)7mBnT+tqby6E0PkR3TXXX%@vkk zNot);gb1xrxg{&+*~ezwMp>}`n*){g4uKcR|J_3VpOcfF{ck&^RKm|4n%TUl+LLEl zKJ?T*-<7}3S^rav?zVRS`>+uI^|-Us|F=?}_Wrk=WgEKxEkW(>fA8*puh{A5a2dQB z>Bn3DS^j@@e){(Pxf6IBZDRrdKRG)0&7*Kp44C^)Su$>z%sZu6d;}EAT#Aba)`)*OBqA1@Mo{Vj7A`c zxJX~;K1;HcB^59k8~S(_;@~Am2xRbLHeMsjO1^sKfSU>C0CO-zE{r$=5(O*PARq{N zvi%_fa0;;xhrVnFQ0D1ej3JY{wLb&H2>YHIrfe6e_I*?+s7!9qcN&e0k?Ooj?G_^? zz}eMXjVMq1t}4lXX8;@O!5KhADG(B$2?8VP`}9s$M~qR{?>8Es&edNj5jBNe8iYQQ z6HXjB^>Zt6v>Q-v3$@E7%0NB+Ta_N}hKM-g(`+!hwo~6l_5AePS(m z3;AS7A@iD&q;W30re(s>hEgRKK|h?pZu66zf~TG*dAgj$DsNPyq0>hx7dNg5BPfuv zipq!=Kmx~c9=zn>*o!wt5FkDQV!~)No&ZPyf?O>wIU&3lN4cW*_Vz&4f=RJ9GmSDp zg`OMh6vo!aonncDmPR8{^QcM@IDtB`AV=Bd6l?e zrhtZe8AHyaK+OQ%<)nX#*6|QvGfxe9FO{=K%+Hc<<#5KMsi_m^RMc0VB};G-Qo;P> z7$cC*cmTst(t?9eR_?9z&+8Dmj<$z?$Xn!iN-^wCK!Bj^nD1NBCiS2U5#TO^q0Xad z&A#C*_Qy4hPj^i(7#9+~Vg!Su5q4h#lbK8{p)rHuBxYhpS~DS1^^DU~Jw-)!odO>R zSZHiy?*&!vKX`;)tE!nDD-c9wgH-rI&jXYoKu0+ymJhnvL@1J}!E_SnMD|wg zPtdf|8p}^0 zVt$GG+f$xmR2YJo?8zOz2BCjUhsTobnIRQy+)0iuv z=yL>pm78BtC}h-&)FGz>e&RZ{^REVmnPk7cjPthN-Q78voRBJsKXrM#>-4(qvCbad zQci8iYrg^>bt82nL7^ci@Q^?(zy!rO*=VYrMx~5K20KOi6h-xd7Zgf8A*I4uuDUs( zrQ^QnRQ-CNYmsb{;7^}EJ+*4Sm6Empz%Xnv1ib)l(gw7^{&RG4+|B2IKiJ*>-%iQd ze;SRC5d*)fzte>t+eF*168(gMI|jpY>yL5m*20@IkqnkaI!Nr{2S(UO zMk|t>L9s|<2)H*X7vhrya3KKnIW>R~?>F|r{{F8@J4&%mRPFXp3aeW=Wph241TcRLrR()Pk zg?lpFLNa7VTVH0p;!lyPh-m3u{yJ*Ea`LVOS^Y0gzL~qk zxTcP=K>s`LoD}o_AMf%%Zl&11U-^uO$=RlH{8EziN8_-aM(^-EO3o6eaqTH%M`wwB zXN>TiiO*`+v#*_~`@tEAax%_?q$VrM2Do$yp7)7MaQ+J&-RB46s1$pwmwlYAnTInc zW{~kjuia3t>im|nVTDYE+c(w~Uc}H8DZLua1r!l)$@iJ-v|)S`rPs|o&)rkW zyp3T>w$&?v_NG$_>P;v2l28xnR|nmL%saakUee0p;X!pX`InhyzAbA;xM4{n2i?O? zb#IDq?RK*7l6L&E&UBCFbtiqR!!=!@fQq?G$gY>4X6i!5ypL6d>{pX$n5m+T8*jB% zd1YcC*io51>fR#eVA|9GLPkf}w}Lgv9*#3GlOPBTO|fQU*4y}@t`ZBH{h{&FSFnhwH)F>E+E&SLc?0E64}SHTPZAt8s=GfHKyR zuF?72MNNfSh~_aY`94LyjC+)~R?1;Yn#;2-yFDFcF4NHuOS=9hLzQB=PT&m__fA2q zj=hnol?lJ09t|+TV)OVYu=SAARWq2C2lz7xTvG3Ck`DDBDjjNZVprEq`&z~kR%j|0 zNxDpmkU!skxV~5?%8D&?s8PyNH`~&sAB{2DSbJd#ZcdPwsxLA_YY@E2vBZ+@S)b+R zLkZi?G5d9K2){ zOwa~Puk?qltU77k1C6+xoY`R6$(_24VXJUgPd`+5?szsFoEt`c(Cc)9m8@dI4O=c2 z&_jM}%tE(SZk>74Ii6?IIAdl^7K8B|0olhgr8B;p;kvbLdDfC)H z=tJTn*3z1~3WY(Szi@QaAxic5xKIcmwKBeQyTRGi;5`2N&z=8Rn|WK^!rQ|6Pp^A$ zR5<_X?D9WsrR3u9x==u$jvc+M)qVX)Bym3am6tHTQ@80#0ZdfjcFPJ{tU`Go_?SfZ zrEfz6WA(_y{^vJGgk`fQ2x|W?PunA zSxUha*lvz7Db0;a0kO|h&&1Tt4syVwVM|{wRL%*pzowF{%^^P~v5(seu0;u_F`>y} zO~2h9V=;+_iYsakq?HQn%08yY-FJ?zC`AKxxK2d=8%gH?a)DS|Oi+Mgmd52&ciT7^ z>jwj$j_E+woFM2qAsIJr(d>>gPbot>+EvS_Lv~~Y`I3wn2EZIa`i-@+ULMy6KCl1avujT~# zfgXC^NYpYlNxNUYa`Yci=IsBL3(tCOEZF}K4-O0YpNn?08zgB$huDeTu5FBpd5FRcEqNU08juH5e5Gx7T}IX zzSr1G!Y157toKC;Oz)q%aUD`2aoL4L_wQqf$hGWVV^8_T3fVFiAPQe8Cvr{$L_UgRjj*7NJ>XIG{562!@=Bv88@@xnO9SLI^!~&oP6M?uG!^m9dQDxUY3!t? zqH>s8diV<>{|3WyE5M7 zkRhPrUwX0cUlI~pj`jyC3^tVbGax3EC!T)l^22bZKKfBoSdbB5qA*Zp|Xy}0c zmUz`{g1y910CR9BtEPfaB8)T|a`vgv(IFz(>w_;3=7*Y{=65_hHCgp&2Z*RcFEhgx z^2#Tj>ltb;CP-AF5GV+>$2CH)!7z$n$KKo~b{?2O4no8NtYcuBF94b%HWL$d6JNHN zI0Q<8hEZP)t8O+PfC6Y265V?2E~qg`3^c$@06g?jN=g$RtGU15)XrPRJ3RIT9hex~ zDoMvk#TzllZ-mO(^2HnxQqTT-0ExinffoJ-sd%nGHz!fN4}N{|;x}U|N+0d3XOqzQ zT)+?yQY)`iLbwZkOvdeLZ-@l!X@3f3gwoC0R^ZqLGQf;chCCx)$3|*(TsH_K-yeh~ z*nacWzk@U0%)Zs>iejs;@;!+K@WjwH$lFeQIv&SKp?o?XXb(@R0HJ%)Odk9Cyse4J zi0Y@3Sq(-Q`Cj@>uhThhb-Jxi@1}dy?;Q3!NB`Y9>32G&|H?kg268s{L9?r(s8J6M zl2EK>{+rc4h>_M;cO{4ee6Q6lSie7 zAG7cjMdSKrQ%Q^_B`wEqv}HuKAgGU6TuF_LnJF4YdyJ+S-3{bQ9t3LkYMXwe;Qrj7 zGjB7)+rSS)k0TaUMiGa3X`vIoP^72kycC1b7BNQF%c zdrl+u#@PecYFn8l+l&bya-lZsm}-ejwRRU)AC~9`TBJ;j$(Zv9@%CZ&@OV%C?b1N9 z+}7c@2SsB?Yk5=3B}#nwAE_u}EIxpe^d=-KF;J-Mi>dU3 z82I(e7vN~~@o8ea0uK+rDRF3s(zr@mgiJ5D{hCikr5`^${HAXG#&RM<(3=5HRmi26 zQjqLxN%A|ZX_L$9x7WY`{H_39zcvWk-o`b%?=TI+u>L4JrBcSN{~DPaEk?;f0- z6!QO_ba(zATPa_@wD-Xj2Yq!zOo}X0(E2WrWN{~`5BA#+4~>Sb);PZpr8*p6M~&~# zny`+l;+HQi9iavo~_5F3F z8fs&LQt)3Iwf60YYgt!Cj0utZ%4uATfHC@OAST_0iF~J@;gq>)S&ajzkT=-Qr*3So zNhxf(F6NCn+LcdMs;p6m>^`?3eWNE0=vqo=SVUk|HKlHfb4#L~>1=ib`7_QH0-FD`37UiE(o_0EDI6ngLaipMV|o#s z`l^dV%8^oYK(b2FomJnZgkujeKyyCQYP6H$-?FIF zDjj^S^k_YGQ5RJu-N86@s2XJD0c#8s<&(hCd6B|7HT7C_^mta(i8b_h1`|~~F?m>S zxLHD`daiYIrYLOvse*-@ByORThDlXNqg!c32RHRv!&x@RXl%zS{V0S?wCE_c4HQN> zj_6Qtobyy}mA0zQ5p{;M_-%4cyfl$&0euyRCKHwgkJ8KAiSYrv)ZJ0?v2$ZYF$MM& z;FH)~9NVcEt!T`XkhVrWE?wKjYvBc>NY)Ep@qR-zrZ#|PGkv2nje~CnufaE5zAKq) zMfkB%Fz1N>4KLhju^P5+VdYTz&SKVo{=a|c-!$#FFTde7i{5X7rnBF)AN^nQQS(*q zj!LrmEof6WxN0lJE4>&|`0cGY?E+1rHc*&!O0i4-UkX>1<_w`f*FOo=V4j%8LY^}vpPDwD#QdKbjtS)dLbLQnUW`%Gs$LkGBFx7e z3*8;rR9pDmaiwHiJvtj57jsA=m-u53PyRfn-Y6BnsvfL--7Sup;&qQRX8MrG3XfXn z?0vBinmN=jWnj5FC4?_lD3ZI>guF!eGaf8)M4k){nreq=D&u%+Ba$M3?FqBYoRw`l zahs*I$qjAD-XIsz~iD%q0*&an#Wq{CT3mCHg$zw+>Cgcu_E z@240l_!^@OT_ipx#sC)G|2jH6$*=$3?)-N<9D z_St6>H1j8}P1Dy@8p{YbZJkWa@*&r92)9(UkrIWqFS3eBj)gv(wh_eyxX`!@YqIJj z8nSY>69d@?DSmz929~*4_au(RRWY6k($_RdT)zuMlO!D@f}~*QX}kmD<1eI?s#RR1h0oxY^B5oq$)O9 zJT}(TJ})=S&y8wiijoAYCDMhOVk^iFD@YD;3=@Hcl;F>0%iz6sux|k1VeZl?VjpD( z6^Ix5E)}8Icyn{P0>u(^CPIWZ zPVDm%H2Z3d0L$+GW4gQzV8Q->(COv(|L)0gcenpy{b!dy0d-HY4);;Hxj7%WVKm^#rNrY|PF=#6Wr5={L*s0qsTMF7A)6uf zl$P5}9Hl(WLm$pQB;rXmGrhXL2Jh?25OX`l5LZfIyjf=elyB6J*smWbqmjU*ULVGE zFfM$sb)1#VWW+B_39zStJu2;J$<>yu7eh%lrI&M6{;=7(E};!N|aWTnfakR1x9(+k9fo>_@C17j%2|s4_C2&k@;b$_I~6f}L>je9N-?e}G*T78S8p*XcONt>33XE2Pw) zBNHsz|2w^W{EwrP-Y)*fR?0Kn|0}21c4dOZ1oY3J-=`wNKYxA?E-Ce^PKkb>27_TV z8X=}R^T356bg{5(9t%&5s1GyE-qR!;_bM zv+IiqL(t;`-yB;n*yeB4iN351%$Id{g?vNhyF$hJI7ETUy}we6p89&(Hs4X`ArGiP zq4oDZQ+?p8udCXuZ1nwRB&UsvOpqa1wGp3M@9J#a*UD{mQTJUMs327vAb|!YzD_y> z@O}d%2;lv*?EE_7+gkg7x6bZg!~f$XfB)<7xV!WJ*h+cs`+xT<-2DgE_PRg{*lkn0 zZR$T|n|fqXc#!*cn zu#e>ST*nn;k^SfRq?4Eb4i0zrpRJVVD*sti>`7cf-b*AdH4(ela-o3i-l+~K`>lZBvsfH#By~{Yk_!LAtb~5 zjo~9lW_3(d4Bt(mqLjA9xIB{hwbuTB@6@^qykP(Dp5*iY_YRLvcK#n*DbIcXzjvPI zD)8F-|JapGFZ7W>1Mb2pB4hg~e}Opg3ysJa{BQ>B8^CkDDGw_7%-9{wB)EYIwxJv- z6O2^SxoUsPxqL9evTTQ16`|EOOl3mY7`;kHZXG%$*ey+`c~fX3yTr2mpHL6|zGPD1 zh5Fx7KK@hhc&Gnur#wUcucz1(+5A6H4>_uJvk{mFRknYPthuc|m_XwBwo~?^iv#-J zy!ot-zD8 zMV@_2nklD{Z@ z*)_Ij#emjZ|MkScMeG0QIG_Ld@ZfOg|GAa&?AQNuTly=k`e(J^b7hV7FKFOGQG*36 zT>nS;^?%ekIM}WKZItJ|{`C}lPAuR?VYG+~XuO~Ex{u4U>t9SLBLd>ZQh!<&*?&6S z{Q5sQINI5Nwo;zq`cJ0V6RrCjtNnP@$B(LxfsC=j__zhsi~K^chYFKK*XdSUQq0{+ z3*aKNbtNWcmXhbspLXSO%hLS6uFz+d1^oY@Q}F-p9Ut!OKU*o!k^euX(03CzUM25k z*uF+}z!6u;@&+zLP#~}N`Tw=~5SS0^*u@vNxs0XW_yEMfR%zcj0~oLKWf4dyz|il= zU6BOwxASRGiNil;0&&1mF<1{4b>k5mlys)ffrPcOkjnFd_kJ+%=5>rA7vX8~cIB#_ zi{WjtgVhnE6-odxMp-TKDBBhF-TEOES0ABk#HKzH%Xfh554YEYov8SiEX&G&Q^dr5 zOXsVrD+Ml;{|@r;9}Z4VcKZKT$}^Pz>?!s{QsB>s3FkhQ0`+fjrf{mZ0Wfi|(*~J* zj=6kDi>?4_=nV0Y5{~M-vRBvv^4P?HZ{~ZlFBw5Ogkn;)b6i^Q(k}ueCbTkG!29Iw z0xBurQ|)C_mJNf3E0akfWMyxwwjm-0`!u zQ5jYW`gNT`i+HI|ugf)`%u=d>S(T)|CU#dju;m!;1ib&mvYPy-ob88o-GCR$f4yG8 z|Kn)q|FMJi-X?H2E37{P31Z0wt|_%7 zeK#TtTp+GIX?O1!76Rqd+^p5(e`i5%vC})j??1S#CjZrT{Z(bL|6jrWchKGCf7?oV zw({T8x&G!wzh%9CyU*R{*DkBA|6136lCntu>van2|L}OX{w`vJxEf1FVOgYlDg0aQYKnW>&uawv+YZmbq=>nJ`=OB^0OQBZXR7~Cr&S;JXkqb z@>6v9zakW&Oss;M{rxOI9M~UzJ)M?{Ex-h*K5S(2YifANhqJGJ30xsgBjzHWi40$p z4w(GJpYeqFI^?4Nl(L%qXSUQ0`G0hKh5R3#-p>DHE9KeBe;R}5B>`S5I5qq~bc0L! ze;DYS_x~{1{5AYP5-M%n|05yOM*Tlr>Q!!t=ZsMX>>5u_*R}md%BOz0C{hQLmHkEx zB5V1L7*sauH)8Nw({Ch$*#`YaZ0vS^BY*u;PyR!pPiMgrF29*FU;gVJ9v|lYKe~qp zyZGN*DS0^#h9PfHyGCGpn+$x3oc85Qg`72td|#=Lz|q3lvLf7iLL3Tx>_V>F`WgBW z;*K?gDM(g2yFs857)0!h_ zk$1Uav_Gsjmhs|NeZ zl4`7Q0LN$$M!qlgHim>nZ}sjn^8IW5#^zfLk}+BqU@K)C&H`*R4_rzF!~`)*2~zF! zLG#O(gj0bgpK*bLfrmyg^2LCmG3J8J^axe*Y|62qYz7`4`sH;59D|34bjl}$xuiaJ zXH{cmks?$T!JojO2AZe-9h~u|Juz3|sX%48gv3j^PzyBMG!#bEQvYw-FIz4pBRtML z)78uyb8OVszm!~NaRbT(w;R(~!w|RRtK@|>YL^u(%do1LBt0py&0+G3*=dZ7R5w~d zVoIrvP>zSjh<)4nwljA#0Ln=X6U6x?qeIlU8kM;GfQ0=B0I7k`8ENy+9U2Z8r9$t6 zg5lsg8jbKhXttXGJUp}~2>N33M;5f|Tgh-F^sF+-NluBy%yAJDgAw*oY>=~IaCd?v ziGRGgxx6kw&u=jKFNz;z$p`=@SYYVCMLwKeYeP~W99b1Y#4z=eR|lQsosXwzHv~^Q z1c*$Ftl{+R=Hln`!H3iL=hv5~XXh5Asa$^FGa6*aW`vRNU7=C-sd;{>1}>IIokRgB zwEOPk4}*8-KcBzLH>h`w3dxg>-=Qh;HIr?Y0{#Bu)%(+%a;PQSfKSI`4S6u4EP$dC z@Xf{h^TGEQ=kMOG*oMj^qo`yx1xnkxK7D`r?)++Sb$U}6kwwjL7=%7z1F3;zIy0qy z6rlG~c&ZkQ<25y)Q^XkdP#FtP_9ISxWZ}o7p`HMUOm#AixCF9Q{m$C{41{*Bddb9Z zEw}$>_sViSO1IVG(ARDeWw=RMLx_ph;cIzqeha!zvoN-2FoZ+wV}TKOPA@Nv*3X?E zAqP!HBY_+mBElzlB=iAJb1mw_VMM&l)F`8esWn$ysTPh|a#o(%>dnJ`O|>M2k}4$K z`2vMrM_EHbtpzlH`RIB09)>n!oxk3agQaw!Zqck{`NcbG=0%}nn^|OY`mvn!yw(cT zOTk8AQ;Q*ny_5o~kSng?a+$z}uk5oL)wPNA>FdNXrmZFaf-63WA@GCEKOUY1Y|jz&_@oH>Mg=oNTb zQ7xq2tEv|RNCbXmO_dmCrRY)BentzY9y%=rRL$bEz-qJkTKI)DYcizX%GgOz8%Iu! zLLNgR@H$v(n6*(|!rmpQZ}LJ~o4WPT-g2vPwV{++8JECFPMJY$@J~OGkFPT)2#b)) z0$PNY<2a9epjzwvZxX_l4*pD8bpPk%AfNxE)9D`V&i}Sis;9ghbRHtN%-gGckCk7* z5D%uhn*2~7BmPJk{(}+${Y&bdMuKt|`iOl!XNn5n8_32;Bo>ddQ&XVMRdOe%OK;kZ zMNA|aniSn$%r2I6#i+IZF&Q(&m(2Q_mIdp-cXCo#|0liO`rk^iMgNt=T_xGgIl9tQ z$36(iGZTWu9c8!5bMy_@V24P+*a_i6gLwYjqU6BY5M~1TztF6VKCyLR5EDwSF(>XS zXj%{x&0;=tm=Dn@KYKm2VcVMM9{8RzU_iCV7?XQo_&W#G_YebO0tx6iy^hlX5l2!P zix_GRp?iyn#~lObB}eAehxgmO1yet)v30R^!?3q+L>H_E~~t zdASvpe7VPLrrtbl@rK`K96KjVFKwdoI<^803;ov?hem+g&tg0aX) z#u;1A$yj<1p_o_)*vlV4St^hrUe-{d3^S`ZEm)t=J*!Ron(7eN&zyWvYyYP(5|h<6 zfQ9mZC-48)IXK?=|81qLYw61E{A%V5RP{l`{Icy{Po^9!v(?>AcZLM@@sm_Z`6cYYthNYDoKeR_9FX4ftak+Dn8U&X7JTI)aL z;Unt*y`#h9g8qNB%m1*Il3TwzF1o{p&~-u{o~Kf~y@b_kxs0V=uVl$oayKjaiu&ju zSjFsGVBnS=cI^&pV>HXTN zGS3KWQgJ)v)6!5YA)e`&c8P1G2de5T{cbrdGAFVUu&0DlEM}?=jCcb`seNcFL>v_; zrm@MXhnLFBMM2V@ep?|}Ea56%eaY|?`)G{LxeI+YlzpHi>;?cM%7)nU5V@XlSNNuT zFZN%^cU;d@BjPE4&5Yk(0Pp+Y_~_`scI^o;NxjA8$o0Ydh>NR;oT`lF=yQY_^4>BU z+S|Hr`1IX7ebe!j|HM&Zwa$V0K*^QPd#7q5K9>K6(^F?)-do}`TG#3Jffathf39=#)Xka?$<7rLUH zpUlYVM0UtMbL|B|`3TuKC^e&|DjHk$vbb5zLx-8()x+3o+^DBItZ z?0HmRwpG{A1*U_fW}+6aE2kGXJ@9L@`CDaCY~h6NaZCO6KgH;-e#{5E zEVTa@@_%-ZI=lE^TPZ87|1&@00IQLF``V0 zAX&IN8JwxeMIIo!7l`OgZ?8cUh9NI&!hCWpr>H8qqEOXmio?u{V1!7glewtzc zer@h6q?RXL81jrMt#mk(@zX0{CCV95cwu9vUP&7{fJKvH88}sIF|d;0GiA`yYH38H zImE~{f(2r496_mHx@ypUh!~ESNlloN(;^}a?=Y;k47#AVh%h9%CNEv`D+(gD_y08v zfD88jlKijozuo@7jq+6c|8CsJ!#D)g_sYQ)ld4{F7{5RBxd8?R#7y5r3pXB3z_6~RcpIa#_+JDzS+I>c5 z;4K~BGivej!VvGXo| zNhxSRi9Z_z$rZ#E4c%G)(^YPS#NM^ffN$)|U!&CI|5DX@EdSr`$#MStuXEVl@&B!q z4g3GjzxlHVPC1|>@G(T>S^@%x&e3Z?5b}Va>Sji(RywMqL`v9690%@7wh86fe%OLf6lIk)Dy%^eyJMxQeZrJ zDncPlW4RdkmGx~tmf(r*1!4sHt%&($%r9*SJUsN@bTSJR4UtTUo_*Kc~S@E-6^fGg|EI{-8owMvid$}#%)#m_}v(s#|YMxdFYRcEn zbUTS`yZU9_I4qNJ!-4={2dB+9t%7WuTd+50I!0$zpzrKW%$o6WDJ{jKma_6mnBRx?E^8CMdafMXmrW_Oc!i7Tk$T2l8q=wmsA#P8*?bKDgUDb_PRpMJDnOE|)i9$>>m++{e_2YjdCbA;VnAg6)=|Ac6a7`V}} zVrfaAKu26lO$bOe2$L2i2zV% z#8#us!-n3J4QCR*$rz>?!&`lja%J)dntYdD{4}{n^F<05g=~NqqYqSEGQ@R==0X}p zi6j7!xf2uaIq;4T`=F;0IQX`6AO8qL_xR99`lo6BL!N3t`6OykX<)55N>D=+zpvBR znpB4gTWbfHG0KqF%CL%7%7PjI2slod8vuJM-}kkk435#wEJQkI6mTH{Lj;-u3MiX3 z)!ATk2)!|4O~rOBwx&qZ0C`A#pzG%^j(|8Pe-fU@4WmBjb|eQc4Up5*tP@^$=ReGwQqKD9czwE-t0~X-*S0(C+c^o8xC}n4HW1 zQw?yCBz_R#hVy@Sj*9U=yF35CEtM}{+WSdL7846sIT~cb0DIKsZI==kg@U)U2}mL5 zcuZO$^;&YTXoLN>@iy|%2onUFcCr@ZUs258l0+?w7$)OucY?gg$7FmlCNz0`evjNp z$!tX}(FS={0n7@h8!{=2ZK}b`DrlxfOWms^O*PV``9|cvYR6lH!kwJohYWF^O?YjR zfhk9p?6At+Et3ifF{n1I3p-bymIC{k%r3^jd5dPR!8cRrgZ_7UMOp#}Wof3y0=!h; z{0T4-uRteTO9d8`kjoNeSEj%zdGw7^XBUGsS8UIwu3$uF}@*nkPzERVs+n#x15Kom0-XH@7v@&$YR5u8|syxZJC0SpsZ= zq30S}#M7(ST+Larkl|ZP5EBpGzXso6fdYFK))~~6Hm&9pRn=Hpay7^nojEKksS`gc zW%{~`UUAt9#Z{=7_Z0f-)QpEd7NGgMIR}JIC&{Q3BUS)Pc9v=FeWm1~pdt0?c=oRh zb*!iJC&s+lu!tY8G93zQC7lvhiaJ>86@T;hQHST|P^ZH-!a2Nk+E5&9=+N?G(^6-Ee z!-{Q!$gcg^Y6UfTnPY*eLm!mW{OYjm0`RXtuN?vun!VYq8M1FO7JHTEFvyAK2U$+;5r(O@I7d@ zinwb0&Qv570FyRGk?+saqXGcKP+{&g{*5$rRbR+9WG^@vA{VN3OEf^>Uy1mu`>WE+ zYex|u2UzF}cFNo1<#48G@%F>Dtc%GQ@DRDLoW{inm}3p!up%%&QY4eRj-_`;bjjDxbLJ18ebM%|ynt8f3 zg6S%0{hc>+&~&@Y%(JS$bL+n*|F?X!mp=_!WdG|O<>UXUEn&z1w@}KmSQau^&UgMT zuJD!peqk79ZZ*WGQ?X1mK@1CZFkk~TuF9zns~#5{wXdsWZ$c>1_ML^uB2?m)VLrF$ zlZeokaJr~lwY#>kd#1hog*aI__K*u%5^JuF$?wP&*<5fy-!=)5n4n0fj&m6dQ6^_y zv68-y((E4gj=yc@nY%u;(yB@3KGK&j`Kuu1RsRHblH{CB9SKSW} zH&fYM9dGqPQ(|F8bB+k)=-XyFMAO5%+|4iZUcfPUcxdKZwa+1o9!R+=S)BrrX&w#*gX^1*SEoOm z4{mmaDB6sDGXRG8fP-nl%?$0b<~1 zAK$%GUP>pA3QwRGqU)`T$Kaua(1Sw z{wEt!^nojo+UnhV6n9A-?@ zbB@xqYo`HroC26UO~5Xq&6FJEer+thztMY!hrUn>ISg7x1!DaL>A?ehO`rz{!!F}{Xacg2>5W}N3$ z98a{;&~>rvbic|CI%9Qw8tJYO+b-@=8qh9@VV9caO6rr$kzQ%QH(AZTZe%-B=Oe~t zgU;$}N%>>Yc~p|}`(AuE76(Sy;>wleztwdraC&*+fE%i0F^LVogJFot7|=+ldS>>3 zA#`sM@m_;Fo z{b4Qe|GE3WGeLfUmHYfUd(0yF|LEW-fB(C)+yA#y_P`|+atGl+P@uhJ{@Wg8cfEo<>G?^PmwxhwVp%bHTD2OV;xE1WysJ7 z-y;v)VKD*!W8V>h{F^d7 zZtVYmjXm%)WSB-AT)aK!4acM^Y&h6Mu&t{z`g_Bfa+i9j{WTm~&0YUj=cjMqpF4rK zUKhJG^n+cLg zVb?|@7D#P8?k3os#DQ2+m+BE^R#+AX{KS#!+ppPxFTcH<7o6o4@TeOpJELk#P~ah* xEds?2+qlSHDDc zVQyr3R8em|NM&qo0PMYccjGqlC^-MFJ_W9vIo<8sq8@&AbT@a`<8~6y^us^f$!vZ( zSv5pL5@Hfy1E6fB92^Z}Q1O?{A>9NhGRD#06x3 z>#W^YzH?tmfrL;21*U}e8vwXaK%b5s7YgAc2h%o;1Z`o$1@!$sh^NafhCXg_#HNU~ zT;_e(bq;z?x6>(w;UXsR2qP~6P+HByJoMqLMPPvX;6l#G(t7ee521_tKuy~gpK*bL z(z=xQfsaXaU-~v=bc#L1TjMF~1A@dIWw)4&9R=6H)R|%?BIwJWVi&ci-60aNTMCRJ zA3=@``k94QQU7ynsaEHYNhzZi* zUEw?63XKp0f`W+u&8--30^Wp4!?4v$tHX8ztW4^Grca4O=WGvUNi!S0l zK(GjbJM8;_p@2@2Vg~L6xwmSOtC7210lmyF%$Emk!^h>nQ^0GULq!UErvqMu~6L6OlZwDT1mAA0BP4+rc$@j*xP%H zLWW!@kOv?KbOgH2o7aFqfu{)YC=4kRz-$yA7|sA9aOg|2eDVl))Gy?HC#mwOp?M-@ z$kY3&c^jh*01n_7$v5R#2beMWb<4nr|5YED4jenZ1^}TSjWM~X2~JZZ2CBbJVRoFJ zsnK;5O+I9MuXs1%0D6)Hm`D;e%6r%tLXI-eC1Dy3m*7%*)WF(|Vap{rGl~rWd^&!I zrpWKh9YF4~=-%}s4}FLw1chQNFDA6WZ8Svj?*O*NhtM~I zpzzJi(sX)@MlkZl6&hnMp-OH6CsE#Ar||1~=4?GGfC>ObjIjg943b zeEoH?KDjj zn};bFbTJvneZXX3Hk2&>rkZ1O1O=&keEjCP{X0Zs#5BY)gCj`bB8Vl}n=j|1{-!oD zYJ+Q7L?}!imlA>Q#U&JzK4@A!)qmAkceJMI|f$3lxM( zWor*6$PW?YjtJLQ1s2Hvoui|Jocw=$&^y}6|Jx{EzO?tjIpGmQAhD|e%%$qD1bYqx z1ke<*+1&&&1oqnx4~;KhT5_Ak1c9bj&y#PPp!M+306d6$bA@74S$|VhFDym4~>% zM2&D35k#hRHo|^}j$@-QCl8D&f{0+)`j}%6xzPGBYlcssOEi57JsW`TbW-KT{)?)9 za^yw~i`n7{VbA1{`q;Ix4H06p1|kBx`Ya_K9c{fYdtHL(_Sb(E{~tn*T6(#(0vN8f z2`rNTddGSGe{$UG?D+pSO73*XaCkND?_rqX?>2Kz?5Zs}QI_V?8loKH1(Y0?fvE}=ag$qfCK&nn8;NQdf>T=QeS1MTK~q>u@M1q!TLWqILM#>ob(P3 zcI$r|Wka%GDQ}2{u|0DpG*;VhBexan-8J1D?aer|6~|k7vTy1K1#m?nZzV9M8*9TU z7p7JMr3PqSAZ0>N9YA~F_6@HdLodKwP9vk6+ta7mKoAKiFd5&W;e^s#Jz^0{grgRi zLLYl`>n!Rg3^BSFh)AS(B_`U|9Y0j|2CQ0eD!!ldNiC#8-M`u9_YX z6n?iym_Q%@p=In=d~$&FFNQ)NyD$O71r%r$`R2hwTq8lb3w=z+MI056phQ4Fq+VQ8 zqp=8XYQJ_|$`Iv_OM_wyM%FjAbAZQ4=&@i33RG-E$>_5p(2#mwaws%ZheCBwuH=j* z6Dr*}E$uDy+>B1DQ7L^|^ZTzD?x^XIaktUw^e{7qkSmv;Oa_|2ymdQl*Oj8;4PXTOnW1`oEa}pY-zl|K#BKc*p;@ zQOcbs6#GuSAtkr9Hwmq|C6{6Jws1+kYqO#*wPsh83_~8al9{zM!-!h*g}?=Bgh zVjqpsId`EC_3ahoa5>^yo-?aUvZg+`ipVKHB~sy>P%b`bE|+?N%GW>f*b%PeD~{e_ z65Ut7kHXML0U`qWSzc49s@3Y$Aje{JMso0?m}n4+*;~wv!G$Z|y~YYVwk_9hdQdEx zyN(i8!eRw?(c@Yhh&0m$7t1)w=We&Fy) zdqU}LQ|>Ta#4Ws5KcaBVpofaJTXzVLC!*O0&DK$~}ChoewTPT;H6&dsl^?>AQV*%=SH1 zPVr6fr&6hM_`5U+pj-gIHrqo?+I-S{-E6r^VTuc6W2ITOBhK1Bb)nyeVc6CeX?dGP z#Nm_77kbNouZ-hmG&jCBx>}}Jf&50h?W;yKYaUACOP-vm%cG&LSzRe7@mUuD%gJpj z)WIySY835i?B-WYcd~{}yOL#9MYKeY>Sx-Y>%p=Nbr#ZQDFh6ZMrHqbM*8_sVa6;$ zzgnD+0c)w^Oy3Pjkxivx(Cu`ykBy9%J}=q*RwY3nPP8g;M;bClIGl6eazwQGVgo_cG;3Gh8)tA9>I#Gs(8 zC8?((D%AegTfJ3tz}Lb=QlGAle;m+ch3}0iV1s7kH74~6CS$v`Rm{ctey=IhtBUp1}|f zv5y6g39Ri-6(>e{(Xo+Hn=4yfR)|~UG-@Lh${b`rrPo#t%dlqI46Ks7dqqap1MURFMM`42yLS@qauGv_F|W0Q~M zdx-srJ?cG{s{KDZQPv9quwei19OUCa^*RT~hr9iM8)g2wTRS>Hy2Mrq5CF>fmHwXo z0t3Gk?QEm~>umC=N&PHK)%uSuD)IHpbO2wo-EIUj+}1V;bi< zK`;u}W5g2?pCezH7)^bt;hf)x z45_>7$r0C=TQsvEn9!pwJSLQ(*C4i%_Q6|<_y;P^?=cq-HuBe*b|9H0j>W&z;X8?P zrvEBHr@5nRjCNX@Q*YZT4ho!rY>dPuWugzdN1bmw>M14yu_^TBGhL4%MI21VNzb%l z@SUa^_;oOl!!o#yhKLa)5Fdop8zkD!Af!wTWT#>Y8oJsNcZ*P%h$&-q-v=+8{g&>L z#5O(}jO!~zJVtXLHOmoDwFfVq|M{v}7w?4fc}y7!edxwQp(dRffaIHHh*L(5Ic>zB z6b!8EuAVrAw@L5tXe%gbAzei26ppi5SY4KsgJJmFDvQltS{LNCRwN}r70~*(nky{7 zlGHkx2oYMLa!XdsvyaWVjj~|>HwP-~9Re?s|GS0!KPM+U``>m-sf3?9G_!e8wI|QA zeCVlrzAJy5v;Lv3nN|8J!{?fq{#%QkfXTY}o%|K8pIUa`~9;WBtN z(vP?Pv;6<+{PgYnb0_dN+QtI@e{y(`kN8*kD?I~D#=nbLqT`LmY4T2o zS@VESfur&PhS0r*W5hG50KpIw$YxgdE-=LqKrlgmpuct+jlH-PwF1DE_O(#~?Leck zw+B=jQt%dqh? zagn~xeU@Y?ODbS8HuUi<#KB9B5Xj)gY`jL4m3;Ne0XGxO0p?(cTo`c#BnnonK|m1l zWcxz|;1psX4t?1Upv=>`7(*s?YkvlY5%xVbOxZ3_?fa-uP?_AI?=%`0Bh`76+AT&( zfU~Q&8d0A1T~(6(&Hy&lgEN4LQXnKg69h)o_vxLiju@k?-)}TNovXi6B5De`Gzfhp zC!9()+0`GsVJb`p|DcFGK`@~xC z7V^oELgqCkN#k60P0NI%4W&vff_^xG-R37b1y4Os@^m?gRo-AfCN46Wv*a9(q?DvG$Eg9; ztOgSxWIGC}*8uB@=TVg+Z~}E=L5{M^Db_f>*P3cEC~NkpG=n3EeFt1*V1_;YoUW}X`IUMgpen4cxz%HfPhQ&T6-si?0!OP1gwq=Na$ zF-9Pr@c@RQqy-0`tlV4apVuLB9c>T)khjS3lw#POfB-?+G2geMP3l1zBEVe+L!C#_ zntj7r?2l_0pYEDoFfJr|#RvvRBkaBgCNr5@LSqKQNzBBIv}Qu2>KUh}dWwqdIt4xs zu+Z4Z-V3VSfA9#qR#h`QRv?JV2C49ao(CvFfR1uZFdNWTVqlG@?6XUWz$8Km$5_;V zHRMUx6KXi1(dasoH31l#cH)tjyx@|0$xpQ=?My&PwqI@W)gy8TiBKd{gXtvDiR`V~ zpP+xO-kJFAf@M2r0~?#iJQYDHcW%74$83jiMU*Pc|-}UhChPRzJN~)8$h|lb^s4$>A^*s2Z(g z>nIsPCmw(wbiTUz)Hg}(HbnY3MP5z1$JMt*^s@FgN%0$Da{`jurZHDS z(dP*IDmTBPP{^nksY6Z&{KR!?=U)vBGs%8?8Ru=kySsBTIU!XNf9mpf*XecJW1T&^ zrJUN3*M0>&>PG5Df@!Jj^TdTP~tD4#pCjzv0>$rM+e|pa)}k1Zc&o6vz2-haYW`7r zYs&EwZv7gBS_x!mr0qQ#sTFu^0B4%T$~OoadqUQl(AeLP=ZU2=F0>@Xxnvie_~d^2~6 zaZMd#f&O>gIVtAfRLJ+U;cDCGGfSo#`IU>rVPshike*0TpwXkX$iFjGYvH{NQk z^2)?Ou%j}2)V)Q_!L+FXgp7``Zv|_TJsf9XCP5Gwnqtkythez)T_r$#qSYVW5d+nJ zq}sfnz0Y{O7jCB)n3XO%M8f;?o72JD57&dU)61KmuFft0R*(;tYwo+KSK|yX0A;Kr zU8D24i<%0v5Y1y)@_mYY8TTk}t(3!*G?!;vc6&O?T&ANRmUR71hAPE!oxmF=?wx{I z9eX2FD-(W0JsMzw#pdx*VCx~Jt7b4O5AbIYxTN0OBpvEMR65k+#ICNJ_O*;7tk6_0 zl609AA%DL8aDA~(loea(P@|NkZnmXMKN@4QvG&3g+?*gURbOO=)*yJ3V~Hi*vp&ns zhZ44(WA^JzV-3BsoBDMQIcxj{@=<^Uo6XyJl1jztH0{lwq3Ng7UjFMGol0ayOS)W# zMiO!*h2+c3n4^1jO}H=+6KvgrQjQ70Gwy?b=HyZ^PFVmsIN8?nBjjD$L7sFtZs&heN__0@50 zzuk7)+9$jnf8kQ1&l?Pom}zR!o%g}7zcnmo90&NsfmCUd>)*ersGt~f)pDW*884@0 z@Jhe2FpEud8^Ggp>IWhLig&yBjRekThgA|P~rnuOxp_?VaYd4huUpv zrcy@GY}mzK1BRg$qs2MsIh}@wbQE0mFu7<437{b&Ca_f;dtIHcXRZ{|q5P?%+Rx1K zvXp`;u-zPEQkol;0%D)1o{6cO9pr#V!T)yYC!bQHloYaGi+!HGQ%w5yg;hwR7*@+BED$OVgB5i!&VAWlO@w*U$t z_KgnIl9=-UTQmK!3OpbYP6Al`%jixK^V5FD{b<-4S+a??77=Yxg;rFfP8^(TUd;*e z13mP-k*H;Al6Jp(<>)`4%-R1f7oPRnSg`*e9vl|(KOG(J_W!LE+lj3Ynrh^mjZx(L z5$$p(;d;BLx&hfnZGG*yTczy*T>jb~0{5Bw6}P!<&25_$)qWVg!y76%C2O`yf*QE^$sa;SU;nfZ_2(0HS>Lk#(N{xRAUMKsoLr?TAey0iXaZA`1RXEWjO& ze6O*WgiW}ESnrDxnBG5i<2s~5;<5{g?%&4{k!#t##-8$v6|!Y4Koq`GPUM^hh!Ui_ z#}hxU*o6*r8(~2kd%&aW`D*~d<&{QHHhhPCmj=jb=>3UFoCa!RXe#2H^_sdy)7VK( zMddIz%hX{YfUb+Ua${D&^1hlwZ5^%HLL&!*tO_$c4fTD zAwxjLzw~0?za%8I9PJNO7;GrOr_^v}m9E6AkSjWILUjQ^kY$hh^CcbPj zaR`(G4WqsqR^4no00q!4B)aw3T~K3?7-)c*0C?!5l$0hsR&#&9shziscX;dxIxsP| zRg#X8iZ^18-w2hn<%>BYq@Mlv01|=C11} zu>Iz#e+Os0nSHC%6~$Ix<$Dqf;EADYkhh)qbUcoeLiuz&&>o&r0YdkpnLPIOd0P{c z5!Fv6vl@&r^1bw%UZ->1>U3M3-c9$Y-#P4ej{duI((iOk|CN1~4diU@gJxGnQKKFj zB%xT%{5Pw85F@Rx?n)3z2sd3*4`!+qrcX_LH}imD%CMLXTpw~BjW@N%``CqCCyz=E zKW5=6ipKTLrji&IdK~NvDxRM$fGgCB*_83hux*N!qJP6e6)i(V`!Tq^E zXWnLpw}CxGgj^FEy*(E(F;J%t@>j_46bdxBMKklT;nOiD13_;QQ30v(m|!vv`Cp4lQHKJ;_buk;qjjO+ogeI zxvj%*4~`BGItM+iFAG1;$5ZAmW~Km0F_V?q5Sr9IY0}Dgu%BAOdfsJ@{GSE`{qXVT z{Mr%sVzo9Fo&O#l9_Hi!ce=a#zgsE)*7By5OO*KVKT=V|SbP8_=}kyfVxUmh7gOm6 zG4Sh`FTl~}}Ys*p=B zr6AeYlH_+*(F)eLwo<-)Y43w64*Kebm=sy0p!HoK$>L5>AMCdu9vTfI>O|>_{4LQEK$yUuk$j)nz4}>-+0U zHPprgrQp9bYVF$(*RrmP7!xA*mD9Kw0b}&nKuo#~6ZuX*!zpvqvKj|aA#bpqPu@@JeY1T_C=6Ep|SrKj|TQaDD~gj!8h$MhmN z^;H*#lq03)fMk`TJFC7+3CA8{$XnFg*y*!$I;F-EC(~$LwQfB%f#!Uq)o3ThzhzOU zRXX@u>Ct-XqAsdRx`T1*P<P1J)QO$|r%N^CE?FYU;J<=<%$m6Km-23?`~}V)C%u zaI=I=^<3-bOi|eSQw0k*N!&sw4U?*lMz_+64sPnThO=yr(b$ev`cVj(Xwgw>8z_u& z9MPfPIOnO{Ds5GpBkBxi@!RB@cxfWl0{SWrO(rZ09;KJJ6XOGTsk@`(W9P<*VhZdl zz$dY}IJQ$STG5y%A#II%T)MW4*TM@%k*pWI;{AqbOl<(oX8J~D8VBDDUW0GAd{;8p zituBjV9pW$8(z56Vl`~t!pfoaoyDyG{D1$>ziHZUUw*@F7QNpDO=rJpKl;DqqvosJ z9hGGBThOL%aMf0bS9&p`@Z%d}TiwtI#Fp9`Bak+nr$+jwYy{G`n;e0%Hn%eZcm!U` zUH7FFoUhOr-M@#zov2l;?=}+JG7+ck3HS=U97?$`x58h6mxPMC(2{OfL3{Pe?uDWZ zXrh=8q&>1|YE^6&`dpO%?5gwRv$qM?vqLm06Dd$8(%3!c%6^q?wka(wlIDsFc0CbO6>-`-X0!HaV70Ub*n|e#TnX3be{ma+L%AoBE`Cc}0 z21D&Jgb{a6FE5M`z?~l<2TgTS=_KcD+5@X;PbUMse6BUM(V=3lEk)1RLJwTTv`XuM z8+BZ$;;E(eMt~A<`-cB7ebz@wddj923a@g=XoEycnaVRlP7WMVOB{ z7P>pKskZRB<4Vc4dUQ5AF6NL#F7d}6p8R=Cy-_NDRXtewx?3DG#p@nt%=96V6&|(D z+52K4G;^q5%D{4UN(f)9P$YM$33-X`XFOQqh&&k@G}R8#RL1etMkGZ5+Y@G)IV;K7{wg%bp&84RI(=roMRQ#Nr$t7DwlNp8<9Gz-3{O@#{Yr)h-G@GQvG8XA6Ax>9E77sJ zvapgshRcmvsiPntc5@{F8M9imS!p#h zS#N8d|F}?Ra9Pn8bm9Hq!(9C5UboXd-ktw!qpZug^7$jvERnHGU`Z_xEfHO4YN{R{X@`n#Mvn)Bs@q)>a(oZ-@lU5&)Cmkt-4$lM616sSOzd$jR7pW|8;bDl3)M5-TCi!%44qIZ7tgvIg{U2JFxzlKx^-V_mm4j zlO0**Ho-yY&$8ajpe2P79D+Cu{4JUpXK2Wfju5UAsEu;pDak%DL%IRze+OuQ6G09% z?X%A&Xy#8`o2IX+G?o!=+B%t-o9?nxYrt71G8q_1g^xPBLiCP_L*1WCcp(|8BQ$6rV(Rjb%8 z^k0J!qd`K;YCKK2Fk8iZSw5Ev^_-06lkL5dQk$u2Rsl1oz%7E9?k1q=`WO*0z}_Ha zXoT-8+prec9Pp*~rYcI5ShDKDE?P+zHBtOxUQ3oG7Bn;V-HLW9?ZNX}F{_}NnpG>H z7tF6&s3!K3oP{~|Bn5(}X7iP$*8ZQK4YgHb=Ox8}#ruCQ{ztEO)Z4}X*h+~FNL6gI zcxDZ!u1mce`NVBY}1!`!7)#6HRn zDzpX~;vfnI4%BUSEKp$X)M)>aO!SQACG|K+YwJ5Jknlb@G(WXJ{|8;Yq7hjnk#6)Q z2nO$(l`Wq7K6O>L<^Tnh&EoGPf<+%Rhckir(x_-q0~o`uMoPiKqz^ik82*T02sr)& zZ4$K!g5kghx)N$XgK-yae9r1ha7Z@#f}o1&Sr;OoRw+ zoY?0jX!g|@0hZnW$8>ocz=Hk%pwr9m|J{@0?r#6zMtO$&|Cm0>=Klk=c7AhpTt3aq z0b@FduWT;Z`_C?a0_vV(9qyxYb8|j$!)U;fONqy`oVtWB%L2z^hQ`@IQ!QXFLN-I{ zDJ{2|I7)e#hd!KrNW_zBW_opf4c^z4A?9|9A+D6bc(cv`DBq|bv0pz>Mk9eqy*`ZT zU|jfM>o_Z!$%tQ=5@1gOdsNzW`xKyn3n;jj>GX&^^@RK3EYq(=qv8%cldCORG3sXg z({3)#i(ES0ZDUfGq+mSyEXy|-`H{?k1^$lHGo4|nIkTPe>_ z{)?k@Y+nS_{xTOP`lclgE)euiFE4-*byPxMvn%Dc0kcQd*$DJm5Df7k1zXtcN;ZWF z=7NqH4C-wS>aeM5U$}~2miPJlh-gj!F?v3xgOP#%xD<$6sUpJnx%bw#3f)^cuHIGC z*A?`G*pFC2F6j2^QDtO4pChu>ln)-C1Uup4`Icq({{XuxEGlBHuG4XjTfa|(R!FHo zM%4Fs=79@C=we~nJQki9Q6Fd!<^)GwT3_|7#6rjzUnI2k)k^GDE0ol)-uLY8#kAQ# z->QiHq}{WP5o`3V+NiOi&g?em|JbsL{eO`;VA1}6(#z}rhbKoTyZwI~m>zB#sDu+8776Mb13m@n(@3i*c0cZG`cafkwydw-=CJ@xgnZN8(>Lmp6p zLhJ8+rux8FUsttR+35StNKP9SnIJ>3Y9l_i-qqQ-ua(>CqVBsiP(i9TKmrX)e4TU% z;QaT9l? z+U^(m3P(%@ukq&@OG-T^RBNif`j!n`4a!(fOoEmLX9yM7Psj$)(I+zzSsxv}TV{_{ z=IxcG7c8O*AKcOD_eaWQ2 z3-!OFeEg^0@lOBSPI-p>Ur(_oviX0Y9&%LcW+N~Us%-xnS#w)`FoDGLZKv!-7YFpc zdGlEv$#Fq@%Wx&rc*Pa@8m-4)uGakdRO`Dm1U?+s;@R_XLK2*WHt^wiJw`oQB0fdA zzrMjq$E1)`RYj&Ss_@#jc^)4o7!b>xG$g7^-42#2`4#=!%=yzg-8-E^>`O-VXnlln z3)|`FV_V&q-TyyFkljYh2>^@qzr#-6|L>r4xQqX|mGTVte>26NMD6=8-FBJA_g@KG zi#+?5G*eCy@hDr%P`S22%HUwfQi?bnFJy9a&>@txHir_SWGS@FG>{WBXHM9iWZGp} z{?9|Xe20{ZIyb*`S-}50$DP9cuY=Am{@+&0GvxmzQ|yV9!E1#H_y?t8?hP<&L&))+ zvTJP5iUF;+{_BZ>i`M_qaX$a^;lbg~|8pzl*{}cSw)9t6_0MX-=gJ!EU(mpXq6Q0C zxc-mw>;I^8aIjnd+bGX_{p%_AoLIn(!e|i}(0D)Rbsv{y*T0xhMg+u*rT(-mvj23t z`SpKraI~}kY^6NI^`A_!CtCM6R{Qa)j~`VX0~uq5@o@{N7x{%?4;3bfuG6iyq?o&t z7QjVj>q<<@EG5sMKkdrnmZkZBU7^n^3;6#*r{MqHJ3idmf3{MdBmaL&q3;j^Z#q}Auu1-v5PNka~Vs$@d1c|tc%5BDCta{0|{$mA(iI^@BLuj&FdILF2d8|?aEa< z7sK0P2dg7SE0h3YjIvtdQMN1UyY)jTu0BH7h)sPYmhS-9A8xM)J5lj3S(cUmrih9A zmd;mKR|;Gx{~hGxKOCH#?DYSwlxHaa*;DL^q`;pM6V81q1?u16OyN{*17PA_rwuas z9CP`Q7F_|<&>7+(B^=dvWv{RUJA|b}p&}X%bTnndgxqMLvlRGrz)V)RZa&Z+Ax#MSR zqcW@%^y@l>7V%P_UYBb=nWa<%vnok_P3*36V9PPw33&gBWi|OvIol8Gx&beg|9ZWG z|HskJ|6?oV*~)+M6nkD0;JLwSz6==SZtmx>I?|uM4kJO^AJyadrR|mPkBbEs=y?or zUL}7d6tLQRV@hshWOh;ukzW-m*6Wl|*Ed?sdL zHI zcJaTrQu1;f3`5?Yc8$RHHW~O5Iql1r3OQ>O`My#gfun`9WktC4gg6xX*o9oT^)vJ% z#2sq}$M1Ec9QnuW`Bwex~=!j>MZ3koj~}HU=T} z2Kw`SeL;VLfxqCJIqjKU$Vg^{P>~hP3Rs!W=>3onkXCbSu%SBInV^VEorb#%sx45k z$P(7^V!1nMqS4zf3=iU!KW#NxL6A|hb4h*d z&Z@@BB1NbwfvJ2>M_dt$D_Q-R8G35l0-p%!SiX()`SrT*WvU$$IIMtGcg zrmLAZ=GdsMe<``l;s%rnZa1c}h9PdrSIG-&)GjMnmSI&fNqSOZo5SQ6v(p$Escy7_ z#FSDSp&Sp55&O3DZD;Og0F;v&CW!M(Mu(_xH7arW0SWsN08#^=Gt%atJ2V_HN`>AB z1;fF0G#cT1&}=sWcz9?}5cI|5k1S}_x02yV=vifulbjNZnd2fR1|#gF*dS-a;O+!T z690H}b9r5Wp5I{dUlc#ck`Vw*u)xrNi+nh{)`p}$II=2)h+*m_uMRrNJ0DNcZU~-q z2oRYTS;Ohs&Bf2>gAb?g&#x~}&(1AKQ@Q-UXEex;%?KmkyF#PvQ}g^%4O}dbI*9^M zX!qU69|rHve?EVgZ&2?V6_O_%ze7{xYbM()1^WHRtM{ijP z;G2v0=Y#Jr&fmRVu?>|;Mp4OX3Y4~Wefs|L-TBqv>hz{CB8!^gFbI9b22umbbY@EZ zC_wL}@Kh}p$7^apr-(7^p)wYp>_?pX$ik0DLp=cynd)R3aS3Fr`kl4?83^rM^^%F- zT5kW%?v>?uly0lVp|9N{%5amih7c30!`JfK{1$YbW?^j4U_E^iK|cRSr_(*!o&Rm4R8M(1=sZMjnYUN@9xK0q zAs$S1HTj`FM*NX7{0Aih`j^x@jRfT`^bz}d&J-2CH;|2yNGu*@r=~!itK?2jm)^7+ zi65o9qM-A)^G9wFX7IP4zpslQzs z$S$@H58m_+Prf~T^J+1U1~EuHAek9cC>q>aA)|u2)OYN`T1f>~t;Vz6NxP)Z?6U;P z_zukbE{|m&G}UoJvvj1E!@zPMSOEnKgH(RDe#ZOeYSSMy<@e1xJ7M``FWVdQ1Y?np zj5D^Jld<$3LNT!pu$Mo8vQ!{LysV)@8D>^-TChH!dsdtFHPs=kpE>!U*8WdnBqpnC z01M^+PTv2ob8x)#|JzDg*V2{S`PIxBsOp1=`DNR^o=iDdW~={r8i|PxiMRT8-C@BBW1k)RFe`}FRV%&uJ;B4d}Fzlv8cwbp;g z!$;Krdq;=I1^xeMm;YfaCAWTcTy%#Gq3eV^JWr)|dkL%8av4j#UdfWFLa6?!w~<#XcW%Dvk|N5SNb4rd8~Le{2jT%NDvy>b;dE#()+bj zWu6h%q~dnSr=_7*LOjzk?Go2W4^-7x`rUF^WKLuyU{499SjQv1+Uh&U=x zOkn0N(e(@zK$N?b;Jyl6s5Fk?Vu^5f@hxIaL|U(dP&=3MIJ=d-D{dcB0^ zKp2y888(yT@HnI%Ob(A%YHBDSmd*`E$?tTiJ7oS?4!WK;=~0$;*i))z3&g69{WQe@ z{My`CNG(sgFyt9iTIp~mR}@5Q@BeEU z02l24CHY_Ff4lvE8|A6?|J}xKxNWGo?SGC4u%N$RqcAY9OB)sotikn=kIbJ-6ZtX3 zh6Qcz1c;Rdhz$+;Q;QnA@(fFD`ERHX^HwnfFZBO7KFP=b>>cj>Ketj=wEwPuwEK+A zz*{^z&h$DxL#{kQehfd?4EtVo{Xc^Jx7#_&umA4R;m-eSD`h?XZ*4a4WUJR!V&`4_ zl2Xus5`Q)bk}HTS8oIOor>oouiM?x|0pHk_zecIa|D~$+SpL7=ljHpPU+1v9#cdj6Qqh)vHCd zRD?p9#&R+6E9={QEWs1q3&aTYTM_fim|xluczEcy+vPPR!a7=P605aYR*z9Cs;;&^ z4ody2?y?cJ<4;aabndh6Mq@4o;hIS_RoQw_tD1bd1ibK;PM$m^I_$Rz}9H-)<&2ZjpM~ zX!omywm&TGmmMR>^RSMoHHZgO32-$ex2jKVv8`0jdFpNSt1ZjOe-?lCMcHQa)ho~eEoJ4CFuxhmh7ETvTa#R?XDpWLkeI=(UjGrDUk<{U135GgSnO?3ShUQT0n> z_08Zl_y*l$F1VzFftkVRCHkCHQC-Vm65r$m&8zsYv#YlpK!!koIhS+;mx`OlW>Fv} z2)LB#WRIRi{p{+kP9X<|Xha#ZEvRCGxqj)WVO-cf>&H`1-Cfy0sm1^A(6A*H(^le1 zyOa#LNd7zStBO*tm?g$sr7kz;CHNDZ?ML)@Nr+o`K~yQ&+ps>ItW zsFcFIuX5&Sr*XZsUi`0TlQFY&{R;+NOvddqwK1#_`9+sS>;I&ayZ_NWKHjbW?UbDD z+=T-AbOD45d-NQy0!-Tz6}!TUSy!w=c^~+gMEBNPGq2=p7cqfH7s?{ z#nO^KfsVMAnh=m`5GE~35b#hyody6mQkcSA1=9=}^&*vY7<`VPulnzRD>On32%6aQ z@9yrL-&K1Cb=fyCq6~OQKF(}- zZ>NNePO*nrALwb=a48Y!K2FinY-B>5gD($_T;zCVB2Fv(`dhxj4PrsDlAP5ajf|n% ziLFMNhYh_c8_pzrlQB#)hPV14<;vs_H2E&Q_-S&D=8F_A3fTZJMjxoSWQgk!&4o0I z5=j6cb0;R;bKo5x_CZf0aPV#CKK>Dg?(w0I^iR|LhdkAQ@=4U7(!g4Al%R$teqX1r zHK`60w$=_XW0WDUm0=aFlm#^a5OAC@HvsljzVB;6862aVS%`GbDBwZ@h6pqR6i_y6 zs`vJ@1Y7Iq&uiF3E=%e(o9Zmjs`XViDeQI@fWTwF@|)0`%1pxxu+H^b2xv(FXf%<89=j5he&U?PM*+zoMAGC5c)VF-*qS?gV*}kIDFAOlb1>{2sZH zlG%z{q7Cw@0+RnSa}mbzC-nrfs=^Nq-T)sD9Yg*!RF4;kV-oABBs z15=JH*@3sT`%1|}K||`(@$6q2 z>R3P4YY}TwWZ)(q+1#_oj z_LM%ZJ%d29S#~>}Idf_~`M<9IH$lGC;a5@rYTWr`+UeB%@m*5E5ZJ|AvM~@`F#k9rwsKf z_u)L@}^TmEcbxSVUZKe4zfs!F4nm;d{_* z6>-)0ovBDF048mWBHy2-M+E?ep~Bp0{2OWLs=knI$X;+TL@re6mS}*$zY_6R_gAHt z*N!4S4zSP{?3B01%i&DX;_ZiPSr?Nr;30BfIgN`EFvltyh)aopm>35U{R|6mhkYLm z5s0|NlLM%bH`rE^HuVZDnN4})Z&IhSLM@Wp)8-q6zO4l=8dVF=gc2G`=IA%YHS=_7 z1k+X0`a5stpy_s(nP*jh=hlBs{%`qcFMk@e$o|(m%E$jxTf&b2Z=sZBu`Fb;obUWw zT;VJG{lYNJ+-itVr(&6Cf*2O+V88}wT$NKDRy{5@YF}5$-h@!1?K=yRMX1Cp!+dVh zClR47;dD{AYIkj6_e^{F3vse=>>(GjB-UITli!gmvbo@ZzHJg9F+q_|9p^F_qD;=Z zVkLbYrP)2~9e>-*Gk1MxrB##6eWWj6@>fC1tNsb>B*{6MIv!A<^QB8RjaWvL)ic%{ zZ>F-jI^ODoro_UG<{S~o(YMWVh^B{ixtm|+y?|rz@X*Y+YM(r@2 zKE8XWzz+WV;__b?9|k|(+*}SWKVIFGHu3FYw_Aqe`}6k_v-hX}&*0|j^z8h)^y}he z(np$3dYYM=S~2|p`sw`Ym%%?yug?dUr#C;AL6_`1U7*&HKX`bsXJqk>xhe*5Y4r|#vPHmNX|$)>du{@U#UTQV*EI(ukxH5Z7DIn0=* z=NzSJ*G>cMI0Z1zR9o>)xz1XW+)TF+hhsg{vpyX-W~D?j`S>!gR3atN?HD^va(Ucb zo+@VhtQ46*(af{rG_-OY73N*V23_W(;h;Q~s+>8j8S2Uhy4Tv1Pq)wtr*0#E3tN^r z>5_7@cnmAou2hwp`rld^AQ$L=2S-OG@t=13-&RU(7P)o|=mhW=GjhGvq4T4_PQ!Ze_D<-e)>c=`X2 z3+KO`gOlC)?^eo+s-R)lrSm-}DHb_+K_}cazfO$&g?j@3)?PbjIrVG}2umwq4w#G@xA)!!9+;mDDGhBfZjqZ?c+w-N<&N&PR;P z2A$Q{lJdu(^Qa`{_r3UTEDnsY#g!|`f2-?M;Pmps0XJ01ViFsE2g4APF`$u9^~~%6 zL+IWj;=KlU%8LZRc*ZGecm|%cY+zD-t81m*BnM!V6JjHytub?w+iI3aYI!K(@(-39 z?j^}@HguQzx{+tDh81t_B_q|U=uyjrg|yF#-ZTnpD|wnoIgqP~{R&yuBV=3(8Pq51i2;palGUb`3ntc*7ZE z(N_Q0=r^36p-AFq7aO*k9cF>;dfzU-xF z+}QvB8hhYp$S{pKxOjWc8;(g;*l@6iU|Uyb^!J7{LW$*+u8Yv%SCii_vyf~RA@Gut)4)ZgC+Hxne0 z!mf=*ERfoG+)c1Mi372uF4ZH-tgtK&_=zLcw_mdXUw(TzFF4C9;88bHc1G2fpuj^q xTLg+5wsDcYRzy%qP9zF58rgWL7kn4HbXRs|SGHdM{{R30|NrTh*FFG30sx@~XU_lt literal 0 HcmV?d00001 diff --git a/released/assets/rancher-istio/rancher-istio-1.7.100.tgz b/released/assets/rancher-istio/rancher-istio-1.7.100.tgz new file mode 100644 index 0000000000000000000000000000000000000000..703de7f90f2e41bcb2f55f3f53234fe2db81d55f GIT binary patch literal 13476 zcmV;VG+WCbiwFQ0?%ZDh1MPilliN13=zcx=6*zLXV*6Mey=Bj-)VY(fll9s7u``oR z?M>w>6bWgVp-6?K=CR)V_uGvJ36h{lNgU1COH?Wz5kRBS02+-(qdPD?>yic?CyX5b z=uh{Oy4~(%G$QQZ@tFPF?GO3CB9Y!;GM@CtgWhmRy1h| z^Bij0<}%clgJSdf1~{T0@xPx*3R2@A(BIciK$p~uLgUU{y0x?c^cW9^#pB-}^>F+L zBlvGT9*}OoJL&fSM7p)KUXuRJ$KR$a>eDoN9F3lhcTMtdBFEpjs|0&YCzJ)JR$@=dNx}${uk0!wXC;i@}S^tMfrsw&Q ziK`cuKdfalGF^XRz`v184VV(A>C$4+<`Ms%qyy9)ek$EIOtaUC2Jk486saOHRlgVlr*#9g7}a z_hvLQ_4ozUrDjMwY0k$W6_jV&q-cEUd&tbNamx>=AHqLN0}x!&=#s8OXj%(p?R22v z%J*Qm6+PCL^MTvCj<>#TnJee-lAi)lbG7<=!d@pvuLT6L0%ygU@d=rkp<|J^2$_U5 zTCYfSX+}hhW=L+F=n_6r-nbRH205d18j#2*mr=9|fip{b9=T>j!{`W5ocjT>ftZdP z8ZF1dwq$9}tPMdzHh)5BIXr?c`Jn(7UN2f#^bSVMhDp~^Mh|{C-aIhFC|Fz3I-o7x zkX)xa-R(Ae!|o}~|M~FMeGJ%M{vVGJ_W%C4pOOD@ z{723He~9#iobeeTwu!fVZvYP4YMsP+RzQLK+l284zKOs-ePu3anA$(c%<;_N4)+hS z$&hQuBqq6}?vmFwTCFFt6()DUmXjPh3FJN@ObjKjm7@u43`L>`2dflF_G5uBY*&7S z-B5BI1p{pJ3Hd8K&|E-oeig@<+lU69=}v_R5h{E7uVfv#&~4mS0Tv^|wdt-YKQa@@qkpzmge6N(u_x`RhP8 z1ck)+08Wb`{4U7>kp=;VsaBIe&sWqkoP`Hs)_aNWIS6kSR1d$IqqO%cxw&+#OR}V< z7ZRL-amP^Lf!{MqKuR)KFrR043PJIgAe2EaE@5z~7lI5DV&6b6^I$I18xjS;2psDL zv=9Z36*3|%0Ny1hEK~qeU~4c4u73y30C_kK5>&A3K8SToC*s&(?_t@5&_fWFEv4uS zM&exv0#X#v1MxF$8|DHf{+!K+x$nCE4O=0;H+L56fFA)61K#Pl&rl!&;ge!krT(*t z5O+PMh5<{vXOI&>#3bi@9?6l%N%GORYotrDsx(i}3}ITuw5+)Xqu_(&=z6+DW?A@zMt! zgmGa0pWgpNbGdS9-2&ha^5108$bSb(8Tp?rl*cgsy+;3kkdz*OU_vW)&aZU_Y(M^! z{&>`k{~=O({1p+l#x_dMe}myb~qSFI%v}R^VQ>dbN-D+8$ zqwPQ`aXL^lMV?lRE|MvY!?Q9R3Ib{|MFI%aSnBo#KazQV#Exa_6`m|* z{!8PQv{tP8mK0uM%NcYcI2PfNbp6!8V02!0KmU@%a|Q z(cChFx885;l=l;zUHbl2(y90y7=C;AnjdEqH2fLXk|#tRe0IgVj(iSZ8Ty;RiRj5{ z^_Po_j~@enMkPWE*PofLxIKzovE2BPMj&uT7tmGgIj|UlXYSj(vQ^0nUH9{JVHr~g z&Tcz{5XXEtbG~-MV9hQ}zFpgJ*3**w37kD)PT+AEMm~Ura~;nMV#4t-;!}nJZ2|c& z`H3?bl#lU={T+oPWdfLKonSJ}xTG|H>(qD(H zuXq$k?HVs77{;{X6y-=HxBZNc*YRzBPD#caNi-DvH_Q##X#M3>C=I6T0QQu&(2(U1 z+j&nh*O&n>1Bd)0l_ZHp%AhY19=AXD}sL$Zh7yX#0B?0;O}x~ip(68Wz?7MwwCbH?2pFB0~q*MW^X?3+P#;S-Lv|0yHCe- zG=A0Xy)-R*P6t+hIC?dMQnSfqJ{b1w(V*Myje7mb=v8Y$J&K$U7G}E-lc&?`cDntG z{@{2xIvx#;m*bcH$*ak5{D0eD#G0)$6`lXZxuC-}LY<|#+Wk~my8cIl%=#aUM~(f@ zLDHvB9pcR6t0(0+h*wG(gOe-AgEhuwn|J04B%KHd7MZv|a>kK4{dEL9kuQvUK7Ar` zqLDT?35j#t#K49n)bupucWbP^{}1?6i}t@j!U2XBkv;;#{sDu-KOdUZk1`dle?08g zviSd0!TuLMX4ZeNH)z)XA=2I}94E?-%Nq->T=LYwbsHMr!#R?)r5l)xMlmwEn5>M4iBQX${KYlJ(yk_cHq5e!n|x?0*iDI-O2xmk(y9WuQs{PR0LZ zH`~V5%McAY6Yk&w&1i52lOx3+TysWUao#TmV=fi}UEn=<z99@#E zOVhJmwJd5MplLMYm;tpMZ=uagK1$1jv8-mUcd6~#VkA~Kerb& zYQG@u8#A&l@edbB(Eg=}Od4bAB2w8v498>Rn?{6s*Zv(G5mR(r2px6&LFkNttp|=$ zS!g(u4{1~GBi2qxBk=L>Vl->XJM*S@RAN3pg?;xor-mjGnB|Cn?GsuE1 zz*c54^7WN04|O@F7NcCu@yg*Ja^Ui8ekU-Z8+*giv(ueGu>sl_h>q=50rZ5xWGEg( zd+CHYjRJnvqfVcE1IsnOIr0`a{PHSogvd%T4N zgWnqGfdaC2eB(D`H-1%6F64}w36*S|iu{)PE=DKymr}M28Fq!5ZI!K#r735ZXRmxm zP8fO}&z;1ARgxq5hfhS~G~U^Hm%{|=H=`EQ2j!$j8mUw>94<5`iLGV$8> z;GTJPOh_9|=Z*042)Fw7G4P`>k}bSoKh~>704KeC>CO#x7MBrJYIjC$O}uspVZ02(jYuW)U_Y1F263lG_d8Swope?I>K-)S5ZG#!zh6DAj;9434z zVLBdAQ+`RjDQKxC6E}5BQ;wS>OodI!R7h2KoPx?*p%|W#T+Tv?V{MVhTyXl!1jqDa z<)_5SubNdLk<)iSj z{i5Bmn8HLRGgvUq%F#Luj$9vPpCb_Mj`-{A@F-Y&F#S?B_)hwcZH_vci@O$HEY+(e z*7;~gm&b%P!dWxw-5F0#l?~T3Ub48*<{Q5}V)6>E0%n@qIz4uq3o3VZD(y7Os)%To zyudh4wZHKOV;ky}(q=0Jl1tKp{tMaagv(a%wP$T!GC*xp5OJH!WAdJ&;l?KZzj^;( zdv!}H`(XF~!>s*JzdLE{ z{|=HK_WmDdSxxu<2&%dNZ|?th?DS(W1}H}Q{?>mH|4*y)_uB-@>_2;x?EU|s*PQ(LZ@9~+#4(X@Y=$0}LevPL8u9K1<_RUwkHo7AX8536-5n;IVUd(tfkRew@T%)0 zUP~%I@$Xa{h58d&OF267=g883s`eRjTx}INUNk4|KZi%{odAHqOXDByd@t0$A9|>@ zse=8V5JT_p{nv1meg8S^j+*`dASrjG`<9P(^+RE~8DO|(UI*CwQmuedEL3bKQs8Vo zqjSV0e^f1QL>>n=bo6m9-WpPg{4Za~@8uJy?EYui&EEeEhLa}#!$DGJ^GpSB$i4v8 z8txrsPYuF}qlPaqr9cO*5JNeyc2N4LYNiAuxvtUW2Oh}fWlorKb+W{B^_$xj8c8Ns zPaX2_$z#04nW9jpN8-K=*=yZ{X<1Q?NY_`?qdHOzxlHt5am?= zTO_g36PAfwo6mBO5*!#f?uHVb_Z*YnsQZeC(SW)@anr?bp-@*a;-Jn*_KfQRa#li z>b|Q-`l=EU1MY1F#VsU@D4D`CN`ca4q@1~0{j$qqQxwsb4Ctujagpihmc)ih1<1`5{u#{*U(jUQHK3rT0I*-2G3#*X;iXNe_Gf!)96L0!Z>9mbd*8 zpt%8RZh)E>pp}!}|8vHOWzRNB`2VCk$lm|-#-oP+A0(-~Kl|blSib45E=|e!S%i=e zLST!9L(>M*oyJ0=a59*2?}{n*o~K%~Ddp5-C$kSrL6qKCiy*Pdnt}i@xNFv;Dv+J6 zk$1q#d0D=4x?~nk#y0^gE0~{MEkwe_slspl`CQ57TDK7d)X}n^|G7E^n@$hV>0LsQh91Cp{AALa8TS# zHZ#@CD_t{@wbC>)=ncEYy~*dQ?WFVKc3fR&dZSIu7Z(%i7B3m!ztGB3XT*$cYr2$;7XQ`6J;E0HgjMP%H4JTG4p$tP8O%kBl@J~0NtXC#=EO#T`HU{+ zcbK2BARY73x29!Kn&z@xPi-%8I2^bAeoGYyo1BRkVg_dqyKQl0$RHM*Zl_A6thci+ zjqAjRfvtuVFPg$kf4N%hKRLfWmHApOTHZS}m3cU$6GHIk>-Xnx_c78}WfnF{Y3in1 z`l$G!uc1A~t^I~K0!1}aLn{!x$S^id_mpa4KKMZq2QTN&zz@;k`LTY6={JPzRwTUsg8(tXIJHcy~ct;FCGe(otc0N zu3Jh9xq*=m`^&59hE=-guTZ<6t(~E=<}jihU-qFeLN25)X6mW?&?nO-9U|%DzsdJC z^p<_tQwdb6{~zS^|C7f5<6+YN`k$<#rcAXFM;VC^2JWnrJ`X4=|8+^>?+hV-O|xvflG_WM+DMP zZ8@94scmrXfBkFYziY!e?A}Iq+xUO|{s`m0HSz!MKUE)p7L2Zq5Q?B6hBA1#1O$F`|@$)7K>3jAxw zreSAs9jJyEto?!(-w)-ugBjcB2nJSIQeL5krS^F9_@-4U@`PaxhSH7lE1HJb;S9+KTX{|I&04mmwff!EabEe9#fo@c-~lpF2<$E-(2E z`Kt)7#^RUBe#(BdHq4?}rs|Z@u&h95U7?J$)!S4O-LP~-ShoA_T_eC*C;ZL9^V)Hp(_0@81XL-Z^#;gTeZQ zx%ZpM_Knma*0^_kZGf)p5de*9Qgpm_SyFr#3UcjIC|Ld4Rv8N zr3R1pIt>sf5iFGvUo1`Ltjw7^7ITG!Lj=&E%OH?p`|LKCm=*{JAtO5LAb@Gz&=~;r zqp2Sctq4U6z|U!f9@j$-Yw0WjenOv9K=abEE{O?rX73+Z3|uS_2aLkee(y&D8{c#9 z;4eRzF^p4>mi+?<7<%k~JM7SIlsRyo-)sLq0=!V+>W0*m|{yfm@vn4f$y?m<;}_g$brUi#H@87sxnNm zf|iI0;LKc_kWxAkfBqcLVy0~~-}OlV->HbP$DH)dnQwb>w}xg)A_Em)w)*$fgrz1v zh)BQ5;Y}F5+*QpL-TgbfjXAvJS}dg8#<)MNLC8hbs|T3z6^AKo(+zK&xX|kkcg_&Gw+(iUYLr zXILtk(5ccC7lJ4*0>nFLZ;kVUxBJARK{RCsQ}_$|dku?g3MVP?u?5F0$D2m}74_Jo zJZIqnF{kVy5H3J2VjQ=mLbZ?ALM=vL7A-nEO!7M~{ffVcldMg$%2R&{$9{BVz?mB3 zJtllwhUL--G0cGrGS+$*vs&>K{w>?EWV~w`8d^LlU==loA}&_N7b?I7fD0ZC zd&BV)_BVP##K&C2SA)@T&>i$!)uX7B1heCv&sMw0{|URSCJk=W{M%D$CRJ8#5zyo6(sj8kr_v5f%8&r7824E zF(HQtK;B0tOjR*+P^PTR=Z$KfEdHS2u?Z7d^#=_`V*y=?84MWg>-aYJM1d&!p{J@eXhTx5FkJ7?-=Du`CrgKgST)Ar+p$xZcs+mU#g0LppzjiDt*F9K4A z&8r?i6BRA;&(I1?wzo-LvaS%{6jbxybSs#z^ZXwBb1840yN}=4z6ZojgZ5G#i}jS^ zlmhd0;lGelj+R==B+f`0*=}UQBX6jv9l9LCs%vDOSJdsM*oJQ9MJ3fpmS>(~Ufga) zD7o=2v*%Ob<%LSc@)`3!Le{wuHx+2GjV|c606WR5HA=8eeaL&P?ntY#_D*JFX_l$C z9#hJ2BeG;o#DtMfarM=5;=F2>FXVc4V(!Ay5@*x#2RHy7`Kw4(Z@1M<;UGEnO&mm0 zfyj;&N6Kjc*QuZS&a1L`ig+3G2015Sqs~6YiHH4T0oN1UPSTV~*4dT56-QQ|*mOj> zZ4k<^VTl+D@f$c0rU1k2SHrER}IP;5t&Dg!l@$uk*5Z}j{$1S^EDiM zZ(+RK1X@43q^28P{!?T2p&5>to=^3S%9E23ADN)tXKDZ6z+x@Dv^pk#xw!avo`as< zqp~&f71CtH(=QzQP4_i*%{$;*z6WP?GExexD6mjF&Ke}V+IxQ6w4zM-t2P!C6t9(baeIu@>D}Ld5dJ=<;pYi zw4m6^x1SYduRt1smprg9(Fs)DNuMXM{@0;AOBVp0J=r=8oCA(aMHhL&L% z#n(f--2ZIr6|T(wXVB03e;*I~js4F-QjPxKwiV0vyzdd7-c-k4bg|K0f6?Opyx8p#5=NM62!U-}}v<@vezKcI}cfBUHC zMpeYS+-aCpESDxK^-c6>qoJpmsrVE?ab{OLPK-L0F~QQp|J=P02v$-`%-+1Lw3uw$ zrg(o*+N>z2X)R09++jfnj+H70rg>7MgQk0qvw|J~482ene2cw^lx4VK7%-El7?{|$P*Q4|01AgPMNQ5z#HHu=@afLRse zLF|7d3S2FDO#a0H-9Qol#`x*Yx6`u^A1=Q6`Uu2X8Qms4%KMuV@9`3&zd!ys0s?^e zo4f_&^>p2kaWldrybn80tuDTtj@b?D5wp<#`oCMsIqgBlf0yzab0fNqDz;I! z{)fY1_WalHH|zf(=_mf)0PWJ5`S^b(rs(3uC-FU=^#ZNUH4hY97qRX6Ih!ivXIviq zz4%G|b`_@hFU%Z%MyaQ~9(6n=@Yv5q3+oqyyiMK-pe4W^34M@sTdk+~kl>iVB=|;Y zTEsH{_U@d%R#mOvvQ0BX z;K;Xp_n2IqawDK3V`OIi7Gq!00I$&Wu6nyE>$^Pl(&q5H*}f08{Zj9L^pDPxY8$SO z3aTcp_eri>jZ&aE?Rx*y!KYy`5vs@lW%obb{Qf`bjhp@d5b2@rf5iORfBXMjuYn%N z<RWA%!^De)~*&`A-*yYP`EMT=o?`U+19<}f|-C|DMPQ1Hw%U?Y7{DSTPhIN4|9t;yy&~;R z7r|}PRxW|t=$yITe)f!XNr!3q5aw5NkQ;1r{0*@kD^fB-8p%xE9Y`G2<>+0U`C1-0 z+S~)J0!{c>D`Hqg zg-8bhGlkJp`g>f2buEQS>|woqCjUA;dmS9ic zzE@GCG7se}(_o`n+DrAvLr>u*?U8np|EfLviBk#x?~n5Se}{uX!~YMF?o)m{l-MSb zQ+zSX=RXMT=s9`khY?;p2{jx>3V&UfkP14SuVP^Ss??( zz!j-_&ySSrj<2jGvU`8&L~(;{HJS#n*ld7}w&-i38f>dKDA0wAbkGZ%&e0X3@^k{D zRIEcDi(qAjAx5W&{0yRwN6=7+edT0jw{NU)x)W3E1KSF%rEW(s~X<_^ails=imP{@jnleK79f4 zcaF*rU@SBcH(X)Ir>7#U(d+l;SQd{}Xmaq(XuX{i5fYRG5iXL&iHm=8lE;laP6;%^ zkQdl)rf#w=ND3==vRPRpF%&2)QHAWW(FEhEtP^}cj+UIjLxMSLh0SD+8}00*wNxqauQRCXK+W-hojOYGQ@j_@;}IMSg~ zri^zKo&+`GQ9;?fl(eB>zT2=i>=V4lc)wnf-gvj(!&#HyS+lIWxudD3o0&2s-@j~$ zTqp)@NB4bak1z!A{37I;JUmO;x~V|VSa*TC4tChVaQ3*kL4NoAq}&{xo?N{Q|C>hv zg&(oWdg->M(WfZGk+FK#YHD&LlZSbqW03?HIEviRuuwWI9-UgpMJR}HiQo6|)Fw*WJ&U@z9xx+BrGQZ-~lUF6(8~u^I-JDWf5LzCfPbdX;tc?x$i~ z$B$N28noFC(PnOw672!*=xU7YZRTu7v87b%11N|GrFrFFYCnvh(S1))$L!%cARH7$O6Q6;^ zw(&KuLEb=R42(@95qvseV`Bn}^EpgQFIyj94Nm9)%JAv zFb{Q=UGNEW1S&vvyoKZ4%6pWM_^u6mH0?-!EK3I$W7k7l#d*tDFMlzvjK#gZ|3?3BGnCl9 zMIHX%dfidZ{$tYke?Lsx&;Q%Ed=@-t7$87HM6s2gk2dt8CA~4IPV6@Mszf(+Q`9ob zAl+L(Vu~HzrPT$n)f3nJ!(6)CheB?eE$y_(QSub!%~^8i;je) z=f6?L|No#r?l$)S2T3KOuf_(0i@w=?W8+hQ*M47s*)srw?CwqAL=pAs z?D0=&kO%B^g{SDX?EiuX7o7!5_Wwb5lzso*?+=^v-$Bx&-TyfThuZx`;G&ItKWdAn zyum4OZ4ZuMOgmdH0SM@@C|6K{*0Q6h*hs+jZYih&E8;aDmAs_Jl6f&Js`D<+Euqry za0ZVEJIWHg+s%;5U+qjL2Kf{LPa{7vU9HfOG`N{QmT%KSUK|8|K-3ZsPFEAA>ot3P zqR!mysi*;vm)WXdazkgKZ(Y%7M?`MI)4fsQn|=uVV!s_<#fw!vS3njm!3vlK)S^JE zJteRlc4rx|dJI1=Pc}{3CG9EyEgdWH;Y@?KVx6AR)5?Hl`k!&XpOybc<3|5;kn{-U zzwDfcqA%@VK(?xvQ6I7Nul6pX4^y@O$> z3m+Vr-7#TL9qU2`-x^oIPw6O%J%L%sRUb}?uOZF7AXwQWTw8)->p4< zroNA!FZ}6Tz`tJ#$X1Go@LeWf)z4U0=Aw{#ACv3?`k9Wq4szQ?uV0NSb5VVRhN|MV z*!`2B(GYy@sgCpi5?{!{Nv&&)JHK5oJ1gIJRhgj7{%h`kwpUI%xtp7u#N4WmkoT^#>^9EtY>-tGXv|}yG3-a|!n&*^? zb9P9Q(q-FzK_mK|zd#%1x;}bIu!Z=zs|1olMaYh(guPiDSvo+lZXt$$q2`K&&Ofs@ zJA0wVROl+uolyI66-EIympdB5aKtSBYzW4W1Djg6Qx0$In+AyvlW(Qf(>|yKzo%73 zg7m>kFD`FV0lxNcyc(#5(c{s<`_zu%?M^TSCwz&z1I1!=m_3YwQ}Fv1H2dtf_>F1L z{r~s18C(@U{1K^4{{!NFHvUt8+}QsfBt63YU(BhRC4j$is5*;}zr_uf?D*T7DO>}O z@PoY!752W67C5L|=^CHv>~TNt`Cg|!lmOaRXl2e}(opEuxckz0^C8kb=>Kz@L8<-U zD9ir`{cfZGKS+9n{9iYx?qBu4LF>=?cL?(1b(M4B1rzA8FcCGYYK5~6Z6zLai?SVC z%*0AGhf%m_rDvS1fHFr zlXq2B$QwHq(2)7Zlbm#KF1lC0zW34a5d&jZ=>v@SB3I$yI5U;G(7t2zATCGjf#~s2;HDPIYhBfg!_MPPSt++*IIvEu(rx);n zzja5w?E3GIMveW~LDJ)1|M#K!D>VJu!RqVt=L5C)e=1)3ES2y7S^rPH(V)@)A0$1( z^&iiv+LwOT`O~(mzV~IUc{T01{?WrS2D8>!eJ81G{ZEG3{l7Qvj+^y=i1Y~8e>|sZ zU;h^hWGVH_Pem7i!dOB0xLEo&h7V|OWEYC>lG3{~1z?#Dp%4?D{-7$4s%8JzKl_MN z$@(Ak2D$xz((5(r{}AaBuK#3C-MauFyg%Zjj}phvh|V-t`IlS|{D_uJH9VPDn&!q) z_4#&0n45Hm@0GkvwFp`)s&*mrHqoW>#fgscyX#6HqQie%(=|=m!&mI@?^v;d&HH2Q zGHFr9-;iF&Z$Fb08d$Kn^l19)i_6M%lIz>dj0WV1U6qr{Fj(Ywa0&n$y96nmj|NH z-f>*?Q&=xxRKaBDI4%N_z2dkCRBDamBJkQXj!O!&8soUA*zF(3W#9Y%LZe?LmFs`9 z@jrUqQM3OaBt63Y|DKF~FC^F^d*9TS&yj%5G{pXeQwvUFsC$UFjna^Bydn`5tDFE! z+uVjRo^a+Yf$h>h=kGG=$hHW?6bL9rE8mR-vhHRY6yor0;kMvJRo|lsloqZ(Gu>$z z^WGXHh$=TRn>tpstL)l23GaX%EbQU;3?)J_kY1%NGTjwcZ+{o+yN?itadT<3eFs8b z@o+t8)Ia~mX;1mj^KJTDiTkf||1Z6)|4)$rn)lxaNsmze<8!KZ`R_e|H5gnW0E!Pq z5+FxI3PG2qXS?d2SQa>ji(jHz715`pJw5;5*m!}5#0ss;n!7d6W2(Epzk(rLR8n+p z!ihywM`%-kwn4qM`96l-L|ty-o>U*NMc~9;lH%i52z3*}{^ZnrMEX^cI^ zRqdcw2r1}aJ@?Q1bnoQabX;UX_tr;Kws4q^J`S;~&iJplhTau;$^PFPPqO}B2HnR0 z%VE+Z-2bz4sxC>OuK2GD3vE$Wa7F{hVVSTyE!0pRC4#{}pxlCde_H(#XrSX^5|cXw zH(j7xW8p6&#wgl+8?p#+O{Yy$NQc4W*e;sX Sq$Yhq>Hh-|ED5#%x&Z*k!~}f+ literal 0 HcmV?d00001 diff --git a/released/assets/rancher-istio/rancher-istio-1.7.300.tgz b/released/assets/rancher-istio/rancher-istio-1.7.300.tgz new file mode 100644 index 0000000000000000000000000000000000000000..e45b7d003f9a285e17bf338755edd2e313db11a1 GIT binary patch literal 14077 zcmV_{CyX4w z{ik~=olfU;I3(=f(TM%q=?(b5qL6O?badJs^#}b9>2!y^(eO`Xct7Z*%PNe_08p`g z&vU40n~P9e52{V48{mk3#Q%OKB}k2bKz~~~0bNip3XQe7a1YW3&|@?h6pw#z*v0W5 z_WHv?cLd|#>x@RDKatKsS}!U8=HqYECG~9TSq=@)8Vy2P#4{K4jL3=c(J@`871H2_ z2Jo5?_-Te`ggs{uEZ?&om_43&Xi(3bxYTAZ;j56n>KeU)(P7U5y7WUQ@`LpmnK~{# zYqt#p|I@YEw&rFKg^h;D32eYk}$O3C`~_6Da4|33x(f7-B$(VtSq* znYemk`NLW^Bh&R~2K*bj)PN~rt|GtXc+h><)pLcG71-bK<=yFOVOTVXoT)?Y7=X5# z?SxC$T(>v_dV@1kTMyrdOVff%Y}&TMbr{iww(c_UZycM3t=Ua*Mm!qb`oTxXn;Gm& zsA1eVL9{Ym?2BX3_Dy#}BU9gxfV$KSX)DbkokB!cPRsHaOWy-|Dsa`-^MRkbj<>pN zm`msHl4IU<;pg)22?ISf`VHuc6*x=IZqLcY3>}M;ii9*;ElD&tBO=BtB)3j9hewn* zZbhy^F6op8B=X5Tik2bpUP+0zYeqDT+JNHJ4~Pw9aNN*nI2N`gYjbvNh|aSa5<<&i z8@l9&0$6x6YkZ_@ptTLts-@5!emLGVFvBQVS4IMFWQl0K}YVLnuCC&f&;2wG# zu)Y328V;9)I9BtpJFypvJ;JSQ{nszd!5@()xe*bkytA^8Xm+3AyAmK*-z1 z`&B@GVt@bqG$$dRNy!5BZv%4~req75IG!1-VMDN3n4TR%Wnz*!{JAD`>MjUlFVEqz z<*sZH2E_D;54;|PKHCTop9wY;PSA#bi;$Ksy(1QklD}|%XNrnJ-bC;|^aUW?xSWua zlb`;IN=bq>-;5yECnsm*$B^1guFU}NIW`^zFrpwmr`S?75B$|^?yn-&B~UQtjmDEF zPsl4}gVbo8oJexL^*!9eARq!z{Rkg^2>bni%Ov&0`5!)xA!vURds0IP}1}cf+O<@Jf zf$Nef2>C21(86F~JhBR7OrE29L4HYX@V=R%+Vl$!*JQl}H2_Els47MTgVXRr9X>q~ zC5bfT1*U|Jhvb)K+&d%r^J+;g!oGN;!(D@%10E*1;`+B7cwAE- zd^`RLuOG@Iqr#9ha8n1o^*gv0-n?OS0YIppRB#7`UF$OrA4 zo^jWv9v6uCYuJ8feAb(jwElPb`ux?~*N4>ou$1Y4qi)9j3;O?{TkC(vC>i}vvMbns zHyY>hI}0`i5pZs%z;P1;EYpwXjOsPODAqJUKA5Nk#_Auc1Zk#tsT?{GR2T>|L#8#a zR-x&MgKe-68EfS_N73gBhv&U1Q{GT7aYDg0skKgwE7vqr_Ffr9&pXhkc?_J5eol{Tk8*d6bY?5$gffSmq+*H#r z(*Ff&`8z+NXD27*x>&~$dOxTQVYpgwJ%e>Q(P5F+atItDt^|2MFr%ERqr|GP98FFg z*erw~IYHT*qM!hYVo{3w5QFQU)x~Sb2$h$z4<`N)eT{4vs_S88JkSqEP*9*qeTtWr zMx_$;u66u>2OXb$VM=~ldhrF1(oG7yltx7i(rR((*-E?KxcWeKjqm=ac12bB(Q^14HfbGZsv^VP4Pp)Vbp_T;dokibB9}v_oxke3} zcAsxdVcSZrk9_~j^d517PyQDG8yR;@S!Cbf*3$$HZT&mtTA9?F0V%IC%A;ejjGkTWuTa(R* zPg~+&R!=lEGJ5cH>8@su_hvH`j;w^mKS@A!j2>T~t*+5+G$ydyO`(bd(r8$oqwPQ` zaa!6s z$Mqu}pyDpEPcof(^47US^N#O2XuVTXNIg8CL=y^U0ROwF?w1H>XdFzkfOyjp*>@ zpl9`a6ANaGefrY2U%r?&X4Ip|abQ6-doX!g-EOPfx$bn%I^DBj*LeA|*L^YSbh`hy z`B|UU-bX3g|BHP=i(7quCR3d5Br(*-yaS7_4+?X`ShuUXN~d*O4$zL(Ne}8 z{iEZ-8sj>}TXP8-Mg#z~?A)Czo; z9>5q}vi`fHZpQxG>vj6I|JPAUtJO+L`CwvN25#kHH!9riKfVaji$38F+)#T7lOx3+ zTysKQvCl3BW6ogPKg09z$Zz2+1En1;2+ggTNSY%ds7A1I`Od#Zpi|!m{%RR-{9D53 zA-?%1Obxv8-mUcd70^&~taKQ(7GYCb2;TQjoe_=gK5X#QM8Ce0Rn?{6sH~t#7h$%YGgl#x}AZ#_j)&ocRSXdU52k9%C$#X>0^-Ws^z&jmR z`TFGRqJDBi2sYz zn1e`wvh%<0u$Sfk!%nUL9i<$I_iJ@S$&R0hGr<{KfQ`&z$@`ap&f{d8 zbOA4D#H%I;C%NBkXd4LiJD0L8d8R`7uK+5-qKW~*e2(aJ<%$QTxUM2Uv`qB&&f~~< zgzv!$S^BoD$ZkKm(bYuMDhx2a1b+TtPss`2YTE%uJd54>Z` zezAK@AkpmxZn6GTJ@uW?2&Dv<1)aCH#%u;7ge)A4|s@<|d+O-nUdxQkhu za@-AIEPOe}LaSPH3MzMoVt7V!I14q-v{fQ=#_2B$Y}3z_pAy^4*FU^Izj{4>cmDRZ z@|y5_L=02olE*?a(9I_eR6==kb^Yc&gK_oY{Gtd@`DDq${qFtc#q05#cURZvKm1UH zp6I*kJ4pT&--l{4$B8C9L6b@be-XX{4JU07%k6O9eBNwX%wQsm8O)evrM(J+w(EoL zgRxWEJT_C<4ptsaztk68lD=iaQAcxe*21f$dbPlBKA6$`jIc&HYeu^}G<>OmkYN$8K{)<;+f{on~1T5zUeZ7-y;WH=bZ@L!DCEY=uB_NLtW; zp^wtNdo{8%_a8%M1FyE-&2;SDIiNN%_~Xs14!AJ{$tkISh`Nuf_G=Z`)@9H4T1{nmzyTckBJ%af;Ue^D3qIq?mlsQNMgsoqa!a&+CGv zX#J02KaIzLMzq{J6hPVfALj0V!2bvJ`aeeb^r?M9Uh~jTNq`~|;0!PJhiDN%GvfLd z<_RSyZE>rDIX>uCcZ=y}SS4jv;E)v?yczsQO4&N{YrrzQg7*4v z{Mj;ayl6_Ae-7KtodAHsOXDBSd@t0$A9|>@rGo#TP($zU{?}lbz5hAr3~Kp*l#<)h zealC?`lhhl4KQ4>+y3l+saC-#Rw}krDR8!4(kWt+->McjBDVt@I{G*l?*U4Q{x5H) z?-diM?EGiY$)5l82g5r5+fhnJc&0+XW^aIM9rxPVU4sbbsNoCDD9}PL#8A$w9gIGz znJK|Yu4@dnfg5spm=mT#j4W_p{rYZ+PLj#dQ;U51NY@Gk5uKsM18hDg{u1w(0}%4c zr{Oz4dVL3V|4@-nhcYp}bsQJtSAX&YqMYh~gCstB!ZVRu^V!>Wf&&A`!%&L^A2`j(Ph$*xVU9npCN%IUEcEfxx5x2m*BC>| zjImSl1jV!>p4pGmWo+!8(YrJ9wQKI;wdMc7=ZYjZHS|z#)dZJCylISb>Gz^V?>F3V)wR!;uexcluTin!%XQi zQqEj1f8J%WsY~mP_gus&27oM%)6W%GSav0`b%MrLC9aBQ#XNf5{1~N3{-Zy?cc25H z((|8g?);~FTFd{Vl!rb4VY4iA03`Vkd$;`-pgsYrPk`zhpp}b0{&U8OWzRNB`2T6A zpFRKSj`}tKKT1(~fA+>Buzb^9&P~bqS;~+1LSc)QL(>M*UBpVG2=12&tBNI#TBmxm zDfQHCC-V>25I`>A(oE1{;9!JuEq~9HMihGlPtG1JV z7q{c;I@29)>Q3@D8)p|w;bIi^vePV%#ar|-tC0ID4w_r|8LN@~E)^rU=+n58annr$ zn6DZye4)mACRCuab_$S{RE} z`9Ar=&{pPf#dev&oTXR^(Q%$+iEn03Yy?=W=3;(_?-LfJV?O%UvyKa?&{4xPWr0O!bT}g-E>PIl=$xlXio_zzu}HR(HE(q6$oBu z7@MYh%4cFe_(2f|FXzs{4>8dAnSO@p1wvMo?6*8b8-?@}?{f_cIMTu5Jhsi*Ek?@a4*jH1u~ChynKJN95tBT%XRzn`=JpVsjok5l%y z|6~m{Wu}cdyGOh+a3`(wen2t#uR@%hsZB#GHm{}(8#%Krf5^ zs|alRTb2`kSmW~cfU|KvrB7ueK%UKW3!3O94*MG+T&r&w%(>d(k zMrYgnf4$ytG^+Fe9ivnqf0mSeCrzNt|F1h7$nihzoOaRwci8LI^8Xkm6NdrVx#{{d z>HLo8^{XiMmenVQX<32&4RiL<0+>6tP1QsGe3fP3-#9i6TeF)$b(FHra6a+Pzzz+? zdy4xgs_KajrbuO!gQ+-QDfzU~yCH!hdWm34MV;oGfZuv(ZOo;U$Jh_gi0gQ(yL8%( z9{gM?ceF$f9m=C1u!lT(mxC#}(V@x{j%{dGM8|8EmQjc$W{W2N1b>diqH2hqi=cXDzd>>?O!QJ| z!|+0v#Y;TUa;&zqnDGZ=7y*BbHRrJOjionhe5C7JA7&gnt8;HRbXrF|RKEy(=}iOp zFj!d;-t=FXP7*Q%6e{=)>xBfbb;#0r4WuxzFtG*Rye=gu^0 zGHI{L^2Nxrv#gee%)sZ;6TGmiSW=ISWc|=VrunL0|f-h>{;Kf8Z%@Clvm( zOc0*{B*2hg1i!{>sVHX%*ElTG`xeM)0A#T882qOWs3rc&wE>Dp0bxMn z)^xaDguuA|#2bfq&@7L!jk=A;`}ZEYcZJ=T3DSAaACiaV@CtQP#bX z%n?f;UfO7>XE-ScM?L_tefIo0G0BHZjvh9AOI;AA)Zlqm#{uFbl9V#yi>1kel{r(# zVxf?5hyWUN85A;XpPl9s(*ornWJG5j1Tc+TIsu@5H1^}66)9i=xXAY%a##yz0q_(0 zTmYJL$C?up=*;dvu-vm)Ax;>Dqy5g01UA0suHi2~q*4ilp@eR(*++jtid+b#k&ias zFa{7JHS}0fzMD<*B=*+;a`MZ_vEmymqm72lLyHsA!Q+@e#1A$*#qT6VEs`~znpVtk zhP;b`Uqe1ad1DM!(Ahy6MrvQsz1&&u%4WAazW(}WVJc1@ zov>%+nSa?y*mwyHYAlX~N%P!AOLH^*RzxZX*grRN>4I~~hlSk}`#6rTv52`NR?1j@ z#3;lMvZebwugM9KY^cRkOlS{O99ym#@{3DnGKf15(9a_aCpJelg17s` zqCqrf4paCG`g;S5YYaOn@vs5gEXNy1{zvMuOL@-B17eQZMIc;&T*WwRNP}t*kA)hH zzAQ^~c9`UIUi&4#5hq!jWR(~G0=E4a$bd67#(PY7G!ywqWVY+jP;!R@7i6q;9kW_- z75)tqSTfJFOvx;+6tE99n8QT{f1HxN|APrilB+(i;*r)|Nc{9kGH}72 z#7r@y_Lz#(mU!oBqJreEB{Js-EpT3|$x=dkA}8bk0m$>ngsCcS4$733?|Gw|D~mrU zcx=K%e)@w3qmh6v)eHs<{4L9&iv<6%h6IxnZy}QBioHkdgKis zYKJa|uo@a!7Zr88DYl_oc~wbulI1Ti@Lk+)MJT!PF7xM8;N_J{#q$~8eSlY2LfurL zff$|9Z2`8DRcn-Bn|hFsSlyCdW6ho1#?mZP?>(l};Z9`9nurM_gW~Ex%c=9KTfWfi z)rq+aOG|=H#}8lw)b^K=YTjT}84+1Tjl!uS{*k)|F2?}1#nlS7y>~F)O#-dA=hSqg`R^LH56y7I^n9vs zRPLONc*_LsK1;{{1{Q1Kq174r%k}k#s~q&KjLLqI{~%39-2K9)-*jJ5*IWbN@;%t2 zlc7>!Nr8ph@vDB~4&ypEv>t*79fDMtf4LgZFRtJG{k1keKQq032P#T>Y^Dx%Z4oUi z_nb$Im-=LKfhMl2kE)+xCOKoHj*rA#HRMscVtUG$_0V7ASCz%6(eD!`E+Dis)iu;_ zZ6`(29AA%zRyZ_wZ;_^^w5}nju{(UOb!={d*JU$z!$4{vF$A_Z*oqHo0aPXN}^VGH%qlliiPS6 zX!G*X=0VuJ-W<>hGcJ|PK9^g5lC7s+(}HSC-+or~f*mhCQ>IG#WJ;xWN&Bh2 zB>XIY!tE>!lQk#uWVJhcg zjVidRP_(wPEig(QE+!w~<8*MlGNjUg%Fr?lqxg7em-C-(qr#Q>|MYv=`0t}Zr}qCj zN;zQsw{6w3J7goF{U8Y1{x zDjm8eQ$0ppYluLv%u~KaSTwe52k?N|WBLKcX~W|d4eWC7sw>*a*AwfRNEBGKdBwS!1sRjC%kLok6pW@%m_8?TT#$E z9{Vi`-IjjGR!i!ME~K2|*zr^Ir1^6idzONlicuB$E_WIx70ZQ*Mtu__+Gyx0W-49< zP=eVV94AJd%9vnn5r6Jp2m~uBrDktlR$5H9ZByL8C~a2M)3lbQXl}Eh1IKEW1Jhio z(LvK)$Js!ZOd}3RiWi_o`L33a(L1zrNXI+J=zq6#(n70LD;BJqwZRho zuQTdq^uK<$JE-$N9;H+l`aUU;n`upRLHV^>R-{dYJ|4!EpnKvVB<9XOwYIX7DbjD6# z+ss4z>;G&h`?Loc|6SJqyZ6_xuZ-v}s@O)^`X3Ai+5KOyTd)74lz;I12I!a0+{gcC z;)*VAd=lT|ub!i~x#ogm<2v>|zhYB`{DjMc-xoiR@2M2}n z`@==`JSt;Dj$K31yM?)4=9n(N%Gc#S!kCP{vDp%>xkI8xfGf5<>poP+LlZ|%`i_=k zlf-z% zu6NbjO?lttsh4(#-_7@ZpzW7>{-eKimVCD1=&0b+r1c)jb*nZC6qjAke_D7o3?@Pq z9iZ&|r<0fer=2?f&r!-lo&SjWv%mQNT#tbs$KlTxbL8_G9Q0Hs{s9kis)3PpO4m9XYeSP5vTvY4CT1EOEe=&{E-T)0Z*IdVvILbHg0}1x zY2x?IDn>| z$B0_Eoo=uoZs*?m%JP>oK3k>5yhGV3{!hFSsTK;fvvvH>(de{}|9+IR$N8_g7gjC^ z%J_f3o6-OKox!M%|8$g6cK$2EygYt=xi(VlRCZba@;YEu6|ijm!>Z4o|MYrw{->jq zef7UW{;|nFbccJV59LZy>;~d^Xf%#-jDwP8G_{8w;F7Y-`WF@%D${~s0+3C-pv?Z) z?d1Hw2ZQ?j_bBCwU;wj-JawrD|MUHit0ie}ItXr(rg8|}#Nf=$=Cfy{Lt4zrhcLgI zg5F@0vu}v)SdsD~q>+57I|GTcy0qWMFJH+GN0UdORiKF&Yeno!shOCZMC(r@|0+W8 z==j6y{f`WSsVca<6?nM5i+*vez8XI#U(q{QS|QRwz)WHEl>Qc1VO>jM5=U5XUdq2N zE?3`L({luk&|M!OZ_`iehY0dwSQSMWJJC@oekyBzZ%IiM}t$jk?`eB3zPr?j`83RHG zrt>yueyOXwZ-0_vQKz8phoG5OvsbWqolbgT(k)J`-@d!E!v8SA@ z?DUOQPIqFAePE){S}2DryeF*1X5o0oNMGUA5|R2LM>HhqjCvSegW4SLg~;)NGKz2) zUCVTzlWE{DVp9K7apbSj+!oluw_4 zP2V_+GqxabQR2OdZx%=vm;+~=+cvOTfubQ zl~iFtf7P3M@`y|oi!2=M%CpF*pNS0HYG#hXIEoi6YydIi7LZ}C$!{w_W$Ix5kL8jf zZ#4cvIc!!x!WOV2q0BhNGCGmJt|m0_Xe1;p501(=U@SEdcU)oHr>7#V(W`e?SQocd z=yLGPXuO#ckrI>x5h0Srj*CBYlFN-ePYE=_kQdl)rfwn@B!!hT*{rUSI0_Wjs6zJG zX@c=o)(PC~R~^~-QxFPXG$qYHgKGDch}B+o(2K@jAuP_=8*!V{Oedh?wU}C2MqpMo zp>Be63(-z>HhqEgU(7ojHKXQ#fRZ zP5A*6HmVi456k-Lk+Fz8A8AtfYu{tB@Y#UD^LKE|t)8IF$9%EI)_8MRxJ zb$Ux9vvcW&P)2vFHi%ggwzPPZ?8KC@%74o&Kb~$=rbYk9kh3|Paf1%M5oiwO-khbHdo{_nNy9ChPAj(dmHkoMyam6uTQUxoM_B zE<2eavyi2(t$mfc5Qz_xCjU@_>?zN`QTW2Y{@3gBEwU2$~GS8cRXa zq;hp?H3LzpRC2$HnG1?$i5=V05xxf$TRJq#l<|(jouEcNDyW;+k~UP#cN^A*eU9fC z?^X-a9qrb8*lQBpYnF94w>8ytGgF7;`?z7{WW1iWmYUqi+WaFcKDMu{694Je@_Q>{QsjAMYKHKNk%;*dA7Fs z7I4<(Bnf%~@X*gzx}dz_-#&f^l;RL{2fMm^oQt}O6nw%0feKJ9Z{~P+@*E{3zH5Vw z208ALj?wEF9j0pWd$FyFX@TstLqouMnhF~_13h3hF)V-4PK?s+R6A`a454rBK5&C4 z>~GB93fQ&={TIE#>C3^3XXQ8w#8Cf5w#BtUfm=%kOf%HM+Q~zLwJN81#?GE0NGfmj zrth*?!iOvmWm7v++hL%juHFHKW|3C)`P}gq0i#$XBaG23^k&Ryr=(8aK67cTffG5) z(#gfx@z7Rz-twQ9-xycM;@<9mWBj)XYV6+Z5b@u-ong-Z6bHIXv!Oi#JA|tVi&uqr%e9v^ z??+8~)P8Jr*{$q({~umNcP)AYOJ%Yu+7g!T|Av|P|NY)@RQvxQrIe_?8XpX<`ex*|Y-X+^ZfXw; zlI)sA$!-Sbt$b?EKpCE;^INt!{h*?0+o&ohDYBu1u%y@T6g&}4rCwQ&mXs*~fO;63 zGrCL91c=AhvB0+|yJ1Ig+DOnVn7~jEwpBiCr*`RW4EGwqjx&Ii&d-4(`?J7YJQxWk zYdpBZR2!Mzvllz`oqczyzVj)K!-)Sgb(OJB#MfS z1bkSLf+nycUh_eDmwd5cQOt_Ic^khiq0(=#2agEb$`U-=&5+7p?o1{I`2qotBR?`- ztVReTpHZ)uv;Pcg`_ECzBh>%0bLvn!pwRfs|ezi zh_h&pd*U(EPbw&X7ps6dAG*G2Q=3?>8HUxEH*1a6XWxS8<)FqK)R?_W@YqKD{pcM4 z9i~E!SKj{UTr-lA)VBhaK_M#HaoC~3g?YDIqwwKg4cjKgOPxEl&A;8PdAv-D)(D%- zskyA6RTN{h04##_*pd*(2yvW(Q5CDVFbs#n2S;XiOxRV&L!p9qjVs{tpla5h@}IN% z5+{H%`QOdQ{~gu-f5$10Q2w*e4=nV#zxx|6qJd|+ir6m^-sd0Qs7C?zDqz-t-HkWg zvmPj?oCJ&|*u&Xwn6GA$!QfK9)c5(jmB;tg_tEp2Kb{Ks_e%lUN)Zvh%e+_ZGuB6Q zR!F@M$?F38nU1>(a^j-ft45Wn_+js|G)qKHc=7a2l)W46deKq7URhZ zuM&!luVn(8bfR^l-Ipj63_1rv_!fbMBiePVp&+DgI7;?C z=vxu7AGCYw-g}R}mF(g7?@XzH-jn}_cq?%>@%>24`FSbf|D9n!%m4esZk_+(DCH6I zf6bgaIOo4&ZIExFk&O~S;pn1C>}rvK`V1A~J=Z_=Zv6GW_Mc&=o3;O(b_ezPKSp_k z>z~c31KWRIBg}YRKgp-h2TQ%WyvYRk%D?pvKrPH3j{)Atb_{QK zf+;xRP1GGI7Nf)bVHBK#-?pIHXD8w}mObVFZ!0tSSa|VAlrsAdsQcOcPrYI7|9h13 z2<5++QwP=n{>Gu|JU;#wH&`O^w{=sv0UqH8dpRoXeIPAxP(|qquj=e^KJNKm>u@Lm zw5`y}?8Bs^(4DdV(s=VR%01ZsbHbq1|8JP(|NZW$w*MccJVO4jn^X61`rlyn=lnYa z{qd&CzVMnU^jMjQFRNOGvkh&f9&?Yf9b4o+W!tv-!zLfX!Zt;9;l)_gW?`dm4|8&I z&?6HQs90o(KUdyWG2CCV2&iS<=WcfgAwlB7_ZiY*Vcs2p1n4yQ7(0Le`plm4f96++ z08}RbPeJBq?7!X9PA&hBQ68cEpZN#g`hD-~c75ObSy?~x$BsAkD~R}u4?hy-uvW$R zB;4G_)^a7?+YWI1aOvAD)^+ju?}jUZmseNhZB-NU#!dw^WbyGNC*7Ni?$xjFeRO=p z#F$n30OLK&eQkPZu_1}X(>h*t&^0?RkeOUeqUB7nl z`uhC&z(L|a6)$~O%H@AH{!@3@t?mCuDUWdd$8+l7OFtX@Y1>ub{W8|PTJ~K37-1Qc zS!=w$lTx<+PX}4~-yNRz>h*t&@(9;|Jf{x6{;w6tQtOwGiVgsUvx10mvG8q7AJE*$ zE|l0MrDtafz%m;`AtpNeK~)}g5c#ja_7Rto_22LIbMk+5I;_|KG0G!c|H+)XcLhL1 zf5b~4C4rw2opEgPFF79g5j~j>aAjU;nmb1wF191W++;g^r@YI27D0H?0=T)V6Ma+^S|^?NBR6O-P-Mx}8BS|Bq50q5Qumr{8M{w#eT% zCGt5EAWTE-UpTg4Cx*6%SZtK0eB&Py@nMx6U}>A%FvfGvoF%Yb+UNXTW*ylUftUgT z#cbufkwAXCnFfV8d|N0MoT%!36oJyr^(Uq~4rAVX01cwbNzA5>6-kv{J15~Cv4e#@ z{GOpiC??XYBqGyYVc+c^LVfoU!ZdC!jkfPV$Ui(@4{Gzzzj4`9|MPsC{#p|Lt33Wo zHyi&G^uPN4_fg6t)c^RLI=KG#4!{}=u22BQgCY%(qal@`x#`)iDig~R$8hyad{#yE zDQQp7|2H;X5FxQb>+;Lpn&&yyUEg2A5Y8$Yx;Ej&vZ*7qF+kg3-r9T~!%m{+TZAXo z=W7u-@sOl=`o)~IM3DNu&*nmTn5dK1B`1w>q`0ab)G8qb{X5M0^FG}>zcC#bSTW3cN)AcSon$_%FTFI{wRX$|IEj**SG6P2f=ZUuPEjqAX#L z28_cpK|0OUR30UY!9StijC_Al{Sc_H<6#n$HG&(@Fs!kNml0zWZ9Wa!C@y0xb+Jx& vMQFE#sZ4Mmj9!|N+lNjuc3abF(-hKS@HoUpUFuSoFR1)~8FImj0LB3TP*X0f literal 0 HcmV?d00001 diff --git a/released/assets/rancher-istio/rancher-istio-1.7.301.tgz b/released/assets/rancher-istio/rancher-istio-1.7.301.tgz new file mode 100644 index 0000000000000000000000000000000000000000..4c7881e73790632ec5a2e7fec5c0b42cfebfd939 GIT binary patch literal 17401 zcmY(KRaD(v+qH40xD;q{cX#*V?(XjH?(Xic#oeV?ad#;04jVT6<9+_4KL^PeIY=^+ zm3z%K=XDdtz+r;@Zv#<-(Hco9Gnq)qamadcvm3LjGnuNeTWPCsb10~*bI57fS{vD$ zdZ{Wo@JpH5+JRm6`gv?}+%t87^!*X|oL|`PFq9b6uf%4rTpCvI+ScvRLALEa?-yrk z#Li?z<#5)cXaj~!VCFC(gMs^VIbb&E3~+XO@=O@l z1PUSjmrSjjSI=4v6`ywPo1+1|+dFRtJd`IV6%~1lDGxga8+j=Y&5Qko&kRYGznF0{ zfn~jJI-`I6h~XoMu{2Tf?)yR#BcQ*Xu01uPf_H?rInr6CgzD}QotBt(ZD9~3QowRR zt~_RfN*v| z1QqPqaBh~qcHy4c%G(uh9#zE1`(Q8f11=T=?|HuVaF6O&fcuuq%g9}jPpp`TUzd>R zbX0|O7*`~hh;cA9%i-ueBpL=8Md6?iiQ_zSY#_1lyjW!9i%wl>Lme36UhxqTTQSlb z5fgmJ1*$?@TIw@d%wGLjel~G#$X;DwJT>RQtL^31@JA3!!AoAbxK>4!6qj)(BDN2S z`Ce+0P5Omv_o45#*?ona*QemHFp}>oL}57SrHgVK0(9fneFX{Hl`Lj81kVTMLCs0V zg_GWL8L>-Bwi7|Yk0<}|yroD24;~HtDTPV|qrw9@YS07k`4a6=nH4&XAOWI0@36Qg z9V%+L2vsE_I57Nl5OTq54%HxLjO+vpCy}T;P@ou|XctJHUUQPAV4`lt6-&hsUgt9- z%SK~gH2x-{wVGY7xa!1aP>SSB4@NvPEQCO_{Y}I)dYs5*GKX0$=h#5)FPrPJ`;X9K zqMs?ZGtN|a>rmN13yz4oZOBJ4Ze~JQdRD|8o2_-$tk@TRCv9WP!Bf=!5b>`Z6g?Al46>- zZ_>;iG0{&+G&8GDnHMzfr0Tw7Avv=tXjdpGCg{OqGk)GK8Rz-hX6Aah86NMy40~M& zZDG{x7ubepR#Q(0jvN;)qbNozSzO=`De+I0(<6w9BJMQQ z9Pr$cu#77A^+qnv5KVWJ3EbCGt4;FaP4Zq4crUgGBU@mg^tK>Q1_9x%)Vqt2h^))zFFdJqvRhZoFW z({0!8r}*}gd=Kakv?_HEsvCp~hQsv`Z+TKLlmIytPWiSH=_mMxe-16H38V7I}PFZNpgmf1DDL#dL6P zkR6nZ5CD_@V5!VE;^@h&1kGs#oNUa6!IYl|et*kZCL#UzS;^U;?N8~RuH2cY9)k-% z3djCAsS_6mCNw|{oY%Yz1HPR6JYP_4{roLRZj>?)*47TQv>q_aV=?*^;J?9L3-T*9 zZ_Z-nX(E2stqM_+_^i7ex(3QzqiLBm`Lb@ZlP#fS3}3fc7jGYYn@}s3wk# z6(X}iDxuk}{uHo|cRQho%Aykjhaa5z-8i}?!McyIBt^PMl`;9%G*9B?)lUvcki1G@ zHY*_MlNQfUmmPlIT2OE4k2C+W9%7}j`01=U%_xHkqUcuFna~pYSeIfhw4oKL*U)Q&`*Y^UiqI)5)92&oM=e`JJVZJvF8{d| ze|}?TnY0p$?ES!3nW?2G3`wY;(4pwm`cYABhZKZqy+M`OThRcS>e^7%()WxY{gH`r zrZQsKq8M}Ro3PzFGlI7CiOzl#=JVoL! z6R`P$D*~jW2B1TYB|rocrm!DGK)DRk?#gLjJtC&Efi5TE+^<0OV+yGKpdXqY*68rCYu=RBCb zAsMrlszwdI^y@`({HIl?#xel5Ao52RNTU(-68#KncE4%-d`S{$02=&l3VsWCTFy6^ zLth#M1T=mU)`D!xXg&*GP=RsZ+7lt!Kl*)kF0h{ZuipkiK8zE`K+y?876A|nPp$Gb zADV4ZIk9SoTd1N5#Ng6V%1Y?My9A+lYD{Su&bcH(-1ldr->whfe>_R>{FW^9Iey*y z!3hbeUSK%(npE@dkwWl)P2{O5z1^B#|K|6x#z;?ctGOsBjrtd` zG7GhtQ*+b6VBY|9!?2^TwGLPHPK>aaYoqYf65?p)YCGozVeIN@)C{W-Frgg!{_?_^ zp%KD)V}HZY2kJxMU-Wpt4!rUy?ZLu7MIl#4eD!hV8FdE#*s?^HUOPw`i;-AVfnb%+ zj7u}M8_jKnINvV}E2%8IF~7r(5zSC=W^W-ss$+>yo!`oBJvZ*umov+=p`-9C#hb77 zqKabla;~RKi0CqPD+=yTbptQW-6|iT$s`w#D^`o!z7LLCRE>_e?=sa=Lz|KL#`NC# zoRM!>FPf*lQ5zN*bfEfNaMCt)L(}$K%7zhwwTSUc@$qJY>r`vdWq_PI5RnVzKMV46 z8P@{jzdaZ9md+dn@Nfzw!3+#YUH^#uKsf6wqnlMBl7_YFOJ>^*N|iekRE$GT&Ov}3 z?Ebw6M9JvpMen{D?l(anLCWu2@A&n3LOJQq5a@OyNICjWxb5EH;+_b4mzrALUfBs+ zN8cO~Moqh;)hqZ6tq`W(@KO+#$@ttV^-r#{2IB8z=u&UdP>AJy?%FV(g0@qJfeF2( zLjVmN6Frxz=0D)Set0wigSnUdYGl%wVBM(Z{y`w-PuC#3e|u(D30E5O{+jFIZ&gQ6 zI=lB(I)^*GV{xer*dfcJ1h$5^f(`4JIVQMDk@Si1z=zS{yyb%WOAgMH9Pj2O1Oi}x zL_9o-JUF<%_KI<@2DrJbyq@CDlGV*rZK;QcKu|K_hjf(7J}RBG0ITczk`=*n_J#Zp zk1s{gB0>*aEC5W0K60#&4~9e$W{!j?L19FJC?w}73)_E*ie-^ZE6|bge0Y}T_=Qqw zcuhPnOB%Kh%deA0o^2NOmGy}aShXvcs3e8be)741P9DapJu6ZfjVFl^8Z)TEvR%!= z7I-dDD`N3vHl(V#MpKsUG!)QDN5ouHDk5g+uX_Z8!^yq0#JbFxt0UcaM=HRS)VWh^=CYK0sH^aZ6<*-pxkaj zJg)(EYiAXENa}Hq6*?fV&j1&+FF%r&&b{}Xan97jSF-I$}j*rWLSAY2JNl#1S_TW(1yRx89D z^2bjMm~#<)=iCy~(xJqXRaD_q(MoL1W|qemm!oIXa4RH!0|dG7dl$%v3Z0Y|oq z-y^cW5U>(lqec1TixbPo-TjBs=P+NPqToyJJcAu0!CaPGGa>Jp3y`SI`z~ka(W-|y zHiPgEl)@_$*=CGS$y=2FIp%gpeOsd%^m?F6Zzf|~Y`LF5nz5-Lt~<9~4?M4pv6ns# ziW-sR!W&Z-t9tdP!E5Qpj0QU~u@553Ofi6`UkgBE{_V#`|h~RmO*RmDKLcGkdUMgl_TrNFw z)L|WM^}-WZOtR6y!O-6~*Y8sI2@s(lGoa1>z(N*|FDwcyww*Zmm67&DuT+QByKBzP z6-_3TZ^QonzyUG4Jhtm0{(v!SPIX6NiJ&Q8O4L}delE@gHNyY38k={tZ+PD4BTkK3 z(q2`OexO8&$QFhVmn1#t6`~j^C0WSaw=9OwsirsOiaY1{7_^JbczaU^*1fx$3s9LOJq6i`mBjcbmuP% zk0Gcy{3RXeXgn?@p)a3ob6z1h6FfPzQ#OC!>ZOwK2l87ONfw?gXV}llo$8oft`0RX z3eBj(v}U%fr0;y}Zpp_|nwiqSItl|S6SLw=K=e|qgJj3Qa6;d*>B)Abb&9pu;*s5>=bAv{;VA$R=4oMlf* z1v^)mQYD25i7Bf*Qdk|x2Bj_WoXh!$#=z*!U-Dh$ zz_fks;y<}^1CSt#^a9kqj1p|k9VYDED!P|u+ps)7<&VlUg1oE39R)M)L(*JTf;LJ>G#dJl#{YIdo&`Q@lNVn=LMV6LDa_8 zzdoD~RhLe9S!(Mp@;UuBTH#(>92U`sXAQzUS9xbIciNuPH2s^>t}J8o`Ya8z88}87 ztAC}7HX1MH%&Yd41sQD^scz*iUA4Sg_IE*SEw;?r&ZAc80>$cTT3DKuX?^bMT5@Sr zD^vXT>T2xt|NioLfu(q6(rSH%M__#$sMzWCo^B}u7mJNwiiw;c)jYN$>3;h6Odj%m z{$p`cPT-v6jk1M?aK7o>f_-aY2(R8LLyc*iTRnJ^OQCHfgO!pU;ykI>+Mn`)61$Tr`;w$RtdGH;rjU3k^K$!Zr~=l0K%oU z)LAk2^d#YGmA|9C65levyhdver)4!NSCK4ylAu9Sr*S~mAwYaT0Jg6Il*t$|5b#_)ls+xnnr>*bAPa>xMzTs(zp~Y0|_FkDBG-np~ zIM^cB?vCI$WNh|s;>RI2Vq5ZWE}Rn&Ay zviC!0fM4O&+j^bu?V8;}N69mht$yp_L+H-rerD$O)~N!IIeR)C?lq1K>5>73b6W#` zSwS;DF&WtMO;clUPImA?l%+kuah}0Fd!gRW}x+!&U3{cwD$xv!Pl%~J4z5*zYs{R{jK||ZS%)CrO94#!Yh=A z!YrVnEAQ|3>u(C)6}`>Roe2ttOJ48|`cJ-Gf}`8}Z&iYP{14ure|)${N;HNaSUtV& zCmq^nBYw=fjG;mdi#R_^v~ORrZRVN3f7JVJ+&lyF;(b;w@>(|YuGa%N`-I|KO@TK9 z_cbb400*3_{)*n6ec+e;{Q!8dq^Lk63ckCL8dk4hJ zKN7I3u<`j(;i;(N(PG4KRWi+liGo;%Zo8f|rZws%vWPNOn3tcMkNLZoYD|%> z7t!*v+vL|ccxB2*pm9I<2>3VtiJsIdwJ;GlCq-VKNsS6`-$&Z@ncSBPBS&|3t^$7` z&R^l;}h^Tx`1Lnm~r+vY7@aAN73G0jL= zfR|%skKfbV%-B*zrC=7-X-jA-N1Q3v%#d5VGf+vc4l0?Bp3ZrhKY;O zLMa;2qH%%9d_}rj&KY=Tik~B*=%~z`3`XBXf=M=KxQWZEZ$bvh_OdLTkIiGa5AGVP zZa8Ta`bP|Os@BJ5<3pnoE>?AG(Cb-?&W!x}m+>%|qavbdtIMB2KMp1Y%o(gv>KUli zAQQqNM3ibt&-g}l!EB=7WrK2L87jI~Nfv*9GQpi@elwkbH{6XI`t5@906XbxhBQAP zpKab?vKyO`wI6B3pm`aU8N@nDhWLF;jA@jN3BR~}Bo(xqeRcuMHj@(J{q1AXw#*pY z6etVWr^}+OlC@izZ>$$$)i07oud&jafQMQvU&q0E@h`|({jp%It@o)T&}!4BL<&;) z%RBl4;;Gmc{TS~h+Z60fz_T8~|4a2P_@3Z|3Ja_gkpP+6<25u^Of>9|&^fXp?yTMk z957Wk85?su;t||v!afbep9SHaX;{=d?_fy>26TMz^X4{!`x(#8B^jA?CswGqy$pUK zfOhZr+A1{ZMEEF*XJ_9UQ3;YK3hC{6xS&i{GA93G^g-!wU{{I+_I}=)L3N1Bxx+- zb#B|hAc%ZYz2K2dk|AL=SHcetQ}6PRi>I)=OrIU^lMhrD?Oh0SwuQ>~?Whlu{R^uBj^c8oN-8Xc4@sox>Q9yH#Vw7YZ8 z@QA!9#@EH|WvbttH7U2kn6QHb9ifF|;*VB}8R@}(6(sEE~&whWEUr}ihnIt}%Dq=9qK(a_QDyyOBq!E)^ z$vT&nX@n&YQjJ{s_n?R%UAXd&F4beMkqE^(XHBP zc&hLx%(v+;Pn=l@zf76i`D`AguEIi)B0G-lR{k(xipx}MGf2H5zw z+wa{qIvRY@Seuo+pbPpQ&?>(m??}Lg3?O5Lvs734;4r|n_|N4l8gg?^qhgb=+NuWY z87va;V;|DFwfB~!Rj)9CFhJ?R5l+jJuujA@13!R4K%zu2;Nvx>>nZOP9;s1KGPk-? zaJH0Wel>f9Q+@H6KF2_x2=X=u`jlsr$a1yS(f_kzr`^8k6BYxG#Bd91{+G_+(M7+@ z!Zr3Gs314*$Ih1u2iz99#hROLXn5F_b);_$bE-&VJ3#okZhaZpPNvK!=gi5QMgMr5 zodY&P-Bh3jeJy{{=Y<-wVYB+ABKnJlZE%REk~lOhE#Nl?NJSBPpI(XqrOVszEX95* zm8?_sTo)BH?6`eG{^jr^NNqm0>-%51DEIniFYtTGdv!4Dk69RNB)kg+tGcoC(=K+) za}m7Rf5LoWUC!O?n|1f~oq*N^OKEBTVcj@0@hsDu$KFA)GZ zVg#e!)##ExGy2wwumV0-;;?a#Im2F`M?Iz<`W&IssL{(XzomxEsegLwbWCc}ugH<` zrS=2c1N#v2QewzNCA4nCT?-QO&#tM`{`Rt-2SdCQ+({en|B|(FlZn4wh5tv}3!GZn z)hJ(-y~~y8a>V^M9@vN1BV^!|rNV-YU5jCF9QH>O{rd#KOVF=oVv8N&;++%Q;Pns$ zqy<$Qod~=~Z*J{%1mRsf4SzlcOen;ia4Wo~PBGXiaJFe7PUuBDw^e7emFMIs@-jm% zEArZ~?7m<6d~a>u(o^cL?NyMmV-cAxo%5z}YsAMLKGdP>iPF{sv{_5#oOk@_;2+E{ zu@J2?##G;Nd88{fRi3vB-J)1P_l?(yr0X2|$O`wBkfG zn==MQlizPh*BJYnVPtSE^g%&&_&5Q_;FPcZBe<T;~>gUT6R=?Gs46&xJ zou)Ax-q}pbZ$*=EpJpqT8XfzbYwV7 zj`<2C_52mjIb;XV6z@3ETNEwjDg<=5&FicBypk=;3du(7}7slbP9nLT8E~g=|~FtHb9YZ z*q!27 ze2|@ON9FL4{-3@WzA_&{j}WOu1vP!m9oyZft>{qmeP@f}-g z@>SvKQg~}m@E}E`NWnOLHB zo;J8MMr1WdDR5@@o>~~sk>kuX9PuS8{_J>34W?V-Sj!)^1S7i!lktQRiJTv6 zpi_9)Y>(xUhWZZi^FTi9AJl6TSSE&Wp_^7S&|rY8xaf)S&i{iTWvj26RZ`c!!X_cO z7dX!<*pLI}G3d`n$~J*KHmnNvBP7gXaD;{UpHMF_%Ts4k08Ub3gzVui;J$XMY?a{h zh8m=0dx?z+8)>-yuv{X!ANcN38&HmHjY0OI8z^WvNVk|q3W-_wLx{q?)v98bwRp^j zPJ)rhjX^J5bGIu$rZ9g9Lw{S)#MLPr@+YLygkETl%s8MZ#OqvrB;EpVg%}D`y@l~d zaBvCM;_~zG@aP2}Rd%Hi5#x}*d||hIHoLmHSV+GQkkx1eUzz|tG#>zWcf4*;K~9Wk z@RK0s?ccYc^zvjv@{Hgkjfz5;*t5V;(yrjs{+>_pDjT;NCc>v%))Pp^XjlS1JOJNp zrOaBB?EmuTzY(a`BrcK-Xi5fG2KZKv#09rh0}mcm?#eSV4)zZ7n`&y2WqHN}%U|fv zGB?BX^EnuOByIi{GVzr5WzRdRY46rY&z;C_ECNQaQ7RTF#l zA>K8vS?eA@w64!K)0jg^Au>mFE?U%!qajuCi~6IlB;f0f{?Yk71d6hfc@rehk4}cG zU3c2N)_Q1PZ~3l-x5gtJ_i>Y3fPElX&@#&l`}UPbKph1f2_@@t927x%iDq==WrKob8OR1_GN7@V#L1qf1D7?^9@++M z3w~Y3N5E5^;_vo>w{xFsr!fv#xn9qirw6F_R&6U;SVKQj?tu_D2fKi~>sC%65C0wB z+pl1oF%%Twz0x0g5d#l-`5QMf1*<*DeC(kjfAh!QQc67Lz<|z-U~mE+P;Om z5Crls-z?Y6gYh4UhS7utrYC~HPw$NTeia(v#i3w(H>LPnfVU^eNbsy`3iLN6`4dv6 zXT=g6me~ze1w?Ipj!`odBC_pQJ(APrS5ZUEaEo`C+frw<+^#3MfuMYJ8zopIxk+4? z;$8$2kByfCQ`XMtf>_!J=-Mv+^jP5E0&U88R|5*zE8H&;ZqgPB!(q=PIb(q~bf)^ceYZtDY!g|SB?J(P+jqV=}|C?0|FZPVlX&!?7F zS)4VDDQRVgjlv-+A01jH${3sFMs>QjD{V@$9M+#KO2zX~jxANcsvETwrNeOzxOR@SHb)I9yGuG zq&84@1X@dxWke7f2=wuU*aa8}pqa$W*wXHi65^ zNbrXrp85;@5$J~5{KY8_La`mh%S{ac<+XN4ynvpQ^9w&XU9879`#=kdQ|`W?G!D&^ z_4e{CXP6>|b@lMcI%H)SSl-lM({~-|6ZFEArA96uRAFqoi1e(;|59mj5%LiffXNH# z9|e-m>?qV&Wt;)7)%&2U#gwpj!R-*xs{aDUKM=W#^-0d4&N2)Dzs&dynMj5R^HqKw zx{NUq{K^%mQ5n>F(XSE<^6_8z0(^Q)Df>TP+8;SJpA7bb8B4e80)#7mVw=$wx&zy1 zWA6L61up;hF7h4c#pSt>+m3Ucj$^z#+ao5;r(*R*qH z1iT^TAABnKTb0-F&Wq^Wbe^K1HZC-#Y2>?AzLXFWHuZ@`5f#5#)mEC>oq|2U)9gl0 zVV0h(_O{q|(XV`}Q)Lb;Xu*1BT2^$;nz+rT?zpne-#`q*oEC>~A#tmBU2vtChPU{h_{l_7-MKJnTpxA} zfu!GJ26-Yi*?*P^OZT^MCN{cbE4ygjj(JcxXpQ4~3Yo{WUvOOMLO3M+sEx<1Rumb) zHKUCh_tjACy%Mdo6A)=1Fb9u(;vH}s1wQS~Hl=ZwA}^!^c9AkYZO>0)Xj%vGfDJzW z>OG(UcYpV}|GxUC#cWlcO^_f2#fJgp=Ko8GAVqMazBD>n2-!_^-(qMIWtHanXwT zF;nG4M)Ey9C@~P<9b*p_FrD~)7H9{`djqf2Z?xNBHb)>Uhy9Osj}B08#-r&`087Pl z8MtoNbNU4sy!x16K^+OOmA41VPD9&nG^0)9FX06=_Ol;MuEs<`DujAx*H3X&02x6E zwPXDF#cflI1-K)d{3q1d*JchfycrNbXf9Mq+6kS7>1n~~?< z^f|TNx2Wpzxyh}i3F=*Z{%;VjKY^sT`eHY^E@2aBtC6Q5-9oweqI4$1>0g=4wfJwcP1=6_gBvutbqMyQ^uRUp%y&!Z;fW zj4O`DV3JU)1TIbQZLD8W_uex4pzH$|Gra~}l7ci!A>jk|6g)*fvL1^;sVx}5*+2Wp zvjGYl6^M7cD4!soUkd7=Mchjn$R0IEbuQ2{a=q85P2tVw$ExAO2^UDNs^#HfH&vFG zAM{jdK#kgfTY|JsF2JkTF2Ko90641tLz8LiYj2CXe!jI<*tFk9!(>$eKX?fXm@elL!dZ4EiIBk1LqZZlM5#T6yFq&AG<`Bn3i9zDS~safd`qsd7vY%a?)xZQi~D~9ZWK| zmM@rhLeiiRm2w3mMr7xfqGN&)c^Om;{Wh%uRk7?pnEtuw>962q*Mw%k{#R62;4s2W zg5!YA2FfAPpO9}ZKV&$i&25I>EoBWV8`PGXD4fKALE?MHoKQe`g%CBG^l#e`LlYay z0gyRpC=7gMh5eg`(e!87q^W4koDT4Rvb9>t9+Z#EuIk~;jCydwOYvw~Monm2Eg3p>`h*tQKia)rBrb2O`6tQh9J@69V3qC+&h(^TgPSo^*vvLGz&xiA>= z+!}=*3L)Xf!sFQ1OI9YEDKmInyFA{R^!LOLn0y`ED3phE7Xv*Xs(&|0p;ZN+qL?a* z#>MP`&w35#XXZ4rmF5!<7ZuzUQCPQFl4(~reFhBwwe@BrNOHQ)VK8@|UYC~vDSIpa z9H4t??s@os&S9Crzeq|gxc1-6+hb@}leKKac+VFI^%fm^B8&A)9nrLY^zpewq?}kY zR@O{f--{sd{g?HJf=rDA{m>y!R%5>vIk3|>y3)D|l8pVsjx;GVz3>8Bq=m`g#b!hFZOpvdGKw}aCvR#zs9YdSKL=eB$ zih}LiCb8@4?)1LhS>IkCTrGd`Vn=DvRumb#yWjJU$IZX2F$cp`kaeFyO_0o^G^g6$ zViPOgh>9nzTA=k4!}m4tJaChd2o`~4XEk}qM#ud-MHBFS+3_p+1=Y6d2RaISq85Zv znaW*Vh3J3W{@g#yhKhcB#U$n|m?48>yT%~gQK)m0`$IGvu9OMK^-tr}|zYEZw^^rp*6;XF185I^DxNv>MX zJ5rWwDEY8=DT8kDeLMAf#g=?N*YDd|V2!mcyf)Hr`ao~XpVB;Cv&UXf_OGpgv~PuY zQf^dQTQ-(5Y-o*B{zG5C?>uNatRW%b;YLx!;VoC|;XRrjjXsk|R%(ntAw$aj$#qKF zIcl(SoX+RqB#TI@)YRt|HPqIEez85BRJVTgEK>>BY<(g7-CJFRoexji&f+?JDdOZ* zOZ;~vV77(@h70pwC%YPYW?HqR+Iwd&+0%Y8rXqXHETm4>Ohc%F*h4wvxkGFoRIAIs zB`Qp2B1GuDtz%+EOD?`Nn{AeIr4! zj{VckdZXRd9UL%^#Z-uWm>HgMetH^K43ZER9fP2_ZPTvX4$~zOL3O&2dt`?{RKNo{ z*McCnGx4iGf*CEv^VHjQVU2FYuDOscm z6T*Y%iNMOIzAMoOOa~&%9h#VV+ZG2p0>>e-cSkTCiu~WqxSbjq{3(oB@iBfC7EY7EYPglwQyi`voMR)2X(r75>hSt~}Fmuu;bH zd)l;a4nzUf&G)AD7L{I|PI4{nMYra4EO9={&kTh-dhP!*SEbENYK;YnBzZ(@#qV5d z)ju^S!m3y-wSHf2Y@-`v;t@lv$!I9zr8=W~#s(&Zrl=0;S_|=&GV<6}gX(?*YnDOs zU8C;>lzGh|Ko7<7SfCaq1b6_W&*sd5Gas%Fc1Hd{~m|`{b2srW!i+Iby$Rsqx`nq z+c~p6@h)bM4!Z-Ol+C#ds0zEh{AgD>0J%B4?}2=zc?Cdv*Kcm23|z&ej{?EB>JTFQ zFOSd&;J##)&U02AenVzq<+jL@rQE~dcUUNrC>U^P@SOwa*nHV&v3((iU5;bA(G6$@ zoGdpox73@x7+K-k=QYpL+mn5`yF^JynP42`Md#{-%z<+z4^jp{iHh8-yY9ywGq7ap zxpy;%1K{JV4Y|M94VrMkDBa97r)A$xd<0CF`# zFuGh*4kVd>)51`-{%TLrY#b`hK4*ZXo#G4B@+iB(*J$!c_OZDR9n1Glq|xq+Bccz* z`zzXNLkBbOGX&$>=^(O;uMNE^$h~A(rA4a zzmgc_^GVREq@v|THr*h>_RVhz1oJk6p$-F^WXgbyw?h+!y(4rENQRyn(X3f`tV_~ z;iIUcK1yI1n68?|0sv8PZ=xav!mR*3pq=BxCvcn7p#7^kBE6yv$3YAKpOa7omm@!& z7+5{^orFD+4i`zCRz+GTLR)oL(q){d%r?DR=8M|&sQSq1p)S5--=~2BMLl5Qi4pf% zipyS)W}-2C+(BTu4)h>@_i6E7y7<+*;a3`bwKNO?>zZ2&A)@oeeV}SDaOYI7Y#0d-inBTec@cr7uI`5j-wJ4fRlx|<~iceJ$hffw*4ca zt_@ z2DE|-0;sV&AUX8t$Sj_GN=z!<(QA~hOG?6;_GL+!&@9+ZJnKkdcQe6Osv&+I!0(z0 ztP++w|3-}m%$)wfT1Dcbil_?X+Ci5NWqP3KlH+@t_4Zp@hRf}-7Nig?{=<6#T^Nvk zyo*(JY0%vYFohYd>{G)}!Law^6D;!I05Y|@bbgW;r|DSgo|u6MQ?Obp zJp-I#Q9v1bW?kIi#+H5G)y2;hK<~6rpf2XY9=`Sv_|UHUHyD55vmY1j7CXWPmUw&c zUuXDuP-zyykxJ)zZa~UuekjY!3+|e3L1X{98&AB_G$8Cj^2!Ul`UUPGXg~8{J2l;1#9T3Lqk^`-d4$=A*WF`HP@T~P;myv+4<&TPaOgSk6 zx4GOHn13n>?RN-k zKUmS@9eUwkorH$&a-5_VXEhS`Mt@o8Y>{seInV@ZIk}Ngxc$~+_tb-)X|c3>p^;XJ zbG51zqSmMj6hA-9t{IO6KY8QSkR>oU`jbegPQC4{BpYNz-ng@7RNwlXfpTq$l>5RI z5Y(5w5BAhgZC^@$y8!q5tJ+lY1Q4M|pH${CmK~Hy{V{WBQI%+*dwWciqc@A>P(a2+ zrAJ%0N+O6fFA8EI`G-Ff)~jBU_*jQ3;7&e7*)rck8_;h)xLV`fMW5Al1`fy`*5w?K zdjvD(n~#Urf;Z*ABXJ6zYtF}B+a1wod2v>;g%-haHQZEN$<~`vJ*yT$Ja4)4rj8oX zZoHzmn|XAxVbHZSg_h7om$j!(n}lyf4A-};jIYpW=)|%Rryp)lCxZ9$^bP7Gfhd2b z(KS zM>$c6NvaO^i)_l)tW)`3X)Y4Rl@DYQ&$F_6gkiF7TX{I1BO4Lcnk)xT+tossHs5bt zPnSbaJDtI9K8@f~Zo6X3zyHF6FM+O$} z?L)u%W)<&L3RtH{kQ?^H+Sqs1-e!hQ;|AyPZIu_EY8zLx{MVDE8o?LjP`jGb~aU29%#STsL@+Nb^QR zeKF;IhGkoP`N${H*#8j@WCS%QKMK14=Af~R)8IvVP0o0RpE`&Y!lFZ2!ciTgEBwbf z=tyr&(>9uNV8!)YWlciRCT-<&7*Ic6=^1WUYI~Na&M7)e_J6PMY_K8CtV=#N@G1ej zs&O>SB)2h+YX6)45wKlRp!Q{{_CD+c0~=Ot2wy=03*UD9^>z30-+>2IlX}`x@)hWL zmJqRUZvKXlZ1t1tKh^#8ZI}Aul;5u(oK@5NyLEj>a#~r>lN6Y)k$A>%}1b&=KMSo2MImDQxH}cQ0V(Ya(1(t z#B;K4`__y*As45i9A8+WZ&MH6jHbs_gq~>`8cEhhJ+#NH z?&@zN)z|lTd;7S#+yM{NZJe@ATOAr0caZIGc6N1reb_tR&j8geUBZQ3Ppc00^$cI9 zKiFRH4&DhTgId^9({=4=g8(PX3Nql^!#zqC&{Ba0eV|VtX!qM)hkDT4@%G-=^8I4) z={=`=fkOX@Cy#|-SHCwcv$yv(0LFt8CqtvXtQChcMc~b~S#)-2>DL};6-9$n5c$*H z>Fe%&9q;u>U8cM15Uuea^WzE6vAWaDocoG3xp`G2;sCY2?>cwZw)X>uHLq%fJ-;YS zj#T>*dZ1tFSJmDwDxZla;B_r`{a2Q9M>6CkFC6=F7mt57*P1pxo1{$~>gbu;l$W(W zL{MoXY67$zY`fSs`7i#%n6| zefscWC32hcJ2m$%q&3(7x}iT*s#*Wt^M&|--Sh5Y{qH5M8T%t~KVEgkmWJk7=2ehP zu+qpBiR(na$_*l?b$lMf!b0eZq(@o2iZnz8vS0Ttme0R3TpG_o7PGw)ZAXe?K!|+M zA?>|bG=nUoQnT4~juPK^GK~UIQCpQM`M;IdCAzqNe8K8+h)zfoZh!=SI?`0AQCBVke`mF>_O=R_jE%Jd{*zdW?0P#bHbWUvldR zd-r$@+;xuh6(_^rIpPxt0yGZjP+QPRIDR1)9~NW=%F1GW$D!{Wp%BLUCe^cu!H7J9 zj~i@}y$+#u|m;B_ju$2Ll(kPD5hy=i$W0yZf&apeh_s+2^rt)vf$k;jl z|C}TABW8rg9KCsc#U0m#ZFgMa18(W!jQ-}hGwx9zT3^ELfR)z&&DF*0w^#1e->i+= z{eP#h|L>fi9rpkGNr_75I2Y(f4|@_N0(0;Y4VC6*^ginnk-jmRyBtZ?bxKz=2@OQ~ z3aIxi(VWK02Z2esk3&CsSOEEi3r2>q03S_>$7phg+I5`&jgF7sQ33tqV{|tGi4^f{ zG!li>#^Yf^yh(BqGjpjJQD$AsbkPqSRNsEiU-RR0co9E;^(`I;6d)|33f#|NnhtdddL$0RU@Dc zVQyr3R8em|NM&qo0PMYKcjLCUD0sfMeg&SKyHZuJL`jy1ie9I?eOylBn;Lv=C#Q3> z(kh6AB*Y}a0HAE8QvKWC!bF0TNDWrGa)gzYvPf`aW7-oo_NFj&XNYz%(O8dij6*gVV!*^pARnz1~Uxuy^tg@nmrL5765t5>+K;9MXUE zHf}55xi6%^FeDsuOhPtn0pLOoeKK`i$hnUkOu8`Uq=Q4oq3;iYSuS@N`nbaoog>3Rha559Z2>SL6nKb3>@%l@UD1}Q?Fy>H96e%k(J_WN z>-uC$mHi%1 zF=E?h05$agsMkBn(f_0V$zV_acTvb3Q6Db8!#)~I!iUKl6k{Gx%{xJ+YS7mpzoYG4*-Uq`X(eCz!3V2KM`1vm>R+Y zTt8+UQ4mo~Br(x1TG`eof*7}2`X!=*Yf%&thPkAUdO<6y(MhVc07$#m(UtnGmLg(= zB2O_u6vDAD7?o-V035(65^u_z2{5JN>yCzD{*@o-7EheR766eSPjPtJ5S&8a09D_n zFni9SuF-e;t=1SaltErhQLE*KxU@?R8rI|1aYLLLxfTFEnZ7}DAdG$B4!zG^x9K353 z5ROXPXhqm3ybMr-A(G!_2dBl6j{?N$q73HzP|bU8mZm-#LthJD+}Ddkjniv1fw9l8 z(G)WQRqRjzB1#?>jn|N@JwLP;q?$W;sG3jzH zQmOzGN`g|UwIzR)%@d6IOiu!*kfZ5h2w+IUML=RE`x^OV5eN}W*3#>8R9L_@L#nWm z|4#>Wt^{ehtvI3~^ha9uWU93&>A3n0fEzPTf{|Ev*kz-b`a{qbvemHLH9ZeVDA2&+ zw37nRf}{OXEjx$J-QhRAZ+dOr#P(rw3SAsdO&@SL()2%zzpm!k#6&{spPalp>HZGU z6j23nO5p^CunuAg_WH}^sK07F7>&WTtU)L&9+!k1J@6~YXG74odaC|vuw_+6-9|@H za~yU^i0s{a*mL%h@V|4(%Ksb%kyP2bqZ#reM47{*ja7jf`M-C3JjluaCxgS|z5Kt6 z^6_K$1-J-VOc6-zDuVek#HC=*V1NLcBf7YsA&S6@?x#xW2$S0uvAFSJ63jp#NN`AD9y|DlO+*4gzs`fwh0vvWI@zLhifI9o{N&h6j z|4;j;`~AO*(&=hj?j`C2Ni1_P&4il&gG4ksPC%7&mVBySX<513U77-NA$zp>2%s5W9?w&l*x(y0B#n#6R zd&q^>hgmax`dpyt6X@9hRHu_FU%&Xes-FzGF~xjQzaZ?D91$P8HntH$RMbEr$F4d{ zNoPk{@5^47;JN$#Uq%1NkfDy+E}Z~I8!>@8`S0)~PybI(4tsn0zl)MP9nutD&ih*! zW$3$2oD;ihM=X?;sk8zqDn>qd=6r{J#GLPaG6rq6=2-Vd`?+(*6ehp{e*qkdT@DVx zQx&DY$Wpccwe4gp0$|PlAM}s&=l`dNgZ=*BN!gO@S4taXb5dUi5@S#|4>k!OJUR^{#ppjlm^ z7ZGe044NlvClSP$8IJUiE_y(&`Xx95<0#~F;>Q7UeTV~Qs0U5fQ>u+6KcMT9I4m2~ z&&}!frK~iN|Mb#aUkt3%|BjA(S^4jFD2Tf8PJ^;K;RzqkIcRI2EI)(!M`GTwj>)X@LK)1#xj{C7Aw z+0*}B6r1*s1${{A{C|>hm2l^Be*-ZMfZVMk0NOL;2M(KcXN26fhae)1n-*TmA8|CL z&_l)AoqL3*Gu|G8cIUWV^4>!};;5rc0_`CfqY0s?Bi~8;0Vd%~`HRJ_i;#!BmLReM zvoUn<$Yk;c2ZB-cTOjG2_7K(eL~%*TAr28uwzbi?D@M%}(V%M*evsfvZTC~#*wly z*JrJ&TBcWl_(u7G%0?7v9*e;jG&xh3#bZ^ox>C+v%DMnjKHR!O6U8%{?Zf7RYs?FY*s=*Lupm^pJmkLcNJiGZh;55(wPkMX%&rZtv{6AS6k0b$5q&fE%Sbha}-;kGQN5GUl zH*dtvx4>nS@gK>?M&^3Op7E~Dc>m4$?v~i@`|vx6{g|SsZ#J&t|JjAInG0au`OhGK z|KqSXI62z$|6P>j`)*_Jz;uhP;~)si=#~1O`~m~N6z#01pe0Lx?xB8?rE33c+GlPr zZWI%uPX0gY73BZ^>Hhx5PD*b7%iG9~zKoiu0HuyQslK2Ob>FI5CB#7<3UnBUoSAjC zhUQ=&Go=_A(i2hgfDubXe1?4Fa-#3c213KRc!(&HzG@mu2YkFk3k!n2%iO`!kWlmz zkO)yIfPmKov3G=DJYdE@*~s5y+JWIBxlaB&8NU%IXZkO1{AwQ^?U|&cIr+Am;vm6s zNT-Nj5z2?4f86_~C!gYwBRYq^c*gYEg&Z6lPLrOg!;Cj-%)qask(idzT|7oKL>#eE zM7&X=?TjKq`ABriNYKz#ae?j-iV|UGiXMjGYv)Br^+;g*wQkSUmxy?jA@S-)>5&gr9TIvT0GZ7uBkC=yUgcU;eRV|IabH-6y~|F193UcbF?0&lBr z)X@Laqd`9Y&*1QMfB$nQ>e z=xGI3K>f*_2bRITB><@~N0}uLl0!rWTtX>wxxaV`79<8i%y{}b_gNC9G^v2YsU9EC zLL59}2!RY<)W&Ng0fc%g z7IQ>}ZtX9?IL5vwrzzV7qHbkK6l4fS=sT^}ry=^&~Ra!C;RNGv!RY`U*Lc*dTKnzEy! z)5Fp6p<`N6SGdPMJb#QP1sy0lDwO(n20>Z_%PJ?J>R%ojw7oVPc zcag^amWxO&Ur($EHG0+tkiB)l4GvwTLve~V91AH)2KbZ{sz?nEbrev6)JuTX!t;m> z5j=w`urNc}?PN4g@1+_w1Ik)GGR*JE<*A$pO|9=(iIP26p685;DZ&+ zGyU@>Law9i;qUSmIhKwXc4r_!P;|`qt=pz*QpN}{m%<2nV7#zb-*{nMGd1B;T~iyz zg`wIpoWjWjyDxzbbt<>el)`9ch?thv^c88f;?z=4Q4w7yz{dgR3LDXTPNe$}o?zFi zs#nJv10pn<4-!A6L9SJar_OC3yYDVs1$mNj9$#fFvq3EsTPtd=S?{xeYP84z_ zB+2MMDLlD!OmjHQt)zt7UFi6@rb|q{IIz~0T;pbQ=fmk*bNKM=O}GqtS9ALb=dxMUw)3ftex$ zOwcYx6_gjVLQzir2OF0UFV*i%s~=v<c z05zNjQ^yR8!TCx}hdtpXD6TnSr4zIalVua7(Mo5@JjhHD_)i&%xz$qt=A=RK2~y&q zrotX(+T!Ga0K1eVbC?$}FcTz~gkrXoSR=Zg#(LH*=L96lrZJO3(H}ANWo{lhLJ=ii zEDt#y@Do$19e&j?^dkH1naSI7e}C^}f=tUKKE!3+zH`{`PF41Zj&zMfUiUfhh#L#F zN1?$9@DN8dz#%d?*=R~mBU45ojh!6&6h--h6%yLKrR>GS!kuNL*&`W?r*N;7^bcDvk4@|I+v{oc2gCvpK5b&Tw zE}4@AaLEDm8PR|c8@6767cYL5+EI#iqM|>4@nR^bnIa-mV3w3piPK;rTGC23iB;5V zp?E8xiulzKJ=ww;_#?*d9gy_yrA>r0WGyy`7*=6ZdqsVM)chm$)|BEU)cPfeloCiy z?k$DX8ZoM? z^T~>nl~ws4d#0uohLgO?-DH-gcJEf0qAl7WlF89J*D8~9Yipp*C#PT?h$9bjr2*C$ z3Ti9_jy_LlFtKas=BsPupWkB9`i=-G#@UJ8=$|_NVj2Xb`C)MHnUaFzIGz- z2WKFf9G6v)9T1w^3RQxzwGY=;hn@rZ#?oZkiy>Uais>@r_ zmF=bgxO-(?;nkGOz8@<%PwCZY#vzYcN4(Emr;W@_l*4}JdG4M{=B{g_X2&bTp`LCjTJE@{Uv z>rDT6S$ER6`7Eel*=E%B^2;pAlv?$%tdRX`7LPMk%2R1sQF%P#-pK^uZ3Q5rWFiw2 zn@pfOZ=ua)O%Mc%=2($2>#cdHs$}zsR%Q~lzE8h!N-Hb4`qqksInC^7P(}dKowl4t z$O)ARZL7(Sc%M>&G8$0cS}C0cwMpCWR&?M6Ad}4&Y#2U6XKs@at0QP+ zYGs0GU3D?&flnSShyX zAZIB%y4jYltnAxcXwORKy(Cmi)fbtm)d=3^2wO?_tj}`mp@jJ6NcJYnSV6Dsrh1)2 z&YJ&BQtYZ_mQ*S(CzCh3{?qwk{_EU0l}LP+jJU}d3CNWrBwl9byfkIH!8aG%K;oRQ z5B>t74s-A-1)HX3&oypdl+4iQRzUXUvzDy>Z@VUML-SXq?*8X-FBkv6e|)sR|FxT9 zJJ$|dM&B?=>F35YpmUC-*~X<@-t9VFJXD7I6FA^S5cq?tcb@$hV?Dp$GY3LsC$C|8r2t z|9G^w|Lvx1ZvV?0>gr5eI%tEXk^19KRuQ%CfyPWM&WyI&N$%8T3|ob}dg`IPbH}pb z;M^!4g2P@fSj#HL-KgVY4n5>|rZjRp<<^;3y_01ot&<9SQpXF+pdAm62YGDI@-Z}Z z?|c$_&Xka;kL0OswkIItX$@tFgCudue^Z5He zcm9)Mnq7Gh@6q$W_f8A)-^s~fAOCA7B^QU+g&g{1>Zolkc)$#M9a^$3>GF1U^b1toZ~L_Ce$|=ImAA5T3Ok5p6kb^^S^ZeTZj0Y zv{5Jj9ryG5|Fm~{yx;%3C=n%d>>)bT{-Z6+T|p{1A@S1CTj1lTRz$qBkmIw7yoB=1nTIL4Zi6;m>*H(o*el|{nX9B%a2-1 z4ev0gt{PvB08>gR@;Vt}&`F7mIr`Gu9)JVDA{gFqLg5tME+XwrBi$6o2($wf5V~kf z7n=4MdQ(K(>hh}Pmn=Hn0(nS7pz7z-j20y}DXaCRsFvmo{aFTOKKCIGhQK;#vs7vT zm}+haj=#sP9l3agj^4s>Ay4x}2TiEChmpKS!-n8k zY`@l@IJ(23c>70;=t2p0-yHS(ElZlTnV(uF>FIGte%CT*Vmj!}z*733hJzYGy_+2#t;`E*=>PF)FBkvquz%Fw-~ZT2`S`K>0+`9wF^c5ni6pK< za;eKDp^GBUx*0d=E@TW(!%jrJj^Gtt@S>~ZF3WHg2(-mx!wvMwzWpdAEtn$jbxd(M zy>VyAi+vnUFQq@XethwO+*rzN>FJKT1Cnj!x&oMW@El2>x@|RhRRvAAXdSpz4ox-E zsjH90Rs>(Q;u4id+f?slz|Aq@(8*4#;BJ;~YRBTV9^38>W)LV0rwDv?hZZlvS99ot z;kWq{V*xyy*gzk~O*wcbzxhijy3au`pZ?(EM+vz+J5wP!PUWMo?9mbk8b6crqivgI zr@o-}!%nV&vO&l;nn_(CXTkI>)2D_5Z^lNAU14mjVQ8}4mMmEbbd71Qo8S&miCczN zH*m;p2MmD|3TOI$RRn!uEYYXDgLk};(SD2%~-i1vjwWC5a zW&|R=8gGE$wN*e;*;s($IR$hPnR!@Wvii%9VGrj3k`oA^{>|cSGfOw z*grhlpa1Tp*aWH4*R7LEFFEN?9|DwncAL*4ibFmD?f+oi_F4dt&rtHCo#JDn_uGHB zght!Cc!*%=B{yfyRbL%}vY??Fc_ZL<$78pembEow$q@c_CT(lv2kp_ljBtYQDGz_Bb?*t>? zQ}^uUwQ3bBQr=R3HeSfFc>V51)RmEKBIG`IT9*@`k5v>9ofbq#=u^)yPwtJ&Kn9Qj zD3RCLRt~MP@0PBnyzw`wQ(2+WklV}VD~Z0X1=h`~g=aDn3Q9IzVuEYt>BQiwXPvpFW#IqUPZ!s}jQ)9cb1}L)yZxaI zx**@yt(Z)Ng3R5K!W${FeEI~s<>ai8Lst|Z&rygNyP{-_vMT$G^XPl~3Ysc98D9RW zI&T$3CgVj2J-lu38}6&BoYUzfi3OZ%-%jeR58z9eqje@}+cM#HV^ zZ`IseC=K_&iFdRX4XD}who{H+{LlTv{r#Walx6uJOSW!$ovzuAEoh>3UIk{M!K|vN zJ~gfr!zwq3jMVXY3=4%28m32S=nU)fN+-3a9m+PgDe}RPN&m4NWzH+k*^aN@fiaDEuAgF+0~^3ZV6y<8b;?Y(B{G97!vS^&Ey?>i~pks%}y}izu4l2b1IN ze>``<`_Ny=z|4_CNvO-f$02fB&g+|z(ArV!0GyK`AR+kq{04ZKvX(Q&yet2&&~G{8 zKWSI~-#nO2yW)T5C!2@e6p-LXaU>%Lu+|HQ-AAn#&KTacUN}4ue-nzQtr!1)>j3-= zDJC%km#;5aOKhy)k;_{S_7Lo<>XiK6a^}n>9_oGxmjagV|1G5ht=0egh4`QSz5c(O zlIEtdvVF?qewB$(2kK1|*Oc(W|a-_=Mpu;#TAktSr<#O0Uwi_gn!tUqHZ}VtL zY(CTcm+pTVxn*0ozw7n?eu4j=40`+fpF1hF_rGDxNk=c~VPz8DZzZ4K<^}Tft(IR| zXF8`tD~5iO0F^n*60?@V)PC*-n2t**BFu3~VC5F*&il1j*2@E7G`_iR4`^2LI?P;O zpZA@^Z}RuolSHdf5MdMoWrqY>K#^o8lTwz9#ZNfKKIRJ@URp#e5czWmF7BfmBc_?2107 z;m+?JRWW9W$^*)f=f4r-96+Jib@>bh$dEK9mb%-;!BjmM`D98)qUH=i&xyim>kcjM z3H4+!EIFC2jt+-qXT}#V!wH3q)7a%PMXdnh)cK$TPyn&7V_}il;LULYb=# zS^4CE3&XEDkT;T%a&aax2ap3AhZ6oX%)vd0ePw@8uF&@oE50azDgLP%S1I+AlubfW z5!K#DD7+EfYaPhENHS6k<{*xq%Oqlq1W4#3qI)dK<6%;$U}huCN$UW3${qV9fZ*y{ zp(h%?N4`q}!5W2ZdArjreFm)z^*ku=hs@nffRwrhptNIB`T;G>2F~qW?SfM3IYlJ z1>iHnl1wksXIwj={~$)>JXI6NVpb_~S_iF`Bu67lylS_>LE^fN8Mqf!Q^6+@Mp`Yg z`h+Me79{p`T!&fdH{s$osNn};&8hFswidFedQ)C$#!>7+)>ISL|`aSNfBU>uv* z#u9zzx+D%cm_Y_2p&qI`Q~C>l=7=u%OlD#iEhY(Jgg`@yFQ-*CYbKxo+J&KN-K2|A z7$gDu%qcb=`zResZQyRdc+pnLJ9Kt1lL=@fllrPr%KGetG7QH@ecO_F_TM8Ia;zUH z;ct|R=Q`T{gHF~6e*OCE-{hktelgCbEP}>}jYnyePoab`7y2?N(cu_zc-T(8 zKUK3!!>TBG#sn#q9+smh_We<$-7wo{{ykijl&61PX)0W$(tMLH-ag4di_rC@V0+E>>Ukz$N$|s9rk*< z|1v%&9f{RE1a0YWDCTLz?BFvXp%Np5v`XC!Z0BWFQ%z<*E{b@nk7@J+iV4MhF>-y# z*eFb6wonxL*oABe`Wc@Hz47FTn);flBti2^S~hRgagA(&6CY7iNzRO3DGEh6 zbahuJAmLOgH9}!i!k%NrSULbVlC3NfHsk8!G0CjWs3qsPDiDbLutYylB4z4s&RC3C z_o#n#av=Y9NgzmW=jfZk@zJ0+I9wsh6G$-|?$wM9$`biM_5OMH{`TU=;SYShHtOvE zM@L6_|G(Zo{?Bg8zm&WwFIHP|DX2v@&9*HWc;r=4u&#As1R9% zp!IDahQ*zsp^E0U)}?COr2QB-s|%qu{;lp+XGV9m%hgE`qqS~V=Wd9YSX-;!u1-Ep z?>)C0TytI)XeXV2YhcBS)#`y5RNDZdYDt};Zh&RgcI91dyR%sa@|V7FjBsjiRzdp0w=!g;+QZb)f|xQQgmwhbZ#udTY`Jl`bdiDtM;R z{FVK>dYQ}bB_Am@+DY-Ry49XezEXOWo?6#MSxI$phWx-`GsXR~cbm%=fxO*pob1YL zTGyZ}>lh9FjmAXQPD~z_|6X<=Q$5$poLCgLEXQaVMY-^3yJ;nWA)F$wGhS3WYZgC> zAmtr0No@m#Sx!P3HJa!AD0fO*EnaG`n$F_4Nt*CdZ_@($KQYBKQm+v_Nt1Uc#s~0B zbw|p_&aD>3B-rPG&5XI&*s1GwG-j_2|!MZCl;a3>ZsogBeI0&W}d=rfde%x7(b7 zvNm@!19$?S39kE02+r4NiXPrV?#|>cR=I6M(vdzgh}jG9Ie0b}a$#m$Qo0tV!P1iqWou9T_&HsPN<%cPfT~Di4;f^sj-iOJG5vZ zrWnhrW0_S;DO*L|qAa|mVzJv4hTfSU&EUH@0R5BodVi0`fD%%xLg{~uskgM7xjLZO zzkH3X4BD-b??n^mFj5{v7%}JU>QV~<%=rN_(3U5aPIAtsJg_pM3pMcawboWfhl;hf z(s&vRJ#Z0KDy;)<<#C~O2~F!w013g}EB3$CSsw}0Q{GyBs@rf9^M7VKW{~}e7HKY5 zgHhY6UYMC8%*UJy)g94Pm;20dg=AYjJ6oL>eMlm<_+w8`{ye7HEET`1o~(S`9nP7g zb&oS=>X0b4%XXTaz1It&nM3_j0+y>&GVsL;#o;c$Y1X{^84nie$-#1C(3TvcEsf); zjYuZjusmT_S+k-|$Fx~GHkleFvWFGyB3so$NlO-{Ue3!TD=17L_Cfm>5(5u=(wSZ( zp7Be-C0;wvIvs{M$U*~TB+OQt6)oPHtGgB~Iu zyO{e6fI|-}duu4u3g%$RyAm+uE6!P|sBZ7VY7(h8abr69H;a|p^!&$#<2dxz&I4O} z|MRF2|F_rQ$A8>O*_3cq-V;w;0&Aj2R-9uv;M1p$S$AvQB>!l~iz>DKI#w3_BTyc% z!raf7NhUG_pu#66I3^cd9LIUYcrDv5&Gx^X%K%1?6aVG-s2KlcfBw6h@|gQ~SKHPg zrw}f#(5{@hcc!q<>Uu3Uo#7HJlKwNakG8e0!X#K5fJ`<#GNRYUG7Y0oX=@f-X z2zH*rJJ3G6&0bf4Qqof0bgowsv3zBOI9=3MJq{N6U8r5W8RhT1BLLm6uWWKUA;{WN{P#1-BvRF|JsOA5?y!?N7 z-0$!C|1OF#AXSmc;<2$>_IbIXz3d8hTgw!0lR63566r!Nv5Zu(hD?w|dBR-C<`)7c zc&l9JTL%Dmn7L$*=zD>?Y;mMOj^c>pKwebG90mHijB*Xp#ut5g;fi<+q_x#`6d1B0 zIMP3rtG>=>ThWLpqW>!KZkxjUc4doazE4~z<7BApzWQ|>Vm<`z@q#0^GAatx2pZVc zNJ%(29D-gYhCd(}0fzrX+eB@KU^KFUu7%o95#toW06 zDAvG6?!!pITXilIbU5MAPlAPRfC~L%Bw^)-o<^(`H;$^2drj`cEsT~ggPI~b@)CIK z5157154X2hYm8We&W!WO#)NbEn{(pMXE9QUM$A8&Ld4l|Z zO18}Wzb6Uj2j)_^c-qQ|0aG$EmoaNt|M}HVK;A%XLVO}hT*TPOjp7kQE(txBCDbKk zSrj;(QXMVN3P!K5IJP6=N&Pj=0O4U4`EcGjPGc-vHjSlTIym{ji!ug(A{ z=hKhaukQ&ZF~?!EK1|7ITKHh+I7^X9OJA6Tz+M9OtaO|9DL?_^kTWIHsTuj)3-0^# zOuy=8#T|J%y?nA`z0qnZ!`W#xwv z9;ILl#IA%W%rN6*N@389G{|FwD!OoOUY7UyyEs&e-edH9N=6e6|8Ymav{E$)-{sz0 zWL3pGuB58z>x%J%*pF#}FZ2(ajmkuSzJz5rRRm)N#sg2V*ypFh7%MTGzS`7O92 z#1;-R)`8#W!Dt*$CWtD^JaSl83hY%Y z6vVIQdv^EC*leM1RfGLmyJst-8}zMOsohd%Y8mu4=zpC$Sf~G;9Ow1FqtlZ;{ohIX zLg@eFll~=CpU)_Q9vk`k)T)Ne-^v3$Q5onjn^J{*L*-PV;&=?AKqhNgt3^+Ky=t3p z2=tH#WC+0Kv`<$b`SRnh0%zD>^aNkIWw7TxQB#_}}wlD+= z6#p{EA%G8C7=i#kJju>KzJ9$C|L-^9{$ZKXJ_C%y73SHrt-h*nyMDGMq{`{ze?yP9eOaZf zCI3Z~Ot6mxdv4+iP;37=Jj}~~gQNZZznzq)D*staY|E|yZw2@(1-{HL(0-qn2gi`1 zp`yyE?Y7QWFs3prg}=;LQhH)8Ta)$Ww{+wxP}*{$Q!mumkSn~;!!4krEc0==IXa44 zX3gr$cxCB4tkGZqAJ%JBNMf5btb~j8+SY=}TFsvuAsWmOjMf!NB{l`ITwc?t5l<_G zWcaW(e8kMGkBN-Vxh+(r(pHblXBEFT;{Oj$qpN^*=l>_CdH?^Twec#MxlP6?!EWVoTDF9C$R$>#{~__v?<*z+ zt=0eX`Tq|OPX>GXzmxI=>AzZHTetbYBOY=jT+ImdgDTs;a=qp+=1Sis5%A%(5zStP6B6JAw2=>|n-S{S3fI%i z{k1ht>PmV9T_i82YgKq-+dMOe2^z#ICk=_}(zJu6N`6KEwsZcpN%zj?5c`4zJz5{3 zX<;`VeHvExRr&uPF{F3#Y63u={x=xp{r?8N<9+_Wos=iY|Me2vvfB4w3Tm0g_g_ha zb)J1InknZf^a$O^P`R-|O5|!C=4tcT%4G{@>l!Ut`yQfg3(oHrW511TN$aNI>oW z@8$RZac{8K|8`QI_WoB(Y&Rs}R<>0~1r$bK{=PS5)&0+BgoYgAdZ|Axb^HIc5dVKL zI62+#|6Pq<<@EG13p)5`n5Dbu$~&Hf+s3jV)`CxiX|-${9j`~Pv6{;dI9#qTrQULi4Jh{-fa zBbOq`k=OYA_eOsR^oLFCqP1%$>+R*gos=gi|Jh4y>r&v)h;rv4l>*goa4uV`)&VJhP+22%rmkE%jJhje z3OYqBA|XS~U70KNz&thv@a=L><`pBTMv%{{ILDRsF8v}vd`2oSi@#0Y){K($Jyc#6 zWzo<{wDvGb$mas^HUgr5p7B{PAxrHNE|)KwU~-SfjJS8GSt^zyBKPckV^qeKf__t{ zz#?Aq)0=Y5C$p6rU{)omZ;0J>4s1Dw%LKgj_`h_?9XE9YtmXg5M}_m>ll}egos=ib z|IHHHl>~61+gmOJ7_78^K5fGNl{>ruZGY5k$CtKOP9N(T7W6!d7^~tx$p~2W>UtER z(8J*r1c)&>U4@n{4m;hzva=rlZ|wRdOTGU`UjH8q`uq65J1I|=|38N7SDy8+>h;zC zd-#0WWxf61$n85Rb?3kRL1F(NogVJ@|1Qdt-T#l`_FWt?{QIhhpM&kcT z$iiDlnPfGsF2`)owkKdVIovAwj4z_f&u;a*W#iH~ac0@bgSB(zeU1+QSBzqmxvSc+ zzki4i8|1uxik%jU4ZtCgeb~z4SEJz}A1=Q1EpUw(iK&ZNCNgltalqkE>&iU`4cU(OG-TVLVraW2sPhqet3Ghb3X>k6l8eH-GS3}?a`LD+2?{WT{ zjMCQ6f0JR_>iMrryh?_6K`EiYuJPH&b>nm6@}*xciZsDw?Q>&|$VTVJ8kMb{8*98a zJU7l@w#9Q}8@tWVjrZm6QJTqrDDuf7Si$8lQOHE_x8^A2D9z_d6hG7ZRcGQ=3P^uC zDVu|ccq8?BzCI_vz`(EhW=VURS84ez3<=MQZw0J$XB5|DBc#+E8*C&GfMzIWLZ@La zg_2Qn8e8IDwo*hW&#b>(E8;!)3;YoijtV{S8EVk{1p2I|{V?|Z>cIgZ(bKec#D-u> zUdpEp=g=D9)h5#Zu-R;y?JfUCbdFtg=1Lvm-5RTWNw+8_6!V2nXCS^zKQk}S#k-{4 zhENLgU6_(;tZ)FQXcWc1FZ4T#xHaDL-Bs-SH|mW|xhM>$XjOonlyEpT*k&HMB;*i> zh+4{$Y-b4CA3r9v3bfgRaTJU^G=Z_tM-)vl<8+~BsFG?EhB=`N@afaAybgy`@aa>! zCz64=B0hE(RdZzxMI{=aR% z?6@SH;A!TWs;1xQU5yQ&~snpl}3ITSM65;9*; zPz^FdE$IY_$)zzuIVx%p`=<9zZz($f(wPZ|h_Ne5#%O3YDscH8ar+SfLQ`Kd)B2x# zG#*hxxZ;GI;@~EpOz;C}ciRAb`qZ5v==0g1S{KM_-)lC6sah~Ldul}Hh*IpKG7_HfBSw5=;m6{!S^y}VtDx(q1fo^-&SHNW zLN`~vWZ`#K>b9)XWIL1Ea7%}JU z>Qd|d%=rN_(558j$RQC5*$hv(I>KphH2QEHhhAoBl#Pe3)m}F7)xt4N&eSukUOyZ* zR7+AQsY23UE>Ng_lr(XOk`I z$7<5^Mmtb#1sjEJZ3Y8-B?VL>SKPzpGJy?WT4&VGj$YU6Cya|>HW@A)Wuy=9d>-=FBQ@0-4EVmk08%n8_aRrRTk{KD3fBJ!V ze3Lmts6#3Xs17a1aUS*HwbA+CEP`tt{OMA6|L1g&KmY6X`uqG}J1Nx*UQ9ZRkXz>M zRnB3>7cj!3xvC~URL6)v5Q_gKA&34I@y=pSmQ^XT{N7<<h`>`J+A z$-$LcI`%O@o|uG)-xGQ#Jx5hHdMi2jDwGfd+)iAK!2i8Er!XTBNt)GT(uDAR_TYTSc!U@Y4dl_%c z4;YPoq+Pbfnl!R|1o_N5zFz(K$x?vy;APDe(k!!%%Yya!(v#Y>uc-!M{mjV+jrc!- zF`uok0o2O>y?p%V-r!_^|6?a*Q#)6V^UIYplGR5s^~>13T1+`un$^EQi}_3i&RU<{ zcb0JYoyY+cd6*)X|8#xHhOLghQA@^WN@2*A5C0Irn3ERteR6*mE^b^BA#IghzKho{ zjrKn!KI*t6`+vVMm`Xuoe(<KTE8|5%FMREncgsv3OXz7$^yUCu7wi{l{w1)jCOS zSL%Eo6T>iKiuuBRnqmNcZNHF6tv+;7#4@t;^7&Iseyx#uw*cDjbM)GD~A)}mu?gE5Fv`qHfab`kX96OO)NBR zErZU<9SSKDWRjKc@$E<+jrsou2Y@yFf6zPb=k@=?UVqR3cTqkU|KBryO?)FseE-HG zKurg~L}6fAm$obxShMLNAL&0=9^}Um8*19z3lM7y5L=q`Cnjp_%M&b(<-akOVcOR* z1J|Da93JQ6e;w}gf9|HNY5)DFS`B{>GcfUy_Ubb9bICZgjEC2?x`C0qmyz~~#be3W zgovuXxXD~we0UV`~MN_zy02EKL23Z(tn|OJ(mAZ|MVm;|Miagd-}hVvSt6D z<(|I>;EVw>0q-Le-UvY8$T@xqLWDfPiS*3ubUe(&2OZHGjBsZTee6jZ4(?|t1UO_I z$|zW1jv@E~`9Ze%uC?=*fJTPajS$VF6?l1-q~48lBQc?o%UC1&uT9yH zb^l{<+$-Gw*q{IGrsOGSLMF{}{Q?MO)vb$-E^nJPKSms8E6F$E)V|2ySv@|1eWg9; zNT0;z6YNh?&E(pI{i;}3#fYSc@z(Ooth#e$@%xsO*0K-n`KTxROMnXWH64~6sk+CX zubmmbB=Fh#w>iwMeeOmD4q?YG%Qr2fFzRa(x92K^Q&l9$tgC**@M)ES)0(%NiJev) zy=*wt^9}kcA`+q0p zK(py72hV&If@eM7MFgo~6SY{D-z?Gz? z#w-T-3;~x=l@dtiWavE#9XZ`rxOLt$kP#V$ydo=D) zLU*AlI>-X<(zx}#<_lk90#l2Y9Qjn)U8AIQ3A?H4Fbd5`)Kz3n-yYqfGbrtSb xb;GDitSf^GNX&;aV!Cn~R$J@q|FzGnv@iRzFQ2{q?*IS*|NpkypPT>+0sy{!?*sq< literal 0 HcmV?d00001 diff --git a/released/assets/rancher-kiali-server/rancher-kiali-server-1.23.001.tgz b/released/assets/rancher-kiali-server/rancher-kiali-server-1.23.001.tgz new file mode 100644 index 0000000000000000000000000000000000000000..07acfd8f5583eed111be0363da5c714b3cd253e4 GIT binary patch literal 9104 zcmV;BBX8UviwFR6?%ZDh1MNNibKAC(@7L2`fn)NfPA;M)>%*?hF{A{P4 zH=Uk_qF{+NMJgm^TmAUoZxWdt2>W+9WdC-K`uty!NVj)9Jnq7Oy(7};4hOyA-^ie0JTlYL4-5}b znYfN)QDb7v{mgPu?E1O@j_61D?`M*{tnoja8D5~TjJe%N8$gd?zn?q)N8Q0N8vg-| z|52xZ-2EHrG}3xW`iqah;W%z!1eWXgCoMuuBQR`ts>8p5O?AsXG?szewjAibZJ&^= z>C!g6$;-JBn6pd(Gix%T&I!>1Z%MVxA`8#GwI(NJ@wT;zoyN11(8Qn~n9{semyfjSRbUo_&@XuU_cIPyh(WMWt6eyyX2*xqy)L$4T zJs})++wy^0ZGYtlbe>(uqc$~s+Qz!sB+JCu^-qXxIm`Q&v9Nxmo)3d^LT-=X=OX&q z)sK35rv=n9J!=uLkN-r_#PW&Z5O+Zx;=4=Fqy+l+D>Vah?Ro?ow%{9dXGYvH{xrsx zZ3U|r#G}^?r@$q%AXxY(hlh7}cOju!{Rs^W%l370HG_umKRzeugcv^Ym*cjHT!Y+M z!Hk%&s@%Et8=U~uTf<&bEKe>tDZcW_TO^|1nz=|J+2$0gF2^`BhpcJ-|CVK9A7vrW zxYK#TCG-KZ0_p_GI!MmB0VCuc!tg?uMW&Ba-8{7BQ~qHDBjAp(Dtb#ZSbDTIH!KGz?qX?}&lomblj>u;!H9&5VGoK$ejU zcNtLf@!|(iBW#axHBxS7a=gNKk>#P51O6Oh3&3Tw{dv?K0x;_v3mdmir}OP z2!L2Fp6TT6HE3LO>N=El&nGj)(uK^45eS?Vgaa3VOkDQ;1u@9^1xF7XzN0n>Q>wSP ze&QicBc>Q=jQC=`5`RHW>)JAjD~1T5L6<=x!}dY(yI&E*1m(bIL}wiYFs(Z}2B2;* za>JoTy&OOT@Jkv5pxpQz*4&x{{D?khfac6HXT$(HgM2W7JfPHJfiu?u`oA+4INI;s zKw#rK_6q)TeJYhe7)t2oidFg^DRL&1Mn2lmGwAx0R*Pv~BSrbvGy*iE*T&KgaPr+@ z(Ma(PmC;rUXCH25a6(#>6Y~3?;s=|Z;5H>`S3$pPHr%(+{RSj0W}QmXE5CFKQ49)L+5)!+wOd_#I5KIc!V_ zDzu(!vti}U$^l4$hI!9h2cjy&^g(KAL`(o{Y}1I8Y@636+VkhQ7c(Xk3-=I)JrWy) z5psP&CE$1#?3-3t1(a16XA8?9WZ_QKzeffvHSvKf|D$O0#;enN(_X^1<%InF)mOi; zPnHvXdd|Libm98AQ(J{9uTVa3gpzE{jVT>1fI*EGu5Fn(gs1kMvGTQeu1`&m1_&Dg z2gWqoJYmaI*cKH(siC6@@k5JQwU6bp{xg%D}NLFGLVjY0pBS?(E5G6Swq7Ak9 z>RGV!3|1r4HlQ}w=QWM@7J6Vn!7lqH^?5NzSqEf!!GDR|$YnGnbAr`Ewh*{B&IVqH z5du0hh6OpAv(eOg8vll~b7UK1YO7?rwdmal7lJ5$ZP>tzTR;pLZkQLm-6tmXg3+~Q zQ?`7dzqhcsMzE6-A6u}^vYb)i-cSdN_}0_`Vqyut0J+|A!bs@B8a?XZZh_I)v&{4` z$?v@MH=S<~S;^WYt2}e(uid}D{3R=!iwTT|N|8#Z74myETpLRJfN z6nBzunZTm=@Fy%6z{D^CEG}4JeXL@}rieAf|F5$@eBgqI{ceBwg#8U=knObl-}DCk zUZ;1&Edv23B~Xf)8D4R|cR{BB$y48Mxq1V*2P(d(?xPG*~s+d zch1x=R1nDD#Y#Sd>sKwSe6xN*Ws`TNC`F{!9d|DO|-~AebY0T zY?HR+tU_EUD1)D91@i&rPfOHOm8K9k=n$>YJd=aP?K?o+IA|x z{WoyyDit$_E`_jMTkLPHWe6?weT^wr(5ZSq>Wb2f!3$PunTD=6@*azG=Nb|FV#M*)B3a})jAR1RG zMq)2D@`O^sM<|zN3auQ9oMe{)1sgJ>H4zf#TxjXp)l%v_jFjBwNxfd3m~~hh5@$Y# zoqWWHU;}jME&|oOt*M!9uGYoAiH!))S#quVkpE)JQ5?W+>}Pi8Rb4zrJY*rhiY@Op z21%Ohi41DHZBcF=gc596B8EzQ0SCh5fqDjzegE8Z z$Mi&L6mfY&1N9RS(FkS*Q$_qEcMV*Q0c!KhC2V`|VZ1d0tsl;)VF$C{;-FdIGKM3h z=RtO(a_6LnTPA4tnc7KAzKMrcC*=F9tMkhg^rVbR)<{=~lM#2nu<1AKSJXCEz_(ln z_UL4w6j)GTp_4GH*9r4%>z3|^;8BNwI=5-oaC&z2_Q%(w_owe(U!I?yy;dMG)7y8T zqQuAM+M@R4f?mhJitp!a;G{mOhYEaH_SUtRbNUWdfPD2XWo*piBOzDyU7ISn!0w!5 z0sYl~Rawj&TjhBQ6BiH;6U8&A-(F9O#5sO89+|>HtKTAxP3f$LphSK6TF{MFXUERg&%>u2^SBtj^v(KfLpJeN? zj8w;(S!4zMSWgGsXa(}6prX*!Vvw-c+D0+t(rY+dFsbml9kM!;U>m)*!FPJemXZ=p zkOa1tn@C=F!H*+CQ*UmY8}hvLm?lOdV|^rFKdCvArbxKFtJ_&*J02Dzo`Y_(4ZwwkLN| z8#@HmIC5+hk{H6LO|axJE2FxG)kZn`ii)e}VXZ2-s!%d*Wouv*J6wz^;OEPj8M+Lq zIG{4LbY0Is9x6Hi@u2$~`vH~t|MZS}iSwVM-eB+lvz3%Q|MA9#siO;p>si0Cd9UAm z?Q^Ll4u#J6spAEzkDHtdZFt_}Ep6`l3h2LKPPHfGXHDZ?1d8I`77}o7EPVD8mc_!g zVBgx3(v>?#@Sm`>_+P-BqCXC8cglW<(<3B|aMb|*z{?4J34fqrPc%MdI!Bw>pnP#~ z!c)FY?$}?64&VW^!}J5~1<~+0E~`rsGw@Zkd@6pUqca7Hiw_&%gZ}@%Y2c|-79wn( zpvlh$GRd->B1Mg6HZ{hNnFHv#&adv6cTN0Jw@b>5(B-*2ANkO^JN_LP1M01O(BpY* zwZy)FinzqH2lcDs*zvRWT>B-CJ*brYEDuN3rsB^U!=z$4H_)hWK>Jzr6f+gC0x+Yy zm7KKA;KZm?851nc$K^qg!IczKvx}EiCMN5)DehmCHY>_yw3ei3YO|09j+H70mT{#f z3tHB7oC2~W8nHl9d<|NZYiIH?dXIKa$;UPy^g>-{pVFyB|GT5(HX5MXp$x5|4VLJC zonber{|&m`-d_LPMyg_Pj9o_ywLocB$j||kCdRG!|40Gijx ziw_^JUVe25>g=I#obwMAI}djOl=tx>r@ue{JOl!O`WxK^Vk*kZ} z8D#x9VJEPM%tQODf3%c++M|qr$@+i);p+9J9^40;v{APH`;eK~|8ldB8jqVAcC%}sME@--~)&X85IN>)5UMfw$=VsbpUJwEBWePga76__! z6`Y@a(F#S$`WNhMGZRqR{r}z|dH<`|8T9w-e;X-j{|V*0xNWlge!m%>rcIo@$eBNe z{>KZk9A~PY!nM~wTvX4a5;o+}H59#DnCoSV>0(y8EcX$HEmqJfwnS&#A(4$2Tb{Ej zs^g(T5j~Q=qvhBj`Wyi7NZuh_vUH4mq3c|IFCcm37MKeOJv>%bz2A~eGe_XSHC_9J zT%Bi}ivKb^Gv9}bT8@_!rYvCemCmWN&D|$ zZ~xs++SF81aBDIiVgn05A*VhDQ3!+SkiI^65ys@fI414(#PYEMMw@fcsBsGubHaon z27L)F#~6Fz)-qTWnN~`R&B9lxuPn^Z=U~n4KUp6NJ{CKn_@dA$uHyhu8Edbxd!y z;8r!5f2jJ=*OMu|ii*i=t`~G-d7w=oH1|Z<=v0F$18;aBVGFNp3i_=(Hxp(Lv;k`@Mbqr>&&2^Is9>W%u>vy^*3;Dp~*X z=HEstVA=W~^t;LPpYHzshwY?I^}k&HQRE+5FRhI`5Sp5r2G4uhG9(F{H8x zA-A3I7LfpNjw68y@fZ|2EP?>Tlap+az*IEJk_# z2caE4C+}Q8z=J1YhQk*Fd<*9ID*k!_^PTam1$#gOb8hHLJcfWQ7em`Dkb&aE6|s8H z50&GNr{)~ly*syput80IO#@hL@_`La^ffXKYU&9Jbm1!g=*5IyV<<%B>IA-0vGn;{ z1PjCW@pX#8O(1GH1RaIgS58)T`o;>!J2ApOFi~jEmBSU@6V{@ZJDwrZmw2^AJpGU& z8j^HM9SpBQCmip&c;f?Q6yYwqreVJz*Pc5MX_=2F(Gu@QXu0mc$#PK~qIB=sdnTHU z<(vzX*|nomWe}s?1kp@p@*Y`}(ZYj)z0Yk!Szra=rE@a?j=Y;|1!XFNos9Ee-bA`a zQA^6B0YLre$$;E;lnQ#Rd{HZ66=+cq${gtFV3jeb;y4m#;pb$TDv|#qU^xqr4SKM6 zsQW+NUgsz!|2u=hUjA<*{r)?!>04`l!WINBO1xL`a*kwyiE+ZYZ3~OFUf(b9IV9xb zECib1=zQPMVg+#}aM6@lJ)CK^qarNmuXsm3&=26K~h*blTGRxk)uFvi7I3dohBGhWu3sye$|l;tAbE)f@`Av9aOugB366VLC+h1 zg|IkdZ^dm+BmMvtFU8c#G6J)r5p^S++lY3ov+)b0e=zTC)Qq(M0wr&xtv{vtGd5iN zEkRSN$cQH@i@HBMWT+SD?4oNrzv;gyD5+@n1tFc27lWYmt=wJYhCz>>A5ubsr>_tz zQTzc_{U%(U%y6`oR_2CdOzEUOUd6XG@^!APA(YYGstsb2gzZc`N_Jw(Sf%SS%a4<_ zDa%CvqtDsggmSkiirmEz?|hNaMSvXe?yxJ}`jyZj7}#gTpUD^Q_Q}dh?@LU4YH?vf2r_=KmPCU z{!>lOJ$UM?+~7HI1O2(Ce)@0xq{Xz#cs$qK_IP9UT98-&ve_zYQas((2({%ia3$1^ znvC~8`kqDYD7PtUXSMgR)JCf?3ataw!7k{O-oL}k4QzGsXE7YN%^oVEzB<94fd+yq zMq=f`XBLvT8nm#xdC+7K)=&x(jmp)TsTqhurIPzq$Xrk~OYGQ|j_^I8*wUd7Hxp$@x_`+Msizn+ zJG$vTdxRl?rxzj5tLH5e9j&hH|Xz<8tkYf=&FmM>yzHXv+m_Is=j*Bo5;Szu7;Yr(~s*F;) zR{mfm%WiSZ7_WPnG2>5XMrP+|Ghgs3Z@I3QFvn&vutb>*!lw(Q$(?PouHOCF+t%Tw z6_o}WlMosUn-p0OP@=1EWUn)46Ncps+Qdr4<`!2a=%<{b3Q9sz$njKu7E@!c4a+7P zKI=WPCd^(h5RbiBY-POXeb8>Bp(z3VrLODGbn=rG%=pm@9?;O>1p^h?$>YRlAhB({ z&8w5wP#GV_rh#~T+GAs50E*YwFfE;AeY`z{@Hs{?x*$FxsK1_GEb(cVqW#0Haq+Z5 zfg^dOwSFeUL+|n4x)lHmx15Q^Epbo-%f(@>peuImWt29xSz5L^I4==#FhDE zv~+Xd*UMP9@tA{|kNsxYoIqQu1At1;86gAON+*(kKekzVpSF}r&VOK!Lw$e43t(mb z9~t+5kGuQ$|656lXgR1Qqn?p8TPwZ=oOC&ff}Q|8^s|*NC~tY)-FHCA4?)-1)!pq} z)K#S56BY7jO<@VMC{& z2Q0_B>CO)$qx4~{okPp_p>K!1es}nU{f+Op0=Dgb@9U%f@i+aipOxb%5JUYJc^TIR z1#WE_FilqntCoiZYgJD3gq=M>kl4G`MfH+cLPhotrItBT>tUcgU0nkOEl;cZeC~LQ zfKe=x5yog1dNaOhr#zj!{>!DI22SKGi$5;Lj)&HI=Pg~m{KmL47ERp$#`tezRL-60 zgT;UAb_OZ`kK=v(_wA(3;=g^%r^cf`0|aP@S8QeEqk>+vWHbgfh+R>vN(@ssLMx+u zq*}VV$quD|jNBO1ZKgEhtj}0CnFtrnFAa1c+VhnCF_5-LNA#Z6xR=OkgMn+bS2f zQ+0Y9!o32pqXZzO^E1m2+^J{GAB_a#6&_sSQyYoivy2*jXZ0==cstnLJI@LN>NMHo zpW-05*y##a(btv#g59pQ7c7zgz0M$c|9g1U+3)|hl6F@9a}2g6{l&vYg|Z*5MI+we z2)MQbTQFvwE!O}9bXb%Ns6ZQ$C@MA*aI+!>O<;Mv=3L2(YRp*_v%EU*!rT%neS$rB zK-gB6;Ms11RPLfSnHc0V1Uw4dz_2rwj;O(6`k3y7=JI0Cb3LM#cyziNFkNri@|C?K;=fd^{55U@8y<1%eEVKU%kCO3UhlB3k{|gZf`` zqBW%h3XSg_fHK4xnhI`fn<&=|vkp$bE?S}bk<{1nwWM+1szgs$dPyG-* zpSq)K0smnsAX~{J!gq;$)jnh17}H$pok!U@^fN4b>7~R)_oy0Gu0{0%3suEqv4V(hlTw?w*S0FnBls9l2Gkfi}HYcxsdKTrRv_Kqy-MDC|%-Joej>%9oK0$hY~#Hw~H*X_tX8*4y3`+g~21)*Z z-0kh{|655r$p5n@+QXav3#|T}fBT?6-d5QcUNMCp3lmYZs#Q4I&|2y-_b98`BKIj< zx6L1ld3L0xajzZ4`Wv81B~}HRblHmGn2WnzT@jd88==TQ4g#32}S~# zRp4`zJ|B_Co^Wr@V*M%`6*J`!T3|idN(bK4`+&STtGis(VQ~Nyc5ypPr9_3O<^K`5 zbC|4^)qzs~k4`fF-|;^F!HTrV+A8z?;23>5md3jNUk%28>kPWd z^*-ts0>+AF91M9|rT65{MR4)IM@t+3$;okngm9&HFKb&Zd zFa2cjr*&6-_sdxGYO22eF_<#GTV2)bJ4$8i|G1x&|ARsQXutlqk#=zXhZC*w^?#*6 zmRi63ly?9qoE1cji@7_&=L57tcA>;BDLp$=0G8PhaxuxWA5`U0>&pK%u6=~5Wc~NL zy_EbP_6Pg*zm2qm>pz-k53T@+=#O~mqa^S%qB9Cj{w2o)AJLPkfh+S$)7&|#x!8^f zv&eS%Udc;T3!ufkYF8q!h%S{6PO>Op-&Xn<9sbvnE@{jkzG8nrVZ{nQ@4MJ(j6w=4 zm9RcEGWj_*CKNFE+?T)w_1&dsQa|RvQjrdp^U>eo3GpTEi~cI9rvGPm9Yau={?|E5 z#s5Cu-~ZiC+Clv9tU+@LqXxyiD(z^CP)3)$g#3tW=VLD$z|LYF-_W!M< z9n}BSiMA~Z;2CSJ*aXOKjdQfteE&s2Z~pxkfz6lk{!2)u#@~Ml$<*lkFONi@jo)#} zp2FD*MioqIzvChh+2|b?fl8zAxCp#9e8(k*S%dGmsMu}(j>{V7|LZyZDyiK5lYIYU z(CO~w|5nlt%Kry)`n{51^Zb2dBA+7x!qmt9`6Cl{VrY8^#YX9qZ@eNA6|3w3OWRzB zF`jbfEP>T&pYwP5>d3kXgcR^7zE)n31hQ^14RUe#HdicILDl;x0;Q?#jtzU{hrG7| z4Wi0POi{=3q)Oe+NqAfAU~UiJFq8E##?7X|`W^6j#qITA zZ~plUr|SBj<4)+Wb;5s@$A9T2<9~wwx4-|rm9&HUAD?KA>woV7tj^#H1yFp*(*QXd zQVE(F&cs$_V%ftnT>TQ&s;E9C?Pc@-!p3tVBvxo$)~we&e^cFd-31Kcw34B#2q*TM zIzk%(v;y;1@p%k8iJGkuo;3Tt7J(BFNs6am%t=cGso(f)&XoquZDpFOmP<;c+tl%kX#~|7AOA z2jzcqqBW%nH1+=L)I?vD1?XjsM~PzaZzwkOGjs1b1Wf${4v#=oDhNHl2#5P!8r?|!rm$L6Pm|BVb=#v?Z^gV68+ z70Yv7n;Moe4|2;vvFqy+IHDiXzn@9+^Tz*dX857LGUiSzZ2&z+M@NO@f7l<6qVYfM z4M^{>cQhLPjr3Y+y(0a^$KP;WFEm2ibAyu(A*K-;jyKie-_W7D?Hw4)(CgYRbl-7K zNZxemn!fd7ZiMD67r@N6Eb5*RE%cXE%Pq3-y&K!2L3euNpOCrd+M(y$?$k1Z*~Bw^ zE70SQI%^xN-SiD-F*EwPFn#)IY5Q52y6O4U3*eu*4(-lqIHSt|U@1^UFA>Aen6%k=F<$UgoPK@&S5hD*E!bxGhYeUlRC->=jR$+hPbY}kfx(486aCiv5s z*p3~po)e#5Gn_(?%))RHoE#k7-rh!pX7w!^8nzSYD;eUKiP>UD=36_(tiClx+ z+To0tu&TVd{TsCa>W$$nDV8S}oD^RL&PTes z^pRe|oZMj4n|z5%PKtmKS3 zb3PM-&W)V3e9rdzormUj`;<<(@*gl)@$Km>Bv>1SH9%(y61xX5pa@Qy zkN}9~;;ByFT!Y3nr=Ck$_X09QEIr7yj8NdDARKxC#PZnp=foiA7aToo_?9{#OsU@C z`iYM?jhSMgG2)B$N`eJ7?Q7d4o){v423-b)4BH3A?`}m56O@C15uJ4qz;tfu1b}+s z*o%f1^>P3Wz%OYSf^rjZSaW+0@MHR%0h%-0oDl=)4D!JQ@_OJO;Ap?| zLV=CvIxG0g3#e2AVJM-SD^}@yq{x|28u@5L&!Fp%Ivu8YjTPlv(+JRvUK>j%#L0Jy zMPtP`Qbs!+oPD^J!3k+wC*=1(#Sb<+#cw$~Ia&E=&q0yIieiQ{!*_T4iJ~d4brXNgu7!B&r?EqDwK-3@?9g4fCG24n$Rk>Alp_h?oHO#Gx@M**33Bv}ez7FJ@Slje7{g8H)|V z7`eWn5^y{l_Dw6S0?Mj~vxQ|4vhXbR@38?(O?=?W|2W>f@#^%>be6DfIUzrP_0=!z zlkLWzp0RH}U3dZR)K-zoE0oWVLP@sg#*~g1z@Wwp&#_G$!c*tgSOr=#H=w3ZLxhch zLt`3mp0MR9>}Ergzfvw;_4 zgn-UWU_p-OY&5lj#=qh096QE@Ix3lNYMw8xHW|4iE!|8|DRX_mN5caC~h$ zlr10V?+q-jG3=zo#|~_>YCqyEw85&Ij;AlvC4eFM7B zpf@<=mVuCy5-7#Y3@&`X6Y1N5?7sZ!qfZ z?SETI-EKEwZZZ}NW(@miyRh6|M#JBUSY2ec`2Bauzy)^_(?^%uqegV{=bxgykmFEE zzu@*U{hj>GOEK;vgvIZ_cME{?QV9AF0!#!s5jjEts1cncm@2mQBj3s>^H}EdMk8L& z`8irKe^Br!!$em7AqS(8fG*Vx1`Oo711#eM(+Va0xp8;7^rw`|0P*F6Yup&NgG^6; z=S=-V1%dostkje^5|Gv%CrnPF_v?2QyM2q}0Fnxo` zHfc-FE5wC@GWe-hFdtCOGfQ zPA;{SNu1I&(%lHXe*?F!Q!#hwG6>7H#s216hR{OaHJD;0-O8#;aW$EFhIvuDHKAn2 zJ2NE3SY?&UxE9MhhpbDXZYt0~wod7~0K4(3)hn<~e87!^G(Ss7tR0xH0826oqH&dC zEcQ}kUnmuPgbG=v(8{66Nq!knupu*E6A@v~g_fRQEu+rENXc!U)a%uW*@UGbaprT_ z$;W&MHb4j7B2>-Wnwr_=YF*-+*og3)CD*DC_%Eg$B>~(de&%;x)x{IULlzRK*z#_J zpzdN;l%Wj!c>&iG+)mPzY1ZkLz7|K8$e^~{73J1JD8+^)VyMKIa3D-RsAm8<2+n

b$*$Fo|aMR8rcd-GUDzRHvNY4k~+o;_?G9w z9-R!80t*T()QYkOy(rJIZ|Hsq9&`w(dy{1ir)O7hetb24cl!3#<@xE^D+LlWy?qBN zN^)$jZR%JT^g8)fd_QLcC-q4^QsASqH=eVc)3>Ms6sva`V`Cm4iMVRuIaI*~cIO-m z=&$~(%3|i&D$i4xxPWkwDxO3A?s`%r$?@~?$Q2G+^A>4hO6N5MC7Q$MT1R;cyo{C^ z+cRUq9S3X};nVXsV(S>_-@~3tV+LzIGPiO!4Q(Up8Zqb(gO<8??eeE#4)}K9^a3lC38) zG97DYk(KmgJsohP708!@ib7k9LBd{Z8^w^zuHk&aq{8QR$ofozZS=YZ-|3}WN=r0B z64+X9B6+<9KaPk@y@hRV$n¥i`3m^{rUsYhc~Z9NCy%ZoY)lFpIX%o==|SP)(j9 z>3F#ElsqXYw(zW{MH%dP>8UbRk|$FtwJX|B>?Ps%X)d5*7M}!Go6Xn44?3E#J$Y7R z>=0Dz$gxpKV+fx%!IHzQjp`a!8|COLF0P)3b?V@%Ldmt2t$|VEa51icpDz<;=qjX= zfU3~ab-nm_sN(#`hwg9e2UO+%GdLWi&VTT){rS%}Qu_SIpBSc&E)fOBIJu%ECj7M>0J z){c~}+%baxgr&v*0_GI|ao~7U_CuT=Az_582Ji=7PUuVc0}Xqk@hQ_ey2JtHi-QxM z@?CPv{z`QK513u1A85~shR1PvU5c4OprRE}@f#hTDNtN|*Z?2&{|`(9Po44*VerY%wwx1 z@dZ@GC7wN~UlqrWpS5S&FG=h{rQ~OMII0d6e>NB<70bDSMtuX?&!eZ9sdyED8Qtyl zq-_T$MxEN2U}-)s_ks+rq=cGXzN~UFS+`Ab|Dv*4Q7)&oG(|I;g*Zr0 z@~-2QkR{cK4U*z((4ssimygjqv~x;6w)vo!>N@+BO%?jzEuD1H0M(6TXajAqLjUWH z`f2@d*zfoE`rkHE9fM=yI$ER!O0zGH4}{}faG=&FQ@fjwXz+F$*nqwLcjWc(}E|GW2BuP*iQF5IMzs`Y;anW_CB{Ig&G+ekn0`v&Nj z&fLfUGj>H6H$I8y@~r3RZJu*Mv2zvqo?o*0Lw?5P!7q`YMt4_XivPmg;U|>3%I#6x zjrjwwnYXZh(aD?mo&b6RtVrO2rrYT}!HWbZ{3gK*rRjIvO#91oA^^U~KdZ;q#F8z(Pv=1-vi z$wDm0ovNpB-SrO_)$^#74LNcRMei2odYNImn3XNdeS~3)6?V!k(K&ZWWaH(Q=e&yQ zc&JcBkEHKtH8zMo2f#a0bO@I&ogiQ2I@jC_NFKR`=0ZY`j#X9fw{+9Y5jgZr&p9Di zXWR*>$QhY=zeU*BbigZgy{q4D!uu{uy`(#QGvD{4+oL%79R7SUM?Rmy zK~HVsw|J0Kug#VYYHD`yJ`Q5`$1m+3za(Jp^`|d4RqB5@<2Q5ws?h)X$D?7|{yW^; zf47r1HI8}>t zss{59RX_U5n$oMdn7rnCK`q+{Z33ZrC&EUj8dMp0!v_gldSz44Z{4|>GJ7aL^G_Np z_`iqh=solQ-f{0R!~X|+{=b#fGXGCSEyEIN-pr>|K5u@13VCOay-~oCZV6M~3hVX- z3;1yHhFK<*6`n(%DJ;S8Ee&TFQ46=z9Tvpx)LmVg-a^J_tF@RLq^kHo(Vk<2P@uiF z<9{BGhWq&MTS@iKf5jEBhJv7q{}1|U{r~9ba3B9^E2--ISA==leSLXvq-c~X*1x>@ zw~-21wf#z{`_|<>5*Un(~vxIs0;t|ypPKT(aH{jHKHkp zz#0Z;*0iTjNsn}yl@DP)z6QO)A}241Wt*Xr5ztU(=AD5=ueuz(jWS=#U5Lgb&??YG zjI|>6rId_KPNMZEp?4V~cy#>X<^CguV4?^vZv`H%@1kEEtHwqun{#CM-rNqO1~v6H4Pde92R1a(*Vr_usV6AVg{$PF7Z$z7P>9Oa34Enu8Su9V z7Df=@>lC4vLezE%ItsC`oUH8hjTKIIVvK!YqR^Zxhbz1%tVOMGJR_tp@oI^9`XNI! zB!Ua&a7@Z1357CYp@p zTnLldwc}D%5aZnh(M)FY9^2M<;lse*6}F))uoCdnxfuY*-p!4IGL^wj$N8^rB3q-Z zCFRiopnm*hKw&#d1wB!|tQD~ev^WT50rYIJ$^=w#9Er2=bFxfT$p100oCU}RJzU(^ z{h$7zcbJj?z2RUl|F@BT{~g%$jXghM3j!A<-m7>qN3y`gIN{v3gT*?p?iTnQ5^`}C z0!?sqzHjKTg18d6XiBXf&a}F55f=1Uy{RXU$W*b&!oeJ03M*%_X=TSS(ZHwA@?cFc6(JG8W>j~;$7j#PR-s0s3wz~MU7_Qf44;9fsonTKv13?ud zwesLI3&~p#TGZVlXfgCh-s#XAaj zf;s9@LD{U9R8lb8ZCD%DDV}4zTh2*;)U5Zg*Ce>ttm*k%Wxv&Y2^`n&7J<*qU4$;YpQfACj8;YZ}M zUMaS6>?z7{q`aPUEj5{u$-=zPv4|fSI0&6UH&Ht*9-UUlMHq;1iQo6|WNlG(Mk!mX zc(BrCw>V~u*WJ&U@uxFmvva(eFL{->TGvaNV{;f-s!R^yvjwu`&No@t?|$NK>*&&o zN&}5a2#tkJimeAI(bYGy*O{{^!*UL75+xFIi>ng!Q$bM$C7~!3cq%_ls4>@u?GO#0 z^|ow_+3N-3i5H9QocFw+bh~J1N-tlj{A7nSe)NI|G&Fq9K*e_QB=H$YY#VR$ z>f{wv#)q+KC?22o+1MC>;`KF5OE+B~Zx11Sj!}Xxh>r;BuV)uaa@u8Re?MznJgrdT zNFHmgpULphJG{4Uhrq&Z*Rr`K4r*YzB&-#5<<@`^TyM-W@mU!6Q&wRyixi8vHlK`_ zZsGfSIqNnVb1?U@-yEA0XiH51Q0X}%WI$KxMEdWCHcRi*mQuy}5A1Ph5Nvn>tjhl* z=l<_;e;@yUD@hS8Pa4UnrzFeP%5MRuT~6YlCjbxqY^4jz8(w$!9Z-rx(6x4TcRLq# z6)E_L1p*bIy6)6=@8mg3Ks?6+84YsWB|ZJHr}vnu#qY&-Cx!{K(+YF}=Sd=L=oIvT zf(MjC z{SLl>PVYp&$t%$wc^k!5w(P(}J@Y;Gk6|^ISdC%pV`0!sREVROle^rdOzM5SI~s#b z5VTr}X>|(&_KRdBe)8DNTtzHv4-=B?ibcuReB)MrHKw2pPm}Lkb~*i^pkZ04D#uS` zLkD4*xg&-4nyj;+2fy* zAh+1*8duTRmH&d>uC*7ekpJlHpO*iJz5V`gD`{utKgVEO(qBAWR4V(?S~TVjj)7~t zumxk**=h|yK!-)SfC{t~iK1d70k4+OFr;q7bw2&A3zULFQ#Dmk-fa!X}E}y6~cYP}6 z0LbcWbuhW5lfW}S(y$>Sx53%QsBobl0KeEw;;VSEs+S7Lq9s@ZGoP9iXtkjRmci~K z1vVeU&nuG6J~c`8^}o4o`W|dw@Bpma*ZcK#z$*LC=rA4sbu{en?LS*dJE;GqCt6!N zpwRf;v}5mo_NgklN!q3+0tjuhmL1h)FP&11VKIK&01sS zSzQpl9MqVD8ndhzk9EY~2e$=umJtorhwbM+=p09Eq8pN;=J+WY@)C+(p8XVqI4`rP0BjT=(mH5^6k zR|xOZ^Ec{IfVK3QHK4iihI`fn<&=|vu>{+m?S}bk78wjKWM+P!zgxO|PkkRfpL*kK z0snp}AX_OS!gr~B)jnf>G^T~rJCCyq=x5l@($9#C{$V|;T#M=@7OI-ZV)sviy@lX& zPiyY~=XehbF`TrdcM@jiV==FPh`M;I4gYv&{qP3+HL|gs; z{qb$ABES!F4y_a&0s$7|$r7&;ijA*n0GqVKRjl1tC=(1i2SNB2frTS#y46q+Qa2nG z`<`mCVHch>U_{}?0DWL1~{{Sx_PA8rh*5~{@ zRq+4baFF8vhsQ_5{reAFNju2@b0%8rod1%wLB54XN+p28(M6Nk)gl4)87jo}*FSY{ zyw$zfe}=vE`!7eM(cymmZzJvC`ezfZW&6)7gc+^tM=8~gwI~nBmka5hQ>o5b0f|dj ziT#2`@+E(PHOg^3jFMmp^|7f2l0Zf1j)sI?u8z!YAXu*u!|$oFAc6f`+Gl4Y)R+lf z1=FsStZ8>adHaeuJ4 z|8FJjApg&sX!mdWFR}V_{vCk+cvELzc*PWYEKEerx>n(ILu;wW+@q{vi`=Jd-8O$H z^C2v3Qxq3oj74o0Hu|=mlap4DObno6ksK zdSlzY_G*auv-1yxIjq$&J_$FsvAI}E_qG;pA1*wL#kwv&|1G%^cyW12-qtlCmv+jh z0gI0(IqAk+bfbQ~_R#SWAI7ZH2N>^Zroz^7W+roCeaF{_a&Ejbq8`-k6O05ft1#du zeLf-&J>g!TCHhr0DrUwZw8VO{l@7e4cOiLw)^xe3!{P!c?BaHoN`(s1$p0hs<}g`n zs{@t(AH8(^zvF%Uhb^TYl>eED*81i@*Zbp&wN>T&!7=)BER9Y5zgmp{)*JTI>wg3+ zVZZ*jk#>9i--qR|(Dkc<*VpII2iA@MwC2)hsapQ0<3A0LMtl4JR?-fx|7fDMzVy?< zpVnRV{V!w9tEv9_$6(6%ZgpL+?>JSh|Kp>y{2vaFdi(XijkJU7KbmN*um39rvef$J zr=kNu;jAEHT+BTSpAXPV*@Y6jr1I=c0a#^2D8wYseo&W3ttIz9 zbTrtn|81llT>tSzyLSaZM1RCf9~FV05uI^l@~=1^_<){FEnJybn&!???ZtLPm}R!Z zcS>HWS_mx`Rl5>-Wpt^1aFR#)=C;y@=_lr_4{YlFIab^&D|EoUo8sP0@vq{hSgZ=R;tD-Z)!n8`bknx^RiS{O z%SZijmTmJ|)ooXgHiJ|+eBl>(qj8_sN$cAGOvlD&5!-zKnhMTjLz9HQ#>`(A$6iMPTz~y#EqWsrC0?A~Lo5{>uZ=XXAHV@~3dV zf>8&P#_zZYL^gWIMWE8^J1zpR4c~D|VAkS0E-H4LzvHsT`Tu%Oze=jM|D@ml820*m z`M;I4gYy5LoPMt)*dl-5gvjSefG`cPf5F&wW(BB|1}a}wSbJ6PDm*9;{>@gcohA~M+(R&VnV>di+8pK)_&xPAu$UU7Rp*qeX; z!l}Og=Xw_XwMqD|>i94Hbo|dD)Y$8P+eka8|M7{|y8ibL!0HUHPyoe;A`OtEA(fz+ z;aZL=6RRGM;p&&DR!8-zXfL1tmo{DyA+bj5vSzd9`J3vF=Ph6er?m`SWjL|d)DhYk zpp}@n%FkoiNz`nO@TB?gwFsPeNK!ogVoq8jNd3lVbAdce%#+p?Cyi00xVjz8RYD5- z*UtI#Cfz%|F>D7}(7pB1kS%Pdqr0JYHGKc|PG2Jwc!m7$kB-yvUq;9K_%GW@J1GCt z6Rj;xpsn{`rzZNMEMSiYjKefQI!)E5JSr4}e?z$`d3{#@5NMFc!z3mv1UH^ySYr_{ zBf=;wKMg7sml2kEu}+&J)a=1jCb(OpSI)?7LZ=A3wdqtgh4L`i4RNtg`?ODAQ2Kvo K61R{5FaZGU&n^N0 literal 0 HcmV?d00001 diff --git a/released/assets/rancher-kiali-server/rancher-kiali-server-1.24.003.tgz b/released/assets/rancher-kiali-server/rancher-kiali-server-1.24.003.tgz new file mode 100644 index 0000000000000000000000000000000000000000..3944887a4b98953a2a13498eba60b21ce9ddb20a GIT binary patch literal 9246 zcmV+(B;ng1iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYcliN13D8B#x^eOP8eJXaYMMMr-@K-@=0wNs%J;7P)Sm(G-Vz*=t^hs< z-n*P(F5Lx=!awb!^!xq(`RS?tx8LuV|2-L;o&RYtytp_!8=MUk=v?4#N?unl4?R z2QMQm{aGb|83_WQBjiY)fKyq8i4h73P3|k-#+=Pb0HQmc^AU;|C6aMMrvVnTF~d9% z?((6lDO1hn102RPJg9`p;X^|BDoodB9GGx@7P&EJ5y%-NqBqY&u{=;EJkC{v5a`r*6L!fbcnqrGEHV z)ff?hFhwi|iUdoz4=CpBckm^eFpd;x;sc66%n%!^pLk3{A{Q?ZhY9cwLXx4Gl(87~ zdUtns87p=B03;@%aM8_-2!+ee2?!7tNF?K~ue1ibBXWlPL`W8qe?!ngXpX}KRDE=1 zI{S@4Zxox{&WtG@q&TNU&XTd>eNUq{|L+iA^)ao)@ttcbCIYz6s01p@Z4{p)EF|!r zoIwP_z7%Sz`#lm(%>yrFQ|76fGr)lx(`n}x7I%yXV$|s(J(!&?GIVqi1$oE#EumBO zl1?}lk|(}QICLURsKkT<*G(b9BpjKRT}7$*KU2o0Axt?-Vm-k+2$?ychp&TB!oy`h z(|&Z;%o8)r8eansn<{jZ7Ijz*981R6)to^XnVBFu^K{ahIolt0zO=SGmU5}I|3+f> z<^VL<|KY`;U$+0J=jTWJe~6;A%g=M*oCGjJj-CciXOe_r^_$L<%m7#$8ff$2D7zzO zWFj4e6FEadax7uGa63=XZ!AGGJO^c9ZYjG%SgBjYCP7)<3vE`3F2frlSs9eGeAnuAY*ZSOuvz6LZ%4^Bo%QikqAq~6RP1qBNE-Q zBn&!F5CsSn8F!c%yQqK}`)QC%rqBiuhisv28#Vp=IR<*Iy4QK4s;EgL5s@f~pS$SI z1PK-aqoBJd&`eRuP!b1NTAFeMOV)XU0;Zq8Kp4HhGUO@5cM$q40=HxA6IV2O+Auhp z`Bq+$h`}cl;v;5<2ua079EJ*i%-Q_{Vc!QKG}Cnl6CQT%VC-?mq{p(MReo8g^Q7|x zU4xW_PKALLk%;&?{#;(6yBYCk2y;MjhnTO6y=e#fMxhS6|=bie0Qqq((%chkxoa= zKIO`)2}yzx`uN%Y(6iJ2PG_fKs~PPGs8kK@4A;bmBqCCn8ETMeQn8c}#Zu1%fEQ?- zq_3~7oAt`~Swbb6VS!@c5fRE13fls~9QZ=cl*g$t{)KTAF%C#MG@ONcSPj~A09HWz zm>TSffZQLcz%e5@Qgp_IHtED@v#`8 zf&P{Hb9RpE4y5(1{za)HUx6rnBNuUsL9$TI22)8hVh()F1bC4iO=swsXKHqOAs$1R zXVaX(ou>rBR-fQdK&L|jpi<2XgZGIKTzV4{f)<~clR1{)-NM2??1XGes3+MiP*p{c zDJ68OY8U}De#c0&kjoJ|>G%7JB@swY{MBJfpPSm>_rF)frm8Jfm6t4vm=Y1I)U@uw z5u;P%*sGw$c&ct^8nQ7Cjr3n@)w;-3tsf>Tl6a#H7TinV6o*K1>=Qaw0y`m7-LS$b z)`-miUHykhK=e)rr{_=f-#&|!+UcHtKRi1f_J=1XW|W4N2$?|g2c!3{U`mAK3p=)G zN!e&?&$`n8Q_3yG5=8Ia&o{5HU3o8e@i7|wzy9gzY03XPzc}W94paVN{0(K7wE6h| zm!`-@{D@KW>V>j46#;7JCbK=)dj6n)e*B1BlSF)#5b-VDMRxNv2>eJHqI{s+VU$wf*2FV0WSj`Dwq^6_KuTQn!pNZCoG%(e0! zUPg*7{tQOw+urBTosO#3d3_(Na7ekDN@8{VHUksXxE)>b5?v>g3Asm3*FhE*&;Vs5UUEk@dx!ZX&K{n}YfG8gy6Dn*tsGpIgax;F4Kv)xRsa?_$Q84m zCVhlHeoVuy>aMv8BaY)WHO&lj4V5)@(%9*5mJ(e%O9U$eYbV1p=5`C=2l`Z=Lpc}X z6Z()a36@m%Hj_@h;Bycx5vF(wL3g|`h*EbVjn1ov@Y*t^-5{1(*sY|)goSO!YPGF) zzNiny9$1HHmHc0XQF8%E;E^JjOc1tlKFZ>J^vrZeyL9f2^&vFa=Sa-b3|E?3YZ5sk zen=s|HsRk={+`-SbFFinOmH}+Q$SC>7wD-_Zz`t2N_N6cvk*&_L?){JXOrDXA1qPY z7gqBvpTErMg-`$Yzr<4~|MuBak=F*_I>>Rqb@Gq?w|e9}&m&%H*|qo#vh6UKkuLlw z{rS|UZuY|MG!4|i?Ip@$@0ZW3xV?P4FK$=idsuFh33{fC)-&aUUBMLY-(u;{v~+2O zeT=A}t}Hpxv3ex`X#40x-H<|7kQ^ z7KfW9MGM0*!{V>7$atPnQJ7oCm4FX5RdXa+MPQq3&kg%wLuv7Y~|+Z7;D3HnRdb)UQFA4JYrB27L;fPA4rWh9oE zuR$u@cZ}b<=rxggVH~7geCB#=Fbc?I0vu?${hVM8-%wQGi=qcHy}Qm`6_(<(TjBk~ z$T*pxHN#W%TECLvf%`ZlK9S)95gHJaiK9%{E5cf^1l?gOHypFls9EiolfrrxX@$78 zo?MEqS+eu2M)0^@w5ya`v+S7eORZe&tH?R^oUH)pKBhmMB|WMW<-fmlTKZTHR2tTQ zd^}EQ5W-G-0h`u;&rS#B^`DE=!EycP5M@{M)a`bQ+tml1TS9};a!Xhz+a!~1c&^P_ zF4r+!^!al)oqe{U-3nH>MBG6(zdBkP%}Oj`mYe>BD51(HN>xX=(lUq(2y59OeHIBr!5xuFgZ)&9In*c4lMDWxDXa zY^US5ENARTX!H`Xh-B_Ma`J1R4syyXu8!^N(&sL?u)S~5O>xt+@is*+5TEFP$LvLo zu@Hzzvo@V4lu+bjyIs_QEcXGZiji?Xf1D@;=? zodN~rz6XZx$nNo$Di$$`6d#8#(1f!n<7GXa$XQ7wJgc5dEA`w$d|T|jjzyeh0A2&L z6s9*pTv`+4_#pu*JrZ~^hY7i_#gP-RHQ+0=iglc*$XB+5y_ySaLb2Ln9j08q9XW+8 zehr@5tp7SJRtlVD^1KH6N|L<@RkGi36zW-6Qcubu_|j^=wlvuP<-%PL=$tLKaswLe zf4}7apA1fir$_sLh?1rW>(u1x8oZhIWxv5$cLdk5KE>OtP6oEZyU-J@;1z7)6Nngm z)l?FxeDl`|CVFeOjdz|P6cFLFIq;tq?HZ$JKzd0mNu&=d6A6($E@3v&*c6-Hk^i0r z0xfInXd%W_jL@n5X|}1qGu3O5sG|CRV>az`eCO0+d=-YwSJo0m5HY?;+b5LB5pu>0 z31VYX3@8t$uS@4@edpD?CXl}n@W58KV{qI0GjOo#d*IR z|6dIHNBe(>@(At!lS?Fs227bp=!CT}{g>~5LHbx-8|4#o=7SKP zA19swpV2@R6?KJLRs~O|9H#kXq$0~()%7)c+t!6x z+bIr0hj*#1E&!;u(+}9M9~ozfB(z;0rp%kJG&nfT+GVod7hx3Tr$ByGdTsj@K_n!W z!nky1M85Qd`|+~SuclG)y&y5iRx^pwXP&=Y2j0QGL_c0`D=ztAp>Qu%7Y`#U4em;N z`){=RL&X1s!C5)}A0F@jI81qj_CG!8zfTvy?00!X?cwdEJJ4Y0U%h{Wtf?b(ic+mq zQUg{;wNV5n%a3E?Ey1oRy9%W+BSNw%$5A`gpqCNq^uks8vbxWINvH|*9-`+{=1na8 zhvh(urH%=IDZS6BRqWs5X}wlmzOLaPCSk%??84xr9ako{`5Kem(mp&q3;tNK@PA@y zZ~r6W>kAQqcL#3YJ@5WLkGe5qVWUsbVE+df<@-NRPS4Md_WvN|5!(OSiMB7FAWH%K z&#!NnF2eu(`WC%sEbkl?vID=*BX68cCcuqm_Iw;;pU7Oy+qhuBLS#VL1in6wyltvH zN01G^6|~*M3KG-@6fCT_d-?9AyxBwF>X`jSyO$3}cj#MvP`jtjG#cpL^nbf>uqpmK zKP$(7!;Ah={~x4$CHnv2RsR~TFJ~NZAiU77S~aNo8@-^XDkIyntyU-_s@4iM%VQWK zMz_Tn=+>L!{2Rjo1W4a&*IxJ8>RzZ@*Ws*1`gT8-bFU^7bHH_q_*L#*8^wLCH>5Rn z-)E7&er69WFrehu$%hEv?|}sozJHXRfB5)%OZz`)Z~dF^f9{_Q%l7|lcs&1ckn-5= z|KL$se=lcV8@zy{nL3)O{}eOzz^<@YYI{hRcw5{zrWq0vZ!pd&Zquq6ck^g#NVUT! z|A0H%j%Aawq5l_iHX$J>!`yx=Kx6*r$cqU4JeyAvELJD$RXG4KBs#i z$7JRcx;r_>S{Bpl>uhD^IBbD1!uQ)DRi4-`h>dfx9d7HGY=!aJ;Qcs;OCV z%k?ph2KThaNyhhkqeqR*_LS(WPWMHM4%(V&`J(REmiGVN-QXx-)B6AUMS1`K@a(w% z|1jmT+y8ra-$wy=w*OOKDZMxZ37+ur9OyK^l-uAA{KgVGML%Am`~kqVyXl6tdS>c- z3kA-z$LRG2x{M-)V9kEIwR$k4vdThjOVD-(Q>PI2#;=Nz+l5aVbsO_(-4r^Ym1wX3 zDGT8Dtv(9b82=4c&VQesANBu1$|KbOW}@vq=l_lc;A*(m5ZDKGxqm~3J*?`@Fb%@| zrrf5Dvp0?Z${p-1jcUg==JZ+`3*UV7d*3ch1d=bTPq#*kq+43tifFurkQ6>EC|VpLXfqt2rj2 zQb7;aN1S3fOh+F_*1f&`|BzsQn{49%G{t|z;mY~1i;Ls;{|-_fq5ZcLZO>uf-wo8N zi0|(i!ls>l8>T7eKm*2iN>uKgkg_!7uTn__o;E7EHRMo6yZa-FGP)62b{eQDS4tE- z7M=PvmG=5y#7c0-jLG&Ve@to6|NXP!%K4v@0i<7(0ZhN7=u?$gp<{^g8uDluv6^)E}4{9mlx z|9>(ZoE+u<5akide>TzfF84P%$f?w)kLs3zY_h`caf?`xge!;rYf=&ecTk^6v1cc9 z0Gra*wUkt4O4{nD4dj0_qn|4c@;~ga?Ef8{ogd}@AmuU2|HByln-pxFy)THpA;J?N z^k{FtX|eZWZU~FElK7}d!B-|w<|T*UEcW4zFXHZ4nC0i>gl>|JD0*cUN`?*RRUX0;W`IzQ~R$s>A?*pV%+5P#vjrBL%;T7n7qjnNsiLY8eHXAG)1RR8@vp*RJ za`l>e6ax(iouUYYz|&21S=KWP;<0sXdG-B1ytQR-Gr0S8)*gTbspY~uTCJ?_)@0!Z zbM-~Ld&h~CQ2xxpPCfod5##|o-6FHIsr}z@>z6Lg`#)CV|C8bI{@;U?M{EBdV(VAg z^l!TBYw*X|^OY}~%Krx2zO&M_{yP}1$p7i!>?r?-D34bDA7tBijqm@Sv9Q7MSLArv zCm$O;{$G?YyoXOFKjQgDBh#+>#H3{vsan zg!m)*MgJ*fQ~%GJ+%YhS|A#4$*8ejU9LfW{)^J*^{~ClFuK!x-`(OXH z)ci5le={!aef>9M(_YtqeHPRj#MhiNj`B6WIA3>OH?E%g)vibzO154%wuJ1oZfr@} z>$aJB**PN!s*p6%?IY=z1gmbYXyT7KVgQ ze~AMuA%!2|`|E^HVT1^B^RZ5mb%-3q~}Z0Wy&&xsGOeC?pW+hU5X=@uu96S=V85>PFd&C-{b>RpDnC6tx% zUKx^lsz`*V;KfN8s^E%)%<)^ld!K~iwRw|Q8ywRqYznZulv=le+QI{$QHco!o{Lm8 zo)L0Be#{gFa>PPNh`azMI0>c4VM>JL3o}BsDw7Enxi8S?&!g%(5>L_R&r6xe81tTm z#9!2nRgM+0u82M%OB!-sg?D%%oczSxMx`PB88S?Rr5@@cr^jO1(~Zslo&3wL&*+3q z3(rh7`^K*A^vo~q92Eh~3qPwnKL;9zL7>wiBUmCH_8$wtqCfr;gqoN```E1XdqQM;DAsN;yq_$80C;ET7CqX ze}s^Vv)4=&`_CPWJt9-9N_B!DVCl4(`JLdek~lChxz z=-k}fot8*pHScmt+(PJ;s#kEoyO|X!YW!+CDvg7)Jw_-@=_*9P<@WH6*RdXhspG7S z?In)!n1nslj_pUt*7RdDA8;oLG@_6vVPC?K!rmy1(!{OGaJ6B|!zV%#=C)T7I?(H46X}&P zl`WcO31xB@%gbUl{x}>V72>bMxueco9n;cCRLHlfQ3^|Isou{V*;!rgE<$CPb)hrk z=vf8V@MNOAorOzT0MF60nrbl%p4YwbFqPzaZmOg(Yh8~z{DoMO1@Nj8P`!#T0&A`2 zThSM@V(N)V74Z8gRG5Yq5T9^&Zy@e=1p!rt$8Swxv~u? zQd7oDv&PE?>hX0U4c$ak5l|CZuIp}n{}-WC5L6C*gB$CQYPH-=QYCOI9U4*Jn}hHW>q_VD-!rPmc(ZfancR z2j@@p-#&{}7rUp!?@mrHzCZo$c{7ccFiZoabQ#wqTH3lXXOj6Wbn}C?mD{SZrqkSA zc1f=n6&X@kw_4Y(OyvkUIuGSkj?`up3w9nF99{lEQ_vi%?SkNbZQQg#heOO{_xBTrZN5*}8Wdo!g9)u>7MJvZ?-IH<2m+_>4-*hL``=8rop{aKmp zWhmslKn{*$QPq*98zl0?2(Z6}#1bY+Xdi4$g;GMo$04E9D)f44Fe-5vvmmW&dcQHM zv3giJSe(({+1PZ*{;?VK+?cy2@lBW+Tab5*-x6ASu4cXR^v$pq-)XTZJkg%DiVAX1 zmwiD0biUQy+J^agDk4mT-@%uS$ZWj|9A!SOxItCmbggD!6$hrOpe?H{&*H6NMhOX#z`t`PV_~Hxf%_OZ zNi|6w%(V%`WBIB}3;%D|@UPMT8=efy@!#O&nEyRU`BMJhf3D*fYg6@jT)+l;zD8$o zU6&r6TWG%WVMjFt`{x$Jv`4pbKQ!&ht=toX9>VQxzh zp!LD>e}n$n%K6XJ^JD)1AZ0iI@6Tpxd{H-$giO%9OTZ6x zEPo!Uw4XA&8bp~ttu?dVv-wx6b%_Hd|i6PEd)5o$>q--(AKoQYj z5p>aetxeOk7?LwURYI*K*W5RZ#xP+V@`*G#Bf`9N^=LNsGXLXCPvK+Pp)~0KI~aF4 zW3rp=q1wU+Z1VrkSM>kj{HXsAQ`%fOROugHrq_y8xQ68`h7RHYrX-kaiALy?26RVg z!0z0Cy#BLy_4Cg+FTd&CekXdqv0kE=3y`NF8{^RRv6LaWw#FM3K=yDDc zVQyr3R8em|NM&qo0PKDHliN1Z;Qo60D{yqaik-74X`YF`O5M#)oW$SyG2hH2Te+=0 z7DTorWJrJpK+R|!|L<3L@F9v6smI9UtWc?VL;~H72GB1wK#r+D1>U_QI3!&GdKJP>aF z(AAWwX0rhf<0&3g!sPHFA$%F8>oX2axIT;An6n7v6cW*!6`@!jC@>U9AY$yp5ENXrgzyi9eZ8bwXI3~XW7lhFvnjLj;9Opj=?$LK{zY~D)IfydoL_#9xFA;|^@D4(fp{bOy81{Pi z_xBkqb^8D$CZTZA?UV?G%gzZ15Ee)zqpq){2D&G5iu^=K7Lk8J&_QU1!vs`)bZt8O zwLq^Go7~QnDITOaCqzz@k>Y(%qc;EV5MT8%t;F%YYbquJxX-8rD$8vYpCc?J@SdDP z1j4=)YO4D^5>3nlFJu$ushU&3fg96F=MLugj0a-a=^{Otoh~wTbP)x4&-fjo6ZMjg zITn&9zDziDB21{ngaX%1A;KganwDKfsrWw=#wH<5I7?zZ!8!<;IiQEHgHXc5yq{@5 zIxFUh8D@>Ifrm{Mx=D*VEC!Ax{%Y0aGN_dB0k+8s){RO)}TVs~Z$ zH0b}6usSr*>cLTZM@-3B zItV9niiG4?!es7to}u4Zf~I%|O2OPwc8{NMh$R$%~1BgR5SGtXw{=JWZ-l*<%o~bHo(nv%kO5ztTdOb#h zMZhTN?g=ziR5Fyr0hX4g0>P4Xo}qy0=PwaPSJ#F-h4>yqpGDwyjDF&ZCQmB{M>F59 zS0rNa$(ZvXi{^$O;de?I3Nu3uGEFL$5~5h@nE>z-jgs{B zjWx3_e4iy$qA33yoDk(~f!6hh8QZRU58^UXKP7RNzAlnseP&l-rHlKPfQcswSQ$hm5Q5M^q% z=objZEGYi%VJeAzV2nR6H_uITc<{p{05L@W`1PLj;kG|2*rZG0PaZJ3-esGi% zB77VYI_b@hMj-K#qpPW9V9|1jnNVi@JhPU15#gM12&{U$vxXLl@C3X#2}3VtA@S8T zxCrm@TsVtw1^67KqE8Vg@gz6E74;JiLU=&&D1^W+B!ogXnE*H42-(CNGag~793Xg* zPWCv28K`AV=$M(ON?3Vg0%4H1QA)AfA9VXiw}aDR|76%d{lES5VZU$tkE1vQ?y1>4 zM9x4xRpaCd2*H<(r}N*gb}uDbkFo|4fy4op*w!?InLCB~(-4m!%pP#UIFWPD53vxQ zF;X4Jj6+C#EQV;Hf2BsMU3i+KX??3yQ0kpjU{2r2d7NU9EL2n6RMI13XNn=QI7Tx9 z_nunGUZiL57>5En9e9wy3zOdXzBTi9VR$I5d*)Myr*1re^#wQC`$*t*le7A<3~% z=tK#tF`4Lw6%K($Wd85!KSTnecQQCRd#3;PS)@d6_vE|d)05-=@saVDrC}vP#)8P63otHavJ0Ta-%sUn#c`OAx(x?{8n-xbi`6gQLOz@1LBM?f7Oooo!f~Va4<)LG3s_Y&y^uLG?wJ|1=Om!YWWgb zfZs1cH?J*$#kK{SU;L@%OT+s2rVz%!g)8IDLjkMT|KRxi{IsU31K&Z~!5xx>oUP%BpZ?^7^Nt=rKRKYr{g zFO5*J#+{u~u4>?*ZeB$@a>bSE{%WF5#kd3dLs>o4M`y?SPZHfE<1u+aPS-&e7SI4? zBwlh*9yiV~jFT{&qYnuV$(Se`D2_GpZs+e{VC(u)VNe|rX~aQ$^yqKN2si}^!gN_% z=R$kH+BG!61nuBIw{GnZ?`~9GWgjW;e3)-85d4bC`@XhL(dlidzV&O0_lGussw7NMGqr48LzbvRTuZ6Dr5Z`48b(FzpAu zZu|?3RWsJQ2a2i10EDTfeTF6m>#8|-bDFz~?1j!QDv&?4KcsY+^S>PAc+T2W`n7gA z#sq{WI&&S(PK$cPLfyp?6QJE3l&w;@FVy!L6(j%-K~rx-HhH6(R8FTnSmG`qO{=!8 zrzg;gM#hbHbNagl?sO{$-#9(SPi^X=u4Fnmg)nl(w5JDoh(3Ny0~6Jgz*QJ=9IvQp z)}m|1v!+h!p}(<|=-OGxLzyC#jLiL9^hbHM6^yMv(1(Ocu%xj32;^^fIRaHU_cH=yjGim4`&=2$*D!&Hw^;g9y^6K$ zbSUfU92pSB3HSm%A1S-Aw8CGY=ak8|(6VmVL3{C{*bB`Wd=%ZmyoH&PMpoTIShZ5J)zn?Kg;!Ku?l#9XxCrAZ zewRdOaJE_R?_q>EV~sA9{U;6eR(7*g2QBxnTw~D&?bX=#3dJRkO~w!b;a*(5wnl(( zf5rkidZ*IO_SsAZmQ$Qg7I^hsb4)y`X0ENp&on}heBj2VbA2WU61Bu1dw9zGG3`caxmEpOmFwjDG zt-HKf7N^}3?;mH4lQCK`Jd4KZ7cxBX5QoGkGMpnq17hN>l<9hlu;wg5_n68x$E?y+ zFRsFR5os53YdM)OU9&muS&86ryFFdGZp{XJntfimtz8jW>^U0&SO}{*PHogo{oTC( zrsqwyo~^8I{$Tga=y6!kNShd{_lRuW3JzQE!&hh zGg)1e!1_l9t@jOj%Y;NM)5ywz7bJ?q`C|4m>MCP|#K_n`+C#O;(3pcZb7IV8y78U2 z)0TY}hV&ye{2sB0WQH7aihG|9a>_fdj_qr1jV%~Ay>FC@T+AUic8DmrXk%>(n_T1= z3xS9B5GsIwM|JUhIUY`k>6Oul%SGE;c=}{#)I6W<=kxC`Nrsm$!Z6CIZD!mV!6dCOod1+au(vd zHF#>{!K<*?Rp8`d)f(ta;nzi|lKqCGP|w1Wcv1$z=N9v|r9uDayFxvnGdADI3~1E< z{gVBEq<$Ur|2|3@K&lgy%iG3g+L!GHXVnpG$J!KcvpN~r3hP2ov<0hR1Dik}4Cx>w ziBz`vD+Lq1HL3HRX9xvE_-qFJy`o)X^bANZi6x2jL3JV_vd3jiYKRTK*ux7~ED$KK zZH}X0Du(F9{xqrj?@aX?B&w+X-%JzyUaSNm!;P?H|T9!6Jlkj zI0)_DrMh|nK((HJ#D4w6I7=jzur*)587-0M*V->KRPb!|C95>`H#Jnr>_48 zPfGiH1@+os1sv4WK~4R;sHsObg}qYSeVW9Z;=VP_kdSzdaZYiYR?WDZM_WUx9X|Od z%xF85b;_FdU(DHP(`krVsrg@zb%P4+q60XZfz zpU~~eG1_u5tiDQDR*u642qXNk8B%45ZG+et7n|X>hRH_gFH<8LO##Q7nxvYVC9_-~ z(`YbHYm8+4urqqp$ZSrDzMXSdq-dwDnU>FLer>4#AKW#L0ygdcpPiTU|Bp`&`TzSV zPhI~%xVt_IxV8SD_)6%-AxQ9qk7qz9#jV^1bKp0Y&ZsyD?n2#ZO% zO^M^?*sN{V#&T@Hw~kb@$ZJl>w!ogY+zkDznelg7j6ytVC9_x21PYvj=7o5&ouHns zaXh^`U)$1Tj-=0&=hU_q?2(~!9?Z97=$P zD9N3w14>_@0NQl@uVV%_uKz*#{@>%Hqr>{&OL_9^e}7AVgH`_pF8ET}X#GnT`B=6V z0gdawzqJ0(j}HFdUdq#6|7N1?M+DqzTuoBIQ1s=m`?R!Q|8mMWm6)`(`t#DX{?C{0 z|35l9>mSztKFSkZ|Jg*_`MSR?Ku%YE`lxOj$ObEHj$6cnBwRY|UlWoTxP$sgiak47 z0N50^uBD_ZQqopFt+D>sQ~HI{u>OzxOZmTp)8oVX-%ELl>;G|-{%s1jPTwyqdqadL zKf?xR_bxFE4tnGSEy}1LN~x?A;|SRAWXyk_2AFq${flDrM>+(11=xB=1WEE zS%D4q-_iM5`TYOUdH-Pl?WH_H`>#0Bc5Vg!3S7DmxfN)Bqf3pg-UsCJ!F)BseyOYU zIgF+wURAVfsb(-U<@Gfr=ft<41!{TqVw+&p< zxrZjpqUttu7H`ZZ4f#?5-o=IJpNBu2eUPPb3Rl|~Z78{ikzoEEwEGmxG9mZka%)mX zwT6D%q`+mmbkmz^&u3vNwVk`;%3Rf9;>*{}eB{ zsMpk^7-&G~1VtbOo~$FwvYuHGPpxD5)%Uxw*7DwFaCd90Jpv0-&4strT3O$%%EArm z>a%wDo)amd{F#HTdi?iAkbCTOi^$Hp`hU&TFI}4RKbHLeqyFLk-@TM4tN$M(^{cG< z*UkDG{5f*Iie=sPzed`3R+{#I2ggh6|M=|qu>SW^p6vR6l(g>}+y9EOu)*+G1KR!Cd|MpVK zb{vjl(VGpd!S+Ko{1tZE$B#AE*f z2XRPzEDWw+ahQN`3-dUAZ;%QI!Iz91v=Ns6^i6?|Rg|Pn-&9a^W})ju{K?z^<17pb zo%|99SV9Uv!VfnIpTH0e@+ZI0>@u?SxzytMx(Gs9v38|e@(W{>Yn1lmq)NEZ`*la+ z+Z>Q>I<6Xnm<66`Ual|MZ#W7Y+N{85b(OW>C}ncdd|RT*cE)H;;el~;ieO{C0W^g~ zD4$079BV}>c~UU{7AwV!%Z2$@!lK@zKhTGSNm%MZD4+%UF%Croewu_~J#!Gs{50zw zi6NS>m-=bTF)T26y@4z?Y&V+e^45O?pAjD}eC;E=+hCTj=oTl86FIk^Gf*w_X6egI z^)AEP63WteFAYgORV2a_@Zuy4m4C-U7Wl2-T_s_7W8M@c7sqr0>jLcNg2Qc~cHx1~ zsKkTL>l zPx+e27<0u!;?L{Gs=$g^S44jxOB!-6!h1XyPH|#xB2|(85*nsKE{D3v>9JV$bYt^> zr}(n#Gdd=dg=eOkePg$mdghn5&kFK@aVd((4AnR$UG*w^Q5dzW8lh!{RmzehWwWgi z^UVS^B}Ta=-6#vWv?iz|MN`7Q>wni@sSc1%W+D`XxZ-RC!va!8%TFMSj}TIx`ihaZ z|J=jKsN1n*bs;Q;(+E-0Trsmb#w9d>dmWb@A~3)X+)aP2pq*B za8LOl3!RydI<5D%I-p(6`123(}+t5pcOVd}FVz#$f6=OJjS9V>}`ukpzT$ zarN5z{lfhj3*>N?NN`yUR7}ZOnk^h>EAHb_LW6~=QN<5i%ULz>^~N#J_S6?ty?r=r z>6YYBa))HF+MqD&XfagKY5}cYK4u=i#c@%vu3m5122?&!cQCJ5eyK)Xc(K&6-7K;d z{aDX>-f9J!rBEbcSBoKqy_N&2iCbR7)iyy9J`s{Ix4n?iE^-$eAGwUFY)n{|P$suA zdRVN+ABRIEc>=3&ZYlGY$FwvO73u*0593acQ#V~~q%WRUeP-wn#r#A0v?m-lOmh6KD z{m*bBr`vh}jrM>4sI32wP7mil_ENTubCoo|o<^Ro?j<~|Quk&`m0(#_|NbJ8Q*&|F z=IXw?Lc{OH4&V?F4!->5`n4E#y2XWB!Ji4oRGJ+AA;O7d9UO-2{({bLd=`U^O0HhT zo0o?5&shjvpHazK7>Ag`Bi#SqKkb+Ee+Q@MhxYQ6{Y5;-`IMHPzNzY@jX z39!F~#1h6yD3(NGyKZ3{0VZ@(g?^evi(?kxELyw~s*!qFIT<*kzq66)ko{vl=w_be zu`9DbPgtrj5>Dj2_%x>g{loc26SY3;;#e%$&a21IO!JH3O?SZC(W}ua;kAu!0#SBt!!L)|HHfmCFPkV&EiQCM{tq(F#;rVPR!!6?Dn& zfO1e`QdF+--B=zi^#9fyfDQWpxPLk*`~Us(ql5n6NBLa(|DgD-@QtZ=19S!;uGc^w736>W2--zf7+BXjaH}3x& zotD4X#UzEwbigF=h)~_FA>shk=kwSc z!T#iX`EY`39VAb8sxtXVn6QrkK@yR zS^l3M_J8(M%91k^lj(H*0t98KYV1QIV+(r@Ubc#yxl{`~~SBkiR``s`jl zrT( zcJbNfr#aG7`_hk>G(_?4vNCFY3!^^D1 z{|AGU!}-s>lqUV3hLoPX8E{zS8)PFBtpg!vAD35~q)tDtTK*R4*KzvzvAwZ@t zSAI08SMjwV2kCRG1!(qy<2p;fP%{rXSnSUwyO9dKGW<-v|4|}vp^D^55wkKb>V6rj zzVcq8ui$|QDHI`!-uSj?%Dz+96lt3Lx7y?^sme79|Xc2P(<`s#9efyrD+-# zLvjkpXWV=eNPnCC^7;q!p%FBKG2>8-pvfr_=B2BLv9WuFAD?^b9?A|%gZ#gTQI|6& zyIBt91~y=m{dczX{qMoqA^&4PrOlm{mGDc zVQyr3R8em|NM&qo0PKBxliN17=lr|+6j(a9VrMP3)Xzk>QoB8EC-EKI>D%4ORCa2X z1(8P*(j-6wV0UXAfA=js_!KEpkCxjRp;B>+1P%@kfOCH5;6aY5KLg&sB{(E~0sId5 z!Nm-7>CSN!{$(3!Fc=I@kB{}ggTbKs@8R&|^e@BX!SP^tcsLxK{bevbIUEfCf(Bcu zy(J|=V*Z!G#&uO2_k|=(DU(YBad20pVr8JnP#l4Xu@56; zX!nVbg!RQ-NQmmoa0mel=&Q2z0`1|L{0dwUMn~xGu!rL~|2cFIzjFt@0EEv;EcL^` zsltc|gehV%P$XEweLyj1zk@H)gmI)u6CY3nVusjQ{lsGu5;=c~I81=|5Rwedq>RPr z;NbrLJ`<%bAArOp6fU}%5uxg`V*&z%1ro`)?<=i=?uncsKM|5eKBE$-td>!7jm$QQA5oC^jNcME zRWIp;Vp1G@Wq2qiqs z+nKhbw`81{Zr1g+$gnL#Kk1N%#lW#-d|A#JgpnBuqIZ`LT0LfmgF)|eYrB1_rds=N zX6)7gK#To9J~}?E+W+ID)4l!QMN-=3=R4q>1TaF59tKWtl7wOXo8Gg`09YFuX!GDG zyCY^~A{~SiIYUBnEMYo#d(Y5sEI~7T2g<^k_#!%D z3yH6W!FhO(=fWw!72tD_ia*7i#M2yrEAFQpgz$jkaR`B(NC<^&It6Z;5wfW_VLZZ8 zIY96ro$PT4cc7*?!oR8Lhuc>+T4CFAM%x3k?#nby6mNkkxVfF-s$O=sp#Vg5A4V+gYcoG?!0 z-19>$gl9miWDeH z!xFq(nA?ZFkWC5oB)bKwvIsJzgicisqkIhJ8fhVOIYNhn!9Yna0?CQLIK0y5Cii!P z?^HWewVs-Z3l>F8sRygjwcf=Mqf_J5D2L6UbhkGR*%*gL^IdDRGSAG6A12C+dZUeX zDm5fI_6eOTWi=sFU9iR>&=r~gyZR52fH*iF9-ltbfBP&_Dz|_9-Ov<(#R^e2jflC>HVSRA8pFKR3d9+Nl=*E8`Yo3F6@W&o{5H zUHKq4siOt|4~~zIEBOEPY#;yIP5QgRn+lg``0zh-C}JZ%h*9(Er9vAu0gB#DhCQzJ z_(A{p_z}4#hN>~wIlpZ~i^A3q*^gYHN)Qdj{g$fAJO_mL8dKZ6na=HSz(UQcD~y?%(5 zJFHv{HDk5^J_F;_x;>row=+&HUYl7!(LeMoRfCPZPNIM&R&y}yH@t@BG& zgKCIKBM#c5M}JGkz$r)&rpX$e3+(}G*U$tLw1fZLy0x#~U#q+dA1UwTh1+{GK{n`b zh$tTq6Dn*tKtCh7ax+*>Agr0U+%A`H8n4MEOeUE?tHB&4Ere92#vEP59*P2`uXH0u z-*@lXtZ2*$l@sLrhj1*J?w#J${{_LS5o_H8CDdX7!sOCELz{qg)?B(d&wa&qsj+1P z@`v_^lnrzKmxCP7S$Rmm(GJIifY3~5uA^CLQIA-tn>c0yw3~ynSqk@s{63?C1i&F^ zYi-D;Z&i`n;gknU+)|}!)~@;V09sPWxY2ITf4?A|er@L)r^ooIZB5jfOao^SMy{A0 z=uRG?j~~;(MExLeRgE}~m*g~a(KY?qkSF!f-&#&|?kwb?ph&GCb3YgTQJrlCu=NM} zkT40BRrfa2V|r=T=v-{j}0vJ^0k#)w|=flxnEnW z2}gA4&c(7C$x^~iZq zt~@t>Ep?g-*R6#HMImHA7k+$YW2;;0fizOvp$GDctJ28d)b&9AcAGs=SLbeefK1SH zWp$q`;CuyBczB1UKhv{V>rRKVzTP7PqBsCwpyy+S3oA4H1$s`I>`Ej*|&m(miEx`h|24Jj5aKi45n6(14hD zD`h%gnbw>o=pIwKVxQGQ_2MjSR*`lRch-~n)HRFKp4A8*x69MD^VTe|r@PNDoCO#2dHq;g z$mfOiy<_vWU_h(=A5`%F;qZ8HxVQhiNNE76Nlh*;8=GNY#SPA~BiN3`6z{S; z8QB_ip$A$C6|8{?^udrGLXt>@&0i~;=$+X*-+P8oK!nfkfd8y`*EM>Eq?g2!MEamQ zkr3JAGG=Rt4ZhgJ3zsYqD9>$jEBVr5ngDG#T#o0-yd2pyq8BZof$j*%e$f^D)k0~~urqHD4C zODrS@93kvWa;JCUQSh~^S7Ge5nK66nz)LJK&wua?y;b`%V@EQHLw%SMgxrJ`{=w6< zDx&AHsO3#UGjp%lJ>7z|LL#IBcwUgvTVG%Wo_@Nyxm-hH89Os6<04P|!wNF{vi$qD z)ZPA1*}5@+Hv4~eI;i^prziXK-#bZ9(Ed-^mW}_9EVKM5Jru5<_9`%7%DnV2W{c^+ zxcmj_6Np`uPt2JQLU?|hcmjMz15sAgHELNUJe_iw7K4$B9ec#liCLiiS0~#76%Y}J zc>X>^C(XL_>iQbJ>k1*3Hj0DL?pr>3lej}H=8l~%=_nSz)iSpx^csbbxWmlsVW<*FfAmm-J~+H z#g~}uj`rd4MeyhHh5sE>cl#d^Utfp`ygzgY?rHz`yQm*C7Pex77W+RutKR>5czk-e zxBojyPtg814zz7yf-D5^U%$S~A;N$C`VL((Rs;v7=)muHkvC2z6W~TOdp?e_Ph`R8 zZCx;6Au=Rv0AC+RUN=-;V8}Y(irVIG1qqrR3Klloy<+oH*=(V0O~U@H%_};i8?>$2 zsohdzS`GAO`oEhy*yjJ8o>cw6qtlbU{@+RZLiGRRtNtZgU(Pt-KzN~DwQ5oGH+n%& zWk$ASSFKR3s9q~HERSJ`7+trveS%0r!URzMW-c0Sy)W3_FdSocc zZ%En5iT(6KOANVT_c`4HJ0>!p(9PK~*0LN{UuG+7`(cd=BmA&lr3#5{Qn3LS>(y<6 z$y(K4q#zp20LSY>Qq9c*EZ4_0THt8|NX8Fa<45((`kd(7Ik&}%cG}u``K<73P5b}g zu5c8vZTXe>dr=+y4i5+eZO6w*OOKDZMxZ37+ur9nfiUDYpd<{KgVG zML%Ak;sL;=yXlS^^~}`w=8BwWkJ0N5bQwqbb5hOw>6YrjjLSL;wJt;J8B85Q*qXd* zdTtXrW!$YSr)5KEhgPDy{--Q}-`DymXsiD>TsZ%Ia=6$3J4sJa|C@of^_c&A7J#ei zT0>wTG{yc68}_iOH^Vdti<@%WHjbNPv$j|lFi}Zfg-1o%N?pnsChnLq+5O~?NiF(+aB{S8{%5$~|FxU+ z1oeN-K-;=Ac&+O|e`QQAJpoiO2o=3kcR=Y2R6y&_|5adM>--;9@BckIJlxO!ounr} z|93a_*O>KR;DoQFwdTKMk&k6(70^2W2MhE6>~Qb@?Ib>UD zd7q~4^Iy&wrxKH{s6S6_^Z#t&{{O?n)4_iJ?;<_H`JWB6tXYD1PJ{ZB+uu7B?O() zsoyRJ+g-=2GLT7t!|&j)DT1`@av3!8@YlHnfdnjG)+J}5dRei+SXCvufV1I zkfT8J8(rwyntebnAIw)H?3cPKpTlT70%oXl5HX_yx^HD}@B^#dq=avl?_^%_2GtnL zS(D|sEWFE0L?CCZ@v!*2>}`vb^xi|W%cAZ!bQZ5ICQbQ55#Gjy=$}VE>wS==bqLqv zi!Pkp!&or?7P@_kWs#A4aj`Kg<3^z0byMIXU%KdZz2{S!N*y?BLh2iGcU2)<&*3tF zx2pZun{mghZ3Aqz|0l-_>%S-a^WQs3PuBjY18r9b;I*x9IR;3%vitLS7wd1f!zKsR`PKK^Kx=tx zGrHRaYmXp;)NPqZa?YOmc^f?hx5o)&8%z^-HJr z{T~bd|KVVN|L;!HlePbkvGuEJ`d8icHT-kz`6{MW=l=@ZzO&S}{yRKcnEywoNBjA| zi}YmY|D$aCZovMRjD;=0U$Nt5pL}dV{J$tHyoFCD6{xSx!YX-JsO-WuK(`$|L-O}S^Q@> z*cAf2)^s|o|C$O{T>rJyx4-^tx%qRf|7KF!`ucAsrme33`YdQPh_5+k92IkXcDZi6 zZd^a~>!C;&PS##Gwv24FZfsfE>bkMzYr}Qp5@%anH!gCw`MU8w{W($_{)0GV^JwKQ zf2Fh>{|%4TyE6V893AfCe>+K49Eamr9NY~pV0)Eye+^Fi_^|*Q>lOue95?}Hp0@My)E#u zjFYtJ+Zv8eEp@#Se>ykBI158Ur@zDjmXOkq@WXY&r!Ydp{K+pgyNoP-F132TDw0qr z*3MMRexZ+Yi_*QHR0>P2U$rN`%?a6}le#{LS>T!C)%=qEhNG~h%#!-7t+M!yQYOpr zZGkJ>7-Kbs2gc1Ql8yBO&Y|%tPQ2)Ndf+qGsTR{()g>?qTZuF(1(OcSZF~g zphNW&9Ez6uX%dFb!a*qW)2w$SMrg`j>Zcw1upr>oITW_Y*TmKFGj`(oyYaikL z8l!wkvp8X#$hrNTfhw67OJ827cUiq1sVwyOLYFjiMIt-}FHXWx`F9*-LEie^WfF$h z=1oy^aZIPMD#3oPINTO)OAmZTB_2dZ>?_0~X5zUD*8JDZcFcj84e3^vqmMznFs|T zE;$>+s8Ffm|bTl zx@|Sxk;$_uB&Rebk#pAvF1-l}Aq~kDX$XG?O2j|i++1ESP_LSpYKg@HWicW|D3Jt* zuOP(pYZGu9p_4*}7&u`;_UdSmy$i`5?7QHzb^*}4Mb&VAar5Ta*WUZ{cdxH6&o5pV zDBY>)_XB59xo;)}!r%%f<)`-frS7;Ck-C`+uu$*YpMUh;zW(*~+iHczYBXR^Hhl|s z5E>=x)Dr#S=c{+;H}zC&%s|MdQ$yLCFdkvqNciT>yVu?iZ(hHBwPqdqivwCpg{n|( zUDxODF5kYs@~+Nr7J8(u8iAuY1nwyxq|}%@7A6tAQ{br?7^ic}V|Tzg37}4eXZA?2 z5DNT>WNZci&^vSKdYU3tt9e&2f0n{QC40@l@2_Tm%eJzfk6N?3*!7)jgpxL?s|dJU zpT5Cs%WE)soQ1xWo{eI#8gavXqOC-1~1}bJ`BFz$xvyt@iIH5sl zXw=EW=5m&Gd^0%a*_wLE)Z2%nj&4a#C3i@M%K?R%N99mKrwO!t`j~O}4#!2sx_rK6 z3s8AS-NL+P`lS}N^kSi5+nHob+OZmX-e?AzsZeBLTazKBy^;f}nOmI0^_ZYYp9o2q z+g(X$7rBp(k6f*(3MQ;bD3hCj9u}+q$KeP`p1`s?H`IBHeOl>>n)z*VR2=$7uD3Hr zHddFLPoXN!rl14k=y{FQ@MNNZ=G>($fEVa_L$;U&FPdI>m`d`ZFjP{SjnJd1{*o8Y z0ywWF)U4vm#5$|_PW;8J95iIX+T1BpTW3!9LX|@*$tGMHnw?o)A>JifXuls;FzSVe zMU&giYmrKAlyL=))R6Jgkbho4J-#ljA+#}7Ce+53>$;D+@Y=HeH;eHG3x77Xo&PyI zs;vJFPtOMX?|7-o;Ux>s6Ul^+ zL*QS|nxf|S2Jr@X z)O!B^tUCYCPKW#Xzmrr1{%e6yT$uq>Tn4Br6AJR4@msxf^jl%bjzQvd6T%xq z;^}LPngwSom>Cv-gL$2N(%68P3QEm1H*G3%3KTQHV!3iyPSLGjc|9)DF8ZO*&<~6w zOR7(&ggzjv-vwe}0368~rfA?E4%`7s1SnT5;m{vr{}yN-eOVx-y#ve2Rk<7?M=vHgwLP^O2ZikeYp_t@ zAV<%IpQ+tkZ}=lem3O*W!ur8pXB(>m<4Fj1%eESmDRz&soE4U@S6_ZAI6zi-!+6aAB*_W{r|(0PW=myN5q6Z~Zp3HMP(Kr%ZJ5~**UOhvbt&_1 zH7-i)v5Ih@K`D`QT?YZtLkhKzZH7d^g2W6r75DH`?{U$T%s#)J2rNaoT326kaz{d# z!fWBoMU#oY*j8qHp^lr`4uDu99jL_-H$x(4* zPef?GTU_$yh`Y~{;n;2NC=1E6=!kLtec9@-@Y~HAXxyHJ3hVa$e2Go}f+&{r zSA?5E%9;86fc}-OLH1F=?&&?|!TIGIlTnROA%V(YHR+2Glc->%Kev`|PA&Fdsnx#E zsN^h+LrmcjzW*{f8C1{z3{TGX_kZss?cOLAN7I6`Z90Z73G=d?nOnRmPG2;7=pT;r z&qZrxx5$?*R7iw;^!2&NPF?2z9fA8*?|dkxHvE5jR{j3-;CQgV|92;8jro5OCPD(= zPz{(twaZCt41I)SVJtljVn(PmzcS@wf3m>-rGRSo$3e)Z`Hz^hhq?Y~&lDr=X%crWQzO9islY$I_p5X@#koaXDdJL69o*xy2836mrg3o5Z&v#?zOCUja?{VZE8j#+@S)#A0P8mou3gMl;pI~$t@ z**{jJZpKNzc4hYGY2UJsQs1WdH0J>Q!}&%twYuoySd?OC%lpp^`L!fxv2SZ-HeXF0 z6@rT~#5!_1S39wq+h*#h<=OI!jFt$aQVEg3zjY;JVeK@5hZs0Xr%6YeO0@!&R#{lx zT1Q>7Tc8}2niREjd^^aagZxY3` z_kSFoRKNc;+<*UjH)+lI@8(OpPbdt$g{9-{TxQ;;e1*7iefTkUv974AyU+hei~kM> zCua-s-=qEhubrgL{J)LWz-ODiMJIOIu`dORJVwL07i9+!*9>%*_n)qFA|%~i`$cG$ zefknotNvF$*W>R09iE+@RO5d~gT4OWN!s%M-{mKNo}qJr*aZC?1HD#+(6M{+5>bEv zNv2O`^!ou3sz6`WhGWvd!yyT@4oCMhpomZ*vAzWp-4Tp_f-qX#T35$!2454oS>SR< zhl#d-ddN_%J*4!g=ZU_ULm@KlFbO;&)b8Zt0MzI6*lg(})SRYy9ZcaS&z9aXcx5+# zD{5?1I1y@Xv>~sLlC~e?*a#+c+A`jv|7{TaanFAqoeZk_|75@Zvzt`aoSB+ThwB%h zD4R}QZghD|I`YRLaXFKIL#M@yeEO^3PgK0prgD%jyO&p)Kdm*hW0S>Ki+Rl*(Hw*< ziJ|T;9NoCO`+JwG*1Cel{%BYGONc7=tsd45X}ZU!n!6;v?Bdh)PjjZX_DDZoun@(& zORH7uTbS)J$(svvg=5oA(B-3g9j{Mqyg0Rcy`{TT7o}Ie4t>45&yQ={RlGtb2#C3I z$xAy^Tlfy9y{Tx?uGbpE&#h;lYU*bH?JZ(!!hp8;|Ix4-{~r#I_xC^SB(>T9G^F(8 zVZeTpua#QnzjeN$Z@uom&x37$|9v<(TloIp@Mu5(caol2Gd-2)c?c9e4;i~nV&p7a z2yl>7h@U&iQUASofd;6rqdbb{R}+@d0FAy!0r6$wg#ekpT>8<#gPN}eI_6Yeftvlm zK@-w1ot9 ze8{rsrjD*fx?>Xks41B!?cN^a;qc6-4hzHd-w0J|LR@+{PWHCUmx6lD-L{P zy~IJmLAF;P_*lviT$|&Kav%?IOb+gb2l-avgQjMr4wE?0mkMdlNBWB?X49|<;C%g` b`|m35(?0FfXHWk>00960#n`TA06+l%Ha`~4 literal 0 HcmV?d00001 diff --git a/released/assets/rancher-kiali-server/rancher-kiali-server-1.32.100.tgz b/released/assets/rancher-kiali-server/rancher-kiali-server-1.32.100.tgz new file mode 100755 index 0000000000000000000000000000000000000000..5495756ca0cb68c21b1fe0853d0688cf97d223f9 GIT binary patch literal 10200 zcmV;}Cnwk+iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBxm)kb7=lr|+6j(a<#Lilj)X$9W$=U5`JBjc3(YL#kIkR(S zc_6YRAtnJD0M)H={N4B9!G|bPq#mtqPlP}076}vz1)%DOLILEM`cvTDj|7LLD}c{{ z_b#WHOLvZ=@K3u){eHiHc5m63IBBlK_k9h+!TG zH-G4A&Q!740Eh7u4=QPL_>>U7Ow;ul2PRyfMQ+Sl1ab7?@!=68$-V%X^--I<*(GJJFq1$oE#M?xp+ zB^`4tBu{*qaOgysP>Bfzu8Ts1NjNkmyNXlsernz&QzEh#Wl(oX$82!|FGkXPE)8HZ;)Y!BKWc zOvzX}2q$uigydMlWbSsJp}(^PP4Ntrf%!<;9l}c8A~r^nM1bz5SfV*gIJ#zu1oX@G zTXaXl5RCwhz{iPz&NIZxWGay=EvJB#o05JC%GH!$I0=MF|5XH0r5>sp1&I-O^o zXXpl`By=JSt%yX#FUaTe8r@BaKSh`WibL!}pp3f8aLMSHOy1#G_4a!vEjNsYb0nus zKnem90RbA#b)lb?L@q68Fugqm4sPdJr=u;eSAbWJgPx%P#yAP38hm#uYYu!eFw*I$ z(WjuS8jvIyqR(IK4?Q~V?{st;v6|kFfJ#-+j&RLqFCyY0Pqrx zlJxbBg;^KA&k`!p6blpskBCsFP}mX(X29oist~8H@kho{#5f=YXgCXXx0-6x4p<`X zV`^$o1QfdILu#dw9ROq$LM}=T^Sj9T?mLCWaS#xNA#vzgfaoc$Z>5CCV?v3Xt0D+d zrbdf?fl$nX;@=*olGq0Z{CPP%H^t%J50e1I5dGuZZ~v(u5t={xPCuK**yP4B@iP42 zs6~kIaY*Q-H#-`E#7Bhg7NbVE%hS8IpYvm^Y+mKEfV1gcySVjUd%$` zt6^{v-r>1$7T*f+IY`ByVou^o4!{-n6AnUnK=CMqz)mEDLN=KIH_Zsy#2YgnVW}2C za4((gaR@U|)0)sRGf$PW^2P+hATM*&@1J%1gKq!mc5piEpA7q_|F?fW?DuW^aTJHZ zJvEw#$Qh`os-HXoA^4K- z?4uchJ5SAIFVdrTj6(sP4%|!Ng+XuDzBS`^p?fDDO`VWzS=$#Bs&YtPNeHJN|+dcX7@#)EN|M6{mtM_g-bMi_@6lxu^u19sCo5Lp^XX$Mdvod9yfaY zpnrV+j9lYHzQ}x6=*yRXYB)3kpat&{p(q0f7xm&g+QVTrnVZ5b?vGZGCIRzM1}D4_L2q{QM+VTiu#efiSqsBE3r_pw?I ztEGmTv3mVJ1+%DiJ38a%&t0`jBNQySvqQ>N1sv4Pv*?9fai+Sz8n08)?|^<+sE7LK z>{$OvqMKwqCilqcI>^!j8la5DOAczqjk6lYNf^%2rv!&&OcVx+W6iwV`5PG8I=@sk zsD_BtE=c3DCi5Knr3aAPY<9Kh0HSA&H3*Zq|>eJe6#2=>(r(u>P)7AQwSqh zOnbVMhv@U?)G<*#2wYVoj^h?z2)d)WsVD_rsUNGdP>i|kvT^PkSnA~)E4Oz2T$XaT zvR31cXw#j`Wi^teJ}frUqRVCWe-XxJ1R#M&ieWNF*g79j=6pcUO>;Cpc5f{p(_~*D zF-_gYsh_%OMicQWrEHhSm2-Q^FXApaMO^ETDCmAGG_DPRUgr=THY2$8X(U?1d<@`|%pODz3RP}aZyzyA>5IK{WmzY#?h{hfmx_dBQf=zpt6 z&Wpv$bK}=gr>St$T4+!dLiTg%$2Zoux}zRQJ+&=*Ag{PAjr>hj59Dum*#lK|?xzRH z7(G{3_qhVj*D!(mcUbyUJ&U#ObSUfU7#R@70r&zvA1Pc|n&B_dbIN2}YFV@EsJ(bm zY=xE#av;?Md5a1%Eo5|-+PsYaidk3TvsancQ}`rpj&_kE?IKP6qv#{dTfmgmv+5Sy zs+F3pChsy9UXgLR*&Ng0B8;c_eG;L;*=DW3gAwA4H7=p-f2pgtvYDkkXt{mm9E%vV zSA*|W6_+?R5kmxodvW!~f&k(Ej0JM^PNkdevzZ7ir#PG}@#?YW7=KdDSX)b;sfQl< zz|E4@MYnppkO)Lso^Om8MIXNx|7rI67|nNi8||sB!_D0P3*9lr;;%5zWS(*46tXY% z%reb~>247ZT8-qLFmG!ex(8{<*5+-a)xDbSGthbX#PS3i;meOQi9d36L+16C-7@Bz#R$)qThKM;E;&Qis2Qv>_&3_YFn? z8IOSjEtj7Wtmzw$7UZJ%K}^Tcy33Pgao8=%{$b`g8KV{5vj|SVlJ0@~I3zxi;T#bf z5aVy9Oy^sqHD?LB!&I)>XO&RBI1B4lq@BdA^<+ME&E~XcHG;?O_H^aEH5=?{^m*mB zc7=%a?9C`fNcP3Rt&A+(FhQILy^)Wi4Umas3@p zLKTujCx$@jI7}9Ph%MF9}{8~8HgF+1Smx^7WxJaz{+q^9|=dojZCHVUBW{MYHp z`QrRP>JJY4zxzoKIe+&xZBypVV0BFZ>+c!0-goF76B4n^A}atdNECiRQd`i4bW==YM)lt?E)K>@qK@EzG0f2mNaSz`M*e2K=KMVTz?`9#jr67zZW zSX#>GF06bOTdz^7lP}F`XqFamO%!u$f*e02K&3|lFXk{N_qBBtCfEw{mHwtWNmO{U z+Rf zt>$Y}gZPdHq$K%hLgIkSSP7@`yV)5P|x^(gpyJy>Gwte!D@G{H+OG0(sE483*xGGj+Fi9>zj5`^4_75>T7 zv`V7qv8d!tLOpY@*d5)0v_c}JLV;e8(c4^L1)hGsy}jB%Vi`MADdQqf{L>mT`)Zs3 z?d|`BZR!JPu>Z&Xqq6<)pPe2Z?EgN}6SV&m_9({xCswfh_UO2JTE+nr=A}nA8*KmO z)h|e&Q*5JsV$OUJ!t>+A6W}u%h(%3Zp_f&{lL?1O(PgRFu?HcYm<4*3>tuma0TFSC z=kGIkQm;&}Z*I`Lwise%qc{k?2uzLj0)c8n{ebQIiE)-lLff@r!o0~+fxYvrF_VQ~ zgi%x+0>xhGwQW-bk&svlgXv62jf6O}*lKL1NAUXER2hjDNfayoY;DWI6H1RTT zsJ-SOhl343@8aqWvQUT62}-R}$qZN<)y5E*y&xPDFDJWX>?(}HlnBWt97pX;gWhba zvkTYh%j!1&m{7CQe~6Y(m^ZfcA65csEpZ_|A_edLR8@0f!lY_y1&h$Zp>KNhzXkPfB&d-|HskE z+2C;h$6nGCwEwjOZNHcxa{>L=ukUh*@L#{aLsyK2b-P5r%_47W1q-^ z&!ch2h=s_Iusb;V(E6r(B?X48^F>kHepyL^`UNEm>+N2#d8ur6(6%~ZKWg)e&WJ7A zR`1lUVfE#d0}g~2+HLCw zGk>dh^i^hLOSZKN<%+7ULe2g-hKSKkYYcShb?bb~Z~y_)7lpRBeKxxn>e6*})>is% zH^^zHkO_0Zb%yw&@UD&FzR_W;P0jaNq%W!3fd~vK`E|-6!uLB6L4@z0WaGDiZyVbG zL3``pBL3riP`3Z4{X_i6UeZ&y|AVj4`g;ZQ+JFKMX6j(3{wQYZfuXQhD!WfeylLIH zrWg_uuhGwG-KJD?-OatNDb;qL{JKI~4{43GCjN^#8p=;Cm zby@EDhLrW3*blTc>><<~KcPEd$L!1`bbEG;wOrg*S!F9L`(c9$BYeMEr3#5{Q?UUT zo7HWB$wt**rXU(k0mqv{Qq9d0EZ66>8sKRSNXGX&<45((=A7s|e0Rl)UbHpy@<8xw zL;HX4u5lE&!Tt}3CyN`1ecx(GV@s-kxLy+JJAJ2eJid*>& zaNzGOp%e7eB`Tf(UKve!T&rg$zBgCoJbT%O4xr39(jT3xkEdLz2Qx0KEYzk9ZDugF z3t?ySs_40Gpzti&lPlMCL`foq!3F?0{&>qR> z|DFZl>e{U#un+2d|Atw6THTvs8id85?52YQ=G?q3)&@B?)VGdSvX$2yk#A9ZT5_}M zU(d{Xm&GW=lU6!=6;GhZDQaGbC)+9N=^FP_RLAREp3I#TYN+a)DeO{sYu~&`Hxn$0 zb#@xErAyleRxa{u+P9nir)`>dF~cNOit54Ih|?PO)6j?Zy0^FgpAyVJCYu0&ruE-R zf9d?+`SIcY$GxN{X#ed%dz5A0f1A3iR($`RvDFmWx2BtN1~g!ND@Wzl4k^n+@h+uA z;7OyBTfq)xw7WZ&D5Gn!Wru+pm?d|@VJEYg+UtK2tBE^eOtwGyWm1Fw@1OOT&VLQg z5BLA=B|Sm?Uop@gX)$=CIYED6Os+fuRxk)9y;F6J?MW%1P3QkQFtBObAL(h&e>2dYk_x!h z95rbH!}n93_i1WB|K*f%Dlut``t#J}|LG6P^Z)4R+s%!+Bd9v0)+lpp67GG5`xzI|2MWEvIX1t z#T)Bf$5U@(08(O`)Ng|UY}EO>3}h1E@EiCWiXbh!S_ZW|{ADgdAOXvl^$^+iK4Qy~ z`BJB+XzlDu|a?{48^!C`m`WvG)O9(h;ycIlJY>F3 zv`0dLzXF%;eU1XnZ*-}7s`mkKd2c=&WWVQF`W{l#5kNzogNPXw&_0yC#t%^DCMA5k zI+A_O80+UF8o#o>YWvs>Sa1+<5TXu$WD+RkYidypG$3?>A`k*k*0E(-%Pfhf z*0B83C%ZuFd22Jey9MhHAc7RR;4M*0)^-b7a06U<)aKrCA|;eRbF)>8|F%eSkBvS6 zzdvwV7yqpp`m0lO{NIxQ@2G$H{@Y&Clf{3J7y4UQ{vV$n=Ko&Olb!#Mcg2`t=I(6YUsR6(y;@at)`TG%2& zk#56I2EUO;03n`#?Ni_y1WULNV&P`^mU1BU7x9D##Mgm~{wQf({AZ2nPUAlYM@#tc zd~k^W*h_k{_|I_gv=HEprqd$+!&JCt{D-B!`}hyb&A&(dM<%76$A4sE+G+fU&w^Tm z_?mOZQ8CA(%XRCxk?Nse4Mo~;vT@vqWn`<3=oBTgHtnaJIv^ks^18xRHPV z)P(;a4%s|fJLGpEt;Tq5BgKpey&@v$&<{fff`gj*QL>3dVDfDnAixT!Y6(x1L9@Ue=MwCLLk zj?OG~eZ*!mH^ev#LqaFN!~vF&(vR@{O~NNIM1%avFEqPmGJP(!;=L}CQ25l&RLg#$ zk8)elzMoVI7h1n=Pkf&fvPH*LeGs$2GsVmKCHp&$!iF*{>a$kJA~Q;vTm)uIT-nAL zdni0G%bX(FSa0o2ArWd#BYcjv36wl30K3IZG2?P!{FQ1^@6qq*Q^F)HwICGGqWUoo zMMM3LQ!g5XvQ?U0^@t&wu$TI2%N{Ib7Hrp->Ezab1D_EeE_{vs-)}I+S2T+g z#)+KU&(x@rd9n26rFxgu+mgysZ!dL8Jy#^c6Y%0B4Ar`ggDl8fzq?Ap@W#9;>Mf4x z1lA?k&DDn6!0o~VpHYbk1zuPL>3W99`TRN4RLBu?AtCYt7~>?A9)}4LlFv;K)#_{} zh-7?@zI+*0=aG1VzI@4td?uJH77~A6*H;Bm#5yDT9a+|pa}nO*xp0aDa}%A4^cOBM z4RS5iMNW^!vZo81f1TpXuFvS0OctJ*Z1#=aHtLyQ8l4ri0pn5>D>Gcv>_ws1 zu4+`4RaL1-juc{Bq2!y@Y08XRZgiu}mC~A_k`7H7`*Z)#{guW5=^!;iL5M5PMldW? zs(AScWbqL~Y6ZTcr|o}tF!DHK(%3=CNpzEp$K)P4JqMvLUwTu(p`89}k+g1GMR#QK ztaHdIO-bb3^?^%oOhQNZ{EH3eth%#?W+yz&|i|#QYuu1D(kwrcz5;o z^|g0>al6zbP1Oh-#UXG{tw0tUGh<;A!8-+>>S1v@r#vz;U*cJ{~1BSQr{r^02v9 zu2$;7G0*nO7fii~Vdl}IqoCCUT0MQtIDCiWqGDY=-?ELRyrVwC zykh#L7IoppQp0vL$yT&uJ@mZQ3^Y@r$il8BLrQzC1*m3jc@9@&f+Bq)Bw=oQC83wd zU2N9K<(kT1!it14xee%HvFd*u4w2*utg3TMowwYlrJksm-zGT>%j zRHj+ybYL7kuaFuZj}_3IyOag+0zI$E7PH_*-3t#>NnR9&N=ma9deqgwunK1ZTvQUO zSMiI)TC4e1{Kah1Wype!xl^Qe&YbRrGKW->ZMZZvTeG@`ze}>veiyP})C&)bCbyo~ zB9%%n;~E^PA>*YE|Ga>De6z5F(8Satp(eIm*L~m()rS4QX^gkn__L|${LlGu>H8mp zv-AGhVgGL*seZ_-t`{-*RncD6Hdd9uG4W<5n<{9w5r1Z!{EJbE!z&hCB$5dqhrqv{ zJw?s$E#?!Dna87Q*A(e}mD0}X+D5z6q(ri=$=N+h)y0~j7!C8E&K*f!KvNE9{?->86BS*g%hU^F=PJ_yi`zXrnzZTkyD_Utt?h6ht(9_>b=*KBJJWz^cnh*ab!t# z>4eaGWc9m1EDV4nImHz9-J`zSM~MKn7)v;GN7(-eG!U+(^IU-4^%28fZ$jiW8M!`- zdLNS!a0&%=W9sP}2~K5Ct;azjd|(3>3LND4 zx$rZ!o0|=P20pZ}wU#{PXVW(T1s1@>=a7?9%&L1M2 zNY=q&$nGxa{KjW7Sij`zS-g2_nE$beAAJ3Pbb4~OwEjOieE(rDsWgAhz346`t7)v(^%_g&$lcE5YZk&^h`zIHi?2#5|+sC{HJBm$NsX1FOW53h8Ti>72E{q`cT6ya)JeZ|R)gfM~E z!pEWR$|2GSyMxe}@ev6Epf_{j%g{FO+wZ;ZnJvT(}5+Sb>dZE8q4xbXjA$Y}ETr}&Z;)}O$%}K`#@r!`WYh5Dqp3!Ub-8-Fg zk;|nTmwE3lGKm%&BH%5d$^9ZhP3(fI!6uS84nYBY9Ok2OcM>Y>+;{U$HvJ2tSk7M& zZU!l5=EEZTSGEh;MFG2`cbEqkS8q&4HA001Du30aFGEbCf{}h~EnlA+?7vd0U7u0O zSr~_y!UKH&seiik{qMo)dH-Pl_mTE*l!~KiN!ivNLzjekS&HhSnEj`PoD zYh{Dv7cEpsgxtdp-NU9f^M6L*ZrwW{imB26zx4gj{_*+Y{;$2H4d(x4m?2SPN^6SBDZe2QX<`4jb^tcm|K;z$4$k}M2mjw*(qq~GgWcAO=X=PtJID_a=enT2+t2?8^ZyR| zr{($IKRG_cf9)l0xBlB&4LsWHEiPhL9sE)#$YV5|dr@`-aYIMiL-@*CWY1#jG+&}35y`&w-|E@my^9)@G#K!1D4D?13LMQI&OGE(z zB$+;$(d`CAr~+M88;(hLhC>o)9ggm%KoOxrVtorHnh}hChA>(Vt*hcUgRhC)&T+Y? z!$iA3J!Gg>9#VSH^F&|Gp%9sNm;@dXY9skL0QLDiHX)san$t9|g9+T`+0t7EuWj(R zqQ-`W6QR~d8}j-nY4b6Ttzbf{knslnZ=Ki=dj9kHxPM;O|EK4N?|rd;}lLY&{_V(HiBFY2+3Pq>%BDGs{{537`4 zUJ?58W!URg=THor+hVi3TAiwVoH1E25>Eq zTV2s2Y^%gMk8MW3+SCsJ*?Z(Rgn>=_KgUb)zk|WaVgF|@sR{q3F2yGg0}onYqtr0} zt@8!C*6Y&sd9ds6{}1}-$K~%o9`=9tl%82TK9T5o2oyaJ8T**T$XT@!o_l7pg!tqFQ20M&6p)LK*JwUKzvzvAwZ@tSAI0ISMjw-$DFDxP_v)7s9Wh3a^@~4 zTl;g#ZlofwkfF)^VQO-4Y7>sJC{4k#i*D7m34txZ$6D3Vh^KI7(NkAY(S^7@tegd7^dm~kk2Q00^e z^U~Gb*x0Q? zX2+(Np<(%+^1T4Slm&CQ`4IiC3EdGIusio}um9p*fB10w!?(SU-;17atd}Uda_rR? zK9({B*XDSmR+v2;liqC5%R|L`bFJ>OnAsy1A Sr~e-S0RR7LasO2SOaTC>rEARq literal 0 HcmV?d00001 diff --git a/released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.23.001.tgz b/released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.23.001.tgz new file mode 100644 index 0000000000000000000000000000000000000000..a3fa2a7d7c095e7617336c10ccbf24b4ecec76e7 GIT binary patch literal 607 zcmV-l0-*gLiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI#lZ`(W!&Dp;~=y&;cuq-=mGWb?BJq%lS$YGaZ2S#RXA+jWh zbg=&WK~B1EZGsL6kYPpMMG!@iw7~c12u^nx^R)qMa>BU5nCsXSHyuQl5767mu~15> z+2!T9Dy5#Us+vzH<#ay1s>*6Un@&`DHJ{BVLLHs?4=@lzoT#I7J^#3W1mK)!VB;Ot znGhNntZ$_TW{cAJqBBi{t`-*@2fWB2m@gQ~cvp)}l{H8@n!w}!gChoONpOeaX1O47 z@1xk)VKQ^jW4-q*bzjC00c!yvSfj`4vdv@GQdU!`RGIzlr+X7P$bZH@SYV_=$A*p) zg4g&zt1h4Me?Gf9^Zz8s^ZYkXLooQA(WM>9^?OPhuqju_P-bi6np)fp#J*o5`5|gt z;JtBXq-c)}4KO4j+48&h&ajWhwGB|W@{n5T$tcIJlg4KhP^W8c^h5ad-jmBV=BQFa zY%96@>9%+bKb~4c{PB>-Cqq1X1v^Br`->bM$hdZ}5cj%dLXh@Jr9P*!0%%OOolK2o z=DSzelwd;#Z?6}3x3X`J&++Q~pS_s>(@LHB ze+v9}cm`jK<@QME^e-s50~Y4Rj2{Rav3d|+_XYa)f5#lCE{fK0H>{-geX(;a8r10Dbn007;lA7B6g literal 0 HcmV?d00001 diff --git a/released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.24.001.tgz b/released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.24.001.tgz new file mode 100644 index 0000000000000000000000000000000000000000..0577a3315f69d90296fc0f62523558fe12704590 GIT binary patch literal 561 zcmV-10?z#(iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI%5Zrd;n&DmcebZ4tl;v|D_MbpEub%z{wXC*ckB1?iq2g~0N zveR|T5_CX-6dU|5hA4`p1inW{aH_#rZVgydCX73brHcCYzJW-553QYC3L%78R8{{K zLL7g^bUB;I*>XOe%`3T(6Cvlz#eBlV#hL#CT_T7RadEEW%l#t&=R5%!?^0bbrhvfu z4Oc*9ksE*87_HIO?1o~8Hw6Uq4P!Fi)oeE{G$s{Ipnmi>-0GX7^np->xzFE-GB%vvH=U zXp00I2(pk2{BFH7#%($a@uW+^SW-T#)Yn{A0EO9hkg2}R^6&~f z2{tq!hoG5ax@K8U2Lt&C8$4Jz=T{ZBv;1E_+^rrTc&jhZ@fQDOC64F+Op1~J*T9GK zGx(0Jhb^Y^zaXOqh?zfTe3wwOr~R2Z|K9f-F=E7s5vTDZ00960)x}Z?01yBG0K5o( literal 0 HcmV?d00001 diff --git a/released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.24.003.tgz b/released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.24.003.tgz new file mode 100644 index 0000000000000000000000000000000000000000..3a2cb529dc3b54e0120c9a59f18d5baeddab4ec3 GIT binary patch literal 562 zcmV-20?qv&iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI%5Zrd;n&DmcebZ4uwRF3xp)xqk#;ts@}qY-}>dBoG+4 z;Sz`pa_w$gtrXgZ-B9T9CIhd(VTjt z+981gf+Qp(zdL6&xuESvL2REKq*i)0@}cXvc3Jc&)3Hr(z5n&xtIHU3P$|a7N*;f@ ztzN0A(+4o8iyR!HwwvBSIO&ox7Ntun^);2{L1MBUWNIigKfJ=O z0OMOI#-NE}s$oe^M+3P48$4Jz=T{ZBv;1E_+^rrTc&9GU@fQD!N*vGsd09^UzXm>> zpTT!*J#I0X{skGeKurHJDc zVQyr3R8em|NM&qo0PI%5Zrd;n&DmcebZ0BF>n59TMbg8tb%z{wXCyWjB1?iq2g~0N zveR|T5_CX-6f68LhA4`p1inWHu(H9BZ#5X5M+`d*xeRK$Xdn>ZLu)3NLI@#dRn>om z5XWCp&Tl70B}yS?MJZ+zQQXa|y9pB)XZ{CtkswUO#kr0z_n!c)bp)iHjdjMD1OnqW zTmq3nuHCfJN};XU4TTPGGVuC4hNzvb*{;kKMj5oHe*M`-0%Ibh2H9e@jO@t;cB;d8 zW}(IUq4u~|Dvt@L8#eb;gAvglE!W1HYQ|NFTYmmy}aQj86iJpOW9 zK8NpjjgIu?oX1xksrT}x3t&zc**ipSH=TiS(j{XoN|#jXTPn+g#AG|jR9|L(c!ga7 z#y3z5K@-JP&61oB266#5c(8EJuPSV3`M-L&Up_wYR$ZRsHU1ZsIG+FIT#Wp`20omh z!S`%6Y%!Vs1sOF!O#e0GyNHUd_h;t(TiDc zVQyr3R8em|NM&qo0PI%5Zrd;n&DmcebZ4uQ>m{3SMbpEub%z{wXC*ckB1?iq2g~0N zveR|T5_CX-6dU|5hA4`p1inW{aH_>vZVXscCX8E*rHcCcu7yZ^2c4ar3n7G<*Y)rf zLL7cYwYZtdTGT>Tm6T#8Rx{fwhTIi|lT-Ozg==cC5pA z;h@9j=w9x=f_4EL1|e9ZhU$v#b5_Z#k6a2-y!F%l7dXj(!Y)`KOxG&vbe0gj#{YR$ zAMk%MuO|Lq1Z7$N#%Tx!zZ1H=N__JnWewQMMyefqaBD?k$}2iwfIG{;%$Dmk;;6)92@SjsLP1hx5OhR}=p)fp@28 z@GV=7TTJDDK}IbQGk?tZKA~ohyAyN%t?xHs!h{JEj^jrF00960VG~>H01yBGOs5OX literal 0 HcmV?d00001 diff --git a/released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.32.100.tgz b/released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.32.100.tgz new file mode 100755 index 0000000000000000000000000000000000000000..b77c3d3a786a3c006d9515c720eff32b45a8aa12 GIT binary patch literal 612 zcmV-q0-OCGiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI#zZ`(c$&Do!V=!ri4i=K_5Z#bb{5TElO>eEbjudvC` z_!_g}(vDqK37wJ-26h2g^wOegYH%nNzivKB?U`N zG4+A^aA|AT*8Q~Uy(Uw|T__>MPCk$Fe{p>|zr7Ysb$XAz#s6$3_ve3pk&pa;5Bzt0 y24BKr*aFr43j){3pnse3ZKMj8+aq)Sqw5Dc zVQyr3R8em|NM&qo0PMYcbKEwvD87I5Q}h}6{A{IWsE1`ct8;SdD7Lbz-^Q{^QZ{!h zl}a!qW(F&gU;t3^Y}WU)-|7ZHf*j66kCk_`Vya>d2WT`J{RSGNSdq-Q8eLUmKGKF6 zKFYaKBGEf6nMhM! z9Kyh;iVu35NPP&ID5{Uaw~nvy>x3&KCW5Dj;NJGPD_G8T$r64D7WOEYg)mZyVmi`u zZFt__QSpp3%|{5J9;1h&BUXw(bESnW4&iz)Vr5x>+>3u7e;K7*CrXrtUY!)$uq=Z` zKwuJ%W=yFMcXp=2%&Kvm$b1I@tAZP@ zcY4Gxy5jR2sZxCyjT|ieqb5l-f>Ozxn;EZkG=c_NlrvEnCJL^oGtZgG4#6-beu>3c zv6;yKH?K0T<-{N+5rCx~HQD>}_q$E6oD~(%{#R9e8uO}dnd6ISEycC0RKf|1+Y{j0 zFV23v_cGqw-HSfAwEXs-75e|0Wfj*CU;tL@|Gk&HuikX^|Eq&1{r@P>G?QbNIn{46 zj(-7IZTpT-Se2P`J{8)i`5_DjQM3i_HCXYP- z)TqnmwFcSAg;G-Sw1*x0v_5`ff@XR$0nH6+dqjN*W+pV;h%AGYmzkXRnFgkT!3DmW zRM`bLWFO3oL&^+`wruw?2UZ!GGb0j~WpmIorc#~)OO(_a{yYA&6+XqwOe9SI50o<1 zP-#(23EH?4nHh;9+9F7)(22a}Y7P_5Or`E%aJC#qJRK1>XkxbD5~nOQumX)7S0d+y zVVNJs&kp}m9102Au(8O5nZvYViWP=)9Y+Y;L&e4C1siAR5lmR7c@+719>N|H{#&69 z$O*7C6=;lE21zD>scD7dlL1a-F%eV5p@%cJh%Na?mX{engwelbl3x^p*ZUs5FQ3uaDk>;?6ff)kEJp1wkDztk^M7GUF(t z_zC;+k3t(10{j9-psz$()}ILwej35JGN28~s>C;rm@G+TRamLSE@M%oBvTTE88*YA z+~YdOgifXTu^aeYB16q(rA8i?5%!Awgq_A9TEGa-s{(F>naRo^`3+Yr%|!vF64x3E z&Qa_~@Zt2^zW`EEgP1_=3X|w%S`yS3V$#I~zo!9FObKy;S^_nR_Nz_pqyqZaNWdwB zk=qeq%b<~807t4LODemP7bQ>7iPvy5L#?h*%eC5pp2;dpQB3T5rbAHtmr5uO$PpHJ zXR#6V<&0a@<%A@!1J*8l?8#e5Lo>z&bX+C0<1$v0z_mRVNfd6_Z8y)#Ro z&-sKaUL-^!SrEl?sgM)MVi4uHrR~j(7i4S@G?@-fFchCOdZAGU7^9HD8>X-HPOZ2` zrA$YObgudiSs!PJl(< z>DG9=#v}x42)_uzM^at@Gg(OGTRGjdn3Hrf|WNN}U(i?+6+Ql=gW=f5o4$VJNG9E16k zG7X#fuO9-(EmoFH+vM~IkX)%>kzp5&Z^ruflkgQB7@3gWVH!;C?m}?p5WYeBK&+oAEmOYV`~eJCKFMh@M><*D&BS6 zn!CJuCMnvnKuA;L@H-K6Zz(2v68%e znn+*;)A0@>_)ch5QSR;QDxGrUu!N&)CNkt&NMvSLe`(YSU(dk_26^(#_l>r~-WaPm zNrguMuY1;7(zW~W$;SL;;(Ytyhs_(WubY{&Bl!6?APyj zk(N?~Z)Q@7zoAc%l`^HUDPb8`O#{M6Yu>zR4V;Nw7{!Wd&>*i2xy3hpJd^UO#b!;b z+JFYHtY=TkRfO+l8hk3b(n1?vm}}BLNybFJ{OjNwnWpukk7?0cUp60nd>A%x@31dA zQ3{t)gj=ea90!l&(g_qrWj@MVkj#eLNE%%ql*g@(D~F2e!!=h*q}*mw zYC&pRq8C+v@U3n48VBbzZNc~G$5)hiQ9O}(&Wn@+3nRg~ur;oAZ=33nka2d+ZNNpj zo0i;$H8Y;$00mFD)=bTZHe}|xytb>5R4SXpSlK0<7_Q)XL+azDiQ1+m1LlGn%)46eS^;Pwh|-YK7mf&(iBxhJ(% zZhP21I;OBVMu6Xh86za>B~w#w+!j&8Q+x5=LHv7UxD}18X(Zvr5Hg$i?I38Wh;{&0 zq&}E~_cjdbPq!MLaRfK-0CQO?>98mw9Qb_`Q1u9X4eF0ln?u-*>A&_@XFmD#v;p&* zdsgiK_%w;$IsI^Xd=ZPq*A~^_BtQP~)pCKFaVE?J^?!$IHvJ+F^$s-_(6;iGw~5_KKsE zf|A6Pc^ks7zt&kt81%#~J~ugl7(RW9*EO#_9oJr8C$ZZIh%=e6?C{rL!S5ltHH;B2 z`1ENfoba4xN=ugl7dEl0q0BJ$OAPkvDN$(kG+ALI-#rm4IuGpr|4%Lk z`pIuY3}E!>6Ezf*TD{m41pYW!@5zC>Td720CNTI@hrxei=rh_KK>U`K zcAH;t9it=Q0-*R0!pA}crzff1oE9XsXqWWUr)XuPzE#I1hHH@@(stlPWZcY4{#A|w zoy_qhjz5ow}6N=v2ElpOBfu6w}a2@FkC9txjNyO3j+(M`J2FJh&X&Cc_RhomA zdCN(osZRvYQtRJPZ0=cBXm~N66ItG!USM0=G%tCw9Y-eU;jf56@^OhhJ^JzyY2$Q7n}B+)~VTu5oR> zy)}Z3{v7?M9(17Dac{$ND`m^GVpnQ9+r@5wexvnmA1pXsw$klpvD@Xxh5&%Bv|pYV zqDZnTUF%YBF9S{U>Jqv$$iV$E*a*l{Y93{1P>_J3D1|9hm$pf{%?jmJX2hsz6l@=W zD9|q+3-qyV0&!z4=E4R$(GKAk5~u+^Mr&L35V6DXb|OLR9%_AVhv?tz*~tHQ4peYn z>Q<+M*X4f>-gN3e_FwKDyn6EgALDTv0Ntbd%;}gVUg@^pwNHzYw1yQG)P_}tb}-4I zjjz5WZ|-_8x)Mct7@kP`+A>mYnG;#nT+ z*$!z*>K)qjPoGB38}GNeo{I?NtYA}~j>dBf$g4J=vtQa#6xy&N;q7h?gSw>Rb~&O5 zrSY6kkXnALW5pUo01HddwYz?iTL%o=2(D{d+km^z%Nv7FpCVn^{NN$RM1+0&tlM3O zXdM>2Wv=ZvW~?^S|BdT$r)rQj^&hVe-t2bt|K7p=Q~k%IJfQ+-WvNkDcho|7c0cy} z{1~xYiEK(8TGDU7eOGf%DA%FRe|!Oc3_CN}%+L(h8jL}Y#aPxWv`>S61GTJcU1}E~ zepHu7QpXNggrxvhErOAMVR_cy;_o1elotjLx;nn(R4m~0Pj*#uW|G;r!7@G2LN#?J zp)qqWVKEe4#{2cTq0_suuRZYdHe({c^lFxl^97WF8m6O3AT{`8E%H1VC*O@DABa1? z>~Kd1Z2K5vgK?{hd2y^xx22;|>6_z6dw@JBZV4DBc;Dc#nA})T`o4rnun-G*k=AkE zHa}Vv7S8+Hr#`9M+7@g>b8SL42+skp=-D(|=xh%Ruj`Ag7P{7llGpWi4clZ3R;5a_3XpDpH7e7AJ<>F&4O=~ z%nyT?VAH=YYFK!G#?0)nRx_j*mJW4scJ%fiFrGcjw?I&!Dm)VHkXUuS9E44=Hywao z({4no(d~)jI*rx(J5+An!xMd7&oRvGfEX23!k(o4bJE)2G9QuML~lxl4SI zv@PP)0ry#WPl|mqam@>^^_h}m9>$?FW6D2p(+*8bOU4;znVJ2q{na9D08t1dSoV%* zY<_`Dlj=iw6*Mp+=dvch4|&>yxMT|hrUWR6cqdJF3I}90ENhZ z?tQz5dN$hsZAjp5N4woN@VfIqyZZ;7{ono9FJC_G|31dE-Z$wU^QjN>Sj~Iy&D>E- zh@bX#@3^mPFL?V|3A*NsQ=s7#rxE2|ohPMZ`(lR4>Zo`S^8{po(u5zimU)ymh;+@lb9%p=c za`v|U;_T#I^P)MoM)Oit#t-57`%0Vh;I!FuGJ@ZVqWaisM{SOZIelN1WybA=>GmqB zevtM~PqT z0X~)g)s7Jg*=3^us0BTNwX-f9R-F9!J^*o*gG#k-^3K_4b` zsY!hw<01U;+`5m?e{7Wub=vTch8NghKkw8<1UGsjsCIB7IJT!dSI7F04Ac+LE6wSp z?`iM%j@%*OJC-MYZrOc^=PvsHwl&~u^M9|p^?xtlynM?4J<9W$_5V{9_(Pb1`&WYB zWAvs-8@1_@GVMD@{|{2C{TtEM|A=QJ{eKsyKX}&EfA8(@F6{s8y?MI-<58YK|G(hB zz_UITZ&by%;YA_M%KIO-A-v3q|FZJ(5c~63uDQ!Yzzbbw!q8FGXA1{ew|kBc`BeXC zG}_z<-4a2o(dzp$+V$<-+cbI#+#k-IJzH+ho-Nw5XLmGc&+cf^o;|?DCePsZ4Aiv{ zUCmzyNeJ}W?P~ZIf|5bl*zwfh$5u!}W^hG?UmcnJFvx^9gCPuVm`P@XAN`TyQGJ%V z7u}}zZxOv-T$(b#dynl41Q$mhJ2;EO`+~vy4j$AJE)L%WiwKvMrS8KeC^Wn`HbDvE zozV&E6Yq;pQ@OYqS2RV8_Z@j@dE+7?{##K@`*2!X^mtzsn{vo?OXUjaFuYwZ-A&=- zeG$8@Fg=JMg~gYfF-us7dEe1jS7`R|OqvUg>*Hz&LUX=|D{W7#Eaki}{y~xFX2c8X zJ?}ksrxJ7#fsOdLTP1pLw5Wb`Luybd>3v6BQe?Ur3QOuu9~!5-qVoWl^p&eFB4d-V z{W8>B!TJDrZA=uI-haHX0QRmnI;@U;Abh%Yvzt+5NeS)!acULUZi-8*&i1}I=%xZ_ zgTZ|ne8dJ#JXb+hgyRFk-8;_x?DvihdWda1B=4*-kz1eQ{b>Df|$w z!Mc*-d(UB^`uA?6T`UZ~H)j21&?|lP)hPB?NpFhh(>cw5if7~e?_Dl_cF(%~zt;!d z{O{hYmv5f(zmM^B^1r=Xd@ldHNkVSBmhMe6y0=Q*Ho4e;?8f20Nv5?ob$Z9$#PC9C z+A4UqdavMq`Qe^BrdN*FJ=OZ~7fbgNbkp6+XWb2rN3)L`>3{zVa(CPUTzCHe)$8v4 z|GRIV&i_5mv!t?@*88b|>$g|H)u|JJzWY)AuPR>9PceGRHSci__GcQ~mBl?hpVuQS zzmU~ymxYQ3+p;swzShlc6$h|*C#x@EuocpSo?phqZ`^v-SIhV-CI&NO%7LeVk%`O> z;qvX7eIr%(g4)(^Z7%-Aj&D%Nl%Lg&>;)oc%b>Lzcc^LTsAcQoo8=cFwJsd0r|4wm z7PIWR7l{!3dwt~e%iS;cmY}$2QS844#LqdCEd82gC|&C0%;|&HyZ*IY=r?Gyf4g$= zfwanP4|{!Xt=~MivH$KDzi#aYtc(Bl7vjJD{Z~)tKOg1U_@~!aISSruemceZxqgsl z`4Zl?PH;u{rB1~r7j|{vF2BF)sgCEml3Z2MnuI8iL7lW*=|2yc`|Lwnd`BeY$C{IuQU+-1m4^;ZMQ1flIZ;QcxYo5VB zW1Q-WBEq8|ln@*Y)*Qv7H&bpFyRwoB4DMfHz1hj98WDRwS=&G8sL7KF+5EYi{=eN} zkahb1;Glc|$HD$n{oms}pF#ik9o={`1E0qX+~cgrLoC`;?fB<@R_Om28CXmUsrdcI zSfl@UU+s1Be|xWAJ)Qq}oM#Kpm@!-x8jJ+H+Hf=D1&k|^(JgQ#ORm_I>p0qi%bC!0 zuboszgP!p$gJ~wmHq|1E=@1mpm=V{Uey}8X&x$nKf`U&;rNE0)@rn4zQ@9ak2LG`g z!-pc9gDj{gq68&ZkcooFQT*=Wrwbz$kG9~g%yU`5pWj|UDwK}msW3bAe~W$;kN>82 z=>Pu3Y`TO0^B?tfvC{w=v*fBOVInfFqc388Q$}CJV|EpN5u3b>zWBe<7W|nhAuA0h z?~Zj8mrA1Aieiy+wqx5V`PY9%MX^Huzdd<-e0p(w|1nm}|NiT}y*C~CfA#XsQ~v)^ zp4P9V^gc%=OJ*Ft6$vjiU)A1wG5hiE5dMEwR7}lbe|Ps_X{VVn<>AiG&CN~BXqZ^4 z=}u;c(mN4$ygWXCe*s6Q@8Io+(|0GACm&8P;F}NU@ZH7n5YCU!&Of~S?k&C^Qmc0- z7nkQJUw?;h2*6$p?>PO8kC26qBZtkv&1e96#lcp=2LT^>CX zB|@5riJ7DEOAz#nSG)hYO~avSwuJY9DudoVS!s;exb_gmHjH_}Cn6CnYeNt4Y?k~l zvKqh(spu~?*bY~n6-1M3kyZ#xLC7Bt0RPBUA~d-RT)C<&$7fauXjv9m?Sk?=0~D{k z%W3E!aHV)^znu`puW*Q5ruK3T9K*No&HP_DW=NZM8S~fmU{No(e|C zCWC2zFV)q8Qn-=oiZCWUgq+rhfGGSlY5}mMbJNOM%7I-ok+E^+>VUa1CRKaX(qhQ2biZQVzqzK11Lc8%yOsN#&P0lqLrZtsK|9FhqR@H#3=$P=Hio zDhihMtofoo_Ihg468|A|$>*qt-0Xjx?uOnIVHD4qsO6KFOcAFbU1%CPS3H|zq;N%q z8;gSY1Vj35zv!YcTutcO200l9HnJw_0#ZmFE+@^ZzeQEB9}`*VQY4kEbT)^asVh`{s_~Az%SAV6k?t1-tq~EnmlIK0 z4Nj#22BECRgGCYU_}BHcy#%gxc|roBe#|?A!i;Gcb6$Yr2`5cHp0~zngi!NeDqffj zhfSm^r8U>+@CM>%714eSe?YeihkaX5-+NYYVNtb@27e?$c=cHTg0=*0t=!~J#{SBx#8G(Ys7O7 zwMA}+&DMl3(PYCW6e5B&td(mBu&<<9D0XQOH6{=AuA8vC*RrhS&B2 zxq9w^q5G7G!7ZHj$Vo7=;)aQ0=>6s(gs14Bm@iB&7`Ps=VTd70SYsWBj=P7b7E_LX z(=c!*h(%2!Zf*883_>oIP>LzB|!2(b8>H zTJ`$7zz>&taQfl${=o6t1?(@)`Ex)QT70~u!;!>KS!@47V7T4s!XIm4mJ zJdO>m8w$0!O0UG>zd~i+VzN-K+X*NTlSa>=$(%M8a1p*#!$m4H@9PCwE*Bg0P-)VU z6mlT0xw4C8WtAI8!lP&TJIsE@kSFIaqIU9&9LGC;3j$W+%YT+I%l0jLNz_CY-Z}uC#8=>6ppN0YBI8=qqVbPqCK7?+FF_18 zNb3B?yz4~<$*drawKR3rc=|YEH<4pqy>Xa*zD;Q6+$=&fU>FO+x~{3;eYE{grNK`1 z?hVU;a zNuc6M@zw-Ud}F2){iFW_|ym)-%lVR%lnNXV+s2-0J;uW(>*T^z#eb=U+dV>qt|c91v`b1wMNG{J8&N>Yb)v-B zEkzx4h^bi2&w6R{>*lOMj|s4pdK1Gtp(%9Y3R`{86w+m03qg(Qcy0q&io7wzYSaL& zA_Xr^7Hrron3H|op!x!F?w`sm{1!V~xVlgmGT z`0f(EKRQ1@I=wtOzJL$s;kNvTZ{Xo?L!=JcQE^r=ye8Z_ZCn|8V^N`1EoJ?~l*l{_*Ja^62Z6 zZ%;1&LM-&n$>r(sg*`rS-+`OQaDtW>_%-q_;$dMF5;975ni-dB9;90QPL`3% zgeil9Pct#)MZ&j-^=|jDmCCI%KWq8@g>@7(q&yR2a_9)TsghdP`xbsk11vF`cE|hW z!)ni#`H%|6e#tUH1G|g>EiKF0w4KAp-u_5Hb2vbkJP}QjO%#bp>6c!Ij#FJuSFp?j z^%^>vF(eUJz?9uHM=M_2YF%Zf8|V@>t6IlY_KhgqVg`CO%ow~_xhL+i!f9vHGVD~! z^hRW1?(hn$SP&65z8i3(Kt6`1ba?`Br?yDc|&^Gfw|ru5+Bkp z3w9E54o00!XX&+|P11=wzM-{nMDT|j9C#}MzmMT4L7RY7@R}D#K57hgAQa!v&~IMSjZ;svY!v?N*DuVcf@8LbtYicnp7(Hy8=oP_iZ%(K7(t%#TjA6j`tv zQv2L)TZEFh?lmgXMvW4_)O$$)aJgZJ zp*u#=&L()bT8fM-d$`_4bHgT*p9r3%8hDXpQd^}zRxG*VM#JET9|uj4lCi{FySZm3 z(yA`%3nJ+lUc8gV^ZL9%Afq1me{2Iq>lCKynXIxDUHlpk7aas)iH05tk4dr$3$btL8$~K zu2BaM&{ni}KHcFLM3XZu>iu{}Ilu2(r)QcZ2UE#RTzgH~Y$hVr{>ZZ&j_g?m`@Q3e zGzgN~{4xwrfWixGP#?0~{x1aK0}zyaYp-0s-23gKaB(N;!kUF@pC$o?{#NP-6`kMe!NRvHgU<9IUDYfSrn!vTlDhi3EgV2%;mnPzwJG3BHIP$EfhRg zlOHn?31qC8R&2^)DzCXJx<~n3dZcmC_2RtZf5j8<|K87v^Zy^dKRrIbcz`k1)&K0i zdA)G{fB&ie=TRQAe%D-4F}Pt${Id7u?{}jS~%L`KoiKmUxus?2yaLnIV_#nQA7 zOFv>z@azT`vS+{mU{$8*?f?Aq&r$RfIz~U#-!&8Q<=d%DG<~4|{e+Enw#j`$&!4>d za8on>iRR_V=BXIWYs-@NW%P_H#ObUKw*2Az_}k;7i{qb8kKP~u*fZgtIl&K;j7{~A zk%zk9g*qBh@NqBT0i9YE5kJ1zYJJ|e$K;U$0aYC)YYFSxZ9v=a3b8SDtD>L20mZg# z%amu_a2SosN=>^IvoxSh4#jhM%{86MK$-Yc&3+WR$bwF`bhEb=OcAKQr5I{k*o|8zpnl21B$y$&cs= z4=d{Vh+;&^hQlb@i{XbUH&!u-Vj_Qhu{Gspgr7(Fd7GNlNN-i1h;(++Y}-@?cRx1a zm(#}lHvf;ST<{yW{s@>><83HAQA7lKOB++-Z@wF?6MW4lQgN?SL@`}LJ5d-VcWBU` zh>lxH18-zz+@d@h6TFeA;cdroDM54Y&KfzyFyfV^4fcqOQ*Id57r7LPK3r7UdM0n+ znr;i(j8QCu)Op2BOZd49>1Uf45!w>*xrQH7Uh*R4MIyNV@x@m7(Q-_3MqoX`cTV00960fT@8M0Qvv`3k~ux literal 0 HcmV?d00001 diff --git a/released/assets/rancher-logging/rancher-logging-3.6.000.tgz b/released/assets/rancher-logging/rancher-logging-3.6.000.tgz new file mode 100644 index 0000000000000000000000000000000000000000..6d6ad9545e86f76376e73449dfaa8bddfc9f0bd4 GIT binary patch literal 7694 zcmV+p9`WHHiwFSp@7!Mi1MNL)bK^FW`*ry%aB}uC_F2@!mYmX6u4-aW_NI0oF5Agg z$~9$EBxEzDNG?Ijc4p>&`*q_%f)puHvaHGM5J`HOsxQn%YZ8Vm^kI~?-A-TtBYD--D*91V|p!=s~vKI!%bgQLM;$ly7UDW-(QRs^Ux zf$zK2a;zyU%?H^glLc^OJJP>jNs0>ne|&32vH56Cz0K7D^cWr~ZWX=KGg zWE!rGb=}5s$VQ!xjkBMbk^sE>8KW`lK*a(7ms6R|Zj3wncppR#jGA`Z{5F{ez6)^0 z1EY2lx$&b>PS#nj@!hWRrRT!8n2P)#24y<}HaMl`)Y(uS%lQAGcZB@^U;zIQhlixw z@AeLc4gcRpIure`IKw^(Q|3Y9TS_i}3ON5La*hu#6wlCEF0jOo6WFW+e6dX*sp1&z zKo;xl?h_Cs!9B7unExaWQWi!Da#W8#D1JghH>AKiDI@o8d`m1cq4$Kjn2AJ`1xaL6 zW*Qd=gELFPASY2Uh0Mq%A!90C_GOi}4S2^RyYk66aXmhDfOpI4hI!-09saLC-!R92L>>OGdU1Qx!GF{voB5p#&=}g6gs5Uu zX6%{lK7@bA)*bvCPvQ6fLDpZb$PE%kUZ1>z3c>dH9hjkEf&pT6L_T^M4x&#gt>N` zjJe3vMChEv+$C=n}c5_|vcL?gqvzP=t??AG{>pwt4+69&X`KzGe>Y6A!~jTPp1$rv~bjVWtOW4E9K zR*3;=eH{VBWQGy<*mUx~|H z0BC^0pVdfu<`4fRIQvhaE|Hg~uNi2INGnIuh0{{iD~H@gkP;c+3QBP(_$a+JT%#w~ z)5o@aaXmj26qGi1>5we%DxJ5(9V*5zQ0iJ}vByBKV0tD^j~^$N2ek_Xk#J;ofKt?& z1uiJg(IanNpfq3vmZ{Fys7+pzN#Hrq1AOH3PZX>h3n>V?IOb!Bf9!%ij>CuBNK?!$ zx|@-`z2Y?8+rt5XWwriLU7ZpWEE6m7;>>}BBh(~V#bxf@hZj4!=Uw#ca1rjg3=M@_ z6xb1<8FPaUjR>>=#x%3+0Nn(gLaJXxWqcs~;=5HtAyJjV>ZLPvwCz#EB! zj%n1(`S3JS1{40dI6O53;IkX0T{*LWcY>N`d?KakRDmx4Tv3XUlguqyqu`0eM$Z5k zwO3DMtx|Oga*VFsDey8A89hU%<>Pe~0raLq*Txp;q!Ho8NmhJG!Rtlr`&!2+wr*;m zQi%~1uUGJzJ6MF$Q1^&Z@wyy5i<1mGa5yp zeAmE609FNr?0|`7g<-9N*Ndy*7)_v&D`KT#gr)1FRS%=o=T#r20*!d-4PtbUcHlb& zcsV*8aGD>bD2D)SH1$=!PxaNalQl4k!0t1pN>U3SKC*=<$Fd*>qnQi1S+*S{zF^2v zfULcw;B_1&3!0r_6tZvytUi&qAlFgWCQQkwLd&pXlf0hrANx`nVdOut1S4lZy*$o* zsf6ouD6d_iLFCki%hSLi=W!2EvQ8x&Qy6mC@8~KKzHiKCBwTeMls9|p%c}{Nz&*dD_OhX z_2q}982JGFoT6tNWpGWvC(5bs0z*Rdgc=94L%R3vTk0e*pb2W!I!1NIQMMpo6QK+v ztt@AhbDCp_D6WbT6jGBO1v`Bxk<4=#>8wJQ(s_4kteE8TExH_Ce-f<3Nm4Fi3+TW` zo--k-T2bP^WbXq13~cw-NHSFM7L3FQUiG@&F1(tszehn5!izq<_$;+MwjvctUYFW7 zIeC-$V%=%v&Rmb)&{xd1gz*MV<7^t+Pb~*sw@8(r(TU1~HY9yi+so|dB?L&Ntq5yK zWhjT21sa%A4!;#|s)c6??-UGe3NtognMja8Bv?}uL!S)eB?e#k+^g+9?h}jr_VVo; z?l2bSE(@uRaV~-n2s4a#Pr){pX0Z%i!38%2QLulxb!U>Fp*Vf8aIJF{_eOi7%s`Cc zs_*UiAF{W1;f8yABl262a7;lz$axAbHNYQUXb-zZkIv7UKkw(vpEq-@G*pD!#9>5d z+^sGwS|_0B&j22_x0g2YT9&xZ0lhovgcawUlC1!^2ySQ4J4oJ-@D;9IJ5K;>dPtl#vDN zk8G#@D9UK$tTu``jb=Tw*E9QV%L}1g`=C%;2}-q=E~-&lvUE{cvXE74HI-mgYoVYF zqgo3Es|}=C;3ZQq3!T?X`!B;NUubDBLUnw#w$hkigwdkztBp~y6S3D4_Bak6Do|R4 z(W36Ffl+xUuGVWp;XR{XU^z5e*mb#aR4lZp>u|Dl&A!>M)oW!KRdn5I7-?Mx)&1^H zr>^tJ0>2{)Pc00^M*!C~FskUfx){xM-D1ytAX z{oS3XO&yG6^`$Eqi!l-fZ7f)VQLELeMhGy<$A1;$|I+xA4ekV8egEgt;OL;)|GAA+ z?0?Ozx3M~w#D5REM~8Fq-@|7A&sNe->Wk6b)HKa(wkbww^R0;#Gn^nt ziqQQXxx$MT2i)6@TL^JM86F>j2WKH}reS~x1d(GM;{y7K^bCVbM%;;-3CDEjpzeNc z&$+P)N_e%Cl8{Uuj)*SEWEH3IS@{lfAuqKxXXv<6(1a9ch$#EU8dGmkF^^{u&Bv$~ zL{9n##PT9GnS}!9^n;u`J3DhrrniCTFkA(1dvr#S^_bB( zhQTHl9r%=xbBtr}L*6KWIfzq64E@A)_+l^zcLNW&5N!T+4~+cNx%KqF3XFGf3{6HQ zD-`LnZEUeS)=A@P+t`#8%lSoI|bvU5cbNJZ<6-T>!D(5O13bh*;GKa^_Y0>X%|9JDd2(9ClK z>}Pllij?HUTzvzWIObZSk0%otwaBc`WkAw$ur#)vrQlvY00)TaSG3EmNmZ%Z{x5{p zJi#JdcK$=RHz=I{aBw(0Z0x^nq>mqoJ0a$;!tAe(s!~hZpFii0vC#_HK|}+_!(?VX zQPNmu5qFl3qTc9Qo0 z*RHq8MFz%eSDa2?c@T9iQ18UrDbS~2F4rJNju7Qg)HxRdzcaa!obOBHrPQ31h-san z`A7}5!n+wP*TItzWaHfZsi>^)NXjUXKXX(hEE)&D;id)bM_+d24?1WiBDhaQcCPrM ziLm+2eQCvIuECGX3u?ltw2{RHrL4larKXjdtJSGF_B0^vY&M$W;NEBGK?q)SSS0F5NYFf;f%n){4_HJ?AXigli93vhE~vemgfw%H<#_A*bcbpEQf zt&DoTejXY>r790ekt{W`vXoNzl$&81&Y0Qc3oQU%D^(bI1;=|=7qk(m0^%u_o_V~md`@9Sf=qAwS2bjtedMt^U-G2 z6dbo}*QE8JzJpuuJMK++DfXMcTSE}%>gDpkTK{|Z{^HfS89&5N)-jgZe=`0@xBuY3 zM*rJJTI&DZfD2%$|94Qd|NFgObN<^_QsGSUoZI$m*Zb##7*d9w7wu}Orx6YU2`%6O zl>zZG$G9~GLwRqj)CMUltmuZur+GgwDyBgk*nu}97ssbcPU?C}-ZrUH@mJFESJm&o z^hj;ebEF0SUoramBJtB?z%u{O@L*V6|LZpA|86HOQ9QYyR+kYxgO$X$U@HG1wo2ap zz_~{%JtV_DgMpKiAl$bM1uk6R_OUe$N5lt-q05%cLR}_YqQs;8?g>DS2PerTv{uU~ zSdnd#hNm$8DE5%z?-`B8Di3#j^Pl2WKmHSVHUEpTc4CE2-gVMe8^ZA?Kbfi?Ds+a? zk)>7FDxXS9(GtS%Sw6ZRqoyMlN3Fa^JqI3 zp4-8w!X^eNFkIL+I$2@_J^KK3!#PrhVCqVJeuQ#(zzCu7eGuK@0=<~0^Vq>Rc*C~P zeFfaacB7JE2xCn;AVPV_*t4Tnet}R4FUgMmXZj0yZ32IleUwneLzd;w(G-PT2PaHY z!A9mPo~y1j1Z2Lp`~f@9PlZZBRoSPg>5N@|T?8w>7cb^=s81Vh%2wAxtMxyOW#;XB zvIk(9{eLhl`hWU^ZlnKgC2dHz6B=BqwOP*8^-;ml7pJPhTQ?wqZeY~4<3N;6BTuEC zCq%6_!G+1)D(7`#En;phA>+*ADPzdm43>cRTANgT3*?!(^nN4MS)m}-xlTFixbfC| zqeRl?UM}c4!D+>B$!*1hV6Ioc8!JUrO!f++@6D_58+aBlxcuRm<`|E(mk{{uIvma>4{ zOYLa-;yw_0imL2@;jLAej50>* zGz##b0}*sVzIOuqjz;R^_w~W?U9!~Cz_HOhxGZvU;fC2z?Y7mnfG*pHt8efXiaF@? zBYus*nYJI;$aejf~w`zc>d*sSQU6{g}BK4&F+7x=KnLxbI~)UE`P_n-q#Zd%lQAG zSJeLw4~I?s_g2!5Q~+;c^1`D&{1XIt8)j>fx1&W`nx_Mv@c-Ri(&bx4c6f}$cN0(y z9o!${xOS|4V7LuLe5`O7q<8FUclNdf`+5=_aq;kzAUzosc?7_dU{tk3?9VZewL=ul zm#43#kY-v==!AdM2-zs`>vF7(%!pY{ud9#{V509nSgxd;Nz0ZzX;F*x4g9 z7j#OT>Zp@q)ZC9#Bnu3T5!vf-bF;H&ym|=bdGhIXW!ZfdhRoMiSKe3I+3hSFKchvwD4-3=jBEcY2;oChh}iwKHI94hlrmqg_-T=xul;|4Klk;b%_con}~v zY5bE4=sbUnbzpNC@CMt$Di&a&?^-Kcg$XAFd9KGrx)=jpp1b9%+{5smxG|_DTqG zsn6SiLcebJYIvq35m55pk`&k6+m#UnlgW=Kr1dw}{u_pl=AemsR~c|szr{d26&Jm* zbk4}j?6j+GMQ=+PB<@|yZsWx(*kgE;!;-_;H-cy%X{PRy!CPsjmM;#5Q-|H-`CwVK z{79F&6IGhdC8KEW3_O`>X@*=+l(dN~qGxVqYf}a}(o85gI9=39dl`wjd$3Ncr7y2) zpy=aR{FZtZ3=-T+hz)4{7pM(at#w$IIB-n(GHW2KLZ92*5A!sq=eiEhRh^w`90}^Z z3`0f0Qdl$PTFN%JX+=H(HxJ^XEA&aORM{CB(JME}l}rk8?vp7FeKJeWdny@Ooz_|a zaty7tm?B={HaF&-yM8`{%_*Hwv+1c z{~(CB&HoRE4gcRtswe-y0RJB}{lAS=v;UQ14!>9T0xYrrp|=b7zw`(FL394YR#L(K zuR5#V#E!3s{aU}-BQ!)%&e&6x#NyHCSNj(>@+Zkve@-y2pX>=`=-L%(ttL8f<^Ac zrPA~9RntmNUeb=U(vDpkX2&08hj-*I6L`i>bXM;|NAJLri~BZ>XyMX_RS+%~)ezUO z!q5t4ubY!!zj#_v{%5BUuAmAmlmES=V*KCHVZYh`v6b|vmH*mMtEmb!vRsqpTrLMU zos5c|J;=6}c+Z2W6zvQ1Hln@}_4z|XzclA-5~jNTKgHzN2?1Cl|9iuOV*KafQMZZz z+)8?0LEaeg8xs7Dto+7g<+kR3&GkPu7vVR~M?bPxkOa%@zk^=!{Kw&8bN5cqvs%{;#d1RpdVmge|TCLv4-heqPxPB(9R(&{&4>vhNX|7{=R>O5jG+ zHlnskUv;Xx|4$15@3(&kfdJy6t_xsk{CBr#{~z@ahK>B+Mp_~MtH0dC65`HPbsI2I zOAcsQw;AoS+GP)mBhK@HmkilfBbmRQR9F6|cj#_j{&$b&*8f5NH}QX4Nt=-W+4Xnn zl?wH({HJ>FRV^8N=7!0LeBwOs^7XsZUoJkR{Et_iOEMfG%>gELJ_C_xigYfrU;XTQ zF^%xe)%kDd7q8x)T>bLy^~H~zQ1b39L!j{fmy0Dh;JM4`XOsl_&!sYeR|F4F#-MM5@XisTZcY-c9-+pilB5`0P2!mrrqcy*s#8&JEJ{xxkv8~twRxsgj>`~JVdR7t#hU>%dJ#S13 z>|)rF^Zm?HjQF;>QX0dSXs?+S?F1hhHuU2n7kFBD{Ep67Fsq`6Ax2F*dvSS ztg=xU1#{P-%($6HVrxA6?pVC3{-E=vSIr-%6y-m#nh}8*oKbV;Y^jeW z^8cuRbcpi*czAexG#Cv@e+YX*EB|*=_Q;vwfK={wE^b{$`1&UBVFJ?5A;EMC|C9KZ zk|bm?aL9~YN`X-n6(64|A)(7ykbylXuvrfTp+O(15)noqoAvfZrzW|8UPS*64ZYwI z1e+2ZMAhc94yD+0a)0aEw*B$=XD0C9EkFmzFg!j9Q)zPCr-D`X5l)>LA5F0yg)G1ZLWxtszU zcq9fy`K;h%0opA6&Zouq0T?hB$36}d*uh}*DVfA0fz?a#uo+H1fvwiXE<~#WN~(hl zwdyW`xnOI$lwFe_q58V44QdioYDG^|HLl{vkTT$WgS^P$g)7fO6v(q{i2(M0y$@ux za9vCV1LGGya*gXa5s*ppRFLaR?_>s_$%M*f1~UPCiVYb|W;Ub5V*F`w37R@}K5)`) zlRjcHDk&s>s-Tg;qDUpVb|k~$$5a#u)ev}t1vo~~l7M?~M~D?Uu^Li1Pd+zu?$Q7ZpSrudDW1=9k;Hj0L$Uy$(*i+zW#S`&u0E;dgCQ3YjNPJ2i><6j{ zDiIb^8+3I$U5YRiYJp_Sh5-UeJi@;C>~C#NlomsA5vuim{jTV?x?T#EX? zc?(nT-uS>mTkB(q{@*_yj`I5d;N)a*((3=aD0}48ieVq|xeyf-4}z6~j7eON?-3wF z@2nfpg*$tMpAA?Nh5?-Z2?J*F$c-0F2sZ+8eK?{XNS!%IB@49c>^Ue}0Klg=LMA;6 zLE^X%Ad0yb{vZ1$`QUqxAgg#wM2UoG$N&LpcFb4jSLYydDS&tx%w_=K=a=WiaU<3- zZ``=Y{}t$W%*n4&kN>M4+}`x?AN7^Z{ayxW0^>_UG@MY@IWXCM2>(v3JNP%A!RP;j zsy|zi8zhXpdG#7P1bO=l$mxy=Lf7hvdhn=Y&Y2xJwD%Q>%;Nf&LVs&#e=LjF|8RH$ zYre4lK_;~8e-{OK`)%=P&3yo!&Smk3OihBdcAHGNhNNjsB?W1pyt8}|9dN<|Z6&fi z_gCtqs!eJY1!XURKaQ|p^3TQu^)<9QbG6t{4>9~`7JL8gMB`59`ucievD?l!1a~cv zJYhgA#~~U{27o|=r^5U$nSf-WF=d7{VHQ-r9IzyG;KZmNNh^2-_|nJ`HIC{V7`~(KX8%Y)tpf?Q>uAL1@*%>&mVar7upSkmr*z_R1XH69+W;Y{T@R9LgbPjnW- z{s|O><3W0qjNKU;hs1GlHpAM=G9`%2B4dusb9^D=!`SMPrh5n3W@ru z=fLE};>@DYyTS9`T8b)*$%#qZg7B$8Y!j0waA_t0`RjNrBgY#Kz5?_>NBY+*vC%64M#k!etktSXLypn4I|Er}qM&E!ih8`RBY-|snA+F^oirl6ImwzY zX?VRzd|&Gr#nw#&RBADT=FJ*jb9Y*8R~klP;(4cm=h~~%2pf`+w`_#bo9X)?hJ6LC z8|AJzMkvrf%xM&X^4$O%0a!H~V%KfHLExw{D0=c3Gzol_ewPXmXXOIJPN^1!8bEgLtyzWlfpBOidDQ*<2Q9^4S{E8#H_j$cGisBy45glCi4x70~IbesET z4x=V~lwHVbh){-+)|Ly(lI9p9imPG-jntyYjh#MJ?93&MbWtH&>9Sk%fnB~+?uwNp zNh(Eb0UgB1Qx+suH%j~$?0w*$!P&h#mI75gg+pQlj|TmIA0AEF-=iQ2;lU6d{3f+K zwjvctUYFW6Ir)(Jy@u1sox2{rp|6>3iNhNVjf-g?1dz6Qks!a&`AxhWO-9d zYGn&tFODef%`EIzUXLu*QD$~^)#)p-W~LW0l~wae?HfjFAYNkUXlb`T?OGdAGaFIt zu@w)A0Qj|NKrY^%b6aELySDIpPH22jsjr(D^@g~?ErP5tk`5El2qGFcJN|I^=W?TR z(1r_5`B7h8VYG#&0c#2bGL1CUJ`2C^y$dWK%xQEFngVE>3GC%CEL+|q5tsdK++lC1 zPnAWvfHcVGuM2GkD~US)pbbxUfGux8?&xDW-9A4gJd@LAq?FjtHM~UBBo5U1Sc1%L zO{!^guKcXFX5F{eY$#3mF~i7jYTnUjG;N;q4QMu~d_(RIu~_D;%vUU6)YzW-S*j0+ zhrNnD6}lUk$L3LO2bCB#usJWnXrawH?XH(icdnO8j2c*Yt1)U|;caHum5XB)X8#W zjT{A47&USftj0+5z)NOuEOg#1oxcpDe50ka2;FgSZS7%x5k`xquQ5i&NyJ%8*yAL4 zs6lBFMvJDe0Y=r6xZ11;nd~$sMu)H)Zt?5n?rNhXx6GQs+qdgFw&+D zy8FeQ&0Ob^1%6L7o>>@*g#fM_U{o`8O))A>-DTg(Kodi?*%s6S}q z|94S}^RJopw${gz``^b$Cx-=jAEb0=jlwZ&*=>!MXDz4^@pSk;yJj;b&ooU}JLmv7_JL7?W5u#7Cyy0D^?Q4rD$j^?t{{Enw#DHRvPb@jw(A7WJm{cB;}V8@ zLH9^);fHukjeVJ4pBn-(eASwx-5ci-rxNymW}^k3gSKx2SB81vppkG!b6OxKX;?RpK+@ezcAprnA(8DPEmPISc37gjJ$Jw7mcv|aso!q zI(W&$&y7TDmiS_{;#y>CGUd>DIPY^}Iltg-2yW+x4t$ErgcUtLC)sU3VO32cpx-32 zIBlkA?))|*^|z)3ir(%q|4fJ-CfvO@liz3DNe+*O-@S9?5QSpVtVKt6J!6x+lP=2z z(b2r-SkFMqlFEM}s&;T^R|^4H^7X%gLAv}YU)Au4!xE3^bPAo0$@}13I;w$#oLk#w93zj=pML#y*itNB3C zl|JcoCPCI&p*3+qK)Ezsuuc>}&zId7Z{K!5@>#9FF~rAPd??r_b4?4t((7zh`kl{n z&TA4(cwkYwM&$DX+woC!9GBsDI8Uf2mgDfHXL)j`IhPU*_tQIC$-MX|H3o_r1QmcQ z&bJ^r@G3!9J_iwYHAz5zL|0ro!q3O=e&`DD!y5Q^hpe{el%uYw4+x{A5>w?MPEEhG>|%i^@1dc6SS0d9FcJG6_=TJ~li>FR? z1nUwL`z4vLZ%M;^iH58TS zLg05M1Ic+@8gHf6q(n@c49#-cQ6ApyV7U&SgrFGbMoC3wJt8TiKtAWRDA+U({)Isc zIFG)Z$nSK}YK!2fayhx;7i|kG2lu5NR~hU+EpMo8PL+c!I+U^wORlDshO70dS;{mZ zMz$JFk+?lS-V}u~=|UaFN6N-_B`wQWku+)u4$w$ayk-W!j!Qq|#hTxK>lXVw)f{l8 zHko%Wk8S3J(H`chm9Agq+sddn80MkzELC|(ie%{_D=R65Px&!S!x<}^-2DOIwN?er zE10YExRh<#pNc~&wyz&p1xM;Dpk#;7S~ozWqWNM5tzH$ne=F<1==EA_HI&7S3Zczp zjB;pgtq;wfnRQbza<1KzHhX&Xwmxs%lJY{tn!jIT6VCOU?*H}r-}?_2ug}f+A>LTW zSa$xC_kZ;B-{7Rp|F@H})c(5#6TnjY?{V?`KOFSi{BJucg*Q#)%(h><-e102kP7wu z)~;ARy>}px(5@k%G9Vu2gtw+(DC=#V+93A}E4rcaY2MC@ifIrBcHoW4#miH*Q|fw3 z{%lgG;;*FRud3gFX-;j+Q^A^P|3URxb#SO4=HfZfN^p=2)8Xmg9{g=eQeFbG4Wx?(D#_FX6#W!wko3L><6lJ#DSn>QXrk(H!#DpZvik9lAglRbya6XXbn;zS zh6)JBk32I~GgRmtZ%0;k-Kc%KQ;MPRxY9hd63Q!Jmj)ZeBGkb4EO*AFYtm8F<9nq{ zdX;sGqhv zl%4uQ>-9gpVa&(3u?1k+`TuZKwEql`My>w0ld>hHSuy zvqD4cbDeh7;n%!(I~x@{ZSLWMnG=#$e3sHyd=bL+ORu-zTd9}-sd}(+AN^J1e}{vk z!LW`0-9=ey|Ca~7C%pgNKj|0k|A$9y{O@kc68lea4=lO}q(8FSQ_$R+vkh0lBE$G9 zc5(U66OqDkNmE{D1Dkqv8}X7A$Cy0kTd5e!ZQhrxU;mhhd^>3Xmg)aTrTCA*@Tk@Q zcTzY){ufB8jt1>RX9I+_2p@h|oAe{Oj$TBZz{ zm(j2zXT1$!nfyN<6!pKOqoYwP|94ULqyl&olV=|F;h!MDw_$b{Sv$IAdP5uane)KVLmFHYacO`2&nVZv`M_7D1~x_lM~=P`dno4GIR{k4Eqt_n||nZZNx zS@%sw4P8Aa-_Qr1*BW?2!pvdxjQ%^V!iSc_Bz-eY_e_1_xpgq*(9C7{21ApaisbJ4 zI|K^?4yBlS10$V^S0!la_toneP0rLy2dIDf(kpqrQZN6n;2?w!VKWY&_Ws}D$x+Gv zKj^pee<$VBr``dXyP#9zQb(N>Z_Rx_L$Uy4jLAWdA2)jko!1Yc%qO3|t}J_BMMu^% z@-ObZ6(ubm~5ku8{##YfvDXCR|Z{pta$V zU{WNJa~j`ihJBcwe^LRR*N?Fe91a87U|aZ#2o}t8uhHZK2N<4w)ep~tLV0d2E$GWb@S zndOVba4Ok7X6?$lwARuHd3l4m??DX@%TORE&u%qGxVpYfAHhUI5}$Pe;1{}{NEjZ zf%$Lmf9<9;k^eyu?^^!DX`r3|U6f|~{}+(|hwc3DqBNX;rI^F#)vW+a&i{vl!Ju&d zhmY<3ubq^_`M)lMyonQEbN6epw^|wmB)DoTK=HVYY*xDJRc$cdQmP1c*gZbjYLi^fu0{G@rC7j3dIX-+yxS=lwGGh&v3Ul zx1yfsPI@ZiyOIgHsu6!*!!IoG`6K!eN7m2sg@B14YuC2at8D54XF06z!z6$Nu^TQPZ7k;rL3ds>;eem~3k!PACRbRel*kqD|L4b-S2 zk4U5BSyidCR_G)5>VPNYS!Z>Qb##8Mcu(QB5iPtlVikmoO*O>z_i< zXQ+tNAnNAzzETUNhIN~~l|jg}g=(hOb!Sl7c(Mb+w*pSLb9Z^;STcWqIh&GKt zFCe~AMK3IAG)Nxu;w7(`_bJaF3jUJw$C{~VD-umVX(HcNd;Fc1hWcNcLhT9kzroR{ z82@<;HCz2}7iA0jUzYtOji_72%D0jIPIZ#)k^F={CZD;uxjcV;_Vb&UuRo>&3Wjy{ zmcNlT6IsnhpJ^`X+cEW|?7}j}t}skf?MnO!M@ZyIzkKul^rwpqnF~;X@RYFD;pOQySj?Q?eL7qdfK_ zdj(Bk>HUvkG5&XSIBMVjx052ze|iF-TJ0SsKRp9tuzsTk=^^5Z`ZqkTO7Ks2|LL!h zK>w`<^0e1TfW(#8NZ?$Cvk!m8&&}_N1k3J)D3F3q?KO~ARcckG_8LfA)+%f0e`1xb zkPB=L{qK0xzW;qE=|3>Bf zFGnYB{+FGURrEh#gdN6!L2s?@_O!Yikho5FgTXR{R}B2>W=dVFYPG6Xt7?7as#eqd zKUx6z(D(&51lS&$nt+zsfBJ)>{pVyjX!rk}lojrO4tE;>p0Qa&HQ>*?k0Z5;8##uG z6z?#?UnZ_gu3(g@1ypOLY0#pz+qB9=t4#dSl!>-{b)~8Pw@Co_^84STV*Jmbf7I%K zyC~bx|27W*&vd;n7z$pAL}#<0@Y;c?rcV+cUN@3e1I3;6`PUdGUaN-Y+9*=OFN;IF zR}RB&sw;?68NSi5PFHw3uC&MPvUk%y5Su4r_zd= z?*E$v05949`zM3a{@-uozjjl$vHx!p06g5(d$TM8xDaw%4hWUkkuk(x7?_OQ~^#0Ao_nc7j-RWBkO0ANDyd#W!-AG=oW&h1Ihepz1nf{MC zUkmo%<58>s@1*>m?Z3GUFs%i6RSU3k2mt{7xu%N% literal 0 HcmV?d00001 diff --git a/released/assets/rancher-logging/rancher-logging-3.8.201.tgz b/released/assets/rancher-logging/rancher-logging-3.8.201.tgz new file mode 100644 index 0000000000000000000000000000000000000000..485d790b959c6533c22eab9c3abaf1e210ac95a5 GIT binary patch literal 8769 zcmV-HBEH=piwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKDHbKADk==t^Vuh=X1yC?P+Q4c@T(VgCz)Jf0HoIE^s+B2O@ z$A-w2gc>AR0F>Lk|;lvrbn1eERw)tu~_Ubb{C`|aWFyAW_&!R@wjt3 zAwu~x60yHMTIqJX-IJpu^S9gWR{!?;C&z#59lm&ReB3)ed~y7@ZtqCng6`v?u)L&F z5%IU~gZruu?kg!Ij=3U=@>mW$fPg5%_}CAKQVe~{J0w-SO=GDDV*{wLOFIzZcM(y+ zq_%BQe@Nor2@M!eL!WX#V5w9nMvUKdroAC5(yIj~kRg%iMp7YGZHtt) z10E$j##rUudnBPhp^%iv1DN(ak|g=%q5rMl_d=9`poucKPB~*3C~~ zC5^{0q2mdgLBQh?9jAf}8N%uLE9t`-zd?Z^3}^7Y8L$U%s>hs70(?kN5XFV>(Li@K zQ7VyxPAAY}Li%omhEJqKB|D6dx%uCaQBKF+HO_9h2<5ghI}8+*6sed$H>7b;cxKP418I_g#B|8f6tC;zum_TUwcNXiu0nTHV< z*)nbOeD&|a#|f1{B@p=e<-51-5f>3r3XQ-)UEvi5j0l7&5md_<35vrIA<>c{1R5(2 zGoA`i7$uA-l)mQ)Oc)KwDNnWd>vQ2D1UY8NKJ~OrXSAxh~F9#x5`rsN?`X{bD4~hbam{LmWV><&9Ft7H;PHXYQ_7 zR-*97XV2Tyhyl9ik6!Mw&AqH*(hzMusp@f8oZH7~1xrqZrDM5#+a*I;)G>`Q{RD{MTK%!DK9!o77 z?Ba8)*l$!l8bZI@?fQQ|nD+cL9#-)ByTy1HT0*>(?|FRAxpL&p?*1rIm}Sz{ zw?^`xf~U#A48oK3(1>38XM#>C!!f>=0b#^i!fte0dyw!$%x1d7A1Fh+J;-Nr4+4^q zA!Sri%ol7Zcrt)bt(R}#wtg|Qnh9!11my-3Mx=aCA~fTz-n8sfn6?)1sS)r%;7src z)dW*n0CwxKkX%zzxhJVQAJKVNTUtIFY6m>NVDa(YHn{ z#aIogvNb?k0GEbw2hgJNh_~GR2&2nkIvSz4G~#gpt>bs!w=DSn68P7La%s;wOI>0- zrm+@PcCJDVlw2=siA$f1myFZueY?vwTzx5!aT21VZk@sLD~%!=&Lof9woOEmwrysG zm$o>jUB7QkjtUj)0NN^T_h(2|0jB4l_(x?Zmmv<*@%>@7P5T^TxExa1u5y)2!|VCI zo`2jXETJ*Bd!AQdSg)G2W@`)1(4Utpdaea$2_sIXXUa)4?^4~g7A&eDTnp~?Ee5GV z&l@v7B+U6b6mz^{dCr-_=QyTPX#%xcfAzg)b^n(e=biT-KEA&2)vbDPA8Yo1=J)*m z@A$=WZ@2&3Mp-`pmlI?O3hArlfv$ix^MCl_s5<{ACnw$A{BNWD@ki$XrZgI8!_(~L zwL$(}q{$LYZ~zCL&!0VA%X@vBm~G?)LGOcskL+H`L<~GvuWfe#2(1Mtf^O7;c2Ujj zQGFY6(B>2PKUwcndEX6p+O~-UI5{*wX>^f}M)Ve1?E;wI1MA-w(cIw5`p|p%8R$)s z@kRql5;Fwf`!`zXroPgB=;25hVn9-fAbEuFuUy^OfsZI^*~$E-pcO#-kT9P@2~~p3?H|Nw)d!l8_F0A(Yg%G9$h2vuw75%%xh7QhK_Qw zR$Ur-ouw5T(Vocy(l=%tgYTM8Zwb$wBo>N)Zs}zk=eW+@-59|{&{&P2^xF25tgUFFktC^D z#5Rob#~(oBfTiJbVeD&~Pmo2voYrab;gBb16n z$pGS%F%KY@R~h%Mv}}y<5h+6xQYHyCE<@*lXc=Er?#eg!a@UPCm(qrPJkW|`nAI_w z#rzDBq5C;TW&ScM?T^IeIqhN!-D-yt^AIc07Es;*JH6dA zzJ4|3ER8T=ghsZfgohdRjN~Liz*9Sv{NB@(lq6;jD`sHJixiuDOVH8Q2h2$JO+JXJ~R7_oThpxTR~%F|N&K11o~#go>JsQhH1YBs*| zy@hr)LTX_+3xg9Z*MHr$R0iF zP)g?V--%55_pNW!V0S806A{kBYlgV)@k?uh8QAwCC_pKnb}i+cN61>= zoZ&f+G*X#hT)`V2z~au}UO0OIh5Y)`OXn|9R>*%5K2jd&y7*te->=4hdPlqb|E-jY z{I5$!%za9N#AAeS5~3#0;hW)1p@hMA;F|;+|DTKxp{2Q|b71(UWxZ?gO;!PwZJa5V zk||QLN_J&iW%>FqHmwhp0&D$$Coii0zoXtR|9dN?Y}}C~k%b%YRX+dqrrUCBVZqS2 zubENUd@Gw}!4MzrfW{%l3XY8Jlwjae$r%lZv_@8D>6S9jZC|pKj0<2+HN7pFoR4F4 z-p6#z)}%wMG#RDLRd@ARSl-XX)neQvrDjwvW#g78Fn{LE7Tr|wpGm~bJjQM!zb%8# zRD{Xca+7PHlvLP4R%X$0UBc!c>l>DoQ|%zD2MUS~7mgZiG~803r9{aRkan>e%kjz5 zBsvrZ(3-Qemxi`92b4%+8v8}cAbkEjSa__+7(Rb)Rr@?E9l%&(4_=xKI^H8ObI}C36o-6h7l_KbZBUEBhw>-R?okXq7mxlCC_D%VI9` zAJrjM+b@%V!188-o zMCgUyA-|^r&6yyEs%_&pKI7w-bH9C~xFW2a{11cgGzkNu;8~5l+%N9do*me?xaK0a zrUN&avb}Z!4v#{>QEAf86Q+ zr`G?tT>nQXrG{5L7v_+z9>dNI*qH%4GvKdd1~kzB<7<3k{ogxT-2d;+|81o-)&Jvb z+@k&;U*k^yKdt^BU*j_UuXq0KMDW|$Zr8t4_d9j}7gF~NrGfsxKFlxL*N0LI)mQ`@ zm;&qaKYIPD|NpRexXb_8N^$z1#Nm1y;QFxe0X)Osnl-4t;0Icke_H!bZ$?}n?%W7Z zY(`ukE_Ea5*?0B>0NyG=eln-Z-kF1A8JIR?uRJVT7P$l=N=0M$cCWlb@jQFaSN>+N zKar*4kbF{mW%E9ER?F9FwKSURN3dNs?`N02`_-0v*njT*e9aBOd)R-6hr9g$t&}fd z|7GuY+!=s>aRaaj7wzo7o&C47|91A@uKd|b1N%>0V<&%w&V3?)YwW+?QT6*z{oe7( z?)|S@DNW;lVtM?pc=3~Al6NF&Xq^cY<$I9bm330Q1lx$_0o)lG_37gE`A=_7U;mOD z3~%}P@~wFze^yE|dgbT~qbPqlI+PA&*d!Tw`2%HW?0L?w=|;ao^-6fOn#o6YEr??7=Luw$=+HnY+gd=Ku?Gx@P{8i&QW-g zhMGv5^pXk2zo?RHDF5?UY(0VeKkRoG@;{GX?BxGe$|K1C%CTX?DHm9GYPhvT3$)32 zEO4wPeQSQdzR)7uKDY8M_u6B-D-}?w>$N9sHyQ*$(}CE!)nmLHU|l{8yZWGLE_=N~ z;ywI;=u$7k!dcNp*FyQ&=(NT?kl`QcyVk+5R1tXdqTCLd#vv6O0L$fl9Wb7%X3#<& zT%+g|b5Rekc)kK=VcT?21xo>q=-4aMv1aBpN_hnP?+M~IVweB>)NvcJB>%TYHP2PGM}cxbLi4yz4dB&r zo|O%DfuBwL*ad!efuCLAXIJJ+GyAXqpa9Ss`>*?A@%-1x(a!$cO4-2v>pw*RsQ=Uv zpi0PPF(Ba5kyZy~`uXDvTmA9}%9M?*TweTq@$vP$SC>D&fAjG>L#XV_(vKCCKo!(k zWqlL*c#sfoy8a&$09dpB`$vb1>;L#2j$&SkrE**>w$ z_Fnow+g&vD1+0tzc6$rw|6ZKz-v79j@@Lln8Jq32|2?$-(v8!m`hO{)rB*;FXF>#%=KS)>1ZN4?|f_n*7{o&MiS(F%9|^-pu(pPRd>Ibw+mC^6r1 zte6UC#fJp#w;tz=2J@+D%HxkTLa9iU3?NP!%gqVhTh#=3(6?k4K07Kg2zZp_-(B1J=p^?s2aw|4)v0?|n||K=OEc=OJV{wA|KIUg?;anb2G+{| zh4UZXet-A<->npD|7Q{_vXf2Yv0s_~C3b(QLBIua=?6UOR27K>^0n)e73t-h!gUS@ zjKhRe7kJGyNUj%L3T%W*&|oeH?qU%WyOnUNXd~+U$N4;Vr6_CVKe1n&e?s}+ebKGP zf4cp{{!adHqg3*L=A1vDKYQ(VyZ)%3lk6`ochpPv!iT*L(f(M5@dR1q%Sk7g5NFRX zZ))m1z^JZo6OovVF>DWK^Q|1sA5~^AU;n8@AvnWkIsU84I{WYNq>}&Fd(q#;f45W0 zi`y)IlBx+8^mpSl^sm2_HUylV@U>gwbI$6#1Nj0WVMOCrWpOSCpB+-ew&J$!09s0< z*z!cm&{;<$p=HmZzSXJ^S=&4_fi{V)RDZnVz18Sp`CLH0c!d8QO^ z9)&s^G}L|GryYh=ZGAS3f7a4+zLLASV&=xE^52Zg;^IbI$vX?TQkKjADPc6!Okh+P zW9>j}@XeQUSttLGdkgtL{r>LzzgsDL&Hx-Mc*Zb>XN>dfG=bJCY1e{QNz%2TrT^{k zLl@egKYM#NUuDG8IE2A>5Yj-E9!ON#!zBVE3nO-1CqFQL)3V{K2f_JZq{f3FJs1_2 zKJ_3N%f?~iX5gQagbXR8ilX#ip1pAjOqOcW5lo2u7tXRSpDBK!1dYew@4I?`uV6J- zMXQ4nJZ*|DyRuk)bNL*;!CNYo$y;(T=P-JPzvWfT(B?1^_*+T^hR{0Cex07bl0XDP zM5Wa9f-_?%gOgaGCI}S)r==JevmJ&w;v%oC2c{-e+K0Yj>a_zbUwrA6e7{na|GwV- z&~eNKK3X5^_W#HIivPEFbhLZ__jbx2oDro^#1a$-JMnNc!5D@qWuaab2??%Eeweoh zAN2~6X<`CjAScKej2RzVA0&;(&p{v~icZnEFH84H9C~{YYr~TA7@j2pNAwm$8<6{7 z`#yY#*$jAWT56OaK>>`$=zIRFi^~he1$ujM%A<(K@YCr9gj7h+A5+ya|6BAufB3uT znE$gIlW|A?mtD$f+$jJJNuV{}h%%JkfiG_o@4z3DYwy5UQQ{r^e{TSI@*m{Eh>iJU{@DMv+ku0dL|MS-`U%h+nN8uy(v3mXY54%7MyAg=y{*24}N(zQ7VyxPG?NjBpsSqPsv8YG>z9;Sho zd7k$%H!xtxxspndL;``F)F19o>JSsgXOX5Sk2TDHIt0Tc9GnlJDgz^eToP{VX=bJ~_{u_ug z^`ypM(FlFbKB!ksq-)#hmT+)TU8V;IngMj%(tKo7ofFgL8oD&N)aGORpu6}qckh>H zdvn+OAknb1aj!@NEFpqKs8Hxjq97nK3^9j|A%v;fI=FeUof$^>F{aB{Ah*FIkhny&%1-#a+ZOvf4rm>z$=u2 zpoy9D^$lM+Y|0h9J7{lS;9jkoG&C4pnPU&70}@xu2v8pCY4&Opd(NbEZevZutMMcd zdKa!|c%i*6%Ovs)SLJGG8zr=#s=6Vf1G7o~tu~ z5@WU4mBC00_777Of`-_TOm~nqusVc~fFwzyhF7b*Fc@V)%?+?BVWe9(N2?h|d9<`S zN);N}6LXJ;(M_JKq5(IWw>v0~?kR5l_%PxkGh9F9cI)}8dtg)!c{k>xQ>)T-TX2aI z;4&qQU^ao%x`tOuq$`G9U{pG6(TI=UrBZ2~o61aARYs;e_TkOQ{CMt+5()oXw~%oD z{mauLMpJm(sI?^K%!f~BJcR6I2N-!kGb2-0t;|ly1KA099AKhk#~l<&c-YR)NwnR) z{mel09jTmowTe`Upj^W^WkgENCXE<8W0-~3YZ_kt@p%<|gAo~xXiQZT0a*Zk&qIWl zuH_~Tn_!gB>PE`s?8nYKjI>(I+8d@osbt4|t+9r^n_^Tt0N4~KN28CW(}YbMUVZvy zEk@G=TO%kJ zEXYKoxG6?SahyvlcD$|8%nKNmMTKismfiWL#fMMttT%qdH?S6LFo!pR$6drf&7K2+pI^RvYaGXR+ba_c=!iNwV7FstdMbNlw>?e-pVCmP>xl+Y*$3M=6#T#i z;4O&~hMTxK+M{ecI3v*pF020w2L~T%a&Rz!pLuF9O(o8G3_g_r|MIMKv0wG<{7~}i z{ZRPzrj%qN$?lC4fm7pNw>#UAqlANln5%<>e27=B#Z{q?6n74QWgV6LhA{71iXgFc z$_BUKfyMEPo|l%?$0_yZNMkj&|-SUgPiB(eD1V z+xd!``HB>i8*UQe4qm%N>W^aZfMdgRzS`$a)FZzbFR7B z_Q$}#aEdB)N21ME|GBed-OGDHF$n>R5^8rg{(D0i13pD@Bd9_ksp1h)G_XE!-Gq+x zKoQ0mW9C_|AU&k&>q1*jh`{h)*l=fe2N$LRT;nXC?$~S+p1Emj=akr=Yxqf{=5WC9 zmj%ei*Ob2{s4-XGWvaOxV{0~)Cj3}n6gPG6lxH+=J{Kb>`Jm<-ny?6wMbL7-Vg;kd z{?t2XK4?6GP5h~MaMklq{G-+GiYi78e9x;eTIqYvyDNRU;%Y5M4LrQ{7&Y+lHuLLd zuT9!O+EzI`Y|zFvY|hzXb1o`q6mG^vhDOt#-|P9uZNd^7W4m{?7NtfZjO8e;31KV= zT{sl3R$|sDU{HryqkzF?43&L1CVaDY9t(`-8?BwqJGe5@+ohZORT!N;`C-V-j zhN+wl`Rx*vR$;Vi`Wj$VKZ%>oTFoodmQCFpA5|NznmWDcx_*Co3~Vh%OQvo!j7n2? z2Uow+D5Bv^^0@f;V%xr(?WzGrOQx>Ros=wFV*}{l4v1A!U!KP2XsyT z_fhxgsG9$M@?!V?r>&GdIJX>-zu32&q(~(UiNp~2Xq35{(nKnOB!W-h8*31j=Pp(p zX*S}(V{GGW(LvV9oS`NM&3S@dl3VUCF7|sQwg*76?Y{|7NJyngLgPj5nenkOyv;!* zG(kpVls1}8V1zdysjdWp2}~4$aD$9M6V6jN92icK8LyjzHrGAOcxwA*3G2~xvNJ=R4VW}2ppl%Pk1We zlO}LMez&#@(q|uKnD+hK4#xS%8K!;zxU+A)(0Q&!+l;m3s4vE4#P-ky8!zl)g6%~2bLItI)g95esF3(??q}ETa zZ}@@noBQ&1AVQg+-zuGKy;QRVWoIAS@Ny0@z4VC5XnA&3ItF*OZzD~i3G_<1(HCau zCAQ0ROy|kq7FM~F$R&-~bylQ%81G8qQ6aMIWG;e?W$M^NX^%-CI~%nWvX5$LWU;7H z$t@noar$R23v38ZNRV8Qab_Z3S|zBAoVuE(@I3h(1`i~l1Dc zVQyr3R8em|NM&qo0PKDHbKADk==t^IU$Iy2cboW&sD~Z9M|XN>QYZbs%*n%Jr#*8f z)3G6PC7~t>769d_N$%f%2M<0)N|awodWh*X76~jCi^c9@cL8z|c?;zIfX(MLnh#DE zgiCit!r*UrR))jj@aXVR|2rHGtN)J1M^FDYIvkFN!=ur7c=Wg7=x}^6{u>PM4u$5D z2ub+ghPUpkI=FA7kSJo3NXjBHaR59bNxmiqPM$yk2)>iYWhy$|fMg0g4=%aKFkIQx0v{@ooqJ_?W1Sn5Y7EC|q(0!ZY;j0O_9 zf+QdjG@8SL&KJQ7JQmI9JmF*-Ae@{%7cQK#Yvky|bOk@@0XqOEYRu^*z}px(k&L?z z^;B02DPu7i3_K+!glk8r`9uhmVi2%7)Bo3G6wA4Dg{y1EeKB$R+4%YpvWQB?%@2WI z!l_(2^>ka7#y%W6UwYB}g-TWaFG-M~xLXCVMgAWj9voEV|KagLC;uO!?7?%KktC2{ zW*%mYr^~d@vemx_?-o=56+qx$&tAXk&lnGhl&A#`stV813kXM85>Azj5g-{%5n?47 ze4vqJuwn@ZiD4WNiNbXpj&VRea>5cN{zi^NLo!FDi8#hgC=s#B1i~PsoHLGozaXCb zRb(9iN#?1b1c;L$IAsC#RugzRd&A@@M}d*FeVryjaE=~FDJJm#H!XtRE|GKU;{OB}G3mbj1zBW>5k>)xK@aU>E?5+PZ5hJqzr>A4vR z1S&$A2L>*{9{dv_5eW%`6>#)e7-Hl@#H1p-h|#0775H{;v({QgNCp9tC4y9QO4OWs zED|1NiO`_E1*0BnR*(zT4RY5o00{&G8Yxr-3h)*r^317 zasdHV`cA{nPQX@BGLBOt!dfiic zUR5Ff?}^awL)Afq9tuJD>WLmd$B^mKBX|i9Rxss6(`KeL=l40OzjrOrkV5c z!c}SrnW_!|K)Mhn(0lPmLV})ts+ac!dK#8_gtHlXasqGIxwk++3D9xKY(^t0SB8C+ zx;LXxe?dTn#0X->B}7R$)%KkFHGv<7KMZxnbL30KJU(hbltr44{z#Co3>0B%IFSA| z(b&jUj1xF9me$Kt{me^$DI_D*&-UP1zRDDf)Pe@6u0_-K6`5kNsac>a*wqW~7AO#U zd`i3?2$YgWa{=1oHA^EFk|PPzl_p&HnQ>rIu(H-yEMlOMuFRIm1G3T*Q#^s|1@#ur zo?1>p;v0TU7i=mZPR;}vx!^wmfu>S#9fRQ%tRF~=6#Yj?)&YoGK zPtqz=CKqN{28vo1C9sdQYzWCpb2H@#vxLh9a=qr~M!M@2q~Jbw9R*8Gr0Kw)faHmy zXe?qgzu5~b(e@Ot7`yL;MG`+qSg^ns5Hr6Y;1Yw(E(9Var_)4Q0jAbJifHNkwATt6fp}ty?Lk(_DeHagiL-#-Smm~L-`4znW!(hCpR`x8n zfy?XEXPy{HBCfgc?Umb|Xo-@w8z-Ue*r5((a`wA$zYHEp%Z{`i-G^UpE zFzCf`!7*UOM>|OyjlJJ#7*c;FSkyO-LlXB*d!sm%wYMC)huYk$kaHtsQ#bu*N@Wgj zPVM%e#*L2=o-R={UtDd;j1 z$H7WTNn9#@m@A$qRxznxON@NRi(1LqOXpZ=w_X$T_gpwp`a-pm8YQBQ4zbo9SRWJm zu2Y~(+3qb(Zq+2Nm`9m`r0lCcX92opiLKb5vmg$LwJdTYNv-H~+0|G{Er6r+{8m6; zd_XUe=r~6ES|^+g>_RdN((cjDa889(4AScvDXDd_F$#Rm|XRM&Pry* zb6p4gv;r)MunOH*wr&lKtS_xrm1$vF2Yjkzk$@RzVc8fe7#7o&F@`j=r1nt8eAY_Q z@awFjl5JFL6J0M*?L`{8<&Ll&b$H+nf*HynXlL+?5~X zt^3&G|IvS!{Xb8SM@OCi=OIe-{9i0Eh>;6d#SY} zJ}hZCQ9@bEUbPSZF;ryn7C3?Z!ROD8s^z@+5Nq$z0wE$H0-NOcSCQ}jq85CjVm{*h^RGw>NjwNE7+jcW*f zvl*rW9!*!8D9_)VtGY_lh#0-cuJdvRHacX0SmWFJ&df6^;hF{kOwo7>wQEixZ?WA@ zkRY+q$e8^4jNG)-tAX;j8i!+7E_ z{zTEthA;gmKp-TM@dqnY>Y7t2F)DPc?a;OhRX3^SqBYmIt+cg5X(npM1e@qtTG@pq zqa>1z531#oI@og(>wSBhQS0ixMn);}vH9DEWZ{$Ax&>+gz5nV#@1l1Tk!3tu#`)L+ zSyRzKBXL~We3&rm$B&u$+$4-$Me_v)p(_?9rn{w?C6aEp-mhlk$TNMHmsWv~4E3I6 zG3|O-S{`; zUwrMRt%kD(y&C~23AEm3p|nl^H`{;K_pbN0w+jbvvHuQ7!{dtmcl`8V*x7#%Q7U|_ zH_oYJM=gkczhBBm(G^G{7mU+CwX?;&`oS#Nk#j{OKMUcUu>hSACGm+Q+O464H)YW~ z8lsRSj3*E!LEr#n@+#%Njh2lTK0FCfr<9PGYVWrViD_p=?ite0GOwY~KZS|*I-nHC zG_9jGi~iHc0PUZ1l=|O*3iC&7bDjE-#D3b~T0d-s3Pyg+Xe13LnWnTqnU58;))3gC zFSU8o0Xw;5K@y@D5E`1EV&JZl11mQ-K+!aD4Jo*r!yk`80 zM)StGqS2hA5D&mR72IN-;8C*%n4iYObQOA+s3l?}iuJjKHR35xE)>NFERk_y88Lrp zp_(6gmHVakO@=a1izlfYQSr@M)pUHtXKU?hB;?v~)&`M>7+sHXWWx1WxIP9e{%r00 zr){G~Z6vQU$)+^&Gd3tZw{omnBYkzJLn&C^U)qf6$_+~^``@zCO}7Et{Qt+tM`ine zJQ{ZSpAS>E*#EaP|9>)kQ`!aGz}C-_vYd^+iPR_J!Y81SkCB8!)m$VxKP1hW(@5I= z|1)Fv>fqmv5CbS2N!aReu}(F!fnfoj;Y=ZwDufN>bpX~kS2x1h0m$X{#`VwrJIVv! zw*JTCaW(!k8g=J?9;8&(e_al8=2PN2+2FgF$i)-*Zn}~vVDcllI#rK z^KAa>^>?$XTho#^)seSV{4sj=D2ev!m=Hi}=@d?$n7%|I2Omt1x6Kc=Nn5uKv@}84 z95#VWxlht0)od~f3G4RPU150>JdI_c^Q%)T7n1M`6eyoLHAOX*>|Z1d^gKp(B7Z1? zPE~|XjI)z#-V{{WT7q%jab525$L$RZ%Bgmc)pJC7hifN{b{cM>&qA_p0Z2bzjm7w6 zVG=D06X=zU#KzE;;(!84bYnNqOoh*%Cu^@InZxJLy=tGQg>zSHZSq4|Wo%0hkGvGA zm95|ONK;O|(YOpPW?WVvr6gNO8JAuZD16Fn95n4qRd)5M7h^yd(JF9WCG)0-k2U4}R}VYgXf>>h8GCA}AY;;VOn25t zA-y>7W-aIVhCOZAf~WIV+_1j6ff6qDo9X{%`!93ElB@hc_l+#UZT8>M@UZIt84o-E z&x4c-^EKu1yW~m~nX+g$)&~c&dlHN_ncnJ9Yf4sai9Wd!Yi478!q6R=i1sYNn^rwm zj+kUemZ5TrboS11@t5}ktI`2?2NrH=_jGp|cX4NAS9@U8O$NAF&)r#*k*jfwJbYO>BQ~^z* z|0su6LVK&iEUC*|K`$~?YB||XiU(=h_fR^#bdPJm-+cx6MgBM0A7}Qw*~|Mtv~s3x z7lf-#3y2qw7#14lj~fh#FTWz&Sx-AGobB*$yLh(ukaOcrmrtpWuf*fo!v4d1xBo^5 z>-OJqXa7A!X>0%CgW7-C*?;$K|6#NJ7ordfUjClz`v%k)Iy0~{13NRYGXpy_@ULM8 zwy^)^S9rhn-_zr9)&3hDclO_dl(zQY{0bk?{+nN6XaC)={WrhDCj0LynPNZY?8B<_ z`gP`BXYO_8UT5z8Ma;dm(!&0`I>>(XuMUJ#suA~gFa@{Re}|({<^GrP!D!g!|2;^t zQiMeQb{p{OAol@2!av$Is9rJ%J;Oh}$M4#PJY$r zkYDSg#wnOSq&HpXE%RJ5ABCimy{I&+kiSo_EUoCIuSzd|MV6`^#l70AchE;Gt9AE& zI@`6gUGL0xZN+|fV8Px|KP~Lo-Fy1#tl6&YT5e$f+dHD$Zvbv!{~rvy^M4OgzJUFo z-Z9>70RG||fMU8pXa9Hhe`o)9_J3#pclLi*zMj&;{^wUX$gWVlNe0Lk`+sy;{r>NG z^mN?a|NkJRZT<&u&i}}7{?SbGn#3)wbFQ;IZe@3;o#Y?e(fVlupR}xcfBxd^*OwjQogF=ULaq$ma<*#QnKt=5ePDKd63l?RspZ`?p9R{k0zCShp=10!; zAux3PY1Z~Nh8I62vx`?Wr1FMztbWj{OisC|;HHg#Ivu1RN8%{`nI?4HznkpD-=2ghsj|LLfc{|`}aDF5}IHkS`-Gh4XUJby9h z!K3t35WQ?|na@nEU4CBk^{K~IWmCDMMziHP)?HE4Yfw3TGM{stE49)qJBQXY*e!Rncnr{(jQs^x| zNiWMS_q;YmJ9S+<`)#|fo!3p>Z)TUa-L7-PjfR}snKvDJnR&c)<59+8vj|OvLEX(N zJBZ!;^zH(*^6=j98k(9*rdqkDZhDDNslV#QvYAS++{}87LwH9qn{m za4U#af|)t2#5GT=j_rrCXt#YA+}1$=-BZ1AmQnXDsJv!qhQws;b{ z6qYW9rAuMyQdqhamcMjqXaA3Hl>oBE{vRHX*1rFAH0<&}9;EDG|Bvq@0c3pN86cIE zi}i#6n~uIYDPx?yJ~!1bex`vmxfK`Z|2lv7;`Q^3U*5cY_oF71^(o(3QUXe^&QKof z%!gZvu(s>}HVFV**8kJddj8kZ_-VKPAEMmF`oDcle%$|^B|IX5{{^G-wMg7DPTx2% zxX*}v(@1uW-TU8kMI^LQ40Tb-e|JyI*IC-`{|W)%ap7PvFpB|>%#s2Sp zVzNaxYZ;&Yw+^t5n~vcZqVfCu3ioe#DOWM5zcG~BRQFqnqIQAKF3{NpI=evUzeS+) zM)qI2-D(*N*p~mN{;u5rbbQd||2;_gn(e=o%{uGv2G(DrKXh07uMtqA71*LhXA5?= zU}p<@A_;* zE6ca}ynM;rZLYRv<960%XI*yIWoKRf#jVRPZPIjQhth2St95sy&%LgdE%yKD>A3R! z*U{7Cqt5<+kfLnh^7a2Z(JU3XrH2(sd?z_w3TD;zUNhvIt@Ny(QE3hUi6SP8(paG9 zu`qU1rQwnwUJ&;xnIex+qE6(q8uFC084b{6v%>er!c1R2;YlQEi0SX|+k>}>V+HVH z(gysU>{Pa7k;Q4on_o$E+n5Shn|t;;5mG0Py%XpRN*JEYMBMwt;E zk`EI&diwO>>DH9BTfp6zC|62QE~L4Y)8RgTwEFK$ujt)Mv;4OS-glq_w#onD(@{nK zA03Um?>|0B*_6Lt?{;YxM6)CaRJBYN-&~5{iQqH$$(;m=kjP)27Wb5yVp~WVr^oeN zFRf~j$bOoAOU>RfW?UBX%egG=a5QZ7w77fXbCjpLrh1)jU^tV^W5ER8ot)ZdhTyhR z`D7D`2I+63k^KRkqOsh;h?HWERb(ipRBn}n#okipV7dI?vWbz$zdfL z*Ww`St|PD>8jSpy(I`FP6PGoRJwq3we zQO_w~ThRKr1;hW#ZvNirUT>Jjh=(zj-(}R>fYXHtAJPI&^M*(A3NesPB(yj-+ zf~4y~PyP4!F$|&q`LnZUa+_u>iF}y+2tM^>;e|k%zHAT}X&7-}JNY?a*F6(?x)q$a zT58-1(ydXk8I8As(KHSn@&fmS#AHeXDk%#0+38EGz(k=Yoxy^Lf8Z+Z@{wfcQf;Tf zeQfLfM+K`=6{QXe@RSMN^vhuN-Nh654nI&Kb&i{bS;FWM{*hJDLn~pz@sEUZ^r3f_ z{&jNpTmaz+Ar(T=3r@Aq8mzVN4^v5W>epegZ`#XF+`3TNLH*RiwjPRW(C@5(TC_Wz%=2fq?dSt8)&^B2N# zW6pj@PdYC3kqk^d&VF~?rSO=KgKtP+RM-F6i)YVYzi>nU4*S@={>S6v<7)or!PDb$ zxBefZID6?KD@dK?aH4Er$9Z3U@!O+?l(Co$26HMG$yCRB3wxA7)$RTmUXzH-(FYGB z$w@%}L_alz^N}JnFa_c=6T9XUz_@(w8`>VSOS*B$^uRwrQ3>i@M|MisA*JRMv^l> z@s!MSoOjt41E!2gAvuW!5XeaV_U5GaF%H-&RPD=A z{r_MP=AElyyJGP;)d3Ld`Lxq;%28Wmf=U#Q(}%oA7`Z?Emyzs0p(OC^^rZkBSF&^| z?7J{!xp%C*chi*8P}EOuQj)Yc6)wY7-#)lpXN43>zppFjb$6M(J-x$peh~IK4A#UPU~xfp z@xJuzw?})W-;Y6{W@qhQ6&hGfI0;cAS3ijak3=xV3^w}UC)#yj=f!lU8R3_RHnBpI zz8d%#phQEr!n_xFew_tuo4mT2)*=l#hHR-w9Rwv>rGiNS5rTP?$ka^9xzfx*pc@pJ z(+ujQNHEjqj0FL^)`L_`CkoWd$g2cZfs|~fUsu_)fPh>e<=Ip&%`VDuK0$3cO+nYc zZfFJY9EHbetmk}t!{-*8Vg=_D^mi|CqgHJiYK$)R(Y3-Mx63916o-0}?ic)_!%NAN4a3ecDjc?I#Ye9bA(hTeM5?PQBU2r_@N%aAcw&tb z0smXI5ODU>vy(hVn|s-)u_Q|7!~0X_Lwd3cPVHUlxz$)XTE#qlk%Wh_6a#xuEM|T` zJu%g{&mN}+qH9TI&8tnMiaBKp#z{bgP;AnQ!Bd7=YrUo6<;TyP;A@P?Y(^t0+X%=U z@EhhMJhLr#Y1js%Y*u$tCa1p)USp`#TH0PS1qvw!0S&3FVehsW6;4dI#mUm>UE%n3 z+lH6#f7^;t@o;r(A@Ce$G(xyuP;a5pGv?eW^G#SvcnkEC0DVxFbrGXBe3YMKY)>PL zQK79Clxr4btWew)qrxeBrP%R9jb>iMs3BayucjE2ME6X@B~kG%~;I-Edo3x2(ybHCn_l2jy_y>ZNOsom>lXX`T*u)iNMxxb$c@zS=q%=M9E)&bDeQNeEr zW!F*&v7u8sxHS)4x}h!7&kW-9o z;N)CiNziWlqv4-hMdjPu4D?q2iM3>HW(3GUfQP(*+9wnLy{16`Y>E7uQ;9$l$wDHj zXMEtQ37x5dBFr(u)U#YcdP?QDg|=7_j{ZNe<<9OCoa+W~g{y43BfUv@WT&m4QQ~o_ z;d_Oe#R2`_)*x$NQ+63zYp(p1s^(&ht=&-C@MDfq)YiRIoYAa#DMnE6L6sZoum}-( z(6U^yf>CRK>L+VHC_KDf{HdSda^xPlqb+XKDoQP!&zn%%=zPw)D}1{0aw|qHT)g!d zwQ%vabL^&qvgmQjohbw62vsZ{@*XRVbm&w z(TvfS5Jp4j!lH0li&3jUK^;b|0tLJAQTn}D|K--{%P}f9+B%7!;8I6z8#nWtFxoVI ztud-j;wQMACSo;Z9~w~FgwdwyYk^VyBA>O z$IHza3HoQFp7;cp$} zXwF@$I8uzqnMK&g)w+XZkUGP34wCf*+9apUUzpqbBr*qp((RviPzy+ePC{aN?vdVO z2lyca5z`n08lf=JOae2!20>LN@U&w(4}@xDIO=eYyk-#K5(DjZvCvB0!-^%Q?;t== z>b#~d1NESn7+@yLD5Hy+xg*dzGI6pHEVd}Z(q1gnn2o~&GK~CM3GbA$M_yjo4 zkgGQ=;qYD&I48ed+d1jekMbQk4ulKVGK{~ z6xgIUeSA0dKZ)$Oo|Y&=Poi(I*9UqPZ89>MM>e6#JZy(k1Q_qK2NIbhc}>wHH|MA6BZ2bqf0F^3ZGl0IfOYAIx1 z)zHXbQKgbyJeK3spP4K$As8+|Fg3=Nj(8}QAX9RxYKp>T@>vXSNk9XVMN5pRR_$zN zlW|GSSoN5YN+qpHc_NwpS7VQnpYeoTFoA_(Dv`$$2@#@i(^CzV(%_YstwkCE5^qr$ z#*A_ENcE*>|IXIL+G40Kg59}4$6Gg|nudjm(gV0dwq57fsD@E*#i4qvHhQS6aWljD y{BBnuxmr~1jOSCS+JYv@Uf8oB-_U86u5_g0RR8P^PeaHE&%|!<04%E literal 0 HcmV?d00001 diff --git a/released/assets/rancher-logging/rancher-logging-3.9.001.tgz b/released/assets/rancher-logging/rancher-logging-3.9.001.tgz new file mode 100755 index 0000000000000000000000000000000000000000..1c5b7ebf7bb215b991b6627aeec8ec3d41afd622 GIT binary patch literal 9470 zcmVDc zVQyr3R8em|NM&qo0PKDHbKADkXn+0qSL~Jh-NybR>fuLvbfN$ zOc+m>X_sZIe+NFyr~oQ}z^~8WzUfXF4~dkh1rDkTFVG7JN0<{%m5dP}8H^EPB^i96 zkz}x72?vQ`91w}ZbsUayKs|EI5+(iyjzdE-MWu;2#!M&?vB(5MFQl9^j()cwp1W0K z9RNwDsh|XilOQ-@0reImcs+T??pFTUzj-pE(u!WYmkO(7fm&NPOj^lA85|0xhS$K+qC0yyb2?+!$ zLYW5!F2D}_8zB)134#T1^jH{Trc5buQT17|(0g^d_RC7wyoO&!0 z9%YHppuHKR9%@#QGt~`p*DwGH1Opl=R0Rs~W+d{=zg!C7NdzncjOLWHD8xt#xT10f z0af}=!_H873L^1ls{6MzqL;}SU3fiFECN1*D-xAPQfQV$X0%cxH(^1*u8ex!QF>lg zA^z`)(CCq#22@e)9=0wwGqBQ4sIjO&MEzpokZ656afEOnt z81(z0{T*VcnRGDx{w=jb{3AipwuKWhAJ0%}aK=>=MG79FS|BCs#gQyf?2_7QUAV+W zY6zLC4gf&95Ju2>`A0&6j()0__Xs)~mU)De33_q_@7S3)Lq7@7amZvsBPth$eU-X5 zqfmcAK!wBzV#XyzNjTQ_occ9_@B82Pb;UE}bHzM9YCx1lnvecSkS`1rVQM&#{x#Cr z$VH4JI5w8n>l6LVOMfXOBh=4!;Ca5v6pPe?2B@w@)AkJ+W3Z}Opexwb3m;}E5ITHJ zybcJIl15Vj+Tt}!BNmb)3DcD(TzJJeuqaqq>nj#9&`4KibL0V8Xo)GF!qtp=GiOIF zry%hSKc)*d6%fa#0*qYnpMpSBsWT1Om;`Pt;tVMlJ}|&Y8+WS9bnRj!DMx3=EYYWF zl`)euGb{r|EsGM^Ct5ayWTCm4a)e33<3*=g) z^wpz@_$OycJko=3L_IX3#N-L5a~j|jUkZ-|#B3kz=#NS?^?0if%~H$v0|xN1W_loS z!dZxNhKa}lTN(4#v;j8$9X*-L6Z^cD?X+a@eJz+s@FrjEparw!)H_8j0~9}Li$J~M zm1mAmg@SuB_bh#!0#vhj&#V?v#>^!)VlxR6jO3U~Qv;Osb*}k;1RWYpSjRpOF+3k9 zlL_*3t&v91IehzL$ABL;z`xuVjXh_ad5+PPMoK%FDfbmna@o`p8{bSD#%W9~<6+Q? zv!XRvLT1(=ep|La?Z78iyqAn)XImqvV=3q|634+p zNlBb5eV8krr&ckkUvrFn#*13X*-7VEX}3-j^LJc0R{BDWgBu9!!efu!uKE@uI{Wr?lWpR*tih_x(oBT233blKHdNiBe*^!!#pUtXh^ zNOT;deXSEt26iEt1!?zar#PiTDhBCvjFi;6*cb&q^DdDq+5LiYZA>mYKqn=$;)SjQ zep&%$L|BFHD_ge)M%I^BtID*ntOGt(vPi&$v#@Lo6%32@7{lSdFIM%dFMXX z_2fotY}|Jgxx{*R6Z&$jdb80FKa-X6?p zI8s7c%U-n){~=Ul@n$%Jz24`~j;iInypFZ^Xoe7x5P?nd4WR4TdR?>eN9Zg$5mloO zbn|LjCAsFrQSAi4{l$2ni|#hKQPMc_;Amg}NyD>bGNISd>E^&N^7Y>a(QNOK_AyC< zU;%$5B+#c(%I48SaGignfv)RI)rT66fH8U`5eR~X2tQ?--3)v}QSDO+N8=ho-)x4d zfG6XHCd!LQfj z=A@yMjI32pW>%-MLMz$_B8T*?9>?g1_S0LyGb4$C;+`6MnZ_BerKcMs7;_rQ33UEj zbpKm)D$q>7n=o9{--Z!S?AcB06PEEfzEm7HX_S-w2bqy1+u21 zfkxuEviUH_sGmM%=5v!Ub`{NM7=*5vnKRur%`B00yXAg08%Lh$yS%gtd}OHiJUi2_ zhm{@rDo{&JZs3oE$r8)dLJ3JkrfUDZDC3lRsh1}sC%V~som)wE&h6%_c2QW@srALz zZrW-%tJk>|fRaG#tQJb^^nbJcXMOK_Z+o}n;5GK&!Jz-FV*fom91gek-(!>tAM1^C z>ex{WqTB73qEU1OlE@k3^iS<{?105W-%a^FhJMhhRF1gJwwNKCc&+a8H&XGQKA($6xlq0m2tIqh{oDUNYk zM{5@Sr;h>JKc^`5zX28IkJ!dKbs>rUw852r*a{Vl{Fu>58cZ@xX@4>wD`+htut8sH z^QI5%44Gq;5pTH%nF1@fDvfwX2bkOT$?jM1I8RdW<6zuE)aVF<9|uYd<_~ z8#QVpd6h{vrjehqLE*WTW7Qhzt9ut{h(&Pv}z>JxF{2597CB;i0c7m1D!Nn_?Tl6L?9 z+}OSP@b6ZL0Tfaa);e6QQ_XB(Sb(QEQAni7{d51G;=tFf z|KV_0J^vZ>xA{MhQY!1eE(SUCDRCWa@NG=w>?wRZUPu%$`T<-WE9U+)U}NYguIcS* zzUdh68ho2pKxrDMf~8L+dtg;{~o0jl{<-Jk?Zjn z+5Fe*?`BoEq$O{wBk!vCWAtn)iT3K4BY@P>DP*3QzCf5Ug7O(#=<6@qDr{ zi57(sbV^2IgdXh0mWyORpuF!spMOYM&>CysM=)c~Vvx+mgd0FGXr) z>o-kl%BeRPmZ8Or%L=5FWHTw_(u)FxPnbOiP5V-nU7ht}4Co?S1k z9a6P@^T292vbX}4QVR0cEzqcGzM4VnS4A~yQuuq1*nqZT&xw zQYy^X6vyw9OHpLXqS;t~IFQ|wV64gXR)<7xd884^;k(U z$x@b~lEra*l`Gt=kFxen#SWP+E7f8nqmvDKQJlyRga#>!A5`NGxfH3&J|S{8f=+Kv zxLW8v@@K+Pr?&+tyXMfv4cN3(C$93O!K%5qQElU+k5>&?>N+wBgUX;InX zXeG4QD$J6)yc6^yL#39J?WCAU)4qpN^3nsY0e|xq;1~JdM1P#xe6!aNfoLVCZ4-p6 zO$&$@Qw$3Y^T!Pa#Ft-@?X0H_7S4M3cU?T|d&s%*w#%o~$5-O<_l~-(!@v_8&f~{fAro@1gBKY_|VG6hgtv-*bK6fEvTr4BVQ5TQhKL25!y3zlRyv z!v33H;=|g1htGz~{=cpL_b8>U{WrbDN3{Q@m$~bFO*V^xVM2RxW@iFP&QxL{@d?A+s6MrO0iOe zME-gk@Nz%*0Y1S$+BK+NG6)^RKb_r&HzP0iw{FA-HX|?h8{LR%_A~ntuO%nH=se`N zI@LG@(}nb=>%3(iOXj1HG_n_!W)<@H>6N7wo%B`d#jnUxwWD}Yd-WdrXl1o--p|%{ z-P*4AX1lgxzk9G?@2Q^_cI@UoeRbCCwrpB%VgK7ZqT6o(ZejlqpKbI19;JK%`#-&7 ze7gbon{NP$;R0Lxe{275?fH&o8l;U7>iJ2#_`Q|KORNK`M^t7;l+=Y{-LM(==x*xZ=Q6n)4A07E9*LXCwBDYY5=-LuKYu9Ec$tb5 z#;*wX^MUBE`4!7v_U>Oy$a3pCMoyJ$(_YUNb1xqk;}wv@gW*9xdw+_OFA7uzc%{Fg z^)Sk|rTowCNqqqMf3#n{|9Ln#+~4|t9;Mt;{_8z$E*;cnws5U^{-W1`C+VjkI@$U) zQfTS&^O~YXtgU|qa~35l+0^vitrfUIcqEHr9UY7yn7E=$U*Q*#% zO^8kCwDL+MV*{}sf+2GacT`C=W5S?Tf*)@%3FZUBndo@WkJB4&%RSf9cUAYRr>$+b zwX=d@EEg{*&pts~L9|S7FEy~sSgsZoDbv^8AhLmYc}OoNKr2t?Ew5XtxlE~*8|Jo` z)s*_HUZ9$(uF4Ih53IjhIoxh>+3V6r9yY+;e!{_AeP6f|yL6v>?x4~GO5e9;+=_dv z=|=d%&DiP9?zf~y^PRWth;qAYVN3VHw(4l3TX9=KtP;%3Vdebpr0T$ZEX!@(_pfaY z^#5fwLHY#&B4;NYC-k~W5#(o3DWr0%)!J+0*6B{Ip>_H(aPv9|a0I7G^jtiT%;ynS ze&Rd-xOjbYfp2J(TsOT<;yAz%BT0hda$c%fFbcZ4QZwImunMv8r562Xs-L%)#@=sf zxBnmB$pO61|GOOjF*w}b|Nb~-gZ=;TAsoQNhxPzhT&~ORKpT#-+9^BCUZ0uj=dWlW zjc@h*?ANmoFWSi^LuMw2cFUhxFJsjbu~bt^b$y+*UlC>s^{{LV*5?J}C2G z6aU{zwrzCj-jBa>xa>)|yVLBB0_H1mpEZo)AslHdIN&efQfngA13K3ly1W-RTLbI| zceve?T3+vZ+d8ejRB3Dfr~7fu6}jcmYB#XP{@;IgRJH#PhTHq!AE(@h{r>=oI~6u- znZ)y-n}uWSCiA44hEs^f+2fbEcgv*wVo*TGj$wz)dnT%B#M&R3MH z)5iW|Oy21N(6#yB!=?M*_n$r6+JBExzE~jd{Tq$jOz(TLF~2&AUyo1?m!*iUjk#@M z`8G#=mW+X&pez#>^{NLfQa{vF} z@Y&(k{(qFBY~b?sPo?kAmL66l@x2^9DVSB;`%YhsU;4PXK+j`goPAx{B|$tRl~0>n z4SB-Zga&91$Kg9;VWuyi@+6Wp#Ps)f?ZMm7@&b4>Z0#Z}lg8SuOL7L{lu7-yw}gFvyJPkX(=8=*Rm`a8Qx|M@NHg{NJOLRbe*uZkG){IevR7 zelLR0WM&=*iIB)&pA`3$nPStQ_D@;eORE|rvY%$(QnPoA8JC4H7%odY91UANE$*K9 z6y=Gosa~fW7|tZ~STKSQ$0upvmnOKaRE}&Uaa>U_EoP_kG5BQ|G!l|Tb)KxPRsXjw zYvuo27E#4McTfZCdjC^@aJ04mAEg-kKb2UanQR(O-OBVg*!_hD9^=S_>#?v` zRU{V3UsazhxlNkMREVF^z>4mX8u!UTMK9(KH*jc~f|CUyiG0WcV@`ymkKvwf$%8bhbP#rC{2PnDXoJn5~un z#6+n+p#1M2465IM+{*vQDixo5$@z1q>nlp<5MQ-u|MH9Q3zp{fp9tif1=udecU4(u z|Lq@D^1lbqhW-9_{Xa(8Fdf5grknCs(sf7tkVYM+oVL~sK20vbu4Ja|2s)A{xGJ|r zXRp*pk<{j?sQQzDU5V@$OJtnLrCb#acyBqq;{M1pr+9TQ)Y+h+>hm`3(5LdzXG6PI z4K2%+?86l^H$|EK9Z-?~xKifYf2fpiF3s|PP6FyHCeVJNAn1C0gKxeR%i8n5<@-Me zNBdj({}^S*8h}#?PXdhKNx;};5<_Q|wCg~pAn7{LQUC4kLLa)HKRY`nwrRqW$cNDn z;8RZ)UI>)w%Lajw9wYW_C$9o_)iEbecY^a?ON~20x-%*^qVY~Jn#Q4zyudvsF&Wc< zN{YgLe)8HXFj1&UCom)8CtRdmK9TH9s_itmySCncRj?{mQR<)oPnpn7zYJF2oG>g$&84zWHO=G&?&@;w~GZYHEta~zEhS1D^Lv+At7Q?FHh|_6uP$& zeAoL&%#VmpaDR*?|vAM~WoY2j3uO7zCi!p>c-OX!=xp+a;Z& zK2#_?Cz0>$K%_R7ltu6)))!o&U7!DJ*M;{{umBe6mI@_^kwZWubRGA_+4-4d9Gx9F zW?{%8_~rNve9DF6PO0qa{~Pojcl;;s>Hnt>X49VfU;0zbqh1bZOgv@rPH2F_*>lBJ z?CiN?a_Q{3GK`(Q|L5$$FN9N;2zdSCrEuJsv)|E^j!S(cJyVaf-yL@@JmzEXFC;Lk z>;LrS^A~Slx}krMeXL&p!{M`M)%ef-!=vr@A0DMRJ86;?q|S0URyMHXe5}6s?a55a zSd4nTDV4Kitj~H2dz4<)?Y;|dNkpdTgNKpiB%ptypJsl6$HJIJ7|ApRLx-W}w>Ci< zkOC}99Y3z)?CgLH{*TW`j&pHwF(zW>d<#lz=`;u+z7GYQxK zERTgHU`ebj;Pg?ttyl)XG;)QSM)h?hIr9@w$vnsTkZmzw%$O9ClUM+OjMVRMPii0I zfGt8rPZlYdKV?HT&`P6sDcenn3W+fLAB2zp!XV5$SHpJ2Y&X>b5bF7~({RF3TVsMs z6pqt{yhj+g-~W%1>_4I;@ciVp0DG=v=~CEtVajqJSb6WJDW##PpWK8bX>TfAgp00y zaIwq^DU@zkSI+BhGI=|Chw1z*5H38OC~}+#$--0X%KSm^QZEdGif}OBS6YViH(fP+fd1J^Ss+PU-h92-NJX-K#HUC#+boIAN)kS4(z;`&NL(Z9ML9LNYYn59|M$V=vJ8b0?#kAfNhgkH`7|AA;*x- z6{&-uM5|OV2_Ql+j}n=hDLGe~IS6!v0&|){9Ty2^`kb&JU{`vOis?jwdKr0@pem4( zP4w$3dlnFoGo(D5%DLG^InE8#mXj28{p*HS054E@oW^?2*Ef7&u_;z?ZlJq)fm^j| z(@*R zWab-)@ZJ$-QtjEW&It@+60jp{Sh^kPl0ky2VP>%fV+h8L12D~6q8R7kdJ z#Yb-wA(hTeM5?PQBU2r_@Oq;EcxsIj0smXI5ODhA^W*%CHuthoV@Z_EhmR-BhcvSb zPVAMBxz$)ntzw?ONW#Ndik?jri<#d|Gp4%s*=}kex|USdyjn%7m{X=;90x=Q#U`y7 zJY|@r)@vGGeEPf!zQ%}5CN!e5jeyJnzhgeabK7#0hHWs)W_2TFa`JQUErv?1rR_CS zppc@cztvg8-fb}|WK6fk$SHqX@3Cmnm;K6(uSGHt6i&~C0nHN3SM z3pLhb3h#uo5akRLk*fp?#DaATYUsvso(B?nq`lk0;wcdL_4(U3+Hq{Qy&^`BPN>*r?N-3+vAwCIrWvgo+%KOeXu!+hF6ROUXw5ma1%F2cam-g7bM)kW%YkyZ|?(* z_x48cD@!z{iNKP_;9~*sZ%+z8cB`J9R|UV`tK6?Qrz90gW^WvGoNM>G+1dIG1?=rb zOz!PvL%gspE^>V&nRNg(byV;hLfN$xLTu=i4sOWqWdS0n?m;U*Do;H6EZ`0(aT`y7*q zdgk1&NqbrNsjVw{M@m|ZuZv~F zU0aNnrf#!Yv;UsVJ*C-QqVL*#tE`@-hB-ztazTZ}$V1ChU>ZWG?WLuL7avcN`2SXB z-22GGs(W`8Mwv6*O}*K!kc^WlUaZDQ&_5gX#0^{w2mhpNj&&L^vfbC7V64W-H1t%% z8jL!f&MMh!V-&0Le{k;Gi1+d$hm3|Lal84xAbe$nIJ%2B}d2 zV? zB9j1=ZvV7{T0kOn5E9E{kMtfp!0QY|Ok)gagu2&yW9rybMzL8wNCqdv}& zR}2E2W1zh*7Fwx$Sg^$O9R%n}9aj{vsQ?-Q$<9z2H=$kx1dXOa;hf!doL7uPn0oGc zXf{DCf*HF~kW+W%1c^*IJ_U{w zrwA~TlxL^b6_nBra@6X(Jbj^q8b8{;;Z?w{Zp+&q_eGY!SIBHWmx~xhZx_1oyo8uq zdPGMwJh>>OL0;^dlLlWO^a;39KlIQGY?s9tmdRijRd#CTm?Ic2Krl7Ng+B36DnX{?RMixP z%jB~d+>w9=B#Y)4QLWn9#0KM%nz8CJA(cv6lk!9|`>)0xBR}H_Ib#9~!&D-VB@!Y; z--f3eDy4^4UbYr#1W3GDVHgv}%_G&9p8b1U6HAMsx(GJs{v2=Jh-w-ZCQ1+B9@%!8 zU!xjEy%UG(vD(u^WsRE|&gXZ%0?E~)YG*v3O4SxLN%q3#g8YTDS+-?cwq;wkrEU5D Q0RRC1|A5L!%K#Vw0GY|I^#A|> literal 0 HcmV?d00001 diff --git a/released/assets/rancher-logging/rancher-logging-3.9.002.tgz b/released/assets/rancher-logging/rancher-logging-3.9.002.tgz new file mode 100755 index 0000000000000000000000000000000000000000..ffe9599f3c003202036f7440d2f0e8d9eb8cd6ff GIT binary patch literal 9717 zcmVDc zVQyr3R8em|NM&qo0PKDFbK5x5=>GcgujnVw_a^pdQHPJr>ealejGgSJHiyg3%+^+F z%7)06gfU5Q08ox5&imV6;ovD!qI@N@E7a7)B7sJu(dY{ekdw%pA@2rkI;GLHcQPYf zx(gBpe|fOd@Av!1hll##e!pM+cQ8CY`pe+3f7l-khl4@?Fa5#caCrC^=sz3^%_R|% z@W1r$-B)#Rf09C?h)E(Ti^RwQ@Q5S5_k_>8raSV_Mv?HkytF}c# zyB-T;7GWf_?i~`-UyuvRq7lpo4vFLJ=YjiIx9|8UJWgY&ADyruKu-!Fkq;9ZNaPBV zfJD$}3Nt#L1q<+4G@;XklW~A>a(*gYIAb@+(TDK@e$oSW08Z4H(@B8$F>)dqcOB}f zu4YokV$|z-N=yjXj!^T75GX}2U{j|5ugNIpQ|B5NH;nsY0Nx zB!dM@I7kfRfJhXs<8X`v>X8$cDDgLN92$}-Dow;OWA?2KL^t%P|+^r(( z07x=T1tmb71i={#sJ9rw>&ZJN&o~NOtiEM9kZ9FHTBc#;Uo!gCZX;Y!a{kjxRJnp2|Y)MJtG zC`*I}?adhVP_u%Zscw+Fh5<+*7|=+eDo}toBavtRDc81D6h{T(z?%&dgUMFL8;q^qZ2>1+cNK_h0p;;1{(MpZngarY+G3s?k>3LO! z_`fAWzYkRh5qc;D;fsAeevTp2qet)(9xPzYiKfj&Y0mF+Qh)DSpdppoJlX*OFHS}< z==VeWJH${k>0tQ7TWW{+dxD~E3nyYeUZB$8jH@P!6g)z;KuXq&BUzx>CAHPMaE*)9 z5HeLA0DyEMjG*)K_k;u;{ZudS5p*;x^9Uys^yCQMu?ug8eiESLkjaEbR4xqrDs^v0 zq5gt^3W*WKj7x};aIEb)^=kw_^nd8_<$OE#_5>xEM&5U|8XGblk zAn^@9rVBO|5GUsXj9l>dL7=JBnFef30yh?MhLj5*7+|E0JJn^nb}^EaqqAd{=zdyd z%;d}r%Ro`fq6GGtmJK0UXl|w)VUln;L$25S)JS)|f)w0c*HN(4M4Ar#5lEgWipC-~ z^P9b}5^YEEin04nSS0b2gc%Eb0WtHt0nRbV>_Q+?aym|=6<})pvq%XoNoa&Tn;9iX zji5^BL!lY52smR>3o;{+66&iJ+1KEv)Q4fe-*^9OZ$5C(m|wx`zYNAZYGqGy8@Rkq zeddXtB;s21QcD}VYA6|&y>vMG5q^?ACH3Q_?lkZ1fRd&!#5)$9GbSxL)2BZR)gsE6xyD9pCP9Lc98+m(fU>?WHUE#GL!$}n*ykaJm*ZqI zL4K(<(g-?7Z-43-@WTf9*9W4p=ZrHiF`CjyX$Ldqz5+_Fn_6Pyn`y&1jj3fK40>@~ zats*p(N5AzWA8T_hSXmO7IjVIki=cn-Y5=b?alk{p*Hs_ohTc$AuH6FH|e3Q6k#t5KG;GjWMC`It98^ z?cRXSF+w5EI2)&igBM>g?;5iOWGs^5;qb7ppJ+RT1g98~#RYmS^2G=a%)1yl)e_h| z9UM6&2C8;nF~Kq;OxbW<&H{AHT0t!_&Vo1~)_TbeF(oz9rCno*wE&LN^IHLZ`3b#5 zqT?71Zv%ZYumm)V-ui*(IHf`=ChT;KB-Z-g7#_Z&GgtcIlyYsbE;>LbCDY|p*8xAR z05c-2(cmk4x&}tpmsZ`%e6j2aK2`Egz=X4~Y;YBfm+`_FT$&+Mn=4~*YYA!ibrx93 z{;IXRZf2@)SALTB z?qf~-NB>=p{~SFZ^tbV!rzp+ye>uY-MlM_#-!l}rX8sSJA6Do8_;~PqJO58nK7a1* z!JLL8B`~#IRDSr6p(2Yn!x8NDzI<_1E$8K@SVxa$2oVVp*d%uVUB}kz8pj`@vlK*B zjXKcHt7&!NnjJ^w34r^Hi9Q#@ZE&k3W#qx}f&P<*7s+HoKS8IP1H;JIe;Y(I-y!W| zk_5p5eosiCccYZeqle%+|3m{_*O#gfH5>tB^hhEQ1Pc-Vk!f8s@CilbrxK1PG=#o! zhN*yOAMS6S7`weqqpliuP0!4hYS#FeB0QWc}6AN&>(;@nnXh-Y?hFY_>DoR~geLZlo%W6B6lp-ISzwMSR+$z^CPy^`vPX{`eox6xE6VWok#}>$% ziUt~q}TVeBfJ&oBsGF*AF*YnoXi>2}NgYBr8M(|37k75KEB4>>qv3FC|2;*i@UeDk z)4+~e5Z!LKl#QY*kVMWHr+?@`h%jVbV8KGCz9xpgA(49MIUI0 zLXt2ZL6ii61CYt9l>1g%Hd^@bBtV@~LSm|;-*!t(2NLqAjeeFz4Tb(G%xnKYa|){y9ad{|%@xf5bM|sS8Q$rwwlO!&azZ6Z8}2sTSy{tk_6%@_{Cz_1^gs2Qp>FlVVzA7t|ZArAymSn3lYj2#;<8K zZJa9_O*snj1iVwhE!GJhHEV$R>3*25LLU;fM65)yK9{gYJmtxSqWFL%GEOWb<}WQ& z^CPeFxYWMOP=xw;e14nQuqSFV5VKTsa{ zy7fOC4y*e=gZ}pX&y$qO`mf7D&SFYjCjxvI6FJ+5@5T#>0!BZAt8>NNzXfaz9mO@h zJ@s&#R`p-Sh`$~be`@hFa@xOzkZT#;^N>RC!I2O4c zKh5U9UVk^Mx+N`nR~>m@#UG<*kCN!9j@bf8EuF&26VsO{>?g@kqc>!Gl`3!cWZ(D~IVl?zGu1qzhUoSLGVO7<@j26`SNJCQ#W zL8mH0C#~7ZHE#+kY$?Gw@3=1a`1AUP1?5yb$m%(wyu+mvMjH*c&}Si8w*aJ@ug2p3 zWML953M1&0jKs#REyV!^lIX^6o|y_?zKoV$OEQHoUpm!3&kErO zQY%}(>5-5+5k_4AU89n+@&8kNvJgX7myZO@s)r#*k*jfwJbYO>BQ~^z* z|2T(MLVK;kEUC+TK`$~?YB||Xiicd<_fR^#^oVP~-+Tr5MgBM0ALsVG+3UwZv~s3x z6NIZx3y2qw7#14lj~fh#ufHPOSx*}*ob~YUyLi_3kaOc*mrwgXN~he?+U28foAk9J zy4u42!^gM(o-f&dgM+R8_Y|eA{fAF#|KZmDdu;m;o9(|4g;4PF_gvpMpvJH@1Gi@2 z)(qU5fm<{1-@^=SVgF69@saJn!=?PM!SikY$CH${_TTgxpV0oBUgOsOdtCc(dW}u? z-*qy^Zp_)I#Ww1;huPm+Tq;Ed`+qD(@J%9!KK>f6^V;{JuuVKw@%ckWH_P@O&y1fH%2mAk^ zf4sH-pQ3yP`#-&7eCq)Gn>zr-bb+n?zqS9j_W#!Y-`f9M`+sZye>XF`@+*D-Rc@|t`-SIoV9T#Q#h=3gpO z_~>Z3B>xY#@t-Ftca;Cyr_H5DO09It!J(xV>H6(t z@tw7I#H`eIg|63L>$1@x0NM`3)UDnbvjNt{n^#ufN|K3rCl_`1zm23Zq_uQ0$#NX4 zct^>+CKi?AAF8J&n$@UtoU#lzL#B~Wc{8xjpG%9TpzMl3@)|49vTC{(fF=rMQRQ_R zKyEShPg<(MA{dwt`qCn3==M7UNkp#{5*q<+@LF+ZyQq z-D-mLBL_sz&Nxo!rzS;^Z%$&SXRD^n2yzbrRqR&XeeccoCT|IIR2% zdH((L`sStYsV=`w;yAz%BT0hda$c%fFbcZ4QZt{PunMv8F&X`5s-OQ<_u97e|A+Sq z0I!SxDxbgV|8MVqf10v^|37?;0Pyg!BfyoA>vA~IrlYJ5$_}&F7pD5TfMya z*TsjIZ%;3Oe)syrkD5@{klltPx8)lzZRP)c0>EqJ|Ixv4P?i73gTYq*KSg;6`G5bI z?6CVAOL#;A|0_mkYmvBToVIab@R$+XrjcwKyY;`x$n7^CPJ|7D%atH(+o)?92u~vI ztJyiP1ycX6CVTQxFFyXNVXkzt+lLreF5bqd@xz2fhn*$B%X7FgAYEmPhY$1JQ)+)B z0l$V(JVxkm1w;J_f`Cngdc<&GLzfQ{7;J$3=pn)fvUS!63%6mmZCP8|`hRIWMl*13 zIkxf!*PZ`5T8jT24v)9@zdlKM2>WW@;|)Ou)XQwfqaZ7 zw#v6Ad1e+aBT}=JQe@U1ENJ20HRp|&JiF#2n`TWnKR7(Xevtu{PLWz27+$xVV&L%WKlNJKs8{;c|xzCeG z(h$?%-?s;E&utXIi%}c!58|n;+3AhbJ!HRf&Sd50a_#=`+eApcx%-Yqs<--0=&Y7` zMxrSeEYpxiBN$}%Wk^1a;P~k1;Ari(@;%_L+{`Xz`V_XJ%Ujl;KU;DAwO90JrCI*l zOsNOZ0qf*{|EQAxJ2*ZbZ14YhlCmlztUm10EQlsa5U6UIEWW!Ge-OcE9Pg7L5fb_9 zv!c6|DYluEae7?C_0p;aiR`B_>1*7om~mOi*y6He{A<|iY0R`}FND|dWvi{5g?rm9F*2@34EK<(#ebm4@ z`G4H6-v8Dg9B=LaCn?7MPbF4pCYwf6w=(?=c7LIP$2c}xJ)CV`32W^|3qwbzY z(`?x0P2t5uMOvDX;mcU?*8LyW_MfrS#qzY2^1e4>%5P)yc&+>=CZYNf<$wQhP`&?c zEB~LWRKn4v;LpA8hAD;UziH9_^%vn+EY0gb5y&|Uuw9P#sp-<(L&xQ`I8d{bs*@r7;Zi+Jd zJD?)}aih$&|4=F4T$<(ooCMTYOrYaJLD2R12H$)tmbLqT{pU;H|KFbfd783g4Zx{{ zX8}g=EMV+9iJ`Mf+I65)kaQjBsQ-3%p%2|JUz{D2_A_Bg6o3Td%=0HrN+G=-5V8~(ReQyP20cIR38QED zdsamct%M23-xJEwht7HW*U9;*0KySMDukjJoavY~ScwI4hTt*IQN&E2c2-Tmn-MNy zj1$JQs_LDbQDI)Xnx)qcukhn*FXKCx_VWMkZopdq|8Ob(dpOwM|MnzhXQQ;!ojf)8 z*^G#bWHOd!yu&7h;e+dKGv=Oqv3JI|35rD*!urZQg+~sNQpcWAQ_m6hnpEj zFivQob!JSwYn}e;?7#=5BSjMHjc*V$3<6N=&;-M2G~L(Hc1h=`Hx&xcN#r{_5Glu! zvIw5V`u13~>+^r@y6`><7QiCiQlSJfatLUIuH&9wTwX}V(b<6$7KSW>UrsK-r(8Jh zl**p|zd_$|$A9pi{(t&lHtnhZr9Z_y>g9mO#8VdUga#;_Jy+bs&Yn9a*Up|R!`RvT zf6fm4LO5lKfY+xlh2zGY{f3@&TB7sp||K~4XoW6bOhW-Qg zv3mUv4~EaH`9B9o+x*X`Db7xM$O_V6Ih-gP*l|8qU;O%PCS@!}z220{Su)mpy#*ho zR}H)G!dnuNDf-}HBsmG_ALyqizrbT*%p#0rdOAU;q2^bjL7I>PEJ_1EuH)?NfDHbR z&qt1Pb#*l+V&;4YN^9v80ziBp3OIFzB;x=f#XL`W>1tD7l$Y&eh2$g_Kp-Ra`@56c$2ee%P|=e`3g$nup&DqV z(YuuGrbLBA82<<1Hj5LASN`GL}+WX`A$k}ve=7?`%kU7c_i>cL!j z+!t3cVS$g_aK3((`d>h#t|t`!l7{Fi_EG+97^>Q4x&`d*RhQ}Bo?-yiwlE**RAs4ZtH==#?UtpH9@c%15kjV&6UT5O6HoLlH_Uf@ox+BDP{UFlO@h4WumO#~8AsSz`|bdh-zW(V$H-F{iR@XpGXN zh7GVPV5C~NN2?u1S++!blqxhbhu9wuqnj*gN&#*)Z?}-2rkBj@;Yz z$1c2{=s)(YQ6k`fs}=&ze|m9}@6qN_Hfk)1lKJrQjQNnB?1D3UJ85n;R*qINPhTYA zVJt<@9u$k2-%U?Ub?vj=)IfACsjPXmic~SDOdrP&h!BcRS}}OaFiWl1G`#x!Wfgpl z5t&SAL}eQRnFD^ue1sRaQ;Z4+(CzIPYZ1GJqNuQ~in2R%T3q<}*6hbk*hZ2h zlOmph-rH?St-BRPstzxlaqNt&K<#8lB0D1(^!xpN=-AVboe>QC{r(qg-H8pUSh1y^ znw)ybO(#M-_DHB2f9*L_OP_S?b$;|30%Y1&InZvdLp8j$Cl+d~#}wWfXCcZNCL&h} z7KjDw7SxdLuKs$Ml>@ki7rtM)9!A+Q>6B&Sc|X;Y2^kG0Gdns2C|NHq_Z+ zDk?!gD$A}pYt5CnscJ565w;sj8-C0&irPk}iZhxuFKuxYLTKfN zdRK>te9yI9v4T)xEi>}?qE$6xQbGX*!e1yR>sb=?h0SYx>}1- ziwJc+MlB-L?c&nuC14wf+bV1OE!x~FU0aNnrf#!Yv;UsWJ*C-Q zqHocBtE`@-hB-ztazTZ}$V1ChU>ZWG?WLuLS0B%j`2SR9-22GGYIJ%PMp>}PO@r~S zkc^WlUaiJR&_5dW#4TJ62Y;h$cBL9HvfbBiz^ul|H1t%%8jL!f&MMjaCrYvWrb{*d zlf-JZ5)ZuuDQcRB69#N^`G?yg@8op zBs7-ip6MV(fS)oDF^w^x5el=LO<;mIAgHPYp5BxDOmB$kiK`aQLVQoRiue(GVAPJ#M;)Y~;-+$`6ktH)Z1bm!yJ zV`><~zMTS_^r(+-rvW^X{npbGMd(TN4fgs#x1vo(CiBQ9)R~9vaEbsUNqLsFP(dl} zAV;mf%kxv6)cVo(4X*-rb64K>xG%Evn}w6@mvRxK=I!e#PV4DLxl1Cm8^ zjHtGa*u*AdlbW&WF(H*oT9fibGW)N_9wR^F2{~f|3&T_*k0lZ!MBk<-8!Dx{e_pm0 zX#_~TSz#Cx#?2$um!ACxTN6u*p}Gh*=l&dT-H2)$7A8s$-~rionO~zCM!gq@>ap7G zSLM!_8P4Z-y#mSAqH1SC$4b=}G)eZto(0;P+S{@%+p;bHhUNbU00960%WCTd03HDV DzvMGx literal 0 HcmV?d00001 diff --git a/released/assets/rancher-logging/rancher-logging-3.9.400.tgz b/released/assets/rancher-logging/rancher-logging-3.9.400.tgz new file mode 100755 index 0000000000000000000000000000000000000000..3c7aeafe9d7a5f733de0953352a2ded1ad2011ce GIT binary patch literal 10163 zcmV;kCrsEMiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKDHbK5x5;QqS&EBfU5Zeo8CCHa;4bTwDyagyEC=Haq4v$d6( zvLUi1VN4Pn0F7Wq>YaJ(5V)rIC;%2!>E$m#)YCA44L& zX>D5%xuj!?e%7$InomU>ka;&EAr9fS0bN^D)etf9a0upMhKQI8iD7M{n6nx6QFJFW zJ_Osq9g*lyLcM?`zDt?w1&NTz#{s+P%?2ZsWKau?V}L}U#kE3?+7=1zdMu1tgptg; zcSuZsK`tnZhA(GV83hQZ=g)-;XY2+!`Y@WqPkO)(z^NK@N@jQ$BPWt^*P)*3YAR(chP|Gr z1c7kv2sI}Nfl~AWHeveznv7yLajtQG!?-VoPB$B07eW?M$+-C;&`UU#bElqev(ni6 zedkLri~pEXmH#smBq%nk0G7-DL4Rn$NDSkE zNEEK)aEt@$kyDl^;W%&{8j=YrO~f%~LJ5$0CN6p*<(zT!y9MFhts?6HNHR&qC_tP9 z!5IsvHy^^Q@mnU(I0}rUyTPJJ9gr{j#1 zAXs>qsio3WXJ-e_m=9heBnu%RBMgMIv*X0ff31HE;nQcwDXL)oU`G)%4%l1^aY%#_ z;ENJ_XUFk45{aj}i*pn#;YvAdYz2Wg;!(6SKu?a zAyH{0g=R@)Mk_UPV-^JL#%Syv2xz3L5dZf?==Y)OAVLp?AbkE*kDp`6^ym@1ga>mN zaiVE6R?7JMoYddD7HCMNwyAaiz>AY14Ep`h{thwJoITk8;SIGz{3AipwuKWhA1_cD z1&pgEiWEFTwW=uVF)>u5NlS6pRF1#uFNq~++#$y^$IXCR9EC@3S^%n$GNQ@w6TtbwDBW(n#Uqkqz z|3hC_yg)uv%;Td5L|LTy=#K>X+&~egh6CweLye7`$2f#jW4ygO)6cy0mqIc^{cHzL z@>Ql-q!u(lbuF5k|X?P4S;M`y<@(WhyZ5tCChECWR?ixSu;S~i4auDO|VgmJ>< z6uDmW6QdIJ3Q}-)T}Q!E6KOi|hah>PC>o2{%y0I>O0*rtE5?*OWs$^>5~eKh1;otn z1~|hYGc|!o$>}JOR)DGX&mtwXB%u-VY-W@kHG(Rg4~1sLBH)ZkEy#>ON~o_^WM6}u zP#^aD{l5Fxz1hG$V}1p%zZ#5p)XE;`W_5X;`pgqONyN42rN%pU)lf1ld+BiWBm5|P zR)bW!)4aC>N}8UCw=6nmOj>fLPk$E3wMgl!M`Q6f&XRbj2jPf%Xhez0GfrnTzzMz( z9tnuqk=W5GJx%;~Q7~5>zEnJ_H)7dL?tn*PGNJ*M6f@!Ga~2QbL+9l6>&|a_R#T-0 zF{eyp5)dKYk`VQHs}Idm%eNQ?@Tq2cAaKT6h;oXF$N^g!^TxCRHu@bsnadOVyq4{> zWbl10m`G62-Jk`t7}DMp;SM*og5sNHCHkDoqVgX5FP;BSYxWXv{kHd5GcVC>f8D zUuvy2gwD~MpE?HoegpjL1JT%X#=VyqO=zSvh#jZ`O0Jt)V&j`h!#IuAW?UC~0bOzo z81d0gasP2-TnUDMtu7iC7y`tG5tv{Z$hOCg)O=|3YXb9e*y*d3JM zUHUjmCYylT)sQmSehZjIOWL+7jD6q^2JTUp1Tl@UJJ@#sl;J@p7|F{P1X)6WOiyMC zlEiT^SE3hZO3CKh?5Wju>emb-pYf8avn-($W~XVbbkq*zR4F0VO6rb@wq(RYcVN9; z=)2m?I#Hw5EGC0`{w$EYYH|m3h7k&J#@Q&fS-kjydDob&OJfY}AMPLa^%HFZk>EK7 zWPX7ji+nMJ1M@CMPPOniPX|X%X&S2CSFFFx{!`=Xau%RlR!C~)au&n^v4&G_11f=) zN{kvKumy0Gp5F@Si;w6f5*^1F7uGQ;14}?7OYFY&94Ayr#dIA5=!QlBlp6fc`rxjpIgtcgVW$f3$u-I6;LfKZ9&B3Qi&mYBSc@f4Vf%UhEzla)&^jjb>H8 zz}ITKP`gsTw7X+lDy8cG%bYX4x9{G+xNzl1dG9_}od4**%l^NkXM_IM|MwWBdHye_ z7{thhE8}~*f>+G{!L!5a{2w0=o^9vti#Np~?Dal> zc2q6r#m87X0;dQO2@%*h-^;s>t=Ba^9E8q-6InItKsT?Zm8)w`oYkfd++WP;L(#zs zw@R->9vmO&KWTW8jK}mNbh!s4FVXUar$a6t3uvlyPC$Sdpai#9cN^%`mVD&jTKtaJ`g#i z@ANo^KenIV0-hO33>5d=(91N=a4kJu8^M^*3~)hg-Gv4b%WS|J{MkW#=v;%Qz?P8PRHFO+^EZ#BpV#We(XteabchO~Tk! zG@oJ+x?*Zh{8u!yMAGdR`_*h5d8Y63(kk$gq25Ur@lX#d3kgu57Mk3`9|@BsmZ^mj zl88*u?~dkWoYDh_#mUHtZnl}1R+3$EyV0y&6xIuFk5y_ns5P9`>)Z)INuYI>3#C>1 zzuEq?$0&Lqf4^{m753lZpkF=ze|EHu|9YHK;bZLrNF8cwL3F#_Qmm4$KoU7+oc^gD zOYZd#X2A}eYa034Y1}yr&N%e*3p_p|LJ3Z_Rk4Q{ck{p`6ITm zZe2)XKW%WMAGSgTBR^&|k_MAZQ`(=*#|l~t2&~bU+PvwrS2<%r5~3Fn8k(MB=BKpK za*%i)OH!=tvqvIO7jTA=6qb!@NTy#mBGZ;aB-Ybk0qzqFStQU7-G-xNzl9_c$4MX_ zgI_F$UBHhLBemS>5Y~Yq;Zl-p3ZW7nU5HTLFn&#=N#k76Xu?s5N8p_bZm|yVsaXTe zPmeZr6}m~(60sD;`bg6n@sx+2isA#7$T+c#n7_18&5yjw!&3V$L+Po-lhlo<_-3JM zI=HYhx|a;#b- zeYMe{6fEyAZN_ZN9ZM_w-?GwOw*jmC|IeNsm+k-kLI3z@YyUq+Sz-U*&;0+%@J(qK za0gpIi?4H*`X*AJhzqwsBOfCPhpM?qbf`}n{-}|(`~MST_v(|%J0S*8NJ&}gaIsD` zvw>j&p5s^{l`4cKAiprhDvB>rK^KAa>^>?$XThNks)sgpA z{4shql}LMa%n?9p=@c@LOkbjqP5~xd--i0yP_p|Tv@}6kery7nav!Gg#@S>Pau4jU zO<{Q#JXKMGTnEdibk35Uim*Z3EbLz-4D_r;cG`X@1F{;S7H%O^qd?noHggVXSzqdX zv8$AA%$tI8T!=!?JFW{*|FpW{szFwB(((=$veniaZlTXYv~~eVH(%$)lh4u=np8dL zl+4e@Lo>x&1(N8-ZXPoXpFa;5UQ058&!0PmK8eoO`}E1$B5Cz3ldp`S8ixX^Etult zPoK&pC{Z*`7F<9l&m=6jEO}{)o#Ydd37s^hE}xjeei>TKxU4`*XJaa5TzXNMyfbDG zZ_~b1Wmjii8LPjDR)MK2nIC0b7SlpLRfkk<-#oAyW-l(Tg_M@Obqh3VnlI=5`UO`^ ztIPYZCfnUAMuUuhoQ#`-A4f9KsS1cl$RrzL)abl!@)?6-HY97_FuXlX(zBU{`0tB_5bbnxADJ^QY!1XDSyT#*P^(-i`$0!!=daJ6|pvhF1Z#9+lKmpu?=kzY~IV;Ry|e{pRy|ppppf3cf&}ySs!H^DV5-4vS^?KD7)s+%?;S3Qz!ZJ{NJklPqlWQ z=9H;uV?~*0zASG72jvDwL-1wzz(yhO`EjnaSpA7_Db8MWO>{RdXb@0Bh+?MOd4z7Ln+7b0oQ=P z{tEDm{BNRv&TU%gtA{|el6txh!quh)#EaR&g@*a#23zdQugG?W=o$-WHT?T7p4C0% z+<4dJ)4q>V)@WM0oJzV*UrTK07WN-Ly#4oV!TuW@Z0*0tC~fUOd{p}nxAxyd+ke<> z|Ai=of|tMN`sxrhhOHU6H3PS1;MNS>nt}fwW?&2ZZ*q+fZ2uiD#QzPRZR39)rL?vG zCfE3g_TS_hxAxz|+JBR4Y_k8ZlM!}f&OXk!Ucarmw>9^+=HAxa`!_N77D@~I@A@G7 z(Y-zpN~uQNTf-Dw8UJ})iT~U`*v5Z9Qn6BmME+_U@cJP40Y1S$+BK-&1qvO*Kb_r& zHzThPwr<1+HY2YO8r_I$_A~oYN9g^c^U&YuRPz)}7t%}X^OkwUpN~S)$lf`eRmk6` zw+~lz(pRMyzamT3j^aV>)eZE~%4%J|pRMh>wOu!6yS8G#4Op-n>ZgSryWyU`gf+V@ z>y|s%|Mn{P_8WjZ*#8IpdFUr%Xa|MP3?Wmjn4B?4rH{XaN9KB~rlZ0~=4q|!G2gEz;25JbogYh++T)x)d2~0~tQ7s*PZj@x-QOk8@ z8YC+&U(x`rt};(FLMGk#!>hMvKflkBc~2%#E`}tgXfl`Io;`IY-Io1*!tP)Spgz7zNl;{%7~(K7jl`K04Z8kpBl;|Iee8 zJIa5(r_H5<+RPTNwa;JlI`Aa@6i6pqzeWlzTz+5k9kt!6vZ>rrq}lQU>#iv3G^m^| znM^oNlv?SOokI&P()HWP{5vb}2wJM`3SFXbr53_v0+TJ0=tJ zPA=;1e`idiOKai!m_*+SIAs}bhD;-$@@8P4K9v?tLD?07 zo08JFiqRQ(sfZSs0q4atc1F8wJF`ZOiiDYCTHbbc2?c2`;F5VgfH8;ML zI<+m|#g!{eOfjDX=ht`{un9-vBfpdtY)Y5^7*42R;OcBnnK0BV^%$?gCkD4ny1nD4 z=_SnNo@-fPS@+91t8KTnjDuk;=g%q6K6qR~w9FD-x(6s@xm=p1>$2{?m^CEeLpoXk zS~*+qc)3muSGMvL-SujsQh(JuelzV_xg__2RctGt;2rKGUic2l8o1l9jF_)86mD%V zeR3f8q3Hpo?^`o&#RJ#$(SpL|?dit{?nsU1Ynj^-s)zMlPH@AXVC77AR z$`RvP)yMo;#^tK7?b{mY|J`bW^dlEUPR}@w>BlBTkROw!kjkx=Yp=Cir<=)!)?;Cq z#=K4f9Kv}Lorsgje8I!iSNi~caj>=yGsitwHGdY_2i~jAOJ5&ee4E5^fFVYb1jXgN zP_bYXbaSO z8h`EO#lJ4zzj*Wf^5?g&-v6i&=qlqFxod6Yt+#VqHc{Hj|NA(ASIGaPX9t6-{68LS z{lAY=HX;A-?~~o{TCwPVLGNrW68H4eHVzCP(qr2+l68Hz{#WU_{mR{mu!eKF;)HGM zb*(y;?`eJ%d$aE=?`py<>j$Jp5fX1oBkWSYwui>owVkvH%la0bZsx%{4$q~cq|t}H z83*ltX94gcqpa{x-;+tZ%h+eBXTHLdn|F8KQ+s_Sj?acsJcJ8$2`hgC&d?@8J)m2( zq05apNE={3xT|zSHs5Ne>DJx2q_o}trT!Q_ak=H#YB#tl|LbT_z5oAk|9E@<>!XxS z?EfAhajU{+Et9zZbF;9DHd-|es}PN~$FFhkj+ZhNgSs*^t3E%gzHW1_7URpTpLQF) za;8X4lETV~MeK`(KCsZT{DzlrI*@zxhqWSA5e$y>9V{lmWUoH1gSvD61JIZ%-ze+2pDF z^M*!UqMoP9hqEya%nJpj;Gx#dUzT?_S|g?hbVa+dcravDZRyx+Sxsm-OiD|4BZo(7 zNP6U#?T?Y_+AJO@rKNcE)h*^N$e=VTJ5eQjBA+i;2Kij(-fiuTYOpohX5G{>LO0JD zyaO|gb;!v-vhO?>$EluPz9*B*G|;c3zXy$xMB$#gGs4|~j$ErkG_nDkxH)MTHmi_t zPfv%x{yHQ4*IxrV`t?@}57lWO=`_HbuogmIL~#P)#WW3&b_uP=&M*k zrOjGpNA<1va~|0PvUPtf(Z@ArONz|OB(4^&wB{V0l3;4CwjhnRE}gAQXY110x^%WK zosGG4zVv?lu}ic6M=g^(eeP+Ytjhm5>R0an92`A6dbaidJVyESse1jV4q2&Mp88=$ zaBd_zM8T~3UKSiV&0d`y zn;<6m-WY^EtL>ihB$715^!NAe!P^!E@I!#_Yv66fHMJt7B~F87{7Pcs(kPnRK$tg) zkUEOxEsIod_0cw2E%S^-6D*j=A&rJG$c)^Od>q2@(b2)t%J`Xkz+D=(QwpXm#N3o) zb3T3gchDKl^54d$Za@dDlK=gqO8&>-_;|4O|36Au771JLc5jwT<0J@FwM-V@U5al+ z4jN~`X^;qs{MA`;3z#Xksg!Y=Q|EeVRf9zK(`++pwt6w+vJk1tWobjAVXLRb%?_WS zJkvGR>)dfGna6@5ygxlly|$X*wo*B>g~V}1!L*p2(#+JspplRysyoT})`i@*G?ta} z{|$@OhW$QjV3qto?pN>s><^B&_Wz?4WB;cTD>Rc$qlsIY{sz0h(7AI|A$Ez{rmojnZ6!xU7L}rc8*EQ%}@8 zT$%@Mo1LTXo<@^w*yc^)#iqPJ&B*XYEO_hw4{Q6+*y&<%T1xpYYcb{5;dELl|A|Q? zc|iH!KO9u=|J=&|$0`*UdCB>6ue-rY#|B@uX#ety@C%ma^`8jjoCVk}$7fktW&a%< zSK|K$&-VNM?fQR=vS!Al-Ap&7mZs~D_#urtPWjq`X7FkLA9f`(ZHLg2Ji%q@r#iv3 zK8mn5l~mOq2YFOf7g!?WL@uP0YQTGo8IYSJ&y3>DMyRt!L)GV9+M!S7qtAx+v>IBL zE7^xjW^RHq`#Yc_|8b+twf|5l-&~sI|BM9GS4^P&LP5~=_!{5*E0)#gf6uD%--B)b z=i`(eYXD9pJP9y@Cjn#ENerE3(yjxYf~4y}NBy_E3w`K*{_O0SP^2+SA|Hl7f=@kJ zcp*@xFB=3#dW_h!oxBX#O~;1+-3QJ)Ej8{1>E5W=0N;DTXc~t;0R#7x#AHMRDk%#0 z1BN9(q8`GeH*ZH|9`mP|2-TWZRP)C zl%2IgVR!OyeuPdTPpDlkP^oe2^r4-y99V*CmHBepu?i7QNP9nx}V|}bz|3~}BmHq$W;lXzQ|0rb#&WM!A zBLR|unRvLFVg#dv23lvv#JkoZxy}x}S2|K8u|D_)F~uMNwGNFloJNzU+S@Ma4E3Qx z;W>$XX9ps+v7{`5C$UZ{Lc2cy*RBiiqF@dz(k&HA5F>|xM(8^3^NY(1$v8SYaLU4v zMexh%1^AQ;$DL5w)BiW`-;vLffg|p|1o7mZN zN95Ysb7dGid;ibbfnNxxED`YP`3vE=F=xM{CmomiNP4CoXTLk{OnA)4-ZvyLs_Xy! z#mVzGFWk`IU?0oZ|NgLk`!2j85t*P59!8Rrfc}Yon)wSJ3u6{xB-4xu9fq1Gk3kxc0xU`$ zKd$5K?0^jZkI#pWb9Hq!B4X-%2TE({tOX#x4+WgMLXuH{kYb*PymYmxFG`y%kA)>* zNvtg3^ijI4SOmW?a)p{k^;IM}^Ak_WJjZ#TZ82cPm=uzeSO9^H)bH+2Y9Hf(%|k^` z7Acr{Qm27d8of)|Zc0>0gxUWfeE2&CVcxkKwkxK)sSbcp&!?S+GmhFC6I7yboG#=& z!odCEzl~)72_=D(vsWU``m=N??7J{!x%aHRchi*8P}EOuLXxyM6|Ta0*FLyfWQ7z; zx2r4Xb=R4^9lgVJeijHnoBN@k4uAo*O6j)7@w zwyR^#LOqx(kNe^Z#w_rW8_w6S()||@sp|=azoa3$ihb06HVjp5Gu;CA_NvQtZ%;9R zYFn6(bgDCArdgFHpfxf1CN8KhK9rvQ_GG8@dlv+1cGm7yp@GGOlMp3x^^-{ONCYFy zV51LyqFo1eUQB125q^$n6DuU?tDcVmN;GsU%zJ_77g@lz$*Y@bEz*!<$YzSvK~SPq zDwqTiA(%&rOwE*>E6p4Px0NNXf?fb(K8} z2*@c?o=xSv*!tB8PANR1a zs{%%G5(FldV@+DAhBis06-KYdZ<##fC@_+XU1^MzV1GA5&Z&w=Is{p+f*bo=Xfw? zJT+Y3Wp?ZN^E+Tv40&nIM<&fvpP{Cgc!Q0U(t=qBPSiELk~~>5>>Q&)vQ;ZSdXosL zbZ#P2T~!&G>ez)>WBtcdYm^B1->QXx^Pf&m^E2Aq%SMeQQ8FJsoG~BL%q}>yw=(Be zVAdHNzD4`V5MHc>2QemBjS>e^?!se$NPQd#qA8L47UnZ6<*AVMfMX~p0v!z{F3 z(eUci=VkCUMr1su5tVHOWDfW(^AS#L%XJ#I!6=*6wUo)(&%HMoDz%oj*Gz#zik|*f zdkuTH#i)?r+!iNGqxXeu>9!58KK!;4qhc;}Ya#F)$23B?nNn}6(KF`U8S~Atl<=nL zCjt7PEbAghEoc-o--P_GGiw$jPj6Ffc!?I33pQk|kX#R=LS|+AS+f`w+P1)F4H{jP z?+96m*ew)=mu*$lCfPR1g%5Ac3E`NnCEGH&<{9X{-Imn4TT!Iy@In%1XJ|!yC(GIF z3}Mjk_n$(?re}7Bu;1_ZKU;fKtVzX+b@$lh)I)AcS?$=IRW<(FL|99obnJCI`xOMp z^uOBDySY}^@K)wf)Y!8ryfe;1lv7MZuB0pw3)U?tM%`WgB|1w7a0@5CU%5m_Syt(k zWeVeIY6lp>_Q8IKE>P{@{OnDwm#T1`R#v%ZcgJG4guZhUNaT?|E(qpNfxy2`-n`bH zc;iP9F?w`NZU1I}tGTPdH83+7G!Z^Tn{6^hzy1$;2 za19^e|AoE1_cY$y8^XU>qA^VbmRv9&3V?rmQuwi3b(Os=I7(mUj?x(=sYEr-hM40_ zpH~=HfzMFD-d@Dy-d;AuE8F5KSMZWqk4jTV1xGBDeRUzkhED0=7F?Psd#&x->`9K; z3yJEsXPmYRb<*>TT|3L)h?_V?J98I5sN<-cdEQqzkhZkDJMFg4w|36A!X1C@t;rWQ zGv)p33+=>BBI=prl2|H8U(;*$Zt562qcj#B$9gOP(d}JV>M8O2}YQ@>MKZ(sQk9j z7E{8}{|C0*D&N9|ZUEOf&!#)lyRIj8+PWDfc1sOEDAX(t=>N6=Sv&8t%ivmb zHhnEHs-ML5X07JF&!(v>@lmzWvZ+&xt?%x;`>kfJ4x@&tTMwhc)ZN0>?=%dlKNl?O znZ_ZByXIoi>RPMAsA1~bVze-I>&=?|_iW}V)$S5~+2|W(_AE5aF^Z83DkMf8TAl*a z5JGJ*Ei}CPaE`?Pr?TVTMIKfi=F2e3yhUz$KHv(;IGNzpa*PE1vr$pp!qxuZZ*;{$ zSp!D4``R<1cCVRi3sL#Aq<3CBPmIm=d+*}Okiumut{$Vx#^YHj! zd;i;`lpQ!X9FTo$r5L101&oM5AJ}-DdPb61NRA|g4?k(!1)5_QD}Ep2-)9kaalYu! z>7~9q9fM{amo~^Pb8qI`6B3yOuynVoj{^iGLIab7YGVR}x&L$haN5lq>Qf}DC+$4F$t@hNZ|BUf)&!r_A=a8Ca8!yFmu zQ`h`#-~HIbD4hcJ`>3~ToTgcHLbsw#Mke#f2Gp5{?Qn_!BT0D{wNODR?I1_3zRUCHI;i!7?HgVO?B=e#?QvgZ z`J08z_DeaBQS^493nwMS)Y2n5qUFg|Ar1Cw*Bp%a`dC%KjryU7USPW{#jS*)GAe5&?MOl hn+xukyPgK z>?j%I?kZ*RW%{=9=koeGOaAb5baZ@uI(nFlB%jv(yt#Wopx5>N`luvlo7Ua#bo(f3 zO)vH2Yg&_gI52V0ElqqA^n)RUW08XSII5tKu%Jk-EG1W-SQq6}u)WR@<8(e?lJ2jwOq)aJQwK+KI_GbgP#+s7okWgLM)}_z& z`MN(kIyzJI?KNj;`GQ-3D}}gk+=QVmdlpk4HP+-YPDtupgjh%z*Tn55e}DU0M5xvE z_3ix9?ezJ4g?Rch{I&S-@Gy&B02jywTJR>zxA_im?XY|E0uJHrS!0mzqTFg(8+qk1 zTdhF$2_Qw8xQfPttuD*QCFjtm0mw_}CmrA{JirXhOLzDI#@)cj9_zOI*kpCNy%%pm zz*}Cft01h+HajVW$6u7?@7Eu~poXCzB-rF!x@wcGGTDOntMT@2(iVP6P_?{$c`To0 ztW8B4s0DSu>9%$@_c)YHZp-Apk2TfHVsBB6#X?%+n~|x|mY$u=D$6s&FqhH3D_RA0 zqV+KBB>O1RP%hgkqqZmE8omz46sxEL>Wj0KT}EHy#~}t{uRmXh#}N*(EY`kO^i!mV z=Uq`QcKm=Id(Z&W?@jVjRgZk@tD!oaBtiQahkLRVlb^?%kZZjwJDh4vHvHM|YN!+Z z-j9XYk_g49q%4NAg0!JaA>k@58FplT6l%TN`yT7{yu)<|)jB9-uw}G|gi4#9)SfW0 zy%2eXaLOU_GOTv^eJybbplFOML%bGuTErm-*1A787&>kUDmc);fc0Gw(>UZ{B)`kR zM7+g8Z_jY0;pWgD(n|Fe<>yCWm6zxu^11tjED~r6v1{|&UAr+hV~r$G zT8FLTb0oURhT08H{utxO&kK++acqVWBZWiCgHxI};mOMg)Cl;&DwmOaEnxa+)-d$+I7LcMNUb2KiP%g0Q?klHsH)0zeSXln2PSO z#JU}nP^<-bkD|Du#L7fNStURJUHj%u7@-mhWo%cHmoA^Jig1%)Fv5uw>9mwP*fvy5 zO@I|#are9Wjb_m86Ob#ZEj0qJ$Ybh~C4$cPBSfN6BR&`lSPFaK4Vce)rbDhXSG&zg zy1i=ss$RCjmS4M--O)2bVn)}%J)Oa|C*#ut(t%lqtaxYww6ohx34%nogK~f{JOc{- z64|49svF_kXpk3}9Eu=TIcQUKWw1GkHxUzw@&nyC&vM|xw zrq^c|T@hPw2_Jx2tINP5Fs?*}64LwDr$5dka!HOD`Bo#JC#&tbDx@u;+>vFfUgnX= zWlBU~1|Vw2qwcr3;X;oHLTkzaXQIcoS68qZ=9tEOQc>Y+rwAu~9SGx6toDaF8`?<3 zJLdk;V&-|ocC3P92aZl@fvb4XjRQX;bm0N_A?y$+v=MKh2WvXQpIMiWP(Ms3b|Es+ zn=SUTs!ehc(9cW6=coPl&3ohiIwN4Er4{TbmTADu5mDEu=}9_kEj_52<#3}2r+N%P zUUnqN96L=TW@T@LE}++y!!~G->3JXulL)=eB+n@R zD~mj1;QGTYp2TCszEqj0T@64AY@c9-(o-M~BiU!SZ(RIbFG58(JG2z!NV9~QMKd%w z&8zJt$#M*ydO;*|;pI%G3?!p$o^W||n_$ayX0%A=Z9lh=>GZBnC1b)iY9Vt6DX!#v zccVMjn^<&bq#vv7ITx>MwNQU1%XB1$Mv=TgzcVgHaOO6yn=pYK$q)jYz%YbpmC@`d zWAyvG0dW{(3asgGzcrxEY;1}tzC--%fRK6Q#~Nn1FLQw;0SrZ`O6f)-#`+igwD-`< z1F;E_QLG89HR#=|Z##HfVMDtMX6}=QHydke$X5(;aFORz5oDQHOl)=C27iUVZ z2zfR*%n_kWGq#PhR<5I9x#%+Ti9xTwZQgg%JN36QJHiuuCqlJQuO}Uk^`KZ*LP9LA z>XZp-Ln4zdVLmrU`#)mb+PCxF1*C zyv+E%Bb8YmgfW~ERUqgJBhBktP#v$bNm2f224FP6hic#9SL#S3UdBqy#fu+?Zp|ii zvyDXLDnib$s_VB`aG9WOn(a9!_Y(Lfl1m1Y|8Qwf?( zr3ggkx-|b@A^JE!(zLo&OYSps)Ad^ayJpuwV^U2{2r|pHzI((}cvVS>mT1gK4{@hE zlRdaH1xntC09p>CTNTcG^8)YsFGIL}N0#}E@mB9U78u;rU-?-|$B?6UIB_)O@y0`p zMEJWvr%w^w2tE;SS-p7EWZbWftP42n&7wM7FQ@r-8*+s4=M>wFJI z%*DsGdRB#5G}s>QsDKnwW{3)3Zacs3=XKZZRbLn7&5NF5)DMMIw!xlH??uDlv)E0& zc6>hP<{rm1g|B+@2|I8x+mB&YdR?!t{`2|Q*jinl;n&z$U|p||VO%7i2AH@mFI!)} zO5jyKM`eGUkgdkNdCoY8P;_bmyljelm9L3%)~W^m#WtAz#0&IG2M(KLsL{Z~b~Nk; zD-Lp#YW~{d^=w>JA`hb_8-9?-_PRNbFsa5^nROXArG^%hV=FKf(9npahAW64s7K?X z!%fXqk0@F*4)dIf75ySn-OrdT!nK-;qnf2Z3DK3yV$|(?crrBFsilMqPM{K0jAp5< zkFb{f8k4HItbRykinfx)O4+=fwFadO?bE^RnU`_wW6ef?%?p0(ciAUUAyn!_P{~hi)Ae!@oJW?IG~y&*ePlLe6S(+?aJo}qFpr(b*Zuc8I5#Wp`&R|sS`Sx@W?RRV{fan^I1 zu)@fd=!lpt`I)ULAxOG+1{jddDRTE0a``cJxFEwS;;r6qprAFg*Q%T0@QkJ|QBZW{ zT!)wGB|I!VhajoUDA3Y+dOyOFc`!_obZ^KBH>l`hsJ@q5c?ijI@3od4ue=H{E(Q`2 zPZsEW1H%E-VaK070Xtlg;g5$Oei_{YFPeSboH80~Sb`KobsspZ_M-F~S!Q(c^{%+YM4oh7ccA z98mEzZdTx@*x$mhF&G#8=ywoFgKB=WUeLQk4Wpvi`N6{x51EV1w2l`y6TeCX=cCDt z=>@>{CMteSqi>KxAZQ~R7sh(uGiP{~sC4MZ>?-S*AJVzFLVeY{S5`&>{@I<;xm(M* zfpeMolRUV@-z+=xr9G~?zQp|ao3Dkbb@F)tc9%0R4bQYimxWoIJ+H1}mkaNLRMoTG z;R(pWK#=rYi>e71Z^T!nL)%=)S#xPp5xzj(angNnK_0#)c*j6jq6jbY&thFG8zgSE zqd8NJQ1Rh3CmfE9TCP*}`H-W%$t{tVc8vT&up{%61ov85+K8Cr|zL>lh*Ro4QTtYPM92 z3&aA_>=XmMn9#7d_SBSJB^M(+4;wuHt03MXP*MJVH{Ez))T2t~&07T|SpLO1L4r)F z18VWU&4; z=A##sr6JZFg?lQNs}~~UW!v(!EYhY!A`2SYG!)`dL(ztFYHN=!ooZ1JPPJl+Ru

cHCaD!^)e*JK&ik>=H-hBq~an>5a+=ejHJsFso}JdD&CZ3$ag_u-9Ht7 z>b8~kS28LQhnfK3st;D9FLjP>`)6!-ftol9xBGzq?a&EZe-U5i*TPx+=ufkI*-U1v zkJ*#he_XLVE?6I)<^_sn99D!~HsZ?h%?o7X6DrC@JqfHmhjvev?a+A@cd*r)M!%)! z+XlHg(K)k_)I&z}C|U}uzvxHa%*$P})_cfWbQ`3GwZUdKN1Pr30DJn_H zGfHPNQ zC4i;W-*EEhhB^J_zQ9fZhx_Dgju#wnxbJrmOf&XxKk$G=62alJ0f=)2v4nV8{tmVn zS#f<%k;8_Z7i;xu)&?@mJhU>WRG;lEZ!m*A8+MlOvlw+nv}^|>D3UFC?=n_wtnkJ0 z5pq)r=fBawq0WyDxeG&ZHEe!cmLNqxB7%b(I=^7bh{uL;yEsVSxrz zmFv9ivF@#*z`-dmjNCU3Rk@|s$cvaoGe&>F6U@eXYnyiW z1dvh?eUV_H7G`-*w86;oG|nS4Q9Ifs^7S7ZfRqe_|-`xDOf<2Iw3)oK>EUuV3jTQ#BZjF%$(Ov-XKaHAJ9 z^@3j2I3+S&bZQHMjaUBGa`C7zTE672P`k7tGJ7bY+QNg9xMnL*ZyYkl*fe?m)7q-; zN4b%>4cerf>LW$_GDs!gHCnYc*JAi!*Ax@5Kdy($TXr&7VFQj|1MFBo{J+u9;O-_z z(l|T%Z3(5ykqhV4WYi9=lfQrCTaESGpWR89UN))pgBWTO&AD3)yMp$2_X0(@mb@xi z{j^`+iMPNS*@V6=B@<`_p*Ye6fhgP*YwSqs?q|PDOy+Z7mC1(r9L6UyFag0=_dIez zxfqoZzvis*=j>gg&`dQ7wqf#KRV7%0cf z;FGs&dq|g0ou_9Eos0G+ym1uvkqo0Mr5#|FNJ}{kkPQD|PCH0r7X7y!kHPyyB1+>E zJ9v#iIQ@lQNYXm7^2B0lAoPw~y5x9TH)x?JS#ERcE*7NvgNjYq-==5=(FL__ibcs$ zZc=~+auG+#agHq70=|Ny>?kke$Ky)&rGZd&gK@KjS%DEXRlz}kaVzsqjXsQ6Xlc>m z+CI7ioW8VjGM_(-oH088hp7V%{IctvPa)x~fL~j(#k^AP6Q$wM9gSRTdfs&K;CC zl1DR8FE1E6(qAvgGawB6fEa*z&XIb>Z2YP3l1$Ls;LO&2ZFSpY zfb>up+cIuSqIz}L;l-BG8&R>RuU7AsU~YzV9@157tZLn3mVy2ab$-im9XuwFSov)KXc7vZsBh0xUB z7|FwXENE_t8n+c^$^m44(pnpNM?+>sLc~6=)|YWA=RSbJj~Pr-X)-bMA_N$M?ybMt zXeH#mwt!t8*{d0A)ZUSe{tbrCbtJ7xEMA_+Wrl9u<`27WQ$9`CMN1UGx~@N?ZA^i}+lWxj5;!Up|BowZ)0r zo49zfPB%tx5lDP5Qa}@5(cEBI%{R6-sj!wTIdbk=hqQ!Eio|tuV&!3@i!MU-YJa1R z-{z5GsSO51ZGKJbc{19M;29)@wOeTM-%8r&GVd0^Fo?rNuapIcEY3<0}^zU zz&Dh;*YUmAvjI}^h|f7e%%mqgDiT!4AX|ogo5Um~C(8k&nDUhv$zlG?Va#d2B`6Bv z(u*MD_~XU@B%-&>m~Ml*n`Y$3F}xf0%Sr%D?~jvnQC+^**V*M*U_VBM<{Yf};{!hgt)&p4uQK!1jRjbUuIKSLLDZ&BUn@vQQbi(GF)%SIeO zgBWT|2vvUr%DAgql$F{m_fE}$HTVanAhF$c!6tFN(1?&fBM;`hBNR2mK!r7zEJ^C< zXjiU~ksKdTgHi)tQ@Jb~ri#F(7-%;p@3MqTUsRVLXNTNOFZ%eN<9zFZ{J9kD6{=;^ zLP0VdZS#LJ5t`->LSzjarsu|z43su-K+_}YHy7GuI<#tWxWf#X64CI5x7((pjuDB2 zI%2;LP>w3lxR98)cFa(o9r-}9+UsUughoe)ark+mFj9w3Bz_A(%<+E`;9GdX-fu>fGw&^kE_0+p&+VgZvp&HL)l?F6<4_WA!6Q9R6qjlZ_Q9uIe zV22_Dk6o<+s1EFiy&Fd`3*?$-bd*u^and8^p#Cjne&HdPj1RCxIw9;E|LF>n_Wr=& z+V8~2jU!kQ#Ba-@-!v85dV*-RvvrGmt0s~XF?{#;pEA;x8Omd2QNi9(6wx2Z|LwwH z_arhA8z668LqF6It-pzzc9bM-8Rc>jHiem?BSQ9Ry-)QmPCRumwIAgCDq}Y8e@r4- z^yx)?V!xA%lxZx^K1uqH!{fzX#X)7f2R{mh^?VQtA;9GMWb3@T}eDs zK6qfgL{(tae<>x32q!bSb)^4&+GpE2sqT)NOoccF=eVv_%UkM2sjRmUA{L9=;-;+k z&rXWPZQ;*X7KQVg(<=_Ym`6?$A; z_nfqNf<0Iu-~cGc7{``-dlE#;1~WrxrYL|6jk$baUm#K9tZ4S{Q=Yi-MSbH?k6MFr zrJvOrI0Y~S^R5%{{*~3&nyLh=(aoA^$_QJ8N4swp%#I6cak?RZ_d$srg@41J{u2t4 z=I{~%b|BUbJdq?o;` zIibe&#Yz61F5~v)OJWLCc@QH7v~2qz$-aI0E?YQzI8$LrnV9wNQ82`;j0PygtkZRR z17sprFM3tZAAH43;iwrF{<6}Z%B@8w?j*T{ocILfFj@k z7dGT}CqB&OJSEs8#RQyunqKAR|JEuTi_uyNplutWeuQ_E^^Cf70?9$7FlPU!>*+f| z@J`QhcoF_=--DT*Pq$niwwW3f; zI{c9jhqmdX(m*_3jz{j9E=Qrq$6moxBFEr`O16Zkp`3U>dK2shoIYrnncm<`lz@_z zPxQTLiNf7AS9w*sXM%_GK{6p5tXMbUADxb)Lyo(|y6415@GQbdoXIw9*|LH&*lI8O zMe%+dS2Asf`T@DtgjzuQ&m0pttpd#PkEvj*y9&bTiVseB+}}itCORg*Q-Ua{);h*n zS>)QX%w)KZkEA>m0qa5)R(8c#Bt}Tc48IuFIqR&&Lo}EH2DvmsVe31E@&v2}kS3`J z2qc`hji6gF#&p*jyDJ%u3<=5LYzL2e2+PSB))HrPq8^Q!$P0Nm{tOOT5l^OnT-=W< z#XcOMLkuoNT4r{1bk$ zNH|z!v;5vrmK5SDBC5*_^oRMD<_8cW00CINft|)1YRq3@%uc;PL);-0&N&QyRPZm# z@l}yD^Ytk#8u|HFXo%H3-BK9et$?tO0nwi&ESQ55mi5zE&of&#pU_au>Qw3|D*@By z`x!xTeGys00{!OD&g8w1AEdFS8kcn<;>6>yzV`z}It|Lk?JFB>}kT#KTGCJ7adc_r$^*TdRx7M_6TBJJDst?;b*czT7Aa#4HQ)M#=xdAY= zFJ_~nlAqtvn+^&|eJ{Y94swZJ#%N#g%=>y~I#R%dDJyX%i()Z|&?*JY$N(M}6Mntc zv^^8WpD!*SFf_DA!sM5OG?Z*x1!x@33$s}fB@E1^G5<+ROC8$A;Fzv5WEdXReLlq{ ze#=6UUrTF~veYF|EpH_sFJP~=L-Dp)=QLMUlb(9Nj#@vFl~?72uI#}Ewyet>m;Lhf zZk19s#Ld3UpUrK~FX1upC$7zoxoV$*OHwVozV2Iyy!;K0`TD*~zCP|e4Tg~8LZkWb z5j%@pNhtgIZfYpuTtm$M@mjXmEU)-q%fGV}hZF;D1#3cg|j4U;oJRvACP_A-&n( z?~_Y2drnHFc-P}SWovA!74Gm}Y2Q(3((95uoYTUDg5yFmAgfJB-uClqR0(oy*1%~r zhN$IQLO;4Y++X)jD{Vk2>Lz`+GgmLcFH{3@6z+xDW%5-wA+FoCDOXu-VTLt%DmI^A z15N1VwXZd_71z&g8bA9Et3OhISbw&BovO036T5V*#MB-`N>ypdD1WUhyHW%gV|}4w z6WR{ace$wkQNM8^XNxb~5{yycX!F|}`baC`6Wlu#UxrVCj>F{jwDOl4*6zeA)>v>RU8#$!N5UWz6`NDa3uiLl|h`rP4(6LYE3`Y{|7g>H?3y+g<9{yC3%R1jlL7qLZiQkwtN0UXHCp z|C^%qWdtd_FJ)Oep_JP7L|z#ZF*F5QOY{q^wPnS!P(n)dXJ!%0kNR2%wm|V>q5W9! zh#%T-u;1)62e7Tvn6rqjNGv*p4Zy9{q~YQklwpGGODD1m;30W>v!mr6NC-*b7I6ua z!YkO?-Xus#2>)o*o|1ZTY(q794>WP^r(xp>4qQ|2L#;m>US|Q~G_&L)8|fBsN^)#R zTZvun5zO3%ku9b^jy8k9s(SGSON@Z4@m(OEftuwRSrRt(0bELmA-fRRCTQ$eM9+(W z0h?NW?DPoQYIGr4`JhF2CJI*}gkBSR{6{o1aN@e$t?kH)a~K zkiP_yRB*aK(;x1LE4Vk*4Oj4-j?lB7sXdT?cPxTQk~qV-F(yNF?mVOyHwgz|3PFft z8bYy7u5pkzyuj8Y4PZ)!G`jO!`&~`Jp&sYn#oADSwz?LZKg)hI=;YUdQOPs`7#RHC zXLvzaAB|6oPGCu6X+r7S#9;7=RYEAAt(7;z5>OSI9TAo5d5d&ATK7de8G*wrMx7c~ z5z1{3y|+6q5+KR4XiSMsi`O3p{BSbb@zy6v{CEzwVNW%g0wxg(5~QVWF?x|lILx53 zRW9o9eJ%t-Wmf8ig|^c5HTczE&&3klm(v{E8%eMCnVA>}PkmeFb)YZaSsNTs8j`P@ zb7r$V0c7eeeNFj~Nd5X&SzPhE4aGXT=}bg?Sh5EvW|;mFF4dyag;BJIg^Z7fC>F(z zOXz3;UQvxaN8)QuY3eLPKO?o;Tmwa}p%i|01`SDJF{u%nFp?c?nXP4Z$ebigPAFYY^PYpii>=FcSE#Yo1M;*&yGMh`=kV#sQpfjl?h|1ZMa3Mn zoGGe}J?W9~$_>GEAOO6?YgDfx>052_<99+lOU&F-9ttOPkWdE&Bz%%!$7c|6!a(|Q zQN1J{@3G%z1+Ap8kL-q*{fW8V&37SCz#|o3?C&_5Aaj~uw}S|^x!YMwzFrS|FP2qb z&zLudOMlA9cK1{L-kZM`Kkwwg9iAVm5D#qfcz$mz2OM~k*dG#X->G0%Zk)K}hYaFF za5C)feSLg&-zmf=Il6OI4a5LF&`T`wIds>iy1N{-FYfqLJV_U#<-(*i9UfuO*~+dz zlPHOnkN43-h>UhlHKf{OMnv7E0y@1JT6oov%<(A_#`Mvl1(3sy86%%r(x?Xss-;ZO z_gWp&q00h|e?$f$g4nUU#5QN*PM&=yyjfNYK2Wk6#lj#;5YcQ93NnB0dE zZ=mPQWdZ~XJd~iPi1Yz_lJ@A0H6l{#Q$!y6L}QNVxfDM+3bah)e>D+}xsc_5OTMOY zc=mZ^#N9=Yr8`ddV^LcAfu#&K=_%obJ{yFmefGoSfRdCiFmcr@9lO-oFj1fj1ryzKftT;BI#SA4Jp?j5&;Xk1o&>Z&J;9jg22^MMTCB8)T zNlcz(BK-@CZZ^Y@My{e+Y|U#n*)pL;+#$G#kThVx%(m8o< z$>D^)zC|H~B1^%B9MoGRx;QIXqPj6@Ueu(z_@ajCjMmsI?;u06&6~vcYXRP>Qt}Z| z*O#(1FfxX>8(tCO@kB%FRFhB~AR`y27{)soo<@N-NE}TZD_ms{mVG9ijlJ9HvqfPL zO+GIM0+-T4OQ$a+j#z~9(>sJIbp=%A;Hgkr{tB6^)oJugiIm>{Iki)PKwwppsgFFT zjZ!ACb{{>+?eMy9D%PAzFNP_u5W?g|d#=f^imqXyw-X?#3jO|MIYBFPGC|EP2X{FW-Lagdtmi`d6JMR;HHpDnIMk<55a0)uz930**a{s6p zeecn}1U$wnCE6&c1b4Wh1R{CtE(oN!*Me*wjXjcLMr#{6ue>scL4cQsr`GBo z5g`*5yo#t z8>{dGA{V56b;CL>2c+Bt3{}=PF~s1)G4fJ^D2hTYg4z$%PS%nQhxj7EV6t`$p3wlz zs{{ka>>EV|>hG-n7|L-RzW3Fu#pv&CKb0Kc(-b9G`Cw_a3<>L<968Uzkf#8BCE*l* z&QER6k`kr>cMFA*T*HO%3R*kh_}8$>o^5x@ILY_N13+}~6pNHx2(h1y=iPvI9=IgkT)e$rA5PW{Hs zmaIRZg=%Cs#pE3lN^RNOJ)!%?NJB{dJUh<|A^HVRBS2Z^W6>e*O|dN3oE5&Pt15Wq z`}qPtwgl!B4+TxG1AI1&)-qk9PwP@VG1 z5)$2$fWV)_rc`<&NJR7qL%y+xUTAE$`dqmnEnKafG_-9v-*#@~aVt*wvwpeoFITzU zO_%uf8+jUmtH_OIaEcVICgKfD-J>Bfemu*W*f!7mivif27oXqOC&?lzy3N)5`W~AW zQ?%+UdYPNY5$hrMqV&jZ z9`XIFkvLa6M%DhC+C3tWlMiwDoUZH>1GQQ18vr)Msd4oo!tlOC)2v6*Xe*M`%D0|D zrh);etQ8&yZ}tS+xqExB9iQUISasthVL}jV{CGbqyb3p9G2Zu5ocDB5J%!uEvQ$O* zS6S@_np3@4JfRD7bkDSD7cs!;c^|{VYNH%RS>rXZ^WzWx?2jAog;mjza8A!U;Ij+R zyr~#YPpUl-XP1RldDADLvkStevPNGS&W*VK|oaQL+0jJ9OamOVD>hcP;#5)cd$Ei6J>Vnc>94 z23ObpmlRXZaBGyJ;+@Yoju<10j4R(qmFxFhM=2}6kmQlbcTtNMZ37??OkAn9DZA6k zT0Xb~bb0LX&LKLD(+n_DQb^4{T-AdQ%f-y81X3cBi>NG4LJ4Tm!q0H5SH2V)qT59n z#Q8VsW};`mi_y!$Q|)%Ml2zu_CCH74H_w-?cbIrU5k z^x0G3g~brY*K}j)*Yeku>Z~A@npk4kETLfgoYwxs@AmWlLC4P7*abtcaVm{QqYb~; zTbKLFknWdluE!MXMFZ#JQS_u*#68qX6~5-4=5KN!6VEt;Ki+3;@uM@2ebvvgUVia% zp3;Qvm$uYgk8byB`*Viv+4{cNeN<{yr>XILtok1NBGvwW^%_IYNmF5V0^R8WYtwyXt#Y1u$2?WH-!S z<7uStnt65D44SL~bLhQtb!EEEd@cu-90+v>)=>B)9F}ATh|Y@l3i#|+PnjkMhA~_U zUlbON*mh=+5K8GcvAoo}hD+bE#SAr_m7seB3NQW9W!oG-+w1F3ebrg%3crrZYWJ} ztgYBnNZYrTWu%gsRM%7#^%KTN*Y!=g-8L%%I^c@ycQ9{lwE5?9t8-15)=u;N@=~lu zyA944TocU33%8||LslhouL7>Uu>|ta3RHKV=tDcc23YVkav-ndj3jY#YE@b5m-T6E z0aW7GZDy~mgKO8S=5b9r!?J?*Q}h<9h&#Gks^tyJIyWP?f-wfGLBMyB7ujE@ACMHq zcByQcp%3?i$N0t6n`<}8qI=~fR=iFYlcmQMy0dugG`H9)fmV~mh=r~cIn+Qx%>5-W zkBJ~Y-a)J=KUcOPzhCa%aLoNF{ioi&R$!355TeT2+T}1_=L>t(r}t`q^5#9Z8_o+- z+7%djW;XnJOxjeX(bD(*@EqW!=6*A8ZXP}VYj1FEhyiwui4TcK1m?2-D}!4b$h^7rOsivBzBDnKEQM7dT|w6R7{1@!baj(}%A= z?oXpOtx(739_H+jCr_svbYVOe_~8yuj$X72=i$zfzw3Q|3h3cZ=ubn?P_XMAM~*&M zf21r`vpij&`Ti6e6OM-oJ}QJ4I4b0k;3a^FgAvQ)0xl|K$jt1IH@#>$0;vG2rV_`cnl4)HRXyQvotM3exHMqmm#N>QZ|#0-sMj z_bYC%D+x)9&PeL#%IE25dyX#%mXC2k*IV_i$RP&w9YrWDyW{s5NDN|530LI|BO}6} zipUMDH`&N>gB-kTCA)Hg3`v?)xfOZ?$O<%+gQE+tI;lgpQ38i2IJ|s^Cn@0)TW8-n zhAWots{>$!$$$AmvA;$n0eD4uYGs{=TluI1muADaRKYze{WAC`LANOv>-WD3uqyDY ziRQwgCGN`A9=sGF54Ef&G$_;Xf3XeanT>3-eVx(=z^3=VUkv0=fNlB*(6zof zMIdLOV&bEL^>phff-C#jGv%H+bY<$_nWo?*b%^~cYTvEX50;X9J2Ij9nD8Stv zdS+r1aX1ozvep8*Tn+!u{hPcarpH2axc|O=F-x zM*E<#ihGKuyx$34=fM8fV2r}C)jhsp6CgiUVL zy~lFN*tVqXpqtvt*087>N?-G}<@Ino#VOsZCE;GoWWADUXK74JjVB%#RrDus*F23WjKLm(9C%Puo_KzXn|AnnByCd1v1ZC^Q1Kv6NfO8|F z+Bu8%=Lv*PwWrY)iMZifkq!rvT&;6e;w@H~aLhTDreiF>1*RcGu}=KMHMOQ3v<&fz`pfLqdyp#v;@ItaS-~gloHE@oB9K0P&u*lF@)!SebbE2# z&VB=2FuPI`{rC8mRQJD*ZxFeUvBszSNs1fU@YRGTVp$n5)%i+#UgNl0CS4^kRI>6z zKp~Mv0PInLHX$PJVNbWzUI*ynW3?~>DO*-a;WxV$i70FP9uZ({`-@#vM`m#5iJiJa z*n)k9C0;^cYRM?tEgN?Y{jC~Hj&}SH*h7_y=>An6(!D+o3p&+5^##|v6WjY*p_&$B z4}4hwTU@W+#;ScVwxRi&$cAN#r%he(qcS*_%UL@uFb}!WL!OhATu+KUZj|op^JiFM zzTEdF@M137<`rIDzx-)@p9bQSYQ9j}H&BcU(Bsv(V&?a|I))~id`7udmdj(q-{Fz} zgJvWZ^I$4?TkEU)pqBq?$d-0BOb(?>LqRphQg-f7ua#QiVe(JaY+f#053jb|ZG1z* zc#FpvN&KG^#KPRI`3%u}`#&J)?~h8=$Lq<-$=mHe6i27W?cV6`RK8BHkN)xHZQrl6 z(aA{F=|AwK!UlKWd+z^QGV0I&2d3<^x&E)3(QSH;Y^QZ|{KH$X_y@|$8&w*rDhsBD zybx_F2V5O4I|rn57s##CJe}Swla7A_&&Btx$$1P}F86XJz09vEil&N?S+ComqpuJnCrB(-zVQV?$Td`anU$$T>wz`}u0Agbtz+(s<#1SU@1 zV3y442xs~0yMEg3>=9DUC~=~uoFttsG_ChlIzf&&G{u*Bez1OrJz^yy)%Km5ma^;) zr^mN91}cWLoL}0+09(nXHxas2BLQdL><6<{h2ACW!RQ+>jsME1aI*gJ_kIjRMN6&< zl*G@;Y9Yg~xH4rY^N3PhJ@Fef9FG;Ym)v{+HH@Nuft36ShBvQcZ|nU=@;CUD6C-{d*m~+6g2N`Eo(jU|DE1A!6;z~CSmkDn8u6VCiRIIo9XyWssHy{GAFl!3<|04Vv7 zcfKZXLuN zO$dDrG=aWBuBi84EQUf&`u6eZKp4+UV#LamUr^K}lKI(sR__MQ`aV4A%&>ceiO26C zf(FI>CbIMo)>1tNXLw%#FZ$iH9wFVIcrsvCRT%)b;eZY!``ddFtEq(gW^_GKaGt-l z7SK&+WLagt_R^QD(O!1jz9V9rjUYMQs8NfhVUsnztkgl*+treej}umlH;?LIQ1GXS zZeS+)yzse)DwW#0Ob3O{_yq~f^N}PVMk>O`3hm+!Ll)~rEUQHXIg=d>A*Jnpb>+$s zk)2m{yE`{E+6k7n5@Wg!9+;M`>33j(#)9*B{IKE0ET%n;NUjd!us(CciXp=zR8&XD zs_*@zeU3YzX6FnHKwFd#`pjuQ^7b61-=+{1r%6~$_!A5AA2tLpT(gZC`5MOHzfmiO zbM|XRjHm1_4rxwN;=}QUFYSpjKdjB@wl1uVBD3OeJG8jrw3)6S$^o;t?;CR%KJ{F( zwL>E84N)x@@wCUOmP(5vz_`j~An1#l(rGgx5y)bN2MNv&EAjMe6roiYrfs+;u1p+j z-{nMwx%&T>vvF|sS6>aV-*2!3{b3N2{ucJp#4@dETK8R7;voh#)CP)iW{=rx7x{Mm zH)sXjy52ldHGhQtxQ@RLp~@9|J*Q=1`PfH32LLE zyndCrP8~<9cg2d6QFpN4;=eAXU^4iLFl%(`F+ABQnwM7yS0+|!6ex2{g`2Qd9nTjV z_^6I@DvY}lz>vY5H)1dWPz3vK8EQOSv@vH1Gz^+3NnTaLQluH9PsN2>o62xupCWTj z&R%HOM#dH~?!4h?dM1+%%UpSgKJtHvtw_85|AnpC{)4Ub{GVVeiT@W{`M=o8|HW4R zx3HC$wENvjf~r3>+^FzR$y)DucT&rJP2uUGY3^@N^e?I$Qcx?5fKz^df$B@S}oH+ z=5{H~+a8}Sw1m_Yl@De0;FQwA<-XE!BKse*JGae7coFq%ir4P1$aqFK8-UFyOxIy` z_q)wM6Id-Fu*d473&i~*kBk;a{Vt?=y388=R6uX*#@Dw$ffAAFH($JHY z3_OEA=LW>#kSiP_1jw6vM3kXjNs?>;@PlN zt#ag0C@%@8iQDKZte?H`amxQ4KS^L!Qu;4loM$v#U%19a8NEbIB>eRthA4wDT9oJ| z7^8O*M2TLbMGs?y(Mz-tqBBaAs8J$DFHyrFdZLryj&O6=y63~Y)_Kob=fhchpY!aq zpWj1@riB|IG@!eIQkb!NN?&PHe_W+J!k=5iwwbLlcivKiX~inctSv(- zKSy4y0O9-a&+mA!W{y0oWEdJ{8GYR?)@F~Ck zitcQs!ty3P?^9c;3X9k;69vf)gy}?N*#CFwp7(t@5H>u1pShU@ea#ds8>mexJ$5dr z3>6;9`A_LM{sJeyM3z@>mGUVyCw})wx25porVj$fY|)J%v}f=m;elKFn<*lW@O$rG zZD$+QECav}jX9pNWdekhmpIDb!sj@g5<)8uxx`hPdWK#uL%f^ibJ!RnG?(Yo<$iBA zA+=@3s-@M>-DkvJ6_Dx34Iu@tT=xCQ8@W11XOfN(cE`&6TS@L>p~5rd!zGH6znC)V z>%9`oj$%ughLERyc;SC@U#zw`*%N(FOz{&)9s?AKhR@?vXxTpU&S1bS-&|#XZ8!B< zsCee7ITgZn7!oRzeXLP{c$brc(oN&O*HM__0Vh9)7Y!1>ee}~lRPrjcY<)`+G)kG! z*yvHCbWGKxaF1!dnfU%DcSAmYYhmaoMZhOTQn0-2f*5iFs%p&nS&6&vB)17l45td6`JasdKjp6ln2}NKrHk{FXm7 zfoKW1Yz1ysHqMn*4)_uV@HtVz*xbOd-=t(mw1S%IvAm*cb#{4Jtko`}0$>Q)O|pYk znl}5xBGBrda7F_?A$)dZsJmznqlKvhPok>dm-Ao zOY>N3J6RN!lug>WMBtx?gwd91jYqH;p*CA~!oNJ|l(kmLstbiuK4DM{?_IrMA$PL3 zH}X1U8I_#6{aL<<-MEyPoBFr=^zwp2!~3t<1Ec{tkpIttxI~||=`y*O!{GqX1qeZq zn>Y=`)5wY_ubMHJVmK7HK1<&r3vIh9DK*Mg%w&Le^UH#LIRV=Dhw&5IPv0u)%}&b@ zsD5*m!);^M5~V99`=Y@!Zy``+v9=e~7+(k6w<3bK`bT>rIw@Ev2|n+etD#v+TB$zN zZb`f`=HNUEpm-y5hSQ_n>pNH=HEXU<;K4?IY~?c*y&V?c0BCr_k$OucPZ3aBD)ouCZjploI*8 zF~R$lsQcJ6+K6Ck>q=9zcy4g*%@W$bJ)7&!GnPNBu)q}>VT!@^Rd_Wg?RFIw(9@+XkGoD2oSF(v(!?_zW999fi}`!<;#%Sq;a9HS6|FRE z-oU;;{D$@&SFWp(CBTcyE-+4T%Fc#=m2@xYK1F?Ydt63ShQp|4(|w7f{4Gz?gbJ#= zH7G7|6-g}M<|QW1@x*F(pG8eA5mtp?T6oGvC`9YhL|zY_kZ%JulNn5?g-kJRJ1Dyw zeJog+e-OfrP?CuqEpgvcG199ZL9L}CrfCC$_MVf?_7uA|6hAh!Lxn%pVs}&kQol$y zC158sGy=bNcF-_!owR0Cx(6kovSuF5m6#88a$Az%vnC-s`WF0*})uTnA+KM#YM_aBP zL#Hie!PB9XU|$l|cPc}BQ+KIGZ6aM@)N~?G{oo+jPuZxZUm=eSRs{cYBx8<$=3_2B* z5|{p7cxWu#xq%f(pGg0w`Gw3Z=o$E7xoYR$q0PI|&8g>XK&thq7SArUaDva+16cdq z9~)Rj=S}ZEqs#`W0W*jYBujE@>S79A6qQN>N?NJ@o|&eJBDY}|PSra9N2COOeub57 zl{j#M%U0W@Rm5wZ2a&cLU80RYU#O1OYE4UpqV{3to(tBpAzM)XA@&kh$hRn{ect83G)?O3%)7hGW1gUJS`>#nOk5-OpNEw>}#3yspFsU`C zj+~RtNCk$wroo&0wV6+oMsDQEjm%}MiShd&wemrv_8s;Se-6pl8nx+z$U*R#>_STe zITiZ(TdL$8GWry%By{LQ9rxb`y|Fxnz8RZOWpjeg7TzDG$hQ5|O3|0Ig{cp7cF-;o zSl>oCKIR%BSo}jSNtJ&R>(evMKv3rS>d0fw+kK zl)bl!#k9O=ou(>EWaY^apBInCtMXCRrnFLgVeA|ucvpQ}8IQ}z(R!9x_$50~aAT-L zgi(D!eYcQE$)tHermD!lWlY+B?g5+8Tms-FOHA3JLa_!21YuZBXdCyjQ>5$31p;?$ z8Ni*p6u|%#fxOU%pi4eCfql~SexM!twCr;nJS;`137CEno}bqGk4T9*#9#-9gS#ds9ZkrHvUhLj?*It|f^LSOv79sx+wdR(-krTWxuZVq zL?1*kdh%7gRchUaN&a_U_e9T(fkW=RpTsq(39x zpi~z$;mkmm7=);JFxEfV7WZ-74^AvD`|NvHu&WM*aZU7=G#d-_bF|$eCTe|c2Fa6E z4IlwsVkt}yPHglC;}J=JDrpDf17Bmf>o9)##22zVhSb>PDp#QdDbq-u5qZ70-iHK0|7^_b$whh`bUX3SBA&Ex{Xa0p?_v+} z=_;t(!W&5+%ZjH^zTJ8PSNwT zz!JFKe!2}>x4&e%Yeah-9qyF{t7xv(KM>5r$r{t4*FZ-f$s_Xg@Mna(h{e65=1JUY>D=-?0OSAoO=VUctQDHPvWHr}N+Uux8)T#wz38~>y$`b=cs2abNqnOm|P!HNM5a2b5g9V=vtm{8Ywz?L73j` zK`IghqY?0f_lr-*$^7IKjYGzUtxJesU1u=ICc}fpN7%|Qqgu|ZZqxdirly@*@$zw= zL34YTv-CDfXXohXc-udo`fxcpIeEO5smeZ`%j0?7qB^bH;qiPH`bX9#r?cJt;Z4Gx zMfTChtSSFwbaKB-hVn5O2>m;bMH<@6y|R4Lf*if7tds>@Xz33h-2i5*(L4`rxJKre z)eL3yu;oEl(Wa}7BiewaJY0>w(}GWXS*I5r+%hp->TLm5E!XHrQjVe}+SOWqL34`1 zQ-jyD3J`6YC9Ky^{$REwN9{CLG~2DuvdChkQnehNw)o6f2p!Bua}L^b8f|M=?@qUu z{`t&IQ`OuTSed}OciTK04%WQxt)DXi5wS_hTFr}!6cVGF)&k$!Iu?<=`no@LKh75` z31c2VZ&jytI{Mx}vFx0^y}cWQ&HA^e{Ej~6W!Zg~H|W>-H2w0YtJ!`i)kL=ZWUKc< z)M%~eQQ0a+=CtHE9aJL}-1jP~xrOVVfmy>kveN&AwPeC^PA$E|X>6_+I%{Ssi&X)Sp zD=aG@oH;pTtOFy^M`9~jYEC)iKJ_W$_j`7=?aILCQpMERTtQOx57)S%c=m!5(8U6)XMe z(&s|b-s4%!ADy5~*Le!z?tp2^jM!8w{gmdAfL8@rt(QP6ILpX63_**ZkE??Y1*SNH zul707D^seyxR>l_$R-YU$Scq~UF}Id#4sLBXl{>YCVB!bW-_Wv?4uz+GF&Fy<7vtc zFv9X_=cv@`e_^Z59UM7zAb%^%dC>PXVky{F zuvsnPMhY;(C5lm~uoyEbQ8q@$8QTKymc6TuV9dws+TTO*=*O9ZSEv#%MUD3vQ+#p> z3qm(iWJJ%22k#ca@>b&Jd0liv=uR*U1_bZ;k9EKZr^%i?@&d~HH&SXc6kRywpd;cC z6q6StzMmknXj@cqHQV9LEEhFLP|0)kXj^YwyR8r z?%z>D9D|~Tty9IT^584Wffbr1{TacUiSU}&4HtYs>RK;xz+V=cQh67Om72!gQ-Ukl z+Z-uC0#wKpPV1PfAi53n#nl8))roHBkW}`$j3nLTM3S^^NSr&21@@yt} zkL{;e3?rLOeH?8DfmQY53znEfF2;9&cn7MNXJpCPIR@~lA%^Ti;2NQEUywY{0tRdb z@YchVayLZ!=sC_vZ$N)Hb{HP*#sf`yYHs6RPU>cOHKMFd*V3*SCX1Pow^nIMBLow_UHh1QAr6fvgPenUl1 z1eD3npLp2MV+?vxnLE#5V9Nvt{~^NkZ$ zrbPTK#^aHok;QmWYof$|9u&o|{2()oQSw)icn9g404s=Tc_SaCtAjEeA%Zr9>n%~| z{v*tmOUxF4WjJcbhFAtav(e_i`={xONpli-MX-7&_|v zTP9|}DygcsDnA?Pq6_GPxNG5PnTk0&uM#K9;J~nKE3$drFWvT2IggZGFG+!eP!rz! zgkY{eI}sw@uHspHDExhDq;{_Wn~V9XYestd^*ei(6w4o=1mf@cDd?K@Z)Kql(&)hQ zV`G(Q1H!;mW@Q1`D8IWt2K+(|T`gdOc`XS8F?D<1*eN0LRd(f{NBR@obYa0|;f1<+ z7B{NXfu|bNCEe_+MyY6=N@w;RDOYjK7o!s_VpY&cAN=!R5rmr}IURm7Js%^xXZfvR zGncxg^>JM*y)2g`Si3~jSV_-k_$BZsnb%#I{YkRTCYRcxn6M~ zDOx58yRQ!#I+HboES1PJrKWKo>rwydqdx`0-94RZ4+dQ0DJm;wF`> zXCOkeedmKC$*|}~(C)SrF%Evvz2^N$kW#lO#UpimVooK0OOR4}lr>^uG3LA<_Qu_p zNr|c|7t9PCfv2>C9XLGJt1ETh0ME0;$fwFO*%h@$sarT>4~;h_;p`JfHw`@MfTC`K zM|y*d5a&}fa=TsHI*omHZPi!EZz(icr|r4ll$c8ZGYrpq^1!byye!nz8d|zxw1`o$ z94v2LgKtTSuHAbz-cMzw{@pO|<=h|iZg8vXb?T#`^2FrxTk%nmYg0Cf9B3;_>S|o$^dmT0+ z;MJS6P#aY8mgml=5MYpbnJw9gfIYR<%z1@NR>VrJDS2qrH5(k+Kq~!(L?qQ+1F>Ol z4+;%eHB?@q>CM{Av#A&LNkw(NqHqe9f0pn6oL@tVq){5Cw@SELEX*315a_lY=)SV^g{`7*eTO z<7J0}dCfU&SkSOgO=w5*wG^wc0zW{JKI*I=59^sSU1ED^q2!p;wHx ztOoo5Dh(!b1}jlUGa4w0uAKo^I3Q`-{zR4tt|l8)cu}0q$1N!6r_A}%Dg+|)pNH^p zhO%FKr>5k*O}u-c=zt`ciSBKmfw7#(hA@VwL?jz@OtIuBCALmtDgt}01xKs*ytEU+ z_;?ff8gP&p64hw~L7Xh;;}(&?Ue&TCYj|M^grN3BgE&dlXwtdT%j=yYpD@uLx|c!=(A zIB;DB(R}d=-V>PWC6IAi@x~#+QnUFh5OQ>CG!u ze4Chu(Y3_y^8$@ilU~{*OKS6tx53?w4b5ZDz0sRogef_uO**WN>m0c?%57TaLiekRl5?>{za1rC^yFt^e+FppZc306hOf;ru(d!D z&^aDA)NKqC*?CoWdGj;i9%E^!Fy!dtgJ{^8{ecu|O53A*aC<{jU7ys@p?|=N;syEB z%48dJJ3;FJu1ZN|K@5-Ivn(OBIcy3yo@@}b4nqy!w#Y#QkNUIu~tMg;dDF8Q6VrTqB+Sed3$iGGuZ!N)v~@8XD>MfelE|Al)&Xd4#$Gq|Kwi|dQu@hz5i~&V!5K-S zRFN}6|8*JHy3Q<8M3ZjSU=|~j&Af52;2Xx@5WeSG9EKG2m7UXto3_!6hzL_KC`WaLi*~8?ErwLuIo+5gYAO0D z+@p6i5z(^;;tV?N%U1UXC^V-=VD#f8E3ED-marmM%l+xSJnto8E_ujiq9_V@s(LKP zSv0|+Rs9tv>Xtj4p6j0dIp|7r_~R7Av@x0CQ*yXJ$`L*u{Jq%0$^TI_&Uvu15~fc_cK!xn);ew_E&qgYX2z)Pt# zPV|S_o!H;dFadY;M<-yGdI7IFPN$`)Vno9t(b%MtW=>ZkbIYOim30G5PT4(V$)^6f zA@~SDR5aYwjHORwXcQfkxhRUkd>Sgb-NBymR4X85kXB; zQkGUCjq{bbe#kS43_6|F%|rIEzxIR@!wqy(c625$xZfkU^UP`o(@)zA;BZ}>8qiNC zuposbG1{~X5Cq=^^H|`;g~YtJ17iC|>g)w>zGEExGY$m)BJm+HnFaB(#L>jLIR8$z z;nE^T{6Yuy>9^)86>&jv3vThvxV5j!fj7J!_7` z_zSn?V@YV)ifmW^o*?#z*!<-aQ`y;tfhQxzR&*a1z6qFUFOI5;o+Izq^y|MuTUlb> zxyY*MwKq-jW)mP~J3JXFWlK8HqGPb)gQ8K(f3yE*0b(jj)t^|fR{^UcWB3Z$W>vFn z>GqTI1vp8H zS27oM6F2yRKDPJIvnfyYvPF@AcWqEkDSP~t%bBbnmNBZgOA9mO+S4xuTx zRLb~cyKD3b=;u@%zoz0LOq@^*MO-g50h)DISQU@69!rC{YzR%_9$}lYiF8!Kch?sJ zs=nz+Wf8sOX2fF-Ga^`LC++Oa4p)5T?pYisq4C?A3AhE)T)y9!$`J%C)l7oJnN@1a zMf1bqHmN#_6}KKGCD$+VwfjC(WsIXt;OG>bA?B!wcub?$aPSnI6qCq*`}X_6)4Zd| zkz0n>uR?}r&!OQ32QUikUMXDX) z7x9!FbFEfBuWw1-i=E~dYJ%T-#b|3t~4T8W6DYSY7}hi|n^1DV^Q zHg9`q4b~D;Q&c{X)q__`2bcRy$BXR0&+gbV6L&(=vngJ^%lXDT+Ry-OMrFDN*K*ip z{*l0D*$nGRijI{jki-{}pvl7%vn|;SGZ`roxn%oFvSrp`6!A=-gy))$~}OlHK}K$fhb<69@edm6YVyd zoNOP~Qz|@+w>45>k9!8Beh*C)P0-UKRfx=BE+o=)F(dYnZLYHMJN4)1Y_AfS( zX;rI9aLx|l6g4PVy0mJ2X#OA^Sg5(8P2&su+Kcac@l%;kn{@yY(ZkaN_U$U5!1@BL z5#~qfrWB|qlU${CdDgFTr3CIZuy$KSm(Ks$TswIiEYQ{v?#--}k4%2z0o#qV#ht`C zMuYy{dt;~DF21gPl9<9J;ar%&pxBqTe z#m#OLHvQ`>!`HV~-dJHiDem$355~C9FNrJA93f@y65Q<{wlu%bz0@A(0o z)|Ur=U=v9?Z|Op(D)M4Vap_Bx3aRyP5KVe4pnlG_`FpA+dtHvaAWKsp@aUEG&P3pF zE%_)Yl&4;bFqR7#*#!}uBbGZc6`b}-)1wxAqg;TVuEZ-bVjtUgSruPo!uGTkSFt3* ze)L);nJcbJ6Q?ISZytU~8E?o9EpEd(HP~OPj^=C#c0X^7nYf!tfj$rzhQgB%$Eiz@ zk_7USeDXB9@@ynhBm?WBB$kHuh)qt22=aSOvwMUJr+#VDV-{UF5g|7qf+vAL>_8ba z6QVcc#r}qd34WcP z%vxf2VQyH^JEydMydR#M3crC^dR`-C+q<@DsS2in_OxktH$5{o;f(AlOT3V zbov0FleBSIuz?He6~OvWBasP!=+h&D``b+XHZ&#r!63~@UG?eiwAhKSR9p0ooeT*M zCActutoCf+1|NeIH-!(emDXKTkUwMwYQ4qmQTz<)Mo#Ys;?Nyl9}HZb#o83=sIh~? z_MWjXdaKZcO$ri5%pLx#L5dNiln!TP6l0KNMH7iu8)AkMcY zGh-pC^M5L6XC|q0o3NmiOt_D#@6q# zeKR5sbA=U2*IdM?rByj@Bj%r#jcL%5!@T8P`>=B9%`>KKgosNa!1CTpm1jzJ1P@ql z|LIRP>W{Y`l-Ms?sUm;6eNp&!1G>6B zHV}m`@5Bb<1|ni;91Zb|rZm>iTT*&1Fx*yGFEO5!_~P9_$tlUuFZ{@|p0%Uy zrnMtboof=8`+&`B5OXAR#@l3-0~j5hh053o!&y5O0HB1pYBx?dSEsqeoO{ufYV|md z^=*$sq|ae)*+YVwMMgi4h||v$dl+}xwE-vDOQU#M42wYl77I_9NImt+-uzrUl&Z+9S`Z`H_-(-7lfrCt@tA5hidV%yy#P4 zNUqzF{C&Vu?!SORuSs=!jS!0RBU5gw50-KOg@n=AWu>)B6==M<*}#I{Ay}&9`S!PI z-S8=}4xly!Mm_&d-S2R}pT&EAg81kVePh{1R>x1Eu5bUhq7Mk~#}TibT2~V>+u)!T zG%Mu=OUFf_U~c*M?b(CYlw0J~kXvu}i=>ALuZ2U%m0eF>XW~FSU@{w{xPQOjVelsb z2YL!LK6nx1zQTWES{1AbNib!=^=9LftpW$Rc4gV@p&X$s1_KnLRs@B8VbW2*2f`*< z=&aG zmWiu&Y&djzKmtGWzKZl;>p&|p%SLR;@L|wx;Tovg)=;Um3U%^ry<4vs3qK7g3~$?o zd2D@EBqwuzvMB)P=Nwt8zG<MO&HpVnA54PE-Tz zXS1+1ZqvDtnv^cM38V}KfXc8bO|&;*gWRx(P6;t@7_X52-;_L9K(7@{E+qP`=}b6I z3$%bK$7}9dCc9yVA>oIBu?GdM&Nd(Y>>l`qxx5tpO++W?<~)HRceWoTm?ZW;!wg&F zC-%Y>Ivv;*Cq@jfog|j8i}~Juv@Ft1|Kj|0qu`@`cUtf_WEk5ixZS9~p;Sz?Dwm7C zIxC??)z)H9m9W03wj^!IbqqQdZ8Lld@L;+_&K{tmxkEwAH-^UZShHiUFIFOtyVxgL zU4I1;VFJ9P&8YLaSVtH1-N8sx2g@^Wn9da*8U2EmhW<9s0CthN26SEZ0B!#~RqGF} z|NO&DNTek<`E10YVt7=C0uAOjVvI#BH5wdYa5!s_$|9LJvlp?BfXVf5lM<`!uzfJo zGI5A{o`Q)QQV28URg_W&bG!DGy#zdGI5wh(K+#=w;x*Iu9-H-Wo*pHU%0oatux zf%fh&j6(4w**Q?TA}KddL!>FkWf>2Mt6vmd%9iU_RbXl$;Pu*@-Crm3jqqDoti&VB zT>Ya7-*~veTz|l8-h&q8296uUYrZAYK6-^KcU1DJR2 zlNillEmQjAzqZ?zxGYMjR(@hpmCB^(r71G4>YAm|NOhg9X8Bkh44L4c-pR#nKT&vn4FzQzcYLs_Mu5ZHJ z8*1OEr=qF^d{xm{lj{NJeMmEXK&*A9={HMD36ESKhqX=#n#w=K%^dxC=gsq+G*`NW z^z(~qVy2#Ecc#{5=CNwqBbKFwzv!Jn4;GJJe=*)0yjlT=@OeIsJ~(W!^ahsVkE>{w z>0pY&=NuDHc|0BHhc(jWGs(S+K4$EOgr7KHZ@50>{#AK*wq(2;zOF2sueUxOSqF4g zeJ>#9-=B=QsA$Gm%Pi?tX(?2eiz~X=zb-*=X0{N!`LyM(9DtEtc;-Fia z`1*bO5>sQ=r@lX7L=J@^ zhG#|8n2viK7Syg0;Mr(|Rcnk=&9g#$^>)3zd!A3-fRNM6{H$YdScCmt1HoBz6mFOG zy`~+0)A^S|y|oTzOpAxouj_lrNu7fBe`N6G4U_luam`l-)73Z2&v^zbJJB7qU?~-RvRjwZn@rcw zx7)!`2l#uwd-ET3JWuVWUN`$>wJdO*fD{|nsjSSsH;B}UcBA#Erx3h~pSm~Sim8T! zv#`?J3gsy@RxJ9`feQ4%U1bb?lNxbNi(>1L5OnrJXe{OKB_Eg+Zjsq^5w!2LNJI9m zbz9aMe_at(aAJG{=YNA@gp|~$?k{v6^co4WJ;I+rh*hTOaks9P-fxzOwi`gMa`{_@Xt4x1HD)Le^i9)J* zT*-tDPu2hbgzRB!y!b*qi0?U?nz7TP8GcrxN?K#mrwHzmLl{ts;lC%YpTVK~X?CkZ znY6y!z8GNq_!6(L;Nm&|KjL*2I_`z!X8WFE!K>71Qz#Uy2jXnWr9RpMmfdoDt{?Xh z+NRJ5QJ1GBmgUuC**CkV3R}`UB$O4;9tPVT+Ls#^`+1^2Y0+Yn$L5hmapGQ%twRP> z`X#c5^E6k&*U=!)Fga8#dmn!#?lWp(KDRuzCo6;`po9>b^9XVTU+S`S;vZ_46M1FG zq|j98&C$=_tSu{+g%VPtKQfD0S?X#W*aIbsh4x~>BUrRw;b84E2XL*^09m9~WEQ`K z4Zy9{q~YW0m0^PHODD1m5FmMbv!mti$%x6|7x9Uc!oO7NS4na*;wA!GPbs}P_Mz&$ zd%8IH-um^>hn(B{}xP&BRXk2msIjok|T>t(6_aef+D0 z$i{Su+Q7BvGx-bmlHc6z>gb@Mw^AdRZEo-W00z?xRnKI12B6>pTszc2z-w zABRM9xb7@jFu8u~b-luy8Yz0JnW1GLCx#`Q494EBX)b+NamH6=4vb2siHL#0?H=PZ;@W6@T66+y8fznJ-v%b5PplGR`D~56 z5ssj$(CmnqT=#3F+u@oo`q2nHRx#Stu!>M_d+43rpCUoBEQ^Me*tB^4VG$N5qit_} zvc&hNU>lB9lPO>_p`h>IXq%0m`g@-WfzSX-y>QT0y1oWI{dL@|!F@SR zvAvNDdLNmIfe5tMWnTOG5*;3=i2sQP9R!~*UA8(y zjjircrWM*f>PNO;Ptto!M zCMK}N$}Q!ka>4)!bx=SiBnx(Y0+ApNWEdCIOXBq&yEQ9lC5L<9Fg)*1%Q9^19y13uR_|l z$>Y6UUk=#!B(pyt+PYD}tz18H$qyMMgy3S_+5LR~?7C5iPjYnUt{R8|x}TO@vgO!X z9_Qh9*s!<~NO~=qjgSSGT6MT(No^^$_Cl#BTrl3j1T8euF|E3?d32s817l!LEJ)R^XmglViGmWn$xi032R97V}p)*D9 zWJEsTjFe4U!;`OW5ZBW{Hs(&82_AFB;Pm2uPm8gO6idDR(St*CiXBZ8aL7x}7isoA zmi``__a-SJcT}9gkGTTO3}h*fy(7#RFIP573(r)N9$7;;mzHU*SDn5wY!iO7K7UXo zf^h)dEAoQd8;n=jGz`t0teH?=5=L5u@S40g;;3FvM8Uk4#8?Wyi$JD~ssMHXU7VWu zX^h&~q?%wb-{enZD%FgAx&?XN0-BIm9U9=462aWu?F4;f+{>?Y6Pc)(V@Hbf-e3d) zv6JC(CQ{&#wpT;gccnw2N+e*AwTsLW`7<6>vVlSmKGjTG0E22#gUq_?XpB{2jjZjv z0?NaB1Z7>2GMNgO1eS+YZ=_MuHF{z~9A%2Mg!<0Fn1n>X4E10F^WhPUB(#G1TsZ~< zrjb&lgnD=u4HGm=^v|-S+NtvT%cOQmb4$*Bpq@_OO74Ef6_HRD!Icj0x!a!YNphJn7D-to5wkQ;^ zn%1C9e-t`Q>psP}m&}vbU?yo4Cse{7-@A)Hq8!yUn;}dgF05J)k9%atHkJZ?* z;Gl4nH-SFzAShBQjfX@E7V{V))-HUK0ADBF6fQdXTaoEm3kc{ty zQZA)6j9OZ2Ac>NmPf$-zscn~puamdh%03*a7)h*mV_?8hu-s>}VuyrWRRPpZr0h zB9ds5Jbm1<4~!13qD`ClT*2-by%-|10k}7LTI7*8nsS8ul>Ts%aSY*y)#J%f)VgK` zr_Tg6c_v{9Ms;1BT01AcvoQ1@68(AMBnSFkc4tY6KP2uav&Gqa@{rW@R{^oEA!EFl zAB7~f`&~I3;L;3>rH<(@w{N_^=e(}Ei&yO=Dz^stPup2HNHyCp&NCuz`^ao?bR67Y zRU*hWJGF({p5u=Z7FRe?0=FN(Q4LPr;%7_M?SF%6;4sDF8xl%w-rYH(hh?H8rghsh zCk!m~g-ppqQ{r#lDB?@9EYp}8ILW0Ye&qjjf;6@SX%`O)LahP1--B5*ov+3CrLf0; zz8EZSsSxmsZ&*J!ttRbYtR5YYRFY?MCcep#><6E{H)RyvWayHR28oFzjmhK1MWHa8 z_#IZs)bd44z5|s_)CzZB^tG`~6xe=CkIE@j>T4d6^W0J7pLkFx*ugr&gO}|f_>SMQ zRNt!+=w&A&E<^aW3BrxpvZ?O%%LYCn%dTvGjaWZXr4T)eT%3ZSNztz&+e9%q8j=yk zvK|eu^Ln@#KumjeKeOFQl2+ENE?qNr+OYmfp|h%;yl@;m4|fVlqwGTC%pwcb#5~6P zHDapnp5>_!dW_dGvbQ^!B!6gkOA=U!8LrhivU4Va;L1?H)N@g-TM&5YF@l)Qjc2l} zI>mEQfD85KfNn2NcxRMF<~2c-En$4|z1sj=-T+MIjG&DVZsa7nO_yG{fJ7LOQRB-34k9BgU zUIx3c^61C)ik&y*^Tc;@M%pi&&HEe3`2kqYR4khp-QJ&z`{b;w!SgGGq_MEVPno^( zn)Y=Da@Lv0m2H<#CyNoJTRlKofFw=cYhIl(&wnkE{W6K#wRva=oljrG_}t+SIlv!? zw#bkQ0184f?v2P^bT}gYCLVx4k~;7i{E=VanxQsgC*0kJ@LpJzCOX%VQO^Y%Vy~pA z#u-2q?Gmet*#;i%3+eQ89^ygqbuvQ826oTR1x~4@?h#aJhDO?*ZEn*<=IWI{_AAt` zf9)qNc8e$tNN|Xl-~Za~4P40{bB$o2sIcab-Bv}+8g2)+#V+|BTx<-j@kvuz%Y#lW zO+KPfm!Kp9|Bh5tOd_9M2>+@p*(|>dMFAa#i_y-+1$qoVCP==%JS2?nMP1;a*qBw5 z_Xocr1#uohhH z3ycM_NcnqeG1E;XK zYQVDFd&k9#-8G)=9qB#RR(-@09X5O3=6a0J;tcy|lcDX3$~P6&3@gEB7-E?^i+jaa z)n7p5JyFxdfPQwLSF;74PyL^k`=GB!MGZtTglp|xl-&WpK%9{VyFWg5UNGA+$j&7@M zrZBw~c&i`gqJ-qR1>(kcTm^cp!5*tRSEbhMmR}}RA2#BfV|UaekG^w>XN5VZFC{1K zEwrd0DJzS@K_Mf+RsX$`BxC7KaOKDq@#lmcpi8^OfaTl|kMUjdl7gV|Gi@fxYs7U1 zeK59u-AVC^ii?_KWV&PVxyk_vxgGgg0B zHGQPy^>F{s%wlw1n2#ed6joLNZ;cJhI9dA{jx1NtR= zqN6Sr-J{#pv_s!$%|8(%;5t&i*6(G-r$g7e0+l`4(+xvp!)=nNbc@KUC1md zN;R+fB63f3Oh*l1od5;*(TIrGt<(>y2*zi^ZtOQQ*X7Jk=Zg$z$8U?yTSw0NNv8hJ zZ4mr*lc@cq$}ak(6lwZNpHNwwzJ3ZYuI>%)YO=asAM)*UKjC%V$#N{l4uwjWygaI3 z(9iS7QM&b6N0xX%m^?yv+dvqFS*$Ab_^G#-#mrdjBj3H_X6X@fNu>i<>rs4?1KbS= z6|V0Prm5FH1RD`Ocjh}UZ#hG`A;^nh5SfQcv48P0Uvyd&4NHz3dy*l>f-Qepzy(9a;bt94vTzSHE4_|qHN@4lr zzDOtb$uhltz%jmUf@1l^?mT+-T)kq4M16Gz@$PR5Rpl5if$wkd^K^XR%2FTwJUCAd z%2EkIPY!ZjAig>vCkL1~s3!-1{5+oFghV^nB`4tu^JTYs%#Pyi^#FI!dVogAQB1Va z@YxwdTRi|kRLBr;H%i8<5{0z*^b_42Oi;)n_X6@bUc%Je^3m1Qj@l7jilMsy{{!Y^L~N>-ui?+A3gV? z#~4ud-~=|!EAF20VeBj0UG$&9SGxygwl9laW*`|~06sallylzYR-i_{b% z63g#9>7%!>0>@@Ky?n-Izo8~~EV4MnDE~ax1V;~(@%u!wyF;gr^osG&$vug&_f>)T zS%}(M19PVW%<7*3*`-)vIQ*H1Q^Br+d^`X~{;X8x!B-yWKySN6-E54fa+OF=jhGZ3 z#hWFyIs?8(Cp+kHxdi**%u_{#bKF0NB z?+h+7yByV!g$^0{x$UV~1YPs;U@!Qx3xX)Xhs3~pYigF21e0~MCQ942E=|(j(#atY z=usHUZ8+#s;~^p2x>Sqx<+{C08iT$0ose>^#|Y29E1 zagy>A;?L|nY-N3;H3GNgIXASsyX-+(_~SZn%TJHAW2V?~$li{vbDN2r`T(zU`^o}( zv9}lMhYQL+wA{^v68DICADT)wbnVUMSGz{K8S-h@2cdIDiMDj~hw0$IYL!s*v=1Qk zP3w3~l)(gXfs4p>b|9)0twz#yEZxH)@u_vF{Aj5>UT&s9(+{KNYgOx0w=|uW3`Z%9 z2M8eD@X>O7w3S_{_{4$DQryvllg+*T491)% zUI%ZE1lzegd#`Pu;)hsu<0N5X5NpDCKN^AxH(+tTw^F>fbTPgCeN-J8&Z9zVR&$qY zUFu`KTwW~x2gcmNx)9}+Znx^D9p#PV> z_EgQ*9XNwed?leEE=5-IdB@&q{M)9Bo01rd`qs#`d0;1|<3iVU`D^bc>uVbKT_jou zc12ppT1qvSl9?ViB%l_5PYg5@98k*%1aE~g(-Q*02B^*M`%|V@;C~J`({l(6sLl7c zMl{pQ)E_a^qs7Xo6;%o5W?$M%!{%HI0Q%`0L~h+y_b}~bxQYO~dF1f~v3bPBjLK@G>EHxExJs)?QkD?>VkWDv!sVcD+WnG(ri;^A(hR30>*zz z#-1Ph-PC|Za!GG#=EU!|E3AGTk-hef2K+WnP~p0xiT<7XZC8*Iigy1v;>pXyV0a}+ zX-9CVRovk5o_wL9Um-qMM#9qQUWUp1^8PlRqQkqDZKv_eCN~q2f8zQAQQ1Ac=em~hHr`d03X_<>Q_KW zLjuHt1iQ!+skZCyL`s0xUG{;zXY06Eh-Y7F?tZ&bM**ibh?|Hbef@A(fqKjToAnGM z{>gfZD0iLo_?RygQTR=rb*co)YyGtSgxijt%x~MmmqNyyG8c2aJNrt_jMMrN`x3XVF&H%2|B-yP`EPHvEP5xm?wN$;xB3q5nc}JO% zXLTaFXsiU=j_9lqxex!OH|h(S&?O`%G8yUMB{>?#t^)-61|3E4HISy|$n^M>=7o6822;0&fmY@}cHd-9o=;jxR4PX9ft4iQR8`h*^7T%iK7> zWbz>l+ZLXmjJC^7cpI@kAr7>QLpx_VDE2#etf`ggsFja)hnM!%{ohy*Uf4}%H6eAc z=uSC$qpurJ3(i=_ydPElIW2^wJpp)_{sc-6?uhLNe+VKtrh_hDx%m1=rYZTY1&?K< zzBNx{=p8kL=AJ=$oKEk|fAj>O^tiJbQNwrh(7}C^GJ{ick$!#t?X|o6>+*~r-WL6! zzZ*Z%@I77b?eSCVUM>H{kv;8Vm=a2t?jOPE)Sp4?3;o;_*s!w@@a2DdaS|L98Ef^Z$l~_AK7t-=kaq&gBjf!i8{!2-?{EOH#_FzxfQCdhlI0f2pdM zkd*hadY6@Y3R;VLW+L!ST8Drhm+gJLg?pHRdFfw%BI9o0V-K~aZtSwT{O9|{3jdRz zWKFw@#7B;qKU%Ez8XVIQgc;TpVtv#PTIi9i;7$D(p4`IEecO1j^45KpN1Ur8i z7LHJOhRuvxnWEVAdOxP~X8ionJt#V&$+Z5iOGmwokGfoZ78Cq_ygYiRIi~Kc*PjF* z#(w$n{3jCe0LP-8J8vkaGw{;O1t&Xep%k4$RF~^*^F#4jINv3E^iJh-pq#C0K|t9Z zgZB`X?RD;$lf>WbUm_C z&oQr3QIa!znt9#AYl2l#?sh;5Zc90HRXl@x<#Nz}p(^c!kroaF!m%X}WDa5lM^FhW zMzb{5hd4`qEPaf7h5w;c@=~-mQ8ZrGSp<0!QRF`6zr*&s>=CIDD|H>zwN~WxINxDB z=qu?h@cRD}jo3^vdyLki9}PJ1;yRtBFAn&*7J<71-Dqav!JdslAm?ml0`hu>Oie?h z4w=fw!)Yzer?fF`_u~$$w0;&iayW%Bd^e^26mkel^#(D;2AZd&^Y=s1qJYL8U@f%! z8ez7v7%R>ziR3d8%bY5AZy{FzOQ!)dtRmj(?FveTsmULtNR#YvolpLN%NArvS2)5W*5=hz?D07Gy7@_6$bBgFd`Ikh|DSv&*9B8@t-}n^RKC7sLHcC+& zfjDx<;Y^axJD@rG8`+{>h8&2%8i8^N>frnzek2EcLz<}ISvbw$b2K4zjgVxzM)~4_ zTNqy$i+pXy?)l|tIL}j3+{%MrP|O5|`PEuM?>6n~5i0fKuvfgX2hb?GI>kSvOs}d& zGVaik2!0Ing8?Bks8|MgVNFE@ROULraWpIhVoo?iR167>l_x^WK z#YH>7)0%~!14);+gnEBKcytZsi%ne?yY^M4S6!9sq_7#gA%%K4lK{g{M|=NG^ZS4y z2XGV5VI57zX8(VNRmx6NNMnb87c%XtMe%hS#PpjP)eY;NA!E6^Hhdms?(y74X!R~a zM`(x(L0&n}#XVkQ_d6705x0Do6tel(@5YPL;$Tj;i9Ya`P#OBS*=v+AoU{LOg8ju< z{yM=Z@l97}v^rMSMld)@_gvfDaN3PFPZc8z_MY2{8Qu(Bb9ADk?ToOkS4cId7?#T_ zqCvPSsU!dycBwIn&XglKMr z+aI-kx#cl$sQ$H-s}mSEwyXwisqzv*8S6sEJ8>oNwTpjx6#mPo{DZB0*Zb4fE&E2V15qWDaYO+!1U)ZojoHh4FQVeZ|GSso`?)G7N-zT{wK7ud7r)c z#jF@y0*JEf_jfz|H)Z9G25blmM(6HhGEHLz1jTUW;$=o5vZs`}$T~GieF-4X8z|<& zxoW}n0prL%2gH(R}M_W+WUAeCT#lopB$rV*h}5|zN}jbzACs^YYh zC_PqY$@D>D-Mp3BbUVm~sv4GwB1}f$XpA;wUUf`uh2(Gb0h>9Bb_aw018<~lf&4#| z%Ir}tn>pa6aF+0I=*v9^czK)?E|qiq{oP|Dp@PJ+TskHFXN9=$mX*)=j?c0as(|tV zw#Ki~!^{%LNOvbXCl1njxcFWxN|rfws;-2}2l>K69=fR22R!iXGhuyP~)A34rcBwt^JtC-hIDuccobGW>7Q}%0K*W$;j)PkM=#!OKnPbBY=> z=Dl63*RVE{UJ{^{JEni{;(Ub~_`3l!7cl5aXxfa#Q>J{~GiCp_vBHxiMbFP7U;aZ2 zgS0d~>?R7&-Adb=kUK1RG+bL0g-R_xkJCS3(OqWrM~YfM3k}qalNAC?U9t0F(0ZVW z@*g(-*gRVOnqIpwY6iy;=M`U|NYhO{8Qs5EmI8)nQ2$!v7Vw>dH?Sv z2iOx8rY#j0hVm8#)+LYR(sJ+FgQPiepXwBNA zlo~Z^Q6I3b5o6V(sAkIG4W6zB_j9ToZH z-g9T`bq}~P1R8BoP{@!CfjLTgqRxW8o&l!UDAlGA64$4A6TT`D$max0BEbWOHQ4I8 z=wao!6^}=P8k;>>;!pdQVN~DIjf$!vSRZ;71z@~Y1hk#l$c@n~+08L5sSVHSjW4zJ z zA1T~i0?(W=E|>+^d|#Y@@V*BMIxOMQS$4TU^etu{;^rGvdsBbv0HDR>(F%Q%{5zVL zS9f%q`DIR>@Qy-0ldY_7`WHdp6Yd3qPf+Ju0EyEee1IE7qo5ym!2?DZA8sL#D7}`EIAs3!5^v z^FNyc(}vm(BBK#Cds3>cMU3&FEE#bPD-ur!{bi;Lh=MJoT!<8Gn-(inE~yH(!Kx}- zzO6Psfvx^zPG`rz)+fU*=s157_em1?kD^g(;Tni)p~U`9fLm2z&CgZo{6@KeG57k_4> z(sFJ#a+m}s`V}!!++4%A79roh^e43%T$D6NaVv=nAYD;=e-`#4Y5bf)f+H7ek)K?4 z1qHw~0j5gU)V#%WukNCkYLdVY)CG`!SeEAg`A4h9fEDPoPVIJK3tGOdZ`fC?iv!8_b zWBK=ASFv5gO8Yff_PE=rGIPF-C^a=PB0DiC&D}!y#b~h;`tL+FRmVc~VIAHfV8`%k z6`h^BR|GHLc*@zCfV3a&p}`AIAuptq7{jU6qZIPo5_K65`81sJXrWa}uRAX`;w;XVsa+<})ZqH`3$hL#Vjp zABe#p7Tt$g;QjdP6rv1z>hfKaYD$p(okkLF`Vfi;>YRTZ@!0!@2A?tJa-V(${G4%* zZ;M-pCrzt@3ZdMl0=wNv0O!Jv%JYfZIC@%)R_e^b_$q&aias zBOA`AoR6EjHX4|w?o*x`PP3!oOJ?YUn+%%*78%LR29AmL!*Faq7@~Xu_=H-#JB&7I z^f=^~VTvU-R+dK!+N^@<*JWnB`Aue|S3$C3?A&xp+B^KqE?&?~vXTc?#l+>y*K>Juq(KRdFc1a^qH{wZRx_8U~fHNPt`Svvg-%u$c2@E8q*ORrh4Fh~=? zg9D|arXx<|5?)=qh?o=Qcj7+6@ks$m@wgPiTge15K3a2ii^DYZfHue1Q~7>EP^_T3 z=@c$-fPG9~vy2`_C1Nt%SCE0k|7x&~?fg%wVE>#b0#(1k`V~az zC!6Icf?!NY)oE%oF>4!I#&_j%;9KdUX7W7&Zm_;(kz*x$x7wPRCa>emp=~$ieydhl zb@LzdE&pTusN9(S3>ELX)-tl+aHg$}ty=90T8nj}?-PN3l+`-G^beg}k$RRUj`=#- zxxf-zt3nnWb+ss*0Ynd=Vq4QiM^d`)@@7@#>y+6PIu}~0AbH0Sf)A8(W+U@Of55bF z1+(B!vvj|>T4nC9<3}K6goEmAezY5RRw8hmyLQqYe zPp!d4h&AciuU@yqf{h6dBmRVR30EMb60QQ8wJb~6&>Z3gw!)58=vP|!Yqp3GieTl0 ziQxZDfr&m+R;8AEMn)F&!E;49a^EI=IYb|MUCsvWZZ)Pf^lqSkH7+3U7CyuFQo{jB!wa@%(KLkCZ|x29*pGI?sge;IJmLRo71PL6(X)=25!3@%Tat2q+ld&djugrf;x>BJ@{rm90 z1q5DAHt#oPzMaB+Y>oCOrPubO`^I1gabxz^?R<$}eMOuHHD;@(Cu1%4vV{ot=@OLU zvz9CGu^04HFQ7R^>{)kfT2Zq0E#Lep#&OXx1YeSk^s`n=KY5NhvDB?1d108gIL<8z zzSJSG9!UZfk(7WexkxrX1+zQJe^FQxyZrb;9rGAU`sa{ilR$s!kYRM>L3&+QTV^aNl40d4wSUi*RPP4_%NxZn_vmJgI`mXyA*=0PSiSZx)==QdaFQQ7=2f zFHMRm;?krrl)DEJ-4+uvaat#OH!cO+iGO5UnmKLO>*~G6`pRQ%(`~szvI(ImsKMrwqo2(-2X)-W~7)1QY z^T!1?H?uW-AF{mBuT(fuIRb~Uf2Z}{2u-))-bFu02Q>ceM;pJry%kpjb@EPWMp>bx zJSQv9E7LV;@6jXfe6wtm6wO3}`jn8u*{6dzjB@Eyu(8b)ALmp2%DX7(3-zc6N5fva z%>PIzu*idtx{J%Bq2<9{BnDbK&fv!|oKJCGFBd0C5i9nc!SOrMwem54u!a@l0^0`Eg*2w-bmxZA6-b{|BR(Ajh3_QoDkcgUT2d zUDf^j6TJa)_$RIE8$yA8^Vx#sK?CUI9JL^UcJl5!tW#g(N@$}~<|ybf>{W0~{Yi0; z{V{BFu+S)Kos;*U-*@aC&~FogKZWd0U_7)M&-Tb;+~pe#HAlc^v<_d>vy3)%z7QG} zzIPLSPKw0NF>)o#yD`KX)sx+Iw8$fD!)G)**g+~e<-?*HO;nvnyuX>|iC2;DXv1@O zbpsFJNRGi^BOH;6K%k&~JpLuSLlGiTFh0oaAk-}67t6)TaiLb)`1tDR6YeKvjZe>p z()JC)IY8t>)^2=a=R}I4zE>FK(x+fA4o_j6PgyMQ;`bD;0ya2H@^k6xxndYeVtH7p z?406~HT)pH42pV{r}g!Dzmygv|}egcJXk*O6DO5U#5WatBix zJh?3{2q81UyG@)PXw-@a&&ebw7F-fiDBKO8(SF(eG1Sb!EGeR@c#sTWUgTr7v29-0 zZA>t5UjVr$Ued~|trzA!+7f)=va2SOfziMuw*b9VL1UZ&blQuYWK6103M5IZ{|LBC z4I_g^m6&ubjh+8 z2;UdB2z9W*{DN$IG@;KACI=>IseS01QSiWoQ#ynd=Fx>u=`YLRV!Qhn>rc7P=`hdi zF^7+7&jM$wIN6nSe_3&RH&7Sq0Oan0hfFPrDeP_jn)C1X*Q`A=w&u7EwHB~Ytlb8d zbQfkvEFnY!GbLVK#Zrm*UM>5mmt)R;<^4OmY8uIJ+tp?R=T`16Y_4+F2m)PMQ& zC0SlaHNyk81^%xME}k*~I7Ua(>sy^4O8?E1QCBaOHE_CUztr(-?f*MTpFKTVQ&U?* z=1JRQU$5Q%4xKgDVy^|y-SxjzYH5u}Q$@=HhK*haZM!_;{f13$f7@bzTI8KI4j|=6 zVn1NKQ&l&~eb2KQGJT4~J5J8Vvh+30$tv^m`jHFzH!T1iQ-=?KXN^3i4?EGMQ)@1N b5a8qEv&Hr0oDF->=DAhayE(ixV!ZzYn+GPK literal 0 HcmV?d00001 diff --git a/released/assets/rancher-logging/rancher-logging-crd-3.8.201.tgz b/released/assets/rancher-logging/rancher-logging-crd-3.8.201.tgz new file mode 100644 index 0000000000000000000000000000000000000000..03fa848720a38e8fd53c7a6679a80bfad78f18da GIT binary patch literal 24252 zcmd?PQ%_8N_&TPP_LT9ANY_6fm&LXR#!Xm9|Wub3l z^obJ1esm!;MlD%KdS93O>jL}gIWLau6NlvyPtHgM zrHIcD*l%HDb@}TPgkQy3JB(7jQu8oUKwD@xS!^FWBEkXYG<|F#B7DKQw9Iz1qLe}Q z%6uYw9EkP%*y?c8|LSOIVgGnKJeX*b&Eo$0d`qFt?(q8j7$aq!(%JNS+ZDHGlzs9s z`;&V*GO^z&L;92kfFgilk&67fpe&y>FGr&)D`^28S}f(G7{FjPlH;Ka-N5j=lCF#r zraGV-WwAq>pAD`NXk!LZ9q}3KnK$>e%E!Gb1_)NR(`wm{+k^i{XC~wWLV}T82W8Dv z73El=c5wOYi>e_v?CfQ(i|6C< zaAjd=v&Wpy?#90^VXV<(l!)BD9HxXgrHLaz_Ic`S40UUZi%mBt{YTw~}5LZ|!d#T+U&t(@NP zuO5r(kj05|frboS6k%Vj*f6^cxoRiiLToAJ6$FJ(6?%QXj`;SnEZ7NIiG|uwS znwzwbvRa#~T@FPPTe7|{!6!aAFt#WMLz+gu(^3^0G7B@Zs=_m5(>aaTaJ2}xD)0S% zs;|nm1zN6WrIITX*G(HB3eLWks1`Zh`sW{YofMx(zSR*1lI-PFANRbYp#5h}yk9Tx z-Yp^NkG|&|$@i=7p*2Y0ZWEtme0?KldA0ozkn6_70jA_ACuuhbDsi``4Kd+A z?F_jy;z*%Ft^FcXv6m;FI@TwuMDB65D{>!0bvdDQIFp;^54MoQtS!BV0r$>)k$y*@ zEH_3CFQ{4|Ut{FTSW_@Ia{@`^Sd&0!Ph-|{QpGX(GosAAeHJ#zOOivRA;)8N@Nw8g zXrOStLE07n#|R4_R-w{DQlD1|XYeDbhnjGz94zmxJw%5-%n2yDN`WH0IPU?u7pG7! zWF2`bc6qOSzRm#F(edW4oXqTS?%-iCT4bo~@nA&0S-HX<`@JAnNDC8iq(x3fGK+pO zAcJWwFIILU$3Zqex7w5|$TI;ViOXy9YTX$0@_o;}FkZh=B-oc4v1|^NOzp0l+ z-BOrv?;&mrL*UfS6i4w>R8BW)b8p}O9mS#kM_f09>45~>H#s74MY=9Mu^m6WOa|vu zlHDyqDU0g7)Vlm3>)wFtf?lOF)$&Fd{Hn}o1EWK7U8vSAfQ(x&<$R(z-DHJ!JdGHur#Q2H znTeqBcI7YHgW(^O!!>((=o}2!KGV`uZ~Uwol8i?H3HSoJ$taq2? z{X&3bW+egWh|8Vdn_Z}-s|93mhb3+xs&4l?D=8SZ%C7v&a9@HOFBFI@j9?en!bVjZ z;ABIZgqwZE2pNS_@$|kU=_-c#LUe*ftO_#Wqkj$*tk9oGc85y(mlFi{48JvWhGLi0 zUXB~3*QKHaYnO;>E9tp(zXWdgFl*`-E&5P4EJYoEN3v)oqh$DAFsHeJP<&j!Bn7n5 zA0?eC-BfHT4MrJhZ|L$>g)EGDYbkZ<2&RPP?6u@13+<;y^a+ei+C<|xo@UF#1G+gyGyBThW=&AAzMh3z-qgoTSJ)9MA zTF#CBgV^j}8=Za3X)-Qh9!Kv{P)~A(cCc2_8Ob7cexWtwB|rfoxs(L09|u+fHiJe* zSQrNy;)czJmc4uR#uH+;RYWWqgiI>F{IP^yFk~c@47DO+v2_Y{_*zu~!|%nFqAY)i z86lvOA)b+Rl83}vz^`AQF6lVqYksVXZ(!Tn0l zJz_GvqNs?gt*joh$sNgIkD`ftoi3ZNHv3ZM1*I4>YAu-e%vfnW=yyd`xRXr z6=}TjATt5(4$#R|1XpZb%-W=0tSJ)C$DJJO!#3j*`-S9YjIN7e-FTJV#evFoNyz1M z_oQ)byfWL%oFMaV?)A;5tl-FYC*)OM^@dIvwNf=?{_5sfPPCE}NS`jw&$MJ>CeX4i z95gLm!zWtb+OHLqsXt%Tg~#OlT@;^ZUDX~Havv?2QcpwT581`@Uzf3B%|OjfpHGoj zIy_x3pADZ+V@F&1A6G+uQ=OkrG2pmOKyF)Ss_MY)OBLr^Q)PZnT`i}6aGDE_Lvs?_ z4xv9S{ZS$Qbe~jy#w%K@mHL-CZp@N8(5@ahtZN}7&W|}$vKXy6$c$_F>qxrt8OpVu z#j6LxLbzG=Ed~i1rF+}00`}!6{DI*b7SWR?l#5qb+|Ub|9e+7aZR~vT34qeD(J+j#G~;toVecV14k*A~$%a*&eoXE9R_jfagpJ$+NUI2cT+QR8hMMNvtq4wlB-%>jc0 zB&6&Oy(%1MPl<&?@21~dD6hHD=1Xu{QD9@z-_B4aaEKCqEvo?|j8vVVeTY+NF4=%@ zS5g*&Fh1m#-R1)#Xos24zXW4skTy21MtBUdq0z>&35lMhx8bs?Iy>oJ$u$;Ec|neX z&NuW8;YpNclAv?n&?r?Kjz0c=M9g^ZEb%66?{?FGQfzQOHY$Q4>YWOn@n?(2PpH{# zDX}gZ3}_#LKQ@+l5)OFtnLnf3XMx3vhbiMhc|9?tc7L_X*4%(%63pELAW|_%7xYYJ zfhMLNQd8mJ*f2Q&2T-L^wxYZgqsFl_w{2mSAId3wwPYg>s(?$_k_^%sB;*lEvz16`w!dJCL z%UtkbRZ(>y7H`>6LdR5o8m=-xdvr&f5I1~n*Oz7CG$&d0)ynFL9vo|Jq3P<#m=IfV z>~w&!LXd9^Ci6X~aD1|v2t={`{RC%+<#^gvve1fi(-v$KR|fV~bU9HW&OSCg80;r!cFw-a z%YL@|bvA$#DEB1bxR98)R;pNrRZZ*Ot8yIppt|ZnF^wpot|%>W6Y--!WAgy(IoQ81-oi0U4Z1Q2i0pf>qihtk1CB|RDqq0o#-H04TuFNMUz>R zz8Gi29#VSl)UMNO*J*!J{DhPt->j90IdIT=*}>>sECZUp0(NQ2;b*#BcX9qv zB~}(*RQOHBsHq(PDLwz5+&5QqLgH68%GltNIKe7?^z-gm?buG#2%R7>cR8j}0I`yt z-8-Ab_&8eW1gePNS{+o|DRAPHu6kK~isXE4YQ?1_kTBIWL<2L?y!*9y@I(Z?H55#QB;zeXAlu#zFHtpFFb(!y>&?q`MA6SJe%M? z(*^lIPX#qKC2(Z(2&9m3l@Zyb)Xvl60Rpt z6DweNpr;{5FJ2DsRHXoVpSadj)8GW2N+X!|A7gXl)3qxM!y2grlWoEyp8VPcV#w z7SZOGy#eBFc8rx(et>F1l=_{Y;CatSEfvIPyv!B_N@Ewo8fuPFmuL=niLMBfwM`R| zP&5-t!4KW3*{jt7XTT=9T60OmM%aKVyFRAJJTpS#Jdo8H2)-6Y2N1VO+E^i>F}vG4 z3L;Nelw^E3%5DG|Eh=Ze8_nbJe{x_oW_LHb@Y_BaffQ-3t*@N`&X9-7iY$~8H7V%J z&(ZV6BQ79<{kJ6P{}7c|x%6S!q3GYR-VdH|+@guy*=JC^yu7qYR0iYx)fRjm+ zwgxJ6Vh%yDwnM-ty|a5$lOz9^QA6+s@=n;T5-Nuk*PIl{pH4tL6EE9O%rsoIeX+w4Tb4uzY4NDG|S z+9QlIhDQ&FWcq158JYUx1D1VZE5of&F@_btdUh|J{~L)Rutp}nZ)4Fo3SKCdG+rPQ z7uhNsg1Y-@w~5JI7PKWxIkyioH3wc(rPTe@ z0LVnFzJ_q|nACl@5YR-d#KW+^bGF-_;;j9!fvei*5B&X?ErX;VDd=yVhf-EyU3>E$ zG}w)5FjnLX)ZB34*A^lNA!O6h$QZpb1WO$u7O-XPC5Jibffh2~t8jv!8EgSd$#Kxf z#k6f%uG~t!5;2`@B_e{XMGu_@rr9zTXm*F(yydYuSW8e%QTaet4@M~sMD8mSE3)s8 z>?St`BKD6|%~F;QQ%Tv|b1MLh(G`}y$`;%7u7Zj5i{4E!kU=*&AEM> z9W#RBxE}d4u=F6RjA&_#z_VsQcdJuG2zeZgjj;%>$!F-7SnDjfKsotTyn)2>!LA=> z&H6=G<>aZkI5FyRGK==Nc=i|EU_JPB{x9d7x>e4^1OE6zR8+!uErzh+MXFJ9Pc zC2oqCQR}2v{!p5v82F^Vuydw{NTF0wkZGs|J*k*a$EHd7`Z)(i|3LW;Q3OZu9f!T` zh6=}9D^a5j_HG#MGpZK&_|W8{4KO?o(?){S>nF*v%+`43OGP)&fVfzPJ^#7BvAgY5 z1;#+5AUB34N~=1hC;*lNO##Qg*1s)s&ygmnQ3UV=#y$C8JRzGh=oKLdV2mcNNQ3<) z>IE1iFIHzU2%X8RWRwAqbv7A|xqDYNXctX&S;oZ)@;T2Yt5<8d*}$BT1lbyCGLwus zTyqh!%HBGN#Wmj3_it$b#tc}UZ_EILbG#-Hy$e3te)t(2&puEqW(@n0z`QV zi20>>&mW1&I0qx5D9WA>gX8kdpa>eiu=OfCXsk3Vk~p)bU=F`x$0p8%`!xLPbiKQy zT%yy}=p(Es$pMG%zZxXAB`>1RL{Gm>V zPH6Fvhe#g>8V~Bo17X~NpZJZpWDMf}@g{Kgb2;Wk!T1cW>pHVCf`~5f>+8%?Y^Trt zL$Nf5_s8*>=wH)!j9gk{UR1y8z8ZkZvoMk=viMTj{nQ678=29JIAO7ND$J$4fM4XJ z6y0Q~q*yF>wFNGqHwPGGDgdod&Qj=so!@XlIC~W51+N37&y}l7aAk+PnS)R^yQnl~ z4&&w}GiL52#ep*r3%X{XYdCz_YhqVJo?Gw8HYk7)p=1XzKW?rbBZ)NNj&q z8fk_s$TfWafrkC_md}Cn5=wm$;ya9VlMdC%bz*=JF&U}A{&(~8#w|+xcB;2_rocG^i|0Kjr=7DRbbl2qP4VeaCuQq!UJBPoO z)02W5yvOQ=gs!z%n?xEhc5t{VhDV==^P~Dz0cL%=2NR+!$2#jr8#47LA(PG!H)oOt z*~zZI?s=Vw#(kaxDUfpjgZht|v7qF|KWwF!ys!xiO8yP~Sy6f@WW$e8$vqIDEmXf5k-dE8{2>Obf~Jy4#@W`^R_ z!Y<#kz~h{{QJ|QOh>mL_*cWzz=~vZ2SfR#2F>3m^vV)f^i^pAYE4&|{cyJCV>Ox_V za?*Tkk*66E??KZoHx~Jl_W59SdPns0mCH+fjCo11S$se;{@Lab6H^h2l;fdv;D&`Iaij@alLVp|2!+wz7&M{Al(TV#MPSVMms9FCBL^E*%5w+z_}t1Z>^_nZujY-6g6VKogXbb1s;Yt)9d&zwfaL_d3ijd5DuU%IL@8vHO{#4`EI{)d8enhLE5zmF9?p zNK@RnO&26^nE%f!GX?aw73DqL$Z!t8z)C`%9zXAbTqw|ULPrMx#GeeL|Im;9kZ2&G zQUkc=#qDA}{+Cd*>B_Eo^?MhCsrUv~ilAv6xE5 z3+r}#vupRy$J^L=SP~DV0PK$h-Q@S6WO2F!{l^yo|E8VV*TKaaHkHuat>)u=+`)wk zg~u=F(BP+cQ=D-ec_i=FH4zn<*VlN!F8{vDpnEd=$2!IKk#jxc-FDmpei}hJ=0B%W zla&BAUr={4M9^TJlz?9~KM_6*2?`&#{?ENUoY<=lyohEeUOKp9l^-L#=98mqm{&Yc z1wh$>#MX!L{sqJX3mjfM3NLO0o*i(>7;}mT}(-ouGBAxP~gocqVGmzTaw(BX_f_f!*7=9g%e&Yaq~EO zXZSjpIdHxGG5s?2m8o3H&oMCP!Q3o`P+qfBQAkYd3K|4r`k7M;5Dj8RCH9*M18Q2$ z@2@H9<6JJj3<#PXjvUqUfOU;5jp|PqTZ7I^WhdO^ZTPR2$zb4mnQ(Jg8Yc*D7@-UWp(_j}TL{y1OYpe(&SLVY?mdn$S&&E0% zjX7}|IU6TVoxPdJ+*nXz5&7Jd9B^vM?di2&iSg8h6#h<4I5UTvs74X`7sY-tkF_as zC@4j$Arj73j>Q1&a34!KbZ=megxT_y7|8y} z-(K>Rmt^>4d0L(w5pjM=@RBm4X~+vYu0DE-kQhxI9|`qP93?DTmT_p?t(s>QtX{H> z{$Q<4d1Tgvu=rlqP!gup37`s%tHZ5{;m;BjCX4y5u3Q+l0b)cz3aYe@aaI=Dnyl05 zu4BW=PX&Ow_XXu0@nuM55;8+8RyEE#gNdMZX2JuU8m?R=KZSDmt@#lqDDdzkoVScd z22dq3SL-{=>5U9$s9|ge4sGLrfk}|)`5ytuCn14+;Zz~^k?!~AF z!y0G{Ndf0$QDQwMBn7#VBFw*%n)mtkWyLgyvj+kH!;Kr#Nj|jV7C3k0@4H;`4+Uqr zAQM#w0Y{+J|EFez6`7DDfhUr%NcDBq>K2)lE+}VE$Hd_Oo}&cRB9xx z2i2LQu|yPvtg=r8i6J9d!YSQyMeEKrH#*8HfuU|vfGJgRMWd-)6glBt-wvR-#w4lc zYnG0_Ix0Sr&RjCTE#oS*FQbF`(IcU(YSPY4g|7Jm#v2@+rI7Z&PYZOYzs` z-2Fz+L?x9e!AsW={x$1jN3KaX?`A1gL+ohv(@W+QQw1~=rlT0h3oG)H>B$fmmWKLF zeSS{N)s;aWKF&4r1lqMp7W|w#a}V9pAIh=U^NHz{@chAP)OB9CXbrI?>dF=LR}xoPZA&j-T2*at0n(fS|n}uSq$J&$1@rd@f`P zR|Ou*+RR_y+{w(?-w*V`%+v)8b6%q_m1kg(7Rq=3c16tH%E@p)*G@uNa>f7kMM4Bp z7P8xVoP50k;=ukFsS5NzDMz1fHciPhpZbWgCbw|{RZIKAU;Rq{YjaCW%gf~e)Z5j> z#KcG!tuEKsc%o$5!@h^a z?jgRJVTr^Pzjier*G2=BT0@j-juo7zjpN<@S}|>_VRbjlmmw~(R#@^~`Az_}2LV>` zba_nWiagf7fCkbk=E$1IP|xSx$5mIyh0xBf`PA>M$BM0(CLnE!Mb%nrpT%JHzzfG_ zoWD8`xPxz<$DF1?MIxb%&*qY?bq9d*@IlrEuG7QgwQO;QZ=umzI|Y{IZ2t0v$Q8=^ zmiK?Mj;fm&{IC9l$`4x8)pzf&V%=ps)GM|>8_`)ujI|c*${$-*tz%H<1OKDvm=E1W zmK=3%GHFfPpgLEco<=OYw7n33*=LTjZRU*ldfB3+6sSAh-hf&0bNhHa;?3@&U6Q*R zi;CU20xR%wQO?pDaRC&-jsC@gi^`k6r_oEZV>r@`9)9OKjOg>yn3RXbNSpJ_*BQxta+kZ-pdRws6w~;%{cZ{Gp zkRMYqsEXzORB5w=*#VAWQ@$P?L5w(AevfMW#Puy2AO#5_;M0S}AVcFGe9T~fewbS2 zF!63WYa~)avzXjwL?}zDb|RgHhel^e?#LVA<`lUa+1nN|#KKNMbD7m#O!e!|Rk715 zfc#kpqIVMh1_+k)T+HZ7Q}LAiITW!&J!1V`t!aljZRZSXWb9bgNUQ@o_}fb7+Gng6 zi2o63T;3m;S^3MAg!N(RQj+Ma31>vpg-9Mte_bLYQO=tC3f?avcVZLhgRCG+1)Cc6 zbcFp;?$aL8bcI%O@-^>xgx4p%!e8y?jtam49!1Y(0(6b)X$y^8@qAjKTii~O7u~*A z+~PmRC#rk$OGfi85Q-4pV?%!w=hLik-c4GpJe<0lN19p%W0);mg&75g#L3` z98%?Xu&{x_-5%Ww?b=9uYIFi~Dsux;?*?i&cYg}T2ZnGFf)g_rz&-fs(|1OpcgX3B zay$%-R){<~q#~%fA?VTUIE#m9^G7{WX#D?>VbCf3x_=I|VM{TY1SAp+5}>ARGV^bhOpB0G3f65!^s@nyZI-!Cz4k0^LJt(Eagp!*S@}ZdvG0X+9csytc@FA7T%hib0}# zsq+BkpPwjZg;Ebu>(_`<5#nfyyzk4Zk-y&sSG;cZWgANRd7k<5em%bZPT9(y|MI!H zXqu||d@}4l(){w24f03aMkR~*ko;18O9^dV?$e!;FuVd?y=(Dyw(1l`RK-;xFul z4yZ0Z3}SCiO79_kG6o7C)Ek6=MzKYpQ;G zlwKq`Fv?(52+Zu}BZNZuJc>|Ky{Hn1%mC`b1UI0~;fP%bv_y(XRET1R%3inoFhT-m zu7$zKpj9q;<)O$Rl<;aEo$*!-`d`D5$HCzxVme+04m1cTqme&~P~=OwAhb&i+~fP6 z=BiJ^#JZ0m4 znI~vPw1`)N`6I@z5Skt8C>D8~-VCB30p4jRk(O32YG1PQvP*1{pk2hLNyR)cEl&k9 z(LR9xodb0Mxu?NhFLDAEAd`C0H0eOE>=Zt|=y)Iudnq499%oLJ^XL+(Y3-Fyqu%_^ zkc;L4v}A)J094Q6@Q!zS&Wn5?#!lSNixXdVjBFo3REbwxr`A8NW$sLnA4Cn8639{` zr!fvjiWDY+;VgXB8cofQ6d@5a7H`sM*NT(JqctXWfZQVg6aN?NpQyFRDD4 z)-_-sftF`0?9~H(jjBsvhx(3X8$QG%m?n7+h>L%lFD-wG$k}{PDOxI_vwKbZ5}^=Kmtqto+wQ2C z0jfLLCwnux6`YAXr__yQj3){+e%n@H4ydkeR2t|WnOuc<_>frnQ|6dPl6ic!2Ks@n zD_fHDXW~NtxsHO;K)VbLPbBg$`tr~pf9Q`&w5H)=tKqZs2UWp&A5_7Sbos^5tzRv{ z&6f>zgok_BmJ)~PVeh*oA%q1uWSXOVWE#AfT101!uR(%$5lLc)myjcz0!5#dgN+JO z^zQ7dsgPI5QAU6z+QSWXw8e1xKxh)4OR~Eqp@qjSzaNp%1ES#25gxg@VY0Tdo~5~B zVNv0pwfKO0OTXull`pvT!*)`zBgTZZbjSBSA!2Y|P6Y`z-9AwsfP@gRx6ync@=~)M z40VIa3{dH_m_c>J$aWQPcXcAj5QTP1Pze>_McT3C@v1-2+F1^R!wJMABRtIsJmL^2 zk3F69!gxgGt7XSItiB|XZwO`G;|V-~AZQhdwxxV>34mSCB~j2z40S4o`7l2mgh4OE zP^lbhL^_S){W%VWBY!l|(`pjsMEdLy;2yOXvpoz%LX_<3bc$Vdf7S8hbVgF$5?@bn zPDi0KFw_inCVhYElT5Uo2n1@2ROKoX!~MCP)>0@x3O>(3XN4?} zxO9akA~oJqcQXvvaTE#*P7n&UOu{Ri5Zk#w5=*$(JjN|8Kdks536&#azf`nq9wC-P z%-$c)3)1ZPA*Q$57A$#vslJWpqwv*kLeQFolq4(yd7LnF{L<1bhJRGD*9-{%^6^3O5X9m;bVGVXflI-SAB$4EwVe^6- z%#leRKR24%q{FS^&|H3T=z4O5+@877nOuRx4Ia7EA;xV1X;u>M{saRlO%%!Y#bo!Z zk;7^uUjk#b+V1laKyYxjb2m`&Vtqfk6{D&@5h{J^>yz;HgUoImCJZ+aC&GIYzQhDT zmZVulz=@i=(<8!*jgA1P-FSG3MsL6SI9!`1jjrf4(;Vu%Z(YdHtgE3(+He`j40j4i zCGA9J&maobL_NW38#YyU&+t?TJ;7=p-rF5Wl0US&BM8h#4cF=z-Z>YBb)~Ia?9Qsv z&0~b~7@p!~!!p^WG1YOMfeE?`ZnGE5yWU4Hz9@)~-gj{RdQuZfLL0>L6sdv}y;V-< ziJ@Jmo&TgSk4hjD%DEs!lp7F4p#>O8`AUl9y@Ql0!$WzFX0 zy<4FvCG*xs3*qqmc?#tG$elCk16op#>l4fIHcTgP3dh2i=?yTyB5x`ytd%nv!@+ra zj>DJ99rV-rQC8ga>GM5qhpkorrU3Jo_%2$1o;D4C2de^m);rwB&sN)4C;l;*l=5Qc z`A@9s?V>BX*Ke?Njb#jBPV?LFB)?+*{Hcxs8QUC5aQsf!AO6l`bfp_SB71ui|Heyw%4$@Jo+vo<$fpOZ7n- zDr(8;S5@`kgHkbb3jXAXUj-Bv$8UJlDB-7A*2}(RD_;KB4aO*9-H)*6MU56-h;-J1@#rug=BH@pDN$Mo45j?h+Gv%?iYzrPL@%EM|vob2_=m$~x8Cj4! zA1z4|ovaP(?WVXQp;!((&zUU7<^C{zE6_(cBaT5 zj>{)1QCp2TEI&KJDW*dpPF?5DH$f;qzihKUeZQ)81EI~s@P$c51|Uiu9HW<}BC6p~ zr*4FKXJ>Hp$$T?%Y0z17bhctHEzG8TFPd!|XQGphMZ>Z%w0B?%n13&R3i@c0brDOM z2?|3bg4zcSn{qkms3hN=6Deg2Wqa7H5P(`J5uEC_*?yU=q>Yz6_UO8 zwMEVOk!pVmJM(GTrQa2%UgXUS(;4t|%|ks_4-j|-sT-%IT+X*TK1qT>n2QD%{>|Y0-_3q45W~y^k=)zYY(ZYtP)BO(M25vhH zxYNVIuCXh&Z733a&G5d+HHpcl2KAeLG|D5&?wD)zDSWpF z%C<0%sF7L=HXjs7bN^{SJOa$FVWV0}b*gpk2sZ;u!knhaY>0fPy%e4U7x+p@c%RCB z5C9Deu?Fmm5q^|2emphqtR>&+yf{^Pbw{C?LT8jNJ2VVlH6k-pAK4O{8uRd~Op8rK z6%Tr(J{cjEyF#RzY21Ms=UXv1C zW(A1_qyhnZ8F9uI(#IgWHU~1r<(Bk0S|9@SiojA#^tDYvvW?UglwBP%Ol_t_D$MC* ze+ehICYdnhyVoQEi;Wq!XIv0>T4By2!tDwy1nOvPYFd?vBj0jf<&66hECy%9Tr@8+ z5cbjU^(GGyP9Wcf){b}WG?mB;-0Dp(ZjT)OI6c}E;&o^Q0o3>c_*Q=zLTMGRO}VOV zQnU<1ZMHdzHui(76joTC!gYsT3y`#Ek`UL?kndFn@Gfq+|GGTNFibFfH?Rk@G)(_O zb1g@Xhr;skCA2tcwSR{(0~u{Ys6Q<051uA+qa(ywmFPvoT)~cNXt@mi$-h&-PcnfB zy&`r%Oi6L+tNY5+9E10@M;oZ=;M%c**;SoJx1^x`6s?0I;{H=D#qt_SGwFy1ZH-*n zrH7LwRX^zqAY-#DQ~}a;Wz1bo_KR#J->Fa&bMaY>YawakO{VhYS?d9cLokKdr_Um; z(*1|QeWaGd1C*7%62}uw^^yK(PPAp22pxG~zi2LFEjqC!ou!#`!`Y0fz(P)AMUZZx zUY1^~5|?+_7_!ez4pLBG>ug`kVI<2b+wV9EuHjU&B@#4dO6U5{q~Q44+8X7G`Efe3pV z68JexzR$(XvE40zW@M&o5D37Y$h@jpIIh!Ovu&<&n<!c1-uY6!r2ReYqU3q(BUoQ27Qmo{AzrgP{6rY&% z`60hgfsMO90UWj&cD~`zZFz^_e@}GiMLXV)k>XrvPY<|rbYeW%PY;It zJYI$}0Z$J?zbCegz6IMo8sU|K!sV0Z~x9Ek#dg&|6 zsHr9)<|f}(2Ju)FLLp`!OX2h&p3p#iBX75J1b5#>xyI2OE@!hH%&`HhJ5~j>=HE`& zDI8`-QPL)1oNa=kwu?#?-MZRkVa8l#DAl;0IE_!U% z=w>$ENB1u9R0a>KG8XQ72Ey`Zu|2b*sP;!C1QtOb$pO_f7(qrA7AG``Q?kkmg-2yZ z5**Gm_wFcyEPIz2=7F{A_^p4-A_+UHt!6cQW>=#na1swnFd503 zN15l%W)W zh?LLB*oQnv$i&Dg5j{H|HaCu??onZ4(O@FcZsO2y;xKM<>UDAQ91i$&b0hfOkq6rw z<3)oQw)L-ELjULECq-V|Kcb*of%9$ULL9S#El>CWr0`lL zh$V_3j`v$fZLtNAqiQh|b)(~%3XJ#Tg0;@T{x~0m-h4^azSC`}+|&2iu$ZJ)Ul!Qt ztSeXKB&!=pAqY*}w>u-qG(>%&qKtKvJ*CSGM0M9{Ph}Xzve7ZJyC;Y*M`h3WM$Jp% zMGPX7xyQI{MNhWz3aR7$Gn!WaoNw8r2(ra7et2)9X+~qB2us4)LdVbuvp(02>He!7 zk#6D1-gEDVzy)soC|S6`k5wK5KxHna8=yF^7ul9)#_I0j5mK)VhZ)~{QGErP$CX6v z{|^{b>SOARcd|S)(xv6cLnrN@*WyY8jzx&hd3)Grg&}$$uhKrC&iNgHf6xB3&Oy_= zlGxb-g&tm|d(hW~uyEUw*x&EOxh{-B4~e36MlM8_Z1kuPakzU`q(i&ka|hF!g`A&a z);30mR$IEZ9((cB-0K%V1AIhrg$N>UaXX+lDc-=!GiQHVa)6By^7mF!F7rYTsbX03 zNXaosr(tWyR@MKo(AGWLLv48lY|!sjr<>vI#2LA=4i$A4C5~jmM#etxNX_4mof<_r z*RF?a5$qDn%+7TiTeCi)=n8fjaO7*-rT1x|)ZlB&1D>uj1H6bZQx$64CHIQ(U|vO; z0=S64;cFvUMS1db8TkGcE&~SNvQy=SsXX%uOv|~kx?f5t{~7@fNh8|QVM7AqMayE70o#Lc8OMjSLfUn6UAaa(T4kR#aQal@0@>LVN!g|H1 zZbuqeOWonx@H3hCFU1^1#(*KHwc23$0&9TKxO){pV)1miS{xxTa@~6B&yD=W67OXF zTi#EGW@6W+-!6a>et_N+K`qIrt+w}Nbffj%ty+CXD4e~9G|Dc{TK_wifMw~Whdwan zq`(|VtN=s6$Qc)OYfaOW5+oWuLFQDI}#TaAZ9Sj7uQLcDVBPhcr~EZ3*9h)mAg$#^4o2$PAgN zZr@vG=0!y7mt~UR--7gyl^U;sfIytm}hop^|QykFSkD8uUzQSw8+GbMf{$Blkb1 zjb4pYJ*SO09zoKjW{e_8<`Ts{Zmk8B_NL0k855=9lp&5rxE{maDQOGs3n)B27l{wB zPfX5L3Cnd$b12IjWZ>SnD+&M=?MReg^Lz+NUVO|xMIeD)6H|8;z!X6Yqkr0aSs!0d zq(`7UKb3?TkN)2PpuZBaPEph9YkHeGVx03I0eoz_apMRFyiaL&mi|S6(}by%7z5r6 zD0R%`;vYux6yJjEB*?3|q*wLj3xtE^9NnU$8Mw4u)`K~$ zmF=7*TESLs=xtYDa!7*tj{TKNn4;hlNo+JnB`sQ&scId8jI?!**fyo)OI_@`1CG<> zrs_lDCQ-k1QH^a&mR)^OQuA5nu|h{%VaNGPpImb^eS8S^-ZMKtoUQtXvt>UUC}rfV zvZ=eLP2qg&2#=#9Lc1Ov{BTi5*nOq ziW%h(t+W(;s_jvCF{Hoa3tVJ`hTgiiWuB@V9_ruvz>I^pMi&fP1Oz_{h%C_`A(nN!RSJyxj%Snfn4==dc=9Ff2?BN!zms`Pi(*{ zua2qAn@B&{w?ugNYv11G4rX}QdndB21>nsRb6MqTId6L*-PdIonj~fbaFy6CtaE1c z>Q~!)3pY>MNS6uv=AR1N+?hh}7U%Bs2c|W@4|2+zLVbCO0cw-o8n4w%-H%y_GoIdl@=9(Ss%DH_21e+zLv)9bvx99`cZ z;{5LH78VnRhHm2PYMd?ks`#`_LXh``Z|91mk@dSlmJ_wxfl@BWcOg}e$4%SH_*duV zPW34rTFbSoA5#?+%oKq8aWe@ zQTBigp0Dco?*uHiJZCEgwrHp;1F_8lZXyOt_9dUm1J|o;Ht>R8$<~{dDqc z(9#-Eu=PH~IuGOm+G90*q4vr{1xk!kbQMva7l zA2B!o%F~kjgk%t7v1H``B(T225f_sbX+`L<262{um22u3kiDUBDnOs}9G;xUSi%+- zzu81A&|S%v49w;Spb7dbB`9Hm(-6dY8Cbj&^q1q{ee7-?ss=xhy13Ir*B8?8}vBq=U@BkE4RDel%#3A zd)A?3p*#>47T-h+Z||s-J=|wZVX`gJBjh%{e1zh4_F^bnCj7kx@s8sgdElkw$3}62 z3<*@ca;NH&^$I3?5hqb1ns(9Hh1Hb!)0r@^Y_M!ZLrJWF`= zk5Lw%UwG%MiE_G)UzW;E5V1n^})jY$$hZd z-24+P^GRqH8TvCHsu;(=LFklKMRBik*$W>Sa)82_3%*pbG7sg}X%+XqhSjL=&12!R z9sd`|@}1RzwU`U(wF`wJJH3|$Q#-ce7KII`Uxn~L?Ve2y0ZA_w_E9_)m8qL;&i!vB zw%TX2W}B~FpH=;ffQJyT>0qx1a(i~(z=s6^(S*Wn3hq%#|A1(&9O}$?0B>fw^Z$v& zR!?d2wrBs0>|RZur)QmV+0QKHbKw|+Bx^r=Me+HS&CH3LpCuy$UI|gEoJ3pzn=oU# zunfuPSk7FzN|3Wy$(}k-W)L3R%BB3m`_(Mmsy>A%opfT(`grpyRL{&#cAA2Y2oraAO_r24wg7DwcKR{OStZriC$6LZokzqsZO_#T2;gCWuO|!-_>g$Y> zOP0`e{RvqF)g*I^UD^!$^bwY|Z#84Tq6auc(ZDqnw!ts7oE)zNY@uUhrQ;+rfwQ$Z zEgNVVFhjkXge=+V(9F7B1#}6vQJe-Y+6li?`OLZENlLjms{`PUqPp=X@r%bR9kenT zA$8;N@3OQJ?g;F?g`I#40=SL+i)5p(cTNxwh6N4`F^~_lG41VXTm*cASmmA7bBCPn zAw}v?-3m?+6-{IYYpetne8~Xs*U@l3o1+bRY+J0@J+6>2P=srYB8wGeN#lXyf3md< z3^M&CI+L$DS<2xpP9}hQq@=y^{fs(1p}Tw`?ei<7mJm@hrZgWlu3g}#mp09CNdK+YnhT{{v9`lQ(Xl9i2xV&Mv2 ze_mY2D=#-U9GI3hnM%Ar&I!e+U@xlqjX=H7JyZt4z-c5wkP}(5yUhChG%cIe(b8H7eU7Fg&+qlD7SsVqIq&6Q34g#Jm)ACe{1gv;7*CXE2< zqioSYqr^Hqo+?B}`a*n#bUA1ALT~O!GW3*sYG+H1vS6I3P{j+>(a#74&oT+d%WyXB z2X=mZZr?komrZi2i8305fY?MmKjkMQ?Yfk!G*vav8RchgXbSjzDqLwJ?C}!jHKsGM zE{yo7I?Wv)vo14CYHjaJ98!@W7Ub;n@q~sKgLz{qp_xIq#&NA zSrr7paoy0|byFjVggPQXIq32D{+h0c!5%NxBp2>I zZTaevU5A1UnjX~yB!JV?PmQ}|WuTJ)mt+v^xuQZXWSeJ6+QoDwOpbFppjIH*5b0dD z53QaTd}AY<#w3KxlP-it=dMuyj=J{fyZ`XlB7V{`nP}gYw_GAcas1_*4huNj*{VqBlE+{(W<*vqk505t=v!N23QNrWR zukhH94{!ixl<;`--FpXkyqW(PpK07!>K6y8gZ$vSuBGn_V!@7rH0rp9aY4IbQR zI(Z}4RZf~jmM6rmWP#yjuX7IkN4~-dtYw1uy?j*|h7+000HfvXTGIw;i#!u1#=MmP z(+kp{m4;Z7p~VHOv&-f00EV)vNrL{I3Z{>RuH77&ai;`4&MgK6@D1z=XHWKM`3D#7 zpJ3qVFLzkp#B*6UMuKPik-p@zR+^oxmnDkVq%RHLVGd7qs3bBG6VZ@k zT%=|dEe_q7PNy{LcB#eh57{H9#zQ|i!6)pS0Mnx?ngV5vP8j z^x%u_!fzj9bV>=f8Gb&rpd&(FS=DcbN6h1C?MXEZpXe5P6# zDFcr@RALCMi&$C{#V*F0KWMZgW?GvU)UPKry3;oma9{ix@I{bPqe{s=4&?|V3@~13 zeh2nmggvQ@>(xy%FaDejT*qW~{hHAz9HjPr5W`OEZV|*13&0pa@3={4J6Fq5U8c zF;C_En$MPp#NM@orOGw0{y- ziTXOIvip>6Uhu0BCy(b(wuPc7_8YiQX!}&E{-`_#H7%3_#azB%Vm*rPR9Mvx*g3iQPV- zCpbY}_m@<-l>V2(!j%?I&}JbfZSbjJOl3<`AlBW+j1nN6=KxY6P0rNl=rJTN2UzIy8j3ZltxKItEo80er&QSZr3)5^C(`$+nc{k)5wdVssvmYy@-sgP0CjuE z6xy4wBZDk_GI&(U1Bc=WrNlg0_oj=vpAQ4|Tm{twEfib9Upwj_;JaiU%wTIaSO7Kg5#{biIAeV^eQM+pRGvbL)6r$1-M}~(+fuU--|A5zgGtKtu`Q?uk{uv+fu7 zCgVrM7r^VOGoa6BCcQ6}dSiTg&j8c_v-jg=I$c8%o~QmE%)pWGkUmfloL_BE3{8S; zi?49R_$X>ae94O?HRP_eUNV^WG2jrqKtEt!c3-~Kd;HU}XRILL9>CI2;-#x7(MA2s zVT}b_t^OFZE7BQMyL_R0QXK&awWK;kYC4w`3nc%05`lrp#)r^w7miL9SiOc<>Lfw|Kd{)65VaF`8-KU8u z!pG7+Fdxen*L;t|V_5qeKE{Z)@N}lE*Fg2+VrFX}HPU*?>kd4VKnNovEqDNw!^`M$ z!BrBGNdH-cJghLFlr-vh1kL(YGo73x`Pbh^w6z#RUl~#BKS88Dq8Y{`yd;na3G)_? zOda43K_|Rqi-UiOk|)j{uu7}lv8{bxGNJ7@#h0>hS}2W_mq0xpcM;C#L4vl;Ype@z zWa?RP=yXRxyA|sdMRjXNtfiGow-oD;YGjXybl z&K84AM+i);(UQqG7~G3zH+WozK4u)PNb>MGE0R>6qlt*KH0+4R>LBN_XL*kw%4OD# zjV8zlnR?PP!CET(=?4wB_&njH-e;&PvS|$gJOD3>1?Bqhw8a9(Au>{{mRqbkLQ{1AvA9D+xd<25c8GqJ9gxf{aDWEr|@a zM}gy3D*M`CeYy){Kh!2=t$7Dgp;31I)^9x7Prl`Rp=UfHAc8+ICiiT0J3xjVa!oY$P2h~6EU)_ns=yGe$g%KaJbz=Q8&ejOgZqE|cY!m9#V9Sk?sXkSD`B!;7|xVIY!x8XU$Mqy~GT3;NUNDYSSv?NUTe!GN&W zBcQs@)bXng!#q(Mt&mH4alxE8X=2pL-uC*V$-4gLdI1_3UWFw$_kMIB2ts=OkzQj} zXWUa(wHRBDZ#Y3^jzS{sXVK|+hZ&QwEd0+}coQNvE(BF0({$r_qz^x|@jTg!mROd> z4-*yI+A_tBm)&*RM$*q0Lz4QV%DNHLZ{=TtEw@K5=E zRMkzFFg$|3e&#_H@$h`eSdl;l^NZwo`l|lIp0v58j#bHo`&P`Y@#p?)&-yZr&PVph zM4Y_{p@*SQeBCju>7~?avMUYsI3p_ysDS71`)KcjK?yC-0?b>HeJuj~LWmbaNAOEanF!^u~}9!7Y>r50FVr>%$L z4=2Wy^7$7Bm76HW*{kbMS7Cjan>X#Hh9e{0o#cW{? z=9`;Fw=m}uJ2IV{p+!;Ql6}dd&7^+zg;&@Y4WuTO5oAa*H&_<-0Z22nsqww`&)%wj zCta&yaB06Ab-kjkr4}kIM@0^p5%YvS2zGirZ?BqMaa7XGYBhlE*|2JUEvws7Vb!o% zKqn*XilntM2Hn2j1Wi^?MIo6IhP4#>03~nY9ik4u8L4bU4cIF?dcD7Fw4-t$4^Vbe~+J> znzh(#T3A(2hg+ZO-yUqo$ZuN}3E0739bSjsH(pLoPFMTGb@rWJM?072KRUfHcUF)0 z^#z(e&Xz9SxaGq$(yq=$$^okKcC_a%yv?I1H`zu(NR@gd`&XTh;jBtIm6OwF*k#1U sa8jYo<2;a63!qx_Nl@&NhzA`B38|Y7@0J^0RDU~^`7{_o2_50T0B?BiQvd(} literal 0 HcmV?d00001 diff --git a/released/assets/rancher-logging/rancher-logging-crd-3.9.000.tgz b/released/assets/rancher-logging/rancher-logging-crd-3.9.000.tgz new file mode 100755 index 0000000000000000000000000000000000000000..cea0bf7ab2883cb11bd7fad22d79654215a76c17 GIT binary patch literal 26805 zcmb??b8uzd*Jf;VY$qMtPRBNGY<0T!u~Bm6O$gS(U*^iPc;~iIYuERh3Of z?WcvlwUMi`f(@^@@lPwDvvVIb(Jk`6K*t`^}BTYci_=5ezDS8XJgId^?o$vV8ZTGvN9xRFG8x_Rl)v{wC&r=BpD|8 z0!YbXzc_Vlq?L$@kDK<}a5DM_%X82U>rz1CRSV{a3nAC59^PCmJyui~t(G%AfvBx? zxmp`ir(d;T>0rpEB?l9683m!WCTB6r{-fzA9Rkhx`MJOFL+rOp6*VH47X`FC} zZlP?yf1W#UZg{x2eCmGepH_BezklMMpS--h7{OkPcC~}fzfX27z0W(fUOk+maeUm* z%NCtDUKiBME?#z>EW}-bmiZ&UZxnT3hj4G$#gK>PQ%IJlO)L5~Z~S(vwp6RK@GtAS zb8V^mR*Kus?68La^S#P6LrruXkfLp!)162rpKf)&e;8$GY^+&6NRgjax zrtasdzR_a8cl+mkV&j^XE(U$sZbd!4%W)s=T`%80IVkz@3r&FOhuG&7L(V0^Cic^S zq$RYLE0=kgjzrNp&N`Lz#v;8{JBZSeW3~5HQEB6#H#XPlLH%*_?Z8oktG3I6(eEX1 z)C;}b@TJdBx6cLE%fuFn0XaUJhe*ZEd++$3mQMcneN+8FSC$%9tqiZ64@l~{g7~$x zHwP8eaA4R2^p9dE$<1N{@S%|ox&^HjYhJ73R;-U2eu0t;oAZ${RE`Kwz`|nx=lf-8 zPSd`kGVePa{|Ut0qmB2=d+Ospx&_}`^(laT9k_AuXl2@( zMJi2JfS-aKSSbTWfJakc&a?1AyA|!}CFme`HFsT=Js8E4ZDrqh&HG zOp*`$8hb|}@9D3Vg_?TJ1)CX7Iz#zLVg7k1Ab86rJ71{=zd+2DU9a#Q8PB=BX5s); zk521+l=mLLk_5n;Sl5NJgOor?22&gApVuhpO$Lr6-U-@7+A+bJDcjz3wp;l$U>#-! zANwBOv5ZU<)}sZ+VYP4T+&}UbKr~?u@qPu~Ixk!t17WQ3#KPTGtH>Y!tWX6mtuurv z^Rw6}6DuMsBI7cI%zs_=gdUHcy07aer*B@V^FUdt&hY!LPZx=3XZYk7iF57V;AZ

kA^G>T24k3 zWhdlWJ-BcxkqERfo+VN6I}kB=&}3_~oFQAtbhDz>Ka>w`Idm9NbguxUGlds zhb6?NXm7tkNo5h@%qc_K7Np<08A<&HPjq9o^;(Y zVmLwpdAQkKk!LeY2xk(6EY4d|pILBFplH~G1PL~;g)UvV0cJT{mkY^~%jp{uW(?H@ z$0 z3OqY+p|#<-ulZ!NeR()g_L1$s-cd1y2?7rqF0%k45z?D0+}sJ zrdtbK6#X3?&7YOIb_|P=W@yu6T-8j^N`EFN&TS3MJaKvB0yt3U;#DUxd_+a?N4}2JgNb2Kqt(7 z(d|QB81I*2o16Yp3+_iE&@Yc zT`2_(JI8=%h!5sO6mV))cI0$5tnYdd=TdN7=DJ7^9mfUeGw@4&=hUFgX9Z=~_GvfP zkoOU0?l^GAkQo7X+Dh`Dl@@z*McKC52r7F(PQT6?sW>V})zhJ@Kq!jQ2>86B!01}C zNHDyZ2^0v=G_=&8_s7qT!n^Xmwu3vkf>xSD|U8i zn}8_n(t1lU!J>Z?f{+Np^p&Y~qJwToBSQZX24K=UgQ%OVuIhy7S(oz{GtG)_`_rqE z;_uy(oGQV(0*G4SOCIMn)Y4yd!n*B@#{PTVY`<8aJ8k zRk>mhY2Ey;<|AS)5U1FLs~PTjlAYhmO%6}It=#+P(E}jtS1TQ7WNF z-2o}FPu)as;!3dy-n~q@st7}myCxcqeMmh=Gf~|EAN*hGj z6k2NXf$Q(GFzckbR0@DgBfQ?P+7?6#2pSHPCO_i>m%;E8idK+ef`cCr#ow=T%DGSqAIy%&oTznB;r9t@6*(bafseA;}Z7jOdskjG)-ciU;pfh^~RUd#p69# zEfkusIqtQVOjusTZ(W1Qi2IR>ztnujSPdihaR-pMF4J~?QsO^5t&UpRtz2(pX_RlL zOEVADggC9+#=-o&X&P#y$+nY!zZu#JU^4f9QTojEe6RiJ%vS{^TlxY9AN*>dRLY%~ zkhAaCz4M=`N}qO1y4NsK-7k@q9q$+P-mcGeAG^989oa9Dlhb_9FOlxV9vd)GLY2Bk z@IyanPd~j>!R?>M)gbNPltC>$HJ}wQ^^4JsqUB*@HkUgktkWrIZGTlH1?=6cwCc#M zrWh!CHCxR`lxtEZuVPneo<9bJg#>^CY~T%|PdAz$a~mx0=~!KqYF zT5!eyDf9%gOCJVaNn0U_tqZBq!1tdKTw$@&SL2 zpkma1&SRe@U@ruz%LW$}$`h^dbf@q#d2+{18m|-WJ+g)D{9$4i)BSLUr43t^@m=Z5 z5*(d1Q~~wTyhBGI!nQr|>GsS;E8^?7Z?w5{8yBSX%8kX>TU_ZX=f`I3u!BfS*_3JSp!4*wN9Q^ZObrB&2nM#J!@*MkktGoi;=br?3(~E%{Tvs3Ggc7V zk_3L`v!tyO$P;O%jEF23lz#v7~FOvuU zJL5Pvfbm~!#Zc&+wWRT+Wf<%Yfiq2aEtk_RmjRI*DPSH6VkikZZ%c2O3_P6P1ipa% zgT}#3xT8-n7^0H~JB-gjkNL2{n@01^rBHax$xQgD@8^G=N%thq4@jb~9upw3CrglE zc^aP8yNh1fYhi@Q-qjiS;oxoXr|3~dg%R92I|kvpQp2y_14X)!b(9re`E-43(cfCz zCgp+eivCn)+*w=P)TW(3!DrK=)!e1|_M>Cp>GXXXrasy*W(+neR$fSubdbFx68WP< z(WY$I2}gVc86xN*4H;Df^(}Iti%;izSc(Ywk{R+LTU9K$YsPfeITHBFqhi}rK`r50 zv}*M>DHSY9-_ ztnuhXn2aqaJNLnLM*ixMIbc6jnb=w+PIS$p1qnX=;a+-e#Gd^$$nXqMFB~Q57 zQC(%|HML}%Krk|e0tlI8mN2w=Y=JQJ(y&4fm}J~<-0{P73ZhxP%iVFGL=XGJ``J;r z$;-n=&}&FU^^G?>pD)XJHFD1-t6k0Zb>-b1?&JgHecmw^CXOC%xyMzVYs&YBm zqoiur7y8!!nKAEeLgn!k%zAO>BVx8+>h^@@eFmq4>V>kTBb^OlE&nBGg%CRO;7my- z9cuulYJVtDP20E{wFz%OxLh+O9rG$K*=)uYp_Fy7tO7#J0WP??r2<9SLeoUzwF)-$Q%K^7-^>ubn zz=64_rG3$%FEjee?DxW1FzE&2GPQ+m(V5&ZX}POw90M8Tek6`9rS_tOc(X&6)X+ zPCKU8ch~Ioap{1U{C*VbQs)R`A8Y3hX*#A0uCQAk4=VM(A$PWoBMBHA91W{;CvkuSXh5!Qiv>E zhjA!+BDt0*!CQCVIm7IN;irTlPOZQ_*E$+k0C5hOf#A@0=jMcC6eSi${50`girpR9 zUyEFWZZw{-HRkq2go`~KF8M~W{-BQs87`bHTT$v9i>M|xPu~WydUf+g4GVeSR~Y%w zAHH1}W+^!Z4MDAnc6w)Lvg$Y$cS1Wk$I|VND%qULOa)^v?UO?|$YG@zMFP&5(Jdck zID<<$6zz*kj{mgehfDd)OV-J6?fPhgN!D#T;8m0_&y9Y;!I~)*7%<nb#m8NQGoUv$Q ziGgUP@IXAo8ha1WsjZ}rHRz&X2hq>w;v4cRaO*V~mnZ1~gQpIqE1Ym21empSw$^Qv z(TSGjWndPqkkv5D@!ryBsg1M(iUN*4frys|xbB!wn zOpVO*ThR_SjeTnB8?4J3L&gvFE&zSD;Z;-R)D#20kWlC|Jl-Sz9loR+!%?_X7^?Po zk?G1*kZA4iPAzN^p1sf!4hSg9>7?CM0IQXsCyDBN9#S}dJ$<4m65?0otB3JW7;|$- zQGB{Zsx0tiVA+|M!=64;c(pf2y`I7g8h1+2!_)CS-4JAcRx)zvojgQ1eYcsZ=@wnm zY%5!$C~8v=>CLR`J=ri)v=JUAtF2%cH}zjQtM+(oMCB9D*1Z;^@Q5-yirMyar`vC^ zYPSeWddTdyYgqsR-S1)%1z;wben&wcXCt@M`@AsBaNB9`5Pc1BsVw{l2{@{6a5Iz+ z1g$a>$Yi3mEMrH4;@Z*WaP4T#{)-6?54A|GWY}`pchocfO`9UF3G(ga#4f#nos{Dw zSJFL!Aduk^EM}*Vq-eW^6CD3m)A+!huIn#ld zT;qXW&Ig6bI0{>`Anb1z@0Z5PlDuVz`!hP6Aw`)^kw0s<+Vf5^4lx&dHQnq7shjY& zH57m}F0s!;Jh$c2kC*A@ttxLGbxD+@+{cVbBp#?uJQ0C4@goBqDER%@ut~;_>$Sk+2Bo#952IIvAR50{AfCUq@ z-mORgF6T#1cbb?1l2somXgE|{66y37xtw3LSkH3!gW|znr29om3Dm4M|N8xZjQ2|3 zaYg3E%fF`3>)~+K@!hx`l0OK(#KJ)~??j&ZT0Y4~(@9Z^alJrB&D}ST$u2%=;k5n&LMNn)I*_a}Zn(#Yyxbc+qo{%MQ<4^D#!Rpg7j6%}@y3z{Y~L=zS& zJSWj}h#T@7I4G}EgrbObO=f@VSbi-H zqTb_i@@VIVRSZ&znV=`Mx}y_2|1O4U|A*+WNve~GC4uAYiTcM#zn?k&!ODZqR`LGi zX+G&jp!%m~quW9J&}UiWh{gkSh}pFu9pC+Q}09;i+eP1Nw+0-2bb0W$O^?dcLT7zQp0y4K8>>JSlK+jAa zB$L~i5WWfo#O5cI{WL00xBhxuPwg?qRs!PPeL6pWO>45*M!lqZAEWM${F?l2*3#@X zd$KdqXbAp{dizUt30$X~=?g-HQ}cg+7}kq_U8IoLh`8|M_p)oVap2vNfdsBi4pKex z;O)O?j&AfiLaTd}79%dlxdbU6sqyAtcSg9TYX|%_RSxrx%HQ!CdQ2I>!J_rSQ|TGj&sDK>@$TkzdEV!)>ux_yYBnO?8$DJ!M#P7&Xh^+v~=G>N|%?WakzNa7BI`h4Y3FY zjAj>{YNf^guJ63?>W?Yl&Kzs~Da#FaGPG@)1Eo9#Xxs|5GxgM~x~%S%Y@oN-oBjm) zIx^idWhHZ|lKJ_nmcr;NHztZi&>hT0S!d#wQUO7)CS-Is9G|tFm)w$o=WzK{XsHNi zfTGQZ__K0ecPxY)HjnvLUU#8P3X99kmV_TUyw{0oqzN)r1*S^fodb}o&&u?Mrj_&} z_<<7+tg<}o3w=4Z=bma?SB1`RDfXC09&59&+Bdh`Kqvr98y0-JWl|C8-eKWl zx#f!NJyxufn^E``M}}`u+Ex7z#gRKDOfqrkZ-9a0#Kck>!h6{$34duSBSoTE82mtK zs^Zx1u`tQXLwSPVR#$>m6Th!6Ju#%Bblc|CgS z0?_JTn*IATOo1nGFLPy>_0rKzlDh5?7XHzP>qy~UF2y=BHF2DOjiz?uEgSf#9Q(?h zgYAEiBsT{iOKgH5@a>=wSaxxbQr7eU;lat@f2itFDz|aRa=XcehP=m37zy7#to@bc za^$rEdUBlt)hVQI^d8QJ$f)-hu?fO0y~g@-gWmAiIGNz$R&x<6894qYfDU47x-@NqO>eCZdhR~ zW-mjIwHIo7)MRiLZ3-JdMY;BUzgM()_*p&+fr%&_@bq?=vfOqOfisWs=TfDr4+*RW zKU3Q?jo<#KJMF>Vg$F)^WO?)tEY~nTE(!)j*hA7Y6?tJ*~=q7Knu%J}jRcdC+j{ zvEkF6zb`6j(Z6y-V64b^Ass5lQow=kn;h4Au`~KZDk+M5GXC&Lxs|1!s8o`sSfvI0 zrR6g`lUD}^>?1Hf|4QHWG^guU@#H_6X*!`vtS$hvx_CCFdErV@(C{ zGaYC+{o0nl*L|ziLydgm%N<)TjEI}3MVrp|mcs*~A%X~j0ow0mkVa~O6^l!yS+Bxy2?g}`7I&G4|O+h6+& z79x~gTEP4qY0Zx=UwJ1d%_sS;#Fkt$94AxolgaoiIZ7`Zjr{BS0yG%kFYj`2)kE7- z6ubE3B2jNFh_PFW)RcykUL9&JR*>ibK{%q)6fyVtm&1f5$0HWX@Ln zvFM%%&3_Ht&>1~RJ=xlY^3Rjbio1e={RsE)Lj6yEVEY%HNVRxOzP?o`k#WYZ=ue_& z0{lkWI2!6@xkm#Xwy+DCLT3h76|o)QYA0mGg1==G1@Q(mr$Hy5{3+)v3zLss@Mg`v zp1l{;ik8yEl>?htb*Ze2L2&;rIAz;9KX9*yFcn^QS2lt7@aWupV+Nwp#L;GM@{jsT zdB~EbI(tSC*uzpq+%m35^sYR&Gb8Mx+}b98aK^?iD>Rh~LdSb8T@ec2OVxW`c1x2h z%46blmVG50FYerhFZSz)3EYZLEJ_k7)rK1uz9tAUrACEdcNMG=i#{%hk`P~0#hW^5 zA7Z&t4y%|#GFOd^?x;fJ8QkI77#`ZMsp1hYE$ED}OZKA;lYD-KJxeT6MyN^-gt5Qs zakUJI@1_PFuJj>@Km|5?K&B?<&G`%3U0oCsuhX~Mx()E#L>VRbEb-zA}ogyA!k1+<&8{9xN(-3C*+4F zM4cLnA%`X&Q1@;dYR7Ghey04;xG2|JMmYt02iJ2WvqJCLXjD>W_QB2_eWozc_Ige1 z^csBV4N;Oa69bs8%+y1aC={o$Hhg1@fi1l}%(qlYD2Fa;=Cc_3<#s+h8K8TA+)z+o z5t~85vb;JZD5k3OpW36k@q2KkxiJOO^k#CwZZRXuCz6B9>iOXeh|%D4n~8|jm6EgC*Rc0UlGY}<_o7bqJ!6+Wh3=Ct#V~+ ztO-Zv;GcwDUHncUdMPtp<<2WVsuq-zFTu>Q+`BjSGB(}dr_+l*!IY6M#^>v&R(LR7 z>E@%~@yFA=*fN~jKKfYwTbv~YRBtDYih%@wo8|X=Yg?4udS`EnTqwUfNJH1Ya%ltVd==*6W zo|Y}_yre5@hEBi0pIKD5`Rgz*R571`cF&XW1gmya#LxSWMcoZ2dy{K}r6+obj+Mwp z5KU~xydYYynlEY4=HZb0=Rbm&xGzDB+lX%=7pH#wq38R|0yTrb4uQ*wf|^a_=UrU6 zb(nSPqQ9vOM9}*pX2lu;$V(!=yld=ZTE*I9Gps# z40SWshtqsI+|;ji?|-oM$zbm&LueL35K6+2n`Xoj}!r1vde5ndjr?IXaue9q2PM9MkRy zCskJf3l-T_O9lheMt%SPDQgBVq3d~y2x`3KxL4dWgA@`{hxZ4 zj-mP%LZ9rF%CpUPRc$HGY4mwBb z{?ydKK(_u_;un9TdBEthmcz*srv1x|@$|s%@&}ITj2}{SaaX0uoEINU&NR)|zXVNu z+nQ6!$;$70H@j^kUla1rVoQ7K^_7K6I~=5u<@UXgRd^#&^lXV07AB)a9@9pnV>>E_~La-=4j08}x&s)8YU2P~-dq5uA(cH!T!d{YL%AU4&VkcoBuc8a=21) z!=Y>|b7vuKuWUBydc}z8>O@j~&}Gyy6+NSA8=rXYt&X^Ieo@r*|5uF)EtbviylVd!w*Czx~!SVM17T`!^sR1yL%`Im=jTneP90G!j&L!?hddDy`} zCwOOKBH^6lT}e&uhD$Eh`|o5eKS{b@#gzc;ud=T?J=7I`(5n`98-ql>Al9*9%$DEb z55dB-8(@*q%1~IHyZ%|!nb5`Gp>$XSgMajFD9K6`>5+ebreey5s63WeuOgk|JL-b= zMs6+)x<)%o?_I8OAaxuz=ASSgaIuYp@69GfzYF%^R&obLn+tb`Ql@f+!OpZpvUZMz0} z1A1raogJC_p{?}0chQeIN{F)f#)qD1B@m*}>3cRrj94xq(J1uY)@!1iU8z*(8TyFLlG)EGegTB&Hz>j@=&{{<-$;#;)AxM8125G z^va1mn66?fnVNN6`seRL^@ zV9y6OlrujX{yO01#Wvn#dy}^4*kFpX$di~hK%&xD2!^1cmX{GH*V0zg%+!cR-3RWQ zZpkBch%}M|E4sKh#J&4`0=Mnxc_$2wJ!no`&;F9dnGz!H`Z}liH|WBZ90>;uqa_ZT zfCxBWL}_I!F3&8SiTvbWU`BWHMUG?(#G9vI%nC{wkQ+}@6~=F$02}}z;JnPg?^J4kx87@hrn}WTJ!`hvGW1sgBze*MXGWscg2HupRe>?QOUL2;$nn3nXq(7 zjNt}DZGZQg;uR`}%rS6Lj3F%Yc89WHTCh+6nUaP(OfCwQ>8ZvGLX>l=kk46jfL6aw zjH)(>w)SaHPFdm_)=K@JV36NXN&w=Nzr*eMgkHDPL-F%^esNRrebCfA)B1f76iHN4 zKqrf0XR=rKwUcK-1ozWT72A$~%0~jfgk%I1szP7~XIW#h_MX0pi#SnnGn~4bT;Mf# z`u8vU&S)QEE7H45K&IpamqL8-6%Kwx9f|L4Vb~h zSHdXyNr|qaTJQ7HQij3(^5BdZv&Pe9=Gp7z1gz?qPO}vqcLxBuFH$8|3!qdZY00 z+%hk+1A$;w3TdZw*(xQiqV-&Q)Jka;$Fhz}>Y^$f z0&V+;-ClH12+7f$)LcGrV*8;85_N`jG#GaIi>6jjKn$Tcx%DfYFVdVLy3 z`&&{W$N>c?r-j}^yHpB#)VxRnS5l+dF_pd!|FXq)*hP(UZy91jHvYlmuj9~uBUZ-N zL{t^V%Gl6JViDu96QUnhW6M++ZGm!YsOAf6M$OdVm{M%RLjYg7#-F+%4z46TF-b~8 zF4vlGc^1QzxiXb0X#o+%8EJl)7zpUMLlG*Y{ro9%3TGy5dc$CQrwW7}8<|L0zr+s1Ov0kt4}|$f z&)@njNr}plAAvTbmZRFhnTsXI-Z{D|6$z~kmWQ@b`Gzj0FrwlpJTO90YtJVN1iSP` z`_KLPP)wlP!(w&2a^{9Hb{O$x7QHdlr&MbCT-%GvyYgcBsn?0rd;7Azqs~yjT(4#E z<%Zc8FU_t=;mi-U`XilD4z8=RQ7?=`4trZWr2glR=6TLuC`SB_3u5q0fBp=RhbjdX8)3SK`XBn3eTt8&5P`xhLi_LCd6%Mu9#|XG2HO=OKM4< ztKA17Z81_;u4C73($X(c`-pRDZNhPV8dPS{FGY9m%MfNcU7`p3LpgKDwhu%g#ORTm-J*M!Lvb&3jLLs>wt9(*;lt7Le{8uV z1?zI&HVJjwHZ`>W!A;`Xt)oA7$j#s2dBYnGLS9d*cHet(A=S-0-o5L3mp&&59ia#o z1Y72d3RmV)ye6i7zRLV{Ws2`Js@5;fdBpFqv6$zF#|v?09>6<>!JQ}n(qixH@IZ6) zWrRr5-^-#Wyxw?@&ro_v(|KP&j?WB9($gItl(&2xoMx6KOc7aTmJO@&YQ3eo+^-G? zp$3N$1IV?NNrO$ll{&RU+-{inPWlPL^qK1is_B-wG{?H#<^*uz?xMXPx%b(_?oTx6 zkN{y9ZBO8wheA{%j-*29S0i4vCY(EPSe!B6C3|>(+vr94b+jlC{b^6~or{I~<9DW^ zf)`ZY(f9M*JRt%MV`$j6NZg~RDV`|I&{HWI>qDA(O%2Mh==+7%amG-VzWzXyAhb@Y zVUc%O;&Qzn%8^pt_%Qsj5BZKl7tG3rUY;CXUVHpi2;XL!YS__HV%cuxF3CO6w)~!)!Y6i$Z7}dA`RRuI3E6wh!;RZ``y*$vwrg6U%N5unl{Q7UeT( zs6tLVg>gb~LylakJKV`G&TzT5vQgVP+KjBK2Bv+t!UUo})Q6Tu?k2a+#YQOq_dwj% z9%$W_xG$0z|HiN_aHcD71y?J?LVWo8(Ft7C2lO>JDg(w?f7(l&@Mdy=3)Exg+c($G z4Xlq>ai;PVz6Q`Y2Cp1ty>xjVkIh7){@*(8P*MQL&^i#GiX zFV8lY4Dx_z*^i(V!Pzv|_1N7<=U83Vhw;zp>g%7Uc=V$Y-#~{ub_k*t4K`lA_c~$s zrM`c$=1Z{V8I`1Af8SY*0kdD0AK?d0)~h?ObpCi_-mzHXx>T{FLwh)p)hzN&hDFq}y;!~gUy&H2D@(l)Yj=>8kEAF*Z4 zQ3(n#qsXun*|7`c&my^X3pUXWpZHEyst)pm%UNLZIbC6zf&LjZKQKr#_D02=pSA7y zkjt}XEr8=#6b|VNAHIJNqScM(N02Po8O2o-<|6kMSc@F_`(N}<%Z;<>4A*|4?E-vK_s-+m~Yi|I|_;Er}}14FuJ5e=17$z zqN#-HcK27OTz6fpzHf4wVO}w>r|aEMp0shT3kPm4$Bx_5dOlXo{tVUG))zUlIV(n{ z6DX1#-TR1y&%N#x^*4u;S^@WP^D-Iv)T<94(UW~j+RJU1b18_ED*U;;4(dD3IS}hD zri24kL;39dy|mJjhu!<|%1@CiO$QcWwSo$Qs4d@88CxJ4{TFg7@rAxC!yc%{T_KhW zcTv-$nO?;w_tN7#`Zjq3T6CA}t)=ixl~(#7gRcdbQ9ihj;>ogmjLXsE@m;Y(r}#1; zCB4cV=SR@DbDZm#J3Reyfxq{37}icBXNj!j4ZOs$QV5^?2GfFt7jqjZ$a>fi1YnFJ z;wO)cLum1@fUD{Mkm;Hl2#fg5_T6gCbR!Ai`h;vUuF*Jx(})G8x^+>PT=!$3NvJs9 zcjg^EV}S|e5Fu+@ac$xXlSAN5S;A%G$EV+Br{7KXox6m#7A#i<*46gdX87X)RnW@O z$vL2a7qjIXaP>Q!di@AfveMR@Yp(5;XKvRsiU&+uB&gyR5BP-Amd6tjOq$$#0W_?l z{6Cj;JqzS^xx%FJv%sY3>J6cCc*~DT(DS?gxx2}Z*6FaxOUz`O84VP5<2>H~d(3|Z zCr;0AotLOB;9W}i=nU!tK`@O2;cw6O) zivDB(wZ4qN>sYq0_px;<1{rmcF75EXaJ}>V$eHIZM@nNh$-12Wz!HzHeFLL;qfvGz z5RYuM0br@U7^qG{1|o^oZ$9#1(KyA&gDr@5D1l&JFoBOKE{<#FF8Y+^i;N`BeC_1o zHN<7sXA7-hz8EM0O>OV6njPW;3K`7^9aDk1-qr=ULgqp)Lu$5E0f(cm+&)}W);SBR zyiCvyC9~J>+rTMjapj+S?%6kptMC0fGQRA7gxnP~{=*a913`2U4t!zK=jJ%L?)}B{ zKepd21v`n3HWxW@N<>S2p*n0kYSN!uHVu1Bie(_wZ*gtg)I=g-5!14uDt9G&pj@z+ zceCbZp8D52ve2#}|&alqz4)w;g;+Ch)I z_?nod&-&rSjRb&XFp_9tIM`|ZT7T5?xDdvdN1E*iT1% z-6rMhHn@+JY!|zM|-;n z@4o+R4ktlog`*Abi8W1oAWOHdn@bJsB3lf*-g+FmzZUNhpB+5*c}-s7M~_!P_J^wR zB*ZCp$=eapxY_1E+?wP8iH?gm+!E1OM0n`;!>bB>HV8zO)K!y>n#cgxj+*c? z%d5>~omq~|Bv1D=NXn}f(Gm(@*|TIi|6f%-My=#dE!g#&hw6Q#sy!edO~aFlkgyo-mo_ zmGUEMzs`XC^$O)m;=#ftQ#qo3$%?97YyIsX-v{*=Fb8fCzCc1!rbWjv6K2pwe`9&v zq7t^}ZxJ?3oA7i$$Y^vWT)4}7 z0_IzYCI=_oZb1R$aqRjAwjQ8El~#d~l_H{?e9K@Zmb1kFO7;u)EY zuA{4~Gl^cIXCa5-XCZ}8Mrvm`%V@k`$DSmu#LH;I6;E}ZVQ#F;Xp`8>XrNzyBQ+kD z8frQQqZ(>-ORI~fVlPFR(~Uc}b{b6y6~;mKGR7+O$K`-f6@iJ64lQfVdc$^Z(qOe#GawJGSQ7AKm0FqPdDQzduIY5)}S zW_qxz4bh!l=N;j`&k?|RBEOw&`&-d}`F|HC^R%2B{aP7EN6jK|RLzfX$bCW+^)!O7 z+4aP9>2EKz=Nr4|y(zN~hIcxUOK->e|5YVKl~H3tk@|7cw%#|G>`08ZNWVfI9M%-4 zNpdU1Kny#rXF=3XB%FWqtCdlA@3B69vC+l2Akqly#x$mlegWopFNC51gdc0^pW>}r zcr&BxXskB^`fy~SdwpO!YRRW|?!QXt^w(D7kG-Q1oN2W%j%cpx`(!LY_=Yk|n=g^AZXOzC$v|uYfA{~? za}%8k`p|K-;{XQjxd+MNXLrzD;uCKkt(Pg*)@a7U1s61}LYBzEh=8MjTpwwUC{xBy z10QB@mApVIr8(lhc9u2CYL(otz9-Ef6q~$w+qKHZ5#K#BK`o+aaXZt8VZeru$got}nH_bAK3 zw%GQx-Kp0_?+1J^(2oL~eFq(a&_^X3K4w6aerVDAsu4)^IHiJszD>9|Ksy}uEqOJ? zc#k}NQ+929IREy_vCecsV1cQAY228Qbn%j`fhqpuq&ZywX(=9R&PE&Jj3xEE0Y-o3 z02*Y}(}DN+`ZBj69N}6$dMG}l<3!_Y1>b?oTr$!%A^4n$0qzHJOza-`+NLueZ7jKqW99r9hVz*LqPxG5uy;5ux4qDOnj%hw)|3o@X!iHk?&UKc6& zIEbH(Sdq~a!3f2d{n5wlF0sAYseSN^=~Y0ewA+@&%}22Uu>yoi>W#ekltnpJZMVU%kFe!$0Z82dCx7RhkE;*o06MWCO0>_pFnJo(v5Z1*S ze?!-wEkXZiIS5bTRlrOzFm7I@f@pAi5}K2qvCdXyUggKN5~eP_{$>rZx6#S0^i#@+ zjgWJ?^_-dGa3| z5cA$su)}ZAIpxzwKH+%X2hAx*dhQABFG@J(iV5M`w8sU8Vy9{}i(U^3D;mnNF;kwb zU~}qNx%-4MYU)|Od9Jtr+w0GBSoW-HMy9kX|KUy)f{4&8t0bJ`M*jgWoc!<|uBbH@ zIjuUC#ffiHB}=YW^WYxKpMHOc!A%6BGvcH=vc*|?vIv8t^aKn6x1wkTC!;simtDI? zdV*`ej{iS@BFY^DEA9Wf)6a?K({zLN(7eCO0mbdf&;9Nmg}|_$ryC3BSTsPHH$g!Y z>t})jdA!3$mWxWhtKRbP{mmJ)8zJs-~dbWz#FZ+q945vqWOscvJBMz$j z0P-?``&~-wnxv9@?e7{3dBEKdV3ev)d|Vu@0&S`88Y7!u$$4@Yc^VW#C`kah7-CP+ zXWkS@&0nYy#6Wr+MwfRByXteg@77O>dkgTS%?Q6u&_A|8sRFA~4N5+YGBC?{VB#y? zRc9TC-K!h$-ijyz4?K!Iy7C7xgw_074@5O(o^%?v8DkSpoJOg)7a3Eyog^D^K~tjA zuC8*pV!froaHsdEhZ3Rk71!5)-ZVMLEW^(3?5JPmwMBW z&@J>Gi9R;q=n@6djn8E_SmDa_*zs%wA@wDBD|b_hkB-P)D}K$8Ww+FRFQvG(tERXw`_(Dkvmu}T~F-IH|nKHn<9QV z;K^eDmYu@bUVeJmmgyM=*jsF>4t$e>a*FZD-zM`MR!QmxNQEn640f=od3TI-EdjE` z{BFqqU!DGtL-peI|E1G!Us!*5*~oD2cUuyp!(|==L!@0w zz8=eNSnZlL^K6*G;k{tVjxhfq*F^|Uu5ysCLASqQFt55vxa(3$bS+)%qduWgti@Zw zheWbcF1$R>_wJeP<<0}zEl^xp zl{d__&x^EtfoV+I1$t+C;E{sQBGT_J69l8?6LheebgR10tB78vV)Uv}h+Y7Rll}+J z>!a!{vjFQm=>9G~M#R4Zkx%K!m-BF{9gNRc#m|CKR!AwEKGK!J;?-3VFHb(-pjAq| zS5b;Un`${mY+6a0%(I)(&5W|wrZCQAE$=|P=T%Jq1%M%?*LaQc3^_fk+XaTt+=K6ZrZonBs&UnUJOC~7U$wP$b#>2ykDaR) z?PzwVLf3&$2DfS;kv+jv*STuZmHL_e2Li;mmnhXA%2x5!28_7~gI4TaqxfY0Hz4fc z6$tzC>kkkXazWgoHaYFKuX+?_mkz8tQqMR`^}3!$T``-V`2u~Rd+PJF&EUE?`y;}S zqkXOLebc+clI~>SmHUYfmf(D^wf<29cJ>3&li_!}P9M)x8m7#HBJhlAUZbs3`I5VB zSN%1-Oy2B|=bnOZD}*om`|I;L9aRWpWr(OCCf2=B7;o zBlxg6*4z5tg~vO|?;5_roPrC~rE~47%pdYxyg=hs?2SQ82WtH@5ZUl&AkvY0_mu(r z${FowwDDH~6BsEdiHXIL#onfM0inzkx z4~K&{#8rlRW*aUzi}wNW4DvCmNRT$;n%seA-Dxn;w^5%&ht|AT_pZ}}Cg^}v{N3Lg z{4{;YKYDH=GIMn0$Rorkcoo*S(3v!sIT2_-+-+Iu&L{mh;eqAyhw$LS{~@cjWIG+! zMQ;I{>R5eRH}e+3t%bCmRwCD3n#DixF?^GF!M>%hR4{o90C_m4RGbtCx$SjxD>e4Reu&!9S{E~tE&$o)@ zA;Zn`>>t@vFJb@X!R&qb@Xm*Y$N&^NuW$x>RegY|({Jg(RFhn^9`s3a+{Z0*<}mY> zp71dE#P=s}6g@NUOmoqW(O+IKJ-{a34AQi)D z@_Y8kpgA3FKm+k{F|Ja5Rw2MZxzXf*S7zp^lq^E;(MP~uh?+s#UoQkm1UJQ=vnhmm z%Zi*23Q#IoQB(bau@p36KG0=>G;<-#oHRr~%dSxA%BG9e>fB+z0P60l;9{6?Cdul! zepZL}E-~I&xB`;RqO3+OKqv3`bh2%t#hN$sZ?*ydo%B4DLq8F`+i3Jc*k9knh z04y}m5|(;IgLhknsA0FCGak6h3drgA>-O6QAlw9I&pJ!!M!5T7~q z-6hWV3vpVsCQ>Ofo7a4U2c?a13&EplsIDw~KF5aIzl_`+=3lfUk=hTPLLon}UQ#(9 z@@VU?m>AY3y@0Gi;ccJ zB@I#!+EvC0#uVJvQBH&b>=1@O&-m(>m(rz^4y*Gf@+VwKSD{5pP^QSK%O0vX;cu$k z09J_g-43aO_n+V>;YYYyB`|=MY6Q^?}F`lD;xlDL?m0wIS;2fFo5=S|8#D4x)ZlTF3FUxsN63I@?;ro z%bKrIxh>l#$cV^iqpMrd*l|ImkjQ6nVy{5(kLDo{d@0T80KN#P?_pTLHN|FYl$OnX z(o8WnDW~O3wEpGeSfP+*^R}dnPt=lY-gDB)rZX=(DB4sknS}Kq{McR1+@#V-UfQe} zv16Rls|Os@i4(?J)~f@IjtsC@hjrd~HWD0|A?&2(HU2Wjt$sFk1l4nP(b{bWZbE#3K=75`2rU5Du<(p4iJmy1B- z=l6yazLoC{JH94&YUsw4;1!~in5|oh3B|9(`CerjXLCaFY{SW@!3g!lzgezpMEYDX#9b~wBWM^NEDvUCA_TToq-jz5ZRF%~7G4}z@-yI3T z>=%5fHHk_l#o#3Hnoc-C1vPd;Ihu-@(Scx%Pt(a&pl)TTcS_enM2B4L0LUxHPv#E9 ztvD*nE0%zbv5#)-LPqz&h*g|_;&k`h0>0z5YFu2S5Mvj^JStxgKM=D;9UPUp!1z8o zb9?(hFD~$Q@K+->+gLlw7fa+8;|t)FDNCNz=Y1_wjuMknlK$uUlv3cB*GJ@|A>GAS z2kIg|?0alJAyxD+KQWo~z%u?I;(?MzO4OjC)~0F=V99&mA49@Xg{|8bX+^R*vPs?R zZ)yagQ6mRuE*pHs1-v<3>v7?>R^G<9N}x_lg9gf@bj>Plc`f2jdd)74O?=@!uXB62 z%g`8>LnMOSk7UYQ)M*|3%%N#RB5KqiRngX=B4uNpJ!M&W)UoGKSpMvlXVT#VmKoVp zqR*Gxy%&pIT}+Y~=d;#v4u;?4f1$5^82J=;vci_7&bLR;2Jw(*+R@b%AFGyJ97ivD zQT>|qV{yOhF0B34|9z3I!tqO_Q=JhXg3i{DrH%V15Licq?g2=r;|d`rk{-GN@k={H z`KC*uoAe%dgY4g;$o9jSSqDGPx3a4F;v2I2MWw7Mj`t%>jVMcS)(IR9*>5_WNSp*N zvYIy6W_7{@4_z9m!Y0~)s-pvd`3h9C(``e=Ut{zj^;K)+BuyH%VU9Ca(j{fzw=d=L z-SHIU4}Qm>4(E%Uq!cGq+FHj!6epzo8Apmjb78mP7sG!M%Q~S9eArBOr3qF<_iWq_ z(SUC-T#r^xsBkhf10PrMdY=@dPDKtAu<7Ad()ZcgdhX)>2jxI60gstDYsLKeFo1v8g z>YsyoyoA9=N4OS5t(;$u4`JW&m0Aj+I07csnVYf|_}6o9ehV)d_F-i>^A+WqO3VpE zzCndI@BWqF-RxNCiwS4LQ`!vmOWf4VY&AVkf62Mlx8@t~z?wZwHu#lW@CU~oo)iAP ziG(Y?-{MEuG_C21t~GgRQ6_JEz`m&4AQr7XBC1k8xFJzvu>cJMRy_O%86_pGjV`wU zpOmLw@39x2?UL!pg7nP#%5%UOk%F7;3Gnd|cw+0Az6a0_IolCra#1|E7o5|=^5{9A zS#MR1cJqOWjuW2N_F(Od>bSa>KtS>> z@@N^$hKmgPWU+-!WB(?EL}o-uH23VQcXZE#C8?PZwHM`<{Et=0rcgNzgI!@xZZ-iF zy$i#-kMT94aKPd9kxAhG&ND-V$MvwQEvqj}e^SJ^2(|vZ+1Iefbfw)nJqfxszyv&! zKUjU-zjEmWRyi;NB>pX64-A_RTvGf|J7Np&M-9)QBSa(sgn6{>Tm!dtn@V7gt@|wl zD5dxSHjVWo5`}XA>-`xNAu1HQV;|ISf2}V}luMl0Z?<0dPBeLUAbGd9)Dytu>}6;4 zJ#=SFjS%f`YE`~NkgkM%@D^2ub^|98_3L-WBmtn4_T7+iaMO0=*0Our_sA1q+GDo! zf|E=U(@xwqXLaO8hL_2%l9~vGsq@XEAfZtVCHSm9`9Q)q{ttXsj74~I->Bf!v261a=d&3|xqOxw`7w8D`icu~ ziMU@Z^tW+(1FO%Y7vhIv=G(P`Epw3-sn;6OI6#~xXTY6|l;5InFTMsI?1bH*F$1Kw zgtuH4uxcv6An#s@mlJ)&R{0Px5IFiTK1*GP%cd82=?a-R)IN&my?XSd+K1^t$lJM+ z1x3?GE4hmm%juC);PO9Jj#x68g|9YJb|fY&p-CSx_H#3y%GQ+hPPAf3 zN%|9K?UWqX9~O<#q;wf2?%W}zCx@XaejglCUJ$C)TUDB$I7^>auxUYeiT@ZtG^WvV zTS1P@J8tHR8gl(A0`%+0xJ^+{EW#WTcOSJc)rxvJ)sRPXjfZN4ZMy%pvQoC)B)+X} zCnHFW^G=6OglfLNJ=R~zw;Jq*IgWE)_KMbsyH7vXnw%r3jU6<7n0wxFt3x2ng>INH0`2-_bo2o}~>oJX}-<4y_Y%xH!^)zZEBn}=@mkKY{atz$0mqJ6a! z7=2=X5+p<+Q59KpO@`Ci{i5Xr!RvPBDFH|hE1am|`It`n4c$!78*XhX|bKlzePTs zJ*du*O5%^&5e+s434Y1-OoCChC6nM`Ty6gb$5S$i)CjHisJYTZ1HFXo;EFFl{dw_E z41QW^J`{aeVc1k9oD9z@`Mkf7bX=9*p_buye|Op&!(3IgM)?VxJuaM3D(4`Lpmk>} zjfGsrQBiRD+CU-N=T(P}<(~O6zj{kRQSk^K=^ zjs$4I>pBTGI83!jS`80?Z@bX3*=Z$b(cxRiwkRmt65OYhPf-F6bUJ!!Odh;Cs7UBY zCIS=bT0L~I9rvP;^tdaL!M`|URM0OjCl6;htcxEaC3*R4fo}Nn!eVlF3&b?W4>XbJ zUm;=XH?KxUR6oReQ2p^ZFj-4uC81(ODU+ro6aIsC3{Q=9;=d%yOf3%1OzCteo6OE10$rQJh}* zwv`_g6K%pU(S}9lE5D7nXZUXy<5_zExc`-m1o%YhlG1s;_nRdCzg5<0ew!JhI{teC z)YnUAnmQ2q@5ciJJdmZg`_C@tc@+4Z1W(^wyU7Nw=F!(a12aOf|CMGW&__>_Jy~zu zv$=TLkfYTJ;%I7GU%x<5my)0LDtRt#=nW1j#o>lM7&`ivLYc!_WdA;-+1k;Tg_&ng zmjYE|UP%F@M5mL$E1r3n15#+7@zCZlVUO46ZN&X?u(ZUZ&xj13jB)#)RU+LWS2qFS z+WpD8CF4U$@B8QuEE$HR?>IEEOvplho|2bfpQA5MkysZa?(Kb%9d&HX+k5KR)3kT@ zjS45V+imN|ZvaonCvGXNyqz*bLe5HJfREHI%69tHRczbN0ydh>L}Mww-KYX3fn{p~ zv%-y=9BEZx%sw)aV}@1pICTo|QPt>@W;hT}`)jQP7r7*bKs zXUCsbI?iCt7oqo-R(%8Z?dO=WZvwxFcsO~op8(Y_b%Mn^hb#(V_28^~DV*x!M@5Ge zoG!8cxBmm?_?W@|$LbLJ^A=b@Qj9CZRJQI&H^ExBmR#U8UmUP57Y%afOBMOd{B70% z_noDEPNa}xi64+_XUlp0^@AEc>{YWRHko2Ql!F}NAO>KCQe~Y?@gjg^yFPl8sMYCY>F;=Cw)VfYlR zC6vjR&2v);b%c=3a#_pI6 zwzt}>>>*$XYBVG0Y<(DMSfMnD4e-=y?7O$si&Mp_11%K>t$Ug^Qnw<1wtw4-KWev+H4OOH`efxK zk?d$&{_s%GV*0XIg8Y$1!UH4T47;lAbE{c ze%fVB(L`$!+I%%UYU3M6w@uGng?KGE2n*15WsO@hBU^I0IO_in`A#erqT<_g{JYw6 z(b?9xCgY|^gQsp>Sa2VoTy) zUU0N)<5)#WBO&=0+du2R>FuhL;9*)|+8Dz_PUd8x4hSZ};6MB?~IqtATIE0V1j> zK|RR1jW%RfO|cemK+I7V+63s8{k9Mv-#4;4iS%$sB)~ExZ7~YE6bE#uhFnCcHYJ;< zYr?VW#*2n{U~Qm7fZx-yae?|veT%9zSt?-qtI?AzN8AD}EZqS^N$1utX0nUeDtGzj z3X6lwjRGmoLJSAxt9+>iao>U&Yz^Q6e>INha7nEB`~U_kgY5t%D?^;QyD@ZHa>qBc zwB*71E6=rMHU_eJu}2^gJDiHlMPibq=9svfqDUda=j$r#1Ny-6i(cO@tZtunOBEWA zDCV!55BOU2siu&7+!%W*!g2Z&-!a-3$0~FBZndMAab?tIRlO zFz_bQ-S=AM`@pc-#BmPx`YnDw^9#11n75-l2&(jcdI-V~cINdkkPqZ6(=Sr&ZWG_m zt@+`PMpKbDdF!o4VX0!2h8G^pK2dHdh^K~BX{}li^)tJgorgN~H_0#_YGj_HE?HhX zTK@uvCWGF<7j-;~^g3o(s1R+2)2hziGlFkPS_or|26~n(7t0}y7$}6Dpx;5iPlI+D zweSJ;kE1u29M}LK-mPGMOVRtS3a_&%!n=Sc7IPo}w(O+kxTXvloPY(0mjFVwjJEs@ zl=))$lN=59@bDAeHb^H9=?4-JD93zuB>u%2JCdJU7>6?alNEvm<(7%EN(PSd6qH3__J~RSV|ZDrv&=0gqITb1qF^F z7*K0_Gm)70FdrK8Q!;;(1Y2X_u#t(h?BZ`N*sL@LqtzTD=NYrL`G@O?K2uM6MFj;x%^LqNbn{6Dog$6^2g literal 0 HcmV?d00001 diff --git a/released/assets/rancher-logging/rancher-logging-crd-3.9.001.tgz b/released/assets/rancher-logging/rancher-logging-crd-3.9.001.tgz new file mode 100755 index 0000000000000000000000000000000000000000..9aa007ba0b2e3f53a298478b897aad573355f5da GIT binary patch literal 26805 zcmd?QV~}NA(7)N`F59l^vTfV8ZQHhO+qS!mF59;4`q#aE--tJ6=EKbA*%2q>M6P`z z_Sun{>$h?}3pe5?(vN?xFR~vLdZO~Q2BK2Tl5T8F`V7jnh6+q(>I!VkGRn%#QYx0_ zde(++igGqwqDGchKh8fi684+xXu{9hctHAZeBMN2JcJEaOthU%qbj=^DJ2jY>Yw_f zz2HdcD-gBmUP_`vkLRb+da2DFxt*$B z<4X7mJ_J# zQ&h3$rL)!j?4!ND-r4!OtYfR4vHAsbDr^t-81sg#Zuh`}S~PFK>sdDt=c@pURgW1~Iy=@aej63IDNEyg0ij$Ki=5gW z(vQ;Zc5^y-7LAH_tn(!`uZvxi!4hO%)JYz$*O3jk!ZBx;5NyveIV<6!dbwWvx(7ov;$5f;bk;qqBVz+|J7nagDpZG+hcVk#X9?k(mw zwq+yy+n3JOR{P99WM?2A$^y%%)t&W)HbK5I1fPQs;scBVdd2XNRo zkxO7t7kY9XLwK&roVJQVmztVlVI~rIP=ah_b3SHb=o{rL;ycQ8^lhSTIP%mt)QN)t zjdg*ZqOQ!QUNf7UEH9EDGVYVd(dG$fWSX#f`!TFDx8pCi@q-^*bqY)saGBhyL-9ej zYBWv+d#-cKiBP`aYdMfN5Ms+qplCpLxD9`^K*1QtIE))XHpEgguG^OU;Y2d=U6NGH z&9sGWI64x9Zg-NrMHYOLhAV68UHq*&yuS0E)#Sn63&Jw>3&_h7S&==XLaCShA{Fo~ zH=X4S-W=RKY;u|Jg>TW(tL6S!sla(CB#9LZdd3V zcBxpe1X?&sBp~cl0*TTa0N8&=1=BLb|1jt!f=ks z*Wp97*g$*5 zRq=}x>H$%{^nH_WR#IdQeN0(Ao2DkZU|eUT1wcuO>S`3V@4`K^{|#wO2t{@1M927g z>-FZ}{m#G6IL3yuC->8w&qv}{5Z(=~B76ZD6cOe9D1S7*V}778pJ$MCVo+UAE=>=d zM|d18HmTQ}Axz>=(f%lqsW8MZd0EKez*FpV5uqryKfS4~9tO*So=H70u#{$Ck+1(cO z_KJPT)WMgAel-NN#F;p+xmq(l5%H?AARH^%v<{U8903G|^0N(bdKWm&p05dMn%>1& zPQO16-M<%<%Vu&A|8YbFA_07jUXD(TcM?(R+5?v+J~t$iqY7cCHe4LgHr_HoXXaNB zkzT8-8aR(~;jTY(GjXPYs)21iT1bvp`*X7SWCZn!P~`H&{hXN%&KlgbKkCCPSfi09-gwp4a%t-#2HKX54B zs%T#K)3E+h(v8D}D?*|kRyN3SH$AzW6ble#U7+3J!VS>d>qKX#|H(ZqMf1$dk}1J( z^mF7mPxef_QmA`LpzR>okK74a5rS6x2PlTMt{;}6j<;^_UL6NZU_OsUP5`P-?|aKH zFl?1wwU?2-cwpQJHkl}a9?pdgs~{k<$_xot*2R4&m1YIg+crd-tjmR{_%&bUK=?P_ znhSLzQ9l@n$Ti2`e_x%M`?hC2M_ret?Q&Rtq! zf$BtAcB^Fq>cAM=yTK4T9N#2$Hfp3){Eah$R10kgvh{xdSPiQUf7=+l*>OGQc6Ee5 zKdq9r`jx|o7G+PR<^e-|(d%6r=)hh&Ww%LG$IqKfawQ6vJOSHU0F^kiBcOoRFXD@A zQM3k#?2^$_89I^7`*A3cDR2CqN@Fyg>il+_HJ>fF4E_`+a828?^=$vLiYYVW8n_04 z&~ebX*bN7dq5zZlffxd1(+X&Lz48($8~`#J{ZcoLY}2lQeXN@IHpDHKuN?gSSRtBO zzNYoP3H5rbA4B7Wpf<5Pd&ryw5xt;Om&xT|MJ`LpgAgq?f};Dz^|vP=TVy-K0V3K^ zi94<%>oWH%#$clMv7;oxxKRk7AzK6`Lp1yc6xc|u%6(f3)1`y32WQ6he$Mc$ib%}M zOuE&lOKF|DgfEu4=aG!yvzNXxT}E6o@x~#>qSdJMz79wh+3o*QCitlBn56?%e87s ztfc73de)oGhZn07C#;~Cs~$ZBgoXM6DqBG7Mx1Qck?f#Q$n)TFld3&xf-HSEs{xTI zoHn41DgUIvl34oC@krVZj%%I$89`)`f<72-HE>>Q7vFNrQmU1$6E~iDfu?PGBq0^x zcLW}#Xf}^>l7O}tpezxbS15(E%GUjZlh%zrc2s`}ck6*EWXGSDRzUOB5ri^yLCj~R zFPnF8QdjQROXUt30td}{*Sp<41EH9s-?ql$-esJJ)H5RnTWevpy@(ryw#5o0`RD3r z?l+;LPL;!DIC?d?mPiUWHydQuWB;Fiz~KR3)|9AdQh*ZpUjx`rI@$v@YOPjroNqD)hsNoKZ9WCCVHavMeb=!*QzTT|*LeD|f- z0WG5NP}ms>boBEC19VWKg>mU>(;U`#lBv8q6$p$u7zrHpoBtcBo8*p@7nn#rL8R_#KdjG8uIeZI&IH5JuMrg3~n>(?!Q5*KVNvMt#V?NWa zO13bgxohD(bL_U-*Z3+rOjsv%<46={laUZwTpsSS=|%&BKmg1n9Tm{(IkCdl|uY-9md zO23_Sxt5v-+|tJ(u5D43fcaWV3vzP)|gfG}4>fH^iD~Bmg zdfrb%cCsE6N<&I(21#ycHSatvQO7+>my^ED@wd79aQgvTN&V6dD0sg{Ka1p*46U4M z_o$TqOZ3~e*H$q-7qoYjCoZkBF#)m|GzIHaoTu1u;^ED=3}T4}1&$EX|YW zU^|XVdvb_Re(wbXG=+OV=V6v6P;uTn|VY!VHED4OfhrX)~RDn-AcK z$WO!jCxO@*9_WzB&$0yK0v_~_(PJ6mudxa5A#u!qj;EbY?SoNijO2!9=9F??-g`Veew=iMGM}+k;?PW3+2w z<#;Tiy5e}u;cvv$QB3{2s-U%M$HNi27vePk>o>y@$~Ksb8i`O%Ecqw29-t`0nLJmK zq&&k-BcJCT2{G6&&g?zKDVFHSa~>!y$IYwenAQMmdJA<KfvgI*{2pPR~ zBq9`x(E(DlIpi)UuUU=Q06lRxOxyNnNyA!9+`61-kJ(n)RiE?#l{!M!l-6_74hWk8 zo%4d76rj`_Mh!$a z8O-ns8)!NEIrbHyS1dAKJTtV!zF|V*#AxcnOUV<~q^tiDmqKpXL ztT7@V9{M@HHc$uZ^~8Pe1G=)0_JhW_?UGlKW>UfTEW(dh+kMWgRtg7LmIJ@S7EHO?oiH!GSC*?SB@Y%Kv=0EFjK4G_my^f6<;g^M!%?(ZMm5t$oX*v5#|Q& z^HIA!`%96_z%_c4*7~e&u;9@NQiR<3TJNkIYb zyK^FMyF=FsLrg@+zyZh=;ZCot4HxXD;t$Ct=IPs95Jl@#=*S>!#k_K{2ARxcBXRy% zQ@W%hbY{^=`=Wf&h_Ifge9?*T+3{PrEuC*Hk@4FM20ZifrPz=zndwtS0{!N?7FL(f zZ4!dA4CF2ozE+L(a6P2ASr&zdvFQTlFlB6ohlNt<^H}l@qJQw2OioRF8YQmGlc*|` z#^?()l;{dn2=>0)2AF!jPOL;UEq)gGTX4ye&rw6XU?7*$ z85_0@MkX8Q=RYv02d##h4tEybiL9FSuO5fUZM}ZTz4Edn2`b}n;SF{C7VX0STI&KG zj7CnsCsQTWAkDr$5ub+Q0jaoyWP8zNZhbL<5PhFzgz*@iyi<7-5L+Ov`* zxSJx{&$9JmpE@CdaS%O7Mwy3_Ht1V-&j;jkNdp;U8$<v+to64ostxTDwb6r<4HARcb%Nu+Tj`o0chb7`dyBFpV z4zD(zXRtCAEKuwH?p+Yz+zJ_C0R<+SPTWXUrZ@L>!&i9!PXi+~GQBVL>S7FcJ%$-D=8&j`q3Lt7$xC}Dqi^3iatL|&WHDROB|N9n zR<=Y^+@u`bky+JqvY{_y$={DxTf!`C;J0{G?S9jMz%87vc_u{S7G-oCz3$^mv0rP} zW)hZso7!g8vhee>*To>DgqmPT0FN-vNMNn?d7_iyy3y7t@Dk`;n)^oyv{PPTrz#l? zT%^VnPeE*0Mhyc*v!cpjf7hpfHNl+&b$l~1<_zWyrOdx&GoMqUbQ2N2Q;*W_kK+U< zf<2y~pW#6yI)~512x~vvA}%J&>yeg}o)qO}G3Oe{&UCA)B=YJkS*U&j`_{5H4-jo=qy$H^n_WEp;H*pn9rTIdC& zdP^zk1y7?Fg(gxM`dh{Ii=kwT+|a~-9~e#*B}ymGp0rx+cqbYIor*mlulEJeNO;>C z_JFEMzZI4A)Lso@Dq{5KCT&njUTM!3>USfpX%?fS!Z!H1c6*MW{=!2 zCx;F48UVv6=7K8Qi`n_g*!hUC_Y{Dn5%k?~fin)CU{eqwgTq{*xwr%l1bS0qMEa?7 zDdK_7;LYex64r$>>&N>E1B*+>n_f4R^ob>tzW!%;tY#gT zWL!S}H3~d$cNguS^_u~>1E5Mw>?HC|rAe-&6TMU%WksphbHx>m?cyBP8rw-E)@dq9 zX!9K|@Uy8*KaMbz1J+J?%XMKLpW0M?E)u%o9f8b+^9>8G93XD)(A7-e6e^bRVBT}* z7w%cW*YSn~L#K_>o9KPsy`WG^XrHzV_RaV=#sAZ30YYRs!)}BGT;>DE@pTaSd2^58 zwCv*heEZI;sCAX!A%9%zWltHgUok2iC_FLtH~L5$Fc@?L?_7WrM>{7ly|>Oklm?LP zaX7j+vp~oO$im}2io_TNymfz#zZKG~WN zx?srv%-IpF0lBo_J>C%*%B=#{jnI3yUN5pWh+w(_;q97yF5i2BkpR3LoZAyNYfRfp zm9*nytUo)jzK3|;`I=Yo798k7-JfA-=@ zY)lBA1u947C6t-#=cQS`|86(6aoGlJ+>L!oUk+7E{D}tb#42yS?w0(@>~;ErtaTfL zbG&E(?v#4lQ{^uhju}%IxR3|Ne}6cn7vnllI=cpThSz)Exn3{e?pXILnq?+bJ#5eI zUp1F<;3`tReUJ<(KEtsPIvc9-*F7~<#km#iiadjUQ~oz!h1?e2>y2+9Ri;i`P?kRr zU8|ri7QUPF$Q?qD(7zJZ(+SFulm&9&aVP^#*phnvSf9GKDME* z84#e@(>2x>dn1#3qse#nYiG)tI(xQpI^S=xSGPBvCN$~euCSL)$;LcY(!IG_N1yU9 z0M3thkXJe23vIb4K4?F9aA5J3__tk>!L^S(G#!6%xL$jTuqTHV&DL@Ly9Q}bMVYT7 zh15n4c14;&y(#_s{6TJsM$%Wlm)*q}a%gsBe`}7urum>&o6!buUpx2XG$sz_BF2=T zC%z^;7KBNOt@D3ICY>>;!GJ_$=NxG=8tYFA_M~**91^G3x^eIrhL(Sm!xf=OYJ_HI z)N#cww|zwD&N0%Edq&#IVj6m zdP+RWXSc-yNT9PBU1zuFh@~(%&8`dk5q1 zmApoZad6cOyJE@k2}(b&;*lA>l0_mE0{^7kyB{A{LWy-J87br^My4-|6$6P8AWoVW zOArf^BsY}DPZ*n@>c;v?l$>81S;4sZ$##witu?KelbTQhuLtjN`!_y^GaJ<-q%3?d zR*})ZTdN74AamWmJ83GyES8RL6O}akP_T|)oCgZ8a*5Vq$nazQD^=CwZW;auC74$3 z?5zJONo*|K3^9p3-t!Y|z#T^7VCed8g-w>z zk>?8F!Br}7E041NQ#d08?LWna4|@I~)|Um~md(P!028f>9Yr2b9PY^`XEqReZ@JMNk(ucQD1+^ad^d$tv@Qvy)7nb6iS zKKH-*HtzO5Qda6dU`Pl-NPS=?C{W_16)n*u-7x#ZrB~UiEd!wF_Y3@Jr37||g| zRC)h#Nq(Hm#g!u~SaqcvqwZLVtumXf4O>+R1i5jh@~hESFX>|dS=i-7^2(L^39}sT zJMH{^Q4?psRc!E#=jqR+fk&C}*il1CvM%R2Am6Ow!Am7$3=bBYnP>}$CaMZlnu4F2 z-a*lMbTWfHz=Z8iZjJ@?7}dk+b+}KK0x~?Y+resety=K%qOkZNQc%}n=f3uC;N+iV z!k6M>Ixi^^JB4_y4PvaG+m!qMdT-^q*ld zn{}*_cxwOGDDZ$~^|}$ZmzfV%?%`83mLO(QxLqHllC)hJt*9SOS)+NYEJ>ZQkAjS4 zS(P|&g2IE^$R0weI70`2_r|~jwAj!stE9jyIUZ7-VDU*5>@9p&kMq6C5z2SQpvPpt zw}RO}x{Z8~_kW|;&})N=hk@!`WsNs%%3Pm3wPQ`#o}iAgSGRvyI*KGa*i^i}Hqx1V z9hbt0(uueu#haqll&iIyb`H4^n{lM9EDc>aTzG?kglOhgU#4NnUV@QF?fFnYFpyyEkIL%LM4o2;lrKIJ<7eR$$TB2X49AESnA7UNi(|1Rz0tp}Z$Sf@;NmV9T`8n3MW(A$ zECS)i1P`q>Us1L{K>~*0L$FHl$@q5;!Saa*OuS2f3l)L)f{#hJ{x?t4MdYr>90_j; zQ2r-zh0JJ)XiL=27JY7XRNNKz?1#IC=4!ukez1Af3|ELl;qGb$<{zSMk9@_x!^W(k zh$knVmw3?8U--~Si!9(p zN;LNLKvDZd^I655_bHs&Ze|CV1zFS#zoCr}U6!iI<^~UUnmEDcJ{KtUK5iBymy}1v zXDs^)*|_8lg3jqT7W7hi6}I$IxT!&Mxqy29iu>ha z_&ysdRG4B106di_%>F4Vs2ArC2zT|7P#lg>HT5h17fA>4^EkF7Nj*d9tiSJmB9r`q znB`}uhf{D}&CwBVk@;Sv?N{Htl06uvmHma5TZ;Q$hgzC@^yZ(2W-NP=_+5h3ShB+~kZxU8siOA}H<6GD!) zc_2d*4~Sc%wH0GlMdm+vR8Pv)=V4C%pMbPo@yw8VS8HVDX}nQ02cAd`)ID!=I-e7d z{ox8SrXs2)tFuj@<#J`2OwDj~@sJf)M@1G&$yMN`ZQSM~4(=CoQ^7h9C(Xr8)d|_8 zj4Nv+{36QQf5iyD@}}?bYFkS>n91$bqTNzv!Wix>Cw?&ARjme0#`iMR9;P!{gT>V>!i%!F6Ls}U!zoctm5XL9F!olc)B9m^BNMI=lS)#sDQ$` zFbZD5d3Bc3tnEj3|Jth%)9&u_UQ%M|WZ<~gNyceG&wJi8WP9Mus#^VIqjl#U^|XE| zQg-$FC9b!z1>^Io774bI4gIKNpj*msr9S%Sx~1aM&^P<+Q{W=8TY(40oBChuCG8t~ ziO8N}?hGt{)99clbc@=;ffpcE(gLRc=WZ%kxEF z?(KSN1|_21wN|4g-lXd+-YISg1q(8W+;;Ov5eJRQrqCDddpc8QpP}I_H4hu~0X~m7 zr35H*ANxs4oeGI`GwUnX?SH%p zPSAw1td4f}`-W=Rb!TG^fV$Oev(RMGPt&lNs>3JChwVf97#L#!97c>u)ZH4hVNJMs-YOeE zwr;&Bzot|uAE5$h$`gA>2=j3zaGy5`=Ac{QTJ6XWU{ObqbzgJ>=&mx)87|OS09a^~ zpOLFA3ccaL97g2Uehq3c&{mdM7(?D^AdyW*I03^{=>q-BOd%)@);Lc%jdsLbXmJ@3 z@8-f6M*@Txe*iz-&5&+nN5`#7%B!JOYfw?8iCO*hTh@QtVE<8^p8oKJ_!nCdjb6x` z=@ZQGHg%-sG7~Hixi~A5o9IKDK;mH3ZxkF5AQXNpgpa~$s!0*1i)^N$Tm9*L4ne<> zJsyh$)ggSYc<)KW&QxwykC*x z01ewi41qaTs!tO{807;+wGHS}V&&C9aOR`vfxS^ej04&QM$&iC$bg0_Uh`_WJ@eXs z<)=V|n-)}5x93*(KiCONlzsG|>wNqTs3-*AE)_hUZ(d*!x7r9@pmgFiX=u%KSUv3{ z>iq$#z6{-M9#D}@&V(NVfLUu@wx%Wa(y~x8i*298_dj2TO1is>Y^H{x~y2 zXAI;2Gn_)(U_ASO2UFe;@U!`crKWASOe!GU)qX)O+|KHwK6oZ$ntHphVT}}m*n1{Kh*-=Y1mUl ztHufOR~dw_r}P5^Cp#kt9e@rmi_*dMqtojmGT+m&JM-0I(t&Zr-8OWHE`tnv;qmbH zJfgm~o@_CJuzGT_0FtH zPj%acGe*VI2a!7*0PX>RX4>ipVjt`E;s+2je7O!6{#oe-qwNWBw-t}&s2OH*Ko}!| z;7NJN$prIptLV~#3{zNZO}(?Ds-Odz_rIVN8B`xu92wPfpam5jh70pB$26q(`$$gd zz74=Q1&_j3Y0i|-s)|nJ>RrYfjip9w>j_KCP^+q<&7U!>k)yE`M2XUv&7qJxgzKI+ zdXZqdMat2TAjYCk?LQCGQ}`jCYVr1!HCpi24KnZTQ=_Vr1sV7=jFxJZ^uw5-RA`0! z@xnT&d}yYHMBXcwgMSw1OI=(Q3R03msR`Qz-6v6X!%tvjnj_+>gn6{ z8hPSkP?uggk&q z$Ul4nPtD2cup1FDC81UxR&yqR*N1xo6Z+UGapT0)%iyWWySRD*_CGVyWb0#4IYRu3 z`(5Av3?+siKyzlIn+W7}>d<1ejv(w&NFT9GA0hK8n1s|bo2>L@_s-A^Y*_obccxPF zb$`2%@ETL2^BH!^!!7aVdB%eiN-Ga|3n&EdgY&uibx=pW`@GaJ8~Wx4BY7)}Er-Kv z3xcpUw%DFszgRxZUU`ZiFju)rkLUraVPRzLUECQ3}H} zPE+R>c8}<2vRa|%#&B>AOZ*C-`bHeV4y}jfGjJ9NyO@ce)A58W8a@MxSw&Q3mI7Rq zPCiin%>-Cn5=#UyI!PO#3A<}6f(g5JErAIFRx!N^U&xUm;gG-Es{sQFJ7*4KzMbG( zrzw_)D?xbx%D_1ZrWNqS9Igi;T!YVS=n(wHUA`S|e|6?Z%xoLn7a-csOL(V$2= zZF&63Fa}n0y&3;fDntpH?X!4^5FlZ%BIn>9ezQsLtC`>7?J;>Nh_~O(f@}gG&5yA1 z=yYEUDI{54m&1|-?w>6W2^A$M5!PTfL<@jEN66)+>Y9bzAk`>1?N|5kP#3cZ+Vajb zmE6=s-a8e=$YsAVoDHC%RXA$!#KW3sGUZVYPf1~#SamuDFXG3M?EB;qgQIJa8m~#B z*$ijORN!bJnb;qsG33Hqyr@fXg3phq-#lTtfK^M`t^7Xg-IUBDfcp`<)ve<6L4{PR zq&N1 zDTaYEoDK@q(Deh0jY^}4Dh`q@r3anI2g97mv?AyuazG82TCeSSFx4g<))U(hyH>cyHxhcALt>zO#&Z0uMz6dhPs2ptgwG7#CPq}@Xz8NDPhk`!6+(K7;#B85#^FH} zkV};OARw1S9kAd5tr=9zr;cwV)f6(n$AhOpE0@;FeS$9+f5`8LQK=k?;ViOeat8!Q zu0*6wpinc>HK0&8;WZ%FFzL;w&@|B{B-c91C7{s$$EQQmt52>=(wj%2cVs}_5urd~ zFy%X>G$MV4rwPCYdqoi83EpW0mM$m80fem~#{q=VleAY4QT^L_2+uC5nZXwxxrISC zAgSf<+8?=fCiW*jghEsYuY`OAHd1OF7=`2BaHf3Oo1N)R=3p3d$6OwKQb$DKMr7%> z*0vd2QM^kWr<0?Q4X0z`E&*&H(zI&Q6+xwqNHXVqLr?TY(d#|+oGy|ZtQVQUv(D;y z;o(BfX-T`a){}zH>D5JY#T`GjH-@%^*OPKZ({kqqf7=`1GR$eDoBj{)E)atOx7nXp z@|8xAV^x#r!l5_UPCEGZ_9=sC$+O6wxURSXbeupIw4mjw@8MtZpf8^(SO>TkLr+V9;*FYyv9!K8XP+_6y= zPCOop+#p;UCVU~6!Yu*2L^c0XRTLIOA{cq}vnMtpKUgDPr*i+OTh z*iZuaJ)STr&F+yKH;EHKl=Y!7yAr^|Bg`u8P0M+bPawt_pxSiClnN`2>5YRVk0%Yu z(fO)BIG#11fyy+$gI04avPGDzLF&@{fB`Vg3+=LLs>2xSCA-P^Gs4T)$9zRPq+p0! zAZPRmY=?`JF2ox;>6(T`KVP6>*X5ZF2$*rP1TQbJzoq@Q@pGjtRoo z1;V2`E4pzyx2Wl?=Tk&;W5yS6Mq>SYpLWbHmQQxI;3D5S57GAy*!cAi?2Z zPcbx~Utc}7YG@b2TxjQ+ETjv!l3j8m8$CH6HfwpVqe(L)|Z1 z9L(8PU3*3=@cMWwD(^tI>JuJcPwy^yo`Zq)(G>{B(7V8-hJj%MR!vU$3zX4#r(^XR zw0Yl0Xk^yV?8dQacNUEIfZD9a&?_+35rAfRZuhZPzqmaGWOb8Ic--IU@36H=BXL*T zy>)%SeDE_!2ev+McV11pR(>|Q-7Mk9oD!&By+Sm-$o_zSQ}eK39spQHu5HLpIQ_tLqSwAm1z0mRG6@B}>PrJd>Ew>| z4u#DnFaBWo9ktJrEd$XLhJn^{UZS@^L!fIJNiu%P=?~{rOvwAS+o3$h7x7T-Ie-(~ zKu(?5gl@%tospTYJm&JfF_VLfY1)WP9b3sY=}{lX)C$bcRP`1WA=ZrXCSS1s;=ESA z!TI7K_{!0fLpJ<59I3Jr;t3m@|IC-tVGRKwp$-B1HsgYo8!HU%ncd6Qx>K)X#3b<} zhj4iQoM-i6Vs7`UZuQwUFipp(7>TiS(i>^0UF{Ct&wF%#+jI$sMzGloNskBefCp)hU=+(P*k<`nwhOTlRcrk=(M9%U zJcK(2vk0jrw|5m+_m9TOtK`bb;~m!+M}dl)w(pZSDte@@(rNplo(#-@lksfVpUTi> zCe(VS>$T>!npGWC3`8SDl!%UIr|OrSxhDn?dq0C9PFabis68G(6U81Nhb9JKoWlrfT&S0?qqq=OLGxIKp1RWfx0kb-+f^ zjCs|Zde9(I>{wrmydBZ0Wu*B{jh|=wFEfM+Z7aTKA|2c0l%?QktEn^a(?f+(FB6!E z6tFtKE7i`F-S(IRdLh=cm=l;s&|FBH0L1e=62>RWXZ87TcLHv6QE3PRL>-P;I!hUy^ExeMUXAs8~;zrCark-sOhCFyksL*=BF)#HfsXzcpn8n`*1Lj8F( zNHzA#9I!Q>i;wg_&TN|OZFwyAYOLl*LZOX&FE;A>TQsVf;U=k-bkSqX7M`ZKV!Eev z8r^G{{2hj%?zvWZ0Lko=b9{qxg3PagPHrBdDfYy5CQe_rX?IH>-?B*p2CM7idsjzX z#DDZ_74xc{w!4|!v&S|yioVFV@7MR3L>drJ7|%EjZKyiwHY~MRVXT1h+O0UmwTa_% zze7@7>E7eL=}Mq7=f?4SY;to2JxZ5~Z>@l^-4!>#SNTCGmNw=opU{Z z>b@67#*)Y{;|+8&^=?F})?Bu}!CL3NcB|lU%uJfHp)OF9klB+xY;X`-2L(dEFC=RU zhb!p@<;1gi5*3Ed(5;%~hHEEz3Yq{E6sWx7S~!y8ES`(uwT`sXY@umA9w;7G{3z&= zB#Hha{k05s_G1S(1Yts~Ni^d}8A_XOp?VPb6yOHT?`BxNON3_3>@MQvlG{I6Ig2PHOA#F#^F82 z^~1*XQ^u#BZyPrSKhSsghNGB4ts-fB{zrd?J<(3$$$x^e0e!onbiTii+z zC1VBi=-~9xXY5rP_V|TeG4Ch;ssmmLeM5MPVnmRjUi}{#yQgdCeBXe`;C?vOo&NQ| z1gFeAws;47O8|j}Cz(B~7)%TGESq!ORQ)aMQzgtCn`_+gU<6yi#Ll4*s0a;0n|oaU zN(9!WwqX^YKI6sot$}$=NE$MDmgjn&j%+9Bnyp}da2}DI>uuy*ci~)A^7o0%*8Oxk zoOhfyZk$mSvsYFw+aB4s;e2}Wd^o;lSVKbO7{yLe3GVkJtoJk#Jo{U4*b=OJ+%8hd zvA%BCTA)W-o%2}!le01K*_DP|$k`RxZ>`xN%>H(BSJ)r}mEibz3|ZI^6XobUyQ1Lt zJuYTKlEpPGY7)~IKlw>^a^9EY*4p`br+A_HuhJAKU+{TUlPqD+6URP^B6rH%RVa$? zmMemhDG zqMu7sUM|HQxR){E5+ET9KCXhWDOFLc*JM3%chj)>{$mmRKq?gtYwO3Y#oA7)b%kME zaY%ka7pg?zJGdHKewW6L$K^Cl{E>;|=Iv$kebE*{$F3V;$1WN73i6w-cvo=vAj^nrLt*t}S zMPVvu!2&~t25-vm5Ex{Q6t$dNA1*NKzY3$iO(5UA1^-(4k>ermv5nju3m4Uo%m z&k!mELQ=HoqutbpLf&B;ih?4s*!DT4ZP5$}1X1F$hF!dtHBtsvyAbRTY(J1!gtEp@ z&fyMSNI=|ES_n(cgGFl@d6fNPqc-uzcw}RK%eM`tz+C+*^}onW(*2z*Hg76iJ7^o( zdH~ZtHGpAl)xfkqxz%MdA`$7__JH_@Sv~rD{%`L0eA z-Rg-vSjA?PwdwFg>2vHq!)u-q}Hz zNcZfS(TS3K&hTAcf&!B28_+k^sC5+|=RMOU@?ECMY36q~eRO=;hn=+UYSl3H*2LuX zO^mu!9q=`Pdj2`kmb~dlBlk@nH%~Hs&C!JFqqv@t={T~7j?6mkJ

?Z=j|HyvHf zRVZ{srozW=MQ~@H?<_ezPtr?&mdFV6jD9>+Yx&7-_i95PR5!KZXuB)0BC6_YSnD;1 zN43%|5p!@<%l-zZ_W3c2OF)#Gtj7h7HiJ6e<*CwqK@*V^R?=SolKZVh8|)TnOkuT> zpG7S87~l+4_h&P5yg;M^#x=g7h)gV3MW>&n6f@otZPcFl5L%&s{yo2HLHK_vyQ`?S z+HPOqr7cq2-6cSAcXui7?i7kkai@53cXy{)ad#;a+_gw>DZ10r_dRESWAAas$;BEY z$whLp)_P{1Isd;r^+HZ%E@6FnXi+1z6H5u(>WHDLX5S2uL++rJ=^)nzAr`&VCHCTR zey3|9RkZKw-S~gTB-PN;{-3G@L{p=h5+&g~lsjFsfZ%#kpD9f0<%~NdQ~U;SK&u0X zAo2ZOe)ct#)sfeQ#038jEWhLbwJLGbx!T#n;Q*HvEW&sjg#IA*E`HDM!`6c(C|8O> zle^1z%qema0kVbixGAz7@Qz3+vPGH1anvcYLne17v3{;;*t3CKmQ$l97rLsO_RJG} zxu?UQj(Ky2yE3hZOeMbKtd;$kU2EP<)3eApxg`-BA}d^%EroY`BnA93^n9#PLj;*K z_0@k3f;IYz$=S~S`S$b3EL8VeaVN9sbm>W!2ccJ1$HyzZPrW6mb;>s%pR18s!)SRR z-~`}iSDzQ(+VY0I{iS~gDjbInMwzYGp~o-qv7@eLKhHqzRCw?IrFO>oVtl_Irt00D z%+J^ner-W~7DM*%N)~!h>zlN;cI)ZEr_uG=JyJ&uv(^+W8aN{-(ckNTgLiDL4|x4I zeg4n&Kl-kAB0UPNW^iwE#H?o3|oa9tASkXN>I zV~WEay6cMO`mJ`K?{WDkr6KAXj?Tp?C3x`qLGn19e9B47|IFh6s<-HtKHv&>xU(jl zc+?>5P4E5LTM6vxN5ikA>WuR}M2?pdthf8siZ=+;N=GEY2s;Lu?%Om7u`9}AWy?#} z6_g7K$x*8obr(&Oqi0*^k?v$yVIxFeoY30bB^hKL3e+fW?7nf}KQ+=~YWQz)^7sa^Ejyvga5ln=YjX>gb)ALrJSk52e@~FRghMLTGCCuIsMzYK z``zddS!E3t_zPFC+)xQ~y*E}!htOmBAu|gyynYbxfCco7_rT->Uu(k|>t@N0aO+77 z5x4#!E9AGW%CgT>BsO&_UaMIQple_$yaoL2UXor1kMcIZd0hICE5z} zuv_}cM#~AS4WzEs%?6~6@Ny?Zx+)+5p@s>_&*#1w({C1O9BK>ZW6ByxCFLnAXje+# zF6q}&$8-2wlXBEdh~?6(L%}<`Lx+8#(+VM!A?)fbL2{=2@$}JYvOB{eg(n&I2@2_i zWWPN*Ogo?atz6S26)JNu<(osZ(_9&dD9R}!Tz(1$dIE;?Rh&oSO;p0>R6f)nR6q8+ z!6A#{?VSc?)j23DVw=}wFFJ+jHV_X9w^Tmfe`{Hm;*RQ=gg{pLEBmAU{|8H97W4EL zUJAn{{YzUiGT*yC?yy<}29nt7`(^+D{gcyGDEuxH`oAW{`J8rNmxfytCUv8ZsPn)n zpbe4?h%~ymzb*Vf_4+|K?*!@e1dy-8oYTxPMqQ$yw2`GP+dieqrKe$;f6AT#Z0Dk_ z@DXvC>w9WnLrQ%YDn(GPh_^~Ur;wT#WQT;VTN3?8qc}^|9{lJlFS2OS~VhNL;_&R(~={KO{|@Yru#XR)}ujHZ&iZoNzo;Ko$vGT4O)% z3%>l{2ZjG^^n-^; zdR|iOXUfaZ}Oi~hti}{ld-TC$_EJ23C0z*@I48S2y zDlB?tcX$F0p`M)NM^X`j9@fMF+}6SZg^}ghOCe~v8RW9B;s5mdy$o#sH-EyIuusfv zxd(C7cBq2WNDT8`eI&JmJ|Z->)}ktUA|AdmS)U-h`JnHI`N@I(dB`rCUi>4`;Rz6_ zAr}6P--q6{ipMYfHg_%`AQ1JD#s!~r2e7RXPsPOVC)a1j$!CCK7v$)n`RT4j1ghKB zqTy{#Qqfd)24@o)zL=DQ@o=RDzKP8&;i!0#qsVXB_uU-n5o;v)m6Bz_k&!T|*AAH< z{nzeYW8U(aEL$YN1gol``o@{yJ%jw3zt?TIBF zk%}LAIs;T+$*Eez9`Cviao})k)=TN9vt9uR1Z4V#jsTitQcuL8rE-K%1@x}5Dw(uS z<%@BM-ZhHGvsor4`LOZQ2Utxbvc#6HI}B20U9XJ>iQl1!R9gVYDY_C_dPzf2WP-w1 ze6P7Mujd4t?n_Sh`%zPa%UI!_ZG;kj&=g{qLOR01$LT=^qw`ytdl>O2&X2c6$H#on zELp9hViucJ&91zg#8m#><%iqO=OJK`{?#x-fv6k%-`f0!-5&fU0}E6pV6kDB-Rt+%gtJ1DsJn@}f) zB?yzqZ#72UEb;GlNzVzI^8`rfZq{3;kbzm*F&c&n|NN8epIq+1kI!r3w4?N zk^J={^KE-r5N1gFB3YmFX7i=3?oI_7QIXrq_d;h!V>4qBt50-S;;y}hvOzjr@nz=W zP00M+V^~D}uCLTAcbXIof}E~QL1NVzXK1p6?r(+BV#xpsKnI6% zDWC}ToFOQ$+$0!@TlHHN;^XZAKkj+rSZ-|{PG8q{=?uBMME;M>e%oAwjTLs^v9SaG zZ0zdwqocz?zDE=MEKU0RHgp?DMpwB(awj~V+C?*#bnLc`3ZT^h>z(EpqN3HHkl71Az|+IFyzzBD zN8j-X2ItfHnfxOR)cxsMl?WGI@hbXw1cqb9bdasV!^l?mX>DM?&}`LD#;gp5*|be0 zpZ(|QL7*MiQ{#-K#@qYC+qLICOTjPyj6>GFj6=FFqs$eQJnd)Okh>T>b3R@5g_W%} zQx({hVF}j>u{1Ccy3(O|ErTDPH+Rm@Cu3t{KRc>A?k~y&o`3!4Fl3vz+r=?Q-x$m2 za~hD_roB03Wo~-N3vhgJcXt=Yv6*#W(T@jlgQy}u|L-VdFapoE^{0%=wH{)|=U1O{ z?#Aq$bv|z??i0Ao4fc>HA0iZEwS0ywQyYYpUF$I{TWfW_+H`K*gTJhL{!E25<-w-= zHA$~86Q;=GayYX7UDSfQKEei=1#2@We!kk6(_gi3^ipoc*64xLJAQS$slfE|ACe&8nayt~8(H%}ea@?NcRIOFD8M!TvL-Cg&Hi1*-N1rIgeq|mO73`l|q`D zL*4VCst?DkvCNc zt4%2lw;XSN=OIa`SATf*EuAPXcf`8vv(<|9&@#|>#j=A^TBQlU(_JcEO!nBG=@gqb zzMYrf_vY7KJP{vm;&IbFGU@eh#CP@sk3o4&q2c!x+-FH*2oR2l*Iqy^0|*B7K=mCMR$FTE=xBX= zd{G|yB+e^yWbw&YkfoO2lKFX!x-l7KsvA0NPqlrRDus$89yEyZ;$`=!{p6BDbOy{g zOU zc8AcyAG-tR%YU;w-u4DVH$1wuLXMS;`kDvB)Jk!YhM#yeS>Ul&fDb7nNvNr8l#dC~t5l_Z^_7i29mb zH`iF|-YqU#JY^sS`^i~vtNe>JCiQWp@#(-z|v$9a} zZ{iPsla$yUx&O)?Z>8g-*)62weKYX?fF6TCJQqSynGvq}SMgnkC|&df+D1Ak@D8gMK{+TiPtPd`F+DM8HRuA*Cv z!N<{$zvu@6f_L}}Z(qJrQk~)If}CZZwxK-P9Vy}8*hQiQ7oKbg+I0X9gwZ?FT;dE^ z)1tDTpt-bvwT_`nu=v2-7W*^d_e&Xf3uJVOS_u_Q*~7l--))V9P?w>g#bR*KQ|y<) z8yV$Hcl>Oun^eVQ3T&LRC@T(ibm|GCA%@Z5?dn6GHvJL~tKtwKwG96_-p@yBQE}HH zCfUSFmpk`s7&H%295R1-9NRKR;dw2CFM8 zpaq-t5ma3Qex5g?IN5Gkm^c>x7CgW-MfgKSmO;#qtcWLX80Nd84Y1$gJY{l8`J#7# z!-I4C0+MJM!gL#$Q_3`|7)zFiwWC(5eL=NjzicBhN~b@(QcW=bcnnChO&uTOn5mgO zix^}U71yodJ9$4=o^WLG?l?Y&V=nDhRv<_t@S#X5sAI5|Gs_q6+ z5QG?sl!qtjD*x7lrn!+DPuFeA8AI3YZ&>#8j;1uka1CnV2dv(_koFLXmwX=mSl*zc z)pry(l<=4EVWyv0O^|$AZm2xUSCp*337<%Liydz9ox02~)|wU0-_5kwF_JH79ygrN zco?Cb$(lz_+kM$=3ydi_Y8F&I-fPHEWw1xcbWKyfE$!GtV@_0{EdQYt*j<=c<*r0vv<7T607bx9n-b+5>BfQMe3|e1 zcrhOAs1^|A2D)0>1U?{&as-qvd3=y~zfUq!>CAPd9uqjnfEtK^h=6NySj~Q~%%-0q;Cwk#%W$fHf)w%XH`d&y5?c zuvS}bbS5F?YN5`JNzy|VV{z^k z32j)ql}@uA3^V07wp}64LBmY#X>+zqm*eB*Qxq*Mydt_>f=*FlYCa3^r&c@)(ZZoK zOrZn?F3WFj)KJfd&sk$lB?-Yu(C^GO0Ewtc1-Rhq>Jj8@6BT2V7-8NO-kPk<+u_r( z(cew1VJ@ZoCd5z4gkU0sY!)k~h^O?KQ2%Ps zM1oLB+(+CcSmBuvfp%O~^YyMz~TH)=_DnvYDW{_M-+Nygw24KQLh zBku0gF?tT#G(*@%Ai(C<8(`ZSqo(-KlO*{aPP@qo*e8p;Z~T^RW`_&63q&iW#GfJL z4)KV%HL8moK)*bK;RzvrB}{@auZfQBQi)zo+C@i+(b(C%507xH&B7YdB8SNcbl$_} z1$Ba-;Y~~$jq?t)LF>B562gBEAs`b|XE~r}XU+XVyAF=Qc9$|(y+P!>a4Tp|K{_v)r;pSaM@2Lk-3d;+x_K%6_7G<}M5n-Dk6s%g|t zOGiO6f7n2nfH0Gns7O-8&m~9dM(abcxbf{7K61Jq6PpUUkg2=7lb0o>`eOsv!o!^l zQQQF9$raloN3RFppPc^4`Kq5LoA`31l+m5a*ci|ie?7zzWfo=c<#xy?ut#d~sTQRT zW#VsOd$=y}fDfe$uOD?zcEE}FjPw~Lx?GgrcrVHV)tqzS&Uj1wxwVYCJhX2m-n@kv z9~aAx_Ifm}5gcz8beSw)bb!WbSef_8tfc-8a{N&_sGu0Er_cj}Gw}P?72ydTSoK}u zR}B>RB?rhY7CCg;$6LD!m8j@hH*utMAYHs&KJM*tWYEle zf6>IMuBk9lm6n#kj7wqr>8#?W}bNWD!(|~!fs<$UviU!3OTL_s9(R@KBuuRpA zp(5;_B7K=tlH7Vu(%L%0nuN!V2j*Jph`(r1{Cs#lC4S;CW8)A=B7yz)AeF}YFW50U zGodGuER>3@b#*flS4Mc0?f-jmMlnZ57w`Fsw&1tpfnJ0c!;jR&V5;547&H&_p!y9u z+8f3Vd3#!fpKrkWP2`p3(i1@GV0(R4zKi7}_A6~X-KfQx0lbLfY@2TZ(MVag6g-B7 z41yUMRQn&pP0yO$bk4VrW#9UQuxVNj4T~o(zVHBjwDtES;Nd9d+qxY!W-quPO*~1= zBklLvxO#QC!*uH1a;O%kTbeXCnF+myl(@%;o7I1DJkBGOC|ogja7W>7az>K&XUQn~ z#NIOit|E;+?@KbY7XM@rqjlLqh}yjfR}t5q=H=yuri8sEkjhsy>j` zd*eX!5%_v(4Zo`1uws$gtH`Kvu-z|Ei3YW$phEcQ^9yE1@)=L^f{*i4)}z;{M6>X9 zH5zPrHBmZ*x46HMgyRdVIIl>Nj?b5o1h+)PyXJg`NQFAeiB&fInA85NFb0F9J+B00cZqr#n7^yjw* z*0eu2rfFAMH*ypyxUm2G{TZWbM}HDbuFR?YUphjBOhpq-V>up`#@qm*dyjFC))rSZ zLm-X6$ZwEC?(ab=uF&o?82U-i=w67)`&HYsK<%39Ulg@8s-T%CQ~ep_wGHDK6W)lz z}gT_Xq+fw_eT6bf~!btS2dyBF=i@w}j zD&1D1qGeexZlXwG3&4n7=Lvuvj{MeO64GR=wn-XwA#i`+o)?&~22-C>z3m!IakYCB zFE92F%OQ{JxtRa2*8!FUKLT<#!xY72k zQm($FZ}@?-iaezS!lvkINQE`2T4tTOY?Z4Yobo=%LkGW zS0pBaJm+&HUc(&LZSdr1zZch1r2$WCMVKI(_JCpX$5vv1~R$n3s9MKaok$B z5-MRBm?;jX8~<)&=tQut98R^-|2+V}i|9XKhs(iUHX3;K;!v$fcIGwta_!{rNP*Oj ze?flJMyq}Juz=8Wa`4?km$F%~x$f90a)7vd9bq_qW4N-5Q7@6$u$qQ4prW4I&$)=O z4n(qTB5iXlkEi=hUR9V)r&$Q+eZ7Nt(OM%sa)u7)mTLcqAoY*+!!}1Z;Qc%PN4=x~ z9QsFL%>mWMtgoO!2avU@eir-g5fQ;G1of_DlrSp7mMWVJ*4H_Ws6ifxmhtq8Jd93} z2f118J`O^xjVq<0?3w=k`{43?hwG(fVd|D(v)~-=pu7{eZ!%nN0#MJmbe=P@y#j_4vlFM9iO*Zg_ zLG_)T&2kX@?7XkVao%v0s8~*<@rL9?YVH1+$V0tusR<#_>slFRsjgA!zznOIjvd0? zLUDUiMiH5ns|HdzS5OJ+{2G#a;S5PiJ^qVXK#C0V5R1qVnfvWoT1?C^Kvh=Znbkv; zr(#p;jb=R?7CZ0_gG!5~V8Egu>Gy5HY_o%Uso`+S_Zi%>UXEEzL@fm<)@_dnQ1xWu zRCqa7fwd^Z;#3~=ESI*F>6zUulrx3)ur#RP1X2pK+IJ z6Be6|jZ7x>Nv}PqktU$Rz9dKJly&@>M(FnDifYgFM(n|jBDepQ-JpQz(?*SzZ%n?K zfErT;UeGM71Ker_w=9yK<-lbp1GY#}J3t0$3Lsh%5T03VGz6K?G5Q&Pe}kXEmfPZ6 zJrwXgv6e*fK@Q{mYgV9j;4!9BMQ3p=m$>Ovr-#?gX%u7jP>9LYr zZZ=B1kg57`Mn~5c&YW7i;*?~ff(>JBM~f8(UM9PXrNvw2qSW~EjuL>9Hl(3x9Ryqa zGLD%j=z{I!U6SgUm!7A}P(!S6<%p1qR11vV46aC-WE(VlfIJQcGhJ}9aN*9?yl5c> zGabVy@wCGv8|gG^N@6Bbt4E%jzP$QB`vBSPN!McOt0aHYZ9%NUl&ln`<^#Q5~wpotu zbz>=6CqGBlGlQ))z9MK%NH+pkLna~2rNH{&>bq2id!*C!WNkxi{uUwvkWWxaD)WBv z!)wx{GDj{_UOkX(hHmySHbTx$15$xI5ppnga zIL>SA8&Cp=3xC#{20KvbCx5uKHRz|C64#t}7%jmn%y z%lT@VVu5k$t;l6*RbwCu`)U8OVoh~O3qx}^D3|2x<-y`azpBV5?O99XI!f9Ph_Iwi zA?HwUf1gsKRJMUNpTV)S`7=UbQ0g@~yl|JH`bbN76{BY`9))^$T{!l!}?~rPfyWaciT@EqGiSV&-F5b>UH@c}I*_gtW zbEa*2jD0@d-gnox_tSe}Yl9M*d%qqXem?EGc|UP5fI#Mb%=){1E4qr?b*&mtN}egE zzrH?56wC&dYVt46{px!pK3Coi_5Ia&)XbAwgP;mv!L$4xv@5(nYDIki^iW)<_GUt@ eY7fA_WgP17?|%;3S^NDDMc@bf!>d;?ul@_Tz$r2S literal 0 HcmV?d00001 diff --git a/released/assets/rancher-logging/rancher-logging-crd-3.9.002.tgz b/released/assets/rancher-logging/rancher-logging-crd-3.9.002.tgz new file mode 100755 index 0000000000000000000000000000000000000000..f2e02b6a3affa8ef4aeba4c0810cdc8b7cd15425 GIT binary patch literal 26805 zcmd?QV~}NA(7)N`F59l^vTfV8ZQHhO+qS!mF59;4`q#aE--tJ6=EKbA*%2q>M6P`z z_Sun{>$h?}3pe5?(vN?xFR~vLdZO~Q2BK2Tl5T8F`V7jnh6+q(>I!VkGRn%#QYx0_ zde(++igGqwqDGchKh8fi684+xXu{9hctHAZeBMN2JcJEaOthU%qbj=^DJ2jY>Yw_f zz2HdcD-gBmUP_`vkLRb+da2DFxt*$B z<4X7mJ_J# zQ&h3$rL)!j?4!ND-r4@TtYfR4vHAsbDr^t-81sg#Zuh`}S~PFK>sdDt=c@pURgW1~Iy=@aej63IDNEyg0ij$Ki=5gW z(vQ;Zc5^y-7LAH_tn(!`uZvxi!4hO%)JYz$*O3jk!ZBx;5NyveIV<6!dbwWvx(7ov;$5f;bk;qqBVz+|J7nagDpZG+hcVk#X9?k(mw zwq+yy+n3JOR{P99WM?2A$^y%%)t&W)HbK5I1fPQs;scBVdd2XNRo zkxO7t7kY9XLwK&roVJQVmztVlVI~rIP=ah_b3SHb=o{rL;ycQ8^lhSTIP%mt)QN)t zjdg*ZqOQ!QUNf7UEH9EDGVYVd(dG$fWSX#f`!TFDx8pCi@q-^*bqY)saGBhyL-9ej zYBWv+d#-cKiBP`aYdMfN5Ms+qplCpLxD9`^K*1QtIE))XHpEgguG^OU;Y2d=U6NGH z&9sGWI64x9Zg-NrMHYOLhAV68UHq*&yuS0E)#Sn63&Jw>3&_h7S&==XLaCShA{Fo~ zH=X4S-W=RKY;u|Jg>TW(tL6S!sla(CB#9LZdd3V zcBxpe1X?&sBp~cl0*TTa0N8&=1=BLb|1jt!f=ks z*Wp97*g$*5 zRq=}x>H$%{^nH_WR#IdQeN0(Ao2DkZU|eUT1wcuO>S`3V@4`K^{|#wO2t{@1M927g z>-FZ}{m#G6IL3yuC->8w&qv}{5Z(=~B76ZD6cOe9D1S7*V}778pJ$MCVo+UAE=>=d zM|d18HmTQ}Axz>=(f%lqsW8MZd0EKez*FpV5uqryKfS4~9tO*So=H70u#{$Ck+1(cO z_KJPT)WMgAel-NN#F;p+xmq(l5%H?AARH^%v<{U8903G|^0N(bdKWm&p05dMn%>1& zPQO16-M<%<%Vu&A|8YbFA_07jUXD(TcM?(R+5?v+J~t$iqY7cCHe4LgHr_HoXXaNB zkzT8-8aR(~;jTY(GjXPYs)21iT1bvp`*X7SWCZn!P~`H&{hXN%&KlgbKkCCPSfi09-gwp4a%t-#2HKX54B zs%T#K)3E+h(v8D}D?*|kRyN3SH$AzW6ble#U7+3J!VS>d>qKX#|H(ZqMf1$dk}1J( z^mF7mPxef_QmA`LpzR>okK74a5rS6x2PlTMt{;}6j<;^_UL6NZU_OsUP5`P-?|aKH zFl?1wwU?2-cwpQJHkl}a9?pdgs~{k<$_xot*2R4&m1YIg+crd-tjmR{_%&bUK=?P_ znhSLzQ9l@n$Ti2`e_x%M`?hC2M_ret?Q&Rtq! zf$BtAcB^Fq>cAM=yTK4T9N#2$Hfp3){Eah$R10kgvh{xdSPiQUf7=+l*>OGQc6Ee5 zKdq9r`jx|o7G+PR<^e-|(d%6r=)hh&Ww%LG$IqKfawQ6vJOSHU0F^kiBcOoRFXD@A zQM3k#?2^$_89I^7`*A3cDR2CqN@Fyg>il+_HJ>fF4E_`+a828?^=$vLiYYVW8n_04 z&~ebX*bN7dq5zZlffxd1(+X&Lz48($8~`#J{ZcoLY}2lQeXN@IHpDHKuN?gSSRtBO zzNYoP3H5rbA4B7Wpf<5Pd&ryw5xt;Om&xT|MJ`LpgAgq?f};Dz^|vP=TVy-K0V3K^ zi94<%>oWH%#$clMv7;oxxKRk7AzK6`Lp1yc6xc|u%6(f3)1`y32WQ6he$Mc$ib%}M zOuE&lOKF|DgfEu4=aG!yvzNXxT}E6o@x~#>qSdJMz79wh+3o*QCitlBn56?%e87s ztfc73de)oGhZn07C#;~Cs~$ZBgoXM6DqBG7Mx1Qck?f#Q$n)TFld3&xf-HSEs{xTI zoHn41DgUIvl34oC@krVZj%%I$89`)`f<72-HE>>Q7vFNrQmU1$6E~iDfu?PGBq0^x zcLW}#Xf}^>l7O}tpezxbS15(E%GUjZlh%zrc2s`}ck6*EWXGSDRzUOB5ri^yLCj~R zFPnF8QdjQROXUt30td}{*Sp<41EH9s-?ql$-esJJ)H5RnTWevpy@(ryw#5o0`RD3r z?l+;LPL;!DIC?d?mPiUWHydQuWB;Fiz~KR3)|9AdQh*ZpUjx`rI@$v@YOPjroNqD)hsNoKZ9WCCVHavMeb=!*QzTT|*LeD|f- z0WG5NP}ms>boBEC19VWKg>mU>(;U`#lBv8q6$p$u7zrHpoBtcBo8*p@7nn#rL8R_#KdjG8uIeZI&IH5JuMrg3~n>(?!Q5*KVNvMt#V?NWa zO13bgxohD(bL_U-*Z3+rOjsv%<46={laUZwTpsSS=|%&BKmg1n9Tm{(IkCdl|uY-9md zO23_Sxt5v-+|tJ(u5D43fcaWV3vzP)|gfG}4>fH^iD~Bmg zdfrb%cCsE6N<&I(21#ycHSatvQO7+>my^ED@wd79aQgvTN&V6dD0sg{Ka1p*46U4M z_o$TqOZ3~e*H$q-7qoYjCoZkBF#)m|GzIHaoTu1u;^ED=3}T4}1&$EX|YW zU^|XVdvb_Re(wbXG=+OV=V6v6P;uTn|VY!VHED4OfhrX)~RDn-AcK z$WO!jCxO@*9_WzB&$0yK0v_~_(PJ6mudxa5A#u!qj;EbY?SoNijO2!9=9F??-g`Veew=iMGM}+k;?PW3+2w z<#;Tiy5e}u;cvv$QB3{2s-U%M$HNi27vePk>o>y@$~Ksb8i`O%Ecqw29-t`0nLJmK zq&&k-BcJCT2{G6&&g?zKDVFHSa~>!y$IYwenAQMmdJA<KfvgI*{2pPR~ zBq9`x(E(DlIpi)UuUU=Q06lRxOxyNnNyA!9+`61-kJ(n)RiE?#l{!M!l-6_74hWk8 zo%4d76rj`_Mh!$a z8O-ns8)!NEIrbHyS1dAKJTtV!zF|V*#AxcnOUV<~q^tiDmqKpXL ztT7@V9{M@HHc$uZ^~8Pe1G=)0_JhW_?UGlKW>UfTEW(dh+kMWgRtg7LmIJ@S7EHO?oiH!GSC*?SB@Y%Kv=0EFjK4G_my^f6<;g^M!%?(ZMm5t$oX*v5#|Q& z^HIA!`%96_z%_c4*7~e&u;9@NQiR<3TJNkIYb zyK^FMyF=FsLrg@+zyZh=;ZCot4HxXD;t$Ct=IPs95Jl@#=*S>!#k_K{2ARxcBXRy% zQ@W%hbY{^=`=Wf&h_Ifge9?*T+3{PrEuC*Hk@4FM20ZifrPz=zndwtS0{!N?7FL(f zZ4!dA4CF2ozE+L(a6P2ASr&zdvFQTlFlB6ohlNt<^H}l@qJQw2OioRF8YQmGlc*|` z#^?()l;{dn2=>0)2AF!jPOL;UEq)gGTX4ye&rw6XU?7*$ z85_0@MkX8Q=RYv02d##h4tEybiL9FSuO5fUZM}ZTz4Edn2`b}n;SF{C7VX0STI&KG zj7CnsCsQTWAkDr$5ub+Q0jaoyWP8zNZhbL<5PhFzgz*@iyi<7-5L+Ov`* zxSJx{&$9JmpE@CdaS%O7Mwy3_Ht1V-&j;jkNdp;U8$<v+to64ostxTDwb6r<4HARcb%Nu+Tj`o0chb7`dyBFpV z4zD(zXRtCAEKuwH?p+Yz+zJ_C0R<+SPTWXUrZ@L>!&i9!PXi+~GQBVL>S7FcJ%$-D=8&j`q3Lt7$xC}Dqi^3iatL|&WHDROB|N9n zR<=Y^+@u`bky+JqvY{_y$={DxTf!`C;J0{G?S9jMz%87vc_u{S7G-oCz3$^mv0rP} zW)hZso7!g8vhee>*To>DgqmPT0FN-vNMNn?d7_iyy3y7t@Dk`;n)^oyv{PPTrz#l? zT%^VnPeE*0Mhyc*v!cpjf7hpfHNl+&b$l~1<_zWyrOdx&GoMqUbQ2N2Q;*W_kK+U< zf<2y~pW#6yI)~512x~vvA}%J&>yeg}o)qO}G3Oe{&UCA)B=YJkS*U&j`_{5H4-jo=qy$H^n_WEp;H*pn9rTIdC& zdP^zk1y7?Fg(gxM`dh{Ii=kwT+|a~-9~e#*B}ymGp0rx+cqbYIor*mlulEJeNO;>C z_JFEMzZI4A)Lso@Dq{5KCT&njUTM!3>USfpX%?fS!Z!H1c6*MW{=!2 zCx;F48UVv6=7K8Qi`n_g*!hUC_Y{Dn5%k?~fin)CU{eqwgTq{*xwr%l1bS0qMEa?7 zDdK_7;LYex64r$>>&N>E1B*+>n_f4R^ob>tzW!%;tY#gT zWL!S}H3~d$cNguS^_u~>1E5Mw>?HC|rAe-&6TMU%WksphbHx>m?cyBP8rw-E)@dq9 zX!9K|@Uy8*KaMbz1J+J?%XMKLpW0M?E)u%o9f8b+^9>8G93XD)(A7-e6e^bRVBT}* z7w%cW*YSn~L#K_>o9KPsy`WG^XrHzV_RaV=#sAZ30YYRs!)}BGT;>DE@pTaSd2^58 zwCv*heEZI;sCAX!A%9%zWltHgUok2iC_FLtH~L5$Fc@?L?_7WrM>{7ly|>Oklm?LP zaX7j+vp~oO$im}2io_TNymfz#zZKG~WN zx?srv%-IpF0lBo_J>C%*%B=#{jnI3yUN5pWh+w(_;q97yF5i2BkpR3LoZAyNYfRfp zm9*nytUo)jzK3|;`I=Yo798k7-JfA-=@ zY)lBA1u947C6t-#=cQS`|86(6aoGlJ+>L!oUk+7E{D}tb#42yS?w0(@>~;ErtaTfL zbG&E(?v#4lQ{^uhju}%IxR3|Ne}6cn7vnllI=cpThSz)Exn3{e?pXILnq?+bJ#5eI zUp1F<;3`tReUJ<(KEtsPIvc9-*F7~<#km#iiadjUQ~oz!h1?e2>y2+9Ri;i`P?kRr zU8|ri7QUPF$Q?qD(7zJZ(+SFulm&9&aVP^#*phnvSf9GKDME* z84#e@(>2x>dn1#3qse#nYiG)tI(xQpI^S=xSGPBvCN$~euCSL)$;LcY(!IG_N1yU9 z0M3thkXJe23vIb4K4?F9aA5J3__tk>!L^S(G#!6%xL$jTuqTHV&DL@Ly9Q}bMVYT7 zh15n4c14;&y(#_s{6TJsM$%Wlm)*q}a%gsBe`}7urum>&o6!buUpx2XG$sz_BF2=T zC%z^;7KBNOt@D3ICY>>;!GJ_$=NxG=8tYFA_M~**91^G3x^eIrhL(Sm!xf=OYJ_HI z)N#cww|zwD&N0%Edq&#IVj6m zdP+RWXSc-yNT9PBU1zuFh@~(%&8`dk5q1 zmApoZad6cOyJE@k2}(b&;*lA>l0_mE0{^7kyB{A{LWy-J87br^My4-|6$6P8AWoVW zOArf^BsY}DPZ*n@>c;v?l$>81S;4sZ$##witu?KelbTQhuLtjN`!_y^GaJ<-q%3?d zR*})ZTdN74AamWmJ83GyES8RL6O}akP_T|)oCgZ8a*5Vq$nazQD^=CwZW;auC74$3 z?5zJONo*|K3^9p3-t!Y|z#T^7VCed8g-w>z zk>?8F!Br}7E041NQ#d08?LWna4|@I~)|Um~md(P!028f>9Yr2b9PY^`XEqReZ@JMNk(ucQD1+^ad^d$tv@Qvy)7nb6iS zKKH-*HtzO5Qda6dU`Pl-NPS=?C{W_16)n*u-7x#ZrB~UiEd!wF_Y3@Jr37||g| zRC)h#Nq(Hm#g!u~SaqcvqwZLVtumXf4O>+R1i5jh@~hESFX>|dS=i-7^2(L^39}sT zJMH{^Q4?psRc!E#=jqR+fk&C}*il1CvM%R2Am6Ow!Am7$3=bBYnP>}$CaMZlnu4F2 z-a*lMbTWfHz=Z8iZjJ@?7}dk+b+}KK0x~?Y+resety=K%qOkZNQc%}n=f3uC;N+iV z!k6M>Ixi^^JB4_y4PvaG+m!qMdT-^q*ld zn{}*_cxwOGDDZ$~^|}$ZmzfV%?%`83mLO(QxLqHllC)hJt*9SOS)+NYEJ>ZQkAjS4 zS(P|&g2IE^$R0weI70`2_r|~jwAj!stE9jyIUZ7-VDU*5>@9p&kMq6C5z2SQpvPpt zw}RO}x{Z8~_kW|;&})N=hk@!`WsNs%%3Pm3wPQ`#o}iAgSGRvyI*KGa*i^i}Hqx1V z9hbt0(uueu#haqll&iIyb`H4^n{lM9EDc>aTzG?kglOhgU#4NnUV@QF?fFnYFpyyEkIL%LM4o2;lrKIJ<7eR$$TB2X49AESnA7UNi(|1Rz0tp}Z$Sf@;NmV9T`8n3MW(A$ zECS)i1P`q>Us1L{K>~*0L$FHl$@q5;!Saa*OuS2f3l)L)f{#hJ{x?t4MdYr>90_j; zQ2r-zh0JJ)XiL=27JY7XRNNKz?1#IC=4!ukez1Af3|ELl;qGb$<{zSMk9@_x!^W(k zh$knVmw3?8U--~Si!9(p zN;LNLKvDZd^I655_bHs&Ze|CV1zFS#zoCr}U6!iI<^~UUnmEDcJ{KtUK5iBymy}1v zXDs^)*|_8lg3jqT7W7hi6}I$IxT!&Mxqy29iu>ha z_&ysdRG4B106di_%>F4Vs2ArC2zT|7P#lg>HT5h17fA>4^EkF7Nj*d9tiSJmB9r`q znB`}uhf{D}&CwBVk@;Sv?N{Htl06uvmHma5TZ;Q$hgzC@^yZ(2W-NP=_+5h3ShB+~kZxU8siOA}H<6GD!) zc_2d*4~Sc%wH0GlMdm+vR8Pv)=V4C%pMbPo@yw8VS8HVDX}nQ02cAd`)ID!=I-e7d z{ox8SrXs2)tFuj@<#J`2OwDj~@sJf)M@1G&$yMN`ZQSM~4(=CoQ^7h9C(Xr8)d|_8 zj4Nv+{36QQf5iyD@}}?bYFkS>n91$bqTNzv!Wix>Cw?&ARjme0#`iMR9;P!{gT>V>!i%!F6Ls}U!zoctm5XL9F!olc)B9m^BNMI=lS)#sDQ$` zFbZD5d3Bc3tnEj3|Jth%)9&u_UQ%M|WZ<~gNyceG&wJi8WP9Mus#^VIqjl#U^|XE| zQg-$FC9b!z1>^Io774bI4gIKNpj*msr9S%Sx~1aM&^P<+Q{W=8TY(40oBChuCG8t~ ziO8N}?hGt{)99clbc@=;ffpcE(gLRc=WZ%kxEF z?(KSN1|_21wN|4g-lXd+-YISg1q(8W+;;Ov5eJRQrqCDddpc8QpP}I_H4hu~0X~m7 zr35H*ANxs4oeGI`GwUnX?SH%p zPSAw1td4f}`-W=Rb!TG^fV$Oev(RMGPt&lNs>3JChwVf97#L#!97c>u)ZH4hVNJMs-YOeE zwr;&Bzot|uAE5$h$`gA>2=j3zaGy5`=Ac{QTJ6XWU{ObqbzgJ>=&mx)87|OS09a^~ zpOLFA3ccaL97g2Uehq3c&{mdM7(?D^AdyW*I03^{=>q-BOd%)@);Lc%jdsLbXmJ@3 z@8-f6M*@Txe*iz-&5&+nN5`#7%B!JOYfw?8iCO*hTh@QtVE<8^p8oKJ_!nCdjb6x` z=@ZQGHg%-sG7~Hixi~A5o9IKDK;mH3ZxkF5AQXNpgpa~$s!0*1i)^N$Tm9*L4ne<> zJsyh$)ggSYc<)KW&QxwykC*x z01ewi41qaTs!tO{807;+wGHS}V&&C9aOR`vfxS^ej04&QM$&iC$bg0_Uh`_WJ@eXs z<)=V|n-)}5x93*(KiCONlzsG|>wNqTs3-*AE)_hUZ(d*!x7r9@pmgFiX=u%KSUv3{ z>iq$#z6{-M9#D}@&V(NVfLUu@wx%Wa(y~x8i*298_dj2TO1is>Y^H{x~y2 zXAI;2Gn_)(U_ASO2UFe;@U!`crKWASOe!GU)qX)O+|KHwK6oZ$ntHphVT}}m*n1{Kh*-=Y1mUl ztHufOR~dw_r}P5^Cp#kt9e@rmi_*dMqtojmGT+m&JM-0I(t&Zr-8OWHE`tnv;qmbH zJfgm~o@_CJuzGT_0FtH zPj%acGe*VI2a!7*0PX>RX4>ipVjt`E;s+2je7O!6{#oe-qwNWBw-t}&s2OH*Ko}!| z;7NJN$prIptLV~#3{zNZO}(?Ds-Odz_rIVN8B`xu92wPfpam5jh70pB$26q(`$$gd zz74=Q1&_j3Y0i|-s)|nJ>RrYfjip9w>j_KCP^+q<&7U!>k)yE`M2XUv&7qJxgzKI+ zdXZqdMat2TAjYCk?LQCGQ}`jCYVr1!HCpi24KnZTQ=_Vr1sV7=jFxJZ^uw5-RA`0! z@xnT&d}yYHMBXcwgMSw1OI=(Q3R03msR`Qz-6v6X!%tvjnj_+>gn6{ z8hPSkP?uggk&q z$Ul4nPtD2cup1FDC81UxR&yqR*N1xo6Z+UGapT0)%iyWWySRD*_CGVyWb0#4IYRu3 z`(5Av3?+siKyzlIn+W7}>d<1ejv(w&NFT9GA0hK8n1s|bo2>L@_s-A^Y*_obccxPF zb$`2%@ETL2^BH!^!!7aVdB%eiN-Ga|3n&EdgY&uibx=pW`@GaJ8~Wx4BY7)}Er-Kv z3xcpUw%DFszgRxZUU`ZiFju)rkLUraVPRzLUECQ3}H} zPE+R>c8}<2vRa|%#&B>AOZ*C-`bHeV4y}jfGjJ9NyO@ce)A58W8a@MxSw&Q3mI7Rq zPCiin%>-Cn5=#UyI!PO#3A<}6f(g5JErAIFRx!N^U&xUm;gG-Es{sQFJ7*4KzMbG( zrzw_)D?xbx%D_1ZrWNqS9Igi;T!YVS=n(wHUA`S|e|6?Z%xoLn7a-csOL(V$2= zZF&63Fa}n0y&3;fDntpH?X!4^5FlZ%BIn>9ezQsLtC`>7?J;>Nh_~O(f@}gG&5yA1 z=yYEUDI{54m&1|-?w>6W2^A$M5!PTfL<@jEN66)+>Y9bzAk`>1?N|5kP#3cZ+Vajb zmE6=s-a8e=$YsAVoDHC%RXA$!#KW3sGUZVYPf1~#SamuDFXG3M?EB;qgQIJa8m~#B z*$ijORN!bJnb;qsG33Hqyr@fXg3phq-#lTtfK^M`t^7Xg-IUBDfcp`<)ve<6L4{PR zq&N1 zDTaYEoDK@q(Deh0jY^}4Dh`q@r3anI2g97mv?AyuazG82TCeSSFx4g<))U(hyH>cyHxhcALt>zO#&Z0uMz6dhPs2ptgwG7#CPq}@Xz8NDPhk`!6+(K7;#B85#^FH} zkV};OARw1S9kAd5tr=9zr;cwV)f6(n$AhOpE0@;FeS$9+f5`8LQK=k?;ViOeat8!Q zu0*6wpinc>HK0&8;WZ%FFzL;w&@|B{B-c91C7{s$$EQQmt52>=(wj%2cVs}_5urd~ zFy%X>G$MV4rwPCYdqoi83EpW0mM$m80fem~#{q=VleAY4QT^L_2+uC5nZXwxxrISC zAgSf<+8?=fCiW*jghEsYuY`OAHd1OF7=`2BaHf3Oo1N)R=3p3d$6OwKQb$DKMr7%> z*0vd2QM^kWr<0?Q4X0z`E&*&H(zI&Q6+xwqNHXVqLr?TY(d#|+oGy|ZtQVQUv(D;y z;o(BfX-T`a){}zH>D5JY#T`GjH-@%^*OPKZ({kqqf7=`1GR$eDoBj{)E)atOx7nXp z@|8xAV^x#r!l5_UPCEGZ_9=sC$+O6wxURSXbeupIw4mjw@8MtZpf8^(SO>TkLr+V9;*FYyv9!K8XP+_6y= zPCOop+#p;UCVU~6!Yu*2L^c0XRTLIOA{cq}vnMtpKUgDPr*i+OTh z*iZuaJ)STr&F+yKH;EHKl=Y!7yAr^|Bg`u8P0M+bPawt_pxSiClnN`2>5YRVk0%Yu z(fO)BIG#11fyy+$gI04avPGDzLF&@{fB`Vg3+=LLs>2xSCA-P^Gs4T)$9zRPq+p0! zAZPRmY=?`JF2ox;>6(T`KVP6>*X5ZF2$*rP1TQbJzoq@Q@pGjtRoo z1;V2`E4pzyx2Wl?=Tk&;W5yS6Mq>SYpLWbHmQQxI;3D5S57GAy*!cAi?2Z zPcbx~Utc}7YG@b2TxjQ+ETjv!l3j8m8$CH6HfwpVqe(L)|Z1 z9L(8PU3*3=@cMWwD(^tI>JuJcPwy^yo`Zq)(G>{B(7V8-hJj%MR!vU$3zX4#r(^XR zw0Yl0Xk^yV?8dQacNUEIfZD9a&?_+35rAfRZuhZPzqmaGWOb8Ic--IU@36H=BXL*T zy>)%SeDE_!2ev+McV11pR(>|Q-7Mk9oD!&By+Sm-$o_zSQ}eK39spQHu5HLpIQ_tLqSwAm1z0mRG6@B}>PrJd>Ew>| z4u#DnFaBWo9ktJrEd$XLhJn^{UZS@^L!fIJNiu%P=?~{rOvwAS+o3$h7x7T-Ie-(~ zKu(?5gl@%tospTYJm&JfF_VLfY1)WP9b3sY=}{lX)C$bcRP`1WA=ZrXCSS1s;=ESA z!TI7K_{!0fLpJ<59I3Jr;t3m@|IC-tVGRKwp$-B1HsgYo8!HU%ncd6Qx>K)X#3b<} zhj4iQoM-i6Vs7`UZuQwUFipp(7>TiS(i>^0UF{Ct&wF%#+jI$sMzGloNskBefCp)hU=+(P*k<`nwhOTlRcrk=(M9%U zJcK(2vk0jrw|5m+_m9TOtK`bb;~m!+M}dl)w(pZSDte@@(rNplo(#-@lksfVpUTi> zCe(VS>$T>!npGWC3`8SDl!%UIr|OrSxhDn?dq0C9PFabis68G(6U81Nhb9JKoWlrfT&S0?qqq=OLGxIKp1RWfx0kb-+f^ zjCs|Zde9(I>{wrmydBZ0Wu*B{jh|=wFEfM+Z7aTKA|2c0l%?QktEn^a(?f+(FB6!E z6tFtKE7i`F-S(IRdLh=cm=l;s&|FBH0L1e=62>RWXZ87TcLHv6QE3PRL>-P;I!hUy^ExeMUXAs8~;zrCark-sOhCFyksL*=BF)#HfsXzcpn8n`*1Lj8F( zNHzA#9I!Q>i;wg_&TN|OZFwyAYOLl*LZOX&FE;A>TQsVf;U=k-bkSqX7M`ZKV!Eev z8r^G{{2hj%?zvWZ0Lko=b9{qxg3PagPHrBdDfYy5CQe_rX?IH>-?B*p2CM7idsjzX z#DDZ_74xc{w!4|!v&S|yioVFV@7MR3L>drJ7|%EjZKyiwHY~MRVXT1h+O0UmwTa_% zze7@7>E7eL=}Mq7=f?4SY;to2JxZ5~Z>@l^-4!>#SNTCGmNw=opU{Z z>b@67#*)Y{;|+8&^=?F})?Bu}!CL3NcB|lU%uJfHp)OF9klB+xY;X`-2L(dEFC=RU zhb!p@<;1gi5*3Ed(5;%~hHEEz3Yq{E6sWx7S~!y8ES`(uwT`sXY@umA9w;7G{3z&= zB#Hha{k05s_G1S(1Yts~Ni^d}8A_XOp?VPb6yOHT?`BxNON3_3>@MQvlG{I6Ig2PHOA#F#^F82 z^~1*XQ^u#BZyPrSKhSsghNGB4ts-fB{zrd?J<(3$$$x^e0e!onbiTii+z zC1VBi=-~9xXY5rP_V|TeG4Ch;ssmmLeM5MPVnmRjUi}{#yQgdCeBXe`;C?vOo&NQ| z1gFeAws;47O8|j}Cz(B~7)%TGESq!ORQ)aMQzgtCn`_+gU<6yi#Ll4*s0a;0n|oaU zN(9!WwqX^YKI6sot$}$=NE$MDmgjn&j%+9Bnyp}da2}DI>uuy*ci~)A^7o0%*8Oxk zoOhfyZk$mSvsYFw+aB4s;e2}Wd^o;lSVKbO7{yLe3GVkJtoJk#Jo{U4*b=OJ+%8hd zvA%BCTA)W-o%2}!le01K*_DP|$k`RxZ>`xN%>H(BSJ)r}mEibz3|ZI^6XobUyQ1Lt zJuYTKlEpPGY7)~IKlw>^a^9EY*4p`br+A_HuhJAKU+{TUlPqD+6URP^B6rH%RVa$? zmMemhDG zqMu7sUM|HQxR){E5+ET9KCXhWDOFLc*JM3%chj)>{$mmRKq?gtYwO3Y#oA7)b%kME zaY%ka7pg?zJGdHKewW6L$K^Cl{E>;|=Iv$kebE*{$F3V;$1WN73i6w-cvo=vAj^nrLt*t}S zMPVvu!2&~t25-vm5Ex{Q6t$dNA1*NKzY3$iO(5UA1^-(4k>ermv5nju3m4Uo%m z&k!mELQ=HoqutbpLf&B;ih?4s*!DT4ZP5$}1X1F$hF!dtHBtsvyAbRTY(J1!gtEp@ z&fyMSNI=|ES_n(cgGFl@d6fNPqc-uzcw}RK%eM`tz+C+*^}onW(*2z*Hg76iJ7^o( zdH~ZtHGpAl)xfkqxz%MdA`$7__JH_@Sv~rD{%`L0eA z-Rg-vSjA?PwdwFg>2vHq!)u-q}Hz zNcZfS(TS3K&hTAcf&!B28_+k^sC5+|=RMOU@?ECMY36q~eRO=;hn=+UYSl3H*2LuX zO^mu!9q=`Pdj2`kmb~dlBlk@nH%~Hs&C!JFqqv@t={T~7j?6mkJ
?Z=j|HyvHf zRVZ{srozW=MQ~@H?<_ezPtr?&mdFV6jD9>+Yx&7-_i95PR5!KZXuB)0BC6_YSnD;1 zN43%|5p!@<%l-zZ_W3c2OF)#Gtj7h7HiJ6e<*CwqK@*V^R?=SolKZVh8|)TnOkuT> zpG7S87~l+4_h&P5yg;M^#x=g7h)gV3MW>&n6f@otZPcFl5L%&s{yo2HLHK_vyQ`?S z+HPOqrNxRvan}IF-QA^VarZ)TcXudW+@ZKrthl=r3GP}XxZ6%k-}jvTjlIViCl_ms zBp1oWTI-p4=KTNi)B`n{xri0?(5y;oE0z+z*&a((#l8_Bhtf_f(@w4hLMnWzOYFqs z{Z3XzDrw)=x$*ysO{%7){XbO+h^AU4C0fFFFn6kY9?|uoD)%L#W-rsxe|pH>?l zQR2tj{Ol`e%R{eoiE;j)Sbj(UYgOW=eYw4f!vQWUScLJ`3H?Fro&26%2QB-H(5@5% z#&;KQnN#E<17r*2aZ_a55gd?HWD7HiSuOoJv)Z(grfZ&Yd_y8ONLH{WTY}*BND8<$@O&&+MFN>I z_11j}hBN$v$=Sy4eB(Sk1KqV+)WK{rRdSr=LFkp${^?Tpb5Ai^t@8D!=PDG|a9SP+ zcmepCmFERW8{TlpTfI9_!5B;k>P($BJ^nWzTk0zIvkbHjh4=nJHPcS#V|#V5m2dB4 ze#H&*YYF1B7_diFu+W2A-lVm*SxpT*jjYw|k~(0RwxnRuz#BS>{$BsCx}12X-fhO>5_fBC|eHt%sqr!!p?*x}woyP*G>|fSv-hirS7b4&=VG zXpV{14NHZ4CCvY=0P5aNwVD^7yrI3Diwmv{L}%g_FMKM>g%~Gd+79{ovj_h_Yk()6 zhIKsgbT~%S)?YoRL_v`E`UJ!^+BuL8N_3L|!4ffg>|)Gy7y*tMf6=D?tKx9`ywdG! z6CCca9oKiR-)r{x9+wVN>Z7mV>0BIBLI$oLB#$D_B&^Fq9)g0!UD*X3Y|a# zIbUJ&xq%i_-G7sl$2XX5$q`M4vjIU|i(9C)^E902Npal&$5*)vc;pgI!&4%N^36WF z-;Msz71j`eziedn1K(2wj$+GBY59s|WFRI6(JUH*7xewHCaQPL}L2x30t> zamydFLVnA#H2W+?Vne(9wW@hPx;mE98>U*qoW$(Jy-0!tP~|m6;Pl|l7KK_`qKz;Q zyM>=@jGVA)f9h)OOhDQ&FLyGOs{$erdWeAhZ1%em{YIhsftFxCrmVhHQl7GcR)zG< zqFxPk0*Aj9DM$6VST4;PG=hUWOn4BTW+Ucr%#R(T^aT%JjrlR(8$Lm zdu_?#TKVLVa*Y#IXv`s$Zw^dPa%CW*DJO|=`6(Fa2^h{+a2|;_&=Pt{ z6oyNBP-`*@-`ig9@ESx0lDMk-CIA5av*TqL!VVMqzb3`mtX6NQx?3YAb%VC3Q~wE| z6^aaqJhHI2CHz12`a#!k1?hAJP_DwA(#$YMT%w`1P^2wdKc~s1r(v0W&YlKr<-S|y zBjPaA^VGV6lKLT3f~Z`cV3~YIAvGt+4h2)YDEf~^ahj?%@X1$RWWl`AK_BJUOk8ym zrc}kXk&c{er)6MHZwq~}xL%u$-b9jKXqq@zzacN25Z#_lSUw6l;aHe}EHbvV`d)kx zzQ~^F+b{k%a2ZtaMm|D%-XvG(WJKHwcUOb>RH!k*csArDq|gPJAO${qh5u~ygNI0b z1+4HV(Sf7hMcN#zG!+4F7cJ~o`boN9TgQK#pd^eC^Cum=^X*eugbITLhNbf8gF~ED zSoF;92m~BL-8spRq#^{}tcd}*Ed}2chL_?lgka>RQA)o={L}0A(zp5F{0Sq%UNO_9 zZln>L!E#PRG0eAhQPlQ&NHEx%3o7V|c=$$Sy@Cj41HK>TCi?g0pgOI4@DD|Y#zCY8 zSoqg|A9_~HAA|U71%tWA%RPXooy$%BjHl7?K405 zuim@HLh>0enSX^1QTd4G8*hyF5DuWGecRnTEPYc=ijfqZVoa|Q**(s$<0-?oE0%Of zDt_qc1WvKHI|bKXBii_o z1Yr{Sjrxe21^(T3G02(*U(#S%yQ{kz@H>Jh96z4ndf-@ToxuCC4~^^!Q6nkETuml_ zIDf6sY|9P~gc+K?K-TND(R5*>vt9mnP!H$&?`W0@}`L@XL!q#<8@Lha;QVb#UdlpixWZyNM5w$21 z)kTUq6yfn-n^Lt6OM~>^Ng`(k)Qwns!2J+)AEk`(pi$`EY#LzfSmy?sb4Ji_#BmNI zjNs_P)fs??=k8jpWIWgS_Q}+AEVCQwu=p3R)oXtlBeQCcF*Mr3^tHfhvSa`SU_!#U z6i|h_PZ5=uufH0KTlQHN;NxurKka(rSZr<{OkLG|X#Q=qQLT7}aVbnG?_3ZRt$tL>&(qQaHn(3x{Tz|+H)ywO!Y zNAJ-v2Ite+sr(}>^!>?cr3e>Y(F*!lB!)xzRIrWy!|-O;Nljp%&`jko#;gp5nY0aL zpS|a)0iZ3{Q^T}{I^=!9&Fb^6g<#M>a3VhPs@vD7mVy3(O~ErB1N*LP0O$D^a8zuGI?@6SsGo^Sti7_!yd?fi(Nca&x1 zISt5d-PV+{JUcb$1vuKjySoeL*vPss@56(*M*1i}_wOiV2qMpx)#r?g)ox5V6A4v&zI}7dMkDfUdk=l>fP|V+;%)wQE-;#qFKA3 z4}V4>`*b7Li=TfAup{i=_g`n8broCV=Bc4s+^aSWWn5p$XjOKgyXzbh@$T<0pJrte zW^H*W%IIw`LD#YU7okclzrxV5J4qKHvTP{lvE&+X)E!ruiKQ`ibxJ#vr$sXA;onX@@ zwDI!4*SY2ppMTXV3;$Q~h)DRYcu+I{Ry;D=HypI-u%+8=`w#1#zP6p~q8sKIsu<^< z?!m^XS-ne3qRrT#QCt5yC6+%Uk59&mD39`G?esW2n+Wn@S z@~=M(T1Qn+f$-Qbu>hx7lTzrH>Z}L+7MBV**J03M&<=#_FQE-aP_!ADF3u;>!XBD1 zXaNsg*^RHxCy_|*VJK4wtfcCOsV}Yv(e&UhH1i*ssQS zaaXXMOmJ)TQw~8>*t_J>>;p(!*SDyr-PDA>bL|v@}fo zyZFQ3Bqerx?!R&eq;x_IySa3NZwCG!&|~1I=X@9%GvXEh3cl+grHigW>&VH2w>J-p z&q>VS=<~D?UYl@*W>#alJYTBEu~7yDfANDTy%#uN1CFIg>wo$A`Dd68C5U;lnNMix14LalgL)ektQ_o{TP0^J_U%_K>gI4;!Okv?XX5u~;1R6uTwx zMn)Oa9X}iE22~N60vo3+>au+;o!ZxtP=grocJ%>It6njOWl<=QT84iN@7E)>sJQDO zlWbyz%boibEP~^A2#f=8d0c^p1BFw;cD8GG;SCh!R)nz@;u^+fv}AJgDMH6xZPy}>o3w>D82B~u?>seCp2bOcDVNgW&In692U zjT~SW71yceJAOY}_Vv*G?NLGw$3i|sGL!=i^Ik5VrD}-VZ89|b&)LlJdJzJvPF|L2 zV3X_{V7sMt77&_KtfcevcZuJr?i0EJI@ht^&L-t%%V&sxv<_t@S#X5sAI5|Gvi2HD z5QG$koQEgrDi7&F)6~F?r{gy1grVd1H!SPCtsxCDRE<{f0jno3v@KNPC7(w>nm6EJ z`2*DrHR2_FnCT~09W0-g8zztX1vTq$!Y4}Je4AT*yEZe(N~7HAhpE;YM)C#CUkB9_v$iK8SIfVol}&MCGETKn8`v2mXapo_163uBdd0V znakCuxGAT1s){Uql9akwsm1jvT#(Qg?VAyAt=3k|FmbILr+yiH(RiX?mI0qUV{DHu zufAHZW2hv;1kX`f`4a3Adrb=i%YG^ab`|7Rx+@VFt^ynML6NXlCPX=hI`QB*U*_9h zUW^A@s(B>2{?6uBfe%Qc904VZ9v>tgaNb5khtjUbtk3jyXf9Ef3>+3nRd> z>xLusc+zkfOih5(5fUozzU6mWvXNE*ZQ?) zc#Dme(U0TQdkuFRN^eYgA|GX$`LOi>;*3)Y$3+<|u2R!sI^)nX)i9@qBC^ow3H5ND_jPpx>Em05VbIN8r4xt4FYtb#$zCVx(DTL`$+3Z@W+X zdS4f@x|x*nn@~R`V}kKevKg${LhhM0Oj(~oM!B_|!JAj*qcH+nYCCW-Mv;K3Q#9W9 z3$A|dZubir`Ewc>HZ_^+craHReq+iOaTrP$m*2`>Rg!0aQsTk>nM*buvg`~i`0UfzJ5f$n@Rr7aRMLOI@( zVhKVearYrfpQSVUUPfvE@%je^nH*=@B|D3_uSkgHnC1@svez=b0P}v&xMv6 z4)WY5VJ35kl^$=PnRM60!e8C4g4n2>%O>*WJB80{d%p{4lHlO*{aOu5Mk*d>d+Z}^^VYKsfM1AJFPi9b!q z9qJKzV^|y2kA86o%M(icN|*$3P6Hj=r2@T*w3Ch!qoJc|4*~H=i-k3^Sq_sC=(LN? z3+ezr!yBJ49OLb8h0$@3BSiQSN=Qc9@(Bw^a27*ad?F%y*UE-Tuei|m2Lk-3d;-;LK)gGdG<}Lws}MKMib?c# zbNjbs{_y^A0bwRDQIVv`UyBaZ4ORzWapU_lLex|pCN>pJ0aI632QN!X)u(!{`G-3f zqWJ!I$Cqpi96cU0YWnsO`31-d2 z__$cMv{xf(4d8gQpvy$rf;|jQ{qmegW(D>~k*GIVi{@lf*LP+$T?2`jQlMtyoheZpjz z5;s8u-BR?Vr6Av1q6{z$@T~$l$`bo$`oj>JFk+P2(rNLv8Pr$kTS9*+G2Q@Ff5*9R zll`F;@B&REC-v#EEj$bk$v>B=;#X_s(xL`0dU2p5^Fu|Gw2_`ywgNYhgzolt|0C3juE6DyN*wo&>O zaJCwK%O~wzC)fl<#UxKeiv=(#l!n0d5aW{Lj<}Iy{uGyGo(L5TlLD8cSFG4>DVEkS}pKn}ubG@*n- znzCAO{3@fEeT~8wwtS z0tUg14640P5hkZiZrW#CN3xJUp==r!gG1tp3okrCFKyjD33xb)`KESTmDvkESOZTI z^HA%(7OrkB?hu_?mmHe;$)*O)b>`O|14`T@q>ZY-I3DLAYBa8xJGi3&nVgZNz*VHN<9$hn*5DrxV6-gR3sJil;ws|W(Y(Ao-}rTR5v7upn@smb-}^yTnW_h* z^mNjcL+Z+JzEL3NGybet*X3nvq`w6U(z7|1TXOQl`9-rlAavN`1DU(7oHJTXT~u zh9Qu~U*tE)A@}zn6<=WM42FKvGrHzu^KNUp=c!#&{R^WPM-(*jWU8D&UR$sZu@McZ zJWe_YmXlL4PL&$AA>BG< zN~BwhKWbXki5n|Y*Z?r%)_4NohN8aL8;3U9sBVx(p9|dIx8((XU4^YnsoHW4p}5?+ zPLLP-hvksR^<2pR*XsaFf}a368{vv#GV(AnSVaU!tuuX&I{MZP)q+qedCvpMbBsAk`T%mF}+9Q0$y3>A6GzEuA3wwLJgEtV5K4vkQ7fJwOqc^ET z2j1%8k$;mF2vYP1I{ZxHD)kqz7~+nb*UCOibR%a=`98Fs>xAO>9hbdK`o zZ)w)!+bTfa$U;1RZfe%oiCRj=Orgs065H43rw0G#H(U84X1SbCC8SaLEh!lf6~NT+ za*@^!+m$E0%d}qEy=M0S_tK*ycg8zA*RGda~h%SM{}j@i%);GN`j&2&xzcb8qy4Bu-|ytq4*j;#G7c zs53=kBB(Py2jW%CA)R_pjut+_!uDl?Vy3vJ_!51PvIGvyAza{Gj^w;XaT=`t>PJ8k}zmIhW zhuqn6EbyqMLCl*;e@%`*Oow?qzzE`n>F_Vk;(M=DXIN6MHg!naLMOEdu)1%waw=ks zhEb-1@4M8LHPWX8#iLTeu}$ptrMJ-ke>HMgr zb~#MKATU!LOgH}B#?X#rT|Ss>rT=>XfEUq!zz&!F-RyVZ)r&)=JlToYIOxjJ-+=F>okJpm83^hf$!K9T#7z}88LTg}>d^x{5Y1!h<#`w# zA`fyiTD=^ESnHQcgW1!4d-ow_`Sw?fOUjGh!!?_ghYe-W{b0aztht-Rh$YwbuwkSF zup3jaWzDT)yJDUBZ2`nJ6#039_(-c-aj6b^jt)DmP7+i7_x!aSAP&zea8WLE*)>_; z7Z%NTW+uyC(AjBEljE%ZFj29LNc|1TvDE7QGm(c{?P4Qhpx2c$>|$+$(!MEH6CFE* zySd`lgp48zD_1p?a;~5f^w|{@_53Nalv+ZNX+Vk$${>r#AesBkXWxMn8x}k84a3J~3&DT|Khhstg4w3~by7nSl9KzOcwwA0gu| z)jB*b8ykg8>a%WJa05+1xm|IN&^+_~i_FzODh95zXWL-`~k;##g zTy8dMf{=;YP)2*_CeEyCo8qKoqJlMJO?$H?23{t+i-kF)a$#yhS$i=+Nejxrq!xlL zVF|}n6m-sZ{5DBt)Jxa%<6wQ9aK*6DN2z95+i6^pQpr{r_5gVt3}(8JWZ{DC%Q?{k z3T8Tn5#lNP2{zIxw3Nh5 z_qw5ktb?B;>zTpE3SSYlDx?#Mt1k03+~u3q{^bv;4EHFuBu!vr;nkvh)hA8cpH|XwL0oT>4MXRR3vqgqPZ4@hvN zj-hAJkiSnUQ7W6jYG-ilZ0?j07@T@Vjv(A=pf=nbQOW2Tf=8j&RU3glry1#aokQ2# z8gk6+(F;C>yJea`r z3E@Ow&!Db}?(HWm-}gyJsVTF zV%DTpm$BE!+xzb7=6-57e04w~bNBYq{@2rvoA(n30|;c+%dEH4yR4(QRokNeq~w`m za{J{$;@eDci3b0|>}~HO@tN{YnD1@FVG~bkHKGcD1<&F~@Q(1_h$Zp;(?e0M>YH)Z g%3T2ercs!`zyBF%d-eA}6g__re-HWU73{130^fiqYybcN literal 0 HcmV?d00001 diff --git a/released/assets/rancher-logging/rancher-logging-crd-3.9.400.tgz b/released/assets/rancher-logging/rancher-logging-crd-3.9.400.tgz new file mode 100755 index 0000000000000000000000000000000000000000..c5ff15c433d94c0fd8819c36f8788c7024543f2f GIT binary patch literal 36671 zcmbTdbC9G_6R+9UwC(Qcp0;hUfI?4Hp4LEAidoW)jY*$DnbuH&$xK~=jaf!nnORE3(p=Bl z&`nX!hD+4Q(hA_BOTz(+ZJu;x<`V@4>8<%^%p3j3)YAlH%x3m!jg5LmM^6Zn2}N%C zudo<=S>RmKGMUV;ZaJl2Lg7lhd;IeC3_94TKf*K!;?hPVjO*2XyAjQ~kL|scPXE+g zqe`wX!&wq_j{@0jb-LYOvTQ$mb-Udko%Yy#J{?uibiW@>vDkFKpHq)R{CFu@5XTCGr$e^n>WUR0Z#TRExWS#dzpI; zVSa*}4kW!-tNOf_gDIG8t$cp*h#I897uWtE-SYCZ2~V4ssq6G+irV02ywU1Q7rrUi zDN;GN($VSp^wIXYKboqLxYost%<}nBAx!(@sAe6d-RMqcm?CfO50i=!k-7ojOkg_$ z1otlY*Y@W~i%mBd=a?;p=XM1})J1c+XuB{E9^A|%+iVw>snWm51k7Tb` z^D(0jt=noQ->Q#XNUQFPx?yFn(=QPWc)ZG-?SQC~O+707(Ob-Lx2PD8Gr++AeZ9YZ5=4kU8}+jF70%B8Y?trgVIsf;hx*ux4sr;)mUoWX0ndeo2Fcb2GgNQ zn=|?;CzFoWzjUlLwCcReBJ>*$2lRd5&#J#Fc7{J+9#V2zF^=X!l^N_>g+AbdC)_Af zxnE9|$`Z*u52!=wq$pVF9zzpRo<_^ z?#oGkOWw4XD3%xPI{531{PqTTQJ_r4p+-$7Lt@yQ&f=PfcEx>%vzZ&Ne!1!||sNLU$@>~t%0b7RLF%jtt71Osli9M~TSrbY7fiY3|K zAOfH1RteGgx*Mdiy?u}|jsi2B~K%)_;JAW?q ziGIF74{&>GHo)8ou4gx6cv~u%^!bLOexu+ZFnoa*kYItw&FegA@Ekb|k%eoUo0B(K zaACTd@>5O`dTcADi#D^-K&3zz+wx#5C6*FTLLcS2#w;RbYWzw(YxFEOa*iv^ox_rbG8NzNqMerX)5ha!Z~Q|QBNtce zG%*ei;QGkYK>3O0(?PcDiGY!A9Wt$wn^Lc5w2i8ePAeev`g7HEBAapRSbObp|& zdGfMm2D3d61kl9cW{&u8@y$}1Y3=r3T%eRUk~N=TpRk0g8p}bdKCYsy_lNu+V@~pe z?1%YWA9-TPDl@!FypC_e&u3e$npm$5QuF{_M9twnhb|XCL7|TUG{V@aMJshFb?AN= zEt$j2C)a|V-r$k~NzU4Co6^b@Fyx1@E4VYEe8C5q-=w2z9=Q>n2EbD4_`RvsLa6p_ zv2{*Li0~^(KI~623}+QoV&RDE^KGNIax}5X_LbMc9r`lNM0zv=-%q$9v$S$X1gej~ zx6uRxL&HBI2OWaFwZ`e=2Qvuf!m!T1t$&hmZm*g@#JvF`ip*;Gc?sKlL^2u+ zUalE>*O}%P1|wn&0fhC?nHVB)krabW3>f*Ce7HFq6daL~bYmbyPHk#n(aROg1O^^q_p%xiVUu^nc^#iM7>ZLf9SGH%M=n*n ziB0ngRsgGP)sIFZ*#$X*SF|VSj8u69Vk4Scjui5x2*=4sE`#h`xrP+|Zdfo}&eN9~ zM=ncRma{{};9Gi|+=HJ68UZf=#)nP^f@OR;8Ah4&6O}Jgm45OGXzf^ag&TNxt7M~K zVHQHU?}}`yw?`v3={amHq)DbwNq@d#hqjGo-B4yyxB_Jbv=I_R!kUjYlxFb_MW`5} zUEOb~lRe~**SfMq?d!A-444~$oVXr$^V#|tVE<-T02qR8gyzed0>?|z|hJCEpA3wmDWovT?A)n>! z0JNOm_mqSHYvsL4&jUNL%$(QE5@rD&uBAxu#|_EAz=po6t*f zNTy??Jz8RcYIs?-q6tdsz?hTyp%5ufUNtf^jFj9E#~L-;Y1JXn7B~z!>cl#XIj&)` zRhfua%JN2^p zU<BA@qs}Y=ne;Be-oUKe?wq$ML#t?J< zIhH!D=$a{>K9y~mH5iB`e^vqo&FQ!<8i;VtmE_1__@!rE&nmn&>K%q~dQ)%iX!QtBwCw^gi-hQtyT&lB}X>ymQI+i?oq+C8sLbs&g+vm>Th#0sJXX z*(0pC-(qP-rmh8#_i%z93{GsUISdY(9v1B0RI1c%p9>Hj#L)Amr$r z=UNyd0nC#^=jxoP_*JL-pH#Zrx7%~yuK}&(meU&NwHu0q@<*}FtKoQggKe+KrC#AA zyqSWTEV4Gn#HVN&Y4v2<9sd539bu@eWE)5m1_zR!iUO%-+h$4~3vv6+tRG$6=1a^$U(>&ZXuc z!WyPP@rZ+-!Mwd+vA|=BlV0>=615lyb9Cc)5>#--um~}lC@d~gfr}O)Mw3>RvY4=D zV^&x_a}5ZjQyW;8x|Xrcx0RBzMqXZYy3RaxbZjYE{g(8TjsP*WLJQlt#ftJ!s!SGVLM8jdRz(1$iJ}K9YomoB{h|MTH9I*Wh=8LfgMC?K;3Un4N_!xpe1i1eV z@^q27;}uqTH-w0EfWHAY-J3ri9F>tDCW8=#kc0Uz=tfEs8*vKK>$BUe)T-*tm8gA} zatCrALXO^LNU16@`z!;WK_^uyEZuGpv9y{>g42A*$+hVF)LsI4pRPSM1rKTi-k{v? z95~_I=_b+9isFqH)F%!-TS^a~sEYjUpP{nLUbY=D=$8E0vyDxu&kBJW&I zF@;)xtFAx10nl&sPn?s&L35{w3$zsk+{ii9kz*0HQdq97I}$AYY;IBy=w8@xN-Tje zI!_-of_WxNITQrt!A>>>FZtNn+{z&a6JiNy=kSmcc}IYZ0YjGS{wc5^JP^4J&T<8e zF7-NgEfn>g{?+)mp9A~s;(9!j_{J_7DawX{TF;uk&8fck5dBUCCMgVh`1$D z?(=DRqEtFN`5LOW7K#7#N@M-3231`Ev9+s&t0Srh6?hgrr5XXCI!&uJ!) z_sVfsYp2qbxQ@vnARn^@Yc^HC4w9Gve@(=4asvM6Sd_%wvMVd?uv=#DV{aKkuugt3 z>APo)q{`lIvH32#Ab!iuFZv1!3>8$H3?{Lo#F20;>B6-8D6B~CmaQ%o_G9%dm@ibQo*l#8ZEPGCo6+| zcG515d$)U9`Wf`MKgPagWUa?k|G3rt-3^Gfi-KgI)*Wi6=J4udyqq)>&!U`JWSn+E z7H`92AcwMt<`d$J_FgN*7lE?pC{)?9e0eo+^b2<8PZy!eVq-a&NgCsW8Gw!A|>v6MM% z8C&5|Y&yf!yP01T2R&TVCz1!hm-l)ug9);Ojm9xpO? zEbI@0irGbcW}BdFcY%c}518@|71RC_-CT2~7CF9G$p`vG#XG$s_5IP|bG#8+R62)Z zU}{>=QOeZdF7$1i9dY=QO?!1R6#=(FcxrM+P-lR$@= z^eAA>Jj5kPVe4q1e!VDMepy0(x7a`UltEkpg7&Cvw|If^QEl;Pv-#vg>$LgbMnAgw zfps~9!ERn*E}yR+aH0Opo<=ptjCG`I&olyt3Kzipe77`SOv%X&@cbmghBdbb%TLiQ z{Zt>3@G&<7W>SO^@GvF}z0OzUCfyy=<2~L&RTkLLeO>>T&o=>cXyQREo)I-4QPbyg zI18}6xt&$7eUOT=Ed#rTCT`jS-RULjJR~?YwI<|C*=kZrqb_0Q0Ebs_OGI<736xn1{GVooh*crtn^pBU$nVDE%FAS@vq|2r+GXWB&9FhTQK_SF8Z z7jr{R=^`PJ46b`&T97(INCEx{C8ju?Ds>!#fq|51P-3vp{OMLRY#T*+)yd8ddNs=$ zVsJaysb-<1W_CiIzTT|PA856_Y@Kfr-dBLm`Cs!RgK=m_k3@vd6*(XTdx``%fJGIV zeLfAoe8a?Hft#JWXkHeMayIdcOKvAn5~DCUp3DIIKN=>D4A`&;FF4+oZqOR=rH4uKE7XZ&sgbdKT6uK|;l!m%5%V41%zhl^t}P|9L&H%l{dBc-DL zoSmxB(ofSMvL(kUd*x+M+AU2F!SR=+EYu1S|GDZvN<-p{KP+MbDNBwA1glAMI4>v2 z1L=12_;c!-dt+ngV}0cfS;^KIRY3yd!G6L(5)Q55MEJtXO9GJfgN1!gVr@l!t8i0> zIs7@@Ns?}Cgu!1pyddI|@uoLJ3%SQgF5R{kFrf3^z+tH)sSNZ?(!8jK>4c4t9wR?4=2h8@*HkDoE%7 zv-V$gYwuDhYJVJ(cGLN_uUFT*6hiSplmn*8x(imk+0M*rTSi_r^fbA{=#RjWE5%%g z4Uo)`@V9O(L?YboUpHXVien$XCwjIZ!(8??7^wZyi2_2vq^p3$$7H`aFPt<_P?*j_n8}kIKCI7hp4j3R z>g1m`7&D$IsMT=+YB%bPx>2q$id>V5ragcV_^r-_8vpTj ze^SoDQK~nrt|t-000AX3(0DjkmfoydY3};Mxzmkk1v7x|Ntl}7O%?AAVMjVz65{Fp zqzBu4vDADiQ7GGYYM&ioGE3`gU%X^qAf;tZ+Zn7>K-uc~QmkB$WDGsZ&i#0_g%Gjl zV5WJO>+~!56yBnKF+M4ZvT6T68*_}ZY5iw%rMmEq$v`CO5~ibBB;oVOqI{ZogHoHn zdEYOV0>QHlPJ_YU4e_iO5VNQFupIw#TI9ghZE2LK4Q?bTctgfPGET7wn#7(fA@8C% zw#`4`Pc^dc09u0@sW2BohyS-o`1j2y4XF#5Tk?E{J*9s)A?Bv!o~Qd2a6Wj}0ycg* zaVvRRpCnOsRd|i!W{zLI7(QryS_dL3gj=k%y&Qj#nM#n!h<=sq3A*0(WD2%6 zR0>L8rl)LDA1Ek|XDWaSYk(=sE%c9v5+^4u%l(c@lte{Yc|I}FZ$V5x7q=YZ1w@nL zK#S_ARcJ_p)=4;4}b zVXY0?p|p**1U3G82Hc-TjYK|QQO=d#A=Jg*fC@~|*ey8doyn9=0Cj%soK67!d)ge3 zR7In7W|kiN*pCD(8}?gRWW+B6?M5!O!xc#tvt^EA4pwu!NWp|!;sj524OsXw$*bkOV3;SPw8>5bvU@+?=N?h2jmtIr^SOj#W z4Q-SDPjN*;3D7Qot{sfK$!M*Y)Gwd*`@+>3^;ZN$d+JTPZA%^j@B(j02>J~OJPgj0 z69E|KYeFCg%wB7yxM4bozLQ|_;MwqhLKUePi%GWm&uB;8O;yGYiYSBGDbbN|pxC6< zzns>Ay$nUScgpKh=%23gUj8f}CBQ96l5w z^?$c;v_z9~QWBVPUZ+*XVJq)pc5Th(;J5-l9_XFiKcll!NEQpn!3K3uz{`DL%6-e* z4XQX{`f6>;l?!XLsddfow472c9-D=X5dDkYjx6aTw;u1U*7t4dV-FsE0}UmGX=8+a z)VY(mzRaALxUiD0nDMb5*4yN6>FidbB4G3B3vMo_NC=GG9 z5{8uc27nkpMpb!-{l9Zmoo^)QUsvDC3=+A#m&UlW6UQ|5#z=gl)qL}_UY@2C7KyFB z8SlDwgc;-Hix(|eIKLA>S8BrY(7(q*UlUR04$NJUob5y)S_wF(F2Z^0T9VK}s{@|q zTYe*|Z2a$_Dlwq4NDMz_ef<~F^ODJXmTFT`y4xAHwkHVC0p>T z11|aws=2#xjviv(1R%J0erii795|VXPb(i5Z#XJ?++AjZwEq+xPyP4Yj@R8x+OcB# zAxL~rB3u{$-B&xhnfr2)i`IV)OgdxN`FscUUvsrGBTZua`^LIlJb9Qt1;srdDU+hD zp>8I@v%JnUDr?&M#JWOR%7SAIw7ke{#DSBY4tguMXh||1<0M`Q1p@tIyl>Q4Tt(Ko zMceEmU}7wBV=V`Wt1(82e@SwU52HM>Q9Y=q1)7w-jW*A0j9i3F&g6cpjkDa#SLUm5 zg3n)qCuNv^HOr)myg;^sPv%Eg!J6J3+k64-ZLy(KR$;^+i%O3JoDeON!xK`- zn;jp8tjfLfn26K|`LNtY;flAA(n9;A^A(MCPc7jQowS+>6jf!03H>!#4`pJ(sni+? znEOH{0(7QTr zO)~)rL_rSAKQ*A^562%X&&{aXjSd<@>H$-p4-`Er97z-S1t%*6{-IC_h?8*Jhs%37-pf!=eacFg=|2?`W#r>*t8_O*(FRmA6k`l`7(u@*@ z6|YO!30@mNMoOjiP=Z4>Xd#rt8?QzKR?c*uBIdu zi1q8pMWw2`f9NPrEi=Gun^9cV#}e~&jeIXds(>TWzt?PceGSiz zj-p6cL0ip~e9Gm~bCSWX)%8advB4A=xa*C5v{qEdsKX9`_$pCmQ_)n=x6U7!?&_hT zxa(nR;#66$k_O@zacoJFdWO>fRVl{ODCW3WAX`jQv`>%k?*vL%Nc|t+3Mxb2WJGk6 z%MjO@)ta!;*{TJW36+IPIksnr|N51ryd0N}eh(q^+JbX?*j}W{+r)!;WdWVUW&pyO zC{#h{(TZGL78MA}>gwpUuyZpZrJ)HS$NCDmp@~QM!9sHb5vwBe6h76na`j1=lfO3@ zV^@4~px*iV*twu!l(G^#Dpy7K$NKhH!3OMv3|BRhUZpj~x_K#!xY7KI=AbBbr2@}! zwUS!XTHcYgoIvJ+MUMCHO-J#TrK-BD2f@6t1YT73`n&(;sroy1&fn2pOT;&kpR20I z>%jD>1kutO+IUvG4^S-Xo8fUPgJC5?BU>_DWY!+8EXG=??KHy5yQh2FD8+tfODE6k zp1DJRCNydZ(ls zYP3F^?~jjE2|o1NkW0U7+Q?1#H`D&|O0r(xu+q^~%eLpj*W1xl2FaKA8=j8W+Z39P z_x(`@i;nl>Qi@LZ>)w=#&e!F)LAH_RexvDr$!AJFrP=!R{OD*;1EQ^^rPZYm^JU;s zuQsr|Wvxk}P4i{_7h1aX!-YNQ*z(yUgsy?P)*CkRLDjiDb~KhJpSUOp7$yep`ah#R zBWhd!L3=h4mcP*+t78PsQRPsTjEP3{P}@v?9Vg04ydmuk0~>0O62Xo&`--p5*TeA(2f(aNm5>$=ik|=vTp)Df;;Oh_Z}LV4XB9>+}Bvc`jAo zwN;kieB8$m{}+a*gRT?c>Z+~6s)FKo&293l_g{Rc<{RH>eOr+6bhx%|v+uzI_BpoS zf+`N_={ln(KcVs4K9n!#c-6D*Ap1-1Oi32Ct36ou=%FlbZm(%{{j8aKVSX08?fIIi z(AGS7)Q*DrU%8!2`S6&{LytmlM=I_%?>EpJFUI6yPt8SB*n2P;NK6Lmi%^-bz>S?` zBMPDlyL$v-s4G~?lqz#6verQP0qiRhycpR#imN$r1G_E3H%7^4F!z$m=(qs5+BW-z zg8wU$^M=X8COe)@kL`|ZObGlm%a%%oTS6ZGkH}$q6%QEDXR1{idt(Ru%j9IRM9SA{ z++^dB6#wRB+h0?4X`SNcem*^gH|FHTm8uI?7jkIA99LhJ_phUlLSs0GDaT&i%c=_+ z_x9N~6IGzDN&O#0PUXNe3R_BlUL$vZ_-0BA9CMPJqbdDOZWIm=k`GMBQKl$UF!HjeZ$b=sU!0HVfz(6{RKa#2Hitrgr6}&f94g3Z}7c}-gwA&!}6jb;rszS(RcqJ zc+HW%J#jUTFFF;%Ex@2@&i{aM^cuZ}7J^gWvdQ*ssRiO0?(jB|Qo2N3zC_titK7E2 z?9`acy@>nAddGQfysK#xc0Q{Q~*cm^AW|V)=w=HOf9oVl?G4yN}gcR zl@W$xwMOPC-4vVy67S`k`7QmOWW@S0^T|@hMn*e5{E|4n%k4|YQS$cxkD$#Vv=6U5 z1fou~D=0LP;TnC40mLS0wH&-o9u^V9m5k{zLmdg;>uk{cKtr1>rzmFel%hMrmvmqF zdi=yzpLaoNl5$dR({|UKRi|q0CxTXEwkD9Mf-1|K^xO0<%5t9Fy1Cuf2=xHaRV*u# z7Z}X{m9CLisc;Qnv+)mp<9174m>|$CT{vYRkb}`)s3te!6Mf4Co+xox;~F~A`F|#B zqWj5Y;{KRy6yT)lOc%8F9jg6WWDg$oqQlnptt}y?WLX)BLI$SG{0U^$>$f!$tp$I< z7ukm+`Z}itlIj1!9g8(v^AX0(;;AD5-;o23MB71cI7IkA(VC^WiVJj-=tSV{#;)-1 zK|>uJ3m_sWY?@C8aP2E3{ed4jT0W>zK7DNOr`ipAe@S)Kti6?(z-JlTH`_}Wbrc+*9mBR^UgyWQR6;>!B{?cVd%bKH4X=Y36oGE zc*11phA!VHHq_=B-qvTb=M!d>Ru>sFu+L3@>>4Q?|Nl2^&Dx>`Pr&~@T4OYInh~eB z--*FaZ|hAfFL-tnV9i=$JdOJc3oapFc%`V8@D^)`t=sw%U_WzX?+a++JPCzAx^q_$Nz z+aTd?m~z|7Ck7d3fXCG<3oOPr)VTuyW zv3aD)L>%(0(_Wg;Zg~1H0#WMSef;ko7gMA$#H5(QEQc(eejy2>yxIzX?v;CTY8%bq ztI4~#aRumc&V-QU2>-|e5-W^#L8pmDCU~i52QI+=R^c5~`^mHGgi2n6%3hv#B;*$_ zY5a;GBU3qbMEF{dcs=iDHea`g88$hKKJP~pJzf%zcr$=BEuZ_*5L`s~GP20GCA&2r zI=JTq)}QW*n06eqeqvYUgyA@dntp>W`Ap3w=Q(yxg2aLC>y?Aa08`*q$~HkOO0k^n zW+gNiFmj*tM#<@&c^0X4$}4dEn_O1=h>axW9H`c2s6_2D%I<@Dqy*&Ls4vfomSUAa zW=Ev{eVD3w(Mp`{Wm8pn6+4o?z--iGTbMz9V%fl3Bc^-7|gD}`sgt}s{2EyGdR ztZ#*H16S;TKH1cGtcM6+7W&-{DWDFrj0QQP6KFU=$?yD(aPufkzyVRgArGQy9OEl9 ztCpMKh^iVg9U6l`Z-CIeHoC?JI`=}xj*l7h4zK3c01<2FPhlHO=%TU*J#t(*iV+B_ zkk*hp;eZ@kr`z4lXplE?4+$SdxMMWO`gA9#2u>Bc8Uus_GP#_>4KaA}ojF;7v{9oB z(zv?$&Fp>};OFa`@zww)NksgRLRT7lkPjG8W`;SzRM=$%!RekiL+FK|MUlCEfgf3r z`)K5KaC1ai1nTL1F)!^CmGMPX!eIiaV3FhX<4T($@q)iP0auZss>cl(6E6q-oSIOQ zYho4ig3_eobll!0MBiCN)RuLgE9I6Z^4_f|M#<~PeA0#St;kY=FM8QQDoLEw#2Lz~ zzaLUqq-K-)iAKq!cLE{7m)5d!94pkK&DS{z>UfR=AUFQ2Gf@Lhz}fM%YeNFgZ&E3% znfKaKGii;W_a?ALStBr&Z%)Yqxc1Ki5h(t>VjYz~EM9x5%q$%wH7-gZS2Mcg=z_2) zLaJ|`frTGP!5~@!6hE%29I;^#aD+H03`e23)M)D5P!UjJeXa%!4VobGJfvD!DiAv$ z!w_l)l1r8-9BUz>9LS&0I|aHQDC+*?#WADwigQ{*iTU9xxjXiX zbzUIXKBnNGCf9?wH$`Ro?5w9Jw?yRxwFMK3L3lwBK5&Wt*!&MaV?zDp5pc<(If3f- zAlM%em{|HduRBTghZ4x*dApQ+A{16+fj~}s4e;_NL7(7h%!6)IX%Q$)p-9S2@TxaJ zo#81Pf~s6=gF9652V-dJ-reWL|LlHFwl!>G@qv$sClkW>-@XW|{BkAD_ zz=XRx0?h#Bv;@ln>>^OB5r-dmi3DiC%0cp2%X4So#UW*a9OPdiKDTBw#VD zT$c`LFH+CO=+Hm<`IuuYb%YKH@b8m*HmoCCIMX-c98aqnH8cAU{3_cu1F<;Ymr?@a zvi+y_%jwYOexmdNLv@CIgZC-jqBq(++2K>5#pVuvWgD8By>t*tV{N@A^+QUI)IgjD zwn@M)yXQI^qPNsNJ#y zF%{oA0jNuYUH~|rh_BqT-e>R4j;}zL+M(1BaM-HwMi02e3vq*XcLGP17UKBfXvlE@ zF@2K08KGzfU54`Qkz0x23oC9!_nuXD;)Kko`C&yN{uI_`pBMO0tOj?Ydn9_iThzE4^ zE>^1FZ`mH34zW$eAEg?7hwmY6iXA*YK5$Cs5_B=NNV`>|1Fi2d8+xh{Rza`VF3c(i z37Wn$29e7Ky7M8VKDpg{MESpzgQMLkM0yW^ms#`-^`b?A1C1IW#!TkCIyR9F19)31 zW?!F53>3_gV1=KePjovc0}y=QVP8D`ZZtMXMY9j>1 zzrNE|_T+eXbOV{NWS2Vw1ABY7$^9sSar-4k$p>Vov)7G_Uw2T5GuP*u22KdT_M4)= z$5Ca3rTBT;CBw!mhq3&#&;Ri9!pKlWqTI0UJ%N7#nxAG@=GBijO$YltAJ0flK88thKtT}oUif~B zobtDv@Sd+Fn(uKcx}W8#KhZvl?z_RXE>7rlZ5S?$vM=NLPtWJ==T{44(Fz-`eI1_& z@w2?XJmyzLg2mW7S^!Tku<*089G_$dK~FCV8xp3k0OnV{OvOxmq}e;}k4GRz=3oXA zsLA6E_2FACEy4Z_lTSql@Iwt+=>-?pd>2v3=AZ7M6fTh|E(&bxdXbgqV+PS`g+Hmcm;@?cv>=C7dhq9= zz&7$LKb4@ahd6P@pONu~E38=HuB$z+3>JJDQiz=O)V?QRJQZs+GCzyT0Mwu;#Fi%O zv1q7J{LZi~UU-_!<(g6hKn96YNI`!=oI={0gCTbv)<1a%iu!~l-!nmX5?W06Y9o5| znJIOA0NvZ0_$0pb|yM3RI8rw-SMjfpP7aI~5-TSBnI?6#Cf! z-H6gY{1E2L!Ev;k1pB!_>TlOr zz&jGFlrge=YPzU2BoUkEUs;RSnp!G*gnAhQLeRr9Y_3}n3?TF7QL&1L6>oO<(sa2K z@`+UhX3%DM^_*?xm$&!zc7Fc#_GMp@&#kmjLZ|0Qlp~#L(P^FS-PGfXqytTe^MT+L zILvlmNix#nQqXa>exJj^jBC|pptOXLPq>=m1H2ku()7j9O{J)lq=`9U2r3r9%6mZH z{~||~SVz4y8RJ)Du29X_VV~yF@{Mv#Q6_rIXFS3gZYn}noN*!o&+*(Hps)Fyd;cV* zop^}Z>eiIj(k8{eUSB%Pd&emLvFa-K{_>nrk+bMIefa+PEP%U2*;@Su)pT15kbXzP zq}I?EliL+^x4C`?oHLyeBD_~WyBGUDe012vP(g?oqwYURTei*fnHa1Knw%5`mZz$v zT&d2hCevf@YS;bL4-jFlUe z^)ZU4gUsy^s(#3_=fHJg*#Xy6FFi!s623+aCG^{Pf)X(t!VQ$?2==C)hf#Kzf%K`w zMFV&ZoGXX&MPzBZ#c)BJC`~3dVOX)JGP5yN!7qQ0l(X?HOcQs1$5n35c;tsIwSj0d zSA9g?%6=}S8{JC7+S;1Cyp5HbRuecf* zxi|_Wo7fiCy7jOoUmCGj;UHD%HO4vFRpb4lA}VGiwv{4Ges;F=y|<}O?0yyh4^ezT zftE*cnmMADb5z2?ehlq`F6zf+)iNag;fS+#E*q@Sj)&QG|-d8hps zv|7wY2f})=t{qQ1plp5wln#GdeXYSRY7UiwS$O1ZqEWI46{CX2gvwOU7pJ2?J5YR| zAv*3Y2cPC`4Bk3+W;Kc3n3!HFs+X#|3RJyPmZd2iH3_Bjb7}Xj2gwY#xF8;_e&S=N z?`dwTGqRfplv-)c&oP`xGEGVj3uR0x$K^S*80=KH8r?ukYYgxO8VBn6i7CvV(>Wu4rrhOD|D2=)*qTmR&VU+8s2x* zkW`4b=qYyzUsSz>wZ#%mKfyv+h+d0aJ<*vJ_{y#p_}@c!dvRrwGks45Q>{=KOn_40 z3mib~sgATWp0ss$H)NCP6iee{tx_cVe_1yV5?S$lw?GG}NF zp)$A0jtW!oJo(*U0SZ%W{2uNE@Vh(#<|o8xNV?wPMQM62phao6!RIGr7>Va6V!jtZ z3lMj8rlhk4rEz`u_fHBB^XVDO`1Vg?i)zb;LI>Z7 zl>2j4o*q|j4_=@72O>rAnF}Vl*L5FPqHzg6Kw#c`^<6H7BkMrQ!zc=L6(a!yp#|n^ z&z$IK*JKnBYUisZ0EVq2$fe{>=G9HZrPb7l5aME2y;qMj@{mxOzif;-oaSGhndYdm629z%Y$UpSIs} zPNV*e@Qh@?=6HG1_f!@h1tznE*WWVJW&ZiQqT}kb4|>tY+dxXOdMxQP#EeqndZDg6 z$D)G$gt{HwfdFQxkJQRaR%%G`GE(wmqvs3Kc>Z%(CrweZZ0*>C+Jlzj&Zbv`F6P;b zklW#kU=5$El zYsNnfssPiFo*!)I_u!!$(#}8pVg&XFA^6Q0%-uw|oh;bHRM;8$tO#Sb1cR;KR%c4q zW(wYCN;hUoH)rav;@k%Y-`(4P;{^|Z9WL>q1&ZDNMkC?Fo@uA?Wx##MNJG5{-8%KS z@L-YdEbiJ6C13|+QbcMejd>_m|8JEhEY)YB{;eoK-SFgfq_iM8n%jNi|@UUYvA@}=o{$FWK zeET~(j=$Ho=M&J`ZY= zBkXzNI3v7C?69{AMbWsW@*^O!|9J;jI=jg$633bOslcUl#tKxvxC>Ce$d|+(%I%3kq|9lh8&?o&_)$a_4t zw%g#v17nD(`p=EF%r3&YSu`ajcHAJN`_blUqS7|K7NF`8CDj&nmV?(9v8nBVI!$R} zNylg#-aCu+-MLMNzrsSLR(HTc^CAmbPM6&cEpg(R6voi0n; zwdVlR-AmW;VnzO0TrUz~=gl*RIf-vV7YOo*_9h(Y!<6)C%Fw9f>-Vk1ixF9+RWVWq zQKNEGux~T=U;ZA!r{rvfRgjd#FFBFuw=>V$#9hjLSTtnbnyn~UJ_+eDB@8=#%7Lz{ zsrfl;5X%*;;!gyN+%q-IS}Cm38l(pq6MsD5>P^$Fd7h7C1eFkTz{c$0U)I*Ky-3K} zt~$IxZ@dU%Wq7GzRaKTJHk`pi&0#k3EkR1S>DYcwzKxd0%mOsXeia_^i2iV&5luEK}>!9^3}d6&jb6Cqag%$W_Bl}XT-`b=w3Rof*Y{37s-I?<%uVwZ>dyl@R# z>Y-VsJZbe?c*WU2aiy>ljbT`*Vz(s-tU*@aeuu5R7j3Bje`D>PgEQ;C2jAG}*iJgO zZQHhO+qP|+9iwC0wv&#XO!|GlGxfVuGc{B9-hcLa&OTMoALs17*4hi7wRV&{A3$c} zkA`#@2?xHb-fn~a1*GCh<6fcY2{TTK%lMR8ocj*nb8j>HvDnZB zO5GRGwl}9k?#;~fT2r@H-&>-=*ANlyMz6}j!AX<4;qY@SP!B!_QOaFS7C7T+&_Q-P z+5ByIkMTxHlbLm_cq=!$(nrAbq-mh1o+Za0eUmUXi3Ij(tHM9?LX&Uwi9SmWJTqn9na|5ziY zOc)SfME7Hesdsncu~oOm`m6uL7TN1U)J%5w1xcggz{$++Kj>IeOcK-07O8_$fkSde z)&YhUY=;ceyM$d?c{++T%{__i{omUnZ_2tfrW;mD-qme$8$4{A)>+ELaskq%cwrsk)1`*H@e|3@rACcjjS^zqu<#aJ_bq-;7@gKoe6poG z#*TE|O00&<8JkX*7!(j~hJ9EleK00kZBbUA#^430P8dSP6iK8m(;6hOW*%K9HQD73 zAe#^!fP^t*nO4tBN*fyR@ZDYtVxalLbU$X?{h2deiP6`xjoSa+Br4zm6H zb6c&heXX--afSWfX-l?BV!%TY7L!NNV&;6)p#N3-WGH=n%H_(A)r(Ob%OG8f6$S;< zs5`?LbeUD>QIVY2aU`|2>r4ebjAXD7l z%{r|EDt@7Hbogz(qgpA%7)VI@7`=!GcPC}A@HhJ=2sa z<&E)EZ((SbT|7OZv@VE$9e^g@rA%s*E?N4+#K~x>45M_=+TvMJ+?~uA?eJ654ar~O z$MuA0JL2*VCTjo_HtPZW&wvewEBA12wEscako+YKJ!?3~#b$TbUy*3WYj)UV7s_=6 zR}z4?yGz8ji6(f1N&x8(jLQ_^H?i9nrp)Lz8;t)%I)?|4n}C)YgZ6S2_4(rlB35e> z7ipGk*31M`*h{J2Vz#`35q1cH)ju8*PA=K9r0sYSD|SISmkcDfIb7miXHBp@ZO9Mq zgJ)*&9wbcUY3Ht3eqxZxPUE-)v5TsrQddqn?`TiB+T<7q3S` z&LX86i^`YiqqrfuW{0Gs%wMWC@#%EsMwoDt#C&wK@WAc7rw>S z@ZYTpnn$@h&~W7tF@X<~>IA-PJ)|g0#yOKeSDVc90G17&gDdzbyM!JurC;MlQxQ?* zFEm(l*wau?sR$M~jSCNZdeCGxPWw{51rTrIA9f~H|2U*OR7|J~F@th3`E_#zs&eJ` zCeienp*dpacT8}}G@&sQc5l(w>KI9^x?X>Tq(cX;50JY&2+(xL?IpmO8=mRGF3N%% zoQHa^Lr4x14u3pwT>}1p7vLu)f<&OFqqK2dBm)0mF*Ni!tg+{imnMD6v{JABpAr6r z8B*Lk;Q+!>kI-r%95iATx|G_q;0B9kF!N1ektg{#>6to8lU(DnOuA^VGO$|nKI0tK z1fG-LTa;&u{XNw>S2)_cIeEO5^;pJfbk~>$8z-`GP;bMXtA#B-(8?j6q)e^|b(81r*nn#D2A0ES16SSb8f&wrs&B~|igIyCD3pGJ7J?eAQ_EfUUf1Wui7NEAOoEAX=F;52P4g ziNWxTpK6nkTXB5Kq;Oy5xNZSTIb;`V&7{~bqaxADz5(<^%6W1MynUJ`0P_3PzWfZ( zs01M}->wP>mWj1=By}D^ssQwQqqIxVrs?`RZ?NB8vTdTj$n)DgB^du)qZ%E08{F!D z`wZm%3pisKalIZs;kV*4&5Go`Zh&THX(2G|BRn6ye#4fm%s~Y`meYNavU;E6 zqx`It_9{HLt;AE)UQ>#h`MEh~SEw5SJ3}RixG~J?lSQY<8E#ht8kHW-g$6YYDd_dK zBkfvek1V3?Qcyk|M6ro>sRRxdk)yRprE@*?4@TK;ypxqnEY;G{=?}2=+T{61UIN%d zMk6SKZLbWG(7QzKPB;2U@Ny~=8bc%}1e=zqS&S<7eV2kFNzletB2KaPb1!x*6;t8T zj>UI1`jqZ5%*Ym3&AkLOFoUk+5$b82bAiMEOJv3s$CAEV1C4!bQMBlurI8(l#@;Ru0qrdGlcIIo_wG{&~bV1eu)`vSM z$5B3Xv!CQZ{MQNUMI1YSVDTMBS!W+Hq;ykKhj9(@kctVr%)W)e`y~iH5!2GXM{&E61wh=i4aPs_{0TGjinOQrHb)M`h5zm#;+P- zt<#D9g9PK_{@xl9Hr(k2QSUt1;eMd8W2v!C8fWXB*&NCYN?dlqtoEf5^irY{aD!4} zaRlJ+qrW~kN-!cDFY3T5NlcQjH3d_^XK~_E*DdfiT`|OQMu3w74za=Ask#Y}J>nTy zG)L%W9+B@B`AhGS07SNpEM+6PfLajzxv5$nX9r${zB9{#UFE0qg<|aZ5D^G=p}`;2 z^HVT!h~1$1@u8Di!)!lXf&hvDwCa@$<}_Jb6MtA3m}`wv!d#Tb#l5#|B7xoj(3|7d zK3G4OBHy60YAQM9AV${}UR5v}v4J)CAKYUzZw}DR5+M&e9F|Ijd<$j^ml=Dzh7vEl?|ztWSTKye3H;;Hk8Wg3 zti8YU@y%J2{I1-7kom6nfDax{9MWY}BX|Esg;mk+QSU?yE9*@jcEl3B44IE0pC^58 z3`M`s)DnWLv9!HIRQY^+CB;)^w^8lD&7sqPn?YeMw?_TH_Hg=r_%KCfS#dj`v3_a~ zg?I5As7AG7k)4Tb-qRD>D2eVCSO=+Lk;|%86leMTD>mtyZiXHoxKF#9Q z^!B#kV*B}t41ZA{nX%0J}di61596;K$Ksnaub1PE9)0O6U0J zXmVw!J66>KeSvYt;S<%!%L(D|!vO$^5%m0s1I(FexFGO{0s#%U=FMm-B8p%L zd=zVAil@ZfxeU(YVX>6w&jzf+O>W6e{gLokYO^C~~uW*P^BbEx5hRXjS}Mlr=u z>vOlLvH6Y!LE>J102}dSi6riB5^8Hr(^iWe5BPyuSw|&6v}zEmW~G)u*7{3t5U~NV7*r;U}CikU`SM=KYO5& z#317Kk1My9Z*g>MASg^C<85J>?TXmEFI-<3W}rZqD5b{sGf@9%Vv*q!eX@3!}Q~r9|7_i*Q9- zhf@efwp|fyceX-hN7HH4*EH4E-{+O@Ct%rIobsidzJzNgPnLFdd(ZMjD-GRLa(GT( z)$M_5GfbHZv_2{2GsX!be9RgC6q)XJ%@J$pHd@&g?%9k`)4lw$3@9&sk`cR)^o}4; zKe(<jaqP(Xe-iK?Gr@&ByyK7wg1jeNL5Q)=mUI`WD z-gm26s0*o-`UrTW&}TExcTIUVNS4A%y^*{R z0kv+eoV-(W7B!B;R@5u0_ zHp5^=MEK_iuMf;1bZPE@2N%3_)F6Ji%~fmFVs;yTX=W{qXK6l|IXe=ow3kn)(HJ|f zgha@_6HR9qA1zx%y(+W;Zc(Xgs+tEcW~Q{ci7P=vt2YYA0@NalKu8#{P`i-)L*hP}00D-{=+(?%9 zvHWoOs`_F$X{{abrDwqPSgz2&GwUf%^+>_}pi|(8t=%+UTaUbaE4jYD&KyD8jkK@d zbbkp-U&)@6q&dEJ|8pc{BRLTQLTkDp5JIa@J=xLSO5(#{kKLKs4cG<8ax1#Yc;jG% zj8Ks#dRG=+td(2ODvJ0N;S(u#!khs)c-akDQYm~A!{yr^qc)_GAvZ{CAn})Ehc%NO z_KB1_?&lm8FPNv^3&n(V-6Bo{!~wH)yh1c}|E?wAb-N1Fb4a93q%#G=U!xlYAwnI>(f<%pA_e*BwG*(&P?oOR;;;_b89SaPyLMfZQ8ia$g10b4Ds5N%Nu1U zYGGA|t5-{m=u$CAb=gxS@P7Uhfh2tfcw%+v{%Evn#K%}+&A)q)B{@c%qf#8p-#Y^( zkSAN_)KxGuM|uh8Rs}gM#kf+ULoj-JCK|t?y9ghhdarE&i3gM{yt=>d|B<Pyo2{z zm57SmH`p#{6{OvO9BspV4+D2BwoDrMEOq1Ni_^L zH>KG}QFF>*K*g0*G(27ssxJTNE&s44GD1Rila?#iE-D|s~;wd5B#XbkF}K}>Sdt=rf+ zq>1f-Mru=kRQ8|kz>rwxBYnp>e?ZrDX7#av0jf01%u?%7(2?oX~JJ zjHxTZ6#t}47Dr2xa%DeAh}o0$Y70#8L<3427^Au=M=LTUc&))~g?q{PpfEjG2rnja zeDlpi^7O3t-oF3%@J4#U^rok2;iS!_L+ViU7(IOFhTqB>u?}C2+c}KV82LkTp|tla zfD!3;Y@oU?)%>-{a`k!}O=*xLreqh_N+PvGoGEb`Ud{F{DT*V#Q}#Ph3+GGe^~r1K zQ|UGFg-R^Gzqa;hW;eu{BiE(rM1W&Se=mt|6FAo}iK)jYjFtyR`xEl)`;c0PeB#gxa0DG2D$`4(_ zpMkN%QGsQ-fZ2^9Uw~^unxQRm;bX7H;jCFkIMQ$w>yyU`O)ao2pMRvxY9!npID({% zRPUHsDL7n+&i^N)&jTj`u5Qp^542!(e`mXt} z$5?rZo-j&ZT();2{n62q5aJZb<#KO)6bmLliUg#;%`RMglr!=;C}l5|0Q7RXA^})F zQdjJGNA5P-mk}+(j*=bAJfJeSy!(tK9Y&is@~)r7%M-ka61C!|%=?(WYv!wDT_*T) z9+P`}{iXLA|E|+h=Fp*BQ;$i;pVR1Y>*HeRzo4T#V~*g<58}q=f3Z7%Ljq?=d)@ma zUF#>1qE%FsDHx>o3?TRa|FC~Rr`Zk{pu6{WOBUeNwC@OzhMftQ#kp8V$rF0Lx+#Bb zF7Pc{*x+rEoA2_Z*_X~xAqi}1TXr7-9sTJlPYa_7O-O+*F@Wtj3>d!hI`f`9n_hxZ zMQ)CXM5p5MUnLdMw26^HzA4I16RE7IeL~)LzONjR<2fl*cmzh%!;K0qyI3)&%+q{X zdRMGuiEw)&&a~}e?{Jul{Xiq>VD6k5`>?^Ms6IDFo9dO-YI*8;Y#XO>P=-(wbed{1 z@+nnzQ>n4aeuAJ`bjK2}#o&-_Cx%f<)?i-Nm~`9NB2lcWNITj7+8>tdw0jj--0GN` zmS+7Y{G$~&KdBnhH7^&~log)&lcz_J;Sd|1ghbGT18qwu4-I=z*hzW3$r|f+rnk?u z8aqC8NYb14+xDUU7B@)v@UXWt&-XfyBZ5RfMg$96pZ|;s?*A*$1r5Koh=&=v=G~6! z(KBmocZaUA+hOZ74fP31>WAg)v>r^Rpw#8ii6P6}hr48$8rG`ngh6exnd%?hC9dD6 z$Aq&{&b&*{4msiPPXc{TMN;Y`F zObb9~N`Xyf1CIz;lQ5zW^{6k~PGHNbYAeQx?-1cW41K*R)12VzJ0g8FAgQF1UL4lNo zJ&o0@Nh=$WbU02JX&d$p5TsEYr3ij7;`|=al;@%-6T`oU?P3k{={)H*Uvk3^#n&aT zXW#8F#5K({4Lww;{$>>v7>+h`wXktMrPNF7Y89#h3_=5(r%u4na&^#U`y5+)Ri}wV zt7L#lp!DU{32VAcew2$I6z|qlJDy+BHvDQcm3#)Fv79)kz|I(L^b!-{T1AYjJk=IS za(AJbBEXf~I_=WwzK=vR_Z2#R?_ZU(;!T4Auu|5 z3^AmZ`0q83QwGW0laiDO*k;_U$AU|cr1l(OuB$IuWBylxrkEUy$6-{ z+2658NL);L(WcdRzJ|&z-VRZCFU@?Uhuce#DWq$C6O-zB@>5|WC2r28?#{5wo7=eFib4Ex0L27Qk$+aDW=vgO3N z>Nsl;I%(jtBzm5luu;)EzzAuQP6g$hB~QSTKN4y5p{aw=j}>X8Gwb?+P*8BJC|yfF z8b)J!6)xN1je15Lkx&Q*Csc=#d>&6|`v!m#cljBMs{%8$KT zfd1*RcV^vO?S$^MPBLZK<;&_F6MI1*Eh*;e@$Vx^v&!8%3)#jC0uQKYCtlgIw|$Y3#Vk{!WDX*#)F1GE1YJbB2f5T9x>NI9YbAV2xX%O}r@g z93Wf9Yr{2w#w%OlU(*wICuLg)e6NOkamr*Wc@fn^|xjD zQTz3J$Owhg-mz~l46M87wBHu&_r~jiD*NeEdZsdHgo(4GXop$|kPd;r&4V`)RFQHV zON`ZIm^j(omh@(LnY>UHGrR_LE7Z3s2fzLt5XoIpFiai(fR=q z%|V&F-~Q`_^g^78o@wk4v~$-{y-x=kB(%3yWn+ASSv08kRuLNhxkzyFns<dsO46R%S}$EL^Z*o zOyr{PFTqxft^R3VKj`pXEr;=R<=LEf^RBPA4TXV_cHg+o2W+J@BE=`#Is9!hYxNDy zb4ez|L;@Nh8go{h9P1iS3h(bcoUgCdx0av3tWEfNr)%}RJ8U%_hQfQYYHu43*+z4+ zHndt2z1f^mLF1_*bNT%604z*8o4>px@tG4u29g(|Xg6tTV#9`lCq=g3bjug&Pg+H9 z)Asw_sSpT5;~I1W+_bpQBj;RRZM1XcZdzdY-RUoG>Um<0wwB(O351X24=-&5n)F3_ z_v}<+MR2gpi=J=a0T)S?%xW|*3TFeAjzlU*A$XqmDufLB`T>|ETny(@Uk6dc)8mL9 zii`~!BsHhn!VGed1JoOS98E~2lhYb61%;V6YrxUTE~Wra$oCuq%u}>+X)RKT@~R$< zV7n6`Nf=}6wRpw5Hwc%Q!cX5flrFS*wWeu79wUzzxiaM&Z2vFp3%uufH1r8m56 z0iMWNXI13>1w7ID`{fq&xct$@4`cpAu3|)eQHqI0cd`|D;+rd9Mda$Y>i*4!JA|Wq zdp#;=b@hwQSd^|2arMJs-}DlAKmO@AU6-~+5+h&&Zx$8?jEsQ@2#eq&WEO_5J|U_X zHk0R46{KoRuBpE@PAw%TX-Z+Ur2;b`Di7F7w$q{?;ZpmKlcaEP=z+HrR_pWT5b_~? zTsH51N=3>oT74+4WqbRJ34xy{GiwI?*HbNb3h=#dwboYga((u1<)yY@eqMRf&H(25 zBgoq|7zhg7j1FTh&)Ilfi$-@GFk z4a2hBLO)YsWJeF0j(DNk58Np}2GEvNH6~#_vYo8@H*9kR;AULcdiS3YGgLYs#BG}W zBTF=;9;@)Zi@aH5UGPlYKe|`=?qnOW$X%9lhhbu}9~5^-tu|$s4}7K-b9XYvdq6$Z zg?KDNp3qXCL(cfYklYy3Z`>?4xqJ{ZFBI2LO@N`g)1;O>g(DhouV&{Z@Fu>3f-7y0NM%j_hc`u3WX$i7X z7VjTr`CXIj+Ycaf2~b>piM7TerHl>YpUO9BS}qZj0DwLEg4D&DPvpH+(HDmh%m~eg zRIR1f6z(YsaHHJH4BCl;b+6$6kPbypmm?DG`ZKG3u9_A4c~qI*v~pRILycC;-`D1g zE1p+NV>Jm5_&B4O^@Bv0Q*X%`@`ZoH`R^9*zHYXG;YH^atFZBC8;1{FwG3G4f6ebb zk919gDzYMW(`x&I#42=Y4;3Pqj^lvHp8) zSdXs9MRNdOV^stYVAq=gV%}E51epvHTBh>p^bqpa$E9V3(NzVO;Cp?4*XRJ0j%+A@h<^J!XR?0KJh~d+AADscloYRt5b(ehgi`ceoMJrXED$Zi%Lc3d`Kdft&e`wf*18s`sn<5Tu1<1P|sH!ybo$wt%dxIAc%6mf^ zsy^pT30hpM!vAGWA!~Whnm!@pF3- zo*dcnv24@N3U}YS=5E2*zKZ%S7#s0Eki^n>>CX4sfv2vNrrZ=xKgGwcQ|7j$(OBi9`_TcoEILJSn?8Ft*sJhm|!jZ76Ly zAFMLvg3ou3_v$vjj77$cGG!=)Mzh@W8;+|8x&9F|%HYswHDywKX}7goO-KQhC+b;m zNDa@h&d|ES;AJ7$W+uDb;^?jvpgqc`;NfIcP0KtS+r+>JZZfGAk0 zK2kPZ*tQfTp;3H}v zFd&un=U-ZnI48b7NR(Bgml!s%Wc)AFwnv>|jBwl`wU=mEXwNzJP}eBh)oQDu%hMeF zU}UUVmgq0qDt~^Kb)t=~hLJY_So#z&M~X{HtPrI(z2-PjjIEB|qd#zZa`qG(;PeCL zWSC%;d(k(Hj!UK3XC6f-h@{+#oai~Myglzxv|p+5+Tn&} z;*-wfQcvTOkLd(c1SMjoe=Cg7ldns697x&vq#jYvoLwm^lh1I3_!p^tFxin6HZ{ab zCY`I)FemOUS`30P-fe}$+YPVeMH~zb=Aw}K~?-iF5`*b;_E%8mYPqHeSH#n-X-?x zIHF(C_LSA*4Rx%80lAp#36apOG=33lu;`49v{d5_rRN*rThyW|+ngm4E5~|t6)IQf z#8q3JZ(uEyUX|1l>g^X+S3q19zu`#KOrWpo`hGKz+%L|SmELBY#f2`v`E%E=zmLzY zI|d{0c>ThJabvLMRwDU@ta6`{kJv)oJlIlUAqaWV+egq5LX)@$P9r7n!L}hH zxgzmh__W<4p|-3bq+8OAEwzS!Cgh{GsRkUw;v*&eTMJ+y6)iH4+2xchz^bo&i11)) zYY~elb1+dv5eGT_-pzhb$a6SaLw$_nM;Q%Ofw{)KKmOG?0C*!(NZ2S5NzTf<#ZtlA zPmHbRfH1jXp@IR**r;Qye~v7ma4>KH>6-NG^stKoI?be(fxD$3v{OLVyqF&CiI)0B zv&YW9Z1-FOI`Kv8MGemZPrryQm)L`{BmYds%72~e9!=w;Gady2-kePHu=!}1{z63M z8ceCSn9dHXu4F(Lm=cE^u@n@nByBpBq;pHIo|b~G5`nLIZ*l&5u4d1bd`kku8Y)uJ zg!+iLkfT(~#uL-WxS$L6r^7XYwA}6|Ro0#G@H)DY)n;c_-GC&1%yqmYyQ;DJSi5`S z0fm}!k(lptL(zr?s^JY9-sHM?J%w|asW+wdydBoPRNJA8qX)EN|L^&Y(i?%??)lnb2srIG&<^ZT5{iL2qhE>$l z+9R)w@zsT=-@i!-406S~yUd<7`0Mg)s_qxGKerWO7bz{-u7xZ~Ua}ZZ#>Fm^9Nq6k z>T&k#Lhzi$-Ies`nED!uV6_>h_PSGqRE1H@>z>QBkR?Po;CXVCN&jq`$jTwq{tS-6 zB$3oCan)(I`2*(ywI~}UXcbv&vPns~UZqaJ{7jt_ zA+SgM69%vEIGgUBSQo&0MVCJL%2SLZ4+U6f&?QphH#XK~a?m|cXPzkL<|4Jc!)bpl z&BNoGT%f;ER-?lZgpv2$UXSEu8#qx4Ug8^@Zn0KvIyVD1LCK_h06BHVs2MTN39Pc* zq@ouCRR`^(DSdF1i_!30m-te+!~0ars*#ANlNZ^vAu);^}Joy<47*vyZN?E$x4@6 zKt3&;Zv*9tHt%rHV*{6xsQIX1(d?hp{=S)ppdmiv>89=2E`rFOkIB!{-Rc6bXIpY% zUx;tc9Pih8#W2*O?%SY~uUE*Q@PLAX4L^-P-Ha0jN{gysXCaEfua&#C)2T{cc~u7u z)j5pfMwS^%C&#W$M+lBuy1Kf)Z@0xCPp_}9_uDq+L)b5(s=_kIOZ~LyE@@UhZkIz{t zA(tMH>i#q+jY}=p5xLI#EOZkZ_p%?dZ)!bRs-gDq*Marsm?Wv#79Scdzq6(vJvC|h zQ5=*n@VGM0CU0_a$HFYn!N{>o8OYH4vGT!|6gIcbBR|SOn~yttP(JHCTYPt8Bz!;U>TTGS-+FYMRq0nW&t&USZbjY~%)MSa420XRrewYuJ(C~W+oSsJ z+B_rJ7&HxgU!OgcSdo1dM70%Ge4QS5ce>l1l&o^wnfyaWe)h^PN>=V=d@(#sCLS1Q z^0?@#+CWfUv%C%!u$0Vl&RfePq+7JskrDJSbVbNXEviEmhgoUSKwa@0p9 z3s1Cw5-$AcGM6T?&1(0ds*sbv+xhfhY9__xMidr}Ya$$1F=t$E0L#(=c1vTCwUgFK z-|*M4cNcs&HVt(1DqrjC`?AOn-gVr^Um{TI-mh=1$mw;yC%xz|v#KR+wJtjG7JuxB zuSEGK1@V^elz28#mg^lq{tn^I!j+b`{chX@s61@)vu+wUzMvq%`Oisz=6uTlys|5! z783VRxs_Az-p#v6LF)|@BBZ8GS%;jn8(n2z;vpJmP7|h>WfslGAI>eJ3>ReJ1o*j4 zYtkqo%(3Iv2htxQ%ip+u3u3GuE`i@Fy3l@3p$9Fw!)f-_>kp(PUHQuOF*#ddZ_pcE z!Ftl&$j9c|!)O%&UrNE_T;hERVSR3y(7iw;q$S8-+w`M!7Iw)DX&(vFU5wP|UMniX{II43cFntgX#_4g!Sc9!DwttHxYpJR6KEPr z&rgAWmKR52qJgq{9KYA!zpI=(3yxRcJ;5&4Y)L?8qW|`Pwos5EApI$^rNRfJ-Juil zRqfEW6mkY@ub6_zZ)YN_axqeJ5~|Y2lYZBSj~70_BxZ0|wxgFWxgDL&1LnW){IIXC zZ7zT%;&KH9f?)Q#Uk{j=|7(Ac5!;kc9gaROZvf4aa%iiep4DpL64M)UXrp3w#K3lb zC6nn06?QYvQ7cksl-iAhKOENl1cFBv^Y+tgs7@o))4eL1Sra%Z=)Hit&;;nmFN|KR3ig~CMmMUgeDoVfrBQ|%MTh^^x6tWWPp97 z*}A|uNZ>?+&&G(^p6&wP1;3_jYs+n44yh%SokX>1JXCf3;8`QfD;$&UJ#{REL|T)R z2g0bBieg7vG1w~GL zzn-Uxt7GZ(_+iFM4ONk1idGgY-J2jX#wp3LS%Xv8{O&5H+{`SPQjubVe&?#e5Ao}z zk?rBx=c;I@0=Nr4bZJaEBle>L@_?x3{svP8n^R`L{oaE)$VzkA(-^~*F`eOa5*W|y z;`uk=EcsTgOsv7f_Ny*VXH!@3kVOY@qZ0T(Fq$kMIQkh9W55)kCG+w{_)>8ZCO_su z>5Qz)5-DM|kt*I4Wk`34VB9~y`MzzX{gw1eM5!jiu+;|~qc7`p_nK?~)>9|H>;V3L zUUb_J05r^x*^_G#e~~XHF0*^tO{Ty1u_C@qudyE&Os`LKLZxz!EBqej#TA5D<+~vO1bL6_XQ)}b7)Aa@gTScVL+YF`U&juw}@$mL+QeYnodA(lb5 z{5JiLYfM?mDN%PDKxJtK1`!eD6eVS8CDxcIib_)Q^umKq7pA4~ezw=Zcp-E@zF2p& ztBa) zn|2lq1+;p?nl>Zhq%0klvY?c3#qkkxQ)aIrd}_RS`xwj@J1roRKDgldc>NI!GDY~( zmM}=?Z-OMAx)PB4Md*Cv<@ER?A!pIFHbgdDvomtS(NeOO6A`YbV8%g9=<_R20EC;r z$1AEJU|POU)@`MM_sWbqi6Rb1l9_OD&Pg0mIMl9rHpqA0V>AM*p+D*6`>6E;*f^dC z^+)0CIApe(Zdf| zCqX5sMoOePPXA9GRL>5EnjdnJqJTy+!3S*mhi285Pb16X$SlSALofy*73!6Ww-gDP=BY%F<|CE} z8rAlO{q!^@AMl832BjE%tF2CJ!@z8D5=nIb4^2wh3Bd=yjXY(xw})M}V_UEYT(vMoj=3dfGbIc8qP=+zj-R z`rLO*X#UZLn&U9a#pHNWjzvB2u~*~}*bQb3+Pp=KTT{z1EkK8nSr7)czQBTLr1<30 z7%LN&%TYOFhj${@39B%9r4yNLVBu%?`U(iD&0|3hILr|N9B$QPQJ$aPZj2C>5l#{e zvzKF*+fI*C7MQh;z~?*1RZxuZigNl#`e`imcRv{6r)Ttz^yhH@`7Mh3yut`yPspuO z#2dm@suq>7(?Gqwm=#WaBb%jRRNRkRjVkUeIK7YDnIYds0_8*$98&i*18$c+akj^qLd10sikPyrru{T-M>26(Hu=Doy{g8!ywBSSIZH za6vp&)a04Cu2?8Z!9uJhLLe~h49E!gnuXkfTE6&pKuCk~gpu)>qKz>b!Jsy^<|TPN zmX2r-YWMBZ3AMp<+?E{Z6m}*Vay6K+8CJr`hUZN%43*3i`{%$1u0mTe7`^|znH;BR z1uml;=LtSG{odFlhfX4ELq8rqqJMAd+>ee(!k<}`pz85IQW7J6g+b4r5^%JXgr?bL zQw`MTa}JO619EW>1l`>KfI4E&*~FSlyw775xObmLh$Ke&a_9MS}{Nm zl#7Vt=uK2PG_40eQh^6BcY@&6#)Nqj$D*VpIgJ&~9xJ1G+rx9P_>6P!*ZB&FAC23W zDp`mCzX_me`xA2MlSoYsdh$fpfAN7=vH0Yr9-~IwmZ%Apc5(@b!t_+{i}KRWnFun~ zQbj?gsUGaK$}5$dCiM%|@s$pb@*U#np5XgLS!z37JW*1e8f~zD!)TvXv&hGXE*EWp z>2Z`k8l>JhT7G0Yj2kgbbnOi2!#d)Lu z&c{QrH|~G?^1-=k=XisDF0je!)f;X%F()KJwMUw)rf81TU4{&?mkeQZP4xBuJ9IWl z8^Y;a9MOTpe?t;f@6wNV9#Dg0oUjFwzt*vbOpl9`pek}eEpBB+ml2qZ^DrYyqW%@= z1|={*irdfMnhuki1`}k|=1$RB>^Q|5aUTYJoo#lfl-svD8hnHm&nV&1E$EsGLSmwG zla$U5JrSfReqdk|h`k9?Xh)gJw~iVMG#v)*ZMrA-CtawdbID+pbNn>SbT^6yOPKYV zS8<^+9u#s=HvPrj@=Gh{!<{XovYvcsqN#Tp1Q73~a2E+S*X&uSpA?g4o+Ua&mdUH& z@01~L2Xb9j$zIzBVR3x1lxrVW&TPW0ope!0JXdSx zxFO;=krn(xJm?Zu(QF+h3&uJ8IlU>Od`yH9Vs1Z>2q{GKKZ&J%y+ofL`JUvC_ru(- z(u-CzVNoJROoW997||o;zNfC>ic&{`(AhWFkrv+ z{ti(e7cfDm#gIRPzgwQ?w7UjCsWcsifCTUt*fA+#q-a-|#}1B!6kh||NN%aj)DkoS zp*>v2uaF$%_om@SowA28qZ=%?bde^EA2_h%2^z`u05m8x;5L<)YQj|J*%Sfl!sMP4 zbLxu(mfcEzCo&tTd)Z*7a$#hL_hlPIr)V@a~RfIoN6Y2Dj@k+sp# z?*vgV6vGN6Ry}fq{qKHf-;yVDYs-hp)QJLAz;vJl$A`_HdNA7QucB|H#zp&n4xKv<>rp%}6G*W7}x*OcAQ;!%6M zxc256Q$B#v{K?1oF-4YVN_+y#wA^0pPd4h0{g5)DU#MJJ=4|&Q@ACp^ZD+}0G6gvv z3ui@aYV1Q6%?)31TWCfN#4Y6Z(wz95r%NeOu_% zy;{$bTg*uEZ_{9^f#0xuzWXYa)qhLD+?%qil88?$ot-fD9FlkO8oNQ4VqS! zPrh9#SH0r{m`#Af6zZG~(ECHCPox_i908!dIQ!q^aFRgyy_?nTr{hfgwAysFShm-! z@jZtR0^tPFQ_Nz^q#F5lky8%qc{1%nr|3CmiDg4x&LYcPE3Bse@taox;RUoy7>}s* z_Ap4FC}AaHkhsy(39h_okP7E~6vN-BeaCOKyw(kUPzAkd-5sNKC{=DVN+= zu9dskoH_cvf4raf^ZfOGKF|9+&-;De_wzhA7QJ0XfK<@8Lp>cyVTV=?QwdsGeF;5u zUYjdjIS0piHY@$u8Crn!BW&X#Kr3D?N6XU~{<>uqN+*cQoy%TQCl=<-DVH_oA;CT@ z14%W#jIlX#4&#cg&++d?ok{HnEV(!p=Bw75%`;{Hc)jqAV7^kTIDdA;trRNyVqSEcfNQh-cP6VeM_!N_3EQA3Q@*Qk zgm^p0SZ&4gr1Gz+1S>DKjr#L`LR40lOar;kI5m)eR{v`Ag7s$kfHiK&=<(Qk36!re z{UkFLEu+;zQ~tOyy&p(N&nm^eioMK53~T`2ztd0WemB>#r-2YsNG$g@;#hOJ;g#vm zkwGF#ZF)K+A?))uHG|xA6lBmjnX*gE(6#9^1drsOAQ-?dfp0)RNn zHSi>c>ztaSPKN~f(2JI1k)XCLj69|pNd+l_ z0ISOduK7ZmwiEp$ndzyO#i!$fpDQs~?_|)4o=f7qic4O(4${)4t_0|*&?c0V z$sr70$AHCpGMA|T1-00+yu!$J=n$3SjDKjIzBmfgnR%huL>B@v#Z zcD_Awekcq3gz2_&(kIt4GID7?dN+zrDeQ}sc0P?|y&OmiLTe`bLN9KFTNPh-mSXmU zi^x!@dyvYCda>rrr2_+>-IDTFNgf!zZ+v)8Bz(|dKdy%OD8GXpd9YI|({%(^m;q*3f-{Ig_%AqYNFs+#ARE23gn z2(=~2{dLexT#5;ksS4W?k1$Qc18-y&Wv^|!7o$Kzy~Q?tSb6Oim9ssqVVd|Zry?lh zwunVDvW3r9MDCNJd$5x%+38mXDBG#Q{fk;0&O%*wN5eEWt%@kc zWJfx=Ld2*g-SxOx!*xQ9TV}+=H!Qce!-zDKP+<6C6XdiX>%^u}d;St_z>ut~^)O}5 z*T0b4kSUk7Vt2SbnKcS8$kh~(9{$w-ju1-I)xdaLa2qo5W4t3D%&gMtVBDY2WDf+* zrD~BFa)%>|p{D5zx0}$?;Zl+yC~2Uk9KO9YzV{;#-9pt~-)a`ZI$tHbTm%6#(?76O ztwcRT*v7c(?pnAKXb3D8ezBUiON}kJeGaeG&t1Fslx}Y(qKF7TAh&qx%e)8ms~FI4 zc??rO3s|JNpw`saXR~9U&ICWXRWy^95+dH(L+czZqTynx0UAN-mo1Me+Z<+*66PDH0%Pm; ze8MV#%AAp>czth3tn2QVSfp6JMn%g;(i~??bh3^Q3~u19p9pHYiE0AE*WZsQUt@nC zN$FegEj6sFuC8v0-ez(lqodj1#}{O{uVsrJZx^_Ao|-v7JCYW>ht7J$tWJ&RNe}7v zev5ZepyVMhn@)e;h}G;CgO_S6`2PGkpR>^BpC88F_zn3?o`MSB el<2rUb5w{slrQY=@$m5M?WKB{MDd_Rc>V>FeVwuZ literal 0 HcmV?d00001 diff --git a/released/assets/rancher-monitoring/rancher-monitoring-14.5.100.tgz b/released/assets/rancher-monitoring/rancher-monitoring-14.5.100.tgz new file mode 100755 index 0000000000000000000000000000000000000000..ca0a2ab2cd0d19e22504b597d0d20d1834f34673 GIT binary patch literal 278414 zcmV)wK$O29iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ%dK|a0D4M_FQ{W7V$=o89?Dge% z(U@+`49xCE8$gp9OZ>j|8vE~gwDlzCL*d@tbKym{l1M*n4jL#FZiT8sT{y0?IpImk zDk>SL)oge)$6TfhTo%8%pMRs#X!P{p0RBH3joSbJVsvouo85!a!Dx4HZ+Ca^H>2Hy zFP=XA4I153|11ABLSp`#(VhEh5AGl2AFe7Uv81dL<1K_Rmvo9VId3K@Wy6A27h;S) zY$1eDf+}2+F@pVpPFce<0v`}+criwEDQhtv4rdgaXRI97oRvh*Nh6Ysm1R>=xfsq# zQ6`xJA|kkNYauzoB|72kN0Q0SVY8ZWEEykOG!v5e58VOTnqxGOydi@vgfc8~!DeZO zr7Vc5gd52cS_z4ZVvM>cB*}RGRf%Ob?`@tD)h8vnYuj5br=l+KBGH3?<)HUgR+U7J zGcrcHFhoZzgd}BeyPC60niG-CF8LVwHfhEgQ{Cx!VhclY(GD465A;S<>jI zh6pK=tZv5W;K^vzkD{wrl9KVo7#)m8qgS-IZbQ{Rs#!%U84hO)*YvN13(Bf7y4>5s zb?ttR(u1ezXe%c*sd7?fl!)mz$5UM4lvH?9kbDc74Qa}^5aOg}LiM#6 zqbV)OcsNXldJ7M2tqA1BzBncPlJE{t_hk)OUoQsSOvtIklDs04(@b>Xt0N#(jil67 z)^*fv(CP6oFOOIyIV%dnU*QVR`bM^-;s*WqHtWOUh0OA09jkAf^#wKiz@KpTZm|qL zeB7)9UA3==(`-)irdU3GuEJ(L`RY+`0dd4Ru4PYu-70H(>}e47S+ShFcvmyNrZ-hD zA*SNyea6kAp7{mYTfaYhYpv*jLp`fcPW;x#D)vezYZ&x;RdU)WD#Zso8ZFUo>#QW*;V(x zFy${cJCE(!IT0DBweIjpElVZ^66BI_Tp&&gEJ=?3Oo|d|2s`Lc`o2Ut7V`bf(VqcazZPTqbn-sC}&wyl1g){&_wqwkYva(I*4GgP`@>!M-ZvP%W zl?1eTD?x2claS3)A01=$;Onn;)7_`(C>cH2Dlx4jrWN4;UGJ?+QBc-Y6q8F=Hld=# zJiFLR5GgS&#%M-y#hVFb|2|U%YTTX$v){t%F!xY?CtM=*8ltx|F+R{GQ~|HkzRH*WxRa{DCsb}NVm4p*_;YQ z1;Xe*4qv@Yri_}ic zt*veJM(@Hv3xbYVHKntLYofHZy&abTo;?!D_BP^VdMjnrP;x?s>LObq@oaBzbxX%v z2pPU=j3jT!77B11gCc7i9nEnyBS^v=PSrFho=6uFQh|qi3UMBQ*$7YwR;luq0-1YLeglR}Iq+4eMa_=cooG;^JqqGEJ zm9v7R7mnuy-JtHYE^tKx9V9}M6@+^|EJ6t)(<#a17!6*t7w<^cNK+M|K#Td}9Tidx zx=pN5u%gXYC_8L6k-I$;DFR7l$^7m8)6O4Ab{oyz!Ly#ZtBw4)WZw2y&D*avWF;Z5 zAMxJ)7kvXJS_oe<-UIlpX@^0gO;>>$5iXxoK1M?#v!UN1Lm`Tw%C|~*_1z|q(;C#| z>fZ%fbUr5+WD!)!@KFpT!|v-%_N)T_>+jX=ZFI3OesP-Z)Y!K>Bl{u|R$KlLb4Iqe zLDO*f{M9c%-Ak0|n^E^KKIS#K_Ea~5sI5XXa+qbTspJtSIjJPYg@`KBN|3DKON5Yg9$}${Z_C@t5UE4f+kxCZ6PEy=M%2Wvu9=(O3Y_O zdTMZBG=3sllWl|$uInyz1KQjert&sARZ~L{tt8=>xJc3Q6je+jLF7*RSu!_DToJcH zRH!|Zrv~Ph=Fap-xG-&Jztvk5o@^(iKp7}oL4Awsx_~!Tfy=re0!_%2an;F;2(@n_ z=o-!&4Te@TF-Cv?-i$v%I5XBTgw$?QIGK@mWAs36r1OV4CMBx`ksoqW7i>|IN`9zW z{=u!!2etP;fXULdDFl&^(%(OD(DbeOQgyHTK0jCO&dV3`(v z(37$U%0?1cXEg)UrYQ70sy)GpdB#>fs86j0(tz~=iH;pEinwvc%92&~D80Yl+D0NP z=UB|g2v4%zz5T6iR4&Xx!1&^#%=OIz4;79cYC95zZD8o35I6Q8sxMRbjjF1MZ}iq- zOi?sZ#s%Th@WsLPtFKh|b4Dt{6?t_f7hi_*F-TT5)q1UE<%gG;7I;DnDi_P@yx^QI z1#nuhcBciAtrAZK{?tV}`u>{b2*s8OJly{|ydR>yzi~TjhaOZOB^@dBylei`xo*1`mCGh2J>_$jkGzbWdq;`MznY z31b(i;RUKWnbLQ#Wur|DI}xhAU1AXL#~r@rho$r#t?Vl&*bNzoX_;>uOi12jL>

Xn_kQo({FPv^^dmH^tn?S}M8}Q{`l|07MGBlL7v_fob-C%&6TObGvgwb>0uuq9} zFiAnx4PLH4{k0Xr6&=iEVZMhp zu6B7$4P8Ov*%)2!rhB7QD``;O6vYWEXtq#n;%g>PI8m3GBFqzOBF2IDf5rhjAN*A%Ig^~LC8|Ju>uop`)RTXrkj~-O@E1-LjOv`;ZlO03Xqc>v5 zF#oS`ZOm~`Nydrs(CY9+28qMjjFZ`FJb*CR&x)T7zZy{3!Z~C1;K6W%IjBYbqVptC zi~6v2ML66}Ym(9F0@W-J?-5_&O?X;k9Y)SFG0a$%ky?sj4U0akS)RbN29=A%lx^d> z#=K_7Zh*+WAxzhgPTDy z8zF!)Mh|k9T@Y@+d5Cs$J;(`>8$skvrI;)a(sDOb!hy0$hFAqAR;7~jh2HGuQfq|b z2j--LGq0{ZS}NMS)ur-1OChnifCT|rnj~r|GG>gUhYDf>;F6ltODsvk%_TFmiYWMe z(iDX`gGR})?XJUt0ia-M)CWr}B$q&PZL%7RB*~iT1bGZHEPRtnM z_d~Rt`i zMOc$vn3lr;u!! zO`3eBwsL!zHyIvpsw6N84~LsihTB4uR$9#xtR}$st~`Mn$2#PjXJPA4FB$M>Am!7OTk`b8UcJxzA z4FC`R^~1X&6UkT+z~rn^|4$T8nvh&^L~g5YZ=)Alr-V)moL!hbr@!dl$F@rahm1V} zz^$K87Gw1H2S2jOgYVm)t}vBjv_BH<4_-U{r1al7sR@?B$NhQuF(VXoDG!7~G^v=R zQ?q%+1BaujCLErYo~~?$5PUs1>f&IK2@<5r&lQtbTn3DZT?8b_J2^%V-oJO|&S(I@ zQp0nms>T4N==%CW*bvwB9Bg|3s4=@DlR0A-NyCd|PB{76R(598!I;1(E~4KW_2J`G zmURJ7Pj>MT@=}nVN*K$zx;Xvg^J|%n6AZ!(*^Cw-Ip?gI&B0gh zfw0|b>2iA;k!nUO0&hTTV4B-Vv@SV2j2#V6&dK6IQJ{)AvRZRi6J9J35gD#Yjs(-! zwW#7|uzaqEkZ5 zCQIEuLU_V14YgCe8{Ek|2|B38{VWJXQ|=RjFv`|3`6VB&GHGD?=kw2IMVd~eWDhZR!i=OY;E3(-R+16vVy33jboow}t695Uc(N0lxcj-R4_13Xa zlb&fX3*heOXfFPK`0~Y@GnBySduj%o4KON1U;B2g{`D~6!9$(OMFi*66x!AA*8SlI zU04tEum_|28b3ziSbJ)&03T?)Qqhzp=B-iaGP9Z1)ZVb4k_drk@vOhnWj+1$)ZVb4 zAe=zd*YhCEK)1gotv2k_yn!ixJL=Ou%DsK_a{L(mvE6Ch?88{pl;h&OVv?NKI3It# z4iC_9m@Ux%?F}i_wf9i7Gp7a32pYJ9F+c;mGY4p3_R!!_&u|?@ZPU--C2chk{e=nV zW<`3E!Z*atXVDym0UDUiIzWS98x7DPSl?SuYN(w4N1EAy<{MkJUag3JwLsr89!A#q z`YW`X?tTddGh)t~B1cAH1d>bF{tjJItc^)1DRNuksK7$J_SQ{`2klo}O$s&}?v3_F z!_mQTv^S(>&DkYbL5V~%5HM`7xTXoMlHgHX;Toy5RP{`Cp0H_xE8End(Z+79%?h`c zsp_IfZ~H{_XC|c3)?{-lynTgGW@@$&M_~=BlByIWs18p^`LbC8iZbp0J&r zU^y2?$q8CPGX(RFn}8y`#&T{~3#4jTkP!4~O|ldO@Ds352+>llV^g@H>;7iDLqR%Q z)C4`ui6p$F6%lC8uH3{xSGMJZXk75)dcVeuV5?R<0+3n|kw)UQph3w|*eUFHSrTg}parJ9#smiHd;*PRI!?bfSAt);d zu1JoW8bMef)Kn&R^{p|g9tp+kL}34&hMp9(l1QO(${(TZXXbj zSOq#++g(!~ir1`q!b4o9lbY?forPyxo-XQc(#tazz(G zR#nRnD_aK(O5L4qA-sRzU7}P0(N`;hEwe?L2|=0^dCF3 zN+~+RmD_%j%?RkAK{iz53H%&GCP{bQrl7qK!%K+5D%@Hm!4id@e$#p-NpQ{WHE2&_ zxHN-J*)f0dv>l$-kVeg#fCl3DBtE!|_n2H*n+(ZN0mg<1-hKQbwn2#Y9hV$f=74Dk z0{=in-bs#+tN{izj8-!6%nHE)TIw2pS2IDth*7Ok#d6Cn2mBA6+Q~@OsZuP^gV!u4 z3dn=7x5^Zb(f;V!$aVIT3aNI*@d?6tt`?pMqzL1j8bK>C#xs_drb7s}W$gs)cbf+`$ChKL(TBl+SYqeAv zu=YfRRAPhEaogk3ITv?47y-e$$q_kl{k~*4pO}qc9O=|~0WF!hVb6n?!LIsP`|NlM z0>h5E#1L+|adyq`;vMv>czbGDsF>Q$0|VRbZ6vZeQCIDs&(2QFkC5fEuDbD!3ft`m zSqOdbe$YqC*bULCiK44SK!(b*m!}#z+f{H=I1u9=m54zDj53|euwg@MMk|>DbGNo% zwTY%?MSCpAbXJ7kz^RjhO|09@^Dq+e5Z5#<^KDs(%o<3ca5VPpPYC9OpRo&4>7Y`d z-EaRz-ER%Kk?K|w2!pRZTu?3bNsn2>n()52+PPu3!gjlbI_P*>C2^Hwo+CE-k!13} z|Lgw>wefI{B~H;Ry>wHy#!GGJ{Zv8}L9;+7jbz+d4GjgIC75S(DoG|AP88xv#;QwF znHR@=+xBm9d}V%He>7a>k-r%j$=00Jc!s4HYoklKX1Pe?n>V*`qdWZ=G;VC#wz&0F zc%7E3q?|KOa&W0ma2t$Od5zM&-E?G%#2iON#9T>g99p0PZwxDbb0TV1X$$JW(G6Qc zrDJg&lVG>@OjBXolc|Mj%)O{jXO$WZdZ_JnfLMoyF^^z5RBKidEB-k=yt*Kq!j392 z)?-;I)5NDO4A1QfO&?0K4LlorEcEoA-Z9*{m}8Aj$(l+Aj&6>34%?on4Fft@+b`y= zrd|6i<9slTcA5xG|7};^MJFC(SbpEb>=~cqIp-wodV`Vbty1E;HQ3BS=^3w49#G+Q z1llhxP~_Muw;a5)nCv{mINoGVTlSQoeXlZ-+W5(Ekv)i>P#(Y(35WkivlC5>HHABk z-bUh0cjWKU2{9o@jOL&48G)1L4EWkysvL2aOJ`@pRq zSx-PY*SZ6vrO?O?^atzPQ7zOe4-7+>*gA~2%aT2#bXpJkuH>&Ao zll|(T#aq@DuiCZU0o-`|Mws5uE^fUhud0#kZQW$P*G{zC!dl64`4q*WFp|L&weUv=={`U_{@j-kjKg=JYhb1iv zDoDnvTp;`Zl2(m`ho6RvM=e2AY5`=76asz)bVw4r2w*Hrwe7$Z9*~5o5WS2|7F|BY zav7fK`gp>i*BXnVK`<>N4qVt!E0&(3OI9=`IVvzM&kTR>PnYl_BMO=aZ?7{GgeN$U zSw@6-#d1*14c-u(|BX{gzN<1a_&&USTu_*Z9@%7)Z93*qe=_n0q$FhLwheUKCt2@#6IQikdhgOg`l-Fm6@ zFK9`P1G9E1h{etu;FhtnZotFdbTo{~cSJ&v>Dc=d+Jv-EOg>uu57OE0j&wTPF3kxW z?)EkeOfw-ig`^3d!WFU5aZdtUG#5iwpZU7Lnc5-2TY$Yx?Jm>OFUv_Jr{`gkA2bkb zDhH?}xDw9AFX+pdG(1+Pgz(2|Ljv_N6_C7Q?vbii8;MzMf$JR(X2sB~!5mkTz-?$P zT_e;CN^{Kf6(~`G9vk2A{8k9{^*PYwJEsCDcimYI>j7D@)(34nYl*+-(%Ra>!%EUa z)2OYhiy?Z8UqwgsA(gCV1)DAYLKfjeOw=$K7ZtF7yoWrJY$tq=*+ElGi-wcL*a`Q< z)A*THWW^xPJW68}x3pGJUP~baomDoNRBP_c`ry86bVY{LT#&`U4Wk=q*nWYD7^4CF-xv3WI9@+^z5S7>Il-V<6OyZ8++s4W7{4eO z&c#sCEQr}-;U^k?62NawjIMVI)sB3vXqrm=?(~9O*=QBpK|?sd_Qz5ZfDkDA-&O)k zDyCFNxp>ZAGim3{RRjUPD|jyzy-hIW=&8d=P_ex(nzJGoY6%i8En9nDgr$BfBEsl7 z%hJ2R13#!A*djX*f{1X!Oy#Bopn^k~uz-|g&FP{CL|!P&)* zyF95xIU`ztnNTGY%&?;LmJdb8CvJIOGifvA39SIM2BT50Z;y8Xocb_hLeM%09@Ks> zF8nCk%(1hK5jt3!K(zYNKE`^ZD7Qj^tfn}XAkLj}aK{zGjhvH88cdA%qv}m$4-f5^HacI?OYTTBt+= zI^mQ7l>vKlq}dApRIH?uh*L7v0|iIG@cD^9A^p<>@*|su^Av6vo#vWYB4wgPAdKd8 zHZK-|2Ev8l4Edh8`*@s;gOP2>V?xi!rf!cJLT*iRugJs?&=^P^=9h#^D#)QWbqrLI z1zU9IzMLqL z{nADb_vy!TW7TApsK$KHNWMm>arE)6ASlBEq$!flQY31u+qKDy?Ez<;3DJ}KT=aLP zmV)5SsG6s}V|6pK1t_WR^HvsFC9U?TDQ7zQdz5z7s3d*bRa+@YL=5p-b#Y&^)xH?( z*6P{hn}49hPYV9;ZMy~+{oNo>EAY|@q&u}C^uebUHPKmG#yR65-0-Qv5;mG~(Tanp zIW8A=ovltQs&8}%*J&?z+(>q=>CQRhvvd9C_E$=-jMh|LHny@6W6ujVqt&@WGBQVP z2-$hmGUI+KV~6s_caX zZX{+2QH^I7Nz?3n&PsCb+Md@~&c|pd%X;XMaV})0QKA~9KML~}U>Pfq^BW`kfgx-; zA$c$|wL5IOVsj)Q!N4UYSLnGL1gqTF7w_tVac9T_g#R4C24T{-P>`A6RB|lI%wVLg z72gnTXc~uJ?985tg|p>m$e|=&bV4$Q+yJXPakzccK5&+o57kRi{uP}nqSFq@4%Jg1 zq+Bs65%RE41^#by?XaPCjkdIvy&Xaz;Xjk2bjnr#%_w$prDGdIx|!B<=J8bT_Su99giT3zv6n545#gdhLfBNDY37bFyp%wzG*jNkAzB*Q0_=C7O`AVy{_c5o$ZB zn(P)PhX?c-Z)||=dfjoBWD7TH8;KD*nfG=A3KIPy&>cCj1D4jT^k&6*Nvjhq#1(}0 z2D>UL5%pS{`kW!1&+Zr1xC{P9QIe0g-CE# z`s~I|7;|YeCPZ;Oo)PUqYe~=nSX#$SyxJrHLCYSg;{t9kupsgPiXs&_E)z?gjLEc! zoWu;>UgH!$>s^PB<_~YW+sqZ-&O^%!UeKIm*yuyL_haAvTWIrQ1JGY?=Ce*~^?DWM zv|DTWPWHF0x5;y@>_yePwIM*5VIkwYU*gt#O5fldWwo_Cw~`}Onr)uaisU;!PH+&K z&Ho9$=Gq(L*g8Wnj;M6H9tXICz-iQMjCP-FHi5SN4Q9}Twc*=66z7R_!g3`A22VVJ zH2wz<0%&z3h(L3K^Fke3>ooR5=jET|KbR-L(B&|=ReJJ4`Fd@m14XB%KjLprO%)9% z$njv_q@D+RB667QY;jvpO_B9k(vun}8p06R8R1eSZtAy;m5-`?qG<_{nUf@hD2Aqr zvo&1?gA<&8R~3sWbhQt+97yN0&R!7cVT}binwoH)vMwHNASu9QM};)f0Z?Q?nUd^= z+X4J2p^2K_Q#-w_`3W;~0YTcbz6cqJv^KkM+r+;VM#Mf=wRb9};NQn$bI{g5AcdA$v&+@)&&p zWbIkDe26`>aJBGR5C}OOV1kmF`%`;!AvT@P-Qv3Z

<{&iGfJUMnw=I-svnB#KA8v)Po5QF~g@Gqy2bOKpi*-1sz_*U96nP-?*xRvhS>Fk^> zZ$#AHLZNnJc`eiFx!E1dE7~EStLr$d-a4qkjx+@D4<5=NfH^lqiFWAuxtYrI^R1pO z8mPn!RK>=R4-Ozu#jj1Qe`FIg441>*67eVnd&lra-#2qF9M zZWeG;&^2ch`^dZ!u&%f%SbOoU2JFN>^WK_=p+qMn!-`e&f}>4bi6K1#Cpcdi;Tjsc zy&JI+8jtvu=v#}Fxj%N(-7j~#$PX`fA@SZW;=lud9-~t$>gOcp{kouBSie^h1p?Z! z5&7v`>{lzP&=L}{qeaurSR}Uy=MVpmlb_GO|NWysY|IknoYm{FxiK0hne@5L>hnh6 z89A3s;^KoXZ}PYt%mvSZjDE=K=Dc7yKgXAZt17!A@#tp5xzAdC=aIO)VrRxHR_qU|tLMIemvY+yPEY(kJ$~PVK~_w(t^G`p1)?g0t~? zPQp2{m&)f^31?+BEB={&{5M_zJ91xa8m+B9!=6B;vjm{k z>iF>X0&>mgJ1#8r@rgjxDcq;50dp&#^H}RlLIuw5DBV5SO%Kw&y-vw~r{ut6s@G!wV&H0 z@a*Z6vb$LP+H&`j0faKRZEDO!g~^<$?FrCBjcPGXw7Y@Gj0l6=6L30fy3X{21+gUY5VIjUYVYLER`Y`0CgoP^bC%72RGG9%qsmGG&q+7c2; zWR_bR_(Ep+S|Lw0_=F@ng|jo3jO9D^>7$Btd;4EJ>o7~MaE(9*6W=z1*207_CU%kj z)DW%P>0|*p7p!BmiO;L!PFr%0D?JY6(|7sE4zc$K7}rMOx^|rVs?S-J0}e@6P*TZ6 zNhx-oR41ML2eQ7~Oa#tUVSA-c8~5wU?Wnb8OT}CNb{a00fnb-&{&X{L3f$y?)ZI(CW(?ehG~T{Y2Z)6FcsvWWXnIR4;Ctd5d6ucqSsA%uSap#3l?tHcM%aV6AVcyylr ze&gdEnR|aGb4$qFvO^aUyJeMDkvw;3-9bFebz+ML5sU{W?U7_*8kp7v?koz0O}lBr z9D|XhA|BqtaMq6R6EU-%bVOKKH}OLkQy@V}lCeTF3F(v;L_15RCb44z+cwdX&sYCB ze3+BV4>f1m2eA+zE-@b#bTZ6Yc0u?s{k>AEu2UnJhlc zn;DVCWGX&T!Ja*RI{Hxl)R2aJsKiu!P|`+$7kWtQKU49c7LsxDf!Eo2O=~h0AM9HN z{8`Ydd8hvRslj5d{#YnTlH-g_1#IX(JC-k=J?%(zrf~hex7WSJp4{}>bGM#0E)*dt zhMcK!Mo_~ui}+;NkU`6CJ`XdoRng@r-G7$qAln7jr>+Lw;@QhnRAEUkNwIL@45d9x zJz^??pb}x~Clk{}AJA4bQdZz<22pqFi`g*ai&{e1wc&PsG1C#(ab?VOWg%YC>aR9J zjQQj2<>{`qGz!BXUXjV1u?wvsr2+S?4A1lr@y>F zHP_)`U3gYVpL5A*ZX=3JDJNHu3rn5%)L+CV1;5svj?A1N<|aV0L(9&uB7H%yCLkU@ z7mE%pN2|V&P-v9ykE|-hrmKKQJ)N?IRwl8L4%}U0DUD9p&?s1m5?>hGUdquGUi3W- zqMAW+EePahz*~c0?_3AqY-DE>GZ4o7H$7ytWlYu!!(^gwF)fyBJPy&xi&uzL8B_Cc zbciNRmAe#nQOYjKto~9nc4nfD%b-z77KVs5 z5$GY~h)%UhB#bVbFyl^IE9^HovlqL4ysf(rdeq$Jrq0U^lD8@!*+NaY~tY|XprlhjA6 zvFV!a@46`pyCsjOubDjIL|9+)ko*U6C4rQhyv=nSp1d*nj94|}8kby7O%;!akTWvM$Les!GX(Ct>Y2Z?o(P=5tR{ir|cu!0Nz%KQzP`XIhG z4$VM+8w4LNXqAuAzy_Ey-?!X*h0k0nGFI!e4TM&+mG(KKk3hNvX721h)KQ@dD&!-5 zoB6;|jmfS^-YKe2FHQ2XoKy>sM`}~WyEB0+9izwO4~w%H`JCKggzJ!56+!YFuH&Kw z;Ut4=)rXoJJC?uYIv>v%ZOs6y?W7Ef=z z*=+`*Fconp!TqtxJ=E$F1pt>;k#k%zxJZ|QvFq-x_va8U)u;ko62UO4tBr>bA^&xB z=DrM`W=s8z$~l8vcvSe*HMU&@3woR5ORI>8a#ovYcC?yBN$8VN8vV3UCCAT3&kkJr zQw{Ku$LNan$|{;v=!p< zR@q;Cxe*i+)9bMHs(z@8dv$7#>J3^(TVCo74xl?Btza~fq|z4$Hi$2beCCAXlc3|( zkpyoPN3bV~;OI+}rp6YYDRlNnCPYk>a6^ZbQ@F62bmkx&`sTTtOe>KXuSHtTY}s%d zV&o>OSG$zLk0Qv#0g>)Jd3eciKEZ_|9~>Q@#Iw{lNdwj58`EOoyC{NUvnK6g9XIq1 zBvlDeXhmd%j68aNcYHj?9TfKKyX^_vh-?}mMY@hpe5MYBrQxVscS4ZJlj?BcF0qM) z_h$19kaqfq+cpJiLhDE;V#|+DqNQ-bwsGz#vO6t0Y9j#fnjZ6n(ux_p5rj6cWx(k4 zdD!Klahw|P#Vi+kPk_bW^6WE9GFWe%zk0hre>H$r#79F>68A(g&7f2yidWVqLl%Nb zRSjR-f%>AUf&0LQ?yGXh00F6=T^zqS5T4N~iJk*|$Nb21QuH@`^WyONs~0*uGOVG& z;dJ#Y{_+4sJ|Z-3hn2PYub7X@{7FPC^nDo>{Y|>+)#`WE`DjIC#Lw@P|5^%sL-|dF zCX*xh-<+D$hta#0()7lUh0p?Mn@bjB^G8GaAf3SDq9^OpL(yb&gatbM+bMeSm(xdD z<})(N(d%PhBf|yF*rOfjCk!pcS&`HQu88YtvH*A)Fl#|FJR?!6+v0(`fRB!!ztNh- zwtCQKp*H-CozgiI^0nr2VsomSrk1{IVrebK_9T^tFxXDr5GV46S6oOm+IK_TJy)q# zPIr_Yoh+r>OLCNM_hl&EUXh=4!^FCEm&?D?_qcorcGJCdKRqxdI@bq@YE)vkN4T|lM}mswBF!t2Y8a_#rc?UPd^X9RBCy)VHfK@< zBe6Sk&+bZFk>r&aZ7m6B?XrnJeez^qk0lIa-74*7DGfql>$;s+B*!g+=GN}TK#jXn zh1+ihHMlxA`*GGXK1pZ1}rE5NO#NF35N zgB!|srH|Pg1M2vG_CpK7)!V|#(Xvg2%_!V31_WOxt#`drnuH&S)Kmwy*0sh$z&wXF4AdJ z6bjAjM5B~ARMOwQcS6r~cu#4)>JMtZUF9wPfUXCn@kcDQg){bbs@lU7c&I>}l%$-P zgn&AYJz`HDGkg%c1O=f zUC*b1sx{~+R9~|yNCS6+oGBZqVS9C}&vcrJU%0z#mmk=6dqmsmO10B!m`9oH(@VVFqpj>oE`d6%vtunAJds z6z&C+y}5NdP6#)-*fu6(o1BcAaF;In7dj;opj&P@KN~mNdb|Bw&uF5KPZU2Hq^94n z=QVrs9yVVTv7u(Ux_5b_UtlLqJ|nW1mD-RA;!Ty{8paf*w=5>R*~QFt%qs?*V>X;h!e# z{lSy{XI}>IGtV9J-vIJU4^v62Lra2n`Z|P4{O)aqeW_*aY^GJciG^eCEFaWJ^=D`b z;8>I6F!gP34qJ$n5#)UT`YVVR59U!OYq0fi)Mgq0Fo=7IE-8jjQ;-8p1^2jQdO0Oz z$xfLRY&P5*?Tv<`gW+gzNXweDOP#VHkqnF-> z?%3@Pb~eNAro4eYr2%jD%iV2ZZ+~V&3YW-sWnSL+dB&&P)!HXWxT0C}8J6STiPW0Jh?=XK(aV9))qAt8rXZcE$$6L)Nq9*sBG8;&xe-EFL2Bz#%bSlp z1^k$MZbGCaJW)s_rLmq%)NQ4Uzz*HafgQ;h9hY?h-M}`}$pdNT@4en+#zyY>g>o6k zn_+b-wR(udcsVd;#ATX~o{Ya}`0 z#HpJ+6V~ZX*NFn&9+d<##2Ru>O$5-Tq)f z;kqVOVBJfq+!12kO=wwT5c0sS+`Ix62hLfv4n8w_zbutL^`Qu@lalpWY6n$nk?&>e zd0SF03vn6{?LnwN)|w^zfYX2I%o?TWD99}=*^EGJVr{TOxOCzD3~$Ru~$_ zux5E;;U=bRc?bn?IU)HGuJMExRMJ3+WWFh$^CUX#mnJ#1;R=6k1HVK%pU=)t z%#Xel$?@ieJ^O>p5Br1OTbdV9+_esVM}?#em1i$ctxcltDmXws#cU5(7KS#9l9<>y zQBe%j<^67Nqwl6hsdrD-tj}52IMOx5HBHNWTNWb7$sG*MUf2_YIpJsQf>aO?^RxBk zzpnMAaYGXbgK3)Dx3TDV|0dYIo7OiHw$sQ6M4{s7l`}H0u@FckUHrN}2~iQgrY zf@K#;Zcgx5dvg>yBd5+=&t~t;l_cy=u2$oOt8Ep_D8<_UIu4;6_ZhV zZ~(shEsLjYI!kA4`{nMJqvYl8m;2!eHKNCTVQUOOz^3ZrW>pTzUty}*4}E}C5htQ% zRc?EW-tuc!(tr#O{3#6^zvroL%f7 z!L)QiCCZuc+?>!VM|g&5C8V|FMaL%*N`>#U9TiVoogC&Rt#s0K^)rem0ltgsI~9^c zfCqhttLplNn^sxTzzWiBVQ|G9ZLM} z^nzU3N5<`-;a}7w+8=3*<<8{*YyI_tc~;Zo zRl>ZfK>rMwqBCbN?G>zI?Ffx?w(ijCpslGDcw`Wxh_-0Bm{AqEa_eEbi^F&7vgj3B zUq7#K-CEDE{1;r(pxd>ps*iPvYcY(5nK>BINWl*Ov?iI7QQ&PvA@h^A&Szx_Ve!;q zn-+LxZbuvGtVf9W_C;Qow396qoe=+Qi3+oyXF)@kLYk zn@KaMScg+{`lmX4GB*IZKt{h-tj1{4JSo8uwnGqTf(1}?;{j<;;G7gC@+#LIM*w`F zJX{DC7>dNJAH*DtNr;;xJCN73cq@qbGbzfyYA4Lrz0}@TJ$u9Gae6o0`)jw~6qRT} zTZWZqk`>RP75awQEQJ-tpz`EW^G4yjlP)(Cu9#*vMFaC}kie_$K<$dSDA}`|d4#9q z)>nDT8sWR8Qn2#eQn%QpPO%|gtG^~DvH0!hGMYrr3Nk<@Mt5t<*3V8?m{st`t?}IX zn8uH5pX`B+W0CZp)BcgHJ+W=(_HHM(1#LZk>&~v|Ah_(D+Knbysb6{QCR@_+y6qPD zLLvuq!`pS;{ns-g{nyZqW` z9q&*NX*Evk_gje6jdxd1had9<29p0L%YFJO`A9ry&DrGBWkLbF{sR-@-E&qVBa{;j z=FXhvq-B2>;;_Nl&{*93SVY}?)Dxk4`h*XILT~jsaA{584H!bv+3ZlEWI!NZIjhEK zca*!vukbrsHYF1DXHd|tYI#b3CVlzPGFDoa-RgL+IF%&P(XR_OGqwn)6|U>}w!gx~ zk#F94m0Y2~tvQ42&Pw<=X~&wdPasBd70swR>Ul>&?H<{UUR$WYwMXk5bE6Z6FcA=u zBsL?n$2(mC4uWph1vNP|6i`qisi8?Gae*q=2o#ov0<?%z_etSL4U^;1bc)W-K+W_6ih@X4cHdgCo)N^#u9kv3+WZ+pv-gV zcoiHo3b9$iCV-Q=MOpzPaFyF4Rhg$cpb`s{gkKVdn-m86La7MJ15rR{(t=rR(+ zsjLf}#hT`TaEBUrmXk_>CN>q2ykhQw z6e8X-tG0K&1F5MPnl+f?N)m9pwSIFEY6c~BELWgJ1$t~_)!hoAzCH(WjQ+Z_9M&GI zVyzF_{mwpF`h%U?9dlSo+72&aFZURfcN|oVp}lLI(MS{#ENmECSefiE#=#y*wiB9C z@7QE3HZI+SNW9btWxH<>XQ3TS+|qgqd3%zZMM88zr_g3klbgpv^mZJd;~}nzhZr6Y zeNCT(!Ih{>0J*Kd&GY>Wzo4n?TMD+b8Cv z(rsi{~naHX=nUGTSzu2VR5F~SOF9ttx#!J_0m|VwbMA>voGa8R54-dX`jk%E> ze9QsGzqa*^o$JyR9k%8WtY;j~W|p+lNf99g7O|pcm7ox}lIe(*qET`lWC?&YdugEb z&CvwvLQwF2T-dH9LlaK$g-=%(8|0&7=nUtV)QQ2Dlw8G9kd8xH zF{xQhQURWpd#6>#${I@=MB(dB2AVOdHHsRcFzF`PfWh2oEaNC2nxp93qRy*uLJD@J zMTRMb3>qNGLoCf5A5sL&0^PO(r{(lb3FXF7sBXSX)VxL1?uj=c|61^VxRlZZp4cG$R_8S2tnLWg@G4>z4M&N&4z68$NE9vM{sHx zNqd1>7Q#RX0c7}m3TDt~sbQbOD9H*+DhZhZO#u#}5H1az8$yAC0MZ3nScGl^DY+nv zKqi4@@6MZd#DoeZt^*8==V8}<5nLBF#E0qc9|h3##e80P*GH#T3$O6DAEN&f`85Wu zyJ$W9`+tuA@cr)}jUWEMd4NOP`SJbk^;m7~l}PpuF!s$v{VuBx9dpF)ubVY<6YX<9 zDe2>tQ{lep_lols8^b~j@TKhBO6nhsI^bNZ1I{O{p;30u$&9k zxIdSRdXs*CW)*qVGodijD1rL%G~^U|*#pf0SPxNeXN@pYH&x+78qflgnZ}7ug|>Kh zqTh>mwSGdg7GOLy+ttKc(O`FYx6zSK{Siml?5C!yD6KY04s(t!%ee_8*!{X73-25r zGWa_I4cmOl-pf!K1#u&*Ao-qYKD3jW>#hxlzP`|;n zu6H(#y^DTi6ZZ@bu`@z$&~~{gQ+SWe;2%RQ4aNA{?d)*m?K9+g+52Lry`HeIV-fXp zUks`3b3I>rpA4z(brZgH`CQzVEyb&LcEr48tP)Mp%bX>~VR>vSr8&7w)qWd)`D8Q- zD0Qz-8v?aSMk=Ww}Oi^;CU0;0~fv_X{?Ma-YUO$}qEB%D!E$g=>NleX5gOx|j6&dc<34A?VgPe)V3O*Ra#lq)MrQ$I4sWOLYQibZaG@<`@WQ&(sbN8A zw@MZZSaa4$#f);I4NcUEgd`0W7*v^a+KF8e_F=N0uIXcfvx_UtVW+~u*2H8D>7a;{B8aSD^9IiY`@KMCJsdMaX z#~|XkPTB~Svuf+r^Xh{J+I#=p5Xy6HU&I#!l%nhF_wP}vt!&ekX2tIoDF9FXCPCNN z;~O`Zc!sX82M%LM5FSpBo8cfw3v&OWHx|o-8c3W;ma$@t&W=u8dGu5fbOR2hCs@wM zW;)kCvn*+RiTNK)>!pr5^oU>*&KYisdEdu_%U^f|GZqDf4=f1Xip)*B@GHs!2y8z{q zn<%5)0ELr2eb$OGHs>|eg`~68#QH#zU64vc(__WUN6~(Z|4thUl0UPGabp{&^OVD_ z&l_TG2?^{J%_apFi*wb`s6!#VWCTe7BwDrHkldgn9}Lssj%LMuw_z8M+D?r?kCb)M zUpc}vS`r~~S%>N@XRk`CDdQQ@9ooQEraIM+BJtx;4-&qIj`{YIunq0`hNmF9dHf3R zSOh#s>;>2o6n3Bryd^<5afAvNP$!5?K{?7A&PgRh&+agCT(BIQMy7b7CpvdEVd?Dr z3wL`5Ap^AV$EJvJI-`{jHml_#;J$Q>OC2dqn4Q`(#6Fu_P}=IvW+amMfxuX+a%W3_#VI5*a&Ac=QflS3 zwfD&lYpCeClo)br>I*DIhXq(#OL|F)g;q(pJ`5N$jTi};D|x_u7fm*I-3m0!$>q@0 zkqn$h^oYQcnwKtqtqhEKgNs5n5RwyI`a2s|*qigy%Ienr9TaLX(AQs~y>$0!I?_>a zO9nA%B&LPfL4uG@{9u*|^l*h<$XG9dlR#3i*-*dd{1hzhGD2|*Z{;s(Nu`Uxp~<#3 z3scvpcfrs^I(Ok-qsZ*)8m`sJ)e{rkZq)(>{a6&#lGUW+uFLpPZ4ZBaS&ffljqKab zWTC?-8V!#=&}#0&K}iNLkbn*@oPH-5lOD^^MB-|y+^BSNA|RnX%tN@z=``vAcKj7I z!ZM_OitJ&FKD5gimzq8Igk>G*E61WW6^6(L|Cp?_Zqo;3f8wgXau@I!36q;H1kxleltC7?Y~a`sQCY{ zgO}op8K6|O15H{U9zga5LElzAcCT|kdy?ZyOs$hf=ZVxME(OzmP$$IT1Ji(5;MuSX zaCuk(zh?Q_vM%hkAGl-Mrx$G^1+b`S&(QP4{hK-R0T+#nJYk<#wvpfeua zM6GU(Tis^8)^UGPKIO1iVDo~c9Fe3O+^wz9{o0+gyFC42F@1L~-m?opXr2>;geQin z=mYMvA?%Mt02aa}Ll!Qzb+qIN1_OaxaSK$fHAJ>X3)b@V34O4lhgT2j7I_f*p!@Kn zTY=8Wq_445=jagF^Qc1j17*0q94#o??kvKk`catX}S3tC5zE(zCvQj-q17b1n& z-<+uCe^o8o#G@bO3$j>)>IGRW!&Ew59HOt+JxiQz!bKlzQJGg7ZSfv}^vnTO2?|24bXWHl< z1A|{Rcg|N*lht$$?+~(UJ$ zAB{%s|Bs&RKmE<_!RTPLySKNyyZ4*X?$d*(U;GA*?rV^%{xw2k{+rRA`)UvFALQTr z_vm-&k-7&{xU#RW(HsjjAx3+Hi-P1SI+~O00#PZ{ohloFCJXD_q3D{D5HnezB=Php zdi@1Qjer;kiL;B;Ro1V-NOS$UKuLiHM!)hEVED!;TMUkat*yUOLFJ}osMWnmfhZ(z zGHuqzDo9P}*c0?`{zWQES^)Z{o~Y%**?f_}`t;Xc-Sz)gp8xYXDQdz+D(m77eXKtJ zyH5@dp0v*Y7yD12d_Mob#J_FyM(=>F_wN(KTCFhFNUpD;BAq&m3#~LyGc096Qr*%# z=DjiPT(g?fN>0(>e~97WRscwqcmCdb|9<#*tA`TINn!p&g=mNv9z5B9vJHP{tW<1A za`43$UwrZ9{uY z=37|wsD;|rHiG=FxKKs7IDO*CEUx!1ZV zt4bI9BGJk)-De?)E>|3;&+6_HBi~`m-7|77!qshe#XaMr-z+!5MO80|Yz0kE?StqE zmUEBP?^JEAM>3hI)YWAT8X}UP{-v1^Qz`uub@juo89}m!U&v2D#Uy%2eu~40MgZ;Hsrd!duM$#umNn)C4Zi+rH{BbhqhvJbn;q3(2cdYq zmgBp0{kGBHXqB@ofliwm-e@$NW=k{u`faSG^4zTuBo71ut)Nx&&O|NPQdM+Z16>@X z5Cny$&9{d#|GHvx5rNW?2@*oo99Fc=;41|53i1{Ty|Zj;Lc^p|He`@Zz-AzXwyK~v z^RzYCbg^~>xNbMWr@mJR{JL%Tnhz1VzVN`0S1ey>XaT^S%11&tv>6DVf z=&nI=ZjT5R=%H~8eE#}W)dd^unq-gCt>dY8E>l3vQ>xHQV;(2Gh8+IzZU zC)vXbmmv&4y8qT})&Nhp!Wv4fgLAk>r8h>>s0SvLE0GUl$bU5SqhJOb4j^o^ zdI(|7`xt~F$^o@AmWOb!V&N<^-F2nkLeou$25mT*`q3CKS2Xzj01eIu_VC)f{6pvT z1c$qK41Y5I-)Mpb&Fow4hWP2)pfv(i$D3&Q{h&bgV{Q;=`nxvi_^DwMSnE0AR9bDE zuVzj5f|@Ogs-1Q9^ReclCHoIt7QGdER8f5k9&#eRV{}$hILlb04RzJkdsAv+z#M8Q zOC>E2;Jf~oskum1TZE9BLreYFoq`_9mOi>c&y{|iiOGBmhk^NHa9g-b$$QU&)v?p> z?N=!voHt&l`&*x0^4+^a_q{UrwjvSHzuTHbcfp3MvZBo$)@8}96s*jues8xn8$(?B zVgknYI#F!E*qfBWVD(`<8FHeXqabHR@WSi!asV%%v2sEylIz<~Y|0}CkHC81ttE5c zBOX=HPqMaF&!o1PRy~%Wc6Y*l?MJ$g_;2O=Z@9;zAL#;@o4*LJdH;R-WViMHySG2u z-~0Uj`%C;=MIWsy_xgG(%=7QJN}4fF7_e2t%iXODTIJ)&T4Kv4%@}W4PxK9##(;vN z>+3k^67oc9BUmjHlPwgb(|~jt8$#*BCVc2!%{8a!1H6S+5*;W!bnNR@vmgF|00t1c zK###hSh!Vyg$+7c9$sOS#yYsd7P7(-;CU+mH=mwV%&~4O=J>`PyT<);L6{zDW5_OR zir#z>G5saWaB%||K`S%34!5(>HeSmyr9DE`YShA9K!93MU_yY@#Vuf^VC5CQYAA8L z7Y?mvoCwi*JnXGBXF`fTOigM7gYZLR2eBU1=+Vs%Sdj6kGemeyVjMkGl=N7j0j(gk z*fLw0h8K@Eu54ahj`K&4maNp$PSExB@Zw7`G$6!qX=T@mYJzJzyxbl7OnhOxF2iJs=7~go|ER>~db|aj$v8@iDs}T!JZZJP>KzBpv6|O~yj{1G` zsS04-&uoPSM`pnO2qLun`^}MG(U%{LKKPz`u0R02zt3@ZquDI!zbCKw-DjfP`%R{# zKkMvm=f*#l8rtHb1>AI;9@72n)|lhjY9)Of+>LX(1wO67XO0fW(a>%|4*dVS28fFyS^nlyy`oOx3eK(^~0gxM0 z7~6K;L<9zBH=78P{L<(`+u0+HtKe-i6C#v^xg>AGs4dO@Xwg*vK#$UPr9?Jmc_-VU z{g5_%WO5S@QYjSJd*JHXVskl7N=+q$!HiPy}n2_93_oz`aRd zHgu~Mc5G18+Xy=r*8LzCM`<-v7DsNqF_JBq_rw>qgO?lbs2kJ#{rfvWytVM;19lKM zk*&g82t_TZ_cN6?fUkZ=uqiHYikpRUpE#K;l>uTls`KrzGw@bvzFd6a8(g6#dhv}3 zfmYuh<`7X&kVBnT%}|B@k2g`yEC+wvRe_L#I`yy#sP~HH=H&H%y8*t-f%jj^zxHG9 zE&gr({+|^DS52*No*Nketcm~d#puZw?f3uPr%yk>|Nj#I%wfY-jvlTu0(gWTR!nYq zZW=*eyrV)Y;R3eHqb0yiQa7`;zN_9=Cg#MWw$Z^vvGm@^;D516k8ME+JGnXIT{9t* zoD>AYQ{9)H!R>7X?!!U>g=zJ)95k4dqD;knIA`o)Fh=pPTi?xxq-F)p7K1T@LeXRy zA&@2seorwiOl+XIwU!tMV>Ea&*s}S)Wt0j$TtPr%_hRaz3&+Y3kJM0aL^OUKn%Y(6BvW? zO$=Y6CeB(V!b}NiCvaw#^BWPE+BJxwWvnc5m4_;f1Pv#&8j5*T79?j;KfjJt7If-j z^vsB~X+)FiHc@)+xHZG(=xZI9ylRR9?S1`kyMI7(PO6r+#bU0v!Y6}#gyod}!D&w+ z--uoO@2YQgCR$70ZvQ&34i7S5?xg*JQ>W?=5v)2ZOCvi0{O{&2RaT-VbI(KG;DIG(r!)zvCi) zL#v!tv(IaJ%e7<$c|)cO3%i;tR$vRE?kV~R^DP=kE&`iOcX%4{7oQ@x+}_4+v$jzG z2VwdD**3ao*nVws_4B`b{@QC4 zNFpWKPIQ|7PU`G#b9Z-}ZnFD5J666A4Y_Fs1wO@zegZKbG$+9HM;5qF& z)L;MtgTZ_TgTeGf*9-oiu|6@B|7ROd#{W}$2BcNwb&_?!hkWtr))$!vY73@>UsosH zR(a`ST>MjVKQIYhL?y#Ln}JnDk-y}ZP^0oh9e@X%2CEA z>Y^q6ee^Z*qd~bbkD{6HwIg=k?ybHf zE>N>&cE1x(>7gEvg5xy=ReQcxu}Hq3Hy z%wd+hRWeR-okNo@$rKHtX86xY7=0(^@O0&e66YUQ5kH|Cn&s>CMSjpoLFL?6gZTcD zgtedL8$I!tu2zl0@5%c}K~zzdoQlzN3C$~%cb|ck%k`&fy(6KHZk5SUe~6D?N=U45S{hA25^o!J6%|6&`w8G$jY6xqWZL8*}7Fnm1n2@JsMijB7wR zc9M}1x;61rCdeSWh}{dz0AXdf!81{nxn;Tm*CZv`+g%6u8w%Mg04L%87m=+ zK|ltFG_~?M-9CLb-E4Kg-tYu$KPw)&t^V@;1$MFTN-HrrLwuj#tT(-KlBt<`)7Bjmy33*gOfpTmxC| zxTrWL`a=#4iQ$z5`DI_-TO#-A#7GDI&-?-P9MnAkpi%$pMsfe&Fx2^vtvp@ze|!*C zM7hNYb7epI%>Q<^5JcKu1iZBlR#fXi#X1nf1$YtYBp&XAA^aj6(V}P&R!2{VZTeyi7_)cV8dHAn#B# z`2C*l`u{Qt8t$+RH0l3I$^M^APp3-%Z{yjD{_hx}ULTsSmVsy)STFcI7j=Hmu3SZ$ zul8_CvF07>l5MAz)6;_cY=aappxyQK+xgQ;|F04I`=nX_kIzc+zlL$D_W!r?Y+e6X zIf6dM=3I1c?jiL41IAt!KK*USh|-$k4;YB)Q~U)xXpXEIu%W}kb>V-&&vEiMz&+qo z^d&5YmmxSIrk#nlg`TBZT%RRxkn8i?cbKLxeCmY@BC^sq(XLARPs_U| z*N|FoKfGTR3TFo6i11%Ujpq);ZuslMWBjLRBX`xG;mh|Q&hsxmynnZPK?CxZ{lZY} z7?5Zz#5km#&j4iL8ad8TFbMJH3_SZeWc!xfJ`--VA211S zk_yBKNAns$#zf8?ap#X`q3D{)fMGHRZ+-tQbv+6w$j25`J0n>i{XWbLO#83VDZ%j}0 zV*Hn4Ygcv zbZXV}OaNr0CNc`6;*_mOuCe*kwG<8FggzU<-OcA=bJacYdDw=GDuvLpc4<>~a)@YM zGcrl{T-_DiccM(^pp*e!EF)>GRBd2>WOqFm^Z9p^s_d*`>cg5K5H}Z zxfVfu)|ShT*#wr$XSs%aO}i5MzHLs!8TeRQ} zR5G+piu|_o3T+EV-7^_lwEytzB}meu2}Snox5~Ja4F{2IaE$jgkK5xA!~MzQmigqZ z<#F2}>f2o&w+Df)hbHL7;aPhxR*lvcMyqb0wt3@qGrNby4X>X(^0Vjh(k9@BH}2xy zF=Inpa`o)$H`~e^!O5QPL4*-?+5e038*DuP-{f>$jQDjfR3Hakvcb)=#U>Hx?xx-{yXpGU)LdC@5zj&XX}h_g#v3`l9cecR|-8Dlgida zi(;ELC0EgZ0NLA%-hXHuzI@4!J(1iS|NcYV6PXvSdm_u^UgP3;(E2NMATd`Rk$>0R z8)Y8%Xv9Z>p??;ubGbR$UkeG*Ol;A{)I0SxC5QV3tK!+f(v@2=#wY9Fyp^7Zth&uJ zX*R$05zv0}ERh-^&0Is`7tKSIP)bfbMjzA6!p|gS;Nl!lyQ){TX?@h=p6NL=@agd_8*KOd>1pY z>HN>wD8_$HCTAzg{@cd0iTrP|S0{-FZ!j0DeLx#LBC=2RozNfSPj|n%Z|0mOvY3cmuM4kWN%CiamFT=ZqMPMafL(`+kV?)z(N5!Qf zE_~^EkXbLkIX!Q-z zzuJ4Qa)sA##3h0h(NEqLBHv*rWmtIKx>*(M)^8toST;ggBnXUNGzJb=a#}@}oK`e2 z$`cvlLQb*!F|ciX1GJI0)&(LX7jcSB))bYVYi(5KXC(9tCiB!oQu?7?^7KabsTw=MB@iz#EbMoMPkzs< znZ7b@dcI`SHcS1c4gk`Poz8WXw{t2#A@?HP+)0?ME+1PDALP0U{a*Z%irt-freybc z3I+4KI@x+k8NdAs7JjLCVQ;6{*3xcH5o>~)B$@ZxKq*hzgel{YBRg;y;v!8QC5R&t z3+sEe!nPXv6V_=Fc7G?^iV*<+^)7`+YzC6I_c@1}F=#~5C`2%I$7R;ppFDz& za*Ir|z$`fT2QgSbDyZ#Z_se$Wi#zL5eO|?=sMzyLy+R0*!U?f_W4@BQe3&;mtR4UJ z>J=M^VHSOwj9mWMb-%P}|DHAVf2Uob2K_%arp5ek(-Rf{xt*t*{@?yK&Pu0ebg-6D z!rJE6jr;G*tX7@muLs(!$u4#6_h~w8#uU3)x}{QD(&`tI;wDGkCP_ol3eS3JV`20K z(h&_voV|*T@&FIT-)j{H09MdvwpUqq|RSME21 zTogj$$cO95jtPe*<*6GtY{O5*;|%#0rWFrY=brk%)plT$ z{y#k%7xllP;{UhvY*_!NCz!Xmf4Gx1U}d~+ZxPu1eq$Hy++p{zo^5_FQi8bZm#uup z=h}_T`gYWBYql)gxXEdHuI~{FBu})*{@3vzr(QNG^?ab*R_9WN+O5u+!9s*mr zZ6CtXxZYsMU4$*Yj`!kU74+Px0-3wC#^bscKglt-YOi%;4IA>iuTf8j-RxF1tml^R z#P)D^y1Uqa4;BA=a#G6wVyO79?L3kRx9#}fO!Vg_EUt0{aQb?mAbHpz7qZ{$pm{c| zHYUFxD3>uTpZSnBmtEbi0?ry+8&Pkru`$0+Vaz2Sjd=eNhB2?H|2G-`I~kuA@&EK> zqVE6S%F|8%?+Ca*bO7)M7Kq(I^Zg0|&Mj&6%D6KM-;Y?}ik8IR{o`gJRhJ4nVySA@ zl2*3>QSJEETxBU0ql~HXn51Y!hh?sf;ED-$~~PJW)B^& zC2Ce7T94xCtpC?=05|FX>2y-m|Kk%C|FxB8E&acq$%`?>OQ2Cf1VO_>@ysxgSpDHcLonKVX}}4;;poxfH6ZMR68xO~h+y9iq5e zc2~!srM4{E1XRg*MX_hAVo5Aoi)IvyRyCoS5u&`%iug^tc9e>*+Zk8rHqR)2(W)7x z!YivM`ge<%I{6f-3ZtucAIo@c$lKkHbw_u%jOlv*?j}wWUj)8hRPlM|KyX*fhtQy_G<@Kqf zA2?rMvm>~IzGH~)YTT7Kcy0aP!2#T$|HmgMMg4zbOqBhv|hEUb7ER%5ps?UL&iW zd-2wPx~%`9^jU$^Htk>fH2VKe%KN`6{%1Q+#rpp-8EUBwko|QBe!x@?H?&4)`4zFk z>bE`d30Cy|w)}#t>XmQs5T5n)e>Wdslm0)MoD}u{#8CNPxANRm|L@EX_^@k0!5{dr zi@-zp1m$XaUAJJF+lp9jealy=j^4p?wap&FnlhbJ_2p&aFnxvh(*G@efKBnAld}Ks zYPrn17_#%KKKGRv5f4-ADGvK`|T5~6wcOu!PXqM=o_qT(|%<5tLd_P zW%gT(Z!y}jOM5%U#CGD7Z&$6KwUY0K!X`WL?-)B-$$35BYb$m=_P_4>>16+L$Wfwx zM}_fN|NfWpbW+OyKUL>{w)4nla5&6Ss+oOD1eKG(eX;6tZQ7(|2Yr8-UzNkU>ujS+ z>mfU&Ynw$Km=r9dg-1LZo1%cz07+Ml8vdJF_BvJ3b>*vJzUJcBl4DJRr5Z@k@e>kG z|M-F^#TKgZ!F1tLya+GjAc|+DWDX<_nu0oz7r=yZNJQGWGF(|MwMT6*bXfl##Mesy z*s%T^6GJcMf1IAE_^+)z5+&duzF*6}gLrAJFE%*+bz=*ASgYur4PFOZ(c9IKKD)TH zoTe*7{dUY-FZV6V-aY)ar7|CZFd#PSaA{?qNIGOgW=Si~9jy@w&-ILu21Z?CvLvj` zx7HWTq8*)X;_gGfn1N9OM@<+p+K;Kwt^v%X&_|!Ji@boZe0Z6cZJHwG(rAG9cfxiP ztPLe)?Nr14r)t7`y|k%x-ftg(Bt!G%-`V&y}Kosiuk#kT0}VB%qp6Tc1(MNIcw}s;*%Z=3>NqWAjSJ zu+7X`1?rS%P1A1hu0>qoh+X4|oP_K(XjoTzl&O0^Q};frwnVxPYKc}0-4++R@|u_Y zBNLDu9ZzW=Ts3InE^Q1P%N>eIJfl(c%C0@w>bcL;a{q^T78)e~?79oo6#p?kn-=4L zPseKiXDd%ZLx$u0Z9L5Tvk8=wzTJm?wh>&W%Ju(NbHBZ^|^I*ngltgjZA| zjWMYKTevWkEiOGstq#{eHJ<-GE#?25OwQE#pRGKS^FQ&Zmrnj9?=57*z~S#w zQTTRcCxq;t+Sox1%-(?Eci~^d?;YFVZ zj@&qYEjl0nGz8u+BPQn_;fQci|B9<NX@MMKEk&(&*5l#3p2`F-mRF$X*Qy$4;nb+DH$LxjnBQ z;Xyv*Q;U)Ib7k8P`qTWNClzPfJn(!(AxGBiwfczj1ha+fUtFGyz0ozgWSFCo z3mHdr6qAfB&txMrpfvo4=MUxqwooEl0y!PM^8oQUFc(5SVlohr{7>LL0Uosw1>8%1 zcY_inpa0JMk2qDurETgPa+*sY>I>?Mrs_KLmysZ2XlcHq0DQ|PMFTtecI}3UoT&-idu-76#HRWZ59nSV9@m)1ip_N57IsY z*O)Id#+a7jgDlKLDc2%{H1o@xApYLcW`G2alX<_umT+NG&k0*CteVWvp?YJY-I=>Cl+A@LzWPPs+Z zEnBq^nu}zwt<-C>@A2qgp?Ni@UO=qs&&rn&)1fVK^=G7Xbbbks$J3LS;A9&8PanR1 zF6kIasma+(V2oeC1XDdM_NryM6a6JH&c-i6SgSsKefC_dEcIK>C$8{KIG|56|Eww0 zC?hLMNq3aDj>SB@*H<7Z1cisFwf|M`9 z+3Gn~v}xb9)Q^x}At8Mkj9Y$|HGPG{88LoUM-k(q=Bb9+Pw2XNz-5Z7MC3x>$7KHL z))(W`jjx1h(ln#AP>=-akDevI#qlnsl-+6?8 z#D9o}oao=wmJptZM!tfo16whaKSF;a0vtj$p(X>zX(JXq>Qe2e(c4z!UdsFdZvnJ)kF&Ac+_KROj7Okur!({Ft#$nwO5-lBBg*MjfHJT`}DUIfZ-KxEL0A-de zi4UgFLnQxm)B7-scS$GbTDM+3HZ3H(+Zc6wy-Ss#>~e;+tyhRkc%?aC(PnB8l23KvJ#3LcKYh?bJ9fFW-3xdEJTr5fNjUC)yxc0j9B6xZtRfQzN%}c z@VB*SWw_k=$oe6&#G0rd$Tp#nqvJXC&18XR98!*~3nAPk8|9@S4cERmpS6HMdiz;h z{`PVh36G6pUQ2brOufZcZ@nZy49AzHorPi?DHn`yizJxWIM` zPeW>Lx0sw7_dJJVzlCd({fwCB1o5szyLBH@WHm0Y5v@mg3rD6{^Dh#hfQf~_U@L$% zc5*E^jrq(e^cQu#bOUd2d7Gw0=Ef^}I9N@{I(C`Wk0r>MPc1qzwTLnsN5!YEKW^d8 zW*n9)73BG?RFBw7Ytmj>2=Sgc8!TjE7m814SoL<|mY7rFn5gX@K~d+qP%a7O zl8}{BE{R_3v5VL__ls#>SeFr4xnTGYbb-mm_vRG3 z7rzIPaO|LCefawIOOOV43It+dc6D(LoeP`Y67#|es5s4k!I0?@i(Om><`v>)FcJlF zg3DWQoY?U%frHw`cCLw19tL&%@7o`M`1m!>KDFz;-fwYsk)=y$ULj&#n4armz9oTr za9nyX0cqDIYOit~AdA@*_;^c9@GkCEg=s6eDNLI${}B6?J%nls&(;wuJX z>nKzlufnuD!L(}Atb+OhK&?+b6ESu{5yKWD{K7@9M{n=5WA?Dn;pe!a;78HWZV00G zYt_Ej8gQX;6#5MjR7hi+ z>MYax*pm~It4$n&__ar`E=&i9kV71;qR2$}3$h~QQE|{L z+QHd9gswGiQJGz&lnS?Gi4<-rl0O#Q!ot6Lh*|y-v|2!0fRJ>*(w!id_&D!;m)Jz z&@$kB7nN5wH~?be|Fg-&~higf*;wPRP^GUmYTInh)%n=79x@r$QAyHp)F;h6jDZHpW_SRB6%tA`}q9bB{u_2|8w2m1%yW1s4 zRnq)h3e{*C1%0%ToUooMCIW=yE-oKdb;&vtVSk{k#C8+(p)nBPsQ+F`QnNUMgzPT$ zf{zt?yFkSDA*j*}ZD;obkCip)>2vr6ZE(PbI_{%Io|KxmnM#0E3r1t9Iw9)Mv_}j} z4-+JS8P-a@A-ycNRq*3}jlEi$FZU(Sos0;+&KAq3B$ZI(O!l@hMw)6aiJ%At4*nvP z1lUyQG0CX$iK^ZmD`JMq)RMCo6!WSIVlYg@)OWDsL8LOiIA($pXb>htENCJ1^@OYj_lj=r; zg4^64HLlElwNaT0XF_M@;Xrj&Vh#`2Hqi`Csmp}DyRp&7pjN_X0er5~boQp=VT`ZI zUQa8+Db+HPkj3C!euMjtT(#OJ5uRcb`L%Y0+O#p}=is$F6EBYiPr0$FFoFvGv<6~MMv$RLey@x0q1o$rOL%%1m+5#S zyftjk>;GkCR3ySi=xOSHZfdjy%f(}OGBcxO8wOsECyc@l$-p!nGB_Lrx*B?=xCLI? z-66n2qDqEDU?g(E#mfap$co-=xCL0p`v6}+U6urqZE0T<>F9!6p5p5ojI!lGs(0UE z548;%!eL8R8HzZO7q)!3-$EJ??7OfN&t5VlmJSnO zOS@kJk5%1DCAf#l`;m1b5bk@I!a6uT9rDDx_<6!jJMX=oo~dYIPY4+i(e((w{N~Hs zpi3#{BMXTpO-xRVfj8sj09$Ksf4ZMT%#!OH(M^nIzn*FHWb_Bf3DyGvWGLju+IT&2 zyzj`U=)_*(P~ZISV6i;=m~63E^LP`Ycci#8MMH-Mh;uBR9bF)r?`aP?tRhb(#V%2G39BsAg*Ah2M~wOJhx*NXA5zTn4qElE?TowU+Q;4G_FcRjD??!c0X|3g7Ew zOFH55zE^#pkc|0`|AuDawI5y1LK+GaLwidOu*Uc5Y}lUb*S?a zYpugZzSZR&&C~1VLKT+gNCnN8%)7Qe^bZV|5P2IwHg4668og+ytY@63UoSi`^>@@v z(W;}+i|{l-u{l%2Zf!`;iMt|v&b;~d&0&Oi-%JadI)`w*_3FAd%+W6m3`3qL>N}Zt2O1T?lWTI-TWJpqg?}8U9Bs=e(_ky)0TEn8QZx8xFOi11? zVIGW#&9RmlWmvm4DhWbrK)gSts>Jb|*4B3LtnM!WLs7UO_uR40?HbVqK6uo*d2-0A~s}D*> zr*uQoA#=py)^~F|)3bL%)64{2sG+AWq2g1HlAtNywy%>*1T`NY%Y~j8P*iL^gvhF& z6o>;=AAcv`O0rk!rp#6BE{|)C=`O!fMjMoji_vZ5i1zWBk}L533h8rKMT`~L67z~e zc^CfCNUei*H5|DMu(X3rA2N4(}LuGNaK* zT=Kzue3uXCIEH^^zA6W}xK6}R0jd$W7V@rW(ia+BzDjoP|nL3$?aWX1hb$dL#`W5iH)cswpN#nq*aVnIS6!qq) zj8rV2kaw0Vd2L_9_necM`b$O4dj(1retTV6 zdWHg&Maw!mph-fYWppTA)%i-dO8tw|OzJP^OWHJwXde{Ud?AF%1E<25pS#ovz`nG{#{#b zWkhw;b6I~jeGv3b-8?aiz2RG&VfwU``MLw$!NM|;FU$jZHcaVp5|{-nZdgpS@St@j)1HIs@JV2;c$%v;&nCNISkRvek$c$T%E`9nL^UH08GCu(%XPAHrygVV#eRt~QWiJxHpQ-AfsLKO?18I{M6Rew$2i6$y$4bxj$iRUr*bSK`_A?&G&SYD_Q0 zPZG>O7!?#%8wZ-gJ|SR@pl(sl7tip%Gn#qsD~dDO6n}w|V6KlgF`M^86$BE<&LbIC zIe0m4RrgC-M*RQ-MRw@T2`u^xZ-i%x7Ms!Eip^lQO`T zd}_V96?|KA?wh`wqYG>3!cD>?d{Dn8K8G#0e~SoxT8#cPbgf*wX{2(5&~gVu zdr*~vPDs_s(~%>^TltCmTUW5Rv%B+kf9kQqIz|kv!HXcCj7;$pa*oS;#<@&4TY=1t z$D-0pa~4ef*#9Z*Ck6{igw1XgpSg zxA#9CVBMO?gCBFTrwNxkL#j~Y8y{en>1^3Bvi`Dx>E`k2XD&T5W=V@Q!xZWufOlGJ zVDW3a=>^Ww1*fITNwhO+S7??_yk3=LB6JE~pDIa;gL|w?^ zTw6&tYvS_Z4ZRp|Mc6q8g)xKtz^%P{5jn(b3GJKS$ixAP zN3fh<6Whzryay2zByRJJO6>(WkW-oZc%)1v`taPsOuc+z4H&2 z4LC3>Woo_xv1-6lRzCMC!ce|ZA@AYX-cW)xP}PQ=n#-c^DxLpj-e1 z@z;p}<$~*j1!9&yLk0rQSL5>?ay)F?iYKRL&7-;>;B zDF+I0_&mkl@*=72iy&E$veyaPX~GTRa18bq6krJ#E#N)H7pRB)OM;D6dI}$Qfst1& z(&n!nC>@(MK6|*_XScPzQ>CCi`AdC%dzq?31y(6>t}Kyv>a2>F%~e~@*B3`Et0VwC z*d=%7PG2YzAG46!!b|glDu?FfPe1WCY?BX7En1Iijy*X>!N0~S1GN(htLYgKMp8-N zxrUqIHnD#-Ad@f^@$sdMZwz}q^yr$P1F_4x2Vu04mj<1X9oY`vt8vzp9{rd2f)1wt zApLf!LIs8z9Cqj7dsrzuA(a{5@~Mj-%M@iot^}lk0&T=R^Dzf0w}6up9EW4F`U-!+ zQJ-|?vecvz37T(747-(s6X~&~4P*&i;HuD)t#~>Z6z)?~EY#7ozop#~pLuOA78~}E zFA!DA(>e|>oPcf%c8CuW3|09`aM%$jn)?Y;Gnjnt!j5~{3eC!FH)Y&8xbi)^)y!eU zuqwx7KxM=s2`4SS=N(c%b?FM!O8>{us6A*V)Z;nRocA=QPJ0UC^lu8;fraU6L-kC@ z-OzcyxiWIddt-I!gLZzwMmf)b^X`oNvnqNjm^3rhLBA|0LHe98j0@ZR+)Dp^f1^Tj z)9CwCFF!Q2a|+HQDbtP?d?aDk_kU9A#6OhUo0z?3UfS?`i1Fd5E3NKpZ6%dzK9R|yWh4%`q8t%gtv;@XJ>(H7xVvq`Ls-^BOi(E2Av|};u5g* z#T`&e;Mb=?z-h+qS<6oy7onf!vqbr7lb-~b+HxNNM-j4s#Oi;tb%oI?ZiUlYyq!Bz zd{J4veesE!o4Z;*LN+LqaWddyiM&Gg^0epRb_2eF_0-u#rh_{|e%)|F<*6c-A(PBU z7uh88C)*na&Xoq6D(HKmda~{>d3rpo#K) zbRs%c;e@+ic7)}7e-;d#2ME=#c7(1goR@1D&N#h(pKNjeA8y2la-?Fz`;YxjdRV;r zeg?s7w4qrZRq*7%D>@q(0s?r)AX*7bKitCJrUs`|l@rkIaQ{iNx&MP?TmF*la{;J~ z<-d{a%9UYMMa-dG9JXjWfu6Y^yb02S6snxfc=VQfRSdZ;{VP zR4D<8HL9I3NXxOblJ7>js$MvP6IzvJX*88~KN{)aVuResMv3o>0fvMG zSMkioRI#HBWk3VyUv`8+$^eofcOvDu933C?u~tfD(=#~ar&eeL3ZyTRzOsurrDS;} zEEGaQD5ar%t+6d>`!tmQ{p)~8*Kkoh1dN@|pZkAv1cWEL59ga}8^cSCsfSzGqT!xzH@_(K}5kR&erC3Yn5Fr~vK zk8K}6BU&@65DLvP7R?iTGPvz|3(bLbGaQ+xVv+KL=pC8oylBOx98qJh2(>CmPz-N) z3<)%zk}QR1!KK`R+yj}>0vaCs(f~A$5{kRw;UNS83^W$GrQ$7_Wn#YaQc0SoUcSBp z3QK%KMNm``G#22QmIXC{XD*Q$B}K)<$Vmm7YVNt;-0g_$d5a)&gd6~?`M_FY$vNA( zjUkrzaL{v6Fg&41_YC$zlifm*y^;y52rZE(Dn61W0uDe{nx>gs062j7uLHy%ODY7# zqln9sk$aobg`aPl3AC}Y>^aYP1(qfl<2|NvQ!7&gAIcrD@xl2m$~RBr55>dD z?N7x=5Hm@6k4(M<{_Q!j`4k`B-M+RM-{i{egWCW}tya(gdtF)vi4;n($QbDb})6I6l2ypo>D3-`-0ZQ@`sdo(9%fmv7rl#*rBI<@q2e$ z72nf%LW(briv2tn3VLp|pE=rsMEF7hhP0aQ@_sTyITT=iy%1|-d#&Yibl&?huzK=T zV%^=UUAQQEE6mHCAroVloI!fx2qO!{SXX_ab9|tytc9$SDl@{0E7+_QBqO3SV`WCu z5{QoX%ZL1M$`Ds6A44Mt~f@j@Sleu1|5GwtAZ4VGpbLDdmU<@!jT~%xV3P zFHPhxa#YnwFXGqQP;V};$S-Fn&upGrX3yq;2VU=Ak)O0opRn_ibvq0~!i3)FZ!dePv|n_Dh>r@D@f@0sf?t`h?CW^q%Ow8{ z9W|PEgA&E!H?u-Q!PL5Gs<>ZF4*1$*Dm|LjNh*4$;|eO4zc5koM2*V)WFyHQm6?-0 zrJow8K)#BT9tz+bUg<+&j`Oe`Sj z%Iy~+PFj8;=y0sQy+&)W6T+Q`;!e^%(4G2ud-ssWF{L6>Ir;PKkV{94PQ9Y&p zB{3$?W3|daegtQvkg6eWS_)Q^ykA1W%XF@G`Sgj{_LLaN}Exq0UWk#n@ zw%vF*T=+ijlP;xqK zt;&`z-sx(s`tfdoQH=b06Gp#K+)9s&HTV$rUiFnOZ4*Q?arBMC0kxF;1cAZ_vy`>#x|lld7cjDLO7@t3 zC=ouv%Do5+dGIYC%zn+U#W%4Yu^2K+GjxQ^TkfIRZ`hDdo%iSQ;Q-{vv#8COcA)Y=&*HS=z!X^4neNjEQwK!wzxY zV(Z0(kjVzA)VDX?qTFJ_Ct=GB<@sxL&kt<@9_p&uHl${GW*uj1qbuj6p@$|dev7iZ zpFc3btY0bh!jeRJ$aOEfNtZla2)oxlb9CI-*wid&MxW{p%1g)5wk}lh)^zPFVC~w! z5cE1j_i-j9c;H$qR#aqR=SBxD{QDx`{8o}#+|fKHyabE}lp33T9eSq1N(Mg7m4y)d zoicsbC%jPK#y>nRHyy)At2*g?R8UIQJYUOtv7D=PI znj~BW6-r*ixi4EP@J9ZAefLK^vve^98@Po!(&-g-v^+Ofd{Sx(a1^Nmg&NA+pD4KU zYll0XN}#96kexc-i^ZqPBgb9`s-&hHCj*tIow{<%#hU?t_48pF5{*gP4e7Q$)_7vF zdqEhGds2XKAxE-Ga)N7;aa~-y3V*dd^cZCVbjK*GvcLvq?S-E5w$>gNOpp$7swMtK z($+m)<>lRN$0*IRC_v*?J_VhWjcXGWeC~|*6mTQvgnqF#jFOho{$%PNUUb;c)fT9L zb8J#PH#c&EY?!STO&T<8yIFt!RgB?P;bqI?d-@3Rt20ugj)F{KQsSk888JLpBhBtYHq#-Pha_?hmwZ4V{2o!Z6qV_guqw3 zKk=RMlFgHfexHIbC!BZlo39zFpSDOP;j{~qpLQcf3FOV2a1Lu$R@OX13Bt`Q9G^;Y z@mOF8ivLE)++5-3C&bw*X)B#5U5mNXa>m&tBV5+3C(F=(i3_%d-B~VOM{5 zfDYs2S^w5yfq5q-aUdGDx5wQfWvmf%;L~@|hbkXrUD9wKwAY_S>sN_>NN=y`Zx>0I z5|rf#Z!wG0DtW&cZsz?fl9!ngg-zrrR{r&1NjrVxi{eJAND8ZQLfpzMuT>Iukx&|l z7#woMG)HefT-iM-&$#w+B#oG^y?xo|I?V%ohE6i88?yM$8zrof0>u%7mhpfByX7J- z`68;LGYN@u*c|ReG&^azk+JXlg$r3DxT7#_!JSAcl@SuJNRinQ07rRp%|pU#%&6tYQ$258O|W7Vt<(cq*g3{rdI3Lng!Yb zdDr_b?-lT`@(%i)3LI59@(+0rum;GxJq&D-dF3DS9<1A{{cq)6 zy$!YNPwOmeU1smcIh-!m$AOf(?F@b_BsRk(ev$$Kn7V;Nh|+;z>n&UC0Q4HoV?egW z{?TvW9{Wv@1HOwjJrnTGz>ECi+sxkOpT;K8BE_ z$%T&#Mk`gD_u-T{R6`zYl!YEdKfe`NE9i*{^U#MRsyahF?BHykRIk+d`xR9bM~y$3 z?xDgw=;L)ok)39a-lxMaxAHvwBqTaS^{_HsYo`hBTFIZjMWly)O$}>dr3`RQYaFOS z2=PZX7RiGB0|CIK{(%6Z-EzMXV8JH$q6(_74*vrrtzsfJhY5wOBPHySMCghPDmP%;F2T6Xh^*DEKYTT z?|wf*xVSl>Cn9=|LlA}F{6E6p6X04#eldk@k<3M1&#O<3bHlG85YY!u-O({(+$zR>Ype;@f!u0sF^NN zZ7~s$Go<^omtHZJSUQ1Lcq7b%16?(n371a~&*5w@bf%qFn&B9TdsG08Xh?{;&~m!X zWyy-bt5hDV9(j}qw!nRkq%^?1(JXX+kje}4Q|IA|;daUKSTkOaJ$q<5%yYiphdg-L zi2XMFxQJ{2UnnpKK!N!rptz$+%td3EIY>3Ol@*HCz(#gH%^j)eYt(A#c|+Oa4|#u} zz|l`bGvNA-71SLHjICcNz*0W?+M?3JgLP3}B86WX?{n^SE#sskly(^#?{l}^86KsL zt>%>=)XVik0M|$nqVM%E#Ca7k-hv^dy+3wycpl-|w*ZR)@0D+$u=70tx1!%QqN~%K5RqGTU}p%c)~WQN(&$gjYwfU()`PsN(TvM-P8!T% z58?;z_FetwCv7d;ncrN1t~syNg7j)Qq%`71?8dXVamoTA6(Y2dEJLRa z+Oq}%;(21q2Ba7JT#>I_>QDkL(+0yNud0nXNYA7E9tjQZ+=g=zqE1Pl8{*Z8p_J^- zD5^Ss^HI13EwWRTg$|>DX{T?v#b$Z)-C+G%0wyr(Qs<`M*)f$1;Nu2feYQ>ZK)%0l zip3v;d?=R%nob21+vh-8?@rFZ8i+X*1h56Km zmI88HH;_V8l8AuBzt54tt>K&*hDG;$cqCU<&tbmLvAXceK|$HS?KYL3VWP0lRi3lv z^CN8(S`I*GzkbFU&1P31P{%2#U&i6m91hW^zmWuoUd|*3Y3~P{{!;UMI@W&aeQg|! zDuRooz499bCndCf9ivcF0GyrP(+TuTH*|_4{W=LPDq@7kWr@IRcLccqP4n-zDa0S{ zbsoA@dTA>w_#b$*1$4r^iQTFN-)+Qi3X@9PRUt^PC}@?vi~u*JcJgku*HSCO+7*4n@ph$^KcEbXoSj#E1c6vdaX@YH}W~1LA=|@YE~9mIw@H|ywk$b z(_sYKi`&a*Hl~S%@exWC%GQ^x=eb@j(TABWmkh!T`B@h~UF9z!_-A~^Xo6VJY`^ye zx0gCD5w7Myw=2I-l#Q2`|DBn1m%SBn?f~Rgvmc$TWR)sv-oj6lM$(>S1vuh1m*1@+ zHDRPIml@Z8k&7p>JAELhH+04u9-#v@u2CuzN!>cPN3jx>2{1HSG>9O%crp%=1WCNE zMt?YM=N$!6T7=9Q7A(VEo+Jy|E4?$#T+8?WQDb@k`x;9y%7@Zvb31M&D|9Qftt3$w zkn-mUXHWtn2f%v2Rf4{@17=6+~b8SP?B@^l`pG7ofNzgA9lntwZze~?;;TwL(;%ha#a}3Sy#T;gg6y~r z!QZBxC{CuGw0JV52Yj5grrsAZP7)GE{xxlLF5&@tV&TBo#hxX7>NuhB)|APzwT}K( zkAcjKC4vcrL3Jg;J1_xU2XE4g1uKfI9e0vm2Q&ppVEzVDBoJO|3a8Rj9%KsslZPWp zI$gj5JW)6{=qJoW0fRk$f2)313i|-Xz2DYBL(6}&4*J1=W_No4bD0xBH>bP|qo)F4 zaY8PoGQg4fqt$Q&b~K|;1A#~=UzWROo=E}ZiSAWc2;(*)Fni4a;2<|4l19XAK}e8$ z$-A@ziNmt_tNBYsMEtf^1>Mbt$7!gEBw}r`IBFWX#Lh(9mmYhW;MdN&CdA#$U$4 zbS_z=3Ac0H`(}y}bSTiL|41Vmn6Gd4L<<9Ua)NJuF)BTBV>ZDe43iH7;DtdN>vvNJ z|7ODGoTPXud$R|)kZscnf3HVU?3FkZN$h0y7YOutl%*kxDgNfpzm(@Q0| za<~L`HFU~$OTmAX5NzRwAS~kZG`JS{0Xbiw`yg=ba@SEp z{zCt9VPf@|Cg_*1hsE!-)8Bu$-p3Td%*jfTOqt>aljsNC>}L~e?m`Z!e~ zPZs&|(5cL|`$}sn4z8Mwz=adKfZpThsD*_nA%NN4dwe{YN0solraBMKSXhW_Hu=rl zkoEM!NoZBd8biFjwY=n)EwS0x7Vb=Xb37aV2Yi&2{Du#W@IT?B(DWC4$j$$T4;7RJ zrL^$3kQD)C^4Hzuhvc+a7UIjkIA(K>OWDwXd+w8WZ$HNxdxEZ!=7e{d2L&Y4*uYPr zDdlVdN{N0CJ@*xVCMq~TbZ*lcG{aug-H!)9K=C*kbQ3kx^9C8-Qhq-1y?!`53j)s- zY!nB@gYG<Mow^Q4cXxIs8T6tC#}(w-IRNsFkv-JvkCQFVc`*zy7*j+0>VZ+79xQy@8Z z7c`lOJbeT{4xQA-nK2tLrY|LsHF3Oqj*K2H1|UQMBZt>yaqUdG*#3PiZtEP8WzFbU z0_va51fHG&(c+l|1d7d?cb1=0V5m1mFiLIRa2k8}+gholjHcMQOg93@i=oq00Erxf z$}%J1n-n;%bQcLYHHK5BVHvajF*lHc)zQnhbbi8tF-=rA6d}R@EZpl1VP|rtxIfl) zf_1C@tW!8sQeH>)PLUuC;#O_g6_Uo}oOi3l5G8!AJ<=gwB&Sj+UX&YeR$_=rktR&d zlO(x|NIEBbrP>xX#E~PQ{3?@WZRh0!-{Eme{e;QbJKPJ&^HX*ZR@bFquXD zHNB(%9WcG4_&EGSG4Ene!iSSk(KLsWsBdn=g->XCxm-@i4 z&fGMr*oA2dp18)CzJyM{VG~5qX2957p*S#E!<0_R0_^u34?XDIEyqtjz#NZ@@<)ze zb3A-yNBz=y+jA@2`+wrWt)TM%2OiY@FL+Qd@o(@T@a{JrU!uUDvc+~Oi{aS}C$tyYsFS0(L7~O3c=isbC$n*c&7u^K+yPTtcO%~;GWus0k zf%jE~(1y>?j>{8$q$zqWp*(ZAyYt_*bCRVcup~Ay!5VKgYH4dDXzJ>3ys48}&lES9 z+#-e)9xc)czfTs}kh))$Q-bZo%j|hf+fTOjXFlA|>p%!^tvS5<5?wkVUBe4+`HT&Q zp@k~aVKPYrYg9?2ZJoH6RimZdX zmo{E`SWgd7)8A%*fOccQ%v@-xT>PRsA_QTp;cL=$*AMD>qao6;-7i}* z`f!o=;;aQy_w#Z%FjpO26SugnukW)IkpA_qPy4hE_Takuma zR{qE%#8R?GwuXN+dc)1v6+0D1^Z-(q0bz#a|7=o7a3$j(by~&QUv*kGaKwvH-(@Ua z0xWPih(3qIK8aJ^Xhf{wQAQF>?-+%remy|cPyh$~FHyr?(BDQ4Zw7)}g#i__&ktCe zg&g~dF&BGa@}}1M>W|$zbyV;)bJG3lq$Z< z)&Meuc);QMgl!r%CkUbgRQx~YgopuqgG8Kh|5G>T{NeYUkUl|g57Q1sq!$Zvgf11x z{{)5!)L+2R%AuxO_QZ0o@?XFZ`zJ8$6}a^PfMMVa01Qu~$-|B|6L)$rCjf&18jsw% z&HNWI46%&fv~qZ-@s$C${{al2aTADD$Ie3m|HVDvzkq>7L+N{e$7uSJYc8MFF?SM+ zUG*GE84T<%U|^}8LdPt5##s#s7pYxTQo1>!321=dfr0J*fZ~IMS4hLok;d}rHA5UUgYOM`N;$sD|4Jk1SV-0ge1&q&qQcfVG-)AyI& z0qam5;#b#^+MMvL_W^C9_bgWwPo|rzPkr-J6%`Stl zJP`kK4%PbOM4l!~BCNB4!D(NLG)`V+WAAIjW2jb~qB)2g%Q2BM=U_Rm?AumH=ZR2| z*@aT-9Z=Y-_9oig@msuXlT^$d)l3`GsC}CEnoOSKRbRN*x7CRGQ=aDKu0@rOhGtK} zu)UtJJrY`UIha`j8d39eyyG>SMz3P&$}){0iqeHj{^Q7Uj@^~tj!mW=HL?@;ZtFo3 zKS1vzPqZ`btRy9w0eT;zdH)<+E-tAA(0hR@FKNlbDn**-kBY!$2d#jcNf*#^Y(*sg zpeduNiRIs2}uJwFCF5-3%{&|3q6Li%+ZcfS$V+u z8BuvGIWD6b?GhJT;N75HzR(jd%QW>$N-6`8n|*bi{DM+xoqTD9A_e6_7H77ia+!d7 z3g8wluezWkUel{*X>5Zy zN8bEf+saw8skqdQK*pih6mwz0H9}#X%Tdw%^-tchnDm1!+v1i{DkZ6Op8SG%2_^aR zJ$Y`9_LbH8dp7*nsEfiMqb^F8eC|o5vcG0skkn1*x=B>Jgj(?SHN!XFC z{05$6bGg*VM+_IHF=M*Sv+%@qC-i0Y`hU;5gkR*B2EUXM{0NIUcerg-Nxx_MTep@8tedVCAt-> z2a^^HM?H*|f?I%w)#}%07b)ItU%I&tv_}Wnm)Gurw6?ph%qlfiS~vHbbl>)-qG@Au zR#{U-6Vs)5L7U&gs}N`JXtvU0yugHW%vUldSaKIDYVh|f|+IjvM8lkfLt zGW#%EnrONq?S+(VZj3WETLMD)d$3n3mUhYrT_lg*2~Hjq0ey;dw-^S{a!lWCJdt!BTddz68rST5_at&zQ0Nwl+RX zz@B=i9bOKrEZ-s0yI#p_)^1AYhT=ulnuw;1v&GI>R+oz=SkBMS)^E%Skm6+%@L~MD zOY>h(T_8I{^LS(Hh}G)gO*rgI1JHpXx*uOBfi8iwa6H+J?*cEAe=t&bN-sAj@XI1O z%eS>M))#Zunqf5A)c#qQ zX{ul!+2^&pGN7{GHBPogHHqTk;^c2>d$UE-T9{w$moc_qOS9C_1H$q3d>eo40lc1|9 z9y(647U|;=v<9^>pY*=Uiyq#<+7CmDRPmlMVs8;RmF9f59GY{ZnD-WOc>K6cvzLgY z95`Ed2&s3F^BU`_5;$}MbO8Fv$IGCRy56cuQa~!~nBS&}$rilv_Ej5pnME2staT6jA@0bAY7)b2hkhzZDBq5~BMYP$;{ayR` zJqDw0a%3VyPsFB9NZ5w#-iW{ijl-ckGJ7p3u<0?CTIwIM)4bVnTZr{DSGg|q+SNUh3_J1BaCHUM zu6SA#FMRz(5&&ex_gOqPU$g?wa1CwW=!dLa(KI6FU8CQvFm}4@Cfa2Yy|Ew}#>HOA z@-psMV1{Jf$8i(?=c=8(`n`uvdFyb6&2T&pfpCXG;`?fJ*t6%%-PADCmonSf-7jdOT6jN@=1=Qv&>(hW(y7OSlVUbft})UIJn~Ht^_?L*{Iko?WL{vL!^!e`)P0( z)OOh>_HnQ1Mh!BD0hJ!jzBfkr%~J`8;1h$PGDzv?3B1n7&r)q@El{3WozjH;@v)7k z7czs6%j?E5wnqMIHx&i9Xz^&y@n%6P=%gHr#3EB=5{Zg?{Ik91#Y2ZkCvLZ4>3G_r z8cR?0xzb`ylO!99_~~69E~wm&zFeDOn?kvc6la1VQKeB@pKYeK?D0Z67tb4utbJTh zhgM|~;1{sbt_$)Ew(HPBUDlf}B_Z7^5w#`0Do+iK>QFp=2rX_A#3IU4wihEqkP&jj z&$@;PCB@G&o;_(PRy?<82slJtDaMAWL!v_en(E{Jb0jBPg6Z&iQ)HvM+WEtb5v%J8 zU&DAuW|UevY52*W7v>?z_Tl&sTX+*Ogq+OdWx57R+(8&!!=w-J>P-(^jZslbSBQ^m z*&%GX*)Jy~8dyq%M~b5nxksi-i_ZMbLz8*uNt!S0F|ARqkc-r5P^Z?PIr`S4`V&5l z#;(g#Qj(S!*9l#&mk=HWeivow+ngwiUj-N2_|OC7KV{Ou1bV>(26?`X)$qQ=){eDn z>-Ig-C|v^2_=Z=o>g1S93H7sxGXlYf{RzIu<&f-|DgV}+n0^va#V@3gC7QQfa1@(J zYo=*ZBqe8G^dQwytooPD4Lta1N<>~tdJ3p$%N{USQw+{UDtbWE3x=iDOh0S#Fu{Jo z-FYSY`9Y0z9b}%9gV(stM}BCGbfh(e6k_=J4qkRDa<1c?RT3TDVP4{marISY;b*IL zWjmg*6(-w$%b0X=kcD4Y-hJT-czAQM5?)d?5rd@sw&{^&s4Pc~OBedun8`Bt558C>9eD z;>vtkmbzM<{_D(3>$silL%=@6u{F*gX@Ff;O(K{4O?TmU712j}n3zY=A969|)=P%9^L}R+)+Fq&2T#xD+SN3LRx5%w_vOM%K4HkMlj!U3$54*nPkx7=Z9OV z%AN5m3+qt(QWOn#u79&6?y8+H>M+m+3U3)n-F4q{-N| z3G0+Uvs}@yx@WcN>eueJnnRUaVr|%Gbf9mh89JkdiF*4QlkI}fpzM^@`>(%kaRKj$ zeZdpTO+Fb(;MwT`u}}!cfozuXFiZ7(PR0|dsX}bzeEr;^Jr-3Qg(E9_UbG;y)ix(X zB#pVwakmElS+v?n4ZTA#gb1HkmCLwZ7Tf%o(h0=E zO|z$TEn|Ybo*+zp1{&7Yrzc@il#JW|%DaaoNW-@$PXiJsq4BBZMjgVGz#fWkFJ2ms zFonYC0RFLCSwqY8EGNq7|I~>49$bSaf=TIfCou%I%n|xKg!-J zx{Y?*+LRe$W@g5inHghdh8SXI$0SqC%*<@Z%rP@FGcz-{^X=Vz_W9509-}X$Qk67x zQ7TFAT+f_qO`iclAYnlK!QqrB9((WG`OvvV2^^4D+-hJD6gGLF28q>YDJmzu{r1IY z$#ec_+9FL0+LyY-Do*-1cw!v^Mq~C3xf3!N*sS#3(H#u1Baygz=e1?irWgRFO)N zL+gYc`-VAXLhpdmYkO{z;1`hfDuJLjJkBy3F580Bz=5Dcs%TI^t0W7bUzJn|zk-r( zFCQd<$y*6m4wj0@GuLc=`*<^HdPmUHPg5ae7_mTT^O0nQeTz4bcR3&xypU!BuDhQj z?N^~@<1Vwh6HOa7US-S!p**1;5iWHppdaOl8xtPo?M8*8U;%D`OX=7L2sg|U>A7?p zFsw=?xUYJdJO;d-ZmqM0BSwD$8#k5c>&E|lZBog?-JQp>12m&b0ap_o0L`?fjRXz? zZE4Q1zN6O@s`}!}<33-v19*#0%*|isUx z*M%Z4qi%2cpb$`OSl)#Sgs$WpA?zmwcEkA&gjrhXh>LV%Ba>OV-~M72(aa^%+cXkd zax;v^VSo=*TAQQMyZo@^{3V+sV7EbPBuugvz%z5;_sDD##3Ys8g}(0uHcSNtSAV#A z>8~NiR#jnSfZZVxupup~zd&{6hcvM?S3JIHBJ0HN@;fdNQ42|h)l96&cwuZ2AV-R! zYFzTJok%jo{d$ftg={%e8hFMuKssv2laEl%WXrQOiLj!#3!A!(XU@%bagJm!;#W9h z^GfMBSyyTkzhtu;-RKNy^V?KhOI~%&RM+x)c($6NEa)V+{FcaY^I>Pm1nF@cSQFy| zobE2Oy7v1_FpJ-5mAW?cI_ga~eheOKmz*!1HmR`mmK@j0ODIi$M;BIDFEk%csD&%`qV9>5#x7dp7zF0wh+|2VI&W0T?wyF-{TNYh<5Oy{pRGic ztFIgWuyRVUr8iqIeym?jywaeK>S3y-3~1!dQrvPJ?$1CYh^dN8jm}6pT7=nFgNHEO9(E;- z3Q!Cl$oC54Ypj8rVIAAi`}Y1L_50CAUQb+J52o70X^L9o56v~q?+=fYr)`4!6gWh% z5c`ayP)VxqP5AEHOjA#m7x;z&#zJ^#j8KO%&VR)RH!=zIHy-@R$`xZ8im9)#FpXXq zBaMHx$5-7??Gf&^9x`_Hzi5x)dWVF6X%CkF(jG^nx#j3hixfV>8%(>7L3U)XrxHv# z#5jsc*~oi2g6RfO5uOWomDISTNi`!gZKpqC8L8Db?)eyvR90OmdhfLE!5xuZz$x>0 z42QXo!lno6O#&><{LV(&D!Gf<Q z8Ha>l?rt;-O?5l^?1M@aG7iBr^a=ZD*oiTi$#f;xKK4k1_hX6CrI2#CsB%RWbxlot zmOqJ~COMZpQB8&wt6ASL`a|!U6J}k%6T(5pL&Q*N-ic+}ecjxB2)=e;)%(;REI7>7 zzP_S(G_yP^;Y_5$U6&MFF__J*IRFPTS-zW;&32mKWH2jKdxg*)RNjYh;bTj-s~viE zriNMbEGtFzzpS<3w~JzRwcx?cZWX|`$PTMRvfdx`$A#v+y$PNAH|46n7 zm5D18c=;rTbHb1!>MAo`kydBf$3iiG-$9R+2P6dx87aXD`-*W^*#oUy@UO~SrjBiR@d~5_J-G1p4x%}S ztdUll4XxCdpsm~yeLIz)(kpun!=Pbovv z83c4eYwtn7MCYA=Z)Efx{zT8CpL*8CwVV^}t@8^3f;6)o=rH1$!X4=Ja4jsYz-K!0 zr70^imy{y3ool}tc7*B2EqtHA;g%Snbep9_Akfl%ah|9PlS<^j{dshg>6(Jvd-`rc~HhkwsFI>TG9I z;azHkhuINvsIH9>eOs0DtK%i%tna~kD;A3F=Q`oJYVCC8$DZ+VZPVA!=^&{^L6x&? z48@+kU-ASOTHxjuY}32WQcZD%tv4em((Lwm9z=2+PR3{q*WWbU`8Yv=8z9iJ&2Yj*6oSVbT+R{gq>!#-sl6 zC2QT2ng7-8eJFWeOnA7`Yjv=x)&w-NYw&L;RF;fHe#oJuj}-YvM^YP2v1z^va{u%= z6S2h3zyK1R5~j?(_x-q-L*pf3Mk+~7R~I2MZ)uzeP8#y&Ebm$C5HGqnyAlZ@p1P3X z_96F*8F9KT0ReoAMf$^+^#HRt>Cw-P(%>3g#JL2A*GxCL*uqtf?XTF|jr*xePpMO?|I)1 zqEWKo0*bJgr#%y$A0^<)jlCzqN=zpx|L&2`_y*KXT@-e7;>Aqiueu zXaYXesbOCArM{az3S@=(iU@lM7=yAP*u;RDi0Zt&I&_A}9jfBIH`5T<`98~F|H1Fv z5_l7UK+5zQXt;5CICSk|`oc$(y)(nisJ3u5aXTDKh%zU<;p`3mY^sNJh&czgrC#5y zE!QFF5Bdgr`(={R-1#;PA^q=;Og-KtV?vE!2c2}KulLpEnCD{xx2RF=LE5RChNug} z@G%MLypKSin%_;B#)!gv`ro<*-498@lN&$ayecBN%q*-en^q7cL|waOU3-x^dJ|e9 z9eh%Eyy%t^RukHO3`1ayL3m9J;zEasupJkK&POgD$?yv0re2aC5?sdI`pLHX+UcL! zY?#v8rAIsJYo`z0Kk0q025?cO;ao(~KE8QN8{zMKOjb*U*FL0dU z^%c$c=35l_P502h`G(hRu9rzS6m^{fg4$x7gI_9NbUhuyJ>(Z^hJLiJoZ!Pt@cDgy z+uIMJ3HEAF-@Z+M;|^Vo4(?wNw7Br8p_}35qFeiLa&rKE5U}1YY5FLc9J7N*(*c86 z5JZOrUxmC|Y!pJr%&~4lEA{mS=eREC5Y!-W_Y&gUmVhU5vf8+NT3Bqya}+Rw2Q`mH z!w#8}Y~p9_d30>tX!M|YxJcJF#Oagwf5Oc&=0({_6QQ=x#7s8RQSFxf1IRIm`|FtardT4BO&Hv5~Q3nsWNKW14o; zMR!hz^7EQgl@Wa_U)-ZzoKwHdd~cGGkYxNDUcn4(qjKkNydcs<%SPI4Yf3>+WlGMNryiyK!3kecV9 z`jRy8P78ly^WkyHWRLdCA7sGGTj@MS+-IT}c&+(oN&>Q{H{2t1dq*=DWJ}?aGJ*X2>BB4sH zH>C`$1{fa&fEbss6t@imzN$G3cWSHzSFd})1IpwH02qLB2Q@KZeNLEM(rBiBC3Agf|`$QPTb|0k9DOvCDipck#`U}K&_Nhz^mIr!Z zagzA#0a<=J=V4J@5s21=0H6ZdO-aTGFbgQ=!z;!IQvk~@{0S%q`MX8+S{IC{5z9{8 zsEE_J@}ErwTP>8lC9~81wGb^JY+;sn%F7P4b3_#61V{Q!28o0~wAw?w3M0q~v@3-o z!uz}Bo;rZvQfY5M>wfBqzNFoT>mRbOnl%G%qlILGhrTeKS=};RSP9zRAZBxbA6Ae- z9>Pzq^h~Y%5VQrZt9%~(yLHM1t`8s5x6YXx$%TaP0Jmc&`OL3e|1g`YBjfgeL*;ZO%Y&={1t`jdZVO*I~+90NU zTyf7%d#Bu3+iv1CRE11+AJ+W5Y^bg>B{t}Z$l8~ta!3&@kS%sY(5SR3U7>WA0fdO| zRQMDjNYay<-2kqD5n92Bn3Ervcd2`1NiuY8r_VJ|b%m@VX=6IqHYJc7xUeYTy-)l? z0?yOg_4u%KFZrY8)e2ZhX_3W=H-nBARwn|~*# z*2p{)QBPNei)c~kUASGG1}gVqZZi2-N;7RxsNlVHaW-Z8@D7&taO~PuagZS7d9{5Z zsZbKwh^)&Be!isD$GJSPYVSb4vR@I;Y7AHJ4#42EeJ#ZVyQ593WFrjhdGAC z<`PK}sVqh{gg2fKaE-?-JZ^u2+?ee1(828e72}nXeESTU)U6k~z3pA<$e*v*2ieR% zFwMn3Z%&fhn%MAqn0k+~QQp79lg9J+|5AUWu_&o=Aa#oNoysOIl*{eBSXN~7YMYmY zo?twf$Z#Z&BOZGgWrnAp8u!QfCWBAn&sQ{aRrs6CW>5ZI%(w;aLg{TwYh^PM+ne8d zthnJzygCJmCLFIst)qX8+KQ{R!Z%2}ZFiXcTEwYW$@Q3iV5NtLFm#hH40S`%L(`M^DDJX;{aesTefVz$jiNsZ9l6D~g>Q|{Tj&PmQCL$t~RspSN}!)m7ed%-QyFk`?9X*!h^)?uTSD*yZ><;;YQWB8D`$4pbVBz9MEO?$T;P;i+iqc< zrRk=EXEI0HjHc->8$>(ub9CYM`8D0}BP#9uDjf~Hb1S5K+A?p?lPWT0hn#t3ove3*1jMPjAkOOUweuNPEg~zDzyX#WT3^md{?M5{Z!vjP%7v6duQ6G&Gn|q zg%$)4Kd<#?SPwqVQrmX)9s=iBJPPN|wA3B~m(EgjZy=aCrT~gmUwsVuo64^T&IVBt z560C!EWUDm;?(RM#v6inW_PClS<#??Mzvmf;AYV(-h;B&{eCYp(8F|l?v^}- z3?ug2phBl>d?=Wi=D@8)+v9-Ws9o@0)Ta0UUo}G{Hi~Lt_5Zz^;aYEEqWNFdjPFB# zs~K>JGD}KM&yZXu0i^2L_t*%R(Jd+pC=EMLJm{7kdCi{v@btU!V&ge=blk$pT;>8~ z>*!l%?U)Ag(N_x`S8mp6^fL-72XlU}`p;+HtsBQ>1tYTPhHi%_W?Np*AzU2z-pVN9 zH{Q6DQA2pKrYsrfTfoACj9l6u7qQF-XcFK8T01|Ge3)4#9JSJe2p+~>XIS+q{DdK;K$_6(u2sE!+l(;0ZH&R@k6nA z+fFhCTw=dWcOfVmfUo*^;5AaU5c#F>Gxs7h7PRyXHc_d+zVWllvu}W>@Q=>tZ**&T z@i)fOj9aC20c(g*$cdDkSm7YkUkMcT?u#%?VKZ{B#96D3f<*$k9agbeNYEH^d%L`1 zc+S5x$%0<6WWk)5xrk9RT@>&fd6c|iURdSm(uH4AaYgCdd-zfXYZnvWrzuZjQAQI zFlcset!=74fsBbB$sQEIUL(by89wEzoK)fvFyb|^2 z3-tK3f=S0!Ei0apG9$5}(@LR?^6Yeui+8V+9{R+BEHZ!c~`q1sTmNlYUB+L zTawY%+$f?&>ULz3&cd81;E~|e(p@n`=o68;)(8@Q=2@P3LI|EvB^LIfm0z7vZI13I zoz8zlf3jl}gN2G^rmt)7mme9t1S`t zhV~=xC&LH}^UX>}RZZ4^qq~VT4x*?_k#}O-6mG2QvBy+$@EXt!m?i#@MocuXdVrE2 z0M0NGY&nI4gB&7Itfhdl(#?qK=e#9o^cN@4K^9t^cT#9JH;~J$Bw~+hH!I$!H8r=( z)A`<|9XOAGpJvPr^6#|Oj-9UQcxwI@`1Ux<5yYPi`YUo0wufQO9h-BAc?92cF>L9g z4iT3JLgM~m!|M;H+rt=yTcz@p*zE0H}cdCX_=X+U1vo_ZV)`od)vH} zhX#$PU#*-kr8M7z4VbB(((Cv2oJ(E&>G;&MpO0-v&l}s;Qw4WotC6)lQ~JecM>V4e zaFE6ItXNJ5#Cytivp^_A_8eLO{g4j(0(%k=7u6w1!{{!e9 z1PhL#kUs#G@Z%Cn4-RJ89!!&uHTXa}BV1ekV<{SIg(~3yiU(syc1#B(Es0;Hh%^a{ zKAM*}Gn-`f&qMStvY+PoDIzL@jXil0CIy+iN8QAql$}yz51J$((-c0HtcRS) zc*_$M>a48-f=(*f2Mk4z1%@7oxj>*7Q8`?C1nkxQ?#z>qx3a*^|I&RF@T;59@pP{w zQxc6ndp36$OyStQlo_ae00B}|nklz|)E4&DGEBE|GPCO7k1)!8`hl}A-+^}9flg-B zC+G2byxQqIKorpTe80TkKDEu7=y-Zh3$rzV`bqN)=bHWC3|a-&#!P%F7=(W)M!o2( zch!k-`}bPnnJj>)>DgUMR5TfD$o`N?^{Rrxzt8R=a0=XnZ5x6InV(sU`CS3enOH!^ znb=jW6T3<=;E?dukN&8NTvtA;+s`iOF>|>U@E`@G(SYxAx$!l-mg@fFrp)OZ5vx} z?ULfI2rQ2H{lixQyP>2E9E7TjV6hNkW%fs(YpEs(gY5$Q-Qw4nm08-$oAC?HM%Hb(gLB1Y1CMJCpW({S zz}=a(hIhOW{|fL^ZXP@U&rg7XEg5XE*EvXUdt0!sYuw&A(f!x!doB!{-ux(5yuSxZ_w&3O2^j;u==!+Z=3aGPKRIJ{Y1035!ph0}j_$75xsj!p#77B+5tIN%;tW9v4%}$80XW9LfZC|=rMZBAGs1U2S1=14 zM8-j@+HvfTmRmA(uU85ycp-~!me~P5!&?zD@+Er&; z{rT#O`^je=yp^J|Kxt-xo3?b%DP9>YRZWv+jmK;VAu&faCk~f2 zpF+NTi{4x%x;dYbX==@&jWuF!VQbC$D!zTU0BoCq;^qE7XD0sKRvt05=9W!)N3(xg zMS9_3QsrB(vPOkwN?R1ax5kL9x3CTJEYzG9#+J5>w9M`%lo-pYAufn%9tjz}o~o}t zrsQSOd{YR}hDLm5H7&)Nn|_&3#Zr1`8=Jh>x9jyJ zQT12rugjT@@L@VIOMPjV%6R)_FaPjP#U1_~$@*v9#1c=hVsC5r(ng8l#>D5loRUN} zWPrH()4apJT$uidwG)SsGbolip9)vXEW+?UB+B&sZM+ z(Kz`(K<&@ysyG~rj1>F%nolER+;}uSSK42TsO894xf$N`yWNgLi}8;Ywy3C9O2+cc zC6)@Cg_;(|Q5#0@z|lMJpVy)}ov(pUn>E9Pjileo%`z(Q*O4(u-M6#dO2zcY?=F*u zMnaH;+?J2*Jl6=6nL>UkN;aLb2ql}Zv@fLi79>155a*mlFc(AfF` z6^z1QXGQn6-Tib<#vW+Rzw0!oM%1~gWFY;0`3E3b{)ao%=+hl)QT-q8&}>^`^5<|W zM`+aIq+J^Nl}~plqJ``K;tq}6{l^`eN{_C3mfS%6|F}cF|LqQSGV;EAq7R=tbfhiW zx01q#qxwRk$Q&Gowj!7dIy{mYkSm)bLNML~PkJ1Bk=#F@735xl@iVCo$FjaO{M-a^ zthkzgp3myP%pZr$AB%>Mc-8I>Y)Nzmwn#`o4VLx_VAptPPp*Cl+3I$SksGt;wJJp@ zSLwo!vTZBmyt){V1}jXCh18ysxPoGIR$Jx%l|`+gZoXvih4E=5;^VusD$<}xMEd4Fze?!Ax$xczpj$upvP7~IqTq5l?s#|L~xd7*1>VIb$!xA%HJjT0pzdY)6gycDXOc!-{fi9qu-Rav7>$t7YWiu8hS=~d=;7XALY0?>s zFEy!WXK>T~(;g5tZIU)N{VYc5ie~+dNW%WFEzA7lg3|c;A_-f><2g2N(lyV`bRzO( zbg#b1i2;AT5o^8(KBWTsV1#yoD6n@4wh4W_(nH zCHPEw>s*d;SR^VH&ugRmx=v^FjpKnb?&loI2CwWlHvEOay}5uLHrSq#o{KtI9YVK- zP5uI-{ETB)l{)fxlrSdA((f}ts}>a5OVRII9<4e(L{;Cr^dtP*k6oW<#og#Tln*R8 z2DU#3Bo^P!$8 z9)G4td$tuyr_(Ek)Uv5=d!|UISC*h`&?$%5&Z~sjCYAIy{wVEjHKn<-kxO`7Vg9_8 z(#B|KL|8J#c>~4V2@@p(r6fMt#--rKt8l_|7u`e~m=GGfEBQzsX#TUZYy(IoDPFDs z^uwHF69Ih?`vY5=%`VOdhaY~5OoFUYw))xqt*#s+7YzE0TkA}Z;$ww}z=&#Wy&N6v zimO-Vy<$X!soClUA7Zs#6%h;E%Lrq~>-5i$c4zO%_xncW2_E=*iUJXDA571Pv>U;qU2=$1Q_bl_~S3pFfsn=aw$d*#STlKfC$-D|H7}$xs-|S^MCIcjUal zwhvk@GzT&5;Pq)P(wp6E?;k216p(K;s?lQWRSsVmX-W;k2^T7XKierMK%DH}xQqK7 zzezxC=pjcAfKzl;C=1dj`V7ND$8F9ZW+x82b8{zi>DH7WdUb}ZfXsd)Zs59`iFJ$0 z^X|f#tNeQ93whkjUgWC<`EX=m;0`K!u!;z(5j1C%rYu4q^l>|@z=Z5a@%JSmS`yJ27m`9&36Nyr1;l+nO+IQ?ba-zeh#jAwR0ejl;cyGV6cTMmdF{$w`$27ty?np<{@5Q;+qm|qxE4#)?_NE7py@{#2CKnr zl!?@vobI?#!A*JG6(=rxu1ay><_dv&Wy|2Ylq52&#yX=tJ2msqq1dgk$z}xP0DoIA z)@v#K82Lqed*A7 zMvuDhQT~{-ZT{zUX;L+x&DdzfhGZ^c&|_Uxi##BjUz|5-Dg!$Di$y$jQjB!Ho3P;h z?0Wc5B_3URFD6U>AA{$PjF$dZX&H21DfK+M1sU4TdDPQ%@>_n>s;6a0{yoSn#Nbu= zqEnyb%GNwy?^|hx`p|srD!pqoqW`k|Xr$akq?R-_joEA2YHwx}yawaPQh9f5lVt6{ zv_*rUGsyB|H)XKkZr}5scdpF5_HnL%V0o-Y>TZBy7pCECd=3ZTH%Y2%^kuC1^{rk;*-H>dCB%x&LV@;HVSbaX z3bGRi@B>gTL<3juD}LKt4H<oZ-7Fp9B9Kx(B8<#MBf)Y>*yy}}0DB$l(H z?WLoqXB)hh>5*x9dhhi+%s2XsrrIOW>IbK{4743b`N0NrF_KEMzPiQ~`kS1a>z z{FP34$u?<4~90xV#UR!52){YgKs~nB0KPkaj5@9;j#505qASd}8nX9$% z`2x-rSIJ{!0Bg$8kS$P$1lbAp_lvtknbpclhbt zPxbw8^`ESt1*C`=hDT(9&{b)2Ub;$a>id_!@_CL2NN z;L(^Yae{tJn(C9{wu&W~I71eijL8nIUZao*pj`bpZJ{EQ&5jP=BSWkkN++76C^eg@ zld9pA2%p#O4bS9V*C+P^9ZTgC%mYN!P}L#hh$$;)D~3-0v!84(p0`ReVW#qk=k>Y= z)oa#p?$s2}gdS&3l@bqpAwWh&3B-q)AC%j46mkptWhmMmY3hRbLHE(%#n_Oe&398j z=jG+*2_7It0~Zh?e#?bSv9TK5)wdKB)kp`CM{6W^KGp+pRHBC;mFiFLrIm*8P|`35 z@}!`GpNrlBTtQc*Djwz8PHI+%x>we?d3JHfz1pAiMDEclkSiCin6ZnhMvYSJAqy;u zlNstLdwV{}cx9IhvC0htw%MOhpl(KtGC`w0KcpRI9F+e6e-Kxom|uqbzp%7#O)F5D z)erMvt@-rdl)n#C;K6k4?|)W;4PIh)84=15*khE2nyBip(-*^GrY1f8RtKN924^b5 z)sGhXjEywlxKCqF*-n03{mLDMx;RKsoDz!`^+)^ za!y3EN9|k**Boj&uTp|=nELZ!wDeMbJN9F}lfok3u{dVEqI`LTwW*+%|bUxv|}Q>O}O!6ncYhv}yZR9i+Bv$KIHHZU-H<88o zF{=DoRczn!NvQ&*sC0rG3I!&$A~sCeA!b(C`^qm`c*;O%anetrU^uFtX!dB@GRdEu zVovX7sHE|EsHDazIRPVpou8JT?H!-FJEp9l#8GV6Bq6;(b^Tkl znS8=eh)ShaErG+%lE0|G2o5G;u6zel{@-OCzFuw-pd?_3w0rjE{H)i^tI0!_Wv!ER6dx*SS_Y z#AZ?ZGG6Xz`+aw^PLfn%>4+TEFh2Sf@}^Sz%dZyViuOm2JmwMLa?-TA#xUnuyHJC9 zF+ALkq|`&PTo3H4xdsiGf;9%tzs3D}#hPk+efksi<${B@QWTt1|GWd6n);cBE}L^i zt2FN5Vd?8)f5`P&j^_KZwAfQm(zxBoC!oMExQw`7Bg0=qcAQ^Qv|?3nON zCh@$T9#Sips9*QNn{hc_hn#IwF;6WU99P6gm~lFL@w(eiX@A|=(?jkTeT4*(DSX6# z5+Fa{<2?VB0EXuXWhRB5p1#cbj=Nz3{6UvPJ_wrtb-leWQ(N_yMe4qNCFKX3oa4KG znTMx&>VFFT^Qmh0ThNp=bKrkVf;#`cnOo=Sh92lQvlVTQgiQKG z9)3&7M8jIXVb<4_xA-FbuFw+Q6W(a3IJwBqFgS_?u)Q!YlY_3hAKV0;45mp%9?O?m ziDw>qy~RyuvcV_yr!e~@r_l0}13mH1)0hPpmP3~j{}ucUKl%q(c1ybd{KS<7g#wmY zTL8oo83=Mio=j(@oO__E)t|QP zdfC{Kc#tC5@aQYC#b**$Safw7p??(rk59$VOjgF433rPPL%@WKPdF@4^1y@>aR|?> zC9cH!eH3&00R2DUC4eelGz-}j!4UK=R;K_SFLRiU^6Y=Y%R(8Q*A7l-la=o>@~Xy# z@F9gWYFaw01Z;fKp62OR?J&%J3gt$hfly&D8*=B2in)IRp{zDdUBI{v(%}(gFtHTj zN^@Q__)*Mlg&0Ucl0m}XK| zNvbqZ*YEPUUl`-Ucoe~SslX3-2)Bw-)+N*NjJSsIrV>~AoO{~WewQ*R>>WAESVzri z5nCCrMWVfw@Cme2JG;Uy!d7Vzhtoax*B^6csB$?Aj<-h_vL!U>+VleSTciR!$4bBE z{-)(P9lAoPj0~CwsVQH88vMByr7m&ee0Ge5`wCBa)1=mS9lQN+0~`eULaK+{#o@hx@mM@lhXM~6xJ zJ5K+Q&S_hF5zG3`fkA!O8RF#3EIP6hyNeW+UE8;M&Xo4~Z-q+Us&OTRjloyn;cv{( zY4jFUXudoWvtj%(nmo{1KgKh_z17Ke!mS%eXggp(d|5dP;y&>hYmH2!`z2$|BM-Wn zW|9W(%oY>S*2QMDv~G~0C4e+Qukp;LMr|dndse8@Cfh*r&;!vG(K1ME1jLH=!|!Kysi9VX;`%Lss!B;Ksv-SGQ59H6cyvWA8@h zHcI1ZQhPv1z%Yjm``kidfu3(!GEWDtA?&wR^+xkq?z;^^$(q6=lS`;@ST1FgRNZi6 z^0!C#Q^503hu+ioDfcaFrv%W+O0*@a$%PDBFhN2fKj5uq*Ae_#D`^P<%qs}o2o#GD zq+bHJ@A05|9i%f06C7CilO67|=hKwL11;HjM@D6?0DJ&kfUM_9_&#v6f?X19@^!w{ zkafPqj{fd^fq@Sc*k8nbB`~BYmbo8u>F@!fH3^7)C>mkG2^+nP!a%{)xxw*o0-A9J zbZ{hnzq?z7qCFCP={_ypVL_S%U0w#Ek3MKe&@#Y8KE?2O%i;4y11M!nqe%L~PR&Jw z4wO+sq$XoO7((FqzOl`KM#vUdY(t!Pc)$kxN)MSy!m&0xS)RE2;=Mbfg!-QK&y@4J z1_l_NDZWEBTnxIdx$q2ptRUXBa&XW>Tp%{2HbxI;@aGw)dX;;Q$N8qH!pniO)HC9Qp_G28#u$urtRMOBk=loWyBv&`Mw1Z zTV1P%&TQKLGR1@JO6*p|_4RFYzP<12 zo*hL2(5Fy;g_;q1iz{MHumdp;z(MFs37S@O)ZALvS|+oBs9DJJvs(8+R1iu~c@;@e z`E<-B^mNX9DC4Y`m|#`h^dKPg1^R2+41`$E5IPiK^x+Hk<9}W3f^++3^$v`ePTCu=BqgMiC@3dbn?xM1iDyAB}h3Z!L zsuP%yl*T9%DB`LZDeM^h=0XZn>F8?_x(`_vh!!~2#b`2j8#TN#x$^lUL1h=8lYIC`JnXTo9`W$@Pp@M%A)8X{BeBsN_!n;g#Nu_=ga&55sR2 zbzmoGLe93w?}}3I)V)ArkE&=F^~YF7GSewPJuAE|U#r+g#oN-~oroyYSNKu?ix5$E zei9<=o||oGFO7&fRUS2UIo%zbZ*R+rZG8XXcZ;oH@^0r$W8n-nRw|3@4@gU*Lx#==Z5U`QRbR%s8Y zewTGKTaPV#g+?gwdC_(&W`19%8oa)hiiAC9{9uMFA;L!t^1GC$nYQ=jIn7Tr7(mq8 z3Fao7skpbznYbVK>h<(Jh52smNA&}Op)f`S?Qvjzl%wea^=Hc@*CM`b^mF6 z!)E!H@r{Sca`_9FsizP7-V}28sL%`X)o*Bln>K)>UwB7*h=l2X<@ly;A6DMf^yxF^ zC{BpFFDJ>zyI*cm9kcPg<6y^WS}PmaJ3@-0Shd0G_2r5@II}Gv3@6SXa=3BG6m(Q4%C!dQ$Q5WyDVKqtlvJl z1sA;1xReV!Y&B*Rc$*AO)HS>Cf{N@U6uKYBrzh^3li@G?u~S9qFD#7jp5t^Zz|c&` zKBr09g8b|&Lcj2G_O~>T0ir1AXHc zhtaoSHoIyvYG&cQ7&|_9+siAY3s(;bsKer~=(w;al6XzGGVzd4sJq}q{ z69S@>d=KEZ(wNJ~u4?^(#DQe1db&(SEH3lr9vM z<#oOY6Ci*N_hZ6z<$j^2mi*ltl6d7DD-jkUC#Ax1nPoy(Ux4n_Bti3;x3Jp$SKdM| zE+EKuytb_z^bia*@xnr_$ zGheD*$uh*sRK0zm%kobrHf?cK#PA-A#3*7$V?^&8?+x3bB96IJG3M51)Pi4yr7x=Z zWEh~#rME41HOVcQc=rs@tbDmDHE;W^D{K6tV`~&|p;SXpNryu(_$8sQ|?&{-HWK2S#??!f=%zS8k zA~NJ$gva5B{J_HMN^Plw48PvlKCS9#2HJe1oIAiVmky>YgHK9q9ktO9t z!74rv&<2WQLK{_aq?-6S0VzHvkC5z6@ElJE4&AqW>EBk*~FwmcH+lB?1zgjTGlT* z0^D1N?79w(Kk@Jrsgc^VRM_l~mzm#VO89}@shg+61K+f!03=>UEUv28nyMh1ofK3-xMRYrfBUplKP6k~8I4XYK;H zvdKzCePfFyA>w=G9~Vte(_Kwhz|4|?2||(|L}0`F4Ei*pAnckAlo5zZqUQYIZ81l6 z^D|SEPYaUbUG#x(1YrV;7QyNp)2$I_r-NZScs&}OF501IsT(+TKPI;oH1_`9V7;`<_8N0l*yTyU)9x+HW`pv$w}Mmwo?ox50ZyeMOxmfBD|JAt2~(S0qaG zw~NNYB7S(c_IJc|DlQ0Sfh9UFITz$`GT(G_x3GH_o_9cVzNXaypW^UOg@KNB@2K5@ z4dV;t+W8fC%md~Y*4}$^!|~30zNk=m>e*%cBY(7f%{XA?HNRluXM2qu`r0Y?d8)!BXLSS!fsZR-F{|9J62r=U~Q!e}yKAWA#BP}kPJ0QeY zf;Ve}zt^}y@9^)BRC}VB3#7K-|TlU$0@w0`Ade+d#|!6MEd79JI9b;yy4K;)uc>oBJ|r^*6PWDG}SM%^A2O+&@>-&Uua=D{X)wWV;-OlCq{Oeuz zgTgy=m*)$u!aG|WSM%S&rZkp8c;%6Qg-C*$#lk!ts2xH+%=mbD^?#IxG#0vQzAGyPTWlcp!<4`h zn*iN)nmJ%XZKgh~cmHn882TT|fRg-=GKe#1_QL>#K&rz!B`4#x|x=B(jJF zj)9;t+qL5Qk?9s*(w?Rg6!50)kmTNju3NF6PJzcF-`*+e60&wD+y66TAH}?lKqY)7 zqm=+(Axz*%VdW>O#>_&W#C*A@dw2vMDqD`*zF=l>iJEKS-+sLf@@WjF+<19KXO*nH zekS3vX>$zf_!$B!uMuLVoI}Ri0n`bnzh)?(dj5WSxdw>p9yjCZn7?Ui4L)6T<9^@u zV`dQesX-{p0XT%+A{p*im0{EwRWl;Z*C-#x>J&+0AWF@BGOAy8_&A&o$a z>NeNj!}w>KMkxzZcK1DdtKZ zv{d;`o%$S1#AXfT;ar<4RtkwmIG%y0U$H(I5kX&GR@u}ayG~mRPMcCOTd{PyUnTw! z`A-~W%38&4Ce-@7xF@3JfipQJc+Q~cZFoHOZ${?H zS#}IGbO=Pu+Z3wR2c@x6INF9aD!Y6Cb!gvM(LLh4$wRhJCLYmYv*6n;_ed2^eYhqP zAw?_ISF=X`KeP4?of1`txFtBth);9sOGkJ(kQ85Qy^m%c1&@Wz5$pL=TSgF*-G*X` zzZzi;-Z>-Gay+R{PcAcOuN5fzq;aWUiHS{SK zDWlu37hX<2b=|4VcT?HYZN{aw-{6(YEP*SZ^W83XyPJqbo|Av-BYl>#@WrsOUs0we zKhcU&nrV|qK!O4>!-)8@g;uy?nyh^9L7jt5t02r1RdI4n3re4DGW0c}0?o)tB}BZY zGC?T`(G}uOhRRWY!$wtYrLU7ki-%FU;_L48i_;S=c%vq~&F&#@96{EM{JmEd-;GfB zuN_9W3Y7SeWR*?h-nWj2EAvEIHv4_|RJA;%VUml&2i;HXg4}-gS8C#1Qm%C20&ayo z>V-TUg=>mMaK&YaIT>G4DsCdq0wSX7H`q?{g=|vS+4NHw8*aN#s55HY1ho60H!S5= zW7;_t);3$X4bbG_Ln*CAh^X?TVlv()LakJ5@aH-&BYf zpUs?g)J2U6MTJglMLa1iFAKjDQ32EJ=wR#d8B%2A4KpEs#vr~={I>X=5ghQ==O60x zJMy#vA$`)ZzTRSrOPY`(r=7ZlA1`0{AdFO@zpXPlHA^A(bg#OqV zQjahA{gR4BJ!x+3CQL-gV@=i4z-_TIX;K}f>02~c*|!`#adf#<%zfhpA@Q#P%rO_^ zrb=`jMlQl&i^8B;qxuBkOdl}Tk{^B8IaZ$ER@iIrv24EgpTf56Y*)IxEnR%uO4C+H zEYxXM85x<064(0ulfQk8KgYWw2o?bh+vLhBf;snVzK&ljtY|A#7z3!N`y0Y$mKy2w zA{JUG<1gu~>H6Y^Dg=VkNO{X97Ch~vHkx%VhKu%$p?;l*H{<;vSNNsdpNptfCUtSq zj70rB40$P?sQ1s<6DHtCw?DIodF@6RtoncNvNovTYMQsvpm8u<;AGZC+reSdY1XZ4 z$krMD2%_)SZH2H&wP>i23QLC4uB-hKByRXaz!lEzwvxl9kLNdwx^400+4Fd2EgqBh zwEy??{596}22k}_H1%Laj+yTm!D7xF7HV)`IMKO2P!P&juu+u^76DQ_?W7=wiU3Fe zye$MaHS01bZ9p9?lhPc75Lf^tM;PSAPSckfzAaJnbxE7ir!r61R>CehOX_##;jNt~ zXjWmphA%B|zrc!`+eBZXq^~7qZS!b@UxXy+dtOY%6qpoiI>}$`$d+7a0<^1fp1!T( z6=1oNWv|bUAX!Na3Rwmysjo&!c5X*ioQgSXe%N>T?Adb(C8AX!pQTzU2Y9^{f+#!D zT>w^8^W350h#aSbLJGi*2CR2CJ`mbxO5yFL9dr*MW{{7|XXZ3Cyc#`d;0AstX+i{JM# zU`P0>E;$iUQi=6o_=8odQnZ<=m$JNH{xCl#c@{Gl3|M{9G(TQ?1pwv9u{Sd6x`hJ4 zp%y9k;i3rAF;_Yh)!Q#dj&|NdKhxjAxUT(|R%dICFZwCrO&0WIJ))PMMRwEH+P=fY z3QJ_Ym4Yk-AOZ756#xgo4!VIoLiJWNVZ;}@l}o`lkef+LlWtNfF10M)PcTz+2X6_n zqUU285VE=BQ~3+c^>e?lqY|nSz@zNgTYOk1zi%cui%x#saxK+_)xg*)wmdv&;dY%C z;7@?%O>TiG7J1Mp^iq$b3MdDtMhn_+AUzp=T?=)lHWvga_+oNBl4R#DrPd;r3Owp5 zKDAu1zwx4{{d)Z>I}K51Z|5zjd{ANir3nE6k(dLbzAh9-$adZfG$N-M68Vi!xN2_s zwWHwK|)4)Cv>EOptGTXqsUx1(cl)l7-2%?K;_n#Tk zT zkb9Zy%p(58O}C5Y^-)fUu8gj{ib zJe!3NqKrsnp;g(}upTDP%zG-_x#IMHK2qgK0QP2prD&m>z2zs0&@KhZ5yf85#f-mj z%*tpdwnQoj>?AK2q?MyMXfCPqrSSj_^hyuzb6WvAf2;Ry9%UZrq$BEI*r5lcqb?wL zNB$O{o?SRPRaR+2JzZ0Kf3)HkmV^T9?fh6sjj+<1Hd-FIxj%OIFVdxw5Qi2I z1t;=8+(hBVcNT3&H)K1Gu4+P|oo8G+o{S6sed2qrI4vaSuOh+WAG@X}CRZVU#VFEi z`!T6T571j|Ibk7o|Cr%pEOPT~@!tF|wN_d8AB5VH;a&e;Yu9E&@ZW3gj0ewsnxEpB zP(?|h2EmAY%P)2rlZmKAz;~@mfnf@7xj}MV36fo4YQw0&?oHpqoVDqlcxw4LXWUXs zyOD^8Fs||9A5-AA)w-)w_ht+!9nJ1nWJhqOicENDVp^XZ>g9ijbeoJEBklr=h2o7x zMA-@$gvrK41G#=6;=a_J8>n(f{FSI!4JRj3u4(_jg({>`Oa5ttXHlBGnbEnCSfwrK zOO$?5vSu&%&jIicLIml*yR_XJ(weZG#-6GF$3{C!!p{GJsMWKZme)dd^JTw=KAlqK z9D0EW`<7mtkdKcJ z`HH_TH6bw^ey4cm8zVvH6&#b6m=cF`AIeul#<$toDcbh|;eFMo0i3|)IJ#W5U1#{$ zECmXB?id95<BUosDgj$>?(;%ESlb{ zj3JWiVZROcJTE`S#0+fKL?>&4=QbRiuUDq% z-UMT?l;6Rm4X_c4gchykHxaMEcT7^Kv~P@&vZB&DMh?IwF-#xG!R82&WE7gJrjvi# zFoAPQy=s7vu70x>?wHGIq1HOo*GZ^4;KU+lziNe8m2uyAFI3&6)yNT{bKW@h(qcA9 z$unRd#oF+_g$ogVfZFX=uy}~;Y;b6fR-jll#kbycr_f4ez1FWTz8|HJVo4<`p;l@3 zw-8o1pZ_GS;rTok?^iWm#WI{0sts)ri*}5eTxt!a>?fkTw{qtb{{6*NX_z7}1}vp! z66mTj&I<|xJ9~QY;rIBQ+;%huBORl>*w!KPr7|2u3ugHOl*k0LNR@vSmSN;>$sQm1 zSPn&c-gw<|WEOZd>&TO69ZKpTPiDj;2^Qu-xLQ$P(%OmB`q;t+wNF>iHq~sX*Ap)d z&~Sd7lw8o|{iy&F32bhRT?=m|F1bIYhqm$Yfon(==z$nLvN@Qb(&Tq6_{i&WzqVhO zcpbiPHGmi^(JAdYv3@COTs^s@Oi^|R9?3Ry`{N8gm=JmN!J*LL*BvzP!1asPIcoGb|UceLJ3Sobzf#yx1W(puVp;w~Y}4b)1D9-8dB zu@xR5st+l}uKktf1@>pbp%SrWT-?l@D3>Spm_|%8we5wm=>aD$5U$ zj|n5wVo;u@_7xU z>_J_D+G7_)VT?W?*}M#dDm58QA&Urhhn#)1&_QMP2;Bj7hrCzX5#(zMhuSKfBG?(g zScdkJ$Qaa}Pe>u)D}X!o^J)tc?1)uu;yes-DZb2~ds!e7RM$R>yYuzR2V|Q|SvaCS zAA(qeE`XPn*NwIK&cp&QFQu@}UmW&OzSbt~Z+|dA4?7~>i1a;O<&fg+PK@ghj`1@- z8dSXdldeRyeE0lJbmC8b_*}%a`l70e>=sV~vCFrM2C$xmCg0(M=*<*u{}s?^=>+0n z&%X1u2kJ{2<#9(XL<2qGD=J}$bf!hVg+Hu_JR>%^0Ab=PUy!e$gK1nZAF-EjJmUP4 z1_CuvAQIM>-e1f8{XLY)E)#dP{xtTK<8~JoWA?PRRt3BrJeO+y^O8|RxTxr1w#^pA zuD1;J+#eDcCnwH0(R`#rvww57Q@}fRZx_YgoB)hf|!LIsCE9;bI5m4yiWT zHkWp){5y%+;*0NdvhB5F?q$?VhNe-Q0=};g<+nfW_U}-CJ*aLwzIJ2UKhzpjT5U{v68d&E(=jlw~&8NPpnPYs&KC2q1Nyo6<8EL;Q-v8(& zZ{a`rjE?Tfit*}otKcTiuJ=hy#bxCaiV!B(a>#j%h}V~5WK%uVH-CnndOdh!9ieUv zV{Z+!f+JI`yd1>Z^(D{auNihh@!?d%U4;s*k~~!AwbAj%rkt17Iz`V2QuPgupQBu> zQmm>8QjF}BjZ#d%eVNmgu|0g<9Uyjcpf#N6F5r7eQI!@ded z`^K}nREq`$r&VBB)?5@h*T@2AR7d^laDhFZmyXq{^s9uM+m7lUcq zXrD?~6`Kidb08FW&*I8Cv5jg|8q5&&YO3MLj&s41WcNSFW)hC^c-R7Wt95Eh}M$HX>V zLlgqUqsu^|YY3txtce23Iuf%$XIb#Ixx@ek>j+{byMG=ZL|KX}#SR=5ak00!gCkSc z8s`H56W#!Uig=l~BGQ+iWc@}rsMUX%3(F#QvBZ6>WICbS*e0}=uX4wqn1NeDuvRu8 zq#pqaJi-~_`@C@Y{Xpn09~F3*g-c1aHX;M|5-tOL<&B9yl$6sG{GsoVgn#D`a@ZKR zff-Fwgujcniw3=mMq?0vARiC`Z|NXY){8dkTwjRX4#++uuIXx7yrIFf;y_cufk37z~_4yN|m}!*g9vJVHPj9T&Q_ zJMtMKC|R)Kc0$gJIFz0fXGjULP&@EVF60XDvk^B4 zWm=Zvqi9+dW|VNALIQm>mxc~~6l7QviiyqKBm9vy z@`bfSoMl+erGn%4+p6Vn|Gd~y!91h`yX4@5@4wt5z}K!k>PQukZ-3)!3M*T22KSAn z1Y!MP+X>B->BJFHufPnz`JC#;Iwq&VteN-=(!;o9&R!zk>JzjftXgq347)cz?doel z{y^bwE{>} zmMB{OBAHMncS?XdNVPfax5cJ%+zxjTUHP$^zC{@rL_qCPJmQV@8qbbeZ)Jc6NbOWI zKz|ck{}M!hG9UaqtOvU)pteMw!UJPFZpVea9NfXR(Bbisei!(c0ql2F-QaPC5*C~U z2Xk;sL*A*X0DPqZ+*<_PH$V&UnH$=y@${+(R0DKCT7b{ob`#r{A7Uj-6s8Wt(53`n3p~k8#JRUx zdewD9`|`J1K+Q`b*hy9k;ta;OPeK|2HTUEIJx)lyX+X!35~vHrNfr%2Z@%Qr=NBsR zO3?*RP>!JIV%rY_L)+gcfT5CVuowtzI3`TP3qF|MmDnFE&H?p61~CB{GKcM5X)4#= z#)jkKpy`Y=!Jw)Km@S3?%+w&h*}^ajt*TfDG&}}2Kt(;V`#8(tzvJ!tJz%bywuLcX z6$;Sv&F7QcSSs^kbN*llRxa#u;=hKnh^`hA$61&NuUZO|;c+~Ms+^aJlYzCtA~z5l z6b)#aMu2rXjMJrBr>Rd0pJB!@r^<@N4b31AnC3Id7}f21k*s5!e0)WSx|I}q_FV}d z)(ekdhPhj4_%X_~0e@Ht8k~#*gAtIpEY=`qp>G+ebj$5rg17$j%Pl;H&wz|v{vg8Q z%C`z>vfb=(D6#M|n(dh{aa@GPVc7!B5s{wreZQaA1~=}q6%65U_hH#Gn}`UJ>wSYL zlkJ}k%=4wUR;XDodr50AQBP|7tDLYYCduIm;@w;~=!SVCIK;yznn!vcf&vxg(zWXS zFJ#fJoJl9AIDETD>{@{Pq2I5|3#@YISL>CVvy!GJGY0QN* z6si6O;jrfmQ%l#Xmeo@?ho_?DbGkgWIha56xR>^r&3Ga5;c_@A7 zcMRk7p@;CaV9_66xHD!+ZpFv!V^cO6MiW?QT`Lc&gJrRpHHe*KRwIbVaC2kj?=W6@ zMHyOwBN_63=q6`{B+W3mDpzm=FfB7P&2~?54JZvXou@?PjHq1$?<4Zdj-V2QzBY2U zrABegSbnk&BHD;0RTzR9-nC(D-K|3_-?^WG|Fx5)u=tTiYl>j_!-C2_Ubcy)A{NC4oVsKZ%D!v%(R)4zyG7Ep+@@kGoW(?wWKfw4)BY zHxB$=dpvo6I6>F(Hu*6Y>=ehL8y@2Y>WKaXn<9eKeG57fxSANV|8P2Fn#`SgN1luZn7WUJ}KrWS_LxazO@9eWp z!DtbRJCX0PU7#&@Tx}(GTa-No`jb&2ujpge&qTx=vB`j6{a!R zD6qkwO=Wsy;-Ohe;3HKSbt&6yJ}JQyHEc zU7G|RtB2An+!8E!P@?#eDvG*msJMqtYS)ElTRz2)XInY_ZZ$8hUvSyk!v3s!b4ye1P)K6GL=kJZaP56um`%S;@s`O6o>r}#H zqTPvRC4pOvj`QR3q%g4=1s9BNh+DwtH6+UW1j4xzdzhAuW%09EpNjwlaKsl}A4Zkj z5iM;?=Ei0;6I&U+F$>;kTI>bkZ}d5R8`DQ3NdpEX?+1b2{E&falpVHs1%(YZS+71^ax4Z_%)O}Lr=af+l{o(moMUg2Nt{A zN{zhOgd`phu>!%0obW-iC<%}N8&1Ho4tF`q(JRtde~>fK1&FfBCZJSQ64LXI?eGfd z0Lo%lkh3v#Aw4Tqow$xYXU1OLd$VCCtgp@>d!Pdl5tUVcDNC}N(9-o(2wKJgdOdKz zKk9MZ^K-&{Tii|yTd5<82%xTG(-1=iml0I}qv{BStgHF+Sr#>3(kCYCA}B1L$_kvb zvbwuvK^O1iVJse3750M2Fyp~*jbJ#c(Q?79?CXlIVPPxZJj0fR%~_TF26+oZS7V5k z2ixCw-!ICbw~Jj38Jx%W9exs);%;Z4JwEdDJm^+RWDfB!uO;E{E2?YKKxM29@v)pz zNbr^SS7;+9wmtQQn@m(s4~-X91AjH9MmAacb&!SIs7G(ivMh2f;ZSrSzvQ0Txf3y#NXJ()78Ou2PK>eMx0FFx$X=s%-A( zu$MALbLYksOM4!$(sFDv?vYQK(S|>`nTAlR9^*( zy#sHMm)sHf19h4+Cw(X4E*Y4YTq${k`AS>U;z0OM#XxbxoM2R3CR+>xAn5+M5k3zf z5VJ@ZKMsG5oRYxI*0f|8<3pN*6tZ>Gvh@S6S9VJy;~=`KgHlOW?50w=N0W+eU>ymB z;=Un<(l3!83Dj`c3dQ$m7p;)Rp0X}*aHEEj>vG;6w7tV#3RvAfdT_^^2UnZhnsgw# zSvAhd8F7T-F_)a*uxpG{z9n=3-j#aLphKVT_)+cyfwm$zXJcC>oW~N{h+R~a`K{nxKPI9~)lDY6 z&#ddIrh?hwwfy(1r(Ky6zg8me@O}8ca`Vk8xF>`Q+AwN3(L5oDoA^x31r(m7 zT(0nj+W|Y|HgSMekkxWW>^DkN3%^<6^bLf38fYb;eFCjSP`K7=atne(OR*3&s1!q{oTBm zOc(8CTe5XM-OKg2`xN&_-Za!5$Gfo8&F?q3n~ROTwthZ+55_WL z-wA66>Pb4y3fusK1)!evQ_|qpOeBG7Gp?DlA9}O;1Y-#2T3j6o>w_=ym!2F2>PcqV zFRFnfBoX+u)X3ayq6mqihX=^qAuT*k)cQEYmQtHi^1)$I62ygJur$QjmYuLs;Mo-sBL?A{btgEtOAr{Duby&6!A!cO1ZL2H8VYe5UUAQ z1bi+8m14K6NK?=UsJUZRsE;`TG}--K0@UW0Kq^7iA*x_CU309#Ka;QL{JDH(%Lht~rL7sqmtMfmK5Hx0!9^3nyhe1E*@W78Alq<R=b&q z2!WE(Yd_jxYG5qHkb8D#7=gXugb|0q%o{ks;Qo{t9nYeOF?l71OPSsJxS0X$gIniWSnVIr>GWS4FmuQcTY3 zJi|1GfY@ssxhs=ue)5vMv%MgR;HX8de+1iz>8WNmQ*!KI#9#3KU*eDQ6T2x}oSF`N z;k>$lfQsN1S4HXYSSi8deql?Nwiz!|2k^i~z3W}zgT7o8QcKx;En-oWR~bp3e-Ai3 zrD;aaqL8W>zjps6XPo-OvAB5Y*~67N7z_30E*_oqKg6G64W1pX7mpAWPc-jxO~$r9-a1$8joR+_rVn9$_l@NkLm;$D!&D!Un( zCVhBu<7E!qW`*i8hY{ORt(DcM9L=*3~xr}qXgw^!KO`7=6 zK}&d>Vd|!JmeGWSuV>rZ(PtT7nHjMLEYD%y3^+^0rdP@y`VIKT!gKZfw4upXBG`nF zZ%?I-Xzn8Aljx*PcGx7#QWOK+K;83vXHI+qV+7xXgEXQc%)%tuC-nDJ!Z>|jqC+y# zV8*MZlwD9*${VO-5IviV-FjD{ZHVod{VUXHv=}3^pwqnT*8pY5ZCtc{}pbb`+11noHOMhV9R*dgAkk-x*S9@~KytmEvC%puqn_0k#4apvy4Lu8S4bWQxEARRx2M7qC2BY>3luA8%VI{I*4) z!IAzS3NZ4I0<5P-`JWZw@*f4LQ}CY(a2P+KJo2|#iWYEBv}o;AZ?_)Cqt0f(-Le;r@18e{BU$BxOk+-vnN^Oo`p5c#$wbLKW3$u)VxH}K{8R@_1okemesjn z%D$2`NG#J#Wv#p6ZFK2uln2GDPWpU>h3*}M(f!&xNW-wRm%@?i>Il2sFWiBZbE1cT+Ek8wH&pXqZ{qRLAkS3RMog`FOPLCaJAfg zy7T=r*>Ulj*LuL43JQB0WA&zQxzw~Mz5=ji3P&t7<(Fs5I+8NnBpg8521$8*s~J}! zRliVn)nD3|w)T;ByR<+vIFZKf?csF3bZEUbc3k#hUeR~>^i8{MwqFE!s^THr_Goya z0eTz?+>)lV?4j|*u%sysr$)9u#me4z!j$IIYDuASi~PFI*n{Rkk-~v>0mKOzd`-Tt z>fH(Sd2DRuvfORC<7l}Z*?5sNvp%Kiu8#f}>M zNE?5%Q=(#O8o`b{iRl8DblPl1dM?wxnd=3x@eLgi(x>lYJ<|R_x|Y7d^xfQvMVq!@ zywjWBILWJLqC>jwxI6Xh>c2|oNNnA0I6d1p)M9$y$FoKdqZv=vpLlECsdAW}kA?l6 zY0+}Fan5L#1$v?#$QXKL7qp881o@bT%cR!5H8#UFKq9|U1LDrE4UShR-p_mLR-!Hu z!w2A+Ouhzm%oK-8UhhfLp-cW=?rZQ>N2`mkNgHSkq2 zg(NMC?)aLH51qt7vW-?=Zj|sKp^h7o%m9SK$Uv^s0)|vdfXnmmeyD0yH{={W%p9UK zDjqy7TjTt8>U%yZJV5=bS^W#jfW)d++=@?IKcSSo0Fdh^6^Yr$rihafq+m=NXinf+ zRzDk)kC?LZ7V*4|Fiwj5h41}1&zYq(kARf}BzJ>J+o_j8Rgkx4?(*+6G)*a(Hh>H^ zq>tKilxu$e3dNVUq$LfRjc|wkWVHV3K{>-?v+75gFq_^B8E+0&-57jn0R|-TUWoW3 z;MTWX;C}bsQZ{Ld2v(EU=(zgpQs&SIj0IscH}aujf-H@zfqTUW+xTcu9};auT{5NV zzmzv533M{HO?lYB3F&EJ$iOFn6WZ@#qCGQmF$OJ?!uZoeK@GD(#vHb1aK(4Z=zeOzQnq6>`T%GZa+?%==T4s6X+hRLj z#PUFwKd&A2aE73qtx6RT)vWw}s)<96d--I7N{KZD@5B6n<5c-x;^->F zhAX#Q*qB$PUwmJ)xt58??r@*%aX+rm%d5&~O<7RDy0To2<}jw_&T2Sok)~(bU-m3P zSbZ#)!}xJVVL?7FWW-&+{?q)cdb)^XSjcNRjbrl!b^Sl zB5Rell_nulF8ptNq40t<(+V{)kAwNb#ZcIHm=deaTt(*hX{)`Zgm+1zboI2^e(GJq zDd3EgZ`pdwWO(YbaMQk3(To4(OXp_puhw<$E7!GYo-ViA%~LntoU2B+r{}VHzyHoK zuxkIpF!ex&nE)~j(*Mpd5QV@u*t!dlVJ!c_FpU3T7#3|Zv%eXJpYH!xhGCU!{!bU% z0_b9sa$c?Q1i#iQ*`^Ck!d>jzSgQ(0Zo^~P$}PMnmOQ|u=vvZ@HiYhVpCB8V=ZofX zwT6V_;{F*1?}9ySS+#FM7Rc~@lF^^Wjuo}M^Rzx3a>*%?=E7ue}Ix#E>)oG|Hd$of(>r}WSEq{7={=b z@|AUCiuJ#`*wcR)X8d0nhT-2BM#rOv5o^$6?7uUNP2FD%(=?it_(Z>d9q~_wq5LPq zJR3V=ytWcG%;&{gmd$sG9XVra(z5@Q8Yq~RUgS$*m56~3b>tfJy$#K4Oobpo}E`6ZL@U&>bBnusA^ra*fk+*qRI9smioog8YbLP3jv5E*e+P7 zz29{1@$%0MD+(qKz~2rWmgvk7e+6PYYd~jfg2g+WQ680-Y89J<={rw+{@`=-^Jo52 zDN>zuYd;9QTH1c86t}~9?kodC_%T8`!YZc#!CtSoOZP3PSU+zqwH#AYJNtEDxNGwQ z({exMT_CJCOg^kqnyJ-ken_pTD2nwg(3i~L#c*3n#{hWCJNt)QfD^q8lVgfXaHI(t zWt@mFl3U#C8u!=)z9b%tbHMSME}Fw5J2nq0ZriK&tdws}_Yyarg3YDX&u6_Jo&4@6 z{o1FXP$l)9xpUwp8YLZ9->Zw;F)&*S4hTwyJ45FM3>E{BHJyL1(TU}|uFF7gbf@O8 z@5O36?kQk_gfpPhxI?AE4z)k5?wQuzEm6IX@?Ph-E zr!(JQdkv(Bfdp;`#zUzUNe}|%PC8_DXU4@{U7IKwM)h<0+iz{IUU1m#t#eDdgfDH? ze)N4GySa6`)@@W(5>pS&uJ4eFucX#DMcWZnzsMM2va10K4?2fp23d69G=u>959^oW zNT;BfFi#X8HWdPF^($*h$?9CE8&4tiOyTViEEDQYA@sUD{>OKCV-jF_5kDTgJPKl^ zS?M8NZz3ji^^hW&V9#tVx@RAhD2|FsofY|$;;vlXR{67Sq?kH+;GBJqxehYakb_n= z)s}2I(qwAl)D@WUu#|&WJuc1nQPq&r_FuK*#^Hy>mw1@)zqIaR&(+eQioB-!SWES& zD5Y82FNrBw4f4mbtv*^-y_y?FCM;$RLL}9tBwa@iEHJ^0OHe=-9Q=6!%!!d?mDBH& zz{)jcfQQ!B8Bu0rpAbw=eMH3hqdr(HwISpE94YsC2M=q51(!8j~bc}Dn9R^yC$8_3p zY37jCoc2I8Xg^)rX@4)i?eD9Agm3s&ez(;5rWHh}<7Y_9bP79nP@N{--ow@+X3!;q zVlu@aRJ3Rr#@iH^-4etLWXtrl9{lIRHia=F?PFS5DJgSMDV6>!*emibWtQ$vv-gl8bu|4RDzCu$X8c>_y{Dpm&2p# zJ-$Ulqj}e;6>h}m+So}i4HFD@Uz1Uaeqm}PEpDR%V5p-K`pZAt&Y zu*V5#ZVUlft3e3a!7vA`0pp#`0BhibEYyH6GK-BHltG6sK_kPV%V^pO`YW$dnE5v}bPv+oP1`v#Go^5@HU}3@ zSa!aTnxO*=sR3-wkW~7~1ROmwt$@Xpi^=+L`rQ1Wc+E(frnY=sywA-ZWp!sv=lnc`27bb1$#v}dXNFRGniNhn zfkl6Bk-h0gY#cL6VM}Im;agjDY{b7NUPG6^RxPwW=@xT5_9V8(@gcnSzdwWHiz<0s zHvQfXnryiwlSfjew&g+>JhO7F5mk6zXvx~2u0r2;a{{> z%a%{rc)OM+Gq^%Z}w+qYVLToOLTDJbT;dR^*w z&R@FmY+77ijn0mavM%TkLqYolzBK+!e#`Q2&q`4O)!rs}m%`rFM1~9f1p2DZ-@h%< z6Bl~(?pHZ@tLH2>$km4E(8%b#lDkVbgXP4BdHaUL2p1eaDv&K3|NKa!ND=AadHjczCnr)!}+2dQyw3-Kxrw} z&IsHwLqv4BWs`SIVx;7v#6RJ?)C1~08K>Sb3^vA7HFJGV826CwGyM-3EAEU2^>@Ro zF5EllcJ`s8$sg|Y3mIbCN1jq{6i7iP>y&3bBK2xW{~F&2{YQKwECU$dFmd_!_(t(R z;v3)pr})MfOwxZb??nC|=3U4i^A3wGD4q&8A~bo**tX6a@01CV zhXSMKRmB7*$tkagFM_63f_SqYrEdWfob+|iHWxM#;)U4`$4JsKC}bjz-KaV62E|lc zI0w`}4noJl-R(kKW5+6~y(5@IWt}@Mf;-)#@e~|BRb}cJfq*>22GtTj!wy0CK+Kmk zbO+^WJx8=-;uP_cS+&V-LcOUE?)yUPA^U9KCM*0H|-iVIlYiyH-w&W9XX=A zq-eU-GbGjr`biGBBpfmR^oW)&U&VCow4ZE#@}#3aR$XJsEB0q`-%J_X83ioY=GQd+ zQEa*AZ?&P%AL%!x1CeBoy9r380{E&(h%dlbr#2S}lCu6XDk+=j6Q`<4XNX&u4gQEV zFzlW9?_qDr%$FbWcCEiwiq< z@DcF;4{dK56nB?(eK+o!-~@M<;BLX)-QC?S1b26L4esvl7Tnz>IJ}+fnwe+jzUQfW zzdS{CQKy^J)ii&)&f5F8*5>J((O9%p19uJm#eyLqhnd4rwPBr5 zJ|@`+SWgtpJBd#=3Y-42)BLLQ-Qb^x=Mwm7U77UPlLb>^Fa9swL^Jq+O+vyEsb9*~ z?`@aqC#3XBh z_6AJc**GJdQdtdD>AeJ%wYkS&p3u{BeUmt7^-6Uu0uFIXV3kh_AwJ#;SWEP1|ErdG z6aU$ngPtQMui%H5Y(Y^F@LW(k%byhYr|gJ1te`MYYDDQzLmE>^GDl`aS=v@1m=w20 z=&!nJVKjk4z(v5tf>^)u z<7}Ls^C+&3@GAt!C{Qnelo_rqxX|zt2>k&bg!ug6DO2X|}%znnAA5o^l}S}TX2VWbeHcvVeFd-QP>w!8Pc_fI$}lP%Rh z9=O1n>~UU6QS07XUl0rk3DF%^1s@2|YeTRN2$%5Suz-L!WGN8v){iMyVH;li7A^&hPj({1OSpRu6UoxrWfpRSdY8 z%#Ce+`E2KkNV;Xyy`Bo%%w-Lmp$g&#cBS*>swzPdD#jJqEq5=j1iOLULm0-1dEka2 zxRfTmWai%hQsM0&?xwH=m-VHe-FH_}GJx9_%^>}nc&~iCCE4*%oMMOPKl=yc-cB|= zn}f3W?E%mEBgzm2?m(pZ28cB80Y-p_?zo@eaoJ!bQ@P+`h%wxXfVg65a{&i-cqpkT zK>SbGcvA-^Fq&*qaJ4Ebz?ftRNK&!_7!8yfuPA7>7io2S45%H)mP7ZxJ&0BoD}=fk zND3H(uCbfjy(JBZ|6w#DvfBzLfgS&rUpI*VR6GE56BCpkS@iEUIRx<0&svEf$hZWL zoCIzSaMvJ#z&&!nJvny#+kU+ufxtbmo0zb`aaey=V6f3}Ial?R&9g||?0)w3ybQd) zcu{o3`k=zRlF%Vq%7EBpWH2IN*FqRE#48FM`N;zL35DPW==0k18)k+;c3=6t#)lY# zOW?jXSTs2Vl2{G{yus$&pc?S+7tZ^Qo(7B}eZI7OJV;@GWb1u9qUG#3i{9Zqnd@c# zf(;st-Vgvp_SuQQKOzMCnr6$L!F+Ch4?VUT%X)!abHw0QuKa4@ih>o?> zO}F+YS(sL+>=@GuVJNj97n9HU6`WC>B0@pfwpnM`1>%{{G{6AZZt}tZy=}ilXdv~S zyTQti37$>psjPd;NLUa;Z;vIGW+oLwgFwk^GUIr#@lBIk2m-$bRng2|h=sMpB2)bF zU>jtH&|;MBE}b|kIAyy?me#;vqrRH2(}l6=wdm9G_rVe{X|i)53vQJStfAw)C###q zv9XRyaa9jnw)KbQ{x`~-(&Qhaf?j3#@cNzYXJ>c5nTD_QU^+EJs7d7=R=By0A;`N>xZj#@chZ<$;p^ft)^*YZ;)n9bP@lovDFVy0#I4>dA7lj4@&o6#ig? zh4VJZLa6!L_M1&S9*gbX_5NRkz@e^1c%^-X;N!RAN-wVhpEY|W+2}-Bu9G2AYnFyl zCtD}rVzHw0+525nAsD_E^tB$PJlG`9UWI)l&!sv-VdFE<9Zj|C)efb|kgF@m}#p=Oa`kW_Hrf$x1J>v->Yg~y~{?dn7 z8!_!+xn}NvQsN!)b94U=3A~heuN`v>ojZH^bz`LPS@N~~d`d1ChcV8*U+;7}n2NrVUaog>Qv) ziS5pI$3zFPMp2A7D8lM}bv5Fhg1)B1`{>(Z%_GqUQr=$+SOtVey@5V+bnMo~^9^}c zK~`h7w}3s7yyO)8mSawt?viHP$k6kzeXq!>mqYK*WI)yOQP3OvHX!Z)xhI0rE zZt4U&tXZ+G1R1c?qaS^E0PE{nY?BM~wmaveA-s_Qgau++pIE$EHsQezv zBkOZwBtG)ecl{c4+#M$o-nzq0La_W6 z=+7fEx(>`&GVBkL%jo^~POMt0D+O60@#?Y7)T6DrZC-LyGLGjgv%Ropv$}P$z5|Jd zTWEPeq0JBQncX7qu=SaB?-!eD5_w-91 z=RiR~SDy~QaNze>pB|))zA1RZ0}UgFhIP*>7O`Ed=ec3X|4=d~KY>aHUb@8N9eseF z<_A4N0jwTBb)?=fmqkjn;^TOpSYW&U0;L-vmOE;XAGX;$`ICYs>h_fpX{JL*sP#B; zaTIu`c!zeXq`?8Ep^Z1I4w-ewvlU6W``q34sX>xUF$)v7bmOogDym%$!i5c+*gkt~40wRkLSq)Dwh1jg%cEWp>;AHha z!e~>x{ok5>aI#F@*g7v2gvOT|6K7<7g2|RQUH=3gto{q|usrdG zrP-#8q3=a4(Twp66-LETVH|AMwv^09DDj-JeC3nxi&1)R5Q;C-dos6wLCnYt|A3gy zQ`!4QfeiCbT6Uaivyw+(&QD!S`?4ZJ0!mKDG&?@HjMFuO$y98Re5}vaboMihj0FuY zaw_#wx-W#(w)`pynG?gKFJ(|?1a#PY&Yv-8ePNK3#k8i`2pImj^ca%wKc!&Gjqxo} zvht}qzJkQg5d6#^_R{5xRsX>L1Or#W00I0lI$)jnk7JdBNX3!*ys7)hqsm50CylmT z8QnVL6VeM`Qwm!VP~9+@YWc$WN^obOevm!coosz|wvFQ}_=WbD>al*3{Aq#n)X7w!qtX8>9+oTnu1F*5OR+snY&M+^1!uH+A)rv z-8kRaQQ_iepiK5ybS?wX;mShFtFW0CgApz_^GQ7j#ZoDE97ByW-|V6$X{Ww|nMo#S z_UG6%Czn6M@q+dmM~bigv_D%ty7GnniyC8pnH6`$}WP1Tc!=2#0CT_a7lAe+#9O zgMSJoOIp$&kCw{*kEcMP)J0bq^mrQCuM6ZZkbSi`A5UkU3jPQszm9c~<(Md^SmfDQ zbRZlJJGRd;!p}MTHyoW+Oe|t%!RQ#Wd*f+dk_WUg{9!S|MQBhk);c&prl5|b<=0 ztN2Aj$L8W(zw=$aJp_Av$C52Pxx}M7Vrhv<#{~1zU!ObJ;RRtgCKdS7nBorh0FjN?g1@k6mT}ou`A~mwhd&n$ zb4*@+$(Z|yKTRPiaLK|luFx8r2#K1Q^rv&dpEsLFM<`E8LKP@n$ZVVp?-^6_c~MYI z2{u&X7RO(>@D>6!Q7~`ziSr(KpFVrcuY(a>oe%Cp##6qabwcSm8^&9eVk!vdj$En2 z90GoUGqG9)J!8Fn&OPeD1{>mI2>~8I55I^)wB1TVb8|Wt652|6Cl~90P(sc&plP;_ z4J{MFT@vo|a@03djKF@f^ycbSV4DD^-(Copt>1nKVyAg7i6Bbzm*%rN-T!dS@^ZTG zwOx#!9R&sU)=v~NV0g%rK$}+Lt@MNI@Z@dkFhF4W zmEhX!=}lzsEfRgLOL=mW`u^?xa#wIs_pG7rK_#dZqqZhQpX-Y8>N*K3-?G$@o{0y9 z7>wA~nxHjH5K;zGX5)9ru>{qxFc~nvT>soAR-4u|3&<$Qs35sbs@%>{&ola1vGb)b zW5~B~j9shfd9aLKK$&~n_B&8!yge@if#$_NlTm&+7DW zctOlHyK%{`L*n&8M&Q0V6Jk1Xhxr{dNN zd^b?y`Pl+CQ$e@5tf?S2A6>u?f!pp^K+h_pJ9IZuqeQ{ANeoyZwh1pu)U}_@SNQ!7 zfO2gD=s^7=*KUDw?Eo+Vlxt}}!PBzAz5?Z%8R9fhuBH8vYmV#~P*%LF=z6zkdbd(Q zOydx^cS;#z3%IxY&)!486mW0WPw*@Z1pqIU7vdu~o!``45kWEyzzJ|fjfnlzCz{&t z3J6+5%W6U)BNE{9v-@4SqXM>Zz_uZFp#NSM0H9^lzk4zOfI>|76Rhgm7y`dn60%=& z8337{5RyPg0)Zdb?-3UUaJ>MyCgKMGSL}f6W&kp9o8>DY8VpZ%b$Pgyy)|MFhX09% z5ZD9)k<$@`&uLG<=I8Lc;XnoKmxJt!0!AGvK!Bf?Q=b9*=8AS`961jB`*WzWqfzEy{;~gXBfu@)qb63#}POhH@bU#7MA6mLCu}!wsg4k`js5G;8439T+dXVaq@Kr2U(a9i zn87g@Y5mgV76i*ng!n_V-8z;8Yz~3s6n9@br64RJX~z7}rzlM7=+_0XYjJw5FQF5P zR*oGi7*rfFSVm*8AW%QRUJ(>Ym6J1q3-1xj){NSd_m5Uk1v4k=5qM(`(4DJ5mFj7H z(_-vc4Q{-(DR)WS#J9#=w+DyO7i#wu>(Twe@}$=COs-x+H6id9@6;gj>0i7Pah=t= zsyK$Zc@ElXrrIAX@RvN3ujT)(KczToYULylFaEL(g0f0(#&jI?VT_)(7iq0%L4(=gUViOKVt^BMvHh8#qK&L#wGpuxZtV{O4xeRI(en=kTv3m21XPmhmp-Bb zBC$|K&sy6z(+vqTu>$1xe^69-_!BI+vbrAcIjqT8LsV-qVB``1i=lE+{JW2|F!s+r zQp5k~BSAXsDm~qm@O&(`MBL!3X0>7A|D-dqA`RU>z%O+NZ!23oJeT3lU!r5-4d6?;F&dg`IX z+i9NHWAV7b^IWEB_1G!9p-r@7cO_OcP1o?gIBy*2y|*uw z=tHg(C}_J|oL4Yx+GNn5r01M96eX4V?t7E8=voRG-*Wf2?2N7d;Q`i(Oz5CfgbSko zf67ip|JM8$|4owpN7}jbw@&Gr70cQ42PP2N>n1LYl?F{*u%%ZAi(pHJRNZP5_rCm|!RUAE3^ z1SiZ(FXB&+y?3m^{?=m?R37g{c{QO7)7fHIeyK-$V(-bE_}{lF4s8gITVpSf08#rA(NxGP`)sJ>(oLtfOM;xDX2hiKwd0YDvpkbigm%P z=4^(&Rhd_1LeZ0bfDR%&2 zU}KoUGlmJz{zRPP^-jPl8J`;V9SkXw2NLKFPW3@S!y^9nW5&PQj(8?=aNgFz;Pw2uZhJj7TEYlp&7tqTn@}H3ba0C_4s?elIv9#P>L_JDIj|(SckVLOSA! zEMW3Uk&g(Us6?qjWmC!~@a~Tf)WK;>x+| z9Er9yO}M@l{kZ7Mjfk2g2Zy>EKO2VE>#xzSzRHdwCM40sbNZ92Ri9AKL(#%7=1)Rs9+E+xLvTxo zxGIBr)OH9DV22D>4&22b=Q>@_8C!W*{zBlzMSNG)m|f3S^*ddBIPtZYKc)xQbDcSN zfJW-m!Bgeok%&)@*HYwzBheeM8A13%#nz=h zn>Oi{^C|Myi|K zI3)nlQK#a4>x%U(10Hw$D&&e{;DW%TS#pq96k5%rGV^;Xi`tSMj zAH)}9^aiKOYstFMNfu7BJ|jelv({Iw77MjV$hLI=|(hA4mk*9_%p(30XyS`;QbtuwUQxGrgVwE zeDX)@FIgln8l&+=7Ko76fYTvLpZ~>-E(Hmf5Y2`~@)|lhHGoM9k9ZKEF35lnj3AhR zY7lPI^m0Mi`~(lJ$3L784kn0r90v~_SdH}O4ghfC!#*B1vddh2x1+HjAsu=p7=&t2 z#UQ(!DVN_Nx-pd4>Kx>Y?1m=BGI!(du)<gDlMN0QI=mWu&_| zq{fkIIZyh4$_6^6-C*vzKC)Lii%AqcuM!)t=7=Xmc;vbtdVX?fR}_>a8y2@j4MGM%!y% z1&&=)d>X1n`(1EsCU|v&I-nZh?!u5)G3gRG;Ffd+f#H+ot{dVq)AY?NWEo2!=v%c| z$=ISA$re1m7Ew1Ts9tqmLf;l%x1L`QAOHjs3|@y~%)e(f<_e{o-fxrKUw0TaRTLUo zO&I_RJmrJa{q^g^`eS7E_IMqfj-&SVaI2AgMi531C5iw?52ayIBO%hL7V{G^NJS6z z78fYBH`3j^?&_yrD#xU=z()lvhC6H0(-G>Esxh7Dj{vqhgt;KSq^b={D0;#`R3f-% zN!1y{WLPXs2LM7s!f-*53}0#HrmHopki;QD9Q)V1aoAI~K*g@>+8UZ29$*9POG~(LG z#Xd}JOcbrhyVlJbC?E>j{AG4P&7`c}2w4JJr9mVW7_E+00KBRdPyV{96;IBqvDEt6 zIPMKp;(ys#bCMi%n12$sf%#-6tTr5BBj37pUeA-^e-2`W6i(}RPMC~pg;Yo4T*E_i zFxE6;)*UMSX2C{LG1@L?C<&SZ3o8~+^Tg--K^(S>Fj<54Lk~|5jeUrYaKi!l;K zXd~P4%&|Mpj}$`_K$9v7qvnuQK&MvQTWEz9lgiJ~oM@ek3YhR3Ee1>&F#)V5Q9+lL z(AdN2fLBuq41OKew3ZvJ=}hWRW=VL{8NU}a1hKVE+7nPazAc~bx7!5Ike3Himh{DA zCcsAlD&XVK6Zyi~7^tFxUa6u1-UIsquW+SoZ;T+1MO0+It9IUXq4dk*9|?L9898TtB=Bav`^c2!TH1 zE>RsaIWs>%q;Y{*=yy%+7+jV#cAIo{noP0fvaX$9^dN)k({aVH#ri0xT#YKso%Sp% zAR$}*1^9olj0iZPn{fc(e>#JtlBmYg5*_L-f&`(5J{UP*%eJ>UpG`*5%ArJ|c!9H5gU?vJvj|emc zngRG^41b=C!F~_%8=Wf{N-Zny7f=E(aDrDxV*>skKi$Tli8z?XO}dZS@(?49Bw-(UTYVTl=NSUN#z3IA`wTCRTuYw?xtlLsuq zc6R}Twba!A3f3~DS+GrN414Rr6wRSEZJCc*G!kc&KM+afe|&z0x3>}k1?9BBRDw5MPJnR8nnL;E7CFV_}mQA4Jpj3 z^hS|N^JHS|=RnOIh?14zyH&B|{Da~=)WM>g@F&~X!oGC8ZPo%ht(*Qht&Jaq>Hq1p z77zQE)7pYd>Rg0YwrMg%^qp5z6iO8(0(`nkp2>;`cxpo(Y}08Mr{s3~_RJbI@>L0I z&l>B7_137>GSlcmNa<#FO~wop>+|3JRfc6`o7eQ%)dJB89CL(>KOUyLNm&*=paZ)N z^uIf>G5>a8yNq4Gyf#IUm{XO=;?#JUk)Pz2imsiP;%k-_|GR@}mfOOsy*1_64tdTV z{&5vv!!#ceX&fp1-bj@FJO?Mv&g6BCv)2X(FAoR4j%Gh67hj*riO2^NFdJjYgR^Pi5T z%m2{aO>gv5$yzO-!=vI-De$HQXh2ld+w}B4{>@^1W z2EL%pZ&O2pZa!TLJC9Wyc?P&zP`ukkW5C#M^Hv$lFch2_oxc4_JN%iH_h|>a<|(s( zNN&@}gsHz`x6ms7pT=%+8(T!yxI12H!?BRX#(ChyX^-UREt`G+<5;5mcgIqq@jo0( zazMuthndj7_fvuCzkL}5yS6_CYpfe_tc4geFyQWdd4TQIDV#%#6Zd5a%+AKphAVEL zfqCJ5U;IxpWKhfb_MYBOs~pX_<0tuW$q2_sw7(H?iR_yDF7XKxYV&?f{NKP$00EQW zKOIZ;K*v(vxu*&q{GBN@c1oyB)ShqYEg>f2F^19Ch!Vr`6zaSVmyfM&5SWKgE>>Tr zv;W<7-R22&EcLhz{ujqm)nAUK+L7zZcHFc3**?*1aNCEp`^C;i)qE zCv(g3sNt~tZ8$*r-n)pG`B|rsJO>NM|5X@+?$cTWn#|`|#aS&&*r8aO)4jbqHEqzy zio=E1=ov0_yA5pttElV3?i`0~o5?y6{mIZTZJ+s!I_G<%SDhL1lX4;yU5pL{|2Pgd z^Nq77+G&i*tfEHHoI`Lvdl4}w+_NpWW7)ImiD;2heuC2_lz;cHxpsbdT{|n)QGTaE zlX*D0BRz4N(#_L(A+=zensiK@TvGWN9DS9yB4;m&2A8M*ryE%*)N{46!8iyFl`mo_ z{ahE&MUq`VHyKY8T>FC}nuM2twwAvrikeT9x}5A@bKDksN*bdq&X)GgQ76auhDjpn zBs*&Haqvgfpde3>7zgFeQh|^3Q?1e#f60#M-^yRCAMKf4^18%JY$S~)vWHMO4k{hH zI5m6|g=aLJ6AKU>lll&5JpnQES)xx?+j0%XFHoo!%zci@?sA$*p95?@UqHhVqMb2Slylo-|@Gq};4>eLmgYVh{#*Hv+^?l|r?FGYZ zeA2xJ;Ry|1ylo-J| zZeAd>bt-%M7H!~#Ap1TLq?F%eZumY!G+a@Grd~P82T`>DrrD0q1 zP}0E06Ga^gD&`gGW8OjMvLub;**mKiQ^WNdxw#yB=y`!{yjnNtpFb%%f1J@FoLP5k z_j7||Y`q*Qz(Mx&s957$$&<|s=}89uK5NGMi^X;7S9Gmrm#u1UJW9uN`jp4BdtId< z@ASW8#Q)9uA|F(p7ysx4l0f%*tov8qDml*VyQ7TP5@K(q&^4`YV&=103}2LwuA%P)t|1#gK1FVb&Q+}m7Rj8UGEhMm zq)k{Mwk?C-nFxclmp4Yn zpvLYuP886pGDF@}#p-_mE|HWWuls7Dwp&Ef56wRa*FSxhCnYxUao{janc2>4)ClGK z74_RJdr$_V_?w7MRUD16@vjl8)folJsFT12@loX8GrrKSiL387B>F+N4ow6RDi`9w zRPngVy%}MUEO&Jrtv028^n?(wgOACS~hxY;3Rg|Ikr$DsUhWJJYLc4YX+(P}z*$YYk(ZUGUj7^phw3w-odL?PXZD(DxfZUB z$Eszb*7OV&ANt;S%n6Ikok{hVy?K(u4&pUS!&#n-FAp*@(G!zTc5YUUOi$Xob2_8n z5T+X5hxYTkG=FmXhQ^0?a9X_h{)tQD*~!eh9L48e^0@b6U=SZEgjGbOula5p)Dm97 z4JVsu+H@Z&#lQ4$H0?;cF65p%m+R-`fvekltXxInc4qGdl1Lv?%qzwpJ!^sETDH6$ zN>d+WWkB@F|1Qt_(|Ey!6goBzD^(mrB3f}Ra)WJvoCZpYKh{F#j3A&Ltrtd7!(IX| z)@UT*?mF>QXd!>fY(ujEa#)*dZ|byy$W;xK#(I`T?8O7kb<0*~aF(Y2sWuB>MI zDb%MAXxH#k30o%Gt{$a_gV~$Y>94j_3oW_zG(SWKz|p*3l^m|j@ViKbEtA@MkJl76 zeE7_dI|?+af{e?5EWYJ)^zf(A`JcGuK7OC!zWkQyDe^EV7Vz|oz-G*JU?%l$!R&+~&HmC%yJ#T!k_rQ&IpY~~Bk z*ya7aTKDM1wN`t#+`V|%bznf5 z#nH+JlcfeUWw6kDUL*J&RfxD&s8y(76H@>2 z#Pnm~BKX??rd?10CR|a0u~s~4QU?naSSV%eHwVrU715`b$*>~DTJ`PM1iz648GI#~ z@&x~}1O+&wqInNJ$DsDlPDS&DTaFUykb;U5(hO;{$yG;+60~+{ah87b2`a=WcvRb+ z23MRyDgc8zCwDzoN|DZufh|_ja&U(^jY0xjV5*%*ali4FYm$QKl!f0myfq<(%yE6U zy+YVQ2`-JPxa46iCb#MESAHi6ZOEedyjZ3>y!XCipey#Q-T|QqwL5XqmKeCGkUV#dqOql zOR*6rt6zdzA9~De(h9hO#9O9tY9s+=c;oki&)zErs{#sNzaA(-xCd@=ROUeC74LEC zaTYFuEGQaeI&F(V8IkWFbEI!Onn?Jo=*AsG5qQvzxCq@T`IB# zvff4LSXH_wUOX(W6|cLI-mSPMR65eKSL27HO2bph3*<1bqB%K1TaxWyJcDNx2rP(+ zZUN*t-W;e2)Hq^_wm^sZCOqIAu)=nf57MkH4&AJ+3}^xtsch)~DpG~5Vq`6jsqT7C zYIl06MuH72G3=B#^0HgUZc04Urg6%~qb|L`^Lg#=sF#E!mkd~UKW~n@F!e?3!H`FNG?8pHLYgv< zmkYoE4d{6_fec{%O#%@`-79yJ?9zCR*?^7{0L93xx_?bc`RFO!-+(Ii{Y6+N^miwC z{jj1jA;)*A;p8w$QU^LZuW8s^6L!gXEDye7W+lcDks>n|U+W2zUq3e22spoKFEmth zp}0k0T?EaOBBE(584aa{KK{sQqv#~+G7W{5f=kuz1kf*M`N#WQ&O!~8< zwf#F*GL|`)vA3#sX(_egP+Hl=WO&(JzOcwj_`op5)5*hMxLC$ANDGMZqSU zK$n~*Z6PqJR1j-fo!St~;NEp9K4|5YvP76jXLcp-hF_JcnB2@7t7}ZlWB;Vwlc!1B z6_plRnJ+C_&Wf5JYEnxU%h&|`0W3~XrSR>@7`M>2ywq&+^wvHF^kMPar*Lyy!&~!> zTgb)IZ`{Gy*Xt{->n7djRGvEqUFYT^UA9dPxEk9%vA%LEp}jV8Nx8p6FCbHqz*v8* zuOg4CJ>|0g;MCE$beR?`K}>@y?s*PWG(ROsR0&xmO+?=qk6f+G!%Cp4(q{6D`b1yQ z^O)FDn~5pGI?#nxs0=yZB6kffiB{~$Gs-L71s_3N*`h(;Em4o#w-`#>g#Z;Mp9|C7!*fv*{M znt|7wTeJGibTZs`Z_sOAh>w&YwO0H!8vZq}<6#XU9CBe4jqAQ9_tEF^JT(4b*SoN&O<%F5f%nCa+va zq7^9v?3PbqycRO$I3g$WW1xeX#Z%5W*DfdCgvpS0JX($@6^~zov!aE>g{OuhqQog2 zO_&``Jmb^3g$6V;*>D-@Vwnf51d)wRw)BI&0(^`@;F6(9+<)h1%pymYicY75$q@-u zhYzmZJ}T41a*xslWu6JeMXO!3^m+3cDCs;D_1{XHh6TcVDj?6^G8%W>4a~ZxQXN#X z4NQt0iXf%d3A6G?v#@%u}krx+VjvO$PnD>@+d>&V?S5QQM z2%c>`!qh*=>xg+w7S6Ee>;6u#`}5~c!)k-n*tCjJ239(`z1OTBZ$=PL9vb znFY;MSkR+;m{^-Z2Ti&DzZJG(HExoNYq+AgW%VKMyt?%4>F8j=yd%*(4{~;e?p05G zLk10jSanfseH7NNf(Yu5zR3xMxL1rbPw95wz_=soym3;gJOPFB?}FQM)_%wJe716h zR7vy5$(G7wkVW4%^jbFuKl%l7g4k9$M+cd|NPbOEHFvyro0s}Cu&ZW(P;EOhaQ&!> z!KD1B$?ST|1p~G`x^OK~r~X&ey@!yn{poTdX?=qWyf`~NdD-`2s+>up4OZzpRxBQ) zG-E$v^_csIV`W9TU}onMkyKgoL$@hTe(zOY{Zqi4FztM_{5aNl{F6A^i50IxevKq8_} zG)KI;+)(L#Wz}6Kf=UzO^o-eBAtd#e#;Qq%R)iv`KO@#qw2)3t{e6$1bz+zK&#!#R zmz5h5W=Kxl)dh(zl*i-J)e^DsjoaG`!`l=OjokE4)_Ldd3HP#@_B@JucLvpXb$xR8-b(Q^i zw9l38Eob)&Le)%55UwT*=t^2krX`}^CIacxOBEY$ng4uw?C*(A4fHBe1lB44hbMXE72 z`22Wxd}CgiY(P5{$mVeO5YVsS$zfxICPSvb{qQaLwN|*AR1`kUT~AUBj}D>2yY)u% zm@?jQ0*MsMv95UXi&7$7aUP#LX=01LL)i*02V8AY*n+-lEIHwm%Axe=NZOw4XeiFU{Aj7=E#-c~y?dg=EaX$7 z!^$YP@*ngUXUKh zS~;9${tF8*^OR3u;{?V=dXON@!x_)H_FO3fc=PbJH!e+8U^?Qd1(BF5N6y_`zD-VD zB66{VG`Asi$ywwZ&o9xrdppnXEyr}OQHh(FkjYUj>d?XT>Ga^|42|v16(=^4tV>bK z^49kqhRRNsZEh6{+WHf9LQP`Jm735^GRu{_7s|WIeOSaYBhnmp`j{3bEu%ClD~wY# z%EqOmO{bj>#!0FcVYdPQpI{+PTpiP0x_yDx3l;A-fjb>c=wE~=t zA@JG80rSdUiw^5IbfyOER@+|}%9vJT!*bu30U5#+KcN@4H#17i>4JK`AQCMHH^9oA z#zRZ*)Y&+G&V{*`$rdpa?5gR5ZsMfR3EuuSx7W?@-T6x8rc|R++wl2Sxz7i;ZL|I_^*6ScIl^Z+Xehszba*5mDD&KRu&Jz zu_N3v?};NaD; zPbx#R{M(Rvq99xyzJ z=Ba<3(2hXCX;wvxK+%hkL&79R#w6~>%ynnQmj+veuKwo7Vqh)Lq8Brb`dvWq!A~GB z2ooNaWgdwq!x{mV+SZl2^#F>nSy;Tr zpNaMN*iQ5f=MySMc(_3(s;o+3B#Nc>cNB5Kxnf-k=6YI*9Von{1ZfqL_U#!ti$XPV zzbV`SRkc!*r#zJ$$wBrTs+nNaS&Vtwiy`bZ5&&B`Kam_D>;OUDrp ze#gx2E7XZMBrz+y6KjT~wC_HU7_stBo+3+Pe0?NoM_L*$mGsJluC7hu_d72DIErsw zTXsEj{?40Bi|0#uY}NHVvl=02vlNu24Sk7q)#PMEA|w@&R%LU%GgWj|8wKSs=k;Z@rZf-CZFHZ)!Mw(~#Z4*#$d?hbqHhtGwMs~3kqA=VKUO_%_Gw)ax zfXn4HqsxFi#gHki3{cV_)JRs+aASS|L08e+snWgv6dA9F5CB9qjJX&StipVmCCcGT z9CJZulc;14Jrcare6TP@fx#O(eu-urL6x5rJ+_UPpO=D@vNSwD0c~=NE*PpnqnM$% zH&YoZ%(+L!L;>eJ3Ofrau=dxBbFJesK&~9a?Nw z+hcN_Ba2n4o1BPDeU9Xux_E>h&!9vpn!-xdl4CtCtkOXJtx&9Ddoj**Ud407c!A2y zf|5e?ISMPVz%$ZYb~VUYeeqf^=e?fB@>+JaF&YUe`xls{-mkY#>xXRhH^Z0a4|sLg zw`MZg&k{6Q>aI4HPrELAq3Wd%dACUnMAam8VSzNyGF*L|qxiY15hn()`6~EHl;(PE$onAbp%rL?jPg?(u7U%tAIQ51VwBeimPugNHA zCBlOnJ48g-3f-orA3mj?>q<&(!yP!n=%b z-{I%PG=?JVOAQiw^$!mq#oyt6caYgb{JZ`YMB0`+$Dowu{x|(Q=pU@9=h+`6sp#@!u)y9E#KuEE_sxCaT)NRZ&rSa5fj z;1(Q$ySqbxAi=*T`_Xgusd~R3R8iG5baUUm=2&B1V=jBO#nXH>Fh*xcu~lx8HTsd4$|Ve-eeR5-@HQ zALu7J=h4!Z(9l?!1f20u$54JXEu@ zLPT}rCw(?3OqbibAtvgEb}t;qITPI^xI?1#Nn9&0vSnW>Ip8(Y>xVlkf5?{QSNf~s z{)%IR+i1t1ruyw8ni}v+yCA=0Xz%2S_UgmfBAWY6>05HL^mg6l=T0B1s`v_S(|Viv z5u~;6IXO}wJzoH0djGKlzf|2UMtMl@VTxv11^i`?0H;FPC^rNviZNkV{SHJ*l15^8 zy`k5dL%A%;B7BdSVb0PF&r`<1k~A8x<>{QMz4hvp?~q=y&}6YlX88FFzlN+B#<7^2@PU1Ng1*S zCRooCuxY7rh*A0e)7#4A)!1*Jo0)B)%8|6cG0*uHX(P8q6a)hu-O)Dmy1rTL#E`59 zess=QDBF=zgI++Y#xt(!fm&cJlZ$D8`=o5ji%28%tVoGLC7I#4ERewUC@cSOqQz}VwSqm{&OJy_R34euEHi~At7 zytnMAk&O_l0+dE)uFG_nOaIj`TiG6ryDiT+`9<@civb(PLCwXaW#qFqyRv=3PMk{w z#ZNTtji12bo`wTjiU=k5`di;oue;1-MO6GqT!e1pe4n#LquO*c3n?lEi$QEqkp#x0DZ<9105d76#@T*kt@Di!BD&QU*!BePt=76h7ZZh% zrZXc%-B8u$K7Kfs9=gZqDp5c)ViG|+QjV_M^a`6< z%DAEU9_Mi5c#t}oQ@rLa3X2pdM)lL7(_V;sYK#2X;Cjv4st|KbEor~q5c)**S%BJA)Fx3nY)S5#q(Hgj8>c0)oPM5D>Wz9#xvmeuX+*S*`ts5} zo>RHh^{`g9uDMDG5eMLk9Gzpt%HFdgzyS=auDGEAxB(8Ym%r)tVo6&vTz1EmRPEG2 z?x+C5P2r|6PYe@6fqst}((Ls})JVu5hfp}|{0Q(1-RgsfzmS0BwCgqx>WWrMI zHWX^5I}9%>kyAa#%9#GxQ^Hef2i}oB!1&<~uj|F%cB8S)s!$!hGqx&{D=|;wcBIU! zM*1%>A5R{h9lpDF?NYnjktF+v6`=5F$Rj|c9g}qJ0e_4PLZtl!ywfu66cqSrEwl)q zL4R>EE)hHwx)Ag#2|vvBAqD&h=}n-~dnhfJv zY;>9=3b-nlFhReWrj8aRjDpw-j-zhDj&p5=` z^nM2SwVu z;?qv^cfT7H>7MBH52uR#L)P@qSp2pKW8L@TyTL zWN|PwXWLE5TW}!w{E@1>_(+PawrEKc3tTtt!|#|zYNO$xu8S;mBK(&ceO)|%kCJFZ zjhx-ux4w)Xp+%SfjT@e_>dnIEh!DYrvz4ozp8FHm@^|abuKF<9n;UOPBX?SLrMzEs zR6Uytm^7`Zw?4mCdv`?jN%7hv4$@QpD1&6lf7szP9IiAz;{6~MY71;f_cf>9CW$fZ zIs{QrYCtIQCCYsq`CEO8*qy}~7ddgxLK0Ck2C;DH?ze=l5Zvco}$t=40`Rj{-Cg#pNGLAU}f*@lx&o&<4+x ze6;i`x6D5dTZI{U<_${d>m+mQnfatrnyp!=o~bdcR?w=+27e!ydH(QVo@VD4;fS+j-W+3mM-{8d%`YzzcXL%+4{}f<{g!~OMGYmI`i63QdE)UM=LCsG zG+r|_!4mITH08J&AE9?gOyuW8)9k7mzp*!NpNgO5p3o*e6*|ejbH;13ndvhqpri70 zbIV*BRsXEG63Tz;TzxPm>G(|<(^nGI94yNzW20eX!K3aYGmJD&q+arcnyYtLH<5ti z`@2in1ZMdsEVux|IXhB%q5(JLNjuBJAAQ>@9KVM``}=T1$@ar>#5d7>xe^@4zOD9v z$2-Ts+CVs$MCyEmNhZLO%7>kz#x03y&Zz)mVY~5cDhtGtT>`7)ASu_e-6gH_uo+xbg_yHN`%eZDtsiKT9e6uR0`s zw}Iifh+KUV8Ya%bZ~ztr%`i!qgqMc5!e2Ex44)W9W3)dHN+N1(pE(g$UBf%$(*ys19?6B9NuqU}9xrW;ak8 zS+?5?E=)Z_=Cu&ptA`UNwz0L&x9LRpLkAI7jc{q!C)xY0b)Ixwdk{Z%AT&glMdKj$ z@t6lvw^Qx0aIM2O0+*K{wOtA>WvG~vchrgFSirX=NKuN!zq~)dEl#jnc4Mrp)?3%2 zMKx=p&9VoC2*TFHN}V$xxbSaW@47ZupdyEfXdr6Q*(80%k<-@bc;xk-PANLgJqHBvrHf z(B(qZAmeMVFPfy)g7pJMc{?<#(1k6WZTKoeasj#DQ;CE$jlUXjrG0v-VEGCITmobl zetY_UccCf<$ZLTci}{`!hIlC*BXb=ErK?LfgU#FyU9T>NV2v=Lx(QJa(wcq4Y(P(m z?+o!yV;;J?M9|I#^pQwejh-O85Ul4EVN6978)jO=zG|+WC6Tfu-fxUdYhB7r9v)6h z6veJ0ZyW~osI?xUR%dh%hq?wH*&UVHxn|-i;Z!*tz zE#pZnw-s|vU1;bc(1=_?W6=q&yTx6V4_P`tJp|zoNzDa`7hYBlY$$*eBjb4?6Qrgk zfUyBpG2mnioG~YuzHk9f@&ob`cN}B#`Myf3yW z2eu1}96=E8+owLfIowJ5yE0FF&w9V~?Izy%&fSa2tjkc}=;JZiD;T)1JoH&1Juo_! zC~?m9^|5C5cc;&L>`sgt3d^s{wludHFG3T}{wSf;9N~RXgddDkOkrX3_ASLW`@9t< zRCl?ns~JU)K4+Ss?d5+v0lFyvsPdT+-w$~QdQe_Vy>|^6QtSM}En$O+PLjI-ez7p~ zi0p%3lN&lZX!N7j? zU`&KS1J1q7fhxK*vY6Tk6WWK^9m*u1GpF^K%?Ec!Ie~SzLhZq7S{QOcQnfjGBPQSE zlE~3^dXKk!EZ&3Z)Qsm|3O6b`U(^NzUd#QLynkB(|55IT8dt#8o})hR@2h>q|4X$u zeT>B%vm|~qQQtw{QqPYEY8H3vUrbS2+sxj^3OD=VvLH&QISb-84s&ogB0Ai=a^{zH z)?h~m4Y9Fzp!{$YhdM3zLd#x1y+ACTSyV4^^@)_;mzi^79>1I&j+nHxQ}sohlVqA@ zkToiwYZN~jku3CIU2w*B)DrnOOf9Y-mY6{jMi>@vO)yd7brVquP!qM^7u|UUF=*7} zhcxMzv5T88fbD?Vh+_XOGUe~7_9zzH$?DkHj^Ta3H5Ve z#lfIU0Z}UBk3XQ)+I!ump4M-o^Eknqtvx{r-Kje};D8qt8`p%xi5^_NM;4s2Q_=NS zu^dLjHv|5tWB((*V4u5&-+Vs=8c9a={HFAi_axq84nBe?t=b(qTW~q|mN4$-i);`c zVUqzFq!};dc8!GL%)(FC7G_})$i7NIawHUWt+!oOFj ztAvPVu4N>zzP|{N?rP>5-QEhp|(0`4-gBp$3OJh3AM*pr;C-jJ~I#!QFN-%QZl zyT_;yFknhq?a?#G4LGYawY4ehya~mUun**cCSatle5bfmF*kn`YM$Qy5-jw&#;rUz zgf0@3J*;QY)*n*^KZ@=fA2d`yr`N{sTi6k_==Npn9-f5dc|MYY<_1%i8Z=$p4+8@`T@rxkqw-dl~1SJ~bX*eMs7 z8wU;Bt^-kQtYXUT${-M7uP`!S=p&F*Nddz>2@{=n8VMXCeDUf|UrbNl>1x%Yz`HHR zvN@GO8o(MOLz`uHAhN`pj8%_FyeQL!qzbZncn#d7IR5DsdUVBd&sN%e-uhV(|UsY*am+mbAIAak7;q zIwKWX+IQPSS9YFS>Z2ule_%a_wy;XjL92Na8J%MyI&v;p=%D1v$q0HqtP-N+vS#06 zMi+qsVrFOsY{;UC&zvs=J>G)hgYq7lCT$9N$my^qKNCVzm+0H*awzkxE3}D?1Axxz zbON8SwQ9M)rwj1p`4ECo+qpTp2xX-2#~YORm-4eizh?ESC2B`2cKv9z3X04P>)Nl+ zW}im~jA}pBRJ3ILC}N_lq_lS~kS}z5JR-)$lL&SnDYhZij=88GR#NA= zQK_pxv&R4BjIR9dE`<(71GfosSNEoiX)|`IHf~3zz{Z9Qx=vm3Cgc`W9z-FVJJAvJ zgkrrS^n3{`|0q;Psae^rQC9@+tVNdxJD1K3P&sO%{DKhxndv5)l*rt0kD2c!@YQxy zFp>cJa*#GbjE?_Blel={c@cE;0Hbz_c{ z7d0a}uF&n)4Q1AB%>fOjsh(ygCXtcSO_CjH6${(-7V6qCAl{;7PW_XQ-tDv14MmbV zzbV{WZ9;Uv{4pRyH&K6XX(f&jL2Q_Y1cAEpeXM0; zM!`TikmtQ~B6>S+v{>-I#s8UMZ1pUwGvwms?e>eW%F9Pzj%VTM z^{V`q#hV%S<5mh8=DE|z79G<#^-MtWOyUA`a(+-}285`5WV}I^ZxN+W7X#yG!dkhO zno2Ii!?XVM3gmd%N{iFOGm8u?ai9VM0rcQbgE$bmWtUp(*2fyXAB$a6Fjd@!))*5y z;q`-t0REs!B^Xa92rA*~o)?jp|Ab3w_y9=#h;G&K;L$F?`}piQP(*}?PYQjg@Lid(EBk9F5bBz(+hf z4J7DcEOXvdiwu7e1JIAqIU>;u7usnhOu;Ez5D;V!gB5imkl~}5$a3y*;X8$vn4~WX5-Fd`1nHjXsuH4`we_(HIjAz3!i!8Z;(rH(Qd=b8G~0P{f^--2j7VU3 zv`pR%VnVj#t$2?`h9{47R|!E~qU7A5E)$dI0Kl?FvMlRS^^{VqbD#>TIL z)|lZiY;Yk&V(60vE7$i7yBj!hbLRPflxqYf!Q4NUD>G|E+VUr;bQ~C#Yppt-F)Zy% z#%aU3g1X0qzE#uaVIUvg@Y@=7XFgwE&soOA{y3#`{Kf)b-(vp?n6m!3n~Dm5U+cpX z_k*4T+x4ZhT=j=n-O6dG@BTk@t8)H-=~l1{iTB7rWh!bmh{603k5dmUR0Wx?UFMpb z*)UAre*KZTIzq|nS}2hsWToyRx|p9_%1U*j2u)%Z;^R=5_PKDi0j{0w%!3XgA$cX@ z6Q&e-X6zZ)ji3Qhl7-GdP{93kZFzxkOmzA7_J0Z1-@iT2k#%m_04j7fo|dc46}vIZ zakP8i)*{CAdQ3C2n&^^J4)~v5^(tQ?JA7z+W|!6~LgMs+0AjckPsHJ?JLTFw0(Pg^ z{_ReoQey~`a`4gQj5hxmZ9YXIP?JiOP-&a>`i`-U$*Y!F`IVjHyjr|NRG7W@vpjUX zz=Mj?hp_$`N^1p4I*l{p|3j_fC(gIiUwoQQH6{O^i5-0PNkNCjx8};Akp2AT-<_+& z*Uptifg%JPVTagTg6+YCVxJJGPfCIe^a!mlVPmp?5t|ORX&<$0hV549>?5KvEZ;66 zh5O6)65K*D!LvW#GZ?lRjMO75e!S5-cyU=0Jk9)CiX|oDaPVgS8A;Y`Qnc&CBt15vn>0iEIuGxAv*5D-rA3d(3)k|C@v?X|BUBSpui<} z|6y1$R|g07o^adie{!3gF<@>}^vG$Uxmh&+CD7M#mqY9b6E5ORf6W7ldQwXwRX#-` zC||Q6Cq%r#HUHOhn`mOGwyL;(rA8__yB(z?>tgYYurqq`#gBI}wGfJMSU)T+m-Gcl zxawj*S?k+5!?W+vEynmEnf2e>&^%@QY{|p05T#;Nezc|<{E2}x5;6$pH!T^m{h&?* zn$(Y0yI+yZnrf<~&6wuyRv-Y|kRR+*Rkm_dIGeM~7GAu=6?ThOPr}xs)O6Q$6AT+# zFNOb7F|4MtDbi{WEeVw@hAA=$baK%6Ad-$BmWIx-?F7}cikjJUt-*oLuOfE`ZAMG- zgKPMo_PI|g*SSbW`nt4FP3ATRuiRB4_?|_UMn$a_-*xwnUAxG|CkM}`6?p%0zsMsJ z-p$5L+Ib$1J%b<(kuaFYiSIn7&Kl(zU{I&?9!z;kc(pfpJ`G(mjZ z2_SNk7qa{2*mZr8tYIc^V=K$jzv@S1>L9iPaU9Ezc_UP3fUn^`eXc|$yISk&V1Gu? zfww%B5h?6ccR|DbzG=}j98>k3n5PWEp?BA1HX@|BCwy?|OsuHqAOm@DXnDNg<0=s| z@ge6k+Z#!8=kD+hT^STxL{~7>lmS=r{EDFg#Tv|Yi1uDq*%QhI=ZSwQvfh_tL_dM%b<(~LB0z^ zP6iDr_C+21(4~lo%uuM{9x#^qTO&wX)9$k@5(Pt2mZFrp-NHLp+HHhjbrG39)L?Zt z&ODcSw?ZVv0d_4`3R&y>*8zi#eQ@#~U-uq9fDSqH?9CtpIE%`l-&6cJ1fwF`G+wFd zl~d{(qIIe6u0dgVn4D?X+nuGoGSrF>-!&{9=L zJYO&@VZ_rE8A)gGudaZg-*>1pP${E8!j#U!Nt=~(~MPuI~5U`HLkYn2%} z4bm1yMUTr!UwN+^gsr=+>X$0>s1VRrtg3)dYa?hYODL0>>}It8JmyV)9?4gEeNfoS zXN8QoOF_b-o5Q;gq@7eO6#>3yB*a-87xc~-&8r^`QJIRgcQ#!UzSrIDd)%!z+m?z0 z3h3AIGKU|3diYNW3+N2L_<2r+KK{JD1nv5dTjHyBh!5Y=W?TyD!N=}Cb=S4+w~oD| z@-Wgok&Auyk`TP3EbCH_Fka=HTsH5G{g4!pX1=M>|HC4-BQTIJojJr&8?M-K8Lrsh z%?)^>nx1NMF%MJu#B#MnDVD@Xwzn1pTIL)Jg0*ob*LvPcwwEq_jHet-x_gmEjtz}G9^kPywPp+;5Pa1r@@~O-9k=DeU&l%L3d{=^&4lV%q z)wQ)CT}vCxq*Z}8tt$8)2EQ9Fik=TkI3|2c@0%?=8!l)+vUY`fYS&kXw3@l5_6NJm0yIP(V z5i%4CI?xIb?vJ*s%eJcAAGL`bSDD6IDA;rD_1zT(+#mAD?Y9eUw+hl=09;=pqVZ-! zsm?V9>`!|Nj=$$4DTT#zu@&~ZzO;rQQU|WO5~e#{IB8?92OgoOP|=lkJ9q8aCD`x2 z_o{&B5?te4m(0SOSo;Okk}NF?WRuex&<~17id0eTHEP*7a|#PA!hgJh6HAJoPMXZI z3maTWXk)%cGJkX5HB5h=j`DRd|{f%FXlYF#mo-W*dqU1@(*i z;86&iI3eur90~M?M$r(Q2g4`X82*fNYp2?64_dy`_bvy&%b$0oPQ#T&}>qkO6!?!DN7(|0`uK&Wg}xoSjn-F2V};3cj6&Su)5CyG$y;-%J*r zH1FrOm-LHLlSrA?-XRh8mloKtT$}PWdd9XiOpc zeo^9*%_0bM6|$5TOodxf=)Ie^b`YzTF{tP_0)o}g}$UiAn$o9a%qHpNvCaU zgw2gl^r-+JjR1RkbT1FLt7gnv&3CB(a+gr!i@Zyj6i(lxr!CGbsAUIEIClPev+{)$ zqwOn0z=6gO>g={Jxtm;Xu1lDS3|l96TB7*6a?Apce7JDWrY9#I0jz80EDCTaTsSJ}TckIy~R* z?fF~P0b7s8Uow6WZUGTXJq@p0Fk6T^{|N)Y zsTUWacC`kmLgdHed|D~xB}?3L{g|)nG?Hi+AX%l4F!Y^w_ntZ3g{46bTmN|NUibEk zO!2bev7uD3%UKDMMR`vouS$?eYjDLdOJHexP}vdYq23zD`p)xL-QrZWcY*1=?i>fr zB8Et!u1C6bd`0C!`MkRh>*oFsdQuL~iN3R99mmv8iOSrxt*iE?KUh3MkuJ*^Yp7=!u@Bn z19R=Q*`Zoam12(S%V@{Hr~!MZs2x?wF=)MO?<_cpE~`vqBnoL#_nkeIlj|=Jrb8SW$VZC$r8dXHmG`h; zd*hV#fAW2wZp_EIPApzhE^O3dgvAE?)n>Q}^7S|ZU~@Xkri z-aPK^XFQ83_#|Ol$wQZtMex%UBw<@%({zXs5^f(d%}4t~y@*v017Wj*Z#Td4y3;#h z-D%8W4pwD=jG}_)9OOz}h>jHqbml4Azgo-MVjAtvFFGV_v|JYlvFg!yvzlmjSL-p4 zMt?mtmQK@bZ&U}4u1YKJghc~p38`MQm5hz4X#D??t(2E#94-0bv(`1U7PhZU*`cTR zZ5g@AVE2vA$v44@gWJ=_G;u}&o=Y@2ew783VRm=n$yGAf!Jd$6A0jaVM&X$d2EOZ@=gBPNuI$x_GAU*RCMTB}UlnGE%0HSiaA73e{iDEa}mKyGD(zP4QqjME)p2 zB~iwD-pqGC`r2UnwyDaXM9Ro#d?NhjG^gQlwjlBnPOIChzbM8E$zgaD>mg=^BOKf` zg62_sCn|X52hmIv_vMaDsrqS(Psn-ja04BUN#R~PD6jisD9$V^dO%vKX3*k{U$H06 zG9!(M!+p;!v%79l+IUYPoYi-%cqgz{mc^Ylp*p!`%i9$%{lmvoQOC1;PMC{ks=dVQ zc(>O~<Mv`|FYM% z;@@~FH}RFh(Ca>3;D7Ja6M}~-zduogo|9FkMr2;1{qR4y;{k#DBclf?!R%Jt99G}B zo3A<5|FuOQrGZwlgeCD9tk|iMJ9Srbn4f@rI5nfv3iVZnYj2j4|qqAIUp0 zT^JIgx(nOQJ$1u`bpP+(@#o%x(?oSjcH>1IsN`q!bmJ>68yfn z*6-s`AkS*>^)r_1TASx%98dNK;gEx=GkxVf)JXy>Gd{1-py>Bh(QzZyL3@=nI9AHb z&40&_7$VxKe%rsi`Zy4`PtO#X`4i7f5;rLU%$QCD@E-hDeoDM2&AmwR6Ak%5b!yh% zq#mHPS?%f?MD+smV3=SWE+%`0qq2udGf7sW5m4b&e6tKP$>c6p#gVrO8);y`5;p>G z(O1{DUzGu2$_aWWJ)(m;h!>%fXB(pMaL86yfS*#`7}2E)ip<#^?D?BZLRDp zxd&FbCx)Nzz?^tzBG#vih~e)(PE=L7xpUH&(Pc7ISYGbpmmAWT;9YF41G}7Cf(l)8 z7Z&^1sUc9X3suQ`vG6BjiA6dpR4a!R>9>#TVh519OrVs49Hd2IAtH{e)KvJs(@6w1 zSYUg7gZ3t$NZk3&q{KNLK0QQTa^kAA&#vI3AjM=`7P(2^*ji)JdYjnXvsL3u^XO13 zYtk`4p0?{SQqC9GfWwa#R#2gf4=1g)q{=tqCg)m+l0B`vL8K;#_5@XR)BFpW?d=!`H3gn;1#_Zoi24_Gb!DZu=I1)gABwGMW$2~gu9{< zH$eNs=*SOxZEfJV(bUhKxyjIW zd4$L32+;cxHx-vO9LQ-&C4@pGRs$v#A<=2cJoPp`$5v%rpv}I2*i#qfW>{^3I?O40 zrXMhc=tgarP+ONq!1})9~6_2@kMIFN?BhK;!0p2 zTtJ_d9+S{7#*ES)ny$Cd9y#$vpACw8R9X9SeHY+Tpu4D)MZYoxSq&+L3ek~39dwGo zPZ-?-uBxbE4>~E$mT>QnmthB+m92@$trDM6W3eE1R&WOqj4w^P%{4fu^19h6pis5Sdqnht;ML%+Si&GVncouXADw8!EA&F7%K_NkEqjv>n=RhO%Pz<5! zqMILN##B~wBM$Y_DnzS_LYwNm7mxuJN$7xzGYAnqd1Ro6 zbU!xWR1KnDqlF)!3k}2tRD@sxPAP^cA?gEVM1K-ZT1G+U!^pHQT08Yw0Y5YZ13$Q< z887LYcGZLbJn%ynVqpazIeZE(L?MhqSq`*9tIVYgE3-+bG}UnRsR1iR^xQUk00`>|@vW_}ZZ_8}9@Na?BUs?apEs`KY+#eMK0%X>EK@HD_leCz{HrlwKLqNMLKQa7k9T=%NL4Kj)L4Mq$b%yw5jvg<84B7s{)t z8uRC+rP8B0;=lMKcFV*Vk%a3*FnlyC!)o-MfMjt6QInX2not*mD)X;q&fS}xed8#+bf3-3D+cCpuX!LLv4WVa%)KE+LbHt@?-L_NK&^VTe`lvvFiB0S`za z&U2_`X!)C@nbuI+%*Nkr2TlX>4VM;uFun06c?n=vhc;dipfBr_+5>>N5ueMp3Ge+zoCD%oq>1^~}U8X$M z(|fs}m{L2o`zG}#JEak9lspiBZ?3K%_ou1EsFpHu^oNFOZTUvK^euGmQY)E#m{gy) zH`2Acs^{}+hZ8xNXHiDOsY}EyVR2Q9DKH%4Ai( z&UQrm8-0pY|8ITzjreNyQ%I-$n!^8#KbcBqur9hc85tucz&Ts!UztX&rN2!4axVA! zhd|wD<=C(0Hdi3f$ko2k+((g)l;2TcOGB4PCGcDzU(Y5b*y^E%l+ApiE8>(eJHp^B zqyWjFpX9RL3iwGbLVJM>kogxwsYq*9TtgrHdW+l66vOw^#;}nHZt}_U_sxdA4gibw+i0?Pdf5dH-Rp}c!Od@o*e1CBReDb9YUyxBoP$6>MyZR^;ZZg zgaO<|3S?DY!X>60)vw3He2EX^ID^whH-Eg=Xftk2`atmY?4)YqWw+jENs#OP^~?x< zGV7-^jE}p%_u-B%H5cM?JZbJuBGdPOr%JD%OyF{~V>II^5Y6V_P5n6B_K4pqH7BD> zFf;!|^mRQ1c1eB{@K5AP-Sg^`e|L3sNB_qE(xi%}U`^_m@vr_-Rk(fjf3nP_emv@W zHhlB{n`I`}|HCp*+a=Hu^|}H6#WG+1gJm`g>*@HVhtDyg#c{Z;4?`bm_8F--z*It? zVLGfwvez1%dm_xz$5c6ILj%zn6McR^&XW-6^L2sQz)p9vjB7xz{~|Ecz87)%OTTxk zLg#Dz$s*vGRHqv+Lk=O_Z~l#AT5p#oIwxwtYL4gJ-XsIMQ_CBtFHT|4WP!p-UDI&L zbQNuVHXIlQ3_B*w5UO&Sr4h8pP(#WL-Gc(ZFO!Y@?)pC6j(z$C`}Five4R8T3Q`z~ zi5jC^u{9ONUd|x7`YY?m(ftzg2tf?PPsJg5o{LOSWp&7=q*7zlZ0|&lP128Jy^)!w z-W)&EVO#7dc^#-5L$deTUAH6-M(kSQk=%jaBrag{0^46|v5$6BW5F745b2}@+u*8b zK1#dZB;DbLGj*D}(NUQKHsjYu+k-A`Rv>I#F+A?DnGxN(@RgWJoWJ3bl_A{)E7I=3 z(RtQqv1)aaUDc9sfF9iqD0%p0WZWbX6fbI!$j{xQ#H``XcO zd!M29jN8u;$A12%snJEAi!Pp%oQPm~8q$_$arJV?9qLFqUPQ;8o5{2G?&czSc5zMG z2fXk&lBUw3uaKMYfH$KqAd;+)Jg(v?m$mG7AnsZ&&h*P=*{}-X6eIY?2eO(Qn+30& z0atb-W88j$_2BJa6-7ztV;9FHJOf7Z#5-o}VPiE7G;D{`VN&F#53SB>vpbLu zOI|DL-x2g6(h$Sw-K5{55c|nOJF7j`pWNytFaLy?m>6&aK-}9Q-wWXQlXPVg2MY3+ z6+>OVhK_dXz~WxO%~ADKB$)$Q-?cS@?U-y2KxPSc9K{u!epFzd!S|Nydhl<5Wpo~~ z2s?|eyLu(Xx_VpS^aEyl0b#Z!A2HB_7@aaIyBK!yot8YdIh|lCF@-478=)$@PRuui z7@`W)2_1MSjNXXpZ$*opz>yGm%@naW&)oXkz05xmJHc9J0ps6`9ASmr8MG~9F?d;V z?P_wQE0q($khoV<9no3S)sUXdaqg1>FVTRqhF{G|hA>ED#=Lr0oW2z%OJiQJ$+e(j zm1SusD)`avYg~UKD!Pu-tyM*u!&hU$bh5w4B*(9GLxXmm!3;VrO(L|@LMfGsS@h7r zd5_e{SZxq+%HZ4Ok*J|TXo}vlpGV)F>dWwElPs+0yP~o((a)C~Ginq*v0vK29b3RV zdrkn^?%OMJ6YefWq+np08`?%8ScLtd#?!#mxF-5zXE-)U-*gq_03G@z4C4raYz9+K zq!_4-g!ZO>taKQ?lq9{B%^qHg6c1JM0+78&46U$)oA4}1vVrCfh3r%hLf)`8%)k#J_`$A3K7@7g41r0Oq%O zy#5#oi;S*UtDaCRT6~1|XXu!W#`pn5srL|(;4C6O46CjuAktDJu@8j#E+;b5FD9&s zr1^to)-qKhAH3jEtX3AvFg^yQOSoVd7tG)icI`8xrO1^dQ&|-{Os}pOY#3J+F*+mJ z+(3kOcf~g)Dh*i(WyEZ3k&-J2xB;*|!ss0pmh8k);lPF{}wQ5#8~#f=_mD zINQEh&a>Z?20$#-Pma>m?US>f;rj@58|q+tD-8__43BPzZ%RBBBJ&7CUrB$k?Eukz2NS@fTznadSY9x#VN zq>9QYULf2&lCnw_NfWa{W*PP)ky`0Z5T@6pF@a@kuu6m-SeGhjkw3~`p^G2pMC4fi zQKjygE~3V-s`Qc@tV(b8|1oXAyrpLUDSb@2kL;c4msroA7l^0UHpn;ZFSg@TJPLFRwgd=f$tu!pFgc`j)Se_KY^o{GFv8(U=)U zVO3+4N6nPO{f_|fGCCrlaJ;dn-pAZ6TBELhLh#IZ?0Q%`xMNk86DB{al~LKWF8>Ze z68rOx*%Zvv8KV5zEo1F$j#Ppq-gRabn8kLFTBMu*+j zDr}ETMH!l2kDOwFI?|`h+fwa2yxRSydf1)koIlNt{CCQ*9R4q5C^`IBs-B^;qV-yP zy#Z`_UJ0I|T~)b%vn2RWWteIfCBuibLH?cXrz>xO_dzF1cvJpPsSE*qr-Cy%K{BtZ zY~-icw0t!jVy$&erVVmW5xBafeksYQjrDyam4+W z@WC+ezcX>6K^^Xo|Cxy+U81EOk8QZ9^1nIJ`LDdZSLeS4<7fVRr61rSal(bFu$$HM zSiej8b6f~Bq{%T*t>Rw=<2qxP2TAX>(`0MdSUB%X&i=MC=HxH7JTuJU^ybm@=CxQh z3-uwszn>E)JLdZLW8!cuuy#~D*iOtz<3IJfj1!+dVB}r?AE~(Kf`6srFr6<2XyhGy z-ZN8L|3)l$2l2ORk$aM(g^|nR?K@DTx70)Jnes@X~l-H<~5 z2gWOZ-qTEv_dnDG-RIKW=34&4*p!bXRqgSzx>c3byz6L+l_+-nR23|zTNTjqP^SY2 z$9dZQuL*K$+*}>sMF(gx2W+mZgOtll7{)izS65~}mZeP(2+IFAi}ZQShPLB1KuZ#JqNaB{+ev?qBd6YAsM`6l+2#Yn#IMHgS^WjfaCn>`tfgy56DtpV=K5 zBkK-1RQF%#ToDqiV`oa$51fiU8r;gW{%vw{NQBt$pwOfh-_xSb;84&lD-8Fu5cB_Y zk{q)4Uz6kpJ;@idz#vlNoej-u8YAEjh?ETal^fvv*DN`Ud6~FERty}?L0E58aB9xW zZ}!ygRc0nQZk64qv~C~*RZIr|41nwJ&I&GJnk__dpz}L;qsCma5VE0Frh9m*)HU1C%yn*W8G|+du(3}EKQuBp`IcYEwKPv2a)wDnBzNlzyqiKwpj%MGp z>fg*W+~84%Km}65yXPHL*x%^M{EB5O6W@^XhM$y}G>;kSXnDStZ;j!wlll+At~MUE z^$S@LI1_)Ev{x7Z`f&A<8kV0_ux8>cDxtl9Tjo-$1ns{5iywNMK28}UB~IFTrYfC3 zMD~sco-XZ^LOGF!RxKXg{Fd?9sQ&OHc3I-E&_dVu6ax5DxvAC%yE@b_63h1M-G1(H zj=V-jYsTU0R+Hw55l&q2W1ErGd*D&jq*!M5|A3z@mKo!pqBv6Tcw@>P8Rg-p@(m?t zb9K2Ae>zoX!iSGi;b{=og9jTvKdJq6r*z5G>VOcE%llnwuKWjn?)Ktp?Md;@L{!#1 zrd}gPJB2b|WQ3ifg(3+mAxt>IS6Gb|_|2Q5 zou~c*#?32L8p|vnVjE00h9mll6e1Q2Ic3Ct>Ul+7();Ybh#%t1vOk9Tiep@l1|%15yjd ziwyaj%BHwRDZSsteqywc?n;UX1~R*k`&woATq;{f4PwI9F<0t)wHgp$4F@W@#$|;@ z=lTCCqbb31qbljb?)&a+Z9p)?O(c%Q+6me*H1SJ>MO!njN51MNDyN1j?v(pInC+L4 zAEt+P&9!DMwS$9)$5xvKfARoQ>>@`--Mk@tE((sDc;KZBu+kQXKQOojS~Z1umR;~8 z(|U$vA)A*^L3eW?XPN*bMnC|(*EjVx$tz^i-gyUBu$N)k|K-P3u&xhQ(ve8(Mv;j_sKtD;lDNP*T3g`OMGC^Z- z6N<5V9+8AKm5_Jz&8DEcsmZp*Vc6T=&wN8^Z2T;?Y;Eg<(D<&p;jj##r$@hwRo|ci zHaTk=W(U@+(RaKl9fr|&sWF`Gf4)3?ALu(z`yC2)lN{%_9JivaYPjiq2oTV=oWF`s z-U@_d(IbBrdDB(U8X*4>Q(TlxiQrls%@Taj-6bxh^B?9vfXDdFgnD))RM9avYFAEr zMGbOS&Kp+ba?P0~R%5NTaG0ckR{k^<8zRpKs1(>ecVYMGEZ+W}rD_QFxD;^hGK;_hVN1qN9b~jGuHy=tl=2#GUG=fVM3kQ-FR9K#_7R%v3`bt4m6TOwM&;yOd~(~-U$MuQ3^XVIp=0_R z{Y%HhIbX2;a>L7+;r!bhZ~NBXBL3Bo|9r?RDgpF;E2#0Y?uZ1tSvsiuv*YPFv|05v z&`EICQGDg-o9laVx|waUMW{8QuRBiZ>tI^P^iS%sf?&i+8hRG^Lu@?m&w7cp^r*c7 z{u3giw!zaJ!XA81@Uu>Po+FBpBP7B<^3X%1DQ(myWhwugVcCIeEbfHI|25KqO$zPt z2UrZ#03U~Pp~(E@YM@@_L3^CI=sy%|`ybZ%A%Tm}ogGDB8ec6`^2XJgD==+QfR_u0 zR|MdLAoyPpcFExC=MkMDli+vyh$qr}UH-4gCx-tg!e*THeB~Usw;m6bhyFK&?VHT( z`xnB7oB!Vt_WvDq{Qrkx&F=mW!;(Dxlk8x#MMW$+piUVq{2$Kwx^>y`c6&>?Em@U< zODWm3BakB7S*HHUpI#(44B?!6zx^PEhV}J_&YG;#lJiccKjA*~ljHR#FHQL>~gupdBPwI;anu~Hcbp8jYQMt?C4X?ls0<;Y%~ z;Kq6UEV_%Whrk0fWYysmfiOEI>$CJv0940+4M0{ru64cb*c-jWFcO@3LTB-NMf%D< z&V&2^WIqjlWj`gp{%;M`zUYX=B|Pw_8+~NQe`Y}SV|-;mwVkB?M+UN47{b~po(#L| zgFHTjl|(~SkqyH9jYvaU8v7CzDXvf6zQ~?Yq)6<|fOpL+-Jg}CiZo}(>ij=qiI8zR z{oj7#O-PUzU?$R#ezwS{nN#Cs2`Br|C##K7(rY699cJ41o;c6ob#`#&+ch5 zSA#P4DBqUnyk8QnK`01)HEKzxw!9~o2If-yN;%i1{#T+JQENJsWQa6uz?TDPU@bj@sg z>mzYlgXT6PBWly@cVRzI8SjjF|Mmc7z3;XDuwIMra` zofrCLqRRk7;L2U`w%UEpQ?e1Rn2y{HyBTkJ3Fsg$Wh@>&o*vMhdF z_KSMRRI*;#+`7Q7sc-u2ps#9?MbSl@Laq_ZTCn@<=yEDpvWcAN>E_evaipLKA~J^* zt6a)h@kWAnCL;7VA5=M+Dojc99YcCDyElZ30o6SnNhqU@hih5Aj(q+!(Mv-#l-r?X zwZ*Pz^dq2ci75MUDu;WcN!+tMD2S6-O7v!}(`=RjAA;c$t^r6PzGZZM3V5Ax<=|Ru ziB|@#X#@v@1sX)!N&OTV+*i;H+WzwxFKpL}_@yctZ;V0b3tyA8h!y<^Z{2VTs&_xD zqrD1r8FBg6APdZA4o*2e0j=Cp58XwKDJp3XC#S;$x{RLPOB!))fJ(CNq)T_14@zQL zT2EQ5YB9rkS5dP=%oeiCKAcRRZ>FjO{o(pgDc89DS!#PT?iInt%ulFTwI0wb82K}& z!KDFPi6}+&;+a@W!~*kCH)m*hvPES}`u`zFEU>Z`%0w#-1X+ayZ{2dy#&3E1dPsaHAJy zt%RdT+sC0#ml8p$ZK`8gO+mF&@F2cd)ZE1`m)P`s2lf9zpaNMTMousZ6l+z<`wNR!Q!{vscn=o>PlWZZMwh6Y63)QLc5!ieLnF8auN~y*THprTHH0)~`yMKQ}neN3gKm=Fz=70$bf`pd4%V zh&R2DkE;-NKf7=TKcWNO?-X-dn8To-tWc1-k#^Nj;XlM#e{LUya%>lvea9Qo1hXK> zHI0edvjORzr&n0ZVvoM7xM?TQs>yh0Pb#R@YmpkQ`Fr+wPU60i9_S!-J~9QprGlHd zjldLsH!zbUciYE#J3t?n>bsTiNVa21CU?th)ZOJ+-9`24FLlSlF0!@Si*KC*0Nupt zSV&jIYm~AzcWshP+5CE4;C9=~&N$KzBZWeV)i*!Y0duZ6!?Q)gvz;3KZiM)Lg zUW@>U)~!o^!`$mUL%aa)8E~z$&hs|IGacB*Hw%?!h;GF18;@nbZJb}0jPUtehV$5v zCKNUHYSHF!Lp@^OjPT15cL#-?2Pij?yNmBeJi(XK!?r;)!bXUGgQBJw4QqvS30jjU z^8uu6AiC$@TAM|xe4a5^LYp=W5k(CUMXiaG1+~DLke&1q2D!2(sS4s^E4yCSKLBVD z$jfN&Ob7VZaEG8(R2q-#&YV}mx1)TGI+xcWc^Aqb%iEhuqpE>kEmEFCJC|UP*FC6v z?NtRncLl8rK_0PLxJg`K(haB_l?#ph9y0-8Fp|IW(GF{sFNqYHLz(aWs1#j=H;18rzhnL8#{i6 zp>+H)UIiojMp>>zTX;&|RAA+?!^kSGB*m#piDt)&+X$gCmxVci=mYH8LoGiMO`zhA z(pLvc&HIhOeM%qrmFc~&F^ZwQfGt_uQr(ehJwDV$le*`-Bv~)Nw2wD;mp8W|Y*sQ# zq?+)~d)tiIKlLRWXwrD&Lb5!SldZ%EW{5T(Fa=S?Dbj#ERE7zJ_Uz@z$5A>;#&Hw{@sYR4m>4FSl#X&`*trS}PtLk-mkR1L zK(hkpS_*ELyat?(nePU1Qo0E|Jo=ur>llhO?WQLmDCsFKYBL+1B1Ya0YP#xMmwkcY zFydYXabE5Qr!v!;<&Ox96BSi6IbI;B$U14hzm0R^LxpzfQO+O}4TNxh+zC~#lJKXp za0Wskb&3`obSe5a3T%VHu||4FivrQ0ev1$c>^Qi$_SAgx;3M4u38F%v-{gC6E|8x> z3vS$5aeZ0vudWC#eZWIFW^PSL4X)Eop2+2$8UCW)&|APO@?=9S(k&Kl8Uh#V{zkMy;#@8&;`mmX4<0(y)V5h~|H zT+2Pboskvn-4fIG;^H?1$3IsvnNiJhOgGWJOyn%QzR&|zAh47!j|Frfh4huKc+tH_ zGgC?T%I=ym^wm-!2sTV+5hIGUh7*X5PI z6n68MbMUiRFcKdw;y2wAd2*h%5Y@8DJ4Op1$j5YO__g^Gb8~le`8(~50ebjQxs`9z zs~ui!@2JDTw-r9*!+a*AUn~oF{rI#)Sh?9=wg#(BCrJL_g>DJHAUJKvs?V;J(hKGu z=lp81+~|gB5D&uPKWul#j%R+-ysJ%@#GUL3y+UPVU1Yf?lPjm|S~KWupUq`GYyiQC zz?7C_p)R3Y8w%PMXInj3P|T~Vq^(lD|BVMfoXA53zWp;>QJ8pM%Ek?B0ZQxB^q z*N-SZHfdF|72j}ANjR29Ax)e_{Z#br0WX!IP-pTwczE*EZPs|1h!S<|$3)*XLlZf6 zL>z~Ri(tj@9RUJIgJuTj&8bL=(z8j={>Qc{jYB$V50se|Iy8o`>*?8Xc1V$7h>!k| zZ@J|6l+mtPdhDp|i-6gNBd2hDK5HFPQ`H}6QO3OMkOfCxQAKMuzX2iQ5>eNwuZn`{ z%a`0&3`vJPgAhyyPwL{BQe8kL&8N8Mlm>V(GHlluvLK_IUHxg|Pdjb@qlVcTqZ(t< z(uC3J71rG}CiPc4qZ00(rg7}CQr672zWzvW)kNU8J!1V2ck5Wqz{;?3)=_3{S~=;G zDJB-K4PB-I*Itl6A$uRd7IRsq51VC-j^=eI0PcjAX;qz*g>@9Db(D`TKqHILq^j;T z0D#*O30Qv0+aR(IYB@}08;K~jdK`g4J4(!wg9r?Q*0AWXxyvxAxD5C23BWDKaYE%6 z;gDs?tFGk$y`fbOYWFyf+{Mo`u5a+Tu(er*%L<>M)`}xDA#|te zVa6f6*Gz<#)>=nI)>_~lOxhp~A?a)j0FDKusys8qruq?FD}X{nh!(-|l5MGBy-n#@ z&-d(A>jaIA23Kv#JZQrf@<-fU78GQ5iTWW;bowU^bR-S*Y7jG7PV4?E`+mNrADL`B z>(MgyEM;ieavR)E+g?rnKw*mEYL)|ED>*kXq zs9(#+ea&Xt2gXy)PVbKr`Tu5LaOiuc{gLp8_WUNM;L6~nefL;~O;Tp8Q{j2;CMDr~ zS4#Cd&AK`8QyWy++wXydfTdKxY&(wjg+~@-adM*B37iiv1;dNvOBCC|&*?)tk_H~# zHNmrr3T>fsuZlH6W?ua;`Pcp>HMgUd?z^u;^aI^1fBN=Iz-0ufW`P2N) zIuf{ZUOQ0&>l(`$22F27KsY+-At~v0XA}`#V(LL>r2By43?q|5h61xF@8AMv>GWht z)2Z-)a8kb|0dw21ZPca;oE=YEDgBDotRB4rHtAJWb47aY)q)U>HOnz~!ZaAKD1G*h zmc3L&Q4?le^IrKBdk(>Mx^NQsB{RfXmN`|lb8Ame-Hsi4>IBL?{Y7pHh8Cgo@!~-zJp~G7$tzgW#B?-2ALg^46k=c7YyKech#MBajMS6 zw%ZTO{Y7|;_v_rTG$hqw|}^@ma+E=_m8{uiP6X@ z>KuU(tmfg89Gf3QDd!xQZfUg#-fGc8x)yp}I?bt7mM}5}dz*QNPB~sfQi^#soW7!A zy5rpS@MjgLqt(hau~eK=&bGj*Xlqpy0*WgY@y-u}izggUy20=`hAM=(0NQ3pAL;OeT4hP$tE zp?d7WHibHegAXdR)fSe$Nwvn{p~t2>nn$A<&nP*+?#BizGHlWzw}mKECuT(}(YqQysD zinBkH22nE()lp5uHk6yd_5a1ZH?_%cR+)j!Q5!gj()w3PJ%o^^_Q+CO(c}78h!c4e znXc2V_ZOoR8Q?vbZ)ngKM$_y6m3b$4SElFZTD%5~Drj&HLhes4d{)KO%furbtT7X%p>&Iq5g{D$%i?# z&=cgZuRh|yiBEWWRRKf_9eDQ@haR|bf1a}NZ56U7`USopg4lA za11n^QL|rW^Tz*#mT%t0w%rG%D(TyMhYF$HgmHz$GuO+0%f_JjDU%BfNwl<2*J%~B1>dob*6yYl@MK-Yu0_k$!E z?(-tMA?;yuCq)oo(!DX@C;JfIU?v&&z!)L;7z?`PXPDB!i4x`ustQTkQGbr>;zFSI z?K;&8{{H(5D;Aa?1tCuegb8Pm0q)|oY`MG-ti42A9xB(Zs08>O)-@lj(8!mB(-YK4 z9_N^707b4Y22!k(0a6)Z0f<_19Ufx>tBl42wcCD;Ah_#q8y&zh7;T9n9O8Gk0ncUm zHn91Zip1O;_Va4y?d$QHnaGPI#1q|K5Z|18YYi`ROYVsVt*LG{2s8E;-?nLVi3oRt zh^9*0dEvpfBiGuQ{Wj{%bHHR(S(wv5;pzMpd1sOuhU4(r@8!FLv>d%?cj2pxJN!v| z>r+G#D9+P6HUkCi4I1$CzoTwN@E7VXX#Q?|cws@g_chpVxpBoI@5Ay74-Er(!>yPr zdWqB0*}eI_09Hg@%rxqhHI5HzzF&xW+9dN4WLWyjrb%1Q&3q~9;IbH5k?=A5_pLpz zUZWcxt(dY>py$_^guZ9`w2e@<3?uA!MTJt?mRFPhzeK2JLmMLK!`N{TK3DTFZ@Y+P zb(pu0rZv#N7dD_gyQqtF<@;8<<_6)a{CnxiU-lfogfqe@*S_a%1FS#P7bSz)-j=nO zK;+JQRP-dh+sPq<2A%NGj^OrCURtTO%Sl)?a%~yUz<08ZXO2pz#h)XIFk%za)@LYh zU$D$+k>Eldt)jDqgLH>4bW>nwjChnK4d1#8Cv}uR9PF4@-g&6JD>&<;VPu-Y*K~hl zcOjlUlRMeY8U4MXJ9Kb9?>=KQe%;onc=(RfR0KVzr_4fcuP$SFk39?DeC#HjSL2_dKc)Aocp%-`l0-X6~dC61*r;UfvFN7T=|zqu8sND?MCh?Wx!Xynp-?8Owq=M zLw?DIWcDyRFPlHq1%1%RNxn;S~5vd2>(5XB4I^5Kr@N z&jTct2O&4$3En^~Yq?`!HfM#S;7<>~7_?iK{ZzO~;Yo|*k`xG9;89w`BzgF8pGoXG z7+WvRJ=c+;MRO{BJMf-c8hgC&s~U8Bk7gr%>h`JXW!7!Ydh3MYbV1T1e1CH^1AKeA z1M2De$9f8WJoKomKTzz<4T!QS#EW1ar35s>%Uef?)6>mk_^y*)x@%s%QQ8`EgKtSg zK@+icq2-*roGQM1GQ425!|Gq9cWzQ0wW>^AB&4$qlfTH$yfSnfssB^2 zrnfU+rR9-C#FOq}DwV-@SD9u$)rrxc?y>Ek<`E#&4^CT|Wq#2KaZ0l0LBZ6MLNwh} zoDEf9tfzHtxW*1xV99xqr&5KSt%Jlc&}j)LlmTgWoLS)W#B)!EAZf_@Fl}21@=e zWd+vB8V#LE^({{y&iHezep1~_y%4B(pXK#�GZwzehiG2Vzuu;f?~rk!<@%xkU-k z#G0{(y%JQI?{s?`+BWjLVV8b#LuE*3F8)BAXs3_DP^4KBgVVj*mB;7r zwf8rtD0FrxL%1l>#j)-b)SDU6-F%}8p zL5tnmFzcpVOkbw8b9XFOz7@dj%XJ9g`U4((7j(z$K8SuaKKSnURsp~JR00QH1&mTd z4}i6GcmU9Nl6s_A7XspkIue|3XW(TZ4g4ryKJMJF`w3h4W3?arX}h}gS3u**cfU1& zufM6FlV`__JLH>_6A{W)hbKn%%GA<(BMhiJo`y?cZ}wK!^$ z>QpWA$#yTJ#@>!5Ag&kUd;-2JNbq@i!uY*cIY(6CE%=?Q+r>MDE+Y#rJ_fqS}=c^C}!-~^GrLcAnzh|n=>46(V zw18T7`Vz?QuUUaFXaVk1BTwAu-_!gZh9(P*vZXKKtGM$IX^=r|Zi8(}QwD27&ri6> zPOcY+v^yykywCu=K_Jxf{8GxD`e6%`WNVlOg?w5n$YU-XF-(YI;j2K*MI5^?210a? zP=5sOp%yv6 z#>Ab1(}^COAs@1b#hFK#VbxKeCt>AL9>gnv7um8gz=cm^DbR(la@&)!9!=v)gev!e zKamgc_7}va3mNfm%SM)N7qawM`G<33we$Oz2h^qMx=e}zu%2ekW_@z$u-gigqoF0_ zseJmhX|sa2@j-8>7T{&tr4H~?1@kfAHRBZ{Ujc-hW@!Mz7l*=C|Kxzy+{@HwSK{YB zm?ZH55*9&h_%#3hAwJCm7j1FT>c1imqK%OSnj`3rh#aL_@<9)xr6ZoCeh;D=@}gtE zJ{(yAn1;Hj0L;2HcigimO322|u=)|t@3?+d9QmNH%^eLD97ZP>9}yKEQ`n{%$Q3Kp zCx~st6D|tL*oafyDBo-){9N+*<($f(urG#Njv zfyJ@PULEV-V|~rT$CWaxmX1|bypDmXlO~VFMvT?SEtR6j;Z?=tANq?g8MmvFC(*iW z@fXcN(oOA$zypwnFfUz>H7$Ss*~JCw$N!zo3HKwZf+zPrh;JdIr;r?6*xui9h;zPw zEs}lFkabjNL&DF*2|Z6Z4oGBMC&SOm@^xqD{AdhEpj6K8@<~1ORSPc`oCZw9+=O&q zrrDem?cvUe*DKkyVN8mnF$Or=|=p z5$Y1@0n(%d7Pc20ZCW#3G8w5S#IaQCt3z3dB4zx~{&)G5L0c*3ssnXZS^c*6a>H33 zx*jdqs2ihmGWO0!%hd3n4szWhfBb zCpY|PZ-Tse`bH|8_AaS!5<>Gg3AIVNY#quMRQ7ehRw9lBX}Z_2S9H0(Ra%xZOS~FO z^Sqi|EbT|#kOMZPNdGM6o@&L`s07OGYM%!<0KWxMt94gF=7p!Qci=mtl)qgB&wm~U zE1O=ZQPY9iN>Lwdn)o9RBP=jUNoVY_5ab=Acy4NI$>Eb{>~oZ${ZqGK251Z7$2^c( zYQ3;JAW4bfj6-S!C-40kA5>|(b`m?Nc?voBTcoZRCA}5h`7ZNXwVc8!n7|$PH)_{u z4rxM?ro>%`TRF?|8+i-imF1Uyn42anCuHju=$eQm3n!kn4WD~YmYwpuViO-T0sB7m4JnbUhR@tBb zDnJe#)FlSMQ}zWg%Nz!BhCts4;a@OH5Ri5H!h-i$|EEkJ2_)e6X@B~!^-5z;&l4iH zo_xZc{2-*s7Q#|>#d53H?P%FQ0=7NXFyxmqJ$w7c>3yn-`+Ca_wf;keRpjY=w4S~J zJ!4vre2dn>dMHV>@nUrEip3cQ`V~weu{J20!fC0vw&2BV`EusrsnTJRDoC!g{O>}t znQ{$&U#PljJm_yGJ8FC`f`v8Kj)FwqpsDU*Fts&jpIZon$ghupJ@@LxP{{Af5aahNLg6^|wu#b8d&)O@8OK!-VO|r8brN{9 zxjEnePISdbu=e7MJ_C0ra2Vpo#Nn_%v)dDyz-e6GEsc}kc{OJcD|aE!C3nzM z&K~Klzv7>ZTwU$S6vYI^W~iMvCai*y9gyi~xQr|9AG`Py5;=~hVyT$IG(8an&g}+} zE33FPlmF{270LO^)JGAiCNv#0L^klR0*u!k#&R#W4&pP> z{ho6&blSxUm{c}D@oC5_f__-becd*)1hnZ!`aye(dKFpQ@VM3aiHtn_^TW5(&0-0d z;l8hf!@Kf|iaMApNSJC!^w39Bo~YyoI))D_{eD7(tx1@L92Q`H_)_g@IDk= z2$Te&_k3qWod4BextUatBY@#dH(Z3KP2QiI$R)HM-$*BIZeYBay zzxT2gkAQ7Nl@2#_m*aVjU_|s)kq(&>;2Zs^zm;DvX%iN^leVPmMLEsOwyIL;$0fmW zqPmk3YU>cx+fQLjg{M@IufaQnCJHCteuhEKyyYCG0P@!vNJTgZ;ba!XBU`Gtt-Mt- z(2y8u(e!kD)l)wD5t36ZNx7B`Ln!6yv%xBIaC|9mMxEMF5rL^w>f@o6zIY-MB3z-$ za^v0m4!Gih$)V&32`v(>*~Tezp`VSqU;g|u3$Ejy#5poGZ`esFwWfnYbC5n((E0s?ojFPw9;L zIdM4X}F&wm$K#v{=9+F&kSo=0c+O+{CgY3Gl#`&Hp`fdD-4NmoTEKKu4 zV#l|hf1+AVzN_+6ADGx}(CsdvcoYtGk!Jyh3?>iTel4}iet4(8FZL?n9p$Rg{!(}Q z(NP1;(SZ_Kn7*BtFZke~9tNHh@i#qgMe$~|0G-|)2a<`@U9``x(yMxOIP4d|SQ(FO zd*YvyrYBnq)DW#d(&V*Yh;p*b7sNB7f%tp`gx~fAo{&S;KDP$vWj|+pxPyP^$mXrN z;RJYorh@7D1jK15gaB2T%Y0vDg7J#;ff@~S;-~6^&NZ|^4yt`XthHm|n6F;~t#M%ytO;6yaPzhL*G1W!No49(R zOmzY8IY#-yL0SypvbVmSz6uM#(1N%mAji#m^*d0nVGdjusx*c_KW)yz_(g4AKs$V9 zM2C=L4v#neGkTpYmf!7ux2WP4$Hv8p4ClS?m&InuqJ7nYGWBq(uaDNt6rb&ZZ|ADs z$ji*fM_1AFRiFqS(C7Qi_-9TK30kcCI6qvTMy5_kn@?)I5!EslN{%x`bOLGkLBuLJ zm!}~<)oBx#s!3RXmQJTNDiC^H6f*0uE}ymW9kn1%kO(_{2VPUIJdJK0)r_hk!#$FJ zR}A`~{0fJ#+!*_m^4A}C;Fqc8#%l6SKu9lN26PykUX%sVP;Bcm1%TRp0d~WUe~h5CDe*aP}o-SQBM~yc0Eog z+bmW8m79jSJinq@mU?(fu<^8A>QJS>>->08S|`|3OF z#r}CFmYwwAo5#5`Wu+$AeSNVCmY$5OOe|kXHEFj@uW{K_Gr>LD;){rvhpUJuomW61 zrw+&v@t@u~$ZCPV^_idJrlfPOu?_N$1Ti_PDj0?+MuNYia`Ji>Zx> zj6*CoX(>T3n{5qUO(CO(?0)El{|0%Y8W$=4g~=w3@iS&2eCCd7rui0s>f{EE_=umY88urqEurv6po z5D1x&D3Owt{vC%VCQ|41dMb0;A}-H9yqj&t(xf0WgQRF!j7tJ@I#W+cZ!CVLl)GTv zxsqx%0PJod%<#0be{~L^=_7T{`XJdR2__gEKHu(q61%TgI4qk#SbQj!hxWqnl2mwC zppWz%0fmy#>6xZppk$9kT&I>>b#%ok=7lI$cYgFr&=3(-pPIOSn53`qIPg+pi zd*L{_!fcDLH)??w;NQ!AEa#t#tHc~?|DGV0G8N3sx`WmP zX*Ee+txP_VthLeDef9Wv>9Mg1IEtST`K%+iL|j|^k#jTmIpYp2ivqUCl`PEtJu2Gl zs~uctR0EqrCn>;6VKV1^E=^-&C(yEGDfFT1XlCGffbl*ln~ohPFiMD3R44HIn~xs00JYK^d;8WB-NhqDUiTQ>G9R9j^b^m0P(ctfU2w+u*5{pNH*AdPtJ4Et`ymm}Y-kaJ zZNw7;OkV$9gw1I=C<-9vkrpV}*>X}q5UK$o&CAB@CHfcD6>WX&L!zF-ZA(~udx6xaPT8R_ z-XDD+gP@rOeODyuBfir&w4XF&cVM>WvASw(O9MLPUbiiGm-87*+e?a9*Dbye1O+o_ z-_Q~u0|$KtUoe?{O@${=jYc@4j@)1Nc3IHNYT~X^cLY!X+KMC7K~^( zP8lsR5bA>hcxn&KDcE|!O1Wd`3B6;8U+S5>IhU3=)UTE9X+?cw2HwF7WJ~~oFXS*! zJ%3-`;j?mlxWwlTj%MX{PPv>>jglwlo;|XU(kII$KHDRfqSpYC-N_|YpF~Pmn1{4V zPlrB49>2)6GC*aIfJjIYPres1Vy?g=vFyb=-$cfsoe9PZI3GOKQ=u4TJi3&vcc$J@ zgFhJgrdmip{l=ty-u#HX>?b)?@-EZLiA;+DrxM$S@=;U=X))Hh2 z*p<8Xu&i&lb!X`2gg!@zH)cTCN57a)ClR>!G2lZ3wBOa#{KR_+E5*{EQOUY2OZ{ZZ zVXr}4RjofN!ai-WyfUHhl(lQIV`d{P-8x1ndy*@ebI;P&ilG5u!yB$@%pq0qZfDW_ z`n}8I4SreFGVp2@`BkHWSYUOTR1kunx*2;14-zRznKi-|k9SSsx^NN3M19MdW&Ye? z(aO|{>g5fxE>$57-ALv|-4Wm`XWZp*Cc%2;!iyS;6`y5&-C9RvlP~ahcjuq*cWjFB zD;+y0<_m)xYCAI2W`C?wddTDrJMYpbrMOz?(@_!KR;A~5)6LocD1bIofv+ho`3(36 zhOeHvM!=%!QU=AmqTab_fsf#@Z@KgEU>YlH!nU^KX7WoXINu79J7|T|f{E~Q;vp*W zQL5AXyxrj#A$Y}~KuK0FeI>lQEWAW4Ql+?_om%CxZ)OEl$DUyaepf3h+S1ju5&yJm z@6S{y-fjGqUEJR%~V~SPRA|siE5$F?k_J5%-ucY##n;f zy`^41qjSmIigzs#v3CQtUxljAM4M|2l~FfxZld~vfCH-w#~X3;R_ z3LgL>SnaB3g)#lDY~0Ne5>Tr4_kN=7vFDK~f>EDe*!A8V(~+L{a*G4SNyY{3jTIDa z zCzxcja>{-#$@h$#z34fzYp(B-X5^Xht;b=|SNJyy(QCE6$WIA45&i&P{-i}S){28J!ln+=mcAGj4BPc+C>l}BGG7z*Naa}aq_lqAbLuj zs-q#!M#f$*+WDEAH{{VGNF_H$7H4(!XA<7japSVgo$5%)L2cE5-j95#>2dUSq2h58 zy$b6Jjk5bSxU7vR|8Z;GCjZyYd2tA37mk+=)fBm#%9>#d6QGF(aRT*&5oSGW@x#gP zXcYFhl&|)sGl^2tjQ5J>!-V0w;MNcpND8CPNlEmFW<*zr?!=i+n)dgeLfHzAqC!Z_ zw~>o$TIn`4(zE<v1fzwkAB6F)(EW06LI`oQ+qh6uV_5_Dka$+hu9e>xmTvbXxi~8ykvT&luj%Me_3j z!M~Q`d{j$=1jjL$xRNG&9MxO?8A+ilK-rqLbZNkGH~gCbDI;W0ia>uz63Z)#~vXtigj#?__`f&uwqg~ileosVhEe8)&-Fv&fkZlBCQtFeWp z@PWe#*kmHtVN4yIG5yng-?oOUtSi0tZE$Uvdizjh|1C!b+VaL0$59mqaMhn)F+9~# z_>1UaedQf-59F9i!z=LNhjv*96Vdx}_0*Y~C1E_5EgkfkV|M<;L)&&yOsac{F#?Ty z9)yW8K4>7W9pfGm#~6CK5K){K-|1>5^omJF+VJ|qBmTNplp7T)3i@EZZQQe)6}q$V ztp#|#MD@i8Wc%$^``86oH)5(1g7QK7D22I>=Z0DZl}O7Rb19njh;{aB#~xV8M9r3v zqj2)qu2LvsoMWZyvRe@C~hA=flp<^Ej>{V6RYVrC*-x4 z557gfTguzl*>N0oZb9E2V@iie5Uam!Qj2j-)TGrA)p2Mo`5f#kv0xv->OJA28HwO{ zvQU?9haA>2Y>v-)q{{;OC9D%4W+b2Mh}KW*ys7ZY>fYw<(bDAVSbnKEo}XW5H2*&{ zMq6(Se6nh_bN05jJyL@Q;9hIyhCRb24=?tFkGlile_l)HNv@0E_1^||U#_}t{HK5} z-)D~GUi6Jh2s4CRu9(TNy6WXgkoC=x$~jAF&9Y+_#M|!n%R&AO1~9*uI5n6pVc9&x zcrfhm5O6^eZh7Uhl4>d)T}#M~5OzsiHIC`OUdLEO80CJ(a0bf{8^9(wx>9H&bHXk3 z0f>VTK#zDBPh*f?|8bEN?4Mdm7j3-6%}SIn_V5G7)(L^hJPFEvW7V=A@7hc#Jg~QF zrJZEX!iGZ<{S_jm%D)R^AOxa0l^7D@rCzvKBkmpr)(3Ss?kg#QC8_SIjgt^tWWcB7 zTisJdJNgK23BD^zHLRnw& z>M+xa>SJa4#-6oH|30xK3W#3r6F|fbkA4%r{=*3|u!G`vL=M!;SG}n}3FP$VZhpzJ z+ix>`(NBVVR<4Bpt+2(B!)=w&-%Tq=YWX-3EtzQ*vDDfRkR``w_73r372iZn70Q`V z-52N`;S@xIffFvid<6;X_!|R@hQTQHQy-LOYdRES<_u#})V;nJ-v9~wmULH$wD-&8 zDM)!DDY{)_l_5(yPRVSwt}0O+2XX|{8tWH3%VIfc0BV*fi4KeUWtQ(1$e_V7R#T$s{cF%Ip*pqNLY1OzwukNs6Sn zo#S}rHF%vbINHZ&zWP!_G)cHiLpj}bj#_EtFn*O(Z=!2!)*o7I2RPm6 zZBeHpR(QW04mf@eg>ux?W6_c_yfEMo?brZ8`H8<7^!aP#+AQhSDT}g7Q@Toc_<@i1 zaov7=s_jw=fW-(%H8PAH7-Logza<=#mI*SYf1?9&s$M0h`M!`aiVcQ3VuGX>vLpRX z0SX%fUa}ty?fRstUsYEfBZMCg1@&)?tPc9U?qD$3(m?qm)|^5Y5JW(MeJC3)lK9up zM5{9$($kWiFwh_3#F3&1+e4_FyqwEC%U}k>O?vJHNz4#kIpMx9aY{Gfk8#rqNq-!% zkW}yRJPvhObtYbrWi#@tVr%M&w1S^0#@1FAV}`zt@Qgg$hAqdcGhgiwd9F&RHfK9e z>FQvmsFrwu=muL<3@rX?|;ee*{f=hF)7fmb>E0y--N?ri4dU>vY(DL zX!9)xQ4{J3Q1j3NaJePXRCp;VX#$@orR|rA5Wys_5gZMfbs6?*tJGCY^_{S+zJ8M4 zu?UtA{3eQET1iU6b3tsy|Fnh)k1;bAIGsv59{;1)Cp8Kx>yxb%38A3U(nG`VL;p9K zUgZt<-!gsd2Kes=B)zh6d#tWb2C6iIIfJhCS92_X-p4J+sV{2)v8n#%f&c9Jx3Zl zK#eazP9(Rl>gaew$7mD(Em>Da4|-V*axCd09oSOuU<|eGQ9kr&q^3!DsmCU#@UVH^5=uxr@ZAmD;gSn51C#5ZGL1d0q8+s=5YhvT6D2-y`T5a`QfXf zk@xF6Pgb`BzpvgmN_F*VyYV4hvIMBF)gsdKr*EORD%qtU=<|!u%^HOW2S?crl|owvlVfg-hnV`zsKs^C75{!&}3u6;S!1nW>Wynbc-If1 zA&6uK*WzSLhL42yZDyEZ=e7?`MxtxqID2oRbv0B+CY98#|2w8KcjPa)3#dkfamSTl5R78|#dY~P*UqkPxK~1f!WpPL?xm>jX$4wvM&940xxWfI+KzZw?C<+5qmjHd@eR9 zF03tSx8_?;KcCL91^LV-*tK`3Bn*vtK%OHK`vu3jDP93-V_>)8P}Bs=ooOyLBL@_` z`kgT*zz^Q}@6MIq9?#M(Py8BjsH0IpRneIUhcr-ktcdW?O-CfxaA_@6@Qun0Y%}&M z6=jSt&^5P26+l0V41q4rDDTbS-QZqrb@qm68?xvfoR6zDw|gVVBSf=AsJpvb*tu4; zKvFt~Z|XXierXMVvqn{uJaOO$3Gt*Z`{e z{F*pw^8W2$&!;2pZRhkrk&~?tZ9XILn{%2|<8LwoEut={JX4zbG-9{rqn-i%ab};v ztvEz@FaIjxV~)U9mEl*98$DV_ikCl4?2-x%vy*{dv>?_QP!Q)tk{g4>wP7^&ll6V83mVOmZL(3-r72m`EI1}pQ39*=sRMQA$W%?YM zVN@CI+fH_W?toIAQmd#zBdgHka}%+d`JA(JHdC|V2oS-O4ABjq!mp@LqQJ;9DcKHk zV_Q=RDNEsb3@9K_)8daASTBm4i zQ}@0?Gb%Pt9( zle7RNC4>V?Q8*My7_!nLEOi~q0CgH1hr*kWRq8Pkn;f}oE7a7^J2eK#e{VF*v)h%} zVP%B{7G)AA>?oPtwurAHKkPDym!9RQZqomJNpR zeMf9?eYw5R+rzKjGqaU(syg-O$*3V&PtqA%+|TZI3{r|!#aozEkN9khxQ{xAFt}-| zjarzJLL6nPE_L$xPy zjINBs%$JQ)RMsISL6`2_{eoeT));!X2N$fnGNMzjtxMbIE>0TB=?oOa>}1 zxYB0Cg!*;f(RqR2PZm^7eb9ReH%XdW&i&LU@8dI zp@2&)_odC*-esph`9&Y4UANh0$Xst``qYg15F=}ERqJ*H_p6uuPJxoCZx`bHWB5F! zJ`b^LS(1V@k477GuzZ4)M0hk$Y&cWqm{|gSQvr<2rh(faHSpQJb9DNwAlgMDB|BQd&#~1d$5Y)_)bOqAn z7MeuacbsAx5v;FdzfyEfkO3$Ugt0Q#3*M;XjLtt5q<~lxYFuMNthGg~`38VrfZ+ll zI*UGkSKz);eFn+GthNSL(3eEgOJjTE?I>jYiqL>h;*D?tpKx}cG*x9IuXsGl^NN*) zX&a57_nBpuNJ{&G!RysOK!fvfQRq;Lb4(Bk9o_F{#wL4j35(PX_wMSUnI}c*LJ%;N zkT3*&PAfB&61Xt!-mun+9o@xl+jaeicrE!4u}$l-dXHb+6v9haZSW`lppP!6WQoFY z{MmKw{kYt4Xz#MW|KvMP?tqtorUQRY*u{0cm_IZsYnv*l9dZ!$7x@ncLc|rUS8>q+ zFSXT3bjbqm2)A<{7zd%lk2=3NIz`R@p1mcdb}lIuy8K~kIib|z)R-j5&J!5wtPaE> z-{ihUL~|kS_An^I-FmLqh;63)B6X89!qCAedl^kss-iN5;?_WbfOk_vPbEkNS9jy| ziEjW$OML_OZHAYM(7iE_?%kgW@nJ3AMytDhpAIpB&KiNn88T!LqwL=uzpU1F+j=X= zm#!ujYb1ZOcObU}xQsn}-{ih=nE?a!Hf2yC+NOld46V#OOCfR-)|q zW{%E+KOF{#mHW_($D>iV550vahSi-#qdN;VMlf zhh!TZ`)eLqYy~nNp{LX(<=gGVh=LH{1ktq4vI>n()fvoC#05f37u2AkXR2o3oY&h5 znV}YL3kA24_C3h)}72B=Aa8{7PWqh=9}kVJKainwPByMfB$ z7#xy`PdHS!JZQU4=!U5?3F7H7ygpd$2kv~nIWdpOu$Y{jHjO3uH&yI4|6_Nt1@3C7 zcgwXBtx_S6_$@b^zQN*Ly2+bQ$KJ9|Fsa3>T;-l3GAa^J{PQw{+Kx9<=W#?o)uK&pxq1GEdfOZ>1$Tg$T$*GfNF^rBA{n-<2XL?9_R}5*yq@L< zfsJ96U0@8k!SzGya1$mIlu@itmm(YHm*g-Enk_xcXk2rIXQCd+##)B@ICEBqk(pcDIR|^jKM~z<%)^LgJL!M7=fE1aI9|HSXIrf$ zt#@-~gwls5l2YM|H#WrUMH%*e3a#y|_(@azPg1r#*#Z4SDVjIJ5zawSIlY97f}6yY zO;+lcDrBT}?h)kkSuV{4=KmG|pF5&3P-X>&_n$3&q5tV2MKI2ir5|B!Ckr^r;d$ME zs93v&ZQDm;6b|3R*&9PpnhNw1zYH^(BhtiFtH$a3dCYnF{CxU{Z?HmxyYuIoQyxsH z9lUD!-+zamU&A`a#-2T5-7S|>5nPM|i)Ncg(CuX9Ue$7KnXv^V43LG?1`rsol@ON0 zL3Jg+boPGFV>PpNsd`}&6Xm2KMvgi?$WsfK>*>gK+r1fKwyR;syY!cCXqRIB8V^EE zMP;KuKU|iYj#U}-o5ka{#_PLu;FLxJ{kGX6pE0}hr69VA!#K%X3V$lcUw?#AJSF8q zTwmlFTcqsmu&i+|79pOGI~-&?y;~%=jGAMN{z;X#$^&_GF<#w^rO4c0esCX3IgRB( zM(g$39?#SC?<(wA5uoGgx8tpTsptg0hS=JJmu&)s#7K{!1Miz1kZpiBxkBXoCQE~q z(AmW$j60|=uDC73Yu(5G!ZxKE-Y5;i@yCqb#we1QH{71}@-R~0$(n)_A1HT&HOS{W zWfm>bZAr^-+R}Y-e5tR5IbgA)lOeD_!S}%d>jI6GYNq((kDdjO(Dd(mp`_#X$+C6mD!rCP z)gmJ+jme2xTS<>aWRXttRHkU9%->jYxM}hWT=m=|ES0oW zbNJv-4-%&L;Z=>-UYB`o`DXe38fw>S#Uq0U61@u%2z$rB>zPIOWFh0ldoWpr%}H9O zPGC&jB~6tr4{6cJxH|$)CI1SleRs*?3n0yWv1TIGKsAqMVam}Ce~i8ZA(8v}!=U4tQL3h3_OAzsr(kl(t zuvgV$J8fQ7ZhOA@ek2l5NLrqDd?>xPlmCU*ST;RVa>vUJ~X5* z7J>3zJS75946CFB}ZFQ|Ixaw1oypYPYDqgVmgoDKqcfjF)CltTs>mw0QN z;v#iO_8G5{f`{JTMUpYcn?`;@Y1zk!!rjjhpZiYI#%!3xjih;R{BzOIw9Ul*J)fgW zu-?pQ$3O>PC?!Wgvz9*P-{}V@wE%KAsi$zAf$sTee9r zBx^}U!y+kuyHpHJq6RW}j@UEy-0ZyvF)A%|+6!EzM&e>b^XzH{yK1Gco8%LY{|~(4p;o z@Mo5S+Bwo}LrGG@e>`zyD*f|>$Y|f@J3DT8N3_o9)`S%eWXxTuQ)lDIo0Pr_Mp@LV zea}{MeN^ggmbDb33m=fj=a9iKtddP&Pba>nS*CS;qF$mKz%h{!ar&7E|Do3;Qq265 zj(O(mdEpZ0!j7t}Cn7bFr8JtFc1?)DH5dhsK-1Pv{zent!sR#57;Ud-Z88GΜF^ z;@`>CjBk*ley8SeG7&a$=D%z^EIHrO;NHJR7I|yZCiuab3G1CKCnNO?(!Fh`1<(kQpKqRTXXW3Mj^kmQ8%Kz7 zk^V7-Ipo*A{aqKjRw%^IC;`(&%;udKP>{{sMB>g%1Q>e8;_gF#)h_4AXyj z8rX00#jV1FPV@@!jX7!N>xWqdd>2%wM4+dAlb#YZL8{xFt9CtytKCI88s)tN;(fA6 zc#fhKdL9E=1v%Xi5~+V$pbeXq#^swN2rK}C8xj1$&JBPz9$(VGF+Jsny6 zZmsiF;%A4iQ3hP)5+D{_|H||Xgu*_2Y<~63cn7Y9buPQ^KkUa}0h!x*$SDYn zDS|fdt1EZZoxG}b{wETxr0?+0oAa>{caf?yv59CmT&r&*5CLS^TQ6v^!-@DCbqHAy zIkbk*zvtTd|21*AEBDsW$+8W+L676E7XJLZoGtwj`TMdL|8+siI3KZ0k$6|S=@?!H zeYeUp(5RFRCuDkH$BEqao$zem<<{F*GjDiKNW2pWc@rjoK+wNYSK0L*j)$cIM{22) zM+s8QaBn-=nzU8OxO@7WtIU2af?0O!k>-yVjeE64c^UMRaCg(x&j>}CsB_ShDwRi$ zqEw%Y1Pi0m!{;J{I*a$b3bb?nsX5JvykMX+zw?_6_f@4mrI8FbRhJ)k5i$AwgMQtD z#~lMbpoEIa%-0lv9*AUumZFpv?4EUpqZR4xNRLXr>dC5r>h@=kF)DOt_Ze zlo)&WZUFYCfHv=O&c&|!baPi=iV}xrx%<6(_j-G-!}w#f_;nF* zCRacNV(~3bKWZ;>CR#w4-`7p2qRFQD>^dQaqVbQlyC%F(^5l<|iJ5hN&5KcnE0X84 z=T6eFqpVY|+;VwrX)GFKys922({WJnn#+f)_my$4sl?&LoM4!1r21~dVUzmi^>=)G zZs2&S^*BjNI2F%2NXc)w(QFAdXYWrchJcQP`|P3WCGy#R#3qR?u=2>FeG%Yg>=cDHrIV95)nRA7LcECNCnlYO!88JsVBO8iJfU#}ylBn~al5%0$&FjeYuC z+}LB5Meyj6kez@GCs38pYR10<-6%xKJdL*Q+&AKnM~% zqK3kMW~#T?2;ysFi!(9Qh$gZ)rRHK+Z!MbsXskG20(_x-qE%x|_OGmsy2lbrvPsPf zbuD97*U$8JSf9TeMOLBs=Dd9oS(q%iQ@%Fo$vDc#y)J-02%N-2Qoh=e*lQaJ#hI)D z-dgI%3M^;q>Fh--&*6|O!)g*_@5M-5AT#>1_j%+VxmP+ zukQ?v>G#ff{hEnA%eOhR**xnk=zmoT3S!`wQ;_8$yR>xDxd#h=vxd-%X0SJ}pY| z=MGn$m*sp)qGdY=gjenkJZqp7DvQRq7Q7FFPi5RHa@pzVh2Z7Pp$j@_gYe#{FCcb( z2T)Cb3+(4LEoNi}>;(bO8X<-apv&E23bZk<@&zzQX+VCj&jVS9d<ixw5$uifbUnVjO6`&PEbjNq=%N{tq5T%Y0WaQ*SZBA<>_yo^WQefv8T#iBz$~llyM>>*A2y*(#9o}gJh+_z4Z^oZ!Y~w3A5I1tV zh?;~VTbe}D{<-7n7uIXnC)8QpXRi=TIfd|$(=AfoAap!u2%MisM?QldB)Nc3UDNd; zhrq)6O>5Ww$F4%%Ojg4ih0)@f_pn(G!M5!0%jM#W<6;$;4+Qw+tb*jKVp(v%h{*t) z)HWE?N>qIeB37u493QYW$kYV9Y$+tq?xHACji=N)ZOS|Bq+;%UAALT2?pNLw6B9c zG!MbINm7(8i4pkY2E+R=U3y!=^UiJod{|i@%NIf`j&5wDQL09C(U0hPtCgu6F&N6s z3SI&F=dMbGH1n_ zGJ4L+%SEj89qg1#Pw^b^lL!COLG5bJZjdK=I4BQ3d%Ev@Y!DrZWwFX8@!f(45y`Pz zD?XU2_kMDbD}W?-#gA>y7-82g_Y;4vfgP%(BwCbOzo@@*I4^Ow8kJ0EK*SSfVb|&!S2lZ8IS{-3aB_Zr?F~E|GejeZ z%L2Zwiv(4a;avgx4C=N?24z(XQ0?Wu9kYc7rmM`%1P4ESwNB<2TAOzrHfsmVDLbpS z|NVe2QeVsed1~r_{Dbp{MTd#LIk~LH$Bp($vVT=HeqP5D3aN9QdB&O+$q#=S9@N9M zq#I*>XGjoq(JxDivhSCwY`RtCPrOLfX=cVYWaU;ZJ{$ZkZhd9r2c~n#9J%5{R;mPr z$SRy8PPdpy_@>{f`KWgB^_bH`)NH)0*`0ntn+2VIkECU`{h8S~-S?)Ng2p4vXro9d zaJRFG!i%T~R2wYMp91%YsX*okh-tn{e_AC#V!^DTtjQ2n-XY7Utf|1hjma;=d!Q>3ULzqATI;38KiU#geqCY&RM`~1*tM(?Rix2wGPE0KLV zdkNmo!ryj<;qTVw(MCsR9oY97Sa>xOS^{u_7}{16P#rf}N{juAHbyR)4#L(_OmKd+ zztp>I2@8{xiAIEbY$Iis`vlHpebTP|6sG?YMwU$MZ%TlE)_*OHYdaZ@aAP2hf@&v1 zudSc#>8!yQ4`4C~u|)qA+d}VLA_4mF3#%`1%MKqufh&hD58!sg!DJV(+bInL=0!?b8mEKHEL&J^IlWS zSMH8~93Vf5^gOLZYMDf8c*5&wcwXw^!zoWzC)fQmGw!moDGE^XiHJ``2OykK%7ps% znV&T$WlL^TNecFX^mfa~k&ir)90jkjw%rP=Z-eK`UO=fT!uK!0(baKJi3f0)w*c55 zSk43Iv?S$k_L|QM3pZyARP!Haw@U?2|H$PG!WRu(<1A%v`PHchgg%?l3I@;y#kZbe zZAhV3?odafo)VXiUU#}!Y8s23>`%9%%N^URq}I;Hcafe2JKr@|{{njlXO@ zz;n)2MRv-Qp9vJA(7zqzq#fpSLa`X&D@Ri{B-=C6kn@p4Gx_6cOtypZ%W{XD4JR@g zPZpn|ZOZ{J+rJ~PK@Pvn*$7ULfk~t4Dv!0gPDzNA?AO5e=i0@FiCUY<_I>cp?%lb0bTMJe(h_tMBkzq{ zjP&lLPu8FQxK6B^@})d~f=k+^spm~19(4738}u+}(^EU>rbI*&TipV51KCDp8^h&s zQ|4y`ZiVZI`}@|4%)?0ST|4eBQTK^zD*6-zJ6`nvf$Od^BlBuHN8SFVN%AY6OTx(2 zOwf`^l0&HX*M})&mVbf3Rsw_nU=Nyg`^6?s7Qz!3R8kEWqWf8MX!`IE?P?Du{J}gB z5EU4tG0lU8hEmCCEv^;5V-cEg#Gzsmi#s$)+S=gYa(|-8v({tf)Mq$+B8_q|Ty2!B2rhYr_9*MYG{!ar&NHox9W zy+Y1KSYp9UqXFI?JWLk=@!7w(OYU3MGk`hvno}GMDh{##>;Sm8|5!RZV7C1by8O@e zZS!cOYefEdqy5V}L4*CaX_r2(6xEZqg$KublBX-OKZG!`Px zVNf*c%bHA@BCTcjydi5QL@Snp0NN6adcTaV$J})ZkCNfTYvFuSEub-;judQj*&}L< zk+TvC6hrXm9p^v0?_4#P8U@p z;Kn=B)lgO+nXl|Qox{sYj_1yu%xO?3kM}Ls8NnrCdV$CLE4LM_O?fQFryXk#kE8)# zTW;NN6~;E2<*)Z=pXJhdWIOfi*2cxJv^i1OEem_M^5azK?zB%5#Z8H)oDUKqRVoR| zK}F!lAt^}s3+I7!huEjuxS@4+U{Xq;S9<;F>L~!`ORQKcjPxJ81oSihH?aUat-KvU z{hcfN5I(s%T!y_tiONiA$d;B8rbYtF#^U|FD$Od$iB(J9$Jjn3WvKA2O$ZZ-1MyIgSvzW zrfaxkYeH4izjZKXdn8o!0BA^lyfrXc>5jh(8x<$K87bk(98Sm;RvX>Nhd&7uvwKL+ z@=wA9fA;?&OkB?yECyb~zqR{(xw>@8SaFq_t&lI5;cP#znAe&_8-K8^mpizw>;OLN z%=y_jaqA@&SzngfXT8r)`7^t(sXXtfLx)*2Ff9egJ!~lLcrE&h|r3XZw&m|xLd)5`RlQrzq zZGnh!XqPcQP`l)pK>SH^e1v^EG*_br=qH1h4c;)%=9@VV?4u;}BCdz)s{MG>I}6AY zZ!AUxVe#~ht9&CEJl?@-EAdjP6>j$#PVOOV6Aoyd7u)P~@cWQz_w0b|1c)gY-9=K$ zIV2+H3|cMC(Cgo_$k)TPnlCPiWL3-mFH)lZ|3^yBb-@*GN33t0gX~i}aMBR@%vsVt zOHs0#*rw3;!zp*`G^9k&j3^)cmSSnut4`UMGjXW8u_VZ!`yE)Y7ZAjF;aY0yNkLUN z4=C*UT#GS{I#R?Pf0_KETtQ0}-%A6>#+^l-U;W&J3E8taMjpSC^;1Pj_Wy

3bW1 z+xNj^-_9U#%~8KXjS5K;10+-J(FPmMU?D~;Vvrps6N(b%blT_(r|F^Nc*sOsfw%GJi|VmBqP&mDJ&aM1Iz!W5cLxXSI@kPF zl5|u{hACfTG_-eitd?w!5I*G*m!TT zC9uT&)};?%X;K;tOlsHdX_)yesx0lAxYcb^T-PRMy)IDPNkU>wa`a-m(_5NG{)>MM>G{p z)LGvEK4)M_2cGlh0Z-NOQCK%+=KhS8z|{#)7I0tlS{4py52&C4$(p+dCmI;=O%4=k ze+pgOgp*0GsD`b@g4)r`b#c#&;NCe~ZVx$nUA64Zd5$@>S-bzyu!$|C%`M{38*3wi4=mSwrq@GVfAbj|@yoG0hST!WL-`<%wo6 z?k?CjMsje8MxoV?bb!Jn+@;(Nz@Tum7^jlk_J=p=GjUsNW4&2GA(~Lu_mA&(?`95$ zxRcnY-}!0sxZxF@`-<{%HafJ1*K7keP{G{qVi4-HO4~{59!Vg7Fho7a z#~jI!3v9lzXxxX+zM#HJt-mLIfE+y9H;;gF4}?3wB3dKwH4j1XN4n|mfJNl+8Zxqzft2NM7v(+RRIE1$ zQ*;M}k1Qe>qQ&q0qV}puSxk9d{jL2=x#d_~+?rDyYZvFMqjjS95v;nwIiqPs6+Naf zEmQctK|G_?QD^CuI?go;Hb2MwoK*Xta*qH-)=Sobhl(UoEE zCp>G?zsqVC%f4)yzi4>xRG6;Og0*96v$_nw^x(4HseO3AI6*%p zi?KJ19Ce^~A&Xrqp^e{djpaYhpmQy}G3)?1h)9qX7aPKGX zzY&Q{FSrSxB1ps5d*u%5puJJRo|su2ZHrI@frrkv@Z9=v4pd%9&uIv6G$Q$33A>%} zKHOsb8cGKDweFNn*!yQA#1`eU5EOHd2sgCkebp?9gosGLM4MASzaciER;{4rGsS>P zgVn3?!pBkc&(?I}<&CEv!(`<&b`r#k+%>wf%w z8)x=@Bvq63u5p`_SWCb57}oH2QcBH-vz_y=vheS`E>d9t!EE|*p>97x1SHeQ%Pwv} zePpvRGBgWhkm7-OLUBprG+ueV7)zY5d%nKK5h`5Eap-)as#3R3-3;|fz^gaBgU)yj zBNZGZgSR>%s&VeV);84aaqslL+0_IQLPTf(;@sCu|D0~O%NplpXl7Ht1G}XNNB>Tp z+Twzdifj|@viJN7RibMtYGL|k5+M!yyScQmMxhJ=KiS+6+*8WIpAu0+Sr-Wn9@AOl zN2P^=A!LKQo?+Ly{}guzm3}H5;A{$NX5c>#vGXbS^JFvPt`lf;JijUz{uQ#Lah#*M z7FII0x0IcS;OZh*bM)Y%BpMe9AF>t>w?66AUIkQ0v9@f0sh$}>=3T&Z;hWW)P`L-) zGbn=|6b*Uwg+Tc9{LRwt!B=V{XVm=>J0dJq3(C43d9HjvP+P6Us^vKW8gCw?ac*Rm z1bU~m7o`uTb$+EpoI-cUM)1#e#Iz4e6NpymR&y~oDg{prVsK=qY8qPl{XV1+`_4`h zL_PVzi{YjEFx6d8bta?_{Th2}3S4W~10Qog0fyl%%X-j8Fj3-r{Z$3*>t%J|`{U>H z_j@xS=wff=8iX>wWr^s&hWG6c)G)ZkH*sNv8rTHza3w1=2-x-B@$yqr=tT#`WI@aBih}Y@SK3#@)`k3|qd4Uhze_ud2C5>SE7RtY+ z)ZY7P%omWy;;MuK%=3nONp$zB;Qt&P3G0;s3`p;IAEw=!Z+BzcW^}(bAdVKdmei|E zxx>CewL&LyIb`|cK-A%2Eoykm7vSx0kt1KqV53_5|4HYlgPL@rwP=*q!4_j6z;yxk z8}{SlMOO_tY~Pu_Pyxv~SSOR82<*S#x3Ts@?SPx(^EU9BV}D4z(FJlQiYNWs=OZWD z8SOimXMci-Q~MJovD_N@i`wdbAilkS}N%;s4A(YyUA`nL22;X?#-VCo+5 z59GT1eI4*~o#(f>09Eg#y8>;WX^-QVH80vf+7;T?Ev3>lVrIkmMI%B^-SJ`js zK5y*NZ%ULiEs-5wG`pzp)2p|2Yv85yfn{a~ZpaUwp!oWs!*oFNpJBT$S5~Pl)BuQS zs|Zj%HCmjxCV-H@S*Pq02y|ao3UnqE?|kGm4@TopmwdcBz7vp8#na{(dEfzR-2=i4D`JJ?S|O2Ubc+X9B$gJKJuVXmxID%G2S|;VnJ3r*VJEGmZ-tR0T3hJSe?mI0JU$3Lc;wBeD{1x=arN zsiC3j*^jQEg7-n7Il}x8Fr~kH(9q@h!gzRxF@GojWlo#untHh7degQ6nAAV1c$_T5 zu~0d;PrK%J$1i6=|LmTpo1!ftR$c%sno-X9r zKUTEg2u8pssGZiqa9Er<4Uv^*Zx0Nd=PK@rra>;m9}f>jdU(HL{tF^W(A4lY5>K%5 zo`XFCT(ZB1e)Iz3{v9WhF<)u0u@ZFO$=}hQ$O|TKCEnRZiAUcRUjz3|oUG*~2Iu~6 zCJBbSC(G|BSEn}8+!4F*u!GJSla3p+8lhf zSSW3kwVY@boEiMOQrHOIdQ(iSvy#a-omDlBJu_GH@*2(l9DksJSXfZd_FO`HI*|I@ zDYN89G9HufRtva=4+R5}EhaX5vHHDXEpO?lAmRz2trjGr*aJaR3V?hZ+H)2G146Dx zA&r~yX`qtRj=_HrqT~=$y7Ed3jRo@BnTa1{&tV+!+eeKVE?-hkq#;H!Xn-qvrKZO$ zsBw~AA&x1`Tb}eQASvztu4HQe2<_OjRJ~--rN6lubcmqB3J&)Ce*gZi|K~@peo|N9 z`S_HmqSzTZKIbQ=2p-WdIsD5%N)Ye|-(y zkuZRhIe>GlgK;_tFD}~OF8NM-sA|{$@4Ln7Y&=0-XEqD{t;P_8*Ju5)RITMnN#5wS zK9VD9D|iu@x-~pnskt)Y16#^$_Hv|uAb{Yf@I)DS;W9AKAA*F0b_4zZ4kdW~&zLy} zqD35{v77uu+UDcuQP9RrA6mWwPa{K`>QNbT--x`D5)6Ki?I@HJr#UJ%p!2IaH3 zqs@`C=LXHTbzjgQxILdQJvD#+w|$7f)IP(bTgJO{MH(0sbd%4)-?XTovR-c*aRsd5 zX_#&O#bAl>ir;HT(`j>b|Ki>T#acT5eb_B|BgPkpzxM@`pbwmw{3~XUjab;Xy+Dx? z!7>%?JxE!B=Z6F^e9@K#G`p${@$|W0?i*|DDK71BPLuM>om>}G}Jx&Ok(fmbJv z9D(}7Z)mapD-inFOBxz67fC~!5HK3(i`v$pz%nDv{es9D_KWh)S%+mlFZXaXybQk; zdHh7p1@VrK&kOt@MRnHM!?Z}d^_yS8AB~+(1?Aul>Nn+t{m?j}o2CjAE2goyI3c8= z5?0^d1z`$NQSc$vAjg9Pz5s*qEcKcnGmMMoidv6qC@Q?9MWR1AFBe*1A<Tiwx(qMLPTh>B)>Fr%D>E1y}nc$>N}uup4Q( zDY?)DrCtiM_*Y(?liX?$UwXALn91juXCGz@D%?nn<{_Q*42c|z4!mHib5F^DV!bi% zXPln1u8dP!!Frr-xcPQrba-$FxQ9KT6tJMP;y`cXwuElDBdp~^+OtrRRyvwT`nP<~ zrFGpQoEr2`g{G_R+t0DQ93)(kYEBnM{wAG6Hk`6pUoX|MOD(q;A90=SkSH-+Dff@r z*jVn@gDzSsIGYdHKC&`JavQ{Q@H z&(9C#&;;E>`c5fb8xVnsRN6LYi(B$EChJFX@F16-M)>(J)mtEu^$~$jwE+7j9VzoJ zld%jV(Ydy~3i4>?S5^Ntlqs$JxODdMkRH=138ZbgwZtHU3qkPOemJ*S$E$*t&@(LF z8(C~1QIOL;Y0{5^E%YD5l_X~GyXI_Q4#Qudm%AjQcH{YwjDMngF*yi8mGa#u)R(0W zhjLjdLuEty2-=p1G$yVmVrO*0IBfez8Zb{{lXp9UnSX9e`gT3DLq7=45L=EmrvS-( zr2^(zORa)_#N%(t*zzG3aVJy4Y2l-(I+okC1odKfZDLKdg#S>S*%GmC8~Bc#vA-E% z2Hz!c$AHoK7ccR>z@6jSSt`Y7ou=m*#V`Gmrd=?gbTXl_2eL(gTE8VMGwk^=J1{cb zSRHChE~iH}?SMl8WpSKSA!Yt|8}K~k^a#)zQxr}*-EYRA#>6T=0AkmO%mLN(KIxBe-#}`H6hTzUs#QL+!(&wz)g%_3aQR2dWEx+rQj;z_1P{RL+367MQ*ohnNpAXeyE)kzjAVeg_Ek`nC6}NB%1BM;h5cRtA#K3E_vZBH=r>)FWjW)Y#tw?OY zHl1zMV>G1Pn`i$z01_RFzWN=Wem6Qu^7?-Swsq3%GC$ z0S$)Y$E8$cOziCFZhQX0y5pjq8M4;s6J^zsCpyfJyS4dj2W(}!c%-Z#*~%Xgf;;vg zs-Ud5jN|nUyQFl*5K0dV*b?-U+rYfCQu8gv;)>o7-V36S>2pD&Ia57LAE0JVZKMRB z4&*`yY(LdN#8<}#B<0@J&xGa2PX|mfZA@CG=RAW+RtJ45W6%0+cq1%MnO?ox#WWW!)sgab!5betYrh+q2(s&VMzB^?q?OC22Ql6gK;QDQ~rtkNcISTLK$| zZSAQd?+}x3;%P7%qZ&?bAQu|^z&L-$*hf<=(BZbrp`V57p91 z8al}%K_qf*(nRBaAY}XUV*2u;@vQ+PNGj2}k=D{RF`{X%fv)81!^E&L@)`Pb(@rtB zQVncV&v>U<=f_e;cU5^<(m4IL)Hqa&Jqb3;DL_Hl^FfSr3^LA*|{782U z2p!#ft^ZeWuLFeI1}8*>ozWDpNk~G-A9@RzXD18L-)_TNH!Q*P8;7uu&MMw#gj2XP z*aI&QqDb1F9*laNOmdVm*qO&|B}~0M$byH?%15 z+ng|4`wm11Xt*HTG<|e|9DMHRJ{xumj?REJrGn|ZLA7JS9k(p-i2MFiH1li6hxg3s zeZ*AMo2P>AUG~*?sP$tqTKsWOe8=0ESy6-G^3w4dL#)jRMB;hP>mUAG81j|r%g5qS z{+epP;(s`iRi87MqFg7dYiACVTRE*J99f^2xhv>ohDckkepS^HGrUUFR4`{iYF`b5 zW|yEU)1ke_ODA!VI*OLc9qWdY?*RjkAS&GZ<4-j{P9N%0Az50W7U>1CcgNdLwM-dn zXE%MAFJ%v{YLUud>{W7 zrH=?7u$EKI*RrKG4DSpT(aB2$zdjij7azKJ@ryd3)ovOavavEK+WsoWw9_Uw@6s#m zqSpV4>%i~S&pfX}{&Wn3Xoncy6ZZWW+OeGY{a9m6b628Fb4>Kmyl$GEp^?*A`(f7glSb~%{TIto|>s2bM|j5?OdyB!Pg;J5BM-* zb7zFGwy#SrZkVWNCF_lsd8AAJ4(MxeHKY2UU9mto`7>0RS!S%TNHW(TE-@$Gx9;dYeTeg6^i#=T$x7UPFuUQcv6-(%|GWf z){Nf$SrOWOomdoiX!|)(CNlydG7N>y4dXt)ib@Sei0Y`zBKECi;qR%-iT)P=^FR#0 z-K&CQDrb`-?4Q8?=1`!A_=Sf?uR|4dI#<#&L4QVM3W@z29wKMzcnG|?6@zQ<22s9l z2!8yLk3pcMKK2lB^`L@g3u#bC!2;q}q3e1#i@-x817v;@vue|ii}`XwWH~iiJQ{hJ z@g&ho8Z}|WC*~@!fTORP_YFKIJoqFVe*D$^aoXy3e*Cd@4}LlYy(b%>kxR40z2cDa zPr+}HBj1_MMY#5=G0{yJWQfyK{ff0)Pue7|23bdl z#85<;#O({42hj{+CgRrPtLlZf&|@(hr>*qRPD=U7QF9C|l6M4(styT$0>>L<>w1XS zaa|)t$y1suQm4{*r!0b8?#3FOuCo%KOxhqq4uf!0beUC#QtePtxoO^~Z zHsM-QLuyZj)SmR+AdM&$*uEU8sXjJ=)KvWKoTSFG(_e3Ff>g_F zpqI!;chH;j4&ttnb)(#j99@!fvr{giTrEU5 zmP%6q#IYA2bo5i_CMI3%pqZB>J;dh@?=`FSNCCYb;;RYat>9GI#8BPZ(}azFH({gE zn%jY+ixGE5A&eT%tro_t_K3=1gqlab9j{V<5MnP53jfQ06tTNL`z9oX>$BGVZY%DpwcC2$Yo)%~zWt-y{_)S39rd4` z&db)0Oai$GT5Zl)0^qbb(R@XMk1#`N1z(=TVOv&LV+-P$|M$0X!n+X=$t&C=BGlg!mqpzc&T zK^R?3vGUm_fJ#)3%-(dR$RX4{0Y;rWQ5R0aiRk=mGq_Z#Mqys+)!Qn%%|hDM%Rl z0iv=q8Pqfj{h2vT(1g%w{~el~<(1Z~GOtuWAH_OV>0|c9bcd%l-mj8koSYp z1b&vhnme{l9Qng$`pF}Tcvu&+n?5Eo^?nsfb79j;-4?_Uw6_L|3dNoZ20@C?~_8f=9tMH!lN-q?%GZ%4PXiDvTzbh9o1=( z$ng=sBlMU*UAS#b(|Ho<%a(@G8Xu=6rF zbSVi|vRHDU6|L2SPbxW5-mD(V$Fa2iUvl>Qze?@@gKqaQ9shTD*wlYr%~QqxZ!G`D z^8Y?8|HkJ39&G-?qu%$#MZaJVsT1KVv2MR$&%^%cQ&9OVE$#piKYN!*=?d}TRw6T5 z(FvN2+Dleei-^9nKWwE>mF?ncs!*GUhFl5;B^kw>Kp1qghhG->n1O&I7du?v`w4v@ z)F(33oeF(QUt99g7Y_ChlchMzE%;$HT3qxJ&4${#DbU3#!8bJ zYn$o}Z~SzQ@V;+01Vb3-U#f{0pA;+hj#k8qYs-o26GS|N70b7lkueBOC z^3VQ|BD4Tc$Uh(4tf>xSW7RYqScL%?1PrFC%@bTKAh8{ z$$4{Kd8#pH8v35wnt4L>-54?z3H-eZo48b=AaCd#H=VMVnX+_>eU9i5Iysr((u6O_ z4f!(m6H&W@MNHYMqK zr?X%2X#75$3=lmhzRxLiZr=EuV#Gc%&qEF; z^vaXai_im22-ol=Rvp2I^d1Z zLW;oqj~Ak`L;N8gg<>Oc2&Ks3-c$@FW8TIj*WsezVK?XwxOyJdbzzPt=u4jrhfL;g zRhh4)6fUyITtxBhcHzr9%WIx)3P8jURU!EsXfF%O--^}b?i0EOolm^)3BQ{9&X^J( zvy!52ixRL;xTM}_kQqc#?tP8dTrl~^xL;1?;& zVmdzsz2nWHh|9CLuV14Ph3*`>g?I@-O5rp|vrQ?hFRBv__JONGktOsHa6_p=5FY_k z@z}-eMx~w(DPkQ<4`DJ+)us3rG1VOlhePbhBn_N^A^rj|V<7@C4A<2!g3z5k<4^(xnYO7njoyvp4F*+1$w z_kULL%)0-h*LW4zf2^0{gfh*QpAES3qg{#XcQ)?E78ZE1+EP+W2qw&5Fc1cD(R7Y{Q-~lX2`%om{D@QK>v`%lO!ZuDB~Sy2D0lJ+fnO7y?O{Y?J1gIC?- zM*myIGeiGdUD~%M@%P57fopp6yGix7@fu*|3~!tSH()T`juvkh1jO9|+r3@uL}>!Q z$XvRj>s^p(Yqivio=9fh4@jKET2--YOBZ3=)UDeU9n0{oUC;`M+u8*(lXdiAyYq6V zWhIzNXP9}Rv^oQr81W=A^vR1N48%FP9WN9zdRJm_M`kg$W}QiX=P!`i?xj$3Gsu=} z*!R$o%dvLSgUp&&F;2v*m9ylraI$2UHv1G4Q3O!a{&#@EJLrJs1nJsqYMJ{8$|L8)V!TECyUG z(FYQ*DSk`FUFVUo7*EANhD-%OBDb}>AO#=kt6!TDik&6iOG6)XZXEO9`-+y|kBjhFwmQmS3h)JiWuvwL2KiX zO{YbEiJ&{JOoJAw8C=eaUP;S&|ksdQ+m!OD|kUHq$v>KmqYGK8q*}UodM9(Fy z%cRbIM@=I*^UOs^h>n{`vbk@@-CfH~yrz z!U6Bk&^?z~H5SpPOOJ&1(k%kwCK8gxS%N6?2y_AFaheYaM)4JT3y{Pcx~sxmAJ4$= zx`1QCB-=H>sBA={)6jE)mQF+HF$8=xf*ju>whI_SR*z;=xVyXSP%;P^4-j>bL|F%u zJ&AYhkJ`jx8Pgy>Z$6j4{;U!pHShV^j< zX2Qf1umK^xb6CI{3Kl_>$%rlb5{9pp*t9#T!X~yEx29}jM@Oe}V_Q69V~O=8n))8{ zM|`{#!|a0NE_ewJx^blPPj;+-kr|u^jspYeU_M=rgX4(lO*^NRKIALpyVxH|W@I19 z6`3IUw{j;ebnq2t!R+Pb5JtA^nyKLxa7@`WwJ|>@z@AH{H)#E6Udqe0XaST?{TZi* z>qRq5&508LfzUAofhGW|l=3a@xKC1gzNdaEI^U~2I72?Kb?6=IE=sQ(CkOip^u7n? zJM*VDdDPE(6YS$jI9V+VLVud1`q>;7aTl}mF3w`EbpJ(MHNn0qIKFMOeooc#@1EZd z=H<7iptGJ6-X7deRI)d34NXE30#Lv8k3@l0R&wW_=ekN4$jGB~7@$ zfsH%D{&@BJ=SyknvR|MK9C#e3g-L!Jca;vBvJUU0SHonU1Y&99{OJed+1w%qlgTHU z?nvw*1CKa2ddG7yyGe2j_66Cq1if+Q4z!Cv#ia^RmKDhd zJrz20B9LpKHPcx{Y!yi?2BIkZxgj#MtH1R}hzS&5!AUSrNu9cPb8G+sOhHm<1223l zKWM_9dmRRz&=Jr_JVA`ZN$@x{;!+}$nB~{{hO}hp2~<(o=NJW158t7 zKkBC+^-~LNZep}~$Uh7}P#4iBPMa~s07xmmmBH+)ih>Lcm`##mbe1GW67n_~wsl;= zQuIhd-Y3Jp?5ZKed_ufL6T;CIClrp5P9FXUlxUSY5%5;^YmuSU&I|!@k_{Q8a)L5j zjd|}R(<-0$**CKr_;vfI)0f)kFaU0|{^bwW+yf!0cTs z4Wb%)LtJjQJScR(rI>MyM`OgerS@UpBp|DaBin%Z+n>o`7ns@;CPNv;qcL9qXmwU> zKvypI2>yD3-?4?p{-%^2$rT%~5yKR@S7S)sN6;e@tm!IP0F%G~2YOEEsql_F=&M5{ z8v4Z-f%S`mPgFd}@{(m2+>Nm_7Gfhl~%VtC|)pEbLc%vV`QQPTC zuEo9yyX`y781_e^hc_{zABV~&n6WvEZ42U1msl(knU~ZiYW^8gGga%DNAB{6sz{7V zuf#mMov&v3SOmH5vQAx4`3+An{}uB`I_IM#2DMKK|}K^`l4J6 z@@GpK(cZ>HapmF@K?7QPOhzV1DtKR=)h~8ocRlM<;e9G#793H(&-T&+z9UnCJKUeXjSi-v7i+nf`x?JiWTy*2@ zN>N1qRkyOsV%FU@aDU%U+cnmOL7Rvqz*{#%-|!Wymf zR$O-EnRnxgn^(Odm(#<%_vA{tD7h_H4v$VP|Mo&b6MZaMvgCVnVE}#Mi2Bfbd!aF4 zeNhnub{9*mg-4+KGxVVE#0W@!SB8ab4+{fuCDTD%$^v6qQ0!j?hl;+byu$t5!7c?S zr;Cpx)I^~)$d2SUxjXL`00E&qaq}`CJMo`a0dhLxt@m((%xD@f=wGuy=FP$`;17v&Xdb;-Eqof%Upl#;Ob)w~SGlPXv4neZt=QBZ^pJ*ND+OqJi_^ zC`-bz1mcn%X{avd!eU7m^GVuB!xSApakCL#ju!|g6 zQuQN#O7#EzgM)1S=l#P*|6j#pWe}NR0~Ct5E2GJ*&{$9-x6Or%>EoLW8HgT2)lVY4 zqQam1(gLbxvY#cC|Kg5H6J{u(J!`|gN=oi3c0lsQloe4?PfYfaRujurjjM$;wbYbT z`dW#um4mNEHLj~Fs_Ke0j7{CG>wo6l|DhwV%g*NpEZP5i``t|a-`;+&+5cDZEWH0~ zf;iIzp(7hg_J7@aF*TrY@b_`%sYh1@5`yT#{Cx)N%X{JSdMezB@dS?0Md*1~$f1bm z4l(k`0D7Ht(_-`Uu{q%Te&&?_x>>FA|KKo3{x|g>SMw|@|MSi~=F6OTmFQ@bkCPVP z5R3_wRHG-5JLBIHr{2q-cL6|=hagkvdfvHIpE}Z{u}-th8M}Qt*5WioEgR=oS%76d z0|Re6nHO{39GwYxknaWr`^I9MWp`Ec?3YtL_Bo=r&@(TZ&lL{})32wT)RnsHEN}w^DWV_A4f21%UNqO#*A?+q z&{_I;0rIi(FWcE!_gWQbk&=+33yQ=W_xF3IEPT06XdqN?Tp}q;us@1U$1*=C^)2wg zcI5@ib{+|;;~kUywff

6T`prD-^;f=F|LD-6W>&h^j5^uMZ^-_=v*|L+~9^S>V) z95(j^v( z-t{d#UOVR&3dMGvChpB)?+10r4rGgOdV4^!n@ z9I5@donefnT}~Ml={ep7&t)}}(C64Qn9Wg!^3$E#74D!7E|*ON43 zBuOxP-~!UOj^gce#;ZjG7AR8ru%v<&#FGqnC~u$9Ve&^Ri@Tj2<7@g&#re)XMmD~; za0-bpq9_j2Nksh5=XVVz(1iY#o<%_n9Oa*{$ znrd57|BH*cL08^{C4T!34aS7ru)WV@&<-GX#(P@CP~zD)#mf9YhrQ#Z{&&!Ob=<^% zuH>1i|CtJ|ooLa2*K0mQGo0~~B$CXlI%0qhpku;Fwtd3q>)Jt-ztb7{^#GX?ZgK<| z@-daoXh_ZHXHuvAdsH4xZQ9Wg6pb+B)LuV*V4y3}#_!xh54(_Kf23tqqTCpZ z+D$@U(&`q`fz|N{@#ya`a3M$Ovksf60~WkV*+#3a51B3v33{F0QBi3~%dXIC0RDKP z$mzwOYX9>X%58ZR^~9~|r-KK1+GwJKKiOf~Om_Wz>&|7XPx zjT*3OHGp{N5)B0qW^BbqoZS@t&n4F6QR{ zdhI{)mttWR_N(@i68V38c$l{T_K$nb`Tt6uN0k2$Bjg8?5F>&94>G7(f@=b=A+mJQ zjbQD>y+O$mQs20{jTx0NfzB@8>h)!vUm*i6v&hg3#;~W|tk1xi_y~pw@{l6HuJxy7Qqz7M3|cA9%L-(%+LH(5C*!;7#T!6#ODzEh~}J1M8YL? z)UW_Z@(NCejbZXoKz^NCSTC?HHI7E>T|6ffQrha+%* z|NpWv+&?;As;3M_l0J=%z*E^7Qgl7*LhcxgQoR~7i26wm0_n)2a7E=A`W9cd+hfA` zX$4th)XocJ7l;jyrx zp?}7-?_j@c)lZQ>yeIx8A^Zez8lvP+pBSS0mG8nYT)+J<|I#a5(f&V3`+xV3d&iCa zzlx`^|L3;d0Lrc^c!tG5$Bm_)n9!GIq5d zS*Nx8BusMEuf$1Pm!Hx5_vyR~qF>KjhsN-44FAUPZw&u}r(XL%U_nm!SlRu*gQN8M ze|NvR|F@cFJ>$PhqG%t+bD;L#z1!XZacKMp7sS2NvPSJ~wIrz8_;9eCXxrl8=!_j( zlErYw>oZatFPnQSp!gPhXoTDoRlrla94^tnLRnyx6R}XY;x)t^=xKmB0hAC~L+crU zo=5I3Oh0d;W_E`k$5_^zqsR??7y4Z7u0HYGq9gEE;9@2_iXpN_+?AaSLJsZ_aG(zY zN^Y@>0OqD90A%0}d7i41MneysfESmd+cSUqLS}9IO{i050J*}769HsQU`>^RBd+L- zA`r?-gJ(f-Mkj;<3i()oFor(3dL#QP9xDt24^5EIp=V#A&`sZkjLYT7MqRfv{qND@{~zY!-(v-euCv(ajxiQu}-|tiJ{-0kZsMP-JrT72+!-J;&!%Cj-Y5%WYji}k^*LkCF$`IA}nAA6# zki55E*jVeC;Ou8v`JWQ8v$8bBR@S>2L|3;oUL=Gv zXEP}f%%bH)x74%5zOVw?4r~u8nVcjG-0b}qlgD^%@nQ=ks_V!-ptJyvHPM}PJs#0% z+ko?Upd_Mo)?vdi3}u&cjbEmrhol%po!nvqTVSb3Tth%+krJ_bC*bYKCpt_n9g3Q2 zSxZo0IxClPohnyn#(k>K-U`v8R@Lx->b2I(RvcrMcE747$yJE6fhwt(?ehHc&DqB{ ziLX9gyf$As9!5Ubg@=-nhjBN{Dra#ol{(0|cKY1zNR6d*l2)S z1JrwTqXRZNVC~P`YKpzzRn!hk^uNQy<8=M+!~MhN{AVRkUCL2A&NjZ3aKMa(h+d+h z?C}{mR|i5+R+?sb?mfhXr-N-VY7P&*8-)Vf8`Y>UgSr%YD{EJUgm|IYhS zUA$G_$Kayu7wJy;82UuIoN~TMH`WS@o{sLExXI6y3^L;yFJE-wrVU=ae33;I3<8$L zi&Z7EN+ZgXl{)i&RDvq$>F1)3lW%mE7 z1;fhXzxNMP`Cs;rjt}>n{eKnDdhGwjSFWDA8t|CKtRnd1n@NTDlIB0n%BFOSOtj{5 z(vx}Smj5maJTjf2_qF)AnEQ;Hk%dKaodPqm4KaoSa(mA+6H*51Vy& zKzsyLVJk@o4g~>=w}#gdk=4B=EPM9<_*;tcrBW1l*n#W>^tRH4`zJ#0{VkEuc^P0$ z0EY|@lD#}n1PdjjkY*>(UM|ga4M_Z<8l48jRR~OFrmXTtVe-mK!_Jk~yK+x66Kckp zwktqbV?OP|zUIoBJs0&@kwfKkot;IyRabiG`O`qppBCGmN-Kqg!u;23GQ$kKr5UYT zRXR_kuC~X>=B_R$6+w3%;##pz293r~8?@WHWm_xICCQ#s{l;7M{r%qjJE86^Gq(&z zt4!G=qhAP}K%O^CkBr(w`D@7p3wv1xuHVot@`}Ln#E<1r<@T{KP%iSPQD80015LDu zbC$Cb08{;a1D^@@L2I`)2gEX);qw`T_=Nxq9l&QoU+h5F#bS?vxyTY&(VD}1i*_^Z zL~o};8xXLH56}Hs&2wgyNck?&_uO9qF^WnY=*gONz5Q36Zl~Mn&AHt1SFe@0{24Oz zR*0Rv@hrC0(zQK+47H`4Dj|gGBP~q3_VGfM>DcY(pU^y`Ej*?8D-|q!i97;bMBnD` z_?cx=rwDDTUpuX9qnr)bJR9ijp5{><=EhaNPO+gltSVDdvu!&;Si%TSV$Aa(tkUfS zO$aTkAd&3(oqT0EvGCSs9QqELy~QO21J`QdXv-7f1?D$sia;Km{r6^Jms|lY}oSipG&q|f|pfJ|92$xv$$256EvknVG6Mm z@zRC5*`}l9^B_)C;z^VcC>=$8kpxR?i|>ewPQc-Qa<%IUK2DKGl>$hvuNBA`ztLA^ zWt--5AE!tP6cUEp? z-z#})i~lMq*>!)P6ZKs=V64s{fOf!wwK&MvA>z{cE#CYH=?HP7ZJ(SPZ6;L=`@h2h z(v3QQ$5DHO|4dIGZV{!}Mb6^%7f(oJ`tk}{&=Bs zhQ9c7%httHZO|8ve0kU2v@;t>tVzqRT%%;jUNI8wO;oSkZ2ou=G94qoGQkU`y_boV3*41@@2=Ak$o6Ggj&vC3=aZ<5d=> zC`2o=z!%RelwVltv3JhRcxLK5dS9%klGnN&9?KXOILA0o}Po~OwzU6zV^FdHFp z2JLi8=yv}&L5qkZ!x-if)p*leqti~@ri9wp*oZC9*{Oe zTqAiF(Z#Gx|9b%?U#9tYT3TbygOm9^AMx+`83UrDqCg!Gw&Ky)YKL23G@F*}@$Bzw zp5T&0p4cSiK+kLYh;ih$z_uWE&;hLxg+u7WR`gd4!cHnXk!ese#gz=0;o#Y%ztnZD z`1b`nuvg1;u^g7NTwPF_L)M{KZ@l%~HG9d%tR)dY^gse;2axfI#Zb zp#qfc|GoW;|NpSp`2Sb()VTkr4F@aQAnm@qcKf1&&?g{jGSFU zibi3Car{xcN(fTyMSQ*kS_vX=fp37*(09P`f&3FsuEOCEe*vv_tJ;-+<6Ffpav<%* zTs7nVTr&7nuh#PlUCP(u(7n0dIRUL+EAIl$d|_tK!To((4>w2b>+=)}6is~n3bs4) z#&hTI9vOhvQ2d<~M0+n=JDoF=b+tku{CD~+A^-KSdr>y>n0k_CVVV5j?;WS*fA^@l z|Fe>(PNDw@a@|m@h~qVVYLNdK-b;H0%jJJJCI7p}`%V4# zl{}j(|Hov48sYz_!e1;wBl*|*sX_kV{J@HJ|Nm7*{-^W5A9TB~n*2{Ic{W%6-~7ND z@&Bme|K#89b=`sN)4D`JG_UkZ z8sq6CnwmJW%iUZ|sP@z>|8vtqm&pJ9gYH3E|3Bnw0;NR2#S_c3*rCPkjr@%-tK ztM)dtK2o!(FaOND|BoSck&iMlzO$Z^{r`Bso38(Gu>Y#L|F@Dy@X_-~OfztD3S8`P z(CT+vAh9_pIo^&XLoGhTZM(`=vGXrv=*<_*IQB;oEISb}&-(&yhInEst$wdHmtV1M z$(43W=^2P!FIIB?K?eDnP3L?JDObDc{e3$SueBM>DlJ*m7Ah*meJ1>x;+57Id6Nzs z?~Mt$X`O(8Fy6*KFYV`6UY-2O$@^yI_EZgrc_m zTIPJf#E(=OBQ;LUh85u^QOu!uF5>YL`c4%L0AK(Bx;#a)5>SOfnXWl~PJE8OST!hQ zk=*yhza)fPMHr%=Wc^&w>vp@5W+j9PSH-JOzMo$jr6Ss0LVf_ zDOFWfr|oP0>r*tsjMJ&|MJK%AD#wV>tQ_ujC<+J@yU$eTCoF2n;V1*cMd*2EHDvzXvt}dKa$Fx_(so7{Min~zhD1v3x=FbM1y3-E2&fd-tSO_@sE zJU-lJ_lyd=yUD8YQ3-nc%eiXHr^})14K-6DzUH#-x^{Z6rh@IWyPI8#9e`U|+dp#f zzfkT2l|H9z*G*HFuT}*6ql~Q4i&aQl=9C-jRR5QGYh(`l%>LY@$I$K-Mo`F9ulq3OKp99_QpP&u)yZhaC_f@<1s>V~dV}6@$Grv@AsdTdKoo{3JC21HxcPwrhfD(EBcC(5w_qP!{`VUb zbjxx@V8*${in4BOvUlITQvcYN3=rPR#1XM|XgPoMBf@F%HU*;PEkri_?9}lML}pkEsZ+8D+i8yaR+jW-t+fXU|1a`v4(d7+u7X9a=hv>B%Mml47q2vUma0 zb=QS-P8F&)GCEc5_c{Xi+VT&x>sVou9ZF7xjNy?FsI1V-NvulAm|W;^g_Jx+<@{11 zSSVc37pr8#&IVH5@d>!*G(^`s9q?8#FP{e3fgZU0`RrWu83wyx zNuM1==0k4fnQ6>4;@OFl5BdH?0~n!GR#HAlI6!=2o)&07KE)= zVOP)DCIQ7y(W_#Si4my*a-_e&&`#pLh^q%v@ZV9ebuO{mwE|N#Yt_QL&QPvZ?#&|L z1t?dTK2nquAVvav(L%~#aXoU(zt?8pk(;`fa28tY z0*y?tXA44(jlpTlyuo*zVtb6N#T!Knfj7rf|vOH3jtdiw`9)_|?Xvx|w zS3yJ)1q%J58?#kH1_GhPlA(P-@fZY`i;pa&Y5i)?kep3uLWMG#h3NVpS0CO-N??E} z!;I%C3B*sx*@)f@RT$M0czA-jGH|YQHa|gxmSo@6a^145^x($$YcmcxG8b&bw=zo9 zm{QjfB(c^N1#Mny@1Tj=WF0;UJc)aIRE3pG)mBM*G8~HU4GCi(5bCOL#>fjIb3keP zcW|m|#jC?GihLJQjXFsRniUlxca*q%t)_peLus$&#CC;QBm<|g*oxJ@8*(y%TyUB<6-*yc<@ORN z7Bb})(W#1WJ^z-X}8 z2iMw@rKI~w!BoSY$ZAgFLr<0ySqdEaf}$lET>sGhp?eLs zwY_sKz7%%RwKR6rB*&Zw*V1}K&{Y$QN&Z@g&0g>9g1a$x#*t-lH%6MR4E}XfMGHQ; z1M(6c;AA&8b%uoA3F|^wOTyknj5D*NnttMWso4lZB}s!&P41xE?OrcVH(TIZc$6mLq0Q>RPkH<55fD`oL7Ey{_R5%gM zh3eExFolmC#2BPgkd*fQ)oc08wA$(6F2cG#_R zy(1tQK(Ql};m|O$a*D})S}?8jgHH6+cN25hfJ*QtA>)eG2PkSj6KM&M6y^%4@cYHz zxzS`@z{mt8U6)#qk6fa9&o(~_?m_xcLK+`M?$xcf+^x*_mXHz6heU`EAyLxKdg;Jb zi&DWen6iS1&#@oc9^&X=QwE4Ebc_UsyFR-rcPO0zr4Bb|$XO0|S@C_V3-m_ZB0)!&jS1il54oAetEJ@k_y z!1vhu#1Q)xc@wqr63EDmj1KZT;7n+46tU3byWkE1kB}R6QtWxsd8+g;f2wcW0DaP6 zv8F{C6!NjMlYMoTE}$pA;9ocz#rA4+DiP)A$lI%m&>#&smayP*H|@wIHtJktyH7Bs zLT+eDNhls+A9|)|xpF2vp@Xd!_PH6nN0FPdlZLG+@CehR%ZEj825sY=_Wf zTAsys_fNmxUnhKId1j{)p|(?tWTpDRl%^4Upt*GI$y%hx!VDsi$c8B>X(p%|2cd2TQti;0=1kd$v_Ag#-4xWExj8PVT~fjqPMh6`X@$rh)Qp_QXUmc zL!bE52??2bE#5NYgJYJBPBE|vgHtGr%A5x<+7IMZ1vuDrZ9Db=ia>S01*YUCqp!yU ztwm_N-gFXq!NI4uS_H-b$1_I0pkC9b@`pf*1b)V18I^}e?`tJ*Z4U*#t#Vy(&m`tJeX) z5PGA&i&J&%0vFvPj|5Umam2Vff>j^%Gg$%WFW>cmqSlIU9j zjXbcGSS)CReHkV!R0h@L;!^og0;n}GPe%HHZKdIfPuDxmZSWO8Ir2Xu|GLJQE&q=X zd+Ge&y~Bh3CjaY7o@XFecy4XIRfd{k)wF~KO2Xz{#K^mWka~M(S00;to{_FYE3`|P z@OX$AXS?7Jt>dVH#5mf95(DidWVeu)_FWMvnqmMgI|7qEmpF;jL1`TFy@XucqsSrD z#r~)-``X(PB6fg%YfssjZdOFQ z9KxDV(NuOUugD)c@gkMiDCfJK&eqnI-V@Ulu<+XJ-Bs=tF5(b-48Q>ixwV7sW|me( zhjjjb_TId?Z5-#&Dt~bvux6|oPO_KIwySv|+Bv*k*NWz#R*aRut z?Re^bjr;ZPC%J`<1UK!HX&b7V>6iqu9V|Z_obx-CO7{~9&`EUL;0NFaaxMD^`OY0z zzva8ZNVQju-(&hnB;=}XUuaL*=RWE?+%{9%#AAIDd`mTjUt@DqBR(5y>gG@!!1D}O zF%=pg;-a{h#>eOA zT|6oju^^vn+&PQ=Uza6nZVR9w=+%<*NOp!?d<0%hH0~Aegvwumt|9}UFMj;+zvk##Pt8V^(yiAHs~RT+_3s-ZI8?8D?e!J zws^!xqY~OSX5T`m7CEv7A`v}dW9W0tPu$EJgXPZQiC-jK>!giNHq|yOIadbS!^Fkz zwACceK^u~)GT2pBDaxK#NZAq%^gSh2q)Icf6q#tdQn?~ZGaCC5Vnl&0JYjUl4{^Hq zJPMrvdk#`0-1O_#EA_0do~f~x7;3Sj;?&U=C!JxyMS9<L5#fL)s_rfK9{=X3KH=mPArB@YJt{-)<6 zT?fS-7TKRdA^`G(5N(M1zw^lmw09e~tgh|7#%-mdJm%Ybs>3MA0l7jc)oSeRi;r84 zy@SSWLyV$Gmz^{RR-={SQ@Osg-r?ho-!O>|k;!U+60Sh!zGpeE-|--m{6u`LVRw+f z7(&l;?m)dCK~f*yNCX;Ez9wHx0%?ZqBVpAMIFxh0aPyDBkkBA>UF0MTs9eD+clF^i8eq~;Br`w; zFjmu#TaDf0MoS-c$8ylM5`(Ta)1ccuiUwULchI%6gN`%5nsKI$v(5@YS#oWXVma1D zdaO*%_!=a7OCNyI(ePU=txJAuE|-QMZv*7J(1|ShLSf2RkX)FGrhFkB6euev-F!}3 zK61Ys!6n51zD9Rx8#-+y<#OqezBXQE*_apE4~0FKbR!oYY2*AUqde7OJsejF@bqcx zIiZE1v(!$Xc85YlM@&R-g$75p;l$ga@>Z5`C*%^k}*&xd^bX|JG?RB%#mZ z12IGnwIKo{ry>^<Zf=r!^4w3mXpNYL6T0QL(iC_Zz@VNv!`;IdV`?isl|8ZTm?d zWN$fYk}XhlZ&Yl;UK!Nued1dvY2E9ix@HouGyc5qM<&;7Kj22^&;`i%iE^yBtk73# zCvovB^iF!UEpD8v+fpYNdF*m~pA)_!MZuO&zAN z3sc*#;y?FQ=y{D~KujKq^rV{Yyy`;@@Z5g9^?XD*yZ6cGujvvcQ8sJTmW!S3hZE@& z&-!RI3OTu>7>=szL|<{wTgOMxz7qsV$mQOh$VYZ9vML{98W8{PTcl2u4m^s_!A1e{ zN7zO3PFD?HmirCyucg13GPd`Lja(>{vF*p$BqJr1tAtCKU`=JUp{j+-v#)oTliTa~_BQf3 z;nhB=RKA0A=)(~keBe8Hi-cVXTjtnbLb3n7@*ULK56J)4lYj99Dc{%cY<=ctDNq29 zlr6m6a1&nRntL!e6m;Q;E7rNUw_?M~r!WQIzg4s5Wz}y{%~B4g-$CTRS?Hzs9ek@6 zIiXg+iAGOmt@#el#M-N_NVtuAf^#ZM?^?)7c6LE)8b6FMR#6m1-z725q-sT!SXV^R zc?f!-@8C3I%POua=h0HHua9W*ZL$Jc4qO$kla==S5D6c(_~h_8`^BobcQq$_W&AX? zvKq<_eTVlD_sr#9YH*Buf<5t%~hTcdC_Coq~5kIt_~&LQ2Dtn1Fo7ME(Q1 zSI%UTU+H@r8!hpRqHl#B%x|Xn`{y}Gzsd9U`wo;_b@r|9PF++U_oJRgBp&yC_%2vA zg!X5GG; z0{PccG7(@m+h5xt#blppLji~VT1RY}ufCvCYaO{W)?qCpc*e3R@r#AqxW;%eN~U)Kf8Vj^Sx2*)Rs z?V9%7wE+Yk#D0Wf)DZL-*5j%M7yNvhgf*Om%@LXv!l9XFCF>&5UWT(IXyP?j7RQO$ zB?T78febwnzyN&|Vu^$+nLvM(Hqx=s`2jmhJ~(-;rp{%M#R>!#kY8}m zb;;Zyo$_-|phAb-$3D8@8Wn!ap<#z8>)5Y9-3T_m@rd0Jsy#NzeFW`XkR^R@p>3!8 zN`b3viEL~~OTlOM-X^-sgXNIWZVb4zQjQOG1Mx>ZL-ey}bhX3pjH9*_c_|r5`v*INdQl0=Ep zikJYK$W5si@_9TWY!b4avBp;>r(dUdz!_iSF9oj}2?s-=)Z$dy8mpRe)xg z&4+80pSX7BNXE76T-~aRM_$mOM49TENyL4vMU$L82xz0ykxaAkydwI%!ifbxB0InO zaGBB_t05Fup?4?{7kT}VZS-;q)fsY& z%x8qo#dUKdgnG%9<1ED;(c2NRQ?nAN}isrTcvgdI!t-5{m|)!C_}CoE@>VP9*Q zL?9hD)3QMpq!Xf8Vsc_Iq^y5rRz4Dxj1XAFyAvzG=NWC1B|u z*uB{d6Vl)215NS^U>AHI3jPIXU2jW9ndG4)GBOmw;3O#v1ElI)*~dN&z-I=k73FJ! z^D*hqJ)f6w*eZwG)8Q38Ty8~JSo-p>H2ys{HRg)_u^PEUkp@hkK zDaaW4V~lQ^JcplFrCPO0?4% z`KJ9OQ+vR~5%4YbIUC%CC!8>VTr8bD@x>^F$i4%hpx5?l+ zN>eKhf@8L{V2FLY?m<7e;|AuEMUgftr>>yNxq*CLu!#z`Q;SZC46pcPgrkKbvbQL% zSG?NPfI6e30EOOAb|#pVTfRh81-Z#Q%Uy6d_c7bPu{&sRo(KXci8Vr8HCt@S5c5}0 zV6ILDd`{<)q{N=gfSu6ne&nt^tRY-zSt}lrh=$F-`4{q88*f}TmMWD?&hnWi%n{~% zoC98*;?n1EzIqmy7g6{?>2Aao6|(nL;p)0TD){Y2<>#2q7y;tg!kSHz2S$-&dk9=3 zFNn#Op|nhJ(T)5<%q(%4EoK}$5~`yiUkwCvhs1BHO557egXku1!U!*U8IfZ)sZ2)m zL@()ayP9DXPnR>w29^cZA5CD5p4Kin+7%i3Dh8=S1qZbPI5Kb0Qz z;#<9L`*(Hrs$REIFC56hc7db?6;BrR^;Xn((y|wUot>Nt?d<3#1$pC%Wx2DH+ao(W zYCvU0E958?Ui^|v4Y-p^<-hq+TFBe;5e-Mm|6lU+P~Boj4+^M-#G8kX1do zuX?FO7l;=n?0TvvRZ)TJ!^3M;s3={G)RUbZa76&RMOG+{?qQFNkuv+1mi!d?;>JTd zy~G^vOwP!cr}zdqSAE|{KKQJuu`hl&J&OTH(iENp`6vcmQ(TDDVHgZu{{MeA{T{TM z+m%YEp^@@T8u@Ckk6Ck)ZcXW~J!5?)Ztcg&$Nf8S{u}7A$%_;_hTX^&TZ;cDZ!{!U zmxQck)x5E#Nn4FJUMD5yb^OS0 zbE^6>ZLY(b%#bxei#d{Pf!Y9KHg#EH)}j1TERq}d@Y~8jtn(P_)&L5u#qO z`joB*cOC-&ro;tx@6GGa_f_ImPe4_4M70L09t?);Nt0E&sVZH4`1-nNaBN_P2V@PC z{InnNfFOvse850|c@6tx4l3iC-^!$jwS`DSse=(u)mC8W_Xx$~o;A;xb zf2&E_YTc4U3}inhUs5V;eq25MmpY{~U`|{VU9oYy8R*NP4zYpg>Ayr69kFcHbU!N@ zkPu=AXwiY=b(OfN28KKYEXO!;pw;u=8cKPbJUsw}Ir3s4Ur0gC6X_bL;yxy(L=Et; z0691O=|h@J?8p?Ifi`VS>aW;HkxKZwP1xqv=%E0nyzTxZE;?c7=%9XsXi#rMF_yH@ ziDJP~keM=EPT5YVjwQL=g>r_oj#51>M~QH_tcy@hVr+Om8e^pqF1@MOPsjX?jGRnWMa{X%A}&Bd%KHc?xBi z3^{0dRf5pw3v8tSNg9%=*lAERRk%|3GA;oWbEOFfaXg5KcDUtnLzVebvE@k*`F z&8cq#PD(_!qN zqaDD-!bU=IxDT*(jRKnRQf8p&GZWBKxYj+YfjOHrq5uH2Vb zh;?5W;XvK@Qy2zF%L#EQY9kBENadJDrg_|qf-5MMFC(9a@tvVum)MRrf*wt|;-t+? zc{Gfy30rc^eNL+Vl?fZK_{{e>QZ=2q$BEhdx8>mYhdi9f^F;Cbm;&TNM2MfxTL+Q|H z1Y9E|>cu6imI#SsVqF3dFiP0}=36hwoh^b8@(aaXasJzxyjK2=#+rF$G!oxwS;S>6 zRe`n=>!uhpF|18lZt4`4r+>1}w=tEW2!SNt7JIS<9VbP89_=LG1Qv_@aAMzG<**{^ ztlUmYrAGRtATI=w+0ze%k;3`YN z+WZ#NYk`(6$RRNM-~@akt~i6TF8MS^>FS$bFW#SkCJlR$>kV!8_uHL)`>0dz9CSMM zJ!`*JKe9Xf_1*qq5ALF4Xzlfys{elSN$Alg<-*fSQ}62omY^wbCVkrch%KK`(hnME zWaNbbYO;FJ=Ir(E)2llVoq%dp9KX3-gf)pRj~meb#dYpZ0N3hQ0N>gz9NZ<&GAE$@ z6RrR-QMYyi-g5OvCGQ9nSFHl%%n)*UhaDt!ARK_sHKh2dCNZuA)E1S8o|h^ZXn*Rj za{DkIrE$7x-EQ~lbEIy`BKRtIqU$VX9`dR4V*0q4lHX!-Q7`71HHvnIEqel&@u+*` z#zj6IVo$BK=f8=Q{7~53tN5QVTB(#dW@agt8svx)2ut%~wOz%kO}_BTd;d|S%$Do~ z@p798hN>;M(%Zrzp$($R$&d(kpdWixHhS^M{C6i_+FQ5 zP@I%y$8&4Ql-Ec6EIw{S#~Z@7wnj(eCP^g161)P9MnnE9E434l8ZkU&Ub=)d6FKu< z$!UvtFDe*GX7cK*^`Kf!Gmqrzr)$GmZ$EalBlAoDa^inM&#SLA2H2GNk9+&APCEW$ z>#$?ue{JHI%XGwc?^8*{P^sv_mM~3HqeSr!3t}*?Caz0v-rH(Fk2M|Qa86fmt0{D9 z0Tows&>>NTu2tDzZr2jEKAk|fGk^c(G4McvR+KlNR4g`gBe5|kFc2Z^<*visnxxA| z#FC^mox)=z>u5=9fa|X`2jOg#;+mwx=%FH5^0eyNxE_sElEpG&Ct9S-{q0e z=PDS@G*B*rym!SFo@A34cN(`%v+DyJYd`vrX3a3% zb_{iEYDC6ZS=tW<&>turEq8^fkgLqA;3kbt@E9*ZDyUvyKO~ zl;?qPJP`4vh4E7y@>vTIm=hH+#jQHU{(A~9ms)v1q;6F+I*xHJk8VvdarIc@`YsUF zR8DN!apL3^x0_dZdfczs>BN#jzCcqBfayWbrWBDA(u`$37ZHt~yN$+mzFZX2(8%Q5 zVp`MaqDL*MW9VZN(xQM`mQN_vE=hA@O9poy5)znkn^}O>O{_`s&+K55XH{uV9MPyM zbw~V!hqjm8%h8~cV@*wznU<=Ew?XRawSI}C#}{lStYUoBbJtxL@egU6F<}B z;Qu~$5N%?2z|NF)cYxj7CjbA&zbSDSC}Sf2Z?{_qhpG7Qoz~(0p27c{_}y0ksCK*9 z^}>KwPrzq>&cBzc#;PFj1=Y8g-SdlIKK^+1^N+t?R%_}t*A1}u@nno&+A*OOOA^0e zOA&iw!vKn@AHVaQaDd(SHhb^oWGdc&lGW0Rx z)d@ePUq}uG_HMt?X|!b}YWcVng_IpBYZvoO`u#WIzMs4Cw* z)Uu6DHtVnViOKXZOUux$$E#1n(Uvs&*y2laS1!}tnEa|MKw{T{H0b)sA<*v9kSmY- zq0{BgJ^>tgU5YH?+Voy+l7D&gr5d`|F1c~PRBL*M4y5$Wf4)@zntu4DT8p%OJVEr= zm+Hgk-4^}2%{^DQ(jO)|UCNE$R!tNf7ufNE_+L_R4jy4P*4nLBjyQ#86I}4#NC=V+ z$qgTe`e!si+%R>wl@vN0`~%&w@m)=~CzXsZI$!l?IB?KA4lOeEL3ZBA;<>0n#sB-Y zB8OKM**HiIl6VVGXo9$2G9mVo8p2((Jctpnce>0hU{?Y5{?%+y{{&wE; z)aCuP=&Gs_I65xjj119(ob%aN5P{i@4J zX|Wr8Bz);(>xs)x%+*AiD^_x<^E^U>KE6#tD*5moaf3_zC(m-f^*8N3_jXHt!=Dv? z!khmQdK0?6?~@Vxj@2*OL4l}v^;7dS^@2nnOz1o6LI2vpZfY*|vEw9ngxz)xwA)8D z&^|h5le&GBnD>2FPG&b{8SB}ITsmxdINse(?+!)th_AqB#0f`fcq{Z(#oeZMbG|@s zu{|C8FhIpSy0QSc*PeOAPHoAn*|a;OuiM+KD_gC^4x3o?7>MXnv|xO)?ZM6|roRByALRqm;>nczawaS4MGEv*k-Hnfl%WHukQ@8$tx zKHc?+a->fb{&w<25q>UjW}G8xb(uO%ctUj+g5yE{Il%1J@xXP7i(bffeK6a0ebh1A zwb`!Cc0GN&W*ape54vQGe142B-mt|BN!HetqXiRpbvw9TSkY!)<5w7OzEq(V;BmaW zFR-iA0A}}0P@WzCEbd~n-J9)Rjc5<~7IK5o#lh0M{?WR&ePyK$Raty{TetvX8&vKPX-s4 z;`RhwzyN_Qm$>!4@B6p6z(>?0E=AgHhQS;!6m!_f!XwDH{MO6TJM5HOvfK^JeYPvATRhgs$O{b+~%-j2OPAXkxC)YP~drQ>j4R%V>WiPu}|LEJM9@a z_Fc2Fn~mLU?9(@PPJFVUA>TY(eeo6!-n;>=WiAAgJ^Q$u_XkK-%rEc`Vn?4$&w2wd zJeNZULwcq*+xvLz_Mo5HL%1>P2jmVo2WPvLc#iUt&%J}jcg;B_jN-ZP^HGy5ip~4P zuD~|2WQz*7wZqi5me7yq*|qIvX8I7}!H^5A(`tFQ)zp4>5dTd-p__D*95g^29%&VW z4j#Ct^eW%nm&r5pQ1Tb$?EFJ)qaR0Ja98l|U&trf{6_FLC;bS!IZu7o{>xnRYHfwo zpJE&Rj%_}Yb`!9N5})^^YEJ6aTSTpFb^@Vh>m`T`ixz0M%+riCu#0YF%{r3+$t+v6 zykCNYEX3te0)1%Xkmb9de4d?5K5}j3Bfc&49ipv3KJpOEfB^CIEhh|=cKO5j8?k09 zCihgs_}ZU0&$(N5re!;JIC zOmKtS=f`!wg||4hef2`lPMPWs)+D(ku^!V`PA;O(T-Ry^K) z^oN%k>B=W8Sqb)n41RzVWd^I*h%(8=PLz3^MdZZ?xwxJ`JWeh3tNpwga+j4kM+P~= zlt2G~#!;;+dZtr=Ut-q>b%1Gri6HD@z4PkmxYciUs~fcTm#Ra^j!{lNHy8Sg@-p0oK8cA{2<|X~}Sc7I<|6yiBfKa|rK;GGO6PqKe>s^A{dnm4^O$HN36G zQ11)T@II2})aZBT!NCdWWc0gh*6&UO;AsQ+901PCI^48+*TC%fp@G@Uz-%}k%x{Q^NF~3Y#e`ds&@IC}Okg8h5&w#;~i20KB+#KYyxMNsqvzVR1Dt0((w{(xA zLNIic0z;j>6dKB03m;^`5VpCquiEM|b4MVf{Yjg)2M0)2{ZQLm7w}=Q*tU`e4@{~* zBWUw|I{8K{7+SYj#7PGjh&4-@#?#==nKbJ-hS!XBl7m@a#WO=O$K6?Uz%-Xod^DJ&>bOVWg8=zlemJjhJRecy zkK?kkDisP{9EeeqeOaKK0Qzc910TDCWVzgmCt7=^E>@9%rFVgmaGr#@&pLRO_Ug?C zI{aO6^_1}3aMVM7zVL`g=MdeG?2u^$H$iYeOcLC>#dE&j0v}+2T9YE<46=Iv=_QM3+P?K}Q-I@#xpp)o zvK*0JCG{dR&Zr@_ZRD;7!vFH?m642kQ9!MfmYSSsKdp8xOirgts-3gzyoZ|0d~+A7Vz6;1$=A-{Fnl^5e=}bI@KRz3l$6d$JvEFJJm~U z!Cz)6PW6#ptpKyoat(9$-HOGT_Q-f<^4#pg`qN^Uw<(9>b73BV9Rx01tJcQUQ~%#qvj-qQ*PR*aqwLc*<;MLLZgsuC1eZ4f70- z+O5uB%J}GL{wuaMUYF$usG0e`EPEQ9^I$XiWEn?SM{^tyudY569}ue+O7odMyCY(u zN-THcO;WeC(ycf+Zg*na#B8N!IX1p99n1_$m1bk7x!R+7TB)-5;e4Vy0HsbB-FnzZ zU1{hg;?7@(J>Zoyr63#KM;K)VzK8#fC7WFiMSxO|DPd0z6X-xsKs?bAset}}gvjT{+M0iy_B!s6 zcH-#(-KJJ7eFIbVOYgM_<0MD1##b9VdOoowaW0-ZP48$CmilYA3ln6+Is%vtMCErq zb}c8g(P=IPw-U=IHKp~;Mxhhn91|=hEjRC@X_Deac7@&DRMPDsq{AA>J8Nt&DCZn+ z;{Xo0FzNrOI#!c!GmT--@)OHZBwDMz2r0S}8Rf#b=RCCZ_@M0YIL`=6A3WDO(C&*Z zrxRn4*Cb&^Z3f`e7=Viny+;~!v#Mf}gVQ6n8Jd$S_yh)Q*0go%Xw6!Du4t%642esR zQ!QQQfbkG3=a(G3opKCb{@7crE0n-d48ODkKZJsU|-2uyxJ#M)G6X zC0%to($9qo_Va)1o;uZC{g2Kl{`bE2@3#KOZcBfoS%i1Af46NhN4}~yu(O;t@TQic zXMCV%te4W+)Bn)i&JJz8zN#*X?)#H)=bUQKCpT2CS)PwzkdAJ7ERK`puHS3|A` z)SQ;8u)jHVQ5-0pU<>xBtb&;1;Sh+01Ol#|Dl)35f{bHV|3 zg*GJrpe<6UKsZ|Q$@Q?Nn#l$-_EAAYHQ%s4bfI35n2$LxROkGZeHBmH>Ote6k#*P3 zDcXZBa&imSyw#G$CSPcU&Qe}}$KwfI?q)kXzxZ~erL{RB2-Rflj+!1D*Z-8b}8MQC)Ky zHxK+TaOxmG?M)JQKOOc6^z9ryY(YKN2^rdXZ_OSNZ5C zAKF+P8}v5j-8g3N9CN}7WbYkQF&dL631Mn^DOBIt9_3@=Sg&&q+d;%=kTq~93@A{< zYf!{&P~<&ZOh}-6)~4t_^ycL75~P?3^wwvH2vYG5wG+>MdSUty&6nJo6!RBk7z{e; zH+iBfWHFe+V=#fqpoq(0GMhoc^-*$3pKKlW#RZ_%*srnw(r_fLskZrZ0Jt@Z_$L4h zTaKv=KxC2e=08BcQBnzbv}5tdHv7-^7dLb7S7^PHb7|Dr&)gd3*wiHk%lv(JJVWO_ z!LB{kiq$vU_0JBhm$&<#8e0EV?abZ3`K)tj;{jv4dM~h?W-RW3* z5>M}juy%3aTLZ*j3=oeIiwA?@iWH0%3Ekxo%RGQ(ZZLg+4_IT<-V)^pHj)+)jENJD z5R=+D42A~StQXk$=nv0;8v||*_it~b*-il*5qAKfNQvxpu&=$ZTlu+vPUVZ;-V}~Irj-j@~3 z`Ef{X@Y!bYnOv1PZ%?TZk3nkB3#k=p!h#{_D=u@J+^u&A_!gtv&`VAYcPw! zEb?^;44yV>=TwVRM4Bc|(NrtEvje?5j;(6)yUiI!f%|(^*C&UIQfeY&EEToO7)u#w zl+NBjBkfUvK4%GRbbM@}k%2~WSC$zXMZk#PtjuApq~h&>Ij~R!cDBE`+dxwzH9?{t z^Hzgnvc)SB)gueFilQlP))RCFb=BM+q3jRd>GQ-_%2=dDyr{CPb)M8&#i6cTr3+=D z5YlT=Zbv!j$zj*iG4kO+qa9#fZLsTRu&a%%-d%tUd^PYj@#aav*Q{o5x3f5UJ(!MO z4J(L9U;yZ90qAt#ryePTfUW}r2kRu!!XJ-k{RP9YOvty0#LOh(6*YX$5kar9_p9$*-nmvjAkGAQnHKV;I3Q3# z*p~@`UkXFN6fwsqLcpYhz~~`S5^-RX-=|{1Oo;}Qj0cm72$PBllZ*O2gzcRrRou5k}+eFQDgMDF?j;Ziyo5~KSq&K{H$1U z&*Q)>>LVFTX78tWz3X4-zoIQck0`?i&tu0TF~80K3giFC7fs6vX@Gq7cU}HncZrSY z)X+ctH#z>#-a+edKNbIHZ+HLD#Q)jEkFDpq(O4!#+0Bi^GGi2$q8KdsR||8+Uzs)f zN^$I!bnvvC;3{!w6?J4t2Ug+mN+|F;TxXaHnUW5e678rd#c5pM`+K2Ou+YN;tM{wj z!{bAHKNH<2SHD`MT`kb9CdH^9i>iH$9Q%w1kWALkMtvAMLFNEtg*4z$C7lW!-3$(4py4H!B)xuN_G2d@0_ zmuhW9Z1mdPX!T z0_}b9%LPM0T{d$$sM%5|hu+Zujk+?xBJsO_geXK^hu4@gem z*oyE0w_Fh_hZs-X+h~j}^q2p9srrNjefs@p=-W1?*S~RYipJl+R3CH@;gA6b5G;wF zkD#((`D~?g`2P8{{;#hmjlXYysXj~qFj@tL7w7U7)bd%df-m8I@GYj-1`7d$g$x!l zSZI@2D1Fnm2o^dpSjb?Z*>2hdg#?2d931!v+5#L1jcUIK=7kH13wca;>F&Jx280&`=$D6t4nov)JuAVWv z%3O0T0S<&zT3pQMt)=Gd*6Ys zi=4*JcMCe0{io+Qc4ji;W|$ z-q`u={1gB0IYpsO_&2nVH@JtPczBy`I;d#+?p%{6__RyBQWpLmZgo@nmam|D=ckzFncsrmEP zCv2~oO+s&1HiOC_qG$${R7BAvnoCAMu1rQH*@Y-_gEHcgl$a*S-+dkd&Oj*RNVs6G}|eMGoMy9ikws>$5IJXZ*_G9}06 z#qf;v8D#*I<_^u=p*?pXS&`Xh*-Q__;|!N+l1VX-v^1iwikX}e9EeE<#9_p(r_&$C zpQWe|ClVj(w1)}O!vy7FwXKmZ>I94lHb$N5P-h_2X$~Wj!(>Ypd7$jCC^Va(a05+n zCP>`C)+b^kD%L|q6PQc%Ru^V?8fD;a#SjKQgWsb3f3q?FiQg3dzrFo~!xaDDZfAer z@c(V%XZZih%Kv9{BZk(`s7A`J8rdkV-xTEoA0RUxmrLiNV;KAr6*dk!FXH%HdjSwY z`*4lKe1?h7KotX3NwD<56mvqmt6nJ!sjgI``E zelak`@X8sO0!j%}9*b9Q878@>O&zxsSzO7TTMRp#@oX^&M~TxQ98iRC47ZzsIGchv zTaQ8R_R9qz?$$OKBP$^OR%?43{2gpP3d38rDyyM+TONi@k<8jCb(Rs%YQ3RXFPj{N z*&Lin*cUzv%ZOXJ+4_nwWb7u9FVXL1vk~VC4F1Kkjr!?YO zBct0ICeLK~%)#R}O+IDXb=E+IvIfyi+Hwqs+sjf=7!Eh1pm+`n3d6u=6cmPmZDp`y ztr)|QtgY;FZ9W}B833KRZ8En_&mGJe9<@j0QJcu0R&M6Bsr+9wQNi28nlMxDrDAe`=4X4D1z8vy4@!a=0om{d9Hm;vY+a<@X8NhIWl9d?2 zTP2-#tCc+3s~4@QNHBul9~kz@oQL%kAEAGZe40csGfap5IdvvEDieeUL*6m%qn3AD zO-_^8WK}z|B!)VspHRB(sr5#7spnyLa3!WzJMZ}fWUQzLIk*M^0Rg&A0nD)y*i@XV zGV`H3n37p%0+<}Z+qW=)=Stb3jg+j;#UieYtU$Xh;c2c|$*CUo2o3u9Hn}9phwq3R zT;e}@miw*0Y43fM{f0j){De3EBlIRQ7bw7~YmE4tKvcZ?sd<`uL81>P^d0q}f9(hr zjW(qF*m08dle_I2Xt$4QpnY`A7OeJBVomFZPM-3N<*er;vgxoT^msRsfv%Oy%niPt zoe?J-xv33eWHECIEV&NTgmyX)yMmhKHmA;$>W`{>Q~?7 z5A|055;1kG^Ms$|nxk~d22vy;g+UJ`L=S1FmwC~{oPGlL!sdRPoS&~TIk8w%M@ zzRyH;qIn)q%3Gs8`96*JgnJG@PcSl(^~B(j=ZFBMKw7^?jEdu_fRv2i%DgD$(4Z8R znL#NArOb^|xQb(I6~ro&402aTxRNb{L81Hx%t^yCcLNroXUS{8_C_Js2n9a2vc@YL zfMOHqTMQ7J4#aX^86>twB<2zqtpkP?qOA4du=LIAw2Rl{NiZw}!rE`A zd~J)!!(zJzi4%Iq=r`iZ-IXZ~HjV|Mw?@A9j(`B7#gqyy12j}-r2`tqF62o74KP`sphJnLqf(H&z0oQFv)!BRUXH~QZ1-t9&^fpJ zU9;V*%*=Lgw)?ra`_&RT+I30t$&$)JJB`q9o$TH@m1w-v+K=n_NL=G-XWg|^jpuCtn_?f|Pd?8|@ot5=`$*(7OX$q8lu<(w?2G_wMh3sswm= zDCoqp@P-R_47LQs?+k1B%&g&agxpV)&6krRd~>zTjQX`jdokc`L*OlKT)HTD>lpB6 zz}rILt;cT<%T=mrVMn^eP?uL%m)j_Vn>!7+mJ=69$()ZCom-=${HrTQ14j)2C_6(ZEX=Du58pg&W%*MuU zYZ9jXBSijP($vI9mVnfW+$n;-HOxE>pf6UJG(H<-Ry4J6K|1Ua=-V`Fz`{;rJR)Gp zrCuoDqiOQZxM$`FSe=(*98SDs*hJ9=;s!!c)mN{;X^(^fP(edKMu9fJxL@4tQ-CRe z;AiBFfHj1E0Bkn(h=**pp{n%35C$xzM{bZWUVVEsaHAfJ;P5B@`SG1kgOly8rN`v+B4|hNgwi-{Uy47>Y z9R)x6un%1bphMgN#Wn&EP!s^tk6zi)yZ~0{!yqm*-3c@Icj~)s;Q8d=$O?Fc-w_{- zh>rkv#Xf?G%ldyvZgPeZuyMbSdr4q?KfeYy7uZMpFinqFB*=vxaBw7OuH@$Zis)~wH!8> zy93{|x<0ZH9wS>Q+=a3C{l7`?&6g@afUyr3u=dvdrlwu^u*!fdANKp$0`Fb0r7uC- z%ijb|?*z*JRgw<)B@AZkfwI^b{d94D29k|1R}t&Giugwl2Q**BpZRJbC4btPZ{;@; ztEpz$?jlMEs5Yn@*FMxU;X(}9aW0iRh>%RRcgGz-Yw5SK_M-ZMK>PFl=xb_SOnmW> z%%JM|#6y07QOc+)9uxw6gH6M~w2l5E@NbFL3cE^tghV? zI7gUTU{_$D72%n;KY&a8Cz>C|Jtl~el{Ua-IUDID$qaa`UEiP+gH9e@&6Ba0USy-+ zGaJ3x=x5vLr6$84Bfm=n=m*G_+KlK8w$Pg|RfY&eI3 zomv4NBQ;(O3S3fsl>|zqgIxw58hH5V@GyM~c(?#M+&AdZpu>4@0VRs?eBu!b9on_X zXoQ0ZzpU@3>s%HI&QytOzU#|06?&e7H`vfqQQrJuXt`$gA$B&{%6GiD*&2B^UnBF| z=ONd|?qJpJI2YN@){wU)fvy*@9{|+^16>VtEk!*IbbZFqHGPA*2y{I#(A7ZKIiTwl zb(>Ufg)a2()@rSFaef9aV6edT=B$uzimET!QlZ+jh>ia8=1cXLf2_Uj4C@J3rdj)- zEIK|VIRlZFgh;Idh(x^dUj5EyTW7$N%Eo}F_`#a5g%?3jhXy?v^fVnk4KWSKz=xym zA0c!D?4YeyDz2yjCqv9R$Bpgj2f)i; zIkK9k7kbdTMy@S&qL0)SZ-1DlC(44aI1|w&tM*&jYX)g8iL^QeIAv5`p!Jf#)YIcJ zC?{t@E*n6K20*c5Gyz+z!PX~YBf6bS3=lhx8+w3p{pR-npUd-K{HFN-@9pm%ru_fg z`@6fw|9=xdXTSFZrR|IOiMZ z{A@L!|IxhmSZJpdKKI7=-C!j7>P2IuIeg!j^maGy?az1XH}35V*3<0oPfv?syw=SY z{XD$Z*X*ah63_IqyP~hz`FwTm<|S9d82@s;!p2Fb9Q8E#?CIe%<2G*K*^_Y_U!9}) z<9mj$$`}06oxfM)?!5{B?p1ko8y9Ya4oic&3_47sLjwYh1GWKypxhvEc?axeU9L;+ zW4$V`>XNInj2pFaqn=^~WdMu;Fp~j{ae_7o#yCMwaDslpUe6`RKgP{@z;_=DGZTua9WmA|sEu$PMVsk-(?;|F+tPY5(87gVurZ|J}sT z`2Vic|5yC`>Bj$l?uTCEAZ*UOo7UPx4@)(-kNyY|4Q3>TuK|nLi!+7Z-?Psj9-dST z$kX%p;F5P1xDcIX6y57obeH7hWKMX771V^XHtxLYu|YItMKm|Wzy2dcA?n)53x@ZR zc0e(HSi}u{;yB2!kDv<&$p2EU0k-44`BJr!=a9P*a)V6VLy=~2&2^MBc*`ob7H;_E z8b2mZI6`#QE&okqJ5RIcG<03A**@|dY(a`vF7peK^Cg-~=5t!dF4uVJm$mAaUy5w! zY4+PkXg0Jg60Ux(%hsQY+~?_pA2-g5JL*p-H)^j%h=SNuU8Pbkku4T<0?Rcu*2ZkC<)ZHX*X6Pbj1tLCzgESB8%VD-E&94w-{v7R`Q~hrt>}+Az@)4wHfmTbGR@HWBS;z}e5hwnNI^0S# z>)cXuZY@&DL8>=^%#P5g}i z#~S@VI$Q;^g7_~ZVeM@gPmGg@d}`EDPe>gF$Ac}*y+rQ2UA9VfyKnyUrOGzbuH}VM zP){zs?>E@B$qnUi7@QN2zf@~L8A8ALQvIv?cfrw_o287F^D!Ac1s{{M^IyTQ0e0}8 zCi3Sx@2BL%4qd#O6KS+oh2=Eo-I;x_=%^q!7h3bvEn=C?Q3{Pxn# zZx=Ry-b=fv`5P2}dwKb{iwD42N#HB1CpaA=pRG9tyDorTO9%T5Jbe-H)YwLgHwO1T zQ{2}Ebs)C>5gHNyuKN*dSc}k&+!VO-tl55I7@*XhCGO#4zFv_xLg+}6R?(c0h#wNCaG5j`|pML)t`nHYfwczn+{5^5iHUVBZWWb>X`&KVNkc+Sa zw$fRD|9o2i*VmKA-?t|fB5vgR_9a zSq5hroE4R~@jJmqaMpprSq5j#L3_(#3C9aQg0{d5(#NOpW+!W|#6SqoE*FU`lXC)j zEaS`vw&G=LMZuv`9eCs8AVBVV`jBOg9<>vHXEm6m7k?-dihJMu#h|w}p|>AA`uKRr z;5LKX%66%@2yiQ-MqT9l3LeBtC5L<;qhQ$B`EC>I8u^W# z?|lclE^-<>-!151_Me{L*qNjOnuaPEdWq_$5R8k0t_S)4rmASOIuf7WyV&~6e_l6s zFogm18av+`JHMTO;{QFTD6|RxXArV_Vt3HkdA)e$7RQae&frI0<+UQnv?Nuxm0Xyj zdQVA~{HAwa7`u=t10T9{go85AN)iS=61q=nR$j?|onu~(Ui~=ZQAl2SmKml}Q6hKA+w5S3oLO}Wr z(faXE=FaLx!JU;UdrBmo5=B zpG2fWIq$wyAL2zfL8vCVE_DRNpAOJ%YFW)&Ndh?FeMtXD)w`N}Tkt|IE26d9i;$u# zA<_hJ&zZKs z5PT*oY<%fngubKp04Z)|uuBC>32A;kMcv=o$Ktu3p zaNinrSJCeOSR9`@6)-fPhUW9}VTVzf8BAg@iQ(@A29g;5&UxuBp95#-vqnjVqBB`x zgOOe$Mlw*yP;43~1WE~oo({$4;*M9)UbSmn*_kvK?JLfnS#p0gLzrot(F}@G;xs4< z6rm_XcxhnNreM@osTePRxd6o7+6H4}1;pQKZEu6WgROEAUuNsLtY^I-+FKs#O_Am1 z*}Ikz=Y|LpRxiy->b*Ja&I*M2Sge-|h;rlPm#dRyiUV^78@lDD=7xz9mzkFvg8*|46Lhjf=b*lvCebIcdv1~wY7N4iv~?Qt%a^6hG31v< zne!Z!IflH_D02*XwW1QkQTb@{nOEOZ2GD43|IF>*a|euuiqcR~8Y;@gs3^tD zJO)ZbJ^3iVsr-)~v19s2kJxpKxBOb45(EyilSGp7wExSSFV*v3-hQdp*b2yN&-D_~Utg*+H34iTmaA1pMoD&@^0-@7k1fz)x$*pxwG1g7ps149$aj%5A~xD^O&1mI zCGX@JWx7Z_+)2IlBt-fcm0Zegb4Fn<5)e1tPso2-vSc-WLX-1Xiu@U+`L-llWJC3v zsPNL78Du7}v}xZ^lzz3^62E*$wfpu{-Ee zBrOWv>d#%ztQnOcY}X*j5f?imt@3`IvotfM9@(0Wyyd zWLCl*YusuLl37e&J=q=e@iaM)R#uNiW-~@OTwmm2d8h z@-z;fFH1RL96XI?!e}N|#vpH8M2%u%HHrz{74h-$&xULDgq0HIlG~=M^=Jx-GGJBX zS8Du94Nes=3{KS^7_3XCCT-XG%zkO6k@7HFI7{x5kjC#81t6={cO2 zUJ`lAI`E_6NO`sp#c-q;h+-g$p+zwmMZGMCPIrU!BW2-1S&5I)lP5YU4YSE=JcphO zbxGN{N>)Tp^0diFR>MB>#MwqxL@)Ae=tN4#AF?XK5JM1RPUeOn#2m|C^s(G&-QM@ql(NJ}$rv^SgZTPr;s*a_& zIi4mL$1>y_CC5XCY{P(|7XgM0*@hw8Fk~BsY{QUkXk;6O{2Gr>sxg)S;fDCv4uKj8 zgnGhSKxd(Yn9TpMw|lVHPVqnN9UL0|hmHIU|HD(~f4IN*h;4{q4Gl!*0A{pHPeHr1 zwEz!9q1L6Ct18mX7H8$H}#5r z!d@wG@TK~&5;6&}CD*qV@XHqUbS|&Nf?d1}U&OPPs$iX%D$Y5~iHpRUNA<8NX}*Bz z8HJIUD91VMj*I1(VXD}a7$XLXXD!KJDe|WZ(lA=YB|Rrax?!{^y)M0GPJrdHFEGRw z<^;IT6W|QY7R6v>UY?5LoSqtnndf-;nDE6AUaTC!7{UvKU<`s0e;eKl17RK=!mNh) zVkuS5TFQJHNGKDacb#hUMcFG>BHYy$`ZT1QjpDmbHTse)7;BlrD=GVF2s=gXv2JDi zVk{resiOsP#$3AaRVr=wF8B~yEP4ziNDwx>-lVCyOTiOGA`CCqT2yeuV+;XW}M znisF3F%&39K~o|H%}josD?Qt-pv0$vhaOisvpK=8vdE_)*(DS+Wx%<{C)xNU8;mPn z7>sLpS`5a0UKn>yqL$}?NH_z`x-sT_WH8U6TQ3ltuEs12yfb_=2HU*|Y-jjprt!`2 ze{_9BLnqiOSYB1QyLcTQ_$2hYJ{}B%tteS$)y=H6+rT2B8!W(&60@La8^at_D9y%> zPO-A}`Tzb>{kpULrP?e9NlLAR1BZ!l;W3lpu}O`M=P{0^X*|oeVX;B&+xQ#9}D84<%ykUUL{{pAE(%zmgjVudn+=$PMa3>zc6^x;DdVcB`!{$^b)k_)Bt#R}>j{XMOiWdgi8WJaiY@Z*peZoXe z3xg5Pmf|EaxyX!xHt@zbcEPAULcFn|sjG%Oed4r*Z16pB4|pz}ji%}qk+32?9*-fC~< zxMHs@)BJSN@_qtD-rAt73zClf4}IhyNKu_-5S3B)LOS$(a$A8Omgk5Q zFm6|%=S6?E8tq1_Vk2t#*bDfhOB7HLdH@0&c@DW7AvXY|4}u{A=OG=Q`{Wj|eD45s zZ2-Yrh(^S{L_C#B!7A!ty`+@`#RTqf&{B$0ImEK%z114nU6t zLq6-`$;SQ?(+b=`3I@nUKIC=q$%w!06UQMp?DMyT;SyH4$}2Do0*{_Fn*$sS!(PK8 zqo(JR5ekMVq;-poMxl#?yQZ4H&7MPgO@yG`Lx%?k2Yc;<?a@kWI8;fWQq7h5!eExWFTR0PgQWLtxH^ zTC@1`hld7u-)AxdLpVl&ddR}i0Y0LEk1f7u)GDvQ7H*)1swf?j(6Iq=ojc%%E-M5D zmMt5~gvei6VpRd216`y(;-x^#LX?jkE_+rHB043?XPcGEs&#`M2e=5?EICDiHb5w7 z%GR?lE|G(*fcRn*5l8azQC1r9ZR`%5J0>%6YZr>QmCC>&J?O}NF>ufc2a{qelH>LQ z4KNM-I|e5!e44O9Jo1RkdV|XcQ_w?f2*@=S*|N)6gSIPC>Jw0n{vGATJ3yNitc4@Q z`d{}HkR;xRB}a(I8vK5usp8?8pG(H7at&-t7d%af|1%tLm*K8pA{!g`|u zKuFOC)_tsm_=uXCh+J%9UEtG5j)O6V;ODEW^UDg53p}5mufSWv*VL$mtTNa~A`z>R zT4Umh{a^gkXr#tx<>_4~PWu3=;l$UJkiQLv0NUt}kiGYiKf;uXRmZh?o)GjMIFRMY zRZeCd5Y{*RNjl$vTq9TQBR1&WF~J7}jNml_Fbsyo$A2PQE(eh)crhVGa{8Z&+|GPt zBR9a%q4PD{#*}pyxV-!TD6&Ey2Y0|4BI{a|gkAm=U0!2`w{ib2ng3ht^CkI?HJlGH zG0I)UWCQ&>aP{F5u(Jd2u4}~iG1(?H1T5&X>D4EpYx8_r`nTAZ-*nne_%+ANhNJD0$_E+CW)FXWB;I*PC2(UY#QIV{WsLX40m-yR)XL=GozAuol z9RUs=VJ;hAKB3$UgeUsN6Ppy@+}H-jrkH{ZL@pUhDB3Z^t$@U?Ck;!qeUIO)Re%6p zV%qq~Bb2S?chM0lUJykYJY4_>Ct%DEPIZ~C9lvKd1G@GJ_*_kWT;&B?#Jgj?LEld< zd4zqR?UZ!~_k8Hz)q5em>+y4ytU|l7+itWg6~5j~*=B;FPr|`aZa1l|M(!3mLQ>#^ zWgYD`N3Ek)1%R2vCzIs}kPC)AVBiP>wxBs`S=SGotCyi_O@Rp2>pThach#?teO58Q z)&CYa|3~MyW_O4j5Banac#~8CQ_lZ;2c3h|`G0@k=>InJdj+K0yHdHouQSYyT?DF< z6IVj$t}jnHRZxF;;0bX*+B(H4N$CS~Pe;*bo{!z252}Bo&FVrKAlJ_PyYdSBE^c$c zW$3Zhnl+}mQ&CSN9L*MbXxs780Ae@bz<}#7#ok)0up~Xi(5!f@pBMuIqL2u{QUIS? zLu7}JIEn>B!Z3N9V`Znws;PG{e_Lm7>ss!jf9niFu+yNXVP#N)YiLg7x9kDx_mRcU zji1P+tN?pVJeD8ZGpaxS!R>q!y;V>RDtDTMj42w8k$*-;9y_X3|9895-mAB&pm7F0 z*uxGEFrtlrggqp6s*Rs;Apgnp>7f8N*iz!VC_pr+F6Py8DB>w6Cd!xkPh0`yB%2f| ztzz2>o*sbIxQ*T`>qnVPB%GEiQTOPh3!#c`d{STOsq-3 zsoLrNnBRxRZQ?ytye4Z4?m`{DIsCU2{!bn8Y2EKZD|<0G4ga_HQt_X5Tf2L^2LEs3 zm%ldxvA5)Gno`RG_?(IF)w$r6?vZ2J#`O^ga^rU88oTxhI1?cJf;gx$LIJd408c6a zi0kp07kdE2yyc(dY_6#tr2)PJ7rQoFM)vrm4IM;JDs=!o{F6^YkDh?fuRY>m>+bc} zq$YE34KB< zDga~$?A&#xVej9_3gj>l873vf4-Iqog!n|7$)xuk0UmQi76~R*g{6ctOGTCyUAiG+ zo;JsAcCJ*7Iw$s}oTTUcefir(J!GBmi#j~U4jSl}PD4Ti>De7Av)Qxv=V!@8=kMRf z5B$(QrN2_-OI2{_pcC-=f;~NT?_O5`py&fTP#3=sJfkj+mXCth%dWBNQb^9jI(UsnUU2so`>)jlE)^II*#mwZitL}|Be@cIFc_ZusE=>? z(1}s+CxmRx_(8NGz8k~R80PZwgSZqEH(BzU@aLi7+N{v{wYb#Z`*kML6u!bKNE%-nbtXe0t)VhuR7H-y&YL==xN07;T zWi8L#>wrvt1w$iYXeTuvf%cT0(@|fMwm2P@QD487k0~(i9 z2laaY58Hk7*R7v_xxDJWKi^Kg%m4Xj_t%RL$t3a+U5B>qvsAxa zTqP55AXsOM$(tt^4#}Adx*49{S*-dY zMRiBLoYb=gc_*Rutm(7nW9fRS6m@!yz51A^S-5)B^e1}3-2Sf4fc%^082U{=berOc zAwW}ni798ZG~8?Q4;QXt3dTpZam1@PO%zy7N*#{M#K6`5+3>jcO!B*HbT{R*`Zdb` z)Pge}*I$mhGf}P)t3KxPGU2H2((oMcd zEE3lOP$(3t>Sw(~2tqI^l~3ipIE@VuPjQ-YPado*HHlSRu4aJhIGQq*ua=;>MYWhk zcQtUu>e&Tq{i6`X$#rUX3C{fQSR@X@rN9lgLICx;-EMi3t?3jD-GZ~~TQSFZbA);WG>&pOX-*GxAIMpU`M*+3Lb(7|%chqP%02?WLS{ ztx73^NCWif)BeHn>Df<*Zw}7h?Y%wtTulg8Hjh62bxSxnFffwLlNRa=Q}5Em@P6_W9U-~hQ1>TO!}nD*YLno=j1 z*JAheR{g2aXn9@MpDE!fa{nj{pRE2f`p^GVBk~ib%G3%PWb|PzNODb6)T=GBM7jAT zUXa;J1y+f)pq03`ot5df&*GU_0w%Te!+2D#Nfd0oJl#9~`QX%^y?$JisgeWT+*Et$ zPo^wD+uPd<)6Z?XCZB3~iR{pD^RB+#x)(RkH#dGd$Aql_|dBU(AZnXOsVwWUYu5gjmsz1J=>=I zGwPaFW?rkeZhvo`)H5C@ z1FN+Y^^2QVRa(3b>#7{*} zUcE`wT`jEU6n7sBtFm17-G#*aOFe6p|K>&nTPFW)KkJt5e|o#yjr{iz&wAv)lKGE` zW3a~EVh!d$OSTR)$NEP)c-`IjXMVM7u>F}|c+vC+IZG5L3+@u@ZxYvRMWiOcQX8V0 zbPsJoB%83*eyEykNkea8{8KBuu4MaDyjs1_6{2jz62l)m(e2HCV&f}!Kck=80lfWX zaXH@#SH;T?3*QxoG{QAY^w~?zuGpGaGF;AlQzy#}ykP019BFHkY37`;l=&)VIF2~UN&J8@ykE!l`yusIGXPe}yPC092zUU{Fk8?e$w zy^Jh>=AHV>Ja^dty$K1YbR4mStX9X8{lB}@-zmp`?>G9Nhk4rQ2&XAYWMnfrs_1G$ zA~eis7|>{pV(eewG2tc(JeNV%IN}o$hG-nJp=8lC8b3t|32{m<30N3d?{O43Z4{BQ zjOn`(gBL6bq+!8-Y&iU|Z}Bc9{EJ~=x{SwbL^^>oT2^w0eh6wrh_ z-k7Ex_*XXH@rHjS9r#zjn2bB(AN`YGMxDH%A@(n_SXwhUPdt7VJ5RhJzHpv+=~Vp9 z5;}IC{IAnS|HKJp8Ape&54a8M`RWTuZS%fh9hjF&i5gt9qIgEIU!;qs7<&G_EteW&`LP%#k zabv;oI-2u!%0+F0yd(pESK20nM&rl|Gfoq@R(#A+q#*l6C#7Z$;!>uQ3LQMOhdvw` zlnV4-MRlz0hCF83pcXm^-foV?RA z#IlK->^aV_68IuQRE$aF6PZcW1M>>D5}HC7aUGdI2k_uNi3Ga^dyRjyEC+fhdcHxE zunzQ$4FpBRQgE4*apOfDI<&rOI#{)B5O3_|#+v6O^@DR$HWkxsf|GzmB+!#=b8&lM zYC_r28k`Vlia0HCE51J)<+1cDtq{CdYSc_ymei{04*~HNa1uBTi;=1?t42!=MEqDM`3)YMFJZwWr{8XkudFDp)7c04uU;Tl_j! z=SSxT9q9_t4SJp9W}zE&aE+&NNYIUQgIw_-^}k#E1qsg0R60jDD}tunsC5BLRFq*I zA9X1pB1HF#mw^eUgCqD5Q%XFr^y8$~D? z@EwN>38fK_RwGos#_b%+5!)z7cpck>L_C^e!QeWtnV*4`ifC~M$JCn!?V^siZd+Nn zi&*SY502s@Wk8f13Ptjgd`m%lV%G{xzf}`tF;e{o@E!mi6Y$(*nOw)jPl1JlW&@m+ zAeUsza%L1Kl+;DYd6y;`Iad?67zm>{5Cx&7AP~s zrZ!RP8x*T$V5943*q8#SPBsiFufQO<3YNv!BL(13vRYV&S(s9>zH<>w!6a}&%!maA zkPvQf!vO3gW<^N-6poZ|e7r&DKlFEhDEC9@K}BD5%w;(~np2rzyb6ay(DJ;B;ZqX` z*+TO{9;&lHt3~#yzgTLW=M(HaZ?%E95&dhmO1-l^?L`j(ZcyUD09F=E5jk2G97M`c zLgWsv))QA7x?E%DidCJ%4UNl=7)0W(?SA-#T3uoNpK_tGt1fe zTp_dgET)7@G%0|&Ggv^<)dW1J1cQ&zf$|U0#b#VWAz2H^GjdCgI|s?=Xzof7M-r0O zuH2$yn-MrfSJhw^UFbB(kaAp}L)|aZNaf)+uZ_l&?khGicX69bN&J;*Y3w`{pEkB3 z3iU^w;Wb#AI>4&6XDo3<(Vsq-inh&{Wa)qoBv(Nh;K|-pux^ zF#53WKYUb06zuwJX(or8lg!=PnSikrwHHO1B;O|sg1J5e4`;V5T?%#V%EAD&01rz* zbvNkzdG~p@(3HE4rEFmRP*&~G<_%%WU%!y;sl$9%zyOxq@ z0fWj+0_VvojR!DFVzG&JC>KR_rM(bK?dF2aZshuXB^R&{Iv#mjcSXa%$4LO^OzexJ z=o1e)&Iuv8N-oznuR$r77q$r_N8~{iPQVi&i_ti#5fDtl``VhmZ94#8P2o^zBJ zi*&IQHdP?9B|auGF8}*2j(S_2i|4$qO&4T##gYKD+>;nPt})?ot-2i7)HcO5H}Z86 znPM6a&=jXB#oQYc!vFpoNqLI>3+ZmB3`1lB@!iqJB0MFRBy#zLkjX4BYce89grk7` z@%Jg=jK@Oa7acN%O<=?OZEK{!?Q8m_&1glps+7s&q$ze&pKKKZ8npZ^ueas(zK2WK zZ|J!d|GzczzkHV5|8}>ZmGS?##Fo(T{|9(#@&D^rn&;gf5FL+3;-o*5ptc68bRp!c zRBT;O#iDoTEczV8RB&yC;w%hxgw?~*JC+_Lgaa5>$i{ETB?$*;+tJAA$0VdYJ&aP4 zT;gzmdQ-=dmTuBSZFhUS?>H6sRVPj;1Lv6#b1wZeB;P*5Rdc;x*z8wWxgDA!WlxJ8LL^&G61(-N2<$BLi7KZZXKnV{TUwNodJwbUE2B3skhnQWG-PJUEONVSb;(~TD|yc1~et5=_1yzs!%`7IQg@K>)s zZ=&H0iA3Pz{p0M_t4$z|jAMkbnsIM&tTf*Var5~L6a%&{RzdMf1&UFWe5y$J6p`yx z2!NqdiYP@1iBi!-2T46YjmBX2uF`&Ugx3xG5~SD7RclpFT2;T%7Fm^uf!Ht~&ipt# z%QzmBGfsRK1^g^!DGuxE|InX)+^lOv+xTFvqn@XT1}`6X9xtn}GEN9|@-UzBSI8Lr z*zatziFR9`@{`}Z^g4m{J!ZkYZd{OK+vq48hSW#rnv>CS1SWC>?HwIzcM&8pn)93qy%eIv1(|6% zq>x%EL44q8<@)L~Ic>BT%>;){Fv7_gOft9wzxVV{;JczI6`0$NWkcKxGIK>IWQguG zv-in9$Y+I0I1f!2X^d+yLJX5Kp^Kb0`qzXM z36ppGDbx@rY>0>9EVpSRsccfp=7Ns2S3xEbBmJ84B!iQ}k6AD#l_MM-p`&UlYj{;# zAsh6?G=55>y-Q3(X%&^ADZc(S!sd-C0!RdRS|b{fz^f7o6-p8fES3Z(WU*|NAH$%o z2zjmbS{>d7XuJQs+np%>oxgtmY_~i4Q)n7*rT@!4zu&z-Jvi~w>vWYmmid3}Zk6?a z{hi%L|MwtI!CiHZ-cRd2TF67_^Jg@{91RJH%muUO97YJE5xEj;FiVNFuFY4!W~pGb ztnctG#fmX*R-ryN_~yVV#vg)XthvXR?xGjjkoakc1gmk~1Ye;Jjw#nBUU}3+8Pcxc z|2!|RJOq1li>S8A9G4fCt5eM{`Kts>yW{#ln~*Rj3HQ=?`BlJ@^}pS#-2ZNGH}M}H z=4osHh5}~(+z>!+H5!t<6VTVewRZs~Tb$4+9ii6Wc&Bxz0yM&Z0qwty{skvQj!vX! zs^fh6)Oq6Qw@NK44U2FP7(-$qh|8N@xW1MKJ5L>vWJp4GrC!^%Hz`9x{0bQkIP#6~ z>Q6|Jg<3#noY*BgPdcKRHi74bo^k=J8;+JO`+~jY)`hchpi&D<}@RZ)Mbq^C(}!k?6YZ%6M|YVdR}ka?Y5A&k7GQfAx$aa-aoP- zQ5Wgn&ootkLOFuBc|}mH+*$yd6>L8>54O~IL*DBiUsXY$N&M= zVImw{$I9QOa8Uq^&T~|{oGNp+LAeFGd19DDo-~SiC(6|`TBOu^R&*l{Vv&z_`|u~7 zo`C8dwcJ*Hr<{Fl*R1Oh8}JN?v6P18IF6wsp7SpvONaESs6%v0Y|lOxXAaJ$1tVkV zKA>PpUklK^>uF0l+EAu>uiu@BwBUyq6Mxfl4o67YS;#_+PmMH>koP9acu$#FNxNUs zc-7ifDV+-(HT*_@Gz8XZ<|bHa1oS)Z{J+!hK5OLvhj_{%#&Z3b z2{7iW@L6rNpF3QIBXuuw$azMRr-(*~C4uzMF^*XYW2uHlQrc=EZaZzbRT0v~6&X$# zyO8Ww`K)WbcEMf~ZYuPYv!M`V1D3__T0yn(`Lhs$N3QIcOJ%uM*x%6!d;wLrB*@R| zmK|Zy%YCbtuqUPr`dR3daV}6jU#*i?(d+4{7#X-kusY}`q%P|0Z3{#wFp5&!3)7lf zMK!BboJe{b(AIU1p^P=lB4x7WV^0y^s}|RSrtI&j`;+3tkJN0FH-njW9L7U-Ni370 z(u_};?3{F%d-z!mLsOd0zKSoswo#Xa`iVw33};UbF|<)vacP@HfMcq}3k@XomDa-= zm%>U5;EPRvd$0j`ejXsrs(rajHg5sE$6Ct+<48;T{My^;clX>?{!^BQ2@8okln6vF z&eDk+kdTaVAqwy^|DRsj{=46Mw$p3mzlV5A@*lu9S*OtT!cv7Ms4PM_j#uMvr6Bh( zJ6Fr8)Cwl6(qC1t~t$*Ryi`-+p&ztHJ+$kmrl>|Az6`G5#w4Fla5>4X_VwEWoBN;uaYkG(9HeOyeF-v=GT9`Y#qIS-Fj*U=s#YzT2EsZ zi2px7&fyCw;XlzZC5d*CDS4xzsy7;{b1y?n+{;kWy{tZY%mODbd0-(OE1yxTyBpq< z&7zm&BajhY{=SfGhBEgg)K{cSf!C~= zJpc1$_<>sf4@0tro9aEN^2K((`P3 zo~p0dWLsSI67Qva5SLVEvYG03*Jglu*Yh8c-qjwlxfw^@d2q@3Z>zt%Q`Z0Vq@8ng zWL?zelXPr59d}eQI<{@w=-75T=-9Sx+v?c1ZPw(SPcz?qvu4fAUv<}Ar|voTRIPjW zInT3yy9xKL8_NCC<8=D2eH*&Y)u|*ZZ2b+walVgHrAvt1TcI2thwG<_O+|-gR5)KI zca>%=#_ioH>|u0`s+0j!Azuxfv?A-=@z34js^|@cz9PH#`uEJwAxEQ9)s3A;7tBra z^}D*<`6WxK-oe{;zEUgekTfOTO4||>R#U%-gnXy2e7Ecrz{ z*K}bY;>zed!-?t0gG^=b-zaSpi2@Fd0sx#qS-aOmVK8)Y{3S5Y+O%f31%Ii}VmXhC zVhPA@SXypH(3j2GP}zDaaK!QS;_k5}z0uxBJm1B7;8NN*X+uDvzsVDj>*MxgYVog) zBk+zWS{);k0 z_YH6f(Cps$g&N;VZ(2ZnwezAO`*upVsz(g$ZFul9S3=+?l%h5-+P zSq;>!?p~vP^L@->eI`V@MQ5dEoLVx8n*CVPNpfXUn11!+W@$eFFVY*^b(+SIkd+_n zu08g2g{3D?Xa(3M*lfYqxb+E=Ue5jTM0k|^*0q~6E_Th!K8GzVM{rk{A!)U%f(_#o zNK)wKt1D~igxak1u57NNz$AH#0t_%yGI1bhrIzGs2Ib_rAK_AQcIPvcjk4nusEi9! zwL)v_qj0k_OE#M`5v~>TtqNxHP$`kBjBD_=rP5h4r|PRPPZcqtQ#3GgE>I*8>~i6j z3QluNb%&)1Dr%gzLM^MCv~}Dw+XzlOF%sjcEuki6kuT@3YTaoAx36FmFr|mu;?L$o zqRv+07R}~s4rl$Y@r;{@&+#0xp_uWf(&9W%HfkeRueE9(r;Sl+Hd(cm16#~pbVDIk zy`%yC`5BcWlPrRBOb&-Pm2%|3YvFp#v3^{A+_5MTfTD>qy>CL1IYe;4lkJPR!fwKi zARgDza9HwgUKtI5fq0l@Z-@922Lz zfk?^&y@FZNU*Ev4#3KDGn(P?exKKNvgc^fhVKK5djgZqxLJWLQLAw;$PfDKvRdhHk zq$dhtWjKcEMJ(Kzgxzaan45E9Tx59pZmWxR_M9!_@v-DP$gv_KS7msBrI|<;M>b67 zWn8KJiao-6L?-ocP%YEy+EqB3TtDwsJtg@PMBO*LV+BEa3-O_Szc+See>f*$ z5nKE1fS|$MUt#?<4>PZMq_Kp|ko?_a5*QflID!(G7dNf|)X`JE&oK!wSN4sp7blC~ zMtUtB7d;muf(vxlg107C9ber!QkgP(5yKzsxbZ6CRN-TA zFM0>TeRbIL%^RXE{4P{*Eg}f{%e2O{^H+uMvk;4Dt{B(sy4rME^tZju> z*nWjoHR1U)sN=6T(!<3DdPxvo%mUHX)ODfdd07Hnz>J~M0HJFHu3f5K`r-nCzulA4 z2H8Ss`qEF%-iZFciS3uUkxMg(eNZjdeu^GWoDT?`f8Z~uY9`K-Zrm% zuYRak7RxoeB`y0-#KPgewb2{t9VI32sj;+_vzV9!a+zaBDB`yKh(mq{0VZ(LlFpH~7|aiY19r%Q{`E8KjL z5rp|6@!DOG;BGoIxm|COf;7>pMDCzyIAiqscvy4@YGYL#K9#toO`#;P^}mE*dR?TbC-&K%43vAkuAu259ufb#~QR)xe!xLU1ft zjV=49U=-gHL+fA4)|_%e`%=)ji*ax?-oJS~U09R&CV)m3P<17Ztu0gTV3u2gsG(K1 zK8*IiUrMyrT6nqa%>&5A<@vpOIu4J`*JGT!mdl1PzuD*mTwiSmGEe+^{xuXqSjlIj@kVKG!tZ7oJyMx> zKFdN+c&DP{+PF8>MG}~eKQ~vm4jsi_rofwYBR-~7n`?nDl2d)`&XF&2MxS?TEWnpD z^$(UIUf&xtoj2dim6#;(q*Wj{%@)w+;SJ%lKajh*4an+mj`x;LZw$P9nDnu+zL>*b z?m9Y>x&~^k0-dr|u6^65Ubosmj$CiO5I(mUd?KbcAyFsv{X_sni+TiEyZ1KG`mQ=a zjP)yyWnbWyNU zOq!4^VKVX>;v(Xo4AIna%i0$J2}Mp+X-zTHgxvna!fv8^=eh~5YGA85--21{`_fwF zcDKzH%h6X%aaeJE`=N1ST7iooA_x8D1R^-Ao+P)y;#>?0cT_oN9-miL;%v(6AB2%g zo$3SS+~5oNNhLc(#zPG*OOv*?=?tC(kp$tQKBs#lKxRSKVSCa_2pm?t)~iDR!~?$~ zTHuCFAn=hvPU4g1`|+U#*ce_gFXyL;NZ(sVVE5(Alj_-4dW@aqFpAWO^{IN(r>h6~ z`*3At<%Z~|XH0QqlwDdJ*)FAtcoc10S`0J-GcH(&(w`4F?jP%ptI&3NZkU070nb4} z#JInIQD(ZDv-nV}ewRHV_xGz>^u&jd#S<}xpCw)mMPtfa!ZkYOW8=B!g*6KmiBV#K z86*=Rjto6=tCssKtC)mb9QnBNf1yKSN1BVb+zsrh)!q%@?ZO>}CCeHejRHBX@8vS& zlkA-^>yYNi-Wz+Z>jr6G7&2wGUdvU7X@#*=oDeM06)Z`iYF&xNk z?PNTJb5RO?@z-EL2|onC5G{aLS;=eNk9ja>4rk6O4uL0IhO62_@cq7fYqz9%p>&J# z=S(QM{Bf6XoHvba@AT$OZt+%WI%5!80Fx}3FzG!~zOFz&&g*qV7(+mmy5FO85K2~a zMM*47$`lvXAy!AcacqQ<-wtv{2{XO6gqc!}@H3iD?LLVy`?h(gNPJz2i1|<*cx}0O zBle&Mb{t3~Dw_y96H24>@7*AsSrE5Xh}z>zi6+=H#Ft-X@22Pv4+!n^r%Q^uzs5aQ zieQK{sSXW0Z_$y2W~q{DN~t9&*cW7W4~tM3dxIJ^a`qYq!HHpBc=9ufg1Dks(Rr$y zKlEY_&EoQmP??>uBUAP=va{a+y8yB%b3Dlb3ViU9G*sSnS!U?Oa!=)_8KsQ^c#o4Y zUClyMdp{)-OQ(!_G{I@8JKEwzw}YFo373Nm$zdF@SMe} z-@t@J1dmpau@p46+=Fsd%M^XsdEFdqTpjElZLThQhgWr%uGPenn^owhoP)95mkeoF z#revl(-eKz&9QuJ^N3+q5|0~2Bo;yn2b51#bB?M}bW-y)l;xBnRIO8)h=@_lFn<1x zvrkoxgRGfAWim+)B2_3-*I)F)w2Bs~xo0?afFiI>cR1@ z6#EZZgfOJ6yg{vn;f=rs!zw<}51(-3+U7$tQ-T|q_BLx`2CCJIfY2PI5hw+anyM(r zu>rcwxqT`UlquAg!;VlP2gLHDjvzV*M6J#uS%bk^;SqF~Z}SRT8Ogbz-#PJDwy4DR zIZbOM#0={p?4T*F`&zJTKX}Lx4iUa8FvKval=mI*Gqg^(5}ax|=LTTdT}o(D!N3rh z?XvHjLx5uRNA}x2&hL`&rlYb>GVGFx{4y4F50pSQ#OXlS2sy_^U`}ymW*KCTVF^-C zUXTobru|<)ZK_4c$QAT6P=zRtECnq5Ti47#HVaOs$BiW8{NP~()W{hB-cF$OY zjy`G|B|ezuURgw_P2ty!%{OQ7(SaEJ%U~=-JJe&TW==OpluW!A6o$4NO0JY)L;X61 zfzViS!u|y^!UtqK$Fbiz7B8|iAIukvKW)&5S7$ue{9VBIc|I^l(%HEt$s_~d$t_Zr zw5ir+Hu=z|5Jjw8U>30;(#myG+C^Mf1~?U?DLSI^^G4|phJF7Ll;amAN=B?;xvxmv zR;_YsL-P>8Whl|xY3E2J*5c-5mk|h!B-9!#U&Y=6p7mIZT{qiOAPsOoR`#GZO4e|x4 z(`|>Kyt-QVKvrgGiSL0T2&sUaq{MzO`s7@?NkWB!kGih3>E>74&2F&k7d!XibS?tx z`+&1MoXC&&h4QKN08|o`Wv&l)&j(B9EnCFG!g3jiwaXp!hy-rT+zu3YJp3GbP{pXIiYG0 z!+s+aBJeaq%;v5zej>VC6H?V^>RU#b6H?#nbGUJ*cLYAQXk{3Uup+f(rBffz!^yFB z0Rs{qY#D_?)olS*Q0KCPd@4o{$v8zcxDe--ey>WSP}$t>PoMYt*ZVM>#8egP0686^ zh9tFWQ?(3Yn376#Sn{H#uU&&^9=XIJ+3XaKEL4^;61^-&b568%lMhZIqzn52X5TzS zxZM~O=D(%vEX6K&#pWZkF!-`gZwajC7(D~kp5U8s#XiI9tlkGLM9SU;>+ydZ{aUsmosHj~hhFDY1(wv#;-J%6aM z1~?u?fMSeiG6arj?pM1W$pw1-MFB0!l- z+b0+cjeYWB(hFA(nGbq7!k^wTdGB=rbWD0Pd-5^*6MZ#vIi35Kw6U8OV3JIQJoUaH)MWT749t2fK0+>f^q?$A2Vw4VUo#(mr_qUmAbXhNaBaY+ z_?+p%h?m>Gx&A4k@h{x9ea%kP#6CDE;;@qs-c>juKTbk}(29~iFI6x(4Og-R=ay`J zh1S*J%=dEfO3dns5_BlG0A{viWa^H(p@)Vh?Lx-cnAL!({s`h;7zx=Gh%lc#5B*tr zQl*HvhTcNTbWtN-enQ@|KH+k?lY|-oL5^FyAD zi#?z{Hb#FsG{S^PHDHS5QYp!vay6Ub6wOg8);^9B4vGC_W<)Ni1q_lfRxV)&>UV@7 zCNZkcY>>z-7`Tm=AaxRWf_2)ha@G)on5~5{eI2oXL=Dcke9tsS6f93|ok?ulWYAEg zI(8imZe;F#j3@~VqR+S+HIidWe&}2Mac zlVl;YkXC8_v}!Y#N_S$`w+p8&#fAPY<~}JLj|F(|*j_5!%`t9@X$wjAwzN>zI3jH( zWl^ubItGvhZguvE{;v0NfOzi-GyvH

EVd7kZTUdzAjA9m(Xkgq4O?*q%E4v6&QM zGSG4`_eN-=9BvVKAt#5zs!7cK`AQJVh{3~o{*E*CUgT=mcI@vh&sFeUHvU!PPEiUT z840H|-@AD1GK@oehYJymP+1Z z4|okhXDfx{3X@@l;GEicBfL=IPQ*mpqBOQGSKCfAx8JyVr+;DM?l%~8O0kBrZT3;6 zL5nKHgsb495+xO8K$?0`(T*zN)aKG|&Iltj5^LKqzNDwBe{V zFQW}9p^uu+%Cgoq7%A1%a0sTrgn>?(P!R+v&7=6bpbjY(Z-jt>E@$^YG^-qcKXSq+ z2JE$jZQ@8f)wY7;tV8?#kVZF_Ul>%jq~Y1m^4GMb8C<`@krBVW1#ekA?$@x@?`Nd6QqI>1Yky_l7Dl;R^gR& zFVn69XobU85s_qQ4vJrDWH~At_W8F(U~TXR@7Nn+o@0oFu)T)q_5(V;0C+bsI=R_E z`<$ahwi6U9eyFq2*p-f5&22Z~^@P^_xK|50=blOJfJED2%gP2a#NqXgE+1FLx)7>F zRyn))LC9EIpN2y0Z{d<6wpb7U=0|{$-By(L4s)B@OYSNTLuRn=cpPEP8X{H*D`KV( zZK1gH;KqwQZk$^@6eyx(XA=XJYQ;6hz6Z6mZiJN(N4~MKcV1RP1EcEGj>Fv>{gpD! zj})&??qXT57(zB!=#Mr@K*WvU(tJcd+Q=FOaYJuQGiok8;MZ+r87c9?n0*Ablu+D} zpi0-lApw`UXpi^w#gB8_^DC6-X^g7$gq%ZAF`34;@1E806bv>&piZ39VI^EN!3e(WIm zc?CrHq(KD^r0;Htu?9zcAphkDO=+$%eysaib~s1TJqgyT*I+H;uQ}~u4Joa4iMvY3 zm0~GfSl&zi<%xZRE{+HF$OS6v5f#1~f2wYw1_VASu*bu{i)P_eXv0L*-Y+AQ62#)o zR4Fx8Lv0_5QNO|Il;ISk5XjkAq(Y!eg2_2C14~{_+f4I5jyBTgplo0SR6%bacGtUz z1n@f5n&lY4UOugLu)_|DeUIniC~i$B)tYL!(;K; zqEsUNxJ9?61QrT?>y z7ZONlA4-}{79om44E_W0m;pj*A6*YQXeLxUmnyPOxin@ls4hbIx0vS8QX0opQ|I%~ z@g7aoJoK?Wz`ariVP)9!auG}SeXOT*v4U4d^zLZy4Ik2z6(nkS_Y=crp>uGp@4Ez& zyZOvq{){?&E4DYTua7p)bB9(SM6b~4QGkMdbxlU}W;bMY9O?~!iC#Ymv;y4l&G>@j z_#e52%$X%#s2gY1t)Unh&M6Gn?MaO>o0{E?8W{iD(p=o|XACy^)< zk|GLua(Y0F6-?LwtKGn;tl?`(@+7WRp0Pg*c|fdEAo4`+%Fc zX6KBp`WAI}qI49Nzh#M#($EA4=2%O*oY`;%5*)hTmd!~5<0e?Pl$0i1@wkq)ywnUW zSzD?TicR4X_BTGtyhuj>nR+QvrLCY^k*Dd`H@uz))i&}kk=`6ZnnrCYbg31#$obkc zq+c~w(=jbKPzYlvCH{n5;&Fv#2u7e1>uYI!;i5&(p5tpQlviQVk!?}-8RUR@nmuty zsz@iT{PWZ>bcQ?=aeGw+Utw_b-hmpkfsgnbxbhce!H%GRQs+bv3On73ps z3*R)B0%2F*b;eP%fF&&$FX4yAe*OmUyF@WXj+`)Uv&t5&nck+kzS8d)BvbJ}Khzb& zA|cy$Ie;W}PU6|&oWjlQxTqFJQ!5SId$8cx{(te-FSk8p<+R6UhU7JKzn-Nev#_~R z(6i}Tj_k8tRdvXu^y17^?t_VADn*lLJ08j`x{WT*nn$P#2vakJ2w~1?tuU&%-*~VF zqs6APd&d`kuUHlnM*<2d{ZpDSH#gh-Iq02%LsG}GWt(f#9fN1*X3n-@At_3FdLR|N zX-t8F-)Nu$H3hO9&+TNKXVNO%+%3b{F8N^VyMIzgZnnY)R z8nsxJ2IiGM=mc^Xjk8elHf@fz^klKc#M$QcFkf!{v(c)~kkb zDga%Rzh%meYS2^!3u@+VVKLuzp4&+nD>$rMF<8L@VC4KDY5n-_NZ`OR zeE92Awe>IQxI=p!#m}?9o=}eTICptx#Sz*+hfW3}&<>-Yr7SLf_{>x6G21BK;Lwv% zN2-o0S1qHKj|A1uC&0M4903aN?A+<@R2js{QmGW6!izi$d3D_^}=kNV2X3vBrctwrmI?FY&fY# zRmeCNu9E7{tx3+(siHtG-svUiAwkmjqR^8{&&^kd9PO%TCy;+RO;r_TzQS z9Ez-JYjVH}oLwEe(_0N&g<&aWsK~ zmA?GM5p{p`p`9a>9z6}sQ&;PJhw`U|&n3it_l8yairU1E4VUt`)bs70Q+jDz#*d_( zLs|<)zN6&a-f$zpg|ID8&BIDXR>k~pu124mvsVsoF$ZS7vnVU)c}=G5BU_QJeo2kU z`~}zsmBg-hRlDli0?;#W#+#WPt43p~f}dSXFB~h+eacXa1zDaB2_^~aP!-HR7YH?K zyk=@a?tA{ROR-!g>>{b&jm*})go5654~t$^7CO1@O?v$uo0wG_R$RaOcQr6U9<1w? z09IMrysW>^;_OTTuW<27FnPfZ4~DCK?=G_og|!@U%YA7X5aXv!0dt+fMJmhVd7Jw$ zPGt^vmL4rFa}n;lAMB^p8{~8BnVm%vwe3o%)4w?7bMG#f`aM#&ZQ=%~d6+&)2kB_X z-I{00!=YVcs8vrACsfZBFOMCbqP#C?LJwcUr#dfze}3M2Ujo}U%vhg%r*MJMQ0`-R zHQyCjkZxt5e2%tu8*?1Ht$Kfrgbi)5d}2HvBJlPSfYmygUl8B-A#(H*x- ztJeNdPbfssqn^@=(rK)?Y=uw(KgQ5BF*MfjfT8)7lnPazSR206PwiNT95>FSN-26u zodRE>IYii|M=2hgngg)qNBW{qj|ZbG;(NFi8!&znP$i(LcBnv zFZ%cX#0$zY=p_~Z;d*e%tgy~J^A*qM9|<&Jt1--88R z19ZNzm0Q|6P)t;lz(Sm_baM`9mDKId_P+WZ+kvIAP|b#q0LeGH0nL7kve>$=yQ8jm z-$aJ(@q0cllh5wPk8_QDpnHs2=DXgYn98+w_#R;`Ki<2f)Hz=^op`zaZjkP5%%6+x zHEX8|!{o7=quTsed-xY`q0EzxVpl#>k$&UJQD-fs9=P)pJlsyX6GR!2Ht$9TE zdXzcZ2015j6}Z`g#QgvfHE_X8N_abAC5(O-VG>#7NO}HUColwNP<1rSD>b8!HuI}V zyk{j&%2xpK*aYaVi=%>g?|H9C^d#+t(TC`ka5|QK-vFIB*qx}ZTUs_~dw7){>Nx?y zVd{X_K2=x(N{>(I$-LLX(&MfOD|MBZt6M`hT8DX6zRwY-7nY0#3%{lu-{2CH<*h7n z43n32K53kEDVWQYk$N~zjEDoe0r+H%eIyQr5qa3%CP!Wo19@ux)w$Kkwla5*CG*0e0oFdtMh0UVrcurs3Tg4bYYM~%$0f;-l;m5`&JvvHH=MtoujJLA}Jm>%tu`? zN=nqIy7_T`Jh=rkrhzSg>PAtrV;F?@Vh{>@Q6h)rdP7MIlfm(S zR6Mc6X0U~aI-IZncRh|Q#v>ZIe2?5>SPShC{v$Vq-&l5+WAiM&K0bkbz#`w9Ewc{# z!x0D$!Lk$ev&aJKGjYT`kq$6nO47;ryXfr8#V^dkZwin_lYHe79Z6!vof z>n|F8=Fs1Gp!4c+HhV5$@A&!w)Rnt1$$=Xec|G<7^>OWKWb(4+Ka{vKXMhIqBeU}M z#n-C17U+}m73Dja8`(>P3o}Ar?yBp-f6j)In+L>i!%{HW?7X3Uvlj%3fEUE#b$5N< zIu0O1fq7AKN}OgPN6ABZO&xvs{(Hsk&+lB()+rRRmLv8aQ{&@)Vk0U!Gyb(EfN89WO4zl&m(vuT74M@53{NHi=S+u?tsfEnm!P{*~cKmz}4gKghI{`U)zI##9C>Z5ZZnR>EpUHkb=@ zOL^*AMeyR{1HF@x^~TyoDFvVafv|_sSW2Y{cbcf0sUpS*qA0S%j2CoyS_A7Nd#PMC zd93C@RS$@~R8xBLbct5j9gs^|z~W1g5Mb0Swr`k5E*t5s`@1krL+KwmuR_ZalK7;tfe@!R5KR3fwqWw(hLC^+`_y%4j# zP+MLMp;+TsfwbCMP{;MuG=YXzerc~jBk!MChKs1#HRbIX%u%M{z`=2g zI|3GNPj|6+PnhBg&;w$ocNq~#Edp&^&Dxzl&s@^)w)(lP3vyKNO@D&r$Lyjqr4dpi z8UQyv--ZZkjl-3QZ$S@BNyl!4>?u12U@%YvLf-!{V*M7xEtC!*OMN4?XJJ|h1k=D9 zgl04wNuW%nXM>5SO~PpFV@qlCmuGc*JZ8P47blrvn}jKQbTYR-^>}d!A;xoo?(L1? zUfbB%xV-qh7P3A2P1w}d#n*?u=Yz$!b>o^HIdZ2W5Z%d$pYWB&iZ;%a0sD`N}<1UJlaWge4b+FFesQ3(O%f;M+w9m?~Zn0ijYtWSvZxM(mZt<>t=GEjJVtjBpz4dlzo7z(GWVq7p%Sntbr1S(9pK*WmQfpW>Hfe2FDS z#M_Sz!kmGAlra+7*<#cINC&(G3XVh{9v`C^n1c!VPHc1ipOcsCa@iC7UZ3ZJhF5bG zwb8@)Z~J#L>dsnPwt#d1uU=GfY2jWeUddqOfAME0J?B@AK^-3g9Duy|zr0IAjx zQnnryv^eDQ9YcuQ;?P30IBf-4dGUeST&nOo25>257oIm(7z0)6*Pd5>*z2vsf&f+A z3`8+zkTom}bpKKezkJZ{_`$OCnxe+h(qFmMLMU5VB0XZ@toT7pvYXJiVYt8Wmih#P z4C1{&lVa1LlF{?^WaXk|@e8m!m;$^e6WRnGh@j{g@bWgWW1l6|`kBD&-;043y|XYgZwxX@c*S_;;1R zQQv2(Z^1+bC&3ckZ>pha%eal4@j#bwsO%n0%2%(U8P5WWF z83;j%0FwdG$Lu9XLZxAYNG+(l>&3rOX7uotLG3ew)PiaVk7p^INlB+JbZsrW3z&fI z_U^EyP!Qdj#gOl_y~)$sDV}1Qd0SQwm9nCk?xT$Lr%K9&8srQSmL=cK))x;haUJT$5X>847J&P1XFsWw zMg}rXIBO6PpUO4y{0sVsdLbxl>B^mF7}TfUI9-AQW_$>(aU-D#w^3^uH4c+kc*eBa zebal>8ClcfS-CC^G{}Dja|;_L1kuhg{x143_HT&QQ zsMX)8nnivDyx2JXxKiB%0vY6@fU6)qY#=pT7$Cp2auq`c>2L}cp8Vw1EI5v>xd{RB zo0QRD&7rm$tV+$w&`nIkCB!zT4(s=3aBw?>@m86U8)X}J z$~^{Aa<{cj2d@;Mj0fW4_N}R>%kb~;=%fmv!`P@_+_GvlCl5^ty333cEC8GHY1vKT z1D3Z`Uu>(Er=OQMQoh&CIVM8Vm=-4oC23JJEUxWk0{(I(nQlj#yvBNj-SFcwqb5Mjgk*|pTi13wa(uOB6;h}QLaM$$hEn0$=RmbK4lGG=3e z)Yd>r)ndf^ch!04zpd)1ixk#C?QfMXX7#;3EE}(WF1uC0blQuDR&&pH_uElI+Cmg9;>FJkn$1LvEznHg#95gd zx397c1m=FMO8Md2YEd}y=?*YXJFB(tPNdW+K6jd0L62I?%bYU^62F8a6{=-1_-2BN zfq5tUSg9hzJJmsLEe9t#h@D$KaEmF9Ir!~B+3AloaVetrh*7eH?oz#U{CSX)#5=3% zQZR-z8cL=;q$p61q56`jUhf+B}~qBnl0v=r;c@H>RKQ|SQ3>LAlDAol)ADF3=8Crs&3WP ztpr5ss11k0ri70!Frl2Pol>(pt;>>E)h1bX=N1mPJvrv^@1#}{Uo8#f80$z_kffi6jcw!SblOw-*|0*(=uj1iZX+u;lKaPzOj-k62^ZGJ##v(GP6G}I0(m|GPx ze`i%NY15_>LmC{EP5@hA*f!)mv`|c=|05Tv zfa2-MQn04Z{r-dy3aFbRUB^jjU#(b_$O&}0{ao7n`0|agiL$`X&xf$N#=wE%h>3?# zoBzKfk>Z`$ zCu{=bfsM&x23i?+&v*13;p?PMBFU)pHk(i+`fx9!!h|Cx#;0>5;& zB9!i{GNG2N6O2x4+%2f_ z>Dj%dNk8@5fexVj&qo|8E8$3AnVK!Cvl?7E$Kb|rUl}0TTdeo`Ghk}tpnHKdfHof3 zl%041d~5$o<=P75K8poP9`gN&>cw@9U`+u6Rye2e&j?Spon7~`Ulyu*AI*GrMCJ(h z0SXy_7O9GE3GI4}*fbC+>rl&Co(726Uww*ixt4Y02%W(+sS z@V@85%|GA5BCFRw{`gozT|Xud9(d7cW6*N}ywvb#p_g!r|4#hFM1pLwi7JghfYhyV zQjBU~9c6K>>gk*8O`N#GpkI zIPoLTX)k&`U~|Y@Ik(h1U-Rn}^)r3v#*feOK<*1_-SGNiBSA}O-U$gmbz@!MX<{eG z4k|be0kN!wFm!3qpFPyoa6Qz|m^IWtjOlwGSImv6G28bj830kd30zGzwU)ERUw+w} zfk=q{GxNVoR9KBLw{h_AIu_~hxRInZ6YMhEnm3GMu^qlavXYay1BKEQ7@ThANZvI> z*jwc#QH>ih!vMT_K`8%q!0_7^A0&2k3^T0(1Y~hfs9#e=Dgp;cNGyYz1?+A|t=8S)8 znO|NQ0Flgr^Yc5=xU#wTf>Vv<8qwzRcqHqT#3|HK(J$(v6>tjBF!3CUmBZb~p06@x zxvcEO)946M7OZ^(v(*i|BzUN$3e46TiseOo-~(zgq}#M$GQ|GN)M43ukP&|y1-4&c z3o3`-1G`TCKUqONX^0Lyh0afr$)=g*=~Xx}OCg)1*odqKybT|MP{+ri(U6dd)tV%HX@jC5^)LHr+U7g*Wtw#gKL81v@CTcGzp%awhY7rOf$Z8+q z&k+7i0a+9F*6$emJe@a++~<(;=tzgG(8oFP#aVvHjL?Vu;SXmh3ZV20vh&1))Tdyi5j-unD+t=#L*NAF zcE1U=5=tUbzvdayjo-{mRw7 zBXmR_>y@jVW?op(dqCR-qC!E|)ai$h%+zfYDTbhuxY{*lwX9Ab;Bu)|oZ|anw+brT zA+l)|s-m-ukSqw0xh94$g@dlt##AHR|9QmO^`H&ok$3`IzUq6$;@F4~-9U0LCbOhu zOOV1&68c-BJ90B^Q96V{?4A^OV;+i9zS)`IKe%5OYobat3zm^JxImSSpfH?8&PZJq zhtwI_yC(sGV(vqk%u7qguP%MFo(V1{$WWh=IfcO#F=Z&(A{-Bv!W9TXrX$niD9P{) zO+X1m*7;TBcT@?nkJCy%oEd2B#NtXGN(v)krDiizI|+@SS8mA=LFa^PEY3kUm3xV0 zQE+RQz9hOQ@r03{(%v#zNcK6_z~b^fTn=vyIrugI?=>z!hCqK|l{tw$?^rHdN@VR& zs?LcYDy}>S{@U2K%;Bjz!3+mSz`h1z61D}y9ot*|>C4+k0_)=4#1h{>DRF3XA>E@M zz8aAy9d{KE(W{;9|GQo*i7uGa#l!$a)9*KVP8*)nXUAKImigGmkRn@+4`sQF`5hz^ zy|}|z9HknyeQ@r2PJRZf&EY_;`Pdl7sE(9GgP(xO5C6OUgrRTP3qr~ z%X1V+vkFcZ22}VB+}v8R`6ns=Yw-X1(qA3M{}<=}i$Q#~1UgM^T>9?!X=8x+gng(X ze7?yxuWj@3jLiM7H~gk|)%yFr*+IC*&@=-s|_!FId#uM?!3&-Ooz|DP-GuMV}3 z`Zj;_(<1>c>~!<3S)X?k?*FGoX;ZLoz|OB<rq=*ILHgd3LkS~@t0~t0QuhJ0N`@|KFgsEaOL5|cIGyW_e5kzL6fgklR zBkwP4&#y8&6aU81A~zHXg3}1g`($uE_qZFA3^K!Flz{SWe~*_FV4@|Y?3K@N+2PEX z$Q6yW?a*O%Vg-+;jSF2*dlpDa^0`sqiThM%)tYlr%Hd)!9f^{3Kj`Z>F*MoH{VSsz zEoEzX{rh5WdsNd;2y)*iswWL%>$ovF_f;y>u%D8YFh%UIo`L}|vTz#00SbmDIWT*~ zUH3oOpN#}ZO=RLfxeE6*`pz}YpPv%QxyffR5C==L_e$;S z1+8|UU3jc*_3PMf)Mo&<@IHNE{xLH(k3D8@=r*_hqgE~=AF)f}JlTuq+k-l*v_bw5 zf_Je{WQ{kfZJMdh2zBH-4h27JSoi&6FgBpXr1;U)$EfxCE}ujD1G-4V*TBse{=|P% zNf_brgSe`T9bZXk!Fw&Ei`^V#j7E~Yu3?ORs_2vpNi}bd>>*&b4`+edA2wndb9ZH2 zH0tr%ywTW?XFnh~kjAU;S&+n1>$KWq9~w;{w*thWZJEuvWs?7G$qtbxn$}v_J_-7c zxF>`NlFzQfqy>6|F|Edr%WjnB#C$$1bzm(SeKK z_qw>qW?OiBnyyAQ#fH_G5kKmjrq7rdO)LufdW~X97eXC#6>b1~&xNpktAJ%%S@V{x zaW7M*v0Kwx29$%5gObI|4RBfsX`#bf?^k+fy0uTACzF>-zD@KghH2t3fxrn z^)!20xg%`bxa2Q5k>_?MW&}KZxnuXpz}bv>`FUD6Fp8yH$nWQnW6#(JSWu-na=1tN z2k=aLQwqLEhxsD*ZJ<|-tx{^#{ZgEuccU03S&9SWJggdz3^W)H)3{z$ejrtbs3?q_ zP7w7>P6-J>2s>=*J$hY&UZX#HB<_ayEAr%)v6CFCUwh~Ucz-jX)-8mA6N}iDF$XpS>>j!aGCUUk2C}EDyjR-(6sqoN5uLIuz*A#{$lPpM19UET0 z8qO%kg(e1%G~*DYdQ=HKd4M*nZa?p!lGo9Wp%CS`LA#MlBVKH)s=4s3KC19vQAEKg(gn4Wo>ea(34E@dE7!)P$!7<8RQO%1Ij2&<6yJ!n4?5{KJJrsK984B!D5=6X z?rJY;twd1l-GqKVTA8;+lc_WJjikTMEYY`)_^wCn7fA#znQ0S^8kK+6rkd{IFlI%% za8~#Tgihiu5wdx?qSiz8?TXk{{g-aN#e2tshsXV zhAr|t*%8egfU0yPv#j3$i3f0UY!lD@UXW3Z!yE)+(E0g6OxR(_j)>+7RPl$%en%Oc z*67Lc@c0z^YO%{Gx<Oc~%zeOHQAyJiy5j>-Mm9BS^1Pi-`HiIy7<`dD`4MFRKJ!a%E6HL4^GQw?oOtUNjvgV@H`Z2ZJT;WDub2 zWVi(>(~PA!t3qc^By{7T5qq7W#vVO<}Z>7IjAxkmZQ~YRka*j)k4Q9 z8dweFu5&n2*Xg)w=kywEoYbx*q%UZUw!hK_RkEC0*Xr zPSGGAn7E9EJ+)+gYc7aVwppeWjZ%_a;&6a^Q?ZPdKcVQ57`Kp1uC7wco48XcV~L^U zutcFm8jU62R16i?#t}HK0XNN==>?hjA;T9Aa8Er=#6)SAoXD)VrRn9g!Aw9}4aF>w z;_`&?bT6cs6Rrgfy)bk6_AzAOj+NNr_cR`$R?pk=`rdX+F?f+O(*BKY6_=njok4wK zw1sdMjT6Fojj}{!`H3aA5y-2TsOR;bgK?rVpwcpyXtOHI&4qSjAqUU~I)P#AP=`2B z)Jssqkc~TA-K}n?yWQz-b?8)VO%S1qyD4+i32}9uIHoR*+`Ir+w6xP!?GyW-NbZZO zT{d!Yq_aXJ$}Jn9XiTGP_$IBZ^zEE>pA2f3vq)d;geuvCn)70-3Dc0f*as)v_5~x`9k|i2aDeGm;kUgyskT8V# zj8^@9qUP=p`xivU<7nIQNEE;1p{s4s$|>ZU%s6rLMyRtwQl(o>)fG}MZc+Y1EBb3& zr&x&f+a%Y_U$U}XmZ5@oHZmgZ6jM7HR*g&a5{5S*od@6rV z$rL24-q!QCRJ_vW2&*I)TlG5@5G^wbqJst#q(TVAw8B}++Rd%#J(NWqr|p#D{YXLQ zv}9p&`#OzEqA=e(Vna_|90gWr9*`^w(R{?FB4ppuNF4lU>urK81P+v<@0~VQ)j+dw zlu}o}5e?IS5AuW0VG+?oH&?2n#i3a%n{yKr8kJ-ko-h3=QReE>+ye)J@~^>JIw4W2 zbW*tu2sWEs%mSxW?f~65g>%gH3}%)(zW$!!nV`@ZPlqi0;fIdioTUZr03w265|b+T!izNN`UQxS!{P8L`t15i+P$5JOz+1mChK@4nQW=!iZjpMWVS^WazX} zDF9P0yTXwFQwB`TeZ#agOC!)(S&^G$8Zd%VE=<~t(wKz7DFj57;+U#hV4}72W=a!D zSDX|Sm1KM6-?~!;&L{sCA^=owmj;o!AEBXV`9l9N_rNO2b{3pvLFv$aZGUVuY{)L zeFVYPIsJnOmi#l7mjo4AWke$!(mzZ%F1I9*#FxHUFR5g*>LNsP*f+Ld(#|yc*%Yynu2Wh3u@N|mSPKul{RF3!Whfbv>q_8+ zD)w5iU7oP3=(UO$B54nueu@H|V#KaQi4z(Z7IH#3NfAyFPjQlF>b~yO9v5lCr%#4( z6i<}SAju*v=^>m9X`0{!3|y-RN2$Pq(hH5XHyXj_%`j?J&k|)%NQa_QcbM_nkX@_T z9%DEd^?P1V0-@w8pQXCwV(W}irm@5nBPhqKbho*bLHKMMXQ1v?GMLf#7Ns(f;j~<) z1iD<*QZI_a7QD=*v(++za!*|Wz-b@(7Q`Tk^J11{+Go~WluK5OHaHQJKV(;%4qPQj zH7)$HPhK8KoU0HGz)a{ znbVsuxNKFGg3Iz)cF_dbzx{i3^{{Nqj{-tE`QUTXp=>>_uB5B0`;2KgjpT3McTxW? zn^mT+P#+ePBbtZ%sw|unyzw$W;2YU>Pp&`JmGQ;seFYuh2??=^`6pL2{*1j890c^1 zK;s+DwCKeO+%3kwFy$5~x?F%71c!@D;cpRg$|CbHqO}~)H+I8cUE&2a^+5y!*Ip9- zf<485upS8$%6UE3gNFO-5^C@`A`EroG<4Xki(JM}2@;CKTf(}^&;jV7CnVq}qK<9I zIjk<5b;Tcj*~k~IW0Dd~enrLMg2WUUX|!--BAkRW24#$4;)O3*kvHK@uZa6Cu!MSE z1rgJpyZd}zesU9U#t(+QpU%+X4`(A@cj#yzpAZpuj$$f2=Rj`R{Rxi|fi0BWbfwde zwHWj*Y& zq&F<6?up<3uZCyD(s6gBf{Kpv8Bs?X{!tC=-37?LoJP$_3^*(Af7w>AUs@VlcA$0MXyg&f3=gVK-_KHQ)-|MAMia&YR+cEp9n%Gj8(i*K8e`!uDduZw3>vcs)8xisr=wI+yqm7h zIoq|;M^377%sKD^rF4DYeu-;A-gTS(DR|~5*f)yx+=%oSLudH9zk8n2Y%_A1TzlCnM96U*^{2Y{{p$+fe63#QQtz&0^0j{nE2y}l(Qg=LdGpndNqY(pq|<6bQGVR-MuHN zFz$9!a4@>UA=^MW@f;zJ=4ZZ^L_3|b3R0Nrgd(&^i-XccNrZAEStQbF_)qR5pK(_Czk*y zEx#d`P&O=Pmd8jdOs!$e!I#w?|6)4NsLxd)x1b~+g_5yWSk~B ztcwOuB=ff~G*(^rYN4&OSmY_~BKYZ@h;R*JOTqQm{;Y`bc{Ty0F>VMY37IM{E|sP>10h71yvEBJ&cTvh2eb@d zLX({g*%xd32&Kfgm*>|?VcIJsqWZ%xj7sU@ib-sh7Ss?8nFajJA%i12W5DyvBC{xa z)M9W094FGIO=y;S-pma{u$x-x=w8&)&@aq|k(J8hU8r)@*ZewwZ+Z!E+`^lodbNTu zNoF|K$fNP}f)_JN(AfMa`h3sX#Sih+$ySESa$znFq~gjjV|Jt_iEjiqya0GE`)9G@E-vgYfHqeLjPY12Ef+W zV*ksp>cBF{fc&BXZ=eRcTwxuoYQKnVx{l1LoY27MNAc=vevwE)o7fj3#>oLkJ9L`c zZP_L?=UAABno}HQELsJMly<0THigcF#=zDee>guJp>tu4l{E$@2FwfamqK)(N$XG< z_oaKHS{9sbEX};pQ-ouU{|x{`OP@k1Y`VfXPHx6C;keo%ile4;+|$J})`nBG5xO(D zidUz5KVAIqvk%A005@d`o!jd2xf~e~_lrdx-g?INYT}=`rWwXG#0g(JoBBI zW#>}vBod!N3uXgRpF|w-#)j`_`jUQvSz@vK&y?igd@$PngPY8{7 zx1~R^(gz9siI5|JvC(IcJO^?uzjveDQgJ{+ZCffJ#L6nEFK`nFvB6$e%~*$u3Muiq zpyCj6Y4Lv)lert;zcnC-) zGw*_w*~qA(B!nvs7@7&~9^k}A;}RFX2XxBRcRKB7t|AC&2DVgNe(7jBFVCYIt9LN% zbAy|NcoH%QNp&%y@kI*WL`?JJ0iDV;5OA&aXvlBlR1QM9?PEIKudHY)y_dI@ zk@6OmOhb#wGZ}!KIjVI%9IYKt)pOQUW!w>@ugnJsicrzGrC zfLI4hlNEuYwW|qS`GpiJC=MiF)s2W_R2N!H(GPa#7X(}mve9Dyg2q!flre4fM`5(Y zna%tQZA!C(-W}|nJk=`G!b0EK^xInrfb-wwga z+)SMyBi|J@_)-q8f-~~=3piIYHnoVr&V?W2m%MO~Pu!(brS4xrm!dTQM+O{DWbF1! zJ@c1&VK);YdzDX$6c6NHZ|$;zq&;;ldk$Dl`+J}o~sNfJsLnLwk$;UoO6`|Upho9 zm`lUC3oDjMFAEtKUqqcuW_XT>igp`gUKG-%4W@i8&-(Gr$iSLB*ZW8(L&-mspmpP6$Fo#DWF zT`=Zq@=z^VyXVc_iw5kOeH2*L2~lj$;$76(DOK1RNFyx1Ezbicf}slMHW3CDPRA<} zA-Q=syb;nd<{Sc;1h8^T`qUF!>SIX$lj3hlfQ74%-v55iUD0a(c($)*&~VRP zk;^WNeqC6f#+}KHF`B#amE7urNf&wB6#J`7%f; zE217zKbLP|Mgw2=6UaD&Mh|Og7+}WGrMy9X3vC^{bF5-;u6ImvPd}MQrcfheu~igk z2@Ri<4Ma*Ifzz=pkcRwU2+}OxTnb~EG%?{5gNnhVC&8}3WeL_CI*uk8ArWzRI7_84`2QgGtcFLxknM-a*g8p}8g{2R;%?^|#p{VJJ?+P`Cn#0~kUaDnOG} zneZc`G8G2jAJX?=@7+7$^$Fl|-XI9F4h81L$K%Z9uss?AO0R?-JG1DJ{I49hkxNBR znVO$z>_#&%rmCr2J(D=Yod{fMK;!^{>6MHkPrY=2*^fuE zCe-^#J}Oy-tyRSWNOL3zPhijjy{bg>z-*`}hZ({w3)eh>3>{m=5!B+eF&K+B$Bin! z^m&u-r}@BHhQg}0|6C;2^r3hjLn+;%)fkE6dF(Q*8Sy%sDX}2Sp&Jan*hAN>ZlcYK z)mp}7SCy*xCtFi1D>|`;%&Vd85p@Hg;Z;9WX)X3X7PhQ(f;iK6Du^4TvH)7gmm69ybsJmB1vauoVp59I>NdWoEI~4&gbWf;j4x4LSq1As5Z|DKEYW)ePh~jATUyli zSu_^gTnA5+P0W%cT5VBRW!e~1Fcp>F1fg%hY{X@IGk7yBrGS<%SI|+2JeSG)+J#CR zB4i^#UorNrCsu(>@QeJ|^{z6d&{@G@(&V5Eqcd}c3GcsL5Fi=xWJMY9s}N^d1Cn@% z43`N-R~Sc~O!-`*en@43lsio#UAcv$WAm%X!aXPaxF6Fr^idMKlL_(o2c0QJNmvbk zZ*c@b)gu{##1ug^^+wa=q1_$I-ZJ9)oPwd>JEHC%>uHYvtQb1hKmKrjc;+OZlO_9T zi2uK{Gkjf$|2*8<*?o!s{2b5FLEqs-_`9qcna;F}DZ0O31wp)K`8n~Id@FdKBNeN3 ziW7A;>Gd++_x3i^@O8CTUVZK&2i@P>3r*4>;00xw9tA5SeoVaW-a7m);^bXT@4M&@ z38Na$VPKE?82uArZ$>+vO_9&*ySxdqyyNJAYzrcD$r{Lzr<_XsrVfitdwXzvCQcYL z8XMqLGAja6Ee7ed!B#m*UFY@|k%}LQ|TtBnQSD89h?Inqw3+=n>xdj%nx3v4y=VwcSv81=UmF#tETzZ;Ix$J2LfY@J_sN1fZ- z9=~QxacROuT1_$CNT~oJ+2Q>?RKuY!{zN!nSeE=wh6PkxU`+hWVlp%TVWA?H*GfqC<5{dkJKJJq0QL414SN!@=Rj$%oVPx3AVrsu|W)n;q1mq9%`DF7-`K0Ov(lHfT&$`Ut8IWd;T$NZiAao<(& zcr&VI`jv!g^h#q=Pjzly%;1vsb0ZYeM+us{HzGX(VT>7g0oy%xp0+7CyHrT z!L1!B)I?f@52o^B0l_FaV{NRp)!eDF@E(BF>o&8xnw!PESmN-@u?I%Z;5bbsHi++TB?xWGp6w)KuuLtA=8po5su_}Yzq z^hzO11UAhPU;Sri%R%qxl!Td0m}awpmtYBw&`?LR;f$Ej?^N(=9cZ0Qz*bhLt<9nW znJmG|Q$MmrgwRiWr^iRf-;J_pPa+_Z6#Dpo{p(+W5J(jv!-87^GhT2iL#WWAe$0a^ zqP~zh$8!>b&>7V{W{XcbYGXcsZ+3p^XPNt-X`8o9ANBXY;b5>+$p5yvxw*Cda{qgd zX9ba7Zi4aCOveQiPlK_-RGED6)kf_vNO@FEbILcTV0 zZ%Sh>$en>arS(<;bfkQe(=(&R&R2a!m=%KID}ozmN9>1k5gnm@i z3yM-urbv|~w=lVuA8usBb`OV$>$%{rfAv>@{lD3T{6z?@@w zJLenPo8b`xtiwV${2ZwR)RY4Qp>sO2T!xiA!_mvW!lH3RLQLQ-)Dq?;wMy*{C2<;h zXm<<#B=fU$G9jN)x7W3gqO-58mb7hC8U#0pPo6MSbR*$q<8*$)qID>r@ILq`7#d>_ zLJl!H&t(-CQVD_sY2^iySG7(FLu=9oTS_p%j5EUCy3;wDAemTEG@`ji5k4H=ktCTx=xzI1HQ>~k5Uu3dO$}@A?a}~d zl(P3X)-ALq`dwz7)$Ss-{)~x*M3-_OyG-kR^sW&q_L>QXQr*honAjG7E2?p)L-%z5 zM;CQ3x)0w^#r<9geN_#7Sy58(}joVwjxYks1WZNZhy{f%X++Ol)qtLQS z2UNPlTN|-2fHvbl$1Hgy4qyp1p`zPMcu%!B;jlajUUCgpZjL>jTiYauGMxelIb^;8 z9}Dwhh_h#09W%YCjJ`AN+z>4%w~ zrg}i)yBN(32Xlwb#AO3+v!#V0Nr)6(mcQpi<#sa}Cz&7`E4s3$^ZjPR(z!duPU22^ zg|a9?Cw4Wi*jbgk;*nu=aEJbr(gYXo_~jmi>8IZt--u2W)@7;@RNiJr#vh4}g#O!| z2h{~i(uQohR228d2`gf_XB~}}N0eqLlh|0QDTz%U1;-Y8wbUZZnFl@flFK*#r(b}z z%SPA_DP**rkf&QxMLVj;udq{`q_NOxxKR|-C?>#W>u46jU3cty7RCo&XGQaeW$wDP zcXA{PG3R@isjAZbRiyh6VW#?vVHcSkR8!e%R_2vQUgUqz@z^MKM14E2Z-$BHbg7t|)YLx}%682I$!3UYRj}AD zVvdD9Dp(+hJ_<$&WuB>6>kg67$6E#qQHU zxV1{Thc)0#YV<qOci>H7wUPuR8Pl0Da=E@9l?XKnXA;ID${Fj?N-Xp`NB0hI!oJ`9XYzcA2k#f z{Nw*(Gk0@mx2dpzx~m6iSbuyG!!RHV{TyJX$8kebnf1DA!ETyVNPcVjZk4Q-lt~i$ z)P=Ru-9X*mDgQU8ZO?V%=vE5jx0VA7D2{>+)Gfx=>HaMJ3$&M4nZV>Rp^Ik3W>;Zj zVaCmr1J;pLMdlZ6reVa)EJIbISH@nHA$PUufEk6?q*wMTb~SmSJA*dmcC^YP+bcL! z7OUG+-9FjQu4=z>TU1r3+~M^j_ziaX6Ax+W-CosPdB+?3wLd0dpUvbRf-Gg|6YBOn zzSHJcK8aB;Y7_7e{r&GqHkJ>3qrl31@EPO?X|Zd|BdXoH;A4~7{k^)vHyh}caJ?M8 zt!ovBi)=5dox)cEZ$r-oLYab*e-kYi__oG<T%`#b-WnM)6 zGC^r1`*r+h?i^?^AL}u%XGS`<91*Ikr)Bx_tya>`e6h+yzy{-QK>8m6^wMNL*T_kU zwzpajPfLKB`*194SX1o$-g$p`{{4r8BE5Zgbaq}S_-^l;!*@2iTnCnLna&7$3v6Y6 z_vMWaFkJk&_wM6i5t7?mDQ8}`?E;Fj&c6Nd?%?pWG~&wmk$t15ZlSHy!?O<`Pxnhu zcgHlDH6X_t@uv*#$K#{_^YIW8>OcykHd9sAbhipOE#|M_;9Uk(CsH(H{b#F~zp@!U=V9;)B6lmtVO+i+dfhT(6uulm zf2JeI%1P=K18#oraWbP8wttCxj&88^H78%=NpCr|O)q=NsUNP4yvJ8bPdJIy6fOm< zMECc~{Wk;azuDPr3g({pzEsojALev!gSTSD%c`|~v3Gp@;e7A>2$H@mzsz$z{BGAf zm7S%Un`pIV%f@)6Q`s8X zG@n<+XO)1fWGglEbyhZDK{oX@uU}a5m2KRi&|Lbzfs(|CO>fbRIst(NfGjOV4dJsWK=xIz$*0zV zE2E65-mI!wP=~%M7bFw3Mq{)#bJ-90MwRXU!f4oCFTI|S0C(5d%gD_d?%m#I5Lc{( z62494a-n`dQ^`VhD$9cImWovC%`DdcmD6Bk-O8bL?F!$p`to;((Ky))qM6%>E$4w) za%_6&s->017%oB6maJ6?Yx~9Ir#5wPp-2s^Sq$5!fmFBG&u8MaK$$PlW~=H%6iWeVCmRebqU9(;k(}a377@_n1lj^RGu(vh6LNuf5mJPAtZ8;JV4j0aM-(H*@?teTz zI{){@-og8$~KC4HQr+DXDOf`j#D`UV+!rDT{2N~n? z6JT8l@6S)3cH7nVY@bo6V%bZDT~q}7$(QXzL9bYg?N(t)8mL`qE4i5OzP-p|=ARv& z{&;wL@$s~zXUU?2Hm$aTt8J?owI$h|;R2kCrrQ_I){S9*@7=p^_V#~x+$fd?y9j9I zi1IP#bF*jVIjXF;ak%(Vtx+rU0hfQ{Zedy3nM_=^uLa=4frTY$1ymW9t~8SbfL>Ku zk@FHV?uTf1U6!?QW2UnGiETLB*=v@85cB&uFq(E24i`3H0SGmfARh_98netXq}`iVSxeR& zvKnsWO4M3xTlt6z1xMfFN)+Cj*NGd~n#%Pu5S8#TsX362Y zwoXwqT56>wgI{6@A#`ze)W}$oI*+$;21O+uSXoTknOcIs6np6#`ZdLwf&Ye>;;eU!lm z*b-I=;Y)okCsS{hr$78)>&fhZhSPB?T~%v$wrWv%?My81OHd{LuI;9UP+LKh(ZKps zK2NKQ^tadw$}%;-r@ky?yeN_cCyMDWB0+U66uQ_5nPwMRZJU9G>ceBCfs1>z1!6!-tY$oYDXT z&vZpXe}rVJ5&pK5g~=PCy0CN|m7jwXClPfpGsi2jfq@Rgn32(K`=wo*nM(3xyr{Um zZ_pl+8V53-&!nZ!B9Xz%0*O?kn5V#rV3EX8wo19inA&meZk0>@)0GQ|o11}+8s zkASeG`*T6_pPT7wj1&%!Y^DdO>?$LfUx7gMso16X>-XNu4|*O*|Hpi0!)d!?po#u( zZ4V0ce|!7&OZ>lQc^*aoZN&W>u`(V;;~zv*(=tsvgSnk<)bjc@xl$xut!6`eXG{mhT>#vko80(xqXzjsB#`#ci&!9ao_;YH^l#b zbOZ2+Q~_O0TQ@%2M+|jIxNrmFce5IXwFrNO?(fmtj?J(kS3;R`tSJjb*_<%@t1`N? zWJN9+wB)?{EH*67W{f4zzzlt2D)NvQY$vzZP0N%jop*zWUo()U3Plhrpj!^CDyP0S zNUW;)+XBjvsAvzi%lqVuY2~l|l*JIJ8HWobqwq4EpdL;qHY3kE_r`}~qf{SiYEDU) z(jllhzalv@Co1?rSuOePJE&7-$<@Z0x_-#7%7ryDZEn@m5GO~z#j!e#1H-S{OXC3b z*wqC6Uvcr_x33U;NiQLDOw$DI4)mwF`x#zm?{c>liRJO`wnxK+uQu69?|anU^E@0S zBjiR=Ks-1K`rtvWTheXGb`pAp!(0=lsA+`6cO5EQmoK(xOcifsU%=KohdWFWoPRZngP1hKv#Zp;z3@E(6&!Tq28+ef=g6htaBx0k!4%y(*dEbpl(H~tjAZAb4 z<_p(G{?+VMz2|Lb_4HfGd&|y;#va#!wY$bk;pHG3$p|$+Q|=JMK3eVfddT?-^?Lok zBG&I_Wx6BhtBw2%BY=6nvF=8Hx~fr`ACR$ZdeH6IWq5ZR^?Z|B$qD)TNgVr4%2!$~ z&t;*o4F7MKck*%c+TI5m_5VAY1^$0$cXRiJ|9_6B);5|i+zG$S!?6Lkdi1D>9Z!AR zu$W61td5tsh`d_zBJ!$u5di^HNir@RcTA`h<;mkFyK-b7zNKmCb96$A8uV;2Pi#=U zMM<2hhz8QBN4O&ymQ_ID^u@{6uR_#aual8!{>9=*lDC_*ft%OjugT@=e1|nZz+a$s zg9U92m6G)cY()VLf;v}K?Dcx3i_8~oUA7ec*NKdm696^P|E-(`qv^#3^? z!FmCeFh%|rQ~C8a-T>=GD(^-S>uXYfpjXfzMzUmjiPYp@mftD`O23JLL4>^#m{Gwk zBCjb>FGb^uGyk5jgvK{zj{sW%QB^tF2?WmF#GAb{Fj|4ra&BacZF3GG8Fe{JVmHB4 z8M}kYUqz%OF}Q_PYW&pFkZ>EzjXyzd2oD&<8|xq<>RYpPXMnyb0SbyFbMh5T-VA$J zES*cid(KHvxz#%7a+uCHF2mq{+${*|yX(-u2qhONE68i+J&k$`X|sqDykz*D34A? z=$MAM#F8z|x=3M#Fr(R5t^Xm&)ywn5&ocBs9|fq_S{zVM|A&L^K{5aT&hCr<*Yi9r z15EvPSNcM1so#cf=f~CdzHh5#zx`WFwwDFutN+%LfqZXE$_a{3Dk3?X0t z3zR6dAD~^nkgxwokv23B<8e1Ldr+4GuDu!d(?A=Es^9|V>wK1y`uc6NsaRv*86G_b zD5Y<;@Yq`F)`XuaH@>{j(elH!rnRsnw$OGCwUo8kUf!$!ArQ_eOZEcdGSd#*c-a;* zvz^C76~%9Y1LS?by}S@Tk-`g&yh?;S>tj=j^e<-YpC`PcFWcA(fysryI4&`eRve z`8;=xGhWK{gNoUK+O2qNJH@;~l|wBqepHMlUS95X=Y}=DcwrZnqKwzZaV@lBi#d++ z@xk*De}8^{a&hwE^t{keIm=)T7?#+mZ7ey9_nt+0k{V;M7NOO)uN4rLmU6|JC?~~@ z+%XAALU3Wm5%OaijnJo6HwadL&V2(%qm!5{NPwsKka=z(%@@I-Bv)2N%s-_x0aG8? z=_9cEFbdl8MkyQ_q44|3JSu=GFjx>GB=cxu2Cc4P6SI(`Ikefslp0}g>rUZEgc*I) z^6ab$JzC&xD`0H8E*cR?<*e7oA+77{Q87u|Vx&4wX*(c|2&HP}HLfjG6>RFixwP{U z^1l!#*EGKBMR1(f$N-!CzqWUGivHi*yD##;XL$_$&swb%aJ}lgTn2)vaso0Z$x%3s zF%vON@7lb zJv52wTseGcfm}rWv*(bEwV=W|;gKSdP1oG4Qe}skGm0P#=Qk17e(gtkJ|w!-hXN}r zUOb5Tv@xEOT+)YLwixo0p&rYmob?tREv?lXZkM^y!UC{PdG*xWCcCN^ zE!r;n@I5VMIs8%x3w}1bg7ai0p)W+GKvWLZTwsHwtcc4G@5Af+kS7R?FpYp@c*r?z?$s8cDIZ1 zpLT|uFYzCq<#~Yq|A{QM{wR8XwanY={|hx9Y6qa2c|v=DqRCe~ZKb0v&_w@+L0Th! zUZ{F|t7O>5A@~TH^@DB+)-zNm&TP?KG0SEPd%X6n*7mcWHA~Tdab;UF`cI4aKZBD0 z*XHhv|JSoT#r-d*Sdo4eq2m=N-p4W_P+bC+tcKhyuuBY8OKwZ*!m?kmC^7Xi5*!GM zVJpn<0aX>?o2~>wpm`N$D{p+&H9~y7cX9-!_YLifvv+bN&qC&W?=sZ2-8}nJ($O`u z8K@?Eg%j0!b-gvyNh}Y*7$>d)MT;JxMlMLJSp$Dga414S3CyN$gBu zdiEuhHP!oLqJ63L_WRFK5veu%to3FrEr8w^;vcvS{~u0C_*pvSE^`TJ)c?LN#{bzG zzJBrldzNSEh&*yx^u%I_V*2@}r}M);CsU`v;($Q*R~=xRv$i~|aKPRUN1Nyh->{2cX^7v>Z{Yu<;b1UFBy_!mEb!Z*kLK>@3r2p$ zZ-;}aMh8DraGXst3c%kr>-xhtKkIthD7!leme1fGSekb^I(vJeZKyr}>-G$4%m_$kL_2-`P0jhe8L@6V17(WhZ=_vioXbPb%TC6rvuuK5 z9bZgHklXAF%ois|5={06~%#`;%{Jzi-KTbfTM-L;>K`NuJ_+9!kZAMHsjNolW=e0k^s0H zfZu$R&(q$bdUYTsYi;-Q$IvZwpL^E~K&gqGgyT1i7x#M$Oa6qFm{G<8f zWPk5O{yIK9zxd|p_~7E~@bt%{{X^sR>E2JO%D>Mp_P;;<@Zns(c>lxk2i4x*$AhEu zi=R%9&JVL5z7;*>JivNr)l&k?RrN;sdg&KYOn<>%f_?qQV?_TgVhie@KD`dF-Pqqd zIm#MP;mndBp?8RQ#=r7QnzS&_W{ST&I@!;^I5|2n<}wZU*hhxtK^dp~=v_VKZ}-BR zRX9oCkud#S{XLDM0MBulxPi>QT~&0#MAp=*?^Vv90@#B@iucsVB}*mi__E@eB?H8?s53+|-1gy25+Xl+Nn{C)A^eDW88td(#vg73WCq8{~_pmX>UJ) zN5-v=IA3-3UMtOs9+M9VJG4c0b543wp?n zh`fymQvPW*vmJ)`G#Tkv1&Wd-foE$D48;xYlG8cUgA@WW%ILT0-gZLEfBn3 z!px^`_h+<%x?R3NhzEJVlNm-HjWOCgIYLujFpsQHT^(wXbvIB~Tv}Pzz|^Pi6es-K zH9t`J9|2)Ww>0wHa<y)JWBP5V!=8=`&Hywlwo=DC~ z3*JkksvTPMmenPvOIsgB@pU@>1$+FO)PsA9-Nxkvdhl*lU#mYo~7u2ApuY8 zJ{su%U}vWo|7&x1_eKBrEYEFY?xqUYfByM_p8q&pJTrwCe(xV5_dh8%60H`!?@Zr2 zYZj}5*B#WkL*w0T9D1fS>Pz$TsD75;|I15&n)tunlKt1_;PuYS{(p|=_Rp93?#T(( z?@z3>bo}qL^Jm|oulnRT{D$_n=(6e&0>_xz;~lwLgzu|GHg~60v+&TZh+x8I!2bG|4XI) z(@z8a-x|Cw=KtH=+?YP=RYkF{erYDccbZaE(H#Fxu&JbwLb-1SP zI$8s}CTl^J_O&s_(^65L8sa#aK}sqI@Q%9vH*VmD9*(;vkd}TD?Gj!!u|{JGn*2L! zyS8d|VLWX0&Oi`<$}bJ9+_Cv}RJZD?TCCE{_ezqRM(kDFgsYPHbAsd04USIaP>dIK z(3|yYB5%}3_gW&J*P|nN*<*IewD-VHRj%7(>O;JMuH=p?HeV=0?D8E9>GhVfY$84p3{UP)V9mAx_RJEr#z%Ij%k&pK2{ej;Uw!08fbauam30Z9t|9sm1-zernIpSucZO06|eju{(JVCnrzo?0nr^>8mocjPiTlxMlgJAk4nSf#)h;y zRaHd&LMVgQn?cc?%3T>z-%2bNnct=wjl7T)H@_g`(yy-6sp)@M<&$S|I()Q8A3`O! zM4M}3YxhLm=+e%C&_yY$Re9etG|7Kozb@u~+TMNr zBL8`or*NO-llyJ#&ha&kuNo6T)x`;J!z}RLey6CxaT+>orXvRbFAfUop7Vdd$8M0! zx;j>18V7H?GAd(>Q9&5cnP@{rHuR{E-@aPAp5g@cdLnFWFUBmQA;bJl#7{@m>#0Dv z!vX&h6U@*My}C`~;2v#${r4fdL+dI=&M8GNL2FZxw3^e&{$$q9P;k zf5FMVh}*un=YjNpsZbD&{NH9-|M!yr?RlO@)BmEEXr+&1Cfs{?;D_Ji1dx#rY;g_5 zVfVYnGyshJ{BXkhi2dK%6}*Z68|)PAzjroY?0=r;`Mvi4qx{2v7c%e&hwi0^_SA0H z{9gNKwqkmD9{N0x{x4+;+Qk2Dm*Rizyxw~8|9O^YY5M;KSctw5zo&a1w*Q|r{=??Z zZc+ZX`Fit(|9h6_QS$#2>OYQwdkhUIY3#c*9Lyay>(3~?>W+{&s8UcAK49l7$zPeE zJdEyz zdGD_r3@zf@hSb-#eUf?`Zypml*PTpANRk`5lH{+)w3yHU$ELlH@nVT~JsKu12_b54 z5q$;QO0|dh1L&6~nAVj61@7-hl?4)aD(y9OdwkM`xW2LFtZ3GTN9S{wQ;ARAK8=$8 z*iBe}OhWjhyMekr2vjIf6`_yo{wymC>GONOkqo_i56$_T6R`Ca6%C!dz*OKMmLO>{<_Aim5O<6hIR1jUi01R(;bfIeLmJ};_R+-u?`#$0 zzwmc2=l^p&E9k^c5*&vNB@~HiM%ObOqH#(BpM+Bsx!#pK#mwofpz|4Fpko4$R5rsw zfTjT*3)>VDPB*~dJRu7VCi%vDH}pFzD8y5dS#m9k@q~QFzM!LjU3U=Qrig}6lY@jJ z9HW4Q*y%V2XBTG)jd5oM?bG?3hUmxrGvt$)b(|?l`tYv+zvGO5jr;JgdNG^!`9JC> zTZH|rp|R^-r4gEt0JF|l4!e#zUpZsfWLyyDca`EqqV)zM_bNt(;2RF{1K+%lDWH>*l1tB zMVq|XAZuZVx6tYQo2F>yF2t~XAN6_@8hh~bhNdxs2}=QC+3dIisnThXP7K6DTVfD? z*4eJ;tRBKGXD9)brhcio(R4a@=)~n$fW*vtT=CqY11yq*^G=$dJDtXC+2^iv*K7YQ zQ}!X{jhdZ1bg4WxE}O@HoX*EM=F=F0fpb&&%VA@qRro@eO*uv{vwlvfkFpHFXih>h zPv*hx&sxVAKUCyOE|ix^H4aQ3W&i=U<6 z;iNl4x2Vfmdk&;&>$-uu{8rE%p{>DSfbLP3gd`zuaDW5%<_vo@^jUX=b_W}%EA3pf zw_E(}#3ex*0Penhkw;T<|vMO%&Vp#!|X1h@)Pw`#!h3!)&a ztAMMk?ew}MwEcQ>1Bo}FfYz@j=5M}K#14uHg)WqvLltOu2xLlhf=*-=1a;sDVvI~f z6j7gy|qJMQlGz@Lo0oz3l?;Xj7{>rH=ay!{V6@pdmw5F;%H zY@AYFR2mC64C(S{a!iwx7&9E!Y_4+6JX}&PUA+YixMX6L2Dol(X>vVWW}va!R_;tj zTh@a3Z`E+=(0|K;mxGHFy7q8EaJFmUq!oySAq>&Td=1x|!Q=6z!amfjFGb2Y2MmDG z5dKz>70au(mjy0Ak2<u<8aH&vpHTbfuFICG9*JDV( zC4#2Ctvh8pfO6>*t6P7X{U|O_wYE?OfKC0EA&`a{60gv$)FXt0QpDrz9maus|4Kqg$pu#q)%V$b)9;3zbR zLJKgVF_O8@4E^PU0Ry;ZlqGusaT#v7FW+(8FmPXiDHBxRUuCF|6R*$PVfpfp!WRjr zd?J)(L>;d$3}hKP5>=X7N0;FK^H3I1!qtMVDtJt~y0!q-E^=e66`lS%dOZD7aD8cX zRl&vYc@2Dy#+T>eD8ataYt_Kje}pi`gzLPHH_YGyW{^(m!Qyb8fWmEQ;Bs)meySHP zl<>vtfN@O)T%WoisO;g-?mP-O?e^TD`xKj$6SosLnN>lY0SiR|g+N837)Lnt`JZ@! z;~N-*G!Bq5PzQZvc#;M}S*kvfaEd;8VkJuvu@Hps{d9)*-hHDxa9?xlfqrGf&T!(%@<|KDYJd(JWR!R-T<(T?fYR}Kni29O60wGbU z{G;G9Op==B@mv>e1KlI%QQ2R$kc{ss!!0e*Yk=!9_yVGE6q00Lb2Zh6DoG6HN9k@P zL!y+M9L}eLs|hC2&sm8ts{`#x;SyQ=te`BCWLJU2vRENr{5k4R`?Cm*=RGPvF~ zaUd2Zgs&~o%(@|&U{;a{J@#_v&9I*aIIfjwl!O{rZy3^5(Hc!=IOd29kuUUS54t`X za9IMtRjvDv3?p4Uk+yYwZLx&L82N7E=E^^c$t?zyt6`4L6;qT|L2H-M!n;H?Mwdn) zy32Kd3qCFXl;C3I*E+b)$gg?0G|s%hCG%4G%i-WV@+9+U#_20IDCW^ry`TKJ4}6el z!7`7J((KhlV!F)3Rhq{pd_5IhMtrGqdw1x>SXWYBFt1kCa@uu@UH_+;B=|$<;nsw# z3|HL+&wwlWF$>03DMEWB{W9U2kkAdtulD1p3a+eDvHayH)Xmso&H_gZuNTEM!NApa zksXEQ^_7lKD(`rA2rP_|iFK8dy5xU}39Tu-&WNGRA*D}lX3M|sjk7-SohWjFYp zLr{GxPEBF_!S78fG8rOaZ!Q?#gd#GJV!D8FO=vuKd7BR>#&yHt^zR+#r!URnoT;~P zq;g<0@bX|k0h&33xId%U;engDbq5%r8E~+Hd>XDM{BD3HwWHUZ?U<1Wxd{T3?leMo zU_|~TaMdV5?+`EA^LW`F0HgUJVVPf0h~A;gamsGSbm_}|C0te|Xfs@iJI$5996DP= zXL;+CO1P{_&}O*u3eh`s+3h~&I$Va!s`+e&E3XB8tgbT$SIyWAAOZQ^*cO-Ad z4?ZWBWpnoeka;KAU~s{NvZDN>=mZWI?dsm4Ll6()a6w`!?wAWVCPKa&xr|}BPbnLT z$6lkt1$f$g8`Bb}R)ot6(IlpG%c*0SXhPbog5*bdJNGJeLCd5Ngatz6vfY8 zu$ztX1jn4%_oq0-v72DulvueD=`V)P@O6I$hl_<9i*9?1Vb7y67G}0^_$0{3iAw_J zXjG|j^C1gGeY@+Bo7Y}K+Re4Ow8s#Zn!ybcKFV;h1Vu2ftiAo#)u!ZZuM~qPl-GBC zAM1OvG4~GI7Z+A7DMyl`s9~6iqib*HIAmaK+G=IFp)amgVD2eL+iI<4w_pL2@T;m; zB^s(8B_9wm3stYcbTD21@hYev4S%nPz$Lk~Cx>fa#W}43tqv~jPga2NvC@n~8FH-- zV|8$;kZn%_mShKmbV`~eivq3_QB>};fVzC6xd9EQLRhX`5>)v|%_BeHTFHs;w2^Zr z7BecNHMJjSF-@m4ltjV$!)U#f5+`IrYUOv;aOuj{@{c-xw4=v~4BB0-J+a|SRz@o1 zH+yopnhzRW`rSNQ-q_(45KT2BML&Y@JlDhQW&Yi+fOB6tw9I( z$eU23wL#X8Vfoy`pzEDd7^Q_s5X@C&k~A0K;YaG7lF{giE4r9ixxONB`&J zAtYrv-g|#|X1xHnI?!`)Wz16rgOOR~fq$ell)WZCMhv^LHv=h!!GnQsrSG%8@H1w8 z!-aK@NT_K|5!NcW&h`~seQAXYWEK3ZrW36NSFChy9+NnIi0HlwE}fw#G>PpU5|gaC zog8^BfrYZRZKHe?Tr{2%J)L*x$XDRdc)au zBU}?2WW&5e@930xZh*vVzCr{z3Tab_AY5ScA3(zz;qnRNE9wB&>m|BFdtO2oZX*1O z7nJw{Mf|&5Z{nha{Q`7LG1ZN5ftB?~BK#T|0LI@4M}7!5!b>tj!#p4$)Z`F_@SX*tapAb5hIBk~sB}G&X@17*tY|gsPNriLnI` zQxyd&A>0Xsad27B`O=^b<*D z=%>B&{qKcXS5nJs5(LPn$d%ueI%7k~md@TC9-bhQh;rZr;0A$lHRsne93mEA9Kmt0 zJKz^P8u|=wWzgzneqij1MCSqf5yxa=HDiMV5oF16D(qvfNQ9CAobSm*-D-JvS1Bh_ z5kVfr-&j`3QH5||+ARz!F#cKyF(FelcOz-ETBe^WFo8)&C270RrJL>e>R<%jMpBC1(b7uuA*MJn9!jX7!`WZl;%VROd6(`>MRj0!pu7$r5D%4ReuDL>D-Y zIaei)7?zMwEpR{-=z=%_dZeXVJCy0c$ZrY?&eUvZQXnJQf-Q(FkcMyq%y8{u;5=fK zCgz-qg%D$i?SkD$uRFn<>deKO+c=s);yf}T*xx8mkd3F6Gu4BsA|VsAL|CQ~bI=D4 z{54@>{<4henwv3uA`Hc82+}UK5L3oi;Zd^6kQ*?HBFcoGixWP8_Xh2~dj~%Sh$I9m zth;KxFbWvc(t7&^pe_HO3H{q&0BZUF3@$4jZX&}OJgw-kD&9&jSPA4~2yrWbA2q+$ zEwS8=$bkG)?TH-9w4$g=r+HkuMMAplUuXsQ~SRANJ1 z^$-q(B;-dNng|Sp%H+;NYHqv$tQP z@p$AK0J!w=SL@?1;9`*F37|X8@}lXxpOjOp%cl&_qpOJDMouiIjpP+81(7{N51W#> z4Ahk2LrFwy|A2ZRnTqspp^pfssE5XBf>}*oDu=`g2fM`rtPZnT8vAG&9i>nE&0v;3!@E0JIO6yP!zxDC8UxXcamc(`PQ)G8bu;0Xz{II7|Xfj?s}<+C@w z(R(m6-8cL}9wxpL&e*n0EA|ucr_9?&3aLa6Ml6hv3xx2I)X$RLp$d0Uwl`6QFH1%a zPNBR=0pZq1kZ1*0t!+aET!}lisXFe^V3a*j^oDHrzv#CdtJH4YmNYzvI@$ez9oYMB6 znQ*ND7suDyrI~(72m)&&tD?e%^1Vo}QFG1Z|0R> z_A4OeCr}=)S&~GL6r?D)l0bS#Sk_lLR@6A4-j%)uM>Jx5%A?f+C@X7}1)@_jita`U47`3r)lng@JvxUX zF{Q~x8V4iP{o7g;(}a37SZAYt|8Hxe`npccD)MYY2N!%nU9fa~5kYEf$aF2?=Y7j- zh)#hGQM^@x@va>n-n?k7oAoI3P-aM?6I6=d($UE1l|Pzkw`If-fWu7ey>R1xK*l-) ztyxaS^BYNt0kam$1-l&SpFMTgfY^}&;W|4wEMlE#^GL*u$YkM=3^T?MA>Tz4e2wPd zsbWT$@N;1&KVL!jRBSY?W8!jP-a zUsph@Ei7}6fj)^LQ1^}bU1ZMGpJdy-m61`mUj)M8sDZ+n%(ll8H_Ktaf==;dRLXMe z(YfKQ(chG%ry)*`{1H;W)nS>v$&8psh8zk$LR`f%f`GcH{$uxAMww3;jy=xYhY3K# zfA_OXet+(=1jiB=NREwJmrNc16k1!>6k=d>FZN0VqL~KN#hXx z@3Rlbaw38o*fNG$4N=ATY=7f2yt|EX=usd0V#?RBGj-5+IF3oO-r0jBvXM?)I&&Es zV;tsnZJZn9o6mC@-?4~H&<#zsv8;>6yW0{|(g+^^Cv^j+y}N{5PBn$YB)-YO^RY*T zbr1u=7~!0&kcTl93j{zNv>B2LU$!8}t2Q@fkYJXL# zUrDUAtPo8NaB_p*e>^+qi;{Ddt|#sif7|?4&c4|T$Ee;K8%V>---|5*4NEBU^W&3v z*!M}inQfhpS|ws35mt*b-tpfyzlF5b8eei_3RLkf{=TE`V3O89~5gMANxQSBA!fKjek%|?Y}M)?-VAmV5Ebxe{3haGXQ2tP4k z10f1@&SuC#`@&aMZN5TNlJUYmG$5{G!UMZwh9HQgmp1mL&xP-FI(sO_9-Yr|=nI_* zVTx;@q0tkHurbRU93?J_v7dU%>wBIC3E{k4&VP;Ls*`Vt&siGBLfgj4Occ`y$H5Jn zlQ@QPWbPkMr=xhpqU)K#%D55vQ5^9jv>0}-Na&9;SKQ7VCoVtX_}L{`MxjE`j9j*n zkc>(rkGYah>Iij*-HvMP>J2NL+9Pz=>mc;Wah#v^S(e`^+FhuAt5{sn^j--e^6JBP zN16CDfjBI-N5E5(7Knu4-;hq4E=?9@u~} z_FTTTOrJ4zz{uG_Q4HY~V2vS2KCiq9#9^cC^&t>z1_z|+=cln7@%Lhy3LS5#w5Miu~vQ^wCXoIw+uD_T1f zEG~`FH!;0tnXmZAqxDj!qN$N+CF_%L&WFZRM0`g^Iglph3FYsPd^F_z3h;-@FHKg5 z&)F?XkKk+0eH3p7qkbPQ4>QV=(VM}WLAe&k+nDbRwW>FG&neR#s`sVoH0tvGQLM+` z)zy(c+qpXGqfu{6Y4Ej_d-P=}6f|}j@gR_(EC?_5(qv}oF)OV1ak17%JFG@cg@t0x zlQMR!5Cb(foTbnVyFQMYtj0g@XJ1RL&E5D)5^-23=9YQyeg;kO3Q6M_R@=Ic?8As!7E7y`y5R7eGk5XB^fSKy6o$RQ5o2`nGAvotyA4xM2)`U`UHE^OKurRsy6QTP z)6IPd2o96lk3Zm>{I^Ap0GhMrig-9oCTqezNpc5|5eY{D&CBowQxs#F42C{3Fi$1P9rZFfv@jT{ zXQluvJrgTEg%y*N(z9g>&26=Mf`$lYg$1s61;10`kMxv_A}a`!WQOC8WC|{b7B8+K zn!Of%z2|)Ghj=Q;3}F{a*ql*YhC}}%#&Z(-I5yr(!%XjHgofg{m1o)opN(LFFXosr zcdAL20O1T{ba|%oEu%A;em{(Ob2MJzx6KoSx{h zBhIl8k^7$%cLXP|cyT@I5&9QQ{@2CPXCGiRN1+#_K2|JbyA?7jsj$r&CK0b3L=VBirqtT7!nE4HG!~Qscj_XYwiTVp zOl(JCg5!znVYIe?cC@aywT%k6X#ea8`7wdqBF@x7F-~HF7uh;eU47d7HH|U)0pFk> z;eb++HVtYa@?LXd0fp6YdvLYvd5rW#SDGmFTwZRy^|a+1Bw;{8Trxw5(@^!?u^^Sd z@)%KEgn+2fwBs@2aQaTDW;RNVAen?^FG*rDPLoUqrk0LE(Y`#z<~Mre>N*)xAD^V- zfUubu^eLWX&B(=iwdi><_L*Vkz-L-nyFNmV822(Gpgzodc0@PX zJ2dw(7z_rx+uQK}!C+AQ|6nlK{L65Auss-VZVrc=e;I6U4|lfyf(FllfRta<|1x-V zU&X=wL7vN~Bi2xTJ_kTCshe3k2pfA(+;k_>-@b_qgHg3vRM?<&&6wr8%6r(z!^G&j*poa6Y#zoiNqCYgj~~kK&l*1 zQZ_q@>1V0m1L-e1aPgdmXBbMU68cucoQ?oXZzp-Z0lO?AyXh=Uc($IEBWSb#4WZ0~ z`e@kyyMvw5{@;52`epw=$FqW@!cWOkCNwT>A*W-S)&6_${kxvXKPS(A+O&HNoz?lcsRC==sB@o|M=-OpS=b_EG>`bC~09OVMTxSJY zZYG9>u1DwdG$hGQUu|D;F~QjN$N2T`?(X(*_aFZlZvNvRn*-0AxUTDN4cs?7-tOxO zelzT6eXYD3_TCM5_`r^7f=5DAEw0#JK+`NQ;)Ybn_?YEV0OknIjT$bfdW2$7Ra;~0 zxr%FSy|YrNEl`(GB!>toAwYaXz{dy7)^Bf-^P||}ie|z4`+El+3FB9|{eVq@8=x4o zBqkt^XB(Xrv_>54C_rWC1-KH$X~;XliRa6K@=1hG9Ojq?C<@#V=VJIuI|^wrXF4P4 zcGh{X94xq*g;*${AxxoOAPn{8=y{DZ9DpUaSVc6zu`;>$JR18XoCY_1&h|}FP^U8u z=-3V9xtIjfz(5>Da^0TdDPc)`GeX^N2et_W6N_kwL2T$IeAA3EUjmuEpFkNO(0WIg z9-*%OTek%WC`1EQVH==zHTmTOOunGhzUHU~U5;UgU);r2* zOh;nqcCMXR- zO$~DIqIC>t%TM3wSPo)k$Wdrnx*~VI+gm*m_xC+0?A+e+b39_Mhwtwlw(uOOUUWdP zKDxaXyQM6X%KXfDE1Njh`I_tEK5MLk)xy>R}&gvyRnbl@FvUuuGavl5sprH_2K4gXW$H+ zp=efC&m4i>~k-=CkKoOO^S@KW`4 zKy@^87@;)M5`{p2FKJ8$*#8uMLu#d(D#<3)WqBhC0ak@(%*X#p`S)B1%Fu^4U63{_ z?Q3W@trFnO%8_qDF{#cGFgp+y{B!pTgM69B9h&nni~5aehtnp{0hcOq9;f z-f8b}g+4^$kb=XFA7COdyI>ipBpGT_jB7~P zLAg^8T14i#H$tC&=6wLuB{hrM*GFHWGJ+`j5Jm>>bc7agaq7u(!|c0^qd7vKx`oPJ z=+L9l4abIv8dlx2vMBEbWE{KkO>dmCn=#z0BnU%iYv>F+9iTT2$BfF@EsmSQQ6ohqS*GXN@$3Y&Ctdm}LTCVj%EL3a(F_^-yHpyl_7K9A?&})+zk|*?ZUSwry{Y;v8+3xgoND|1WF+BzTcX zU7}=?jTdc9fw&Qujg5`{Ge1{-LHMox_H*x5Fswf`+5e{-w%vCl7DOx-P7*Dk3aHut z9~|u+754vohx@qy-$>XZ*IFmn`t#3@wtysUwZ}2`UhiVP%W0F&$Bz)vAEZmC+9er% zVCC*8eJzUpFd2~ccVf4_R01sYO8;(ck>C8#^pTLbEc z2?z$Dzf^1MPD@7V!>w)g*xoTFoILXQKHxNWoz)#NZxWb$mR!o@S&FUayRw*e1H-Q! z`D@2YUA1pViV$))XlYobC;=Lp6aB7yzy<^6%6;Q2exnN@9~&=`C!~Gx$Akv$d~3}p zhR`cb?i&j>eqiw#A4hVl(*8@&=^b>sZQ`8Ki1z)!Pkbhvzfbzcg4_AYPxL<_ojyxw z!B8qw7elcE!64?`NY!8cCr|(d`6{JKt5lz?YD7q(-S!urU94Q$)0aw4Lhaa9 zl_-`R^fr!Mgn6hO5USE^9rp=nYwTRe$B(uO!B*y^YKRZyj|op8s!>0kScY;|XG?x;NH_}?FNQ*R9uB)xoR(Y-Aj48Lm zt8lsTz7ri7V!2st6U|rY`&E^%x(#R730i3OoNP_FOEviBG!0+<>pZ|IcaGAvfE}iOb zU`*ldFVxBma~Eg{LM$_x;<}@R$BIv8S>xx5u+m3qQjk?YU9lo+obEpKIm( z^6Moc=AOVoo&VqmY-k@kjkrj(m2%Ew-{sX=KGN0YdG;Wlgr_3AkuImX6Y}(0K0OVm zPvIWXOSz$*{re<}0ybu0LIXWB+EIU*hyHHSia9CpZ4;3S^=@l*2v zz6wo7@&O!&GVf>oNY4ZjO-5I6R}Q*PCiT8z%(ILiR2{OjF<%?Q+}ylWhhpj^OCJ;d ze0zIUv1_d?ci{$tHPL7P%>MPcOwr9u8}je)0z+dI~@n}V}2mTwDodiuHjoJ z-ZRRYJ3(n$T>DUGZfWg^HHEDb-QaRyD3oNH?kaxtW0CykC!?R$E2;OHA`W7~-2us* zdRWqw_P1PN&H<)6%AY|lpP2`M4$KXuMk*p?$j6T-GovMRn3Xp(IY=MKb_Id3^uFP= zT5s!Zwqq;Z?1Wf8I*o_c{mKsMbOwKT;fp8Fetvy(`|k2;JNFytPdk%1c=6=f)%END z`TgCm*Dv!?^d`DPJujBAUSHqlBY+^-k(0@bvczX9XdB3Zy{@s=%bVDe*vz_t$V_|`9sV+A$u2IT)Kz_F+MF#pniIxE{2N$gf!K0t$#WZ8<*a@ zXVaS3I`^#lRhKr%wByo_jFwAbM!gGLc=3~pJ7t+NY#v{P36lenAxJ7%)GN2IAV3|1PkaLyGpR^$U0*e%(smA!20D9j^7q2dgJA zcf?8ihSAs^`QgyA)rG|{nt}$zAe5EurRsL=QYtR^;d}Du*~RtkyB{xKUc7sC`pd<~ zazwDQdGhDqFMgjJO-*%>;%O;OD|YtV&Ff#U&n{j(c{cDvPj_u7^DgNm(}Ge++w|4J!ql%YGZ;%fk$~AOHWA2fIgM+#8XBOQwpDuZ!*`eU+ zv+8meUn$0~EA{N?v)h}NTD~x*2m);nuEM%cq zlnc4gR-o`vmP@l@pHObmC6lh&L^KwPvnxkrVM(>47P)x>YcWEld#Clu!nu>J<^?y$ zQg$;b&xD`n2&zGYn4>j)?}g+Aa6GA6S6K4=M~%!z)?c;uU;Dj-{i6L>_W=FBY$Q}{ zV%23d*ezOHY_)W3*!-(xzFKz_lDClkGL64VmD;d@)!G~NlbctSO1uv1s)}a#OvY6e zC0U0JQq5=k)TULRr&f&(tL%r%SXQO>OIp<2kcCyR+9YaO3#%E)tzuzSl*>M|gG&r^ z!z%J$Q;%SE^54O6(fTM(%t)Y=b~qtz620pp)a;kA+N zPyT3il_Nw|h8n{kJJRB2KT&#DZZ)Hy$`82sVR7-j21mtpn}vU?88Q{Fd0Zg*M^?X5 z?s8_EI$77ibCyo}B5g%9GdagR;VutO$nBXj*-(6zE0f`@S4HJC)wtSUv$kan^2OzrJ<&i@2#U zb0yAoxtfKzfz5H?3(dS-z|gqyI&BxA(L!CVC)Y=9;m|L>^(*-Y3XS2RgjtUQ~kk4zp%EF}GjA9#K^BoTG*>5z%k3w(-%5+fD_WEk+i znxZulJ)nvIz!Xa|drm{IwM9ZUR6c#5DPkn^lwrYtY&+z27)%wDS``V{)PWx|r{$dA zyt_$w%)pcNc+5lckFy)%`LSp@LqFMt|El7*oc_P!UHGqgFdFX4|Cm3;L%5qI)Ti$K zBvRH4t>=z-j9Sl~KD}=}capLEH;?^c>-qn+w#Ywd?DL5rm**FvC0Fc!GB;^CzQ^dU ziXQWSwwwpya*yr)J7~U}jQ{J4)AL_0oUylL9yRwr_x6tq@_+C6;28bCY$R-zc`2<^ z;}cRN;QCZBkMJ;k{KmM@tz^C#&$A|y#uSJYta6?MtI!3oDyhp}9ui9ao?f;w9v*?s z3EXQz-V`e~x3Id?CoyBY!%-)a6W*?w`F4v*0U1;~{w|eGIgO^F>) z_7yW5IRJ*SjJhL(#K|hHTr8)4lbu#ek+&-5O~+1Y3)&FHiEj78^`)NI}h;7U-pKts%U$`H!kb7gL?V*opDKY zS5sX%V)!JntQD2{wlHW7*c_9)@-@P{?N;m7Mlgh)nRj9frEjJ@nofEHIc#;;c{7(D zQ#nHCz5#SqDN8tjzuk%8#{ck+KhguApW-H{Isp(!8q zxPT!l)3COWCKa0(lZ`=rERrKWD1Z!A+g#ndR3E+5jy(UOuN(gL(HC~7XrmK1U-S1m8Cw=RN8MycNb?*Zr-Ph=*`?0v-C1g3D% zY`|qDcuP&os%PXol+s10ewV}(cBeaT-VsLrL*#^(oID^a2J5CvBN(ZCkj?k0^3ZM_ zZK*_jXj8jUstXk9VPMmB3^pbQ)lrn-qTJHaSQgiODS$tzY+)Qug2b2OI}^b)CPB!? z47rzsga~^X2C$Rt6@l*pT3l@(Kajg0_K$uj)@l?7cyeJu+I zk#G_-wSw#MB=mx=#@L;ns_x*ARIZR2+=0zjp%gg{vW#^Rs#T?QYbAy3XqiF}Muna+ zcZP%+OL9#zwSeh&ZvOKw-OEC)M&2oi8hRSaBn<09&Y)VzamZ~U$A(CrdKiyEj9B@e zUR};_t_oSEK_kuK^vusr-`S9PoLUm2o>j6>Z!>rtr62;$k1y1n7UmHuyLfh;goaWu zvo1T|X)=q;BcBOHlLE|L$^ueXP2lE~oZv%pq3?&7WG6zQkgNgZq;gBfor7rpVCG1W zTN0L3j@34A3v*yK1=gQ7gr{vwCkhkG{tpvLcC)c|%u$D>Z`9{s>` zY3#v1le%&%`rIL{)(vBsN-onjuR$r7CAJM;j;W0(?0`qmEUCsxe*rluIGK?5=c2A zIlmhCG^`wIVKWNiPQV^mkeXtQ_*gS$3)5WYEUap}xr}s`=cYOx5H~NHhro z<7f49@QNo_F%y8qf?TgAL2#oSH3B?!E47+y!|xsWen;J9gqoIhD;ZlHwq_Me1L!(# zE8DAb&9m$CyQd?^5wsrO?iF zaQ%rNBpp9&Z9z(&FI@h>;wc$0noQy)7Mv|zBIb3VG;)d220y;sAAu4*_SNlGlZ~mJ z{1+T_5|Jn_;FJs}G^Sy~m~dJ$ZIfya)~jxmwoE-wNKZEWOHd>Z2=zQ)ov6soA))aQ z&Lu?NT(P2OY}q@36VmCZ3_HVr`B8_3F89DDsnZGgup@UpJA@^!BU>{F)JBTyQ)3zr z^GYrvtGmR4ZlADt+!ecS;CIq0Ib*NI-X}3Vjfa};Yxwj<1aUS5Wiu$5+^6n6 zfZSa^j%ebmPay}&RF1$i6Is)Rl|`mZGvL(w8x3ga%AYm6+7=FhO6^WW!pEs4?#EWE z;!brd?o%*Mg#n~Sj#kzFCumTw|8{zoU9^!?5B#bp2!+m9!;X@eD}1+cGXpwiISAwr zq(j8LA4TckkdXYVL;911hy=ze2Xlg)FIKhR=KQG5?!_)# z3QBe-g2ls$@3CEV_BA!vgE~4%7$D9l83$F9N+u}CFQEldC5IH23Hc~n60B*c;JQPD z_eVVBv5BSUrmd}1rRIa}8TW|sa6y#pFhimtMC@wk8uEji zLzs?!*4o-?MMXCo6>DU<xHwUx#RdFpZZUat7+H@K8JQIXXPtKgfAONgoaJapZt_ z#XY94w!kogJ}HDh48a{hgRd+nla88AtQ+J$4|iLI8|NP($J4>U59Q$1#sJIaoAxf( zHon?biNH)9f=xHo`K1N8EgZ6}Eo*?2cWCHYx6^l9x!dgWBX5z@Y|tA{fae($xs+r* zIl-J3=Uv%&P)<1w#y*Fh5>O#tX?Y8_8~_1NT3b?J$wx8!!Mf_HRWF`|9U6g@4;8Ui zL9f3n3wZ8}cmle&zfHU$OLQs8=>zoxIKy^%puYahT_^e5G&K{Ek~}rE9r#SP%5xJ(rhAcua?~X1SJspn>l-Xxazasoe4>&HGcLNkZL` z-9cJg$}$I>Do^@MC9mzcsIo05osRXB*-x6mpNf~QEK;R#u?04-M+XFU$IMfsOQ$NA zpS0~xWU(@vDK+Dm+o*8NtOgY9%FHgWG%~Z^rVMY@J90d36+}5XQKj&GWe1iTMx`;O z6jeg?tJiIp4j-YWqW@V{5_T~Qm zBsY%-Du|R1Gts53>)uYUpUKzpr%~0<5`3VRO2#s-PcqMZVf2BBh33U8@y`t7h|z)! zrTSdh{5MSKu~BegEpP%7k8(`xbz%reD2~KUfncKBGog>=OEGd^dRQ`5b+GoUCGsqi zH>?kdFWb;fp6@{%GU$SPm_J>lxQP)(hJ!!VP^WaY$6Od)A|WCL_l+0jr*U(SmX|W* z*g+I`+ZS=HU)PnJzKS6}>1&{(=yv z(*JP1LoI<$6Yoa`Hwe5i*JsnaKJ<8d{C<1&@<^#3kZ1o=seD? zz)ZB-Iwv*$=3;Nql7uMFuBt9T44A8QhDcXZ$NsvFE8hQ1l)q9yuk2G!5aIv_qI*>4E110CjJuMEobO# zL~pUT&h9-Slgqrh4%(NRa^=9RYx7u@YHmjv#c>=5sC4>CLzRpsSF|t97T&qhTph*m z;FD0z_n`8l=Lm@kBXM*MRIE{fghlI| zwK>B8om|VmV3M6sNt3wFZoZF1qX)4IJzIO>x}6sOi)E-8Q?s=^Ha)AS#7B#2v0Qdl z5mM)Z*XXJTK~uL2k48Cg;$nbmaT5*sp>pJsap2V}B5X)2;bA&39qNY+06s^f(KbgK zOPWtb_ub1y-t9TYh;!w>=2UgvOrg%tW>6NRd%*)Es;#!?H!t2L5^%1d6t$VOjYD~p zLrlP2I-a%#W)n3NI2Tz5@x(SJsLzBC+l)ZAZXDZK9-t#I8&D#`Rw7jAoi$8mj zzvr6tTBY53j79Zm`D!B$|0z#pu|JB26ZfnZqiO3T>-@wcHyd{IqMSYp+O7J)J6-i;8D^_LD$JwoJiG1Qkwq+e2 zZs}tZc*$ehxiJL4%(c5m6^f;-Cb^ZHx5g?n))2$Yp+T#=o^@DAe~wja#4g>k6*Sm% zZ=q|g>C@lH;c#B;nQ89aUC8U;KqHz;s^ae^=^dwg+lgXX8PyGa3+;nMRJqJ?4>?*k z_qGU`KL2ps9c^ZcSf+D7L?e!aa)mU{QaQvxKGe?|d}O zXJ7j&h$~CLd7}j?V$;Y)8A!Lh*F{1|$+$8mY!J-RI$R)i|A^ysfT#ID$5II1#(C1T z;D@j(*{6$Xjscn)_54o{*9Chlkl;^-?)PJsl-$$1i96VC^k2SOkadvGcgguMhI$=) zNGamq2GS?STBF(WGCdX&lfZ;@Mcq%aDh_cPvWklW{eZG;@-u-8tTcpex^Lqz!REXl z1ksA01PYjXMk(J@w0>!|>*JS*3_|>P-q(wb&z>BZB1AGWwTTVUFm{XO)loK9cW=x` z9$i?ji3!*ebrE4VKfrgqPBPfJd~q>?{I*mijl(x}S~l1mez1AfbUeL2+XDUhr4^n@ zbM*t*CiB9!^FFdvDqtF#0m&ZXK`5yNc8`9+jms#oFDlq-ZVHl}I zOkBjDpiO;z;KvIwA&Igam^+}R^JRqCo$=$Mucdrey79skd8mXo9!p!WM;0q5e^@D3 znzj;FaO|-%r^NFnj7zRpo?;`*)Wk@Dm$+GZnl0xzmSCz3MWpuyTn^eJ z>2q&?{3_6K*}*MiMwk<#9aOgr3e}SUrupW2EkGyjeDVKA2Zwio5GjaoWe(4Y9<$_{UepGK7&u=lTkFK@hO_JHgOOOs6iqskYD2fP0w6u ztcG--f6_a7KB|qGbNjPi1B=@@nrCE{i}+n6#Zew)D&e_{qSjXbnyCxW-(5&2<&0{# z*)#;-Za?hxRhG-c!N6{Eu(;80^PqAlLpokGGLI(MY1D3WOkM3+JVTh1z=z2*V-DQp z%b)|y^#ZPurX_WTFW^b^02PxYx7`nuB&O5E`~0yjZz(w{E5%%#KiE(D(sL(FF-IH> z#1C-?d!ai_E^IIVDB59Jn!!E0+u?b9Wv|OX`$}%Gxxd~5Tr8D3gg?@7TyMYRpZsm} z5$j%Sw^jx%F3M3jyA^7kWP?Q*3qvA1ZAZvm&OXCI<6-d>1k68CJ7ONChT8Wo%D z2_$Pl@s@LE-7B$Ds$Qt>B_aH+UnXm_lH;%rSzEu9`9f=#PAk!zwqdIs5yQ?2OKuwkBYD32e8oH{5#t1cs; zy=vrc<1JD+b;%P~V)Y{@7xvY9MEsXpMDZyAs#3`)hW=Lwu&OW$0PXy9fHlQn-7Jb8 zE~A~77j7N$^<(i^kg||U)5GVP=Jf~lMV~rYw`_6Ln!v0>1~o#eEb%cmta%Ck7OLID zO)9Smlm z>=Axa-%~Os-v6<8vS{Kg5~VoNC*NfFbjV6foGU=c9Q#sT<69iIcjPx8BE{(O|*A@owm)#r->Acqe!mHiptb<;eiMmj9^TTOi? zzdUrhYi&M*9=oC+3UFZJXHIV+A&Xjw(hiTnXC*?AaGNPPw=WX~MX&;N{2k5ijypUS zlAjh10k_4ITR?L&q;u>Z;cdDm z2QeEiQ5~5#W_M$1m441{r1w!TN&{(90wKR!$JB_JCu~7)k9EIw>`MUeaFSHBDc{7B zPUVLE{E=v5N0D*EQ8JBod&x^RsEnVnT;tp z21j_766F&84O=^TmYe$Yy}-zeEE}i*C)F*$$^ZQhl#G;S04-%+Y%^Ior-P%NaW7iW zTwOdJA;3uj2xhY(2E9f#;)HDHpzAWV3E=SZ2h@ngAXs~p%-{o+ct_xE&Bli=!LhWP zhpr!k^E~7Nq&bV}?Rn1NZ>rZnkbHSj{`z&N&vk4;H+ldMndw8Bdqjjb%zZA@<|!Pc z*=IS=&**|?+dw0{XFHUnXGHU8ZUhKQ9YU^3IDx`+6u-BAHMKTE!h3kh0M16@RHEQG zmWyau%a_J`U>BfW@&}R-GgnLQ!@)|tevKM}UVBS&B+Msp6q+Lhr!T5gdA!`0-H*uD z^DgfJ*n@~zufW0)1Lr8C_8AES=7pO#gqe*rx`P1tm{Wm{6{@G3s?*d^ug)3{UI!iL zP4h5>0J_%?E`gUwT#}L|oS}IYH2c=S$C!$bLBVa>0d!j|i<+IhxNkh+30~vOeie7=6a8OF>77 z67fZckY=&wH5_4dpuW9(u;G!6HrTai$5$xawME>pRp4V^DDqk#U82~nl6|LktavzC zW`f*j(lfYKxTxN~iS;An!Hz6-2Eusct+V&|cby7?H%7gN9Y!4;U2-{H;+7F<=}_gS z$dLDfp6@<0p<=DCD%E~cdBC3au-+$2%0I!c!dKp1G!G>|LD7#e{oS|d)xIygk8Y*& ziY~jW2?UKq$F!^}e(+SVpY4)es7q@nBsocPXJ}HrCWuWJ^4?&IAx-MSz?C*GPV%-p z51r$VWmgu7FoV{(#|l)qij|NJ$`})G90@}`#2CIXe0@T(zN&4E1|iO05uBc!6rqpNwg61=J`Y2W5AQ?8cPw zrjsWW=@KN_9UjI%BxyOY;c1MH;iKKG1eFyW4l88?}X{npSSqbQwZV zTaxjhz(oPaM+bbtI(j~JZH8X7Qr9eOPgW{p8s<=U+~(|ELxcHbke|?nCFXh)ybWF+ zp!>d{G|Xm9u?0t45PM%QAR*q1{zTBaLY_N8QC)YR5=dx-Jy@EJOc;spZ9#{5mH{VQcBj6@y2v|mP_1Vo;?l=gS z<0<^b2$zKd4G5$7=wCkaeqRuY_F&SnLDOiDNsuUy=!dud_f|H>!`@kC=eO~DCBoxw z?SnSNavKaY(zf_^TYXKNRgb23lu;7L_Q+C4Bg(EFU%^Yayy(7fpJwb&$W`bP90AGQ z(yfHgYtW`t&Vb|%ORS!aGF&}K6mxpHGq)e3{4&A!IzNJl(Jy_ckJtD(9IQU1!c2Rk zZBNG==ILTAgD?p9Fbsjr6rJC*pJ0B*ETGKi%FPP8Rt_G#dOsG}rxJ#QL-FG_hBwUh z!6)C78KPTaRGJnyH-7f>iPs$WF5=~2$Njz~s};xalUMi@rbc_Y>(L^tpHoTZ;R~2d znNV`})}DD9U=igrkH9}uKGj>LAmtxb+HM4_r~;% zqb^0}WYZ``Q*nn|;Eu0PU`GOam5VpYsjYI_(;UWYQd*ofY*yo7$?Z=*ic`+v>ankSg8#FU-PpW|C169|aisLXELW$mew6yYy<@3%*3g?9_fwg6f4L!7K)s09H?Ms- z9R;pkZ+N|JJdfiFsz|t}j)I!PXYd#nLRB&(Dr)=tp}TzZ#H6=vZ~Ix`eZ5$To@S-= z1nR#l%LMkrNeLD;L5KB_T)exQ zW;(4v_+UzAdnlq_`U(Es8*apMSnDI~GuZU75)sN$F7v)kC`U~=KK#x*LGtoM^Aui* zxVm$)(7K~KBAzj2cum0@xpInY!~S(Er~wxIDtMvZ=U zh0~z_&f8CY7Ht|&gD020#i@{XG81kBi!9ncTVQ;X(7chRpc)K1r{Gk_Qf~KOvM}4N zo9#(VvPe8;LXcp?VPu4<}5fau9k!Y*B-3DrGVG*|=B@119rOI3hIOOdQ&)$>b3|RDUDU&kD zR`>_MM`}?Y^~`jew;z*iZC$$QlUww@yuCU*$dJLj;{SLR*D1SAEMh}TceoW&cKyr8$(&Pi2;vC>W`YBjWu>`4(m z3dFTaHF3JFQK3^*-`)=Y=+4Rs(az9rhuYjRulW+Ivxf$d<++Rdi#zfs4$sOlvrPnGdmm$8B@HMe z?p_C!&5lw&v?xuI_}D?*`uQQ&BYu1jBKVg5fkVcu_XH7Hx1r_=K~*starl-wdo<6eOrdCs}gC_aJJ#k&M~79AzyR^>ZD319nMo`erW1<@6a6^^DpUp&;Uk_I2xF)!cBLvRM<2{JG zCWNKYUgBEO2N+?@PnqnidJMLtV|uN>KI!{Bjc6h1$<*`0anO%^^b5hdP2`S%o3ta5 zYNSjq8~IXSm8^R*ex(3K3qM~JO2dkNe;z-zHciIqbIJ99E~Ac6NDK7&ZcZoBtqG(E zPiCueck-Jdl03cBL4*VBW0ry4%u}|kafi$@i0?Efpvua(m5^f1^N6LG94 z@ATadf{XG-j5Y9_#JcGV2 z)NaZ$@Gmp!c)QOY);BkKxs?m)HhWLjdtR=X|ZKlpq}*f*187jX1K7cb>$ z$hG)dA_o_pmzchY5i8SWC}`wl%Aj`YSd0_>n%c%OosDw$6^nx0y*xc zFj=wB0#Vy(hIo4^lW3-)(}M()P{gs<`7K34uP=HYk+fko{;2*NB$ibKoOWcXXYt`Z z73Xt@>CC2v9*DQZ5%4HMoL@x?q;r=(p$BBaS+@}TmA-6$!LhS3`Q)aZIJZO_%a}GH zQEkgJiGE`0+l@7u$o0J)Jt598pACy*9?zP#`MY=Hi9A+_Uun~g+w}QoVeBvBLh<>M z!jh;3X06m0JnU!?GJ^2kU2FY*SyzD{np6>5&YM-FclWTNyEZ<1G(7STbl%L0x7+6 zPv(57kaOld+u0YRTi+=Vj#rWi_F8x1I#=O|=qBrTSsWqKseZq-;HZs0+(6_<;eDsR zgP@%!(MqIrol5RowcKQFmK@{LU|OA=H2k=-VChnW$2wWbIb2K(5F&jC?S-11^yKi-I4t824*x+b6>wA*mzPyw1bJs=t ztpzrf5o1X-{6$yKLkBf$G?}M$b6i_`MH0yEOQ~#MO1w-u{9LY$Azg~VWxCQx_HETpFd*b9Y%`@Z zgE~z$-1t!g)${<^rOF4W=@h&Irg3w(TeUfjY|D8qj(~$>qPPR#+G7W>CN&6-X{}7U zTQxN-bixbrL-?raxTGwcV^4H-m6&4M-FI~KLryfBpA)X%hD6md$2xa%ZjMBt+)umm zOZ0$Un^tjSBM)`anNPK7#k2DJKzCggYMHPpf3dIiBecv_m?^@k+K0zSN1DYh_J*F( z&^VPY?d6L)+7{h8V{tfcTxR7Ye7W_VJ0`4sYkI?(h_E8XF^VlVYFD15eKz;HFM~@CjaDt(j^GfA%L{yG z^Ja;E9={@s6gcW_ttFP!+$jz;7cToMSu?5XZ*F$JnO1O}QAmILoYQC$ZIQ`Q1H@vOH4BnDlG$6bDeY1zc-QsObGY{(Lg?cbQY z&xb7_B7d(c{>YFJ$G6i>C`Glv_(O~AgJNn$_ZNXE#1ot!MVWbMQG3`MC3__a zV_)ZR!GdgSO7E6j=?v3*1gFi`4lC*J>|wO;MDH~(PHKcRrkr{sGcqnE z*-2-g$G+NP>BdNs|6mhVMw)6*WeQtfRk7@>!q&kg;~sTw=7MknA%RR6RS@_tW7`m4 zWH(JGciT}bPIb#~p-ebJLO4%kn{Cd&Fc8)ed1u_9IUqCqk=nB}rnxkX7zN)aGbdj1Zy|T!ZRe>a|W%t6{}TE zZ~PQT&|6-|+Y-6;QWdULdyadP-kCIj! z=h0n3@l1P{v!|n@qwkJ)0*Kr_1n$eGofaQv#~iurUI!eFp89w#&kvo=xzFx59T4;f zHLoG@5VvqW&gnwE>0%K(J`KY}sW)2=&C#T^?q_0~gdb3(*^g_vlD68`^`xlL((;p#-jm4i5Gbe`<|EF>^^$)OY-^}kY)w-okiSZ`xDo}S1 zVAIkZx`|6;UnA-BmM9$3`YdtQ2^~d`SljfG7HnU^^kJNs|16x*I0ic+S;=GlgT;|v zb`axZ;t@9pn&|x{oQUVyEcjfmK1|HF;b2`%jJGbVaK%NoO$R^a9-JFQiGr|{ThlA! zz7;d~?e3E{QS5p4-b=|DeZqy^YrdS!cWAe%QmS@bkGjK53US|XIo|vEVR1SIyl?&9 z9%#SwWNW-%wUXF#@l5R(S&$2Uf!}e=0%`*>I_AiYmRn3j10z?&MCR0cof( z@!#!>k(Q{l-w@f$kOd1{Zlu8%?1UHd1wzLDBmH4gd= zO4k>uS{o^rlR+iv`~wP+D}Kr&Od9P_0av!e{G8V^NwPehnfcvGpEL5@;@l6y1Mi#d z;vShRGC$do-_A7S`dVc|r6$d>dQCSN!gr?xUcI!Yz4I+jLK~BNI4k{l;7*MvI5D?K zxyx|!%CqjBh>eXdX8VG~0j1JfSVG}3%MCHF3CDFyOf96HH4Vx&GkW4mLyJZreQEEo zXd!8%xAd&u#b>L*tSoGoJCR{!OdhTDVcPq39Xwzm+^IDle7}Pzt?{&9H|xl!7o!kW zEtr<*0z-__XlhzrgQ1O=R*GCb>Sk3wOQT1M36t>QsAKL$1{L!1x9X6NQG z5(Wz4Si~-=ofALaw(t3w>z5VF)p2M$XW;nxi1dNXd@IxsTmswWL_PM|2aml4a!#wp z)4rG!U8yuY;WKO9zR;vku(gQ8TXzzp=kU)KEybzvGxkHDDM_prt*plP;wLCxgX;+R zm|Pq!Ka8h%@n*cCc~u+WV69F(MH(7W(R=1?*$P?kz<#=qE^`GW&M*H5qXITK%_AV- zFG2-GLb=#!<}p=|6c6Xl+b)zp*iM&$fm!4`k<2L#?)uf<9_58xCLvakjBLsTX!sp~~g&Z=LW6@{y+qCO# zJ-clkA8r^C_FZfwjkeqv34U^JsWyGy`Ax}wS-tEOE_meTg*IaqFy`Qn_|+zv(~MP7 zHHaT;co}x4%Bf&j&fBo4&6wLO?uW0`nzT+zREo)9ePluFt=zW<$Y&~&v8r)m%d*%( zED*>gT(D97_MUoEQiFPZMK0qkTHGo$GYT39duPkjWM#3!5dr*$e={sCHz_Ofc?R?;2 z%a>U9_FDM1tMe*fw-Qt0X!exeu48}hOpNL4>WNdXl2-IUV zT|xO|hA)#a?4ziP$RH|7?iXw;YYZnsmeL-M_YCB(Y_qDBBXP`&wAHloi;>^f?oo4; z;--wcE(fALEnlFk3EZNM8Mf)!V^7hce4jq+P{Fp!Fu9T(4d6rrC?4*k4^`hTw(Ebr zU#34zL%T+Ir-Gf)P%aG>E~dv0-g=5}40q9!h}mKG>>Iw^6?FletMg`eby)_d2&X4J z_)C);{%M;_uH5n#8`oLASxoY?ZnH-u)Cd?0jIQU7B)8atU_OZC9cC^ZS3cXVLA z?Oi7%D{4VP{NhO%3Y%=sHGaOcncR`_=#9G4dI=icbyU5Xsx)UzzS|g3kUjXxiV#nk zJZKw8GM**qT6AM9#G4jOvQ$ z-UsziC>H~_k2dZnCy0vafLXkn8CYB`etY(lD`skt9{l)@64%hzh}`M3U2{$^WUGmI zdm+BNYl-LZD^$J+cr)~&w*$gt&mj5klAXj-?Y~LTbwKN(ku-{7>xM(8Fp4u&O+$Vg@+Tz%HTfm=OR>I-h48c_#1obG%u(no zoH1?!`(g+=V$q}65pv)5jTMh+zw-{hP1*r# zO}XphN6Bgsmb>ZgIJq~Tb7e{Q%YzhlE%(dw%g2YXw`D$kf{?}lu+PAg0pnDdi8t}7 zBBc(*B{NAQT{ragG*~CZMU9*uM5mkvr%2|Oq3Uq`H*0uA`5`igj!~+WePxc-EgX}~ zB8W)Lpc1QW4YybFlD4ALy?Apfl?#Q2Invk1C^LLsnaljAsR~mINRs1ga{=5AQkG&x z)K;-O2!zyv>15-MYNwe*!5bU`c#tApCS0h)8Mv_91(D220#9o!2H#y}>y>^19L{5~ zrzznB?l&AU_()@R%y5s-PS^Ve-y;#2ZVpMKjUiU(yn9X8Y-{sTXh|8l_dd2`^A{7A4#(e!jJ_{r-h z&Kt&O8FZ(K$a4tx`lXgdY%CsS{4C5S{^ZYP+N85}V)fJC(R}x{{%pn(M+X%ylhyZ5 znXX_N8xEe5S&tv;3EE_4;$B+{=SF{Kw!1dDD|Zmm4lN;t2je!Pvo3{Fu9nOhep$RH z&LJF{v$OphB|`ZCriXX~|KawJZLQg{ikUY|6RDAgWTEhNN zJDX++&}07xyH1UZhLl?43@-}cJtp;xiEuZ=O}E6rhCS!jwrxh>pxam2zxWaMY!3hb z_z^yeW!Sx+-Rm%XA!B_!Hg~1y)aXo&Ju6PR(U)e1J6(J1-Q<~XQw*XLdrX^534%h_ zuIoo9lo6>@TlcaW5z9njdbG2?w?W@c{XguX7pM44E2 zd2)4en;Wdvc-^4TEtSpD8-Tuv-;l|4-P_*YzHq}5Y?CAx-}K`^{^UZ#sXn;$`TBIM zyYt2Dp^Oy0?rlTCkesDf^SxoWRyFd* zkKLEt+e9XU*ii~LG#0vbMM}l$>|O$y1@F823f*>xWv6G|cS9rl1##R(>LXCB;gN|< z>RD;8kT!92n0E_ggpJZU8|{U0;*@zTB9kf0a7dq{sqNXTE8`4*wPIte$n&04tP6#iA2I)zWrC&PG>-=9IgrkS1xB1y4;S#+ZOzoGtB8 zDOuGkRg;aqsDg;WNF#QR(Okhn2uHQqB0A56zQ~lUHppK^fk7zEL(g7a1Zug5Q6vlH z;bfQth%Umef!flZvY9%i=q$J>Yu=JLu2nu)qy+|-GP_D;IK1ljX)*VNHR1+ zHFV8*Si|sAVlAooiz8xQHF3e0T5}W<6+g|pbo;6#Uk3eqCF&;j3P>MOaf!WOUcbE2 zjggqNR`C~8itPl-h0S)PdOjtJmq?)jboI=5!|p1|vPz+a5H`z~@iD-Ka`tio#$(Hk z)@I1349K;@^@GD!4oqYgBWQ)g?9(PYJonF>2~HF}n@sEawe?ylw}UEY2rT+TA_sDB zu!ies`5h!#b3L|_(4{55w>PIYRY`r{+R_VFR~BW>S$CWTQ7&La%YYF`TCHPozJt#A zzZ6p@HYz5}Hftp)Rg0sn z0(bm-Aa<;pUThgm9NH1nJ<{kN3=|2_8e$uAP@YGrYr`B$)7CgLi74HZ-Zv{=Y$9;* zOr{?nt&6haX^fcfRM&|2K9`8&4PL=1S|x?_)ClPYw8xx0TZ$1O!8oxN+Nw%9Pj=xz z3deJ;APjdChkkGt;uXN5H`}3XJke9Rj~fTnnos~XbkR;7FwuFg>k}7PV{4*0O}IZP z{c-^#Tw%X{JombITb4Nv*eVyW;saV?WiVo>7eB_v*}Y)ZMi4}9i-NxA`o*Hks1bA| z?)gt7pr9y?}De^bm<{wY#^po$mG^Q;M8ZzJs;RYM?T zTLVkN2w50em22dq%FZM8*a;Ixbflrk=_*F&V6~eZ_40cE$*=r@c=H5d+>t3K&O?K> zTGAFTH^?_{8kN~MS(84;C4Uh3Y}B3W>$i80L6gsFxf0Ke7dr>rTizH_k<5QxTCLX8 zZ;@vmhg$tc_H}JA6gpD!a2?}G>bn5c+}GF-4{1%=?H@cfdYC(Oo_Y`(yg6Z8F>V1V zXv0kxd|*-MhHy$!7IX8~df@c{b(>HfUCcQBjOG0>CEgA(=p5GF56v`7BB2sYZHwjF z5=n>0JiGXgCv41q@$ z1+-#M)5zkgGnkig5Q-lr8`-P1h`QD;S}e{z`TT?BJZu5nmT*-;9i9`t^xy|ju-}v@ z6`ubp-C=o#LNm^;px39i{zD{HUD!gR`LjBaeK`6DQtEWl3c*V8BI(Ll(edj5Cvskb zyXs;TNM|2nv=0Xh-U#%Kg^WbdYuw{qPUIKhAGdG0nV&%bSt#QdyLjhpp0jjf*3D0Z zxNn3_@TaauvkcD-E12@aMeMr};Um&5k_$cJ_cC4PBDeJ}oH|=m@4NeVOEqv~$>-(; zpsQh?KTxw@wT$cA2;r?MRDLd)s#|==ZI6fTS7MYX-<8P}i?wi6KQyzD9eEtmT-?-O zYoU?Y7^FU)3FdUip?;*m{5&X0s)F1~cN1Mk3?(bNMeas$2OdKDn zU$MTl(?D8M9Ix2J1EXa-ViYWspZYECh9$fBMFP*b(#a{&dxP2=cE`j&up!QRrqQ4u zPL0M%b_K9kzszoU8%c=3uG6D$WH0|!Lf}LM>C+F1cP9( zt)*Bze(bOa`XuxZ;;|47^4Z*5{d})@r?SSP3F;-$snSJ;iQyJ=M$0F4@47!eRK;<` zxU8moCEOt~IDuT!6a53F0pG~Qy`bTffMUI%sU0G_mcQZ#YcKPZNS zrHhby7P3M0D9fmPco#X|G{_+|keRd8O_O+@M3F>Ea!A;Up#nD{t3kM(X#^IIJ z1PMS@FMM!L${rNly*+9<_Ff*sHmSGGM^=YW4>-TC$l7Msc_j9+P-#*o^<@@n~_(zToe2YmAi;+-arBDE5O`@ zPMX&{h^bOW=vRpov09_sXrr!o6*X?ClJ#^<-CkxEq{uug7_3qSAI9|F$|4VMPc?bt z8I(W)X$4I<96(Tr+xXO;>ZakmH50N<0+<7?M3*r3w_eclE1;P*rRBl%d*5{s^>fdm zo6?omV}e7M5BIhtuK@z^aW6;=%5%0H354CdY_yX8cBwVAYz6vj5VX}7@V4^|xdTEU z|NWl7hBZgtw?05_fdRt#ayUBrC~z$L=&z@O(o-CNj%$v2_3N4epMmum@G7|tA0WcM zzs}4Qx&X=}eg1s{kpSWE^ZDz){yyvLQidXLXePog?{m*kh#EWqaXr3yF#=-8i1;^| z?rL#ii@%}EC#sY{EcjULt|x#Bu>M00*cMp7Np`1JVy&$MEfi~??gg1Z@4Q`(pZu&& zet+V!sk$9R4;fys5~_Bxe2u06R3`osf$;>POn-UEe{W}CuLE|<*1~a06GYz$ z65thtj+_3MXZ<-2xauf4)5H2n9Hs}Gp`E8|2#hxD*KNA#?C*YaaM0%5ckGQ;cbGJ6 zKksdEadh;#TK=2p*S0LIIzarR)_wV3w)Nnf0IVo}MT^XLKyk%|z~Ts`da~Sjr}J|S z@DG0bAF=dz69e3x+7Q6~q z<3Akv-{N&y^nD$m2M@G71-y=5{NL=T4F-LA)LuUPO~#G0&L$~8GpIM-SOWr>8=(JzvNHt zx%?H9954R7bPPK%8vnNe|E9}-pZuR#b2p7=x({sX-c7vJBP*%Jhc-V1ntMTega_%6 zk)KG%(FLmgJdW!JvgL%Tb+j_VB9V}Q7}j3?A0i)W?Pq!i#GV`v!2HSM=RWq^-@Ntr zu-NVcq+m|5(n>_=bP8j;`L7`O2Y6Khw+8+z0NX#{9)kXkU4Kex^c&>;cY1(M`e%=T zCT6UBL3*Eomezp#>;Kdr^w58Dqt%qKeQ%=`7V_iHF*`CwO8}mM69fXJZuY7s^zr)nB9q6w?zw+e_ zUl#=Un|QzHttDxwt*mcpG%#>~y`K5U&g5U&1%k2(YmdWj&))cT?dd+!el%b<|9I*K z$b&fm!SQkCeQV%90MGw6VXnfM9>=)IZt(9)VfH$OVw|P@VX)t8fS>u292h$PSH46H z*a2++aOhI`EUYvYGDw4je54cX?J_yd#(K*mY?6XYzzLXg;PtXY zx+w%!VY+zy6}*<;|Ik}Kpt03@9d?cO0~q*kqv9V;`$vA*e_DA7*q3_kg|4nRu_1W= ztcaFAoZcV98pxoZzS}|!ZRAU7d5z%NdD@Bz*J64PGn5C+{EdHhnf9Y6UWawrml=hu6^tyUr@^e}novhZJ!ea#pX{Y!@UD50OWVk)96q60X} zkcv(Lg?5m@0l~rlU*OV#V3n>J7Q&yE?#W4Az_!4D)>gk~Q&{=hK8kVnOGmH-|IgXf ztPNJ^V&A*eqrU^&{>@upar=4ymvSy)s{ojrK+RZw`KIj~sG4EhpJi@?2jBlIFbfq! zmwimuHt|k=9)-N?z5_LX5}E*PVdaKb<^8oIrx)?l8~E?Q7|cGWdfgy_qgC*KkE?%r z5M=%d$^j5>+BSUv(B2#)E($IDdg4FhNc9=u`}Bqz{BxP(ci%JgUyGc7sBJYj0Q_Go z7Zn(CfBMC;{SQUM|FX2TfR(mBQ%ozC2dy+Wuoa2eKQ0zv!HRmOSNvzN3h;7rzx|h$ z{sD+B&h%Jd4sx#sbGRh|;r|R(9Q9wCDFR>;kp5NLqW1h!@m(6M{L-!cwXOF%4E%$P z|8PmqETI?xDW9aEc=fmPLYuGdkLw(PQWv|BZCHNYUu)f8IupTIaY|$simfNRDRGdO z@g3=pPz%9th)LSo6zx;&j5#Az5~v(He8!&RZ72BtekCAvT~32D>lBnsQ}3CQlr9fh zPetg%{cb`a*1`ikuK?fZ;RCvsz%&m(!|C!h`p>29;ASf>&uQ*PTWQ#mZiwBYj{$1Z z%|%yc7CyDyqvGP?*_HjLnqK#v3VgLnwGf{1D+2oK_Z~DNCkNbo{y{R`T^OYCYJTpz zgMRYN5#0&3PD>2vZ&j-cqgjk6JV)uzu%d?$lV<&HA07xMrP@6&933O%G+FES2(>@? zHoqs09n`btS0xm8U{{_gFcEfp!(+ob`=ML5Eucl}lS?Y&kqair99|_;crH(V)lx(i z57uOoO=rxh=2Ctz_#m-f2V+XIrk6Ig4C`!L&*$UyH1o1-?T}dZvPx!zZ*HDEk*<9< zaM5OM{1GBK_G;t*1kDRF^mc$-TvrpZ?&*+}?G_^%cTboY7d%p44uIdCuuf+_i9LIZU&L!$_!Yp3-aldE$G*l(JUqkYg6 z2-0URm6N65|Joz~@m=xvHhBt4W? zstI`JYwefTQ7FZ^EW9pl?w}mZQ*7miuC?d+>J&PgYtyq%ee6#H9uApEQhNu;T_ke+ z3zdzDksXx|<$7RVpq{6cX6$_uQ?h?->3epF;HFjO(xXoT`-~jzclHlo>>W9Zh->$_ z!gP~k2ioYsqD)!@3C=?SR^?$4Vs%vLF%`}!<`ZEXXIhVMtZs@LIDtKb)}PXG4u;{4s&>z6Mt&Td~{-{i_)pH?A%t2a~@F9l2S{ zY3VMQD)yg$l4lOMFmiqhc%QU&xptqox1Cd=YMMD_*!$KT7A-UWJ+N{Utm$b`&GV4-R_AIQ};g=J3BhJ^pKsp!?aTjRoEOG)Z@9H$P1hUy$(CNSd!qe~u%aCZg_) zG;4j{%A(8OZ;-C%a~eQr>l0n8Z^j6211@ z^zHQ8cfP`-B#CTa@}_03YA%AWQ7kVYe42C<*i<+rXF7$MX?e6uo!6cUe?jy8gg^SB z=tO>0>{B@>-v9f*&i~3d|EpKnck-=w`4>tZH4~aDQnY%;ypH~F)y3mUsJr%zofD0R zqJ(d&+M$_dax*#9VB3*X*$EyqDWxujX@inf+g#zyD&W+5a8v_lov^`}=7Bvzf4- z{oi{1|9^?w!fJAWtTGD|ZFr~aTm}ii^`MwN`0O!95P0)c9j85gTa|FJEz9X@H~8uj z^g`)>0^|XC^R(etl*QQu^5Bc?N1q6mFsH5=EMX=pVYSBlq?m*+@gvUIs}!xDWYh|a zsG0kN()(Gqdxc%Xr-3(oiEX_xphFJS@aaJg-SvVTW+b;P$U*;UBxLzOv&VndkBp;B znvAZ%lhn`C5IztVqIYw`Csd78*c$>En4e-ojC|4{G& zT(vc*d1og1ddBu)QD>}Q^g31a$Z969MLe^vUm@SvCu{lTYNxCV2}?Lvf2m=G`M<{N zdlu^Me;pnd?Y|EXyU2gsNcbY=|K7Uh9H!+|Dkak@Z{EF=WqbF|9G1jv$ljljr;lU*-81L;_S5uv6i^qoWb#*i>+DI- z{GMdRJ|QO2g|akhj)nLmc$dU96x0RdhIjJ+5A0pS6B^7d&&+q1D5l!F?U2y_f9#!G zZ`-yPz~A*L4qW3O8?gMh)2^2k9#AChnhk4>I71(j!eJ!3B_>lENjWvreD{He7hQZy zg3arL_>i;;DW1d2Au00w7}X@zqp@MkPCV$T2{tj#E@EfnT6_FY3FW}TdZk4B~_1H>WYkh**u+ULozK+kWaHTp6V6v zlw~_&`I8k>-NL6lpI`gkp^B`IeEP%Ag6=>5KN|o382D-J2r= zAeb;7QD1;@N~M7lm@%WYjf05ZURi!a>6Ji0uUujnvy4LLYVC%>6>`r!aa6ZRmuHE+ zo+SD~aYEP>5jHvW`1Sl&ou=>ECb1rbu9qeHE%EF!-B9ILYMGAE#e>aMl!3l|L-NL5 zzA8UKYu|&5O~{X3xvfpq?X9AiJuvkK{f_M|Plk}~3#Eij#%M;79*`vEUl3hSK;)bw zVLr{4<_-tlC|HyyM1Vcxrk`K@gZ4mIPjSaUSp(h3E27#6)eg=iAPBYA1UwhtYh7(e z>-&@;8S3cseh{3xyAaSWAZ0~&Rc5ZDFxXt*$_ukmU z986T29RxvJ*YsE~ zW;w^4;1{YwohGzVf?NE0f|m}n|3M*8lrSWDFdh55 zHUtYQ)H{*R!(U~}TlOQ7$^~B$sZ-9XKSAT@{@9oKwP9g&hTU#}WQ0$IDNrm)3XAH- zIcw%=jCNf?LWxwcFz`LhrYM;ey>GsD3bhNSfIbPPX!u@_OzqAAiji_N zQq6N|F1+y)+z#$~hRY3$+u>awj&;|?>C6|xwBRrtfTU5%W7+Tb4UVg3Bau;D-LCp>Y)o1ks(dd16FN6>op z;??t35U?3^+LSMjN~8~GjH)T>v5eg`d`M{haWX!7_TuF$I6odAy&Sw8wCu=YZzCCL zi=h8@JGe7lxOjOt2;69cHs3I=!_eJiQhrg>w;vWB-v6!3-UIU3wf}!OsPjJ#pFMBB z|LrC0od5YLn{jXoy~~rGvf+(m(DBDlFZ>l`o!<$M2|Cn`pp7R^dw>T5^b~E(GMX^1 zvuZ1m)9z=uFq5v&?XmOH>IV2r8=-S5Rfy9*^AjUEOXMPjJXIT_ntz`!GYa0(uv<>A z!xM-SN_cUt5$<8kSVAk&&geW{(C}2zIfQ34%7vs5zDq?!t67!`7f#LI%6IsftMEgf zB>t6mLCKF)&sKxd(+~8F%WD1k>>)g%QZa7!!%%tyVN0{6by^JSoz5n2MMsx< zmV8N7bh(Opt5i0GIxn4KUF4MqxTb^fM5^t%tWT)rKg&5z>4VkfTX<~TWkE~hW{}O0 Z-GnAIp$Y#%_&Wdq|NkeaEYbjQH~@egQ(FK4 literal 0 HcmV?d00001 diff --git a/released/assets/rancher-monitoring/rancher-monitoring-9.4.200.tgz b/released/assets/rancher-monitoring/rancher-monitoring-9.4.200.tgz new file mode 100644 index 0000000000000000000000000000000000000000..7cc909dbace4c85512a2f2c2bf95bd37bb9ed2c6 GIT binary patch literal 220129 zcmV(yKgQj4{|Cu5nGBLi zKTV3=l^_U%Njy$=gR@yL31QA<5{{EHPx}SD41)6{FVbwX8+4-QQTr)9%adtVAo5)9 z2B&2?Ep}Ti{5+o|Wm1Iw(>Mo2Dxg6;Orl|y4M#~lO^c|Xja$@1Kbs8FlKRCDk8s#G zJZh9o;@&73IG|1Q3_v0#mb+%P}GVE&_ z>jv=NJNCI_I7DuF2=5jDwEt_b9FVxZ!T8hd_MGu<2>1Q(dS#p&!g;@Y?~HLn`0kSi zIYZolI(9zgHCP|)CJ=v$i?DN>o3L}=S7GO-cVXwAFT;+Dg>(4-2KjIQ?|W~*e)Y|_ zUq|D4UtRBKvHaKB+5ws0m;W}~+s_{4zfbYA7VMwKlVLK-hAVrc5lA;BqD#=Hr$ulA z%zXgNeK4CAWuC<2;J~o^!MD>Sj{$1}Lc!o7g${a25Dx~)ASg5VE-eUoqm`Alwc!0h z+&=?46MWC;9&B#@2xp}O`yFmR3)?TC(OR&FU$2DxFMMN%+hghC$Hzu+Vu1;T5|o(a zB(wm|q&1EUXxl1iIEpZUD7%EI_AYtBXbf0@!(^PDCqdVNJrg)ueUQf{vuW7R z2dty%2JvJtr>$*c0BV|>nK(}}odhTGIXur!f}dbsFj=4u^!5JX%V3b^Ngv4*PM;d1!vD; z0kiQmo1pp%P!g7O5*+^HRnQ;J5F?6a(3%)?1jS{96&z(hZw?Ria1}grSVw}X!lpUT zyk&EEkz0Vuom>HKBRe5m*{SYrr@FbF+kuEZxbVHA!|0uc$o_gXP5MzfoMd_O7H;Wc z8uycM|oI_7Xi6Em6x|1q=aDvlhG|-91lgpqFN4A8nj-czbpSiFlbQ#3CLlo1=UxM@m2sM)0V3H&QqPM3pP)5Ll>a<(#tm{L| zx)m_zJRaH6i{NoF>!0G4fKb^F2r2|N#=D(OX?cL4!pvb$E~u3#-to&Zj>TJhOw2{$!&iGR-@F2T&=U5pDk5<&`*9u(;^MTI#dz5iNu2jj z&FSjW(Q!^yml5AC9UmXKXuAElEJsObJL@8%x`+ZN`8*{8#A^!}SH`#zaR2NR_PvRx zg&wUW7{$G0WWYT(J@bvJJPU)Yw{Q}C&CP?C29Q7|N;HYrsi?wM0BuQOQDFfKUQj)r z@hF2cW6wJyINDgE0QoLm2?L%x7sB>lk^rd#My*dBI=qGUG_-Xm`(+A})?`Ri?!oW4 z+|bBOGY*bsy`O;4+BMN*jn~O+iWC~xGU!$)Zx>E?*P*=pw^^RU8Lc#K3x953b+OOx z9$d8LSZ-jV{Bb|e3Z`swOTy$&u3EWxILwnFEFS&&RhHutbrG>;7dB+hE(-8@GN0lm zXG&551IzT>5*6<|bE;u$|6wcDj%Byn7ZJE+%Cnxw^Q5Y60%Ln}AG#O2eIKbTgMGV|Mc32QkoulR@2aqyE z5#W)LLCKLHayU_!4K)BS5}@(~KuRWt57uuGX<0J`2O{|p!((DO0h2~?|4cwNS`O&a zeu|nRbQ3@(OL5KRXPfmM(>y)L&*3fvY{^r=-19WXJ2B4&vp$Xk(}wfSLLH%k97RUt zh{@$kp8g?sbJ?YdZJ=0$qm5F$iuvB1mDw2N4>)O~OFZ---I00=ml$aZh&`7sq z(iJaSG_YLRvc|+~PiHx4+6<8~Fr`En#_<_RRM4nMg_IHv6(AoK!FR9W(>$9EQ3Bza z5vH8dHW#zrG=@n%PNHF?$o{C{hU-RZ_SZuu3uBF7i-1oDj3zYbKHq%42_#hHoi08^ zxu{FR4o?!bnO%||lX$=rvnby!m^kN$4b{OBaX$j@cq$mr$QMDgCFP;q|YUT@sJh`pS&CTx3@x~#0H$WYWD^|C2_h@5b z{M}*BMbcY@H5IkgZ4k%lYH8egvH1dV2Q~h0@cL!Z^gD;@GeyVyn}yvbPD=t zL+%NQ(kzlzQ6DZK8qXN$ur(S!RA<%QCxS@$13)Q!{_^_QE6K2kmg&E|#!*7DeT||`KR_m8v0%iH! zv4dZK4INc!r4=zxPSdD3?*k7Ako01_Lx2TP)MGUc-7JV^q`4c*)Hl4j3!ntv7>x^r zoN!}}EiTMoG!G|CS+l2EpN<6t`^d+92MAYcSF3(d4!Z`1o z=Z;1do1bLJa3c+1Ggqf+Om0BmCO1?3TgApM+0sKmDrg!G zCPjBwd2GfheIHNLkX8EFLe{{%r7!x%C=#kpW=?1LY?PGv+QA@sYB32g2r0_Tv|xG8 zUuL_2g=3@$9#@1wz$;NU57y0WJptpYNtgxqyl?e`gzPyBn-s<tHs8GXe*fj1ULk(?wdA zG3kn-8yR#ix%zA2A^yjyQS5!pVfKGh1bmy0zAKXA@5yM)J5N9w!N-`MKsrKR1H?#p z4wpL!l38{}hnW=MhobpL(-3LCNhrft&e3!*1J>u1CA$e*c@g?-g6B6L4y}Y`^yoPN z40Ovnx43uJyk#Jfqwr*o#!K4>ams)gX>*+BInoWGl+YeHpm?M`)6S^@y9P!tIgQU# zHf3AR!fF8U*?g@L32n&lC8656PjSs1zRQ}%fx3(VEZj%nfKHPBWuLi8?wZ;ZqKtY+ zpiPpK)GAHlDIk2z3>zDtU^sQg5O&LlZh-b7lAuSZT@}rP@Ny{e1w&|+@dY$s4igRu zI!q{Xcf}HAfrCaMK@L#?rxpz7Gg*c%sgY5Q?+y@D+Kg-kd67A#3hq5a=pA0CZkzqU?y<%tgm(_eW*(=^=lfx`4S9gO| zRKTrn1pFKbMvf1G-P~OLwQFqE=2j<#-n5uP!@cQrFCS<57h=J7H8oAb50gb#wL)`- z-vEVRh8E4r(`*I|iS)0ykqo>AF{;M-H?xr(nDmtd6po3i6WFypflV!vNy&N>qnx2r zBDTPuqf`Qfpi}r5k8ih}j*#iHM>f_gQ%uW*G-QJa{(bMwH{#zix}3YOjB#F{(!5zQ&=A(#ct| z8+;UwoV}U}KY}ANW6+BrnB^lUoXvV=HbvRhg4?v;?;OWVwCpV3w{dk;i9ue}C!{U) zDuots@Z(W7RFyk4LISR=UK5{-UYB2t6AU!_fgVBCpvZ00$Ay)pzE9wXQSadWM$=nyZb0&k;h;!ov17` z$oexB_n1Tz&qQMvE(-u_LyoPCFDN(ijvHFw#gw-b9F0z+-;w^T|(^p%_9qta;x^)v}RyaO;R!uZkYg|j+vNHA8mBqTd zwR$OI`}iYV{7rC1l$?Smjq@A0etGvbF=Nsshjz3{xblGwRw8Ac`b;{{)pzy1=TLCV zQ{?r<4x8`mUV=9nq~6Oqtz|VVxv_6)T`=8?G80H|Co)H$1DO6GtZ|O=sUwv5CuUOvrGG%50Rd?vKwssshl1 zRK>*da!O9^@9!_H^+ySRD=NXL8`kyIJYg%pV69qME8aQ|q*s%fU=+_L8b)&$$7^Nf z-_c7L4U=w+X>+v5OAI#7y-3vtDr4f=|hbrZ-DR=zgKFjekM$_{7H!VR@k|*c3TuQ@nM5nm%cJ8Xz|RD_ z*w4m*t-<&EM`)xgR#1=CqW?4aD^c&~yhZ=l2dBdp{!jlb&L=I~Q4i(^cM9eyC{~_C z#l;l<-;2-S|K%8d|9_$B_i>)0b?f!ZS1{mI6x0zge{qZ3!6Rtr(Cd|Ne|Y=q@Mz@} zx^J!Y)7DBw{Sv}=!=FF1&ZXh}->K|}Ka0=*c6<9-CI1J=|6A>c^ZzM+)~cFXy?nruugo z4$}P3V^{`R-}4$L7mTvy8E;#80(=P)z+>tQ#=BEH!ZKEbrFbvP>@3Z2HSJLo_XRA_ zkuWP&47l;$3)@5N@gM>27*H(kp$m!Stv700%i<}(bNn_dlik2kP+Y{sYmbv0ZVyzk zH>W`nmT!an+w+7Ql8}(Ij}m?kSJH@Lb|qIr>K=k_WhxZjKp|*!8a7nfzz+9KEGkC+ z>m6ri8y!<}oP#_emxLn4xL1%79Q>_MUXwL6SX^k4j#W&Cp3Ea zSA6^w4iNI1y#$?SPnbm}*N`~RW|P5>kJqqqc!GO?SjnDVAu`hI>jc!-Nf{g_(=2!m z3@q`(a7GFca+oE?9987u&}5>xNvc)9S7xPekf79d!%<|+jUOW}zc=qJ2IHfsIAyXx zH#q+97#qR)A~_D=CIy3g=4IoAP_kLvTcb7JjIEVF1)c=){_xc|ul9~!9lzas^XkXO z#j740rOMJ}r`lymhTL29?5vPS1_4RDztSRbM)JiC0#>be#Jf z)uf(IK$eshfg2{FQz@3>T|7(g=PEDmPz7>@7Un97*=XC-;nT@{?GBEu0d&I!`ZR6R z+`S)(2gm6G@5it|DMnR_a{(;wnm!BlnIe#fKQ;^3l_+GJ zE`deHb##f-X*@tHr^q>U%-;jFBcMWX=BBfJSUq%nlIVWQDS=lJsMexcFBlg^)=$a7 z!T4IcD$NmnP@bA)^_R|oedWrTmRBttX;Ref*UL&q{(I~_hg0*sZixdjZkW*XjG|Dj z`|qx|{OV#Ti-{@}i{T(_HafN}{)+gtl@AKB5EU@i|0ZMc(L!|m~EROEJ7pI~=Z6tL=68|7@6=q`hcLmh(4^WX!64sYE3&eZcT<_;A1n_ zuD#xlD9IN4{}-=BbKBKaeKQJhnAe=c1uF4yBT}f7%PwaKx^x}*iKk$%a{Bu$xzscb zxNq3f4%VCj3;=Qj79KmLAx~!PoGi&NIF9x_2^x6!K;vsIU8Hz7YF~8)XTnu11D(4? z&v=WT;}*T-*fPW`)3+KM3keXSSQd$jV>dJSLlF&nf$rRBlMMNkwM=2DY;6&JjV;#BmZ>mbGsBgQiaF=7)=I?;Lz z20J$byCjGNEN+sodBH^ZZ(oqm1~kVRWt&IYnKO!GB$lWy*wH#4x*_IOUS2b-7pVek z2lMY&VnFgFbb_JW>}0P`Ot1~!{1k44q!{C|Bne2rKg*SRvND3nrwewUJdNEb8lN9X zC+G1f9qbYviV88R?Sgnk&p9v^{YRs3Z~@fn_RAYoFw>)AcN|aObF|2h{Le3|@pKwl z!BPEgS9e$Ii?{mgMnJv2`hbxp1^Gn3|FJsap)HT|c#@9Rf8CY*9k@n-wT}HqmyXwp zvILA^kq4KY%ng`Wki$!iR@pG|M9?0ys&>t-D50C0du9Oh$j9j<5j}$D~8_hlZi3?*(8Rg^YkTK)m|H`+8lm> z5}~w6ZE;Mz!CK$;7eaq5rG#vy3$2w7lPP2*b5L}g0)}@pXI7LTNY*c5v=ZlTDR%2R z3}9I=H0t@foDbP1DW?rwM)^#a)9F%TXOz@DDuVZ}Fa-jV`zNzQ&ZQ-@5kgV-)TwUD zJI_Cc)h7r|p)=H&Zs6PNy*;v$w23t&uwmIg1_yBtCkNG(A3-`d{@U~xO8_6CRfs=< z{2TgzQG-g>gOBP&gM1va8-3eDWvoK`vb*j=rgJXX5~ zvPx=!kAaEYuh26akPTn1&hy}3?ee4-XW04}>@)3ES&G86y!?3el+$zbC+;7@Jz#TL zu>w`oseP0rUW>po>HFSgntF&+nSBiQOlH6Npi<61eT{Kl-di7lx&wpetH;rPIK_9l zn_>EW{foQG2ks;iQ-%DMz&gC`EFaMdQBDSmU#2ry%aG#WP=j|`&@xrOT)nt3@S zu$b1v3*?q?_l9_G=ZM2BkUhlXlBYwA!H<=MR@Oq=}W#SFWj7UCw_?b z#0IQeO>#pF`7Hy-mskW!R}f8SqtQV&O8b|D29%Etp8=BML*fEp@{fTb(AX!U|MR8} z7q`td03*LXd7G6794&n%Ft*SL0&{5oawYxS0Hcmkde-5KC7>!}A{6i9;a$OTj^*#3 zX*NmJhBHa`j(C({#3Bv>MT08;j5%ow5H-}Ss5(ZjLfDw^x>2<)wzU8}ExuJO+3 zN^*SPy$rGPLi0w*%tV6d+k8N(z0r*Om&WDo?)bb#h4vhlC$?$-U6VpB^MA9$rtw;= z6nUtg#inX{Hw41?kzQl$1GhrZ4aemG`sK%Ti~n4INOX5ycCbZ7?e1l#-SQa?z})Lj zUorN*?DWDhuc$G1KO0af3Ni<%``w7;V7Q+RS#IpRJ%S4dWevfbss)zsx&lRIX7VfA zBve`$vu%TrP^gNVyAZL+Ngqa~1eF9i{L8>5$ z{WnaH>DuPhsZIj%ON>-w5IVGIjsqWZqBzV&(xW6`2FJ9d32sVdc_r031~J$*1q^l+ zeIC?a#zWp^ZwD*zD<}Yb#5zel>?~Ng$1oosOYx_z#J~6Wfva&ZK`zHF5k1jV%HXuE+ zWIBa;7hXzxOHfRT1$nLhzc3O46}wsr%j2;Lje4 z#OGN$P~j2|a1{JqvzAG&BE)A-FethD0(3u2;q$+5zN~kVtzLg{sbv{)fVJYrEa;(bobxFzXI0u}#i=rZ^paTp~WfjR(A5?UQ9EwDK4Hje5oHPt6PL-&s zlYo79Wu+Y{kHCnB`EMM91^%f%BCzkU7vagZvVSae_cb|TFeyt*GUPWk#CWGxqc6&_ z@8yCyq<#lLyZ$`C7m!_7sox#U?5OoS0lVrZ_B#RFa~v};li9Kp1wX`TsV?DKc}A`P z%@{8?53%i(j4=*Qk_%L>Wx%DbY(>HQ*Xnt=Cd8A~T1^SnSO|ZwSYnHwT#lsSq0~xrM=H zB$;aQhNFuD&2mFxca1k^mpmBAH9~kbPjKnF9OwzmmiTt7iXO)!if!95jlx8zfeYPC`twiS~W_CFk+R z8Vzhpqhdo&-3MjY&0HuqI!A$Ic+NfmyU;&HS%D`_%mK$%koN-jS|-!NW1RR5r32uC zh+*OU4u+ARxp6r{ zAu{?VxhXkD3L(QZw!!|MI4ME%Xyqy45}YO;{N=RaruFWPt0zL7@0a8PZxy=9R|}mK zk-|5E;&Rf5wUClRh_t->>vXgvcoit$`%@0?h5w^R+Gs!pLme?%E0`r*fm*WDqpYlA zG7G=&QOQ(F)sE6l+wTY9T`z>R)f;6!HKLMQX<&BKb<`sQ9Kt$;qJMSj0!HJ(x@KUS z(835h+m&EM`D&KaBEGgtG%v452$)<81_souxC)3@A}STpv122cvWllj5{gf|>&RWd z&xLW&x|tO8jIJP9_o_ubEXvMwooKQ(-2mH|<4b*T*hQaB7EMfox!%+P-X<>&**QwR zSuSx4G}G3Gn-9h>$I&Hm1W+DJF-}LwAOV@fRQQ_N>m<&V+BR%x6nsS~@0%2?GumEH zc67I$-LrhOk%DJSZgRKsIpXhb@LmlCYKvGtRJ-Y!d)8jM!?lnn42LsZrIzrmCMJ>2 zmm9XZ;rU$2F4c?9i&h_Z!?3IyR!K>&?{1tNu}!KjE#skctr`Jh0ExxR;L7 z5`%!X3=eR*HZT-%EItQzj+8y>I+$FjDkz=63Cn_Y8O-ddr_n@_h(6zpML zJMSu*rnC~C%Q&_N%*89@A}vm>udHJ?1GXOvKh0P!E7Sg2QWjps5QgNu#|^p_VI|8$ z(b|5|k@S3Xdvsly$*{5WY-f92)jYr(ha=>F0=>I&&ilOc)Mm|;Aa+CQ-?_IB$Ie3Ht}7pJMDxxBkcw;9czRZel)oeuuPQPKxzYz#PX*H z!1f1F2xmfL+2R|Tu#_%rkpjY;Ra3DWhr!~q=o4738G!U56^@adip)mJ1)}U~%c65= z*?yr*$Qz8YaJ26hYlVIF?rus6SHZdW{@b8Ll^b&sI@2iLvRJIfbPr6``MTgvrU zk^%LnAU^u_eEa)zQF=) znPr$5&XgpVDm79k6^rtiUUR>7E4FTHQC62$ zhMB{<$jDKtHF1_s2D{D{@D8lNNHMPRuF26qJ@1E2Ah-`VS1>k_%A}A7#vAmCz(2#_ zFo_30&+s^Ek zVgRY62pl=!5O@hC*UxUy{yK#R)5?|}CjC*Ij@hezH+V@=04wIR{ZU*LvepJPc+Dq+ z_vI^00LXP$$V_%El-kG9J-p<?QU_>B_)?^QZf&aSbh&+ICkh`=A$IqxGf?Aq8pN z+7!#8JkFbo0__G9U{kRCN@6No@D_9Y%&t`Ssch-Zwn|@I=OAI&@2psARtu0&gWZvy zG8;-}((D53nw+LnCE*9(a~17V_L@`onAng&y=!YUJ|LX7IS5j*G3q^NNGwzIg1z`C z<)()1$OR>I+^fLp&~fpXL@%zuoO)!ufS1pWi;<mp`LrsOPS7p9dJ&QX=x3g@09BJS=vemEtrNNUpK zKV9C%9&sBcP}Ac%T6Vd*flXmueJ7RfyWVZwoM$JT1Wq48GC&4+>}<jA;r9%n*_p*;-C02;)3rxJR-Fx?)&AVcKmX8N|L@zk?+#yo`Q5wMZ@<2iEU;JP ze{Od=o7Mc!+dB{WUq8tY<#mwgHY}Qn`dm!8OsWHRBH@DT)Fd&PAw=KSCdzXrHainL zh-vu9B*QiqbO<3=WiBm=Uwt_nPaVySo0%mc1wJcUsO_r>iEjsoL7A2#7WY`oiy5SY zZZ$V4r)c=Gi{Fx0{Mb#`RItVg&2wl|a1xEy6SEhZq1I^i$y8)jy{3|dnL8?1(2bKs zdJ-im0W@61DT3J*gBnf3Nf;|;d~HVS=4ep74DpV)kyy+r3x;XTJ_oFp9`N;u_qMUE z`lbxxOB_EScB$v3itJQQGV>InIs9^OpI32C8@$>MUs5&~ZUWm!F7VS>>KuqeNG|+!jl=`kpfL*)(S7&ppv-wc}>r?zR>_0~h-(dmZh4+7_^Q=>^ z|FGS8sQ>Uue%4G>w*-qL4R5?pP5B2@k5i5GkTuw-G{oWw*x)6qVc@PlkMk6j&w3dl z(O0E7T`-2opcuJCW}|8XDhXq&X8*u;z!fwWRK0de80c)J{uEh%aVy%TY#S?{E=R-& zHo!=b2}_ZEedPFKn(RWD|H8?eGAA~2#Vd$>s{|^ngUa%9H^4+D@Fyi+P)&_;a;9Es zi;a&T#_^=x2|=t2>q`^HYAUJMDI}z*uY|4w>z)eqKUP^+Z-QbsBX}2-p z+=R(GwdodYa8q@ut8y*i9yetw@OD`>k|JXs(5it@x!oa=*i=NG6FH5IMk(hXv#Z_) z$%o}(V9dVB`tj&AD@ub>fmd8gRc4g=8G27DN$q4%iq>;#TL*4Ms$HqJolw*jw0fJp z`jGU2t6!Dgo$A=H$cJ~e{)xtPFZgD~&9<=ILbe+g(nNjFU%$?O+4UpM$Wm)ZnvLq( zsq$gYx@|35x6d_YjF!K8#+|KaO%ujo`T6r@n#3eSfT)si{6SCKmnp#2g6^Cc)>cuB zoF=G!c7_d~L{m~klWr@yti2B5q0^)v@B5wfWApYpIE$Tseq055jOi&p5vguUHS#G* z^>y}#=kxh@$jylI38?Y!bcz1e2(DOe_FlgEWM_9yrkdq&^4Wc|T36l-@SS*~?Dfg< zV?R#@9Q06l4bw>h+m$CrXX*6&Bu`H+Z^)6DqwzV9MJ0{Tay!*@JZ{U&J#5gT4fi#KoX_Fb`obH$_1?@Xlr zEiU0_Bb1*@rtbV6Xyny`?3Ei1687#DnAnIM|D44mq>#-O#cL|)13y=NI+36;$G^$b znUj{fi*6!aaU8*3-hTV;6>33!t#B$y`kicHT)nUw(bSxK94W7>L5A5iB)X?rT$$4T z-huRV-vH^{^!b%l$87TIDu8~@GmPL+3x1G}DJqby>c$(2cII8250g^dlI zsBki;(P|Y6u2X>VF}(uAdrF&D3uE$m9T6vt|09louPPhF9dq##nh#}?;iM7%$9*bQ zEoDwnMZN~p9G}9}cZ0asZ+Euf$@r2Qz?1mwY&>A2iCfV#Xvb{pU<=TbC^uvK#iOyu#N6t$jwbt^uYJJ@t*H-ToHu~&1>@t%dE_M zc{IwZgN~B2^2Absuj@d2?=cK!Px68q)ge$F>Jni)gBDYPirqe3G{Nm7f)i%97 zQWw>xcXX&KuPj?pdG6%7bO}4>cC3(k=TFzKx#8irhWc6=A{}c7@HgkW>|wG6pcv}p z!{ve9$nT#CorU{Jfd8Vd&CZ4&uy^VLab}}VP60vHkR-;AHB(8UJk<=rU zOxz(Hew&lBl2d6nc>g2N7`TYp$8mf~0rnwUe(^b+bBZe1ertVxl#)kzJWgXbCR7 zuS(!x87{mc-_k!GVN_;_%bY0NQm4T8R@y~ItWawK;?{Lrq^milVca#C7SmTX1r0ph zt01p|?MMm_Vh$h&!)=2@S3vbyJIY`H5@J7@Vss=KnBkv6NJ<{KD?)j;2FEnc$60>I z-NFOpn(w;T%c5V7OsD!wAfrY4K}25F6?T`9DH#CT;MpYFv>QBn^5}ZK2qHMWKqoMR zGb(66?`)5{xVFn)QZChFjzM(e#CEB4mufF?#2qG$*09M!>KHLCqi_atU_=)J%AAEx z32h$JqE62DdH0Q+Ll zSLgV$xV%(NE7Op+Luq@<{jfzO+~vw-JzsK3Aa4+vgRf1Mi)fnGqA+aaNftSAaIl3iMsJvaR~2Ny-endRsI_*sWz4AjLA_p%luLl6+$F`346szpRwsk-TRlHx781g)Ex; ztAxfs-QIffTz3P2e`$dKl7QzesVO!BbfVtVGz7pn@U!^CcazvYT~+qXLok04*yD+^ zdeygN(UJ7JX{~vGGQ&ju(NA-K7fG+ovXRp#uuvtHMFe&=#OR$YH>e7Iy^^FPM-aq;&>pl9h`syN1fuY^nEUGVvOF2gwX?twn<;fHf z#d*1P>b~qJDM@*c3IsHS1H&2n@X$OmFiNw+z^U|f;b(AW@$Ipc!*V7WVlv9XF*13h zbB8g}O$f^515EPKFTdDeyH)Be5+zE6Emngl`1RLE?uS6gj>#eKuMC;wi3{Obh#4LJ zrj3omqcbORGx6v*gWh@)mC$-6a5fKC-Eh0Slr)!Pyggw{WfPqJowvEoJ3Dt<8~3!` zIW@1$j$+WKvIGQ$qr9V-ME#T24QI`J`UAcjWJB||u}=>t9E7kfycJ$%d3hraG#+6o zN&qc$O3jEF4;~ddD4J5JH_mo%(qk^@(`29UuQ;8=2KR>%osXOhCq2@#febym43eUc z5gtL21zK^JYqMd36WS~go;hbDcZM)GkTS0*tIef$EQX&oich6_tmSkRY9Z_^Y1l%V z_-|YLxCh5vr}y8sUR|?0j{>xA@$s?f38@p9ACpeKP8#kATM;}J=}mH}Quo)rD(+_< zbSo&J6f7-%y-duGh1)LZ9GKuo{Q2dV5M@BDFWg7~!(V@O+B($IZFa25e3)Q*odX@F zP8vs?(}_FillNaAe*4`49PgJ@-M9GhiFx;}BPhfpkVqtN1#mM&+axb47Z^ldCU93U z@?lC(f?*jv9)WNXQNjdPPZ}2f?pFH7^=w$;$|IOe^y&kpDIH;bQWx}Z(#aX3 zF=4ryYoFlm&ilj}#Cs<5q>hSUDNNy$@9UvFZ zzM-XqYy=U|h=%X0t(x~kx-T%^5ffp#{T#_d-Tivo?lp$cj9KmoqTGQ2+_^TiT+qFv z(us=Mc#Ij%yjk!wL8dEOFFDQ_Gp7yxRe!_J8pdg8z2rCpr}UvamQxb3VZ1qCEjgyB zpOK;T##DVc977oMuhl{Q&pz%J(=?Aq$Iu`-p2maSzg-0fiSU8~&F>DAaR#LGF<;k5 zBNWqD&B0iOyFxG%eia;AU2mAKp{P~*xo2x3EheI$m~bxlh!@FK-!H$4aui_U1Xp5Snl2YQ5+GQ@YZaNGSzC_~_&tzgTAPHpy>!fGZZ#Eyet4XXL~*Hb*sjRjH*N$1YO2Xn8U>dXe6% z(F2_xQIDj<%_e)r+iY@}Wu<42qZi*530pNc=Mt|*9H(Q*H5LrHviTs!@f3F@!SsLL z!ou89Nvv9J?!8ieo8BBG`JuE`5+I~dkCG5D+iy3J(161L+0NDawEz^;9e=D!?H^^)~qgj!CF$XV(ewR%ba|^ zY)DLaec}V? zSn>Km6X>B0wREa%IW8gW-DdOG7B&U9_IH&_g3aXL(wYgawM0}uVLJ85fj)nIV2J`| zN&Ye(VU9lC&+22&40%Yofh;kxHeXyQZzCvM=)U5}64#+kRjhrQqlEb$latv9S+u5G zv4X-kxY?FNU-w8afyy_<Fi#?$PGOGKyvjm$$-$RsH@ss~!-hQj{_=gw(29q6q^ zPL3QF#nZtZpDY03kL>VIiPf>5gBVFYw_{ESTxen66c>>-7#RM*P}l_GQBYZsW0^V z<752p`1nT^QvP`BDduw~R~s1 z*%d!->^%hPeWxjwazk8$%+WIQnyy!X_1(CnxZqUR~A@@ zT?uO7*aK67^oKtESr2Q(Q&oA*!Wji`G=csVe!ng8Qz|b#5KTJ6EEjuct4N1oocB-D z5=NWl2?8EE`Ok3@I=;gAM*db0UzAr}6(BkHps_X{YK6#}m`nxdeeyrhe!Yw3HA&sT z6jVHgEGf83(#4GnF^tmQsE)`lF1dp9sBCeU!6!jvtn#c(T4l6dfD_7GZ_(~5I zMQL6B*q@{O{H~|jFh9fZU{MM?^b#|*1vvc4_DwGh^A#yGEsQWpdO5cmuQs{i zY5@xg4I1%iysvDC=ly|EWNaHj@Spnhe<$2D!2!cd;v9I_%&u;F2{>9-cj0 zYfTtl4|3@18~k>cE&zK*)1MRFN?>nc6Hwg8haz741W3!Vykj~e0me)sNLR}W2U8l! z=}AY_TD@vAO)!?wD05s8B4H|sk;U}Yma|U*qXvo>zI1)cL12hLl5jT54N?#f-tKIk zKH8AN%|+>04uH3qVdi!Wok*wy*I?u{;# z=)e`60>^`ee>~=>fd%zOTNLT=b1cz*2QC@dQjIG;OJ4TchGXWO_{2!i*kUJZiPADxDk zf(q({=oeP7p)&^b?M?v(EV(7hSYMY+atN|<~<>#pB#DvRvmX%DVU%oveVjTUE&8dHMbpO7p0t3YSd6FSb zL(3`}0d(=lIGn$~dv_3=!r>a>Uv&5sVn7;@OEwT*uHE4J$&lG1FqIDSL)_lbuvAiQ36w{55qbSz!_3^P`R8dO;}xySe#MqLFHC1f*bSWScgz)YH{%wjzmg_`q0 zLMl>Kf*g5A%!kQFnwkB={U2d9W)23BI(HsVbPd@0T%yNR^C?=$#fAGRAmbS&Z&=T)X5h^2T%TvB#&*G6j6RPdQcnYL2e zQZG}*GG@(SRuh%{X{Ez-w2?lF;|&_-g#cY}YUqGP00hf3AkL1!dP#y^Li0*rrb29MX1$}5gIt1?1iz@4?{ zJnwiH8U;R6sv}o04Q{nmlKtkfSfDF1hX0+buW!iK~93HCl!LubOGpbD8KH zS_pVd|JuimSyUWFhwI1yT>A*93StzCYwGBL1qQhuNTG!)#x|mX7!uYz`p0zO2(%Mu zPrRI{l7RVu%ZqLp>T(Ewbl{KZk5A6q5nLG+*gS6Uma%{){I<`1dz-Pyxq}?KcL`4S z@iIOi{Pe`@!pO&D7ow~>B!M>Q8HDjO79Iv3*_qAsFTMksiF zV7BLNR%)(tyhT9rRks3f)bCzzPHPqH; z(d>{TEZ|jH+K_o{&Au@447HP`KqCA%wwu&6u2mJ04C1MX4)Qc3RPUqU7BF$ON?hd4 zy!%3$J7S)5?O8v}gQR)V#6_b};CO7hI&)I2CVEmN<^)S=ro&U%Eh~qaTn-L!u|K>& z&nzd03HPR@k)=3eUb)+Ib+5QcdN4tZRQ`@cph2aK05Wb361xH1KrP49mIcOm z`N>BieiWhZ5>dojA&*K_Qw)V4V$<+p!Zu((kiG_V5$T4?tC!}@t7?FKJQ$}F3_HA_ zq$gyUF%=$GDvr*sHCmTJ{r(JsvR{;^`)KfwUaM!Asr2YkjplqE6(&t!jfhO{1{nSL zVNTO>RD^MVZ1d}z`_3f5LY30M@ri2yYmPrR5dd?ay;;V$yP^=UxgYDvbey{JrF8-~ zG!(tJaW&-&&z(&W@(PFSVdFmBn=iHux11Zcu0zEGTS}(y&N=u^gk{8LZRyaST6tY0 zXo5A#ly)VnPiQ;W(60rUY{`f<3Yo8zsy3iDs@N--xeuKO4K?poz3t(Cu+9pDu%z=Yvtt{@ZlF0(@fooLd&q&9gbMCc z=ZcGorg?8!7#hU=Ox|Ep3r^0VJC0BBmVPO430eJa}nL%L-zTm?d}tJ$Zng# zuHnr$)s(+WxX6ssUJmj>=yEaS9@CE6FQQHukESW<33Jir4U5_f=DEZJy$Kg&e48o!Lm3{Nz8aerkecd;|w&+9tKNU`v zH@vdJs-HiF^6+V{fn!ac#j)Ndez1tx*hF1Kc31GM&1nQ%0&g|>FCwTjHM0d36eVnG zI!n|?o|RcY1FGt~PD|L|y zIJtc%#T9?aERS7oIRf>%EpCn;&QzWUdk3#Elx~{AnbGhWbtK7=C80a}aZFmiy?-37 zbAodqiL$7uIA<-Z%t?F!E8$Lc+^J!X;aJ0>%S5uUQ7)}2@5{*dx)wf;5qtx0}xU(Lm@_-%Wzj4kP+UDpiv9Fa_)p6Nr`+26Uh$#{yAKk*iQBr2U=`0bRU7MImXz*;~35>Hfe7b>(`skU2Y>I|HCGJrcJz+JYjC>f-I2i_{*+ToFxT4 z^Jmkd1Qv8GzF_1zLk91r!|Y;!(IYeoCT37wc>M90H@DI6PsVZ1#>1MpYoeFR!>YKe zvY1(Zpr8NM>1Y0M8ss!wp{a4g-fY?dWOL>C~QV)t)@HkaDO_;{+o!5PLte->;bM zti_8$M*;;4InEIA7`*f|Mc3{);l_gJqqf+l2a9s&lKRx90TuAV=f95nBn#9H`gmZv{U3iZ>Zf99Qjk$AnNb*M3{rK5t0r33DTqRw?jGWEKy z5%bJzk8dSb*a^WB_ettY`-b(Y3`^g;N=~QOe+`Av?XQaeBC7j2o|0BchH)-WdVx9>>K$m0L6gj<=u66aOOD=f&COz}6?WUv1C%YWv}^Jsh^* z?qPFI!eSNVe~ImqnJ%p+_^s~R91=-|+l2((@U!8U ze*6IWk9tWRHq@iDu=#lh1Vh*#r2u+}GKsDV4pO^q)(D+Jz(Og-xCN{QiySfZD@VQ= zVfY`Kef4EO#ynl(Wo_qca#dA~%G6sv-aGR<^ZyQ@p{;Dg-|Nb|0`FPijna>@o2-~$w z$39&~MQ9iPH$a8vDF*HC{)Y5{_n;7b&lxHi+m zr*#J0KD}CB!YlKcso+8~$b0acB7qNt<@SW-vrcXyQ--~%_1Z9I_>eU_i_8WO3di3$ zR{nmjyS1iz9?Uo5s)mBVCWclq*?*0g+MN9bKyb9q$eMXyw72k!6`NgzQVC)pZI0?9x~vUCO57;5p~H>8ypp!{gUu`fT1rZj z0nkaWoKD<;Z^~+^<3_MZj7G`@*fuHWn((P zUon~T{^3i?5De&>mopB3{8qCY)(3ae3;Y!;qHMjOiYN^GKIS$uAeE!yz$TWcCknbU z)kN{nS)3=cX*fjd$ZRr6M$($=v9zP@s3T9b91H(7w-zZ6Wzy!D8lrmxK;VKDTS@N} z>xdV#=~UB)ILUYDEZg+doQVq#c|(ey09I#HwFR2N*Qs=yP9)bmFE*ElU~rgZP{`Ie zJ`RR6%6lcc7=S1>hy1Pj8MZANX%ygkAvN8Fmyu(D&O^NhsY2x{DEmLzn9q@|LI1>XvTUzw9 zDYN**A2So83hAcvYf27iOmpypHMkCX>2WDyfDS&t!O4qOD>f^g4<)XCG zyuKSYCD%saj%$Z)$lS&A`aRXcRBuG-h6^Xe zCik|vPl;*40vCkG`4JkE17|(Kc5zro_ zTp7KorkwH?sVd1}+F2_9WinE6c^FsOKT67?f&AREMiyr0Zftb;YVYNnS6m^Bc2i(D za*2MO9h{%a!=^MflN>u~x7_uqTri*0+d;+>72$P;YSb#$)rs`+1`h<;Vg`41Tm*YR90jj1^%hAH zQYmNu?Q7ejAA>ZPt#8mcy`+ytzBIrzgmsxDW+b@$u)jXBnod0mkx}s8c!cc3{_B^A zT%4_{53!ZVgd5W(Mb*q(=F$A?^19{4mf#K-78hf=sG+bJ<#9FQpR8+>QipJq6(cV!@_DP-7!Ze)ufNY;IYh20Uc&;MsqEcz4csF zQLY+lt_sSPq{s0zg!>2tAO^)Py28&n1k_0j&kVdiIiyCf7f<7-bUaQ6m&n!jE5rKp zkb2)vwQqkB`D^(!$?Gsng>EFOcmnMl46koG;{`aBuCACteIqKMEZz?lN6RWX5O~dm zu!KR_kMm&v;5)uB{S{Ym_uU$X*X)|_%|*SxQOAL8xmbCCIQS|}MuR}lKUMunM`$Fx zz;jO}^C()uGRF8PeP!TEuJW5t}uM&RW+saM#zt-Aw%^ zBV8jYKB6hH4Am-~jmS>NL!;G5`bo@Sruv8@;WZR$t(=a7B$rYj6^(&YuBxd7$`vPL zN(G#`AnGSNC0<82L^!(|*FwE^GwO+)2q!fs6uIWeSK#CwAfFd4iPdKZX_3#S9LqQx z43o0)ep&Kn0NxOt!$;~K?c5ZDUTe*UQ-(3#9d>LUT4XA!D(f8tw1k0ZNfk;06cmj1 z71mN?N3 zm!YDi1OdE|x&~`pPks3 zmNY$jf-ODG(p9y-JR9IAD){BkcyYb2g{za^Zj;^Zyg|t}e`_0RwmIc{mMYsee~+QF zY?9FSYGv@T@$Im~VC9zx#8#|gm7Js>ZigDqopw)%QAZ6&%Bq%wt09P0Jva+psS9@n z3o$XfO0`IcaAL7dyf&$dS&et_t*mZ=rs^eTmPfEfNu_M;4Y-au==)WQreUhVD&7KG z2HY}4E;EuEMAjaD`K1n3gq<)N1;73pLX$s92XAL%xC`K6H21rggznJ9J0U2~Q-5kq zX@bgb#A$q<1l`adwyRyiwVF(v>Ws-`V2&0KzQCaXq-Ru1GmaBq4zv51*-3|HMU+{|RFfZvQ$a*U#2-zn!)X2XOMBC%#2W@9o4 z`UHW8uAYd-GcgC_7r|D+cg6UIaii%%d^exVFH=P`O9rZPi&tqcn_7K^TH=u9G^sSE zq_evbziHIP+(!#F5vG*5JX@I?YeL>u$zVU8#=Ud|@LFGr&u!qGZ+O&n6MujA?m+%< zPo!F=eVimz?3zk1T}BzcH1L+^VEYtJcflAAq1r@wDCb<*VlfTZryFkVB|FvFRWC!z z{BcoIIuWtuj;!e~v;GXtd}2(`W}IyM z?znsn=&S1S#|2cX-Al@gB%w-u1z8EtCB)pyPeL>C+3ThVxrKctXy9Y6*Xz$dZ|w6M z(yx7kDW1@kUya~3MX=Gs1*0sR_Tv881{^@<4AT;JRXlQgDO%@;G1?{6o*ukD@IV^b zF{?4{9D9$^4ihc{hJSkDDCF?$6wHOG(@loWrO5H5KboOA|714lGY^4Wg1RM;E{84_ z^o@t4R9BwDNkxT4G>fwJ&smbAx(acrwT5RWq$z}mIo@V@ z)2}WLS={{c&^{AzRlo{WsrM@B(!E7CxK7l5UW-;S%d(t*!u43Lf`LA#y7{L>iPdEZ zDGMD9wP*$GDA{Q3`lhayaI+949ylr;Vzfe5CPq-RJc;s4^!$}OMom8TyjM+Z#6>oF zRPvPXeE5ApoxDoYmY;2d&AT?VJxBLF`CCHMxE2QazB~NJ+GU-Ql+2hCm{Ai>eV13b z2J%p{ku$~@p-_gD0`KIm*05nTh#dKm#KOSW7SVoHG<;T2=o+P4gG;qf8Fbjk&Nk(U zx~hf+|GFesJVTE#w$QurXl}Ks)l%hL*Vk{Ui)^8{p8>JSg#P5uO9{kk_KX z<6##hu5o7^l(iuzTpp`q%V!f(=n zC&`7`4;jwq(D|8XhuGJO*p>ZspMSzFb%woiSFNjB%bTVt^6k&`|3Y3CWklqQ;ZQOB z#NpB{h-*8-!*()?hjKe=P;Ud{djEV9fhMA^nH)W=-McmxlbAWd%BBcwC1sb9Lk=hD zXhS~3kX*aV(G|T{2yMOdqa?Z4HL~HFdO0wc&wiKoYKOVkh^;T~>ZK6lY9N>N%de8L z#*f#Js^&N7+T2XcpvD~UY$SijQ_oZl6@$F!=;;XS6pEl17evv;_f=0I2F3(d*|lK^ z03A3Q8!nH`F%|l|?}XR;B*d(dPULMm`mRWdzr%pvv-@r3UaF#118%Sisu|&a`PJYX zQi;mNI}a+$BqPtks#GC1wlBNbxt~(NBbUq@xr%&#E(?xKGZ4X5QP_sm)hc3z|0wJz zXYRpixb;Oo(jxy=q+0c4p6d`j*B#o0Yw_Dqib36cExkp|LB3rLBs)}P$*x`YFuwvj^6XLTfyy%`>_3#8#Qxdpohs@LhFwiyDCQ&Z#0=0gvdlBH5gQ zuR=G+`8Y6rE_u8DUhY4CY3}JJoEmZJH+#GQ#6?G|K7*?-LPv(Y-H~#7S`5?GN67{1 z+Q+D2!23Kxj_CfIJwA3x79Smx2@vK9k`{WPNTNtz&qO(eP=nXr9GH*a#2?b}Y#bEn z&!kye^yLw>X-fTz8LouaQ03G`o|Z|-d37*goXuB9lXyD4^u(r%c(iXnuc`1CXr3^i z7&=@a*W?IyzV22eZf{wUFbry%HFm%7tOcr@LnBCm(QFNRy8?YnwG)iKA7SWw)sd!G z$w29LWW(jt$w}t*#S!|~?5rNWFT683ov30iPlhQ~W+6vDkpDAIsz;@CtZIy3o09=l z>0~xiiu@r>#FHvdXv0wz=L`Rio8YeNlBCJ?SbG28|M|ZP#Jrf&LIrQwxP6i}O1h4Z zu&9yCOYh84%xv15At7oFaA{jbIt=5ye+n@6OIS8Mi5Nn2&WK&$snqe!$&kM_Q3NG+ zbK-%>X&Y8y8gq{7dMM`9(KDD6ExkIb_fdtiQJ(Jx2HoTUciuS{0svU1p@|PgHKL{_ zBOcEbCLsMKn%aF8gT?mDRlQ_`#M70in+@O1K*&$ZRoJ_DBBV2`>MUT)J*c z-iN+9S2Em**FJo-;d(D^XhOMAoQ->c(2=k1{W+UdFEV!$?<`2wP+fH?wT8s&1wWhc zKKcCa!k?`H?;!;G>JVsiJaP~!%j6h+S*Y&9LI?0qr{rX?5GteT4Eqj^6};*V-#5c}n`?b?U%XxyNo z1RjTczex8_i-87o^yDc6m(938B(MgzqNR>#V_&IbL3CXK&a=@BjjnMzewP5z$3S6w z+6(LO#;YK`I9aKN9Q)=r;@W_3(3S{jw~FVC_WWBQz^gyHEi1cdD2%@;mhkBKnAzp) z)Pb`}R{*tK|Hye!Ezxo|5FIv&-odlx$w`w31X^;7mA>zHU#s>TsiGNjtXsJ+X1 znHZzse`LMthh(aw5C;4TL^UmQ`YT5Aio3FPdTsb4@9OW=3vzL4i*1Ddm)+LQ_%j7Rd{-SS)Lj1C9_H z_~ue0R9PVdHz&EEU+U1PBLKR7W^>T`j$^@V8Y~_Fg;NRYJWVcq2AbS`kfCJmB$*JL z%J^Z1;PDjJ#fb{9FGeuTQWoYJAZGx!8`Ih_lzwa&Uq)3FO-l^Q6^#uQ&SY-$B&B?7 zBm`1rg$)~sMy><~ttfINdNMA`=*foh!FE+^5(JDzL^s9G-RX^~|MAE=s!RF>x7I^*F=u|`d7(RB*TH)H{y%pA^5dV^cOU=HfdfO; zRsEOtue(lt+-4vfC+K_92h9Nn1{^tJcQ?!xYvbX$U6km_!lkfkSyB}qFF*|K(SbM3 zj#bF}D3atcOOnUE%G97KYN@ix$A&jq(exB`JWbD4EUrr8^lPnyKj`O3Q9cZbtDrv2*OlYW_lj)GU~j&(|7qm>9X*HDSoaqcrx@t>Sc@ zYhUl3NWgJ>EIzDJ(r)N)uouD9MoOZO+-rRqiFbsv7}$&nLsn$b5$k zk+jDJctk7ksIq>G<~WBjCEsZ-ERk2(QxqdO(y}68qUV_Fkqp)rC?h#@`HPyECtzAW}`;tER?{SU1<~zlJf}hZTC6I@(!hL^n(vb;_fFH(X$J5;M}_rhsREc z+oO#~Zg1jnTUD`%mCQ}o=3@4|Q!R0a^My`#QSpOHz@rs7_ZGaJb57ERNV_PSdI#KtDq3w12ynZL?xHY{J2xQ z>BlzPmbO?NWm;$9j{JO`!D%)cknt{LTdoP5k4v^IO8GA-3}!3xXoP@oPZ5Jz!KS7O z$e3Bl*h75SEFF;Ukt>S9A07C^^l*>bVNVg*l(N*%P>Nu=kLxK)y(Fb=+x*1qLTC2J z1HS?d+g$9Gj!xPxh;x(Q%SuzuCZ8)3`l=6!^NXPyL{cP1Wl?jvm+(zu&ZW;}a-Qbd z1eed>SYgb`>;^n}p3(}BHt^)*krp?6oEGKRm|$fn+;dEZ4$NqtaK0`)k(4xWLcR=g zPHQoi?ii9Q|B5ksasTW>O4!lCW@0jDoO`!MaFV5}YdJr)yztc47+b2M(kSiaaef(2 zhUw&kX-Pqv?Wp}C>cGtmEW5QOnCy1u0!}ACNrbs0%9&&B1ZAU5S*wv|7u1^b`}p;# zC6^wy^RlUA)?95vx~ENf_q3v$O}i(Vy{U1(o}bS`yBmC5Q8r~#&2~iJn?;IE2|{V^ zEnyghL+1}pe1MnrU)&~r=Z_Y3!2gf%)R}j@kHIP?L=lTZu*!jc$3h>E*&`*tTn(b& z*I%J!#J+Ei!(Yw!52qs~>@04;*SpvL94p}c`m0l4i;B%SlQS#qqzVnp53e-MJT$DQ z^pt01*3U+}!Mptf^PFugZ>S)tI}F91VBViyS5YaLiS@gB6GSCShI0r zUd_1$@W-R|VLHd|*N+hk@WTMyR@w%VX@MuThG0xQ`#u!llt0y z?_kNb7f_JPjYfJ6t(K&Jsn>Ka4IB_3i0+paU%TKjTntimpx6ioDe#1OlC0x2G{8zx zL-LuJxTlKqlMhNQ->sI*QQww1;r>%;3S`KhQ{o^Tb(ilAuIc^#z}t%ZHI^tMr`{DA z$_wPKOM*_YG8UrV})oqsa}5E>gdHM;BiBNj?Z<&pB5W0XCNbNpKZZpd_rm(Q2*P z4()g+6ZGmyEu&D7t@tbZy-jMaz^Z0NUtaV$N8Zj)yJkKoOqg7H-W94-1|bUgRt?0o z5tsBEBP$MA?~vS)Xg=P_GzkuD@-*?kcD9BBHEHdt^Gs^_5o+g9n>@0+ZTKNxk2y6Q zEmvhG5lT)4#R6xrJeU~Y;L5P#XTRL2Q-3@+qp~+DCSP##^l@GWSgo^U;?}ONr2V4q ziu(36Cw8#InJhUbgkF?e>bu!flk%XcbDK$RYqM~=r6e6^-%M63lbHIQ`n(kR*?fbJhbH157~xPz zAbBL>p!QA?;%bundD&ypZEjlDma(v->;{`xa1~RNw&TAlN1@o#z)sw6Zoq6Hx0QEW zxQOzG-}~vF{_ybg8Gl4`7z(OjqB-%^#|2EISn zq-mY#dDMQo(xjWhTu5mB%h_YPX-KEJ33-czpkdTZG8zjk?wIYU-HtkD%pp7M&ly7A zUft_1n_7&e+oBTwWrah8B5PCMkSzLt}+riI<{I-g#T6Bw(1kvjM@*KKXm@k z`9tRqomV;^q?lQJ7t^VAws&@)w|C-ay`5(}n=hWV=e?ay?`iwl^LTsk{6+gk zzxM*(Z$I1V5BhPZ1KbQSH!nIbdhKMexz%1V-bEny!Q0KSy%}zH-gUNipKkAN??lfw zH{07g+yBq%r(lg6_&+sD7Ol76zI$~Pl^@F6jd2D4x4FHwQ{(@hZ9edSpW+9LZbbWt z`4K69e*HB#jnN2|OgMmegjJV<{nMm>7GSg?a)p?8;ZlQEP(ntAreBVNFtn1bXWk}; z(&3Mwm;PB~8nc-@VEr+OuOa5NVwa3B2*N}0&kz__S604H;Z!dx&{l?*@-ao3&-(1H zhmO73g;jI~|IJ39`vtqu*~IZ7w*4GV#O^s{|`6X|E=w4;QY5c+YkHy zDSj62KgDaH5?CaGu%8d2%XmDx-WXTNf9;*krxp2c8#sUm`R`Nwto`y!i2m2ZGI%@! zneXu^%g$y~5WjkHKSEb-K#HHq&=;LOr%0po_G+*y6}=BB@$f4Cx4s^12H~&2u3)Lh zF!<9+HUm*<_lsbV_DkmldIZSJRf}~Xy5&j6TJQ6A%N4m+*`9jcF06_CrX4t`I&awl zX6U|QC%#wR4LjlJ4TPeh2PzXEL~bR@Xz$>))VL{}mVhUxae>*>WW>j1c2rUpXRb9DdsoacWb{XafUMwqE7 zDyP>Z`QFcB`rmGEKW$g&e`ja=*#rIm6hCXhA!EP_VkA51EQm%ybd__bAtl36){93` zKQ7Br67iQ(JM2)tGoMWX!OD|h_1}ut>WwhDZHFg1<{}R?>!Ao9)g-cY$nA=)Yls!(l^&~h?$GgN-pal=p)_j3c^%&5#8$4-I zN6-pRKWgVqmM-y(<7?T(>=d(;lk|gTe(_QjY#66+OqW~CdSxC1@7msC4?@fm-(g+yDyqI*tNXq;$h2gIsbGLd_DP38M9>GT;c5eN zw4SW&v-u)6L!8Xe{T}OBN*09alvXEN`61!XsXfgKR|;)ETrPm(m>geFT2ts_Bp#IH zzNsQ-k(p&2XFbc=KQ=DqB z^^AZ3M1gyU3)}LlqDQ?A8`#+jx3<6N>_jU|VhqmR#~SC-)t3fQw9VWGib9Q z0SRz4eU#spMOFt+v%}nrZ@)9JdQYznpk*e)e*+QC?~TV@s?P?N!ecLpwtOY)Ss@>) z7GIVOX#0lUb*7`OR)fbjF$o9_*LFTvB26L7y- zJcZcPKHPp1LX;h9hvY-tOpwwM#S`+$t;i!kT6SvmO`e?C*+}M(VD--+j~=h;;T54C zPDAzdIETA&4quDc3RZ$i`x-H@Bz)X@6?-F4cbD-Fu#-aPfEBqx=+i${Nyk5Dm{SH? zfh3cb6kqQ()2L3TWrd=00uv5mpto?Z{d+tfH8u$R6`Hro_J-;%zKYV<@E`#Y}K%+6{eNv;TsL zI4Vf{CiE_SXN?d(U8tp)Nix)zGm?>vV+C7D!U7d@gaLj|+J}RRjc$2?afndxG$X#^ zm7GWgxhjCPjbaBaS{BjHdB=&tG`!NBUnBvhzRaxt9(EEPMe`5aGJbYdc%mpN-xwl> zNwL^xJaCe<&u5C`oa%YN4_+|}0HW_Vr@C~GECmJ&2g0iHa36(0P^(r2K*RvyHKU*) zM)D+Gq@B-(!xq5Ns=&oUzVP~qNHB%wE2Xg*Y&3cciSQ>W9S^jpqZlnpNg|;&9ss75 ze?;UE(i$w5EGo4*P>ByGM9Z<9qm4#E1SK06jOu8Ya?F@sq!7$r5?U_~XHgJ6EpX`? zo4ekD@Aj!C|M{f^z&!iE&3 zu~S64L?)t@Fc~itQYJn^(iHlS=zS&O@ln*qT#?Yq%4m-&3z3f^_V;}RO|)^wgC-fO z+B@+%y)|j)ixT1~0-4mVc&llUgT^BxMIA-4k`PJp?!7?TzCuu6T( z!nxFvpWOgLDTiK+T2lft$}K9zGr=md-<9P5OUq+1=1c4Vx#$1mevJPgcl(Y1??#?g z&;RF^_nr|1FU;)+s9yf$w208lvuz_i2ayQ^>x9-%X(|B-RyQ)XAgzX>@EvcAAMYg= z#>y&(#1{F;Mk8n(K1`@R=QFF>40YRH_I_7++^8I|H?vU|Pzlt(PqKxflHk6adrK6R zUdo(0qiR}*DI2LCmJxNqcy%7NAzo4CO>X(b9;WYU?waGD%sKkGdl$s4>OF~WEuk)@ zgggR9%p-g35nKMUeK2hiZ6JFH%8NwwdO`e;%BzNyX+qBfbrfiuXtdtCV+(`Xw$xe< zd#ytb|Ca1W84Dkeu8C!$x*S$FSzgMgppjveMVQbL8q%wk_=srFXCd5uE7(`_wUf;A z@c>&jvM$6KRo3W`iNPiwu;QSo{1;1Av``Y4<;a40=l{cA%>Sd`?GFwc`EL_XW%)10 zCo>b|*SeD=%*Nm4OgSrSXvU#5;evSHWc@gyuKMOvt>6ZPgu*+FW%%8I7A z`kfX>cr+}drW}Dyx_I!e-9J> z-$#Rn|8M3g$N!nD9`OxlCU3e=KrAmJWdLRMlEb*N7i9UF*S#?STw8LX?}c-Vo$()G zO&UU-TW2dy7qVM6dgHJ{`+v1XdD$sTX-OEgMVpy#Ev}InE|%!S)A|u3;|}&ad!3dJ z5~xQs3?!))#_N8(bm#Wy_VKTg$zigL^(n9%;yljF@f}FG<ibwROo5RsHc$&)g%bb;-DKrQ$|=eK zLxc=T_NXjek-rU+q}f01p7b!OkU#v*b*$6HE&15VRYS( zv2W<^JEUo+d$CW1ROoNa&Upar0h9VH$qfw2O7d^>+Vn@By$qDspZ25=r0NLsEz2cf z`H~M(L6R2r;NMGY%Kn@Jd!TuM5$_oO|DrE8BvHQLT@SXcKAK{W^GfzR zUHD&aF-(;+SfrJ@x?N(bYlALJ`ffx6LdaEMP4jsW&;Rb7lTGK04D%64odGP&1#5(I zg}gRM-8~k8!e}kSE1-auTq^-Lh1Z}w?d0Hq@F7IY$g++BWnHJsRUIPoxA zB_uTq7RunHQm!+y)P%zF=jh#IATQ(m+2zl}^Y<@azWQI|)M&N-@>u&G$m+2I6^2XV z3=vzlh_%Zf#{QFk?(h7+lYjf4VKsdI_j39fY5g-$`DdW-&-Tdu408JC>2II?>nZ;4 zx6g~^;b(U`h5ucDzOk+ryN`AiLNw6l-uCz^WzSQUYNE>u{?`|_cigpH^tC)i<$w49 zxGZP)$Dcg=kN$By{?nk-#DCw+Q(6Dd2_kOw!LHEWvfvRhH}g`y^sVS~E8af2w#+mL zq4%M}lti|xhI%9uTUl#t+7gOlX~rmgR%n^eLXD$zFZ-6JMcv!~+4PN;V+AN@qK6qtT8;v-+-grsXC<2EC@#+PYM ze0sQtP(Dv{o!Mq?@zfdR7AH(MndM=@n?&Jf98R%e0m1kj~VGOUr1f)gPv$Cb5#QL{KX`;v!U5LRw2!Y-F}O zdrHcG>+t_N>?QI)9(NBL{oh8OHTZv}AJ8`9ES9esl)zARgbd6~ceBJ$5@Oprz0DHK za1~|OBgNaSkh7U8f8y@KJ%(1&WKyZFh&GdUscgbIA~UZcwzS3@uDUmzvO*+5mzNU0 zZ`y(d+}_f%KZYd+Q(qJ?R&Mm`)@gw2nk|%`6kp#-Ne;Y^hH4K9gyVnvKAJS5IO8k4OS4Z32)j z|M!j#yNUb%qi&=B-N=)EzL!``iD-_IYg!Y@al1^5xm-h>>;Qdi9we7LKTD4s_pxKG zyb#fR^3dQm}ekTGm*p z&m!Fw3!t0XMD{G?Cid2}Tw5D=9Dl|VCtyh~IPM9COxk}~mf(4#kmLYI# zXFr05O5%z>=XN zFRFk=TUs419)k&e;o(>;wr%-k>Frx-v4*(|=gAW%n?>EHlJlu;J%eWTeO9JcXe~LW z>O;|tAmu`(SUX7`r~xvC`IWzCtIjnQfGY3SP}!VX_%~Y#^hL=PAhohO^&^X9m#GoY zlzczR@o3)C>TvxhwD>gx`Li4>w04e89jLg_sGh;u?%8Bw!$xvj|6h-F!0vQ^v1%XGWIo+NB$Gqo;7|R;w}EgXl9K=OqcbF==Ip^7oUKK zlS96^T@Bo&J9nqIf46Q6=hagHxQrT*uMWvoxynfBqhTi!Q;GUg&E~}G73~dVepw9} zzB>u>kg+83s48IN#i3C(JIAc@ zkxhp5q8zi6TPn(USx8lKMS2cHypZ)O@wYl~(i&Ku^GhkZh-Os^^esnpRz6Y^s3D9i zRpyEq-v)*{JCWl^O9glY={iSAr%^RPDK_R+yOfiYeJs3^v)lY=-L6grDM8=mdC?T9 zjUuFo?@4M%jVfNpm{}^!tTC%a>Krpmb(uGIrQAw`$M|ff?O0xH%?Ju*ktB@YL(zT&8alMf>78(O7ccK1U;hWX8hO2;i?aspm zKisn)L-ol|gS(H5?=)3I%v9osfL zwr$(CZ6}?iW7|fD9ox3|%{f<9x9-ELnh)z?t*WWTD6DXYhsea!*{zJAf zq_Tan3^dL+V)oc{H>A(Wz6UzRqPqpNCFhI5ONvtC7maS|o$GbU^F4JY(3AewKi>QH z#XfjOX&=~{Sl$H8Pw9*=!_?!|;Sd;^ru1Y;-T!;41$ z;~>9JU%gXPVNEh>%|w`|;bhE)>@@FHY8K#))Wsdo#n~4f#6rYT5Bl?9aoh)V(cQB# z!KRQIWPD>{s)&!XFh#581!wm2*P-ONmH(JA2cZrsF7k~4rU)d`1 zklxXBeHpxIpOVoTFKBdoV(Ka|dct4T*?%vY6zCey{hvSHFQ)if7teEgBb57^&G5*` zoMFj?ZgSgo#5Llrt59-MmTg#R(%PoV<1zt$yZIB+RY)J;=DjERfPTq*MeAuC#N)D- zzZ@xy98NvOmLAgEoUsK(@(QJZV!?sTMgXFJTK`-OB5aK>JXmD;Qwvg#N+rZg_?a9W zT!}w5KwBi7oZ2&=uO9Fk92yzHgVkB=04OefZKzfdmDnL9I(zn^g-U;KjrOFYwD|pK zJ+V`2sbQ2wewXdY@ixDgMREt*7#0;76lR#EWm_ED7y=|u2FoQk6M%u2NKA}iD(^?Q z=WmX3J!zZqRs#;cuawY@(qVW19r&|e$ow6iLCamcK6i#gmc9%22w;`m`42Dz0txZm z<9TwwKwf}`f7~DRM-1Ti<#_eEfDDen`;Dh=he+$MatAmv9SwxBbs%K$%jfK^Ve9yJ zP*;BU86QWatRl{8>OvRx>DlllqDHQoPVsUnJ+j#jfqr7+YrE#0WSbNt=9lcXN56=& z-BzSezQZiw>oA37GSR7AXQ}n8@E(?nYG@|$oJp|zytLLg>JBKI-I9|_6b~dMcvAV= zz8(OwefXm)xPIyXrDHxs0LUp?AH8!=jxDhV!Hg6h&qG?dd{%c1bZJpy+nqJrT8~%O z_RKnhQkisn8L4D5;XC@V*Tx~xo2Q_l?bWKEc;zQO_fo{lD9VFpi~_xLv4Ge3{eZe% zV73R%y+50xSQI;>pXQXby75b8u8a~hLD*Qn_h+BE@1wScu1qD51U(++pPY@l&ilN+fHW%LI=q@V-a@`llLx6 z9pKZ8?@yhLbkM9bT&7`3wO-p6QqQnPPX^g)%RWwvL&DNE3Xx@;oTJUXvZuUxaG)0z1d}+`q9ujd1H4U7wei0lZv=k# zlrugS;QV4c?v3T8UH3oX2h?{_xud)ElZfXgU$5I@6h+VXh3l$KrYrFc61gn>E-5wF zUw5{SLQbHhxG=l9QW){Zz=SXusv}#`n7)%Z$^n4=;ah=!k}`DWcekJMn(PNA5X>Hxb@%qXFgBYd0*1Ry-2-3eeHTabd8+c&|W=sknQ7m7Fv-4Ic1 zbI1}>c=K;l!WT@BM&7>gvA<8X`^wfX=&j4YM7j&oCyr%>R`EN24bMbyA=b;l_^v9) zm`@(E*aJB4WnV6k-JSRMz%6OJ|2VYgXb;U<5MbX$6xjzjC-1rN^BMk<74kmyQh&;@ zNCtp_Ma86EEWKAR66i(cVJU&+hQ6K-apJ(e{qXp%PW+R7iI#EplFQQTi}CLx4GiZfgPjMpFr`vw`(9Opr762o-i72dE@QR@v?sAk(T`jTjF|^ z-s5kV7ghZ`b6)fh|5}jniYB^hgo$pTK+L;8;d5u~mpSR|<{R)sRLZjRkuP;Kz#!nd z271?F3Z2~8uVNX`I>_&ST%tzeS+;xDJ`<k8wm4Wx*0!5V%keuKsSsgl7HDw^OrhmI9N zZDZnjgZ$~x%h8G3fJ^_0`+YMw^mG+<648WaBbw?W`}pUrC*gDiAnx)4FdbKIAFCd> z>t*aUJ-iWeoQ3@pLk{VDfu}ik`3VwJ{bgW=nhBTuoF=t`+fa zyM80Eoe%(c1}Rc-jH^qYo@S!g3rv}=RO?TVwasg{|4MZbIh&%dgmd>i-JFo&v4J>Y zBVb^MxME~2XqJtPk~1vgMvm>oOKQ^Al%=VdX^K16--j2xfjQM8Pf12T2P9L#LXe*{*_{wNCSm#oeTdNDbtqyYpjT3#< z(eSE3u7=U;8F7fV72rxvk6VDZzEGXfEWXg9!=LhpfQa7)lg~^mDYqNKfzUVa3@<VczFu9UaJ5qI=ubIq7M~Pv(!)PKejcQOXt4OB-v~;D7K?%hy$xhT6PQ4W8}q01h|VBq$T69v6;{tsjM#!rh=b zhnQ#hnPVb|aBapKq!R#?Y27tgF1v1cS32v)F0qs{Uqh+GR32lqv7;pUZG+r)ex3e2 zGZiBdD!j-{@n)LO`C!Uz_zQ>|{5^*%{ax2=k|-VykX3W74Nz&a#yfBUCxUEt36Xe` zZ!IigQ&a}s`4gD(mb%1#%7Y_Gh;SR+;bNMDMo9xdouZlrT@`p4mV?73D=A*)Y<)ts zU}svYB^g0Nb9F%1^yOglPKtT7grlA=<;Qqt29b_A>t95Y5nn{gpb2Ilzb}IlMvi0% z5s7ZiL-fQm{|4FbgooZCu7m@2q#2PFxLu^IQbNjXaH820=q&kAKy}m48$$3alz(Q3 zR=U3BI=F2{OH@9HH(03GLLpO(V%O$1@3D!PfIIQqNW zqP-fVUvX2#depvBN?Wry@4Xsep0yHN#FYt5f>DV~d!JtXRv@pN-AKSbhWq&=yP*s#Q0Rd=&ns zaG)|P^(p>wyz3N~-Ky&QnW7w)u+%8H8zhH$A-h<*f%PLFtlxNwm>Coo2caNCVPk*v z$po}01Qjc!{Oy%jX0Ofzt7VMXX z)d9OBf7$|V;RUsmT*?oH+eDMA9K{jb%H-4{ntTpuRxYLEG2#@9qaM-zvJ$w*>ksEW zaL}NpQO^ubnG0U75#7I!6A$}tS7qE*ZM=6lxaw7wj`fkb&qTqCI|IF=%{(8Q|Mix4 z_a%^L+~3NVNX-BQNiYVka9vS;2*kg~e)J|%4gx9TPL4q4@Ib5_UJ6ZyQB5gGz-)sR z@ykEN8~h5Ani2k07O~Y%HQpn(?IiH53K2)fy;`9*|E8@XDGzNC?a}O zM@2>Jql@x9$sKGHVf@2zbN4SkqL{-xG2vVSq6Jj!{xF;@Wm6q(7E8>JX3Jfdy%5-H zG={I@7w_=4#PY?}^CEmPHE2yZd=<3kM2szs=rs#NLwcQSH<>X&pe8QYTq43ByI>Nu z{^&s+{XOE4<=^5MYjNyCRN00&dtJxd;O0ba#{q^RY{_|;<7QwyiUybT8Z;N|kxf2p zpwL!u0v@Fc7%t0i4KU%19q+;3tsN^ttphS`2wn5LhlTRJDVFw8ttD%UHIkq9cstPw zq?0)2>%*`mJ*nul?cA80ZgT-EMRf^cLQi=CbaFL%9-#uozp2DeqH|UghVGI1x(~L_jgflAeB)TRH_C)pPIl^gwYc_ zN0w^pi~a0zecCQ9mKQuVA$V!fXdhmR=W$iYH=RZh(f5EaiiU6k-9`L;T+hJKaEaTG z+1&p~s_SFP=s?P_6LH|m3D9Z|sOwObL=>muq64K8eJ2=FQM4}XYv@zT`ZfSr%@9M% zQ^`;=0C!W+m+N(8^pZd40=gs4llxh&ur3-w)LK_mSh&;}c7cg>hm?2{V;2tVebCOo z1sbgAh#tqU6-Wnre@6e)(m)4`1C9)Udk~|$817ng%`HJq0tSgFss@%I-YByOr%3*{^L&)8dQ2InUhj-KJO` zbAGwD5T2p1KkfV3q$B=pvROx=Vc}|KApS(N?f)Lqf~O_0hi~fUub%tTto!#D78|^@ z;(aRo@pf^+ngu$!uv$C_WP99Q_9D&4o|P+orYLQD+`Uhf+wHq>>3Z3kO%c>^n zVU71D!j3eYFXa6jkBjv~h!COb7QjSzN9jMgra`oCZP^5kfq~ zGHjbXrcVpLW{#B|6nw_gr(%{cCqB-5zp00e@2|Sht+O?kyFF7o7iu?1v%QVKAw;p! z5xCNi5tXKbkSAI(==};VAtd9KqT6^V68#6q1SC9|Q9AQWZQ*y(8ZfT-BA2Uc?vNpeE%Loc7)Wu6R9^RxD< zTLDyVPpf1OWG_wXvUplf1r!=qGOQ$$qO7qg=PoF_epB%+Ru}G$4suG@!e2C~9YoK= zSft!lRLgwU9s!tB*Q6~PyrdjL!GNB+s>D2%UYyIli{4ww`WKR%-KikogsVqwp!AgS{ zN+7<8bEox~SYQ}}5VOnx0)}sS$vC!Lp)jWz^b?YQZz7>;GD1-l}o z1fe=_=zttj93Q%Tz+>)5OD`S^1i5>vKU^oEquQf^xEA$CAGTB0)f}$CIZ8J-E;6S; z5zbX+y~~|PT#Vk zbFfSf%7~q_lMFkwyZGY3;ziYj5()iWMm3>WPqwy2eVgT7dCm47zRN}%;Q6f#Urt)_ zVXvjxb_jkXF?2jYelisN60?ERi8aVtv6PwjbVXfUx;p5cn5#Qg8)snx9-c9vRIQC7 z>gsx67&MZUm7($gAecE}1vJ1I{$V~EbEzP(!dYyO6JzzT7A68=ii%g)@`WN*S`iCX zL-*toODH={qL7N7V{u+8qutOlQ4;o(u5?ud{8Fuk-_FWWb_|&#agT_7)F?=81U3ZC zw-wB%KO77Jxv%itjGy#_2aAhGzN}FdqCPQ6I!fj-)&4c=-fe%&W@hP-vztm0t?(fd zcx{v2mKO2!$|VXcMGl02M<&j{G(9b2+K?K>YxTEbO-R?z|Aq%!#559AIAV}I70WJr{5Q0;!XD9NWKckxlBb^+4<%T;1blUQIjV;Y~#~(x5mafN| zoP)%m_vj&p(^xJ5IeUBv>-c3MM~IV%mL$)gs*;|GCWE<*R#B;YJ7LO`7$|1z!bX); zYma!G1sfkvN-UoJM##C7Re>#SnvkO4x-l z+T5$exO833IcP17(RHqQ8R}!jRW0?=PX&~^DCcjBipsQV@H}XgcwP@*=kNE8&vbsP z6qU!bi`8N*tBK*lU(*Nf1$#g)&yEL5B9N(TW!68XH;ZN1+EX}LU%#-I9 z*(K)_c}5BZufKlk%=*0vbfjV@UT0b?V)UNO{U!a8`onCg$G@8T(^$j|KGQTw^WTa0 z>3V^z3Z{daKBS>sVSGdYXe-fY0p|?bv}MWZij3|nG64#wxVvhsh;7n?1|0wBP+g2N zRznfk9E7H!I&#Z%XK=#?MJ_@`g0DCmBdgF=$5uT;f@(|7Qsr4-89@Ki4kKq}Yr%V172#ADQnk;Oy*!?rymw;0g;BQi z1+}B`3Mmj`3|t}4^!aVe82MD^ToI8fYr%@(LhrRa*6_!<5@Pa_4ccf_+t zW(J&>Og_)oe4bIq_xOFk=el~}>QJ%~u#l)D@@ru=wAuo5;ADK2Sq3q53O6|(((10z zAakmF<|!D(%ds(jsu6@Hhgsnif(QFdOO9py_35?~uzKOw~ zAWGYk&xj?CYjm&sBVA$`@w`8DbLnTZ3JlxuZ+;uA9ZVRNGUiOPR3pB_^_`E$k`BgX zf%TP95P-lf7?k7L6M_h0B8j3h;#g0pQi+E9*m||#qV%eH4>V0Wy~DzCP^{}Sa@Y`B zE~!KnM@Ncq{A7~exT3mwACcjd)ykJ`@*3HlsA`f3?2iwms-C@FADJTrPKwQVX;g#Ehz4rKi< zE(HGBUWzA3)mpGB8{sKtiKM3Y$EnU4-$+NDk8$S60&WlqvJ)S8w8E+iIdg+eshXCR z52iI{6qL@Pw<5`c_)y>wj+a9y&NpM-li2W-*aKN?r8P}&ba~Nq6;8<|Z+Dw8Z|<8+ z=6Z=k931=Tmj)-G5y4qnsC3{9a{A_5;g8Q1_~RrSOcXG2P| zgySuCCNpyOlzdBdZfLxNf_NlOa5A_NW05@W(~caJkam%DW5^6qQ2lT(OUS2mzK)aD znvF3FLYrfMmt-X{tkBKWP1!rbAas>r_S1<_%}f~Cdsq%&%qcpaF&TiUV^~CR=+cQg zGG&KYyLAvIUTTz9(dMG2bu>Or>ZLVcqkjxB_H|_*Q8&@G0@k@#QZal}P4hQ6v8usF zs5~s2Pw6AC=y7@f?KML5B&#Er?t!9aPY1IYOkfG`(mUq{&s}}I={1A~Gz6b%`5qY( zF+52ob?WUP8?@#8EN>|;6;pKz4y~@a2ov(UEb%T)i+|-faF*K2XCGA9$jIl zn^>I9W@iM6jY*~D+`*=>O{6|w|R!~1;mLm)qP&bxd!&9TT@m8m5*jAk2a!uAG3k1UB&#U>CF4I zaj11#s|8tULg{$Grld9ieBmCTu|zx)BOQ8xPA6LF9kkAZ>R z-bZ*Y?M5DNhXvKnH5wa&m`{Vph-5IKS6EGt5Af2j9hb%OiTnRBZ4J4AY5A8 zPZ}So8~zn`Xe5P37mBZR{tCv(DLDwI+=tBfaW#6lAzaYq$@h~nVc1|dm&={T|o zU2)*|7N1oca|KkC3Hf3eqJ}%RVqwmgK36(s+>ZoQptZw>z<0*xJ$MA@PpT00B@lUX z1X|DzqHzl=mwSNb!oE}F; zrL(|E#i?dqqQ_^9!2k035}seazc~i(1ul8$u%-0}g{!?|LN6bN0a}9Ux0g7($in&) zhHUQLwa^fzz}T&uQ$4Yy^VQ~t7hY`OMBz4`u52I9|6FhTauW9V-QGEwbC_X=vK zB5+w3SC-c!NhbNR-8SP>-^;7UjZB5txvUe73zKDcRbXhL*E5N#iJ72BIiQWSmRtE1 zO+*@-;1oD^Zfl=(>P9SDC~Z6)ni0G+y$vSAz>d|xZ|Ra*KmNs!hT1$c6cJI$hyksO z=#x^)Q}4Q~qS^jq?51&;dZ+zeoXq}-!IWj0>4Xh|5$%$kt8tAi#KQ!b2 zxo`KKLHm{gzi1KXrz7jQke3ZmFmjC*`M&ZNR$FqzqN*c~d>#a6CBzc)d6~p+O&W}x z4e@I2HHm83fxBB7ZbZyR`_RG}4~?<;+I#oUBqPY;Ig%qnLR1YOEXH3z`hr$ z2vFk-{oA%j0;OD};99|Yqz?`gJ1nZ{TTm~biAL}^UW^I1h#i;y>z%KVO|ID74~$|3x?&9z66d!?XkcO(kCgg^)L)-ec?Zvw@@F#Fe%wH|SaRL$8o@ zGqf4<-Ismfk)wZG?QRHO#%zf%kM~Qyu(BeQdkcggCK~WaT@tu9QF8AGN+Xr=WQ&=d zMHI+FD*I~@-XSCSETL3Bi2de8352{y<|IBJR!0I$d8DFA%ITRYYuIbN*Mf$PPF3a` zt+Fg4aeL}N!H-I)y?Te3TT0BL2-dM+5Go-w2+IucuveNWi{igJiIAppJ6-UpPDyc) z#&9n2HS=LzUHk(%~}41n_}#3@bfq4l8T($SHf7B5`5V|a*1*7 zT;9JG5<3sYy;yIgvpQNL%Cd1=MJx^q!>n@L+PF@~Y7VCz_Oi!M8~B(K3^=uzl1J9C zKl6Gx40;^`@;iG%M`60MbJjBi@Y%zDM$A7NLI)t|U_Rxqo3buj7>CV@K+s3(3O@z4 zp?}0fq0%+Xd@ZawfJ7g#5p82{8h!Kf?D&7zgpo&O4+`@a#2ra~nde)oK0M#dHKhnM z++x3=LCHH+UA#GfQ=&tB(Pg2Eg_9+5p9qd?KXvK77BI2 z{COGc;j^9IwEP{53iz&IYP|=_>-BcDeSE~5r<)5b_>W)TKVN@61Nrm2z2Bd{{jIM^ zr74>;AXy)76;Jo;=zLEuU9ke^F54M>C7S|y*IT9Ih#)p%b!JAX$!No!--kqTH=T>B|+7qHJrphKBwgk+T%ikItTXMtiC zi`MdBiOFFV+Q;5@S%f(liN=!jm>f$mnU&EXMOFe%`Ip`ZuH9qmJ++VRBmz?mn)U`w zASOU{Wk*R>vBh17LR$$kDj5PQq2LE9-qn&@z;Q2QFjj&vK z>E}Gd^V>eQiy22akmcj;87EBat{yUD(CsmI`GL_% zE{pi1Yg7l}kB?P(6zYxTi97{A1y8|UBL6*p`^Y&J%%I*a>9Pn$BEiG2exO3cq8Mr4 z!7I=;;Bn-_Ki(@m_MT-@F35YSdP-2kz78We138yM0!>04^{r7FjB6G9KA=pvCUlPUx5Hh-KE4T~# zQzVlANaXwEjksG|Qt}1#?)6x8zdaZOj{3%aN*q@teuG9Or$DYE+}&Q}FZI~>+wNZ5 zpkAVD@iYGd<=#GrtTnv~%S7M)J@NCurjo{ghlAp&30iFj^#l{`6}0JbP_mbY^=@-* z7Jga~6F||CRBp_OZ8U)0C@qCHJ9KNSWs9HCf;)j*B?+z8(@dZ&5X-eOn*~Fd79wnS(O#h-hw2+(MHKQ}H8V87hk&() zg^GZ3w7?HX>q9>v=(fTWY-$C@R5$K!WP$NaVqffnw1cF9ClFuzQvy+XlblbGUp|hX z7ZY<|vL^l|Hz*1obw1dn6b(r`$489%{?2@{pm8$O%`;{5h-IFMQ9!ZVzy+b;6HFB9 zK~zfXLlPrX9RP=ru^7d%x#fikv905UXlh8B7OZTMLFzzNO;v28C8e>lNDm@V9mf`e zo5LVbU{V!SA|gi{ef?=4rAJ+sqv=^_=+GI`?E>e}*&0ptB0!lD`Z?|fCGHWsL|uTA zl%HMqg%2Nh?Q;fY5O8ao%a!Dh9GVX7QADerl!g`0_^)M>HSj4v3FWKzR?u z=lBx9^@JJnFO9H66N)9N=mDuqDdSv>x1d;Ub;9B6RyJry3-y6nT&_$*p)H?h;#0x@ z1-exEJlR$|n}wO+limu599St~q^1=c zbdIr@MsG9vK8sf}W$>i{2;LoS85yia;^B`k9uZHbCGv*CK_e%~3ZjC1T8VgBpM{>^ zz+RKg%J1o-3myN22OURt^hrVtv4J@^c2IGFAimPH9>0iTH!X5BnVb?mP!aFLu8`y} z=lhmbxetXhh0mS2B9P*(Z(_861_zdy(%5>JrkU9$9&evI^vI>kH*_G7NM9e^N}*k&^(w z^Fk)=h9P(?;oYL5nb4p7;RR+}K*yVbSVJGc_suJ%MxgzH)IT5_r=8oU*~*`;a|zVP zIOO2E&z;3vj%S!-vr^ye)+Ll03Ctkr^;h`G?7OS9Ny=E!J3(?3cvLwyCN2fK`jr;_ zk?cGSHaoL1{=&$}bNU2JBNm9uyqH0^7)gB6pD?d{h7VFb4e{wHU=%Qs99CrO_*eDF z&Fg8o91-D)ta2j!a)Vrgd@%(C@?*mV7mOk5UCj5dcctiTasoVOoA&Ncw2=dyQPk29dsYM3EUkmo z;PC5Bupzpal4Z`OoH;cHHqg!e`h-0$R+8uFxvsHR_M6ZB;L=@XyIi>H%1+7aIj3${ ze`tg`gTAE6K8W<7R#X8o=SiPG+Ots+$gV%OFGnr~I&!xh|2vVWzBu~7NA@$oY^V=k zKvPTVv8^i?tN9hA*U|D0_d-oDCG#gW-k|U+^+Oc4nNAh-e4wpvy-!)-IZiYZf~@FU z;L56NUW!Q-s@bMn58Z&lscz`^=1;W!;z+ zHBZ;thHDwo^fc?9_7uZV-F%w z`g_9ci2h(>77#KXGNlG&j34OUx#`CXRBzq3+!L@l7=H#LaoVAQ#DW%tts-7?@!9SZ z3&`J3Qv(6{cl%>Ayhr)D{(X;OQ~d}q(52t74T@ungP7_;{ajkVH=73)U&>63v-?G| z7%z$KAlwwRK1G;6#FjvqUT)q|vFXW(L@By1DNXrIo9O`P*OwTAnMXmBj25Z7z*O!E zm>OS@YpmW{5qkSq{N6Rb(X~cXWcN?K&a^6$=xJ33(L}ecgp-u!L_~PEc5*b)KuuWW z;b1SdGSc?KvyzgghLxp3<(AwINjQxO|8PM$+#Mw)ure>~d4HrYqY%-fbPfAS#L|QWBLEqZ;XF z!jqzOFMKh!6p}o6QUB56s$3YK>)5U_B}P6rttizW*+R0N2x0E>Fsnr602fB61Zj@G zG6wTJTri8$`$oQ8bdv1RLntC7J|g;^83UfMUr`SU!x7zj_9Nu{(6m3(`Y8E+&wlND zS-`(|vW{r7Mr#p(kJ2OVtBrsz#8Z4Fuo=ZNX~kYffjkzG#Y!_!LL=q3g)8vF`6v0B zf)u!EcjObs;umxD@iykhDXleUDVi4}^{6YTzB7a_9D)I6>VY^e5Rosviaql{yS?!S zpt8e;g+K14z2iLtirN?aJ_0y>-vRe}1#X;_d#u^Zu2q<-iuqZnX%+pcL+V8&B<-Wk zBsTG=QM=SMNEUN-yQ`cB>-=$`53f33<5R56f&UHA`MsE}mrb04@9JL#1exr^1hWJE zo&xXO+xKi@|FgkJL|SC!IN1Hx$`)iySj~a>6>uaNA|ZHmkE7sW@&X5e7f10{Oy+kT zQLTG`B~F8=X?v!NE(3)wkl5c3-^Xp6Xy?&Tt0Lqbny0a#v@U>R9MeGJ>XoCIc{TB7 zStIMg!4zKmF7Ii=OPfI8I~V}f2ASjh^}Tfu@B6de z3b210-U3zdI4Jv$z}k{NXTi%Up?6ZCGK)^qAVXsRBp#`}6ext!G$bDj)3AZU!faHU z{|x&^{3$`qnil@~zct~HyZ#3Z`2mRk0u?5R6QNOxj%iTeJt;;XOCtC~qYQ5?5_(xi z{%@Zs7b_l_$}f;aIAVU?81O1(sHl)MSj$VR%yHxcW6hgE-{NHl1JF5!)BQ)*->;@1 zjT5tUWQdzStNSPKQkQqV-mS&zbYp1(+h%tHd*gOues-L_I)|C1u_v`SKc7d7%e1Uy zYT`9&uqWD_4amUhf1vvXRL}b=cVE05dKAdj^PfBMXTLpo_a~0ST~a81)4VkU9g88gA2o z?1-rlH~2v}63E1e(Si!m%#GTICC+K+Y&uX<5rk7tVzxaCv3IOHk0Aq)CV}B+ienrY zAj*?ya5|6`N44MF;j__c#Vvt+Kx=QHgS3B=TeZvO+u*jBqEU?2urs!R+ORe(4h7Ug zwlc~q;Iz#=WMMH!@6Mx!B;B|f`UNp(ie+?yBt<3(x{zlD_-TA8rFlHuLmn6JZ*fM& z15jem$qGnqOgLL9`VkgEiiYJZF;^GwjK2&zY(ERu!#32KSjX14i|x1bTE33-D&^_t zw>z7apZ|-6VD>3zwn3|Wjyz#n%qvE06hp*RS_C3ll!`INWuaOdUVs9HBa;P}%7n@D zs3kl|2GEfbQkGGu+I%cb4EAYC1SB+D@xJ-6^lx4=asq5npUs9*Cfks59$Ya^wK0Qi>Kz4L7`=g;!!D*vAGX`OX8n= zqjeq}gN>wup1q!|ShI4qbEGk5W4KlEVCW>Wy5L>gR3aX_NEd&dGr>UlYTkG}3qmHD z2*%El)KXqKQ;&;L0b1*C#G?Y7Kpl-Gj0Bb5HJCfiA3e>NGLk_}cQ{FFl5- zM3GncU}8jT)e)2_r1z!`Z7^yehR*ZfvdVBf4K4;i-X_y_lCZe(p0Am~tR0N2iX;`! z-7ALdJf0oAgduY?di5d^xm;KWh#dAPl<0G@G$BMXx4>hphM)fnQ;s{)-@SU-Xu_xs z2Bpxu4(S&|isQ%FW4X?GwSB$8YzvL0-yYF9CF?`!LS+9l z&Xr)_s+2gMPCud-Gw!o?*efh@+DtkWlK*3K=Xq_ErWVro(%&c9-aLPZtd}A)BDjv_Gd;=0WSmBG>Yo+)V1r_VJsI_7&P z)E>SsfYaPZ7)I?#YfQOXX65q;-F)>-}S8apc&ebF0rN;tF)O%Vt!P#coW9m`7J z>_S7BeTYXm0nK0huHP|)arn@rN8@YkM^oGWJD$7JD-If9Cg@^>TRsXN$0uUhY8I6M zwWlHx))oqgU~^Z`vg* z%xT99iW46oXA|c;^fDVU;H#mg{b3zc{FL3g^Lf+K(qoUcPdXDR`8YT^SS3I_SeThX}!ppg!A0tJFZ* z6=A$b#TE=a)xd2EvE0NoaAevbwGh~#G)U~;Aavj&>|(f~kuB`KoSTp}JP%aO79+@BO4kc@jTUW{MJ4_bnwX|1y8JFOtC_*` zXQctq6uj8cZ%+Mmyajkh;ErH?tM4t5JGlS9si?iSlF0u_Md{m3K5pQLVr_(-{6pM0 z++uAS#i0I6h_bG2$Fz#&w#hU2GxijNL@kJgynPndglIi`1rl;z!;X)0l3p4wLWlXV zqptepHa4`D@xN5m3Z7vqFG=_OUr#Y;hHwld4%<9V_P9bsF09{YHtn=Ic&P4mtb4`v zKWwi@F6l}TcaxxY{hOZh6Zqbx&S5*EblR^r5~`ulM1DBkPpn%Ey8P7DkiHcpQx+(a zeg7M3M21BB#O_kPGxErfkdEOsRum1^VG^20E@7Bz_+F}j0#4OVb33nVJF?O6rpi)j z^#7%!_TlaR4;|$OMc~R-;tciQp;4!ucf@Pb!hl%Gemw4+x13kl(&@IexcB5n;FG+>^oDugIB`# zuW-UcD$Yl+e0c*$Nw1U9UJ5~fu(ce)3x?)lYC7wqg(;quRV|JXW-!2iUg;66|1zbPrDMLQqwHLqv) z#O$MTV6k>4GI=?2?AjhCzLxyR(Li7I+H-tZ)@-{~MMT&X4)Y{gqmYzYS`Yk$s4H?N z)Uve3uM<*|f+kSpc9n%vOM!i8A*7bTSa$m%NIWO{c?Uh_ zO&F*D08`-q^6+iY6iEM;hE&oIqKJF9;K7}QJJbeMZET;$Jya)}>K{v%gOas#i6O4;H1>IQB0|+D#iZP- zYxvRetV28{`4-IOlF$9H@(1scEXxv2zWBfQ(+yC(n$TtwW- z(9N%3wIjq{7uE}nn+YLL&6Ki(^sT*h4#7>I;FBYV`$bHtdsq&eg}4=1@*gS#%F8kuy!QeFW`& zjjB1^d|G#>g*``69E_-}DsJHJeb>m)i>Pvwxoof6srwtH5F^ENY{HH@xKv2T^VrgF5;ueSE~f6qFrGoVh6(q%T=Zip{j zhO@3uWoDe<#8B=<5qaL;_)hyQVd(a=r6yo7F+57K#Q66}@F-y}LrG=%9n(f_eyK`+ z-_>LifKREwh}lTG7^%j?2@X2sq%CQQP#{9hoR`8c)-E`)zA>LY(ow?4#alufSj6#W zWC|z%uP+$00zA01Zl)y?J)gBra?=j$KQv2NM3xMQREqo)cMP$LMYonbY13W=_8Ve? za5)7EP0zFs;>@z$4X3hx8*(pOT#1UP6PXz*fe8t9&#${a>_AyIP%k}OK;+i>xGGNK zI&2KU1E3A^Ke#&Q;7X#d-N&|V+nLzTL=)S|#I|kQ*2K1L+qSK9^S<}i{i?pd`c$7? zt9IAv?z7k0zvo#=#Fl+MPK>*Sl^CO)!K$i>a^OqZ=E@3ek3@L4iX6{>U(kNMRUVtF z_|$3d)lsU_=SK!rntg)z`Hi?lAB+uBNT^fOur#b>fr9_;B1Ass10}WV9-#{|=>LI^ zcA*aCR8OBofN_=MEjz#De!qaO04tU`yoN9bq&xmIAG9d-(kFN((YA5{Pn)iic3J~t z2-`?C@5mL~xO-j*^DyAy&3^q+Qn=tc$j5p1(6wPAr3tdR(j^i5&C}Yya+{D8i0uKL zjgHQwBuTU1DHOXT^B%Du6`~(N(cXClCJ((3S~#4C$GN)SeU`o)#_b)P(Na=Ay-!Cn z%_X^r_PL!qD`w$S1tW7#R~q;8O;D&_PCk48%4`UU3)G$3nv)p5nLAV_SKX7R%ICQq zQM+_HzQ9YR-D?&2V2@XQuQfE3M;{W6mf&N*fz6NrImA(z!bNRm2-|~#ik|z%*u!d0 zQacTbAnhdLw0CVuUd2NiD2+o~=Towjnnts~oTOWfp4}I5Yy)#QcLq}w*AkLX2rM`u z9vj6{Ppx%)1s3$?q{8vMb|`OU_&bG05(v!E2YD&%ZY58FQPRjJDYVlHGw13DkHF!} z->KaQE2)lH>AkJIs6;>?*AYgHiiRZwC&nW(Cr4kTsD|)t&afTa*D=P^S>JwAgiJii z#5dDDT%u6xNckwvkV#VOs#gqN)_EfLyz0CyeF*d$erqg_t*O}Qc3ZR6-x;};AS{}3 zEvLm@I86Cv5ToeSKSP7n{_~7(kB>z#0W52UM+yz5tIeD}Q5Q*0&yV^^ri0mwJ3bkW z2To}jZ0G$=wV|4{21oSdT0f%naLixSxJeI{$#PEW2!H;}@DozJ=W{G$jpXea0+XcB zC}U;j8Ma!qkyga*$w$06Ri9%fCQ!1&hsey^ovS40!^jf2a3fB=O!&Aq_>bIgSi>1R z{3R9NR9y^2zEj>ZAhs^zy}Un58Gb#wyC!BuHZ@MF?&JVR zfCX?*13hC>V^hyE>U~ASvOl_89jV*ll@m3D1ju379Kzv;lv5 z13W`Qe*g}2OX~nT|G|oDc3bU%&9#9d+JNlp4f?hkv_aJsjV2~9(fe)bt_aJDy8=vD zULxxFlC|zh+3HP0CfeA=jDUIg{xzZnGsE=$YH^9CEV~M){VBtft=db{5N$(#7nJ&v zVAZWuH3OeMU&ae)XY^hE@O(ZcrC)o2T+9RqcCEoUGhZU_$R-g{w`5$3;Kz3czYp-I z_IHJ*_VxK1URA~(OmZXcdrs69^k;g&nQiJ$L{N>WcF*KNx$b>?e4Q%C0bkpSr8}cP zJ`^m605m+#QvYK%g*9R>Sh&Z3KA2o;DH!=7li0l^Nn>JR%Lm7%Z(HEkx^`>sJ8Bgiws z^gKa~qU^*kknHgWx*eDa1<`Ou&0l1|@-2@h(F$i5Mj9Lm`upWXfP7_L?Y9rTxA&ca zLS1dZ#)Zp&?Jy%gG51=LUvTVe(pp2=9s+Fbz}b4$eKr<*kheJNH$aoONYF~DeH4qE zYw-&daT&JmW?d+*ZxG;9rdg@#t>CQZbxGX6exPF(l{93tox~Aoy#x)#T?PT+1s)~s zA@bqhKY)bF1opf@bJ?JNkqLT-Za_i48S*eTZVZ`opRuN=w#o{|ffX)2)m8w2_q@4) zkmp0*MJqw*x8bQUmn6^t!P1yyu0PdV8Fxo-rFy?2_xT))a;S8vD>e*Ysj;x%&U5ST zR)p-d;>uq#3ZClws2>)&`jM-zg0j)4RZvh~U+`~(-y!CW%YQYKufv+W9UNC&_se@r z^rPnM%oWr+Dj9K^AJn31gaZGHZMrC*mIHXtXuX2s$ z7zX?c^>8X90!(zz1WyBV-2)U$J<%2bE-{|b->yG&-)HWiy(5D8G;s1#Hw%}&8{rt^ zMHo1B%gbz`5XFj_qpo}2NitbQ;t56xT?%OZ>~35Qp8k0E6{#LW5tok_SA*ftcIN>l zC+zJTEcqs;yxdDoki0aDsJGALhi|<8$z&7O!wdD^fS7YElXrLAVfelfhFOWg2OkUO zH)UnBZ}WO3&+~(f45%d@%XJP3uNt}AbkbQrLpbH|d@@|~iyrL2^{5;!$G?=}BF}ll zATsIZ#sRbK4rsT<+w)Haa(rh|ZQl$q{Zag{Clk$i?S5b;=ZxS!m#n&z46B=KoSmEs zhMeT97n6#jJMq7-nZkWOA1ZI@z(~# zx_yU!8{E9Mash1j$7%uN1NMc;=4>Fe*a2gEQ^U)iaylC>%MA4x84E9q;mra%SOditoGg`x93}hP~5HxQ*ceZFvH$n{8{ow&>}MXR%nE$XS`pXkZaVjwN0nlWi77r_HRFxv2-Mz+EJ)5p)WD2i?9-ZL`H zwR6;{6Ef)Ue~G*xGda;2fss5rIUohGL(zvu$#PTG5;$%anVdXhCms92Tc$FyDiG1T zT%;EVmq{#tW1n{k%i12sY59r;F4<%&Lu~K~`dJT)KnJ+-X`fP-Jui63@QQce)$TJE zDt+LzA49}g?ofNcjZKZ`>VMwR^^X8%JWdI}V<-h)xW$HIZ=vu~eWo(Ato7zQCnP=C zDd0U|LZtmsxrLk3pOw`Y{WsX`yn6b$CGk#JcdJt(+`7o1odp(&bj$kf4Em^Qjowd9 z@B1QB2C26FK+n}RS@$_fk4ArN=P0irKggla;)7Hla0>y(#R+!ysB}mR2z-g{2-`7*NJ3h$>oUW2MT98^Mv0hMUcN8{Zg{3>IIb% zKxwqwov>+L%Un<}U+NyAkr54BV8XBEs)c8SB-;!uMz9{!w;0}#C6MjwcwUsX6HRo7xK*n9S3E&N6w_;oG}5i|?`OFE=g`p>7C6g$7) zWkByw6+rJBRUlZK0@(lk+U@NE!YOq^0D8uS4$w#O3=rzt0O)tP0t!D$K_mmBX83f! z+kv-^?&bR%@FxJ~s5E|s9x6Z*T4f-=d?5?@{#VUZahIi*A7@cS5K6&yC{^4+WiEUE zE5s%f=9$A#o`o3*;>}5zGW)O*;bvW=<8D0PSPm{ zbf5KtQ3a;_ol7i)HJ%wPe~p8=7L*je5-}!%6rJSqE^mC?hRhx|7M3@&=egce;->{h zz2bbwY`Iy@ZghKm>|Nf@w>D-@Zg#$I0N(tbFVFOyNCf{lU6>pP1RYq0WQmW`EXPe< zA%R8$PtXKc`&qJ4;Ph2kwhxPn?k2Oy&TtRV5uJo@EchW29r;ni7c4VoYWje`X?uw^_lzglwAX&KL9JqP;AXWIJp4G^M{%~_CCSp z2?6++p&||x1l1`i><>B8AqxlQ6j`luWA>5TCl)^sj7*|<*q=bv?SQp^q zD~fK#SOX4bT|)i4Y9kcRS4qnAzRkH-U@ZY1Guum8-%oeBmY*l6Z?2uI1HQk#a^WB2 zINTCoWT9_u={&hX^Q}6Dkwap${J3ujxm_71o%^ z^kLo{pl#i0U@2ZFCtW*pRqS4)rsAw>-ecBelme&fBuiqW`oNKH;7RnEU&J8*2>yt_ z@}xieFZldLZ)oZH5d; zwzsHmV~+zYGQaS&zDFBUMI~%R;q&xUDRFU3 zl_e|RoXg6Qw!R)8@w=|PW!}BeHT$u9%JXblySF zLHtj446WgUsNYm&qLFT#qwm~`s+U3e)!%Q>i%6&%bA}ZtVClDU-IUnu)a){0KI(R5 zyxHSxytzZe!q6WxruU-vSZ9y$^*e`oRF5{25AIqM5&LjvZ?K^fMpXV=`{SRx?B9hgX@oq}y+@ z%^o!}FFgdbNs1#r_B8K3lM^mAbI$Z>Ua5%qav26|(q{V5*M9X{p7XGlL^9pL^!IwI zK?qcoW1=N2CKe+D9%4MOi*ffDC__`GN~4JfHsvg~Ct&Q62BbPFS9;kK4v04C+2+8P zVxNdFw&yXHOjguPn^K07VWJ-6;o+A!lGg0UW2t}_?Q9CeT1;XX1B`CDir2NA>Ftn6 z+D2eIyisBZc6ZbG)_`D>$7^Zq|?COd; zYj;N&7(}(lkPfn@E-y|dW~W=lOm%IUh8mEe*Pby{QY}5W!DYk~2;#J5oT+0%+8@jb z84ZxAhRjp|sxQ7!5UEJl`uD9LbZ~3%Xyp8e!hNPt7u5%go(eI?c(s63B)0 ztrj3g%Zhl2_WC=P$CIQzZX4&<2;idC7wZ9V{u1-UlYiY%@pcH>m6_S) z4PrzoE`o7^k`l6t^k$;Yre2Ox_X@j@^-qUErjwTciGAT2UhRCcM9H+Xpo&9@QuRtx zCW{b;o5v9;A7`pa#J~Q4mA(q{ZktB%+E^N~zjP|ZYFDU$XN`l))q;cbj*>v8e}OzG zbA0utq&K#S3G1pdo)7dE?6S0mGBFW;`#!A&%05kgo+{}k38d%j2uU^qA!ReeSE%kP{t#l$VhrM-Q5}*oB~E&&=FW|ib0W`M@Z+_ z$`nqS9a~ro5_+qVcrz<&UXTo9r2<0xklZc49BV~v`UK4wi(r5As>ElE|r?^c6Iajza(act6K&O$;p}h$*r^y=! zOa8}_uGoG)m(nI8#)aU)uMC2cv>`z)*oQ=n#N#Jr?(vg?#2Qy0@>gZ9EyQvBYjS%i zuG9almuKcSU9Trn4?~nffYjXs8tSeB75=6Z2poycHzFgQ5kyAWG1ypcVmLuD*Ldx= z@@yVyn_iTesyu0dA1gC0rM0fTrl0VsJPPc5h!uQ`%Qt_QZrr?hG6QZ34=BEGOmo=2 z5J&6_ul_djEj97&d}x*K?ged?ITBQGhyLV@oya77e840J0ZqS2n-D~j(wyQs?5|H$ z{S>X~i4y;(#zPP_dDnE+frT)uD@ba-zQiGVar^MOP566J<9Cw&qFh)d{pIVd>N3$^MRE4ByiAh?B55?!zTj8Pd1x{ksSfIUG4GjKzS$ z7)5?kChZmu0=#g>$bAtWz_ZoNwlUvl8OWN&ArNf#<3-mdJ1M!hhMR6zX@1PeMHy^1 z+rykX1x8UqR+mgEt=Qd8!@6jtg#LU@CaJOa`WA!lj4Xo{N0qm>Y0Nt$Q*!+_N2-7Y zA3)i$-&W|wU%84`sEniTX{DN+1rGNSgwY^r&k263ZC*Y$Wyi(pec^h~Xetb5fSd+6 zdC3o?;am!n2f4ugs&N8K%_)NPcSh5^opnj2+A$4^d>iZMAgq+T7c~H1kT4&Xmou70 zR}3gaO}vxJV0?k_lM~b4AleCagAuUq3T?iOcL(Nukl|U@pC}~s?pM%?ZGUB~lAW%; zwKM~a*~nxYN`ot^Xn-=JiYzKL5*IH<#41BQg>*v@l34RfX&ILkWN@Kkls;lfl{YN! zhy5sqr4phpy4@p19?7|xhk;r=JNyzIaG(*z;PXOIlj-DmBO80TGO9#VW`6IM#e~ps zGW8T$5=BDtc459+qfFlz2Y4^PRs7l9d{6SUr~{aQxU73COn=F{#x(-2;Bh{7qIrX_ ze6eFPKk|>ref4F^Ua%-QCGFc9CK&INcDfj+*1J<>rHN(DiTm;Cw-9AFWH?KEd|Ak$S zE*9sevRY2G_!9~B>h}lS>eV6#`>KWsL4N|OkOCU@NB;#av;@iZg;5LE5spZ*fOXu$ zVQUf-!^BKs+DnlSX6_zF6GnuOO<1LM-a})*>Ak@hmtosfH8zL?URu?14UUVTPwf;I zU(4qVg}d#avOZXCyF!K7Pgo`MLV3Z(Kxz58aD~mc%?k^|t2Gb2D&=IV1$(vl#bs%|DQP{oJSBw^Rl&@4S;XebvUp zU>Z14afG~Tgo5QqQ?eMx2%dd>)yoM)Wdye04<)Wx7){_u*vc?Wqb^=3H|7?(?#r1& z#4-O#>(Qosp9k|p@0J>Al3WX{i!Yftp_!H*L}f;HM(}L8II&Q0qLr^_AHJzf*N!s^ zp)AB5X2GegnuM$`zN)JJnO6srhis~sIUH{WWz(W*L)P^6>@-a(8r@CGZYfvv_sSxA zrm76>s$JA4m^W2pbVNT$D`O?nA+PI{#Kz65|3~iH#n|ISPKzi^SSKq*ON_F7_O_Y9 zk63OClCgj(PHOgNR9JUF%F>A^!1{WK9Y*%@6;c?IWQy&ld#CAeLOn6Bc(g`n*t@c_ zgRN^y7fmSd`H`+n8al!uT?RV!Jg6%SmjQc-y2+`A;|5|#XNBb7Oec!BY=HfGK+_u< zzJi=lzPjpAB~LfhuJW6~8%|mvYdd|EE_PGdG}Nvify7=`b9m;giy;yg8F;o(hG5}x z-^tm6i}5VE0_-RL5XXd!zN-DfSO=D>RrBC=0KaHmm2?BOz4{=$>l}l>0iH@qlF>=! zDbj1qU%h8+Ak4)~;)OY&h-3#gL6lAr3D8sinYp~)OJ9?3NZNDXe3(3e5o99D?}53w zy&t931{c92&VT-;LEiNu4#e*^sC+IIK9wx?1qBK|`n2{;pcV>O9_UjG;^h6;O|O{o zO$s@_VHStcmeSw%9my04-46h*4|a-lEy)gUkuCaB#}rvvBUI@WMUTZ)UcX@y>m4fP zNHuN6@O-Y^cK3vFXyHb+3Y{hW@BmD50PKWoUN_OdeO-<+wp#^} z{3aiKTUbvCTn~O)SIPaT3`R+_@!k?LJdOvQCPlw(zH{Px9p!+(BPBzraz_ToE~0{5 zyp0%8L#s~@QEvuA6R$=epTV==KKPmT=VXs_oA9;>`sS>U86xnO9ptdEYfE!EmF0S8 z@5%%di*Qyp_P>=1ro-pXn?*w}TSb2PmXjWmmNk#G)7mF_p=E-|A!lvb5d^BQ0a{`k z2aD2nusf`z9@e;#YxY2OPkJ-;1~c{6^!f|hz;QhVWr^gX!nt1P?+jol+trNRu7K=C zZTTFzI-IuL^%?iHB)n=-#T0vjZa?q;xizuj<2Ar3g3)`8)cp}iP&Ycf7;HW^YWGSq zn6Gfk_#DK14#=8Q5Tg%ci+Qn0BzV;1u z(uIE8O>RljfGI@iqwj2%VHm)YCwW~nUR*X?ULW_lpGtHH=fyv)S(;Knn8%bcM>dpleXtvQga^5w>7Iq@lt20|v%ZzLSN5aO46a0( zF6KLu1v6_Etpd;~l&|hx7(Ur62h+6$?DW~|m+YfbRfji%@){;F7`!xRnd#>p&GxtX zTjhHXq2Iq4&gO4Qyk!{rz>?#u;D!a|@3BM{-q8jzGWz(9)HI6H)>|cNDDQD@%A-rG zjfloiYLjMk(v$?G(&@8w@9&~{D87uAkqh?B$;S=0k?_S+stNrb6OCIg2V_>D87_Au z9|EUyjZAoD^in%#Dy2(cf`&lK20Ey$Kn>*OECeB!Jv?t^ALh`}VW+vEvbQCaA<0s) zEOe*i4p5az<*!}+on3oEeY<@lWZOQx16&KiGU}h}Fx&XnwGmsQOTR=#q88#plvZf= zHq6`#oY`=x=48>*?06}SoKY0!I&-d9f8K7Zzw%!G;Siew*T@5)v-EAgSYeW+K`1GZ zQS8mwpaWBwIOXco21PWtEU&H$9$zQl!YpgtZ>X~oWXeR z7UZlP+GZVGzWa#$fugeeK+J5_7>D(n!`p&Az@B&vQ10j7_`97X!wqFdh7_CS7Sy64 z#Ij_PH93mrwT2-ilmpi#&1t30qlun-!RuZ-RKV**o>WM~*aOr_!|tSCbdW?o)JOvA z!dPu9hZUOU+At31&>+bTL; zHb*U^JC{c-5#@DJg|Rft7vexg2${x%m@??THUz%c?zK77UUPjpy6#q=1(ayBziz(Q z-s?Z)L)mDceUyyMT{KGSbPfbJbA;#J!_3=f?i|&Q@NRSTi)=G%0l(7G3>HDnYW`t@)gkVa(!jJG2U$l zcrNYTmv+t0QgEH9%S~>|9h6(hS!(=y;KIj8>)rJiIbl_@NLtB$bMd302lSRi7YHed zTq6PU_dyz-Un`vHF((#~xyNc;I^50MM{4~Lz~mi-1EO0Cwbw$oHjVIuGIb%I?~N(ju=hGvRflFfbl@h>ZEzOmO; z%+>OBl8x7`JI-Tpfpejv2;{5?63OpLV#UyG;Yk= zY#7PF>KH5XhnJiD#-sfu6O}*XUea0bmH*DViafug=!zB-JzoLiDPgkaRGF!gMq13E zQ&yg=PJ@sNe>Fd_(rv<1c>s$Ms`-W4#q1noWbInigvZnTd&_k$2WQUBjx=w9d%T5o zokOR({K=jyJ`}nod?$bmSB&Jn!WSsi! zE}=wbTCz^u5RWBuQbNC2-0ZLcB?k9uSWz*5029k-N&`J+{AREaR-~VS>lnu1*By*7 z!@9+jNX$;;yOW?vViw^p!zT^uKC6W*7NjEY+$*VJxxKu0@qBF4h7jXm!w@ zn99`z;OXrzQHi^3(156$;b{f)_6tJbOkGxmxS_tZtrFUlIRBH>M|l!FM%0ZFd+U=z zqnWBKZ^c?EBTb(Jp>D(6O8FSUbg@)w$N&!3zl0N#%j{yfT*C$d+77?tq&X*eBFN65L;D1S?u85@&&Vt44Tm?hZ!R+e=Lub7d7C=W)+;XJ%R$;gcv(30n;qQ{e z8A?pJ%@up_WoQm8c}J!=e%f@UH0=B7Hm2W_m(M3IK1@~nkz9r&J zMlI-qVHSL#qb9(wFY;?4`cf`cn>!Xxb#+lbhzD0ad+7#9?%I))X8S|^!@h!xQC|u( zlRgXtY>Nfe^9L!}$FUY9Mdu~SmKDuzi=#aVDo)yHH}ZkaiFq?TTKEMvpXMaY>stI3 z9b@I<&eKO|C(TEn@D~C`|Me&I&bURzjjquGkoE^qGMG>F2#E|u<;|RzB7gI+Pl_JdCQ?i)^#3M!yJ5>{v0F6V@nN zt8AhdG%=FqM$*g1-Y+<_zP}Az4*hqZ70kCKQyS7{ z9?aRNYX=Z-DZU3VK~=wbG5Mv(yfA|Jn@SD^tN``tVz43<}QK$c=x`lc>oweMiH{0oa{eJrQvlq0Lwq8lP#wt+J z%B7>siv!hthTpyzj&&)(Z1DNpVCsP^HeB9Jw^zC={v~(FjQFB|78JrDzzTuv=$nr7 zL;yPe3Z4Z$!m`hDaJy*fef6)Gg;L8~+DeJJ0mbsk;=RD?b`ve9XRvPUycnH@vV!$% zDmu285qDm`d&gqXIyThnK-#gnl*)nEqP=uHE@*v#1nPBwXOs;+qO}&%BMzRb>_e) z7hvUFu%mI_#BDu)P2d{4D-URu(9Axt>3ISFTh(z#H-+uuSFxIN!42eE`Io2&w0=)P zQEm|<;d?WFkfMl{3}bQ(VuuHtO&s-RJcI3%)^ZlhuN+5d?;qD_NUk4zK+x&)b8iM$ zoj4D9)@Vkkk$#py8}!`kEuHx<-3OzO-N1wOQnKf}dL@KjvU;olZg8nSFUeBlKIak> zd3;P=yHar=niJMEirxr)D;(j>3S>o`BB5^*1~0f-u(LWE5c9~4N}EJ>oHr-1srK7x z(v4JsSZSh&;bQEm*~s%LQHC-R(r+iSZ-h@SG*=IOl+%WlZpd1{rp?L5_P*)6XAo0@ zKHS+{Jgs5l<)HUHw5SW@M^4}RQxHv`Sv>A)cKdJHFvqnAMj>;(A;LEc(Se!*U*<%T z?~^8Ugke2;9Y;akYRuZ>5$7>}s%6ySK=<~8f&&+Km+zOx>`r-bwlxYq|BTGz^>pT>yH`$5GiKGkuFV=DT>*f{K0LPKoHtCO^g>wS* zD}Y=}@H2p7zH1$@^iFNsGWczF(35;8VL8#t_pnlu7`aEkcfmVI* zopANt)JNfTQm_*g0_mcq(gIx-qjSUY+Y|J6Y&2!@ckEhKx~ur#gKsjGbHG8tx4`*} zBEXg`{Lxp)H#JCp5Z=BQ@sk^S7{Fj*n7`mmjInbBg90T9-#H{_eMo$QXOnJ^uLil% zsF6=?;d4P4 zAJark2#*$M@dNs`%%*iKQtri=rBQADYe9G++ciW97pYk++5r2(XK)>D9jzX1`5twV zs`0me3+VHp=RWDglyCVfZdN0^b1h)>_nxhrN7#45MPI`I{3~aZAa|Kl2lq^!Z69ayZzivCM?U7!kii0=k^AhydK(>-+FYz%lL6Vsepy_?o7nc zX-dO1aguPgK;nlIg$i}Tzeyvk6vc6)le05Ja#zeOgj1)>?G$T;N3!)2;3}e{hO!z) z_oNP<6B-m8rH0F;29ttJlG}jb6^CRO#`UV4PsGU~3QBKy1!6!45RlA8&lkfu;CGS9 ztsb`tW~Jaz^=dtk9{KnLlM(dokhJu_d$Bq-#3m{$lfD+Zl_%kA@+kP@NzmdpZADcA zp5s9iRj+?yw*{y5aNCW&M^}HO8UMuKFygt zu@N*C9Q*`>CaVntmf?(AAp(D+4nXrpQcHDJo6aO>Ycu#`AJmkZ?4&%LU2fY^`> zj8uUQla~a@R&8-rjsV=aa8m&|aO3FA|)am@a9dHg|gZcxZMMn#4YOjreOY-MncayXlvp!J{i`z*%k>>&+-t8=e zyLL%L$mot8lkLY8EAV*)Nep}nJ#|NcdXs^l(l3|K&8NP@%rM3L>3mxxHEG=CAFp%k zC~34cyo{$bvY5`^P@VN74qcq?@nfT~=yXwf7o|;>mPSyXqB1M#M+D^#<}}-OGJW&Y z0K8>Qt%y%pVF#S^GRy%Eihu#>l!oU#j7TP#4~EB`k;bF<-2)wrHkHOE!;)r^id}Sn zHg-}u1h21Y-(OR-@-#f$OKN{P*5vdDTSP1y8cG-(M`cXNjATz86#6fWtOY7DFnYg_ zY~GazP_SYh9ZV!VxFR^jVw%;P$Wf2$?&jJCp!Eo*{^kyX%xhM4Q5E9+~-T zLYvo3**?n69a5#B>A{`bn$J2>T>RiM4ykmEXx)MJ=l;5bFwJYvN1DaJtQPqu0)Otv zt0=au@m|=4LK%-x#EKHgrAd0mFVrciBSA7daYLKH0|<^_$k^{fr)iU= zcrR#pc!=(S*oU=}iiznnEx0DdR(Sr0nCy*}Gbvq|X@A+BI-^g`VzuIi`vuf5Fh=PS zM`&|FkdA;qU~e6dN%=QjNbh<{I$pyVHRW-k2M485^L)b)Jo}QdEtII17?LxB({WJp z`B8t#5~aTP#Lh6%&M>EwJRIl#8XvX0eapn9lI~=7MBp4bexmG%REp8ric7z|OplG_ ztzg0##6<1PZk-V{@HENiBK`4mHqW$CG4p_jwF zrWtb}Il{fk@SE}!*(VKM3-^&7U_wp9)Agqdw^E@{ulA+{!#-#&+5n+;K#i+=icg@G z)^Q^g4OM|~yuLLPABCS`2OGdquH__*2571Hc6lPQVv8?(DR=94iE=dYlXouINEuHA ztlFdQ)68G0oTC?=jqNDfS#4?C3Ti3}aGk1VND)CV)YqeUmV=B_o?}2`VAiWa0r@L2 zQY;;&1;9h5oslFo6#pq0N?HODniA{me0{w=m9&GnZjDllC7DUv%->c`plRBs^P&RQs}AyCcwmcEYm_`4D3gi4$z*IC?P|Pbzg4tK zm7*I78U!$fSL>9|!dy0!`q-l7GRls*ZsZ+o%kRI#m@pHf%p@zMQcV z*?xElVNdVm%t?49l5o4F`abb2^a2mv4fNm)fnrIihK|om)h^i|BIYJc*h2avJ24f% ziB5X1C>J*wIVl+@f)zP(n0t6wG-pu`o_IMQhhpFnK8oMU`O}}s`~kW)wzv_tjb$QY z)$BaQ?p-BZJ@zT=&I^8?eQwSYwe}NqXM_T*1Nyfl4K^h>FWu%`OV$^4$3%@_N$Z-t zAa%EDwP>pb69-`wG|%8NrJ5ry88c6@uW;xko%0Q-7F{h+(UkYB0wrY?qm*hw!W`aZ zaNN9LbmRU7KzXYHr#DY&Il=N>+G%O!Ik{o9`i@qSrsj!OQKsgN_Ro0r7pM~~-F6Vw_=cIBXD3L5LN2*7UVmM5!K%!8ow5m=~p)!uCH)3SK zSoqp6DQ)t&8)~NxJO7m`L9dq4axt}k@37s`;r0GH2T?0Bnuly9sp_9^C83`Qqy0H# z7x$z8m6}(NSN+Sb9iM_;OG-OGdE86>H;1E{>Dk_D`N}?D?5-sjLqX3XTvXYyf*muVFu2gjH%b!k^ibFPEG(KBgJeJwk)e&9qDwjWu{t0E~ zzkS6onr;i{?(3)JATUb^UMe9Yyjun0hHJiU;xzemV!Kf~|B<=aiNodS1(g2w!vsLm z)uBL!Mc+SsD6iMgH{acvEBclYC;;W>8p~o+GBXn1Vb{mCmSIA!AuO5^;e8O+2az;x zxVO3_dYmpRy?g!5zZ2Kxt<};YWgZgXE_~Npm(xlzGd#jeJFwgk$DLx1HkbZiG=!tE z{N5gwM{nvK2M1XAgr~1anEo+{)JGg#{LN4{Hr`&|0i38&?wpfj_56UHmtn<1Vu`#W zDbRCmVAndWg`hCk#4t|bdf*MA z>E&B_IiSJe$xo3FK{*=ZJc2V1X(mWs$I!@L z5%VE^lnhYS7|w>i`zf~2@OSO5&B(_esl(8OOQ(Z4W#N%uxboPX>I!9rG1bijw+0aFpYlvy;jmrZLv*c zpBn>M+EwK0VXY1{s#vXlOK}>}GQ^i4qq2Zs*1yX@uJvM2uA%ira>v10+XY4|wg{h6 zGhD4g-L%4W=1_%aQ3G<~SdKW{g`1&#ZM-)>BRDK6iJS&J2VWpR42!<;?-;L9Fp){# z(aAT-V>$+D$6PD4kU?!%80<~cZguui6gsoDhBshPA?j>J!&fouZ2eK{Y;%m&YHuuF zqHa7kX@%$Lj&$;siNCj93NExka zxBae=icg@CizDYl6x&-e^Sd_Mm7})8Wd?Z=U_7Bkwx?iN$l%k%Op(?y4^XU+3D_Pk8saydkO%*EA}J6n9PWvH#1G81 z;o>G-hF)oUiaW)`@RQ{a(7%LVhvMYSP$RbofQ?G&*NN4*vo%Lvb!=)X%?P#2ns(P>Cl=L5rx0_D82fBtwC3QDfU!vb>QK5Q|ZorWY)~E0)qv>H(-r+-g_r=13&;Jh#v3I1DaF zpoI6MfP=jb*(?UbN>jXWw&pn-XhPSa*o{AP3#5As&9C+?&*|xy|zQ$ z#?uv-Y@J%sLn;@M|0t^MODTP7sV&>BHq@-EtP$h!n z=BDH3Cr+n8A}n(w?ic?}ViWpS9VF1KfKk<*1pkx9hM#OKQs$?2!i~rYhJ0$Oj35f{ z50oY3bEdnkT>7XqL%4Xvv5{Gb)*atoB>*Yz}NTfG7FR54Oxxs)g{eQ11Tyw~_u z`yEQF2VdRCh`103xaqU+^@9xeLt7b!Q6EB>0T1P1qW6=9X*Hd0^E-z3SMi(`T;Jv~ z2dn!dmU+ZOKanqU;nx2yG(DP3fKMM?H}0ZAK>vDD+cnP)F?JAMn-yaklVqex)>`SK zUQxUo6_}?=FpHGdf3r9O{=LpIk0?$P53rar?X*OlBEFbtB_z(o_KkUx7y=T7H(9&a ziK~^+!2Tj&s(zn{s%TfZO21Zi+hMCjwcyFW{V~r6dk*U*#i=^cF1k?0rW@TOX7V}p zMD0sxHXq}^P|)_v34ovU$}?%OZ$kwcP72nmwRMWoY>+4EKtP02r)ZW`38dnX6w1TL zX%w;Ne~%2_APg(S*>ncmN1`S2RodA|^}|!li;hYok2Vo!uzUqkJPewT0KsNj8)W(V zx{$j$Je8%C=k0SY;7$M3GY_$tK1rW%tC7jwlgTDZ(PoQJ_`J64Im?sHD*xjt+0F01 zY`qs}yx=e=Xvs}oFRZ`q`3r{!aUPu7BfURLrk0oyy9m5U;%nhi&r1YlM=N0`#R*1C zo8|VCi$373dOV>{{C>e$X({lDj)nP=wJ zhbvWetwNGot7`wwee8W|NSeGH_DtY2wI?2@On`-vM&Ztpw+2AY@I^s9Q_UG=tdCr& zsQoHS>E3RrD^h+kD<`RW$cNC>Q>b%DPg8VUC%7GFW&DiB!JG)jyrGuFywQ{Z+@Psg z!N2sRm?idZy11#``&~zIELBj;5t)Mf8cDzT=6G7kf5)lQxu#Zmf>bEfCLM;bNru~b zQdt=$hUd1UB!3>}(YC0MsSVP4BRGrmNX8hlUs86oF-DW(Q|k0P;!ay)J&dJhsTLK*4^zF! zzy%nnhb3NcNN75`FJG>;hXJS8&Z&np^x=) zaG*TodF60jnNc`AI@wCf0wr025jpQeRy;Y0M{kC0Yr73XQN_u1Q?RMKg(C!b5ma9= zW8Qbe+IA)ignY}g6y+k7Fq1}Ib~|36IfaJpz{Qm=Vb@P`IxOo{=w;XWG3w^f z**$nl{GM*#8PDJ_AU;Mg8a%glSg(Uh{-xh;R}( zOLX9SfOMK#7n{zd$S=}~Pj;i?gEw9y2p4z#uF^?U7Px6-Dv!{d%ovKPx1(ah`z0nq zi&)O==Hw)w3AU6i6Rr$O?aSIM$(Mc#Y>mP@><8kweK?x%)P)L-BUNztv$s{3_PLsp zQ3NI~a}MaMAiP$A5O5!WUWPdIN{jRnQ=(j zS3j%~8o6=hioJPG`A&rYlelbnUk%M7*&8J7aRkh&)IX z!208U-e2aZZotXr_~dfxU2QFPV3?rFWineama^L%93UF6bq`yRyr%;$yIM`zt^S@` z_6}+ieP-fjKs<)YO&dYUO{1U!o0*^~t>I*_yJ{UhpX;aV@{!+yVUr^ivwqX?u)-jr zhE_P1?#5Lk{^H38y;dcUlYE86GJZoGTCdJ&0*N5o(@a)-a=+j7{5^-LI_!U7HzP3^ z7$WA5#4?lQ7`BWuuWCQyU$aH%XPwU1ye!!o$QNj36?)!a@Hnf9)~9m?_{giFE*maV zsp@IfY7+A`YjfVm_dsX4O!!&HbL-w&Dd>N3g8wqUpz=l?xEg7+Z6l|W_v_+*y(b5M z#()m>a>4aghy82L;3?gBwoyvx=&|Si)Sr{U;y@*)mS^l)^-B#b`HStL_Vak|(1f_u z*9*7bz`aRGj6=|-?EqCp#x|^emiR3c+%d(F()C9S)vDtw+=_rGUDHa zlImu(jID<+ALeao`K^kC@yDE;M;fbQP31fr()nMsGR zEhQ8`Z3u7G{;Y;6>IuZ}vCLZ6Mv8h=Nfh(-s%-VzOClq86lcuPbKLnD3h0AtC=}_M zjN2<SIV8KUzrM-F$eSX^)H_pSkNWFGY zdslD2Ho=9?YaNQ~qGM_qy)ktTmRon#U42(QmpW>lmi^haq^{l4+itms?dG{RLcD8$ z``_ja1{+L1J>#o!UBWNFlIP4HV;O8YQ$muykqjRuGh0W+nM}u3MWSCP8d;C8&0=v7 zBWkL3CM~gVJ-$x|;RtbcoSW9EaTO$ljCPceIO)o;bQ(7pTB)Q9WN+p?MOU?f9<{=a69Hq8s$F0T#pYqck+ z&-*y9;w6qtJUl-E&8!n3`K(k#l?I*_mvR%W1%7cz<6i}ZxLfJpB>XPL4N)6kg1hT& zER!k@r~4hdf%~jG4kG^<6|M&yWb`9|ZQ?0p47Wt@o{^bF>7U2V&u>V|W+cx45XUfE znd)$$QaGE>>JO0r%g7QnM*Ja3M)qf%^fMK}W`xK5@|WF(Pf|^li@2FNjwZmNYcheV zylWT!ic5lcH_HvLNLm}T-p;4*f?c5JiOX`&osLuk7i49dHn1fH=O?MoK=nIL_O>SQ zw%2|`E3V~o7PYJX-Jcx#joD95K(>?|=j3^&Bo1Kq#Us4ga0aUUpZN7mUlY;P9rCf(7WmG#{nJygtqlLN+@fHe zG_WUJdS)e~aWg=*e;MbuqUwBT267KWRfF|=3Ni5G&W>B9mHn zb3V&3E>x{jmcBLPiGhzhI0;1~Qfu0P+Xoe~!H|@A`=i<`3jg2&685 zjtbYPk;)lbYVC@^b zyp8R)xXZ=M9#Bgo3Md{%kg~r^;cU+2_w`Hc93GO%NTl|k#c676MDX+^Lh=y8xwk!x zGut>$Ua5MinX@OG*b0&c%(Cd~n^zzy?u43e97tyz?TIC|O9+E=z6io0jM9*M=Lnz; zhm^VS8%iKS0sNl=ARfGC1YpT^oV{KXnvvr83Ga9b-IiC%IVmH#JMe-pf`XKCtvKUt zSIFaahwGX0y03DA{g%l24<-Wpo169fLJe|TA)EM-Fe;2C z1y^wD!;n{weN)+p>&O1c`BbN_EoeRnCr;|e<8F9mLO5x?(4KhT&`w;`mr}=L-0@oN zacDg8Qis$cbDSi-UFzC8i?R&UMi4%*6B|g@`P@&SD~_T2d+JZ16XI>t{D63fIu!r9 z1xOtf!dN~x)uAL{Y`;*PgJ~)45&1J&y0BQ8Iv|(zaeuGPyC2~7-uafnZ8Ec>B_u>W zUIaDUxlNu4y|JpnthJeMk6&m#Nb2E%s@ZeWVz&=HneQYX!f$js^60o^ath=>&T==) zuO!BCeQzI;#XKQkY0_QKS~_(81>tV9P*BK6GQ6IOUy}>*=9OX`ZRlUI%19LN5zl{A zkiFcbbg`j{l=PWe5s&PTnW6bpp3k1UP5&`azdNEh#^#0KI|&fBmvXX`sCXGO>&vD> zg^vCLctQLU*@d3^7|bWsDaAA%E1u?E1j^BEM@C7_ufqI}4zPr=z6h6;*Z|F5OiA%! zsvfNMNBl8xq7eTq_hG)H#h<%L;LdRHBhK_$%+fU9O~~>X0Q$|kb#!?^X)MPgK6W;# z@$DeZI2c>bcze+>(qERCJwI_t0d<^PyEH$?)Q{Kl|7mk~JNdM9@YCYlc+YVruoPQ}bRsHPk zjCY?G&7mU7guEwyO$WO<&ZU*kS+AzHf9}Ib?qmG!3%}CE+9l$ISiSU|Lqz9zzsxbhZ20f0Hr8S%&u893FCD+b_&clPkYZFD_re$bZV6uVCYqRdbbf?vjq_Lr* zIr>}(GusO^ zCXT?@`s00yg2D{KM>}2SefOgOc!nG}TGG}IvA1t95mC`a+Q;dv1A*V05izTwL_CNb z=x4#9rp(b=?=9^%!XyAlvO?fyyYCqbJ`8#yIb*Y}J{5k9QLS3KdVqTK*tojOtC79; zs#?0dkKHiDYvNDPqr6CsY4ou}`&DViHhekJa)MyhRaO^^A68vH%Iy zd(&$989QHqPvLY^$k76V^zxT)IuDEsUYJZ?m_D5ajx|n!o#aqbzt0e2{ zMg^*Ff2`3_d+}%n(7TDg(M7#c*chUGSzGfYvA7pUaRW`P0|ry<4$%3lTR+YPx4Yfh z7h$-Ca9*2^zUTM$mL0TCc+3yAbR13_X|?JAb;#%0l$?4!{qLz0ak%te)cYkzGuWDa~8) zkkt$~p)Li=D|c`H(a@1PXEKmDY^?ahv77O&)-;U>4E%63Gj4pf^&gfgXUmpqV+^@r zpL|fIxZ$b8kdVWollVc0G|%$L)93}LHOa->f;<8=DlH}EUcC~C9z~fZ5W2oDmjgsX zQJT6oGY|rJ;ga|^zdQ{~ar`W!_=s3ncTafVSHv{PF|XJY&0}~FnQF@|lT_qsr8=J= zWB7rFGFCyHrv1R(hchhWi#1|HUUtA!fviItBO$0g@WoUYDR8Ldddg(17Xt5P`Xx!N z*l=MD?nl1pe^5;QlRD6#Wwv}LBzUdj-j~~KDhY_Njtq3(@ZMk$omxae{(mVZVr}YX zkf`*1fk5wG#*0;(AV+Jypr5%pfa|`h6?hr_bySlYHI3U*yeq&w8@#8gzLZr~sVLhU zuEAF`Wwz*1sv$sR5<%OIM6{=tz-=27q3p0-D+Z07Txtu^E_+(@(nIVRIfy0$A+1e#V-s$ZiO6b3h!T zWwJWS09Q#(^t~+AgUbu?t=4ohZOZ;YQt_FlOSXHWGcMEV;8XI=qDAOg-!gZHET*eu z4Qgx;;c|O7IazJwtnB=zPTp$KOL6=k!yoFN)R8H5j0t;B+o3-?zgI_IQ(S4*+h?FO zwCWCm=yV#;AwOH}00$_Bc-do`>`7oosZJ`+otg;|cw8Msv^hMW^moJ?v+Q(-?cnx% zbbx^!D~^XjO{YjHaluX7aKes+PXIP3p}g{+n8DH_qMSh`rov%ABWNhajd& z&s5riBp*Q_gBn9loS;NbOj9HyRU<+QKKOeAg9>n%yMiaG>Fqc5oiQ2aiLK%9eAjp3 z>X9>k!2G1jm>q#SI6MUgdb#ok-wZg%jH1L5^uWRrd}+RS;eXK)&e7`bjQxn<#}DX^ zMhWnyQUUSk-`%3>PvqAfaaD&HvjVAH4gbnq8=<{&;dFXj^MzZn@5o zJW@)v_{8nm6*bYMSr|>zkC}L81Lf#sqvYtEoKws5@|&$R`PjRvK-NMb?TiPh<)UEn zr#@UDUeVt+(4G$|eSf0p`Zhd3tqWri;HnQ6#hVUhgI~)3J=TDTf?_xQ9n*=1c!HaV zSW00a{2SSgtDUsRb&dvx9Du)|mHLOjn7HlR=^3{ik)Z-(Dwi=^Csc&^C;*9ANqyi_>Zx(1RnYgJJj}(5HI1U zz(D*X`jm_-cylBmYcnOp>$hZCp0A_ZGxA~qGW9e(;s!3vZg)vALtAhQYu}z-+Q2?e zx$r*CWLCK9j@300?)IVG)zvbE0sr%yVV7}M;`;q$sB@%MbV}saLkU;#)tivtV4Lu! zcg}dKb}Kcv?)<@Sv==npTwZU?8IaQHgaZ@E!~>{g+zmey-MiA{8ibJ7FF0G3H21?V zpbWVNT}>nhT|E+Y`dvw`91mW$xQ(l0qMQdB@i`;Ca=t?iv~v>;uqy~+s!4QTz`FeX zMcmbi4jXUkPwg^vnF9OMWoz`x350EIo*Ef`WtAJY9{P=X!&w(7XvEqt47pi|gF2mg zgTx~FG8HfU2J2kLOEG4{JQSczmfL$t5-@@p#GjY**8J^kK1Ctk_-;KOonS?$#_SJi!VfNl2)*KKYJCegxL5G{e2vv{ql!#7%hEHLCc2fj#TyW zRXt4Y`Fo>Es$N#7&N*^&jj)Njd>~gP00A{Lp@l1qzEi$7n&+fqpb)H6Eo=C@zPdnq zX7KOzRoUe3SFQ5V_3CRE_Bgb`OGZJ4&_6m^7ll*stHi!$;!)Wg`bKa6f->ZbSD$~x z3KNf-w*|*_?TuVioSY_HTWGzvucIhM$%oJVqp@EewHg?(UZ-XI{?EnI)|1nQYl}7& z>y~7N&-?beq34%9S~EH0IM`TesCiPeidjNC;(~-J=3{)L{dOU(W*29XFtM5>RL>vQ z53;qIVnSZCf3oGf(xz^iSe!KfLw*<3%Gfr2y&GC3A`UoA8kZh(790mnEk;jKVE+In zL@dzCbTwpw_y@`mI0a+el%@~HVOw@Cd>5@+I(zaA{@}iRdYMtBc*Xk!ls2r36>suf z;`ir$I>a@1(z)M*Ti6tW=9B%uERJ&j_IA9^?1YPv&tjC2=^c*&WCwmZU`_`vm@c%{ z;*e0_&eZYiJxgB&(k)`TFB}c*F!x~5%-m&Zb1>-sDEkK3@~VA0KIbBrF(c#qZw@@p zzG!KGhb>O_r|>@^#*D2S$lx)yAYKS3+oNstH{LjaJO&xVuLjik0_KA2G=kv4Fk~{J z^xZ9%dR7Dam;Yaq8^!iNB=_*b$6v+myNL<>S8=y~NbFB$YN$IDVtYtrjNbK-lsPscB2`j#<3$6BO zn)H2Hg)o#``iIOd=NXG(=Jy4j%rHwd_F7J(F?;^ZyHU`~Z7dy)u$r>s1>0YGVq$U< zT9Jh)#?QpRI=)17{SDA1`@cXsMsO*BF0n-kT5{x9U5&s@bNigWy?ijtKSaZ|AL*ds zgane!PzLAAXXidmtp8c3&5cQ-?2TS4-{C%Dxe!<7jgfuBQ<+r85+=pYWH%R|?;ck#7{@Ho{H!A- z7aye7u-xyfz0;F9J&ND zt&A63?18QS5Ljkft+3ZE zXC8!Q4^2ma+qm$K+iMjZ;MX^}_!CU&&)OZIKOIm0v>0{{43gKW64J1-wV{ zvy~h{!0v_2k+cxS$bHHEILWJ}7;XwlOr?>)1hS~b;Sa&+#sU!-YS!RvmS9p(t7#Pj z(E)B10}^=8{_kivL9_S)gTp%GybOo^ZDkzIK8lB+{7Vv+$uB_c05bo)5qR$pXNZm3+go{N0U)C1dO`;Tr0JD$=%|fFsfvXNU*& zYTB4hHQrOsNj~83p}Egg$(RWdq2xLSf5ixY3X=T!KhP6NoVij^Gwcg6h0V%gTv0&s zF_F%2DB6j@7^tDgO3k8Fur$wSn4l4!Biq^(*zjH_XIgKJ3501B2hib=@?dr|BibqF zE~3b5(yZv7Y?;D16?@($`nb?At2P#R>Ft@aZmm=(tsW0N@W7nE7Lb(c&)x2euME=s zvD=S9P+=EC3DaL=#81Y)Z3ZDs)Xu_Pem`}Nh)7;V8F4~lS7VL`3`lCUay%+|9$toh zm|7YCjNTDKP)@Lk1x=y<{juLy2t<0^J3@>f4=-YzWh7Lh2d4AMXW%TE_O4~wPT+L@akM#p*k8aiW)ngv~>&S9_28S*K zf{W8eLPl*<2J;NU=lY%4_S($)7kXazefK)d=bxfOhS6NU&Tib<$fin+_nMXyH$J#p zN58aO7^9g-uXS|99o2Zzu)2z%CL_TQ=6orpC@VynYPu;`;!Ni-2)R=f-LD-D0x|ZR zR6MQ{wg=x41d7~XRy^(!oLk=#)9*K?$kP3DQWgtyN}e~Z!pFPU=oSmRN}YYJR=2+s z;()}MN@TBiVB)1?OT*uDya6>Zx_*bdaKT zt#npGFRr{5S>(i5I6N>)4!B`QBR+PvT~zL)M7Y&nPF?;O6E$wIkwJseHf5KtYVX4K z<4pUqB{B(oexP~dnW|+CS8l#n_c(pf#WL?#D`nv$dK~AOqKCDBWNR23x1~(|s~h+7 z{DWo1utmxUA*qFxZIE&vV!Y{Us~4=ACumP6?fG=Lqm3K?^5Zzs2}Z&O;z=E8C!kg= zw46YJuh3WcgNdoo7yML6=mRI3UBW87o-Ymm+xg1Ie8i}pXy_DhJHbZu$fZRP|YA!WtE{aeV6x1a6~5^VFKQld1}D znC)n;YnYwTrU@jP{oYt2n2(;$TT+7uR5Q1)qRuCwg}TiBi+w{Sl*P#Hay8Ucc+D^~ zh4>8Y*FTQcm^lnvh2SYJ42!t?-;99*VE{IK*lUig&I~n~!a(WZVsz}`|?KQVL876+g<3=~<&C$_Wm!#C#S{&z1Yd^PT zm(B2>F{4~*7HtVnV|ejTKDy7Lqc{m|k#GrZ>6i&^f%gGKS6&^695pn8SAZuvp@T~2 zzo#P=zNeE6@1+Sx_ED4Hc5@?s6}|7t?_hrIorzjO@*#OuO;{4zuJp7r&w%3V$yT>z z`JrVjdA{HmR};?;+`;Z88TIwE1i| z2+vZqKpK_-ozot8z$wKxEJ&Y1fJH~E#f%xM8IWibba1U3Pr+ljY(aZ|MQ^()2T*`4 zoNTx(9Pn>d4yJa*U*MNUm$2r7?jB6(I>XG5czEF7kHIWZ9JUCK3aIrC7VWk3-P|V1 z5*D#^u&rDz4wOatyFEtnwUVHr`P2LLNa)+=ekPCze}z)oto=l$+UWSBtg}49e96M7 zSCR+X#UgQX#qTE;dNlosAR;rjolqj`2PxnuMzt`o?I2W&e?l=sapn7w`wR=}id8l; z3O#a1b9tK{&@c0gDF;#}wgqS;08jFx6cvmSZOXN3;e+doO`iGJ>Um3U3)f8N2g$wl z;NZz``FLK^nc*tA>;3bKE*v(|^p;H=>{?`JhtZ0;p@eq!^wjuvj_>23Ik+5x&W_Wd_~1K1VhQ3AA3AqOV$|Z0WtGmWhYvZH?Q;;An&Lta^-? z3l$Hr4?*R2jR`3E%XWpStAGrH7Pbrey~G&v*MWjW~$ z@FRGEe5C}#b=Ld9L3LskycNEu<$6kzHbOVYlZ3O0n2UX-xh|R~hgj>iE#lk(TEcg6o3w?li|R^YO6Zf z4R2MZ7^IMiP#}jd-KCNWt)w*aOJ>Fr6zPaA{8`cdMLxIJ;oW26-PUNia(dl59yz&! zBYybstv6u@azBpa!ETSp+w+GHb&aqn#Kfh}9iYA)-Fh?<>K`)-n((*45Lg7A=WhpL z!h#NCIA7^XhBssC39AQ~2^Ae@7*gUNG(}keN2(Is&LKj)&%7LowHV2`+FK8%ATmw0 z3c(U;DYw`DtVWkz;%BU4g>bV&g|gM>y0dw|_bdtsv<;nvyuqo(i0=W=FwK8SrSbpO^`ced z+O=TmCh^}au-Le`xL(2<8E2qL=!vj@+FlkLYyRE#f?y{dRm|r`+Ay~M&on;iA!#%4 z1M7vFZ9q>1F$oEByVF+K0O5MtZ2hGFno5{EeJeWU_(kT3=?8NGl2Q~j(eo~+5Oy$C zQU+C0&O!m`TaZQj@T)VC~gwX_^!d^Rh{jvXNjQ1aunYIc!!GA^j;c}oue!dfu z@5rW{p{zUqH`6Of;xfJbW=-N0CxK&=G9`HsC;nM$I$oVH z^uG!Kk}I|SmuSgyo~pp=GI>%g`VGo|p{ZcC z{{c<$zlQu9nu-G5xn^_pObhK~0^85f8atRXGTksCj~4hete^j1u?Uq3@YJI!^nR*n z{QB#&aH__vAmN(Mx7B}s;WCQ8w zG~Eu1b%Fd`Cuw2VXY7X07bHR!=6fd)gid89S$*s2`vZd_hf zXf0#-e-jgpj20rpIxr*MBaBi@1+NmxCMrr-Jd@v{QMeBq5`uoeJK_i4VA;dFk57I* z-roT*j=QG>jwCSJpMYpNDMPnc^7~s)0lHaxC)8NvDr;^9Ceh1XVT5Ks2RB#r9At^# zkF;ZhFwxwekBk$STNH;lO-^FX`0_RTpny2f&TpUuPh5g>I;u6cA$G4^zY978d5nDM zY1TvR?Cp-J1ri+7umXv}M4%$~g7YcqB;g{-b4}V94BoN0IS+Rayu!k_G^0pB(21N^gp&Y>q17CV8l zFpeCPpW+0%5K)89z-CAQuhS_GC9qI9h~z9;mg}daotd;h>l0LF=l+JASqqve>Jv5L z0wpE_y<6^&y=%_$vh_OZ}BGk~K|w`6v$1zdSZxfNC3o2qUNnu+iM`1r+9LYKJ=fpKvxD9%P z3C3WcKk02~Ofj6fA?K~=)&(-Sl)orkPv-AL3yI~A@+#h~xNKYmO#7cSLb|Tbl@K&+ z94^U-2T8p~;F0dM7fnR8)olg1CvG;$?Myc*@>Gva!62GzqwWSz=en?a^_Cg9l4axe z8b^zu#H2X$zIwp~pIjlAz`uFvPTy5{StO(HyAzXCYp}D<4Y!AboE2p%9 z#~$K2un-jQgpXH#cLm1!k@yND@NO6`-BlfjHyoY39|O zCS4<@393@q`q@td?(XxxWkatP1oUIgk{ZYlN$B{FFqHf%UAga2Y;dkHm|c@UhP^Wr z*Wt%+U)(7XKOf4R&s2-X|H^=hccuAYZ3*YK(0vIV1?gYJz$j8`k*D)DLElGnQAgqD{90X}Q%+m#g52NG3GHgkwPS{O)3j_i3+L5tSGza`pS zYl3eN4_ATxVT2yRVgdv|yPZLjjSFP+{z0^zXwLZmZ6Ta}ue<$bdBaN6fHw^SuE7(H z1P3?U@|%8b&7W$|Ewp(w1GKe8kDeXBcLK~KGDdb^oU|?4RqDB&#&;t(G8g|pd21*i zOuXF%SAqJ!xOM1i)7>9imTzh`47Hi+`>!Kg_3`yi+jOKCgX(_fi~Kzha0dT2hMFwRD3iV^lvc)Us(jlz5Yh;t; zd4caTLA7n^&%@8Z>ZK3&NA3SJXua_BU*XQuB36UWIBykPK)Cbxe}+3z9wG6|ng12; zH1N#Yibg+unL@myv7`ss393M6h=2VA2!nAm({Z!E@lL+)HGTg_ymOKimHmGcJn4Mc zpSMBr&y3~9Co<$)EcR>$H0))N5<-QdXjTY6WiyVCN;yiCDxksN{x=uiCHTKs5w^!<~iyGu-+8Kf|4)25>y# zM7UGKNPUUApi}N3+u-Js`Dvl_G-(E%b6E$fISyRhk=>qB^9WINus}~ z7f|4`mM{iwB81qFOVU%Wj6fNvRQqc`z^_<=bmm)1-|f=)uWzN%_dx)7&#%Rld8;X6 zE8fLqBPM<-ns4N_sPL;Ow9)#7p3*_AFwz$hQ|`k=lto9KH%;Gp=BQx6%gN((f$u0* z@1EJr;=7Tf8^+AiMn>>PJ_dDo} zNu;%EHD<85Yy^voD&mE;s2_gO&sS$I+R=W2J|u}#*Syq_`H?0#YJZLvdQczAX;t}J zI2Y$5B-o!t>JHX&y=W^AhDSU*z&xS?B}JJ>!X7xJ8diu;2~#+IF$+n0hwvMj{US%D5b|ylQ5*3dA7U5_pEW ztQh_q_hMvnpd|72GJ)`Ac|-nasbT>)=Onh6LyU^cu34d1zBTzf8Qpw@hP0-0_3y$G zOg$3yF70}8hM8_cT+T+8$%BU#plOt%m-2^_`1!I*$7ih=!}euQP;)D+%`AGdfem>G z>fxxzZ8p8~eXNCn%Y1C~x%u;)F9VbzUMZJF<3u+E=XL$cw!D758QJujEno7Mr3|4O z%LIbnTsl7LUQo(>pZSz;)o?i|H&|}p`rM9`)P_k^`Zps3J#+p$h%$j#E?24q&oqb|56&K8%y-=V>*u+O319kKg*Q=esBD#Jn z+y?!?KY5~*FWfd#0D0v(fd0TAKrGxQQA2v=nZ3GUe8&%|%AUJHp1VxiC+VmZH)JZj z3aXxa>OX!|ZBQA<~j2~~U_4@0>{J>mnRI7>$kc9Ixpt$XMpUAT>D}v{U zj~OW+aG#__rVU{=z@HCcd7&Y_o5Hz!&-T8XI(7EMrj*%;*3xs4Unb>DEI&J-5p9La zWu5jx0vUX)O@X|vm*#s*qE>P@4LCgM;>`J(XcT4WAF%byE5QGjWD^UYB3t%h zBosg>Ec@4oK~2dW`Pdz7v&1;|b<})-esDAV(dA*?lGpM&0_r*cN3$nYgiEZaNcZd6 ze3lmrAr9i58}*;A5BHK~2eEVckgv!0xwgl7+ zI{`s$`7)4l5mIf2-mNS#Y=Gtil5iUhwim(za>+lDTe; zqQq@p9HpOS+{^i7i3i_R#e<^2Tzt_DNp+h?-Q##iu|c^I^Wlw4p+bp7_Dub{aBp6S z)t=-@#2z_syDT!Xt{X$)idWcoV7uy+wp)Q3RQB;py*(wd@>X%^Yyu5F&t}3K!=^xS zPGu|8xL%3-3ok5($~I}XJ+i^lEh-$^a&Ryrz59}NUd7h9I`+pxM|i_4$nba+Mho#v zrLzCBNOYpl_e^BBy_z34B2kSy0y%H!Pm4~aUFe4hT+)fK&;_d4ZGb8wrBbsv)pq+8 zyI;ew)#xJ*s@hoX?bPyQ0ZVDsC);q88+|GcsQN?j{+euGryI{|J_~uFwUwQ}>%4O^ z%B2?Bo+}=yO7B8LSSw01mO~spF~%%(2-SMDx^E$RUn%{5b`{Y&BIz0HZSK#Jxd06_ zgJBZGfMG_hKrtfeZ!q+=*SY8lV?ISNCa!V>V?r?{M!(r8kqnNOb_qpK3Z@J9n5^`Z zl0LP;Emt(ak#qXVJ4(qWRu+n>tV%27H6yX8N{vx7X~imrY<>@Zs8v47I8di2t1t{n zuCJuZ76-poB#yaTV6SsN9C4@^4!?_ST%hUGmn=hs!O*DeGmxwRM^UomsZS@V1B;<@ zA#>N3R}C0VRz#I9y-%_96sQ2FS8{}p&zQH&UK&n}d|TXM7AplR(BQDcn26lodFHw z^6f>5!H_^G!GcueUD~`MEih)%e>2AB|747(9O#Py#YOJ|xR4WN(Zh?fXmJXs4ouxx zMy5*~tclTo*|%TdD45(oaFupnKC+$rl^WwQ392Q?6^+wyi?y>Yym`wcW@NuKpL1*T>Ohc^uFS|M|ep?@0)lG#`~ z9CiP)--1JoU-4oeP3PHe*_dL2e3WLq&_}zG zM%wXki3{!>&Vt^?nyHSdGFRV{+xgb~HtnsV_?Stwaqp`4D2Udyvkm!=yY1h zRe?M}zT0OLBlah4O(tzkEB`V19}YZ;s~R?nC(oC3r+x6=<~(s$S}(+yl1Ri{c#ly4 zCLGyVI%L~qUzb&JU_VC=IUxiPO|^{YlRdrnn{$deTSk^@HB>9)Takk0h|MrE+$D>< zpUe*gUwl4Gw0jOTo>;6kNaP>ksd}TpegY#;+=B_FklId4Dhdjr6}J2 zD`2VXe+^g)W?ugrur#BLeOE5ndfGlIurqa&W;1apZ3KVYYS$N^YR6DDi*O&Y_M| z{e_T>1<^b&BXwr6z}|PU0{A?#bbZIBXae7dWPJV~Oa4s%^(BYV461}_u=k{=-)q)V zj)F1?5r2rm;Yzf~F%BckaS7{wiZq(!zjkRuX+{GrImL00Rs;6+F5vg52iukG-(A|q zABxNfiXxiLUSG*%NR%ylprZypSqkA8FCwICoz3qR>P9{OZONnljLw^ch}AKa8~#w- zfIYz4=W}8cGcbi+ZZ34oie#IlIvCFE# zg}`*1_VBWE9bIBD15$)LQcl^^$!R<0xk47?jT}TO{uFwb1GLt)xLR86q3iccmvuJ#N_Yi)W(`chak`1&y+dTe?CZjz`+UJ6 zq@xRFMfU{p9#47rGLA;WF~Pgb`V z0r7<$0`!=OhP*V3!u^Q$YH*x;9@1}OUOL7*+y~eY-Q2R*@Ip9KwIgcmc_8ll{FE}+E!nU2Mk3@X#E+`>15cL(YeE9p4weim2i4z{V<>av zjr7P)@2OA=W<-)^PZTAizQy97EkGaNyM0~5J-rbO6$jMggoeUx0sMf;l(>E{+2?*o(L|_1`{zRY z?t?lo7@|SI8?3((IWyQ0@H1!^tb1@8X^t8H$#;eKrG;D_X8%zM6t5_Nv6o^)un;$g3D$kRYFUn4k`D3&f!A zOw~D6j`0pN>Hf{{kv*WYyPGgw$GcPBI`A8fRVKL;IaJRB9HvsP2_23I?);hA-f(TP zA^o%eu~7qdMA0HwU1mPfJZ*L@d11TWA=_iQ?7oDI4kQkP zJV3rVhYB%c9g`hI$iR##w-3Rs0`e`$1NAggkSL(XZ9vTx-`8yBI}yz!arE}VIA_~f z4?nsO2@k-DiZKi+ago>01O?xg5Wl#3**aCt!hJJOG>ssk5~kP{wU|^UmD8VzKk*L4 z&?Bdy6j3JBIg`MAL>)J0;_d5@I&xdDD&*xK?j~Q)=8;i+kt$Yd+S~&27etY&qM)!n zQ%I32_;A$06%(0?0JqmJR9*&^bv&0zUhyw=q$PlhuvLd}w7LV5u^fYucrz^+d{mz4 z4GmhScS>_kK#YdY83e0a|9f=0>Vcf;!Wh^3dO;( z^n+qx@DDha@x&%y5$g(*Q0fXRiCpNa=vnME%&zF(xJGKQ=ISGoW$fGb!3uB;_> z{!E+G3?fG5C2`SVba_|1!9~UT`+kUx#5IL3G$f){>nM!1zVHG+8QRN-=(AslcSzQ8 zOXfMlxo9Eobe@LxB{=GJRMb=vypo*T(y12CmVmY%29re(TEcV$;|qDy(TQ zK18Ylj<*UFU@E4S0_3X#^K(+fm1>*RnU{D=nTAkQwE$1o@%}P0&1VqLkaWB?Fc=Ku z@jry@w}nVnkWp!huF0h8l(4@w#9yJi*Ev=_%n-`)T+8>d>U2z z#Ui3)P>g{V#|z)*Alouw*}qton>2V9lnLjKgMchk4?*R*%@x@TY}Vmjy7QZy9;Higo`n&C--~; z9)n{Uf|rl+Tu$-yK`XOH$lbl4BmMHZ*jWeYFXsn`z^dMn@hswwo3);I!OhdHG*WMO+?b zJeoGNe9mQnt)-(4mGS74?Kk)e@BK%gx)9>Ad$PpFT%%{{Nc~QMw>wetMds0u4|NU9 z2Fr&l!X>-e1U4Yl6Bxet8hm ztFz*`X4s5f{adc~%)EJjb}XUh?!_+Xb?lH|UTHpKd_K;2{9Lkm{(V^^@f{r;L^|$R zNF8CtL8cr#<5K#}&zf!AGE_h&aQw}qn=-i`iXGm;M}+hE-so-wieh=OV$r?O6X?Of zGIG+D`c3U8M+HnAX08YV0N4REGb^Dps9CHZz5^lw;{(TmP!n^V8_=mXnEkHT{Jj}%$J zwvh%?LVP>Hw|&)0;ci6O{D$>Kgbmy{`OCuCVq=8SqF=yi=D0Q<5TxbIiJl-@S?TqB zL12|(jAfa%wFJ8NI6p*}Zpx0&5(x{fE?f$}Z1-ZY=`xXwE9-lo(;jlMO@@Zn&6Wy zplC!q7>tp-3Ri0by+VFb`YQJ)5l!~assK{0MhRadbVJHZq^|xhcHL=wgi}kT9*PZ5 zrnESu#rQyx34UKlvuTJp%#F-g^KHxg{V|p1jh7Q0%{Zf>PO0B1KLk4{-Yqgs4x5)P z?!q)Y`{fr`FOmN@t^f#B7`~N+LB27g_5@GSAAm*^q6WmuM%mZednL-Gp_4jKCpqnf z8J0riSZQyG8%sT8z>Nix(Anx74rD+I^8M)lDNZv#SZe z0);nDtYsP^cingjA|T1r(+Nt9F|Iy-*=e0 z?hXSN9`AeVM>$*X+z#0XFZ-~YZ|SECt3S*a@t6}#j}&~7+D3>VdMBDEM-4J(ZzMqJUiXq9sO>@f9r;U{qjzP< zg{B6CCUUxNgHd6T({8bX_HN4+e1qVn$o@bD-ayx>e3O&qn6lVVp@c~CW=>6okIs}y zSx4IZmlBmJc{CQk);QdxlbYiyhpip?g0aF@qv)zMwICyt8|)EIVkCcudWu??S(JP- zEi$HJ?Ce`PZESdVoLAASZi6TBk`*$`UgQmE&liKPjjBy15)|%8$?Zb;3Uy{WZES}_N zHX2t-_&v&Vw=B9+mU(_XzimY-^YC<>Ii;dO7gyiUrXg&Y)^*0UNewZ-V z%aA+52wy;;FDPQS8w=ifBhyyO^EcwQ1;@@-ZQ+hJb|h2wM7}BiQqVc$?Vec1yF=EJ>8ApEsfQb`EMQ zx~(yM(R_%5MOgzI2bLf<8 zE$O>CW++9Nl|PpCLDatu3|T|n-Ush@<%=`Pzo6Cd9VmjGA&W;P0ZUCrB(<;J_yvQ7 z>VKk03bykOe|@LQA8_*)a6^KyJwYsp(7l0$7fUXQeuWM-Vl0^uy?COLkT6PJ?Uwh7 z44tr|K9DF0QNLc>y1Pdf4E!E2v-4${RGl`5x#OW7lCu8)zG(kW<$@wjnG z9(hsn<&q`h%urH4nP17csMsXBGx5^I;xrUCC*uc;CmmAN@=wK#OG}1Fak*?XXS;Gv z7WVVeOcuhyA1e;g8xkZx*xo-E!qSUxD`scpQn?p#hs0?jtc;Qf#4!!xP^flg*fLmi zCS-kwy0KvuoD-TWb8uOr5Iw=SCvXs-D=?00$*@<>-!+LR4BK5~9YO?F{U>Yi2NL2RvciOk}+#N^=$ zaR%5zY)z2Cw6{RE&!9S)E0COu&1O@y~3%_0WG{sz{;?=yuabqRj-Ksj3mgCk;Qp$%QQ*pW;7Ss40B~iP7kwCCDi|@huw&4np^yXt zXK={`35B>!H-XHj-?Jjg%k&j~z;&xL#12e1su$^t9)-|N7yC^%Y0STlW8i>~QhPx{ z71#lGzKiWF=~=~s@O8Mt^d2mu`jLW&gT#P%r9*(eEQ7capa=qw@Ic)(Q2a(@_bT2{ zLP?Q!rWv@}&>Vvdyy8*%S}TdL7>UG~^dzDU@cLfRU;}O+{cafoZV{v)4q%4SA^Y4m zF}l_9=C}%OFE1lViBi!?h*G~m96}DljKY_p#;ridjpU-uRQ$)kC^veJF$VHF$ct#V z60b%bG`c9Hl^y!0i+e9|2n?7=Ut=kFTJ_~|A0&xE+3!OuRgr#;hOnOOdj%&E*#XqiQ+ZA*utRPk9+ zcT6<43@AYRnNFoEde0O>`m7DC8uHS^U`2Eqz9Aic;KPX=a}8@2vpUL4xZRt7Kb)F1 zn<_`6p@K^Bp#&+H8)wZQUHIq1RO)9&uk~%YxJj=10ZwW z*DBx2r0}5dptSTP`an{$5kh9y)ICIwe7YGNMiNPqS>DV@GC|q$xu3BLtFa2xs=p2^ zsHqoB$EcJ3I}oj&1h17^eo*4&`pZa{>c+&hDY^Z?bWvsv<2dQ=oG=$ZRUv;eGd#?5C)T7zPioVO6gOXpD&hA~T z_bfC=u^b5DMJ!)EH#R6%Y;dfB5XIquL$zDh4ZO;1qrqeu9z5vJgZS^d!-(4ES z1J%~^2X5jDL;lAD?4!zt^JMR%jQJ*lcln}S48P4!Zmq;%)UDPG^B1eXBM&U|aHDyr zn#Z^P3x~^n{Qd4)LHg})>}bml_kZ^_XRaREKwr}p%K%qdmjSKItTVz~W@gdMSOi`_ zM^%FV$wZI#r&`j`XwA##A%n;I-XABZO7#$zV_+w&hf;{?5qhe)WQ$|ij46GqSNN<> z0f7mC+y4EBi-K(GAKP^tR;>*6>TeC2VMxkDvaaPZLXoq;Ap4%*)jyn$&_)o$zRhJZ zlNT3)ZJa%Pzv~jwnaLx7-8`KzFnTjF(ZcX?^AY4rqh@iWpXh>2A*VyKw8wZ;x1GS-r7^C$a_G@Ul-q@w)d0 zsrDU#2zqg|bMpT-HLOf!I|e+Q!0bp413LHE-Hp)GEouA#(02M$TeKShl1jSY7S+*oQ{;S&AxZ;9pzjW` z`7rsyg+GllzsJY{*|-wRp4@1$WAlR2h}QID5Z51{&(KU9y;D7Y<8%wp09gxMF-VB; z2S5cL#S3_Mc?kIDPe5X4hK2u9g$nfYXEWN40^R<5AxHMzT$EZ=d8rzfG;sGQ*>AnY43xq3J@UqBpu07|;jr zZX$Q)&c{@1@$+Pl8cBqmJIUCFLvG*-BfZKy#;k3NCW4_smXd^lL{=;nBW@VgUjXJ( zt!^22>bFD}l^<_|k{%Q0h+}qVYKi!CkdY$m2ce}yP`ZjkQJA%cOm9*LW==-u!97|M zZ8%M&SHPzJh_&36z*H`p9`jv(^AAZv!jdn}v*^Y4k4P?eye~xLp#4se5qmZmEV;Cb zXA-`>$Vf}@di;Y{y71;Mpp2_8BMrjOX- zpo_Tt@#5gqr#AHDzGpOE`H_&3{z&64;Lw4j9md!m%t`YlB@MT+^UVo9#iq|%5AzQB z#(`_@Js;8nSnc$2wZr6mi6n^Q>`VyqW8nnD-DG_nHIsktk-;Sz*!f}=;Cx}$ zsneV;NMaKyouEvsCX06Bob-wp)k*`bk7<*PYZd&?{H_Hje&JPbc~z!sYA`r}FqLtV zm{MDF*N$x(fcfb7t1NGlV=p|<*sfe0o^PWEc0X#y6!$17F=Q={Rs8-+Bjcp(W1~T7 zc*13YXs4@-j83E`<1vw&>ldrvGJ@Za6W;>v5LL_1A$EL>!4>;k-%nN6n3oc>dc@Qb z=HdQQRih~N3gf5|+~KxzyQ#8@ z{YfDYVW4NL=-{#N(t>%KNZ$Ix7>A=bVZg4HS!M9I@b*1!DodDJ zba=Vn(Kb}yT}0Y1Xt?4Diu8&>M9yKIPR0$BY8t-|zcwqxR{eAT*Rn|&q6@KA{+b@B zRb6bdl=Yr!d;nmz%X>Auorc$!#+^h(E$Vu+CS3+__^k1>+7#wCh6@*=JhNG1fllMG zc|QfqbCWrqmv3Lt+)2_TzCfC!5VM`ks%~W3_~b&q{TrJtga-E8ajugE&p>8}-`g2g zFUy3B8v+0}fA=sPb8UNSc}aCrV@PtiWPcBlCrx+%nMh*a0kx@6`8 zo45Kd@$j&}l&D#o4tLl^XN*`UaqEoO-lhf05)m5YpxYeKBIW0h#~3B#*B8!##B_Ia zp$8rnps5SqotEaa8}MO-{3p#)&Oqy-b*Z(Li`c=QQk*E{%olGP>;>!970DnzoeRhN zRCyP2fG}c(_Ge!h%;BLOZ}`Ovy3w3tT{bd+`j-&?AD>t7J>)-rnc8oyX*!(- zwypNDL|hP}u&u-Lmt&*}hlq|sAf9Om!AuOj#yrz-9lylT7_CPwqbx8i>yP-DBIe`l zukitc@F$X+)6zWR#r+*R!z{-*nCNXYOciQC7v=cXOS%Oh4i-!(mk@2NI<~irT_%^| z@wbEV$?e?4D~Q83ONP8_pnHS+HA^`Gy>Y{$R8QQ3xqV>*%jR zD})+B7>ou1 zvc{b`G%7qvin}*}E==Q`wKz;eDXAjHaH2?XFd!_L$S6K8Rh*8OaG*Jj6&?FhS*nZX zH(g{p3onS_c0YKf*#h|wDwIw>kj|vsuKxr67}vK>4KT9|_EMD<6V*O(bI25$D6AHgn@<@93& zBhbMbb_js!Qk{qR+UXJu{N_cLU6nhHRtsgOSKB|kgKW2wa~9mds?|6_n_N)37Q{fq zq0n~{QQ@G>dJ*k z;KnD>j^047w#54m^P8^a7vw!UcC-yg+9ezTezz19dE%Uml^saFrkZ5|lJZN^^2H@+ z>k~rBbDHjN`OQzPk6!us8(W8|I*586)yTf-Xhh(&i`lJ3`R;`1=;) zQSq#D)MT|hAA&SJj-OH>VR#zYvorAx=*xGo*+)F5tw>rVH34>oHv>`0c@XmA<*L*{ z6%o8g@TSxIRqxD&+u0;BC^NoZW+_ZRh_rqDjAR5(xT5#JP|rPL<_?^V zVpmJafE32T%k7_?1SL~+mp9~xDa$}tS_XDE!YLeXCV$o1(R^+&H=y~__~lklNLdvt z*42(``3aJZdG38S<{PmeVf}1B%?k_L3`-v5f^yc}dv1Z8Ig6WCVNo}uEm;y8GXNXF znyVL?IhG9;S<&Y;)GB|jl{j;pkb)1(tLLz(-Q;b>=nNurej`oZFjZFOdkErDW=c6Q zA6aaV<@5Nx-o%Frj?>6E8x9apQUAHOpAZE^ptS-V&fiXh!F}) z?P2mi%!hL7c>04?OVj&eIxsMI;sa+KQG@C;ASWG{Nk*NlC(Yryq`*~-fBouoxYU=q zfb(lfd-3D?df9UKnRENFX#IG}>d&)A`PZZ0g^cehe+(F}3gk+bOK} z{7gX^`Lciy3c9 z_D}+-Rb0n$esmoJyIiU#`fN7QRR=c{%;Jm4Mo7xWNF4>F=v?uZB-7gB>I@E>elRM{;B59PpJ|fAb4Q8p$eAElw<9zebAwKF65xRIXHDsEX`*UFf>`&#KtMWW^ofj z;F<4zB94}}Dc?%NeO7_wL7o(`f#~aidqo!LM37G7qVzbq4 zKQAjnZ#H~mK?YrOlb9Wg1yU@Qw{Cdf<7sIa?5_1rhOiGzI#dc~g&YgqpAGl&XzhihO4#K4Ja{d1B%6Mxt) zpBv^z-(@gVQCk-A3^YHN<$XaK!0F!LYaP=mB^HC44Xsx}?fBhP;o&WY0-4b*HJ-?%3Kb1rYPo!;( z@P7Dt!`>79FjfV2PIhDNMcJs{b64spxj;*~hQZX3fxVLp#Hp6HV|?j1n&VO9F&Ndf zwS@W&f)u>EvBl6rnepU{=HH2grL4!9k(Zq|)?$(?&HjW}g(o>M))*)k4$UI4;_p}2 zx+l}RTBWJdMY=XF{ubX}6Fsg7?5qW>8(-@6<<1ATZe8>?`#hRQ+5$buc|~+`@8~D? z`C0TpRWP%!mH&W=df$t6wUg|4bJkw^>(gZZD2Fr{s*vAY@^ za6FsNQu5^G(M}YGrERMz5TDRMst_X&H9dGzV_^@ss8jNX&&wRAUQW{?3izkJV2wtt zPCyqiXm2NtKQc_?dm|MZO0k-V+kR+Q1cr-Qh^)q1B5kc-05yzQ&pUn-8A7nUrcL6jhgsCjIa?1C1FZCYOogYtI#;lqAJ#xAfTc zk=dU(NHREkVd6289arL4l^k#+O$7yEmNE3nMQc7g+swrGURrl7;V*I?ag_G>+*Fg9 zgYtesOP4`_kX_hUjO*fQ*WwUP)&-UjV9m#!XWZ9UHK+GlKiOT>hyG3Bi7(21w|+H+ zMp1N=gzCr|nYNM$*371i@^U%ji#*#-^Ak7!2GiK2y5oCPsWqVzPz;%%lJ&(wE553@ z;tz~a&y?TiDJw)2zZ>Ed{3O}jm&~o>Aif5t*O*d7>c|!U+XHaxMi?29mM1nGt1Qe+ z|5U8RB~J)0KoS>*Hevx~tW<)rw{36pCB zk4s6!;FBXT*CQL)_C-L^x8WQz^LlIXlvOrPoi_znXf&ZY{jX6N3=Wz-e{z<+alp?!Kw4RBh$GO^|}l}n-Hl)YwLrn zG<|=S6C5maUvwTUyUQfC)+)v5EAC%_yVo-bX|-%|P~JWyu`TDfrP&S2_LGGjJj4|l zcyRt2l9-*xaHS3$f4%jz0fy6#1dWnEvz|ATe{n*5QHFX^R+S$!N*UV@ymM~S<8@Nc zcP8RhhHp7Ok7SM{GD9XdgF3nrk=e|UMqh?7Iu6&hX+CCYJ|Y1;k5+NdlYO!470IF9 zDlp6RRy4jv{ooM@w>m!RW;ZI+4C+40zm}dw%o`u|?4FS7Mjpx4nGyy^WOhhEVXmv( zRWta;47M+P&I4w&38!+gU#$rs}7W@nO%sg8u z5JyD6p#&3OtJnr=|54|UWvX}Ioy(lk0}OxhaOPRsVCU zHt(9oiiUNtm(w-`yYKn_QxEb8fng6sL!}{E1oQ!Z zm6pNekM~g%E+iN@_1IGxf(wqjqA**k%Dmy@?mmlxN7=I_BJ5dg^7JbP*gM(nQQ00; zp^;^iN{r_L;(~~%6;a4UWsd^Lyjj49c@5&opg@G?*9GTI=Rkl@ArpziXo(>TCz4p# zj{Eyw_&c6!jabpqTrYk`U(jN82{L5}g&Sb>SriaqMQ4mhPzRrcb|d@&7L;u*f+&CU z9V(Qe@38Fc*BDIjF5=b;qD8Tbj%s1ne-2{Bb%I|32HOS0!c^5z>M+qrjp%A(dk!4#oL1w-bmEUG{h3GxlWvti%3i%AuhGx|=lQ8Lj(rD#RN`^k~(iz>IE zd%pG(S!?|oqmWtH4exXm4w9=6pu9UqC$*&kzNoE~Zq21QcWHa_Zb#<4P2`_aqSJ4%NlD<}!QV8q zf+WP(C&!z9v`x#*s|hWS4<6zOh>#|sG+N**z|~dk%VBFDl|Ca#i|nNo*P~dcI3vf# zq^Ty-pZ~3<_a;|T6nx>j6{Hp(vp17zG1C+XWldrYD@yAx!CVSNTb7>u#z?Q({apsL zVLEXSb{xH41PON_@?=S45CpHA~`LDt`MVg3CIu%g4HrJIZ`2bO$V@2ul zVOV`6PtheiKlRcrtrV3c&y0pD z*ZCify5k#6PD4<-_Fv_25G!_(MbVGr)djJPLiV-p_2>%skeYvHaUHbP1ias|Ppjjv zG*_9|p=C;Gv zZ5wm|FOX+5m+2E!@E3P}1Lkm`QsyT9U%-!XI_*Ee&#qm+%Po}nTwqwJ#uc|$qq+T` zj^iM$W;jI8*$H52oW}-O8t_ou72oyWYPIZG@gKFi`M;^v!Yz$n z-ieg~@y>{)krrZNCpBOV+!Oq+%==-^DGIdh&`#g0P&U>8z-}giEa=X`(tqRL3bRTPN>HYImelEL(yI40p6(PAi?>W5kkA z5|6$G;KovpFWkGi2zoPHp#r8@lTiz@5j6{GcegM74vK3Y`v}5()=l)v~;*E1% z_BgHIc)^d0CwPpP@aCFpaO-G|$mdui=(hi(^m_m3-R~5urs0 zW)a`dtaagvDu1FDic4$yr%y{EZ46&lnRxsyF~UGoL!LrHG3Eo2m%7Bq@%i$VsM|8f zqrQF#gl7&$ZnOM5=ou|Ig;6s3TB@BiVqZ_q2w7Y&g^)G?GyFl1ZwPJ~7Kxqy)NqF^+{KXr@UlDhYZrS}ER$fT{(z{H)HSuEwNlCjCF z8p%Y18e|lmc|>PU{88}Q%oZLP0{zbAtmCAQ9Qu{A#VdiSz{a9WSI1t}FK@PNX1_B7 zw;x}VhMFnKY|p;u4YHk9@`NJV?ATMFD}EflG@qgAE>Nb2>O_ot201a)wu`MMSM=}* z(+^g=FNW!I#^@$m5$;uV#%J`ekUXpdahQkpjngmag$qHygY=l0dDbMn(F);H7F347 zqoKE+EzaJK#o$ev3?2F&PX7`vX*k8=cB)29zVxB*f+kR`KkseZ=(y9!bOn8gl#~a^ z&Z;We(kOK$e2CBj-RIp~lG;H=Z#$l^r7!CXPcIry-y3`i8j^=7Fft|zMgvXh=<Zu2aq$q3Uof0ftKBhvW(tV9Qb*%=*c zU~$4s%@&PjrAktZ8+T0GAU&E*+a@V)*rH1TZeje3>$n@EIrb=%ev*LMV#h&8wL#CU zfv~w|rsJfUaj{bKH;@SCk1S)bVOr<^9TJFz345U!c!1h~BMK4H*Mfw-F~ypMD&~OC z2v1{z;P`bQxV@8KYks`Vv4Gu1N!IC(sh|aE7ZPHt<~{3>wFa!ReVVbj|3suk1g}ut zbfOY4nq&zx`__f28^@SVW$+r|jt`b%GdglNlm)SY!cca81Xcgi-!0VO$)Il*S2GjNMn>?yAQ;H_yfxCyWmMhlI&hF7RrV zyLz9_AMP>I&iPO0zyFfaTnR z_s*?vCH#d|t`8>3^2{$NSKa?z@R*iFlyHM!{bih4?KOXDvkw0FPyZjk*!jRJXRqRK zEY7>zRmI$NSxtzv+<{yJ{TaVjm0HgV>BX~V&x~&i&;E~!C7ax4Ui|s19B27G{XdoB zFHKMCKbyiq{kp&Zt1$O7Bme&?%t@O4Q>_(mgQq@qWuupW_3Hb#S6-LO)uN^5;f`0-y@5w>L~V7jbk(b@`Kh^lh*1^CSb}e z!PD-)PRAh=DTv+xKZcXiV&JUH7iz|yksSB~J;>|}83V)565}luU-n)>Zw<`GMw{rK zF*UMkXOH_7ABgseQ#_FfZ7}EDSF#i))bb6HJ+R%9giB;gu=O-N7?KGYm;M6*96blc zhhtsMvWq}5N}MJU{kOuLjB+R-dc{m;2W41=bVt9MI zaqE9mIs-b-V&@(&Vd`~IuN-7S(^kr?)^>v5nqt3Y#4!66jbW!BaIQbVh^ZJW7=T1d zbf!ax%%(2NdbxT0g_`;QZ>SmLzd_9q2>l1i89=Ie7nJjEEYVz$G!ZfQeTXQaFwrOV zkLCKcd13r(I#oHzRW)~S*XF<}vO$5Lwl8Qk!#z`Y#w-T{It(@^yi3qWPqz(x{pX#f4dT}=#Z&`}2-48^UQoI6I| z<-%Ydl{eH$8ngRvYrpWN&OE$X+b!jkWzS<8E&CdSyy5Z(jeREnv(r2Z$DMl;XkHpx zEcKAF)NR^)ZRJzi{8X+|dk91Uha&9gC$k7L$xTETmgAmHlD(TdHjC?# zZw`X7`Lf;2^2d6VEI^gK-pesu9p&+7R+HScb{i_kcVEkcP!NzPMwi+9^9#i&2@c2e5)l+7BFJ)ZO3!&!k6yNt<7UNi%^2 zRVHQzD;BnbkRi`FjwUkb|5`_CFkTtsXW2$%5RqB#c7gmie2v%=j3F2}&$2eifVz-K zLn}|LRz)Vpz_N`NCgqR}8BF?R`Q~;NyKaPVEGxz?_qiQ0#ghW0V$|LNO zutXF}VmUbY{hzI6OFhLs&=a^`3+k#(%E|ddiZND7Ibi%cX z>8my?VXM(Cj1cA}mx(xn8K~kD!E)=PGx+$IPNT<()IZRFuC5Qh-OJz9B&iPJ2EM*) z^!?;M<*dB}hr`y!$C5ZQmnHp{{B^Jdelbiwatt*$p=y7j;A?q6j<^Ah-Ou9QMwrwb zQiiF#O>dnD+=lRl?*Q*YH z8{~JTR)=!PS`r>$jW_)keSxV|xwhfO;x{z`<`Y^k%htkL0tTFhL%Rx(~p z^oI7>B$f)N%`MUt3uYC$pX=DAi5R_J4p81^p&8X_unzwmPllEzVcygZ?K-vAa*WX+ zCFJ`oNCk4-Ik{FPA9BAgbU4M#6&Om3o7e|Vot?AKZQ37fdsg}XMRDu5>65A5{u%0y z*kp-U4$+VL-t(8{olah4PI8(vF7D20GefK; z4SsGse$%QBG0GI_MmO@*HZ4doQRfxF-D-@Ae1crkR^i2el=s|nDG}fB?pm3XOEux_ zUaFS3rA;zAn=+ziI4FwxewmMv>i9ErDcGUONJr6;kb*XqigrGeepD){J#aq(2(|A! z2Je$}rK{+SDr2O{+<~K}*#QOk*h89ZL^O<(So|27080F;`9JboChdzKtqccHk5Bx1 z3!mUnOCuz`hLe(^c$IUzvO2S`p=y`=Vzx=YwsoNt+MgkrV^Cst;QnJH>kvBUEJ}S! zGJWSbq_vtm`76ek$7M94DKvLi$`u#xly;dJwAVKBQfVk@0j*rXLTLvpCD-z|=o4kO zsAjv>MI_7mfdODd_s;&iO)(iX?FF6*h^ruT^_wk&+BYccLHuQL4#xQrzOqruQY-wZHOz zT6<(1u-Y;X{HpUTj6*@^GlfLwgAZr!Yly=^=WB`IO>d(y$e>g{e3ZGT$+pT1 zVj$y5aRfjk#cv^(RZoqPH%k^y+`49@KnB}X9W1o=`hV~}9VwoCpi z9A(ac>*Db|Pls>sEZkA+_^r?=Z?N;zJ_K>rNk8yx*sPf|grl74bf0oSz2pF1mYX@Y zTX7WakD5D%+rhl9srgD9C1Nv6AXlAooKnwrAMnJan^<Jf6rXovnd+JfVb_8lp0tzAWe087#?Z zcJS9`?7Y*w(?zZths1(=B(B)jLW?=(QEl1Qas~T(pqsR}O55Yw3fKjFm-DL+tXDqJ z8L=6izAF%^=1Ub)#>o5ov&iG2_;xkCAIPEtbT%w118k$R<0uqAl2b5bj{8ljRS;#4 z$1RZ)+mMLTCroOBWdI>OYzFCkBJ#aBs4djnB)+SjWf9!9`xI;_wTk zey5YEY0(o2(5bGco79Ky#bnFF{vXobIw-C--`d7KxVuAehv4pR!QFzpyLN)RySuwP z1c%`6F2N;`x5+cloH;Y+ocgN1Kj>o9wY!?`-Egmat#$prk(&FW<7>LNF&9A?N-N6u zCgea`%EHo64kr)`yMCge*1=)Iklc`zQwf06C&^0x;*Z1Mp1B=#iL3y;d_xroHb}Z| z(#amnewLikwp7MRHh%8G++@}xEBRi>X9*}rE;&#lQxwZ-6Act};S+2O7XFo>2ZEq^Z1I^F^cE(1o@OK_W`6ftsXgw=w}fKhd|W+*i;7&TUElrmCP zIrQK%2Ne`mQ^t%wJ~h#@L7NJU(k=*4C?639GRh2*g^)!!gq?m}bmF^!?KZ6i&PYp5kt?6=~aA^&VrAe@jjtpivJ* z`?A{-pwN=4i&g+MlBJMqZ9mjzkr++nhz@)Muqz?g4#|-i=~e{;8cQN0i5D!Z6~(60 z)_EW*9Zq4iP#Q=r#HQP119M!ga_;bjte_|Y)gdas2IjEamKE8l318tR`aoBYtyWTO zbVtE(w7UTefEo8*(m*kYa2VHA2$Zu0#*_D^06Z z;~N|isu~BCZA1XF&x3?F;Mt$cZ@I%PfSmSV8lma$XI8u7${XgR2?HFvdbPmDzxlS zb>sJqJ8SejR;z-IutMEoE|>Ug?-+5~)2)`XP?t3WgU`+WPyW&@IsO-!Zyw}Z5j!o- zmR`#XP_ih0m1TRI?q@%Q&0&EXw9b@fd{0RDJNeOcc2at4sqNdk8mBTg9rjo3d}Z%F zb`Hb;Q9Jsyw!_NDV{wn~;&v|?*jD=#uXo;*l+7Kl^yb`JF7agV(`w)#dN9>(L>Bay z_5=yrRLV7cYD`#BHd{lg=t=Y4Ai}Z9FKp(qshqpK^W=QB)jy4r*T!1$cu#_mqUweI ztK=*c2j)O(9R8A=d^J4jxv*aT>Jmrvt#V(72xExZbz-wp+4<_)z~n2$K9K2m&uFw`4oAMeT|F6M2j;Eczbd z!tZ}pn>?rKXpauJ9a2BMauKqb>Z~ptk$#flbP$s`lK!jOwEA0ZhN=P8W`m(npI0hb zUcd$4ed&iyrp9WI1nS@Jy#^b;$Bj z_2yQ}`gKql;#0oiAIieYMB$qCxC?w>Ph`fnL)A~Y+R-0wM}uXAgC05SP?%~Y zf5|sW_A6x{-LStFIxKO36{XJdN^fc>!n{U_-LuZ)B|Q*X?5Svl3SZ7lT;iYAv>&0} zYN$P&%s^e`&J*9W{V1l>VVLu)(#awB;aLoia^q2)=fZhPUb5ZELD;hr4G3-1N4E*3 z@niMmt1LIQquRGw<)ee6a2?@6XxUSYYFy@utWYrlrW6$#C+Y@v<6D_;N_lvSwLJ4mE{BDH(GEZ+x0O~J?Ot+u;I zmsO;ct4vPmuXi1w@#@K1r|Jh5WcD7c599cKS!qvlsK!@M2+sE0t^#iEp5VxT+n`6p z(*_@7llmh7Gv!ekW{p)L;BEd-MO8%pscL(rh@)??RwfOvPAi^i+TiLvsOOGla1+<1 z5J9f&Uc<3-C_^O(+M@igMCpt&vF#4KR$KW@Ff^P{aDt-}GQk`e6>xM*vBPeT9){({ z%^$*zU+{f1^lRp8ee_zmS?0P5Sj;=6Hx$;Yz)$U8^0eLamA#rqPR624I_P{ZrjE5A1+-8Yi-8&^5i!dQ~Fwm|#`c z=G=~;ekoNXJ;#RLxEJ3aYizaAV|0FAI4Y-R9nz}Echi`j)S)QpRR~27trnar7yg10 z2ptN{jG)!9(B1$er50867y#t#eXxg^7lR0akyb|*A_)|RNR;rrf}shP6tO$t%1H=Q zS;Rgu_yidZrA{^A+_T^+iZ~H}B*KUMIe{MSu1&gbe3GQr&B%6Cdr@O}+Yc~mqv zY&l?3K}^X*EW0p9CMcVviNcIyR7Z|sR2LDLLbuy{j}$*K#U^Odls!V{E634SKNxt0 zu)R!*)5jWY9vx=xLB&hLJ5~h%{!lXxZd+4a$UW(&!Cjbn_R_@h^a8#OLP|uoKNC9E z>z!deT3>}d+<6t5tc{{b-Z2H(dSY!_|< zvx(frN7!|T(naDOj}dJ5e!L$`>b;8S9X_2dNuNYJ7DrEeo;JoDul=;pZwT z&JO2*UG%V>IbajHdlc^d2(WoAiA31_bCFk!ByNY-(N_@IcF8)eWahdSD89FwLN5GS z$DBZkxJkZQ*D4l4Neh^9{cXdnc_=-Zi82FQ455{X;C)ia%n}zv(zyrw+uIrQtJ}|% zaS>nkla-kT55iEI7c;dnd>+Qv)2o&x)M|dOk#-Fkw)UvcwVr2%-Is$ey3)?MzfL!o zK!<)KZpLcubUGq=&YTA2{sP~)NgFOdb)T|g04tk$(S=vfO0f;U447C|j@AR$W+UhM zNw@^*y%o?)tv8R#aN@gRrB9m^>>bmyiHNru-!1JFMQe#bB6&NwQ-4m~w={~?|E9p^ z7~Dzf`oW;cLaNWL=U{q=#{e3EVd0vfW?oOTZDz4&2T-T{L{O9HriUUfEu{`l#)vFV z8X?>4&%_dsYPd%_%HJ#5wb~%WhNH_z621gKL!KuUN;!y#WAvSk#7J6GNLEvDe4-01 z=^z1yx|uaYZN}t;<^qLE+&mWh0f28xJdqpguLGD6l8V^c1cx4)B=Kc zwoSzP!M{^1T01g498DSO0k0mp?D;)3MFh82BZt)kTWgUCt}=rZ1KgY@BHmGObU=}n z9N0QS(;yek_OGyBqEeKBY42|z=gK<55Udu&r0|4PE?lCG3E!Wl_16Qvg`-m<%=v5} z@bGIn9Xa2xQ!JsYq*6_8A@BXo@- z(c&IbDcuaPeKJVbQEkN+cmGTm9M#=0I{iKlQgO>klq02*3#AsgC&W&;@Zcl07>tP5 z5sHm3*E4>=l z-h70a31UW`U9+BbR|LJDEy#f;@}VZafhK?r$|`A-m~}c$d2ds@JqszRmS{t?aD#h> z5hlrwmZp%7wqQg{lfUO`zb3|FQPmEnrxEbNcYuGLUPJKcfnG_H(EWc%tXC*BDwF=f* zu0W>Niq!6Rt!owREg_87En&`sLE=WxE1WW*?)nb+Z>>l~+sR*{Ec3bg&LhGG{tEB?I8+)m3-(E()&S;Vk zz3#2sL-^-bdmXTuu=~*mi z62OI%yEsr6D1<}5a@>}fKF@Cu)i7iWMXrMbemhC#v+npk-m{~eh4M_I3J?6M3*?!E z9N>w3cHnXtZav_c#DYOaAuiGu^iPrc3gQr3zyMO)=QV^n!rZ6!m{+SxAsW4$5G@ov zV?rFLLoN#Ok+#JuL#AWy5e2%Q##2^zPSsW}ll%rNX^I3>w1IExHAwHT z+zdl?OCszUZ&lbCZ;pNA>5c$9gk)6Gv}6p?o7Mrqfm3NSUkc#BGy!mcGEpqUoHjLR zfFyEbIvyI<^Q27eGvVHqAl0DapM^%2Cn4IsG#x1|QmH3Kj-p`y1SZLSsIC zs&1!I!Ffx^wQ|m4pvLEc+4Jz`FtP8a1YSQ6d-A&0glY4RP8WAc>)E^|gBQl(^>xm{ zb%VN-hn52a@B_I2ba776wX7rzu$9;BZAb>&$#iwzvCk`4k^fpH@9a_}Q(MkD6%Y_0 z0|A~qJ<%%q)pn91t*zx#ICwJolDAEO%sgUeux9rs64t3QFXXvjYTvFzOT(}HvCmaO zpWz83$uh6bWSn6}#wNKSkh`m<3H*b;PJ-Z2aDz|d#4rp_`d^%6f?_{3$h?6>cnOF3 z7vz3N4A|g*1TV@eSJ{Lvm=Z-I?v}GzY{%PJgZ!bdZKUjz%R_pNKReCu)vpN?`#?%U zYNxr(bbVl18RcI~{*wcQE2@;*9n-WkKtGEwtOtnix)RxH7X8{|2YiEjqA%~nj})?j z9f9@vV8cV(Gtytiruy5P`>RMM2dt(+F!lk+C^;3@o|i6t?ggP1rsfa&4uU8z^8_#Z zsjYxlE(#-o0biK}z$>QIN#N_yh5ec51)V`fWV$!tn$Z7RZx|t%$u1VzFsp)ioR)m! zE|MQ#MTuz(=;}}VuRf|6siNy=D{8-_dUm-lxH3MO+Ea0xz1y@CJ?gl{cQDOHykSs3 zKHJ=|+6Ui8fi@OnB2==vwN1#I+3d!1;;*wCw2rNXTCMnjX z0a}>)!Ri9G{2!TuU_U>NbCYQ&1B^JyU_TyAo}>C_ZsB1LW!8a242x-vry+qht3qjPlgr|rmm z^UYchzixu_&~9OAWYU%L2&f@jgdr;iKO~F*t6`M+ic4dq#})ED9_jF>uM*{RA*|HLO{^ zcp2;ZP~ipl``Mgt_T*lxa^o-CR!rq4hc@(-i*g=e;=a&XkOOzWp`WNoY-f}Gqby?j zRJ5K-m?q{AVrv4@O?04+4zx#wQ1P3#_FSjq6|LgAKMn)8XH4H{U41As5{9m zaeXMXIV!TbysQ2j@SR?|_*g5=3;G%!Loc78{3D?O5xNI_{uS1i-?~o1^x7ezd`G5R zN^qGRnP%>W$E~Vei$DHp+cpAiTiu%v`O_}K@4hYDfAei$fk4(jzU_hXyOLfP|4T_H z{ZZ07ZTG4-)JktZ14kY53!BiT+_DOfe*4b&|Na60$>m47{Q~X}!}ilZ#%*o>_uv0v z+!7~Ov9b)?H5{WvlngQTgCs?#K==N5ife;iEnZ-+W?t0%kZqa8|HNE2WJ{&B{Xtgf z7?LcH_inzpt1qf;NN?5`(Pc4e<7pT6ih`js1v?;`efNctDb+M};|P92dH6%3Xs0kS|Q*LdaxnLu5@JT8X4hrCAk$34Qxl7%=tGPKK-hR$Dm9I$*p-uQK>91 zkGR+L1sPRbd-habCw3qeiT{+}=ag_0ApZC;(P0H6Nt&kcR*==s7$8;WpHF9`E^S@z zs7sb1+`}(QG4tusltaU%C|_g0`?Y?qovV{hg-V@l5P#xWWKfY(I;j%x2BXmArFN2< zgdl05RDQ z8<5xKk*}v4d)bAzbl<}mvR@EULfHY@-^SiiqaN{bz0j zO^=W|($3|;ijMNO-l!erzz*OIjUL#b7~sEvS!zIF7AX54U{7B|zlHAIgj6*6E?#A;tA{I>U)uP>cW(XT#FbGT3+wim zaPdm1?;KA)7H7jI|CnU>t3WoJLguAar{tN#E91Qy`ZoF?=g;sPkYW#awBMwbcZ2cU zip5ETjMq8ESA8`qN=EFKP*;SaDlk!1xt5A0NRPOY8DjL2W6&{HIR<02_ivk&gl32zGdO~xpI%r`%P~7`I>MX5j7+jymIzc?uAtMZWEU_#M@P$)hxmAz^P$|j zDuHlLCB7Wbk_tlUbH0lmVXE2FnCRH(PejQp$OEQTZ@`C171{UyPLhi+ZR2Moey2d^ z^s2~G_IIvuX;DiO@U&PL__P=@km9E+8TquRJ=#5~g~9YY?c=rQfj$IWymWPyOVA_!9qJ-t2)U7ino>a~! zcJD!k6b@>ypW9jM?ESf}iVW<$k#_wFtN>(h|e5%v_&^dIKRl1-x= zh?lA_{b@3r5l9ukGg_dT2>f1EGq)wdnQZ{$K~d+5D~Ov&o(3NU4-<aOd5*|Do((RAp-pPag{I&3?;fNegRUbBoPQz)7)fuOVE*M z27{!rzVm;&zsgb8fselqgibWuL_ngc98h*wJT^+c%9$N3UYc?eaDC2EmhJD2w;3`1 z)bVzh5L)pY*>%`B?LIu!?YTr*by1tU6dePC2Eg~J0$meFvla0$aYw5;aaa2NZS6sm zp*_&v%`Hs*;coGz7R}4NuHGtLHez|%<3~znXXTkSZ!?=j!1)(fS3PNKlY!dRrt^+= zLqg622V+7v4W?)wTiBbHLbvd+ePxSJ*HI@weu<9KPA~_L8%4+iFW%w0dCt<8d1ogN zY& zqr!9|u6K;G*oc&iF$E^-l$bJ*5la?gSoA6b*F_dWzzk)x2zt(&7wOK`q9@qn2sSJL z@RRUbF}%Z3^a9duQ-@8f4=-9kfH^cxyMbbkaG}(&_KJffCmhNpN#r% zM8Dd*qdg}Cdb*X>N$pOdQ6y9sM0qR<^e9@rsuew#CYR=lTBjmfwADEx+BKmpKM0ZL zUGQ3pt^?YVC6QgKAziXbP9}3ie?*q>C?UHH%NgEM_t^%op9Zcc%7+TCWv=rKtUH_n z+ELudF2vV5WdmEhv|C>A9o(QOc5DaMzXrDO*wPHG6F;`BM%J{~&_P zmv`M#s$7Ea){l}zMyF3jr;x!IH3B>{7I-EL@JtinnIrhIz%xm28i{X!&7cFA36!)j z$Xt&#^emL{CH&f_XVii6?ih@pZmyTee#4byZ{oiqAMt)Zu)ywIR&HP7JBa={c2fo3 zE4TeZj|`-H=?j1)cWC1=KLWAB_L@QndV&$y9Wg*us?ik%>cG}%@0N!K2=K^$V9QVl z0SFhXJ`|yjQuH=f^!8xP(1BGF=IxRMxa+7RM`IzA5i%Bt^G3OQe}(w@=y~Oi^%Dp* z+i@5G0?picZQ=Bpqx|tfKP_VuC!a-_x~sPt5I|7Ae}zL1elhYXk1v$9c-Q789OS=;sK{{lL$K^QpCDn=vy- zW~`TRUwX9~dWgU2yaebfC+KQpBdcCQ6N!;B^o37fP|IRjk;{JoBAR_A9@mV1BeWHt)heLEV%N>m&set6J7 zSNh2&k*%oEs4JLNWzM~8c7*>=0ZK={Gc?cJ|9LgiwffWD+LYUSFG~7<t|5NBY2)X~?&081VrfLLn4H38VgSE)Q zHkE~_Q}$(}>d9`46lXh~fWBDTU4fDMH#{=|3h$E{%?YF#+J??dH-~qOm7f(cQwX-V|jOaV}BdY0H72tu&Z6A+UJTf z>kh>ZbaU?w{^{lxyF~xx<~rptpL&7Na5v%gZav1GBq8kIKSU^$ z?mtAR48ZinE!$yAzwBtkJH%Xx)S1SBb*ax^B@y$0(rW)HjiWdfQW%jRfL~aJfbiyr#BLV`hFiUE z>W*H#O^e~oi)Gj^ZVd90)h@zXkvHLV$b5DiM|TZXNd&)Qu}p4iV3yop)(k`a5cf6G zBj-lg#LTR+^M&l1zvby$&wT}iOUAcvLKZj-%pwU>s8!sF-+<6aFc+mJUI&T|8K88y z5TQs+s0r(x83!+hQyj*kRB_PZ8Z_v_|CZR8F@XJ^2=QGsiut12Xo13w^k9m#8v7IK zYHL9>65m(uBiQ_APiUSe0`DzvpDwUbKRigVLpVcjUmX8nk-I?7@*1thzI^Q-Z3tTpQ6P2K}247u2sfCz5sRlB)r%6_ie1SGr4W%cgdWxP%E*x2J z`N@8zgzcY+=l4NzKcAwn3|<{F$)eXurlkYu->!xZ*7_g{OfoK=Eb%ky5Tt7AE2q}$ zQCw2lE(W-?_{`9ED3wZnKdSphiBw-4%%lQ-AXvATzbo)392WjbGS z=S*!Olqcxz_xHKE{7AMw`CX6}AB7#`f<+Jwd2I8CAko%}fu>?e%#+XWdUSd2-Igmy zGvJ}@58|>Jcf_|a?2p)88Mpje9c}3fY1*eZK->^6q=vRTKe&}vex&;YyV>so^+?1u zef6O0zU^Eh(zi(>cKZCvGd@gc$eh9HecvVchnXYxAFczU?DzQ{&KxQA2uczXYKMHX|| zh;4F=E@RkMz(`f_hBr(N?aW!5gDy@@lS<7+Z@WFoO%+1YM{uo!_@A$9DDt zHE>u?EBGodlt$#SgExFd@DaNdeCv-_5_FXhx%{bQTbq-%=O-G0d#vs$8!r1w%DHz^ zCqK7ZCEJm2gG>9x@$rJCXB$TGq1t+J@#pg6W3`N|u{MRNFO@}y4Li3w1Vs|D1TJ!V zU9VXkXb6EQRH(wYgx}%BGtiL*wg#)Po#SLWl29s7Boa392tLCnavZd9OAKRhSMAB= z0MP)~AOxR1zU6TMdw)x4ut(*n4snoRhC|rrtG_+`Ix`f=syW2y!%ha#NPw9pTdEkj&ZVO z9HwXwa=`xF2eqN=^R>^YBq@w5vlJv5ey{X-PadmbQ3v`e5H}FLyn#`PLgKv5@CMYLb?!SK{}b6;kov#Me-pZbuW;?> zh0`atTeiG|x!jY!{jFfVx1=P2Uw~Fj%0XIL6t;a>e}#jrSg+uzr*W&!DPAqU5M7uC zgWOjQTc8i45p~%u?k^AYVa^xEAy(GvpOI&3>#6}4*XPhIH>q!eip_$69C>w)P7!WH zUS$!Gy88A4t{j-d6U4)7;UnZp2kBrZn8PG$l*#u`#bo6A_R`&&W{(D5^G;q9B0)=M zlm}SsD$pF_)D+rNm+UxQb>J$>GbkuexXz8O0%jCTsQ>0s{j50GyB^z;cOIYai2j-$ z@Wd*Aieg*oj`*RZdgZ`;3+DK*vYeKA#_YO5*h_$_!00{|Xpf_yr=WmSEz6N)x@Kz= z!{=_P6&hbKQ&M}4AxBMNt$YfxkD@!@cudDr>y=G3=)M!No~(Z)MISHf4W6t+fH(7G zKBd;y2N_IZq0cp8M{zLzkE&d}tkRdavNn-#lxzQ}`s>GaJ|-I?;HAurH?II;8x?1F zwTPEjic2)KUWq?md2yJm7-@QAahM8H$VAdP!t;gd9Wa4`L_&`EMlu48F9@3N<3LJL zz_WzdZjKv|0@otzT5u;nkG~W!aC{o0`?4Ji!uoA@qwL%i4L?WxF*9y???>>bKY>Kf z2*JWNOf`8^T&e%D4woZ(ELq(YDdzI9dac32l$9|2XLd(dht)Nqo9Fdd=-J8ND5{9- z;;~Np?_sB7kT;|r_tiDjlJT9&XHLqv2{>+Ow6C^duFu6#HZBa$hkTujZ9t-Bdi`5u z)txw2C$Rcfn>+WfZi>L~Q(8KYL2v@T+$_uXD4Z6;k|#5ZA4=V@X?{TX?Hs^bQ{RSj zrIV7CEizTCb12hHJLEt7lS=jWxeJ%Jf_1*rtiJ9y&FBVh^Q%pue-d!`+Y)Ll;eTh} z2G0H!L?idi$1FM8ET(A6Z6FrvX zGu|h97)AKM+KKdem`96vrL~XuegjwQvwh@Or!!oI`@$Qf1swF@#Y~*NB0(fKj2$Dh z_>V^1fsirg8^{8v*{2&_=o*c#g0>;ozBj-7jjnbZ?PaWs%{O#vx4P54;JA{{+E(V9 ziA!Hr8q+V%hK@D)nthzVpu{Z!3Z#{#)_xq;3%HYfl!g#gOsc>_O8;yA5>v`1a0XLD z|B7(lJgIe9|7i3V<`qdj_;LerQ6paAq1_R0e4JKSc#j+oQcHok^_hGs{FwSh=4pL& zwnvd4Hnjq}m+Rhajsj%;Y>#L**;k)bs`L4eDf$+>k>3_Q0(7L5IgfE!D3sC{zc;*; zOf3u-oDzLe9sTwb*P>P0bcDthXBqs7bew;s9_Mt{*(dhSaMrINC6zboUP5a42CHx| zsh!v~d@%0LOSJWfF`m;QR~`XC!;?Nt%SCK=j$KnhZQEk`V`6R(O2iO#MzOSJcW5Wl z)>yWIIw13#_HuRIdJuks=~2>nG8aNoAfH&5M7MIf0TKJ}Jov|^ya^R6H6_rEVS}?= zxs;u6B~`sT##rW(x*~e0dU#>IYl};++Z4)VVVDlBLYt4;H^01>FjL`^NBVv?`m9*r zWs#J7ydgB=O)2IBcMA`2EPqXWX+BS)-@H&d&#F8Oid+8f^Nkoi!PtwRL3j-;)!a{> zXWcU4+|8pZ8#OtWvdA`bqRE=}8k!-ACdtz{48m#iW6-kMnyacF&&Mmq>`!jDBUdAR zLg+2DwvtM%zI)W1b?ix6+bJ#)mTBX^Dr#xtR1Lg2*NGQ-v1ASzo5I$C zS^gL+p-~+RjiYW%UtX1~^s^)?ir`<@d#ZgC4(A=A*#sk^Kot7E=LON^o#M!u9j6x1 z#?5jm&!K;GvQ#&+W04t4WPa%E(l9CgS)y#i3eIVz?AOiXZkh=})1-DG()Vh1tFLxN zJaLCpeBBXZ&CWaf-btI-Be$3Ok*nY^3d^i^ly{GXm*NvD30#?9DCi$XO>L>y|zL@h(zHbIbk^+bP#+uDCPNnc=E zAlYRz$$+AI#P|+<1W|nwALI}?buDe)wh6-dm2y}BmOwhRcP*O2GM}y6nLpn-b#YW# zF&WxSlfq)ir7n4u+3iXuNsxkQnE)JQs!&qJbNrqm3m`NPUc1D}e9`LIDBjhirvU{~2Bl`;Zgq-6%x?)U43jeRnCk4Y@KxS_ zdxWTuNC@)}9MLBvw)S?!d;=fA@)*@sab{>0I-n)>VQ0I2ApyQh42lXigY+z=J`O(rXW%sja}rHDYk~q%F+<~LBIlxtxaeZfB^I&NU-LnEWD|+tPuK^Bn$3g;PIpZ?rpZ2v}WFR1IpuJ~) zy7(7Z^J&nK)1m(%$kf+z5MHW62;OE{M{4&doBpC4Tds8T_A0Bv*=rkhL6=)@byc^Y z_k3v*ssNB0ZBhsWsy2|NMAXYW+mFuFV3KZIG4fAQ{>Ru92HZW)v5lUE;6W> z3ns`zRV*p7oj z_cR*5F8ydni7r85=P4fC5H5#scgkAple@`Ov9wR}*G*m<4DA5sZ4KEv9n0|rXDMds znHH3BY9|_XxUWM-znF)&BYR)_c<~jkbc!?-=ff=}96f}nhf<_rMbyQLY_Xakh-`)YQzEE@-=Rbv{)Vk=Qx7Rc)4Kg%Q{0J#@4~FXiDB?4;Q@$ySIZQ5%JIqzc^TW`_A+ z+ZT1)UDmr?Gh*j$@2j+3i;Y*+$Ld1Y<@Lx|_|2r{g4R3uo~{Q)m)xdp-lnPvXE9J~ zd3tk?A-nLPNtF6dzVe6Wa|^AJtu~*^mxYQKsnxICX>O&+<}KP<+i5*Vi09APG^4z( zpSmtzipTrevQ-q#*QSkF-f0nBSFc*-i`OqUwCU##@pb(E>{NFhT<}qT>xH3-U^P70 zIoO&_`A5HAQ9#`$w4+i}wE&+-qz{~3P0$gpf7ht^Bc87@>TrFDes$P=@yb#p)s0mh zT!@KH^j9M_JSaV%T)wp4hy{#bm!?_9t`aX-(LI5u{dTgnb3RihR^u8OUPo9m<=PSV z(>)eJU*!Dlf&1Z!qpE}sX>x2ruas(xaZGzdqdy7QpYQFvSWy-6i!EE z3r5MLT?eiEVKanZ52-;>OI!`7&aB*|^)MyaX)aOoR;)Pls~r*x)Jr}#RuspL5s;+A zRL{Y9?WKqJq%V_*4+&(?J!x5`d=Qz=pn`n%%UB%oJ7`Vewvl78WIvmWWGl88@EAns z5U)lRp4IR=puD@AkvQE8I_2?kMtLN2`!$r68AI4unzl{_mR43h{!8JSs*fI2E6nz8-^L{JM-7BDjkKac9IN5=j5^LdYlg*KpTVxtblsU<2 zBE_r;$Ed&8a({UQIWuQe3TX)X8_gCi$L|9MDvvFlx0|tSf_T7Fq#dD-X*%hr;K??C zWX}6y@Lc)Aw+6Tv4Ck8Sj$^t!A51*-p;PbPyDZt_we+-+c9n~qf^!;@E0Q{73}6m< z$OUOV^eVgB_g%IeWTie-8I6=ZqRNs0&O`yYdSt-h_H$aXX*b0h z3p-tG)KaqX?Zg?$`L|>`;rlED7Zg7H2VGE8WPd|h8wNaWs8NEuF z)b|#!BbqaUk-Y=vkx{HcD<|1T$*Mv(C~jRXVjPse6n$HE0g=irPWu$}4t?pGUr1#**21Cf)Lt@KGd zj}Tq=#D}7V44Ufv-KCf=c`D-*FP~CHYD2h?SQC@$lm1+G?7S>GT?gp1{j>O0HEy0Pz~x~tNG!>^J$`!jxRVQnthh;P z*y(_(7&IR@5zJzJ@WzQwXuYO^;`i$+9W!Dn^;n~<#zgeS_k-(03PMJzeL=ZV%lDcewYD?B~*M!)|L7TwG`nF0L1A4F#hLD*; z{h3WdP$Njn+5MSCeFK<99|f60>C_LZB{I4k;Wtq0|NqMu@{94N~-|LAJ%>-sgJyqKvEKEPe3C7gDe9H>+Ayv9#kYmIdWU1uGzkXFu08Ye6sVyHU9400oNE=)hM<2cn*6EDBg{rt)> zs@gE3Sb#dh+oIj{d_qNzD!d;DAxiNztN|7Am>iczfvKR@IgtXL#!MN-RYR=TKW8rR0MRB97GCmL3R^579P|=+T4O3hz!=x(pD-pq- z+eSSrPE7I;-sOgt;b>Bfq$SP@Jc1!2E2*hIfuQVbl;zq-Sr0=4j;tqQvvR4o^=cg# zrY8sl^LFRGIT13|@`~j$qSCz${M!?bssJxbh&>P^ojJfSXV5*Uk<8*xU?Z95 z^56$hmlu77;rRL7ps%(ep|k%7;D+| zO13oi30#Qnkx}`gG8s|fdi!R06qr!;6R7MdHmF)mtNzPS;~Zco1YXiyhJtwT3wSjf zYx%I3p!I&2vRQ*St7D3^GrbiYl#`!|EL z^5d%Gk5S1wp?4o@KtNbzy2kNA1F$yCGPnIe{{ub?msHk8v4H~q3dGYtdO zXUch0O$y2ar-2AtfcV)LW}~bwR91ENW2GcFA5N6m3{7aAFEf!3zM(8NfMGK8t!wy;D6H}qBy_eHBs+|Jtb;w#E}xv)f7Eo7&cFg=y>_JZa%^`pgL~ zQyWlP=LM6F?gOfzmK~02i1F6~iH-Ml>0wMe8kYBS0u^me;fwDNLgH_ai4);O)8nLN z+%QAm))4l*93hSEU1y!HM(OCNj(aCOP9H53S(9^;Ycw2K7J_c)2j+T?VB{W*Kq+S& z5oE}V2KvTo2AZ`$FgG%N^-^(PbWAdzwJZ0LB0y3l&D9DYlso;FPHF3)!le>fbR`;< zb!A&#`@Enm{={kkj4A=8MWJq#Gufg3@(@&6KG7#}*H`AJD_7V8Jf{N!i(Bi{ikb5d zKRwz_oAEeoT~{()n-_7k4)c}FQy8zAS3S2kP@1XqyHa3Y5ZgLmPl&6h@59jW)AY95 z9gyRq%BZ~fxypc>ohC1?nQcXS(5^?K?<&JZz`jOm;X6Q9iZ!AyR|*1{xx6pxGiSq% zv~7<(y3}hP^W{wY<&%Qa*3xGSY2Z9f?a{zHZ|ig8MK7x<_#q!!`)(y*b!q z>=hdm6%#4`&2wptP4WIkkl}mxT`^U4twOU-ZBPlZ#3qcyBi`FSd6cKBna{P2GHw!VQ%|N$jHjHl)U$|3G|Mx9 z??E%;%3J$I#Ga-H%Y{8!-F8L?PWO_03%VV1-x0UilV^TH5od-Q9m!K-%7n@;q06aC zc#Xdmdz7hY%J9BD*n8reTs!KTj#uIefLmx*zXyE#5PAP|XLUBPr{2Wqro|%xW2urra%(!22#WBn$pc zYP4$qZ&E{L%HogI7?Ta`&>|_wxIejx0R9yjwCR}WAte)5rh*hF^^G)!krKFSbw(XfT2;z8aCnht0p4Fs zh|ZTIT5RgU@_FpW^PP$sElB~_p zAABHrY%@d===vFqW!caJPT|~|+rM|fI8kTjer5sPVM>9+&lJ1Z#_*B9zRZ_@BH`J! z3M?%b@DZ<{OYy<{;u*tb99ctP3hy2h9w^8&WGVwny9)R?^RU16I|s?sY_T2E2R-l8 z(FYTWBL!TP0%~_jLtGw&?xQkEMDpjI+s{O?V)1N?R5a+iAEEn~y_urF3ggzQ)hOf! z?E5_NwfMf#es-|Wt9!Lvdpi-JU)Y-B(~=QL8w=-qny=2cuuwR^N(k{+t=NVw-SQ3M zkk+}(REecJ6E9Ew|Ucemp1 z?o!;nxE6PJcXxM};x5JAwNRYm@}|A#o|$K!Ip;lpB_U+xw-#Y#U;Fy({VgmEb3WcZ z^SJfyUCD?#_^#R7%GpNi`O%+~tr&o-%Lt|CQFdh@pO4f?dC!#}z{9ehvRR2XmnWHd zTc&ASgi-i;nM!U=f=i&s!gns--**llPEIRWe6Gi(5(LW|GG4tk6V2R&GQ#aWvsw#z zo32Oebi2ych3Duh^ElBShj=}BguOfw7VvGq3hW_i0pXIS2>d}+$}9A;!tTBn=s_ed zg_Y^$mpVNGtVHP*&p`$@B-(j>TLJb7{s4Od%7I_C7=i2+IB}=D>)}lx%Mi6%=s&v+ zXd#~?0Cu7n0BsOfz&grx0aR=4w^qqZGESrzWWWRHCB!yO8^E(jHLQ0@JjOE|s-e#8 zeM;!-yj(6I2|!&1l60*VVEc0`0I7>CAJR)2i{AgN7hOm|KL0d(Mj5&-4}{|k%#M1U zw=zqx8?@&zw>92qu!LFx@PKytL%6?$+0fmhvOs2$Q6@ecTWhHwA2%MGVIP~O>%9B> z5q2tmnQ~PSgLCN$k)le8er3S0G2L_Mq@I*6f)!Y~t%j=MT94)7&S?gwIM_>CvANyr zl|D9ZMIB+5iHFUn)|*Dv7!McnH8AW475B5p5rVR|V{zQ0mW7!g(qnEb=_v>Z>XB;D zy@sUi=PQP{*Nk*x3vjslpQwp85ewoTcJwFJsSB+q70T}PCjnm|)mc7bsI&B>$HkvD zu?FBXzA-Y=VX|BgMTW4P>yIxt(UDx-3&kWsDMO|*qb+TwG9%1CLdal|&4-weQLgjS zzNhS)quBW(e|D%OFThWYBu&(3b`K>dVbm(^Hc_qGUGfXyZ>NfMUO(>dfro_Y!G-Kb zO*%MD9vI!K+w6}{75{&*dZ zDiT^1ID_*|4@B|B1~jch2+&nY5tMov-m(9*g0EBc00^-A+MtX%=dBrrpvJB-6A`k{ zK#ai0W<z@_Q!{S?j^y_hdpAFo&y%9eIeN2SSrACxh}F1%i#meSW$Erokr3RP&|J?f z5twvY$?1nZ|DR-bq~Sr=q7(0&xut+RrniaWpa2aAqlNgM0kdqi3G!X+$guIiZz8nj z6U|PNj8ZclKo8ZHinL4Qnei=k?=o0YH{W~vtN#%*UEJkSs3q6+qa4sgopJ!0sO^|X zx}^fGJf|O7ZrG+j(VwQGyI|SFhnIfOk@@0WMZqO|okdjTa2VgjORJXI`AE1BH5idS zgY2ATz#7=1wY!!~(Y}Vf+4Pt2ka%WF2iltrJoMkH?#Kqw+_F2g{wX{f=(^8B&+h_V zwW1bUl9|VHK!m6NIGU0vQk(Y|x_RuzY!C?L1ra|ow__OPIn2~P6$DLtL?3)g-_UhD z=7?&jX0=3|_UO0qaB}h9n80{UmDE8nw2|-jWI`5{I=;KBaITI8G{7LpG7yfbA)$b1 z%NsLApNMGTuXJ|_=*3wqRJvqIk(#zJ*4WBm4+zQss@hoIRC)L>_NH!$FrRvrZiVoh zvxoJ(xdvXvFLX;Fu7=LQOzk3(z6;)cVYpV;B_Sa`B1R(0`_lxQ^4W_J!zAZvE@5f8 zBpt>D2|ec+X9wD+|6At3746B=Y2IrYo6FwlOS0)DSk+olNUp|g3eMv7LIztFCHf3_eXP(r}DVit2|>6$%b0iY(#e7u>{yR z3CWfrqmWHIh>wti?tJRQe>^0qw6KlNpw|3+ITtC<|D z3H$Esl*%Ay;dzus*A!)6RY(H+%k+9-H{X+amM0+$qLb$3oa%cUKJ2!fI0NjLAI#+AW8)Q10mQyU8UaYdqGtB}vX z*VC?bu?V5q>>0x!B$zP+A7a{o_NLtRr#8PfZkx93j=2X9y*v#D+oLpc_el@Lv|^d1 z!y6?F3MnFB1tr;R)|vn8QSjcE=f*2IR=S9nW2bB)>EuenetHH6+!xnd!| zR_H?QNT@_S7RsRkZPyqcwGtP>>z!VotD6WY}s0fmD<58FSx(X z!4Xk>g>mGjJtFvw6rsyAl7~?e2ah?YeEb&6_bt6B@s$$b zX8Qe^lC}Ph02zWOb?S%I>so@|Ye{JF#F%-`BxuMwUP!MeTk5W&XS(Iv^eq1}{&fNb z52mqRY`s@F>oGyVHmZdU{{WonNX8vp(clmEruVTe19^A3;~%ys#eUVc3X8cYIZ?B`!W-q65$?b|^u^1A&6{YxLyIvcaeLfhZF~7sWe+$d6ze9zn?}er_ z$;3#H9)BVG=#5f-5LUy@%qy}*C)8+|*e00R%5UDrYkZC%g+TA>q`o>sr^RwG1+@Z7 zUr1^57~U>>wwoIp*Uq`k%D(Z7ZLNuIWxNYrstc`r7>B^s70m=qzhV9J+Mwwy1C2jR zTsg!xTo0CSLnLUAhLi*Cw$%X-gMir}0)$g?jgj7rMmi5Sq%S0Zt^=Qz7{oXE+d0Db zVB@kI((dS8VvU*ktp_PQuzEW-(?A^T#oL{UL9kcZHXdX6kh^Ht2zr zo;7VZ_6e~LSs*Uhd1|Izrbwl3-`E) zTt?+K`PG;i{t7hVO^E(x66fX`#p_;Y>*gs=N!aP~`>(IDk<@yVObBz0VW)Za zm`RxdoV^rerX@j}A&LCPc@mLUrl_5mPh45w;wUe`cV)GQd&lk?9+qgG9EF+rj2it} z(k*RSXb^t3h~CZ3OtX*rzpZ!ZevqVAD5jOz*}lV4u_Hwd1otQ|TGzO8&*VW4>M z1yeP?ANG?9_<3c&T@DbrH9y3v>^H1`HWDt9e0x|{AcXcq{rxLpV_s={I|J{F%K$Dp z7aI9IPYN5yldi*+U!_Yp2y_)|&glio3zj-D=~)fH5X2H5f`(As_hF{!i2?rUU&9(g z0q>}Rdly+pi(3g+D$`oP37_EXyY|BX9q#Tj#>80^XIEWJTEKciuYPEdT&_mH<4a8g zSu4)lXN_T4*Pv(%B(Rnc-QtIHlMWWsEUfy;>SHs{`kBy#mcK2_aZr9)!b~=%B!pQ z((|0_m@pF*$1DBDd__TC(<1nGTXpt1v*q1!Ul*zdvb!VB)W0eSnGWs;)ZTg(u`rO) zUp+eIpu}&OJU33kZUM_v!9%((Mh&va91W+ZPE;mGnB_*G(ft^(qNow2#R|7$BZD2J zl)aHMECVr*Zlz2V9$~*6S!*P!?=>n#S^m0iqm4^BbRI2ju}3M_?M{i*elKP2dSQTd zsN!Li-YHB6;65@nyC5fLN zX%kX1L>*E`swW$5vot)^hcG~HC$w0T!A+=kbo(u;ux-?GZq;Y9l;Ccs#v;|vg?UaC zJqgioLE|uq(}}sBga=IRORy?GM00#}e)3SHT3P}{*WF>Kx^sPcWlwjOReO#2ppdH? zKWTG4GFl`$ar_1*ja1mVWfce57YKEl9!-$N@IcH;^bfNkrd5C=R>se0rM=pUpFW$L ziUA^mBH?I1>es0&Twogp3>ubvi~#zeT+&Uk9OB0z4GRq_h;RCvrVyX;{OS%uu6ar<(Y%bs` zMamhssDRHB^|ZU!P4d<#_O3I!tZ<$Lh-4)hJu|YMxh@~f401|_$TZkaUb)&}cy#V= zwu>8`?W~lA;*T}Lh9$!m5r#kIWrC0=Q;;q37fQ}3bJ9e_0;2VmCZst0spRXn%=Y=d zCKmFLwxGzMWUGH*gwdbf{o*SLNVtOl#?HC7NnP+h$Vs)dgHVDfNWtQ>GXruHzp*)} zoe`NKo2xFTqft{n$BE^x$KY$<6p6IEfv>t=PPAwiX-YrhoRX}G#<6a_WV6 zf7yKe!udS{+0p&S*Y7D5xSxrB@NAgk9;-IgW6w@W`C+_9cOEAhm5E())_2+Ghgf9} z?~CezJefKBA$D~mzH*hc`<-@1TG1`J1ql)tRQ=?rnb|W54!>Q+aecsgu(h4V!*9Ro z0e$F|AuL|80)Nl?31052Qj1Ef9FRqr2f+=p4AUb=n7f&l1wc>$2n+gQ!$Ew>{083) ziiNfOp?<|2NesD>Ky?=&H=e$t_+J#~U z!leYou$DXNk9WSBH82g?(5sZ!#fo$MSh_xFQyV1A)N2E90dw)&@J#~k09l4tt3G=! z_1yu$K~b?{B9L}d>vJQa_@46w&3BvwuQ%Yg4X@z_wBbXEfHu4d+5ejj zKLFgaK61ebQA*(iP^%LuLfad=pPTjZ^-&BhXUL8!0LQmL3QFqmASIbywuYX=4*^P% z{0&&g+i|=()Jzblvu>-@Y;=%^2g+hbmL;$;ik7U*{#Yias)iJjz5It9od%#`lsp{S z+if!R2VbQQ)6r0p;=|E?(=UVnpkLCX9RGq}8jtLAgQX&k8Q~5ioi*!0j8wGYs%6T_ z>ZN2PjzY0EkfN673_0=^=mgYIgPyp@XZqdp4VaIJ`;6m2J*v}eZxk}@nJula`y&8cgd zC+jALGQ9vPQk5@ttrj}=a|3iXAI!>U(14Qw>ZUcT+Lq=Rr4QtU_3&38=ekCpcpKzb znl)xY=UWnXi1xQsZwU})uGfqCDpI|{%r<%KrKKg=j-|8Z4b$(?KnUw+Q<>ii_6o}OX13jDT1KyJ?y@$}2x+^0Nh<16zw@(M|b zs&f&f&p`mx>qK# zYFm_M+})a)d%h1sP$85EvkZG-IC*j0gZtu`gOsEsVPd^b*q-^szV3;4^0OE_40Wpx z*E1OjM_cn0Ur*8scViow5tzuMTwdKBj1IbF4&BxNLHu+c_-`YVbr>Q9j(Rf!hvHE= z%5t4$mgm*1_!P36(6Oq((!15k<1gABrRbJY8w`rqw61|x#IABAKjUoaL2XS#FtOe} z<&G??4A|fV9kbDn-|clt-qVf@Pa0WAOBZV8@dmQ`UiZ-%Si-KTiAbZG%xskO2)r8Q zLhW3hj)^bD&mW?Axrul!l~udt!7WW^NiBO*`h-i_Z@(jafo)TXsKrB|fED!d$e8b= zPDSqh7!!NN!Au|y$t8>SW-M*z{OJox{w50^9%=kZ%Z)f3&>O#M%#ivWk-w1AbNgllK7? zAn_p7n_K>k`)s6DBh|l2KSlqI`#AlD`xw*qe$3h;8RPXy>vW6w^;O_@V1-BRs~H?5 z(VNkEa7DC{Tl%^H8v5)+o{+F!Z!}H>31uXcq9V91(|W=MwWGpBuM?!+C{I|wKK13x zVJ`tq6O89E89lwwd-4lTIcnR;)ZMt518@Tk{itvYhgqqBvRufOMNP2WsFuR0rZi-V ztBZ*&@6eNtDw<^EpyC#eKt_55^yBlCVbelI_Y~-i z7&9lKkjbHkC2#uQ@U{8hlPvtnsW1b<$G%UxoIuN;cT6Rob#?H$eeoIb*O>jLp*}^} zVE8Jwr*RSrEe_c%KU$ETD~gL?4c9PVAP-&$euK#ruG|>q5|_OG*$#e9g>tP-i#jf7 zkCI$hP2yv;FqhS&1TNWCo!F9gr&r9TxC&Q!Db4VAbGlfmkl08#e{;5Cb6i~{c)iZD zC{y`-exOCq9S`}Gs1qA*6cMVr;5$jUNWwjUj`T$cHWVG{w2Nf1o_>YX*hD?n#!!p- zg#yI$K0`c@lrS4z6T&7rM?Ymq?>dbz`hgIXS&N@B|6RN5)Aheg$uD#j$C9 zjrbM>T4{|ltyV_mG%MY3 z3&w7`(OtPCXIQlQCDC@sNwt)FFg3+GJ~QmJ`r>olO5spetx3Mb0$%-;SROij=czqG zrbI}RnS~IsK&iC?ZB{a1QuxHoH^=3@JyVv>**&Xd`|}bEp`hNPP!o#Hh*uRW+<^(3 zO!>4Lie;rC?KGyQbvBo|_W+m%fGmbdS&o;TgRB)1#};CgbtL6aiqdt}Q?5tzG z1yYrnRr2s{Z9cX%GvG^hiKw*BRi*Nu7{J&4atH2%(Qfz`jtz^GPxv&_NZa{} z3;R!x?6B2XR)`~IJd}dwdXB$Fz1)*b5Dyo!$Gp{xv6ly z$g9D5ZX6sMI>k5`NHOMEa|H32rWwofBnxxxdl!1;3CqkgKGI6ZG=+a@lwVrdv0)hc zxfM2>wrvym36xLnx;9?%u1%+ggy7M@B>P(LOELc8fX}UdB=kp79vI^fsWo*ow-4_^ zIYRF7WqL~*hqm!qiPl=A4pB~EB1!vFlWW1eyMDpXbl0;SHX?{E^$8pAzjm#0UuF)V zh93xcwV!Lg^?eC>i9C*pxg9pUo4b;Enk&AC<+QrvHJji{rJcm;f2NSd={G(0Za=QP z6eSk%Wep^2?!}gjxhNU`{=v1im+;3aci;(#&!tfMOI&3Jjo){m~Mqet3vKzwT1^L{k*;h;e7zU`{hS zlRT_d42`=K)LGM}vVNDlKdES{Uvhu6zW0=-CqiUga{6?iN&$h~bo>OF<*Vl75&<()>uM1l(OzDSWY`LK~RMFU8QDpFmi2vwGvRO=8iP1+Z9X7p?%F@!9}FL66?fo>?l@1;Y`i2r37j*(wCX zVV|~dXHSgf#1ACXeDm{>0HRn2?E+WS1|9J#+`hn8HDC0GRS+8Do^Ys{Jk>hG9eS&) zaCeF&8nM4o9G}k>S?|oz^7G}&Emu;#B~Sn^kq0&6KdOs5+~w8lJh-CQWeQnDj`q~1|E!} z`*EHkH8e^T=pv|v9P$Jxht!k!8TQ)OVbP%>HmITTYRbckta@~O zII_4OL^b+2@un^hMFMEb$Pcp7RIFlL)dQfk@pc3#A%G26ZQRb#c32RGFOD4m0cM2+ zBOaJaN;94&2Pp{jy~1PuA2gDjt%S2q?%}^>d>U@2)<0x?s4U}n#F`;U=OnD|5>4@E zZR2D(zO==1`YiI`iJFfUs#Dte+#!SE2|MH8E7Z$AaS`_#sl)G_B|kJHRbk`p==`OJ zBfbaCplvo~nv~tGS?VcqWal`${!0%x54MOh&K|>DG-FrT(wQXkgPE2wZR+XJTEJpu z!e^3IEvB**)HBtu9l3NY9dkuxZ-BqGQ>`iUDO7xqe1M5z!+Ja?G1xM6^Ww zkMdO(3BVIs0=t#90V>~?|5UzTlsMo*o$mKm881&@RcGN$8=DC$eNy#|9RFzFdhA%e zZtgzC%(~RHx@9u_wm|f6cvC8LgR$yCSCZ(>`|l+bv%vsNpkDOUqg z!0;jwe;=i3o5y#`RJj28z&hlOPycVgySdIk<*&ohZ~2>i1TLKS=D5EdCwt4G(ot)6 z*ThZ65K*xD4cbCT#pBHMmbE%}{sU`~i^pFmN@&}EpeR`XM-*kwn(Hs>z3%^ydY{^$ zxXviAw{rBO#L)YIn1`eLn?Na4{!ap>bMRjT$|NpU-%RBU?u<;DSWI@Ub(oVF<}rh1 z_GL)vnxRkoX2+xXzPDJg#iiLQ-;RbUQRtKLSLm2Gp|2W8=niC(8-tpV$hPYUD=#0BkZwaYP$zuv$6=#3Fh+5Pg z&`V&Ed;`4VE6P2M??-8uf;w#(v&En%hxQT<_)KirEu^NGjKYWXY3JpE7z{@ZdaMpD z57+fb4OFdtPFvs$F~mG1btFdso5@4-WcMy&>rJ+J6U8v6iBT!dD=n=&Hv;qs;-lQO z96mnQ($&w?#Z`GwPHbhmtl6w^b3zQ2takf5@JIWWIi-*L<$x3{X9lt8qe1MzrF!vz znPLWx@iKBi2hUvW2{KxA>`*n@d2&i1TEv_2}pftVN!D}6vaQ${S=mv?6ebH4Sy^Ydnb z#ZA|`Rn+b9k@Cvb+_aTHAHM%lD(5`IHGKdCQaFZ89#^NB=*#zy-#!vDcw1w-T_t=1@ubrObgRDtx*d!G-2l%GJkPRue1P7yKcM>#*|RIN z_xv*zZ!Uv?UWF=^%ePOv53cPH!Edlsnsj4IpRXQk!CG3+;i1S4UI5@J3;_S#Cn8JE zCGPQowHxUy{q&ZwW>)}^mNfaL68jj5=&J3_{Y`I;E{N#OJVHkY-6;7;Aq7%&eg-M}j? zLwN>ONWcKkg%qHZhY*l;08vQjT=oNFU19)beY)ovyIdulIRv!8e87XSk-ozIAV!I0 zm1yb&2HoNW5@_@bEO0yyBoGYR)fIXP3>pea4*1hQx1vwAM49F_bbfZdtbY6ibu5@S zJPjgwP-qmCPH2?pTci2~ODpvl3E#$GR6NvktThR~4 z*63YDW=zL@Z0K+mA5H+xSEu-MGnc)P%j8{v=CIR{*n!`Y;9^e^>u$cOAOfwcI*hIQ zOaY7x>sBI-pq4*+1tg!kDPGC2i+ZWIl70?MMctSM@KYP2Vwp>ko_Q4Td(oKm(1~du z7h@zlHrQLrHUAQ8MknRc*MMLmVPvs&rL5c(ow~$_orQ0FyH(wvD!Vt~oJ=CvfV@(6 zddgs=(i59sO zAZ<^}aKnnS@HmNA&x*t^s;(B~D(5gTEj5z_G!z)pGxO z2oKkut6=|KQeGANM?@F41>QGH%+n+o-BD4_3i>_Y@vdFp$BDez4;%st=1E}j-Q}NF zYnpBLw3Mxj@E+*494KcJsSY~AxMvm0Vc%Y~YDtnodI=+0*+Q{OaSEGpmt5Cls##jl zA=&U)$hccne@*3_P1{^?tbnfk@_g{CxW!gqlvcpSE2-}aH%3(|Q1d#@+A)Fvc4D?P zwcicBb*91Z2K^+g`Dl68S>GSp)Ei({EOX^Q zGXx1hCAd2$xZhFv=sW*bR&vqtC7Cl*K3H3q!JKzWrm`f>!=jvhpR#|ikz}S{WjKT$ z2KGxGmk2P7?{_IL7nV?_b28D@3`*r)LveZPkLIprYj~{i7G zoTk%w*2lIn z#HQcS$n9CT+9}Qetsmj>50EczvQ(48bH9nTXc|l7e(7^r`}8xpf|*euvSaY@AKGm71by|*&R=*A){`AUXo+A6l?5vLWbZo= z+R<@UI+gn)&T?izNFqWBda$(KN|r(6-|DOkTj(Fa zj1LOx^Or3pTG_bY&MYBx%?NeQ+TEFN1S~h$uhhqi8K_sKc4wZoed-Z$~yfQ zu=9V3BX(8r5%J4qFUGlz7p?rxBYHNXB#`|kcIpro=zpepoym=k@0N-kSp6-{J}dyG z+4&brw`6W1HstIQipdy;e?v*2V(<6A88sThRk$E!0XSG_23& z)25X^bF3nZd6H)FhNjmXs{~{PJ$i{Bwa)z$#Yx9!FOUyvzR7HE2CXs?re9d$*YpH; z_WCeFUlBO6Yi}$~%j)Cr1}jb z_`d#VH+AkZkU$;@Dgu=eFhsb|gJMOB$Yh!IH@Ts6dR`*(2C{gVj&BisJJk8Wp>Y7A z6{T;Yc}8CX?S-fp<;6*Dw5_sTd?GoMs3RW|zNGn7k@_vpU2oQvamfSu8EBuBd2Xh# z6TP1=S*Q#{SS(oF@+w+<=N>#LXY>Q14ZV|P2CNr`YtOp@7IZDVDG?FeFsTXiI7c17i z!LoEUM=8D0wXi96R;IajxMj*>d(YuHAC+UKBbRV`PoT3Lc`zDnDjjo#Z2NcsL9|4? zuQ{PCSS>mV(e{yy!DYGaV;YS8dsSds+$G>A{{)=+`vQNUu9uX_o7Y-JG*Q$67Bb>d zxmDP`6;FGD^AU%mh9!Me?BunAkZnp>Z`qz7r*k7Z`1U-A9NzYPoeYc|-Z&}L?!2Pc z^IDOfSOBNSg8pfTy2SB&&$AUj9^ss^qvnwc5b;p!YKCp-Iw2U&5f=9m zK?KebSe4iS?SgW;LRY#g%^bixPN6u3Z?9o(qvVkFe}GF+W$9*+_g}IhuR-NZt9? zOav8zQCXCy!M2>boc`A0cTmT&xs)v{e&!NsL#-AJnT-1gt=IT(1^zds(qhUe_ZFUN zsr)v~cpN@3kqon*JCE7ao^5&^al2TJ06dI!${^i%^fV|z8+YMr4J?)g`m8|7iU~iis~MT? zE?~@1mUHEOn^8g8KEy*cqcx=~oR~nZ>Z?jwNxdnWv*qNtyR@K7SV7)X8g||?8PPJa zjg)Y;Nkcj5qUJ#s?O$-(u*i&5E}nyRA|&b;2%{7zgA_=;Q*fOWAett)2t?Bm%jI4L zf;O_m6vsDZX*}EK!IXBu;)5g;uoww#`FNrZH_N2qAxqHSP*o!PK@^)x#pIlR5V`P^ zyX8Sz@p)=sUc9>wy1)An6a}xpk>vYA&2j3K`FIGug26oSPX0xx6~)ms^rFS=&Z)fn zB)|0%-)GY@?h!uwC!RG3tBn4WP}2hvYP4XOKQnHH-(c?q+6e@G<}lTqyaMDbgctHE zlkl)gAHpXEY$W2&N{*lqMeOFDByK@*{eo=g?-c_CDp z&eD=!@c|o{JRNI3rkENKT60QE+3(|4YGS(*6)z4v7S9h)j;J4*iw{+jHZzOLJWf7f_x=jIwe>y_$J^M+Lus_(#4_Zvy^C(P?^#t2K5MhQOGz&Bl(Su)9t zMW)ub7c1}|#)|V7X2u?(x*nh_;&f~;qLzDvt;xX9q+k*)8u;$c=n>Y5W@9#ARO=zA z0r`zZiWf6G&X(@15uZnom?7u~)-M|e&6Kb(4=Ky4;72TtU+YV&D_KO+&E@%H8udy2 z>V{$?GiO}#E~ci0`Iv0JOD)XCyd7)WL#kDX8lswNp^=)_Q4%#qvc50=BRIrjzt~eT zR8{1L3mS%KWO1-okc)*D)3p~8h(0SR%;%@hP|K42XkxcWSYQjR>`^p(R9%AD7^S+W zuwYiF79s7ZQ%OYGSWuY(Q-(;T?ok0L29i87e@LEkKn!%PDv$@M$~Ui2@X)5U1aS-s zgquLuul~*Q=moSHmK=ryVTy1o`IJyRv1S6#bZ|dj;gdo~@`v58*QCbUf!)u1#AA7s z$~*W+lCe;8Jh5MK$x<*7b>kh{azRx0>{aN?RY4t8R6OwF3i8*~CFF`IvCqJJ$jrtV zR_aA$x?RwsLfb0vmLT#zNeZ4RU>oFA#Ds6PNMPI9uPg~*&oV+6NJ^mK(b%(6%`6jH zK^{ahgc~*d3NS_ERdwNE3ml*{B?}zbr@G@d=nW8;IEjQnCycL60FZ!)jd{Ui!Z6Nu z>ys{PLB%?85K?XIK_-GzQUUX|wEzXBH}}ghuypi0QaVNQiq{cbg>zm+ghwUfjd_qs zVk_AiB_B^!l11l{r7H`~VG_NNr(B(D=i`>cgm1}fotX3`DbZV=k^^!ukyCTlL)N;S zMAW@ME72aNE=F8+Ig>3PvPsr(mfW)F6lTTI7y;d%@6Nm*rcQU>DzPs!m+mv=c@O7W zy>FAJVeL}&h}VnzJNvNXX4G6#mX5EOX++)6qEKJpI-A*lfFo|W=`%g+lOWAmv6;Wi ziGlWxT3|t7!X%gVO2mHmj{`)4>ysiWTueyBJ_3A`0F~g8*p=Y(Qn3-GP{Mw(NN^DO zuy7D$1NxMde!v)5u48@=BPK}+?` zHH#sIm4#q~$r(TSFaS>)5SiebBr%Xpf=S93Tc{dS-x3PXP$#Z>Gni#CHKu2?@Mt zNE8NiMqFr^UOU3}9y62z^d^MkNuZ){xUX=S|E*e^((*dJUH z(&|w!EEW(nh7@}A*mAXI?~(nX_fgKtzx{mM-Q}GS&n$3!w4x}%rixhefd7`Pg+~9A ztWDJbI0ms&4dtxBIbDuq%P0Bz!~6iY+5~(QzP_d^U}~BR8m45$!s?A=ZlF#}_^$z5 zsSjanlA_^66~qU-|FHLEzj3~D;^nRSjAmO*?+HXDV2>)LZYyZ0AbiR!- z@v&UOq?jp%huLQXg-_y0Yw`R{w#C}{7?RxLwl}K_vE;($#X!=BtXA-jw4S#15$l!0 z>r0uo1V*gX|4!GU4keG1La>}S{f^jnB=F(XAFR_`vEjtYmDjD;ewAADlAry7&y8ES zM2##_GiLc}g}wgu#AxIu-Al~-7)91Ht6PUjo*=!`C}BI-cw-~P5F=iJ?VJz>Q3=K6 zme9m(O~OIGXw2}7qIh#C^s#C)OhAbzi|%v;5ng+8A_ViS)eB`+qKZNNqHWudOYp~O zx)!Y=SDY^{NeC?}I11xuV(zy5RgP=0`2bjqcGGRd}24S`>*oKxnX>_tXI^!DIlD|VS zzowMJ0xju2vRBdAq_+;r?#QsF_p$W<`+VI-fc<;EZuXzsIQKE>_*NS2y}yQC%}-A7 z)?wcL>2TuL+A-^NwRqR2ow>$F^&DkR{y;H`j0HGaU1lHk3@>Mmi;{y49zE#`aq+t zk82H6*HiKSXDGDg^|-4zM>vZM3yVv~1YA7wURA<4;88F#7)h2K-iDeDDmM+>g;IT~zk)GC3n7|$#q;vGf8}C?4*$-@xP-=CO&>YkEn=JYBYirO z^m`*XV!h6Bqc4`zN{G~ifBqCdNVP7nd&QhU^goJ!0wwfH{zociVc}WC-IPaS@%4A> zPi@ri)}Q$D|7`s^`MdQ;pd?HzrZ=QI0aDKL{GXMLH^9n9 zhMSY{C*xA+Z*M{mnn%um79a&9D#E}8h%lC7P8HMW1OIGkJo+B%cZZ}gg$Xm@pe>F4 zXV4CqQx#b(khJ}K(C+_x(3UiYodXWqwZK7pdk{41bUvRitLFDY*b1Cyyd+XcFYq7=;_%h7#h zj8(`oWn9n=q+fjtx?|vyx#9#V>XndH#Q9KKM1UrAw8S!7idM(9ju6|bL!M(0pYOfBi-5-0& zC@2j$u{n)>Hy?v6@6{$Dm;F+w=uT#Ayapo`0UezckI|CEj6^&qvcxN148&_x3lh;e zPxPssbr1`LS;G?eRKH~0`p>gL1r4z|+%e@c2^dKV3K;ng-GN8R>P$n>-u2XBnt=)! z5?cxw=EKISQ!x?NDFN?et2Rgh!t6<#r_EN2NBy@G8)VT+_xRz400kxFQB8L>Ji-@@5RugU9l8rK)-whIsg$0i}YCo_=4|Q zB-MQzuVY~hu=e90{Vr7B-m4MkAl$@~Sy z!SaY!Betz4pIFlJn5@5obUEU(Jdsg;Gnp)9Ovgo0#T~bup4O!HOiA*qOVmBx`5EHQ zxKE!|I_LPY#R^=rzqlb!_@f)Eu@k=v0N-7lZc{_w1edX~#AQU*y$m^Kw6;81I5D$; zvrgE(+f);yErH&OwNL0?|8}kCYfS@bzdj3d_c`9C!fDNt7VdFJM(F)DK=mW8U`jNU zDPgdq5<13ma7t+}o3VzSO)zyhJEI(P9_G18P}~}yfp+C1}$lL3C=S$*Xt^2 zIjzwFuP6jLlPht~jLK@^X|V|!#bpCiUCQ-nQUQ%O1H=h?kZGlcvDKdw=VBQ6d4e)!|}2gb$o$HEjG@Yd>~ zk`ov^=FA<2Sav)yntU2Tv>(&P-%MU_QTG1j~zDi{bmMXGRW=C zZA#_c^-1-lG_KvEHUpMFDkuf=*7;e4sEYl{`(uso4x zSmM{}+*36tRrn9Z=#0a{riqvB0m+OBd8j!`2Y#l`3ONHVy79qRONFhDlC3+$2){h` zMwzG%%%`k~fM?DcX!Y;knK#ceZrdCkoG`x%kAp+hLt!c?9?QX%n#_X?-@ktc1cdB9 z;IDd%wCRK_u{fzoLEBvC!>;d3hxN*KCt|PfyY7-RXrcGWW`DTucS>NG%$-$6^38ei zejXKuOd=*SR#2SdFRaALSW^ptqwc^TZz@~{o64%xnwFt>AlVz06wS~VqzcOl=Ad?=!JRML8n#wlJ zW3AiYh|DL$Y`y7KZ^rm#ANXNe^n_{*LJFWemxBrZ-4%RtFRN_HFpbg$p@Md105LnQJQzMV$h zgqp*Ob;@|(akVD|m|SQRo7bITk47N{94C!a3DMGO?Q#TB4BrY1roGy+97(l_RmjNo zC1iZ!SQ(L|MH`)it>H8xn+mq!wCX&PM|Z`tJjRVVRKyszDo^{zp&~exHnu?ekW{QHq48&csd-w2e_bU5* z^j^(z^sYxNILmv#mF=s1gdc)CwoEA3=(ruQAT*5SsZNeyikk;QLi+*F%t^mY03b(+ z#xp*QmJk6dgd!#e9HjJAjP0EI%FWJ?JTL~N-4h|L8PW@1C$%e5$MOj?M|+C z=UJ74K{S(E5WZWgap$TERQRfaR8_|VG&is`t$|M{fNDZCrgs3UOjSWN={|xsQrGP1 zez$Dm=>n)9RDt!RFCh4$184whfXWI|fVwNB`Wir;ED@j%QhP`bsMJt}%BX|&J-q^3 zVnrAQ+ybvHcd61vpayuNeHW-Z@Y-(MS#Hby;r@CoOD|BPp&F8*i@AMz)xY#Bx)cnY z#ukro8TgV~Uwx2Xd<_3dzJtxB&|uV`EBt$myS8y#ha|9P@IJ*x47|X?s=a(CM!ty} zdkHiW+_dcHG`Qx=us`&i1(2SL3u6P)b7dsi*qoU~fFWS%foWub_?>6@d}5lyvh3fLD9A?tFWqgsG_uYVi5;nq;$vR%LFrl!B~pIKQWV-ostMh?Qpo*JyaHR>Cy zG31R4$Sd{TwaVaB^}t8Kx>MBwRYb~`@@u^M*sa2a^}pHXMAK8#aE-zJKQ*fYU{w}=olvkNYRjFv5uea)MGlEb-p&GLRSc(O#a z%E59i`GW0Y(Ka+hSsMfkkCCnq&hsCf6S@ktU0{tAfsv`R$7RnKS5r$C0smjlZgG3y zk{=F-{0-#uYSe}F!jvf!)`m0o%vPs$$}elC=Od9H=1o{QF#ibLF@K-f{1dq2OIH5> zsG3Y}{I$VQgmjMIR+DQ3{o@VpL;pV~X8VI3w}MPF{%kO`EC3AMN&E_hi9t=f5*|`mY9&np!z8OwhvnCHuo}r569cAs|Z@#%qFL%+GwX$@X*g+L-u9!zE z)VO3VqO&KVQYoj<<`f!l(n@5AZ0Cuk7vm|I@`%N6UiL{M7Ll6V4G+WTNhT}{@e!mx37E51dO>Zp^P!P8p;P93^Sci8ffhFn{1k6 z-2Z3Vj&zMjPs=zm^2IO_viw~@RsBf#57~@3R!ahqO;7~+Z0i1z>3@(-1gBnxI*41R zY_A3r#>K{y7lN~~0z7egMz=2)G4a6Lv=R~2F8rgo15PK8q4ogd$>oZ#NY~=)x09U2=$r zhx3%0@FDi41i8%DIm|OAD$8`^`^;&K#XNuaynEP6IfsdJOW;(bPGQI2Dmw@cNMBH% zvh;a<*UOyyJgI1|T(GpsrhrrN2;ZVmTGE?&y17xRXpbx4{~7%*nO~cYnop$lBUS~F z#2fawj%_~ID%aCK9B4!Q6)~c)+N*NlPC>~hgr?ooqBCsNmSR= zNphB_bI@AKz-xyC@oLYuV_xPw@J+l8xt1- zUMr@3##GNEx|cc7LZplC7(0bPZ8H|x^S04Z>D!Z+m{IE}94*llJ=R(!pn{Y;VEJ8@ zr_)h{#7NiYQcF@xE=6KGYCee2C;Q6>^1Fe|V~XEN;XcH`J+0qK5Iiyiw>zvQEio@y zQ#Tt|ldPll!wpZ`2gH&C|0d-yeE1D5e9X<2&Za{$gjqE{FIka~ldDuWvRU?J3&@t_ z2z4&CazZ-W(jxsP-UU@ja z!v1PQU`>ogseQUSAbi_2yEsYEi6W)!5?9)YPtC6pL0pQ_PrndKvH>FoW7+O4n5#pG zSuU!|HFBE2muail9IrP(<7>wloF~qB>xCnXybA_y?fx8LwBC4H_Tan1KZe^3&oS6bzyZ&Y#OkACQ~`U9eqMfM3(uFrB%qJthN|b^4K( zkaj1>wP3cZFnYn!k>z*rP2k!BU2A(uTLRYmqHunDsSCN=d8G`<`$91muSmzkjLJol zA1M0b^77DeVCl`i7x==Gg0KBEwZ4kr{k0qd@F&(2z>YzJRNJl%rh=XFe>2p;yD&q;ODT? zdk8EdG2qizh*Sc7(rx-vc5L(HX!Fh*Q6EIS5+Y6 z-5=v0SgATsbWnE+TiCi@jS z3KIzwHK;r9TIB?<3xbp0Nw(Xo9T4nvbqpcNKo;%#rVvn-$*!0!55Pv%tEnhsm2tbn z`4Hpy5b-mo?~Ua+`;{Q_&9vfWmk9~YNGnlY-qB?65m$o2>jl%97%~<*=J1%-k~2F! z_G>2Wl^Z$ShOHO&zvrUpacCc z6Jgu9Gv6~{9?VD#2b?P}W{g6yl{hzPr4vJX`lId-~gf5-DSZOHQCE?hfVVr<-_a1zK`B!nShR&hfXJun`sYmEhv7 z*>hwp4Qq!*wA3&<aH(&NL0oG_|sdydvn6uN1M z&G1;>*CP$e$kbSNv7RPks%~uT?H<8aN7Jb^c$=S7bj6e%Bh53nqSN z=p333i?=q^sjSsi)|u=g(yeZ+;;!lbsqr6(jLHTEO>FC6l8HJwBD&VQMb5~E58C?mL(TBpn{lu_8&lZypYf|-|Ht^1 zNcEfr{{L)kRt7Jad;QtkG=yssoJAqM_CjBaz7Q7R5MaR~Kh>k1o&$Hkf~DxP<$Oh($?Ik4 zi$l@6G2r%1m?+JTL>m?z4d?$V`_@Sx{MW9pV8oxUFCka7DW42L=f{30DW4$4HBPi0#Dc{UQ2l)|XS)A8>CEcCqJ16VMuVwMdhA722MDv%3N|Cy*G z_WD<%F6?)rjve^#x^KPg@4D~tH@!b?U+aYmk^iat@(-`s-!`z1)Bw7^tT!2et}hNP zBjzoj>s$Hnt}jnZ*Bq%uIW2juUOdRl+h}F0M*Y?#&ldNjW1*4D` zgG8W`4*^x>9bs#Hf%UAgVOcIqbrL~T$&~V$;qgCCGlk0N0Zucu+V}i9&9v(HEB2?+ zY|P)MnMQ!F|31wWv)gtLIL&kl*uHYg-QRChsI|$>tpz}@*TwQz?!nX&Gyh7$tWqyT zp;XWTSkk$Y2>|j!3JFIlIBeEOd3}?uV~@I6%h3zGXejqI9`r!`Yasj)JR-%sa+mT! zKp<#NI&0>4M7YlVe;e)3fwfYh8h%emHrxhe=ixguX1UxIX` zDJk`*n|-TWA6%==k;d(Z6?2G46Vx4&mVhKva0DLxlvs+->z)Y3X^kz!X9Wg~kI%>F z>l+V)Ag7#!0z4xW1IoJ19{D=6{`#@v@p{>0Wn|Of^Qw@ueuB&?`!z0}YDk^)b$$Nw za&lGrJBiuU#p=m|pRk-hQ9OnCfSp42ls5#Bxct{ALXA3Mx8?b!lHONcy6#?Gy4|Cw z2QZkMwSnO=JVaP4MA$-?O+z0S@BWEqSb{#n1&5)U<25(xk$Q_&&c0lRQi^)+Lw zHdJ*CyDcjpd6TrVm=a`p(!9xI{`oY+B+<+w9M5rF7wnbSPwY3tYsq>?>@^6w?(2bq z4W;hR;8wdNnz#6;>tOR?>9*K`f=2F`eFTAmkRf>xJ96<#z+cp}Jl1%b0!6nj!C@Cp zP5K1}8U?8m_oG$Ggd}}v(Y%g71ttP(?I>F2pK+Qi(ei;gylHs z@RM5iSRuf33vwy)g}FlB$er?YB^nkE3YPwA?hFuY`DpTDO5_1@x%9|rM1(YgM1(BG z{Um_e4;e^NnhqIgZ!^>YRc1YZKY7r3RsVxNX6o#5h4kIqa zXNokk-jPf56kc(|4=Nl^>!jihlVJS1PuWSLnlA8eRzbXsW(0E%`nb9j0pyZ?h*J~}{Rax!W)3?r8{JBT8d#z%hIB-aki6R@ zNMc`jhkkU$@ae-j83lJd^yCf&AJ)j)QAZH==j`|r65)2%^zBu#T52rFSU-Qbfb88- z^g16Z>ZMcUtTK)>Q{$1(RQT$j&O0mo-N^?^(TPhCHqKFIQT9dlOFjkUt1E=`$yf!iW$ z0xRv!ajuxfU=md6x-8Yfjy}Dpy{*jk-k4jMrzrPbRO(`8us>+F)Un4_cmKXoHF#PE zH?O3y)Uu}1tt|fSLg=}v*hE8Xn9Rq$4>vsvQj+TSO6Y_X=k~7sYM4@vlpC3+LmO3n zRp5Ne)QjU%L!?=he2&^eS6i+e{sRtNL}kgNGr}=m7K$crvGXi|R!2Rsm87-n-CPtm zyUjQEEqSli`S{t_f&;N%kKbfhA)>9}$KxOk*J(Q7KSx@QmvH6^meFw=&+#MFhZh4z z=$5;R_o2?uwm~R*chXLSCswu-sxs%_Zac0-2lwP=+yz z5mA=luie`z&(>j*tkePE1k;~~$rZys2|ce=|bPxp1)wLeaFL6pIK0LzL_ zKOUAHI3!UPZx6Y!r>?GpS{mQ-_UbY7fh|s~^7rJHnp6=;U>7AY&NI|l=m=Ak{Kq~| za;sJfGGu*o=?lGR@?{=6x44}p&az?14%B`#VrvBLbK%(z!3*pUnfaQ`n(mg;vlwX8 z3kScuIGk))4v&Xpebjy`wK8tTKgcuBaE}=vv1U!`9%rU0d5+*zbiKDN9@0>CAmr0O zvKe8OH7vj%JQX%V1>FXqpfl{9H73)lXbr7j!b4ZL)}XvJPN6O|Wo~FN!$#|<1^BDJ zfRFpxOmdmXc!@OlaIvliZ!T)I6_rfNN55b3ZPJp&lq17wq_^JdgL5T#;WgfHA!2U{ z2g+%1H0Qqs?XV6eDriK3S9imCVc~1{-CT^enh*J)Uq)B0KFWIm1_@q=D~@u>kDGc|UG{cyQ7 z?__uEY7-2fj9x#(w^4W6)8orE+@`w3hb&b%&qRoS`_)L^WZnq%9Q@KXq z9E3q($caZ9RFQR#>4-FE3_Hmph(;)~PUwKH^?1*0%f_PbRD&R&oQ^#hgU&+kbw>A# zY(2!M8j0t%XC{RM>VLU0iZ-Pd7;<88udrN;_Q>i7*n9e25I#v6DOsmSa zzk6z1s%obNy1jTS>`BY?IGNy*S2$mR31d^D5$2Bs22-b6+I#nLpf*r_yX6B%zV+t% z`McUmYhFR)<5{r_2^bv&(JTPYW7I{T;hGW(V9#o!csSl1J$$AUrUF^dl^f>gMxv|( zqFFbrlQ-g;#OaECOI?^&fQ>)MB&iwJSTP${q#v1h+FQdph)KIx9>ysQt6RSTy{enA z8(i_S6WQ5iDB2?*qorgtHt5tvW@9mBhGN*k1IG0{|^JU zZX9Od@qBjI0B~O2Iqv$0Txtw8A_>Q-;B9VZ;H=JP%nKh1frgLLEY7A6W|q~Ss@0Dg zL8#S_>30>Ou!rt-1+$N{6oi~#@E1Mlwr^SZ zQi4*lJ`jOkQ&+MH0V{SZzz#*-!~RP^U)~=+r2Vd2aN4b#+k0C=W`vE|uI1CNSXr-? zSX#N6yE>99gteW$h3>{E2)^qm!nf%tAzd{*gK;M2JcCWp3MZO+k8md)rZCusAEGmL z12)^A3uDnHXx&b!Q+0H^s@rr*wZ2}mbcz4iAlz*sOTUXOsT(~fXY-kAjqKkL-{gDD z9KZ=P^-4mRX*=aN36t2(6ggYY{WS9uJmY=~McYpn7wt+Q66^?1)30jrb`2ge?+~E- zas!5Trl~GJ@8Se{l=4Y^J*DSaIvY2=-G~rssXeZoq>N$h5QV(Mny?B*1}B3fJ%hsr znl@X_Vs<>DzV+@TzNzxpRhiv|`ld_-;BvKGC%YmN0cVJN3X6^*m#>{WkGcgVc@}ZU!dndP_xCGiDOs?lTjy8?50>i} zk1@0rJozVIrCZQWdb!RvKkjeTro-U_AgC`LIPOZ+yonS~e#wfUzvEVHe#|qrk!p2( zoX}+Xzh=+>h-4MmiIQ_AQgkFrbPwOgk>Ag{3Z+oZ4Y!UebJ)jp41UzJ~F+g`ax+t6?^Z(qFO zzjwjoHk%B0$--p@1vi{M{`fGE@4UoqM5(&7iDMKHlW4C+)^(MKWQ((ZQ8T?vc7Nxox$e*|_sIJUi> zfpB^B@-c|fDY@dv>SDm&zKkh+1*0^3NP^-P}v8eSR1h%-Do~g zp>o%8K;)j5K-LYSyLwSU7z9DhGHk;;sQBlp(%DERSk#MM^#F>LzIG4&$otS1wnWIKHFud?*tmn{f=Jme!*%=Mq2N*NjGLEB-D^6sgu z*$E*5^Q2GU`DV99!w?-Ud4{k@UG&Y2Rgr! zT}1$%d^(yicxz92j6aZHO^Iao!bg&pye5E7Wk-P?^-QNm9z2RS;MJkWb-zz zdH4Ofa`UwB|KL=X4f_(Xc|u<=L(|q7$@#X<_;H5(Q$rH@_AZhA`Qy4;Uo>EOg0DmK z1(T{1wjcdXcQJp)bX-Dkm$*@OqI;Jylak!o;&kJ}J%F()mTN#P^C4l<%i$ZsZ2&nS zpn{#2H$x1gRmX;ID|&?`ZpjL1Hj&dP?+@o{vrwu=L1vKY^~+sGy%}wCg+O$02;h{+H8?uNq_W;4Oj`&w=Hq}}S8D>k_#!y)>$Zjq)By6a>RNJY36g@q3 zDLsiuBeA{7!Z`dVXz*3ylkn6MX&29;A-O?=n6`H_IrH0-(82) zsgD#Yq`yl%Iue%3lV^$_%@PuHauF51;pgKmf~}v!(8gBA5V_x;N{&QNBgIDIvSPi^ z<__VgmZ>u8gjbs4QK|tfkFk_-=ktDrs_T4e!cAGOQr6~72m4V^{6G$0*vz{s-G_u_ zk+Ku?(t1muA{DByejiT?ng57;rny|S+)O4|fQ(7KP98tSNq?g%sC%xZtlJ2Rzb&=1 z>Z6eII4@W@o2fdGtki?PvfU<`9zZ;16h2^wkt3wM4QH<-EMKe77drkn!2X2+IM6Ef=T#mWxNv6;?&76u^-(!q|{q zTuBCvTcxG?%Q{%N;BBlbI<(b^?UHw?Hg?n~f=xgf8>q6i(ldoMpq5s&U^3dUQ`;zQ zl9lu36JvunGR*qo54|UT(rAdVY$u?(&$y`TB|CV$$@gOo8~$d8o8j^rI*kUXd`qxe z&uzutR%~U>L!-^XFHW*53grU2W?BatL`2EnV-LhJC@EQm&E>Ui=Acds^URkI3)M>g zs+{s&7bh#q=ztRnS)ntr0D6eL-HnWmeGq|a(&r-HyYN2u%p3b4*PQ7 zKkLz{aCV=_&56V4&ee6CT{8#6LMJmT&O?mG-wNU4b$uWiLAUgEX-Q|NzHq4c(slGN zl4v(|En`Sy^e>Va0IcOY&l>O+$E% z8O{@&AKks;*~c4uy*aO_GtG;q^PuI#KXWOHj@nrANt{54abne!#d-4RImEqL_jepB z?)JAm4sR#GjFGxdV~0Fb@y5D~_1NHpGoxi`*N{0gXlQgt?pi~@Ok*!UF~8!>IRj%IU|JX-X3LsM{>J7yOHgS+o{Vc(_qh8c(2(#qL*yX(n;|-z z*5^!snF`InZ^|66ed{$lvJV%0k1e5EBSb0K*6aE56fCKG%9!_SuXTpyzG-uoS=cGs z{@w@T)|=iL^U?iH1;f@qzB!k04HzW4CeisJG~dXflnch8TR{ z%r$wif3wC4`YIz??U`rbNZ^B1UDwz)4aoU4+E#V2X&r;p=9Ks{9J9TBe8>={Y~8a|+8UzI-%+sY;Z*00<)!jCx*N_tRw>CrLoo)131rHPzU=R6{Ze zOg>Fbb1G0T!VCEFvkF3n(`l9jl$&66j})O-T6qshuUti(e8@iuBW3Gv!bq(4H(?z4 zZ-gr?R-BK>jRc5R>P#oTkM5CQ<3D1b*6}<)E&o>k4CXY53q3Q0Wu)PHJ-`v zVPY5>JW=0f*EsbDQ11(AI=sQ!4^TVeVtq#(Kl|@Ue|fEQ6gd!d2Jy9B!9WmQ={PLi zlw@=SBc1HT|8!8^pOHfHN=j8%yEI#?jfO9r{sTmVNQb{sq)DHQe`q7}$iR|Za~{SD zLE}Nk(n|H=jlu*DH9J3C1Ky^n^ zrACv`{DROUtEngTm)bk|y)nX=C4WR#1tx4%M04&!q33UudsA zK_P-wHu19Ok4^Xc3g1zWsXy4Ay*bMYJJzq9^li2>;+m&7e>PYgN+h!(JUZA?CF`} zJaL~UAU{aqM5Gn!(!U(r#!;ZZ(2ic;-;W*~HhYPPQkdeAFAgG&6s~9*Z`zOBex2#S z6E#G1C*YqXulq3~(u6H6J?RF#sMeI<1Ls7$D%qN|^evMGW=EM5UhY6=PvgdE z0kzQ6fY(&2bplZS_!2rWI0&p#nFdfK16TVJP`8g>PM{Zf!5EoT0Qr^(Rep(bk44#u#HZd?v&uAOT;ZIZpipB zza%$%mt*frR1oLT_JdQMnSZf7P+~(aAWS7A5@k)0v<(H678{`)4@IOVuR|0KNY{g$ zQv0s9UPY-PT%UKhFLy8q;!V>aj*EDHraQwYrDvS&I^Y;;)jMorNlf2#iPFdEA#L;N*B-c>;9$6_MXVNBts<1c_eQ8hzQ9pnduf+3DEa1){lQB9mE2vM<*O25`5 zeZ$x1?-xL*B^y2?O3r-L)8J-Aro3<%d~+Jz4PlOYZkyco{0)u9*OjsOXX>E2bJL11&{%Kb&E*>UFB^@Y7B}tR3 zn&y|6D@WBvV0P)@KA#>P1NebI%? z?Vc;V;FHK=P)GIJk&*!h^JN#!^ycw(l9U)GLCw=ci${8bNuEA-dVHF56?28j1hz6q z_SE?X_B^^=W%;VXci5iiL-3p#@Vw@EXz}$lS6OX&Yg1fx>6pj;izH?!)JUW;hElo?u+hkh@_ju>@y6HN1X;Nc_XA(uv0*csghfk5zls%Kox$lm}< zwZ`ATI8tCKDzAE*+5sjmQtz_QPD0NaFi+^7aAn++ks}MS59i5IYyrMgv4H$&q-@UQ z-F8DpkR`y?DAf()YOd4hBc%8kQ(|vpQ( zOc9IZ8wyJ(af_B5xA^ZA*00dc*d{tIsY?NM%0bJ-@1O@-z`eB%22;q?YE2hO14xS> zVMXrGBKT0?Qyy!(!|eTaRv^Y7ce> z#*(NZG)abrO+h`OMeBPhjcQlU#@whigOj0lwsYqyYOt9$FxR|q=e}dg+*in(b&N8& zd3o6$OF`4C60e%`@pdwak=2@R`rC5Kfp8*B3I)UAvqy6>8!G6%@5}GPbmZZIQKxh1 zmq2PDY+dilo2+Po)mno1#k12b3l4gtaWy*CW(^BI7zWI-DSn0V4kz;>bcHFR^AUdR zG6OsfbSkJMHRWW5@G%dS=*VZRM*JK)c>MKwBR1qt^Jt{^aolKKw&$znmxQ5FJ#VV+ zjNlzE3}+6WPD|Ny+qM?pfnGche5s8Z?uU%YZ><(?4q4SlE<7|esus_}LnbxL;1z|< zQPF~0Yx?}DwwjbXEe^&jJ!zVBP&AxukD+HlLf_kddrvBVdrwnvEdNO`en|cy7_IOK ztQ7Endrwop_|fFvl}tvBWndT{a+3k%LU9#9E+VA%)cYz{)B0ipNO5Mv4B?)t(ZGZ>N38VY-ee<=`Qy7j5j1|%x`42gnfCh^Bg z6W<9sG`XAOC#Et?0GVj%+WAlSX|@#RoRa1fTrl0Yo~mvTjU_WF3gUgZjedjfpGH*z z<#56J(qX|L@=;X63~8XU&B|D+udvkQbn1Oiq8!-~mr+Y`dGC=gNb!w%yRJTpu>O{0 zvQ4XC^bsXX#ap10T0V`2PAM?SMzH7Nimg__C}>;+S^wU!w-O=1h*c5!vX|Gqs~Vl=I~NE5jA2( zR*YGT4K>ydW1QE|?>f0RX}i^Ipe}N=QbSob#yT*u>QAg=(fnFzxkI&d6K7nz#H>S7G%h?-E}tP{ znHeAWJtXo_S=(Q=mttJW_X5QQKI?XRd2}t{E`EQO_s6!pFK!x@3}dbNsLVW;%|0ni zpID2cemgX|b%3<}y1ahza|F$qn%_IyV;LBz9~1wZI)#q8wV@8xAl|`vMJ;b9XZz+r zUOaCLX_tUkz^^svNwmZkg04om8+++!UYARQNHJ2vR>WCyCw$?805OQTXitQbuWE%; z;`RZ1rk80%T}k}86kN;Ii6+-Wcrac31VGcv0gpO~fa4>MkW&!>g}HoEmwh{7!Piar zP`iY)bei`pyTQlzwLg}C`$gT%`$fwjZsdvSck?9xkD2Sx((rlWpGv5LDR+tbMMGoq z0AGz)((+`g=Z6<@ERebHnVy07M@PUWV4-kFz^;@dVksjLwM?vp)+b^fiK>yutCa^P z)+g#0DTSy7ymD1CIv*>{^vj{^`@%7*!}|%Nv&fKwv3Gk7)gi>~VFFSGa&Nw+2qCVx zk^U!%0)D=eBn++l8o@-xCwvL@T#-aY>1Z-?4OAg<^LXss0)_Ei3CC-l$@NRZW6>rFYm5H%+&#XwM4kHF-shQb zMtLD2$9*p%>>(l6&9mRf zyW|>ERwor) z|M{;jpGrURQ~1xn0+*hybQ2ySW|lFUk#SUl6i*>!{Qg1M2DqoWc6j{eCanF#Jyclp z+@Rb>IiI{5gDH@FhxH}TA1JvhRjSpGj`npvus9~^N`kPDm;zB}w2IeNqq0|vM%KeG z1~krO#hW{B#?`5@?ug01>oPN^*mZ;}9Us1t?<{}qj*5&N8Ehh|2HfVInf!WP)ml7W zn(}yUdc;Fz*?&)?<(;tHVJv$m<^3?wSbPz^;^r(B1EKY6e`UErW}Dq85o@05weu!5 z3NE=-gqEJ+ZHe@>Ir;4BZeIP(=Sij3j+mt~G)4UMC`KfoK7B%D@cTIpjn^MX;lN@Q zX}9=uLjT;b78`m{b4OJH!lepSY)iQtpz!u#cPO9XNxYAp;hA#g=wb{$YeKphWSxao zY+1qRZV4Ct%ALPvGN`+LHM=(sD;2())cQm{DQu)SqFG@;FZJzWN3+6cKG~rbyhm&} zDZy^y*@ZEhS1?)yt*P(kh8@H3Mc`J1{uldy7#3U1F&A@3JeTp$g|xH`-UM#>7$4bx z`4w@m91^ekzhCq?Ves-A`!K@%bNDf6AAX~u{qU3Hl3wY?cR!c*^X){+ud=lY#lH$1 zwlYuxyDnr{Cd7lblG}u=H*s9fsn@TkYkAkIYzLz*W;N`}3(@P<{dcUR&5XHi&*rI| z8tTEFq|w(jB$F0;_t8tLS##(o6zaaHe>rt6vABp_|0&1X7v&w3nzLx!>qXaVOoKR} zm;6I>jO(55&>dv}_?a@{Souw9>~p7ue!-=d2HUWGti_6^d?>!lMrgY^ChLvumMo0! zQiy%aRIznWYv<=`(%>iw0WRng_iHj;VtQP#ih{v>-$y%?8e1hmaZ59n^^Q;1sO9?{ z5(pP!%Ni*Ny{2@QZMMuO76Q!)qy~{*sb73i-?HPC*nTm4M)aD}VMr609a{5PTN8w& z;KW2eGe;Xm)~Q^h8q6_4#)bn;O83h`ij9>Z#%{9XC+XwOlyD>j=gm;isjCYM<+n$P z(DVHM{?lZG#o{LZH)g|^9*PE@Sdp@VbUYIQsh$|wMT9GYSrKMLyP%oT9xkzsegx(P zZr9OixcT#n@vPxj*cgR}+RwOx=!pP->5g7bS}jiPeMprV72rPn0v{}EMK6unG5=#* zU{n=Vh{37^?3mMOO2>ozSV-It`TZCU7fY+C*OuAn=kiqU=87%zMw;>C-i)O?Lp8D$IA#gMg!ZS5Ub`x(`d50BOMW^0*NO=q48@{UCXULu^G1-V zd3xc?1t@Mh zXGG+zl;02@g#SV2)?Q#wJ>iN$E>yj5zldBCHjOcx|EM(~!*bEs8G+&;#yz}XGCL^) z9d^Zp-eI$6ccPD6BXQ-VFmNKa{8>B`iZ`P#{6I9y43qYY`oRp}M7jeBl^Q%W3KpE} za5s`hrBY^JBU=?0Dh&7^STCVhXIPAt2=I4JdUNJh&QnZdB{=M;7k#zqEa-#qH6w5q zxi2yAWc|K<9!0~4P3TNj$}o}wq|Ok;f2YpwhyPdVOnq{P&QGt&!i@;su{y5i6drhD zR=vQOZdT%41+AM#W5eJ}K%q!p#i+*Y&HT>~cbK9-Si@_})F~IDlg4s#DRmy_ ztKmd{KBzt~%5`6!n42rLAXb)pS{U|^+N^Z#+quu)ojEfrt61e!eQz7w=z3|Ch&3l2 zZRX})I~5Rlo2uLY)L1L0g#Gym_q$Fsp3S^`#r3z=mQO(i) ztes&tb(y|;qy_H;zEB%_A@@p_xh0>8FNoUxH_!*%xiCQoWXp1t2r_H_whc}V%q}QT$CbyXop4$LueV48{GKXZ4otLI+q|@RNkpy+Twp)INxkwO z-Mu^+f0NjTEMnOV=E-TSlaNAl4rC1LXahWCW2{3g)6 zpR*jr&eWlMMKjJjuZP2GzGCu_l8C8H(}=%DPM!pD2MpHbOcXl(%Q#3k2N(yS9Df-H zhL?Ygg9wlRZXEo9_YWeBk38mkZiEV55sNTn_b{e(OIxDKxu=9Ti=;?jJ7ZkfkPc!7U0vvv#MBGfbe~QD4k`aAxZVml z8i|AFH?mi%7bfzta|rrRo4`UqOV>z`5Gt6?yr-=jBx1=-^*6HD0#}H+H>v``{UliX zB2sZ(B9cs)HttufK?!#Z8JvtlhVF3_H+hs-zW1}R#3tW6$gr}6Z4(a_ln{F~q0*Uu zoMz!{@e25;4d4@;N)nSSbP_+LV5ws=TABGzeXnYOD$$27Pl@blzK4`i6Z>==6o&Y+ zDTRnCg8GZZ>YKWMXXIt|^QMuu)?lhKC+b`oL!Z5w=GRCwB}SFVnlGgNsmkz_eYX&- zvtLAbkSQ8n6J}eRob=>JgHpR?c|519vPUUAfvV`)2|TTax9qg`i+?;M~&jQ&&OnchY=lM=gDaB4R9Oeg{F_B|YIqoLjF zb_|Kt1N?3M7jO~PE_gFM9g9Fq9kH%lzIqG$&X(a}jQf+Y!bkVw#S?N5XAa|gSI-$< zy<&7r-3*irj8-epm3`S8;S7r}F3KJIQdyb~^I8tU+Eu*{?aYE#N2Bz&St=N$rigBg zi-o8@G=^SAdKiIj)X9DLMVo&3s z7vQMH+Fo9rt#28|exze2VA+}fECz#&3b8jwC92=UT+-r<4>QpmE4hh0>&&pDR!6;# zq(tAJ;M!BiOf6Fp@D0&)d5xt6FB(O@oFiBwfhZc?Fej-*8*qt2CEE1&nEGzqwtZj# zR903;2c+ahhNo2=Kwp9q7&@gig|p{CaFGs4ikO`uPsGz*ojykgyYS9`PZ79DOTZV{ zwFZgvL+$|Zj^-L*lsS@M1XH9NhQLSZVw8nAbCeae;)}P0NOkibfuv)HNnn9prk>Da zC=t8mKXv)_mRu%X(F=$}x#hFr?a3#hrXBdeiYxJNl5N`Pij{f9ykhB zhWD2!VkAN5f4gY8fdYJ-YYUVwUDWm3e-N;blu%M7j+AJOF8~ga#YRtp_G)Op%@V3o_ z&ef7V_k~CjHK8g?zHj?m&^(4_*{X3nV~7g2$08DZb+Y{4&cZ84hx?DGZzIKu`Hi|< zMxTELJ^NXP&&c|WOv&H;ujIng2_U)9wur=$_$RqwIzzC9H~P=yLafn9+VcNOE`VqJ zJGnqwqgs1iLQlGU*`yu8338>rBmYt$hwb})hs!{*~>RvSRpAvp@ zEaZI2&Etdt&zv;w779?D4YQ~PzZXc`8;K|Xw4;7ra~XG->I02pH{Af_mwG->vD;(a zXR02k8b0cPmLsIRkLqA3tlVrO8dhHz?!YF+mj?*E4TB9>e0|Uk@l7$34tEx3?QM)B z)MP@y2L;0h=N(9*HT+OjuUa7GQgT|H8IQ+N{Ywu7`xzguKr10f(6*HA9wx7goKVeB z4=3B5v{KCEr&(-?&xXuOj|{k}p0tb-BDtP6mqBF~HLZCC$f$#InB}7X1tx$&U!NoM zcd!SN37OgEqm^C)jE_f`xPMywkniMH?qZ&=_GtUAj=C%HM=B)0(`ce~YiYSxY}blf zP{J-LFRHR@uJ*2sFJBG2wUV7`YKxVBzZZfHz86v@O!Of|@O2zcI~qqPAhIzqF?4<8 zNJihMdoYBX%@foJRi(!Aa@N;6J}k8x9puO#THJ2gVr=s=h8_Gx!!1MloS1`dM%%&j zbXzE#Y7u{SR(&c6US_;f`9Sq^T~z<-)-JZ%68iDbqVH={2%G?B!K^lGH**5f={93zk&;N zkiWo%hIy*^6P7q`c`zWiZv7v*^{%_;&!{E!f53%p>%oLuQ`Xjw`?o*BA)^TB;_RBp zP;Ql#ol1D>jylwjOvW+r!Tqt&?YjS+O<1;k`)}EV{J*3_Hzu^p7@mJ%i@S^ef-Q7q z|BWq1SN~v(hA1g5eY@w}X^_y^3)IT#P{C?o!KTEu^8hp1Hm?eMd@P+py7gdD;} z2(ZI8cGsX>HsS@|R8&)L^Uvfe@-m0S{1499$B2==Q=uP=#xz?NbPiYfELo)b`|Y6! z=8{LwiCeLr44-*ctJnjDXBy8(C^>k2X$rq2z`}o1LHB$ANvt9UG=Znk-HD=n;VbXM zrBzk5v?NbM7{D&pK25mF%72#5M-+l+A4k%*ZreoNV-I2!D=NyDpNfz59HBwFL63Rg zpWSq4t*7>2lGn(j#^&Vb5hTon(Z>he{0^fdq{0csLJHQbC+iOai;Z2OmL80q)7Y8XPM@>@030H}smDOmDl zqLPsn%qTp@tM&=h78#2qIS1tDs|-2kw_l~9C1G6Q&hdU@i!CYCA!;jD?cHJ6ifPX) zhUzc_+rdoeNmVx=0kc5f$VpX3l@4A4na~+b3t^KliE&K(FQ2;T=^__J+-eOVM~(3p zyK|Qdlr(6U9Q)daEI?dgY&^ky*_bzr_qvQ6JrWr<>c9`d8egurbafq_I+xlJj#JR< z6`xPf=Xp(eslAuxrX-a;$g0#`9r)ME)wM{q@5`s}9?&k0hUisYw4?1b#6 za%olnxyyH5=c8lH9Aq8d60K$6bv}X&ahaC)xiz@!K(D%B|bsXoNEjNMXQ)qcmC$Lan z^b(jcT$mD=@yE<+B7x#QzbIl@QcP6w|MWQ@|F>Y`cTO1DoziRCxmuqH3RPF!FG3D< zLh3G+Xai`JR=R>tA(zbJP1LQN&L@cHpQz32R16eez7jX7ElXp3?6*Iw%%K3Hf4w! zaa$FYGpw$tyob~_|3K8O;#*e)t!_%-NjxRV?c*`aX0usu1^^z7x?1<593R`0bL2hJcaU+LijpVWp8O?j9`)F~~Y| zE*}Y764ok&PBNId>|dNrGLiMYkYBvH27g?ARM0|`Sjzrw9o@~uU%pRZPrN*fR>JSK zT1bbr!^B@w%WSls%Ah$UBb6Cv1fWa=5DD1I7l1*iszH#W!SK*&t05Q(D)*My7xS|6 z2|A)7u%(T81br;ZMOo1KbO=?0CJWPDx2UZSF9RYaUD%8yJhA?elG@lJplqU2=>Ia} zB!-fPA%{@SL(IKR3Hs`daCtt$F(Y^cQ)mvpSJkSONIDfCm*yl9u~&M+NX@z`L*1D) zH{(+)j-Axb)bAIj6!Xs64A3`wo@eH)6<&cE-IyQIxNn(4Y-&p%uI_A^l2}niw`x!@0;!I-PzW| z@B3GMf|@LnpvyYjP=NqvG@Advd2YuZf3k?CC#nGmslBI6aeMr}V9?UB543a)u(bV~ zMIfT5^Zr2?pa0Wyo44O-+`#$<=~Dbp7~u&0Ty+H^7#B|WAa+FE3xkiE%Et;t(s)Fm z_2T8DBaA{NqBlM{|AcTz$8?)e3+G7`X(T0%=%eM1$I1T>fD!L<06S2Q#VmrephoUp zWj*y^=LxHQzdl~m&W%~u6I#_}7DXZ@n_H#)}A?JqbK#(`Brr>_~AfHvgO)Sk^EgYCY};#3H-BcL^igSUHOwmbcb$d zli-^GEJ<$7i@w*|viAMJCL|vL?HXDCXV-X#G4+16YV^ZJ)$%Ago9!3ta|eWTM6|N73pRahcJARfs4Cqaw0G7vF{PdSHg6607jAx-7P?fm8 zbq|8MzQdWR67X#eWdzCrGI-tXi$U#f?VJ|l z^%4&J%EU6~3}cZODIL|U)XzlYfYghdLg5t8^F3{BRm5R)4Tk2(p zM$;Q;3&CaJ-4!2!)Yh1;l;NjCn?=XBh%in|YJ^fnG$Y~fQdrO4Z5eQw}%Zux2@oQH~ z;BgTqeusR2;nL51TnYC1eWL1SMH=F>x*Hmdi+)-TPhFXUYw(E&BF|zZ%P5H zGGzQ(Sx%()*ztBSj?<;v8cS%0;8%ipXhvNUEbyjz)`lGXAc3Nc`+T&v8qv^mY$OEx z2Qe6nz-A^czmoXhuq~!h)YgtvHe^|hbd+(md^~eG;yxEDs6mh_RLkE03nil2KL%UB zcoRTsjv1N5XrPG}(tXA>;9_mH#9ZI|nTi=jGI{Z={_BAB$1$P&7ebOren?(tcPWqi zeM4u-t_&xybnnm7O~*|*a_t0-Uj%f_7aL2W7%G1~)x3?((_u+2xh5X0XZuTG+qykc zk&<&%$E)&t4u7>K^i=7cla>7gv0f?xL_=fFWv4+b>+SuKNSwL`@yWdeuKL5*=_8J{ znwjJyC%OUmC+@F~a+C`r^TR1yvrPGZ%vm8K?_Zt55x%iw$BUltr(&TfMwM6n_+Em| zJ*X>kr?5jfM{x|$^N?Z+8&>ch^L(MtML7wdlRb%_9M8IGI+IuztII;*&j;O@8m?cP zq&IsEDKyv#i^*3Dv!ZA5IvZJWGT}gJp+d_M-i76Nhi&4Er4FGQ8}v;l7Fhg9KOV&$ z=x%50Bb#KXqbv{Jlhq^O=D9=fM@`yhFr4!pWa1wV^Mu;HO~TCjq}sD@#tN;i-9l}2 zh52v>a-7$kr9)Q5=r_P|1mpea8?bS&xW{wbGIgXkKT2yupxyYB zvRIof()k44BPiX;(deh5vI}J*!ZqZ!CqeBf5c`AGdSO7Mlgd-{=_H~}O$-axW^Tj= z-aADYfw0uHm`v>znqZq+Y>o%6w@Jw^;jeg0*u2!mr`sX2sjg+KQ)=iO! zj^gmf)(eck+VW6taMUn#40r#SFhUiHH|dh4hZer#m`MAAwbg#FGlpg*`fh)h*{W1K zp+Abp!qBW|A$ti@B++<_%1A^!BD|pM`w>1_HAV;>@zuKz^n5Wh6=E_>?JZw$xj7mK z|Ed>Yd;{Lfx}(S2Lx;-?YwX*qIdr}p?_31;E7RvUEEU@z&o9`mI)ZV`7aJ|87dfs& z!kk=wk|g>RLbjpYj5GG3)YvbXF~7C>?4o%|k{D6hhQ4wf63R|i8n6%bI@n$jJlT^t z+_qHZZiG?2A(kGsMiM-g*rNBKI8!lo2X1IJTj;;=PUM-FCm%M&W(iCX-Kq_9 z$4x#cV`K_W5J?23i}~3dHpvOQ+D_!*>%7k@&H6Qdtxk^<0+U2m6LghYsoy3Ki> zwKU1ISfSnIm?VwEtfh{yNp!fh?qwAO&m2={`i!-)=>90{n7kTsBV&+D?aq#n^r8h# zVFEk{6%O~0+zUywtUcDs%>Zw zx2M5?X8%faX4D8(bP9=}5(!D95(#%S=`APRa$~r0--n6st!9NKY1bu7|1et6tCw*~ z$BrL>Jm&RN->XsC^6MfX{-Q?p!-81`@B*5Y@Kv&50eDssGTGqW!PNrU2{K!Stc$TSiXa~us&{_>00lBFuGO$QH4n1Av4nqpU1_4 z<*zpT3EV%n>O`8)ACi;#%m(?#kM@tHTsPmH+{;S2G~#7(Tsq=01=mHx$vK|_CtD&B zvK*t?n^_}?JuOaUpE3*hYp&Fbz#|^RaoZ_!_}vtRLmsJrxf?zreq8^A$u8g-07k>_ zEbIBerBf7q$Q*bDH}rXjsEMGTAn@w@Y{7|6>#FLijQHI+Ih{oj7vrFMb|>C$d@M{8 z{LyC{^yzbs-Sv(XdztXj?Fn&Bp_nm1ue&$Sv^^uUrDWxb#{=ua^Cu*E2n5P0+N=Q= z&XQrVCH2Fya$Eu1V31X83&%M2%kp?ES+-Jg&*#CA^yubFu-c-p1j zznv>|OnF2|@|AVVu2dHUkdd6ayb&l^4$+BSrSoEmQ?mr0h5sBU6dFORPPAfB!Nw~A zs9;0khMyWt$aVsAseF%S^?)@}U~e#69c@Ao{)CoDRw^R8MJLedqlN$bit6;SBJ)TS=R2vIAN}8LXji(*-9os$Y2E)7 zVAdIy+Jg=ww(?&dsa6u)%5x33&rC|omwD8g?892z?@Z(HV(sjj_ueDvwTWfUvs9|FRc7IyQ*I5zaSHpYV6{~kPyQU4q~9>*kluMHS3 zkQ-Aj&-%7_SHCYso84{Y^yorp{G(9em|#4I^5&U0ptKD#mJ_{7v&%kOU*__wEXbH~ zZtGq6&2dy)L~hyY(1&ijVg)zb2tB2R7q%zE)o2j>oVhT1zqMb>)sr_})Cpog$nB{B3l3F`|-C)v~ps*y(W;abP5h$V3 za+u3>|0>e}bvuiE+j3YmM?=yiD_IuSsJW(8xl!>TUumVsfg8T}VT~TZm`)=Ef4&*r zRHa}6ZKdzt&)3eKxy~dE_5+aNwz+Xh#rp28Id)B2*3P{Z<>fLKh)`=fE>^c1KfeAN zx-MEW;m{g4+&ZX0(Ik%1;$IQXhTf|bST!8@MYo9I^EY^;ZrpwuuCQLE4L}H3Nig;Y zH1JY01!K>;UIj#34j{R=;x+QfSvR?ddP$b!3s4g&E6$A>p-dy_i=bWIGj22T6G5|R z6kao*oxQ7_eEtG%Gw2x}nxIe3HQ26p6zBeO^1CEYkso@OKgvUMtO^o*ry(m+cx(9z zPvP~$IO$+~Qp2tVs=I9tdMlj`!10)IoF>10_7ow3f#g4a0%o%QT2mZ-s8fv3?->sE zb`RD@8O{lQyX^}z>G&m+fUN?ws;~>U1`8>4Kp(pK>4|S61~&<=ls<7vCw>uK-}^un z;MdNHXaT+@3&o)cHL25cJB?V7xpr0KML+Hb_7+%}W7re;oC?LU8`6h+I#cP|xdK1dUo*=aeLSvYJ+6R1z7Kc#BcIHYy}G~SREVff~V z)+zW?8k_asD!xqMPie*cwE4l;7zd4)I*5a(7L0(0$=A5T--zOC1+yiG#P{>hnfmqW^C`SUm|{H0BQO4ZGfPkmA0W6wO4JnAh1=))qMHGN zprUnUqV+xss>9LzF6B@S%Rpx8LQM!FH z8*twBNp2cm5wonLwhp5!EKR~~sU54_%|1#zXD(z97$K+iWj3TWUX7GER%+SjFw984 z_g1Vr<=N-(kCImg|B*b3-r#34KT4rKOA#OAD`DbtMP<-%D4yj%AEUNyQS|)`D$bG1 za32ZzO-}k^)|zzoR6ohuFiLB@zg|CKnIl@w5xJk6x*1b8D2ma) z=vOyDRM&!a#@>R0##SZ;@*Xsni%D4&*Gf@T`3`BAZd%f&=@TZ&5)r0VyDVm9Vv3py z9yBSkJ}d5VNuAJ3OWBVzi^BSA#MgpV{=&&v*1eV@^Es(vTf}EoS_B1co(Uw=(?>Wd zmf$dkdeh|$Gh1FUN(1}T@a^u|YGy!w#@Q=pIcs%D-(!y4(FnWRXZA0_J3Df9PoK}o z=LhS!;w3JvVM(qJ8h+THp}w^yVQu7{dgedX)ywozb=EbDMZ3mW8cS8hq)CbSh>Vry zjpY(sr)4I;HoeLCxF@@dLb5FnE;K}uWK6RNLW2|$Bf9|hgHVs>kxNm9(Oilw`npIE zQ6^x-(LTb5R*U(hZM8T3zziVP4 zYlv@gL#@GRI=a-Wo;N*M?tJq|f8%|Z&13r4YY$GKt2mCGRo{k^fgmL=9ql358j|y| z@eMww{AS0N(${W8l$K}^R@ZO2mKN^R316!<8Nd_AvJ^s|5a`QLD||=u*9uVtSs{F= z%4_KWfxKTb=0$rWk)Emek znD+FevMi&($wcx39qoE=t91!|OF)vWj$)$(2CS9FR_pR@>vC_bsI?;lv3$^$d0%({ ziUkUa#oie5M&7<3q%N-}37U`&>NAnNl9B zseifKnrsI%=G=+TsN`A+4lcm3|CW_{yS#I1$h)y z*?SI@=%hJ{bd0id8u%1JcIxGTR+?Fb0|)BuU(=z zdKh>$4p#qZFjEwaC_nM>$oLm$<`nMg^X~brEoPnW^+)P$&^p7%=S_-i^!>&zXk4g& z+;j-C3rJBm+?vv8H$7e9Kb+Y?(0Gi`U`S$;ubAMq66a{dUc(G+Ds+#;KtaM;5S9cw zI&QAJ$Hb?}hJo}M z&o9Fddz%0EaFrU$_TR&m&Gp~msz6HbCqd6auO1qdePHdxVXDR=gApbCvKpm;z}dx_ zZ#z}OnFDpfVoYqwgv=KN2rYf+JBEJGlx zlUkldO*?})7v8%J84KAL?zMX1mT|h1FX!QPq($u4Ucg33p`OXmM7F9j^GTgA2GzVD zq@yQexy*3WT0SEK!c$yk78al5$8VWn66#~W_u8P>AZ9IgmGU;~hTpPqJ%@YT`o$s* zM`&Q2<9JxXc2qLl2aB=xHFe5oqW)U&3(pnBGxO;(LU?}umg&_x zShEQ?v1*?~gdSqRm~a)kj93tj)3kwIVRT|pmzPn7S32Y*1-ypehudHj9WYLW%!K@IFc&DKkCPNe zN;MFNupt}a-|mo8*2|S_eCNthm5S*>JcPH!&C(Pu-fZ!aE-+B_dp`&yLFY~bUb~Kvd&P9 z)~RqjVmZ9`d<)V*g0efj^VC3U*}0SQ@0vQv`ibYlnYqB94A+JYhkffp3VI@K*bZGr zGN;N`j?Bcjq=OtQx1@{J7<&p1h<0R)`=VadP#B^JovD+$UwaTOB(C{@B z8eMc=_Yz@tdgBqMAVND@zu*{$_NL-@W7JP!+!OQmBFCgz3$z9;feIguWy=`3YNlO0 zQEUwHnGU?KbaD+sXE8h4dW6Tsl0&wr^@?yR4kBB0+wt6>g4u^l-kQU>QV8HPU=d{Nxs&C+jw{Hf-FIe|`K9nejx zbvch9q!a!LFXPJq0+dh#-;b3qO^x^g)=lzUirL2xCq6fOBf!p%lat2bZHU(rdj+0d zD4(~g+2+=0f7?KsrxnggF}Pc{%lQ0dg?^eNSTxwVK1W20+sdx`C)UEnD^)Ab$GkBlW)v0>LK*Y zh<0TrCoYTfKk+ODfXLUej+ZYcobrTVQGM}X=Za1$6&iKp6GI*EOm?Z-Qt%w(#xN(@ zEfP&t^xSpgF-) z!Pm_=abetDX+7{reV&b>7X^4aL7xukw@W63;!3k?c{lzv*L!^>YpAF5(E)v2Fzew; z6t11MS#I|tdS|1W8_jLvTT**utMtFRv8oA-L}c_{)(l^2_N&};Z9^g)hhDiC!^5uI zeOskN0qY$79j?wa%Gi1CAVe|oy=9;7&0Y9~MMF6=$@g8`)~!yQE^8gKr-9wT(CT$m z>+Qoy&Cb;j)Y*v~H^wb=+l;P3nwp&}2J}^v;rm}5hj{mZ%=Q|%rP;R*QFYY-~BXc$X{P8XZg7UHzXT6Ys`JL%0dE#$6Z`yEYTcA<|2kI zdVQEN;cE+Qd#2zd!fCwRWV{T+0}RYXW+1LehI1MH3NoB&mJshYZWKbs_}H?3_DR~i zC4yJZP_{KaV5W>nH94!1rfD;ssG#@c>nmOuxwm6~x~5Zf?Q+rC2PAi@mo;|;_ZofJ zqtCk=Et?xE{*CG=>I~XAon9SdoeT5=S)0q=n|$Y}K^A>&b(ErqvhOqC#GU+CWDi9@ ztSl;ePGAd52?dbs=6tXZ<9ZLhG(^I%4Mc(N2d6q(3%2^C;|dg( zq$CIm9)fCvEhtFfnb!_K&=eGIp@h`FvWF`9{BHV)Jt0hxPK6uBn4su=mOH}D+Is3F zuv)CpPvQz?c{OO~16J}mM7&oKMhRrIRIamXiHErNmLC899;{q~Yue!phIeAYufV~S zMzTsW7+jD)lf-y1Yu9I!EcVEwuKB~hHQNiifQYMEH-DgJ=1(=&%g6MzcE$Dq2zw&X zZ*Cl1>I!=Cz$-|5DCZof4lk0z3&GzCIrCmHf*;UpNiHy2ztfQZow%2Lm#4fSc(>OV@85>RvSdAOU_0--;wtC8*- zOFkoa=#QJt?S8XqS=FP$ur6(r+@+XJ+Ar{HzRs7KF1Fh}r@5m_Brv0J8Th~UXHErs z(PM>>@DIgg^P+;qqHu1E>yi8SsGp{gq+;4#EsE+s)cUOAkCWkdtg?2@E;B6gdcaa2 zVJ_{BFXhd1L8N!xSJ0L!(J}d>mN0LgkCL7BW0UvGF6+-aiN3T;7;n&4D_xV#8Bu}d zE&a7&#Q)kbUcCQp!(2*S^YQIut~p|CUd8JI>SYJcriuJVKZH^4rU)u`m5!a_%E95> zy$YuhQ?tHeRZr+Fw|YUP_{r9ju7t&GgSZm|VteA(LOcpIY^Hs^RuiMRgH|TXan?#b zI#MZ}T5hz_4rJF!P&UlOQcjC12KCp73D&CC_`i)9(v@IM`hT35795ZhgO8Yu28R0A ziTVAfiP=;9FL&~9P7Ga&oHb%V5bETAHFPn3cZFxcCATHc_3>!^YL zB{n|#B(@0BaGTg*dpIQzIc3`_h}||hhN$dI@}Cop*)BcRZT3ZNH{}7dmKJx0HKSY3 zqD=0`faNMtz~ui`x24ncUv*phf9tlq64Oooqi)Ma{@-I_80KhD-Ink51tfSRBFL|P z!q?k1KXrq>&=|P(#%#YD#ie4Z^$Yx!%gLTU;8X5#ZDyuIa+yjm`pG2uZQW_KUr6QE zI0JbTU)*m2TC=?t##Y?M{SB4t;puS}%Iv5CbE1wvf*slc|8T&29ND3^l@)qAeFK)K zeNh)}s-dEgp@f`&;f}XM^6?_3i|2K|<+|pv#&MeH-_)7gbnENC>Wo%Y?*Gn=>;3+e zGG7K6srq)SnT_lf7`|OmyM8ORT@wrI6Z5WXt$79SB{^|VlF zFD=5>vmq}I6tv<8w{Js;bfRxj z2-B9v;OC;?z5y~l)^>QyzE+c|SnoDsC_u63)33=-~PMZjDB*7nYhuWLS2s#>cPF4>bpZ#NHfXK>Qc&=qn1=qs(E6z;SF`*a`pEds43*$Z;@83}R)Op`s6j9&*ci0R3>{X?dI;_WMoooFA|z za-=rJ?&wKF#KpI(gy*hv^d?y9Tw)hY)8z9w3hd`+>Rv?KCeMv=_Epmjk4-#c-M1#2 zD6?ZfF}%$qpPcu*NGiwJvxz5lvArrZ&+XQzj97!aOQjEN6D12(Z%1z#aV==%Bkh3KOo4-l?Y7r6>rM?QQs03@je(?_6qef zyeZ!+1wxt*A^N#RM{+YsoAY%*)(Sb+xlES&fyGG?+_S2ck*1Bcj=; zeFanAJK16|c|RO4Uw6U2oemvpin1oC!0xg_YrSflP$Z{f_pjvXLHC+aG&MF88Q=S9 zFN?wg&w`Lsj^ESm z+5kSFZJVogV;GP40OF%VU$bimMNgHPjYX=7#Y?$?qRAo= zVf9MuH~5UxW$}mjKK&Wfk++L$e_P7uPBd9|3Yq;_DhSRop8TB~6K=XhZ zz!2e5JrT1vJ<5klUX2Ek4)vqE--ZT@Ef!g`)n@2Ir21_U>t@= zusHl|nv-cA>o>Jt(otl*X1p~ zImRib{ZN%l))|8fD1aSiK7-Ew*g!=igRJMj9rpby-^{A)R6%go;r>_J@g+gNfa_UO zXv$gin>&k(v?Hy~Gx$uWn|*?yirz-W<)+~HRg?Py$W7}~2wdx{p?l4cMiSd{ zTSu-gG8gWg>do@V@+N{`M>4gaVRUXivo^E5&D^Yct&9uzSL!P_C(RYS-3!;wGgrn5zjk0vX zaJcKyxe1Xj9pSHxNr*BCUP==5X<$7#^qZZYe)jZJjD3ZD@6^_&kNdOY3_Jd@bGdHt zim%!>Bq|CtDTQK+&nycULsK(z;3U7}Nr=23ZRuEcxEG3`G~Yv1Y=AT=8i|TtxL*YYLaI6z} zTg-^h@Z#qpUFB(giM8&twUkp}neNM;WZXLdT+`sR zo`XMt2Yz)wK?OGnR5g&D9oN;!3YIfF{GZN{dZc(5-pX3%UhHbDv1+=Hj z=zJ`e!X&K*9+~y+0Ucaj^MIo8jzg@!UF~$ zJj@>rfO{YQM+GWw0$ zRt59pvdlASle5)%8AgzELX|abs)?Q2%JP3BuZs=*kbqEhQBPM3%OaTzIFi9BNva6@ z?O@3?L3@C5PcL(!uYNufZJya3q7hhSaED`O$1)l;pmi@b?P!Y#cZ)UMDK!3O6@d@DQSWy!VjF)ate|;b~#4F3~h`Viw ze#efz9Z1+0y?^N+*4gW@tH|Vg14^g?A;3G&2@Ze}xuYY%gG~X}1XuHLY%$;lEuTFNg8-CF3j5aRAJYeptWGQLy zfg4#JS`)sUoJg9K33gf^zO4Azj1s&B236NP&` z=Y~B;Se=Jum?oX)L(zLV0~Tg%7YO}-v^U!(+tjN>e^>IaPZOrA<- zpofCE=`7jFp-@su54~=KDu@H@mp)TK=(tFg=hgBr=)%vRL)*6M&%{ zxMtpf^YV5aw-W3CYmWP)( zn(MEX6p)>Q=?*x3QEIzpeRQB)mAI<|9+^6xF??I!{!$a`RS_B}-?UM^cmr^;I>dju zDC>O!6x6f?1M6e2Y0o;)uztHp#Mf1CC-($XOc3FYw2QH0z~j#_v_bI6OS0wYEeuy7 zqErRl_&i};!DI7hQ@bKo%h(f{=#!j~CzVqWXe){imoG&-=;v#w4 zH&U#DG>@jJKxeW&?Q38om=u@A?eO{wo*3K%=BSH2c|zYb=r1>+ZUH4VX_vsIqta~v zRUXIhXP}l(5a6bu`>U}l>X94h$2e+yEO4*n^S&8sw;R#UnyGSVH8(e$+0+xDVJ&3RTZ(RvyyUH`OCVaJrmr?*Is$dGX#Pdx6VG zb_(|!Vq_Z#Zyk!=9WwCT0{vCn-)<7ro-aI-A9;O)5@4G?6L>O#b#$Jf8oo{H*OaL~-OdNUcp? zXxJ7~<`{Arz%;5+U`sOag+_iKC+--x_)}FggG2dnxzF)UM?=t6hT;tXm>2yD&Ga&( zJ$J@E@_uo8TDlLw$lHD08QZdX0-C%h$dI1`vwn;*zA=me_eI||MT_`=BwoNH2Y({k zo>$9@@@oKPUTi9W(b{M*Lq4Gs;kBc!Z5b#=#xT}FdxLJiKL%VsIyEP`?x;8i#LMb@ z^!Pb3pp#q!ewUlSWz;8rt9hjYU)5ZzumN7KyU!R=JC(G-bCu!oK%`K$&8ozJXKHoJ zzjrYHsW^LmGY=KQzkP^@fXic*&h(HC52veOtl?ErHh{-^;4SDPY%dR{e$9~YK@#^` zLBgoai`df(dR(eGc4%V>M-2>jKU?8LTqXKXl!r7Hn>XX!?YTrGF@iWa^8IuLWD2fw zTG*dql~u7ok8LQHk~D-RmC^e8?@n!>7f>EVQ7;jrzd>88jpShD;wO5q4U<}F=QY1- zMm+(u5`mT^kHG!=d2-;0jHp@74oAi|BRA%LMZ)^R!Rtrr5WSb{is@E&gHm{BAlA#m zY=kdDX8#3cP~6s}c#}$_f8uGwiSl+2ZZL5eCI(+cyE0_pbeZln|AIX@i_-zXZotT= zeL`hHViGQYCtjF=f0pK33lH+t?x2H>h2Uc4^ui{sugd+m#zwkBJkB8htTguWgHdnA z3FCY3!PiYf%L#$1VjdlaCpazJCpV1WB_X(ZJnl5t1Ea4U2s`L`p1_8N6}p#+@pS{& zK45}O@ip*gfhI?YCT55bO!5%5ucIn*VAu6mS#$|Hl7g4hI&PsGfmOcYmhcEEZzTFI z+?z&al#)a|skgz4r%UY%M9IFI!0xV8G@ofyTahxI?XM&=p*XrBWP-KL7~ij+ML+AQ zb8|hjofbSkT{$mi$|I*ZrtBR(b~d0WI%B4$7AJ&R`lc#U&mDEBe9dF!`SNDj@UVRg zFm=oWs*8$L0VS_J-G(E_al-Y(0><&CNeA6&1C3ei_N)hw9w1l{?moa3c&(a-^sA&d zaJ(-G^{y-y^=q*=g&KaGM=|8uNECimj|;xXnTrDeNV9=wWn*m;sqYtCZ@}R94S>j( zHLY}<_`v#EY)dlJWC!yjnML@B12 z`)$xF8u@NX*K=L(r&2oUZ>cTAGN<8ZRzJN~;lOZGKx&Bxo zt03&6vM3mITC6#b+qS22{pt5Sw>V|OLS@A=WZc;C7Q5DiFCd8Ms_jbtNh?Vmb>c?8 zFLu+E=4uXO+cX2O6!kh238AJuJuZ{(jr_`#~=3D3Jziw5~GjT+RkHag1)^bWs2NEth!Hh#`*v%Lh`kFRVVo!>Kl*;)M#-R0-vUM{g#uy-Xa{xR#CjqzDf=ceS?_Y%llYyZl`#hljD1S*wkEDZ>`^;dKM} zYw!YbQlw!E3^kNRo}!XQlGwXyAaKCI)srs#0-er>m7^zS4b3&+pq6ZwzH>Uh;Y&MuzdeA%ZRS8#;a;+M`3QdtP*%CML0qghTgquj!@zt$Ri} z^4xsy2k0V``lKmJ<{fg|v6ANWeo!`c7WXzGBO2`KP?-OOnz09+4=q96<64I}e0)mSqZvF|}5pveFk8oBfEseNS84P2_JyeRipKsXN280xc(pJ^@M7C(EJwrn1=M z{dJJxR#rMnZL!A;ZckK8F?dfvIrKH5;v*>=@S+~&0l1Pj_XHr*$9}qazwIol9_Adf zCQIJ(6LlSt|6(}Z^VA(+;6sH#lw6-`pnz?-BV8&$Jyl;#&#KEQKT8e}tY;v3qsfCQ zHv_iJc@0oJcZ5b~0mt?~>^0m^-*%1cqt*L6k&SwfcO z^mq;>*i}5u+b7m&Hd)ixNe)eOvrMIn;fG@>Zn$}&k4hzstYIe*1^S+X?I{VwM=Bj9 z1yV7-4~&mn(7z9e0&8Mr#NS&wer)(bf>r5dFQ%RI!++3$6~hR&WhnJ8DPIj-Rm0VK5Y8#CJCRW9>-uLvfcEd=NdU|7ouM??*EFEl;lKniZSL*DMszrx z)!*1d3l2=pxh~+#osX2WnF~0b2a=$4q+prx-k3{0#mr;6dGi_oRi~FmR4I*G^ceMb zvlybHApCwc?y!<#LDx1qdUI0iAgPy7t1%i}pXVxWur^+LY!AVd+kDsK;rg;?uaAro z;rD@_?AXRMkqvxh=DR0yFGeN!X{}fYb!oq-k9N#hLSJ%!<@F}Yzn5f#fj)tjXGG&b z_LdcjCrgaH>{mws92j0U&P=-f~9eR0aS8c=M8mZ30J^ zJ939bllqPaDQt$g;oA6P>@i{n z<395THKWXkUEz_Nd-oO7gUa-{pnDbt@;*TDW|10S*&?iw1299vl|>ua*3i%lI+TmR zPx{Y{ii=|><0aOCgFv0de&eWQ?ao4D3f!s-4k*)jDGTwVQn-0?9vy@tIgc)m$B^I{ z)uNE%EE`+TiEmU5guR#$CG?7LWFfzUX{z4h*E@gkx6v)>6Vsr!yA@UB`Ua@lJasVG z`4q|&R?NyA0_)NyfoJBRsV+fAW*o3zN;2*_Kav~MoA>x~G6GMWt*I$fS(&6M)EE)6 zz32&xCVyQ14PK%>7rzrGa%iDMoq(SNMG0?;s08?>-MvgJbd*)4;YuVf0>QXnrFTDq z;hQGgRdPcHokB(fgy@irJXkN%eXQR1CQ7T_sioWN>6hN)GM6D5_*diI^pDi_&)0$m zd=&$JNgR;qxPkHznq8_iNLKbAN-1l9OSb>QyOY}oqOicM4o#l0<_UW8y;PJrr~zB* z7L>1m`mutSKv@_^)Lf}it@V?HjXi2JLe)y(nNeZp>INi$?$GAFgUWPk+ zTvA23JtEC@SxZTK^NV|q)<2#jhbS3Yh8NBsRj<4tIh$KD@o|x&>L_%83o}Z)^Al9t z)#NS(t9T6?PrX(b?rB zZX0hu{BXP9o;9+r4NXCsmF*crYL1Zu_u z&ID(HBUmKb5at~Wlt#B0#~R*QCK-~Chu%4U_#Ve8P0PfOyW zQJI6{HLDZ3{Q_m95(`VJ(h_5UlIfXY+R5eEvz*{c72xGuW=@=G==Q6qa;bsXtp3%{ zelT*XsDf1+rC(OCUb@$KM_&mRwTXcWK$smz)d;I5O1<#LOoZ#wQMFK7?L5GWUl5U45twSc@4gAYgPZ4&^!$KdYmrAuR|qi$o%B z`au;gl1gf4z=s^1yyzC=&;o&0Yu7IVsE8NCvg8Y^#ZqlG{sY$Nbv`Mom`E5_4xP`EO=s6>c%$mCqA&X+rPQDmF`z9 zB;IKtrmBh#PGg_)l}NKPs_8jPfh4wMnzLI0rH3U36yMdOc#P6BpDG6&qTrTi@;^#vr47Gkg@fcUy91v$k z&*}F)Tnx_e)Kvo*dsuxG<4_kfl-K@nI+B8^_)&h?jMnoZ@CsES78d+TRa7(_`!p)< zfo3!aWE+FJR4FQv?7{}I>N#mqHmrSHEmtoj;d z4Eqc&z0T@phxK?5bW>Si4#Krv%9O-BR6BpL>B zJ9H*a*Bb&!22cm5C*sZ}Z2sbetUh+58$bAn7cU>5(*@{ty9-CDc0GPYlUWlPgw$4= z4Nz}6rmn1-!cCfA?40ngNx##v=KM>{6>^4qnmlqZhc#h+kzsjJ8c2@naj~~X#oxyJ zD{-cbHOOJ$^BNro(;>IuD1*PDpEry>@M+<0F`D8*27mJ5o(u&9!%T>D?D~L%8*Sh2 zb3)c7d<$BKl7=v+m7pgkTwb~`E--%agNd=$GZueJ?S##RHnT885~Ti8_X{*2-@_*t zt*>Y(&sf9qdp$~Q5WDN|Ff>GE`ET*|zuTRiMEr;C%~k$~rIdTJ|IOQmOEVXqK{^yD z78n{QK4i&;#)+-CI78!7cE+|mhy-66iq0j$a@nek6wAA`_+o)HD_bZgvoeI9&k)+$ zDTcTzYbmqm)QTl6p0m2DWOJR}w4%+m5`Lv1rNq)$ANX7y64iQWrdK@jM~*kPZY-Z=rT?7^ph@lo{;5?8F_O`XL`4nbmlhWAsGJYvuol?_&b+Z z9L5^Vbn_=+%%zD<1CohNvE94`7xQnkec{TttT+5OVIKV%moqm7fkhh zECyry3}(a?PXC4!@4S1bb=K6r)eLi zx}+>vApf;@_V(iX-`!RG$K{l{^uK9KB134L_;AR)Rq8k{K%OSsf9t~J{MWE~EH`aJ zM&9_~+VO@sE&O}TC)rfJ94w2;R7TDD^nUEbkh7juL@x!Ng-3tvz{MSq_6iouaXKTQ z*UmH=z+(HIPJ8-tN3eyru*!bot8B#%ve*G`#kcMyq5;GE*TA1nat601BLU&qE@~*l zY4@K%PDPYGOD81!kZFuc_mw7=Cmot4$oXu`9t!>a+NC`G?+smNJe_cr{vz`~@9u7I zCh|Y8@;@!781#QFj{&T+wXt8;Qg#};$Dh0~LWd<G{*5ixQX$R=hd@rzMjTdG(DSs%E=Q8OI02EPBX zjz=@|vt#eYiv~ZxL2Y^%PJ2Dq?YsRA{`(R{ZnvM(ntP!^v-(b5onYj*?B|$aEOaWd zi0LSCb!|?^IB6uXpbG`VwjeG3#{$1UUq?$DFx5j^-0)WNlFoo<8(Sn4lcpb-9Av3@ z73+@!Hm;DpMTNf+D5nIy$%&(3G*R(wEX>e(?v(aSp5D{|Gf@p}Xgz-f^(~W(25Z3~ ztQ8KdXN{iq^GC}>0p=gqO)nZUI4FyYd)64wK-%VAnr3tMBWv~D>(&^mu+ESF-u_Pp zEypp#5Q#Zo3J(T(3(HIIKc%IRixNd7C;!d(XCRK#z^yeJjjAUhk+qJ5_IqY`i@h;@ zAWUbgUK55}4RuNq$CWxpCpUs-;4=}Mp=aahaeVGA6#HAmQ7j~s3LqwgymlCz2w+0!U8J|R;KyULZXRuR_fTV zTq@oF&0zbBrGWl-_BP}C-|g+)RsN5ql%?PQWf_8;36&8)H{Zv--#xnU$3Fd_A~DWs zevkhAlfb(MVe|?ks$M$75M|mY?5&6e2RLHzv1@GRhCOE}5Q4{n??+9l>I9v*w`O85D@zh*7rgJq%ksj+#n#`DKv9g&l#gd;k5@} z?M3X;4=|>NJH|+CWB79t4G1w6&@S*NrbpsF0fUqN!ONHQ=K=MLVa!E@AhH$=5r~Xi zB+NjcsQ{kO#dcrjd>Sy1-8Q(ZT|KRjQH^QBP5uu~MQ;&y3 z#~a~W^bC5w;S z1jfP+CX<6;1alTR@ETAUz;vD+6RhmMrjyCg9l`K8L#@A2RbK)9rs{k=11rtQ6ZW$o zbiF>s$pQorDf-qc1k|iaUFpb!6|2MKjhs*WY;Bg`&B#2GC*cXd?3FK{ zYJWmB^(jN8^7;?4SA9 zZg2x44sbUyIPxmvk0G)z1sZ-g>(*#g!fKt>>$b395R8nIIbE(TUfCD84RN8rfHQfq zdd}+Zp4D>&H>$Doc)4rSuM&%DRxwgWf6g9?Xfiw`p-If2`3~8La!1e25X$AQb?U#n zyX}s9wlkgSn4Hl?A@pp}>X!#jmKvUWv#Jg+Z8P9;4-H%6j%78J(MtuBFgcAt)jk;Ot9rUin=2P6}6Hw%Y+?^_is>DRBHa!Q}yNKB_O>4sV~5Lc70~8jHSEc&=w>y~sV>SQx zUrNz`7?sIPl%JOw_CKBfR`Y-VrPBN#;+ut^|2OyGWjy}(D*nrIN=)4e$6Eb!v$@;c zto7Zn7kCqH)_uT!afc&DON7j?;lR%HN?~H9)CNAD*fEtwxZi4BdC_3nZT9?8>&Oe- zUi9CuoN>F;g2s*HGOK-bZ*TmdPpad=#DRas0R;Zi)$!yg8esMWb%72iGx$B+$MAlU z=Y-8G*A4&jPdDPnI?{l1g@UMn?`!h9J&e%gy%7#vcW|p=4K6VtGn~SI{|lTU{cr+% z#>Ed(zy=gp@SmN_8vmX0UFv$Jkv1}T-U`Mp>fQJbOs`gE0I%f~cADETgL(5`Y5zA- zH|tU2@hWSqX#elDcjEhhXBGc%IpqmEgsZV;;`X@rKk{dIJ#J}0nDk~kVV7vHSNowE-b~=%uJaN8jYjbI|3THiJAvl|eLFci zh7N_FN3H4gU8lwC!K25h3#zpL-yRDdI1T}U@W$+KiaE0G zE&K2b-WZ_K+z?#{*}*jO(P0eOp2ke`Q@l~=`@OIgIpN2!6->tswA1l=M2T7h1*|dg z`wd3|Ypo+mq(2!tVPSRw=-xq;rV}6>x4_Ste=`;sGc;U-cbD+lK!YtGxq`B3wMk`HcD{ za!*cC+z*80Cw4KqZHNaK`?cD|#YN8_hj?T3lnjg%phko0>*`E=Wr`dGPyh)UTW&ju zE`me+rFTUWpu7S zy5|SDgH4JcOmp$FW8#C5-DD@1=6e`g)C<#=7~|6Z<=wl}GlGVWiO)iIc))&wSFndh zu)XoSWdqn;wo4-S61;$Y6FA%#G8CU+JbHx|7~usB&q2TM;Yh)V-EJ5Q4CWfvCViCy z9}qGBQq3n_o-uz)53xzt|3uEE@HZ@b=ax1xQk=;5;rCeW1P%vcb=6`u zY5N9~AJwx-zT7)vaz6ZWdcba+;m2qY_|vPw0*QOW0NZ*ZAH(`<_~XV1mWl^dSYCWJ zU=cPrs`3$z2~vY3Z=~%_q!zvbh%pGMmvDN-`&&uNk=-qnQ#}zPc>^X)BR%oL^?f8G zPh#x0R-?;#PFi4n`gFR7^#@D8=irpZ<^?9Q>++B4GoWA>Ed<`;wVIM!*hyM1noODi z0Lzvekd78&-HT@zxJ9C13fl#DqNI)l+xwk27h8ttgSBZmuc)c?ocyu0U<^Dr{C`t7 zxZP*ZKA)c>=Quxq@qhLI4Pn;KIo{`F)Ah72Y&9~z1kKCx7j{2e= zopkVax-Lzz9sDu6J?A)y?&{L%1BXoD7EVWN0Q`*b{qe`o@HeF;cts!sc=Tl*M*%C* zRryc1KmNGR*&EL8v6M7Q&u>CD$(UhTFMEy;`E0)IOhv&Xs!(EXyDF!}G|8&q!MbAGSun zt*0#p-WlGlFQOliHTo}}wVoCAm)I|i9Fx)1$4YBUvgo+yn$L_eBfO1Q+O{gIzN}!p zhe^+>4zJ>~K_9%Ye~WF2t2J-t^kDM3=OU*#jA(S;y@gd;cK4=E*i7Iz#9Vzh({$sF z`~J;7+Zu5i_`?sc-@H5C|KSIA=0>zz9d?bDXe5EgcdjH=p)U?_;`|sRXdqR|1Ivau z*~-&Xh-b#j>A1%a3|@qhO77uo-DC%-AMFi<?0C68r8WKN| zcT$}EWGMWU1E74>5)qM!LK+8X(G8vwQqR(&nQkFZ%C0&n2e6p0F?x$QyBnu|)KK_i zQcyTy==VGzS>`E{4q^PTJ){Q4VV{57p?PBF{a*UWi0E4>cauIntK&63HjdKbjF2XP zD-7Vd7bw~DnwvV-YIp2Z!eQymUnOD1bAWE?L(f63@AeH<_14z01)ckBc!FvH_@ejJ5fz161!`KJ*c$Q$Vg z@`f|&?`~h1xJJ%Z`X@?U(baY_1^VO{z3CmsYik^}n{KS7#E~>9A}rM0IG$X-_M=lE z`9OCHFpc3Tf==3vEF6WW+uS%-U6(`u>ZN<_4l`Qav6uc88)A+5P%|K2Y-e0U{#X-M|$#-9%Rj5lWRTd+B;>&wG&cYAxQB$|Yy;K6TQ?C)d@TM8(> z1^{y{p5Za+X5ayL#^`5mgEVc#ez}$qnVn7_D8&lW=NoK>aBPoCVkmG#IqXbiA53W} z=%mQSjWQ4($$-6jS7T)3W&1KAR$hynS=g{(f5{?M3B%T~c*-v_-J5*1#glbA1{P0@Rg>yn{=uw2ria1u?*DsNL5SsddRvH%5_vs z6!tpnIBG3P5~6(f7HeLRIRh+5Sbeii`V4zUP+l{%oe3b1Uzg=93&Syu$q+>0{?8^P z>-ypbyCPyXj^#yM8%GRJoQmT+c!8@?jvC(6a%w&^jv_+D$!RgBCXRMG2;DY|&zxC_ zMJnQ0l|IIB9LJHlt7{ zR>sSQI1`S>q{W-7aaXf`Hjx~(l>|Me@IlY0_wHpNPqR~Lg2&?f0 zY12P!s6T&0!?G(fO+utEOsl<%CI&@^@psU;aif}j-~XU-0Cg)BW-r?Ku)yx`U`SFJ znxdoKlEeOS@am;WjObfEaX-QD29*7i)Ag^d+Xi8kq6qEH00G6WXz1c$o=+&u-HGe`j~Ay|VvbMtP#H zB@GIgeoxhG*5p0jKKuNo##4ZCOB#7|w$CbGd|^Oj=SsO7GBz;+#+uhYwVI^=`)s>b zOV#@Cv-Sw;sY{D}hL;JonyG&0$S0JvWC&J!LW)m3i1vDJX!J;&Z6AgGLFkX055(2jHqwDl|UYaw-k!}VEE{Ln(!U0{Ypmii2OVIX$|FusC zf?CZ!-eiGw)G1LOx(XrlJTF=;V;;~Y5N__vGXpL57$vz4XrTamM22H z3tJvhBr{R20JKa-AKJhttVS0&^xEJG7QI}wqW>jXEAq~kXRXNlOU#pH1}7hxW^nph z!VFHoGR)vI>MJui{hrL=(yOBxTx>QHW^e{=$(gyuSu3Va*ut$9zsYGbtQ93k-H$~= z<=lt!ca$&~C5}^3bx%%fwTQWm>|T0OH?ew@!SFrP?(=NhXVvGN7SmBDCQ+nYL1o>nC6bJYB#y8BF(v?15~t4Wi1O-UPRBFq zf26QuIh%RTb!pw~TzyJHh9k%G*u+;b!t zBlhkUPb!f0$rN{2#*pG`fn+_TYwp=cZ}RTt87w02lBWPlNAJrQB8Tu^ga$^chrcW& zPKDa$l{fZA(-BcZ-M@UxAInc@JpM4f_f}@4|F$!!Cb3r3^Fqk8I+jqqjjC>OD9h9A$Eko)~N!eEapn4D3t&AV)37W{BJ+@_^+9a^?p8M z))LqM7_@&rBA=Gj@jIpU`#c--zP)P}nYS^$gVHG&%Y05UNw*r=D*CAv>v>qEjIckL zI0l1mV=Qem?O@$VhdlZ%&7mt=v`;c=u=dtj{^F?x!Z~7f7#pI-FoEo|B;lc zs%)SPY~X~f>$+nRX3Xt3YbRsouuJ!bjlA&`V}79tgf{h%1{UNpExn=*dtVj&ON1X= z!@#xnO`+}V%qgx63VG#5tkDRZ8~-SyAKRVBF8@7}BIG|mh%IWBMA&*NLLIEkLbA<5Qt8LHY!s6I!4KRdWF=;b zG9&$$e0UM}f17)8{V$OJtrh)WN~v`ISJKz&{%`Jsf8n)X%KaW%Fw-CCCt>`B!HCI> z+_?IaH-730F#YQ9p6tIG!Y7bOLDBx-*-7gER_DLvl-T`GY6zdic8?p1Nd?e%yRS1Z zM;^Rh>pu8@{5qge|GyWv|JeZou-gC2C|`sBuk`(TQ7IR+x3BJPEK zc2}EK$4W@?<6)|so@_6w=7z%1j{nUc>Kp3UzrCoRzB#IIC@KsO>Kky*#Q%y6YfQlX z*+UOo=?cw9tXz_!`^!3HCUi4`a~Pky*8E}J4oC4+)pyM7Z^=*{6x|{}UPodizkJxi zfEKEY^!!fCnkw-S)=u~u9f>X2>7(*!=5#fe=3G9?IV?SURVOYhuUcZR>)@4<{>XTW#+J{k(qO#zT&u8v}VD>^S}2)55)Fg&XDCY)j3Ax-Z)?O=$NOpRJlb< zI7vTJtA_1B8i$+Phi#Oh!-l<;@>F`qs#$*51$HTV5(~Oh%~W^0d0%=D^8cds|2p%a zJ__ca|Js|K&Aqt(Z+mtATTZd#Xr$}f$P zn|}+FY1y9h!=k`7Vw{3BC0k?x0_lDEH%ho19iX-;4`A+oJ{0Y7rLxZt; zzVfZUPG1%doX*ZJKrb32Gve1m21;%c`a7Zbom*cldo)c6p??*@ zYU#sC`Gv7k_)BAzPJ^L2Ja#HQKF7wu#Io4MW;yxx^Jl=^S}3s`bMdc|bReKe*bPsF z!ZuM%jg=jTb8XGJ2(_IULLxRVC_JGQ3k`Lrs;lCh$fjz0oyNnSq%SY!Od>*@@G|tS z-LV^nr-9$Kv=&(HuWn>(CPZAwf$I#T!SD7fD}IVDAy8%P_Lq0>PS1=t81~$AhDYwu zxjo}&s(rS#X)rUV?>$J&;^!3=P26I|i8H6o0uqfiFKBP(a!q6ciSUN9IB55ekxXH0 zU%AKVB}A-9M@yBZ=S-ZgH-t~Mkz}kN_#nc3r~|C}Z^j!L7864#V!Th`Bg?Fvoe^o# zdZ{BWw$-a^Gd5_}P$!~@+5;6I++_74zMG_R@d%=Fizc=e-?J&h6&nK^B#_MnB=cEG zo?wDZqvwe}_;5Ee>SUmv6yVGx0I8CWz}u{tKKd#VLLL~E^*j|sN&*6l=EvUZhGu-% zyzY&9=@`UjE0Ho=*Hlu6cw_e)IO8j~3>aIa$|W0#2O=Kvemd@ElwxK=$=PHn`)k)~ zYW3ep-#97~eq66^pAGFR)jO3AbWIBUWlo^$No>r`2Lfnxd*lToHg(Du88*AJ{YAOU4GK2@AIj|ixc}$w~7xAWNV|Gvxpzq0PP_rI}0W;N-zZ28eVVT`j8+k|j-#jGXxLiDyW-(Qt7Wl{cL zbLD^OB<%n9wpa0=mr`=AnZB&zd}PM?_Jg&$dE9O$E%t-&w2kvkJ)6k42#i_sx z=znK-Ycn4IZEt6#|65A={JHf5yY^sjVX9^{vA}E|FGe^lurT)74=s}1T0hi|KTS|g z7{#(c({gFnM7;)HZFu7%n%>Zrxi-K2>ZZ~!XS4&2lM!09%1&kY1a+L zE(W)w&j%PoOeh$*JfXDAmFR_Rt$RyDbM*QQ>*AFU@`v?i?c`FjA`V1YMTC45MN;gD z-FU+x#?6Dy0Z+`hjK~XY%Z{|>DJf>l@}(MJStqkXsTn|GE`L0wui1Z5ev%D5)xdBl zHqTbLT2Ct@NH%tttp3Na@yD^neP5mukmE|8_U`R{1}dQdapNmLBBe zD+c#S+%2xugx`6Yk^Xc0pNxDD@ltsIyP1gpy}Q|2(f?(XYzwiRpl>+$-!Ea0>FRh| z%#Z4Hhzt>iQ3V4Lt__)*H#dmjJW6Lz?!U!-8M5lbt3?vY*)D$bOhA&Cz?J2{?ao$b z?~(8SRsOG){FiA4^3?>uI3_Fk?>jHq^50e9TsmW?#dSsHB)#-fDF4Od|8}<8J1hBb zDJ3T10aaE%_nPhIPOa~Ty}+ArudH_imkr6&?TSUdKV+AF02|j0Zt)2zG`$cN?7veD zZ{&(FC-hEUB-RGL^6cAh$%WPg>8a-Rup9X%aBiAcUNo3?rvL^|&=^;u=a1Cll>Z$$ zNEus`X?N)LTHffYHT19i^9YtV(3b$3oo{b$erisDBcZ6KKJtIt&F9U{#%68gc-sFL z2oU@p?z7*W@gVfv!C$WMH+HQkqI{(*2g7Oaqv!sm=Y>7rsvAW7m99H-e2^qzX!;{( z{FlJ(51hzqf)y@<8vh|av!)CL8+!C;e9{J`rtWEXn!C;IbXr=x|Ce&Eiy z#)|g;&Q|>Vx3#tN*zJEGNqNFfod{#zgs7Y6)68xL?wEC_-jFsr@aK;p6v4iI0tCPd zSvZ}LdoK%NX$;xb(C_jH7f^cxr7VzMu3hqRHJ$?n003jmO^TNeYm>me^gg+L9+BYR z)|(7{_?SPYmWUFYxB(l&mTcCVM`!0}us&S?ap;d=wX(k-p0U0cgf%1)E&7+EUu$-M z4_frEd@#6b;Xm?ccs*`uKp=O0oKEQOGpzm43~wgzZ`b(<|Dt=<5B~>M|Lz2yKMmQ* z(J^#*4g0$fa6kq^>8aNA`mWRB_2E(N&9ASI-<~}R;iY*0zdb%UdUf0!^=IxQfB*08 zb~a=7|DDdx=3}@2eI(@x`zxPk_6v}CM#5gL_5(W^!v_zCA>HELxLwwF!a>(}0wM|A zmzsSLZGT%sZe*}>Ke%eG*J@9IV7&a#qqnu%#l;1%?+{Ne$WG8+2*I;B%Yu5;Omr_3 z#0j+C`KqD5B_;BKKdp=Pi_vXEJh<4;?!VEX+PZQkM(@X77EV+7s)f0i#Vx1-Qpdzf z!9+CC)p?I7X^CWb@L?nW8f7T)-G(IsRG9$9L}zg)4E>(xM3SQF5keTeo6sDnCjYJp zd}*JHZ%lcpiUS(*1P5sL4bbs_f~Y4XidyYJJm4M3TWt7+p1^BE@1qOSWV6%UVvQf! zb*H)6++4>HXQbysESv~Y0bb*wY*_Qg_$9y@Q1jS@!|6xL2FT%!U6&Aq!2sEkIX&`e zCiG!}`D`1(v$X^G%&lg-(`>Kf_yJ&vSK$6@>cP>MukjyWuntz+)DU(MLap`>f64~V zHUI2BoIo2O-}dO|El6IBCTvOrrf0|DgUWRqmQf6c#Xq9YN1Mk?o^k`qTI~+FZvYDr zxE(7hckD=u;)S(&eSR5TwcOS28s$rsy0g?bTEci;$S_+M#ozyWI)aUYQ$ksC3hQ6A z3xQ^h7rU7F{Ua|7rZhc2P5W1F)Es%^gKH4?QJ=0r!<_rDA5~pUnTgho%#l?Sc#XZ` zESP2E<$QWSc4C+%@p3*9Uej?ZW^>}DiQ*aB6T4Tp8KCZrNOUX|b@QOJi_ff%TKW1u ztH1S$V!xmCpxn+()^7} zh3}wvD2^=DfZ_<#Cuy3@s131`Foe?wdGVQu&9j5z@xw9!-LVs_%8XEB`Ow)#ObRNC zqk&iCTotvFcwvmQwTo9EiKERUuxDb&7wai_?ZKO^ve=~J6%Go&M&bok*_uzp&>1GM zvG8i|^}7Ad=iNW;w0AE1&hzJg>N$Vf`IGyn{$9s*cQ3cLI(xn6m+j}<+s@Y3)^7i@ z|EHZ!du#i0>$%&xbT3R4bp*FeOeKm~6&4jmd&~c%i<8UOesl^X0k%!i2$(HxyhKcw zEC3c>p@{#IkJsm1nw*c9bU8w5p9|&A6q=<`BDTuLOWd}coK{26!V3vqdAuk9+zm;^ z5=9VV-A}MRT`P!?W!l*}MyD9sXLAQ6}ro$>k-c2(r;d2|AhPfoK(4c6CK zL})gKi15p(e}P=4DpGO0P=3t8Dr0@gR_S=nL;59NMqJT!Sa5Hj(isA9)NsByz*ulzf9(C>R(qEIMu zWjbD^gYmxyB0) z5jYVtT5mR>J9bP}LZJK9qzF2@AjiV$s9AWGpsNxeldi5^lNAm51W9X&{<^?x9{MHm zdT4Z2;)UnDTqwqP0a=)!l9H~6a`0-+gqDpLt=l{}DR^NUGFQpK>qDKCdky!K12c>? zvgZuzi`WcEL@+957RDM`s!AhByLAF5JG7XAKiz8=j(7MCA~uZBH8vR>elMp(ezzxI zp;q;SNVXx=s$6+|@aq{nc=?m+@K9N=b6r2)JZqE31~8*g+|;8zm~#_0oME>izRa+F zZ(U7+#I?kWmfk$AC!+uL=Awv8l)F=`@qG94%pR_c`g7r>tnQ0Iz$QL@-+JYa@T9I% zgrE}Jh2`8LZ^O{4Ki4KUqn+kLfkOdQm81pv6|e{)ijXoUQGYJHjQFMbKskl_n7xbut2Ac?c+E3jL=;Y-yF(>Cqyxis??r}?A@4f`;}=RF!gEo072(AD zIZMbtd8jQEFA)<}E-*XiMF_kInI!C1)IK6?d{w<9@Cv=(^YA)@*A`xC z%z8t|8zt&rv^W3i&45^P9>s<4A$Ai7$mh|#7C!y^A;}vYLdrbObyH=I7pxQK%1u|f zr_5u~cr6MqeyDwg*NI7ZckI+ySK|CT%D#F;8i7|VzXo39zJWHS2}TmHyaS7YSHvk9 zO?ReBXimCn;sxvvtwGbteimN3QM~@e2UfQ|ZD50dDvwnoFQey`qsQ0eJ@#|pCq#%iUa1&e2B?0}L&?`clbyNTl3RWYl#! zsloq`fSmSS*abttNDh_!Zv13^BbxW&T26QDYa(pO)<)vuo13={ZyEQ$qmu>QxM5@E zK(#J6CCXz$-w1OF?ctc@s)Ld-_f2-lPb^9$$pl4_pYhfm_uZiAL+~zX9Fm1zsg;Gs zaU}1Pjhy(}Qfo~g&p1vz9Zps&OQ$Xmh}=}k`;={u6I+XFC zb5P5}OQkc3VK~Qemfwwt+$4D;mWP+jZL$!wgg7{yUU@~TC63oAuPXK#UW(zG9{R8Y zNn0vSsAc`R<`EfODMjI(vL@Af5u-6%llyTH_|vNaizdVM*=W5`6QZAbt^y|;FV#4; z{#@)w8K$2G{J1Bcs= zmoqV13|=ow4H?I)a}5J+t?(PyXNgDiaooHyA57be*6# zAT5O}ftJb9lA^RVkEn>A zVJ5Til6_Ec8wK}{@kzE~&?@qpK#OVEXv4BYV8h~X1P z8;rsuU`=#0wGknuCSv^lWEM%k5HIVd`;N)=o9EPEKnH}p;Uf1Vh#f4_{WA#_A9DVem!`1_zPEi3Ti^J(EI3z%->0M{|48+oV`3gK25`r1jAik1y_+g+te!5V_pl#Dfny%+aZZpkCM?7GfHUVaU^1q>U0W4AQmY{TdoJ zKno1rhd#$VoF6Vy><)F#80L%h$e+IIB|z4IlTe!g0~;Ejt3x`B0mJNYe5{i6MS44% zbVh9bb5*+#*(@9_T4Uh&vm!Q9)Fpf+PVkoVJ2V;W#WwibbUeg+^|bzkp$iAkrEm;a z;zsLD9=U{UPGxX?VZcL+05hAnVj7#QuS)5K$y2tnz{d{#=f@xuIQ_EgD(j=TIHBUPUC60Axunzulrdo=xi8bC5V7tW zwC(^slvYTCpzbi5>_>b9>hlc56(odL)5t{5IdWQZ6AznCy{AL2T zBH??>4qm>bpBzPi?1&T!Jgef2Bc}AL=^|TMiA}3%%ZqHe5}U>=l`<3&28~ZC${?#3 zjb0{_sq3xUa?>b(Qwz=-GNm`q(mkv}-s{~>iFT7;C@q>OIZZqK}0du_MuL9h-n!7*p#$_h5>O2zQnI_V} ztHeZRj~BO_lH*l0ou;>=Oc|4XdvO{E~(j z7i-f#<2lyd%gS$wP#et&4AwTU&%N*IvyUZL7 ze(>N4f}rJvI2oV<;o>3_-*<4bP2!x3FYzeg;L#EgCr-khnRKA={OM9_03{DZ_w7#y zhdJusIoAN;rPyDtXDP=kqzuc19sVJL*Q;ZdP}<3Joe_eYn(*I7ymRj1W2zk~HXL4@ z8)_hp>Li>T7dydr5 zB09N%wGpskSzcL>rSU>q^)p7j0|xjp-`@S#fy>>PBn2Zv*PsxyZa+>%<|G|9UUYGm z4ocK*T*}H9iR;p4tbW&t!WRBh8o3mdaxX|TP=Yqi^!jN0+MFRWO4eAV-$!O5W?V@& z?fNs`M5d#b6ICn)wcKc8^V(hcH)Av%JTfo+(k!~O%%u4a)ke0YHIz^rrt(tn*nFI` z@JheO#dvUXzX4k;>U#0xb&_trfH4mOydvm*v>Z+{p#y1z22>Gq+ytemST0_P-I<10 zp5ekBhBw>WoMBJq;*~I8NW&}7aA8iPg)F=hE+}buF zl7`nfu2M7b(rH~tBNju^3uX9a?&GkS)2PIY;x}D8sY=OT{2Le`ygwXA!&|&FmBS%8^y%&nI1rD{f>@UJ8o1+utB-jE8YTjs zaOFC#vs#Vr(xm{u+uY)M|E_;c;l(kTPtCBm#za)y(SqmZ>id`tWuNJ!08JU~hNmcD zaJuxPb0F9Itp3L}binm{{%{>#vHrNmo3E=B0(ELZ9h@V5IuEDabHsC>uFq=%f9zXO zJMn^1ARCb|tikH(_#k)=t*(0%VcYc}fy9#V+^MO-Xe3`^uMLrmMfi#k9&~MdO8vD! zIBN~PuF92Q))Owq`{LFhOs!=3-|wrR4N?x)ERDn(M00PO})S?Hi# z2eu&ZXJ3!1?gj@_=ur41+gAP#Ty7JkpXmGAeS=@nONyYC93Y}D#i^k1 zcS|1%WGW~F$=FxRo%7Sd+41hSwQ~$doSwA56E2Lfl9V?ZU2FDz*cq@Q;aj6=FlPUC z_U5&i2q5;jWegpnC#&IX{{%uIbnK2Xi%g$S`I_5=gZf`l&WzS;2b6PRqH+Ta9ON19 z*!J;6X&EL7{J}Px@{i(VcbTECW7%A>4%0TpShM}@s;`~#Bf@;C7Mz8MzdZY>s ziGg{j72hhF1Ve2#htKs#(v;iAMW2&msiJ>4HWKa1Hnd%+P^TVsPMT=6;IA_Q1qVb2e&;&u!E z>FBLfldFU;B&eP@WY{sFg_!b7?NDhfZW}q*_(F4y{gG=? z%`Y@IaQnvNG~qjbp40BuGV#mA?+dFjU7f5PMJAS>bhS;`0$8RPVvr-WA3&LvOn}EO zm)2?ycTPcu+9!Q1p^10@76yg(Xr+dOG|Yw&og$<0an!n_2to*ckpMI|$clVI_7C$_CBQRBi~HNg@u%sf^X0JSEQDp{s+v022P$VNKSJ-`MyGd|py4Cd>Y07MJ8 zCV+Dmk~+HZAKb}imy(}}UeQMv?f7X)GfE95Ej2iAleQ2P@k8T5Nwn}wK`wyp8(?ZH zwJKEb7nq(A3?ZskaSE-?EK!mcXgp7GpX>1+)_c*6pH%Mn?g9d!(C7iC-SKVQMA=FVZJA zm<~K$?ta;fjy()q^K*OC#KVAi}Wbo4xi<<5vKiC8~M^`*Y*A3k3y~05Uceh5Fjejg9G@T(xa}d=w`gt`*d85mU0y0El-o9lZr7hTf^{=4JdznD4OBxL;W@Z zZR7+W1&^k6Vs4pN&L^Jqm6qj|XzGPWrn-n=0So#OXp}qb3xXq!oPd16qK^34k(540 z>>*g+_=pIlp=OdqQ53ne6uGOno9()O9}PpAAE}tMAEUbU@Zb<|uqqgHL0I`+Jf2Cy zWq*S^?gh6K5}A2px{G%ID}gF>DZ8qJ3|O~bzyW$3<-YuzduzYD)&xE_YYumG3q=@S zx9>$3#Wh^qB+^(17mUhS%;n%xDNxA!!yz z0fP@-oXM0m=Jn&tUgWLS5Z+lCW3ybTdxQkEUbcLHVJToQL!*xm$*^ges` z-~avJ&!p_dI%+3FC1*~#T0(w7f7TwR6*1P>7*+Wo+F;E$u+$W90S;B(C0RR=?z62RH$!oEhP+vabGBb z{kXotjV~>Yu*~(#m9KPAYU+)Ub5&_vPx1M*V^Yej6g>=S4IFrU<&8ga9!!5WWd*xg z;3Bnm8$2`GK5IQ~7q$U9)d<`x_Y-u3$kl7=hEx%U|8K4N!+QLJ_2ctUU99%q>ssC& zvAzIKNa~nzO?CwHPvn?qB;h8gfsR5Iz43Q{N$#D8SR>5J~BLlw6Lt5t@Jb7OJ|>b z_^pPLU;`D(lww;yW7>D3X zaf3`GxR~9Np)%dZq~C3!p5sV$^%Hfq&pv-a#NkMEAhq6zETJXoJbaGU05P zN$s(k$V1PCRU!Q9EcE=Tk9sncR%^APckRy6o{<{EbB0Im(78S1;f40uF20GlwW@l! zg%2-b=wa^O4Pd2Wz#Eu?O_~Fda>q$#7T929BUDGd=Er)o{K}CU03h>15n(JId8yt| z{e&$54U5Feg8)YfagNg!;aovh`Zz|~0BfHKo+3Gjyv)L(aIW^*UbEfY!PCUR0jOlX zsayf}nQ79G=N9z)D}^zvzTrwE4;pr*TCDA8&hNV z`Td4cU$yX48iY|pXp!(JhU%Bw7QrWCWMop`7u2c2Mz?Qy&A+*~{3Q;2t!6nirJX$a zB(S<1cl0xB;6HUa?aOgAC4fL2UA7J(3E=p;f z+SF*cz1NWsh>FW6m*&q}EiJme!2`G&qUVC((oot!F|ww?E+(^;f=w6>TcV1#)ddJ# zlL0f{3nF-{-C{(c{ZLv5-{pDU2JL*OTHH}!H2ts&3<1WTD`sMV1+9Pkv;4m%Az zpC&~n(^454Fe$Se!B(Hds{n(`@Y~7S?AoQO(c@QnVzZ-1Q_0<)?2<3{YvN=USBKyD zkr>|B2vLlmV#O@BDsp!QUWfn9UmIb2_tm`tHcAfy4FH^!9(ej^%k^7^JrJR7qf=PJ3_g0D;nsi>$$w zCe4d%u98jwQ4QYUd0Yid&N0Lf&7&1IHOVXK2A8X{PEF>CtK59N-G1I??|c~pN2~Vm zHrvkI7}LD*g)-E$%e&@tD=@4{RE1B+J}3Nm7X|wj4F%7v_w4ZP5!sXp#({E=ljdZ_ z;V8vC&xeZ|N6aYWhb_a_+G=9bbSXj$kwZB8a5|t^mFb$n*qY$X%C63iHbnY2ZYOTu zlSTe|e59oB6p(XtI{X@A8SO(^(J)F+i7k!x9ft~sszxIHFMvS zTk4NHoTTc3<;*={f9Hm~y;$0v)TN5`b2Y`J=}oN|4a0`hBiW3rdE*P8FQK@WHzj>F zU%1CJWR;da3{xY!G|DNS%#EVI7_AOq-AS6!lt(*Cd2P&zK>G(V`fxz~2x#cZ5CFuM z4u>FMaqE_N4Zf;S8?KS4(N(xU6*j~jBZp=UO#>=QkZJ&V2N|PSvl$fBf@gTrdH%}7M>4W$nd(TV^RqFRIUg9L9J4?-LP`UTr_0)tnwb|`aXFo7 zdDcGFNzhtJEu`iVOjN(2^F9+>G15SDf`hV+%&WXm6gUtP=<(ZIPh_TNLdzLPUPC@X z#N^+6Y*Ml>D|AI(5FiI<;{0NmE{tOgE!3N8%`}{hYS^&)!i?qQSG9vK{ z&hO;o9$A|-y#9;W6TaWnQ{JlK2Ujot{O0Xn&oRFGkMgBEf@5-n`xCzSK>_mpkDeO` zg!A2iAwt^uLP#$ldgA}>qdXz&O($@~a-C5Fq*Ph2-Pxm>ZMwUvNk%1iqCIGh8@DT- zGd+=7aG@zr%NR|fj2AavF>RU9-o!{PP2rN22uf@$HEA_1v?m%(o+PV*Vxkx&jxYaP zew0P|_}{Si8q~Q7jRHzFfW$U9T;5z}Ii6N{UtUhvq_HEV_LZE{O3sS{k@q|5$~OP%5ws*T*O_b8m1<75 zT8@%Dde*u8VS9w4q+w*q)RL-918b*#H5U=j4XZ=;@TNpsh@5a&DAWB-h0pNTjBvyXNCFmBi@$8|pq0$+pA0&rf7yD|66tPr~D=~O-R^d&oj+2Gz zBO9q?+E6?TaX!uKzb(BcK^B}$Ny8)9zEbhnf&hsPQWOv}gy!zzfz99Pp%w_rH9|T0 zK%4uZO`Bn|NwOI(4!$i@!ac5qE*eb1;#jYd(vYiY=ubTL;(wLJD6Ff%A73fU(%O?m zx^Mwj#t+~@5^?;R96X87R+vgLry@qA=(-`6oe`l?zA<`#QV`L~2ws&I+=>J$*F~E$ zGU`SAFRn@9Nnv`l#g?)ew8V_AGydK2fMHJibmZ#}{VNdV$sbR&Xn=&{qj(WE2ykm% zU`^&RurKSd>zd)99< zvT`%kTGMY13A$a2ujR(t74WOYGU=+pESa9RCMj4*lD=pmGMy4Hmgcat+-)S%=_WML zLIfnE;0(R9KtO8E4f#>t^`roasl#I$cQIilQ{|?QkyS-}sujv3{;5<$inGa29gU-w z^)mGnVzE1f(9I)ukjfdU7Rgv5eJncX-{6T(hd&}GS2TBSk}%6F8tC>h7gcWn!cZ3$ zF4s9soUuC;?{%CI;0)po_MMvl3vayiDeO=;+?7?L=t zc=i`F*brYQ3G3yoMV?6KJMUswQ3p_pdBQGu94|?D6A^$6Yso)L9B8zD zR3o}K%c%n`1Ksa z%*c!Al*mH7Zt3_xPgr^cAP&Zi>cgMdaeer+%*a0YIwiKx6Ps*@G3$IIln*K#O-y6J z8eNK1QypfbySr_|Wk#eNg8{tNIj?;b8Sn^YWEQiQL6eSJY0H4e30IBe8n{-o562{pehEiXIN^u#JskG6nG<75lFJPdXY!gH%MQ9XbcVN)*Atk*S-SV}9KQct zr14RLDImhDp#L|;o(ugUzEJseq)nT(S>zy$T^dhGfe-9^25|-wnm>LfvAt)+%=tRH z3JfdW>6)%1JoXthqu{R7?$GN2gXv*=j4*_B9BC>pUhbp5!ByvY=#qDRA}Ae-4I#fX z)*dPNyR>&4e4)6h$0Is^n7oqk#@cf237z&t1hRe6VO+t?Sv3yDIbI~4qxF*cD(v|a zoGNlHC)79aV6jhL&%7~oa&AwIHX?wj^~NoqFvfrU!24Z-rekQimL&e3Qv=!S#LH~T zRd2ix*BOCS819>2>h{lhLet-s>l4>h(q#_{k@f?11@VL@d|%KCQ=~&XgTdNDBTKSw ziOBeY`xd_5HCNP(PU^zMI2Yt8Uja1yXZ=RNLtm%Z}*!faZ^!Y{CL11IjHnWeLS zf*BVO8lfYCXwj_~21{2ne_<=1bdUmSA=EeG(oQZV)r0&=fm@_ayC1seu*0wL!(Qmy z7I2udK7qSL>!FIQH#RJ&==V3UMV1>YnyXhQroxU*U zgrObySPb%VnrB&!hkfJY zC8M{6jzzSHFy&CUkw~s-oa994h5h1NNSOw{VWffASCN~|cC)?H zj@?8SnN}yPgKYDlxWSLU+}qsb210QQA>Lvq(O_p&+#p(cjAu<*oP?yf9p6ek=lajE z2DsUr+V^(+-xN~Ln9eV6*p)vK%S}a#h_B07&_N6@Bepmf%(3-;GPIrmez}PB!`Zop zsTZkbi6s`UY3X;4RKXSU0`r4R9M^p|hGi;{xt|oj0{B8wU`j;iNrcJws+|qg8U}R; zw@5Hw8biEnk%uA`xWm*w>GNFQJm#2j!nDRn2TGgL))CdkH4GmNxh)hZU`ZZb7#K`V zUk;0ERLKnGqu06~?qnKpBd|*nrlByDP|1co_F3Ykp-hyuO>H9Qg~%58`sUp>{PFM> zuoyVk9*{`U(rRZC4IWs7f)nBK7uSnAFWcMI2vH<)ErnQ>pi2hp zDMOfy=zdkVVk}I|H?tS55GAusgOTpIcoNi=N!2Nk4Zp1kKq0L#-wj??1lx>NOMUR8BCE?2Hm^`;m=$@9F}r}iY-1-_o2a!@uf5Y=(f?(XIQ>seK8TC1(P&uo-^j(qy<6$J$Ov$50!j&VUV;?Y z1nbB|PfO5>#%n5Fu8qYcW@lQeMJBGoPtT|;*;a1-jD7^lDDLw+lK#Z^RMIl-$D2J4 zvQ9bdEmvUKB<3HS-B)UBYvl1}V(bUfD_>~>xw~)@a#K2W%jQX1oJ_x1?o$m1XW78? zc`iA9CY1a+WbB`Q_a#4**6{<(w4qP|HOrxN!{k@{n1$x0nG67f&E|+EYCDOKLGam~ zsU32b?De(ui{@fV9D>?d#`k?~3b!hGr3(K?p9m4)MI`PnCju1l|LxtaIRD?{4IXyeiyH6$fPGnfj>EPCQjEIdXXm? zlype}+Gg-^w3n$L~&# z#E-w7ynHGCgvWnX&*8^=^T+Ao!KwK5`uN@XPbaUB&d-kD{{7_e*m(T*;8)q?A7|%> zzr20(=AC%(>Tj>#NO%YDk51m5|N8di-LdZBXWoNwh?dHOXDUL~Gx({d6)Jx~QCXh9U@LR#h2LEbG1W@xef4c$XdC!k3OD zvfrveQ-%KD$EI%jks4>iV{gh;4nH`VR+A zXJ;3{>0XU4v?{rQE*p)iU8c9MghJR$xg4yFNa0Om8ZKhDqEVDZ%gDj6Y1>V%+g050 zb@Q)3gK&2E9t5m^oF5#$I(dD5dT@63>zlVn=jT74ygaVdWIcUwq+fW+Vc_+1KiD8I z2BnI5qURvf;1LumA%tzpA{F0Q2R7L&y}Kl>%iQJwJA*)di(=ctN)`Dp@Q3a!c>oIU ze>UU#pPkLEy_Nj8jFP5R5XPsCm?%f@q~j3}|A+~L;OuYfgD^(_qY>{GEt84y1bI43 zrM89)%6h3YD3Bmt!WJXFS|Xpf-Hn};VV%qB0VPw2^N$oYpp|EV%7_drV^IOUUEMSmJ4DfnlWIojEzp*E*UdIK( zl>^tqO8=7k@`@-awB|qgQ7eBfk8v+i7&U7bIPn| z^4v|^uz>y=hOS;B7?UJvgRo+(kGxdj|LAgc){H(y75gaQ|2sSFy%_)B-rZU8|D}|6 zll>JA2$b^BH2G5D|Io6F{L7R}8G54%%jA7Z$SyO+0Ev>WZHT!IL}V zRsM_mXQIbVI}G5LI#4to6#`HIvW*dv|C71BfnTe2c+OhsZzjS^36EnHod4Q$xF2MO z(E%djk7G{BN3YMgtA`nxpT<;#$m0W5;v<`7MynZKgOtW0i_p_tk0%k9A;b;)9q9h# zl6>pY6H_^}L_T}IxxprMhtJ(9TqFL15mACzYTyd5NRqcOeIv_A8Di%6*fgGqtRCXg zrT&c%R7gX*ZvaLZ^_)pv{CWm|WB7t|awQdW^5Q?-$un7_H4TGS2(MM@88ONK{_nC1 z21XQ>Wt>F)Ax9vzdc%-AZsO2nMiI#K4W&TDxKzkg|4pFA`i6XMoZ*dgi^&8);%L%W z|D2HzVngL^0BqjBeYqB{qeBCi)_`zdxrqsS*sSsg=^V`SudVlR=>xFIohKhfTL{pRTS z{PfM+cQ2l(-@)%I-DC_4_XkW z7>{R)#8|}2!e`>gm%79Uh?|`0rvj_}r)nhs|MtGUt&QZ^`~0m>(GesVACH8%dP$rU z)@FBk;tQ`~lat5siw9|dSxXx2jD*b^-p~GaRo^djlZ3FdnseesGkvMPRaaM6{YnnC zF)n(bk>asoe%420G6-+TIQ$4sTNlwM2r4!K;Z}gV8lg*$js@(a2r(uC#1rx_%7TFD zq9n^E5VjKh$+Wq)X6!20-6=ZtQ}#T(N=M%ZW)|0J;1=kc2t2+(eI4h9pdKR$iZ3`Zl&jsQ|UE3ssI z;$}mJOnd8@&!{bTeF-fEmMvG5Xj<(Sp(`U@5O8l!Rz+vAAUFQAQ)8<|SI%WTR8S{U z%tBd$4$p{mWV{{`g5J35(Pg!UH~^R2=0Vbxc|W{F+J*l-c>DV3^^f}s{Jo37t=v+- z_lH0H0T}^$w)G)y5=u*mOocerfTL}cC?9>J0^e zs$l=NXyQLNSQXb1z&3voVh<;Yk~w6-A2QORi-6T}$MV3AE^~;E;PnBD6su_v57_3M z{aIXtCzodo3lDxltQ4~LZWZkA&hT(ZPdlqju6R#Y(`b;4BZOLo_xvXw@K-s!2zj&$ zq?|GQnsj}Qw}~*!T+xU#9@vzV*xC5AkqYdotR#@?sg*3FoYPIVVoOS!etq5msQ77lO7&LA(<`3>uD#>m(^9&cLDLb;%rIr916;21Zx z=h)0u5iW`s!uV)e8JIVC&MG8LhH=@{bJd(5?cxc7i|}eZ=ubN{=nOlVod1k-qPb?h zXf@Z$rj(jdt#)o=nvU`bDsDmY{igWaXc`zJihT$X6j81E|48fczgv&~XaAS%mNKE+ zUq+X=z+!GGbGfB#jnx7|s4d->aKc6|x|`|Wlx+P+OLFX{iTZ$CxngZ0&QV>aWd z7O}|m=R0%i-8JmL?)aAd(30DHo;vcsP%_pv0V%Wp-RNxC_8&XjyG!|h5s!88Z(ke) zTwSpWS}Rni>_2m5bX}z-b7(<0Aya{3iYDguqM4bNSdfDvolLBvhWgTKUjt&b8bpqr>keF-#@eg zwCLg@Lue~afo*S2;l)Ncq7Cf&W0gwoPsl2R^!3aIr!2gKgIx3{>%UQ7#he+(qrK@ZZIL&-(RMEZo;NAWicRJ3=1Syhh>!Hieh#yDavdX zd)I&%bv_KYg|6sjJp7O5+466M?EBjq}pD1omceYj~uaru*)Nr6-?Klh&~` z7im=NIy(i*jzwvoyMd;Bq%jj^b8WwnCzZ^GQkKad=5n{f&8Fl_h3W zH`TdD6MMggW;ERsmj_V4q$m{#T)K^UO%q+)L}7Rcw)jveSl9<|;a|h1#we^MOR-w% zO^0@l&`?^Y9TW;J{dJcB@3~QLuS}{~%C2bhwI2DjAr3AaT$~OH3&qYJE$XRDmBW>^ z702VZ>PHP3(pBe5{w#iD7^^ys0~zZUkSV}EDzMPk?d&|+3z_O@uIo3i{M^Z(mmzl@ z7q{RZ*7BU2RC`V573Z#NZN0X^-Z#7AYbZ=1Cfhr@db_aF1|NHIN`g_9D3s(+er8VJf++13R;}Bj!ljFWzRT5Ho>FN}wHC!nX)0w`Q!Z01jelb$Thdt>50Ta$ z9u`ue+gyI(Px#eyE-|@H)teJ%+Z`6DWoYS!wC2EP`BP7$qEJH;@ynyF%;%{^BAmfw zODr%0^z&DNpgsIoR5f3z$t*ROF`3D7IjoPyd*G`x5M7&x8igD?j1xJGIUQdep8mvP zrZoQW^62E$O8D~N`@@$$K2kKhSf~cYfJ9+Gym|S8!)xiK3(!B0ivoayNeVdSpapI;ySpPvsA2m)++PpWi7UeP*5hOWHAVzq)cxP&5g#|NIy zC>bcX`_yim*7PStLk}`+KQbRunNf__&cw^r!S*{uYMu`Cpo_~b=s#%- z@=B6&#-L;8t7v?c^jw}(;|w7SthrYe7j_Q;S$=0bpRT2u^J%1@;N{*Y4cgd&qMz1rTnuK1M$0E3uN>qmpZ{d%ozZPF(%VEU%i|>T9m^wpHLcdPpm^ zh}PlJ7Rn!U)ctC~*gXng?W=zgLu`5ryhI}czLt}KWsH+S-$Q`>R>V|1dfn#&r)%D- zT|)yc)XldtMs%}TT@UPO&DX0#FTC>8E<#l7#H#Pdvqhx zHo?)Vx$e9MpA?RBZFa5(o(oqiGMu!3COG}AUr1T`+v*ypg;cqn-gJ`WUk6x!dJKIO zDbf?z>eff#GFhDdmSjmfK7g1PrM=afvX@%Ky1OcxS}HWNLrqn-mZ#Ly|7OUz?hx5Y z3TRdFi|0eBEKmKFN2Qsd%2E}9%IDXu>S9*>DdS`2cdj>OrJFGSQP<#`_a$|e5OnhV z*x@2xnyeV?Q*^anTxo9`P~5JPVTx- z{3_+8YRx$00d(fs5UXayC$j}^!>r67`Vbze(>u-!m^cp8%V=ynna~+JPP$2dpPW8F z&aZlu^p4AGMVzDjk~Q@bUx(#*`aho>zI8j>pUynP1E`+vrNe+JsU-I{x-h+W{CG-M zzyNJ>Ju32lG=Tr%p@Nd9aKPIDsZyJ=49OBcXp=Wj+u;N`C<{k0MYw|s-7d0xOIEFfOB%^i}_EZH7b*l$BfmQWq zgYn270PjqAb$UGCWmj0Ue?&2hXDwN)$R>O4({@_YbLL|CEG)MXq-*>iqE+7Q3XhAH z$E(#BN`J}Ax12pK!YUEv(lWi3qJ3pIyau|>{^u{%zRHHx8dJ5rM*W=f{Hik_5x&qX zb;&4Mo?p|Sd z&{MnMg4HMo5LrbaV@RO?&WY(zT4s200p|E9LW;kqEo+?gqg1)5Yd~f?lgql?>K45YH&=P3(5Ackfn+aEWRp$RzAwr|s-TIAyH@d4Jy$e5F zr$e0v-nE#mmdq|Yf94hfI#)!C&!RDF=?a`NuP9XwbA)~E7cp{a3k$X5RgGlww1!SS z^^}0+3c%@kK1cG@J*z4y*DJdfk8_I`>?XHCuyM&w!}Tbrw;yuP$kYC z|7~yA!GGJ?SmHk{;_>1?pRj@cW`g(`NDyp}7D1F*X{yI;78&OjyID6s&;%PJ1cMf& z0YY#C^YkVZHVN?eK9QMR;agxlQ3^t+>>AR+oQ77^S zRx3&sSjLhFx>-h@c>$JP9S~ppvyz8rxadG9lwo(^d74E;-)jNjb%wKpicoDxo$yt0N zoY1;%6(n8)EqNIj9eFd5$yJ|6Nrs6tl?YDXk9-o4mU`V`KGu9UBf@)mZc*fPEb@0R zJ$?I69r=&%0ky+Gm&kve?HwEcizeS$%72S^Jc=bf2DEW)Y{k( zds~~!_ zhy5KswdDWnZtc52c*^+y&ZZszb$fSjbIJb~@hp`8qXAML-#_+QD0~x#2$tSp|9ac? zt)SLk;JKm7t>hvehW+?Au#{z~)r-nihz*CuDFrJOC*YE|eJZ)Q|KL~yMe&q0D`EJ? zL;lG_0yoUccPFP!Gt0LRKYC(Tm;sG1tH^=VFU{^;&+)$>dPUcJrm+7ASu}>~TR{o` z-`H{V|9hRzQvP4a;6wD@oP$f zCF_5Cv$JF0|7~n9*Z)Eu@4A-$0^fxA#po;Y%H%(gmS2*1NSaTYzLW-w&_Igz$!&pi z8_@Du6sPC~=p!Ndyi+c2?`;nbdQcxcVgI2;AV!UFc#|F=@R9x|&*U#i>WWp`pC$Mw z9>0=u_dN$g<%*pR_O6WLKIE z(nd7EYR|(g+TA8WPiG{2K>j)xbTXYOIcsj|jPaE`wc>wXMSakV)QtgJCjakl+voqC zo$Y1(&xJf+zO)~c>v*t_dpv*}f~xk}0J?=vjD7OBjcc_1xN-P-1ZrY1_Cj~Awr_q4f%Bv_CX-*!FGg{w;KP9Sm~I440YhnM9!mbIH6oUODI`?pPWZ2 z-72WCi|wUl^y$_erV;7KgLq6!94E93;*2~xzrntE@%jYP(p5x2nY!L;99@u<%IlQd zvO+jyQpUQCy^F`>Q{3;<+Q|gAgOFB&#B*wMyH*{$JnnPiqwG{L=;&mdiCe zUBjT_;PRQmQsJ4lV1O}IGq*Wz(Vz2v-B= z6Yo=``5bz^Dn}(XRCOfJDNlHw8gs)cxyk=%Rw^X#&{f|4(Cd+roeYkB)=OxN(iiFsXV=BF)c>DmO7t*Bm*jiaYa~ugM=Oo zGE#wTKo9RsWJC3qGch;|X$h~Vazha{J;92c@s)$oNU#>sB|6}FgKn*@k8;061An1a z)GpOjmRozv&?<0o>HRefDEXIBFF5DGTB6tat%N-%Stm;)Xpv?ZOv)i%n|LL<_|BHA$_FuF4|9#J9#&m9gQ@P#ox%l=t<4*##s`1w=H|2Ma7`EP4) zssCNbW66Iy?++~DuZWB5zJU5J@GaPn+z0R1m~9mXDOhq{UaajgxjW2aP2H9({@Z$L zo&S~l);#(D*4BnC|I_5l^Z!Dgug3o`9F4NJ(l79oC*P1C`F;8S!A(xw4KqWPDqh~J z&ovR3J(XdQb^l9|mJ_9oB0PPAz9}et>h1SY(tGK1;#b}L)aqtdy)it3CdwJRAG67T zTRt0#UVam^+B)UUY<(YQ5r+3^T9(pH2FArAmeS&M(==IyhQ$q5G(p`e{rPK=;6)U! zO^B@6Q&=u7nhlyl`a)9j03hk?IxrV@G#Kdr7&F)_SG7S67~=lgE{7W z9%PKTL@NWtSS=*L26< z-Y6=jD40pfWaQI8MEY=JkuX82y!LzD?CS9UVi7aHjxzqgvt!{uY;`(I{GY`<`QAcI zxLpO4VCM4jLoAUMr*)8-x3{4u{E`*Ls0QO+t;x7oT^tBP+%pfe6ws*>t{G?R``{0|QbKx0;`?SO`Ha$_9FXNM}r6y`rOTgNE{B zfiIqba3-vsk6iNz_J~i{){l|&Wr7!EUDL9-W#@*sL6<128yI)a%NPWKdw5>g(>(^syHsO|}#VVMbwH3ScKKl2Rr&kRg(cekILfZ1_3_3~iQ zj}h#*v}Bc3mC;QGgAlmHyJkBXjoarT-8{gr9R2`+?*Q?>`L2>qhIHvR-}B7ZT3|Ch zdg1`y9Al(JmQm9lvYxWvLb%#D!#-^Th%Zu~YQ#%bd1eTm$A=@0U_%*;j(Z(lN9k8A z228jAS3dgTQ)d6Yx7V@pzdL)K<^I2jXQussMw}S2WEKw=LzgM?n|(NjKp}qvQb-eh znSP4G{`jg%zHk;WN&C+bU|_%9uFxvP9k^m;G$b$VMbB0reF8Z30O6DAlB1krM0bY> z-i+{U7)Z#5&IbHQV|w83kkv1gggdhN*FSY=bHYy_$y)pW67tjO>2doDKZ$MLt*!IQ z-jU`iRM;fXo{{F}#zvDcw(3(QO}YMSLBW-+|LvVETmQ4Uy^R02kjG>H;pYKg5kg!| zn>IrV{||(4o9UTy{ns)DF4O;R*!O>18#_z<$HhFg*FPGujxJ zCX;G0`~?_ypTe|vaD0TnF)Z$jIK>~MG=Z%v>ftYDGPc}8zS?I7`M>fdV5$DkiT|N-P-$x5$#ldG)1I1$}lAlcq*TFYm+Q8%0Sql zeTEucsYl*V&tS{fzlQwTrHdsQD1#fc+bFN2Z2i+;_WIx6S^EDj07?BAzzSQ99HPfIM0(@eBx@n#Ut|5Zz`iQJ942X0ua2_y zzq4iIzwK=9?k?B=BAyj;OqWcQ4l{t^WTQ(yT}4B3K8gFFq9=60ehe?E=-*f&r+{`0 zI);Q!5t7jv(I=Pvxf_!2KAn<7FxhCy2Qy2E}GFr{F$C0(2nX4 z>n#FiIwTolP9TYlq7>F})M~U|oSdD|`5Dn7I8Nq2o}Z9joMw&IWjt=-@L0 zjsJ=lSC?)0NBqpLhiz35J+OSF3mz?p8;@JrrxE@4Jp4%i9S`7dx-2dmkN+Rd@sBW# zlSxL7UL4YTxvHblihEJmX36QRM(a9*`}g*@pzEly{@)%Rym)ok8uaScQM~>;n_GKM z{Lk&q&T{=P;#qMwrp5tz%ieL6YKRrlqYG2MekZoM_m5=Y4Z4UY=NNZ`7uXhw*6H3E zjsahuZ>%qjjWw*Xt%^+*hzWIoc8*EbYBY`jTD9NL$UD1Xg~aknKTe~leR&m(fZ??T z=X2J=IxtIa`ry!pt?hhKj?;pF*SLV0-D&k~^o=`oV&Tc+ooqzu}g zN=4y_0f5s|)3}?F3t9n*!tRws|CfzUlgZ^3zGLJ!8b4>Seb9~&aJMW|EWqz^D~ZRT zM?%PF$a|51q8$PByU`HXE$UwWl}u>Y8DtqGg#>maKGCj{Nxz5A8|M)pgc#~bCgTjC zn>pz)BIHrjx@@r`q0$f0xZC?6%Z_21QCg`43{cZ-lC2lhgHsdBMrt5j0FV-W9woSp z6cL@xz19Z(zm7u%palomjgppHYV9$eCo*^kT3*9Q|UWFSh`G8jrbbJ0# zp=o}x6V8O)mCelech%*ei1N9BUkC8wEfZre5yy_1n z&4m>Mc5-5g(bX8T=01vBQHwCGCHX*S9_ZkrlaDb-{qe;OExB>3Oe8KVdmqET(vH6y<}7_!WkCH zHH!@%g`l_{Lx3z!s?ECi+T)QtC}R>p+}BLM3k0l?AL)co!#@64A#d3@_ZqiUTI3aw zTgu1fxrzQd{2UHOl!RNFDu9RZ{|4qSOz=TYr4RH2j)!<5nbCO!&E-bMynZ_590EZ%$6nj*kDj{}-*M zzp5z;6j9;jJ6bvKs5jUdwBL$4>ILucY8{ms+*_#QKVUhqjY6!DIcyW{b1KER2O%)H z_KT!D!7D_J+(mg375Y{dcJ5}&4|s{%Qpf@9T0Plr zf%J~WjFK1`Qv!Fj1hnsLUxn};HEpih`VB>TIA@0SBvWq;xWMbRw5Wizllf&oe7>fPmH0|w&APrn(?WA z+#TbQ5|59R`0uuMzq8u`L;Z8whqj1l3v7G@rxGbZq{QNAUy4O5*j%7FtSHuUcgJ?s z7P=$3VH)o4=-IH_64GQp>4tsXXNG0Q&b_;9eozzagQA-EBbzwQrq#Mh7QKX0VT7TD zsBQ|$ML)cRp=DEqjh3c=qCHJl6Yk)AJ!O1DX8~?Hk;QB517}qq@Q0Kupn?x*RbWwp ztU;f`>^3h`Q&KEfSb(}r!51U=GWW>o%M&hS@U;Ycl4u38-@^K7UzlcX&uJs+_n77Y zqUijCpj0r;=yZSL%;c^J_+-l(I4qW^!P$_KFyyL(>Eji0TIAHK5n@AmV&Ks7KSo2< zFG8{rauI#Ss~4z8gs&Z~-h<<#;_mXuG8HRa_km?29;sIu106 zk#iL_^l;KS2LWX=?6sJJ2sJy>xdsnXN6#znz z0tYme52ol7q?Q2l7<2U&JxAp9?!6HCF}f+D5xn*vn#6ASysRg~2kuLGrO)}ayq{;` z-!guN=L=dKVENjUj+{{RmpiLy-H(-(4uA7iFhuyZu@H2OO_lBbPI;QMDHexY(2eec ziu8$6XwG-uqjC7;xB7ehud zrrKlYR4MY)`k!t*-7rX*ZY&vr{-I>$RvAcD5aX1VC})*eVJIH~G=*S|>#B3KK27Y3 z*sjGTS|ChKg2v<1c(jkB1d9#UAzKvgO8W~ewOh(RZrS?%D_g)_)bTKb8ajHtZkV#b zTwxcEqK{jo(Kv}BrIJ(H<~bL@= zV9h!}@4vHCWdE}v@BcTpcHsW6)7kznvU4vjww~X){=dffa|Ka-1CWyY-`$PvEeHQ` z>HoEuXGN-`*zh6;wTE8b{KCZn`Pad#mjO*SfLq!g?irBaMbzzsmg721V|JKiyAVL{ zfeZ%ff*ZQ$N|Q#^HOlG{M?&niaMCEwGlqu>F(}bL{B?yRoBYPPVlm` z0}XqfjH7)JJ=wuIq?9L_G^a_Q(1|dNL?*07Y4pdIK3A5r4z;5C79>S^LlBvQlefg*#m zNE4;t0H1=DL;t4Ha1`%g*%0=*UDUYGk<6K)5}&tkQBF+(BBj~DWl}|z%`YivgVq}| zH7!E^Ez80V&{l=6!N$@>^OZQ<(A1dwWOHxpJH2UTfIBA)A^`ljGjPg6zm^4hK z^gf~e!cP#~AEv=aVc+>e$cnC^1UcC-tuj=VAkND#O7;hL8*Ch?53xi#PbWh<1D-Hx zk7+(QXW>)n=eI8{!JfBbpSZe1IS`u05R}HFjGjt!w1n!=gBIs2T#$5eu` zd20&%lFbbztMmIomTbb#KvI#*2!|DzJt34qM(L+GqlcIXmJVIh!%4r7&PYrfiL;XT zPob8Gb_{s*(DiYn9fOQx)zL9zm%2q(EYFT>nz1KAp{eK6XOUEp(js(qsB(a^79tKC zzsL2dCc%da89Xjex}_xi*u`5Yt|>7Q9+%|ByeRB{Fsq!Yf{-d*SFD8$d$e-+uB#(~ z3qhGo@5}4qT#gq_tE;GNq=)HvTtVfC)fA~*>ovPTuZShM+Dfzh7pT5YQoNAH3C3o* z()mes8gv)vtlY~aUH8cFo0uwy&wHo`PN-;iinEC65rsM_9y&Xpp-~e1Ys#Qnkk0~D z{N5pxRYE1QPOg2Ezm=+sZ4yA$TT}gDI*@$1V~N;pBGXkDqK+ZoS)=tOIBMoxV84IF-JzJKT=%JR9#XDa=V zwY0MUo&Ita110DGZTf$<|NrLp(*AQHkA?pxc;nrj|3e-mTm`RBJ=|=G^XEt$V0pDI zBNhX9<<#T-xH)RMbLM$+R&wIZ^WQ}O_sY%k_~CkQta82<$#sZJO?Q={*uLmVC_`9I zE=D!A7QJg;MzB{~nAX#ebw!|`dmZxWpnFQ=BNx#;eembvp0ItNTRtNeXUMAHvDGG} z3L&!&o!yZ6z>7S5y9BIADQXCpYRf@Gym%gK0?=d44;*5CFN6+Rdqr0RCSPN30smQI z^9E!PgX3C5c(o70&--L|XJ>224`?z=aRSo!ZIa-ziYeqoSIo#s#nDfTy(Y1k*96kZ zns~wRP2^8uB?B)|9TN3^;;%R-fZNq$^n7BWXoSH+^EK%4l=4$q%doStFf@bXwzP}L zgqi@XQg1d^-F&$n#D-Z z8B{mW0t%X@9?FS5;mz%d&uhliv2#0t6Hry9>$~!6*7I6D>IC@pNmcOlhMBhK14fq){anEx}fxao}xalj<>JZQR&~M1}&I0o3x1cXR7WHgS*`_>PHNAVYW78#4 z1Q|^dTw|K4$tzQB=oRDDSO7Biv-WkELR1kRwKi*il&1EesxSfU+n8}`5-kZ^QqyOj zp0%TKx1D8u6r9+^)&6Xa5cb5(_c6LD$rjKg-mJ`Ux-54$3?P|NLQcD_SJCiVU!{zJ z@g=G)eY7X~Ax#E)glBpdjH7;!Yh#@EEV2s~wZ;?Lw|M4tYJyd4SF=xi9F1GCxFrZ~ z;TDs_(8Yba!Oh(OOj=RgA!E=( z08jDgfp*-9G{s7hYE?b0etnj^%d4DfkMC?0PSSaIq~WdNY~FCGiG8Tz4$WiVHt$Ny zH*hO`*-jpi>`LbyUG2xMHWQ-mRYIC4QJ5l-i*}8Uo8jn2cx9li0=pk&)2`{10-dx^ zR=+$ye0z#HdEBufk-E)nSPTPMKP2_3h-%&u^a}QeohN&Llpy zk>)lD0FjAY5JZ_GO_xeK|1w}H0f@O*^sGpelFqtTkEFLwHC7|bYth?Ut36I1mDi>H zi6L@=-;Cj7)!&gn{fUpr4`JMAQVUJbtzVp*uyF*uF{^blEW(}nJdsMfY>@= z%dZgluj8hxd|AOovQ!-mT63RdWU!*@#HmR&BW>Jt%14^bysA_8{9vBFCylwhL|U`L zC9>90z#5e4%JiHQ+#a2>Xx|~CvQVt70kOhbl4`&f%j@lNHzvT9FmeI8fUHJ|Zzi(K)n2=wRbG)Hs{+%)|Virn1OdBKI1eO+aVB`y+9bsG{--pUpv4qi@W`w=&1ne|8o%MJ5l zY?cckMqY{8hMuUt(FV&syUB)kNa|np+4(A5^vzG8`wCc3t~fUuY4fT~o>LC!rZ~qK zm>etlgZd0ALdK-wh3~TyKPrTL;Lu ztQN@c0&kcnV+qSrAu0XL%H+BYX{mjUuqi*5TXZsf$vG$_I4C{lVV(S+4Avj2=cQoGWr*f9C4j6^YDmH76NB(?NgvH}6>BY!Ih%O-i` zXe^k_#g1zA5ww zE-5{&Bj#kX7RPgDQ=B)$bbXe+PNj7F$1IRtuLjzkU~wj;lcqcW)+JK=WE^NnYk`QB(G_H~X2Ug3)U2H>+GdZmqAETR3N!mkj z2D7k0tB3xO?+0P5)H3uv{Y}rXmvJ~uC+BhUw@Y{dwMrF${MHaB?CY!_CzD|uM%O%2 zXWqnb2n7bsTdQH$sz*DW*5+3g7I2F7Upo$H>H6>3@jvOmOa1>so@M;c()gd%1AjjB zU{3K&vHokv0WH)2>}=ZlpWThUrTx!B9z5)bE&Mfr)E$cLuAzMqgO8g&1VsD<(4}y9 z@a9CB(W>wck6$1CFZl>sg?{#gd`janm=VN7@?*lI^YkZ|mk1!qa+7Y-XS!s7g+5h~ z{pU$C&c%VXvpl9uk#W3LCzU zE#6>=)J{tZ*y7bnos4?)hygV=8fO@UL4I?HZ}*aJhClG1Gf32CK^4SRQBMyI*E++- z@sO(o4+ci#R+zlF)mSB1Ys^!=dwclu@Zf}5a=-VsI+y=6M5&v0sR8qJnW=ECpSn5* z?fXY7#_x4PPiV;}=mD))IVGhX%hOfp+n{TOi5Sm2cBl=~!u z_&33PuubIq=mNwwzW$78Dh3TPfUUQYb)6wSD_vDyK+9unBRI$ML_;Bl%vGsp+9xUbmg*@K)FL^_MZ*gEGn6($mno?u&SOI3;;gJYNlYU>I z_#9olPR7S6-A3TfOT>6+2&X0v@`Jz5h6nxr(U2B! z5uz;~gbEiBGJ**YEMzd;{qoRv zB94bL4`WeWc+?9F_<<2dK{Duqng)yRUL_DUL4^F6(3!x)lZFsQIvzsc1_=F3`Q5M^ z@$+UTqt*RmE9?;TY&FyTwig^oJ)CeO($IY+>85$-w7Rz(O!+d0*PQ=^)(1M>8 zaepXtU_mq>h6DS{g7e379S>-4mBD-*SsQ83!`#8p8sOH?B6H9YXCW*?R!*!(j#B6O z3(7-STyV~p#HB%lTXP=M1Sbqkh=K5XY-t73DPomwH@NMr@11RGs~Op{bPYf##;(MM zu_o{){R#a#-+q7aT+Jy=>FL0{+{a0e2-sZ0n5R{kR6Ll_NqD57YpolNKulnWyrZNS zi2expJK(U{=+F!dw1O*AX<&F5BaHoIsA=4gIEe_JgB<(`vSb$WDo%k(QtDwnLl}{U z^2frVT0u>b6;Or8dq5Z3A%li%xG-_RDi5+Oz64FtC5$8xLWO}Cl{4UI)tdnGLuA{G zCU1z3$mUkK8T5g8iEoI!xqgA?yc1c>5h|(q>%-5qPx0=J=Q2&IPoorkzQiX4&IN`0 z4*;fQd|)3DRz(=b;+3_PgwS&xtPC*eJQ_M5nT%kU%gSc^X8;|DdKl>R1GOy*n6w@b zkc|N`WnghoVBqNP!_8}}6{78u#^4!d=5&K&O=ZE^u5QlLxF_Zo45AZ; z0~!sm(=Bs304~lx2?xF1?YtxjC8iJ9%Z-L^nT~e8(ZvO=VxPQD_!MA!z8Z!@h^n5M zEjdo(1UXNi3RP%XKsy7PFZS&fu&OYV@CaqJ6e&(

65lp&A0`Zvk)?RFq zXPhqL%Rx92D}YB#OA5EC=wH0ZDp)&yO#<^-D#4}I42Ju~TlO8oxCQ*!?A>~^+n z|G&=8(*9>5kL$oAj;(`5`uOK59E4C_?wONULPbxVyzIK~is>v^-gEZ3U6}njzE7nY zeRXp`sB*VN?mgu(Wi0A51M0HS=G+25@WUTe=`TZ1p(?l37p6N>#WD)L2<o_T=ye{;>ROT$F%~#Fb9`|;~FWCrn zpaUCV$SXQqS2iRc3yK}inc#nlOSvL zXb_CO*ORe=-@JCbv#xZ+!_RijseI>4yykU(`KDdxv385(Wv>G`%Fp z?j`BZ@Ai}_9E(S;7svHpbep=Sv>Wd8<7ZDlzK(`;-W;dNd1R6UD*hj%vE3&Og0gMD z%_GW2+Go0tc;R(Q4-I#E>);Z`^j7)(5Tx)(I0kzWn_3|MLe~{Rb|e5*w7v2@CA&#- zFiqj{Eq+@UYR@2r6S8{tgsdU~;M!ZOkU+_ZtOOK|+{vmnPbHNv-Sn!hD!F*)YY1(; zQK-_u=Fy_-Xl;`6b9)#5G_Q3Y>F6cv4pn&x_dibFIXQKoXgctkeUYE@e)^!inf~F< z*_h>5pRn!esIsBYXLH}eq^h>~o$mLmT-Z0`&R5%MwD)FW47@6%XKGz9Z-vzXMQ?eZJ}i6?yNpoY$+iaY5n_WVSYVn z-EDH_EwaiADWYEG6R9ddbQPm^6))@Am_n82O4x9txr3+|PX_zs6Wr~p z`yz(Cuk~k(_67_&jD9@2TXP0pHLFZT=*|UcBVS=TAHR8lo^n>_p)uMV7D1mhDPMY4 z_YUR>zkPY;xqNBnE-k|{Qd>;Tf1ooP@7m7h9;zcd``{)Zf~=rRgT_KZyDT~c$OBJ_ zPhr}dL#M2YK4*RkGl>W@?f;`}6mW~llpYGEjQ_E**Ky*1>~1ah|Ajo3psZh!x#v&( zs!X~e1-mQe4C5{MW$Maw%n(k-S9E6m#yngyGDI8RpZJSIcv`7e)hafcK$o zK%0HANnE2xx@ZXP$=1N1Mss3$w+3vE-@KvGdmOPu*HL;-6TtIsjj{(Lr;LbU$HS=D z+IgCf%(VW+rZA)Z-}aU*|93iDOZ?Y`JTpOPFV65I=MFKn4GRpT0^cpUo6lqc#u0q3 z#wN^h&Ud3HMJnyOFsOF%#rx$E+BrOme)Siw9naRuBXE&=ggO@|wKycLuak9C!I*m= zDL&?^{Boegi|#Xh_n7vrscE}2y`fH_na)G6&ijAn!T&>UJd?K#l=1(K-5p#0+u7J% z^8ZCV1@fNg^=glxm(9g)_1dTr^elVqzZ;YWj|=n1rs;cr5Lr zWE$SXn9Olf&EEjU0NPp9)@4}!*f_cmJ!zNE+@4v_|5ac>%Jly`n>PR7*xcJ$^8ZCV zv!4HTzR%shuRGuZEB1inq$j-0nfc^bbgG!Mgg;8->$o3X>gXLS-Y|7FyKma zA?FjCEkcz$4+KHtF?Y?sh=!mM9)c6-_zDS=&gyA0dLE9#^SB?6<4C|m1mxi5OZ@Wy z>jjT65u_SUAQ=>5-2De+OLC2g033E2I;I1DT_ML& z3Md>5#z6XB!wi@V*(l-&%3(ublTT5<&+bYiS$grYC(xSt%xG zeT_Hk($Zsv{E(#QaSy?4IN}Dj6%iH0Rgl%0R(A?;jfGY!tc(Dx;|K8mMMHEkJ-#AO zuIZkc_Wz1;pi1`t?Tu~M|95kF{#(fNmW!JD$ z%!9F{)e5julfc5@Gpyb^6R#k;7hPvRa@Z+y9%gY@VA@n4O(B5Zc>~i_&{QZb!j~@| z9fBUY#tkhtt%k$(2V_o`USntZHUFZ^SlrsG0p`R*ZNQ3|a42$xMvUE8XZ7$_H; zx~=C`AdDf6C2CdGtdmnVUj+5oo?SGxA=iE323(J8MpMS>Lq&^Y{Mb^M5d255V&v3i$3+Kk_SkO69+8 zJO0DY=I+w|b0JS*{MYYVduIGs5$VgF8*pwGsOqSRVZq=8pmNZUuA{ybb8@4@D%@n> z{4+wtvX}6OoVs?PSS_%oWdp<@H}X@+*6a*Z&rLw$}gl?#2@T zc_Gh=Z!gDCcsy+4W3lNoLy~u%S(NdX93jO>Dz_|~$3w}`BefON zuBg_G)r+Zq8E0d-GF4`F0yC6k+}M3Os^7gYrq!YvE`sB3SV*lZ{q0LUxhmYhU*4gCQuBtO7kkey0?lzuR{!GZ|r_(<4I zlPuGF1w3e5j#TR&a%H*LYD8Z;VaOzB$}A5hqDRBKL&xw&tPLMrLj0rjc=a#xLJPBn`l%xpEvGT!o7gIW|PKuSQ4%?W;@N1Oru z0Rl+OoodbEw=~}^`6mxtm!u*l;e>|}(_@BJtY4?P=Db!)jS~!SP?Xc5nyp?`jPOtj zbqN+!v*lfxYV9teG}mpV5O<59+H3ZblRuAYvy2Cz8sy^K+_!q1#6LMv5^;))n*bRU zu@coa9v{_(8~iN~D0#yrD3nLUPL7tCb*k6Pt-GUJR2Q=Cs{Fd{RH@JTMz$YL!M2_^ zuN_|=wKQ9V%5o8l<%k*}+C*5q%siHd_aq5uc;XAr8zcdA?y(8q(wJio)%o46W(dut zBLRSk))+VYo`lk`Ae}<#2q91?_T3V82dpUT^1uVLJ=1VLlWOiHl0!9qBS$YJM%jgQ>6ndbjM-X=Y%kR+ zOsrdmhw8bAs&k?m{F^*Q+!FXOccQ1D+KE(Akd>amxT&oOu}Lr+imWX9W);EINA)o7 zSE89yt)upq<)c(XAXF}0V+42LfJiS2)Kfn7IiG+uu9AuFjWURCG#+D|ta;F0pK1-! zxHKOJ$A=j->r7jAPfz|Pl%Yw4s8`Uy)Y1ZmS={UXsY{Cd;Dxya+LOzJn`HqgP zIybe7huW%4bIshls>X)^pJIWN-U=v4F6Gt)dH)iRi0rM_0F zAGWVGPYiznCe@nX#*AdoM76XW&dY94t?Z0vo+2|*ji!$v#Pul?M-6c|q+6kWmeHur zOFcy+W}=z{<>s?)gKC-jf&03Ue>haniGR#YHSTB32j5?SLA93pL098o0)o--@>6tv zl_Vd#`aLkV!=Sn_b-i}XM71=WAgmTxTx8Qr$vKs?F51kUksL0H0Bm)ubB1 zHs-P%XQEmGp)i$F7l2UoW*AiaQ%}{5xl--)dm+^`^!sd7C%v9LpPb|Q#MWQyRC`iS zN%*W(*VtuH^YInzGUD<$S5!5q)>1#{F2m`75eH3J3SZLP)#y*X_|+)Rt-nr^vDb*f zqFPTqQ+Llqbyj8}Vo)t^k>)V9XQZ0NCCSZgQO%>6Jn*>@^&A(Ie(rKKsn$}@NcoIZ zCuw*In_SM(z@l1D{c!X8I_$^2B3ad-x+Ha-X3R!4Xp_3Rr$(!<{izqv`ItNrjsXYB zt6wmwwo@-s4pH_YEpEr1e|g8PwZM+wFxlc4z1+v}6)Ohy+sCqWl8iv}o%n8WX0d9K zRI6)J%dqH{9LP`7iU{tS0l-keBxQ+BzCcl;!d4d`Js2X4)}Sf$*DlraY-Jb3Zj%_s z#-}SD zC!I!vi?{m?fnWr#5QqydW*M9`M081@VN3>TN2{K-i3`N<{;}AiadNj%O>R{SUO<*w1t-4xgx1N2)of>Obt%&VB8(}e6RUjq%(h?f<_tUBS+;uE*W4=n%} zSLlC2IL&WZ6ZQi#WFXAmS~Q!^oH@aZM{Q|H=9Z9hMqQ4rSZ4e_XTuVF<9AFnno-pe^~Xw3f7<_zn!p8>Z5VNehLc|s2VenO58 zUJ*bAV(igE;Pf;Fh;N0T=>G=cZ^;msa70^z!qd1-`y{=bP@%t_G27pO7a8y(0}Q8m zH6HYRb6T-t7zw^}Gej|Kb;2wAOpRs02MzqE$%D+OBcWUxD=W(I{(?@J>0Eo0UyP>GJB?C?ew;PQBeT>DDfB_d)rvZOQ%V{_k)*ja6_8hcPYma3nE#iU6;tB@(y7{^%-fnN@Im^W!uD8)_EQlB_*m zt5XJtbJfb&hnNoCk92kOZ=yWWp{hWLGE$|ylrAW``KbaM`l8_W_{ba@mVvV|sW|&Z zo9EZb5aI!tFF8;cS|=O9ALOeGGYu?=V#D1kO9q%pz_XowAlkcQ0 zoEDG8Z)YYGNRux4#;91cLXz(aZG2=ZWmBVGnFcHBJ(z^ZUw%`I+|Swzr2;NGa)_6-|XH|z0j`ow3qsgnS5PxC8g4NFM-s~?p(JBQG7*HxwECs zr!6i3K660|)jZd%C7_u~q3;^Y0~3G6l9_-blxm$pTyYfHEV~v;8l{sJ@=p+$CwQ<- zBf5VM08x?q9&=ey(yH8I@hF#&eiU9u?5K-pS=zT*7hsF9=baAo$Sx%Mw%u4`Cv;_tJK$AtELwX3~XmQ@_ z1wicUY`4CH30IJaPCQNjGo}95yvHih2$tdh?ru5w-8g$FXp!{V`32^6gx=l8l-!1cWSB>MT((c;gXKkKZ{0Do|6BAtjRYm zrbsB-0!sM*W@m5Hj{m)}#Q$5&;|6E)qeR?Ktk)`h|NdEbHO^gu1^YR0DaZG5q0({D z@hz|pUD@dmtW{8g$+JED+85i_4(KXkvzF6tYu|Dd{>N;a$ZGD`=}7 zXOye{oY<=m885Zd5T-l}jF*~IY2|pS56$_O4?I)u|4PwO!5XB*{$p!zW6zHNzP+); z|6jGD;nJBsO4Sni>PV^fHMNC zdU4it5}aFT_Q?BVtr0o+XZkeIZ>I}#s$@=Pc8y(@7XiQQtn#Y7EH_V>8#m9RjWKVqg5YKfMrg&K8L$kXE^MMhSzFXMXAScUYxx?cy%a05N4G5Lz)cswU>n9 zUGflR&imtVe6=sx4DyBCs!om%p5H@#?BdJmP`bj?OSZHPE>i`ji0H)xBnVWlXZg9X zDxiULue@p%a!^q*WQczW4#)_3|H}M5E zsZ>>qwNOQh$~Kc$tpEW)ii(8<6${J3F#dd`3wP$gr*7}BkDP{Rvxa7bw?rg^yBMjNF}M`G&zs-GY4G3 z{}_$UW5@{4AML9s?2oU0Ge5aygFR?Gj>G(M3fFNo7~Y7fVFrs8GF9Luqe08daC$YvZZV$z4@lBrM1^MUk*6_f#WO zS1n$*l2=t2w)389j9gW#(rnRHO}c@)ry@O1Zaq`$|EIP88)wpS5uKIJSu}U=ZBUv0 z-?kn9d24HPr?b5OS;WI9C|J-I?qZT_sGvS1uxvu`8_kVpZJe>Kk55tUEX@MJr1g6? zRXn#q#;p2JyAt{utxRC$ahC(MG)=JQPd?2OB6{s+9~U*vtf z_omjFMpAa&)Y&VYTo1hje%H^G{Qvcv)5DY2`180*9cBD~Ypdh(|E2%WLLLun19$|I zECz2g33Y*3i+xn}XTnYT?~-efgX1Gi3MeOZQ427Uj7V&q^JFqs0I&kNBw^xTs{xQE z(dSVDU?Cz8hjzT6VqlK|P|bd$E;3I0yq}y?h6(O;%(wdO;lYbnhpjx5Q0=!!zJi3WCQyD!P zjp^8gJzB9UuZP$0%%T1qIv(F-|CxjeXgv={4BRcIB*Dhb6SaPf zWqL8XxxV9?LOY8F^yPEl&6M9a{|c_>JFSgiqv@lB<_nb9`#yQM#?Fvy?+uf2D-GR# zsI&okZ;?)1erdP~P?YJ4NL#oDIA4@LK>2{@-P$CJ@TJJf;EGV|RI|_j!}LP)(*Muk z|Jm8v-mv-qUT3NQU&!+S`v0Zk|KT?szH{gt7nvaf0czLA%=^8UNq&lNK)L5+1@ED` za9D=`!wAPA1pW($FZ|;ZD7gO9c=UZfv*Eu~y8|fm|KGCx|2Fq_cb53i3wd<@ZG*Qg z75M*oetMRZ6%d#UX2O8JMbBvtOgP0<76q?`2j$?5ashBD^L*R?fr8!ND^voW+il{@*G=6o`5nC7%h>&i0^%|^f3XUhG*vhEL_694~= z?X4Z#|9@w9dH!3-W1EpqdA!q20ha1LpL%av)n0u^Nk@~`)D!bDYwFrCzTp+PQA%~% zyC$5qnomd*k6O+5!YVy*tl|Csl`eH&Qk1LZtW^siOt<25UW{A2@X4I9Zp~ZMtzD@% zp;$OQ`$*ATIcFtC^YNUT8qEQ8Msk#AXtf!koJ41=IM;jBr9*tBE5S!nu21QV6e?%a zvT@?>iJ+*FaH+CcC4wg?+*vK> z>KREY^SYjgEKug2J!=yjN9yT1*7dQTl`y|Ud7(I7OrhW3yegT}F#Y$SRh;eqkB6(9 zG5*8mwj2LpYh$VZTg2nPEa1*}d741`qEPtiEwz0QaZg%2gmrPk3$o{4Dpv9Sx5~{2 z1F+qLeh*yu;hrh^{~2A2a3XAtN3+|1>}|UCAItln#XMiWv>%h}c(9K#f+1=qT!ue` z(5+Oyqul6m8<%7IapUmwNJPX279@OlaJsY_JY67yT;=ogKqchH$%={Va68iM_!eTN z47+4^3;&D!Vz$Ipfw(ec`U<>W8h?r;|9cYYOD0J+FJs5cMum~HSwZvU z0`ok~QFnPPoaZwi|KH+0pw$0s$M*l)-0Lj$e+zjY*#CFALCnJqcz&D26tyog+?LPs TSw73>TYUaME0C6T0Ng78SOUV! literal 0 HcmV?d00001 diff --git a/released/assets/rancher-monitoring/rancher-monitoring-9.4.201.tgz b/released/assets/rancher-monitoring/rancher-monitoring-9.4.201.tgz new file mode 100644 index 0000000000000000000000000000000000000000..c32b52596777aca51cf88f22baeef5f88297a7ac GIT binary patch literal 221201 zcmV(-K-|9{iwFSL@Z4Vj1MI!)dfP^pDB6EpPk|%#Y+G&t6e-IWb*Il(WGC(E*wK-k z-S zwEqz7-Z>-el2i9)8(|+3N{2|!BiwR!!^H0A2gJhOW2g$Ub zCdJ-b5QM=ro+Nw0*}Rv8Fy}G}CrO#7{Q_PF!FiGwX*S&pI?=PJ{g|HR$t)`nc`o;Y z)3Tfud#x6Jo==l9DZ>6~oC6{i&>$Wq(J0GC<0PJ?MbytGE$X44O$TX7{o;qmIP7a4 zHA<#&Z=4Jq&}MlCAe|=jBAjM}Buw7Vvb;=kAHa6hZbzMk06Luj7?U|*|7A2v%hP!; zO0(8!GM)(JRS0p+moj7nbfY{T#?#mbW;c2gEnY17WVPY7v5wrlFo4Ii+LCml$IHw|g^=lgI2Jjxk%fWp7N#QhO+yK5qcy##*VWa+U0N2a1Klp@TVfWXC>TIVtPV)0l zx0PmqYeNP{a(^)SY-eN9csGRmlb@05I5&jzlb#iKj2puDDbI{E#0^e!=W~+n`d~MK z_;V2M&TS}n=TnpJ&P{1|=Mxj}j*ErAHe>ux^3x#y9sGU&&DSr#`S$B*ayPrMT>k4k ze%gLqk^i>aJ3IIC-{<(*2o6r;=_nazqqY6<7^IsLk6+NIr$sOX<~{)CKA6vnGEd@3 zaA?^5;M-Y}$AC2f9qHgAg${a25Dx~)ASg5VE-i={L~Cms8^OE7xPJz8JNTZ-N3gy9 zBha1>?02~RG;BYIMjOFCe!Uj*zwnJ6Zl9%#A0HaQi3KJUN>E}F%F+Tjlh!0Iplz$5 z>A2#a$S9jZTm*4oPm1}$LK0GnXFL}Ip!H%Nx@d|bL+ zrc(fI+Q)aZadrt)?OpPM(HO7*N692RPlB!kdnRzS`XG-@=d-Y%4_HUj4dUrwL0j9# z0Ms-$GjX0|It_;LIXusX!A~$Rm@H5S`ugDLMKDP7q>tntr%#iC&6k%&WcII^&rnnj zhR{*BN%rb)(Q|WS%HMQH!S6IHVeGrXA>1MOCQzBbppGr^3eKLv0%nt0HbwOnpd>8m zG&uUl%b-7=BSsXBpv6JgaOn-hz{KKGhbfSu4+?7Qj`gsM%v9q9Nvq+^kYT}N@*Vdt5*oDR=-^Cgu|t^l`@ZIdnTRQJ47-Sp1wK*Szg_+HW>^-f7- ze?6Wh{U{wxvpjhN+)y!#`^j-KCL}Mq0g$Wncsx(|C=rN70;hziL3bFBi=>N3SdMxW zyv4IjpV0Bh=Y4=|0WlC{GNb?};1B~kVgwm=(4AJ{gOi;mTzrcqE|g#bRwlXF^2|NDX_ZhH_K2YlQx9nEtk5bo6ac|1!@ zix{~*oR91t@Qp<_&--xIWb?8}2RubHLk15XT?TRP5X*G>mmnR&xkVBjOp|0lboev| ziV0Xyop#Heb$w`Aw*uyz$74G>9O`1;KgFv8p|T$kR0z<#;Hysid{w{%k#@#rpM^Nm z%s01qF2!j!hy8-vHei02cRQQW@&KWQnZur3P%BZ$I+>PR`?L$=C$TlEA2d*%{mo1HvYln2W+kFZW-(ehGY{CHP%cP~u+p<2)L~ z#c3~#@e(SMIPagD)77P;NkEiKBtzZkdq%9$IP1mZDDTDn2nQjM zB3}P)@K7M$3%Wp}lkR2|yu!mdMtL%V#iKvJ%5q$yE+V$< z!j{b0MFBof=2P6{Oi3zWV40pLp4td}n0Qp#Yi-JakGBmdlr|jEiw6gC%9cEpDOU`Zi zIgp5!fR`V;(W?^He}+sfT;rCd{Z$aIaXspoCj3=PQO-p)WTBL^z^?!G_}e#z37nx` z10>}JCLx=8bk^XTVuiAnz?4nWk_DV@!{vua=uq}8q3e!hC4;N*=Ns|ysb@6r8b~bH z1t)Pf#uey_cJM^r6j2FpXzkrmc~y?MEmQhzIK=0Q!mwCbKHw*($#`bO0p|8EV&Lwv z!-9C~95pgIfRrJM0FR6eN{;-H!-=|Vr~!DH0F@^IQZhAsuzrI`%Ni><5Xt)(9uvz6 zm^6<2X9B9xen6M@Q`8`#`v5Xoifb-E+pGtf<>@(o4tF77OP&Jeo~JS1iFr1d_i-GU zHk@x3>IfC&C^8~POfFyW^pCik%Pvi93&kQFZJgp&%=hlR%qAdzz)2fl;-LrWj?`Yb z#7I*>?70lm3F_tumxbBoliGkG-RUTuzVG7g{QgqULrs9yV{mawx-nkIv|zbeR?D2N zZlD}2yy}W3Pnh$Tu6WU+f#u4UH6~trHqS`|XNZh}DJ8lviO)!)f<{Fuq?Bl=0QsN@ zzIz3q=GlCN5(v+XFy)lCxtRB6F-+=V5{)87_6G$w+%!_NzaBDK7;6k$1bjMRG@(KF z+4i$-AfY1fbnzj|MO_khc#^2)?2`1D!~>p~Mfq;Q++i0a%8Sz!t~r$~E>06UR=WPu zlyPASgl?9lL|C`1r~^oLfzky^ODJz9MOo;Ls{Pn`@oW%LGhZO&$?a@!Z+CBwHxAjm z0qR&>vAUhRM;i;{?+$Y=lHM|`si>uHgE&rCE91`d?dRKz=qB<<@ZG_yy zKq>~w6xzz=iqy-erT?1sctcRS6A{@kVIrxd5z2r3;N$VcPQVF*qBuZO(q0Z)YMId zUFY&7DAO#GR#6|Wa~jW>m9aINmsA7TJ)rA_P9p%N@cGEF#4EQD3;%i7??5?Opj7~zueuaI-l#<7&eoTBdJ-{8knpicy$a*J zb)Gv!2AdBvBp*mos>*s&;PR%dpc$-4K|rz7>D<*28^b2t7So%VQLLJ1k32v^Kq_b& z4yHwSPbC({DSaQ$(vS@#*h1F8yrnPt#>5n=hHF7*_-ve%_}alBd1^5UFbFBii?m?r z*k5M5fQ4i72_9BNYQQT|-48a+Y&~)9s!5my_k5i7gM_SOOPdtN#J0R0u^$a>>|LRg zRA#Vi7vZ>sTOt|pZPh(WR6&3eF`JRR6(cUt$)t1mJ+UQa8I$H6 zx{*N_lB>TK9^!wP88zvL9A^JFMZh=d_`4!0{+^5{yz>O45hINu4`fZ`+(0OY=fEm~ zSe|8PY$--_!jae!(9lM91ZG9Xp6STJ3|OC2mXoJ!OGoIlDW2bWG_vxlu}b6sFwiaQ zlI7l2i4aIw|_0jSFaz`}h5esY-fFZ;}!bJx_S5Y^sW0&SWM zQ>%iCXMpfAv%hT0gW=TWMOZE$x&d0-NFOmqUA3~B%o(Hn9E_k<#uw0l`E@uX=$4|$ z-4(l@1r8d4JU&8orrLv?&tw_8q?AXcm}|AOeXx3v975oGG$5b>Scjf!FI#G8?8eR> zMB+&D?esg-@-MLP7dWLYUM#dqDIIih+Bw~XxM)g1wF&l)`{Y}E87Kpe@Cz~pXBC~x zwP^_#;y%d3{du02m*{Pfyf3?=LCb(b8i~-ecqn#ue_7Ax)BWO2Ha*I+a(ypYM|I}< zR>04JVC47^*v;+rkIeGsK+fQdJJwFpkwO9hKnzL`PlVz zWKCixlTcTwl{HE~EY}S(m@b-^Re%CKMh^)TMHE1XA1C^Cczjqy!FQyw!>cSFU&NO< zScW1pTByia$dtwXmTk(8vKH5#n7-pfaTFR~`g-6*c_20Lcspw}(2H3NBTzC8FKNYa zK~SRx=m%Q_lZQx$y5($)+@qyEvEKdSaX{ElkO%*^ z|N0v<%Y_K)C{cVz2vp9g=AX5t7pECYqrg9#uY@LjpC-W4k+z$eM?TW=G@D*dvU#DO z*(=i;j*Gf?io%8hCo+pH&chV-KA@>0IH`8+D)w=u=#oJe0wx~_7a?-Jc4D;Ps3&0( zXaTk}PSEaa`ec0wYJ*{YPH`Jq!z1?^I{fS(z6#i5Yb)r@OCphowk_RWQQy;vF_%-y zv=oqmh!U~i?xYBZP$5l-VvdpeU^vj={;^Jn)I8lcAgUh1QR}KoVeGZ7F3qFXfz)=E(AHgx1tLQ}#%=57m&S<@Io1!dh!HwGQcaGyNTJToy z+qk-_EF&-K6VjG?$wLb`$?-TFsc8ioAw^auw21>puiGyss7h@7ysr6bYz90P5TVPE zC;!^?-q_fP6??%V9ZchQaz_>6=p5#3zll)j&M2PKxma80?Z#e28VUUU8HbG=pumitmFl|(u+l|A zmpNnER>Nh;8tg+CRZvnSH_~1@Rgr9v_2($HGJz(iPa3;$830%t@`7gMLiv9X0tUf9 z(5rP?F&vuXxLUP$SP`ee_8YAst-tYMNc*^8`f(m#NWd{(!N^Ua&zaws^Q#k_ES~ki zvVh>?G&zAS&BA_fcemHu?e9E(63t+@&yq`EF9twe!azZTUmdu@pbBZ|qRRxhJmK`P z55~dsVw`3`PU7U;JnN;!B+mP1@F0PY;OLIhc$&|9Y4$%y_yA`IJ0fw~`p#`mQyiTE z(wwGeMblUM&VE(&v$Fi3`IFwI*ODHC{M@^=O+mcQigA1%oyLQoPt)YQVTAv?Oh=b_ zwzlxBi3=*O#Z4&gRbMSc9~1NSJbD~;w%cpJ_SJR&a|b^S{GZs~?{19i=YM(nWPA5M z|I6q2Y1n_bazkTzxQj8a;Qt@*Zg;Bje>=O|_x%6o_}MUGrR6}0&)F9}-rAZm?O{-u zv8S;RYGTITRjvzkJL{h{hU#5)MQQwAI#p8C*!QM7623LsJXVnvUeKU2Pgj9r?!AU* z?AeHJc^KU0`s}|G&a$z0^e z^|Yu(a<)a(RIuc14e$<*g~$;Cfct06dFPrj7d54&H0wng__F0%A6lCx3|96XFw&|e zC3FnvGnq&bdNQ%Qm}Qn0b!}B5wDOs+d}i&HLluxqOFeGxI)vxb#=+^Enpy( zgDnfk>RLN*0@!otxn(G~*ViUM`L6Eqe3K#Sy-?@XOcsq@E9r21A0+1?k&77zz!!^> zVr=rUE)u23N>b0`JVkYRBkHSJYmg4f#kp)!I+T~Qgm>W6MbtA*l0WOn)EFecWnJIR z6ZVUNKJaEzq^fueu0*O#kiFPXoOQ9*g9Vof0!CPmACfkSnc_+u!|z-SZs7kT+~V(n2>T+HDAz4#3NUryln{}-BmFZB1-iK}6Kg-YmZhL3DlK-duboc4w`}6-f zem1JgcNVVK)?T@?OqHI=rZQ`68YhM|>s9BVSVbF~L>M#o9ghygd=d*z}~nj0i#oC1o) zy=-1O4DD8JYgrKh@SMEK%4E+~NnOMw8cvcNZV$AYG^arlx5q7tV*w_a8j{i?XYV=u z9Im7>#pX*+6i=YOcZKLr(sJYN7wpCa1qpSZ0qccI<`$5vJI=&sb!Yin;ab^8t6B=Nz3(>%FZjkW@$Gw&v_ zKPg5}i@yjg?uI@K^_e1&hd(w8-<2q2o34OG#;JLQ(`kH@E2qdgbj;rav}2$`aOP(7 zd{jMje3IyX$|-?g5ol(-1M7}E#ksaaNk=?vIcuAFIk)xwdH zLmkq+tc2u{$?lLiHP0WMI3VL!3q8*%+T1#(?|I9wKBKaj{oK7pK-g^bRa*WP@oB4n zDC%#`>UWJ1v%&R0a`oQV_zXivGMd@KuL$7~*~v$q0%R8=JGy_H%R_^1?&Q{Rd%PMI zx!u(#*qs%nXGjZj=sx13z!^U5{;hE7|4q!763zX*n^{SM(TL(53|qVpN#WC+*cbF!v7V< z%sh+UBdE`#_iJmK{Pejx!k-#XHA6A*v6*YvUT?=_5#h*`;-zRvO`O4;0}U25=RlT9 zq~;h6D{R1Xo%a$Ne@H^^WuHDz^G@XzWC}(BCz;tIt^&3WBbE(O_ ziVNOFaVmP>br9nTBgRt)F=7+wJk@$E20OO`yCjGNEN)WpK*2=#Z(oqm1~kVRWtT^J zvS1V^WLM%1VMptH=$1HT@ba2ry%;K3JD5L4A-g!0C!rIj=Vl>%H8f#hc=J;r9Fk&; z6qIB?{XUQ$p`NUaVDjmL-6v0TH@?f~2h!piY zcg?LRLB*P5Y5?=dC+Rd1J%b`I_Kvc>#IS1sAO;kpg4<-0koI1q8fIwjZlr*)-^5-V zxRjF>L+=jAl$ZW&5<}B@`Z5`!Qbhz~+>K^_fRc2yNNsUKyun7__7_5bETx1!>Q6oL z;TMGY$XI6feKCRJ(7>_#O% zPp(-nlZ}(Ige+C?8}Wyffkrd*Hm6k&K6KaXCXe;5fvl4B;zM9^N>u2XO%(uNt}hD8 zSnu+rmuJ%Z5F9Y=RauHG=3XAmddm5Qc~TFK;2y9!>sW!RX%jz4vc6?tnKYemGfgqZ zDGNUY`zC|uVo)i!r@qEOJ@2g#K;4T#>wn;AKb$7ybmnB3e^>wFuDlnV#6PN#zYS|Q37LXq`!25Xs+92}AnDLbXf!20&Il0-yvL3u7WaZ$`Cd;sahn3zU4Qh0gc z0m%nq73n1JbQfk-`QnNkL`_LszG%un081(MoQBvcXGIr{N4Z^A*^(JWV}9UFUl~VC zFWwDW$GUS2UBDEO?WVW-AepMFV62`A z9+x~FVRnc(_zBZ?WvoF$Z&1Q}H-UuYh4T_2uA-lmXQyQ$W2$V=8 zn$5>!P4ES1KzSGO86YV>BrX6Z{}31g4QC_zzi8@kaoa2yF!HP6o2)$K@b@c$v4xuu zm?QI-E9u_`7{@*lbd7gLSBhZNU7#;CqlwH+B#6GvRAurrNM(&n zb!NLmK5to}O^4-)ZFvvZq)@By(VQX4^(A+Uyj0I(Q#H*S0%1}rU1RJ+x8m9j$K{L& ztB>gxQ@j3V_?Jz-|IzFw%@^{VUC=5R&n z%TI!_)fzerfcm7EyCMvq1cO%``))CL>7XoVzpffG`N}9z;$&XAqLe||-&j8zcOCHSPG&ekqqTmd9JyJDH zgTL?lYz-xb9kXU7Bi78ZRidRs`7B|Y2y!(Pd-c>77>Y|Nht*KzTeFi_%WI2(Q7L`h zbrZIcit2|fKMVKCxkZ9qrrE_bcm=W&?jh+==2Oi*t7*8uc8i0p{eT*UugRgLlBHbE zGKpDdQQ+y_A-`%ia!F z;8#!p_=r_|c*s#*yDZKO{gf(erOZ`*M8s`F3f|#+KMt)w&gKL0W+D#Kad}EGwR0kd z)a)WGF}Vk=PpIg(0l=InFzmIsxwf`HCNm+rWREYmOqL`)vSfjTc^6&<2un~*@(CzmSYLW`Bwl2mRcdVVvFRS~ zazv;p2iEL00o~z>P#7i9zu_F|f>ltmx}0D}$M=c&kjmOsijKL(z~qd@AgEvp6k_?= z_(XCm^(g1*-7LcdA1NJ@_W=@VPcdIrozeeLCT;Du+nr6Hx-eBDI_qo@D`Tye-qF=k z_CikbCtjDRPbugC!&6yBvUmp-72FWbo9qf>F*eOfP)~8HL`|J~1$%32?MQh9Mm$U- z*@;?Dl4;*j{@iH;T(Zix0XV zqP(wHexP?g@W+d)@~PVcEcW)Fw}fNPn@bG?sSr~nc~`+@B&mq;hNFuDty?2vca2kI zmmC4e!$5d7PjKnF9H@l-yBgg|Jf<*#fwF12Nki=vtaeH?F*_sdBU`pjvUheb`a3Vl zeqbS^n+lx(=nu=@x{71tmqBh`X6~6_3|r~R)WD`6n^*PiH^-ED!DU5CQ#nuqYbF1j zc(Q?TmWf1(I0U!rBts4w#o8?rE5^eRlaHdA+y7)ip=L= ziVV-$dteu^)q(}~Nuq*I?kZ@VLK57q8H6Vi2P_fEf@vcd{G1W(e*dcN0At>Pi#=vx>bd5b%nR~8MPg*OrdK#ckwaAQ;C^~TC zEFOphorNVr`t-ez+^?4+x4)Y{FSljRGVpK65aaeuKqk^sH*647u9m~c`LKGVRoOj9 zA0z%o^rTED$rjeM!ojI1k1J`SpA1@>F43Zj5;$|?a)d%;^i9%N@-GxZhUtBSgMIP! zf#%WLW5OjkO+GT=?(x~i=4!zcBb74+ME;;nYwFgex!!Wy@N}XmYZB?z#&&~?m#vm6Hh>{`>dA}qFEZWA(TPaO3YYIV1I)J`*a>( zCjD52OLHoXu@&`q?8*uoI>u?SvlhD%tSHUYy%XP11a-mS<5-ahdYpA?b8w}RqwimBhF0v94J@BStoEr|gI z%J=S+V`M2;)i4_msJ^ZvMr)C(gbTJy`2m!bRZM2#_Z=#kN-4`yx^)@+IJRphx#^9w zp4uWwtu!#Z>H5170S;juLealERi>iJfS0Jm+Z`81(Alm8Bg$9voEGtwRib%WH$uSV zT1+h^-SI5$;@pQyMf8u@3TCY0DU#$`nUz-Ee!tJ9;l#R`6g!L_6_`7uwRu&Jp6di< zZRiHr#vG>UgTtQgY_e!#5^ALZY!2vv8 zfMgEq7id+zmG) zwn^2cWjxZFT}@^s4MGc!@g1;Qh3MtuOGCDdQ;~2W75KL3g40r~YD1F%4Y+|~Na zLM$0^Ny-6}{4Lm@a$r5C=?4rQWT}*9-7+Eo-ki`$YEV`^;i_w8aD6LKrn7RLxf4Pr zZ?)A{KuE2DJ#uBAVTu<9DjCRb2Gh>0PM(Zoi+#!bL$|!9k!KfsouVj>K+wW2&MU|F zGLsHt&y-YD#0(SrWAY#nTW7c#(RH(_M7m8()by7M}w`Ye6sOxI3ihzBop%*YGg=AH^BUU&=HeA{krt=c<Jm1+M>Q}~rm_}M$$pj#1EvOE;6-RB)iOt`Q|*CUt=8&94-+1*q%5Aep}82O(- z?{1v)0q;Du*)SEm-N^K}W>qM>gIeq?ck+*rRl#B*q24W9q`C^pBp!-Qd`}a>Ig!Fh zyFpCHlDdT-lx+ko6Kpn+Qrcs&{OJL({jHh2e>9dYN}`!w>B1H%Ak0}c6}#aKEG~;a zf#sS3NFP!V9LcH3Y@}Qu%C5F7I)|3+7rKPJ!3689``)Ei*jFd%#_XRy&b{-mb+yHk>xFNg>BUn8RNZ|xj-~y*3Z@!EoiFThHC1rSzB=*9B?|? zfhPOh9Y+sirk zLZ;njO#@dTw1K$tg@%S6et#hH>h}#6V9PAS#BiosWy_=HjLE_ZZPi>P+>qz}pK9*jlL$8%s1wK>sD;t)}pMQp$s!eN0E`EQibCzoeuV#E#MtkgOOrfEn36fc4v3+tP^&gbUNYV{_b}8Y|z;acZN@U z@lNtQ?mzCebp5{0v-zxO6|{NIX!;%mW@w-_Sn{IvI>kht*|3ZbfC|sc1dG6&!F9AU z+{5DS4qY3iIf3MH(`bT??fSaC8r^INX(i2VS}| zaNzvuzG_@Ui>0>RRm(o;h1Y1kEkj7D9=B@8swj{1=Gsbo!4%jOEKHM_njgHy9EP$d z1(GUTdb6$47uPvR7(F{LR+`lkB-EI3q^Hb=l9@ESz=|)Y=}bxZ;rCp0{*=Au)IBCP zBv9|#8jTMKr)?;IDmF&F2Mvj3iZ1mGDRZSpzsLn8blfYk>dax!r-9Q)kPMIko;cgGl;|l@b7rv@dh4CUI&S8!z!q# zh{lx5r1N0!myErbu}NYwLx`fVO(gS7jEyFC5YzCHEs2do=*dDp)?8W?zxr}MnK>#Y zH#18@mIu}lQQMbOk~7 zniEWj9UAQ`<_NNJSsk^he`Ds3S|Rj5C0zu`z?1+QIEWO%?209jCgCKE75@WmM(gIN ze!QIXj+>O2`Y8*BY0S+p9cDG%B9~`3Ak(5f9q`T zw4dJBfBPIi4g1eg!*^H!dg=Y&={#v~@0k0){q!l_|Lyzx|FisTn5b?E7B|7R)%(7}c3E#MwEWh(G? zSyibb93RrEfi%3^Az9uOxn29Dv!fFfIZdgbYuD*EvI{$6gk5oD^yCnFh=<=o-flRCK&=mm4xFDx(L5W0j?Hw=LFxjiel_ELAALvZ1^aekp`WVa>-@w zbqEigCjI!p@1!4_x7Wd0?EKfqRiMY1SK~90YLjZ@W=F$h8TmaO4KWVvzj*!GR(U}( zl+|eY(@%LRUU`P$J8^c{=ln4Tc`{(X`oe3NP7BzsJUKo~XWu7zI=sB$-N7qrY_h)! zj#M+nthQ54g!Hzz?)?TW+n|58Yu(AiT;Bis3%2|vHZCH&P0<*z0Ebbb#s@@kRe$_)ouXzvP4Y($R# zn8#zJkd65S>dL}HKdX2;mAE9wg~rovl0LDEo(Ns>O~78>eEaq#>Z^SHT`K9+orF|e zXRaDF)0`z5DX**RgV{BtB&S(inSA_{1L|bD3=&XVYmiPT z@Qm%B#^Hu`=53shl2SZj?7;1){Umy#!pVY0>s2T?qdbOS^a_k1DQ)H^4EyGFM4T`# zb~pmQs%#K<%w;BMK9sD4^Ah+U_o=9`6r@09<_1i2atc%53*uhC-PwUBlS^swDDrHfdmsk*E(aYm;RvmPll$9rz3VdA$+Ix?Y7W0p=G+#&NUh?Xh}6Hoc=mRe5FEipp~*m7+`7IelP-)H{E=uComf zzctj?$`I*9JAl7AonjB;`GI1nI|dhab&!}ak(zy{mWvAi>ZG}I?2zu$^nE(@_*&^P znhZ7sl7u6vXEP_xfY2V!A6z7B<@_EJ;wLsV|JSACqF-O?Ocbf-#|OaQJQ7!%Etoz2M!CKx5z{W;eRYCB<-uXrsgD zaL&nbeUJZe8=lY`eQqd-`8yP-sV)C%Uk2zlniIznJaQT!uv}<@XcS!_;s;Dvt~Dl- z5$4&x6bVcmE`_UTGDt}aZou{?xFw#!EkRF~Se&rlg&67#-DQUs6B&V<>Z>U@)`QD$ z$hY*5M|73Z;$j!d64j~uCoAwFBUWw#0pixxJEW@x1w!04m=&{^HRTUH+^-xA1KY8b zpTiV3&groYj$Gl_XB#O1AEeKIGQ;3L+I0A55Rw83?x9egZ2$>~^GTN9akuaQIr6*i z^|CPdt=NXPWf?8f46C$=1I94tu}1wBQq6|xBzfbL8ylW^O8kVT?1DSVuh@z* z#t9Dp{85Sg;2HDWLN0*p=-ki0*niygmqmyz`hvt^#vXcE}vG@ z_%vjl(0ilhe%PYx!R7d5JzsEP7;g}ngRiNTOKz6df(UHjL>5SmtiH+8=9O~@4mFg{ zDX?(f-U`k;I;iIz-;q&;>IRbjot97Xcb-4f z-2mWU7~sDo;CV}GN|OLxY4)8r!Gq%KCW-<}U*Ky--rB`j#v^l3q70 zzl=IFW7Hr0H1~Ir^vWz7JADFsR#I_1V1+{rKFM-}s?gU<$*FNXMwJHR9KYew_jE|? zC)u+A5Z`yw16JwXgP*eAgCDD}F5(oJ<(=)K`hvKWbCkb!C-xoiYk(-u%bipAWj{$t zf_zXQpdlO>PB@2$=7E7xniU34rKd|jgENb7PoyZ4GszHhDGpAM$s3wuOlhzGq&3pO-z8hpC^R}^14<{Uiur0h5US)ZCBM#LoeI-f&Epy5&hynW# z3LO;9G}Id>Yd6^)m-K0pC-_&KPGXDu!+^vGPJ)geY4AWkA72JZ(MLc3pvVHPyLxHr zw9{sRV9qHAxif^hfs}crIc+Mi6EP}nPHJP%P!Ngx9f7M^}vxadRTCX_Hz$t*|j^z}_YZ!0AS1XPws%>N_y)jkS4#yD2{A+bk z|FaK!#VpO^@d-3YPG<37?{8PZK_a}MK=Zq!WRd~te8|`J@fgMQb#pM*;jR$OgkJ@R z);AlbYba`!e(u{+KFf*dXC|DhJ>o@jO#`d1q8tTSI6+qU%|Rph%h}%>FRH73{XMO$ zL-S$DC@Vpe*iX+I^e>+MhW@75W-R4PhVfpa={g3ulCO9OC-JdlQD7A;`cJ5ij~>HC z;c31G876N<)rJ}DFfLCEx00z$L+m{vX*Veip=98&*+<;2DGek^RflA3bHT!|Em#Ot z%M6dn-}^OXqsP$7r1c9{Wt!!IR&%aq=4W=djtCAU<=BUVRi3Qsb!QWby*Y#rq_M89 z`LnXL!rtoIHtJBlY4O;~4D(-mvM#|fuXRmC<34o_P=kf}&M>LhtXlQ=|CFvYGEOqt z6FxfWvTs*fSjND-POR+qpiP~0d6f6hU9cMV!1pgD-wn_23#&2{gI29jvvF-el9G zEGs>G9KHCiNZ4Y!y^we{;y4{cE)ihJmCXt;iD$Sg31+YJ78d4?N@CS&bMKWR%=G3k z$&aM1k^muvdX$8K*@g=hvDG;(pvPZPMst*+HRBVK0^+zSD+Eqv=FA~AR9bt0+o%Rr zgq<+4gi9raCV!F+-pnUG;&G#e-@PD0u9uNeH?rg#PX}_QYJkda21%RU&>yy|UB$DR z$sk*DIT&-v@G!=(fCd}}$ab#QuO*darOTt$Mo%ousW2eU>^a(Z%D`HmTaU z76N?JD+sQVW9PbY=6WnCI0ssaqYa|=mSu00;QdL|lA#R8mP z23rN=73Ukqjb=+R-h8fvO%cuAn)OvLSW8OQjJ<4cm6Okx4T%Y_4t=~t@4(tnY8k|Y zvXtO0&_q{)qZ-Y;WB4A&KFoCxIdvM)=R7_z2}kimZzst&=&;rufrW&X)1zfm-XnCY z(kAvsOHJzhsJxs}8tMn=W`>mKP9Q2C~~ zTtnhpVzEPAu7l5y&A8tHBJ>0iBo8zqcg`ucuQ&4g*y-$3;Tc+Qa`d1!sV4ml{B@5F zAA_Ws@iaT;3I}RHBl8f|;YiA@>Va0dq42-KxpUS?2YPFflOu;U-E?rrCksIMBL@>u zUT`c&AVyNprJ3{D7Fw4!#YJSzxHBgAbHv?XEf$YAh{-mzN4c1dD3>Rr1TL8eNPA8m z4q~k50aO2A{n|gwvcU&)pMO9^`rw?}&FIe$OmB=p>Sz7#hj+B(@<4NEfY*svLZsQ)vZ-`TH_?1rRb>ZRkhV&*Mb^2_P~@N{b9U7*25C# zR1{s4NJhbH&HsLdPjO59l*&sFM3dAm%f;T=D$-FH=l#>Pgwf`Cf`Erk`fi+rj;}Dj zmcP||80A%01xU_4XsnG#THvrICR4q1pZpKBU+-dhMN&5~1r<*rOA4-%baCUtxcart z*V1WA!WO{S)7WFmgdB3MC!7O0kE$2~49X1VtGUx>CI&+|+M0uyuktWkp0OvNjwG!( z`>VaC-C-yR~KkorZ(jq}Q z%+K&USX03cy~0dw{Rn@uebYUayIZehosT9i_Pp*8iJY=qf8C$R`e!FL5}E=R*j89WpQ zWfM*9KNaZFW|DzHlM%bZAXhfxF81V0haDURTydqz!?R~gg$cv!K@NR=gWvAa1z^u; z`g5XN3G6Lw0*d?iP{eDW0BJRmw@hawc$rBA>1tWwU@H4KJ?V&AYF16A3C1ZJWsVC% zBuoV{vY36@a`q`;)IjmVm#$Aazzh*c(vD`iK?>r*+nw#x2U}8ixF{XV0q_=cOgxTZ z841;K))C)rhtGff^TSE;q4+TQaJm^hoWPt@DN3!ysnLZJ9k_y1;CQfZjmI37d?}(E z*!HR20S;=?O(45`s@423hpOa$_tjUDO1<$2Sc>rJ7!&gV{2{*i?7**0zx{oviYmqLI2N2g(>9)LO_`gH+pSdIaGcbf_X zC^sr0zrJ(9OX|^7&PF`fB^>SkisZRZ^B-#dm_Q8112s_bKP?WdhgU*)8n3_ z0Dd)8yBD!-RKTpy?60KsCs?=+9k<>66DxBVm?eZ z(#-4^?*ABz33D)jlxg#LqHDm`=L$2X7){ag$+t&B0vXu)=1xF5N4a5ld;4{2p7v*R zwpLl6V80fL{jlBmp<@xJIIl7dK`g~9;*xSyyEamj0)x*y%CwcrjCz?WmN9DvEAKIp z12@5Gu#WY2)~SSSVH{?ivBduV2v13pKcZq!NPVP1P+nw4dxvrxjO~?($8zR)FsDHA z<{<9_OUBim#lgS>O+Y#Y8FvXt@bx1tNPQ!Kn#Npb@~x%*X0`25e`1)3|AJi>l=xdN ztt!Fp!&m$AQB{!idvq#H7ZlcoB?Gfr23+3dKaxw=K;?bt%qz9UtT@^PKJw~}ZfS+= zP~0;bV$*)sl2Xl+cxyr03;ZwDRB7h85B%0>s#A8Mz0N|xz zM=PvK$jLz}DMva<82=o43NZe$*+E`SE3Y`>tjY+50e9A3@Vw()XcRP+CS0K%Q33t@ zZMu_{Y4U=NLXN(qvf8#&Z@1jkDz5sG)@U96ziy^c&y%8WXd&P+{c9gLW@vE~9j+q- zaP8v(R;M3GflPID!1{Px6{65`1rr<5Knw|M9{poFa0J>Zv?pFpR7t>mz~x0Z40Snz zKRWP7^v6f%?Fg=n3Tz&?cgt8n6Moz0zP-&@=G;LJ-FpP5`*;smNsM_TeB}r zJV)(hDUb;NjqRp2jcZj!B!hS=qQgAR2-W*2xCKmHtr8b`Gw;5T=8l->Tzl3J^Dt?i zG;z@=6gVE6uFjkktBIZzi8;Yakm=|YcFW3PCQpO|TX=JG_m{;!h zT-_@!k{(PDBbC1+5ol0JCXbBUidFALIl>Yq0>m68CTPRWtVVRWEZQQ^adDFHugKIwsZBCUx8$|%c6Ew|chdL1g(wgZ?X|IRbSJ>6q|*}w(lc2@%P0oAdpXJG zMa@6Op;Ze9ih6O8_LsP}*qS;f0Y>mT8(?+^o0p0L$ZbY^MI4(W3K;Q=sdDz@_M`=h zXMmA9S^n(g6l8)E^X&mCx1a4?3dT--uY7u+aolOw(3Ww}b<34;cUu+p} zH8*Tshl&TbRQ%psaPXT5%b3mD(xE-I^14XS1ZxsC?McR<&~~n&UrR9Ak`ZeZGG8fG zZ9r{Qu~#%BO;a$ZTU*yo_m%MJm)8K$cB|QhY%j*k33)nTAsj8qv3O7%C*@yk7etBY z=u>u@#Dg)O3H2W9)|BVTpetH5*Y{BIuXov$l+m`U>g|yX41bEhJeDThkCVkp)H*Mm z&G0-YYZ#>MaEa6(iWl`YrEaQaWI-R!A~Z|C##l}kv_n3sXg^a9q$tKMX<}@Ni~6ty zn4L^2Hv5Oe+Kp#lzm$UKa3LFOAC76_kxe8N(9>aq-oc`BbHt>b1G+bXF zH$5hucbOgADE0!)uZquz9oR<>#3WR3pE_4uOf=1V%fiqg?q~7_lUi_c4&8BlinsI& zDIIFEHH?df)Zio!=c88x&iO&!G<1b~Rgm%V+|5S!%P+_mPRn7i{x5E68!VNxjxk$Q zW7xz#Ny!`%u{DED+eszBmzVBvG4FBVKFJ_PM@CMYB)kK{4$^>f51tpTWw+^G4H0CQ zarX$zYCf{hw#`L!dk@)X+qS#U;32zf2D^qg-%Qg9uizpxPJ21X2cgTwkb6u!YCn%U zVLYCtq$lLld)iP&afv!TP@BMu5{d|8-KVQ0uDi&Seo~uULj$@Q1lWa##xm81MlNr}B;u23Q zDd-t@HR6k_7tc~rPMdN73ZvFl{twoU?tqCjypBXF&t|c z)KSQl*%!BxK~Drb7B|!>pWt=qHm@912P1_5{l)h37vhO!DjtTOoXAq1oUApVsH5nS zUXgp=d;FMUPkwD;`BT=DX_(>(N<_Wd2V|qPdnc%G>n+5Zr`+WmP`{LW*!s^ziI-D@ zal(R+{2roe33!hF{s4s3%ut9i=W<-A)7Qc%#83X(2&IDw^WQk<3~h6Cme|)ytm+f3 z(atkvMNE+x`REo7j*>F-dFP1>ICtpt2UWORQe*^pQr;Cd-N;lPxOC6j%wz*s?HVBN zsZD5U$J}t$ZuR0@p<`|8=<+s#ukaQ>E z%EWcQ_Gkp1?v)5c({{XGN+%W^;w={5R%2p}sBrS|T^#;=^5dU3-8RdamO-A)u7c*; zU`VNhld?ZMnPc{xlQJvg@dtfAANbG76X1jh-3Q=mPB3=xB!=^fP1@VV=Jlp?m)pq5 zf4_;p(k9+Yo-ns`K^91M{AE`v&XR(j`SV#(0t-43Uoi5VA%l0*VRkXV=n0vgX4g&GXqCr`!;i_2L+fn;*J9->- zI<+S|wI`1)q#UZ#IKjva#NLnW_bX;QYw@Dc5eXk|w$|AaslKJmKHaFO9oV#dWjWQ~ zsMNavTvr0tPmlOK7m~l6jp)Hc26a3P*};+nxG~;`gXVpcSPTEm^7Lm(p?;e5&%Dzw z60euE4mF0gbW||0biln()Va<`re4=IVxD>J@r}d^J0V!&K1qFP->^QFVd;BU$?5d^ z&!I57{Z;YbM0LM_JojPBFQ!FA5!XpdxyMLPlrfcscU)_dnl-7-8fen<_U=xNB$e z#J|Y(d2x0*u(glvSGx}NV9DeW{lGYGr<00tFZusgB#kJ1P)8{qT$UMA4SfgcTh^?P5iw@#1Yx2S1gfvr3 z?~+m$YT%co7~<4fO1$H#RL!#`{A~E8A3s3;qh3;nE%oRuY<}JW!4USxDS#fLOrooT zgVb)D4MJxSuuw`dZUGy?GDi&k%8_rz82*Q5Uwzq+F;ACxS=;%VTvb&dM%FC)qP>G(tl8`$lu8f-X>(K; z(PeEAQsPFb4IOU$<)yT(A8cj`&{9&G41i90<#g%>d{b6S9XEnSVl+}Nz{XMNZ@-mm z_wU(7FwTJf&EZ}gqvDHuk{t-j6oVhLdATAO_$__|Uo-;2-M{4)zXl1rmFL*M)A6U6 zR6I(>$#htpJf!rSA2^}_6Hk07^LSbyE^MAee_r``dv4M9WNrbOTXg6=Vz;Q#GLmNw ztvQJM15Pgd!0Y1yr_zw5JC)1?8u)5F?+Pu)A({TjnGlJG^~4)h^RIYJs3jd96l)T2 zylB9J4ixqiN#%!-&^BagqAVtH7q{#(&=zgo=noB|DjJ6`Pa;6qQP%_?16|Wi5OJ z*VHl17nmtP;uuIY^of&TY3Md)*_aLRS4^gSaP)#Q1Oxi!<($JGzt!x9^}(I=0)NGd zC_B%oA_~KPfVqtfNaeUVw239^iGr?7HBtP>JkFE(EF7VAWImlHV`r}c;r;_WP7n{pNFgQ#yC}e9ApNUIq3i}veHd(;{&#B%3<-L;b)sNMt+o0}f zn^|QS>zse!DGL@$B4AycQNb9yx*6D(I#Z1Nf;S{{cIeIm~jny#bZ-z2zsUP!#5 zQ=x~nMA?O@4Z-S%7_&l=E)$DWq@+xO0Sdni2hDR?qAc$OG@pT=62OZ7X-G`HEEieZ z0DkkK9*0h3b6ofb;))|tJrw+mQhaKmqM4uUb1L~T-Cd;lBHqDGX1dT5*_ixO-eDr? zrbK$RH1YhnmZ`a(4tULIoQVOTEiL-lj9Gl*kC_Qkg>=*TH6;f$ra5@X*=R6#&?YA{ zv)WL; zw$Ft}2xU~0XH=f=^W#RTSTnJ#FD?Lk*l+>gbsg9%lSy4Gl~h9_DNG6EJ$#Gc>}*TA z0xw}Nrx!w4V7|3A@TzIAoDN)ztcDVwgSpz|S!-hg5@;IYsJfMforROhm$DvNWb;aF zzB=?*scDgFbu>+VrR&#n_3>Sja#31oUf(U7l4~n)$F;*YWbWd5{hn&!@~lOPL(HcN zRt?0&5D-3v2UIWM$d6MOY%DRU79EH_P(irNXWaYpG>mot{AfO_j^NsiYzo$RV6v~8 z6V6%3s4pvDIt-?h>T;zXsyCu^!-W%KlY86Tr^K{ifeXT8^5R*XaeJe=irEcnm~AxI zFrxu*>A62l1K2~}hLjp0jAuE!2xt#du8iJPQ%-q{RFz~f?JSl5G8w73JdCUCA17te zKz?pnBMY;0H#RzYx&PwzORkVbyD2anyF|av4lYjRVN;r#Nlu)!TkiT)E|_1_+d;+> z72$P;YSb#$)rs`+1`h<;Vh(q9Tm<_+90xBk^%hAHQYq))%`4lYAA>ZPZEn#xy`+ytzBIrzgmsxF zW+b@$u)jXBnod0mkx}s8c!2D~!K)WXT%4_{53!ZVgd5W(Mb*q3=F$A?^19{4R^Seo z78hf=sG+bJ<#9FQp*aKu)Ti8bO%*y-hK1Eo zx?_$`s!1P(!DE@50y@mxjOJP>d*_*`qFgo9LKT!NNl)Tg2=@^PKn#jobcLUD2&j`5 zo*8(3azu?@EuY3u>12`)E|IJ4SBCZHA@#nUYTy1M^4IcdlGkCD3f)Ll@dVmA7+&9W z#tU#HU0pGQ`bJbhS-u}Cj+Rw&An=+AVF`n9w2d=6J6qch`=7 zZ)%tow20T#BQ|RiowcrO;I6NOyP5h;M!H5)d_+@X8LCw}8EDH#kYoQR}bVbsZqP9chlHDB}Tzi$zl|yf&tU4 z&|**MLWjSy@orqq*@uT4y>iQzt#G0nE<;622?BU7bqzMS##dnqVJ)re<*V;(xvqeI zD77`g8=^b?MSSTN_%bIsE>8=W)s>Q7ENOc51Y3HVrK@Uvc{ae$RPf86@$!0KOIIho z-6p%+d4rN|{?<0sY;(%@tW>sb@g75G*)*Z;)ym)#a?;lyH_cx_S@vl{Q8TxKLSh^#&Q@=G162s>dk3O;@ep~;`5 zgE#XD+y(G3TKL@yLU(B5oe-4gsXsNQG(lxI;xs-_f^O&!+tse%T1}=-b;e{mFh`4r zacv|5knLP~tR zq1r@wDCb<*VlfTZryFkVB|FvFRWC!z;&D+@8j9F*N7nQgS$~dZJ~1cE(r7Z+fXO)3 zt(>XpHPcJtJjvf?XUUWjaNJve|9P#y;#gUr%}Gke`z&Y!#rhOTYdC*{h}qxutz2Xy9Y6*Xz$dZ|w6M(yx7kDW1@kUya~3MX=Gs1>-E6_2T~7792q4 z4AT;JRXlQgDO%@8G1?{6o*uk9^gtThF{?4{9D9$^4pS}yhJSkDDCF?$6wHOG(@loW zrO5HLKc1sGe>k7^nTJ3wLEREamqQl|`o_cbQb&SSY!xgd&jhW8)re{isw+?7q@uzi znnl_Ak9m@#x(acrwSi|Rq$z}mIo@V@)2}WLS={{c&^{AzRlo{WsrM@B(!E7CxK7l5 zR*P0K%d(n(!u43L)jSj|!&~!GAZlB2R1oR5$yY&M)!Y^2`67=6raF$khpsS2wRlY7 z7AhKPAxFGCN*`&Qn(C+tSEELsm3u2U1~GN)4)iPdEZDGMD9wP*$GDA{Q3`lhayaI+949ylr;Vzfe5 zCPq-RJc;s4^!%keMom8TyjM+Z#6>oJQ1X=TeE0)EoxDoYR-bKy&AT?VJx8B<^0$Ph zaV-q;eRuSYwaYpqDVZ@PFry}%`Yx|<4dkI@BWH{+LZJ*P1>VVBtzpAx5IOcEiG_i$ zEu#IZX!xw4&^1c82A67|GU%|6oo&hybyW=u{&h*Nc!nNfY@v7K(cEfNtEI}huCL!p z7uiy8KLcWu$DgBcV&0foB0LA?A+JS&$HOj2T;t9-C~He*2G=%Y2nATndR0HcNjv;b zV#dUU@IG9WSTi!8uq6ydnv&|Jrx@cYieiq!itEs-r>3*cxI9+Jmd~f8&?89EvdhCb z8mr>U8H!sz52#8#HRF-9QzDu@1;Ye&PLm6>A2OWJq4P7(4soCru`B!OKL3nc>I{43 zu3A^MmN!jP6+ zGdX%#yLW9YCNXn@l}!=WO3E%Hha67R@s@msA-Q&!qbqu^5ZZd@$4T-@*T{xz>gB*( zKKotTs~zTEBeuS{tCvEItASk7FCQgijUTTcRn2eEwYiy?L5(@y*+~A5r=F=ADh7Gc z(bEyuDHK63E{LLw@2j3b42%h^vTMr_06K6qHe4Q=V=DA_-wChxNr+h^oyePX{9Tb0 ze}@6TXZPF6y;Mc32Hap3R5QZ;^3mWMQi;mNy9g@FBqPtks#GC1wlBNbxt~(NBbUq@ zxr%&#E(?xKGZ4XbQP_sm)jDE@|0wJzXYRpixbh-^Yx&zy zib36cExkp|LB3rNBs)}P$*x`YFuwvj^6XLTfyy%`>_3#8#Qx zPj+IP;k)YW7Bv7Dol`}$0v^$8MY070UxjXt^KoGMT=91Oz1)BP(tM(uaAw4*-|X=M z5SJaT`V6kV2pt*nc1OzTX*o<+A0-#4YagSA0YBvtazyvv?D4Tnvi#_nOn@*?khIVP zMG{5&dM3&#gc`i|_P~7nI)0x{=98dEeVhAO8n^0Z7s&Z~m~ z<7~b(gkezAtg-urXDv|O z92!9ijAm=l+ZE_rs-0l;{TM^vtBy3iN(M@|BO5NCPKTM-7f0w{v$J~izVOcEbfSv6 zJQ<}_nS~trK>p7-sUDTmv8pkCZB7PIrQv+66#0Fch$mH^(1xQb&KLe2H^DvEB}tR( zvGo35|M|ZQ#Jrf&LItncxIN4oC0)lySk%bnrFZ5iW;X53kr1^8xU{Vz9ffh;KLr^3 zB`h1BL=2%hXT&b>ROKN4QAjzatHT@**>uaY}cQslLXH9>7k*FTrRY=P<>D zT=vyv)&osIIt9d90up@vNW)Wa1W?nM>wcoAS#3Mi_&d!iFIdJ=U9~;fkz&j~G_S_2 zC~@?=vOdFj&$6be%w`!-g3Es-m#*8A_n~jjl?->{wGSU{x!y}#nouqjXX73qbmXgh zf6k`Wi_D$GTMJS(R99U}ts(Jx!OteVPd>l9@MmklyAOfBIt1Drj~s-`GC4tC7OK0j z)B*hSDLEM|gvw|-`Oy(P@+`7*G!G#t00}o~xA42BS@IqDo0}$qRhj1x`0UDw&gR8w zh1qMp5EA!wE%_}IWkgB5SbV8XhGo7m7=jE0B%}(@3)5AVJ6oCx#9_(2bRgA)AWlLL zn*#)YH1CH={83E|V!wR4Tl)|mO&TKA5M5V*^K3jvqidW_-X=iwF;Li^_QE>6@hV6!PFAWB$G*9ZxHjNxv?T)Ct>ZbP zJ^vO6@cNH#%gQbq3gd5zB|JJlW_I~Hb>M80m28$fb}c>-FH3SwF5Jq4jz_iY-o?(v zeuC3T{gnO3IwqQws&NFB45>CTYVUGUCdMfE*Q{6lkW6(H!hm0)ykJJv*`(G|n8790 zPyHDUT%0kEjMwtl@-I*SuMJ+Y6Mh=Oh3>B*S=c6xWP_1J1P&Rtg@Ce}!U&Eeg^&?L!}?qqyurl!j%ExR$f8O0aG&aoe>`3nV7 zvtUj>Uu(!=V&rPqgdr1;(%4V8iqmzn?eWYbPkk{bO{ES>ZZ*90c;}p_u=H>#O@Wo5 zBtxpVIcFzVxtHv!ZUy8$pNuXe^Bpoo(jFJ!0j0fv&b)etEH8Uk?6g%eH4R*N zo5WEC=xV9-4k-{VYn5klX+hJve;Q)2fC^Zl z>XQ(I)u@2C3JTFDpa%YlsN`~49CvCr{lsS5(iY33OzSM%v7fIqIL*cbGTw!3%Qb=X zamjW?DgPyf!E8kyjS%qdDPk}y*wi!y88a&xdx#I4rvuVGaz!!tqXU1K9zLOV*i!^H zr7ZO`lp+YydydJ_ff>yc&ew$}l9C2a$(KRSX)VUm9Yb>EUol26?w?&q2|GI2OiUJx^U19d zoMfr$TFy@`FFdm~##XARG){YYoL`31Q96BZT2hc^J8D0VI&d=s%WiE6CcB-vfYa$u z5@GI$a^_e&LD^_i)@r2L1-0h4@!OBe>>$oYd4AK+#E7q>~@`J+W0@c$z`b>iO|Or_DIPu*Mlhd_z_x0?EB_8{MCH_a5_@L&f*4qy?5=;u>#)5 zk4}9pDmLRx&aAMLDl{-ZywWuD(6FA;Q=XMsKO64_Zx0U5bGEU(rh=sIFcf=&d4Kj~ zIctMB+gaT(_hYOJ*^l9fEa*mH%_fO?wcr-OACI!Pt1pDU;~TkeooYfnQ{z}E0V6%Yr2qp4Tyz9&&i6LT<{QRx)cm3wt_(l>|CBC zn>Y=PjnZ9}R3s*3sp7ZfgHlUXtCeolEoDKZ{!E$z1+hnrE`LW;E6< z%ck^78&2_CXCdwCQJv+X`l8j;c_!&Ic`(r(=y&g^u?s&x2Z8MQ)v63{(-4sGRY3*H zpX%G2HkwVyj$<)FuTIc13dP5YtFhnPwC2UD8d7w_MQ3qj%lwRK=5xY?>80lwq3U3e ze}LuG7)l!~Nxw0&;(+xI$&-lYCo51Eh6W3{HYbeH&)~-6wq?X#Cb`G`41H0RX zmErYRP=3)eL}n79q(e|Fa0bhRsd4MA3@a}3tBpGI$8(b*d!u6B1UJPVr&NH|I!mT* z+38BgF6yqRZ%=bh20NTdaATt1MK7gpmp!!x51Kl+Nzit-3#VJk4?{^nsa_;mG)VL8 zxQ17{nlaCzEh>F2&YITLm#4wAJ>4MvSyS&e_l5Q?{U6GNv4ewsvc-4}+&_YTT-}aJ zFKj^db1N?I5n3+j^Y|>Cc|C!I%D<-Bba9U59s0y^&URzIwTrF`le9X+`}>urv{%6ek1 zeWf?tx8ybL-?eU{jFs09}6*H4@m<^vAw;lJ@`XXo*5(B65v+u7ND+}Yj^wma>o?ZsvF@gSZQ zjqRY>aJZx&o=af<{hj;_60+b;`5N&x$&k(6YF$s<|FO64I?+MCw*O%CgZo z!SsYgrQrK>O_$b*o<;4)YfV}y%z}h=znp!gn}&3nn_#y{=pn|-B;$#|;*Qyl+U=-g z#vHM${(>Ro?bW^RMo*%~i2xqW7Ej@ZtM)kBHe>0z#drkN$W=xn7spmBitxW`+g5!d z+Yv0#edqU`-*)&8$XYCx1aAk-|hF}Hb@`s-8kt# z8$KDfciX#9lfmF=Jb2PhhRN`8C)s)0Zg-OY&hzBy^LS^?c;|rd)!FWBhwXOQ-hR8i zy|>-o+kGBAefIp>E_Cz!|5?B1P#6C+@PBHKELv~Aef#n_D&Lp48{-Q8Z+my=iQ)g+ zPoEP1_oQ>r|9y@hEVmII;F*m`cl7aNa2lfxE17cW@EGeY1qY`||17{bL*xoEx;+Y{ZuCJ|q zp8`EvRUWPkFNI@@GN1R^Q4d{uvkR*y3;u_VJNHX2{~H1Lwc<^hx^WdGYw+fVNI z|8x8--T#J{HyPsw=fB-~e82yn<7esqQ=|qefkhGs`}rWcj3?vkjd6wi*M747xT62x zg@5klzt8cr@yjnEdR~vp;Nci#zK7#1JDbly{OZO12%WeADSjq9VRZJ4VvNq)>%qFz z@;;)J!|V9p=4P-RgdabyVUfo$_|q_(gQ&FkMKDPFrSk$E3gqRw#X1n(@+4!e_j$YJ zid^e#j=gRd*1~?%4xA*Nx9k9ObKkHN-zo2gop9U+LebCz6^IWaw+3ajfA~tO+Z0Yq zz?0Lsz`SWP;=?jKE-8v6+LU&GtN`UT!N3@&zXaYd`ir6Z)5%uwr{sN#WxoNHq)!i` zhsl4KCNwn<5=}W4tRLxb2S+cYr~&%(Vx7uE4g(V^#}y=MbPDC6bpQA@&;L^Te{!0PF-KEW&aO%Fy`SauAFleHc18c!d9r&?|3AymMsUO!u!b1P zK0Zt0P!L_^+-We$Xq@%panz5?a-2l`rBn?&lJCrCGeEF%7_9$G(OSPz2YO`O-{ELs z>@lOO1R!Q zC7jVh=rM30&&EK{DX|Y)cVvaG!2QYp;ejMFMsraU8k!7 z@B;1IQ_hB;P0^o_^IRyetj0DcP|sGjAPz?p_sH9XQPnb1%N#)xhdKy*7ZB2@L-QL~Fk{9(Sca8(2Y)EhO6V zm8@rle5g5NRWhLM8+O;3j<#A49!d%6tC2(m=PE&11h`|wUJ-OB*n27PGe_O=$-wtg za;-Q4_nYNYh&`>*?I$5b*`anwKE$yJDIHNfA)nle0x_ahr$*o8$Im6 z5~L^@*d0eC8{O4a)z#J2b+BA5M(ewl(Hge+;$_AdSPk*jBQ0+29RAMyq_B36J>r2P z1>vKuTi6=`^`wYbM>HvP>iCB3Amr6YanbSb5VHV5D>#AL0m+Da%Qp=b`r734< z>`$#`c4x}@w%5@oW+twx)|J*H9Tn`b1=1u<|-iajfqO+wCC z(W9|NYcwnX09*3vi>ka4T^@w%m5nK?nA>lOQx$XkqZ5yjO#H6ss1!eYxvexvjVY~k zE>i0x!tUBIyP>C`|IbP;AQk+-2HnR0Ya>rl`m6O&%Q*q$-2e9vJH6Qb|IuOpsJZ{y z#KQzHo@+E3K-|ikR1Vm^G<=*-ctAS{QgdnlH;?~FyOsXtqwS1OVp(Ut;Wg*bt(=CV z6gYB7`!9?x{mwce^1e_{F_(0BU#>+*YRwhwB?$|>n4?ti^VU8bcx(*I42(mBf)|+a zm7w-S5ztiuq;|N^TqHNqx>=YadTdm&ZDKkVA*8YYdl*_ArRD8s{$ZW$nZC# zoH9o8L|&wy&xXSmz|pF}#WDu*_Y;YP3gIiIvlwhN`47qMC>bvgw5O~XFG}S>p*NmC zsFi=z|6+{qg^U7WA>FoFndX8y*QjjLG-l1 zrCWaPdI!GSr<(rfmr?-p{6CM668hg!zw!Us$WvMWOHDHwSO0{f_uBS@Z*1T$vY>_E zVacvZb)_QOB?=L(hRI~1&@%B6nx?R$MBi6Z9v?-0%oPo-td91mvJ&|y5`W)E&_o+& zJm;37n$HtIr}rl9d{HSxMIn>=72j$)4yTG2pJsx2f^{Pz^qAfbk82pegr5{$_g z^{`4~%F4Oalb_uILMdnNjCxb@dCEO1%`?F&vfq`I|4Ykb)dfoI0J-P?<96KY9B^c|y8SYB_K`2Vrh+RGIVsvgZG)&c zN6HRT+f`PC;_7!=oZ!*46#vb=ktADkZV^iH;%DRP=+JUTai7A6B-M*QMdkm}U+ysl z5-Y;jYX3b<#Qz@+8u`DOr=0v}p_(K&0CSzw{RGVNA~FV0Q7L5d`J2LhU~e_Ykgr$dD^F4RPm7GvJ-KWOm>l_k*z0%V z`CpC)P5$?dJX*E3D;*hoI{0-3CA zDK!2YEn8w;6Tk02xY34z1YkNAOQhO`l}*QBRb((jt9XOcgNL?50NTMEN9NqX>j9FB_BZ2^XDvXJAA;iV;rHw#sVMyjGr(X} z=*}YqW$0NG%d@=Q$A9DXT?hm7NepoWL>7IzoxdrqK<639nqaH%W6iLFO0wBNZFCh* z02B~^ECUP)G9<;vvS>yAHb{AH|FnD3!-<02m z3)>maEoTa|>wb*=hGD})T5!A<`-!j${fu>44?sL%O{gWgfgwe0{$*a9{>ZbJf%5gI zJ?RJX>If@s%PnB}k{_goq#*9Wzn0dN{W%5kK>u1g(->?(ncKAKj%}YrpTpC7bMfkh z@oRVQ=(qpdZ%H`gEEEi9z->T^pRrKbBP@(EA}|AWxvyf|K&ErN=t)9TC1zuB^Eh1=(42Wv9t{GE3l?H9>nuMd*@`+IV012 z1X^bR3v>B+JRu&eP7p-{jJ7 zet0#U*mF4XFkU4rH47HXi3r=OA6KLeM42LAqRkKE6o zr+=RQ{@K5t;{SgCyjUK7cBfPL-}UDk>uRz4XjfrG17r7XkFQepJXN_Sx~$-TePMgY zUF$_(%TrYUhaZ5J<^2Bmljr}@Kkml$|IT6K|FMy$vi+YkMBM9xU7@{YNho6B>ZM}x zThY(0c>mGd<6`+od&W*w-b_GYWZYzGJlG+jvCEQFSzYy7Il$IM?AJU6x z$sJnQtp>NS3m^7z=`suVMsic z!epA(30I5AyFv~#)_!7Zlp*A6m~u961>74pm=_fsL4v(g!@C;=lRhQ&KblDR!X8^A zvv3q}p8nSx#Or?^54uhK??#@=`d>ge;nf{!fpqi?B~S%V7EK%02vtCG^}-w#t-M~Q zj=zF-mflej9j)X=9UW|M3UAz)w_C4~skkYqmuX+BLpxJDF0G@bzWy*ZHA$3wC5l?v z85iNQ653kw#YShlv!|r~w~qL)!=6V{fD(wQ0t^fCq4!eo_|G`mX|J}%we!iDPOo?ocQD|C|$#J_}i@9Dyg6x2N z3=dMsou6e#j>p)sUS5c7K6&QO+zvF!+Hm(t%jBKd0{2#C5c*W*RT;X-A{fs?smwwC zkeY5FMw9FgV%HM_4A2AVw=~kdN@pzvqF7o2Swy7vFWM*s7QOtc1Pc{s#idPsmgN+b zu`f$T+Qxc})|9%W3WG>og(+ZHrf^8~cGu0G{=)Y&aA4&$4by5A_! zNWfH8Pxs3!94DCxhebM{O8d>!0o`0wy5Lz1870zwEh@4zI=G|JzU6WB^$ z8GZ>%tduw|njV}qRwO}DT#361dH`{!uQ8nI#3=SQZ!g|{Ndn?ZyiQ+W?~^#L*BG=? z5PIniwra?Ve>Ps&&a?AZ1$$9nD#aT9$TOGLD#E&2Pq%Vr1N9rO@rn2Br6EWjN_Msdf@*YyTurMqm z9?H(Zi9VNuNa`nJX(TI>6*43wcYmd(S-D(PYC3#%W7YpwmNwe{<5(%7d+U3AYtKLU zmjAOgU$6`L>^YzXK~oW>STz&nN;zc&fo-A12w&`j`$SL%VEpJ3RtwK)#2hfm@pO|j>TfzmcJ~$eJefIfV*&>JaIBC>V7JT zPi^lRJgXnGGPgo+$vIV@ie?5W7b?a2Ny_<5n&3jrMu78IXzh)qRmV<@9onuo6E-o~yXK=QAHksJ4 zk=z!!;o(i`WfA*S=KfRapw!h8e=iUF*1s!EyfrhuvGAyj{Tk^b{|;@>8b1&57XM;2 zv&JEo%X&rZdhF{LpFoC_L%z6O4cw(Wcc-`iux<<2)l&etj5?674#`!yDoE&~5hs#R ziN;dh=ET=4`WwjdvKldbcM{|gV@dK+RiMU=Wlv|piP7zJq|4^9z_sNqWTdT&cp2o& zAYe8L>n39L`^3PVV|Dt-Cqw$8oUoI7Dk^wcN>y@2dJa>(knJk*Z*}0Lb+EeRmr8UI zY@Jh(CegO7OI@~YcGF=b+JWE9^NpZ}Lq@Bd{Z@tlMO{%GC&MMjSY-VcL40iXDEvY}FpEjje z8hR$Org@^Y^GZ29m4c{y*DmP6(qFaN#c@yS!Oz$K=s4kKWp~oH=#2C+w$fa;RM$5p zaLG4T$9BltSl++SA&n%FB;~A<#F7V+Upondnzt(2dZ#99g*;ECR>Nk7p2Su(G+=)Y zp6@%*JJqGGI=`l@-SO#O_i}wHN0GY2mo~~CjyAk@SYKXKZ^X(t9}J`EW_@q)(88FZD?n&BEk~azok!I|7m?I zgQ27+`sQVS)?Rkk0IKAGOle!H-8BS9A3bzBNSgTLtiH$yJqQSBM(jD2GmY9XqN!KoPib~_Y>Qx%#J{Z}0tlqYC+*^{OZ_%CGy za7Q$n1yP#ZF{DE8(|e=}l2=`fB_DoPhNt4B zpd1xsO>)qT2d^GFSLqa4p){-Rm}!CWuY#sswJ2eX1c-%>X=+5c?B`q!@E)+`rS+vw zm?5n?xTcc}<@hV}C<4LDNgiD5cLj1>w9*;ldJRm?$gke=Z}paE3O>$v{g-l-pEu^X zW`EmZyH9QcSe*NhEDcUM<&I0`w@}A#Bpd{q#wJA@CH0gpzl%jq5q%&)dH@UrWr=rg z*V7Iu5_%7NF+)Ya+XdaD?7xk4W^8sew6+II6-hM4P*kV_`hjj^FzYcJj|a4G_nsM> zv%QX&(dJx0XeADd{GA*aT7oq_L}e@*=h@#Mpeg<984?{JjNMV`3|gD@QlBE%AU{D# zzjEz=?KuJ57~_}0Y+L-KGrB{<$Wk?l^D!HFcUlKclvKV^ale{9M=g?p{57V?Q-7!Xdx_?m?DEzvGkM5%942+~W{w{axk&OQWNK zFt!1J2!8#Vbp*6m0D2P3?!V&Wh?Hc+noV42!oNK4zrt;#Dr;qLH&SA{oZ+Y#*522f zPm0$`Gon9b&m-FueHqRj^4&#cFE}nWC<5-T|z_nD^6Ac^D&}vmaY+96YUgauVu(t@^1~UeZf1`Lwjc z3|Kk^z&j`X^9JuJJ|5?-H?pkpQyoRMSOfGRZMfQ%H878>J(=vlu>7-Q6#@66YG>fw zOKOYLDv~ow|8nyQ`n5Cf{@uUWrCU79Ah3pT7T}Ip2iUrSjr)lG+!^`<+ay=w;up<+ z+*l4;pFPJ>#7#%-aRpNXJn`lBDg7^$u{VUKfhtJY~Oi%BF+xm2T8qoq>Oo9 zwt3vV!_Acr{JKW(`($0nk{5aH@|=+`35}7+ViNE7^&jV&4XL~ruh%MYiWenZl?c<; zW$Dh_ulU~T!;fhBT!6j111>iJ&n@d=$1FGHi{FJGxT*Umm&&D|Ni65jPTK~pNLo># zd{=b}{lOD#_?&88QfjWR?Q9K|nLuuOeOAA_KjU^&HvjyR$iX`}d06{22K zOyb#Y$y5tmQ!A)32=v8TrUv}6x#RAvDFaDB)Qhs76!W> zx|Y=DmCvQf&|jszg;C;{6XS0<2RVn2&F3Kup!MErMT6L3c9zhJR}MG(Y@9_Ler|uX zo{%aKW*P{9tQb#L*7J{c&*a3u!dogt{_}qME#rOot?FbRL+_O5fxoXmSLhq#0M|EU z_cB&bkoY`zj?smZ77`Ea-god3_}{}D-x-iEpIpr7O~Z!y%$2cI&hxt4fV>aTd8Ek7 zPip(0U47h`_6Nk?;<<3zVUJcFz6W#x=Gl-uUSvBvoo+(kl6W+_H0Njz>}e8l{P{;X z3A=^t{Y4bMVbtcdT6fdOEEYysGNooAaRU`_~49Sv1qwz)$o5_+v)>30~r`KW4>p zyJ7)vk&O#(8{WUef&0OBv{8unG$^IO{r>K;`E&AAqT9Ugp{f0u=P`PZG}|3m|SYz?-5Bha(l`=iW;T>&=gc`t!IrqL7oB${M>V&yqM z^s~t=PIeAbHYKMKb3`e{zX_f@|FdloI)C=rSn$Qk?l`-D8?KD}?BDuAv4U`WZQh>f=d0^Iq?I20U-0x4@}TZ=`VFhfOlZ zn<6a7zJ?s$-G7NsHFpz?I`%Sk9c%Hx+e)&R9lrn`egfATF_F>gm>#msZ8`B2J0@ZS zH~pic5t3Z+W-C4o5P04|n!B3lKvvukmoPO`TA=4Hse65Uyi`Z44 zc9)ZBzdry0rPcG_JGS$=H=U8W+q%I)VQIyQz%Vb*csp7NUeD2F+Y>E*JXhE5-2c?%A|_+>#~8xgt)^!7C*kn3mnL9i2E-^H<*)~CXAt&$ti z4&CZQU@eO^ORJI|@D~sQ0Nf9Ih$KQh?C* z*>YSuisjA2Q75DZR@*1-TZrP&7>8@U%E0mB>zxX7>_IuWg9mX80>D!2FL+@tbbMO4 zJoge@DseVHRyXiMhY`BaE-v9@U4#9(d*Y5p zT@~H|*%M`A*h+Aor=#mrv9R)`~#>E>d-x}@-NWyjY)C%Uz^AzA|KTY z-hQi%_dQ*S8MlzSlUXnw(rPN z3L?K=xCg{#bnI< z4C9FE-bbckRY~*Q1R-uK+%RGriT~s)Jq1N8+KP@%0IxGAf@Q$aEH>TYvDCUsQ`HgL#NC*B)P=lAu5c6vsn5?m-?DObh81 z1oHni$}HtSbg1c+@Mi9mKzn~SbDd-V9o<>Of-f4XZT%DbiUuhgoyn+#LE-?0Le|K- zZG;TCzkJHLXppHG7PW^ve1by}wsN#UOl1dZXfdCe17UYB8-WLE%@S^SztOG5da>Y8OMj#%DOzI5yVC>^l}{rm;M@UDmuKD z-@aMa!vpfmAN-DWO0V}wYXIBB;WhwDh+REk8qL5~J>UjYIwG2DhQw6| z?EWwQJF7vptTW8(u03!lC9MO}SlXI5%+Nh#F%hdjx|54CO$q)5kg55;MIiAG=)6>H z<7LDiDrYIC{hRtn#t9_f5mES{6l2E(ad8MrJNCObk%Hu#Lhke! zXbu<13i7qUW*EkloC(Y}SPAdsQ>@7^KeHunt)h~(cB<(Cp?z0@YfX?SHg4DorKyTq zPgD}dH`1#K{FqjBPdvM6W~)J7?JnXG4l^C)Or}ukwM4_D0b-^b#Mc(n%ellu&jvV2 zjG&t{KLlM(2=|f*T5NJIb~ef?I`73q`#x@WgQ%b2FSkzTL4gDv*C7h_JrrDlb9Xwh zix5IrA@?AMLKnIqgBt3WXJAjJ2AB@DQ=ucoLF=GIq#kM@>zf%YDm4#d{!O3xmw{jhTQFNS)yrd)7Snl#hr<;6rC&>TyBd2>v@gS!hCOefwWRR`p?i_ zqjE~KQ#ltp579^22xXG!gl`%&3@G%oB#v2V8IZDm$BXDG#4ujh2)*7xJn?n#MrWdE<4#9xb_PndJYQz&Bx+&1WQ`~>RWZhSoa#SP2g2<*G zt6G+4VKNhc$5OS>O|u;^6}6@GxTzWOC9W)5n;=uDV!|7RJ%~mA5dJ+=o&vtKe1c*fHYyhx6_hMiAV`Nv6Mv$Q3se>$+@*ojq zp0>{EVd_)G_S^z*z#I(8t;19>fih7#l;w6{esi4GwhHyILC9Ogva=8aZb z{$AjgP-6LjlIp50oUsz^E_wrrT~5p7jzjwnla$QH9ijh;K@G@-aGco9!35yfB?CZ@r$*z zm#LJ$(Q{9A3&%@2jgmC!4CfV=LoVccE`RY98@;})?UE*KUY6^ZXS6Piqav%?0E7)$ z@@e*&g2#2-EYD(IkK2~1938x4lTU3|BW;eN7sXeq2FrTM(S~C*?4uprN6%p_TdX_; ztxG^j?O?vzEPDDNBodoCBKdHuMfcpCHQ{5p4Y3qY^hy;Ww8h&Wk>(*&M8*Ct()uH) zX<~MXkg5}kn7J}#BbmDuxb49e*Dk>@f!-48NvApLz7V+8e}mHxD}-xA_~6c~8TaQ` zw}AA(61|B5QeMlI|=_{mFgB^-vht`wL?ms%_Uw7^PP zS85(mqgDule}sgbo}>!JkNN2tApAxUAvF@|gg)^fV!k>k!1x7*1;k8yIzpHfUWpI! z-l3tD)prc%mZC&N9WFlJnOr=pELH?<^*0hoe7^RHJOqBKbTzTGoXSX)3=}x^gbC@# zQjP<^Z2q2#A2E8c6Lt_&zU7y2BK8s7r?C&X7|9nKFTBH-7q5Kg|BRvoaE6MrK>R=FWhK` zojQK8gnCTEX$ezh>r|dRuzygaoqrib4rsoG6|{Jxqe1Vl$4|sUHfZKK4(s>Qh>43F zgv&pScDP{2$I+ zJ#A)ItV4M2d*~yS>)CB5QcBUrr4Q<)fB5?Pj%uvckK~wF0Q2dj??qVNpS_ zZR88mQ)v*uJ0a(0f6*4~OCNA4XJ3L(JTj89GLH623SDs;jM{ZN`KEs%Os@KTEM@#_b;Y&!>rMm>Kwqc+u$y$?-(Yj@2|obJ_%J z{h^wh=QV9j_VS=_Y=RjhGBJS**BDT))=m;}cilG(oJmSeSGfnqo1x4M&0?na zlvc)KFMI-xOuU7;9Fb$4S3q57g!cV}pTdg8(Z63u1_qM>n>|#em&lsqTgS1fa#=`G zG8bUZz=kh}9Gqc{Cj2x{5jZIm^Vl`>WZ>^=vdf$5Vc&>!k$>;atpQN~I`ZbEO7o$n zk5s5=a#(yNglM+KappQ)45=!LC=VjouB0(CkqBsT;bvI-V=sJh>1dm!^J9gS@ukDA zR{0{W6wYz?Q3SES&=!l{Rb`Dho~cJiOL!ZB#l*f`6}D5ukZcsv-!To6L}#z|ceW@uti+AVg@1(tq?Ck3 z?<%d%tMY&S0q-Fb%XCMH%4aSds}7x2k~MRwlnK8duSvTSQC%io1v?;Ao5fe@fG8ab+VX{3l3AbsytvM==$k7d{c^K*z!cuLC*L{TG zJxkI#DGO85YO-3d;5e8odfC~@%j+?JJ762<^)IobRod?qkyp0o9KgBHxKy2pyUyQ3 z<~SVAY>HWI>!svG{bxJYZY0TV+`^S7Qraq*8Mnzu9_saifF$v<2w13@iXc7{DQkTd zDND`8s>Efeiu*E_J>thXNX#m?PbXQbk&kkO43fq~FK*}YvRbaud zq}5?~8B5%8W29*c$u4Pi_bZ3h%><|1Amg}eq!x74GT13-JNWE zwSL`3#iGuBN4&P3JuW-A!)S>?bSeUUWfBb{v9#r(itGbL>A z4R&dmC7*$U5ioF;5g!p^;WqOQgC{#BG>;$;EGGu)>SQmB39Rw)ZbhznmO12-))=W% zD;rMChH!^kp~`Kp(Dm80w38#3eYEDychpUldq~k>1&}&vrX#ft1MDlq69q-;j0Fqa zQ?JMBL{t3}i!u<>4(?(2wYjD~uPy|z8pYV;Gj$DrnrK^4@o_$d(-~yGzNX$F9nx}g zIl{mEP$!m54Qf5LlG_hYyhoq>7E6=e7W?+khs%I#+|e)oIPcLPYS9=)J_-;nbV~jq ze}K_gs1JESVLZvhi^^uN!-ro!87^cRQ; zLTGn4?%K?-FOGISVERb*du_|B``N!gf3rb*N*!=V2E{S*q5aPH38qCGWjc8$eBL4} zoG_0MoF_?*IwtLH8K}^Ddj(a^g9`%r6zc*I;40fn;)4ZD|NJz!3W~`QQo^2oog81VqqSwgW13Eul_! z)=e0B)k;3yRrA{4aBsxq0|q_pili=6${Ci?@pOdDEOG?esW*U?mq8>v5p{>RHFm*}+{k!SV_7)fGsv+qm+$v>D2{3ytZH-2&dDNB`|Jhox1Is{-5@RMC0WM*6@x;N^_{9reXVM;* zJqQIY;CH(jW3oBVq=Gk01)o|_uO*$qZp^AbtSx^lN1Aw{}=^%HT(I8vx1$Rv`>JWvsSj!7av71A>XaDq{V|yc0w%G(N8KF(u)Z)qs(& z`O(j)T?ocO+fmnYUS0EfJT|yr${;2wO-s?Mah9Wgxz?uzKHn8#t zDztsZMRthW$!dI34OnuH%IbL&B&cVDc;@C4NIcNskqc)F9xZ)kCJv3s)ubI}ac>T6 z-O>ajU_=MrmL1tx7`Jlw+4JUbJxn#@-EI=7L{NLuVRcyHqqO~UJ--gRGn);EfQdgHa zZHS6ht}5DmPpr#3$O}pY5?#tj3rreUmb&(gpfpyZ))PzRy?sc%b4|;OI zgf2-YXS2PdSJ}*J31F{|+RA8$lS%b=8^|S@aR7mPBf`AH5(eTux+(!fF;tPZ;hz;` z*$sU-{7Ktq&8~faAntN(-P>%NF(u|(NC7E3vbmT1mg5gG5-1Ih?|LQ&y`OVwod~=R z>#!8Lrnc;Xh(h`CE^mITwX)O7yA^tXtYYckhv4ad04?sDc;(;zUvlnquK?RaDg{6m zVy7dh%_fj~3~-dkIhG+6{3FQ>Q91*zLQ~QO{!JB`SG-<%5#aR10!%rIuG|>5qt_yt z(z$cN-|wVxa__peLyH_t_Q3H?fR_#>nf%o}E{!q&2#qj1qSwc8o&RUv9_$4jZaYq& z$Wvgv0fApH6My52G}(knYs2Iu$hV?;DV4j$0g|n`VTmo3+Mc3<95IPet&FFNLnuqU zColnG}O!_>{*XuDD0$IUZ2-~ zs1l1rw{IFM7L-9$bbg^m$g};hSO=%meWp=|2`Zd)qI|b&n#sYh!pc9?0}Gwwq|&TE zE^KhD^`_8l9fq9u67<_tp@{HiQZ&saLj&9^Vqp^ezN2#DAxzHH?fD)2%x6sWNT{>x zJ7j1Euf${FX4XR-nIb5H4vvR^Q?SuS>OU8B3$V;b$)xdX5AZ!(40QxeSxyEblIL8+ zEn-ql6NLk;M%IRq2(^QX9iKc4Eq^85s^8?YZ04$jh&19^51KbmaAHmT1Ee^6?(qO| zzV(8SejT)b_3qeT0&qN)E&-B4>=;1PzxtvufS8nR$6j~Rk1sN;|G@1DZXEw9PK|wt z@}t0+o7FKllGo=XeD&QxXqV-epY6&vlydS(dDFX#vD{=FKGCOK@yh-F%;Ramo~;`B zt#P|#1t1;o++^s}V|eMx3{N{`z)Z@v{g#U!2u$fSt7#1iFL+#pZuQ8_iw%s3+}Q4k z<@@^j>OwdfT&363yS^OZ37*5CG}+nj z_y?mWR8Q0fK2aS>GxWz<JS8V*C09eZ&sKh;<#c&9@_K)Gr2bo8FJ? zWc|k-qe834W%TEyX`(L%r{lq7Z;O;Pkbg6JWbPehZi&ad9TLkqcpM4-q}VY_{z^;c2xk zD>g0L*u?N}I_e@=<3HDYv2DNx|11`(6o zE_m|s^K^ZC=t4*vf$xr;CpPwjMEkKUQpi--Ar+L0sgO%K{;cXNXvn6ll4oI~TpTE3 z^n4BqjN0?ycHKmI50hxqL#Fj)P~_RPl)IX^BXEIRMFKeba7b(d9y34krg`4(2$JVw z8+Rx_T88~~5L4I1;Pm(2#B%)m&bx)qmNwvZ5S!hzg&;x~X&X4{b+jml` zNpzGICw@NlhXn6m?~q;%Oyx@g4y>NnOpNVNFsIm3z7jb;uAqgwH2HRbzP|n4e4?2A z(dHku8#+s~R`67^71e3gGJX~NK0WhPm(x?$%ll9LyQvFM+#($fyDYld)BzXayXRS} zUJXkKPmi-J2LAflP|KGh8r)KyzZ4&!P9AgD3$iyr ztu==`O060m!iU&mtm~)fIHgvw4iiUsgGvd$hUW-8j~B3$%$%OlbKJdtmsrmKTaVyw z3zA;-HRftNxo+q1oWJN6VAR)^xO?mY9t{Qk+~y ztOsn;6?KT=Fn{ux%q4A-nb1dc)dM0J`iUm~F+?{em8(WmJy7l~?URUD^8 z@ZLGEP?0jCe9ctncLs%5m7sctW(ms#9FwF?SH-D0Dj06fk>pTuk|>XTh>6$Rn{gM^ z_afYrs=sjKgRCD2ER7FRZNTGt~W*ERvYIRN+j_vPWE6a8G>+%Fjb zS>6wm{gDUw@_D|#+Q2YR>x!q$TiVB;yB!riiXUwJEO=QpgcWK#8Tcf+1D~*46cYGv@t`=pCywc{O5 zk^o!MI%VHoWZo;py)lv$a+P$SeT-LR`FJtWln3ehiAnug0qG{?nPF4RbHQQf>+r9j zZBjfo;!HgxE7f2OQVW~wFS?P)O*e+9P6nYJ>;unv*u9|$bkWbG9D?EOj0yqNQt-l$ zrE~A@9mbJk+ng@EUrIsqQSyH{DPf!#apE5*7`()FJT4+5-GH1vl9vqJxju62v`K5p z;*OkMvSS^k8}{l3=EbRFGu(bgm_;*tFF7-VM)BK3w-9AN831enrM_@(~ z3}yfJ@Q9Zrgi{X~)a&tJy7@&9A{T^1Z5tDXtMff6i-P%Jcm9ctABHdYE3Wequf5}n z>aSP-jCe{=Er$3~i2$JdcAbZ1@VxWKL+oJ$>=enh%>&r(Oojo&kXz+JvA;FM(3Vb` zryUXf$YqGMOBv7AM2dL$6pj?dFN^UdU1@7rFU}U-QaN>WUd%TtV{j5=?Jy;hf+jKyKxz@kQ1&H3*^bxFedjf8j~J>d@ON(2A7R%5pvZs8 z{t+O{WBKeacPjQ~pA1la@bkH`&)TP7>zaQjC|{wc%r=Mk>)aK#fS`#&4m2`UoLy3kwxSW^aWfi_({Tgcoju%iYonjHzzg+sp*xp2WJ` z1L^=uB}*XM0SJDRIg*_)5Rbjh-dGZHN3y0!6PP9j>~^uRNjVykZIbLc?pPrb6c9sP zFr_XZvQF?Y`z2W%Yy&ZzK}Esde;~R-$ta3Qk?9yThPYJ^qSqA(41re}3+Ss=Vo}yz zAqQQH)Jc(Ura+;&HcJb}>y2j!!p@=N%QvV9C=!w(j~>z8MCnnLW@~yD89H=@^tiw} zbhSlOzVVxQbj8h)bA3=h8sZo>9VI5vh*8)M@jJ zIKNV*=f}zfY;!EB8l13k7KK|F$s}^TdSfo$aW#{d=HBgp*wShQ3oed7C?=?qg=ja! znA5V}z(F`HwTE!&7Cy4re_EB;ct#^ubONc_Vnm#BI#?2tck9b0qa#I0tY9_bXTvr0 z#ePGhV6<dk`a^&tr@i{3FO*E#(#Ob?Ny>Q#tcQK{bnpq1^Cps7MZbWk7=XNV2AE zg>@0GVOOTA)G(xZP6pYmJ|q3(+Q4ofy)^_dd1rx#=Y?jds)ZVWFmcE_WN)|59X`w^ zRX|7vQ-D48*oon5om&MnlYFqlG%pCp3Y@HGf27s0h_#91hAn-B>v0rGK;=uD4Z+#< z%(z&ceM#>w;6@}6Tt@Pz=e4$p4R`e$#uMv{xk`&s6{bVjHUMIm;i zl-4<{F@Oi&79QaW%k}j63!N5iYGUk@A<4eL&=Jowc7N9*X+>#LtU71=T9P`%&unB? zjeB_r-91lJ*>~91Un&Ria;uR*1JZ<{8n$&H8e-Zcp!Xd=c;NAQVhCuz1FVfHH-ATm zjab)1(#XUpTE+lhu!EaqU!#l!lzrU#d&^I5fDm&OGPAf>lkDa}m3j>xg2SK;H$9>g zTrQ@HI4=R9@U-UYzE}O)*=)bgf8%vgdsI;l7&kJO zatZhBGwYv?Z1qeA$PN#O|+B`mv^bmin;oj7VpzJliLCLsTD@ zDDh6mr=wden%P+VAtcxML2^u0MT$-O)a3_E+l<0`4$5fTw)U6~ma>C2X@w8+vj+1Mc)%(Ym-aEga|JQAk; zh-e`{dCV_T{ePp{P~a%BL+n=M8+iB)NKYH7!9Qa-g^*Gr@kIxC1q71va1p+ z+k*lyg^ih?XFcQw8B#SRjd#sQx0St(Dlkr^8O?9=a+4h92@gh_(nWdzO&u`q%?+}X z>^9bmU#;GYtrOlXqo~ zu+V$uQ#9wPb`_Yy;I&SpCmGOHR&*lV^oVCredFFIPJ>&n!seYSNIlzAM`GzmsK0^Q zqV8c<%kUAY!jIge(0=uIqKtiw&Tek&*Q!mu-Xqr4GJC_!V@cb4Y@+&JaYDOIed-+PKSj#eX5sBoO)Qd2NgF6DP z5*gU8F38v5OAgvfp&CPP{!1d%@5lD*gNzcA`k5#%wl~bYCk^|><8PB*f0AeOZgj=?`SkK$8(CG8xU{-7aEL* zsw6dQF-(SRvlpeVI3lDEPO!XN@uQdON| zI|lf}P252CZDZUxTL9>r??G&t&@3cbKCu#1{S>F+=Iqk7#VdX4Alo;y9Rw9e5q zZEL-VqPic#Ov3bC;T!2*&YL&B;pAdTQ}g8^4x@jR=*#sln{l z17f0>7?!CczGH7Oj7fv^;qg4_Nw$d0PEpd9TEQo3?oPmmcZ?`GL0> zZva9dGefTDOc91>p%eruhD-}JY;{PmKwx#&W*CwPcA#Q_eJMA+WwNFmj?3p}^popf^o*fYb?^EFKp~w&Bq3UA+l@F%kpNJcep2F47*pwM3$7Pdm{=*EpSyo;K zNGG~*N(MOpm>J{<5(91&>mmW`V}FhSC3Ec!-)t*8``7xUHJ>=-c+g$}<2N=%wj8Bf ztf_n9)>vwiIhGiy9jzvPs!pW2)k{sZ<{`+@%jB$}rxW$ZE3Aq0L%9&|cRI0C>+E!j z-~E8utN4}A70isscJm^v1ju>n$-b5df;)i=ZE%8r-A;o6QxTcNa4+ZjE0A%%_1iqJ zpq-#-_`n&n);xQOXUv!mT$z{gN$))*m2Qc~n4X?v+okiW4M7TbC|J0gK-G)rSYa3! zQmW1Bn31k{PhTXCBa~H2WhYQ6Z?!hrD-$v9C@`m;H`(IHO&}NZ`PH$vdWi);Gu>mE z7lXWs6MheC*d5Pb=fEegfIa}(r+??y2*8{~{`gJ4#L*eVMlOK*4WQ%Tmjom?ozSFA-6k>8i&b!_x{^CLY#6ywhMDwE$x)T7|S*5XyTJ*6-> z+~X+5ZYihqMvLRq5|krfvS=A%%4hoM{Sg=0X<_lfKSthR_8+U$5RYT_=%YJxQ}JZ{ zAvOAaAd5YcEiVWS)-=pJs#id@963mxg(}&8Vj-O+$||!pE9$js{m4f@f2C3IViUN% z{EoXh`NY|N@KiCn{-u#;>d^N0=W=(Yc9uzkx`~g#4*#?6Nt5;)VJ6RWh5(Rg4!FQ` z<-Yp_v-5ab+YJn@;W zyA1R9rq$Z67$<5I{mr}!+`>QGD-aoSiz9NtFBiJqQ!lqkn=r`{zzy&&XpXUc;2JTY z#s)Mt6tGrsqxXXoqr!h zw%Og{v(;|E-Ghoj>uRP3=i-suw9Vk#<+K%}R*UkyFtS2kx75!MfUOE^rYRAV z~JIxK66F|>4V{B6={`&GOVwyECCGS=oV((CKJ{x1I_1!ooYy`LN`!0lM00pTw zARw6~O`!ism{}M{o#;yfFV{dcacSt5_d5NlCKd7)5)K9}@tv^ZRCMO^8cmXv1z(J} zh7zAl?ERU=)uYyUna?iA<{keVWZ*+JqnWMtkViDXkL$TFu&}%bg-+n2Z;U3szY8k^ z4|rm9`k>##)+?02kWF}7(U+#2!SMX|?tvKE{zZ^MTJ9t%;;H5G&NwKUPTZYyvPtzr%M&eI+g7*_Rdd*bh3g(n?PRwJ>2VaZb`NEK;C#V>E&3Cu~g# z1B_sZq^gp7XsQz4TCA%ox=e>-Y~lf+o|w4HXE|={F$40Tu$okNYr4{FqwJ8+z~8V(ZfPO3v!8=*@fO}I>&n_)E@J$(K=nH zXp5bQ8jU%7qz*$g5gKxmEa({ciD@zDh{&!O}ZL64TR* z#Hw8GW@@A78zREx%JEX{EG-ZGABFL#(-xT!5($df}c_O%4QC_dYfnB5kt?FgRXdi?%X3g^VJU@o@Ih z!3kG*bS!Hvy8#4aOaAh+BU0b@Y| z&MF80l-cJohUs}{#*jQX0qlN$2I>Z^lb@#fR?MjW9X5mC$ki^ZskM95J?MfxM4Z>-x6|tdAq0HyH$rl$BqZgj zi>3#ZT*VupgxY&x1#KC9HrD3LqVLPoar>trPAD>riwrhc@9`AugDoBC96V*yAxfiIZ zH$j0>>(yD7KZn-5F@dJvj0H*QjX3JP(CGs!M7I;Ec?L&s;@M8SOo_E!X=#S3X{;0C z*QC})II2OmK}-AEmJ7 zkFn}umX{Zrp>A;XV? zFNeHxOcS$tmo6sJVg%;BGs4(BJxM4A>_W zzA3rc@A5xrl*ae!Hqz(ztH15O8K>gV!?KADeiPv46h`f!+?fL&2l>Q5ttRE?64i+WZ=eYM}RROkPnkn#x5`d>mS z2Tw?R3rDHz=C%g3s7)K^_fBV>Aw_HVQ%$x>ITC$5QoIZEF<3GtK9qH%Gh8#yf|yo! zC6Q`X{*k#im$$Ug<+dzk(2PaED%Wi?cDHQVgz=>oe!WmH`#CO*m^Y)!MfA>c%NpH3pcLYEZ!bT;xBTn@&QWgf!Vh;|&lkD5q#ef~`AZu%FCfESl9EtIXbi3*KxS{mJ9Ms1&BW{C`NPLf35|iLHw~Wy?ePSscjeD z0)GE9Ujkw#PS(fZW+-tajTdFfBfX;2)%{NDIu1*IK+U$s)40p+!8IC>#ceg{w9U_*~Y;%M08ql>k!rvNd2FFLVw2m%x11%0#9w=!;nqs+Q*+3+e1{`pbWE3Y%>0Y5A4Raje5@Izh-LrwkujnG_o^e}0UJ~O zNsJ{t+BVPMl?-T`v5S!MYs*DF?loXqYtXI^890zua)-W2IQzIou~=#6)rcclKwWA^ zMq3xzWws2(8C=lQs^`>reFhT&f(OQZh;@Mw`d_|k(@Md^aF}|si9G#i9sc!+)!NCl zK~195{FU$09jK1NJuZm*92qDp(*u%GCOD_L+ZPB3rI3V^@oOnL%P|7)WBt*FowUOD z3aZIr@{68klhD?`ztZuo-9n~>lU&FB6#VxOUq$ynd=-S&4_}3q?bzvbQ*%;3{g)9B z05bGuv62Klq?vc%k{8}z6Qqzrpa~yrmzn1^^dGt^cGmOfvw!iwx8`Gb$bHWi4So~W z0$%Dtm>%eF^xj1VM0taCm1;Nti}4Gqkck=aUA%Hf z=Z7{22IgumE$kGPa3-B5=G?ao$C|Tb9%#-xO|cZuUJFwzGg-oD!7n+wK8B zC+xY--qZ}IpakJg6!CL!uS0Hp#<1e;xm1imfpI5#V@T&bM2CbSov~!;r(v_0u3r_D zU%s^3Q9^&xAd+*U3S-i3x$+H5M5MRUQQ^NrE41Fz5)CgykuWl!`N;7{J$3vW`@%zV zZHx&@052bb!c)V6(okj^L`%;a+oUWwEjC5^!ov)fL8Zkf`kh4)F14Ml=TbSYgH3#h z$6?cxSysl9KO|@x&Mjve%vR#pwsC}}h`tnz@}qoomGPGc&Ioj>5%BYB3rLJ!Pp#63 z-Ckf0zzf&{pbc3I{-t{XKgwo-%v)$>HR()H-HFBoMN<#L0Uvc^pAJuf^QlH(+uDP* zBF`n!n<@R6xXRYAP~2xMhghC0tWqS^5)(6v%?Y3|4cuXoKNNsc*Q>k&$OUXFqtPMd z^ad-l*+JpKNd#4$Lq~r-L6e|#iQL@)?>}>H6^mHyoDagoUWALyt^m`yRhcfE!3A^s z5^wjjcst&I8dEQ9hnExIkyqYs!|n-o@0Vrw0tyqT=8lCr1aNvK316p9M64(rARQa| z*_u+RE*`4ZuCk}RrhN2b9N|m6-e6_*{fC-@dLrUoUOfNlJvn6fc>2nzNxi=FA|RUb zj%XM!y)K%w1Ep}{M$Aes+_P+E#ldXfhqF2B2qoy%+#P*n@*Z7IRc00Ogc7*}e|*JG zXTC0Qxe|^0v)>YBr4K6>_Ebqs%y=|X^S+RIBtWi#)Vwo6>w*-HfY3PYZxM}QOL>Js zs5rw5auauVTZzp9F??}kKU&s{E+&?T*#LgX;O5PZNcl*jgDVqr;3gEaJws}N%c*yLdI=hMq2 zyMTm^!20K1MLp&50=bJAGDU$g#8C7z6#dk~8gw((%lI?k$ zXN1UfPkcd&9;lf&6Q`ff6W${eBt^jadnbuTp*I)3X7UTd=?gHWap^FIPZ3$ku)`o_ zUGS}+Z#C;W@~TO6?hdASNuC@?L{!_jn zyY#Yn=)vGY1)%8-2?w2;)&%_Z0xt(6b$g|&(wA7Z&n@5ftntOn^u~9viz+K)Okpv6 z0*nC@7=?4@TWLDfc8fQO(MpVkuCo`BP3a}%>I=J#Ht*34S8Zfm#vL4!Cc$PNmp1>* z*Z>H0Sa<#p&XT9-QPZxcaKeP*GGuP8Fp_gck0GfR{{w9s1%| zEae!%86s;E4L?=~1UYXz?{(4f=k8Q_)f30U6@$E{Q6xG^MS?mQ8FGG%!6NriKcVJD z@-iP0r{n|Mzs^|V*0OmMF_ z+f%(IKSLwyX1JVNQ*;)v)2m8LSs0@PjB{((c!JiRxS?lmO@bYVlmg;o;3s4-1WVgvG&w z!s1{(Sp2H=`La(%{oiveXt3wsf*QBj^P!6|H1PDNfgJt6f7p-Jf9m%JgHEIWZ{o?& z|5Iq(oCccHK;?j7?CFAYk_2!{r6|#Ki_1l2ES2W`@PN+`DKwW)6V;eoF-QMHZdf=) zk@6OG%(Z=Vpfo)$;w4)zb*M797yE5w83x|Ha@~)^(3=y^N?F;Y(FYHcd=aqs5KDVF zM}d}c1Ul7cS-lljp{OM@VhWa^-CM!Av_wz0^mUFf`s=e@es#KH1^o}T^5Vwd|H!xh z9v=1L_TTQ&QKSED;z`l}A{sa9UZd_6Q}>W(UU1P}zygfzx6S+;@qMGaJy6{(B5|7G z7fosl+aVUU;nE!sZD->C;m~C1yn-UD#?U7HC5qQSK2ct#1~U@ud-7NrOL8j;+~r5; zdPmBuxWv5aJKeVGIYY+B9+e!7w5{UTOGq^IEFw5#(-DR{PKlCCOG$ld)EVyKUw)zf#WFQ1vHnOA!k=J67C)@mLUs?lkt_jXWv(f0D+{IiNWQR5ts{ z?8M=HB!5{)E=ak*hn@{Gxjvio$^$*GBuSk-w=iR|oREbkhkWILQ1)#f<#Hj*@#D*x z70b%V0zbK1fX}~B(tYvbbpK4mq$E?+=jXitCrNhBLW{9}pOQXYyzUX9&li%6D4t|- zX8N-~B6s2cgVpwbtu`Buef-kWz#4~)ho^|hRSBLm1zk8KiNsjClEe1?YvI@(`Dw#u z)zY|hPg;zTM9Y?T`Yd`k0gswqogb>CqmIbyPm2Hyd7!_(O-sTh8~{_%EF8Auf<4z| zdw19P_EZh=tn9xpb0y6;O4HvI;{Nv{V~pI*<9MD@DeOWUgjs~;B@chqU0#RZyj-EB zFz5WfiX=hglIjCk;uc1k8!kv2kCpNj(uWD0)F3StjkNKQ^|1ot zq-6#yixvd2Q2ze@-G}qx>lZICccO!5WYUNh)S5ust-5|5>e;q=@}G+SU$X8->@U=o zg8FdMB9I&Z5wHKyKkN+-oAduBo(%u5JQ_C^fyN@Rk|UU$-fV2W=iIezXYC?up*ej& z(9?Gj;%D6>64(5c>!}63X|u<3tJUTo+#AylFpr=p$1MEuW7ih^`xD;%2@aOHSyG{J ztl-A=KJqfo^oE1NQ+h~kUuA#@K>P5q zo?uC|Uwqfz!7Wq&1QpK{X$VWw@= z@D*-v)cFUj&MTBoy-SnU;~U#wU^U`Gw(Lt$t2Z^-Ta;lL79R$wj*M$M60vUoL%>MV zn!ApLIm=jKs~Tf7*q94-cG9KMPGr2E+LFjfx)oAzhgYFJkK7Bt{gZO$*zrH(vWEY* zzO-9WSFJYjEL6YQx&F1Y_w=_X`}9A%`%hZCw61j7P!H{O1tRxsZUah5RhrCnPD(fp zqsX)KSESlCx$?wrq>41f>U)cfcf84Cyaxod1K5@`QqnUgvge;;QaC37s3LZvby}oS zGb?ijotY&gD4AVX95FmhDoI}frucV=dpSF1j6gF#{j)XL-xud6HRv2rCA(Ng$#M(y zp4y?DgR-;VsmwTE!$G2|{U5e(x(o_<0A}m|{iDv|aZLa3c8|M_{=bPQ%l;puadQM{ zjsV5eKs{U97nFGlCWCs$xosOy2l2Jg91tGx0U=K8H2Z!^tpPRO;x7O#&6TNqE%X~P z7T0c)NqdMIP8~x;>sA~7xdPql^{b1^&wqb$2?|zs{M+uXGRmIvNd+wVxg1n9l~68N zZGQyfAHD%a&J96({oHELtQ+KG)U=WWY`*-Z=jGyV&RT&8QVESvH|T z%7iuu6ElfZi1hI2D=(-}{>4y~{~VyDV5=+;mBWAvm#$pK$^)u{#MOOleL~cO*sVfh zxRa~Ua}bj5c)OSX?EWqP1jzW@=jE@N(48*-1Uy@^{AZh3{@$M;g?m64g=2&mG1+2F=IadVzwXohjl6rZUARA-7I3Rbydh4^Y z7eRj=thbFe_q4g^8sIm^dkIMHg89~H-z`LeI@oV3t-YzU-xh^04#=Hw-^LZbd_!YN z-n&N%U!K`%}ZA zJncWuvd!&>yT+YZg%O4!hv6h;@Dt7YsdEzbih#;f$|{Xa<~q09M*dW*8avs1F)Fl^ zGU=2m$654ci5SJ3`S4b&e7tTnW%9@hIMZ@a{YZ;d!YGOpX#0mBUU6)Gd)k`2Q;L&s z8SDH)@In41pDAX}-o1YP;_UL(ySJau-@p5x|NVUS?(JLnLPV_I*ul&V11ZQ9D}|I3 zt|^<{9RM6po>PEe3(Is$2!K`Dc#}v;lbJb1(l;h69wpQ7GUkpe(@^?!~A@%+Et&S9^K|KG%uQU5bW<0kyS3IG4P3W3HJKoj%-Kx6(j zv?dhD4*93av6$9I(!r`VDPzCWOtG3;j3vufDpd_*YF{idZhooBE+)pho+`88No{3N zy^K_{8fa-3EWPZPU%Q~+7K9nQ4?*{|eL_xRd+HW4N0ZmFKuR|oe+SY#srbt7B6|u1 zhT#%RduUVh#?ZfFsZZ^^V*Okqor?64Ju%i{j6AW~MVxZIz{0Y_<#b{Gi>y`c*fMkI zhfVaOV~S|lvF(2x+U_v07giBY9b2Rn)SoTqdSUH<_u0D|!@oZMbB+IeBL9vTd-$)3 z-)93oq#d550#gF~8_S-~Kq=dq?e+0NHAt=LfOofpU9*mIW~Ar={EL$q4^q|}jgvs$Yart0~hfuEQ9n>;z^ z|9Puf92HQjEA=Jc+X&K&h-!ZT+fJ{JkYa*&{%rv zEp77(a~@BCZZGFRB%V4tFF7=O8Ng$2OEq12&S$D6MCDwm)Iz~z2akONge#tLLQMY+ zaumx-Dtboc3Zqg1Sqe4F?oDK-uc|!ZQmf%G1?SJ!H831GH1t5pF@7|9tV@zsxz}V> zzMs#^_df*`z-;}mcX$-f|J*x1?l$*78+nS{|1=6gr&PUTGH@FmC; zS}W!P=>{J`mP|h^vy{WJ<&QjjNo?ds)B!4XdAgxt2FW&wnjxf0y6enuqqc(S_j{98 zyynbb4U=Cc7*ubZTa$oD4JtNqPN0X@R9*(LI}y_+1F|u~rEHd4nBJ{|AOL3RSz~*I zTM-C%7{EZYojYM*qaDw7NCkMu`V<(TN6g&N^Hb}a z&*lr)58j2ry9rr#4`8*eWm%a7Pp~@Ni7(+vzp!u`@WF?bV>-s*uNvUCd+nqxovqz6 z8a7@#8~5)Y8~3-0jf;q5^4I-WeQd;`zsWNO`DBT z2k`-%F205(w!Y)VTG!b^kQP?4QzRyhKrM~KA_`x77`Zqu7&B`#voT2 z+IH~1)KBrB#xYrCbLL{x?bIdI8044C+4vrE1oxBPJWKGAtMfz*_99Fn+``w%6+he4 z+1qe&g+2g|14E8JzJUMOmjA)G##I=E6791w3(>XXckA5pMwSzpQ;CwG|Bv`^zzJkL z104`T7_?6M&0u;CnVuMr4Hrh!lSxV1s_-FPQ!5~}9L-(d!jlYPJR7K^Qj$?{G8C^5 z`SjSvqx)@0dLnsw_KyeEiFpYpDBNbx-1(g3%D)(S<`RX!$flo9O6>EnLrHT2`my?;9^1KZI}IUY=uP zV8n?%4N(M-Tn{#(0CY>&p^j8Dw^sYX2wQKy|L)hUWW@`JIrDkwjsD~g@szPEa|eCq}mz%nz> zb!@+=+jB|QL^nQP9wdVu*U5wchp(Ayf)SJOD$EGl#?ZxdI!G~@cKFVaI&)LPNg94> za&5p>x`O{NdYO5kr@&`=+}RV^h4kLQIq_e|{li%NSHE}E={Ekqn|M|X~#ufO1x&mj={2QuxBprisjh@YI80ZW>+Y@^PB!a_;O_S;s z(x9Hfff9Q#Mo|~!42*Kj41sP=K)+;1P5~C`OBN1BBFG%coO-<9F~;VtUz6H|sG&eg zFk10xQk5u5F-YGSO0Nu~ce2xce?hICh%eXKf!}uZc^o_4D2FbzY6Aw6>2r&Lq0jLs zvgQ6@9CZ%A@1&*7%~7$pl}&oE52$yo4Wq2gDBm9)7T^=T(f-+V>RD4%z@DAIdLftI z%V7@3FvY6|ysHlt&4?0BMv@W>Ewx}mpUh-wT;e6YFpx1L?99BjgaH#3Ea16-n`W12 znw_96oZDs%G&mZ>Mu-O7F=N}A8BoTh7gneT-Qpnl9ikb{$1G%(R2d*avNbVoggv0C zQu9zw-oArv+tL2MyCbZ&yaU%8hK{&$8!`?7&?*12B(G7}Y)MI?FvxTFrl9Ot7kgY; zBurVpjZD~nwO5gNXpRi`gT*??IF8W646~SMYhixUQqsJhN=Nxza`N@guLPeer~5&< z!@Z;qp#*)lv@hs6n#az4`I6jF$}j+HPiQu_eNZYb)8nVSNSihSqTOSY5#r*u#%)1I z5cA3hiMzu?&SkNVW>(d{RRE_#sK(UICeA$Xsbc^6-Y=5%H+r(|Kiz)6-;2e6A00RO ze>d}_*?%~V8*5Kv?Wu0<`QG0;0}p5H#+>s|%{iRHN#l)B>FEg&1sAMsnyGadqQ<1l zw28Q%TLEUZwSY}V{%~mqv(wfA`*<)i$Je&+Vmd&30iB?0SKAQ1!^iV?&qbXFJc>r@ zCsSs4j=+fJa)HA4tU@h)%^-EV?+4Kgqd@?A>x zA$kmwySH87r{%}2$*ME#w)trw6*sio9h~0~z8Koh#Qg)mBz}A8Ngk=22k(r$DkfV4 zO`{%IHePfV!gP^%VJrnlRiaCj2$-V3DAp4Vce-r}+tR^ngBVW3Phre@euK*dMhatZ zWWuqc!Cw+5g)!*gn9Bx%36vzZ@U2cZUndw`9 zkbkifA}EU>{6D`B9W=SAPJ9wr-{?Q36Sy>z9t71C)KAG3Ge|?1!DMWo|)~hFb!bK2%|2E5cOdR2}RWhJ^dD_ z1iOh3D$^M7TU)d;Cr6l=6LVmbNCLb(L=!}iPK=M%EsbB5B<{ZL9!TA{+SX)Zje^tG zTla!Z2dES}#7WqmIz$ZbKu>Mr*SBkw2jS1wrTdfh9G8j3pIA zc#Ime0g?2nq~y`=ta?=rd(o zq;#kMNVro>?pH{3;s z1c7l>SyPUkv!X-bJ7#^^X8>H#Xok!{187z%&;VKR4g(Ef_`E=a0@(k`;ty7||H3Ok z{+vL7ocs?*M~6o-`)}vCcih;2H}Mp(|56$^hTq2UTZiG7auWyo5#0~oiYP-skKWF= zT#80M1!|kE$8?sB+4w6k8>e+KbPTMSYZw|LxAhMX}me%Hb{EgE5+$aB?1_W}48_ zm!k1CX-wM6xjKz#y%h=gwd0A03t6l%A#aV^U3^mU9P|lm6<5G%b8?dRhfzeY)<0BC z{`Ail0GW_ZU%q6hj*=bdAR7u{6;w3B{lWTiRqY$`rZ6{#sbed2ly`{ z8=`z36DO}TlG^o+xlA0oqLWX25FbvqBh%X#eCF@_Ac#jZS$@`XbbACxx0$;ra#+hb zVPwFbe%??e0VBtw0$q~VxZM`_mlE%s7_Dwg49Jc5RbCw~BpoQOY?lg`h z)*1PAVq5buT|UY*>8lh?e&QGSZ3JS?UEnXO;uZJnc9{{0Lj6rjL%@MOK6jHNwPx^D zKkh3I-}Me-Uw)EN$G*G8?^4Gk=v875TY()Avb9?3*SAaZ?Ts}b;X?jK)1iWN5{P*T z2Mjk1bZ8&BbJzO`SQbzI&N$8}Q5&-2;AgxIPX4NroqX?2ugsl6r)_kPd!XJ8+IZ1_ zyxVGPn)Uj}(609s+I6tq_fJ#WVK;+A`akGSam4?voyu*k$ReiV6U2tSFbUW8lpmy( zlbA8lr?i;b7A6M$Yhfb2TkKj?o%PfVr&bcch53n7x!Z|z@WOWZkMW=UnR}zb6SC{f zv*6eH_%)S>8l1_k-k5li>9fA7EzyByiGE*jg&w93IkW8Pj3Bi8eP{Wpm0Z3@>Q`7I z1rE%*C1?9@EgilzGL?M2pe`Jjbm@1~eoHRF1ecMm4CX*j@|Z)@`V_<#n!$d?p|V&p zwR4YNPvmvpQ#(&x$H0`&VJV-xfKornnJq*w`SFcACgWq(5n|zJCE8)#5FJI9t{;H* zlN7h?hnKDsT-d*p?gyQ}#@cw6{$28Y=Bor%pez<39o|J@9|(IAsR5l>>+Qia&5y2l zu^`St>GVFLIUu>j(DHJI5}%M7Wpcj@qPzP&{PX=&6w2N26S5mM(3G{0qsaZy?s~Xw zJnbhsVv>e*l)6@l+&;q-t)tmMiDjYy!ttDpuaks|=Jj;PCVm&h#{r{X)eJEU`10ODmZGrz$AASKbeajIlF z8DexS1;MvAy#uB!8yE@UL1yL|0=^)~f59e{CRe0ln)aS?Ks51@RqEWtXgPlO0kMMs z(Eeafd+)K>jG?zp%rNyM6yGx;k)Jxx%2S6?=uI7;w$gYmpEZIZN~BbyX~QzTjm6-I zdr-kbyP<^!hS)tf#LCZZYKZlVkH8QELktYDB-5@NVl@7hnPBmWGjH(xMQLg3`f*!C zc1rEEl;i>1W^Y)RaPthTGO)_PZ{b(Hi^_?9!jvIdBQ97;v^U=6|{Ly2D<_y1FVKnTr zNnwvsTUbuhN^ODdIKva{Ip3xqtQNwVcM$nyL)?Q*a_<9xSeeM(+~`N`gFpZV$e z9=;9RQ)yP-p7AM)tI!RrIMT5_g_dWhXcB_yxud2hVkgno8lXKeKp&O?N*#v#t1aD9 z8;_cbmE$q&*~}l=tfIL?qOZ&Cy^raD=@6Uu*%mXHLRGE9xSWEGg%DX z>Xy|J7*_Yeu&Onwx~rR1m8@V=?Sx6Cii*=)`_ziT(<onReT*y5UBEr)%Dxa8C?3@Q1N{V7GzYma7NYZSgai-PT=m zY(E?W0(KkNZD6OF! z8V_a!bgeq*`yPW@o>S)7YafwZa8exc$!6qL?h zT(}PBY8@-5qQ@(mE;%E`o``YCVz!(RE0v#-PfIv#by|b6LMLCKjJ2dy7*yYhN0$r< zz2ulFgz?NT2|2#i>c;}Vm-Xog%O*KHz+L!ND#RDq`GG6q>ifpJth4g|w5nj$+-^oD zj`O0qbd(%W>!5;F9IivCH2 z<5^<+xSr#FcAceNurEqBX-vy*JSbM|(!O*B%8Xy8917Y@rF|?TY1fo(+G8 zD(w}D`pUl4!I+gJt>}%PRo-G3R#a?F{>q=wE6s$A%oSj@ZK(znzRESc(cI74LP`j> zwiVLpcqL{nVyI4J)&hI?1OAK?*F~Nmzyyxp-3t>~6vV#{6S(L{1rr!d;B7L2EekzC znrFKf4)78Nv4drtb*WyDrq*zM--6{FzuT<-Z05VMnYY!_1bZ3mVU3?zn5xPu(`qJ-rkdWd1324pBDiV*k8*?=ODs* zMmvWi)-~d}64~H?^Z=o34x!W>SmNNS!l6Xyk2naZd@;m! zFq#VA5Oa@9QIRD$5z6#fY@ZM;dhQeTS%R2}$fQ`6T`GT1I84b%Wkf0EBjHAU1tTRW zvWP1DMHFk?Qe8$qF)0`m7=QmedU5VABlNTFjixw2Z+y=sW(Hx)kKRYG`V_e#ve9>V zHb*0(TO;I9k>L}tKnOM&RoYTeX ztM-(%&}1zP+oVL?p4+b1jvoliew^^}~;^ zTXTnYBz+d}iktJS;(Q?3rgze%E@!a+#DwuTg*7jdJVpUt_#rLzO5T4qn}xIsBcCt` z6=X|7Qti)bbN-VMIsPbDp|}>TM)XZutyV zR4!ssqk?+FU#vG+xNoL2;@?swWQ3%pb33bB_aJ)}UCmX!k&Y!ufKw{4XLVC+Obr@sXWfV9C5c?;LmXD%AU`3zF}F` zLBEga&%=WQ_S5R}ziH}Q-45#X4hP-dpx?DDWOWaF{mxg&+H~V-T2kyls^a*b=MuPM z&qE;{Asdes=&jrh}C{OtuxQrvLQM5NDN2R?xXwB=^5 z)h&9Cw;xjTh`b^ClVQu4%%0&OniJ!CLi(FM$+`enAGF7=XV2U}6XHVl;!7g5&*P7L zGr`d}{5NV+#J^tH(P;Y3$~7m*%kx9p{J1Xp2jzN_@t~gWxahcDzEk`=Z71tf0ZqP1 zPe{#8b7P!JcVzD%qta?C`4rgoUa~8NXgkQRwAwo+R_~mXRFfmufp=|?K)Th`*#2jZ zA9J1df7j{_%JzTP8i4(O8|hB%|9brtvs+^S)AuZ3h^eZCQDwR+rKakNDVR0rIhlen zjH))_wV&IIM5dFTiq@mywYx4hNTKH%_grin-N&8-TL2PIP4$1el-IxnsMG)5o>kWW z2M2x7|F@CWsQ*(UzUte;9*qKLf+YTmA5@6wg7L@>TGlmvDOEV{Y%#t~APQ_Fv%m1%`E)eBZMjz8)D%Mp*fSC)L z%?$0TEU$KIURE1^lxcgOA2DqcXEA8tSu32jr@l|OOwm(8O|~y*HhaqdS}sVJ zIJin~I;2Vw(F*>|9nnZm_Ap$IMi@KTd5X^Q*blJD9y4o?e0MKg;1T_HA}@G7@_j>- zM*q;1Z@pd*Ae2;q{m%X6FGeGO=|yk#K1#sxGH|1-V;XLH8D(D&mfnl-t?&Kp`%x*Z zoxS=%KF3aZO^&V%=&_PP^p17l5WU4j`^B$lEGvz(4ARz7PU8pAK013!_?OMPJR4sp z;bLaoeM!Ad(j-cMorMCsb9+*DO~f09;#qVS;0e*X!Igm?k({)Ml08pNf>A{5`ZNrX z&kCpoxK2 z?8nSXL;qnW+EermEB2e;ZrI+JbW@Ty*=V!LXMVeZ>3SO zKuom3!gt=2R?@AA@tz6tSuzjeDZrlK@&m5<*a_wQ>GwPj`~4OF^ z((*$mhH+d=5Q$x3oQYbLAl6lTiS3q;MiMh`vLPYKmHe&xlq_#fKhQsk!ki9~(Izbp z+)-%k>D7pnlfj^4O!rU8vWln=w|-E&fy{T{~a7!p#N_pt)Tx^>u}69 z$IdLFsG!Bp#Av;q`R9BiHK%VsY5gAho{kU>kvfN$)@4{jLkxr9TRY)OF# zm9iEdu zg(Kt9m+m#IF$3E9DyGmfspMYS3zk|lnQk<7)MIAcJbGNN{$JEB<&DrmkNxV--!I2w z_YxVVkx1h8tRa57yq2r9JJD{<_3R&L#fOO(Pwj>257DXWMb z3*s^_zSSZ)E4nI!Z(HE9b|j3FRgDRqA^OXVE0ysYzX&kbh+&g)NsXH1QO>Bzuf$}B zWWJdM#>6!Pj1+@s>aB_Gb!IX=AvJHsRE$P$d%qsf|8mf6m2XhHZ!nPBf6QJY_TRx_ z=a2>i6Z@}k^$7kSth=$I^uX;ut?|zm_ZqML&{SjpTg31$t^f27J6*8|9+K@YAp4&9`iu~~0F%F}Y!Lnr~f>~UT!3J(>?49_?^CNoFAw`F-XEJB~-_Z9S(MAqE z$kR_=MpHLL)ZV;tL4^3UFrb{3*c$xhil1hH;o z(bb7#>eyb`=kAO&mZ+V75z?5b_1aD86RlJ!DY;M~r<|z@-w*MeygByg3p*f~^`Fn_ zd~I2#WeBSCxI+JrqZawkJQ7pic!4P2oEHoCJ(nS?`wnluxUrU%86%x7M*Xr(V}D=T z0J*!b?BiQ)foA39nbP9Soq7s0)x_6gVn<=_jLNe!*IO*(t3lGo`GXSA&I0_$(habJ zCN~(>mB6_yr>+{E1)3~ z*b|&0&fcY`jK1|F(*L6D;xl$xO@%xhA3tjh%LmIE^oUbE-k#0uMJT-kB}XDWg+8W{ zOeXn@P*95m)Qt2QP`doCN;TQ`D%Kg9(3KVtF%Cy1#dijz;|h!4MY6 zg2}nP-|ZbfB@A)&6!opA$Z9=1s@|trF5c<)?VfE&seV(mp?J~UquigWOxf)sJtbK| zq%XdZIVgFw_J_`{zWKa9foMmW#lRh>USP)U${bxeC$L{*2K%#vXYe z^26%c&a5z`M#vS*H715NQNjLlGW~B={q^oW&t;g{%L$gsppQE`ywxpIXH zcGVSJal9_+BHO#H`q~$0-EcTwzZb|=w?%bd4!h_Rmr|3X5)MJ zPgaqE^|dkwTlcIjmr*q+mJKDrmuq3*^gR9Y6^#=5h7TcFJYGa=y^5p3grT z_H6dic#7hK+{uGS@vk3^>J@x~59-|*D9Bj3CQyQ23Yp3m2kLxCc0*)2tu{vrR}890 zIYBZnawCEE$yhu_|3pVeEz431CfTKd6~goq!5eUIjHyDR&1ZBsyV5RX$}BHppQ&5I z=+`A;ecB_&^9@MXL`QE-z_Jg#jZFx86S9z0GENG3Sh}NoHTzR`mv@OwakIC8Qhcp+ zh46O4*m5*Q^b(5zoi80CiRmp}Gd!kuDfx7lGO`IsTLwf!9UWO;qr4d z(u%MDR&~#M0E0?dORnjz(A8htUCko9#=AnPyw23ll>u)hHWl-N~UM7~`UM`~4 zkxI&&%`3DEY-?a6!F}kf^``3H^eQQxDbG|SvWwO$bjoYjOVk@MbLk!CPtg8atX*Vs z0Z&pLI$(9UTg#W}E3U4#%m`kQgB3UL2`FXv@Ks1-oBI{*u9sZ9Z{FmtQxn3Ayenin z7kd|zjzwR+^t(hTz5={Lrn(ZmLaewVyh1CzGQ2{mub8td#pTRN({C$vt@twXa?%iM zdNyoI-qe4eW=w7aukT|{F25mMKrO#BTtqCrMO;8EyH~uNZtm8Fflv}_4}@G3h>>pP zsX$}Y8CUW9?;{#^#$le4@Mr%*5LS^A(YBt(YDBh>TfIIUky3?g)s!;vl1xQwp{bw_ zva43(-YF8px-_gyOERr-UD|eXi_<@R|Nivp>sP0+A{~=Hz!hl~mWCB+c}7@~h85{N z6|6{0lE#X(N~^(&w5)&~S&^nT2P{dmbZbk}KT|uex-Jc?(ZvL-(Xbk=3&F(LN(!h5 z-k}!|_yjCD#Ach~Z0|~lsMq@Z3XO<4v?a^T2e8Zx%go{;V3}D;xlPN=GGdxE^c)lF zw2tj=tJQXO6xb*+eg8fljD)i)_L^7m+wSqPb$okO>^HAsuY1@(Il8?n z4w_f-mDT;W-`@}tY#8vM1dVaPLygS3^LU4FIj4reKD7iM^B-r)r7pt?!a8G;e@J)o z59V6%Y6k)zzI^!~^1thAW(^_sEBW7+p{}irfnXr-{SV(G6a5@ppb+~|B!t)pQM#4b zhfJyv>9x?3C-;5z{KmQ)`m~%HM?m44U`Uv5DrXq@FNT3_G;u#;FIDv00d-Y7L;>nDN`SfmbxV{0b&Djs z0(E0(c=pHAX0loUGMy#gQFazf`Qg+JBcB-B^EB5z31S84nWww~^gM}K2Eb>L5WuG> z-7@%u1;O>APUuhA@-3l+E#GNfV9WPbZ~10Nj^|eD-~IUh^sjdx$p2rQ9)I`O$*Uh; zoxXw%;4$d~+yH*0B7hCx(u}YH95#UGsbB-RB*6x7Ny8q<25@G9?6C7}%Uoo7JHY?V z%s$ux4qL!s3%G!AjZ4Iu0BgrKgeyM*tHq2GR*PY^xJ0>4tHm;6nqWsb>7G2~~jo%RIrJ@D22-Trh+C1FhTr(R`_S z$99N!l-LzKAqYGn;0dWxZj&cui}2^x$IY*4vvvYPZ+VaS{lUHvseeQK3%kTcgn)iU z33iFYF7aCOo$6M=z}vM;oEj!3ci?8_+u`vUeYQ3CcYlI#lhUGJXp zU5|SOD4M6d2^580<6=SpqoM@6#+Ag|z6=Zf3A@H6l=pYn_(Svt+#U*78P|Zq8Rd#7 zT#FQ7cp(7{-(DE5y2o*6V0gHk@6%=7{R=<%L|`|8Cbr{*e8Kn2?>+_BDKe)3+x1A> zyb)Vyew6$nMc)4z%zu0Qn5{M^v`-O*0z0%koK!qPhJKO(A6EDa8HedZ$PXala1@ z(W@42V2PJe!tPr@^(D#&i0W0bAUgx<7lBVNnWINOk^b|dvpJso!PVLMRfIzUP;Z9Q zcNd5Q=2no#cGw%nDuA<#gn+X}>6URe6JLN0*NU~FPkDkR+ua6uhXC*Z;E9U>fG4E{ zfLA2h6@bSUW)qY*S}fDGSlPzT6;@&a=FxOtVczk(4`>-up#n&+KnO@rlprj(mKefv zYpL(LLjmLMG{$=d7!NR>xCp>_QcA#hMUq{?coY9@;s^dRqO1*zcFM9II+}Z(G77-C zA|b#zQ35zuOT6t1chILiL7=RVa@9cD^sij67~yD&=k_l+2zgucC*}}C>55m(v4c;! zj}e<_Qk5gdr{y^gJRITBoV%BVBZOa!@O&||={+wM*-eb|FcQiq@%+i5G6iyv@Fkm8 z4j$XfnbH7e;x|v*#Cc#$IXIK3OO4r@s1&0Xo*O>9U`L@TBo>SD#}Wru29G40<7kSP zGQ)zJUer30%L_s=!Bk2ZvLX_0%r&S&DCkbfaND!lFYyQ|Ix)`_jmEF3k0cpziAhW> zA!4LE_{FRSEvKB3+^r$|-kh+cTT@oTLN!I*oPSuQ&$z*|FS&R!MJ%!-NI~I$80J*$t=no({mVDu~Nny>>HkcVRp(8l|b?Mogpo9 z;Sxw1R11!W?<{e;h_RY65NT|qV+kMk#E(03(bIwOX-E9HXNjprpxx*SpLU$0Iq+M# zFR8OCKMikIV{v@F1yEd#wyoQ^1b26L3-0dj5Zv9}-Q7L7Cb&BU4<6jz-Su_;z0bb) zo%7D43YuEAR&@hi)R<#@W3E34gKDUYt*e*H566mp)nGyd;#nv0bo=d&d(VK60W3wXm%*(jJRI z1UrNvsfM?Ct82saz>7AETz{>pgkT*LI-AdvMCII)f7Ufb5c;+xq}p9%Peb|!@6Q}t zD8^~i0`^+?)v@UKCdVSnU=KC(T&yNhz}|dh><+V0R=`5V#>R|s#W~x`^=80%co0nz z`?oCiIe7fH{sh%K=8YAe>%>C|3$~^%7>ecqDNUD<&#>;t1VTceAlZE4j1pqChadX+-OY>ZIBk?NF;JWII;ef4 zv+--BrAArMqI&k@66Hky_(dG<{jL+xUjh*y63CzPT&4E-RKpufrYBrBD- zLXFq{;_dQhxq>%7JA>P;UxS&rg0Ajq=O*mP+59s3luN|r%-h)gW=QWWk)Wx1)>whgZ%rzK}4LQum zMm36u<}LK$J7oJ-HfAUUi3qbR5h#F4XBnM#c8l-}?k>f~-~_BDE4C^ZiRl;HTaaH7 zPc23|Ne2P~v?h78q#76jZZXj`0{qH%PT-FJ{&U1ZCHM;pP{#!PLIKCE&GY~~rGnU) z42oD&aSH1tP-J&uOR>P1a+|`;j}O}xe>TpAQB(zoTq*^cPuAaxQ_plN+>fru&OQ~W zgUS&U%1N6(=N$McnLO^eh@&kMQ(hQwQv5X-@QvS-Nvy#Sa>I*eZi)Cv#HN%p9K~%$ zSYa(;W(WG1-eYYgjl5-|R+GYtBUoYcdWyvqH(g(#?k$r^j#+PlJzJAWKE(;TU#~?^ z?hneuOZRvh-KlGwlN~tpu(m@L#$4ls3C09t^f~BCZr*NYisGqssc*)#f<%(U5V|96 z_mU6wMZwClI#Jnc2)m76WZT6(gjr88&w zw{t1yA5NGEBhfhj@8~^3tp3nTbx`nHDYlD({{G*8m1fN#NX=r;h1_@Tzv+7Q3ll?u zsZb-d{%*T*o}<#wV8Gey;QXf7?}F?n%lU13k;$-l57DIG;@oNJ2Tbzg`uaiR^Y`Uu zhzyp$Cz{H;*^jMt$89G=u*C$u1J|6npM-h1>Nipjd_b(70n{lmm0 zQM||HX4R6{c$t;lPo+2JJ= ziM~vwVXX!hXWqT;^h&)Y4U}i_tYDw4^NZUOq>}PB>b!VwrBv9enHv4$TC>!Tua_y1 zW)Yb}8XOgF9LWjmP zw{}@vJbGN`+23vE90>Tn(`DoQwRK@&W*moxegm2?lNsp9L93c6cFVRCA!`g?Tz$6H zg^(@RH65|mqI@24?u*X4hn(u3r@fAy>v6`MekIb-!#_tVwx7_&w2L~lP`OI536JEH zU%PRw-4zVBM^4hpzTovM%X|o$O&}2TJC(6Qx{cC~5RT*oI%}%t(@o)VMwNuU1x{q) z^G5B7;KS_vXdMd>g7MszR2rH`^~J+dbf$ zW2H09lJqSD_}Ej6$z=Wa(1H(CgZL9OCnMqkY)-laYEC*OHTdK>ZCMRB2JVw(h1 z%h`jFr}Y{y2wvT}`M#}gOgWioGV3+0F3j6w079=$HgDw-qd~&C0NSP7dCpf!I^@Nm z&h~+#OZM?Np;mTCQGf3^&M#>MeM0ke3S;=%GLkxd_@wP#U~i7&Z{M5L>(Sqk^_IRE z#Os(L)`)>D-4p2c%~U#BacVbhSa*E&-g9@8;W$gwP#Pe3?pPs3EUTgcUy8d({K@z2 zUQi54$MLQsx9!BaHrKDCWp040TCM-JG1m`s(%wBkGsZ^uKy@Nz1rXIf^}xs?~lTwu!k ztP-=mI)NN^fuupud8^R9rs<#qjDLl$X<&InGpP&1FtN)4j6sIf=dujwbgZ&Ekhe5@ z>u~$(%9w*e5>k;t6VS;4^Fzp_b0x~irE$*UoTYuznTtX(Siv#sZETtkumqV)lLXA! zfzMS^1Li@?OJD@)16Hh7rb%j0pBn1}Y@4D$Y`kxOX}k1mApqvWkVH2rIkA$(iJnxREO=t0kKb_uuIv@04jNhp9zPxcw$qJCEpqsUqvKKj(TeNtxlrbWgKy=`c^eo3g1i_87#n=Z<>Tz0aR$`bF&A4~NmFAv06gB|Ue`9YLzB zX*RC&oLIc4TOS}7yM0GjYZp4rt{&3@NBHnpPgk9*|x+mhRv zCsi@2$!=XC-U8N_5&?Iz8JK0iAU#e5x9PQqv_Yp%l7QuhX)f`iigUS@&GBFNc z{t@?6yAtzQT&A=|b;F48`9({Mq5oF*c6&RuVxe-f^Iqqrcl36MjWp!sr(;wfX*}ZW z$hfb>dC45A+ROildlf&M|B+}>HbpLXhw^!0ma2FXa9oq+qW_c*ak0xuXiG#B#4%)C zd*Ttf`!^4i*uJrp+gXR{?ToiP|Avpkm6>HDI_zKJ!%No1QXj0&PN_rO96WPpn-uF8 zm);MnnIMH9n|SSN;fIf7A;6y07W`-8&5c5b%RV+zYT``$?uhyOs9Ag9N8yHveF%cr znTGp^9~VJK`Un&Jhn!hum7bEk9eH%X?i1VHkQcn8#Py_-ubrsyrBW` zS?3ab)32L1^uQ}nk4h?W09a(guHC(<(x*)r&Oo9Ss@>?-kXD#O-@>CY7L0XpM|)xw z+JXW8a#Jaw+ebN6QO+qMe$a}w!1S8SooV|{Xxmn6lUih7dXIX+Cx+3b2|u)vwaZ;u zq10|*Jb?K=PNp-O;WmPiEy`fI2+27al{r=j9&1$aWhfM$Tzl~LMQ3fbzZ7tH8MMC; zwZCk&y@+|_8nm?&aVcF^1n>*4aP}5~b4We#I$L+BwHqMgm|{_>fS4E^kRAt;UdC0!MKHh7RM4mWz+KE` zLzyOGz3`VOF-`!$KpF-B2MTD|2Mk@e^zHCJJK9>5AX=29d`H$!blprVN=+u5X~PB4 z1gTXfUt=Kk3-6VNN8Up3rM2#*ttU^FK~J-c&;WmY0oA4Mfocu90R0hz0R#n3d0^U% zHu>8->=EteFTA1VOYN|p2cdKF-|HH?Msl}(t6W{~(5Q(ek3J%&CV!IP z1yu1PP~K|)!S1-}OfU*f{5)eN~*U8^f2(LhgwBWe2~5~0-~ z2xr4Su=P3|ud(&k)+uZ4^8d>A^>%*@vpQ~mJqw9QKVE3Zhd(#bJk0IDb@QRRNOm`D z2`>~!pKwHLCC$3->%cQ$Jsf!85(Kx9ZvRFPkq`ES$KH0cK6pGGSYi*Z7ajxJiEz52 z>`AK^PQNw;s~4_zooaNLgQCBFTywEiy0l*h))QuOHvND|;31slDQv(<=OIj1yt+>a zP>}qNb`=spDS82;B(BeEy#*ckyA~Rc7#rdYM6%(4V}OFnZnIM3B@3%HXwI;&m%axI470{=i#_%9xN>d{ zUZg4f;CpDhy3g9$R$jYOx&QoxnXSEc`Zhi8R;*lj*2i8<3q7B<0Q|+JS`u>#)urFp}WHAc16trDr&4S<}?{` zT#DdM)Fg3@l zIF2a-Gm2HxQ?R*EfU4XzCnhC01FzcN?lG%aluB-*lzw zbcj<-dRKhL|4NSieF1fuqbY-AkQD(+wLXjE``Cb5R>m*x@OAaWf5Zy(#rYY*V^l6K8bw+=#nk>DuxkW0?35ex$G| zaBt2}jBPApq9|x@WTF(BMkqWFlSTAgk+Hh|xUK9p1=CjsHMV=h0ouh6V+RCv>bve? zjU%Bl6I}(`wUo@iQ4ly~6vLL*SRhHHEdM3s9L*WLxRLnJBM2Yqn46|qF8*5sF-%ul%2Oqn&|6hYA8(gxwu3 zU(BWtCv1!me?E5mFeCSsAH8^8(n_*Hh*ruw8ch05kt5}2gr6@d4;p3zdg{)XZBJJC zAJ2PXe#=+Q*~j}Z!oDrX9FSg8a$0;_zRf(tO*6&6dyV+u<>fRGsA2eAt><3v>pdxw zzjT;BhkwZ(5HY#u#<#vgueU1#OB1aFFQ$pR^kitp_a=ZnhFVbUngJwS~-8v4Hs!2=pF8o_RI{c#_hd+D_p|G$&edHq-gl{euZe6J{r%ZKeI=2iHpL#Z#jR+t zAV{?!i+`rdLg%LKIVIIg5hij)y>zNVlJ^s<#9V9g&Qc|r?vhXY#NH^*n-&ws+%vt; z>CtI!Qe;UiWI9SD*_gd?tq^`C?ZuUD0IrhUMhs+mVtUu2e5WL6K+*v+&joVi+WxlrHmoQ!&bVk!f2M z(8m<;kjk(_d6H33Dl&>2Y%3I_vlo|se7u;MDfcgM2xh7`aI(8}_YPN3D)asiCZ$Xd zeZ7_-X!}cxlC2+hf3^;9qfUJ&kce5oA2L2iwlklom1)#!IqW6I>El%MDl2KElYy6Ic zBraX2ek>?Y$5tMD$t*q~QPB2#a;XOW3La#S1i%IzMYqYYCP z{{uBCj7<2ai`r398a9+C3I9;JAo^k09ZD!ZxTE}ZaAUHGg8#hno~%}EHn$RFAsFj~ ztrl#wtcb$uP7jyU{w_&)Tr0NY?7ylm#&5Fcr~L%^6oGZ57Yj#1)>nod?@%!V%Vrb@ z0aO1h++_SyB*pj;`}uGg`A=M~dDBWF&RbT0&H~LR-$xt6%s_6D-g)>3Rl0{RTSGD zH@Q~)H9hAA6?r*KnEbJ3!C3T_Dz>fOgc7EBuCf_32+pqsaW(T4*O@=mrd#r*q9~kM z^i}Yr<5W_apK$}le-6k=7bEuNE$1YgQWJBz2Rj7QLcFRx?!&gKjk*^zva}tyu^qqp zcqA&DPg)N~A6j58E%ag)KHaFvZDiG6@>Xcb6d@o_%~*y+mCfVUV``1uh7$U`7)Pc* zO}OQdEj^c-?Wq(aGvxC6j;VvW^Y33s}oGO^OOPi!)XtYtmyy7o5JGw704vnRUEAIClZQVj*fz-Hl^v$!<3j54c;tJ@Y(PDeM?ng@R7o*# zSBAfC_7?aqVQF>tiRO=sXBR5la^R4xOEUu9yFEnJw+)HVg0c_h(#qF?h|uzKgaabl z`3{|377@cl|GFN3sSpjqaraB55zedw!&-z^FS3F7Jb($;w^3@|H-+Rk=QJcfzL?6L z%ETmqFFFLkCkE4Rmom88)pgM4Zl=UM0$UN4Sdox5Hv3kEop--^@u(L z>OMu5wHv-|ecsdderPQt;=lF`0p5`X{R2LD!qh=t!0x6{LGBnS13rK+8uC4U0rB1N z*gtz(fbJda4HNB->2ZY))IVe(VatpA9=bPww~bIYH&p_9939{oP1^kz=E%6rh4dR^2fZ;)33vlMr&57Dqf5C# zJlB=1gMY+gjJuG#%klW94wHd?6diZ(^z6D5PO}uxLJ}DSA`ul(_5Fct0{*~&FZi%q z_KSV_v${}M;ea=grz&O8Ct4u%^OXH$jw*1Kj%;eHc>tEtqI_mMCKPZR6%ueO3ge(h zf8ES@FO+`+PTV3qrY2$sG+eukLW-#KR(rOH_H57ZZW)Vc^_Yhd`1kq6V@jmd;;`mp zVE!A(LHg}fj;20a^W2auMPcVTIoKLjl5kswy#|lBIi0n{bYjpxuQ^hqFT-h`LMa`m z;j0q0IK3SQ&~KFwEltp*`^Rs^=B2WY`)jwteX;UVI+bK#g#HDtLTxw_CE3cnSOELI zfQNj*cFL@0khJ({kXMBbr>Ar>xg8`P{vC6ogGA$lJBFEZ;;6EwImHu&*4w#yfW~LY zHWmJd-8b`BG*fFWE`n4*vKK*YjV^XPs@8A@!yC0_cgiwq#ZtM3<&T%bUC+UALE%QY zYwDjtOYkc5@tFu+lQQP%%t}%W@m!tEyr2DNDX~tV{5$^=+%Z=L+77%v<}edzI%PwG zWJNJ?s>MlP*&{FiJ4aPrs}fx{jm-vK+MRgr8^fo90wEnVi+GUu7m7oA{d zUII-C2@j^`7m33KgR_{Ib<(rDTP^-Fw}f8=dY8V>MkHrkq6GVX?^fX|f`i9sPzP&| zYa@se*b8y=EO^Z@2L#D+HawBUI9a*sWt$W`JY=ZzCQer)_L^y~)0d<#w^v&M z?~Uzm_BYXgPF*0&=Xmg3yo3D?uaLC(s*LgdLaSGg0JA7OL~4#cQ_gkgOSg)W5+g&# zVqDeC7}EY1l7+f!e)W$y-e_9}P)f^j-PAEa^}YSy)wdyN;Wnv}UX%DoXYO)BX-~oa zvru-W+dt~N(cmwdaX0-MGCGkmDu1;^J|QVauv^oGO6chqBCfKUZD0hJ5yB_&WPjw1 z_#7x==DkPBSX6;qSjRK4mroRf!xtnaW$4cSa z#x5xcOnIEDH$!#he&sq?xkL6K%uZnxc(0z7kr;?UQfap_pHb#=;ekV{Fw}Ba8^$wd zcX6EP0gO~rW~I}n?AeyqwwcP56ptNL!#yCGu{ZO7$PDKCkLR4pY>#>ErJ^tP^821^gJ}I>KaGTywY;~7_Tm3aV5@q>uaDw-*GYKImkvE7 zjObbo*6)KF(fCyOgfJM!o)x5ymZ?Xa8?gCin-t~mmehh`i1vyZoA}^o>4!shv9dRd zh88X3pnl28oB?WVP_i56enEdF+zs6C!33{=a(ndShA+rjWP| zY4rc*jvd)2GfloAMuofgte99r2$v=NRrDcQB>7)Nsh9OO96lscwXmaV9#!m5};lR=f z%*mPY*Yj+y*rqpZjFM%%jzD%iN?`ixSTOfgrqn*l=+us2}OC$=sh z{>F;MD~3;fA>Dfrjd%Eg=_MpvCwZbUk^{m#4C4cWV@Be(Cb{HhEDR?S$Qs8;o>MAA z#??95PQ^|NF<#AU^IbK|z>;fUHYLqZ?IEc#@c>}9*XZo5$eKur?2*~Y*V02;rB?eRI=Yyu?m&3 zGFE%aGCK*P)rG%ylSCk};>Y8VtM;$s_~ReJ8LbMl?xq;45shZKe0JGH-*Y5p^+3Qp6}L26@vrS$uyG#*ig- zy7ozY6_U{I6SquAObR?5h(<{*FY(?Z7N{UWQ&uIV7hNw!pi>^nvXSml-LNRdJ}Jc9 zDMVjU?(zQ49#`^w5&XK2uZ9hQMfqsefF;Xokr~!LqWRDPg35hrT zKznw~FcdJx6^l&*S^y?UDTlaF4^@z?zyZZgTF8Bn1Q2vgW3xs%_p99KO9^df?f(jI zedCB>74Y#x710txdFQw4j%l)V=b9pUT(;_the#@?rE+94yxNW$@aT#ndAF@{q&Y69VQc|$y75^$eN98#7qcuEFRwO5IR$q!`vy)jte%gH#{_xhY zyb&4yFIRFIaZ=BD!lYajkwO=Z&MFT|0+z6=?;*{aYVv}l_>o|{ZD{f(n`o$a?)a@K zM;0l#v*MIfQ_COc)23J_evxcnMZ79RqCy>J?yT1j*F*sSi*GL75&hv|=s6eqSO^3) z(HbvUB|fJmOmA@Zp%A%XhXC)>4lBYL3?y-@D_lAF;bSI<5VRdUB8@NWV>nc@T8il1 zcXxJu3BUtt!aBh#b(fR-fL}Cxy}tYv2vp^WT|8JS!}9BJpeaa%JZQc+F90_Rco05S z{`qw{3{(g@r<|mNPhR!M#2TTzPgMiBi@9^2Dl%m|A;PJdyr^xty`&j8 z(vEnsx>;nkm9)4kiCVyXZ+eswW=)QRxbHuu3wroDT zn^WnKeNb*ayS(MTTTrh9LZC$NSXq2ujECEu#fmOwZKx#X#1?{D>$U^8$(}Mqhd>SD zYxlkqR}7Ey@7?BS_&L}gm$MSNul);-^@7?NX}AI<>e;(e?LRq0DI9ZG4r@)t*t)+e zOMIh=rnFpP_GA^i zGwsnKJubjINm2*Mdy^=K*!vXV9_$2a9(>?+ z(3|u`kQ=DIe5K8=st|krWg|T|E-gREtInP;5wKfNu>rOSn*Wa?XoGw7NW-;iGh_p8nBlwjw`)nscrra8e z-hfHn|FlrNQ=L>ICJXq2h1P(=U@)R$^C;&GU_%ouS_R0vhb;PmOalr)1i=D^FhJm2 z34SP!hzR41deI8P2jEBzz1r%4&5x8dt=%_|>r{EeH>*b*IkuSCyZS2L4a7F6L!2>_ ztpEPg1-x^IyH}H$jBm6?Y{LT4S~HV1em@RVCW@U*!u|T7&?4bn1!$3Hdk1u|df*>6 z%t2v$XF3;nFgqoxyXKtDG<9U7?_Z9)hlGDR)j)>`j*qCr2C5spq%=DM8pY!m4d2OZ zd5e|=+ZjqDJ2FcgvoxyZu%+G>r|YTf${>;i}QegRw@_$HOLRO_==k$haYRzXOZ zZac%*jJjtn~vEHas#?KZTv{NVwp+!vL2BykMY!zF?3GZhjpM=(aAuZ07;-1$&vau#4%wyxI9G zxEau`X7YQwrE&vDJ8ZWsoprS;+)S%baBkQA$UH}|@N;2CeLTRe``;k* z`3yAAkMqA0IhI;d3*0UOm?X`poMX9U;#p_13c&p)de*~2!9xd@;xi_ln4KjCE!bhc zAL>ukvi3PE>n^G5>o(v704O0z!70N6Y^rjwCc?LoFN!X{%!VADxioS{o1b~}!kA9N z%!}`I3NVnW@n6h4@Cjd@rzwzDu(q^}+uaG1>f% ztGms>*K$#>mv*fOcI*1WRiKj${(*4izGq=~cBwdz_J;3ib>&WU<*v$N`VmLV_894R z19tbZ*g`b|x1^RsfXb1@FqJuOECgqVCwI+a!&)uofLABtIPEr&04LUA?CR}r-h*mo zg_Z4ls#W${?al<45|@R`gNHa4xv}YNCliR<1m-A4AUFzP<-dVQsG zy?B6!hPGbQUYO=*%T+A60G2DRI8qXnEUBTZvf`I|h0^*?B_PdzFIFZPRHTKy&N5imiBbIvodl#PP`H&m zl*o9$LmAq&vr*4=TCn`#K2*j3yBh{hyM4eWmp;d;cY==|rLzZ`*) zSNi<;k6FO~g)W5#Eg!*Nf(fAUpKI-_%V6&-oXFqO=p%C{aBhKad;D&VLE2DCnGLl4`}<%gW_*S%hDE+)%-J}FZ-T=%3`sR5^5 zjQX-6d{E!?{UIzDl?}X$s1YVSU~(L!c^)>lYWZN!{$^r0{mvJwfvA56@~O0j-$ZcY z6iNkuxg{09f%@uTKf;;(a44v=vOoL&I_hO}P27C*$M^{CT|zz19ud_S+uMErZc8}# z|L<*yqdi-JW$#$N6W(74g;{XEDp=e0PXlCw#I=mtyc2<)Uyj(ljGj_R2xR?*#&3h! z@3FGl6eHT?LXn=gfen3e>f}u7}O0>=-G_q?K~Fs zf#N=_`BeY^r5{n#^`8W6{MX+EtR`a^LGy1vA{(J8?mX1@Vp7uBaj7tghr+7MP2~lH zqf93?Daiv2&3_!9G&^GZ9cgMb+t|Om7Az*lpTEqx*)%haxO{RK_FW)Odr#n2QZ{#< zf}jcG!Qw3AUkFty9uT2Q8PNNM%xpO1kH zf?+?`!^`yDI`2rhxh?%BzW!O8CK9})8B)48T0_@d@qZGp$LZ-8e#TVnhwTLFgA8&4 zOSIAYYZQxaanEv{K}ms;bHKyDrt$g6|4ieJ0#@Al94ThBZbD-?5b*cjl5NL~$r`K; zrcU1~G|Q)%CTe%Z`>~{rg=Lxhj8OHN1mt!BPLi>K9Q{{HTT|d5a)l~hI6qMKSBv;9 zzU@FUm1c+w&f2>`E$k?p%=SC((}pn9s(b8~>q7*(O*4Mk{^K}iE)S1y)qPhjHo8{9 zopRmYumIan(^qTMqL8$J2VaHPnVs9E7P(T4__sh|nbAnH%Mfb3VVF^JqWDfWR{x{I zoxm&;90ozlX3wIIS4VvC2`&>7Px-co_4B5~|Kp96!#pWqKYmChWsm%lfV{__t#Jo# z5tCR8b#;g(m6S}tL~b5-(r|ec%UAhD;)^GNo5dcm`zHA_StG)GeiqqBsL*Zz9-RN= zSR2}>a}(L?q#nnW_Svj98NZTt$$8qMl#;RX{OMIHU~8vuH&H`bkocr&q%AI3V6> zFd*Kl!X24V?XOm0A~|w>2tlX9Sr35w;tVm?Fx2fnBYmjLw9cy>xPg1(gb$!{&evn73BjyXU`~N%W}%2Qee$ zA&EU;XZP6c*daPVUX2qR8A_Ogn71|DRzZiGKP3^6Z2@8WOn?0@uxqjoj-rhlkEzN`B;c=RL(Sp(wGbF8oj4(ji-y$R#=tkDa{6Unbc11L#KSFIF6P@kfqKs0x`!YqO>xka~| z*N_p-98f`;(2Km|eNmo|l2KRwY$XBGLwIdtWk>+&;GpS)ZmncA3huO!q2(aZg2PUN^`Bw}j`J)z2eh(F2-xhoXv}nCXu-eJ^C( zx-ttq<%SpL74xms2y#5VM6ao-v#DmDT^$osht$J&T+b4~&v*f^^FLNdD6!3XunC_a zVGIW#aIqUI6@c;hfFdy%hsFRL2NyoBEsMr?&aB9f14Zt4+C>vmprBj(fPf;lmn_To z$NqLb#SP?r9)*m~<)oFV^eLGAF<56=H;PI8V4R>yzegb7`XkI!GkJtCE;l+b@t~`h zpl5*po{L%*)eT~H&3sFbfQVgAvw$eVu)zHYx=9mWl7U0ojVDL=k#R+i0UcNBLCp#V z;~!U1N1A^bVia^t$6+Ey_QLr;@&j>MA+Nrf9cb~T2>dK=g_Eb@`=bZ0HzW03Y)NeT zZ-dFc4)U67HPm#5qwV!}lL^%;=4%nl`V51;N8AI#_3(P9TdPYRsRsBo+gPMw0_3Ub z@&QqF^T(+FR6*^o5mNqL1yxTMOHHr%b=o=ThW#bQKNPM zdu^OZ_4U87oxep-d5V9Eo)eN2d5D+#-#J86pAoEzTF^rF%hM(nZDP)6`nD~6;&{S+ z%fg3)3HUDwAMkE^itNgGCV|}b3eQ@wL)YVebY$&e!RhHwBEC*EBv;m7fn1L;%J*PK z?ajut7~$tq2JyC2c5`B>&YK81(`Sv`@9b(h6I|AL`k7yVeS9F%^Y;Hi^t{_$)<$!8 z4G6Vx9JwPPCjM!7@jazASr><*iyVUgU+bPnclQ4Xn5g60;PMNR%@m0z+z%fdv1o@S zJE#XS>%W^kxs>|*Mkr4vqP0o=HzsB6=k%vZ-V5F>J>!7eYrO5kMc)$%^LT~~Q*JUd zZQ);-@XFyisK*$dVn7pg-Y#FNp;l90EuLJhA20k(B(|o+43|Wd}hkpc|Pi-J!?hr)ZTvih;HA&vGMnmY;17 zzM{bWMl?b(>@!zfQA$`=_^V%D*K!kwc53e#g>n8}_|!4^TlggT@~^_D$@Bk-75*uF zTK=zv&xhw22l;1Uu8^$i(HR9JWqKZpo6hl9$>i%!VHX;2;{J==xht0w`jtRck%Aui z^}ggLF`?1V1gb_>v`N?os_1x?4EG(6F%-R)h=l>TaqV>ajhk)S4~{Q^81MH&MgVgd z>U7aC9`jyVD3Als`|>|HaKly7nDI{X?SvR)!+Cuek<&)f^yCyduZRie`NI+xL1ctX zgm|crMDavAT*kly>y&T?S?pt|w$a{?M$9h@4UroOuBL0TWZBsMaSsx5pSM6r{1-#H zgG6DJA0oBFyXj4qS=tmfb35j^kB72qC0~uKqI_)g?qUYhbMi5*oZlKrqj->3D7@1JoLz-V0z;J==njfu| z_=Zo-vrR|u)cE432xFxB!8SS0q&2b>uSihmTp&d(6La>`V;Q*Bi;Ng%?2)d&6!-<% zReD}j6_)8vr7Fs(#(c~_tCf6}RFf4*hUI2CTygu>Jx=+*z}W&aW)TvvK6vTF#3y5hi5!j+)CfpNP5*R?0oV z?mnj^Nk!v9OWIqa=os@eY4kxwssMh?OUX=P5VynjJZe|OH}{*i;s|8a>)o6s1@MfV z8)}AxVb7>klCP+_6K_*!)OF~fv8jPp0<-fzl*Y<|0bp$Jur9yQr_UD0QCV6x$%*ay zBgH8Hczd2{el>_+5+fi$E}+ZWPkBlC*)8co>g+0gFu3%K^>7%6Mx3kOyy&F>!dSew znRiPReH?X{BUTZmn_#1Ewpj0YA)0xl@u+Bic39x-M4_}kc;2; zzGzEg8>n%e)rd38T6Ym!Sfj6JGms~>eTP$x!93q=)-T`1p6jAdcSZKR7XiGuHfiO@|3Z+}nlT1xP=5{rR6a_y0q1&$`rEGaer8|-6 zckDxOQX{CXe3icfSA&yziCV(%_PO5)KzkUU_w1&m^vflW%*&~ZeCxYQ@^?^STer-;b@=*An|&A1-+}yID1%9Ja%dKx1mA` z>5cq*ifGB<^@qa_PgC@*pOf}G%sqz@TbZwgd!80lIH}M4<+AVi(7KTSv;Zew47bGY zwZY&d>p#>;jE2=WdtpSiCwqYmpG)4$Hw_=Z<=Z^;k41AHriQPpHhpPbM45R4+&s93 z_b2{w1J-LR?gMKyj0*b|4$N+p>_`Q-w2caog6=}Ox%CA^ztd)|GulUC&Z-znXv^oz zDmX9=TCiUo;)i9AA6uiDWlEQWbVQgeux+_5r0x51<=L>BU~Rdrq(i#kReo>xf>}WTb6AfGc|IH#&|5r zBDZk%yXc0j!p z^T5g9EQ?C|*@dZe$uH{GzghK6(ymMcCjRhg(VCi6`JnvkWgIOw;Q!(4Eu-RG)-7Dz z-CY`YcL>(Fy99R$?vmgd+}+*X-JK91xI=Jv3%A$WYoD|4IrrQj^q}Y-@Kt}+jCaoY zyjAv-zO${$JGSE9%k8Ei;l(5D7Xt|nOW6#L$7A%}ba3`;!z&u`F~>`iy1Ep)u5K zgzB`(YN4a)+?YJ4Xir7VWXs{H)n0VDvQ=yXCX@6a%}SaGESu+wc0X}FF~-q}Smh|f zNG28`SZfB&Csm;f%6&aF;G0hI-a2d0CKZe)LF2H7ECT(2ANEm%GxqE32<;RltGT zs;+#l>IosT8=kO?MpZ7Q#!^MSUjk>aDRm%@>{X`456FJ}b`(6tayJnt$to95uEHwF zahZ;1_< zN#`rT$71Hc!mc3CPC{fcQ9x#8r=ai>IzBvjSgK{|gS6-?-@(Aw!A?F8K`b$_?&5s3 z0amH-kT%j7f^6;ZKMHT0LRa(txiA5_FmIgOrRa%v^|`+l6$NE&;Vv?GH#|J1>BHoL zW+f$IK4mt!Uak1gTD*2Pmd{GQ+4--B$gd%`H=9t{2e(rhkV}H6bxI?r36wxjA*T_t zw)(%+m{NebF5y7t`7p6z_;-c``*(r_ss}RL_65O7=fzA(TPG;#Godno26qD+lh#B| zmj0Ny4@EZ|0lK(Wz42IsQ`INV;)2Aa{YPL>+@r#w&L667rfi(!f0_SnHL`>h9_9<{ z-IQk(ZzjQq-|_Jg98}}4p!|d5l_STQQFW7d!>Dsialgp@O?%5a^fXl7NuS_t_uslO^w2;dfbdK^z`4S8jHQB=#tnwZPg zJrlgU8AXxNA`Kie=`7@JwlJM7- zBU@kI=`DmTFPV>IZ)6q1ZiU*6Qa{RV-1FYsY*y5OXez`mww!Fz)!7-J4ambEpYS|J zG<(-BKf}Uy2U!*diTh-MG6Xm08@I9l%n%}q`W__Jh|*lPTquOe3V+0OH}if`g7Ep` zvXl67TfpUkdHRqM#`MPpWSOC;EM5syDA7bVLaGF(LFyGRao)PZrDg zW9_P%U}k2~w*LY<0xNa0d$;>r-U4$X^jK5rer`97otc44{%v?db^~jw=P@*>C);xl z{67bXvF!F! zo0)8wms~~UsToE4dU1w+u!A&Le;NHR&~KuSZUGM?Ket0IV&$e-m5<=`?>3s9zuRay z)qqP&PJeH|6#wsFA>hGO1jFZiQtt-==2Jf_l=mHP?;q7PjlWuH-u_oB&1;L)Qx20w zs5tvj@T?!zt!ODIdmxB#qv+(xF1&%F_Vy zNg+6bo{=m><{&DyDp7)}WPQc!F>Y%sPH(_tG;_Pqk)<#zng`bEuW8d^uJfvNz2N}V z9>`y7EJjm83n!Glu*_>073mpXcnavjT1{JX6Dzk#M#Lxke)bTvOE8-`H#x zdgf~b0}L1rfFC5I>R40G4xCt<^``4+2w_cdA?OGcSTPy0qQ*J7-6Vo%RoZc}rL}6CaJ!xyok+QFmS2!i=AO z4YuscWug3$pQl|cC-Jzw{>lilL)ACg?ZXX_?`*K*sJjTFlAjd)rmlysrN_QQeI>yc zyYm`DcoCG1m^++{W82`!9rZDG$Qy(tCJ8j-Lx}}^2}40uj6jLCbM%~wU1eGQBh?Dm zA>k~G+$tR~Xgu+g?{whn&~x}LqO>^TrD~PyzR)4t&@G+V&}~DYXHOE|wXgU{6LU`L z7NL__#m`kovv`#l-UKy3%sLEF1e{YNTs`f8g(cW7+#PHn5GrC4Ho{?H77ook81w}V zZbHWfF%%j_2QfqqIm7`K4u^K2KqfL(4D?Tc_#ZyZphx0i{6ya4@F;3~-YSGfOZ4QU!Pl&p&@lE3h4nb^;Eab^-xn zSk(k75*dHKLxjzx*|@yWOP7R0>R>j(2I|_o1UzPm1+A9CAeAS;Qz+FL_4-ATXh}bC zNh$+j&jiXNdBHUA76RkECgTlaJEbZ6u>5UJCvb=^ap)#Yd zBrq}yBOU-4hL#0JS||LbkifN=tfQHm>xaWer)MUm@4=RryqW!;wIo`VCLXHIW=~uX z5UpCyW2*+?hFXMet#UP1c?8t<*8pc!nUvsl#CjZnN8lK7yiW>7yiZ0^z?jh0edb)X z4Mbp$_L=@jeu3yz3|^N%r?>FIYo!+Drx`6rG>B^~atJ3K9S*cs;?6I5p3(ZFQQ?C; zv4aPXlKZI@O`rC)?nq#P-$0j23g`u0>No2I7=SR$i~XWVrYZ}>S9Cbw6|TdwP0aah zl@~HF1iEO>NAH=M=egCguQwb8op=JVV36`2hYTMWmMImMUWvR`jIB$;V})K4MkyC~ z{5AL(ZXR?u4(t9%TrW~EJGzO!`YBdz<(#uRk1C() zO{|t$!G9Z6wxuIC@zm*8J_X&f>%VRpnZY-Qp_p>n)4>>t!!m&Teo{Cwx&X5>z+FD^ z49=aXGBn}`dj4Klbh6l}pR>F8J}nh+pOztTt2h1Yli@z4 zXQ#P(OgOl-x=*}JHaRO8-Afe;yl$pzUN9^>{0^%yk`@Tk?j6OIo1;V1eHR&wR%K?H z;LUoNk~2AG>KtiL-^etCov)QkAk+`4gt3=}f6mF$RcR8XPP+%3OtV2^X%}=0P`S~| zYzp<|7*k92fI$ogv)8NLWQ1GrUW?$1MKDj`8!dAB88awelg*I32M|){<$kB*O;%E< zfYvyVty4HKCr{Wb${iS0&WVz|Qb*+wDv)gXAU}DUvFS{k*q^Bb$2z*BdK5i~6~TUP zvM_4KG40k4r5LK`hyP7X0#C>Y59weLS{{q!b2eqHPZBH#=Y?`ck9%X%nMr5F-26vL zWz?lvLQ+EuA62um>sT2*qJNS+WK`_HA{|AG*zDG3NE^ zaRvYQ!Kakwy;j$jGQK(XhPwh;lnwDTDCBcy{Gc!*3Egw zsNVRVNn)kQotOsNo;5gI8JF@qxj~1-KRa+&58){~f4`pQdw_Q4M9YrRsN0i%Rdrh= z91IRC{`P7pLV(e1NXYi}vo_#dUQWdo0{+rGDgt5R;zudYoAa@D&526E+a5ILrhDt6 z2IYoVO8&>I1mPcB{ju`G&EUpgCESRTKRK2LrMe$=IG7X+THmS5uZ z_#c+jx>PnG@l=x2*TsMAP9+_XV;M>Kj;{xY+*?&F^OUtNHn2TwKpcf3M>W=c5;Z#v87sN@_yS4VEF1*a=CW%^3N^_|)S zJ3a$=Kc2hb;!b7a5)_{n!U7p7#wMq2yceJLXNv#Ls8NpFah#UB>}Sly&iX-hd*j^H zVUGZU);%k~3mkGZo@V%0FKaD>b=FQ2zvsO5#!O+Fn6G$-f`OlfF~4Sb&P)-fyAlye zB0i!={Mn6noc+xdyGxoEV0>2XVZQ?DnY0Ga<-^m9|4RNM;FawW_&)aOc~6jn$75ev zP~2reDZkeZASuDo*FuW;K3C2kwbX8fop50jb$qavJ3cFKpF*gwYu!C`^%FuDiN(&D z)(l?FMK+2_U+0T;ef88t4|FQd@w2>@b)*TM1CuCL4*<&mW+3&(LK$kuC!RTiOt3b8 z(f{h;xA=|!d-1ZNUTy<;4|A)U7qqgDYs|*Cke}YSC2npKJ+JmwI^w+;_O6Ryza%#lwUZbgRE6dkZsu%Z4pG&d3!f_}t{RfJEcUnCdq`my;$K9P3+`5j zxPu7NQm$cZUvBg1$3vY>y4>lrRm)W zp{Gs$hL;aVds=dfoJI{b-zHEK>7fC*EDFZ!d=O9sLu;i$fL@jAkV(UwscpQ;-{2d7 z^!{y9wtb1KWV5QQNx=K?Zof+kw$xQbsi~3B?T1FEWogj-pJ907+zp~fTntz}sSn{? z^;#~E*>3$mMd9zWIVzn_2=$Hgs48X$`VC)FpIcN#lc;Rg6Q=SZo^|O zQnnk6jdC-T;hL&X;%%+Gm9{8)QaO@2FuSrdJJZ*k^j8NQKCl`v6;V=UQL-1;=Xx*- z7Xjiik}=dWF*W<$BNC3OY2CYka0E!~kuJq5R{G~lw$bBKeA>LP<4!l~YnJNVmrfb0l?3-5Z+wBszEo=Wq?ZBS0dZK;Mb*Ys=Ak zfJ4SCIK0o?d>St6^nn^e61Xj~5Z<@+G0YGnlh~&vj*n5m5Duk=c`1hVD5>S{@RWW~FS%=)n{GIcE$h zM@iLnQewQHLRNO{5okl;2^^QyBoHhvO7c~rgi)fS>!8X}4J=LCrlX4BzD`OgnWWEA zO<1FfvRRuhYay1ET?^Th5d-&xo2U4EN&VU38J?=Fi^r1_z5-Dlw_pY(TQN{RTAt~I z^S~cN50b~79iARh9j5?=L{U{>3x1Ynym;hRX5u~lb0YELvKh%#41K}KS($>l)DAio zG{P6D#==NdRRBfIMvEo(2J&qgYb?TT*+8I|x|3X*6jk@y+q;$6WW0xZ;RubaL3sy0M1Jv~;I zAZVdyQI}}ji8vN;(TJ>wu2?%3EK-|UI?a)5gFa9A zFEkTz`t(Ko5z@t zYr&FFh_pzy7*sWG@I@vkH8c2g+;H98cg?ud%xkDEjV+HYr}M96D{ILapAO7NyhXnW z)ix#&)gjZ_n>m_Y$!DkaGdw>&3XHQMAib$bFMsRaKyD;vTXR}VxMf|d4<~3OUdlPg zt3gUTqID?BkBBM0G!bSZ>w6nMpD`TrsJDdop!0KD+Zv7$=*tAVc)GaX2sw6RH}F6x z*h5?kR$t z%`+3CKeD$3pf;RN;X2S=DUKw6bV~>3`KaZ+5{Y`CPzBmUZA1j-3E0!aY>+**%|@qn zw&4%0FS0$#{gBAxA2+8|bh(=5{mpds#h03(;F^=Xz)44x(?BfBsw;_Ljfrj2*MFwCYmjoKfMu!uj zKSRI+Zj#Av#1Mk_;l|Mu!l22$*0FM!zo!wgJ=?H8LvBh%Yzy>y!1e6?LieS3lDvxE z_KAn;e;n!a2;c?$Jryl5o5X9BnCOKH_XDP54Fd}eXh${&U zsBJ>XZ3z)D(8v*L+gKEggeRo-M4Tvw*O#MndtY`8JrFdrK+w!sK{GP~&8(j{5HvHW zy-M)CuTXn@NpK_RQ8WmF*KKsZwY&vRz`e{hY$*|D8lVU>1KgNgIC@;FDg~JX3R!F~ zRgTtw>6g+YMOM^Jx91$~;Cdb^=4hg6Ogj%FT^7*f>IOG{BYRY1P1F4KU|0vOV*V^38Z%NVjroh;ITS4&RXwtbo35wa9`u%}*&yzY%VW(}2r(JzhBL0kSnj+45d)#~! z=-UhgXV9F=#Hd>qu7gKU^k%)lWJbag!s?c9)<^FiJ8l74cQp=9{gC_~?hvYk;E#v`;IxyIaR&>@?ZUL=3}huqxagI&1zmt`$C^c##kn+pbzA|o453RPxL@6+|F9l#OzWk9q#A-%U7*4 z4GLmVVSK@uw@-}CpQZom@he5eLNHuh#itbV{>%FLBg+Ub?%kVM;Yox$2X7%R&s~#8 zO4SYB19;@u=Kqv9lMh%*&CPW8x+$iF0ekolMVK$@o7)&M%Mc zLDb3x&Ll<=WAkw#@bKT7CJE0Saapm@F!9oE*OUKVdK)MVqc%umI#_fSdk8xelnyW* z<;?zUq%*J^7YeJQB*Egf^!wW}j&HL?-@ZpS9al9D=Na@jnk(9nPlWC?U43T_ngs-? ziO2sXY%?FD=p}w&!dRc-$6$-RZ4fE$>WEX5>W-ieUpup^L8532Dj|gzi;#_TUzC>7ZQTqeP&;^dmsn1G1q1Jo9 zpoO8IqUh&?R2C!-d$W%(h$9#w_QxdCwnb9$^-XEeTbM95dKPF+w`);>ygvQBMLMty z#`A$d-zd9<$(3)1hmA(bj#llQwvGB+L4fjhqU(9{#s?J{P4K z)wP2dhVqYhj_>l1cOJ9-9c`XM{6#AG+dU+WLWRP)M;*W%YoXFL z9_{TZ$jb+yfxP~(e+8h1u`HbA631^|52NF|>NMX*-Yfcdc(@}iDn4z@_Ok_NpiPJebv`X>WXgFe@tfSav|7qqb18+@) z{uK1Xp3Amdr8{=vJ7}L^25e|kCq@swyPLbQbY*6n&<_fxSk^@P8l-sW@9=5PO9N_Z zuD%9=&U7l~@k(*8r)ksU@1?_P0}PU%77WOb_x73!P`p9M4Q%!A?V@~=2K^`14>0j0 z44J}}RpXigHs*jgl;>%rhlnsIjiC zt4^YRD@dZ=1LY&juuh}i!=NLL-L|*D!lGMtQ)&GojcEw?{U@OYf*d1~uEDns=*bo% zZWhF6*eBkMia%peO$yyCy#hSP$bTAO_mNqs$nz$m`(PfCm>O0Z-)n!ujIp&&CCetD z|3)FI74*ncejb|H$lVZYa6}ynYo0Iiub&9QO++|v`&>2W8DehD8HQYWV*)+FxcR7; z{ArKpiA}FwXQm*DQ>v_zCXJaY+Erl6H(o+F1L&>S1XOPZdhjeYVZkenGtRZ4Uq$`=)AB*psm&4TbyPzP`18ISQU30H{_e_6;{pCS;7l}PBAwFAVCQ+^MdVV1 zY=UaI6YQ!%G!U#Ttz}1>O&`@TtFGV|>v$dDcHZjEPv{~{4W5Ja%f~xBdW7`5U&$|@ zqZ#mllOsU4z8j-xBQKe$dr0Vc^Xw^&olsj-=FL zvz#SE@Ut3Z42E+<9uxrJY*X-TMlU&AI9U*#o@K=2Vo9DFaN|={PKYnoMKuGHZ4*lM zlT%K!JGzaEn#4mM3niBK2fjXrSJ6?zSa}F@gydQM?K0nKVoCHJA-JYw&ovD({=?C4 z=Dcs*2z3(;#3Ya^qO`nT0I2SS~a65}sIkOlPfhAEJfi2G7zw zglpCuwj(i>ZiTfHZt`sH8#XcO6=PkDIGZ?Aq#|#W3 zJEl}&tS>@W-YdnmcL*aMdO+5j9Zfv3A5dPGspU3+)|{(sZ;Qo`>}`iM?p59Hj-Yo~ zCoI)|`Ln{8uR}2bY=K;C3lmPqg?L4)aoYw5;{J?LEMBNC;xz**67rez1SYGl?;2-X z+-Mc#IZOaa!A@=Kponr@2`s$P?`bJtAm(>VbWrXQM5<5u2=3p}@p54V%I(cmCa*6@ z8ckbtkFJ={XuSpnbWugIJ~3VR2!Syt&4@LULxggc(6yog)VCg1ufe*a^CF2!=R5Ey zT{LhO(mcZsn66o^>b=G)#>B8e4=0jlA!Cu4n$S{1K zHpx<4HogTNA|!kf7ACNkw{fQl9$9)mC!Sxd_FoH#1KRFG>@q8Y{K?M1$*N|c$VtQn zxodkN1RoHT+{wd7S|Fl#Vw8be_^sRH%&M|OOfrBWrtkZ&fuDUJv>@3gKc?uJ@~}lF zcj3s4yabKta)^P9;o86N(d)@ftY^{yCgaM?0-@D$5a@^ioWO7iF$3cIFJF;9^IKB0 zujvpVd6r!*cX2w=e(kboIf%pwACfy}or;d*H8oR;#B(Cuea{qCi3 zjyKZi+xrV*{`0Q>YEI(6!M981V7H3D+>P4(kq*NTm^TfWXTE&i?uW3RfT1WYNk1nH z5K|y5>R6_B!EW?^aIUrX_fb%l4K|Sh1e<){hls@Hqa{EX9^j#D&)MVuApETyE5@V%?+qM8YUxpX4n#vfj6{1ko)^c1c z7Pl7!DAg>qw2z0j=y6bY+44`I^A4Y_!m0UfiH4j0{Bn=XSNM&NO2N`=C_N?z2!eAm z@6s4Z3}osa8kSlvSJdLuJ)ax*iOgWaQ#$YG?$#}Z#AR(3=gcoNne(3yk5fz7>J49( zb`mvpLNoTkZqk;nzaAiqyW$mx|1fTn?h!|!u&Y?bJSlaIlF`8HP#<8nbzjM#aH&r&0g=Yh(nkeg>+!HE@)hunwa!6rZd(s z%8D?h4 |j2J}aJZjMm!(lCyKdpZ<_&X7wfH70h10$mbhKEX4+LjI4a0gj_wNU zKNyNq{f>(!5O^VCju=Y9G*w*JZrRA@StiRy3a59)I)Q-0nyw!&Go86ykZR>c)!~n_ z85M(`T|N}`Eu}w()bGUwUc$k?jfo>pZcqLYoD9H`S8|fP^^4@sp4`@nPI>O`idU8$ zLOVd4_Vs46r}jW7(h7Qxbjn?5hRL0VW)i@0?=lf+t=^1i{sGQfK1iCp&iz+h0)8hp z=^j&ztFS{0;p5Dpz!!f^UA&ZRa52g9h(jvf#Mqtj^`*|7uX$=jGp1O}2XSJrbyzf1 zg@~%?C|)SV<6M1{%PTe(_GXgZtvu`BiHWEm|9Wlyx_`)S>D|=2zi|iPc`(XH82j8) zFt6KGfi%}3>UerMqNE}y$GhOc9%l6GJ3!|^?aNQ1N5!Xu|56)Df1Vd#B1>0|?7f&K z>!bUw`_N8;xzX@SEc;x{dvRXbri*QocN~^So+4%|JTcm`MVcu9?vlWV>mOgj(~Y!Rx3&kk%<5}dJmJyGSjv~^f!f`)`&eeRE7U3IF2d*792Qt zgI!~TK}VuP;*1Yj(Ed}~fBvmDL|GtXRgapCJq8dFXBT(BEzDs3;q%-iuU1aWWo@v% zKti5F0x1oC;!2~}xQF7C3Z77SRJr$uUVqMi#6}$yNNfOD9E*6P*i=M4h+Y-~4Vj52 zp|gNVeqBZoYZomYkwpTt?00^>R)c=khTPv+7 zRq%_ds9%fF^n_%#YBiEiD*bj^URx)~Z2uEOf&S zu8{}bBEM?rr^Z@0Y3?JN@cJuPV{gVpOO20xhc#dPDUNn6VeW7raV^qB|d5F+%7>2C1ws*J=0v5+CR0}q(~4Y%Lb-W zqBb7t_QTyuJ`wG!GMl$<lIOu9=?Sn}B6s|i4bC(VqFv%|c!=Ct9cpMS!ncGKP9j~|Fih_)(GgCE9 zt%dbmbV+rQuk^Z2QP_1h>ImB0_6~GviQzbvSZ!b(!oJBooOzc9cm~myXz>^ zn^RY-DxamhC3emxR@CE*K7Wcj5>o*s4sI%JHg$cUzE6C(*(=LBk9+9LeyinvePtw5 z@yA4vA$hJr94|c~s+$cA#7F@7{U!hQ`wfN%(M}wH1_=gKj)@v?QhtM=tg@G)WQU3! zEA`}Y>*3()NXIYv#C}#kIIr^ORn!Y2mo&*s;v3V8>b+o;*LK5lN`}*Xz#8lLl$P^TRMYaOBFV3QLjdVObku^I^54rHv1&P5hoYr< zNea({oInYQw*JIVrgmbRur_sBg+wjFv14j>x!1nfF|nyRssoWaQal{zh1xvyl$dr( zk*e4HG4S$qC$N-jN#S6nLubXw<}BEkzZ)Ae?xS4>%Y-F7{OD z;%w+X%csiEhgtHvmUd`Em(jw*Bn!s~F{;B>`G5gzNkr_N6#qFf?9ZTa89)+IBNAsd zqLFh~92|2K!6`G|&(fA6F;*JNTuP(|%<}ffmtA7~p5Nun#PvY_o2)ylUg{s%+8NWg zt4il-9zy)Bg$ZAWKfj84R#g)4_(a=>ROWQSrmSHab?!s5qg9Ml*Me2(M*Gr`?JfXL zsCU($r_s5K=_TsQ@0tb*aMQ`{SMAr;IorcC31Ty4d5sy2)F9ZNU!-|_rvrA(Xv)67 zYCy@lwZ3!vht>>&1CJWnj~ZECz2JNZpnM2y%P4N>3hV(l<9c?#P&PEIh{t9Y2CCbC zn@q8X^NEC~i?_d{VYdEm2u2P_lQ3CIt8UM-YloW?a<+|em7XTNiaXS8wOY0?T+sFf z_KqkOWO#)*L~C2&y<)gRma*UDTs9FDV6OPPA9=mJMz}QOmQJ2OMB7NUNszW z+h**+l3hb?Q?kf6a3D&~c)IRQrTG=9%p>a4%%p|a>jiZH-uOs3>V3 z^%GQv^4%ho5)x~*n;o@9ejYVK3G89G)0fZ}-Ac|1eXWVywVv|``Rhj^&|kGw)Y{2m zdcJXFsB+yXJyT%wTXBS8rxx>feyqhNQyzs+nSu|^lYP;(1``?6-|sf!8Bzf8UkVL@ zZRJULPHJ>+m`-ZHZ5ji&x8}fpc_@S7L9sZPX`!Fs0~Uy6fo0*!n9!Kjg(ZMsde~B5 zd4|Bbje-1NWU%s0(V-$YwquVk{#&WYtOIj;?7@W~6JH8`U@kkPur0b(KF&3Uj4ljA z6eF+*C>n>wr2&`Fbc}@O5G$I12L>g>04bAd4jDy8mx?5+y3QX+8AxVrDXI#(mWQ*= z!N_TO>Gk?V?uJUEJBWTOP!ga5RTvRy#A!p%Qi7F3`ojKVD%sr`Pm*(X8z){I<2&#F zowP5dwVcN!fD+F(GOn54>^*{w%nNosBAiPiJX}K)tv&^V!i1^V9$+$T*KH0c2RZwy zaK&h{A<+5i3+hnCB7(z+ocLE>lJtcYEPhk!0<7{dDIMpC{)*U!67x-%KF@uiH}ZI# zT7G^zqRUwt67osF?Mn5@H@z5*ZeP+-SQuoJ*MO2tNc0| zW7&A%rc4XI@+6nB@|ld}P9W0-tZFg9@*PT+-oF|Aol#M&=r3!1wO!AW+WM5t*4)N1 zI=2v=9!|Fjg|>KE!%1&M6Z%AG^rv!Lad}bT^v%W299yH!jRY|*brO7A!V<6vf`)`v zoECp3>sV9aHq|i{0j3^9?P;M%SGnIiV&$-yZqg%q+~k)RJAtV1sgt7qk_3Jwev8G7 z>r28b_f0N~g$(o+aI=~*4zjQ~!!fuZ6)NN&11CV}9I{SC zP|qhFb}TfL144yzU4{XLyc;Rudz%Cr%%-Fp;KTm(~7wtpRT=Ye#X7r{ed!m#2 z^7>ljo6ds)Xd3-6Cy@}dleKAI>_BHz3yH+zgP4r)&F^#n@#kn1k>Hf@$=kc zRLI2!nN)krf$FGyeFM>3S*X@c{}s}rhe{4 zuLr~IqRL5!vVKMKokzwXZ%db;@;MOe@eR2{6ewu;i1mwDfydh1+1_+BDSn~}z8dmV*pnNQ!@0 z4_*Z0;^b5gd!+NLJsoa)g*9D-{PY?a8xq(O|A70;8sGB&#~Sz4K56}cE+SWXZAPDO z4Pp8@(}ZQ$6n|wfl2(?thw{~?pCvWspn`;ILfC+{-_GN+zQoULOZ=B!!=|0yUm;oi zCkni_b~cqf)K@dR_gCn(CimBN(s0=t`V?Orq(9xGd?IN1M49?_{@p?S5lm9uJoFAN ziKkKF*`7>bo3KM0Ka2QnCcS>Y6M z?0;F|;;W=Li%eNBG}syYi$KIGgKGY|k%y$GP!qNTLygp4`e2}~)TU7=B>bZ8&iS%u z(v-iavL=%d6uO^uO5xVm5iP%Fpy8pWsEHt=ULJg=l4Ce4)Fj$&x&DzK)N z`QrpdWDxxcyaq}v;3+jdcoqPJVl81gaSKyK7XWJbZuv&waydcV9AQ*^alev$^KNs|>F1KYd~ozYrbcd>k|BG(|s4p}l-ci%R4lC3z7LOcK*+K0z`{^(Ex{t9UNL1o^ztwT zvPre`Vb(aZ#r@qTCIntaqwJ^(+x8PKBig#eoZ>g->6!QG5aj>j2Byq!p{RjyZ>Rjj zzhMX29i!>UwlL${ZF0t{{G!nZ0vY5%Bu4mT>ojJnLKUk6u@2GKP!e-<8uQ_5?$Qj9UWq#*z%%}xx;ma=>iEsV~35=PEB>UQ1mu>VUMSA&>((Op}cD5ndDQJNj#g-(* zx5zfd38YOXMT>=QstMTI%ibB_k}87yZ{$QwS?HXwHG5I1ixHMx2@DRH96fY9G{k{O zT6)JSNLu6AEq3%H`@DpQui&@(qFe^+oceL)6`>_4m*SQvbL$4SN7v(LpZQTg9 zqgNG4XcUv?&=iw$5o`^hkeXtW2SX>PmEOpVPi=oXijigd+XXI~k=3(%Sc>U`ONwKv z*rW&T>q!7+_+>$BA$LjmIeKVwct^WlpGHak1kmy*LTDcsZ`Jn8{%XY@-D;(dbWk$ z_W^LEk?a3W#84h%+z7>Iz);ILm=*U69;<>zcvFeY9mNaKA}Cwkeumbm#1fXN5{J2< zqy3^8x$}SMrAUwrA?GchH7s{Y*2ix$N`2Yfs$iB?_yhuPrafr6erE2-aMMzGCMfhz zUr}c2Mg`NX6m>4_<2@ILj9n^!@@!OUg2yj_!Q3vo?91n7n1^&jX_dJqan{kZq)}`T z9d1YsTlu0|KgNsd#aPprfcb@c%rqy~;&d=Q@2A1!0|)qQ50KlFl~8?EVEG&Om4gOu z`*y#c@;Gix#MUM;iEWBf^k_!10COufS66-dR2qQ+FuHsvQx@58d)(r>bx54y({fYF z3*x=+HEp-(jZ{kU*y>M^ueKYS=SibOmCxFDwt`jXILZErFoLLepBU1nojNK@Xq?sp zbmq87h421NytFYh=<<#%nYlsc1VeWto8$&6ZVdTG-p1KMKigUCJh zO$Kck=PBI3&98S0q7ZL>+WxX z2+yBSwUB}E#fEA0FON>J08oSWB0k}bd-R|@OK)$Tt{a^}hj++ur}Ou^!YN?6XPcA)biEYa}X2SE`l3-It?A(5^Qz2=PB4ys7tPqv@v(mOJTc z!`(zoYBeAG460$U6s{UYV)0)s8GRA@2tY2}ZoZ}e2 z&;pURyXMZ>@LRj(cukIU?ZbZRt3F@z86NL}ws&)BsoR9Zchhl2MS0nkJ#WU#)$%Ue z8xm5~{Z#XMr-}4Co8Hc+g?7+Uq=U0`D&Kk(FWzSIM|w>@=eUj)o3=OlCwS~U;C4Px zSRpz;{hE6(no+iRBcnKIThnO1t^dZ+)6Pe@e#f$K{q)wgBv1<3T}o^_PM>RXMZW&^ z5!SG$39i}A+3y28rJ6p+2GZ#6Zwg=#u)$BBQ~2+i=Zv+QQ0m^bchU9{COh`<8^bE! z{pX#8`5rYUHShlq7~nGdE+$syzhMBl&R^$#5*?>_U`L(*e~h!hzZhrXGR5UciJthG zE1um^YqYjMb@SH?YY#(kC5?pI!a^-v5Zq>;U8-h?B3g)2n@>H7E$W+o3%fEVbHS6g zuvwrBp*J?0SacScLZ&6qxz2os)j~<*1fMIZ5Xv8_``lMT@Sfr8fH^u}E(JmJ!j?wx z37?QU#7|I|jAV)tU!df89pXDC&Z?kbI0;a2$Yge>au~q>f0R41sVD!10!&=OQ(&^K z=i7!N8OHsf6J1TMsNBS(7G%6%lUEA^o-awtZ{dun3(Tv!4&nTZZ|->bi*FuK@BSCw zoVf9S;>|7_r|G9V6b8ct`)hG%{FNP&%bRh&C&a#-U%tZ0B?@s<|5NNJ8^L{-?n;LZ z{Q)xOd_BDt?pIxe79Yw_tmjD!ZO+^aus8h?Bbo6q56ZW^PZ;)Dp^ygllGCRj@V3Eu zZpITWMJN)HL*9nT0;}WaKYh&CZO)FE?s2H-Mz(d@Kt4L7777PPK-j-yw{=Vm{tY+F zlUbR8oVmI_(wh+OtoQ$@b&OE%{;GBK4-GYz4h9LU$-MUPW2n?^Lt0JuRM_EnMRl6* z(145p!z574oCm07ZX{V4yUadZzfvL`)E&2)z#BRIJbGId1r>hKh6D8% z+U!h}d$!zPMB$EdjKk|)<2d2Kq2aqf1_I43c%m_^0EMJH>qhO55K?Xz=SME+&} zmKIWkjfzAqax`g|t=L%Sg01*exY!jM9w_t^K=vAjBoyAq@L)2wutwWk2lpM9RD>aY z*BqbSs1}YLpvLgQ~$7AtDv+z9`ErcBV4~otweWdT$mS4A1Z^4|j1T zAFq^F9F43P9#4}=ofEHvk^!$nT{bFTu6RKKNk3tWs9&Yx=R}`M{CP+mEIF!JP952P zL}o=c*=$_gZ%;n_sK@dyAWC)`GT*IKg*AW1#71PX9hou!8B+GTe>XM896w+f2L?)B z#|BEiA#%r|k;+V2Eyu_eJtbEN zZMxrz2&hMS-&`lie+WX*B$L!fDo3P_h!h_Qap8r8@zRx&Daxu)DALnNWi>5h56L(u z!0r?Q_OP5Vb}5Hsj777sc$(jq7RXF8v{r?Of_FT_v(Wg+o$1RP>>wk@tZU=v=>Vl5 z141!83j;b{ZGE9(Yap!6+Q9n55p(2#+(v96xU9Txq6PVAL`CiQiFTV)jpxfYV21+CMg^63TTs03FL%km(aIU!(VlDjOhYt_s;Um# zzj0SUN9WJ4DcBlmQu46^VyUz6enGN{%|U|J9vhMNV67_9mUkc9evgk%xz9XLhE$c2 zJTSM<^`SD2OAbZ{uvqLZs~m9?vl)`U^eo{@Y75~?ljG>Q3DLXr4Y(D7IZ{USAfB?X z2`M#)f_XZB{hMASVZP3Q{y_2M2K)g_twH3$@I4*j_Ng;svKCmf#NqP!|1^4cB(;!@ zB$`gwdD!<#Lu=GJ%`C6y9@GRG%0I!f!Q=&ml40clbJ?FWyN{--d8Ml2bA|pCq`FI8 zX62UAl>R@Aon=s5UAL`qcXw%Af;$8VH16*1uEB%5dvJGm_uvjegFC^36N24N-tYbF zoO|p3fT~3owO8+!nsbe3j5)H==mHXQKD6gmd{g=OX?B^T;_i5$^TqgK@a?h4tNL;L z1yCRP#(b}`pBj+^My*$Y?oRQb--$BXUwAr`jD zy#hIQF$sD##-aJ0@-srQrdOk8WTgk)o;E-2Pzup^@lQs&HF(R(>tSQ#RO6Ai=5$&S z%I=D~&SMWi-5N#RBJQL}M9)ZwB$*x>h#Nal5uQ%cC|{2rFip$W4yyFn-faJr;P8zQ zjv-?-zZv-r0jJeLgd3B6y$=zfGi-zzJqqFrPO;^hFVSmMou_&yikdECm}h?%;(hFA zV-37?56d7X5xev{u%KX58lp%G@Z)~}8`H3|#&<1%P%8*eH~cPfnq*19X<-fH?O|X(Qdf*mD0`fmBFso*7)`FjlNcv zIqOtP3$&a5WKyXsnavc#`^aW`-q}{UAk|NE1o91O`_fDX3#6l(AMq;_U9eQR{4&5h zFJ#6`O1}y2-P3oGbaG3>v-Yc~v-CG6<6#QOl(Y7`V8Z9LS3;C{vWaa@a?H%%gfSt& zvCO!1-UwVh=YzoY15d7<=X_pEWYnTNA71JA0M_rzmykJ3!KH`?iA-JI37*=cJ9Z=F z85MGf_-3W?3?y6&WQ^meyY>KA5k_rbjHc_krfS(IsDf*80tDcMqoolpdbm9|+7M(I zh*yUKUiIahQh02mt-i*e3}@-ik3Pc+IMQle_T|4|>IgWN6@3$wahi8(FAa>w@01gC zk>p`t27&BnihqIZam3%s2DjVM{*>(=*NSuRaH(KXN$JVAFw3pBcSH%btS+DP|J3aQ zer3n09SzS)f}DE+{&I-rjgbX^($vO-`1S#lt|=kfyu+UmRReTL3!D; z!NKV|Lt~3|3~D#&A6$M^S+mY{zpNL20>>B@mqI3YVcbX_a|SIqS%$7tI(s~ZC7o;V zM_Z%8#9+lr`#ob$v9jI!JO}Y5qGIJYD+bg;0+S?qXac|XAxXGH24Yt8f{&w&%Llm- zbCdH&MWM7`6T!$S`Tzcy_-Ca3Y$J|B9shktM-?Hzk}cDTrcJ78DYK*_CbhG1vZPn$ zy_Y@w7G%m4)Q!W2jt|1w&90*bz-@r*B_2_x@@2=mcFzw%^RHW^$xmo)ahqNZ6>EGfd!-Kq|g$nIrhp+XoS zOCZJwtt{ykzcUOXvLmy6vFK#?xg_2NeanttS`F|Iw)(n28E}%M=s~xB#3*+|SlQ(t zCWKPcYLS3+!iHD`SVL97se+L8vKpAOd-SqHMS!AMUIs0k>Rw3(c3+4jCw*t6stvKO zzal3H`&I*C-xUB=v9d_Tj|ouuC&PIsVENW4R3d7@6%m1ooc8pA6=xwTZKaWt%^+(l zVDU3qU!KFL*ii#aY`NO7)hLjGZ1#Zx=6MP_~{Q? zF#=ZW$P!~RD*{cOzGCOw7R0;@XoxVuL7ystN1qx;C|JcX1~wKigqx#JF~yT*=pkpk z7vsnjjj+U-vn?RYh{?2G`R)g2QP@!Fcn|L2EHap}#Sg4-N=`uOESRkKLkBgsrh~IOvQ3O<-LV zWw;@Cs39|2Kj`iTia}-4h8u$J?k|95aGlcXM>vL6KQSx@8X(C17H$l})`wD+DI)Dq zB0;v>f5+A(bKDRS&$HV~Yf9|lLYF8jiId|R2~Pr?fd31)9<_;Dq%FZj0AHmB77O_+ zT_#$7f=12#X5P4~eC1A;2)CE+0zfHPhj)$_X))~FQ?5Zr`&1nS~+zTc_ z9h=eN4$ig?EJKY zL^8Gaw@qA+c211=fePbG|J8o7sPHD~pS$Dc@_kl%b#1GZczpcDX66Juoar^D2>R20 zvipDeQ8rumtSxRw$9@5;ZYU=tM11`->3f;+4XIKoyRJFf2lIE!`QNtMs$vqC$3UvpC8A1p?$0{06WY!K(^P-C zYBOL3ZB1lf$jociC-pU4ZNUiH4yHX%x5vp_FwuUqP|`@9(9z{{wPO!lP6F9pl#T_Y zLFGG1^+w7+M{Xc@`*joRO){q6v2Yr7lK%~a5cO!Yx4r3ENXu11BYV$I^c7<9*{x(> z4h*<7w>9>#hxno7xJ#bu(|)0eKFjD_7k!otWtI%j`Zq^yrqy|T*~_=^?`s2f))v~4 zT#S+)%qFs`v)y5W&D*#o_iAw%2c*ntO)Z_(HGuEajYuzB%-=2zPDSL2@2InyxtbRV zG4af={@@_fKivXY=1G(wFVQM&f*Kg*2W?&wu6g2~>og0p)b_V`546PhVQKr5O7%`y?#~IChqfMb z$j?)j6!h_`^d}Z}ptEewh{%~i3}+7FQg{7azPbPoL=Awm@&EYhB0Kh4wsK%#Dc8WA zT%IoK-hM&PmAC3{ zTK~8Kva$g@S}-b7IrML;4fJ(}5+qw=2O-t5FC>hy-7Y_mo&&36yKm+f6VmUoQ+Q9+ zu6=jiM(R)=n0^&=S2Vfn;H~!CO0>OAHcV)`im@87bJO^qx*x&R1RwHrg1L2BSiX*` z1<^gv!}o%c3JB3U)egk-AltfYx^zRbiXdttE%=zeHnL~kg6%_9wB zn@s?_YmyinKT4iur|DcT&1pFOBsFeG!(vTOCSb*92p_wLOG1u>LrXeP2g-(~F-nD` zF_w~1Pk7dCd@;RYM@CCOr)G;XNQ${+)I-Z57m!IJ7ZCNh_wZ169l#uDe2#>hLCc{k zN6R_D3bx=yUGnj`kJ!kHWn5IJ@gMsM4@coNXF$xw512$K6-GL?f^pwBkN{B)ryeD- z+wbUYARU+=1>y~UPC^DlTE4psw6jx;YwxS+7RgXpPmV4_Vqu+>oD4GYn4@hncmSII7VY`l+!!z46H(<6Pb()Gvx?x&uC0lmi*U|ZG2lUhGFJdsA_|DlF*yIHp$M zaE&|mO>jn?`&7$f*+O^eYyC3-vaX-tg;fQ7CG)m!t*4C#pyt>sh?rlYz&Wz?lF)~o z=?YGSp2Wq=g8c%9KOXi34tS-+#qCc9BE<>@aFG9kGBukL3=kJtdADgcd725aji7q=1j_-V zIkG5b3l+Bt9kH*8y|6(OrqtrGqhDw#H?4CaP|Wq>L=Nf2KT(R)$VDrWJ{@j<|B)DE zfiU`@Gl6_jk@V)b;4 zM9${24jMKB1g zqHkbMIVzB4=oh#^z+&oQvPrwj<=Fsq#`Q48p5kI$1Yd0QmH=iVZ7js#{D$B8Yn&6Y*p(l+m8Q)bR;D+Of zmPmM-fx6>Jd$32Pk`M~b1rN8+$Rh+e0AkP<5f06T4xOw-Dgy$|rptmcfQUjjgqdJM zRpd5J;Sui^PYwn!%0Uj0)auvU6WOgEj^j!DIA?N5e?jo)1?n93hB=Ij%0cfJ2=s)y ziAwf{JA61mYLtHJ3qLHB4nMr1BMmzI=ws5Bj5gO*MV7%#Db8Ua+5NpA$iZ9)Hbg@^tg@XJ-yJM!3M8|9b@&#DBR2%_x; zH9o~q%Rz7=YFTjJ-(|IV&y7Fyd@XJ+PRLK6p2)9>wM)%q)nP&R-e&rsvO8nqL*b#b zq6-uAgEf-^0q18L&ZBEx`n{o~`fM^S*KnazWNlQ8-d zC-D<@dVBZ_50$adpf4!b>Sdl%uHP5ag2PF`0*7U3SWXb=i7M<_YXT#Z_L&-(M#BJi zBOTHDsSp(uZ->;DqAbX<&Gnj!hy71GL{2leXdNcel_CVzEO7&#Z-;*#N+NUrW}!R*q4>EVDWB!71YJzL*Ns z7X$2N1r$RS*|K=QR%aYC?;v3#87I1zD~jmGy9*&| z&eK{k80ROJkjw~meWfs}yHr{Eoh1dzr2>6B9(ocg!cUJAb}COJ*nJh4hC&|F8hWEU zabSuP@2Fa0snb4?3tML%W(@laH*5b3<>`pS~ zs&vi&+C#I{{?$XLU#{(HB1mN*p8RJI{c&}X{rjS?`&GFMXdqiyCr3(dEwhTbCluu? zw$5&m=qpvSWTNA+yGgQdt)HN}Hx13NF|i-}XSc>ag(@%4ySj@VxF&zB6iDbD&$}=E zpPAo@*k!M8`GuGT4M8q~W|vMl+fq0RfT?Grnfx=E>V06UZ{_j@G9T&83(hfCkMC2p z&Y#ow=TUX3i)x3h@>Kk-!nN}p6qw*oIoUbaGZ*zgQT(!yVM-zYgH(H%nU?PbY_DM#QByF z@^U)|pswLHs)$nz+YCj!gKQNnv?{BA+baGjw}xMu{LMIjaXxNR$Cj$ZLCN2muyFdY zamgaQdH4zoq?xg~$$o8zcB8Sab@=~Er?UB%a%&AzZaWVN#q&>te@nMk!v8MazJ&fm zx;<0|Nw-ZK;sf6JCIx}1?{CYYdv*CzE4`9w-#q&F+cxYzVoSN_m>s|Q&V{~d<2s*| zaqm<$mruDZ-%WxzH4}-HxBrDxi~W~&n`Q(zAu$RiPJluLD5^eN}~oyIV%Lb=Ql#gr!TewT!NUz#o;++T#gNO zCt)mBeeJyvVH%!wKsigoP^92kBw!_x#81(l_0X)#B9Wx749kGUN;TN%z#NP%#j1@5rnBNAF0b2dmwhjU{^6! z5C+_i@|r=or4B+e-q+UbeQJk7IPAlNq5w&^4b9AmdXjvKM~3$OEf#`XRlLu2N!TUH zA^COQM7gedtE;0Pbpt`hRgqqO)z`&cs3jk+W~;3NSR3a>>ujSK-& z4gQ4!#_II8mCkw;St5OcMPdammzB14*0K`y<9<&^SKGV$4bs_~G083*rKs4VDYRNG z_LCaPk>?|Pg@G&K2=Jjb80Sd{BlMJh&(xmgTykI7tY;2{n5UogvSi>t#kBjxSj46s}kw5Sk-dLcSJlvb;u>MqEwixHhbyW#F@h=QdiPaZlEa z7zolnke(e4)}!vpNI33UR0(0uq_1|NhG;^Z2(r*>S>bBx0c{_*mj`kwS75)Z@61objz{H`ufF^pWceG$s z3yT2%+=0#TJ?)fpQT2U2H&H)#O{e#@W zu6dfty|`$Xj4gi~lzMuO8fPw5CuD+Qn~GLgXa-$a2!gucTavvF^5^0L4dxA6-g9X) zy)54PP&4w0)h7pq&JpVa+cJ_(5?G@*FNwy_A3|&S-@B7`?X2y8)Ukhkr@*CEGx653 zE`NY6Y&OSh`-ClhI+eM!i2ZocnQw;tBE2%D2C0dA&i4=#{aBuVx}blz7O-dJ3F?V) zxNer_D!r#gKU7+dSk76i8<#gK_q98D%cPV4b_o|)RIap^`0sG)o|B5HPBExd8?c9# zfwWB^eATaDV()Wh4*Pv+VJSG}YPSD=r-oT2qE!novr-%OEb%{%OfvV276=Bmnl;UtRuieH1N=B5W6B=B|Gqh zYe_jUweptHiP{DFq*grlPPeOhg z>BipKxp;#|b!p1t3Z(*86}5R$w77f3PWKq-MSRVA&3d#aO&HiV$(cLE@Xn=-NRgK^ zS+w|EVY2Ks!mQ?pjCk|kqUDpe3_R5_`El9L{^P+fM_N;_BG++mbmd~g2 zp!`5+s5JlX4fqugBCAxiIEr^ATcs3?pK&RJMiT73m`IC;?w@&-MGi^WqqJk)M~Kxz z-{U`W;BBl!Hxrxx6~MIu{RP5|xo5qx^N?rZe!MueG~r?wJmt!&NF*)eqcjzX=(KLfiF4Y$C2v6XO{hyX$o}1-Q5yyJ8E+I0l_MUBJaci>~&ZE4GoJ zV8o!Dp0yu%BS}(?!5(Z@f}AeMBVN%tq>fo|PvGRHDcalsj ztruNrT>QEw1B|tsgKe=vU=d?w!_auts<>`~AE8?iz2oEatVH0(Mvw>Tqj2(&H(eXZ zaPm!uP_+EC{BqL|n}K3sx}GROCA7l71%F{=*_X}4Ay~6AP`H_CS;W}3O)|MG1T)o^ z2L=y3(XP6{QiIXhwpx-3D|!~LEY!$HG|YZnMCw2jfX9azYU)7JhH!^3K~{oUVP0z- zh64iE!C!<2J>opd#HBv01uTUek$QUm z@bqN(T6julYHDt3E_+y=Hc1HG_exu2)w@{`t<{~j*l8zKmbRz^jM3`0nK?n$fRQ~; z;hvuj-Yg)wjNbeT0WtY?<3eDgU~EWW+MhQn$HuT-(cT5d*i&Odi&n!wIaHzNr6O4YM6Gl30~Rz7uh1;jrcJYJ|gDgJGE9- z;k!2?Ex-fP~SXz8=#CiqCR-C~~pE@m6M;`0%H_s(E6^5^f(_kuR>M*&JFiunoJ{MEzo zD}N{xX}@F?gU$;ejp{1iBOq=u$|rc%VzM{cE;`R+Farga75v3k;R8ebn8UjNkD z^~5&FRF-)O@#^u2+$4K6aiqB@uPi4FT;&Q6Ww+>1 z`}$0kl^^&))gnN}w#6|q;c$}Y^!A22S_Qrsq+GUtQB8u^``X@!_lZ+5dd#NYSnmzZ z#N!K>h#Ix#M@re~FJ3EUFbEw6{vT$p`7{8Up~$qdrOZMve2;qM^NKI7^l=J&;%XXjpq($q)36cf-QN1eI%T`bialVs$#|Lix- zpLZ&dn4hlzhMfqn7ii6>_SC(_p>UF-Ex92r| z)cM=YpYlHvk$<>(f1UlMOpsnNPd7HC29XI79`1_}8hpg$ogW2SYLUb>f8)aI zF^kT+OR;+&SB$qZ-e&7nTL%AOj+$JIOh2V}^ZWT99p`UWIQ9R*3RC{Y3d>;PxUl|< z73K_j+WJ_s(4;+E2iuJ#Af5j;bOWB5Q9vUq49d0Sa;E?$}x?o zL;aC2@dyUxHkCxynX2~;D^bKJJ2;y#6LXCT} zkSKEZaRS0@P|Vxq8texgd*1vq%)4KF-i|9E%M26i8(ur&Vt+=Yr8%)p6f41JlX)RR z_Nvvvc`?R!1L}%rtiLdk$55pDqS2R|S94duD)L6MPF1U7F|vV2ZCBrf^H|qlL>iM) zbm=qk#zi|e8_t0ho@@UUij0MkQDmZ0q;`&W^22UqYR9bi!0{X!O;}-|{N!^iweUd! zultVQLwCI&c6#}UA^y2liOew{&3x}Oxa5i|gJ&ZGNXixH_)E$aS5H6X{v+io)eZl* zlpDQz0Q3@*=l>(+@{awxlnZt?@YBYh9wgw%A>+Ewq3`2HyXVyhDS``(U|67#vrR8@3tv>r=IizeJvT)A5m(2xGj>A)LIhLJ z#;Dz|#?C;r{je+Zwxpde+IGr)_6JVfQqW!?@s{_c0junbIMA~mVgvsNXN~lyYrk}@fuc&`gtR4id#{{w+DylY+*~i zU!uDaJi*s;-84O-uMy@^+^II|C}#yq)(o|c=hA>$5oV$dS4}{3>gyt)IkNMQv(eth z=7gVLGXtDh<}Cmjq_zUWp&iU3!K9|zB;c&kF~q}$;s%=2yT9YaVDNHm>sls%u21_2 z4D$s;Hz&FeiH5ejKX!jv?`*rn-rwX+^KPA7=O>!}rR5&}(gOd4i~vUx{z88|6(-z^ zFjYhFs21R&1N}_Wl@!*-{29Z^03>|0IsBIQ)GIiDnUs7BFq;2j|FpYX#)X50bCMI- ze;od~?DS)-#|M8)I`0In*r%2(j0ZdPUS`D$ za$lhh=x3(Y))3zKm~#bw=wpfc_Q9nZ5EZjvy0((>r;=rj5GNx0sHr!~R*qqn*rB~O4Q zw9Q48HQ<+Fe3->xr2>gZK#+Ju*!@R56916{{@i!~>9c;kK^+}O*bR40g}ey!D7H!z z1OCXG3fqSp&G8isW+#lS0aNG8Ll6^o9jR4c_1QP4&W*gOjlG!$4I_&Rwa|mO7C&yG zfERH&!`?%vo^LPkL>$%-u$(lP&JQ$~MM{_+$}SMK_g@>wP+)18w|o^g;c*65@Zib4 zSk0hKOr*m}FX?rW;^-*#$HJHHEXIGtpfsr#H}lR;&jo~{aCl-K3r~Osb--#T6j(+> zRtrdrLm+-8Bus+EG?Le{ad*iy0##HS0K$f26+g@f({Is5NBVKO?IL;f0dK;b(Xu}aVu$IBXi--x^@ z{?t9NEI_{Q_uRq)5B_%Qfc|4bkp^P^EV)t#9u`vI9|Q2<-E`Ij5;0^)@E<46xi&IXEUtcCi5 z#I6I+7TLNyCSW}^h4YJD%|u2xMk`Mm;cp$}$e!yPL(>fUIXcig{JtSM{2nBueDL-` zNuTs7F+#g9hC{y}8}D$}Dvg#PfKzI5E5(Mz z0yp>yZlIJ$0wE|L;g1UbTjS{gy@|lK2Jz*HX40Xfo1OSk^Ysq;zNOiqtrf$guZ5 zfTGA9sq7$wrRkosu(MzJ0kYgTaY6y20K4y}zwe=O@z;7jcEoC<8sDU*j{@-Hs$|Vs z2MvKu;xduSk&D1!lJb1&9YS_6aM752M)P=)Pe zvKzn_oVYWYZh!Y?@#B1LttFv*=k;76z&WWp2~)aA-%c;HyLM3itA6MAl9;b9ckAbc znK8_2GFNI$x?5HzMI(EfL68!oKr6b|19Pw>ZRpOqr(_eSxOpVa zT1p<3cbzrxGRcaW;X71xQ7`^HeJROKpk?!}>(5{KXIM6s;yRR#NNX6I_K^;2J;(Ms z9?Lje_S(kQ=(el`1D!3Mv}k@h7cvOTQSA5j?{K)QDeN=ahGJ5GwlH+8VQ<=LPdNM@ zdnamM&$?-#$4E;yBrvRdB>Zu(NIb!ISawRhbhR%=er-s7ughhLpsDIK^nKffTMewd zjmIWE&SP4o2u`P`_cdtTyyG?oI>+0xhGThcxa4=%SXm*YF3RXpWkm&SA)@866Bbv9 z(hKun_O{u6+}?UOVb8%QN4Pp=-#KU7 zN{|{-CEhyM(krs`zUxhcy#bVnPiKz@MdGGA5*OkcY|Ep%@I`-EYbD zd`M|U%ymq7YoFp7xtCQw(Q3VNnc_&rZl7vzl~bz;P(Vis45~yH=@ryanR1jqMJVK3 zM4Nm>{kRn|=KMhr!a?%ujs=qWA(C4}7>N;(UJTzMTQ`&z4wD0qzaI{>d4RHtx6h#P z2PBp_Q>-F}xe&Dpv$&{3;8-rLydqE>6Zy*+DAo zq5YnE-^@w3aF>;;qWj+Y7s0ZjH3O#^jBm2w1R)>{uInq_)BfkE*<3#Kxy9GVtm)+p zGwskkUQpc1o0C4pTl$glNfqb!vPDPXhnw}3r|%4hw7kA47}JE_^y)NQ2Z2=8nPtfe zl5`d)#ns38ara}e%#Pm20Hn~(;~4h$7E&7L4F0&koiojUbabiMO@x72fuyP&r?iXkn0GQm0H+sW`ja|SV2g4 zd!dM-*J9O&e5X;4q%~qk;YVf=x~gHpXQr1?&Dnf}b%}+_&wjPnK zC5>6DcO*ILmCY0L2th2Dw(+Z0Loie%PJ-aX_O94O=oUcEhy}|W6B#s#Rv)m*#4Qet z!&qr(qk5&^GNSF%3-urKkt%QmtfcSrzsNMhyO~5WgVJ?nehD;NR#)^r;o%56!l~$@ zA8=+_o!x>mgvVqCYzk?!pb2!?yMX3!a{wmpUxa=(S-Gg%fTUdrEshR1dBUj+c2n-@ z-2Bu#B(3Jg8@4y)JqP>B0}kTH)OhPKyY~vI>p3KfNcnk0yp418qk7~w*)v+DYwD{x zX+NOxo$#%!QI=QZCt4ZariPSI6nf?f~Uk79j^1+{p>A>4=L z=;&b+Ar8b_X4qti8}pRplG4jK-Q?MxnyM+gpY&Ci`obCd7714rxj|>zzkH<3U)Ls) z#d+a1y4~Q);4b}z(Nk#iifexQet^G``@%yWnK~e;LHU$gm9W|)x8_yF_(5Gb#tUC9 z#ClZ`qu7o8sW<&a;T%5YtA!4W(1L+wLYU`)&UWEKwPZSNd|xUm<^>~&Y*Y-BI;0ps zMAReB*sXR z@SzM_Ki(nC zu{Wcc-DYAGke{RPJ>u+J^u%<(Lmwx(6s@5AIh6ex(lNy8Kk_1y?|sweP@!rynv49{ z*uUxTjoo-W7{C)ul55?jWq<;>XkjBP6=L}OJU z>=UrVsSx2L`yF;9d2dP1G0W0KNYe=4d9U=|r?;cknUPMG?(8wz=q}TD7-rq%?kcqpK<5SAvcp!U|z3{hON3Y71DCyxJBxg0OU|M5jEZ@OMJ6I zTMwMbu&y+eJ3O{YdGt*rvVn#eP)XZtRB2GSQYb@|n!W`&J=KcL!Ez`h42C13{L()h zkwVq*M69KtIrQg2U?p>6(%a`0VxL5K!eA_*6yKFe+CV2ap`tq+%6^MB|uQ zpKoC?<8p?jDQ>N-(YqnND)>>}6QacyKM*u)qijErR&xvbZ7SSc*u&O)Dh91o@q|D8 z*l$nzU`xC})oEMa)thKqsdQoi<;Tj5?d_=7v<#mg@(Q>dy@N3)%uxn-mut!{k4Z?km^X-0hp~B#5U;h`GWK^_!Qn7_e z4g^@9Soj=}$PeaC`efw#wYNvgu`2}F85T7CnOzHvKqI~+a+Ppc0IVGs9^5&q#yfOf zHjfyfyg<1LeH|)zfXm}f%CXB2I|v)DpbJeVNJmB1BbF%o!N- z!k0ND>?Pw`~ACLJX~)YS-*1UJls;Efa8FnhZ32Q}sj;;{qhd^{t1 zDkLpzd~O_l%Miuc?8F^6>ZIJS=*q6f33T)^25N;;tNx`3uZZSq3Cyp2(L0#tw+q@j z(*o(K-S3x-kS|>H%n;YKT5nz$S2xuHxT*Y$vba^w)rZ%B!>r~}ev|q-Eb%LoyxRE$ z{eWM)nuoZ@7lwIAyL=93jQUGUaBJr7TFbGnK;gSCnE-r&Y~T8%=?~5_}@fV{vv0PGosv#rI|<@WPaR1v&)+*fK2fQs(|nz}Bu9wLHGC)i#nE z?K((mr8*XQMPS)3Z8kb!PWTA<6+6=RV~NUA@v1cW>6fNANmlkx>rzUrxVXE_(oyf+ zJ`CgB3>`hBInNnTJM8*|oMR$8@X4eu>=p3l&CI8J%rz`FN~+*RcdjATSZq>03MyK@ zM)AyY%-L+3jB=RK^W^$jr*Sh)ESP!#BiVBy&HM26_)C}A7wYV;OE-K&ZRrTc^R}WO zmS2gx$q1AIVh=8sInJ42={B?uD|Z+>orDwxHSn?~>veu94w_iA?56-gKq74x92bB4 zO`oz|Ao3>QR1%`Q6<16DHeT~Jp|>#brcA4eeD#JykUUDJLymAE2EUG;6XUG?~R%C0%9q>-KrxUM|ZVjgcc zd(*BY+;{mcb9Hz$Jx0Bn;BltshWAu?Epdu*3y}?gFV&Ho-!OIXH2HQYQ$c-4Nb}2| z!m2}H?s+LuD6x!?+Rqe!QTiaRda;MKBvx*h%W-D`>m~kM#J-Ev&N0QV1gPVIiqyTL zV~QUUi)_XSF|}c1Pg1rWyeH@2B2|A%&|lQUYlHz3C4T45Be(ZA@Ad7Wba}EntfkD- zbXD$7I{Kk=*8%WS@`r`Oj56mf?%DMgz}QS%TcmU`KHiCV%Eh1;=XInGx_;+sBC_4Q z{_^2KE)l?mJOb16!A9q?c++dq zklpL*+y*YjN64|`) z2v04awmYqlXB(*STB#*itZP0+?$U+FUi<3Ej@H%p?nxR(2 z8ihT_L0I*`SJpj6y{dpznJj^K$^V^cGhbbZVi0teNG6gZnhf{dP*vopLj=w#v2DN@s35p+1t0cj-^ZLG z)QAUG;YjRTH;LjF&LfExkSkeG($4@@GXlyooEWBfD79bRk4FkDI*ryh(D4lx;G^j& zndlWXi$0fyKdSXymyX3G7rQjP^(&Q?&`-Ik<{U_JcPe=vLQUC<^Jzto`v--?FRVu5 zG+;%fbyZ~BC#4q5>k4SMM~}PUr5rNNk7=oPKv^EpCJM(l_$q>CYrrQ2gEu*&5+AD5 z@V_O^+Gg$_l2pX0-6%Rzf*$KE4&ugyQWY*X-zo;PB1`U-C{woK8@BrxC1vLtrH$$eC1#d4io`;# zi(AM5e0egq^8o0u7f3((8PkfV#tCHGX`esM&(14@CB_|uQT=zDPi)C88HCpz}s0)>{FRTThLfQm*6E20~={88^+THDOMs) zn}xg5TF88V*Cu%^&%<~f0Dhrd&(TJ zv2!J&%Gh<)y`|?~qpfF2v%@Ltw@sQ4T!oqBGHgLt{IQ}k5F_$Uvu@M>?vUg?^(>VI zKg$jyS|GfHYXE#{FrF+A)k5dRbOklhRU>!+GuAf)sG0*_CmJ{=p0#(SU~oN>$Y=t^ z&~PYdL}YFLUduU{{{7%VKL&#!4BJ3kZ99g*(-%Qv>H2G{p`fiYDnx210nfqN5M0#$mSPYRS5x!F25~Ubt1DEwvxQ4@4 zIb*{UL;lp=_vnAs-Jt-yYDtekiCrM=5al$HOLAr1lxg|hSJAYl`BRG~wMkJVoQcxt z;e~012YSvvEcxEV;=Tl|XOqxELhAVNfuJPToUwi7fKpQwcJw)Fv!i~N!00GM<|Yx^ zV|go>J}Ec*T%{-GRrYLr{spmg()jpW*q!Klc@-|h=*X!4VyR|f^$7UyM67#+1?W%O z(V9iIgVAboUdadDeKKN{7E6K}+OB)ux%otlQm83(=@j}bX_LCofm%4&@Od1Ei3*3c z8UwJaJ`-!*-QQcPQ8xN0WBw0gXBicTqNH2godChz9fG^NySoKfvaZeFs%+_bJ(R^ePzT~@_dl@b4SrfX|LDD+Tq#+SgF zSA#Wzvd%lbK){E9iyjoHg=AdOQ4XFPnZnwRql{EW>%Bd{(qR|Ri(4=YGgDMB+n3dv z+sy#__Sa~r7F##c_- z@!lwx^7UhzZLf2vU*CD7Uxf)LgUS*)2r^axLQIsH0~Z(O5_c_+HhH}4(tQwG40Lw8BcSeeb5#@EI^GjDLV!YLq;nKQTqAdBkiqp;#`RnOc5 z!w_SLQ9#$@C)8r(=d$(g$$cWHAR>S zlTok}+Q1aXKo)fu;Nf9()G591sP=cC(eaCD2br|p@Vn#D9qloX*wGManGUqO74M@^0;*w|PLO@`E3*|Bw8bCx88e zAM5U;>@A=W{%TOmE*2i`Q_zKVM+LxR#1jBKhDP4DLDUKAoyP98FCs5!$1S_O55<{` z$`E#csG9{jCg!%wThR_(Fgz6wyh7Aqd}7yyE!USU&}R}J+FkO(!9M&F41RRCaV@|2 z4GfGy29L)>&>5$9fN@$+`3wP~WX|~g_Qkb+d-^#NZf;A?6{K%v;(+ixPJyK21=hel zD}^$V#5uu+s2-`&trD(efTu~du;NNQUs5%4k$+r;O2{BTjxUxz>a?6WtM2?qGKPk4 zk+(#6+R?7LZz3GXU-Z}k9l1&!K#$u2^w{xW+$&c~4Q+PqOh8Dlw<@Io88o71{4+AV z$W~k5`dO6&eIJOV*Jojc()scy7kS#18{mbuz$4oT?O~{lf&1xQ z{{(&+vxIy|QUH0OD&!S@Xmq%*={pWfTnsDK%PDbs0gSZgjY`x&U6W~-+_RUtg=BrLikEUF&s-nsN&7`PORHDUFRaDDJdgKX~}dKr^xolfB1WS+E0Nl=!N@ zH@#L~d^J5+@vJu;_$OSA=>&a^sUHh5@v5aI1dslUfxae#>8B`6M6!z zD)%W#r7=?PneOe-gyHA!9Yk;X(_$b;BnTVrNkKlf8_&~J}+d%W^FczSV%s^jJB!RvH&BI^-HC9l0=iG%Y zZ`QQ445*#~1FZwKNl+{X+uY#F^4mlN`K<|K5U}yvFkR=1*-*P8T2eD7J=P>qR_&=H zUvm%`Lz5C1^N$2u)H(BXvTGdMGu6@cZEK71ARj4;qA>{ zZm?sNvZ>HSNqwN14PO@44rIJby-W!Ok6KQqg%+jsVC$p&MH^g@VvawA&y2IqFe){V zm>GE`T||oVhNCDW#=8kU2sNi+1Gs>OzS{>|i9|Qq_Bhc&%M>-tX&R>UO*@c?>Xv*? zSN9}LHsQ@wygbvx*g8g)T6VJ|`)FuKWXe3EZL)@T`>g1p=`7;BDcIHe>a2*g2;G8D z^iSb2{Hys_S3zpth@-1zZHoo2{oDYpO~XL5&dmD1mmRlO9o=o}u}*1w-tXsV9zv!{ zhk2ZBsS{9dq2WQyrXtMg4;?2fRSSns*r1Dzlbm-oEbJEuoR!09!QkcF^EeEE%C*1?q7(X@R)D29PFi7v8PmQLtX5Hwa~mVQtiMrx1@ z9FzXU}!qb$X`Qi^uLDI>NpCpW)~!$$Zsg)wB&l;;ruqoM%-62 ziuS^qX~LfqL_Gy~I%{ur$(VZcAK|=(N2^jXX;m`iFE}L8V3gbKiY8fl z_rgMUSGu7rB$YkSe%&@^V@8$(st!y-g(sR1zKQe?z9~7)@xNCcTiS9^&orBIdRI&- z1l5Xyv+96aqre1v%WGIN#Hgql>B|$g4&=E_8O`9*6Mq(t%9um}Cpo$& zei@#KNTwwhN$=}f!)?}{>X5kh&Y7;jXugp~?cDDSkya|Qym2pWKs7-U5!gmPnsgC3 za?GD;bo|OA1iwn=yK-hWl1xfHQac_20{M>HnW|63Ile70=6;e3dI}i1uSWrH6alyG z5A~L>9cuVlRYZguOMVQ!C3aSGKZf2j;T6Qo3A(n3+{6k?`lGAv=d1EIt6!8;qtjKf z;_C+^r(nE16Uxg5rGS#%@nM=U!+D&yic(>1()j5|pC;H0S!kGu;+?(;i+q-BaRJJh!H; za8=pemU4v7o?D(zsUP3CONw|69SLv@=8iB!MZ_1;UtjIfJ#>!>Gv9R$RGQ8Sw07Xm?HG(IN+eqni7GI3}L*ElX8QwXAgt64N&o$K87CB^SkdG%>WIRqxq zr@bGL6ZgIOszFL$;RrrsipA%HEO|Y|Tb@q6->dB^yq&4--o5jVMOJi*2?HaNGq)+e z-|a1KQRY$BJFJ+^O_REcDX?eUk-Md4nx?6 zb>I%nsdXmLZ#Kwzhn8hBT8|234m5pz(o2K_WIlLu4rI-r%&E6?LO~ag@#7_`dY+NM z(acB`5N!W}H>u4%y_q;JwBeWO#uX)>6;wYPnxge}KqN_2+o}{fMFq>gwNSL9Y&KL4 z@NBaR*40@u)>WG%v94_?@}`Q#fNO@0@cDevTxjM4!qXlnD;csm9*TKFt8AuLj7Z^y z)i=#mc+nhtsUPx00~OKN^ehw=MuhUhXO`PHZb-paH6+$WQg^OP_8PQISXH*;0p5LK zd8;}$FUXL=VVv)iE$^mv--*(*Y1E1c;7YvNar041SLwe|vRfP_qbQAaZ9zj+R`bNxKEPYCwQUvffWH(-9Ma#$x*@8oFp6dJ8`ap@$EQ z6e09RDCEpNVuxMJ5^gLx>Qq?qMfm;@Vq+uObrjXI7gaj5-XHXTZ5r|6e0n6)U`Tyj zge8=qPQ-*&WN-0?P|mQu#`1$~o(hz7bK&NG*ddP2M1~-20VsMw`@<7{1Yq~yAd`~Q zcDH-25J^$J4=ej!k^Nr5jPHkiBs11*mTcQZ?x>-7xA@VPU+r^d2|T@UT4;cfdD7is zPHIw5-_C91Zc86$;U{T`S;XKfWr6bt@ogrL(lux*ZVKn3pYh*@2~l& zX^z<~twK1@{;i#i#cX#huCbo;7l<{}&|hrb{NJ6Mz+C&^sZJiobaIWb271nNQ%D_) z)MBp-`o4-iCd%_AU4;|x|6He~9yh-{1^=G!lCyrDd1DV|cR)R9R7H}6g z^jx@D{1{kEBzDs06o|nio1;8C_sp9DUc|*-q_jSJCOy`+i3Hn6y*)Kx%AW1(G9yB4 zxmaqEvryR-?>JU9l-negCE}(aY&N_WP=Dy0O-n&Zc`$5~gC0Gv^Ikci?w07s0SoE8 z7&XWubu^rsJXZcO!X!Hajpk3!5k-Y4C0no+oB7Q_Qpg7><7?3811BjH`A1m5AUQ2X zeYZg|>g(_8R+`w9edp2AW_y$}-L8~O?e`L<&KG(|he~b+*uBC>eTU;l1bdb5M}>~x z%7=WKsV2(BT~ma#7iJ7O(rk3oI{e-&ibI^RtR(Q#Gi^eOhp0koN%Um=Z5D@z`Va=l z>;yNeGq?y;4{p1o3R*`k=T>}wl;YoQS8JsDyD-hUqa`8wFKFy1aX2~D5p#p8T7FaE z18<6t&PyJOR831DZ@=5`PVAWUvYnQp@aPd) znl!5Cct17DsKXqCeAu;kq<(K9?prI{Eg*l^ias>naDOVi=!yyZ=H~dm=9Ds*y=TV8 z6T6$Oti8cKci>=vufqK<;fyDk1e&9)?CA}X7;a-E#;?NJD8UD87fdovM5p&WPloJT zy;2TgfVAbm=Y-1M7KSk|yG?U?GtojaF50O_&gNe{?t{0M*oY8qEh(YML;ahba%N>a zl}wqThvd3o?#<=u1S8e~j-V#uCqfJ7gv6fhaEbox6S z1GN5ZR}aaOA!O!2l~Aw5vML)8DUhT_@2)5WP-6I^=wuns9u3G37_9_Ba1*{+sKn=) zK+CQ~akd!#6NK-NF7?Wml)gsZ#$5Du-)y@OehY9NoJ`yP;PRz~^k6icq{Bsgx(?c< zBGD;WjRfuds;Vlq;!b&)w;6}g=|Hmp)y3b$CVLwjb(7k0NX`G=L3f$Ec%Q3xpv-2M zl@eF^i?fJQ0z%?16UaSM#z)F5mh^BxJ7r=t@O8xit`m##> zU*`tkT;svduiz8-d2-=BJ_Pp?$R1#Ua$}62Ga9@UPq~)T!G`npKIvO(7C>kzNy0Xf z)v)+iO7M5G@lx8^;ihIXeP!SX^HQ27%_h=!)g%CGPdEf=SAu3-%91Q`UC&ZElie{3 zT-MK>-bjbP^-?}JWLxUXP1R=uY6oubvFVZYUk5sckXpR+R_?I_`W6_81qX?uhgO3N z1>NgH(AMK3F9_EZh;ppsYNoQKOa2!#?7Yb=_O0(=+vHi9|l*yNhZ9cBw~ zDZ^rQI=sl*i_94YWCbXDtEUaKKHffZvZZX< z5qYqDG-x?_%+rHHW~>T^Fk}S)|HVoZZsIQ(kB*l=|J681 zX>6iwKsG+Wcf!u89}Gpo&F;f~(WbggoM53Oq9R43{8kbEFC5Q0IXZO&MaemnMw*L7 z#TfrakjeNHaKSlJ!Je_@ODXyY6(eC5v8k8P7el=WxK___`Zx6;tPiIoFD z1p7F^%yI9x@Lgg&#}0Vl=)@pBnaLv`3t563S&f>a4D0swH(T2->vAzR2B}@dja%<8 z?yjhCl26ow@O9*I&i*pf55uRGg#m=2hlt6RAdrdycbgk}pj5tfaS|3W+ zDeSjST5zdd4^rMZ|NRq>DQIftjoE@2rre)~@fLI;sQ!#d9SOl!Ah!0p3O$HPcjeSU zUZAAuHdx8>rcdI@DOQqNI3r#X)^%SCDj0Lb^;vadLa1xe5^S5?(S(CB)hh3gzrC>q zdZVaO#*Ta9bN6+}Lcbw61H=%RY{mgji==3vZ@gx(IU_k$)9p~;-)Q_R*8hjbuVwvv zTilHMhsM82G>P0+dyRtuX#CozLvZ3JQqYmZ+ivFOctbSieO?P~Jw3Keo8mJkEE!0) zsneo`8qUBf&kcvuXciiP(S31kCl;@1hn5ZDYf!%?gSXWR-Wb( z7TI$=+m=L>zvtU7LHYJ~MuRc~r)BA9Zt)QB4TdTo1!j|I-=2ntW5zl>5A} zY&!lD(snT*9Gwu;gT2E(nl?U>cEZ#w@9>`}z6s}lLGfXKp?D%ckHr5QiuX|eCyEc) z`atmrK}S9eA1Gdy;-4s<^d@wy@*gO^{R73f>iv!4&olo6#V`DiC?0pzpFgV(f0oO=!iY0oSXn1@q%tiIrUQn)pReAbNXra_jems9FOcc1FRPdS^k!! zN09*@CWas`UqbDQxraZ>4?0urhw?)pwq_I|&AAfurObHH4ZcCUkm(Z;)+6X+`cN0= z9OcQRRdDQYy%pDj)HL4cJ28pk8;rt1^mYO>=%&LLJf-u;@x31z)x+L-)U%%;3{?n!;8K0LMFaG)>;ZkBkO4U53(D=})VIZm0$ zE##aA-w@b#i-ynAX8*}SH_TQVn6U!4D$(sc>BIbMhmc0bMULsVeOZ5n~doln;JIt8TnXxja(Xk#wN=#qQe z?BQW481ccou?SksC}I*`6*DX!LgzhWQZ&`^7~>aB*n(L?67oR6esoH#5Dejd4BM~y z%L#{wv}3Q)1^&Dy7zH~^M20FX`plufM-c462hwLj48aFHE#nLR7*_doo!v0t~Lqb;Gh0lb>3X0oMy18ogN;NI?Rr2vs7@N}9 zh;K%qk#axNs-cNfi?|znv;PFGnIklFRcIdPZolWi>-r>E@H49Ts|E=~abhRamGvg& zuaQYT2vj{uSTbIQE9?1z;*mvfby-R{-RC95{ERp3Q@t69g%6EZd*=AcQXl5{nYGVN zX`wR{K7>7-O=Ufp`LmJhkCk&Cy;DwB0ERI~r@l$rA9OX|UF$i-n~>MONdbIx57xloH5nUtn+OZ1Iy5fH4;zwwW=LCnzFrP&ErMlRHtg zAue(h!E489;7xwnyYj=@(nZM>>pTX9zZ#V?E_G=L9VahBj;hL6K#C=8{mGv@L*O?A zYg3Lx!jY@QJ|G?tTap=Q`Mp>~O6RIViFASue%JW0)PW0avGW;)Wvo=gpy79V#Cenjj4WerNW6cnlLW^|sKe+&ga)((ml9>?b=H_G?7^mSd z>$=)U!IaJ-8C9w0$QKT-;*;;*s%_e{aER%BnN4L6+;1%qI?GcTg@}?V>A%_7)Ukm7 z&IO>u%@~gn-z@SQ$M{^$T#+@{Tdr7~U^m(G6<#0lPjq{tN1A6M+we9gb~wwaMsuYR z8s;%eGi--lubqep_!ObFAJ=uSv*J^iK??-=P7{g3tP!QtIu%-1)N=>>=E@=SjD9IO zp}Ao@k{xTJMFDIlBFvL?DBQR1$GhV1f8BSt(55d6(c(BdfA_dz1&l$i0*wMeJ=&mU*f7Vu$_(C+H1||z0K&LWAZLe-hsQ*LAx$;MDXOP5`ks%vN0K z)#voJHQ8~H`AZ~a-$VMEX%#Y5+73BG*U~icIb+6cR?pMh(3*;IObEMM5?ET(%vov_ z)y0y%I8q`B0oZQ%A;_*IB_kMVlHx_1PUqGhX09uGSg(;aU{mnwy*d}D6oz^m z;1w52Nw&%*SMe~-;>32V^dKT%h`IT7#yp%?v3#w`Q+tu^zf_k>;rY?_&o%REWk zP5@dhGzMC|SpjY$_B(@|$yG6Ee^~ZI{qXf=l?yk(GDj$Y$w6eb^T0As4L;YbR^1fd%_i&dcxh${Lql~2LlhM%hc_E(OF%EdlXMoi*kQ9 z+I++mWAs&PSNZ4x;2pCLg|-cZ7qMu=iVd@%?}|}p-FwYN=ujJZWrOO(xOrgQWPu;+ zxjAh|1tS4sO=;02ca*GuNBCLqXGc471Lr8pG;&ZHk$ZsmE?uGyOEMPr$9uoUoU4<~ z)kIeb+7tAbkF25c)tz(>#?U1Ep4&|J8!+iJ6o0n#3m&*4{7XE;Ek{4)MmBsF=NSMy_( zXv&cZJNWf#@eY^a;&Vronq?iwP7aqgNk~5oy#_M~SbJ&cY;M3Wn<(6Pd|5hoxa*A{ zMjKL`k7yW;?Hkpr0OI>P#~<+>r!zcBGM^TO`H?8VB?s*IF0tsur< zL!!c!4?AVs&Hm?l<={?{^MDL$bIT0MCVH=UK6S@xL-MBP7=`b*2}PriDbX~#13Pvb ztY#&nk*JB$VZ&sW>f&*W>SC>C)Sdft+nfdbWLy75x%3!pdp*BT$dLkGJ>{~ z=QEmixtg%>QDN%xVi>IG6EIywfR56hwvUUt1zqY_ZN98lelsB~pE>)|_Qyfd7u6*rlCke6xUAXb^r0yrHtx^O!@FZb zALB#Z%bUx8yWL|!pvdc`%R2#nDq;XQC|bKDX+xbJJPy1IqPk4qbrM)8v4Vu#ASJAk zo_@DdSpX_utL8| zzhAUmo{X68426k}KZZi;=XhV>$P+G64XlLO;62EfBQ8_aZ8#o}r$%mU|A(QF=Hfqw zLal4=A48#E9E0*D_c*O?he$jK3v`*Kj%P9><2x;P^n&Rq3%Z^h-ci&PjY;WD?L3m% zzu@D92G%Shy|2eb4&}0-h6CN&eHH31>0j7go= z>@LG-^<6beLW>IK-?L91hxy*uy|8O|ZBT)^Y#zJPa^f+Z$_MAjk1~KmIIaAN5g#=$ zw(ds_T&VP?27Zr4%a7S@tbr*K?jRL1=8pa`TnUPKtjrm?<9cCp8 zu-?CZhx$(gWy%SpuYN)h>3-xA3GX%dvTl<4lVp6G#6j#)ux5v9k=-y)Q(d9a+rJqo z_aKok{$7M8dRa$_&R?4}M?4tM1QaKv@x`9=3r-#*W(^~BVi`s4fuDGaG66FoYz{T> z!>&=MWC|MOSD&EwRQH)W#zuhhju6}`CI}wvJs>r4CLNjG`Z85+=knZ9Wn^*@2fypC^&HPR0xeUIJTC~MS zr+c4L{k}fKjJ>jh6wO-DLHa;M8akp+`YC)0V%ERAf=dmP z18G83)>T8R=Hku{Bi%NDgHhp=Tn}yZQ{YhrUw$h{P?%t89d9qRvl7vh#~%F7+q}fk zUW&(4C$HUFj4lon26^6&QiB{%=B)25z#+}QzoEZPu{fMv%ZmwLc~v?FUAXo2bl~ff z6LT($_~}juD0llA=^_?gqU{xMtLv9Wti!ipLRvyCfuSIfq($J6q_u$q^~;DafdWQh zLBLkUpzfYXx2l;udi4Cdlgp`gsyS{Y<$CuH%TpI@#Y#?~%ZS_9-rre(-LEYBMHm0mlyU>1kAINVq+pF@*aBJn+e{ zWX`fb^a*7c&%gJu*r@b&)ne+vs$Db`?H;cHm5Y zc0k+b2-|HyfLvx6;MtGIQgM9NAk?$QLL|BlvdaTvmuKSdX2}${emh{n(IA7b}8$g|5bo{m-kEPezCDeI z_^itcAzNUtY9I6 zeBINYlQ!eTq++{}EmNh6+;lB*)t8MF^N~49m-ipNikQE3MdW~ywx%XHVF#7CFTZ`C z6^>ubgNHx2ike++4+K{G6p!#g&=9su57(A6eVmi-C}Lq7_N5ORcV7 z@_Cd>W3EQFCArGg4>z{G(drOj{S-4x1g1Gv*~<N9&LkT}LEyJYR{NX0ej1#yr&=u+XCq|!x)8F#!K-RV)aj#DZfTo2m9b3leH`KX zYuwLCYOYB2@^*H2c8{Y0QtV9*mgZ`6)gLl6=>we097oRgg%D3pkBU%E45eypr3ahg zkgCG~ktOSv!hH<0awldK-Zu4w#`xzK6te~@vD6_{aQ5EXBhPGTF{tcRJm+)pe6(dA zJ{YgZ#(|q+{a}^P$Mv{G7>HTR1zvOI;?(=h_VB0d_KzQ_LdWi8MavFk+4{M8QtDt~ zJ;t}x?Za=pMn2jdr+$}q~xp}`IIzNeVi=L zx`pzZVlF5g=6V&uv>BGk9I1Si!ZSrqbCfinR4Xr`;(CDp^N?3fy&)6N!HqbO9Q<2? zvjt^;Ays*#LD-fd&Zqa(&Tom1%*bk`uI2zyc}}9YUGZ;G*{ytU%PdM-S~Z)6&p6f% z^@fb1+zOJp*dcM)y4M`29^Q1d$ZVC2Ow<1W(Y=gv!V&f-Z|b*<)NcSpNm0X~)pBGC zuCa&LyA6hrw13TGd+E3DOQ99_FHTkD89s;4pj#~eU6EPqIW_+?h&VEB z`X$KK+EpR=-MW>&l%E zAuy8}!Mh%Zq^R>P9U9U_NpKxMkCCqYx48z$yPAdGEQ975Ty3^?(D5@?>*7`OM%r>6 znrp`4%YQAJ$OA|_TPw%^?h4a?UQl9&j6TU9!Q}K;a%Db|{j+Bxdlr~DLOj;1;O&^* zG$i>aphhF|_-3M!r3yPUWmDYGTM6+lTLsXPt%(1^ldAo7u?tp9l|yPHZ7~Q05xIYR zJE=5f|E$s8m?+-4Vq3ClpQ-#wBdg#I~tdX0Aok)U&c;U zv81o`kZ$C+4X^}0g-n7rv6w$_l88IH zvzThIHW%sFiIk)e`R*xy)P? zz0~;{`3l0)&tfs(8N|eU_ZX)2oQw!Q=g20!&fRSO_$GA0%p@Jiw*d|H%w)oI9v4S+ z`UGoWnbrKq4ED+Mfuz-?7J{*lq0KtFa!3hP+Nn_x?yDb}wTQ zolG|{O90Y{IA<~O3R{1N5sBkXj_y;h7Xe|!3+=N*)E};ZFrvQD%+}_G*h5Sj2JM9< zx&;hz{u0{sbWhC*sbPq%k#HhiuPXeedDj@*G^}`nN6E_*=mKXrXMf#5Z7!M$vOgzsxzmkdn3AUHv)TQ`F5>yLI<=PCsb z;ufdGR~`XHgi{+7HBmq&&8)l037yje6_zvjf%6&mEdqF(Do?anY~ZdHrEj9i-k1N= z3ve&Wi<9bTYek#bL~-mELbq9^h}{;o`k*G38(;d{GYu>vke zfl2Yqy>Owx#itBM*uo1wpgpJu{r9x3Rj6H-)EpWbW7_S`_sM>~`r2Qw!5hp$l~fQm z158YI#FLhr0oaTQJ|TzKntk(;4j8-x)4AsGkcLFY zg{^5nWhzI;XNDWJUf%cYrk2F%yL$#t4E*i$cIM7Pc z0ls&y?VoHMkq&*fC7p;0g4BOEFztD&?j^iER-(GOSk-lgv!Iy@bz@gEk?Jtpoyn@; z8crKmbhHSvN)AEsXcvc*#YLPb%`YSXDn_t71}csgk+eHjC*eRUjy_)9#Cv5tpBgEH z(Aq2y4thiEn7W$-Hk4_`dy{NG@M~OmzYC8+3`jzD+*J=u!EeHcykM}~LqZN94gpX> zvFP~v(`yv5GnX0xK7>O#yWQAne{9GW`_mZg5SaNu?2rzE7JENzu{fADb`p#hdvV>< znsxTOweLjtAxp6NXb%Dax^Wx0RCo1D_9wDk(9-@BNHmgEVr(FHaR|;{Y@k;#j6&4T-Ly?S<>* z(<-#ht^Hct*eu4?n3RN89K^N0uXk=X{BjJ7Xc<8xrRQs&s-D80#N@5lylVt#8d=*M zE?JiCjO>;gfrfFQa=KlrZx?a~w+1MjRiiJHh3?(;Qfcq2HjOJfo|NxwkFD^J-50y@ zd+)k91|!e#?%jkJ&9&^51e6=o#{t9x?ouW-wX>PZ4q7~nr&xjYzq6^I(+rr_5o z$DvPGu{8Awou76x&cybeB&<&E0xTkY?8o`8U6t+doJY;YcX*?wU~YzGsz5R5{jWsQ z={uH`sQJzpZ3^5Veh3VMvq|Qr7>n!+#AX0a&8rSc7y8fSy=!CLYmXi# z4{}8Ok=1I$B8RQheiug$tG(hDa?{zJP{C&WL`;$GFHqU%&w4N?yVQN0+bhaE^|kv{ zR@&0vStheKt}CJdSFXxkHm{_?9L`z4|Esf*pnc$q|5Z9l{xlxR3YpD>aIsE91;w)R zS{8j&g-P_H#VF65bQ+OK}s728`-}qZE z(f#)cMkBs=|HQLeA>~oNr)~1tHQgZ0u2{A+4FrZI`sI`z#8ZDKz5t)u&#F$|fwC4t z3%M0ZxLDM|RaNW^AJ@i5-fe7=Eiet=iQbipaYs5a(UcP}KJ&p!+`f#C?WhHtjP0nf z>?o_TG-gwH!2`mlCR%_+AcnctZ4*)s=eVVs84r2HN`kk<3L@ho8haKJ1Es137I+3_ z#v9j5v*2u(b>K?pW2G)O+VIV&&KaC#%7g?5bC182Iih|C;QkK4X$-&~55$rR#4Lv- z#dCG77^46(4bEua_V=SU7b{y0+akIchD<>j9s~EK;r1Z1q8jV=}{O{NZ{7% zxhKlM7$9f*|AS#|z?x;DWt%xDEvZEG^(>C)U9S+0qH9o|rZ#L>8d6{jTi`(k1IGZD+~Kt)blg^Cz#% zt6lhU>H>VNc|!J{2JTPzJ_B)-P8FC>w)i zm4avXjMd;1Xedk!YJROBHjfwlet1?oHNfUkHTG;0K4qwT-I^nTI>l5Z&tmRH98Mr7 zJRrJVzh_iH5J`i%XO|1$PTlt(*rjOo`n^R;nF5O?&w?lRD^HV@Kun}@5t)OkEh>0V zIXrJh7D(Hn=p}$wYGBV&Y$i0deZ^h}NiqR_9-$EVuJx(p!8@V=7$e0SzJL%ukRd&h zWT943EdeD8x6f3*_aTp+Rg2GDbVkW!*hok`(oj`UTsqFM8x@_~EvR5pT^^VSnhTl% zMZchL$}bLx_zYGwpwk&hA_O$Pj>m>y!Y{rqU>F`2h!m|FGMha|!9Z>n-K1_MW&-%v z#?4kNJ?X3r?zDPv<+93gO!e1+HiSn`UYQfOy%Tx-2B|KD*PmY3iw+qW{l89UuQKSv zmMHyaMB09|`~aK~CQZ#s0oi=SeVn8oR)pV#HTK-)tgZ)_d`R+1p%oa(~G3*`b^j z72yT}oQ$sfw3?X9un)S=^a()s`%t0K$OS3M>{HV~9fMgY0kI4?r>p5SnMA(;=p!O) zv_N#B>ubt<#>V>KVG0&Z%_Z@%H@?iqI#^)*o1{VDsf4kH{tfdRqo-x5_6T~cWR}FomcwwI zjhnx>95$d1C6AMUGoLp~&!PyoC-7p|{aTx}X2p(^EvsFtaT{ClmYY4o={1)S*ffbRfAGv+h&`A$D6)BDlk>*9%2uqOw8VPutcZmv87(v`tz= zuGp3?NeIm<*zyr)WChnQ)y-gWgkC@IvL&z;)ZvZY&+tohGp#-P1MJ*j10s`L8wnDx zW=&H9VFVis=`%GmFl1+o1C=!iR}z&qTbMWDX(#y4TWaczSodtGMUi}%)RIvHN6G$L z^#jk#VB208K398gR!#ODLR71zn-X0gg?6|`#88r^15V4U-6E_s*sSSKgKbat+O(E3 z&m~2QQr4)x))3udv4hSQ#Jpe*H3fI_Z@YdR`M!K?akK(AYhQmKbM;lgeeG#x>ChMM zdbuxqoK0n1w9Q{-Z^v_K5A?To<+L$cYRLF;Vvz6s^ElI)D^Q?zWY{Yq{W)&^yVs*3 z5l+kD-Cg->3laI}NPFWagDp}6VcqWUHm*ja%qmJC|W;T`fC<~PA)5)zVl6B%V5~~ zMO|EM#gcK;3jaThA8z&{eXY|LiO<7)(%|1FU#`oAP{js8yLI%c+Y-T$8wxx_mE z)PU;W{v>iIOD|vm8c^vX#6LBlk3??KKQtikKZ)G1{J#>pBmb!ZZTycK5V6LejgGqe zOnd)T13EhSuNqLBM~wJXCgf<_J7Dq87b~NWWK6+-CSyYXm5i|{n<+kr9naUmMtRMm z+&-K^6(s(S3s~ZKJn`Q&phsE$hZJ|`K^`XMAU$6~ugV+F;P?WYSq0;=T=eRs+{l*U zpQ%nS|F-#uVxJk%YLiC&X|;QosfbQy8rc5PY8(8c)h4M62DI7^OMq7U(#xOD>9~wH zt=+|<1bgXs{FhiuWEM=~JbkFOn--}nm2*lRpk+9(c!^lyZDAx|qVSc{Lp3!oeCK0| zWx_loY2um(=87Y;xI75x)SpmA%D6#lmlMB`<(#Y)7e)C3xKXDhBx8sV=lwL2I2{@Tlw>?v|rTJnZy&X>7XC5Iq zp2IF>c!DDo)xXh@Y0tzkww@Hd`SB=!f zYHmD;8AErwj^Q)?#9kAEDCp3At<;2bE-IQ1-S1$Lh^`(ULmlQ~7!2cYEx7{^R*tE2 zvYb{3_qy^`du4F-{?J=cUU9;S)oEfuAlNA9Ct`3M>r*-FAm$6Pgw64)SZ3S?%(FrU53xGjG3GGx8(9eO8~F|0 zfknx1ZvxJl_0)bg1K~F$`pR#Z2OFzS$w*ME2>2RHrCt&!%$}qv4%8Gl3>ZZU76ipp zUEC_#&+9Z~MuzV<9%(Ack=`ar67Y0=$58bsed6p5G}{&Z!d?F?`jslsmY^7L%SMgB zuhbK{rFW2d@Df;gHH$d!6M23eL@Z~CXiyU{zcwIe;A2U8ejRre&*-*UZ~7kX@x?d; zx}^h<0q{^*BsC4dFHC0i^cHuHw=3}$NIWxE>yD4 zw2j+SSq2VQQHBKKx9|#4Ue*g<(}t&>gghr@L~Bwvr2ohW{Y=2T*)px60;w!I)93r# zG{b4DcbGUj7)pjE2_6^?At=;v(7T%c`+!NvXyp>bS zJ2Kmmi6}Q&f0-tNf=BfJQrO{Rx`xi4Y*Wnw6zqE7j4kMH=VUxw;E$1qHdi;H%5Gg- z`WD%$$kx;YT5b{rf_-)3a3`%MlC%l5cazacJu(Kf|A z_cKu!Y<*8Qurtymw2y_ zczxp`Co*Hr&*bP2X%&{1b)f;oIAt=`v;u$P#gYh~MUtWV00(64K>M-u_#9Ij1O8ellaAh?4GNzu zlkSjF`ZMJtXc~j&2Iw=3LAU_xJ%{z1j=b zsQuYx`?={?KK!ha%#4F<4C&v##e62wSZNs$?Hu=Wsh$=!_~OA+_`jb)x#MuHTc@A; zCbEvNc6?-3o^^Kht0YHZBbBRpDlgI#c7pJJwOGh%j!z)UW;TqzI59*K-J|xmpMENu zs}o$ShWOp-`DFcG^ZB!f(D-~yMDAuQdrS6BxF0w??e2P)L^c<>ScpGcgS0$>rynp{ z@cDqBrYNqR*LxhqXYNnK_ao4TV`rQl-}CDg1?>_rbhgO!B;jnX3+K1Ux>4EOm&<@` zu9ai)i!!_{Ad;#AfL`|QSLN`SN-9tUA<$S}g~r-yTdi3}a_UZMwWY#&w&18Tf8GsAw!^+I z{Ro7AVh%n)I!o85P*n)beb|5>6sbjQGPEa!{7Oy7jF#= z>{7Q>kg%UOaYIlI^#2HZ=jb}vcH29)ZQE>YHn#0FYHZuKZ8o;i*mfG*Y4oi=&-3p6 z?)U6-zCV(zwZ=%=jHJEiynpkWSIH!^eC9HfO%P(DOr~pY7WD)U7vQ&weY>v;nIFz! zM+kv;)L*>})nNz!w@xsg+Z+YH6xNhW!S@&{$O*%vZs}DM{3XBHs|)+z9ob(4Xe_TV zS`nYEndLn*LZ=0%7rz3@qRSw)hwcfISx)@bvW?!s&IquRQ3c0nT6F=*v%7M| zaa6ei$v^_f)2D_+GMV$Y#=1Hme8B>-6n??NJZ!86%@4E3 z2^d4}4;&kxyc!I|LHBDQktKb(t7&JZOfGe_9YDBA8M0&wc%)|gXyGONI{{4SYQcU% z3j&97-(WnTJtN#P4EUTUjdL|4v3JA2&9T?;yd#ZgJQATjN*G4g5ajC^;V2mQVA

    a?}@x&EMw51@{edi{U6l8(Z?(uR!e5v3rw2`kD51RV}$(71x&SejQ z&qK$%FOszvIvV^~0&n^Ir>9T5ce(n}Cj-~fr#^{L1K-njj-T=oK`7qO6{4?Ajyr+B zgh#NwG$;^C@bZC4Ct&f-oeataf#fu(owDi!+DZC;iQ^iCx##c0oy}vw_af55AsuMma7E9oHNHVVSm3;jAk!VQ|?AAu;Q1q}iZr{$WdBT|Lc z(1}X`>Gyu**^uCJLArFj-sLB+QlMWu+68Q2H*KE|)k3_s1?u_N_10IbRmzv#6s4hx z7mn?`DGE>(4`>xV zP!*tPp$bR?787U*@CQwG9;L3)cGS0e3MZ0(op=d#DOQ z{QbNHGjF-GVnCJ=?)u?*_sm0L0XP8gDM;3OJVY9Tb$$l1uziQyFjrQCf5>jGJ=$Fh zmF-=8@MDO;yfX%YWKz{^g%cD1M2)>D8tGpi8?O0pk3DAz@Yp1%Hh=`3k_0b145u`3 z6zW_0B-S6oD_Ty?ny*!a?ikk!VSHXsE=0o2Mq$*ffK`0F3{{$Rfp)83kcahWdPXFd znH&d3ZrF_ib^JaIvI1^Q4ERrZERYGM_<^+3Zm=2@_$D>BtvSmJ7e28VrJ4~8y=~br zgepBY_O@iBZ2<-H@y;G*B1%%tfC0bZw^~4?4qCalfe*pt;=)nvFbO7>9~cqr18%^a z%DWZr**btjIa^gNXOwf;`X*M>vsfnQ>wwgz;9uJT2)E4twH=_6T!yL1U~3U<-2aoI zByEPxUb{}VcVT^SLA#YzT@tox68Rv4hV1|X?5}QFmUeO~{`bi^HLeG!jA%d+LntE$ zYq(*~EJiu_{|0oSu5kZumIdtEdLnO1K`&j~)S|Q1lGtFgkHn?Fv57YvIsP}h$y$YT zRU2`{5BQIw$DxT}aTbu;GKUryFfH{;^b{~50nP4)-)yDgjKW^`VV+u(>zJ==HwSfH zAz$Wl!CSZARC8qN1?`{$j*jKR+J)%;x1kg8Wq;jxRHQKMbRR6Yuaby0HKkBU|7wDo z*X{q)1m*Ss_421^cHw_pAW+>L{qII|(c*8T=|@-n|1g?Iw(lonR(J}^0Hdk9GQ&YT z@CN^Bm_;_OJtN!#Q^+XV_DUw^X7H7f(p|Ez%G|9==xk-rTm0PP-kn*h)*pt)^)641ur zA^iHkp8?|;y4!ry53D02IssS{D%|DHMl$KH@?X31(I z_D6%m%#)CZn!G&+klh6)EI5VIv5%9NE3<+8Cv5DJzT9)LAm?;u7C`3{Nfm(XT4rPZ zMRpkq%vGBKolk;*&L^Z&kIxGCx=@3QMEy+Uh& z+^``iqH+OVb4Q=(wvY^R=zHyW{5x~Bv^w*;Sv=C6CmTRRV{ z8)p4P{jHCqgm)qqJBQGUAr{C3?WUFQ-+!!~reD}?3sgC-^`%QqM%=IAnpXrqd;q)B zptH9sZ+7q`OHGML&g>d(v5dl&f{y~WGvCroq64`j65OVAS+P%ycWQ7H_%gdo@jO@P z$eV(PjrKcYJ;An3aM(?ZOW$w0@@-!YX(2hBl9}kjRq%2sACBal?Fk}49Xq?y(_CTT zPb8({%s5kLn`TH&5NZFET5$59UingMM>?>-=YQnLfkSUS&D`EkW11}LxOwW-s0kb%K=zlzo(e;^$8)P6TqW-N z_WMp8f3PrhCB5aPeULMCT^kCQNW}VI6dyniJz|EAJeE&Qc5hMMeXif}#XZ5?1{%GM z4;a6_raoo;5?Z4jMT|Jn$0wM-5?wRrsp)-Ex*gbg6-tiZU>xqzw?xchAZM&o?s{zO zwvvlL#gVK3BhHaJ$$Ll$y0HuoLwYnB3mYb6&Rz*N`9*rBhTzG`#H>HsG=jEys`?b6w!XTiM2fjgfLa_4 zq_qVl`hE|D+V2#SysRBC;&P?$sNgejnQ0ig2*7{TC z>;0E~k60G|@jHHvRshec=nMDz$tF*A%ZgFwqjlZw%LfMc=O=te%olVTKmLY@O(F$&`h>_NGALKXPZmx^EjeNb8U!nSlZ3e`&$X{8}xqV z_YjO2*r_2gaubIs{mwKRsT!V5#JFUXcuC5*6d}(pU(u@;^y*q2a;}cZ^{V>Q-|CLw zpm%f}PYa~#A|fB3tWj&nbY~4Rsq34uQdOOJ1ZgY*Qy`wCc;)MIjZ0h$jOb=JS$Vs> z+?JFH$M4@<1-x|Kh}aJE!mdV~)!yZNCav^hp`hb7xxX4+0w3dkHKXby;I(+i%&!Ic z=iMJeGzb7J!K-nbx3`_}3gVYN9N`s!CFt+2M0#XL6$D5qMw>xV=cm6UlzP4P5TPX- zdG)w+0b(#DN*|9FItoOSq$sf5_dmnOwMdZ~UPb}l1q2S#Qn>caa>^*U}A6JyqkOj3b6(ch)G6zZ`gld$$< zv14qHSxZc_h1oeOn8u1h^09WOVZ@m9Yyas39n0fM1WX_k0n&0PR&jdYo6-W1)r>+b z!r@sy;;HsT=Seh100YJ3hOb0 z5X1Hs34?wRogn)SYmou(>?d|3-3FIS?j*F5B)Tp3TU*@F0>6T6VcpXD6Sy$)}5 zs#ys70zWn*CfUWci)L|~$vZdEwwt|YH=D0(=({%?2Nwz!690@g=p}slBfBP7wX%Hv zXaAL0|G>Y?uJLHVV7OyuUyp-A%;_=7ed!Od!dxW@V2`Vd07+IeI^&F4%iPu0#XkBC z0;k&SlwTT~a+UMEcKe1;?X!PIe6fdI3i(*zE7HR_be^WVx$n7jx z-uC=aTdg0vbYG}_SPMCE(nOE{1nCNV{v$|dtJ%D0<4XVUg`4ypvw#Y$r&-`n0Z+T_ z&F1QJ*e5$*m?TQRraMs->M^CNrXSNb7nhecn~j!a=Qr4nM zKt$9LVEQJ~%~Xh)YZ&Zqgn)HiSa1gLCHyKw_d3gF3q^8yMW8I>G-DEM;*?`oA-rAz zt~mtW<2ttBrWCuC_%AFR6Z$_H%?w+i#Is}MYuA){vgjFid2;PS16E-8Oh9dzd&A*#l?pB1q>swG&DhG#Hvsp2CsqsouLEL^z6#KU5u0Kc+^= z&;170?`%GNCB~c_t1sOPO^Z&1s9YYB6>U z&YUhLWJ!ME*q)dAh=(&C@Fn#gS@BhyC*Mw5wkms^ItE&@pusv)A#Qa9*l`E9TSXxk z`QnN(syV;qA*F`8!ZD%n6F2TDa%}%pbYRJhVSA9(@v88P9vRC)W*E{pX-t=-?XXUc zn61?su7IY=rt=f&cFq8XVmzZL19quKBZWf#Lm2417u3@h^@Iw1rc-${fx$61dlt<2 zJ`hn|3*?K)ya%zo_oDTHXRy)VA5!Vr8nr5BxgS}E`T z7WA?yGP(x3_0vdE21$OZzMv^J^KmLtqqyx*B{(PJI^c6q;zms|As=6(>BLylLFHQ% zab~FD=&2QGAooah=|q=@&mU3u#Km1MSfnxL@Wai#G<(;gjtO z#cf7}(Ss}rHbC7VAq-*|5wvaBlnI}WN4RsCt*-`O`Aa_V>1<;UAfGdCLAJ+~!RK%TCDo+@GD{uS3#5MzEyh6@c& zqF&q!Mf!x_T$pb+W1&J^phD(&>>7G_1ojTKLy!#PPut8j?jH(L4puoX@OKrkol$oc zE^U5%*@U5wYQ1u4E&Cy}D6tS;hN@_OPjo8N@Uu{E9%0Kgwj=sNBp}P}z-FZG4nzZr ziO;s5cuj@RGw_Q&DuX+c^Cjr%plmCBe?ChW+%8f-agfMt;CHIA3Lu2)sV;m1oc=<) zC(w{@53EM{duzlPQVtSyNhIQQDqlB6>5@FxtMEA)9_>G6v&Z~FriekNK%~I3pg5Hg zL8izmd3T&NTbtj9@%a&9zVAJ*#~>de(#hC$#qV>xeX|@v5K(g@O_%`gGe^b_m?m>| zdKH~$v8dT7wE= z34#hzK?KQ%F#;1#UXTS7Zflub^9Ie2&9pm}K|r(4Azq=&6Rit3V12O0w8k+_jbuZz zxs8ksv?_~Z)q`MqK21yHu-hyR3JgE6-847ZO{X+D^&B5^o2o+U4t$df8?0kq#VQkj z%TfCnS#hDSHB%UGX`0y`AX$wi{Dl12+(#m7Inyoq&%2g6= zB0mWGHl|m&w*HbtkvsR41DS~Jcw9SyXo4E$^LzYS3&TQ5K$oaYZ@x1O>1pbf0akOy z;T(}^?k7s&_=SyY2I_d_`2G)B<>^SYHyWXF;#Z=QaaxTaO-|!+7FkJ{Ww^GC@P+g+ z&*R8o@#r?JT5K(Hrln5sqt1llJVEB!4;_|It+2xiIpE8tRumOFct4|`t#C6D4PokM zDuE6`5tnpWPTaYlIPgkeDQyRFW?;?eOOS$a>jz4PW72$K(ClWifbi1JE8W49>*N-}jabt4g%P7P;IM#R8Bf`5<(R7xjYsM1+@L4;%;NWr;b^ zggzRWT5C$@(-z*`C)(mI64dkbRt9=Xm58745aQ~~o?YWk2~W@r@k?Eqg|UR%L2VRm zZ7pT~@1H`i(r6RhYQO7)1&ZqvW{=XH_=N)x36%)Dr z6A(t}D#-{}u@c^FM+dkX?(UDZ4;@5+SfMc|4y5@3CwPzf|2)ABRj(-tM%6j2<#|hg z2piJd_5HYcL(mV?u4Lrq&t%1^OWFFujo@q(32xYLP#x6AkY)->>Yz#f=L8R2?wKiL@b=L03T7qan!a^baRX;H!TMphaNxpgIU75Z zhkkS=R0}W$9EC86rFV}&$)_QKZ&YIHTw4n?n?6SC%DMJ zPH?__zzM!ZPO7NcEJih&yzj?#J=u0dS2i8?_=G9GKC|v2y^OZVH8%SRKl(a!VDDUD zXvLbUH|1~M@Yfk`wEusc;Uq^nR;%-=PWE8BQf(DHAmQof9DO98%<7Urler2#T_|!F zeu};Y+hEW+u)@X2 za4sm>8_>o~5O_DmEe*<98;bXEvzYf;2DF`en<}JF zgHzY*ZJ+}Tj9felwGIO=!%iNgyHC6B0#{zB{t4H2XIs$y4gU>y=;J39x3`a}prFvhc zRD7Ehan{i{q?(B!_Au97?juLc$z>(}r7{qYHS+1<9GB2NL-l&fteJeuoYU1_R7MT% zgWKP3#TxdypgT*aVqT1FPg9Am1;q6?gmLG(X&#UFrZ@2oA~e8SMe^eUJ;>Bd zfOT5OOe%l6W$}0szc5$kmtv8P^T-;+=bDx>D-V&i?8nwVB?%lh8G3B9KsHc91oH+qwA?!&=CB1vacfQ^lk3+(NX!{SG`d7?s^bYbNm)u$$C84B^M^Q zQE`-$-5MORDQdUx?YupVKpuM3u4_V~`(iu7BL?PBy+2q@qPg1S`rQeezB{_<`Eh1X zTPhr5n}oaZ8Dp+sh(o@MHIi|x(4l^@+k;1wjE8KI}e8v3JU z_swSxj4AeThaTt6PZn`vEwtIdB${d#6gL2I0nF{=6tnTO9BTHX)Z=pXV|m2_^!3~4 z00Ozir^u^5GWpskAf5JJ3lLO~0*#;O^ZDq z-8bUHmX@KBt1AhdQp(7-tQuqRrI4!au&XI^uZ5#fPQoyaOe7I^grlN|5$)$BNO#ywy3r`+UtC5`oUzzCWq&(xyoG-lg64t$^l-u3UWo8O5H|?m}PrkIC}8 zitF3-Xo|@K&P>l-2Fvxe&l=oi+k=Zn&d~1&i!ku6N~@MQm#<@rHnclQ%NvFvy(H#neGtVXXxcHt^&aU9C8l$7olm|CzM3tk)g2|; z_V{{OK48mITJ|?d#vZQTf0VjT2da5t@mkpD&bLWS-s0v2^@vTi{Ia|rK7E6heKoKgq4ipE2BlU5i6)3mc!Y{zi5u>nfckQJf7_W z8PgJa@KyUuYsYmFIUA8L^EMA!?3(veQnf)aq-zp<%G8ZEhZ5#6KkCmPZi#a>!#CIy zHy&_Zil%r2$Oi(4f<_{^2a~Lt!7W+`T(J7Mx2`&vFDI?<_XpL(;qs%(du=0MDW;zf zfzp3(IWXt2((=ZnewdSeNVl@)Ani_)tYP`q*AKDDjrN3n%JpE9-!Q(|S!`*~Bo_|! zQQB?3KfOou`Q&$Jy8ZrX?borLe2H0AysIoc(W^8k@&G?vW(gj23{~YZgWQ^ch3`*W zZa16n9Ncz3?~t4!5PAq#mGk~^;5CKl7Hvd3;(%Or1y!YP_)xuJ6shs9nB^f>rI)0L zD%TV-kFGu26U6%q|E)wz9vxcHq#oVn6+UNaJheI!_IBDg2G1OAp+6cHr@#H!R>`(% zV%mD%;8OcM}PL18pS|Hkbrwen@mj&{JfA^bv8JzL99&*&Pb zpPg9$Lev72pU!UZzUEsxjoY67oBObTQ5^4(g;8zz+lYEoS~W#VY%Vt`Dr;Sb6NB{h z9tHKY-nCSGk9DpqJHsZ03HYO$7AA7p(40W}d+L zBZxCZjofUxkkrOnWpB=7L=W@Q2^>8aPi)ucVDpb<&(jt)iUUk)$6MdqS|f?Tl}W)) zofqt?PPjqLH-n|b8@GNbkv;Mz`N^I=)@&>4N2}A#D~~|d8o>7^nf*9FCE}=rbQ?&$ zepsZPUNB1ztJ}bd`CZ})=c_dbl;vbzlVSk9o84l$CJmKww)eY-oR%xb)GC+a5rR(N zGb-Yi-Ot@lu!EHcGWeYpt(5uDJ&mM2L{3U>Dh>r(lldYBvn}H`Melr$TPs6z0*aoc z2CRMV&@((K_#~Y0g)&oz5fKgndZ7*86cLWM{;yLP&Tf45?W!ny$oPwa5>7PXH(_$* z>;$v!airX0l^_JOy8)f)fYxwqo#avXZzf6-1|ki3+E5qaA;*NnMUqvNj*bb z+g*)0J8dOj@Vb5B#1ZujqcZbl?plf8q?rquoI)ay?AuQJaIa{?kyF)`NEv!ub@Yf& zkux|jGt`Oie4v3z?%u@@vG_>k-6Tix3eAgHE#>Z`GDfMtK1;?5vYn>sf`VE|dO1zY z#4@wdjNuMF!AIraDay288bvcR z!;~{qh&Pct*iCJ*J(fY`bWs-$|KLD$emqPuWKNJT7q{v&8OHlfdk4CTR+#&d(BXgA zDRbH*jSdyynt_ReqyFrb>d&x@0+Uh#C~iSG-X`9D7=0c3@{MXWd0OsM2s-NK3q_$XCtTng#g0-h`n%!SKI*o^^?u zGtBZvYrhH|I>6`gCs75Ad1QZ6h*6l$1`m`wy3;QdqB$9i)&TX$x0ZJwLJRm#>aub# zsx~129>Hm$1tc%?xY)VZsn~C!1!f-c(=jDaRP6xW(L_wm)m$QcrZ~cpR|=`_!nB87Hbe#pR7m)TG0DT9~T4jXS~C zs)qZI2B|%|Ab#(p}?$Aj!J_P8-loNoJ0^up%uZ>2PTHQ4R9&hqbT-&O47lkMOi z&T?u>)Pj5G+JCl)i_^X5Tu2j8Gw?}YsTn&jLY!8VTWwra>Q{o*e^KeaH~}o0V)?0` z6E+){14WCv(}RMGdlKh3tw|>$?h~_lzq{#sl#FUa-QQxdfOUT|Gw0dGdUhVgCy>eH z!QFO_xVlP?i!}i7h~Z)imwlUf-ft@;6YOJ?ljhIo$2a9X>C8R9+-mSWHds4R)1@_M z(tj@$FkD<42&NJ|Oy&*rhp%>*OnC*eIO!7JzXp90AVBQ3Y$fM9ZyrBDYyvZT49weJ zHQK?2ieBX)$i3zwdz)9w@zrT55mp#^)L5~8Q=(Lu15P(hJ|M*@OgwNEA>be3mXGZ= zW!Tm+09^GVyd)srrQTj?Vlf0LmhR72J}w}bk4tOZdR-a<r!`h?)nQ+Ts9p1A@<}Z zG*xZvOzrF0T}qr99@a0eT54aHrNC*~j25LXApeqOF<#Wf9S&|5!wOFXFW^ zqC(6;6AbX|_{Qmz0KGLwo<_}?Ll8ESZ@yNP_crA_jgDMH#J-X$DK^M3O4pnQ2wnr^ zOb^(zA0Pb|xE|VeCm99Ylw7}ifZco2cx&W%g(rS#Z<<|tFAPVDl6j#b*L?HDE8p$M zhq>oHj1>175R*u%7GI-`^J6$K10lWL;`A`@ID}flT5c$1JlTU9_H&S7;+EQ^2Roe@ z(WwSGu7!SBr~SH!fb~H6gK*EJ)8{{~ev2!r@IITtHKfXZAB;h>!DXdWXB1~ zzghCsrly$s5@|^%1}kE&Xv_E+fO&(Szu`hnaXZTw2X*GF8&Je|PpBIB8;~uHmJQ@C zj4F{Oa$P&&7W*e}%mDV+C(!ZF4GG_yb()|#>n}LRRiUGgycQNrn~JzMJTQcD3Db$` z#6^vkrc`Z8WlBC6+?3>Mk+Ntq-CT$@&eK3-f}!Dzj+7(m|HBMrWt*YHRB^!d}$*a~1r>vjZqBSXNWjJCzuP63q#X zKy6%m>G~UrIYbWx!k&-2Ej%SzI?0#J1(F&UjoG&oa=yz)`P}&V?l*nATy&vRnToAz zZ02_JX-WN~v7BWYSD1z2I@mEeG0TBOqwO*l^B>wnPE`l-=*3sC(>)bAdM~-HczH<* zawiTM5`fJZp*~>}t231wlX&aV;gyo}m!#-L;fy;^O6@jjr{oX7b0hIsu&Bu|+R!FT z-g@H5tKb!-8TfC#71^Un0kjeay+$DI8@QHE)R6?~1sf6j8rB1-kL)#0FyrPgabZFA zzvijPyE;hKbcFOz`!m(+wDtP5p`p`cFp04AhUyum%~kkKD1o3-Wr6IICarQ#qX8FG z-vQ%B!V29|6YhWoz`Z26p7hzLroc*#;BKG&r}gyS}xFtanDzWEO8dWVMp=7VoavY`p*R`tOkl~IRmjr=3c67IqD20 zI_tI6>F(8YzsC03y@>hGR54V>uj&>e-8m?a+or~Ar-0r#b7l>AAzLTkVtw6G&pK{Y z;nA?SGe-oDce?q)ogcm4U0wP+I_{J~i~A{=7e5-x_6G=h*SO66>ZJw{Ba2DtXWBj5 zL{Xue$!B?yZ4ZYKf;1bn+i2Y>V4jJ!>fNvH$u0YeY6vNPXlHkxL?%=Fc4%uY&r;}- zo!Msx;BoX}CCg*Ze|-3BQtmLI z-t#omnoYLdCk8GHYu-uecf#1meZq)cfnzxCNcagf~ z8{&rnOfMu@NtEi>d~VxIu}RQPo%E}y`TFEY%{KkJ{pyDuj+_~GtD|M+mxB}5)9=Q7 zmhsm9&UNz_u$>$#WT(PGcP~EsieM|)Zl<`;W~!5^O8B* zfV9%4RnGdoR(`eUsbxih>Ogj>ox2k8E7y8mjt&fi>L4U=IohfKktr78M}K*)InOv@ z4K9dsJ{50Ax(cr+c6OE=s(2zY3omDcLoMDUrIKQN5>EunAVVvkA)5{3bJ^uN>dciH zJ}d^K-S7Q~jJDy3$jG__srq3p;g5T&*O=-cR9nn#1AgrN_AGFHbtpc}mcw)d{1G2n z8-5+I4)w~H^qx11RNG#f8GS(^Z9XQV*sVTD8bvthayHFp%;T2LMA_?0K@ zI`TD#dGiafczP`(2pkwzg^DW>mZ{rg9+24Gv8WA9MRGV(OOQAC5 zDBJJp`JEFsyuEj>+_h!(hH*sE=>$Cw%I!0;-@CHQ$Gk9Qf0B(=q?fv*_shnQ?w-*d z-dKd8Ku=6YI}X=q?cu&-rPi8AMTA#dJj(4$<}om0Nlvn29wDQV)-6&R2FD~!nJdsY z%x(@tq25~DCikND2TyUkCgW!9<7-D1MH0K`H8`Q9W{jsUTW{c_K4CB?OP$gUkuU|{ z^|N05YXUG;Jhxoi2q6bMRk`T!YcTN4=i|l|UK7=ld?~;?XVL~?6Y?-5P17-}AQkIT z=&?nLm~mkro>@1R7On#%iAt|8hL4_RQU{9PXJjsSczF-FG0`dQyuN8Z26?GBlg1t7 ztTvagLqql30{4HxCK@yj8&NxP^&9CP9%TTVUD3;9-aw8x`L>S{bzV>;x{*L3ypcfe zOV>)i5U?CFHAq%~3e@)ugzw*MM>jw=*toAZGh%#NCJ9YBNWZt! ze&;^mBZQ-?lUp@7SYT^<7s^wZ=eAU~PV|f{^&t4Ar%d>ik(2~AG$#r*)Np_jk&I1+ z12a^Bn}E^Xat%^8v4X;Zmnu^4DI!r@@GaakHI=_(XlQ(~nm4SnZE;dZ&~ELLO&|u5 zDX7*&cQmuzTaP_Nai8E6st zRcg8{!BmFvhWY(?8=rFz%$6v9^$$4qF`xs-%Kfu7+z<;UEmGk?#gsQcIPpK%?{pdi z%#PyuXT!7V*C}nmlEX|-yPU;LJaJcIU1J=M268i{ptmsmx-;;B-EiEfk0!l@T0b@~I_v(j`O58YI_o>2gIj?#^zN;`q zptK83baO=?9SgkyS}c<_bXucX;7`mBrCk1CTINVJN3|I}N>o+}r z67`Z!$yWxNY0ZENm3Z|DPjpS2ezyV-g{oTcPR8v-p&-Wbn&_>f18!GHLAL9oGP`b%*LvwAq%sjD)I-n$%h)P;qt_C zpt6P8R4v0CSkGHIpktXSTmKSF#9dAZ&u{dyJgQ?9lQYS+o~O&=%|a~Zzt+9Z3bO$4 z319n+W*Y~4_r|k1F&}fJT+?X;r?T>kg1W5kzODYd7CA#x{;iGtbaQ)L;Kyx{u1E(M zJh?_9D=m1)c*H%XwBh>#g>L0^)a76!ggHhBFHg3@8pkm;JHzW{j(dvSEx)2=`*69N zx8wbdaU|0+8OMo$Ku60+DT9T!&-jfF&%M`7Aa}gfU;qLU7l1k$&l$L!C~m`XU*$m3 zr|}q(Lu*<8loCW&iUT+Wd3BE0L-2SM+4fJPb6CAQpQKPg>mZ3P^iy=1$NOE3M&kYLj_16!Tg6z(f5H)|kK;4MpWUIu7>`A&f; z6EGgbz`N%`9ACm<)IqqJnb%Zi~1d;il36kBv6C@juVYtZ>682Um(hZA8A4Jkr zpY5#1j-}w(uL|P;dqHCZuoq$__Vk8o7ZW=pv-1d+VveuSl%Ay4g~+YMe_IRHuz#$D z1s&|#C&*k_*?V>NOiQuR%+xP5++braBkiC7DlUXH(CsYGDG&qH|C_g9v$i?B&BkVZ z;{UcUMk3K24wc{RWGL|xJ?goCoPCi&>TubX!sq=JQ(~q#iMEzBE>#B~4uff% zrmKWuOLHbC3*e9Fm;n%^Skwl~+kVw&Y!ra`pAg%<`t9E=>iLThr1d4D1D{3WDJ1C= z{-x_w@KxR+DQH;qhHrmTBu~Rp13GV}g^0up45z?{=sisM3wy3)PDz3WN>X0~p zY3mwfv`LE?s+ITgi)l}ygEs}I@SDAxcS)7+DDsc+Gsw8S<=A! z>+$VN^CoU%sNQyW&!_fYv2kiD$f|kaq{BzRjNjXk*OlMXxZSe0uxA-1MS<)Si(SaD zbvtg6n8Bqqq7f#RDX%77;`;6{HJ5lOPiD(|_z+J47lsA*+QJ|c(h*1>2CPWRI?!4#NLZ@~hOa=?E1n8jCz&KaChV7qli-AM<@oaX zjAi*gM`h2CMWyRA(nr4dcfJ&XorzvkWyXg|D5YchqgWy-cu2OvpG;qbiqS7fTAFf>u}jD;$oqjKu+)UAFZZn?jVkHKH~HlEy&_dX8qoDhmI;6fSjZ8n zww8)lIIm`dMh!BFZC}jWvQm}>JL=u(tz;5T1K~m3R|=F%vHWM0-A{RO+45ry#jfU0 zl%yX*hd3b*V6O1cD||z7ewzI}y>mZtpF^NnVF7`0vlMuS{)w)TbaDJF%{~}UVAjOC zpCDGZ^3=W51?08-x2SsKKpMt;a6}Su#sm~~P=R`SiK<*3;>p^b{fy;~UZMK*i&7>K zfxm4*yTrFD&5t{V%UZGspO9?gek_uTRIIntA_{#=;0aI(AOiU10Y8<8bN$4-FuBEa zHneOt|M?>*xj%oAtUUsYoa?yW6BiDlp{`2p+0K7ZfXM$71w{OX0*3#f0NbI*z3hk5 zB5gf)vuX_4=L9s_x{Qo*GQA-hC&!PZ@74+1YU0BtsO#~|Y)i8iM<{N~8_I_Zm7Z>m zu!I<2j6BpCdcImK{wQ^)=y~2-n|B#G=M^X}4Xok!;%BZV<~5H}3d}I;;YhCw?_*g$ zCKnI+^pJmF`u6S}uNC>3=!=f4ZZsd^mR{s@W5SzL_u^%3J$kt}M|n%Azi9N5(H!(# zK0tQE=8!sNx=UYcMIH323PN^iwFPJz?aA~+qtu6f!Jyn;q}a?(_rHIcXEvk|p!4h?h5)+SG@CI*U_retbji~qjy)oj=(sTby zY?zVE4sHLl&^^lc^OoO1U&2yf2JlIr&F(UvNOSycB?K?sac}jRE*x2YmlSkO`mEPJ zsrXqA!3WeXr;WKT1R03|GcB7Z&0OWz>q@Dk7ajX@fZz=Q&m-hI`c!MZt_P)U)4hY9 zG}Fd3^JEpIZFWX+jLTA9&54nxIiNl`?G5B%5`wM7U0h8hQUo8-xjH-kmEcsob(Rnb zbzzOp4T@rAioAex!XeEneS~mCC$@l-$k!BQGrZ^9YW|aK)IygPETkra1AQhf4DvyZ zw!J$2J_W($t0naLZw-W}mj!svmgU`t!8*mSVG_Wqhy>tOWW$Ai$qR01*TgX(7&S0% zL~*dUW&}`GaO#d~!hVz>Pp_gxA(dmO1aslN6hW1m{!3J8<%DI5r>qSKr2?UL%vkUc zh16t|8$2r%77))^4MO31x!;m^>(me}kdbDoezO6R0Fs^)VF zY+B&r(v@KrPCc_!!=-?)kAgGw%yuHf#1Fsf8~ZIvKJdm8YPi%LEfH~lUWLqa!jaiV z)T?OzW(T3+3zKLx8{!u0ym3;76o5E*gBC9EQf(U_2cX=F+w((IP}8!Ee_~aZ1avBP zZue@iBa%EY>&TM37d{gVEGD6c?|x&_fe)$ts$|fbk?{7{<35qXN;a&Tk}85wt_4rr znnVB1V?>LvO#CPc9B<%kMO)hWb6?&J8~H=of=MD!)e^2SKUU7EWXnf^!wFC*7?a%S zRmi}fXo=#b>O#OMN~dkGnT8WPVmKc2x@II!u5BO) z7r!aW$1lA6NVp3CB+tyIXf-4%cPwD{{+uQ_>4cO6@Ch>f&>{h)E=Un zW21`ClZYy*)o*0?URH1x3p6^L$I25T}{D|Ekm4bNUj8&_2xy<)qHK5qV2S}4G z)OxmOXrbGR{-y5gZ#|nC-LrD;-`cgK7gce~DobkYTWWo(QHs_SUYbkIwRK0SeBJjH zs+voJ2P@>RXWAD+dQ@?TEWuoFB(`{-!u3{LJkT7YM)KKYrzL zwn7o=b&?5zTYWrczMi;*XR*mngDq()&HN=fXCYw3_`Vm?ItQ%oum3GpwB95>VJ+vWqJyvt0FSs{{}H|6e0 z=37&s%x2R2Vhc<0=i1|ium1>qUI!Aoui}hh&~xaG(sTT!upXAv`So-bj+XeyO+8Jh zznd3I*4nc6{1C`!#+#wQ(>?K+AiH<>a(+iy`1%?)!gp1-ILRtzC*r+t`*rHe5U5k) zG=Fhy>zbYDid}PyA5F3&5iX**%e@H=ZpaGfMb{Kljf0F`W{JuY=z=-h=DR6S`>_&UA zS*ZPo6c`Db{7nj0i#;}flkVs|m6KO?D;X(mY8&~M=O;7Ir%*gsok(Q{(3I49j6r$P z#_l8qi~8xMVdY;(kVM#_mRzoN(7=lao~wD0hix{@zI%>JG${q1#W^0#;`=1udG zV)J_#clNyyno~xjN2(#@;Q4FxDl>vJKua<44Cl+4&t-8g2r%lVUR@gUo+{mniyie5&7Ah5 zl++qiNh;wJjS%Ya(!e!UF<3|MGapz3&WW^c|NIofm=oql13+kDrQ1I~g^=Wt$lM3+ zi?+}f)v%pG-Y>xD9hPNtLZ_n4b}!U8BJst(Rdn11>{tt$g^NfHCMGs^AV0pAN3E+_ zc6R-dIjXokW$HUIPlpMpvBr0!gPI%DM1dhp`x^TV&6@;PcZW$u*8yygCgACdWjOCN z+L2LQJ;SU#v4csC)TOt!xQFCmL!`rK4VXZtTJ;nEK&I5^sua&E{w)J*PwXn}&BmuW z*;l_6A3IQW$C7gNw3NHY!8_P~*^~xwp^^>hl8tqRb*f0$=|}vm_gK%zE1TyBnvy7C zB2sArJn2gtL06r)M-!p`Hs3Nw-%OzoJ9C+DgXN34DMV}pl!k4#Q0rs=cf=I&mC#QC6k~6?)LX1P+^5A~jfPG=LmIs7@wc8jWjZdZQNFHoIDs z8|)>YRmMp`YAkSB#m{~qm4|#Ur)-4bJS8L&es#X5sOjKFJCZC>FFo<-=eK-YxdA4X zP{`RzB#)jTAmraZq)u=m$&|cgK{1A9bLj?H71jxS{A>Y+Wd!RdWf_M7WV^sD@4H#B z*0y9cmT0Z!B_jqZfAR;f5D0@3qNm0x z6@O#|pLj71ElQ!1p$biuRMXKgWt5b&o}BiHj}^#rtKD~t-*e` z}}w@&h?I=oMRN7s!Y3&ICP*ix{~qt@^6_JTX=dl=bF;Iom%42q3VRE*QfOR z(g39p{ohJ~`Y)v*G4zj8fC4B5Nei9QJ6(uVE$L&0jE2EDt~{|&FJCI!w5B%vAgSHL z9Kv#u6moMTkw+mJ00A@j@qIYO6!*JQr`hP@MA1}GZm-c$f8lUelsbI%?Q`WJJtt%e z9R#>k)ZJf5gI|&^!p3(I2q@ z>GDS`4E`k+$p2d`NM+HhX6-A2px7+m4l_{c8P`8?gLKkaDK$#B!`DQk?H2e0VNX?Rr^|jsjUv^GZ&)asORC z$zKe8Kw%2nm);tk-uh@(JXpf1vp1D>X!6x6=+Hx*o)mZHD{R+4L3ON^e}d|0<$d{p zpgQ6I7F4f5QrA*{SsIm0-~Qn}HZW8SXb|{TRkJ3j%kCWA;r(Ehtn>d-_7*U4?u*tp zuEo7TaVT!Z-K|KWxLYai?(XjHuEpKm-QC^Y=9_l!bMC(P-1mF)CWJ`{fjpVa%zD;Z zzxAIB7;fO@L|2?%?|<09#4A<%Och|rgvC#2=9 z%@3N(nK}?Uk!PC-V`iPg;i-cve9M?RW7cOlay&BT9D0Fh6L;Mjn;M9u?be80U3CkX z(06w`25Y=ik2qM)9>7QCLIJ*b|1PZyp=r9zvVm{05zv~`@?BEUM$Mm@9*;^5Pujar zUZDL$UVyLTK>f3oaO68P^Ow4i&i+5*XBseef8l4vy5w7?q)+lJK=bh8Kk>5*Id9ID z-}o71qWZdz(a95j1x1~bww)WR(H9-sHgh|?<7G_8{2-i)c!pJ=y3qOB9tK0l)qELr z;%~r|dme|fVjeu!KQZJ;cjXrQM0&eT-;<1wJd(luxCKpgrE3=qG^W=vBKy1Frv7Cf z21X(}wzr*+F0L92^z+U#-QxI4u2@jGL>p^JL7X1_Z62CCJ2Q7RZPfv`%_FWqd3*DpV!f?jpJoxUm$A9^1i$uR zbk<1!xwt&K=Zf%mGa(GvOb|3b>W;X^jeh8#;#y%5tNPshZ}U(;X6oDVG4W)_e~F9k zzv#2lx!Zm6VG)BW5MwMg;TPhc?kGQZ*#+sQg%fedfi(n~tPj__5I@n;gh?_R?Wg~v zhM<7esH`IFi}C^8>cp~h&VD&Y64qIWzRQfnJ-L*hv`f6~Wa^NwI67aP+;;PbRT6v| zNb^BTvIx56h58?^Ibl#9j~7uBsZvu#Jc#vS4+dNtoMri`iEc8BuQR%?fO%iw%=fZ;$mEdnsX;BERSe`;xgR(TP^EwD87&!EBLSX z@LuxrWtXOGw0UqXv`%%W6Kas&;w#?tTiV=}+_<9z76$s_xj+CEcy8%Q+j>5KM{832 zu(DC%`?nY4tCkE8)nCi{)^pvd;KMjEe6Blg@rVTSVpgZ?`bC&z&)SOeY*PS9O?JV8 zI^jAZ1yvn$zppUK$V?(gf(7iQEQ6%@B_QXz>y8 zgOO20@=<^&6xoGFlCf5{O6`QLY@*8%-t_CFyd$& zWMI-Apwg#TTr0ib1|8E0tOMzVf(Rw=R+)pIUA{@#ouxKMJ{E^H2R~9i)T^et%3toh zXK=;}`4<~5g6L9pfA=e%@?~Hdr$SPY=5lJNuY*R_HN(=MjfXb1HtPaoQ}Szov7CuZ z?OuV`Q3T>~jVwV$N_VFSC4J=rPlUB=&_6@feOG!l42KEy=z2ARnsT5SmD3bK_tny| zg$MnkOecsIOr%gy7C4EB>E?Wc;8B!Op1MdXR#$$QliMUmss{sMF^qXclzB`!;xZAH zR2Ss=e$_qQ@{#Vkbm8+;H84|@RAN?X1&a`APaRzs>L|R9EjB_f2W%#^HBDwe7zIV7 z<`yMn62bC33u3`Oo-T8r!ULELxX&ouL{5@CFd5rrvzwH4WI>Ctzh)wSDLf}_`d?fH zdsR^i1yxDh5t@|{iZ1>}>K1<^b>Te7&&nB*uC9>DcvRdxLQZP@!I$V;#>Y!^+$_WA z3C3`|7!BVik+!dc89QjX8Ur{vc0dx~aHjWjF|5p=`vC3!!do3JZSNPEbV3_&yzX8A zK($Z9GINfDsd=Bm?vF#Xr@7~rhV$oiJT4P+)$%Mv zS=d0`p%xwzpxgt$`=SMcCZfGo0YGk__R=ld)yYG-j@*j z4U@8`au~*X@nB;RA_hOn#cjkWHj_}zA>(I%Qa3uPcbTdTGzE10Dkpr3GpWS<`eQV^ zgNZMyoZbEo(yNhFEatIO2jyu3s(U4HQaUmAJ?}l*2BCYb@9hL`I+p zo#(hX+NYL`JP7$#U_D5=3ha;I2#H0n09q3S#mrMb>Q(UJc16RFeq(X@bpkh-X-|>~ zK49g-FSbLkrbH>FoRHXy+aKkA@q>g=?&$GT4-;#ZDHXap$B2C4T4L(0y_BXXwo zi#OxaioZr_Ow}*4HnPf_g+hTDWa;#57B*h{pAtxogg^TgmW*?zs8)l+2Z4zE@goXO zsJBh#{^3W={`})dxUg@A|E(Zg8Zsw-cNsru&%qTtl*Fi|WK(ND%vK_Z-Q9nGnwRT1 zKQb}FV4C_m;L0g!Wc4GR*CXa$omgg;Iap z5mbNM5%iTEMD)56H(wvEGSF0(<&)M~ICX?(fG4t#GK`IkY$ZD{v5d})jI>)IhOaZE z@4DxFl7R2|hj6%Oh?LcwTm`~zpheeilLeg7dVM~KS$e-=w+4axIfbP+)+xTi>n}BTz6P)i7v4bDxVeOk0&HnAp;B6!X>!%6d5zB zl%7D^?dCV_X8Sko*6I5%#Q@*!*P{j-sL3z_C9}INVYM{nFQ!5NZ`#f2KWVqdZ&)6W z0^)AiGJ4K8O^%Rm(vKFyho3FN%_Qodfo;Zp|C8~sv2;v>Qz2U5Fji6RnL`d%a(|uQ zuMTEk0x?;xJbMy~do-DQ(WFxn9bupwF+>Abf@*B5u#(Rc*xwztokQ_2z3}mOkrDUP zUuFb{&2KY;;~@?5|J-E!oi9ANu0asjcPKNB!t39tn;raD`roLVJ1cguBFV?|f1+;Ye^58^ zKd9RpP9>Vi8`j;wQ8&B4P&d>B#9o+m9ZCZ}SPNAxVMrz4x~33{lL;n&WlY?dP_>-E(l1Yy@sNO|*z zG{H5ny=dXYl^K_t8<`x#)lwy`&mpxYJRsL@_nfz)%s)`nF2fzXdCCLr^S!0 zTNY&6+2eNEAv^ip&-(cB;zzIAPB@vQ)OR{cns-6asdlP$&Vz|HHr#k2o9ChcVPl>V zGU z;H-5Nb~5A{+Lf~gvvgFVXG*5W?_9QRm>%JN%$&_ORlVrz1;Ye!LDTIFlOFD0q=|Z4R zi#10FlZdD2Phw?=Kl^1kft;DGg_sCxusq+HG_8wKI`$gRC!FK+MC4Ueds8L;J=D`}nPHPR|J)NrIb2@mV+|A?KX1TuiM7NKh_DAv z7#v!QdNFSIIOfNw7uUSk5oRvH_TNjfVH3x@xUHbQ_NpZYCEtL@ov|@FNkZPxwi4E! zR`cTmd#X+r*tmkScl449ATGtxm08P#>Wp#pM|xZ)8h8Y`tJpD<16Myi4&4+(SEZOX zKnX+={Fxd)5ngSK<+o+&ecOckrVEaF<4^C(1Fj^s!}03m(Z9g6a59{SdR4pBQ!uBuD~uyt#3=SR znwfgX7j+{Jv?H~d4iGX`rq*Cq*guVi{xpPt3Y=J!8F>U^y`xADYW*B+-&56TxAS0w z#8@+FeC5?;V_reQkxs*KK5kkOgiq(2y<`NEEY5|QjI#%8R*vn@v_XCzM4Y*Ybh7Oq z@(IxA_d%V8aqfs)tE0Y=$B5vEPDWL;i}H>@?KYK7<3QZ&gu5?xo0Jfh2$W$mWRG1_jKN7j$%_4|D`*!ZK#}|fgL4R-`;b&&vg!xdP_KjS70Hu5y~FLxue^;&+P6<- zN3Bt4Po=g5J!sCfEZspHIt}^wsR`!>F9H+!niVOBO>x=66J)mWZ!CH~DmbQahuz5k$g6PU`jGtc6Pnrt@cztT*gtaL z|BY?!x%T@^pc%Na_Dbf_xl%yeZCn#b0?~%OhcJDzz2I%kH=aW>1&P)REha>V&sxh< zR`Bvmu-LVPu#&Ze7}MF1#Ze9y6YcmR9KsMyo17VkKEJmeCW406SI`^;Bgj&~t%t#^ zYu4GT08|@B4PX^Z?T;G`a^jB{7L|Y(-~r$bKC%RxfR3`PQx8!xnATvnL4~@ki(<`o z)3!I0wBFPMq!nBQkT$&6i-%v0HU%5d7D7L$#q$j6!(~Ynllu^t`ma-NxHH7%QF6*f z?lwg@q4li0GNk#Oq9bBZ-HRtt6FjMCb@R=I6_T=q6;z1uQ@VldD0)KfdXrJqNH_Jw z!MFgBST$O4;0O*!$OKo)bVX=wS5hLNA1Ov^^Nhk1@kqc^bh$>!b|k_Pya29e*b+*E ztSuH^3&;lk*lCf6{B(sc;HE4Z_*fBzd8HZgync!Qp%s_iAqWHsR4d@R9^^v0R~}=^ z9C-&LhNxf4Ml4JWd55J)maWgJsi84HM{s^3!ZRL#N~I+_vIQ{Zk1Pwn~n!VC0>PQv8L1V|GKc z5Aql#5G@{~ocu!2R@`7J)5RN)w4Rxr*Ym8+OS8R7*E(_PRn?lmW1z@h78fT>U&m)^|nrlAup^^b1245|-GxyBi^b-z*gYM6aKiFU{lKWaN5X?qjaM7{EUW%oDSWw#ZY@N7;CBw zhjzS?<)CEgNk78F`z;mFB)B&r;hD--v$TOb8&vsUwm#5Ki~Xjrs=5_-F>2(1^wj~u zx1(RRDFn8l3|db6zzvcMoM1Tm>0E_0#aYMrG{ts-?!7pjc;Kx?yFblGsoL;n@87o; z+a60s|B5fVtQ1}&$G-*-95AlVU&NcFS?0@q z%jRXcBbs|zo2i)@>B{1B=B=f3bxhQ{o7&#~}><^uE^?^Z{kulHlQvi*?`S+f)3vh_UTCdD~26&#dZO{p`n}_lO|Q%6})Ja9wq+kP~A!TpB2r z?6Y;Wn0~OCb*Q{8Itd7`gZbr~)w%GIjauU5%)jgnfj!5`zk7~s z$rFw>Ie)xL3pIZN4`fu28nj=nPpd6p=j3j#)^_L(qV=Te?vIC;i(dcx&IYXK?0-R2 z>c1f>U6#l)T!UMmq|ux#(wKV=%}FU&#Bf7_RH=U#9SdfFMaP!im?D}LV)VRS>rTAK z{Z(7cStH?>7x-NBL-V$L(~#q|-9rG>?wj6qBj;3AUGhi+(&*|-QFt&Tz>I8?ol5|8gCC(b$5m0JJHp{$7k zWy}zsQ*-!q=d<}w32z%BOoAglB2E@9<`5UgV*&B`kdU3XZ&P>G+1yJmSiND=f=MLy{HWgBcI2LJgBZL5!I!oJ$0&;tmRD=@s3h+yivVJN|W}!oA z9KAh~FG-7U5qbaA9rtT5w84$m!bx65U&lBKsIXc|DLDYzn01Z>k-99?;U|2}MnXw!W8B1cGD?N9>ptQ zE+(+g?zgkYiLtAth4V_Ql@_#%1oJOcDx6H8kO!{4ERy*$XcBhF9Ib{{Rj3=l8>@MZ zh&Bl1E_+Q_^f9j zF7@v|AbuCMbMT&pE=EVi++@oepd)Znl2<)IiM}t0xLM5;Su^+*MKga8S(B)_nX8#< z#uQl-c!hR#k%z}8kmuTp(Uzm2kds+ z4`%WKC5wc!GG{}~F2WilwCEmd=!V^k*hUI&5==#F^bA(|BBs9gfi}>;od?zed`khc zRRwxdujh6c(I{)}s>YjX+#lpEs3_NHBQSA{XTsBNt(C!_2~coVUvQ(c+xd572^w)xs59#@l8U$?@$pXVfCe z5XtExx87y-vob{zWRK<(Y(&QqWcRaj473vRvx3?B4*cow$6;{-Ha~^4IuYdY7Kq22 zjO3l-FgSQPo*Z`IU*fms6ZMsDmxjWfT6y+8l-`Xzq!kG`M3`Dxn_96IwhUVTj+Ddp z`*BztrOj|k-OWf)b5RMZhZWKuW@XnlQov|ehs2E94Y|JfW`HEPcwLoZeSn(waJ8Vz zIZVqkn3b+r8=TDe^*He&nG2zhw#CqdtkB@Dx)tF^o&P7f0Fip|&hcTLcom8g5%Ld{ zvu{*Rx$O%g>AP>W*;ENycp6saFI8I&@8s`4T|>U zhG6}YOm6`{SJtH5T%=4x0h>O1yRANYKA9?rP)^a*yC%=F3{Q2T*EM=U_FSB^Ub-V! zv^2uBGfv#)BW*T9SLaOHG&_HHVWw45gA)j@6;ou@Nx_@DM_xf1Y0%iw-mq1%!#h%0 z-r6sqOgfCjc{?jg;@+-IqB-#G;{Ydf7uz+5OtlpIrd}nxP7^~@tstTt>97s|tTJx+ zJsTI>@|wK)9{wXzQ=nWnrS0$n^GZqf_XE6JM;+|4Zm$f2`Nb=YEDJnbBeR9tjg|eF z1eMX_Mf^UXlWzXb&$syGs$px8I5NalJe}y+Na#R}J}^*haznJNSQc&SPLsa5gDSH- zanW$RZ2GLr#nn!|1S)-FYMvjW?qzD9NcvEqJ(HzJ!Ihl=6`P_el`0{<%_+e0WD7hp z{N>9_9E@FUw50_JP+M7sAd)lhPaYyVj^n)DCT`W0B}ps@8k!KL@9zaoI=LnK)BNPP zhu(xS44%T@splFSI-kQ|UHVacAUj;9rso{l;HE`}6{~FV)o^fbwP0L$bzigf=X_F4 zaEoMqwB`-wmEk_*iHP@n&RdhgI}5%3w>iq+QN(QoTcRbR#R#uxVDI>j68}l6En@ABsIMN>lY;6nlWgj*;{fvN^A*N09dw z>wdU;{1W(R8fr_o^sujdD@MubxGi4iV?y2`^D35qf+>cFC!{4dy~V=DT~L(RtuB$vqpzp(28yfFb8cm`gezlbyU2W4wZb=dH}iYI?8`#m z$Ug?mXqBF{BXxYieD$}&7tJiVdL!hf2fi@4faR< z2GqyV(hJ3+u^5?Q6GL{T?if5NJJSEVyn-M)yK%MfYX7aShS?{tF}d|8E`s81?nDNR zY(>H6r&mM=vMbDg5q?#vh_Ct+1WVI#Lj1dC7R=01zXJ9nz3N{<@N1IHts#32xZaX2 z6yGZ$sas)^%DUURCTK3&c^3<3h&qXSOgXQcU4q>E|Gq=oJyi5xzV60vU)KpvB!HR8 zMd0g?Z*qa+FTf*rejB^hSz~>I!n5!5GKVWROBM$?VkS{aacEm;RAfWH6C`m(14xT{7E%$Kb5^BEBC`GbURI zlOM;;f%5JYLJ1^DR(a242D2#MYtt8`MymOc%kzh}i{W3X?FMxqgdks^aWC!D=kw$R z*C%D&URr?C3eJoHHHY^j;Ge#(0MqXYv+AJV6J~F?m82s0AMMHio-o6P{CmRe6QxQv zP+EBcrPXsq!VqJTF;H4fS8A%>1GSaGF}?A8$n`vhCC^L6=i=*3m(Q@%2n&|Y|-CN<|;PWRfPo!QO#iApuITbqA{uu{swd|rM7@Z?qS;r>1H zmJg(HLocs10%}!q{=5VHs8Y|&&@);aqLo%EpdwGi;7~GUw;fzro@hJe@Lr{B*5{h& zRs5IG5N(?HoFRdl8#l`GL0sSxjzebjJ7wglEo<3_M%xu9XC{35{aSiJ;I_;sQa3FK zyazrXE&R|fZ-_~1crAa>+YmH85S|ZNi3QytE|5r2lhi*|YQPU+LpL(8?@&|M+f{7* z<|=OH*HYh|hedAPQxg%1;x=uQ#*7S6PR^I+Z7K9eb^FoEnqqW?y9&}0G$=#~g2eX0 zr|60J31Du$Kj#P$1PQ9$dJoE9fS{PS518H1`(B|YP_AmrxS|e5EXgYSs5dtclApDN zj=b3#kR-*xR0gVB?d>?YM&So|AW;e4y2|l9oIc1|XDY{RXE`1<9Nv4q1#2Ne+8y3` zX(7Gr+{p!WO`T-36S?qYEeNH+wS9v7bnEgNcp+_{?z?`7UvXb9^9^`Jh{k-@K zXHUif(T;L)PtuzX5=ZhwXWFDb$d3=58gk@NIu+4#h{Re-jV^kxdr2@my$K(tNWwZ= zF$j#qdeexzaq8!A?x_TNQDf6>gE-WI zk~IV_=0&HL8zRVmLF{zX%r=dv$F>kT(^^qz!TkLu>}p4&HSD~&{V{90?J{oLT!u1X zj{j#ue&En?1{1mw)Cs$E*;fMlqI_smTFI^UX6OSD%Z^yLP+u=Y-xlC^Kd4>$eb+!6 z!b?!3XBREgeP@J@)QIwYx7}sW&BAojm_(izag4RmH}v?CN^a|j zKTCF$z?noTK{n1UR#R4h8p}zpDWTC_FX5q%^C?!^OzhcgR`3qhcLBKq_Gy@*QuDE@ z6=kNS#QsMR#d}|-5jQN{kU|*wz1E=TEZ2cD+Q@)xdUP<(q9$je|N4L_<>UV0pLr}m z@>|ocYyaS_|8BV6b7k~Vygy}fMjXC?R1ERT1>Z_0TjUu@y1HAd>^@-K!7T0p*hHot@7WCDBu4G+!FFFEOvN({+G@yI2 zqP9XQcCP&9LepYXJVRaZ>a-OuJQi@%tbq)R=)V}2D1x~~R*JP@^fnSCGUwX~qwXev zz*~Gqbc2SI)yK#FsE!?zLD_+`LJG^e*xnjrg+lVJFB&AlAAB`0?gKt|y$ukS)KF?o z^c;=H(2mKiCTdtsgeYv=!@Wm|Vsvq#P0({osGZH;2L-k#yqyyTv@ccr*}+_2xL;b* z3az#WS2R^2ZFX)LZkpoc$XT87TM<2k2s>`Ct6`GeQUZ)&(KdfQ#=ZOvvp{@TLd}70 zJ{CZ_mDIcCugnugx`n>tr&q(61WyODEG}8f85wk;nvryeFK0dxg@reMfxABIels)F zgeQOYv+^`CeX1Utee7WX9Bz?Dc_^37 zO$HSBwE*YKEEn7Dp40r%MN*j2kD0_``!jgLy;yOgk;I2m3i;6?QqcrA#tx|cd%RCm zNOH05o)*P*ptXUk#N(929jja&v&+m&LLRUchhR&4>r46byx0vU-CZ;r)a0+%v3 zf`U6)YmPXZR|)!_RSE-V(_{gopy4#TsUoUfWn*WA-{A=EUd7YN={R2TtC94UTYVr? z{h8}&R>EVqS%fNnklT~L77ol^@(HPEsc&gEJYfInsSc|vuB2lTc{@Up><-SU= zV0RJCNkIoKHn%d*gTX?8807B?=#sVGgJ0rHNWi^=l~qi)|59TBjfqSPelMyd(3ZD7 z8;bfp=zOeDOOI=@f46khY-GmL{GO7QjEzzOcD&bow6~6pnvAt?3)OM|3x$*#$(M!S zPVu0j+M&o_;7n(y2k*|$$NpdW;s}U!3i0n*|J&$RpUuplrpoZ|rphO9MxMFz|3134 zTk_A*Eg04qpik^~T?qjeg$OJ?^f4Li9xOhguD>CVz}vhIGyB%gP9_k4ioSo1%Rp>? zzI^Jf4Y*8WlteH|d0RK=CKpwEHNHUGB$oDP6C>cOhq0BmvAx0JMS6Oig)}>Az?-NO zisXWJAU+)M8HaPIZH0uM&e(wEZ(l^ioN55x)l^amE!+uo$Ua_d=@5FHXg;aFF5x-^ z|8-CER#Ac0R_GY`_E*0(l=MGM<7!&cr?sd+Sz(}my052BH*q#s1i(gcNo`sUP?to# z>Kh572V-r>>ClZKnDWP0r582mGcor#2*v88FTD9{Vk)RrYvd4SI9r1P&wCfyaWyKE zKw>m!I%P`osyJw9wx0hC0}jVn=m_>kR261Oi8?c$iGs=JR`3B%R4{C+FUNsyDTTjU z{2Q$#nbh_XFK97r3FpxbCj>m})}HTU+*JKzAf~FbD#=UUUkr=PJ#FIN! z!58+6mk3u@{8hE~<$kHG7ckYY=u_$Ldd-aX2L2VjH+jDu`$`KD%hm?ZrNcX|S%GMX z@PiB~{c1jfNBg};{d%g>lCl!3f`Xuq9#ebhXVt~*ErWaakiv`pIVR{L*j(>4UD;*6 z5n1yJ1^&Kw4VS3GB1xtet%DQNFHwz>v>7vCq@uv165x~21~6)zrNLFthk%6*7@i!1SZH+zLrDU-Bip06- zUbC=DoSh=w2957n<$zVg{tP*l_3$^;6KmL9Cq*OIA#{?1q=S!YU}xE5%-?L%(-**@F=Dlh+*D ze2Q>qt@EAiNXSoc^re9!uf@6)dHjePcAN)ugf0$10+MH(Me%~HA|rNSmozH}nES`6 z`(b&_mBKUzQNat<+wsZtF%Zd2MSRk~RJ%We+O9Kau8b5RtzEHQYgs;wFE=YS;G5RB zU>euq9d|dB2U|kX51Z0ZPIxm+^fa9p{V?N|+NTMta&Y-JuEdyQCh{{kCnecUIizn) z+UUlfYxwMZEZtS%2&UMC$ZaXcf(s*@dT{UF{yC$~=q871>?v`MMSjNXEW8}y6i}3rUS>n%$+LXGs>K@=AOCMw-Wc=PUY?)KmNPV&KvfEp32;FuY z%F!3TyvHv>eYP%Lb?91R?_0s@U(-wjPaE#&T(>P2abRWrw2)IqAGCMzmPot&#*O%| zyAKgpIA4v*re;-_ca(o`cq>d^al=7+6ly^k{wkK>Mk!YFh&%18SBkuLF|RI(JE$FU zX|~ob###nH>v0>o`KmbK0ty{36rnk1Hc0p-cEm26xyy&-ad@q8N%F+;d zd>LEfAKO>07oSpgb@`;HN}=w|ZkU@!QaKrZz~4#E3lGq(X~IdBP-KZSpbed=)6?e{ zfiyKJKQ(Eet12M4p&|u2i(d?Ks^FXW1Rt$KyObRzi+Wv1ULt*{>@|N_p^TJLhn|IM z(#z|2f{_pGl-&(CY^=Pxjk1B#B!dx_y79P)juEUq-A!abw|z0Pu`pO2EEQu&gRXSD z=&6$&i6EkxycF5&xfA`U9%IWPvo;Sgf!;7QJ5IVLe5nZB6Yo4XoneEj#f|?3WhP}s zd%zcQl9U-su{x02L@zq=@}_kzh0|=5|0BYtMw3v?;Z3jmwF=yGmyF7dsAG@sTD%AG zQNwtO?8_{|S#VOGV-&6g(i}43McWf_$+`*YM9p!J+?3RQ!Q|r7pzZnWEsUT_Ro zh`dzZk3eEtd0%J@ue!0+zG^v#=I&6Pm~mzSKSF_Q3b@s5`91g0*ehE>t50)1$= z7QLCajk+xr77jKUmIn8Q8funPRMaK&_7s@R(`D%gr9Q(M)6%z#>i}DtXK?sRZopaz zZ*ih&7*I;loQ&rm9P^p+!2nhejR0{H)#g%W5QgMnI=-zIu^uh+C&}ZZRgPmfm5hc}4i-y>y|&=2rIO6-q)89(h6nQtgtI6tdvDYsyT zNBgrs}+wP{aW8>+n*i?zEM!H~jLt@$U?1JES{?-%2(89Mo zukC(Wj#^@aS{)J|CLSRib!@tAo<+)nOCmP+d0$jD%Z731UUcpX?Zd$k<$%mv+0Our zhD=kxOLlm7BR3l=(LpCUTfeVzQb}B`T94y6;P?yR27INQlE&ijBzB?)ccud!F^RX% zmez%O1Vrz8+6b+>;%twh_Y_GGh*22^Qmp}q74fYl$Q$SHN|5+=jD};GKG~rrT=pFo zq0ovHLh}>f5Wb$NV^&1-u(PM63RBo;v+%npOY!s(U4eD9HXLE|)(NS?RLwSuK;hyLMgqeMR? zCX6!}bT|o&QwG%+WQL%n3XFuU0xWN7G>OIdg17^UzHlEhAOyXIQfq6PKXuQ_FQ7M4-(ki|0oIT1 zn@q2OBi(6$r{fu*A*R|4;At(J)`LMBFPd}jHsJY$ad(gu-^y)My&kEx}qpB#h zJl?jRe(+uyagHU01Mmc)M|<8lA6Emk#8h{`@Wmou;*v%|K3Cn4ePc%mFxsXIO7-E^ z_|>_6jFy>py+QM>0P_pI91`6zFLyk-j*$6NU6)o%$5<=!J~d)ifNS`eh9L>&)(!*A zHmf2X8`+AErKnc#rYDH)J`z5N7!<9?W&<+v3sOLV2aLGB!EK`m|1YK5^oPs?m}}S82Cv1rTzG6 zY`^IAa8$kzC-X+j>a6uPOti`IfXu${A?i66WmrXMz4gu(v&pb?bMj1uTZv^A8@?hP zUpbvRp}CnZNnlV%$vY@LZtmWyOn~#U^Eg)!_%Q=MyTC(J06GyIjsub^p?hhSSMaCp zCfs-pzi6675bp~!Q0!QzQup%La~jBMkt~t`?qQ8rwOrm$eNVkG!8YzEzjSxyj|a^e zIU(_cZrz(Ry^qWMCH#c zcJ@Me>M9h_uIB|pEVAL^@3owR2{VvEzmuq&%uax~^uE46{)xLetY~4*A;lu4jvb6S64&u5ZuX9>M3+~!SQ-$I;&#%17U{F;K1+E5e)PVs)&35B zL^cU{^IaEkbajQk<7?x|0=Sl9d(o%8)0+U){h>c|0UTYphHd~^4fOy`iKn>xj_X-K z_m~#}SSWvP_7Vg-j}5jzSq+@&kFA-6<-oT(=KFv+>_e>gAZYI-YscJC+pMpE6&~?L z&r^`64cFaUKKH71q<8oPlUwa_aK?jg7T98{-`JHYJ~tMhy@_oJ4rkrLJDbr79(71^ zc`D`IX_NhITNNpY&o<9uNY2(2;F>_q4N=v0sV;D8D=+wpx-K<ixp`wQB39IMuh0#N|r$5e|1LjJmO*~6eRc^2h^>H;YrBWcXFvJ!2@ z2+8M>C;$NCR$W-n<_qZE9^lO4LWdSmnKPSV#+h|&<*E4Ck@wos(cxOP4^aBXiw}4x z(IF~t>R@?j*nj_o{xFcZpYrfBI&AaQVOE(X{|3;K2h`MbwA>6%0L0`mc>q}K!EkhF z`&HzF)+B0C<|=WL>II(SMyVu@+{R+Lh!Nsw6P^uwPm^xk>)jnjGo_O_&FV9RA$Rbv zMC*CkwT(t1p}5MRqwTJ+1Nx!sQ(iel_-`RUe7#Q)*S5g7f@YgCt@q&*Bf^+h?BW?; zIUh@@F^FV1a>^#kUaK{pBR#JK4#*E*X+CEIURK)j-WGVdHD&;cakAn7v@h+l)Z$Y& z0Jvu<@&nqv#QWl+XW!g4T3^9&iSB%!rns-=DvDx-6!PSzfJ5OjN{S^MSuq(|2r+&k zv&SJiP^>6)RfwX-4~R}-QgsLz+t`|FV4m3cn({j08=;~<8`sTAg@?9R6-LyB;=B3x z%K*)k87itl6Mga~w6-EeMKPS&v&5XCh6O1pxshrTMd;SihVK(v(qAsN*H45S=>on} z%sY;us7f4O%ta_%pJ0CYptWk4&c0QAHwJF6(4PEsE6aYXe#2(Iz}LJobw_vySt1iZ zF*wsBp+k%Su2c$E!G9f>Z;^G=ibEglidgB56tP$GyadQ7H8;OAT>Cstw$U(1+3aL+ z5Qbk5BX}d`uEj(gD(W}RPr;VM{S*zGDuTS$d>@(#Mvxwh3c6Ewfn!;XIl-r^+Wso* z8BC`7?fruMu7eQ3cmJ{>Cf`o_l-aBu{0R6N*P!=x{@SyR<@PBA5Ly;UukxIjCz4Qi z*@5}aN3zA&)Y?=J&}qu5n7=IeqFKel(^)1k+%zIJ6p4VZHSKxGzQe2>P*9bQZ=QnfGlea(Ez(XZK;j@MaTp`!$l~6 zm&YvWQ4V&(fRftCo|K8wvB^k!Tzx=Duc%z2R_06nnG`^Y;iot0;p0^ zJ%7r?$7`N_Z%MrcEOQ-J?C@3QagW~c4S{@*#BHm8@EA<%=7Fx!N?bN*J1|W6)iDNZQz$`o-MQ96Q>`CdLV=Ljnji#LhdPj z1eiKG;NrnW;-#Z)UH<{_BDmebjSaYvoZ4N$+h|({cN-S3e}+%M@2{Us*!m?_sp;_= zd8;ZX2~fD|xOagzeYuE_n+SN{px)9h^(WZw`o+tLN$-EV@y3AAjg3Z+W`iOMVhZY! z&GvcXIa{j1;&sCO6F?syaPuye{^YpRRn=cxD)0I3*x>4V@}w;S3}}Ie@K!7sMm%X> z05IY?Z;*^^;c2;7tJZ`;Ou@ip%>&$0!S+dsMqt^$XzT{=TcC8E}M; zC-?qf|GqF6=jTl@egn@q=IrglG-G8KL;hUpRGzP*sa9$UyTAyaBDQ=;W0Cb(nFT;C zRk^||OO9e;e~!MkJ%CcY(z%@u0TtRX$co0}J5OS9NDqqKR6bjHRaOt=w|?9Da_Qzw z>0^$RJo$zeloOApYMO12Y904r zVWXE-mBfrU$I}K?WcW|~;Tx(Sse7_hZR)HL7?&*BZWaT-;mN8)a{Fny-!LG@t5Y-v zwx9S}Jd!(IJpc6d801`#S%fw65X(y@I>vgYixU3AQJtO!JZ!z}j)nb0^gfR$oy7+i zaoKHagM$cM_M1%>t7TsXRz7z3`hy&mM513vPak#QC!VO1=8XiXyr1PCBbz1wRL~ut z$qqa%8yfU80V~jJ>%eP}D0Y3PkbT}GxEkTgLGj@=NVIWK#|yIFEf&&b?@LSjR1JK0 z8AG#%r@Y|g6)d)m3I?w}{9>w)!3<%74DAcTdpdSi?1ZVno-|`4*Q`fWtQg4NH}qv^ zV9`txr`$qJw6z@$LUlnlq8;&t(xV+fZZbtBG1}t3d-T}ZprGuGmzGwNSU%yGwm^4x z)S-qRFYCqhym5k0dIT6>|1BGmsks6eU96h>+ zqS2UHRv!o3>dngXTlcOeSc%uk^FHn@QgS=(v%ACuP8jv0dVb3N z259UI(?RdMl~kkh+oL<-WI>7bn9|2Yub$966r)Az^yhOecLGnD?^h}c;2#?~u(VYPlEt{VF58}ioF(T~>rKHF_#TCmUjcaF#^N`;-)LL2n0{|* zX{%`msESC)Nv0hfc-&f@dsd|q?OijSd&czl!>`{D@_vezX!wL_t;QqnYSENplN3$N zTab6;o?@f?5=0hc9#6EOV{fA~kF`Pt@+@zb$9KSV@TA@I+_L&UF$(B8GPg-R_fpn8R_W2s(cy-;m(1?{W-&bEvldb?0DlmQufBv(H4^ zz<0;`WCn~qH;yH|$!8 zBnJXo_z0|G8CB^*f1E%h^mmlc6L5?0NC+@QdJy8KRA@M0(`@2ooY${%wPr~dCx9Bn zQiin>6c+F(uUtYt1y6_pPM&~^&7K!$q!*s9u5B!D+9E?&0GUkCJv$vkkIe^H$wjrH z7ar36OV|k1+onSxE2i*J{TuG4a(U#tp&`noD0P2{Uj4gHK&DCdRV&$Le z>d9#}873z2d|SV22;VC6U@FW3E#QEP3xJZm&27h%5&vCz8-4QCMk)gz4JV@krX!hA9q6;w0d#?F#@2&`<#UxWwU}pPJ>$RrO$Z(LPM4=T7BE zT$3_ljle3r|MNf(-qy3@GdU9Ig~FbVwUi+3f)n;PKA8A{0t)1v|BtS73XiM{qjb`- z*|BZgwr$(CZQJbFR>!vOq+^>k`Df;tnVYG*UAJdfoxRt)*7{x)P{BNxveb6E8+B7h zUThYxzSW|TdMONLJ1Hzz7|v=rbXaLKs)EXmbaTO?^>t3o?um+jVU7Rsq(}jA8srEJ z^-zL~S9$P+IPCGZ20=!kDonJ>fsIz$cO&zTK3ZQwuL5l}pp^_(gmaPoErvGt=7M3G zfR~DFtoNgF{3?+7-sO}S2Y7pbSby99E+zZfgU~?zMKrOZ!az{J`+}-Bt>8LjshToy zYz3)USJ9gI+d^BHwL8Xgb$jA)TeGg{c~eGpO4+{Z(BFflFu!h|l-_#1xBu6VumR9I z6CiY7&qRIm!9kF64xitQ#s;ioRS^FuA?^9`_o@XZF0Uo>*<8(P*gtB&LPsb!1eB#0 zFzaT|Zwm0O@BItVmK=wk3tOC$mBq^<%xL-b?^mWCTO@J0<*?bwv#>U zhF;+kK!#8%{R|SlP5({ariSh+e2fN^&#Yx98UY5brdo^2gqCTdkNiQ~6?h`dn}5l) zm=2B4&$g;FFi0DE(#z~N*sfMyH>GqAXvtmx;9ge$JT@h!BYx)%$@rMuUThN*DDQFmin*Bo4^i1pAdPu`szm^+E^IE1%3hAB#zh zOeYqLBjm~aOzoIIr49Tu20oGptoHmU;=c3n`nP3zxfQ>WKr(W)lu8W5sZ4>hZP=WmyO?p59o#3c$Od$-HuS%+b1LJRnQD+e$ zLlH4NF}e;k?yrQ3e7`eMN49K5r*jLs!>Xggb*Za_&^LGlEJVj7=!3d$+UL}0VxYtG z*kd3V{j8y~q_EA-n%^N>zN~4cKAiUudH=xveV^8`#54@gTEzYNrJfLI2$y$3Ej!;U znfba#-Ej5l2SmgK+g@0}j+b>JCAioPADgW2dCsmj`yE#8gbF#h96{l1Qf;J?`5DHcY1+jk zgIPk_UXxMkQdk zIndsM7~GhYz`it;*y@u$crX#1JapK+)Xw}|httqDv|nYXY@-Q2h?sJfG*x`(2QY`w zE@m$rnAHe~ALI;(I8LI4um*|MFG0bs45LJ4H7u}1mZ%2DA?vw8xp23Cb6*NzQf)K; z>Rl~H%1RyQ%V`AeHl8B43?myA8$y4pT2?R$%sfspTpjsbY6?1(V%a|a1m$VFg{4e-bw!Y(V5lbrg{qfSMjMpR-D9OATh>=6LrK7%zc+w zN=OaO5+#OY`OBT7Op-P@ZwVpD>HiLMGz%0gXR+hYv^>+6PhxgKN)#A948?OgpeUpT zqeQINf#TDj*83^ov!iHX`Z?gJfO~}zV-6J!yS<4~0cfe?o?|QV8JpB0aGUc*^C;Wi3?C zUY9vexsB-nc>|+)nL2v+mS|F*Kxrd;!*M5Fh5yQiZaQ8mp{ym#bWXus^5SzT7T&*> zjCCww1ai=M%{d+&7=)!_^d48Ig*gmh;V^dJt`MVS5^h(8%JYte`GQLBV%Xxx&! zD$YCDSgLG+Oj~N1^u33qgDpP+l+2Z+pX5uYzKz*U0S#?UJC&smpIiA{M98}$zS&KY&w}8 zw>Vpc0u4iR98ZMQY%FrN!^fCd>W$2;Z-OMR3koiT@M#Zfs_hy(rLJ^o4o!`rTqY}F zbJ3VW+T6ni>ZY`&&pDb6LBq~^>Mb_457{ft9coi`CMBraS*IZR)P#yP;cjljC;dZr zKH2_17%qA^nM2Da4~{kX?C>>>$xp*6gC8pf6r{adHfdfO_|RfTnYu$Ih=CKY@7@uY zjj_^`zA2sro(r$+AFreGd}q9ALeDF;;S_|DpUVo-^e<*v!|Y}*_Hx@AxyIPzhw8^( zhcKVv(pJE3a%^R74dW)CZ%H;O6z>!oK1NLJ^8kA&D>?o8(9IcjFhj0bd(-`7u8 z2h9KEJZexRxWn$7Bqo%lK~un~fwC<-eGmEDwv}GzDUDTJ2n#4bhpakzU+_4QA&`cJ z{ttRC4&;aCn?;EsO@PQoYTcMB!=S7~VBP|JuxA`FrlB`_EMB5HY01I;KTjwvyr58m zr0<~2y!c}SoBaNq_JQ@?gnizO7*!i@6f^Btn&sNj$35!&KzceYRo9=9NU-_diX7QQ zq2G3FAr-Y_Flo2`Jw3s}CExD;xBy31Q^GI%m83C4tTJH8%r+_9QOvPLmyg-pOr1}x z*3+@+tc1uDd|mDxjIvPw_&1XLO7&nwY(R|qsDgVs3 z{FfK^u8Pmui%=dRkKY&ZAZ)b>J*J_(NEGIvJ(Ll}hAfJAwlq_7p4TbQGKo7&K+LLeHWtAKzn*B5 zW6&-F5LY6_R+?7&-rs6Wi+~>DFU%0*F(D@o4)R()IVCoWq!(>w{+i|%dT-wqLT`Tm z?0>*`L1{h%Y+}Yk>8(LRTYdNAx3U&=$C%=f)4l(5FT?={%(ht7awRoXWVP#1^X`LV z+ZOgBgwyFI3-*9RRcQ$cVJ!OUvG%+)Q?7ls`z*qPr!_&DBKIwO+V@R9Gt`wc&5_FB%8k2HYQraz~TDGf8= z!Hxbmz!^}`mG&bJrR@Uc57SgaB;_osvJ7=Ib3Uz^K&3#0}scR&XX{B4Tp-#qq{Hp6)YJp1)Eu z1}1B_m>Y!I{Mb^hoOmB3{AHew#4j<5UcYyQ&(i>b_fG1o4)jWh04%AXYX#nYEU+hMjIG!ILq^RFL{4Avmk#gN?#N!z zc!T{8=n}km?)Jye8ou@(k2?GiXFiKhX>rbQ9{%H^Cg$Wo z9w~DAazf#|!BNE+a?R->)%^6E&Rj0#3_NlgR(8uP>jM0gUHS3~Q_W0*eepwl?Ij!= zfq+G#{ysqiw_q!&bKMyXpEG!(oD33f?rv_b2aBg8tuj|PD-%=?=6~H?SzEmD%0R2z zOmga(9hGz4>t99dD@M%%cAlU87QW5v+S<~7{(ID10oD@COz}sOE(7%5$CGu<{DfKW z{Hcz`G^vaE#1|yB=yDT7hi4p+JF|bPJ-4kJ$wr&(RwO};!L;&tu>i(g-e^{|v>NiZL|4h?hfD(%{l})xBQ-27xk~+OSyBGFDg{tqMi+uP}(Z<@trk%#006@B45$EWjv$g_QOy z{~zI}5aKQRN4^l$fqxc0{|caHiU8JVTea)B*19k)eDQEhMjB^p2e|AC zF#ETT!Z4_K_pY| zoU!$q_PE*CZQHtLYi8_uTHR*$@!c~6t%)jIW|tQWzf5>>X*Ze3LoF$sYe4>(wU*SY zsnXo#%@U;%Or@7-p#D8GNA1;Xj28fcktA#s!^KF23|qiJP`rZ6na%MfUS6J^&iLo0 z3jiMwKfaacXZSflZtl)b{@RXGFH4!v{v*HtcPw0B7!K_Vh!{ACSb-b<(}}b6DLA9RGk67c3xZ9+dq=}DcIcmT%6*SJ z=Xbx4M|7%*;W*SOBA{RY64q@NW617k&yTr^w_&ZEB7-mmqkezv3WUKHQC?!A^Gg6@ zD;o6s+v>Bu-o)G}ty0%iCklE}Kk6=Z-Qi~F)=U8DO;T>z-3-8@P5ak;?TT$zi${)L zR5vt!^{#G8U;Dor_x!vk*w!d7e`$Cet@od#ZO7>3Kbh}jz^;|m+vZTaL?Qn9wn&Oc zYQ(%uy2~isi631E+0dqOnRh(gD2-trabDvE>T|D?SPWlj$gm&6bwUsE-?U+F_An2W zr$r)Va}{O_v)#69&d<-y?|*jz9&%&|T%P!L^ce}$!(iR0=jM8(7w?_F2H?4!>c1Jd zEcg2#&7N-DSO{c1nz5OtThy(-cH(Z!?C<`4!26CRzkLA+F8gy7q67JIdw&1oLiNLo zZDs%I-mZg)$1A2QU-|a`Iyil+LcbcX*TWzFj~4M9_4UHaKe0^KE}%_ z>d23HkiRy3)Jlq{gTsb}j*cGO7k@i)O3lQe6re?0Sy#n;mx}3wC;&`iVbgI%&sNXTEw8!e9hRBP5JV)PlzmZsSGX+D@> z2-ijl)G#YL9d{8Z8!#E#@I4-6GpN+^M;85df>~nC zeeTsI>ebxf zDK=q8hI&|AXCS>~l%R>C@ECEfvU!D=O!~Jd811qcmp8neGl6>CpHaWN%J45#ydOhi6D#jw3gRiWpP1V$vknv>-O-!hB&*tI(e-plMMMDjIq|Ee1%f z9F_M-aZpOZkLwbf*%GuqAc)2WO7wzWLm%3blXvaf=aMai8uw^28Dd`NqS@gRVr`?!@30b`;ZG3K{(E~Vr2oLk8gK67v6u=B&~ZU`_FFdYo9mOC^_nwTfCGrN z?F5i%hdR+`=^Ubm_F-FLu0L@0KsE?yofL)Z}vd^Td+i zwnbUXsH?sB@hi?zNte|WIeZS2Uu_m_p3r@>kh}K1Um)LqnnCLzO(5g>><%alNIR(j z*Uy{w>~D8rO&>x|Sg9xM!`Vku_0{S8qoY2ZI=stg9Z3pGO{Drf)o)1}+lMid-IcQ$ zMsreTH10)uwHNKz3EMBEGc%pkDnQ&|%tp=0o16r<{ZSnr&UQ{d;qfSSQ41y67zLU=$LCVNLg?}*OkvMhW@lW@AOV?37aCMs)Ry5)10FQ?3MNKu^fkdI?+@zf! zIjYo~wB=9#dQ-Lm8y?e6M!&t|l%=jdQrt&Z7x(XZ5}aYo&yC@4IiEEpfiqU14C_1C z;gak`h%#m|erN3x%i_ayYpA>W#WN66ZNYb+!wf9Xq-d@Zj^NhW-VwgN+(BR zgb*T3oVuOV_)(ALzcLXmtHdtjO@wCb!B1oJ!Tru*QvT5qGn)Sf=ON=Wth`63_97<* zT<~y&=?hK~j57pWxazZa6OU-9rvsJH;!+t^I5yb9C?o6#8SNsmmrN(;q8%a-l4a7n z3CjbBomTsFuytW(s&RD@Y*3RpPU4HP`HfaiF8(m8m|A!S=1~d8sfZ#+e4+Q z?0}{4!3#F`W0&gSSjQK;7N-E;No>{Wd5f=ByG%x# zH`WavS0Gjs*--WyE-2F`1$UG3!-)!%_Sbeh)8K?2aK##1;k=#h&*v)D78?~cuX>Iu zT1ze<9(S#3JOoW)8gLGrXWK8FtT6}OXBA$_0EwQsE+?B>a+u*Vfhx8Gnker&1Kay+ zBQs)+UC~xYkOooA4_?9b_N-Eh!(N(mvSwq8BM=>(wBjlvi*wbL`re5QAqHADZ2`vIShdI*6Ab|OFXeEi(xI8t8k~!IO~lbO1$ctx3Y{V z?$p9C;|Z+78Q&n6GL*z9#1nzrQ<^Y>yqm(5LMw72A4)t`5>`6kaCE>0uxCFBVu?H; zuv8x*7oDOrf+tb9FDu)naf+ZDf1S-j7R!Ph=p4T8Oe@P0#ud891_w1@hH^Eq>9GxU zIIxh>uIt1eHY(&mj5a^X{yIpER~#!yg3X#CQ>pXfr^LC)3vHcO03TwBi%#WqhzV}M z{`cb}xGUYGP|)mCP()tLq}W(4J92fjF?ck)K?a||jA^djCU8KnK~oabh@F+l{o##E6f(Fh5SsbTXJS-0VON^v$+7xZ0AYT+*N;!B+7(x z3@tEe@>mGxGhyWtDO?9vYcM}4O8u^%*g|w;n-Mhr2Y36XBXbE1HUplq-NIeKk zSN4}Fc=2W&madB{tDn@2*c9A+E-ffiJFms)UkL5C)?HH$*`StUUU_(=MEU3A{t34e zMhx<3MR_NAS*+NUF_=?s%*-sC1N^#fbTtusrS&+2O`W%OE6swgA-h&Z$~Ao#l8?8P z^a8_gY7u9on3yzz5}hRD;XBE<(}YE&Ueevget^r^DR^>tSv>Lf0 zi(O)6V>JXjo=bsKIF&oNT$OyB`ITVCC8BeaiEr(kHmedA{nK&v=_aPVzm-q@iMx!n z28zIa*X2q@e1l5YKk{)C$0P`rC7BR5pE8CmhcMw)mT(J-XoMLQdyO_m&6ap%?E*tG zN*Raj9aAwx*x<#IvD>YhzJOoB3`aa9fgk1!C?g_7b!fdU>1cqtQQ9Q|-ge?gUb@7* z2Iom1c%%*~Lq!xt)L&Ac6gHuXUBh)&;|;b+Zuk>FW^J+B{`MUYe%X2hu`A|#HVl(&q)1qU3iX5vTc>BP9R6@bL4xMLf# z+H$4yK;*aHwx-pVxb)DGD$2yZ58_C|dFSGB-V`oM*jPu(TEYedAo9KmI&=On{~NOF>s0pfyP;<$9oK zmy~jf`O-&e{gW@7*Z`iZHmTNlkLLP%DpZ`9G|Mua#PQddBLk#>h_ADcl)OLkGX2X?X= zchfaajUFGWl}+iX!{cC~-Pu2Rvhg1xQXB&ikni$;T)dm{yx-Q>{a*a}jP{b}{;(Up z7>Tn|=dYm)@4|VpZ*x1WlT(`++k(faF{*szxh2}MHn?9)@28#`rO-|MSzMHEr7{1q zOJlx^r^}`RH}?2GevbgZTm5<;=x={t77Iq87c@P@K{l*GD@kdvNp2Ff-wIUt4k?k{c0Z~E|^UEAVv0DQ@cstNFkJ~6qW z_u7kS2IK4cZH~LlLAq^hw!2TvkxwBMNZWHlIGUf>xR)sQ^IxjhbV&YZRFKsT_R!WQ z=CXDsilbEQCN*joI}Jrx8SY#Qz0HA))=ZAfpY(u(G*N|LWlE8B4`8zSyW9ZaSfASr zSi9nL`@Ts;?FWDv8Yxzh46G<4og3JqCE26>bR_ec7bjdI`0bGqTC*vq{A>}P@N`GO zDzC)3zqpI(N$rD4J}3i&#Tk4PZzs+tn&VTJ6lRB7HvKbrsp8CK7ac4o_lh%y$Lm$xj-H;&O3tS80XZH1(la{4lobpJqU)5- z;j*z)K_E|1qr*k4(s+4*9(*r?R)AGl^{s-gfy(vO(Ih^uvee{}HcNQ&GjWU68hnXl zd#LZ47$%p^n)SH6se5(SZ+Bgz^djswp4;fmu=qS_j-I`i8x)wxqnyX&XiAhs6Yk?$Jbx=4yX7BM?uEw#&Xa7md_o77rT3RVQY96gWeFTvkkk}4`;6xW#< zb~UwIP+p(wJ>HyF+*-OlH->Km9_-G`pP07e)L*M!B;S_a;G2;-gKEucA8WgXbWvh+ zZ+rZL^w>nqJ8Mc1Qg*1X+=UOiYWg%@Eb)3I-fCKq;EGPO047WcYG<$C>1MZeRuh{k zzU(bro}eZx&3_}aoAY6=raBm6yN>k@5MxZVlpax~dqza^e;igrtFH8;fB zcDe(yB^OJGh;5dFr_clj&b6$v>L6$AkCk^W*P6w zO!adx_GT6o61vk7*P+K_*VjZ;evve&3TD^W-E{UM^C4Uq?@P{|v-{;%o@3^D!j((x z;1s480&-JHcTrKKwz#9zzvlP=6=Pqt$Ij3)GQ3|Ew_%MO7BBIMGKSXr9rSb35phJg zw5n-=%&zY{7<|iONezY=Krj!rQ1w~8SoS6wGO&dacYLAoG)-=9awVb{rE%?R%5}BV zYXzRdxlu$`2r5nvi_4QU+bprtVn057mX?~=ylITuA&fPGK$|}VnX^=RP-J5?UU}!i z2=3Hna`5Mt;4?D662{LUyQibpi|ddHQ3Dk;DwxG6t@&H2Y#8$hwm*fwOSpvd z_xlW{@5f)i=B!Y#!b|l`bS+`^(GI1iivOecmHet@7KEcA8dSo$Y1lq zba_0aR&jh;e4X4;9Do0X)T#I_eCBuZ@LhohDC2<5Dfk8E7%*`O@P-(F1wcS>$A5j_ zL~jACFZ{d#*w`j|$$pb*KXC$|oSzY1pzFVz()M8HH#dCzbt_X$-~4G)0H)lg0RK7d zQGY#2%4W0o_PB>c?32SusN1`CBJXO1bS+c4cYi*oQRR#{%Q}w zZT(+v5#QhCuh}ZzC9TYI3>jL+^x-;aI2hUp;YX)%j`qpLNHl`73d%?%&0Mq22ApDD zs5*9@zSyF6C(|k!)-&rl8ob}wQNN2SGe}WOFR`8N|8^bPuqvB1;^^i{CUI6Glr*#n zFy}JH1zY%q2^j2*>bN8p0sVLW6a zqOY&vT6mWkXV6ZgUj~}w>iA7H4TS9cc1Zo6HE6y}zTT${2ODmbzYeW_VQC9GK60JJ z3czXk#$iR7^XPR=)7{x!abo$0$)3zH;Sgt8J3O%85@BA+w;Oaa{=wyZ`?ed@5KJ$; zscJ%*1(-LPe)#v1TY}2BqOhjDvPP_>@ zVL9X7JdJbKA6h%XAHstA*W^*})lVbruAjSmF2I@8G#6laEXc=a=n%iOeV`@#8k){| z#@_}QAAd=pDShePR{6a7@s9jYS9%*FHROAkGvFBcIixnOY}lu+M3@KB5JQy#aepJB z%F}re<47@yw*!FoVmelZP?si2a?QQ1{?p^VX}woFG2} zM8>H3;IHp7egdc!I$5~;5kh{e9zHfoQv%Xs09`$cn|cra)Ra*02<46Mo^#hNFId9t zSRp$p-ljd69X2v~cIq_nL5y9nLTl}I9?|j=g=eBaCzo6+4;1wf&O-Nlq6S9j6!Tp} zak^$U2YERAfbB8%Lg&T5_XqRU{2&Yzg2p1g4iV=3fo$ryj{wGaT*E zGsYS_0{TK0Zhtqg{4C`6MTFF3eUAXo8@tUv$$sMlj|~7iB;qF?e&a5#KdR^TslECu zc9$Be;@^eT!8@DV9cKXBZIPhCGMw?Z)M_pVutO39%V6XofYv3Pn7lR1Aat_6-#=p3 zh61EN4UZQqzgp0;+o@ry^d=nQigAZ~nF2YqCo~ zTbug}e%IFxF(vjT1mEnXIKe|qMvvH`wcEiUMEoey_Q7_$FPlq|BEN$W5!6heJ=2$2~CH#=gy6<3ii5XZyOf zD;wh==20gi6or_|VZ~z%n~ev*7gP>>iRW36!&iPCh?8g66-p2Tc8@lbnIPXx2p>(O z&kc#k+Y2wo4(tps{m6nTZb4c@NVAm=j?BBMl#ZIE1DufeQ})Vn+;)2qOW zmu-uL&DM?aqOZt$Y9W~e8<(Z!6XkSRbA(q@+U7X)NO0f^!T4i@#7P;1Dnmh*cKyZ% zwb>YhV6PGJ)tN|pU_00Dg=A7|{WL4`?zd;8Q!6wsyD= z!-?To3OI)EB(lkvEro|9Q3CG-^n54{qHYR5R!6!5Znq%SOeCvn46ZH-2SHUwmfNV@ zszx^FRpaqbM61WP4>M_?&xpz!XmWlx&xfd%|8ror%i9Nw{^{bKK>q@pOZUo z_U126C)n;E3q1^qOGsNzjHwhxsv0V&S2eH6baHh5&$lIg@H&!Gy}GJiC&NR6s|x`%8h$1QmuX}S~UR7azK^=%`n(p=EeQuCi}?K_2g`ij2c5g>BIgg5v~Q&SzHB8?K7Z2B087egx|rS0(26G z`+&GBWJ4AD7pEKC)En#2A^M5*ymFm~b9%%Y^MM0CXWxBh?GA!-Y}@dKAStYNSguch zE#*m6`+2D=CnD2bQMnO)gu-Fitp1z(r3J?$hj^jF(S%F4 zRCISCw}TKd+SOJBk{-tAv&AK6qBarz?*5tx&nBX~v0!tUJQ1E4;=YL6SLg^#2xJZ< zW(_<39Im&ZDpA45QVA?q7s2Sjd%32EYC#n;esV2e4;eMqJyg;P@}O+sD$%3#!PDGn z0A z_T(C@ga`wb8Qut%W~CIdM3*ac60X)%U;cFq%mJ=na0DE&ORO#Uz|FDE)Xnn|^-|?u zlySBYtyJpxct1{Kar$0mTs-Ov*V>EGY;)WDwV*)?WcDWugnwHiwB}p(k@Uw0L8kudI2taTs0-4hN6Upb|( z`9w=;QRxv-*~*d2E$Cvcp~*{hJ=$`sx9#m+4!jTmfS{l??&Hp1+Sv%Sxtc( zk7k#g>pyn#dpHxM<%v7)d&g{(0N;DE)P>3e9A!Si!xI?eVYXE=55X>mI-HtRuQ4Aq z*z_g`qG4LCBBHs!_4gARZ^b#RGi#P1AV=fqx#SNvD_DCVT9$ zKb@=zC|cb)Yq`hHxmsz;dD+fLaqbo)Y{~J4tfNc>w^KIGtuEL9Q|#n%%S92 zjpd2iLxF##pZv1+Vwhk=nB-w<53p8xo~*a(ByWaB6bv4Ub+rEoQ=IlU%XGV@ILI3u7#H#y3!m9q8F%zq)VA6 z^*I1LrtQW?Y>|i(|9mrL+lbl>%FU6d>uFj^8n;SWNA--U7qy>-2T>0qsZAwYZu%Aa z4+)`NDr$h+RJQVoNX+aQP<~zF1&u zdkp!4)(=UsnksC1T)HQ~FXMRCRmY*slk8{fRl4Jj&1Q>HI)5pbRm=sB-`Zep6nRMQ z0&}cK1#XRhJ(CO&n4>_HL=hc-1$o4V&oqA)C7pFiJ>S30Q#K7cnXl?gTn*nLXJr;O zeZ+0CnX0fU=Mu|_2Nw#g1PaFmL)BNFqP7eNVpS>OV1+9f3G*#gJ%-$Y>4h!R-Fd5E`({-l}r`8)Q$H*J~G6$X+SZ2d(R*v|a5)lXA9-!4Dt z=D!?(@1x`B{5ZWHj!D!2YTQ#ay)4fOLx$!z6wXwr=ppQwRO}8p4vfUKfxZ4QLR*d) zE@mf>NUpG5d@o)qt>htAgt{iB7Zew!cNce6CANnH2O(8#k*%4fO*B{2jd5VnK zaIG3=^?B|Z)VfK7YW|0~9@yFd(P06+R}6JXadCL8;eGkWH|M!}rS32WlKP^&MXw$K z(>{VfTQ?@a4!9mX_Z&6m4Lj`xpuxt*>d_T+!_iZkyIxy?G(H_g%&(G`)2M^! zizbW9PGzF>4_#EBIm5UTv>-1-e~l1Jnh_*<<3v^|7lVY_-#4ps^}t#Nr+kl`|Mou} z5`XHioJSb+Z3Mm_UFm`E!E-V;P%+l#UUi_(7{Fnh2JafA7SYeHY!)yZo@Q0AluRBR znk`}j4_~6zB-GMxQ#tyz{dNk+_XryL^JhL8cdE>v$YFIkJZ3_T+mYFKY#zo)O`NHM zFJM6Mv_Lb~yOZbEj(kUO86t~q;&T$zFb!JUAs+?>!e`;nLe>>S=)yYgKh+(ksrBVb}>#=!tNSM{Oc}>a| ze`?ZlSdXRb@W_K`+V)sJeJH7Ak5GM}Qfb;^WkXxbs^vMaHJ)kJr2d&_UBxsTL4&W& z&YvvG9(pNOS@$Y-6HuUy4R} z!hrs7#6^#N(oI=J_-Kc07<#CTLsI|Ly^-au!N?Q!%(2b~iGY(V36MHyluUj-oM0*x zNmgysMaw-^L!y(x$vlZT^>vr5oj4{_neVG%T_P*{OtSAGuR~vV~uy zi$KSM`Ur-7*xNvkHx1fS^_d*ij zMX} zy+X4}aq1$NX;9ps!k~5PMyU!Lk{vUU{j##J_QX4!FSm@#aj4kv^fPd*31Y5Tvid39 z{ZWKGKNWLCJ8-L?O=Uw0noSL%yo0F533rgPY2v9{pMo>kBjW zwB=13fw5eE!FYm)?|T`3zV40DxgH^*#6apq3(as1m!xVWIIF)aif*z|D6+dyQu`~R zo8F4@^dX1idYeBnW?G=)A($16+-zySDt@^7jFYH%|Fezwn9vyyr5bHl^B>5Vuv>mo z@0jJk#Za`DuBqDZ=3Q<(JkQci=X1@;rrpcg8cAykLpGRF)4fK~4s*iQpLyv_ny3UYNnA8+B4J>8lg6ekY z&eJPt%qbDxF#UO{->dTwxc9$}Z8M9yBK2nLbDwX~&}0-{2qQ8je^qNY-rgruv4YU& zu7t7}L810Ygz5j|gP%+kBh^FgJ=+*pk^08i>I2&UD#VYsznf8kPgW2S3!YP4E%P|m zyPQ*ksQW~u!~n%OWQA~hd7E1o6)#yRkJLredut6BimW2d8sa%m9>W;RfAS(mOq~g! z>3-Gd-UpVWg>;wUF`Xf$>}sJ(jmHO{eh6nW!HZj!Yr9rBJ_zk5kAaTzf=X~%hikge zTHRxx%Nfp>Gwj$0RUX5Tq4C3<+s4fi;NgNX(pnEOLK)MZ~UUkf6#d1lf z!+iaEhF|@73ATo&j~n;F3hQAdD>{fn<6&QA=(C{+mmvqUn6zN$5rqOdV~Us!)WL83 zm!Dq*V#feEl6@NWbW+y+_D70vt^{qVpL3z?!D5A9oCo250GmK$zv=qCA@Ik(1+^0| z7zMHs3By{fnT-#E=g^wEM-jGN4-#-JDbJmT8jM!@CHC49$ykK12;o83#;4R@2bih7Tjb6zl9xF{OptNNJ%DwjeC{ovc`%9{4~q+f zP&w=pW4DtHhUr^iTqMIoVT0Xf-??bnf(G7y2LSFUFdNQnLx2=r`?l+xSI!J*E^? zAHk6cJ7#us6D>^8u@{diT=W@!x8hWqTV|!1hmn+0CpTM@2zeAVXMCm8`zV^^KFX$yj&`J*wQJ3;mQ24u} zg#wuh%0M#l)pF;2cXak*f7jYMh9k~E+TRHmMp#M88;!0thXL#iSds9p@htS&f1UmO zlb8q~_PAvX9ik_z;cR~gOd)ja`j|y#$fx|N+Xg}X2jny3&BhVsT$rld03!#_4A-}P zJds<*%{RbI4N-tf-P>TMZU!ApA1X$Qdx|n(eVlQm?3VcXDM3NC@K&QYbOAk5g+_FM zd8ifQ=T;=WKnQg->hhxZ?Z(L^=l3`ukB<)Ok~!0-J0}W8Z?ifPUq`TYhg2!noe^>8 zmZawpCq`>R}MnCIb&fbhBQIGsO4njcCP z^0CwBDRZLEAN;SDH~iQk_??4ERPs98tA3wwS^dpYtt3fCU!z{J<*ib>N?E zy>%LLmGFfG)r*Dg8z}-sDYy$DviZ$Bj*NRXs)q83N5Pn zg~k?c-(;L7e8=TE?QSg-zf6Onuo~0V$;we=Vi`zR+mtPUWr`sNIY#>d7+TI#xJk{jpBtv0df>}?FV6mc-8CY^|6zN5hYY2R!C(8Dv zpl#uhIM8%B8%TTK32+Y{@^Y3P9FA4PhJNLrzOoOHI%f};Afk(g`kKZ8V^dMglz9$(74mv z=^5ZVkQ$`@GUZzNx=_xCCP@U1v>nu`%O39 zO3t35B3sxq8cvG3@_A}HjkZXSlI`$WQ5#{}Z?%yxjduMY7=J6&S{>oz#GsBhpa=n? zB0V^Q-x)pX%8G6#TfNQ3)o3Y4A=&aYJvx~f(_w2E{;?6|kB>w%e0{9nrl3un@Vz*r zX`Pr`=9Tk-Cw--5c_o^9(Q{K>M6lop`W9%EJ01#xBaNJZe8HlQx$H}iJO`)9_SCavf{DQn7+5pHYflIP>i&tg1kBgLbt#Gi&y z{fanLXAHX{=Q9%=YeR6XOmnPcr~UBQ)|6%z1K-Je2DFii;$k+IMx|wrN=uH4$-}DI zGA~84TD3S4;oM3zb_Vb1_skm}swwXYe$4gIwu^oM-9Pt~`gj9=tH->rS13sQ9A0rc z<3;E4GC`Bu2o}V7=)%XselVVk3*P~dy&gYr#i4eNvoXGQ&tXO*m(K^!dq$;6q&Tx6+)1cDGzkaj?r+)Z343!iZ-ZF-{M+I7z*RQPy+jQbBh~a zS{h-Q>z6BENlyIJTWwRc-Q zGuk2ReAO#$19Yktx>xQ8=mwE%Hq;HNA`buG)ArY!$qUx^-$d$Sb?9C8te)T`B5g#JEVCvkzDf2YY*r{=2_V z|Ltz?^8bp$dOHXE2fc&t_Vy0zZtv{$_W#88minbRWrpk#pfU`6-vgn>nM9fOpxWhS z0UYri>c5Yql+VA68awy&&olqq-R<@KucDOCzi|-G*$0fr{_bwx{O=rW!%LX|z3rX7 z-E9~<-2VqK|J|j2X-@gl=fCd^@IdF1n__0PYmWKI2nKk_{y_5W_`-jNEop?`63;e3l5)_yXo(=<0dRuTWkS4-2Jx5x;y+CEpd1j| z&UiX<5}caIm3bNlD2kKWEb#f<0=gsk<|oy`i53R9LzWFr4ylIMcjIcaiHZ~GMLj$ckK#Gd!rej0Mpg4xGvbX`BM=9h%fDLD4tlysvK`dyami>Z6PgFf% z)39Vs$4>M<>cH5y$n1uTZXFqZ)oo3O{SNBRo~y3DqpoP*1L7cNAIX~(L>C`9AKv-X`sYdv#my8`Qo;=N%M>>5<4Zh>AwE%||MJHv}dFm^PKT> zckJAr@sL%AY#-mm+yYuX+`)&JF!V5YZ$_|EF^CdOL6_!0q;Yc6*($ae*_|~}SN^`) zuD)`lRtZ=Kq1-YSk2KV1seYmkfQCh4<<cf#?!mTvKvY~lxio(^8d(_=j5C0%wgxUR!!4y@79(pKfn$PX z$t*|FxFf1)`)`22wPP^jgD{4-+SN)_R(TilI@IRh^tl3gJFP+rcT?Bf(zh zPj|_e`?cU;jZ+lH`>ST@JvBpbf*tmBZ7QMh7HmRG}uWxSk3w>Eu*5 z=D`oOM-UG>DNO^(!$4_gz1TigvI!twt+aSJRs-j$YQy5;ao+u2bE71(J(>WXz}CZ3CgAk z+k5wR0Gs-KgD9C?2e=aOw>j&^)5Q9LEf)yC&Iore=R{F0eKhu*$c+*=$p+K0b&y>6dhdIaBt8P;Fr5*jG~qudlr$WkY=860!$&e&Zk6gtr;9Uu zSCJ14QjVF$TM?xeN9nS$(J*t3t5Z&A@1D0$B?($9se{x!hKU-sbS`l^R*cl*oZujD zBXe~x6$K827<&Bn&W6k$PG~uP?6u?*L`?q8$0j4Aw?bFsngMbk6>x?*jGs8rBE6|5 zE(Qle(-E@nafal6gR+mEu!f(DWMX0@-EJh{qO+dGZ+^I?l_kW7-)7D&j?k4e=?CM# z{G}racZ;eXauWq=0W@1I(iUsUDA&*Uc_$wa$bzZm4WA{R@cpKq@>Z=Nyn6Q6pI`rQ zjxqbcl`q{1h{-MPqx$S?1t50^g3r%@e7II=`yre;tX&;9+Oh&qL3c;;d zP&&pk6QR>W+t6t8#A_{N6U8WTeEHwf>Te7*t=&U6~xX~uJUJ;*+olc}l?rNKi(8qiX@Xn9gv z37?T6@_t8MS@#EzD^gR3xz2{HuIURhAaj(Y=-K4_hwWvIoQ9EkRdcE`wXmH|*jz+B z->?n?#hVgoA#%dq>r9tY;V?;THwfhN{D$q`_h8il2Y~aD;#j$mOVBN3lNo7cL!~py z79_`BANy*Fw8K=7D=~P&U*Vyy#K}_ik&RS36)nm_{G3i)F_f-J)bh_r!y}G;rQ)#} z0b&~@DlQ;>~bz@NJn9LiB0mq7fb}j?D%s z4Y`Vj{zR!4|EsK!VO@oRf2FLI8yl$<^a8AmNx=he;`p^Wcw(Qe(5GTfMch%*bxSNe zBkHGoWAwgJ5+%(Dh?W&FjTkD|MLR_@6i56ou1VoZp`WxBpt3`?*o?m8|L%BjV9tgl z^7Y5T6|nN;<0)FSfWrxpy@*-_xU(s+CX*}JmrdAp?P%0YSfO62ylcu)qP4LrJw^d+m5@VFt*B+VnC97!sc83kGZ z;V**48V}lBt|p&UDN?r^R%T}+AN(e(F#EAJ{pOIME5G+!`=0D$BR_pwT-uUTD`%PkQo^wC`7vp*H_k zHGvEwkkoP2IQ}`|b1t6!%?x10*GbAEK5vnyQbaGh*i|G8 z{wC!S#Go_ ze4P<5YQrYmQNrWH2oHq{M-$TouvVXhJHGaG4Q($v6OB>pbcKvJ5Cf8QJQr zWzZ&3D{C3>*z>B9d_&wZvGPZ{nX$$sg^_X~r_d<6rZI^a59e-}|89|_56}8RJZkIx zg(#5HNDR-RTHUB!;?jl+myif$BE<={46XI8u~9Tl9tDEOD@g^f_qLE60DFuOlj%7O zBpaFVi4&I+c)@MiR&)A(A>lVe*Iy#EB92KG{SwZ}AmK;yJqY{S%!x6@$rXkjG|!p> z%MQ9XbjG)_HxQVCEIoLC4&Q$+QbQ@m6cFK6Fs1;-GmL^UzEC-uq)nT(S>z!2E{&(8 zz(@8ygOGuQ=8wxHwnvtjxj;wkfnjZsO{{iD;_>vL83hcU^~c@-4wwP9$Ea0E$C0Mu z;^lDbG%48N9!f?RWt~uI8_v`fKcB;!QzlS>3L)5-n94Fvfp^ z(EDA2CNZ>HOJaY|se$Zu>g6`&syE(;>r8+vj1J8&b%*CXN$&5;osMfN>9PlzNc(}h zg4kd$pC6qrYlSJ&p&bliZK07RS+~Sw{J{O!xgG@9(s<}h+i)z7d6;8(;SITBALkn1 z%A+M|akr74XyXm1G3Wdcwsy7ZF+mS$C{o1mjnr}=)koB&+5@-7`N$pP~_zMvLD zeIqXIS$e$DpNZPaqk$Vn1{0cwpnZAvIx9{F@vK##>ZQ#j-;~84B&@2hjSX#c2 zHP|z@zq2nM!0tbfqOk-k7*^a(=a@hDnK35}O)<_fweC5k)xAx;#biC_LmxW_3G~^Y zqpe`}jN(;n4F}IAx3DJg4{ly#Z4RE1E}K(O>wT-zV&_@&maxtdPy_!tT;762aK#HU zckQYB5}p$;c~_z{(wXr+kLfrH>ltS-&t;EE@g5n;1M1d=F2sM|^< zY&9e~5zgbV{1)=PcY~_8VGD!$iDvpLvfJ*pdwadaO=OvAb;>%(HV;Y~{OHTQZkHPf zB`t(_i@j8Xy{@=Hv~pw5n+7`#Nu73lE4}qSKbOtGB?Ce<1oMBhK zA(oqpK$2XSi9nVZvPf)k&X{BC!*sYt0sL|qDXsJKS5q%i%aTY|-O$|c0_mq~C0hJjVhVpq4ZkU!<|koZv+cU z!!#6z5-Qn{Cq7HOG?a<5wy90zXCWR7e0}q7TY*2m1uRC+wFe|pw6xlpM1u!wp@3H? z{^EL3^0K{Mjj&guCAE9&y_Isard5e(f*HiB0$nnWo+^aNh!|OSD<(n@eKvd13VSo( zG#Dwg%O^oynbe&E+3@q40A$iib12buRWc_NaY3KjNB(mzb>e@hEn%q3m9DxVK16Z+ zhi-5GVBe1au+!V`_15tpR#E==qlHSWHg_*+=f}}!A3xR!f^Nntrarh>$C^?a<`tR@ zvts)gvkhp$E_Q;oiQ-C}%w*OdKQr%Zgsy(@H9Ff$4|afBZ~N?uCb z&Q@&9dBBe!lbl(_=7Jg2y>n)*VrydhRNtv9;)+mgW>A4kvSk&a+08UKbs5b>;djx+ zP}T6HmUTwuluQNfItX917pqzP34blV|Lf3yJO5kth(IOuf4jH4orwQ)(A(Z$)BjbJ zB>m4!K8cI2)oNMv-^j(rJyGdu#|Ut50?G(KDYVfAnR1a-g4WOO%lGm`F&-!wniRr z5&R&O9`s6U$6b5VklWG$TQ*PA;&l4WYM*L2Bg+P+e{#j?GocjEA!Gjv`Y*Zs*u)Po z)5byt)B;D+Ws+aRV-}*9W-M;|k`UC!GQRIq zQ@C|0Ds|3(^j{FcSVZFXYAit6`QJ^&|2x>^_=%q<&YVO>%MUn@ez0Z%1&wu{Mi`TDD zp1(i?zvCZ&{^chjbAAthzIZKvoV|E+@?8A*`^n3f;!k+|gL)1>-kLv7kB?5pub*DL zIsfkDr|0KqFJAxS=kajzG5`ByH0np7ISu<9p)fD0K)cHOE*ww*MGG!kvs>EIfgpCd zga09(I{Uwd+E@z>xMcs|-rlv(|9e|IOZ?x3Jaj*!yC8(WSqI~8v8ibg2to<4LDr*R zy$Mi>*Bsq+n;RRp#6S-wnbHa<@UyQ`Mo>q1R|=5F^_+eGb7-}NETLdywezod$qFw$ zKzchyCj4!8Kn=|kj0THKZ#A9zGB$S^u)QZr@ z4xzT7C}~2o`fM_23p-0#ah%3=Dh1NgR$Ia3Iar&J(wjyfEqt|t0h7VY&>62~+Bj~QNuuFR>xb{D ztormPDsTSh{P5X}LLWyk#=ppH!aCQ>m@P24#Fy z(GE}$uV9PePv*pPH>)uNC~PoUJ;lHWdD<{d4QRwfz~{{xc#RHWa%5|78-^`9Phe|| z zC&%Op5}KX$rm2h#n~zA7Bce35o_f=~ipKEm1BmYM2LOCDot7KZ*)!_7d+w%bSb%@^ zvq()5zz=b45SAP3SN_!5|G_=#v^D-Xu31OP{=d81*|+xpoxSbl{=bl?(;`360|JJ; z)J?u5R3BJ&p)Z(p{{qiZZbf_mUV%hJccCmwxS<7sva_hNk5`cnNWg-7!&Uy1<|pLG zEfccuzDYS6LvWxZP__+d#(yJG_d01bwph$!;Ty)GptyIi1k%5WL*}!XV{`z7Bty%A z_}R--=9ZzO=wqL9I6Kx+6&l&9(p#Ud6g@hl( z>leBaj=SNg$$zcUzX59C9Nj+om^}GwG+GlW+LJ78XY{iS6T=7jFMkn90K||d7MO;r zAl9>+xUY$BCf9Fjdg3{#7db`UCpKg#8cUEdc*hiKB(B{yrym!y_4E zfl~9+>*wp)1~?xuX^k@OtH>E}#1xmueeQ+IEeOr+TW;?(-48sRgIF50E@(YCzl^oj z&O?XuL6Z3Rh~1Z6M=&YaG~`aG8EFEXIG`9eowbBY<3LaveZ;l(^3}7W^OIMv&z`KV z>s+NaJF!>=Li;27@|(@Ktsy6hati?*Uu9`-xTGGRScF2++05j|GzU@&*f|qm#vIoQ z-tiyzO+gQ3ZepZYIaLR%vM1$G8{?t}1t}gI<`aE9CWG*njKlZfV09UNfB;|<5N-t! zs}W}8_(VW7if~{pset+qWkJAnQIcg72wMrhU)o$-Gj^4m?i8K+p~|SP8KcT?tKET} zih{bE+S(^E;(e_*#o~s+k4N`w8^+>ZRU{weZCQb~;*Dt_qhU0Oe-c>h^W@bt1XH&< z2Lu1qAD=#HhNF=cBoIXzKO88a_AY{~a!dW*pZ@eGWCZAi)`u8JC@mq16kDY0Pftt1NwX#ok+!3xZ>qV${+hlje1E&p&bPX319qclxYz_&5jL%SEC$1Vg8kc~iT~DMRop}XvHVGhJ)9&;=8y$y$Vi7S0#?U8 z%L6;Q%pp30*9VACtfoOcV4HLHH*pP~T%9xAI`{=~O~~4tRR|G!j)y~f+F50C#aptP zMuTJ=AuKAq=Rfg)zsjLN$oeXfa?Y@3(v3CVCc^M-MI+965K>NJXY+4HDljjzl0d4* zRV}DLely8AeYA zxA@-!Kun=SfS>}=lTHtU+nz(HjwhYXE7=|VXeI|4QI~P^;txb0`*n9imR#WRUF@?tG*L1egq4*K7s8-<=tfhiQfVdkNY*#~aPy;85!l(f7aOoP? z4-|(%d=!QEd8Kpj`1&Pl8M4U*0KHMEh7X=GSef2aMq-FSr7sHeGg)g+(th)x+3u~$ zzk6#XZSu5)Eg$jl74tWLvU3E$qwio}-`=GAe6K9!_GX9vuQXXWyd}GXyi^yrtiKr} zWAAuuXgv$%f@0>#=YN9}+|-_8Ggn1uCte8Sqh)1a-ry;#kTe+{WmC^pbAGgoCkQUW z>+zsJ?aZJv>~wPR6V8d|n)Ra9Tq~PWYDTr%xru2y$|tC}1<4PZ;%}pAV2mjCAw)Yw zwd(&Pt#AI@TK_)>zhrlm3EllNy1D}vb4QuW9c3$baW}c^PSU%p-|n)TEBN1UcZ1Q+ zU2=6r|95luA-WiBtZo>y8Beu{8>To( zXVbR-pnosr|3y63#lL-V5O8(HDrl`xopSKRmC<#Tmdv3A%!Et@iYc0y*NbLmT4F&C zigYruity=6t9=cWJwQu$muVfI9P?98*7`BbNOQ=1Il!CQv}tMD2FyK3`xj!PS41U)$7o4*2 z4i0kBpRE5zeUX2a68q~UQ3w(awT9hw4*6r@$2IQl{}##;X%+tAr`8X=xQxn~pp*Q`LE9SpO2CrK*QIqqgejm-rw1__5VA2 zJ4^hZg*>nYuy8PzD@EXne@3`X6oicUn+#ASCvDSkTw^=lVYdqb^5mxJ%Cc_4rZQzQ zAY2R!BvyxIl;nzHb}lK(Y!!RgfEabykHd`F(`r9`wdkp<)-X!r1Su0ir6G;;(zpcn zW^rp+*Gs19uJgV*q{VQphn(~_lF?f0fb3rOe!TBaS^34H)`X94etQtt_wR56=9(Hl2< z{L+Rv(r}1y7RFv49JJV_E>#Y{($*r6!m1xaWMEdEU-`56&19_VG~Q&aXn^nl%c;P^ zP`9)5WY1)(` z(AC?8l{R?ai&GMes>G5cfB6gHg_*IJ1X<^r`w+xhudr&}78NdC4A)(*`0|uWbE>r{ zR!UQ;!J2ZJVrl#vE7_9U%6N#h1M#qs3f<=N3xC2do^y%GZ7SuQXxZ+tKrKT{Yos*? zKFgna8Wl?#l89d(J!U>nEfVewCR<{g86X0H3g_(MzoM%7%2Q^kxs1t7mdjy%G=2uY zIs?(Qd8kpyiNiRN!Pz*>E_Wi5p z&o~a5URrJ_%eGdiUDoTP(^o&e=I~>BX%NCxB+i+h-atg|n*HhJ@&EVJ5kf?OweM+_ zZpbTIr^wKvS6Hl8=mnQhr0(R<(-|cL<(6ERPBUhdL)q!Sj!(|do}Zro`{?!Y_y4Iv zpIu@OMTJ|iC~Inw+2C{mOIp7B<WhYI?j z%_a?9OZ{3oFig$UfgU<>xdr{6wji%0DQ672e7=ar*GbRiIW^7@vcQ^qRdHdTAymsB zZ0FOpG;=%46hc#a;@N-g4ec(jG`#~gLPT1a(|!dLt1U&I*m-h?&Lh=8x< zBw!iiWYG5zAiotc6^~x`sX*|Ww`$kWKnr#Aos9I{Y*yC;ds_45>d*_X{IrV@6#;ow zOQTEVKinL8|!D?C3?)}I~|AVrGw5w^N@9h@nP)8COSNymr%(REnbTdgU3sYR^2 ztD>o;0xUb!RAp;`PF% zTSR>hr4wZTg6@!wQ7#ijs$GTuTazZgNO`GRGmdzqp?NmMsu_{XY=PS_EAt0Mgh%T1 zPVz!2j>GgS8r$wCbcT+TZqh#>XHQS^s~#o2lk!>-0V%&^O})g|VL8(NPp3z(-Ol!> zGtckFvvH$t*RsGpuJhBJCI}=`RH71rz@QOx35OV%o~$)5YP zotE^RxmZ36%WVYd8vnOwm3OdZ%kFDOf0GD=oC1ZVLP(~obWAvlPp$wlN-KpP1>%4d*{ z;=&Tl6y72V6ySM^Z|62f=-aHjR~R1j;V!sfHOc|3RuSSD66n8kqCJ$B8D3t3IX;Sz z;_qq88YlfIRnF_$&x$2#Q8GQ}Zn>$5X;ytBsiOnU6NB@sZ^=(qdt5_)%MU>3etCK* zkM^lV^E6#Yt-@N&Dbc55FKM8uZexXz)ig;MxQ2)OYl_h!2ks~@wxY_ipi2Nx0qbML z)orn>-*dAK1ls)rJR|33 z!c|_CdB##%gVPE@2Fk#xlLhX1}Bbhv{p;J#iC1AM%aC)B4F+O$As!GcB%5DYuy1lx+Ut%Pi zr>`rlrjiyeZ>uvImd%9JZ^aw<3VA^#5|&7N;py*6%C$V|>MU+^C08QEryk2ArRqqV z5+EbH$Og|zS}275p%78(;6Dh3;oR}x_V--;x7{WF!y+Cp{_`mt=&vS-pMeCy=4cT_ znU$t`%w~~sZn2wnBLhu*F+wnCK^hjJ@uY zbF|bO4)d|*yBQJQ%X5n&r(=E_#RL@40MV7*V);%@qhPrwzih?-y$B5 z`bdufZCnmpadeT}@qi(0W?GI18;#^BFq85eNYd?1kXRWtcC}*JA4CFkw z2**(Lmk{9CH`4h%V#)o}g*i4-KJ+^MTu&YTKT3MNI7=rZSW6d^9v!ht`#>50r|jP3 z|J$3Lz0D>6U&LdZtR%f>a)`gfA;zmrji+NE_gjf&&NhG(H{aK&Jt)!|lxYjRsNkOd zYz^Y!p$Ln~=-1!a)^(-X^Ur$T+~LQchM`rx@vfWzr-*`s#Q@m(b8UR4IBV=#bv*Q% z`8_>#_&-Fsp?hQ&)KmnQ@qa4sTk`+@_U1DF-$I_M*T=cxMD-h?jXIaG*0wSq<#QnB z=mYE{^FD>J4aHE*zD$PEoOCy?qIk(+|A0>|`TwR{`|b~(GXB52<-vd7U-JJ&JPYOj zXl9hh_fLFw2w%k^f~7auzutCzE2y;>cy6e2E4hq^VL$#2>|t4I^`deWV#8r^O2O8| z3Ap5KpGq$7KRBX5Q9LEh78t(qkbm-!z|F7noyKX?%<}ESkDiznWWWp`pCu?K9`BKICp`x#<&zdn^G<_K?ri8jA$j6c3F1jP zkxmAi#2o7Ck(CE>Ql%5~a(-Sy#lgTIQvvFP$+YsP_9RO&*af&`@?Z;DG$uhbxm2sO z8r;kDz2W4?oUM_aN`~dS^f`@Ls;y z+W`Ovm~G-f_akXii6|P44@fu~_2J^5c6A#Or9|m8%~O^wI78i{o$_xWTF|-lLlU->xNE^`rtGx)bXm5uEJ)M#80r|&VFvxVKm=-hK-h!r2q|whevVk_ zn0^d(;Lb!YqHZ{$Ts=!DS^t_`L@C`WsIZIerDgQ#)*Yr1>Bob3OiLUmvltY6$> zUp#wx3Tf#oBA`s&Xf=*6NlN8)%57O892hBM-NxR%yXPy#5vOL`_eyB4>Q% za5NIEMRbV{Yu=z+YwNw-FVVnXXce_fHI?Pg-ZHcbT=aQ=4FgL4Rn!YEIDD4qb$%;h z&q>zF67Z+2o9%uHyfjFisMD{SI@HZZx4khq0Gfoq^l+KaE&tWK{{ypq0GO(G0Z@Mb z=ji|G&!zmoh{xiF9*nY_n?LwGrHvj#C|l$e0W)=bH41;7MB06Ut*5g9>0GonT}R8c zFrZ7>+li=T<>6a_$-^FcuszR|{(l$X{4>0&#s|vmzdCyz`~H7_cX|J}kjG>HHJkt6 zcWh=%=LR^H+Z~^aU!MK$je%-9L5se{IIkpHlw6wPVYF+q+Bs??N6+{?mDXUYj3v!4_^ma`Xo zWjcImH5EI3-QSZhT&MaqJ@xN@>bn4!o&WcC9sJ+zrT%v@kGknycOr-RIPg^Q!s^5$ z+hBxv<3SkZc%n8iqv*L`SUvn@Rep502N@$S(aNxNZY;H*G7M!^wmY3A{?B5bd~YEp+^&L2FmrkNK9ln^+uP6+WXXzERD*G^ z)@0nPE)E1C?wN;K3g}b`*9^07lv#rM@O?6&3!ir9Wyl#?W%r^2$D;E1^*$<|fB~t9 zPR-9(EKr~pO9MSXq%)?kUeQr^K|}emz!y*0Hxt&*N3MAUTj$fY^+P0mncxN4(6lUW z*||Y%&?U<12F9K9G6q55IAMO#2bDVfAB;-bzjL+!qDOB>|GTy1|BHDn{ttuueM)&E z6_(!X7{GqWo}@RW`3BT8laTDu*foVU>~)g7Zype+BgiJG(wIVo7rGPolC1J=8ngG- z+^chYnjWnuX*|9~|H+SIp?o!7vT99G(&AFQI7NB!2AFZ~h>jDJU%3VdU!SPA;xJ<3 z0p(;iqdyol_~|JO(8;1Il!WN4gq);@>7+BMI8bM$60KmJgp`Nt^pz{)rh9^CSZ2av z4Z(xm&pbo@GXoRc-yh^AV0PS1y*wE769oG$Em|oxMpQE zBrohmPgd7I0GxV&@X2(^QBEL*IVJ=yxlUpllo z;fMERt^I!q`SI-Rr2UDX#J29&Hh5)kNOKh`Y?3EWNRuw8CSh#Vr%IY~{nvtmD_j3N zyW6(@XREV}|F@9GWB=jj0bdY8TuqxcLkj;LLb%QJOu7DRnF5#Te>d&>zwOPPCH~`L zp4#gljaWz7=!n0sVVDJMTa`&vxVtJz8ajJpqE+B-Zs#@`qg_gS3ck5QVy))n>e z7c&`KZXsXnGlTqJ`4X^H|L4U2*zfEtc_{h+>)8Q#U{xasD$}#AvCVGnZNrFm zDnFVcQXFNNk_SAM&zrSL78zwAY|sHijjq%qZ>MLl!GoY?10)UmR|GjP0|L^U0_BXd^ zg3Ybn&E4(g`d`FjS8>NW3Pxp5I z)}Kz>wpj(*vtbO-IjLCLAKHj3x6q09QL|Z|#K`M~~Nb1J`R@iFf5Iwdb z(i=BAS)Ik4lxnR17T8zCSHmQY>eW%U{&%-+{I}h$o#pyp$g@ID=#q)jVFoaqY;?(o z>u5+WCUGBB^n@ha^MH2_%tGl)@U0T8-AT)ALh0KOAAE{m(iH~)|3_;;Ab$s{Ak&yHxlT-DKN#l0wOv*h$uqji(P{d@as z&~?;U|F4e@pS?J04SIF!C|>`at?hj${wIC4T>p!BR@{xLaY$aXcO0b}Vny`m!j!My zh;8oex(vKQ7xCl*<8JT*+al2h-8;iE;LG!k^_j7;hBdZTv8e(vp$^c_G09qu#xX#v z_WK!mV>hgjSU%~;X%w}uu7eRUytd$c&RW<2X30$-9NMt8-Ehb~u0e8$Q`GXVWt9J+ zIv5+7Mpxk3oH7n*_d|;u(vD7(K|~9nJm=L2>`9Z<+l(&dYY8P-CJz#x0Tn*#!F)qp z9ll^IoIHI^C=U<&St67mJw`Hp%k;dHltJ55sVE#V0B~Ar8h0~tNh=^x*u9qM|FY3( zGP%0OcZ~c-G#li<09gN5JMfwWSjwXGbbHJgsexcs}?H~Dt#A?yS;a^>=>pQ zrIkv+05#1f*+wxvI5n|sqz1wT04dSOQG&}z5z*P&Z*9{5>o`;ZT5y2fC}}CFRrEg? zg`JWK_B@E?8InS?(5;g0Rk*>DcX;JMx94{ix>jFh$zVkHXF18iho2Tp40Rv5i9^~0 z7EC;EBAt|jIKz-TP~RYY9|!{4&-a;M!4$FaU6k>(UVVh`QP$|AW2!X-1pC#Q1ULj)SF3OXr(6_<~;p5@kRtk3! zjXjFN;ao)DMqmxHb2nRlz)RGYLJncq>dAHsq<1W4l*GuG61b}+pnYfiDrBe37w;r_ zJuIFD=3;D_%?xuwG3+5W??CtQj!#^EtoIItA+#9s05lBu&2Bitl}Zyxejg2coO-Qy z_{A|qhoOC{cZ#2&5nl#s9nfQ38fo3jqRfmY7nFBg+j2_)H{J1N+!Z6$BFC4!T3m+^ zj{(-V62UO~O++&2Oz_NkWDKRY4PS>hj8FCB?ii1hczmS9f4jZ+t=$e7>Yvg+v_(W) zVB;e=l}G_1B^F2fQY>1*<^s)OMX{Fqd$y~#&>hJQ({O)J&xYNWkS6;{H|*;^Gb}T9 z?)`o9otj|p6xF;R*~Do!t=3Jl=sA=MBMdD>byG+#`{5M~Et?{2v^4z_?P zDdQVDTVwAyt9pk&q+9_NyhE!3iwa~7`V?ljd6}A$V!6Ts)MX037{QmhN6wy~av_7S zCD@ZhE0Fyb)=&GwG;4cG8%e*%GzSnx=N|;6f@wyl`y*#2cSXP_Th_o~u|y5dhLnUM zR~<|ruaMIsXI7068_E*{hnD|78mfK~l8umy=qp~mKs_RS?P&ELo*WlR@1>#VOQrs7Z{RtEi!elg|-EFM1<&Tdd>3==;YfyYAvdLRrt6oGUXrngKvgCSy&!4Jt1w>c5Tir7lp0%}RQ z1*IJ<6_dr6xhnyVB+=Nra#gPY5P}pqps9Q?MV}zG1enK|tGDPmBBysh3z6@m+aeml zYyY81?1oRvdNO?AzLZz`oKMU9c^3XH<7arjpv3`}uRZC=2}OUpw~E&NSXt@tH(v!q zgkKvALC4rs+3xR@r#YKqakvHD>OQDQpD2aqeDjtU!L~GyG$X|>&fK+~2^ov2y)b1G zwNDy?xi|y!7--c?XF^@_K^=E7WE5knJ$6o&B0sJF@#f=AgOusUk`d@1N>*-_fm8)C zPHBm9R*4mcavh*41Z&(-oul<>Vpqg=EiTalVQLaIzB!9W2RKTw*kB#9Md7Zrzr#|y zqx|EJt>1sJ1>8j)4>PEtqu1+(DGSUMcHt=cO^Y-dr%|L-a!T7g2c?`UYy(FwVh2$? z0bgUcNR1O80bmNPht|A)8BY!UzcK`@SqJF-cXx~Ie>TL@n6$U*I)mp8v~aX|ia_~Lm$lMUdO zwugHLBzP8e`=I5x3DcMzCfP0o(0d?*fx6(9?zz&W5p|8Sdc=_sdo7$aFOso#ogfsJ zQb?d@iYru7j&%V*sY#zD-S<%n#L-IX>SLKUETYrlBBE1vZ>O{O?YEt+Z@=Bz>~=3h z`fP88k9WI!`lm>VcG2k&uR52dZQ7Y3lC7Lb?lp%1s1U)G#a8R)k z_7UMC1w{^(MIO;AnZ}(H%C$Zyd#95jY6HgI9&e}=%Yo)J=@U8;hLOmGwJ44L*wW|9 zayFn=RNsQ6C~pWNQDL|w&8@NoWsIvJb1#QqqL#C!h$iHP-*a6zA&^6dtx@f)Ur;suIL` z`9;b8;BJGB1N9-6NayKfNN2z!ChalJ2j?t&D*g2Oxh2^1RvZvlcPIx!(-?x%c$Cpo zX^xgq9eU8>e1)8{X-!9Fko1^JFg9;ZfnTz@p=5P_Kgg0z*cnJFav9;U0<%YiGRP?X z5NGrd6T#A31M3Q}5xt`1cWP}V}kVdM9>KGh`nP$7fI`cgde+j3&k}hCc@*AyqFh- z{U6LKXR08iO4k)@A;TW69KP%7NZ>+HCe!=!dN`NkMbqjkDjVrxIv!V0IbtAt39h!%EdLp*uagunq;Z0=S*~<`Qk@3f1v)GDGD+7xGW;f{3gYt~>VXp~+MVJo zVtPcOPKt-l&Sz+p#QvHxs21e2Ko!4t$YhmJiL8@r-{fzl>SCJ&Q1#kWKbQ_ApYB;A zcALnw*G#VfH(R!Ph!2W(^)$4R(x5~Wk&L`~+YsPx+yOA6+!na`t+Z8D43X7=>BiyJ z0l7iL*?_0(sP7u+mzBAR6?T)+E%ZiqTwHTMzDVgD2rees?FE|C@|ruXZLp1PAe$-K zU4%^p+hrU(9kzNk!AQs)P_*1)K$S#)R2ns&%rkCGix|Imrn z>D`z)_nWWN0jCB8K0^2Ki1OD0(APzRScAz|99yBS^oc9^jV(&7x7s5Z-O`8 z-}^u0LBdt=`qabCmNX>iQ)|(i=2ZlHwS{Rt{a9B7`uVIwJ{@#VX?)}& znx_x`T-+13?{mv%#NrHD6+E`uq*Nhf)}gZ-G9P%6hi{jF6)8mx;ZkimXowfjV@&{h ztoeaM%@DCwOKjeN3}SFxYY4CQLHO~2?CtJu@A?5vW+_fU`o2yQ zJXSG!Ib7<@0%;xyb)B z;lFmaJ3G5J{@3=_(*JWI&z$6cGkUMoMa^>~Hgn;%WG>9hl)EypM>)5_SScMt{GKM) zU}+&C^1|)bub4;qtQ0J_e(8@zvl!_)gX#uaKta>gLpiZ0ytzH`dCizQc5Wwd0;;NX zeOG?XdS0tXodCZ+sS2LnFcVn)T;TscPP6gPbi@6TW#I`+nUoG;YP>mLRx=TTBi^7x(D~H+KUxY31Q@{ADtPGpe!Q$d7nd zCmkv*+LLTf2UKiUP8=Q95rRKL#-N7)p5oC1?YI+Zij^YOs(M=e`Yd;sS2@)l-`Omj zr1S1b!&}AKyx~$4`%uLln#aCv-j$Yb;8yywojf4fwaz=b+K)SJCPdxqgfvg1Fhw92 z?HV07!_lqq%0OEMc0bCdUDGKAI_ZF{etLTJ`V8X^pT9hOadht{q`VE%{p;vIg~=GJ z!x9gjGPTs|+v%&HUOzpe!oVe+NqlM}&216@A``hJh%!Z*E|qltWx!Gb5Oc5TS&=3s zoeixXNpGEMtVWjCqPMkHdz?NhuS@$AL*xX%8Nw@9n!@=FxXOJxPRom4<&=%v${ZcpiK7r+Y4F$qniR_&UgVD07E;p-oc&h**a z9eFZ2Imq3e+rsYkAnB2vot?t;xui?qFGji5?MS$M=cn7wVy7>oIzM@Se}_(wJEP0` z{IImw-He`Gr9EFIhgVKASD;q_v30_hUm@^c$4yuHvVx0bsX7?6=03^DU`5r5Q5y z!sJ~8mDqo6ZSQQ^_Fwy3%lIz~d92gA>Db|31NqU2?AstUnOY2S2tBTBBNSdpl{+H5 z?Xl|qyjMk5Wu=B362gaH^P}xBXQAv~NxEcI*D=*m+amIp+{E8j zQuwI*%(nltLra-Qc**|1y|v}Uf7{$%#{XT&!WGtE0B{2Xlj&-uNTG+Bw*M38%UZi6?Jm3law} zr?UNso3qS%q=My!c`-K21rQ^z#B4)PRNrWW<(}PS!#gDPulnqK6)yVbC(wNXtS48T z8;!JiRVL3V2Xs@MV+_m>Vp&gMv$K}TYbDKIifa%4OeO!FUq}5BU3jhWs0tKNnf$kB z$A912-&w|gT+Fi~@XZ^z8tL9dce#SCDscBNz=hLe|x;bS5@T{wgC;3|J+;eI!XO z{g$jifcnVa3c|8U)}4F`Ioear#)fa^IvH6SZI-&XCNixUKQZ!JK8`2z=d4Bl--U|# zbC1%WyIXQWWWzUw*5Q)U(>h{KCTnp#Wj4imGfdZK+3QqFw|~w8+4X9m-3bfYTG0$gwgPg_Ly<>>lZWMf|+mRv{Vb7+nIPSxS_-~aRFzmWpSgY&u6h}4e* zS|a~#?(Xea^55QWXNmu~kf$IxW(Q%ujNq7uImI)@`mY@av`qiAyJhQt_BMBx_CE`G@USDc@RtBmcOGp#v6lJ7Dk}jhP+`S?m_%C6^2I^WVj1% zNGMhn1?dflLMnU#Y>KVydPA^F%K3)$KPijo_d_%$ucJ{yj)#{?qw((DyKXYf09gp~ zA%Y(Xdp%wDkf_vB*zkR9@diVrc3M)v7Oz(7WYnWa45+cuIL9Ci@|#0^yO(q`{DJ?R zL!vedsvxe4dU|NM);Ttghg>CiFfbao!sNy6#wx*DW1jNO>!asKho{Vv`>nUtx%{Ug zO5L(c4Vb6POoeOx)YUO)->$D1zc&ayp(P)n2ee-0l$3TXPgkLDe;US>dv`MQ_pjDt zD=cM?9!lxCGYCeL^vdor)(5x*(`b;~0B$!e(+XFm#R3hpEa}EFKo5h8l~E>HT?}oP zpNv~Zr%AF)yG^F7(s84!G(`C&zvDppC}+_GGdR=d&C?$bU!T2YUd>Rqvy^zoa_U*S z3bYIKW57*gfm5DR?vo7S-vsl)Hj(e5OAy!i`ZJ=b7&OEHw%$h8b&m9`bX9o)EswE{ z-~!7N4TXRzEpi4*SafeUBaJ2;SJ8u)XApHR06`u_9E0h2id;(>M2?xND3~4(y{lJ$rjY+? z$AQ_b9sgx-cW-|g|78)+6yskz4or#szqh;V=>PV2m-7EY9&h}YyrKVWabP5vwHL~o zQe*L00cPFdkqAbUeqW&Y9ACan#wRJ=M&Qm%#CU)#x1&gc{2;Id4ja`Eh>#x>Ium$! z(h#CZ$3qC*0HL2LzZ-TVe%{Pv)SBTBohl-~{PCo|w1T0&U@`z-U?ln~ZA|A$Y zW|T2=dWi}z&Re2on+&+U0c(=d{<}y+ z?3+tCrmm^3UTg6}0kZx8{{~m+$pN9fcEEoRXlbzKb~j(dyoD@kgpr}+X4r-d4HFxS ziCKf`n0sVwFgmDK$8(MQ^+c=yJ0 znI_d|Q3^g^;u8Yrg2MfK08=tPu#X6@{(3@ zKwc(%3a~w24Z{&cRnN?poTPDroTpEPDzq%1odL}k`}PW0RhUV5gfd!+6eqOMwsi1N z4T1AFf-XNyxd^dB7`B+y(6)MU_8vgGXye#q4SEr*sO-uAT~EWoT|Y@icbC1p_3OLr z?q;L+CJcUidpEopMF0J7@2^AnXS4zTu6hawR*JG@PecfMf;ev46|mI`^v}1#Rmo-m zh~vL?YysXRasT`Gfq--T2by)H~@c_fAeo9y1*S1-n3k4G78zv7Yy|< zx&yk-5(z4G_g&1|i%s&3(`9@$2uETC@W|>dXr}te+a{aFzPt!Ws(CqWfcm6aBlMxB zB9~Got_s@-vT#~uJRmPx`f0J7VT=ij&A8G4-rfyUPQ5lXR08Y8VbJSd4V37=f}P6U zD_DxQk>a4!+G%YgNo?F1<_D`pBTcJXn;#Ala$*KzVrHBM9Tvixpexp#VAJ8D&w9RR zCjC!|-@kZD&i|dg&bICU*V$g$|19Kj9eBjCb+AYu|2&0*5X#FvbMi{4=&6&JUH4rv zodwH#&OWybvp>i8sWhXnZte$F?v}{Cr#z;NMSW&KT^8D$Ti^$N_=76_W#}nX<(B%w zbVsUKMxhs>U52JZF}gr1R;rDnUW^<-+r3cx^Fh}CO#HuxIPX;6EZzZ%`G2Rgx9jl# zo$bz&|1aX12Z;Yy$GpD;o@ucmOZ|#TY~`!Vb*x+k+r(5}<~92DvB_(725X$^RWe6q z&T`s()y(a2Z+HBXjZgdj#aFfWl!E@}^^u#?GUs=`?EC(vR01}_9@^>PAw#Y-Z(zx zq<^+G)KaVCmqXQOId?i+-a&=O05>gyfp_?UpwfGxW>z9$C^s?Y_@+}VI^X%SxVZEA z$nzK#PmER9R3XgYvC!wi}$XW`nrB~;fpH5d>DA~C? zs}B}iN(e?;|NdE+Ur$j|vDyKdv-!6srbS>wxC%nryTLpDYhb;j7QeG)_7*ZQ+Xdjp0XMn4|iuQ>y+npLJEbmxM!k*~0vPhLGk zPdTge&=_qFi=a=MlrKH0dk6D~-@ZKYT)s4OmzH4}sV%1FztNeEcWq~DAJvha18@@% zK~~VEL1UqyT^1bzO;4 z_BNOM|3V&1P}Z-=-18@XRVLk#g54E!hVdHwGIeD-W(X(aYdW)jV;-*WAEQa^O~-Ss z4D)HqtL3@e3!?!y!28fPpv^wmB(BjTT{MLDWNYA0qdBp>Spzo5Z{E=8J&stSn<%}Y z3E+9NM%jarQ%1zF<6%^6?L5s#W?KJZQ<%~IZ)e+<|2v(|6907}&rA^7i!=PlxkC(X z!ve#oz;{dT<}+DRg=E;*hklK{iYUWA1&V_?WBm%YhOvy3h38W7@Z-rtQx3hB}32IuE@%KmRii{vUGV znY?YFjQ?-$?b`C+&ffNt|1aVxkpDb@$$o1o29%n=kMQJEZzs8?RP(eboRN*-qN$n} z6Z?2j(|26OBy^3&V` )9@a~WR8<+{st%p(9WW^F2nN2#?gJ~NxOXJ_RM6U;}jE#-IcPy1m!kYB~EIlOS4{n@+Ylc%b~O@j~qTR*4`Vmds+Hgynw zWB?Ak4IR?~zpjvzCyq{C)ae(O#6SuI8Y_~|IX%)>;JpCJpV1^`Shv%4Y`Twga*_caBl~G z{bT^$LMO%n`KFC?yZue$=;H{1mn=LUoGz^fPp8G#C_Xs_DmkJ%wOCjQJoM-hmn15| z9WdZwm+WohpYh;ya(NklB+a1d3-mz=e#+#SP}Ttw#4Y)C67~U@s0YVAY)Y%~bHqx= z^kb+4nw61@s2jrVUPjxZqn~02pkDyvs)(+{_ISjjTEDo(&UyCo6w(6o0V!dl)i}Ns z$30evyme)WsSKeAw)B1ya+VkoEdqq)0I`sl$|vvyR5HT|M^FM^7%g)uLt0H z5Cwd9svr54J*D#BjvfDDcWY;9|GAK-F#hYet$j28tBCaF&J8#>3siN~#IRs+0#G^V zM>kPliaEK_VHIw&Z~hq}V%bahLrz^gP^=c%-XALV7fRwk!<6#0anhm*CEvb`Cqsx^ zd7Y@lbe_b&w&II4yp9L|9DuEOayd4_%VLtw<8L=ru0c4QME!rJljy1yO=QXeyx;+6 z-IkVwnl0%i8E!~hqWOPa62KC+GHsCMbu@He5VRmf?2c`egGpmOT7SB54La2d(XuGx9XUpd zkyLJ3Hjjsrp+{;frd?638LJml{XEXbaAm5@>;z^g$+)rmbX322TTH7(HCzP8-LQ~a zRr<@xfO1TrTjZODO1Ip1ohtRS#6Wd887CRU`38M1j{uNY!W}t{@EZCZSV+EuzaTr6 z{3!ikaDxRA(D9M5nE>w#d={o*cbCesT2j?C`lpH5%Dfq8zE#J><%AvDJva zbi$BH&XidmO2*^O$D5UiHmTN}5_5Ck6@^sNtpn;){pr3M&75i$L73TUlx4i*u?Dp$ zPJonv9GesTNRK!J`U3=zm^;;)#cyf8JMuFRT$iLGCgFsK5YuCZRjgm9y5_uAN{v$t zZ%~xep_;8;RE+RY3UvtnQHAWp)}WBr4V@j+}wA1 zoW#F4Q4(>Ai<Tun02bx%dNYkTT~aa?W+8` z?o_GI`9`)MPQkXGH?JLE9-u>T>v%|!MMMRo0YZG;dg6#MQ7y8~8~b$Q@{*`8@QpGh@$63L+&zmel-5~J)= zx^&D&HO6eMM7Eb|6(-g#!$b94MAbP_4gO7@BJK!$m^;x^Q0+vjD9B1rVBFMJgxDmQ z4MkQKeY1*S>Z5uX_bbuNsn$_@%kojGArLB;t}%i;a6qIN1?nlE`kYTd8du3g_eL2+ zHyV#IPS!kVuTQmxXk40)o*Ok#$)oC*PCAlcl;^6vkewNXw&PzQ-BW9wS1LfwkZi8x>`hokpkbgK-&xwD`Of~Lj%m?3JfI+pE z`axIYU;={C@ajW!ah)XZyZSvaw!@&hFm=6l%tW;`#jV7zRqBW3*IZ{Vz*5~pOsdV) zvyeU;)c~JSl+~mf!8Ycy9A~0h0iiIJQWtr{JEPf7T!RM*&LQ1kHx>@wo=I9F6PsMbg5%nCG zlYZ`UG^y57&q(=Y=oo38NHE5H%xu-^} zul=bP&-s`<5sm=|$*W&5skT!uQVvn}AuVploqu`9t+l|8-!R$Y7rora@C7Rd_1h=1 zbdrof^PTu^aAvV;kyNW|Qp>RDjvUHQ(uxS~ngPI2z$9gfO};=;qQX`eAUzl&jMktj z^w%!c@@!=n#BP%q#>R(hTD@S}Jg3qMXV=N3-vd&`Re2#HbliX|!Bv$4C7~Ox&s;T+ z>g!~fq(1wtJMtrZ;tp1#w`YIq&kzUKq#)}Zk>Dq$rcdjkDXDHY-;woq4s6Q14L31R z4TErosP^2Iu7G-r>i3T`31P&o5*a?e@T03qb;ZPAqvOi*nafkl|3@J|)T#sges*{B z{r|vUrn9}jx8K>{+}hd(|G(|d_WzLG&(vn)`Gfoa)EfUA1_M#o0le7%t3zKp{-3*> zOZ@MJJS)<@hz%}EeD2V<8nz8G$3sSA%mc*96@EAegik8&L=$*?t{^PT6?mMZk2xXA z7v+HHZXpdfssVZPwy`3CbDH=)fcybF$2S}F^YJBGw}Np4nlYlhi_#zy418Dgh_ZRg z&!-?H3$#=4T%ctNVbbH=02rOjv*GU&D}}3_{=w8{40ahx1HamF5D#gIP?8W$Z^H3YB&0()j=<+v z_XL4)<_8M_fZP!6JRqG$gNwHZ4S`?;t`LX|E@l~=G(>bsoNM5Hi*XTYGe@*n83{68 zk_<)J(Blw6nR+zL;}bd)npXTL^69?O(A^Z+8w2!PG=fsWpv2u(&7WR#}6$47gy+iL^#emqRj}vaicB<@@*nQTE#Lqg_dZJu=IxUwr#ybjyIc0 z?1r8;Q>F2@*!Kl`0mrq!q?2dJAQQoB8;%S~s?=%B$_P(p=ui%86pF?bn_(Ggbg8Dh zn&aSr*GoX)2($NDTc|DQGEaJeG$U-|qUY;Bjc;H@2p_LDE#AvHaA?f_(&h~7w4VUC z0%1@Oe?BEg|2iedhc5`A0x|YzA#i${0>rn%5A=V7@V8`$OE{t}LE&lKrhSrLO{mb{ z&Y10Qz>5rckpYI&ydDqwzB#Q}F^mM?xf!CEwL0OIeWu1T;DZMK)8s*B)R9mwjg=K; zcz;PJ%t_KC!nm1mD{%jwK>$Qro83^<>yiPdgWHWpfIh}zNx*;$tJ8qLqvbRl3u_N+ za(fQisI|v36BnQ7LE}m|8ifF`Ki5L(3*eITE%P?(j{Cew9z}rH(-MhWVSjWTw#+KH zz4=L+fDJW^X-U?;S*ue9hjZ1+IDnWA-S>2L^KYU&(V?n9h%!>8yp%2|y7{RB8~UQ) z_V~yg8kT{xF{wEFMVsfB$q?cJm@hd{7+NPA!5`$SOEV2Dh+@OtDoX~KNx--XVs){= zc(iTphHgX5SO+byiqUPYrD|xE+pG}e)KGo9AxwfL0mb&SGgJ-R!Z@J&T%Zhk+YQaQ zmksht1zXsLXOGi*$X|X_ zi`>uJ7mwY5{!#tVZoTby)}6BUS--rMuQMS%$=~eWQN7Tv^t6}yjhTF1awVnGc`t#~ z&hA{d2vK}RQ@OLH&8ICc06ud;3e`N%L5aC#gdtTBa~{LL0oYZ*(|#j zN*bk;74kC(%o99VrV-sg2Y{%^eUG`UC}~x0v3QhANIwd1B6ifpvn=h~tP8M3SakO~ z0ijiR*nTw z{T$G;K##Gv^CIT$;~dRMZl&JdqN!m@obZ5Jp`p*G?dEXsGP=0f{w$|Te&!{BB-(-k zzo*Hfk0CvTakMz^^#UOFb#_|c!h|bGL?@o6|Cv(%Yu;m(XavjffA_W>{O_%uW&EFo zJa%x7+?!+@>{m^g7E|-#A=eK5$}eKeu);lpNoAC9Pu|iXuhy}l8bua%E}%=bvgYqiUC{M}%LDuA(7E>e?Z2=|xf2*^E>t=$I=%(gp({K6fwc-sFnP9zU;AR)+5uffY}RtxZS7mmW>X*ZX8p4!kf$>svDyXi-?#Uc`2P!e^gW&KQ5l@zEdK4of`kRk4|>XALWS;=U!Tc&qA&gBY4G7r zgVx~c_7VPF*ho<-CoJY%r;JXZnU=+kM|{eg!cv?4a=KY~qXNvI3Eqg8OokvL%H(~b zO@4U#M)%C|;5*I4n$zrf?1>FzN`!~D_=@zFim-=1nbochiW2jY9lJF_P@6E?dqsmA z9ksmceGyfy0B}ZNRWHt(PJ(j_%^rDwtTiGB|4g3-`t5WI{cH(eOqMt0?v4)wA=LhcAxg z2f~apzfY6Ff%cLxyh|RU%z1wjj;{|Sn?b&iTh-~w;nUAhAG`Q+I+U*P^olKQgUeKb zDI$6?0SN+?>q&kttO{u0+$*nIg&b5=jZ9UwSOM)*R47kl7wIoigWV}8Q>Cg%sE&(M zRIW-^v0w#VQ&6l-RI$)pWSN3G^72%yQo+I$)FBg9EVOKD_@+fpQ96`LL5W(jiUk*= zofK46n6YBz+D&{xO)6E@Vl7mWqO#4TRVzRMkfLHCLB+yya5)M}_ve_hx>_|=uEd9b zQB;p7ef6r!imqCejwDe~qL!>)!8X`Kc^y`c%GDVt4TaU{DJvE)!)xT1%ac?tkRu%w zmdMgnEmDUeC@NM%bfZP>MO}wl>ongeo?*N9964x9P5i}vJ)3b zRmv^cDo=iRqMaIy)bzbP*w&Hyp>)~_Pgd83{Jmj+(`r|#P)gs>suh`}i-Yi;(kQlr z{5biT4nQ4jnWp}no0pvnR|52 z4XGq`k|r0Ce&&EH_#dLNc?=oh`J;Uuh5hmMZ{{brY_JE7$8p$y7WKp1(}>amW|O;G z0je|hV8tk8Y5TLsx(`4Rg-R@?x{%6lUvW!`u}O||Hheg zTtsK33l`1YdmB_{|F>huf8O5S+S*&*|19F+6BI0H3wJTeHB?X^5?D4N_>Jbqvo_Ay z*89h(c9v#=VAA>>n<}1LAY)ej-mZkcL@N_mxm>L$jFJn6k)~3kIF~`oCKnJ$7yCUR zhUF+%rem|Fyd#`xO8h}A6{fZS>s?fbfhgnuTbq{s_txJ2_A>tWLLT>K&Iz+%v-v#J zKRe^{n*RZ>`4@Q~@4cyYrje9gw{-SOC)YzSfj{&!CI5f<>g?#WHU2oRQb!s8-`?)H z{D0~HvyjIF+W;PcB#Xh@OhR2C)?y!3{h4r+{+Hw$KUDN_hBqI`A=OUSm z6#%S2E=id9*J=QyN%V1)09c5~!=W87sTkNJ0913(sEdr#zUU_xlwpE99rLYzeRTNj z#Zha}TjAA7NFt;`(wj1RQWmukiT&~H>_qy8khVz5zp~B&t69j^Y8(&2>oG+jkw-N* zzE;h>u9e-;LmBfLZ1t0F*w+iwWS}ZAAvohP-J>p{BKkh$A!<`L z^?@TW=Fa7@v{-2cDZ`%BSZ*QspU&!+S`v0Zk|KT?szH{gt7nvaf0czLA%=^8U zNq&lNK)L5+1@ED`a9D=`!wAPA1pW($FZ|;JD7b!aJo83|B24DDiNjo(OFb+D$rs#oj(oOmY)IN* zjTKnd@}^p1TYE|~6I;E>0)%K*bU8Jec-ee`*%;cM%AI^ob3U0jOmkYMb>*3dW}{#2 zGv)qYS@#D|iU0rR&i1bD|G&GvJpV1^vCT-QJl^T10890rPrWy-YOlVdq@zh|>WTT7 zHFa$m-|!0DD5W~>O%u*q%}1n(N3G^tVU->@*6@D+N|!n>DazGy)~baMrd#m^FUGB1 z_+-vlx8|+s)~?i>P%NCDeWYlvoU;<6`FKuEjphJ4BRR@5wAzeNPNFkboa;U6(jmUm zmEa>O*Qazw3YD{I**J0cL{QY_FKgwNIwM_mm(e_yknY%8ZKCKtt}|9%?ELDPFTFvW z!QgP;8GVy||B$5?wJqWp%nw@wB_L?r=OGa%@lJ zYW&=Fm2$7=s%BlUD0>-t#FN|@iFyigo3rqJ(iUX@H~ znEpr5D$aKQ$HUdl82@2w$BqB6xx3W=E#mQC7I5dgJWZf|Q7C-%mfF6DxF;q zPF74@hue{6$9E7bW!NQq+xTZZIGtQx#ve&DXgVSrBlRiUw?bJ5@Y`GR>x2rAmoY@^ z9*wXOt;Ww0D;?91p$=$JMlPam2%(>|WMH^DVbc-!l6eWCx>3ZAj5D%+af{vZ?Byw> z1y2<)K-g$CjxVXGirWP%gd^baKx;e_^H_!%$H2)L#|?<*)K=+bwYLQB?jSzO&J}5L z6IAMbu;3OyR-f*zHexrGm;vUeQAh16OvmRY{Zo(X3QR zZf_n!TtF6=LR(6DxW|M|Dk@4~biDzsGghEl`VAHpIKaE?A_h-2w&_*oVqE?Td?r5f zyD`6oQBqkdPbXRvo;5^EJY@Mu literal 0 HcmV?d00001 diff --git a/released/assets/rancher-monitoring/rancher-monitoring-9.4.202.tgz b/released/assets/rancher-monitoring/rancher-monitoring-9.4.202.tgz new file mode 100644 index 0000000000000000000000000000000000000000..cbf9ea87261b6fd7ffb56cc7576cf4868056b259 GIT binary patch literal 217389 zcmV)rK$*WEiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POwib{o0TC=BQCqpQH8ob5y0q$pYP4D(FBt;n9lJGMukWaoMJ zN+uex8zeDmHhKWGY{u4F`!@F9_tKs#c^3+Y2KqoYB}$fO)IV&o8z>Y`g{ndwIL_i3 z;nAFBR5DJp>ELLFx$H0SJpJ8fo}HbYor7o3;QyVSo$CL4JJ0uiH{5&ve1Ctq|7_>^ z?{QiTUq#uH9C(b6?4Wvy4eBDa*uY3n9!Uo#0r`igBN^K}xf8 zF+!iW5JD(I8J?37g7tw;S;1oh9}p^dIzlrkb1@nWrWC5jY(B_2n-e)Bg@|G{pBEXG zi@}Vf^C(t8L;&}FE+i*-j*dC|nZ&X?Y?c#_CF6thVoaj)L%l<`-|!i8iJ&4k2hIzsgw62(0EZjNOXDDHDF(;YcAy7rPEs$i$3?Cv`EYxqkxCkOy5=j=3EZIWnZ^fAKj7SAK zErcZ8>#c62!~zvUy_GZKzx=^0+WyvzsUg1NW}vYeFk6}94}A@w5QN7plO&TBSl*we zteUzxR=pTtA&B&goTY5aqIkT&KOXPLd(RH~c{bfTCyNh^Ct|b}A&c5pggm?=RK+y% z7sMRXOk$c54lwj8yAUa5MMg2XaPP)c%rTG8w<1L5n5H8%r8wion6m#lRWDTUwvZ|9 zzWK$Wi_>$=<&2(-rdsw}SxdxB%Kym^#*3gNyykQ|UX(@Wlrxdyi~bBJ|DI8D(a^&G zBk6R(*;ear57j@doJ+!0IZh^5Vnzp&6EaZ8&A_~9guhjPt2k$p zss1J-r1;7$!=U&R{fZ#R;r(zyI9F^13W%egH6>9qDL~Zk#=#X1h;uwfvD z1<^i!yT97;Q_FtQY3!bT+c0)&X)oHxZExAQeW@tKnoV52>(<)6e z3=&n+4n&A>`GWEh8W0%|$`vvYBK3-VPgCMG8$IdgAgQb8oGfaeqjR$Gip2OR1QKKS zb)7YhnEuO87-bvQpa`dm<80{cGA9+uNXTIDGNu)<#)1m&~tt zC_cZ*LviIEE(B34gvR7Bj#-h(BTf>MNs3bu6r`CTaly&yInDo0IGrr6cy{O!9iiSA z+=XVw);x8a2(TyA6Cc>+Xx{(}co$ZQqUGmg_Z9`8-LGBp zanrVh4_ZEXt<$$+0$Ul`-LFjexr;;i#R%n>l74o-1{%3q$1ep= z6@_fNLu=409-C`C4C*#SGnA(|27OzjA{11QKjAzd{e)6HCaF+R-v03JLiafzm>-_5KGVi*zU+`2>US9_|LcO|rPag(OO{f4TBv095PBK~Q6>l8L zKzlhty*5>2uQKZA-w0$bmyl!#7m}41wTRBu;xyN;hu7}HphyCF} z|G)|-ErohjEMV>>L!uZ9No64k%(EJSNs*>{9MziO#N5EC7SyN81ZlvpVPQaj@;rs> zVVtI6<(SRqEYl@H$+?Y0JfC4P8zDT7hr4@Q+i1Rk0waX+`T0E2nsCs7qQq$K^~JTq z*1K6&h?@&%)s`uHqKc~R7bsE9-M8MBI3-+~L)qK=dOy3LQ<4#mQ}50BH$G1e++0qz z2;KJn@B-5mk7-KfqOHtJ&RHvf)09;kO^K|$DXG9;>PQFQ-?D@ps_xTly0p*_mQG{JcWy zy`SD~M$^k59Q7?_2s(EPf^avgnoo28!Td2iBRl)i`7rrZ~w~D ze@j2oEZ}Pm#Qr?lHkgp4h>6;mC3V!x9*LOc3V)pEZ|x_cNyrHG`cHbMGiG}?bs#PG zGZZ~6Evy>L`xaQLl24Z6LP$18+%7l7xJFd{t+&0tU(*EN-mrOlzppkwP7Oaem2$7FD z2aW?h@d_wprzsobbfm3@WNNOT^wDANDo@Ci3dt8n0#mae%hYfcO&3+Bgf5`(p@#k8 zH~jLa*-caHipCPG$%2gEKtr8fA^FHPJH1vWE&F} zi$Tn?nB-Cna+vf%&XNceNK`H&^KKjGIp%Z5Hw;#gSaIZ=hPn`LecRQB&^9uy^=*Yd zPV*VAu+p%YNOH`X+V?>BM(E*_hwDKx3&DdjLJt!bpA&Asl@RUVmLSJOc7n)@OdTyH zNK4Zvgp(`=9*$*jdp>8JDBRUzH*~TPBtai$B!fM#s3=@<3k`&?mx<_K%g08p?r>b(}@2cJ)?X?#2m z-6C(#je%cr0LO#R@tN^_0S8Lhi0MP9sWpdOPLZ5p>G1^U15Hyk;A-fN!9}bH3eYGY za338rA?P?I)(8bmNQO_*#jb5MFbmx^ts1I}uqL}OEQcOo)p8+7e-pD?z8AXH$h7L_ zRs?52gRKJaReF}SkXt+YHT}0O0f9@X-~|}FqH&Q-)l#l@bDi$-B8!wnqNakf%&A6cU3^wj37fjF zjWB~X;Vp==L@>f#hF4F-F%|-dSSLz=UV;mH|UJWNxR5l2*W&T_)j1tKEGIZ2RU`mk1I;jGP=)G|cQff$b$8koYl zft1ZiI`4~_CSnP>ASugfHa#hAP7+j4xNQOZV1zzLZts2i6e$^yW-SCTy1ewtdeqV{b~Z0kN%NFwf*AlOSpq;BTWkU1 zH~Qose>wT#{V|Hr3nDR1#g9+iw;wz~0jHSHl~AiS;y~Nb3||l=Ih{@kSG)}JN3b8_ zL?>t}(W8`PsQ(vLTPunBe+QoSG1~Ea_5?~8J<{ljN9YtN4x0G@$|>WLB*&O?;ln}b zzyHtwi=KS?g!)QALYJ4LC+H{j6PiVrmp@fttMP0Y;>s&JLH(B>CE*!P-=Dk=P=8Ic zbG3|NmD{V}Cu(-vs(6iTHS`kz3Djw&DALlpPOiLkEYzrB7|aB?11K1ae;mGkdGZcL z(EEmx-eLocQqfeuTB>Vp>tUV>@#q1fGVY{zkuRXs4lc$96oo#GtJgp1Weby_Q-X+cc_e z#ZU%qT3!45lh>ms=s&BChSffgL{2$Q&oU;-S&oy@pH|@kBD`4w&EHPQoLvy~NFUdy zsS?wBZe#RN&#ufK>X|jvd)&}nM^UTv^U&$ER}j%#CY;?~=|S?Z2D*=;*$O?>GmEu{ zdfqbXp`JItR~}Sf`}#GFtVi={HswT!MzOz5{}SBaSiS#WnUF$XjB9rKf+i$UBl$`< zfvB(z^nHc@OjR^GK6s6yQ1g|rIi?vnfZE26v78B`xdK&>>4v%Qi9oxVV>v@&#)>r2 zq7n!XKIqe&#C?#ej^VP+M@!W%(NahaT=VZoRI_-IRcMyRAeTU!2i#HvQBh@NDv0pdPL)eyGa4ha&kd35YSM{ z1lS$8d%tjYDvg*ne#p{=R(1#2Qc>O%;w%XVthRazLBQ-tksj#ZccseATxhAz7Wog^ z`^?2l@b;JLE73Y{jf`YSH?U$L9}1Mx35geRN^ZADp2u7BRid@O!Bgw1W^WXC`_KB{ zm^ZCAitycDdK|F~^hmb3B0CgsS$4vh4DRFL!+SyWjpjhApL_< zc8+s3D+I^0a9}wBC9&0NYv{q~nlHzMpO~_i1Q=52E`i}@IM+for1b9ak&DS3QDcDo(xQ#_Q`T$uWnD z`V?qhRc15w(Gkwv=t?#vaz?mj;8cG+184u((@j_RMB}b#S@X+qtE_mt<{R4W=Sx?- zt8NLKU1A`&Y*$QAin1{)|(c#cn>UuXTK>6D4VQ z#H76QRRa}F#3CmnYk~6WxWjRXgxTf}rrSzFVo4@Ns#vt9Q?asyuW+(;TfY95?y!`v zx|VB;_?oNOqb}>L=Vz|n*9<3Pvk;KBvr>y2%e~YCc2n!@)dcvpr{=^#j&Cwv zIdzMTa0QuS&eH5O=2)R`F3{k5C}UE|3{R^Y+R6rn9_^hO;XE{sG6z+i1k0r*MGO0QFV|7se^{D^k@dNi(?_Faf zu0SbBULEjdn1em?gQ0tGN8NmP_B2wFMu9N6WdN0|h)@l;RV(61HN6|BY;4VQU-%)` z1~{kvd9v*{D{Qk{sD@6tVIubKf}-bQ)nE&!{A^EI3h!M={Hk*sc}H$+m6Z;`qk=w${T+UiDRgVBC{) zmg6awC7&Oh3^_|gKP3N&g&Q0!uR!W%ld7dqNeWg;x@zJgT&-QkaoHW3KrRT084j2- zLk<=Cn)3$ZQ7eXUB65~#gD)?P9=059%|I+vdAKQO+LF(SGU=Im+g5|R$7-E``o*@3d8KOI+QHaL4uS25ak z&+$7m;y2x)r+TT(abD?c?4UIC*GQREIAId>a(;+MTjYwJcP1V+4Xnik?xsTxSSF<6 zWcoIe7o1-Y1MTTU7$V{D?=(8Wz*w`e(?Bf>(Zgs)&}%kD--A_yDg9m$l(Ok$F3}^y zpgcy5qn`!KytrX0n@+VUjN;0s8pO!d^w_~EN)_2{wD24gH(Z9{4KPpH^tGxxf&-x3 zqx9dzP9^!6lNiK(_0ovfAptVp6flmZ^RgxppsUpihdDmiw8(>GTjWIs$_{&FN`5JD z>XbP?3Vp*=03$0#XjpRgbWTuW*F`8@&$NS?T0jVnnF-@=Q2-A<+})Wy)II>9Dk*Oc zIGGkH=HQk=gz%{BKX#&TfBeIvx%ezT&p*!|qepX^rc{uaWr>m|_5X946>0;_Si!~P z3Ueg&p*TVcfpP}4QonOM=T2gaXv}cm6^>Zq&H^0)OG;gLklOwQ!H#pS)f& zFK!B*ssR;QqW6=&49SS<5$3>i>&qUgb{gj-mI}IPDoZD|+W;*k@e7im31@S}8Izh! zzj%8J#JK+-`a1PLJl%h&s(8=SQP@woNV9Hh6^+1DN#$IizrK5SjAl4XQuPZqpT)Qk zN-lY-@YNB1eLESrwlESp6^N4$oC5C+0JUMH?tz)Mr;caAv7$QxG%ApgYP3NfwVfCj z(r`9T`9p+T26{3OMhTsO8-)xy+*hRCy50f_E`%}TH;z>r`*7EnSC1o40sLxW@4bL+ zQzT2vA_6hPDk@ykg&F`o#+IiS&Qx*AfREG0jfAV?gd|T9`52R28YjDyNMb>U3^P`A zq{_0Hb4(w@Z`H=qVm3>3vo^>=f=bbErOCagCj&Qjy^$0ZsVYHEgDn=~RC=1Z`BL+r z(m6HG0NQ#f$q=0SQ5-;nFsDPUavt?C9F?18LNEICJUDMmt0y^f<4S6 zJv5c7f@BD>G_+83L~l~ba+b2`;%{W(Ur+@Vy?#*v>!=Rp{nRAXot+?>?R z2b&(d$#6`JD&ywJQ!wep_M!j_CB4#UHhrb#Zv9$^LQx!`$8Y##?;YXufEh6k052Uo zT47Zp9UP<*a%7i8_}@{W0Mkzy9pqJ3`J_G0s*F&CG_YaI``zF`1E(pfjv%;LWywR~ zhdb#^lUpWAar836kX66}4Q9&^t>UX6VT^j`WYKfosK-gMUtl0cs0aU-uNxz@c#00+ zkO9qDng}%jkrvmip##EFE6|8OyL99Wk~37$1Wp(L zIi(5O-Pzgc|HqSyVgHyV72E=D@0z}V&iyvlum=@=Nvm-O7<7*SPyclnn-BeV5`b{> zG29D5#2%198}tl@@pCswC}k`kqNimqs@$2ovl80#T_BqMY&F!S&7zwjPgqb# zr7T_MRcUPtg9|xRa;e6|@ZYLjR@1mvRYW!&g|8wy=9IxwkCottG;uAJxQaIm&I?oA z6Z5=due8HFCe57&E?Nl%p2eoGGY7>gu{*{1oFI&5bUI5Ho*d@lMEKM{Y(DHK<6to1 zpR~|2GM)gHvz=S>iVtMm+X7$a_aFi#mALbYachv+r#f{@5UAZq=VhRFTgXdY0HGxG z>!$GRO#zFn8H33d^H6bO6s*px`ezqP$skWNFr@MroeRQ^3ZG`wIQ&%ZPDTTuHGP9+ zpYiFySkZ;PxsKq&pxWXzqa&-1=8mhzg=A-X@trX~J>x7TBlLGlJ{SdpTK2ZE;pom% zHl^8_LNd6rF669_GnOsptXLYSv$diA7z-LNF>NUm^0)vP=nYHgWZ}i70tfOkQoda{ zWsE2>V;?fh*@M}WP56`JsYTLMJDagNIdgT-ax7;fG?4RrP$J{3{7j`tRqFpNSf-Xp zc?)?eIhJH<_#u5Yd_wdcaOg;1Lt6Chgqlw;+?SVC2YZ~%X?Bc-_y7S_;9|zb|F0T4 z`?t|{7_8l&TcFx5D$sp2*he=+uc<%`s77Z&&w$5 z?!0rswZ=pdtCGw%pw(i}4FtfQXK%XLc2^YQHS=S;Gd-hj6c~X!8j9r%M$^;?%-PI> zTw#zsZJdW2v&A;ebu+`Z<501{7BnF-HZ~6Rjo(CAQhlv$0G7Mfd=>=rc=ooI8?6Lx zUB8yB(SVrA4iFTBYJEGKI#$d*$>WbL8!puU07O|^(DG2v1~Zs@o4Du)}iW4%?0 zj2#CeL^?1<++AWD3{G(JLzXUrNGfIY50AB**4BbRk4#P->t8PO^l=9c1I`jEq~R)n z;3)x{X4Ap82Y<_F1J&@J+TpE?j~^Zr_WPDKF^Scgglv3O^$ys9L&br(fC~Ow?})=d z(}J&B7)o%=%ombSse^Oa8CP%BDXs7wZIyz%OhrRz@NLbyyh?P;k8O8^2N@){t2rn? zeNud3CMT%(dq3q(UtGjJ)IZVb5S{OnNu>iKwvAvj^g;>f!^_UFD8|6k+6ZE>Wz23f z0q@Y5r0heZ6>Z6G!?_wMlzqlMAS~T%WWU*Q2hsH{WWU)d!QFy|?EX%9E_Sx&%WXK} z4kj`w9dpbVkXmUx8D z39eyAS9`kKtqLa!pL*dq{0>Ganz}!=Z60Ei$sfzlvHNoX74^S;MgPnfJ+i15#!rD5 ze>T>@nGK$$eZ8Ikpy=z%CIHbdXGQI`mO>Iw(dDHLEUXr&*EKf$I%Dn_V$Z>WdTKjSTUw@C7;>eCBAMrM0oij5FI8QLen-n=blJ%1wQG)8 zSCC3F_b!}_MzppX5gh0V8KGx;-+1pdEAACv!`RngcW>v5?(KZxZWi$@U$ibypo)*Nw{K3;LLu6LCbgex6{WucskDP zpdxBaR&Ae*EnvmnslIkq(v z;yo})Mg}p~v!btVOjjQIbg#TKGZWYqbk5n>-U%%QtP6GpYY)B-fNfDvm$!|+x77@V zANGgeJgtKtTnr&V@(^)2r9r^2l?s~CtbVT@l=JI;6VM3Q-JJ+T({#L9N+()2@l!3l zbz@?jsBre^A2|B=*^hsC{Kw8rOTt;c3Y)djFsTmCWSpNB0#C`AWD=*J?fW7L--9K< z84$Y9abBFI3@2y!f^b!2xFa5~*PTsHqh9>?llX-u@mlhPJEaBOKx)HZZAzu1q{w)N zid;xe@Z8vff#nQbcsFfke+4)_LX%+P8npwDs^W!T=q~U>NTZrgB5h!) z9k>&c674h}UWpCVPsZuLO$hZFiO)rY#2W;yJ3Xg)EgaPaPHCc{fY-V0QLC;oE7H_L zd~1A#Jr^uvJ_)ca>}*n>Em+Z-@JPHIn3BHc_PWZ$yOi+|Z*0vT@x7`g6ZU?zf2928~<9>56 zkiUxQGCl3ACb+A!)685a5M{a!wXk2NIo=#htMO^Jb`3bS(|&{i!h!?1b2# zZhXxPH&pkG!Eci>SjL8zp(^ZYQ)a5~q%#acUEGnwCpd0ge>SWl95$*5hn-b~<-p$o zD%7SJENAx)=>u;-A$YG5yeG6bOlY+)has}Z)~97Pfpu}n?gDXbriIVy40!o=wZ24; z%pFmgG?GC*2X~4D-V>JV6P7R9xur~*f@W{89b=|mYR%5FYlC}*<5#{aznrW&t}NTDy|N&!g7pF9`85HqlD7YnNN>c^Oa2r1gSQ)jhG)v!?Wk(ZB1SHdW7> zwi?4dRb#7+E&`zh$wzfU60Q$xw;+w*D3pQCt^Rmv%GNiwW(nR49cx9$U-7~#)694H zhNzad-G0szy^JguQ2J5WzwXMh`&ae>r7WAGB9k;l*g`ThfFzw0fmk6sqM_=V#QKd$ zXz=fB>iyd%Vb`)8`xk6~@JUr$Nt|U9arOwpZ+_Mu1(aptv*b7vYArlI>;Iwi_72RV z@5x*XnQPm00kLZJaUU_wjM5ny2*jt`x8dW51VW~pZR`;cNE+k%#_n~2Y2noZ{NY)(b| zIfe}KpY=kXh|dWb7yAE;T*7~Ho=?Q*Ng+rq)6cVFN@O~oh|lw13Q~~IivLgXLL;mG znTXH1kc^YhJde+Env;q6Y<2wV&xM%4E{w@Uz`ATQ?Rfs}K}~!zFIOL5yY<6pf8Eo| z9bVd&PWTiRQlf;JKMcz%!Ub+a$21>cE&+*mL1JB>bPz1-x}7Dc$P@J^l>!}|ynqP7 zLSilp?f&?Kjc!wGN3{(gVgys_z6^sm-jq$r5)T;>oxOy(4VuA&cQJY(z}i6YN!_z*An z4(#PJJhhI*MYE<5KWL}Fw_~*hHiEC0>6T_D*1H~TogTu3vw>#7WowSljY%ry=mTCf z-GZTaG4G$2A?&d) znfr>or#d@M?s72L!459#MCn>=K_(Ce$ms-r$h1*2D)K4E2@&WKAm{r2A z%XqddP*$)5n)krZL`o9RB4FyxaKUZclw_`=-446`GR8%?Ay#aO>ZZ`|AjGFlRFsFo zJ~I;!)1O7?uUdCMv#|qVcVuJmPxFl>hmC>sYGLB_>sqAddN|-Mr*Q@b0H##LEY~bP z@W+}7u?p#?{p(T=Sf6I}NJpbdsgRF#FvBunO=0q(kdJX%2zp`C1tcU}lz8-Q!ZEkd zaHeB}n27&j-0?ESlOKrFXKjQRuA1vGOkQv}&yll?Y&CKWV#Q@R95D!DdxcSZq>m8>9%wvEo@8lid`8^c!-ptsTO+d~bM!$h11B+(RAe*NsxKjl|MxPXK$| zZ~$*Q5A4cdQfq~hY6v8?^NoqMY+t@p=Hro)n3!$$q7j6(D7MM>fSTzt6M?my0Jc4`yC!wFZS&dREG752X zQ=$&@TtikGd4Z=C&+C;!YFzL$R zOEu(FFi2HNW{xS)_c9`tP7mWN`%@yt=975NNZMTSLd7>+E2A zD33CvDXzvvv?1tO8CLX8*j$xu85Q9=O*Lv2>*_>wALHx(p2W}PYst3F6ZJowex?ja zbtP@j+Lskj18Ccc_0Y9B#2{|I&hh1iRWS^nK#xQb&kz>q@V`#c%fFpI)>4GYlymg< zRaqj&DUI3Vr_j!r#8`nheuhz=;*7YK#tVQK1FPxfqcAdxIyW9F_TlK&ixZukt*Q?x zGm#l?%ns>{3Hes@XyI|WZhEonCKuCkQA1)eh~w(S!!Vf}+#*4;nWhus`uS=Asd}!O zTBe%qmOM4vO<8KTm*lAFm|UqrNqDXPHzZcl$*b>^Dy>ec)EK_hrM)@W-`~^TRDRgf z%G-K69WV5$F1uwFI#q^6tD)?Sc{-^keN@aiVSWhci1`uCZKCYGZ;UF+S3|X`pnOSs zj`N5UB>-tu{G==Ty>B;(?3;sCH-ORil%xr=`yaCY&{PtRKB#>UDf7Tvp=6BJ zPpDO%6KXt4p%nY9sY^T;T*W}D)FvZ>YDRNhKtb`OfLmMO3d z)hwNjiygLy^;QGvhq%UE_7P9QYe>{u*&WA(n^Yeaje(c0swoA^ik*=|0%x5N^_F%? z0O*Pft{jcEmfo;==@~ik)v-EGr$nsT@`^RNfyEbiOXe&=2^GA^wJ&3lOo?nfUpk%) zyvQP)L!W}IYb45(@nE}jr;M;VJIc0o)855b=w(R-qVstH8A^~66rA=|u|J@?Gkm@# zhcEtYY-@Dx>cspqIcjw?4cfZ0U;dvayz8_5y>Gwq^r$Z!@_z>8TQ}33W`~vp>+C29 z&GEL?VMjL{hIUyRCxCBF zUIUZkOSnW>OY?e#>bo*smzGW-v^C%xO|c{&@WM~<<#sZbGvTwkCZ(5_Gy{5~N(P#x zRk^-`JHT5?_!ahedA_fuqeHJZ$^LX+A!S>#DrcLQzNb^#w)Qzj5n>sE>9v``=gzjH zZ00m4aonQ=r)5M0Yd&VJ$*LZql?~a3 z?o~IZOvS0U4SRkXZp~y{0l#@onQhcZM_xJ~$)*GXB5BP!;nGDA3<-j6y1FA8_e9Hz zUxr&{z1tPv&~86py53!N^G9x%SxE+}a!ZhDkL9Jl!rsIwmeYmO$U$d!C4SSXi#3cv z&XUNb5;yPKeNDjHiX=xk$77mONlRObFMYw;e(`9-P5kxUyJPdi-;wraI$V>m6n}D= zUVhR`MjsmLl-JJoR7lFu{N3wQdnc-!^7ciUET-Z3^xdt4V5io1HHeVX-ma3ACPr-8 z&~5q)78i4pNpqc$)BZf!mZ|WvTX|ix$IO^uPWU@^PBI9!+r9lYhLr+gxEfRI zHe^9JZvxV|Xv<2%HX3O86)N?#)j1XdMUjw!dFpGS$=!Qbu9P+UQPljfycdwc}v;&0Ff0r|?2irC1Un2fq}AFK9MZYiY2p_D%#{h}6mnCM)QE zb#UOuEldv`G6Aa`Rv=4#kVzN0JGkBc@SB>qiW`=0_6av(p-?isH7f<6wiQDKBi%OH zDwt0-a|QFh&0;}Q9Z%l_N0?q}I0bhLD;ha}g3u27qm`g1#KsZ?up$ zlx)21dRlFeH)@Hn_RaB=veuua=)j$Ll+X8F$T@`&3rbHSE`O>MR*qFZ?FDzWg z)>>+MqZt05&%$!-3O&->klr8!mIm~GK)Ko+4 zLsrgme+Bdkp{)ZyCFDlOsC3t~hlA$wwcTZTv=?ce*oNY+JruAS4aFsWx-=1MLVx{! z_4=(y%achns95_uJIO!yZgv0Y+vmToRM^nN@dqmM*v{M zLEAVL%)2TKXWw(L4@rm{BioU;G<`3K_$x{0f7j->m2;`OtQyvaRzWo{xKEdEy(ubD zIe6Q!Dw$-(b7)nnAvPtfagVhJ2CqrIuOL>r%$pgOk|9pOd)fv<4fIS9Q;20FG~7vCI0{eL^`fc%BJS}>NLZ7z6ivo4>&z4tJhTcOEgb8XOM10 zaZSfnuN14hH4=9)tcoxsHO-nfzX)y%tZq)Agb2zjjH~%JLcUS*6s6>Xq*X(jaU}w! z52$pPr`d!Bu(XH%n!xJb`^YnjvWhuQrW7)>fFYlF3bC3w1#c`*HKsqio$+3fNs(HL z{E-r4NyQ0FIC_8bIu!mrGr^H>l4OJHY3cpH|IhywYUN=F3x(e3%k2qklyp5CVWUQt zi(t=z&nz7miVzJFHM9dkrxE7yj7k#Af)lk9qnKqEdSMH-D{cF3XPDnMPy_^a^ZbFp zXglXD$2vxJ-4!$U^bBrC8>pV@J*`kSi1XdRpt~60-Z$?+Ksb{$a{i$)&Rl3R;PG5y z0?=RPDUL%GL%G_SuXIvN)eWeiOV%yA|OnCx4V*#I?z(hT!t2})F;C)PdnN(eQz*$V?b z<+bUsm%kaSe9$tE)m4`pyKh&_VJ2zSXT=i75L9V1tj<}jX_72wDVr|-Mi#!=Qcy9x z&NUJ4jMYAp?5S_P^wb8Fi;S`Hm`L0Y)xG~_S@j_EJMpeWsp_h0O-jp)#Pyt?oqHeZ zrjzdO{#;(*-Mc`qc7b-=gOfRvEO{jI*^HZ81m%UB7+6EJd8pJWQS?m#E?8R3$x({w{2iI+DVD^e z0-`i{)1zRZcu}dQ+V{;bq;mtlVF}p$_S8OuIsYMxN$*F$WMvi|g$XC6Bs{kL5!&DR z3-$19l9kFRciOc0$XHo|X|nJ$4|*2WzIm56E)D~n_N|?A_}aFKIjQ*(R3fC7fl55dTSZ=g#nQ4S7~mK} zgXVZ)Jyf+qMhFTf=nLDlWN6F@J}+a?hK6J46*PvE3+g1O3raqO3^bVgD27sVCnN(r zE#pTsB`IS`J+JWkV4x|ZTA0@e`LU(p-WbM4V;TB}>BFeHM5$z%vjK<1nVQ?2P>8n% zLLg*Tcv?E5fhmDoR^U0(e=--c|KzE&!S+>a#tC?L@Ai=heJ-gH!BhHa^ovR1kCxvXxqj;F&s$#4N}PYo#v%O6TQxD$vzzv!li+8#e|<0(m7dJgszeG)3UQL?e%dh&E}!N9OoVe#!kF$ zYz~Iz8sek=A0B(qH1$7AOG9-Ne!EO%CgT5Uzlimi+Mb2dT-^zGr7pSw5uf8#|;AtJq^-* zC?UM$6dKtB%>YZDMTm_qn8V9CFP`smmhPj$F{e|+&A^n#9Gl{ zw|TeGkq#6WMto?drpqX;He>Q5insXAX**W;O9`ZIz`S_AB;d%EZSKz&hwrqVVFW;J@~)tPfaF%mh=GJLLMQd_;vg*I|E=TbSUPZ3zplj)-G z>M4fElve}r5Juo(W&D=)v4t@O+i9Ixf>+p6B}QmZ%Zh->CZR?0&ur}OtH6QL=LT() zU75lSGK2r=V`(VHpWMp!dtTi`B`>=vcDhtCH8m`Pb~eS3+BR47rJH0(ZL3}Q()O{q zDqD(|t?Yn#i&-X$w2?WBjAPBn6zV7BqOaE5=$rkW9gk8s+QB1`xMPw@1tB39!HGCM z^IY5>K7HszGX}R+6`Q#w^TW0IE4yu18^6PLq0=8!RiWbWSPGnnOTM=36;IN+vIN?( z*}7EPB#v5yR!gNDq(CsNRi4GC1x@3AGsK{U3Y0?CjSz!wR3I1yi_r~GgK$SwV!5>Y zotBe+Rz}<_=~??yPyX-0hC1HE6}0Zg->jfc4>%DHXrIc3iY&TKYP_5n)k z_&#BNY7e**pATWEz724)o4dLakw2M z>{1Y#;=vF`D4Kddbl?MZSpU&45_>-e06_oSSG&%A)ANXWpFSaJZWK^YJNlg&`go=- zQuv~W`sniV(>uDfyCRxnV5qfuY?B44;mN$@))NclSPmZyijm&V?8u3$PRwm4^e1Z8O#_^1_ zfHAnTIdPv_P61SA-2{daGI*Y3Mn7rrCW ztBlHyq>BbcTgg`fESz9-QZbW5k8;9I!T|9UC6pt{33;r#VSS_QteQ|H&Sj}$w-lmM z3sq|~-B`1f7Ek@$6dj>nxy9h{_cT?ZA-9dpANtIm){?zydt4jVBk;kl3vr&Gvmi1I z?RDB{2i`~Tg78!>tE_=E;mqCGfm8;GaJ{bk3bO|HXB&f5ODkSd3M>Sfk5e7O_GdQM zdOPF>kVW%dXQ&%Vr|iC z>O2?p87!FK3=F}0YHSh4=Kz!gyIL#5mthD%_^K=gh@TqXH*GgxA$x|!fW0+>Hm!hv ztT8nXp=C8IUaKM9MsL7aT(M#VaQcI?>a7i-DF_M(3*d6aH*ZV|?MUJIg4eAtmSubOzQgv|SJ0_U_HCFgq{|WZlKQbx?%@T4} zf#~M9(vs>>e#>CpQ9kuY*(Vgs1?1ckVfL7)Xt#cOSn8#PAY%G?q4nsgB4j!(eSANi zTcEQ*`!7lpOyT}Y7DPSHL zcj+u(#>h99$nK)ZdLA!pd{eFgjo4C717iBeXYA`5J%F&z+2_#YFTm%T{fRGNXQc6G zSRQ8e{gIj_Y9nDXXdDuLR7Zl~wYkLbc0SXYq|Bdn4$@V%q9tZ#;EOo*h&zQJV|jQdidv8C^32YqTYK zP$k++($#N=BOtnvPHli^HUi<`lXln)1h`LdhCtP&F>Tk@?WAey+pKlf%(pmn~toaLnPRdFuKtfhKgNhRQY)s=W#@(4l((+p5RnHCOei=0PzD3jf;IG+ykL-VdtH(AV9?9G#Q6_uOVkJyQp+! zUNe+RDw+dKg?U*e9OiLsm9EF#t72lH*;Iai^s8Du@!$3Iq#xb4V5(7MMB*!*V69d@_htW+J$}M<>ND_3aDI!Pe0{xG8k2N4aQiyUt1G`&ueqJ`Hba%2#+EHJfsPQv$tH|CT8kHh zap{H))h~CTEkd6apL$RC4(#RM!tIlLI92T{`6q$_ubgD zFmLu}J-qT2^gB$QdT!R`1fItCAXR!~U!&1r`S1=3;aA}uX8nz59s+ZV(fNe0n$DO0 z`eq)Op9z_#!Nd~;&B}*^ZPirLkZ7}U3c4^&7hg5HK|EQq6WdszI*T77h)*+~t`8Zn zcc)G^FYcM0^@x7VC1>VQ;L+93y`;V!&I&@HDiXR)JSL^@6$RWvdFMeiXRpNu31v#G z1La_>t$At9bGOoJR240x%a|y)=u*$UcYHQ<{sYLCnfAG;7MF#cZmrZ4(>CWFi)2&u z+Y^n+K)&WRYn+f4#wd9{?}uf83f(!uwfEQ+bM6J4_P8l^`_ps*PxX)u>1|vJI>f8^ zT7H?Qq4=#63#W$#$sSxY^99z%dTi+M@26ujE?AzKi3FaNwA2*k@yv9SD?J-q9ue!z z>}ruZ-Qczt0wX&XqP|}R5yq)V`0i$UMG2l-Uo6g)xA)AMu@>SeKJO7Vd<~_qEBLjt z=^q5QWuD#z$;CJj%>zy6J?_O9pwGqVjjfM#OMs6H`qz2=U5^*s0M&OuQ1-;v&h_?8 z|JT<}HQ%Ipu_}_Tp6wfT)I{;WSZqo-jjH}(`-?2oajG`@jfOwO657j>U7(<6ipoDD zTkoL|QrXMBhMU4deUea6Ysk{59C11xXUu=NPx;@Y%v0iI3(Q~;@gXhOPCo?t_CR## zoe4)Y;?$ic8ES9P{^jS-ksHHm)5U)HL5I&p|CU8K zU0)J5A|7Mj2`+>lfaGN*ChQbk(=>B(XZ9GZS#qFOY=;=Ws8u)=x5;LXEJ8#sJuk37 zG1(7WUHn2oQDBGKv+9FAGp_q%b9*+ESWKHXtp(wB-J@!QU+QmPC%bsoY#@{kL&eze zilZ{N2yIZ!9>UR_Of1MVzPOHRmftk9rp09uiJOQ^i1e^i#muiNxFQ0@qU~`im{QRk zHWAdEK2KvOJ;mb~K)51S9o$4b1%lG98ez2kg=Rt4tln3;pMJLNeOluY(o870HMN>< zp9LX-n(5@T370gzdkC(_>AV^_)Wc!R-=zBLQ36LB@GjKAyX=TupRdlq@#I-}0IKOm zr?aIBD&*U~FPP?jEsm@NA8t!GTZ>|in?Hsa+cT5Di8HrZP)>l9Rgv;mMx7hsBbZhR z6}hc`GuT}GJ2$uceev`ZFj*=d_T4+M=}qL!lZYfe6dhza7{jyYus)k*2Y{6_V&^yxuBdoS=nPFTn^tig2i_cVE0CS zvEhsEJ29|6N39MYZ#2{4d6=b;TLXMoaq6+{Jp^xXbo5@R5z>*K-?Rtcv^_Rbc*2}7V<;d?ce$}_$v~S%Vj9ET`bfhpYT5z?y&DlG51Iuj77xaD9pEh_hCCh#p zwq`QA?BW#u(@MKD9Y$qF9gW$I9GF@VZX`^ULHe0v@FUh+sB1YE_99)}xUpH=#AK0- z+*2SG=445Z0bi>4W-lRSeYlIBoz?S`|KuZ@eh0um`?Yg}S@(&L}CSbgC;s2(shz2f!LwL{@3(IYk^^FVV z4EV%_n!bo>C(VXA4K6+`iS3lri`+>UF{^C_AHNpYMjqe}k@WKa9qid%E!|QywjFdj zd0mf{@5h&g@^(w@S%&QSdcaP3H_Ikt&e5GaNjpO>GY*|j^`i}BNDrV7KJPq*7|}+H z3q{9Bx4mWKn!6$K($XEVtylXEkaoY+-wwZ!IHm(P?@_T zSvlwf(j%;71JW?`Xx^w+Sox9S`7NFO{)dK6aaVs<1)X?Mijnisx^5P@2?0JM)) zvrez4I-FFQ>)H0ODCqwC@0fv+x}JSSGzZMalxmP^Aw+_UF^HYkTsxw=fDvA9;_p}S z;(=qEk9|9;YSJ9f;@D_(z0<(C*U2@^0sl{ojxI}|@x|@>lC77HDw{a9m)Ke&=LPYc z=C|G~dn2%|bX1*wz^{$1o$6b^*`Jj7=B;0uw^BO(PxXyy2 zQ}A5rDKOKG7=?wU83a|ylB0$%60t-Bp-yDbQkN5X&**T17R>q^gpwhXHf+-(?^wiP2! zgL!OD-!c`heSN)!PE)leMR?j;79!nl!UfuhU&n!rL}9jL0wI^Wefyetpd5_B>wS+d z#-AxnesXZT#~kCHQH25uiZ10$diaRx8JqPy9kP?7$D~q0DHb-{v?+h*<>-Qrhj*Zj ze#Nyc$VE0m%jylb1V$^^tXLK?kh0l6{e3#JOCs()D&+;_HXefi2p!PBKAqxad9?$o zcL8A^v$^VT0JBc7mrsBV-^xB9GetCVp{)nq;WF)*DE8v%=GTaN`Cf{JLC^F#wmLrED~A(tZ>kUQ08R6Tsw~U*;OyX7pBLL zo6~YHkd73<&GN->@N4haS8ueL?zrZ;xlHpjoI~VK#EhJ zWIFI@>9KQb|J4*9Jib$0&e6r|<=RXV&%3pCJdKVJ}QhWAu>zw+xw!`wyK7p14th63YTT}XdnFOT5M)*HZEUAyz**d2t3Q!TA1WZvUsFpyQLxOuTbWd+W%zG^su+u@`xu&NzYD zHHI+kB@~rlg^Q2MU#fIU^t8Nya9lt3sME*S){hAV`xsDEKGR)sIF0P-UeHHi8X1-+ z?j_f_UuXkls&Qi#90GLW6AqX{N&KgKGQvCcAi{5k=KzQ8e*|ZC`bgeqX;(S+kR%B4 zujz5eL2L(2SlHoLjy>ynlgGxX*T^WElHcl~_uNW3$f8@l(lHxuK8x%Go*!O*(AQV@ z7kw~=@Pk_GIu#|?8?g)~Wt5Pf)zzx`iF;x^Xh$x<&}Y=|fldGrHtUL5aldo>cFX^L zQ_a_U1h`3e-VofZ9iqLuywQB>yx5<2JB@$Bg^Gf#Nj@GNJy4uj^@uOr9QYh4f?I5$sUA3(;E1eqL{}SlzHZ5^2 z&VXfYJR_jc6imw4P!?7&TGWpVJ*e&HT03|8{<>4J4YA&I{7jV2^>w;a==%2Cx>GPr zVf?(_ln{P{mk=hti_+9X-&2W*fSs26tJi!gK{H=RE*{}~$#r;c-M%d;syKj&%*cYq zT!gTlmmiJF%G%8B`FfV<#Q6O|p> zEkyrD%q79afTS87B-Dog#bMoC-_PAs>EP{)J9&FOba&U`ZROz2L1pUG&c)A3Li@dr z;pyU8_?Tis88yCMy%B0RG3ByoFXCn}*-ziQRk72x zF0<&>nLRCVu?esUd&>+5s7?dgJDu$90DiQy==XkV9#Q(8(G(!R40!6jjMH&oAr7M% zR@9THcJfmI6)<;48M58Kcp+mdRN9n|Az=@+;@dL(n+zLy>?*)9tt|GI>PN=Dbhv%~ zOtVW2Q22Yh=#0z1owt2Rz6#c`Gg1$Z=Q{jtY{Lt`-8!Ey8*GC>DJA-s3)J{qViceS zZGpZJTpM-N&_#YxhM1Q^5ju^X8uK+)ld}(+?E7h>SwMI07>~N>HHiY{GWQ@Ho~B+& zIg#?HjZlMqFK=*9v=|7Mn_~-=WYW#Sok(YT2Gz~WQ{!R4(Wz~_xP}rSwv*5l)DNff z56<^&;q5rL`AwjT9p<7gpz_ntHLUsbX7<_j`akH+fee_WO0W9$3gcR@OWrJm8Q(c1 zuuau#HtLItr-53f_H0DDcIbMu<}Y#%2mvw=w(Qnok+N&hiSZyfrNBVg8N{K*A~Z@n-MdJHB7cTQMxvO zAY-kzJFRx7FR&hHYPRMNqoFtq+)myynr8viqkh{PwMPJVj?L~DKzH&<=)S;?tl$ay zpLDC!O-GI6b%Zq?jpH(9onvYB{#&NDa-o+$v9;LGTpAGn~?HH#8uiuJv&xGpZfR+yGrw-CHu1`f4Dgb*TPzU9wFs*U;!*XlHC zPjB>J&}<**NFLRmV!8Um%|bzh6FBBlaYI%X*B9E$Am}JEEYwOuWWm%2*zsVptWGJS z)6a^Tg(gQ=LJM7L*RVY>DU9wZ_kM?kT7tom0VwN*WT@&5Ae!X>Keb2zJ73!hU~@tl zIe(F_cWkIS!?%nhQC3HPTnR+@)QkfndJJl&Xv5euiRf_^!RXN1>mry+`MhiJBF zij>r`Rd;NC&#ou3db^lo?tw#4b$|fnDMieHc4J^#oV>dDVkT=@bLEo{ATG)@%~axg zEZn+L8=2wjGmCx(&}s#$d;|=dExqc`J|kWq^zKYF5`6Xgu=`3a{KDCM2)DO$IvII- zx<4v60(20Ybo(v3tSr>#N7W)Y6iRoy7SRhxR!Co)NZ+HYYCj$r1#<7*ta6X{lu~2o z_k$mU>KRjb#$yG8h?+03#8nuoR&EB4L!j+t6Q@Sn6eDzj|0q9h5d2dzD7FbV^@kVk zJ|QjronUxoT%v*1wgHHhCxHH$@2@vMT7?krG7tW#GwP}PtvwKX`KJNcHz3p>JEfHe zgzqO0{|Tw~c+&DcYk0GBnwL2%p)x(u&If(MPm&yD+QYx+=}k@f@L7dc1NsNz+`(Pn z#Or#!Ps>jIga-+5HRZibOCb3z?8~cs82xn=+&^$y%STV#fv$b3 z-6kUW)0G+XDO4kY8YLi<(3HY#x@9%Y0&2^pp3d*psU`i%XDB|dLE@d*(WYOns)Ig^ z;@h82a_>85Joe~c0%enagI<7}4G$cwZP#@_+|~g7;DXeu)2sN$=^cU^5v!Fp865_(3tYu@qaKzOQQdPH?XM5^tJ?({dj-t#q ztu9MOq3Uzl08rfvxii>W4(#cSo|uV2tA4viUA@Wxis}=T;j`r3A5N>rTW@V3bn!&p z+$>t=OrBmxuCoVY^#k@|y%7Q6ru^Ld@xczb+3WsVx#EN8eQLS#`*krZS7+%0Yw+^U z0DT9O|1&y9hkESOsHObrY3PmG*D)(W+OhAgh?7-4q?Wpk*8s7tWje)E5v$C z`wt+u4!FJ|xLm&SyLtHU;|~x<0m$J3+3otjvaoz@u>d2)G#w4O+uVKGu7b207`}g* zvNo*pz*kWRHwW4Fbp$;w!EYz1gho$}8L|7yRGNzve3sBpXdCFs>GZZz^%~9cd=kbx z{F~mV^;R1P4E{+5Z1B3b_{{>gMivYKPf8i{~3im1cq-1(}|xx*K3! zx-$0Q2i5PA+9Q`GSIv1xUZ~YOLqFGiZy<;}`qz$^-U8qn9`V0&WB4gO!4Eq*U~kmJ z?gEg|7dI)$F4@eEV5r)133#Gvwv`HeUMnqg@ak%{b`DJaQH06q=L~W6`LA>r`1jrz z5clM7H$dJw;O_FR8!&psXY~)jSOmo3^$82BkZ za76xQF(`>^mrsCY_q5D(cFv_^rN!g|K0n-10iD7jN?WNp*o0uNQrVJUhl8}&5E$aI z03WOMREaRctr_e;6)A7NNRxUQ^S#yISK|@cw6;jE4$axW9tY8hd&;i5DkoT5GN=cB zR;grII|w++^3l-|0`AfRXdeJV2R~kSTJM`q{bH9?IBEQ^QW^7rL!VlSIc5ebGHy;^ z+(f}QnU-6NL6_xrXaoGNX5SzEe86vM-T~Ha>Pvv@o1GItXL4zPGK>YFn%dtkv_oB` zk5gjXP8hN)>L+Mm2tw71AS((v>`Q%ryegmi=#N&|dgxES^sqOt+F8EzMS!~ke+m?@ z??qBN_>Wz(VFNJf{g22TEwX6o>R^bzw(;fY~*}-Y& zj^!%kpewii7qmMP!>$>o7Wwd}%|w#TW7z_^-?v6tXxz~sTRu+J3 z76JH+r-1G6?yuQuK6q=j?B|^fgj-W;FELE_#-cBZ$AIafmkOGGo~8zSR?uzl=c;n- zD$Y(V-nOEdb>fc!_B-trRK3V=w?*KZ2Ee9|UNoQs@VTo8aHE}7Jq2L?1AfPSVK@cm zbnx}Y)-{j>xoP3A6MtV>hIS3LkM!(U%eodX>LnL(t%mYb57cIN)`8q%pZ>EFh`Qgb zGP(}qCW4V@)u+E;-GF|-^jMSK_oe1s>$ayE2}smHk*S4DhVJtGPTkrQqW=bbU;BLi z+&dX9T^XkMmd7>VfiP;jx_>}HvpB|K_W5qYM%ygCuvwQTY+scv5R#=%HmN>+K+b^_0Uj$jR+RKp}< zVDx%9dEW9_<^m{_)S`Vm48I9%Zg}X$0=T+X06P;4f}=_#H_P?8D4M(%l~A3vxV)>X zl}tRivXC1r>sLHL0DDYe;+hMH4&WQ_O}Da-v*U#n4r+A&fYq|l5>&r`OhmYbGCV?h ziMSU29_$px;CU`^Z8(C%VdLQF@7HGCM>$5^xcLF-5=K?PThY~X@W9AUS&44W@*2c4 z#knsHur$%X)mV1*Z$fqL{@74a{YZax{3^9p)nO;skqt0^X>&R|&5RtvNT``0S~0m9 zK?0s#qX@n-HyCYhYkRfX4x_J|LaB{qV_?;EcwVnUAHGG)-$a`FLK@1MB? z66=FSpHDhk1uK6HlPEHvSsoNo_stSW0A7uw7lKXc+;S@ z3qG>Hp*+l0MiJ>--$KN3Y-CfQbbx!*_jHzl>vT4H;QnRMyfh0nvl34V+6Y4EAb#RZ zEwJ=m$OP%;Z*BN*&on-M<~s8AV-pPJ6=fdqN!O+QOuLWcoaL&$`~5(|y&vC3=L?`c zxwId!Gvzt`u+yV328LPgy_YgDnV|4{mq6BB8VtuL?0u)Q_uWrw4eM#5nAQCsK(nsu z1Q}Pkbb4OJDq?5%lO5eLQkn&F-|*{zkZSLv9KvykMT!ObD)l!oV;FFjW8n=FrSkn< z@F8`~_@9h|?Lxn&TsQ)Oa{-UfSwD~%L{A*9^Ixw`UeH()Wq~BZ=wz+_Kh@gkftRB^ zE4NVhPUPuJK^Q@`0iHC+Y5xJudv0=8&hV)L;&;)*f+0&jp(3NB;&3Lt=_MOXMjX~d zPirxF|K?a+aTHdA%ypg59I&3&JzdAKRdOvH74| z&fKLHtb0*9dIJf}c*&aYq8Z?i*gx$zut^>ZU|Tyttpq@<2ttsSn*#&jVdvKR^K0gw z3%F6sp`8ObPNvBGQ7!UM;II`YU`un4tfxTB5UD`DS8ZthOZNeCbN~_Kp{dO^nKqQr zFl9fr9ZBKaPFqDzvCIFaCm$#?=Yr$C0fzbh2U9u%2Pqr*9S^%`qM0L@Q;$;oVk*+e z@{%^TTu84h)F`ZjJKVX*zw5nYx4ef83m)Qv@%H{>jJJKVb!nG(4y^RSNZub3>oJ2S z*)Qjq?Al39($F&L#1apcI8TH@hX|eV@sw=`o(^|84YdlV9-h`TazrEP;Bu99dICMY zsC+%3K?V`7Y4oZQEu=q=XG)D=@rvI8aUh}*-iu3ujuKBMA*yHV&9(H;48i79k(@ov zm}Nz=1b*-6@Dt+mAS%Le6|(4eyuA!sl-QJcfB;zyAT^7j<%@p$^o55xr^9Ibi~& zG6VqeSVM9El2JovN~&Zn5qPrDLI~AR9Suran-OawP4o_qO5h8y>h*HmVsmN7=Xar+ z_gSoPB}*3HVojMb&A;HX?#sK;v_^6Dva;sf!~`u}CKU%RsDEy*|G^5zSRi^!qTM3) zW^cLz?`$u?#g!Wr1iGv)_zC;?O9a>rN`hs~H;I+zchqsbOnY27>Ln59ZP#u>1NA)> zFX2l=3PrVw94(YS@9kH(qQ|c+{6~Fv&F&$6y{emXK|&1emAyKMuKUEj$otK{{xo9ZtsaW$G!w6uwH4{jH=*V3GcGb}e1xOt)XdNso|rb1SVL zStbgZwPW5oKvTPUc0;dvt+wK!wQ+cJ9i`DQ%tPgOUQ5Bye!@UNrpk-Z7*$jrGs9<| z?_*iq2-erf3!lfgWBd~Fz%g6Y1I~eQLwuj_De|N4Klh|q;ax1z1 z0MLySWdhNu^6OT6m>V!(t`!oE;l9~&xjcDallmnh0k=Kxg&l~m*{f;MXI^+ z$eLdBl$&vn=<;~K4BCn%f?n<=ZgRVC?b$v^|1j!%*X?YEY&2g(-XY&Ez4$tOTP(Ul zz5mkkui^Qmq-BqYsZsScI_;7*rUHHwYzNfxH1O2vFU2B9jN0Wsrv%gw7pLyQ&n&9z zNuPC>oi5WV^DYtuy(Pt>(yM8i=)Z*HCJ(_EVCoTLqkkmV9uHi~j!W@P9(bzEpjC6$ zvq#3-!b^G8c*xrm;9=!Wy2jGVQ<_X!maPp8N!rCg5zlemX^Hm^DzR33)#XX#XeYw4 zrQ&;F@s==o4Wd>PxLhuHW}cX@tw5rClQ-yf$GC}Is2-T&SbflwJ8f1N`bfDz-id#{*VPy7k2ui& z$q~KWfAfJ%tmWYjk8fy@Cn<)_3$e9~;Vj+8=Fw#{XRMwX59cfcO za+W7X5i1Mr)HBWQ&w);EE1y22XX}^A!sU=`YTKlREu6q~9p`~~L9+88mUtVlLeo6? zN?t`S z`9+z=B0CY37h2>3ocHFUR0!*owt0$n;juEg%|%m~s9E&}$+~5MbQPN&>0Q^4+FBVv^{Wo}ajd|MC4APXm060epIs?;Glb zB+nD2Se_9}o<2Xn(Y~TgvIS=z7@Be?`r8G-Pji6nuRdp)oVuEi1*955!+xHbNW5DR z;2lBUF+4{;iHWLbv$SF!5#Siba#N4864U1s+M!r&>-R=d_Dxf44JjsGY0;*W7l8<% zv{)TrqxPjBxh;5H%-`yX<#xbnT?yvcZ3rP&zIsc9qxyY32YW8sCazEeUTVRu95bl7 zMWwq(tHobJ9shO~L!h9B+8{4y`s5S=bFTbjgwI|u&_92!&PlNHYRL*Q83F|}pjIG( zU)+on6U>+P4H^l-YAv6A+C(2Izqp<<6jI)P0&mJ(V2HtpjhG%JHU{jE z0YncXSV^h?bX5kPXOmW1-Pd>_yterCF->W5B+n9R76cgnms8!B&3Zl;5tn5ENMzoT z@M+TegL~=x0YeCfUfz<2Sh24LGhf0y&tu^6=x^X5GW7)7AIL}M)LeGkpC;3M#GG!0 z-?!DLlMS({zmcHVln(8`1=NZ8b_48M3y-3mt?!0F0&?l=y{ap{G-jsyF{%=!_V&tf znbCjLu&bGVBHw{z7g66&%<)uzE<9NCLS-63tsWY&zNd)hk^;*lh({hFFqV-5g$=H_Hs+7$E@@Q-O?d0^3`^M)r zEB|#M@WAc)fmqbFyFB0v;F+ zB9+SRS_Nt-f8X0NqC0}NCjFNKNsaA;0$4rharn5VaW1MR1Ze~*B~PcgS2_Uz#iJ|iye-FpRo^@aqB~>_CPKBJr9-=tdYh4mFR4n{PHC8Qk0c`*= z4gu0U8`BO}xg3KZA0|d1y=U1yLER{1KK!j-$yE>CO(Y-4N5haoPRSLE*eS zo4S7b(SaJ!^_Xmw*%AaqbcsP^oed4b2jOlV4G_og2nr|MVM_Ln; zfo?071Zy)%{w&|cKnAEoGEXWfR>C)dn``0&1JSub(mgeThJzzbk_ZrC2-0m~D+|(* zPsn}LEhzyR0uO3H0l_EwQ5HwJb)p;6l_=V=hH`-#f%@$^HLT~|m6)mqn9Vklzrq)aFVs3S>!ftIO<5-+)C3j)* zQi2|qFVSkJ)Qcc;)A5vbjC$+pggR#dIzPLbOoc1!PFY*Q#)L?J66SXAI*|bec_H)o z-qE@vtIVZQ%bLlT!#?UccA83%-B3F`+Ei-OlFxwc&y_uM7`6-+z0`(_Za>TJ^kEfW0H;+)IbDoo+-pEHQ?Mt6F@& zeo8ufM4>f@yieJ`6yvQGSmCPT88Q6)4q27@31jr_mz8a}z?O01dPI z1Sqj-nx%gf@u7=SanPH`A4B+v(n{V);s`=d4J8hGXtKdVVat`;oL(590thu}$7F0? z9}+XN3idf_>?YwJgr4b5L|WHC48H6LwL;_?9HBCfiHzxuS5}fw9(ZECoi7dgh^2t@ zCnI|na&>m`LT?Egwr{=KBOH_;%O!OCK+8?lNj{yXp2qH0!O&X=GAch+ zfoKgmN;7A?sxO~PLomuT{kxeCDXJvHE`TYJjEj{r@ht4Sx2;=cJ{HrIS+cH?)a0B$ zfXC2zt|s*>1`dV$M;JZ9B4U|K3)HQ|QaSh7K%Hf5pioA>6XKax&ae$`7DDp{;cbQXeXFn*OUz3s{8r9}JzkU5e z8sVMxw=4WX6lAKQ)C?V3nuZ#hUwG2fLLK5Jay^3e=r7-^gvJ#KjuBE=!ao<*&i1EW z45sa4su`dclH{{qoSZ(QX+OFPfcLWj;pkKj^7ad;xJe&%CW3Nuc=%qD5hg32b6r|C zcp9&v`?vI?vc={};Kr9^TtEABcLtB_0$Z#E>C+0^^igk$hoiOTY}H_5Vj<~;xp593 zD`JfJ@;s|C{}7OQ~_Qe?H!{)8n4etQdXaW}%#^@>S7Mox4Cr2U++QDAj z!DN5Zgr+kF^uU$B)WBgM!sniF>jmT=9qYcZlX>hjMqez)ePlYx9Xt&YLe_H>VyDoH z6S$X@wj@RJRJ7EmZHRDi6!H`XQB8rzI=LRf9ac2^Fnh9~O9}2mkoHB=v0@#`A!ye) zTz5TtsWmi@r0iHPO}m7gDvlilZvjIUJw&sihmU7CC+g4yRF+3(lR>sW#ZEpZs`&q1 z28n(-TL{FC^V2Mt|FxNWg?9{(BvmNrr$)HLekv;xh5N?Nj!!bb#h*TdjL>7EN={k} zW@Q%E4Nebw2D@W~5`h0iate&f#IFHW89=DtNc#o*%J%5 z1;RXcqOoDX!NactkorQ5zxYRM{1{#2IHf_feA;0^DL21XR`63(Ng_Cx=Dc#WMk95(Yip;#U0f@vXDds03x6DDBOz2~#e+oU zbrEj~*^BE)Ei7Yfn!_4dQH zu-G}kb<#H)_0a}Vatb6YYN6Y~Fl?SIVX;v7%FpOY_)YHp;$1$p;@Y6n#uv>&b3c2C?E% zJBjD3(UUW7RQz`e9$0IEilqvuJ}KDfxxyu|ufHs{9Lg#dkuo^BAcend2qKZP+9Hba zkMr0bd4NfgJxZoKuxnL40b@Qf3db|kkIKLIM7hO{AUj?PiwkvP6DBTs2tBfL-Og^6DI}?IIqNHlUC5Dv<+S!960NoAE*?^5~vjZkQY&YPsKj5&jPHk zJP^en6{vIovX7d!!kZ?ofWjeS5E?$g&1Qt;{)gHDnS;(-=oTv7zuOLz!7I246X=KD zfg$#%+G;IE1hYx+KzuEa>4=wNpe9P&H(+w$iSp_nn=~MA9KZ9gqr>%ff z#;2J{jd{Kub{4K=J|75j={oG-k<$4S6h02Kqi(MY?%pZd&d}u}GtB+|P057=rc(LQ z0;K9Z@3UUDy?UIR~h!IuA?(wyxzCxN7<@&7hX};XkQ@ z@J}8M*j2PTi+D#}>vz)l;X=Wtmv|!zZyIukzAcv!B!h};P`4EbL&37>MP1P{dx|!x z+eetbpQGVV38WB$*r%+PM8Jps6LDT(*ABBwl`e|c6v#Vapw%W}s5+?^U~5Yvh}A{O zEwNP<>8s`b?O0Jg2)vnR8kjXz_jjCK3-JHK{}8*z+r&gSQN%lcOk z<(rx#idhq`!@%`J6D%&qht&L+#N3nx{`wplUlYNR$AT3^iz|xz|aU%joP={wu%dnsaNbWw;hRQjK9G#jBlKQ9ArX(bep8-pXk2=6BkADkc>al z{fJT%{QAk;ix)ln7O;I zQeT|`6;b*Zez><`M7_a}f_?=jkxSia{%k@TqArjM<p_}k5a0Hx!g@is95))6(TV`&Ds=)(LL++WiwQ;MH z%Ra}LnHljCCqw)kv__r7b49~HX)m_6@8L|4(2(@r*hNXYOI=_@ZSs}@On;tBs8J~!-EVJqk3rM9@NJXS*b;s2@tq@ z@MO!g#LVJ}HWAXuWDzd=2pQ1&eUU~?AiS||dcTGdMdbMc!Ot>5txk=^bxDk8Y`(HK zwoy`9Dnyg_8@4xq>IF%>LVw;-op{d=v$+R<&&l`a4JO4l7MQ?BA1fvhVmJ~ek*^Ed z?0X25nJ5`6y!76j^h|s-ZhreINs$ZhJ%8R9-Dx#TlVMKEip!6s#w~%S&Ay-=1lWgO zJ#0r3pU)R(p} z8#T)UicqzN$Nn$5i)6+BOYU-R z55h0=-^t4a?N9O&)!=~b6LZJWIDeP_u5j)bu9K=qTxdteZZrZ?&eVhTb0Fg2d)6QaHr^KtLS?ituCwG}M{g7DF zC^-oKpScU_|IA&yl3t2`au?N~+(j8P)BX>a6&xh}BJ}=mY$wO@Wy2pH8HZKQ(BwN! zdlq(1FTZ)gUy8sz1665D%6=ZBL6DkOy0SlLvLOfZ8(;fqM^U7}d5Q*9 zeLVZn-&JewiNhbx4D;utr2@7C*{1XM=X@xba9>crab?8sx`J7+@=oX?p(L7qmSn}& z=5hc{D*pg7u`B~N;YhsUn+Qg2g(t~FCdz}678LaNhan`&>nf85BV%yj$`?X0mI4>3 ziSpSLqI=v!2|NAB1%lfm#iGgSB0u=`35~F$1_g|9#t&t-DF|m@7T*zRU-pCNBCXP} zq*AZosepcY0h}`b{NkQV* z3Pg$5yT!Wy89%l^kGuXc#*E6JoWQmF+%62YtNaqMVFt?VKO=t55Gc>(zd=Oc3GQAN zh;oaxn?C^QPQ@r48wPV?#|s&@`+4;}|N9PPQ=4F@3SQ7W1j#?{8kA^J5Kizv3ljX# zf)-i{BW&0AZf)H9kF9_*(UX8UfUPllrUT_FuN~qM3grF=T1%1LCY>6|&j{3GQbC}; zZFKx^7;DbRU`I%f#X*`G9KgySJG1B~OXU=lB1A9HEF2aaX>9jDNW4vA%teZG0RXFA zNFVUh_CzJx^@=JANXC-St};wnODNv&E7!vHjkly{wruv`U!?rs$@cNi{W$1;Nh?wz z2*<-PKfHhma{hMqNt7hXJAZe<)ZB6!zpcVr)A8NwQq9?l7_jeBo{3b=qN7J{Z@7Nz zAF90$;Tkg%AL4WTcgy^FLwZxM(0Qn+Xrd{-z1me68Z^{{+3;H{@{CM~;#(Hq5H_Zt z*Q_)kuvEp2J6-Zc$c3lv)ns{|yYv^NDzJx|HAoKw7XDJB?P*=s)zp(7_G zjk9VnGK|x6L>(*op3IZBhFeR?jeBCH%UN2McLfXDzfdZ{s=DQ>x{H%SI(Qf@WmO#d z|JEE*aDWGar}|i-gZ{5z{P(}X*jmVw$sF&D4Pua`c|7dhcygtfz(Sec=RUu@bXgNT z3e={enMB=JA7AE&d3Q+vKhQYwe@A1ls`_9c7P|XcoihoM$H_3eIbIU8fS}ORQImWV z(R1$+tUq3dT99E_s0%K!*{qi_oAF-W*7#}1dwZJ9lVUM4C>PsZZcYml!QAHjel6tx z2dNM)GGsqdABj!CqcJrDGKJ5~=STjYMTQ%HS}N>fAMI1yfv~_feK0Ti#V+Uc_VdD; zb+*R;!70QjAmk7~5JM25pgfozXJ2St=}7dXk%lpP?jVbEr3?wx8;I*$l)hCSj;1H& zVk(X=rN<(Mc9*sSc`QO2X`!&i2HwP zt!|V3(zNNpfAt+I>mry5KY6*rK30Mwr!+n_nh3QRkUn`oA2a6~eD=5*MtV9KpYS6{ z^ietCFCPbq-XRKWYdcKW<}UY+-x`OQ6(N$!0of9#!^wbtjluJz^LZn}oT@FXh2VL}x# zv_sxn9f6JMw4T3PbjXiF_7sZy>M#0POiWSiCwhq`Y1-=^&3A=`7^F=P^BoMLZpKTf zSWU?n~JN2~iy-u;r>&3)?3^mZDADS&^XP0j`{zPmjbUS=lRj1GSAW zwZV+;OIx|qGf&FJ9D~$wV#TmpP?Edj$XCy|A>`X(#5hS#LgMmxy7ly&C)|0?f@&|~ z^(1-W6~TUNKvj20U|hkPERt^oIslpk&W-i*ak$K8%q1f9rn{S~1SMrK^p|E7-}H~= zCL+w00r~~Uis-iH>-ky0Ry82>EgH`lGxS%*FOY^p^M?JsIIM9~fROQc!3A_*C;@vf zatF+1MhxyTEdqOAC^!LmjyQNRL9m_!CDtMA6A6X4p3_oTcmFGg3(P?w`XD4L2k#Rd z5DSQf!VNHsS~j@Fv;^F|NiBs>_%(5Tmk?2h5K5d+I1m;JSBH?RtRP(@`V4V!ADLH2 z1=(5f8x7g^rzJpDB(l@&>fJt8Lz4A#lyj+38}E1d$YKPZIZcvzEj2>xG7l_P{0u}w zBMT~KMhX#Ev-pWe)GbCmE0=BNlMGTOF^}j01UUtrnI(Mlr#tcnP*%~DgM$s?^9InC z4=x|i<@ggUv1B^Lr7`JdT6G}-caYZeu0dPk&}#GhaWeDzB&6YKzCqyXkaURo#G6%H zEctM;DN*KG%~ew>X5HIuym5bE56M;+1hWowLQI&g<>?$o_W6Mlw*=1w*r=?ttJFQL z6dB0!vrDOCIM11LhAIQBqbQq%?$tC%_A++A zrJFzV4%d?2sDvy~VFPSD8J_15iP>k`$PTC|5?U^0^_9c(4LVcalK@AsKyv*W#b*j? z@C2g323(DFnZ%}PfnVlk^-}0F9f|Z7@aueOR%VN&TAFQM>z`_Y>;N*jt#V zH?`VEAA-0jt9rqzM0kd5KSAk+%f;xUJQwvDXn|tnv5UAEnu_>H@2FEH_zL!ny@l4Q zkWn8%^@}aQUNWiC0%=iCr|6#!b#@7>Pj$n!^A!&?@aak*!a=))R<6j03mgTU4addC zMK7(j5aDiTXLp&bW1-uRfwRa`NmF$hre$St-;S1ahxT-q(xvt6y_vzdC1#{18{&HU zWsD3t#bvceEp}xlM|%J5sR?DMzJ|m=8;f)x0WtKsdhqT?q8<5N3APBwbkozCPlh{i zV6QTNTW7CxW+i^ahNR<33UPzi0(Rf>FXXo-q4 ziJ|L#ah)fzOR372FDv>_o2`*S2CqGdXz1-RE%IS+mUrlH8#|tdZE%xq$u05{Z<=>W zuMD}KuM(W+o+J&1XwFR3amS=bTBi$yp;HHE~oqN0<2dLs&pJIo8z55Z4>ioHKkA=(#rL zKlpTOJH}=rJLMgkgQIJAq9JZ-K)Pp%2J0EkSZ>B|m&_S~2;wITiQO`C~YrN3tFPLPkC) z?hHZ(_~sOkM{+^sJwBHte_cTfYN${TSrfMNDWN$8|1|M#Cxnq(u-uf$Dn;9wPF%9^ zjyt5L4F4*{Xb=yxqhk3bcTce?{@JH9XL_ZP91%}Q<=>A6*#KVTYruq52Hh~b#6~F3 z&*%94{rcoSA-sP{k$JzB)Xi*QiL1evN1WtMD~KFXV{KmJsHH`YCA>(ZsZiH66Q&NH za91b7b(mp${q&Q_uUC-1AoCEugBGtbT3)kmPT`A5gwBV7xF3=h7M?uPTD`#U9u5mP zxYmeP_Dbx9%p2zCrmmL|Zo}^HmAeEdvCIKy*l3YCvL|JrQGO;)PuTHCG?z?86cy0^ zu?%Aw9&?`+L}EADe zo=+Xe0BkDG?yqdhCXvDTGm#+i-!wL1mQRk(P72}a#A>6ftUD-k)%=zz%*|LV{E_^9dVYOHab zew96){~c6myEbK=;CFA#+z?3Mcl{-&>Q~g_-l5%|Sm(jDBx7muoLD%~35&^(#ch7i zs+}Xb$eN-Au7~ky`J=9I^xryLDL`jS0O)L+k4@@-*4aeP{}0fg_F<_%ZI=I zpu#l?mICDtBj)8c*21?{6ScyKZlbeBKx=1n!Wm+)JnHCz=+BwhKfXUl$7>SaHGeKn z+98~aLBi_&dvgrF#^Qm^C?BCYd_LZ(=Y*3~9+t2uyM=)@(f6wy|*S#hs_PJ;}t*CCa)-%XZU`$(?7XGXX%6vdm zy!W4*Vl_K%$gLPquCVyn*UcaTGTctz>ydBF*9j zX#$pAzkn7@NZ&@zA=sXOqq3y6T9|UICvDk#y;W^ z&gCip+Q$-oNvhl-Fod|L=WRk{FF<%eb_rYmDkO-*x6yE)$TtIaHxF+WTsT$3uK zvi|&mW}fF$Dd%sYE#xUX)LQ;CCe8ZtcfhWW^{P??{^{bf?`kvX{EaM^hyrDchlPp= z{EZR~;<6=82>cJL8Mu_Jp#29A+;(3gOIP6nv`3R+CKAt{YBTc-DcE<0fj1I5IYF11 zFyH$sUw5G&CM$Q|#oHVL8mF{QmcHeVl%IL#P6EpjY~KIqI0^_Y8uWow#|}#p#n_Di zD5wJ^IIKV0ta4q?1%gpkG@#DHGX&hkoBqJv44;W|{(i!au6WO|8Qwb#4@`>n3vkdS z4h+@v`6X_)I7^K4_XC1#8_oD$GJl^fs(~+`leH;2#~n@OS|;2xciRN>)&3!I0}(`k`U zW1!v8tfUit_sK+>*=jtQeam30;hl4-t~e|?QUY0&Xx~iE?9lPCma5gb7ARbxmGjv@ zsKg5YU=OYU`Z+5Ls^eK2d~0Lwc1LfHY=8r7P?ovu^$V&#f5^Z2gX+etLuJ(Ia-mE9@;^7=aiH>pYdpIAxqyIwb?g39ZyR`gfHNmeLTzP!C3MDG8XP?XRFV0P*mnP z9k@}fxh}U@~lOp|j9g#a6 zcSwCZ1P{^BS{PZmIU>M?%zA;;794oMkVT^w0lV4zG>p7YO19%b>LWd!Rq!F z7ZH@I1X-Cn-^wv8PnPEdsxL-5ia#Yp_qruZVf|HLYSQ~dVA6xQy5b86?3t>HqSqTA z#fTQT_H+}3o;&%@EVdbhn-C`{?z?ba7^Sw6qm37^)We+EPSPkhw95(a@$Qge4;Sw_ zf@)0vaUFopRD2r*wK1V5Y1AAz;WD-a*_8xp&f*6}()VtZQA^|f0xMS9*b60JtME?2 zN-zcK*D9cKC=ty9tMw);_g<2v@--XIw}J5L*4!D`StEGf0kuO2`T+fOIE7(|XS zWurJG%B6T-=9$XegXGD0(yojl#GV-~t-RC#h$@(nmy1+#+`8!J^&|{zw);z7;u0K7 z%Pm5J2l9!%Yz>s8ieLbOZEQfMUq_8Wa@3SHzFx!2eI&yoVBzGDYluCwMx0e zXC?Zgo{SWp%B?I0)?Jt|$G7<>=LaKPgT zY2aSyqP||EsdN(vFG&N?HFsP#0S#$W8 zNb3|odG`szX&}jO{A1DA_xf|u&%#6Ors$_Na@p5mV27r67FdvUekWmVeZpZ!;N4PDPh=&G|nVgw1G=nH05h)q2!UUo|i%7g{+N60gzt{a0BK#BI(_RPGbGT64f4H$M!+uG9Q%)!zQdwix9Sa{- z#9)j*1xY|v8wb<#{|barQcnL(oCn$lS+qj8uN=ZvXynzCuVQTqOe@HSr7&!tlw09$CuRl$-)EL4icmuY0-c_D|r8;(%k7aH%Bs zI>I@mP4D*~xERGsx_JO=3=#jWIwcYP56+s1Kb$o|^dUl`MNm+|m5Yi~Mc%8~BJng7 z1f%sz=?sk2L>2T4Ju}?4=*3whw~@t_68(rHdoMLjE*zMo_y;DbmadSDx8!Hy-oZ&F zTz9egv~kg0HnT}A>V>L3SpyTZ#iH{7dkym}V43^HrjR6XC#8%#Cj9`YG%}Yo8tG4y zGR@3-6vNeb3icK-pP`QORDIFUAODj*{ik#^6RARdwS6 zzNkcT0p;jL+Ij|_jo)z7wKlbY-&&jc3$|8A!xID0_;*v#Vqo4=@$5q;c8UlhE zDFqXqXS;kdEDp@1tkeSvfmp9%IfVH(#;Ms4Wo^%%P>XJ5uz-03Q zrtAS1a9M)y0S;u80^-|o#va*;&`q}C`OV)5kUXwCB;YFvFbCLs?{LCkFA6>2(E`l@ zUDpEwF5qoed<}v`gxyZte1Q`RcKK8U&rA6GQ3T@baxt0?%d<^jXq_jtj`|gKph&`d z`C03;a**Nnm*F=Y`u4gisNFZ45PqGPcjWT=26SXj<=3FX-hY9BR?@~899oOY&Z|+n zL&_Vm{5(g#pwppwuEQeQaq|SXnWheaUs0T#ZM1+wt(M%`SVm7dihM_ zG%DjV=L#G|LbG>*xg%yx0JSss-O#tK(~K=OoUV>M2QSzOypke56{uchA^G4$V+{*qbdFI#^q{nV2Gq4a-T{io9JI?M9E zmVWqDC5bG^IlUl9P%MLI`K(~9xCO24sEXD=^QW&l7!)kU#bc2iqF952tW{Zs&DHuK zPe>@n)~PA16!v}}p|Ke&0S2iH@wmENC=p9vb9uoAGeY8YN|sM=gP7U_uRm%u%q2E8 zMg$9}s4zPI@XI1!t5Z_9e&+Yv*YZBt*$tAUZtLq}X?adi%9x#Jq*GDXA?XrZ-i$|A zy0t80R*@g}t7tQm-_uxN(-pMR6Qs?f*4b$ZHYwDLK%w3uz2*I5`XA5!`}9xQH}=Q$ zzf`uWp%0M8-2R<37LfiKuBK@Ad(DHVBXyB9Y3~joA$gSIRBD~v)(b)8StaFyPPRDB zZ(lnXA9ksnsYiq%4#`=K@yrCV^SAN8AOgg8@rfkbNPto=+1BHFkT6G|kx=+{00Z~O zJjYjD9K1Fz!qb6;PF;XHX2mITd~>xrB8i8%oB8mJ;n93=JA90>;mNI|0G?WPKwo== z@Mo_I%$RnF*KQi&V zRRp%yHPj58Y#QLY8`!F{JIYRKt2I&y+wTV=(s6u@|IZ;&|p14`Tzxi$>@1Xx@ z7!dW}VL&Pa00yLU2z~jIC-%WHIQ&6}pd8#+$7;-LxT<%CB(D&JPwIz5^hMsjHw8>h zVs>;7kXG{OH!RomF8KG(;99)r-*yHw@4gi&?4AZ^dq0D7tlL(WR*G$b3`9dXU8L|B zIh0)l{aWjStG5=xXi9ZCzEtZn4t)a^AuZi((n9Y|dWEf&6JkZsWH{2~u_sf<3zyHs ze3KKbOP2@+9CDTXF9dq8kIT}F&Eu|6`fB!J6MWx@;3Oj|l_R~w00No4UEBvN?PUsT z9RsiwX;4zvb<@q@!_7QYX(QAI8!%FIjs|M;S%eR+CBFDyxCoT6MA5SGtsOrZxbT&} z(}1YvbN_j=gktDMb)!_d@p9Z(+w+H^+>aSy(;4;~VLxi~_5(4H&vMYnbwbfbv;)6Y zN9J<`cZCRRG$vZU(8=Cv4-Q%4QDlJ6^dAS+a>`VPUBEARqfIGFUPNB3N%uV?i(?CK zv3QxGFzT>tF+zcoxwjR@XCSqxJA}@4ZcGru61aFAa-H8>5Q9gK37MVWd&J$fZS-cZ zfF4Pzw8Aj~DXm$R!qK6|12A$)cc@@5U(=PIEY@(`o?AAjooF~+7lwZwK=v+fU`NC_~Q+A&Gz!=VU=?y-WKi@!k4Pd9O$fxIhfFcpG1S zVP_k^^Zg(E*I{}DDtm2z?U{%C+v^ zL(EGlTQ2{J!V2dv+B@mJj~(aa^S;;Q6{N4L{go-EfbH9wTey!8Xl;C0PNdoe(=6q zFpSPZ^2M@b!ih#4%=`?lzA`BAg#y@z4?TsXnogC0N$By@2*^47&em-1iXTo_r)9fW zQu>?R?T3D%b4nJ#>W&3RdXs1nYgP*N;_W!fRRS_GS$zDPrm7<7m0kVsjX=Dwp^151 z4?HI|MM}bl>J3?f+AiUCE+}UKv+`>ZyS#)Eciek{Q4s~_(zxI`6gy6)184>#g%fy` zuAJWFVJFy}i`xi9e+GzI3vd*%unS{>`&u>$OUyVG`%sj8vm%|}Nty3DZQ5vT3WU=z z#=W`vV^7R!xyig5q0D?*?)fb`P=XDp?4|BRQ~(={;PPK>Fw0*C0WQ-GiGOmLBKxNo zvbt|!^UCdlBcrk!=s_UHZY7di4!m;OSr$VoOZxZ70~VWVt8P&(aK|Q?hl{3`H10bX zl7Oo4e)@RHVCw579*~!4WP-4AMAy2k_cNq-PGvqYac%N&YEgI>4D@5EfJ%sZ3ldZH zGAXK_yegJfkTZ+YD4LR}O5RVgdYAa(gM|*LGAiRGCF2>{E{~gOkc3n4gj2b}F0s#a znB;|e*??_vDM?SilQ=Uz(tse&TG${VAc#|<0{Vw@CPMFeR(VSVVjOm8niTIamPR|# zEmyMkdLSr2T@4Ln=no(30l>$a%k|@v^1+H)sr6!Io9QDeUfA^j8?QyGi9GzsjFvLv zp!T=#6FSrw%Z$kD-1b;l0QYJKJdx=5*pC!0%ezvQIa^u2M%0B%9?R%-mi{OIj6KDlVL{IzPPj!g zLZ~|0yQOvLPnOm)zi3lj&T2SmsfdWuoM_j}VUEvb-CO@gC(!?`6A)pGZ)Up8@oFgO#Q1&5cMt-B=P=9CJ43ppF4y6|K1sd(VwEMVq)f`q{xx@vi0ywtoA^Kfb21h+#WL4BrdMl#}B;(mf0}iU#&AQ>c6cshZf#N zm`e^Cf3wc;{na{?xa)ZYk7&QL=QVj9pe2XCn!MGGnv7~|vdLBDc5DW)v?e1j5lwncy5W2l>anW3S5mjf*C)=1eZXS6D`0IG)0N z@a((xgpV)mBFO(3>&L8Y(j9)3XR%bvhv%d|I7|Ad;tA|Tu{Wiasoq9M^I#ABKGTv} z&+1XQTpBfsrrgad0vEF&ROhVfJ4$-b;C#nxnXzv5Nx4;OG(AIDvc55AC|jiqab1FQ z=?7^Al~1^G*z!b*>b)DfJ!;kZP~yF(^rpmpGr4(zs56kJKOo6P3xYLCYbEmY*4go- zo~_MKz2v-DhJ?9=@`JO+MufTkyBDTmON~_RF5-wLaj_;%-ckhV7=6 zL=6IZMF5MTZFKrdkHS%;QHQ|;RJ_}S4>YrA{ed5b5|&`ye&w#?UPJVWwo9~Q&vDvk z4DV=08#9|6vBs@k#EMCnbe3f zUgphTOLPCW5-t#r4hE182+$S(kPbQvapTVj_(Xq82b;1p@6rK6Oz|JmL6ibOIv}9@ z{U~m>+>GK!*&=*O6oI@&yDenE*F4XU*>Yu_j~yrR+X(T+RiX&-W)$KOv>8sclqmNm zYt50jaFxz?InsF=URbYz>~HEriD}S0V0zA;mCah26e|184dczY=1>iGXpL3&8~Hj< zjRhwV311gi4B?{libWI8$a!sw#LOURXR?M$(pt?wCMq8lZd@MfYihL`dK9JSPX+!o z?&)twqKzq6$=Qs&WGkBQd~T7+BDkobCJs|6*n0Q6iUl#&{JW`NJb~F+?@v>|&wm2` zFEjr%^*5q1|IbtZA+|K?U*`Ub&&Ge6`=OiP=YGASf13M!tC8R5em{Z1Wt}dNAc^UP zquE zYGe7#sN;5MK*!$`wW~xE%4W&!Vy_JUakK})yYr)`C0p-SVL1HPKrP(S9`@~fptjbU zoc5>{76F>L$~Z~#V|HnU6k7ZLRiYLp%lL2R*AN@eck^p`ZP5wjzcIhABLA^m2#=U; z>7DuKLH;B2-;xCTUlX;7SpPLqi|!xh9#H?i?;n_d?$jU5|0(rfnSYj;UhH3(e<#$n z2lp&A4j~L+{T40*77kwVTkdPnFUJEE#z!GJEF}jX} zQooS}d4JdMQHzX1%yx(4@xNMM$7BDnz8Zh5eS0R*JAGJ|POg`+BSjwU5-IOU%+__x zey$_e=ESC){6w1F_qfQ1ObjO}wI(+I9m3x1nfIF(2=!1?MHQu#=b-5 zpck!SrnMZiuW}3!IxcF1*E)d(;T%X%fdzz|=;@d6Fw%g#GHYY(d52m#I6_Y*k#^Jr zLO(T1^}GPvYIt!Xr!&vI@gCaGoPj0`>0B0dYet*X02@BpzaLGzWA1Zq?0;TAhuec9 z;9&<8((!WiFtmgc%D@EgDorWnT;cPJqahKUC?2FUYY3rvG zs?)8}LEMS5^@wyE`7})5R?0-s8k$jD3A13BX~Jv7cxrQKe9x3%MZwgl7Gb>W&Be;G zhz&tMKtQ%>j4vWQ-_Y{d;Av;I_V;Z-Fu*BS=2K5;uqRF6AiAz7>@^nSf350<1SYqJ zACz8u^Yx0J&haK;BgniY;p5q9IE3hx{Q7#4pxIS zypieU{^`lJ!`q_F{gG(FJ%n1Puy%RMaob3X;TO}51n2qea z$6*a24&hVd5;yk*jS16MUq*j#va*?|2|IN19r1Z$%Z)vV7!f~;7$5z;yh=ZtWm@+a z$c~UxCpByEVofwm)c2A}K1d^5#ZvcGg(~pNZQP?rSdIpW)}?-B>&l)pCSr|d@S%q;@a0B+ww@!s1)#BXix%8H8kKnkz30S10zUI#-sH7&wNsgaerS_B@{jck~odU zZ}&)TH6GcmG}eyW!vgfhj?I3<~VPF zM4pXpg=4CoyHIMlQspZZYow1$%xR9u^rGA4aU{CS`f5@ZDBRrv-~>p|wM&~1ceU9~ zOwxzb=B+o^I>1m$1*TUZE$mm@c9VxQl?Av__?`(nZNuV{tRUD1W+t7yMqw}{EpG}c7xhM0e*{&T+7i2sKiC)S3ZSJJ;Y_Z&VP5NEeT(MJlW zBx6@KeXE}fGBs>7p%)E00Bp={;xaTBd76EdaIR;x$SW9DryQNQ>(1y9H~N9lV&H)1 zGVmG6x;Zfn9uz9l$zj=7!5I{sS_G0>M2B|}()svwsXU2aAu3d*U!MOQDd5``(pNz8 z+5qo_#AGxN7xB=r6%gQ_$*687oV8eczKi88-)@J86K?nBid{y@sL;50pi`c19V-O; zc6IF2G7jbO&Ge<{W;dlW11FvP)WiYkx^LaPxuSQ5>4n7xi(Xxjl%~4O6RT)|x^9Ri z0iI#3JDeDYU|!7uk0ZC52o()|VG{!Wz=WbR5sF%Or(yz0X-SwqfPg;W8wEAd2l=GH z(+f#mus1NFZNrW+vebEhttiRnRD-@iy4RP%o)A3MV7N zKCAHtK&@Akog-PunOJ?FA3CP8mhQ`yzCn0E+{2w~3PIjW@z=-SOW6(kOOpU`0J%`b z)q}a<$tRcvTY;ii#K6#NX|d^Wbhv0@PB}7YQJ_R9K<89Tzz7#h!`jV}+W<8pi}@_a zI{-COnbzalovjYBfe9PkWTbe78Pz_A41IJJ8=Dw!;MQw?ITbIz!AdWNLsywJ1&O?I zQi?x|-2kz6ge6FlcUS{Wk?*12Mf7=1`CRb+pWBj=mFIWIbSMFT?j>~5{C3Aw+O&Ri z?jz(V`o#H>O?tofR2@gL&uzG1YpO|*^avJ z0fx^Qh+bs~o>Q4USbWsgC9-Lq198&_^IxS={|+68N`aaER1Csvcda#%MOijbu&Q`} zoCv}_G>KA-eC-ywi7tM8{uNu3RT>t6`Mrt#tx!lBspLV68i-VP{XK`6NM6<=7D;QP zG&9d^r}P3WN?q`&B-q>Vq|9JKBD;(k=G`$Ye=6Nq`j=>XE7#=1jx4jFIbCG3R9Q76 zBlGLGgg_7iV_y73zR3zdzFlZ^5GpfdDl-a0+e`+!L&|A7bsALgly|35dX&*^LiS^= znt{lP{SIY~oDG|2EX?tNqW6|ay)xFnaT=Wt&%blS(JI38r$d!K^SlP6vspdQsfZiN zsrq}JT>R`m?{fxlzF6wtWAE!r+x-mH#{PFNKC&1#gZbT`(EgfxmjZ|Ar4K6* z66x9&To>d*jP8(UZ0KuKRt+*u-n}r%eNE19yu8~#cX4usvv`N}Wb76X2Shw%(==1DQ z(*%8O*mW3Q-q-hl4Br5T4OYOgL3Z}9!$!i<9`zrlVwb<0iXFcT{@|usfegf*l2sSM zZ|+!O&O{`w7fj@X3s$-Y?hsi1#g4lml~@R8gR54N{S8N zSw>Me-jZ+fxG!D_m#m1C2V|`q55Ky?$u>yHXkRf?V^Q=8A@pHA- zvc#m*pS@F~j(#%ezDC|BDvtEt(%x$2fu#kRgMy#S(Xs7x;cXQ?m6yQr(8MWp^I#!c`b51)~!#>YFRA$dP# z2xE_%eJgzdJ56Oa@?$sth_U>2DX#Zpd1_}o(+Py~==var#@7-e&q?LcxL#}VFt?%%pEjXPS`#Mfo8dhe%Em;ortb<-JPFR-}h2}yinZEN0p5@k;0&$TdU2AT9W%ts9x3 z&d#GOHX;{JpE>?$s1{sGu5-6SKo`}DTi0nKccOZ3!$NvauJUj?m9w5cLhf8;?;{S} z@X4VgFS7sx1v05w3>Mg4S%g4`_QNoZVJTeF()!^?T?ZyY$eiW@`X(XVG;`#kKxUNN zbLaw`>>p_Ou%+}Wx+xmEXZ8ZAI#pBXh}L?wBpPeAc}kWXNy;klI=ohrsYi0;`oZ?F zw&m5+5MlPMQAOm4#Z8%W6=ieA74YX&mxI`<#-kG#ADy(3Au?1UZcCy~(W*J5#*b>Z zxFI46BX2cc54X7S@NiYgs4g<#g%I8zblZyW$G#EaFERj=(G1X zkFf~YY0WTDM(wBya6WLBRCbiZ!o@NxADzWz-1T9Ota7q({TZQ^{XQ8fsycz|c}uyge;haJ+__`+N_b?7C;9Hc zbJLF)|I5M_H}~r=6Tf`?Bvy^wGLq%p(3)m6iI#A0xy^}{z$%ycIzi;q2hx)hPlk0$ zOOhSr7BTY~nx|u0%c&%bUc<%eqt*aDlq1Zi!l-p*?)5q38x~QsW?I!E>n!!6?{;8E zBx+WjDQ|s(hN3%b?JfYz``gqKU?=VXvfRzBE$5aLGBCDZ^xN|CvoV+U0gPP8+mEsO zE5cLC&|GIV2#HKRm5LNg5w}11BN}LAujbe=uTcsDh0`bj3Ko`bfr- zg;w;mmw)U-GNotQJpWJq#N z^0AV5Fveo2dLgYxYHE~a<+E+`)LK3_jRYT(8Il3-cp}?s|0|9!nk*8eT%AG4u6&(vg0-ELeC#?q4s@3?lmy+}& zccmu3=|`^5=Uku4xrr0MZ4(FpG8ToZbLX`2I{|)Ft;~NqNPH>*MEr}+1@$36YNe!R?9-z(Q)^3yL1+`A#dfw1<)724DF%?=z* zgXwO*gz63m)NcVocK+QH91o)*jrXK9*LA9>joWewP>CU=S1Oodv7< zUZO5CsAO5t*Qzg-Vnv*pEqfe{`*Xc*(hK_>brt*Bq4qK2AMFOEXd~4`a+wEhKs;#% zA*OhI>y)l9c==7iT}y{)(>p;u!SPhIzZk2m!<&ZH)FF=sIjH06_aNo|8j0d`#O-&A z`^>cl-4nIiLt$?zU_tp*)-QkwIL*6#lB-iR#-(u@WMJ^oBl2a(|1d9s*R#}vG^20$ zdEQM^ba@C#n^#{9WX!SI^8?pzq7=5I79%rE(Ut_>+q~&nj?jpG>kpTp~Ev& zSo%BAUJ@%YA8@$kYTkUVK=9+KuSM2fKY*EE#zD~ z+_L?=6;*DKYGsx<_Fv!FeUvV04QjrRaeZh?Zu2Qe7@rA4A4eIVF{=*&Z=&=<*f&Ey zI1Gn>Edl&4RY%D}?&sGMvPF}|`H+BDyh#J`+Os>~A3(y3!#4&siN`fC4PQKgPm894 zXw2>Mm}pv>?k5n1reL(`}q4Poj@92XLO#$y z^SzjM;DQ;da~Kdv1i6gN45^K23ANs&p|Rs(U+-})3`lfObvy;D$Ol$qlc*>{chBOX zBZvNAggSA`!E{5zGYyS=gYl7^jO8(D`g7*ZHJC|wM=To=cqVw}t&0r%2N_Tqc}*a* z_ls>}1)OD)h481kyk``dD7v_@|8a z#KX=jxd7Jz-bRv;#>pS3t35~uwDjf&^V?K-MmW@?8<0#u}+e|^$&aTP~#T0E#AwIV>o46pS z^8OQEvzj1ReTo1^q&tYR;@u{)G#)dZAf~=dG82W9mgXvMn}vXWEEjp|gLCsaz!i*b)Uef9bmvs)ddsRAs;DMgUHta4+vdp?GKRXbH^ z)}=yJgh!{(YP`@g9G{m!Vye^%>(X%UP?F*-Nl-#5FDM|>7#4qHOl$oN$~ONCtv>pULaZ0El)={4F3^3NvFQP? z*D{p>OWHEt6p|wuPdK-)8v~Kpq~SV{k^iA@JIr=aD4D6jm|J|s+s;Tae23HV!Q&Sk zDV?LlNN|aI3LBzpvhzi*YSx(124$X*Q}@+W_b~KsC`eiFJrVIUi(8Pk5_w~F53~@h zUo7H;po@Ve;~lTP@ApmWLWg5kQ|jb=geyt?tVi|fsc0paZ>Sc;1zYX3&>_Fn0;3CG z1<&mHg~wxRCP@`yrniVPj$-< znd*fO*#(2KQfz`6abSG9JfmCGg*c?OXUu|%H7*qo3}9P^*H}sk^O$ZCedRV8Oh`QK zzFxJ*UbSJg@#ZTx`wE!dOK~{xY|D&n%hPEe*H-ohzBOGTmd37Yo;6LRGo$BK*1Mu7 zOHLNd=3NJk5vMAw;nzAB(~t>C=Y7Sply_~;X+H1r8)Wsw%S-j~W|FFY7gl+H;W?{ej#AeGu}L^9u3n(JlbIGI=7~}BQWsZzD7fnt zYV&Ay)zD|jtDj5p-jY+PukJcdO|7fdPJ8=>bLMwVyAw=TndY}mV^ONfmq_LG2mseL z-b?vHWXS+ZZOH5wchOG_m9n2Hvn#4GU)kCiP`luz)Mz3qQiv$~HU!ZTtXw4!NRt!x z>PT;W0{4VXU0X=V`Ul`?(1f37?HF?Sk%CLVF;{^*2?fTu=~*eKortozq!NT^aZGF)lGV#rNn>L1yirJ$NE_iLWG5f%mW*4r`}c1p%zZzuJ6?Qz7bdTqZXZ)%yic9s}Mo3$ssIm1KGC=OZlue_EfP%`Nh!RRNZLfgc&==)=m&h#^5HOC`Ov zlu)@54}EJZqcqhQh4xLj@^gO9wwE@v`Q^j z(Dp5Z6-z2T4n<-jgUvb1H6Gkwhz-&HYS;seO-93u*TY#Wu?Mg1z!XDOpcZa zFDll|@rDVT4a9XjkG(%}TvHx#I9k#d~CAWv;%IBPbZGVh|(K zV`kbj{sqS8gX^n~y>+d-iugYheF-1P*2FtWQ62R&=V(&WFyz{<%A-RUXvFyLqrV7D zz#tcO?Dqzc^;MPwtjcq#P?t!ufo!Bz7nVMK_un(2`Ov$l8%R^<$suV%Kk(-IFAo+3 zvLXc2(_x3d$y(9{6H`T3L96pwOeP>SIf1G3ed2~x=j%v7aHW_>%3d#Cn3(-Z;(t2` zGQxC@LtNbZv8`)5L{g$2XR584@Og8_7?fQ~w&(t3H^_U=t~zk8F`0*sE&m1S1?T2T za%vi0;-|SEVO*tTukwp~do zPAaO{wrx8V+qRR6D>nX9)qU^nzOUc^GILJOPIlJVV;qe6Y0Ya|NGz8GHd`Y?GL4pC zAwj#F-=+=UVa~V=he21a4dHq42eiBF8%Eb`!)Ms#?%+M^(CjeT_JFroCvj-K6K~ac z_3TnnI^!Y;w#5hU$+I^#YQCn(q1NInlXUc-5mlVjrak39yq@>k8C*SDHqfgEsbi_@ z%a8Y523ei%q+}~}FZo*8{>q#e@cumU{@h%5zLKQK=Q)mBs$+F8j35Au0sOdC-if1c z-H8ndKwL+TaVZ2)JlgsS?(Q7Tvz-PwowM_p?ghQLdg#3iwrWtS{JWHd$-}m$UXqcc zrWexR#YJ-?bWA)eZ^-Dg# zyA60VZZEnoaX?Ga5}G{a?(xn)5GSDbM1wMsb?~K-B@Q8v#eN?hnUReTkHHg27(M~@ zhj2qPdZS6($M2d1Iy&#~pQ&ugV&6JVVDr74`sGCFH)zS`mIf!kF1;k!zibM2AQtFh zzadugkU&*dv}dQf+Tb(j&o$1rJ7R{jb$oZviFY@Nhev`hMEtppxt|ztsNRU5LMppT zX}-e{@6UuYOVd{$=F6g}(ISkdhzWcOa!O4K>{=pr8qf}ngYW@W_oV_o)+*#Wyk3ZT zEGN>6uoHRM{$U{*tPaHUh>XBL+d?V<_$d`7Hm!ROc>Z`Cp|t5Pw$_Mk%$CE44; z!=G#$x9dR1o-6xy!S89g+b%V%at-FnPo@bm`FlT#qb5i-l5T!PE3x4s zfbxAn-=Ry6-=TwWxQ;v^_lSrHLau}gLEjyt?F+wZ3ZbJl5^K$FIYpyHlxUHv8&PcVKsJ**9J|lrTz^QB}~Q8VgOJ9V38=BV2(|A z*hA=wAz0EDx5X!VZP4uKKG!ieMNUt!U=0*-xSV#Neh$oj*I%4V5dDEOKD~8>4Ap$T z&k~Zt%stI`0|?t4+g(uAEX*-L8TEpO=28;3w|9Opqpt#dk1Z(-MJ-%On-a({3nP4) z=DcKI6F-oAAPrwYQZKJ%?o<|rW^C5Q3F>C1o&`^WjRjA%PHA#oYO?dXGES*~?15oA zP3G0YDnco0#)1hN<&g^RHcCe2&5(Cvfg*w+T9Xp=23jcHf?xq&7Fd9n#YH`ygq`W~ zvsoA?6gZ5arWfHtSvMkBA57pc5%*f*`ih}m>fIJx^wQTIy?lRgSTeU*@FwK^W=!~*l4q{>lE-}Fyl>NM8g0%vRX@HP&ny1ndL zph3*$f)sL)K^2y?6VkS*V)cEMDO%Rc?Qw51?=&&wH3Y2F16Zf$&pJk(aU5748?a&v zjlEVSayH9WmwHQzK);H?fq$uD?&y|X74ux?0z;;mfaaa%3%uE z&rzkc9~i|rK}}YLZ8L! z6yNErNu+2x1TC}+X6dk2e*Zm_3Bf51&@}h?oFn} zIciG|ghaRXheqzJbz3dv6u6tsD<>{>iwngpHrHsx_S5y|)62LU`{B&@)4m@!B@}Xr zL({)XR8HMs;65iQEBoigrTLmqY=EmuQ^FA5@HdB1$S zhLXWjxfLN%45|9xgqn|nd zi(UhPMgooXMwP?E7BU8r005$N7u1wkKb<`tX+jBbS~YQY+eepTgf_Nm2n1klZR!tV9)@2BpGyu8 z8Sml-bXiB_WliKpPklrW8}A3GECupc?8u#eQOO*Skj6!q%-A`q%V`}EUf1wPwhUNw z<7omPX^T{xZ#}Au8^>e(_qBn(PA=@6bl~0%oX=E#j4pb4G4dVfu>mA(1MsLC5YR43 zm)|R%EE*Y;M#r4W2IA8O=8D*l(4anHiLU<#I0*-U6V?K73NJS|N%x<|%VjsnZ4|SZ zqG@uef}5ObWonQVU+tx>-~R(RfjRsGP6pGbu*42i6N&yCoLv1EII)sd5dI0NWb-l? z+Q5}I1qnL#rZ_>l?~$+}hys1skR8$~TP=+5(9!`_M$&D8GnFbnAr2UjEd$SnBL?HQ zfp`zbMZdl>k()ehni|8JA5DJ+>r8;xxc+*aySy%OA^ad+cH>%o_(9-#fkY3Osf2o~ zIk$(lR0mT|Tvw*(+reZkN;xrK=X}BIjC0hZi!oa^4EFd%%v^uw2hV6rk#EnAVXIDwRP3ilAl9CrNb4$kdxNrWsd2rpZ>MS>+EH(S@--?qO~N2I_ixk=Bc6;+`>auXt1Yy;UFa` zS^PW_Ecqh~Js(u&;Y_uum=&tFR3l0B^CbU6b-!F@wS;p^mJL-E0fbe$f1NrQGC2f1 z`3I;vG$?JB9Ch$}S$G5Q1OxnU6%02iU4tg~?m15WC`c|I{oZ|J!-O7BJ)3S zs~9R0@1D@sho{5us1Y+XC=R1>D^Dz;UiUwz#cw}-*e^eCd7Eysd4G{!WiqDc&Fe9< zcw8K%!iL;WhTK|-n8Efv)laB}?vD@uwkpi0PLva&Ql_gdpiNeImeo4f4^Hj!DEegr z7O;iX6{ZdJg4F_9MAu4d?|@QMf_t=o-C@aJgP&c3<1yZME!}rT9lUL3zoaq7@;gycg_I2(f+EAxhnH1G#Lu{OZPeSGVo2__RXY$E4n9munEP9gq0yTBO zAs4>FX{o4Hy>h`hs9REP9U&^^`~9+kpIxWlHYbnBwvXFhJB7cxL}QrPru%#7C8bD6 zJ@spmsBwZO(|)ANuu!wxWTQ2;S&D$OL_;Lx;1CHBl!Y3MAC;FYX)H%^vs~jdBK9QR zkii^f4qIc}6=hZmqt}=8ZI}!LbaCF-ZHT7t z&3txO_vpLsqJ~Httq`Tbw|4g58KLZDaTnIin@iw}^%Gr=MFtSm8+zVTWL$6MO^0w8g{Rk3o?^!O+#+a+!T0Yhe$jxdG_Z2SQW`vll+NAY< zW@y&}+l7%gTlnpUKtFfyyRP^0cfV0zxf*WsD?g1?g#mp&0ytXbdZxERAC0dsRVDss z6Wh*iNp%+MUFXsejy9tEbnAD$t6_%sQA@v!F*NYgTdyqDBP{1|)UuaIJ7327HAs%# z5vzEr*j&3@A@OPi*(-Rfu)lT{n6F*GVX5RkFt1iVG^%&Pr`_hhn42}6&ZqaVSKO}F zMFCkeB}`f?*$A!G%0n%3(qyO=EWOny7Rk|Q72io2=JD z{;8tnKk~v(twW0cpm;6Pn{9t`FA8aud>01KBcZZPGOjI5UK$oVW$Gfc%|avxJ8Ehw zlV$*uqhIvP6F(_h2$tYXYZs|1B=b~@Xw_QgxMV;kWzJ%*f}g2zj48K*o3U|i?v?6# zj_fJzE>NCi5uZ=(kZ}$sIO7&+YA*#;X%-q=U*S_oG_8<)YEmfVUCa!Il`STxI z5GihO)=8*$$#o5a$(m#=zT{OJ!}B&e)3S2=+%&)Y*`0XUgO5DlOMfV?vO}FTF-cUPK0=P*uQc`x$!LP+v1K*G47NQ9Rlw>T0==japZR|% z=M5`=GARoDEk9zog&O2dwo|{p&;;6$@9!$h_C|h#WLbhAV#b0Wf*+_St_9SwpW35- zm-b!JWEncwHIcAdCv~Px0{iktIFxXBN?3Hw$FUuw-N@Usg6?At#~e?w9eew@&A-4x zLt1VEPpfpb#K-wTgh^_vQ3+i@zLw8H@!mfpR`Av5^)<(qA9d}a;?l-28Ka+%APlqT zS}&zb53{3P_HLo6 zs%{36OC3x&H(~%E4W!EGMfTe+&@l{|{?H5H88e#XAK0a5sl*O%Fo#X|Z(L-SA-k}z z!&j7F*HDpoanD>;R837RNF~hfX66;t6AAUd7%3jG~6%1vxJlhm~qyztHOfTAVS-FeN6(aq0%@p}?o= zaC0dT(7EifgB!~c+aeD)qC*FFP=&n7bfZ7+F`}gp-1X-Q9mIOTW?Gbyj&)pteNv!6 zeNrTAIyn8i{kticV~T&f;&(#a!QWM(>O^+CK36l254_zC^;UkFBu6ZIIr%xPNr;ns zJCArwA{BQ`pk`hX%foyl^S5iRHABuYUTWlR5hIqo=7N`;X?N^YqVca5pU{RMh7EvF z*v14~FcAV}=`afE7NMh+1l38I==c`OM@(--Y8jk=~ux{(u>W{I2w7hg9TMyP$x6Rafd^j$2v7gw%QZEbbiSl7-K?w{5g>+hc zr`UXCf#ts{K#G4KwLOB){cr5ov#V3K&Bx>0O>;AVF~;k-Z9+~f z%bdM)zobTi9(wFZjCJ5SKUBctj^$+E&0z`T1pzO|_bifmr+ z`fB00c<~R3Fbp=cUWuk|D>j#H&pi~|ew7o;z&&+cs9@99O(*#eTA}bnVBsb1^oYw-W zpqgA`!9!>Jyo)5#kv23cKMl@@&!FF6_-COL!WRRMea#R?LS7UK*@+-NR$c+=h5f4W zs{q!o*GTly;`#r?-*i=RO^tu?x03$<8-M>VjgT7$8gGnV;h_;27k=D%GgirI9S3#T zPSa#UYz8GWHaUXIhK$3!yMhSsvWlsh{;}ICZ^(z2lRsu)s%V|Jt}j19gHq}IU)8}~ zo`0%?OJ#r5K_SThi#j;`|5OL}wAj5n<-jP?eBuO);UHpnnQm|u8Xg|`u?^$huu7kA zK70{hSw|Hyb9P>Rq>JmE^9%r2sC0J43&+5dCR9^5${*zUaJ`%+|<~@{srVI06;#bnVx2Emdk+b&kT$A?LeUH zmFf$^2|P27_?z`aDn+3Q3Fm4@he+QmdWU=x!zf=^H{qCVAK2+onKT5H{K1#(g~3}G zsj=ZbwESNfo=0HVb|hX#mCPfbgWU|{>{%Y+Ff3G(E`HmR`j|-)Qt$%=IDG7SU{X@V zRJX-U969}@Jso|j*u2<7pl^0K>2txyILK;S(-IZH8AV2rxOL~JINHl-oLM*5Dr}a~ zqShr(ZylxK;+;z^A=tbAr{(OaV9(>$=^9a55COU!X?x;Lea#ua;~wk5XH5K8U6ceW zMO=!mw4jLl$Rao2fdM@^IXEiK$Pw;;$hUay48ot6 zZodH%BT3C*isR1jt-%-+(DdVvj|QjD0iiXr-KLwoRl*DKz&ec?g<_D(d$z2#IKPJ! z+}^j)Z|Uy#AY88PP> z(mGinw9;9glv;`9^CBq)-fk|`_uH zoXrVTGl2mO`<~3cx@@19qcMFEOaoJ65=D?mxz=~+BZkm#+cPbUIV17g^JM(3IGAJh z6Z)jooDq)v9F-R;zcsG5v53jG1 zz_-wIA=kD7P@#uRJXiyrwFo2I5>p8dJFtZYbWtV5?*z4k6YbzjIT&C|8hQ$oFRlY~ z@DI}>9v~;6Czw(oC)0XGg?_Exb2a%qykPe<$Zz3VKjZZqm1;k)(4_=lgX4K5U)AJy zR^3;oQ?nBU;b=op$Pe_%Ns(v}>$h8Yb+&jc*;z`ry}t>xwrNqv325VORgRr6lr!_d zsvl)+mQUDMQ8#oLnq^|>orFDVR+}d)$=X?TG0nhhcuRA7t`C4u%BB*ACMevFQ z=^&2H7ihBZouK=6+>Pj-9S8^xR}@1>n#2vE!1Zf(tc|e(8??};J7o6P2P)5`_Sr9wLpA19CC52p|o&eRxvz#8P zV;08Y;U+zcVM5H``H~)N<3QR%8whATmeA&ZCaww5X|^J=m5XpGfZWJ-D!l=LcYI_OZYjyJD|J=o)KIb#Ld`O zH(j>@CT?OmqPX&rL(n_%`SP^3qLaGwPGVjpDG^BKY{G%&>XM`%Tl_Y|1-Z$_0J~Aw zQ;^;Is#`(AXzw_{k!a;DG~rg&tMD2n=nFN1IHEuVeZWDdjCqq#y@~coD=@*^CZqja zu}O~nglNa~ndSS09W2DU1_UAx4FXb5&$*VX>fV4?tC$Pq=NckV)sAol38<1-u%`@+ zGT67M&fbxIeaie|czgbyPRPM6b2=za2W=!y1y|r-NiYuW6^LW3-Gm3~RL?W9>wIEm zSpIC}^dG@jgda=aI6eznqgc#MeAB$rh^{Pszc3NA{a_)MoN+vXH~VoD70}up2yRx; zR=4hGNtn2w(EfSgC>MAaurXq9_P2L4rw!TeJSSEMH~FHX)9a#@*HWw!t~7Q5Fd9Xv zu&AI}(hd<2?Y2lMrppYZ28o4>6?%%TDP6l8IRbi2N+UF~xaJ{1X9rCk-jLf~xBnKu z5DW07MH&C`rMWAs?}p`nYHMqRQ+!gx_rv1}-D~SCxhvCoxynhHyCa=Z)7;r_DlAc9 zJlB7`SV`qQSKNI0RRK?MVI#Wduy_sdSl zByipF3vjEfhMEr@8bxwI+*adWXccWB>EC21r4}kw$yjBkN^zET3x%gyUo0G#4N?9_ z2}hRcuY_|4^aPM_#ND%h=f(U_FFB*O-K^#oljsHrmTO?LCkpUcRWbSU3uGyC-elkp zb3<6?jY0*)13Ut>*{i=3wr0*B7$&x6n%g0LjNNWybj>_tsT{U` zZ*H<78L_udf8J_EF+``ak$3L?K~XB~)?_%?|E=Iq=l`RB6xI9&aG1$Ax&0YO`>o>! zFphTKZ#`>jSLnA^hqKGVS(BIE?Qxoiqod1$&yNW;KW~>{|DLzB=VP}?UtPKCQuLPY zRWAumFwOz-*_G(-=syC^wh7VOPT}I-Q#)6_@fZCdz#xWUFr$1ck7`>4_|ws!beNC< zS4(LY!SqJL!YbppxCOCmq;^V^+n_NQSstMtAX+99;(*Z}S9rE@KXZR$-?YkcqUgUA zV9f);mx;{8{s-wMeV#Lg*#@<$*~p_BmzmmL$7HV+-X^jQN;?2`?kkg7)q!|nIP2FK zsoSsrrQgK4y#0z>X=_BLs11_W&jUmK*9MXauu=VAdzm^(I-r5XcyNi$6A4O-(gz#p zB7R$N_W8SS7xig`T!Rr#_<3h$!l%y9Rfh*$pC*^|jK%<{eoTbAUzZd)sd-ia@g~#s zAz1sT7cM-GR6T@s_dm28X2<_>n9Wl17ZyCOY&(bb#4Y*Mha99;&pG_<8o#3dqiY0J z`|qytZSa3}jrEn4A4iNXU&<5;elf%$H#q}T92fWht>PH`z`oskAjmx5+$7q457#S^ z-f~vRX9#7^VDxWyDpy`bkU#KFM0@%_dq(DWvCjw}gJg4V6Et)KWtZcR?zm2Sh8W<} zkiCCe%)~~dC~+j@XHvv7J4Pq6XnKts0<31H*5Eg6vID{K${WrO2fOc6B{#|WZfP!1GgYNDr0HTSE5{yJ45DAz*oIF6VpeP=_xP;jTqaIhl1;9#Slo&l>@W1)t8Cwc&S5bz6cI`Qo@{ z11HnyuStFeZ|#AW#FuW;28lVG_^hcl$AmMIzwp3<43PP;_6>KCY*DkZu5xtbv4}n_ z_PgieWBx^W1>M^@eM)ciWc6x@Ht>kl$SkXFP{_Nutka3d^1P zCV}s?Elu$xXhiOfN62=A<^gwa%;SLT@ppoNvr9a-#I)k}R_~3f$RKMhx zkuZAu*$CB`Z3%=jjP++hX)Soyx7T|_N#8fnC4M!UuC)$MOe-18m3Gnze9i1LqFg_QV8WL$sUboq}ZZfvKNz>B>>6$(REfH1F>_uqM=_&rkq2Mx~ zEUNBv2R20o!N5 zt%};P_u^nsR+-5gf}*9D4{J9-olS~^$tfrKaLjHR=nJXv*#hx4tbU!7cc@5>q3ki0 zE;!b*>fBYhBQPT{z*=PkG`3}$3Fz^t6bK}H0PF-ho`?K(q)07OGe{qqhdd@A*t`zX z;(f%Gnk9OQ3m>5@xO>?HtbV~_gIx_4nD87JsaX;nI0iUIF53V&rprG|@B0vY;7|`q z;+WbI#>%P~74$|tCWw6+`Zl^fbiUtWtkws*db%Ku;J7U`P%SUM=3Nu$0LTEd2Yx7c zXc4~|%m6b*+c_3{6&MmMpdzF@x$6M$)AhUbG*zod=-r4XtzwNaTcAE~!XSp>6J<>_ zAO^(mDW~@!2OtN4RYt%^0IRgq9MrSnuH%91poIZ$yx`we+&quPJY+4V2%cG}v{Lr8cUBbCSV4h;4 z*p}5G#-_9n(Mf;CW09GmqW@rj$@Tk#a)rV?(LNqXghGstP7ZGpwvKj6=JQl=`F*4B zVz|$CUWP_ljn8&lm2Qa^cqUy9h_xNzOK1p4Q84tc1N0(@qr8(}yP2I;_2m90KGOQ{ zmy;ax2Vc&(8%AF$xh_gJ-sk=%dK9`F$5>Sr0$;xI4K|4X7sV|x{EgzX;0uI88zz{EEIQ#I zLzr(7zz|k#4DT<|z!E_edd8!v$exZH3l{<*yy~}jK?8||Q;Bv!&i1WcG*YURZDy3o zQrsK4Tdp4w);s{ljvG%qN?DhU*FZioeRTbAK4n!{_wzYU8>I|%@O^m4RMehTyuem` z%*;n#QOOZ}F#_*bN+CDvV3Q)rRa;4LLgh=*jxhSq(z?9LB1LnqJUM+HGBhrxL$Wou z|8{>}B#|~r_9v|34miJ}$wfNF9?!lWyZz1&#Ymo|N4>8EqRV%ZW^ddnVVw_#_x2Ud zcQzb-$INbWOHYMhcr3ROkee2XiljdF(<(J$Y;9s>6gliYs& z7~#Qn6#5vh_V<6p>fU)_3~jPs?mmb;=9)bI0R_~PLLC$i+y4R!R_FD;u-M4D_upfo zU&gWa_8Gh1`clbmp;a%($>WyWzCd#HV0~O>bFomEQWZ?f=Tf7+~9f z`A<8ywXA}Ne@~!z&DaZw9I2oQVnI#hq{a9ypARn{gyZO);ohw^hehd52%mGdypHt2 z=^>%%B-)B<^}E%Ir5^*L9;9~n&t~pIQ$gutW;08^f0^jm*CgJ|?n*4_qR@~yek*RU6=b!f( z@8&;eHDpTKq|$v77`=Cqye@rj!Ys6E+<8c_?xR>ROrbZne;ehH|K|EnmMWLV1im2R zDvGN*G5MLz&5dzTYgE|Vqe2CC(113!4<;X4Prb}=*`8mCVMNT`FgOO_5T0?CUq?cv zbD5L|aObc#zWj(Lxu?H-BV+!`w<&0lKboj@TubsPwW+Y{DCrP8%edzzeMrq2C!(Wl zGfi_~z>iUa#Md&zLNQ{Ay9%2S$NFM${(5seKU;b1mEa)u_!xEI3UFYR7RLVRx?ck* z6CkNv3ouL6QV9tC5c9b|=R#Sy(%}CPwv0>(G(zrw(;Z*)<9Z`KKuTELkbBirA)WCD zwDR$phzrBq)4hykwmr;mC-MRd!&G9RFS%eCB+t1rrRbb*N(CATcl7JPayOiH_UhR3 zzde8&k({Jj)5JKSxox|hh8s5R>Wac1)U&+ zDN!kP(ZZSTpsVg4v%aBOvo$%jGki*GP}HAvpagl;VOPM<)(r(+qvoaOU^Rl8M^KxW z+rotBHM6Bf-KZqp$T02#*cX~x3VMF~#XBCFD9o0ZA9SENGOPkrx1eofUtDji>`&#N zajbv}%W{?=B*lKx!AMG9;6YivfC!h95Yh3bnL0cSw9c659!_=)n#cWUrpy(awxrs< zZbk3fv$C}5Z~BbTxsy=x00kNl1_H{+!vY05PzDA90#f|=R7-&Sw78U3` z8K*lJ;-h3(y~05p!5Kw9wED!{c`8@E@1G~^Z|LgLcWf5#6^KFlCqq3?ut~`y!r!b}}P$f|11gw2B ziUElx6*7oEu)Y>Z4O*M3y$fvvVGU(7FPLuHJD#H%U90gkh0kq8Q;_bc+vD=% z4#(N+HfkBb<00eyNJr0>|3VIszwd zCx!zhZbt&{6cqI}zu$bnk)E9d(G`3yQw2J7`*KL|MRem*-NFNX0eEa$_xnwZ;B&i) zslWY~Cw$nE?>gCCSLB2@dFT~=H+bWEL7EM%3#~u)%v^%W5Ud?(8wahgs)LI8yHMbI z%W@$L?oWHyju*txb`dE1a-m2RgML*@yr`VVjwi4~0N3%Fr>w?WR1V#!w!yEdd8PR# z7uCdjrRE$ep*JeIHi#~d&o9W8otfF3nx}20wi{b&r+v@k3Cp8bqy&KhhuIW|S@bYL zINGm*AyP%og+}6jk*Y+%ZH+{)L_j>GnH=MyGpM>(bz@XnXuIsGR#J4cyrn^; zC5q4zHl(A~6owJy80QB{jxAH|K>f7J;Ju0WKmb53&Sg8gqo%UrgN+ zT;)`0gE>U9{50{ZP1Rnaq&6T;f84@Tw!I{K2KxSu8hyq==qKHh!+mzQ7@F?jWo_=x z)CU60B?;Pw*zoK%^EFs<^3 zQpb=BE#X|Q#MB{Qt_Np`(-QBzh4?UHV5OnOY~m3=kWqYTcwhml;}9wBDa&jnmYn+F z`{3Wssr$Bj~wPpV;vlOZg0Uqmm$mF-% zr^4+^S8BGVRSOL3uMxSte{q-d6pWOUq) zx8E=II$vx_!%r*Q*PCaz8oMI3Q_x<6~pBL&Kweoka5v`kQ&ICeddUP(5; z?v&i!!n|g5*NttDqe^kx>8Ac88JvQS^tq4~R_>gW15;Z0lqO|}Mf39y1)HViI{iNs zEc7Z1bOXpDtsQV+BJ;v&@~lc!qWHS%)@7+fi{9d9_Km%cPlri)QBwN#Uqv6^+&6>H z^fX?`H{9djgT8aw&V`-pOcp=eYr)@7q(p*{VQi$cMoY)`56*`bp0|aq;90Bb{h0ke zE`P|E32C4Z9sH^Ixvd;Be%=#~nG5DpBm6PmbtuVQ@p_mf*ZeNe*zE0pOFGs|Ouc<+Z3Z4g0bqc%Xcmr#xDk6p%@0$&1HAr~Oy(p3 zlr~QY%_9bY>B=4(6j0$veL>Wq6N$A~AQi z|G)9CLlbUng_BKeLraHS9CQnkH9^sC#y(666>OB5}AjyAuU)Wo!! zDoVtuQo5o4Pc2{f`hRTstgEE3x*bFL+ytHn8f?KlGN88p_If8-xfKt9MC1cBV9Slz z=q(e!X)+Lr^!rhK;kasQ_$`X#OZ!VQ;HI!(4`*h1w*Q}2?|6GeamoB|vN!opvRCl| z9zeUQe)-?D>vlB2JiozC_b*y~%)e>%qyViRK=*w73-3yvPXUnXnRCSd(5@H`+<|CG z7Rt$gX;*scn0V<>0aj1jcBnb>{Om+u#QdfEB4i7pubB^p+Aj z#5%5f-iD8(V-e%MzsB}p5t}`)brqZla#6MdJlsDdDXc(X5(}pqa!_?AXbB0ZALbQA$%~g( z%y1@Uw0}nF#T$p~*5j*P#Y!bVEwHpHZ+nt!jSgo^rM#?B#GCOy%GNLF#7e1O^;*=E zbwAzBvFUX=_)62>&z@OpG3ig}bKkCIatO5hJAVHl-I#AmqmF(Lb4&~L)2^2msNA`l zHdTxMgiKOz6X0hUlg=z7tA5SY1;_Ly*EQf&HkXo%<=QZmRI59dA0R(`c}vs>P4<&+aWnv471VTcux*Dc~-Uw?I(`~C7$Ko)QxOq_&hIa^$zc} zsZ7>!n(6(C)1E2=KFe(4DX-Vbn8xn_g&G(WwfoTZ^SG}yyN&MX1a9PdgUfu#^tT=s z@n+q>@8%M@*3v+#C^Hkw^ovAZlyslRLEV~wIMY!*kiH~A)&t)F{Vmz}F^O&cADE^) zUJpGtsXd9v{E|^ICvg=1q(tNUq^&B%(=rRfTG}XC#CXhb5Gzi+urdwCRyaV?uAoKd zs;?^3u4Rq|VZh(5^l`pRxdJmL!GJO*NrN(~N#X!A5*2c(vZ4YRf&faI9;leMti0zy zF$IJkm|jlQx%Dp4_6v{3?d1(eDt zNrrl^pgfP9eE2>hGcX|qph^xvz5>o?{DRmD-D)Kb5OE0U5lf)~CG|Q|jDEaUW_4M8 z`UEZS9l$m`G4Rum0V)RXoh*Q$%Vv;2NQJ;F8}2gLLa-?C(+zCBZcK;tKJ0^vY&c|o z-{zUh2lj&BeI{@d(gK_SxU~I?H5QG{~XTeaWm{J8!V}Hc32o`3d6&pd?=>O4pn_m%e(O-5q%tTy82E` zot2CXuQLD0xTrxh%s%>#j$Ouqip>NyqW$_gL5)?L0^)c0<$)wOKkr#opjNOw)4SA%VQ&+MLJX71o7|VXTf6=qF1D-v1%NO9-qt9)j`ccPqiVfNizgdMcEpoQ8k&M;(nruV}45v&Xuij{4#3EroAHA{$)kfh$ zjijTbZ-N-@m_Zt&!I4{INC#z}=Rf&;Pu#KEtHixY+Ar>j(b?wRuCHgW`Wjy^`0Hc? zy!!j~Tju$X;~(-C`Fgt2x-+`0RXne8j|az6%(_~`lbF4%VZEHlM7Z@jS?F7E8CIML zmNew^YA6lZ7d7UJcxLoq2HgrfGKJifx@A}OW;AAu{`{i9v&tZ3lp)4r%pMhzTO@@F zZ99(s*6zK1Vt$%wv>YhaDE!aAbygU-X$`~Onpo@kzhtKLVIHw8?zt)3r#oGo0+Lock# zji)&+)9Ec{NLa~#sX5Tsl6YtMrK?qX)S6Dy2HxDA@yqSxdoi2Gv65UxJh0Eacx*Xj zl@Qr*lJ4jM>^>xGr5LU{**+!h>KoM^*j5r*#+L>{>kG9tPxCEG^dRu;a##%aWSD-C zX=N+TowjK3?BE6v+S|(C%+qu4Aul+l!uW;nbCGgmy$9gVB~JKw$WM z#fS>=0a9`$W&@vPMp!gQ7IbM4LSz4uj=4dO6bv776V~%Xgbk{!dUA@aN%s>77vYd$ z#nJMyoz9k1^=5_saj$dts{{{oxj@*g~Z zp3d4&MWbZH&%9?yzzKi(UF>Kpuz7`4bkM zxODrmh}3fg>*Wk8=50vjFO7wan!A< zt&)oAEfJG#?61GdRf*=$iv70hXkYH_lh<5g6kLZL5Hf~vVXP8zH5}isw=;-P%MWm1s<+X zPhA-dw|v}Fv`Z#Vwd39LjME&Kgy6P+x5|D~^w}{_LjnT#zJ5^gjQ^ka2I!*G?!LJ! z|4fK9;0STi5&J;pfk<;gt*xZTm|k;&?GcRjXs!@4qV1a@6Xv02tgb2LKhzI=6S*%f z*g3>nNYvce>>rP-mLEU=?7If|Kq#wt=gFs=`A8XjVRmL{?A zjnpwcxg4q`g-QmqqSr)WC4-j<7#lQ_LRvc}6B?ZWlJQ>%TX3OLJVD-DOMcQT-4OnmND?zXbb?9^ki^fr?u?t=o!%((EU+Kf%XA@rJ;Ll`4$b|uvwj*#U#>hbK z8n7Z=ESMs=;-nr>xt8)h%npdMT#X&sVlX>BkSg62UaoaAcP{ncI<17tJzZ05f-Ti1 zgf4|CP456wYbaD!9n>JXDg!A~mozCVe0d3XOV9-O;7)M8EAPAaJ$s+K&sX35iVd`FrmOV zDy1Fvib-644QwJ88e}3@6l8KFR_FWij1$sUUhfHUQ{)Nre$^pXcxCYH>%|-* z&)}Ocx$I)X5z`BhfT7V40+X8bgKqQ(&SNseGgvk$4NYgJ-RB zpUO2O?#*cP3o_oU0x>|A-C$v9*4R1kGV(7Mm9+CF=099i*<2+hog-IXImFpzmCqSL z-ZQk(e?m+iIOn@c*D zHP=tmZLBf9Ujl#8%|@Eg_x+n6|Gxu1(3|)Vj{HA>UlLoM_@U`fvhPhipCKMdhqaO>3=U6$gLDqI=eQymYA?16CHUjapFxd!Z^E_rX|Ij6V5^Cf zDsH)UFg-e#l82NLTkWT;!?>T87~Yw#sh$3*|Ey^2qnDE(QB;;3hF@>;pUHUXH~%^r zKY;O%$#{v1Ka=s@!v8uMA72dd4{O!8|7fi${P{U_6ER}J^)^{aU~Dj~BXVrG7r9G!2F zuE=^Kac1{y8hDWirEFgI@8!(iU7)voT0T z%fx(i1zC*Mb?&5ji5(SH-r2>XSN8Ly<@O7uP2T=>A`#2;j0j&3D$hN6 zOt(nq$|Vm1R>0WDZ7Im09V2ZaJW5mnl8w;hygBBW`2lB0E8e%ngNdzyb~fA8ns_VD zK#a*%LoNz(;rDO@X*`9@plY^e)>`tvd_hJhIPlYirxj#$e0boQL<#|OlE$q??Vf0eOQhHAacXJtg z9(T$BW~1sw+p%=SCq3c6mU+CLPEd7L%kHVe&p1^Hxs`gE4gTO0ZGEPs;HtzU_~s&A z@*{W%BliYlOb^LyY(IudEQA6Z*D?azE&a~|K`P{~dg>V(RaP+{iC&JH;Z_6AzK*gl zvZyA8Ck5qwgk>w{%3xTlP7mO+P~YdWY7)^RZJz1VX1?>4NuT5vcP3Y8d4;JkCOK7FUs)cGj$|jk=3|n4E1$Doy85th z@Gkp=?K(8Z=R4X4?c?Z>#5c<+eY(i`y7rEs(|o^-`u5zK+`e}o&!i*D-U-%zAf)OV z-lc7yK#lgk&Kpxlt1(UEtuRdUe&D4#Wnk&E>i@%ZRev*G&urFU_Q;usVHsXx(@ph^ z-C|YWnscTbs!ZBdWdY&}XPvj(g5dF$ubG#d^Hc^e|M%PDKt1EN^z=Q$9r^25?B^6% zn?hr}%UudZQ}iOzz;nUJAHRFL$>JJ}Ca)_R2PO``D)A4A7&5+_Qj(Z=1i#3b+fr) z{hdCT%1WJW&3Xy)CFZQl-)K{r(g=^F>avI&HM4V=; z4lRWvt7~>$c>EXlr5`VaFW2UL++D&Et5f$nw3>$&t5d{78c=ee`HuQ%M6XG$s;29l zQFezTKLC@I=|~sOsId!UESG9xy`U=L$~axC$CmY7u%*D3+rv!31ldy~YUJ<_p?8ddA+xUEwb1O5BbvWM>+aNvevavaDSD1oqbdhoL3|^IB%?W_%zSYU$ zjeAErz9^3=Hn6pf`o3%P2o$nrK(n^y^D*3z-V54 zKiSpCT<-Km=bWm9JwoKhg~W{>Jf;tU+wb-Fjh0-$lXrWTfvchPO9pM{bLx-$`h!Uv z(-rx+9>AvTm~LOlfG>r|U9Y<{JTCb=FXRKtRTdtzsiD+*MwZ(Y?kyQd7>YVgCplqh zT*VT%>1B}6A1L=P4If+1sYmVc5zD$;n#U*GBwcT)IH5*8LTSXVXBw-*ODMJidZnF!y3Dsm6Wb?fU5dN3ci*NCwSJ6e`03Me@^Xe$I)RQo-ho^r8ZLVWvN5qSVC&HYm&V6EN) zFO0W!MX(P4LCHR=fS6^o18>?|F8H6Y07~KmC}|r4prk#3l8t{*axC}{N`6RSf^*SN z(1iT-Xm{g6Y`@y$lC#8oOKbfmy6R?8Ukbr}grxe=rn?wIk6h0CJhF34Kkc~Jq=Zik}=QFvGgp$egD zDGpNAf+}0`M+N~$5USgVBmiJJ80!g_Ez6Z5o*01Ab-wU-&oQ`ntN*p;KD_OoYcwub z)Q6Ra0hR(2@M76g6&r-&s)3?^_a|fF3V_CR02b?exv3=LALG~wXEy&nLZgZ65ktPS8pr$i zBMf;*NeNFgHfK_)#O>)F&r3$xb!nKQ;5;gf2=T01rwZb8ItuRo0Nf6Zpgf<$D=8fhOv1w6ZOOvUQgyKi{P6a)08#i;+zKW)^>|Zv zUxI=0es2Djc3aY3298X@pqbiUR`!z6W`Z=8O_x!sEF1{*F7{2Y7~E6sg&c#{blrf8 z`BUUir-_!;5=+esbmsSZLbcf4=bXDTmGKHyh7egRyEo`vbzMVTo zAwgmB`kdrGVW0eyuR~iL1`C}7znTd@qwB}kbADi4$C<@E>#k?Uv+-Br2g{EWM?$nrrezKGIXjx}wT%4b$deLY0H8r9(N-A_mVBm8}qLF~jJ2JXxgXQO3w^xTrkghXs4 zD1V7yxN-3k|9iv34#Yvz2N+yNavx5Mam*RC15{LiD4pJ$3{_uJW_;eK&mSj~&lQ;~ zhemx-X6n6|dtWtGSc%n$_On96GBPGRv6DsT_fF2j?_Ud4wo=nZgHTZx4Vq7FP6DzP zBo9-yOIv6ZPkGvLFXv*N4@(~(_|`kj2Gva0Dr?!vv0|Be^qS!DF(gBK(+LPezA44u zvRP?CZXl*1oG!iDgG|Mc_-Voq=O_0V7}Cyt&&Yl!$vMs~D+a1o*}#LTR&j=yFa26p zX{+8s6gR_|!ogA;pxW0ulyU%5&^?5~b{TcRMz5&AdIe?qjx2=Ckaqs#YN1}VADhJn zMp0$Mx{wOCZ34st18Bj6K6syj|(fkepm#y_y2O%!c2%0y+k5+Ut0I%nvm(-NKw$7khx{6JZm;g zbyKZY4r4Pk@-Ej5sKnIL4novS&30z{1UDy1$!{g0Q~`HX$UtA1*#6sE>1kR@fa|NY zB#XYHU;0Ho-$9HP+m5}-AUEYxX$W}pDwU|;DOKKhx!A-ms=>JPjCDQrm?zf=ygDO` zYSJw0fp(7hs@7ZWiOxM8$s=dr4a2xd>#|! z{@|KJNxV0PV^j2cqlV(G&-<8=1;BfS8j!N^ElayX7RY^?)f*7JhFf)aJlGwSlo~!v z9DwO9kQ=!bH^IXp`lb>UbjOK&pFNBuE`4Os%D{_8p)cA=tvcIHau8d|fkv$_+ewWM zTK%9`s*b`X-MNTk9PuQa2?~J|a-(5w% z5w`gVyo*f$WEmjo*%rYm!c_PZVW0)l^J|9#x0URN(^{+n_6czn$<3n#5)r=Roz+!%UUun zPeQXjpf7B!*(o0!8$B*|cl8iC^?Ym1O=2W~?7C+x+Pvj&J4a;;JfDOXvXmxc4iLf>|d#&Zy_y!I(NWWo}m@h zAoHW72*KoFaJ`HoD?ZnCnCgA$4mn0|WfTwgujqI9(J{_Owjs(z4ihuwi_)vXtVJ&7 zG|Kpxg{&W#V`gey`mROSW*MMhma(@d!RNZ(hokxtk+cXOQFeL-bz3y(e!{_0V_Zr! zz{qPIj>GN1WA=SuSzTxfjJA|!k8DiON9Ue14QZo=MDL_s@WD^X@GweD^N<1gVZypX z>P{tDpi{*JO+4@@-*~<|vE2R1H9C0u_M@Qzbc$wA=7nT)X=gXah}}z9(hC-wcRsQ$ zvY2*7$ANZ0J}W)R8^24T!(g8gXoy+*U3Ylx3rV3=W-Q1kWcaihFV^TvY!b(cgyt~n z-&Okz?TGnF2%m1=Zx0t6vD_B_&{g!YfaiXhps|}N*liqduA6fb@Gt0JD+u=*jIv=i zx@sF8^1t5BF7WZm_ghkXf9m;TuAIYZuyQy3E&4 zK>5Aq{UEO8Xvy>Gr4}~ZXqSFQN&nsXi;1ymj&N*Xp|AIx2zK>0OmME@_IAzrB6GFG z)TZwIWdmOyycrq!cFXd>?(aHx&dxSIe7)<*3$Ldq@0!~$NR`>%b`}+WiakXMu>RtZqDT+>~Pv9M}6Gby;oE)UOhkYJT7-Q^BbV?>3 zNO`c5w+|jnc?7E9j2s^J%ir?sg6&4DBj83N#EI)xTxZ?CfPsjb4D@B|47KsF^|xOV z;zDST`cXf1R#2+Rxfd^V2;Fst=rl-Q2qKS=y`C&EgoHCI+a(B}ARceh+o*{|t)n!$ z$NM%rcGV?kfLXv%n%IHq!sCSzJQmvxUSY z6`7E(I74Co56!~gWHk+)GSp0 z)GWt|hB1Id2HszIIR&VW)bU}R)4_eud&#Lm!d&%JU96GK*&L%I5(2D1>Z((HR7T&ZE#s`HFJoz`WOwU^r>zvB8$ zsh2QX?+~VBna2)Ftx*ABfarb)1Ch9D7yVS0f!+6}Om+CiVz2XiejC4<{x#n(!q5AM zh@5)p?m3U~V=kFzDFrMmZ(ypsHXd|!%$H%`=>`54cX#9nr_Z~YDy)E-IN~_a)Q%(L z1U&jkZQgt=`&>_wrBvzVH0-=RLcDq$av7$96vZo;y;MJk$-lHkc^?{UmJNXCA=!Vt zX7hBt*KN|sQi83z)d3%7>4XJttN|BRfnXtEUUCU$Er$e-NaANeNs*dBHnVw7Gb zII188Po4mu)!FJ=aDn%;?H&!g>lL@zE@-l`h-%}|mc@;N!|A#)KXF&jUw_Arr>e1J zaoh9RA#8We_qhd|A+#Pc%^(fXOD!DdGe;9qh%4gdfG!FO!mn|!(L=*;Ic*E|QxY!@ zn%95-f(PZP|JSwM`txmC-@~YQZ{VV6Dc0SiSdY%TJ))3S%1f|L6`m`-;!zyl_2|`dN?}LAMg5c%{1|ZuptO zD3=t({BUxUAK?b!-RnQ{`nf#*qxSK1Qu0rpgO%IRI+lnq7`E}BUqg48vbz3700~SD zsF8JZAKl#Vx3 zV>S9_VgfT!O~+Y@T){&Suc8%Ko6PKbcneZSTlOzSlpbncfDWZ{2?*6h+~K}_-<|qj z!gQa|fy2+R#U_ixvQUeEUrK@>{a2Zj@9BEAT{eK7gs+`}?>(228&~~8zo=`_1T91z zE!8?koj0;cf!~Lqg^u+YLYLdiW-ut zHc($-eY=U`$B9x=U`P(L)0e4~Dym#dO5snf&6$Bu8D;;Cxe=$9h?` zsG;NzeZj=!=Quh24W;*>ng0vXW$iA4C+(L`gnMGzpEGuLQI_BPpzat}L<_*7-3y!p36b z#-eL?1566oauyOe2mG1`BPXYOMLqh;9%P?P_iF=JbdHVWvJj1;7&0Rh$(MFKUa z;DMMxE0pM<7GQQ7&lwtw2;!y#IYDgfjiHh*mxykf$ckcjg7ty!2Se58kU2&iHM+D=$XFE-wB)c} z8kphmqcFRY=~o#1cYieP@;M=qCm~re1&!($EcLb%yL#mtBt@!U(Yu$?Zc*R;l;f0H zzrf7K+CMgXg>!^xN7K?diwSa-+8#^a6&ualD_blDNf<0qo_D+n;SFN6l3_={7{uvb);76x+i|mVZfIE_U4B*g*C-nOCLWjEq-u$V0Pf zOTIsDu(rh;-*fxu?`(HI)Lm|j@u&!$lo8*y+t{RTPVi_7oqUKM-M!tZD@4IHA2>4> z)bu=2U*&XBo9`<=q6-Xr`qJX=X8x4sX*Yufs@~CwlXVnHDr#{ta&iYG?#t}doygK z9<$xTPL|Wr%;(oBXQvk91D^D0)(eSI`>K>>rjc|uI?R?|RUvZNtXd?l9~VPOMs>1d z6)uqOL&-O(-hZUMo=#taj-|bY*@D)!I$mn>6k+A1~soVoV<*tpH{#p?D_($gAi2sYs<#he0 z%=P{wb5S-`o|yO~(?9G_QGd7W75fp#D>Arl7}~ph+SC@F&p+vM703^W+)3R%o5Mox zi^@iXJ}s^~m&t9V4tb4XRMt&953nF!Gq-q-FWh{}2QjzJde*Ftp0yw`XcX3-bI=5L zqnMj#ns1a6qlw8{Hhp=M5({@p7sZd>d5NlFSOFkxk$hXX>$=J@w-1L`Tyt;5u4yR9 zer!U>=K%@VW|L(~i^8j0-fb!Ewdi}hkwCFw!Zcg{yy>7GDdW@2`Nk;>Gtq8x=(3Z#wSb!~3`ghy^hEFHwR@agO!j?~tto z(yh2`2Wk+93e2$bQIRVcQAB#lVa8^N1BML^byWiQ+LOoAZN8(>9XCZv6zIC9#p}i( zkc&F2Vq~#)DNTN7_tF$y`MWfiMwn`=dc$Levi0fa3f9x{a@puy!7kk~KO97W(zA(1 zfU*sV5@D_OA)-%-!LMI0I%Wnrm4muiD6+4WJOAIxb42Wa%5x@RZM#F~JL}|WgvF@w z0`opt*VetO-S~@U3@FKAkMNYQ$wCH`yNvNO!~*kp#at@4R8JtqUqX2nXS>XZfzmHI z{!ILDUvOUN-&>w4-$w<>nHPT#XjeDrcm@lFx^DJsBy?4r*Qwcfx zRnV?@cqJeX&xIY97UV>T148RuCDF4LhCo~MLNmCjx>jzv(l#7my9iK z0wZI{(3H$L2vbt5lX~k??03I82L1SQZ)q9K!}F(9mkRnN6cuaFO2rR$!>SwLJ)PHU z+}}S}1YXHZ%U^Bp)VBH)Tbza?T#4ga;Ub=TT&u8^q{x#OJQPM4<2H0l>-0q*TWkr2 zZAiVt6ZuZg_%nAY44p=)Ds~HfGwyrh?VFz$3YUGu=u++>$JE9@A}-15t(9NJB-gpY zv(PPO(fc$BY9H-p2=2u3no`prL=NpTjvN+`MWG5H3kZr!Qf{B`df~mhJIwe7MF*um z2&FDb`TNd;DWvIZH-r?F6tj~X+0&&g?KaZ`j_El--kCZkm3Ig!&ps!EZk;&&ASes3ke70N})PS{5UpCu%i zdxFnUrLj+Zfl9M}?EoZ{xKm;9?LIl0%gJf2@2K8nl_KvaKfmpmCc5Y0a zq~(&RS16HCtYzwBIj9+BBz~o6uFT#=2u2;*8d)U4e-Ny15q3#Z1*C5}EEV-)X}|DQ zOSqqs8SG{9{+~)=LVh8@C56R7w6a|FGs2(#x)f(vHQ$%gj5dgYGNFiKmdcFQx~)?5 zQ&KNekk+z;PveQQ@)A=abrj5okUXm0w@kZlJGipK-i|Ds2&IV1*eY3sql%F7$nu0g ztYw4IwV}8_Wk9FE&_tJ_P*9fXs|AAee_Pvfv|Pze*9K2tn$l{qM(VGRBAiN~*jZ1fQ@B%n^nb z+jog)QTQfMA>{_%@q0~~(%&D^Hu%-S``~>Jp0-0)i9Ia_c$cA(eAB#U9yYb0jX&3K zaIp5RadS%cHmPAcbGic&mci zhrjQ0DAVR%{rT`HBTl;BKlXP@F^TcMs;4?0>gcPzs_kb!I<~l$3?M7jB6i0$l zD;mcfqzk3XJimB~Gax&<6b)uS=RCje`0fEWtD!dEz0keT%C}6YtR-ixn^=T#hkxg5 zV9Cg8gs-~Nz0tkV%10ZbReyHonP9qwb0PvmPs99}*lvEUM` z0WQgu%Br*&6rtRi$@?E@!cSWsL(IMU$KJjA9}QP-+7~vVy)e27PYu@f(+#M%+)GIK z^t#tbrk+Pbj^-g;pnky)>nnp?u&1Pl{b3W@!RRF1!l&{O!&zJ~r)A()2-g}I*ZI*@ zsND7zPf*+JPY5@teb_1FT;B|6;oD;2TUXF3Am`g4+$`UKPrsJEbK9Q8;Ms#6uX2QC z@pK=5z6AP>qEixNimvB`F5|kue|O$#P%JY#B%T(g@HS;Xcu=kkA{GkIkPL#O6N@7N z#i|30KE;!JArHZk&82}5+xM2I+Znul1m4a-8UqhwBS0ipydk+nHxd3-GzT7rNMud~ zkr^VA&8vba;G|I!1eic0v&AIs3`Q>9zii*Y)C3Y!g3q?rAnp`(;m(ma@VmLeXXfaj zb$qCGK+pem##0sKSEA5^i39G0@UOx3pKqTd0(m)~fxsnIP#`!E3Wxx7$A$npkA-j| zL<9YG?4<|1s?ek15AK7AaNK=IpfBkHZRD4T*40Q+V#U zd!P5|eL{}ox43*t!mtgj-~~o(;mB9$oF$M9bXg z@)Lt%@xCw*W7D!?;cj>Tba*OK1?u6vf7iohXr^#5p;T^0ly`5KiHgD)z2i(|n9e{QeM=YKVANJ;|B5x4V1Z`K zDnaQ`It1&E%#N`B?ig?a$n)0@%eD9KD~I)b>Bjn6m=TI#s@EWdlJZO_fuGU$&QgWT zBVPIG($e#`ddvj!kh+}Mty!2NMrCdKx{W|{mH|y(9v18#*+v_pC zRDw1JW3z)r;oAptla+Itn%m-Gqp=2B_boL6E3WEFN-0XdheOZRpLNU~xZ_fle1GP5 zKKOexl!-}xfC$iz|Dn&X;i<5?y&d#WXVYx-Z#cnP^#><{qZsRMpUE4`^HAEH2$|8K zpJmAiiG&_=o(u-z3o#;sd`qDGxK3{#_qKn#UOuf*-1T?heM$UH@3O={rg{Hm2~^

    PO-kK-%CRflF@KAhpe_SMs^t|7~io`VgUnm`W^ml=Lsx5;d` z$JOMQ1B^NU7zlX3p!?+0koCqVXJpzuZI90PUJ5vy+GvPjwwMpqZsA?g@Fo9a(cA&o zq1E6HCC#(vw9mE z*!cN-%7Wt97ZawZxQ$RZ0{IWr0kv29j0YyO8799UHXc!ICde4?I4FFX3C*_(&^i2q zw!|R+wb5_*&qlv)Ine0upMd|jM!))9I)>TPvjol1i9>}gP1|nIlSt6PDW{xS8;Cp3)j7H|s%&c0$-t)5N_8JyzSO!%`S_{W4i;y|P!66%y6 zyMVZ-XKUKs92wQ_N$Yo;M`%~q2RT(nKmECncHP@4QLJp8*ShNuuzWG3GH#HmnG-iW zwf0eDQ?r)CG^rT>vD1Hu094H{HztXRR)8$dfc`lBojx|sX)W;#iFDzRQVj&^r#wA> zQ$;VGJRl~@hO|tcs6CoHP&+&8^aK^(~TTgB24~5Ho>-~t|f^9!_Ha?CQD-i1VG6f0*uATMj(e2xg?|l2ZkPRz*7vy>uMfwL=c1sYl zZDVJ^k(&Y>y;s318`}uD_x)}en3nJa4?*m2NCQ?edT8E|VM7Nc&>=xqaiZk!pPTY7 zZDK@k5q@m@QHT~~;MmnpeO2s+b*eRok^B$Cvjvh=Gd~x$3LXYQ|Cor%;jv&aDNLhA7p3gP|b9P)< zOO19mW-lthrd9v^_1fu|^U(xZa<}$mdnle**KzGD6Z5pvdt^e(eXU*xBCKF1&Ao3U z76G!1(X}SRU`<>8S5BjtdIX;%oga*Qb-5ZVL+K+nn)PZ@KHvZN7LY#t@huqZng`lS zv2=u&J@Z|bdz)`RaH>Vx=(*S|54$+hW$^Tk61V81GbAKgwy67r<#u&c_LpHIL&%h| zl_110U%4Mv&dS+r{e!`zDF^x9&hQ_m4r zsN{XUx|Oivn-O+~AJ&2EiyYMV!D?I|IH@sT%H1FI{E@;AVC4l=>8P$(5hd#2IRz8V zah(6+Avw#GkG_?uJd9cgxYVWx^XBS&{C;jqZtzWuZnYCAbzVi}T?%zxqu8z2gOqoYw@9lnpfX5 z7+7aO?SMu}3kc{414YHJyCAhT{G&>D)9*=}wKlKke(K1=U(A<7Ud$KuqXp{AB45no zM|CmjV3NGFwE`y(q#yAh;k(yPL3YwopQ%IL3Vj~@WsO_;sBxvG+74Pf(y*3)yA{Gu zFk1XERnQ}Aq$o%Vy)CHFRarLj;BdSIEEO^55I|o+JaD|X84G9bX0#A?QQDJL#QbwC z2YRuEd0A*^;jM!7QvYK3m%^il+^)nYkhP3Ps1cS{suWlBSgbxqRf`eUyh_N2r|F3; z%5oxx?TN;iG~7WrBOK=3m4H4TGpY#;QHvQ9n_>BK+JuaEY{^&};p2s^^`g#YR#wvV zr@1Y{d?8fS)Uil!;~AI|a=rpMKv5iYFT+j8njowQkTDw+tt`;!`9v_Rs`Iz?f}sfi zgEfhYH7(FAK%$`g@eLh4RWx5!TD?u#W26=?O4gV$RJ0YrVNn}l|Q=yIvaYIWmrctOh_Fa7q+%FEDsY5Tu&W5+s)(X_+NN6 zaS#h4;n!^Wo%Z+doLC1wgcYL&F z#K%H1;N-!C>@g1#cG89;Me}PFCgFh&wzc74MSGe;{USD6M-t(xnN)H6DnuBIZutr5Rm82+?A=#gJ{nXk-v*vySH0NPJa;s+iRzE_kVzhQ z_jdO#;|CkaAowQsAb5G5d3({5Pgax}8<`kwF~-GJ7e!VLU!rz&+;()NZcbmnV*@Od z?9jh8k#-dbi~^$yt-Bml!b=Sz4_BK=)FTgnsEDbb6-ZqV(nCRCmE&7m3D;D^vE|>Y zi-DZmmI+HLGW8;7?E}6zAkfbt&W0r~T!&npr`^2j(%Y4w;7a)EB6rk)qSsfS*H>3x zCoE)Yc8FiOGc}edN1I-7@84>y=AUq?)?loBQ=<`du zCd+joanktKfDBPv&IM>Ds%~0F)L0=bX4V0GwON;!53ecmksORzdA@%a9BDgdSZ_@;upS zZi&)!1c4D9$rLuY#Tg)oQ~=HB05sbH&}(vu1NRXD_X(hQ0r#EX`J8(ZpL;=2Za8;uXFz%h*uSa9ffGgnKV5)Y zx9kX5T0f()w3dUY0H~7(pf0_GH~mTY;#;_*VpK>V`AU3eKKJkojYEN_j@M>bcz1G# z2TSiN`u}%t=T~Xa!+-U5)(ro1Z)f25|F7N-g*r%51!Dv~>pqtt&x8lD7=QW3@dC*j z_AOlR4@X^!kzqHe5x(bqgk<%^88)BQUgPqS(Cm{nK2m>9A^8#8Iurdz<>B*`Y3)>r zO1_UxI1$&iD#-6Rbc01EKk{jjY5&9L6lGle5t{F>o={YZ?5;tkpTi+{9H!@Np2-3@{0?Cq8DTHbRQGJm_OhkmN_Aon;O~mQ@8*yg*s(0 z?SYxr4ciCe3PUbFU?HiFpvbW}5#TBz@2-9I8T%wCc6!?Pzi}@6Z=6G#qhbQOL-WjF zkfh;r%U)@AHcigWT>PUxXXEHkYXbV5n@Wl6%g0M?)rgq-{F_>$igu6k)6Z=~Lr~YI zsVd7nYC&>X%e?$=f(6PEGJ%O`>E% zx_@W7Sh4@abc&_J_GEu7+w>g;%O@U6a8UP-&CB{v&Fd$Gp7A+X50;kH)ZdatZjWVd zTi)~F3y7>r-Mvr;F|!2D_@B3bdS6XS`RnleEnE!(IRTKF#s-E%n>-rTQt^@7Zg}OVqcFx+Jr|k3NsesYnWeyVD>~(y4y~_#F)W(l z|5Ni*79^jVodL1mx=7WBLb~j5v$LJ)0J}wrK5UvM>--y-n{&*@vfO^h2s|b#o33J7 zfBvP=uda-gac^k?unEb>8Qk_U_SiS`KKB0!bY&K`w)fQ47n{zqf#fjs_)#y2c+CmWg6w)}v~%rGKg=bL=hp z`A*1c5jBgvvIx2Pk2#9yI-t4;A!_j3CPZfu;C%Qc=pKo$?sUwezr0gZ>n*tH&`rmq zC(enkD?zz+S>U(LJhZpByYY2AHAt!YeAD^$82&nLGJY!8H?-|!Z%+d3z1G2rvmwOf zaW%y|w=%iRDM)9zNo6R;+tWi4FY0QB@{)w)Q=_|ku%-M7EiKVPsZCB=?W{0RQnt*Z ziaXs9<20?6Zl6Gm>Whx!D%_pCTx#xbSNU4+)?WfsnLm26r51nrn;lIRL5wL^_tR3b z2Fom~x5THwiaj&rS5DWKQ2MuI%FKum**hM2o@=l7_RzDne#Z$K|n=Sk4&lurADm9j(TU$noUO=I+VWA zvc>`#Yvk*U_lKwz1$;v&;(_l!bqsA$f7|lA19sb`HAUJ0YjYjkzl+BCJ_Jo-01xQk!aWDZ<;Yl(mgU^Wcs>w_Ugpy3}vH zsmeL%*L&#E4LQ1azT*(;Ij7BB=*MnZS*NOy&pAphD>O`HbMJf0YEUT>Uu+q3qzY`( z)zzN~Lw$773~U|)BdiS0b?XP`&LK-f7e!A&Lu=^0MSDk5%795y8Vm_vzR~wNKG!6Y zV++DGMWIkP#VtILrIt?==oK|A{N}kYz>TCwFjer;r;c$yN?53wUdeB+Zj4JA0gvn& z!lcVfAg3ciP%SgdbAjYx)8#cl$q-af^2OvZ@=c*5yJg9sj1wxhc4-TojYSg(FW7Ut zM5GPe?uLjyc6}-tu;l8`jZo$N`LXMr3!4i|A4YG1U1Pz1UYC%a zM`*7;kN3q$cQJgeU{YY*%EkWRP7}-qBW*nFn!%{IaMwtN6gFE3PIq${Bv4LXCc_0v z%#NrLjwPUVP-oejKS!W-w?fc57t}iXmBrf}7ZV6SdYX9Hb*6$S&{HujcpcQmm;@03 z^>pL(M)7(Q$(_GXyMuB8#c&sDJKCP891h$y+7v zJ~<9EbK>`1dcbqA^vv|;_x(23PkbHhfurJU1dnGF>Kjg#RBVPr;1 z**z?gq#vAk`SsxKwAtkqJfjJ-a59)mi~~0-0it*u1F~2hvpa>d-(^{=cLpA`vm4&P z^m$w`jD2f-p8>rO_aZyU_k*|C(ctF@94fS>uDE?@KxhFb-il%PJ$<1rX=h>pC#ugmPsWR^I#2V)_<7u zU$WU~!*;?Z!ns;gK=n%HQ|+`W3c+PzlP;v=O|`LM{ci82s8Kk*i2!L67GQw!RRoFv z8BfqdRVOhEQ_N{A?qSn_#kxkQX(S79e^W4&UI`qQ=;s8Xf%#1flgzm7r}85fu>z(H zqzhkjud<1lC-U7P8bOsS~1Esx#z%(qYC4e)a$_2?dV zu%-M%dwfVx-4+~qrXM8Ve~_d-l8KOrQ*>dB*9Slw$+Dpz^h@?3OuTpe>O{0u+8p>r zr*8sQ3fDW4L-*al*mvI9RtM-9yr;>*k{iepb_KnLR_}XHQ)?ZTW&4*@B;Z+)JTJt& zpN?UofxZ?h;I>xKj5}+{XR-(;+FI!zFybevvl=8p#P?pz%qPAGDVTK&dd4B9y%Rvj zK`LpO52R`aKl`0B``=-zApqC;OgqH+Qb_RDN$j9gaeH}Y;qJh4PSLQ)^%#0ta`V9E z!BWU>3pZGDxqU1%%s?t2k!aNsdfaQI&U>vnDM=Kcj{@8M*a44^_%w|VyneZvnpd3N zwxC!4SJ=^Dilcr`NCJ3xNKPSv`!W!CNYa7tk*7a6dSknG8E)b9NP0#*VS$KYDS^f4 z;#k1NRHt85gXr145Wh5o6ZvLyK0zOk`tl_jS}Fk?^|<}nfN|W7UD@JlLP&Okh!g`qb=H0!4)0?oPpxtJ5YcSAt?qb zx@4NZ!iY(D^QhrKsO-D@BV@(6@r>Rb(2ma+vpC|9Z2k^0r1sv>dVfTQ?y{ax2k0Bs zd~Xan4m<0o&^t~b5ulJ~bRYtBB@h8E5;GWq3cG1_2u`vV7&@$R6_9&%nP0{^@VsfWkc4d`w>!2{~(ku+GN z&_Pe&PLfpMZZH8s@D6&v+(U z^?U7jk|uN+^XQsMH>mjPAcN*Xigd5cWD&ifwm9sC$C`cX8wiQ#2i*%-+4NLBsP-~! zOY(Hyur99gdS!gMNv5a%xsR{~XS1mFfX$lxp62juUVUUgQ__mFkTD+KnKm9THhCyH z+1jxoAAekJL%(Az4o;ZDsRG`oBNfuTHUr%cT_nd!n!?q)kV=18B$o*cij&-92R)Gi z_>Vi%$}3Vd^qX8hYEh;?Jv8a7j#B8kEaGOItX3j+?N3a>rgSL{ z3WFNi2E?~NMGV|tkq!Il^uYn>4H1YR$Qwoq$UB@w7TEi?f?d$3=xc#^d%0cz65a*K zn=m)rC*78}fFC{;wtz2epf8ZhVePa|F<~?dVx{HfGc_EAUU!iJ|0dhl8hnro$Q5}( z=oOpT0?HMey(ls|7f_@+Hk@1Fv3AHYk4z@So(@qVU$-(4hUx^@b%Yl^nS2oVW~s4P zt_?g2vB6)Hly<*t0$*pFA0Sro2dx$uVeif-#^LISi)?=Deq;G&(w2E;={HwG#$i1bDNH!rkaM$zKq zY)vi>ntlcOKbk?%VRD@PA$EeZuYb9rm4QE{(%d;dN93aOzJyQo@!e`!i2P0OhQsGD zWvH+?7iOSc%Z77&14Js({)$v;u*@3$JyJRG{*Oqd6}MT3E9z-K_zlGtw%TmE6BsdY zZZriZ8xk=d19Yc0{g%3^ysyQE9Dlm_qkl)G&=z{ugiBie1zwPpj^kJ8 zB~MK(QccE8-pL8%IwquOq3vvRBYlbzIli?VKB=f#CP=-#w;x!K;@ zY4LG>D_G{|=H@)jgljXAZyP2b-n{xZW+%>HW~X{fJpnq*GU5H^Eu7C+-fWoN=YF~1 z{q%>xFf&`Ur@(YNl)%uYQ?5)-220U&G=SF`De-r&v+(a;XLh3!-(Ozm!p#4#UZ-2b z!asSPkAJ+*>0o_nXsj-Q+DM>A`kLVC5?OFkZ|;RAM#WcF+0*setCCC$N=|LzoAwio zAI7=D*&Nx>-L|+0f2#-${@*J?DQksq|L2O3P#~ZpL`e-lyQzIe%GVeY>gG|Ex5n4I zk?|3y46FOKkqG-2hmn3ngw6X>bC(~y0Ra+bj(z>=AA!vN2@uFo5Qc*Qg)IE5_rHcG zzXHOONSCYs5XjF_GP3t*ipEG}GX&-;d0;*iU*}!-vQ<#0c@=YoBe~8p;Pb|Wc zb!Cd~%@hVAROg42gkN6nFR8VxBZO_XsXJAbwmBgrrI3f)-iU|@2UhLHjJFAj> zBDxg&-PqIgu=m4<7#z~AZ|g;Wpoe9)q4FDwQ9bTEuP5^yDb3H!PB){)|vv3R|#Y=qBr6_*N{{MSYs>5cxp~$a`%rN2^d|u-aB9>tm%&ouyR3|&aSTRqMXX(+v&UIK zJ7AlM$tZ9p#-f3ykM=+q(XdUn@pn5o>{oE|*^&WP+94aXjshZ^XdQOi!Ac_K#YUg5 zFg{uKXCoaILeu20+pZt)Z^QbE9=^ia*uuB3-0k$OXy~)K=2?Qqb>Ynn-PW=kgl!f< z^X7z0b0w?bYtyL?!nD8p-!ss=kCIlJ=9Wp-=$|vFx}-;sGYT%=O7I60+epYQmi%@5(#u$adg1$W#-@*_N+ zbsqop_-&_fH7kTU+Jw*Qv%xFWdFTD3f3?$wlrMhBA9fiYM|FVM$of4k6!85nYJ}5# z%H&5$>^Tt9V)y(z1SNiEnq+JrE&HU{BJ+Mh{`19f;^Wb*?h%LYaKPn~V1x98ex&TO z9p8gP*_LUV^D%i_l-uQO88YQ0^P&9asgJ5GYlCU|6^8E7t>lv$9jw*ho+{(py#-7E z*rxtjIbCh8zkvBdg}-~1szTgV7tGl2z9iiW0rtX=Xap7cx?EjkwT6{_s0qC1qn-<- z*o)ZJ{9nT=YrLq=x-}lYo1hnX(g}KxDa}C6(R(1y2#2t}SG6;UE4)2dwfN2my^MFb zR6W0H1=^*9q91Qizg}SUKGe#s2Pa&5L`vMYUjL?qJKCm(Rs&0pOO|el{!p^&`L_4l zaZe>vu0!)1Io+A#p1y2mOT~QXIIGiMFjwZ&582G8S~+rWEhlmwwPyLOZvFxfU!pQ2 zdYUO)9s>0BQ z`-izRvF*Vm6o0gU`6w1*nRzB)8)ru;T4@V%DOxMVv`nW5E&{jfsG<$E&>ql?yb`IFalKoEsc0%4npFT5PR^zFQnl(M}sD#5wsmt9rtooka_U1EnsCjM}I*J zL*!5te{jtxY2>+rC+}KJ=WvOiAFHNwMaP_vE8edK_G*6AidzA4+Scw1ux3!4|XIZH5DkN*5vlQIr-y;`QISBT6MbEJ+cM)X0 zAOdYl`|%cC_rp)8E?w1za!L4{x2d|_zy3XMHpg?;@|l;%`f zP#zCKA4x0yyhA07no-q|lByNIrhcFHCmtK09jCP!2>%wj;fQ*?N zG!@e4R6v>~XD1aoS0>|DWRkd{Zy#^+6D zfA?SgCdBJ3KU${ul+Xf_ByT3o=q07$HLnnK6CXGHB02k|67Q9~(BD3zoIoDddmd&{ z;8#Wm42E23x$hpQUE;xF35?Km`v}IX-9G+&74S&ZcvZkf+H)O{$=6umDS$2A z`cFi?D;`$8s}ytwc0KE!4VW|8S23UyIx7f)M=4JdAQx(AV3%^3ohxMhp3T2)+*-IF z8#KC*`E9Rm7u%(9D8%|h=na?-247ZPg1*p{W?J%YXCOmstEg&uVZkB*x+_N*sx<{oL_8K7QRZ+syeoM!dS2lVF-3fKsStFKsGsZ z(?4un&`wHb^*yd-L={*}LStjv?4tfzp zgO&`=sNit>#h)V)gHc*H9P@nbmrzo1#1Ive{*q#YSt(Y%SD=!ka-ip!VIb2yJk70A z8ZxU!2GvL$%8Gx|FF_(3v+iYb>vOCbG^kP^*-nHFZQ(wOA7b+9u&%K02QN} zZUJ@_M9G4oU-M9Qn2H?h86>ZV{5qdbd5T4&DxPJcWs&Q&AdQMkqZy(sAKQ_*RsWEI z{Ze@ro(e=61|2SYB^J6N?UEz4&6^Ompy2fFXTu|K@}h?hFofD3r*i1E>e3|_=+-_nAk|8B^#I$At)Y{u3^gt#Z%}aX);ZpcA z>f+wB#BaOng4Bm0s)dOFIbCU5U(xwfs!F@AAtHYtKA@Goa>HIf1C-4JvUP$cts*y)1%9TgeKnOmo6eY&Cs8!-0k8+KZyq0 zXpc_|=@G|7u@BvqGrzr+`FNUV?#|oUY~bP`Ky1#>f1Enp-NQxKtMCp z9E~UcSM#~D@!y)y=6R;tn@xSA_1cz=Hnj%S+y9CU0|;wQJf73v(^GPC?&JYitMOMi zr#CwX|AxVV$Mp{ehYE;SamF78$NwQtYyyZAuT+h51H$Z|x%+y$h+BX6pjS01>$QuP zB>$g#(9md+|5IjIfrrdLm|@COf0$v8_Mr$mGrz#YqHz>nK|G$q)|3_YnuRYhP#SgT z6S{COf2_48A%7)A?GBGZGDhdR54}tM1-pFncW9XN{{$Ka@%(>=hUo#IVXcae{|pV| z{W~-)W8%LI-NZ${ z62Dkc;UoKo;w74(5eUr^qM0Z#j6ZfroAq9dmX@%Xhu-JjcotYQ|3_XI{Uxtm4nQ(ng-{#{0-u+q__jg^-oiE#^iLg~tvw1J?>yQZdmtQ1~SWU#|ors8qW^6*)H~F~nw@dACSI=)Mw%KOOD9Tz~)kt85fZ zc^P}GIn7rKkmojr@wFT>&L85VJ_Yoz^_)Byh5W8ntZ=nrPuZ~^{ZRP!L_fsrmZKDu zc;5=&KkMWV(sewUvVuOnnT!<`ByP{^O|ru}pbuQFkKl(J?x3pdMaCvIk;iYS4mMaK z{q4U)EOX__to%$0DA&DEH=Cs4bCUgPOA4;_UV>!M^1>)xyV*Q`&CNEiL#GRxQQD*l zGzF9a%ppw)l#z=IYC_#sjyI!G1d>yK$QA87#dPxkGy{|~Xk>!~4b)(%F}nHYmw$6x zwPW(BlO3*qRY?o2#!@*tUKkGf67K9K!5xEKU5rulC8GrkFkr^Op@p|5^(w>LQ(dKd*n%Jv*X0d~?Q6<843`U`?NEpvN+fT$W6@N4M^ zUi5ndTkB*^cC*++xmzxW?am9QfudHSWAo8kgl*VJG z_Wsb%Z@WOI?5mY;nuU;d>5H7)-rlTy+{}|Y*Y^utc#j_MAB#^<2hThA&#R?o&P9XG}J5SzO<=TGdZU6p!`O_~Yx4uFo_ldE#nLCyJNaY&g#f_B7a|Ds) z&f5K?68BHv^~rSNc~m}4fnc=#equzKdCFP9%kNJOM1)a}D+f1t|x%!xHTD=U@Fbx^@3 zw22^M_PMJajz|qYt187Y$w@%7`q5KH(jiDo73{_&kR2rK?~U&|F_Ul}S13a!`q&^QMx@-D^eT(WFoIlfHd~& zV8NG>(k7&rkt&}?h)2a$OFjtK$e9mxGdc~s9VQWVfiI3mmmV!UN|dBd7*d<0q&`SZ zMM*wP*C?o9nnBxJXKGmEVWHG6^kk8om6dnP&`fG@#FD;UG(4d?sFW-nhgXeP+Ew!6 z@KdLhlNfHa)=Y2E&%9?dD@-hCmHb}r_>rb`{zF7*;c+LIsraV~2Va6<0=N{f@@ULZ z3@J2oNydcZmWbq3Mna9yRR(7zTd6c zWM{lm((#U@B=y0bq*)`UTU^}qWIXC7%ZbBplES_;1y&7N&0Nj7G)}j~16E3>L=rZK zy*fiSN+S)W^a4{coL<|agv8)__2B9eD3~D_v{B;-v_cVtMpYh23vhMn9!=n-uoR36 zG^{zVdR5;$tQ2bd1-+_~bZRPNF`#f!BusUh9(~5*EtUa@@If(J^w#3ZHfh#m4)N3A z`lWVdY#+vJyDw_EKWmMGt&cK`bze?RbX(pYZdy+XoB7eUHyg;8`A=IqK0COQsfSCB z-sRg~5zn-M3iH>_uyY(8soO!ymMUczQGk{u>MHhbJ+{{h_O3cQ#~d+P%@~|LGX3NEBYf{S8w37pxh6D_GBy^4FQ|V^wzBOnRdBwA{T}yQ!{uJm1mh#9QpO{R6uQ4#r{-WkJC<6_8jJJ9v*a0hKu+aF*a^=X%sY-+Lbb*?{kYS7!D8nc<1A``{Dov*e;b z_$eMF72UxC}!NOU8+To_9yPW9Jt*y>8$tM30nn!!rny8F`>eL)7;qn7D^ zP%}eN?CSr<9yN3QV~?8Gf;6XcvMpmIfISnD&JY>ktZ2#*{v|7ArTyI^x#j*YD_NQT zl9l?!{~{})!|s)Wio>+xIZ|U33Nb`wNwhNlo|~)01fYG7{B#VMI8o7XWxw1~=lhzH6BGNWnj#fI zcA8T%dg_Y@t1rrZ#+9CbtrL(+o6?o|E>Tu{r+n>}_8e)<^Cu8Y(E}K==AL=U2&yAeA42yunvHL zT+Tn3U(nafpg;g$fT_?+Hn>+dm#XZD$a=BsE-zBmaks7TT&qVXJ^dRN=Tup!^B>7) zDM{9-#K)_DF0vM`NBt?X_B~75i`+-wkAMNBXDnq*o#c}^NX+c+Cy6!bDjCQrpP81n zHtv4?Jc_6L#&E%B$MQ9vi~J<>xu>s3@upqV*ztV=x&1)OKj4onCAJe2l)JRUM#?Q2 zb&}+K%KvHW*6?@QGd91eR&QcErdY%#nL&0DbPRe~H-Tg~{2TFk{(H*(oxJm7b#+wo z+Hi)~V~&@P_v%Yl&Xob2zz*z0wj=&q)nT-S1axcD-FvUapBu;O6br{E+=l>n_niZ+ z?=CnKewh6d8f|`u>K8P-HW?I()w~ne-F^)q|9sijL5!e##P5iM)3o_7+7n&+|AqEc z@&6xdPip;tXiwDszqBVs#B}g1KzquIDgKl8d%DQ{f76~nLKzMk@Vi{; zz6KUo{w)SQ{%>Q@T|R&q^fA{TM9#V2-w`>re<5=2RDQ69e~v3jTheXyYVj`S z`FUE}h5Oz^aNEa*4bAhaLzu!D{2&y|k*lACTZINIZW@H*>ogaH)T>o95qYuxAaWG{ zAadYs>N-#(O?Z<26On`bcSOz@(HPn}0{=l(b!AEW-5@V>0akYy%sRThA`+w$O&+~L zUx>ofkjRJU^*8oGIQ3+Lhdv|!_NKni?}x0q^QEM(ye}8DqF-NRp)+Mj{dxFK-F20* z`9}QgqxHzF5b{>=zX%@AWU~(5R1hx|wbh?I4ELRoJ^Ix$v=Su$0`B8`Vc)G{n<^BX zrN)ksnl(BzlTsMlB@aS0>gt&w>9;M!N!4M10c$L!SL^)&^~HT^6aQ*4Tz(ckc;I`J z{Llr;E8jKEwGmeSsSbPO2_$#WZ5E}`Q0&jOkQ zVuPrDZo-C8y{A572oMPvNdw~9!F7a_{)~DxY#JrA-8px@0z*XFy1Fj{cX^_DjqG~L z%@>7efagsv@}X*Q#M8XORg(dW1$d+~Nz|}%w~c6wqy9XHEcPQj#}`|yorV%1Iq5Vh z+chGdI&I6}VtBjAB%`h!LOF?fG^b#WuG>LCHo#kL2wU#KqKM!TdBUSsBg8n`9q$SU z;ZZ=|W*(5gsI72!)P$gal_#`?{-Oq~Qte&=ByVNtHQk&Nr&ur?Q91={;DJlf0ooj} z5LiU^Z$NuwvZaJo!Z^v>boe4$Uyqk8zx2@gZno(?MjA45=z{r{1CVWK3qZEgBQAJ5 zeb0MTy=uLiK~Ozked&R8Q$cp9&7{6`@o{(c=pV@9yamJU&T{*KD1($ZB9tWXVtEF9 z+H$&wlY_luFl8VN2S^9{W&tvtvnas_^FSF*z#NBJZ0Cjyn!r1@3Y#NUd*5&=fIMNI z9Jha&Apx$RL`i8AGfLVgTNh(JgbjrCuJ7ahX^6|z z>+elg38-&EHUV!|m#nbWWSG34sUrG_bfq}!DY9X%UR7biB2%v0=l2E-s`6i-f;)Mz z+=M=?-KK6UI?U3G7)CG7?v}^g&9Ty_;?!W!BKZ$WsNk*Y-|e_NDI1#s-GjV~&D*}_IL_EwI zf*HeZR!jWU6-R%TLBX(4{B#%DRD@%YP1f+%=(_Ufc!q3RzX)+lctiXGA`)zgOr)#y ziS_=rjVOs=tFF=n0WVDAr3{2<14^LUjpMr}R5&JZ$qCd5AZeHbEii%mYR)M;z6-*_*w&P!cbhpZXS_m_->#BE^n2>0Ei~mq6gg38}{<)P6?Rjo*ZM!>~-Z( z&p3$oz@!9*0wbw)nt>bhn}o}#As3MFZMphq5Fof>Eti;a>`2^C<8R5e_}1moF(`dH zoUx25j)k8Tfo30-^dZc*r``J!j;tfRLW&049Z!Y;_mJ{W-EC!HwcGu2?P4U<rx%9vxN* z4YbCU`8cx;82p{&))Q)qk31a?*%vg38 zZn?1;`kdbCW^axp_SkRvTq^Iek2kr%ktTAgHCQw*M>b(I@opa-mCN8{oi_H?3<)HO zkn{!h@2bc@ZuAM?5lsNoF&u9)WG^?46NvNxJ&||GS5z;MzjOcxNrsVg=aVrqc+WMt zcM>*HFJfygmv7?HHrGuzKaFoM%F-l%$H28JJEWN!w;4CU{1L`8y;(WEZMP_s#W*WHjXIB~k zJc#%9+2h1MZ~gqaOVneGTRC3k^H0A4{pk(|?eWa@SbF{Jhw>rFKBCb;4vICtSp-<- zH{lG9#5n|r%ch>>O6bISTT}>4{vvtR{X?a(N`Xv*rT`Lrr>;|nFl~G z3wb1BGz~MplN>LOWSkiA|8s=r}-ZEw%+^oVL03Saf8+jhD1)xuIBnB!?E9&EB+l!Va2ivaV> z5LCk+(S#|xQeJ#D=iR@xCx#mwhnfzuq9S=LGE z{1Qq15)oXq)?P&cxwdEaB@RCwk{Hf|LEg@oRO%$wO0lF7sN)aTDM|;3lZ1N4OwR%D zeqv;C`~Dn11riL(-={#E8x;)%Iq%aQD2(~br37BT-XpJrZ7u7Yy4T>O$o+ZOTJ>$AmNC*fv6ydz;?PF^Kr46HHEaE_!l!@ z4rMW%4v=90w@)eHKwor0qeySO7xX8F9A~_LJ68G6DXw^NC5LBE$s-o9ZY{L=o})Gu zwq>e#3(Q^=w$>%WP49Gz(*wUrr*x|-r;fPtwwDvO<-sTMCVV>nAgvPu&ycwen=VZH zx$bKb!~*xGs=|xV&DyH7XN`3dUlGwb#0>q`K_XoY8-)Cp`x~& zk_mix0VH1{AkkCE913bFgfOirT#FMFq~3hL+eKIVkdmdzj=~L~kR?!&=clUA5LcLI zk(~KyUBZfUWWpU{KqCw4mm>6Y{IEE6Y5Spr+siYxR?x!NTMqW$a=Wj{1SeF4 z0y7|I9>Fi-HN&()g08^KI-Nd5ScJ&*uKauBoYj3l;Rqn*#-`j2#;LAcRc+t2kQX3BXw%Fbou!r&alm^Eu$F(n#Di{ zeupcdL`yv2n4aC-SuZ==UD;5W#}$cbeL~NSwR7hr;Q~>g666rxGJ&M-l~! zAwm?IQ*g5n%~^H@hz(WDo;}FKU?SsIj;ym7tySw21vbpKw^DP+IMIg@E*boq#TrP{e!QwrjuNyw`8;R6Cifa=v}V z{;u4pd@o~yD77)ARb+WG43M&5rbGfLjGqE1z-dqoplMLzwx1e6ONNoTCH>KtdA}6S zLQI%jPazu7>R$t$kln81A7>Q;q(GFB2e+3>NWe-+1W0R1sX`MMHg5%=MI7hh;VI^vq7X3UU|eD5h(DNAWQn6a5piExmY;xmH1?0@+MPJcvKA2_*k$XKbNK_K!hs& z6ylpdcHud56gQh$O;N96Oz;Kftb7Yz#(?Q)4a;DYbwIVKa===^Y$+dswZ_8A5R&N< z(IYr~)5oMiHX8V>%h0^A^}gAi1F;zuf?AFtfm)UoY>BQk#I=1->M&e~w8-j;A%~Hd z&m!mfiD=?0kB^qEX(aD=2`A8~aEHDAIfQuo3$3ldeoQ#@fftXd)c681GC-n&Pv8}% zBdS!||6BmsCWM~BX`i}I)RuMXwU~W70{NHwugFH5Wq;p~V9O$4$ZhjZ1uzWvXOB6I z7wHCS-)AJ-hAU8<%3KH>ZCQ8@cSzfYwU_1Kxi7NGkv&<+2%kbCh%N(Xhdv3*c8&1p z$E`45Ldm7u6}n_3dA0}R>PE*NELvD%)@a41KRFfD{Ci1TmB#xBsi-VhOLLrOcq+4G z?@2Mfl|6j=TjdU!OUr}jBb#DxM7x$7*3%;jMDPm{RV^M-w}>Ak1d8hC5RPylJBKZ| z6OIImly6W_5%ESl;A#>sz?t+q8Z5t)rsl>8YK2pJ_GW70}YzQl7*c5}NQnIrp2jjQSZy=W69|gR#17?t_;4?logdxg88@8@U45;5n9-jR zquWw*ysnAR?Kb^ylRzPj1{FtY7vSstw@~ry^5yp+BlGz77sK)S!iUDvB)(RQvr?y% z{u9%0m4%Uq&44I6qKCKFzfJ;6R)s^gY>gIlkAJ$`{fTj-e?|cU;{yHZe;Nh8f%Vxd z=gzTW8(8AwuJ0q&MtR63N4#n?o#DDM`+JsKhlz9BlA;Mh>f_dHXJ;ovjQT~YOO-{d1NW`yc=vnRjb9DaJQAd+3I2=V z2Wr z0K*sBa7b%1qID~t(MTB=Jggb(np0nk$m1`DZ(3Kl)h+owim(=k2*Kz){$T=ysf@P& zkTMuDv_CG(QPns-WjaA}-JKxurNl<)Vbc1>osig}lZTX6wV8ZvjNo?|p*6gsicAuk z-{qwhFqf1~)7aH(C7j_d3ty2|Q<=VyAfkNP$^moF{dXgQDoxOziGY^+e=`x3|4$|Y z41Th}dJWK57D^jmx{4uAqbZs zuFCjTZ^e9xL|Qt+v1ZjQU?v*kat3tx1^(LW@?9DEkh~k|A^1t-$$~ah9x4dlE7Jr( z3Y{rQA$aOqaDW#u2;3d{PufbP;*TL8PS{e6;1i;an;-DVS`$gJaIhM3?K1WU28R7+C`s-GO?Ka=>N=iyu zQtf!wnH|T6=1iG*2NNn*C>x7ZUv}=zL3?0loPPD=8;9rYfZ|FWqpwx6sDEV7^Lq9{ zkx#%PW3esPa4vSEvSvYRN{O%@uMSYQ9n0rlr{GWbf@M_<^wGCLUq_fP#}{tw3FFb= zxr$-mhC6F17)U(Sr4LFSx^4~#u&IbV38bv)w0YeHd=25f2q#AvEnuVv%S>fj6NPy> z;$ON8e8oOoD)_dFb~KV(YlfUON7~5uhoZ#NQKdt6*&D%5Pk50GI|h13qn$YB|vqw z6+f>gXS~*cw>1PTDL5~R&{I%^6Mi(T4O?Y|&*x~Q&nNu;=T-0Uw!1ru-lh?R z9KJb3LYTR%cB;2jlA}s}-OPgqGoDMB7GEx#bL^yOr)K@L+b7SW)Mv=kvlS_SfN^Py zQ;x=%R5#@0+|(A;nrb65+zCoYp31=>V|RXH8**;;vr(pnCRd!{KC0WJdqb%&#ZH2~ zJXP1Li`1!K7=p6r3z5K}n#41lil!Br#cH)W{p+xKD`x`wMR};z+dveybLw8r< z1}0?vs$Ls%o5w{>vze(8wFKv-x!I*@cLqFKI|9XoV64Sg9(t_BYlT^zs@4JKau_p^ zcA4MidN6-OAy`}tv$?do24CKV?huyOdJS>Top3jXlz%NEBqQ$FW=Dv1+TaxF{2*ld zPCl%1G|BP3*uyiVVrrD|ELE{e>lAjegWo}0|37)tAbl9o7Y$F>g3 z#pvfmzuIYoy7A)Zkzx|ET5Q!#njDqW8*x{rCi9S8+Bq@$u?U#Tc*zCMO2k8hjABB2 zzG7{|RSD)@&Gk2cne{V>2~8`?p4dbW>r@hVRl>eN-*9mSY#u{ni8q_l3{(_nQtutY z`AYEM;n$)E&CRiLta=-S+V3njlZcf%)ZtPs6T6-|n4>#4g5d_529>M}n~c$gxdnFJ zq$9)vxz;fANc}}+?|~2Fz!nxFl~y{=e0hT&FZ1q7(W&~rYrkmZLCe&5=N$vPtD%>r zFyS9E+G?1q3+|y&omEaDH0Qqw>vXb3j*b`Gm_Ga84TDXRa=aFt3v>9xB;)fp0;M+24Awa%A(9QlyVtqv6_-<`>KO*@~h zNhPE2`b0^A653*!^Qam{dd$m$#6GeBM^xxmbFv-5Yk;})ialC7ACEFhoh(SAx!neZ zU-|y%(~EiKr#JvPtsRlEgHu>NP_z1w!kF$cB3U_e={T#g z7jB3Gyfkyvg0LhZ=En~cMj*PF9^~HjXM((9wAv$9bY>gU z+q3wc_B6{iHmvcNfznFvPE|aY?f1)*gDfqftREGp1ow3&o8rr+{6pc85~O5Ph!&j% zI$#TT^cB;2ed#Y)<{jv|?P1z(HC`Uq8Aq;7QhbflHY{`R7e ze)ffN7<8m6O8gJLRppu*lHk#e8-PA~!0?)?S=-gN!6mC{o4|Y_JqU~T&xG}Y(={T} zN%-gQj70RU9QZK$DDHw+SDGk<*2(+^*&(#;Pj!hk@82ezPL5N~rK;sYEa^!=SF#e} zYjE{mt>I4EYP5CPcLsjSAOxX|3)z6kiTI)blbcfjlhegr(8(o$)c52g`|3-Q0fmVs zG=qnkK(DI=t^rr5OF*bIQsdST=?!jT%sAEVNl~S^I_1Y>qY>8>5A=59T2INnCE_>*8_psDV7sb8uyYKZaz))mWZR z^q(AzEYI>{%wuez)woBJrh%~fHA=6#g)n=^zq3#tuNrVCMD_YCzOwnAKVwk!)0hlD+)% zbZGX!#*$P`3jP{k!-?^h{$qfpN*V08@&=l^#iswQ+D|=2EPXp()JP*;>_>Q4JZK-w z*EpT1uV1=j_`-Bw_LVBK%X*)Y<{KbmL~b!#HoIJ;`EpQITD+7Co1ZV+m@%k*`Dc9H zarIvOFXL;k#J+m^8f&u0pSu*hQr`?bdAYS?(3v>KGr>!jpc0ih5p@{Nmra?hos65`wggV80)k5XOP!ftE%TCXkF zMX^bZ4)D&9k*Ne^F28T4zaTgbBZSrR{{7%u-T)X}Ri6GggKNkCb#R^NvG`>m#F5Tg zBOiYYanfg=@$Cq1hSJ1<>pA2-NSq{U;93wgSE5YCIS9C|Ril*T?;EVL|NRC_KG4z7 z)TEvjUR!N+@nq1C3Bn9L*sqJ2Qph+zzv_khcURy(W2cbVd`S6lgk9-9#6K;tw*F;- z1&07})*)T=`QH~2W))o(EyfYY{66086FQKM*Sx)%prN*=J( zI@hTTnfwiyTP@1~bL;L(oTD|AcPrIQAE{rZ{YT5EEe2^*_d1u)0z=S17d|W0@k@!A$Meujf27G9Gy4Zeo zC`<_CaXnK5{B>m=^2gs+>=855={7^*2i4mV!l>m^@o$R$;srU*4EMDeUC+i1@jl}G zMj&>|Vh_cT9*}gUjWl?#WZ&JdlQ@4U>{JPV>&;@#QcQ0tScu2~=;a@FQ;xG30(llI~KxGxtgkK4b)Wiyi8WA2wu* zonXU&JeIQjvJNjKE+c{WPXl8`{hvW;Y)(PPe`SLrXT*moJ+Ph;$wwp zYrHcU4q*?HJ|qqyR+?g~h3CT0vV2-K1|rFs`x7*ypr#@5@T|0fn^H6`)g4(H@ZPdI>AV&P_t8-|Pk|h+ zhE5mDyz^5gt2ZJ0&EcPunML-T^l;CezY>Q&o48cB&u9ieukapaLq6XTbrs*P9fJrD z*aP2!Vz$Ma@Ce2p^TnU1;IpluE;?yiPzhEQCA6PWsC(hU^%_=1@b{2}Cyir&;Z=7l znN*_IB`GMR*NbKY-yu5DoFh8DybBwm?UkTfbWPe_ehS)X6B*_zc~;HJ{V&qqGAOPF z-P&&4HF$6fuEE{i-Ccsay95vJ?yiC05-hm8LvVMOuai7;=9x1y^`5HlSJTx+@2=j^ zz4p4VweBXF{D~@}+a1F~`dce5!9q-J)Ar8gukK<^I|M&@lkC<^f`Z`aJaE*=9={w( z?~nT8SW6lBoj;3LJ~!#?ioL+54&5m0>UgP+>c<`+Bl`nt(qBW;*j*VDbidp{dBfQ=+L}9mYW74_}g6}HC zUTNN_3m(+!(wF9z8y(9x$|j1kTY_?NbhU=J3eN1qrC&ke#79=Neur|GS6au%*$bn> zcw3&mHB`%&ma#T;*|wu~G4*+k#%_tmEG0==vlVj%@33}S=ap|+(KZdXHnM}dHRSyX zO=EA$^0{tCt|vJ2RNA;`_u4sSS_q7W<@Qjt9r8x0i)z|bg3f0%BXX0N920lldnTuo zR7T))v#XMw8;QEgo54vmOFv7r*0-kpZhrRBrE*)URcS9yeJRtYe+FrZQo#d`a5&+%`7LDRX2 zz9qTFy1~|SwX*Cpy=QxA`K<<&4)ngD1L?RprsDli@SMSm2e588n+uJ_Vbdd%2oO1B!^Y~|eXN_aW0?xN z_7JQRjovp@epm>wksKmWEAdgzy<`l&NzfYn3DffP4dq4s@W2MmmEa(OekYodhOb+m z+^@HqK0#r`Ry#>Src}u1+RI(%B=^xbY-2~6afYs(4szZEjV0T%1kqpp%KbCvIFm96 z6yCdp&d!?i(||97^Rv^|ib~24E&P@9*kyVqC0&)&<-;n;-5*M?1}!v$+n(eaB5%b{XA8CbV-P%>yZ~)jY`FM&--4NRB z;oXG9K-`R8nKux+-bY8Uoerh}{J>6-H^dR({n!Ea1=!i&LJ>kq-d6GKw?~X2ignf` zRrxR7MC-7K%N<|vZw zEPgz7JbX;n^%u@Ia-nuT*SUMi<@}&YsW?8cak3XRh|G0&`&AD%_$$2JW9imqoj$wK z(24s4HlQ(SI~L$dHmQT+dQbwkty=&&kU0SgT$+Lqqb2mx6~pya7Hk)C#QQCU%XJb_ zzcC3}zws1oK}P_-rZwQPHpEe9p&dAdP!ot?yLL}hlk zpq%bW@0{*ZLP&I3h#MoMy%s85?^VApOeSl3(CQry`w!4n?#s0K0O$^J1Z3`92xvrP zT*9W$kF`7>0D)kTzGz6Wew&(tew!^w`fd=6UFWceKk&z#4elimZQK=~DZnw)T?@?3 zMM*eg@*Nq53{oFB^FfooWqNh|V{{Q6b;J3V-}c3GOW!_=UTJIa(8eeugoGF?mekzi zI-E&JEB_xCe<5tYF8=6LH%1u6n#o#HKi2zPLMv6CKT@7>9uh%BNM#6@CA-|Vs1<^e z-#w}*KxYI*`UVMWmm^5nMGsKIMBEnQ%As?NKr<1EoPE#X#@yqq7c9XZ>xTBTd9=x% ze5}snv@gMTri?Vn%d!sZ_OI^a=&PfG*wB` z8@dmf*NOCxa7G3vwcNEMDL^K{5+s(YlOzB~ZZVCLU)50oW&N6$f@)K+yyEj(bEi*Q zHg_yJ@6`*wbKG>o-VL*SE$^1>ugNVT5Bp%@4f!VRsnbNiQTJgp9FloRMaQXbr!a^2C<& zB;6d#8%un6K9%~e3r;1SqC1{AX3`3Y`BB|qi}J55m@ADhCCchF#y~JlS-lc32~MF} zOTQ$|Pt42$BaRVgtaHcCkSkQvm2}^h(~|0+Ts}z6!y`Ve85oc_6bmTiESq`Y7?0=n z_}4f>38GN*&H2msNu~23&Mhc=-mn#~?XnejFBzz55&;2<`WPm)>+wq}gR&+U3G9sa z>k;~N>K_u1c86w=&Ud^9$b6AtWDalf0OP1*^xQ! z5SyxNcowShbGIlA+Hu0_TVs57*GLxXut;fG8i%>Y6Q>Km@}=bjaWyh?{YN`0W=Ay)K-o;i5MT+2yj|6u0;8wKVbvswU{Q) zfgonUA2gauD*essbcZA8NnudCKGE6uRcN`#pEU2pK=cP`40bCEvx{f;0XA5lR@5CX zBV8=d?~UUB{em|P{5v9!;Sbvwl-R9rZ6rp2i@8L zM&Sr-bYH7BXHt`r@`hVj;@3iP#|a<)HaKG0<~<{Un2UL~$wTW@ndym-d-}nz^dBnY z=OnI#BIRUnJ>QaYUI@K2#!I3`-S0SOY}i1q7%p*89;81#K(GXY`oFlM>F4Vqy=hm@#U)}}Vu#ko)W~qC@H}Sn~cl7zK*gBCqSTn?H$X0{h7`vw66Xx zw}h9|0Cw^0LxTwM3=wRwryqGh$g8|H!_%j=z&OZPlsLP!5x*KQE!)Kj+v5$bSV|`Y zWH#4_qAe;2L9%4qIQ&9PJIGHSOZnGO39m8lZxW?*?QGrSixcik*Tx>sQZ6Pmh8$5Y zJE1krZ$juNQ*~5#dDdo1TizqEIkS>~KVFf^)W^9H&wMc(rc0h7^@%*I6gq^W`A+-oZ5Y zJ62WY)c*Aq;ozKEK&2?mC)sk8+PJ!FGu-GVei(Y<3HJ)*fH9#v|FQfyEGK*}rlN7_ zy$iA=HvUZz*yt2vX4q&ZD=1hbaM);T1-Fs)GYaOnKuz!&Vu*Ddi&)g)9<+#?7c9UY z*cd&L3~Af+eSwf3S~N(O9w9h)^%G!R4HYbFJ(f`ibNuKC61O?#;Jcl1syre)D#(`= z3|tuK3wsp9)R575kWe8cJrHs5m?rm_dlWqo{uvZd{uyroGVq-t1imw%{3|AYZtwsU zKwbwlAT&4ufQ%`Tg~(q34EgJt{q|%0V7CB& z9g5eK4iL^M2ncUM@-rl31oYuyPdoc>NgjUD!J}Q;+1xGZpoa?v=;~4OZ{ED?I`W&p z5drAZ7kGVkdyxn_s_HrtdjGUgbcu7$xp6c4)0ymh?sU)(Ks7xwsP4SC-#qZ;SDyh- zY{dMHGnl;gz_mVqZGE&K8VaEZe>jdLe|Q9GYc!g7H|`Mmr+t0DZ~!_R5<1@x>CfRm zMaHfGsx*XP6)A~`>L@i^bWsN_>h@&LP}Z&cz%`96`dbj&Sus}7&B=ze{HJ~^AkCH( zAkFk~$Ak{a{>(VKhOSsKVPYw`C^gjTVs?$5xJAuY;puefcFN0{LGk;TC ze>&NKA#t^9pexYk3RfMm-LR-61Bb7E>Y8nd!{UGb5_!-aDI7^QykUSEusNMCFfYN0j`tLEpINJ{-5 znf+f(?)m^+#9d$f@K_T3@PL1l&@QCM(J?`kpTUoz7cP8ie?~KQ=3)tfx@ePv9|I4| z1w5<^@US|VTvY|9a}CqcA8WMs&1f35URG_gSU(CGg5M^%-D465H08S!D3Qd>+keHS z8FNg;MwLr)De+2;bL)s8Gl@^ET(tW{*svV!;|`o@D5Gcau`KYd=0{1YTifxaoy1i( z^20N{LWec!MoKCwhY*2=oyV{-F->TFE@288N^?nw7!>p?@@;w?&$)0MrPuRDdPq@C_%%tm!JzO?E}L* zr{-X)<*fH+OXuCIh9>1z%=ijbhk5Z)6!>lbn0;7~FO=#R4`DtDyOar=UGl%51v>UZ z*<3>D%wd!yg4QZ*Gd=GLy)D|)&P*!RfDQtYq$YIwLXxfFxcyB~p7~Sr4-(xw$@?X_ z4!k`1rkWzw+9C|aT|3_-v9uX29?&TJiYOK!4TMj7goH2{4_xLz>}`=vT|T1teefDV z>7+$B*7UkzVU?+2P{+G&=RomkNm(j;h2>_3GpcNIvPg4mtM+vnxXU3L{)+n2hIWq4 z+62}}(>sET$Ga|Hif69KWpqaulWEAeiAf2YEaVv(7?Ujjd-}yV%$re>Ax@^$L?{K z+m*7vO-dqsHCJ`-N;=JeOU9qP%h#Es??z;+r_YXwu81HB;Yl$(cQcPPPglNpO%9oN zT6hsgLeqo==B?ttFl28MY$cQ?_%N6^LUdTklw^F)XCNewi-w7(P50y|G6zmdA|qT# z#o6}w>UnVS?yZrSIm!J;*eg=)7d)AYBFpgPFI0c>h($^n%Q2=S3u{cf*2=sF`51=6 zg+PSZ-QjK1S>UP?2b(+t{-mC8uGE{Hh$YW?#^ zkR7X~em40I!bI>ad+`W%j?!4a(cq>c4@$s6f!S z&iQXj(Ie*XN>P9dtAvC$^%9dMTzPQ|HP6d(2b-{msSft%JLQ*mPaQbZ*A)~vy~cn^ zt2ybii2i)T?Vn#n7coKzcOq6Ut~`-1ChtsF`kSF+-v2<&mq4fuVpk^Db%}5r1=c{a zxRfmn`6O{5ZN~%)h7@N=eAkKMiyzaYwuMT|&m`NN5A7{PcfW9{l`jsGEs`{wJxG5| zl+6j0FM01m6ZIk}1#Qt9d>RvN=8c4C*RAc+EzHjUMijt@ZZ;z3R7c~zx98JFllZ<% zG~@G(PubdXxl5JcAfo6lVp!+v<5Bf!G(q~=dj8w%ng1R_faX{XZ&DoeH`(@5NJ~k) zkQ&(ep3BQQ>?9@pqz;88tnzbep&gp^#KzcC`%sy7^;p$mp~O0z z<92?0k^omaT|P5%RO~YdXPxbHDb?W*5p`G9-L#W2bTNAiN-!<^H{at@`+ z_tLb+o?}uwZ$HFpBw+`$AE_SN*N*x2AmTW~dWb2BeGenH^LU}S_kuyG3u3r`NT1A= z-x@h85(3i|GLBP~AN}v_5*K%g;?13+ZhiOin}?T(S_UdgHIeSp*B`_m8eYc4Oge0i zbPZHZOK~)|sElb%JmU<&8Z+nHqO=1!V|vvzS3TFfMu_-$?@N{N+Qqk z+k=PNFuJs$+k(5aC>~gkXq7Qq?ac)1AaWZ!ag%7POtG|?J@?B{Byx`#pxepVwQxdC z_ziZuFcv=atUv4n+66HVPG#M`xlhl-RA40EMyng?s5QCI?X#-R=F`uQ_>gyDbl039 zE8ke0a4$oa1B#Or&WL4a)evhw5h=l@4{7GuDQQUSbjd77r4Nx~+D(uBEP|C?fL%xs zlJ;kIGS|O?BMyztwtCv^Q40VzCwDG&+ENQ~b;Ab+)5Jc;~N)kTv`+`^T%EC0Sy z!{5POw>%t=`L;0F#FlQ63RMM5fXc7q4&c46i|qda+*?6a^;(JPb>BM$+T1VfD#$O) znIHvpI1B_?P4SGF5K?J_T*lv|n{lK5r2msXtTvgKAiFh`wEw|q7nt(CR4M6-zIc_D zAnq1C*zp4$cFRmYlh6LGUeew2cSJ0(X}X*yIB{o#n0C2Vo~k%k3?&IqYr;GBCq`5}qp6tvp`u(t)Uu9k!GckAp+joA35 zV?cwj9q@L^B=-8HQPya0($3WbD&S)Y%eIRXpZ007d}_u`zDIQjsIU}HdB-4qBZh`2`! z;cxujMUNCS78(YF%bG|IJu(Y`1xy4o!0Laz1HqDspt__avl7I{enmmG=W&V~;BADV za>i6p&_4)yY-f%WDM6V`4WGD+Y9x^rITycc@_liad zQWZ%MdDt8@{?ctQibRY=K}saOJ|uI|u06o4s0y2JP>RH%sQ#c;rWZ4!C9lX=OBB!9 zE`U|b`~dl+EEtOWO%Nc{i9mRp_5Vj@Qeme4 zTrH}-G9G5RR>V5iBIT2N2rj{>;G`@tQ8E`6;KCr4!CPIzPgs&u+D@$0WkNCbq_b%B z&Om-945LXwS=a;gFDo_Rpug%#ib;qpP(6YY^q0hp(Pg@IKRP^ZH8sXQYQsXT)gr7x zvma|Ii=a}?{}qsFQ)!9XdNrZ>^gJdeqT&wZ!rd7umy;44Tzyom@%j~I@CBm&@HNlK zz|Tn$)&dzjN8(-#!c6mZrDN=8W^2dII`u`OBY2U7@|Jz$z83{Mc#6O9@VyT-gFp1* zD6`hPS}Ldx4KU1>VAXTe)pOw}9VJ|nlIu&-Udga6am%sb`{~o?n5bAu<$Rc7Bd$xm zt7bk+L424_Zs#ft2@%!%V2hPhDsy@mPb-(a^gr0m0Zim?N3tzbD9G)kqRyxP*ArB#kN{c$v3SMCLf zhXbps8<$V;&;BJTcH$I$8{>Y~zP`K+2Nu?s<-XUF#MMZmS5L9@PpffUjIRXymFV?{ zvLqi?{W7TDH*#g!9tA9914r`Ts`2E3a&6m384>g3%1$`#ieL#Jkrd@G-I!9I$~ga9 zH`4wW-DqFq`2Sxv8kGK1Hu3^xV??&QoH8*Gupui0o#E``#aBp{lnj_#??I6W)g&+% zT@UYzo|BX)wMO{Qn$fc1|DYN1erd+Fg%{xt6;XORQk1gj?AfBY1k0Sc?^bhNyfT^$ z{FtggGnmZ$WM|(+5!9}qhxW$S^OzH&!PE>Hv-7jDQIEow2wBl+US(FGBhwro6o1s3 z>1sk#@uR1RH!^O6PooDTnKwOoZtTxJqC&xGXP1ABE4Kvmjs~~+-@uJ!4-mLX@cA2X z)4%uk#8?+1r~B`wDS@Sc5Xg$xzLqU6{?e9I>kF#RNvRtSc8WwJN@E2Z zRsCHAt)(=HMfNrWu1;T?lECeR&WBY}Z(JJr6j6(Vc5mnTtgPe)e?z}1Le{4a7l_My z@4gGEPUZFCmWJnJ*f(g5+&k`V_nzXZq(bx=2irfhD)jqaC;>pwwS1DMDYwMZc$COEtUj){Ce<4 zvKBWta)T1#NE|@bs+St;Ok8r6y8azo&Kid73wA1|*v(LLetJTPcXr*NM#U3_XB>}M zGYXhv8Mx9=sd$U>QV$MBzp}S^V%*xQX*#QXui)7u!f^uIdD4~h4ZhSf#|=5PPEfh5 z9jh6Q>aOZGXM{>K`pDiD|CdjxyYzCmY-7e2d&lYYQjXAy#o8hbqO}%Oe1^Wv_^74b zbTlfiX4j=I&q`0$v<_M5K1f~(ZWoCs0{+o`&F{JPR5DUtO3KXjnNO_2v8hqe}$kNm~oBoykxv+f#$H5t_)m2JbRhUNX=Cu|-W*>88Wl z7|QlT`!i72M(M~ZPo>_%cekwU)0Rlr8ZP?|VL9=o&!}1>Y@XO;IfxJI+e=~yzDp;a zt&08CclNG3r7Iex=My9Q_!l-(izx-JT4kTNC+Qo74fDd$ktG5pxwzn~Qh6fZs05S2 zO*TR2&}sL4NSEfzT=>t?cGTv-dLdDG+3Z9mW|Pbb=vAe9BQ?HQ;&IxU6$W9PR=^XR zgCwh-Rse!GN4)JueT!@L7A^A{dwp1LN0<3Kar)NSF3Z98zQNwFF2zALRmY&(trHJc zZFEo~kY+<4BTQ33JOMfLZ98ikEUA)lH25_#7hHgFa_{{)fjX+GUVi*L4v{zM1r)$f zVj_U(>fOY}W)@G!BB6HBcWq3XssbA|t3cwr39I38?TN|p=Q`OKFg%GmgYaiEw)#@_ zy}P3m*aaP_I_zUz@}$634BC9xnq`YYKxZ{7FXOZB2lCCipRQ4>Nht1veeU4%B>HCx ztRU00DK_(ByV-`Kg4uhK;H=sRMEnk`P^>GkTa}PI3>o@8tJb*cbi(g!uaeT!{mlJegk(f}teVh%?HL zBo&s2;RnWR+6et|m*~i(%LqeB zW4_B*R*!<-3Z-*VRZd%+#Mn1FIyWe&`nX5XT5Uuyr;LTYcT9Ol zhs-z5fuPnz(}9!|x`ChwXy(AQgTE>;?SO7>^1g43Vxp|w_+yRT*A7MzhKqpElKSzt zs~xLJ1@gyDOdP34m85 zKG3!7C;S13?Bf(_oT7agGzz#Ygb{T=#-k9(hntlyJn+-TR!6mLK<0WFD7&AH_u z;Of^2A9*9K8n_QwCWZbSAS@Ld?|228H_bKTkGw<|v2PT=S8@OuLNX-}X(9dMg~z!vQFjlh(A znM-?{HcAIN1&POC#1$Bwg$*bw0wH!|%~yF=d5xlxeJK|12|w=R8Yz@7(u(;@}8Dt-bitDxGpN+9)r zeC^6sm2%heUHWXQ9Qh9z;BNL$jWqQT& z>Srmi($(ziqYqG%lKO3=Y8D#5;MzuI9MxspEEhbP0LG|T&F}UaMh!(`;R<212&ZBr z8V-tR;xzpPL@4uNJ*mGFjR7L09wJi;7d{3+EMSt(01Z9X!RQ}6xXp1(Cn>WsQ>c59 zy5;MfN{X_K8}Uk~3QpoyPbZ?08&Iq^&m=L*QJJh09Q^{qHFiL<_tHk`$uJhbI&f9%-|9It^Q#*E#oYu>#ZUg--BkSa%iW~uR_GO&jP>^!Fuf09 zH=rscfM2rqr`LK%RlG?7A6ml^A2j$I1edl3+M5wTdz0wnZ+lamcnROsNg6bjQJvYS z=FV6eTcx!GxJu0P3s&+#mLV%qXkF2nVfr)7OD{4eB8vFswHQYs2#!*64kNn1aDYBk zRP)iL)DZbV;j!0*I2Wp`Ve<~_U0aNT`)U^IyycP-jqyZMK+LxgO3M#0QZE)%Cocb- zi?{Fpnu{yXz}N@{vQY@olsJcbbLY_|CV*F(drJQ$Q^`_($k7zhi)nb%$hEk)?%6VAUsdy&Ejz3Lp{4uIYbOb9| z5*!IKD*Zj_L-m5=krQF^J8!WBjv$Gd2q_h4LadT^OxTbA?sFQc|MoejuDvL6dW@eZ ze)*i1+ZQ3cN-L8T%Uj3=R*ZagK1jrLk86?X?3fgvg@&Hx>4^N>M2$;`o8)UN?nkG$ z$@7J+6@^NGGjR{cW<~>H3nz_Q@>iO#4BH!3f?a={PZOqZ*Yt@+wf(zXoKSXBmu*D% zz;C{`sQGT|f2dM*537Hw(w>j+_QcVNfKjx>*Zyp-4ojFA##m;hY z2=iPar&i8?PiN?;gU;|&K@I%R}kd*zG;lUT@~YgPle|+Tu~S1 zo>17UQV_=3_CS?!f%E$J^^dWvRk%{<0u(!oc0U9HREdVO^MCxE6xX@W?~F%*?D zt|*f^l_L^Yq^K}olTq;asXXEO^jk^2KQV^iysdt5n}1_Qb@`q8)_CcA=>uZzo26O~ zquwOp;#latfO5UU<=wT)cI++r0 z-iUv*?x3<~Rs4mPWe344&(nj~UJ{$j2W@$d8~sa6=Gm<02mL%NhWV|a5MM0cF&NAh z1fGSn2D=D*9^?YEdkLe=K32#$VDS(r!4X~+;w6k=I&yiftF-3)R)M?+Aqzd{n6g5VC z!MfHA#!{PP%xtm6gn%4mAvzpx2t8Xt2BvaBwfRm7oi9v&6gvTvG)8E-Fi65#C>y+P z7mVkK3lVQ=Md4GXDmB>oa`YURn%Z*dn)iyt@#zey%X~&}i0h?Sf&@^(kpdN5Z^+&F zuX|^}d%(xc$~K-o*@^d0_Od6&8Q=T=DEy3EpVorJO$U4*G^>GI5Al;*DN+sImx|=q= zxm`68*l5}y?1!W$`8}w?X}-VGDr5`;xwgf)_Ps}8cxyY}`|`kt?Dza@Tz-Zl2{C{a znu$&l;7fUIFa|uS!DM3{`=U0QdVRM>1s4*?EBvuN zL4uDt-!s`j`ke=SX%)|@19uQ~!VTsVaf-L{2w03~EHYsuFc~{g$y%=?9L^F(0OsD4 z(hqFwJo~uC1=0%@DyIid*dZv%@AXTy-6v481$zTkThg*;%k=wn3y{0q50Ou@e7+(E z$kxn&7ohR_c);uDlh~_eZ66E*G0}LGQw@X@9+7i+`MrVS&->TYJd%5{Zw7=g8J>)a zRYAFhWHGco#n>Zmw2BCJxwf3;wtp%{i9RO8T{N7=|0N-9E0Zq2bu=K1mSFkwkm0`u zhZ3Ha&kny)RR8?Up`Niv#Y~!2aY`ae+5s&}3X_K4o;NZvNAVB)vGuq8$agR=hgg)z z?=Dd_Q|B;%6=G8=T=8w4`-F1|+z2PXA>e0SzlBURT0Uwuu!vjP}3~-ksu!`c{ z8S`(J6FfrvI=mo%>!lmnSTIkg8`wm#)2|((3eD1^!LYjE>?>hfVvKwxT|4(&S^lv! z?OeFax4fRJFT@wG{~SnTI+W5HWhoDJ@XaY8;P=-J@uYk;b@Wt?J)!!M4&hgj#`f;u zTWBL$7KJI?YpP3Y%;5B@UFBq?g9>J5MYh{MTxhpnMxV??xems7-@_uu@Y#?ud^F{+T$tl_pC96MVKze-eCJEv^@l9jvocA6#X48W6MobWz!O zb<#$gfDd0$U;P?6pNOx2{7)0-sWB|Qaam08D6i)&^>6&v2`9MjQ}U%rQHUHkc$=ps zYz`TGvM`4zucLF2U0+vxxAO33@m1(ir|0<(OZRauO?F9t=OBGeqpDL<-0bI0` zj{T4o_&4MaGKJTH0W1+3Rv z?uq;&LCB0@X-adO6-k+IA*I+h>o$(^6LnE(gdAL9?pntxo-a2WYpa_GR3ht@qWB}f z(IM)`BH|cv?iV{Y1 zQa2vCfp;RZ13dz)GBHkZ)UCyG;y((q8xfiNmyMV#>CN}cMoa|%gD;-W{C9jYHK^oI^zF;iDu!#$*yqX{A(GD1)h zEDVwSlt{v~(KHF?s5ZN*akRgTM5Aq_93Z?H4}=#*$Ho_b!;4aa4!V>K$^tSa>T}+^ zpB$zY@;FL}Y>`7G+h-Sk`G|)Z>e${%l#7m`a{gU^d_-VxLtC=sG#1$vUZznxHyy*T zQYwVTi}3oW6H1PJ{7nM{sgO|}x;29*FJiX=ixl!L+*0Bkpno{E{Kr2$P_}?GHe~94 z$~?Uws^k0+QeuWr{PpIsVCcuxJ+MJ-la7uxEI}j1W^Xk1AYOx1D_LIFj$H%7m)aP= zLlSD0soY8s--Oa0{Zk%dl~K&li1S;hYaxrHckfn4D3=JqawM3v#zYw!s#B5PF3<&jKz=(r1us_ejp4ezIf3~(N(?p7Ho(>Qa5l6EVde#S31 zY<=?LXBNBw27MBEbslak8xCV@PEj9#ASZroz|!}L9}bVZ>65artKVuJ1;FTtah4HC z>fd(LFNhy36Vm)!D0rU4t|P|rc1#nJPxZW+P2Ubr`^)XLb~Tj8WSi4*?>2rqw$8>Z z;DHX2(}gwVOj)I^e+CM@9-z=$X80xazK$VURXHZCFJn|t-6x3Slujy2b#y#&@-xU> z0KSKdXA^-Rfr5iU7d^S426($c-Is^spJQ%R@8n(HTOzi{v0E`d4v86glFm5$Ee$Yn zwZHjd#;848W4W(t9e)JqUFm|{Pbq=j3j#W_Fz>0}c>=u9&A`taqBf3n4&FWabs*=^ z^Xs+bNml6ni8}ob4fQivc}nZ=cgjnYL)5~w6T(I5e)Xy88tsJY@z36R03&R=2SJ`m zMw*ZK<(7H*`jjdOeo*S;Px|zz)*>2kRQ3fvhl~HNRp_pcLItoI!3^rOF1nA{)E@5h z-rh6ytY7Hot^NL7)R!idP+zEzz-G7g9XfgL20mh-DiL%Nlh(XEQmZTwTZURGBjF&X^{f>4UTNH z2?iYk=%$SY2?B$5b%l0?M@A&fI0b`-0^Vu^pX0L~rG{}irk8^$WCKEp5Z zIWX{3`;R*kNyX}cWqsAMZ9gWOI&6T8B4qgtheErFVY2MP@`m)AZY1w;Ujg~fbKw-{ z%thcx1I4W6h%*I5ru0toJ@&LFefPZ2AUDvM);pvyEx!4JN;>$AIqx9$J#vwmQ0nhoGwFK zO{UmiQ+Zd*QmcNdAvm_zcg;H}jD-)gZ@j45^Y3#_+Cbpu4Azf;460YMEc30kemP4r zwEXDj8zF;;9_JwZU?Ta0CFl^{_tkTPL={AU&KLo#7Sy>%Iaw%Gh`!|A7Ak}m9!sG| zV?)Kb+I@Hx?}t`FR@jp(^@3`DlXmbvkt=1Ba`DI*7RgGac4jZ_?lALB=arpmEA#4$ zSyTAlt9FtUQEo*uur3lsYv%0ut3fVYWvmY7L-kI@ulwqKit$adPO|l}`H=li57dhj z0)-tNlI^+Jf4U+Dl`c`tt}pq9j+zV*bwevYiF0eLiY4@t{4+RYbUDLe5+7IGmE2mW z$Hzfy6_&@_fJ`=ipoUX>S?|F+ot%^Pj-Hp!vSMzex=``GtsS4YO#22yfx;y;&!o3HM`* z5?^D^?gdvBpqmuZC@ajYK8Ue+V8PKeWZ*NoDS^v5z^i>MNQ6%gtq_5yz7V#TKOe7u zADoeHV{aKH`+JhD&?}_zC-@Vvrd)SbUSyuG?K|rwNpwLzhfq#+jG{WW)W~fLbf_v= z)veQYt<%-bIkMJw3RUy6v?gx9Gp+P8X^W@kcWL13$=lA-x}2f_V>feknv~A_qe4YH ze_+UmKhm_aM7PuM+F9|NLF&?W74PDuQ>nLg*`M4^X5Q#;OHm={4QMHrihX`a^lZd9 zN_Q!+P3!2(%;ME3_GbOkP^#nDJRcl+Nl?X&5LsU)z@!&fy&t#ELKL~jdJn)?G zKKC+!$!@-`(*7(IH!7Oz$8CwHRr;9yeD{w`-Sv-84>XwApV|I}nLN|w`&WUQ76^V4 z)@3wew=B`X^(SychPg-gLsp4HzM-miFKN~wt;l`msFY7;TKjqW@aFNyT-GcP@9ABo z&p7uQGne<*=|!PkA$Wc)ahlr^uK9+QX1s^I#5tc?ajy;_Hu)3srG~wSuebESWo;Vv z(o%uVXrRsJ)c(KIHnI1Ue^sRpr(q}msY?Bf{*S6uWu3IVii6e#a$i9{#@=8d@Hp-l z1=&x2{WE0d(jtVhgbM;jr!CKMbubQ;Tm&DdzVv3Q+cb~z&>Ji3HWv5Zq}`&yVb>QD z7MvIiElG4McBTzgmj849O?UeXo9xgCD?B{5Deb$vn-mM(`~en6^18aL+52 z)rud{j9}n)2>TkB<;1825B1+`(F(dxa{PCR4}VpoDx=DWEU4G-zE`FuR9~2eR~P$t zSP}%K7ShdxRqN-3bK*?2E-s;wy#m%gR~)hN|Mn3zfBA^)fAbNqiT~~+4gh_`e5Taf zfA4`9ISaZTKR!G)*5;4^_?WKUnNX% zm-F4mRkkP|T6C_cSqwpGB0=LYahaZgV}(=N{pa?ck+94MHfuDV3d5oyOWu}JiK-hk zr|L^qIpBu1h8e$uN<6&snXQX}VfOGJmBfWA=+V`mp((cQM`iZQr1*!EeI>sg4sr2u zm{|9vp6BlkA6eABNrBTBm$lI=d&`+``p8SDBz8!!RD%^t4p`Mo4y?s@(N%x#&&+GC zPMC`o{vmTPo13SiVsBP*Toq%ZcSG@ny1p}?3EohRh@F^hXrV(@)*-Fz9#%58lRGqB zFlR!vYNx7)C@J*8JfwB2TfRL)FcC9I@>#y_Lws|LPzd;~53C_yxrqHVBC}tvkHlN-n}EvwFRA*d)XWlHHR&@m5olZ3xHs=?pzEwd z*N)w^UFYR^b(WqE%u)~RAu9Sl-C3#nc+<7|D+{7uWNw+!O7LWVqxxWKokdl=gEKZ% z9=9}(;xvos;<&G_o$wlXx9mhC0_v}*Vyw{o|SuNn#1EPD2o1dIaGXnk72 zN5@d<=JdKDoG{*ja1Jx^TC;=h(*P6LnLAcB5c<@%0knkf+;A19!}Q<+n(o%r-LR@b z;>&d<0b~ZGR2)PkH2!_qGT7W>p_1&R`3f0|xJS>jXWZ*dLk3Y;V2v;i>iG*E44(dN zs5WLZcX<4@vdXzQrU~7SFtuWmSgy+TG`j&V^`4to^V--rBWt2Woy}Oo_K^@2fvJQ zUJ6Q>%h~ezdf6D97HjM#(5$i&1WYFQ%eMVT^h9A-6_tc`GsLoRZk7@%i~#|aSnr%N zfQpFVRlPF$1`0?^xQNAsO2r}75D(pMp)v`E>hrPSU`=7auuyb!Sx;fmex`>=`{O zILdO92~;WdMp;xzuvq%THdB5P!{2lZE}FsS&5<>|KFcs#2KOS)o65JF%^d2bQDT>t z?M-b+N)MI=Q8T)SpCGEAAEPL`_Xe;K#<|1*NI*n~Uf{7{7^c4Ilh#y%i7(;BBrG+7 zkby`_GV@xi11Kopc%HgIGFhzRlIY@QU4#)!ZnL05o(1z-a=|#?2t3b#SAtPAU(UuK zsF7`MdnHXY>S$W+k9_0~NtcgzH{WwLy2{z|wV=UBgi834@h@9!y`HRt`5~RlNG8y5 zZ7<5uqDFro(Pv=Bf}b+AJWuHVi3w6`#qX1tQe;AWS)R}_PxPQNR833nTUzsA<;dYy z);pSR!3s%h$?ULKX%nZNKLsELt&CRtkvlUZE{ak$^DZ+`M5xMCxA z?8VZ`XH^uHQH{?*AUp!K_xL?E1Jk<8t73x_Y!|K##b9x1^AepwcefBas}d%_b*bcp zJa9wHY3(cXQ)M(^tMu29TQvt%b=^F8XCo7|jm?N2CK3-e$4^43IfD zsP(#_6CN<2^!^Tc9nNUR7*==?8gfSz6qGBRu#%GNESyK2u!^>4^AEdTn;p%}mv>A! zg|hlybFC%F0o&2v=)0C}eb7sip^$om% z7L%0a>mHy$DA(hLmJS26@#??F@@dzH6du8Mp&Z= zZ5Spc4E_q#7B!H~5HiiK%u_X2fGDV5^V=68DfLSTfA$?EE_Jth#pGB~+_4dn!3+ng z*G&OeBJemVtAX8#;dm)nxg7|yW;@7c@yW|H=q7b+`7(V-PRD6m%{M&xk~=_mqS$V8Qg=MDQ?WW~oWp-J?FB~9_9 z3JWb-0&I+3oG(2nQ%RuTCz*9)c4KPB3{`Y%*YQN;qVhuTYC+#U7A?0RFLjX?CJ#Jp zYwp2WCG0pQnhNR4NoR*WNW4*FIag^zW5j3+c^^zru?uLUA+zG1PVJh{* zZqy`KK^1oW;Ei*+vm(lyE?S_3Li-*=4rJwhoa}pHH|qAdV9f&+tx8wmCe(;(A~lw$ zntShL^X9dK7mIM+Ckbxs>wM+^u;(8 zKmw;X3oLCjwjOOb5#cIB^8d%ySq0S%ckLc`cXxMp*tkn^cXuyPWaF+aPVwUIMT)z- zyIXN9viITr-tSzTnKQ{nZjwwglga;ip5Iyvw!et-!*^}72$t>QJXv>jx_r>H0BeUA z?kj0HdMsbTz8m^6tQ&h94C-66aARk?I75|$iOHL*7CRc>pAFbO5G#UTb$~9iBq2L* zC&?m4CHzvvg2a74W81S1Qwb6;ZJLE^(bgAhxbfbI#l$tO$Qrv$qwCUiY?V5-7S1%*u4aj+3v)oH*KscETb3)lO#t0T z-XLw`-fwxD#V`Tl<^iYKM#}A(pB3vt$GPTmS*}qZhvlAxM`~34=q+maWeqjEW^Hdf zdspnM(AP(;aQ)o%@Ifk_?7V8>L5^~7J8GqJa*><_BxKod3wve)Kb4>5cF0MBfL?Y4 z4rx_xKMaObw!~iVtntO2LN_*goJS7MS2Lx2R_F*g_o+lS?%O&kw{qHFwMJe|PWcM{ zM7S7wznwn6eGG&_-|htUm<7@-sHxKXge_GcP)oLuGevc`pvA-)Mak6G-xAH0${)L~`DhzxZ zD+&tlpQt~qDu>>Z2$CM*{7od%A-yUBcMaX@ZzWagS@QP<6N5N@WOpKiso+a_=dg%V z)H6)*?AU2TW(qSOp32GJoVBGq#ru58XC%T|c1=UL)JgEiM{$q^=$iZzef?igOj-ZC znhNR|>UDri!EE*`klxl~P)juIck*nW#N{8ip!^Y{@w`Jw?pJqOb%fbkf!NucZ|Stv z)U(iSZJlEALC6+)Iu3M5Wf*^HeuZBNq!}te+#Mm`Bn)*aHd34XWforz&kTV^gYquu z>&$>7bf;x#osR!!2+Id)%#LJrLD@*(fWJr8iPN8YwkkLKV_VKnBDbFm-))!qWq^7T zKaOn2#ovugvft<=!J1V*f{ZZh zT4KM?{T1;Zu2u32v&gdgthR}6EV`Wv&hn1gvT=O?b?%rFC zU!{S&+K`>)lq)|@6)~?!KTG>dBM2Q0?Fst=Yz{VCtOe)zaxH_S&lz#W|KWW2U5OX# zj*_<%fdqMsMv3(QrCoRYxrqB=9JYJrWbI5riCks2$MQ-sEN^P2oEd%cOj|B99W{&Pu5)0;YpdkA$JfC^K| zX-lP*U1^Y5rK5la=^$QT%%?SBV{j&F%#;>oNdR8kBFov^Y}ph%gR1Le#yg=VR`O&D zW@rGBll*N1^(2T)Z2&)?z5Yl}W~b({&E|qV@>rHtyyQsRxkrG!Rmb#6QyWB_E=TBP zY|&SG0Dz17_{3F4?CN*M!73t;hu}#n?5*>5?5$Hmw#6e64cM-iU;a+2Mh|7l3V$Z9 zWqwOAysFVM2h!-Mnyt*=^(aubg&KLb4+G!j?cTr-OER_Zaq%#0sr2aYKAD-xaGX#{ z5WhpO2EjaG%I_=trQF~H1KZ*Ext+ct67^m271>m3(o;5=OpagqqYdc?G`{M25bkP}qbs+~n|uDPO$C zWOj&S%g+a?S(0yaL<@FXaTB3I2L+-{6`=KV<7*&Qc}F9HPFKJWw>1pJvcUH|r@iOD zdO_*QVC-;}#Fp_1@vQe900HeI7}O`h4CcSxta%6PH_k&F!$rda`YUGL0@byG^W{Qj zcZv-XX(9l2)mhKx&q+F;1v^r6-Nt_dKGd}TUDt(Q z2!J_BN}qsmQExS%o)lYquv#xhj3$*@Kng`Gd!kyZ-R>3>WM3@K#UPd#-3EY~O|$LW zyrjZsLyxV3JS7ph86yE1{w}hWZKmJYiv|)(iPOhCW!DhQjgz{&`F=4zJyil3s@`(> z6v&(~_SZve#6ZfDKc-&Ug~eCKsC3C^(5&rO$LWX2diCaoI?;=JdJ0ZRH-}8OvWc?# zdG~=9eWQ;@q9*z(I4@28u*}1rx6zNCh#*(#KnA&%w3beF0}=e=?o!E9?(Cn~ z;{jaEoz3sgWA9&>JW9gBsq$Z0db%4M1``(T3>B1X4t$f)uBY=e+s@|>jR7bCyLI)A zv>9oBHcGxEY&jL&ym9l!_<7qt#)!;Jq+9IC+DTIo$s^_+D@uE2TjmjZyuLOpyi$Wt zm*L}er-^UdVMPVlc+y+>v>hnWSj44Q3jUj<@dO6V)h~hhZdq!;oPCI{SMtcIfAASX z+;6nzn#~h9(Bvyj^ooj>Rwnj8>I!m?__bu@s?NHTbN^0z!PPwuEjwDdZ)z=0a53{1 z<_;0p))XJ<05h|*sT8|0WooXXtK9Taomq_=me#H=KkqL%>s@F`DOIuR^0=o#4}?XV`kCqiUkV4|B&S1D7kjO+HJlh;jjU%1pkz1YPQw_P z@%%Z8_%s|0MUF*19jh8aZ#0;GY1xrg0-b{%*u#hL7r5u4^pf_^98x;sgn%HyS|Ai{ zxj(I1>Ed~%FSm6@gUoMfYcz*&B?AeR$9b>438r;r0q=-ZBE}aTl85k$lWxpiEc*f zaTlLW1Gs`YOVx%Ar)Jrh9Wr4JY|=~D7GW3{)ie{O(-b=uWGP*+h$ru;EhEH!K6CnW zeplgUmhmQ%o4FFoq{w+>mSDjoL=lRUY07rjn58RFKXR&3oiCL?mR9>2XNL)@gxly^h!sZ zwLW~-nK!|u@!3^gA+aYzS?7D(3B^5pRt%Ae#H3xS&l>y~1%Z@QqSNdS;H6LPD>G;S zH>X}!9K8oHiqb<*yjDMghxQ8qbIzWXaAZ6vewZyqAoB4yM&8~DQ>qQ3?Im+sna5yNr0bzAe~kgY56XB(!)L5;E#p|4A@LI|af$iwV0Og9W8D!R+ueSoNQ; zn9B7xU6GOdK~Ia%iK|J-4qRtc57<>r(+#g4gLtOUMH2s=s_W9oUQ6*-p?43~zd_^_ zX(s$S;1!%~>=aO9C`oep{ARYg0}tI)eOM2G7zncGBxUa%oo43M7Z56e7`12IA%x-1 z&~w1u;(-Hk2X8n;!A&HSp6{P|v~4LzTqY%FOg7 z^T}f!H_ylU?wYPua$V#}Q0~XSG?S?pF!Gf z*GHS)|6QX*2CpG*ky=n%rbL?yD6P1H2u7tiWTAjoeeMq^8mkCBzvokEn^8IO9#vTW zxc^Ou@`p{m#IS8G-3jRb2GzLQX;5$7j2Bg__~f)yo}lFl9*PzDjT`ljlt*;8!>$2F zk&k)bA^&v+{v7|g{s!Q?V_^lS1>g)mH2I#Cy~&q?W6M-3=P$X|e)QwT`h2u<;cNWp z^ie65g&GpJLF3#Rqn@cNf&nR_6Yd~$2?o+(L&`7u-N<6G{S$@Mn^iuC3PZ7w^C4!K zEoDwWj@8H@DWNskgov7_JdU`Urtr^M)lmtM-{;n;!09gFXHxy!Bg3b`x0afL)kj!z zrDRj}RB@+e0;a|^enYUkeeD7Ia>(a_H_6GGZ^6WVcP-B(mbHhf`3!>Ej#JJn%Nq5H zaWoSMGXWwDj2R0R`uAZsp*ls{T`Ze_nnU6pO<9mEvn+7U7AP?~nYra9*{jE@n7mTB z0e-IPPAKQ-A!&!KvJ`)xgj(6kVH716&j-3fir= z8`rS-7`SfV!w&P(Hd~+Q)!wbAjQnHpiUqZO;Es^8haRrSn^SvYo57SaeXghT$>vwuU|GXD}zAUFYWnpgkQXR?wT^XWK$t!R=i70j^>xsQl|R z0Ijemf@srhb^MF*Uv+l}y&V0FGGTo@NiyeN&!cDdx}YPlr@$Z5A@ZA6^Xt-NOE&)q)u z`pj}9-u2P(^g9R3YK@fj1uF3~3-K2i`=ePaFK=LEj%-rERnwrddGVT>k^&RLr#*5d z6r-GrT0)ye`GACn6oAN~`Q zO?}B74}O=*L3~RH$MDEqf+`=yy$B(#yv}z${KgwQrL()sD3KslS)Y)T#GT9?(ZT3* zUSX3Z$LVw0lnwVFua`5f{RNc?~w#a8q{bU4n*!s$nYz_H#txmXgZQl^$m) zr<6Rubnn_%?eDHlyvos*^W1?!FBri+`%2+1i+j~sbI<-4p zHh3_jZc}8QAxQDxmA>|ryi_!wRP)^Zf>a;WEn9#wy7hUa@hJi`}W%4zbXZ$<F9RJ4rc?n zUdC3EGEW+IalJMhbH)hG`Mm}F1dp$sfvm{iH#P=EYt@d-L1jH7`)63zMJ&~7K(*mS z7Kzo}N3gBNF6$th%ml@Kms`a7&sE}9B*bgze zc2VBsy4~JJQbnhdbrz+>jP&xtL?(tDd}nr3SEXgUHY^daou=gG%O zD$|JAA6{EapT3G|KLYmZ*W*Y}@arlWB4}TCPVF)m!LnhX^8bj=oA&nS%Q*mLWbJeT zVkuig-vUozz9J)C&kUjG>Fsu2mFe^UxEykY6Bz{2S@H4pg7EXGvfx`5w3;OU3y1$QQ-!8k1CIWRsrhSRLG%>9*o#j zxXOqbdPYo!2&QBJBw30=wNNLFjVBI^xIco;m&TU0o$*(k`2C`Wa=tUbl#0N=Q{D%6 zb4`Cv4H~9|eA}6Nemvaep?nJq%FAf`!2~`i;1?KWCksAE+AF5e>?ey3{1L8|#RT!9 z&`S!Y`jO^}gti`gg{af%R0QAhr#xep5!1D&%Y7+lPGMa!jhoe-#5PAcAwgT?3$!Vu zr>Il#K;aAa+R3(8tV?j~1-#It)bC>zoNk7=P( ztm>BnDbpuYMKewkhOekjIR5}g4D%MLjPY0(N_O6!tda73ESXKM$#ZWdPeY+u$nsfI zk%%fEhVNk8yAuQfem+75@BICX9dp(Dhhh5`j5rYH8{a00zly-)>U;2eMEr$fL>DSX zI6K@@WaZ50V)%wbM=bE4G9CST2D^QThkuo~6kECsmA#vP)z;VE8SvhncJL~s|L(xs z=?VZ4^y0-A^mhI@q$<}4T8*%<-e`Et$&L0K39%#gq)H5HhQc(eBw!7zxG-%plX#|K zn{yF1YlIN)^1=_G`{BZq-$_xqbOtp=9<~g-{sR)MJK4`R`}Nz5kO91i7$h|LwdOuq zSW4~>qO^YIQPwz1v)|E_Qf+sHS1pMwc0u8Ib5n}dba6=7TK30`DmObuWoAt4czF@Q zed4|5n6FTD8%k;J(S!l<+(vks`a;&0x)A)OdA}vC&-Iz>2?YcZRTM+6C3;BqKE*I* z-qFDuX*2z7NsFzo)3(Q<$Ck6Ah?BQ zfcEbF7LkI$YG%4VvkNV4=6n6-bhh{fi!hKX%d`@_(gdd9o-Dlwq9wkL&GsL2dSct)xgf9>JW6+V6 zRYTcXx%Co9{Wj{l?>2Gg+`ndZH?*8UAs35YUi2#{MWc7Absqq{3e6~aBru-|N$Nxn z$E43A1AZu!^E!+aE)UQbD%5hW#yB7p)39uwiB2sLQ{<2Rg8qtw8~LsEuFo_4 z={958pHAn>RzvM4hDAuwuXzkzd&+s&-yrml%dT4!i;r;Y4*btEUYHsO{E6Q(ekYM4 zY;i_pCbY-?ZBI@lH19|Y{o7Xf;a>(F1odG8EbzjYAo_UJG}<6#b2Pr`-Z2|5YYm~W z5qn&b@cZS3-6&ywt~tZ@>!bi16C_vPM17j6EyeguTGs;qB%DxqC+f$1wPv_8sX%NS zvO>XfVMx-8RX}sYpr>i`d{p|Ohc`axxS3}F%i2@0_Woz256qE3y`5tmbJ#sS6GPZrh;ZxW{j#RsA4DP;gGqZD^-8l7D<$BHz= z=2{H0WLm37y(O^T5{YseQv)H_Nl^P8HQdQGvG?N&*+ipLC-^s zVbCF-a}_9Qu$SP@Q8uQCB^nG*Qfo#BFS`JVV`xuKz@sHBFf;6DIWHh~!REw9uD_xh zc!Sx!)$7k{?%?%#P+t0!0UxtflRCAF5nAH7)(Kv_3B2W$SYECy%AmXqXzyHLf&KGa zXryya?>vs?;_~$Ne~&7&jAZ$}a4iblW-Z|CZ{m!A>!Tx86FI&H>z=nO4;-6q)0#rYYJe`<=tmWN zN>vhZO3aEQai0l5G<*@Mr;>1FA-837M_8(vV)~u9!;FA3m6|Ag2`}UVeHbTypf+Cs z6iS~^&yyyL56>gWs1DP999;1VNyq@DFB@Qh-vx7^;XB}PNRUdAoglbR)kkOlX0g!~ zWgIwe5vd893`1rrO{Ut=BjNi;JEy8fo@x{>rmNc*5ociJSR$S<{aQCI`|@_Qzh9lF z+7+6<@iR0>Deuc1MrtPaG0u1m+YRq}7)V07<{?eCK4Yl}88y0Av3UW5rlmcTyuQRX z;@?+tg!KZViut-mkRJX<@Uw=~7ppa_MXHtdLKNJ?B5`jV!teCh#7h@kQcu_4!a4$% zUl-%RnK2xYRo_l~d=>Y>=&y2PFG-(w$pKqatEs-r#m_pQ0*Ub(EsUaP)Hd+;$t>^r z4i7>i0|v`k-12eXC<*_3Ta_zh?L8*!C~+u(rt65?7soRAv+0lEb363a>vZrW+wX?< z+ZgVp1UF}I&-r9#j+G87cAuat>BMVqq>zmfijm-*AVEb*1v0YcJ&)PK#k9O~}Jyv4erYvj!QI zLU*xFEc;F$xLgg{KA3@JHeWk6(GT#Qzk%j6*svW02BJc8@{{qkBE`iuviJ3fm;XpNzZ3m3+-Hoi~nZcqsGV zDA*yLJCxAuP=;T+rMu$T+@b~3N0bjBhM=cbWDDw(Hv1Bx5k_wL(rNXPNRj%n`yK;m zir&hrD7wCqI7!3c$S3E-!NB=Aj~ZFcuAU9s?z>qMRM&+=(xSf#4PL_GhkUh2j`8Db z-A(-~;F;?&DrM$3Lq;0+Y&zIO53~ono}k2%3{7C(u=V&Od(5qBq+gQzzcx{` zu_n`PAK)XTN%lB73N2G2NJ&9x1jDlY2*|N8ygDbrCDHF1QGB1v|8CDk#9oF?gUQ@` z*Uy;;lAG$}&5Emzq?!|=ydQv{xnA&Nz9W^j1@j*}1Lj=d4Y$QBu*>1tJ=hAP!yC4x zwm_(s!sKs6*fcFNt)_ylV5}AFn5W?h*LWso>vDw*3*UIzi@%WVpTVD0v?8d34QX6cXxs)ezkW52s8h zL5{=Sw}nZq)~Cg#QQJ(b=y&>(VBK^KW#!+*(w>Le(AKYDPyzW0IO;Qve*%>yh{(JG zISUOv3wYsmwg{i-I5akQu(7)ls0Lcq-`MleYdCL`6GAN3PvFu#@`7ScOL`FR*PE&p zIn&tpaL0x6tRkJ$zFtt4+x6l1-;Aq8FXem{GIz9q0u?W@68j+!m{- z`3PW)yyxHYbTvy~C6L8QDeNQ(X`l(R@uc((X}UPm6>3Zb3jYLe!wyJcB6I?0 zApxO5Cly57LPmUDkA3Rap3;O*&Jj$6(iPsn>Uf#1UhT!f8F)4!kY7r{JkfPIUf}>qr!N4D?1Mog-~tl;c__KC2lIc zJWdU_}42;NB%Ry~U%qAft>JMoJAiAFH78_;*sDb0dtC z4srfu$v`+tOC+Im3SP{VT4>6S1rt8N!^2m+-lDCP`7?_AxJ=A5^$~6sEY6#sib2iWsLSzOUu@bOpRFOp~CTV4x zJ!m#Wb8CEf^vTDK{w!2{OR_zWq(491R$IIao@!BEbQ;|1i7|i=Oi){NqS=o7JaomS zbI6f=$`gJ30J24*%p3a|>y(Imp#}AP6d!^$9HaIbbo(7C* zvco9BiUSY@4o$84)tkNxv)L&j8zwRF%mqCNo>TfYyj2F4|CRY8O&QkkG(oJJ8);i)ohP_%)rsN+C<3w60W`sjn? zPgk@=Z9(U0#NT$ZJPZ%PCnKeLwZv8I2(fm&-+yq$uRXLbD~q|QdrLz0Or_3EHz%CK zQUlumEOk)oPEe(|?H)_8%%~krlyDV!{P5c235c<0Q&5dTHthz~DWmqh8)JqliC`~q z5k)JwSajG7md=dR&rK|a;oG`06|b-Zbx)7N=1H|8O^)6j4_>C$^h9Vg+Xov9-q_fz z-cg5fmNju5<|wq^*cdIsd$sT-v>P(rG@W99`n?S@az(;Arm(L!bW1fxxMY@$rCq2P zRB2%&mTr%2YDR>ru<9j=C=LmiU_=efG-}%`D9{8N5))E=JcPNDKE7LJop7y~Q5shh zWl+5wU4KWyv(ip>m1vcXx3uWj?c1D?y7DjiVvSOjc7-$*;1y!UIN*IrV)TO`sgR4v z(^{Izu7jFKcA+sA6T`>SsULa<7 zT6WHgF$4mC^zE5*fu48G+!kLyV|%R|u&^re>&7>*V;N{d>%GbuT>uSrYg?ngM>lt8 zZChak5m_Daj_<95v@8J&geS6<_#>YreCCh4#cr5NdMb@mV1{xNto8Wxa=Wd<&-5a^!|dx`PgPxb=qumm z)hB)7$0xQzsC87Mz|kE!gTU^Zz@Pb?7R}1W+lG*LyY#izvcNLM>zDqxMZb~t;@(IPXhxbmUa^OL$VT>tt8(%x(RtfBE-@&)rXN`(Jmd>6ID${wDja=) z;m8t^6=@~I`w{5jDd{CG3G+*Da@jT16X&zZzwW3{EF((FNJQjGM*t(L1Mf&Egzsu- zst$x?VzWEJ;>Af`1Q6e%#P5-o51+YO9}C}RLBLKj0ga8}0Qk`3#kcPMf%m97%-d+r8nHjsD%owLZ^#q0!2uP z9yq53vb~5Jkd6jEYs_a$azV5H(IvQ)5Hr06JMe%z;7V`IH6k)q=%nJ$7oH^Kl}Yb_ zIRy80{|>mwf$%vPCMK@UZ23A4Q$m5vlh!kjo#K;x{btmAZi`V-?caR7+5P>7_r#qg)0o<}pzs;9XT<-j(TOJ-Ws(4>*u~jJ52v)A)B0 z=9+)bFLI+GOfAvhVRhok{Jb#`K;@f)?XI$Le#omVR-8A$lE!P7a;QEL`Ix^o?bF^x zJp_snmEHl!NUqv$O>=z54|*ge+a%1KG4w3udI4}oEkhCplqYQ|2Iv3{W|}AJFBrAn z-=1RB1lUNw@aDf(OqNk^?$A_^)BZhMqsMqadKVTriY%;m{>Q>6y%CJ5ByXGY!zDs3Y|`@D{SWBPB0QQ97{hm3iEV@Y80V zyA(eQs>@GI#e4IKp7T1OtP6KW-sc&mDiS3ak%^Uo+t2Hv%^WPAjdv}AcHhi}USID%jb_wOjpD{S zd=N^5*PV~Omj6&|v1>JycrPQO(^z4QHgH=sH%+Z|%t4kxis0G#y+79uL$c)Oe8Ub7 z&j^|qCZcOx4EpnJOsTg-GPmcawRU?=^>Y)MGHiRS!f_ajgXmk+;?9GD! zaBL~QnG7GV8!JL)E%Q}( zqnon9S6ZfJN&w*%ox|JwM_$FD?;z@TS&|4?zIfO*Jsq6Rj`2eLB?8oW=o$k0%=5`v z(k*ePIeAk+sJXI)5iJeJm`0uG#J4b0?3us{c01bXcm1+i7#L`Lq5v%Qt*^ghcW~z_ ze5RWAAW3C^TbM!4AYRSpW6i*pb{B}cF;SnL*Yg)qSQYX%3YwZ@92aC`N_f185ElKh z$kbkyjNIqzi+q~#-Q-EVnlXyHq{n_zY2i=Afxqi*Ux|n$)4Uw%7awU zwI9b`#=T<0?C7#%?vry7a$~PaFXPMh78qs!%j;hV=_F-)UZCpqT z^<%cyb_Fo|=$OQoN$>>cU{srHtNn{OSHifOtSu=|y1mN1&q0zT>wDi>o*$B9N;OZB zlyKLDY(^n;8|mH4Pj@K8qJup{DQ$QJa25-$E}paeP)uY?qk%(s^C*l^hGrTh0ZXV^ zcZ#9HdA_4uBb$1MFahtnzJ7hW;6~`btyMBA_Qrq5#Fe_%+FxsW-rk>W|EvOq{@5Cn zEkFW7Bs2#_TQCNzBO{7uk3Q);iaJz?NIN>q^@^zA`4N;*=hOPpg{A90y#d$m~rHqQ`I99n^#y;WImbS?opI`pRYeVtL1S znTIq*FU1e}5vBbtlU8#TJZKIzBi{4e#Yxm9;D4{PeXB3Heq@2R)IOw5LMj5BKJE>vg&g`@ z(Ay)BO3j7;27;|v6ZEJps3N&wLCuH zH9!{-eEv{$FMX#F56}^u-MAZ(I!p@dcu%<=403;xWt&O+C$)!~;*stb`W#BjrTRCX zVqBcnKE0^%xk#YJO;lw;3v&hOHo!Yx(`NC)eQ_eKMGv}a^;^9nywFNL?U@v{eX+)S zBEx$8jViu6%wD$iJ6yY5`Ffw579o4Mf77J)ruLwJi)W})v50;9b&$tSIp-KXDMHz- zwH;HVRd4V1Er&hrJHGiJyQnhD=+-pGkYJV{bR+wUp zb*UrYcbIn4vJ~wFljI4#8+~C%1mhDRIei>z6`!D};vRjDg2#QKzNoF~+^%(fufPXW zPM?{Ne!3U>w|8}S_vG-!#RJmsBR6*7`ULRm;16tYAyx<6CaK{yvJHiLZmh!}+BX-9)$!~V%_rw2q5c)pe*=ec{q1-Q`$RNIPb?)fEi zTzu2N#Mz>r8@QF0Jo65^LVJUR@re(zkR(rWg%as*^(wpb_EJ)ps9xLny$`?B@n1^>6#|k5DuD2Ha=VRc}YD55A=b8G{EHX>o3>;u_^%c zURCdHOj)HGK4swkrrROMuKkVFR-T;!pTW@54on zgz;I3Zss>Om}~ZFh@xH!-&mVGWEC@vl?b>dye>n^hvV?b6^4Ik8!>eoZZMniV_r-y z$jP9&%TzP8!^B;2c9_JMJeYOT_l_}U8 zM|@ha?%lcszCo;^K>w78?pVhm3ad*;G@$pqkjC8r5U;AZiXhiENi9Olr5B-#Ht=R- zhp{38rPXzqPe%7$-@WC4+8^BGx3}>ZEfo_W zSlAJ~pW{|jxmNTt1Ber)cIjCf0(>u!ZTPh|!YR+K^KKn{oO>~m%E%6FJ*cU6vjrCi z^_)qR$m)ILBd<$NW+&!5Q8Gh4p^<5nM%1u(w=yfdF15OLKFF$=SI_+!~Y6gtj=u; zildu3&D&7;;3&e3)R8V$*ur56tNVP!YuqY{J?(VZ!A<WTe_;+@P|M%n zd0GTq7-jdN_|Wn%d6#t*_xXc|tX331w0zR&c3bzqRVegKHmk9doQq*Jz`jX`#z$y%&PZ zt6F0yWP`)+2MeECpGk#N1?-4#kN665sX1BB_FBA=MTosyU5jDHvz^`Ksi78jA^l}?QQjJS>|Jkr!5{OB-95Tfyr=;BD-B)QXed|J zdS($I>?lBSNLv(We-ru93J`huxCn38e0{W0>;VaujQ7(n3A7M4uxUBV=^JaJE`^kt zxvLxCAdW78wkin>?SByy76g~i+Ws1kv@&XFG}Dc*!MP_3&|Q`w5bCr-&-xB4g@+v# z(8v6f7?w!tKwjMq3)=|Q@-T65o~xX_zu^qawkDv>2)^B^O#YD9eM za40`39GdTz!xN$Z@;|oR0phMuF57HCa*^}cu46sF-==?Q#X&$SnR}l>_)Aa7Tt+9F zsM~sc8C&><3I*EU?E)Xh&8HW&59TWBWP*W8&joL*oqT$U&l@j2Dk6fnK*DerXvhum zURCD&NCTU-2vtDX26?Wp!wEpMN*5-Qe>TMQ+7US)DqS}?UR*oU*EIysvkYOg9 zXbp*wYAIIR3dSc)A{gS)O3zATJlGXaHfiIY5Z`&LBOCh+y>yWWER#8%Ba7A>i<*}; zTytw#DKhxa-R%Xj%2F(m-E^Po@JZ)FcEvAdMj$9@WfUN}-`<<>iFf+XgdNqteiAtN+n6%~w!wt5cE@l$*RKjD0- zdgrfxk8<#Ps6=crT?!{}-OvA-TXPKFneQe}6=Y`{ldARU}Y^0bl8h2<(){xn6URYwX#8wY8lEBZN zxS#>>dEqPbY{%Va0F-d!J(e11Ag$tE)P88*ac6~x&+0o2!*L>vm;AQTlHcCG#hny2 z966mSPt`gLM>}m#hDwz3lgd{m%*2{`{Ba0i{l&aufmuTKD=5wg%Z(USnZ?5Bb-!2o zflJmXygf_Fk~>x1bKf!Bi=?;ZoMtP(?A{;kDWl7tSJl+~h&VLWP|=b)yk0>FzGk1W z;ImfeQ$F!R$#E!9NqNR8ykEq9whZwWm1sRLYJs&p5GUa@ub(YFW9GrVZRKe z00IZd#n2XORTq|(hSWkMfvY;wVEV0E7;W(QTvM)`1Hk8+q69c;|BaK;{Xn9$$nNZf%k<~|clS8law zkZJa?<0@pc_jtjE3#bNoUuVY8-tzCc>vIcu_AB-WG6_fcd!A3wJ%JaW$X?ORz6G`V z2cvtTbEuqe8jCNn(mq4(n1z|eGGt7oLCxlwOqyE^Bq&E5k!Jey_+s9Vz7l@v1+!Wg zd^sJyg8v8TwZ^<9xQ=71pY#7k@&&P~Q}PrZTR}#v9$jGN>|N=X6R7S9{k6wn<$4;@EZ@aJFppC&3B)wvjJneOs96}GSln2_VufCJbznZ4b}O736uy`ay>I#?Tzfa(X??f1gJ7GPP5iwI z^0#28bt^Bqw4(~(i(@u6|4Ps?c_8T%ZF}w4wH}PL!hbp4|2{uLX`4;=@}WCHyYG%D zUyF!zIdj<88Ks~Yo3*>*Jgfg11JZfKICN{)v)Ovmu9Ty zBUW)LX!rjNz9LR|vCF%e1Fl&oF%QH~$45)zPZ4licOt3a)mSD`2k+IxfwX*4krM`S zUDy1XcNNYQ(OGIA-e1TVx5AyiWW6pnA)g7JN{53nFXacssvtSFRzk`|67Oy?Hv^GtF>|O%V3$z->wG`;I^u)&+{GgBQq|dem+{S@LeLnp5%bOB z^Nr+ENEvYoArNb6GHT9jnPHe zqH+o4mlx@`8&|-50dx>3$!J_WwUN^aC!*(YcF{=nwhI3ovdLiwz>D*-)~G*W6XC?? zFvvR7r=E4bNwsoeR=xH~yhMi(REz?QNNr!OMTTU4^4d3T^2(*AWL0e(07OW+t@?6< zuK(S;Kqg@3MG(f&=eZ;5qg}*I)@4U|`(Sd37u4#S2eZ|i(U&?s!xeYT)8(W8`X0zc z%E2WTWPG{HoDjL5F&i-7+)2@p(9XISN#Z|FOU5@cDWfVP=*Rc}LrffT`0^Irqdvq( zoPz@}?cWuM9`Z4%$f$>VlU(C9&9p^td5z5uN_u44@dg3^E9zmRLeHRxdr`jOaC!Nc z#>smH)fgTyj!XzZc*bPSUrO&;pf@DUk6{=yrLJ=^sdyb=S$MMS8AWKlUEnzM7#aOs zT8Pn|^~lk5^BluwA_~Rw9R4ZUz69GX>pu&Ku1M>iM|f&9cvw)wcPyincko0d^9lU& zFq!ZA98!Q-rOng1K^U?vRH!q!094wDN0Z z5o|s^B2{h+f}^~e&QlxzmTtT%Rl)tnm=7`vFk*OjwfT5<;@MOJ*VJ>nVEUE&_V5%$ z9;3I_v-Fv^{K?W&vQhjT{(I}+2b%f`8eR7C^Iv7%J)5H-IcdChvw_<~jcy%oA=gd4 zcpHP=9V{LXH!k71r;l9UFb6~OANp0u@l`Xs2UrR`E1%1xxz<*shQm73S{>#R1h{#_Fm*N}hdhzR%G!FLeD;{(P-@y3@p!omLLNs|nYiF2BL6hFOpJ}{~# z=;6kk_{4lnJgYpHJitwg9q8i{Stx}CMFD^A8;-Y9@cs)`T3yh)Sj9u7r%vv|XE#pqt_AF6WR<;lqv6-WcWC2b>{ z_)#%&Z!H)+7A2?KDhh@aiqz`OuQEvm$r1mG!i4h=_i=f#R>H($wb1Ppucw{+U@&;N zK(K_SdS1@ev9Hj5PyhvA<@l3$yL;Za8AiH$Ystz3yDFiUOo{V~lQRIglE z0)t8zO~HMZHaYq_brBAhzk7DqZ-SJNx<@&mX4))v{FuAr+He92{6i>;PI%4N?YZaj zj>qHF5!69a&N@1))xbad>wi(0Bg*LqV!w+oDmRiHE&hn*Q2!_D5n~)tf6L*BC@;w= zhn{-)03$b4R}33c6;;O}NAqW2G@4==gqJ>BH`*VIc~z+GMYQY`;Z0-}ZH625#68j= zS9c^wybfdKbOd+9&|Z8){`WZ>kma-dhb;Z=PfgUmhiB<_!z2*RifT*rZgHSGpomiL ztpRuKU2N!G_&vBUk8}rw{}e8L37nD2>HN%PBWQUSyX;nO@+bcv<^`4()&_v&83Sfs zd|0rjH`==j>t*M!z6-Vr(uCl<)wnUpC+|D*rPPUSTPFK#6I~2HbhQ3>_VngNG7gDY zfR#n-Q%uL9grTgJUnqf>;8;mxI8|(&``G)~KVK_}uCZcaRs_7h-7Rfs;np;6?1cHN z3F?#O8J1~*h_p;v43KlIgDbcBcRQdC5$3i99Jaf8dtTmVv~V?M6FBG=XpU_WkWJ21 zgL!TaS(uze{Zg#YpV=^IbG1`xUtfM{eVXqbUSE?`x#HP42R(So0DEB{HGbJJ) z5kYe_N0qNpPZ}vVCVZMIFR*Ll{WiH=+qhiCO6!R%AyMomqc~5kQ;xDoU2JFDZ>hBM zQgfY&K8pjd=DqKLU3w>53EVn_`HF7iM?T+9m_BI>Xc=P9O4C_ctmc^LM*K9dvZGG! zQMgOFs12!;$WP&6KvAWjxrox_&x^4BaiOA$hoFOAV4eH-n_>}!n4u{noH8Ww&tOf2 zs&^>HT$E>ob){!SZDzwOwANoloh&!QA^lDp`5K}9%g}^aNE>LECGRkH^55(PTM_eX zAOHKfuUWhTDYOcniw3)y^uJ%PrYo=dIAMvIobSaThR*%}etdc3aR{L2PTqbgyVR}t zXKh1tOeC%2kE?iu(Kx61{HY@djMgor!V+2gybcz<`v6(Ht!{&w6H0VHa7&yCZ?!uoHz_vKILQQw*H^3IaW_)%$A@f~zQw2T{#IH8gB6Bt%+7$PNqlo*Uxy|}Q(RXB z!|X1|dcweO>0T75sjH$*f@aLmsC^QRgj~BmUSgw1tFBCa=)4O*u-^`Kcb_zS+b7^# zCPs?+WjGi&{z%+d9%Ct9AKw!AmEleD@6y(?^PCbt^sy&Yw(V#IVY%69+S!=nHc`z- zT%K59G$7;<2lom5qvv<6ec_Nqvj@(p&(f%->=`(eX6xWI=y5gG`Vpk&UY)!5$oD8z3AS@_wHhwD*vJO;jl_3J|m6reg78EZ(h! zgGD>3g5S*%X4nAXs6u|-01XTP`&7WgG(H}?|8~$R7oew6t#gRgY-r<-7|@gX3b*;E zmQY8Nx*?8A0IarLZ+*-J;%_=a#`6|* zBtzgs*oPy?Ks3|fqn{T+lB3)6JCtF!0+<8Ahsl`;WO9Wp+*`v$tVP7_t<}Npb?PvH z`1@W0T__6o?E7Ygddge^Ajr8)2mV#41pT#41I>BV0Kribu<>yCo7ZQ#oOvDDKpU@S zvo}(Qepsi~O5|N9WCIBAwS;jl=&XajLLuPG9f5RvGQ^%mk=DCxc+}PT|mujPyt#=gU_0{sN+wX<^2;G9S z6TiLSUS`AU7Gy8txCVJTs=K~8MCJH!mc);o$;k{P!ZaK-?0nDAnYn?%6KjPRJG5uv z7pt{<(74Tf1`of(5iQiWF;EM@ja4QaBuvnB0^+{M{sWr%>zsv`HS{B6&Zl){8C8MR<=GzhfdvYLUUr8SOc>+@PNo55#XGZwDt z3vi#R`t_JQ(8wUVi^Ww1ms|;gAK3fm40_KKwz~%ton@^+tGQMUXkE@ca?V}B?|UPG z9nA*#qnXH6iZ?N*Fgk-XYN%pbST!76L@aKMV}c}E={L9k(^lWwg>PHN0MAVbkxFJ~ zK#=)J@%op+&m*GurX|PeK4q7*ut+FtoX#vG%p7FxK?h?&qNF+N2A0hl@Ce8M($^z6 zp(H!&=#3W(Bit4~-;Vdw&~ll3WB0rajFJ8A(EPkeMUjE8w*w^&w;NhDEFOHSv>SWG zR?qmPwzzn)Eht+UHePwW8?Yw1iwz_A{J~=`w*jAB616Qvy5q))Ue;ZyoH-Vc0I<>8 znGWh9i0A?S(}W&m1pxDuSzb{OAeb0E|DL61t@-B}=m1rSSaoNw1N1aeZbObyl5ve& z`$l9;*TN=fl6vBJGLM{XBN8Hv|BD!EcEVOAGFvr+6*bS~RovL`%HFIMA#&8W#cqG~ z*!L;8TCRDY=uyjLi4@Vfu7wwlVoZ+$vwS&ZuYF>-Pw3i-*&lKgW;-%-|N8O@PaHHX z^9wiBc?cg{5pPyG23VRo{XDTEE?mmUMU?D%tlxSE+p~}^;BPjOyC$f(d^)ZHL8Zb! zwm|Fxwg(`tJM1@*Izh{J&+@z0=TolhG~cz~ner_ZS<|%UFvQ@o`1zUdY>rUMqK$B_ zi&@cllOu*j&0?p`P>W`b3*!i)Z)a2xXvas;1c+Cei@2{8SrDgrj4>HEeS zaV{3DgDj#C8Da6*Usvh(s~E2v4VqMu@lyZo!@D%(zTHg4`(lOU{@=f|wcorO?&Ob* z9tDvOY?yH7M8|s7CA+N_tJ_NZY>FVOG5=QHm7U|etr|Y|<1F*epWA!T`vTu{aI}>c zcTlc1&dP0$f7*A!zcbo^bmBD-K5la7U#?XsfWDwzk%q;(jW8p|005- zUYcXh04e#KqY04z>m8t_WjAtARl<*K`#&+7Vfk-LhNv22+Q$rJM`DxHuu#7L1fAVH zY|MfK|H}_@-W*0zez(p1e-XmdTF(d@rx2a*A+nb|cd7h?MBxJ%-L7%5pTB0=aQ!(h z!2_OdKiP>qRsm!I=>NLbzmxqkQ;5&O;;vu}D(`(k6ViMKX0A~**FQmsA$VjcZh?r~ zM{*}n2!}T+kkPyNMn6yZ;DR~lzG5BIL(lwxqi0NY@?s-lP7PmQcI-7*(S`|(SMWP_ zI_3)nJI&)pNP*8doflF3{`S9IpA;1~f zVy3IO?&-547K$BUE4vq|M%G56IAGl3_d;Ze<6sN<7xV4^m>x_LJ_@59?4?fin$em( zwv>bM3W4K~9bJ6DAVSwbNzav+FqHWp7|}}|@9ckA#MmXT9)7cxw zI&ifTO~|MqI-B5;0TtA!d8UZ}Eyv6yxD(NWIxG$ghx8L+cKA4s6;zz#{v|C-1dJ?N zqCXPmIc=20L!HgL%Ggj2iHqgyUYpaO28g?sB0!>Ji9b@MEjo@y(jlJDQUaif#)zv5A283|%)}v1K!*%1 z$R>0K{$i;;=w~?Ow_Zs72`5L8bMAseQMyt%2;V#KwXhMB%;n-|ASJVZE?v(L*2XU} zY;`D_+TmF`VJ`9yj!y1=W#U=J)y9|;6eRpsInFw=(|*0nVi>IR{;&T#Ls0U9Gk`WN zp25zg$%vw!48d-jg|Qke{4hWmNVLo;B}vk3M-~OsuGs20Z+b~Idb4E=w^BHrM_wpF z1d#VK8f`XHE;WT(q_3ja-8n)eF719~H5ymVe&9;|9cf3NIY^GKo&z zKLzpLZo=uX!W{F36}*5MVUPlqbE?P#OCwooP*b-SC zoO!1%mxv0vJ;rlEgJ6XI|6w4b@;DKpC5ci*(ZA^{ME|9lc+AqK+#&Z7_L_cVB}MuV zfxP4N#HcGc;RzALV(pKv3MIFfXuz*`B3J*(sQ}bSEdV2nbalkYF7#Ry?>(dDye?qu z4Fd&F1xuy(K~7OF3qkcR#oUOIT3zBoX4E+NeB6rdd*Xq{=!gk6^Kt2HITz%rMrNvj zsNg{0to|P?)ymqQ{(tu@Y~D;COj(xDI};6DK}t(1)DcWQoQmNZ#fL1h-O1t~X$`m& zD&|+GLtk!si`y7L&zo}$?_IDKC$Tw;P?;?^Ns2s03!@A3G9~3}m0+|Br(qYl9b`{t zs-mcvc{K0&rr(k4~#&H=4$(*JIP#v97-` zyeJ%R)${_|C0Ip_DXFb6&l0Bff}-3cWEK;c4XUxYkCm|9h!=a@1nbin#P*=PL8 zhRkO;X&EWzJH|JJ6=A{m!4pEa$U41WR0TNa%{gJYCT z#T!xa>O%CtN|T2QUbZO^%!M5!9G2Eo)KJEKIER4*@#LJ^cyOLyZ)D}cVk1D?l#(l@ zF4l>FzrSt^qv@%9t~RT!WEDuw9CKVQgr2L8|1{+J%hI`q^+-j!`gNYdrli@0S@dyp zNH7)aPZNr@MnLWgyAG6u-AaCra6b)yjWY^*Ya@^Zh7ssv-w7i zl9CJk%~!m_tJs!}Z&R>MM!u;{FA@xV=Q|YvU=ti75$w@Mzb0s7^uK2$Vp2$QNKu@l z!UclWMJxik^>X@gHeRl`5ZHm1+IXZte*B&>r(kfybU3BvQNOqv(msJ%oE{CoNgjMX z24C>dCiQO}gqZ-*23vllGU9DhIAasEY}}XeK-S(S?YQW4dUATC1~5`7Ib5p3qHqaK z7>gU@Ok(m~O^SSS$^gleVoS0TUXAaG@YnI`FJ_88_bijK5!%dU*p?qqsW)m)1HOSB zezzJBBApxSpC2$Dy+DMEU!pxm!um>1R_FNLS~IplqyMPNUE5a>8XDS{q*sviXYewp zBeG-@biUB~2yEWof$Qu!Nz5YgO2h?BH*OzqVT0wKpl>7{`aP&(|#}%K&z!|N3b@e~*bOP=66D8KrL| zBb?appVtD*MV~$`(z|O_%i}tU!ZY4{Xt2YsPT@?WAE9n3PoLig(lL9+L!m3a-_G!b z(vab`#=9bc$CEez3^2kyRxXH1V5~wa(7xUfITN6nuu|tB%lnJ^?y85qE#@Fb1jS!p zxkypP#qKO!D4&cFPshimlLxE3h{g1}>RVF;$1sKDUtQS|8T1fO1FnOhZ%{7o0b${v z-GSU(f3zYH6{lMXTEcH0zwHZ>si+Dm9MlEO-)5@(tX?QRC9skkwkLH_qgP?hp{AF) zr#dL>d0WeAbhuI=8iUxk@9;2_d1M48O66+C;Hhza-eU{U}ZpMwv1J9OuPzIkTd^Q548RC`$P+ zYPL$`Ze}`WmFoD??)?=A5{17PGyd|@JW!K&BW#0p^M5XU(cXd`yfpRg=E3{5Lrw(u zKINK!n!7iS%Fx0=;KsqTNmQT(g==%X!V{X0zc)dHMe;D-(fdF!l3(JbvG@0^Hm6~n zT5w~60St`a32p=Cz@Tfc!kh+;IS_N~Ay2>2N9`WeMw>cYQ{ zo%Ipnta;#fdYb%;u03c^l<5XJbLy8p zhWgzhL~u(KpDW*-1f#9=Dnr`$MihFG*q7%H;e{v&<=gAZP9zBNf`wMr6y+{aUn`mT z+!W1Oy=IV(X!%9@5QvFk6IA>4BsQVz3tJ|J4;6+doUxWd64Bqn08T>J(qWV}oKgJA zXDbS+ed(LdYVR77e6>Y#W>F)aQ~mY1zAD6)mNVF*FVHVXuv799?jyh23AMcwxKIln zqj10TFlSEkCQG9Gi;-LM=OleS2N#vf{C89X7V~fg>OKUwASYiV^A1-}d*btk5X#a) za23MyBO65c1@3RaIcRNAZ4H!E?0k-3ODsARn}-lPii|a=f_$SSUhH!+feP4L5UFW+ ztj>Q(w)U6U`5pI7!EZ^Ykzk|5A7Kos3A5 zSa`7}R{`kNciY>f*W#5_>g=;8pl1tgcBrNUy0_V+_ph3NM!f{W&Iwc*K3AQ(3k@NA z0=KcSmfK6NZPsgkOfsgGhaWBZs_mDTvH#V#LZuNpA~QE^Pvax`iEdZ0|4!3SL7OQO zy`18%#BuDS{LggisPq8lWl+UpvTb`40Tn%EHBAAD{6{2eAGoXqlO))yZ&31NPJ6nT zl&;pDi|Kyw&0?7F1ZKs5jpZ1l@zR{gm6#YXTf#?k<~x@|7w9-vBcF0$)_yhVfvUq# z884{y-9n9ep#KHmqS z>?>ePlm4IrqsO0_K5hIfU{$(j9AC&KMOc$w0*Z63fR)bwN7`-#-&dr3UsZGdYn!~~ zRK~t)H3%bWXBRA$0gF#LxP03mDfK6c^edr`DOzYcYXG-wa!S{FQ6^ig>if4jjC9+( zfXSPWCh4coJ#(^PToJUm;s{eV4M|tc4FvMf@o&MBVA)`GV1zqO;5yL4geuUpdR-v*;|9 z^zkmP@uCI$ny8)*<3kV9hrgpcJX{UVS6i|K)@d+x{o5M8~;bg z>1jTx4l!ls-IWc_G%7m2#TqFl)I{{=UlfCU_p5ZFl??n$ZUe7VA>O`a@|owTY_8l7 zVPzpS?2zq z3WWFMpZS6Qpr*z;>&&fu#jgbxX9hq7xyvgcK@QDBPvV1-#oJDwC?9C$2F&7aj;d*Z zel~S$p1*rMed-Ne>ZxoZJ-_`DQI zvqt^ILJUg}wXBm*2fqOm1@zfVax|%^QX^yZTO*rZ%&SyZ~dJq|2X>E0RYm~^Y zAm4LmV{cl%<rW7M=RKeOxAzuoO$ zpx!90yp6alY;@-yp=R>Z{)5VO_A|rV=9!g5CwyFReW&FhM3IcAoZvw%qe(*Qx?(P5 z9z zZvLa^uZk*2n24z94QvEW^eG%XTm?I;3$erqF)dI7wT;Myhdc>gSJ7!fBRULY9TNm^ zi)}v3XaDt3V!(isid*0ZH>t9;SOwSr^zC>s zwzG98d^dL6FW(<8I=`c|n)-1@#}pvX=OHOn@->2leXrNIhGRHTrdN(?dga~)o7v3o z3$mu3$FijpE(d1@V>Mk8?<;8;#J0#HOFQPE^QgZ!Z#MwUK-<7X!EX>-r^t>J)H|zI z!x$aTbl6CtNy=kdOyDJy%q0PaG6)PR5w}-|}Ac5+ob66$JwvPhGCixzB>y+^r z6U%$*<%pM7C|@h=0vGKK;J1UaX6sknP3!WPONk(EM!fk|MK;z9L**4>fZpA`=b)Yk zg-4FWygu(Qd}f6&sd`;WyUJDtzN!5upl@ww=j%VvXIF67Kq9cG#S;uilOF0wfp%XqP)pwZi~x+^1k_zrm_#m4PMNpfzxAX*gxm!fH>zarKyCe)vRO=tfNV7c z)NFUlLdR#OL!-%v?en+lJ94yO>+7yIz z95ej`=X$=a5KVO|uhB$ro?Fhgrp2gN6Y4-K`#Z}3t~-LSJmEw6#mD_q`BnIfDau0s zI*YZboTbk4Z_C_GRk3sQiv>7GUqg|AXIeY!Le_AcizuL9@X2Rd$$G;BnHt&4bNw{UZ zzyrSBNs^X3eIrpF3G7+^>Wi{TsKK^7bB{rL_(cK@u-)NPClF!u%j1@bvF=@s<;wk! zKlwx@NMz!o!N7un{_D-%Pi^aGroJ!GxPDT*-c;D6v~j ze%x%^@W?d3fNZ&69u<3x8mfhLRDSBdJw6%DOLj?ke&mRrSbax>8&#MrY}F)BIp4X3 zvpX%bro+lLmR~Z#jocHw={-i(;=`z zJ)K{pD}BUyhr}QgCw^>{V~}``D}h;rF_V?Zc!O=bG#<~%sBIqZxv(mYt490l#i4~k z;DPNc9qs952bRXF)onzq+E9@HFz>AekA}f7%B2wd#em%k=Lk6$Vr=Pa`4WRH!<{Xh=sF3(j7D-wn;}Fyv_<4MM$8{M@jq>9 z?()mVg3c+O&kXV_&@f~>OQ4lex`|d0^CW1MpK%A&(6X_04Dyb*$^q4698|quFMmEy zmjO^v{ZkdY;hL-Bu2(J&e$ur4I&OU-AO<#R>}j=AHvcL_&&5f;b0NU+j0;t)>sCj;;1@EJ2>gjGtF7!UB zGlIj1VD81{wwhG~?TfwpIInAkHuCxg-H4AcJ~sWip7HMF&zr*8G_$3~mGmR-wEPfQ zC;JRDrbW-Vvxcy*<;m_p2%s3KZ1w#fbr=Y(kU6owa_Aw{b65)J`0QMA{Q34gK5OQC zfC^FU!$@Jq1$XC{BzYlLFKV@zqR)RzjCtl)GI)VhKk@vM%%8zsy~d-Wk)}BQceG~n z(pJ_)ADOd!g4aCrot!uZ0ry__?R|25WHmQ_*TH=!{uGDSHJr8MPA7sTb<9$2H2F|f z!`lPyUIoSVvB{RnGamF)qVw@i`07&Yu7~ug`5A0?%`Oi7@5WHnYQS9C!BrbdSmg)U zl^yh~hW1bC?swQ%WHjXvjw9K#IIQBVcnWcI7O7iSRQMIO|3Jn1V>2pL##onIrcFK3 z#vD~m8|69&ze`}-$<$Gef~FaPos z`Wl5;*X`|Uz`FmH#TN~zH)1(JJtR_)N4EfGyQVR~fkPegpDS&FT2bOV2bCu^l>@=I z?cd7zIO@`ju3si+H+)<&BE6BrZ!z_;?$`TJ+`G1=vfIkN0O0k7-7L+f9&wO=WoQe_ zM-*{Hv^Ns{gd75xLH71@=@Zmk4fgQA?*aC0JG=tJyRQ1SH9>#~t9)RO#(Rq`2yPK5 zPd;O0FSh6DzFVVrv}60e6W`nuk_dwS65D4HaJEV!9imq%=RQu2`4yYuk&*~0$dqk3 z(GX)!EC{_svV%_F$jCR_piqn^#IacA$2)Z(Ibz_ z`Ia?4y?d~PkQ%)^TDaVq98scs9o00X!U=igh)ey~uI5=$T>o&7j_DZx>I!l4QA8)vbq7uK-rmr$N`CD}e^S)d)>r&`NGP61%rAd%vjzHNoK>zj)qEVgI1pFLP zHTwJ<)HPq$X?GPhZJVq1BvMK@Vxo9*?t@|I6XCiW7KXlW=;B zHVtwusfvJZE_#aG<~P8!}&#FT*6qg z4q_=GA)SS;YH@Idz6p11!9ZT`E*2k`0JVy^&X=`@Eub~VF zx*+7gf6iQmVaMB1Y&;9%C^mVwJIsKo``E$wGvR9=s>N$FBHO*{8^iT&hAv^QWR`!f z0!UmxQpZ+q(-AoP*@>tt%>QmYXo@kB$ym#zt_xZ&mkWOlS<65t%Ffz9;gOXgsuUJI zawEvvZ)BOLQh$f`mZqejicM5vmxQ!J@6=7x{^^)4JN_zKCF&%7VkQX*eksw`NhmAl zMXML|eqk1w|KhmUXceDMBLCi8)>$Ok2w{amBN@jEJjP}v|lsgnG{m~vw0_C>+J*v;t&1k^sb z8*Sej%>6FbML}o^hP8G)gmHYFxG?Ht#y)3k(`9N&^^Q4RM^#zrs5+@wbx*C{sgKxa zq;6B2v(Du%Mz>0qcg6Yo@QCdE6^P-25y!ebZ9epCwXK?0z&rwI0uf6hsJiOmb5yL6zo9=qWwLPd>n~MM-Rt@kmUw1<+D(@0R#e#=*LaJE=G|&f-Awpp=UOIG z(hnl7-7jrgw-{K3Y5qBriR)oo_$EV++>Eg1?yn^`AN19>bW%*`;hQjypda!TFvUs- z1Q30}c^pe50S#HH09OVA)<8X;vm3`CpZJnPP;nT^3S9vvwu8MmKE0d8H z{H^U~%b9huE0EHAS6!%5loqkJ0<@S4$wJgRif*<1qJ=c_2{x zvgXMqa}lV2PXwL#3wqoM&tUHRmM`lOVQggeA-_Hg#2;~xm%gUL9)>utHM*PKo6Zfc zx;W&nu|9}=f#>))6cQ!&lFWau&8$TP2Nu@q=h@{$^1KYvm^v-dDRc_LQSKM9B z(A%4;wt*bGBnH9WcV5|no8K?lqwCDWEm`y1Sss6~%%=rB=+Y)j@Y6 z_s*60%Rc{fr85&t3eWaGDv?+ZL+fsuqn&RnhEH*K$(`d_3G}8MavU17EnCw6?M=rq z5Uoc&Jtu}0xI89$v~b|{=f)HHeE!tY)5!m402!Y@+jp8#U}I!$t4|fGzVRAi+5quo z8TKm3Sn-A5Lv~+_V{%y6r;DoFl0$QOqAuHdYHDhF)`nR$I=d(_+o`~IbKApC_iBhO zKU8^zhq_nJT41`8G6hZ7PfqN??F_M;E9ZN8Fmcw0iT6Z;eX3Uekp)j0Y{CkZ7WA4X zu(RQ##qOB)lW`t|R`J|(;r`rmw<9j#nF?|lFi;7^Vz-A7RwE}=Pn59^?rwgsUgscM zVxcskr%`1vAuvpr%`lFen(VEkgs&tQ5SrfjmdjH^^H;FD0sWQ73NRCY@YBA{CH6S? zTrrM5*Q(|C!cS8*^Z=w!=DI$$z06@P`krJUQsOQB6q8eU_l#d4Dv45+v8pfTZd|EZ z8NPJ3fHVCkb?^fYJ9&LEXXcl~l)s*Jow6UZ_QZuJ!yPEZNs;WzGL+aj9|&mGI|jkS ze=_~I`!VLX5z8x?0(0%$-o^!p&7L26SRq&jpb3i@3~_B`9OD4|+r$alpu zpv$w*GQk=usa^M9!1?vKw2QEOBsG3fJ{hJ<&Rx0;g}^u;BJ%nXOynhMef39rmjj!e z^tn;ip0VsJi_&p4^bNA5^LwVgJYEO(AK^7g{=WHKHi)|H70aO2Xm zmS8RiY3re`%W_-CR5C6SJty&KItr?i-^Sr$_q$m zS<+mGM2w`m3<+J#<$^yA`i)0x{{m;7&*;!s!${%@PURdKQh_3`WMu6-Q%^1Z8Zt-P z(An(MGS$9oE+2Y$^?@%}6ZpAZ<{BzaU@Uu3XTlaLP)EUlTjU~I#?a4_9X29i2`B-l zsL~OZ8Q988+|?H@3fP%myC^y?-ut{axcKlR{mOuT07lZ3&;m|l7_bYQvD*@;H0=@e z*l_vo&VC(3iGC!j@rI_-sc^bTK!YVVvasK4?Cnn$Yr2+gKcb%Zm2P?XpI}4Xf<2LL z)885EL8K2pMW28cfYVFpHHZ+Wl8b$@{p5ZVw1Nc@FdNdD0!^a(#h9Fzni4i-%ivhv zU|_vWf9~>1Nca^&!snLuwu(@u3PdNCb&61B_Dr9fva^Gk`);QRQUjb(S8fSC8rBDb z&*2Mi@p*0hEO!Dj8oft+1w@V*LBLvkeDtgih2gj6PolQMY`c@bT(ovcjuFW3td~_0 zXej@RRW!_c#o1QU&MW?7PDF#X$^JAaeJb-QK^bH*j)=+egxKy!lia@GNJeGhRot*h z6hpOFV=X@v0s|d!%N#a|M}=~n?PC`drd|@?clG5Vw|3V$)C>kKB^H@pY7dnM&n|)@ zXNtG06}gzl;>VJ}mpXJw2EU^P6i}D@TPfMPRox&5P3JKWxfyd2dk}vhOdVEE`fdRy zsbLz8rhF*XT-$e%Y(lIF^`y%!^a9@#DibkT7&Vy4u&eFFK{Ges_gvGU_jmZ8P3nCz zbH%qByEb!sN?)~Hq4pj1{qVuS@)HbR= z%Go6nSeyhM1$I1Y&?@YCZb_PbU2Jpbb&SqB#gx7}hYUf^@2&l9M|3j)MWK^!(D;Yc z<(TCfBDU$3q(M88FykIBXIQ%5`t7qisSZo1)8dxS%q5UYN%nT3Cdf(cXn~<`=cd8? zlN88C)m8{J5(H@swY-6#1$GjFXj{S&Z=j)cUsT2BH;^sI!(%z6fwG`H%m zM+4YHanvKft-HnvwM)~q#Ue(%atWolP7_(R*3)C;E++rj?!8J6)Efd+yg25*`*T%* zXer8^N%gQnD?1G5pe>-NV+BZf@ZS3kz~nLP&IIpseX0M*95J{Y;M5<)KG6BF-JCEf zX4J*49n*4YcXAp<(n0pQnf=doey2K%gKqC3D$HCy=vQ|rwEUNn!yUR!Op1)mQU;9} z1k!LgvN3ckc^_rGaPkhJy35YVs5aE@EM=Lj8QJ(@$k?Lo5wou?8sewd-}0ac#>riL z>_jPX%OqA{UU{Stt+Y7EB7V5mj6@6ukrDh2q{6J0@*kWcGjvLA4NHUM2wOirJ;{yv zCHZ*Ht~iT>ybvL>h^4=t2e9g1Q)t$g43$GPFP&?{IEKP{Q2|oo>>F ziSbp;1eH&%zCeIM^nS4gwva|(^D3>G32?FxLJl_7VAJKh!tXnJmX5IfuOW-xmmA37Zs*{ZfLjKo}P{!5o`0pHu%eA zETRw0a5ZYi?gH|;%=SMAReoNe8Ox&{Rd5L3*H_T>mDXWTSAZu2NDzFZ#{r%ZH<~&JnEoB$`)l;% zX%&UuGKQoBU!5xj(G(JN{oi_hWeAc>198{ZIamhX=YscMkt#ECPilO5zU<+5Tr;b} z@K;tROI_ZqHIobRy|z?__KN3lx)U|Cis_G+-@HgrXV0A{e=jJl)m5vzP%57|N&m@aWH!YTvtjscPn>13w61UyO*!lK&80vo% zo;*0e2~c_XJD#PZH9xASQ~oQHtbN2m{B0O195F?Cey*@>%d@ARcBat-fZ4nM+2aRn z@LdJX-vb<VMgj{n{UI8MB@d}iQ9nXw@$M>LZ(Ux-1V>3_~?Y_5& zW(`Rq_Yb z)T>I2m-!3Vn&pBop*Fwm+6ghK+RH@R1-dxK7sZ`SE9b?NvJ>=KSrftNgq=e zVXdaEfcu;*2eL9z$<*I~=L-~T$N>R1ogH4rag}&Uk!pF-bxLx9vAQtHNCUFgu*$d< z+&5pMnuy=OX{fN+$g%-OG8M_VH_iyJtG=J&HRtYKhWV3hdL8~nan(w)qfR0(=Wq72 zhoTd>bzIghZDmiN#U635PF3|4la4kipKccVOOB03bYChcYcL;8eI~!ixZ%2v)rPci zU33r*7&1{+kX1GR(m1u((VwJjV8NB1m{r?C_@pwZm3xIH5K^4C$c&L0d?~Pt8%o^~ zNm*J66vFY7l*LnTAUQ_QWK5&fsJ4%RM265WILpAD)w+hSL(1%S0O~yJv?%xMI?|}p zOowYU=rfO6MjjtAs?Y4pD>BgYG=buc@4^UL2t>^G`99_R>fXQ8(B@%elO~)D-&B>cNN0 z4xh60C6h8E;2MjWKh0eCs5C_GQ{z)@iKA5cXHkqAFL_;Iw+E8P%CW5<<-jZ^iiDMf z@4&ovYNwD~^pevS)I&nKM}a>bgLnf`(V%#$dD&5!lTP_dA&QgD{jr^)wv2cSRr6!? z{>$XQfB`5r5#LV=oqtH@R^JV6CX3F}lk`35elT;l?0N+9(>NLWO?G(gDw_5X<%l&4 zhsOtLYa3cA_86%!A6}~~2Fz=Wo9WSL+`WwzT+g0uVTtYJH@GJWIbJV-igQzDKv)Tl zS`Uy$hoGjFsu#fHQ}b&s>ET*BXk|ZnN@JzChVdfzyU2Hp!gTe9E$mT4Kp`RBuqQNTdOFi(HkD=qvd2`1UpUjV({nJmZ zKi-F9q^MfY^eJOq%l5n-HAe;f95~v);B<>5Qd+j#Ycsk4iAYc^_6n>kKee_wvqhUX zw%}esY(l-!FCYi7m(X88t!L{I2<^`A2hg!Apyw96I5}a!+1c@-ZnIVQ>sjq7y>Ets zYBF(5RX$Gkwhbde&uH!NdO#5R4D=mH$<1P-YcSZ(QF3iN>MpRQU{d(AY*nWvt;CK+ zNk^4c*BiuLze&&58}tcyHf|vTHFUJJY=LLMZLYnFywulR$|ao(%&u&uE2^!!d9r2e zMC2wq5I0d26Nw5_A@a!N69ZN#ir~hL+uDpIznT3fze&WVOurdXx6pSy7sJX3@|H5x zNrO?R8|W|27bghx-Fjc;mQt7DPEjtJN@|}qL|uEnOlkmYl?q0LP`BVV=>89?wOEB5f9kzuVbg8EocW)bDcS|vAZrBrDGj-0{ykD zetQg6nE%Dd4b$htcFBwn?UR9>+}h?MT`YFjdaZFA z8rZY~w_pSXO0z*8;1Eph?q46Ivx!`P|%)i z9fL^d&|zj8+^_-9X+P-WavFQmk`FAw%Xe3QGY-aB8Q=$mFb9bhl<85hWr}P>4s%uZ z)D=}$NbsNWv4e55U5!(3{3{L72g*JW}yr?&*x4K#gdJK{dsmz zP|d4X_(M%UnsrFO5jt3AhfmY6lPlgM$tzwD%#utBxdnEP5OrQfk6Dep zJ=DkKgs86ylk3sk(=9b=Z}IE$Z?48O2qJn6c0fQ|6h^xd^z7MT z@xHUo1$;NjLA?U$kjF~%3|DI;(O!$;P_C zr0CuJ>{;2mCQh9JJ^6O{ZhV5sbJ{<98UZ`*q|;S%Tprc^&?_fS8FI>3B(sLY;=OG! z-te5X@}G|wvN^*-e5;|tHg2i0QV(#P8&gM6yjBB3{PYEZ)AvbW*e!&NTaXTaPpAn#h8VKJJ9gw%q`AgJrdG&=UYrt|{V^9moQ9P1 z3^1?3B&zt{f$s05ipjOK`beT{i_$H|XVm3~G_a__nJICEET-U3UiqdvdE&c4-`pqf zLWb&YCe?SGzOWmj;cKgy3Eik?d*9A0^4T>%L5S;qyw!L%{C@zCKybe{miq+s_6n~g zl`w71X7Tkjfw$Kr^wmOc)HGN?x{v({c}F9{Qdx&~pM{M7fc?ucXK5Ui2_-KBE3T;> z?5baj(+=pyRyy{;pxs+s*g z{r|4_e8;`YSJCxFo2vu<+JtS;Y!;w$3?TDRn=cuVT=Rl`#?=5dnHc>GQ; z{obr^)g@S=GT6!nsClI(5=n+6xsj!XhRo-tzHDsq$gz#d>2RisKiu;$y&QO!q|Ra_G1BEkGJq;U<87|}31RvaIu zTJhxFUJLbl&swPW?73pfy=N8Ptt8MHYhU%^wx^rxt8L@?Zlxi^Y0BxFi)$75_Av|7 zD6ZK+A$o2Jgp->DV0zj^ZG^AJPbtTeJdIgE&iy1k7sO|AAkHO|IQ$T?fPDY2CJjRJ zujcLh{pgRKogMU@qSoq!%kjytC>3~2(9``$VQ;5ij1e>*heSwR+Ms|*xJ&0* zdFeoj<(3XpqilXZd)3rTk>ye=EgPux*04c8vNTM2Czx|WmBwu0DKE{K)itt*J_ zZ3VHdAhs36zD_|*q>&cE^tDvyZ%A}>g=wgII=`4oB0k*ibn1$|Q*v5Xlc7#WnkGmblhC*s#2IxRuwo^4eBj`}*XyOb8og89UDf{maT}0lA_+ z`5*uLUro-K9Ep!VVIBljT#*90PU}$r?Gs6!dFIxw^l9onl=L~{^H%&spQrd4vzR=D>^WDgd^q8=&aYxw zw~FV>$ey*5XRo&vJ--Ig6Vlp?g#zgARsj9B1kfI8qo;Q}x>Yis5*07g3vvz>l|Yh; za~y`u#{ej_1*G@kwmjai#gaHflKWMZm+H#WTV+XYrMIp0ww2!8k6)YgR(`jp^w!@> zZ(HeYE4_WC(wj&lw2t`oMaorhNWB%Twu04GuyWzZ1S>GoZzZe3yIDSTcbBZ5Zw0Hb zL9kjVQuXgHQdO#MMXE1Cq?+dyx7^w1Qa*S~HT9LqY+G9x+KOy7_}YqWTaj&!$W}C8 zt#1wMZiTjQLTKB%(S375+X6e75yNa~!&f3!ZB1di-d3*K%2f^=Te-@-n<-b-#V4#G zSM6@)s;ykLm8-r+xoXWofYye?6TT9`ZEFuhTe+!?cb&W*~)EO zxos=AeZ`X2)F0=W8iO2+2SftreE6FRCD-Iq@Rn_V;Tq0ApKCqX@j6pUB)AIluit?WbN zfL_rc#Rd7|wpLDp8xM+r-QXKqvzc9_{-s{r4u4(ie+43NofH2iMBx5b1V&pC_;VG3yIu4hS~9n5 zA%Rz|6Z=*&&QZD?Ml)%6F>be#v-x(vlJlGdy<3_2)5y%9tE9P=m$&lrH!CmKdirfb zVBTF$U{;iNB;M8CuV{-rpiIr_cp}ec?yg&zdnc&nk@pN6s^k@Hqdc@Qndah0r$;a85eDjSQrovOm79{ zpjUTKNhOwgrbo%M+1dfY0gcDCQYl~rkgOJ2)GAm~ zy}@6PnZ;5QLG#fgbacT|iB56sPY6eESWG43G#>ve{#RUmi>N>t{Y1hD`4h|~3KYv= z2?>-yWXsD5ma1gJt_jzl-sjc^^h-iGmW==LbRuOU2A$5B%1L_R`7G)rS-CbdSrnx)mDA3Igi#wtC_0i8(upvQ zJLW}g+dD2+RB4H6tjDe(bB3Sw;wc>eFhzzyTTsxVH3`{NpdUFN;TR(vvUn_LKoCZP zNW@0jryyHn$WJ+zd7ot@ERF9{y&aTr_9yWr0Q`z^6fsT^jrBfBS*-9sVb?WegaSGm z5iZb(vrjTDEtG@=3xcjFxdyZx|8(^B$Cp3<@}n083X$p^*MPU99B@4m5cEz0L^XlE zHw8_fwU8H!>>y4OCRD4_+4#e-3Ka?^Lq0IFl#?2KR)_Q677Cc}0A!#5h}4%1tgF6v z(;;zZ2cRiSm{$6XFux4gbv#?_t+jeoE@GLl6)YC~>-P%Ze&eKq9nwU#>FkA3Hz0^3*6>4XjJr<&wcjUb^E~84XjH(yKdGt zlTiN>tUgX-+L~C|p_L-1^s;lSDV7EK=6-4SExVgHcgrt&QStYF>36UEVz*l^QPPC^ zrQf|EpT9p`yeLIE-@4wf1Vy>igL0>3DEfQl7p0hy!=OCQS#Vp*%qOpQV*g@bQ)^yu zb}bwWOiuAXF-Pxfrm(p;Cx2eWzyJ5EH-F_{t}^Q0hgY|a4c~ z(lK0xWc=9uIKez1F$ugWj>0AT=yto^gS|cYZ@1em|9Agz|KM-E-NVEE{oejw_waAs z{_gJH{@+mdp2rSPs&t3Hb=U5zJh(69Q48{Mj3WYec!37rqk#GnHP5?E z0BYarMNCHs#{u#n-copDE$MkA#up(8&{M`M-;`|VWA5eBU{<_b)QFq8ZuU|a+{yZX ze6B!Ma;6J?^SswwreCc|R!5~+llmJc)a=Xybb+Nm>0I?1moyFr=)c%SBO($jZEw&( zNcBEIA3h-OSP4^rDs+3>PE@tFz@`ZFqsvv1daJ|(FxZFzFiM;x3);kS%p?eArb<%@ zo}QR=CX8J+2Pk1ew!tnRhAsUoO~xDtq*}ZkkdR2yPFP5NrOCldk@`L%0SQ{@f{Yj^ zZFuc-0{u2bLVVS?dd zSgD&gGVh(I@sW7T;#0)L=ptt0TaPvv&vP#e5+2|Cd z=>XKn=PmR&hE?a1@vRjX+Xj6W?)HZdQ2sVI1<(kO^;qpZpr$!6FstaClQ9*NPn+m5 zy1i9RWJ@Gu7dZ5kTH?#l%hdpMdpnp@P~vd~h7&lX)Z?F1HOY#(Ehzm7tL62+X$m%5 zs0qVXf0)_DdUn+tGdA^SJ5m3B_*WCBl0~Y(S%Dbdu}c#F%i4x+o4IWS^RZA}wqt0) z;x;RhODm0byItT4`~v$PPUVDg`WLJR@A8@OD9bs8Il($*Az77UtilU;8WJ&Rv=L6| zkDR3m)N7-rlI}Rs7AfL-6KM9yABE=7`zM++Jo%&0B)kvo zB7!262qo|FIOh{P7?6Be8q%GB)U)5C4|tAx`l z8j>*yau<>b6Y?#Q*Nk5lU%oy$F1|Q<{UU#n??w&1IfZ0^p1etgJax9PCk?gN{Y>NZ zrce&b9K}=ko+e31A`(j+=4_!Ox8@=G8CVRlRjkD&~IPsI`H>P{im~wRptM=`rj1} zX@DiMa%9`*D=B{FS)l**4!V0K{jYbpzt#U9A!CsoAw|vjEXk z^6#t&46OhOC;v_DT^9sY|W}LPt=4Vb^v^s3dtFg%m z75bwG%VFUd-5;NF{nzk+Z$iR|j$_8jX8Ksb|GNj>ev$w8_WQlVE&qRr=Mg%=QW72u zBpK4Pj;<#pMi(g!l?sIt>|f$B5nkgFdZ*}IiHeL%fy9J_AyNuHijP4olvIaU3^f%0|!-@9!P>{h11hQlTXsq9iEAdO=qOyt$H-60f{${>)y1MvS8&za+;jmYjtl;cv8b zKWxGKGk-z?C7+t#C!F0(hb=uSeo0nM=&&Gw@zYSWIFm zU~i!@I{oKM++4!ri`}4i$s19iaN)ju1wr zUg}})SU6R~bK!(aM?o~Rm!lvmpwhf6pwqlt52dD&1>o{a(w{Zu{qmgm%ah(;4@A|1 z3*Spvq=i-D<$sklFaGK}HM_i;;FyhouA{DlLZsHyDEAF;q*~EOk$dN;-+D zS{^+0rI^JG3^8S_07Rmk891VuYG4?b;Ts}wFSP^5@f5)^9SKlTe?*LkAlo-h$zA)*Z|;2zO{c#|gA?Pw*815wbMwjyvjV*9LEbToH~#TH{@g`|of!q%ea*)T^K`A$oZMNC*425PrO`V3spw)QGQf~t*yN^}jS zj1H@6M&Nu0Q@e1O$EP4b*P&9k8`4YS!0w?_5|S$%OHEAzT@y|a4h2JL61YBwc4((B zk6yfa=|w@#@Q2GEyANUMIIC)?2|q`jUOsGuhCY@uB<;Mhp(0e5P!i6rC@>(6TXXKJ zc50;kuHWE9*ri3Z_qdL>V@b5TA~yLZHwH zwaXK{W}Wq}2|OaP^pKLrEG9DW+_3<)Ul0;2rOSAMIx>fC$t3|+T3#7s`2;#94;(}^ zR@~WnM*=D>k9J;PQF1-Zz#TgFK{3n)CTI{=Di(r{W5iVf^*a-#z()}KQX{2KP&q!; z2v!0Yj@2w#Kaz{7V#-pnp<(I#8SI&=69CE6_#dLD2I2u4N}iJ8j)z{W#Ve-?^>K(! ze>gf;ZKg>JO<9T}I-W>$trm#}T8R$Tb4M8R1&srRZb9;4Vsxet^m3foWv#Z8G*KKH z9A}3m&O1aMG;}zx{#`IJ3QfDZdj4ss+8nwj)gf?x>~khGXEVE`hhC2sVGfVSTq*Gc ze!gN{p=hWG+ss1CjM*gty`HkFYLb~{sR{AHUSMgbP%m567gO}l^n&o1NFr*9Rc|r1 zG;2Nq=~gJ$d@K?09Vl0+KETQuQazzgHjzFj(oD`UU%x}U@4%*RIGh8RKG_=PtM&7u z`qjvN#i3T0N5ld;nj(Wt)NvW1q*mc{`Cbdz&3npHj@$)cDx20kR7+49&#k4Y{A)c~ z<=^j*vKG*ivs*p{5djJ``c*SoV2D785@I2aAv2SI3WBS}N0riyeATfe=MtI{p{!(~ zn*Oh|U*2XyU_!W{Le>chCi=(n*^J&SRansyK@6Q%aE3LTpCUqsv$qUicQh;0xmEt! zLSjkU#w4NM#w;Lht4a+sNOGwwb0ixY>!9@{6P}Ec5ODAIs!ENjSYy)s0^sB?4Vh ztoB6Cg49?2U=)*UqtpQ@n5C!*+0*Rug&zK?aqk<#z*dqO z5$M;~NKQCQ$4UdyBLhmAz%+~W0uD5u5^wBTVt*oZ!JSNNF5<%sRx%V)AqfPb0T~RR zb)R*I=&8|nhU%r#i-w@==s`}TOopI65}ZYWWiw!0`Gz|!bUmT|B-1ReC&Vl(i+@v8 z(?ZOy5oB{glC^SGXT9*rVYR#XV};C8#+?(pt(aC9~8zgj0wpU6OX5cb|7>@l6cp_2~HZ89MWEEVP}) zhNRfdRdKH(Fa0lep(g}f@kr4OX9sDVVwV(DLE4)qR=}2T?c!h=0OxzV-Dtop3`P(P zLo_V-l?^Q>*Mh`@bCowrn9+*=cHcx<(GA|42Bpmkb zU|@YIhEC7|G^pJqVKp||8GJ=zEeb1|Ml_tyd)=-E?D^sIgE=kWh}is7GY4W;p+5Ce ziy|gI5d!n6wf$Akp`M7WlV4ANMo))o*$q0K4`NJJ2 zdVDmp3t1b*V4qft7VMyr8G5TQb^|DY7o|e#rG7!O;&YK!07+wRCKZ0W_&c_eY=8ud zNYQj@Ww4|L zu~^bLbuGl%!6rC}-02u4HxpS0-J#DoX$P?w4y?waY07@b32o~G5>>+BAo~h6{OpLS zZ7p0g8dL8=BGqSyg3Q~TlF;p~;wUeu(Asek%{c;vbL4}bmQ-pw%G}R(ve6dQwMB!- z5N>c1wD(^`o-gMuCHdN5?n_c3~KxkK{%>K11NB!puyE{+L=mh#kov(k0|GgZx~L= zI33d%hqh&yIqN1+0po&9@D{<<}rIAGi3M?OVXxdrbK)6f* z-9YP*oTPB#tAWbEG4g^Lf`dh8bFD++OxhooVmXJ#g2sYjX0Iupcv$KjerUSko{%Ad zr=;0J%`CdcWRUMRZ?(wFNfKh;J?#V=X(Eze1vyHRBOWQK*>$0*lsw8Kc)$N}J1p49 z>eNonLS3U4tJQwAUKcPT;CR_8P-n#VSp>&R7C<+MSapALb|O6VD_HE*R))iCJXM`B zr6Nma4huDBaqH?cWye^na1TP?*@V(KY-WL;En?(hwOUC6j46Z& z?QPCU!igZU)S6aivxDVsj)*TDTjRx4vy-Qa4-I7!D(NxjJ=pI3#^V5}A0S8nee~w% zY?Lzz)G?wI9U*XgH-zd2z9IV}1c+^W8$1I*kEETp|zGb?( zmnz;V7B;1DDq&Hp^9X1A0Sr}vLv7QpVP9biHW?GLi;NUu^m^M!W(7yTzBVi{2RI)w zi52zQHnlwjbE5DwQPb$Vd800$33PPw8flNM7P?3!ut-I=9Xq|od=D!o+nlK8rAdf^ zDS`Oy4hm@K8XF5vwv4O~h64?FF@sG9%sj)lEFdS0%b_(X?A(DE0@qxYANs3lvG_FT zwQWq4){)>b@$TaPS?B-z%iDLSuYdUU-RrlTaRFWw|JCnz%l`knz1^+i2j;{7cOpApjtvF;!qH zxg=D(yc&e?IZd>=)Hr|GVt_Ztqp@&ys#%jh*~tutPGKz(YR9|4L;r2~qS~0Pk=x-q zpv#*`PlY9zD1$05AIgYjZxu9fU<+8BQHI9gCagpTUF76c+fWj0B(M-Xeb7@a;i+H4 zolhJM@$Ee|{68cAP4zLK|L^zu2fcFq$L{`?|3Ap{2-PyrM&q?s)I@EXPP9}~%$dnL zTX1Y1hL*dI9M>+T!qX8EQnb)}Bjf0fR6jx0ZmbBfrW`;=kDyE^n{-YG zK{=G20$=QK;xiu5czh0Rb#@esy?}(NV66$5pF+9>ogFg{Ty}1C1A+wvNN7|LMB<<= zS)0UxJ7lZ6IUeoMg)^X8L)mexBAZWO+i0AbJ#ll1S~Yuty&@nI(@>byqWKQis!Xl+ z4)Gd|^S4ZrL3Y}}CA!97Wse9Cr(k}o4}&pguNItRa-s`@X`5^7iK@=YCebM)Cx==AuX9|bLR)-TO!Cos=OAjGZ~{7ppi&86ZI?cJUa$LiO%gv4 ziIwIf8f~qw_Pt*J@961kYaWA_|Dj&*wa|Md(p(TFBaFat_66vAn6oqv{&@OG6>g8z z94M;PHmLUT=?k&513>*qBswJtL$BizYcz(#q0eH$LehXeTM0d&veae5MOA{$KYE60 zD036$mRi-ZTUk50jAs*Ox|m7S4M^8CCDMyF?CFTiJ2?a8O$~sa`i<^sIKFZ|fB`c6Y~8U$)HLbkwHM zPNVUTSsQO25lM+afsW~MLs+z)^gc>MNt2Kub5tSzc>2h`Yuk60fC}`Jhg>csp}go4 zRFqk;msp*dA-c4RoJFUDxsgtdh}!KW<>T_A(<|wnR(>OPMFg^8knZ-Lt7cdT=2Ng_ zWk)`mzP0ac2oHwx6}-c6%nBi*0dQ;$i01B2xl>UB2OVZObc zfdNM!LyDI-lJFRZ*`ZRZPnBjA*Qb^xx15kjYjAf@a?Bwd$P_xP6@FimY56!O@2ozo zlZ_mDGJR9%a+K<$1ryProg=RZsu9$Yb(+liBDmc^`SL-IW?W(!=-eqf)Km0KP0QSWK*&U3!CS_++GyAGS_)zIi-p$YwoJMTjoz%=!htzz zw?~Zoq1^=+k8+PDX_y++)0l=kw*wQDp>PyMDQE$j94+cJ zuE6y>^2TA& zdV6pdh8Nhs%-n`e`9h%zW!NJf#Q|ANK)g71Ij6P)y+4NJCiJf?3ka;IA9OCX*I6#K z8S(&lWOu+uaSpP+aWiXsS95)ARwqSI;8oP1kW^F*Nct}^w<(?{-4Ee<)GmKlv< z6gBr0l_up~!6#AMN)$B0j?lW6I@ez1tv$&#>CEK`z#cRjAJGZsI8wxiKB5;y8#Wc2 zQ@^wZ@Uig`wbg^nf7``hP@v>|{ZaAfD}6;2h#Mtm471G^!WJC=bU3MsaRl-qgd5m& z4D~s5(8po3dcM&dW{{OUoIj$>fq15y>_;?g&hmn84)vhthfRJ&$C~$AT?(8m3PI1+ z{6aH>;*U>7%L!1_)>0cI`_V*Z&I2op$$rOdJeiJ9{fLgTaP8TkLLj&OeECcizZL zb2j~mtY3dkN=*l&v-$%^{$-{l0oR+4I;@Ln_qf@!0eGy&B)|p?-gj;+(?=7QR0d;t zxA%|ewa(vD`DmlAoor!F4i~+e3prl&4k)y&##7QNq~obp(7t?d?hsJnvnv8AfC@#0 zyB^$xG1as?8XYFz5#XcXPinkwYurkmCC)fVmuk6iIvx{_F#3~SfUAkBh*Iqv;g*q;a z%^CU=;kZ11M8nskw@jXBU&n>OJEF2IaiE%zp0X zZbTlO=W=t86e{W5>ce5O@RU+Uzw%mi(+RE#L>51@Lf?SnHT%`>ugmxOQu@K&yCl*N zmhCJ{leoqRcZCV)$~t{&ucU#pGv>clniDPTR`IoiN~shpW0;Xd@m?vmoG@_)Q1?o? zOTut36ue~Lo2BHrooYqqoLW{c8D*62pPhcz$lAhMiggo4yKsU5!JvWt z2_;wBBeMm*Cawk8bd!0DWO97L#O~P4;{ailV9GNY#*$#7WIZr7#OSA^qF4i2077k9 zVIZ10XO%J0<5hB&5t;yUdr(|Ro;%~9Seo3Y5=-(%PfIqrCKb&~bF`gLIw%;W8wH1M zbRL+ferNo$eFUB?dVK$k*>#Lw3z2H?-$>dnft&%tL+sQFX2m!2I5P40A(fz7^U;p3#^ZyEa)r^@*K@toOV+J@q znL&2THF{kz=PHrKms%DuH6V1tgbtagkQxnC+mJ_;lWVZ3z}bc)J7i7gfhFZZDEcyI zJrTjNO(^QXryY+8x+WJ8(wEVgP4}oKrG#FS1}YWO!6}YidszYMLj1Cx<-!b>;J2V8 zEbz2xPc3pza4_@Ya1)(T!j%=Ssy!;&&RD^F^}TrewI8xH@WwD(AVKDq>o$qUG$!UC zm0hlpmBE%`mdL2zz?(JqQRjmA+3$Apqzk#O3|LSpQag%e1|E=3{TSI$uE>6C{9 zxEzDUziUKgtM+?m37T_e@E>#HJdaOb2#r%?*>jGEtjpRS`g?&y@D-zh)zL&sJoJ-| zK{Nq7ik@}2u!+1y1oMy*uG_Sh@oCB~i`m=_$+T5g;L-`P3d z*H?#RxnJwOCL{xlsQ-?MM59#kh1@`?&E)_ymXbuqVbtKRlwsD*{A$)19*u}EwV%nA zy`qJUbc<#^y-%1Vv81p_ZjfTq1;c#VbO!$@owT#x>-Bev+(mOG;IqyIX=7~R1{Awp zLa3^a=rk^t_>v$9;ZQ&uEW(L5Dw*I$lndhulT$3^pr}(dRN$u5g0Z^iSs6hS9zqB? zc7OHLx?12Q38$z%Lir8!*Txeu6@;txOJcc-i)_cxUAyb;KI@q5VRZ%DJ`XyzE*4I8E3*aI zY+7dL0kIt-k}(>QYb1!z;y^TZJ@o#yb>MrHU8<)T*^cWya*@iymVJEsLPr!hEO6fL zt)bHAwWnrBaRq4Oa9&6qjE?M3oteBSP9C2YqfEkTa(GZPM#FPZB)Y=xP72&8Y=os<^g1vkQb1k`4@85bYDST4B|-L17YjBiH7M@+ zF^C=rMp`96j&mT8Yhh*TvLp`La8~M0kMXV{g+8s1h`zwCl}YI8g%qCRJMSj0pB!TD zx}pVbElZXA?&q^|MnTJ>V8Mk92gZRehs9I;>9-Ln!bny z#O5{B2Vz#LRWoj)wu-FPihGVd#`qh-8%ZP5LTb??MGoUhLDQUI?Z-4FQhVWOY1}NK zwi5KS2!HS|G>nWBU!vn99wtj+Y>x0SOJObGAgX5!|9!<|`t!m?rtq4m@XEM{k1Uc=`?pdLq357&6o8|z^rjT5+ zDa~pfMO8E!uU#(?m)R+De*Y(t;D^&u#A;2ewc1Q=$sL_l%3)WMAi+X7;z8iLukCV% zY08XjfMg^Qk_2Xl_?bpj+Hw3qd~B7=Y*l85tvrp5D=Ur1p&FKU*3xdqj)s=`CuV%s zB3S8#&;wXFoYQMlz(Y9*Y8+HtLX24|uL&JHw^lg$k0$uaoPz=3vA9)Wuz7wqH(iK{ z(t(hERomI-weX;bx0?0ZghuF9Tay&K0?o#A5$)$AtJ7)o7cMl<3=eOq9IRm93hrmEZR` z2(lb}g(O_XIJVWoE;|wHgfC0C09JG!7)k!JpMS(^UI1@r51WnF4 zCN!bEN;x3$b#6p!G+yQBm+gQgl>k~cDxbI;=e~$wwX=#AO0+-ln$pF|tk}Q#A!f zaT6^ktaw;Vt~UgAgvN+UfglZ*Vslj5m}h}Tm|JdJGog?%WQKt?h3PHmj_$N;FQ+2e zm`uG(PV%r+UD59Vy|)Ji_AFxg@aDRA?pk}{cGpodVSAh^EOm_BnuYek`f{TmTLsr8 zGfUMAxr|j`%|<4&wsIpSc#yl{W*|0MbE(8*lx0(?9xK@(G<2rE(MS=-)cC<#wv{;* z8408WUrXn7F?sdv8JY>u$P=l^3FSdM!CX$kIA9Vi2@f5`I*R@p1BC|6=HYK;DuCKK zIg4mUvepx>jH`^+TgVEXrR~fekP`Bi!?pzk%o?gioyKuQ)rJ9AOuqxwOt9Q04~Jv3 zeaVW8ZhivG!nxQRs#IwOgt?lH6DI2D)aLL}tRp+m)J({^St?6<0AgJx%{Yl@vdG*T z{?l?^whHHxtt^-Vo77{54gnOI25{Dy-}qNJ8@2gpv7^Ahv!YeZkf1#we5A3$ zVtp;KJ(0_dF2Z(icV_Sqx{)Ln^h&oxW2u8otVugJc@r#XAzVkpgM8;s^(?7o7&!5j zipKC2rXd)6tOp*swx%E&`(YYby4Hsncbr65ex?# z2ZsmyJJ!rY$CGxbI@8s_(QROWQNZal$ zEihfR;Yhq~&cp}yP97&xSn+O#;r;|s49d&SDt}R z2iFU|VH+)=&9!L?yWtF4T{iXvt=H&#?=%w-*=aKv7l5Lv`vT21nb}=R2FicxEY^0qrYxu#?z3biUO5^l)z(O(Mrfl}yoM$U`ha5PeCQf;Pu6m728V3Vs3iJ##A|kQE@}PlWatA26^4oPFxG%d6kq}?i(HS7gSv8TX@PoTZ8A2$(#l zH~YOkRs}jn3F4yjhWeZdHj>^ki;`55j)FsUmWO*J-c1uSK+UE;JA--Au8IM?;RFZ2 z#Nl*+KmcqY5IB4)ry7MqGLFY&fOAq=iF z&>G0B3_UNeXh`&m*FkbCk<_v3y+Btw+*JdQlcdx!a(=p>YH^rTXvA68jNLSmVUrA9S}2yM)` z;-^{+g=1279TP4lG_frF=0F(h zBpfcAmp{-rIMQ(0tHyP-nu4VZkaR61#$U^(12=j8vZ3%hZBx|(*3oHq2;n||a>%Uq^snVK_- z0s7cB%q=gfnuFFnQ}Xf|nD(xEI7}wE=P>__Zi=D6s=y=Ud7k;JI%@+|q8KPySFSLd zg_Z#;HDl4=HGtX7%xCKk1}&SeyfSRnnE=4{r%sspl|422UvZMOH<|->LH_T({cgXU z|GU@U-{yaPh^IEufZBSGOdMpR;U?S6@6(D+_7Ri+dPWZJHPhgk7qxBg*v&Y%%4kD^ z*!YM+m4oP%iTyEC2moa!wVEt7)^JT&a3z;R%%0k)?Ch4aK&CrQq^c1vIX z3#oWh4(1}~j3>LZkVX1@&jxc|^}U-8i5+*rwv7)~-}XB@o@*5>q>If}@Z1VFSn1$$ zw&{LHiQVs9w}b5P4bDoOh^T;!Xl&AaK$J{AE%{-ew#kd-5)Omq)xE}S?onxmFOy{1 zJp<_MCwQE}zY#m>Lyz3<2Cn&R5m=N^#(B>jAlH1G|_R1#XJ(=w&Uk zLn+HruP~=96|=I6>T9j?AoiNv;&Pf0Jp)T_Gj~X;qIr_}StTZ;Xqt24EQ?uo^?mk6 z-;1de9%e*Ux-EDqR+WWKnsWsQFZu03Gd2?i7*Ks?t2dd;3wLpNU${b2BmeU}=b7+A z=3lPc#{&6(celS=lK&6(4z}|DgFNoR;-JxXmGJ@t1k0q&7BX0rlO5RrfdT4!&%EAV z*77XwJ)`{qM;_Pk!t>t}tMjc!I4HqdxstNY%8S33~H@HRSxzIW*Lvd+reMX9S1 z4auO>@jUgv8C#3nc-M2$vu%9a__pzFa+$?loN`lj~O;cD;v` zVPA45DnL6gFWn08W=Xm35zb2DuNB}sG3TcD1zRB@*a~pHlzwoJV7a-%mW3+IUw2<{ zRTAVa4cUyWboU16f-HC|!hP>+WLAQ_72&+swNjTrZ$p`U}SsLCNGl$LcrSz-Jv6?Wepj4^#h= zlK=Fn@L8cOm-jBl_>L42P@$tGKz3SWlMp!x@y9z0vn1845i^<>~8L4p&`ln@1XgACA-W=R1jH~)P{gd8*;A$P$H z8Vyb$@qrki9)$9r5ffGE%Mg*9B*ZjU>nxyxr?4eoq`{a-Pb9?8uZU1p`2w1jSX@F5 zinfz&p_AnjYbU`)r;)JWMb_01&=suvM+ikUKC)r!3S9LH-~1Y5_vOqnI9Cqp8vrH8 zl8mRTjUii?*Nk6=344*4rEBMoD5J0C$uvmIFu9pmT@^iyWMWL(Fo}kS))Ee;JAsy7bL{fGo3?n zfDY6bwPIK*vzNQ-rO68QZo-L}urL^)URPfhtfNb@$+<<4bAQq!5BY97~sp3@;Vlz+rOPaJhBV?z@=?R+uE*6H*;X>!aof4~dzkq>;YmtvN_O1wGdTZb3Nh0|V40#f<&24gQ}4*#dG zhP;0{bcgPCUll&88*qfwq40up@E_&+PqJvAy`|AHrKxUKzJAYe!dEZfMHQ7Rt6CNJ zp6;j@K*iOYiT$(J6Ni9`L+}Rjk634bV7+~uq|DLL3gpPndEq0mgK_F>W|^^YAd9eU zEDGdeK>A6F*3br(%WqQ__LbjMU4zEe7rHBvKbXhq;w4FHaJM5LY+C#w(dcA;NMVwF@+vvll&F*JO2y2Tu z{7Yr{zU|bp?i__&@p+S-LRRu*dT2V$OriITj4UTA% zzRg|VL=-(8#m~z%;#IV8AS`A%Nzti?WzYo?BvW{F;y}dIpjpaP_DW^dR7NLQhTv4lEMlxe!-?d35U4h}#E7K%Q>B^! zn!s2C<&^*@hWug9XpK!zot4kvJOm$sBm3~=tK5FQH+(ikr&MQhk+JfHd#xe`g5vg2 zX*RSIqxcc)xn(NYMm}KENDzLVqt7d*@q-|0OdlK~%0op2B>`tC?+|q+Xqv8AXvuOI zh5lNN2RlL=@?>VVGmV`Y&~^#a0bEkLSsW?ITzct+BQ%`zEek#!r-FUqb0sWGp$dtn zf`&=r28*9ho}_GsuwCGVA5!n42b4^$1HKaYZ+q6Qw}ti7TZ8C733$!KG!UHVjIwk; zBpx%lJJilItmC@KdeXBBTeO$NBh(+dJMON#*O$bWmxR$%M>9X1`||~~$ETC?J<$|g zaI0o+4gHu)@21?_gUY4K%jY+lgzfsA7>`giCDF&qf@#Pc&j;R&FWi1<;fp2I6J3%% zy^dH4j&!DWL+X3tDvS>JOhPRt1Hr^t1bM~~b8tqj3@^g1Mfe*Ma4ef-p$G!N`4pnO z?o5xRABv(GuDaUsbIqO;iS}1=^v9lmfuq1oh6EtDGz*;si@;&U5@JzU<2jt5!<}bu2!Cbb zN3<8`bowm~u*y0=kwK+v@yI^DZGh|^Aw_)rn(6@R?JUHa5!%>0Y|yT-J&3X07K9FK3MZ)Gk}&CrNmKh zIAZE=F*dN24hhH;q!AEH7&BrwS`s;xr+``j;Bzyv)hL=p` zB6X0X;%Ph==bd`(hXhBdLxSgpH)6l(x1yFqlj-w+y*vKy?Ct)WgKyMF5WqVDoqHsD z{*?wq=>@?>KzzO(8Ia?-@1%cbGq;w<#QGuz*tmFzJkhNgr4BT1L&N;y;shjd1YA)a%j=Bcf5jr#L0)t){!)N21i^&Za;&Ba z9wX5ZOsCbHVLanYzxrSYI@u~d$|I#c7QagG$@@~+C&R`jI1sVxnc&U%;*jx}tPplG2f_x! z7>#jAuQq!iG!!Bl_>_xwML?jC2SH5vbrvnoGf_-)5F^5Dc z0PtW_Vhv8RgrRkAVd8 zyOt(Pi3z`N;OLSh6nHmqo#s@-y)Cm zAAFnhUW&gE#BW;5b0z<}z>9CxON8_=jLbWP{w0EdCD57(RQsR(H?P0pL-?bvq1k*X zL4XXkY9HIFa!nsCNrT8*BYUBeoJ--Coyp0Xot`?A43EU`ksxBp(iuwW1&-Jj!m00y zdo|xE`bzC`^f~4h`4F0{NJI3n#5ZvkOFH7NqT2w*QPiuEKuZ>oQ>3S-F6vW{L ziMyPz`Z1EB0-MGtS44L8M;T7Bva3)+v9sl_&ZBgY`&ik9Jg26ZZU|{8M9!RQ0gn}C zQxY)~YEQhR?a6``x&fIc#Gg6iY&;IJkU7L&ghTmV4Z9yw|3ZH0K@en> zhgVC)ywsCCNs;m9gv?czT{M|$5-;z?IW5Cl9#GHvse~TZD=xRwD=DbR0W4lHybjw>>2q* zBi^!gbh*MhSl6~WX1WgTsT2v1MreIKzeprk36IP(08xgaQE`QqUvWTEVK!pVu}m3b zO|cZ@HVl!veYeeKN)egIG=byz?Yq;15jqvB4lB%&PC^bD&cyZ9u%@Uy_9gyKEenV( zR-AdOr5NiVUda}qp?(Rb$z$jOFWlUWo1388A?hTgb8Ip<85#30j1T;^kvXGB$NN8> z{nyF6w@MKW!Fj6cf|0FD)JF9IUT7)K_c zt-TCfxN21`1CTG6O6m)6$H2<(n`+h?Qxrzs0|kZVSJyHo3_+GAWSReN!A+k;XiU?Y zYxWmM0fa_6n66sgsi$rmQvH!%EFe7=gQb^YZhaeUG)+@Sf#mVN)A!goA#*QT;S!?7cNrbOUxjl#@U1>XBim4G0m8UbSjF>A&|Jq ztS$kcMarfvw^?kv{^Drf2JEI%>Eh#;g>5)CL|%>SVY`Ava_YiPHc!2X^=1=VUyYO4y-n`i@j z^D_cAIi{yLIHSqbi^y-vGFD0|LD|EZ$ovbff>=YZU+y2>)e6(3Lq$gfqA~GE2-Ynr z7(a+`^+FE9*HRdGv76F)hzKV(kY-Z|_W4}%uj*(iTHLLbC))ZVXv~>7gmb%Ew^*Qu zFcc+Xc&elvDx$p!lpmq984hF4CZ=(i6OGywLa@G8!529%w?#VrVIsQrTZP{KA-X*nDBAMMNUx!4ZDW z3p;$`&fPkh^_q%-59rAJGNARM69E8b{yZ;yVku3me9TgOBb9b)Dd`r}Pl)EOY}zTq zXCa+J5`gDM8-oz~@IjDW_Vdq{Z3}vi`tt?MlDrx#%NMW)dyby$K9MgnhR+xa6> z4`E)D+Z-ovPAfJ?VZCp4TI_6|-pxAafO`C&(cLXb4z77Y)~-FRFX{8Y`bAwyU;UE8 zQIQNxDW^@+2RqT17%wnaAUKdo5+U3(U$J6=i-dRlWF|tYisvRTSb}-&lw4wY{CM0k!o-s#OGpfjKcjyiu4-1;eHq+{obx__ssA%wGlzZFT!a%5KAtY)% zE>(EEEj5UIJD!H@N3kJKL^5~2mElypATi?G81}0=f%$T~$i|p+1(3Xol_BZVPHd(3 z5&1R4uSkf6*___@LC%i1f|Mh4@yUR%qg z&va=CTr5XLb7Lyg>&p}?Ga3f6Q56~4YHlNoLd+OCmzSGY0PC$c$FS)cPB(kDlx2|4 zV_TMBxL*||C;^SLmMr#d&zJ%v9A;Z!L zamw_iNUDKFCcE6kDiG$HqjYG})Iv&(Ojf%LwvH?=)i7c()VAmu0qm53!oWJzjB>cA zg?&P9t7@6GZid@hE(Q}JU#o&?2@DlfupuvWt5*^xs?xSJQJjVRSP<)5H0wYX{xP0; zmxN{tRIZ*)G=N73lQ_8k^7Ufpb}Xi^h9R1r1AssmlJj-D=r zNflpVE2^r0w!LTx`B$9=4Wi2=XqCybQ=lsTxh8-!Y44=1y$s^6jUqGvP*sF4;y~{Ljb3Lj2F2;oflg5dYymo}r7r!;s}WLF=DB zAy@dBxY|??-Q28;3=ZnThsFyy>x+6mkN?HPmqoCHnNq2$}j?D6BsBk&A9_ zstZlBFysYg8Ha)bEB4aa^ZqB7A6IVPWbdYru948-Ajb)?PXmnpiLgJTz21(S%X}?O zL8Nq0JJMYePsl8+!H~WmF1)|FQK=}50P*G96Tz0*UUV>~(wt2UREJKwT}I1gm%gjg zV+%KtPoEH(XoQu!kCJ)bfLD;rpbS|i72}yw^lWB7pU(RAb`PCXJblPjuL;@>340jB}JRNz>Bm*}w; zsjI#4%3CnxCmx%*(Cb$Xv3x|OOulVsQ}kL@V@x4{j(cMq;C4!ajeVM z+$^JdcvL`?gJ!ozm!x#)n7BL{o(WaphGBLFQRbbgy*EUC~Q^_p{d8 zdhS%Y^j8?vt1h#;o}1N^gX13$UsO!&N*FAAsI7leGag!_sWvyCd=lTRZ{{}lBZKm& z?#Obi9iLkU+8efysuw|Fe;&Pi3C>i7!2!qr<>x0veJ_p+L4tUx=e6}k)vaMf?GcC_CN#P7k^ntYgC!i&bHrEw+1qu|YdR&7 zQA=tz3wQ~Z;usCJZ#`$kgh;1`SL*?EG67Q!Rlss+vRQ()yM81@gwRj>$8QhcerM%; z_rb_oieG}i{q1i+2;dePQicV$1Xd*AQ-V+dqJHdyDyD%j-A?8t0^4oW@YoRVve(vp zera}o>1UbypRFEVrj54zzfbnI3-`aBou^M8?tl03eEKx_3SE-<2vV+2NQgPze?I5K z;?M91eKi1zHTbG`@G(|o$QD7%GE@0^8c5HLQdh5$g`9KI#!wWoip_8gkAK6RHGKy#TuO{}i+ImSX@*plvAnPRd(q z921Vqos3HkQ0?Z}2i2Oe;V|S-1`~p-q723pU|}x+UY`~NZd3-+t#LjE8)g|_zVY~x zJi6#%VdzUL2Wudl)>0LtS0Gvfd#iLk{h;$Xjb!kZ`VNWjqBknP5)1;|2}%n?k`O5X zDt~7(8p~@5R!fS=1kps%m3R#a2B)jZ;FE2zxp z=Kq%B|6>{~%lrSY4)MSDc6UnppPk(Y{{KFns-+*(p!$@u-R=28Ek<*-h(MCZj!5g6e@#bM|t!qT007og>DM`z7t=Tc+I1#p@z*V$j zm+sm^DRw3=Qx2$U)7Hu=54+T;k5 ze4MLF+&M$t1^HZf7X5Woh%=Q}BQNCmyp*HeZwm8}ha-+JHuIENR0YY+tzEWYDV{5z z)iV{TS1ernFsy)WtVYqz&8VfYIC}prQ>?ZW7FhRnCoS#I@1h$PW>Jts%r<^)0cC>r zCT~NlVM6ay9D5EfF)qx$D!KPQ$ zRjS40h2|{Ul-toN)~{2rp)6LfjzWBAJG%~k?Y5|^P`ksMd+-@{`5kv@>D^ujuDs)| z{W=(vXuxK24?%!I^a1r9pYOE!ML-hd#9e&J(LeryB(S{il|svygENS=)M3|_d(^mf zAzY8q`#-wCi!Jm>_??ZOH$lbGrP+&Wr|?z4Vd%L)D#(xgCLkC1wl*3f3?ZsXNQYr7 z(~IhYzkAB17I)r8qZBQtJT1HxC2Oka4*#rw+GR{E8D2#FvQcTJsZGpXj>xv?W*z1` zb~u*``m36{TYf4JwU#jDi`7!tDjYupUA+a;OViLCkfRde1PYU1j&BZ5zkm0#NFQDw zo}3m6zTW@#;B^%pX-l`uQ`;qd6}^!3Tvj|azxul~~ozaqpMj2e$%1#4xNIY;SC=&zR3uYT=H zq$iEm-HbZ&0B)JLh13{JqSr5``?#2^0xcDn^X8^k%t}^i30_q(f5Wg^&g0-0#IKbchjp=B^>$#pPCpz$ zf2Jd-l9SXc228%+;B-cVGR;}y4xs@qc~&(8lWxs?4jf^Q+fcaV{*G>Ll%s_i_rKW5 zXG>}B_%_l2_~Go+mk|}ju>S1pv<1o*7^O4BGCi}TOr->dZiYH*k@LObw_S_ zHCLsWyD-)&J3&DNUL%Jrl;-oQxPlUL_VnM4?AHpZR3Y%qMfj`Q#CBA%^4^6gVXY|W zxLFklm}qJZM5RKmTSy~%ccR^#1X_ukjrml+-(3z|(VO3|482k1XDLEV1e8Zs8CxY% zSF@l(c~mY)CTN2uXk+HFAMiqz?f=4P)ZZ+iB7QHmpW5TOHcG za&Rk4cG84ZUv<%aa9u43nGk0!I29r(tuWL!xYp6up{wmNE{PkKQ9G7;_InVxqt7pN zLccE^a_Jy%Vnw>C!tHD-ze|3pTQ~AK*zcwzg_dRB$TD1QR%V>N-xiuGB$KSDWzr?v z_2Pu4)TiMHoxV7#Z`#Up-q5N}$z2WE5-)u!doSbY(*5q$*~!6+_s55)|2f-#`R4HL z+53}&@-F&!IYjL%> z+Dq0Xtm`+h@^a+(&2FQ8_>T5ZPJViK{Bm=d!e<~>s^Hn`tNf9M-imKq9)2C}wtWip z-jF$(s)p>(^&Tuit-n`1YiEn0&=MH;z0qaee|SSHhdq zqr2U9jV)KtC{(G~ONCujMElN{?W(BPti|?K*lr_eC+Dj?uHd?8aibMuVdR$*z7|#v zw<`{@PDqt;S=~ypsIs#Y`dLa1dtz1A_QIT+?G=YL@Tx^;RY=&W{8mMyWtTfRx~xJb zB$qhCj2$I(jH?9DxdIi!XU-jwMhN*5l^_}f;B|uUk~XH0f?Vld`ShSi%?j2W96J|1 zFObVkZzH$_OqIW#f7H3$SA=CHspsGAob}xx%AD4tUgf=8A1Z2@bw5a!k%88+!S&6% z`V%Ue)wcKn*wn914pkw2YLPsxHc*fFUaWywC1P*sU|!rNfS^YSr72L+3hHkOMpc-G zcCZ~qmJLG^hq66^+_F6`%lAvNeUX{A=ZRi1O8sFa3UDGuRpdlP6!?*<~JifgL0#ExRMy zIM_)|m*Uy=;NQB3EcH@6$wG!x(bF}4$DEO9+RM*yRsXTP;zN#w2I+WLBbhp>VX2+v zgn;b=z}0EKBLh-fo>iTM>z&;S>ScS&j(&@gY@NKWv6)U%xVob*Pq2za$ow|6LGF+@ zkZ+9_vR+h-cPHUm9d^rX?)*;fgh-WmtPYi~Go9xE1=>wEc%`C^OxPbal-o+rGVvc| zSlWb!807n1+h~dZHr#t$jQ_SfeEReu{=}S~0LSPBiGmT5 zaYT=4hW_$H?{A{vXaSSfJ^p$<=TjUu^u_o}a8QAAU7 zZ9>R;QFC$HD_t~}I2X;Pu*2rGa|9ce#p)v~z*q`$W=8us3$X~Fknq1o%c0Qmkamz4 z6Yx@JBlMx){~4{JexDB>@i}3T`7#oW_KyzHlo!lrruxt~*);lFs4r9ggJbR`PR3AV zic|g#Y()7VAz^9%=YonZH`DbaQaB6DOmCyI?XzV4!~miX#U{mHUwWT@u4hI1KjxDk zO}iZfZS;TmWLTj8dyjV?@;}_mbLaH`Td^`$I|f!FyK*i5?oJVwjeo&@D&=otpiXiD zje0Ftu-foPs-8@;(zSn?e56@E1QuJRP;uYeBrjwwJ z{y%y8q(J|l>^^yj|9mgcQW7kire6*f?N>6TKMO-&5_Bz3Yt<;^c85%{3?x$zqsXeL z?drsUDf!5Hv)!PEE@dbxmm*E3he4asp{^`)Kx)yG&dk`cy7rn{F-d9s)ltL-14E~1Lpl{0bNA6c!`4^VuV;)$4YcO5cLz(Z8HKPtRtCFM!HX)G{^39$2 zAlgK!wCDcHD%aoDvkd=l8HMqQcDmjN+T=fv9~a~QKYsG$f&agkr_rL4@9YT)u{iQx z5v^HU^?^IxyR;yFr_OnIk@G(^%-z_O)*6F^_as@hcpb?x-bImW+Kn0@C>%Bs-KD|$EN za&^DMnwQ}((5A&cx4ONX7J(%y41+kn>MA;pQ@Vuxt`E1R=)X?Ew44B_h5qmEmgxWP z_VB^}=UyJcn*x<+$r!uY#fEsZNaejaW&=&?U+NX~hmb54ZOfrtwVk2-R;z*dEDGir z`y;TlfooP?!mVBk;7t3qz@^zs{n=}4SZW5QoEyvxP_=K4ArU8O;-z>hovE4pRqR=s zfJJz%+D6T<#M@dk{0VbiSfLZoDmxL=;C0nh8$_R#5CwgMJ%b7-e}?@Fmd&N~JeMp? zX7hXGp2}{z-+By#BY3|cZSQYF`y#d#%jULtLpM>)pm%SwnZfUbLZ$8b(ulNbnyYa6 zRO0|$n_E{hPa(-o=W#@f%5z0SK! z(Yo4g4oS-@3DobJ|N7F;GW_2RdqId9b5!Jrj$B~d{eOF>X#cUd{c!)kpQo$)SS@pC zdxW&Hh&d;$I&pwBkz3I&P_5A~z$tz%_DdKH@7s`BZU>hP~(My{y;1L ziqA6ipG4CHGq$AlNBjMMdsy`U+1cIRexU#N@q8*KycAQc=)TVM&&ljt=|AO-C~&Vn^UT

    j|<5M{aM6Q(5;UoTYgz`~UXK5PeO&SH-WRlxxxw*DK6axR0gd(D4 zZ7P}D>4iW@W6!_9DsHuTB*l1JvmYvo>QHw%B2*oF!jA3WRF8(;k^8_gC(fEQ4q2yh ztz5^>!|nLtS&sjUrX>0(WqHdmfo=A`drwRHpPdK)zx#QX*2v3c;fTc$C-mdO(NU%D z-|QD5Km=k&X$K3=pyA{!PNxUil^?K=@;!fs#jX(lx-kj<*%M7%;wWY4lOn_tC25)m49ReNXHT?oBkJ(ON7qmT zA=|^LFI$?Exsa!@e=0Qyot{l-GWSvh${iA+^$(9yGRJ2j^}P^rZanqUjQxxrC3sF# zeC7o~!r#lE8N&(x@oR=ziZ&i`RL&AS!3j<_*JYo;Pvzr6b>d9f7m8=N{m)#f1bacD z2ru=lP>kWIqS)hnp>Z~uU{0KJlRzhvd@-1iGq@}?%@zEOLVSrs_Ix5%PS# z9L>4|{PoxAZzRt3F8XKg+u58%XCaQJ=?o1o3g3J>kI$e-Xs7TAmWueD;*aSd4*3Gf znPz&I9`h3tr@7Z39qR*B^%={Tn1|wnRS*)E41S66RQ@?76ZuyhO$)ePddZ@$yV9wL z|L(szIXplghR&0p|HtiHW2Tl+dN#vefD`mRWhr{Z`CO|M-vk_AR4@s(CQgBhJtoEq z7{S2+_7AYlyW88=RNmA<7wL&sfNWJ@+4yWi!W1WR@=A8J)rD!~V|!ENKcjUp93J%t z!MgrCSa0c5MNh=`QIFg)|Ew-{cIkycKzFvc(eCyR8U}48cejUVce}Ni7cJ1^d0naT zLX5W{Wa6DqqcowRUBwFmwQ}_H-_8*nYA>LhkFuDh3HIg^h@hiwFrcpULNti_aW)Q# z-?wWmxjqKX3j{XdES-m|t_&}ZPqOiQSQGvA!V9;*-nOL7igE|Fg-88?cj={G!i$gk z>hE0F$OLVubBI@jTx96~A@{5QaX0?Y=ofbFGj{z;JiX>5=6Xsd*KstxCO*CPv*ddE z+cmqK^8bFjp2vIFbUMAJ)645CJf3ep+RUwHgz(3hB#Jo7=j;5^yXh7Gx{*irm*(8= z=2?dSk7*DPmSo^%G0uW1?q&$qrvKY{vRBmqJ>7l$!2jRJQ*@i7!Am{G-@+6Z<(V<$ zA=9!YyKWwEsjd3z4Jpk4X7d$M?$`BU}H3D&p2x)U0T$VAK&O(}znlY`Um^!t;8)A#m| zqZj)}^4Hsg)3a|6-@ZIMIXM3DP-giRuaEbCQdRzQa`xi;<9F{)<%>5zynUzO?Z1C{ zczX8J@!{!#Y2lS|LD+E zs)~)vzw(ROTcHUyv%_B=9=*uFI68c3&0iMnv-b?k!!gPDal3xZ-|k0?bvQj=lPLRG z|2>Q25YKUxdZ7%-SXXqyL}0GE?<(EZF{LT^c0syZh3vz5`IrEP!yR~P@! zoud9{xVN+SaQ@%NbFcQF;38CK_jy!BYyS|egeaf4bhr9$8=)*^3tFMMuWe*PA}=Jr z;Y77zUUY6k@g_n~@rDMtWN=g2KU3ToQhw( zFTZwS0qjNSF=mW1if`-Ns;piYfaOc?=;fYe=>O7z-{sSG{~K=a7U}=vrw{u7dwHs^ zK{EEQQ=rsMQGD(DAOw{CBhc;7VYL6L6o0*VrQRsTS~ek-Yl6bxVeEJlG=8%pY&9D_{t>{EnNJw4|p;2%igF4q}{A3SD zzAcUV<2czYzyFt)0JZUdPaYTJKkN)2{6FsJG4hIy-$&q_&Afmlmk&Azry^@}IsDk2 z5Uejxth99d_c2G3E9Ol*8IvI{a~Qp6IH{zJB{@A5Kk^v6qDf!_j^(>Da9z5-0przK z0W9&N0P?@T&E{xty9rEF%JP=QD3^iC=UvV?E`&bqt$)@7WI6i3RM;Q=w9x&)tXM`LcFgYK=Bo@)pW;kJ+dy-dS)TJ4mmkIalont+|fS)89lJVAoVx zP-O%thV>~?TvbWO6%zHVFhh1qqw2z+J{9D|WP)lt@S1wTw_fN)K2G{Jk`?Wkgiv)8 zYXMW(eFz9PG20!cd3_5ae7n- zzCxWQX`-=K`o&g zm9F74<^L?;^tsc4eg>t;?^E;#&kFlr7QM6mzcbt`#eaFaz5B5L@8hZ7|8L|JTe*K7 z$H@@^vtV4GCYUnFxm6?$641&w$!7HQeyiG^-Rk71!fi}|+i*1(QdPE^!!DGsX{TVZ zi=!Z>BvQHNNtEK`(hHl$L6zx-J@XSU#-}n&i;Br@zieu&vUVX-+>Azw(;PvjnO^IC zz`i<^bMfX;uu}pycQwH<^dy?<*|J`ZI!>PrrFjk!`h||6<07@2dyGTuG3?6j^}G1g zdU4!vCiU%re~AEJ-th{XqdSm?oPQHide=U3doABLtY5%pmyFDz~ ze?5KB|KH1Vul_$x@!#`_f=*<~lRt>g?sM3Xefji0<+!HH#NU6&-Sd#UXUW_>ZJOeG2{kzbjtqWHvf?j%+L@$`jjQ%4chtUA47DFysHbe zKKTC-`u_CvXz)p%bUQceo3gPFsQ-vJ*hkNwqyEnJb|3vLV-}X_=8F4&sZdaD_MgKi z#r^-}@!rGz?_QpY`(HH;_#H%u`V#a)$3&=&%_L=&RRNt=j1p84xJSk9sg4k2e{GBp zWEHFoMPz-qLM%B*$5(=1R-`2Otzs>~4;^O-ehFUtfnWRGJ}c7yr9wfp@_(iHKf6zd z5Ak2`<+(NeU&c%H)&U~E#0elHBvi#e5Qp6tjeP(k^7HBh_7?lUvnzNT|F>Q8|9QOg zVE=PJ&zIW&w{j5wB4prxJi0~K?%J)J-)sNOR!k4is?Un_e<@SYHvVt#aWVeaHZ-85vG31t zICt4>Fr)OMKSJW5%0Q*L!p>KczcN8tjq)^(w7Mz2pizoHrpovt_p&PZd^42FIJLF; zm*?ITyKxqVLf0-e!0`IWyd7019ImdM_x{S^&>_BUL<4PuD5?G?30|>{Hva$dZZZDf_Hg?l{@=YkYv{;JQ=CK$r4)&2MprW&p>amSfJ9Ri zd;Wzt#mw!kq0<>*pko4$R5rt5h^8SO3!6g{O}D^UJ|&kJO!BSwUKI4!P=u!bWGq-awR3=r27;q;m3m+v=51`~E*Z*nj!v zz?}yxx6!=+pFY{yF6e)TPj~jVANK!!JZtDXG0*6G9L~`TKKH%eSLiTesTYPKc<~h; zBW=vdNrFffgFeW*KW|9$7Fa;KJnr?*&(D1tF&g3?KTZ%4;8iwp zRgss2YO;CW7Dqs$bxL(bh^frq3i82!O2-yBveEf`;m8-~qx$w82TGg5wHUpRNF7d@ z`ZNe|h*J!oEsz0@L%NvbD6POmRx!mzi>DAX8aODF;5og-45@zqkd1K?;S@7oB&HFh z8uu8ZKJijTQOyW(7@`?w50oqV6;BfnCe@3OvbIH%*W_n{ha!B1=H4$fL6_nR*z4`f z7oq|An*ZXLf{l<|V01Zjcidg%e1k4`+--MzGZzutOF1eDMuZ_R>XC@|#7oII#Auvg z?}B3?;YAn&f^#p*ybyUJe>$MQhE6Hkz%449c6PYkN`*P|0_-~pECL?A|6 zSj=VOV$kbdqa%-V(y5(1xaPS=FR{q6&AZh8T&6S6x25VlH|-qJ0GUL(Xig$B&*sRa)GXo^k#H5v z>ha2D@I0@>%lim;Wl<$&x5Ud3#gjDgQaoMMfa2>|6-7*zZGw)@KcRlQh;e^}`o|O~ z_WL;SQrt&3P51&{A-Tj6X6z`TW87F8y_Q80ltm1uDfoLf;l&Ti?{L~5p--sKIb@Ec zZ8Exr`kcA$kI?S+_BOgfeG-wBc;QPNdW#e6(Icli;s@M5#p-YC4-%tIR#h@lsju*u;yeCm&b?Pue!9}gc-0`J+guYK?9$6w>G zgQq(fKbh?A?mYFMO@`0*_PpKQ-6z2$`19i*+6890nY06Ke!0Kb~@=lqmeVZ?HHsfcY2<5jV~RIO^fZbSMj0#R1Ox>g!^ zl*>X`5B+ZTqqqz;@)j>LmeRSpHnl>(8@&9sJ$)@=r||V9%j(%YJgUa)F6J>Gow5Sl zHE-Svf&}N-iIhSJN;H;r(FU0)@hlEDS3$29FFRJHb(skXOF5l5JVGxHUmi2zDS-p& zZwe@mEAaa8^DXGA6@{{H-K%L+MXdp>xC*X-kd0R{`eFl}*bf3CI0}uT5T;LPf@G>O zOAWX(Vu06-vUEQr9>Xp7*JhZ^u2+(He`XJnM@JDYRhnzp#9h1>IV7sI-y~R6Cvwoqru=pb36_sQ|3-dI?Ki`p#$%VIbJw+WX~L5*B(qW z65xUSFff~EuqNBzbnl9|q>VczH=d`jPx8Z6Q~p+XX%~_9`{#?J_k%Zh&Ts0fmJXOO z2+5q}sPQc~v29e-vWef)Kufy$c@@(@vLYaiDV4t!UX}$-+dQ7?qFu1N%y4eWAIB`ooK)7L%d$9rECpLLb2MuJCHZNwjlP;(wY@yHmVG z()mj4u95sG^j5wXp)nSwNH{EfpF@_?1f#%9yS>-V-3vr=^}>lvZ|ns z^Z3#~M>Ij_R(!JaO~4C2E&r78V&u0byiUk(dA#(P`JqSVrSj*)?eEB)%%dH?tq4%e zqpcP``tb$u8v;VbJl;xE)euVPJdamt9^1z2uJEz~B$eS^qa$lw$@}lTUiHXn#4+}Q zpAwSdcae`f6O1xmO&1mmuk=R~O{!KTbW6Hw<250X7n0wq$$lMPrc$x|`3KZDY$sWbuXgO$UxhcGErN`k%_KaRdFTK=j zqO8~Ga3X?4Y@vWg>nUdrvD}9Aik~|(5+g4~V1k;(=o*Y(?*y*~ZPPX4MIE1)bpRQC z5DH7;g68QOosToN7}Jj{35%=ns?;{M0~%yE}B3Hv_1}t5Vz4j#pmubdApY z{oCA!%6L_(nA-8mtDA1CRLbGia62mF#o52o#R&Za$*a-I1Z-LUYd-|xVu~%!3k=F? z%HN7k;OMej-D`9J@&O!Ol7xy&#-*1KAxMio#xO9{N*R4yK03Mt&wy76EwKOQbE)_i=565u37<;1S%AikSJvK1n`%>XeoV?6Q_AamL4fr|$(nl?y%0AREs{i% zqNr}ziEbOOXEX_?bvBkvU0o1Gj5XCN+|`&a ze|uT~kCuPRDtJlu;m+}Tq2e+&pw@(!_J1j0c#G?-(2d9tQB5P(gqI32bth;^b}-DQ zq)oIW@H!GjzZ~f6Vncs zGq+u0ZED?0ygI0OZ!5{kg*$IlJ0H=YqlwYo;PtxGkO{mx>cZ~?ucJ20I@yjbxi?A; zV`isxFB-2UEpc;rN&Q5V3`e!2G%!_io2q`CUyv&@O-L}fc*Y#rP?wcl#;d_%xQJI? zZc~ZZwmWo(kCztZRN&QMFGM2ZI2C?eRqGkOe|z|U-yfX4I(&WbcK^-6N#zB&(}AAD z%P>zh42Cg(0;e)*k$6P{j2QM3e+E(tiw6UTv>;%E3>;qA!1DW>BNAy^Q^d6nuag&w ztv;{B3uG1itfmvK234$dZXVMlTY=N5#Y<-tiELtfjl?8tZYM`xOK2ejyQ-JB!iy$T zqNnp39R>;=noPZjFc`Hh&hKB%h%ekVt%+nanuUQ8>vZ)_YsG6qL(|P`^qNkI?}bRb z<|{;?qXumX5l;(j{t7g#6|aCWzM@{jdOb(iXx~rCrI!k4%u7lFF+}{kTyNr{go6Th zOEJ~0c!4?Vdmek1byU6$^jtTO?pMF^-K;3`? zQ(M8n0b{H$=@T+VbAEq^u`1IS4}E5!3S3YL=}l$7aN| z-C4Fqj?LgzNg3J*gTbd0Wl+UCX>zKNtXyx)EjNSmpK8J7hD^)N>m-of)|(N(-^pq- zSXG}wEvwC7(_yWt!YdA2HC#~6tjx0+K4ZlQ7LBW zJs=JziEw5bdw#>rSF8cfd2n=(zukY)ApX7O8UVcX@z>~CD)3^Eq64ryHc4&twMq)@ z)V)pyh0s;RZ!4jR@bIz4ju0Cz^0BS(HK>|QD($G2^XQ=sV5oAlvBg`CQj}1z$->E; zFb0&sW9SNp!U&{#jB|LsXLvu3_mg>@TNvj(MSwI_4vFIdmRbd}Iu2W@@0-mNZ}0+Z zB0k>7Sy-oM$Qcr8muAb02&T_2|KaD_!EbyDcv-8X3cXgm?A3L9ykvm7x-oi*CnPdq z>;(IbKVm=Qvo~Jo1#FCfEz9!Nj9Gf__585V9#ih_xt?hs-Y2SqA!OVUvh z*Sc=(psX`dh0kogV{j&I7p@)qjxn)qOq_{r+t$RH*tTukw(U%8dt&3>dA_&4{cHd2 z>gww1t1qmz&huE(=Sr;#dJw%&8QJk03RWs{%Xvv2%B>wA-&=GCt%z7TZl#sC3B6H@ z)WUSCz9O1tw3e_+J=|ZM!tkx-e-V13#E$`~Eeo|11)Vc8T9*pOCh$takW2N!sb-_> z2RfnZ%>>Ul_!pmIl-063pKkbSnT$GxSemE>es5S@p@~|jr<=10$Z!pyKqqQbMSQ*D zEzMx{#67Se4$qG6fgGEmN|PRi|E>(sM`NDf(6r~N>@AtJ*-IBfPLuU?4oM0Hgw**| z1eriKL#D)^qTlQvG=FnxZIBmALx>#9>?7St!5lfVVh8w?F;j0lgV&kmPO}KJu!Y%1 z!bkZx*SG8Z)K$>SHQmk-;lnjRMF&(~O!p4#Ia(Eiv4-qA9%zCSb{1*bKtBzWLg1ZE zLL}ix(sSLkygj04LZ=bwCwEl|Nse&v-Omt$++6P;=jLAxVitp5w%Wrzy3TEpijh|~ zE#U6I<92JJo%BZv2!QU4A5GVgMpgt!X|R(-kLWf;(3V&d%}6X$P@zEZ6dLnx3VwxF z7w0wC2yyRu^6EPW6YXe0(3}7~CV$KzqzqF~l%YiwCA#w;pTIdev;XZzcKf#;6GK|DsF9VsOe3RQ+#av3`ec;^B5^O>g)P9x!9jzGd zf|WCJOeHymK6~wkU}ekY2W8oD5WaedE9}nE!AM9E*z8Bn7O^Ks%$dm?{Ilp#eZNb$ zuH2gN5I2hD_HRos_BUW!J55xBEt!G^XexJ`XJ`HP6NFa~%nRxeH+9N$Iv(RhWX9RF z{S1`4QQ}J0eKhb#AJ^hIw$ogmisP6UVHQgZcJhLxdt#oNBOWlLQZx4 zb>8p+S%dyf{jT$^oJHyi@$+202opyWSV&(#LiNZ@BMAOx&eM_y4&?ABUPVonWthDf zNMT2$$!_}@;;FV|>;H%rJJl+^el;P#JJS}L{wg!~cFH19BODV*I~b8_o;I&@?flEd<6WD)!ka`HRe$=k5F9Ti;aTXf#hRCvA67!u zZqG)TU#x*tU|*$V0-3TQ)GA zLavqyp-=3Bka8-VU@Geo`FThw3akcy+jn4m1P+Bv6JR^Df^Q+=y!dW#ep(6F=% ze~uTj#SejsxXgZyqA9~b`F+Mv2o7*R{+A&jbnj7}FX`axv7i7AnJ%WOOxvg9wvh5T{L}>!_oCHCTJgOb_nlJ6!`qG=SkNdx2=Ex@ zvdCZ`1~od`x^wnXA}MSzX_eD~D!A!tCW07MJ!XefViV?kqU6?-DCbD;e2|y>*tA*e zq|R3l$ZxwH|7PFlCa=+Lv6s43X=K(O^umdbN6vZ3$>=cNMMV8iGKc6Y>3hr?&t!7) z9Q}9mtbh+z&q!8V{GyF*=YYRxxDxqRR|J0zpY68=&P8<|awNO?2g7Rd=9ksvnViZ? z2eemP)L06#)|J7;gQMV(@*k}3BzRlzHL^*?JZZ|6X4q<&BD=`z;^k!Ff7kvoa@ov4 z5RsJu$%7O^C6dG36xb7Ik6-o2SVg*fdk4qK0QTH@ZEzd|D!Z%7`R8}WWT8FkThLXgCT0crltws6 znIOgVO1x)m2*JRgMC}gwrvlcbMw{CYMiw;GB*!Drus_rOvHRY(`_bB#mKTlY5SS19 z#-6V}rLot`ze)F#Mj#pjeUV}>ie9!P45G$)HtraO8bdiaBnuz%NqgUNF;hJear8Fnd+|IQm(U%sbeWOBK6pOuX~z$s+AtXb#hj z-q@5L9jxeZsp#;xY?ZevhhCdnNp%uMM8uw!?%@OeB|F}rsML${F$1HWyA(mtLk&FHt8;6}X1QRe_LF0X1Ye3Uvc6ieH zDWs5Cj_9rGP=*wI9SjCL6v7>rL6)6|io&%&AELFG*}ZKTWPu8k*>@h%faqHKFC|VX z1`1qSzs%3Ov7J1M(FxTs`9d8=f3M&$BYG~cqUo=)(XV@EYE?Bj{s&I!t=RvRk~0P` zi>i=!OQ=)je6Av9O(;0LI4#TLKU`6HhY7{YX5%lOn?h93LV=BYKFyjcb$YzUTJ<=) zlX{6Ut5kl{S#RIPj}|MKYFI})mV_`?k<_5zn_|{HU~}%%2hdh)=!re!9(Z3G2lO?! zGk+f!{sO+c{o3-fL?FmveEoav>r>(<3F2DRytWGo1QXv^vTeEomU?;yfA%)=d42q+ zdZ3ml?dD_$(|@*pwq)#^l84cNik-`Eo5;Ug-}Oq2Xso^r7NDg5{Yx&4(IL!aZ#&Ad zMsdeLWS?m!16!=b>hqD|2CPP>Fo)Femj7YliYtXndbXakZhMoIh6AZK>VyDR{1j{A zrnlQ9MpJ4F<{OyIPpo-3E5TM+Vt-D4sGb^yW+!$G%rPf6b54+o!8CGMBW<$2k|0(Y1olVG55#W_!Fp(AU7_D$F z%QXy&6By?J^@Dh$taoLxM^tHyMTpSnU-en0Ibjb^R}X2C=%=0?pnxY0M3yC>T19n; zSXV`niHValo;pv?zQPt?z_F`@yjkzNrjd$DXd-5FOpc7WDNkj5s{b$6D3Ofw+b>&h zC&Kh0Grm2?Nosf=SJny@2R7gZCy7hBD&1%T+0jP9Jm3$$YAi6xeWc@Q-9pS;XU z>`_iDLJYnBFK%L75j@*;*HENVRQkq29me0yW_36>RenJpO50-h_B4t!7|G&jO;c)7 zZdlf;=K2$T9oWRkZ#a-h-kdTES$1%?vRt~nXAtMqH&h7a{24yg{^6`-1x+2(aExL5 zCh|l(OK<*gz}e{Xm9+2PoSdPCd}5A$I2KvAuYY%K(6ig2m;~ zH&(LD4J1?VpD%H}3o0);oh)V`flzXiaM;s%0C||8C*w4%cpTK@ZYY{_8&K>`8NOV9 z2D`U_)$pL2WUf2p@J~FS@hYDqUgv&)Rr**d z##>zg`-v;LOFIqzxHKPvn!Kd}|BCm*!;tqLPDw2NIXJBtGw{re)ADSuHVbnYZe{qBN*( zuTxJ}H$O_sK-l~`C6y4V?58l0i#2UwhkBT~H9gPgq4HFdcyNkap=zVtfPS|=6fa4Q zg#PJ|4LXo35QFfi=J3R*Jjq0@9s=*qIXE1j#+75m?w_6P<|s#U_MXRlJ4Cp_!)!saSkL+58R)M2B2@{R9FZf>%~5VV(~N~_&NzeQL>KCFeXuhI7qhBDy0YTk^8 zD_*JsG?I1hiPk?HN5~C6t9GUv(F5M~_HLsVA~#uBi)E62-b*p12DbIG9MR+ds`m5IKrB$^* zNlWa)tus_!7Govk4bJJ^i5{hvs$^dp8FaBdex!E`cv!dG*TYznq|n=dv^#QPRkXh@ zVAchk+?v)F&UJJ*gUt?63su^2nyX9o92azq2s%<)pHfyuqckOh+ux`S@dsCi`;Z*8 z25Gz;A-ktOS`K*$vG(V^u}-9`9ZgNf0xW-k*F#DUt+9n*r-{Do10~@EVNs$l!=4wq z$jK~mjK)8tR9cWHKd|k-0O2sD91OjIbQU3C5j9;@D`=HknBm(c?k+a+8lGZZVOSpt zu$^&Sc0>ce%%-Fm^2GtRdwBRb9TsCP zv9OgRKYZIddFaM~u7pUfgoodl2^F1W0%+Sa9T)@T@y%^&2<0g1LH`=kYDfyUNHF_d{Ku4(;8|G4a2D5SV5t?|UID zXb#K9N8=n)-d3jI`>`S29T2kZJ^2km@h3{V0NcbRS0TixAufLfSBlZVN?rQIY1Tju zEsVST4BcO!f>I$V?|-~!?h@pNg(-lA&E!)Xal%M?Wx#*YzqrM84Yf>CWj2Zc5Ytcn zRS6$=D_EK#xubo?5Q@a-62IXbXf}K0(4qnkS3k6%{@-+t6rFE6N3q7{&*88!A}@PKk|0juf)evU5uY^3>Zoxue2Y_chdlV`haT`O zVp_3E)=&N0kJKrOvU06y!Szf2C)e*$`L=4#0N>r=tXJU302gEINP%{GDFJ;Lhc5qy zS>v?y5l1;6omC*vhB;4mZ8{k}9ds17V4PwYum~MaP~fETW^~!nq%o~F%%`WLjkm{s zmt~kj1o6x5Mqz=)tvk{@c-V@51Kjmxjq(6JDV?BCM7$4W&u58zJYqNhmZi7cZAZt_ z#7>2G80b!_fQ{t0$=gJaOu-_q2z@W2t>1hJWcXqrtN6S^9=A<&pc;0kl!|k(HU~Wh z00R(9p5}PbFk`#H&K(`Gd^?IRj+~Yq__&{@nr|eqiGzJ{sEv&ae$aAiAu2bDkw3Z9 zvd8VM2uW~G8(yMHwItX)wW9! zpwX-cmToPWLA(}ff~^{3V+`Lax}#*`g3GPEw=8?|n1^xoN2>#psdXd*YHKtgwc9pu zDPlY3hl+ZSb&}ff@l%+}X#=f2imTL8XDQqee%_M1goXXZF&*FML}>%$LChR=8jLeu z?D<5i_&B@tX;g&nSql|aT@nE{!Qa#g|aj8=*dVS0uv=~35NV=BS9_0VsC?DQ%HgVX!F8lbOE~c zrYW!+S&FlQG-k!sb($EzXRb{oc~X0E9C|{(C%YYlKYo|L_QSWbwDrFqDzp>n0jNii z+2^$FW6woLlVFRafDsjICnkvzHCUwxa#73p$UX1*d|X0udG#%`dglyy+nUMqxzJpw z<&-(MS`%0AeY-rzqFi~3#X!d_e&FBctzvM9mO$U767^)~Ivy2`@c9n!ahlQZ zZ5hPenRdf1HJ+SN>=rTA4(lMV>c-x#X@MKog-LkMqFINL6I&i50w~9XH^00lMxJ~9 zfp=^Ub`h^U&@^;G?>o+}L>OsDwmNEoTe8v)obzzxgKJfrJlN1;TJ{VSUh63FKCPs4 ztO}>XK0eGsxW7;o_nG!2ju3xGI*x!@ z!W87vBX|BCOcU}U$BA&*o%f(;g0E~c(hMe+n#s+z?t6>9jusYfCiUl0J5#irIKHy*2)umM8$H=^buP{^z`B1vaLQ^TT5`AVv;L3 z1uG$3VyQ=S@wk?hM%b$A3NrSZS4cNg_Gb!EB_x_?58`$pmGc3U zakPwcc_l?dZ(n6`&}6@F|X%^Nc*B7z4WVW7tkciK%e!^p})aKgS*^S5$Tnb|tc zuvVo-ol0kAn}jHG1B56|iGnC=hqL;PYZBR_2!pGVC~LcxZf1iKN_xsAh$seN&Bba% zQ}e60;ENJ*WNWamoD((%_0)WM7QC~w~hO2?mN_@1%NkEpry6K?d&S&e?#ZtP?^S5ZmskV8*Z2 z_e>WfOgB&?O?xaAM>156AV?i+3iHNJ0V-0FeA|X5rObBZr&Ar9g+}W{$-m1VaoP}D zZQuC3PSs1&8#w?;SfoxiBvg?X^2|^}hct`-t1<^j=gK|mXVLj>5uiT?y0hT@+64YP zif>wv3_#@Vv#lN?1QTJ?2)Ui&o9CedtX!*( z#<#j9N0?=FxC@vuX6!Em0&qG8NB^}nZq*JH9Zobdtd2hBI#Cn`vy8ktbQ>s`4^JQE z-KnDlxVv9n4(1|VU=Loj)W*T6Bjs32$GqlVLUiK3?OcNY6$Abuw8J_DE_QeS&w+zg z0z^U-`s0AGnVmQXSB)!9EJ3VuMbmV51(e$i{vvC7bK<34@WoJWOGGS_{c6>|1Fjta zJ-UKd9MaTu2_PF9rl2HnIroHhTQ zNhi+pUpjT(>x(h|HU!tY;(vW%1^ONdI#lU= z5Og>J)z1=YIH_6v>-`)WDj{#I8Bcjma?fg|`JuO3h2P!G2J^fo^c%g0jaeV5?I}q> z=uXjB-?=r-1Ae{<<;oA93Oj2Afdq*bQAv0`Eg~IsHz)P6bXdti*n6+z z1#MLMOHE7=)@$FVh-ZFiPfzQQP;qyff4(%`X==`o${qJuiQF7nUlz23D{b=eDd5M^ zJX!9|TC4+jgPFvV6PgYX27t+(I*v&CN>~);o%9!QFprvR?+pIR1mGeah}pXD6~<++ zD^K=})))W8J;Yt_`HXKj0`D|SUD}brjEOYPabB0HIAHeY zZxo=dxw$RyopTn7dr(ry2=s#f4Rb46BJ8c4&<{%>XbYE@Y^t7p?r6+>cSYbJh?t#3 z&@Tk^DiXho5V2KJ1}y8P6{2e=`kC{g3V@zK9ERS6J#4bOgC^g{4K$q;ydE$Juz=y> zlB6PG_5<>y+@J5CljJjhKam;#n~UPZ*CUWa$U2GrCW-rnai}c^d~O4L+YJg0Gyk(2 zY}93A{2l!#iv#*Z->AoV$Fs6QZJ*#^(*4434gMKnoLhpB-NS8&xpVDQZ_3pp zZm(SwdFId{UDu_p}T!3aU?A1DIG>4VUIP%p^M(AJM-nN-VM9VHq_MC zzNbZ3ndkYPDQOH~tiiFkK@lCUMuiw_BAp_Py2+rT7DCN}dx)mtzVF^`k_iunrqV{e zWRkTIcs%jWW{vmCv?DEpcQA-0x93bGPNJYNi^rjaQsh%f1%d#Kxb@;zR(gxw1|H2E zN)?%PY5;n)6==L!V!t7mUx3T2NJzD3Ihaom_3QIt;32_Uo390zLtOm_ySYZHa6i@P6&)VdT zo-YLL>)tOxpG7DZCbi+hBs2(FNDb!t-aGzoCQQJ&+Zg9WfImF@vsGI|Pl zWk6Nyyhp7n!(8lSUK&v}1lP+&+!b@i9UmO-1+AU+<>sEL0VfDNmx6E0_;67!qIXrqBix*2zvPXKgl9nY~p}p?_v7OJ-dsz8+UP)E_TPJnD(?oeu(9UwelvHjA7WvlTjwQ&L zMEVvP5D0q*t;B8t=0ySBWehWlQ*p7D9UT|uQIbx2C%pU9w^}FoM8QgEVaO%JpzSHPt6BxQ<*15G_YQC+PTs zIEDy~WDt<;9Gbc41<%a=Xm3Y~f)SRGYC7Tnmq65-wOWQ)haJRd0f zxK}Ei+Y18AYC`wsO}V4Lhg`IF=%{?lKV8L~>eszeyH*8x(QJ}~tx~l>KuWQ@WCiP7 z9z_?sUsz7k3KW^53#fYqAghpkTra}P)=E=qyszzW#kX_N6MC zyRCpFUwIb;h?VM%$m2Oa;TTuWSP<8vYHXl&YJuVD07>5v#O+X z)SXhLZit=K!Va+f%Z{9Lnvcd|82yxUE;Ve<*B3Z7Y;c3>ej4L~7QQ1IWx$#m2d*{I z9)UOeG0HB@?5m^7N!(G2;j@xTqb4Q^SH%+j0$j*bf(krBr`fw$bj0(}yVxR+^_woJ zf-TrJz4&W_O6IC(lJk^VwuD{$v z0=wh}cM#6l2OQI0|#T_dd|iR}E2WNcb~+Ee~?0c2eb{Th%?NYpE{&4=Jj3KE0D! z>41&MV&6egMde+2P@Z+1l$(vsC9)X?^z2Hr3T{74&39s8fS*|LyFbv~><6hxtE?zd zu7^|UVA6^F8v-J|giEDMG<&V=4%hsK_L9oVh%07bd>?@~l*j2QXL0WOa2=QE0!#Ud=Y@y(~xb%QsXMc%7a7^J|opFSyQ!Gom3E z|77k=L+^NbL0Ei%L!#}#{>V?d%BF~jOQ{M49}R`MbQk4eA~rnp;{t%#$#a!?ou*4* zwhTz$oL>!mK`(^SW>>1=Zc$7%y;vVvO)Vjh3yrELe3<(|86KO?N*46F;wv$Ldbth5 zVYa70hjw$FQr(?CP7iC#PGZ6~K7j*}z}ufA?FFu+F-?&4WZXlY4T$Ake43jZj7yv! zxt`@=x?-3k=uU0t77zGH-= zwYh($1x`yvH9yp1j4d}!AI=)d2Yx*f=|$f4pA&QCtrJ8ozB3b+y1MwY6L>;H`ArQKjn?MQb*z>oKua5B>xDe7vPW0?aYQ59^} zw%OWiG^%vvOqh1pRPF*8jfwaE{M8AEclzG|&%O*~o}@a#4|rWnL4l z;9X4@YslEIp#Y>0XRLpVs&qt*Q5*}KLOZf&G`(&HSq2VN2@Q?guE>uara}&RYBVPld*}#3PIKwT8D?OUY|FNqB z(#`+%au!O6x2o9VPh$LZ5S!cj5|c>@M!K9!!T;3;IpsbWZVn?|na#n8`mbA2=CX>= z-Wt89KIE$UH(N0zfWQQ-5Ql5O9YH)Q9a2#T~aTn{_$Qk=DQ)aXCg-VE#=P(bK@$asYp5Qo} zlRnxZHt7pa*sP-Kl{`2*FMBr;@rM=s-`&f&t!Q{`^7mU!^*=2;&SsGKJXVA|jk^n; z;1t`wL3hrOHPuvQaIkaE9%h>1VY1|MF055rSkH5TfczNtIn8w>FD!gQf8{_<0@E)h zG6K3Far08R707&C7G|fBFM53?yD^dK(e}R~To&y;=Q7Js+;EgS10x#lO&T}S+Kc0<0Gxak80;Kc3`dSAiI2CFKkKpCrUKs^}ewJx??gE=4#hZ z8#Mr#!$uUOt;D8l{g%8iBT)=47VXCx5>000NZmksG^TaVZ?24GSF*cYY{1i?D|^cw zB>G13tgcm*-AtttAx4RxDHuCe zldP{oeLg#zY)|;XTL583-K>QSU%s%A1F(d;BM?t#_THGJMo=Y;$JdX74N{x~ukS4r z8JQ0>hf12PMpY`)w{ADYF?L2y(3hN9>L?mnlmS0>5m|!{9k<z9sqUJLNj$i>!xWco6D@60=xFbMUwAPA3fsZ<{bG6 zf+K0nHu8KeT(vVsV&B)--$x40PnM%hfp#Rd4{RJqsci#&A2PF1)u5b0CTTcGEQe)oo1|ac zOT*QVoqYBfuVpo6e3ys$Uy}A5NZP8Y>X)S1>m(CwXZR<79aSsd5^~A54+HLjRw4mm zLsOCkN4JDXu93Gp&rduTuRyBVQu!;a(`CZvUAJgEyf(FW$Emgb7zw0q3t^_ePw*Fq zzXtM4tH)hd@!HUvOt`gc-kJwQU{HCa=|CqM$J(r1Z~ z_^j464dIw1;%J+EgIw@+qGadns1e%;4vFzZ=a5I=C{c=q--1^9afgGmB8hXL@zEZ3 z-h9N^2#w^zZlLU8${w_H^QXTcH15x@Amt|^aU;Vzk2FdHy)L=SXIb3~DG*uEY+J$1 z=+hk5GNAm6TBu7|>upmN3;v2v8zh&o3l>`-oBEI$Mo|Dc!|K{;Y0q zbwc|w?30F|a8Wz;MQe>Ah4whZdU^ge0}wCFeKk=UAxI1FNdXrx0-MY{{sg3JHCMBy z=f-k>f-H}$l9xR`V_NApW9Hh5?kRXz?X*e0(uTFV1hx}2BZ78B5cp^MoI;haNGz>Y z(Edv5Z*)2+S5TDxnzvGs7|wI2du9BKZ%S|Gqzd^|$}X1}e--bC;2>lS`Gi#eb#-PB zEH)o`+qojZJOC2n;rU#=%tlhHRa!3M$s1De(KPrnQ@yhV3x+z+7M#saQ9~BY(5P>7 zuTlnykv*aDk|`Tqss|V3inh{&O`(_kr7?ULh3poB)O7w_Uwxa-R3?w0^~cIe$S3m< z=q+ZW9`6(0;X|hgA7AMY^mU5Onl{nW@7Hfj9a3v%SY~B{9De3lt>_3 znwdd&f5>NHYtcD_E&Pd@BHE}YY>yNZ zx*Kf6z@#t3M#iNJH>XZ}Rfa;wEG*C?4jn((U3zM-K5repD`IGXq+i3(w(rc zoGcI*4hbQ%Gxp!eP{;1$OAuyb8XQi6mX@a4Z>Mo}H9e~)fV|bYfdNy3g6bR7o+M`_ zrV>AeHAGBfn_h5H@W={x?sM60cqY5e|ApOH`L=iQb~5$6!*=^a)iDq-}tYM}Acvqr#Wq_MaxCM;-; zHc}dEmd7^E0dM{rG=6z9Aw8Kwg15N=!MQgJFGZ->lOziM3yt0OpCAdvdnlgL!Z}rM z2cBX^H=n1@kEPm+=Z!H-;<)oe?U$$5;{EgF7+m%tTmy#9N)y0LaY_HuqD#0j3RmD==D@jRw4X)J` zTXg)R^(fY11qauiT#kfVOe(E8bUn5L?@y44o~T}45)r)sZ)v$*S+do{FK$MyOrbga z!98X=y=12@k9T$OmlmMqWJfhU9u$b`p>ev7W1C#gOi73>K7N=?C|w&EazFo@X;|b3 zePi&xtW$6gSU=awsJyqv9kiF4_ZOD?=K^59>OHqxt~3nT>pQ2J3*;M7PJ74r2Yzg} z#!HW`z_#wAiie}diK(*t!AJ(*^BO4bayajI#KjL!#ec#WuMCP~sxHL#{xdS5%RDqM zf47i1G9rTH&Y5@V_QXSSesTISCYZk0|gHJ$~%9-H0~vA-J-k zzb%#iSWi5yP(Izn6c5ORO}V)eLdq`PL*ap=OyLbpO9w%uiMqB^N)f=hMI5+|yk^&T z@hIC^TT4`OiMsYYHSqQQLs;}|%`bCpeQsol4rwAY00Aw4Rw-#=vu4w7?8m<(Hk@!0 zU<9s;lW?y|{^efF0;o(16Qw~9ua=e5KmskzjpX{;WSM=R3q3)3{ELzeHwye9z5a#z ztcfHx8hS!adZTm{(18u_qVe>`Sb2>8L%^EdOAH^Ld?00CtA*48Q08`)d6M1V-~J z0Sg`a;Uq_G#=9}L^qL_0;u)t`;7h@d>ElswACSr^CYHIAZwH$UI7s>!n$xCQ3!!+L zt>76^I){e&1>KaXDt+t3g*Z}IhhHx|UzpKPFqZ&gr|inKL!5qb-Mc*Y4hQ0?wTwRG z_58>)ur9~u2D|TPiD8X*uTH3?Lu~Efs53<>J;f)Neh!@Aci(NP*LX zdv|b5)<9o34PM~Y<(2Qn7jS2c^oSp^dxCX$x*ap5ntV12m_|F;)o*n7%vg0^p|%;m z0;6}o-tt&rsIpycsXiEsgk7uStfCaGm*;>fxwSVrRA@#&D>8S;(9p8*ov(Y1cA^l{vZ(xff424xj1jg zppf%Jl*g*7L%QS;UFM9=v#!+%@Mzw}vw8uG_;hI^IzMd|{P5zT@ma#BQNq?1XAD(N z`q&lK_0d6dJIjQF$oql}+8vqPn)ijvNxKFl+~@5seD&y9m3j47LatEyKu%GP>7c?d3tvsNswIlDkFYH_E2>93B-Hoj>S-4(i- zdo3~yE--d|(t z-Y&9V6O8Z6Aw!R|6^B4JQHPX|Yv+ik-t58d?B);ODD#m|{ppT6H9)EwAd;ii_2+k&_3FepW4}uuV+1D85O*e%sD@N9HpFX6L^2z9TNpcQO z%ka)UrLbHRxyAyCmK`D~6SynMhb3*sY`rq9%G>2zN^>v0`)yB3`PiXe2VVYjed=*} zzqY&hcvgG_HhWbk)?#!9P@=VwE8)QF5JiT-B3_1hu*;!M=-|l=3cNi*oDd#rDgalo zaA~=KJJkC?=O@IK6aLscneI|OLf{G^5a=%Vxf1&6yKAm`=ewR_Sn}ojJ!5v(_;f~r zUPl`e)@UH}>wYF;E8f4T`w~ z*p%2-r;Y_0`+MP6_;-(*I1kCbrp!`^>Z&dGM9y32p2#IRy#kfx;$GrJ)e0e}XueOPS+xqR9h7~Qao8JlxD$9KX-P{vj?d}&I zz_SMT&jyhug;5Au4TAv1fofvJi}Hg7O+ukQZ`4aiV)&ooR^yA!EP6=loS=IuF z)B{T@LNN&n^mdM@#5hRUmcAAjefVMdS)gPKIq*6LxsvHRPI?rTL)20KsxBB*hWzBU zp{m3d6>WjQxMyX5Bfv*s{S~#vM06a6GJ>q+4^EgPaaGI*y>%cGGHT+EQtm6PVT!4< z=*ro@PyB_CK(f;;5%la3a4XG~l@$g6_RfXFy22E{;jHjToc)mEw}PIQwGh zoRoIc0@crG-YjIjLep>5L%^?7JM7vQ+R*4BDv;l|zBO(IEk6>wgnD3~$}+($05(Ro zc@B>3L;`zD<>ub1K){sR9^D7 zXFn;Jiq0%#fN)CP$I;D(nje`z%a>q~EA70^@QbEpo<22T&A@GDE>ydoBXif`#$nMC z_j}cFHy^SbV`U0(Oq6Age5~l0PXa-4KqHID)=oHe9};``y)9&*U}JOm-JZ$(7c3vs zMRS$(g!)+&zbw#WmT$TMgmN2bIq{O^qC3)hP|#3 zwM8L8eWg1MF}$-UThW0A4Ym>}sWIVrW%T z#|YNQE}mP9I_|O($Y{W-TPSXZ;%t(L>fZfXQl2BKJbrpPsMm6&-a=TF60eD zbKW`*Zlx`xrr9X5hR&AA8~GBMRpz8Xohw^Y^`EY2g_hp>erm%GZTbI-CxCIA~< zlgzzp141*RiYS0@DXUW{QjUYKRZBf$KOrRFuIQ1>!b|oVr;r?*?HA9IC&_?mby9dCvsTdx`9Js9=!;1l|yhK*JrrK}yEXdH&A z?j+FX!g&>_V44dXm7A~DQYc-mMyGDl@&s`@jAHjF(HL~qe9cbtNJBKvV-C&y?N~@A z(q=iP!zI6dJX*2@Ootc9uS0R|?0=3Cep)&M2PreBImVd@iS4CWV|jL`-gg2EK1ct} z?5zXe6>|cDp<_rs8!w!*YK~BjM}C$4=5r>KOCCajO0`%c5^NVVil%Z4NIsHFDV%oF zIWsifiW|p|=3@$(z%s*q)L>t@9$ifx_`wp-{1ixl^Trvq*dq_L9@D?kYW5EOGFzL- z4TSt9D@>TEE!|a)`;wy9e))>yn(5HA;o{mu!`#;Q!6C<)xy1ZkY`MHnJqCWQe_c4_ z03M`r%*F=yKB{K^bhm)qVh^0|h}-FH?BCE66RgVLK-7le?xy8w3l_Cs`eQ=Vq=&j4CT?WZsT62x;vV%P;TyH#1o;ERNMhyRW?Vd{ zaFg<0T)rX{o4-Xv#`ykyh;OkU@CNlz*Rl*`5@^8&`X}Fpr#J{E+4(almkC8IBCbEk zj@xu@*wQBy1q9#9cq5n(NSB7p^=ZnWXm>q6GDV4m&ln2joFhTto18)WiiP7_n z)z2MS=-3ySk{j|=0PS=-WBFTdH_?9QjW1jHTS{0VL${n^muIl@{v9IE1vJ_x4Bd_R zSdS4dxR4+=qG{m42`QMH^F5dNOHV8=a0m=^b&y^tL!8TtHl7L~6Gp@>t+Zj+C$dF78cQ;@QPfpxjh zsE00O3y=_=g~HI3!!MVHE{V9B06E(c^=!otTfXBGmPIE@paDVF2FysYUsP5uI6)&m zm2-NNOhY_G(}ek+9sqJXxh+iFH~2e0=0Y+ijL+v0iHW7I2W3}npcA;`6Pr?bg($E4 zMwBHeB*`6(Z!G@ft@vA0yn&7w^M@hA!Y!2(f(HX1j8~XDB3=rooUpsMHa0Bv5yaev zJX<+ZFX0V>8Ro~tdzEsn>p~ZE3Py_Z^~pVPQ_#I-E>YHnL~^|(@t9?w5VFM)@XtO8 zyxa%z5$uYU;Wijx7m^@EBR(@|+(V~f>7&pQisg#3#rkP;27yo*G-c6V24RBl{%5 zPJTMz*d6r{9(xCSbxA1eaiN~xTUJ5?5@(8njmTg?+@y!zQaJ>~nxA#U$-U1KmT!r2 zeLfB_V_@hGH?|&A>-GkUib;fy05{Z1oiJ{?aXf?zTNuA^xqTE%6=DOr*S1|62yQr@ z&u+lw#1R&?p6wBcN&WJFH)A}02q=vn2HwNw=z%@lZh0TD{rks<@ODi8=YPDvhy0&t zi~swqqHr!sL6`L4nwZ9um+d$Wjr~Zm6=S%77j}1QLhEMyLRn(o)2k+_{ofB`<&yZL z7}h-Z8BRt$^n?0Seu0$olm1(NiwXALg~3D!jR&E;8M$H_VPW~qyE-HfoUTiHtUBP~ zCttJ|npDwGGR(J}0Z=IM9Nx_AqimaQnyV1HvgXyaf!Fs=p2GqUGXZTJo$^_seyG$_ zhn3h)hzV-mzVJSV4FfNd%XSw_bc+q6YrK!+reHm<_wJLiT~dm5qB3r{R$Q}iE3!w4s% zm#t3@-*tg~8T-)r=%~H?=axoLXjo0&-)pPTlGC$7JHR7z^{w#}GKPlmg*Ro6)_3_k z`Qvj7sB=dYRQF!H{Y=u>d#2egT*m@N@;&&PV(%v$@U3t>trrnOaK(jA6EHLhJPP1DV*>?-| z;`6K*FHX*XJw2}INGN{kZd`=AT;D(cq`EvX`04oJkas!neLwpAywveovwELCmHHD} zuG|PqV?m#hHJHw4?_Pmbae;ZDjILl31gM3h=w{bZ^O%Qx6j=Qj~gG<>7`YpwQKk$jirz5x9*b?{~})F;AH zjnQ$=Qv?_=fKwJQUWe0FWkK#UwAmN79IxJ9@U(pC;_AqjW1S9^$A~CIOI>lPDo!X9 zVHu)~)ZlcR6ECT4&g*PlsQ{%@A2o|rn%V@7`hYJd>c=x^Pw!>(ZZ_!DtP!Q;<+!Fb z_jYaqqu39V0c!n~*?(oNLTRGjc?MqH-!LH2Kjg79>SN}+>P)M7Z;A{p0n1d3vd~~v zw9GgNRbdc}KnkTe3RUqLYU?y3G!#aiKA@{acGO?ZAP4zBbCcVcHC#B!t9CwPVCKka zC{h9Y=9xXR6?J399LnNvX*+=)P)wqLukfwEw@~Y*w~qh%jXe4I&JoK3w!MPR zy(mO_stA+R@KB=^>v8^_Zx(3^A`8!4c9g#46o8tuV9oM+Pa3Qw?&!4<$*L-rRTC{s z8Iw;9N>vc_1@jw7QZ&9PYfFV(`BoO9Icpyx<@%%hlt0Vz^}DR$Wqr@Q2G+?+CQ~A3 zSsyfWKcKL>LfuS+MDI2XY*?-3=%UNIQq%EJ8}hWE)aEpu}fTYJIC;jj5k~)?=r;Q`xBq z%oK0UR;xahWaZjWy{~X84Jz}MNQ09e>cD|(r&O#A9$(J#b1a-@%?FNaWKiY&Q!s)r zeuj+VqF0{8^S-KRWr<60`&1kqf>SE~XTB;uUxXcMMdxN_s>Ozb(P=_m8uZZRu}NLv z-;$6pb{5lq!9!}4B+)-eQshY_uCxha<?$^4gSIjbe$A`K0%JL$(4@I!93_)iew=Uan0S6V?#b94%eAn21z2p|Xwo8Wc$;t1 ztc=s!_C?PBmOB5{P8Q3Y|8_cuo$~qb&f5O-QJ$jwQ$336qW`PFf9z{K7Pgi<7Eb$& zB+@TK+gF;0lR{clGD`^uUz`{_wa1gWGl9C(fShNle3jeWuSzZ~HUDL%S+3wS=70B~ zTeAN;?5^WKJjzo#4%TkVs&iE!s)9hs28`pg`>Vj8iUlzJ|N3%-PZsLQROTyil9XubiK{ar=>XU(ek^G%aJ=1xTq3!-qb{ z0_|AetQXBP+ciDO{9j7`M=VmnZ&kQ&>Y1tkb$1H#|8VzUt^YmBQ^bEZu1L#s z1-@o3-8@AZ+^sP#TzO64<7vTlVI@Mn0*eiOcuwvU67u%2=O1&JZ0N)DhmS-c(#X%Mq zC#EzJ5v(9|`I#!`L?<%~R1x@M;-#U7!$jQKg*3EzLFn(u^O=l+u1Yd$+=fE>X@c$u zxLivNFytpPG}C~Dj37Tm9*L3>5T=6_#WXs`5$^kepZG+D2eZ-9>(}t7aIJ7@Oypf3 z1dL<6klfv$jh^dElIQA;x(L!QB+w%9^cw*@tbcm+F1*9BcXW1|W#Z$JB_x!0aK{1m z$NH=am&>4xxz65s5 zV(;(~kcOfcp$B!hF%>gj_{#JBNe?|g=fxg{ljm^k^V$#7dsP994KWW9W{mS&I1oWl z0)eRKheLD}MMv?N#wf-Rnk^aO5M7)=S@m_Lk%XqhK?YT=lfFq=0?8$a0S<@R>G=lw znZ|wJgJ6a-;u^FSB5FDMI6TM90y|Z3wMVT~Ss9#Dn*8hsL>Qu~;qlGuKTECu$`o(O z^Z&iwV*Ho=gMsPc=*Vqu_qGLhMsi4YAzML<=mgg?(R;nF{z^PRh zy*i{uWG*X>3|}Q*Ho?zfll)d)xDlRb3vGrpL7TADmQt%AIa^z3D{o*_Ymclx)|&j7 zadjKoGgsL$7w<{)_Z^F0ZcM$}cRQJyLL zzqx$Er>!IEz-rOuq}G*crKTgxiIIh)BjjXIt14U(B*`K-IR~HG5iM4@_>3B>-^y~2j^8A=t&d^WV z@UI}>a{9l=ZTMHc7!BL}AN7;nhV87NK6Y=?2#L_HFC2CkSudPEzOi07$vCoJ{GYXf ze#Nm*Q-)4ooiNLh$5NK#djz*dx|sgwTa=3n%>VO~qgQWEoUzxmjv4cRcYmk2|KB-S z+y6e!lLPnW+e8SI4<6Z;@kPg2AJ7<$aO~aTSVUZUccBA2D;Vwm1ig5B`Y&`t;*bPv z8{Nfzl8_MjA^Hau^F0dE;SeC#MeZ!lGIJzQzX;mYr!-+nj3b7y2{-j2N34LjYX-=) zWd^sVA;RcG7THY~l#AfLr2@knco83dA;Gu=O~0kYB^u)p4@nHL)DUC$oJ16zh69=d zdyx946NqB@aV8*rK2ksxMn04(B5N*JxWT6!T>r<-joj}o)F%PG;~X%! zDk+)CSedQ?Z{LT0WA3J5HGd6`ZHSZ}2?*b~*-;t~iyRX?fGH?IW*FjS@-c5jKy>Li zq9H`U!i-VZ2RM}sxgRDkvw9Kvr&{nhSKo) zaQw^B`Q=As+p_M`RFWBIQ!mmrp#4~mG(Q|#7F49Lnw0Q?Hld#Yz+cTjKOEN3;D<>} z+aS8GfSwIEE6+|wM2HQ$59O(b`r&ZPL6;N&?)eDN6M&0tf#xiskvx)MKOi2Gphj#P z-9pG*JrtfZ^uYj*`?%?tIC5Ltyer}~)RD%Gsb<6-ujoWm3Pi-!IA)8<6g`*Nh~6z$ z6dxW>y{b2V>h(YMB}&;Sis}9QxS#5ox&J#X?*F<6-L?J4qdbKuOfF7vK!=WtlO!OZ zRX`L(4PBQdk>i7>aY>v&L|qNqSDnr{trHa(!_F2LtJN9hx?zh`!{W#+9zL2NrX8p2 zbn+mk7bIaQjUX;?rU#1PnrA5+oyGK?&-wcatY0{bgvL{;6r9k&=d#YRYRD2dK1NLN z3<;Ez^;H0Y&N2Vz#{E>!jQM|1j{m*W*51A%7sZj2O8AO+968 z6>l4MIe>sCo1POx6V=>t$`WB5rn7Cbtz5=Uwk5#ujNF2C2}QDr5Z@d$HXpXWaFuLa z$|{K_ub4HKC7|;GiX{$EOc>v>!%?E@~!4zH27O$0)1wqn7B5doJgt3urKyBIjT=)xt9GV5Sz^+SU zzDo!umX#^qLRwqHfc9}9*Tp1|VXVYLCCBZ#3`8ekumG)6Z;eF%_zd+49|BUw5>K*> zH)zY!se7oU|JG#z1B_Y0Td0Awc9X~V zG78gvehTkX7SThNfm`$L`M|}QlLt^LCC%(!@47=p> zXNTRojyw`_0_x(R_vw>J#|ir^z-=!yyy=*F0&&0}OLR9PF);|| zGmvc~nv6(%=QARaaQy^@X%K)VD!re)j{_K$l0Ps%s6+xaB`N2X0w=-YL_@#k0rez+ zj|M*x#mek3rWs6bv<0#Vdq33IMt z58cAH%9iQ6*>`zV(?cIxh0HCe(52CYbAz2uuQ~AhF^(s8KV_3XY_??0U1zuJbOAyA zellZqNk%bEha#aJ7eocdxWD<1*%kJ=)$MRptfi`ixhdro4P7lTiMgLl z9sdp3CA6nU;g%q29%ki++ETnK1p2BL!1?o{8s=3(@I40m3e=f=tma{Tn}9?0650^I z3o(54>;FRfUtw#y%?II|Lt}5I>q>(hllI?-$!|>S41S%kcy?UCK}*;pE7Y_0jZ$v~Bx~g!y^AE?-?dpT;yV5x-|DCyFjl6-r`7mo4g%HI2#fGdX#K@DkYg)*V`Jz&&7ll|8vqD9zIK0D(12-%alA#=EM8ynQQpT!F0XYw= z;+2@eMc_J&c)!S3QW8Ws8J&UW3k;o1yM0TDXIy^E;3@iUMA_9|T)Y;SBH|`PUK9Ot zd3jc`SFNPGfX`AH!6N(Xsr8ff^JSlv=>Icp!lvv0-QDh9(f;$G+gba6KgzQr{eMyD z*f|#BiY<7?iOOy-45VSY-5|7SmD$v^#M^oz)%!jR8|f}Nqb zSD~S5_@j!Oc9dbEE(C?DxHJP2HJ?mCqw4zAwQvPyPBFi7XvqQL*a8c~IQKFODq!8@ zp;T>T+k@Y{&;UEleS;%RJB@>v&o~SMSeX=ab0&Ex@MoRPW9&^9evlv-v!K zSyskW15Mi{Fr`$6beXA6pD1;&!bk-tU`o)cDsT#9kz}iBA(e+Avh9=+J5V3zfkUd) zdYh&%TlN&`QYmb9<45)_q*<7}Sw|aY#b6o*sJbuPw>WOcY1kIpKg&CG7DCswA>+a% z7Bp;4O&~tKY?H)oGZuj2BnGbWrxStOLq6XPnas#$-;nC8E^bh%?P8lJ%aza!TPp|s zTMztOgTq^g!aEaWSJlL4aj}{ns*-3$gjijIk{0D+rd^l7ou^|KSi~5O+jT>w@4I z0(lr_l&}~^6F8iZjtkO0P7J$NsT9tn9(wla_~iWZ>gUtf!pZh?IpGbN@O1xu^6#n1 zgs6iOk4j}4sk3hv@7|vupS*mwIq*YI4sD>hjckaOH$cLRyj7+WJs`$Kip|yB5y2j^ zL)6_e>e2MhQ%#|fvuiQiI#+v2JepmX@n=F(|1!U`{gjYd5YoO;RxE*T15DnKXd=pR|y88MO z=^J>KyZ;eVV7m3!Z2SLi$^ZXge`g*4@ll?NowD#sf-PwtC-Z*t*ydj)Gu2sFA$d#K zuhaOe)Tl=`uv$4&zqol-iQ-jQS5>g#iHxf%C|QLK(u{8V(xz2U)2haXRp!e@EUUEr zlGJA($-=5zZ4$Mpg;h;)%UDFc;55}Su;*&rd(JSuPe(4`n>BF zvLUL-+t`9gnhF;034W8g(!m zOpZ%qLcut+U6ilNWxRoyo#Al(1;lNQPk61|Rac10%?IROhE`~XBM|Q*oURz1N(p=aAeMtm< zF3~1}2IJ5OGwsK4t@xawP~1O4BgOF@iDjhd0v{Z7ggzJ$eD5L>BnYQyQ-f@4Iz2Enp=_WA#{@`G;D`nhI+l8g zikq}g#Ic>GWk#)v{}2#eLQa573XnoPzEl!7fdv*_E33on2CS{de1o>B!0I_W4~WZN zj)pFpXhuO-A$J)Erw#>Jm;4|4qVBT;}FQBEVJn&P>ce6O|24 z0Z2k(rbsP{E(4iQ2qrIw{{jRU@l-eXuXDM7v>wozssKHpR~f1jdO#=lcpL=;Jy;LO z<`0tp+xcIR;93u*YxK|%G~+?e3z(w33}gGKN-^<5vN>+g3DzAv^z zo`dqXs7TAAf0U%sA$TPY1Lx&+8N;O_{IP-Nf*e$3e^!a?Qhj^Xy3PjJbw;&@H{tDT zwF<2>-T8S70gO)IfB;q!3=z>=1};ECQB1@NF6R@I3%ZzN*HTnn!w;=j@CvTMW~)F& z?gW{qItj(9QgV&aAS(v)v4$Q|j!8_-CB7!9R)F}OTK_c9eooYK$SVa^LyDnH!!W#l z2GvTAgDwj-HiTrE4aTCdCX9NI&Q7PZt3sD)z@#ZSEz_%$jv>5`BST}9QYGtp6NAMO z2Sjl4<1^tnLp+4}5YK#8aL5%i!=w6ILUgz^@(B}YLI887v0#Kh3%F--0Ux3h>4c(+ zO(pQSF@YSdw`90ukjx*{&IG$mBuH z-yg*UcHxXi+}7Rsf#>4bgMB7;`BwCWgCvZ3`LuZjhjLkA0$H7ijVSDZN5B?+;v{>3 g3kBz?PhQv0`dL5g=V_n+7XSeN|2O32HUPXU0NNw@WB>pF literal 0 HcmV?d00001 diff --git a/released/assets/rancher-monitoring/rancher-monitoring-9.4.203.tgz b/released/assets/rancher-monitoring/rancher-monitoring-9.4.203.tgz new file mode 100755 index 0000000000000000000000000000000000000000..fbc6ea9f3a29093a9ba73b937cc0cc1badfc71bd GIT binary patch literal 233970 zcmV){Kz+X-iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POwib{o0TC=BOsbQM^XvweuWN$TVoCX;U~vM2G5?a?RMllNJZ zi3aQjNsO9}o(5VrV{5JFHum55(w-}M7Yc_4`am`%N|tBTKWwoZC=^bGszM!doJKQ} z2XmHE!E%~T`$sdJi*SMG$?rDv32frH( z_nti){tgW`)c(?^-~#8r8(h1sYUjR?2d60$SWuSo(H25D7j%LnF)PL)W&MPv=X``d zZ6SnEfKogsBLwRMow6d22z)@O$deJ836b$pzdxl=J!12Ima{n#Gg9y%V)J>CQnBdI zNHPy1350ua-(_6n1kcfN&VDA5=nk7@B*%i~{qtf>g7QPXL#E^i^+aBf-WEa;7C2$k zFv3D4L>9t@U;$0Jz)3Pf^&JvKdHl^Bi)hwZJtDGAN@82Lu~yR`D5sf#cSkHqNF+Go5UL> z&6u3FD{e3v$pJH!bNoJ3018g>h^2z0q5{kLQwz)3;)1{uJm{NK*b z!R~NS;s5q`c6RRhzuS1W(Q`7vMIw-zb~Ismm39VP;OIQu+D30@lq1R!M*nsA`c*Jt z`5X&*GEQhhWP#@-N^nll1MPTie_I8^F^+5yv!N6iG!HtBoZIy zI34Z;=U?%lK1Kna#|L`=O5o`TT@1o!;XpN6B*`&LXtWrimyNU*AbP~*%%A+@1v)PH>^Ns1T#kClqA*?YmjEy$8II2JlyEzuS;1#n z&OXRRke`zymWo`miur4t;%Q|WOmM>GI+zoY(}*9#unq@1`#X|%E!kAqYmo&N%oQwI zD4`@3dii9!{$My%GtS8?7U5*ZxUg#up_Ikslt}KC!@#-G$>^^JiFcDGQ z-d{zl6v@y?RB1dAA(D&dG#{Zp5mCQfA$`shr^vT7Ax^WwlQ093T|VbzQTrU6lZ8_x z!bd)k2-~mgtXT>C^RLzIZFIiNZ;Mo)@A6ZUUvwlZwXLzs0}j={q^+^N4N8K;=dW*V zlx1`A{ECO-vzt5=SMK406S+cYL=K~f6{$GNNla2fal*ZVH02~Ja&mf3v+qexCyOhd z9cn~JsP`Fnp`NidPu(U$dfij^eu9=w&~NQn*WK=Vw13sa2X;ByH^2hkg;gSH`8nCS zMZst1OP74?v@PL-mQP;m^sSh{Rz`N`3lo0s;t+l|LixF*pPes(My?h)R!;aiS&UY! z#Ky((OMw$fA)79~8WfDj`tA*b-VMwRR)ewude4)hk?}>O29G661JF= zRFn$F8%NSpV~$X-P3PFFjQaUk9O)Y#BpAYlVCC&9qI0=8^<60*`KdBN3h*mf z7|@?AOW;lyCy8GrOTekqH_CrN>qJet+pjjNG|lD?CgEDpY6{nNlA_q=gs+7 zE>8~JTt<}$-S+hZN2VmObtH6|o3A|f|tNgdU)M?7Mg#2;tb8}o@P5;8))@JUa1 zMsM$?4kYD%hN6e1sa0cn*Az=ua>-IuaKYv%H_HvNTp=p|R@+`(v?+pbuG*ZvAIi;- zX2r6Bfqps|Ls z>d*2cLgYi11IK}$I0YoK(}az2GE$~KBGLCy>gdpymM3INxyTn<0+X{Ji9~Z1O*dA$ zgesu!p@!k`tMEX*S#lGVk8z}L@+{pw`Rn0PNy%YSeKiFK^PYl}oFiQq{_}6HG^3TD zFiU&gR?Iq)MbMF&O(?3*682uVAefwWlH*9!jDU_#_*2dDyvCU}RnqrrM#t=*1R9CM z=`<(P<#@naGoR%t?tayvuz~ZInaP9hI%AOW>_tualkx1ZvN0@frx}UpWPvgkySt|> zaN-KTKHC_xi1#CwMkEuwpTVT}GZqJ+K%!z1=y%&V%Wytt`G&!A5=oAH(@+=Ou5Yv2 z5ZXq%wa`=uagxn&g_VZIMB?L|$$bxWZ-gE`dAJ@Fy$~EIBlIw4(K*S@w-TZm+!ExN zh)xjmB9%u=3DVH?3CT$s0T0JgxJI9|oJic|V%K!C;3P)xXC#F^FR3Wpb#nzIUojN| z^K+OGkRV7Pry^q7q^vI?1^_O|a(aOU335%S`dfNd;PbJ2xBbJ9@|z{BJqp0`mt!*~8F_MtZVrOL}1X+ul#bi~&4&n&G`CW5HPB zz|2`8{|_W99FSOYM0TleZ=)AVl18Tqj?VR(Q(si;Bh#dWLq;V6!1tYv7bEn;!=Kss z;g8i%?=cl4v^(I{55T2dNcn4jUVh6-MzC-`?#|qg5uqSKKI9V7AZ3D1^y1|YEsnYv zw|E+Qy0jWX@bygfm^+;e5GQGTCYikC!eLCzBp^XPh!J}D@uM|qLp=Z%YMwKcC3+}C zmzNLSia4WZV7K*Wh1q*Do-uYF6nPTNNKXD@3R_b-r%zyP;L&e|djCl%=2-&TJ~Md; zm7KI1O6bd(JUv+<^dva*+cvq)Gut|?jdMEOnb}WvM$;lm3`+o5IEq2=vlwla0t56~ z&FMeox0p@s*G8D$ns63GS;8CPF2k!P;uv!dM644fKw_4&Vmbpaf`{BRsvIP?w-HIF zG$kQ=Iavi$pGCZK#F=TS^oE zuzMuu;EW3?@&94>#hTze3edksb6K>;T?pG%=uX~coHp&7m)NaS=n zCAs8fkUN5*j}x7ssX&hslA`c$vbItZh2H~D`xp(}o;`sQT8}h(;t)CsDhJKH2j!II zg2cy|=G=vY(Et4R|BIe{{D?v+Afe04(G&EO{0YsX%gdiCu;q9*3~}WZouKf=2SM@_ zC+|*Pd8ogl>A76Su*%I<@Dn+^ZB?8`wi@~gfH>;3QY2|;dGB z#Se$CUYxu|0rbA1q_fxnql7orua;__4-FpN)2LW@a8C70GyCsIPPMD^#V=QJ|Ypy`mqr0K+djimI zW?0M+pRpo|m8b;5gA4jJBT)!a)iGSQxoFASC0Y`xzHR>PtJ8|yQPZmFPMaD^m1&1( zj?)4s$-*jtfTMCeom@;r;^U!Io=Vm0_9oEx&4EaCyLNQ#&&tqh_STGTqYl;UmTJ4y z=E+|pJuc`}jde{#Q!vdKj0uVof>RQsB17Qjjfzyq6!`yXP{x~%69K}2T#snHus12- z4o)se3IZBR7zeupd++DZPNfmu#&>D5P|9u(TguCuLY&6_fYnw{!3mfhNzw!T`=(Tx z=?g8{*&_QceV5w63C{kKeI-igt&kB6sRmXI_O33Z@$Z>sZzDhLqH+X7X z)y$3JPPi9-rQfvPD8hGh>2btT&?A}Viu91bVd)8D!n==y5AQfpH>QJD;?=muVH?VI zgHubcK>7!z>>OuuRtSz}{=nu0l*C4>t)P3OtG^tR{6v>EBtVlwd+DKCEep0PVyk^> zp~v4+c|u7kT5b%vlq4wtj$8H^I+Hnlpq5G-2p>Pzu?i&+MJ&_|5)gK;bMSX{>gUgr$N)C^D#;u@?*5 z+ejl+0yno`OHi@kRAr;|?rcL6OFr~Wz8?ct+L|H znr~<~%$BZrTip;gv(VhB>2*C|OHxwamyNpYe0A7>nDFx0UzaRzxcD8(-Y?!0UH9_M}-E+`Qg1|#x8kcyxsa>kEGM3DB=`M{YR=Fx z2~n1Fra^G)H@92{-YS!Xf=iC9pfTxdFucD_wCX3InMV%H`_BX#3CajV}bJWxWjRXxZdU#rrkawlK2OL%Nsep zfW~CPa@q8haHSb{+Ej2(6d0OLeck{^ zD*DzrA(<8Baxx_!M(ClWJ!g+%Oy(@*M0_gk+COD1{$$VdPjVrBa(3jndF@OsX8eCeiS}= z{J_3ddso|tOHdM$QwMw*=3tNfU})c)QPd|)rw$FP4C7D z8yoZ7=WblIKF(-3kGI`sxoLI_)zB$7jKFD(^BA%5&mqaPP6M1rGb%_VikwKqgNUV4Y*&ipc-ypZaD1(Q8|z^y zuevHgFz(56mfk}g=#&50!1WH6mmqbsN!3!QBn7J^T^r^_&R~G6V9J0l zJ3}4O1tC7e9(ShcqU?ua!NH2u$Rj!78B3MrmlFgJ8`idFDdy`w?A$YD(q~%IrBH_R zQud+KRCWeEqG^;AU`*}ZcRq&ckhNJ#jKE;=DCH-22y5yDU;AO?5*<4!(OjB+soRjU zkYk75U|XQp^i$2x@flX=%vq5N$L8C#>eW4#3kLKsrd^y@s@BaOw9#bWTWQ=eSu{rqq1 z8cg7l+E<08Tu7ECG_k$lAbaSkQ6It(af^Sa(eVbx*oU2Z`ca4{MpJ@bu_^i%%o}v+ zcbuSvO(%1K9%)YHF=9FTnX}Z1B$lx0RN2Hx_H3#^jC4(hFPx%8(%(i?&oQyXr8!>@ z^Mp-b$+{yr3CcZ6|3l1Fk`Eb)K<<|>wVdq}AnjHG<5+qzD-r=pTcvrJ<8wue97v|c zyhuUoVeU@JF9lAlR>wsl)Z7Jdw0wkyC5unz1jS}u_+s`@6w3$esl_2cNMnKss!#%e#QTalE=9^o9AZ*}V<NHcZm+}h| zqe;%@C}&J4GX4C`DG=lE_v&8t_s%7Nud{fUCnLX~aHD4Y*D9)ksT9w1j{g4k?J=6+ zG*09%*n9@#f=dDAsl->s=XDKc;Qm63>Xf6Lyw52x;Q&xsNU9#_X?tpU792^s<3Xbw zaUn+=1XI(AaUnEkW3@np+hw3817Q@?3HVb8ufw4v?ZyWeNN~ZmJ-_y_QrP>uzPy7R zIhx>?6LSFuY?~xmN+{uoX;x9+EySpl0ax1II|?)KXIC3ZQjw}QQRn0%gS4csC&&kAr`(GB%|^6iljq#G`cbWN=8eI2S>JrL=8 zI8c$k>omu$IBcxwT#bXnm!JWjz!9-P5l+3!QX30H?RhEO$`#^hOUz+vR+(bWSWG-7 zGIpb*q8?`x(L-~BQ*JG1owoEv{1drLNd81FNT5Et021$+RpUtk4l%>Z+SXxXrVLFB zoa0mwI1P=Zfrpw#X@>K72}+csC)(j6z7j%BZT1xTjwuJqozq6^VO_ zCYUBgP6BPG(cq-^AC{6Oop@WKG(vt&b7yJ$c*r@OrpD>FGIn}?aMQ8cb*o!fLf^I; zL%ZPbBxl~+^w>^@WnyF*J4cSDNiDYL1(+(Sl}6L)OC@)!*D5B8kUZ#~#%Jr1`WuhcUF9HlX0Sr)Yw%iyit{xJ`sCP~lJ==|Xz!dWZ24aMI@PGNb zF;t7A=x{9>(2ON9mje(eam`pfAS{$7ji|Frg}^}8%}(xRP(k|JGi5e`={W6)0vzanNHbnbIkiq{c8p=;g7U zo;OUG*w*qCNfy?=z-#s0%clTNewZ@OY38_uR<-F#*^4T7W-qU}a)IZFrav21b!oh4 zXUGv2S1NhaZ{h>mm0V5vt^a6^i?mfBp& zn|bGjF7AkV&aqb-WFC{|P6HP$g#yQP(^Z~>VwISkqMc6=Ml(8{B@0ImvjHPq>hCx2 z_mkydIpLnP&@$340hO~oH+B~9$+))#PR;K?1d1z>=q2OUAhAzX;uSA+yOz$&(Cwy> zlgt2ON~qUO0o$7*7a4m7o$KYHNq^@>0V{>w5>z-v;%toj$=2^c)#+v)-N`b5t z{>)h_mq>XXc`9-&$W-$~>W=t?sLNpAqrQeT56y(?PtWa_7gbMt9M5Tbj5&V~kyYSg z#%2VlT0Fbg(q?!7UBNVg{qB zYj}2TdO@zR%$_#R!;Kkb>*l)IW1DfPm|}AplL%{Lhx*2EA}ooz-_`)jU8_HHg7awh zrj{+O1a5r5maOEGjFgu`ww9r)4NE)50#`I6OD?v?nNnrk3ff;C}d!d zH)zLds}d1e4utchuZ!5b#5Nc?!SQ!#vhYHxlwm*|)^1u`3miStS$2%0xyX{o9XJd) zODGqbs{n#01#Fs5``ZruEtd_H!+UCmw=zC%oJ`p7TgKKTl4lY!fmY=^U42E?Gf(f zl-#anrTq9&@`b6Gpxz(c+&3Y=hQ6O>M_10uEwWixbQ3aG=&%rGy;z|)#g zVz6cOZqt$P(3m9beWN*T$!^2B8c38~#@!<<-Hc_w8rXyA`lhm94N7pgU@E&mD9^>t zW__87E4+@aOhU&w&KH5p&VZfFFdTjz?gTi=C@2hd6c#uGq^N0vnw6>$npQ^iTEeVd zSQ(2Qif1KQKiR7}=FOgkqa~j@0Xp0c1}K=?Kb5r}Vw1_A%FmJgvkw*3zo8_A`imN3 z)bk^%K-51Iec;T5(^B5w)}xSz>edNBgyrMiG@*v&N_Dzsr=YS{k&WL} z*;Ggc!xSuH$q2nYI@WL1b+0~7EO__Ca7PhU#@-)cx7G#D`w@<2q_Mt6j?IbXjv5tF z71h$vf34L^^1WKB-$Q5gWkck+JWxk}$7@SVSM!6g)KDbzOe`Ruj%KQ=3(@Upd7dsC zIkk56S!)YYLFUfQlU9w^RwIIwJtiZxxBHdzPVwYU@iokUHFo!wzv$lb_wHE!!bw!Q z+VwAX&F$=tb2|%nvpeQaw|b-7bf4?o<^pr8gVL+DYka`u_#m87t);dJhBDfa%E?6G zPxz4&^h(uKyiYmYdJELE#JEv=R9y5N9Ui|#B#kphQ(+uxj73Q;X@8#bMSA);P3 z1h}j$=gyp0HUk4Tk;`4a;ey8U2zFNMZ;28wrv?d85|I8om@zI$jH1K%f^udlM53ZQ zwkr2csuYzn|1&Qr)0k%d8~e;INUj7;Wpt&l*X6Lo^sAmKjSMGNP`ZYtqYk3^_0EBd zxB}?&2UWcLI_*e5!fIC39ggnGLznKAmuGqcyMoSgHa3?-O988bUBQ}zuLEFH)KThf zqi;<$P2q>(@T;eF@coM+giIcy98PJF^lPQOW)!R6YX@aLygc8NML7EHWJM$Ln=xlhddc|NSI>rb)b(JYi314p))N0$ABp zskkX3nxP`&A}4sRjl#f$25!EaHnY0|tRA6BFtLrAfk##G!Y%aW$vDp5xE~XDOw6Hj zKPv91EN7PQ>F2MVe&+YPLGOkYni|LdtxQA#@>rKtp}x|k1)$NpltI2Yf;)_-+S+!3 zULJEqtx9^riZn*rI13t8S`AmlG8}}%yK&DOThMhSU{m!(?PsndnycG%^hlwa zOaf(TsXV!3k`U!a?_Y`a_!3)1y{h zV_GDMf%rx{4LiPA+Kv)n8QAHx+H6h9=|KH$D2%RuRQyU*_buc(VmW!9@(^6F35956 zpeJIA%05qZ_DLw#q&91yNna25cWWfczHFjM=U?#vXPKr)G34jE3-srHi`;J!y$u?- zh~5{5lc{bIV`1d&kvQdZ%zrW5qD`l~zqjQwg~yfm{Cp9Y*^tXx`z^Kh?>F21X1lwa z&DjadRgk}m>C!#ztR}dtv(`c)Ax*rdfi3yweF08ZxI@yK#Mzn(`m&q+v_WxgXZP9H zHP*I``K zcD24ljm#ZUnKY6?H3xT!1l|*t>l2pG+PS4nnS^F;uPtLHUnksb@{;6Qh3D zJ#DIU9Pr|NcIreYZ{@{};w-P@~C;aRY#Nqs;JPIgF`6rR%l*_g7_$>Tm z=k4v8Mcf>vt zei-eqdwSW!OWD$Km!d+F6h8%sW?8wvz)cL9<^#-TB5^KAjO&w%hGks0(-;+5EdQi} zqob4O5Gt4poQp!aKYnMz9M&6m!VCNvT@1qAuOT&x!u=?Z9mgb*@Z&PVL_K0q_m~s> zmjdUc$b#vNaZ#ixNpv-pp=B8EhdcU>NzkHxwWcXWUcBcrz35>)rx1n}y(i-tW9Nt$ zS!M!?IN^9;QJgEt1PW!wz_2lK6Tci8m#pQ_7xIqT5CX869vG-;VhrBKoD zpO!)Gu`8mx8oj3~UruJTGMK^kZtZyKV{Aai5E#fR2fj;{bu%imX^vyU(Ib{4>ZOk) zA1D|6u^Izn66QeYPs#iQ7IcXIOM5vNTss~*IeS1|#NOL%5lRn%X9PoNDai@Rh8L_r z?E0ZXlsvk@3CXY@$Lr%5Omk5!z*GK5W`Q>Bm(QBrVvp)(1@Bwdtv zgeEDOU2!;7(L!`G06!#onf=L)(djZf+=*nJs|Za_+&IUzvkZDQvMgi8iP#@8h;Ms^ zQF|nN><$rxf^-MLnIRLu2uG3RVjA<{6r6+&dD_;FZd|_CTtlE+?N@H54%O>MIoZT! z>9r?`J#ILXH=QeXWt^$CqD(c!m>PVg!!VndZzVdr10BG?i{+~V4oO^CMrvc=W!&x@ zDcmGt4YbD&O{eBve|ugef(EixGnKsTg%ji#;vkia%}c}i^4K4xra`LZ+O(;c*3b9q zuXi1<3nEUd@qJoG>w1dZcFSfPf_fqJrRB@@qQ?R|YDBFDVqyu1+J#4uO5nuzT-U2n z2uVgEq;5jwsh%n5%Of z7zjF(8GNY*q4EZ)D%;F41^Qmbs8X3@T=joK1mAq3&lyRYE1tYKeE#}{N}dI?sc|@U ziGH0gY!B{HMmxpTkclQbJu4%Q-U%zLvMsGNT&Jl0>2D z=p;HvZ(f!qBAn2OJ$?%9j7fwgc1*ZE3s!coDFgPO1tmqsVjPp=2M9UOqoj zdE2Urkuph{=ElsB&KMVO6p!W~m+NL8yKdewB^Nd19D@+ARy_3cyurN^VHGdC6(a%KHt*nd`pc1O>IV;gZ=$o zSd>1>%$TE`TB?|eSWcK5COTkl)N_+ed-p4?lXCS@ zt-2^zq@Lp}$cdDM6i#kp7WH0vhdQC-6(?`roIs(M9sBb$ozH2!kbG`bY2WXVP7dy* z2KR?m)z(!>UPoT1^Oj^*?#Z$-G zaE^|S->I|Ip96#Uk(>E&P0;E{T?YNNu`<}#XRc}hqi-omVq{1I~gI(U7dGt0|{1}EDox95RScI>_99VMZP8#Sy@++^es22F$vV;cFq`zf=uP2LV=;;;&x=esJ{Iwm zh{p4!>o)>t8yvt!k!0kyrN1{Zq$+-P_;&`YT7p`rIP_S3tgXGtFsw zXh^Wise;fPe|VST@+~k5Hn)~q!jN4cW!$8QLaY$-Pj#=C@Io2_Abi-k2 zmZkO>_*y4H(3!!wO`o+i8+_YeJCu1?=F3+nIfhi%> zqbIVYr*vACA!*PUjU8y~V3Cy*WvLIwgB+pJNmtmJ*m= zlTUnZ?LW$9PBRjPPD=gjEe+>PyP<_qUmA{-RZSvSTOg%Y!WrmFHn|lnL~3Uh5|;qs zoZ}3RO~`##;~o49SU0Ux^$@eeqgRVn38)sYz;(1N-*0J(6P3AD8xol0;Uz=lG9%P3 zWCP*j$2wM_1frG^y1WcNenby6fH%c_OmcL28MfAY4$B=~UV1x33ibfc+_N-cRZheV zUl8>-?DR(LbQ(ii{any#jv)y z)iGc`Rkyz!Ktr|1M7$>i()w|@K)lfY=%xImX{LPlvdNupDJ*h zBg|KzUwg$OELr$-b3a~F1Y12EN*K$=I68ldI8&S<6)0xfSa(d*7~v_VDHrCd9lbpE zP)f=+s}AtWQU5TW(^O>)lRrJ*6|jYN((GOkb&|>AIyG_{B}Gg)niOfIcnHZQ7>fna z<-oy0=MWWyIufi|t$G!L(Sk{x)wtB0rEYi%CvH`O1>vIqOF{AlO{a1#^|$5T37`vs zTshukdEKuL4qUzYNu_-zptE-iB)Rtz@gjQ}w-XM(s=2n<@#$v6a1&MxCFfhSWB{^T zF=o(WZj(KO{!}w*(C^!<8Wj0)6hCm5sWpca@XatXlJ#l070TqGWFvx9B*^EQm-P89 zWyi?UltjV^gf28MGD(JWq2vb00svP29u<@oX*zvT2}**Tbk@Ccm>o+)=dIH0mzkBD zVySIw@vthc)>ts}w#tRMHE>41H;JP!c1k*=ucNf$z_FIa>B6NPh~;+jXF!sTS(79& zuriP*cb`kN=F=8T$Ny-GV5?jff7{&?Szi`{A396ojtM#9F&(eoN zb$R2>A0-6mRod3Qw+)xywWiB`bkm)`CN_;@VHe-KlUL;ht<#brGd6K%*tDkJ=>w@f$VsIK_R9%|El)u7Stnfp92eHl9cwNhA=3^Gmi zP6AdJPC+@giQH_H1W)zpXgq)$IM|!#lK?d>^V-hA%i6hH`fCC+r&nc@JGLQZi_js5 zDNUa0YKXm0%UKRrK(7$mI`C6MZgh-FmripyC@x>wW|l{Lk<^K;FZY^50n5>lT++u& z9p}dP@(-)`a79v{Oo~Cp$~oGq05bP_Nt;UOn|ZCQhb?Tnz|k0Upy=8@*6hF;N#>~3 zdOfuS05%-7jT6qCJ41i=9bbH(gxE1M9eG2OcbxFQlVtwAGSRJ^OVwr7ur`z~s(HbE zytM00Qi;mJ+lE!iBukz{=~OkbDPfg^o%`_zJaVacBUhuZ-s=IEOf#FHp4Qw30IDZf zh5stpF`T)Fr{&g{*->lxuOihNYv)#@=~k0z7q8`C1D!(Z>SO5*V$KrMLpr8ZWyn^K zju&P|X#$v(dHnuddzQ?Yt?(O`XF><$m?w>2hwt! zR&OO2skOIJLxVTDg&fiS&TgM_NS1FM8$VDmloRlvejJhACLPL9gzHC_G^ z%~O^$NKzuXrsJx6iqYL_iQ5}iNf_dqW=+{)c-IC-H^)&-IL#}JtNu1Zu66PhCFFu6 zRg0Q&C2pk)sC22P>4bT(lo$V+!0I0U$gz$xin*LjDdckji$4AoB0T359JL(PnEGsY z#yd_XMPexO2THU_RZd{S(YupZzVPqZ3yxgdBomTPN$>yj-~X4(m4_jQ6nd?0xhJeq z(shi5wHjG0ygdhgwRBuaLe!7t(Dpf<1~`vqRFFs%IgvXth*)}|7B-i=(zI`PhW>4W zNkBL_$1w=3x3ipOSVgw3yK82Sp26;D4b@S-Cl$&D(ZL%SbQ?L``Q{u52&aMu)`v90 zsf}X>Jf2Nw0Q$=;!I7_GC|5gkRWB?ip032$+o-d-$Js>m(462@F9p9XZBP0n%gKb~ zPvjthA&)MA#Cv8n;}8;q8GVgy9gPctQii4l&T%RT*zOzKSr0Xh(hTSE5|k)MPmBxe zl@Mxbv*!nc%4*YLZh=!)`JiMRqpL1Ac4$`2VJc|VdBqS%A5>{PEYDe`X%Z}B37and zK^Ct4l2_5c*VW~?5S(U^wdP33$)eomfZmbw0e-aop@WKRCVVywx#7o z;(89!*3S=h(@A%CkuERr?%kwUyGh&ak&`(SktYh3QNOQ>4EwTPQ!mvSc;~taXjS_8Px)?TN3(*@D$HL0xh8RctA)%}L|HCL zd9e6Wn{HO|g=j*sJcXNM#g!&0;YA?a6%xbN*c#k=~DP$;vER3gb^o zNq9{ABeXyG8+Gt(l9kFxc*@53NSj-NjWT!h6*{KXuAP^%GWMgPhQ?soe{I^tIjK1m zRKls2QB=o^wrGtZ`af)3tq50j;L9LuNqNDxYI;M0=vEaeoUY%;LFL%fh80>qty^i&~wBgqS} zSW4Ce0~}3g&>Sy}tEy7Sa8AJ%ePNmw42^Sw&&z0}bXr zlA%=G2}uD@!}!ruO3GMJ$34707--6<66O^`ZbWLhH-@oMSo%(4>M*Jux<1=MM1%cTh$El$Rj?FWV^@6OhR_YR< z^kQyEBWg{kGz1qwgwG~mI)$#1BGf`5xzKQ~m?qRfIwuQ*&^2;}8g>?@y*_TG{X7(y z#SM1&=1YjbQz^pW=w9>@fIgKWyflNNrBW3m=p82yvR|+$kncC zhD=+OVm~CS?5-1$PxU;1NjN5lMxF z5R(h17f?-=?%e5Z#Sg3nNoit3R6D!mA7!Lve zK1E-cadp*{qMR|IRuAxD1&u-XsPd4}80`!OgRrWHxdH94rwD8cYwAZam1w!I>tRg2 zK&Hd8_{0NYdiMKcKTD0eb19GXW9BDeYYmXEM;d}R`CO5vujVCiemJL0E>cO11h1Lg zYd=n4&NWPuUeKJSa`^m-)r>h@yM4$=PGN+Tr*h}ZEv?P)Ww#*EMkW@hbpBo^zJraeh)GL3H+~zTqAgWT%hlVG7tYGe zWb370O6WMp`65WCH2q+!fVbu_9DW_{1USiPN?a!dwQ=o9Ow*sW&$%Ph+5PRfY0n8x zO)^vV9!jf-KYn^^9bHeB^Wv+p^4_|1@@|a8XA;7df%tS7a3~zrBleZpj?kwq!>^>( z_(v-5xEUmDGZ^aP-Vg>Tm^wdHCZua?PtHK2}Qk+ACb^k3#g|& z{?0U^JX5AA`J#tHbb0ylBMOxfT)4ytP_v*6cHRLmOn*k@3V=QJPJ)E^h+zgwQ33Dr7 z;JhEhqm^T;Hca3|HBgUUv#(i9Mrd#MtA=iW?@aL8 zeb?*4^(cCoQqhrgQLkt#`HF#;<7`eU_HyV^Msl59fImes&5_6nc`UnOoTSXG>fj{S zcd25)XjcTodTSbH=Vq zbB@C^C&CZ*b=qhU9-_Biz$%-RRzsTP%wFArcm{cNovyo@vj#tC6O~knElvgt%sH8l z6BX3o=f4HU(VTc5>%B16ht9 zq-mZQqqLe{&xU~pQzkeAeejMxoBI(v0A)(G=uJOYryDoX((s`?jC+s${$j)gH` zZ>*tpE8r-rZH|3tY0aG1s7kldYp@!Z{Fxs^4V96>w&iEfLWI3zaHL<<_8W6z+vdc! zHL*FdZFFqgwrwYqWMbQx*k-@^Kc~*AdaB;4^Qk{{Rp0l%yZ2hxy7pSX9y|#_!&NfM zp^>eVevxHRUo#{iPDd98bmv$Gp(iKIHY2pKvhUi!8f#oqRs7*9zZ6wDG~(V!O;I|S zORQ=z3AdpFBfuJ{1}kg8FInzwo3Cz7xn8#V*LEB#`K0}sN~u4~kD&t!>!zU0Y3)i8 zisgUscxs6_t;k_6x~<9SQIpT|lxFPAfX@laG*ozr*ba_KIwGX0D8&e?ftMfXW;0Be z&+^AP9Th|K(s41<(6h1|bsht(kX@K5$k2xSxFfdLLTY-BM0eZ+a+8R9aOt#MNQtw; zuldgrvNWT%VQ%iiWRQ!n(<7Cs<+t^-7w1G;1z@sPjgVv=KQ?IqTXJr+7*dUxb6~`d zau#v}{mC@3iWK9Jf_ydpVpllk@%s15!_DSSRj~H8Z1W+)Z*qTwe~J}zgP`dtVcTIl z@U@A00csyCdi3(CGD;VE=OAvsvaYv#xe)$9JN9sVV;Xi1?UBBSen2e& zq2If{*$h_*Zcsr%d(#d#T?03U*Sov!7WEYhjNWiGq(D1|%ht-AcahvUqPd_OsoW3} z{Ef6Ui%@P{v_#tH7;+NF@L02N`&-pPs!iE}O&>dHAYpm|Hv$4uSUQO>hcq3?4G{p3 zpA*(vKhHq==XDex686k85tJb(OoAI?Q zCgf+`{PXBcmj6OKjUQ$kXT)%W<;!MM*PB)+aK?=Muhg_?0>z4j@#`1S)zuXu-8*pY z>TCP+t1reJFQ*)%{_)m0f31o_17zTc0=*cmYBZ11COYXq)&sdJyX)Zyn%<21gi~fD z?Ad3)v$qDA(0u#T^D+ldN;RtjdDO6zu+!CJ=tOGo)N~sge|`T#fgiQsfS#8iC-yWFu}FWDL9{(m?E2Zs&chTRFY?shj9}Qmrv7Uj8~XuFyKTaocC(mhqkE z?=I|%gk2_pEZ2S>VjA6P}UB06;OT zY~eE&+mN0j#UEdivRGHNRyfDGT)^*wrW*Xsa}dLV14`I>x?6h1_p0onk=I#35u1YX zllFPIs_#a6Nw}_a*1cniW}C3`UGOgxXu;>>bPXSxW{W~Rd4@U%dI4U|zKI@#!ptY^ zF|jsvq49zSmoKf;J8ns~1=-7AXfDFXWQx7=79!t67CVy^edtqTF#M` zZ2+6Itu!7ln+4-?$1Bi^0e8x6-);j#vI9K9W+jLQK4usX9w&uW)|44>w3&k zigcZh_Gu{yS$!Le^*Hk4$D-Io-oamzrhkEYFT#5v;N=5N&ZQy{RylssB$@>H(Kr;^ z3O41&aPddDV-S1J?P&(@^mRDo@_)TEpMS=MQma8x8s1ZXeeMlCRui9 zvJmzfqQ*Ia4y~t60rmxKiKIMC-W~hAy~{8;$Sn^Pl`HWhH}bqrLd`DauJFi^b9D=7 zc1*l^*8baMXMy9)QeZvg_jofVGo9tJ;a?e+4XiOzmz|}3GN48Ti9>8I0>yQY^3_jfw z6BYC2ZzjEgqQ8K1U9_9(ciYTH8TMbkk6M*f7Z(D*va<3d?zXr@vvMNu&k zwPqdFQx`i%x|_3QrYGsGpRJr1aDH!G*boGUP#5DkV0-5{fZ18Q?)Imbb4lKlqAYf# z(2$jYF%dPqrk9edml0i$lksA4Rvx6#H0|&cs>S@OZ&V%1S5H@8!YXs|?H6eK{R!`x zx(#eUUwTJjyyqU%Lx)b`f@jSuXhFjz3FCHw5`#D)6#V8Mk<^tf>9=5!7*#T z`*e89Ecx#2WZUG>XXa9W9$okQ^DJWP>A%%>>m$}a)}^<_W9^{rySoL?2P2UG(f69f zM&uLALzXvAglnd{RW#~Kjp=;{-~8QABJpSx&F#s}dGYjC%S(WJN8sKXkCK)D$90z) zDfbO$u7okqNDWK*t!AyhW|RJB`_CX=(NdP>UbUx;b4ZL#LiR_B4T8bq_8AHntI7s-Ey1Z<&``7x%E&aeh3}{IS(Aw5g6N^jjE76 zS`(U^TWysU#u(U`sfeh(nDpf;phpma20?JAJcQLPrL!ia3lLIA5IWxbKa!WZb>OK? z9ZN{>sfRZ?t)qWo%swIqikTqt#H-p|7C0H&nl+DSVfMt@WKX*)(UI7~u*QkmsSQrM z3yR}PUt-);yv(e#U-K^M8(n%UaS1aUz(qa&bG}u@ks~9oNNV!P{c^ z#nMd3~-Q1ot}vpCbe#_SIp~EWJFg3+~c3%%Q+- zT0EWOkJsEDBV^uz4pf{824v39q(cXHMAo19xC-d%z`4GzRsD*QS+4i7QY{Uoo1F3% zDPsjqFu33v_fUJl z&y)QPU4Q5FsZ=epHK~|Mj4oquQW)w&z)|+}h&(GSfKM;?5&Nh}v-dJz9^=;l)w9^Z zPMfxp_Y1h82mE&9%fw5m2eq+4=sx-o5uc#cK7lue$NE43Ufi}iSIk_IX&Ok}Tv2jF z>_qqO;UDPn5ED(q4n8~3T2aXJl1IHa#w7vsxT-WnpRtB$oakc+%hlM`+tK9r@iT9%Bh%hwhwfc>dH@)f)LDx;JQ9z;QPiXm zf%b#fu%!`CNKe*ujLn=PJ)hgD(rTpL^psa@q%LGCmRgD>X9mVR%KStI9Um8u$HVd) z^VPr|Ltt8#N;eYFMPh3Q+;R4&ZRj6ML|le&t@sq=KC}t`v)2-YohugUr>iOoI8{!(gf^hl3Jf{7+-ERW)lZ@VB0_}-j~8@)RT%z{+svdFjm#0Y zob8z-jN?R#!(cgbOf!zO$$m_cM?DwtgDLp2O!z1{c8@cH6ZZuE8b;$TO}cUb3Exwl zZ9y9Ty!-@U>j+@X+K_rm#7B1s-0HFV2+R2fBlUa$=;FwLOf8@nCJn}XtIb0961P& z5SY~LGi`Z#xHTw+R|+pDg4J28?Qm&J5Zz&4;G|n%$50oFrnF;fuXOfbcwNuJYU{-U z0Q@Ry!E97LoAFHp0!W+t#7u+W;T#=SZCq*;DvW^2y=hd0Jz*Nspcp;R0UFNrF?-e| zgtM44>E!^#I4dD@M%~BnQeMGl4=)8Si}Nz7ub??n_B>f&S>2--Ui5&;+5iUpPUqyV z@{t17c{I~y=e)30SbIyd*MC+I&vW@7kR{QY>|{E77w*g6-W*Ui2)smq?t1>%vE^IY z2Ts;fzDDSy>aG3>-4D%CW(=`~77N-dY#m9g-nWg^KSJ*8b zsqc%Mrh5}a3y!kby5F+KKs%;8r{o(vTXq7*n=>(@#aj_2~+9bfldG1sV*azhNu<}n<-4zq3$l8<6XtI||f z#*$dO1J+0o}#A7I-_EG9c@d|-Zqg!JtQON zf#dkQ)#E&$r)lHcAF+g4$D+1|Z#*o1vgv)4P!7&nCj29FIc52ss+#%)NC_vZeY8CC z6QlpgqysReZMW%CBM0Q^gZ};5fi-52FI|w2YKE0lA8HMZk+og1DrO{OvwMtuJhD$F z={qXp1?Dxpa36UlNWZkwEy5!U5;B-NimSjBQFp|Oi-Z?UJR8%SdEgAk{;6Vu+kOy7R?WZJeuTZ(%tbOW@fXoO42k{$=lht8 z%21?HskD>pV9^e1SOQaQX!r?Po;-H9Y$q!q$Vbl=kXBkc4rnfcY&C#~?AvY<_#~pk zYh{lOPz_xVrr~uaAua9zhvba&*kvN(iNCaPrG!r6s7vudQn0xh1R#kIMDm{@ z#JR+^rWuQMMIa&CWBvvg)8g67vHS!dwh>CoHmyZx12d!+`esB7DGmReF6qeGdD${9e0#60lB50HYD=PPRqHi8B?uv|~ND%|V{@ z%IsLoNNzXWgZMpE(uFLCGM>)Cgt=1nVW;~f<#YOT%`b+y{y6IIxJJ_ho<#eSO`25O z8XYJ|O&830P54LHcWhBO3UjCM{!82H38t_Cd=1j4ea2C}jP3sWR(yMAi&poob8YlQ zDpCZ$6In$J%1{+8j7ughc|=UplexdXyExz9yWVwRulq*=;A7Lr2hr6fzUoom-oTgd$BvGt-2`yw=P5@(x4~W7_}WgxS=-8= zBKujg1I}F>BwafB@Tk$E;D&or(Vi$Hq(}7Js)CNjVPh;~`1NdliZ4lr4^fk+XKoA# z6n?Ielt(1wsGcA5U(ke4-E*4oRiouA_Zg63hRs~Q0nU&Aa(bLlPy7+_;=44u%sr>J z>b;lY;@%=tlsVg8XZE8U)HvqFfYwBC2^5n3Y^SfzeSeLIGs*b1IXEJ(y?$KAAw5aq zsx|#h4y9p`uMXZuHHV~{ZzLOy`k3xGcDUx$lK>OQWdPxsQ0PzMdE*6BChFxKE>KL=(MMzF}bCzk=nkxyQg&8z&nb z@O6(-Y%4)jx}C)UEFaGShi-PajqgKPS%(fYX8e*HzzcdtJ(mzS;n%9wNrO>U48ruS zUd+M$hGwWcRczeCkxtY>lkm^;`#-lGC|b8Gt+Q1N&PNk7?`xeQYuau3<}n#mcM z?)e1P@M(+zwT^!JU2&zw2(TogIfMEbKO=2XH=daoG=ba`0Q|c`^dD84VDIZy=za*xjS-vPH+g&wbn-s zJ?PtqC{yA_{_0vPQVMfKAXgAB76dgbh>d-3L7k^9bnInGow!SlE)ww9&cx<0?x??z z^m;@mDt|bzpFlNL#EOc}-^RlfEf2~?6A|mv=2t2$-e`26igyJ|@+`oFczJLU&8I(a z&R`uNO^u%2C_2c5Hf!oSlE`5|(R^T#<~^AbqL|t}7Ra&x(#ir3$rRNi;!SQ~1}crGX%vL6RAciv_foC5*u16HPj9EtLF$J+$Q ztb*1H06mAG2Y@-CP6GJsc6|x3KU#zMv`=)W3lr+-9t=MUzGeOfmp)p|rT{MCLe9Ic zT%wGfb4>P0MhS{hw1gMP!PYdzOO*mL#|9ArLU;d&gqM&HxcZp}^Nq1g0a zP2aOy=K-_gfZbgN6Tk*e54Y?8Dq4g;fZh!MX}Up{mD!G?`pFi8#*X?);j;G0l-j_( z0(X_5t06)I){BNV)RidlO?}rX&Ectb)hph^gB{Om#vR;%wYmlq7)MoWYvJtJ~=Sv|A3saD{ zhRsGwX0ok6iZo|rkzd)U*>r||ob5ZLJns|4heitDJhtUVVjbG|%Gm0awk|ZY0ip)m z^=nZFGoZo-juS7XIklG88P{Cz^ZtX5u%B%xJu~Be%dU^!>g|YMqZnwt1y()(ty3y* z`<|ZMuMYZl#+wK~`+V8`q!$QqH=V;B?46HC9v|I$Ok5FLwT zdfbW`1f?ovu1sa_Fw}G&4vYhx6Z=e$$-ljIli;`S;fZ7M$|9`WUM8Uz4hCNmI`x)u zhIAVtlx-ZRj#c%uejUTwy00q`iwevA&w)>IK7tuQJ``6`{(gjeK8sT0 ze$~H9yY-mhoF>$RS*XZ76BcL4W_ zq+6vy8#Y*T%KUkOn)AnC@+yq+Y$Idc3`#S2?HL0eoUQ&+bgReDf5XfeT(RG1riG9* z+&1;B|%|EdeXvs>j;-^`Qy^&_C|PB-jprx}Di>0C|@4vJ98bF#De#^-%XIM82ocv?wRL%vw5M9*18j{ay3o zBwSu!3)#4IB5G)RxJ}r*TPD-3nboae{DRCTzqdeEGjMB*d$nQ>c(r{D=u0u@e*|lp}Bimy-GJLs?Ipf)ZAOXsA~6XvJ>jlKoYcD2G|8qd<3rYwm$>gbIj$x zp96ZoR~+CU@pKlKm_S_a>ik$&0ri!WTXoIGx$}My`e$X3qXMP?@n<0#Zp%1D zSCOAPbG`L8sV#@=gxa8dJxB4t6_l4eh8x;!)oHzk@LOT>>iG@e8^cRq`@QfQV9hNc zDCqrVr|qu!1Q2(m%1P@#l{S+P8v58q!ZF=nnR#9Q>@Ehm$-LZF0&J!=7J(c1M=G$v*1q>`oV9%nI_w^3GV@R4TJ7Z$45%8i(8Q5l!0(?Szx;_xx8eb>`^0KRJm4mzV`9bmL z>xJR*%<6flMHGIxNxB3w7z1>?1{zmpP4|3VtLIkD0%wZBT{y4wX2I?DKVJAch4LV_ZG8=69_nh) zE`ID`J_gosZN*3dWJ52sQNC&++N@665qqsOhiV~5N3APjTQIId=_yzI`%2eL=nkt+ z^>_o`Yfkj92b(Z~RQ1H6`pcK-C)%14_ zLV0o7CSnY0VZM#F+j!%!E{)r@t9Y3TSRoK&s9TLFr&@1gd>@v@NKT=?Wbsg~SpD8A za)P~~%S|O9VT7$;6c4q~G?CCyUbCOVuo#C_AYs(e^Kb9I*vi{*f7Uwq_!Zu+{4$Dh z40LekD*pr6-01t>A}M77u@qvPHO7J@g>K6lD6IyZZuJxDMlKxbh^?m08?GQ%d(-?P zx+@4S;M=e5*NV>vQ)LXc%CsQh4N3^|RA0qLLL9@XE`i;Yobw>}R&rx-Lg&~H?EaC6 z2k_%dTQgo0{6oJvM109&B{V@h@pKCC!1%@;CAR0ejY6nX{H7-u%h^P<{`vzt@Z5Sr zS_<;3ty>&EYpe_n80f7f{q-Jfwq~cCI4Cu^8fm>X13K_{U)tJ?7f*IJ{Van3pIe2* z_BM5k1GaW$hrvyxoHl1~-X)a=+VjIdF`M))VLkea?0h9NGTJ-%m$nBfSH&T{jo&L_ z4byVeG9MP*rz+16W_pINkHTjdBt7U372pvx^!T5vuO2nG&a>AMs?IfB#de5X+B{~L zX87)he(I@T(QMT;1R|czr?iRXszlF4(>kZk)C}|jYVTdTfzn!X-{96QoqV+?B3@S@ z@Vndgzh5jZy7KfrJpYvYG3uC(Z{E(ukfeDMCJ|!Eli6VMiC>wZ2qNy%t>}cUUqONd zUJ}J%YS^_JSE?%r{YooSP;=?HudU+c^gJv~3L z>_1}tGnwM-lq2SF`pn38k0tJDp86Yr@M7@}a3Rq34D3iL8vq*2cun2!bjSULz>4s& zOB;+z{1v}TC}$zUh3gwMXn$m|w}Z+d(c^UbkQXfIoce_SyXd@`JChdS);hbVP}fFD z_@9t&G~ffA#zRm|C{~kJiZ=ffm3G(kr@xBb1H$;DgL6CrlJ>57YJL9(>8dJ{Iuk~9Gn zFHm2Rz)zy-d4+l4O%EE@LGVkeFo@GH-m8k=rElqsi##I zlE&jCL9&v|{-cQo_ein?`%1f}Bc7@kaOVg<+Fi|%T`FfNtX0Wvb}Ww8w~4Wgisq2! z!$dVeal(VpYa0mv$qZj2h7dme%_C(~KGMb;#4AH9a{c#*h5cX3&>}IF>QIBY9+BAh zh17lZ4kJ2=u^->hnQrdh$GAHt+Lm^CXT=nbN4Y@>^LMN(Rlhtl6R5xWwc)i&xm8MH zTw#c74gtx68bu2}RP{ERMcIaH;g*^#I&6d8_~sM2H0rfdkn)F!=z3oH1^jk-CH+XD zi$<+1b#~7Y-n+lDEmsG)4RQW95Z|7h53B@*a(g?lCUFeFQdMQdrds}SlmiMreSLP= z;+=z!+&6u}CGR}cBt?iRr(TLRt+{t9Y?L)+acmU(_U6b-!YAbiv%@+F&!+KseLcCu z=!;43inrQC-R(`*s+{clIXDPFLqkVI5BRZI5=|tPvWqPqTeI+iGy_)aQob|-?ZkMl zDD43P-?H#xXvpaC~XfN%zeN@ImFr;X@+;u1eY=eu=;GHGyQb?BQhcVOe#Z z|BJ?nWN5oXgizwK;5bf1M?GHE+d1&;!ijC(6r}uNyR>pT1Q0WNjgM!937d>uS=2Vmt*)$ z`7a8Jx!vnqoWJ2vg0q3WKIC1h^D|gtFlUL0ate$0LE#WsV%c}Z!-2#Hb@rD5wg}a| zrWTp^zhl0bp85&ZlI$nmM0*myvh%pBd+5?Frn8Jgy6{+Ae@Fa8mEg=|V8*L@65ps| ze^+z;a%)Z3(fO@@!5jw%x2T@1t;@pYkaQ{lgHwXSHc~>g7$*=@{8Iw>RwR|%r)}aY zeF%d~=^5k5vqn8Ae1i5My6&MGjnY}{q^`^vqs%>A!eZn`rj{k!Cx??D*g1mTu=*@} z%6dloUb5>qZ&lKk;-^roTfD9(gFcK#o=L&bQd9B<*{8ZF>uW#=D}L;-GioHZY;AKj zUU(X;VE#8BcZiIxn}v;>#BA8WUdeR=lVNz8UeH1Zk6jPY{(|Q=T^2YxS#!1QgxG?= zj;i5al#jN+>cfmr&?6#Q^Z;1ior0h0w{RlJ?G|~unWAHBOth)f`N!L+Px5Z^0!PuJ z9mGk+6g{pBSafj=*iD4>)qk7Gl#AhO%tsH5!X&$NL^1rM65X`kS;m!{*y7qNfw^1d zlWIF*g+1rrnB5-1mU%nz?~7WQTUMR!dFx@=Z$bCEfr~2g9S-2O#aV|#msuUYcg_=e z(cI%%F?T}cw8po`GteS|zRO%}^LEOkdcP3c=t;2L6ioZ;Qo-0nmwX|IIww*0ZzyCL zi~ixHs;o9E4ju{SgmUq9N7dWD!$>$;gic#+ zl5SpNFNf3bF|yOSs^Y^=FxJLv?j)kqyh;+u<&_rhwP1cB)p8xxoBxToE$a@QR}&$F_K@<3RNIcro;`WFSNzvblOTRS>6{_TDL8v zSVvMTAECx8qLjr(w(!DHU}-*EV^BrEIj}A^1#Ra=u{ARq zxItag@O6LwycL;$;V?3Vn=+eR#2J2SD{`jx)^p<~UGNd_ajIz6g}qc;VusR)rKB!* z2m*il7bkk-q(5CKBBSlQ9OsUg0kXPACX$qt?Fo*(p_gLj|>U1_iId%qnK?S5s zm=8*7n=&Np9F*%2^l^m9^!5=QU&0Pzgoz#6sxO9XV)R8%lib9sT?hk@HNuIq5KT^+B_Q&WA%_aFSck3_)SnYpe$k|W4A zlqYZcci}P;{d*~QybW$g4qT(71>u9kfP}o zED$J=A9}UCAkjSEcsGzDBlT-ggGmeWSJhp^yB%y+Xy!9CU<2WwPy%N@oY_xw0_=FIu0?49Uyo^0)LCtumTvgo&@g;NIZyrZ+>uF}1)tWP zp}Qr8F}wvzvwp|7sOG2`lkfpZ)1>?tem}>n<%DLER`Jx}#bXfDL5#^rZj%=Omb8;% zM0CVXNYl;!g`Yc)@18t~QvfBu&Nd-fO|L+Z+ zyQgr|W8c-(>&ZhIZ>jLr!)(*n(n&<2bfn<$OZ-k%L`eTM9sjhad$2Lc_z6-$Vk{xX zEu4k2K;0+G`mLWJ*|f?aTo@f7yDkK~&3y44knN`~yIm9npLSt_>qbz!E*iVvT^a(& znuZyTLt_=zR_{eZ1+@tCrK@HP77m9%T<8=-ITe3fM>1AXplmNeS* zZxspWbG}UF$@YQf+%n6yTo#I0xQz9+;W2;&J32MI->_MxR}zZMJajEtOqOeeYL()5 z;wM`Kj8Tfzh@1N!PYDZeKA_yK=-OwW{LLj;06AcL4lrr>1ncRVabQe5*BL>_yH*(VhGjAhqRn-P-4?ky4LwBEEXX? zXg*n8MCun13?4jKH4>lMD)Nj)YPw6inV4r}=!h%#Vf8FfH^} zox%S$m=A4q+P0>)LK{(;$}0ALN6k#%qh2U7C;;9x(Kgp3^iD1|!C54X(fqNP6TFwu zV0q~j(|Padh_^{87F88SmpoL_&e*1|@5ZBdi}uu7R%XwlQ(l&R^a#40==DXfX6ujV zd!H+(XDy!Y0Gp+wXo8bx${UnMe0tE%bSzGi54E*SLVEoBWED1_*iv!cGb6LCa_(Yd zTrS_D5j;v%6(k4FLR0e%l+)a4Huhb3U?7Zr_{-yHnQfthRI{Y7;WV44yT%^PI>1y! z!QG^2h^nRZMWVj^YY4}S>^Bm@3a{TmLKCMX;s_ZYk7y8(62d<>x zzX3zw&IKEfp6TclA)bVJ319orD#&@e;SV(dwovIxabk^z?S2Ce*Wr>lYEIIQTK`i8 zC2Mygn|{uYBEG_Xjv-?)qDb9+NOBjU+?D@||G$+%_Vc;b96Ni$$gH$=Q#iLly{tnb z5~b+D>7b>Plc?%ED;nx*&Y?N?+p=hnP2clvB=5y?ML4a(2W?{%gt5L6P-R@h=8I*C zi554{FVQAqK|~h9f>Mux1KQFZ@?2PCi=ycrC&Z)!kSJw*Fb%|GFXuYmhC1L?_BfgU zx;2Y{QT+9iONXA$jh1-Gp))@FwI$}hJ{sW(*DQmt-C?4cDV!2mZr9l??$HX|_a_hh zh~A(HTyuJ({K2TU%y12&BPajNY7)achX;PwBdZ668}3c|jWFd zV@7(i@W@}Uxo$QdN|Mohg_A2rvm`7lWXfVjtR(-M0X?Hg)moc_$#*0?N5<-73I}b# zWxvqE3UIf4uqtq;ZK&sbwr473M~aLP=VK|?Qp1RkkuR?v@~HP}m_D0ZqPE)E3fWit zLZFm9pRB$MvGLa4AJ{5rr)7hhx`VoKp*c>Jkk9O+l2J+Zxyvq%AXIc-l?fIc)|FeA zSHJiUFT=NM+JtV2gcG;1&Z7#<_4^-K+1*uDb z@uSGA{L}frUuukqD#;`yITg@?w!gg6^P1auW|WRTf*MWUq61Dd$u6S#ygkByHt=1q z@(*o~;dzdZKFu~FBF&(`$yaKX`&|B-w5>{Y!IS*gri1j1U-U9mcd`OmWqb6{%>`%Q z5_U19^`do=T?SV02j%$+KU;&9ypm5t3<*%3Ya0YRzmpKOtDY7Wl&7gKXOD`qm(84wC2UJQ_{op|P8f0RJ4wlXNOon}m)HF5isN;=P=>rr4 zXfxMt`G-}4?)yi<+FXr1K{vtLAsw=OLG11en~wuPVcXk7$%H}5wQ!!{6nE(Cf>eY- z$~uwyD?)MmEx}*6gH*UMHYpu&K^?xAw+qq#y*!8SU9RcrV?JCmi&%|y^-mCn zwvZJ4+WsviNQSohi#*k)VvITD5{`<{)}UEn91JRUk@5i2Mj!NWL;={zLVp=)T?cnP z5{UH5_x`Px0BmF{GFL1V+H6=mG`=3F8&zT0UD$q=Q}CN)tP<#7C1k?=3jR4)IJ_x! zu)Sz}S}-74>M)=jrvm=+2*V&*xD{P6S^wQq{WIFPM(khH7bkg#`?UkYSCbFn0e92< zV2hQz?rJ~b0-0B-L3@+p<@0-ADNk%Afqa0x5Rk}LJQagQvHq|De7A|Gd#&5sJBed5 zSN51oqhorzE5q{T&?o89u_mg)jACMbywT+J?plw% zxOCsl05y*Gf*!V7pp0etI{|zWLe0dGl3E6uYBw9z1~O*Rkj}$FXF&3=c;TMC4c&?5 zo3+?UzhEfR%(k-Tmq7EwB9F=MA1xK%0pZoyl^$)?K;OXKx}n!{ z^sV$%hY$ZW$u)41Yp#?~yQ-(wBw4V7r5Q(7TdEfIvqzCHKEm(wg~03AVRYA+SeZ50 zM0m>SR{!YXa0^mg*s$AHQ&SS>)!M9E-1M|Ws`qcA-2bG^nUa-J`m>$gTR1b;)bR}A z@&DE_=yd;E#}v7Cjql<@`}q>2nre*}CA?W{E#Dbz@Nn}qPFMItI2sEp?HMDh=a#&q26j zL^h6@N+9)ln1I{Z|2A>sC4B?=Xh|a=1{m+!ukU5YOUKGCd^RV%lb%dkUJ;Q3)0I4J zr^AUJa&RzNSW1Y8e=wVxrPj}P^s;Jh+}H zaI^Q3^OW*rWD12zLs<$3kec&}ime6>Yl=T^z)fA1kc|En{{K3;$5VexZH2G}?jyQV zb02T@NJM)lV22h zwMCxwcFYi|x;BrR=!18JLpH<_3AZpM`$>f;%HI6?rNo}P##Q**ou`%-Eja{HOd#LL zfFwLkc>X>QC=9OZeOM@EWX075ZzjDAoiHzH3w5dJsUkPH?2$-O?T3Fk=g!i8)Q>1HhaSeiltZJ z$rS}q$!l`G&(vrNo2}vg68_)kWuTy-V6?ve{*i^WD2o4+%`M|8Fh1H@o*bbYX8$LP z1E82);tb1u?owmhURm*bYmmX{=Y5f<+XJw76~9y5-mJD&8{!r%L$t$HYhQVj!V>f% zY&n{u`4i|FeWbQz4r9!;MqSquU)zH47_7!NAt~WioZt`%e!l!x8>m7W0z?5My95cuTxpSK*F=nwpikVf-oPI%cIOJm z@k`9)^#p;y2Q^(BG$pZp_o+h!W>@7oV8a~zr~kCX8DpRVm;VMSp%;Qjc_8Wy@@~OA zv`0C$Ok9}EvAs8R*zU*W*PP-j*e34)+ANRF#)kqKJJaYGnO2d(lNM9jL6yPE2BpYHl2EV z**8Sws#i#5;J{%Y?N?z?aW@wApL*^!^24haJ^>YAy5hgvRAC0eHj%KnC=+|TFJI^T z>(@;RtVNQuJYa5{$gaPY{gE2n^EoXn=+v3O4GpBKjwoWeTbt75rH_nv=JfyP5nKlH z(*mjM7U1;g$1!kGf31iId%5c~lS(flonV-TwvJpldXJZ~$Bovx$@ekJ+*Cm^$U2pz zPK51?e{>>D_wu%2x2g;f9|kGOBmYRFatvRe$$mJ%0&Z5#B}NAHrc34 z(r)RB14zb_$yxf#X-Ri#WC^s%7Jr!kDK_2#GGrBJ3U7w9iwtb3%N4+I{tlCmA>an8 zQg1_<#u9ZM>hyt*V|^!A!@~bta^=>9l1h4b3MpV$XaCj*EdGib!4>4tL_^|#4xa`Ph|A1RG6{*E;g#LSHI1Ksd9RjZ!@8h zt`{XMC?>ZIb42#&{D?MqjRqL05R{L7jmAl#U*-USb2XrFJlybrl! zIPM7%e%hGY64le@(I{>bx%_;?>6*Fj7r93EhcVp;#@-fMVPWP+^jMIL(ly@yucz?( zu@>tC#%eAhCb%0d!$_T#i8D-+z>Tpw^dpNg*329qo|9$9K+;!uK8E_tT*TEO2E4Bm zaiX#MU{30@h5j4aoo?z}{T_eGQ$N>b<$|MtxQj{$Y^egyH=R*W*rg-jxKV zJ*j)sYv{r7{={}_l*tpkOEy5#7grKX^hhbq&5@zZ5xqbZ87clWxslWEO}}n`qX1Hp zQwMWWPDkI%0QxW$7pbqcVHT*_B3S}GSFM4=ChxwIM9Ph_?y~nN$^j}j>trc}(lV0o zMSR_C+z-b+)By4sKr$;XN!%NRr>Yn#Y@ptu9V z*0WIrPk34BO-y8j!*LA9C+Uq!oPAwQOs4Cdx4kV3zxecCXV4mdoo!OFYUSVR9HJtP z_KF3m;P11Z{U6reGAOP^>(<8I-6goYySr;}f(3VXcMT4~gG+Gt;1=B7-95n9Wbb{> zKJvbGzgw5CqF1q2H9xvx&N;?2=2DT8VwD6_5odky$G8bpwZ|$?N+it4EvG*s9@TL| zir)wbQy~b_L^A$$Tfz6e!hg0APR>!UeDbZ2U?Jb)s*P*04j!u4jNg8Ks+PZlW@pe9 zd(&&Jmw0R#Hy^guRX&YJyeQM%>4_k;-A^*}pktdrxDR*+Yjveu4WLGIYQkYmSs)?P zW-cnYHx#tgp{WT{Qhp&|?udEPmw@0NWZjuTtNXJkPyH4YbcrFJ0t&*?0%H(o1ERi!Hb?{|04HxjUiTQ zWezRX5q%XEZ-^@vd{|ldTToc@A}qm~u%i8kpn&qHpkRjl^7<|)R00Hr=1BY&)&jP@ zHjD@e`x04BkFj6o0965J#N6ZVx`cC@I+q=M=Z~t);_{V2Xi>Pii-G2-{JknexM@HV zFM~kls`WhEBQ4#CQr}XR-bw?3niOsuNu9TS6<3w95j=ku+Arb;?yaMKlqCmFi zbj%Oe65tRz+7!{v_F{(_xvS|r)pxlVh-@i?5gT*0dkH614=8fqHN&>qq#+F}x^viG zwirOH!}rDC{^4=ERO%eotTCSnsIdHo6PaN(B?=$HEq7s?_76HBT_z68386XnW|Ukf znI!bNh`xT4y$^9ZQl%H<_HzO{G$thanpcc>C~9w~_;AdbDJ6@I{ADG96M3hTDcraK zD6SVg{H6n(Auc?jMjG>Nn`nqNW-I3d>_%SYW}ZH?jUYgeDuzq&2D+H!X4@cHg?uQE z$GT7=VcW>Z5F_c5DDIL7^@|16YeHatK)sHQ$XnVX$%a7tsU%iN5fby7>jwNC*&x3Z z@%tnSn?b&*Lzj4&9I#aZMKd}(4lp}la<>9oD82z^r;ecZ93m?w7h`=N{Il99y6*$x zR8B_2o*Ngg!@|hT<`YEOG${fl%D}y)lMReafuwaoq|awh0z&a~3WgCCr%>2(3QQdY zr2wy=`2PCRr7Cj3WWdrOiHY8R2@!ehci%_sVgq>mzSN~<5y*qY@^s1gr2sLo886lY zgSXujTq>{PhP?j-SPw9o%ZMrAdaM9zS&ZJ?{6ulv09FSn2h%KJAE|^t$T#{{KeOtg z{*4+%AwP2iTbvu2&+=iL_R4sTAj6!j!{$wRRIcD?U%*4-e)od=&f98!{ARV+z;L0u> zg%hi}0oUz;#w)n)H-}q9Gt(i#bIl^6o*9)|c1k^UnMA&ht*s(ARz6ej&yft<8QU87Z*k zf;FA!Y^8a!@=dqP@h24~TEeE~QVIDQG85SHZ+lxit(t*0F-Ketl(sZ1+W^<^P$kBi zRZ9STjcy_l^{9`Bx1UGIo3Qy;0`ZX2fU6;Qqk3qV#UnU=^R2xruXDk7J^60yjpC7tqjIMZJxO!N=h=(dKI~lK1b$JM z?h@=v|{(N8ndn7zg?e1XYb{M2$9;6(552$hLEbKotAt!Ip1}cwDa}T z^Lfj_-L5Ag;?S=W1_nkSGWQ~^x92ma*WQumQE&VLZ#MU$)Ys56rWYg0=dCo4jc4hr zBAcaEJK!2QO^ZhLjb0m`?>p2(GAG6edg-xaQt@bsa*bnBNu6^oqBiUJ^P5axAc5QS zWVyEYTn;_$%lgcGXu2;L=UFxQ?3U}wo$71BonwpO9QuJd4Nt*Z> z!MW^9d}!8@eADDPGHM++ts5Nq!Z=ADuN-+7B2JW?gd5q}fRf+U;< zFmA~v^@foSc=-zYhOmJv0~mWqnY)Sz5C@3svp7*u*++_%B3yr6D2-a6ijRyc$cIWt zG<9%AogUANeg>>aQH2RkyVf003een5tXvM?S;|Zj+XJeQG73ffRKe}eKKOtLYDvKR z-E;$+Q{MqcAHg0{;#h;^*UN#iwk&@}+nO#1eCTn4A6R#ViTLFpc}t1;;eQnQKd>qo zT?%=nhgd1N(zq;jW&RL|sO05~ zh}38}+nr3v^GC(?=87nE^h#N!;DLbVS!b3qxG!1v=qJEkul7^yw4X-Hou>U88Bp zlZc%839!S3riHc%gPAZVh9Pp8616Nb!MJM8u<(`k8yd5QACsMVaY{OqP3Ye0Pq%YT z1ZpMbe%8dC=34XBh78ON{g;;bW8B`z8e$L`P;?XJV(w24^mmi(`hPar$nM=!6Gwy7 zC@Eh05DSU;yO9sIL6_ke^YsFz9I}ovdGBM~5|zjX&{J;L?0+FYb2_@c&5c2HM z+>nUqG>H-oT@&s`i4W%U3lX5liv}2Ay06?nl9{ONsJQT-?Y2vK)+~92LJEx*x3Qc3 zKztg9gT+o$M*0Mi%FH68d8nfw%*bfAz;)ivs^ps$(XkJ`NUc^omIsUxNeWHNp@6VE`iksw^dSWutp>~vHJzHHN8uA_RUoYhOmU#f1H%ca( zr=(RH05Yk0T89nFYpYZ+oSYoDvrIXGh25Z}nrd@$Bw&wK3Os(FP>MVzjyksgQr=?B zi&IE^`Z>Yc9m;{cWGVj@l??ChTQ<8}Zeb!seSgoC@c9RNx#*L!ek!Bku$hJWDJ)Oe z?DYhA(e5Rc@q&#G^0P?#4!On8b$*UCOYQFsu`rxcnG3arni1UY(x3!Vy+u*Jx)9v1 zbB}j~)@(4=@crwJ;t)2c6vJ!2-Syz{sp7+K+YplXV~0MhMMQdy#yB354fYC47hgUT zpsAv4GAl>5etK0%$_xz~S?#No`&lm^3~|u1{1Y97z6$W)-6_~_WLLNa)vg)dl-hxB zvJ2>Igb-+M%q^fe^9H3^k)ESXi^v*!n`jk=x*4&(7iI);be||UBj{@pzafY#c_tso zUKoM4w$OuwXuxTYFiIT_lSgRcjR)x~y1t~9xJ}4HO9I07hM|MhsKIzghY$&j2Kg9? zfl%9+Fjoh5ULAWR#AeTV$%Hs{y6f`WvG1fn&y2&vV2ZXNd|V9 zyv%39S^Y!wr%b5WpuO7575TTlG0C@MgNv&^vu&}>#hW0J`4i*MBXiZGC~Njj#bJsw z{UxW+3NPa!Ehi1Mi=-HY7w0OG+i7ANf#K@|-?Ka!n*2N`zc#yOFp1fQ0&#DuyiTOb z{8IHACKe=e%Q;W)Wp&G$R|0h1>Wdqv?=vbydu=DizYL~6^ zvlVba7v>XDS0=KoL9(#K_-rT9!aOnEU;FX1(e70&0=--e-pQ!NqjA*+ole>rl7Sqd z$r(`xNY{G}zODYS)LU`*(pxSU=L{BC59m6HX;#wpC{`#2VHyiZf}Qr~oO)eak}tzs zI$VxC#2^{uiyjXA(+JMwITBnW&UxHipOhX6=x1i*TqCYGpPY1)%6=ho6ypx^^gZLZ z3B6D%6VfaFzH}4CSvN_`FA~A$@u7NFh?&-JRUc^G)fSjHVq-${t?tmNjS?u;_de|n z(!j^s1by`F5+$_j>Afp^c>|uCSBJ1SBC>(|5$)f^RKF{f& z(gzLs^AzF)T?K-lOPux$pV&qUj+zIApgU+qIRdoT+&vaueK%`r%w;U*e`qJkRo_ z1Ib8y_EnLXSF3!;Yn~D3+#Q!!mh-zQOR?go-}+Y>%R!-#6l=7*e%RI6|nQO{a-4%VYrE0J|_vbFCiI+;Q83t z-%Cmv!n~z$hljapa*JDQjUpD6(f18>G=ZtEAA;;tWbyuz!GKHN%_b;~{{yp$4n0{f zIakQZw&Mn7xtkqB-^fr~&qt06*%b`#YWWRWAP`f>VjalB#yL*XP3$ z=jxTHT=rSLcxK=77&7?5g0`8nxli8HF}HHljc%M%6vsQI_IYxAb?TnFLzKP_=vF^8 zdqBB_A3cGA?*P8wyBGQ^ zdAObMwiZk-&2-SZ$k@=wJvlhMMN=d9uFWp^_9z$~O+{}&$BTCYYD&_C1peKb;#low zL-_T?O*>K(BSCUIUsJx@d3W)XyC(ZzoT;IU1MC`tPe5CepDssR9CgdS9uKC_ivCjt zTg>~(VfkM2d;iCh53KggD?7Z?BkPp-pIFUCgHN~hZ>;8n&YxJ#&M0FBis(mud>rp! zALB6C6ev>n*Zj;$DEAqP!Tb*il1L{XVxRdt3#=l%hQ|lm+c?Y>)HBX6h{CXw=J%o= zgx1pxiAhvoghzo?OiiI_z8;qqEAGMZ?6;?oA5Ewj-oJx2I(jTD2soW$^p|!gGOV0^ z#QgdENr|F?qP%8*ay7F>0ItT}m^N`%j4voH65#`i4pRJ}D=ifB>(d;;!d%ypc1R%? z!`#8!C&UvaHutqmt0jn_O_uB?%fpX^>*&lotx0!@WMu7(bpV_2 z!4!d;U-hk^dtl-E0G;_sT#LmtO2#B2>Yq%FQ^9Yhra4H8Ra!<(kqDik`!1Xe;wU6Vt)awAz-K z2i9U~9AKR~^S;D)`|^FSR$f(k?0%$RZ!3oz*%x|!+?)L1ZznyT=-S?#HBV%bZ5KPC zqq7#P=*PVi=QD`hA|^-f^_fK?w)(UjczRt;=a~2zAdP29$LPH7z~ibLva_is^AKp6 zC3E5I-ucLDtqTI9%V6%us2f(5-f>vLO{yjbAz zh7l$rZYuSro7-U?V3Lzv?@pm7h&?3Uaff#=S|G@3E-rHjf830Y{Gas z0_xD=rhjA$HD-Bsb`!|DMuKbL`Bynphej;IPjr^Uftn)<^mAA0?NRJ-k9Gd%@eyEZ zzZ&omEx01dsa1t8f{a9*dBOleZv@N?$O&1^@{LM0je3ev1pM%$Hti{M8R5@gihp)J z9H(VjU3@kOxs_EQPQOt}3IIq3X)ffSZ%^aoD0pXyB|np~fkA_Jx?EV=j@DR$!uXsX zi)K94uQLlDI6z!ju2Xg1^|!9Pm+*y-<(N~u6u=t7Y`o=Gzya?0xs{8G_I-N4-r9^f zWT)4!g;LCWH+|2t{_IoUPS6wOZu+93&u1LHD|;{a8!0e8k8a_;1Ewi_^))83^n#L5 z@WiR(PV1l<<1?_Sx^*{xhvhLivSzWj9SEYq3j)U z2jbOmm`M~abnNVd-2fY%{6iaqFf>9w#%U3&F!3w-OK(Uc5nk%`-r!A~D|vhVpisb@ zkn~0@EDGvgxF#bwH{cFV19T_6iD;1}Na7+v{LuTi(ltz|&h z=ls`iK%-R^mTw+n3l~_h{%|h zV@2HXr8zD^p{^An2O0`oPip=CjeC4y{z^NCT0rH`=pwO5KP|#j{4KK;Z%Qkqs;3A_ zI^A!AunS0#D+u&jJ%XClh>l#yBxgk&uG&{l#P!?7pb?L!iG^*F59Q(Jk8~^`vCpz> zLP1AX1xD(*;g^JxTeF{cyX@~L>?;rqH5)JoA=RU?0hwtx^^C;nhdx|9946v5?JI*%Sm z_K#>y60{ZTKC}os5|;(m??M2sB%*;sH=>1yr|>(2 znms~)aQGMISOqNCp&tP0YFmTSQVKn831Z$f!fsYnl2^?N>xISEi|l!S$|0Xg%7G2@ zYel&e5KY)tn3r@$&bqSUp$RsQ=>48d6{CQa(Ip#3!|rZl-BVqEvir~y2o19O7DCmJ z?=`l#72WBd2)u69GPw7L=b&jEaA_QwE>-3+tUzP83_7&xpp_%iZ%LQ_t^MdC1JM9QJLG+CN zNKNwFl87ZIw~uLTd9DfmvdFTBDSWKFe7V`6M;I_5W7WrUJnmfKQc0p;(>3-F+}5~J zWc{G%G2>=FEzyvbUCy5YQia;=@*^JdrX4x-7tm11y&kODeM4nNOw&BbTTFq}fCn&% z0$X@1maZrd(gg64Ti9ez3Etu2B^0!ORRU&*uKr&ED=-me|1igr3Vxeo<3gszV*d%; z#)UmceZBytJAf?VX4j;lLWB#eX({V6%ud_0ov zsdE9;Q&ldDgCe5=*zjSL;!Mk9ZooB|=#iczbHbCe;G?^dli~e1mE*ucB1^3N`u2BB zq;S+srnB7OEM9RA4$CCb88QTnz~CkvQ7~AuJC!WD5_&o@bR?MJg3zd{{MY$-e*|XM z1e~t{AYdWJD_0!Gq$<7YIV5iF}R016=c4z>ULa!$tn41aSOa z3FyHCC;`ihzXbk62`GjBtpr?-xh9kXk3sxH2{8Rj2_Pt0$OR|?ziz)}H@N0rC-&Fv zVdV#dNa&;!7*!FxVX250?Cns(uXHr2X!Z=kuxJ0qZS6&!FO^3qSYUOUKv3bj8Rpq6 zp#s`egyL|sk;Y%fu zN3$I_qtY6`orI(zbqX>dn?+)d=>sr7|H6QQ%^wt5yn~Ie8kBD-R}P;3i3)*7Mz6j7 z1jX+CJE6bUcb(K!u8gkkYnk3gl?NsZqO-Mw;TED(qJ+=(CNS%-R03QhZ7#Vvd9@0N z!D1CwAqldhe{5VXO2QLl$6l>*v}xA)8ni=~%^N~=9koW!ZuaE?s$0*|#V4ir9z%2H zj~-*R(MFWx9+w>qv46Vd`}re9r7V}&EAG-nsYu5atGv`?_8 zSIY@pk8e^w!}#zH9H2=}7c81?*u{hZ=E9pljq}GnhmP;;{c^Iy$=p;RCMfG}cO=K)YlGmxdYu zP6{)^Llpvdvl68Owwxo$ZbL&(1NoK@+zu?|%c!p+rpMFyFEa|Pz|9yR0!_Qn+dx2_ z(7~RJZ5jE66>qM;pdsrb#skx8vt&IF)qIUi0B&6}I=S zDWoS&Wp-WE(GUfa5_JBjTcs8fWyfz42{iRq{7?i)TqO3Z)ymX*00n>a4+UR96)G0P zl6jpis(+aWpx`5vFTznLV*R1uGrlYMV{}TXrQZVnQ1Ao#eEzF~AF;%;3;qXNI*t4B z9e>&S3xC<{Q0o3H4q;aMS4Jkrit^~}B=y6MY9ALCCRD<|_5eeXo;ypj$d&0(;YAVf z`M!J6RmN{RS~jfYQk8powMj_`2H;9~@e1asH`>&+?X)6+2Wwu3=oo?4v>p9D4Q+ru zJ=t^o%naC)24p?bE1OBF8M_VDNEyRRSKMv2)earsrF*D@)mnPXROKcx)IaNTwKi~< z#h~n!6=8gLYW(g55DV1v+!qCf&`~Q=$=haDY#DtP8#O@rvHuCLRzs-6j01Fb!oGuw zs{VL{9Nhor3xFm6;R_u8=?iEa{<|;0{&!#C6DyVsMB@tB!+lSGh^*6aAY(GvOG4`* z0G~N;arpFu+AGrkbQ_ufvb?vKV=aSY=N30~gJj>zNq8+Y-srg?b2slhRH2#OKd~8X zulpP5(M)XQ7e5y2<{T>v(>>*X6AF@ea2{Qd>1=f201g4e{J%H^p(G>R9)If#@U!bmlGgxv$79N8dqK#t+{~>7`xpZ{)TC&{|K_~tpT7J?j}am z%=P~Qvd%L!o&N?|rD^^ZWToNA_*`Q_p8n7-!GCgq~1>{Wp-+ zpXE=G6=w~40D#QkpNstsWL5t= z$hv_PJsXl<-SeNw%xlGOWah}rw*+U|O6MQQjPPH`Ov;}3v4B#Kv;LF$G^U4?xtnDS zqV{L4AKyxz2al@D-a%G*t7*xq$m0~UnKHi%Dl=s}eN;DDOoIxq4=q4;G*4~s4gn0D z5~?e;#i#8+i2B@nBC9R=P`MyT_&Ml%DyvT^gsgt|_{*&kMIG~MYEFlAfuG=NAmJ4W zD_#q@!4U~o?lXcfmi$AIcq^R=-E=rm0tcK)*xYmkhG~K>X1ZVf@5o2>Lh*rW&)H2w zix2=W3SHZ)0ts*ku4lR#n2ZwTCLz!GXE!>nZ!MHsFt%cK2HN8C0;~f_ zKAa(*zMFN|*h4~*B}@8LRa1{8t2d}B4_4jFk|w5_)gr!#=cvVJ0&1mTkx>-#UU-eq zz0t?ttXk`Z30<^@=gFT`y@6e*_NVo7csdy99vy*?EolNNY}r3ixm}qyOD*3or~#KY zAl2rt899si&hkYNwoTi%`(@n8H=Ca$FQ4C7GF7ZGNVzR<<{9~~`BTkbJ8gTT#P!{e z+-0=uftC55tG~$$+)iy>A{z{~8x2|W(}Unn@!Lp#zq@xnZRG9<)GoUyRU~6;qXu); z*^IILqpoka0O~sayf!~oT_*5Z)7cFEe1DfJKzXnma&Ba37B(mav`8&GOS@gF7X?=> zV?ZE^Z1dp2#q2&LSf3Qlp@6fGJ0Sb_rI%chrv#ZUsj?U0~hP(Gk$t$##~sHR4q~30GI{= zN^HMP1FWbcfNAg{apv7LASO`zZ5j}l;QTfX;G}K=ra_+a?@NiP0Vk1?VDglOR7>$W z_yOO&mr{tRXCcZFSM;P1luD>Gz?4doYn(Q&%=hz@{bTRipFf`?d%6ldsrK(SZrV0o zch-6>HUp^=xo}{%W`L&$1b4*3wjWm)`qA9S)9_&0z%*ogF8LUw<-h3eA$=@OcY2IL z0ZS<@2-#4^Z)savY)!UvuaCi@ui~HEoz?D7IWp(A{zs66=8qr=jY~BrgW6|FUR_KS z@w{nhankT7=}_i6HffX~{^Uftd9d2eX-SLVSRe01`j2xf;YmBvbQy>Nknb^ASD=)L zchHsP5SGbQ^%N1kC%-R!)D=Ge@~N!5Hwe^{JrIVh|2+*`@4#SzlPKyagH~u!@}4Bo zV2d!Q)=%NC6EDUdkB}PZc++N=Vhe0SwhRiG=gOi@6-KuCfsmnRKK@uFjLbpl_-lb| z{Rtk^1y-De`G>NaKGJgndt#EKv51nZ*#MeZ5%qX?6Hs`fyH`(>4EfQC^Dh_^x)N@( z)&HxBALj29KY5({5CjN~JuZzsl}YZ8@sTG~wUh68T<#@oJ%4!mPR#%G^gltD|AD)r z9d_pea96_rhPz^J4P#lToT5`*4;*Pu`NMUnBwktB9vA_1ixBtja}LO+qYii?v!QKeuW5ZxO`59jrUsg+}ZcJg12 z)80qFgm7YXORQZ^9{ePT3G+UQ3VA37RB%Ctl6Jeb*5*T!9v#+ffxz<;pMND^?@0fR zd_{d>#sNfVZS_MqcvB}S65*+XXnPs?H*G8eB$=n z_jlwK8RWOWkL*uouT&$EXFKzbybk=2V!wavyV$?kBa4>*U&Q|JKHY}D#s24zt(rBS z7_5}RG(&c>u$m5T-CzH&LbS*pqu4Ivo(ys`*+o6K?tpDV&2y#=B>%#rRfuP{dUuR|=bFUVE!}K(WEgibv zGoEHAg3EsVp(``-^iUaxyKWM6?T#4AN@E*Ef3n79a)$NQVQ=!#6Ymb>gFT3FfBTfS z*uSJuihie1B2OLpC#03Yg94ZjiMNl7-<*we0^v#v*qiGQ@!YDf&erbwf!snpv>|OMK`*Rt!jWLfw4iM&nifc_`~6duoVez6uCWk}Vpso$xbzsJtNw&1R9 z7iZUNpO&VozJRm%n`bgwS zr=aaliUy}(;=#y^PKcES_-Rf@wyX4PyEsLZehw)0cT(+chwzBU+2sicXK&@ejyGqt zUzd5HVf4P;)6m;;Yo}J$^-C%`MQhW7gkge3I$b=OG(kY807YJ;)qznDh-4Yejj?9e zcAcJG{ZRs~rqixSxbtF!T?5ydG>sD7gu@l^_s`S4nqOP&NrUK1pKn9*u}4nZ6sA=> zp5D%t=1Nr<+d>P+Jju^OLK|Ye0w)2wPQ8xn)n-0Xm_u>|0tx}it2rl{_#wmFZv(hP z7&11xHxwE{qq@*)WQj9%5+B)pRTZh1P#yy)p!(d*)DKp!w}SBfUu6mOIUpt zTWMp3XX5LHl$fJ2&W6*^odg84;MX!)7k8(vdV9ZU3=(v>2aBsGoZn_7KPFhjh#$U{ zcV}SEI<(tVwc*RJ8hpf3!Bd#8+OLWSf1u7z7C)2caWR|M zjO^t_XX>JkTmnx0p1BLY9LJ2w9LM~m?=qBJyiqA-pD`Rn*;RMx=H(1qs*B%|>{Bx* z2D@&ezT>l{b_W&nh;_b(KsXmVN4S{fp}h>ngPyPKcHTI9-%ur0@n)ECtb(&s=>I58 zAQd|&CP?+gdm?QVK3770bvjX;QZmBh zJd#qqZ>OrIooT)mCC1qIv0(VTfW~|DJPc7jCsT8Zzf=`x-RTp2GH;vUJ>j$3r0Zd? z;+7Y{YOdDYQP*NvQ`^a9RbH%?*sm2AJn^gGmD50u)&nsF&5LOjo@baOO^ILwz37=e z6|1U3;~-jXgj2>P3QFO;w`xP4JmgP|d{(+1J6Y`J*aNxZpph)E*#qVBluvU1L({T1 z;MULG3hp;OCvjqkYjet*Q1z_bc0pR?o(>Yl&S#MuP34r`_RR?h@^Uohn=?+)Pgypj zzNY43Uw`SQ-IG2f(v~klnzFYNWU5Z;SL}ES9T9@JSmOIe^2LT7=pA$RjYly3_wF68HK zM`-_jWqf=$dbO#wHOG<&tor4dq$bsxtQm1224)>IGsS!BJ}Mk>E(?41`k97j#tq&{ z$|UH|x;ndd=1%-loMhmF%bpfQtsT|R7e%Mc?s)s(lG0kxRHb{ePK-@n)^!OBlOFTD z65yvRY-OCihuP!qDqhmgY)lrU6w+K-xg`YB1p-q>nE|&xI^e%ZFehDeW=I2qKqELk zXaX-egMibFL(+`v3P?mfTU>4QW(qAP!VHfo3fXv1P{TCu1aR+wb4yNUN_eA`q}&3w zHPyamu12Da-JQO9vkxZyn!m8S8AxHFYC9N7!t{Qejyzg3n+fQ0_Yu^y0PpCkd!6xk z9&?K)%n~^J>;!Z}zTw+g)i=xXLT`u5s4YfLS8MHsTQWr3Fu|T23q8>rO^Q#vpyfo! zTTn}Zfr+(v1&Mh0nW{SlhSu;{KcB3;A=Us!!~h0VMN=NCkP&`$JEKSX6*g*6hJKtP zfHO!h&bl>or$40X^}KfT8i8LwgPo9I#2m5RSDFjvCBZ@UbWFl;Ey)Oo$l@ymle%zIiM$PMU1ozfQeg5QL87HJiNQI8DU zpe@g-%gyhyg%z+ysjXg>Q<*M$oS6x)gr99tH@^#bN1h7UL1PMdr?OzxeX!k^;W!a5 zZC0T11#8UW5mf={DlscRSIReU^{!Rlv10v7)w!!HK@QaoaF_bhU#SR~Ze^BG-I;mM z1PhrcV<-f`2c2?`Fj3}D-Ot!s+-?H-<2OL(W`NJGuRw1ltR5obXH~NxNY)MDXl8WY z9Hq-{P#kppeCAhB{?MyU9lW9R1L zePNl{&=U|Ue5a*-+R35bp-jzoaSH8%U zabHU-I4%+2Kfz)D){T9XNAi9IqhtaIjpAuKS#fZK&!YPP%@G5zgasXTxy-i<9@ z7^^yq`JV1(*@KnJ0I2yGl{rJ&8bftGu+@a;N+WG(l9J zN$__9mHI#x6& zu5BIq;DU9q;89FQF!dRB^%>>iEkPr_IknH@@>?6q z`M)AYaJm1Ivzr~&oN9NhySNu#eIGXb2TW=-@e!~H2->^zQI8ku<-fDx5VUgv7-9mh zDuuS%UXg%z8xhT*Vk3%w7o=l23^N)}IJc)H^Sf~7eYOE<62(OJaD#1KR=q!<(BJoEKS%`sj> zJs*?={r`ew=@lMAfi9eA=OnSEyVqCveMg$3-~4CuRb0Gao0 zoz!sowf~d~Y3CU<&wfjV7u0`Ag=ySWFS&mZ+@~`RQt^IXIXYfW*?3nD((pdjDyd zZT6p1VfVXKmK;jdY`c7>aow(n?V0)8P5U})r zV?O+wSm>ehcd?L60H^GQIpgg=Q}3rAf5Sx`kMhcFIg1AWNWIhkm3k*Z=a~Vd-a7%Q z_d9wgz-^am7?WwBa;+#bWx*b8W&27w^wJ7hS=jo2U<_l}m&~jyG8INiMh9~^$No~q z<46Sh63|wZDb?-lLsqifFKv!8Va#%h_%Ga8>W0d;Cp2(zu~_YOaa;BwK}5LMMB{)s?b$XA?Joyqfmt z4QjjNT}HaL8^yPDB%3V2_Sv0j$#OvvP!$p|B`*Sd!7}igJIp4>xm5VG%x}ha`&QZ* z6ip5g8sl|@I$VJ?W_G*fF*j2BTq+oy_)JIW?CrYMJCtQ#AJa|&_r8m?wyUChJKNP; z4qWg!Gmi3Kwzg}n0Bu}O4)2EC3V#%g>VnJ*LGmIhJpddeV0aO!mz)D5Tl@59LR@72 zK(^oXYCe&QLm0JbL0OraB|Dv}Y;EG@m2e55iofz`0@vWTZiIwEcBO&tJ{P*@`@Rmk zU7mzHt(QGzJ9!G+kJ?5+eb99b+(zIsaGZ+}7&tHDEPmkuR29mM?#8F;wQ;LBS#9IV zcM>pJuvELTX(hX%^!;kJNTQoBL+Q+TA1DRHj_SZqMo58$8i~<02?u1aGETTl2P(BS zxtiO+Ca{bmXmTu^DC&&8_W(!CsnVJjcTRPomm$+7%v3Lc^?Q#&u(e~bHzksN#E?9y zXj}AbvV-@0vR3`2fu13sA9yp1edW9`wn(OBnB&(XeuK>8U|F#e#aZxnAEQn#PnI85 zLzb4t+07CI6bqgrI$oxTU*}0isLb3mbLMdeeD`cr2~XW$%3|NVyg2I=)VBl>C6L}8 z4LeF7CRU<}mRLkRLq1Qq*O{G(BP~Bp8u3uHPSA@w=*==w$L)TU^?oENtM0OaLzrgM zI6ha+yeG#Q>xR9#qkCGO5O@P6d&8E(3xW(U*5^$~8gu{zF=15tCPhh&g~d^wOO8x| zvlGk{3J8&?ic!fVr4gGf5X_o03W8T&tVZA1;9lMQUn9z;z1S??e5F=>U10Po1Q)1O42-XkFNVFq%9aL%K43nJJ!$T zm1KRHU{8c^lkVUc>nMv~Y9HowslX!{G`-3WySB8YU@_L6k34H1@|;yGW0o*WR4)mVT zyb}O)xNm@&e)%o$V-JbKs!qMwGa(%1!durXU_bebrtkT*KQOf1*Z66=j;AR*#kab%}!{O zdG0y)8`$+oIZ>*&Qr3)848XVibkePO0AB4^!Ss$(Y#HPuEoJDB~0P>LF8GqJ+>AMdm^v6%#NZ6=n2L z$&~18pS40kz_s+*E6%B;!4ZPfQbI%w_e3`pu{hC8H@mms@5uy}*snGoQdFT3iu|_q z6Lm%1pTIJY6Ho&xYgZg~+w!JUEuC>XInyZ4>D`x?-Y^i&F0Bqkeuh%t5sx7(e#E3^ z`7x_9F^rMTXx*HNqgXZRQ{Y{`{dl2H`aAF8 z{{3oiF-+aeFFMk3DlQK0Gr}J#ltNGsES30EAyAy^^I{Qkq*(@yOd5P3JfGnBzjxS- zfA1ok#xl32(1AN_;O!41lZ?+G_B`T^Ii)oB>c9*`ZVy-4TMAoHy~B+SXZ^YN^Oy89 z7=_f zfu%H%#`k)e(;C~ds_|U>Y=I;fzpC*~#rUSw>w`TGpCh3&B;+>*4QRh-Tn4079lkG%O>g%?EG{^!-{V}pJ%>)m8v_)tL)q?sl%XiHyGYK! zNP|9HZJ*G*aMJ9iu#I~tg=1A6!&RGpZT2uRD);I}EYW7Z9H;JswSd8b#gd_bi~1&? zb3+7bP`(A}U(Ft0z19idMg0Y`3#2Puff`X$!Rew3rc5sn;V8ZR_3aJlCv``1l=|gj zsGvqICLjjYl8y@60@9*&%04Nm(T514YyCmD{kGdzjT+Gn+>I?evETPr6qgQ@r~2oc zNV-+Y-AiQ}v|YiNu7bGdko<_BXD#MN7Pt384Y>w)ZBJPw;a4Q?tU-twHn}(PBq=B+ zwQ%4Z(3~n45<{SyElA*>9LPWY$47QJ;>Vqdu@vO?^S@ikq{uo^5xqgBYtjt0K9H|X zeSoYJk@pJKa%&#=xUYBNfsymA_a;3e924dyphnQZ6!~->q%C-t*qmvuyF zL%_1Kp2!*$SyJ>=`zp|;DZL;k7!(Hu1QaCHy;~3uL=b3@imspC`-6LORh%=aicX00 z`~%Uih=pGJHX7PnEXB;N+=`qgU-G2rHM1o68+K3NcH*2yE~XrgoW_CaWg5UU$1L~_ z1mIDK3ht3n)Oa%*RJu^u`@KaGasfkMq3KXoXVK3(7}Fqw+gmdsmFDZmO*!5v5FRwh zBC2-&ICgr*DnY4`=)j@-py*&;LcJn&@q_}c1Vlr1>RTZENLt7)2=4NPYthHJaC~l4 z+W^PgX8I$E%6@dRB8oEgc$Z5#HK}20X$S7CFonzNGPNDYR;k3xCJH+>X9oVu8>MUI z0w#!WTwgxT&&0HL9Tj`}k4R(nTtGKMp}OhxE$vEBIa*CKQhtm(EW-MjOiD3Iu0ud! z5rwC~Q<5S}k)~6A_^l|FFOT&bj+XUKf|-ok!p^R(@Ub1?TiEE&y#J}!r)+# zY)vQ8diGe_q~Vs={4p7|Onb%6^iUX@l`XJiIh~IW_(z}{Y;&j35$V*q z8=RM`Oc71lyjzsmbjcKPjyx&@=Oehr6GpVU7RBrRem3S$!f5$zC8|{{`7}D@ zuY%6b6$5pKdqa_>JCHt_3rnCU9t8uvpkqOdVEx?A3mDK4US(t(S2Ufbu?W>PVk-OO znh05V)bR+h{lEC90ZElD$+}8n1hOXT*47T(eX+^SwLru&rxAPBBK0(qTN`JLWOOLY2g#ofhwvsL zSJ6Y*+lkR^W_A<4$t`a?qop__o<~=Ysra&bN2%$k8jbAEAFf!>x1?%?v&VYWq@zzl z_KQN(Fh?=LwIVM)B_FJB5IV~h9n8Wpqi`T7jPfEc2A7P_0x`hQ`#vfjF4#|LvdR(f zWr$Zil^q{S(zFS}vL{Smt|tbI8q@Vks=npjH|LUkmeMjurItFnJe4r@z$&9l`h?9q zNEMK%6G%fnH3dep zGs|x4GcT8-D^q|oPTR3=W6L!}KI(@aa^>qT?Wmm}Q5JNf$EADpV@gbQR3G*nGRIm3(E%Z)P2|B{Ct8{7+4IWwkB^g{ByybJpPgxiG2*VS3yjdmq_GjV?RrGP#Hz5L zk!H#TjHhlRn>HC0?FHw|TDv~upQto{j%&27KIWxqm7Qjdee!;sXB}JYeBH)z5VOv^zSTn!leI#NjyPcW2>(Xb z!Gzp{D9?=_Q?+bFO};6Hg=FI{i$uPZyzf$Y=a;-MVeZ~WLNRcNh>t1pYtEi2p9CeW z+`qmC!bMy>QHe`&u%X^{k9ZH-SZ)UfZ&<4%knW1&2494r5n7^0#up70CkNRX3P*_m z>IZbglW8K{+8DIBdFSO}ksF-Um*&p(UVgbXmw?I^&y>VPih~&= z67E;Omv&Wno<$KA^kcBqRXSth9QJBPTLpc$?KHCL61oP4x(-m)7*T(5Ha(D79)NG@&9r5j=`0-Yqxf6 z+qRu_jE-%qW81bmwr$(&sAJoCdKvQ8j{5!BP8H3VA{7O!U?%M7wIi>M8Y?W?*++~f$fOT!(v&GJ*$ym2_pun# z%$kb&MQq|rb(FN$mG8lIaPS;==i#TNN1=|5W91C~>A#{%B;@qC}#4Sjw5$X-3Kl`|DimKcF}($Eyc8S@2^z(EgY9FWIE zyG^BY6E+lsebWkA9oHjj>g2F7AK^CtmyymQ4sTbCFD+NzOxvveu1yKU5o1U+v8`0( zvssQk=DqZKr`phAku+jw#c?TRwMQV$Bsw;i6y)T@w59%HQt9!{*v^*AP)qlbDp6f( zAjvD`wsb!QhKo_&GJR$?u2RoqO?=cUy_E1vJg4w19BO&r$xsL-MSTqpJl%2@%pHni zD1waf{yLEC4Z09!FjKImy)0L~B9aycbf5%ud$N4AJrRqh?~roT%rsj>nfI&6 zo2cbn_zNyk%kmLT0+OqZ!AcIHgxnI*mkfx5U!5qt*Ap^=5>^H=Ns zwZr3UmUft&(C%PALzcjhr}$zRguP_I3VEbXQjawi=?`e|=C1<$~ z(x8Pw_$c6D)wGnpY0^)_qADi|M`49 z)lZroew8P#H8Qso&)|#13-~Z49U$JZ6DR@$!*4ClI~P9%%wXZcx4XN!A{OOqaU(XZ zw-XIv=d22*+^9;d@ETm`uR+ile@Vkq9YAmubA--b@!P&?SZO@7+ zWt))ME`g<*d3=yZa9BTY)ymT}24-4Zah;18yM_0t-qZiY76tj(_#%7#u%PogH8W55 zbZ&N==e8k$%d3ll2)NE(eJ|P8M}}U4bDt45Lb*|3F|Fp?B8J+OKz2vA0Abu05Rv=g za$p=#7wUK*u&WU#(u$(TPIR+-b=B+U_SM~+x`veS^}hWsrPFrKjD&K>@AHLknV*XS zkM@Jm6rA`;$c67#Zzk*GN*zbOWz*}=Njok;GF0Hl11-gfYw%RKCpd*7PC)N{56(i? zCXhrHKZHCP+MS#nmr99E#^sOczX1+KbU`tAp-S2y`!xcwdo(<iO{a z#g7|y>B<~XfS`4yohjdO>IQnr|I^jvMxgF0i>R*V%=5>RjeD27E?60CS!Ep9 zLN>Yu%o&9_*9YIAW0jg<3H~tcSSX<5%#t5)GmO`{s;rGN2y>F2>J8?ZLoN%knBOUDTnO*lAnY-aa1A1<8Zg%?6?aV)RDB@c#vJ(}f1OZZiOO?+?2i1+gy=U|Vr-F{Eg) zr0x46U*y*SL6Ghq?F?3p{8`El(STxjjsV<;MPN(1Q>V*S9@52dwJ$*e+fcK3gvWDA-HQ08Z z8?<@mdUwoJFqOlLfk1_T9};a9!np|#dk9@Q3`^GPw)n!J1)38x;4;Rpz~u=RqK*O% zm)j2Xixcyg%P|)R#IK+kpZQ?%}XkmB;cU?@tFhBb~ zU=DW3f39&sUGP+oRm6*PQ59|onqd!c;zF2*lvhUt?LQza=|7+u4&*;I07kGN z!5;`YU2p`>#6=6mRMwHRX2KJ(Hd=E(j^cm>gXUj%D_ExNLkJa&4lx~eV-RAj9v!4Q zV8=WT=~lJpH1G$=}_m2u+9pe`0IDXnf#XXA=#NkLsA_I;F?5tult z7GH4mx}IpF13Wwn9V}c$7wNeYJ+y6` zcmCIzb}^R1XTeU2VmAXu5wpUz(=>??(*fC;rwp9#p67?Fy92F69?+v_)|L(uN2WR3to>ueCpVmLdh*S!@4Qx7Bdh5P!2aVP?xYIP?u(W2~dvn zL`jm_tKm@;z1GSrkUX6M!P<`rp3fInm>_cn;JHj>usLO2q!eu$IK%ehxpM{ugDx@F zEm{L!16~)DKKGD>KKH-BAYJvGcwQT@q6Mqqm!Q)$t!CRZk*efvXzJMh3ULYaM!%R8LI z9fLc>1$Xd)gdH1(HEP|R5u_TSbou(Nm>#+T-X6a>MnQ_ltp%=u(Ce|vJq&7u@=LSd zSu?-2L^)D1@;HAGVvTU-1zd&3odCnCtRxI?Wc_(OvU8aq$@2 z0XZG_iUy7Z0djA4RJhIleQP1n*0AO%Kq@Z#DxyGA_^-gz@nh^iCrpR?8BZZ2uaSw z3^#r+`^+)DyVN)|XDmwU$Wypu;1*6>JrNb$pdFCsTOP?G+PAAMmd(Olk z=QHMhK5=Ayq>=N9;*#+4QO@kZY*e*YRS|wFi$5bTxa{=T+y%#hOrZN>Mni3rXh$E# zb@_uPWke6&lJp;KnmuqXh-2WyBQ4|)7_2-9$_Vb)I{F(aQJ-H> z&kst)@qUNMe(0?`bg?vLSSzU+9}RPJ;o0$hbG?ni&IZ4Ivn!U8Ab>F*D-uowbQf|h zbzG?5(MB@MO#{b-{KYKXwTo~1?&|vH?E7d8{fiqVi|Yhb9a6$xi+6p-_8210D>0_k zaYjmSiOfc5-F4t>P&60=XMBVXm8zlsFq;G;Vk0jT^x`@GK=u^fqyL72>j&Xb`}MqP z{?$7@{MnmZsq@gR-@KtRUPv1zv8QlCnR{ z>Q`cYsM4QQD%GjKHe}C@*1V0|wsdk~j8GY5ZOB)eWDO8n3CBp80FVBi-(*0JGbutb zJ89qy=z`y%s3;4v?u&$=fbfB`FV-|C2?Qzq_z0ZorlB_ji3A@>R|`+yVx2xSdQSHc zsoRPyW%U_E;Ae81=S5NiWZc=)-L)xE?bMSZ=DE|kbQLM4&W!i0Mbq8YDN(Q0k|OK? zpJt+)?D=HNbm=Qn^Z?fW+NEYk$edRtMU_90vWwu2(`@2 zPS)+@b)Ly)&cZqB%W!K6XYox=6x2+5lO(KhXic*m&bUUOYSPtYi!biXuFO+z^H$u+ zz;>&ob{S1-W5Dhx7Fr@WzK9FkhhC&{4jV&TkO+$JQA}e+?zIi?D+}@&8=)I!x~X(> zqwZvxKn4~$1-pSMrGeLW&eroVW?D+&d)i6xVxi#zahHLb?RzHSks$h`ErPVxC!U)6 z7orjnd`?JXKA~nl(0<4-e>ADJKe7qOs7( z)4Dj#$X}xB^_f&)MiQ3(`yA;7Pt%rC@;?eg;7!?=)!wns;_RHA_h)-py&YU9_^Tr? z<_q}gpL)G^1o-%P-3>7@w`GazzgVDM3avNBKCJ1t8-seiyg#x(JKp_%`^wfLPV9Wu zFy%&e`|{&y6&V}7SiIL9JZQ^WKNv4RJ0OWtCNFTbamps7Sf^eTGEH;`|A@GJ;olYScv%`PlI zk2j$wMqT(WVaC!?e4QRw5@O8KP)x@VB40b_#1|_)lD9VEsmAsFoVe6eO`>HDww%bt$BY`_lUDw`6PSAa<@r3gwu5)i6x8)ctJgoIj?@_IWuF!-KI3HPK85)Tj_?xN)SkBu=*doEI zf}ysA>b>4=1boT}Ry~ZXahMUV0=t!Lu@P?M)AUA_GVYFfhc`*5v$+V$heE;205QA= zZYb4OT+2K%Nzojb?E$OP&hW2bn*Us+pPBx<(m%uOb6F3rn zkG9-}Go4=vm9I5)aGk>hW@4D?iq?Tqu=dMBH|WXZIlppbb7M`8SChhNK~}CRBf)n6 zuAd=?w+|A|=QR0hp^HL-<#V#JqI(dDK@UJWA*qK95wuFS zjBCRrlwHJu!&-0h%rXGMBRxoO2SPMY^L(R^8^ zdk-a=cS*vWcS+}xXOnk1$vD-~)NS9YInEyi`CO{ay)oJs&K*BB1|$#la|PXLa@S~r zJrWd_1)6F3pr~I5^azJ(*}q+kzMDA!S>Az4IYqT@Z9-?=wmBU!uFP?TC(Sl;u+KTM z7@-80Y17)*VTpaSY#aW7?_Qztx7Q8So!)VPo#2+>7B@4IT{BZ$tC;i1s2BY)v6%<> zLr!}Oem6QWs^GSiP@Wwi2Gk{i1H5%#?SZ{PyycAXX7nt3+~CY`&a}!^5%`?n=^Ca) zyq;DEX@1L)C6s!c_miy?WD`6tC7hKf6D{afPp=lf8XaXM{@5v+?@tl6j?`Sg+dzmQ z8aiep5;`8Z9nJ>p&|eoAW#j>sz% zXge|l0v3Y<6Z;8LAI$$Xa7LbDwl8$J6Nbq22w77b_w*DSwQm7~R#m9xGX!iklY7fpK8jHLE-?jURsFPNYL^i=6r{UbP4@ z2>lK5P(dalq#e>J(QceS+0*l;@# zZpX!jG^SX610-;qYM!-72ofx^n~cYU839Mnn8XngR8Y-bq_V+yB;_GyZMiwKvJciC zzyB-0G84Ntp*Cu8!Ka7_(dE))&bnZ=IGAM|+U9PUny0VU8;Esd2DynW-B^mF1jk)* zm`~tMRRBB1LTNC9xFw^Rthys;fFdr!^bzwnzi~-z&OHpbWHCn=O><|lNvB+Zn~TrpP0)|Yl=vjSVe=8XXu6e$#@#N6C&Hj zC0wd2jY+tJ&|A2W!gXIGb0loi*kpAp8T8CG!=-^Wjjrk?ZkJYcYN-GsC07R^ih}r)m~cXQwScrYWrK@iC|x*pZS>*o%N=xHF1kmEonMIX zMvTxYZm4iC(UseZ zA}u389W5P%J=9Y*I?%8H=PFZ(jlR&B`=DdBf6%TA|6|9C0d|}v#k58n`$YPC-h{9? zr68c>4)Ago zhVEe`$42(h3XU!LoC1H=#CJ2PVIK(8UynD)n&lJ>$iSd%Znq{ZiykT}f!>CR#ZF=f zt?{EJt^(|M4Zx0f$+_hIW5;py$L&XdUlSkR+wOMB)Tpst#lxHt)t5_-cRd{Pq^ycb121OMG+7 zfbenB$GAlweykwpr@;CrKY!oQ6TNQQ)UUuUR&}1J6LHdS!@KUt)0l%g-ia8V%XCo- zuGG>Yc=7~|L&@)x6}~`;`4zZ)X?WN z)7Xi%n5k(&0J4b|(sH*=JrY4{yqoFO;ilRN_- zvE#jL-KROWqZVTJV#P<5n@0@BZ>XPlO!be??YZX>{}}>;lzvjK6#<*K^yck?lW=M> z`>g7qci2_bOz-<-r~BvXsMRew-b<$2ZP1`UM@R3M^@e~$oU5dJwYNFHM5ig!6U^Ih z8UN;<5@nvd=|7I7X@s+KsME57t1H9-eTOlP9|mty0%=mOCh#SCDkQ__=sye71?*Kt z$^j@^M8nPz>AUHiS}9PJk{N*%M)BFh%puh_BzLmskd6ei%^-&1Uzmha}99 zW5+BX_Js1<^K|^fG=y{Z3;Ll3O%tK}yyXhW6B01FsT-o6%iOIvGS?ipLtuUQz-@(; z;LnX^o50NgxU{*lhO*?z0Hrw|Lg}c)b^;U}W&!~)F)1S#+~0vsApw({3TB#{XaUnG zZ%)+3JaTpOjKnI0e>Y%_2=Oifd=EVrc55vF7kA~agFfn_0*eVhvLnUFl56*t4cQMHiRoPjt9w9Ih#Yk6WNfWC>?Aq z4-iAn#7a6rJODDA2S8@yT8O@Namdc2pXL(aw95dtaUf-;h6Q5l`t!@hl8>%BpqRby z&wT>V=%3DpCey~9uTLI>FN?L#sXy1yc>;j(n>RRmu2ozOWhvm7aO+ala}dOjpN8ynAFysj=~`t>6(OW zRllEd50U7r)kI_XOM2kSHfU#ea}AUo>^0eF7O_m6We+bwA1`Yv zJG{!e)>XIpnHJ}0WSBhxu$h-D(8sj5rkH!qb$;x4J-3zkSyj2y#(AaPdPV2RSSRGs zhdL%lk^rwoHM1|jK(->+T_(W@H^f=qDO6wrG1-?4mCe+!Lu}e0Zx>Oah!Yc07-^$G z8xx{<%i=YB_~tY~L7obgba?=vf@R_0)f0ZeaV(Daf6s4bMl*!Uftj`Bj;3G{`|3*ADQv9>0VhqAxD)Te$ zR(0l$hRIP=P0jBg)mZu$FbiL659s;M&D%IL8}Olj<_jZE>KXJi1-TcF^=Rl);6F5D z*Ky9@#djQrAdmYh#SQpbqpwudH~%|d#_}opHQ2)_&6>>|8Ocb^?d-QLrPrD|0`w^I zZ_!9{K!z4gN_iqpJGJS2G?i>nuPIdR`Y(#hD7MNP&0yIL%9GHHz{DiDraUb#md2SQ zTsFiJm&Rx!TmdVBOn`#>=fDW(qv6pcrSeYtydV6PE@Q<{L~Tvo7iz%HCGMQTFcSQX zp0lnPak}o7f9uD7)gK-)BildD9VfcuRBvns<%?2+r3MbwoPuH*Z=&?R>1a>O!Lvls^5XIK?YqLuVSh06NLsa9rFhiqj4AE1%nthN4uzzA!|II{Z_SYR>HA2y z5w|I&pe`$2w_*&rzN--nB9v&Sl>TN<57oZ%OpTj6k^-+wCobnmy;ZrOKmo52KSfPH zh>nL@?$K6>?$bp}HAxh!y8DKGamxCVCp0khFID+HvPGO8Vn&0&Xb|PQ2~nB{KwU1U zHhup`U0!(pqb`+Nf9Jm@KS9e?6wwx2lF?S)fj*_~`^ru_yyX?i@IU&0%y=kEZj7Vo z3-L&icq2TJe9T4cyGn(=AiLmU*HFJpvr!W`1M;$WOF|cY_yW!P_X=m0=%&v|Qm3TK zkN3Uh$ASoVdxf`xkHOo#es59805R@sCIIz*vkL|(5@wKjGwA=d;Wz+wD}ei)oRUOG zZd^7Nr9;Bitd#A;{Kft&s=~bn{I(F0MSX_RR5-pVNZu6gb9FhAoIl9Fpj$HtObJ+s1 zeySpqq{6a5HE0YMjaV;?pMyVCyS3Af{HJ?b!D^AcjVP8Y_@@*ACj72o)=3)MZdZ)z zO~iybm;=p{c1HEC#Fp`{=f@!&`f3v-*YkP0Z?Q^Uv)ZV9Sz2cg5V6%*{>_g9{S&U1 zi+Ny{_JJmeX_q|3^aJ3gld7zlRc~evC%(10LlZ;69sCb zxjmB(ls>Z{b#Gx96DwGVG!KOuk0E?uT>Bar$e7rj0&hNLLdr6DZgluUX`TUaLUr@M z^k0ls$nFFAe`BgEg{Mq@cQI)H3a;xa8h+&K2lf~nR^1JeUurYfTUu>919Fqxw`8;L z1pt~AN~r#u{+sj1oQBC>dnL5OBMIIYK~m<86x4FgDVE8Q60Ap z!wH&p^rjKasiDv|w}U*b0g?q0Xfi0^@_-9uephUsV?E8KnVxV%6Ra75(YS{6`v^xx zf7Oyp$wPcNowI zkr{P?_+M;K!;YLJ5eGa&*zyW?OrW+Y{3X+tFY~$*-PW)Rve=%WoU=oeUXkYqzoSI+ z$`qv1m}S|%zFm*_-9BO6Q@PeD`__PTl zU3;-B37+fq9%P<-&)8WVGDXTTx6mm2Q^1f zP==}NA8sBRKh83J(F$sdSQZ}I0Urg+&-yf})m zKBf0i#^uxPHWe5kf-9gzRdV3KvB0six%$Ad-67e!{=*zW!+oSlW2#3OE32Z^&>IPu zAhzk4+vv8?1z%P~jUTL4YyoQiDX%C%1|Gb1CsvT*;Nd23yhyM}(oSP&;U+?ktIXC~ z&_o!2C)wTQ$Lb4K%PKo-`P>!i!1;@&srr~T(115tFyqLnk_H+OBcgxm*(1mS$N`HF z!6^7>@i&tW+Jgpm+;x259kd9L9W-8W|9R)W@{>3Zpba+9{Z4HBPlqW&6J}5@K8&oE z)niax*a<0)w5*JhmRj(T3^fUtRnuLDs4kh&%s3#c8`5D7cv6^tq5SGQevvYV?yAfH~zLdGxn3dT6)UItlE;#Mz8tDw%f^(>KX2~ zn=S3Kg&MHgc%{D>Zn*CNX~5h-u+v?n66pQR#l5}UmYQZ_Up+r*t?%_;{L_Xxm%@za?V1_o{>wSBi*Om zrwsU85K!8p`VLv3C7?*Z;p5NaCx2V@Pc7vy0XAFj75Alx5LCJW8wgzj6UPkVfZIDa z{K2AL51_$b(}w`fPJB8lTt+yFP!Z7li{7)RWKbx0H5kW493EW~3bF;9lLIU^O1&_< z`I}#X>3PDLa$#zPXzK9Osi?)KcO1Tm(7m!PNXve{MJeCU1RcJZ0bT$%dX_3P-ceH@ zNd-+u=<&zMD|tDBtiz%u82@vVeS&H)T9xXpOEkO*eaL^Egy)ZzQ!~!?L~R|1#^jM( z6x-C2m2<<(o7!PbU$U|>_X`z>Ul(q7MUiM}h;_;=G=emR4^yws0MIWPOpco&WSiaR zyYC5lD42@>n1UA*%fh}3Yo=`Gt9v8*I z7}j9&v5cHm;g>g-OgYrn_Eh6AL>nD$f;#=Fgw>uQ%xSX1!rbUYFda@W2SJTSeb$tw zSv0{fR7!yRKUKImpyxp~=Ltfneee%Z#rrRy>fM-!C`~(&aBievd8m98%v&xUi+H~> z?@`qt4>N)y>}MI6ma=FUd367!;t7}1weYk)3F-1Y`~!K0OnOKR!oio)voaUXEUt0W z&zEeab{M&XnUsaKdzjbM|K90fNf7(1xdjC9CnI|}U)BDlx!v5tq+qE3%$(E%dLbTh zN&=n^S|P8%cdbMf_l(tCiSw%lTtyRzsI2WM!C@kDzKGP6IM{%*VtZ~UOl0d252jButy;F~6cFki}b#hkK z;nbp1sU^Bu#aKiI-EG4R(rE_OZ9R5tM5V|jL#3&3vQvjI8;!%hn$vblhYdS<1Cm{a zjPI|LUUL-E04y!N(eHctvbu$TaU}PgKSr+U&C`6lr&%rENPECm+DujCaAx;t2u z=h7>^4iZ`p2%zZRH)X#nv^Pf3xJA>ysGo*0Vv;cL- zh2&KvDb+fmFFQnxw+)Y3FUqJK;V?Kr<6`E!V8_Y;`gh=d4(+*Z1J>2|u$BCJ*N{sO z#}<_L&Er*-?KrgUSg0;ym=Eel@>K%1><>J&(U`4oq4c0Q(rg0M_k8VRcrH=ZwnuWW zI2J%f>A6b~5~96};AF*52*GS#z{KqFahCEFtC@Vv)DKwd9{0BOnnn4G;7upk^yIt* ztp)15@HRGWPks(jzKk?>K>iv~KnAR6MnL{LG(dpI*tRWO=j0Ok-)sM@K@Q+P+wxs@ z_8S4-7E5?uPw*F>J|AYt%y0UN2Efeip_|*+hi~JklNBkK7`$Zr}`4KM_zjC2UqY_ zrU6j^tak-b;1}{R1Ret&qZQ?ZwFf>lQvy!fc1ZHGM{;P@&puRDfTR*|10E9qIn0cS z2k&s$@uDLVvGs7hlodP>p;Zex8c~y4TAr!2JifFr$;N zER3P8r~fQ25vcN4Ly8K2#G)Z+YJK41ZoYT1=C{(r%I2Ii1k*^0W&9O(m@@<$-@^d% zq8xItrGY^5B0=ZI3s3{-bV+bJVgqREmSFQjM!iL*;JzOkOu+|a2JnJU=Dy6<6^_~~ z8G{|JhP;kJ(_MB+1ztF+qE!chzMYA0HouzqXY2s4(kI5l`j1bw>(k1@9U9j#aB#Oj zZVL8<`8!Ma%dEAD(m{fD`K!$e%iy?fRrc~_P!)FUjar*LW8=S3X?L1c!xHX(;%=2B znR{@qY!#BBMy4wutD^c($OTT+TrAC(U2kZFuPPglLRCRK+%g73E*Lpk)*^?myEpyC z0v7!NN2$J9tY8kGW%rG@18&#|@WBn`nBHG1(o0QK6;hb+o)ga$)hh|99lODW<_%LE&rJzNv5)l6op!m}Az&`5$)D_(s>ueR4tlH4$ z(2lW;EnClx^}&>nLb6b8T{};25&OcQj+5+U98tk6EJ$Y~b{g|vQ7n?E=LFAdn}x2e zpJ&E1e7t1~3rD%-iw9?UycIKI)Qwp)6n13wRuuJ3^tjvPZ#uK@e*pvIU@2`rdP&;l zBWZ27lkLwV-L5~@WRa(4g%VLU^Aqd(W@8tC{iE;ay}ch*7UBKmkA6o}rP`*+%x!vJ zDDHIYJ~u{h9wDEy+Zu=0hY@7i91IixF!s0OFyVlwsw}oo%Y&<^eQc01MJDS9c`R24 zdALjigjS|vTG3yjwdw@j2(n0L1Naw)(?dox{HTfy)KXn${cdYz6(}nb(6})m& zzAs5%^hryC`)7CJ_s4d2CqHqV*;O+SCjY0VdiI*$iTq!xycs0W+(t3tX}d9iihf8~ zJAPBgrERa%D~-7W%Cx)CxZ{8z(pJwWMfaOMo9RP5vIcI*9>xk z$P7d=5pCS15y>>sPhZNoYygVAr=DF-*m`kG4`DG;g=9Porq16%;@Ml&mR6=l!&zt` zMOIt>{~o`7#=VdpIoW#D;Ih!z@}Tau(OU(!LvaV9&N(ofWFHJ~xHT6|HvjwNwIdcX z`#653ovnz1DNIhU5X|jAdc9xBdU5{-=P@k+;5<&X;{O?(@A-d&^NrSE9;s0OI&MA9 z&a1rIA~$)0=6+lWj}b8NnB(TT{9z4E`9NQj8lnb*29PE^Tv_ELP@jZQrkDs*4R zaVNYBNN&5C;F(*p65II)yCh$}35fufT3@@TgRERVn;$|$1`MdPUU#hZO0j=_7ELwg zqE?w<#37=;pO%s+D_dQ#L?4k?Zx1s_GK(^3#?rWtl1Y1?rR$X2@g-Ir7)=*R`&=sj zX36!U&^)6bC8K@WVO>Sh_x3!^sM+EaAWeBYacQo?VmxBZ_OR*CB-|9_67)m5I$e`N zANixwHqkFYt65B_X8&T=Kr`|cBvrXVn2TvbKDB_d>?2nb2rH1t;B;7;+EY7Tq@?bQ z*^JbKGje54As=`9%Q|s;1^v>K!{c)`uSJ9(_nj&|Q{Rsxhw|(F?>$%U4NalmVqJT; z>0n(jt4t7wm%b}nKna$W5b}CaVUpyb>p4pnr!GBZKbzx@9Q~nHUY?NNTxU)2ADZ7iLAl5YHX>TssQNWeP#^NiQ;bWHs^P`(z%NcAy%{UYA6 zcDKqMozRU!cW9Xpo#EcYEWxDb`e82V+gdtEHC0wpxn8lzo1)I^IH+4Q5SJE`2NGT~ zWCQRW&_5%SI3~WW7m8_o;`KChm)4hr%r6ridm2v}Kt?>iPu8YPGA+Fzq^X6HO@hw? z7rNrW3oG6D!vY6LN*1*ELgig~+NIpSFap@$LJ`Mb(gm0)83vRoSqhX%RRRZ?iMZ&S z3L7er0SI8E7=TLX$}9Q~6jDJLfEi>(o!TC{t?_`Qfuuz-`{sVK^(nP;_04&!0i`UE zAO;rm_bCOC^`Z1BU4dwfC5%BXh^9G_AdisOjM#+{hQA-dD2ubiYyiEHL2ZiLD<#y( zz$jS2Dx3yYDTEJz%F%TBCz=)oB#sRQBpx+_WEEj}AW@zsDesU0rsx1fZY-e!KSUka z#XoH>%r!QR2oG@-8ZhMt@v^iEM5WmjltZ_W=|FL)fKhe?{$?V%2sZ+13u2proP9_U zJ`QRL0+>1e1`F^GS4*w7N^ajk)Ler}X4c#5ZRi0baleQi`K{(3gahfZeDV;_1FU&- z{a@OFfVK~P!rS++xP-*Q)!XKeq#mtK#3uy9=YEfVai9tYNE9yEm=6)4tW3nLjxq3^ z4f7p3ZYI>jh{hsnYcP8$-ia269MS1S>R>HjE;vwLibidy9I$+z1C2Nmr0zCR#)buT z_$0&~kwe98Kzn%lj_#{iz}cRm{+hb8Dt~UU^u%Sc^rUzh<>nzkcOROA>SxAcjF9E* ztWP@8P5BuJKRr4GKYcO;zb8=O>^V(A&cAZJwQ-Z`aG`u$h>L!uh5FHK3XOTw?hV zyvAWjo--tVF0Wbd{cs_rZ!D^;G}ljK$)Ls^m3(p}vHhd*Aw`MxZ<`=jKvT5P<;P9U ziCj$4{;$R@?ljdCj7E7=8O#4F7GR?g+|e#6CXG((5IoFXtz@f*z1)*$bU$2vZ>;*Jd+c4Sr?r-_KA&&U{qdWXFW01C9~;eFov+PB48w59GHf*! zj}KGI7w9ct(4^5Ko~x9)m*OFU-Gm*eJP;PMGl9BO;d|02=ym3W+f*a%LEe1okQ1GJ z)crVfcQ#xLy7Jec=npF_{Pjnub(wOLv~v4bn3E5u*J8=TUh7O$GUK?X13InA(*nlR zo>Zu_Rxc|5O_3W9BLC=^XwEL&zS_obFU!CzXE51;YvL3De&%7;drG z{yIn<;WcTE0L{)HM~l3cNPR8w&^ToH(5AF$Sg@++BU482N7U=NG&$24bl#MRl0}*gK z3yUsqFZ>xx+)aT^=qiq)d@i&r4<;zuDqqPPw1C9~hgr0+i+JizmWc93ueDi@vM-df7q${0r78@h%7I zf~PqH8|uLuWx5s$ez;50v1Y7GQos9P{f94I?1YAO{y#Kn(QeUkOc82aAERACs=pvg^-MhL-isL+|T;TnddiOMjmINF0!vA@h0m?rlJZb2uasx)FxK zXV+v)qoqzvMK(pN<_OCfWo}L-H9|)jp_tui?5niHTi{sF(luO-hDH{8L_aE_ROCdM zA<2%|%n$bJSOJ{wQVOhWtx9B0FHm)ml!5GD=Ui~f$?O4+fL+ja)(U6oiA6j98sRaK zZ+7>%mDcLFAHqeYP+HtZO+p2~rh>7%!OD*dnGrMzmGWE}9i)s*`FOzr4`P|9Tm@AJ zQ3j4l)l7B6LW;WTp_PY#=n2@Tm5v8i)*&pq1gii?RKO|@c$vVFk44v(C;}>ElSmdN z@yg5En2|j&>3I=$A4}MJkUklwHG=wnAVKvNF_O(<8Ia8?S&(Uv&A!GYo1KgJyVeU7b}c$oc4T&58YuQgf>eH} zREB7nRM^xZ9lMi>VK?lF^KxKcu9|732dxj ziC{@RatMbEQi#)Ua`ZHBX$4Y$eJ(8oX|DQ7w@}G35gQ&zp zGO<#G22c#eR=%v?JJe&`+W68?7~T-Ub)F@s!&Dq)Q{ssc#arcwZK};lVsF+I#31t} zmNH(m47nOu$p?37ZesGQWH^q+thK+wK!W~2VkX3I^Fz*SeD_q~4c|MBTLeS*Y}d-dM52){x*DN34ZnXU1^ zR6`RQ2j~$;9F*B;F6!c4MgF?~-8I^VDe#;)75a|up;sjjvr9GT-vEDj#d4&JrHVSB zRy#^@)xN(wT@;o|$ZYTwfo-9}p1J;nxz=B`cJa`KQ4f|OgR@B0bk=g&a9XkHAEYW? z&c?;;e@smz?z21o3%LJ&_z3R5hD?S;WYweG=Vk^yU_J2tZ%O=~!@zlVJpWQCsDR`C z%leu*nV6>7v^jsA71xScKOBimC!F)cUeAL9p3ja+LFMj$Lv>&wu zpgj-sKQ!^#79fD8{=GTU-FDtOCFlh&6W+!Hk2(6B|CAs@`WAIz4W|Jhb-Qf8-@qQO zWZBSp;p+1}*ef;1<-f7-!R>t{sqS!cBa4geGEkP-$mf@iIhOD+4py;;uFsnp<;190 z9Qr#E@bzFz%b}o~C7EAzUj)usM+x`Dq`q7HPo67a+fHl)|h zWYhZ|ZT$9s$560x~P0}Kv5jw0b z;r6D)P)7^e%vL;Wg@%&j#+SNpcYQ}h14+a_H6Tj6Etj>q>y-BAm3#9$+#7e|i|@qj z2(nbR1>1y!G<0XBalb1Gl{hA@WG=`^|XphQkR@yaZNlFDSvEL(t`NT8}&ok+NDhSYDBGZ-rB&jAX8hxGE?<4-2hR{0k{3zLhS8w`or-MT!8WE($cP6& zf8uV_VUmx!)9uEL$~DcdZHg}dHDCvzPOTvFa0|t+-pGtU61haiY$A3tToUGQ8}MiU<6e09KTJtL9DT9mp1fFG?OT6mz{k# z7Vzn!@}qQkf}9DJCC?bwJbiPna@1S;z3y!uWy71~HmjLWOzS#n%RF_z%6^lqLOqGCHa|1 zvj?xv*6{qgz{io9n=*SnY^iNw*1pB;;U4LHYJ%^9$E@h#`%XT)0tM=LG*`Yo!8k4I zjsNlNpU5|rf4Y1Mm#cVO;E)L3>k%JD{}UgQ7;goW$>D!`ArD`C(mP(VnvRZC99y-} zu#7Y&PqJJ4tHUsJFG4!6+e!I;F4#Z+bvZ(6redFKtwr{5HkU;3M=rXQO#K62xB|Bw zMbxjcittd&J}CUYE>tJ!M!2G-&C*)KJ0;2(?Hek10ewkGBFUbG>;Zk{RI)ARsu1Rz zt)RZ7qs$K_m=Nxpp~$#kVr5)d19+U~JI2F?3cgx`gUrgK2G0@NZyme^^ge{T%9ZF$ z*6CTUrpPYiz2D?Q3014UO+Xgkku-QnV_Ok&Drnqy&x1*@FV-5?$&t0NE3F9McX-pK zS{b2qDXm&$>0qOD@mMfFdsF{~`^|xWsd~Dkh)tJC-kO>|9b@!@=Q|eb!b(~Mt)gc# z9f`oP(4fuOUB}fnVx7hc3M(wax?*WrRrv)SeWL^=;5B4HT~IeE<%d&kvFdcm8E##o zYf$@fMKq(EE9xoX{ua7cO=Cb7nztk#0QFJ6#Hx z{73rXvtu?#oNnQYHT>o#VZ$ZHOpTM@SV{Q4=?DdWCd-Z;H>04_F1rYzlZYxilST`R zC^%aoxK&u+8RgLJn?ZXuaKm7&q)CsO7SCyZ=w_58-7)8o&R)W=H$CStldsGMvDuwF z_mv}4T+5nv)>)j_Pv9w03Rc>!DZi;@fDMU{T<%(I5eJh-GICi-^V{kXbyXoTT@wqkzi?Hht6T= zcKhykof~u_k;QbifC542ye2FIWHb*A}YMMtoaB= z9=gr;Uh5bbtl8c!GGDLybuU`KN1V_cV;q2z8hV>wz?z-y0F*pBHbAL-gp$muq-&fS z?z%`NsD3p7l$?SCpyb>mlq3Y8q|GCgtbBr!xH$v9+ITq$kWGQK<^>5Ym#+)?rvqNn zslv^Z0*(8$Ul{SbRdi5YlUmCk?FJifkMEn0XU~p(j*nlxRAEgyHiGw3i7?G?`}X5w zQK{b?CBOx0xl9AU15C+`_O!lhejNy6!4WKyBOt>ebCQE0bK;0DTAT&}I~+2O7LZa^ zPAYCUY|j`sYwKj0-A3}e{m4pI#2V0DwDf+_hqZ!zhhWnLY5D`|0E^y)k zIB|jWw15*A4V>{9XU?8S+O_`Iy+RMs{u$v`*mUGi4#*O>flgHpqg3_5w9-8c3rI0%8@ z*HKlO84O?icj333oW7#mO^yY)F0#9jfbA4E9Y7p3XkoYH?aM0YvszR6f3QJc+#5lE9R@sxSD6Fclq5o`5TxK zr3$2?VcWRNvhNRu$*(2iVf=C!G_u%Tw#;lNg-#5I{>Z2_<4Gwg6U@Wh ziZ;mMWrd!eCEg28D)RF2@{M~vJ$b2`fmab3XBN{LYE0i5BB`AEn3*im_bVE#^7qOL zJpeHdX)y|KcgoprMg8?;VE9=+4Qg@stqY!m$K5l#JBsDYu_qSZ z;nn8%Jc}O>^M@JE@yUcR3zb@w5PlXnKHg|kGwc)c$D^$<$h?HTJjHP;$fPuvnByb2{GNsH#k*uzlcXsf zh5Fa1n3?Q|ragP}2~U0xfvL6mCMz zN9$(}U`#xQfscarX#Fgp54fvQ)u-+tXAM%zW_m9a!JxMZGPd_kyeS>YDZ#D9m@HN? zgFLCZb8Id@;wBfZgIwEP{sPBSq+9)nn_qMi|axw#&S!H(;_dd(`ssCcPm207H76|u`;7rTwym;V|r*bn25E% zn+C~8$jA}H&n}@BR|5dy7r%>i(;@2_QCPn}{zcL;U4@0%D?!boL5qF>ACx2UzumSB z2;U-WHR|tY+K7sVncGOz5W`5)!A(jcW9(0Q*#+x`3iVF1g$BxDl+RZR!|(2#rEBZ+ zMDEva^WG~_W5zTZ)~N5@o$XMs!h<~JJ2!8)LI>0D^_QltR;xEUaWTQa^ zjjOq1bf~Zf+N6E7r~DCg)6(OqR=E!G13M4U@rNwZ%?h=u-RXUyIcd56=rHIPGGBb+ z4p%OX*jA;j(puFN|D10?rm(HblOkhNtQg8Qk!!lDiTxM;(JE8cg7@@?5N}=T1*+*Y z;*Z|Wq5G%vs}VirFA341Uj(VuX3>4)7uJx`YrZxYeD0{2ejoI$oGPwM_kQOj@3FFv zYnRP1pN?h}72`r^l>Rv_S^ztvB7r*dbF{)r_Ym4sg=@>^`#;hgbQHXbo7F3jva*Wj6xc25Xq@so^`*)Z8W@`IZIvE<;gd9Q{c`)P&Jky~f#Y z_{NomU6Rp#rY$mWFJtsl!tT(z{JD6u-?n3LB!j5E;A7`X-l9)Py=Uw3Xf@GDPwzE` z{%FD!H*2j_QNWGvN?%-+h{8#@!9vpd?dNY7zd5m5px6t+0wD!Wuy$DJtMV&d9=4tYxlo? z*KmIqwZ`dP5pm;m6bSJBO{fe+At`?-g3VIHP6xg#VobYy&9rXHNk$EZ6E5_eIEz6x zm=gVje5UacAi{GyRtps<)oxi#TIalPOIE07eO3^GG?rY3CvKr$zj}jtY?0{ecNlgm zA$eWO=d_t2(-{yT7W`o}gJF&iXCK->j^(Cg7RvOM(~*B70#1hp^P?>It*IniNKJAU z7T1K4f5S^CrIwd7?u79ga^`WzpJGARbSPVoDuAIJ*sb&xmJ8ny7o6Q#nYKkyN+c-yAG^tQM$`C{;? z@R`C3$oz(uGp1mF&wVxNFH`T@7p4LT$Di$l@PqoVQ z%fD(BlmDnyJlDh7Hph(|PK%N8H|6EGUa~BGZ%m$_$yZn>oz*3A8VTI~^@VIFY2*5p z`(>3Gw&Qhom4DL@X5p0H-klWcZy8Ys#iNsx8V`HdL{Z|ypIsV3sX)a-`oAldAYq_l zso4c87Og)kmh3+(79*fyF@LI9`nCU`RxIyioTz6S1g^jNYmTd*@<;RoA|I^3`ok2q+EIAITa4|Ob5o2ZQ%!u{v~XYJ4uXMcb_b;HGeXn^-=nVB2eZ%S zu>qdNJDj-l;JhRNlq^3cCoF7ZHLS3M%83k__~ivoS;tA1X#&P~!Iu_eOCYa3676@U z=p%tW;*NI&xA2UZ+M#Pta&TFqdWbB%wp}Tx#$~;Y?Dsg?r=9@OJeymr(p{0OCZHR)QVb^Illal$(5<)cDCY+${H+J(TECj!L}l{rWrX z+ZLiZ$4y#-0b`<3$2nYAZ>}CIuV!(fX|XWH&C;+J2rKrK)DgA zrSmc0{fRe686Pd^Sd1Og{u6H?0R1hQrf9fjklty-?n#!k&&`+VH*X3z)YB1M6QH*x zABI(fKE4-7IZ(?TJ~hFK%B-g>)I7uK?tK08OuXyeS;x(}5q2J>-qE%=Y*HuRb>(D9 zC?07<{wyhJ1O?DSxEQ=T$elM_x*N{*%&T1O`5lPw=Fb?{_p6CYt)EX_X7gr~B8;ST z3+qUlp3UpBLaF!Cbi3t8Rs-)lou51##Hl-b$Q;^OPM>e120o-6$7eGyAiU-_k_ zX)+J@Oxq_ZbZ^NVMNRndia@jJ=~tpI%S-)E+c`J>(VH#ShdsKMb=ar*BM z^CDa-V#mxTpl`+Pk6T+}YFglK#eZ}9AA&X$Xxlm!rBSIPBa*qRe~}yz4b?crr@W5j zGTs6W*920p>{&58=CIrStjUVm()QBXwB|0Z$)8E2eIX`llaK+S&% zANrDV*(tPQ@1)f^6lI~Pz#RR(N`My5EBFKf%1^SJj8`L>W5f*&S+mnjWpry8GX@fj zrrO1H8f$SpwH#2zjB0c9^TfXRiLVZSHb-gY*FqGLU)c<8#$3(salN=BJwkky6XelO zupzsw-eY@`Gp*=Pb1%-fd+a7P;|Xh*wM<9zYs?tzg$i~ZwXMbD&p}qFUP!ttPx)04 z(nZ4X+9D$EhnM_wWCwM1vJUIFGBabj=UgP;^Q`$$LZ0g`euSS(rpxQfWF(2JFWx7| z49ffAyhS*Krh+Bs&V9vBvAd&dmb6$^9|TjiU&T!05-Ad?0ZX17p|Tk>)UDLVG1?Ef zDG+lcN02UBYiI4XeOS;QuuoZ4H!FqiICUnBB){)xCC|}&nHO~NDz#GB!9i>zUS(li zGEOI|+wwhJ;vWSOR-)1we@rqQwZUvbr(k>&P?s9RoqgTWt*3n*{V^AK0dn$u3)ML* z#{@Z_ZhhX{o#l}`1_MF!al8E%yNnX@gE8y}`Ve+{1U+Zyh_=3!u%Puvpmeg<^_`*B zQzhfHwf%~&^iH;gM(LbFGUCi6nhD()_H2{9H%V;)VPimxUMqpgc3arknbuyW3VXAZ z*%gZ0aNc3FR3~DGT{QiZtAjS;U9AM-iE3U{;uMp9^r8I6tGe4yIOg;?(|#>;`g@H( zD=E-byCFNpc(kT%ffCUn1Vi=`xfD62D`-F=nXpL-|9fP*?>c)-qfhlj!p`4IKT5(h zN;(({X+Jkp^;cT?tf{v$T&f!3RYIuu~(?Z^jOa@_GD>@$i~! z_xE(+S1;y?<vDUplEh0xR{3d3mh(OOHwyN~E1Z@06 zoQB%Ny(72m_8A@_lYv%k{oUm49*QbaD#E`MX4 z8T^W6Cnksyv``0Xg@rU~PdQm4Bj8~iWq)3R>Q%u8K5;Ad zdRWQuF_$WP@r6uoYQBm?bOWrB@Mf$+CJP;cVS~c+T+r;vUC1H(ukZT)hIg1)-h|B^ z+ke!wma{9y&uoG|s`$3`C3{Y3d&e-0)}w2_P)0Fpb2RF?;YcALBAYV&D7~N%g}O(; z`&iRD{Z-Rqx#|YCJ*qHrQsNQg!t|$ld@H|qxKgk+4u@C9xCF!|;ekJ^oS0UcF%&VK zsIzLFlvjTbl+Cd0(ComNq_gFT`RqD~6w(f93Tw>NWe{q;_~`ZyDsdLfNp9Hx>T_N_ z?`Oda!HdMA!;d>Rx-l^ur-5bH88wCM=&Bf9Q;y-{sVO(>F?or*E?V=33y3&4t@u@Owlcu2C~#OrN}6VA znXo#v^YXLvp_|G1{F=H_63Y47)mM_@M(3iV)P~0dwhC#t=Vtx+JzHyPc&z=OGx+A1 z9}8XR`Il!85<%sP@H(z#q)2|=QjGTz8Ogbr1W z|K2^lLBvnj`5AexB482(nW+=tuWPg-Z?|So7x1k_4Ky-+i(p$%lHCp@>+yz41^&+p zcmIq36o62P(dQrgaz!r5c@`O$w`YJlcKhKl{h~3yN4~+U$}Ba1QFq$Y@KP>H{znGc zISbsQ>7x7~{CBIj=`fam5J%yuS^G30QKRd zOCMW^UdoYB&}=EPyZT~vkXh>Klj*hQk&G&1s3R* z@<1CqMjQm5`Y}GrcYC;WL_Wf?f5<7cvaMYdMXR9g4F zYEkOFEQc99j^JUvw}cGXl<()L}+nPXu&{dF1RC#-n|nba#f)wu+x|dg!rd$Wo-s` zFt-}9KDo(Bk+2~MyF51tY}o4A*<5}RMQn;5dZSEd8laccHG=_giLf+#Is}|Dw(JF8|+cJ~QWkw)x&tQAjA?09`&lIJUGBaz{%4mDrSbotE?=PHJBN!~hF6=aYSqM9kF58~ndrb)@N(6|E%sJvira6o zAIcBYJNXl#6i%zr=w<>$Z0Kl@vwo%wv`3bEYOEGf8<(0)7-K% z=g<=wTy03|iuK%|bpHKqg;ebok_s&{Ok#dA4qkOaU6aZ#J`Ke#hQ4wouiAyR$JZ$x z)5~yP)A01N9FdIVTFPR8-UB{iKe+(mCxmyTty?Ip6q{Y56`&~KqbuMi46e`DqwtJD z!4shp@%M}-luUm`IKrw@(}oc;fV3x1_B|7)y5;ZWzJGNAvy}9lCQ<{#-UCN>7{xv} z00T3Z4g*s~8U<4^cLD>mCMKjHO9lKQE0qvaB{gY7T?9m~I8TfP>n4>5R8*8juid0f z5f&c>BUH5iDwgL!_vTX@YD@wIqtJV6ETIpeYcxcut^P86}D1Q^%Z6en0J=wwaxWKAgkS73iUh4*jZf~zS90vZF_$Qh(sVzzRq3PV0s ze)J%C_)25%g*qsUMNuq)izg|kB;7)THQu^GNtp0Fgk(DUICN0Z8|$f2s1zR$Y$w>6 z0mlPXf?lPkTcI_i9m@mgsiJdXD&sfifUn*rsQ{17P@P!Lzb*epj3hlDctIHoS_t0t zEp>@2t>qIzq&-H>qXs*H_g<7$iOfnt3VjRLdEQDXKv}JHv&KOxK_-~fz8jP^>*-`~ zq{uloXe<;Qm5uz}$athBP)8NhK1TXIqauL)mOZN25FPJ`jo18be{TuSUKv9I)?Qi4 zm%FHhDkNK}#m4!KX36FV6F}<57Gh$lGD?AUiFk3wZ!co4uP`a|aJu09uFnk*3=HHk zh%wUPB-HrxcJBOOg_dY_9IY?ldQ9msJ^}Y*exeRiw-K}(um9p zB`jEIheRn7_VuUw9M%`_`MmizSTaMs6xSQ!WxNC)s#aou9p`r#xX=8auZlX*+F+^P z_*``MR;So%&j-ot-NU=l*G^lh4bv@!TKL%oo0c(|DEe0V`&~Tq#M$an8n-NVa4m2x z8I!X|`VE$Q1kVYddldd~hM$;JnsK(?h4~HlJ7ZEq24yDb85c7*^R-fXc-yPlt1I4K z7AKUu*NI>68x~Qsh{@;d=l#yf<`jWvJTi*pFu4Q;W2fMK&KKXvT$hT^mI!3t_KoX! ztBjW>?K&Uz7A_lSR$*MRTZxZ!mvxeLY1W+b$#}F|m&iu$$Ab5#!5^SE;CgiwKp*f% zBzwK!q8lMtWL$zr+Th-F4%nkYNIlr09M)mFKLI+kvCak5P&Ea1gx-N0LCy4tff2mQ z6TET&Edu3y1K4pJ3360Yh~l^|Z^XR~H&|*5$L!)Xc)v)~ewv&aru@ltg?9~@F7Wq$ z$O035rh#EEql0wIgn%QGl%NUV*;@pm%sm;*?}$cR!Bm;{g6s8A=6qH~SOmcoc93;Y z&osEl0Y4EOGmH)OLJdc7gQ^qK3)I;$&@c4Jz@jaZkWYT<%w;aEd>x^i3%y8e;s_lg6j!#JRIjdynC+>gIy8ZQpK zU>P-xU>O~#7kDok=n(9Bn0Pwz(0-z!kg)qhg+i79X z0Um&L{^$cN;j{H9z$J5sSl|zhx6%L{O}06katRWOTsNf>NL&$n7YiT)PziV0;mSS| z0pjq-Pz)LJ3OZ4L&SaJuP;aLB>C_6PYzA=N{CLU2qipa*1hAksX@{9EiGnuq2|g9y zV(!rRqal7bOW?*fTZKD`=SrW#aIH4CEKDt5V^C@kVwu2|-Yd^%3M*XY6*=H%P)hG*3~mQ4TB9N&9V?aIn$B2`^$G=p=SIyq((1 zQfFYiJ1{72ci>0KgsSSgXkb5}_Wr+T{3h?Y-23x&JaqN$zi}r{P<1qc-jww0m8BOo z<{bgHI^HF74F7}^c^r>$f~_L=vc<<(m19B(FJnL0FH=vlq$Atxp|L56MR>Q=9ka@*)iu-`71q*5I*h| zx&yDd)BK|M_Aj@QwU^`7V+qveCa>N-cFivzlhnq6BsIXp{qB2nmG?vSL(Wsw^BfTM zOtV$tW_bBu;6%mW;KUT&#oJvJA8c&7fD?bA{EpMN9BWslpa}$-gfT>MbB!(#`4@$^w=!xX&W7P8%UJOy~P@)BG z!?|_nZ`l0s?Z>n*YdA8+KHEvic8aRwREeZ z%+bZR?TGTP*k2ZRF^K-OoW%cwHjd|ULv!i%dSbU1);aff!19*q`Hb!6>rtX-v@H?LE zpeHkAMvnM;XZIY??gfD>_)KZ=q2Psf&?rLmu0)w5{nU~C1SN6ce5VND6&=frl1ig#ip#dB_*jwbSK<4M@vgM19j|I-;qY-j z@=or;eu^G$4o+J5tWS;;7@HS6igG;s=%Es+R%lFBK_X})z^J)4$V#5Im0;<*ngSp$ z3?ESY%cxnM`KYzXi-p2bumMf2j$riC>2j^4q@5m8_%dDuIs-0JWFhY2^Cd^NH($QJ zRc9d+EUrm^z+x4jecpU}u$Oo)Izo43RN~0-YPOJqf7|r1)Hul6P?78MYiZ?oC&TBu z9TVQf9+ORucK50Hq8yB`orsJ*xDsSPDQ;dZyhOz9?RC(mYZe~SYbow5#6bmH6td>O zys8>$rbBs^UX00_Dgut8VpNeu(I_R3Pmsk1@uf3%i>^Zv#9yHk*-yz)}Gd$*r->; z2<@!Xp19@JgT5a?o6+yk5+dJ_XZ?C&Plzi2#hx&=VxS7Rwo>uE-d8dV`OcUdbiE(Z zsfSmJgyFNeaJ@g~nA1Z5h0wZm1hSTtXplwNmHc^e8{huHNscu-(sBIh4{Li@5;Ij} zP#Z{~RV65*{fklYt?l5SASqegmVvq8FhL5nGUmw8ub-aKf?js0UkMRW>NqXBIZFWgk8K2 z2if<^0zX=cR9GQ7TVbA{sZy`3rZPTj9Ag5`M;S2@5mkHmF4!@A_Sdg1tV3Ll?S1cZ zayL9)u%HggHzvMfHTknjqfS<=5 zN6~o}waIS9?-KkPmK5@o6fiQ$oGCS4er5go0sAbWU9&dEF*lP$kYBKSEcJ9My1F`= zAU2VcmZ!0ztrH`?G&^YL;H{XM$dXb7)cojh^_ayqPY&LIimZC(JZ!Mes05Y(gH>A?Q-P<(4o1~^O_TV z?v@=jEs|*Gf0-RfC_9CHo0e>rv%8Y}a*^{V7uuz`pJM$e$(ti-o&h=((%>`!X#hJh zMT7Qqk@p0kCv*f63kVfl%0PQRQlX9&A&a2KY1l?9lOU)Codw?3MU8z(BiIG{2yUTS z5~|MQUES^Ll_MzW)OAGJym%tAMHUKpk7k+ z=vP0w!Ewciz$cRa8J1z|M(zZpFU`LX{n@hBzbH$u{-iABM{MhwBk<`?p@~;(tv&Iy zf2I5_k1JOEk*A$Ir5GlT_S!PDh3s=~=Mzu6@hVB0L%w*6%n2DV;-dN@XrzqM>G*|N z`m_n4E6rP6__V=wT~korak>W&^CyKMB8E*=w)N4@q2Lrl0d%F%XAs2+(FRdKmK&2KE zQRYQ!=-O|d)o-Xu+^rSf;XYFUhm^|LnrSAM{tA=+iQerZ7iy6A5vJh_g}D@4VZ8K~ zZkp%&S)vj_e3^&rNCz_uxN@%w5C5zPFai3;4esL zYphy&Yq^^xO<+FcPJ?*}Rn^fg%FD9P7wc$dC_CHBE8I6QP4}?^f-?yZp63A1f2(2B ziU;OK($GijW^J&eT7f%5{3*Vt79=Q2eQ3zccFzdqQMVSW8^RL#MUIZL|Apo<{y=jm z6V!~raA=wd0_v{#Wk0RL&;Re)Q0e#|v!S17f6j)oF8?_j>MyYQ^zt)FT9}?rFRhRJ zS@NLk!;#^SmKXx9-!Uod3V#iU$Se9IGVVVW0sa3xYt*y34us9n2H(%0Bg$lNn>^&` z<5uEEccmWc=J(@{3MY?O<2)1OQ#hyvR+InD*gjDBCt=%==*8buz-ND{fM19mVT=Oi zUhh^P!?^N+Fs^C#p&Os5q4&cF{JW1~Tp7+l7+2^l@6pu|O|NIbu@4rIiA}TRzg%-| zkNOf*&83CkRqXkyItHPbJE>RP;0f31XKeC2{ShEjVf-;uq5R*O3bkx(#x;CzEc@1D zWi+cuc^D&cZz99+iDLwf4<`F(_F35=FtN30jQs!1RZ!cZ3F3Q?9T|}Ho0ghgkYW#m zJ?r0r*r+Ctf!O@ql5Z$~hje9VW$Xuqf1Ljj!2Nz8RiDu>awWh~TULX{?dypS!|t;Y zAQ1c4$~>CoTO*ZI_7@&BQJ2^Qj08=Bp>MHkn7&4p7l;6QY2GnAM8#X2p`H0t>YU~Y zrM>6Au`Z*Jp$frZ`!|>*g_4gxuD@TzPCaERxMVPlJ{$rgApzU;;==JI%Bm@96usA- zy6zdCYbJSYEqY|KH4<~Jj_wez)F!k4#@Ifrgoii(_J#3&iGvuaV~ zjpzL5VCbOBNaWWTeXYco_1;4^_h0mR_94vw70DfU07x!F3FhBO&hgFP`A?1e`eb+o z0q7a3=1QtzS|NLrMQnoNk9pYT!DoN~_=Dj1WVSg>+^ER7#Va=*b`q)%5+8GA8*c=q zJV}i`U@(*k42JxxCOsehT)Wy;`F&on5`8$6ki1#5f1g3kg_CL&htx=7_zv^*H>(_5 zcQ``VOBK(S-;C#ky+TrB1E-z|nBSnMla~ad*0wdLZSwEkYs)g@)rA+967KSJf z$)aj&fAY?ZyPRa4|GdFMzN2>fHHoxZSzfuxB3=@!rJSXCY`AZOcz&ZxCa!F@I}mrj z!V<${`YBn@%F0eDS4T=ETjO;?dBt~v^0Em*JRUimZ<45MZ(Lf6MUPA(%6+4-%&bbw zYocyyup1SUN{}e_xLG4b`(>(mNL->6YH#lloIZb+C^ous+ueI^bNGtxyg=>ds;hiI zMWVpNTl-g*w62Qg=K=F$*VWfw2Kv<A6(E_8osi54 zR7sfJun`y-6>Ut6XJiF@IAjHWPzXgU9jQ^7SRw2i_Ltdd8z4g$c33u9$o?$v&$l}Uqj*Rbv^qK0xCd-PUCZm9<=b2=u;AP>GWmQ0N zU}|XDJPKIZZ@?XeaiEk#YSujxra&vO~%RG0vysjFr_Q5n< zlI>HLUK3$gE0fN4-V3ScvD;Ov*(!^zElcbvx1O-KbE8uZ#6d;w{*59%2aPK_v5eo^ zb91ih&zps-_Uq2l0oV7Y2quZbk-$B?Dj-(yA#I^cceQ)kLxvrLX?(GJSeom}02lE+`K4oj~CN4-ER|zWo6U{8u^Oy2zB$#jW3)PS~Zt^3tLn^U^+;e;Xc-QovcT4MtQ({Ua@{&LEB&0^}Z0^XB;x z>xZ8Gc80{i8NI1b&Wvwsqh^*z-~|64%HA=!5{28=j@9X?la6hxW81cE+fK)}ZQJhH zw(X9c^tZbAe(%})+;hLW_eZLdT2=Y6P-~7k$9RU4n_)UHA^!Q-Y=$4M{z^a3)vZAWTp`^f+nbM$h>vO>iHL6j zEaR)_-Pcb{J9GzS;)%taIQ{DNAND*K%r=~uoskK!uGVBwz2f;4+pTi^uvwVI^XWK~ zZOj<=?Y(4lDks+wAZ-G?bTGbhKoKC}3A)HBq-J4qIc>!~%xa%7e!|x@k_5QF$r?&5 z2M&q;U<09oxu=FnhTig1(#t}qfGGp%!d2g`Y$ET`U2G(y;sURZUOyiH60kJXh3*>V zGSb7C%ly1~KVanqFwC?-E)v$@_}xQQh=d<-!$J66vEm%{i8l3#emj#26pfO#r%(DB zXfT>)Nu>%$8p>^Za@6|syKej`Nl-IA2cf7DlreNY;x2{G{ zldl!<8c35CMR{-2S`0cO0yW+$B)+<6v8o_c3&3x-1n`?xQRi;n*)9$=0$yJzu0OAD zV3&>#ujsA zfFvmUv*=QsVvlAOSY;+7CpqaeNNs}gdr15SO0#RyBtM-^Bi33|2jks@()kSr3XLD1 z+?;af@$ImoA@}6etb?E-!;tsp(8SR*YayZSYxfbmOEtWNQZnz8Q9`M z4~RpLHXATHcwL;HH-ZBk|7WieJ>?TDv}sRu=xI;-1A*y|&n!Wd(7+SrFgb42^njoH zBFHb(9brh*oH@@2@==G4Xy@LhU87Aq+_qgv;yR33)eXd}6uh*dz%!tE**2y!h+Yuu zY|#DF_GEhc!y~x((EVlB+>|#<+;yB9+`kJ5Ew{WQHecV|3T@wd(|0P<#`c6K4(ujc zJzG^AR&3@qA1o#h2DB#*#PSbs3Jx{3FN;TRlUY!0>+}5)#xu%5^k|9uHLQ*Ucfb^i z(~u-Hbx$>E4vM5RfkCm7d+eacGXS5tL(Lqsu+;i>J2AhBrNb6Q+LHs)zUnC1;mjfq z`iUxeqBrvsy8G_ZLi3s?|e9TihJ-(D~S-!P;IU|m>Mnu9^# zy#-9ro}Xsv=fK;KU=YAU0*#+R-nD8VpVsR|5n$Ou1*88efq|>G28Uk!nli6>3>Ts) zkaj+$E%6m(p9`SaHI#7B-6R?p1$$IuUB3Wf4Su7E39nn}k!j8b-3|tN0=`m^1-VKm zHG{c|H|ZpQsehy6Sk;QeY%2gAOr&|p@{Z+U=MXI@G~{C zn9|YX1%741em!Yw^?gUs<>~Q;5%2K^yj6O=4QyB+T2RA68Uf}K*-b9l&GHC8pu>qT zAmf1VOt-@RHScLi0}NE#7A5)3rJV;}dWye5Si}GjR^!^#FEZ=BsFf6*BW>f~f}7AD z^~YcR*NjF%H<5pL1`=;r0XSIV?*&N!w8b2rJ0G`1ZQXAUma_rXf=yOalw5C0e@>-t zYXx5ANt}K{pYxCSr8x`bFn{bn;UKHs*h3_Ge7%`Lf>n2+_I!OWJpcnMHi<4QO|+H% zkxwEpY=tiVO zS>;iFVkxc+AH(9{>mVUxJ=~Wpt^&(_?A-kWAxK%aNeYa1`APAIBB2cOE7dyjKbA_W zw9~r3EtNYT|7EFc%KWCy8Fsgm;fnk-vix|0-9OfUS|kBBI0PR)HE=U4+mfn*w1>&M zID0bBgYWO;5XXd>H@pBbE%mv!a4llbpX3mf)?bB#QZMsuNnbnuC}!(YMFUoVVvfVq zQh0t+eQ!A{%gQ3lc3y~%mSSpz8OP*0n5*LImU^sY4Nbv&(3g>nUtOqQDLsl z&gL0Pa^tR>`t6}a=uLnxhIDbE7EFmOnj@8ER%JC_47^JE-PYa z3ae+#$trIu%h!^AuKe~+4*a)F^JCPM`@g-DZSVh6raAaeLg?!S6@ZcD1m#uF`eUnq ziuC`SX@=FfHXhi^G$ou(d!M$mYmhtn3z0QwQW-HtGXlV0Gd1j221vlu%ivk~ucY9O zs&@rY-=MsN;zzFq67Cf8gh79v4q*q2B!dUr1zR)SXNz(XSV3b;(1M4Xg%9P?uRTgS zYQxXpZDPcaS_4qF!gB~&@v%`A7R7L=JXIucsQ(cV8UqA`Hb-uA`{n(ACxi(9l@PM} zPeO>}cS0zuDtBMYF_5l)Mvr%0CQ!$UNa7#x}{}288c(R`Or8~2EYVD}ffyrq# z-EeU=aECH@Sz-#%J$NqP`v|@BMh8-)?c-^zR*HWp>%MZ!`mx)qfHTSaViUcQ8w zf}4u@W0r%b`K3%Ikw@bD90xZC|HkGs;%U0buq6)i~U*c?5C$wu&Yr;~B~y=+zY{r8)-QQm%SM z(utlbvph!_?+OXywTizSDerCgk6j7oy+RV>3C1K3=MfmSEu%yOpTz5IMME&2+Bk&B0xv!r&K^pqVMxsEbbRMF39HPgsGpo z3+v=+Ggc1M5GpCN_+^RWm1cD_)=@?OQX6McoL$rgXigWvNh4_M$}~RCmlu`FIN$5^OW$rtemk zx6iW>`B2YAZ#C~6{ODZVJXftI0>Qgyd}+PS+*D$*I0u%vJtWJG;b5d6vv;#QCQyBV!BSJ8vb>P`*q22{|IkiVZy_*)rWZuuKqX+M{Wac`L zw#i8W?SwNld_H{2R$K4=KXU!!pW_^Sp0yeni@m*kLpRO3F`}m`^G-*o9XhMG?Ym*` zeR_XKK(vJ&!n{LGR9iL1Jr{_X6%j-u(^O=q7GT6@H&poCyytJiQI3noe_iLEiZS0g zoQ5U2V)?BYw6f88^b>g)K9IfHB|5`@-#|Ub(R~DJ9|9p><}#-C-NUl};{{b|y^}l+-5io2bMC%rP}RMV*{U z!XR7U52AGi>y@!vS9HGtE~)v7b(s&*8fp#lywE+ia3o6CDC1=-B-O@;@`LB@*~m_N z1S6cVSDhVYBc=pi=G6SS34_a!ZEe%JLH}{*cwBDJr)l^1HYc}G?>D>cwgBGtfr-@n z#^zE5Wnuw!L1u?6=D!d5>>S}0cUc@p8hU?x0t`=-BYlaMBBb+8jm~-FvtNr>)MCx2 z(5P>}EMj9BFZf<84m&F`=aw6CeQi_uj?N-WO!!kAO$L6wF0IGo?1+o{VHtZ<;xlCF zsDO=ah9ms44Bvz6d9hGtx*m^DO7GR-(c4VRT$zNkJb>>q z>2_tuQZLxw3_uS~PHANMvCd98HLGx-XGsVGHN8O1e#g~*>en`2mxG^)U6@SglnH3B z@<^!4g#o)>2nIUVhB>GA!gY3?Y;ca28dsw*_U^#+7fYWpjxTEbYNcsXRXn@G zo2)&TNu&kaSoL0o^XKC6tH;i>@Ux(XK4-I{#4mj&)H1>|Xf0MtOlKdnIi~7Nt&bzsSwWILftd7XO%20wIh9S@51Sx3 z>ZM?@xGXuSFee)YC6JtbW$>D+vQ;`Xr!rc2$R{RQzyGNh54srVm_gjEH)-8FZ??V6 z*JRpS>3vej;9I^QHx@TWO{rzBcEB)pBSA%3p=6Y-OtZCEjDhrikkH0DAZe}rqMlme ztfk**fkdelt%^gf?T)JNmC(KRqqf2xNN3*%khzOv2iju;f<*xbiddNf^hW7ge$}-+ z%|JyMBtaBD<$y#0#S>PyYkr&uqQ5!VK_GNNP_F4XnCgWQWp;sGEVqL#8s$;7m5^2+ z?GSNVmYmD3K;%*$8y2Tu!zzSpKY%*Ziix;Wr6D9Y_#RPnt{{s(JQhN+FB9KkubB}g z!6Fjp(h#5x0>RjJnq#Y62#aN$kjSeqto4~{GB(+NFrp2abCPU~*HBmuQPTLXaO^Ik z4yk2)n9_GVqKUtXS+UQ{{fbSb2sqcRjesugYoiED|JT)ML6f%f~UC zo$o)?P)%sLtdu!TYVCC#zM1^c!bhHNpGM(7IfUv$XxA$#-TgG<6Ows|cK%Jb7?|Vp zvRRL`0&mlRb6TV!=cqf>VOqg?Tk9eBNMWzBf*=HQdWBQXitmK+YjAzlgz&qy@47=` z6RN$+O{6QrAx#Yoe$V>Yyl?9l^`7MZ`g&aW!uyr zXRn0ic=fFn3_!^;3tx_sC3_c*%Xa-Q%*D!HH9 z$+^W^NHMGmJ5X}e3&$OLacUZXr+2(!%s@f*8er+wD2-`30;t&0w|CR5;xJ8p0M=_N zO#+UAX3}dKDOaBrz^rBKE@GVjsLpfQm31{zd*|QzOii0m;h_0VFOEVv;1fTSh;leI zA-WlOvmc%{vGDlZlKx;Db4SPld46bEM5+^-je6OjC2lS(HVS?=1A6YbJ%73lwIqgNyl$T9C@+PQS)l>CF!Q-BR>-l}s`^o`%iZLE-7zKm!st9S#c*wOkMPCCMwAC-{Wd%wf$|;LK zP7@V&*7zu?5i7+h0S9QcnIbojPl=lCx@PDDL)Z|v*6I>tq4-V;cj++t<$y) zOF!=B=Jj1hMZNoEJRrL}0vU zb}*;lZV;BC3il$f-%eq9y4f!?S52NA=dn}YwYzPyvT(Awo293&$N>Be}IG!PHj6?}DlFe-uoOpN~^dMX%nwil{T0@HlE>LG}IJFGa6GY0xw_&WY^^}u< z@PL&GKUTAm6dfv`h%G-mO;JTWr|MHxl4JCVWQ~*8l@(-TQSGQ3Mr>!iG|fowC%_GQ zBo_3a!9?u;1QWR=0l~z1A*g=_6W{v&DiZ}9p*Q|-j?jEvGEl{HpyzW1oxm^iTrEZ8 zI60r9Bafe$9^f?zY{AeVAWe;tvH#qk!T!2GXZ?MDmi`~^&pl!N4_&N(f{94bImJ`< zNqZfZXvY!_RwiHBxsrYrUar}G%gc_PVc2ap805rr<7)-~bAOIU`0M_hq-tm_2T<27X8?75X=y_DTV3-zNV5NR zea?dv0bHNy;dxg67T0);(M5m6H5Wi!_lBy{jM?POD#(r*%r^>hT0cVF zOG`(|HeZzx3`}huus&5Ea|B=YS<<(H_6Ob~9|fZ@=k*uyKVSUGJzhm;CTtpYsj%IK zW99utB=ebGCicu_`fg&CT+#aq88AIdpzLvVa)ghZGI;7>%i1Y6}K*jn?68d9Zuxpp>9&GR&kdRrW(pt)5hw$g71TCK4v1BN17cFyQH3j~UK5(QSsD2rKfAd9L8E2eo*`K$Ix!5qJ_fS0Ha``5wM#k(04KQQ> z7FnFhyd40dVun4{;Qsl=pdTm3`@d(9TcO7-Z6XCl=w|6|w{1r=Iv z?>%GAre}O35NC@w&U|0}#!l}~?%x#~3EPYGIbYL$GJyIctz+QKs~bB9LxxvDfjlV0 za^bw1S=s-ky;N@b?Y4XF9dZ`&+C8vbvpHscKQB!MsmH%v*6wiGdr9bdCHVfv`-xwWYJOJ8D@B}Q)iF4?e zQWO}=k6-L(PqPYz1{nQ4R=LTAjzvo`@?W7ecgeC5Xjt{l8+-f-4_7y+EzV4@&cU-V z@dPZgb$F(BWDH~-JO=I6!{3b6;O5t(ZZZ}@x>pL7+`J&^Hr7L!<4+o#AE{TSfR`>X zmdva!)(TH?+%;(Ea90@)=hT;*B@cifFEAd>Do-gxRkS3|Pc;0#-%t#UhoQ^#t^Z5} zs9(=)aGL99$82z-^s$E(E}fT3y73*wYXLs}`Gy2+o#UHg)0cRryousCxx_=I)ckp3 z|6#<%b_x+?ipl1<*aSO%;Sy-i5mQGuRR)63!G_-ui|@i{gO?^^_A~0`u@ygh6K|Ww z%@Yo6M##$d?M6b%4;)enX(!I&!fN^{~C+vkjF`3yP5T* zLwEY#L5E(+%_FJqsHqi4YaAv0jql}w>lMJd727Ixh#ebQ+`E^iLtO| zl8tdz-6*e0h|SoH`R%l!W8%$Bfe;JVft|VA?5r8ph)R5Zc}z1&J`IPel*D(5`yDX- zLRNgtr8YCGx-h5NHN!;ZxI+?)%GqZN;mTk{Gr6sR;L(h)$~#Z85ORlP_p-zyX}n3_ z#&hf$=G49rvpF#I!L&LUH>_f@qpRI(vYX9R))=)qG4OjuWkytpS7k=D$WLZQw0(P& z7FNp&ASJAf2`9~8INTQ-v$xJ_I4Q3qaxsZl2C*R7n6 zxlC^a$yn;qtQGux7-r-kG%yaOTT4a&8V;^XWjvoAw5(gZTr!}4Vpe}CuO*(5fA>S} zOsg!iJEd9Whmwe%4q1S6OHezoYnnjS@yO>Enuay#iCPaUkf5NWxMB28!LIc$GXnZ8#F@Y-U||2r!Qs3 zmg13;qx1kUq|i!9^VuQEmE+1}c>3&SZ=;l{b#|g_M#A~(PFhh1urM+yakaM?psmhc z`71H7W^X~Pc#A)|Oznot{w0_AtahBnClYcSD)1CAI4)4yoGsVh@~6GDL?bJe7bsqZ{!9O97v3jg20su8?!>s#}ZzL1B$GyRN>F zWORzzI;P7j?kAh-S!|r3dOhGbT@u;33TFRbe9jk1al!mf%8$x|GA}kQ%_tFik$JXR9ztS z%b$C!@jfkoM)>_p4%ykG9PkfdG&p&4IxOU;GT#ecF{ma`CEztaX!>P1@e&rU3@0l{ z37PbR`Wvnz9G%XwQ9u1}dEjj7kog!|jK3yJ{JMGh>_b9dNJ{mYTJRJd3>#DE;$oF;F`;&q_4_%!sEsQuf+JM3 z7}83HQ`Ca5iwez8{qxap+?DT=kp32xM+pbND)1!#+)^beY}JOANNvtAW>7@UY^B~G z*WEnED(bMR>8;7!<9iIqb9%dHt7#NrPhjLN=Bw7tA~-G&T@eSvLY|JLDQ`7o|;ji zyY^Hnqs2T>J7XXG3;*cc4xm3?|66-rmOlUQ+SAVJzqDt;)C|ig`UlCMa${I_>?oU6 z0}7HIB{T$UH%SDN)ubb5;~~AjwI@#3_-|gddHbHeum}+XdVM2=3*-SfbOFu$Sr4C z3k=GjV#F1W6WNpu`25~a2^kT2|A1AyQ~d{4ZPfsPRd3M$3sz0bxipl4xA&8lV8tq( zdQR5yXa(tgYjO>cV_j@bW51AMu(0a8N)$LRJQ^X@HpbY01@8-)>-u%>p^1>y$nYo7 zN{g8zvk_o1dJf!n1*kaIG5FO3s5pN80D!AA&tL&XNb>N16(LE6{^>VPt%R8~n+>!4 zyWSX1T?Z0^U2>Yw-n)f$;SV220KmryZ(@h(rJqhVeVq93iB_8-fDf8o=^s95Psx8K zTCc_FVki~+F#eHf4V})9?WEI2_(QI~DjJiRaV0VMU*u{M{J+T6hE#c)wE%MUC4gMr z&Y`jHAW(K)UQ%O)&x|65H^BMA0B}5iw~;)bdZcks82596*8kh_+^wX2%ao~pvz0%! zDesuO1!y%EBpBWdJ@HYtdcuPoH$;0iJD`39CK;IoK4R39aqema@AhWjZ$eI0VJ zj|#k15FP<;Iy=x~l{FbcsM?Z_LMXYkn4FJ17#IDw0hTcwHZRfM^m&I48PHm!2@Z+) z?YPaQ+XKKH8Pvdvvs~fEn2SDNJNT-4EL;ieU(>Q$A6*du@;iTeO~<6+`ZgVdgzFRd zEf@b}X#x6k=-LaZ5h5-+Bi3eUjuh;VBW6YfUU|_pv`_#dTjZxnM(3(-toWzo#an#B z0Mpn+E1)z~YNYB;{QNc}+VUqTJ-9@&W&o`xMbN$(J70~`w1B{lq3Fen(!bzK`k>ir zi%XB0?;KF^0JyFCs$$sO;ZE$HUOUGfbTXdU;2sJ{C9IJcY0i&VW-!-JSBqX(iyBmY zth&h9;?@G(JIA{duLL@dU{?}r9KJegXF%QZ;=VeC^HPC2fUiB2W}oXruf&{pwlH;6 zu^zd7tb?z->ju6p0P2Jt@a`cD?|K6{Q@_)1qVqt&@ayh+S|#u@c#Q_?c~=q@#8LPk zlv|ZQ1_0;wJPE4Fs-sE#MA5Q_0Q>}U1-?zG0_0gJRoc5m%7UN@`(7LFlZ?;lPAcmw z4wQHaoOmM=P<{OqN5tkTB?p%v=+m~Vtsla4Jb>-uz8m9-;XB6+R18@5vZF_+0I^~z z0^oR0ijXis*&y5-ES>-aXjx^x{F10-+-BigX%LsbsJW*~hk+2K+OY$+rCx zcCUVU_T#yK8&}$sqKDP<_|KBoV-td#q0{3lqkgxQv}9>G)rhZ9z4`@!3?;q$ie$JP z7bqlJq}bFmC+cy0$q1PbfjrDP0wL!3tsZmU_=MK zfzKhfC3fQE&w>hQ7IWL~qMdpmbkxx+d}>{n{;bcCO>5^NZV4X< z@F0T0mPiCTv)dT&cRUDU@V2T-O%QMbL|&Re2sWU2%H3GLtD1$QyccXhjUeJc=0NlI z0Fd9RqEn7D;e}1VHl}|0BZ#jx&;|_I&rci1q#3^JhtR;Sr7!@TiM7x^NAx;i;yWW_ zoO!lQD77|JLA+tZ+XoTn9rlfJFlvNqEpHd7B1d3@(sC3S=>G)H9$~k}NMu9ce0{V+ zn~%4ujEm3W-)T?qrR+)kmmb)h{~9lX3)(bKyr?77Fc-g_!EbW7=eMGg#(9vBz*0cG zu>^ODyUxUP2WRhw)>U^an+dZTl#bTa;JxR~s=#Vn6{QD|vSU?|1!bkhhqT=UvZcBA z_VV=3c`_udA?Y9JM#AaGoxM2nL2kabu;M&gd;7KW`gqu6XJ~`i}OuLthfRu=87U?seaBPu6 z$L43gK_c}7VL8MTH&yr{n~-y!ql0XIwaDfaO?JdM)V@G@57!K zHnBz%B>-5^>hjRF?A>=&qgL3sPnM$$y11K!xnA%3xi2HNv*9?NsghIYBl*S~>^#;4 z1KCX3H`>QY>FP-Zzi~~L?EBZ*al{S~nMQ*HMirA|N>g>}@@AlJ>zbpaMZL5lxAn79 z9;vyEUvqWrMGG7C?#4skqAR0}E>knLe-^X{k8|9c4$#69ef2o(JX1ekkMcx(ZO~!j zM)+z*($5$BB*-&9aRqO;D=5x$+`I;&(>SOo-KU3!pyxmW9Z#L^aj|kav+u2lgL)Be zE1Fi1yNVN)#JBe2H?EJ7#KKteAuEC`U%ZTL)4by-#4hw4z-aX+vv{Ft8p#IW`s{WP z{D@?H624&MAUZ)~$RUanK{-!{w9|CwSw?7%(!4}A5ZaM`)v$J$3Xd6*^5EC3Hj}A| z;nRTOU&Se^$Rwh=D=&q$xqxn>#i(8_VT)8b3=cWiOr1jd4t>9sBN)qD$#}kp?^Ieq zWctp96&F}??`M2hse|lkL7kX@fh#AEij6;x)qsoeGcJVj@>vzZ@a?3dNNGT%QmcPFug4xJ=s)}%svDG~T-(&=IV^O+*7_xcRk+8cslMXe#;dH&Cd zmel%3aN7O`faP^5pM5RFm%Ibj6T{ z@wHEV3E&Q`j{)LKh6eWkDr0sN8l35_-^s>+$5`w7Fj@Oz+*_?cnFh zNg{e*ze#E78+{oReY4r_y3Zp*_=|<$<#FR}iEA2A3OqA4U5V$}9W zJy696hJai!E{EVw?l|Ik|9V7D%FdS&h@+Fb;;92JLLP9TI>RutW7URrm6JKyk&EO9o@{BiaPg(LWs&F$~`}&v=vpd`O75@3%26wkpAa-{I9{ zK;gO;+;gGm?sgvw=%3F=1VqkYFEt zf)Eb<`x~Co^cHo<@NmuVLH&E+ z@~pp8uc0J>P0XFH2G!MU9&t3ogck7c+Dp}6N#nhEKVODHEg`2;CW;Pi_Fl<=9~jAPLEFgVxB z0GlrdjX-CDNYeEBS5pnw-#_V!eO*M4CsT2n8Cea3tnnp-9d=s>dv|8*KA314Fw@po z7y$WH=Z;K>7I0l&)L3GH8Al3OUkJU-cgYUMefN()!7Lb7sCL8|({$iL(#w6WPs^w6- z1nAkqt%{HwT)M4iV5ewVrIPiM8h$&9E6mnQwV?ctr>GoFPobH|z=_i1$SLNJ_|&x7g;(AMm1 zONVYxm62oCSfS0a+Ty?X`C(n%DW%8^=h6LC<~P2#p+ftyq}}9xJjx751AAx5+RC;5&S&{q)|S~{2l|8kYt0GRU3@$OHmN0&PR&B zX((!GhEepOCX665XhTdS`}sY5>F|TSuxt{}J)^Mo)yBdrEP{l1i7J3f1zfsLtLI;l zqJ-}-(4`2gJ~Iv$)`f$;4_;8my{VkHI$>mwg?15+V)YT74ir)xBit=mXO2IFV+fU5 z+Cj^8CEnb{>Y=NBueHzl2=&tWY|Lnbcm%q>Ez^;Vs%Y!kf9;=WdO2F>(1_1;6chC&=swa3}6t z57HQW654zoNSU$ zCz|2c?kzaDu3F|igQA{?u8UwuQ!3YEcuj^lIRi@^2DVRap=1v;B&+wn_{X=(?J*)HljYq&ZN56_e@7=p945g7dDVZ(R@B$V%J zf%Efu>!+?5Xmd{ib8nb}6-J*`;q@;-^uhbfXh9Gx@QLvj-Qu*^aPw+%#%c|?S}~!i z;DxXSp5j96vEoqVFdH^Btkf}n<&&~}h&-bGa)IamSe#1-I^$-veUN3$kyNBy9lcYi z(=AU+(z42C+OsPjJ}@vhKwZ(CFK0^6ew>=CxQhSrgDio74o|GPlIV`Hy2$c*ytTHT8HZoJg^wvkHn_M@2?9Rsxm&>Bp%w9E< z(Kb>?(4gzm&|gy1*mwqifCD>X@Y6Y*c0n>bP>|oBSK3>AbLjKs7Cp|Gg_tZAaa9$- zSzABY#crY<^bf8GdWvu;X#P1*P^Fy`ga&{85$hIG5kHB4ij7TB@8m9juo+SB)J7US ze42rimxX@d;ib-~qc|Z)`!QviiGwV0UuSh=9n>?BGRv?_4>vUSSVa}<_Qam~b*y4_ zg>zJXmtq!0drqt|%BR0r!D7=c}4EcN{D^Uvms6W%I6}$&!do-o zT$D;HV9Z%2ol)3QEo@J*>h`Ix4(9OI4Ns)u+`OD~Ws5bwwD@G$Q!Py(hW&t|3?)oS z;TiGuOm24;vvkyI1l`LWa=rLrO?{t}(i7A(0nK>KzX23C{1Z!4v$7>1)ZaEbQnV=1 zaN$%bV5n9NAAA4uZS}EYDRJ$9tfI}FhA>h+v6{B3>dVD>@y2MFxz@27OzqWl)gdZ+xsjTz}R?fS@9C8BKS{{V;DW{|pgA{f-r1*r}@9^#n8(6i;#F#QC+#U{{G!gpoMR zOgH@y!<918qzPPQN{#@KSgJ520yVriBR~6e0=2LZIWBBov89qoD<_#97f0ffguuo# z%UhOEQlq)Ap_+u`BC&BD^0&--(XK^9@5Ya_B_d&jNul_&8sZ1o@aPi^b-jEd?X6&$Fhw406d))cF8hyPBEFUUH*Dp?6iVA%H_UUY{Z$RVR65lqc0e@%h8jA-iMM{a=;KV8)^H(iw?65tQ<(;=K` zB`He4lU|$j=Sf#xqmWoSBwW-EDEvgF^+M1yt0dYgl~hH|FnccBfkJo_79Q@0$DEtI z|B=gtxa<7P7!|r)7eK24y~Z=38SEX^T6OnC)bqg4;CrEV0<;F)^mEX+3TExz2~;{` z>`s@p_WV?;Cltz-U|aAr@pivk+{QqtyzW<5MG#r45is7`kee#rYfioPuySW0%CB+2 z%H!gY6;P^nED(-L6)g!cG};@-`@#cI=g`+zw1QxEI+fZVB5q$;#(Q@OR8sM;UHLc< z#uEB(wW!E3X-ABH6#C7N;=JDs@3bNfXK&`;s@X;lLqm@xO`c<9Vm(tdK^h4zX$uMlLVg(E6rGMtv-H_nM zzvtIZXk%}ObSvMvj_tzDoBOc(bmC{g5^KJ2E*$^1eLz2!yOB0QPd|6t@P*;7Oobwn zFms!pN+ErHfz)EA%&tJH@oq#*L8ejwRahk5ob6WrqIsY;V%ybwVWWEBr3m{hy~xI{ zxL9VfS9I?mTdYxe15YlV^trDLtYevMm5We`aw}*%o8*_7DML|i{uA0q$9JZ#p6m5G z*%3h-G`+tUS7rKT{bqX)O`%W@(~fPBTQ~pST**y~PUC#y?1OF2RJ?^vQyx2Qd^b%1 z6-(*Zw?2-=gS|>=0Bo{OPwAxQI4|$#vy04V-rVLnPH`^OxatkkhLndG9>*uIukBpm zQ{jJmJ8PF2e`+o1A35)bCyBf&?Sbkc=HbJIJ%HW?cnA4}_+*NnK)yR`Y?m*ljEb?s zf)ZFx61*f$bUsLyTiWwbq=Y{Ru@X(Jz+1sX#)UKm|K&JV1E7r$WGE=5yb4DMBDR&e#@ibBcuQ+t-9tTyli_5tE0CkZ$D<4 zjq1--wQQZ>qBT_9Y#{BwPkR9Sgx*kyS8$;>x+>Pk-<>w_>f(_84tdh5g{%{@BrYMip@PPv-#y|hU%lM*PQQnXwE-v*%R{EP03%3d% z;v&|M{^&^s#qjY$qTWGWZ-$X}h($H?>j1FEVzQgL>MhWZtZ?^We@=6AciYyscGfADU_ zBIDQ3*r~iHy6g1KglH4yoAoak47Mmb2mE7wW%IA~RS=|C;}-GUum630)mip?eYKZ< zi7y12221jv_0>54U+b#^PWc+@cO1dD`%d&`mm*47h=k`{DtaYY2>&-k`C3z}iMf5_ zqW&y70U-joMEBz6--GM8XzlYWC*#?XZWKu2@4?lnTDkx7<@@Y6?gdW~6I)9@4i>O( zb!F3?m>y+tAIlH+2&AnotpFZ#R)O8+XpBHc582PV%MDt=vZ;+02$#<5Lzz0&el^kj zqb6t%*M?cfaQyIEa%?-f>oON9!Kc0-z^l;-sL8{86@joIp+CMy@c|z9B5Cf(ts&;b)-8#o8dbv1>vj6-B=!mVS9=@qSD)x z&EOqgJCgo=)b@819-K~6cyAj%?5$({n6V{a)@!-9%1(FvrDxsO)NLF87!JB##?H=N zRHkNIA0c{tFqRW;DC;t!pzWeRUkLhs74P6U3zg##(WirkS0$HiRN6-H>V5fb1L!+) zTCR#LGT_mtUp=o%toeqVU*)un_}9HD^^A$ufnTE;K%2U2wa^y!b9XPgEuF?Dw<~YN zuLIDcFO4?*n!{LHIr=mPJ|)=R5`sBV`6MDVL-Ju02O`V^^I_j6Ak5Rt)DiMwm$!GD z-5Jn9f$sXAd9cMZf8gWPU%>jd7^upu7Y-fyas=O6qTv1nqa;Kbw1d?4-n7HI_T|G1 zjzR!o18kol?dc}X2aLE*Y66%B?Rs4K(L{i;1MPUxh8_a#68zku_Q)oo^so>HV~hO( zoL%@nRv7lCH9ag1YZ>yW;ANP6lzu)c&-93Z<(lgQ?L|bWKwsVvY^Xp}Q{jWI$NWhp z>`=|#5F)<0{G|l+RSevVhxvV+Y;~35qK5Ki*6q!CBYzV+8}pfiEXu8Pb0T#~Ij?ff zEOoj0w4c(Ih>h+caU@(lPNhO`FM(AO8}~x>O=Cfk=RpllRG7+2%Rgu{Jbq-D!5#JN z1`IS$4m`32jL^$+gzMh0f7S26%bKR3VrG{7RPnh+x%p80y0AQdN87GNg;Q$dsdLw7 z%9qJJKeb<|cKH7z?Ja}iT+?ph#$AKEI|K_B+}+(>g9mpB?(XjH8r%sQ+zIXk_i&o* znb~`0_W9oL)cb>as-Yi>YVL-0ExYE{IJ_-05#>JKe{i$Dt;lu!?CCF7+}|TqZq#*_ z>dgBsYJHlYes;T!Cnh*?Oqmj+#T(wPa&e<9MQ?jDb4IDX__*xRZ6HN=ds4PK zxZPFb(?N>~I#~7(YI2lI$ybCu_sm&Kbo zC2@SJvD8(Pzv!T{kCxeqKXb=EvZ1Z-s^ULuVO*DQ4~-ISxc79BuRp2;xY7E%s_{kF zSk~Bx#MpG?Bxv@uOy@nKifJ9SST|y=9WAbA#CGV*L{QmhzLw?)*6O>Q;tbJfKF(Y10TgP0o%vPh)aU-SzI9{FtUO0-v8-lI+?{)Ky0Ll0?_y zA$)cP9=7p<*4v9cLBgf{UVU8F$qh*G?WrRx()Kg^Ym)amN8K{-C(ssl`uu$Lw6zI2 zwlr!_x-48Pbrh#NolqE@MOvm-aEB%OmT+4l3vRWXAD_n4_HNsZk~`dpKN)WRbYiy{ z^C(-Bimy`sDM2uD28O(@ZO%pAK>K@4w&#K+l3=kAAKQEOCY>lJ3Ww^;u{qupx{-JoT?`th`F(2x3PFzqc<< z_F<7gnEHv4s|#g?f7szpy#W1y3Qv;G8gk-Z5ZfqN61yi^O^IfC9YQRc7)^grRPb#7 zElw=cO4a3wcKf*|0fIKheuijNh79s6j`GjpLq?B*N$6K##p z9#rSe&99vuFL$4h9K~K9&JP=kc=ZI)WpZ`*1zctxteE%Q75KMaDndf5S{y$)FQ}*T zMgp4nDA*?MF?Etj8LRM$GGtbObBWNNe#A3fK5Uk`0^yqBrh zMschIr+d!zQ**&rO>3XF`bBq5=(-`;NMi@EI{bQ_QniKta}Z_|0Uu&Ba%s|+9bn7N zu)Y|>4g!E$Chm^q!UEU>w!~R@t22E~G`*q)V1s~KYFvs1G!G*~n2tZSu#U6UTW!Gx8oOBR3){Rk<@nPlD* z$=P=Ws9_#CgqV-H5W@&DxJ1oCkAB21dzp}92q_*{DIZ;?5cQjrkoB9-z!r4`;A`6b zA8UghRTeuE+O)(3!oNHfou_SFaD<}wX49{&DI-%|u%56vfs(g99=FKT*UM02K-Q1r zeMqrJ)nr`pU4k5A!#NU*O0WZu#(|s1ty$;R?+14$tjABW1A0vZ^Pjo{l?31^GGKud zgM(Dw)WY&1_sdGF6RJ*VJa0h(c+P<(nSLbQQc>`6bNkNL_;6oM`! z)3dWX3mNHEP#8Hn@`md*|7)nnmcD)Ld!?<5x&|hOUSgC8aa2|wcbU}ON`-%F89#n& z83VBXoTgOG{cQ2NmD$|A%E#_63C`$OG5!PO0wi-%A3fH}zXReuUdj$&GyEfdOBjA+ ze@GY()I&-lAT0h764M@xRFea(i1a9yLG?c&`PsdiC(U2f6f!xKquUbJk+39rYurlI zi?vt{!e}r8;KD7VK9N&I%!{+Mz>r;7G8txhlbdSK6=2qKo3Nt9GSwp*78ahloeL%S z750jm(9A=dG~sgXRMycYX#-S@=-q&t2LxfkF}>B@UeZbtp1 z{cieh1H)b)hN)rCho<*A54J3lUT+cObaW+*xEFPaFrF)<6CP=EGud-)$=Z( zU~_>gTTC*7ZVk$&yRTP$K5F|y7ZYoGg*lB8m!xiV)ciH5unJ=`SJSh($+VhzQ#IAv zsdH_va7ft8$le9~~3FqfUWM>;8D#P8OW#lqfi;k5ZSiwd$ zJ&v3C_ZhHOP^AsR4Gg8M$;>R*a#s`vWi8GIHJAaOjD( z^1ys!K!eqzi9Vi%%$+-kYR)cJlC1RMmt=#(`1YbKO^;BI--9mgA#l(wAiz!t4V?Q^ zr)i*_J22PV;g~LR9v{#J?q2k1fmLGa%*q~j<5U!z*kBogw9J=d5-s`^v3ziaC(bU2 zj&Gi!f86NiX&4WD&F`e8xx_m1*Dpq5tuv!U#ek^FWY0Y`pR_1)Wrc!dOkn14UDg|v z#Y0edW;;TXfeN?zT{aTTvXP%y%8#aifRPxZAK)_OCO6A0w!%ut(Nf>PqAJG$H5+Z2 zw^ZX$$GYz29D1_*Y_T%6cI9bo0_*?TyAf94C$%Kf73)lP z)^GUD`pk_u|FVdOxN4z+Qhhjw9)j2!Noigd72|PES;6H`@5Yz@H}A&41UaJitWN;y z0=Z?T0U=VU6gjy7Evf;G!ZFzRfmUtav?dL8B)71{TU(IhlsErZDUykneItRGiv{-S zBkNR|nJLzN{m@_Uiz{d5Ev}U1GMj*#Q7{Z#4^Yjhc@DRpq=TMY_&IRfR`t5>`)vj) z?z&L+$Lqv0`*~%Sr^S+0xBZ!mqbE3kixTH6r+N^wdh>(c`qXEGhwvlK7g&;-L(Z@-DbjLveMBF4t zynlO|>(RaVfS^U%@U_1krgeo>XTYvnBw7c3QkPZ1PXzXsTBDmQK@;1@ok_Sg3vo1B zp4um-&1Y%BCysqH$&Kmujfd32044>&!&EGeLq)}@QA(YtZ{l$Q3@SpG2b4OuUA14E zm_iyO1&CUKI~!A`E&{K`AsyhEEGoSz)D2cd1#v_Tec|CL8Aa;mE^+L>kB$X=oWBr0mj`~80C-Z89 zX*>5SVV`8j2fJbF5=k$Qr@dkfA#1jj3m1XXX}+lEWK|+lAN4{U|DoO_SjrNWZ_pn9 zP3|dYamIn=tM#A(z*05voAk_N_hx+tiYP?{*Oz{H(Is4*VaUtYU0BG350Cwt8`uAlD74 z@G}P%6jxXjh7Gz#fKHxQ2v@i=oU(ZxI+xL_RgSki>pV`MU&Ep9mkm~@8@rn4muX^X z>vZH`4h@#`jlnRQnJ4xI1!DCN-DL`bY4w)E6$RWc*h8cY^1b2Ep9rJ^^{=M9^sh?D zAk&AUA`V&V-8@5Y5Exy3dq^oXqI>e;SNwXw{CbSE;0fyQK8~)w>SKV^i}y79YZUZv zGWHnWa6ooH_+Ckgze6~uTR)t_95C|T--ia7Jm&4bO6>RDcQKY$8@K|(2C)efcSbyo zq6DxgVPDc_2r*DWPwhZ;41+6Uz*cwP0ss|+tcsA#yMF=X$6AO!SF8UjK-G8X}m zU9gF=0Kg*1lJ}qhLt=6OkWVfKL#77vg$CGz0b-c}AzXrhkTxWMAvqJEA0Jx@5Yi5h ztoPO(`IlQL!I1G$LOLNMa?S;lv< zd2%U2OB@|sSUDv812;kglT7isTTdirZa`W*=3lgUGVpu=Y4NszPMzy4acLd93s46+ z@%g}2sagyo7ydKf)ei~2tNRkp$gSVHu@S3kK0*&Kl1d|@3V@~HGrGc9Jo4@)-<``l zXWEVl0Q!Nyp^)QFD9Ejd`Z7PkNe~uLL?2JQs%qSr4eg>}A#am&4#1_5?=#@Rf(qne zJpP2}GMs+{J?SF+m?Yws|=U?m*2TBiu@9y@g7JSu3=f)}!-js!fB_uHEWxw;y+ zW*hiJ_eGi9m4G@6`{ILqw4?(0I1$f{a>CI&3vmEFWv@CYn!CM$)(+w@iwf#6>*b3_ z8w$dCHk<Q^X;5mU^v@fnTT5@CRj)JZs)fYn`*B^3=qx8pzc_Jk<2qOmh2~{1^-A4EGXIs5-lGzGET8LiVR|CoP)k11M1N z`1UWsL-0?*Bh>Uw@CYM(xn!hZDxq2Qv8?f-$&Zv&2l{i;PEn_|av*>EbH+9#6_taD z^2K+lbbW(}j8N%6=9h$g4*KoP8P4+u8LWDeYS>Od+JZMsPB9>BWhmxn;bC-th*0JVepDg%{xdoKkoyvj zEXvTHYK`SjqWPXnMmsFU1#Ee?Ef#e(@E;E0Ujfc4?=KxXKB9J8&OyFPKheD>Z8#btpLdkx z?pjeHSE*OxCHafb=Th98y)tReYCjpK?!snD^Owq)em0 z7!MkZNA#`7qnId5@DFH3-r+GZ#Palfl1BdjP)b6+ zZ}(=paIPh1>@c5YLiF=9$`eAgI9}<}3#4G|V_7f7$QX`45ZFrHIYb15e2Pfd`Atwlu_Wq*3ThL6D{(9!)$|yW3aO2<%uKK9v&_zDa*5 zhhf3oK9-4s%_@p43C!xmJFxMo3I9tg;iK4ay(2h*d?|uMYf}wvY`!f+T4cA>~W{(SNlrj1?f+JA7m94Lo zBUTB9f|J(!_Urk)+$`)3MUUT|Py4*OY+OAGRO*WpN=blg6|T?vf5?pzQWrTeaC0k% z|AvhurI$49usEHSP*Iac%yR`)s`YJ_qrXV^lXy9LuA~OSZ5C-XO3z2k z>MRze(1<(#HU@`#^m6ogk);8(A4%%s`@@bWrD!_W`^}9&ht`SZ<6PV4& zZ)30~rQQq9bSgB)sFEJlIe|xR%@i(%yW744_k`d>DYw2U!#lb}%2s6>!=k-9p8dkh z*KHwn@-I7bUWw1Twzt_=pb`Q72C-AVefeo^H?=?TYYB~0cclj|KK328$~V79wIZC%FmdN9o`WzI=)ZE};9YU2f%);N z{VbsVG_ij)U#Auv*+1YkoqJLDY+P*er?E$5hryxi6W)NPu56HbE^{w}C|sflJ%0nT zFq}Yx{ADG(X35FfU}kF^J#@#*fYs8LC1ejmJyaD=EZQid|CE+*ec@dVKGhiBBIuLx z&yR!zIcmcsYiq4p*7MgY465N$Phy{HtIAiotv=(XA5ACYn)1EVhg+yQMOMDCl*qCU zQ1MmzR^ozEd_)Vi$eK+3MaG0)zNPd;R;OELB{F@K0@H40V!H@db`f?lK}gz<#m-#+ zN{S>TezRDlYol$|JK8r0Sa1%0P|tL5rTy#%@NkB{J*mh;94-bru45;Gj%&Arb;@PG zvq1*C@l%Gu3jY)y-xP?16(pvf56#joq{#K3mQEwAs=DcuN!mQx_T+IZ)%{@IbW6kV z9d8T2nAkEb9Z{4q`YQvx*a2P}x~P7@2~R;+^;(Jf*MV0GmAP*y5DSDl5w?JS3k5+| zQ#>ajf>hh&((yAHW!h{w9kkel)u!+iLF53NVaREL6L-qZ?vQKe$&I^HRXSts8|mlDJy*n)%8T-cMD_S( zBjY#^lHdfOa5IQ=qk{5e#k!2)?6Hw~k3_yjipGvlp~_c#B>Rw=p*DAEoiR^oIU-4? zPAa`7->tL-7pULz-3xh4K?1(1T+*^eXO0So$7DrCgPVS_s@oZ&seA`)MMYEDAVgpj z9_pRH(vvb{cPF7t@VopRm9MWW(TS`F(Bp<6TkC*N%jN+7UY!G}F&p3XJ!lZ1BH1ki z923%MN?lOc=?l+Pk)J1pVI>)A&tB}I{e60&Z@`f)LCA@e`Ab@n5H*WM3ZYeyWam=m z!Sm(dg7eG)@-L8}6guefzg$?m^~xZzHqD8#yQeEY`{o10vKjCo*w?uPzFPq#fI+@E z0NE}tK*Bn{5iu}Z zVG%-y;2bFRipa9g4JDRbB{p#w5DHXF4m9|J<0SPf$rdhTLV&J>X5~p0W)``2*g7@} zWr=6dP-_>u{_HLKbOPJ*FZ~(9B^CXCP3lX`KU^S-cu|3`zERGN)E2-7YxedR*{%>vJdFF4n@CazS&;XLu=>N$U zUa#}@f3}5_$X}>#^N2-A8Ot%^z7y7%ajBL073ghvVY2_fcZClr{^<(mydoh9&vuiO zCIQ-O$csS#9x=|nA;wZ$g#WE8-0H+TZ-b^76EhBaZfH`nglre5#EJ2@R~+N|UpVqc zc>52&vB3Hc7g_|i!U6mCjdHC22jv*|FUk=ID>)DLCxnSZU_`ROm5Kh&az*Cr@35F) zJ|@(tu7j6R&UtL__@~dSDn5nl$-pwTg<*3Xd+QV?hQ#Uj2kbVsu{&Lcla({~+OpU9 z3VX;D3hxj%TeQW8J|r3 zlWv^a{s-L{>YDymrnV1+k?Ya|SnyO=LK=qNc<|s4qy>i4AL5EfWQ0Q_>w++Zff=%S zJ?D?OK(=vk2luILf(26>QI;mqZ7>yWb&lhHn=ujSxamQ7h?+oN@CUVl_HL}GUq8JT zliW&}T79_>jy#3oEGGD2fZ$RxuEVfy@MK8mIxMNlnoat_9%%V>4#)O6%g9>p*rsXD z0h)iki#;4dDkctzk5Yq&KXvd{!UCNnC)e&R;o+G@CN>A{UldHdDKV&D$PgSSCeSD|BHEF@BaY&+#=wHuiRLj&%vf%bY_LjM0DieT@i6jvKTz6e^Lw ze7`Rgcj4Z)IjE(*;M<*D0g2<2yQ?NRg zD@Geh&oWqEa#(+{B}rasjw7aIYM!H7`!DTUMWPEl)LY+~Ja99PE1@3gK7MWy{+$Kj z**oTm0H!FOZ5>YXMY&IJvvsJq7i2PY+-S^HX-HUE+Qhh56xk>amy*he-LCuSW7A5` zU_%-NOfvDo*~bX_eb95I{OgWERaNNC?8%lF%AENx(00WZ>OGN4JZ*ME6SGO@1@vrE zI{apSHL~Gz)GG?YnW;XaH24b9-m&@i+U@aj>~+m7R-b&B{%F{R<8Z|=RV`YZF6!;H zxvC1%_0i)JaEGo4dX`SPgucq2>$hX%*CF68)zi7e#lxeG4L68$!~zj;*ZL6=kSAs6 zd5=T~Q*S$USelXJLvaG_YoCP-$UpNqc>0mW)2TtK9oVCdPRCGav#|&Fv^B*xe&DlPJd_#2LwM;mIHHJsL zA(5p-oqf1*$OKA~Ut>{p=CVqwapBE@B6aqO`_B71nSAxYpL!51ga+%fKw^>?RII>EB?JEjE|%ryV%LnoU=&qhxFKdw-?7dFms>Q zoW$u)mB+Dn-7inTzfGX`e9zFXKB~8lLr;Xz-Cn*=fIAn2T+mghmaauL-=|%4Gft2* zD~WlqJE9`<}jPaHB`h*LV(+Z8)2FA}nZBdL9ZWf{T_GYMv%^V5xnX=;fpr(P6d#o5^>etMgt+@Xd*IDTi|z=Fa0+Ae_TY2*+9c)@*<0NFvPfDP`EDnKU_VMOa@ZiG7SsvF?c5^CO5 z8*I@g3%Mrq4D6Gd#Me^>o;OLwRg->KXWIfdO@Rs2Ly-F!4n<&9tvvZvVZ9&0v8H8M z#Z;VIH;GiVpbc7-3?_}BqiAeuo+@;|U0sn)H*PIR3am6y?(rr*z?_^>7Z_)(z+>*s z)ha`vy+|+C8Hm%DHY`xB(V17TJWMiFHgp133pgg7ph4igE#m2yLABdM;UqSQHAE@Z zjdfP0dk+t67KlRyHVaU*?{PH z!TB){O4P02sl?v&{CO2_@_*?02Qo}oPrIMwGWQBUs7N;w6^k*gG66|T&2Y)KzrfKP z^*1;w0Q>P~8R+|t*Z8|C1O4zn;3)s|Ta`gemR{|h6)?a!^jLJLwR(6MkFRqS%GPMb zaQoK3)R#Cgc<=7bR_wcT&J^W@I4de?xicbYV#yZOj{lvL*CAwylgE3l-ea%EXsIuL zJ2%oJe?}K5h!?@8(%3JzbXb%0;<08<{Az;Id-xA8`17A$@C}6DUT{*ASr{D>P4-1c z+T%Yh;1jPFPFzDeR{sW5DJe5~jCuP3fquXe-LEb>;h8J3?=@*o)gqAsML5DZsFshUXZ&V71$RkiW80SOhUk%!W~!Dr^M- z4(D-6J&y5#nLz}76K-?|8vA{~-nZ`IMy+pPl?n%Kl3il&5e=uR+JM*;rAD8P>#VFx z@mz`nXWGh`HL^u?3@cd@0_ibwMT_jAdeQOtGg0z8FR=v9K#AFKDHUj_^NG zVaiKesCk~WyN9HG%s?gFTK%^Y{{6ELHBO)L^KWQswQ~{7tMm^m_$Q{7I$(;C;Src( zkOry-S!NIdvw0| z{?@^9CXG)H^?)J9$Z?m?kee9SZbCoHP0(F&qra>yX2m!jp#bsS_2OSrXjT*xvA`@K ziW=@qB%h0{+-cTC0f!jHpwQQi!z?_Ka!2|CnIc$ufesOU7tF&tBv(J3xDJvucHdo5Nrje+zjJiO57yqRdKRNgQXRWN35O#& zb6Qz;_xBk!^ie#}>u@;3Uie`E+$ifwkghliD(;YAWuIM`#APB7&MIS)SM`Ha;&eup z`tZd|!2(RA0#Lo)E$aq$&Y`z(UfZ8N!<>1(Xxa?qoT-c43WH23JcycVVgBqob=01T6Mt6ONPpzpF zJftNXm`g&rTVqziIhzc6swZCb_PfM}TuF``nE+ogYc@8UUjjLd5x9JBtsXWmq>7!W zSfY-xo|M@|*iPeYQboIhT@x){OhboLS&*~7qNu>UD>RCia$G3gxX*>%mALoxW1~KM z+{MPt$Yl&7@f{L{53kbcNHzk+D5N8~tm}R7g;|E($l4T`n_fmK8*V>o>-T=X8K|4C zF${R_!Y*m(;Kt8{+=Y4qU*{I=y6t+&@!G9X={{;AQ3x=?_)FNuqDuQ;k+mD5R(LB^ zcUIP{qcj=*Yys+wjm6i_L;5YSLTH+(e($nEIPKAGO3ci_=Uu}F2UYG1g3wV@z@=kx zKZvybM5A4#_y*lP$Oco?@IjNpfKjbcilMM~PT>u%tPird=u^zcRSZdMn}Yb4r%mVO zVpUnr$N81Irv3~~4a@FV8OKh*B#QxCDGZcw63hm#+XLe%heE_(URAKjRHX&`xe`79 zabaP_V%=+1;^b_W%vmj?KN#uKGeP3ybe8N^75FH668MOFxm1E%(;hXu)bB3>1f3bEe^-28;lrV=3r%SA@-`5y<=8F==vfeg+z|77`988H_&)AQI78e-KIo4@ zAerv+5Y$l6BD(e}Z4Hr9MY z@Y_JwdrT7lmTJ}aZ^ljBJ)m*3d@RQGE1g(`xYyqqH`{+3H?yygDWPU0bH0)-SZch* zp_-LRRkzsX+QU8o*C(1+>bF{AXC%IOn(BGRa zp9)gQ75P8Ky){qlj=^;2D z{Tqq6G+mfwuGGF~SPh50%crej7E!%#<`^dW>(`cgGrx6$L=?A0iS#$oU_7K~dzVFA zu8H9zC)pq!&(DFibB%OQ_f*v^*vYBOMt|n_SYH=9f*<~!Tx>)Ar;jndEJR?&QlrC} zsFo~$3L)gvn*L;ENgu1sRm*~sPg)V@Yq3dcW>)K8J108MVq1g9g0XxVW7JPl@2ae7 z9Y0=*z%O{u-Sex1^MnMD9EN)jzZFn@|GyScrP?e23#f1~PtCtsPk5VqaKs2V@QfXV zfHND_nhqMC1D76_3CI0E_f6aklbB$>h%U#rybGsqZr%S9F`9lG*rGd=rB58tgcjJq zBdzgKLj6EZDfP?ByH9$ox{V4f8Y90k+lov#A`r8MrbTO-Ee;7CDN0C8g&E8IGqZ>I zmf54C^_|O?`W1CC^QzG<-j| z2J?z$wKC1$u6m@s=?u(A=@1p22|4bMurJN=oU&bACmHb>$kHl?Yt17$S@o=DF?Jld?7#mfvV{bpP$%zI1h1*Dx}h~%e45dBWhWdfOMsJfSf^r?PfnAsHGdkL*(u8J2kt@HAOdFg zs%w8|_Bd;q9=TcS_K~we{r)JM2w-q_eVDo-{?A~y{YslTlwRj<8Cs`zg zNp4}&;~NW=h{6lA;)OmP?Gse$E5;`~k zF0}fhw#9C{BsHwkKv+i&LaI#Uopr3vF|x+|v5;{GZ)B7BvC}RFwo2lAGKTy==)%TTCXxR32?%#|xTsq$X?Rm+AH)+$0c<0e;cDJLBy6 zna}OkM*DG)+QO{B#H0D^ABjh*4`5CT?zhngnAsm`#;B^-x*koXU+2~$)qXV5)sI#Z-3x#R@1n5>-lzJgpY1lV_!?28H7)( z{bFkp6V!n!iKMHad3tpLaU0l3i(MEzlLhQp^hn=*Lh< zt0x|ec=yy!FYSwP7eVF^B%JXlWA6QBeHcvTgB{OX5e@{OPV(F4oa)jG!9(RYP4H4EHE z>H=qrG(nn8vRVoZn*9zWPzdk?V;Im264=fc_z?se3RxETNig8GDgro4ab#B0``LM7 zA=^u2^l)^VB{@J+$;KZ_P~dtEQ{YamJVPBIfVgWBfn7r$oc=mE{gA`XZ`+16 zh5L3jDezs#nAUp45Ykyxh3r#>a00Asor6^8hf?C|YyE(#k4J_IpQH|7DHG{CEtdgW;v8~#y7^Qs%c z`)#*{V)vx*JJ;+*z*r;IoYj~U6$HNAPVznWjOP2^1@95=9K;8`BP!GK3*ojl(p*#0 zI>dV?QzgK~n;utr&=L#4PF z0Nw9Y6z~N!d-1cdlnj{$bz^Q%N2P+3rwii`@>E#LRSfWCt^PXZxNYte4oV&=7{rR>$Gmra(qjZrt$*vZf0Q? z&N&R!Yv8RTf}+gmR@+knzkX;8Zs!ZI<}Bfhzwv4cuyHiklmo5^x7`M(L6tegtw`PC zm#R}}!8_fYSDcZnXWMc^O6Cbh)WWV3ULek_q@p#+4a+;5?)oNG+0V^xb{b&P5@o`X%q-+L z!`+#)?x21`N0OrVp;Dw?5oanrSUUW7Bbx5jAB||L3LRbp9N#UL{*F$BxBkNeN%Q;wiyCYpt&HRsc+ z>=@oZno(C|E!SXvbBfh1Eq0vFX*9lNP60g46^Jvec?0>o?|HUe5n5L~p!|vo&qQ$-SN{Aha{ex6w zurk&DgH(j4{U@my%Ec=3FWox?E*P53?J+;&ZE2X)R7e;hE2)9<`tamsmlO*@)TmjuGp-4kdVuA{KB6=bkqJor#C=>dpJc8?eCk= zFn~>HiW32U+9W&vYLi4~hJLgxmo9n{i6l{JY6+y;kaT+-u8FAVbv09c?eDA}{IJFn z2FZ*q%$ms-f0TDog7wmpuh8^BEbeAxfD6>O?+=0c_P%t-Z+*KJfOHx3(!(FaCrE?w zk_-&gM67N+^1+wV`WTWAn-S2nrymG$e=1p`^C!BHq`R3fN@)x9U(OiMZeu}G7^*{5 z*grTx*7#!1C^BU0Sn=dDrIie=VP2e#z4R_=W^vJqs=7Z{amD40j^t=H#C&nXaF3~H zDk0|DmWHhYE^vi<0K(kR{)u|o9*M|te1wr~WA%TgaP2X`8`xHjoh}O-O0I^c+OZ#(I4Be14-fW{6n5H8&CaN8GL*ZYzS@=f zu=GmqpRA;kg;~Z+$?C#eQcyO!Sdcd4r$}ndrb%vmE}@^ips_7IO{Xe}E1tJqbbTN{ zT~@}yqU@|HPN~K-+SzaR;Pg@8G+#(`H#bEy7+AOYPKAJ^%+a;PfxXm8U7S5*E;!(O z`MZWb9ee$fb%ESbFhO#As-^f5?O{J5P!B%n4zIS}kNqrieXm+}AD)jzEPc+pkjXY} zuuf;Y@I8&Hk=^r^w4J#!&XpG%3%Cwu<2hwF@Q5E@^HJWvlMM%_yi59}RCrF~CQk%KvTL$TM z9ySfv&Z(-8&8d_67@Yc42~4y}h|In{05jGR#{(Vn;VzZv`)MUwh5HJ${+eoCMdubs zLv<0L`bkd~_1zUehtOkFWhX(6A&22(G(aPOBZ-VVW zG6#fxC+Z^PaH9ZR-+b=G%s2@@fh>-;>%)l?OoEl8JbWP%FR!*9X!J){E3jUw^e0~s zS9TB-RR;}cNn>`+KuNR{7tQA=ysx_Q=(zG6(n7RaWwJ|_LbO8DLNc99yNo3^7@0{6V1oimhkvFEQYJjS3ae}j!xNY*0#eqOrne{&lL%}sHG zKUPno+KF2}L7->3JUpDWIj7!;v2c`Z1Y~a$!VQ%zXe7ESTSd!PgJMh;o8Yo(0H|d~ zR^nYw>p2j8t&h7Jv|8QWin*k2cv2$d(_S*@Cg-UEr6h6)MPZx{j4H;2DKy>6u~Xdi zN)W=rzLkbqIG@nJHHBS z&kgkwX~vUu-yXKrQ$6z=3!ub2*e`k45+9=Jjlh`cvkC>Z&d^Z_906I`5;8z z2>b{b*yOx8f0+hRyFVJg+bm?FapFC=@B;G;vEC zV-qGTBWIVz+YLz@J&r45Kf6Q}=ts9V#%a=0m$-I~`_D@%X4~@Gch?MN?GVw%&)FCw zQblLkf?YbosmS0nN~c%$DB(owf%lhzJg69^sfG?$D?Z8w@2F9C)uucr_U_e>?{1c& zvgsUQ{Mj+4K%R|{-)OLnwm`F>P!K>Zjs-V z4)1R}?KU)V(#-3B!aPo}toKbK#@(^Pl8Gs@IBCJjOPrNjKz_%avYEAvO*uW+SliYXnNk5YB8Oj8v}aV%DL zl_C#Sc8&O)wRcftCxYq@KTLCF8bW9lE6vYvWlF*}%NECdZ;qU3lPx~!)XEm9_&)In zUnWvqvCX>JeUn@{ljDRFQtX7|J8v_&28!&GL(5w~^NRT|{7^Yj~LafW0 zx0hFJal%VT=(PSk?}S&dzFujbm|P{bx)-2AV5}eTe%KR#=L4{>TyC9T@TBCXq}I3T z*Tz&KDto~BT=XYuF~g&?FUu4&`xX}Y_NSu*F#>J2`Bs6AV+7a@_)=!jlS-(%^~ffv zigc9v6wG6AUnSsm!?DeKQ_nQMKz>2~Zn?yTNN+HL3BHvecdGwmT2e<8$DV@)liYE% z^gbABtq@t9p_W*S|GgXoHFqLr!cH&e4vEM&E0Rq^6aG?v?1M3xE{hiz{@isJH?JcC zQj-x*9#IO&3-IHJOK1v738s`3WG6kDj{iO^cM z6g+U=Cj9M2c7tqn#zkg5RKl*`oPRT|$DR%2Y9m-CE+TL^-qxqkK52 z0yJm#uw21>Wc=Pz0UqQ~w3QAS1L1J!+a3nJorYTQ*Is8)@+`2#`zofIV>M zZ~)%PZ4HFy-~jxZc3*0q2>sTc4!@tyo<22N6ed2cg@5_LjPB z)$OC-@Ar=m55<4`{eJSl{qb=0x4~h5*zX?=hJ*g!`oqEDX!JMG-^`HXk4KsA{;j`u zU&+DUk%u!RngJb~peI+So=^22#QM~NoL3+CrHGpgfCxAT7+PlfrPni`TD z-um1?p*8dWPR`_rsd@%+A)!5k*azYK{upa0dy)st=*N{rAwc`$C_-=MS(dPlKo8v9 z?E5hKEr@wqshKF8LbQ{R61wA5ZY2T8moLCK7V|2}j(D}N0AUki1`at0)PV-?UK(V? zm7v%<0~<0I8B}{v4I)|mgWSGBcus@%QXh^vb1}yP zdyM=?x2^guhYWYrk!+t>&&r{7({Q>;2rB{SW`dQw#y+@hxp`ln!u3CzuLrtmik)HI zdTv3N`CN2L@C?n%tb&sDe{gs>OsxM${lTDJ|F`jEtp5?!Q!0S+Df;uH1C3rGf8=WT zAEDtw*2v1QeAn%LU!3e41kdJcYXb>cSOp7b(FZX``W$1zL_EJQDfQ?@mYiI>lejh! zTb$O^ZHiF6y1o-IKs3C4owHJ`gFx6wkn3YCi#fl7>Cqv?hN^#jGb_!C^5536K8J2Y z@_#r;$^Y@NmH*p#HYESw#`t6V^1qe)8<+c=lJ~x7X-?cHc=4MS_o=78{EwLLgJ)IR z5h(Njjh`mv|9CVwY~}wpp0sB_m(t}W-s(=Cq<@1bdw>|Uh0u$M)uQHt$?58N4#6WQ zR^Xj(!*22=I6kS|G64IalE0D*OgWBtLxE!^T)kp@3e`mGBQ9FMe90PI;8Iy*9eWhD zVa2?Lbyt8#k`z^?{i8_Qf1hy4B?hWcN%}SYj(l-nS~|NQ#Ss@cQu!kivBcKhWc#v2 zywRi!%AzpNnB{Y4*SJmmyr2A4!cdKKP$ibxRR?DM_5Y*c>JF@C`N^l${_8(YtpA5c zPh0=rR-WeVzZidP+47^J@7DU;u=N*1bE6iZ((<~tUz`tHt1tVhD*p}3qYSz(v0&5j zAA_U*Q8NDHaD3Ft|7|?=zeypthFo*G#((@kX#4;4)kUuSi;M&=lqV1TcbJ%v1~CE;0Jwzi z)c-VxO#Ij4rZfNJN@vF6!Qa980#V>V*G7~h9q29um@t4aU<(KmzycRK9*&dxe}B+#<^MLG+m-)6OIEt4%K)+92RIWNt}luT@be(>`KZfd zBiNwc^fNSqK)P7y<#R)v@_SIrk)-ekjWzQw?Eb-8KBZ(R+PABnZ~mz&|NWJ46X!oh zqtyP-V0_f-|66%h_WuM7kvJvt$QKD>`{MXSi3Z-U5)iCNu}&=EW3v4-;xcusCoPmj zL@?M7>bb;Y@XUoXbj|B=?X7}4L9G?ECYK2H0j+Mlw08g$GujOczOB3DZIPl;s5^6M)bOWa6}ww1)xI*#|~@b3JHd7~ap-uJ`sgQgv|UHMFP z;{syyIC0ce;i()Z%P4&ooKlF1sSrQG?8^M*&ru&C-@=fKd5c;8z?fB4aIh46$GcVk zzU_r~N1mGc-}yqvgnsl7M^;n@%k;nDIA#A2M^9V*ZyV3b`X3XV@cNdtK-qhN5*PV+jLT7A7N-v1ifS$;!RbhMi83)$KJTxak~U+%m{7ROCRy)3g*6WUq4 z;o3S{ZuR@AsVSo58&TBij<^b!)zH?`6mRh;nCPM&Uq(5*r9P3sO=8lTApmq3Cm!J%b7uaUY=%rmR@( z!HC*OscrF?_sp%W%KGo4MC4U!8m{B)63a~(lOL>Cs0$tmrQO2}SpjAI_~p3%36!Aj zwLFe21<}+=)fzvBmYkgqH`DnZ#q@N_Vj= z>mW0|4ugYB-90dLV*%xKm;d%0Wd0yCQNv4!8IAHT`yd$vV`#{c4f?~wAN*vu;y+xm z32OxO@cV9#zk^3E zvSm${FZF$*7=<{a*f?Hj>dj`5OWYU{$ZQrbCI~X&id-SB#NWVzm(ZdogX1B%fJ-|0 zlVEsaFU5b42mQVc5Y`QbF5$_*1h#%Xq3BO|GU(4kba3qpx=M0w3sDAf)b;oMXt)6A z24}~J?*#ne*ZH5wiH#2b5c@W<5uR8O&)EVDE)w4iVmlKtA}~yR609PBGkDDo9E&rE z?g+I;gr$GhFLi3T$YHV9*Zax`QPrR{Uc$EI2c;mg^*KEF?7+GI=N!%azZ^VIz;>y- z%e>*5h;qe^|JL4qeEkyqHrPM<{eOF!g0p~y*kl296T09R;brGaqf&}b0uC=Yh~+_7 zcqV-3)BlI;Vv|eV65?Rk?}Jf)2nJ?Z$x(j*M*Y%aI$naYomXnQbaYAqkkeAWGYDob zvD7NMX$E)*pa0oE6N}EN80I6-q0EK4?KdK&LRlN4?*6Il5NM7!wUD8ywNh|PcmreY z;6TVBVG%y-KkFa-pr-4m-gGiU7K5(OtAeE#%#ICCDMhdW)yW_K9KCydsk`9p`S~xC zvkxy{z5X9?0yOQ1$C>YY+7FLoP@x&v3j`u>8H!Wje}UeU|LyJlf5)HcSA){8pPl(v z&g)<2X!g~?^RLJtUk%UwI{))4y`1y^|M}H+4!@H5{41GXe!YTIyYr}%NXQSb9pnbH z)PJ7ExhAp?g1>J3wd1z+qHpD?s{cF0e1WLziQ5Ez_RKkCmCb;%^B?1JGXMMGV9@6O z+RC%~`R@#dfY}M%9bzG4nTTOHOV@Ay7|4AvMgo6i!Ey8qQrHMTztoW>v<)#9^-V0j zaqX4@dj*v25NEcgUw^`S0wLK4l&=#BhN3R1pZ178Q%*sIejKm0Z7z&@J13Y`8@$x&`jzAgA8IvcN-|s zrYn}_ic*&xr6pS20Ef~c=DF_9A$yb9R!w|J;xksM6uzK0Do*XcK{ir0*_4+O!5O9Q zN@lC}sq$1_|05Ay`v_?9`ae7x50d9UhokoV|8|~y?LEhsE4kArN>0^UbGx;*6s*!B z$uh!o9}h~(<#cM+{2;ubm1q?&3wJMVAmiE>i^5o@SOwU02*m!{43f|bYx1fJUF6J9 z-dhwKgZe{YC3%YxNZ({s+(6=ZN(hF|7V_;e&?-X{Z%oV6|3D%LFSq@$3`k^Bm2Ld? zd%*=n1)Ss{xo0J}t^LUpe_1ovUZTZlP8Hsfl;5D(Dw2RrbqZhep9vPDOUj@<@ec+~ zTsTLRxl74gIUbRWPI@kM2;~xbDf_$3ph{UAOrMwfcCzZxh3|XB?YC9fu?1O#+CZ4(p@Dg7Wbj8geyP5 zxd>5tMOMI4UQ?wVRl-j}>#HFrV9Zah73cC#t|ftDP8|m4?erpOe6;0wg_5a1s-5$X zL+Edz1~=I8d39ahP`^`M93~g9_<9qAMgeA3^|V)C;W*A7Ml5~Fs_V@h6BoWqdM|uR zgXPYX2k)^!ZAru6<6U|6={Hw`5Sl%tz%HF zc2GX7{YnHx)u=8j`1M5`&l_SSuD2{`AgbZd8ZqOan>NDF&t6w-C0?l(YshrKuVWW& z#@|(hA>GhQQuk7~JYi?WK}x@`iki#@S6eOp#FYV?hIuUOOrNNgg1O^D1~IFyQ-$6G@TvGH-I-`5*zM!RcpV!E|FF3f_vIS$NdeSO5|a9%-y zRY_5cbNj*-)w0PFe{zJZQ&%pgEF9Hy%+T}M3}M8URd#rSqH?py|5a!IQ)!^q)>2Tf4Eykp z6$Y*?bk__sY9zi!`p6$1a-sRca}l0@G#1eGEQIH;gJGG^%g4e%o zLu`?rd6xB2^{XV`W`UE}!1|KE;JQEcKDXFM$pX#a@&~{LXX@fxw`-YVb3m_I-v|BA*OFVf_gUD~XN$Ny<4QTH!BElNBbV}8* zi^S`y>vC3eD=ls!52wGbiN9+uX|n$M2=WibpAy^AMH&eSQ|fg^1Z6h2n%SiW;|0Ge zt4~qomG&C(jJO6gLpOtR&>{O<e;tn7^WR%}>Ye|~xc@KflS7@Ck#d~A z)~@n}fel{|?oek(jsf_IB{}vV@tX1sR}dY2d=g#|5KpW6Z*L0yLcM>YuzWy+R7>wK zq3a?ODq@sETLd=Sj_yLB{R9TR!MNAo?`v6*+}tGYaeXWg^FRJQ7EhNb6J=q2{ChHX zB#289O_{+?foK&$UOv1hRfL2;_9%R;UL7lzEqRsUy*`+|rDsL?U+WIoGWkCmB<26% zQNPXqx0PoL@_*N^hux)RU^lLa6&Pu+iTxIz8uEXoyI=oS;r_3|_-R7^_n!{i^S@hp zwk-eiQbB$6^}sXneYfue&)TC2hW)(eA>M-O1x|-`Q%N~4xX?Bm#1;S( zyw4i~-w78VZzzID>9H#snR*OdL15?@I4-&5#tdR$MqF+pK};b)7?{vu3jtWTx$P21 zHJy${V_+XVfAdEC`CRmC5EuGhA|UcK_Ea~P+-ZFr#{NDI-ay-7%NNKEUpOw|izhV0 zH!_4d{ArRae5JeQ^Rw4cB|a-CgP8rd=<(Fjkp-CCq6B7%X>Ll<*Qu;%g zZ?sb5_t;B%f1j%QpKw?m#E$ceS5=h468&%dbd=Qp#{Kc2)&I8f@VR;LJoj2&3pE#Nka7_aLFH9QYxg z`~BYFz}7LELCRF7+mATx!3zQ~VZd03#Bm7kJC<(1hu}2^#5Lur=6_^-QJNtOf*Eot z6CxGN2$xt~Dq9F&96ty~AfZo!Y!KV_Fk;Jt1+?saW1+i@9xxZe16xPn*3JKvTe&m?)I3zC z_kC7LlR8v-Lo-N}IR?*_qB5lEH8u$L4VfV7Uj;qXb0MW7@6EY1M`md5$&g4uWxNt`i$v1k=0>~efS>=v<*NX(0}jCZ zchRqZet7@sZ1U#itMk2%Wc`T?#mcs4>(_e`^G*WMHsM5^1Zf2#xKuG(22he;}A3W7-zUFrm}R(CawT(LOpSX%FMIYU^8%X5}K3(--CWR!mo4} zBRtQ?_giRBp-XGe@YuZN$mP1*jCk1O)+Zps31G{{gSqZc?>O%KyN^I3Q{BWbJn`FD z193{^`NI=HFvy;rVKI3fDxW1`xxEd6)>(D_L^8ir|F38NL1vgu=l>i$?H{J{e-4fg zTl;StPmcY^30>3T<5l(%5&u1~bv_3UUJ%0*4m@$Q5^?tD9x|aQGMb3_5O@(<6YpM_ zc$~5dppn4=uN~rY@y`2t$;F7jx5RCY9W#9RAX-!Bo|-zGxVgp+|LE&HFUS?Hr0WP- z85$>AN-z9OrlHoT9fw*EpM)m4!eB3|A&io+aHsb;PZzTFYoUUCCesesQ&br0*~$mc z5!%OJTJMQixt~ZqaY~2<`jJXQT&0Cbzv22n^t1EEdx`ZEmg%084%p+X$R6));$PxE zaUgUj6k;~vDz@iBI$?zARtmP?M)vQW4)_W5d;NjZT?A?L*H3Y6ceJW?!TWxVDWBQ~ zf|&W#-vs56(oM()m8nlXyO5rPPDJ=0!QP&rV^$5N+;_az0T^}~L*+a2M%=TvxtWtT z&H}GNSk|{VfF(dl;8C!q%ZRuPj$<=z@5b$vZ;$5>kfdTq{k`5Mi!~ zP`I}j7lbNpjmOIZk>U(z@6{a)@KM%=g@9F?g)TI6aIj5Ysob{a7dBNh3FtK&?+ zKzN?ZnzUK&S|G~E+|}*LAD)gGvfy67_v~4>fW`>VClne4n{+buj0?zeSdT3oc%pe& zcb6dp1nPPf2Iv9{c4EqQZ!oSaZSwg*D%q#f10%1o-V{6dN~59nB}3m*HP1=J4v6jw zH{{q;F7dEAVJ>pSJ@X}O;q$ONCN9My084TtIA2B%JGzYPd`!D~;eFt3?+Y5M7pNry)pcb1^?) zOV0}P?Jf|sK{ZmPUuFHVF17*hrP!dzvL&cRu5v>eD#%5F>L@ZKPbN01*JXz6-}VM| z`)u^77ymIAVFFh5(0}oi#Qz`mpC;o!4*P>P|I1dMocNCzq1({^HZEk%xDcP8b}hs` z#^!Cv$2|@Ch*4SKJ}dS^GJ5r}k3w63Ei!aV)k+6UbQi^eB(!?D_Ym&li|y#piO)6j z;7jz9E7*f(Vt{|unXxd*yc#BgbKW|Z^??m_%(z&Fn0hW3%Q_P%ftVo|hF4Gn2RYC} z81mXP4;wOTY43ru{~#Kd&5A#+^d%SZTxN86n=YIYSDXp=w~qZHQ|Olh2*=`))y8#f zDosM5&vkA903G;Nj@tw0ybnPpgc+O%E)?NIzSLbrJQ3cEX1;e>ZQq7`VM5fV5(kv? zsvav2t`-o>g)1DTh?W+>_rNRS0(h<4j>Yi^)z-BaP&eP|n0~~F84FDXkdOL|5BG(~ zmNA6J`Rr1p?cN)7N*M(c3|qV4zCHEy|BLTwP2K-*<@*2A(Quf||2XKk@!wl{a`gX@ z(5>#@>i%o${ukfVUDNwR_HK3ld#dw?6i(~=Q9P}1w}y#vCWhlpJg(D*PS(i9EpTr^ zrgi1b8xK!3ts5oPnebluJ2l!O1I;%^ps3lRymk_7LBcAGaAO#(uY>_55BfU9>;@Nsc4Cl; zc{Z`&jO{rKopQ)SV0q6Torw2e#J?whY5#BU42m3{Uq5)5+nJq5GPZh9g#-fMwXso) z6Ia4LCp=%bTEs`FD8agl<@iDO*fJIx-e))55Vi>fLl?5Ko_8tO>UqbemMNC2u`5%*%Sg~Um@ z8#E=DEzjr=3W+$vV_-tZB1=0u{2efijjj!=feQMj|1 z`^dk|JZlGWM}5#LVXt*et@hOP|8REF9VFu&tGa?p_kWK@$^37lVY~mkl_$^tlR@a# z71X+d>bQb7nzJ)ed>S%Fo56nk8<>=0FGnum_zb7p*;l&io#+A@ExZ| zS7GowGxn_yeY`6}A2&VpR>8iP&kFj#vV>q_!u=qcBi9@#)Bm~7AJhLw{o$y+|7j~v zk^Wyy=++!)&4G1yhP^3_6!&+;gwKP>uwB&ti|0dY4BTg9pqTc#L8Y9hUm$wnZ^FFt zEUQvXcHN@n7&mHi;S-pZ+Kqb9GAWr^rX&$86>(->YeFgyec;<+?_ zwCV942jZCjGns{#mdL%)V{s_y`*BCgA;*O#GT6jI80v0zJ^fNg*70vgi{HCobR+^{ zhld^TBj|S?tKqGqRl{5F9aXkRlu_SSsFFdHT1Wa?qvE!o2K0YvVHOwwW%~coV4T$d z4+pLOzm=zs{+}RpYXGzcK;s6$hk(cKgawe85v>XEEtvob;+F=R3XRHeyhQM#Epsp+ z(}G$z_(868#KMfYKmP}WzTjlgR`C8fX#SXYmWsyWQ0ygjI*R@b0!D4(VI~69PP7B< zhL1c^c;>>K!nGhwsiIksM)(SnUis&-Bmfd~wULwARzAAYKrmOw)JCikDB_J(0i!1G z$i0MLU!VW-{?j?wGaRoAcp3i^nh@IfEj036A@4Z5&-hTgz;L`(I8@wb-sC{Dw>zRf zgP`1T9K*?SiBMiyBRp<68+A(Sx-};*Vhj5oA+Tt8O`>s%#A%^> zgt^3s){bPmqqFsvChL8ftG7B;@9<3B@j~kU_dHugj{G2dc#XH+-7h{~sP6Jsq_Ezim7P{=XQZTjyWv z{AHodMy=;hURy6t9}pwQ|~CwUW3e);0_c5?ihXr-W(2r2F#Kys z{fm3KZIF^LH#b^0&oc$%ik7y`Ji+Mm7!NT|Jpcyb2b)F31%*_ zEa<+C3mJcdF@^P1g<3R7)xJ%N7$Gp#MNm~NCfpR;B4^${af*y#!CK^tcC2raY@r)w zWpd?ulQt^VM1rZeGWS%WU{ed$Bac$?Rw=~c@Uv`HT2c~8-!?{uNI!k=TSq-VS>{KX zYp{?mR*g#${PMR+1q-q&$hRQdAjUB<;mcs|6ibjiu0Bf@U4bM))!Qdc;7_VTBGr$zWgBhf zjh5B@|Bh4j7Kmd1|8Q`0l#Ks99372X|Nl0g3jTk`X+wWo?|<#of0>GZwe11Np`qJb zO89rG^E=x+={R8_DnZ_5U$^75QNrJXr`vJzlY{X2en!kwSEq|Ngg8N-ic&pECWcru zqr_h7bC~BnEYtyr0+(C1GAmD5C7cJn;Y>^3fCm_|Aq59u3~Yow25E!#okL86Bg~2+ zOzLDJ0Oul|w%*T>?++w(YeXtRcBHudB{a9B3=$zYgR%X42Rs2seeeW~!A~H5_1>bo zE|2>7hz6)U-d!+zeUv6nX#xu^QZy; zeoJxdU*^^GRX8Ea@gFgSNua!oP(am{x)s7EGPrdR-Rh`-!gDp%MtDESR+uha z6J?(=zY|x|n`FIpB&2dP#Y(KF)L)JFl=~-|W4^&AbRq@PS`4VvOYwtPhd0NG1zqoq z>{B>s#YI}>!6sJeOqQ&=Osl|bf1Or9uenfXu*z0fYPJ7eUaA%PesWBmL2g3`TE6$# zEs9J}0F%jM#ABObG1(_KCqzdiL_mtgZ2dYoM*;R+c!_+cn8FZwTxfW%%a_uiR&y)} zfQKzeX$2tUNE?Siy?*XV_;(>znpa<9bFspjC2?Ukje{oC=-`4fJ|T(6J~Gd^s5B?v zV{55Q#<-{DA6(bqvfYFfxzGe>#H9RP*x!n3cW`Z4G>df?f*=OP6nD}x|dgqmi)q_b<)T+1<@dyDAZ;5k=jh6Yy) z=t3@Gmk}#^jzcIn{Rl6%5r(u8&1T3#v8UGBCGwxT1pkXn{cPKn=-ws5$@ecZJ(Xxeq*@@)%9Io6&}~>uI)b6_;BAP2pUKonj#rs|97f@;iwdo) z@&+6snwC?VdWHd^x&B06Vb`LF6J80Y!M3@;cU5eR-ZOPnNm@&S$Rf8$jm?~=Upf9O zxC*?1{EtsZsr-+J!=pC-Ya35_{8vcmHVCW@0&DCD_=kY2b~s2Y;6Y-g~WaU z3c|Hc&pz=9$E5?R=2JhF`E-Q)n}k)lq&+?R1cF|He+Q@BFch{epT&k~8!%!C=`3=x z3uVZ28#P%Rk0eKxa)5~3*8$%O{p>g+)G8QIaH%L2sj~S@rpMH?JDF~^Ag#8aAl;{_Yq#9i(PJ8)n&#tw3%e$x9= zjtGjsh4wjNx+Uwa#uk|!ZG%y^BQ&Du=i87Bg7yJme|UuH1*Q^PI`BkW=&q@C!_k~* zhT~~B>qrPN=#B5(?A{37Do^1i=q86(M!M{&oOw!cV?_NgKERjP(z8;DsP9yNMVTuD zAPPL19Vp%J_0y5kV*d^?nr=Mgm9T9=oCaA$vDj0Ag-aN-5T5^n=G9_<9#`f87B(=uV zuI&G#jJWz7RyhJ%a{uGe;nSx{|6jk&|G1r}-2dkjy7m6G-oM7Ye;*}J-Sb19{>*8; zhxgxm=##q8cX-BGlyV9A-^B84_=)R@r)r>9nM!%SfFRilFf1L}(Bx`HT8|40Uy8z_ zY)t*DZQqbsJffo7W*h|l2bj6ANzYVrJmLmPBaXrX8^(fcA}fkrUFFb=YK#Wyf!2%@ zOm$}Hj&2~fY^1Lr!6>F6t`icNWT{u4Wxd9)i08i0m$VXR{;X4I0)l}H4L*seZaZAX z?~3Tu+veHufDR*EF|dH=1b67qi01-RU(y~pm63FH*c(w0vd{+EoUbqlb5PBQAUS-V z4AI^&&#PR&dA{#}AHiT8{?xG<{_VKXLVTD4oMgH9sqf&} zwv12u>Yv`$y7}4mep;Pq_vmVi)$MGXkA(NL}RW8WoFC9Le72ZQ0vtFxj3}LC0Xw2 zArsAJ&=r;{v~|po0WM`v;!x4QLk1B6=LAE{XmBW~LEYEyGxHd{j7$;#iY=r$QUtcZ zq&WDh8#3jU1a~s^kY!G|vB(Md@UQUlg0KE%2ii?ni<;89+M|J%c(Zr;TYvxA?@xNM z|8#m!v`(i3egcE0h<8uu-0PXm}1fGC??^$Cscz*W!jlAQta1(+d+YUaVSS*F82KkQnPd9TtZhl)>$4j)$Bz!KKQAymDH7~;f*$dwDhk`MUZA( znwq=?ryG1Y(fYk-&$KS}roqS_o@f@CYh8|rhkt4RZ}0y*e)Ia{`PW~cpP&9B{}sQ_ zKD_^*|9m}t|L)z()AP_4e z3zo<@wKIY!1GS`Cipt)L;?%(zzCDW^sh1s$>sZalq!>`&cs)}bBGCk0)4Ujl-6MP`n~?38zyoW zr#>v$0ZDGD*8S8oE?^!rb-<6{sDJolZ}>~T+nJyas+#(BJx-#>PAmv#x+qW7J4^V`t= zJ#`<_a7ByEN8!1vV``&1`?_l(pZWdW9`*wWZW;Z=ggzo)2Y7sC=}zVA=vJbFSh0nb z!yZ%MIYHbxnK6hrP7A3o&^S4=udL3;{%}R?@02;Qg8t8tUFq0&_>}1Xqrq^P)c*&= zHvW4nPm%u53Ee9Ht@6L7^3U05CpCW#SgZEmXSJVGI9KOCwTN-?@d94GfJ__@t)%UU zT7X`_D`5KdHlVKbz)MU$7lL=^X8=)P5IjS3&xIy1i0eXwSxern5PAzj!)ug$hwaqY zZ8!q1CuBAgw*^T5Xm-ji5ysaa-3OhfeX2k8^}k-UJXh?aSpORi2cuC^{~NXX-*%n? z{ZA6QRRCKBu#N)AIp?Lntn?t(rxr8|UBkrON$pUA*Q$s2SUr>^PV0x!NeLU_=$3he zXG8|8@XBF$p9>A*n#bVrajc{~RVQ}Bj~~Yxw)N|b^IKuX{394$pgF|Uxyjb(y!ro@tZRx4jeDsn$LA| zMmav7aJ@El*}tIR#DX)Kthtlyq-Z!{*%Zw(QwqlhKj8Ml<$N#l-c}k;*Cr-B(U56D z?dG?E5)B%3eH=FCF=QbsSov7LoDb|g?EA2&_*c-dHiR3bKtA4UA)rb%e+U_Mk|dUo z624~WmhSH5r<%?jMG)Mdgh<4shl0^|C=*;uuV?<~9lUtq3 z8Phl))U8b240IHcHYV&=!Nve&kSj`I{mO-~AcHmd4yYAQbz=d|>g9j-W;5v0N-44% z$+Vqd9KQjTpC6|d#~sB;T)@WRlfA~;N=f_%u$b&xsh{eu(gfU9T(30gSDE(dg+skZ zB1-JF8hUGzd&dSZmiVH9@0C^LT5$!$7R%rQm|TnMfVzVkz>%Nj zT%GKZCUfGJ>8;Jk6&9EV*Ov-Yp4-MK z8lj2k1+T%74J+87GPdUAFAZPXu=m|pcWU;&`%3vgm;9e=@vmv`i@2M7Gg@?;um>lo zNIvD;(c2u&ZOqn)$`!FzMB*!m<_iYRZPPlk<2FI+jgD#uXkG_{A8)W-j9 z3y^=84S?ed1zaJ|m1 zg()V=w6Ti!G*&S~lnM%D9cnpCO|cKqAlN`wom1_yD7ad1A?o@K#FHi~H%q(3vgDzc z@QSu77qf*IYsJs52rDxh@+27YB!I(DSRM0meEAX=AvZT#H@ePCe8%y6yvF_!>RvMm z71MZsM@;yJkPFXg0`XD%n?kQp=5^C_A*B;b0KOxLZf%OqJ*(>fbxr}5-2Zhr8l~?4 z8n^oYcAirGzdZ%iD*p{D|DjqQy=p@3S2f}Lt@tNrXRG<&d(A)ZtWrw-JQXL!KR}D< zro0TbNbxiwHC*I~4GGElzZ?^-O;jjcUcXB znK~$`(<CoUeMF$4>sX(|G|#CY^EoRY;3T|-c5a-k*@o>3T+{&vC0$X7StA{Z1RYI#D_Ty< z1o&HErG_qtiLGd-1Y?mC=bWfCsm@dxJX1G`j(XXfuo?rHMEZ5S1X++}E@ib^NU0)m z+UaVQiHWE|E};v})pe2|8@dZ78t?hX7e7lCjB?enBmrcMZjX~w@-vx+gwR=P#s)D6 z%B8qwR7l?5@f9pQTgT|nsFYOcgbwJrkOGcFc|)I08JH2z^^@d3E~G2hViBbtq<)KB z5^x(0Of6zu_~O7s^dd%Fgt?hZV>6UdbLwlFbP~X|?j#*9()m3H!xe8@jnh|H`Gz3n zj?&l&A#9S)L92KUsBSwJ^hsTfz!6N6$k5zj694-A%_(tRPmry;=xu@}W4 z$~o|(V8Gj26!BvQPymWQ8I)T^ve&`PN`+dIpbDqs#4kP39S34_{i!2Vm>-+B$fck2 zqqr28zVIAN+%U5G{Hf&(5wpkU%7u?E;KI*R=`cNUQ;Zov1Q@a*WxDN9F!h*nnYoau zv|J`;_ERni1%CWngQ-u}NeI>?1gj|>b^Q&)+umN;`KQ+Y-~OOCI6P1_*-G1hCGmep z{Xz2nm+@hn|8F}_&i-GT#v9lHv~|j$+iw1Ce)F$jH!rpM_pJA<_iX=JqkDfUJB535 z>dPkf|J3&G`wn1weztpn_jC_1P3qiTK-DcJ_W@sHgJ6m%m&=s`&>o*JU}D3K%!K6~ zn0qvM5%b9U8BoCgtz@83=*I2``9HvA5%C!Bi!QOzd!QUp39Gw8=m!%?MO3g4xX|h1 zOQdZ6ul5i6zgpMt&i{F%Wx$$*>?`=ggYGhfP=)6-xkI`TTWo$lZwYGeO*+XpH*TY= zQbKvqn`u5HDYuto4WF}47Cet*ntYJ6Q8`}c52^$9#K(y=8}iC%3NE!S$VGFg?k5F% zslwmsfQKh>Z{~PaceKita{pU;G%Im`wEwI&^O#oK1YgxAPvmaTz;D@hc5RF|x1p^f z>MgXV(51D7PE3+;U=LcLKkIBjV9EFK`SLTFMrPb`sKxR*Xp$=o_M#e>F`F;iDb3Bv^_fiL31E~9^gCeBztHk8t@lK% z*-xb2KPAKh{YXXiPZK8f)z4(wh1e9SCE~rr`U%T)&q;7$KkqHf5#vDU%E+aR=m-_I z-$o(_Pb|z0#Pd;vew-GppVnflbT3+XxNM1=nl z>`B8utAlG?JMc?^*iI@Yz!IP&@F-Z5n_|$NEOa`N zg);FPw~yCB%P(lYc;|8O-_In1PUQu(o4`{ZNBQ^&?!EoxGi)rofVjX!G>FdN zJSeStgV+wi5Hl*Y8oD5!W%7;?zJ!#aIaf*(Gz|Bq_u_(3rL7$7#2@U0LWpz3PKU$R zf1*#hj9Rsg&ToUUeJoOD{d59GH7)T>$4ZiMq%-TEAI?rcaN^M7NZqEn=O3KpuHSLC z*K6)N#)PXNs*BTilMyV&1Jub{GL7?>zd^t6XU!I?jp#R=(%6g#XDMXr0#Vc;CVY6J zz5ll#Y0v>b|3@xmAWGR7Hj2Vua%gHUr})(i^?+Ho@1Giq{%qN-WwSyy8#m&X=isPJ z_0b|%n_#T@hqKd&ff%XCKU^JW`b9j&MVvKhv)r{nl##is+mk;$9W!LXy?*c6vu**6 z5uS$`iKm`%0a*^~iOjE>hjn)uGC-iNS7CrIuwW;qZ1)D^y3!_}52TWPDjhH~K7Lc| z;46)W+LzFL(zH7#v5mPM;f5T0$|W8)C(K1oJUMwbTlhS%CP8Z~A7?Ic2-U6aD!7i{ zYZNw~)Nx1sK*w!>d=Y8(zRKraQwO`K9&+6&KYiPO6DY&`h2^9@Ni3MX$q1@^MU!y(jAI8*5UugsfSuOhM zr;D}I5G1v^29LYmD|+V7x4S^l2GvNFewFpdy4VK1mtun=%a))PxylVqsUQ~xs-sAs zJek<2UYFRtX)~^U3(pGiA9E2aU{%imSDOF%>0vVe+hM=o#(!+%$%+4n(YQVO(T0Sq z91`Ml(ykq#h%tB@?Qu_|Jz`WAxX%jvkc?hE;v*wu|8TBl8U<{Tp=7G&dihxhAdlTv z&ifm^3SvwW7K7Z^2qOfon0hW>9&{$C0Wm`^l%@E>;2;ND2#e%oGY^a1ZrzHVHxZ4?X2l;@ z`jRg-TzGYPn=YIY7XrkB?Q6ft6#At&>C_l^wQ(JrN|O-ibDbL@KnK31<@Ufi??aFi zVFu@c8%OxDFLf6YkH*risqNd4FOZ1ZRN{d0Nu$TJvt2D9mJ4V&N)drCfbW4b9#L@`>I`TiB4F$Y<9U6y~r#ka>%+o7^;u=zv_V6(G zEqpuCFT9}WNS?S7dl=~7+_(}!(XkHG4`Ro6j(hsm_}yF>V;>j~2`80j5_`Cb3cWp? z!gHn2KqQE6S8uq51UTH{IL08dt8yc@4tP-M=@e0K6s9O|{=LKht}<9DtF2Satc2$s zYDaGn)y=LzYaFL{q7d~DOGZi7vpgxO;tZkhw}e$lBOfvb?u{v(+q}eNYeoKme35d! z$z=wy04aQd2vis!RS%~Jb0t&^W;4xJ;cDuc7doAr6BtuSiu=V(M8h=AI~hpeMV2p- zr>pywi*DFhAc$Q9wch^#vxPI^5_+L^wl}(IjpBt7lfPdPy)mfA%rZwuvo74u?05I} z>UE$ZLf0_%<5a8ZmJef>VhgrkzHb0o(UH{f-%PuFk%?sDGPF`q^lp89t?mckKqD-k z4w|ZJD3Nh!X`Y41Xjw9$W$Ap-IerhC>7L~#Mp~p*3JLwl34BVVu{4iX87i z5ROD8z`~sOsrDeET>oBoO;NdncE>%5GsK8>VIOO*ZZw9=`xkz4dz4{Y-9>)KSMo{< zWP7OD9B6Rr-o+TXwvp#GMf)a{74HH&qKx|XS`~>EftG;fH86j|rnx-`j^=t{&6S z%%(f%tC)XAcAuyWB6w#0JoR+0C7!$5rQO&%SojuzPNslMApqrVsP-G}_dizo+^=Xe zI{J)xdOYE_rh@$`kUG`9gw*C>WG>&5fM7 zeu)@B{4l}Pu|1-{+Ojlf2j)nAYI4vWSrS~jDwV@9i0*`Re=WKA?_P$(vl5}{=T;@{ zs9I)FuMM)S^#+2oQ@60ViA>l&g>HP&sIac#Xfc(|qf0dKS`81b>&To;eW~_~Hn;zD zOJ2bMJbn9P4s1rN`C}J_KPf*R#ZbT38hhQ zwM8RjWO#A^SIUrIanPiZp@b5Sw9sg`7?>;p2*=A`{)$>`U>m%cw1`dnwaNZ-x^Z&< zhrGY7`-_VTOR^oMiWbZ5>vGzUWnT-S4N3!JQNyDidAN}5u+PgV?nGLu-_H4KS@LS% z{`={{;NHogOf&>ORC~E^zyH6N3BsDm0p-@b`$0w9B`sAc**)eX?$OhB2in*_(M@e< zQ?EDr^JJ9iV567*#7GH8z|fwdH?XFbV|AmSHE7$fPH@v09bOZQv(i}!esVHB=(f?m zTs{7SQNdc|SLL{&�h~_s6Vj#9M>;B57pT6+*`#DG42AFuyJf>xBKT7!p z9%8FKTyg$JE%^WCK0=4n)&7V3So9Ta@fGCU5Xm=OxnvLIV#{^#;)-3`mK`vd0T=q! z*<*NBi<%Q|GV#%ck@d&8!ARD)y_7Ou(k3lcVw}vw4+$o!wBmfcXLl~pAwT*eB^>-T zmI6K2>x09R`*aPOA$i?_B*H@_EWE%^cEEx*@_g01ps|cw2aBB|qUBpoxET!c!n+>= zd{|UU;Ld$K7Gb5lh`*>g7X_0CeerfF40J3`73_A5ko6jXtptv<1{4&4cIFB{02gMP z|LmZX&wIsdx3Ie(9*Vt;%ShvpLh#Q;0!*OHx;=o6v! z!Fys(zK^ia8%X)SO-=wvX+0Y_VCm#-^6+us({|wjPzD4E;B|WVXb>|^doeP<+K(Wl zgODy;kd|3+h4FKU;=$G&z<+1Bg8z0~gJ$mX<`w>b7TFwp6|!@CA-;M%^>=yF0ke$j z*~kHDLbgqu5TcU!!I4^599a()6N4<&pep$bq4R%_>u%({@0_HOB3?dtPvyAw)oIltj)t|B zH_Q>+!@fhk@&uu5^TNdPn8eaet9vQ*p_^`#!(Tb#qw)n5i+=nU z_IkuUm4~$XZ0FLmrgD28H%!(*5bx^WXd4~ge`InoDNgBk`#(LL_q_oxQ%iGCSDT&u z$gM~^q)jAW*Tg=fAF$1His_dwSJvBeFfP{DdzLKz@{uiKR@4q?W{5!yt-3}A{ zZv;ne849wNepqh>S{`2&G?tMhbte`1YJmx15Q`IW47O+W4eyw$-~B|H;fvem7&x% zh&$BeFcj%t$FNXU%$ZL=;6vOjT*i-H# zmAzgU@79@gwoR;i)`q!HsjdO{CasH9;m)r^8{A-DrKuc~b0n&E43$50od=+%mSF~b`KwFTl%tFz?bVp2#3PR zKI^a+q_&%Uk;fm^kyrV;acSgLL=L$Z0Z?^!_n_PD@Y+0h!rlk~amVup=dVm#*2-sY zXDj6Irqa3CK~E(nV{(7yY_#1(MAUL`*WPjkdm)u0x5RSCn_MbaWFw^A#1 z$+6w|G#{sky|rJ=)&4tu?9}S{`}pAMMp~|`Lv!m(dUQ{AcCKrjnzc$E~!bz;9xYhZ1UskB__L4+Er&{g%DIY33l&9-zWZl3NPO{FM{_Fzl7>&@|2%8HJ zfoWYU4O=jlf%pCsO#-LU^TZW!m^>iP|0jw&tpy?W^vxccg^|1!EnD>85g9Pz`V&E9 zx=>jx6DNn@h+PC>`U>0_(+foQfotC{&kjbGN3%y$Vw71+ z+2Ny@-H*ZQ>WWil<15vOW#)C5@-B(-%p`lvTUG+lLkxY7ei*5auR^kyeG{!9&eSWv zPmX?>YESnD`&i3K|9?+|W(~ z=q~?8`Sr4@O13TQX zN*1eIhTK9#k9wmE*o<=8cy&8S`$atTMjZVm<*pCL0NPP@2rt;rZP6}nRz`t7+8zF5WOIBEmy!4{920TKG~8hSyO2WQ zvdq`d&fQ!2rMJ+H&~uE)NTGKJZmU&_8YFCy9wnIJ_DR0$cNLoc_>u#i6Hp-N0Wl~e zI58UYK({f_1DC*m6H|-&gDX{gKkPFoh9!!G2E+Rg>guk@86L{%ximoHI;*A;ktnDq z)FKMrIr*14B_uYEEH^(MD(;w=?b(t+8$CUQ@GzC2GdE&(?}JA^qB!~IisnDW=X^hc znV4I9SEFYe?e!`1lq>0-2GUcQWQhKSJO30+6XEin*8S6jEsuQjD0_dg6Y7KDVpDehpalbs8;SFUFc1YT~w)Tf73zcVEhnPcKA#n{OMuf z{68>aHR_d{i5rx~v^^ebc|P4hEDAf7h}cA(!EbnHbCKyQ@lSuo0CGw($+2|19Jq*9 zg-Z<*))Y&t$YyXoM&D3GWUL>Qh4GzKnm^mrE1Y_!u*}DT8QKHEABUxqIEa%`XK73F z0Ws0M)pHZtV?SBvQaJD@LyW3Y`m(uFcv~80HC5GA6@#W4CYnD>Dru}9))n}Ps{l%c z9D=7%1l~}UhREpC*LI0KrV@XuDD+s{&_0vg^$cvHcr@^k{44@T&@ZOiqh8s4K8v{& zYZzJloHHkEveKo(e%OC~IE8;PNSw|I0>~MCbH8=VF#m;*X01a~(+JDd40V#bw|8*$ z$rH;os5ZbDBm4R`%)ghPkmVU$RYYb`_;yRD;n5T`lY5QS2GcK>OD8DLiYc20Pveva zKNZs4{~F-O z9pLD}@CEQHDp(=}7%-9Cv_T|4S~75?zNegV)k$_q+}mAeof!&ZIWz_^?pt578c9q! z!i7*71mmv3iLHj4v6<|MmM&Ulyr0oad?sL(jref(RjS1w{o_xp_CLdhWM7!`sqzC( zaI;c4(F^zKMt;y!s)(OU4;uuXjheG^BOZs?~Z*iscM@T_qD|ZXu>K*QlU_A`x z)>8oQo#W(>&A@s@DMc&r3GL_a)LFBZ`<9l4$_qA&pKMp8<~8&Nz=>A(jhcGG=|uaZ zt?j6q=Q8P%M<0IrbBvm8HnFYXBSgtYD37RNcp^RLzHC~RKG(XgZMCKG>D5Ss-n+j8 z@~PI#7HrVZPrJ;|?yW=rPipHcKs?(b05$y;LW2%yHz`F07rJnW^BcaiEd+hU&Z9vVA-bEwAs>rhlCi8HGSjqO5>kQ`P_(F)({OgX>wrc6^8KkZwU4{9rA<7t4 z5Z9aYxK0&q(RU;5q@o$W6fXth?gPI5rfkv4ihT2VruYv(*}cAB(u!Uc;hfVYSf%~x zSt?d!_|lla2+**?A5e;7XD$=F^m>P#KG6Q%bCoM^o~F92XL+oXaOUe3!AOf{j<;Fu zp0XwqR3gyIPByAKN3Az3TT@V`ck_BY>E`dfXBaL$uGMV_JVr(F=a9sBM*f5OfN*Zm z`P`?8bQMgQVm> zv}T)h7`R%)Kc?lEkDdK+r6Q!Aj)+2nV4~Hv3eFrp`9zqE{fWJ>X^L1%9^((^) zW%UqyN2>=Ig0M6FZ&XUkL37q*Y+iV-djvvSweBnp{Fv1fs-t%aRL^f49wvaMA)Bq5iKh8?2G;!sa!JYSkx{P+ubC~B}Jyf%%d z0PXOQF~mFml58;uFZ(%K*m+kNH~zY9qIUnY)OHp~KnX7UOw+O>@K3kvnHG#>)Aqv8 z55n7k8wS>3`f3Sv33GkLEA(oNgA+BU?`3vseI8z%Y1)s|Na@A&$@vOkB8a)WK-L|Y{dz|K4CDTki_kyn{q>OcY@RKOiH4*z%me*n z!_DKNI$W&X_7Md&kgazC7SSVyJ35T{vlR+m+*K&xKr7~JH3cOuGVI>WL!KZtWN+10wW2cjjj|({{A{5rZ9+f4-33P{P3J46A9JZ*Au_NG->e5!COHef=|MQfu~?@yTc@Q?U8wn^|H|v z%XDA)f8r}Pu~I!Wl}KT5%~LwxdUfRhvf-TC*L>qZ&_f*JM*^LZ6W=OU=6krK+Mdtx zandimw%{ERhHJ#nJhMZ(xMpuYg<+S##KRxcIMvJrf2ZeS2BjiU8n|)DtOKU_3>tX-8w^>%zFp)pxN_ ztl!C<{3F8IMKq$Ehn6>?@Fw5{62iS9Yio+X$NW_4&Qj!7!3;e|*he~i!$c>)A@@*Q z>QIlJra47R{WC>$|8sSwrwX2n>jb(81@id-dO}Xzb?8?cfre*1Cvu^EBrXd#W5zg7 zk_4Ks45^uSP9n}3HMPMHzFUeu(^;5&6)*f7z`?DFxlU5}0zMy)x17>%)R7IUW_BCa9>~k$c_Y)65ylt4ytxaM00} z=TQiF>Vf~4l1CsWCuZ%VyNW;gK`3{yYIcd%cWe4mA8lgp)O9OT??}1B;pmEp#jwiz z^=rvTdH=XmnU{uMCl`5j1~1#F>!QJ~GK%P7k$2f%9ZU}uZI?aSe@NcH|3mT?F)r%F z@G1l-5~>aco=rqggZ+%~T`5G%Pg+LP`ET^{`>!gd9xMo4I|>%outC}A5qASR3dcVz zhP((({q^CF;HkIs^<<9T;e_8NtaZ6FMS`*|uB79LG}>>jyuv4Y_5PWvKR@vO5rp%% zJlZ#Z4pgMJ0Cn7>77IOn$%7$&SMMXsS;@p?ZT^GyFzjX`zR|_)Jn<1%!&NT1f~?LPNB5Fg#lx;Cz_H0-ePx<&G9DdI|QCxGSLbse|?^`1(2GOrFs;eQSDSf{F zbIJ5=?fFw<6FgGa|&F+gWvx5>R5jXZ77ST<5IFj2-$|L{oJ<= z`~QNfGCR%pBnK!{N8!X|^flX*UwU`$ps`jPO7WmB67b--+iiX(BDAI(J@$w6fMV*F zG1sMy6j3y}V>AgNcOd1n^n|zk23!zuip^upO@iKqB zbO=!!lN7hWc?OwHYvAKRF)_9F?q~Xodxg4OpW|tRNkx*{Nv8XSW!<+H-a}G?^{6fv zXr3HsID7?5=j~?th6fcw2%GobG1?!3lW&8ef*dFiGuK0*A1I{o_p>X?b|FdOpy7JQ zl~~{ZKJ1d}>$G`{WMr(F-a%_QAhDE_NR~&rwjVWZrxceacq~{*!)gZe%h9*3+6BftRE*kU5~iD) z2~^ipCzAkiKrCxU9`p3Sz{-@|m0PB#cFL)GXw7t{R*1*$y5}It_wHW;e^*~(XLc;& z_yHE5)k9!oRCxs;m~D9gYyP_3$p7zGdk;e_DqPfNSxbOJ`Cq#|`$1d6*$yu(;jhjm z_qDYK47T(cX3eFEAr_jRsY1O4J$;-qJ=$612HRUpqly z#}F0&%NbyPrQ5tVSoirW(v_QX<}Z0D zLq22x5xI6uj)vbcz(LYo10gQYdXr`H7shs=t)L)Qz~7;z`2e`uP45MkDsR*vmSw=A zzJnon>S?Uk!3^TsSrAz;40B;iQQK!Y4uXI(VPuoRymp@1=!Vq{&{CkY3_WD&d zYaq@|?k17lSz%g7d83F;p|ji`pIUHFgjkcav?d#6R+?iI*OJ{9Nq69jel$XXMILSG zzX%4DD!bh`DrC{w4&SY4KYc8-1s_^VX=r+Leb@DDgf2uf6;wQwwuYlAc>!M6E;B9` zZ#b|%&wQqXSfvPR@pd~#*hExf{G4kq8W#hDx{_9 zrxJe#0|A{{Yt2!F4;yN$Wnz&XYXOmC&Z8umLu6_AadZeYT6-1Y9{wN0Ob}N!#38Ro zG9S*60L)MAkEn&W72(`7m^bBLnh@{SqEg1+1K&7eSXG=k%cKjkx{f7F&{NZftp}N= zcy8c3SuKS8r-2(^Hj}ZL^w*r>XkLCxeqPj-Ln%t07zyzMBBYA>g%YCF?7o18eFYpu z-nN3q*Zm;cPa9RaVtJ^BHYnHl?QKlwrMua`1t_EduCA_Z4*)(-oOqx)0Z_XIBq@Qa zae!g?T{$|yUQ<|aHqJtOCta&Kq*?$z{F+BzSW?szGJIem4PioL|1e9`Vw*iPzH6g7 z&YwlhtA@)a#WuzcK{9)ig+dHoMJ!RiWt~l)(?n0Dfp0t%nJC4c8oY_V*GDOhg!X)b zfVZ1L(YSD#lat*bQ(JRC?N8de^!ysrVO@3&`S8vxu7@1%Z*4JB>IkFDjAn~wCGBY; zbLqp7QBKW$KkA^tPMbofjbZ$N(mP!EO7Kg+t87c{qs^~)+U%fxi;ky*yqnEV(LIS_miLE)20@jH zycStJNRU?M1&f2d%5Z?tR9IFVcHCFc`~L30E{PxX>_BtvfMB-A&G)Aj-1-SG_rDXD z7mV6UwE?O6eUfkU^efZprO=d7_{W!LO)m){kqij_WLTST`9Gdz(Z6k49R(_1Fy91D z#W>S!+i_$SMMkox1fyDCsWa_0Y1v`~F;VQ;k+l$d@~Q4i3@-F-vK=0VB`(>_t^8Pk z!1G6%V;LzK?=fPlntU$nq>;bTMUSDT9FBs^*2PylTg-oDk7wvSc8Bv^9d_M95$#}` zq|zsm)DTKsrD`|wb$%Wvc(c*JW}WXLY9(+aT7(-Lkm}L zK&!mv78ZVq3PGh@*ZRB7ign0^eNi39>?8eh*2m*g$!v+>@S3JYQoL8|l@xP@A(J%P z;-rI>j+=j~Ja=s;J*ebzjpuKnv!5W3hA+!jJV9B^iZM=Tf9mht7eeY+BOoMIi6giY z7B)fV8)Pp27H4Fr!(C?vH28&mT;7k3vd#KQ7u0^dU+r3SL8m4me|2-tFpj3xs|s%M zJwvbyhe+?3rWi*aoXH{*!p#}J<9Hx6T6qrRW6-niZBRVU4D^2|=~_C0L+uQg7=`zG zyA;QM)Z{NLP>DClbyV=dQ&3UgmgX=cSRj73BHT^TfgPCP8!HPdA0^SYaJ2g|8@`^^ zu=4}WawEa@`iMP`oFq$6AV&+&NOorHtc5L@&_)L-p*!!f?a#X{Z^5!A3l^`~ShHM? zypjL7rrbb&`ma>+iL~$k#wru>j-P4bnaz~ue>Vn(t9l>~f0(aIDAs zg1_7(*rnePTcf!Tld-dFZSt(H7Oa078C(wWher{1c3wpmor;ziK8fmO0Re+ijp>zo zX=_!lBc(ILg33^2)A*Nn-4h`eI|?VJ@po-Yh%8Wvr^No3K$vL!e1{5=D?JvDHS-;F z36OpKU#1l{E@02FrXRQvIN@Kp^>@D+-v*j2^_$kWn!mg^PCVW&IEOSOc7(Hg5zah2 z-c&QIqW*5;J;-WRt%Sa~NHXpuen3oqU|=@5I~Ah6Kd|7q;4picF#To-uA_Zuf%vdt zyt+6onq05&J;)$LJo>Ii(Asp*CeN%l&gIvJT%3LWE0~vW=T*{n*oU5??w;^@($SIb&9mRGxn8+Cf5Z3%->~ zs`D`WlNc`{2BTTy{Zd(SY@HBQkCp3I+%Y9JTNrcat!6kA&WM@vaMHe!s;BE~L&=xL zQ|n|cwQay!qvPRL=#p6Fwww5?-IafLqB#Pf-!P~xVn7F1SqW3ECvKkSXHmCDd@edM zp>^JFTan(FLpO?GJ7vFYy5xSDnWjYBkgVFJq*)XiuApj?tJ1V=O`9^}R2`LnR!5c# zzautCF2SzKChd;8_lHF(IH!TxMP*LyEX&_13zDvg6>1E@)LuqVHRWz7*Fgdyd@w673scs{7(k{@A^_1JZi|g?&uwnbQGV18nM`t;i4UI)6wbf2z2n8cx#d zcGl}9hFklh4}0lVec@pM9Cm1%wcEiawy$?0xyWsd5(5W|?D=*XUqLh!Qrz^i57od! zb?G&=Edf$GFVxb?YIz9qK67N3XeV?1qs#Qy3=4nx3_DU>o`M)5LZA_AZ-O5BjA$TQ ziG=qz9esW8EZss;s^B-M;_(6-+{5g_0?w#4@~oI}i;Bc=Lq~e;1>7=NXc3m*Zhzt$ zxbWx+9NwWJdR9yMFe+_Piy|q9jWJ-1Lcgr5<|Ci>h2KedjZqLO5vLscmrziaywdij zT7F^t?ITsL>Y8INpXXoEghpV8!eZ$rPo~u000Ws_ea#+D`(0K=Tjta;f01v7Oyd+L zVqKZuHM+0po)TrWt$||FFk?~-BX-||!N)eQ59Jl*!ZnNFO-DUUG;V^>!6(ZgcXY&y zz(OW`;dK=at#V45aM}aPTcpF-oSy93J=mC^j4s6FNMvrKjS#Ir`6%R450aX8>0eFr z6NT8N25pt$Q9;!{)Z604v{RwS*QwV1Iuw8*1|W6#wgG+plHO z)b4N;*zZ)Jd&Ql@yrJ+_r==`Y&3q5^liyL@{4R}nCQZ`PrI`<^dUVPdF z4Z}kJ(r6>@%-n|ZF8`li^_T^c$ z{UaZc5JjS~NtnOp#}8Ze9tRuZRb3@Rq$8M-X%M`?UtrlgQA=C05`GP6+R+3el4o1C z=R%n32L9z*EQWKBeo`ObQqnQ{vG-D&p+Cy{hBr*0VYQ~ww1`;kfYQ%?cKM;P*DTi+ zDJ5Qtp0o2!lZs%YI2OYSTtrl?e)@!^QLR%GP0d`+!ND#vcaMV9u@(f8JZEVWIV-4` z_#+#2pC~#!j$1}>3IjSzs1Z7|#gl-`Qw3`EX zf}4kPsz6Zxy}@d;`~ky6A9Srm8kRsWNx$dfpVEq1UlYqwRR{`w@{x@Piu{H$KQ|?M;=UYfjMRP+&)wx$ z^sK)c6x9>m>U2LENVCS>J}4@@emQ(0=^tM9`jE*>3e&7$yOHRjVP($tbLEmgj?npD zXH3E&zg)2Ol_OVXpW(CaDwy_zrp*k6!XTTZhZ^!Q@wo61{=|z7G+0I<6vq;ctLWZR z7j1FY{nq zr$a5safCoYx_|2lf^0R&N($<9z%6V^>;70TXu$wxzqTBoY-;Y{-7lQUzEStAe7W0Z z%gPVQMz_$212c$=6%#^kl)u3r(sCbDUb3%G+E`Rku_%v@JF`E>Y5S_|U+HFBt)oWm z5o|wis8`Gxga->I?EZBp6BUQD+a6S6(WEwzF2bR?Eydv=C_)^KxFn^Ll}~v*pI;HL z7?tSrV9;6>3TY%lN)t4d}tbz9vss4>MJV|ooPAbWX*3;Uk{FY!|Z!Dx^L-E0VcTad_m3W zz3%7nG2pdO{SmnON@#QEzcHeG8{%rjX9H7`KW4SH&6 z>a1g((Q^j@1LflK+kUoN@u*D~>7JxO4s?AM1r*0teLxm7V`h_`jo!HS7wyRlHiFQv z!yQx@C2gG9^s|n7P9k1tP%5^jgyp$<&K+8Yke)~| zFKTS47``%39U6|_WaeH5Cjz8e%be5%4`LD8`D4?Gn(pqqege=Z=t0jo1T(n4+tDXA`Pe}5!8O1s13W!i9|LNix>j@DSAFU` zMqD0WHH%|wHR?(~lI64=GDJedlURM+`}DIjKD1p53XS6vujA}f{jbu3F`Ru?intuh=1B}{@ZE$r;9cY??1%& z{XHRcMMJg*H>-vwI{Cnfen`v7xq_C@u=Af7N5oNv`I!?sfrl{u~m~!Jn$1g#sL$0I%I_ZEm`(2{n z;Rv8u{?vU=fuWUG^UyWMiCp|D(IP7$Zp9-f zhRDWzi-=1E{0b?3yt+LxR@9LDqF9Z9HfEt`C2>8EQhQ0|knnc;k^ zsenBW@Q5A$&FrkQoDO`1Z4Xemi#aFgls>pp)(Ao%&}yjV2|N9#QKf-eF;_B{#m5k_ zg8c1UW4VAn&s9nx0KbzZygq?J{ZHow7|}}y5kI0d-vf*}t_J{S zuOhN2Hwt82nEckElKl)FTW1@5^c1UNfjRHYgE;}Lv#^RQ`yO2R0yBM9RF!z_T5@z< z(`cTPxL_f}JzD)rQC(qP_DV)y?d5W&?`9SMB`Wc>m=_o90R-)@iQGgpW2~RGCM`eK8y$r>Kl zBw6?UTRN;tndSGl4t~n9JY@>(;(y3ukA;G0j76$vy644}%Jf*DQVki>p2zs*3^CPQ zg0Z#V%3Ua)`jRvf4Dk`jNRMb@BPe&~dAKL5 zK4E}9bJW_>zR~z{(elUVpFJl1$4xaUOIApA$uS|Qrg_OzX&-nLrmQ^xF1OQ1fEATn zy{6;tbdKB}yvb51X{9nN`oVXIH|2G>ZA^uOG{@JHN9JxHgukSF=P?|I+4ZaY?R3j= ztjA+&t`e*n#u$=0U#`j>Ij{}MY{N|u`chu`Awxp*d2c3imK zlB`kqzj6`f@rvwn7jIH!B!`Vv7aAX{))#{{&-5U|SZ5>sAJSYcO5sD}<~bmsc8wt$ z@b2vFWO{$!`exjip0_CQboZ_w3;rxZew%{YVl5aDvY&*6jrQo0Ugv^bQR1Z8yx{A1 ziynTzi@K}L6{qz%_lt7|T}$dpwJF)ZjY05krSiQ5G^?%A?t9u`g7P7B?kf8PTt1-i z>GOU7qB&F2fGj%*g85s)5nzBzK(!6S#LRDR*73Nj#VNT zkugMylV2KAI9Py}0&k_w^!$NJ+Ut~hA0ZtK~eck^BxAEn=?Qg9S8AZfo zG{o+DsRk9kt$HTf1|Ky%W+ZtUi8T9PFIkM(>5B{h2$oAC!s-PjQ^`o)=o+J(Lp=Zb zmJCd87PSGd4by~1<#VXJ_@Ev9F}mj}y{0u|s{JR#Y5XyvlyBD759OP;Qq9!W@1t*bvp^Ol}Txf_A8!d`cTg zSRc;fyk-}~ket18&H9~vy~7Zth?nR~;VBcD>xUkkNt>$=2MW!d7z3_TMMj_xfXI(# z_vMX2|E-Zbh7n-;BRd?>|J}AUKB5NFM+xiFyYVOTc@8b|m(@CNzy>w<0_qg+sWaM$ z?V;f7g@4~9!uQ*B(-ND$8(B|YU8U-xDRb=^mNt@->Y!XxsuDP{2 zyGX=jC;Hh*KH#0$FUe;lIe1Bkv66}CZ}o!HhAH1(VcEgQ%Q4I+mrDl6ib2MigtJiz zeEZ!Or<=R%re`v+4zm?aQ#f%%A-xASq?EhI617%N`q?@90gilt#v{=5Cq7Cg-#XBT zupqdB4j)atsCCI$+DHT~`lm1kyn2D)wi(*z{zqp(mKa~m*5&@S@n>zRpYI@in~@HGBcu@c!3ajSE z<^zN^_*tBMm$1ekYmCs>Hi(?i!q~6bmvS~Jz zNyg!2c6x&gD0p_!_ri^NLJ@5pe^2TOYtOyOBvMeIM^K_{pdl#V%hOU|E!~YE&LpEw z%MLPG1UP^#5z+lIsC4KHObwHrZi#hLW9a4bb@6bhb)OctuxM%JyGX($d?yUU9H8$i zB%MiU)7@k6e?G~b_?!;$Pv~y^4%p%=z4rGGd(#G8G3LCD09D%nU`YlDej=!yhv-+d zPPHppIK-tZ(XHryF-&`pgk}Dmia>>-iSu6f=!^ejn_|<;*45!l`7uC^_`doT@`=U4 zhJd9B)S&sQ?=L&71L{^T20A}BIf1uqetnn^{r9i&40+vC!G7MqhJC$lV6YpcVmFXz zGe@CV!az^F*dTxVtC7@6z<%3cV;sy}=xi3i$jeDSFERP!%?5eLsknRv`Ot87y2+oW zerPFez=cu6S>g&=b)as6JO1j1#UJ~6yztFz@TBBiL!Gu29k;|OhO`29)+;lTaaaSR zSRqPJH7c~oYT_!R6;VbrwJ-`xom5e#l*_zvWN!{v>Pinw@5AYKz3Wy?#>n!r``hc! zgNe#9%l#_)d0~094Y6iYU*iz5U>W85il5Hjmwu*-IhGf5j$n6FK>dgL)%CUP6woOE z9AyFBll>hGu(bzZO@#kCcfrPg)*XO%6`P+JmkSQujhk=2bZ^mRe||Zgmye*5&&B~C zAS5<=c!28tS&e$@He;x|^s$<3cqwuHPYGd&9}IVOb_7=FZoi`yywV}EF+LYzgzSx# z1kKOLiNqX)ZhL>+F2#6L?ZSEC!SE0&)>{;s86|mhPw^T;xR=(``cv7+UD}v%R_LNx z)cYXTPWHgQNcLpBF<0cq{lI`Jl}7%@1O`PuFZ`r0bQC*87yW@MB#5Lpf+*V6O0%dg z7`mvO6dMCH{TMiq!J@2{wl&&euI_=&H($-AQ2vL0=&}AsfYe3OjE)%nuF-@>jwQmM zBF=7!F0<@A|C!*KyYueOP9@OPX3q}j@x43o$S(_+BXaL@;oNpE7N6Xn`p_=+YNltB zR3i^!8@cyuZL!J4o0`2BBKbZ{g+8+3eJI#);{Q~uoD8&S1G(*<+e(Qxu=$`T>-9mQ zv%#y;pGsL-scu~-C)7FXlv1$G5Kj@pIKD@!3A!e?OC93`YZ zy_;F?<^G;=>__CU?xPf%6tHt%E0LVc5sJ8dbHUJ!OJqz+##X(>A#J*}eDl2w6LMt9 z)HYgRy~xF;8LNv*BdIC9IYkNV6AFX#>nbUE2MzEHxw<1nGR`yXGEXMK*d9kzl2(kf z9;A>;&XNd)uWK!!&}!bzO}3gj9T&o6LQ$=gg-1`4!$K6=a`+>;A)kJ=b_$BwaPZ4K z9hjM0}%Pp(UPY+m>ZXRwv#AMc=+G#D?A6_a-|g-KO^>3H(mY`i(?Q zfyqje<*zSYk%W8g2=}tw-bt-Dbmp-knl2IJ_9l~At@wS|LHN1i)p&YeWQ?m$&7!%r z?D3;mA$G-q!MS|g&NBVZ<)pP-$fA3er!uA^a{lgyg)Q!w(JbH4a&y(;($415id55V z)`~y_W(y}fO4H);U~-1+S%phf==)KYk{@_jY@$oN894@vAk&(0-2vAR(-(n1Re?-2 z@Ih9KeT1Tk2TrA~PL zGnH8(r|G#PBOz6SeDXW@+1-JxSkze?a;GgebiJcLO2xL#>am7W8hyCFe-342XlRsG zO(pfYgYl&H4EWSe7eTKUy=qW3)+C(4)vzYUm7l$V<~}|;N2TDG6pn1ny6e|OoG22n ze0vWrDbrPGXm^zSRRI-BWZHQ>%RQBt@APFg*?}9Kt%MuHW)|QO`E2=}hL-fQdbvdt zR;6~}uhOb~GhIo^d76<*`J{*m^S4SZ6skU-9+_G%XI=*S!aQwKgoZ4{1i&(ojkg) zch;08u;jEzlz~7m23e()KdNo7%RRm+Bm?~`wTY_qtdZ^tf0ATv&kpk5ADwvH^WMKk zdlZ=ATi;rn{cOkzQhzk-b#FbhI1uXu8**}H!`P#%?^HEhANi`~0b^z%X}G|PiGQ~^ z;0+7g$?(w~b%b&Pn77p*B=!f{*h{QzMmmKx=Z`mmRPHO+#*~{>l`TZVofF!%>|Dlpl^CZj0Lhi$DOt#SWbwjq3bfx_Nm z;FVoSS%f)8x^FCTcvKZ}?tYw51vx0>hY2EcdpOjr<^IGtgV~Yq9GJW5u}IZj7+)Ug z#s!zEiz|Ief!+^xOn-47IvmK4G8|K6L8g{q;=711SmQFNIsH9T?U7u`_Rb*%Fk-P$ z|7+_{8e+mPLKt`+b`2uMMG48GFtKA+GCZ`i&vY-J(@F;DbZ?mN()$3{9Kw`~?l(o0 zPouy4ZDlc#9y1_0#79Xty!*tx9wmqM^egJUU!AJ54Um74KL<896ZKYrg1L=V;BtTE z9^`L)EgI)w0b<1bwMy^YZaQl~YdUi-mCYmT>!fW^0KGLHAJnHJVj zywk?!{O!iw-z(;5h}1D$iwxhN7oubqV*hH2WONWjmHa*YD-(T|{1t_Ea9?)hf#V6w zHSK)|(o;Rjot6Qe(xiY4R>DPf1Fc+olp)H^p^F&UhDh&Q~$!Rfi+Kw)ZGK#(rX;3MtYqJIQV_BKXf z$u8|$uwYRcHdWO|ws_~VpqMuxQzAL|2J{}xG6}GCc21P^A(V69b^q4g6?fEd3*1dn2ic_nTXBze+0J&W;0=q=sAIX; zh>F>U(#>qm_v3h*$JSY`3{17Y_YLPS#0D%~25GRewP1IXz@}bFC9wACBG{T}=(!W3 z>%T!8T7IBq?PS)Yp|BA48Sg}@5$9O$$Ku$To@z)?Hj?FZg4y@boARb-MiF7=3jNKm zeSE}^e7So*epHomv#hYzVOep&+jVcL9k;by|J5Bt?+daf%OXFAp#L|1*S*GbEJ(8k zptNOAe(nmQN-p1-vbQR7`dT?x2Pai6wqLOro#96}AXlS2;J8ysuKpaRm30e}jm#}e zg?V37M^Db~#BKgDYj4#cIdWMpk&?jDjU0F4*ZK3kG=*=TUbQ4PW5X<4{Q&{DAoDWi z+Jbf~(vGD!fk4)HzTCqfE<~1i4PR>yZPw+mVP#5>d|u^9wjp-Y+}@ANf1}ApcOdOs zux-YV*7Lq^RJW?r=LOuzeeVoIBhN&}d4->)3EmZ0EgJmUXQiGy(9^kUpfQITZa%7l zOm8uMyP%kCbdS39QAM+&VOm>x4%N?>z#q!`a1~uxcQ2bwk+#fj0whkd+*&4YbcUyZ6?fa9w>e_FHzhtNZS1` z0H{D$ztl8Xm~+I{sZk+CONaj`!@zPP0{0the{1g}S|GEwtZJ<(@v9Qcg87Z@Pu%m#IiW*5l%;>3Sfk9 z>?(IVWekpJY(JJii7~sbnJ0y=V@|}Fh32-Xx;b-8y}|sF04|ks#xAi%4{EmP(*<|v z{?snVgpS5Aq1~sQn%@`6u z(-_j=s{VZz$B>(#St<8UK~%FM2@`TiZ>r?he0a%Xc}D+)<_|jmSt`RxeO-7zvnov0 z8=Ne#bVCm00fteXRH+Bne7k#8^O0p07o2mEV160WxQ0dyX&4?WiVsVzX!2gSg}U9R zE!2JbOcCYo(+cfY9O#t2uX=IY)6MnNvGHuL(vYDv<@C+Py$W>un1yK+*Bqb_J-5Jw zlbZx!dfY{Ags(=ADaVpLj#)s?{UkjX#Ak6J&LxvL{1CB#eE+W|4MOs-=I#4~==YtS z9rT^T*6M=f)LGJqoD0G!5!GT24QX~eGYY)KzJv+vR*G;k1U9c(gBL=Q1UA%ySdo!w zHG9p&gBE($Y1T6>$0xs_RNxUoj}Ia>dpq@PjG*x-BtqiS0R=?D-8xUpTL(%kwsn{q zW%K*#yQXG|ER|Yn+d!qah79^C=j!0ya%j`0YcURO%ZPpDj9B^Ix{TQVmJ!=BVp~S+ z>tw`48fg|xUrTlVhD1kKn1-sS^NWcj;=}FEZe6i=iciame8aq%xt$Bxvn^M)<;u2t zGY5_>yJp`_W7oQe8|K%ZZ27eWg5hW_iUeX8T;o2XCRKz7n2os|!P0maS&Kwk+G0Wt+jW71dYkYr{HQrtO^6?uQKnZ@>O;532X3Gdt1J0%U5mr zs;`l+S~C!!wc+rDuY_^i>ch~MZ>yQFE#J1~+h*`>y$$>JZ_|Km`L-?Jw&mNtVoqzT zBGdJzuv$2zSR7ks=tB`HFEFn?{+a<6&Ovb;I&8WMDZUy_ zp@$aR>c2+#X4)4TPx&$<>j&)T`dY9B#9Ugd$hVln%aCgtXslj@%c-2>m6OiqNWr6e zIV1_w5sgibeAU7euj?I@4|Ez!g;=R5=OEGF>Q|SOI3S$BfiMhNiOA_ttDg(_UOrEK zGHsJX0{7Zp6%kKJ@LC_l)$dE6W!;tI)2f7Z!Em!N4Qhc$`j8V6Pebdp zr{z*??b>sPE+z=df4W&*dX_$X7<~9JxV=?i!5@R$+Zj{#!=eXgfsH6_0yV&wnv1P4 z;Og5c8JRl=YAT+M>9Ce{UpxhDcFn+tGJV9H1oaeBFkU%-EO9)yybp~7dPRd27x;_Y zT0RMGJSYNogKucfVRn)FmwI!T$E>Kmp^<88$~>}>!)j_xKM68wKjWaD;G0Ec%t}hD zG^RCTAY52c;WhOqHu?dJimZ$B1F$-_>;$a+Y`EC(Ut}N3RvJeC;m;az`ZRCjJ7QBePw|=9rPVqFt=+Vfmf{)`<64# zr*yFy&A8$DbGzl7&9_g>InPMYyXBcb56^sGIn6Dh_IQ}cI1dnt+>-7 zEdIaZt%UOFB$PRcoVQZSok%H;t7I*|y_I6VQ7PujxM+LG!hmofdP@ig-MV{9DzVg4 zJxZQVmktOHXgsRrVnHw{Nd+{b3McnEi*U97P6?k>J-ImXwGdG0Q4q}iaqSn0xu&9Z zoZzUIrW>;TJi8sg-f2w9s&J|NSAtZnrWTnWWRKb$!4gPw}ES4Gx znhzeJqYIWwbc$ntOgMVOVk#M@@#tUizvAj!LHXV<{8S-`yQiIZiJ;pGCV#R<6xVxw>~d9(o0RTwp;0 z#9}1J1f_|PoZtw(zf3Pk+o=b_&b$tN7DZ`H*hnAt30T1c+(`dv6MwK5HQ_ z7TH0ZBuuDQC)4K-!!A@)C>ipBkfof|%x85t?`@%g`3^t^3V=v`$-uhmc{jTx-rWIc z${eQUJ|oO819lxxXM1b49+it&W=jS08UOlo1KfS{GsFCq9YRgvk4c1c*m{TgCpiht z*~2fh)~g3uQ<5kNv7~YFNNK`(<(vYyc?}vB{pE9?eRkbGbY%nUlFzQ2wap~dzXYw1 z)0oyKR!(Ro$SJw(+)9dNM!tDaI(^IT=FPqGi*8i>eNg({Ex*|7luMK(p^^{3w~Y@U+K9vfy1o6&_PGyF^;Fq4RE1>p z*!?)hJRmU%ya|rN1^ei9I-SG)efV#u(<%S=;K{+^U%LC9UZ-=|?R7hU>GbyYy4}B^ z&L=CaufU2rGs|KYg;Rq>fF z^v&~bbCG_vBv~DmB2DUVoKSNz_t6EG{&@GQ+qk50&`1AZ7mbKWtfaku10mIWAAR_M zyko^o!BnB!+jgR=wFNdspdVeXI;ppcJphG`=mVj|NiwHR9LG!oV`i!}731lN@$Q(h z%Vr-XOvpCq<-@S0f2GNYXk2n>RA= zou~1Uc+28b#$-vY1)qKqghQ044PE0zkr8KtK@8tSZjP2=>YP!7r* z#S{3RCP_#l5=$KBWTe{UBmGt#U)h1yMiGtOR16Wm>7&DggFPkp4Tatt8)}Xd9Q+)I z6E(2h=9*8*6_~(HV{P^`1^(a(>cYe{Qpe(?+S-Bz>-)# zvhDMw1V8i4k^i~}Ps;LN_sQN?{=1Xsff43L5j9klFOdW{!29&p2TMbir5M-J_6j8Q~a@2yg1Gy=)UF zEHFChRU62iPuFeWG*#2IQX}T@U2iDw#yDmGMNJEuD0;^@!51{7k`mz^oxCzcP&g&& z5RI|;Cz;qDA4_&7!4%=`m~#JD38+F5B}qB$S#i7WmqV(_4HZ(8Yu#o6qQ~UlSrHgo z0TNFBol;H$)I7C+9iKiI2y=oWDukLVbfWDQhRSIh7vr3WgaH?+su*L7mV|9l^-Yec z&>ub633G?%{P^6vzn1=cV-iMm6f;gX)5je8-#P5`iuAvG&^_GS(*L`79-tE}CE>9^ zk|Dk7=z2_Ibdk~!kUzoxB_0vsH6EaM3fUE_$hZ_pj7biG-N@Qkgw;n9HLU0sf|KN=5^+B(Ln+W7gm zw=Yi58e{BV?lye7+bCOqzw_ki&l;ZWE}xqH?;4*s(#P!m-`juE-7oF`{lkO(?f$=u z=K(q%tCKclqsCDfqL@KuGIgLSkxctU6#Q0dykyMTcum6)T@ZwWfCP|SPf-iCue?U% z!2|UEL{k!ESPRtY{EphF*XecIohR+?v&Mr5573dS-DvCo7Mya90-Q)v?~~(fJnMF$ z_|shh!*N|Tux@1sVSz9TNJ8R(#QsDBywE@;Lm<|nR1gk?liVas5Tt#zP(&oBzB747 z7<8M|F7rMyel*r4#_|%4HaaB{yCP^%=lAa4)q3$MFP#nT`agC_f^`Q7#yx<5OWg zAte&fmN0-PoLs?N7V8Tbc;14can>Eo5(sx_KF0~kN@(U!GP`=YIRUX$g8QIqARD0u zPmak1M7C^(X#Bsx1`Q+_#e@VvhsXGe01H_f_O3hXYS(7o1i2y{hsaS1J{GAzR!0T6 z;AIs6Dg{s~^igNqd?h4R^bn2~z0QU>!pL`8dMskh(lAh`Ez&k{z1rHV2nnhV1}f1t zlrl1`su_Xv9W3qKVIH3X16?f&ffkym%>h$(uLp1QQlp$&7jSUo{x`>i+c13{z>A5v_ zS9MY&?RWhKC&F$mqBZv!xaV2R`Xsfyj0QP(ShX&#xoZM40|lC-=Sh@d6AAI@kg5q3 zdP42?1g}|VziR}KNGv_1_%S;Z8F=nk0NXDJiIvc0yg(hE!?xt204r^;46=LybGq8b zK}2Ikot<|ipwiN4=k*mO*Mkh)fukQ3gPdW424SaSA?PSZToq8iGgbp;v12%1J_f z9HP@7j*eBEY0^RymZFG`#u8ntO`?HTtV7lA2t&T0aiFGKkbIaJooRz!J|}ittK%e1 z6om%I*+Gf&4$v+dIFwiaE~prV#$8=K|1?l-4qTP$04P89ITM<)nN!k3uZHtx4v$7$ z3GoDezGPfY(Lf=#S%sDvvx@?HKV?rG~MARay zK4NNd)_elgtzfSCSVG_xFjt8_K*||XJ)zxfA$?AyS)4(>e+Ty5fkWL;I0rCo*&5`# z^?qUfa_GL~P^;S`VgVgakeN)h>k>jqt-$Hhy%w^E_k^V!xf{S#Hm!N67NIhlTZ>cq z*Lt+dzkfQ+nuANuX?Yh&1XG}=Up12jh6t1>CKlotGF|!SK)BlZsA8JouXZiUxrnA% zD9c%>rvGvF^V^IGOb8cL$T}v$ME_Vio8gp|h@sO0&YRGWd9zf~YaH!r} z6s9p^JkW2(But$65j88A>ky> z_+VQ{A+6R};TVw{93>&JoEV*j*uONOX4(%boT>t0a9vYOmc=!fpRLz}B%EHU>c%gR z5`nHLR%aq-LF%i1Fp9~w5$XUH%vRKh>}hiOTo3=$xc3cUU@avUfinkHN3lM4Q^_JM z)lLg1YSSlNtG(0|E1Gge_(Xg0XBiqa|@Y+erK?9c&nG7ZhbRoi*AW?v z&`<;9BY}Q-h2)sCbfhE@Ju<+QF)Xu4FTkMjn0O=4BKsqu3+`l6b8$Y*U?oE#6_P*@ z8lb`8Y3FHYfF2upXP{mxxo7~wjvnM#%47i2Bf(h|ShfPjm2a@qLf2#Jk2A^QdQ8l= zvh#0>YFvofHG*s|NU~Ng>I@mbR?>x%mXy3ngcSBfwe95N(xXv`%8CM^9^781(;2Le zHxAib0d;a*$#pxMN1GhRFAj6A$;B+JDXFE_L7YNF>4LcPtn;ihjc#JF*Q4WCXXwnw zvCw)J8cv4b0M7UJxY2-F z7z`sAhG?&^*GouClUz{^kpO31rRvpxt5VWGEYAPH!hbKTunU@81 z5)S8f(6^DR11D$!8q{u*up1lg489_=7MT@|BO1i(*Bs7E5}G~c z{K1YBJw6=TjjWYoa89dD3wqGV482tty8#ryi&7!=R=*%w@tKoW07=i>R4n{<=kM5Z zvH=n-B1P4u;o~!vs5!IkN40y1F-m~&F-^VNXv1k`-#bJ`6(2H1J`_bME9*gls~2Sf z&0t9iVzH!g>S~BH!zMV0tYk*X)kM}oci=Nl+CeM^eJinOoU-3>LfhIvqDq)K$i6}i zKQl44t%hq#W9nTG5Mg!C6SsAGxxKdY_tV& zZQdZV3AYrmP=SDTY-SOWnb>BR1NNh)Onz3_L0V>TkWa#yfMZmW- z{6!G)6A2@|@&IHeMrMXQ4;?AajS~S$FRlp+8N1Y$;xGi|sph}piHQI}#?s(yO$ReL zmL};)tZnHEdKRnwi$|keUd^l$Tt^%9YqCB7b5uJGAi#-&1Xp`#XCkp>=Q7znqMR$b zVJIczbVOqu+LmGEteZduj0-ZxS5!L;)=2HR@`&uZ4Ob0E*G0SAjFJE zIMnG(LOLY=#MivJZW_u6quP51pv7cJa}^X$63(z@f3+zu3^SJ(!*Ug&3s_9FJ|d)7 znI6Y*#!7xhBO;N>!4qhH9izcmL1>VBVC;H1aEQg>L{$`-J;!xrj?hi__oCBjlW5FQP*Ay)t7CQ$Ynr^r! zWJusCX|_-^i>@&lWnE7Su$fR)Re`ot8L1TvR2JKFnwny#!)Do6!pNw@<7(WQ&`zd13jI^$ir&2kOVWP zCPZj&b50UY1c{}Vv@)F?Y$Lh&;KHp-I0|a!ojByEXHuw=|AfJc(E;Y_CnxC;+M&HdFb@^1Fqmx%idu+APMJjW0Ee!z(com;$ogP7(0~^+=yX8MGkD7aa>BSASe3%g3dj(+>ayJEua?Em zrc##l)m2_6w|75~pV|KFeAzB_&O!!Pe%z1@rp@Vxl1UawR3|L+|<+4}$9#q$7x zdmg<=fl&UK(ttqXa`4#wDa-byi;&E#S39XTx*mGT_@#cArw?e^qV^H=*EK*L;$ti*iM4(pHG=dE24H`^I*)~vhe^ZibgfC6H zG|S*Y(7ZYebMn|if@sDn6T20E;^vN1N8lv(QGg{bGQ;`UDG{pQ<1z6sHFbmlfQZIa zfvNbCP@VE>5W?p)(dts;{9%j1yg43?1>316P1>@PDGr^&nj_SXcY%lg+t5XIFk2Guh2ZIf9%~Ly z{Tl3i=4gm-@2R2x8TxOkkJ^OFSEmS6WaLwP`xhLP;^F zChKg0**pv_bsajcT}p(fLn5STq4$Qz(H*INj0~kZ+9}X(MK9f05g<)DfQ}qNnNBw8 zSO-Bkl)DAGxXX#pctGRPIkdIAqe$!pBuoWuO~CvV(k1BZm~r5eb1NGVEFeHaPX$3F z4%(8nNgTLCwxXNk(GFcW1DZCJ9Y-s&`2@C&#+f-2H^;>-yj8S{Fz>dj@E(oe^uC*tsIw!*rd^3$t zJasq0pfr?$%{i-gL(5tYwE$k{xJrfA_^_DdqxH^#)jHt>WDG&2V!qlgessNV=dT(i zejpMn$wxHWT3+pW-QHi(<5yNa1~31nUhlWid&SaR5XB=5!EyFE$aOgv~#C z25TsD6Xup$)v;SyJGzW#6PKCDE~k!m4N_1x8s`de-)G-)bhXui20+x9`sZ8~+TGC{ zjLt<>+~8)F3{}*OY+*tk=$YSZJVdVc4!u8p@%qKl*^BeHM{i#IUOQ9uX@MKI$zHk1 zb{ovKtGDdTP=V(C{`f)R_m0LLHFjq{4H$E$)RbFbR-fA-JjFaWesFY*`8LnCA`Swo z>f*4KMej*nNc7dld2cYI>ixD#xHTMaxO=qcoH>2?;W$3i12n2lidtzOx8az@I$iaxMzx zMHj%LOoP3^?#vX?rCsD~Ivvc7bZSJ@ZYL=pl{cNI>%P>`3d( z|G~J`88sS5=0#DJWPDK`gT3sk>-D@n)c!lV>UkZnvx8_HfJ#|pVR0NBS8$AItadDx zV0pRV#MK@_sG<6)aUNk1VT7mQf5};do_aS5)MwsJqhTZ6pINKNIKP3xQVjJv8|xrH z-p)XQqs@@w#f>C9#$jeuO0`vKN^xzqEV<=`L|TQrYsoQ2IN&LCSS$R#B$Ki^C-1C2 ztdk8Ld@_Ag=yI59(}Ia;(9V%p1l2I=$U05tbP?QcpnTboqY0N-1Uh$#p6Dfds+Q=v zc5zX7m9;%gW4*4%PXSEo#yLl;4r!br+EeewyD1pGTVU%n8&0xXSpec_opb=M%am&h zwDvnWCXt6;QZ8i6ZCg7HfQr=u#D;2sYHWkSK#Uuk+5f2BwjDh24!n*%`$%D^Pd{nL z@1c2f?7pEfjc|yRpdLlqo!yyHSEcM6YUW&36FyL~lXo+45aUoI#uEoIaOTw(qmlKf zHrUxh`IIOm(6S|1ii9S@fBzmNG_T{L-+}Jsa7r(Zf0l7BVMA2qLt7?Yg`VE5+k(Ly zwcA6+eNr?pbJBKvGTe~USHsNauTFmOdQha8b7mtud_U!udTPysCZ8_YK3IocV}6kz zpfM<%`#^_0k)=I+rQd7Ya9>gF*J=W+`_6|qSo-7FI^|}BllR)z`@8!h@8up%(l9ls$1x3eZu=%EL(NeXr62`pbhJ~a z=L%fELr!oo(Gj{N2KQpZNzlsN8pc#e#wUa9R5TuBHlQdVlJJPe#3&Uk@~YOAAa5KN zt+xkfVR(W4%gk-qlrI#jV1_m6C<@480_?@HOF6X`=>0JyH=%!KSwLVv{h$+~y~+}z zP2mT?BYPKg6z9MjJn-}O+Hy>^l+re-#`6SgJ05z+K<3b94g;7vo6RL0Mjr>tBof$w z9MP{TEX0^yJB|lSaX$aeQWQa;l3<9Zb~>FVjpf^tnnwb?cZI3nA3tz^YIevuw9IG> zp{Tj1sI(~W3OyL^)U+F8NfZZrLW0+&M5Vqj>r-P*`#u4y`5N=@8 zG1TYKK_3Urs(qt5$RI0uIDbT$1MyTh*^g+@oaP1H9OyyM4x9Xljy3JIvJ^O36oQ_s z`Guwi#UG!FmJ^_;wWT&j_M?f+oCQ`Ell_j_crqQI`Vk#v;o8$dg+Olm`SPhKek}q} zO~Pa^fKa{tHYVChGEXP;zFK2b$)B7k537Bj3#`N2raXih0@rYGql7(J343vH$n>bq zt2W%;_3AdcVszk7;m$ZLL>lQ02shjlUS9yfh8U>>V632*>|_njNd^wESRmBCot z?foNqrStbxKH8{jCtH}4!$t4rLXH=G0t(Hm@szX*>3FIYv@ajn9RezRc10isP@$-B z_k)`-rkZv~Plw5O1oKhwCpBKTHEyNO7H1r|OSN4%9gPS_82!O6z|}-mM5*=-aa*=Q zfCaBttve}tipII$Z1Lj4k}K<){;La20(eb37hV7wK#;9^XL5G~7w`wWcnsI@g*q;a z%^3P4;kZ11M1xnuw@jXBU&pz?pBt$AeNcKgl8KWzTvkMj5Nh-z(XE!siR1C;fyXGje zNmO^sjqP~I+E~k<&>(Zg7?_M_)jKV(t^2wenUNs;JS-`5#x-fwCN{2ngM40HWSJz)a6vQ8h{D`}wYl=W|w)D zF(p^pBeMm*Cawn9bd!0DWPE%<#qQ|L;{ailV9GNd#-d=Ncs)=x#OSA^B3lDl079)< zVZfR>w#u03@hU#cFiiltH53<;=T0#cOOyLlVoBcUWyu!Tq@sCYOxyXQgMd-GQE=c! z=YfjqH^wj9N8rh#$M?^eUB~E^5UKWFet=HX*d`jVIahvkGr=~%JNQS&Mj;M0M|36``nlURWNP@v(%mAks zGsteaMz0F$T*b2ZQu6|)282$S&><5QQX_$C9rBQJat#_4ux&WJL)LU2SW+H@!Y^a% zi3pBuLQw}k?RZSkHMxM0z6{4~x<|DrrRg^Z zUmcR=ey#VKkPK!-{dYtp8m5Xaa5>N+!4mlPT%#M|5MlxX%ckWyN1WS9oP3;` zoiXgAwrppaeYAVgPkKs@+*mnvQbnoMKXUfgRUBu28Q|uXjhz{c(N=meHE7dM9z_4{ z^_hoW6fz+zzIONDoG*=jFa9&G$4^?Sah^# z#>l5Uww#4sViRe@hC@IVmP#cj$6EB%$wecifV>nQum(rfj3U`ig6y5{EZC&fAh_pd z5Iqo#v`By)=RiQ$!p_uXNgTAnR_ZQ~@vb3-KCO?4zQC@Pap>xW6rQ3x@5Zj59AfUi zq6KL!OO^ZX^;tQipe0eT;X;N3<3N|g;wk#{YZ1BM%tY?uY8H99R<@TZ2ZmTJU&I1p z^BQV{nB{8KikqmdB5Aeko}-U3{zmXd(ulN>+Vn`F!)RQPG{;!`F-?fnUO1W?H(RK! z82v25AN&iYz536W==jL^`UoPu#y;SZbE&>wCbfEcZ>!?gf@h3W&JYyxqb|&;n}l$= z>CSUS8hJjC0Jikt_$bFm)3e&ETDfB@!WPq+%rr1Tj{DPlR@2Xfnnbgj#(-s0NG{lv zCbf>BDjJPft`~?)>=Zh`|AR>I!`W5HYE`SX(oAj19i3ImAy<+h!9pm6@@Xr?GKmrST|K!_v-L+RfOJ&@%tTjLzB# zR&pWq02&U*dTk1LC37+)DX7$6>tTLl7}=Vx=%g_tNE z23 zQuRVEqt#cdk+H0;TuBKY&eS&=Da4o6|VmufDaRnE;JEk%}Bs9<&q8M&{3?T=&vzgXuxb9{#GUesFRbk zh-N5jJ>kl8mEn2|S*EjeoVf#1Ox|L%Z20V89jA??5yYEZ50{acsIT zS#i_NPGDKEi@l*rlvY5PtJyeVq7F}O4j)B2GJB>bLe9-nS<(Yw>oRV}Nko%H=GM@k zmh-YzuuHbGUgNL<%d~%`n`bAc{fRnShlAn+4|Hl+alI>;}l&YqTu`4t?br=yY(s z&(ul`zN0nV9apT%mV zHl=ETnrloptWc}sBH@NSAN{E&KTra_&d51-jodyC!%~`??0g%PY~8s<*?NX*n00g% z7&&l4O`LKcU3D9mG!FXC66h6ZL_}gW%l!s|#qFcy%5T?!;J)lML_&O3M|)trVF3~9 zXB(Xo9Q?+qBtOSKQ3cePpHp$EbEW&(AJcfGD)iA?7HdX#jMSF?T9n%F+ zxxV9txH!tIai0PD^iiCKVFTs+wQrVKhoR_Sl_gzmsqBYkHjjXI&S>0_S8w`}vn(@-o+WC|DEjDQ z+Yq*c^GwOhr=Z%q>f$gNWKkmq^kuj;DxQ3+$9WL>$!Y8G0C zS*aO|{;mPcR%SL?cV^I%>B=iZR-FZa+5X%KGrzK@CjTo=lJ-V(z|P74y?@Z@mGggh zo^-eQU+?0nO*Ej6-XjwS*=V@QHuL+mVv~Ku5UR}w>A?m_%iD&jLeY%j!DL8 zBTG_XwX)jhqZ;QRTKeuxCqAcoOGV4%paKsKdns@nm}`KoRiI!`oMuUK?Ak4T{V$~A zO*yEG92-w|XCaHUea{ASUiG}2T@pL)f^8cgtiB!W?s%?Nu#he`7r}EaTz@IU<#g5k zj$*stxo!uU@eOPxPDE5dhBP*5J|IdaUzXh1r*-mTv4q2*d3CQbn`tV|=F22mc5MK= zJ2{`)vKW~&y2eN(F&|ldGB~r;rdIUS%x)-2@$L?4qoY!a>TIvIeZ_Z?U`o>Js-Huv zi@ulLx-PQwg)dq4gH45Am-_hGzWJW1V zQm-(lEEUtTit1~v@*wt_+~RVQ5WNBm9y2Q>Rnaub{H!9A5j2gRILl&|U45Uu(f4BN zgohbYm2L}Oh*V`^lg6&#%u9ZI(3HbO0R~u~>FQ19^1@vl-WM*A)bRg2&v_=ikolME z_A!V5-`ndQl=%O{{k^>{|9=;cYgp_z+O9BOAb_BmwAn)X^K!By8z9g}J@2X4-OpN{ zM!l!BzeMhMr_Zj}?RveePjk>s>B0sY&u#UYDh!U z-`({*^}i`ci`#g|bEjw9__pzFiNH%W6Jh5I3d&#hLR#v8@#k$F>A{@YcalmVrreI?6RmkbV-PQJ2+pS)k{m?5D=qRS>ooUq1o5u7s`i z$oeU8b!AkYj;R|()b;uQ8u@SPk+-X_Z(mv@oFo5rp6u@z<-cC9bJ*L;e|Pbed=_z% zbmT^@K&sxSg}6V<9F3XUK{Zyz=Mawff4{+Tx3_!wwBTiJD_@ey zHRA!uqvHfO+SUfxXuIys?X0&5Qxi@Cbx4G1*hdkTl49YF2oe8fGedZkWiE%NfclsH69Wk<2WFH{#Qf<6Umrx$l91SHir1jKYGK)RE9Hi>~7c1OrHMH zYSn6sEi!>6E5fYxUuyqrDzr2Kn6v+%^!E44`+u*u_5Zt*=Rua}-QqYt-@1|;wAmkvYg{}55m87Dzo2jJdB3SryzEw^zL9PaCbFrzyN1qzB$Y88&ji5 zIAxs5i4#N7Y&IGX&@Vi6lIJ>v$B9B|Ae8b@Q@W!6flZwvu6#8V0O48Z8H@|dvF?Nu zh;$cy)NM5Q1%{}R2j~oLXQV`+Yjb19=?_Q8PAFF%!e*km6q^Bm_2EvCMk5i)w6;#p zP8MuR^B@i5Cw8P$v`=dmXYqh0m-~DuRYUL0jUzVlquhx0<@2EItD#P1L3E}tU5ny|_ z_w)^gcOi}FqU9TqW<`}XSdz_$_Kg8P?*VG7$)H61@06&zk3O8AD}c|>zyF`+|07sL z&Nb?v!%RJF-acwPK!pgR2M{x42i!-0`ciin>=%c41=y!Ry#f~&y;`)gf9;=ZbiyZMLw^`J zVKPV<9+QC#Z#jr*jQz6y-)&FdZRa$jdiG192B*5><|JM6EdEO#pA*XBQ_eNX--?Io@c(sa(BTF2 zH-R*9QKHf8O(f!jXF6fbxApZ^@;67`3_%re(7-06izsE z(BjO~BS-Vbjzs-aW58a}N!M1kf&93#wF`sE#3wa}l)9D+eln)M3VjD)x7Luz!<&t# z%Qr(vU74a6_-l?3y~ImPALh0|i%-UDkq;x!ZF-}Uo3+7d^4pvYMryPIfk%Odgyw$J zaU{|J`$phH>A?yy8DyAB0;I=>uvf7pZz3y*%%lhH9-f{cnb;@^R5%oA^yldC#`5@< zDUfV*D8eGEun;Oyor+2cEgK;HO7Jz&=|X6Lj{kFB6dZEA9(gQEKydS8;*LpybN5E* zv{=eOW-6gvLy#&(zIcYFUT~I9 z_Z9gs{VXN_QT#0Hynb_Wd~V0L@gjZH$$$5@^77y9-MvQs^C-`U4{4}`c7@zW-JILV zM(F+?LI*)?I2E|bZk+@&)cw>8l2`^dO$mt(4dt;|J9HRVbJJCBiUW6pZT4FqK5z=9 z63vSI2l^g&f8R>832>@qSrNWL9UOYBqns4ABmI!XxYzpd!9pZ(=hqe2N4v6#B24sA$~|AX2)T@D7a?-Z|!Y&bNhd1XSdn^kMex@(0Piky=fn$ zYW%*ync0IWM~gEdee|?*f8XMzTF1AcjQ*Pu*hx1iSRp5 z-Lllu=#KNDfrIw8;ZJXRo{UD`Eoxh7V|@GYzXiBDaiHo$#D4!H!9HhyT!h0A24c5< zC8BjGAM-x=pg55e@ze5Nr!ag7gCgVfc~dV|Y^}%8hKv?-^!i-IlVKroHtp8QNJp@N zMszqmBh9^vSff%7LZCJdyo7d9Os8a9A;=(I>Z3-mDpOftp&9U5+R_skP5)r=NjBir zh!L&WXEG8kRMxO&-YyMb7YNJDJ$l#I`Z9 zZCme`bIv{AJ$K#vqu1)ytEzUPtGo8IpS|~G56k&=RgRVHL&s!8<=d}D+!&9eEXhN~ zzA8*piC|d`@9uo14o7G5yP<8Rg{Uh95fQ@UC%PXkb0U>qWx|3cJrrYepMyk8%a&&%k5<_wDxV+9_xZwxDVCg#=-s*p9s z=yH1zhk(3j(Ros$zy{(o6sr?K=u%O%KDOiUe`4M~u=V-Lwc8aq^AEE!3~K=(Z%ZL6 ze3AY>!um77&Rb)4^j%qmaF(YE7D%c(hV?iWXBaaX2i`n-DZI&ZK#pPoM6aNNDX5{A z*DcE?dur$n7SV;TKbr(7B~rn{P^~-KPu!@q(f!-gI*pDNfX4MC{K^eFNR0$F-BBMP z;XXO$)*riZ+Z)ukCqBzH3!haQpduM^jYPq!ris%)27N;OOql&EaEA;p|1 zS>tZ2D1ntc?DM21r-Dp*U(fAY9c?cR>snnopS9Uveq?cyI}Vr)$*BaV86U2aZRM}( z(G{E9=O^3c4ipR(i0ZFOtRu-}70@G5MrL>Oz1L@$HKNJvvdRJej}Z4GGa$E2`reDi z46M6wa_#OflHgMAYy@lSM0(UEJ-g*`)>I(EZj?7*X%I|r^m@O~laoE>BL6bW2Eacc zA4ifc#4^SOm!zOtfg5|DMEDTBH~0-kXYaWOu6Y2e@2f#{Z0-6-McffnWzOx5Gwpex z3l_-(df>DN#hnN$#DkjICIyqvRWz5HI2Bv|7B5s@+CHFaoF->6s~Vm3%i%Y(7y%}? z1;$~Zkg>dIV@(Yqe)Rc|yILB=U0uJ2%rM~>zQ4P+j3^IycPo%IS91^z&8?_=qMsE_ zPoJfjFzt~d*9&0}L5X#gSNr&`#Yl$xpw;x!4r;~t{8*A$8oeJAJjNE!p@iXP9O=X4 zb8)vZC`zuzfNf+ukDNTK&`Z#G+(M%RL#@HUbKbLnE>X&u;lmqA9-@yZ05>WQj~k|z zCEgZ^+r^F-=}tESXEG(`4CwduFnN6(fCBu@2r*3EMJ42*7KI|VPpacNr7#FoKa)tX zJLYCNp8r|sFGR==rEgb~E{?^mTl!C2BAwe5J$p;H->lHp!{WM<6EVa0+-sSXFgi!f zS>jF1K=*>e06K+le%4N?jzIov(ie=fA?7}e3#Gr~^L20UVdDiX!L{B`#GB_A#?rV? z(Sgv20KUS{TGtE9@J? zLxOE)K){4}Ybn1@)^M&$8GU+)DRPRqZN2+un^uv7N0LIbDBQZ##VWx0&_3RVIX5&U zb|aa7~IS=JjIb)%EbnicBI=iEo(WN`uCPdgqvpQ(Q$VP znrzUf$0p9NsDvaH5w{n`Mo#@7NQLAYc?SbFAUF)0o(92rJ`t+JJ3l4oPDQ zS5}p=-=#@~>09eKN35&O83uZ_2S@UeF|**@rj(^slSc6HhPN^Ha3cvr;`9%=D{-p; zx?z3dDdb3wD3*tib649~{?@t!h8Lcu4+iHjNCd^4FSF9DM&SC@mF*?#UC)TS<98+! ztKLr9toeQ<+qgAfm68{lB?d{{HUQnr8DyN)K|RPg%N5$J@31WK02u9W9pt$OH9QE7 zFho${X|_Vd$VBo6dvE$%GpC}HQ*CV^t0ik>l3B%o^IogV|e;YLJhC%!) zqNJq9Ax(70J`%O3sc+X+Ot4j{h~QKp0Mc36b$nnlwNbp?xssyMTh(EUD#YBByT~nH zy1_#@4SZFxZs#y0H%k8?y2{d5(I|UIWL=EHlCy5ZSU7a@pNB6_CcLS!xN??t*Zh5h z!3C;6kDq*Ff!}esE`1L_wmB?-tMS`PVCn19c?qb;L>8lW9A7*SpL#W*(%c_?Fp9#! z4ll@e;N{iTvK+7{(ab=8T>HbW%}Yc+QCxMsOD&sGW06`clz~*=z&L^DR<4~9<9ZRNtq^UiSPg_eYCj@-r4iq z(7m!dNn%N!Y1LrES*nWJpXoYW!`+nL3H}>m1o>w&-k(yy`(Qmjmj^#DKbl(Lsg2L& z7f^4Eu|N3$&?EnH`Bhk&Sps)=o5ohTrQ>SCwr4c|99WTU{lSF9Vi8Ie$l;RP{U&trFJ z;$BbUAST#JDCHFk^TqdtaIb1(dqh!4Cg~T*?r&_t?mIBMOqo7tj!Qisv|5}gzbg;S zH#^v{C<=kiPd`6?hVKbvedWhLPIw@IvMq;q|28lf+>@9L`%NVotm-pqe8SNv|AWnO zhumfR*K%2EBP>bdYg&ZxvkAyD9rDVi+6Z)eZoT^sCi?7_`7slBH~L91`w_cjdXm!L zbG$~rA8_G=-bMt3JPGVi-bGp#cdJ(6axnP~ZirQhnXCFQP4xJPU6O@sMSgwep|%IF zNq!r*IqwwaZC$YAleUN+2>kSv)_A{n{XR&`5TmW*r*y<%dEhpDAu%(7Gv_u8!k?;1 zOe*N|6xq_)aM2YvR$~rq*5%on-beAw9h%gLYP7|BLC&X4%J(Yu9(;Cep1x1XZi;Gn zrjBG$U+(YLFSAbX4Ebutrqr6sWwo&$-&JN0gqYc_M$pJd{bp8Mg;8L6ZvB{~<0ONd z6js?QYcscMCHSG3hs=PbdEa~Tx-BpK^We!3H+hQpH$NCn-o-)XupHlwO@N&wS9U=Q zl`?UqX(mQO8@aPzCe)S8t@0t>x#fLF&6sYyoT02+d*+p`-Ihe!9?%J+%|q3XM#L9Y zzUza60l2-j`nGn@?|1&>7eiY*c~dKtOrkuFL%J!|Mos?MOP@p!06}B_+paD5}z;~WI7VR^DJ2sP&+nu{4RrZ(XM5+~?L@Fu*`{9&5+G%4HiTw@wC z(F?_r+HX(CSFW40KoVbk=C3?9?4vDl(D4oro4M9D{UW*hDl3isvOB!=YiaH1s@?p0 zKTibmQ3JPUm#N=09cf;yAzDGk`ysx`u7c4%G(|NbN$Jc`@Ar;`K0d+s40lzdK&zqQ zpi$s|yua&%{3T=)QoiMPD&>K!y(<)XzLOld?nL^ZgyL`tp+e>$s3d z`WCo`RK5%3M+O34SHFteKE*ok*!c4TzZlBDcNE6mf9#4L*Vh@fJ8#6dZ6x2IX?i0- znGFc|8DPH_G0LGc6LKf=U2o9BH~l4V^V8P$TgR|=!vW5SdsH|9Ct==xFtzur%4T;| zM)`}Yjm3+AM!+a^t(dJ%DU(-Mb$TRGK8fW9{gc%-Ew7^X6E*!g220lryo9+e-QxU% ztWgrz{@JrWF$QdDX?e=L2P)>WIY;iNi+~CusHJ+DjJxzX3xwaxS0E3nn`*MI4e z*xdi_qY+J7j+Z2R4KLo|hfo5y(4;%J{nG^}M6w^$cNwdv< zc>FZ#eFu6EI=s*PSW6w%uSg0`RYE481%YG~1F}22=A{=fBIH+++jI<+B}**jxkj&F zKu8l`VkT}9B2kLI@D|Oqv@}En%${?H6@@{5gJsd-MEeuxOo2URwt|MZ7TgkXgXC1q z;yFt|J12SPh^m#n9JFU?Px0TqT5ERXN|3rCAl8i#UOl--*azT3i6Wqg%{~IJcjv%X zAbyjVJuMZBEowMIDD4iNq|sI<8ep0oqL-dy68Dl%8~MbN;buLGQJ3yhAPI0 zVGnH>++Oym(PUkeQ1>kFAguF@YhLW$rGaS0k%9U>d3VWrJN@6YX)Ay3?hMT0OZsX= zv*_EP_xc@z11KuRa0?XMeF0?(>YUfPKyP=~TYQbwi;g-U;~~!z(KbkZKiirnRk(Hl z#P)kq95f=Nz)hU-V1`25d8fWMXb8q2@+Ijc+%UMm`IO{(;~ot1U_Z8ymt~nQ<5trg zq-ZpfI=Cm?jWh#-=!s#vQ`+FlK59-}RBfc$Nv3k2GgB4I!2gCXdX0`;RB0TGD-h(W@% z5{t)Tu+?Wwe+vE0oh+EYXiQO=U{&LkuAzK*)a*Z8JEBwBT$J&dqbYlcV$E5HZc7IJ z$gIlTr&P~FN=t%DD&+`E+g+_`os#5zLKjzZXy3=f!QZu~cRTXrf6gI1)$V;0F>Vh) zu~a6^TN+DroropCtukNgG2TLpRdW`$k z&cFU>KWCycsFPruOir-B8-_Njg{hu%_6qCa65%JIYIEXqrps&C>Kcx>^1zRaa*Czl zZMm1SW)?Kqv^UMw%PewcpZdTWCQd~2_mgc)IwZ%N)fsTTg~Ebe%PZ;a;Mk4wfNOnCxU^GL26+)Fy(4V)=%FWxiqHTR}tk z)B7X!&204C{eGQF!&DmY(`XN0`jY6P1)Xe$e^RH><#BpT*;HkGyH!+w(ev1RPOCDS z$H%xQI6z{Iwo5rEi|9Rl-_T>v)r_SIHEM9kwA@)Oz)Vj9Ag_TQu%3k#))xvu4+Ji`VU-u({@c>5b7 z-NF9Oabqg3b4S^C&C0Cb`}xqik?B1&oz;e#QE;&nDyH^9KlopGZ)(J)YI`ie1oaeeYkvLU;^I8c@#-HJED{JMp{e)>;9#fi@h(efGCE- zo=fpYa-HzqYBBEPU!LWsyt8P_bPkLIN}dQF(p1$6xOydUYQ%5-?CRS0@^-sBks@gc zjtFXGrPOG>&*1_kzTK-vI*`xuUQ2eJl2{Fqfy4$gd|mv`#)E5MN!eMS_SYeds;1(& zI-NmL{*rZioh0VmdS?bKqVQ*<)$@hz1leQ+&kp~4HZx0dFtl_9+u^c?hcv(J$^mOZ zYxd;Uw7=Wn33L(_!gNTySjvw78$OJoX)CGvQD}lG(GRngc6NicH=*#|g7-oiH+^AcZ+}iTmMDAll>jczO=G}WcN1~8%G;SVwjVc(N0b{xytV$KG zXDIyCqP?IJ-BokN+K=_g-y8Z_)y>*A0o+JV{YZV|@T7lrqs>9aAg8o_A`8Yg0tvP9 z<{)Hm*aT@wW5ax=^BlL3rlZZO*_w7&2UYzWU}U}3%o7SpcXHxa91aCuN&6{I@BD=b zphQ#xb?f$#hLb7rLGr<<+H+*LXrSO$j{Ttn*huQ@1u)M>=kBqOneX$}MHeX&WE3Ot z!o;$(p3JIM1tr;@P8FaX2OY?4;r9L{o{JZOL<4#_&5W{i1rAXytl}=5aEJ z8soaRx8CtJd9d)z2IQi z2?(9tM(c#Hu5DZ|SI#u|m7(50e-emrA!4pL)Z{zWSA{{ymcxA@Q$QVIA3i8mA@oHe zVa$=5=F+gi7CIOQOb z5-U061u*hv+p?Hi09`QWA-PwRg-SV3S~f%aOXB4@UPL*LNzerhV{Opy5saUlw?`A0jPk>QjB8dIbdxmNc=Kc2EPMQO_1(TU3b0!FQ_VF#yb)3kzt{iEdE#hn3V=Bmu@j+1EP>Z z@IQt^Ed$PJohX~fXc;EHzh2rjAeLIuwcocEgW8xHTz&pxgltI|L2z!ofc|)bO*ENh z#^9nFCL=S?pDc%>Bfj4V5&@$lO|R)*uhxuuLtTdS1L; zjM@>m)$EkAKASH*fHm^tSH|}JVid8jl4dtYv^{HMC`=Z@?h={c$?7_9$Fe18S2>qy zk?n7Mjn>9IUO1#KKguq4nu2?x3-*G$@E2k9gu;HB-v+cp1})uK_(tN6z_Aop7t zktc+`X$+d(gQIh^p0KBELq55-E25S{M}a(-0;S}eP@(2-(8_?O2@yOX3d8BV^pAr* z$xZk7t!d11$Y8B~d=s+dT%ZvQKJ93M7CEy`s0pC}U*s3SNt|+3d>3k)9aDoxj@wpY z6*yHHn{=a`HrfnmUp(K|H>6IFkP%U!YgT}a+O)P!t=^7D^>&P!ywnNEEKqYivH5mwdINed{@l9LqU!}DLyFsZEEoo z1Egs1))zlwx$g(zU+r6osT>macHw}GqFU0eAD*rFO50AR=hsfB3(LZ1)Vt`Yx6oP~ zfQtL$P0xOb67uY={tu^!q)MbPGMYrCa0Vc^e9cH!tAYSHS+l#>6CkmVh9u8A@`WiP zhV-_x#)Q|tu688%P99ap3V+h#g|-`>8qB=fKVqn%=(uz;d@})bw~*YV-1(A5PREzf zFz?$tD_7}R+jd_0MTk<6=FTx2iNbUdpT$&1Mv~Fi-{UZ9 z2)MtJ(kfj$DGGh5eli@U7tamnrG!1^V5fp~87i@mD>VoSeyU5z>1zI3cDZtKul<>G`n1;KnQkEJ$5z@Z;#u?P=@V=%m})#Z8B_?-Y5#bljkyn&zx2%1Cg zD3Dn|R7F)rYo@;}RpKxjXra@GS*ugtWNh!bRzr`v^~MA$+wvDvMz*1*mYiHV$_^J-~wGWg1*0* z7e5z-#zoMf_zec{{*8E~SDXKuc%;|tHeXE&lTN8yNx{%uRxmZWITOJ#9nr@&aln87 z;}lc)4GJ*-rke1uAK#?4so+*{FhO#{Z3z_%b>lgSUpZww0>36juemM73tSg&*+R?s z_q(x1!b1g$VYd8GKMG@_NrCBVg9f0T)$tpNu}w6l`sdRD1MzNWE+0wUOHJ}H>ehXf z5CTUm60B+Zc_T%;yyRz@igXiljOdznbkj0IBC`U);Udqi)+ ze_N5|IOYr5&1Lc2wc}OvNdV(FW-4-i5vK*WJ4b}!#3M2IAXP1KNue=Ob)9mP`afDL zO<9%PJBz7@=xdi_`uQ-iA`JK2`|*MG{9SnaQT&IE>9z5H1UqeaE);DcD}zONvA6rv z>M-95^dcVxXP`iCC>9xR=q`LP%J{Z&`cQ<)GJR8j!lJl59}hoY2WBUy2NjsoCI*}k z$OZ+$m($1khGF2MU{qKLd(8Z4>ph3vOfCTd&nl)z08JWu?}nf%4;&0O5wcaaPB37T zXjn3GXmtaokG=tHah>&T?uLFr);9jJE8R%Pk_Qs^-?PaF779Aa`OM@)#MSj2{}++j zK}dKynlc24g`x^hAPt@TPX3Pf zHZ&#;Bg~8+PcOZ48Ah5K&GJu2#~yUfSaQ3$nVFgGtJEyo8|eX86Zp=X4%fyj_3NFB zf*MBcFbBPUCu0ZLaaglDgDP#gO4O^UW%8ZmDxUhd|A9$=IZ>woNX#I@z(a^aE*Fwa zzAo-Z|GgxZSu&Am6nGkaMO?6K=5$&>Dur&8@bkwFQGIF5t8~C*btG}Tv<{?WQiEm| z*>fbZ_4nfh%&T}5B}vW z7__1$!)c;_1H5~o$Xi8j+$<0ppkVc>V)sq5T%A7mdwRNjbY!j7#C`DP63g$VLC1pEskc}&VuLnHKsKCb|Pbs{h_NHP2Bju#N0QhxKM1-43vlyQIA zdC|-OFE6gyUwiNmJutr*%)SagR|syJ+(GX1G7G^~)Pc~gHUDD#Dmr{X*7MGW8%y}h zR7i3%3hO2-X`Hb6xLjyfkx~|QRstm!b%uP))ElQg&0+TQl)4>>*7K??AB}#8gN0%b z5H!x-neykm>b`Rp=FLm$=xSuww)$86jg13Vgr^;OSrpZXI=X}mw*wMnDr9rudoH4j zlOC+;s7g*uMU2iAdgADF;gVu7#f<=Y6^NA;%t@TI{1;+tF9|c^H-3rarV6!4PI=A(Z_2)ok_1+wodZsz$t1fl?r!-J-H*u(q}Xvcg%_Vn`?oK-Fz$jb z=e)4}fi95#PbIU57G}sQ;wb9^VCN{VRe*W9M3bQ-{zm`TF5){wzjFTF-x=Dr%mrW2 z0n=?GCK$r@oxP<=I2Len5I6^L7jui10Fyk?86cW+&w#Simz!HF+-sg!M+|VekVp3G zdF|txJ*M-P*<$C?>PR8Yx%I#Q!Ye-Zi=>uIIcp7S%!DPf+LpMg5w4t$>BVzicOe3wo#=7UtE5^eF(*l zq0WLb?`{~9z2kyeH(Bg^SeLU zd6syvCN|5eRnty%FGzsm9+2W(;l(M%Gs;m+(pUKXLzNB@!2rQ06i4slk zA*K$x4;ll9XoD7BAiq7@<}L@p%7U%bT^+e6Nw+u$0@$26mRj9l%wi<{@gb zJ6zNeO`?~!QKj^CLJ(HK5Woa!nd^+DaRF)I$nvUZjBbJ_?;>mbg!(+PgvYId_ve>$ zvZ;!Y+sO;Myl~#1jwQT?m!Jb+^#uc^eR z5=oKXpwGwijb;ue*h?QJ-QZ)se|ED!SygtUqq(B{rFxW0{KMmS5=prPACXultnh5& zgM?t1MTH2TZAvtLCh{JK#5G8{uy*R2Xwv#O)*5dgZ|yIRx(G1VAUB?(r6h_%I;W2X zI8tHQvLlJP5;Mz4hZ5|72RSYD5ncS|mOAZ1$Io0zNR?vVEr>{V^cQMFn7p8-wviw& zmtub4RfP_+8*9Ri&7_j}B54otp}Y^rp-qQR`pJb4erB2|!g!AvI>_g(@{$WK$u#tM zi>Tw<)Aj7*i>rhE!9tev#K2*Gk!56#nO>%RlAmU z3f3W$zjP}5^0IchaU$d9%O@luMsepaP(!LtY}gX*48kOej7;%&LtX~|#4t`rO34L= zpH;8#*I$UNYFtz-7-j~thOEW{t7y3fVh`9hEYUOM!}P&L-958JY{>ZSw$GXSi(>&F z?V}XjN}@4^aRW?U{z6Cc5iyK5d<>Z}rEe})aXRB0FAr}lIfql-ijV+AB0(I?2-Y6)WSaX~V<7l+Iu`!FG-j4CVc|H&1X<|$>{D&V z{yfNyM$Ukrv-QqGic><&*SnJ&0xd^c^PNV-$IoSs6gM<55z=n9OI~s;xZY)s%#FUD z)ML>Pu{FI{6rf7&b1Hphn~!`X;pGH6WaPJI!^Q063C`TIle7)pqrW<(Qpp(V9Iq{$ z2(})=-nAD>`jX7?8V163;^l9Q@GJHn7@Ew|nFXEfA*Pr!uI6`M>#n!E(qxS<-ehda zWjV;hI~}FvT^`8O`t-;N}0J#EPOXD>b9MY}G)i?087(Fp63|Ca72I#~IAFM*@x!IulHln2)x0HWRd z*}1howIcwZG5_a)zvr`O%53c3ub6e`o6jiubzQyrISf2k%>B=K_lo%JQNq5#2F@gY zYq)MSy}=h)n|$}{esUYQ{=TmD`T^Y3ZT;Q}l=7^D`Vyp9 z^J_Q!#=8#md4{9?1B8F-*(<|HTdgvMVW`YHTtIJcqoe09vtxRXmBL(bu{lYjHN-s$ zLKmAC>HZ~NFWF=6nM)NyStlZgZQm0#3}HDL5?}{!#5F)^p*7VL$kpZ8=>CY|iJ?61 z{Em97=|+^}E*{yjgkdMQ#F%+rcz1*5steyv3Bzfim*3@h1ACeA&iWY!dA=vG?iuYkQ5f8@fkC{a6;mPy`d!A{z?ezwNXsSX z=vB0H5lQ`BByLE>p41Jk{9hMMLTC7=HNL?$`rEZctdD^MRu`|?V)pjSy+IE){!?iw zMiQb~Anj9o&?Ck?TDI_>dRzZ#^$t;+HwPzcjDR@VWJ{L>{h1 zi!Nu@)z(mdEVm5UYOJZ%*F-!>u1>Cxh_bDQoGUL@YvGNJ{A2aj|Ai(chd(Lt9qSKu z2=N?8TIeZm-38%y#gkpizTO>B3q(^k&ntFtCD~ng*u%AO< z;Z=-xH4ZYghhR&R^0|y5EevDHAtfvsQuqAE915zBJkhg93=Nk)T8!!q>&kiWlDgdS3<=|AJfU}QDR!GNU%;wJBYTDj7t$FO<|nhH3PC5 z>PUxAYJW#ci9yRyebuv~6#ph%=A#(!;5mx}#dK5x zmLKKUhSW`U_~w+FR+N(%r>&awT`-)deErtUMVyWclRHkWJxL;bw9G&JO4j{)tlTg* zfJ5CwKmMjp+R&4|uVHf+(=(^*^O2t&wHc}?aMFe|uX*ft56S;i#+IZ|`t~&-8=yxt zj@%@uj{^@AsdysC1!GkzVbi6> zW(@2+drJ)9=8~levj6uxK@dsF!X_};j0h+Zk74#R+c9yp_G^jrR=Xh3HEKZQOCrt= zAts@rE9H@QMRhK9nYq@@bNg`?Ql&u9B#y$kJdzw5dqXH>mC>8)%4FHlmMpkhbt$xv zAvQ26VR2=*fNBUiU2*g~}&0)1TM;WrbO*3e*w zK!7dHHA$;;`Q6>BEctp1o?Oa1C8k%OjYZ#z8M>>#%|2YKj{1us%oq~)+96zOAX&&= ze~}RFh7n(qL>bPD2693?#2+4tWztL-lUSq7e#ys%k(UM>vTpm|JK1o0>4wW^$kI4` zqAb=f=O|-;=eZK}`BPR1438tBm!H`d9`$T3j~ z^F(9N-p>f-kpGtOoK4iNjN>aW6Ay9a z_{!=Ko8f*NU%Yo-!W0PL>|1|O{VbEF&5z&1m|4=K!Jrn(cEsR9IJ)yWlQuLZbKzu* zqr?5HTA>kSM25m0h=MzP5H0pW&F-a+Btp`=cVF+eRCn>Cw_or=;|u{x=9A7IT>6z1 zCsj9qhSco?yU^IF9CiWD5ei$H<6p9blSIDUU=7V>s{=q@0!f-mu)=6C6C`xe=5Xz@ zutPQUwlk-1JP{+3AHcJZiM@Xs|F-S7tr)DOZvNOe!4ry2%nl=Ym4TR0?ab?s zIu-*6RUopjNHQo{2Wx_wDfij|h`IvjaDx-IS3pQhY9N)2J?%8P6fKPV(6*%l);Psi zi=n09v8ff3F1pZRq^szo%&dk{LKvyxPT?7nMZRmr)*yi9q%E$CN-Or?;^i;^zRwwZ zvpCw!{W6(glC}gHKk1>nPzLjL4*uei=B#9T&J3cXM@&~{3j&EK-NO$cm*{sF9Nlc6 z9@h!-zLm#a5}op^e!wd1I!zr(12nNcs09)T%I>Ah_yhNmt8{m0hT?&oGqHO%P&tH& zSC~GQser>9OSY4-G5n>NT8vYSc33f6Vvai=oseP;NvOWa9xD96giH#|#g_yZp^LL0 z8S@&IOVwdLWQnCWQzSMCQ$;Z<$izMZF4O zmj1I?0I3G++)5jg(?zE%Yp5&;UbpOLgORmNG)4Pe5HrT*X&LaaDpK-C4crNc^;?3lF{QQ)F zfrQ2?S!3=foedF9@R%wvkip0JXb3qSiKLcZ4uh(r8>Em7v7FYQ%Gzs0EIu?V7P^hO zwJk}x4m_>i0FPM|C`=e&|>SeJlQBP(@RG2l?h}I*K2WlE7qq?fcoOOv*S2v!; zGpyNKm~Ou`(HFC}S6gz6M+Sw%fsRFbT!@?FkEz1HX3@KskY~w*^8`$5n}7k8L&yQU zt>9Oa^f4p#+h#1>lJ?ZNe%vQXRB4;Izx`U%5Ky4z6ib@z7$M@H{ey;@)KQEMW~zFP z5)4~vy-BAxC+#6F@$bMC!SSY+nLzNkLkd&Xa~tS!o{73t}KxVLc_M8h}3 zsZv4h)z^x?K9C)(Q8%FK9$T0cQM$A@ASr<9sX~;VO=2AC#Hdt;1Dd6&C6r#+zFRRE zqao{UOX2)v9yZ613KK+&KYWU~CztwWo|mM@yw|EFmOf1j>U_6o~{R=1_3uZU9XUxsZ2}O?xavuv+L4`rF(__N4e*!Wy=Hj{3i^VDh7Mnv5BQ#3ciEIy z+K{XimXY!nFQUZc@^q>%3UWQyq#G6TOuWr47U_Wrp=HAqvYqvd95wFAVDJ!mQQL48 zk*Tqr*(-bX?pEw7z0g1xp2dA!JLE@Xd`kD_EI~u!j}Bm) z57SahcJHb(jLtz}MJ{FxXA31#(Fx<8%gzt?WJ~ zjY4rxTTttDB6k@i4#PrrD!swfwn2SJBCvXBE@(aJ?kM43 zCCUUI*(=&c+fE_Dc{6OlirCanrY%i}f*6LtVfaC!?A3qmBe=W}zfr??LlPY+#bxnk z7vX00g+AgNBOFf5{t{z3jxa{;V9p;$Aft*vzx`8Bxjr44U0~bF9MaONLDMa4OcnL- z_lw{=W~O2Nacz(t`CMe>sS8hcs6_1vX2&1qw8gH6X^AYjLggE*ch`@e_gA_@%Csw# zUepRCHX0grV#hMg^N69bpMu=*j53OzsykurS97xS&$Htkla(%Iu^)VRaj(6IO3m;> zC!4h0P>G&hP9U#(5!{a>j`2TocnilsOX)8%&T(bTSh4T1*fho(zz2dbR56rz9&et#jyva)&zX_j-B(wbiNE<0q1Gzd+?J~t_H zM(VO$;#4=qMrHn8FxhQ&hC^V>4(G<13oseP@*#y0(6tE25<@9T&GSgANIfeQ=|i54 zmyWcj>E4KlOGeeaai{4Z?=-}bMSabYY3*hu3NV?>wvIBIvr-uu3lUz#yS67`gAF+7?U|brJB7rYZ$S{*Wn|uJ3?SPbjqa;-tYR&h_xf? z5YPgocHBGfga)5kthHTG?_Jzd;9<;u#s~RWpru$y5_lQPcOi801Md3oBN&SoAbO|N zpHgR?gQxQI`HQ!@g+u09KnP^`+fFj;~N*r+u`^-(3O~F_T|Bp#`MS!EE`QltiljV63`n z2`s|YMpAbsv@unPdflikQy}#G13vth3i`U<-Z|Jy*ygjXxA1i6(gPGs3#}yOKSSfy zS0hwpi=Od{WmxvuMQ0YJ_6LHh3me#Ae4+(H*U+nf1AaXTIO%8GmZ$zLF7_4jue2<- z;uUSJ*H-$D=T}`NE9_XN30Zl!QKt!6UO;UVi8ho!Is;YTE!v6>5rvfq)BR*#kU73M zK~AfeB<5)UEzv5|B&RMDwK1T$yUeli*%WRf7SQ1UofTp6t zuer-y;$1E0$L1h$(jOO!3AuoZm*q^5>FV;oe#{qnEwQr*{##O?3dI3%ZySh@daKF= zKqA@K!CJm!S8p7KRdLymv~RaTU%s#Rrz=|&;4V{cZp^ofLFOE((79NVv`uK()%Egj zZfUKnIj3@P{*2v+goj(4WK~UiY6>7tMhutkW{P}}ih)(in}4b?h!%Fd9BCve=m{z- zPr!8v_qsdgDt>mFaKbS{SSRo+BAg|^dMP#h_(geXQdsJ%sdb~7!YBe~G#(M3`ld9p zGzAtaPB#xuZo)YQJX=bcEuakYhXq4mwPF0cD!WGI-Ram-I5$>6wATq_%@LVVWcN9r zFp-E5+6Fw+17WDCc&J3uJPaoe0|SFr3YRFt^?J>%*xUNJTH%8mO`6-hkd2rjRG7`H z)n?x=A>l2E2)Cmg;#XAgd4&jtfnpd!*Po99xgJ#qm$MW-L$~G~rX7=t*zU=I-zZeFZa%d)24h5;x zyR}2Pw_M-ZT>2O)bXKH$`?O${5~Sg~e4U(mIDMR49d3*Vim0WNl5opGfV}qg?#n(u z1>XsERJ6Rp=o;8KqW*RM_oBP zN1iuBr{4CY^%Vux=w}7V1hcERDVBNKGCQ>%MBAsw+YvNRiQ_0J2k`KCMBD~9w2e@( zb5YR5NAXdkK2wURzjDn~-_F@@yJka=`jnul+ASG-ZJq>7vOipmgVS*iC4_d@C3nJz z4rpz&enN)lC0OCOXpMdYpd}|dvw-rP4nMsJ{zhh`O~w$-vqS0RyHaIR^)K@YR*8j9 zmIoS_DQf-BO1IPzF%_gEBHvqkJ`tcnwP}6E!*^19g&@AO2#q(F5#0ZQEvK1mC@jbD z*J01RPp9KMD2sXh*tqzZpJ9IHSAOh}Az*v%$?3|md9rP#UqR_$i?Fgl zp%t0pCAH+|4#iOtIB0Jh{`98j$!O%=qPCSb#y6cMXkO=O>$y@{XvIe2`!n=Mf_Qvs=Fs(K?imc^`Zf3=N5c6Gp%`(u~b7?sgvWrM?H$X3DR`V`xJfO2~U4=vqVK zY}&1p5sJiVBpT6YuZWNV@4Pr8U=zmqV5B6Vtwe3gN+^sNcR=+~V^o!?EU*yDIS-+J zJOS|g2aC_D0jI`@*T{#>R+v0C&t&Q$bL_(i4F75wnqxPV^`hLpq_gwCaYT&aG z5norW(`+$YDjqGJ0$VSx4V@6Ugq7Z`YA+BxV0LZfT2^7`3OAwBM#>k!BICaxEdEFw zz!IoKMcaybPjhj?VR;a|WE!g69EUnWy-5yb#2~mT%7{BI5heiO(P=Q?sTM%GEKY}D zpDehQ`Nxms(ZvXJs4r*{3`AJ9rAn}uBU%D_qjWX>5b0<|gq7+6spQwZ;)M89n@t4E zmQ9+SBOy`%RQ#?|ZokwywbSKEBSlvZbzJaNSSgZKgqd12=ka2d!l3VB1-u&h;j3?}S-@YH zP?=B7|1HJ;htyq`_y0c&#Q)yeF695+-fQB2Kgv_K^h4^FpHikPJzuE#Xs)LGDOa{_ z?&adi*e@5bl(7&dfl801j0QsVkyA?W4(M-q>Q~mfLtfyLAVymSX?dnMGY}jn!bYgK zl3vWxi}p~6l*!8!!)KyQYPymt#U3_*sLzoLsc(i2i^i8Q46sc<+k7=uCiNlBmnex` zwaEeWvcarMVdo6>BEV-tujsFvLY%2Q7I`7d;iW9?T9ccHY&+ukViT;yqAE6SX6>>W zi^){^qYhMnUa@e^!?2|7)FKq!-}h?@i=+47Y=XCT_v#7@sM~swhW6)+7={5^;AQ|b z?OAJ@N(1t!7RptVxp2XzT~|SCsZ^5aT^rU)`x$CmXZ+ucv^~>}ty{^BzqA}^KsgGY zp?2PFtNmVD3Tw--B7wwHcd04p>KF5V5MXn#PDrP=u;LuZ+DYBP?ju zff;ncq*vut%Ejcl?hM+L+0iPXuaz^4%vUduIs9NdyQ=-lZBbRBa)-|!!6(?|4?Lu$ zcY9TH#T{?#*Ur!jI&32M5JV9~?@-%v_)eQ%xn6{vxK8(?+9`Y$@HX^ZAQiwzeiJR{__jJ4 zA`BtQNyq|dE7FVdf?qu4Qj0rlqfv;2Q=Aswi;^{!42OT#Kg}{}oETn2{W3wRrK$6n zy9|-7(al=SvCL2{CG=Ny^|1U@w$)0)lr2_CVas6r1a$QyfL@x0W*Rvy5Kf>l+2#1^ z_~Pd`M|t}2^5py?SMcTGkH;^|=*Ya)C2Xiu0;C#y@#f{x@mZm@>XZaVqxrVZj?dq` zJ$rs!Xl+PiO>iofXQ^*danHVeee(Z*dpvk?^78og;j82GMbJ>yvjqYU?EF6`r-O@^=YwC4&rV+awg`Or7Aqi{djzYtR%V$q zlr9bHRdf1PuU!dzHE}N9s+T3rX3md>FgJv`xUwFMEbAt}F`}HJ@?lBxymlLcED5qk z(rV<`ShJPHxI};{m20`-loec50-Or8RLsr$`&K>~S*ay>S;g!P!{|8+gOd}#mU0}% z#d6i#f$0t196^7jBdC;<)GG!|zF(1eLfsg_%8(i|Nn%|i8ROWMF33J>zg$o|- z=>A?gTBLaY#!fy{O7p@|r~rl4XWv3wplE?nI71B6GegQ$IKUoESyrQ0 zs!@o2Vinlpz%8%lDiw3*aIG>A!h1KCg-^C;(?p|HH_Bjc`dN0^dyZzOqeh zMhq+NU5Efy3xbY`RRTa7DQyl>DUs{ul7>EVpCQpnqrb?u$W=@6jq*%}!p$!_LjR|J|Av0CB{X3&Ud$aI*ek8DxqE{AC$gK%atoK2i7#O$iqOY+v{Y5zL!9mEwIQ| z)v?hY46UhRwmfWkDRN6oE~E)7zv`mL;JRu6N~4z5z?2J)v;wNl=4!F6!%~|#E{GeJ zQ9Bk!_9Y11(We(Wp)X5^TsX+*u_BA9!p%%6UnIY@*f6pg*B@pext?Wm$YQ(NtSoi* zex2(omoc)WR+=NE@BUk*-RzWwRs_4#}>If{3li>bO$6GaS|IRO@s zpFt4g>;#mqgjW}*54-K=_FO)rP^Dxq<#tgX><3@AtAbv!7VB4Gy^Wxmc(3%hg6pEe zjh5gdm0!yCwXm|+Ejh#%0;&kh>Q;(*m7STa&roWZ6RT3Q=jJrsUZG#nUb*P33P8L>~f0)*JZ%?-ZcpbW2X@vk}?5wra+1CnR7?p+!nGWN}HG?0Iw2!7ql_CJmX6D z%BKfCnXh2Yv|}cm=LIqe=uH5ZXj3I==O1;#_7&SQGSTzzW@7rqT9k>a`>oP@w?0(V zGF$v0Sw;q0#RgY*Z|hGeZ&q952VhdaDmhe%^r=Sjv>KwG@V!{kVws4&W`J37n`i_* zi71VMik47+LolksG}Je{pvZC#N#zT8HvS6*Z3WC;sxVYc81HwPvjLJ z(k9H2jxTB?QzbPl^s}50uwDSTI?cCajA_HOY9ZnJ!fplCvb|-oUt=U&C9j*?%|cSR zs-rGTu<}GG{hiVVxkFw-E;U}rcu|7yg@kKW&@HpMvpabqK+42pRiG?7(^(EsfIZI! zuTXR@6ZW-+a$D(HCjNsAOB+$2fP8<^K5F8>^>%ji@!z(4JKIhChsStI*oSC{9TkEo zBOHVeIuecx$LN(8xP2t!h@MfOw9K5rP($Smgu9D<^_>V0(`%{Vo1E5&Xe_D4N`W)* zb$FUP6v)lHQ+@>t0ve~+CWMR^6&I(S!bM|=b1~f%X4ss1j$os-SaoCtz@;E(DYnlN zpNQ}Y5&x^d90&^@(iXy@2VUx|kKVQ0@6j4+w>k1WhZ6>w0wW^m@bmui--2ACmzyA!<<=u)PQEq zv(&Q`{a1&0iFje&Nl-`s_xAU4^nY)AyNUn&D9=(7ER&{R_Z00{GNr!?LthYdEl+C| z7Bag-rcVZvsnIABC2G4mfiNW>S)Xq=s9TpZ6qO#4M&lE=&gf8A7HJ)|=t(DAT(G+K zno_-s{EG|L&Lo-0JuUIc^qKhIFW3i96lK<;^}PHey1z#U`WG)+ zZfB!1%gpz3DA69*8|f50CDLID6oLA8qrx(1XVcUP=f(S(Q0mnl5A{G6D&#?|fNnXk zs+=4aL1I}+75Fz;iZ<1IYTYAZK`Z27I7|{KjbIH!Wx-nZf4_v#3ycvqgfL9 zhM$>}L_V_E)d>BMU>-RK8xSY9VsA=l5~IDY{xrq6@H%~$F}apl9`5ZpG>G|Xlbu*U zqxPZWkTC8e9EQG3*53h-GS&LesQp}2vo3%M%$NKpWLY8c!P|=$)^}|Kf)cYi2@8zw z{ysJLgE#OZ4ZYtkOVo%%FYh`h8W4!(yj4Vm7Y6@ocBngJ=RITl>ClF4 zmAEN_ETh8oxdU0X{Tk{ef#ON>dg9Y0cWI2joNFHcE^vbGC|0TtuEMc@cS%zleYcqaYa-CiNy% ziZo|&lU`%e4=-pExE!4jq8vS%|9Tk|2Plpb<((?h5J^V?!sKM_&T6IS z82?gY_MJ5;D+4#H=-rUZ)&7ZSUWUIwn+E$_>-L`Z2rN+!4dVE!s%TkO;S%;mA8t$0 zf1QG9IRQ`&{omd$(EqLdy~h6MQ69mY0+p!A7`wTM4e@54%HuF(9Zl+w^a}baBujbQ zawu1BXDGi_Y9Ky|f;l8kA1rO)nw6DstCym2ru|yr(u`wg^3p&{1!9W1!BPa3`{tx1 z;yjLUOvcign#o`Jk;M^MgjcF<)ci`gjWxp`KQn|C2Jv0#AVTWCESu^S(C-R>g1*6= zK?RdDAb9g1U=cU}LOOYcC!52n@C_i_=o8097T#To)>UqENLp4(puTAS>vKQL@P8A6U7s*!smKuva)EXC|L#`a z{$r=x-2WfvS=4>3k~uUzLh4w=j1yLsI6#`nt!Njh*63&86h9SvC++P{PW$LJ4M>5T zTbk>U!U|!i@m#gu(8_P|S%&_5!8js}EouExfB*0H^8PbVvjKU@bp9;Jk0(XGt>@9d_$uvFBqqm=|d9ZUOO+)s4U5ey7DD4E0Eim1VYJZ zmXw+?aps)}*vrqn6!)K70HRPlPY{wTGv{t!(fIt6b1|!e%C@p*7AjtWsQ)A%^QKB; zDGufe@MB+g75f$0I@5ADzP-7ELIjBABssJGNqIbAMu}kl#Qx7iQ_P9(kQ_8 zMwyM4nQQYyF7Qu5C?a~+rjnVRo(qID#Lg8_ajVluQjFIX`=O+$4t19yLgle1%-9ZA zIX29JJO+#zan@)q$`-`2ViRnK@oQWu+(ZHwU z3}NoL6FG|dBs zq}Scr5q;c?I{fg_H54Lbe!J$e$6DUHbhyKcna%by7&5&!W=LRgG8o^VhG5gCz)M4Rh!OyH+-J5z%g zDEmV3^t%7dl!^#;b47Tm?{dW$2}+9XW(y6I(TH&3l$iuN8fA;Ygbd)aFmJBlZ{(9} z;c%?VBnKr98Xa1D)-Hy({KPILR+~{ zuvEnFnB2yl(B}&zW15MtF>@j>j5DuqE#m`Jbr{Q*nEK*_Q4kWAbbb%XSpGToM)I#P z80TQS#?h>5xYDVI|8BoJKRHJ4de+|i|FPQ!&eRf$2NQx_5}}_di_sI#=NhH>CgAX* zoJpuLajK~hGl45$1UntrKfpF`ce}<^-dD9Q(i5%FvQdF0!@-ukZy=F`$BN5w2J#xqVv%J{g8v8&%x4K=l-Q7Yxx31)Nw}-a7 zwZ(8SL%Y+eQp1_Rw;*KVokN2-qP|%LyRKR}`uT6`6b`lLFw7@O$l{3Lscb~h(YiLE zuJv4Wh}vN?^gX9-)>?9XbmlJ**o2dK>aV&oa2TE^!?&;|+UvO&c6+^UNu?{w?o<}; zw>$V6$2j7}`)&1iW@z3BZK!jISA<+-=>H-6>HpXp|F{1;yK@-3`#l`raT0Sk_C|MM zFuwB~dgmn3-T2Qtc0K0*{dqSHckbwTd`HLEcQ<4>-F&i{S?KS-WV?24cIqDwi zDgF_rI4{o(ArG0BWr`caX|dk7X5m#T6)eH0J@taaYwY>J-2nXNn|yYK+UnI-Af>hO z?b`t7y3f3;2cXbIM!@t5P0bov)q_7v(tk#rB=X{!AOZ^tfokagR(GdB|F`#>_#cn* z4W9BQY99bc&9sb48+OV4Fgd z7#$rxAH4bH`0VWD=orxmJ^%U5udk)<GQ)=`Rn!Z#o))2*GGf%bVO_^HURQ5aC|Ug?jOg#giHWP<2xCV5)1^1T z4UXKy)04DPS!`VXm0!$W3r%o3JN)Iz>GSN1(~~1({*vI3y=6omj#0vo+x0X4_Ar>O z!|D0b3zFOF?@1W?WJ-b<`!XbBRnZX>fw`)_t8`aql*ZuO1?g@Tu+4exrFW9+68%2KwVC7S!n zPDWmUeeX{asXo#d3wNP-6QQSgMO{)bxG5c9T0AwR03(xm_B2K=AUL0d$WLDqW%`Bc zq|x4=B-?)e@@p0rjXn1-^Y1A z(fO~k0DP-#fDvqekpTHBB>%Fp_>CL`l^F(B%P+9(1bn?Wpl|zGhW_Wg{}=9~hW>YV zcMI{K_x2k3-=jSBfg>uMwE5>1eY8b}>c=GU!qxdri2q245oj&%M3zfPUJRj;a~^{_ zcWAh`LjuQ?Mtwa_Hp}n-GxXeKGmXWBGG8W|YQ2Z1#c0(iAY&ewfijC{i z)g7c>oh6M$IB+5V`|D(icDnPLnU}J>W--cTpz?VaGmZ9|6oo)KoqOleeJ_``>soY)(o$^pEj*!>avIB-bRHi0bZ zCrt=dHL*rx3YzS@(ss+L&5K4+R_`1H_GkRkz=|E4U&{hN)V5fg;X|Kkwb-k+30Eb_ zZA_v7`zNPzD8`F<(3|zaTDt!g0sEQtc&cfd|nuG`ntg{TZ|$sJW}zCae++%%#-s+Sy=stN**sud`*=ii2u zL181mjG1Jos`O@^HOWK75c?7@w9T{BvjYEzg}8WeHn3j)SIGar*K6+okMfis4^ktb zG(k0?8kMf$6XpNR!St!qfqnv|$d@VlgJ*^PFN;3d{@?2D6ym?^?d&)E|1qBO{r^f% zv61`NvaAddNEeLl(1=h5Ik)npK{mAVO>#bXdcT!z&&BFwsKUpX0N25qUPx8hat=FJ zzM`L;#V!flka~g2HSYy6iLS9f4-cx$V$d@u!XdekVOms7Zu8~5zDjH7BE?N;pg7Gw zWSVK!-UrO9LopX`76daT;QXOR1W@knk|Y4rb(@;s{l&%F5W*+fC-vgG+!qO^h0vqM)4)j%xMzZ<&EhUJf^j0f$YI^lmdAgOj@_n?QoZvY#&VFSM ze+xVP-QS~zy?n4|8U8Qk^9BDdocb4@I{EMZexCo^+1qR6KacX{?!tU>UqpCHZfJC6 zihmwDb1yIpytmI3H8@HFn@x1Y;D2*aQ2T=a`!m6QJZbA#fl1^av}IJr1x5v7KqsON z71_|CE;)FzaWf_{vMdoc)`|!VX}}176GCoaOQ-Dbb@`9TBMkM>lMhMc-=nP`{?S8s z2;W?x_0Iny^z+5VY3GAH>9+3IH)Ut`E$~AdQ@9LngTc&TUZ?r}e|j=7_rIN_lKWpd5BLHiM12l^ zp<*Ib#%2<_%Cdk?Yeoqw3EU&&_LN5m(toXu52R%*4Mn8=u7z0YA{Ac={?Z~P!QV30 z68xd!EWuw~);99m7n|1P|0{)pXq5j7@qdm^Pfh&SourNV|0=IUHx3Z-IZgl(A)ze( z0YB_MYwQCUkzdwlup8|E)=$BkHn`ocQXNQ6CO~o*mq{cpWAfSn}y+BXNdSgwE&am8arQV{)!A`J+35H*Ibe66R$nfdYurfn}r^5YH)yF2CtLqzUPP3+UIN^Mb8JBq1>4j0!8{>rb z#$Evb=sZQ8E(A0brwX^nb$$_rx%T-L+en&+Ko`x~muv9#|-C)E1JrVo+zjXlP9);D%CkF0P0*V;or;n)io6kT1upq714ozNwgEo@zu z?YRW^c>Xy2j|D&~H(%OTFHOz+|ILf@%U3V#xx027_51(q^st|^{|wF!`^RSg?;`D? zfAD!mKM;S8F4){#);H)Xpb7SU9=!O0jFEEYWGsP0#h`bh>@WMmJw_glVLa^}Sk~Si zx_$ZoyL@9=qtVC-0~-3oV#f*cc=ZxZToz>cpqOZ$wZ#Y!WZj0UAjDK=Upf0=e~O1K zaAc#=eAyKrM#Jj%yIshgX0D{@ZQxbWw2(jbT;h|2z|UHhE{XhbIVV99_WPfUF^L0`5X!PdVE|C$n9|Vka3VQsIzp@t-VD_T%I5uwrZI*| z#Q~Duwn)gD>`cHYAP;Dc{}aaOo?ihi>s)-`4T#U|FLo)|_q{uU?g#dveT2H-q5DI- zZ}$%}5wUT?NQnvZD8hl|1*|7H@y0$uacep?^e9yb>x~SWogs}sE zF2hBPV8RwKVCn2&KB(foUO3SP9_r$qaQSF+kGTcE7+BULy2ebBPIU0#iu8ys3CGxG zU20B`3Jq-4^k_YH+ox6Xu9IIYX+5HmeE2YG?*Hq>d`x0CB>{LeH{~A<8Y`_DFEna` z>Kvu*T!$`7fppQ_3%vPaj#5a?JY9k3uR~ciT^R(=Q59YI1JJbyN-5iru9PX>Br#6N zbXidqTgNghq9Siy?P&B7b&_R7Iz!ZX69UJ68@V_k9rUS=UZBhO?nyu>y^g~%sm+aE zimV9oB1)13-h0;3#SY4Ukfbw2A5n)%$c#wcW%McPFyXp0L`VI8AALd{FYpo%`blQK4I>KEv{d&Z{PO#@MVsbl+37v($+Zm!kpLJbqAja-n^zaeAky%^y zaNQ1m8UbB7>#dli%AqxCc0PcAJ)zl%Zk#h4Yi|DP6}#E zqefSPr%k0KT?w9|{n4uhP0*OI;~9?Q(Lo7aXLjE{T7AScy6CL2H*t=<9}T>{6X zfv%6WJh`4OJziIBEswg;EJ{HbwQ9Ol1ijVB%h1IbU3Dq+#mjt3Luj^4-;86yJu)6l`>_>hXs+BD+7BmUx^4io``*!GZ zn)dV~kDbESm&mJT^Xj^su5HX?HacZVb&srh?7A_@h!aT&At=#UltugAM5=%r z8U*Qd<)bgw@QHKR^|(Z#NaV`&Nf;vmHKv&X*Cq_;nuRnu_dQHW!+rUYjSYoYATVW| z>$^`V>XF3hv3h7W|3>5G1yeQ=(!rok*5`hv6kYKmO|_#DyrNlGL=<$j;H#1zov-fS zgM}2~m?(Rpdw@3QUy`mbjju|&*gda7&Qas#I3!Al%gsYIboDk+#z?wg-PT{?3v{tE z;0sbg*SiiV_qyZ*o<~08kq-7d+t>_@iCp7kRz-12EM$cdgxwm&BqD*!{z>jhyo5do zTei?O+UPAMlZDT1d-5kQn4)(MUok?h%9Y3GKi{D9mw#6cvg>sm`aX%duAdHjy*nlG zbg4I`_S8#ei?Qv6J^Vns*dKRA&$^B(-J32vm-NIBy>#>R_C)&!_O_TyQoBrOQdoA`C;Dor;#ucFWu zq6jEs3i&spOY@*N_SL~L7g zjd3B@nGtv4leqSVUbv*+J)=k!Mf+hgBQYa5KrXift#uvH=qiZ|R<*v~Qi4?WM7UhB zIiyJ#6XfCqXYy|(wB_TB)d=6W%Lv9xD}we%(Y-T5VT?vve6rC2&;>uOo(gnP@4t0) z-FW}a(xt}C@v%2A@ES_yaU)ArO(>yJmaf7) zHjUS|=+Xit73+IM*V?)g_uqN7>5=h>Hw3#s$6i8y3>?y$VHD}AyRc|tn{FT{<8_T;c@Ran?t4HQ_-bo+394o+L~-Bw`ze5A58T zc@e@10vFUpgdV}^bt`n$SeqUZ%i48V-YyWM4npopoU=SVqS1Ikm*eomTFT-wx=O80 z&2%Mrn#n&J*hd31=WzD$-SIVrr%m5rNgU1*PKT1O0~_5C?n-xleTCf6p(qT{ zyBDlAp^PrmMX*DGW$wjfLSn}3ds7my+aYmvl?9Hx-u=KHob~odaDR_u-fZ`N&~?I? z9KcO&62^0!AeSWA^Qo}(2CW4Tb`*UIV=I(9&67e^caI*l58!N0{ zCmqO5$>cGiZ%jf~9=k447bR`(ZFIqJEJ`Jb1V@qG(1C7iuV*Bn;Gx%QW#Pc(@;>;; ziQcwaYw7ij)5PC_RNHJcow~dr@)&EfRk*8Bm49|tD{SXnA!?iLLBrLQ?E(2#Ob=`S;ao{L(DcB_QPPxwWZR9 zTISzq9@zocN>TWzyh&5Nh*lWw%l$Zu!^L!llE^<;kJk$|Vd71^S_MuuU8-{O#}9bE>%`|gfp-9XV@xTDtu=ZpGY$xb(#tt7(at( zI)EEUU7RlYcEAf7G#ig{zdfNSioH3Gm$l0K4e8Pms2jx_aFTs_d47%XBAJmO@tjI~ z!iH+E63F2yzIr8J@5OmyHiC*j;5!K0|BD4BT_ftbR*<7WijktNRv z;Kn06BT{Ja#_gvPMycTYj(a4 z-Igv!+o9`at0CibwX}tAg|6!+&pOeLuDMT*8mXI|w7n?0R`kTp&?W2>bvhi`j21pTF}m{}ylL#Yy}M_$D;jFEl8bcJcns(1%Ia-O>FV19dvLO{DyM|58js;TT}>Xt z8}hFVUDq{U!g;!y+=MsOF3kncU8z-4-rrHdr| z9aq_UMsHtV{r}&-c>n#?%NMWDU%j{~y#Tj5&@*(U!c&ESk-9&@qcY)<_~5w&QG#P< z23iVD27?D_u1k9hc<@4d+Pl9w@&d(c^0Zdbb#o!b>QO0OpsQeKbvRLGP$^1h<}ryE zYe+hkbSXrUKxej(h)=STb~5a>Ko&~tF6-q+bcONMQ`7l~u3Sk@7*BEFQ5dzSOx}N( zc@BTBsZAuEg$v(J)jDlor!~?w3H`L2kLYDM^&IRY{+X>1PL3S3DMUQYiTP{rutvIE zkFphY3F~!)9?`jzc=tHrk1_8<&*ekJei!SFUzCWOqi!Xkx{)q$XMOAO2V@ioV_y(# zFbI#pa#Al0vV?$AlTrNkY8^?xk*p>?Jew^ZD(?4_xgjxXFX(`^XIu7Qab#|5L7exq12G z#WnI0o)5f{vF~eFS9X0N0ir%35wOeCKD+pYflJ}m0=15^9iw+%bnDZfNbF5Y{e0lS z09|Xm;EoMq))slnzQ>m zj8&1p$k)y~pAlRCy~^F}=u|;thSz8`ey^B~6m@}KNmJbVr|QA9~{VDrc&;ByKKC3WC|MbJy;Q7@;lsp?fpE9#alev|B!9Yasm;uNtG z!K^GYECSfG?ABc~e(Y3_7KuI#eC%QZkqiiS+pepsPH}NUVR)+Z;c5aPQr^TP?$hGF zER#aSy6eKa^8%KiYY>zT!$v(uR4G9mOP5$MF9En&BkZ)LTmRF$7X4XZ7sro~#5 znb#b)a=y0GN=wPr*V%q3t&8;FkFx0I$#0`kzIk)2Y$bVj|b0D?5>#uBPeKUpvZB+tt>K$6TE4 zCQbZf&DhtcGP<}}TYgKr;3BVl=_umGSJu9vnkY+GP^pI3UPTLnU=Q$1>Qnwi3Oo)J zC#L+iCp~jyF>g{i8vNpch|jORBXKhru}+RE>AfYiWUJQF3ujb9XtD#s;UwXYna0?u znfa16z$6bw?wh}#U(~37H(UcimpcAxUzT#ZC_r=ob#GEo8+EM`N;`S46G0(V5&pLZ zXu@Ck=xRrZ4Hq~>H~6NcrbsHyq!w}X&^`!Mnb~;CS`HEvhv1V%;<-mDZ~{!x1M#^N zNck9N=z2@Zc@&+;^QvcIO!njf(qulwj|W(4CB&*YY=yob)K7d$7kCq~@qV-LtLzLJ zM@`b}l~;evRuNBR7#$Yap#4DZx{_JpcW`9@uL{MyVRBa(iSYVVX(O&gNg!5?M}K zO;oWG(rTlLZR&RwJ_LS<-Amo*SLV@OcDS65!9JGP$YD!R(;xR2f#;{t>? zJL|8pCu`{{xG$8^Rp+>{q0>SYU4Nlbd8f4DDm{>t7}K2-kc<{=d_n5s_ClsJrqjZ^hT4L$Mhu9 z2J**ry>UfDn=_z{Epprx5I@9&4|&#uVZh3D*iz!i=Shly8_^7(6lR0f0C@iBoQR2WUj1Db;mhW@s| z%{({|KG-(;JMqH@C`iLOy9|ou$`%j#5cxO|IzK@sfCL_5QDRMTeIU`lwNu~2t&$RGdmIaR;cW`)goc&RRn(qwJKz-&2SUkK^v9AJ5#iNKva^kV} zfm&rw%D9BNUJNmMmiq5J(7gId)Xi!cYGr$QB5XD^kU5nVx-`Kl+R`3+LncEcA6QCm z;e>O|Poj4ya!&)2T)9Ie|BeawiAuku_S&I#UciqKL8~}Gz+GhfF@6vMrWTaM?3O`- z1gK$u_tHy2Z;oj~Vx7obujS79`}xg_)8ov}(H`PB(*I68VGIMLUZa6o(+vqlL71SJ zB#Sse|L^9<*J2|4C2Sc@hv>;{Y_|W7DLFkxByd7@O2L%x6MJf-e=s>SIk3(Fb0JdL z05iY_62yhRv~l2I@M~EkqIXbt z+8|^~(#C+f^YK!HU|HhB`Slfd5)gL}4(_4ekLEy|cgK6bdC?(4(v#q8^?un|>T<0(?KvhRG0K*fTJ z?EJW1Jm|Sze3)(>ORf^WkUUyDWUS$@55H$kr{g6yCLb!+#Mg)4vqsqeWHV~uV24U) z@vM`x#TOdU_D8KpH8*HHW!pC&r-}W>?{n#MYYF@kg|6@#OS6NQqd;PD zLkx04Vv3l|3NF9_;nJFg`QsFJpt_)s1v0Ar{cNy6^3|*rNM<410x3o841b8dBq4#t z&lT=(24Wxtrpf4dZFIrCFy-dURV4&3;z9*1gY><%bm#L}_~#N=xRE8MKDm-AGx~Q&jM_9HP#kW68?y zp3&T?Jw%UP3!!(mZU3Uqvg}S#o>BE%rNos@?UevxZmhpke2*r4pU5ciY?GwR>M2{Z zi|I_9pkjd#w`~7dmHP)Z?w`C{T=@pF_y&@sYP$!u*gZ@(5Oxt8y`{qLPYGfxhqv|A z;=){lWq1qS*Gfc`lY5HOD2b8bA*5YR9El?x$7+OVXh~3|jB8wO7FkQ+Bb}rz*p_vp zbzGYa6s9o&fERF006$qk>KGFTvz@FrDbF*}DvDz8 z_zfnE(ck0nfu>&gZ?6stjq<97yq2_0j|sM6JVl;si{}}_Jt7JDRG|SAM?w6TK9*K) zCUZUbjtQ6fi{G%*DB? zQVfT!=J zpMPfkKffSxlF6XW1yB`^+4W2^u52Gj;Ka)aL}p$XY|-TZ6-Z5dDx2!qw%y76;Cm!U zYJdDES!RE`PZ@k})-ZqQMnxE2;(AGj<7!XbB+)DnTQE{fSt_6^hw3`O05-Un2R`ApQ^2FAH zW;S$EJA;oCLX&zi7DlD3k4jgLiY~*d+0u<7Wu>~DiEwF!`q;UHzZaf6R8u|>@)+@w z8Hp_+6}1W>7D|V6iF`jZhIEP884UllWrl3Am@sZnx*Qp8hBeMAJ`7QZ5!bPlg;X(z|GRI0 zbC5T%-aVtruea=+9|Jj*x?#^#yVC&um`wj=&lXCS+b-Fy@}LT`q0PH5)DHEQ-Sqc@;a3BK2qA9@u@$CDe&MaBm*+P+yA( zVcnHi=yI z1kq=O{jW*HtF_Uv|4;iT$NBw#HaIo=e-~*F2|cUyHevVI{06fv-C6D5=dWINd1U-V zxG%8`m&EaLOsXENc!9iG$uRWPwyd;y?(eTXogRk?_v%fzB3He!O@|&ZMJld;s)
    Dh!l8}!n)_FfLUF9#>AW3R)647q^-UWg;d4;N{i>8C;s<|1J)`d3v}lJ;d*~~>8utAMLp4b9o~?yq7+vU-b2T(7fk&n zo3jf&{IF$B{cwzZaV{plu<_s8KT3pqvv|ph{fi0B9TXMoBPIym_f!GVqlldZ9EJlHGMbepD0j=~EXn+aEu&Q$C{D zA)h|k^xlzR;v4{W`0*pp#|ZoM35dE;_V9V=f_%i-fxbo=zvOE}nJ>ack~;Uwa6aHf zm=YfI_;;ZSFXI!ob-V-x3*Wa8&-NC)^E+~UXd1BYX@--sv6_VO1CCvUgJp`Rqt*Z@ zZ?3Lc@xkGl-M9PpfLAMu!=C2sNm3~45QDF;BHbjspyZ{}8!7#3ZX?39alQcCNUVc< z52GJ$Z?A7GBpAFuslb=*u(u|=lG6*wKt5t{}T0>NlpdV z=Tedl6{1^hSL(L34By`Hp0^_SZAZ%`M zyyT#~Bu-$s?#NPmAtjf9P$*8qMZitlEdQk!i*?W1QSp8`pbuEr*p3wdJNc6j)`%^t zk>_h16B>p5kvyYH>g`pN--ExsX!DLNGk-hyLeFAx-+E!=;fPfhO5d^%(Z^3b(~l89 zq~LI42N;j-#6^ZsunajV+9f5hQ0CNw8j*hP4bi(_SQ{X834N~epjQ{Hlp*pqxM>GZ zhv*)zRb7#9kp3>B2@KJ@POfkV8g#;F$wq^}0j+LX`e}B3Zye)z*%g3sDG3~@&9Z>s zG#oP$0fiqoxuZs$7P^Eag%9EO!q2R|byQs2vM(HhhY*4U4-hmsAp{K&90I}J2@b(s z8+Qxt?(Pna1(yK9gS)#oy(8-$;GPB^)+C8gksg}D<1E4WY#*wqRzx{fhN!6N3^rLU8bvgOGB zvX97##%5#D#7|AjWmiwZ=`E$$E`zH`R&O1Nkszu_o?6Knvw1_n0w!20KEEn%cGwuC+BJHi%L36a9h4QfiRwu!ZHPP&Y z_TJR8loxgv0_T?(wYaSMRY|_S)o~iH`_D~EY8BE{Ml(`f%2FF;JU<;)(6-P$13U7V zETa*FR&o2VaFvngkPSnPmeHcCp_vC~0~W|fdn!%&H=O52=R688?{p^12@mYeLL~=t z25%b`G;NT}@VIFPXO!<2-_C!NLy%M>;fs5yybX#q9{xg3^x_tIqeSbJF(5Qlf`@=n zdV?eY(DSL7{B_t1;2d)A3wGI>`mzrc9`rtnQ8nZb$F;o z24Fq_YAShoD2USfv0K&`;`EcbA5>7#*9&clQS>Ay_sotZj$4Zl*Dc6ZR#AN4rQc)qd zLuRVFkKgH z9FnNm_4k*x=`5FetJR@_QT22qhu$&@XcD?#%L54cUaI&&yp!I^xPAIeeE4QzK+;? zI3#%n;dOF-BK3L0&LJ$bR9Ugzd4}qI+@ zO%Iy5j^${ZZqVIc+c+@@KYKDJCI=fW3w1NaQgUiQR@|!V`HwwK{itV%eJCp0BQiJi z(KIP%s-`&4?<+&o#TCzJ&ftfiNE;o%Cw2$j``%D;3i!p$y>l+?o{%tHobhW+KGj%B zrC$i5NquE$scoBs(qMq{b{wOjVTQ_SO1^pWgM4K@n`j2~?ZeD=yo}VH#ia5EfRs_` zdJD2<;~c#QrKi3mCAfth7bMU4Bgm6OK!dnVBfpwWmG3$8!lq$bw z_C~0kSVQ`ELSxo(ER@QWmaNW{{JXKV;2m^*|eR4t2n{ zr#gTqa5XaY1=j|A_<1H=t(4w3>et9PJ!wb6_l=Y8V8OYVqQY)=0ndkF+?~g)L^+tBu`guI7u;&}OfoX3dmV z>ZyPwmPS#Bq_79Z9;0wP0h!iU$A-(|A&U&|#jdi}7Fc#z_1V4K{2mJw!IL>ZkUN8! zH4if!g}3}|oebt=OWniy)i4P@TyuXbq}V&|hi6xXG{6`#^@BjBW6N~^#nuY> z1yiR3!~wsO$BfS;$WcYi*Ao_fH_&L#6l}1C3$KBHbxT1%>(Hi3As1<@sVQ!L5Q|eH zGF0OByV2CZMHuOYIo@tP@&sDzM)ui>W0wi4zIcPHrLo6mGRBD}G(V;_bVq9YWyDoq zPCZu8TQs?Cq!X$(-Qp&>Ecl}(=Tm*5cvhCnAkgL6xBD5` zk=32fsFgx8{y2jfs+AI6!(DjVDq9fG^KiJ;*I>n@?S4N6?LpJ5s`cI?*?Vk%hj4mQ zltv!6gDKZ5-z+tphIx=}>4k)>&J(hvlsw>2-SncZg8s6AMRdf%6p%vsBzp}`+Fc(3 z34$I<62Bf-ZQIeJpvV^&KQp*pp;CAM(l+?BUuni!EWV76;h8*oTx0BLmu(A54%NbA zIu56=0NpZHiR!(x8+415+46E~Uzp1O3Dx&?{i?vxFC@)7H#d#!AgW#48-&d!J>;&b z2HWOyk+a*B!tzmV-layCHUGIyea|J%y>C8Ld4yu^pMvGNXj|YV5u;kAIUW4A;h*Fral7BL01lEE&590j+o zyl>*9)Fj2QfK{OS)1X?{U>eld^j<_16UTHGM!>3O=F)x1900O*kG%%Cxq07QWoYF_ zr?7&;5LDz3Nyf$sUbcW<4jOlU_!6gcf|m{RtwBc&51e(4FB>b_`Ki zJiv7a71NJ3L&-`6cog(2hg0b7aQWUinBP8+i?uiu=ouBYZYY&EDJTA5?;T38h=GdnpmNziX$12az`zXTNlx?=O2T zDz`qb*l3yXd!2FnXc?OtXW*5Hc>5KfQAwl4W54KV#wGa5Hw4*EQMY)%`b^Of`_6Jp zbt`q9t}Z=Z_bjSJYDs#!m>pD#0eq6TN0=q>nK;0j= ze-p)MH)=vjj3_^>`)|Xuf&9{V-cu=xz~Skt;EWTTdazw~zcC(v9Q>m%*hz-dN8#=z za(P|gW7f?#TGw3C*fveqT>w|*c%(OYLpCav(#!ASFE@T4e+}C{XZgUd^^G_BAd9O%sY1%McO-1w%eln6DvFdr~PX_ki^^&af>=W@M)qn!4 zIO^JOb<8my{PdYMW$hhqebno{78<^cQ8o6}^sRyz?$f!mBwfMCBiB#qBJ zBXacY49MhXIn{BDz6voRoNfw34br8}e3RcJqL;}Bj(Mf{4yTK)x;^YY-P>T6OT|u0 zO(R{7lP8%(bOz@5WMR-E?Tdc#xq3q_n_7vGrA;1X$x_t|2`O;`wR*bx6r(FAk*;tUoC<>U+)DIV$xyKR0dbm7~&6&4p^t zrPrBt69~u=ABK$%JDPoR{MNq}_aD%D!8?d|%rf4XLwGcEVLi0Q_Pr<>;2-i?HUv*?@&4mJ#@p66li8~PTNwO%SIgiAr4yz2=yQ?H0uMLVg%F19cd@3X=?0n;uM((JQ zt?qtp9o;L>EZgbKtg=9>PN*KYjsZ80xPkCq0!}`N{!z!Omk7nK1E<-W+B>EgJb|iy zL*2`;4CEd|W>KMStsgm=Ls6ULAGq$_D21@X37dx;r5eTA62y-vq^W8jYetM0-YDDH z>#8-lqCh+1+-asCeW4oa4%z)QTmM3GTZ_?EeD_%yqm7pzgC0DS(X)Uxb~M?6P9+@C z@}D)|^$>HVsES;ssjkw!6iz=Q#*nRe;KQlEpW?kr@bL!;&pau*#nj3#{J4WD@n}J8 zAJaiia1B^I(23H^jh{f_tw$Jf#<_o7|GGq|g>O*ZzBS4o>~^%_6&^G--Iy)vFo z4h3fWxz*aIb*FByDWgXMlbq=I>iFC_rYjEoH+WBduwy3W+NTz8x|zoCOcKX1dA|l5 zDeImTE~BUAP6XU&C-QJTy2LJ5KNpAgT!$j!<`snXBW-O>o*mn9JRI*Y{J9O8#Q;8o1f z+b)Ktchd4WzWeK2#1;Nlwb?*4{?l2gv*n^{sOXuDBHd4mMoeI?^q zrb@YwFbvXr*tfTBo6I<`A$g4dvJVcf6xKz{y`GKJi&FT_Dox|8j3V)ldt^9531KJc z$8uftunuE-F%ePUVcRy8n<9B!FS(IIM_veL!s0z3P9aUdIV_pw(iJaMqxsOiuOGIoyZR|&b5P-ile&CX zkJVOOaP?2%Twjr7^_$_v3ay$D^()&-hVUTGwMuMC>#ATy#~%GW*yp0Mt}G837;c}8 zA$z;#VE=6gN-Z2>Y_G&tyzQFtwddlc)~5K{*!%dwB;ga&O)qj;ot~H4K8C?)rL%5> zi-AfHrwZj}i>tvi&vsbc@iyQ*FNESUp#FDkD%6F~A~Fq;cA3!AG47#@%-JDfIvGqO zxz_rrP3AP%Eb*mRMy2B1axxA}fkQz4Q42WdPDsJ|bh)#3k@!oQO} zu`RW~0OCY8xq_-A1NR#n!z=uMCFIY2-j5})#{%jierC}?$jx#e5@0F@V-^wQ7;7=? zj|K0YdRm`C8^+noW2O^;c|8zd$Ot)}jKTJW<@gxN6YW@ukKBVOU?1rBU<9CLnd2Db6a(AGe~|E>3j$p7=MTTf zeL5wDu_Q1skQ&*Y2INaQ{!G_>*Iw z?ov$|?=hAkjBVg)7$JOI+;3sW@qgeka655#rgI-8`{_&v6S(h(rBTYU{#vO;m_z>$ zE<<0wVTP?$8@``gw*kKTz8pok0frG96VvVe6>$9eHy#393g@?A%nOd(fb-vM=4U+y zJ4XM0r+gV85&#LAIRk1v07)vkG^`Zy|3vU50NBQ;N9%@i=_x|%IMj)~e*ut|8Mz1l znzZc`#HvoulY?x9@fr{%Tlp<@Hx^E|d(bcQ|C3e!!NjjKDC$}PD}={OI6zhq;9>7< zw#I+(Z_E8Z44e?Qz!@xk@!AyF=H~)l2|I)$Sv83q+!1~#DB!t!h01Ttr z*4EMNfd8+={5duBJP&;ntc;nJya6VMUZ3tJb%K6M{5O)n+yr0!xyRiB)8)VK5jHK5 zS_JDckBQ>keXHXG@a|+JUF-a@sfJmA$lHsf6<}BckzQe7{13%m27r08rMMSxAT8k! z#}{lB04XsMB;&Wx-~CJIE6cxxzOrn-3c8LQzF%Ja2i5=IH2@UxV+#t#yt!6~899yE ze`DnIFe8Vy!Ek?IJgW-$D~$dlo=ZWkwtwR}0&ssb+XI^Y^qbFrb1B!!l!SkvcTF10 zZv&JK{m;k*`#-Wa{~^!{P+rpcy+@g_2V=Z{P-{?oZ7^hpom?>nq5_i&C;Lt0A3{mk zG5XVR!4zADC*bgUo3z?|$P5X@?H5?DCjFCbr<{W*PLAtN!1rQ(TMsjTz~Cnsu$~+{ zz}%;CpE0b(;lI)GZ+razLRy%U;WsKC2bg;|ex~VI=SpYvR9Jfz?00x`%mLE(F89mh zD;u*rfD;UHuCGqO^z6fU=*aE8P#uD2t$IMh3W)S22JF%Q#p=iWV(RNqFe|aM0wfTo z{{sWTFi-I>{fE&Eb9;ZGT;(gE-sR2F4-$bK=Rn7+e*KvJ3q=1Drk9+7{Qt!C8hvcQ zkmDa@V;*ht2f~gzcK!CTf{cG#_;1*ha=|s}c)*`Zq}b`raSPy`fFti76ks^_S6coU ze$1~kpAAtVz$})4(yxIs(52D;%@(R=ffLi+IU`C zUIOpAEuZttzzcw5BH;KX6>PJ=?YrHi<5<(I22eqQjOGPAz~E+)p9CKQ{NMPJe_1)} ziWAejZ=lyOJW5Zz2DSVNzQ?nF^$bpBkQuBKo&=b?gXzfXz;C_Bd^4X1 z-CS91KGY$>NRe3X0ha#>MlzT!$bq_WlqpK!#VI%vnWjJ#x*+o3;QG5wu1#tN9gY0h&gxck^Zv%r~%S}J5p)f1Ej+7p`ulR%6DOdk`assUhg5e7fLE;Vb zKl!r19h3g_LjU`hKw^qG>;qPV~2fYe`zTHH|8-zBFF^x+#R;l8LoNI>-NG zqOSS1l7*_)%UPp{wjV%!Xg{$V^!Wo#?gq&EJq;V`;UmEZ8;+3R29(q!yx}f3J0JaH zl?9?c=dBUIxcvkbod%UcpJ^P0t483p`b~RSpUXR!m((+Fvb+ot7`2$)fdJ$Sct|(z=FJc9<(5+S z1b#92r<-e+oc_p2yUl)aoeq})9?1;u)C?aFZ18Ai=hwgWS+`+qbDk0(+)D~~N^g)K z^t{U3v645&iRr&4mIAMH4=9GSYCC&QTs}6(Ftg>|t3*4(`h+5ldrJ7!Rz_C%CzEWq zYIeX+5-$?As~dRXxv+zm_jt3#&p(~ap0^nU=c5s?lfCkr$1TyAPVQXThsWgAj(ekfe zj}HvGDmKskf?eUx2C7pLKXow}`dujn9U8s+0!S3XbAj*K|xtd>~M1 z=;Xt)TG;JP&$B5vE-}1+YA^d>pC^smKBlzQRU=2D|M;nc;Abq(N9Ke`2>x%91K+e* zb%?%bz-$cmHO5@XDK(p|!r2QNpwv2=6Hl|;`L6A=`|^;sTae=kfdVFtD+YVpEKub% z=IG~6I2nUd;us z@Z-^2iF%#Id&-dZsZmkK@f(M^)mX?G#t%tV1)B|3(mJScR*CUfek^uSYP z`n(=JP1_a+rlOde?2k}>%K0ioBcl89rwen`!W--RoT<+3K_KsR_j7|dZa-7868)g` z#w%z-%f}%DqN5~TNrKX+NkY!lIG?%OUEdVp zG5at@d}#EEFe%97IePP$nU|1xB?Nly&qEcQiIujjKZd*?iGAmOMUUuyah=CnSxwIu zZ&=3L#x`4ZD_vQ3!Lva2EEwDBG0NVTFRi+CFN)3FtS7cPC-}bUon%<2dRlh|NCzu3 z)cNHvPat#9ipn26Bn%*U;xv<$anBlGdnCcV&W_F1VMX_)RuvwITHZoqKkdBm4l~ws zPEa#4WpeN`%V^Z4T}R4W7E-yV|IFc#97VQj#L(Bb)Ou%pnDE_UDmPMZ;w^tZNW4mO zjI6z?S}G`Hj;;4@OtbyL0h5~ZK`QSe7m6e&a!*z+l~iwn)$2Uy8c%TRcHm|in$>0; zI!G&R%8rF9jdd`5fe0(G@uPICq28SZG5&eGZ4yp#?rj&YctPBKz$xpO)#FVA>RwD7 zIyNUI*?PCQm|%Lur>5GPpm_*tZhuBnN2^z;p;W3h9}V1fp19zuUerW#yK6v+W{|tj zF)DbkOKTbxe$RQ;2d!|F!9cKt&9+isXx1W6!9Vs`{T60Ez7o|?o{4cWctCU<7m#7s940rk0E z9HlAu+q(7>n)p(Fx=v)vooC@rTD%NQN0>FR49*R-CaGOg)%Tyfh<7e78xph9{AF zC3Cq-T~Vo^e(%_{tNoGZH&yMZH|IZOoOFx26za8Mt#XqY_tkr1SXH$9)lvf>ehR)A z=|jqS9H0W^?C2aH2{_o>8r=X)6Md0wR^Qt=NPWzl*KR4*L^l?=h;WTX19nnKT1$>R z^xJNpO9%y(+XrlZ)*#mjsn_YO=YEo-6H>wMMDNv7v!TXNfK^DEBu>h?bAbZg9kIfV z3BHDNXij780G2qW{V$%zS+GExg~3dfV_J4LI07_Z_KmyD10ks9z79dzZ){F{u!Or^ zwhDdA;Z-sDsXn;J(!ob&d#wJnzr73C^iPn&w0ZVr-^}Opk^Z6FREwX#Gu-A7Y9{*;mW98t_9)?elBqzUZCq7Jnx< zbG=f^^mpyt$SgM7QSr>Q3%Bp#=PsiwA|A2Z+{w41dWa`I6WNS@#H4icB`d{fLQ$e0 zEz$nX)rtivv1?gV;`4TAF*|sj#&z@caf@Lk)}X~|*(UX)=y9_VVCFsGUx_+hBF|OV8fN0CMO*-Aal7r5rygZKabbvh z-ZgVpc`S~S?s~qzM^^4?Rbl>Y^XnSZg(BLVT!*t)ui)Oxe4bi+oo$$#tMo-G%<-)3 z(Eh;3yXp=^ z7W!zWqD}E=BJ@?J>vhxM>dUndyuhw|aem6sT*2qiW?XhEof@4wqUPF;-cQCO8B~W2 z>dj4N?D1Q#~ddZ$1`bw|~Ce;;Y-aXp@`BzOu_zc*;~N z=U_x*$h$(kg;az^!(2as%-~0$& zzr=}Go=qNpS8D=Zu5E%^4WDkC{qXt(B@Mj2i3}_#fIo-Y(d;%%0dacRgzr}9%sQ4) zG^(05aXwdJ>DrXJmiXpz+&4ky63?GaBt!U>5G=z09!~E4?FW8oB#&;uDSA-$r>(IM z^h7}{?YZVF51JH0uc-<`oYVlmaj&`)qPJhQhy~Idjb#f?8Fpidsg?3Ba!M3D9UabM zO87%JiPBHD`IR8%r zj;1qJCPfx4)%O+%`w*vbas;d^i~zr8Bl!Zq_^FS}zRe%=Dg??0MI(KZx!)CdJNoUl z!#P}V5uFk^LP*U0zpsC>Izv|q! zrEFH@Kw((F-0V2`w5=?~thm`isky8kHXm_|{5O{pb2}mz1@nb1R@|w1BUYmyj#HB6 zrk~m-gy-u8^-#;ou@g-(TUMW-LVeChN=Z$j9I|ExZJH4zy>Y|J(68|IE{VmDcdomzp z+BF$1_X565O-)>+KKj);TL@RB8=*{vY{dQ}W#j}auecewO`c*AL`6Ec5+;=yS9i{I z_v3T~zlnWLV(f>}H>`xPV!iu3 z&4d8U3U<*~{!Bxva=%P!&Pq^z$yy~cQ78M;c-7fk+1n}C6nC<^+A_hQx@aV{yoKUW zgB7w*a+E@-acnuZ4Q1LG5wYxFQIixWr1BLP@-JR56;tst$w>&gCJj1HPXiUEK=4nS zdzQ-ZD*!6@2HFh^J|2+2cvo|)E04(k2$O}$`~nQC6l9b>X0kPx$D6OHpra}p;`DNh z;Won!4N^4O4B@xW!^)`fZJx}eg?4A|01guzr(mb(5C}h!??-TNEf+#{UV{w+gzMoO z;Wpwndf`a#WHKS);ho&Uq8ne*o}7cBtl+BSy`Q;5dTk~zseRoUjwyqxg!AYDy{Qpt zMLBadX?X?HBt}su_T39+cUEB;ZAOzb(YFeG-Zhtbcno|7X9DTxx~O30?0%Z}^UWup znaZNY>R)`N`BwF`YNpVhA+1#%4zPlNLBmrvD5fbCk4*%63G!bfGj!{QbE zmpv-W$HG6H18NxSETe*$?uwu9ye0BR6(gSPruYHf{wyU-eNUP`$ZXueYEVd>Aj=A- zIThiIw3d?H=3%Qurf~!>9LLJZI}e`wg+|JF4m5^so#jT7W^54e)mk@|79S|}P%wa9 z54tB>XwW{U?^yXe$GSQ<)vqN2ozj(uC%_%Yhffe-CpTjqFz$O$fC1uHzPA7ehF`tS z(=W$gzY~@fVEE&6lsVJYULAty$NZsWt#=LL=4T)Rg~mAaLJ7c0(HXFFx3@Kb9fahc z0dH$O!r`_fucc`UXoL+TF4Z!{xNLWwrjhABkYyOW-$$d$h;^AxK&E3fV{;kR%VOMG@-VhnrJnlQy=c43_*_%lx8q(l`W6al2JojkFVb?o|xP=$^kFb z&fPL+<8cJRg+odET!6@!8X-GiLBi}MTeGxmlx=&{H;?j6lqrSA;gcPLZeq3FSx6@dC6wQR6lG6fDr~ox^{$`hy zvSHjRF}-y9gKc{}i(Zpe9cP#X`$a<4Vo$K@F^WuHV7`9$(4{3>I;^(dvZMG5X^He_lmmy}=#rEaWzS zl%arse&B>^Nx^U1%hCop4Q~aQ@#hL)R*1$4T|?<0WN)Z!2xTlmS$(ri3m_w0usLR2 znQB15qwtyIz&__O;Na-^6-#(E&38#zKoodd#dv_f;QNE*=9xE?KPQ#F0IKQbrYZMLqN~ITFGm1%w;dW{w^g6)k|DewpRYZ7 z>lqg8P>)XCZEiA_DRNXz0s51RsrkZXKALBxkHkg z!!AX1z?Q&NpRq{#q&DIwRx$Sb#nhj%d-vWCKl#iBe5D--2@5?-E4)6F#qlr9`l+Vv zl??2&G)16N3CPR1eXKKLEibss6T`-lp5PP`M`9DC`!J`j2)@r7;iNA%WNTE8@zrMD z(#Lw+ti-m@m@CFcSWA_xpp_3_SiFk4`1}zIDb=Y@*eqD}lq(=p2Z|*i5~OvB>9`gp z@1Y1Q!N=};TCtC3Rj%FU?BNEL&mklUug@kfoNhZ#{&>2G;_3Q0npcZ91vaniG-%q2 z<0nD!JC)GEiAeECuMy0#s(q}42aUcsowU8k3}yA1<`&a)RhTj^5cki6XqWiXVqVLBP#Iv&7EGN8ZTB_wc$PY6n*)AtG)&A_K@6& z6LaG+`B7a9U1zjedz*$rS}zaW6bh)9ZZExmtG~WbwnKM zBgQ_wiwQM%?w>+XMxsK!E6M$tlTB0Elb0{G_hVkJO^`09`N|6<%zE_d$XfdG<usrDn-u2)z;R&H6&NvzfG=J=!v40h~gsFlof5Tqzg)i z_m`BNcZE!kJb&PL23d%keR))pLzJFw4%;7$P#4lhLPOpcu56x5vC5Z1P zhjUne$izd~dpEh4DubkB;k3Y;kfly5fyJC?8F)2SG%Z+KAEjtj=T)lla{tAx1MagT z0q+UQz)I;-vCBPUeLgmW@Z3B79+{Eqo9zAXElg7%M@{p#>BqkgJ&Ee7(M!^7W)f-|Iig|zIO(vO>tMYvIX@AlOT)O`>v zKAs0C7Gw%o^s2*?-<9f@31G#kMCGY>bInH`gcmB4Y)x@1h40}Ao32w;V@@gIf6S3D zrk6`rKJF1!q*u&W)=zuP>#AG1n% zuTNC5pi;%+rVc6ZQtj5^nQX~HeThPv(B8b)#Yo|^Mb~j=$#)$f3qu}DVF#{fvxPo; zPg1KKnyZwG(blykFOk;U38tt}40Ftihfc<(Dclu`RX7bloS!15vJ!TvhboAQS=^@< zNO2ixOj(wC`7PX94wHAp?cK5}8b@ui6C8yX=6@m~Cn(N)VTvZ{CREH7pw;4*Blzup z_*(SALAkB$QQ@@rHG7V`P_e^7TfReD_r?8}{bsmMtJu6|R61*a%P*o1v{0QF+a(=% zKe@K)by24WUx_4ky&QZsB}X*4VSX~5?83HRP4%>Gt`R+Rxm~#~hlTu&(XwQb_CiS> zYrI#!8m9_BEps-3bd)bV8?}i*aHvTl4bXY+aaH4(rA;wZ;=I(PFl^87v>sj<^%emf2TQk~m{IAB*dB5ppyS`71M?R|rI0 zZJA!a$iAbdh?-G9QcOH6&6gp{dRKI0FKPnH1*fgoc*sgS7(y;46sUzR7vB!vkhUV? zXa~P&@bvp}0X?qG=mWUl z^Rb_1I7Zu!>%RPVvhA$)Y>G>{q|d887KyAJLri*P5=m>jS2ls-?u=svynUPKCPU>z zZPtTmA=|uK(C4bSnfebha2xzK|J_!g_C-O1EfF`(D#!YKQJek=7eXxuFk z-55brEeJ%6q6xbDpFb;b%5mXmwf9l-E?^nNS>T6?rG5L_JgRZcZ4n5&@KD|i9J}Cq z#o>SGhVma~Y^?JWr=uhNuKZiHZRlxN5UyE|F5U_*W00zz4t;NeRdXDj7ow8ERtRp~_dCBOKZ!P!u{>Iu#pvS| ztmL6KE`X(T`A%++AqS3SkY2qs_IcAQ<^ehA;o?n+GWOM;pI#agxZYgxb2xBFjCyqj zQy2nXd@j#MYc;DQ-h>{RcM5Refs=CMSy(QvQ+p=r^@-xQt6hQo6+Yg|E8D!=?^O#g zkF&eWolin0BxUhWwwcw3jR(esZ_J3aKFy|P5wz0;iT0dUjxjMFe12ryt6+|C=*C_} zm9<6=AJKkFt{WcJVgO_(+_BwFW})jd)sirV#wA2Q zw>NT)(}ReDaxxcu@ITN?#Lt(zBCxwCXh5cF{xq2i{KWb?siDElkCtx*sHP8zP7A*T zalb^XN7d*#fBkgUqyyrN6OO9!*ryLmAbw#}7iU8EKW7(wmi&;iCl)w~mq*-}Gect|)179D+J$ zR4`94*$Ht4(LQQduj(`AK2L25N15!sef))@>e&%*m?tdA++G!>ds4}J{oPQ!a7jos z3=caU^}P#Xqy*|cSXQx2Q9?W=3p?a(Y5G!d=1%I^=LATzE?A5*-7VI(9J^7LMiiS= zMuf*_D7d(;!RXdC23C^bj2O;89{CoQu1iMH5ZHKDm5}6e42g@xvh^ zYhl0DW(r6h*>Q~KW5Ih4R6K9A%W6o1Hp4V8S+Xmiw;OUPx%IW!mp*E;7#wLnRf_sT z(ew%%DHEKoaX3W@C&MX9bKyD{vG^qLOZO~e@5={KI%p%Z3GU?4I!$^o4_Mx_u?jxS z;tegUpO0a`#5fbJw?AtE$&a85JFB3jhpzcYS&}Q=#ZDJ{K5?wVO95UfiO&G}7H{hNTC~kHhtenOoKowIWuhsl@Srl^xYp z>#!n>NHV|;gcWWf{!0e0avit%BMta0^2+fBP=C8>E&^-E|*fR{Tzg{SamGa5PHeXVgj_qdv(37UqS3 zM@n89hko)pCRGp3hM7``JTd*fZ`n8HpVub|BHDfZcjhk7^PI4hUCv8EJav-qaxGGO zGp-J=JYd24E`;ijB0bOZ7)ZPK_-qiCKBkwx`B{eqY2X895&+w4o_YVoXXZTs-x1yhxMq?98?d1%f(Q#k zglW0x=)Zd@3q4r+z!&SE(kXJ#%iHE|jbid(JX7~^_gdmzwRx8giEbOHIWAYU91wdQ z6|Dc<>w5TCJcE_0Bokv#rd*Kts`MirX%O$dd75^l(z1vEzIfTU1rBDlZEoHy(R~wM z*O{c~-1ATpX!F9MCBdr4j6yrF`^7X{1?gO?C*|3j5lP|RXj*gl*+y1c3zRwgy|b6A z_q9&^_%R4W(l5HOJZ>MNSycasH;E!Mil)gMRa>dd;LS5`fMN-0rg5j7ccH|%7;2CO`rSRDFv&nBy>xgMc6~~4rlZ< z@D(>N7Z-QcbF4Qm^-5Y&mG`h;!OMQH3a6TS$zDD=#gfW);$1!FN&hmapC|X>pqt56 za7(Vb^K_}3d8_I_R`pGQJS=Z}a+ldHWS|vSs3i#ivY7AsduaFW+}BRflEi#8 zBr+!`e=Vb0#PXbssVPdO>!#F&?(J1!{JY!d{x*VZul7)QRnblcr-=AA(TA3T>FV_K zO%E-3V;0wPRiw;%MLuRJZ4E~vGJKzyXv()Mkd#p@^XJm@Z{DkGmXrZWfWVX@* zEhjdzG?LGQP}xZGge{Mw4ygp=i>81weJq~Z<==8^X+LS~Wm`I(l@R^Pzr^5Q`q>U{ z=Ie(bJsCM7zXCs)0e2&jz}@vdEQi~uCg|P*uf=lM_TgrWJq6C7mT6&o8Q1^KoWPP_$19H!qicuFC6ljJ! zpV;N(C`Z^ubc$Gao7V6hYvJ3iQ9xl>4l483XY^0Tp~)AYmNgdTudp6jD} z8_Mxz@GWhnqvK~|a`iL2-h#K=%`crI#~iUpc^2KS4eazo{HPpXM@z~&{ya<{Ye)7+ zhT{|7!{pkMrBAklC6&7cxQO-tyr9Zce)lCyUP#jDRWG){k@XUp<7s@isingzL zq$&}88i|B-YCks;#ifB@juXFoY3lt|p3{b7Em>V5yu|&~psE++?k&%5F+FQoH>B3) z^eX0pWG|}BezD$Ra~|(R9#S9IDmFWt%HzJ??K_TL$S>XB`{I)IQ4@h#Y$bmFwKeA} zbi7>k)E!5nI7MfwmoYTpjC8H`hm-DG8DmoIj8^XZ9KutIw(V2s`T^KT6kFkCuCu(v zWRMob@p5Z>XtD-RrrxrPGfIo-tX0VM*5l&Vn{vMB~dTgeI#@naq;)v{cIrVF!kwOz{s3D>beuLwrPjf~jk9&Gk@cQ@PH^*N22 z>pRmCp*WiUZlO9qsB<)e0SE*#g7lV_?8R^~EAbd;f>bh&&nPx;ESfAMmNb{O^Lpva z==UJGb<-sn)9i@Y;zKsIywhJG3*IZw{2W9ZAb5tGTHsf!Sm7wB<%NG&Q{Ca~R@{M)9JrwiVdfRtjD z7s>^{w9PUr+?L1}zN1$yYnA73aaE$~EBRhtTofQCUtT;gKxZGNo_uImqRcB@#7(c9 zq{Ec0mUo$u`@V%5y+okxdu z1*S2TDS)^ipxT%BPgFu*6auvjFLMR%#S$GD%OR7H`4>A-HX6$k=<|Y2d!t@|!`tR+ z`)-;P%U3V6lZ|=Ip9dS`jguDh&E@m51)j;2Y0gPp_qD5QZ9S3O$Pzj23u6P%%M^#t z#4FqtS^T(V4jmeEXr!}@SqB#nNDj403IMx#Kwk`k z%u(`oXV`7Zi@g)1GKqRRv)?v(Mvo)J3ONm)m#~r@vy9Xy>VN`v>pKNoZI-6OL`}Eg z&(m84<=*Dn56o!weIcnE`7zWQ9M8zd0+Mo3YWM9wP8;02H)lntx@@#oK^+n!)0~m~ ziu*)gbVo_VpysZkxT}iqc^NO3g-L3h`D}${6+q7Lf-u3YWT>w6>LpGJg>H$rQ|HnA zaGF2dTllnG?|L%<8{H+AK`|M3*}<^u?Uh&sD3rXONP1{7Agy(5BOA@Os^el|a{Tnpyu4z30?$S~Cg5h?`#wsZT z!G7DE^ETZHqLZH1>h7>5?ZdS+{uyX$aZ+3bUEJ@$a+~yOK2BOo$I5(otmXZbR}?kq9Qm z@gQPKlG@zvdDukScw@pDs+HJ?JI`irJ^E*LDyw8k<;J9EZyS}}2XV&npU_4en^5zL zBo*9!1DGq725A*q~yj$nOyr5vh?~15PU-2uplpk zbNxCb)+0CF1W5rtccT+hk_k31ERg;K9+B^wY$x8PHUlk_lI=frTh=)ZXcguLGVFad z$FNb2CLMpoG3Q#1XAF65y`l4n7-XC9)%3i0tzOpl2RWBdPmUrFp75&gSL1`gdC#R> z{_|D&5h<_&V#=VfoTGzQ_PGN*Ks=2>UrNzQwn3|ecUf}O5l87@hK8yww0gfFhdPW~ zSU@lzYdqf(ErlNkQF0`!*{oEm0o~&QN7-o@o0vR=b;IieV}0ii&Kj5owxF~uiHvY z_51OyTd*wMa&S`OABAAIW4}?tGTu~~(&0Ms&hAo*jG)wsaRwg~L6u^f@FwU{u!4 z`Q)znxlGL3zL6#-O0E4~@3P3ClI$l!GSJ5XD(Xqr`Uhmg7EzeH-9ajpmlDspY_HDc zYk^OG=Vx9LNQuoB%)Te7TU@sjUv%0ON8*hQU(a$hf9a6Ee-mz{n7q<}6$rmQa$KJI_Qb=$#nxZBKrwB*V#be176QyO-Xuj0aFAd%DTfcGwpB{nu)U3E-XuN2+ zS&6#0H_EK~JqP9|X{DIK-)wmaglyZ-kSi}=_5E|!8U&X< z4NU7?iN$7qbb+5EnEwanfj^bNbK~}GLdPhTlNMI*b9EYh_NR)W5>vd?wqsc9;FsY^ z134m!dIMM(f&T6!4@`#maQujhBgGR~!raxLT1k1i?nv-?>=zIAHvc%Le4=WmCO-Ys zX`n>p?X$tRV(_3I-g_^65=6ITyewTD$R%{Bn%xwFQ-b_)hEi!wB~F_^CMm|7tLG8u zF#Epgeyyi_8pK)6m*6@4E1Bvox^TJn*;8_JUnqNrTsR+2F9ZBT$;wm zkB8IQ^lH=XqRSQt++!;}p%rv*wbKscdaBsi%xvy#X@8dvqAlwi*LYcf;K_Mg#kVB5 zFZx@zS|ISCcTcVd<8(P*ZDD3HQtx{Z7~={wwqZWu#P6BUqY=l_w$dDc6YZs9H$U!W z_*~f*S31gNf*?CHQx7MWuaP_!0Of9G(Xpymt`U3vxUoS48E1K{MzK!-kB zoKetP^5!%8UVypZou@e-ph5dVJVGxa&+z*JRkZjaEConFxg#Mg0PO|hUoP#rv-r#c z0^z9lig`dZHxT4UdIEt{B>!pc^skoSLu)@|>s>P>j0SzC0O0+Q`!)JsUatt(p8WQm zf&6`qs2X2$0HF8nGDFEt@59b;)zmnFI+h3jIXq6&>p#Pq=fCwUNK18`e~a&*kbC#D zZ5yr_g)X7a5WX&8Np6Au`}LS4)_+qG*H$T&2Pp$vN z)o3_RG78{$JSs zm(GNw9Zh%9YVqhBZ?cm(ZTPUJV5C0M%tayO%0^$Gd z!(&qr`fB&44^8QRto}9`8MnQL+_b;_B>M)b`O^X4Dsa;;dIkNpiuntQ|9dI?1LEJr zZxD@a059u;$w8xDa;D^%OMy54Ksg1L5RBh10J9tAne+l;w};`cF!sdISxTX;@qi@y zjOh|$sU!dYsJWYgAhdtXqahNv{QoSvI=R^|*TCOe-Xr>#5?Evg_`)&VQ-JN8uFT+L zp#EPJV9m+#TVl1W(Z3k5H`OvVMq3vGxvgMskVzhNZDz+S3XGO@3tqrj&^VClnXPe{gof=(ri!g_f>P3wMxviVpI`cAejkVyMb%xiv;)?f6>AW2(QBvG&}UK0pnI%i#?FtqvzO(W zou`~Bx%>(@#Ou;f%x{Tw9}}DoF=9S~HOt|UdZ)5WV^}{gYfMGO!YDs^yf%ypq$pCJ z2*{t>?ZwXUaTZ$s;+d*Bgk4I+wnM%^65bOC67xSMeq%Cd9q?QN@5?JuK{Ek7MbFRg zGM2d=t7#_>j8qjgx#QKsDe;Yo_D@@vBiN@<*+iEh3vm#*5Y&a}nd=oHZqK(`%gLIW zkU>ZZ-A2m%bT^)PxE(Y565c+^_CmNJFxTOL}{kiG5;-FML zxg5|_-cgbx<-&@^og6D7`m!M+7F_tjuuiyaf*=fcjIE-L*f7R!)sI<)E*r3~B z^3?`sUX8qYcu{g7Wv_HB6-x4MmJ9_Ni|-;m4DnhbD*e=_ybl z9HM*^;S6J^FG|6f8+R^D@HYr>&kh}{)1y3ItZ*-g?n!+%O~m%qr4|lQU61imR8{pD z`%+%F;(z2wqp}h%udS;Qs9XOv&Y98@zpfao%go-el*p^IXI_3u(YT7gZ-5*F?rFCbM@V+ z^dZ8o5NWOO!m6Y~RN`1YuS^sEL7pIUoRV9>Ya&0KObjE3x6c-_vpb8r(|4Z_UV#Mg zga^<48K&YTBkjaQzOqZaQo`GzHYt?s+zK-s_ozY_Ul;~-nLdh*QB!SaQwUyLXO9mU z5rTkTaTTFHW8_KXdlQQNPpFf3G%YNL$2hHS6UfFL?H0u+qGZzEH*7}Q z(nSZ%;nl|cQEjj!$&r&TCRQqECl{mqrA?t1Ff(xrdkj9WY@H|lk}>v>px~8@)MCWjn5?Q!W_NoFtKk(ju$ZOD!4QuCUo2er zHd;2J>+V_8WtTo-iD2m9_l2Cr*a0Q!M?zwwK>@Vg?5{WmvM>=tPkttp#khArI1UVx z%cX=yjA(VgG47ddu%jbg2=*gwWc_A&j!!8d)acm$ZIdwrw3#?(K%X`son4F6p!aE- z=1}%KU$}zdoC1+T-*?2_$7&Z)2C`T5uBQ;SSKS1F1LF^1hWs}FMM`W(bXJ+(CL#T& zA^`|xi-To>;!+NC|#c9WjQhOFIjvFK6nyW zml(p3LN=maSH2OGN@g_WtUOQ=drW@FqiN>>zz(28;^rQ>UzSb~P!~d=FN*xiv=3f! z9qK>yqLOuks?_VXc~M3d`|#E+0_Kj@XF^#J4mnf&J%{DqD>cpim%3m z=yds9e`YPp_5 z7^SJH27k1bUeOvgmjeO*X3poure#=ZE;bjP$6c8y!Ctvre(GlbVZRj3Yr*If2~gZwO-3eGkP>BQZ`N;eaDDN zI;bO$6?)WYgOhQn{I%^-p~c|W8T}m~S|~w3S4dpP$r7je9dLDB1?V&b<_722X9Z43 zv3$C2+xt{T7kCh%<*zGATQ?_9*i${D4>xuVxLbN_>>q9N*RrhMZ$6oO+iap7tz>Cp z!P8A`ltz+N=|@faGK=yG=|PGn;xL)Y%iE`z+jO0_Mfep;lxxW8cDx#EJVQdttXL^U zIz%FiKa4{3QzU!FE~NY$sPF3|R^R5aQD}lmxiOMO6`k&r7~MQGm`=%E{ccuPU7f#0 zy_0$+?1$urxbmnLGnvdztfrBtAXkP>Nmclx>GhnfwjWmTFCQnXC3W@Xwz-WxX;^$* zus`Kjkm|gV?i2VZ-jt$aDaw2|hyfnJw|u%WY?B-58KNYHE;vCKxTfn<>=l%+ie3}b z>zf%N(}`s6U2bz$2R-A4`gydbWCjyA*Ts%zJKFLuYHSsA-~1AxJ)Vp;hh$clVP7}x zNHH}gh`}Xq9)L>{Qg!aB51Tnhr$WqL%~OlM^h!1P@v;X*to4wLu*$t~f<<#;+GMzv z7oGW$0vYy1B;lL@b^s@CJg~L@G&jU;8}O-So8hQ*9dyz+-G9*3KrK795%)2f9DsOT?ki4jRq+EA_@$}woTGtk4%MmD72seCfpnoNkq5+-gp$HOFT5Ukx4VMt{_jLCZ!N%#}O$?|17T zLNL~~cck|J_$kdu_k(izOIsDx7owe?Hx5Gyw8IR)CRqrq?-9EQ?lDQx3Ua_6feL~ zTStirJ_Nx|>&(J!^Ri@7Qeza6e$JLATKE$rRdn*@#w+iN-W+*&IY{E%> zj`U%maQ;;OBvfvCwH{6OixSCgmlLx=nTq|xYh<_g;VohLMC;+K$92hMDg=QBOQ!A2 zRp>?<80RxG%U~0e6OddmVlY zjwsoweBTKaa-;IqsojjYUw79#NDak%s!i#UsRj6WQ!?WqI8rF(nUGV+8ZJ|P#LzDYw|r=M}_9?ABE@rS63kGW`YE_Pcd-k8XRJ9aWc1}yyyTv6+cEi^L&Wf4@Iij;SIl~$yf&dAQvq=TpmX_672q3+W}G3fI_Gn!kp^?Du2n-7tFW^&p4C3D zwS;x-9Da|FD-c-b9|}iIueyJn&T=SpTL_so-gz(8o9H}Tf|ofZ2->LO9zQ)^G@Aga zird^5IG@d5C|w8AOJ$rnbJ)mS&2Y`uU|W-Av}(rM zQqB`=OA3F8nTMt6Kncl<`95tO@7+0}fV1?FL1&^6WxjDaR3>}a#{eAjv*g&vts=CI z_Suh?WD0~`WGZ7!9T<%JCTqPeP1nvDqdY&ag&m5FvjfC0G*Lwz=w+sD;2j&U6k00j zbWr)AW0TK%MI>3-aEYQi#zu9SPO&QO`=pBP)Nf z$7NUQiIlD8n$Yr4Xh!_fVISvFM}RUB!7SS65<6a zv^spEvvO7Lv3q1dts_@Sg?DzPs5N094{sHGfK`6WO0~48DNRIXfL&cxm{huP&0c`r z#3|YM2wLV$qleM0eDhjG)nHKv31uo@VyCssW9Kwf@{?{s492L*37Yh~bk1#;j~1$i z^?kXET%HA2P6~ejk$ad3Q0f_-oo}xdmCis)V_T6I0NQE}80uVJ!hqjQ{-xQoJLZ+N zKCe3(ZNnT4b<5eTgGa4~YKA^$XyA5PyA-I_y{Jsd9n#?VVgeR0x7nyy0m@}PyJg12 z=3>+GpLgn;$JFE_pS!2Ins-*{F@mpWD-NeVqYF#NEXw;VK5?|{N!^1jWCyey%)UK3 ziZ&VsCdu18??250uAQjufB6l%##LD!PRrQ1^ z2{>-f3`t_i1N?cy+`gPy(LKszEt`yW3+PQ5Pb?%v>X%aX;;R z5U7*2SW{Om(DKR!v8#hZBs!QCvW5ESBQHo$JdJxFx)F`^=O)2I3_tcE(`qkh_bBm+ zWq?(YyRQ}g{lG9)atyupJk`3L7gQFX50kb}IAm4Vc+~#oJQAdR*9j9 z0uDV7Jq`BW4HLv$h(DNmzg0nVXK#;S%uSMM$n)y`A+Ea(^U`&iY8sYxAC*d0LhDx_ zb#|-Wgs1GUf67hfTTF^DZ5(K=Jc7gFA>>W0#Uv1tdhs4YEPb^Y_;KV%MoaK_!7#ex z65L{Dqh;oB*o3DnMuZMvJkb6?a-Vd6441)KP5z{0&zd~@smB>M}3(4nTHQSI8%&v9#4-}J>t-Z&>y0B%c|~O?CORcIFUFl&~{$Qd|@+d3b6i%EgsA zuQA0R@y>-+?qDOGrUWK;*6g{<5|-{v8sHGGPQ2G#Vvo=xkdY_F_zo{$Ij1y}e$z&! zD)J!J;f6Dc zVQyr3R8em|NM&qo0POwib{n~|FbwB!bQM_CWXpEcO;QKj!({SpjqFMM#P;Zu?8&=V zGFt<7gCs`HMo$ARnX$FjzK!SadujVh-i5-Ufj;mgN|tBTKWwoZC=^arg+d*2oJJFp z2UC_(!E&08yT=opi*Sag$?rDv^m@JC(}M%}zt`(k|KHy`=>M*N&^ze$_xAez!{7D# z2hW}!{0{Xt)c)M3-~#8r>)p7mYUjR?2d60$SWuSo!4^U|7j%RpF)4;2W!;3P7kq#| zZ6SnEfKogq0|e^>ov|X12z)@O$ddt@2$AtYw>zd#Jz~>tma{1l6H@RXV$*4nQZegJ zNHPr~350ua-)CIp1W(aP&VDA5SROXZNR9=|yBEcf1m%Z%hfK)<>WI7`oh^hSEO5fc zVT6T9h%AH)!2+6cfsN_Ne^7xx67SW`!dPHQKl*G1fW3ia>EWxutb^eWo-dI=` z;u(&}0I8QQI()_jnKstTa&}2$!h`W;K0sxiFk(4jTn=Pdj#u}x-v}iq3BjCbROL|!`_IGvR!n%5(@em-W0oW&5*%@INphT^oFrI~82ybTQ>51BF8XVZM>xeO z#(XklIFI=*!f7nmXSu-gA|V__Y&xVViP04m6BM(kn37cOE2yH{=14H4rvwqqXY#jN zk_3@74g?EG8gC)=_hLx$ln4nrDYziH(_7U@i3KXSd@Clzefhm!>fzRe$!S}23(-gp zn5mrOt55+bILRZH3X+NnEay*MR!-d%%U*Ob=R~+g&J#9fK{Px(91aho{e!1rmX5bB z$n1*cF&}IN$e^|rAP27iRWS|R1u?}m6_}rZ~-uA!YwLmM>)QwvaAuzq!Ssi{lHNiwV8pO|{IovKEh+5dWD!9nQRx@H(gC z;jAn=r8(mXz6>Wg{`Z8E%Z3*IA3?{n+`$Uxmo$w-IwR>A=l{tIPP__7@O`UwM{^+W zFm~(E^+mN>m)oV;wqJ(_;a=}x>vJ>6U-{D@|6SswAbf)Y;9U7{Z+~xpZ?7W%9q#Qt zeUSg|;@L(o$OspSKx*32h~-tv8gPN5i*Rcjy_-;uC`TCm*U_8T!HDHkEF|9?(S*nX zFG!TⓈjbQ#_QMQ7|+lD3f$QMl=-+%~+8mL8h5xxjfw3+D4~p6*^K7I%esJj*A?4 z=+@Tuw*Ln3bWp@G&IHM2xtxsF5=OfsC!{MGM_0dSguhjPD~iCEQgon?-6RCpj)1d3@o}PuR095O?nLZ zWdxuymWu)Uy7zT&3n4niW1{fSNyfOWGqe1nJEeKfauNqI%}FFaOmW)Z3of4Xpgu+c zp2klP0F=Pv0lMsk&%&N+vPhB>me6Q6K(9t`nK;P_C#kR>&q$OL!3XH$wH#TVDU_m| zU_tbV%b7p@`%83E@X1NeKDZL~oJC=};x2)hTn3kW;bEYdU^m0j1s)S_hc+wtB+J6ByrqZ|`tVinygT3!5&opn|D_B?~2# zq(ZNwOxN%A`)cYrdCel6Oc)n-@gbD5n4A$QXs{{%X#7y`Hm*UX*PHgW^i_w&jp#)J_i?M<`jwW zu@5A|_UkHZRs#S0Yjt}Y{ez}4yW%eEf0Qyw)}tcNNh*?=r0ade(q#5{A7WaayE&X#qk5I5z+gmg3P1Or|V7BLd)&gc6Qe3XGn}&XY6(hK|t{O*!Huza+VQ zq0c{(J@&)iA7v$SN%EN;C%NCGP=%9(T_Fj+hJj!xFH(gF6wh)N5zdjAV1Xi>qO2Gu zluy)Gy+Z&fEPI3L35&Nh@Ru5P!xob$T^5bcg`~OQL@pH?k)tSLMJkSS5|dO=oN%uoO*x5*oSa?I><5z5 z(QHkTKxw-MsPh?#tDdnHg{da~cvE5OVS?sO&~Hsz)7@THVtd{s-Y+AuZ9uZW5358H z^$W81IS#gaU;4?`&fgq4cm6E4&f|iaY(1##ePM^&`#6N3jbeVT)9v1uKr9y@DHl%o z1(^*Nti;B}@k@b|j#d)uz9SyxIFrZ8bWGC^0Zqp_;oPA^lE~?|Z)K6DvkgMq+vuIE zo|VTWPH-MgKm`rT?A8`!b$#WgZ|_YZsIrC77J|bcjfguhUw^Gvp}_f=h>{wp$=XKT zo0DyX5YDnXbPZZ_3|)8|oynmgh^B(%mpBR0s}V|>K%9u(>NRq#uLrna2T?B9OdM*M zTS_`pAAw<-#(uAsC|t1*NrEC!EL*TRK;3c}fI6FSo~e#^Q5{ zJD~Jqi80Br-Xwpj4$6N&3ZFdw%Dz=A4Vq9}P(pI*WC@PQ6o|@K{c_dmQP&ueY`lkERpM zCj*3sQGaiLYa2~xdLv+baWRb*XMx)$OAnRZkHpq7%#ny|dmY)9E_*7AO5*EXSZUKC zMU-(ua-rp7hy5y+YJZMNN^(hF?VF3|?)ex_RvA@#t+w|^mzXAaNE0e%ZDn5OIco)Q zmauB02@#byB^CH<9cl0TTNaZe*?pRh=N3985zFIxDMbR0h8&1f)2A$}BCI}~nuXE$ z^-QoFk4f`4*i@BIrDR`uFZszEC8)Ww6%kh~zo_vc{er6GpXcw1va;vyn) zV>+@FEPKQwmP!0^mc2EfxFR6~)Cr$-bZ7MTZt6f%?q?`^RGPImmUqowWhIv^MFkgZ zigL5u5X%*!@^7{6l~IEt_{OZk+54f~{5X!OYyc_;Nef_;;9fG(j5s5}3DxYrBS(RALee?G*K6;?IfJ^l9RxTNGT zslLjPgP~=?NzRcgQ~6c``mB?mGD~~iR?Iq)MbNRDO(}Kz zk>?H0w9%-xVbCpBIDtmuXgtozcs?Gm*34(g#oezO6gF_)F*AA4U1tn3p1rIoVl$o{ zRW^pj?JOe^9nDb2Vt4nH1x{T>lz(!IS;V^$OCypA-pydryBUiEQ07uG3-r5foMkwl zvV6l}If>+7y!5+%jqQ+B*-

    YC#>d_HmQ zh~Q|oZ3$~f1CX#3>YWygGgnTlX{z*A62=5*o?tlH<%tprI z7Z&+%0eLkgHN7Q5Q=00dh&);jTrIghK`; z0wDLD4`&1P&z+yyaOcPBrz=dw0PXj9^+TzXJDir^a*`1&oR9kx_hUpToFI3&L^Md5 zpd-C_`Hsa=7vmOBLr>>cLkPZ}YbBY}$pCSZ#^+MVOD-M3#7qJbGL%`@9Nt&MZq-<#M^c1F`8NsLGUSU9?Q z@M#-tl?MjswVKm^$Zs(l+pmo$43eXE8FirT6Pwcnvor3~Sa6XlXTBQ*O+J+|h zk|2@O@tEXNmO<_ahCWVogvJ6rN=S;rzslN5NfiD7GVNp3b9?p#N@zXO;E6-%B&ZxT z^B$BlmJ1S}V48Cm4nqI?KmRX!^6?`IgN9+y z6JQyTHx~aqdj0bB9SWfL4JDn$1{fv0seZLo^L%LV;3!PR%!6~LUz*vkm;GslCXA!6 z+k#f^44xpjuMH*VfOk|nAupy=oL73G-s#1(p!AaMObO?B?2q~z^{%0vhSE#6<9Ky@ zZM|^3z3c6@)LODlt=g6XrPrp>wZA`oJ$QotTy4~^_G!Q~n&ad=WrCb%I3E0E5gu@a z*Gr)J+bNl{OM)ILc72w}V|vGKj1KCUmDxcZy@ooE8@g*LYL$K-S)KL*B6`P!bGcV) zkld?*)KIES zJ3LdI7C1>}Rslp)->cNcL?jjK5`d*ty>4#;ecv32M7L{4*Z!;wtrl<1*f#1=y>6+t zOKqO~H82J>XKJi#M>GY~jKPqgC?Pl{F)A_y0XI;Q>i8}HKMl%wE^`9jGq4`faAt2( zATS5HBqd)QK5-W1|A_6MxCdJ0a!@=uZ;=-)S` z%1mEq$<7wp_v!o82B~rOm$Fv_jkZEYFr*q-FpxVOC3HlhS(K2w?UCbV+~HYc zxCNUV#l7$_e5T*D-YCL%bLnx+QqUur=8E))zh&tuW5T$Mpu71A^E8;Ye;}5h4#`zwOSTzRm4{N z)IyKHqmo0(Q?%R|aw$nt01~(CF?1$#`ams}HV{63tYZ~QAc|O`>+9g-NA#5j@V1x^ zLB%9O%ZkUm#Zg7)tEgis^ssXEVGT^lNQ{XrIlL3XZjHI#JMc};$;dvApRL$6n zh3##m5h{V3+pjsOSa7PcXFEBcEiKDkG@XR0()ui8tOSfl#jApAqUs%2E5hrtAd&Dh zhut`RJyW)dB-UJ@c~$An6ry9C+R+tkOvHrbN`RC7aeNG1wx^n|?uo`-(X!^};Z|Ak zX3aOW8)kD?ysd5sn^|b?)O40*uq7#}8XGUz`HI=VG2zvTzb;wcaPenu1_eV2__!j_ zKbC9MgqGO1a*uOA3>TCLZ1WNMAaZ_$;uI`;kIf)SiPoq!-Nfu zdF~50LS+|cG@QoUZnNApyM=1#lp99iG{$+1*zji(iU0kd|I6jV!!Z^(L~qp8jo1R4 z;%*sC!$lF?sOYc|EZ6s)T~5aV&Z7wxBoakVB;rBDQh97wisX3Pv~O^HqkkLgVR>G4 zRe)gJljSVKV=PKJ-{TA!i+Sji|JcCw7|Sa-b+b{`Qm7;ai%z;Wq?Vk)09V13!L#=I zI(imDe1bjcOw&c#4<&+w6{$IoJ^_{NxT{O`YItKg_vA$Ei!SlxAP*Hso2z zu|sdLEl_KESIcvJf)zSbR;0qQ`8KV3bx-7i0X>Xq7w46#b+ZR;G}-l58h1<xazA7x`LW(q@iK7UNY{yfh?!XXni~mxi;|+|l4?FYpqY%51rUboaWAq)EH|Wyu zIY9{mlF=6AevWb!6*;s)X=$ejPI7W%2zm2AzLt=+ZOTHfF z2^+tbbqBx+$~{W|P0Uo14;hKz+%I41bGA=_v|9y?W9eS2NCYTtmF8iJFBC0uAek2P zA_c97xjQAl6gaV39T$aAOBW!~@&W3XB0ilG6q|M7AG0UQ(@ZWP1pH>ia=R!%81L`( zCOgU*0CXnh6+%wNMS^qi&mf#TRQ8{};Oig%_-M*M@lVrFlgH@MlqLz~Bw}eSkCp2G zDNPHx0Vb@-`QwU|BoucXAc;UZ1IoL}OaffcQ>EM^4Si@O;6PYbgQiR)+ zRLVmz?`j0YsmC6;@!HY~jBRwul444Z6HKS?H1jF%FL)`>AgB6qf;m?zsDsBr1nTY59TL<;S-e0LBmTFgT5H##T;Tj%r(=Xnh0Wl7LukKZU?_2`-I*a#tGVuEeH)_Uzt)dzj%j0>@(cj*^J3$ki z#)8`;H++XOUI^`%QS2+bC8~`c{N!0^AZM#-x!I7jp9yH1k z7jm@WU}`!sEQFS9tQLrHyA0H1AdF%<0)GnObvTry-T2@F2`;#{=hq%q3VVOomv@i@ zM-%*NWG=u!Y?CBQ9ZGC;I>05F$pKJfY=nDmZ5GE24hlpfCd)p;M z5ChtmoUx=MRgq2eF~x@8%8g|L(5Yrkz>^r2XTXKF_m090LQ1HOB&kSM8*=7tF(0SW z<;>2Pod1MQsrCv`W=y_Jv;uAsn`Q;Lt>}ijKKb@Y2+|FgM!F_z!l6!@pdQG%(C?|7 z3w4^~R_r%cbgst1;Y-i}kAOwYR0Kiivebs7QF~qYDx z)TqPRNOaJY;FMd-S*I<15&uN)5|TfW3lgZ0E`Y=pvuZqffJ4lPvbJ^Dm?=Z!0_Qjt z1h}EGH1JT5pF|-T* zPIBhGO^@wlSRqE1v2)~Tn$%)@QGltET4^*Lzf$LJ^;(4`k`kaJZ@6Ud9m%JjFrqyH zURrUqBB}%`P){ZN&mIZzzXMMbrk*lV&#ScZNx7a?1)%^bVEvZ&dmcjr?)3A8V-}e&Fc1UOf&a_bjnR@E zMTcwAfF>-7xg3B%9oLM-1HwXS(um?+Dg*|yZgz4ng9_5$rm=INOj9sr*1>t&2T)Z38< z!k&-ef(W8#!3nfM&!7cAdzFL|#XOAI6MxnmI0^Rc(4w_M$4C*~=@gT;MsP>CZ-0T^cXi8FCH_ zl2tn4ie+hK6oU&fk>^r{iI%@*xwNKwt*VGjS|3+MbdpmBOFfbYH>8Mbsm+zLna3}5 zap#!lu)WeC^Mo{a8l-4>C~!vu^E3NsNN|c~$>xV=8InX$lrqj-Yc%a;?j!Db=1ol}nUC7idkW zu?$&0?rL*7-$~aJd>B+yoThYO)X}+>s&OIMxmtYZEFYieEFlB*10`2lfgqQ?DXb;B z^Ms9QdM=Ul?yd_l331BO*_0J?gXgw36b><`(Ht9>GO?MBgn{0$n2u&nfGY4LFY}a` zg;NHL;uCh28p$5)pG@Mk437 zBIR}DnaHsqV=WJny|7!SdO4!IwyfB`~`ijYoQW!)70uYn``ccO9{z?Bay9^}sYX)C(90lsPF52};OF zpdpz^{>oB=P}PoChicOS>7dPWysfXAZFSdPw9Raj2q|S)?5a3bIW-Pm~p5$3UC^e2y0WEI$LUDdx^5X z&;U!GqCcw`t#9X1PP4SyS8~bZ$}3A-%kcb$r5$5|D|)-8E?D|$O4oSLLi|k46%Z`J znxI!D6l;tpPaJII>hR9Aq0bo+e=0!$DJ(eQXhLwD$UR|<9Dk}^?U48bk~WF4a2 z5IeLiSG`q|WMK3&{`O24QE;4KYg*~}!kG-uz_+%7OgTA3#%xaw>KlkKRtp>ykz7E) zUsY;Lt#Y{EJyBbgh{(#voF`pf#NKqb!N>`YzfY5y7x1SHQsW#v#}c#u6%$JPDad-0~d= zt4C5kwsAk)w+@TLK-0Xh>Zl&$i0LmRrb5M#F*7dTN*Pk(JJ>4KN+RJ6*(A1=VErmq zp=q|QfaztI-md1S{`gUzT2e7WojQs0Sqp_rGM zVO|WCK%)cQ!IsgxO~++KLz1woMq}^tFsQ;+OO)MXrAJtnGv$8XvyABGhTPA4CAd2< zKv%nQ+z>2FM_P-AI0-R(N)Y&>l5byvgg`1FjrJ|0e zl@Yy>s>Lp>jKvPcv-%Z3?Ym*~X3qj^$;VFk7`KA~3dZ(NWlM_KX!NJ@b7cSQLPhm& zC<&qdqJ|iC{CGbQlhVY-I5)xGRBQt4@5)1UCki0Ka(d*ZYbhk~7+qhRSoCtGI$g6< zP+6P`y=euy2N=m!qJ2@*4N0f zDY4Q~qnfm$`0V?ywenNGS4;H==!}zB%+LVpXqS0yY3XWyh@cvZWSWT?B-GPFRdpe{ z9WD9kypdCDSMyq1kP0$&?nSlYzP1_>aQ2uC(82z5=be(to#HDPr)%sU?9$PLUHbj8 zO9xI=F+A|i4vg)-NfhAPGA!NCFeN_}o(`7;~pZrFS~hKPFU za^NbxoIAs>Y>FOi;_AC{!zGO+3wBoPZ;2Amrv?d8Cm{WIFkxJf7)3|%CFRUgh(yI6 zZM}LjxwJr@{M-x5G^U0B#y+!4lB#Mq<4`J;d0;NRyz{_*jjmKIv#oMnr!Ss4wTn&VtV*?Gb7n4AkHaPrB# zFJk{a7_6KFq5BkN#d*STe2yIAROS|JKsI7bfmVup)tIgJwoDS6AhQjFPtm0Rqx^E%R5zEPol!p))fKY8l zNjYMQ%DzZ-Zd54Nq&90xQr$nSC#kkCn<&!7a~?pRYS`d0WRJTK^yguVJZurY4H~zI z-WNuascsQtVdU+RIOS8!e=*Xc&9|>pxK|mudCxCqahWc^taaE@>+oT-J#4o7yV;zb zFkc1vtC%j`)1}n}_jT4>ATfUdEG-0f!(;C`m;i&m>N^!#cNtv{^iw5P3?mW&zuC4KYkD=X{f}2qzQ9 zh4~oa?`T4_xpmoJ8&a)`q<(>IeUgi{AixU)<$}!C2NGP6*}bs?b7rXZ=vrFRyHlef zm3uqma}`0^ntga5PZ-GJ`mblCbY_zLlfB(G!M!4Z4}|6Bgypk#Zmv)!p_$ujE11cbO0zTX+TcOq_=T^^FNfVV z=ATh=qa4*hFJS9TYgV%VdC(f92%&t4bx%Oqvzp*Qnuyl-yRL}%r14+*S5_C#9Vue@|4Ov&# zVTEW!LVHNsFpjU*@{XJIF*+b6 z7!yk3QCi}StASWNA+#hN9u~&o_{e&v2Pg<4mMD=w9MOa*x1UfaC<$QM2I@5O&3|_v z#pLo+mb2&+pYczZIPWHO*o|3qLGo_+$H$Mp`qX{A9OMxX#4IEHoBw`<3&BSG(~zd4 zsW_if9({_&IV-YHY9WvKr2_5Woi;6E|VM*P#L;3N{sr%5p;A{mbOr|B;RDaa=& z|0j5+kd^<8_@|5umXl9;7M*7_BP0IF==kNIGd_Y{7?BZ&b=hRv@$BoTwd0e1xtM+J z)tS-Zs@%&mFJ()|U5W}ReEbA8T4d$^0yi;ani-hQljB^F7}qBi4a>N0r!gwBSpG=` zN5`ixAdoc|I2VO-fBfDA;jB0AgctZTy6lDfUqj*^h5Kr;U{H;iF(AKXdC|zrdf|T0s0~cSX(vT9O?7SpHR>vzi4JfB&4BOL6kllD zRGOnJJZriRLm7ko7!V0dgEt1PW!wz_2lK6Tci8m#AF9iGIqSgHX869tG-;VhrBKoD zcgvIu*gc}V8a*9kF0(m9%wT)BcD(d4HXvgN3}lr9-={h#UXhJ+921Tnu^dq^xhX{d zLPY!bD1bT1fCEKp{1lGBpaTw0$ou) zsiX-I(PUoeEN?3;*bF}tAxJa{K+M-J#w=Y+93H zEAyk&raF+TJDt#Rxd4A=Lkq%e&Bmy;`WuUn8e{C$@*AkvwGiX=IM!QM2Mrt zri6Zwn3Y&!RMbry+2+bHUe4%|icgbJE*`5WoMi}`LMQSeAEKn-^it=!h)Fst@d!=I zJiFp>s-lJHR26=}{4zJ08$s3;cDNH~Jy#K$oVan0YiAksYG6giiW9LvVi0|KjZu3f zd+ZJoL>6@i!I>cwzX(T>lwumQG!>kL4Os+Nj=f#J*HS~ETkTeErjFF>#&fcX&C+R4 zVSLiSk~f{ncwwBWm7+{F#F*+m*FnO~%Xbo;{hkhB;6<8N0f!_mEF-ls@bbYg9mn3J z2@bT!4o%1AU3Yt0B!ULARWp^m?1dA88sZ?8i_J?C`|89WrKUluWrDSd!B)>k?5}qn zuM6U#tMT0}qjl{fx81VYhM-;ueQDX8z1YSej+&!Z12M4#MD4<3NOW=Pd#>x%D1;=V z5JNa2lB;J5`uqruWdkZsZM6mW7O9NRienp?)$VW=hYVnqCr(GwbfRD`1)<6jH5irg z1KXhSmY;(3!eXx0G1&FAhl+1Wzqdy6z3t}Yd(eO!dIb+%l6)wI98hx*DcdNc0Rutj z*@G|DAXMHURnIn4Oo6_aF{)HvBUk;O5WzQ}hIT@d=8C5;k6yfasZzVaY-$|NT%uo> z3)_Qxl+jLcHDsd6oxsY7qxZrJt87av4OeNZQO{UcFrtU3Uk^7YZZ>K|woQVw|F9aH zGDOu{`k$4rFQ5j{wo~J?Ym(nV!Uq-m-3hd!1w4)(@gkZa%+b+5&d|%hpFLKm2%X~T z`0cB*M1&I>vB$g6&X7b{g4dphL6+c@*p`MffER(N=_FFoXB5ddcBJ@l{OZN2$|_h@ zjFc(#v@~Xhbi%lJt7J5vU9OrJ@1|Mt)VZi3BOZi!wZ}t03nAPqL6)Q@4sr8DOMp~8 z$xXhO)sp@BnNFuPo=G`3sf9kk!@Nt zhP;^YZVrg0!oovTdjn?G$ndq0@L#HiW(fu3iYmrtC8IOeb>-aZ>bdnabLPCdd?gYf7B5U}t2Ilw2kG zy`x>?0a|mxm7}rJ((5-bJ$;0Hbt3udnD7-_Ua%%Nu=qUJ%8bP*raUh)<@i{{Vtrcx!M9LwGz%iSF*`15Ft`KtB|+^ z25$~;`Z{c__X3tXy1w>yh&Jaf;|gjG2a z6MRX~Pl4a;PX-juGLkwu9Z4G7t)-fAuTL~WC2%8S%|XS2QW*mK6D=!#9&VNOZdQClyJ0qWz1!;gkIXEyk_=SOEna@UhK#`=a@x2X8EEm=k~gg; zS;6RLEDmgXeEqK7F$D~Cc;ybHTu_Fl?_Qso>r&N}voFfbG7aq0_09GoqZ&t7FPutyyYi$o z(#Mt!U9`VoQ86W{&^HYk4X5$8NVt;<%jue7Ged%NlD}gYB!y@l4;RC~-HTyubIB2g zTQj+CeGzo?)*+3HwyeZWqn^57qEb(Gong*V5OBeAFvjQcFr4BK!7yRbMG)&9{LS73 zc^2Yjc14`z1jjQJONrd>+;?zJac5gwogTAkX2#LUVZM!yPF|_JRmbJdyNhA7_P3GS zu3`h`Q+4~x0W?&5NW>K(kk*gG1>&XlM=#G$nr6y(ubSNH=E5SEI4P9W>%lAEH^O`k z`nA_A!cv64F!$p%MX=Swp@gw)h@*>L#F>%|sX#H)#=1kA#t4rwO}Q{v?da8shf-3u zS#^L{j`~OOl%^_UnEdJau7EAHlV(t0;loT=HXjG(;k|Cs&U@R6umjjH2 zP9Z7?bxyEmwdz#}Mhhl&R^w80mb#HCoVZm97KDrLF9peGG#$&e)ZLbQCx9*la^-lF z<#oS0IB@mmCzbYvfTg`#Aj!R#h!@$*xV^Cdyyn_s$7eYkhTE`WC?(&TB?FM%iZO#e z<~G?g=ub712K~OxszH$-NAUx^OszSbfNzF5BUzt@JE2StN;V=$3#eriji_@7)IS|Y3LS-4vNi7S@w2-W3{ zH-DTEoL6bv^1W@i{H`@!?xWl8{0*^b91FYn-k-iMFKC^X44JWsGsC7e^**nN4`9Vq zde>N^1a2f#@Y2&v+c+EJG&UDQ=9QM@YlB$U;tka}__;xlwwUq=;_fIryt1frzpJWR zsfk4Q^7pe2Yst`trlQsReQjt7};ElK=0zOY8B{co|KRbvXR^e_N5vNF1JTH zAh;%`DaWl{-7`MHYK4GXwjQr)71?P=@FBKMIS^jOws4%Gt)i~PH{s-81)jVE#n3iqD{7JwQ`( zW#>aT=ZosYW6l zE^t9Pwu#(qqXdsNcQhWr4HE3_%SnKmKJ(hn!OI%oE&Vk?nA5AW$sOB}vRUYm!;~hw zx*B3vX*tW`0_YV&TL*qd$gPf1>C$PKgOc)o_;Q zmw#BjhbxkjGbsTTE9Ypd0?6F!C2cC9Z|1eK9=5RQ0!Ks4fud{sShE8sB$=X8>$PhM z0BksD8z-DOcZUA#JHGfn39(~jI`Wn#?>XUrBgym!WujZ*OVwr7ur`z~s(HbEyteC2 zQi%%VZNsV*lBLX{bgG)zl(5Rd&i(iU9=TMqk*m>H@AZI7p_z?PM{8~a0M(JJ!haR) z8Ohwk(@N{}?5OqmuX3t2*3PX))2$}cE?)D$20De*`eW%0V$KrMK{}>XWyltfju&P| zX#$u$^Z5O_@iz7EH}36*^*z-Z_i1xa7Vg-paC>Vzwi&-gdzaS`Y}==1p>Z}$eV2`2hx0;7H=gN zsg<`;LxZ=ug`A`Nz1=?Lkj&pYHh!RBC@0`yZNjH|dL{@!#L@xk_hMW54gNr<#T0S+ zZ_q5wt9eHMO_~A*M{H_j4Wpd8%BdiM3c{1HvA)MTOL3OXykpZ9PL9j!HC_H3%~O^$ zNKzuDrjx3BiqYNb6Sp_4k}$+I&6={q@U9JvZjPgvaGF;HSN&~(T_ykz*ZY6mvNlQ^@B67JYmdB0T359JL(PnEGsY#(Pdi zMPexO2THU_RZd{S(fiZa{^8%T7aX{@NhTzpI=%nz|NLJrS008KQs|Ak{PEcvX`GzpfmgpFr^Co|W6 z$*bt!>*{cL+I$}gw(FWP?V9Lwfwnpx5`jZs-TQBrRvDSwiFYMRRd-%vTUuTuuI3eVU1v3Da| zS?RXjbq^McC`U&?N4!wUD`rD9a@&8H;~v z)6FWm5RC|yT)2wQ3k#|$oy`pw;)rBk$dGE#5GUwI87Bleu|aHbkZSOdvgWhHTE%CF zy=jAn5}hd{Fwp(OV33@HNsmCTm~nfHpuBM7U1O0p^_4m$imoZZB}j@)N3=ijFh>HO%HtjwaNF#e>JgvYc$ zK!?4*QU}kbvr-uePuUnBYjaDmQRZ&GLdUe)wewO|#(p%^&=@THuT7gcCpCwHN;uUr zit2FI7OgQv|A!5$72&E5d>Lddd0w!sn%>azrjU(BG@^cwVt370i^i1(3pX^#=Y*)3Wy@B`kpM9-j5<%=$$Qx=c)Ju0a z7)f($%~H@q{k;sZUd?;g<6=Lv;kh!Rg1~H$yZQK6aof>VKY;7VA0=gPS3uIR&)(;+dm6wd-g-`saTS{`BJ?9}gb= zD|T?G+N^)(!k%#b7QfL$plmK81`%Bv_gpuS_N$Frl69{MShdSrVO3I!ZUVg}w9^2d+=dP)b zBG!@y+s(U;j#V%@KlDR0HJwLkl^K&8b-cxiPT8^AU-Cd|2h552TVCWSV&rPqv_PgU zO0gf3Rd&~j$ftT9dg_Y;G?k`NFso5RFL}--#fWD#P4R__TW$0eu zrR`&}u2_oat!z(ti&)Bwq)|8vw1>?=7Ybu?8OrrGcz)RHIh4B54j#dYJ0hu&5Mpxa zam4YtLB2Deoeo4zG;ggyKPr%2gLS6r#q;!LdEm3Ja8V(`P#BqoRiMl zC(tFEt)EJpj-v*l#i!B@QXm-Cs?6fjf~Il59b(Wz1|!im61)eO(V@>IE|G zm&HdO2-CCQpZHm7)SXMo(odM5gsn9|z8+}^-sDR~n!cKsAo<~(GPy`4F%rCHaXi8is1hsK3C#LDo+UMLk)7ky)xM@!bPE9gX zb_JzX#2-JswT`YQ%X#rtSb1+Jj@&YzOGmmXTM|YWyRW zciapTwiyg{ac>9%6pWo8Ding`+JAD3M9z;c08syia{JkDYC=)x<3}X))dK1$kH2$G zD9@E?NMuf#nd>q__T1HOsV%)zu{v-5@ zvZu$Q(_^Wzk~}NHa`CGm@6>qD2I_jxMXpHj6uMhXNvRXm3+6K6G8{xg9T5siS%*|J z@FxXr`Z5w9y9;b>8p2I%;{jjPGpVyTTMU57DuX_qvU~&&8TrCL=dd|`K$`liU3chW zREy13B!-hnU_6C4$JhKe;+QTj{7V<|$C!9!4g8fh+&o%XcGPeU?ts|XLrd{T@&yL%3Wipj2=5abdUN)2S7xM`_ zw*%p)zMg3m#2$hB33z3_ggHy0!t~`5F3t>oO!b13n#1xgq;-CLxnV>?ABcl&@qjRR z(^nc?lD|9xD9+S(<+(5C9bI3}(Qm+zf=#hBXwfv%zm+F!dHf6zT5GO0hb%v8F@$;M zm`DXpnHtjp{s0P;TYkLGf|+CQL3sW(rdpPeH^x7}nf;Vfz=Y-R7;+m^E@RO_4Ei>e zc}`Tj^$#iE*=ya7|1syH?PKYFA`sL+qtjLP|y@nbuU}rFUjyOX@Jf%_x4+ z5&Eir3+mB|mOEPJsvF~UD;CEsC&6ORnqSeRy0biJTENiG0*Y*wP9(t?z6Vcd=J3<< ztfoTS>TIr6xs1;#LJl-IY`}B_`ByKkpy-6d{OUhY1g(ah>+fteNR`V-;*g4rrha9& zn6B?u-ibVq1w5CYn<7BpjN@HhK!+9Y;0cz(s0;i88E)&uNh!Z5Q;uhC$15Bkfu3rL z!Tf-)6R-Uxp|K7hC-_>BIeN}FilwqY7kLk!M#KN)Ke$VuE8Xh6MVUHJhYn+HosHaTj z)IX;U9#ll%VL!YfrdHhlOnrM*sL}arpSh;x0{)5vC=+dou_qnkJoZY-bb_MAE zcn$3Eed^Qz9(UKaZ{%&1vNB&#@AW@Bwxc%6ov&ft{?o~VM&dz(dn;>d=D-}7iHTKY zu_Xle5pjRE!2L>hV~vV-&DfcO{Xw&`SdgJ%{Ns_`(uL{Y9Y%pL*xRA34T=0!;PWki`;NKG9o%d7ttuB<^pw+{Gs1t<_|_@l6@Ci zDJ;-iUP1=zj9xbzI$qN{05fF7W8%|7aU^VJhTq>ecz)bx&cl;7d#=bh~oc%fYlYq`X!JH z17VR}W{F~(1Q$6x09SWA(Xu;PJv{CY^#PnWy4@UZUXRztCk#I=Y=nF4+90Fq9A}P~ zdV8hf$Px%>sbo4^5==yYet%t6q(U>lLd-Ff;>m})KZDW*+m_q)JkOC0HUz?m7cN6f z(I-oD6}?=lSx>RQLaZ+&m~;zzla+Kyl7P;9!pAYWm{6R>QO>!dE{NyC+ZIK?kx=yD z@K1`YZ6A!379gIlvT~-YIihyIW1P1dTtBhBEFHjDXlR9kw1nGcn@X_M)Fijp|slS zD*xaBSAmrVM@-04UrM_KiivN!d| ztbcP{nDtzjuhR35&l_NB8{GwlO3qf#z7l2YGf>36OD3yg5#wTN)YGEi^bx)7?L-jF z1@-qRYHjPJ|0%ptA&2)L2NqA`j~S)Y%>r-Dk5(9PnYy?(#{21Dec_665>o{+8>VI8 z;4ML%@=4#z%$?TjJ`3^as>OKZlqn$Es316;QRC{adT5FI7FbBtv2#>4vgIlmWPVUR z$y_o>+h3hV9Fz+I)f8OV4|w+7h!;tW$#lOGR)AC?ouESwHjK`{*Bu({2X`Vm7z`>U zrnX7zQwycq4g7avVVrh)sVQDmIf0*^1>FztbQCdsdLd)CNrh}hge7`$ZrwJ1`Q3*1 zjBvO}+tf&s8QhB)iLki4_+oCEM=IgjF~+Ge#ob=G09<+_#!T?jt721pe~BhD3S@5A z@*zB~c^_!qh26x8T-Y@)>yJ@@^rg>j!i{pH<1rVkq+v^Lj|089qo%nLC=ieS=-4v} z6=^Z=+|iz&86IDlxQ^0bZY&{1%}Wr6VIBzYaZ8q!4g6e+;)pe>`!cp%rzoJm5y*`_ z8LQ2v?UZpTbaIf=Cz&HnC^gcltzY*{5>{I416=roR%(dX`2 zIvM;SAyPPIph~S^UVd#%dw6N_)G|ymon;aU;*h2JhLn;NO-jPTUq}g5fJzsKDvhz5 zxb#Y*jd_wf9msB$6Qhms-s>dMmrfqHA7m}CtS)*J&cw?MfQj!%L~&FxiEp8Nluc1% zk#i0C5wdg119x%KaExY%;3UJn;MoW}lxR+)uR6cIz(F-;rK=x2>lFi_QLlv0b`C~E z)q^y(d)ls!)GtGX`tIdIGb`UJ(q~01NDl|{Dj8`IoBS*F9oBOI8E)`48u# znY40Yqj?&%mX!X|-FV{KO?G7YFqyh~xq&>DV8wZa zQai7H&PV(;dQRI*&o$PAcOVnD&bO#*-`CA{!@&5@)!PQJHt=<$!~Jktpm3zCXVd0( zJYIw>N=^1_u>9KC=fc1EuD2n1m9fqPQft`H6gqD%FZc9)-DUTM@uuqE-}<1=(r&~i z7YTBi)mDtIhoWOdFaM5NllQN1t*%V*rW39ypHrnEWA8>L6i z`a4fGk*dH(f=TZDb`=S^I_@2F;%UoWrMrd}%Wao#J;N&xc{V0z&hh$Tg%E9BTsAmk zCU%ZDW@cPxWUI=^3|MO<@94C7!Q6k>0VI}d!jQ968TR^3b9R1}oaoKh`F^%mimKR9 zS;ayXQsr*6jd*jM9H@veo0S+9^he9wXb>`Qy$TiQra|fR%4v|%K1l~f4@+;h2M!ff zz%_gSw#Uk+vYCGQ|!Hpsbg!Jf)iGNz9?TeVL$dvTmT9JcN<3+Rdvol^!)%Q4cmJS<=;Jk zNA{7^)wHrO7qR8me#Up=j{#4O-*9Oq_ff5N>ZTKf{D zJgqcIDtT3~`k@7b!TOVGNB0K~y95@N3jo_H;Efcq78v^px0GUc7i4+|WTyJ!gylK- zb2ZgDR)+s~*Eg!ZSY}B^`}aIKU8usE?$EZ4TdG9aGuX2<*UodVQL{e+&EEwIS;Ln? zl-%psVjbSQZ4N))qnRF8F+9$C-giSnX~}SWoe?QOu+&0T^tXRIL)+y~ZDwv)&!-qb zPFz}ClcNc9a!Ik3ZPY_O`ZTA~0!)x5eGI_+C2P#WaA^HyiQeWWJvfDp%V>ZBA+T$= z>KR&qi1D}I{@tb&O_v*T1YyD{CTZcvO>NZLVMk_reh2$c>&}`#SXn?7&|ajVyedCA zf7Y}r$$+jtt;XWkN9>PHj?1v{OzG1*Qb`q}6nq zA5GwS$0_=721aZ0NRS#Q=+8^%e9(6&cuDY+>*@x;Zj>R1&Y4@@GDqNb2FNUifV>0G8kriSfg zJo{2~(lL9!|5rtZr~H;uD~^L-aX$1Yj!^xSCLG>r z%IUCIZW>wuyHBMjUsmg}(fx`oSz&f4dxl~ibk>o@{9XTCM33JSL`$csM>wa0GIsBw zv&br5F)@RI*ltHOGk&ipYHtnJ(@5OP|IM|^wOKLh1NpTb0GP?*W{U?*R+GM!=^{^r zM!*e4u@`OfZ~PVxz$||rj?Gw)yIW3yX9+LwCzMrj1_NTIq}Ns2E^JnxjFO^wttbaV zT5R5r8ls^bRi0Cr5Jv*~JiI80_0YpZyzzp-iuM%*dF$gofo|K4 zFuQLK<-xNQPH-pQe+Or;MgnMalT<^-*71a*lol;nZA6Hev#%qZeDS_6jf7&Bux!d> z=$g4T%6PW(HKku2uJFupfzTQxVX3xC|3Gmg39Bpz39H3@DEXOZqjClK(PpmrMgcB&o8sR#n#eQ)po=VtXd{VWZi+PkL)FfBZKc$jxnu%^mRD zXhz~@y1vx%0Nk+l$+1gxKp67?-K+1Ko)>+97uihtqn^jLZ&Cz&>e3^{!P-PT61fEe z1f3K%70<07I&ZFAKHd%QvKvb^`+3OMz;f$8B1=c3y%1nifw6ZwMt3q&GELFRa6D;F zGtv&nH#{nefxk#Nxh2^C{_RAz54w|?MP<2z#!LUBN&Ys2r(yw+$B3ov2S=R`_+WYS z0qmXyd;?^&x$*#1nx)fhGG6+i;c%6vp641_+qUFVQVaKrxh9tFf?6^!Oi#Y5r=;#r z79iz61LFN?K>pGjc)oFoI0I}q=+^u=X?&GHB0K_Uv$;wD*5SEKG}9D4X&bp8EoS{H zXYX_2!R8L-JNZ0n$qQ2Hu?%4{!RCR@b7j$&{$N5Hvb4r5{Y06GW6t)&_?9oM{Sy7v zvcED@np0tC53R-|vX~DGXYmxIIe;h`>@_#R@dpHRsr-M8*{DrZ?zII~ zl5jfLX+oKRXba; zSK~eeOEWQe2snHYPOQzuGH-M%un|9-PFBxTWsdxWnsG^cQ(FPWJJ3egOnuHIJ+jD% zmUEa+9J#mqrLj7|{^3%@y@+n1*e4H}=2%mdtT=Cxf5jl!@B;F2o%oV=FZXKS36z7Q zNWAcoNXp3+@H$75e$4zDeCeF-LgTAGmM^C22bRG!K{?3arwN0Cxry?>%>rt!@e*n= zj^NABzy3;&&&c{sEh>Ket3^eIX_DQ-b1e96L7W{@CC@?c0mL5F`TjXt?1pUQLY9UF4@#XKp=#5B-C4F#ZV{ znxhA?3;;#o+BT~UTrynzX#?{YqSx%a>}~UY*mmN8cI1zN%k04T7;u}~s^{DE4~0Ra zDmv;X^+eYTbQ%&znW*z37f!|rm@Pb+`668lWf5~{wy{dweEPkP$IF9nt~>>#j8)vo zT!-k+b;``Tp}D556T3!RnEsCio`nh6b7NCLP{h%z>e9&QiGzmKZE#!SGb8HX3LV+^ zR90*hSG14P*@6x2chmxaj_X@yus&@gD@2^VXHT4+IGvuTf-rN`a9>&?AvS82>fH}! z(I!lx;13gg+93@ab{Kx>gGMX{1tJVI@5bvPJirn|(CTkIXbnrI%+A1l2uKIpYv=(QfM%`x;k{~bTqy6-(D7nMYY zt&{8q(_KGasrv}2*+2A6^;lKtfn{)Q=>=iVQNH+$8+^0w`>5OielQ*38Q^kX83$+@ zU-Y?RO^15)9UHxjbF-lS9m`g(O-^;z<3$5#hq-%8mu})ofyYrPt5ubR2R#stYfblU z{M*28Qw@wkare0t)<62K&F$hp9iyVAlW9Pq6iUS4M z+Mg>OXaz<#wGHM4zt$ET`O<_oN1J2U`#oXoEj6rw$3G?WE3-~p-8-i`#{)dc`_r1E z=hyk)WTeF(j}9oOSv$edQ?&@P@kB?h=W5LQqFy82QgC2io(Tf^WT*AXG<_r~h|{e* zi7C*AwJrOC>0~JC_haI?N0Z!m=6eT+lMNr$WI!!ve+?l7?LA=aLhY#MD?s-~;JYKj z6y>g`QFUZBfDRF3!-*f;5vfh?{-A2y!{m~Uz>lTR0*#L~{@CWG5BG$Lk7~h3$2Q>6 z=jJw77J%^l=MtEx zTJrk1+1$GIz}fJeX=#0Ta3RsXzvHGIUqyjcjpEf>Wh81(IZ1N}g2X}O+@fpoG~Wxg zhrgByt_4{wLS$3dX-Iu=s#W=#>+oR5jhc1`%WtiwO?--1uPjEs;IGdS>-qWTGVNmH zE}Zi-{(dzHp1Y8UciD5HN`v0QwHl@B(;Lm#9rFhoqDGawNRHl6lR&^t4$EvNei+;Q z=1NN?@HjZSkuq^66qHhOi7;Yq(4;yJGd8hxbaGM)q|Ae68{I3RFz-zo6(A159yl)3 zn+VN@{)%<; zK;aV>%k?WC7oIFP#Nqu&E-HM3a3d5(KP7V62&%;VKJHjO*RcTQu>n;kx#U%_(Euy1 zr`WVop4V)@o;1&NdYXwi;r2BTW?*4D>DcntSbUuDSS|!mZGlkF|HS6J>7rgzR zov{Y2uO1H;Z;1t5tWCR6TT=(mgJbu%_>0t@e-auu_3cMbk5uFb6+)Y(iZykOZ;^%N zhuI~>dh$&oe7wZ$WN%!~0`osTP7tLYVGsXw3pw49euQ|ao#G-YqoH!uHt+;E^8S=y zZQAA_&Rg`6y-76^4$z)sCQproq{^4o_@F35A# zjd%PMbMpQx4#ZY;ssG^!2zUE0=*k27_mr_OOvxscl*MkQLKkx2xk%#?ApGvZ zOmLDQMa^w~GnlnkOf9gdKdK(V&53kfx94g3cUhtXrEPND2w~^+dYJ9+qyBO`5_p@6 z;Y;4&=Dk{K-E%xMnCtt)OMer-*vx1XDZg?xC44CZw>1%Si%Q}t2>3K|kvkCw6*g-N zMT^At@EMtr6))920Fso*bi6S7iYRdM>J$pF>I#6D=aT2t=jPD76_DcKWmWPn6G6bQ zMbY&~lVyZXCM*gHg687>7+HX8w|u)kZ}wPa$}9pyNH$X5?|_{wlTD|znx5~tQf}!q zuqvf^JLwF^%Q--_12f9x%UNaM%Qmv}>m>Nmr|hCvO z&UGtl-q1(UjMb&xeDvMMoK*`tK0$J_umJ4wWn?-%lJH|cMY0%X9G#Pm%^>xaL5p{eUs$^!@ z3az5-;xJT zx9P{139wZ|^M|mz@sXDg1K3UfuxD3c#Q&n7Dzzt$=o-W63`BWTTQ9&-j~-r@XSK-G(kVrxdM+k>{OG5m8l3U zO-<7f<;wAX#j3&Dn(o{wrR%N+TP~o2+!y1_2O&rGiw{1V=hbI(s)6teAPuA6HNxkB zcp^g|H&Z~?%zW=n9-gv?OLg&_T;@5!sv{ep!y1`*hkovRr)mnGP)!nIDFRz;EI@6j zvjirEnV+;2X|RrLrd-jSSNj`rOavVE%Y=j5Vrd085|;4+_zXiTPoY9Poa_7r8Nzu= zt8l9LU$V%)JLeLhNBM$|2JNLLtu z@cyClGncl7zI(Xbu!u==o_EqfUY$!lM8G{g4!>9(dmln?!zK0c76oZ+vmPo-A)Yt1 zDk1+-^yJ@JbKD?|?;d40odIBAcENwZc6Uu6==*2$;sTxu0hhWjwh33~4tIDfm@JzEHQm20e2N582-7o8-1TuqHu4IrCi9x4lniz(V=`026+`%zvWna|~?K(>5<)Hx8w zn$I;)#jp>LXY-FJ*O6d~`?FjeeXobR5ZrrZZewN&U>_xRzm_4F#R21-eMJPDdAhY| zB_BvRNmMM*rG_zfz^kGz;p=-L#{&?u1`I z@p4m*`GCOwJ#}hf^t(9mS-aq?8UpaSJ|hBdWV4HD=t?w#(%WqOay!vn^#=J7N@T+Q z*(U^Zq9&S8pp~ljgSm<Kh%&5c+bc5TAtsuu^#EA8QLS=x@` z5l_I>HIIMI)s9A17uN5jQ_UvAW(sOIzXR{Tw?Fi@+}t#P0OUf|sXh-tzIS$RUM%kL z5a97X`K}Mma}A-9ULvl@gcn`C&~z>_ac+y& zzL1^xw!PQqNsBwSQ<> zx0$L-LzG%Z7a*znUXQ4%!vp_VXcOI>Ce{ijO7fi?F_tn5YLNT-v|&3p1vTa6R#G+D zK2%xg*I*<&N%&5jt|bexO{~RM_SI8*sQb0yalN**7%rafY)2oAY}V{e(q6JuJ;aD^?12ywl4Hx=ewxke=FYM&T{=(j!r>KifwI`^p@h;KqOi}tDrp%VkpACPw z9i8sv6TZlf!W_U!aS6Z7H{QV02Vg{q9pDygBO*xp@TtQ()!_iuIOr8~^IW%?Y3=Tr zNc=P}eTaHB^Egtv7`b#O^u*g!j$9QZ0k^7YabwM#ECW;8(!7$?m^bEikYAn@)1Ke# z3t*-41}!S9-kplm-b22t z_P1h#X$r`!8rkI$#brUSVmRLcqV-}V(22HVHzRy4o&|a6ZHePs`kbs@tqPKnh+xwxDnewQas76~O?jFo(m52|sqA;i`=K7LD z=e(!H$833dQXV5u+^3%CUyif6?9_|7Cv>VA0Fu6wNr91&^Bm^a-yVOu1Vwv7DXU+8 zPO%tPk#DUeL+iMFSn?-4M}~|LkYIgbQOv@(2)AIh(sdTcrg>rPf_^DBP# ztOMYbsL+uzolV{=Po9LUF{)4=xDhff%GpOs=uBA_pLIsncfcF9L!I5iR-|1 z7nCD1zv73^14|2~nBUFB5ZFQZkHi~spl?(h#F8uGQuc$-pXzXOzBBo?8#saWNszb= zh1HAT;?NAY$Ly=esArPxQrVPO7#hwtNlp=w-Kd?ki?|a1(<_ z?MLsZ+fYws^7Q0LJk;XFnQRsO)vUXi7arE|Q0R03>- zxGo7Td^s#9(6Q`AM z_LDj^ZPtBXH#N~QY7C`z>)mh3yBj@o<8vj`@oS(xS{IsM_(_rJoL3d zD{L^+k2}>101-U3VoQe`_22R}g?uNb@Rm0)r0EaG>U;3RkyWYsk%0qICJPh8oL+P1 zKQ^^0F+Eu{$IHp7Xk3#8`M^z(Md&HNAUBO95d=le!J_QWAfF24h|DAB0H3{(W*d-#vg?m4V~&fjhsE_lkcmEBJA|wzmdEn}CaRKn<0APjx>9YF7qeSX zqH1|}Y7Dl3api_ZN1MOJNH8bmyMa`RD2AFmXg7aI+(R2o{SNh@viX`Ky2Qvjt0oTo zl`_Y8qaI6?IhUI3A7PZqXMG!Axbk%T(zq8JPx%h>N{o6Y%8*wOQO9-0N+g<$>fo&t zu88yGcITqmBTAc9wr$p~CJ~J7Z$;KGN8Iu^bFsBf_zMleq!Q;621eTWGucKNiE5(( zeTfs_@Xm6|3B;CHnm7{Uit4mQngr@BD18R^RDZJr zn@LI!ckcw#7;zR3%N@5=jk+nk^4uz*?hDUwR+1r|@EX$ycZzudnAh@_+$C6tgg(&f zuU2Yezusl)sn%<-*%pL1Y$(zaRFf{GDzHhh?=l94!^g2lssi1x%3Y|Wg{uXZ!pPy_ zk+WRlAv!W9ZJF<&ox@t+0&=>(thi_VF@0E%WpIU$t`0pe#aUzr(9=8_NhZI3T(;Jg z6W`g6I6vG!HWCR!OPC!Bmc~Pgp%dUWUTSH>dH5`ldE+IEoH2U>n~ct;Erb(gypScd zTY?I;#58i@s@%hh8Lg!9?~K%=T3+xc?`iI~57WwbORPqQF_gS;(IVO*zzlNsPnjX{ z*qjvienp_CA5E9ODNAf{UJ)#5Tr`I^rKxX+FY>$k)iw3uf=ors##M|SW2`( zzwaWqY^|Z0p-CbXXK# zGogU#*Cq^I_vOi1kvtBClFZ-a-ekv5^Hy1rHny>x8#n5J4f}{uMzPHACfgF$mw+!O zbi9Y-jaL`nmqm4`IU}z@HLrj9`EY~3A}(fzKYgP8ck~(+b4kueABYH z>sKG@h%I&=GUjcuG{4d;W^xYs{TNep<=KW=-0f-Dr^eG@aHh{i&tUZCo($7j>hU+` z62>e9m(#{7y=fIByet?(gG7}%*)_k;hYzsytVi_Q5CyocNZc0{G%NPR$KD=o*e&P> z&=<>OH|kH7tE?ro)6+e+_0fs2rs9i03^j=|fM@?f&PJcZa{$ePD5XS{j#d{tI%nh)Pv-R`J!HlVdSi0W{L72>nMT21QZ@@iJq!a28l1tA27 zD{IY)sn}5knQf$+q11A_^VfEg9KS>MA-RbkTPW-WFr-*a7&5Mq`gZuWal*CsI1zW5 zF`)o;06Wv&?|@!z|0Ztc?77Af23!4lt@WT$A^O=I%VA{DJUZy8wY;A&?rUJ2$#Nvv zMluYL!okvC3JTV_QJ6$l%KL@VG*Cc(PK}`-50nr{i;+sqX*XQ$dEyT{lGbWUp`IrE zD94y*W$#QQ(RdBMYO;~7&?4dka~}`uPPJrC#eZ{ryu-!@$ewu!xm@)5^xze{`3_FR z*c4s8sk?;C3U-|$+OoDf85FoY02>Br-cYbA3B>7T(UEEKv+Q6Ie{x6ncaWnwA_9u! z)YAj{4MgwQb`3;-etW448X2t71?kC95O=8L7cl1Ycar#N%H^dA!A17obXa4>Y}o!&Yu%Rd%aoSH!8H@DbcJHfWjvcql#L+#GDO1A|d=6%(z zWOMEEz?82(Fl?a)R2H3QV!`gcp|lBuWTJP3RGu?0qG~LeZ~0aNX%O(Ma^9m8pmEs? z+1rH^cQ%reiR`T98t<;7!`2>>!{gl)q(=3?!O!P zL^d(%&f6i@Z`0D%jUj=dGSeE#HshB-fp7ewtJ8T>NAf_fZQ!ove009rKyB3bp!UFr z^H~gDl%vKrARD-#y=8>pzDjYhK(Z^qvJ;?bTD}>wklkAIb2rYf1-K?avM%7VAD+jc ze&ERzT#=dW#m#&$sORhW*5TI6ihHUv3EY-geHsbL$hqoiP`Rs=ZZJdVzff_5{;t7F zaLT6n+x`^>_ieu-8bdKl5$o21G}GzJ=a`s)yq zuE`~YBC3WNS-D_TD^WIpzK2+_y-$ZkdHz=0eEmWC8-=gl8 ziG1tyDt(lHf#$n=3O6OYM;v@+lhz<{Fd^^ig@r1fnc*e-DF3}xz9mmLC^q>aKzt}4&QEhK%%6}L+*aX2z5}-QD z*4NVZVK5{+>tEt9XTjXB5)fihP`TC_1sD|8HYFIm=*TH03FDOS^8O`Id{{ngrhF-0 zR9u5(0a5+ez3v8(E+aN&Ydr{-x7)N^nCdOkIyY!zVP&?DI*!BVJl5h38m^ss&v?~Q z-i`lEVogqU(iNP~YQVkJDbe0SmluW^&B*hP_8yRf*q;%d{v-d1RQ+0 z79(n$M&LA!=BrDQrefy)hAL}cTe31ANt9*v1O6GFrE<+`T#3n*GCDV2s`c5LC5G5S z*5zG<+}?V)Mp&^D=4e}WL+{177a7GiceaIc%VAOn!Wr&nRnP750pEw?)drc+-k3CF zX+a|@n3@21KF{X#PNpHvA+Q(3!;Tl56l2DXX2M(=1j}HEH84d7VW*wc6nK*+eh?zd z@uqpyGzZUI#*}gj=F~e|FFIx zri*E(D(7k@8-Wgm2aa#>nAfirXW7$s=ms2qHq9pETNj z_qJEN)Ya<`>5#oa_K0a=&ubs*AQ?NMm!*CNu*o7(9QE&NJ^D?qeFf1ZS4HjR|4D<2 zAn1fO_#W$ox&`^@2ZN-*;<*6|(`JF(=P3WrJSd})tYXT=6>%_f+|ohxGxuh)Ha3m| zoWR7Ff~g@eY5FP2ZYk5?r1NE7_{%DYPi~Z#0@fVD?nfQ4|4%c>@1uaf!+a_$B*yyW z;U&VH+vTA-g)DQYSEr(2gFBfIbcbTXz!fHL#oteaBtQql^zpJpu(H&Dq7hoi#ISty zse^njP3N|eWwi$FzfF_dY zEUUa~hma>s5h-{X%h29tUTq{lOZHT_rZWA1s|K;=t)sKk2fYzqdS?ZvZ?HzEs=*;3o>l*R0h)ENYZCM zG@QmtS%;e8Cc@H zDI+?&n!b}>9*SD^}2ZgqyPq)S&*WdYh)4u|0 z%Q$@+FJ#+MB<*cXKi3pItYPOHo~<+UTu%8ryXw4OW?C*t)f&pxdZJ{z6TkwA9?6hA zV-R|5*fb?E%vvtl*adc;d

    tj54pHP{<<5>I!+I7Qfk4=@NI0dj5SYAMMkNU?R__ zx!*247lyn^cvL*#s7&*bOBK)jPOawXpB`-p3HgmO@esYmbQ#qd=i+IFKyz_>E8VwU zm>x8~@;$iOY$4HNXXM@SWIMwU&iCo>tx>zKDmxQVaI5Mu%9|OKGc@f+iKvNVcQf7R z#v+tI?jZ7bJ956pn#%u)%K`OIq-?PiqFWRydMRfW^b;tJF`c=Vfxj3=(pMTNO%jj4 zxU-aGH1RX1UkWL?u3y4x-{ErIkVjXLG#uyB&<=5^Pk?`|&&^Yml)!~7(G3lsDvByu z`6++PONw9H=?Q56U7ena^Hr?B%1Il%x1!w%s55*X*!3t8s1vKK1FCab(FuOaKM+hU z;^6WHk62>J24!#NQ_+FHb#YBDO}{2oMK$@Oy@37cL+rgIKMi+Bh?|8S!IRon3nLk$ zm&R8MsAUaumz7S^4etP2b`f zSb8c#Go*|*YC0wQ`F6-ru!7;dKftN;u$@yv$G~mUDCmZ&wHl;TCw~)lySreH<9#p3 zmKmy4_2ueUc~C*$BdA#i>@0dTL`zuPc_Lr0wr?AdgE5|db!REeWK$~xR4gq1O0-b* zP#htCwXq<-b~^$h27Wc=eV3TFW!V;|w6qZ~4#_#}nwq)?NNuw}vOZ1k`aEPUE1d=I zG9zJ%EOG&RX+V>&3~)v=1=~^5ixCRM>Qgd^pe-^^*aAAsHV8~ z2q?5^uomcST~OEZT(DcP-Lgku*YSw?fRgz*e0{QB*_X(y@fENg=xk~*Um2=EpbSU6 z-eQQqzA{mZI)O6(z0&GO*w0Z}yH+*%v0gzXHbB{`@*v#cuA1-7uyR-JEynHsa!XWb zuaZ2x40ok+`4{5x`p9#95?J%c!x6~V?^ghC*3qQToV~r%7dlf#*SQoby7&7M3@=t) zf-WsfyejkvI{K#@&42IO!BVuPLb^elUMk#opM+oL99K+Q-U$cU?piD57&&WFiM_Ri zS7jSCeMd3FE>KI9TdQL)-o*7n844_1N@KBUk`22}e@87t1cX38ELnl0X@=e9 zq=s6Oq-Q`3Ar4A0=UVvbLot$s{iZJuA9cA<3|WR^8PH%jTYd4FA}upPWcwQ>Z`*>V zMBX2@YM=zGIL(LV-Y$@KFhcvbY(pP|8fjvrUhsb?%xG}_^>lRkT!M06S(}muep|U= zowcoX@v5p!;Goh_@LbRRuv)zjEe#u100jvcUO4`cD!j1W|BzoB8S>@ev*H~S;pb5N=+=57-yOBYBKAae2x`l z`y!Ebd6gV*V#dNO@%|u$UA3E< zlG$uFT5q<=nE3Rty;Sc;FE~BRzP3GUEUk0SczoTT7 zb|?B0$2C0B#e~^2CHfD0_x##sAwRgK#}E6ZoA@;q0#UiB+C+Rbg|35RAubuzRT-@51bI6Qx64CeuB+Wk2+Xe^f=;n4& zLtZ1_l@*cUkj)d3;IwhkBa^*fw}!|Y{KhND$T*gS0QXXqOV>I21#UbqG`yk!xESS!OykV-pJ{T# zajm|@r!giV0@3?wLZ>05PFis@{Ht((IqIbDP%DmZdLxxhxNl^V-I`wdi5>@ zgmw1y8PrGD1t`eg{mC7m6U-8m%O5w*DxDLorgK`z6^*5&#P6*WO(TD8kW)&t(LLp` z|5};DW>m1R!~{=!05*q*RkPh;e#sG6uMbUWe1gYe1a zJl<0fEPR&g1h%_fw{eZz0R&{)#eY#c4aPDC$wwBBk(qLxaLTPpL>hP z*{-$TtjSTrAsPp;d9zsh*=m0ncCPdmB)O6h9C<^U=ZyksW~((4a1;=*iaZDi2$=Fa z5HOmE3SsUkatO-!0=^XGtDW)X0sP;*m=tzlzE70iSswqq`!Oxf?PI>ZTk9Z1{kZD@ z+hMptppgHVNXW8chtsL5xj~>q%a=%&Q#o(0EPs|SX9I$~slp=XxudybxBFJraa$I= zpls{?Gvb}C&np>DKk)jZ7gqr59%A(?kkd8Dd7w}$O@AI|*RNf~UIJgCHAvf1@^TRP zq(69DT+Co`G)-bG}ltc?`9WUsOg<+Jh&vf-Yyhw z18X3`pQi&I@qqFm{sIa9U^bZGf0*s{5q4UP3%~P>Vbu*>t0C~eSbNK$xE6E^6xZMo z+})kv1a}DT65O5O?(XjH?iwt(yE_DT*VoB8Gjq)4Lj~yXdvPCEteD zMd>m+T%lX6KgL5pBv`)r2T+STOWZJ$|NI56-XYsDt11+`XRs`2-0(gt|T9qWN@nv!UD> z4IcS2u<{Pe@{WS|fL2a=b16mJ?$FBJ0ygm9FdXUwH&nL~K1?Kdluq5YEz!MnBWfphb4~6!1~3~4Jy0C=Vkf;$(@qEuB}0Jqh8-* z=7tt8@@9xr+$`Nh0ij|}TZL&jOLIv-f)p%TKju5S1Rv8BJ^pt=K4gv^I;JVv5rL85 zxyNwE|8>eK2Z#w>q$Q5l>uoKE#66lUS$r!Mvby`D!3U7(azo&T3e19>{{w~hACHUa z#ai)&U!@x1D{VJb7QU(_I&x!`d`~o_eQ$`0I^Ee~b~A{eabvGP%`=|AIB;fh4=fMD z@Me!y<*qx^Trm5|c|{s-+IiAJ9u7ql5{CR3-Z>?6{pm1@nX=d9Z}#by6fzkkJi;hA z=kYZIWfCm&QucEgz7)T^FY$B}L?foI2oLg*@6HqWKnF3Nq2dt355o>897ehr=3Wa4 zM8ns~0r*Fl*DgeKIwY~H7g3Hpq^n}tXi;I37=lG%yn7E%@g>y9_>3qw7whTFa<+{v zene)fsxizPY z3)5ZNoJg{;{~+Ye<4uSc@)P1U6!N>T&&JPx>ea2tf4TW!=qQKqbwAfH7z|w~{feN^ zmtd#L`qak~uDsLGB=uS^;*I{U3r{KT=h#r8yWm@%-c&XLeb6BT~mISwAayv9M`>rdpV3?5*co+dNWB@EI2 z1(1dR1mxAf0doANNqJ+6#rnSkvJ>lXK)%?=7MpW6(hvCuAjka!kgX3s74qf!S9IRY z?9+Wan2w%LzE-Ee>MLOSy2pB5#AqmFMpJaSG*PrIRp!5p8qKvQ1#@OTzUbHqW(d0n z^1ZycE^ssH7;94t*WUsb$6p!xe1P9%2Bl;+uXvssoIA8D4~jc<+PV!-*lp{JK^|`p z`ivhKGEP3k2}7n(-_~dZnc3?qSV<6qqsP?}11aM8(1Aee(r`O>R3FfZI5B&gjA$JJsu82DK5&w}T+dGnqiHFhQ z2H^*+cLWf&l81LhVlgl_YaA$>x+RP*G0#v%^%PXK95|^iahFH|LbaTn;*umCKPzP} zv{=`V+g(v)cX}v}ALHT8UST{@!6v^PB1Jz(Cg*zf$sz-2HY14aS<>vAyi~1=YS4Ja zM_>u{T!{EtDR>Ig21@VP8_sV4K?i-3#fYFw_bStsQe&SXF%i1e{qG$VmCi8SiL$nx=OO z7aX$&57u%Q3>PqS()z7pm3tykQD|cOgDiRY47qSpFAy1&9Z@xj62{F*>&@taN8T`P zCy07ICLTz~y@?;R1`lIC488ZfJCJ-*F>pRx9H^LwX7uvS-Os}y9iWUO*h30VOOT=} z;PhX=lRbcW(y_+_q-cc)OzE7~TKHQ2iUo61b_|PZm;^&jw`s%k`LyXRitlctL-74p zXNLeow8BO|xPZjhQr^0ypdETbo+4!{tBN1WMa*mjMDYh1TUf$mJN~@gzljtpu zMtoC3ifxFX-wove8&*XY$a$jiF!b#+IRA%a(Hl%o)g-+-FW%Ov)(-p{$N~}}p<@a;E9lrMViPZ)EWtBLm(8CR< zs6%|g<@fj%c<*!Sp{!O@r(WOKf*koCO zeIwKy1F1LamJ-evEvcGhN`E^#H3s#a`pl3jF`dx#NW@KgusOXu*gamJD0c_bDPWNb z4=j(?)e`mq4P=VT3N#G~nP0L9$x=$6pJ!4J9X`*7GrPS^y zlm-l8Hd==cY^k#3@*n|ARQC<>+Fp zd6M}racZ0JH!H@{?2YDr9xJ9{${%lOU2T!KVe^Q?DLZPA-w|trTmE-(s?~*caQT@GfSnkUzMkV9pJVG;TMYY-I@|fVU!E52 zEf?%gaw38T@}>?>9xgEOT}9`yUs?gQcrsQV`$xNz{fwx8iwUn6#0I5Z`9F z1RX_MYRa-Wk^S$Ksus@JIQvH{#XVM*=6)X?r65DK`Ad`hH}%AZmxact)40FW;l;+& zf49|Y>Hbis*dv-LmWn4oq0PKVKV3@=Ghn3^b|v{yCe%I9LKu z$Bzc298kReKqw^O?M6D(0A2aOkf#kYZ=o)`7Tx2khmmd!;M#xte-DUOukiLRf}OXPczalqm%o?)8X zTZ>61Hlc#HdTL!j@Qm{;b(JBNYxo{*;^OOUK!FPNqrzKs0%SPPQme`a6$; zrM#c?(Q-BHA8x?Kk(eQI@k_m?H}y|kZeTDyh%4}!`wN(Ygm%`);9_4s;XIhX1{X`> z&_KYpa8c|D=^z@?eMOF#mPbPk?l&tMGkS9gBT{Ot_b1s9ap@ndj>zqC&{ug6>HPv{ z(;1=|VZxSb!h3E!N4hh`0B0&1XE7oeZ7({verrex&j^wlZ<2I8MD>gjS2YQ4C0&yV-t0Yl(iT&i z4Qq1%oFGG+384G%{$K2CGqXmf{_vSk$qtW*&I!GZjemg?4J-TDN>Bx=xgGGqK8XfG zmjrt#)3wKzTrzko1Pbav1p(*JIj_>#cZq0J8`G{Jg}@ka`wNw~Bj%!=LQlCclpYwj zBS=RPfXT22xqdw0exQE2xWdboWCP&yAz`kKR>B^+zxNLHP!p<(onRn-a;1y=%`#b@ zJ`<7X_z)(Z+9D?h9xi?-2hsY_(uK_rX71fHEn@MH?}~i>s~v_mL)EyVr}NW()v>8p z1m(M#K?&j8n*<$;6v0U2u#ak2Y7OF4-MhZa(ncD8)Pf`P#P4-I>(~T26L#8P zx9mslzy&$*mwo)MM|Y`kNf`v>v+2`m4nMQ$qb&-DcM!GhquoI54e9E{Gl^|2i$9O( z4f|x(mfd@L2%v>_{O3KVhYbWzl+%^)mO2r-=DjDqxQD~sve*+wIS~mXe4NcJ9Cp>r zWqWZQzD+iUt%BaH9`P-H4=_OH0Qj9B2sJ@yD!fOiW8DMl|%J@@}sBal4CU7cJ_?zJV+zgX0A1{b;{23&9y_(J-6mBDuU~j<3YzW zj!KnRe5=`31m~#dP8Sfjd14;TLcdQ9lALu^G6SaLe0ba$P=*|;2Kwd&?7qzdgS`~Wh2AP(kn zSjsYOOL?*5n&}3;a~1tUK{T0o4u`` z)7YD9aT}{AR7pWlwFZ7|`s}1Yuem@=6t1Zr|2XlEmN@K|C4-H~SOnyS8cA*$%}w!5 zPP+)LO*K7(C|JQfKceWI{`StQ+fg8MWBE5gjAtDvNV z_#Dd?pI~nwDCcB6fLd2T1px4B5c&N}=pDKgc5WlP7Z^j@5)k>7&1EU1%2cS3qENUz zuf2#WgLh4JD;6^G%KhBBgamk9a5L_LE9g;+dmtZGU((3?I619wtk;71J3C_t$j(RtvNJ9vYZZUX&I~F2 zGdm;qwoA1bT;mUE=YMq%0z!b2aYYbL%Fp+6JZVsfZ|@2O*L~AUF%e6od>aX~D(YhD za+1^Kw0V69aKrYkiO_O#IAHIq8QGp_rtp?Dqe}lrp62Jo=8Dh%P{F+ahYEJQ-s)$L z^Kk2^nrMg{C2~|{s5attx|PF<#rroeiah9!*?^}Hs4u2(JH_#5t1{O@482;^zd|%i zfa|50|3drT{}t_hRR8p%6chfN7Zt1dcP~mO1J@(KQ#Tkk35vw!EiZiv%4L>(Fpnr! z4Dp00>Y4X@zD20}@c2MS`zKRb<+Stvtx7B``2T`VD19_HXUNF;p7r0QH|TSva+EWLiwU}Rm72LA;xe7uL0DPOLCuPJts35! z>x?IU<6ExDgVV6Rz+PC4``283h0Xa6yAEG+`mPk1^b)MPlVxvT<~h!(LTi>D zH}vNqmox(Fj3c;crzS%BcBdKu@<*euw^0CK<(_U?w~%N7C1PQw#KZ>I{bc(qr~)Yt z0=*W?FF5CVnEtWD$m7plMR<<7(#wqQs6@xe*KRxYd7ZNVd=ncTf&P5UCk!y_G4gQR z$f@l4-d>}qY(7g|SzUD04N0AS+z~7{ly*The;oRuzFwL%6-b!HcEKYblO4K|xWi9t zJS7xB1(j)IQEUZiE5kmqrFXrV0v(37+Hh2Q=f9LgESKRV$!RGLWr>W2h2h0B69r042DAeYw>$5c3<{gW;xrgS)Op@Go#@(EJVV7l^;XT`1V(H@Gth^Z~#f z3ikLmX%Gbw3OY;mk_#u2vn!8z|t4L}$$AJ80pm zYF=ETU89t z+>u+*7QBZ=3N3&yIb3M&yL4en($FLNomWDo!rZD~(ykzJ46+-P$e5&(i$?m#F-%Kl z%1r*;@Jc*VPdkCmeL1%h+_{AbJXS(x7F#xJjUK z{x4HIEn1>>Vh+E9b>|JtbuZgT9sREw+MbeSvgQ^kN#(TF$X`j%E+jrsKQ~Tcl~e9_ ztLQY8*jHL)R1-DT5GBcfthUn@VNqlpfJwZRf6nfHFx=3Ft2YtLd^J-1h$;V5^T&f4 zC3{+@xK-O+nmHgyD`Nd0;wY_?ala>iv9y0o{GR_KkJ8io*E~vSgaHlV&8pGGJxDz9 zKgfV_B#8KO5NV82AC+FJ?SGjmssS^9HD3PRlgs&jVHA}8l>6IFuO2pQPVwrxx?cf*)P`pTxDgMlYF9{d=;O zM4pcrtGx*Pm0)fd!kl#P5?D?d{T9)Pjx$)yhF_@GQkOsaa-r$2s}VwZgNbF#rAFi( z-Ay;Dbm)5DV1|w0L)K%TmgL0KLnR`~hN1tp3qlYJwRJe%$vTJO8AgWP{?uU<`w6(v zHkehon@J8`)c@{=eTc}1xcD=j^5UKO{d1tFCB^}4ERhjBC$Hjre)quQ^#K~wlZZNx zQMjbzHe!U^r%z&68#bGOE$z8E#8_n>TxkzKX+ss4 zrjcXavG*{Ed)Y!^6j=FR$>9ZAJ0CyFvt}>p=03J(DJ6xA_R{3zO4rgN@Q>r5Y0Tiu z^{DDRnYy8K%9=`48Y*z^?~GTt3sM*VWbWFn`#PQ$nYNW;r@uYc!iQA8Ed=^Nac z>be4`8M+Z)?6m3v2?n{)z*;V$YnH`Y5y4%G@(6lS^p5?XQNdeaWrID8Qd++>8owqS&>1bC;v$ zBXw>%_*muFn9_5m*|Vs`WLk>cE=H%#~$az3rv6;SFZ?_5#E)uvG= zUnMVxr~jA$dpI5@Y{{Sya~#s|ek|h9d&aABQ{4@R5*gGKiuFtJ$8|3|xJ<^wt0?|W zF9e1EpcnG9f6xnR;a~J3B=-+`A*ZNf*!_fWMsI<3Bb&CPAtJE+u@^yV!J?JBW*ZXU z?*3g{cSPKLGjiN&W6H-F z3-G=>h!%}pvNS%il)T|idwg;wfeUQLTm}dWJ;wA0pASC35pLS8-FG!>ia*lzh;{8b z&U%mFAJ?!1XV!R4wnL{x0i~z_{41uQ15CiP`HvF1inK(Z2~C)Uq=$yf-oOYIRW3O) zc#DKa;Uymu28s~76g_nMF|yz#oNwtl!nqW&g;k z-@XuXtCtVCFEC(PpJQ-Ku~!>07k|-fSWs z{ZII}HrV?c{6CBQg8%fA{{jD@lM27!pFnJwoA>J~DGI=^iqy#|C#64&F=rNTHX|a* zq+$yPlwmq!U+qm>rjkioQp3iTl{vl9glvU)3#2ElOR8^bKfvX>T^FdRerT+Dz=B=5 zy3$bhP=6k5Hz4pyfTFeyQqi+YT#@A3lLTRFaiqxK?@502QBbj{2MKp(xt&%wL{t5fW^jUnxaJLQANJ7KP!xqy4g4$ z4nZorpoM6R5`E~agGbnKwqB23u*UI?O0S!OcCiooAc2Qaa@hX0 z@x|Kt-=nH((&7d(;CBqYg<*M1m;*f#%9UojZ6fu}?u-CS;JfDEECD>c%ygW;CRTCP z?`&>9s39-{*^<;a8?Cie&W$_nN+za0*4}3_0PJWw2{!y2=^a4T26;UHLtc$3j5|lN zJV)5Xb}&>Bvv@KNJ2wNm@&+$L9A`5FO7n)!i!RJI3QkNXYxNiq^HGf0$JGV;=5yRj ziaZHbYP#c&onYILbW9@!Uy5UD>$Iv#gb%h`$UYwcmeY~=4!D?U3=AargE4i7M`^wm*n6O{4g52(O0}K| z2&~Ss2A>E4mJSdlIkVr9Vx?~*X31qqNaXSp1vCHNJAfcBY+9`>kH-o1*Mtm7EYANq zuqyT61FK)Yu2S=Gu!wy6G?wrI<|#jurEM4!W;j16yejW)A;t%ui6jP(v106Z&!*(< zSI>rp4h7VMU%v0}i#j&MG<*Rn0q(i*zbpZs&_65zHSWJz0yY3kKyb`?^WQCjcje!f zfMaKkVuU4IC(SKc;@PH9g|3bv-eY!i-5p zSz(zz-hMKKzNI2?A5KACT>!(I0avBY3Z?^E4du0l@@%OD5uEMI2u)pl$mX{^;DJhO zp81Nh#qS4Dong`z_aNamJqGS7w@c0)mC&?YN3t>eP5|q4Ma%d~WV-zz?_Z4w+rMQK zf<>9HLE+6^LJu&L8y)(qHe_^q&Tz?^0pO5>hhRR``0#@T67T zsVYM)?oFe%dG+r)gCrEU5bOMhY^dSoBKW^+fncA4yI~%u4+p1=EeI(!8^rY`6e{de&TtV(B_?n`SSbX+tM`Nyl;;VZ4J!V9s#~yxk_xF%fp4)QVuIN~ge>4|)*WfEL<8_KXp>5; zpknDT8NXs_0S#`m`*KUM;%1)5IWORqU0;jhO|X5me84_?Ij7P2MhAozyf*gZ%*dxu zH|Kmu;M}#Ga&y>YcX&J?&G+k+LX9m)pe40@qX->=YRfD4lvvTLngllC{W3x=(()Uj-V5XLtY6x)i`uv7@rsa52F5_Kv-sC7swf=Kmb zp#Z)D$t@gN~--^$(KI3KMSwD0c*Zf;U8)g z=g|8)^WhBlaF)Kzt}QYCSSks%XQ2B`WQdo=a26ZF>4y7VKuxk#M!c!JA%#ej6$x1u z4O`@W7+YuPt)+g|L@HKuOxT#38n^3@<}2AjlcK7tS|G$!$Ky10ILL~sdqjYx%Ohc1OvwRla(^yj1T{ewU()ZP=g!Kd>Wz^ zcC|6VIlO`FZLA*(dNSaeEWk5Wu=KdfDJYr`Xl4prR&)~{e(B^)WFd&Vl5f)pyOrje z|0KP!y(N}a9#_^M!gf2Ue(Fe?_cEmP0YV=dVHaxe931Rl27X3NOo-?39ysS9k6K>s z0fQb|*^jO&*>>g;5B=|ik-`^%1|JJ&eGsu8K35(gFBPC>GAU_B{}*jP6M8fq6Y15P znW`n*!psQKUua)Z7lGNLl|41XmS%NOYBt;iFvq{E9Z%HK96Phfd(n=lznSAl1d8?= z-wk4^-PxF|3`~@7T^yJIQ2Vs3`4#)0&*F33K7`LiI)!8}?BCO5AVB&CyskFniD3L>8QPGQUXy;nMRaVdu>a9F1;K#x6j25r6;o2z(MRe>13ojI2iAX$lMj5qShnv z^NH$97)S58%XvY_)3rkc&##Is!pNwddBsb18GMtQU@IIEcZ1ieJbVmI!&t7o5LeXJZ+31xwXqWRm6Q53E<66Ca*ZvI#&ieZ`x> zeILb%mgjhYIMX96fFk;Y^yQ<7uZ%} zZ5S&56Sfl$9>av_ZNv@!W3JWmSFUx8`d_(LbH_h(t+Rj2wK|NOl#@8IO-yK@medxI zl032vGm8XTqM{XI2RzB*1e&p5!{wU2)Yb@IyYQ9KVMYb=%W|a}XyEz!qR;kU17Ld$ z0Nd?9$Udcf`PgqK>_Lk?Pd02F6gt=I!z67=WL9oX%L2STeRE?7*M^}WlHb3b5{RX> zT0@aT1Kuw4+ua{jF@0!Em}ZgtK8&lC9Z4!I3=sVbPQTf{*u|#WvqJ4QoqqOI;9o;{ zffvkGEukY)I~Mci&8W4`lYJ7-o|w+r^zoH3zS1{C@X_^?bkIOxQ*9z^MK!42+APm@ z>(liga3r}$4!giR!v}vj`i$9&a$}*wPX5|GvF@o{s+FY~plL8v67=P$Hvav&j&b9r zaf;Y~R3%Bffh@P7ydX`ep>O3HMKd)vkDQfMy>4E8e)=?NAQ}1DbSz|jzB#eU;daM| zjI@I@C3836@@l1QB{@fhV$&-2qv(-$E(!`;0sLKzE5D;4-`kT~+gxVr^H~gj6|p$T zEFz6wRXg!k4g7`ED(gMBjf(|AXA)yY;=r;F)jrS%S;-W<(Tn;7QKIe(#X`tlg-f3; z=nt~6N6#)r@@wYyJrCfV*&vd&Xf#R1$vS}THD4CUSr49nFRyU`n%bjh=lt3})D}@u zq3jlVJnIJYYfVBttaFfU0Ah9qK!7(S^&Tv6hfXJRVC=cH zZMxsvLD`fYeC%X=J3(cdT(pMaMqGUve|S*>Z=p=H29g7aHa%>ptK}$1@f0u zlab9fB|#>i`B1ijjnh>50|?V4pl)Dadh~imFt0iUMD8w?gUuS-2Zrt~s`+S3HEhVb z7Gk2Rv?C%FG!ju63}T?YQ~pOluym3>_UUFqksM61QwXY9^PUHuY6EH2M8gtn)=D(l z2T2&gZt+OhScG@V`=UAEi!uV*3mn%^g>LazNOW_$3Nli3R%#35&ZbO?zU@`nQ*gL6Ur`U8C2zpe zsm6}KE}c4Gs={uPq_={RRfs05pjt>${v`G7?o&_%T0`ix3T*8~O4cksWO<12d3Urg zePP>IQ5O>CVbJz%`wa+`orYVOjv6ye->I*Np?OJR%kF$)#wsDnm2On1AGM>OM8BS? z4{Yd75EHd7aLUv$6Q3!UExw?|i+<)dy_dt8TXqdSiNbK+Tu;scg}+~-$tdvHxU>Pg zZ^&(BmOYv^ue-g`1%^>BGJOVV=epj7o<5o@DZ+~;a7*0j9F>%22f;BgGwJ3x3jaXb z{;e-XUx%)|E4dIKa537$F7d)~GH4m5z4NyW1DPWzz%dgs`;d2>6u@gVpyIWOEjdta z$}q5NbGh4gx%lBJu*?M!QyLdMML~f1wF7 zL3*J{WzuDDO3ss{y#TC!p((K0q9_WPDVb2;bgx-TBy!5;NJ^JbPTqjj74~6a33Jv% z!!|TfE>b;RnzrGT_XE2ui-aMFI=TvnCRT@rt}wRxMn7thbyX5gJ&^>4GT&tuLp_?diXCJsP1WSd@1RX^sKU+HYH88n2+XzMK9u}g+% z8YkEiqo5~xBS>%w7u6l`x%2DDKcZtST|puonoxEp!O(m?*2yC+Z;aA~5!8hNRZx|I zDrA6L+ezz@c!LcGw93cHecAoBqb=Lgcl!gY-tOzRuHkug(%A6vMobYpyd*eaUeoOq zPsc>P*AonYI>M&A$8u1zvHMwGyJm7$9x9c6Al)G!;4idfpdMrdo8lg1U`BJjC4iiP zE|e*(VJ~9lD&oFI!m()AZUK6xrozBgUB+aY}eu2etCLfOlmm zf$dbLfp;tO*IWiWyy%bPaZ={^nqD!+%pOr>5wGGi^K!(!a@X$KbnGiOt`r@+x?-hK zoXeZ)N?)Sk(Vff8p}Ny^pYayck;jnnfDgV)+rxyLK6O81s&hK?<&EC}og2r0fA-?* zt%TJ^Krm4>_J?HI1dd=r;}a`!(G{dWH}qtyd!{MuD{#v>$ru)OH+M4+p7t2 zYwTSe`T`Oq-KCF$%RY8)D)Qr>UZc+GZ?BPU^v8C)VhW&2mq8ox7q4-2a-KpQ@kv#l zO-my`P?osF(1|B3Y23@);sb}E7a})-oyaz)Puu2CP2?2$kX)S}755T@#_7 z5C|wA0TpF5*pc6TI)NKNu*d=`WVBMm5uh^47wMyOs~t^Z)TXvK~-V&OcVukHP8mAb33yaNsxOM-SHg03a>7z<1mz`Z^9n9hq zV#+QN>RC{sICeDY0`fP&0!Gmpz?5g%lxO9Kw?FG^&nuZ!TQ#U+Sp2dNc?ic&X$^19 z8wR5Rmtj{jDcH1lBI8(`DSPXWv8rPGa}N)w)=>=G+&nqHx~th*N)6*|;qqB6(Z%zT zDw%mfJM#Iwp2tk&t@KQjGy638@rRth&Kn7HqpH&#_VpL{0&5~jlwQqd<{=AZ5n>>a!33rO%%5T{LLmuZCfkTJMhFis!%g=Z;5yEg!`|Qbk55 z)qs5x;RB2r-~U}5tn>H$wTDNy6)Xa8%O)F=o>@SOL#p717}3wt}a+!e_4OgS5SN`PBOlyv01Tt9Fj1dN`dj$SNhzeJVCn0@8iqA19$6Rvo-=yVT17pnBC#dB#rfA2#`8BhzsJs6 z>KCv?JPWtv!Rj{U!@>YmL-byr3i5BV$9R>d4HsDw)}{>vn#rl^h($6{mQV@3`mjB? zZ8?tS){M>BO5)Jy^@-xOuR|ofX@dM(hkO#5Dm{EKDRvYdG?rhowj@g?i9O6o$ z;v_ZUWbp7cf_sjqfYAz?btH=fb=X8e^+oh*q;!A#AsGT%=_xBKqQ#E%aHF!}=rU5M zl-I-_e-*bNLh!kiYnUF%c4mR#+jWns3Ypuz@sk_>Ag$3;$U4Wf(im-foV+yDrwIpq zuq#s%|xWv9ncQ6HUgT% z<}HvmLfg*mm!R(M;~Y+6XCChb!4#NwJSyG`*J1#H>cIQfZ6bfFc45O-_@33#WNo$5 z|MdB~i4Qz6jW_M4hD1J5XLsp@Ib^Lc!*ZF$*2((ZsOlpTAv7y=ErH2^V|&&sd^cd- zIFx*&LCAc!6dAN5kZ%{Tjpt9eO*saY`9ryCBi3QR8=OsfAUbe38_Gq6a2S%&jG{pQ z7W@2Y26W_oIz<}UWR0yOXj2DfBC))-VV2hZsFaJ&P{ZC*EVq{c1%#oAb2^cqMtH|h(NE4iDgr|`ObS5vtcU`xUYCs=n|#xr^KGLH{4Lt~|t z5^h?pZ-ZXxcnQgkCa^ezLH(TwVv~hmw!-UOS^VBycusm-!5gMhw;8&Pw_7> z{k-CHax+4|;^Pyc9C<(CA~bLdw3vuK<8_{Z^Rb&Y{dJqjB zY{&eQ4e{m#T z!VWfV2HnIFeRoKTQniy6@9eOULlZbXf6$XkY_dz>S=e`d%v_{)JL!PnKIe_ z=d5u)Oedwx=qvM2$Cyru7F~=Oj}xb-UT0_fybwb{?=5YBKX}#Uqqx5MPcS=~SQIr7 zbmUN*f*$Ajr!rZQo~UbNS0Da;mm+AID?&_`?c(HJ&lfo~0V)xWm-IHR`}@mvwmpgsEN>tsOz;4DPH6p@Opbn{)p67R5qfYNiUTl zM|!>2$<;l#DEl~2MF3uVCwOhf%)^m@1pf{!)`lJD-!@1I0xFkZ7JesmG$yb{fT8F4lX;}Q^WFaJyem9Y@0lE0r&Is`^n^eTa<0%m{d zeOCb5T5_^zTR+3QreinC5e1iWe;N;)lYWWRR=d*gQ9pPdm(BJ}AqBe)EA@U>0=x!g zI=Y|vUqO!0zkJW0E75V-M4hG2_M|KVy_KY-E!O#1vXJe0dGS;2p1L8dZ)g9LX|sk< zBD$etCercuEIsP(N8wRJ3T&C1OdE$pIFjsJHG$8^r6A+T34Iz7^Ity$S5#qDoKuQ` z(*>jy1xkM17u%A@Xht>4(R1nXfX=4CezbX&6ah<8=(?pJCe3a406BA{MC_hcJMEzJ zT(TUMq)p9kPZ8Cj6JA^PLZ>&r#8nln4m7JIlny*`hgPE8PDGg~#nM=?OEqgYr=_u! zKl7c(nqQvRbgQ?CgV%HeTfj4v#lK!A-jLIB@DJ*UarAyB2mIUf_V5&$FYWf7-MI$! z%0+GJB}8aDfC;N5cD#!(i;Ko!Bg;KwQJlWYCc3!0J99g|D@@c!ZoL%^P>|m9p%r3Q z`uLh>Z()_GPHgBt+l{^k z&)H;)n;F2wsQ1lPV)kdXy>_lCq<9$*#;SP0;>QfNtALKv#7 zH>hw*)qi^#YA{cmcu`XF#&RAL8X?F{cjgo&S*U+r;H75wd1pPhZ~LO%sj63@CV*cvf7r`wq*$~J|5S8ch)^69^qUPofqfhC8~%U zCT8+fs)@;usBDQUf8#ei<%G9U|GB72#C^RssIO$vlsQ@um6-3a?;Df*@OJy_^AU1v zkfqg-?%dUr(%`3tU)kg9B2Po9e|&@%vORwRsE%zG&(wKctf$g*Iet{|rCAE?yykwn z_6i=g&V{~FqEtnl#8qqxNH{o#r053>$+gdW!Vumy!_*-C%Oc^ocW^-ERIWg(K-K$c zR3PP|tq&^TW!ky$wWC(&?_5A83GrxxWxHpBpH=F>0j(wnR#Aupn8`WU86nVCsw$`h zGwi9kG@uiegd3nLAnmbF1vNT6^0|9<#2=q@@(&ZK&hKM0fCQH{U0CXqjMO2TKWPA+ zm8=BCvj$A1kZNbWANWsR3Nb|+rgj@Ek$3-46ovr81$uHtfd>6dUj+r^fep-=eNFXb zDfE*QJ$yjqXI?Q?fuu|;GQm3#ON|`K`PPKEL>Ndmt_^bYY=2qDc%g;FK_riGFo9Ts%n%^WM1f|3 zic4UA9RbZcoC+yid;Ir5b&r9YaO0zCfmC)n&X_s zd(%vctxb(jk0jsLw>ve%eG*^`q2fM+)l^xPwBq)dY(bR_|7tivvc&2bOIpo4+u=Pz z#o&*GXoW&{(Hz-G9jvjxm?Ni(6pd-XP+KZ4lPm}*#?4~1bl!cbVwbUN6`CHYq<8Bw zkzlM}A16IeEWPZ=A>jX{vaZz8XH6xTj^^=BP!^Hjnb^bU4P z3Aw&{OX|@J+g@@jVdBe|=|w0X>mTCao3kU0X-abGI0(A=@m2M2bFFdph>sFGvH@|E z%!yo3w(xoS^}O-SD9Wc`M6r>)&M32_Y7cq;VqCHy%U@AC z)ox6db^rKdHzBZu!;ZD71Ush5B?&*3b>8BvQoh9C(+fe{X!~wEMT~m*262z|wiB3= zpM0}qyTJkjJ0?m-kmz_^0D?M!;s@iQeEo$n_bC=XRfC9veQPyIQMN5o`RbVU$oJM^ zQlg(9h|yk0)_?v#ti5GSoe!J;c@FOG?(XjH?(XhTq_`C=#f!UB+@ZL;dvSMnho!&g znfcG`>|~S8@`i+*Hz&En{rSpuUE-BF==SDxYSVMQPm*7~V#Dbhe6XEkRUuSh;50c3 z65)z5^>)r=os}M4?y(Cq((PSkqZIVYT8>UL`@iF3|+ z9^}cK=VGUW_6!=zcofFJJ1jEf@IWSlg42q+0Q^3BhR z?y1VYJ$9+7mZ@1uXgrb+q_whLbm zoO_1cC{km2(uOqDyv5|U(S+(8Y_5WJM6 zBfnM|$sErzU&5b2mQb<7MYU<2YUJO8J1mC|5VoWqmtssrMA`Bfgh@w41G%~paGokp z3{^QK7|fH4y_dqs2$?rrRvy~ImA}lUA}!i3p^l0FLC%Pc4x>IPK-}*rBj^9YgKB4Z z?z<*j(Q4MuA2ZBQ;H^|jFIrp`D=NX|3~rOX1wbs31t&M=U58c4yVp&dZTeZ)(mtiK z&mA)3K8@TnCd??Zt&i-t?+x7lTvhCiUbWb`!~!qwZon}0(Xese^it80#&aUiV{6}Y zIYmCvb90O8vS#);j%U1je-hv)cOP4x+Sf_MSlT~%iJV5vZ`l6GdIwnVA~-tT`y(#p2}IDIy>)xF)ohr zZn2>>ZGp7J*++Nq$ zsWp9CUwu9TbkNT&T6*?hp;-JfPcuyO2N;hzGy)PC`YMKP0#7?ViBWneaMH4^Q}BDwFgcKfQU*=^tOEvEIvG(6^# zN1wEr`u!Nn zHDozVk;RH1;a(UwiERG8=EpN!D^cu+ z$LtU0R2z7{wrGFa=A5a=^6n7M=HFU$F!-W9G7%34Nlu72vV)x(PkUy$VM(R$w?*uR zN`);XkkKrQA;yDCa-ABW9ocqXchz}uGUrDpm)-VYql zl(n3>5W*)?v}~rD(;o(KzRc3Wa~`J6`)aYt;ViC3B#;}yR^O_ia8P=XEVkIU`h<2csjl%Anlh5cgvZZR zmsJpx2RH6U?{i<`7v%L*cl6B3yUKDx7P)wfKVHsLg0?!O4nBT5_WqnK+Px<|aygig zMK>sK@OLlvvvZDeu?@mYfB0)T=2rCyIUPYeaH?qL*BL0FJpfogPN7LYx6QzlTFQat z5jzh{5iLG2Qsa`+#S(roYkcv&p;cRzp61$4fffV4I=FP9(E${+)`z@TggK~M4%$t+ItmyXZ9z?L@Vw?Nhzr@U1M+-7H+6U77T@}6s#`T%%$!V!}9#+ro}4`?pB$gV-sQ< zf`kO^0>>5n-S_oBAV=M=R?e4FoA1Y_W*P32F1Cdqe!H*xw=obfZ1g*hoj0|wr^Rl@ zBOvNbrSR~nooeGgxI>XLVt^U+#dnSFRsku$b2+yJR6{r)2<~acidJE?*#zwLetHQG zjvp@Wl!e4(A5Yn>I=`J3eTm41ULJcNeuW4Wpin&ujG=tH2rA`sX0TH5L$o=gR9y3V z->kzOaP6Qwivui2Lt613YsJGxAdW$Ai-~0*OBzVWdF+K9_HP|bGTK@TEL1*nLG(jX z3Czg{Z09F9r=t<-f^jyjcM9~TV-NUX?MIe%JYP`mRIf2e=KKoMcv;vdT{~?Bo~Ov@{br7!lPyao zx5U-mWk?1wU?o=tHH!Fr7SPfHr5w-#mBS#U4^A$$rX61-w1$R*;1^T9T82(E`#nCq zR=8y}TfvIzm3h#>;N&}34ahB>iU7bXtC$XS(S^Kygm^<2|C(Mk8k6qs!vERhYVVB^({R1BgX`sd^odi@$K?thETFi67Yneyh%5x~ zuoi~`gaIx|(7^(d(Vzf~pAQl=AQ?p}DA7{4h@=b?_^wEOFAT*M93Tqy`hLAuRTioF5%! z4w89mvowc6cc&C^H7XsLa!K!`4Y(V$G3iNO3}z!1S)DP_oC*%00AnMD8L^)UwnKhj z_3C^=2e-8(x{WjK%SN~dSA2uqHVjA6Ls0mVl=<+B}Oui2+B&CN}_y zXks;6oe5_O@I{sB>Im>XpaQ;3#Iu3FRB~9f9r;xO#D63p2Ie8LS5km6mC}6vCSU)` zN*75f7L}|du=eXpe-46=0A>+-F`#D}RLO&0C18sc-01PX$7zi}Ix29>c(;91D;9H6 zp!1cV1R2|C5E?b;;>^(xuF}Pf0Mu?oBrug8etfd-BZ1_?AK&Z4?@2``opsq4O*9Z9 zHLNb$G91rbux|s%(n0hF|4pmUs(3c7Qqhyzmq1Ymr>a(w^uq-#hzs5(c0*aQklxElK9 z%REZZh9mkNM&v;)lJgez;~R#AWfIn_pF8~Y2^^=$SbT(G$;?p-a zh&jmBCTT1LuJ6eNsGu<(0-e}!j$qK}LcZJ?>v}{8DY~L*BgPkGWq^q+aZK{2&atvyE1qHs zQ>dYypGKXqGL|Dvz^w%o@Tdgl_nrnykgfyyT@fT2lR-Z7I5fyeLoV!$sq}8GouucQAW1@wHH6qTBS=_L)z0&a*4nH z7gjDmF~K|Jmhp8(e9=6|7{8)1r4D5zMyHw_ zyS8d~Tn6|MXMdHdY!I4RB6nedQS-f6JL0A14t$r;NCsA+saUHne%fX#R`T0Tk^ zZbzGuq>D;|6y3lD@)lh;jqXuyheqp3m#8x8p|)9LmUekieo#1;c4i|BFZGXH!6(bt z{I^`u(Vck=QE6nIpi6M3Zk|AB8ABP~JhWI0r)kmnep4*mRGp?#lV*`6M?TV;S1v+c zJSI(@4|a+>_E(=E%_I3erz!ES>nBVRzk>IT0A&X47vZR znanam*rBG3)2Wv+9=?HX^ytm-B_F}-?cF=Uj#zwI3P%gBPVp2ql78lbkXtf8?hG$e zYp|D?Aj)fE3J0T1Z_lbL0rBGA!BIDy336?X-@7)%)It%;(NiG5=O7`9ms*Y3*mCR& zigoo1OEAVi`lO)MMfQC64EMBo**&Gmn&8gs+Hsc6^5Z-WGRgCH>^PNw_V_FP$zkf! z8NS=N<&aM#FkB??iS?%YBJJaMXhO;$ui-^IIi19NpYRn&%sUHfufH^bLNHX%tU}n% z$$d(MG+U%dk9{_DkJ!q6`vjU^!z+=)J?KyDN01funzan%%8~S zYUh6OP4^SNeLjJw&=#iOsBFO*8i%u|9^jrUP)c-%~lX0d@=tjne zj`N%a{aRnXzxsrpe4Zm`R+FlK>6dRPC|>~sdP4A-hpz1RWk+j;4F$58dlA`Ga+t!4 zJksFQAcNq(R+87T2aqvnmiK!agF5>KZ7zvM820z3M8c{KpX#>{z^#NA#C0lv0RS9 zOld-Cuc{|U;p|(R#Lrrt84*3l5}x9r>d4oSVP&e1A3;J0wqMl}qD*;056>$TI~WLJ zBDxg?*eW@A!LSv_vIIVb39hd-`C10S!M}ycRi2Ck5i<1NO;Q+%ys-#DWfQK%9Qp<; z{6tDfN(F{jdL)ib!wA^B8Sof+w}7T5RoFgTnv<|Z3?K0d)`ifG-j>h}5%D2TJ))gO z?Wv`!`6I}nHTZ`L{E8ZXl5>U#uZE}^83OuSL@x+avZ(7{m7}?3 z82flK)=+d=LRG6Ey&rs6XhX$AKK_y7lOK9hX?m--ZDHiIV8!g<9N4Ud#*<(MhYr=w zr2;GHkW4Sy{tZT9=(_`Sd-s_1sozFit-F7VE zfwtiV;v}BiH>`q|t%1<40Z)DdHL@rgR^Qcnwa@mGn;)pdT6?OhvIGqa39|>jWf)d% zx-dIQS#?5@UVta&>M$Pstc)^amkE~FdERkUxnRu^geDw~W z5gzppZ+4%1jF2ouW~5umL-{e_p=b}HjJ{Li#`>J0V$(R~i~EwN!3Mu#!;MDsj{5Jd zdFRg2wexy7y)!4x9f!QUu*_q3H8k7=v>zRkrN*voQln&u9)q^f?d+&T? z6YyTnPjHQ}+jnx*mu}8;Wg(x*rCWq*X?xuF#FEKns7l$PU4*((UV^&8F#FwcaqfH5 zsO$Dw8qd`lOXj1)eCAN$gid>kil9(lTTG(_xS-@`M8VwY=vP?!W)w2fj?aq5;$9*m z8Nz?3Ek%?2q7Uy8)Vu-3tigYnrh;3cJji zR#6z~A?|};-mkg51!QEqjXO^sNpz8)nbhVNsp>u5-{gdksyg4FZBN!(7oNDE&s$X| zdEpya@9$*)LT%HZ@zj(26h4;OWq3~(1${=oZ4v+h?LVesFoq=&8N= z%m&`UWVC^AcHiCPVC3-Q6ZrUwa}l8a0c(l|Hf+99vl7{T)9nq?SsR<(>K==TxA#5d zS2%_0@`I@zG!?ASa9};fERTDG!6kIci9WsJQYwr0^}^%o1m?M%Ljp5;Z9YFHTA}iO zRFi8$3Z^g@$4@|ML(i%hhU#B#3gVUas*$<#CVaZ@st`K(Xy!4+?;L$KJ%p3m?oee( zfRB%t`R8xqPQ6<#r@uyp+vLovOM97l`Qan*zV2!MrkGZBG#`llK8e1sTB|t;37W1( z7MgwSPM^PFfu&dcZs1XR%kRBxtT_|-Nqz-(v%HqY!FQ+?jE{7cYwTZ+*2p zbR3A`APifR71M?GSQcIzOzw>ETOHZ*+v?@HW$W_WvgtAg`-Qf#BnT86JVfQXRRZ-F zLvrs#E-Z&=MK4{Bz1Jj4+r3IB%nR7zNMpX>mI#y+QR=?W%q%ZD_uLh=geG;YtMNuf zHE+1C+=hBWYP!SQWa8dx#Ay>bmM7r|7BBqR(e^BLFS78XdRTsWa#-BUVdM5Qas+0WJkPhc!XKIU^|TCKbR@Pu5`?kr=-J|D|=q#N!pR0dzt7y z?RZ7*zPHH9mx)VsKDoE{tXGMbuWks;CH^x9kHiDwsb&pD@bVsZXRxG1N?#DszUX5b zbjB)i8XtM;WDin1P(=U`XZlC zH+l|)P*nN$Y*Gc#25nU4+{@P4>aH6lcb>*@mHvB0<=2RHeL>sIUV_rixD1Kw5zy80 ziXfR9b6>v&cBrQD@fHMQ@RTv=rv70sR==rvYaTbFdZ{L8PAhz^aoa$~TaFhIO{PtZ zW)Vl(_r|s#o3Q+4cs?=b(IbUWXLe?f$4efDSZ`dze zG)#g1;?1RL)=)?=m zly?!I+hK)M3gEVa4D7aoCZK~h9O$d5) z&0vA{^V%`dfFCbPWO=&HMx{f7pYC7sz6~^sJ^VP%&_H%CJV-_o_E&sNDmmyu$IGW&PEC`*js2RU!xx>w-c#E z8N-RVB0)-($|SHi4SmWzpd(-C#>h9Us5s|>N+qZR^cMd|V$pLn?(S10Om==u=X?00 zT0ncujHz5d8IDY%WS4JDIP~|P=sulYmrWO8kFZc^H4y(y)|NA^Y zHy01sxP%N`8a(_FgEdFT)8}`vybxTkMl)upSpSua14NhPX8*;-f-dPJlkkfhCJd5_ z+X6~>IF}}87eFpa?wKFzrcFNh`RJJUK8CtvR|#MbWSOvS-|z@f?BFD6`&h1at#YW9 zV=kj^Z}}q;P?)OTCNPP7`RVgL=*hfBK5+0yYs?pHcxX$p*y_FM$pq{XPMB?Q28@I# z%&$JZg}F-SHiejv%^%?p+Hd4STqu714KB>XUH7CVKe?!6=ZQ<=-IzH?Sj|+=LL~?( zhb)@~@w{4oUeUa@q{y{P$UIkvuVrxTjrL+zLs(__5RQkrcINMF*BtJOmrdT{_>TZTLOUn)dMV7LI_)-psQmINzLD(`*pUrpHZjlr+Kj*UgGiG<*Sd;< z#OzIAy=S;}o+dsSbjf{iVo=R-PA-cmJ)P+ zo+WH;^{-H{ggm463#IyYY&Gk?M=cCt*1cu1wzQBS z`yp|jN4McV$e+kv+&3RvGJo@l5pOYb8=FkLKS(bdoKg!-ICoXs0dx@9RC0S!ML-U1dy zg$TY4#%s0PTIrAP82(QvsM8shbmnc)_v`nOT=+@DDfB+cDU^cLU~huk45Z7(eEipk z39yx9Z$o#b6NV+y>_Ick8LuoF)9EAHgc0}us<<%~|E;*iPW~$H3!uz~xFi%SWINP% zck##63-AIMZeb1K=9e-xSaE-yaBpbG?@!_a#oRVvMI(< zrN`RRus}=o8BB^1`zgwj`=ec!GvyW^!ltvWb)^?5@9h#%S>7%?lA-FlUx$p}+1s5Z z2^PKAKFc3`-3RecLipn|Av`z#?+Kyu;qQ3p<@_PHLb|A|&V&v&my=;3LldwOJ6Bht z59#)pX)7^7(tLBWs)5KS5gd-5+4dD(vRA{J0|p-vDSQ*t^{n%mGZFb)aOHg@3MEEs zb(4TgwXCfpGQO(mg7Tz#q($A*32GKPQh#F-mZ6VrqFB>(d~WlgR0Oh?R@=g=AA|WO z5b=mnW#b6K16UENr%g;2zZfeDs#KROnR4jDg9jE^u$->F#h%)H-?WR7GylA8 zkKBJRnYFi590I=!C!BY}tnpnuaIE&_-uLUX`PK0gCzYoT<4c2Vz}106r{jYf#UM6| z0KqoqTF{QKncK_DFUxb%I^UV9YcH1f(_61cK=MhGs{_x2%k_l(8J&b6&Ioh#z>iCx zz_H%!I^m`<8b$k<+Q{D#Z0tW5Sv<@H6a~p%X5$;yjs2t_gI+y<_+35N2suFWU~cHW zX*4?%qQi8? zwPrkuY!7u~*)gifK9Y-hm95r6+=slhwrPf@#%(1-`@QU>u_~u{n_g02IB#)0NNUoi z(<_j+0=n3cID+|_0t0I>UFTS2?*@yMz@thHFEc-!TZY_$=t^>zW-4@&;Uo(lNKrZJ zmL|XYyI%xO*KSR)kp zK6{XSc#!fmWjiQLSUoiYd`O5di_Yo;R>@#O2l~e~9|m%{Aw3E*G+X!D zjV517fs@7+?q3^zr|WO8o`vDB-P@O6<@bg2DQ=90hkfdFe=gb1ncXL4jMc5BjrB^% z?{CHb^z2BFnCz4k{btblLEtO(2RiR3T5!&b8hW@wDbf1ZGs;M+Z@3HTl}@}6A-Ghl zpNV8oMS?RVx&x)6@Rr7zettlB%!P4XOeIvzir>fV;1BJv^v5t?v@cE89UNZ7Ef-2^q$ZR&ZzAaMTe z9zukr)DVc+64gUgfAH-gn0)9%S1d7He%#}Bz0WqfXgj76}+Dl%>O+lwlK=b$71^eMrVci=lM&hofcdcX?@bT5$dYR1%L6M6E0 zGiWP{XsdVHN4qj|Kj8Ms3=1&AUQpt5uW*e-bn#g*UjJ-R59yxU%7aDfo?gM5rlDOv zIj~*M`jHX|f(;?YW`9G8-Jp|Jjm>5|v$&i@$XktX%^NbbPZR6%KZM@ttb6Fpp^9|J z4G3Tj{=7m6Udi!`Y~2Br4vs3IvnWWg;y1!3Vi#e6AUJtI=V#Cw&{-ph^|BfxHnwcE z51Qi6xUrHE1UMK+0hv%m@A6FSTX8rJVwQ*by-GuUapK%sjD=2GPubV|LBuE5F@KEi zkH#rIh&RRv%g72wz<5q7K{wze0S2v0@Ftg<>yuApuxTQ^!b$ z@b;Te(&z{=DPFVAC;4}ZFPqoH43G)ilMk9l&8Oj0OOQK!w$CgS#-)`>YOp#bgEtBk ztO<}&Q4*msY7Wt5CHG!Jx`$KxT7#7r#0H}NqlM;by7(r^Bbp{m$I`EI(^P(4VAG>2 z{LwI1nLzmNhV>VC?^JXr_)-(v1s3A)3CLnvNhRq}BbOC5OhC5O=xki?0brCM?{ddIS2W?645fAgvii@Cg9Qw4HD z+*IiOZ8()|ohkc)WP3iQMx15+YDOcwC8J(pq%>rK#BO^j8)EZ8ky5jiLSsmH(rP zuIa1u7YZY;>%Xvav2%ORAVCj&&0-)%}(3CY>~L<>+&Zu zp0xL}$>021{OO-w#QoCb=Hz6C&tKgtu?{|&QJ3#omhUsLdFMwafl}nfkFHuVrJoZKD6|iB_DIjdF@LPN}zN0#|@(ca=(aLwWX#*>2 z)p|>Bczoh9yjv2ob@VOE4ooA3*sCVZD;>LZ`dKB{gFTQp!C^Ve@-vB6>iriw{_1aY+?FS`Ul2M=c6ayY%CUx2m`-ePmrixTaoqnu+0Djhc4Kfx zGY3xLMy>xlF_t;6ulyxOzE5HllNj5Cct#n${2z5Pma&vlURl+uv2o{khyE3KerLyx; z#kElOWdY}NxvuJdI}wk&@{5}<%w{>`$=#85rk=^g{&jxhA#~Ufbq3v>LvWRkQ-reO z?)wh0l5Bb|SsrRnS`ufCVuP${I}ZO3Fs^S2@SKwSkA3YNfn=?4b83qzckm~?8~eR1 zJ?<6u2};qeFI0YIOXq~0bezqHbXpJBI3>Gr)Z_;9t3qYy*dSKQGlkl1$qj`f$S}(AF53N3fK1MTE$g5LX)i9-8Y-O1j-D$|(=xiwjJ? zFw)%U_O?eMc>f0|JqxTf=kh?KJ{>?iVKtapwM%=lyqMq1Q2ahu2ou9`*uK#ml!6(7%5${m?u`vDdOwI0!^tfe4U$rv% zQHihmKF&Pzl=P&4Fgs#Fde0a~_J!Sj|F>rU19{cS0OXgCoNMv^pdEwsr!)qTDD!n; zsYmp!AZP?ghHiwd5|EGPGYRI#53|*I7;5eBqe_{Wo?=cmmMkwOAIYwarKZgoWZ{BC zdc7?vU&Ln|1e#fHlZ9lHmf=K31{k0}Utqo%ob{C@8`EYX>StDdeB}dW>~3Qo!|_jK<}pVc z*PFAj2TS#)-}`RGGm1x><%$3uR=~o<2N>(1zRmkj%f^dX!S-jf*V~8CFMUlZEq$Iu zrel%IDv?(fZjo0`-CC`86^p2y1KZ^nVHY8UQirX|Hg3P%&xZbL}`r zweqjN{ODTp^|(bu=*pDhimtj*k)@P`W#+Wcf6nm{ z-PLc3bf?33tJo@G2qN9k_n*Yhs0=&aS&i_uTCpWFJ(mqv;sfJS{+3byy;)uc8Ey2 z&c}PtLyAkW9t!g&1k3lFi{M+49KY9g6LZ|fR}Vy}I+EIaXHJfQKD#7KT@fNzmVlx8 z9$ zHAvZ`_cRcd{0Q?V!9*HoQJg8B%QSc)h&WHEnyUIck&->FeB$?nlL5<>_ zMAa3=gt>=x_?c`^M&Ow@0eVcIlI>t2qDicmC`jYT3qTvkATNeSr%8?ind%@9UZZwULf%DXFMMB9o(43IpaJwhK0bvJIHxC(S6{k8o)=BO6SY^!9X zgn5I{pKQ_U$}4>dXR|)M5mEbyYz|EOsK7x;BcL3Kh!)*5Dj@>?du#^I7cAt@(iYwy zhA84NxQgvQirWY-=xZuyHd#8Z^e{ck+MUC1JJaFIhu)duM2@}_cB<}3fZ#RIV0u>J zfI&cv{7Drsraf?sAz+{pG%8S>D!(jBm#FSXJc^TS9F)^2-&5sg64SdTDD$YIas_BT zgjFgb5I~0rN%y=2>;nlm*C9lLB}&?lq$WxNA5nj)wx$Nu08D^=c_dXaT8-;r_8b-z zsLP-tk1Su4mZVbY1DGzLx5}7X5)i-xlDz|xpKm~hz+*@21&A<(7{;+@^@SM}DQeb` z0U0bR050+dz$P31<{aD5D(EWPXJQ%|`OdTxK#V{*1h`_q9; zHCHdJgRw%#7xF7Bv!4B~YoVY3j7ozHgo;BkONcr1TVAdbT{|)Lrr&1RA9zSo&)yn> z2!0$Muk5d~>#cZSoMV0@mvvrC>y1~uj|DJ=)n0A$IT*ogQ2GjEx(&A3Ak4|4OGAcF4bVh{u>3T(=-)CsQ$J_3C<|4Z;WRVWZ=ZdpW0?_zqOICs3y6 zYY*f0S5#hvI)lEt6of+jxi-y1^-k5)&3YcT1*Qrf%lv6{x6O3F)-u(6PNh8k>__T@ z)uW@rWwetDl@-m^>$G{N0YJf*qwTsBo!*A0#7dRr{Pdo}dt!Oya1o^AhPJtMZEV0v zbeg{e^;EJ!aNKzazf5Nf`Tc%lT0@2bIkFh@DFu8MsG_b>OQ!C?Mf$rEG~@wvHCKVbQiWbba^(^{~~}q;|0^w$B$y-N*KpIM+lnQMG@nUY@Bs z)J)zua*C0y+Xk|Gb`xi{`C`$WDgJA<2<^=XSUrmVY%(i<2Tg#tdZXo^^G-!hv4Q*z z2^M&z_Y}P>i7|+CF%?gUGCCRp`mfLR=IjkJ0~{?Q#S5$ZR~JvhMFiMr8q=WO<>$+B zEw;x5?%v0PrDro-8Up-G2c0bmLGPD^2EAC$A3PaLmPH_PZJKEQ;RW}z)vfsiH7$*- zJjXFZ)&5qdt96&ejiK%5fwPPn%_HJzm2Omo8)s|ljY!4_Ewt}9OZk}5sr~cM;ibrHo}@FE?dodZApWLp{37c#$@Z+*6}IuE z&I-_z&0jD7t<9w^x%NK|<&*~=!~Df)QM_Ga4CBT2B}onoD=DQsE$4q3!q)j!yuT7_ zPj5c^f(!*CjEPI19`5enMquEwC0Cc|v5K(tpLcIIvVWuau;=0@iqE=Pj0Qy`Ss-{J zqg+H>vTndKQ4T$>l%){${y9` zhQir9pN^e>4|b&1|Mvlo*-W-~Mg)+jrzH-J`}U)zyw+BY=ax^$SB+U}IBa14b7RJ? zxJ>(F|I#YD`@lwzM{Q?)yn=#aPNFrTyn^P>X! zW(hGks?c~uMTkUN_*Q;y(2$)3h350nb%O>_+O=l#y6M5MnPnjya`QJBYTwMA^sr+# zyAq28sRce!7ETJfpc+PjKVuzfhPMuOY(fW4}nH?PI3(Ha}TiOH8{k9G7m#A4COH2*lwsnMZ z?a5hj46EMqlT;krR4mmm5(l@M=8AfL8#agT3(JfSw~_StIJ9Jf(l?;ZBk*oN^f+${ zcqDKDGh>Rlpi<_Y^suoBGrU9vOCV4s-=VCJddd9j7%2)dc6c1u>FqFNtwurWe@A1G z^Wi!4S9##oH|))PTtd7VaI6CWC?o*D3NaQafT|t@000DBH%+G5)s24s_45Y?O%WP! znuOI+0QMd>xj-K{SOxHgOkuR3J_k1%`Hg-lD+2at&b#Z?#TcRi=se}}Q`W{rD&5+4 z(p^K&-Z`C*=v{Wd80RK#Lnl`_*ZgvvWCoG||W1-{nHU zXUbiWJBK4T_i_-=J7|M+49sm9wr=g>f|MQ%`iPLMJ)aR7Y&2k~BQnJEZa6%{Xn}4o zez%D|FQM5egQjt%JWz%od4Dzo>J3Nldx>oW>X%10$~+U+ayNVNUi;{)zO(!xXu!|~ zS!}ZHSIQh8b(B&17ZsuFfL+4yUAG$5Q7r;*z#ecUzev>6Hb}{j{-P3kPj($%={>7U z{7*V017NSooCGl9I4A~4P|R(s29AIxXvRBWc7am~&cX;i;fGy6d?ji0x~pk}nFA(d z(*pJg0ek5Pq_So^OqbeH5Ucl@g+Bv^WNa})_INdLga0sf&Y6YAGqubhLo#y_d-a%H zR{ky$=s<#-C?SH(A0O$~xtKEt+X6)j7DkdFf?`a7Tvp8pA5G_gAg=M=2ZI|I49m(H4x3u(}0<)iAEuXr*=5kTB_VQ$LsgtplQ#H2YNCk+xql9_|h#==E z3FRsxha8tPuZjDYsUVd)O@SfteDDTLK?Y2jbKb9ZGdU9+8~wh`t?l9J4{L92uE}kf zXe=%dmKt}Zg_jhKay?o7-IBYddX-QQJDwF0k>5r7O_jIu_YDms)c&e{Ca6cie!$J@Ay){f6Q&-bCJ?b;4BM+EeBxy2Q}{h&cDpQU{TRU}f?^W? zkX>dU!Tw`6kiv{x9;&bB8%05|YwIm&4s@zDI2&;eH1%SzRXd|Xl2Wh`6CITZ3>p$> ztR_7~uLVg{)R{DiZSpfI=i|hS1ayn#l^U4{!%!11^#+IBG3e9RBJ@~C;STy_$GfBs zb1*&euUbe>2mX-22O!9K?TeR#+qD(eF*{r9{&7prjsn;@G`jJd8tX}7`%XuOKrNu7 z{!ocI3wp3D7ty|Dqsn<4Suz4xf621^68$EmnHjrsL3o`h7o0xyK|WZlWM}c>@CyH zF!bgP1dres*de-JF=d0ky_;AOrxx6T3i~FV!pgvaa}G!RwNQupd;Tdzj4a6c&zX!4&v4QKUI?elA#xZR4+hKcORsjKUcR+R~1bczH=8KVq`*rO6(@ zq2hkndV`1WSHI1TTarn$c@AG`cYeZ>!*1*%N{uZ-O=NP^g{o)esjtBtAxw~ZdndAHC#2P8OoFKNj$}NlC`a2J%g&;QLvf;A;3s0{K~3WlsBP&MU~^ceSi?CO!A8J z*_g*4`{5mWIlB=#Ljh`IC=<)S$V7`g&VqntMkPw`fE`wvIa4jSw*z`-I;zUguO`qi z7lSCr-k`#A{*MF8ar1A^ib)B((^_jFbz7X{Kfj-gNqo-uk077>5Ydo^BvR@R>$Y5U zsgJ^h|Etz3ef+Y}&hfS7P4b1nEH?9@4GqWe|8ZK+@3Vxd(f&JBfsp<$P=!G`+>P02 z#|ZkoY+@t=NIo`GZ*E!zF8~ok>m#X}qVsEH^lCnAP?7Wqg zb4EYUr4RgwjdnQZD@9p64j+IHsW|G5=WuHz@%p`cNQCf;+F=bm=AuDNK z4}+3Tk{ogaHfeM5vKI!O`Y2PEkG{DY&q7b{P!-30hFFV;)Xxac5X{Y*N}R@Cl4fk3 z+t}f~vLWA=y_tKdoIisl%s`p4$KeU==<7*&W^8SZtVm!3Zq&L~*3Wt7w1YnO$OCTs zLS+8pa(_OBsN+3viZtZRgC7n)cNCB1bAQT?y;t|uODjU_cHQh&x!v$}9}<3#>}RTK zEOpf7VY}3`g6jO_!dGpV3cGFneVy!W(ExC&7jkBFQac-hh=n9V6e0-Vn=Oi1Z%Uqy zg#+2Z{v&{z!qNkodd=K=O_m@vbk7a#m>7FNew@=r51na(%>o1Y$ITa4w!y?47m$z! zk#MbhHt92&-}3_z0wDKe4v?Y-4p1d$1{BHI0OZ)yBmgN$GkP>>r~o67F0cS?GZHIU(rC>68|C7`et#K<}nr%Q#MJD~8X5}>8>a}}2E4nUWv1fm5} ztwse%x-N=9aAO|hPDC0c&6;$CxCnoEhEdft!Ak`^vqiQ+ZWh$*FQEw)QUVg!hoQk4 z`MRVF!JTH{*f$GooV%oN^nn=#6wR0lGtk8WKLM0L1sT}Qg0_;v_DdTfd?7jQ!ZlI3 z&1lFW=vY*u;s}}*j+}suuQ=S)m4crb$PIJ`*-gL@Qt(ujZP@`jfUL5K^885uyqc_p znnNKZzx?;}xRUa)it3AsPAEv_%@!0-Z{ETlCWlo-ubYOn*GLmSr{XQm$?L#G`}Ymx zQ!)}q?0L!Ou!0P{@$;(rrd#?%-)e8DCCCG4LV%JRe{4YA?uZ~*fXfT8*ufd-SWNV}tVkgU*aJsmJ-}3WB;fE8qJ2o$kTa(Z zQb5h%?k&5uwQcg+|5+CD0OuvJc9dK!Z5M-I*7t{jh6X_KqM40=SlD<>gBL<&wDNou z8kk)QvpFkc(p8)|7oeyattiV-!Ek;9keiQULrc-vnnCR3}alrngdf5V(dp^WBQlXnX6Ry82{Md*d23xJz*NV8Pu9uEE`1HxeYcyA#~qJvaon;O-t=?k4Y? znR(BhbL!St^@YFIV*NtxYy$msKixede_z#ho1v*^G$5|j(q$pV;NtR4WpG#GXSKU0 zZ3<5C!i@B3RvFo33*32yxm;v%oL22>Q}V1jW-Ys;j77TRVawn}B@P-tyv4ZU@*tzO z?)B6uS4Nz$m)i_`l)ROxlb4s*G9|Xwg1rY!gRE89sLo+hDdo!<{MFp`wvP(ek5|eU zYUL3lDV%$z%ICv-eSP$K0(EJI_wLjf4_8N;Vc!cdNohg3TP+~nWl-S!!Po26VUj_^ z@&(_Ar>Wn}bXxE3Rq1{m8BWy(=@=8M#!^7MD($_wX-mN+iu-=)_iQ4NuZ;zSW{Ntx}C=Ow*v%*hivEQo1D2 zVA!kDj%QS6z`DkuOMbh-w8m!J{l3?b&~cGGa=gk&YRJ`S$m>_zhpRhN8C(nirOe0s zNV=rPF)fBPt}i~Lb+lCmQbUbGj`I>Yg76ts!l+x8NlzTiHFZf9P zKE39m*Ng?Xn$pL3sB*}M~R znYJ#qt%LXPSgvGw>kDfgy@o@bv}eYgRlSL1O$nNaxBN8=iUxN5t&!v0gs${P+G;}Y z^~Tz3n8t?K=2;MU?~Qdwr@+eC%dd&&O1=xMH4x;Vidr%a4Ux|)-S@nJh1b&=&MHL; z4etJoVLY!0v~n2jN&a>r`SMdYVxH#FcL!a z>&=!eGQ3~t^m)A0+wem{xPhX^q^A@@lwG;p7G1efk)m}>;8vK$IQo!U1 zbZ)erS#n4$#NXDdiFB=)ZFEzBv>xHzu>xZrP4Xht?%2BR78k}+aQ@O+l+AfqktGY{ryF(76P4Du46Lo_0sYIpG25xC5O2fg9!?_~Jv zV&b4LkyT>P2EX||3Ad;Ty^sukg1isL{ACrgiG*oM{c)R!<^&D&TFU_U!Njj9+eAzL zOrex)tz+X1@p5f}XH{vmM^?W6IT#gN##1n0XP@WX(QpFwGvDr_^4Re3KEo=ea$AH~G#`W}Z5u zEWr6?pe&?d!XA%m`FF|f{3=lE`Ou30AOM=+2kQ}#5?7|dq@NUX7UHW4AxyUh8MXH_ zxja1#d)xDK*OcG)>Gh`m0c~!gD&j#RsKt%Lisln zCtKz~Lpqu-1?X20!0zVaBPg9C8voUphOQoWXHC&4k=XQ2t})`(hh^#Yaj5BW{;Hdp zwf+^)AK1Y2USdm#?Fs;3sfC%Lqaz1!%vmq3dME#7_nDcR1**u@YQ&Oe%1)-O66#{w3vgd#Ya zxNeq2@L&j#BXB5&iwpnR{c97)6oAyLfu{%N6h#m8or}sZ+a&CD6hUS;>!zAX)1*TY zeJBa0)nwQvsPJ1Bz!?sq0F@0dP@fM_pwE#69)ba8(WC$+fX@g}K#SGSwfIedVw0U> z(%J85Sb)#;X9NPXZO*_FfC^X%_~#5tu%Z^`q9uqTO(8f1jBJY>(1xV6;cS`?+yGgO zXp0Drxo@BK^iU%QATx|*xW1OL&cmng4(R}fK)vpzX2+#sm0p(ZZ z08LJ4O?g0Fq5`-X)PyD#K=Y~q*P|2-I9~?Z!NqNBQ*QstO}ucq3g$ni1p|oyi-|%< zyx@)|P=zO4Q?;r3#`Tjj?0+$qq^S8^#k~~3r~?d&^S!s z;~!VbdIXv>PaT_P4IWXhpL`WCY;*TBYQG1D9)%{T)~KcW=!GnUWQ>^M$NT!GFCRJ7 zRnuZFWJ8aw6--)VgmqgnB-)Vz++%3XL|Jjr3$l&9@u?npBp_3;K&>8Kpx8sgD(ho0 z`VqgBr(#e5yo@G?Pl8M;e5J7r!@0VH&Yk1jg_6zBh9BSi$tqM4uM0cV8@?TeQ35&zRTu8H7D z75@74#g*-~D?=QzyUisJ^{81L9wk@Vl`R|jXLTsnzfI#R@%ZE5lSj%t-Fq?^Wg~H4 zwG*R3dJ_*J(Pq(GX^D~l?t;eIh|7yH{0Q6iHqe|z-i1(10$akD+%<%7m@C552T z_pYp-SRq`EiuoGKDqhIq^2h7-VvtlM$Vs8!my-1u%Hx5=$=+Ry( z7aXxV$nue@nQi4=mtArw9{i~sVbP0{>S%I=+-RaUoi?-P&6HH7HA9Z*RrcQFB!Zy+ z&wa;j**Pq4&FK!biX(d4yFvb%BBZOVS#YPIL|Wl+mDUWgEXf)^I8&2vI~Cif z8NFVXZau@ybFdd&?pW>CjMRlKVaa)u&9xjyRKRUyxy#waI6;%ERjp_6DfI1VYu=%9 zV^6!V1>sek6UyB<@$GM}3=i)GLADSfUW!`W;c2EzXy)9a>)Sgc-k+~mLrtEc+*Cf^ zbTFeGPSFJC5OO|I27SbOHjn9n(w)X*FJw7g4y&4__u zd#lr|WX;#mdT!VB_E)H9(jsYL>e?JEv>+3!?6lFs{RLDd4i`zPDi>tPGbE5feHPi@ zLI(5=j%*2iAvjEez)dTz<6tXre1KwuHbb0H*91iD$g)F5G|%J#f4Ja>eUJf2$cVm^ zkWm4Is-QujmF7c}tLB+QN+9k?$WWqzqd|~EOVH5+`#{hsVf78jyLta)Vs~;SJ=`A< zozMBq00+Fe!h8!KQI(aDqa-i0c8hHqN8610tyx}gMhY*N`tikXJiv* zrj43daScl26UtqrJ|$|>ND(o+1A4c$v4s(V5TL4MMIVEOj1i6heOV%Eo`-4ivSlot zY)4m70v^L*dWlP$_>Y9wC+o)fPrRkdlxt!Zxj9aTMPz<5MZyK$zu15MybZ@4fgWRZ zA~52B*qNupp&vB?4^2!Tv3;b3;r2?J_iLu3zwKS*Nw4-Yl$+_ryCyx)fHtN__A-^e zO!(y1JN&V$pJ6vticxuUh|fx6j0BBS@X5}<`D$q4=aR?op+TgE1_F_&>}#!VueCji zprJ&gq2~Fv;tF5gUV6w|_{fl`NCIV)ULA;3@Rki6i-~t?aRD}NwJjSZzo4BSd5eP5 zN^vWu5Q+RungSgj*?ZUf>m(LXI14m!i)J5~hop5?OJ6#Q5|tHO0%EAG9)Hj4`C7Mo z&U1efU-Nc7bT9lue~hUQYA+vY<3!)3oUw;3J-^V%AZ$i58Mc(faA+B}fM<4biB}0Z zkoei~#+rnGSkt-a>kc|%N8tE9i{$)M|BsRR(TigH@!})Wflib9e2_@$yJ7PKishrb zpQ!Q6m+QUx`h~gzOk!H+T{c7Sw+8iA9TN+Q$~}B=-d)Z6s0-@YfRk{jMqRiWaDObDnDFdGjV}F2ChJ$z@afI_PmRo&n`L*Equ%b)r z%s0i+@p*}$(9y}wAZ8WyAV&DnEyR<8BPz;69OhY=g`3a?d6yvq!E5ieg2`5P_No%T zyrg=H8Y}2w9;akFX$@{cEZ<7QJlad%I zOirIE%|*VA$1#!@PzI^^xP!gW8453Ej2P=cr_T;}wY zLN~=jD=PbR;Sw?c+1_+|H`sp@c&yoDJy@7at(8ZW2riHQJ2jhXPB9?&ZW80i4{IW) zAE3~@gtkHnBMVsa_Pwa`BU;Hg21ThPURhWQLslclpm~!^r>H5f8jlApZlSA;2Cl|q zdj~vJg$BgtKiHV6hsD$oMLH}8U5&;BY%o@6_tcQ`)ryJNVpOKPu4(W-niKa*y|D}S zU{$W?cO@vGuGigNb)p|Z;<&Od_Zo-ofz@`EB-WTl!k*wNfG(}D&1$u$MzN#JXwj>! zAFM3Z;f)j5x=R#05FOS9k$4CF)XdNw*4e$wg^=2&7}!4`n(`@f$y33|)H<$xw{jqw z11_%ZUc2J`f=iV2E#}b^p9drFP9N|?RmR;d0wUS|dL5_oyH)U@gAatH)JQRjq-=;LKRPb+23{HmXNQ-u+Maz-wbFAqu3Uat+}<4fRajHg}VIiAv`mfAv|Sj-#08V zH<6@U>oS{!hpUO980EzJ>VGoA@OHC@zIr>fdVg2j^W96odj0Kn{#tw6uwwm7;?+*~ zQ8|0r>FC;4DwqD#fz=H+Xr}~U>p_Bbx-R8yfjB~3bl}@k3G9I*vrmuScT`f4f>Vif zinwi(GVcUXl5y5KlW`EIS#Q_$fXaK&!T5>QeiANwT`*w@4Xk%nQUq?yLJ(rfDof-0 zT~c2G=?X=48P)#ID*hOF)<6;y&_iXF4Hke%s?STwO`XACq9c&uq*ly)LfvaFJKl%9 z^Isqq^;^jPXc6)b#G?zub(7VCL&JbCf|p{NxS08eg72~N^MQ6*W1!s&;{<_^b^ObP z{ursEkH@EiaL$8FnTH-gSGc?1FE4txx38&keDmL4p68u3EtN6YuWs*v9jB2dg?`p? zAtmMD^^zcmh;N4zLM9=BGN`z+-D8{qFQ^!hUs42?4=$lY3>Mvj8(lJL2_VK0paIS_ z0VKv!EzJW%vqoms0vmNt_eC)*TPZf0clnrh&Dl!J*y2?m&y)h zR<8~>Vd0J^@2{G+a{$$)xyl15(>MaCgMlmssIC?XaGh-8@2i7D}P;&LfUAH56QI%8p@Adk`vd-p-Bb)qvNh8%&ZgpkwLrD_^D-mtvQv z-6M8KSPB%A77FbzA_+MV%2CPH8~ZKPpuGPY`|jI~xWJvx9a2;)5~#T*zSuY-PO%Ax zMhyy=((qE$-cY1LWRJf{fC^_k_MpGvS&K#Zo1j%62p4m3@Yw2&^1YO6j^?OXPr67e zkKyBWgS*qaFza$t;^EM{YPgZYA9%t!SsrsPu{|o-^R2cCv$uDQyG(J~QjRr74iR`G zlgD1gm)4Xh#D6$cZ0x4T6VK0H=KlNgaZ_C>81X9iripN*)rIsd zwQV5S``$3+i#SgLKi?s}k27`N(?A4b=~8fMSTmmwJl9L2^^qc$PE#ZntiO+}?Y)@J zwR8!~#0$^-<<&P~gxoExlVfb6Ec_d}pE8zC9-u#ROdM6lzoTU0lEri(EV5Xc(D3dG zJa2EgNk@gI4_K*A=c0NJSBe9z1F(vRg!=RCt}tcp0( z3Q=y?h3b*j$)n#Ml+Qlbww3c~uk%cD;f7l&lV`s@`!{mFr1KsT5Z=m%n-<-^hd{Xl z6^Gl!J1sA^G?j!h(N{Nbs7P~J zNWD@q18fSB-t$Y_uDGwk&#-TDg5j+3Ni5jd!5h7MkcE(ru@I}=P+(1BewOc>#6Cc2=hYNkRw!*j`s4L>hdd1*@&(Vyk0KQm45h~;MH_w*l~gQ1ZUbSis<$O;IBs(~ zgYhfI!Swz^<)Jr?6dQKRm&PcfPd+ni9kYy#lk%V5;hV0{_e2n4`rFNIw;!1J2+@aC zIS2p~Yr=+uzJq|kB4wi`UP5C`HavyF7~_{yzR9n$_U|%LqB4hl{EYPg@9=I*s`+qU z{vHqOtzC9juM!;xi(i8dwi@L+491*9O*$LaNilosY~0C$z8)%JvX+`)Q%a_C%5$cE zjyi|t+-hX{Y%pM%N~%5|d?EYPC_r83{!Lc3O>NNjFA4EtIrZ^a$d-lSL8mNIm7RXtRLt|Hn#W?4;ThF{(HN*siZu8C>2sA+ZE z7uV>R-Ir9L^7G<(2P9U;Z&#chV;Q-Ow~QU90uYZ{Pt-6zQqLC&r7+q#m8g1`C45%* zM^Mekv}gH-R8+6&GLf388Z{^Bt~yBSYC4_ykcaGUU>1tq?ey{DOMmI15v%Ss(-f znyX0~=Qn;M>Z+jmn>LpLP2E2*yCteA1(@Dz@{WwCLY>puR+_pSU$ZXv>WMYqSL~oX zYm+Zi%wN)f^Kl8;x@_GjAF-vvL-r;Ons?1*Xy6mjkX~zh$`{0T(#Ti|YOp1v2y1_s ze6gMvrQo3ap29oXK%x`!%?8yaVnz=y2UA}SgI#}~a-hP!9{F5lRYH2h62s%G^!*4G zCsDhQzEg}HDBgq=+ru-L*LV8ipa}}*U$TFl(yy#8>|<;2RW}K^Ie`Ln2^oamym=aC zl+FU;HPjS8So2w0tPe2$`Lv*S#X=LCyge}idNZGP$W_FESWfe|R52Xj!W$uWsZ0i$P11&Sz_ZI( zBcpuK2;!SDW!z$!a`hk=vKw7#Z7d>(zaZ^Q2m8HJ-V>!#U$k#VM4uHcteOe8#ETM@ATBn?jTsxP9*s?ug2i) z&us%AFAA}rpQ1Jye5$|R%btEs?b^zXoe=68#X;?xCwTa}Yw&bw`@ZkO3S|0Yy{|P< z){{tx(&l#{8T}UGDA*xlU>JjnWMzzEk*{@C=fDx$m@R8o#}Z!@fjgC4fu(7z-n{EU zaz>r#7kd)+CrEKR9M%aAfrA@H+UeobYEq$@hxrqvR6~ub9xlURz<&5M-L=72+C+jm zBqBK%latLbpnw`&se^ja!!ka_ML$N(MHJvg0PP5_HSx_vi9!ZAcF4tac*eB)bF|Dl zK4KXnzO4pg2WDZ0Sp7@K|k(Gha&w|A`(^ z#@6Ki@hH={#2U+}Fst5`Q}h8edvv@truz-T&31rI}B&rWEa_mFs84tPA;bfa3iook&++hrIx_i$+Y7OQU0BJVj`$vQ!ieT$(csN)AKN(tQ6r(M6`JgF z&fr;}be?)eV1E)hwc@Y2^naG|KkA}fc1j_Zagv!o81E`N_4ty;a2Aw?>3t(S-@T#w z{YYO-yblW}?*J!HCl=M1ZR!Bk_C%*8q!~N~eY77^vA~mqV~BI#G)UV9H8L>mg^FTE zoXi59Eq56!1l=kp#uD`7z}V18*@bmM`V;v}$dAmliY>_SZ>^_+3z0T*Ojtf@c0w&k z1!ZZx>URu$!%VXo`d21rj|@|V)i0ieu|I5E`w^_;F(`^v=%|_@i~A(;NjB zT?Lt3XSjWurLK!NSri&--G}{RlH;All?8`f&$kO{?(2;+Y+YD*%O>fn`+on`VfEu# z`q7@lVIAjCnKNwfJV!PB&p7$E(YgU-xDBV4V7}BkPJyh5cD&&-uok<;kjOOy+n*%h z!DjkZ!3r*!oC3GEvy2Bu*BhRjhl;XMpmqg`$GQ2=-|Tf+z^@BSD#`uhR8=Qt0a2Nq z0-A!vY}f38(4!)h;*-9`SNzx!`&ju0nolO9$+V;+xt|tVJH>mRLkL>Wq4?`VLfuUZ zjCq<<_i1xSNoBHqmMtJ*o&@Wbnmo|=g#;i8;QmThV zs0ZzwFu;#=B>YLr?9j#DQ-j5TzFhx-`p&2r`l^2(CtPb`)^fR>-X@U5cVBD=xxDQ~ zC?yaLEyTtNT(RjTSK@8~GS|4T=*u03Z7LFD*>xci^5fn>J$@-VSf%4S{^9H5u)_2h zW!!Vi^~a8~EmXE7auvyrzGSXejnyJIDIeZXJcr%!+atZpMeDK2;(86K>=&1DH@uHq zaV|jKdH5{%3Y8}M-IZ5ev7bg9PYaz)WVVyWEE-vy+fpgwmc_iCUIrU^JK8-uVa5fF z{Il?jx@XIr8lM|YOOAAd+eFcId~<@Na|s<@?Nw~9${pSZY2|eN#?tnsEwx$#`XAZG z6dgqL+kKcpN_A4nc2A&K!5vX7gFZy@7i^S(fnG^mgPny|#xSO!T%dfsGNE?dM*b1l zDzwmt>k+8T$u7?~PQy-gu4z#4uvdNc7$&NPaj1IjO6JjgukWc$Z!yxfR)RHy67J>C zJGT8<0sYszad2Gq!z1NZ#gZTP<+9#~jB7{uGJJkf4It)q)S}Nq2J6mSjtcb**DL-!i`8_b`Fl8JB7fk8nECtmF9v24 zbixI?7(XqH4=3H_-|R{aPO_&40^^33cL?!5w}`5#)jdA^Fc!rJ=dl|45l*Y}0gB(; zL5r-)qIzn4^%Qngp{#EDmft3Q6SjxdPIU6lsj&+i#LX( zf+pv|ds|0#urFttv{Kz11X){J%S7oKDIBQ*N0J<2yc0Us9}{btmjL=vM`OW+_o;cY zNoY1;r>Q-0i>9}FSQ92_Ym5V5_#uImBwvrZFzA~0TaAdLqwIFP%JQT{oOM*cg)MaA zU!f3MBIpf>Nyeo3qEXr>5Z?w0QH`K4tBQ1+sXj)3`wqIyFZf!lK36j(!13o%?7{wA zkMA>(z#Cuh*N((B#E@~0u<@u9^o)8sj?f8heMcbyt6@;kWVH%hkkC^l28kNa8HfGaOa5yQSe7tOoO|WKRlPb$I;jl!z~5%%9($!SS-doN*fAXk4e9; zUGE{25Q*4r%9}%-60-{q9UGc*h=uSiIx>1vJSsCHyXytTW>o{|wc_Q%U?CoRuF;zH z>9|Uz4OC(s^&~4OWR9R^v-YvA2Pwt&UbQ4c%TaYMX@r?1gf6ZNB}v#%8% zSbZthfYF}`9!{SFiJgW4tOgi{8A~#8a9cPO0q_yHTt0B!(0pM6)EEZ>jEtdxAZG!v z2+}rd07h66fWZpL!A!7d&{^U%jJJDX#zTA6gpmzHKqE_b2#JR7P&!P=X0rJ7QO$jw zQ465y9vs-uVfgh$c!RE5kTqxu_LCtRkf{Tg$p^!$B?RZjLHl+ObEF2@1Z)C4TZcYd zHp&c2e~Cq?tF8t-xxpWs$@&AkzGhb)0y)rJ&EI_XJ-`BNh7?c_u=s8)8eE6z+B**3 zP(F*O|7(C~E_Wn(2e3Yl4&If30cgVL1K5EKly&efPy!LyiVG}75eGB@?6$xGSOA;q zvcnln6b9mD%1`Z3(X^D1(X_Mx2hbeNZB-?RL2Kl}l{l};-8A&g^)=YrtxBecd!ipY zPjU!9+ZE8=v}cf(WbI@@iwf>qggX@qB-f}ywieYDI2g=~#tJ&3EeM*;wgHLYJP4N` zVzI-*?eu9I2V<1RriVXDton20OvWnYGF!kJv?!P*05lxiqfg#HbQ%TZKBJ=eV0H9v zRS5S5LK<6WY#F_`2^v=M>j(9)Dr)=0&`&la)1XNG5j3n{6Gx*BQ1F;V>21vVp=Bco zsMq3;TiAzXc&Y|zTfsBuzc5i&L6w_P824k`90us2_GdfnK_m6{7WahGJ^XW``g3O#Hu z@V56q6P{*dUdu<0M-A;?Kb%v6LR%Bqkcgw{_D4?wRFj;8Yn=FZG=I;*C1Py44&X;I z_39uz##v%Hj?70yPM)o%-+OpS*Hx~yJoUR&&o=i)(tC)O7o^=@_8 zFZ-HYdp>8{yP08A{`3f@6sLUt581fpQD0|xy=CJv{>N-wilT&Td)1dDSJ2W8 z{>Pl7b-T4GXV6ZA&9Lxa*WteyhC*0y4=zF)Zy0p?wEaf^>@=9>!%N%7yJi(;XoMB- zk@bC#ewc?^4~MIGiqHqwFfmwfeVbUrTtnT8bNrnM&9~3sr|i5vxY!RJS0O8LPReA2 zPFgM!9T?>~SwcFmB*F|~SIUL9#mA1YYxAIXK>wtHRFk^xsV{sNAtYQ*!9)&d~Q*H*$go(uq$h8HG1auCFsG4#vYk zLvqG>_A(rwwdFEyC{pT?zT7QQsBXAlh9;%J-;CWhV2>yj*tmG17Gy@`}m_iTdrPo zf#t;!vtdOD-P4Qy*$W}uEt$)4kLleEDaCF^O2^5zMQ&vXOBj>igMBHgz&Xq$eA?*a z6|St<>?UT9N5mmww29dw!WIy~ zrRMT{A4v?oXSZI)T_~HGRniG&7OYXj`Wtr{2pi2n({Hx(DfkULhR4Sp-8lT4{)%uJ zcv$B1pX>(_`{<7k{-oo&*V7hQ)5!Z&cG;YAyp`D=P-q_sKoCjaO-tU3B8Hjp)^M0m$ z{On_}u9Q+*`->p~>x@4eIcFKTwarVyB{w{b&Lh__H;t@KsWP+9eZO512g>cC`k#ny zs1R#IK?4G9IbhXr6##*agn??H+}?Xa_cF#mxjj2zWyx(Z)ug^r&pWl(itCRHL{?_os07xv?G9%_>gW=8utlLs3>|VUpPx)H*3Z= zFLC=sA6SZ;vTX(RL5{YFKEo0v6P!@UiW-Yd6vj`aT3K`F^MA`1Ln2BR@ zt(&dye~hd!ZVwW*OG|FwC545Dc;8Jv`e@G#5 z3g%+y3=?2B-pY~hJAaU4gWiX!rRa3OmqZ{^fQgcPg6VRVkYG`3z$ojC$cJ-?9fSq* z8yQ9?JC|r|L}da8S5t%l_jQ2O%{c@MY{Uvw`*O~&e~vahHn1L@m@m;Ji;X`OyA8?? zYR0AxQkOR6T_E$I&CmCYk~7zM7})!5lP7>EgqdDOu0}P~Z{Hs3K5`Ion^LjeLD7L& zR1$P4A&a0KUuOK>kM6^tN29-s{FWM20@sitmX@rL9aNff(fCUD;kyoaWy8s}#jo7# zI%^5}SlBM%WWogxo<)yd)_CBhuA#-7LBz1htredEnT(svT``>q`JoEBf}RzQ3PAzW zo?8*e4cKRJ@)e874RH^9%|>eZ@YNgkr9Oz7{UQcX&xjPWuhZcjCV} zLh}5%XhQO&;QJJf=>_oeLhg+WWjkvq+pEDHCe`k^ldx?gn$xVPx-xu zG^ueF*mD9J0Ve?`O?;i-@wr#DpqMbvX|j5P2S2S?z-}0n614-Z9Il7%mYl~2tAVJQ z-V`Wx9vt7y4Pa=-6H-QblebZ`Ir??1`!^w2-b8qoYqG)UZ55PSSmrR4+GI;~1I%9x zr6{%POW$_}=uRK~YUMv-8u{+V4u>>3-;YHP04Z)nBhCoRuJ51D{H6Z{%?Do|&lvfu z&tgUtx<9GxrnM-|&%7o+6udMRI3A9&I~RH@bFzpj4$YDZ;&jb*&4oF0@Q76>*4!AZ zBYM5_;w!CP>~{J+!_LIPWxOGAPJtRtJ z)8a*#9hN63=e&sp(#c%7z;t2kf?MYsu?jdt-BxHqkg%#6VVyc})*qaK%YbGuhotww zA@Y~N_%fMze|7N_MVXz4uP|11)RI+XXbAs51o@kc< z&-T>Genb>-h5G=s0jxBGXY*LnK&;$dVUIV1IhLk@jp`6Nc0R~})@C@xe49q}3dX-0 zuZPxYwwhMh$T$;3bl=m#M{xSA3KHVjjT0Jy#vyZ#ewmmBCG${w)Q46e^>34e+K1A3KS z-i4ch!JRn)yaEmIZiJ*peVZqZDZGve!zE z9@TXIKa=2WHE&7q`bcdyhbl$CE2w)k$#79IuBrsQSBc_X^BsJ0TfwvmGfApRY<5Uy z9jZDhrpjjBK^OREy&A#E7g*R%gtZO(c@hI5f0p_(dlq<3;hhqJEh8BrsO$vx7>56a z8{V=0jT?IQ75=SKuU-4kNlmc`klmWhh+f1yM|A2+Yp zjqi{4a7+<7d|VE>hdZYk9&T=;jI6j?$GCOFs}^6W@yel4`_#(IkF{X^dlvtW5)rh2 zM~MQJ{{bbq<=w^QvGDbNVit`PxEvo7wCh&7PMwLr-gva%`y$IfK5uQAignJP;RFW< z*+gk-0iezT&Q!{W{{l*XCG}HBvmiN?tohf~fbakA_#C|AJ+j;uCq`^a0_G+0-h) zo8!iYsup^`#~3tWGpwC27#80kvYRmVBot=aQ`2z*r z`Tw0Nul_4l?%a|eA7RZ>@y}E_$$zEF;|^60*L((T^nN!T)ym4)xM38AvAdXn=BOE6 z^!Sx=fX4caI~X#?myWhlz+{n$cyF+D>u7D3P&p2b5+#oV)_Pv_woa|>M-VgT=&$Nj zQGj{uT$*R8dCs7%w|gWQ2dN8o+wkE|eM3ZoP3+}cw8lZ)G-XeJrOdIM4~;DHQ}Yz% zm}f3%5#}QnzbVx|%b3of;MEOIIP>}{GhX9XXdKQFvZQf1n{72eT|6BZ!8lUq*fJ#{ zPZ{vw0ybdAUnql69O+roGbr3D*hj%hp=&2#rxAkuq6Uoi(Wi}7V@d4RVaA#IZe-;l zx2QsdP#}eBm|*LsxI$`rqkfnL%hN@=QXQ$L2@y|a7TTjoh=+X=C8{T}M~hOO!kJH7 z=;w7|mE6$EZ^Uzy?7>GLEtg*sT$&q^*KA34m0`TgmmNVG+HGmnEpQv;fTZ9d4V!_f0 zzn@__+n7%2uj)u-SWv3*Lyn;MBd4V;HLDS79CvlFb;ff!LGL+q!A;si#_k`KAujnR z%4{OOp^RvifLP|%)F3V78_LL)o5TJ=ndUc?F;_qMgEH`LH1@@Y27?yXIb|~}-X}q2 zZO|Gq9aeIxKGq&xNSjIlZ4sMFBYNO{A26}5>0xE4?;~MHjUOQ?z-A`1g4kzNTuitHZDC#$RLe^mtK<(r-s`0X_Y;K@RBKxy+|;L7uk&L@{s2bwD-cYCpJ z3xCLlXWk=)XY0Z7PWf;n{((~z*%V2R^|oL?m~O52YGZ=Dfq*YOJu?=jw>PLpC#Kz` zV##FaW}4w^@#nnK%ViQrc2}*sMi=_@s}`u7m<~F0+~_!^OMGc(o;BC`G0Beg_=u!2 z$?u&s8T?5^!e3gz(B#;1CgednT|Kfs~P8?2Nr zb#}Si&fG__sy)?Dqc^zF6!$qYxCm!7IZn?_`hu&E#@uw^un9qV#zr~M9RXpy;)8kS z?*aHdq0TqM?YZ3dl>w;|f*+bc@~&ylkC@K!#PmXQ1fL2<0qNt8!qFW%X~`>U6Zn~w z2>ZY&@|zHC+At?26w;Z95z<*f9&~pkWf9V;EB)lW2-+1qe-hDIAtUaQPYeVck0Esh zIpvEANr;yetbKo%KUB)EnrD5Wri5n*F7STi#6JNeVU{U+`Jt zFyTm8%|EgmQK-Bhlz~r?9H9|5nG({-ZJJ?YGs0+8&?e3hOpA-_4+^2g#2S>>1d#yR zbk9@1WdgPYap51+;{Ep$H3lgpBkFR{WwH5}#Hso+w&Wc%a+M@LYp%kQ)9BDe7rjSIV3;!(&sBo$^&91g+C9J7qn1^FB{@bi zPi+WG;pA4KE;?d2rh$S2gEx?lO#r8bplu}4qb_r{lvIO11e<{{qO-=feJ3d`T})zb z9+q3Hg(rhJxkzIXGOnxU#Ia4ULRCc{F|PWxuOO}Iygn$;1Fz3s7@xDxo)T)asWy=~ zQtP3?N}b`qfz{o9e2i@?qn2kti=L-E7EH|Fz-s;Ze*h~@?7fq6LAxn-ao{oVxbEYs zCj=&e)6fb^sy`qh_ACTY&vfl6j7b!o^H!_L;eZbKl!GXU;`ZTwDWEIHE=G;D+<3&l z`v|&Fh}i8jF$(^iAS|RF9SSUx-}*OPYedMkTL{xE2fD$R(b+W6N~f#n0qB5*0Z;5^ z&Cd_Yuddy*k6Ay1duLL1Zn3JjIBDE`MxHv<4sV{65q&^A0lFrM);+8Vhzv3^Ay1$}h4 zu?M&-!z}0-m@k!U#gmj^<$7?^!(!xmsLY_uK5i?vgDhpR_BTs;q7-B)PkQDO1G!el zBBxbk8Tt+yKFKwLH07@cJ(9CS;!~3#@?JLR-L`_u#Wn%c#!@p%&g%d8$;kDw1HQ+@cwo(AGRknk`4v4LW)%=Hlf+c|dJ{p+MnY6&++5(Fl z2d;N8>PS^y301sFdic@zyd=bq8em4cf{24{vAEG6iLap01a@f!cctKgyMQsUR7$99 z_qq4mAy8IG3trA(n`4YdP){JF>{`<}0(OG=LcBmffspdf)A~+}B=WC2atP~ZWze_1+PF0_W8Q6_N1I-6{ZtKU4i_ z`@y0ih<&*Q7(U{`$S_bs$}rFZhd?|R2jV#jTV#s0|GlK6*`&4kzdF>yk?=)~|8l4w z{|AS9)BXR+p+=(tl$V7%g^qhG_$jcYf0&N2erz-fdLIx1u~E`Uk2*Br6cFMZIZQ#9 z`z;~SEIt1O1Df?0dWv}$n7*(>%=VZsRvx}EAs z`>Vd9$&#O_?jlA|3OCw5WJ5N_SiTZ2^X>4qWACm$+;CTC&MJ&eXQ!db57^QTk)|gR zkFHm7ZuRdElsZMYV}k0XEe9g?KhXb)b7ZwvEAtXqvr_`Jb3CDDNy!9r6icBRd!hL} z=!U~$r(jaL9ZHJfP-SKOunP@v3kBsFi@9}3sByS-< zF^R9&Oq}wFRmNY|Q)$vatS7Ac|7JafFD(^cA1K;hluG05e6n$pDe!J;Nv^fc?@#PB zrg-;H>q)ZAq1UuCp9bQjkXq}x?PkJ%Uqq+Zv@q`|)7d5+RNFnj*xzpQHNw9MwKupy zzOe5Y-W$b5&$5%bJw0<4N&Z?eZTbt;<+~ebw_=Zj!BA+mENdmwcNY29<=cvRLpjf| zn^=iQkhk{kceAX>o9`6idhOA^D%nZ&{OjoV?knFRPXEE=-+iY;qT8&TRdlb{+P?`; zEUy2;xT2Ry*C9k-tk;jIJy$R*3vk|EUPwB2JhZ zo&~X30vWV9a<>{6emRD8ZJ2mg1)Kcp18eE5^l_)mLtaByi?Z-|TXDVA*zrH4K)baTwvgYIjv)&UzoTY+ z{)McuS4!w=*N}=F9PjR@zEH9!FA^jy_X10$$2&eYy3~7FHA=xRKU2&W<44b z{eMV%tME9YEL&44mc`7>lEuu-ELn^eS#N`wbmX+Nmea0#}xEesunt4c)Ha)OOQj(*YmMopvx`#x%Y+ay(Szi5D?5(xJ# zeYtrBI9@1KtKhu6q8<=qJHh5pGBT3^2bwo(-7ztCt@$CNxd&f2s#cV^ zU^$*XjWQt&ilJ!{IbJ3^O-Jb^7DtF^O6!QF2^>`sO?1S+6VMh0H*OgEh_vYMm*qIX zVLMuMIudTP;Fp3YW*dc1l#?IEZBzhRyQ72ZwUr`?ke?-5(TY>%p)pp9df|lOOG_%g!QPyXmiX1cn?V@Y{8D=@|NN7Rq-^6MufDNvAjJuV@h?uW&}!wxvy( za`a}(qmj|iI+aKcn`hc>d8n*|q;&ojRf5BcE4QzGN;gza%Qg+sq#Ht~9QeqvuHHDj zUU7wfskCENdE0o;*j;Occ^t0#Rn(d%oHT5YTn9fU63iIu8`Ll-52CunZiRz0T=P9! zqWg0B>&wm({yjphz0a4YJS{y{>FhDP3%BiG{(ZoSTM%9QK3k_ydSM@T-RmdG*~&U- z{C1&R^S2=c81c#34K~*gl-62o^3av*rEQZDoY-P7&SwiWd&ZOKT6}Y*t+#>Api8?U zSLO}@+bZl$VGMSS-Ew-VS*3~QqTQcOj)O__I(7UBCML1e3#IchUw>F(WONK|>a1R4 zfCvEsl##&#esCZWQ>g|~5S3hq`{jTL?U#ZGC87x`k`pfafF}wT5F=vcTj8~eiA`R{ zK&nB7GV2>8xe*lmHh|d|eyuRCP7kWJ!9#gr%hJA`Y*dS5#%5eOEeDAoDFMV2_ZYW- zA9?m00UmxbVD2&Y8~IY;H-f>q^4S@MsQygU6!QoUj5nPDWC|o}A|AjC=63JqRy0Zm zb6L?r(!&Duh|~CeBZt`190_S8%<@Limk&lTb(3|=sC2;+xK$6CKu~OfrDPB=Uq%Bo zh0J7&xUzOQw^{?-WX9tCo7HD{b2jr*B`}pBnfz=WA+~UPn%$ZGY(X{&5I5yPx&U7B z=zoqtx=JMhz>=`5@b?4>|9(H{qndIST$k=3D&SF038Wj~lTHct3i)_;^>~JMiMz$2 z2>>3!U#5pU9bRcWr5hiUjOawbO;EAy#@d}aUU}0hSm1FCxP?{ zzKjXJJ>J(edb$JN*V5qgd7gW;YFUvsQ4bU4(eraB2j#)WXAcvYmjFZ!hf1lsl9#g8 zecT*yHpx(Wo2dr%WIU^euH=7p?HZanUx8x$lMb1`1y8Ibi18^VH+%1{HuC*!S9BO~S0 zvykM96cDF*??G8%%$P;vuVAnZfH7VJX-$BvrVyU>3ylU2AV+7@j$JJNd$FB(25zRi zAt&hulU?>yg2~8 z?7815bsy1atwtWT2T&)Kj<50)K{3ax1)peN!O4f7g383M24);JKu%CCYnftN8oK>w z@i=3a0Xj&zAU3%M#HYevG&%hae~v*kATX$0r)g?3zrAPSk{@m7K|i4{*;PPZHDj-N zR?+P6TUN6N_}&I#t^(5 zG@(Bo^8-BA`&Q<~Nqsr6AP#8wGL;0Kp`pbAjGz3J4B}8CL2t;cnLf=wpe>VG3Z1+G z*cXkbBMC>XU`{Tv%(*1|#By83wwbqiYG{C;LRCnu=RriOV}>09YrF{Kd#}pn^KjH8 zFO!@1X`26`Svnjqszn?jp2FG!<;MrK>rW5xMba7q|2wl<-u|CGnDj%tI#?s(SYf7} zFvueSY5KwIQv+Ge^eBh{yC0WeumV%w4B+YW984WCE7(FbB8)7 zdXYVBoDRaap}m*J;b^wNOoMsZQm_rR7+L&Mzowc7>y9jF?Aqz>+jaMs|4i2))w+m7 zqzEf!m(me7m0(n8=;H;Ld4vtZV97Gd4O9JO1r&uDma@y0OcH8;O9MF(l7(Fat0DM2 z=TW08|H=GI7uSK!7Cip=Wy{y3?&2EMhEsltma6UCt#^_gk%Y_bNH8R*kU&skA`eYK zNZ_ZPsKHytj4jDc2Q2qbj3@@iwGe)Bg$W>}hf=>lNl(6cm-i;0@P`Jkf+F`!fxZUa z7z<|4)-nA??U_ZXrGzt8+0%6UbU4yFlS&zUvp2yAuF=oIb%&xBG28pgNpzfNjv~~H zLN6jd)01K~za%KBEnrZ9AhzS>rQYk*t6k^mfK250kY{}Ubv2}nQi=Z6IR`4LUV zH$V`vw|x5?f~TSbff;>l`O9_Sqv}F)UYWk}fkza}LN&ugq-?f)$@==cY zEDCVNgFKK2h^m{=1_V94eotbf_~19~Kl&;bxfpYv8c=ec97cz7++l6tl2Jg@lF>y1;uTCxFBY;qJ6G>DIG9v28CY9xSJni0~E zDMzC$3Lr7Y0qM6nN3jCda{&Vf`Xd+z7yNnE0P(WL5@nOn0VSLORpgIl0atGmW~cfy zV`=9!K2mD{>q>TKlm>L{1Ms%kYPuWl;g>eDgAS(kpMY#J7TNpjB%DF|l)d4B2!Qt> z`eg^9_-*n^Y5VCrEvDxQ%)!>>ukW{frA2fByywyd`~ETC^dKg}6ZLQj3;NYv&ws0q zkCo60Rb#(@MTbPI(O<32wn&FvMg-i0ol@q4pK>V7Vw`fggcv2a`$KEuB0PcY^MUMl zj$lC>Z158I@M;25)TKI(puBJMEJZKC)leh|oCFxwKT1N1 zw>%nUU*L1oAQ$=R7a62A`Irg3xm+?@B}$W}jT2v|VIkE@t(h-)&?Y&7`QNaz_2=G7 z^%fqQB}`xr2*m;hD6|uB9SOe>CBS_faWYzcr%NRsAUa6Rn|Wnx%q&3Ft0Vufs4`ln zeQ?rNK-~kEKb@JFHZ`m&>z&(s7&l)e$7dys``kknlP+uKe6f6yB|^Cufbb>p54xAIx!5dGVfWRk60CROz9FTPgb%5pHA^C z$Bmd)MYXw3SNl~UF_AtT&^&F&?7c#l=m1xYKc?m|@mq?J@W0FDo(>l(Zwrl^)gYi; zW=<+d&Ec;ax~|F`Zl}1o`l|oF{DY70U$e}zX@9fK*6yFk-jmMyl`!Av)JWWWiMXR? zq9gO`k=dhTDt8@sA8+@(oUD;gPG8~DJ8$Bgvw*$MKWWIyhW(YFd-*Bl(IP!N;LH z1cQa{x(-u|zn)=0|5~*bCmesq5j?JO9r#P#rK0q$@Tg8uk9<6Oa0&g=*AF&aJv!o(o6W?8c<#<{1sW!w zTQj)N_vkeN(-=Abuv~ zBCK43jZZ!mi}*}i|6_4!+6R=(5bVoW9G?81ru+#3k9U$_fV=zj^b(TS|KgX7_~Vy+ zI1L2)Xvx-MmTO@Nw^SlhQd~{Bo8rsEx=2Pp1EJPKmEu%C2}L8!nRllwS+P|kw4qPf z%2))`a!nW_m(G7HoVw2p7r~0JC{px=7OC*L>v9sH?-Kf&X;}L}f3k|J68g9oF?}u@ z;>)xa3Kkjd5d54I(qV0nWulztbp=hX5T71DgiBNnW)YE{3W_z6Z>lR{yW=m?rWdSe z$n+&}M@sbvXH*(}#A^zP<>e#J#RI~0?pM5=zTI6goBqJx2t~xN8e%;V5;lprZOstaq?i3Va|V{K!q<8o9D8H%}HiCODjuN z(7TFloLF29J>sHgxRygV&2&-0vAC{K2@EEbsuT;T(Su#aEDRi#f~+jF5zC|PRoUHGnx*V$|)e$EM-w1`NV zR7cVqoe(Sea&Y`qg9MdS+UmrYwnVXF*}DE0p+tSHz5_}Wjm{j3tZJVO&HX*2hbFZx zdTv|QTfOS7d(%kub=jvG52vfBLxFMM&&Z7uoVTqo7``p_F9F(LvGL0ev5kw`-C%EU zy~kmcbXhV~VQZ6wCnjfnCNptqN(nCxSwGlZ`d>;BzvfXNqnW$AW>iJMe8mUR+=Ovj@j>-#=qLbA?E_|TQ8?2ubC(JZ~-&_9TkeEjkDk=}A=sN7oe_RX#v9+VS& z6@d{dP`deaEL)XB(iTEPwFIl}(+a+x@Fc*m#wP~<_MBW4L}< zGkfWftLW4jfv*nHSQExs37Cn_PIW35Gp2akinfroBy{lxy!=+UgXAUElcUt*IO;z^ zcizd9qNG=w4;!P%Y|&Ao^f8+aBLp52raSEnnYi{ks=n;4yoj_(Q00l=_g>@K{h})F zi^|do6ZmC(Z=fKS?_ZurHm4@GQCsF^#6=r<3cKgtk90rd3+-B{eSgfWmuBmrj?9L8 zM(Ink9Ii#3AGXUihCX@Lb;F^;BTk7*?h zfXbDFg=Joq1KOCc^55?(ecZ!*p3S#7!Sq`PCQ|Pbn@d&HC`Gg+*&VYM>A4!Mja!>( zcx1jDfi;&m_5OhvsC~Ok{_&l5C0f43g!)W0wUAD}zMgC$i%IK%vVxm)ybQ2f8GCkY zC7e9s@!76QhQ%gFOMIh{F$<@~gw6j!ZOT*nw3e?U83#c*F=S(#^N64(JLvRiSs{#j zsn2KQ(+WfJqaT>6vBHqQbbQ~v{Z<~RX!6<}uSUo|@LaHT{@i_St|&4nW!Z36G-_hf z(Ajpss|D(zi-XqP0z`}i(3f_$TOIYgQGh3bsX@vxu-9tl-B*AQ2GAt1knKAlo~ z6E?X`Cb+~nk89GH>UH1-NTtu1#uqhURH#lHEPiTOsh~!_rwC0$2SZHhz_w<0m)2=R zCV{F~&zUe)2-~MIt=`yhB)9RofWVlo_*l8;&I)SXw0x>);@{QPS5JFYJT#Q7-;LNKhz&N<_*YCDqo z^=->-r;1yB=R=~Uyr`^Wto|8cs?F6^O&?nArfQPg)k#gPc{nA9YliJ3(=2(2S1x$%E*f*&RS-BV0NWp!u44Ke^du}UC4DQ|GVX;6b6fWfv&cfi*Q)UO3yjv!1Rh6U)& zo(k|tr1}JiOb$?A$;Y(c@hXChy@w1!;G=&UKS9aZj7Z5OK9qb)r+$uS%Nw-7)+9Gg z&;RnZ8SiU7?2kB{F%vS?idbYd?@wi*?$}CEuja_rc!|Zk$`eZcJflL@Ac5Gr-in;% z$`A-Fqgq5v`BhLDhr_f&M&i0K1m6-=iJ0>%U?^CgM@>A$HDPs3_t*qY#kEP*am%*& z*&Z`URs5!Tb+NJJB1Q`};pJKC#EIC-RbggL6W9b#B3nLnOsXs@WwG^GMXSMBu(WAy zvD1}tl|i<<&yKc!3Eaffgh$FyQup6(m>)iFu}5gsoJz~vt1v`u$WZmbvzSaP{hq~Q z!4@t*)`y}?PY#~{$$CnuOvyExm2cBikjxz&V+z{R;2OIUCHj94!sl9D$T7WZs`noZM5lt=}t64n4WcI;hyz6(3bW9EIU_-yS9*e>T`Nt>*VTw z#Ef>Yrz#ZBA2ZWG#!?!78@|2r^g&|G%Xekj%7+H}lCH%J4RVfsP@V5E)G~IDG*e%; zlvp>cB`Wee#q+WiJ*fuv-jD_m{X8Eg{XVu-Z?6wr%hoSF+Kp7&b=D z+9ek6nFZV#OyB}2z7rJA77pi#;oHtVO5G_sz=zB zlUYwW153!wXWmmGC;bQeB92-qZlE;y^B>6zL0E8|bm!^3(^Lk~4Tyc_n1AUxdvG1E zkcPwtTB|r!uhsMM|k~O_M_MUjF&S%Q9XG@DW z#Nujwwr$P*yzjY2-p9U38pNyfKVuPtWc;B;}M~+J4*FopD&_+*0(T_0mIbz?70i$sM`^B5pUz#l<^(swxISp+d!rnOVH^{cHCo4;L3V7mI@Y)!!`Q zUgQ*U@xSoE>U)`3D1%O-$4czDOm=My8_53$%!Z9=>2&qQtsR0jrgkRJ>GJG<6V~!E zF;V~S9(Hpu%i#TA-NWHx|7<(AXyjZJ{NZfu{_lnL_(a>u_p`PRTx^bS0#5j+u)XaF zrcR<>aZKr1OsgiQ1-JjNW%a7!=5oS1-2E(Kn1EsJVbKXEAb+Qdhqx&}9d-QsCVEC} zRUq{V1tLb5OiYJy8>-dDsrRPXGwUMnlt^9q@De$fuMjYV$mK4W346M2X`vz%wh5DH zEIjWn!tyNNk$8lrCC&F;@tU4nI7QQJlXCJ~FN4ld-#=1_EB_}cM9BY#6e0&Og*eX6 z{eP1}>T*|2SMN{IT#ob+GbVVHk-hjV&x9m{9B-(oAfj_qB)@dR$iGBY5B z8_jP2*^V8>~nzt8zN^*d3{&AcgP4Pe;o{^O<(2Up2ZiTKUs zPxBh@aY$ZTJ@rC$@)ZSs=KC19t96)w*(plbbXtEs`xH0%&$m@KHjhAFXmoR=PXbM2 zJY=0B-Gv+l$zB_iItC>>_WArVGIeaMon4B#W$9~r8nqNwr~BW_v}==`UB4QtjEl<% zxk!1byiJN@5=&}}CB9?z zEyTEoPju<}EY+r7J3K*d$u=#3+Cgr?^=OI%w&1L>IkjhX@BAhm&_Ock7TrOek|LU+ z{2)Q-sCgnJL2~xTl+OqcuvBv07C@+QGY&6&XieVSwTZR{}+ofj{89}P&zR@of+9t*T4f4Jv z?A7JEuNpk;8qpQg@og~v5UoLPR2E0QXdavO|0Av{mmgJlx-PC-J|=yZ#aZj#7FUQ; zs?M%~(yB?;)I!?FAet4Zt@;Xp__x=RZtrq^y}WE69L~ue^>ZXTLuJZnh_X=uO;P~^ zN%ouZx&KgC(&Geb&pp;+UogVu^n{TnkKx{xnWxB+Y=N9Osuw~=oTv@~7%>AWZhoVN z0G704E0%JE(`MoO@_GS%3fQ`yR*DV;*kC)mJGc_|O=CI`#HuW)#7iqrx66fZy;muI zC~KUMUxaV0O$8MLaQgzK$Hwn34OY;FdVHAcij4#c}YW;KkEZH zhvkGNyCqdb=T>Cz9)qh>%-0mb;ZJ^4GE=ZV`tY%PGH%P`QQrigfj5!6NC<8X(nC{x z^7fN5&>~HXw~yKjAt76cp<&mr)7oxggb$z9+2aUSKz(*oe#rIe4rgIAq#iRU0CT||7G3Cb`0V`1b5I&8ulf) zly|GkdY8XY)tmaNj5dtVo1rFFuP{ZEX;&)crBf|IGwq_jpPWDYydEeTR`{cCdTk58 zB2fMylt#%fDm;D^P81NE$*w>);ZKY#W3C>>E2KddjjmZyLZ>ti3hzmd z6i*BxCsnqS6i0O!{ra?jS%w|XdDx%~rRr;U)&X42RiCt(N4ec~n0Gv$bPk4TZ`zFK z6Q6WV6I9*xm`6RH^q8-o)r*$KKA1_X6QN9_JD3S&#dS#;WW~!T5#uq?)z$YRQu9@U z-1m=0uZIf6oDqtnF~)|E4-!Xcz6`2QP+9J!rXs8Fr>7QIuuQYb^5HM`c_GKiFB9p_(VL$ z0&9umT|wbsnj(j$oLa8lY#O$E<{lfib0!%(%TAdwJGP0ca(V-mINnb?(}c#5dYur4 z5$I2YpRh+fBGD5?V;a>m{2M_l&+}5#E9sfb6GFclFT5z>(e~aEvxKKd8qL(kM3Wt6XUpOr2!5dnR-cMP{`W9Z1rmavHu<(1a z=o!WjmrOIs{wdJb`iH&ijGjqbBy#foo7KU9 zocYDpFACP?DQRAL8kaLWIh73%($V-IOWg%hOv+re5eXnw2FjA;IzJPNmrr>dTnWgj z8AhzZ;|n;FKxIKwSYNOWPrvp97vI$VCS2V+Ctda z%b)5Nf2x5r1xyf57BvL`Zzlv#GVMb#Y>I8ZLU_NA;(0vD9W-Qif;A)i!nG6=!B@*4 zIuSpV{3^|}aIEBD=$6xZ7Qve+VD1JV3wj2e4IHFPf9{dp$O$FahWf3WMn8E*o_DX$63GpZ)fVQz>y$o!CBS z#)_}E*B5ZO8j3tm9$j3-2=7sL0tC3bpa0}SyZeC+(ajDGK?wNjm3d5MI<*~kmcD~efj@}!Nnjd=p`n^kR7C&k$s%-r_wPLN|Dh+@ zX8-C*!{UF_lPC#Cg?I{ytrYgm6uHtfqiK?@oDV_}!XtJ`rn?RQfFg1t*{D`c3bu&M z!ILa<(WKXe(x?T(3bRQphQf$o&%E*IBNbzi9vtB^8L99X4__zDh>8u4b4PN}Ijdme zjmIuU)HQz@hBhg}*Vs$cP5h`2X8hYfWhw13!Pn31sI(AGCMtY~zvH)idBbNZcjy>w z$vu?=_DlhHA8|g;rG}E~vEqT)f6y~CTvx-%ND%z3;q8h%{-^ge=({{(9;BZcmg^~_i8xap0bCDQn4W4>;~ycIlZ!Lw;= zl=u6gZ!s%B%h&D{FTsVR87F}}cw;8h&O-+rR`>-Yh*?cRW=t0Whibvcdw*WP z%Ynw5$E*-^rmkTY$e~8=Wwo^`LSCXzNtL+LtOgPuJ8Lq`;%q+o&Pk`=mbjz3mwsl= z7{6nDV{OGU8=4gXw1U#E?3)G4%8eu@oBo6EI4gsQP^bWJsrSQ2A5Z2O7~CLdJ*n-m zq`a;g@${lf{Bow~aWVO?PUpR*{69`-9s#MC(Dx+#)EuDZWQR~@NBEEg07sd1&sUOd ziXyctSS&3qg#bIaSlM_4UmcuG@$L{jDGy4WH--kKY!iT;T%P?fe5QXwsO#_1qf@zv zbzF7CzmHMly2jU&|4*S+<|UFgbEqyNokM<(yB^B_Nq55SHZ1)&{>|XX70bM5H~`wq z|EYc>f3xw?o{pOM#-)4HQv_>U0}1xK1->_B=Jv%7A*HYz5W>3u*u+v~h@u0d!ChzJ(Q`D}vTs77{gFXJYq1*KDva{v?i|l0iKbD=mDDD50orr&BXEh@ih4>%Y zNhJ0!vU5T6KV|39Z=me#WLEnBB|E?RGwwAIcDd1G27RlP{X?Z58T+3&ICd`r%Odr= znSWf*=R*IZ>lqxM>@Xz4aqX|``8Uw@ysaid!i4jTbKaF2CLf*mp?v7gh%>_=IoJ4j zmcpbiDv$pDPZEy$e~@r!&i{>sqjv=);Ur%6{|gBx=(p0C9u`CBO!o3k-nQIQV%?SO zAc|bE$90<>FAW9p`*h8(S0v*OV%@U$vk`k=TJ z36RDMPKEGZ@`+0DpX>8Dvs8nA&AVc(ziMDD?C~>W6d~=Q@Czd6+~g zQJ2Z`S;I)LeDovbjbo;y8Y5LDi2TW+=CI%8tJ)zMg7&q3G<&{Xt8@$ykLaDnv%mFs zF*NmnQd*g8LG3T-c^T^N{YjffhnO$-&V>Yjd3+=-fQFaqu97m7TwC0vhJBJu2VB~O znj60IHK+Q6{7|0lmvp*12YY7RJ>7?lnAd7a$U?-%7LE994L03n7Uy;bkEKfIsX0Ii z?N}n#IzvqQPL|LxjZBuQ!6C0Q*a;>NmI290NAEW`Tcn)9ju>Nw zsXaJN$_px`#H&X=J*ud-2j1{89SmX%*zkbf@Q4vZf{M(03tf$s-~?t|bH_390k6vU z2wUol+&$F^C|l~}&bZs^+ve>%_Y51}C8!Mo5;MO^U^v4w^4CB@J;9NhgHV8@i`H}i zq3P`8AuR~@IzG*ANKc9xt2JyO?I14c0qe~l0-hfmYwXddQM>Qj)u3Y&yhev9DAXe^ z6~C-hcg7FKZ8;q4aHlfT4vl@dkzk~-;z6Lmy)`AKEI%-QMo__Y3@2HS*r-jA`Qto@ z=L@XE3)W&iVgj~~`9WH6EI?Y=_NEB70(|Y`x61ddMZmXUdocZ~d!e>yX{8an=-(6# zx!@@H-*q!HN)bRIO28G55EM&)9)fxgq6WNUu;@Ua|0EX{RA{@1n~C=uD+X{{ zgV||Gt#1hU#ZpF;3?~FCW>r3R)6I2B^PdPo8Y@Z;1ka>bHbY+wLajSL{Q;ZM=629JrF(J$TIo`)G z7kPKG8J~bvgjkQT<)Nh;{lTvlYJ?;L!JQT)DrI|8A7A0-deaqAe6ePIiz#RBh#rv0 zzrP)wsqdCEi5y77Jff)BMv?5e;CY!qnH}NpJ`=3fpFy=pEdf%J6Rs|MUS&R8_f&q` z(s=-IE-8X>Rue-zoF4T47N*GaZyq1hs;YopUhPIaYOuuvb?1#Tprc*%ea z3$Lc#M2^+?dwol2TpRsIm*@-QduV8j(hqgJ>|yG#(FReGSo?~jglbojSeP*NRwXsj zCTvXZ2H}>L;{#epHDjDINYgOg!7xY@Mjw-3W1gMF?$7B;TE@WrQwY%HPx7Ap<4#6z zMc?p_f+uU}tQ{1xtzO#ZNv+E&70xw1EHdwnoEl4;+Bq4z>0(SGsl$0)yD?7ET`FwT zx(3#}_*WJRv&>XH7agjB@vKdq+;6*wH}w!w$x<8H-LHQ9$XxsM$2lwvpU9ELdL=by zA_=(o?5&rM39_B=ml`+lR(HD`J$CROhHT{})(w-!bdD*AOc&ca*^s}|r%l|SU%`xL zP$L&jVJGS+vL6+Yqy}Y%^%#v`;st##T5o!hp*n?p(KEqMGSM7*>w2E6s~8ZlZnxBY z<7>CQqibJnJlo|fUlpjU;4@w?Hj?Y6O3*mfe5kT)b>z7o(3y8%f0op!$U(v!P)76a zX6)Of3{#;Fw3|MH_FBkN`(dRu>r> zij0<`a-?8!q<9e=Oi&`%L9=b-x9e{aokXjL5lTq)55d2tyd@RUX%QtFsVCe|2sV@D z3mE(ogaQ+w%X*MCR85sm6jK)=M0+AR8@8Xsv-V&F;xLzrGR2Wejlp~>DI_^Gl;AuY zROpjB`o5TIc$jzB7C5e1C#XMQd^j4ObS!6fiBb3rZjrqW5>p~UP7cH)&4d<+p2e^h z+kWIJ>Ub6wj6;Uaw*AKXdXNXibtH>s*bDRo5bajm?y{{m$&O949vXaqXDB|KyDxPw zE1uMfpVUfc4U|B>Z#B|^{Tqd^kMbs921nV8I+-e@N{HwyWC)<#$H0AU*Yn-TX@ zP+*b*S@c4P5Nxi7fU?>=pslmgR*0uK=0vKlJi|XnHahM~*USeK$1Iz9C_*Oy?hLPa zDDIGY0j`rMNVB zJ17OFT~&prrJJ>-M^9oe=u`Y3a0mkq!gf^0U6>b&LCx)D!`Yn*O8Q)WdEaH_gp^cy z@%%_Y#6ZI95CxU=5(v=T@!IbhiAaJaz|hODPLY)IFg zm`FavucuGI^_db6xISaUn((NxKN?(Ul7M^0oO>F3PQB!$!nhSjp&DG45^o>`#&kK< zh<-Mtw21D)u$Bgb096w9x;TeJx5LF6(+Z_Z?p{JT6PEfpc->}sCDdG~%-&Xo^iXfPM zd9a4Z`OdQU1QqLqOH|tB;3or{n$}y$0g^0D1)vA$(0G9)U+1Ou71EkOkkW4z9sdB~ zsEkR+S?_|cDeZ6uNxz;2u%m|p*cX&9NUZ);Pzri9_dnB%8TL|p=jM`O6t=@zdWsdo z70$|vdt4xMeht5l-gh$x0po>LB^lR}dEVI)vSrvjqPvW0<%rW=pw&jlahDVc{e(L* zvYmUOR@gdn*YCg;IUlrxz{@1Fy^*NkgCgC$=jW0*0~#P$?>&nx7)WG;uoD1{Ui1cn zZ07y)PeuR|7a-AUdA{CM>$6TP(3#X%R}7*-QWB>=R}${=Urr3|l}e^#-Rj7`hnq<6 zKoKM*$f@;LZ_g-Nh(%_7z~)qe2Ff^8CViKgudGpR5BQNIrp1^3TZXad%g6^x?X*Fo zNqc}2Yy&(&e}^jZsSFy@ZcJz>F1Z)PLs-U-5?OdwaO|N``6mw!@YGnhL|hXw;}`o} z5!#@%?a!$;r|#VaEMJ&HEt$lKT2@0z(YCctYpSjaqJ60xJBGt1E;B zuE{E?KO2p-)tyhpmaX)OhONYa@-e1O)GDq3s^u=N%Q}(_GBtXs#o<0u*}9wn6~nz0 zMkt464BWcfBOpmgV#HhuX*rwpn9UteO`NpSR%IFnQfe`%;6{H7fVQT8762xnHEB3A zyS@hV-bokR7sP7^TbsvwJ{zwt6%v@MSbIB6&8nOL$1g7w{gMgTZ{DwsME11zUauZ_ zF2X-aFS507u2xtKQ{EL#|5cyl`KMEUFgk4f>gCgvV`^+MHKp$(m>rtofayG~zywXJ zC^oui6{3(r9BVCz=vrTF>{W zcS_0VSR|Ul|Lu!|&`Lo(O+DGEEI5HtFb_RKF=_O7+%%WfbJv|WTB}WiP0KGKCYp=( z-PP|6pDnKxR?i=v|Gf~X_w3{|=5xDvxWCU+G_3u$-d?poc{YqG<3D+_DA8+ZCIMW) z{eOG10V{!z6lv_BKzWI+^827sbJlQS61+*WuXSg3-7MVRb~CM^;{6#P(^vLX zVZR?!W|&}1CUs0FbqI%3n9E$i2ec~@@tEl2SO%>)i?l9F0}_hcoZR(c_wI9d&3U(}Q>oAH^e?sNB0! z@f|EJi9;~i4;OjDrFdg?E-;}~ zJks6v=~sHzX`gV8*xby)d(LZK2!!c!u!8y9X~E4{G-StVdxf{eXZ^gZ6g|>D)*rtZ zjdW<*B{|L3H%LZ&2fCVPk7L{Vf9CNe7o7>q-@+>$pin3YP^$`s*yXsKIHl>cQ7N0q zNQd53CVumSTOFpAO#r)7zyr77tgp`swXIr)3rT>8t6-dj3ki5dR;slUr=LZm$mgv_YQCfmD(Rm7#*@HcN+Et+D8un-UXG6}=q(2QNtuqop9+2K zbMSzLG9axge>*rsOORRPy4~u7{JZ{Cu_q!YzV!76RwKKo4{6faN2Yilt6i=T=Y#|2 zgdD9oVleQ0DL9j{|@3Q#7%IWH`DAT1>o@NHoXtWR90w`^S@l~tLh7ViGNnE&M z(uX_SIGs;7K2X5mi&Dzwo_bS;B20^3Qek-*f8HJBOUQ&U3pwpn zAL%43)%vpXvl~<1Gc_5IrOijCfr;wcBqnn8E zB#aso4N9juhvQM%*{E&EY+<7~q6#-uHTJa5z)e}tObu6>9ieM-+wiqN9XIAIi&-^) zSxdlLPaVO6t;@oG{+`AqK;8!daKaI0bUf~oV0WaUzT2sEz-4vp_2ZZRoiPhJS*qYR zFG#?%w!6dULQfGOQQ`k6>tNh`!Aer4pAwuBdHEja9C{jmPJB#=Pg3sfp?tU@Tj%Ua z88UpHMUdBpe(34=i&0-^LP_9h$|9Q}LFTT^`r0PAXFp|@W(OvkqWqz%BKGN#I~`-S zY<0zJlzE4HmQ8PNq#@dutXKti!#-pGIcNX^`Rh7!*)J$|Bfd&zH1tWc`OlS}T7zDA z;0bb*sD-(s;OaSR!vrbow*^gBWL(Ow#%xFdEBKoCU>DSyU}6qYKcC@G`Ta)Ec25vB zcBWE^YaQULe(~W?V%Zy$N2|0>#>0+Tq%dsd;?0$nSB4w=?#h~G6_K8_kKzTeQmZRf zDpjP7DsV1Gq9m_Ns#?oT9@X<~`5bpxica4268gm`_gSgNx?maDZ4%#TS91iwq+2ld7BADhgYFkwuFMghfD7K30UgruL(3Xsm>Qv)CBl>Do9>aYSt)r3-HTIWGA|JI5H>M^PpKt;p*WG1znTPnkIh~lJ zjIwB6H?diel@QV-iH0M^6`r`)nD&5lAByR*X6wTcAw$@Jcsrij3{sP#$Bs1GyjML_t8P?oe6rVOWPdsn@>P%-m4`pymDl>Cv z`iM+O3%1jc#1O$l5K$zh4tL`!<*a;9G?WXkH?qMHZJ}4ROGnX=TgKkWAF24 z`nCC`>8-}cLDkdIz_V4)0~@(}x3Ku;BqB>IC(lXo#M@Rc&V&YO=t1;#sKG=nL(YUR zGH>%>ZB^zbLhn>lHJR!2Q~-V_h8 z1$X#Q%xYykX7!s{dkeQJ<{+amlLu2ve^yhmfFg43$nJ{aAQ^8NBdC>D&9;NA|>t%xV!4`5i{o;VC^^+p;&g&dGH*WMgfS@p7`iabtp z-yG+b0ybksR}!yl!#RTBy~UtSYCa&CYODciEmgn{uK;syTS`%6*-l)B0t7B;#I&|_Co_L8I}=en z22nad#}{WMl+K*nX5Y3ruKjmxtylextsXU_d6xXsT|$3hD=q0C*xHXv_B45>H=?#a zlHcZ_rN^F68)6t(qR)=D6CDy}WML6o$jE|z8v#L$VplT5)fNd&qF^8*F|xkbq}~DK zfJVu)Ed^8QUPo*<&yZMnQSyO{GuS|Ksp%bB1z>~0>Z$LyH^283pTDfK-skzUkcPgP z^0PNUvJ%QjElWcssD}8wTlP6BxP(BF?Csfn1mTi~XzmP3`|IuYko)ES-G`4Ck@S#F z&$uXT9AO=GsxZ@fyaFUb|wi&(8r+EiX>+mmhOT<0nmf~Qe{-%-d`o}oVDmFdv+ zo(Rf`f)jx`@yiVmlYu$W#vO~v4LqLOV83A^aJkf9V_G>KYacv|I5_)^WxaW!6O+%pnQjM_9cZ^u>*+5wTMr=RDT+x5H)3MCz9p zfYif9>i@x`hpU{8-_1VEB7g}QV24&h7?HQ*&lnXKb>fUUkhH8gyiHW!Z3=FOB)Klw z|Czh$;+OUuGE{&Me+V8_fT@|tulBn2X4G`*MLnwqEk z4nAJi#s!t##o#HY&0~_{$R)QmZpZS=`U`DQ1&9E63|Pkvg6 zARbw;P`$8~0`@zz8jXKBI@-*pC6jR{r;ye%uh42*pCTW8S>+DP+AM|h_chCB+xXh(IGon%1Dz&~y*Xa`G82p*+eiuD?pHwF#L*! z15P-Bn=j#K^xHGi3wvOu2Ey0y5SbTWz4`U`_d1MjB>T|)+SR09d_ zyAJbWIpPJLqOKn>h{0q`7{#Ybf_}N!>7OMLW)@Ul6O+T_rde38w62wbPugHym0fFx zG4mXq>X|9s3NU7catdHi@nfI3`!-zo0;?Q@Y9bI=VO1QMwbuH!y3?Tqumjcl<;nyW z=qI#4q}wOX+#$Z|9FM|Za9dfe$QDn+;i5W(zgb#;K~oE#G(MK*w{5m>75Ya?WRGIj1rGlfj4U#d8RgsJSL7 zy^NU0CAmjq+73+S?~vQ9^Y|YdPj%7X-e4vD?lIe<0T=Yrq}o=%r0O7M1LXx}>y5bk ztKGrWS43OcP?uu&R4FP^2p2?s)2Lr z{5$|Qd&WT9+LCQ>>2%_lR*N> ze*n*48~>KF|BY*4*CkRJdS{23iF2<}Jh*)z!A+ zG7QC|p!~8(h}OLCwMel9R}W=K#%1b$rg{=Eu)&@D=@J5gM4HuWKE z)$6##819Vt@|K|Z<46@9Ka<9Jub>uUsFEaf`|jq-Y|fEnR8}ZWN!Nns&CDgX_)`3r zw(XV;={1~^z%ULYlED;3HvcHtojN4uqRPNHhha{!RK?TVpW80pAGZ)>qg5-$o_Lp( zp_Lt~TiRY{o{6koCt6Fh>j*x6PydPcb+UDi6+<@=1s|Pe58iW0G=08j!i_1i%27ru zvZUs$sr@NE@YP6^aB?qTwG`B2-qX8yC`u)C#(~-O$<2VXcdYFNS4m)#yQjvhw6U2M zb1cB#UE2$yvx3ZxxKm5gQKwgn;}EC`qXgK#sP_Fz6wsYHIX>o{v9@U+z+EPM+`II+ zwV(?XWMB&wPe9J|NTA1+IbMgGni$UC^H1mGC+s(0CtOC)T+@58H^=Kwt*N0BT=AXL z$bC_GUYsNeGwFkPiY*{W zvBL)Fc29chc9#%Apvu7CC?f7PljC}>0XmpHT*R(K`^!$?ES z2fW;pti=F^w8!+m^l@&3B=yQL>Fi4ZEHffvss4U1#b^07QXab>jg(1L7lz79m;mD$ zN`w?zI!jy8*wo^$Fz)&O_DuAOj<*vr(I z&Rr>MCz^H#bqh!l={5l}GMfY;^eHL_nS81y^|_LIX9OXt!Yw`=wf$eNMH}$M&$Sbl zr8jvMil~`9`oud>kvK#=e5$#FMCp`ViQbK=Tn)l6;n3Tx`ax_tq+TQvB96XY z>n9aO6cRJ*&FSUVe&jjx3;`&lkHu1>*f}E?#L2CSNqu3k+1TY|?_S5Izh&F66R*Z! zw{oD(zQWkr6B{O*o=ti(t95bEmXu}UTcH|RfYYLO@-VpO4XNg$ZhzBZxQwt2K%Nnj z7aNNw|JYu0`7oR>;%9nPAltNRTnNX8gDjr--O@^hJh5Z!UTA863>1#oJavCaND17= zx-Nv%ypRr$r#7y(pjzMB)0&vs5v+JFQ!k)bGX2wNtJdPojf6TO#poVGAstyoRsTmD zH&96}l1#zKduxMHZIjLu>g7ZImJ>7Kmb3br>+-{Wr>24*vlQ<@J?}JpG zRGMY+TU&=o&UVfBfChTv4<%bbX}{d!(MT89O#1FCuuASP%z7EAgTQ3Hqj>kEObz!? z_uq$HnghTgH=h?vB{bkhqugfcN4weM2bVgU*?n`J9rnq>+wx!9fP2F`nqU-}ymw3Hfh?lUcrpV5}>B{A|&W3(;OA%5uv$IeFsuDqr!U*LJT(lIQKRw zcBA#~#igkFNldkOwHKB2RMQ?cuCGfHZ0bBu^B&wq9sg@+!`)-$?1bou34#!Y?1TGU z+mXiUN|Xl^j*E5!FNz3QQm^n2ZqfDRk@LHu@&75afx!^~X*ZaI~ayw0I7VM&|t2c~}1vQ3x~3d6nR6fR|wiY%&z7+ihO@6jEe~=tN4G9P#I> z@cxyndu3WQ?qPa}igFThili^6w(HTDiGZZWg~xQNK2c8;T7aX6lsbj9+F^2u-x;Uk zv1YBdOALpkVP9Fwv1Z^zftTjHM}tWIcU*%j$?z|WrhO7%(ZKQxnQ1vjFgi>Ec84U1 z#~KNAKgV3mH(VTAeJM0D{pL_5@RmG%YxXq5J*#L^A#PG3jfwBpt0gYma!-^@#7B!f z7F>Bg&j4(<1by`4GU9f1Y)4_oKkW=RQLx&aJ%X3bGS=^S2@Oe?C5G$o_ZfE7lLge# z{mXjee>QBe6xP=-uYU(NSP9xVDZkobB*pu-_i1qayJz#rWT06Z6Jk5j+$J3N7UpSF zKtSXa>M!h0U$PvSzK@eTLMD~#rBK?W&OSu5s7tMe;lqkJ_eKvG;6iS()zVYH1#)8@Grv%?MY1n7!Y<2!8Ybm3WQ2__v9z? z&OjzH1tvVhUi^!Qf$};-XwYX-6mHa^Sw{!yZ&H|u87ABqg0DZTB2~QaQO*{Xjd(Z2 zGn#8AZ52!mut&x+W}u6hqCdv+eQ|EgC%RC?oqxA^8aWM$a?V*=ia@e$C1B++vl;m} z%ZtG&%jrE`ak-!QL|<(n#d5ZYDMcdX?WDgDfMAz>0$hsW(b|84&NL2mu0;s8QT7A` zxQhbxd^MIy3*){L@ak=Z-jsS}rt=Eq@=W}TrRsA6cd=h5M69A8JcuQdWCFtk#N__g zPz9R+rIgM|JmL=mS5jPsq|EXToFKNd-LUUWoB^@hNLwguHoGs&YKlhAZ@c8wU}X?$ ztkhz#Dv>FP2}OK+uD#$AZpgl)27ySH_|1rx_;tOyR|~OBo_e368A98EArKi|NlDX~ zT$S{=7+nb&T`j}A3|_rN6Q2l1h;=_uJAd+Av{hRY&ec=2-%+cz@;i>tmO!B> zXjq~rSbhi)6^O!&9EgG@>7r*oCep6Lr=dy&h+-%?yDPa1hi=2-=k`H2{LU~kLm%|3 zDPS59m6Za(^MeNP{K&S!@FYZ0MAU5cSy7CGC%Tg;2Oq?X;UaW_CnLNQj>8i=Wp)(p zp*e;ZWWIoo?@^inGKPfH{`{>?_Tg8LdxFkhnk^F01-Jmv79d~b%f4N1ojoDh8R65D zg&%x$1hLZ)b8r!(Gs}hG^Nd8u$M1zL!S5AL$`$ggKj9Ksz(Ph0>WKvfcAm^-i8t0g zn6(F_qz3rp+okC%`yJqkU=u{yJ#mN=da++&W8kuTibR8HO1O3lr1QDiO@RxGNOAlQ zczh0krU5@lDF%RI#@HqycMKA}mN;~7}gA4e1a{zwcAoeR}J8A`_p!PyOxWF9d zl)xPHaongolp$zn*(Ce}Zdi!8BIWn+Re4EBRe7hN$AIVL!uxZwYFox&p!7=L2M<|S zv@;4@qBAO-bR3Kekqf@L++ZSD_wVW}FjhQiwU?q(QYsKixs0>U`dq7NV+ z-@`bISb#7Ni{}0WOpeHhL^#IVR-G-pqOVAMNG;uPBtuTD;1WP#qPUAnZ(=_`t|=39 zB-o@6`!VC{pGB35stn$`=;JLfE|C{DJBg-l3)8z5S<3w)nK1NxjHNJRo%=a&8^n%p z4PFL;h>BMZ1qx7$R)~xYc!QmckSePNC3RI_h`-OZ7yy^6Sly48Zx&4H3oEfc#Kzt9Ngc)+10&7c!CPf!3)&DUrq)_lFUKB+M!258ZrwDjsq=gYsWTn<6(GpTrL2%Tf$?} zG+z*LX;ZnP)Gu~kW~SmUHU|CfiB<>KU42Hozcpa#Bk&!n=Dql>J%#;jPyF zWo_~zbG6|yY4v33_9Aok#HHmu*wYUrlmocfy4gkRXU1|YgEnEtd_{BsvM-sPJni-5 z-4)g=uXyUer+V~RQyCYX8+CMH;vwzyG#&Llmwsn@TF+cOM)p$znD-c2_NovKrLdI! zKt&@Ycchrokc3jPTo;JE1^AeI10})YxS!-@%tHESNKB=KDPsv2gbhyJp2Mo4 zFDY9vYpbIG{SE7;9#1}fr8Pi8{7Tv+ED(-M0cq-j$tdHaUWrcO<*-ZPLX&CRDWO9W zRHiD^Vv~JEQIOvMVUP&C8zjEalojDo$j0sL9WOXyB#+PUy<(!AEYMtzmzw#K;qra=#;#XVMiaZGE0$^ps@58Tsj5# z&z;c4J*ytO(?}zhNaE5iIW#TN?+C3U8PV&Z+{7y+=HemDBqfdAltBoWT8cy4wbxz3 z#pvO<1r8yUzJ~hqN1D}(C&24-`j~!VnLgaQD8_oo&$FxVBO1iatvY+g?}xh{m0Ds~ z1%}yH+x%#jorIJ;{BhVC`8yV>NPfR;qU+-L)rK!fwcP&sA2et()n|eJ!tYR9lmCqU zqq#PhVeN!|hAJn%q*~o6x_m>UXrfEG7zcq?dP{%?3OhLPR4&5g3JL+LTN9yMh+XK7 z+>b9=cZ342y4+)LPcN5N8M9NwFDQXq`RrsCQZ+}(FV>BJ>wCxRW7)$&{KF>b88lBhy-kK5$F}^hpD1n!6l?KQ=yQxa{X_LXzBMu{ zjaIw4;iO_Gv(L!FnMD#SQCW1Z!R|n#xt?v_IP6l#UVN4t7o_jdkJPWGY`Ir=MgK4b zehK1EEsXKE{A+{w1dsqI8d zw6(%=WE$r@tKl)$#6Twv*Jx6+GAY6?YF{cmyj>ud$0=OywM%%}e0pMV^ELduRV6k& znDs>5WH|=R;Fi+~Lq*2Gs95yUd^MAfCh>XEa5~+QLUIEX*T~tmmlS(7`(^#X6u;Uz zgx-Oz^i%iCtqZS$omIz`ymI++vuH}TQm!9tT%Ec&Ca|2)f{@$vgOpj=A^E7I8Unv49U;`1ktUkZ7D5U zdt>Mp!o6qs;ubtCvNauUQb0KX5tB{{y$)zn0ErH4QsAIr(KM&D1;=GqqMq^cF8RBW zWGPk<+X&WIb0KC*E;tfz=rNVG9_MUEhkYpAn9VZ}M;~pHv}@80Osb*BXi;XWzX@oyHE zaybFBS+QA{e$(uf=88@;XV;_ARRm@VJe?@W>0t;Zv<}NkdhtrLf8qhg=9Gm*${zRs zoRz#a4!TeySY={@?!?clJkt{5p`zgOQ}B*x7QvCt+1J9_g~=GN_ZYO7HfO~v1iG?G zxf{zU*UE%uTY5}L`tI=REpZ2FHO}qOdvbD8+s6ZTX5?sbhQFpP?=@xbco7M zI~5EYcV-O~N|$Tq!x_fxfN~rR_o1%%jQoV0KHoxx*%+74B|;}DgEVvWPE2$#2|g3s zO2xsiSRs#yxWb;^Lkblw@{ahcQjPY==|?F#^%8K4h!PBFR|$_$BskS(L_ZGm&@N|X zN%(ree?obCmMx`WMc~Wm3zePDiC(%b!(r6$Oi-(nwi33+SunxuP+JGKsA#oOcivAw z;vn#H+-UiyaD1c@v4LXjF&^Wpa5f6T1v;gh5p5Oem^KPE4z+rvX-Znq!QL2%!O4=< z?q1o!y7&wNzJfs21)v~N6V7x)LRQq|G6$4G7MV-o_)YEw3d(Z>6}y1~$5)1nzp>zN zFgSt2+14h&ZJ26vcFOzYjblXl;n>6z9>DwL14>rnKyfexKKbRv5-~ecB+eIcpB0#a zfa37sNHb>P8GZ5rkHi7tl{g?$9-Wx?J^*hELtMC8AXs!peas$=h%9hKk{k#oIHSfr zP=v8?VqXHvr<@45H$eFatNCD**QH76kny@$5Mbw08VJD+k=+u`p%Gdr4nB^j08e&Q zm3s-GAz46U5ze(bzDEMH81%s#*2rU($iVrjd=!8RrVz80RFohJJUlYEv#~(4KxZ(O zS6`9!$V)K%$;vz*XW1?9(MBs*7s?vp(e!dx*}U=dwtT(OI(oI z-dh4ivWo+AcUN^E+gSgLCLvpN-W62VW;IPT>W`$Ev_l#Csd4wd!DL49=)M-N9}_fk za!p=9Buahi;xsAPh~k){S|xZ?hen7`I0u(f6v!?lNd^1^lTJWI=$u(yk!q9!T^S}n z!WEd&L!>3n5)HD?nGYv76AcFR!md!#5HI_};%N}g{GKKsei$-)2LV{z; z!12_2<+!KiP@V3i4IjKfBd<2hZlX0Uj8`VV>l!P$Mzt*B_GX{-(Q7ZSy7YN4zP33f z!iq+siLaxy9s#wYFeF>#53uwK0sIwaf+_Mw4rP7G7#Z3-H20vlktNM$S`|{m_?!@j zS&WRzMm~vpU}3bt9d0u}ueSiQhiggZo+})+WG7*sv8@peU>ZkM8b>0d%Av8aZy%JW zJMs-8QBnQ7?i0-z^7I8Sui5fy2La2~!l z)O{ea6duxlLSO473u!9YE9ZwNtQRy!MEt}JB^7B^Kf0Y03TQI@wCrzlfSSUgNGz4b zLfw>YIVIkO@t^cX{_~@>TlibRT}=OE#WwBnrJ5&|_39RYLAzGd+*WA>&=tGfI~p1= z0#U+wj@F#$T&zXgU9BAdmKOI#*UJF3_%NU}Oo;2q38GU+p(K+hkA|{oOAZ}x1-M1| z!PxqekUltkO!y=5?sITdw4k`qpLMWZW{2I!-*qr(^#51~lRV`X{YRdL3KVtMmVFWmN3(MolX>Wciy%vn2abZ-< z;~9>j*j-VROKQ8z(viHk!9IY_@b&=X%STH{blwpQAeIp_esxn2ib*; z=VU8bQ~x;zWele!tF&qOt}l>O;O3$Rh1#qM!kl2lm=1TM797;ktbv}=0dileZRY+D zk&$NgognecxPyP|jO75Gv4M7|(jLN(nM0)CCFeoQ6b-v92 z^P_td*KtMByWln1l)G?#kTEj<(+Fnr@ID5DMni+xrOuDDidxQmdb=vq@n1GAF{qw` z2~7dwGqMuOFwX39E!v!O-?7n3s>#TDALfQx_=Bu=(8<%vA1M%KP>Cs*rH1<%@VNfc z7~#JDsWG<39LshDGc9|t#P5!x2W-Yv6UL$M4s6QB@DWodX^{wj>lRX4pu{o#+*`oB z`=H!V^DZ$;wTFH`(fTN2@a4 zhNRZuqpQ*0>?42HzO!HMbz=jP$ow@v1 zs@Ex`{5Ea6nbB-}+`1#$y>Z1%<5y7o7fj_-7yTboI-fbZCJoUOE8layIF8GuSJ+Pp zM!in?!VU89W~YGBN8-4-ksIi6SmJKZ4xPk!C*tC#)O8X}*-*e-QUrHcp4YDx7OCNZ z&-{ykmYk;&&yaTZN{BxPiyzgtQn?ECksc_bfiZ6_jriGF%_ue{ij~U?gmW2=>%c?v zs}I?0x^TQQefKOOdoW89rh|oj21Vft_Aaa|YG#ECcjd*&=%X%$1T) zwFbk*=|T-+tW^hx5a65P>QcKta~kzSV_hy~pn`fXS!uowA=Y!LtfE*xM8N1-p`0tz zj^R=rFPwM8Kjle2d(6?3H7u+JV(Dc}l#j})Bht9$d%q>5j6G|KSj>;9$w(K(AD=$> zL6n)Wv82A@T7I%W!*5Of$|NvMjt@;%iC9hvGr=|sqBLnE;dALK6w!c4$mM{zEf^}R z+$CG$x1m^{goqmTmDX@L>MM6+_iC9!URoyF#eP5=?D)+bsAm!$rzY{fA$12S{?#bH z2y}_$D;Ll0Bw?oW(|D!Q#gSmTmK(i^iaGH|hh_@yWd&C9#l@s%BDc#Px*y+)Phmpp zJ{x7=y#pt?H+rmScj*zxoHE^>9qH11sWblt+N|jOl}B{3hxM<}MDMHJ>I(F zDGvTJvcJ$?Sd2u0BEkcJFrC&7))DWvE=D0XiQ#seb?wNUT24Pv!Xl0ed*SayzV?0p zrfHu|A`V_iiEl5M)_nA=m!}2XVj=#?f3L~PH-sMvssyCz|a z?b+nWe6r#7B``;vkbg-~vwwws&k{$iVL+VAenLF&nrxBAB*1M0x?}~ffWIu0aX5w> z9RJZun1joSPbO6=i6lS9E!YnxY=J8ML*9_c z5~B7VoH!(WMe%1slIBVtMIAQGi4V*?-+%$b5)++1g$y8YrUd{Y-A9Ft(z)M9g@7#2 zH!v+SlFC0cS*W+b^YuH!Ubrvw1!6EI%37uHa4-CLuAy8KCNv_k$+zvFGUM76!PBENlFWp45~I-zQsgh>2J8&lY)} zEtjbjK2LWpuz6_b-p|12udT<)QFnYOK2Jb*z^7-}0^p5^w%$$Of$qv^#vDLa=Ho0O zPE~J_xt~q3F8qUaBq36~6VFriUQO(T$dOiv^w`lzwZBRscy2k^vEZ(Xp;*rttV4}k zLox?*(aec%WudJDt!R^iHC8;~V_DOv*N0Quh5I+@NyQ^}H@V=PC?D?m+yb2dFHOsV zEPWweM6WIKXvEra@S}8DT-zqJ`L!D8^Dx2E?*XXCipXP1V)}T(1^_)dt{b?k13Zyq zLZL+sSsFM>pmr@t4`tu4K=(*Myg(k<5Mkwqha+&*xRoe7ViZ!({{iMWb$s($WnXPFZO#|gv-Y>G{ zIZJj7qK5b}h-NXm-V71n3@w}ZcNDd*GZ8>y)>}C~DxAr^xTFhw8se@=O&j zJ?>-{6wP&g_ya|K?*S;Si0IURK)J>Af_JWtWmJcDXwKCW@l_UYXL zr#39<{VzgId$U4p7s=`zNk!3nOqU-5H;R`jeT%JPL3WM6I&Dl{`lF<%pD`23O}xam zaA$s0Mf;QU^lmmQ$%yXN%%x>u_4HlNyjZt-aveXsm64ITjk&=DMfwMy_WkD54?R>{ zxvqQs>w7HEo^gzc%utXSQJtzM(23KgXn{iP>Ehjn%bQ*%l@;H(Lw;`MqSCrx%nDvPbItgFcf3?5k{<6P`rvdhN%~jriZYZ|>pAE&4F8g~y33i*~cI~p~ zIM}3GOVBz*sCEH9Gg-v2QcC zKV#op|A>7f@w3Zu8FKFacPw450$?c!YyM)t!l$5v`<%rQsWJ=ni(p>GKe6?|wk=8`4(tvGqOp4bvJq(2aL2HNj^9V`(gssTwqM$!( z)r;WHwn?&hxW~CcENLZkOdn4E4;ZcJ5l82CNOGSzWTmK-fl0xKBOAw=B{QnC`=|?<<=M{D4R6g_;;vuY zi_3k9Cq3qEbQ_v|UDCh*E}5xgO8p|%j9ju~H|UKOGKp0ibjrMk{j+68EvO%RY?D4T zV&h=wshTPnL;j1plr>CQ@c|k#?c&Y&w&PH&IGxv_>v_g)J|ulFkPnEUKus%v$mQB{P?Z*{7gxZfoTq?fK1>fPUVzwv}*S+pf&k zmxCyim2eN0fn3DvC{wf<4#ZtXn?>I$&;i|gTJqAbK`b=K<6WR&6swVZiUVR|i@hW{ zy*ICGxk#RhbVBGag#nb&qP?z9K$k2o27C!n%I~c*Xs^lX4!Qbvu#iR_K>Y~$u8mq5 z`*b|$sfK95EA$c^Vp%nEXbfz5ufcF{ZjtC9PVbSyN-eC1L+HO3r)@VGZi^L4Ij069`DaFGKXKbs6e&NztEfIoxwriHri!XX3LSqKzzc2E1Nn6h5tq}kv23dO#2I0ufuO?W`}cJHu$G0|K@Iwp@ckfGbu6s z)s?p=hYnm?s5d(x7~)K4O>XUq&k|22((TVS|6j273>h#1v`|jGf?Wl@VCpZ23gMuY z-4q8y^f7Q!oiqsP8%EHR?5F6b&HP_;K3?o*&?(+^*>y}ET5c3fKCh#GuhD!!yIILE zQ%rB7ATb00Tl`f^umtD<_>$ocozUB<&rQbXStD+g|CJgMzwvRBc^^`>BMDCT4e%}W ze;MDJks@pq?6##8YrRgveSELcvNy+)diaDpyFg|ztQ!KGw)%Zk9^s|h1s-e@gNpfb z$HTm%0%C;`t1q}!#J|Q^I0V_X$`yGp1AGCzHH`rr0yuvly`Mh_d4CO$>Smz|HSOK{ zj$M;iYIJ(;V{NzBjPvDDM)bk)cYq7{cr_zt>(E`OxNGY117DwT?w1{tWb=X*Bg$n3 zp~$^|n(TIH0-45**a&s^E4F#iR>5)1HO~A|_H%2;KyQQm$uDF}xGl#CtSp>0uJFP-Inpg&>zP_#ul6Oc%{3 zU@c*jU4SA=4wKVVFQ1!I)?JEsc)>7MfDFG6O(aV8vtLrP>XUhe*B+^%Mwt1{N!0&@ zC}Uk#h|p-YJ|{FD3(LqAGGKb2dlJtZ_aH7JrBW zDApcz=GBEOFL9G%eWY-yA9K$Y79UH}&Xu~ni^{2grFo+?VxN0& z>NO98Hr5zBc&ntIm3F3)`Q&G^DW23vG>~Od8pFP&I<+JWv6wZ^nf?x3&dV}i{~5U4 zAEgg}+VVI{M=xMj9;qRX9)K=q!t7u^F)~{D+gfH8`NLZFPySjl!#*`c{-<EVspZ4le`FPx&+zd6LsoI!>0MC#K!UWDs|J;K2Kx?dAOB}y+e+mQk=)Kj zJ!}0pVEe%0@Zk?&Oa1?zmzwz!o}dM%p)MLHL));j*-pSjZNsU!^-##tClG{31$A(r zQZ4hXYKB2kJ(%myykaW-{=5Cmd{LMJ3BQ)Bv@CkUg1doyQ=Cs~IY3PDXE$#W=G}UR zxRi38_z!9#P5u9+ChA8q_WZAd66LUn8c=KKUK#lIlll%bT#BZ$sj%b|kh(<~9FUld$AIc$_#XpooYFl=>Wf9KB|AuIV zElSVtgA#HzR=JjF)5yP@dGplNdyi7$qT80?fE6|&yFI|7g!(>UQNq4`9N~RYLQ^3w zT*No0c_tvtXxRkN&BH@a@`reY0Ce-*BY$`E#>68g_nKnceD2YpxB=a~Q!`x0&>r`a zkCBSi3zHo6R9hf|=Vi*Xwm8vZTz?6M=Z@@u3x>WH#6z)IAlS(BIBk)9F0!&2?PK}% z{N&^$t?MTlxWp~)Uqc?}h^m)tWRCP{Bl%ihcuzO&lf@E)53DC~n|M?kH7&&L+-Zjd9CtZ3au3sG039-)4~5L!99{V@vGsidWm_<8Fw z(P4Z6f&dcODE_LqR}NiB9v~DxQPwC?!77x~QKMRcj(;}Js(Tj-!-oJuA(`_(g~C8T zC4f*kh#t%$f-CMQ=1DZ~rqA$QuiYouUg~>%oN%2BXTb|VE_Bew{Vf-g(zRy3%Y`2A za$$OQs$DrJDP__4GZLTE8Y}Uh+a_YCl=PMb2rYdpsd=HX1*YP-Vpp8`WbYTlabBVN zmtCYq8<}moDKEtq;eKUwSn=U~jo?Avli6MCEv0fet`OF4mQ!KgGJ}?24}O-QvlM3H z1Rkxv8;gp=AJwPG53}q-ys>_qn~a_IkGEx$;%}>VRqo<~^!nHX;rc0Ww`CX9FBa+F z@@m+5-b9}zJGIb_m1a(LyjhLkrk5jCH|uGui@#;SP;lTA_U~Dj5#4YFBuI0kIDD>H zuB8lGR|?k??x12C*+ynst0eKQaH_wAMC~f|%TkaganLXynn%=uges)MCse~a0JIc% zd~|`j9M@$8s-n+;y=NyuUqPPhG?kFOM{`uaB7X5}4{P|rgM7%zk7xL0_4Ta-a**cX zQ$#EN@##k(ohxnN`zb}xdjX(!?GN{*3hqE2i6&s@b&(rKp1)9^eA4Sb3*vT0!-8FUh`Q(Jl!0n*gNMR$jYrM`oM>|A&eEG<(Ao*=CKnaT(2%<1B zL`-7uH@6gu0%Quqd@X;%R60clOeo`F@w@n(-UXj3Hz)x+GK@n_c;e)6ZQOD`TJ@eN z|Gzjp48WgTT^c`4k&`1pa(cAFl=mhiLhluRlQ6-~zS)AD!1j%H3Wf8*2C91ktuuHZ zpmZbvVts#GDyH*EF3%FZxX(Mf8}~cBq7{N|8u@fhrxljAphv{ikjSEw8PMhjULRX1 z!W9%Oes&+*yI@-ipiQ9e1Hd1?zg3QHw}dLXsw+T>iWVTI59LZH#TZc-1L`wl=7B}K z(>XBAi+(T!{rcq@sEvrQxd6pvSGq4A$&4ax~S`9XTqh9C!yUjGLP27Crz5tKjx=*C@lqWy2Ugh z7krIuf-d+yLBnmZv@d+$&yWgO+Iy4M>a&E;6jOB}{b(ulD)zYAz$D94tTT@+?40PF z8>VvxJ*BFv3BSV#LX6u@n)#6_3fyi8q~#-w#h48Q)?qn~0@5x@4*u=Oe*EtGbk&HKH@8Oy49dtjPCgP*vd{aU@W{dS66Ak`9X-4zJOGeDlXFtK=||f}_j|LP;44 zm_9Z(u$G3NA&|EcD;@-J`E8hot7(hyuAUKCHKz$J!}zV@q&P|!&WaCM&+=5d^?MYK z*P9on^(yyhGSHpZ2_#%?*(2OnDdQr6ThmtffPPF(;vmE;t22HIhHSW4mA8t7Jhut` znIobYMb#m7(CDkshBE#J2N^iM53vuYoTALbXKo&^MI{0 zJ-cV9Iw%tB5LTK&0XG{+?>nuZ;jt~ILVSsDHWzI`pi-<6)L z+iZkH8Vm?O_G{Kddb;e|c2)mHh9bpnVvsNec~VfXwDq14&Z4=lRB{K5F9P|^jr1Yi zXfb9E3mLD>dQ3D&-fu%2-r=Hq^jlDGyfR1bNBn;&>K-WWB}h|eg6NzkdA*>OSD^pLLyuDUFmzM~o|&#t z-1MNBiIj5)IoLh`rbLUe#^Mh8Gn2t9l;QMasph_QIB5|t1|;uyh&*z?wKOk;rn5vS z9Wa!QM{|o?3=gXn7ZyKVMVntU%Bx|6^X!}#!eydiR$7W#V9_h9|HM?;3f;;+&r)ZT z;9x_wvxt;QFKgd-lqVHb7x=@mUQ@2VDl3$ds_ZcL8Ya9TpMx)>IfhmlTPor<2G0X7 z|Drfrp`W(uCU{;NPmFY`;)Z5Q)OFSDjtYF?*0vW}cLE3Gp=^2m27_r>xA@aqpm z(|@c+%zM1AMg*lQE7|BUMLBBJ>wQ_;$>d$Ubt(~EQu>m$Qgc1SDVX-Ycy^i#^Y*8o zO>_58KYQ%aGW}mhPld5D`LeR;_;=xU-grcZiv8R3LAGFH`>5E6(ZP*2GEWw^Uzs=n zlc%!j@@Kt2R^l@wWt(3}esWS9H;pj07ND3^EPp{o-pyUKL~I|p|7V-V0`f1nI}OWC zVA^{5Wegny1Am~hWUKgHOe{V8hnRTxBs#GAuSJ?=K8}O`4yPA>N3GTcIqSW`7nT0) zI_ZGzh?$av&+Pk-VD09z#pxn>l%(C8QYhrh2zOi#ppk&-Q+|3*35L}7xwG;>$3LTy z%q)A=zoU^;YX23DoL!_E9_j2sctCxOC8F0Pj@em^wwDn6Scw1GfLb6FtcxDoVSHOP zK{`fsu`fH(iS(e?{wLn)6LQ{VAq!b108eQR7h?TlqN1se@}VVPn3Ww>|CSON-2qZ! z8B)cJekg>Eym^`6zp$zPr@z=V;GIn;E&hjCWbOYMi*$Iheb*9y&z)ZW``oEY;WmPX zX=Mq*|BR(*LZlxy693qY(BS*(u1S(kKCNRXXpqD>Q?U!VLsU5Mh{>T?rOyO;aK4^kWmqz}W0*Avq z$_y1p+a+OR6;wh)S=_U@Rl;?I)8YQ{epA6w718 z5gFO$dnutwUFXS09w8PPPh&TkwU+}4j^mG=`@W;vY_K67^QK_-P3)NXC?S2uwK0#V zFCOkEAGv4wMr#@7crv#Fpa+j>Xl)PPes4DNc?i?o5~43wtS_q5Dp52tY{&u(7Yw`(<7@jG+btC`F#^`CGl8B3EtBuMZXI3n^~SLj(ZW-sm! z(SZxND>Bq$_}fH-?f9*F>Z5LEMOE9dOw=iF$40Qcg3+~)4G{Ar54)q77d zd*wJZak!d3Y1Q?pox*9#%Gu!}o?SMJXZ5uf4O%=z+=q;R*?i0E_6}$Ryfq$$>?eYo zvtoF!5hDxc2pojJIb@&&A{2UWPJk*oYO=JHSR~KkqI+>aPw%8mPgZC}kPZRl>t6f- zeSYudy~N9xJ-&M?Ld@epqZR}vuD33SWY@7?KbCro{kPQ(MC75x(1w`MSR+=(%77}@c8cs-e5dW=js zsQ_B<*XQ-|tT%UeSX_OOi+OJwoABuIK#CX`3A=XG=XCXa4XH2cNDjsTMfVp>*RYxN z2@jjj5Zv?N;)m8`sq_N{23YkdfyD4R@}_;j!uTvnd`(h#wb)J^)Q&{#fL^a1(N)p_ zw(8(i0R)DLCuC`5ygD(Sb82Ay7UebwFqZTlK}NTkCf#YBMyo{uyQnosD?;gQ0k>wO_2KOz_%pzq|8|j;|ilW4P(8~Ic8AA5oUwRsFFxEi*I#>>d#HG zg^PjXeT%`iUyh_cm{-(PZS{N-)i{#!oNE|M;90;mkX-c}rLuS7s=^}Xn}-^nnRh0x z&=n7>#rsLE79*0IfZFW`ZfvJkILM6vi*75XCSoh$Re4o+>ZZ-~Q!fw~w2YLae8Q5I zg-fM%W(7gghSOI+u{_T&c$)|s@(;NWPs&ge4y#%voLk#X8jBV{s{;r|DMKz+Zu-iNTEN?wSt zbg?%gcphpNtmjwI)#tGK26NOz?c7*Z*7!o#Mp*0trpBr?x#}m!s->V5i(*jfDhZyQ zNuyQlLkKJETEeFi0|`{|H3UzS8MIn-)=!>Q+XL2mDzb{)ji;it(7LXQqWjESSA|-- zbydWQx2}rtXkqtGLo5KafkCHd>YbCW-Qc&?>n+2_vq&{DL;(%d|J;^~DB zt(I#hY`$`V~6(?)GK83f;=^PZjA zZ+!&WWtu&-zm}6A>hQB0R`uv>pqA&y&rlm9$) ze^W9l1-y{+qjfsP3bszCtfzH4l@xBBP9>%98l82WPT768K7&}Lo%I=1i%wa`X|RFo zFI%TU>ogEg>ofqZ)1Y-4WIUUXPHDXct=9mwUW0-tmDX{PS+I2+WIe6pprml?I4CK7 z*XXS4I7q#{U(qTrU6;7c2dg~Fzy@EC`8vpJ4Ek!Hyn%$+QR`7-0d4(%p-Uxh2H&Y4 z*;0>qIIoRnrx8BeScM z*GtJ9LD;Z76FwKd(1KKE73PxdSqzo%K``G!xHmW5HiggzCMmr{&PUh!u*61LPFHC* zkM6A`yqA)2T+O5$Z`zXFQK=GbEmn~&Sp`6;(^sR=lAH0> zq8I|wjdEEaEE>{}m(49&;Igg`d4=taN<0TD@m*tJ*FpH8Xagz^_h3-~_i9Vfs873N zyPFGyvKr*&wf{=>;$YLeT@dcyf{@3`ceNmt@lvzPK@FjLSY0?BHZPoVdvB#us!&r> zDfTAX4OM2K3|vU~gWL%19yF|l2ttY|IvZsMI&fMS3 z7GODAjyA{=Q`y2x8)Uy8^|MQ7-q|wDd^<4XGwHV^E|CojnZwy=Fd9u~!|`{AN8cSE8HQTrD%_-&ab&lTK7ZZ^5S!rk_Afj2 zxH>i#(A~EQMvS-!&ky`vZ%7a3u0GSTeh_*OXm6?8R^2}O{eJ)G@KF4>-|r{?+dn=Y z{bg|2KkN^N!@=O_Fa6=*@bLIApud?R#~+U}-Tg~{?Y@$OyC)ClOEd#IHbGA=QazvQ zJ&5(G1=H{SfP)u0T}+AYn)Ib#a1Rq!Ub^Q|`0@r(hVcAtxMv7%Zy)In@}oOWz}4W< zCBo(j2#Y+jA=9}6ck&2`&Bhb(`E!NtLgwXN03Z}IdLpLfs;zwf417h<-}R0H6!t}+ zbWir8fgbn*5H=xZ;86CjV@#L`@1ZA;eC$`ln_)p6d(J!j5hF~QZdtNL02a`)dvtN& zLaE&DJH$f9@&ss?5IUM7eAGV${VUCX3f(JYK)+0F8Bj9+hr{E3V*U?D$HR91Z{t~E z{`=hU#^(kKt(pIKauP>O)ia0-3GErgJ_x7whgd_|^E+V1yoomREK3+kpa*Vm_k9@s z7Q}?D)JzmrA=*jE3Egojw~_#4bx}bbXz=c(T}E69imfwa@mhgRK-Y`n*?Nc^NbE(p z$Sx&>2=)>5xc44fP^YlR1upmke)kCTMP`Vc4{1<@cn%=h=Pfxd!fXb#zfleBm5g0Q zdnev0#HKum!yDfR4sltgsP?(B#|sG1eVOPpb_w$aCPPpwJl#>yRbE|1wDO;h&K4&? zJFp>hkwLXb)gY3^-^*Pbgy%G9FZF>hAAmU)*kk11x^2~OIb^t_j%549LQxK_n}*X( zLRbknHxsN3nAF9qeb#;o*Z*j~9_XeiHi&iWxdmP3bI}>WGc+%=3QE@h!QtUBvHlOZksW1N{=6mm1m39Qm{D0%)r2HR`hJ#lAZ{zVr9C5>Wl}qXJ5^r=T zPtw0els!TW+L710N^`;Fbagz3;IR`c@K(2BH~A8roK|ibfPGNOU&#fg97nvNz%di9 zUa?(;YNGWq7p+1U z_1FIohO0ZUn&l^-Qv0ueoLK)4kB(da-&UUH?Y|g*Y}xXoqVLxF+pzT)Lvy1RpwjZX zwqKkNTdObosVe^s%cBgsF0o+K@gIYu{!udiU`_@sMmL0t5QkV(DE??kvkDEiMNE4?RHPE6Oz^1n$Tw}xDExyFC;NND^2@YO}G z{ENf{L5!CF4igj7AV%O309VkR`k&^IiT_&Mbmo6t>&#d@`YX6tAPOAl+K6(b1Koup zgbZQ877!$W1uk^RqrdV`%O@@bb61~Ep$TR#vB82dhn^f9%n@67Q(=H8lV16AYLV%I zt#iU1n8fgGh~<)V0B>~Lu^>I*q~E8Ic}{O>Te0DTUp4KwoWUz-a9nb;6uXEB}9#tn@&a z0b;@Ta3(ZdUlbMK=TYGEQJ2R?utB})CujtLbg|IO=Y}}!_o$X5N#PF~Yvyg({iC&f zO36^PuU9+Y{8Lr_`zzrl&VP(Xsr{e9__)>oxALs){|Oi(DB@4q$G%7q+ZQLNN;L3( zm4IMHigjXnACv8$6PKx5J!zpNB7(twP|qbEgXb=sp&MS0Yi||Y32LpNB}Zoqn$vfH z6K?DGCJOvn;er+8xp>6--30$PqCS+P+RED9 zC@r3g(O{RuH(ygB^chVq2xUH*m0eo?wq$-N6}eKve@Y}fmS11lSmH)%w5=qj)=9ia zhj-^s%v<$@^1dI2A2jW#?aF7W8@Afe~$VH z`5J~?%v;Rz2gaVMmKR@VQR;DlFqqy@^}3zWb(c&cdHvPKvOq*N~~QPJw_W%2&k(9ZH3s-mOSbYIBM z_UAf-*ZOkjHL^HvD(YpKm737b;tki<(Q>OlOifJ@C0~i6R(HfzxU7b@maf?9Yz_ag>R!u}DYd#P-b~qLY!NO|nS&bPl2#Byy)s?+vWm77 zPF*3TMhd<)1FIt{$7YD4=mw?2sQS!;c`YlU)_Gl}3>SftY~!V%Y6S??VDC`b4m7q< z{Y~`2--kwF$PK;hf-i`zBOF)M;(BCEmkeNx>67tRGqlT!8fJl(nWbqqH9-pX)087o zrP6+qQHYzw2DALgSfLN+eav2rWYf$_QJu!ov%d)@$Y%XY5KBY`gU({ntY(}PvpQ76C!BS=Zpux^}2@tw35d(#5G54k0bR2eAySs;0iHxCyq-D5t1r}sO~ZHckvy% zE^#Lona38_0~1~yP-YU3fot8xvaEy5^g0X6$g|rfX0}Eb3i=GZnhTsw|>EsWB;i`!+yWHyFBtrvnq%`ptx*Kj7)0 zKM&EtwJ+!@IkqiC8N^Z7-}R&60-zh59V5OI@P}XLe;_9|I{f$8w~3AL#DaLv7GQ9h z_+}8>nTQdAVd9fu75SUN8+PDWoI!L)s5K%i{gZyBQ^Q3Li@md&iy~1hhi0v2ME z1=LOGf}e$#ohyw>DLx4}yx<^~4qf4y@SRWpzh@VlT1RGGD{PEAxyC+w=3(lWk{5&~-|MI6-{|8Qirv3d%=KG%Z_a`x^&muUmiZxNE)WYk8{b{|+%$ZX_^7>4t7{pOE>JOpDT z@JALLN6#RIjqvj;9a%!#5Mxo_#L^qrZYi)=K*?+xl!WN2m{dO`JQj@!PO{PWy#XDvWG2h4|&o83{{z?xS-wQH1eIio< zNYr`oMiMUhJpowIOzHxI3}Q!j8z|7GE0*SpQkNX1C0g77hteVDh3?KFd!5);O?*h= zGghe-zMwZMPVK)&Hc~d(l$R308Kv$^W~=t8@>E{`BN1Ku2x#&8KRh}*O5gu8Z1;b* z^5kppImTScojy@=s@9s@t*xbCl@>{s5uW>aP*N_ZQ?up=;RUTkt9V(sduan1*S=U3 z#xlh!z@|eW_Sa^RgkD&aS5@dDXMXbDqSzSJ9|9}MTZ};ZCZpm8630_QFm$$%Z%=?$ z8Jc)wTAuy~5A*2 zD0KofEmJhE)Mu6MDp9exkJJT}mEiURoQn{ZS7Ze&Q6>Bow7wd00>=F4T5&G_ z=vope=G0+u-cB!q#z$L@S16hKquM$DIE4NdYH))cpI0~K4fQ+K#bI*simx{@XcS;p zRZn~M6^@haVZ_pxth(OJF>&GBr1!$7MBdk`BDuh0I^WD`=g7YPEy%VeOwp z2vv>hvVvbLqPY;d*p)lYR9uxXh2vd;90S}B-2E@Tk1>RM=6KFro!b7X$? z59kk=fPlZM3x#MVJ8yJln67o}jMxre%Y6F>fcU$LP^BAMiTFt~QF&1nJxUWvGSvk~ z9x9;0maX_vj}LdFRbvmfcr8KRqK2wF( zAyK-=Y+6-Y>UK{I07Hh3%}r6v@VZaS?+mRN}=dV9A!&hl@hPa}isf5zOEX3zu#6 zW$ooV)?x#=^Y2j0;NQ$oHSw9*dI8U7_qj5+dRE4mRv${n2y(Vys%k&xmw4fot1Jsg^&B(wd^STEv1OG#p`fVTUh;p{*)dfbsI?gt)GNb2{C$OiYYW{q z!yFumuaQ3TyN6t8zVKXx=O2s(G(8L9`77ZG^k2WcfrclH{BS>(5ruP-lGBL*ciRz?g*oM2pm8rKlb7wiNK z`h8`4+6-|GU0X%krifQSz5)UklW;Qu+c86(5evG0G)A5;TPd@SJ6ma{uCP$6R+ZNN zr5<7@_T00q52`aJ`8G>n=QXhYa#3)rpn7dw?4#tH<}VWj;F8aT;>+rq9Hm5KJkF)s znAh!6jfcLhJpGH?yoAg3xghI4_XJ)tiZsR%;jQ;s+>m>DeG_AT4~5Vy8gslzlVf&e z%VlGam0N4@2Ej~67`l-Q*8eTVPo=GGrIE)Ch$6nEoh9IkzpJOqCfaL2<#!PgCbXqf zsz!GtURPbrvzl84E}8DrUqr><^$_LPUmrpK+50nMJG#hLAz@0ru85$_=2o-S)R@2E zS7n_ms=U$$C7u!2fM)2MP|j0if2+KQo7eCvU|tc+vjaDR|Dzro1ud-4N3x|i#KSBG zkbJWWRDN59pl#@IMdkQ^>g=z22W;8-@5BCKGXLvv+@Am5%2V(BU&j4^S)Uy0yo|Kg z^tE=CFAQw>dT@t2J8}%bPb|r?|Cra5XSjms=#$g%f`E8h)qi-dn0__Jd=nclb{(fJ}g5>r#agXa0d6@snZ?Sl~M42cH>yzJ- zksv{oiD=3U{Qja<1bO-Jo>UPM{=}p3iF$RcSWo0th7bB+_LiO%<$tX^V9VtHXpofu zhew0<{MS~VEy({}yB>CzmVw>4B359ey(ac+d}_%5mF|B1ONINt2IJ#|{O=zR+xx$_ z@@!fD=cR)B;Ol|s;`?sj2cETg5)Au!%|pBe)eF1<>!y-&Ty%vjIEUs5nCTYftH@u$ zdw-V~FajJ`qXR#f=%nz>K)uM1q(?fG{wj!xjRtaI4xS zj%qrch{nJ^c>eme`185w*B~zR-8VqwY3!-~CAn|WEC@%3SG75#8#(xDr5qFAAu}OjF0w^)oId7;J?upw7pMYpP z+}3YSz|nX-8b1PHMx{cw)lOZgoA0o-d`}4b30Y7c3l3;p;G;~+(4LrB&{QXZFOt$9 z%AA&!8ovwoW&5o8RMr24!|EV*oL{`Eq7;_sf8*m(QvVzG$49OHw~dF-&4Z_p{sA#` zbp}l^bBPU}qzU~*N-_C;!I(o&4h~%Xx;IB`;Y~dXUB1LX%tS&MMJFK+Z<@FV31#KL z57^xA_XY>Hj?oNKrZU}r#9@zK5P%5-#zG{HLwMh@bOU|^USU97Q?6?MN5&VW8L}Xl zA(t{CQo)RHiN&R|h4AIcqhJIQ`XtB(v270{wmeus%icE@y36PRb0Ivib%YQ67n$1E z!9q7KA3Z&Yt`*y^gO{uFdr2?v>7Y00=XrTMsq)_sdV|CK;sH4R7~TsqCG3INH%Um9 zsRDo>2i);bGF|(o;GnJOo?x}hCVEiYi+Ty267lxS8&|yV~t*6gJ9o~31awF&_g{JQY!M^Tu5_dhUT7(RRm-v zlx2h|)3E_*@Ivhj_}dTQzn?$z|J~j`mgo-Li{c&spD;X#$9OAriH$(>hBuCT0)!88 zawU+sr%5;_3!N^sZVV3-<1&AGR z0N%Zge*NS9yN~CS*Drs%*y~8vpSV!0YBWlSPFIsx4 z3(rEpU?AYI2z>#Q9i+-Q#0);h87_;dES<86D}b9&Ph6og^Q<-444j^ZCZ)jlpkI#g zYu&{N&-3y92HI2T(%LgTHg7p{x$ZV29yYo435ak4*s}3puKUwFjywPEBap~cH}MNk z{5IA=oDxU=%_$%lWY5m9n7j^^&yuj*-iAQytU7-pnO~~^*R%g1Gt8#*e-4iOhl6DP z&%yDawg0y9Qp>d+6^ukYM8fuN&NvQSkNobO54ECZL!YBy~cY06qbRk>65h}E6ur-WFbAE`9NRa%Jj8?OIDKRa){msmexneGMYfIYs7?D5_v z{w3}c2SRs3A!ZYa|MUX~+{Seo7N2^*Fyzf_- z@~Legh?!6QO;8>w-GppVnflbT3+XxNM1=ny?Cl9UX4O#2eamYdfMKUGRK6vz#XWnQ zn>lIYEbtnHWqpeSSOSy;9tCU4?7rNzpU6U)c#Ydr>!9UlG+(^+IQZ{o55Qc9PGp&?1VyybHq-E!`6SQPq~a*wT;fNgRy-wuz%}-A5OujrsbAt zh$k6GIzRsL{`~B{yuop+-19e1a{uZ`n(ZZ-yN)s8DhM$nrt{q@1dH(ib+VRBq%LL!RQM)Vs_X>3~1%qCM8h@u8D;Www+yMJl7zmCO{^W(qeQWk>em-J11|CbzE zM_HK;9w`fAO<>mT`-ixHZDoH?%VsT`6|&j55jQReM`fxH7P;O8W6j^6pG6GBNJakP z>NwLc5uWF=CT*6x7Kk!3cXfO6yQgD@EV$S2J$u$IpfSSp355p1CY?+@;}WtQ)?-Tt zo@yS}-DSuCfx2FW0lL6~otU!S8;t8pn|wZyO7@xbz{qQ?H^mOV(rBoC$7(x87jk;_q@L>`QVo*0*`gLU=9pXd@BFZ?a7jUfKnGqwN@bPXst6wH>`0A|pm zkfFOXT}(tTC)c_)nQ^>K0x(yYDa}q4F7^=HDxD0`r9!D4qtaA2E+IB263%roP<3 z?|Or}eKz{ki~pF5FafK2=)ZVM;{Ol($I1AQ!~USn|FV@QC;lTw=r;7fjSE>bF2v`j zT?=uKv3VQv@jyd9VpJBm&x-w!j9xwLqtF&$iwxaTwbB6--9>RA39Vl4J%qdXVmmr? z;&aVB_!7P33ihCx7~o%YW-LrHuZD@>oVSi;ePBZ!GcJ}Prk=~ivd#obAZEyg;T6=t zK@PMKhP?L7!-h;J+IytzKZwR??aFYVFu@c3q|;luXGm?PlPw4neSaz+qWTKm=Lw8 z!~x~Js>h0h>jlJe;R;77qNN4!J@6B80ld*|$KrT|YU|nysGDzeOg~`6jD@BG$VYw7 zhx@`~%NRoAe0C+0aPJK|rHq0JhOJ%j(4Knw|K)eIrtbfja{d2!G#n=LKMn?M{P$L# z9Q{8ebgTQfy8oKG|K)dd*Yy67y<46Cf$IDrh12?e6i+MMtzlxEiQ#w?kL$FdlQnX2 z3*1|fXTs@uR{dOi}-ebiMDUONdkA_58|$jwCpgZnmQE;4BBbmLQTxG@aYSHggj2Ynr4c7tm@ zJ2A+_Jeyc>#`c_rPC4Wuu)JrFPQ?4q;@{Ihwg0zw4n+>nFYi6f?aa<&8CyN5LIQ#B z+SsVYi7Vlr6P~YIE#f0olwe)Oa{QosY@7w36xxt$?1$`U;l2yR_X*b}PPO;)sQd@W zwA*f?K`l5(FT{p_j$Kxcoo0_!>j;AGMO76Nc2q(|4Rs{wQI(PrBmmW}iF;`g-K+|v zLgJ*{4Vn_nmS^+_g+v_T2{55!k)<6S{tg(%MmGoxiUc**=YW-n{6dE|!5K8ZbJPjI zDBM}hec<0_p0$IxqdsVru-7`KR(opte>gko4wCVXRb4@)`@ct{Wd66&u-*UN%9H2+ z$sly=3Tj0BdPoxPuNgk zHcjNISOjCC&01J4^dem&wjdtci%dqYK6StW7{G7)M>%>_0LKYMPac5 z_)gNJt1$ST8T;0UKHim~kDDHPt6)FKX9fLVSwh6E*FiK#t~pSq{|^WKxc)!t4-eb> zpSJQ8>Ho!qZq0$#99VZ}*qg#gaeqrp_&kUV+ePiacs{hoz(Y0$ifNx4RLXh!1)`V! zCd^NsWmSr)d;zae*6}1Wd@rL&$xPg}vLB?^TRC-Y)Z{g?ED=5FS(bW!8p9g~hKFE5 zJeS6gHa*$nK%DS@CbRI;61g{eA`T^eH||I|quW~RNVE`fc`Hn%mM?TO#eR` zjFbBR;jq>JxAN4{{}Y664S?1FXxspJAMn_{umBP>qBQ}&CKDh*{L(;Ep-~x*mk3_8 zWex^pT2Si-KghL?SeOy_$A5#+7n}^*3f`Xt&7bhjQqfo(ioK*xN6{Zaz^F|;%tV0N zsdk{<@{uPB&s>;OxE6#dRWu9I2wy?cEB`!}1VCc0HgYoC%12ik2p zVASLtxtH+EtBarCeY^mBhU0YsFXLZA6G9umg+`t$>6Jhl<nqZ5y~rTgvTvwqNNNbiHAEif>zM~sj+~jXEhc7Gw2Tv4^#0!{Z{|q z%2TBOCkWl@`>np;fWH4B;HvU_Lc*dud|61=Olj?ahinHVh`oATP}tA}4&lWAh49=D z#8^&jWVj?F38JQwFK5PlBGb1ay|)}tR5q~HqKdLnr?jqHbK)YlupbZti-y-E8mCB{ z7J5LKON?mkNVa=ATkmMHK9sq7r&IMF&(tkX)bYKasO15h8=0uth`WCiwGR3kpQzbL zycZL-4&EwE)Ha3eJ$vf=|6B|ir2F!^tV(&HO8kGro)U67@mx!=Pmb6Vg+96#xV;rX?{ie_tD`d`z@>rV zUqk9&+{A#B{@mO`nxdqL-@&&(B{~Mz3G~uF%T|r8}q$y~_F5#_^l8v3N!> zbBSd^_f1^L_#2EVtfwl}qCu+mT~fpdfvGNns$wzWrq~ua^Y)2TWDE<|B44y)eTQTV z-7qVYE7zN}QK=>pOudo0rwRp|TCg5@l!|vsAr6P1WvkMXl1TctF)~E@={w&#>iNks zKge8zg>5kACP0K1qK-`V74HKYPg5+`ad8+6NBnhhCJ!t}eQWX-ZeylCq zXe)2DtnUAJoT|4#6#M^&gQKHl{O{rDxZnE!xA9c)|2s|_`rCT{Yp4FpRQ#)L4>%4D z-QH5dzg3;z+1^RV2@6pP@-F+j9jA>F{u(^pj+37pgwOYLVxGA=UA!j53G!5w>Pa#& z#F`l;_EMk2Jnvzl4nP#R+_IHfdBQ5;Jm?K)TJi=wz>p0oH~?c{BkVCq8?^5nVj3J_ zRt#ZMCldiUm+7?ieujL1AgNm;QVFsn#qCd_xg}+g2*DYQ?cX}!DLCqbr(g_z0P(B$ z7S(mRET(u%*n6m(%Plel*R`h*imT&vfC=8`i|112;TD&gTLjPfYP--e(6LB5(kx{$ zVXiXj@N8hl?IF20Ago2!E(k7A2(C}~h%Yg@#@cPCQ4+rhbL#u57b5r#qPEVAMJ1X? z4fyw4id+9Oub!{M2~m#!h#^b@B2Qp_9^o_aV5P;)>}tHDmPQC#Cl5o)p$?2f1)|&8*D-+QXs9xfJ(g-KZtdBbDUVv z_0GsXg@aaHq*WelVwKKh$*Rk=3e5J`X$AC}3v~voY;~np``_iITA}Yp$J80*HiV$% zJCEI=$n*p-nLI{3wiyZ-R3aV9$kD$ajh<43Wo$hUdC`DGh2h z$ASQO*n*T+078zmaTwI==bnat7hj<3%HM_kt*CYf*Oo=ISa%@^Vo*%sXBHYllUj7p zsVi|r6&&R#&_RuW6QlyxwC-|H(yNdBp!X0-eG(;0#*p3AmY%;!9_U^_;E2+nj4fi@=Uy{);IKl9Sh4Xg8 z%dAhl(NVvyuR51}|0L5hi6%s<1@f#+Ie`w{hQ*{K7zz*Gh6wnHOpWAtmD$H(6z;mH z(7Gybz!9QpIi;y*7!aE4PvjMLEs8kdC*d^MHW&D=ijC2Grj9B}Ye^7U2VAwoL0Tc_w~<;8KT<0s z_9IXbu61_)kxw`-9Z)r&`kBn9Bi!F4tjZMk_*Up=CmEqu!GMBGMX5-Y&1W(_p`P8zbgKnvwfzL? zo*iWDR*U}-d7))8?(7=-gHD*PyRc26e^qd$h!BTO$amDtjOr`keyO|2V_ z=2SBrPrF@5LV!VUeD7xWM(9>~3O7MFIlMB`Wl!bIQ-T{K>i_TozPyp1l}bc?tNJU- zTp0jS;L+?r>3*-Dj+7SrcZkt+;~}qvZ42Tw$ReUW7{^75MF!%YzZICoqtJ|Rq5(9= zLa$fS6@DU9Ss|kM${ZO$Y)IcHJICFK7S%d_D}t|y+Ufm&rM<;4PmWGle1bYw%5s~KrME-ZW{ z3X8Ha^{=*lLt^oWifWs25cF?g=E5dDQ_1m&8zhZ53JYu)3$lr{a?SV5HNmqxx5d|R&ZII3R3WG2Q)r<&| z!{^Bm?G5w1%JrM)`wsXX494M49h>3bjtfm>u!)5*)ZM*J4gJ@n#cy432%dr=|7Ud6 z?{lE~H9b_-C*w=kC2qAz$d`wRb$}dt`2>p}Zj<3I8MPKVRr~>)V|J(xSc%0+mW!YI z4vuZh_@poX>20l>pKb4l)rt0iuC`d+{ug&RH*x>N@!>dW{~sQYTl;@2PX+s55V|%0 zTl2p;^Ix#kE?e#bz}9g83JiBa=|a2xEiqxObUaVeW(hH2Mxq@L%M3d+;ws_oL4Jw` z50>!$Gjr<*%}VUf2FHmAHc|1h=CH`ACUBy4W!+PaxgM06EgK6t_oYLvQ}-9*&<>Ym zxu=IrG@C(JSgO$0F+&Epl0At-MgIyJL~jZo694l-AWA546Oay{ljQ`_F!R z+Kc_C(|f9QIvwx>7&JxPGYdh?YFIc5U7nx60`l4bV2EZirk#2SD1FQz*oF>^JPCXS zE`r#owT&;0mL{jH98`ueq*(lW;jM!%q--LqM4?u}W~j*xqj9gNsXLOfP5AuX&XU%1 z8;n|%r&yC*vsOIS17RDVYrp}Jw?Z}XB}=x_nITF z1=$55Z*;soCuVi>T3H7`Q=}5<4E>{>g(pk9z_18~+^k>=2rOhH#utXcpxT`m?-om*VR(ZRE4 zYylkT8c^I03jB*hIU;kh?_ZFbog?Q8y2`Q6@}Q|^FS7B$Plc_du1pPYv&2_b*VQEM)u9AW|6tp<%sy^PwoHh{eLH~Uwydv^2_s!v!CU^ z;`jOccmMbAFK6%GzI}Oi(RnQSB*q`>9O!NN<010LVO{>ncVa(3e}Rct+2r30O7 z)ROd}k+e}Men%8-MtG--D1vZ9B7Te9BUJ5RII4^n!o6AMD())cz1lfJc2S$BpeZ$E}(_FVwDbm%Q%##od61qFgZ;BDx;8GzK=(#GKuO;eAPRLnBWJ{7rRes4R){J>kqnN zB6o4>!-5@<Zv( z>#n!!8-MD>e~5E>7_w{PURJ#PtNi@O;rRF{5&tndIzDdWKeqAY#DA!SZbLuX(2q4k zKYUKwwTKUu%iCa&2O8|55;-@{)+|5#nd>VOvwZa66%Q$zy!K(>{hJ!dHk*%z&C$tSCB1w-)gtN z4(;Dk_aO~ew8(rEUbs4@Hmb9)yB6}9-{0L~KY-wl(N9e1Bl1;%$Db_SseB#XN>mUl zwy<*86AC;hh&v}U2JyyeA@v0sCr9>`)%n;Tu894eGACBh{~59?9s3TS68(QP7!H&A z|6th0e{ba}(*HT3Tjjr1{?}CgIUDVy=Fb6Z)&7U9_Hzp7>ilOGF)lw`!s{21iQ}P_ zv>j0k&`Wp?Ouya+)Ri81iK*v8@b=;yAPNkEXK3!Z&;$l?U1%_C$-5OoZ$W5yjgs%M zo%*^BN5IX5%x2=Y0O=piPPrw*`1+%VpwqNZ^{2l6*Nc|tihUI8f5YKmG)n4!qgMah z&QqZONkX>@V5n_8f@Yy>n3y}M9ZK+8_3#0!hmyo;{V+NyVIv&f zGLP_#$Y2#-ISlV}p+Q{p1Uxy3m6WII#7_9hlUT#Hev@&2E3BA*1fvTyhnQLyh%;N^ zkGiL4&SO!p1y?EJOt>pXgWfft`na9~Kq=3L4giaDx=c$9pXVRH^0hYufuF?k3-i7TqT7 z!3ipoPx*HAHb-+8vo)e}MXVK(_!^@5f%_mh%}ESM~gHacVPS zU8vfQvbv@kssm5K;-a)D5|F3;yHzo^)=0N9Kmk#q&q$RG$+%)=!LArvDds)+wyc9N zbauraG9?R!EG7>5f>$^<3N(hsk)q%vCb$~L$Q_BLRZw4qW78$hM)_{F4szK}k;oh3 zx|IN~%yes^;|_VQ4&H73Mn!hwCjixU@wy^hYl56_PPLdTN!`Hni=^Fb!3Q5VF4t2) z3On)L#Tbx#9PFf!7k_3F4%o!Q%pnM~Q|&;zjVFNXbh<$EL5j8|gRjBf+D*XVxmkNtN1`;6*EMspg`84mh;pUdk+nQ4P@0h)h>&I>jf90uHQgBX|i&&v`Z{Y z9(oC{XsdEDTX?Zn{OpRbGNU0+f+0@=IQ)dwF(1e0&v6lQd#iP$>%7Eg9KXkF>>r`- zHIq;=jrX_2gs%y?^qeLTAGNi(~zR{!75Q>y>Br+`}JzhUJ+RLi4RO{o2JpiyLO5*;pFolpdNo=B}J_55B28TDI;k zt3fbR2PJh{MV*ypCzejx#1*YgsAm|E(wV2IuyM&#s>G(RG+Wtxt0_?@?_UV6jjNKL|lN|aj#kOU25_ctpfRU4uc(bB|% zc+M6p(~}z|U2xO~Pr<0qt&@`Of-9_7?yzCr5oY2CdB^c{{;|-yjB!lN!lbeZ*#VW> zonmRO$0S@S6TsOz*5@$IbLz)@&dLWk32&jD8z*bFVY>nsb-+PMR}^B_NJk<;N7LSl zmXk68{u)@Rq03=nE7}>sSmeaHASz9&GgSu9)J>wJUiK!e#sDUfejP7C7G#-AS*;dQ zsz{u6x>{voB5IH;=t6UKo#gw5?t+QNd-37Lk5UDrTy-o-02!m(ljM~AM5ZAjbe5X2 zK@5U&DXtk6lDBt!0SnL8G5RAaB~?1119~o`fa6f!(5F)dX2f&-B>7JY>B_ZOM5za< z-y)X;+(rXaix`)_I4}{tj1d=MZsyY13}w`u`kE%41aPf8Nr#Jce$T;h#hX^+^c7aV zAxOESG&VvAo1}BlDxL$X+l~c&Qdc8z1d}8(GIfC)`{pfj z>F4|)F2$uUJjW6@jI2I?YB@v1?6J9W;iC(<@RL+JOi$btV+IfbhHOZgZaWlAJ*He{ zE@Ub#mx-DEluJT^AOF^1>XUU6f;9=jYD!04f5Y&uw^w%lskQ&NKj;k(4^&OI(l%g8 z{NGW3ki7q8eAwpy+s>1-|Cgrm26g~#oigaQn}3_%{43baOKtu=>pkl|+ke*R-k-`& z;ohA3vWfjawY`VF1DKwl?H=F*-2+UMI(HXPbxX;8z*pEHm?FyMa-{&YCl?Et*l;5= zVR;AU9t~c^JhFZU6!71b3=|68*nGWna3lfy@0)CF+qP}n8{4*RZ*1GPHn#1JlZ~~p zXHMSt{BGS-r|RDSrlzO6tGcG^(dYYpzKDSkdYC8)cYWVe;a;gJ(6q+ibYTI^NowK{ zA3@)ki=fohNnmULBG5{|pAUFimkw%++RU{7t!|!17RAVK`HOfiYS;Ak)zKgr;-lH!;?1 z(eDEEt1{TY3a~z&IA6B$n%^br^{F3wOC{RTA0=OwZCO;Ue<)w8IlW0eeIWy;+gof+ zd%6(pF;pB2zq^2S3~naLVPqMXzHEoaXlLmV(7M7{-w=xM`|A&?cs`CxG59!@0LtAl z+$h!ZO|FW=4MT2~Z=7If{9*DkLrDKhLh7tIwrVl#53*IB`l*sFV_@$*?6Z(r#OD5& zQs@!jfY=y_G=5}k3v@jC#teDlY;`_+rUXe3`-824A=vo{O{t$yBbx=j6Jf;@(l=3% zh^1?DfzTd;RJA`W&6Xjd)<*vsxPTrSA`HxK613F45$o8#2kR{7c6L3p0naWQnI_!Z zrUBuV@Uwf5vl#^w?5szMq73QtA}M;NjaaLlzc&3A6|Ef<>%RdNC6E%m!aY!5KzMqf zO>c$CYyj;OfQAI~Op3NTFq^rmA%Jw5aimF^ zv!dl_`qb$4PX8W6odC&)QQd@4paUg}8zocW4tV}O_tdzQ(+fkVq+PHRx*8ic7@l#0 z$R9AFu792h4>YZXu|A;R?#ZgqZo-Rtui&PiSE91~>p`t>m{xrtgWP_W4VT*rr`*Yz8n(zzf)lw{T2fpDwegv%9HT{VS7^aDv^>RuVEoVfQKrk8l zP8vLc_hbmX`{RMrW$@xOc*Bw^uX2bAv&ZQDK1GDgm(O2fVv7X~Ic;_t6Bb93+xPhR zX;p$+e|^wmIRXO%Fj|cE{{KJ|X0p2#Hb#MYW-DcTV3D`8bdYT)nksdT z44;H`O+-^s&0D|~K&_Em#T_4QQy>=oZqtWYzw?b78cX55sU$k%$v@L1k4vJ{R1iYV{T(g7A*w+sp)g%4Ne|xwVL~a$~ z_*rIX{?)|T4tiU*Q8>{|Q7KXHDyB+1ArX8*y+ox%$yvQl;o3Fmx73#}WZTtJd$8P(NO@ zjfs*MYoz?l!mfzs+T=@u7+6!~SM`{L;6VR2ZB2OxmS~E^$_$w#e&8C11#Mhta6+f* zdJQEWgCVCfGESs@im*8!_n*yZWtKAYh5Oh*MB6d&KC6mtDv!r9At9^IA5VwQfph!^ zIcY{W#K!+C3}>8_Yj+`0-{}Zi=sE3%^l(w@H%FU4-aQ1W zN{%ePvY_>&mq+`5coR?rDH_s${||4HB*V7xqq@$PsnDTsk>x80g$*+smYC>?hv)__ zfx-6;O0B+dFshsDER_|O61#ozB2JL*44AREIt9?f1q$HCMZkOox_NCoeot8WdENu1 zk2GE!-GOQD!0Fqw`tvUm(+*xB*y@`YY{k7gl^YVw;rR(c#6=m*az~x@9&FQVd$PX4#1DPE~oMt^5 zr_Glp%WbraTfFiH62$JPNY6bS2T^QZK-@2$#0p19h*<6niO{$Nr-di6vj^uR!+P9) zF4XBS)TiY0+DnNetQ5teK~CZ2N(kUDz;_p9s*@Oavd3|TO5jlEL1Y{Bq&CRx78gSI+zs$2Y=(-YBM@U6Ix_(cn@sW&mCGr<`|nYHH0T>~O4vO?Vq0 z0xH&>Ii1If#9UWR@u)(XYO~o*Hjw}cOo<41Bp>A&57n1)5KKfWVh3Uj|QK|0@^WgsDI%yH-MT;4xY!XEGu9YS+?GTzfb98zUP3 zh!RR$=%9slzMghdl!HZV|NftUAxf})6CBU;UFLg!jD1R-7y;G2k)&m({{ywmrV&*k zR|4V=o0}W;zxYPmq;T|*)zu>iOd~3btVE`&((tV-S3<9F2a(N>tani}f7zrH(@&nm zr2jHifP>b>FttvX=N%2jl&A&%58*VP2oUH@)inUf1>RfVszoz$M|b&r^siX_CqK)$qi~!73t$WEuQ{--oWA(4&xRG z4;3mR)CXj{NEo{YeER|Pd=;?bc6^9l_bIpelNelgg$hC|!Y%>OZ*V7Jlb`bGaywjo zWz17bcT9bpeC46p&J4~qGO0)R+-Ob1duFMhdU!Sx&OM#eZW``w&CF-)gKOntdR{oEgK(=izhh6X(=4uJ$u3QtbKK|XZ` zU#@!LJ01*P)d}oJu2C6Us`trb)vX8-y4pqimF|c&0`)x^MLwzk=Yvg zlx6d)Kx|byYG9bx%!(MdN0hZWg!6P65|gr)iMb@#Py945tYhm(V_>%fG$>JT%x6{YVWASUw~>dFm^{R-#+9MwX(+hkeShp}FDj!;#&H zb+qUngd3U48~*=2+f>x}bWj00JTH=q5`FCd^KjhoRuZskTiNHRqTRNxx}?lG(-q(R zNuN7SYC%$W=f(2tmB}V4Ssujvr5_1$@&R~sSK0d?Eppo{lj0HQVNKlYAIXt*sF*8* zwV+2gE7NX5Jv&VcYOIR3LSc;)Wg(Y^RA|XI-n!QTp`6UI75u2?vm3 zql;*EEfc8K=h*OVE^yUFhmD}i0~(SHwD~r0vA^SCXa4IA^9wEl~J{ zKtm-~)ICm&?yN<)7sov0MnImVlB1-00om;MPuC&ovJTvd;{4TOBP#u6ChQmz9@o8# zf7I|9VR4hi_0W~X*+L_10))cDh9%?%o!+Hk5!cEKg^F76lCk(PRh`sAL!@HXz?|j_ z+OC1HRUk3fz(p0{zyFMIkmA2bICx4FAN>ONtGpoXryv{lNBshuPZ-+3w0Va*bQA{E zYYs15lZ6S;vT9`xmwOTfRx3d5l7(cd|0jv9ux=QQ`#TB3JTA*6k1*ENOEvLWyWf%1 z@n~(ss&P*WhoYpo#j}GFaP%t&K$AEqPyoOI`@MW#5Mn7+4m81A4qUu?G`xCzB--si zFM!0^zCADCDD2J!SbKSxz9V(8d_~SG0uR0~pt9HJ`5**l;nWWyd=ho@^M@HoD;_B^ z=thK@aBT);m~iWLXUWffKo`goai}jNn8yr6VuYm>`2eRLNQs3$NXd=|XzXnPV&eaO zlZ1{YKthf_V7$BcooGi0OBmP8slOs{E$GJOz2aaq?%TW%0c${|g)yjvzzy`TxfJad zyj?t$94Z9`=%i_v`efenSGq?|bzxxMwoG@=ODf-UvbmLSZN~=a+E!+6O$b0z>y}Wa zw^<>vuE_v3vD>J3)_b$2upee^OQOIxfOiP>$k(n~*2Y)Ai~Q0Hu~AR<3=N}B^P|5a@$D=243SbOfrvSHIR@-(tDrREv2Pa$i(`arHR91u7I2FjolHsW^a!xS0a`n3linB#!ecJ>;7_ zHjG$Ul_<3~piK$Ike3Gvka2+9pN#v6)Be?Od)i z%`+PG`hFaLesu#sUNTxd9ryb9;kw}U{tGdRWwH`Lbu6!;)$_#c5P;+s>S2U@Ct4if z1HbKh6iWY2&g51#x@+GFqxfjP;tR?9#dC$tKRW?K12qJI4Y`zgF)c?L0i;36|AEDZ zMGilKcbx*j{=AB_&p^VsEpZTg(jc2?5SRFODXC|QJ#9Ykzd{LLTP;AOx2r(HRR{*w zWDsaEMqTgAAM`CezKGlc5TU6sV>S6+b4H_(AKnPhHMR~2wLtuGf0!Qyjn*86W?w@1 zabwXRdr;qtq=BAvN~2FgF=KVO3)P?qRiKX1FndtjZI@HRYkF4hAr0bG6Qlw8HpsuT zy~@5J-6B(&o4bvXupEC>Y@3dx=T`EiNb-hrI? zq+dcJM;d#MPhV}1Ur3-rG$2yd+&#`w(}j3UxMoPl)vt_yAfkDe{(vHFB1$9kDcv$5 z#Y5v|50HGfP?7Vo97SqMr?VIeCLZmjFBwJ!)d**J4}Qw@(CnP8<#t9fT=~ZL%8J>b zMyiI*e$2ahmuT_rpAaf6b?2A7c>lT?gYUIOd#pb>eKnYyzkjWrotw9--AQ=UhVsnG zDcHo`-u(V(?S5h@s^Zvd_X5z~1dh8wzSvLbnWgFhb=!eLHwmgQz*xks*Zw;GaDY(S zSlvs*6F|NH>lDl~kE_qE(hD?E$CAnv#N?sq=~2K+sX+FkwLqz>>F4pE^{D0yo88t! zUAkofQ1LEISbgxOL5lR5AxJk!H~2z`hOpR^WL#o+dU2e@!!*xDFf2U)2`s%EOdSQY zTf)5t@)2t?+#(IQALD(29#$DLxWJ|AAqxvBmKY=r@v_o_5jysWd(pSKB5^&)NVCs@ z)>@yiD*Rq#FcMX|2ctiLUv0>HC%TgV&Q{6G{przeEcg0%q7NqDsyG)83>YioL*1IH z(>AN!EtE4(1+e9>;CAk%qwCuZRvu1_J?k#V?LScGeC&DLTB-}j$d_ujRrZIr_T5l_ zjaDH21TA>LtCIES3pWZ-fS(^fUgyIRPbv5dYpIjtOJ}*^_xbo{dGV;FNPA3#!NhA_ z+)I#sPvTTfr1R^nJU-mqcMfSGGG`EUyIjDyTBrf%F`z2kh{{KAl=mO<`>%FGArj7I z?H2RWJN-nfL!qS7e=CPjWhg!83jIg4^eWb&HZFc55Zqhnm?Nn0(Up32HZ8llj1WtS zFGHP+kKadXjUd0CfCr0(1v5Y=FTaidRxc3m{h~)}KdcynW*q?17QQ#!?AS}Dlso4*T>!on-Ty|LO@bl0fW>(J+IY=!^j?<~6+qZ3D@HKe<2%1B5UMa&#?FVx z4=EA!f*q3;oSlk)`j&SMLMQXzr8mAPb7koMjSN>DL>GlehU6UpzkMikg#mYYtqhX* zm)p<=M-Vy~VHE@8nigzH0fvDo$IXv}gf%T@f5~O^o1XrM@b~!Nl^ZT^=*g=XPMqxf zj;G4v%l>cwn=GtbYI8KCC{nGZcbUyfXOblth;r2y%oO4BUC=LV$524Hdv<-i&QZNC zFvG>MB2MT2y-e-d9~3W<&N(up$%QiLh}`CGK~LM{y8@CK$p8(hZ;hI%;(DOR3{xt4 zgs$vf_A|OM8r}ir4rc&FR~Q3b(BFdhP z5d|Mv9X_)_Ucx}y6}7Fk+)EAnJZE|P28^KQE+EHj`Q<;3KFjJ^tt|EMUb4cV3WLG_ z#)2U`HX1FJir^;TI|X~Tk~UEaMf%P8D}U9a3-K;wf+KuGe=L+Uc@QG~XkW5Ym|R-f zA%$eutPtSVbxXah%KYPhA-&P2WZ{V_Xa(O<3gc#pi~+O!mtcDKKWLsbb3|4ggNF1A zL}5$m=1I!p(2-!mZCX;Q3O^WTi%7xw!(>{En@bf-z7^Xu+Un~1KZ7^>`bvWgRE?+h z>*{ReZGe2WtTcbWs4eh2Odx3Xysr?$`*HzU^#6et5x=2DTaEufi|D^x97f)t`Udjh z8WL{{6?E%y=&il#r`4kh4N_2vK#+73mt=z`njAsmJ0Jb4KWPUSDA}h*Shb7^94v6A zSQh(-R`0?Q?L)dkWawl5hg@_y`6d^C1tr}~GZ`Ih@=68{xSru6v-#J*vQNs>8&j4} zgi~@;Q6ArlVr#HJh(BevF6l#uxMr0XRxj*jvu}nd>PK@`?=y^>BCkMaN>xuO*rr2K z^uA9Z`5-m5QiAXMGM_!=JUHb+#Ge|vjkI5`By|0A?fJ+e+_QzT$?w3Tk2>X?2q9r! zXF(rrkd=F99hR-8V>>>6(f!*avu@zGR6j2Pc7MTOJlN#eg6hgIGgX}!k&`B-rw?nX zeLD#$j!YR#sjQ*`ZZC~ZeOL(}B79(@gHNGdzc+&W2D$h#=vp87rabWU<9A|1*K`zy zz&Htdb`Xkz9T~heS@vvVI9!oVjrDy)3;I`z{Cw24R-$Sb>LyU8ye8=ZE$f%jH`NjK zqukI%=Z|<|as#rpb6B$V;LOor<#ENvhCJ9lbN@r$?=;a@9BSUMQd+;ZCFi}^3 zMd_v?r?}PA0<-s&e;sx?2!2fSW6*-CQfb8PpKII%Ygx%ceDAV|cLnnW4U$RWC0Kj| zU^yrCpL=jp4OcIisruYLKjEx)hm?2^QWeRREn4Dd|7p&IFr5L`gQFyP1nkr0 z_RhFg1w3b+E8OPaWP|3yl@*T;ZhyqFj zq_3n3iS>Y2pJWA&dfbIJzwWYTx@gpNQ8kWPpTEC__JII|Z~q*|K;#sRMp)!D8bNi@ z#t%n-Zaw9+7RQU1N-mlD)f3NuPlW?`F`^$lK2+O29j0RW1}MMYIE7~8tQ2w|9-pjt znxl%?{A~s+G1>q~Nix(-DAgMyfI_rgKD7qTB7z3fpS{7H&KYq{2@Kg=D2T}ec45(G z%K(3a%YR9K7A|VhZOsD{5#)9}vQ3&=9uj~@DCLeKk`j^E*%;#euCFyL$pelcd6k+* zP%UL(N^Rjc**aYKOH~%!`D?XCKSFmqwUZXEooi*AjQJv$29~Xq1Xy9$gDrLek#|B08p--8T`)| zll2dMmfsBuOh)4w zQ7-^nw&s?K^z}bXHV`=9{hk3$$S~0QQ6Ie#H5e6@Objq8I#$UzA8Q+;4W}Nf*cj-T zELK=!hnt_BSm%r;0-4`LCG`I$DjT-o#vram zjF8~R_d(#_zupggLilv&|MmK;Jpg}7>iHwCPyfde%`0^V7|2c70ob$WKL!{Ue5XPk zPXNySuP@@R^I$6PyHoi~fq>Ut(}I=oz9ZMU;?(IeAVs?6a6#fI#%zKjh545Ws7Nz} zkrr=r(WH8JYXm-KA8NS7W~Pb$mL2(1g2Ig6Mri>HPi59f(J8uiIHnnzww~7e)SJU< zUqAdZmWJ$8QpORps^NUt&;r4Zuw9on@we2+AP`;kaJ|dPNPrTcQn3II4u<8T2&&dW zV9-l-04EBcDw1hy?z778+c|WQ~+Nsa)`f4O9jBen)>U>hI!RcQ(Pr zXXh}^5(=9cGooQ7ir4>vPu7)O{$KbcoR{gccUWG zhX25malag#+Re6~Nw~^Tj}NtrL)evA^WS3%u4OJyc1M!niFeyLjWN{gsqQn3p%w%AR4;^0cagrA&gXzQH_540h-?)?t@`4OF^Nx zvv_7Wv4!P=xfSL8PEU_>;>`3>fm>!BDzYw7T3CxQl}xd)&@&BllwqMXUD&Jm{?VJIG=CM4YF`Tv9>;S%4B3@1qq zoFbbEPxb>8Kaq?&v&o}bCg5E3RXpr|35=-pqET~+=`qQYTJ z;Y2Q5T8;unZheq$<#jt=Y86o7i%DXj%_& z2`6!bOyYQ*pg>I4RXjt7SGWR5pS(Ozgt7|pOR{$xKXL2Bnz`bq4Z&+MX^qM7jF!aXO}PB4Py*WRePLHZ~uey`o8CvepQdmxK#OQ8T4|I)o1gvO}Vcb z9jYRVo|O4k9W{N+t7-cjN$FjxVOp*9wO`as>!HdR*Yx6f6@wD+)yG0EXX6$?RHFSi zOOcCHH<0zvUY1CI%LM;d&yM9l&cYfwCKos9X+%fvT*zX~3)?=@9OVp?alg_`>g*eZ zPd#g^&z&O@nrGuElSrV|{dDUSH8*51WUl%8#8)T?9cY8~SL!uHiOLGl`G{05^nzUk zN%V;|Oq#!$gT~rXi2O9+VJ5!Q$L%^>XiG*<{Vvg8UX}3yN05W*hEyrGA!wr2jWLM~ zRpXle|FX7i0^I#NIH3Y4T-B1B2%5a1{)+O*BV(LasoIGwqILvKc~&b`uf|PD6wk_0 zFh`y#;@X=v`qeZ?)NL=Q1i@95x8v~hhI}Jel3Du*lY&hjtQ5q93R&hDFOWND_e$RZ z0ZZ^WHt(MJ|2)I+Akb=rG=LP$M~BpdtbTpD6chkWG^ zLHo-dxPn!+9EA7HnU1na|$xVlVned2LPh+NlgCj1$wOVCd+*<%F zCA%oj%ccz&#yyppgK#e|!n1)P{2;|@W`jC$>TfX9MvTg}l&fd{5YqY_)Vb={Aktw3 znp%2R^_Gx<5D;p z2qBmey5L;2?hi$mw0_U_70ai~PcIn&+|oIBzxX=WNPx36Kn^9q)(*oO@XzMvNZ|LC z)d5@5{&-cl<98p9;2lH~PC4hNT+qK4jQvlYysG}lsm|6462L=8(n_1fipdDL)%pI| zo7zLeKG+b)Ojf4MALf{{D4$;neR0F_z5FMpD|V3xujR)b4Db8rta`AwGuArMXAN*q z6qgl1Em&iJ9a#)0Q&GyP=DJAee%j8fyF|)6c}P&weHYrQt9Y`P&eiSIy3dW>hG?eG z!{Fid4wd()lbL4t?GId`vQnI^Y~ehrHO<_X3{yq*iOD$S#L2dWmslX9n~ZRak)hD= zR19n7X`S3eXuoMvGWe|MTeneQDFaS2R;=^nFTbxqE@J{Cc`@SuU@2 zYCm)SjBmg9`}%sn1>P36Bmr-avPpp%wRe(W8&)8z>>%O%4fHo!P)G1jAU#t^@)XpY zAb4f_eCprs*}p3><)b6Ii(E!bqT73@=f*;g^Aq3(O{Ag9y;O3+sjRB1t`=}kyG`tH zsR)k%B+VuZMTopnf<|A``yGtr=Y_Dp3k3MWl|M$>sOQ(NT5cYQIAFVk;wk6w(oGJ%%@1b zWJe{<@5Sn4X||_&b*gEc7DzMfnY#JgXFuh;2;riSCD`$ggp3=~pRY-!ygR}@rV>f7 z*D4M#LRc$LR3KFST@;GMZM_62>-qyuG6F6e3c}w{b-rBTfbU1;?^rb-Ex~;Y2!x6d z7NGwep$X#2?}*m8@0DjaOGybU9woSV<2u8{cbNm+2cxCV+C)CyLIKk;J_DE~Y{vpg zx}*Ho+&$16?@|;zh@+WPzStV|HQfXmd13`EX9k#XyuT~jem{tq`_kgA=4F$7Tl}8B z0s!NBU;Q23-}b7@Ku=Fku6JOsp86v&?xcV5Gf;Upu;c*<%?nhc+V?$4S!XByqv=(? zR=3ndC5S>;fpR8IZ4c7an5kMs5w((+B7=~7!nRcLVR6AkDZO`raN%80q8p-;;R-(? z{9|>&3=Q!mwuGY#YxN2-*;p*{ZCOT`9?w*8QXU!O`7eV0Uivu6PZK;m?8ezD`fo{= zv;)P(wZ-MeTn9?2(>WM_Io()XaAJxyjOP(pwNm6$nIPObh(vUM5 z9Y{42;`#OWrak_h`COdjTeiLE!%Wz+llU>2W63U6(G32izmZ#(RzcyPC!AYcZR_Ru zS1o|vXQK`s@2c}F13uU>`3XbQw@Z-r9nZ$C8#7(wOe#z{PUJcMG)H=l*w&5rT_8Q^ zjqz=sweIO)b1VYx9uMxVpRZNVL*YUvEKfv#pZ{WHH4pkrmFa*XU5o(aO&cxFzthnm zv}W+7;R4Tk12w2Sz6HjBFa{6Li_yHB7Duz3ryJ`WferokLK9G~{>V6wb<)j&tjb^6 z5-@H^?puD-vZIjUx6t99eKhC*4fJ0xyq)`MQ1U&8Ef0FEox1XtG{vL{6bGS8533KI zbs9Ng$Z#^9y3mXgyNW2@Nia{1r?Fj62Y(TCJvr3cgeeJ!-Q<^OTpKs!YuEy8lw?(1 z*0Cc~@c(LuDIy}!A=s+;XV0YXzLJ&l*By5{LXpfVG){6wp>Qgm091yad-xUq8a0HV z%V;g=n~XBKar+=yz7w=Cr{eo+Hi%Brp!CBWGKCUj$YuGo^NG6!CNks1JgKj!r|=XH zCkZw)pU=BtRSdgku=4COhbs+okfW|G!DUJ-Zo;2sp1h`M4-QJ)zl9Uz8}pmbGZs?l zKRg&YzK!xzb^L7FG{poTNr^4+#+Q0G0#3;-F>HkC+0u0=lAEpt{h9jz+tSFw!3@JNf!LUs1_7VWcXdJu$YDiI8H+25Awvs^7 zf&Nt|&nq@DIA)XhiDgp{I~Ayah0Z5eE=pzfmOt4da~8)9S5>Kl<0Y~Jp9S6{&zlt- z?-?CNl2U9|3n5NFlp`|6f{-UBme;1bmsvgNa{%jpi=|cXD=lom30R+?Q6CCCT?@P- z{5ucayuP--0B%on&;izK?P2`uF0nCKNh@mB#}wuvRg#WR6+JaQLNb2Ppv248>TfgO>%SqjslpdfYElDeCIG%;nOq1wFSvbnPl3 zvJqXX8V#JfzmhL!n69>tXO>ZA6h*x`*=3nBtXL*k8;XHp?7Hu=L#NZMa0Aa;Bw6Pm ztEFZdxRBMX6@*URm=wF5w#C#7CK+1h)6vrNMq%RdLEU|te@Rl&H{DH}!E`3mo z-VC3dD>zEIHCyW}pO1cTbx|P<4|sFHqJurssZ`OPC0X89x-$~)%v@bEtoYVP^rGBl zd^{82^q-iWAeRUFVeU`UuG+DtCF|8rHOw7c(L}Vp8?>eWN9u^;*!G^#?Hm4n`|*+U zuy=d>Kd}&HgZhVDPH+s=qIM;b?$xWKN7ac1#obQ3x{{6(f_YZ^Dc9An%Pk}Yg~{HQ zMfE;a{j#tqMGmt9^!5#1TFfe!dP4~=G6_MlA*k2{j77Cs;vIq5&u{m<`lrzoky!v`%>Gmie)$Bit`_H?g~YH3xmS-CjZV=(_j7G zek$dxC8%E99m{=9N8X$rJ#*TWxDU4SGV|KmaiJMC+F5^+{`d+m!D&*v%-JUdifk%A_8|urz?mEK;oL zPB*GQ?CG}@^q$^O$FDOz%sV=~vGNgt8Sk5qM#cgK0SHsR`>uWg$E)9gI-h~PUpsl9 zZ%EyFdA)IfK%#ZMufURL#}xoa522!C;N++if6)?Yt#92)8s;bL^ghfK~7`H5a z3d6T}nAmy4CAe{5L^v1h1Hr`9KiM@PcBzxRw1*z(~OJ!ZA2S>V*o}4J3i3R{z5KxqXk=Md|LE1A@j_zRrDr*$6nBs z6HCuUIf*R!Ynb+P0z{1_i`g-Ef>fuA!-Rs}R`W(LQMtbD(w+*nd`l(;Zry$9!fsm# zmg?rBmgr%ez4XY-ub&SjGKGF=R`MTsS9nehA6&=7wUXEc3&M30mF~?P9nZ_(NU4`R ziN)TK0k@eUWS7kOO&9clJXRDf6?$QFD{>1tSvZcnUfFByN4J;M&VN<^R-{G@Rs4WV ztqzU@Z=2HviXxN9vLD$gD{h|e#k1#1Ia3+1&Njdx(W(Wq6LDgW7VElrR=P`Y$7c{gbYhjCiPM&oYo@UL!6UZLUg=orb^5tl>cb2YAy5b1nGlTEtbL# z>y-Y}CH+Sm&gRqpIujIwJn&fXV2|6T6fT1K^ihYy+y*gN%7Ig|a#sQqON&0oZh`%# zCv72k^gaZEv9Jp27gUAW3^`9q>=B8#z1Qv+S%@lTOjy~|i!6o>C&--Lx>Btc zXngF~P2<0xGohucS+B+W=rEaz{lD?ZAH^BXH&_z0Dd{geYESCbcI_zV)An{7{o zf9%2>?%^maxx?>A4oHTwmv6n zEwouP1PAsGIClHCuXhdWej>F3~PU_cQa>5k4ktdt9df`YhVnfiT97XOWT2ckcX zHGjL`VZwdZLe5d0wZI&_$2P0Bg5*{I#yxN49)()HIztLHqP4`_mj9bAJ-n9=C2qVs z{CJr^HmHey+>*pCevKV&s~%H3E?ejUXMG!YO8W$6ZxEJXpI}q@fZ%Wu6Z06;rmZg5 z*2eKK+fxl17jYG~Uv~V>9n)JrT&vKhPX~{n{jzqUm`-5rh^dzS-n24=;fIInuDXQY zf+#|o3~dbI@%m6C5y^JHlX@HwE6h+eK`r)m-r(V)pYZYi4!G0%rSR3@+vU>KsOS(` zx1Smlsz{nY&n}r7$vY2+>0y$yn87qF|Mzko!NB39*a-p#(!@?8`EFI z7UA@isKWQ}>IQAhd?x@e8}9*gtnc(W3tkM#%m6Lvq01vr?VQ`cg;e05e|0-6;tJO) zjS8UK4DS)PhB8WUeYog~M<)-Umjp9Q)IcnHH(W9p6rrX_AC{H#aMD>CHxq<$gJ1lf z8~zje`B-k}%MBFJU-%g*5T&Ij51&g0bob2@{aSZ$OaXc`Wu%C3i$Uhb2TDPb#HQKC zH(Ko)C|czHdHZ00xFV5B@T9)o)Hc+IrL(oJrWPIdl2$w<<|ZSgYHp1&9$<7{nCj=v zYYe<5_-ASew-osBN9P^_|Kn&9pi+|;>`UTFs1KZ z+=>-&b@zo5%>@UC6VOl4t$5djV<#HVHm<9vcQ0l1mcO{kEx-Vc_|1&DYr)ABu!#Q! z&rkkHCMj04IlB~BZSC>UL^$`^ITrl20I0X3o(jxgzM%~z=|PbxTJNv^Q_Why2p0q& zrYNa|uHY+Xdc;ptx-n;oo{iAhPwSKc?m9HTi2-A{OpIfD<1zY{y`*KpH11N$!PUVl z)@=Za#S=rpb0F^jor!FvALlcn=|DeWRe)Q;AVfyHm;Muuaa0Lvr)5%Zx(idjcHBBd zT4j)G*ER@CKRu|0C1rxB2XBu1>}vhgY`ahCJ2?kJjXoH9JU{<84V9Y?tU6$%8;Gvr z4C+vuz)drwZxu1z^2f5r)q7Gem6H&crH~hcL!&{vYKq3;cKaKI5jH+4V8Z(6 zs4RS9oaW6pB3H{+E^XO5K=(v|mOpN(z^ z^z(tHSVRP#L3=|@)ZK_aKnt;Exq>d2k0E*!fttFlNeuK^(WY>e*we(sfHpe4uGr}FIRM>`aa%^HaLhLwa8DO zWhp+swB&`-5MQ{mheD+3VAHOfOfMc;7@OAGxllJwjJF08ig9#vr?NM)=?=k9Z|vFy zbUbzn`HLo;e=$$NQU*Ug$h5FDQ){tzmiW;d$yQnV@zxE~#J1w6>rI6IZZ<}G*kk(F zc%OgrwqyD6YTwNx1RU~5|N2mkOzcYX`miU1xfe3nW>3wcyl?oVF7N!9C3MaMbRj*& z187V|>X(Jq#noQ{AH^k=qJ;fIzSHSX@9^0{yu54c#{X3Dxtfh1Wo8S*}8b2HUu}@TA)gkD8 zl=$N)=l5@nB;X0&N{n=qz;=euylm7n;~xpd!fEftFS8XXa_o+g%DORi&9G>8k`x+f z+>2XoT$ig9$&oO5qDrC@nWnUIr5~g+Y$l*jluu%AGLW$;l>DLAMf7$94dg_g6t^o! zSJa>=n3$OZd}-*_5XO(ErS)|u?K0nPc2$Yn`a-7X7z4L?j`hyM{`A(|?BbNFR2t;B zai%<{b+$uHc@dG~l!4<(2^5pxA;>OP{E@a|W!usC)=$B4#oqm;eD%=-{YMMr*)Uq1 zqLQG^7zXsucg(Iday5JC4+~ni(rK{Sw-7Iu3YQ-Ys>OZMRJi5O!zo(Gu3G`uUSHXC z*JHPtSb=fV2OAmaQwWS{hb#}-mcYGR57*DYijJ+fu{WR&M9mX?+m%n|XCMdYK2_WV z9?yQ?F$iX&Dyy=v)(xxaxy_p5@h^wz@y}8+G=^y|ranRW=lBW{mLc39g@QQtcRy<|cvH~C|83_PlL!6NO%q8jtvrM9G{*yyz0 zYe`YIuDjO_I+vP9OQ-gogIyvHwckkaz`=c0hEF`@wI&verO?=KOKm=9jiRcBR5WtA zFm0o8%bW4ho^V*dOgDEDJ7ULTIovXcIh<4)bK{Ul^>p6ba!2)yy>}m8hwPpOj-o4# zrs=@hi#+zcaNSupXejiBp5I)akaW^C+5a(zc-!y(sqMn?RHq++6o?~URSop~^&aS0 z0^A#aB0C2zeDziW_hP%&XC@_qhVYSnhEIVQey_o8fpR)mZ7Kk+DWGTR=joy@UAH8N zUPb$dLgnAz`k5)^G$yvMFEJ8WBYp<$hXo+>r`R6W>xqif24) za-Eu=ef5)k+ft9Al*lz$4uX#ktW-JxNg1Yj(}b@GlP<@+(D9cHiv$BpG>c-R)cwbb z_`}21WXn6P=Y-QsuvnS108I$dA76G>UksB|UF@u3qT&axEQyPcoiJHOlQ#;t@%s}t)mb*gU8e9F z8vdWcK&qxqB{$?RK74^D&k642l#Em=F48$bn5jVupU#A0!21KT>66)E#rPI3#oZox$I=-hAFnV)Xd+db{n$`(%?``n z0i6L}@)Ray%(DpaV8QyJaZny{B}MfXse`{TsarlZBQ#r}wT-*c&~QZ-2)wFG>B5<4 z=)=JAuL9V& zUwQW!p7YI3!_!n?*NBkoYz%O3lWroA4{9gw)01d@I2D*41?2JWGc`q~{`Iy45 zU9UKXvT-(bh$ujt?mQqnUVlFiWQntL0BH6B=D#C_D)1|y{`MDOPy28^0)c;Iq)B0H z<6__=Ly2IWB=jH}G7=aDJP4$*REe-1Df$_@ow9hH73%xnP-j`HYNWt%$?(Ry2@fT3yhfvqZ8tU1jSs#iCKjOen$E?vu$DA$F}g=e2MK_=yoDwDa`IV zkJUQtGyWQZI!a`c_wD3gvK|;q#bG|Km^u7{{_bu7TGz{tl#J(eEM-(#SAYa(JgvQj zx(u0p*-tPE8MlO;h{tFQM3gB78QqeTh}!^5O&#m&8}gvHPoZ1j=BCi=+GU{QD-a(5 z{E(m7k_N$pF(L!yr-m75{1pfPPe328rRpAao~^#RB?NHT`w&=4pl-B%9*bl=N=Jrnem4%nspX@&B8oYATYvVToX5-C&$~$5e)7@ zRR!aTPOvJbQYz>i>0a1mf6l%{fC`gC;KFL7e<6R5z&}U?-J|v{5hx@=HYlX(|YK_6%-1-J4WUo!ENOs~Z<@Fu{sKV=>GJLhx$qibI|#SE%=7>h1pJjMz%uF_Hrwo%geSIpYHDfX=kFaAPCY zY2Jk)19kQT&KI3UvRc((t4>=nhx}oSjTbIU|D)DlT0{A|VCAZ<@Mzol-@6Q0^syLb@=9W^L$pF(QTluOEi~{`Z85{sck89*$5s`bgz?xq)Q+><#~{b zy_fS{`Jra?x~q)7vw2_VK6@Qq|4vZ6J`2BC^G#?lPCLZ?^V~rNYjf|+-DKOB*bjQ? zU>|Ox;$+Tr@CmAezy2mHbYOD5NtmbEko6M}UzEDc8j#cRf)HD)z*S75#eHQuX;b@|#CagOk!uqO2tT zLvJzi7^RO8NKncNy<2=%?mBrITn~yEYYvXq>rXT=*v~M5s&kME1g&mpwxJ#=Ir9d! zF}^bqwkY+i-DMK5=R>aQb5{M!JoNEBQ7aF3EY68%j26Yl4!hX{p6i^xWr_5x)@2Cv zA&%;&CYag&-L7g71yhn|5_kBF$L3D2+`nqr`6x}tPSt&9+CLEmwf&H+8uo2vf9x^n zWJWHib>UaOBu_=Vg48ZNu7I7zoQ7&aC=hW0YaeP;yoYrhC4WlJg-X=u%~e@MTclyD zt$)fYGTI%lTC;9@0$`_vbDcc+Xi}Q%VCle$G6$~BNTM06-@ZNHPJio~*`5mOhy9zy z``fz$YVfjvrD272VVbnmC)+^QLoF{_RgV=p@8RhQi$sCXm-j0xGJFRyn=Gs6A9Thw z9V^XGwV|?rY5(jvNpWoVQbu~|a?zCvEH7OY`fHVhUZ(W(#-smWuZ8{pk%*cL#(>X@ z|Jv;o;=j6^^PleLT3h_r{F2SZ(5A`(W9tk8XhtG>5RQB&MEtS(@*JdUGa=~kg%xFT zXDa4cqpN#0GOPM*_N@eJy{6fBl#lKX6ikWdu> zyr9TZv8kz$X(6OKe8%AP=0ro6{G7)bOTS-ghRCfXJjB796Ej23jRj}OZE6i`7clJq zgaaIU=>%o(Rh^|`ODh9(2KL%h;C)5V+^2`;D1YFS=&?tA4iVg|_GgU5xzmEOi+d1gv z<3BpRjsNdnu66JKcLpy62?plxJP|0ZGS|+N2J`Vot(<1SO^UGD`frZxhtPJ+{4JF~%Y4)W3T~Usk*32?`g>7q0B&Xgff%&1~FcA<74>YNa0<=|GIh)=| zvIzUz1<&KcW8g*Tc^>XXLFT2v7POoPR463bU1vp@k`SLngIm5XjnnDIU7WjS^8b>D zOO*ee$N%?tb_(^MIve@_ey$S!U(vZ63mttT?y3TCigl2A;neU)i*e7;WuFBmSUx5^ z9C9+mlAN=bIt&x;C)9fC;F1rUl4-aPQC%_Mde$UiqCfAj2CsW#fs(s!@!6sFUN+H_ zfC~F36iY3sN?Q@~LTTXpukhP!-WjG6pUQ6#Q5D!T@pOZ(-zB;I+_&KmXqUT0@7AOCf*^R1u% z_l;a%RsWwaJQ#Gd`v01&_xB}%R6gKkaq+A2)ER|zGjj{ioRM0;$C;a@3v8I^k8~}{ z|9vb*mke`%0TEyx|L^wl{C{`1`>mh<|BYO0tKmY$5xytx|j(;!9wNqDt&7CdK&lRX+5(}8d1vRUL205pnZ=?E% zslPrW$>Y#N`#bO_9iPR60lh`_X1!Vlx3%9=pLm$J{1ocx=}_5NLbDE!D>Mn8rIB_9C9K=GaS8J4%m3KvY~sJ~>B?zlW>Md( zHNDr&-wZab9%r3z4xvBUCB(TNqU^Kf1F@&Eu*@80xRwpwcJf!>vyjv>^`G7RyQYpq zw#A*JdntDN`He#4n$9t#f9`SFP@73*Zn&1)@vw=8~m7W&v0M0xStN}uFsyjboX zkfXTV8^xsBwPyNXnie!S|EH6y|F_fK?QP`$d%2dN|M#E2li%Kp(%m()lht!~Qf6fT zx}(gDB4NC%^o%O2Fg0Zx@pPuDt<9{Dv0>_~UyJhp z5#~M#NfonSa?Q*C>2>n?zdJjf?uP&0$CW+*9S+U(sV7nWqEkm1=Ah|#Go=h`u^DcK zOja=d#e%%Lr9#qhn831~0Q2}l!7Yf)45fb2tuJI(Y&vwMnGLPvhLj*TP?0JOv#BZQWGGLrE;WqeuDGL*kX7;J?73K%cI2?Y~ zSLxa1QxChD-RachlAuW9dlsHDCUb`#rS%h0x6|n)l9eJR(w<}Uo}?#ht$0+;y3Tkp z?G#T_cS&czrg$;y*K@u;T#%i;FsGAq-4OE9=t3R^Bp1Nbkrv7Y3>fcZQtm9ZRI1(&d@dRYb zf7VU0#xM1cDa!MqP+c}dXu-~H@`fY$tUYUE=2lsRGA)s&VdgP)KBEudd2XO5(Cm|s zQ%|8-|B({Y#PCO@s0v{3xiGVyC-i1`U$sDRLY^5Q(8s}#7tPq=55 zgU*y7c5g0JTR2}1*D%yViQqMt^)i_wcV zal(A#QChZvgetAvz-g?eX{koC?(`)aIfqIk3W|~zv;vYnWc29djp5J2d6N#%2#ddy ziS2PqvNNgrL#=J|-v2KLROS`QW4C8(XfONas72(K3aM2i-DU=&E%LAA6&P9u5_=X9 zswYPq9iP6`2hPB0?%}Y7PC$)DhRT^Ua5yI-VqmdRpCC^u(8dOCU)4vqP@x~TU?L6OkI)I0l5l;tmtJ*rGa@0n zjA;PKA7Sqb4~b~i%qdPHjv!tUi4h3`G*mJeM1|0B*Z|MJq}K#RSdN_gIP`0eP)LTr zOwd-u$$;JxU!N}Zm+cn%H4G+*h47^U2}OjXfQF=1YrQ(pevh+1YmboHI&B~ZqW0?_?_Zss)kfI6 zYS%p4uH|Ljr!6`B_g5A{OZNZqFGufxe)aa(pIc*pEq%=1|GnLVZtncY?(Y8n#{YjW z*CTX1Qk*tm!`e|0Af21GG5I74N?*%%mN90|z@9-~yMLADgJ;f*&m2+$=#*!T4b zg1{QpzG~HKj~<~9Cz_HVd$M?^^AR;suhZ)^I|t3~^V*|FkI<3&y4KYHMIW5*j(i+R z!ar{55=`y(kjhbf2||vu@!FCT(jH?apSA@I$E{?Kbt~Hl3xttRBBE47Z=wONG*HR( z*@q|=gahFuw-FNrd9jdeY{Ipi$+IW9J57QF5qj!b6tD^L(dEREC2CD{O2+J(pnh2u zelH+6j3cFx3DC&;V7DoMH+?4osBCP>!1W+$hz9tYal{7b&sa!vKA-wpi9AmY zb0sGwUbT|-GrR&0YwYtYa?C=>Sr8EZPD}Uw2HZdMM#NY0srd~D)ASp9RQ!s(lAhm3 zC$Si*CnyO+hK5t(g|40n=yoHA7^zW~1(7h-H4Ws_mj!?2T;U(Q5Il|I* zBhb~30JkOKZeLq{Mc_*Zs2;c@gi)!RdYIc5PSx;CIN_rse>}C9BY&KkN^>tWo#x(Z zQ)(KS11`TJy=hC{%ddGazv#WyKvXTb@V$afn%N~z4ZX97cr7gpjP)j+=xncGJL zN&?>w9ETI6i!%7RaBRdlN)=;td@3|*Q)$AFg#p|g{wi|c3mACXf}wFbcRc2nK)6Hm zIF3m2h8F%Lv#Xc7?h%WnpuQerYQzQb*Eq zx7|?}yEgMC$Ti_OK#l`$OT^wtu?je$Gx-3Z(ubC6R%hFMBP3Py5Lk;|XG0ueeGd3*{2blFtub_04v9N1gv zlmz4&hf-scKsSUFgag4)9QlAvG|Zsz>8qoc?_RaWeoFBBGmOfDU~Xc^6+nI1I?k@@ zYs62dPH!JJKz$EO8IaWBB>D0XRo+puqO+>__1F9xa=n1vk69+6DI{RHC_?U#Ug_JyIXCeX5 z9SdOlB_W|wx|jzIIx>fC$wdK{+g=G|=>q2Kt}E)Ct8i^;bgq(cKLNMz*at;F6_}tw z*r`|uIt&qq>c5huq7=mBW6vBET_&g;pXvz~`bg+Yf~;rha-xW`RAi`MrDjbZZ5fCU zQD5?y^tW5+joQ3&5>XEa==7(fW7TFHHPD2`XiSGAiEh*;(LgKFp%~)>L%yV;uclj& zbeI^O>EM}kPVBZ;>?Dp9g;sNk`Z>zmM{U%1D6jsVF)<2_yZZC=QD3#$cTK8&p#0e5 zOqe5|^$1$%&0yZlC54#b=WE8*6!jHin^kC-F}ol5A0mtZuEq9L_qm@cISJb;`Xt2)qR5D%A%_IYX)^)J_%>l0{6<>Hh6oz5`6% zP&fxL9YxYlck9E#`o++F!J!tn$C&waFhTZgv$jhJCAA8tOZOVcGVckCIdV6E`Pj79 zLZt|ms~DBTscdXeL6oQiTH3$C6J0uA`(-!@eZq;aCJieYSqUgy$wQ7L>WZNW zz_S!6P6mXNFp-1pHwtOB#R`Xr+~RQ*fXIo_S%AGO18QRZpu+i7APiyRO31Rf=E}3> zc94kEYxTK_fu}^EYl;<5WYk(FR+i2BBoXM}SnBtgfW>9))qgRC9J94v4Nkx5{pKo`dN z3N)&S2|*1h1sZCAd?L_qZ;%{u77vvMqDKapGJ<6m@g+Dkwn%H(vdI2K=ohyWtvNd% zX0Vb$eR2{ij0QC5KkGc}^wE~lclzq4(u?|_?C3#`q>TEYJreBefu$(lH(~Sr?FPCT zQE!xJ7B?eeww0ZK^Qy*$kli3i!bOrbQdMWb_>Iyol(wYwO(LYQ9M!gyj!Tb5Au7u% zgnDp0old8}Jl;5DZwb^XJHB-NXp_SD&0)?BxtxVHIkVI%h~qR>8F!v{o_D6vO$`2e zbo}NFoq0GE+RkEAQY~{;)GJF%|C?Rv1%a@4k~PEGL7D`Vih?Rgd$Ys}VENWA4weB( zyR+;@17=|`f?yD!ekO*yZ)b8PNLt`md8dRKt?2*e@KDVk)yvv+Q079=hMJ^MVMXJJhVyy1)6sxEKX|@BqXj%B zzg`p0sZXX3#Oy-t^-`N6Bpwk0^NF?n75z|8MAFG`r*F|#A5J1^x1A_ex9{u;8?D@1 zuu{&eEphGjw-qFpSaD=F7}$-hjbgy3)ushI=-3Rskr}%I6u=wDLh7x4Ns`xRPFe;e zJ#$mB@W-9MV=Kw}NU$-p17 z2|wFTMw?OB<_#j5a7zI*9}w`4&3r{9F1Fe4f%sAKPRc9nAgwUiPbc9_axBSEbF2O- zu?7OA5olquKp`qLgaIlm`OkL zI3Rzs2>6}`zX>9KA;DO$JOG)fk%=R(g^rZu#)*gn*+4f01&m#3PjL`{@l?xS;lu>x zBjagswx)v_9Ltf`lSA!GSJ1Oi?O!|`ruu5)l}Kvzl<}%*(*O#b$Y^k-OgmADtvHwH z?qkZiq8o-%GERpy#DQ%YR?dbA6u`J7BYaJDz(6Wlr1lhbZ@LW*RA41NC(-6mf54Su z(*T5!@i7jNT1OPn0r4iDmd$n3@QyI1y>kF9BmW>tJ2D$sjua^RcSQt#yha&L@IiHzn=z~#y z!s3kAE^R}b2O%JY_~1YY5e{wFp>3sM9gY3WnQA7GFxRpvoQnJXTos4Dv7j-(pV(`%9uJG1 z{ZDnb&_msxE7?HxB$HL$>~=bx`WG$oauNmDbG@BlBaKA#n;=I~bi~I>YIZ|t3U3~z zi9Rnred%XxWMyinCZVoTi z0N4+ZqkkN|dz*}MDuOyjlx!dbj#JCOwwB(En9@dx5Xo1DCjCyy4dGzz*21IS(l}({ zWXxh=KTBC=>Npm~=oAZ^QaF{csMUFd6Mg_gRp3zDv}@Q`GX+e>l*d3uiZFV;Z6vXR zqu<^b5|{#ImT#pch=h4d;2<6W)^+`ZOA|PV-7o`tsRS;ewNmQ>6Qmu7c=r!Y4`d(V9r-6KO zO#&7Hm6AkA?Sj=7ANAEw@i=n$@U@8uR(P(x5n399cVC4f<^-LbB1vUHz^tli1R2m< z)c;VLMEbF>zWqaKs$+Zw5=koHL4g{@3sdsgK!Rw&Dp9+Yd}5`Sk)8@M2|eUviL=6R zI(ABg>i2j=yemx|Apu}aL#n`3a!H`Lyc&e?IE}Qq)C7On*I?e9h{lZXRFfv{*+~qC z&dXXN)PZ+?3;n~;Ma7t{k=vm~rNYwz5mGeJ2P5O?j#NKJ zhf*DFXK1&gmu{{IkfszsM~|Sa?K3aq9R%f2wlj3G&56gjPs8B_wAJ2LB=(Yq)>`8; zFNV@YFb0SRPszE}4G0#HAfcy%AQJjb$(khe-631m&53A-E}Q{P8_Kq075PvSFH(7p zO73m9YPB=N6Z06b^x7Nl3cSK664O8+e92 z5}lHWp*P`x)oT5I-(#U*0jUAcRzeS`EY5s;Y&?!bDkrFju<65=!5YdSbE|1mCbO;T z+^wV?{Z7l4EH#;3&Nn(VNI_YvT`0u;kUUG#)qV~%0J6r^KNsqy_O_N_blu171~;o@ zsG=5RGZXSi&-_m9F>u&x37-QUR}IDdiUyM=}hJKh$X?M$zHz6W)s}C%eU;z zP=@Ax+;^WpMd#`ElSp>@9PnvQ$7lqPS zD_~J#!LG176GL=v7de|wCvziR6d5&}QOt+=O{aI#xmJG1?3xH<(;!{;o~mY82RwV7#vFn3=i+?71_Syg6^;pc;ntK4el*!TP3cUutL><3ETyi4k>- z!x%yfQ!m6}X8Nsx&`hSsU6w&atF&;*?60)$S^2~4`8134$o$1Wa$PJ7d?ukxiyGO~ zuK?i`vV%heqM@cDJ7PR#9@fLU7Ovs8I3E@Dd-Hd&J1U69)dk;?DRZjByF+q=#`sUh zt<9)bJ2E%2rX&-KvIYLK>u#&p+Cj~~q3d3&)9P#^8v0;T7D-whhrksaA{we4izRqo zE;(_nN04f$erlXY7*rV1((u3LY>b|@ZWXA{Ter2E&2)cmy&f=g8c<6y)a_)f{gl0( zfdNOmA;qg(NqC5Z#Hkc(uhNv)wbwEimJ<+Z4eqWd$2j3YrqF4v@cW8P^6s3pv+}e~ zHgNFC^i845L9AU1CZjjy4_AFhR6ut=raZ#_8PvU#Hn{l9lQLkVos318_s8Tvwp= z-^mdfx6o_Kg>1NO>!1NJv08xGKn+lht>5p9QEff@A2pk{gM-#yt7CZ|$qe<`op$^I znm26s9S!Li2S_RE}$k0a1aA0QEed_+K6g{ zoeh*ui9!OcTY{%ZXd?W#7oefFIxhO{>0b7y^y0*4ncxyOKt(yUVaiqL=}o%LILuMA zIbhr)S@$w0O(!P9O*wrtNPPZ^^F!2wBE_6Do7v%cF}KuHTOKs|biww(JM231v+@89 z!QgxdbSOFP?-0Gw_qA{MP*H6-0n3K(e0t{`iZ#a32kqe+j-#lRJ&_5jPaf8b zlUM)JK+xK&+lUhZmCg=7e9ZS~iiW8{ZG|-0{&HxNGSnQ6$1!LD8XfJ_>A8Z??|>8R zPjrSZ2_d|gaN;+Tu!a#8lJQAD;ff}L%qA51L=rxxAu&b;i@d6JrO2CrMH}tGSrA-e z?rlM0=AIM4KWHKty&M zY!nwD8$9yT_L_1;w3gB|hm52J*0x*doPo}v-5drm#hZ1yyotrq#w6m~gdA~LG+2lc zyKw>!7Lt7a!D2LqL?yuxkL`3iO&ZU)B{fe3`rs;4AGaR4KeagIFfB70Lny4b_g!ie z%q_}!CMHqaN)$B0j?jjdUQS9{dy;C>Nyrm`eORk~Mkko#u|hud8NDRhu&KzL`lU61 z&$Z8}sV-#x+syug7jnVZpA~%uyC~M;MlKk`u-Q!7f)k$(o~jU!K|X|Z16z)vyoL_? z+^-k?8})tySuVo)GfD!8r-sRXM*aGh6!y$|k_Fy6H#la!dqjs;_bbB|d z+tiBDi9aT4T|lmj!KR;) zjq5Kyb>sP`^#_6cRhA@z(3{UXt&8dKxaq3_^H|JD00s=vcWy4zXOotc2cvq}`)Bk< z*Y7Djv{~0qwJ@iKi{8zd8ZVjy3N5Sgm^3owc#0qBSU&JO_*8i8nm`Gl%&WrP4{pJj zV%Z%%9j4w9%tt1k)I{Bugq1p5oN&xs}&{zqNbh0r2q{e$yVJn=VX8s@F%<665G0TrUq^L(4Pn= z4TvJAEV)MG!DCd<`_H&uL z5qWT0%guEu6w0}kr^6)aDY=S%`Mv0t6I>C9B!6aszG046>{o}sR`2tb^!(+!B+~P% zc9xV$Tw#Pe!X$Jhoo?CV-{9RT>)*(&i57N?^RX%n=smilMDz34eX65 zxz-Vx4Tv>yEx@LmBw8eq<1;39$7UY-2%`v7p2#p31tTTvfvF)xzZ_-78mIygXv+!% z(aiBxhD487$yr8d0?4hSI8!`#ilbPX+NTmr@=h;Hvbd%c%`4;DP8S^%jNH*feK$J~ zOjLg`e$_mJNESW5zlZE5L~n$Mb@cKhbQ*`Y(15ME^0QkBwg%C`KQlHANUkJ}*~_42 zkxbPV`?aa$n60gnHuC$)F^UL*S-B+gh7hCs7304C-~apn5%yR&vyy^D7y`x&aC$L) z8*v2HlN@ud5?MT{WdZXAq)wRBA(ItSqJe4~@_=%30~QtVZ8)++(sY_wk{^V^FXQVO z6CB!tq7HmI@R*<*atSGY369xvk7`kJ(`(8=#X>rBibL04mVr8xzpPg|vw}JJEhrK5 zTiUdzHaREQFBP&(@Hh7T{9IY#s@S8#?SvG3P|tnlhM;%>i~ZIRRtqG^)NN7(l-EHFAmal2MK3cyV$=`{%^jU*+;Zdvd^GIk|0<-SsaV!cx> z?8D(0Ec`=HRI+PdI9t&8nIV46$@4rueJS*u8q1#J9pWNF*A>iY}xEN^LF&n6Z>(Yyw8j+~q3Fx|Lte9>aqH@uZG3 zxwc2Nuz_yT?57VAlO&WBHpwkgL^@-b&zsKRAElGF_qyHQc9yzmsswb_Ss-nU%^ZVb z*(Ic^>WoekVu`N^f)ow~w3$Wlc%z&NZa}#(p)e`NQVxnbRYL`8I>{KTyDcjtXv9MZ zA;<2oe%eqA97VwdH3vyZA;&i+5-}EptNlwtxk!j?+u&WZ)7p8~Hr2z*UTk{YZi`r8P&K(@C6q zoLZbQ;-mI#CzXA4c+oFx zaHKs_P>9v3iD$+2WGqnWNM}wkwa;!5bjJ3d` zvqcj@KIWm7EbJ1SOdB>B0IIN9Dm^*Ws;4e4Iz|e}E71bc;HX$pB-u$&z0;iqTa+3U z_tXud2ZE7S36K*U2}AS9AXdva zWgm0$Ubh}R)n3)c9s40{F@ z#ilf=bre-mtG#ifKwM&{(D}okL_!=+TOq48t(IytrEhNQs!|TQk^~7BfQtt~=)Shg z8KNl@v;mZnL`dQr4)KGYvTt4#A9J2LtxYTY;L&_ zlcfVG{pxFn&1>O7A#btjwMmW8ySAh#b}k0iG{uRok%f`RqKV#AA1X?LE2TSX)&e`l zXyFaW_b0wBx2ljB?43*2?b( z?E6U#zDyCWY#!TUX_xKGfL&T&B$$=_WHsG*Hz2@G9QyXKZl|PZYwYVOf?z@@grLzm zoe7O7uVW6A_$D=?)oQO(|7FuBQ6Yhr4e}m$6Wli@SaDX-K#?}_2tpvuYu(wd**0h9 z4%@|qL}7NVv>kHOh8BKaQ&QF=y8!9SIwvy=j*fKKE{ifDp-=}Zt=rVpF-A5hWTKY9 zC~l(Rq!stG#r682j?fTMDG-#wQe=)woAWHt0CP)iOBNI=hD@PR_v5^T~ zGOJWPkjq&0)oLUnYa=yMLIk;+ZU$nLHJ3^}L`gN3qFc!(p`kPNjE)szOiUcCC0j{Q zk&!@h@HKQz7gJZ?`p`^*Mp{Tkjwtt=5$19N#sO1cNwm;WsI%yAFkq<9Y#shaq5>$+ z$=R4DC~G6(@^h8odIMRZGsn){0VyG`+H6}uz^tKK)MXq8R51)VV)`6ZGr>}uJUGXu z$C70?-RuIE8Nb*&s#IwOggKgx6DG>=)YkA(q$BZXY9i#EER_^J0I@ESW}HGaNoH;d z{b@Ki8yUZ3BT1&fru3M>LjXm_KKMG*6aO;4QCp7|I|}@{6|F*s1O;ro+n_xjR={g!7_-^s63 zIEJq=4ZzrABk;(LH3iYo3u52mwQg)u@IpsrUT6r4v&&@+?9HNe-ZeBuFcX=`YxTa* zfQ8&pF-k*D9lx0e)qm6mP~S=FT@fiVi8tX8vIaR>iLip_LA3Xt_p~4~y+t=77#th> z2m5>5*33hPqh_GwA7pvA8nZqKSL-K_lH*z2%=GhQRv^6t-q@KPYCW5&s^XU4&FZVtJHId_$9YbQ#a_nFEC#xj=1 z+5VEIf|iu&ZF=1ACv$7U2hDkb=9tXnEF}Zw-*pvh%d@fyswr`u9Cx74rcjgyaw}-) zVpQs}%ZKDD>XmQGo|fR&+s;-Nw`N(0@iM`+<~Rr&tRruzN9;&W^g&AMliyhokHJPz zEP~6>6(Jffz&A^{Vh*94QQFG2ZUtPs<(39rZaPiGHDB1&(39VfjlTMOi3d0pmOU1# zk=l}~8EURE*@!}oLWqQ$@_h7fHTk|$=ygTTk?Z94a1i9m+$8+1pYwI69%UODs$tgI zQQ+jj5jARnyP~0g=q!O=f!dfztY-PJhG20IQFQG!%Rq2%c4{Ibp87^dV7y~K z5$b0Xof7Q-!Koy_h8|Hbs4>5!;!4*__pmpj;ZS{Wh~BeMyK>c(ykDSq`^|5sZw^sg z#Ft5ot7s4Qy1hOBS+CjK@AaCy-d?Bq%Nk}YXQE5~&kkICg zD|)KMP;is7n~-oZqLC%xC%@|xhDJJS&W6X}gale%TcGg>a5_!pr^d%<`Cvj~HAOeY ztH)RxXPn6|OzC*ZiD*E_O}u2lVjm^DUI|__z&r^tO6jg@#^uxyWNWl9!vo~?y)&yAo^ss=oLsl2(@oE1;SV- z!MSX1{zOCnNW*218rRus3YHE)(y@@3cr9BF+|>EgAxyQJF7@P`{*(zs6oC4O*aO3iFHO&w?ZRn#ny|J?_Gl`xhYR)JQ z(dVWiZt1J4IcTkA-n@DSroHPf4x$n6I>bN0n`|nudf^djwOZz{;;J2@9LB(#W$$HH zGt)B6O37ICa}8j!GPB9LGlP~)7j7A{>MQ`v_SY_$`JG)Q^1Lc2528-MvmP zU;n#vu)nGQdLLJ5p#jBuk4zq9t>zZnOwZE_P4y8||9VOd?iI`6nH!~TZ(C-ZT4l5$ zL9E|3r0suF7`;C|vwv;wp6x~k>Z2Li?u*Y~SpvL0htLGm8zX4Dv=T4GGV3FZ49kGP zBonle6e+M)Ssn9H%ySS8eRigkpHn=gqG4)KL4<}q6gc$FF~HUT;X;nf z>8AT_C3c^?VF!ux4SXd|MwCwmG&E&CAWJ4)mekp&ZSta8!C|nxy2qH!bd@IaWr{4j zK7jUiDyKFqMy7(UaS}<)ht{49!7Qbv6c+$2Y#!^U;bl5x2} z0;$>9X5zHkl#Uw!o?j-ldNq%1X;joU2yhoQUsdA^<$=4c`{cR_OB7YnG|BudB9l=xjh{HFVwN0zpWM;s zV(Nm22~y=w3$8?}lC(+VS8(PfJw0d&Gf{v6)+e@lQ@K2I7DwwFS4c|a{{an%Xwz`0 z6v8H)D6P-WZv81(xI`Z_<^OKCvwx5~|EJeE*zauQ|NFQ;)ex#*T+lFzrKlgG51^!f zGSim~izn#?^_Aw~->Up{u(}#XqPeQ$tK2W4c-SM%+dh4gp zq97j9@QtsYMsX?14z8{v=y`7U)_fZ}n*F3(DyP3bb3Z|69``k{fL z9#A2Z=}#d;sD2sKK)zAUbsOnjXNC?@y_w1-&1T(sO$Vsf4|VyY^!|wYC3mUE!ebUN zIK+_;FY#8VfqLC;1NHXy8mPPNHf^WCIh+yw|FteG-1pKoH4;(XJp0lp4mLZi$DcBr z=}VQ7k=qEs7x8$@1gLBQNxm>-`Xa48aiN98ivSCG!AZcde<5P9{0`#a0;0Gi9!D1@ zE9sMEl7D&e&w3nQh3qE$XT9Mz7+@h@{O6zb$N8K8tTz%<9lVhI`e*&ihn!tZ*1Jh|6^=zMhVQ5lfeAX*gQA$}QVK`R!i;J+Vh2EFRUr!t2q^LnuYvY<_5VAq=b4q)Z|od2P`CHI zfp$CUm1iaI>~$Kbd(dkj)mo?Z{9xP8@5hv9RokldL9&!AatQMf$3v3PKe#oiu@M|38aU_doW}2dihQo7>{oS(rSzQ}X zRnNJ}i%_MsKneiaBu1-F#LBonlbGI&c^CH1z&c8 zqz1hHzI~K?z>*JU%$BC@a89se4866Uv?dCbW`i}pFJFbsEh21+F4 zP2^@){2vCLGl0 z=?q&xFzMD823sf#*T=!#&ZaT*2DmU@{IiZdNv~7xz64hn5*K+UdN>^aIGy4RyWg;T zi_sC`9tmX}Qn@nMe|A@F-^OmE_3-^}ucDsb-7x+Q z;me0Eh#gPSe&;(fDU<~YeBW$cGKqr?W8X0L*^Ir{t;pDSHjI74*f)%QK4XV+C`$(N zEyC)jvvBm{1?sHg5XjE#*Ja*sv9MLU(Q7yh`Uhd)Q}uEjP%Mruv;CCf?j`009sMg+fHGp zj|d%(V8MEwPIOz(@w@%>w|Gx(@XQsGcTtRXhr5lVKrz-ZVY6-SprEF7H#}Xcvuv1q0T?YK8;nod)fQN&BRIQ z6Hb6F3wx9x6X@!T@at};D#LaVP)*WnEjeazTHQYz(Ln*(6Au5z3}R}4UlQ%^YGC4&*mCbB zG(?OrCw>VD(}b#*CpQ;XT=3#?tP3s{l0Pbm8xWtL!hVZyX^wqe#!yK!Hyvt7h9s#O zb1A6NTyk%hljwwYe)w1be}ZpkX_I0>)J2dA(P^ogJe*Grf~l)xlW+2xsA>d{4!i0H4zn(GF@#)&Ca7| z&pU%ouinVNr&E66mCHf*vePNP;^eM5uN5%rAqkw>R%c3_ojZ{@3n3askyA^S2MmBr4&D$kZX*JPS3lDkr0sw+bFHpa>C zO^ig^#)#$$Ul)S@n_P%^e9vJscb9~-4q@w*c!XYOic+lAOgM$B*#&H(ic6>^qHk*r zXIO#Pw}59^%C*4a{qzuI;rALu^rrnQiqx{l{BAA0o#mw7AH>4@l`N+l`|cuga7J|6 z*mv*PzB^9<&j-Ml2;k7y!F`)|H)3{rb0cQ2B4*?3Vb$z+P81@9(wgNiCz9NAp!zm? zu+lcn)%R%9Jh~}F zGcBPxBj~~N?^`(2L^DsEQt2!AWFvh&Ea?kv%`uSWN)Sb{t@nEYOZhd-Wy?rm_bzF9 zQG8coRr#VqE?k1)oJ#89Tr!Ozl7(CglOR*LuX7HDa#jMt>XO~@$#2Vub%iLOP55OV z{K^tvCi@V%f>hmOydVtzh%#Rm&ifPjJV*@7F^lRItkQ&|ZpY0ynko!E%Lzlh-JCR3 za0~Ajg(2!gvae-zg}tLCqrF*7JHkU^KtFJJ>k>H(o?$I<;Nk!n0N{uze zhf|Cb$ff2&avBb^{X!H^LVM;Ct7L&qcEM(a%T^e2*3qMUR&TkW1J9;|XBRJw$Crec zFCL4;0!#NwDVdvvo3U^|&04s-UY?V^4tk3v3BAdWyhfe86kpI2r!3y_dKb@^zBx;9 zp+$VYS;WF37T4i&%Fr~Coe$~uI`+2>zFuR>EW;$JZiB@M_{ zr=@1Ia<0{dCCZ5r4)*TrH7{pABjY<;&-*2;KQHIJ%_S6{=zRIcD&ka=Sn0-_ zWp3%@N3s9B+e>2;i$GUV8-FkxOa-G#yY;laUe!ErR9Rj*pP3FIL~ucFBg)Bz3G~wE z&R@lsgoi{Dp#%b8=0&MsQ5LVc`-lm-jhYBf>0A2|G$rg@bvUCo$?%F?1VjoFdVCVe z3y*NA=R}{yUM>Pm2{@Z67v%W=G2xO9sD~v%uT+1NX05!UP*FYK)8EvEHzH&FJK@3{HovcLE3TpGwMj!w&dY~3O_*NNvLxduz>GW~A-T;_ zESG^<`0~6q6Py&-s`2&KQ@5QolDJf!I?8jjM3#Ddae*_%hFuAunh;e!^)&Q?*e6G& zCAjUfytiB0ZEPF|l9q&E+0_cmKAN{u(B*}WyPI2ddxXWPfy#7^?IqW_B->cxAuOi& z-xkJt_Gw`->R$QF28;A)od>ZX=enU%G46XtE%yMlKuf=TP^COBf?;{Z^G*@%)AY#c z3=RS$nK0@N0)86^xE$(zC8Voripe5p#QY6v&I0foK-gkv>s)LtMtrUbRg(&dE90s2 zUO~b5k{ah%MBd)RKwkLo$C|+$ouZIP&dGT#?55eZvDWrT7Ist5d=^pf3hYMaV>2Ze zRy%U_LM!&e-)^Q(eaHRL8>fHoIe&NEA3GiQi4zgtbN=r7dXIdxV^F%BgLrd$aU0%u z8+Lo??Ycjlw6g=>h1bH8nZAEBNY1HWa&{vOEqAKi{QTzq|B2ctQPi?TzaE1f&`DaV zU#F^6?Mv-{tm)!7^hSg?$1J3haT*TW0~!#~HoKw;5VXx^Y>sf~2Q(ZuBf>$E4n5NP zQ?PJWADvF8v;Y6G_wU_p+sfWJe*WgGz$3RiaZW^CY|Dw(&VG*Tq;1wtTCdpce)ccB zzZfDRi8V#C1Zl^Ob6)#*VE~XI35wLk%B8^SYAg~22DiarFf*USL-@Df@0b1^4f}(` z{~8?j5Br1Ra4;DCSATeP*gyO))ZbPkm!*^@IR3Bx#&wk&_k|>}w%@(;f+#JhdOoah zNX|BpGwo^ECDe(%NIH2moPL$Jk)O`IfNMka2W_510^umt7y031*-SQ(y_nQARPha) z;sC1^@%5;AAv@=X>Z^Roc1HHduDWY$s*Z3#d~L;ww_35<;tQqHHudQ{-dob;LAA5> z)er2x(&oZI;2;PSEV*@dJ5^Wgj1RU!>M#I72F&Z8nJw|095ZN^+dGpZU(1}mtvNuWI{d7JFaqMdJu$D4*HET#8 zcC<4KNCK1c2$pRtK@kvV9JF61Mf>&ZJ_LWELsj0Q(fhJ(Y=(P(sVAnv>>_fdSp z)~u(xaIH0g3hF}@)CMb9Nh~h);YFBWA9Tbh!B-?e(=bM`-@)x@8qp*sc!9uqDW)h1 zk?^NR7>OMba#9kw@QB~As#TT)y^2Ra#Mt%tu|aL4?#8it=cs`dsNOr4FdB;|32th6 z&Q;&l9)&saRHa!H?I4S2P&II<1r(@@Yfu;2pw4@?J|KbWSz8MCp*BYom!K4xKy7^` z5J3s=P&x5@C^M#4*?Q4ZQXjvd62V|texn<@+9(DMaSWD3GN_AXusoVU&Gk`{r7yP* z`%i#S-#&WG{-x4VmebLUrLL)Uz_*r{#t#kD#a=eL)v|qCUWcR_j;^GT{ZTckQ_;u2IS9 zgGp$^Nh}E{Q6EyGE~vzkjj7BeXV1M9a;)zED|xw_X3$3G1J4_kC&7 z`Y&>a&Ngo&s2f3DOS2KwKU+clQ|qmttS?I+G|SS<;`HuF)~*M>HG=qGMi9>>mIx>F zEh!kCFby`7SXL2ORu-l|d_b(RWp9bkU$7Bj0nv5nrwhVH?F=V#BiP)pU=x!+A|u=w z;im9ryIRQa!x$0l%sF2QC!kt%A0scJXhB>L2f5m@_E7W5wT~M}Oizr&WF)4%D?ew6 zsYU}-(Of=8>qu0eix%jwBUHU!#$Sz$Wt2xozA6>}<;hoP+2)19DLQ=5%`1=Izt2`X zMR*YgGlYFVe`bG9`lt*oVRi9pP{6)4^3`_bD}*WflfA0 z3i1*c+7g_kLX>)Y*gg8qe#9gxkfHYXQ4j5m7Ez^<)O3yp&!G-1h{02dCY>Pd~O!#_Jk*hZq-(1>dHCaM_`?Nf?qb-FDjQfo;f zGU8AhGbd0~IblH41#yi;WHeSr4k{J@1;|04TD_D72wq2KY2m1AWELZ{h}WNi!P8Fd zoF3;nGEI}BXnI_GXNM-YAX_~a-|fyY3Vrw>Y5n5lqLP}(7)xdCGR9IyG%6QwL?h)< zjXq}s+34w0BN`deDDTS8Sv1N7Be+>v!CFb;?VuH8p-kA>|4*=w6g5&073f%%43Npz zCnTezDr(iCDecx1w1v8AWsgwy13G;be5Hy-S{4^obhR2Mwe4`oD_7w{Svv@2UZm|P zpL}t$>&Z2V@k|Ljz`EMVuDg+4UE)k`6Jo?yBfb{id{N?SRkL?6Twi(}HA}B1DhSVD z1kmjYpv{7xd?XD5-uXBofpe=~EUqC5?yn((Hj=WLSo*mNqnL{;EyHVkE<)BXY6K_G zAxI3Ck*~~^X@%y$tYBp+RjBZ4Ih;ZTVQn~+FDe*oWt24)XHCISsA8=(#^kOdjWlAe zwFoF*3nJ2pyjBO@Q3Kww6n||Q^kfYjOc4;KFv;7?tYDWn^#V_t<*f#oqDM5T8>=O_ zFzQI23uawKh^fbjS&983aa!L@D6F6u&QF!8D-36!Bn6h%hBgm?A1n5wWF&*;2xWDT25Z@nIB% zm@;m*1|_Dc)?ziIVl~BDRm7MgW=s(^M#YWM4VVr+Mu#6GgHrq`qvD?Bz%243fhBYJ z!}pV`pXvWE+Y(en88&%7H5Q3UyHB|D*_FauGV2o~Iy`9WE}>bKHf zWV)qSOp4d2O4U5CaePH$T0U^MTv$hyh4rMxx~j1&A>M2boi=#VkKT96OHNhFE9$(` za`EU-q}nSL4ktQ2io9TU!I$bl|E59DBM(||RzgXL0BW?P(vT>lgStsoQ)rBXS!1C? zwNUN4Tj2N4ae~jJ=Dg?_Us3TpVGs}}AqAnC<+|V~s-+%}LYhpy3Oc8F{CyZC=iZ-C z@KOKULXMc|zJsSrK7&qqjiV+7oIGu%CCpa^4)&+sN##|Tebm^mG{W(f&u;(;d~e6=iI)Q~anrw64%1V^a9{Q(|&8v5y? z3JAE$mBqsW>LPqSd+2f7iO?nQoG8uo{%}S0VG+9I*?&5o>y!UeBhY-Y0?m^x2{eaBpwSj;1R8B08i7XAeqRC&O&460S&&5--@bcI7AM!( z^I0A5z((%F$Nioz8z7}+S^hFI&THrZF6J2N#z;4L9;3zi%7mW5XiHMhv5|VTg&L_x z+lNN#k+k23)RT!aaQApi6S5F)E+ERdn3TkXt*dlG-ob}F_{}@)`=Nt@L?{cU)Q69ih=gCLMoTLX{X&b2ZABUA z$jCrO1~M|x=PUyqZbt?h8W~7isF8t;4D@MaAn;mVTZs8Wgi|KKaV!ldApm zTJp((kx#UR8u>)qheke;wBM(4W^F^`$6Gdk{z3&Hqn|PIkCA`AYWZilB@1HX^ls!I zBmaCY^3NA5u^5%jr$LO-OADKB@}+L`tH2}c?Ec#Vuo+dh*ET`&2J7S34EskdpsD{N z2sT=op%K<*IXI1<&b%N80O%as1N*4BZL07!N98xVk^5rdYX)okpOo2MD|eEOAz)fN z?w@7StuMYZ6a^W8uH0w@G94;=G>Y)V3&Rp|6!7=A( zRk^AHqn)$P=a|kXA&yX$eH6fK`vX?VMJUeOvwDn949Pi z6yA`Szj~XWpV7||iE$Ffzdf8MNkqrJ-potp>BM%zMK8+obwiO)_iW!rFQJYJro=^I zfRZ^uX+)El;01bnl}<=k`3{Z)O%*!fVvz=3a@(5|f6;{&(q0l1(pz9J=!pl~viH?q zVYw6R1-$KyGNt)hEjH`p?{1NphL0hm?AFK+Zz=jA##0<%g#9p>QO_j^BT5n!PP12T zwtA40#yH9AEO$cd{w{sDkD@sIoj3^){CyasMHmz01$^J~!hrSvJiO6NBjkG1DTyhX z#^EO!md7aa38n;Hd*lYX<@CpspMH4p>gONqh08jUJ*(nri-7=VQ{p0zPq4QVUz^vd zrM#GBAH^gJDJ%81zW*?+Le_;zh#X*6X-qWzS#8c+naK?ug&;u%P{iJ3WL*#K_dOEy z_JNv?R@PhK_{t4$0=;Od)dG~l#4nSwn?z~dE&xW3atDBaCD=4|=463$YK9~EBDwX& z4iabJ`K67hlaNK^BtJd0!yV(&j z-*n!#thHFps8~(0*5P6CXTduC*e$k2N1>ce`A}4b=+6)|L!C(+-q1|1kk8H^!|WW? zNnzXV%zwWQ{`K$gU;ineUuU!N$ogpA1OB@P|34;wq+U!GBuJ?3htAcebu7pK?;jit zOZfkT(cxj=;Q#L;xg;WiO9ICubZm7IJBp7H?0_`E3F&f}5NaW1`xzs-Iq%LeXg{$Bhgr$Wwi<*k>5}(R7$+pIDPOmF+hU9KLUkKg>m1mFfj!LX zoN)oCrV8=4xzrwANQdLvWC*xkvw%LE>yuE7S zeOv7wQ@API6mAONX5p?kBQzN!I>*DK(U?4)lEKg&9v)3xG8!FDo=y+Q!NJgR5AdP$ z^pK364#*SyWH1=^@f0794hCe>?;j2Zhfm4yXlTtyK;TFU;U$NIZhz1n99{IEjt7Hr ze_$UBpB^7P?e?FH`~A*+$Vp#oYLfqM@xtGj;&nu9s`&^|tose_(`Za&MZPHKN#c3EMap?ObevJb>TeYw2 z3n?{2m+Kyy^CEHFby^_4s}jv#+yk9warpjr9YW=YRZ8K_J&=0t%!!-&>&*=H<0{G7 z+ijAqJ+8GUT>H5~diDK15nnzuuhoQdAxcBos~6(UHk%M%k>O@srLF{pcx{$#w_;^x zqI^`Mb=z!&mAN_(QNJn?xOMKq3SEzNl)o%ddM`{Pz9JjX+2$#G-!pcd39Fs2_b^@8 znyvcDdLMIj?WtNnQ}1P>-gto<-q088>1?hX`t+X2O!k$Co#G87IL5QdNe2kTW9sU^cvXx2MLteUxNWO>HqpihvoHu zJUlS#e-~*FJ?BPahz~EChH+&H+14Jqn0u5P?fv`Y^{XzoI7)~M@&wE9oH#y?3A)Cy z$K(Nuk`PS@iZG>M_mqU_HcVqAEM*9_Ei13yTi_XCqDO+gzzb$*5+-w4b@^fgvo=^( z=mt}iT?%lUF!pvD`hIxBK7SrMS0rY{S$n9hS(seDy@?-AdW2wiLXJnH(cxh9^yy&u z^y#qgI8%%GH$^FB^kC%pVd}EhTzf8w zxse__Zc}dND4JeiG`F(3ievqgC;sSA?U_S=EzG> z7$7F5p${LB{VQMFl4rs5j~{LHa>~XG&G9usG$M|NeH0U##GV6t#$#&_J@jm1OG4>9 zOnn!Hfq#qQ6zus(;<%!rY!Kmz9BP@CQPpGbSzjVY!WY`FkrnQ?N=v+O##7Ui7UE{HE7?;azn68 z@po1hbbzudSPO+#n3pb_KOu-ZF^-69iT7t=oQ%=%_~5D9G=k1aeC;_zm;&-r1ZgxY zJ6lmoVTc4SINw>cP{bIihX64Ax5OxnD{l}|8g?`HoOy9;mFt@gZ4}ZZf0H#kv=Dqg zMo$k$Pocz@Qwfr<4aCQfUC3;I z_`vq@h+>C){Akl_$9A~CnC*uS_QxMS@O+H0j~{`kb3Uyn1T8`rBp}8P)H%xdC7&By z*dQ(n(*(?Oc{Zp4-ONc$6vEjGq>oXU%t?IXQG$HJmX4Q5rwGXQOYDo|AM_8bkC0mj z7C0&Et7#bD;MhetV5R?&vI_D!FlXcN@{D~x7#`bwyKfJ8vEp-B)0{m?3Pl;B^VL}d ze1!Feg-}Y#E7pCihWz|kT8J=goG-vK67%5N!|2D0i?eeJ2?h_#a}PZafv09I6c?I2 z6QfA-n4GZx3!hdFvTeG~i3#JXSWYM4DJi^7<_NpwkCeTSNWAbUX_Ytts_8|WPUlD}UWFE%epTrgHAR7v(CZ$9y{}W!?X-r%a zBp&wZYRz^%$~p_3pT9zsIBD!9x5$|j=Ze?l1@M%dUwKU4_NKSR@}GM#u;g2A@=X&l z%LBs32FJJP;?+4~X9wu6D+2qNXp@`*4i4DznuclMLb)veb1xS2p4Icc=My+tz$^kM zN7WX)yz{{vu|+X*e~n{8qY$ zx31$)D7cD1rk}Y5EZ^MN2F8|{6d6LnGUT8r$B@86g-_eq&nhNuKdo^7&(3YV zcXQ%LB&K!}wNV8$oc|9;!%^w{f7l*hxT>;(x32B5#>d+TG1Wtk8r&GN_Ui7^S$O&DMKA$BQpq<~MwDslPV z5i*%PFVT9`V`Qow3~%{Gyiz*v-!2m&*lAGFurg5sG&E!JEqg$wQ{u35<4>VnrtGnF zzZ;{@i$B1xztCGXWKglw6vmj6#Wjgf!$ri7DxJR%?7?BT-$C{%j_}0uy~HEb{%1NN zLZ@o~;3eWuC}%q=Pine$4;mjLHPk0 zg>gyp&MJ_qoa{GSokD~}4=dl%{KINB`};b6Rr!$TQFv3QKCc``amx*hb;3miXnt9=O*tAp%)-K2TQ*pj9_s5pH}%i)wu;dOJ0_cO1y%#Sls?_1i< zIy)cQ>Xh=R9A>vuopJlECpss}S7!Rv6WYa51XEdx9JTGRd5`Eb78a3>s{Df+5-gkX zExL;f$2;jQPSPr!RhViU^;J=8Si^FQdcm5``<8ZLi50lmF1oKoo!XE3KCEvO^iVxd zRv7MD9lksHZ!P)1bhM}4c!Hh!i@_%Ozkk>-$^WC#;jxkbcaijaBjS6DX44c}76fZ1 zzgLF|Aa#!*%i32@K#;p0SXW-)j*$qj_9pa+wIB(0ae~Jd5*AFYnLR>$-NGlD&9$_n z*ys)gUf?n|atMny^|_}5j=Ue@FpcOKy?qdczUSON_^qhPVb5Ku+=MJ1p^)jC#1lFO zU+}jNQc4P6!amNL)?H-}gYL$GTceVc9j|}8Os|XJND+jA)LQ-W<`rvPrzg~?9i>HY zJ2R4We#@8<`?lNNV64CM0@n*>pLEDWpS&ScRs8t?*( zBLs(rm3xAJBFtpU`wkZ#HA9vSOo@bz2Bi%ln+{#MA$*y(ea`2|J_O2lKhXOi00y7b{DNbwp5k# z9cF+AdC0PN}1a0fJ%8aQ=?#LCo~`7zwyFf zp7Rcs%NE-aC$@0oT|;Z(2Bj^z>ZQ(7YSoMl#Og#hmfV1H$uv7veDB3H`Inc>f8?Kt zjI_7YF;n|y?|KGpg{qp8jF^f1vcd_fnEZ5I(E{YjI5bQE$@~kTH$p)$ha)ro^ zxjoo~NSRV&3563dQ|agmEOm%xEvROAYG*O>Q%btNe7US=YsxN))@}1w&Bw}g$sApJ z zvmQyD9;H4=XMEx+f7%gv&lJDABDW2nb+3s2QwO)GwCmt5%T_3%rro7SB)C>rDQ93} zi7HE<1ER;_Vyrww2tqXrl~3h4JB^JIO>mM@n;)zzHL+D(u4asM98H+YS4)uGqFT(d zyBfG+wbcTp{_!*n67oJ#n*?Y6pTdA0gewu(bAVP;x?Zf1xL}{~;m}N^HC9TdyH)e5rg^oSeEwxFJq-FwC+W63(hI!gw084$!sr(I zkZyI~E*fMuZ{Vf;O*?rP(YeYy9OcKIG82e14^ihF!ohpNOtIC4%`mzJ4T$iL5w@3n z+I1?WuudAIZ$6y9cysaY`im44W_fR*vjR=||a8^W}DwXICQN~ibOfsGm?4oXf2K!1q8NI7i zQ)*;$Eoxg=YEPw)n(I>jObAU-_s_!c@#;UKzx_>&$oJS2rdB{urVr~tmiJzQ2HGM^ zJy&1i6}fFyV6~H$P>Hp4R;Jr&7~MkHaG9I?VSH1ri509oyf}ID!;1@b_BxT~qskZP z?ylNGXTAtsba;5UG=DAWvik((rEUkpvuAp`%b%3Y)CwSF#dGd$!8;&~`3XaHxRLH(D7+?dv(EW@R**(ADzKvV#O0G} zL)wIYhK{r{^J-7s>B%;GFY_4D5?PuRRU%h93X}$Ay)rfDgldnjS+wpD(OM`jf*`IY zsdo7$w@hFyXDD5+G}W-GEL^zRYEQVlmQuSZf~r2v6;z83kymR9aE`gDx`(vc{SRND z%dNkf;Iyb5u_HCS)~?LID(0(AS0P0U+0WDXtJ0_) z8(3|7E z=uM*5wXmuwZW9ZuvRq~Y{(a7A3-VuMM6f3L@9?;6|9`|D8ToGqX*=>?$^0jaW3a{D zVhiR!4O<7QvHsx>Uh5nG)K|L&+n@Tvi>5!wYEYakxl7dFByQP?NKAl68zN1_7i2ka+?|bXa{ih%i{8PEv|~2 z4hvrths=cQFqUU8F}osVUh!}_^`=gW8+gIeNjTDKvPtF~he_y!{uo`Ha+8e&$1{?g z$qMT}rCK)Cy4hc|wsAB0PjD>pah)L8ApZ>y4$Jo6#|H-gX*a3F8H>)&RWtCCGjxqO zm`^6#31bq1-Da=M`lKs)3l7-ehpLWAqj>|7KM-#^1vUh^^y1Tq$sN_X2pT5NV+?YKCrAL{_{1yeb@L3Q?^} zv}SO&ZehQ@efYERRH)sF3sbIPBW_`H?0YmJ0YsNNIwNW>9%h$Y9-%na$ z{|A(3Zx)0xS*?zS{l9;7a8!=}J~H~B-K0HqhLeQEJhB-dU34=i0h*+q?|Q)uMcBE* zGeWZ{@RSExqlnIl@1vO?PB@G9g4tsf6CWquH316)Rk?IC=j1g}rcBt)s#J zb9iuEmj4I+fr7B_@c~5vzkh^Aa?KjVrA+3Pez4IAdV7|kRG^#`bg$jTGhHlJgX{c59KLo@VkR#wN0;CX^ZI#4HV1q@M(jf4%Mc1mU zOdbTqB$t8p3w9n5m%kbfpEpsBf-ghXivacP_oWO;blK2cwqn9GQLGiY`8Ji%8gMv9 zmsK~y%YDnbP$3usSMnWp@_{w&<}43qOmE7Tt(ZD*m!ijLSLo6&_K}b!Y|GlKz>r)N z)b=b*_uRxiZH5jx2Bq1@Cq?TEiSbG9a$BVOAxB}jZ5uij?-DAJri1VX$ht6aL z=ng&4akJ1Jdhs4FBA=i;>kf5ULgL?U@fT#c%%;*Mx@!rVawpaWEKyd5a(tAfsCY5? z8Wh(e1;hsqAcOfaSIjOxM=wPn&%XR!6x?bJ3vUC?w*rOaA z!9~h|C^-}g=Oy`;f=<}3`B=BOm`VHVc06NB{xydql9}y=377m&Xa8`n^I9uj3 zqd1|sE`rayBu>etn7GA27{!4o2rUJ9fHe&EO$SG?Qp0J^?=$70+B?Eh33yM;k9X+u>A~n}xgA0e%Gx4hF7xq`oGJ^(D{weiUtU%*d^CZO6*M1Y zBc1)37THICvDCTDC)j09bp~(4+SlonTBmy2vlar}Ajg3LtSp!!e6$oeh$KWY;XAlk zPgHE^e2rZSR&@zKGP#0Pa0xbBB`OLUWR~kiz;~63*GdMmBV-D(7&-Ke^ckXZEwMdG zwgTAi()yP<-7}&#L*6Ng8iEbw5{BZCGt~<@Ho7R)*boG22b;41mhs~9{sR}g{b$D`b*g}4Z_DW1EN;D8BcinH^jKxT2m z$Rm`aNde4Vh6Ti3O~7-CG57$z5dI;u*pzZ8BxM2FncR}&&OtVBTDub1k%T1Lm0NUd z%LESAR56%E7diC84np#F$6 zyaY=V2UxN8GD{p*^oNh7qE+)HUOJ!y@l{X;cv3f2zWZ0oQ;dwDIM{-23%C_|7=2jx zZ+{a-6zuv`X(or8h93x zlm3%_ft2;ek`t&O%Bme&-9Y9AaZXth0fQ== z1lFSqFB-!rvBk#LAzu{LmG*bG)b6gx?Hymg|KJPQ0UZy&t-JAj*TJz1=S=Ldqv#_W zS=Korxk@hAHg7>Gmlw7VBS-i_6i&c%=$1_5Bu0QS1^ZKLUO$gium4vLiC`irulrZW zfp5J38R{k-f8| z!NfK7y)X?tOs)k|d)>shq-ChpU9Dl)d5;bT_VBa17F=WfuZ#oVu>MD*3jV{vQGa08 z|1Odi|GjSL?+ph&!?0Y61eI5()qO5zc#6dqVem_+>?ocR9BAR+M-gSEKun7~00Cc@c38bgV`gouD3 zv5rxPW$yrbsd&qBi$%yk)PNCV*Y&u9IWvZ@p2RpIvs(@VmsrK8c`v>ReOAXW@R|*v`deD>z5gY^ z*Vyw}gT`oJS!J};J@hXom8IDCZ&6H~aIqi(*BvII(5T&J`oG)&pToHe_-l~!K-J)c z0d>4ErBJjp4?QQpVN5BBg`PrQg2n_>0y1LY5Fsnl48A_N_Tn&D2&mX(j(jgkd=4?2 zk@6VP)S0vDUweUfl}<v@2)+WX4Pbl5@0+t24zo-1NXTd7SME}R) z)UpV#g_<{w{aZANG4#!p9iJZLUH!log|Y+B82(1ciPA9|_WKL*dqEbk_>TIoJ<&pb zC@Op~sD5z3KCp@|Ec}~up%A6$W=;SQ4wqb|rLK6AUBFpL{8fVU1;xF%*(#O6^MIcmgjeHK zB^`3XrS?#I5$m3neXbO5E1u7aCm4)9_n=|C38G1V1C`{P?@mthIR!a29a#7ES?D6^ z01o~bShBSz?lZCL#)PuHyGsy*}qln@0quFyJx_COeDSk+L@ zj8&dc>dgX#(Tt5Gn6FHyUch=zK!CDY1Ystuy**351U9!PoaRpCLwJHR>)hul6Ti;0 zVqSu^nt1%;J#kVH!o^ob2fPasFKGS>{JU}D%)j@D?-pM0mk|0;nmmJbaw&_7BKk6@ zyyU_{xm;d0-#@#o10gCP>-3X+Ta=-UU7;xlWkfdCQRq@D3SH#`4v5YME{UbTFx{?8*y5wl{{IhSytwnjFuI$% zcMs=x^zM4!eT%z){&p8!FUWuXEj9 zW{doku(zl9y7C;oLXPpkKC};jBtGsugdeX&Ax)`TnI9D*vWeN16O#%W)F^MI3A$IB z6MQ<{_xW#)^MCFK_|wl9FV5}ceX_icCjYhM-*dPP z-!E@op~)?iMFSxgQz9L<=~z0%XLePcpTq&VQ}z_JAwDoT_lPC^)6dUeygU2(&Be2C z9w;K2dU_s?$c4oT^YaM8DH8fXMuv4>mh&!5tKR+yBj$NBEB&DfZEp z)yVSzuVuf~l9y+tcJN!Dt+&QY$O0N70@r6^E_)_^eCz;q&OAiI9OfHA4C_czX@%+V`UtgYT1`>+jco^5At}ylw zKFA^WmHxE7V8(`=jlLIsd{7zqyjiLNlN?X!8?T=WnQE-Xaz6X{IfTkBbsh+oTUZ1> z>fk7P*8Xe$;bVc#{7eIv->F?%g#(eYm^#0D)JtU7X69Anr-Oc9#yrouuy7DBQ^ z7-Qvv27(MC%o9I2VUc8Tl)p$V-2h+v2L_P&~efcWw=Gj51 zYx8SmSfi5Zu$cov z{wxu3_HFCs6batM3(2@Hzf|RlNnr#dOcl6Nn-MRlZQs}VzS6D6F_JH{E|z&}Gqf55 zww=fy-#~lD&)N^OLTA=Byp$pz&uA?H@2^N;6njB3MV)VH_gmU2mB#B`W#ZNS4HHs$ zRU`yWF!da%%4$EF((fI@ZA9f*1I@dlH7Bu`h=@;FQ>7LC$B&knnT6M4*R)`MwyhH~ z7op8F8)~VS(+ACxZ%Yxfls^lLTUj-XIf<)wwqjDn(v0VV?ptN`h*s3i6?H1}zlH4t zxeh-uR;sU{I+U)%$mAFtEyqfwA`VX%@$V%-7GXowxl2Cff`zf zxBGP!1Y({QmT0M}j`*V@mud^CTZh(3W-h0)VlI;LLrTcmkxK$N&4BZRBDblx7GA&( z#uE=b1VMCKaW5329dB-F5GtxOrB}L*xinqb)rH+va%=kRQ;R4j-DBEF{&&IMiIN6u zz$X9y{z2LQe>6BW{{K5k+W>KHr_@*$CaLAgw=Qf_le}c-kv9v`lj@^P3DwkkQkIM) znaNTW6-1TMm#l6eOWEe8DlL`1Dz>r|@N11Ivn%xLlL{`PBGIY0zgf15r4;|NDi5k( zYr@-B0)Fz*)dV&MOadXtESGXt2+6vNlx1s#+JeMYFe6c^DA|`(XF~bg+EBBVP^jfw z;jC88ZE(RAQuARY^lCLAt#VaYvgDIV+|zZ|3QF4$j#dps+bP$1rWg-azR4{Mi*aa+ zc+yDXM&o2|M{(#(>9gKEqzT(j9ep->OS4?`mR2&|kcrKW4!c6nub@>oDR-5j&Ti=S z;fnLu+1wcnwS$VvxO2-8dMo@uQmM70ELM^sg!Mt;+OHG~!maL;DkN|{C@{d5s7CPR z*Nv#bNFQ}r3C~yUDK$`Ep0f2)iItZr;4|yga>I3j_jvNXYZ4Gj&*E@Gisa0bB>I6Q zCwI-<%T$owAL+j*Utg?@EwoOj}E5}T4fOzZ}jyGUA@#VgEZ$w zmsh@~QFV8aR1|^os(<#iDJ*RVqesM zc|U#7+)Vv&*KEw$Tb;1I#^kAIb6>)wYPa|+-LF?A^LGVPUuCCJqp%b*13VPW?o!uh z#=!Y0Co}e~4s4dY0T*J+NE=m*jmoJ@f!3&$biddd6;zE1ZACzh<>Zy{QfoJI9YAU( zkQDOjx9g?ft65jwl{emz+bqas)aT#HTrHqBmZNVh=OUZ&pf=6Tpk)iqT@cqx7i07q z{8=_@p?6qruT_=PMRck{XGw1D@f!oXRy|$N3Ds$X z3J%HQQ9-%0Ek?c3`ftGfk*Q(*4@QHk{olyM|JX^YBBM!f^~EkRe!jRXL>;DFx#!C6 z`ugL2n-7;;kM(h7vlV&;?mMg?6K; z7LyI&sNSyaldS)Z_3-abevDSVkBqLuN`TDEqZ>|>kjf8qr$lLyLdph^B4 z3`_V=2mR5=*njOLZMyzjul5R~_>Rw(&yfv;J`r{Tk`XLvoP|)832xjJnofQvjy#MO zWNKkjWEE6=>vYx@r0LH{k}+wWv?>2@69%w>{|}GK{C{}FUK{?ugS1WlFQPqN4<;nR zlH;F+t_&{4&F8*8T|frL8hh8CPiAV+z8pLU!tKQ5ntev7gZ(@lQXGZ}4_pR;oX=!A zFS2ZEfiePPOx!eZvBWzF!l26vLjMgh|G~v2qe!XoF%&XM6LdqsJ|LSU2B{$CNeUAavKrK3MpL1cF}|E z*6M+LB5&rh2Lcs|xY-j5ao4h+Zg>;i;MhGmdzpX4<|9o=ATC8uee5l=xAGd3J*dX` z;?G{5o#q{0yzm#la~*CMExcfiq@H$x-}AU_M}<&s@OBTKkr<+l3*06VM~TgVG~lBM zBbW^v#524hzRzPNu=B|nJ$S>4Jqd0ffZFGk7o_iH1sr~Xo2g<-S$}f}G6+h6Vw1>VACrmi_$v-FXtm#M(or;bIX6=-1P8JGdoIB}o-Yo6{}TD)8tebfi<9TCU)T$`Z5<8k|KMm?KK~DojQ#I!(jHQ< z!`U$r@Dacx-%{RWq4lR>jOI9YZ*a^bZvA|o1?g7c9UuMl^8cYL5(mVmkI_x+B?$?T z7oZ@~`ul+0?eIiyX3V5{3y)VjNL~Rk*RY1!6gjU^_sreKk-yK>WYW zBl~3q6$1C~OFRGtCgkmp#9!p_g=|x_>3m#E30PPka4;2tKc(7m)pgS`+a=!ytbd8s@^2&>Vu-T??>_O3!a zNAzGn;D7H}rXB}X6tSO?t3t!u@1Sun1DaspM-T(8(6~L07k6NNgP>MV2KOr*YY1rmO3n#$|I|8R=Cnn62=~y`rE_3!tZ@FA%1wndO+z_K}loBihM2l z_LsnG-MeX^?_Z_I_IOU0_=FwYx=|X>%00&W0G1%f7NUTtUxKU7VX_gXG<3WSpjU~w z2d#p-s2Xm~E_7N(c4N0?IootxG>b9FFZCUV!Z@ErDSS|wK5tKdJb82R8|rpN-Ib*z zK5V9*=W9XxshDYAFcZM35~52oA7~T$j!c=jCe~j8O|?LS7bJ1m1J?Bp=-G4f^18{K zaJJE%KzXvEUNGCY(M5E2s!0{% zwr>yYei7pKoFo*b5k!s7r9>Wj^(>|Hvp9S&P_`NS#(A7PmP_VfgbL(rfhwzAP8Pou zQo_dPV6lw0gHMS6qF?_jgTJ=Gf9)TY@t*+_#;pGxBrX1Hc?sPc?yHqo52|Qs6vM=v zNhn0ge6exRKenvU4OYP$GZ?Q7KNCF^sgBV~h{__{otoI-ZgzgI-?O-m5|P)!>LV?58jxW8_W6kr5-u4^vlK zTg8tRyBq*M6iqKMnp@f2MM@I|<)3}_knR^gd`R~>2BPvc@46&JqKOdS9wasoj=pe} ztX#@Uo+YlBGYC@vWd!h2?4y`ac4CJ;s}9zX;; zP8hROf`4mSx!}#Ty=7QjO_%qJyGw9)cY+3Y3m)9v-QC?GxCeK4hv05O8VgQvg7@3G zXP%k+nR#Z;d9QPwuid?ORjpN3z4xl$`Y){pu3M0FNAg%aK=g389|Z(Df;0yh z-E_R9udhHf^*`gM3Cc7t{0xYE!dlqXVR*Fo40_xFqM^k(Ao%ok!q3z9O3e+kxW> zC|?Cg+2k=ofAHRPk)aW_XHd)oDKl~w2_Bv)Nbi5)O+V0+ZJ-jJCkXlOJmDIV@P51Y z3b*cp(~IZXRX}t}y_Wm*ksh}Up`WfZGvzC7XcM+HNil0?%HwFUI2fr9Jc0@UR&MF) z?SiENwMpd@sFYA-u*h#s}~CW1*5{WB3+o%E^@ati@Vs)ydT}49+@_ z7dxt4F{}tjwSf?EUB?=ayA-o`E~#3PE;clCgK$Y?Sd3yQ(auQl)v{Bpa9}l~r`|8w zRJ+w-f;BK+LVxJdm~5Bn(PMlRMZF}4#6FzLEH>{AI={^zgk086vmOxx<~rV?*WW!d zvHKgpC`;Qgc{JfMU>*kgiNS*3UpB(+s58fm__AXzzBMmLZi%KPmRt=)&pc$&ywUg} z7HSO9G+MzVQeY#-IK<+L-BRhW=*rppA(`1&hkx!}iTgV?>iuqj_gVw}zESQB^jQ*O zKLX~K2;NB^A0PyBwd}5NNd~>9Qr-vsSWJQut@uNOGL_E~KWE^y?;=YaZE{NNynZjs zB%H<-bl-Zl4D1Q?5e#}yzN|@LN{6ofJ#2D6{5ABLI=1c=tqY4+r5|Sphyl)Q%I>94 z4hu!^>Zs={zd{T?3sB~&mQO_+n0snF4+;&sJopMa>yC#6cwI|HzbWED$jC_&3#;Lo z$bML*{Dh2y&R^;J{;3`|V#^l2L=l|IDhbbODpQPau)%v zzO@p0t9vR#26bB4p16xZvjv7-POQI2T*y@v0k*Xc&*t`9+;2zvpVv$T$Z^_Y@kx`k(KNy{pmPSdezB0 z^3o9rLuWNB-s52P@$B5!vPu;p7V_~-(QWjiE$=vo)*$mlQ^``(B%;P4g2}}CgdK!# z>Tz4P_TQbnT`b@Min`hzyHmFJC~Fq9!YW#o4bmVwPqgfnS-vcKX_rsyxf(?AwUFHV zeF0D(7kcMavu?KV`Fh*{o^Jw9e3iO(_=~!5ZIgj7X)nP2`NAk*drAp_03D#inQgAX z`F&Xw$mtEiWc0wLpXtUQjql(u6U*|8Jpgdslm5#HyS=eUR>i&h{er!RIhaBM4MxT0 zellCL+9@~hbFq8shn|Zm>4hhS`;ZIwuHP7kRvu!#J)Vj+R@6WOXHsFF}+8zi$t!)$rG$I>A^Y%!9H@hv4sW7iYM zCgjK(P(TU@OFQh2M6#PCBNPMh7`BFmOg-wrDIfKZhdivqz?)kso3*j`8M9yZTe0D6d&z$ z7|yomAvz|_;F#lx#`EkPLg>$?ebTu33l{7~KxHnC5D7S;+;W%l4$8<`vENn% zQFJ5=HNQ3_LZ%LpyHoqDXfDb5G`%7aO1#Uap!TN3mUwA+!Y$dNYnW}r=b0>pLp@^a zdkz+BRq4Xq7I6J;ckf2BV>|$Tz9WJiLK+;wY11D`-kEjl*v+cilsKBGN;5IL3NcA6b$sLC`n$@FQ?+K z>&E<8N&BICQheB%DugMDx%Ae=>f8OCa11&hr??UH;8qfaf--xqM=|xfq_QkvYFu); zrvjxuXh3W5TfwJ&k+U%C%mwvY2SUsKSH!hK2en51&DGw)G%5@8()yWrRsy|2L06YG zV(t^U>-_HS?!s$J$>cB0)QnCdxY@ju6XpPw8GyK(-^26!Xc}={Ec4}U%BX&wfB92o z!_kIsVOmNw!)J!TRP5P~Ht5Sh)DOBmPyB9XP&+YwOgu7W||%v=U@p9nc=K`aCLhzidD7P}X}@bb{K5 zk3}Q*3*-J{luj!-24=y0xO9rc>IdsA<1P1g5$gt{8rfN0ICY+W*Ee0-#U zC3%o;fp})!rn#ih4{+VL#`agen5w;RLxVUYWE{KNdrM|b3@V4}FuIy1rzPz{IE=ZW z6gAY@rZd=I+VO2WZpzdqziEGbv034^7kS6Dl}jx^hax!W+Z`|(e}4%a50!l1kXV51 z9$!nu{=cFFrK;5aD;;<`1%EctmiY9ss*&xTSW(!P=xA3qsHqF59~7M}_uLZwe~Sk~ zCi4AjI?xRWdd8_keg}x)0Udb$P=S;oz|}~gMMT3#9cY-j-fxP>$=ewPPx@|ebx7~4 z=RjTo9_E(-lo!z6Z$@KP7oB08`~7PoMlh=CUJ>he;=VL8SC?)&Xe|-RytGUxdGP5# z^*o$F^(%yWdadvJffuUt-^Cf-Cov4a{A-3zli8Z&fQtCBOOyZ=KMs;=svT#jWe+kM z!XF41caX&uDVI6L@Mc(yd8ZL%_^KuDw!|Gm(xmno5f93_kMI(BhurV^$eD_fp1q4@ zN?vek{7n=k(1>whMptz2AnuSXy{Ub?)$DCBhy?;A28Sm!AXS8aP-Bk@O;T6#a28yk zTnu8=en5X8V3Y+Zh$RRJq-2B?+(!x~hr@Kt+;`dsZ+s*XVug#1BIHl%;@gI?9xYe?&O|1&f{YUHFrT=;Bu zx#U0w*_lM3_rr@yIAy1;C9@8jQ5Nk=^rmmNtR*rJVew=o!S2sqGre*&q#%YT6#l3F zEO(dm2##+b%_cSEbKB(RO_~{8PjFtOzhk(A1C{<6p2JQ<{ZDo-cu&u%)Ui%N7Vl3PH5(k*B7F&hPa?-CGOz*)+8S84D;vP&Qs=tOi z1F0q^KF23CVqvpT8-(m>mjpicgPXDn9Y(K@937X!9XxsL+CL^-1JbhIla!Pt=dX4i zPpCREiAErMO#-Z>WQL2~iAq=7^+b7X2}eVg zA#>7p7-rI+rf3yuYh!k9nWI#l>8S15&?KEm5k%!ghz*fL{1yk$$7XX5Uq7i5SN2da zrX|AqRk}y#6-YBeV(Uo_j$#SBEks?;BOr-t_BZl4mw>%SX(FDn-eV@zTj8`-oc0)vj-2XJg z9+JX@(-OHA;a*tJw@UK6!;#CK^bOWKRI|9^uJ+4StZ=I=6SN`gM|LK}?Vkvy8mUd!xL6l7_-JOyJDD1^DwX8{pvxZ6WBbpoDw+sL>AQ%qhqJEr?i=onH#aQ zm}wU&{DyAf37<}lQg3`=md;asj7lOWQFSQS?J5krS5<&?RbpT1`@1f+3>QztsUCXk zgCoNY>vR1tz&mv`?b?0Cf;`H{vCOVU4sa7XYnEtsnO>z2P%d6Dd7HIg_;5}K37{cA zg9|W%FK-o2f?grtAn4BGsAxV5rK;Y_@*aOyBg?53P1#%ZP{D_UP35LfNd$J zR{-Squ7QA$kC!mOt(`uCSC0^&{og-)t4q?(0j>u5vXq41_Q3%CJXu*mufL%GhJX6m z->$X!34BPr3|pcEYF+~pVEp!hU4L&UpH8v!uLjfhkp61girNnlgvF=6|)!F`xQs{;|x-UdFxy`KABK+W+u%!@pYl|6&^S zbvCbn@|!Z4YWh|{9v9#f;QTGr^)K!TJS)Bb+4q1xkaf^U|Nb&?Joo3_;xDV{6?3!w z(*jPjAy`cYYEytrND8z9P0#r7(RZJJp8YQd99)iVJB_Nkd_AT%m+!gXs z0MYx)d?7FJ@_*^5J`1oe0t`U;*NzbWUsmkzSuC2rM)X_O>91jAH|I8Iz5-^b>&f0D zP=IfamRCaVpo#h~ylC=2|CRhxe*@gCre8>U*>%YKKduG*@yxT-U%71meYSvBIObEG z-9J`156>yVlf$2V5ws7*{TTlHM)smvYp1LFt^*I=EAqa$)0glJ`>)*HvJU(x5$Lc6 z1X=iRTl(TN01Lc#0H_)P+DHDsd3q7!O^DxS5sF4Uyj>dy4z#IXKGw$q1$c<#VnLhw zAMm~3-HdIciYMUpW42Fwhm`6aI82whPC4z&yaox6 zY+zME75BO37k*Fbz&Pp!&BKo43D<$_S%3oRWB5zo`?V7^(9YBFHNYde`SEhOu&u_| zC^uw@$`^|LZoHH>Pxo?dS>82Day%1R^ba|&_8;VYx#Z_Xt<#qyffeE%gI{LhN<^Lj zGk`}2Kfa-*X2KY+0H^dSz6Q+Lvde>I*0cPV)U{h?#rl>pq5S^qPr5t9F7=lHa)jUF z%!7)AD$(!EZjvA-Z+760M3*MBN}0Oih(?d4{-J!3 zV7vS5-qxSCl0W}KW|=iyP^fo-#$8fuk96E~!dQdqFl)L{Gyl+EzWFsa?IdFD4dsQ$ zam@z2D+VMo#9o$=kp8oT6CNiMeOGF7p*=+V8Y)DONS^SMNoe|sL&2-p?bf)}FA77l zYmK5j96=sWkt0zO>G|m#Fk*aWF9bRD6Uwdt?;O1vw&0SFiiOPZj);}EPOGZ)=~9RF zW-h_3yXA{P3P30xdj|IQn8NZEf zbLpTj*p$+sJ5T07hJRZ#n8?}9eL%!C1lv71FgQ9M5t^N!Oj)Hx@f)C#vldoR#l7b4 zE#%hU5gGzZXYD8wWGz$jrlY!Myw_dW*WTB$`U1d~aMv<>5YT$;A+H?+?+%OEV#(^S5#5(4!4J6Z(o_XZ7*II;%f(FBV!l=Z8UrLdjT8dNIBvCi# zI>;M*X(m&MvT(`=aF^3@%0%{}o7k|&m^d6gq+O4LM z_J*Pl<4(zBUN+7^^5GH0_Mn+ZC(uD(^-&%q6ZaocuMkI1Xa&w{Pfzc6>F2=c5e7Lz zBP+X$cr2Jeefn*gGl>4ywUnDA{y9pqw&7^#A_4Q+_s#~|_ioG1ePAN~@r%FBMTNnT zAh!X0YnqS+;xL)ho&vZ?{(T(IREa2;4sp&MbbP9m6YeXq;teeGW}#}4Z#p3KaMn2@ zn~;L;;oX!yh$M_zx(elC-OIonESi?;DMfUo0RDqA`$3b$1k9(eTZ!WWNOcH{jI(KW z1rrp^Unbf`o^I#V{Uy#z6frR+hUvG2i5Y}esRpw;LoP1UtW03Ec4m(_6xWa2s^3*VoXgKP$0(N89 z3nLAtCcWjttIP7)BZYJl&=|r60e12$&#tiuguPr+=-?n}8JCB2c(HDzZ*U#F(CMJo z3OwYgr_ltongua?p}M|vy`9+RhHUZNS3_B03t}Ge;~Bb*u^ne2P*x4vm*)EV>mJJM zC^Ua)x&(BET;8hp797u5K%n5b-B4%!$!B#*u`WexknmBB~NhjdqwtQF0Ljro;7pg9*|1rstp&O&Piiki4S z{=mGzB&Qy?CaI}Ji($>{-vqnXtcAti@rEs-<#j0GutpY${pjc4 zGq4=KsijnId&|oOI*fc!<=#yFehFloabp7NNK# zwAwV+VSyYyH=ZLAVD=8PE@7!K+Wl4NuKJM7f8t!s#TLF`TT{mURY!1Wt^=c%L>22v zKA8Fvyqsi{mxc}(5+jm}cEfj%^@PBy`H11N9PM>k zb`&MGW3w7;W+vI9AtzJVZ%q8TU!)lFaZx9yY_Z}uv0En*(Otl0 zk{dmfm>E%Q-*%CZ%DKy;E}_I6+{QD`ZmHON=<)!*_HK(0cb6@_ z_SVdFb_>AyX6&`B#uT|8*oF_V{>pkGjnlNgH(Hh*_F+8y$moNmQHNopfhK2j)#iMu zEZ<&&VwI@1&n+c~t7=BF_XO%wiL(q?1ihoq@nI&GI>rqIwVu4d)kTOx9TyJfAdZ7& z#Xf_DZ>i89Y(95wIcx%i&3jjI0S#P$ID^!iidO;jEs3d6VEX)9-Mc({If#%r8Ro~aO>HJ9Z?<`eN zjE;d8!xxJ7G4mCrDOwj13tb)fOMIv(OPh^*@Si0sSw;<~?=ReY8i|UCupu@*mZprS z_(m*$3(Tn6WqQrMv=O<_T?k0#66EmQ&N##l=RhtiXP>-rEm_Hoe_Cs|cIqpr@Fb6} zSYhs6Z~pa4FQ&@xm7fTSP3w$BgBAx~GXZ^{(1Up|$qYz5B9n?;5IYYEz?XL1K!Ny@p;NYd#0` zZ6rgyjcrg{=~;8rh`WT<6ozHfoMzq%E2{33i6n(#xB#m!^TYgd)hx&VC5WIU7o7g zj)*`jIG`486Bp>=xF$sZ0whL$K76;Jk%`#T_<^Z5riAS#>KL}E#N7urvrYfm5#d=J za%E7EBT3IzB-h>NbD0y%i6wVRXWddwRWYE8@8^K}mhnBSc^DyHuok?1Av9l}F!j1@ zz)|mLbZ)V4xrl95_FyJv2#jsbG~gXx&Ok1P(2SHmoEI7}$euWh z5j#3%S8uqb!>DjTXZV9oF-op?s!9FR;dYDypiwtX2`Kci{Z?Z~`9$Cs@L(`+vj%-b zzJ8c>ZU3P6;X9HA#vnNR?XQ&Spw^{UuJ6f`Okx6LfW9{YJwN3$W`Z$O^AbPqkkVc? zKxI``)oHN+WtDSG=(zo&BxlHO#zU7Xp3Cb62AcpPySXD|%sdvyX3wXgUDWGe`$lP{ z`rZ5;yh7eSm4$?&pW{~xg-&c((A$Ktj)JFN5DDX6qNl+OXsb_8_l_SKmd4(4oda>5 zc=qIc{F`8Ua3S#|bI#PGb|I>w=SkZ&Tl_?|xEhp2r;ST5M6?PQR!G%NOC>~PGPCA| z1x4L90vnxM&Vb&~V{NZgBcqxx_Xteg11uHASGB$RY1e7KGDO!BK0TsU-z2x2%bgVT zRf_yS>eubuFkB^9PB^rlsn_ZmW-OI#X|FPJyYcF2xSv9FnnOFz>S{3RGOsdJ@1S&) z+y%$%k5pz?efyDiu=SR{oZ>OB(^XknboQYXu$-P+ZZI~Z?)bdY(iwlJZnJfY@v*XW znX*>-44cJ4PHrMiv&0P%>tkUlRrJ|xmc(gWj@iiRYL;7!;--H3hrITpYE9o|1ydP6 zb(~l(`0stS3{@Y2pK8tBGHoUsv)DaSMpV+uB;J%#%RY54C?ZEK?RB!Mnx-wy%A)$d zEI)rs?Q2^AH2>IFBQ15XTAq-nZ%jkVEK{ChTiy5c&h*uVWfl761HIQ3f4{B4MPHz@ zuI<*|Ik!J_J?8c+N{Y4z?hSl?mT;dIp_fMa1{b6MshER$EpD`rO2}+d^80np_kmyV zPS@wrUwSPTKmAz65T6NsT%d(Qdrj{qw{mpL^01VR+u+B$E1B2@y>Q7ZE3HS zk8H_7;OIE3j4|CIRZylBga4^ktdemW;YpcZrQ5Bwdi^aQi77mpgu21p;1I0>C!>yD zuB4ol8NI4Jkef+?%gg)qO84{*Dr{Krx1Gc-j%%R@g4fwJ z0j+6YzOP?KQN*E;^(uw*QwjX&tv8-!N|xgOkR&zIiq!B9 z6ORlYErI(m_nU&`OxllPvd-;yfLJN)}_2*Ra}a=50pm2~~vjEhBeiatN{t~S+r z&$QMJfzO96pq1fLJh+P6`v$-Kz7UZsYSt}4mUy75!D2NLJnxih4hoL$8p%-3dY+UF zMtc^@TS0PX5PZzl363iu2PIP4)c>;l&e;`FY}DEro+`x$gZL!{ECQ+p80Bs50653r zawn$3)2u~i{$%ef{}rihVR)vFfG$LqNtd00-V4hKPOdJeXYJO=M0Py<7sIGBLcfdC z%qL*Th2i8b@aHE(bx?SrFMAId;nTAf4y@brGJgl~L^7EWe922$gJ>CxH;&Ez&>qd? z`)m;1wMG)E84zb7^3Gx+yV?m^xd6Oyci98FgVI%^X~KY6UwWsZXGmt17)oixz2dQD z3Y6Aeu6E{f0gV>E21R0(Z_2naQ(6VcMGGgK4Pc}uA<%e*;)i_^^| z)IXbGP^&W5bGn)<{>=2fIPjI-W@Wa@oM8|Y{7CS&^+{<1C~Z@-Y85D zP#VlsHUt0c1#HUb1@f+)ab4$Y+#GBI54;uq^A@X z9`+UL(zDnO3j;@LMlk3Y_J_~;dJWe>5_&yWGhV3au`fAy#QpnZdepYpFQg~p15?Vv zz|ik*0>-UVDOK53-%(|3kcnPWqAm;b_pi+C`vfbeXqoLBf4h>K}WNiQlNM=NDk?&uWjQISaYZ)w(cY;gys<}%x=}9U%){v z+RhB^QGm)jejVvKKQ`@z1>FodiOsPTAPVH;NtbZ`wwS(dT~jl@SK60U{_sNz1&9_B z>!O$h1C(e>$t2U?e9)=c*w_I7w!gv$XIP1a&nChhfs_so$GcKY)}ozo3=!ceN{&&4 zKTE+!wuC_B=vA9icsMliQ}WdfqmB4wRA4q|yic(sp+?FzJD%QE=LgNI$)L#$DHDqF zL9yX!rzP$)NcHLYVU;eAts@g)bs(RiQ&UH^j82@Elr82KDy2m8@!NB+g}(*yN`Xij z9}2Si_Ns+2TjInPcb;gq;{E#7W&*RQXcSJ`BC%?X9$tp(+h`&BO@vbp9VMhT8Fqm^ zS*4I~_2O)_H6C*P%1*)UiK(!tWLva(Z|D*F*25{rbj8dfI9A$KWGx)n8bES4b+fVW z%L9CPfx|B(5s^rud-PV(e3c$e2*5XLzPCP{vJ49crP;cKZA-O~MN6iMAnUE?T6!FV zIK#3d)FZy&-sNRo)bb1Ak>HmJE@vbjXDTEUj{`=+?+ z+*}q*d7Uhpo;y3-oC7+F;`&0_m znVCj0FJrS(rz&{Vtw^wv?$V33?0X;l#Js1`b&J7RaX8tFI%+%E#6q^ZW<)Dq415o}%!Db4gW9BkbDbq+e z<;@eQl>7K7<%*3qi8m7p1$`5_IZlT1Ca`?=bEc~pN9Vg)OvPl~Q7-+hORs2MZ;ndz zp&NCtTsNnJ>o2L;k9(0efsx2D8RUc*%F%JYv$di|rpxLdb$D&nthO-$qR-5hn_)SbKUApoTqSxkd1V=A)TcSe4 zS&>Q5AUB?7#WHlQeO(n_~88rsP zTjShHNjIdT`vbZg%E}nlW_yEfkaWQ#YsN78E(KM+_(*O|{ycFvBp;0k1Dns*vlDfyf!1DSdby`qDjS&60r<mvl1K(Gv>h_tk2o`tN|{+*q;*pB&r&~FdTnYu|tvZtXoGbjnSJp!)%39lu zEV)2?o1DqWS}4gn-ssEaX8C9I{HM)wAB!{qHrO)X)!rg)0QoZCgYj~=q7mPxjqX}u z$8H4`J!ouRDULizH|BQ}^dpA;3|-!%Nkf_R2{Ns(6W9}EBgzCf2R8L9`23t!ja1Cu zDNY2!eSU?qQvSlCQ`<)>J@x8xMvUMJO^zj>=opIF;uFIJIY}*LqvFc*seuDddJkHB zwCDuL=H4M6<_s(OQ&i6EDbHt*^%`uB05L= z#v6UKAzImD2-Q}x5MY>(#v=0Yu$cd35ow(rE3EJBQZ|@M!{w)q$|UX94llz5-F)7p?=kU?UV>0cipimh~Uv>(3J85v7vk!i8iS9Nm?>X=4KT3 z7C%AgYF|`+)!dOCV8M*qlG?NL=bP5b$f!|}4cRz8u)vxTg7Lsi=ivLg;Dq*^zmSCJ zgjSxf*JRKsD@dyG3(4M*jV~yhm0ImdEG-!QlusUo zQzwVfkGI8>R-3S#!~aa5#>&GDsRQ)pezXmYVGE4D5189h8VfkScSp&(?~Arj=*YMx zgNYLA2~9n!6GN8-@_N6F;y&*}Ny&dE;$t>~S6sX1F)f>!GqOOnGRLUrXo@3bxtX8J z51(lNnpLBrE7*35&21e2Q54dE=Vc@YxpvY>s}NRxKGO4?XV4Pv4gTZNt=?*Y;kuIV zS$t@0`wISqlR_+&@z4!T3aDUiQ@n0(ZqOMjU#OvvFbYV~_rV($;J3Q*^s6hk)(n|# z)Uz$d;Fk_;gxF2vYSfvw&mzb6-GkQ9%v__wa9wa+7A^-~o?eG|I+EZOp@W-)fF z6kNGYO~OYX^GNa0CI^`Lo9jcs&+#^DxSCJC4yT4jhallThpQ&2i;_=*%D;rb<%cR_ zLNh-soxoZTq)W8-=#{*>c$Sqrw|=RKW#rlR3e{m#=2@A57gd&O{si8I(j?sk7)<{e zl9Ix2)56YNK(R_Zzxq3hO;!_)Od+k9YwxF+z=Zm3OOQ160rJ@= z4KbvF%)eDL*d92JI6I4}`hbB%oPLDQcMZR+^F7i@bPzL$s&0pk4WtCxSeZ!=U$N*W z>J*-KmJ1g>^TgOXUZ?sXNV+>*nCe0_8_v##-|0ztimt1ORr8cpIvMxMzc=m&g{6&B zlE1?rY`RHoEN8*Oi}iUrHQCfR7bKoF97A}%@RVi8kCmFQsp-H;6Uf%^%Tpm9)?s`( zcj&;*f=4brU@x>k*`j)vb>NZlHyi;0;mq89HUq18=&w$SO`XIx8Ab5IH-cx?*>GpA zXG|KbTVgZ?qKy7=2y^tWFBGlD6p1qI{3KK8s#p}iS6L}JuZ+&XDoZ*VE0fiWPP-|Z zh8++|&SVVz4P-}1+Q1ZyfB3x*Vmj?>PJH~>8q`2VEdgUtkHky+gKgNRaJUwhirf!y zR*XubMMUZf@B8JaR9*aMHn9UYxb`SzlC7bEakLZfYY%D*!`WZOs26I7+-jCj1F`oo zf(&(Dd!b|-bjYiCp*%TwA#}OOf9e(-XLboTty+WkRjip8IUOrWnKW#bwBk4D9AhM7 zecGv}{*B+iB3!<56=li`2?sf(&$I^zH$$FbTjt3^_wBw&!cYiP=||zSw9V{ zyq`i`vp}bVv1~RcNDLJYgwsk0`Wc`PEdR-)P!~V!^iu%UEPf{zA8(|mMM~j5`qH6A z4gr}c;QJh&UF6f(X#Z&?85NSRK71rd+Z_+*{`&NpJuzpevq`aSYIicN9%^}X2Q;UU((i@1Q5!9tik2SEm}DhB(JMNTV= zHejg_7CJH8Hd#g63Y{oUfVOt(qDXoaQ=?RNu9n@58UB9BD^6M!<$R@?l%1$A=jRe4 zk%vF7l0sMkgG(y@9{L;KJ%u#=vXU;@^h+0t#Em%KZ2UdJQa~8@$nJ#Xg$*93aCcE8 z4_c%sVhRh&_wT5x$!(RwmCj2Jt$bl{QQRC)mN{%X(<>UpeG{e!R-D^Q%!&+SO7Y$4 zN|xyFveSJkDcd@4eLw7)PdwB4Tblgnibw2!Dr6~)raS*g2_BVUiZEdg!m5>Q30o%12s$JB8w~0XNtxl; z)-`1Qc&gm{Hm*20@tO-dIVE0v3~bAJOPX}T8NTV+ONbv_K{o}LV;mUKnD?VQz4M>C z9NOb{+WaY+SIxE=#^>vH1K7L?IQ^o84EIyno9zn~(4*;*Wb2Lk{YWhlGo+{|It59KLN9$S2a`i%bqcq8Nf(no>z#eA(uKzaD> z@mmKj>Z|-DJu~H+|4~Pi93a95yOu4wOVkrW_O2EA7oh1{jhKNYY?zO84ki<7{(Knz z;{hTrHeuX4B6`9Z?6qt#-L9oCc+#cO>9EQrFIlTOs1N`eAa4BoDrk3nEXC~`$5;&& z(lszR$kBE=N$;UK)L?$leO+~#q?x{T%cq$Ha@j&m{seCSvUi|~1OC{sxf0U2VU&3v z6A?DKR@#zaaiN&u&B7VvVQOdKcql*o_=NRnBtH1b8Zqt*^3}o1kW$(1Pb7JHM~ z!D(;0Y$_R8cy_P4>a&gb>0QK2hFawB%a^QYG`NUR90r4qW{yPGNAel=J| zxa4~*eXy*40`}b0a0g+7-aEt;2~Vs=f^5QaoN5CR(y0R+nS0Pdq1~zM#~#vT`S>C9 zI2-mvBcyxN->eG~qs} z$|7m{GoGynH>MQ1ZQW_zHgM{(hlyO~^tVTFBBp4T3e7XXyzqy>-_-H_<~a{lt)mcy zb4||pYRrW=)PrKG3wl(-tt)qWD$^vw&?1u6OPqTgUVi68l1 zW@%W%sWa=-#J=UA+9#dhgAeP*6MtpyEg{N7Z!P~3{C5GE!0rzF7k>&C1-tLuviDAA zI>ADk4sJTt;U2ScpQ8*g#Y5hJ=fa?2L?nsNiE8ebjY@)OZtk?w-=!uwiY<-MZ*xs% z?xG-?jfzM7=rDB^ea1w*iyFyfM} zn-K?+c>y^3HrwDsvQn4(H>?#IzvlO+$Ge;7!~6B@#q8VSwlaf8_<;%Yx7&m=Af3Xf z7E!8aDxInvQ9zgX@AsR>yXEJ@xocatmY_ov_989eIkccAa%+nU@q|eBbYs?WPx<;d zB-H!XW^b&XTeTExQ#U4Wog-_dZwZxW3-7UTaf#PD#*d!&26G@}U-E#n(g zPWom%>N88*cePpU3{NTZ7KABx75FrsjF~A{{)Z4e9SC}^-$P%NR)-N*^z}*f`~$pe zX7w4qkEf0Y5tB4AHIHHfBz=5*N>31FGPY=FmE8EzYPWwb=FTK58c4V~-R!-OW)jc- zN#QG=(4RG*8dqPxb#p$LkQvAR$`DwBJqwaTxdanBph4RDlfp*^%nM!SJ6f$SARMP1 zh(5){QL3a_pnm1Jk(T4AdtM?UVQTuFIwsAWRH2nb1VZ2kEI1IJNL;>A34%nZNy z(uZi13<}P+66-64T6seS8fm>+wPn^i#+>%`%0F8F3te=9m3c=9m68$PtGIT52PZ># zx~R5PTU>(xNuH{jKKhG3cORdwlb8Irp*PSmB(~BFSvr65fR!@8@okOC$e{t=?Q&&R zVoBI}o7HQY)lxKab^3ON!B#iD*fo1~m2>BAW^9!+tyVa)%1FJR-D2gDmAc&!{o7CS zboGfpdjAZK^`}3x#hI*))IV>kGFC4*YhmhM>GQh3rN&WDaG5nzrwhk#w@@5@p*T#JnCbni%E|u~9QrZBI)&f@uCE^4Te}kLQR9{aaYx z#J+JL#Khn`LQLa=F1LEudVs0j{@#rNd#Yb1=@&BK#rdz&i$2tc-vlq0X##XJUtQg2 zvVzKT3K53~JlQkTNiayxx%sVDX!OQy9QzTZ&g=T&5q(DxwTcFhvFtzfCl6nQo9dHO zn)uz;c`?#M67EI)cyK7^qON8T65dOwnHqhJ5dv#yA&Fpsp0Rg1h9FxIHMxV5)DU0k z0@5=OGK5*y$~GH1rh_E^yZs)suheKaqcBx#jVWqDlK&8`#Nrv%4wkw;`77|{Ey|j1 zlO$ec?|e$rZva9}kG)s{A~JvP6OkXOM} z+#eYq|2g0-Y{>l|@otdhf1bQA>YJ-?m@Q2SlgoiP(PKsmfE~6kjObCb7dL_Loa8BG z+b6fZ0KE0rH}E!d%O2Jfu{m!elqzJ3 zw7T4kk9&Y9Pv9=VD)aZ!joreNpk=R3EpT$NIHj%Za9F=29sxL;yEWAO3fNk=+Uu)6 z(3;#UZI1sp&3|N8D()M>`{xj(!WSnF*uOFrqd=L8>izUI@P^m|u+`BB>t{Z2#UyD> zaj{pHt=bmEarI{^cVt`jD#jxv38JEW#SQ4J;j2kGbt%l&a$-}HbKe|K_E`57;Z~yw z)X25PC_2oM_f#bJ<%PZ;!}-k>oNh;z$9GKcj4=`|iNXYJ%8tDV^+MsIW<0A5HexFV zVSu~ga1c3zA(_Cpj$&ZY*mI&bRPRw|*R1%U`0kQL#6?-4=S3|;-XgSO&;+yYfi%pJ zc0`!=*xV5x@PXH5Y;$4@x5(0i>~kC%Xjpk9L6d|D1hc1!h4;`WhRdxoQ%QIPHrvVH z8y(cwQL@cV2!9MywC0%V{JiU53T+I+C&VBP%S|u;005ATHr#QjfyI-!78jKk{Zp=@ zEhtx!AsG3?7ARM717EMIj@=6lD@7M(MQP1TSohtQ(|2235TO@Iiv?l{lJJkzzs@{J z>i^ZMM2o@s){efAi--NlZYA!@y=u90g$!3f=O&j`(m;(7mEqe*(?7Y2sHMkj9SqH! zpek35p`a58GehZG%ro-69lmqZQOyGRDSRYtFpQ)`S(U|VxoSc1vi(r{54C}w#!!|? z>Z@yYa!&rXf<=g0;NIdiZ1x|##mn-qC>`MqN%7A`_WC4mGN81vRZl($u0ScE&qc%h zk@Ci^l75^W;-Z{vVpnLb6wykMR+qP}nwmogzwmogzwr$%szT5Bni;cZE z_U`^yQIS=db)q6GE6?+M4(gtXH44t1c>reMMb_&wYNhh;AzU2xpVv|9-1DJ1d0t1@ zDAv&)6hi`}U{IbsD|Ju{n$xf&rD~ldpALJZ=oL z2`^J(GSn53TlWzK$G1Tl@P2W4VL@|=QIJZ5T02d4zvOcSBcGb2P>&l(DUw6}-1F=N zIeGjP|Cnkb10&=-&ISLASyVzO2El|(&SuaDFPom0D+Fb|wN8Hpt% zE2`A*454Xyy-|ia=kno1q(KlGyhsE0Yg}o|DG&@$p*zlj+p@K`cU}~-d}{7 zQm);Mn8C$?>Qdr!(!1=E8#Fg&Zk^*imVH2~mf67%%}P#VUp(whc&_~onGSc>|CLf4 zg!?R$a_5Wb$U;<99>-ds0n}CmM-*@QD>RmY(aU&3tb0Y2b3Z@wv?>?x4h}q&%4e@8|E~gM4n1n zH!N?<%T_)>=#Ro1-70z#jOIPz!l< z;%}f~)X9?{yCSw+-8Ww+(FjiQ63L#{8BnAr`31X<`AI5{lB!> zA(!>|?}cU&KbD`Lu8%dQ8<^jE21#oPzs2BxY(;%Ofq=S%lKszae0O%Q#{%ya{GZl4SJybq&pZE(_y5}Jgz4n_zcK&*PvD$pPkmJ% z{u{RsoC{xqpFsg;eg?I@XZz#(C;6YQ{$H{DKS%g~JNrH274ZZ>z~Meo-n^#+|ALoW z`r0uV2Gq3d*gOKL+*5)9w5Ahm!N2ItBj8jd<99obb$OA!q=gh2DCdgVGtD4KWZ)9Z zJOi>fekj`p^CM^=jo4~vs;cj@GH)z zBz`kOd(E*t@)&GEWUN7Q(PjyrZ`&7T&LJbQYwU4*z#-h?zn`a}9ECQ*AZD6gTEq_;V#*Cty&MW4GE@shHy22s**O|3I-7`vC z7qzEMc+$T8F*Ei3{V4bKx|;se>vI5!dl~T0uK=iy-Y8`;m$>oK-U-sc_|1gm zk`noODc@Y_b};dQDg_-@1K7|ey{dr#c?4BAtUc+t9Lntk@+x&!!G4H?NLN0yl^o&$ z^{0lUrp*R?PjHNTRr>|%%J=9~7gBzFy{q54#o#jE(b6dDoyu9*6$B$lvrRQKQEmZZ z;g*ohPD6AlooBKQ&pxR=|7>4%T?fGOr1vna^*u_eE)&!x4<0uyMPh+Jz(n59-Ps(n zj*wz9Eo&F`D6F=Lsw%{8@+Ja$w2v6pnrlIZB~I@FNqAvV8~`D+tpR0RyGXC>2Tqn? zF=^=T2PUzywSGYRP80a74U*Ga8Z8$WQogy<)O$nwRy#y<$EFSwGcr#OePwz+b+F)}* zZK4NHt3jQg1B$y?r)b8?jFqB7zn{>YggFJU<}awlAS}pS2$9&-5CRqEhL{c8k@*z zE42sJD^Sk~xGiIn*_Agi4LB=eU)Z0eRZ;MC+y_e@f%3KIwgi=p%TWr)-v)fuyy>MJ z_ZWtD8MN6ZU^1expl3KrE}Dw23Hv@%=-Pw#?}eHAt=>;-G8zC;F1FAYcMlt97-5AM z9r+1JT#poM21>Nf@CqF7`CG()8co@vUEzK(1D7`UlME^H_kKkU4cDt$2+V$8_F{yd z(Pe_EXj@DxqEMIDvqi$RydQN%AhKz50I`AdWp%-{t#_Mam3VF?gerGk4^5Z)?$95BSct_29% zTt|g~1$GC(dt^6W)70$S=^BnA=wCOXJgV<|fDeJ*YZaVOF*z#yxL-+6=G1_t$Stg3 zQ{*9&ZyTpS%ITqY_VLlP?B|!|s4Zedl=sRA6ZxuL$ef#BId|c94E1VYX9<87Z=d{e z+9$vq$;oXM@FDJ$B3>?od;b6gIurb99hkfQ#C3;ClCa7a%ZSpOPZ96P&{tDGsR;ov z*)~^1{K20)7q~?~8wBlBUpJOHIG>@)u)Cdw0wOtrhZg|{1D$>9J!jsOxbZ5CHSUBB zw0Z=3T%=a4PCoL>Z9&B$YQ7aSD6hT}gD;0lM}VdcsSV$o8&_AXAMxHv<}M&|B+?go zLU(KX{wWF?J+f1`3xoFeA6_bm?52!@tDv5{Wz%9@9qPpo16hd4T?T5|m)RB=x`n?e{*1P#4ys{x>k zj4d9|pd~4%zY`{IEY@~o)Tt7+xKi(X`dfh&9SEJZ7rPB@4YY{%I~Zj-m1fjx#>39r zEWf+qH2QG^MsSBP>78Keior*Is@P?JqbQy-<#BNbfC2sUkt+VOBmMTgsohuwR2}~O zyt3WxTvP#q1$zdR>b_lHn7(tnu76erjR|H|?3$7eIIsJNqi2HWp@Omy(DDTF{z{t- zCMVNz!8$HJZfWeIS@gKN-Sm(Z!918@3^L{#=BfMo4|+6$TwGd1Bzm$sz;;6YAT1U2 zOH5lp%w(k?gYzvm*TY!I6A1pr12(J(N|d-7?0rT~LF+%yl?&M3f=cdGop1fp(Z0t#BacI;s|C3Lh1Nkht1bPy3-D z*E^@W=v#wZ%_#TDGvn)JX`b6J>M`nq>2Cc zC~IOhMUkum511mK19{8*8N;@HOSnT(zi62YEr`QYX*x1pU!M*!R0UGP>%CFWhIdj;T@6T)= zU~YUSoB~(^iH~ffCKD1vG6ZjINyeu3b#?%+BNKvC6~_8ZIqH4C*Yg*#jpi(W?CG+l z^9HP3usr)xxi8BN%p%0{pEw~U5I{j~^yuYB|7a3fHLLa(17pLqPO!#xTb?+EvxPIq zKX(HI@>abfd9VW&Ua1=4(IGYPg&9f(~8Qx*6aHN)pWJkVwGr$2!Q=ch0xja^*j!@70wa@k;CS(J` z^-_#?H{lNG@lcGk;Vf_z0>f5(jpFr^RZer5d|G@3t_!2=x$V`I_fk?1ykY!U$92|^d@DC>E_=^fXW!qH9k5RVrdqK*9cNEIPcHPIwzpp7BjKAqqZp?O3?cO0YhLNs_hCVg>+3z&UvIBD-!<s*bK}X^(%JEaNP`^hmuD>y2a(ft0UWjsl8iCo&A9 zZ%jv4_D!#hPG7qBoIO!thg*q)hbNm*=5)jinvzuFZE~ zJB`!$vj*uSJ8Xi6Zzx>I)pCpDP%lM@hA*Bq>a~RZ3iKnN0~Xg%uJ)xSZq*2fq`nq( zKz{HOeac!wE;}V2!;fu=!U5;j`=NJp;v{P6!uPIq=bl0j&=I=!)w5ysv-@`p1@W6Y zv2|G?s9cmhug`+egQb&mz8Bc-^00~h@$c@2xDd)N9^Dwd?(~?xce9-UIYXqM@))i< z@D6JcNCv@n)gFHD-XKD%Ix$JgkzBwJXQ)v1P|zPyN@G!fJc!gK(1Ei$|F*0Z@+<#9 zlCK?ZqvcwB6)9j%^lM)jzN(dXoKDuoLR(jMameeuzij092k_BRVk(7Pi{(O=H~#Et z@lAr1{m>!M;EMcwU3`xeC(F3&JjHz>wX{>Yr$_o2KP!h6G<)0Y4NJa4Pg96IuumZx z@-K%x??sTMXEXwwhs6l(pVB?FF5J!2)}bLvs|gTFp2CEQ;DhbKQ*OYl$X4W)X$wgI zTpLkjd4z;wPD?KciE1ITRd+YY%FBI)RBEqR5Hr}f=XhMShlzf-S?#(#ZV$Xq^s^4m zhVZvb6e5ZlGiTPoS?chrE4^sYmMb(x92np(8;emM33#*vTa#%%=Www`sD5n4ctQ6 z-(N$k^P2hR{kONf7VSWe=*cm)3&(IIJLJ#<2buF(rz6%w=Xc;s68Ey)a_a z@L*0m@uui6_lo#?BM@sPYFf4wuEmeUW~H>5w0F%SJC<7OsPg7$wWTg?>2ynmkFlQbS074G)PuAmXxVO@N3 z4rLko6%mF1_u4@i7BjCH<%Zk;*oJa7$)A)7N%BLC@c?fPvQZN$f9?WN4w7BLl%GmD zF3rXC7dU&tt(?}g_eZzc^Q5g71n}sUdr=&DY`QdnBH=n_8;R$oOKK-p`K!Hy^t`Wq zd@L(dWun!!l}HaV*XrA}6ky%-+KfMt8L`TESKS-z;Mc{hjHo;}qzU=^RwHSjsn}MG zIDf%E3~AslZnt@>u^+N3Uq)|ofF_LW&18Hh=f7Pf=jpA5n zo+GO9=4(->^VE+ZQpq*et^P0Z_bmn)WgiF2PmxhjjgbD+T{kXn${=B}#}cGf+fx_l zOgk@Y0CvY}gE+a9T_5RgD6-~GxEm0#2UENrq`Vo1gXu4|MIfQoWy-nZ_(wAkBhW+P zF*veZlKR3Ph73;D_!u!SCM3T7D=me>I2YZ1)v~v?aPMRp*RLnt8xsVb56Vkkb#488 zvm|c+hh6mXsF35}dlBWS5motBNg=qqs$FYxL{Eq1?+Z|C*Fja_W^i)W1OTS2X_h`7z<*TIdv(w4)fpU=1SJ<(DI~pb7!K6oVMMlG=(D9y%w zj5irltk#w6>T;I^z<$D66Mct0ztp7k9T-A8h<*sQcRDcY8Cek4q?N^4f0|m#-WD_y zN4bLPmnMQ2>*NZFR{E0U+qx!_F{F~Q}B*)^l4qVTn!!$hJR@;=4i{)q;6`Cy=syD^9NAGx#NTakZ z^JiLU7)CHT4Nmxx|Vupd0DrPywv zXr0PXV9M&)mQE96urj=rtI(hymnWE|-7k&=VhkD)j`|RI`1)0G?XTVGhXD^J{HrF2 zUtOSht;|p~92BPiKCpxk1yLaJdP>wW60Y71JAgk#Lwz))Y7?j;@OJ;3H`P`Z$v3ygG2zq~u3EPd-wN^%n%Ue`8YsZU1$T`y z9Ab;6eP+JENgp*B{}Pv=UD>QNidvi+LL81sU7t1YEF~4@A8=qdFxVK86$+P-tG92hQ>!_hSFUIRycri;47L(<{H65 z8Qn+RxZbm{fwACxsGP&;*`3qOn7rN_PfFa@Iak>RCSW{Q%x*M_^M`(DDX*8m{j(xOX2g*;FXF- z^u-PS0E*!?>zB!`oHeTl@{4nAjWP{M#gbnqXye>ms1)*&Uswf>j+)=ZX#w|QmjKC+ z#Np;eV_*X5!HrJ0_|4Nj6Kc%Gi9yg~qI|?4BXF*cRqK&n+9N@%OcF2efHmgazX5Q0 zGLn#3h%3IUmi~tER5rVEE}tfVuHGcx*ZeIpW@v9a)UcgO+x#7A45~UR0zPTdL<|JS zM)ApH14C(z47@RE)8#j*>y9fvequLndGjDcEZP z%PgPM00Louiz^>NFe^r-l2r^yV^Rl`@uNT#T!8>(Mpo*G4KqZT@OHIzRyo1H|EBPwCt)aHiZvt_*Aani z=PiXcrdvfj#XnXzzm2g5eD*>Ys_n~)URR9L07+VdMaF0b^5|(bx2sg;^Dvxxw|QAgTo?e?2~^h5>rC4SQfG-Dd-@mHVQc0a_>`hmC>Q+YpxF z9EcVaD;kx^OR*=xn;~|U`hnMU4Idd7EH9<6qt$&Gxo%CN!SG>XWieqsoUK}8O=!MF zzI)CcMpghVPPzk|A zhK!>_U{I0A{#c@pu7p2oLx?R1PP84`!PVwL?Exo8H^AudXM#ZuP+x7zy1@ z(?JXox1o83GsOpep|zXA0q1`RN3*U#-Y!N&91=mwP_b9?%?dfSwxN=58k$}t%_t5F z$lg(JLuI^!f`wZ1BKN;_Su)~dvm|yyYjJaXI(V-Nt$a?9Fu*U-hQYKS-Z)s$WfYok znC`Q)(4~E5qB>QT_yv~$8~h=kL&2odbGYg0;YhJ^0gl0=*|WKbLL`yNQ$6y_cd>Q% zm{odzzPug)+Fe|!Y74t&v14fm{1Y z9fd#mgjW8+YidVofpiwq<*lh% z1iOFw#A3<%=kG*F?z1ftxlfo!>R<)C*mCP#B!LYikh{yHvU`GiG9Yke|>sE`Ms|x{X$j^-%9dfyt3|;S>1&I{?LCW=ys2a zb0Gn}gW%(Iu?nXjb8uE@AK4T0YyLVe^gS!5wL)2~^=4v!m+9Tv_T1_eHn6gugHVL^ zl+%`(AF48(hv1w=x2KrJeF{?WYV$J`k)Qn^ZCq+kKla2;b3_j^4|@lfL96*3J7W+~ zrQ)D9m~n(IjzI5Tz!^t1K}zVU)Vl6CA#*m_^|Me~l2+M#*!y#OC*<+ost`~J6X_Op z2C+Px9RJo;V*XPP-DSwKfUP?SNS6XtMdap$TnVggJ6va{C-U7V3}wjlyyRqExoxO3 z)jL{FU>(+)fNy*ben`Xah9XmKDrXo%$fshQyw$YiF!sYjV_&?Rol0v3LP06)l@S-o zQr)5sc#2z>YZPbJo}=5K4D9C(&aJMShgDtoDz3%JZZd`#{hn!?X_KLhwsXf%mEWm$ zTAUT6BRMFly;t&{9ydi1k|i7w`rUl1m9nZ2;%bF{R=F}uLkBks^g&IlfbTmB;}_o} zLz!!S7+TjYT5dOZm7OJ74*vEqH+#A5EorOm%WMeeiKaJ!AH?gmYn|%zS&G?~r&h|7 z-bWr@SjX%S)e3ReckS=SP<$AosD@4js@j}kOPE@qww{JBT;?fsleK%C6Etm~^3G|` z{W1Kkexx+w^Q6{(C8x)5E!bjnv1EK4O7slT(jY+{Q_-@*5lO_d(_$s#!Wo{zG@~Iv z^DO79Q=!ZruoWO=ZEFYY zNjs^|+b5D|oH=40L@qsg7nHz8OwA^ocPJ)1Zej_kD2fylCq*BEr*e1j+=1V%{tGZRv_~L%OnC~tbsyUyx(qi?` zP1divCs-IY+ac@iEg6WQa0tYkSW_v*jX!!yH#{dR6z*58LD=&Y;QD0Lo=$F@f@&j< zkSvK0EDSgL1;;Y-SG_?(0i^7mC|220r`(ElN!}`!3hcS532)%tG=je)%(c6%A|(xi z5xpt%r^-%{CFiQxk2*u@r|*J#&r67Z${Q887o*4k>y#lz_7(h+fV*h7ISiu_42~#V z@E50lvhJr-wtLIeN;~djol?bTWjoIHbJTg)$(8rPAkW(OUr9YYjLBGwm+5AkQ2|ftxfx2 zlD&wQZhFSCdVo(IsfqM_FYMRsW5N0g#9S9bgZJh6PHpzHqX)> zp5Z2*%VQg3q1;@Sv+|(t+Rjb!-Ht~G1l;$GWKK?aHyIMbQhR=%9|aTlL# zPMvf%k72J@u#B*o>fJK4J4kiIJ{3(y0jnS0^OHj6-$^Z-U4d=9f)}t*ZshcH#_}iX z9Bz(2LnJg?D)8^hY2|k@<#XZ^}Am(gc_*W6aXJvc0-8?-v1i_{|+h1(dJc&MShAIp`JHW7{4Kzoy z^T@-gaTI(veqGRGR?o7Xk4 z$}hDo`e_mJ_}>k&putc?uAFwjdrDnQY5YO$#3kLuCH{V2AEE|~bZPD^wvBII5)V=K z`XXpk^Zw<_$iY9C(sB=7(#X)#P@JJv47%svlp|RQ9|a{ZMvD0tg$a|1_ALAPI-l~W zZlo9U*q&G3Q|+M$=WM9`cV_3lZts1%0aE4`R^&A%J3ZtONCw9a3#mM+5~X|43}gON zF$9D`C2bM#s-)kJz@7k1)|h~M(%9AN0fRhr{|k#&z=H@U2DL%0*?LT{Wedlt%od$IIc=1$!c?r?oVoP8j8T) zIM;qjeeIm1-+ex_TphmsN;DE#gOi*FRu392?&mS?p95tG-AFH|Y9(RsF%zo{JY^+; z0kxd+6^4u?$cLwslbh|k6WdisO`nI3h4w+``vyY~%&y+fOQNj_41;uwAwaHD;PDtu zd23^vf-8%Ia9OV~R+!p4sS3zJIz8q9oT>ewhZP)tC@ZTM|E7JpxIF)BzRl%x)y?xX zn-@zG&SNq00xShNN3xK5KNf)CR6G*+5J92*!1 z4o$I+C|1tM6+;bHnh}KPxGiC7%YYA^CR=3P?_VuoVxPI_M2ufRilJluSIs5VBU?9d zgY3{dwLAGE)kuXuBl@Y|4kiL(xJN;PLwhz-Q~`y>If(YcV{b$HC5aQk8k`@*4$-e; z#a~I&;LIvauoLY@V0m+d#JHP{LV{|&$&MG5#NHIFgB^)nFV@JE_gU(p{EtFfzG5OB zmcX|X8{f}hcq#Le_tU7md{r;(MoBL=p<}jOXSF18(exiT6v5SR_B;FNlW}2v~=OyO0baZ z8A#f{yxJTasiLe=?l+CpS*ox=aO44`?L@1$=p?+zAU-=~L>L$A9_g>$xiYBTI~qTG zjV#z+-gGIdqm9_OId>Q(o!mB&SEs1Ziho08D~cEo2=HR#M3ty);sO2*QAYc+ z(wxVHTF64&LxMrTx z4V5er@11aHA6rfMI*kGR?PjPx05w>5Ke~1o#uq-g?-9$K&N94Lmv7qQj`@c0jF{u{ zi(EyEjd#uI>!>d;FsU5Ke5O)2Ey+#(TTaDPcw+S2d+5TJk8W|`BZ3xm8x zXQ&+U70ti>Wf{{{Xs@L6s)f7=A0yt|hnCXkjp9idsZ++~t69n%#8U=Z=s1TJX(){j zNRMf==fb3m_|BtYXD7(2yD^WGaJ7O8==9#v!rzuZe%f(;K&XUsEZO{Q4?Uk`numy{ zn~^~-Txn26M1b6nBH!1LD(wY0cT`VS6?Y~G?h~^c# z!fQ+>!?OtkEmh}k-Qx-tr$%VR5KaJ9;1Q?^F0!g|Ec+^G6!QEvys+mBF1$a%Me(b)#Uu7$)Cs-xKh}#ke7Qu~||HD6drB-x{$}s77UlQOC5Tj)UDL>b^@* za@0aY*b6~?qb?F{F?kd5>9@;q8XL=Q{He#&KL!s|A#$GKm@&Xxk?WDcE(Twe>uzK=2c|vXoYj0^fNZ7+3Dio=$cGYg_X!d%b>lu ze>~s%m^fIFwgBN%ge}qcIDSVrS-JdpXaKx?olRXdu$7#M*~!(M{}oc0;}lshMNcSo zH5dRbx2ykL<32tao6QcwAIHPulC{YXl?Uxa(-AiJ6gK{Eaubc7y^kDYt>R) z8N_q+o$c4^qIKxqZK4fgFr8eMdFU=z8u>6swHZvVr8hA*S4Mm$G90y1rA{PFjNAOK z*B>oUL^m2)&!RCN=75%VXiKq_)$MP`+EvddF|ze}o0klXKhg|1F_F%pZ_G$!R;PHf zsvgY8rN-dFJ>8z2LVpxn4{#)rU@_`F{GbUR?#@2qaLOW3_IJ8gISPi7Ghqb>XB(lB z$htEZ)9V%&i)`Hi7<1)T7i-*G6cz27-YA74VdmAk-BdLF>_q)e=MiS&S!k3_hqJaw zH9>okM8h!DdxNgzb$HNoIx25d@}`N0P^7#C<}s#Z!B(R{GY(q__2p>SqtRB3>1RXg zqO(J~KpLpG!XWfhNysxaJVHbilcX}Bej*a zI7`lTK|+RL(O8*3RU;JPP*NkmSPPm)w0S33$1!>*N*`;y(ks1bYGJGijgeZ{(psC2 zhGFIPjiI1TgG&EirYll>n51#oUnE7SjIt&X_B}_) zgi#>7xZJRirb_D|a_zJBs4Y7)vwm4d{aXQ}O7OfKpFBoWRX~Z7eI8h+3PWvegOa*w zdj!*YfO{n-J;fUa+V$}%S@v|JU1-|+(4;`TtHK_a;wUpI^_+z$ytO+kq{tF|H*U=_ zSwrLU(mSV|GWd6TBGs_)@&i~t-doDe^W4*&h{FTPr{}}R z3Y%KV$PL|0HNeT~@BQ=T=keFlnMrfQ!ve|7ElvS+S!ihGTl^&Ln7nUneHECT6%!`3 zN~SiNEr%wc_9SM~5gLO)<%t42aIQ&8*nQ6F(zr!q%Ns*XO^vUogL^H5><+Fp+0nRp zpSq`{dc|x(!h&$jy?JGO8$8$sI;Ri!Yndc~y znJ=oZM5o%V;&>^AU=_1|G|LJXQDmq|X(i`1=K6|PBQOFN`8Q&{Q%)`fG6GZsBFY$A zO3s?|B>q(A2ZK`^`?ClDtF~ry5!lsoKy9erk;nDxSyuRYX2APF({wO-PXprh=killz1~N@0D} z0e=5#|Ig3g#nn~GLC@9mbBD}ls0ug7h6{Ud3amhqJbXU{8q`S0)y4GPB`>mrFr9a5 zd*Hxaychrcj;gRS0a5J zmUKkBGj(`Fk%9=BN?j;+$D~v-mA|~l*2FhAQk7C~Z=nc2D){iASlGls_IiQnoY%$h z)~{mC;hHuoA8;ZWz=8ackpKR52oa?=K(;;?;sPHv{}GY;JwS|XdLqN)kA(?eVy}kP z^J#~QUd5JCwGWD8yog6Yj1X;!Xl$4fINrev@Z5)^bT_#2MXFVZ6c6EfT<>Uzy6%6EXkfk0FM-|Cjl zeoxh5x|CDV!{bNJ;g@3SgBa2&6ZF3~_o~a_!E?mhv0g?MHpe_+6SWa8>2ng+@hfnZ zGeK8^J)|%Dzou%KxaE^L%L-*)sH=ukm*ZBF%hPulR>!h_(!{su3w1&hk`nt|<@@vE zkt|YDrjd~kAmPlpv!OMcW!7aS3Bj)b?e*OAR{&Sn*WXXT*O%zG-WU^vRPM;Exo*f? z5?tVdnyDv=&o7#u*O<`tjjPV2a9klLk@Lb4WE6DK2{H|B>6!zMamf=Q>(P4#Z$3$F z#8&t<`IN_A$;uqydShtrz%_3b2^Uky=;Y5-r$KmF>D)yN%H_5)~9c_Ts$`tTK zUKh<5Eo+skT#zE&vs)=CV#-yoKF57xsh zkp5>$z7R=h$Xy=3U+Zpb%jBaBnJA6?7u{arQ(wDqonb;ZEf0QJ4!cDpUV^R9 z51vT2ytIlUhAVFMw$v0vg%}va8|*wDvtj_$5Tzd|{3u@m*R~;m8=U_!6}4JJYZm}B zxKzYkU8`nH9N_2S4xP&_!oKU6r_8f%#nJ9`%Xv|C{`jvjCV}eS^({a~DvLt2x(|b; zdeFCFP;fL3*fd*E|4O4{Q(xzK?PR5iXp0cUjEb`>Dcw%C964E6T}+}`&C^*zSFLptsF6BVz)YmA$CRN^YbQFoDxVQYl*OlytCAwlW4XAKGZ?{2%4s9nBO%6-5_n}mTfJA8n zy8=GK@dlT;vkG_Z-@d*qh@JM1H7;svEB=#Txf_BtQvVpD_KlhA{@Qa8Ehu=FwT!oP z0{z}2n6_ptdZl;=6K<%Ae1}bEfdN;A3v>~g zng$baT4zIDYu$Ob z_t_0ODgp)?5==0dWPT@lawDA-?RAIPPC#$*ROJzyz>U-FIua+4uGRgzSRc#@=(xEJ z_=w@k_waaix!y@pc^>ve`cNW(_*i&b%?#GFM&iDgw z4iR6+Hp%X(ba3hL)Y-RK4j$q`3+VE0_UP3D1g;Ogm45r(ALw|L2 zg5Qa;3Grp^LiQcS9OOqMT*NaGuvOa`U@%y4_s=Ey2wxDSzaq8uHRIO5?4Kkh#C^Rw zOPU9HbSl*gqoPkR!#C z4i)N8Q!+&S+@nv21wRCbhcPh%^Ce2%L`m&Fe{!A0O`pr$@rv!tnB498(rw`qhzYG4 zZ6mAkV9nT-V_STS?mTxEE9Y9Bmg#qki-&oyZaq)kYHfowh?E&|+XnhNzc^(h6aTS0 zcA8XU(<_SY~C@lS6SNDUl#gh+tbC#C4%QM+&2Qq zu&J6kM2)Z=2HhYQ=6hupypWz=Qmhl{Jr$uyl(*S6Rsj0fS;LQb`B(qTZ?$vd%2Md9 zxb!c)TqFOOCO9YVCM+%+VgB#VC|nyK!<~k(Zt{fOIq=``FB`a?LSHs^%8e8yBwlZ$ zVwGtGc~Yoi!moRfrWUr|_ji|5RcnUj)hk#6!?bSWvqENP8GdehGJmM6x3G~s3A{ziBqi(ozJ191XU-T2fu z?rp#4_!w{o5X7UA#Pfv`jg1=Oj>+0H+Kv8$JK@{-Z|~r=Ma+ZG5CFJxK)&R8FPtmn zYxniS4;)*5S2biM`q8$^lBXBCbxX;1(N#U_=?$iQZ6<6u=C~gMdRuIM6tB1SzooB` z%FG~DodGRQwLjEhuFD^z)6WFdxRGU-TT1ZF2J4`ii}?#aect3AWk7^=CwHo!N{uRQ zA@_LjF6R0t5&9S8@xpHY6gqh=vWnl)=|Jv=C##(It~$d{8VL$)L5-Qk>aU8F@9`lZ zNqu29+%yYnQ5jg}7La|d`}4v1!+Q6F=_yhNAH0P!x6i*~MP1;}h1+?~#kv&Z}U%R|&R0?zNft(lYk>w~9` z+!-+QP=8&$Y~9@KFg(7TE_b5uPR_1x-L4+aE}t4eD?4vHV$ZZ(jor7mi;ts|v&Y*) zI{({I4PC5HipIB-v(x9mQHSfw{?G>A%+A<-%yw>;&d#ToyNfs0%5BC3KNCs{i73;I<$)v{NFmn*eo3co`8FB_a`;1aVCH zPP&*weL+jU(JjnWSmAjvA1?XuxZvJ}HbN=LWoqyr$+8X%!j|;Iu@k7oYiL(Bq zbM&C82Sy>FL{78a%4Q{6{rCWv(oUQFD zGI1mXRo__ARIbnfsPB7F#pgVZTpuAqpfGz!y#DiXPfczThRcPaxK2Uz-Nr$uZ7mYG zmir|l=O#TAFoXN5!>w}CqwC5x1$cSM_y8nxyN}=_eXNK(oY#|gzq=y>kAMGpeO{qo z2V{l!CFgY6M`P z>HGj_`vZoQoWC!wik^BpwnPCP87EX%0A#S;8A@>TzUK?j(Nu!Bljxxu16Wi-Sn3cu z`kP;$K63oN*JgjdbML=vbi}{_H`h02`+Rsf%UZCt%)<9D+}j8r-hV zJ{Y@tCBiU`DK3OkKnZ3-=0#Z}_%lRUIG0E>^Gympcx0JxD}Ya|Jj%BleLh@(LCMOi zZ{>0L6I$ku=x$b3Q2??3Ko&U}1Puqak2MAC#anvvysa;`5pj{BY7;{-;h;%C!Anw5 zTNXoMN$4R)+B^hb<5K|09j#WYq>i@0e z;bO3txxhzDwv+llK34x1WA7LwTNJE`Hc#8OZJf4k+qTWqwrzKxwr$%sPTRI>`riBE zy}9!yCgxW~?5bUvxmMJ!%v@i7Uk&kNQ|lc0+V3Os+?nvBeD7%* zd_@&YYyT99-7=qPL0{cwU$y(=`T+Z3MC-NQP(#vm0Ukq{NrVV_U}u_XY!N}2JkrT= zo_mk+J(S)zocoS5DX;>7gK-<|CYLqMikPpC^hM&LR~I1EaOKlE}Znvo98t_Fk^# z^zots@O%4h?6g$VMIHcFKT$cHI*d=Wk`I~Yd(XOS4qAG+gKDpuy!kzyY{G*{ZIr>J zXSzUF3O*(u&BW}X#fmPfX&25c+r4);IAjyF9ge&{{kDbMFCs4K&vX=8`bhs|YUD&)Ul}3nsYXiy369qk z1w&rdZnQ+;hAkFb3myu7eLTt?dEi!`ZBj$;DjL6$6vuf1McyJuo3J+jXHl3PQct^( zJU1X_j^X5lB4_rzc(cR1qk!wfUrSyjjPCKC%*xialkQP*n3i^Nn(PJ8EhISI2)MjL zdjag&)wTn8CzKrlm4AW#0wERkgY?qVA)D(nlB*i1^A{5p1F1n?PTP2wkpeGkSq?xo z!D)n%GQnc^A{xPZNo%)nt^GF4CExvO6%d`@dX+x&uDZL) zzb}e-5dH#Q?vQ;Q{KIPHrvS;CZ6}SLtv5PVJbl z*#jPZYXJY4;Adrg!06p+s<3vmc5B<}cS?17ruq7R*kDke^ZXG@wPX5Tz5f15_a7){ zyUzf5eL_t{e=5CGHvu#;fVyVwM1buT`x}7Z#54XA5d4N7k|}-ZL-$65l6*utDHvPbd-SC;J#8v;F5N6$&20fpY$ezJxk^(da=m-RMUC~5m+ zH>o*a1s5kvuAvZtPz@iII0Hn{#gb3-Ilm!N%?8G*QX085+RRrmq4fSKW!@#@u-5g_=b4CE_C~ z4zL~+HOeAJ7m@`=j+BT7!A4$n)X&k)CZi>v!R9haf`XZ^4Kp7rWpdv_lI6Os1>1Fm z@EiJJyz2d7yxJ%DO41L@sVV?|u33PDvlM81m^xxlc$mW5qdCdQk|91>2XI)Qs^coB zI=OtFhjU;5eo2?dRX^*%O?wA(H+f6{8VwMkHur0()_a@U1(b?I)b8N6qxhZincV=s zx~uI30gIcv=TDhm0L)qJcg-1=_Yg1?7s}%u$J~O0cnS_kliPh9W`U7(<#@0R>R-MJ zuKYDL5178J4IWGD4%yAWUB2G|fb%6sdIknwbSHE~aa@Y91ZhFCL3xD^dC=Ot(yv5G&(TzAMq>w$>;KTd0?bOx9e65 z6pDR+QIN^e;>)Nt9oG*yhoXPMLl2t_)If=QZ2@E;NZ}=g+9;9h5tU+$XEMYc3#qI^ ziRMEuLpQ^nj@k+pqYafD!<(Avl)CM(UDY4Q(#2qqgqpR_)a(*mFT z^^jb)om;nTm%f2@?b~%*I}@V9V^DylWDt)a!{FhDB^-nxfCYon_h^7atQbhafU@@( zhk*x}{kZ&lLuarykfw{Cg670G?d&J7Y#~1t?e>%`8{2da_`5{33pLoS4b_|WH~?l; z*ay~}HoM|i&+)_fpVsmEAJ#)nrf5b*)CjCf^SHvgCe|qAMc@ ziavDRr**f-to(z~osnMl%y@Dh@JS|H5JkaWkmM57l$s{iA%aT{sKT$&`87Mq)pkqa zPXk9o~lpR0c^p~nW)>UyxbzQT%XmYkJMTTVIyl90AH1dn@-cd;F)DFE1 zNL`>-Qi6j&V%>j=Hb$?q5ORW8E)ndL*Swz$ej-ou=Z4ubG7b~qVq4~p2(7?&yQg`# z)=g3OGEw171>7!T;M`oKxDY=3r+Gbhl;-4ii)T0OE<7XbVkS<4(cn1Ez1H`#RWxCB z9Etc3a50Z4IoJ6Rv9?Q~8+zcHz}pJ^y3at$@Gh%8D=g<$HG->4dt2hSUyp6a%X8m! zsgYZPOr~=o&(>w2SLgv2p>XpN6@mHixD?rois8h^&Ny{pmxNT#QIbP#2HO|Uai=F5 zsG^$loIl}$U^G!iqw7H7Pgj=wle&eh{$UgK4E!a6JL`a}Z>Q4NeB-u#^gVhidoG<7|KB@m=sjmdIR@){m>t^y>mS`I-A#fdmFWlaTwCuD>}C0;O%X_>&f_KQ`d)s&)F#y%Ssx#X*fnMJ%1dzgf<mPv(8vezGQrF=w00Pz%;;g@%5I+HV~MqA#=n%F4}-Wo(b+Ng<8hcdO^3F4*Zq zI(X&Wx`-aOXk=vFmp&5Gibq-Mzbht$C+6Mw0v_h&w@jUfT!IkSwj^%4&e{CFhs2%D_-P< z>r|lskkZQRN6t*jKaY*<*f#FMaSpt;WY=3b`vZeHH4NhQlGQ5b866OGF}KgU~IubnIn5Sqbl^aJ_;%SBRh|wprafffSpY6hg;H&U}g3Dx-@KkQp&`H0>wp z+5zd@o_)(h(aQnS!B?@qND$KcGcXLes8V__UH$&jWQcS7Xx9sJ#Ag8uZAqKZf6!b&DoPqG?J;%09tk`rF(O?TSf*ZV$*p~0vA(|GH zEDv$Hs5G!o-A3Ik`|$Hzqg4NHII(-#`p5!a8c;2_%|uYwdvJ-O*RBrR3Y&0Htw=u} zOi^d&RVhynvL3lAgH1C4NMVpXA{5t%Nu$(#-0MRCLt>y9IqDfGs40I7x&#KVMlE-X ziW3qL{`(!1(Pg4@kS-;t70gM|r(kXRDExMMi_HW2CsH#agmOR?YM#*yC74BJ!ga5Z zg;@3sUM@CamM2ytoDVl*Cz-KB3Y`cZT(J!$i6{cR{w7+2(k^VMRTQ10Fy|t7bMvMu z;r9LKEMfE6wf3q$-KJ00c5EL?E?yp42J{+R<;*dPNIK@!$cJmDGJ>%9=v{=Wr^Hj6 zQFNgc*$zG55hW$YeIaxwIgmj4ek3^JeeETpol?{Jrcl_^n2A`jm@*PSH0RXq_$fLV zm-Z1|OOxY~tQUdJ$*Kvay7|(J+%WME;S(2*^xqnWaORQBYqV>ttz^HpDuDVVzbRH5 z>PMYZ8@#K|2v+`d;N)vBDxpuGtJ=AkN_d$jW)^rFJX14r9V$0wF$tG^6X`#$1kq(a z7)*2=I0#x?Ny~D!f|Vlz*0_CtZ3zVr>ncf>_Hb3K>WeRqSWPbMB2s9!)S@RTne;iL z9IC$Zut}8~T0s86DCXb1GQz>9{Re8F@(GDB%43=^Yy1Jbc^YNZYzOkEXIPq$$>5u+ zA{0$v6FFrv&?IxjS;SYM8tH)&UkD2h@dn4rmrdo^!gM(Yo*b$!KSCY1U+3+YaG2vg ze_R~`9WtXO(-msf@@@s{)kP=%admj{sp%mFg4Yjmp1U+*LiclxrJ}Gw(f3nXp^zC* zAk|SVaQ%^)L(7;5jNf`)n65`v^EwzVMXqBLhkEGCn$u~vTZuC@>hM3B5>8v=X|^NN zfhqGKpdKF&;m#{}<1_pYBp0g;xOftxOmd(rgVBf5p?ILZP~mSm}*;G1}`W zC9{L4FUdO(SRQz5>krpy@rm zdJ)cUsNN!efzdDiJP;&^zuGERSiAtwuYhj;j@Pr-r}@nwc5(9*jJ*)}M_e7O2bDns zlVkZkmA|ye_GR*j6dcbZge7$zj1CeHzB`ir|3chpdwZb@3krUVYFzAbaWC0CnUd)c zRwA1J#=-twW>(_-kUn&VoGnMELtZ3dfwHMhO0n+1&3XTW4K}q^kGU6gsP_<=cG)R3 z)(;xoM}ntubizs!mHhEwEAl z-=D7j2=+h1iA)d9*x+wcQ-;*r5x$9t4C6Ja6a1;2r|g;0^Y#!YVZ9RdrG@0|tdQ}u zh-$k{ZGOrVdNXP)G=n5&k;YuEWD&A$(!lFil<=1em>r z^PYWvWK4K!8*e}Kp$#h>DWP!ctU{7Ne4{R9_P&Lkl`1y-;lv1^XE&8#Wx^bc&1kT= zj3dX1e8nWJNH6Yvsu?{N_CFBQvT8p=sabZHiU1~YYg$Y{<{`1h4xrl52ymxbZ(2yg zvlr<&_<6?O`VIgFe<({Bzu z!K6wq5)r+cJ87yq;acvt8t$y9M4GZW zQ8ODim@UvXtUGQKEh_(7zi3%vwLNobn`?EBv42xX*(Lg5Mcl7vJ)k(gzmdvN!nbwa zk`V{d9FcxgWZ1gU{p%oBp4P%_0}8a-6B#t3M5es62JT~SBc6JLi~7>6qXSQ~(- zC1fbiS`dY%g@+|OzHcd|b9VX7RW%&iW+P}QDtD5NEAZAJ(H}NX_cC+ zY4L>%4Rt^zp|?7id|_}Doms%qWBVA z)cabi|KKND!a8nEC3VlyCnon+Jz7}qdE(8eC9DOcZpW(W{kEOGuaOfJ&mB~&}=VaPv>{8I<`FyQSgf#0(=iOPVf}XKZ!d-3@GIo_x`LmRn++& z_0uStZFLepu4#lW{{GDshCUnPw#=O?Mk zqc6}9G!96Sbb)q&@~PI}fWj$$v=l?+RB0RTN&s#*&yHK*RYp_4>nzz|id+}L&88Bk zC1ye=z_+p2@TZ}TT%v88@-Gpo0wO-*`fPY~)R?wa83ez}s&On)xW{k{3eD$-O)`j- zV`iliBz-ZmSt@NkZD8LlIO20y4wGmX{V5NE5NEG@dR$%BGvZ1A?(A=g@ajCZgh_>G zZCgM;r00mB6YrW{$UHUuvTNTc&d22#l|21oz15D0~JaVHrtbxHO1gxi|vTNY;q zfl~sOFLuzaVi^V2?J(PW*|Md2A*i#4WZ)Z4>Z`x3cFiQof!#7kks0KhNCau)+K3q? zXV&L19v8)i@LhVhrQR`_JTR*lhJyu6~nFq!g@g8h_T6Kte`ebxJ!xyEz{ z(wGV}DrZ(LXJ0 zR#;?mpqSU~aeD9^sAH%ITSAzk74DPKpvI!^oUNI9Tt^;Tzfv7c&G2Y;?6Tj!VjR$# zfkuhNj^W=o>z%Du#DP>cSkj>qu1rju{6=!mZirC4Eu!0c|)_n%9$35*e? zSRQ8K%29DS5`Pwm6a7?A$CjEBm9j<`mJ$8W|%%ZA`7pb};DS2z_IU$vGau<@F5 zTp>det5^uHk@bH;#TMz|X5&he0K2}#kNX0}%(24!?6DWUy$pFCbW>feZpH#o*a=+DpXYRaVzgz8sF9@_5_Fb@IA!bv>iIUA)|7**W z@&&qi4eysg0=hku$ek{JZj2~qaz%e$s?ra;3yR+#ZVVtrX4W>upp_mBt&pr$`D3$j z@&|gOrFUvAuDIP&heCxukPWL;j^F%22`L|;PaW55YX>-|~ z+zy3ER=(3M73t8hvy48_4_G7Y@A=Z&wJ(MkkRDQ&HPmpca8=3CIZ+@UUgX&!vea zBwN=6gs92KUrjc(P$>i|%6u*@KKCTCN|fy#Ik`E2sLS<`F_~N9PHN{8vMADC_xGd9 zTHp?HFiT^sIz54 z;;pt21qd}4e^|{m|CC}*maS`-3?xrqrXU*G(e^5XOrW&OyP$g1OE#D`Q?1x=VOOH4 z&>`-tUlEkL0rJ~FN-faUy903B16a#et_5K(@%wQoyTgAPDkU!`U=b-K9~&;DENKRK zI|D7vN=QeKxrvNc1}+|u)#}RP`z1M}=g5x7r^Qm7i){n6k-2?hT;pC2cqdcXZNIU? zO__lG(Iq7Pc{KemFcA@=a%|koXIYkMB8}<}!pLF>eE~SELVYnXM37!mwT%hu=aoHz-{*=Xq{5qofCv{0fO?Ne;m? zK9L_(G?(3u+0bOLHN_)8_BO^piU-vVwmCh%I1?LDhZ#ut>BEZO5Py10;pT=<-qS1# ztD)Yz(+Cl3_=XS~w7bMI+zp3zpOg)7?YHutw0u4HWrJj(1XFS&;$rK7?_E?@bsWDw zxqh5riW_H|u(P4Z4P6pO`sDo$1f*i1H2opBXQUP5 zAGr)QS9`sQW0%UA`1{_FQYBA~sf`|o_@sN3TQEg}OkN881jY@0+1pa@0?nd{*^dy| zPOJC%o&&!HHyTaxb+Uc3?L^1x9U5s9nX7EawR9uBXt|8`Sf(N0m8B}4@qBWA8mHC` zY}}6^Rkf_hCuiZ$`9vt>PYuZczhI&>Z>+X9H*Hk?vRtS2`!{;zZ~2L}@?cDO?a5n& z7^r8-Dipe?*|7ChC2JI1{c;xUm56TBojrNxGaA~-gc*Tp{q=of3+uolg1Pv_K6Nm0 z98OQ#F7iF7R7R@DdLx8+L_OewrXiV3$_nutTH$Lg-qzKL9tz;FxB0;F&x_rmR|I&; z>_cb`XJCc;fVN!AffNEzsBRBz;7MAVAo|SDUF0&!K38?RRafnH1Yj~l=7$6RaaO<; z7s+ji=HSA7OeJI2P^o0>z81Y5wuPb?Ehb$_m5D-(;1lh0)4=@~!$>xI^=U7)HFbcZ zo%If87!efyL=hJm{xa!zQ}j7OgzzwML{g?9I)|FLV-@9rM!($0>}X3WY2(!7BP_5S zq`X;Uy?;teOiIg0x@0Zy{>rCWom>bG_l?!J&K+)h|;2E@VH-C}y=?%XGunA#28m zgB@bUL(L=+XCMXB%(+bAxRimn`o+dx-7@R0xmsgL9l*Semt}?YzXe(c0mbQu# z2p4=GAN2w6tIE?K^)$%O^NaGAivqpUMgE2av{X*wa&i{%C_vQQ;`dt^FF9k85sfES zW-wmNPX)C!&r=1rQ7VK1Yja?V%Ec%u#LVJ6TC3JxgO0JnLq_@=U~1|ruHoEH>?O$! zyJs5jLfdNyI9Us?%oIo~?SD#c(deb@T9C}jsOg@PvuAx|q;gUQVCoFYwf}{O<{e_e z`gL>&^k~U|HB;DTU{%L)$$L3p6lXUXGZW{%my!8fbBYODg%1Ms-1BTv(W=yE+ZC(c z4>vMONM=y`$mD!GH?PiP=Q2r0nMopegk>Z(AoaOH-*-PU@&JCh=#GB~8Xo{rrSSki z>(bWF-9vz1^vT2aYG}S^&#`hZU^v5RPrhMF-rnCZhC6JZ8#fx}naLh-b7h0^3~;lz z?_3AO-J!OjBT#S{kgN_$A|v+8M3>*dTq`>wtBPXY6#0jqQCw7NsqZ(68|@K%{UC}e zC$XXy_!4ckqZ+15d5DtEBkP+QZKd^8YELPT4k*p?B0)TGMUTx_uiAA-DYl}hF!^6h z3F}ye*4Q3Z6L*r5&12=ipVzNzK-l__}tO?vSgcexny*r^{|~ z>@|W}9~oQ^iJ_0F+*zZbphxqJ@o~#FyUN@0#=cz+L4&y3t8toK)ZR$D0B0&8;v!Fy zxY2uy#(@N}kJCB>ElWm`l0G1HJ8P6YiM4pVsi@W79I;L?4Dk|S?0aWtN6!9cIBI7l z3PW3W7RM<1&JBZq_v!gL?9j6|>8bg-WA)GWCK{;sB=SNUG{`NYxL)4^?abp}U5>FjbO8iFc=Uvs<`Fll{c}PeXd=H73gNNbL7w^MBZ#lO}-F`A_Lg>Hx?(q6mP9X zS`R<>lR{%lrC-2Y0x3bDs3^HZDrVMOE-Q0ft`U{Ms$2r-zm!o+3r>Scb8CN5lOyq! zN5@k_J4iSg3N$qJ4^JKZ&4HV*1cEU+Axd!ayLDlM2`-Ao?#|g!s41kaC43bg<%1LN zSD9Kb!27f2CZ%)KZvPIkgoqMCU_(JgDll>XvH8vD0xrbI8*QEXUvko_n4QUCZAc8{BKaAJ4M{V64V74L zc3xgKrv#D*nS;-;3>+;pR~14x00>kEzgpv;x;rBb}`QaMQ`c8 z_Y4yMV}WdRDDcWL6m3)13NXs((H<5d{K^R=rFXIJC73?a+;c=7ve z_0Y=3j`f-ri;vs$M%y&8y-XL)Itp9~$iro%7;~&q&zJg0W=@Dxz_=;!`%eDgHdC_IT*@_V?d}lZ08u8`?qYo^#$)YC(;xjgIAx@{Wjm69b z5=LeJl_{2nOcPli3uknXHHxk0(X#qhXbgi5425F^at=r!HVGuTehjp~b52EjP?swB z)np33uDriC-%w9CzMDsU^tSi9(vOgaOH6H(W|BdtI|FvtH#cau0Pa5ubh`&U)~71t zhuO1vn-kYy&4+m6*6R#Lu9KDp&)ayY#lp@m6WWQX5NbQIGR>5K4Vgu%Z#+tyRX|A} zrTw_APua2GFGER6>M(-Nc$^E1wahydb0Sc&-#aRFU*GA;Icz?ptqK>F&4EX+S#SG?7*XrT{_7>Mx@) zj5$c~INJM6&Y%MAH$T7K6s^qPP{C_?+ARC`FH0t68OxEclJc1(N$99*?Y?a7$aQWC zT@%IL`u}1r2=4p=PHZ^Ld}WZI%UhTWAnPc|o9`O|(d>aq&CsgwUhoG2QH~*uLsm!g zXvRVo40O#)n!SQ#3Q(!RS2RILA1xvz#F1Vy?8@)Cpx|eY8k%-USHcF z1=3A18HH;0*C#s$W9{qH|Do$0)3u%q#|El?F^7?rlS9?iC-r~9U9?X+h#B{+?Am8T*E>Zn>(e?@pY_BMN1`>IwpxlEOu;OtPu~=wr(Q&$WOp8B@TVWg z<%ez|m3R?Uvn%I?RQD`5gd498M^YBsaqoiDrWGH?2lY)!kSFz7=BOe-F(}I=*9LQ^ z3g*WLybyl(It-uKLWXE4!Ok22I=Q!b0KMDWJC>Jz_($b@I0-!3)bO%orh;|m%-viv zU8%ev3>SL55MuPssndblYOmdNGM6zp*=0(OZRm2S7~6&Mp*@5o+;x_V{QzI0o`#K{hnF0%W;H$lT!VWm_Q?U@d-(x98(*@pghxbMG- zC1YOCYa0(cAZt*GV49cCzs{_g+EQbQmm9<$3x3|dC?XOowCnuxZ&!14>^)Cz^v_N# zIMtMYk5=S>Ou@M9Haw(=F{Ntv`ID4!f`podv-T0o0V|oFX>G$jA3n1jYE8} z=Ylm#?-Uwso^veB#HEgO{#wcYWvb|4TQVbKaTVz7Uv0GAcffj>$nv{2GS6ZvY1e}J zTU3on4#4L3{rueun%u6GHc+9G;p|@?`$#&CCo#tUR03uE3uS zxr4o;t$zk`0W}eZ$n<8Sut0CxhC`>fbEh zb-?pHrXggga(yx-s>=qzL}=dqY=eynWPS3Smge|bER5QVZn@2RO+M>BRgh`)^T+C} zR>B+GXA67NNqK8{L0`JsjQ0#gKn~fVcxYumHLX#_b`|Ukmx7}uB8*K}0C{|#p4$%) zgag5!CJAQseKBUNSmh>C=0wF>KjFLrUoU^LC2X@$qb4NN5koKGc4Ma`(Z8I|%GOsQ z0)W~Wfi?lYzxz`Y66Y;=W2IzJa7eb(Fszj14$;%QEsCq6%4STYY0oVcZcWkZ!j)<0 zcJ>R&A$v=E{jCQBDO^wpuorUwAa~EU zZ=B`ku@a|kO@?ScrEme8n7-g(vVJ~bh$$-wQrKmjd{v_3R;@&XAI$G{|8{%&__<$t zuquvWkFbNg{WDUKGMzLF;CX+UGD=($jDjd(t6o@dZFIkpM~Kto(j?U4mD%A3PuJ^Ukw_4$9t*;$88MDGe@q^VRet52h&l z61RIdd2v4_04T8Bqx_v%f(Bx~uR}+D6G5SY?A$g1c7CGMOE?pPOHE(}mC}JSw`|92 zu%K@7r=t5}%tiG^hSO%4MUeC3<7!o}#ZXnDUKVI=Jwoz2fO?ppnVFfoZ_c-Vq#A>< zfasg{dCm(H8wNWH9b(k!wriF)O>`xs*Zf7amW{q{eQ!!NygMc4Rbm3o5!kn;b zM}gKXE3svo@RZdS1!@5iX*K`-)Kka>wr5qX^inGVB;Yh}yj$0Nt-94>0!%wMw|A`` z`Qz?Xbc{+^u(!~wXpO?tTG(GpwZznroCQhq&+{ZgY5KgVFNr55ahzNmm^ z^&vZ`fR<1*3}Q9k=xMTCUd37-2vvQaG^MSK{z^3ZO)x%Cp>B)ZTos}!>x@ueM}2Q9 z>p#o?&?xj>%SOD$^8@bg)oucuUH!~D+%V-X-}-?+5TJ}2gp>|LPx&3=;+2iOi*tF< z*?%hUUP0UVo#V`AeG{6;?wN$r*J~xU8PO0o108Q5swR8ezz{{+o3sa<(B>qQ*ordAW~*l2@p17dljAT`e@9%`)lk=xD#IXr)Y97OzyV4r z)2xceAZPvoe%kNQ&%2x5*LKE$FG~3U=Hr~4NwYn0^HXfMxrxP_`gF#+%}Z3tJU23Z ze~=l+p>L4nx)JrRR8p&}T(<|{#NsBLOpo&T=%_5e?a@MHC5sGW00^>n65l&e2tQXz z&>g=Gkc~Azj5>7kHa|q>`^I6W%?WhVByB^?cO$d24On3c@qFgEW_!rj`OH85kW!&5 z$!u*WXZU?^n^@2Z)xY)LnAi+Ha+^T3E(){4llpJP-^{bfC%xR{{lT$9=t;xx>CWHo z?yc@oce|}PZ$Bt;>r*fas0dRN7S785A4HiPx=YG!1c@MtP@u>kjx<6o!vZvW&YGCT z!}P}Sl-rt;lmu(hUHABmxQCVYwH6Me8z!h+2AoF5;rCc7}ci8673ugg2uO z@yp92)Cb#n6mPy56d?7Jecg(01^7Kh-IbAi&-1^zu8m`38{AOG6#owT@3`clUE04S z|0_0mf9MA2=ioBKFRF45Vb5YdxWaq5pw08 zcd;rHk+)_z<9n%N%RCak?kH#Kx)|rX0`8iO!E&Lz(T@_ZBR4WwZ4s4z>Dtn-TWRK7 zcPKV2R_rjfbVuwUtvf35f+hX|!V;4oIbNaT0UmrE7k|F&bXv62oXB$xPFTjcL?*fsxz7S4B!kgPfqhv9v$ z;0f*2VELCNF^loEbfU+1iDg!#DceZBywLuIXbTe#zDDL8n?R7Ugj>{*ZG`sS*E(ZV ziGHBaoF0`TOWo9&>Hz`Beq}Pr9vw(NqCS~_80ZgTIH+$DT*3N=*%wJAN(W+PcKtuZ zc%4{%I7PUjd*C%|L6)L+)3`|IkFx(o;tehgHK-*YZ|an;_)ju*&~_r}*>TLY=L8Zx z{@#wL1{=vdG!%XeHQKBwc`!74PM^TzY8?5c)D;ZlsR&~!G4lW=W$J{NM51}4iCHIE zJpH>&bfM%qSE^Ll7zIYX#1$Dx<41{is8-q4&&6&&VtmOrO3&1@agJ^QD%w6rdkGyu z3DEk`o8MQWDV28W)?ZB3YNg+Yj%KT|D!v_=!$7_nBt@4v`AUc~X5cxkS}9#KFO4?# z;C*EGDh%+hEG1|lqbA(g*zt3WutO^}>2t@O5=ox%Xu>S4AhS!Gi{%jG9H`_VHyJ5{ zLII#9z*ThLuRSvDQXQR`QXV3X^K$Y?h2N43Pb?8iXd>lSnhW4)_F=ID z53~`B+$HRWD2~1JG;5II6CINF4-PT`%}&WrC7pCKJ;X>(79Dd<8=`7gfng_rB;iNm z{7W{95FXIqe)bR2jT*=7aR(B?_L5SXOe9Ii%UeT86-d+yXKmfpWg}fjDaQp-K~E}Z zPR&x2hgUiNQ_>CQgAopy`q_OXu$&c2hmghO54|L0Yn-9PC8?UIKsQ)TvV(7zXc|My ziyrD|!C}4;E!S~FHi2xp45MC3nDE|xL-t@PF=9i?G(>yZ#CH{QqkOYbxoZYp-6X74 z(vDbk?J{-r%ySb4Nw7;0GXm`4L?9Wl`J@y?0wXGlXJF;m&~gC%%UTJsYTE7KEm~oa zblp0&Ktd8>l#+M>kE)a&4f%NNKGl+0a=CfaEaIxSWVWOis=y!fXa31EJ)oz$DQ<8z z;e>+d!8%;0&}Es}s2Lbu`t(HeKg{?!MnmT>dxsuu9n>Bf;PI>^^0SxM$+MxS2YvgP zXsY9XcV_wzq=1nm{!pgz(G7`f(B4hufQ1DzHD>29sG6b2i6%Q_$U-k{W#|YjEQ9fs zf(0PVC)^{xX z{;N|TOycOD8br}u@kb<~8NFR|`j9?W+Q^LXyrnTtVZ(PBcb8o1U-~+$8!Tzu`Nxw^ zp~aTBL>s&Y&~aS_nOhTriu*@~W^*hoL1zarS!Yk02FCZg8-5=Z*~80s8#{7oc8Z8j zS7uNCq5bp`PLk5}hsKhf`(>m5DgpXnO;BtZ8#VCT@!{=S#}Z8z)lM)v!K z9N_)mF9Yyrjb8qryRQLgZ@aCX+S6YE#UBg*%P0S*FYrYN^cqaOY_Y@v7>@jQH?}W+ zfA_}Sv;KcpKJr-Qz5dgZo>k3%d6B!!gKz}EsE5i%0TdAfK4$*>NGAFwm;Ud4fRaS!166ZNPtK2VZ-Ki36t(epYn%M>EYE z4)B8cU#q1@#Af;5?0)F$Y_zcg*tw6quQLV#DG$B&SGF(MA2;Hjng4A;zh8XNxdAsh z_q;DtoB*2pUiTO5|41MH(}j=EFTb1Qn|AY9fH^0?+uqObKmTg~?{?_F$NK;7Cm>V4 z`*XL0)QCWQU$4ys`_=Qk_bbQf`=t7M=MTxxNrt(Y)8j==r~XvzpC4NIevvEk`t_Pz z=j3YCVzo#XGn5qd=DKFnjZweuenb08=O^3+bJWxfXVJgxw9kUK+_80wY-(_}l?)kC#83x#o^FP_p@D?7@0ASWnVgTh*R}z8Ml!gc<{3f;~Zx5=S+%PK+3QNAR zWkeV`jN@^f0AMb}agbmTIP5QDY|H`r-S}JOZHH#0gid<6ZX$hLD6AY$L)QigEYs#* z`?_Z{t30%8^;@4A?lb$Vw^#KZu)VRfVf_p+=1F2mH_g z>Any(Tc7;=C0NFw`K2Ydx8PQ8hXkFb_G>Ny-4ff!gGzo4OsTV`phe&p*(abxWXbpa zZC?n;$MNpoPYW=;9;`D~;s>1Wwb0>xUUj5{xmS9mAKU}jS(X&|^9tM}1zSaAY(^D7 zXI0K_WZFW$2m_URF84>JQ?7qxas2&dx6>Tx27%w_``a7i^7pPl5)C4{R)uJ!CZo6Iy^3GAh(}tI!ipR4R73qyD%|z!QaWER2qsF8L2J3U{Xr`yJVJw=fWC{eTY?im0Y;7o z{r!{J5DLEH9Z<*n)}{zPlzB(0Ey|x2{?3r+mOFD%%PJ2^8daCupgxvPw{~OG1l3k8 zpMm6{>#5uKj?dIv<1zHPZ-W_S`?OhaF&UjP8BaB-w^jEV8CnD*ml)O0O5`)Is?2F9 z{kymP_}rdFmOVbYC9Z|ySR^DK%Ww?&AjiYp1H8YQFj-1ItTE0XP7B9r$RCum`yq?WVoO#hkjpgs^zC<^%vM>ILlsBo| zDPm%A+DB#0VO2qp12v^hl`GIzfPQZUAxPkHq}d~y%(y*aVKEoq6_6V8YGT-VIDm`x zvTSWB@)Bg>P&8tA(fy8y5xQND13`v$IfM69Lr0%YP`#sz}k!JhA~JM zkx|dxa$6E4lXO?Zqo5%Shg*IuNULNR8oPDWB5EsVKf@ejsYo89{(b!1RHHLSh4FgFCb*nl5gu~Z2#a+|7ubDTiE ziH*w?i{^qTL?JNmLl!bB%>h}HO~4~g|LV{hQUfC1*Ta+o7|NB%-V@r9BXnREfwG^7 zR5mwWVUiOSOh$!l+4E+4@cS@%=G^Tb_M$*0^N>X#e>XzCXHg~)i7=uFf~AB{D=hg$ zGbzwiD=EF0{zv3z+MjDO!1$KHZVxvvz#L@_tJQ!8dm zd^cNrO!V{`K88sgR7j}Ez$xbd(U6st-H5vsDq+PHi)g+HF&e!YezqeM=RoY}ymyBE zU5@V?QU@poU%n$sw*+*b3>aCZay#}8?tCxY$#y?MR5ppI+UYya)%ECUzS_1BHmTiW z#zsA@!v3uiOh(HIpdT%Xn2_En`MCGWukF2g^vd5k{q2{0@^CW4;v!4o8($Ie5olnh zF9)X8#dKC=j(1ym$>SW$CpuxpK~WcUw9i$clj`0XnttdUXr08TUhzXE*s`NrSe*Kh zuiYOOiodZL%71o9iwA#3v1HX+vEb*P%Ne%8CG$cwwubtZyDyM=@{ckwpl!xpqy_#6 zWj+iuna~LzofgA9DZ3mUmcS`OB1$#>%d#casi_7QSFf8F#k4<*hZ<Xxuz%|0|}PpMLXO5o8nwvbD$;_W!axQr|K)7g<43eJn=H+z8(#bl%$wN zvB29+Mo#gmmn*l}QyYS-csdX9Ks3m;GM|opn?4;EG`-j{V})9M1^0bml94ReAAdBd zo<(U?!hvsq`4z4F_+8VYu-cQr&`|_e(5g&K7ll`~&XOz=tl&nkV1lRO$!fd9L)hYt z6^Hpz`?n_D%xN0@50N-Z3w#Z@DahY?=PL}*-PzLeT=neBHl$r;u6XZ(EQHi|r~7Qt zWE>8QtqvDH*YcL-3thjFNdXiVenlB#L8h4~!jl2IXa!1?oFX>q+li!U13J3dA@41_ zu`sJ()~36SBA#l`quk{iF}fwgghRb4;ivAV z1?Fj>yXW=XUJfAc%cXx=q#K=+b1+R-_gZ$QaEFRhMnVGd;JR@jVIPURqDeb5@WkG- zFai}K@3=}pCwXZ~fY;hu)ho>F#*z2+4M6O9Mhbeimm0O580sTrak1$dZ=JiMSY$s4 z7EpI2Nd;Z#OS0lP|Ayl+Ad7mVbSHt`wfSRACW|L8h>vV-MLSFFzji@>%P{DW;#2-R<>Hkfa2pR}+38 zHR(@&eWg64VZBNPO3AqcV@~{wKdGhavX6gfF^ffEA^R`=g!AH_5FT}Z@2#kV-KD9; zyIO(6-2Bax@VtU1ynf&ix|5D_>xIS~)`Y$j2joN7=8``+ZLjDM7X=La!Z2J#N6N@( zg$xrc;uFmVZExZtUEC<@GT+a*{Sq9nRR)scaQC1ZoT;_ZR%PCoUG=rySeU!OpYLO5 zPalVQ@%PM0MH-5rU^unO?vFgaB z0bV_IT;e*6iK<2a`+A#Rv7=Ptr%ow_Rr#}JWS8Wt)fFYW#M1eMSG!*BUc35;oYbed zL%Ux|Wze1DJyq{&lmrTuzINjzEGOxX`CI5;Fr{-W6tJmxGB63RI~~Yw9pjJxP#eux zBa##Kp0t_AA(|q{=9X2qux05dFJo_TnjW{Ln|hg`aVWwMR-e3;^r!AfCfv;nz&hD0 z-+!{#vUl7GT41+jf5xjo-T3haxBatxZ_K;V=_S(wI`|us(HR3jf?=27JH)+APz@Pv z?|b8z?q+R^EsKS#?qTvI9?9z)F`>19*A2J7Bn!a&%ADMq%j9`%BMP6pmP}qf(|PgM zj5mI6szeIoz4x5#gjtztliQ6s4lcKzO?u6EBfg&hq3@H!MA{oEDQr*vu9SysJ(_vL zLmh$FgBkBXz}?3hMc|(J31Co;$GI5R1bov;wtU?q44K2L6C@7U&~d+Zx%xO}mwvbN zH=%P*q|@(es1G_O*;=b2mC|sQ>tn9Z*7Kg2bhX26WRtK3h4$xWylOEH&o}*Oq&c@p zez?~#)750ejCFxaXyz2yilb_c&KVT}&yVa$yk78_bm7g2BgsF^#hN_H3U7LAlal8Y zXZ0w2p4;`YX8!<9_HH4XRMi+#sl={b@;rKZCil9`Z1)Cl@m(H<15}zd(Du0zSU$J2 z_uhHg*q8-3Pb&x>C3{lbeERK+ScN<5}5+UUoiT;lLEK4Nm5gG zx|=4mRQgzR5Q95t4f*9MuYcEv&#D$&-kh0Gry%@7Ey)|)jNm0ibK?{&lBKoL9~+;f zr;b68e;id6cML^!n}O)Xu$oSyMKijf_t+>nR*6rp;&8ocQrgf$!V zok-m3>NUA~!Z#=?PZqo+>a(t})tk~yNzeq3%Moif0?w1cAl`Qt5M?NP+-uGSoSp}KTeh;59>)hZL|hxuIxX+%iD+mR>rPdgR@0J) zD9_FEu(&CX%jC!7yn_c&7eLheLONqQjES}&qO_xp zN40NvEp%;UC>m`}O5 zPOV3zY3_SNP`aLjJYHI8`+y4f%%W8lf{Gy~yMS(k$<51sYW^FmXEF3qbFy-bo>6?E z$D=wm)bD!RdR*uwmA0eF!xib~Ql>fB?P6oF?&XhVM=?rG%b%x44C0iwv(6NG=hoIM z(f9n**!`ravZuBCB0dXO~RIX-}bU29k+|jRrljXMy)59$ItoJw}Td_$v(}t{|@+4 zPyPN#{D+YH%M+Gu~hZ=nUe)xq8QHLf>J+nN^(h;~Rx!ANX=pgy=ar(ut_S#(ie z{AtOse^#lpeB&+Tz#9zjG^v1%71j~J9kQKLD9n93AN|m6@B-Y&Kk@Z}yDu7;p2Utv zIZ}ZQ_EDgv**)VSH}>jxB)}IU3&{k4s3X@*-ECy9+7B>qTwT*10wTBFYp<$c;0!$3 z!UjA_=hTQpR!a6W%g&4uzx;D_RkbAMe*nVf~(ik{nugBCdTyN zN;p4kQNa))obx`T2yH}Ocv%K2PGn12{UL8xH^-FPG>C>xoDv<2WH(t3W$xf_M;V?! zJ>6K}he%&A-8T(iO@xoad~cL}NZsl~5SBXRsd;`tZ%uNiZb(jYyZhB-S=e!fXITI{ zmHCE_iaMh+mlf1!tt#UKYr~FZ$__Fqk;}eaAfb`YJK)buZv~&s*+91;dBeT0eMgJl zZ=f@~N*WB2QX&%MypBRwZ?-t#-$g=)iAmrTCm*F1t^T0c>r=x0x6%Sxri;N$n#V}@ z`etp*LYb%#-*g;k`Y``y&5OFt$i>0wQ`2&L2PYRKHiH&f0~6vMgP`q~B+VkJ zmNFQ&7KChqQzZWWJ5SUy+}5=ASSGX-XGgK^VD?j7mXlH{I}%F-`Bo3Bu6 z;hv5x$F`XRK`wOKzncb{jNZn5>XfvjwTU8t%i%s>-B`cC!V*1TBYk#uG-c_AGydUf3R4~JQytS$e16!}?wW_Qx zZ0ZsULDmWyVtvN}LQ9AbX11-6^4lAEjS-9znVMMi$r!eEvY!G^+5$(&Pe+G$%@Lrije(IJqSV&b(gKm`h580psrMliqNcKD#it(}W-;zO(*ea@L#00oEw0x!Q-&+NK z5Y`?POeE>UInFQ)_9QM)qu254i7~1(ux4R|c9Ue~_)4BOA9XZ(tAie=$DB}ld@O5t zhWx8(dP{u6FnjZ%5W(@N@Yv;Uq-Zj{pQa%%A^JTYlFv|*)&`3PLWJ0IEGw{<${5KZ zg=qNM+yhAdyhhD_tvB_uA#5Q6_i_Pcd50$YCK@&c*5dFDpo^qJj9*uF??8#0JMF7= zK6W+{BVlu&)HmVw-epSToogu-DnV0i)5^Z{vX?ix!z6FWe0~QLX=2MdM0F^1t#TNs zQ?rxB?I>@-zbr|!`;}!w-+ZF|D~W#JS)E}-5xgU+7c9lMnLNe3>2Fn z*~$i^%&ywNW*j=m7$yB8zln3lWDp%APCbO!+Tt^%ak&<5ICSr}M5TwIi<)54;zVjuKut@xVn6~0#qvT0aXvia?~Yy9$Dixr5QM7 z|GBp|Dt!bQo6{sqCY`}7;@BkNeb~`GM##_D1SxTE$+gk3`UjUJdBor2?{VGJQc>X* zQ6RK6Dpj!a4nyxjhHf`vVlIzZztLGh2S0%TOuBk*SD|eyw`E^ zQpkbZRLO6Ik=0lj!L+89b$myOk9CJKT_-w2X)5n;Vjdh`7dVi#gDlRUHgY4;_oF?L zTnp>Va2B7;(|+RxN$Qy{Z-f4hg2lvjeim1PlDlV@3v)7eu^6~*U-82&yoFMK(?eyt z!alt8#aKYA zsbrKh6Wc^M8W;{un=522JVbdJp>3nUXSW7Cf9$)>T0hAtDj^~SnWQTT18oBUrXjCuzOAM&!6g*_I9Ps`0s z3{AP(W>U2NwhGwjodtzSv4v^gOhk2?3|wLzc2lQIw^h#gu#}RiIPQ%-;xxLcX5F_u9<2|6nl0 zfAJRw1W*5}M0EC?kxxsiBV?BN&K?vRh?%|hWBouo^>uq!;%lQl7qu2+DF8+wKxcYkHzYs^85qD z33Uv7nuRNaii)c1Xnl}t*H$I2mBPG#8g>Yxra47#5t0cd4Su8Z?bnPVCzJpi?@?8r z!C!EfVIDYd0>p5CQf3imP7>*susQPPeIK9gN!8uuN0Xwbx%|%ii8K5{u1z?Pp@(uN zIS>EDGsu}W;?4Us$%wBOA8wd>VD1EHRE;L&OjzH>2wL3~45p8MXVAh#k*!o!H<|iU zw^7N`1PBd+oL^{EA$QSv0 zm9ZDw6&N_}4vDDgFiy$iZx65mt@t}(4>3<{iDGvDL@|&LqJyNH3*PS(+cp$d4n|Fa zw%X{PhQ)OaX5RcM*(udIOzomDMLRK9>~sWMEg;Ug)6y$yeg}1oh?D!l zmG#uZuM9s={zG3d%NSBmPmD8K_K2AXg=OFOO+Pq++Fzx4sZO@C=7A4kMMx!Gvkb#z zkea^?-WhQEC-1wyf_@`~EeZ078xz5yCxF(6{ITF*e2jcKXtSCb%X${#Kz#gnnCMc+ z-6aKqHfRt5aFX1xqs}VtmSeZI92-rIP?4$uJ7kH45Q(nN2)`Ia8-B#1te<#?*djNW z4?zPHZVT8e0bw=wnk>{(!{E4O5k>Y2#d}Byq^i^ZgVrD`^TA10Q_?#sHt9g>pvo7OdH-HE{{=#8{K)1A zs~PrBM?R$6qd6aRCBV)NLIOc|Z`68^ihuEOyCd>HXICm7CdNLOzcclMvvxP?@GgTh zy;Mgf!AsNMqr`L$++h^-^$rYCUN<(#p_!L0< zXTn!faa>874AH4R=m|d>MYom{dUp+SZea!%!sczOHuo!~7GTdE;HK~Ucs)$B!5pt5 zR>KPBbMR>{R!_OtPYanvL4{`W_w*Qu*P%-97tn#)LxRvpv%gJK)lZ4Y(ri+UxZEaB zQkv+0x-M&zFoRRMgWkguJ}R_s{{nO_%D)7P=iYVqB1-Z7xEXtaUfAQjn8y4)~J!ZD!HD}C|rBxW?C-AiIzxd zuNUzIY3RjW&c^I$WQ&>^v2!={HeZv_AEt294yFHocy2IXWHBKA4^@UN$D4uV-Ruq)L}oli8nXs%d?HU2=~GCf2wqS64}?vsA0-s>~4+xz-e+g%o$~*l>gpT(9RZc)BI| z_&w>a{>-5jD<+#*?!t7$qA3yMcypce%rWg7I%Bsv_}h%P8j_lMnjb=voJFDwrV1hTV+yB6P>T@?1Kz544Ni{)0*_t#~^|y_3SJc1B_~LF3mns1LV10{9K)NPkfq?qU#XqXa^2yl^UW^2b7U zs&KBvY)|d@9=pj8{ta!|rnI(0ap3ynn`3%m+rR{%q+tB&3*Ro#! dV&1OG!%(Ki z`(*!g^M%qIJQwz;+lnN`u%%oT^tAnW!LvuBg+1x`73>wuU5OJ)&z>+JRs$APsE*u} z$E^RPP_>@hg%@c3mAWQ{w*aFGQ%;whl=-b`$C`m-ZOc&36+4ciE#5dp0Im+z3Z|6R zKO9uQi(fJxv6cY4C7$S1T85ux}FZ>Tb*- zVum`;q-v6szpeZ2=vD(^zl2MBVJ>u5y9!73xi&f{K`u$raOR=R2f863vCaef=+ib( zVDRUy0R+K#zl*IcNcihHSS0^V;>Jf5EDXQ3DCm$bGN9(E}y)VjD ztdY|ezUIE(w%{M0T_@KZU|-J69?wg|W-mR^gT0WD61YUhQ*!{=Vb~^ows4uL5DsIm z-cJc~r;VcG4?d**C@RJBQTDeCD=lV2z)$9)N|%MdM5{V&hP;@LGVd&wpDwUOXXSr3TLF(I(3QPjzYzZTOl}+Pj#epvHd?T`BA=Z; zy#jv#r3Y#cAHrzcRh+2WrYE}Ig@|7H#%rkeI_2$pt)sJq(ne+`=+%s7!794a3G$dM zDp$cw!>@djz-rtwM?gG0t2WeQ=`BQEAK&fy`PKtIq*mQfhM>->!n!$gDm0E)@(ScA zTu(BwQo2S4J`06NX#-bhCokI%rquUnyCtWP;~!BSF#+%U8ehYoV&2*8Ci?Tw599Yj_EPAd;B^6PnOjwv+C!CeiWCLI|n_Sv8GSlXMN0A2CE(FSR74K zRaF>Fm$@c{l$2f}NpM|Qk4fv1tJ>s{k32^AJy836;t~jC_f#5Dz^L}%~!e?8_J?MTrxn0_4{$7{*!)?^Fj0@A`JBWv0Dd7s<}Xq19c2JP%VcCn=)rW zZndNiep^yKeomzh0xUC1yIH3~R1>W*9xKfUMQ+-;@&A-#%6-TnStMI0i!Ap0&^7BU zWFIF0K(Qy~x+k@5~6DXH}sZuv3?=ApCcmxPErV0VO62+M7Ky2 zF5&5L0_UdKx=Ah8o>-L+9RFNv0iVd~z{mN8k&H0STM=2}yE4fEf z?GZm5_^I@kU`eRRJ+ywe)|oTIw{>5-#vkd4;+Q5GWFqk1ut82Sf|MRD)crMS3?e_c zd(_IG5XQ#KQ=n87pzd~7!vxFeR8K^BNe~t)y!-4LuARm>sUI`lDX`EiyleiyQy5f- zN5`dkV6nS1yB1rLNZ5zYTnS5iI{57+M-%19g7+M!ASe`@y2Q^$n5dc&RXk@uQYZz4 z)GFO`y?dQyBa#>r<4I_DUOc%EduI4XsE^{h{ZI--t42K8<4OH?6c)PV$Iiv{xdZFF ze?A%}UM~O00C)p{8D+e`ME1zsysx{jW4Oe}^)r*>;r}UE+j+5OgnmwQN@4`iLKDvEZaPgJ%YFMuARI2XA4`^V*Rbfk*G~J&Z@<|uhNlIvZK~Csn{6pC zNE~enjxBVges5nKbOw#>@stP>&h=C&(hI~dUUDz+A1u>lTDYGVjOFs1eM#IkoSm>} z>Ms^!&6-fZ_)30d`DN@u`JKj9jj(?nJy<9^OXIq`q|kZS_gvr4GZhXuOy@G@PbDilKKiQe4L?L))4&UcMD z4U63FB*lTdX`gE%O91k0<#O=7Wx!>w5Aus|4InmtwU^qP37{Fs0J2wRZibR#zAx&i zlCiJ6+4czidsIpv9}Yb4TsdCcIj8XcjN}^c3jF}Lm;$bsAoE6$s)9hE`Rlq2gYKcw|)&`8pDYN0Ad zNQh=Ds5lBg71mbkdvfyniHEixZuR)FJX5g1BOD)GO-js8lwBERHkjJh7pnF08vijt zX3_GqJeTX~F-H_z0dt_~YlZ&8j3?1chFJlg73Of^(KkTsHJTu{gGvo^Q9=klq*wnV zC-(@ne3Vk+V-=O-XyQI?%5D2dfA8iws$nJ1{-7_--G?b$S6YRu!JE+++D(=5xnxT_ zM#G(4NNEd^CGL&GIIN~==K`b%4Qa?KlrP7@zOAuK*k#n}nUd6pFl8jeu|1vLr1P}M zW85zBdwlh5@VDU@H*yS-j7D3*3>xJ>pOQFjNrDU%y4`TP*9=R93yNbw4O*_RIvwUt zLFSRu`9Dx*G`Qfhs|vJf;Rc~o7f*NQ+RB1&tAsIhQ@gu}L~{$;kh^s24cI=hgGnoB z!%e3CL=Yve*+}95OVesStvV*^&vIc_v=C=+KwQcgF@BMo8zxI6l*^`^U<4DTt?dI1+vYmfAuAg zV(V3ZGh6t@(sA{?V?^w&DHPT`Gc-F9(L7TkmSBI}!Lx$iJX6OI|8idU%Kju?NnXUi zf>6Myr^8+f;R*?AVy&2q@zoZ^A9V(>$O+=)9(c7xKfgo`I#EvDJGF0xx}Qgjcr%cz zI7*fzF0b;hjG};0y6D}7*pskg``D7a23U(v!|WQv61-io@mj$uN2e?+bjN!atJ_T? zyT?bGZg*7D*QItbHd5sj@^bkOda7=WGg5M95!Wf9J(*iueA^;nF_04GqfSplg4y<^ zNG0)T8I_X0pow}o&#E^OLsSoKtGoAKS;+OhC{drKwZ$WGF~YD5eVlVD%ZknU%)Dye zU`$j{b0^cZel@_khpsZ?*Gs&>|E=FMapI_b)iqNJe+OgjcIi7N`|B^TC8$AN0JTiA~pG4SSSiqA7*>+!s)5Dhqe6Qa)@4}goLoXO z;&{}^WL=WZ{_?kUyh=Gt=Mq+m94iU#5=q$Z2+@&8N~?yTHbY-N=IKvEtVKdY`_D>W zl-}0R{2A17J`J}O+2{E_m5)3#Ipf_GA268G$;=tgl^rPtX3$7g>WI57ukv zV;vyj5&WB+^l?zdVWu$;!AnB%UYx$b%Fj^oHm5H#E(fYUm_>Y>dhIOV2ISVEXBbd( zzwO?7CS~sc&s!U?FZV|;-7}UUmw*BC%RTtz-eR~rbRMXF@gfGixzh8&_bQv+{l1|9 zIzS2*dU1a^zu4IN_l4&%2IzC(^W*(H@bfb2InasoU+@3(2gEyo+g}a7x(JHDY{>Zk zv$1=NqaS}YZLmu6SHld?jM>{jPuBaXCvrAO=fS{?!oMElA-7QxeG8g3E82{5?AxLI}mf(PI?_Y}!u~a}*@WacmzYSXBw1N4*L&W&rSoiq_ zB9PD-4ETsR|8dvQ9O)3~xH_+TagPFS)c$hN{Xc#7Y7=m4_}}~dxAp(48(%rb zCNF)1M|amyJvQ#U|NN(dTy$0$c%a!2n=M`CktIUt+TZ`28Ilbl~;- zcb}Mt?%4lu$v?u9^Z%SF{|pvJbt3@oPv#!*yWjO~d%6FEc-;LzhQeOs5(NZk!d-)W zAr`(PqK2#qdm!`VjNskB%!7FJjp)jfC>VurQ{*xiGRPd|cwp^62g%+5clVbMl!3o| z_T^uJ!YKXQF)vf?fRCVHw$W=U#LfTz0R5MVFC#84E>L*|KtVwP!0JS-GZYOs)c*ky C(iIE< literal 0 HcmV?d00001 diff --git a/released/assets/rancher-monitoring/rancher-monitoring-crd-14.5.100.tgz b/released/assets/rancher-monitoring/rancher-monitoring-crd-14.5.100.tgz new file mode 100755 index 0000000000000000000000000000000000000000..0811d7e1a20a7e780b075e2f91c246c56d3224a8 GIT binary patch literal 116441 zcmZ^KV{~Of)9xe_+qN@tPHfw@Ihoj=*f_Cm+cqb*ZQD2R{qDM2>+2u8t9#cu{iAk0 zRbBlwVFVP~kN>nU>K`mi%IH3#RxtK0Ox=<%AoD!mFP^lK0-A_to3qeLHnAs8vO}~Z zN{VaF@kFhFvjnRi2Mzflxw^NrS)d1+lZ?z?5`n`N=5(ZmuOU zR2(2N1X&FD^>w14Jo=*x*>aYHv_IfW1t)nn^WKOpivF z-EQ}0&y&~3*Vlu^djB@9CttGX$RHa@L8o0lyFU-h5AMF!wg`gmzL-`q_u(j5}HbQCa3VMN$3+SxEVyJ`0{xnGq zR{cBD9y%;*Knfy(DpqGIZzJCkprbE6CjxF092drcpvbi+D7)o}1VfRnSW;kE-(Kq zMf_(zt9A0VHSnD4U;z8^^|+Q_oxI<@)%EgvCh)~CR(>jLT$aDm`+ht~w|B$z;yd^( z3X?XZqD*R~d2pQlMJ8;8-%>yw>-*)2B$inPti^I811f&-+c~;mMVnNFZ$Z^6wS&yZo-)r zKMl;)Jz217sM*s)VR=(RGlsu9gT=hel?Vx(oRFaT4ClU4#;kG~ETOSYbu%M^OnxU* z(@Yh-X27M<^#VMfaORm;9z(kPxAyNLJVjpaD$u*We3OscRrvQ-dWOk5lbc9&Ie$aT z)xCY*ujo3mWFI)vb6svtMD>Ups?j~?zU|oe2)iNU?X>qQ5noXYU2X~48eKs2prT(^ zRA_Czmw5dz<|X8nye9)jx7wfd>Ugg)V+Uk#zvd4uYin_^-)UD;0#zmq84WWi&IyTr zHhOx@+n{E@K7`SbPhdd+zJMVL>wk*<|` zJb$$%7pG|Y<_e5@x1#|&NqL8j8R!4vB+?gaP3U=WCSxWV{>p@#`BeX;H8v&a#_<_O zQRu%yWun+Ob)E?LdPc;1JUG)*mwZ7RNyc8N_r5)V1cc&Ny)NR<)sqvAWruxHS#T=^ z8Fk#C^@nEqu$b3XXfg9Yw7o5Qd>*8T#aMm4yd3Ms&TF@}6M?hIIah%l zmHZu8nTv#x^#8^n3&&!JaPk~v9ybr9^i|KnJQ<)AuNRL&8=tN-QM-D!?r5cnz^g2k zX7d+_pU#y@4OH#}6K;$hRH#6yJNYTLeC{TfwmOJR^3GdVX6*FP0jR>r;Ek&&I3!hsAx-$GjtKWoISl7pv&%yC7=p>W$+#TbpOlAD%CL z-@6O;Ew6Tyub0;~+wbr|bpgvf$E7?B2^qHuUo10qYhPs-#cIbJDdG_;3G~krtb*8V zthiZuw|hQZ+t~qGpJS2EIl*7oLB~Och89Y#_R?tX*Qql;8I_W(0-1Y`7#xuVPnw(kkt8v$-eK@hA87G~_@^4u0 zkcn>+^;h~PW1b@!GY3V`DU$Z2hWmgg;PpL}VkJ_mRZSEi5pgCC1mVZleZPNjzF;D5 z#EMy<<{%UowJ4n)kiF7`bmq#GN>PGm$_1iH0l#DWI0{uejrq#dR^gBZiEB;?Suzo$u@(OCnFMEjaQ`O${wr1qIn*qu?GGkpu}7Tpp&Bqb$F;1LkWL?F=St$_T=xF#Sn`KSF)V|fK9-F zlVHIR$5#4nm) zu6s5n|DxtbHSK08So$Og?185;niTKjYhoF8l%*@HhzJ zXyE}`-6Bmpau%PK?wQjyX2t1;Qt{ZC0fM0$GD$*A(XcyEak=AZW7HPhzUyg+PcR6R z6a~%O{t#+QWu}9Fv>iXy^>dYGMfY$q_Fc`morNH~EK7d7ufrXo#}x=+aR0C`0Qd8( zA73ku@!TAj0(%z0$}$4lcxbWg7P)3LpJiPI4i{l#c=}RY+6AN!i`c=AXE|UjIqUz~ z@^8xRY20}#+R*r0|G8IG7}*WZw@_aeR9EV}ECz-zQe?OFb1~ceFH2514-bnB!w5}- ze-|6BIOtf#&ldI$T+<45t;1`NyL;MsV`7vXul{s4xnhR!i`L8FW4UJlN|0gX8FB5b z>$su*&Q^JK1^;;xm9_oy4biJGF9h>wJhU_l95EeYNen$}2N8m~hcK+U2kQKeOm#=y zrHn0}fwwv|a*g|>^jxzTaig2BcJA#Myh27#*>q13{Q^|}zFg*;{v1l9lnb?K82Z){ z!R!!cR(iCvsxck;v9RYq>A&GKf(sOtBN>WsyTX=;lMm-4Y-9O)_Z&pQYJjE5j949z zaBDM;yZOG>08(ROJjKGxz;!!29Ac-Z-0=0jK4z37+dnVjhhiIyeq)S*KL@f*-9fU7 zR0m_roWpYg>{yc7V!&LxJ+KiszpEG+>);O8cU!<=8(pPk^K@NVlpEmKL8>af9b@42 zG>_9nVuU+?HPTN(m|XLGt37DYY+CXuh%!@SZw%~l+PBw_!4MRs#ipTk-Z)7yA`&cy zXzo;CLhv8h*t#RVon0j-~a&y_9Ro)$~ zrd8~9CAaCNM7p})eL*EEPeIH^PZNPtaXj-TBW%P`*WEFQ2K(4-P*aMlT^yaQbAjN6 z3)h-iELk2UbqaJLFR<=)-DHQMqiSm-l5qf2OC+L-MW~o=-3+{gf1|@wdWeLct)>uV z0ksQtdVO`Pqw^A)X!rQ=qLGkTv~@?x!gc4Nlc=_4m79wMwp8+;pST0ivZvh(K@pfP zCG@*(x8$>}71htiJTv%M-w$Q9!#aW;=Q?nJ)4~wgP2@!D5JjN@$O9Z-Ld_>gS-Tvv zMHs#!^Tv~8|6312wZZW$Etz;dHyWNdUgGvMZ}WDpDYTcuv}(Nvar)>~`803oWlu_$4`zTQRG8Z<)n29pbg7y44Vo5s0UUTPp34OrVZ4z<9}<8AxO=bv0h*cOpr=lhh)KC1mS1Qv4XYfwY9hRFbf} z2i55S6;Mt^B(iV;V>;CgB^@6+ON zj%MQBifX{K%N<$o^9D=plxUylk4OKTH>Rr5TR9*}*F|g%0eB?mgLhevoH_UCiRTi%(3Fq_tuVGU~fQMzcVHnlzWTa4FV^p9&efKcA*63Gu4vAwU_ZBT54QjXh8&1#6^vgfURJ zC#BW!AO6Ri3B2&QL4HWB!=j0L6(xz;y4L>wff!@D5NJbdRx=pbI^DS)ZhT1J z{RaeX&X@A9NgVVF!`at}Gcoi8u^^@O&$-yh!1mx~Q!u85&0~w~$gWk&{OYIC^3X+)RXEYjiU zpuz6*H6`b6ETyN2r?=OjiIS&cyL+2tg5wHQ%X0M~ZW_&u^o3~e=61ji{EklyI8N6( zW<$CtL?ixdY3JkHGl1R^^(^LjB=qvK+ZMvw@#k`-)u*FWOSox+$B!3roDGV|tyh&^ z`urB{iw$#@!n2?HxH;VDmQrEZIQgqmg=50Ll(r=zH-L{7%SH6oRmFukF!V7X zDiCRgKp9@_)u6z($AEE`y$OkA)w#^C3aoARZ?Awl!J`8dGCXk}u?S0GsLdZ@5vP|0 zBoZ7WWFcB1${c>m*)IW^V2wZz*jlJe?NCvROcNp&(eFXxW5c&js0GsaDV@UjRJ;~M z?H}FmZx3l4G?u_ee;vpYA5Ug&cu6FOfpD3OoC<155+kx3?v@ zwEcnUs;ey>gtC?S{?Q9ThlUo6v(`TKkDBB!G2>3!(z)?QlLoQ}zeosXoRQ-r zS+OX$Rhsg_#0piAo?&6+55Qdey<2h7~j*0faRdR3FUvo|ciQPvu*-MEc*Lp6R*p~o`x4`W$$#tN}HMM4FM^kBPXO@S*h$e`2(>G@IPVKYD7Irp}%0KYtGP`Qk__>is290z}Q2| z?;15eL(OxLW!S~B;TpAIjn*nD5MA%vfVl^A%?{2*MTVp!` zKckKt(LUrYxq6}iO<y<11R2g($+g5-V&Vq~!7Yn`({rVe$re6fVSQ}>p~-s zD=@J2lTHp@lL+gB$|A6EPVZ0oQCty)tB|v_ZBPW>uR3`JKF^$?U!uUp5O0fcnPfWnq>SPGnvgb8aA?->uYFZxZ`#gwDP<`0g-QRV@uO(P zNJ9kp@5x{n0q>9%MrP`U9o}F%ntg#HTo3sgPBc$JiHg+mJf2);&Da#``b@_nGo*Md zlA`O*8-E4ovp>6~JJtw#ckJ;4Mx#`tGjzY^Lw`*wS?E#^u}Xv+!1K)7he6C`3|@<> zq^9e)TVv#3`4bhTN~J2X+ikt1H8rcMuk)Q=w+(Oe(#+UE%D01cJ{)_WkNzBx3BmNl zj&Ikqy-!P-jj*9QGv~T&VIrvKVd{DhGqhOXZpNy2Tsa`fcd1TYH#A1P9;ah?=+Ln! zPn7{IR&RSjiq4P0yE0}$+eh5c34Xwxnk(@0Lq5dEhEj~Ch&5x<5uS%WTZnOnbZMsP zFa#Jh*uO-|Iw#swTBb*0#6q>kkILa)x&W}UA|a2nRxh;=yJIr?3GYm5>xGeMl+|?*tmKn)bi*3#A414mT;Frsg|WH-C?b zX>cMNyMmNoTV{7fpy1nygNT>Z^_L|^9u|ztde?5DVGj^{^sbxE&1PU*yA~S-)YT|3 zj-_&FzSTw^8WHM=mzGe;oW7s07!KanU^M%$Fp}g#N?}LRuY{qau_}3+--Ca2WQqR^ znI*}8U09MQLbZ1N_n!Z~_`Fb6^>^IYp|WTp_d#hM_+GBCR^s|j5q(#ih8=SK5WZ?XkGnB$H z*Y>~I5_5O1%>}m0?bS{5g67C83YLO&ZvEn3msne)eH&FQ8N)0ao{thdbSS_QiMp&mKLcz`2UQ*ok1sJ3A^t9K9# zenY(64X|*9+fxh-`uA(r8TZAcxBBeLy!=EXYzg0U?q1<6DGR+!SJJGve|w63537y4 z@+cLMI^U(Gdg8K+v4`8il0*oVtRfW*TnJIz9vQJcu-Qz!+e#7;_{ma{pO>Xbh|8No zJO(u*e3ICg-++#>GF&qf?AG)D0XmOCC?wp?Ut$6~W7wO&-+=Dcv+YKJH}!u2J?k6L zd9K#|_uT&%pz~CJ1G*c*E=a(C59pA8eiIWg{y%^YS;3-?uwT?jp`E$CM`(PFxdGrZ z7h25V7%iVGk4TT0i*J70KZ-9Oj~Kst8XY`vz0$uLD4lzGW#sEb&Z`EvucTTKqe!zg z8mc4U2d>j3yJFhv~wDFLpYbcLGW^;$?$EYll*pEB}3CvZCJr5mE^?Ma>! zdc2bqY;1`MC(qm<6|JkfHrSY~yI3|aNmqTUKpQ!;qT;CSVrfZGNDLfn2Cu<`tB6;5 zQ?PZ({D%;uJRSQlC{F1TVoqRjp)YrNi*UdmiE7vl7@^Li=vpFNGk^alb!RbPoK6hs z#9JQ>Xm_*2M7-R^)waXb_hD^`fb1^VPM(K8o(j9?M~d%dDBbkeS31IYkJF;WhLWB6 z9u)G@ee2K@4AgnR&fne@Bni@LFMY?yfjR+;rarUpSlRBT414*#5qxe{nEv(_GMljP zWeN-L32dX^OvZi0uQbz&1CLIyrX|;3!P>2Un~s=6)Y(Bg^DPVC-obHju2Zr|dSQl} zb4uM}?M@!2L8U5r%U~_(`!?Q8CfNVnV&XjiOFYCXBWUAxhy9{_)Hzr4<@T^x2ScE3 zyEOB5hRai&V<#H2pR7ZXWbrP<(g`lg42?X{LrN6fwu{>hH|iNZ-}cIPQ2UWsk~$LK zB4p;Wd#2}AcGRG)!~XtHxA&j8;Kbbh7gQq?+qcgks|s1et+}Y+8dEBg&P1MC`-}Mm zD~m6?5C9ys{x)!$40OF*b07uyJZfi7X1r>l4GQRiTL!X54{PA00rtP|M<^uY7M z+8EG~H@@6g;swF*E^DTe5!bVkw19@3h-iF;Rt#61qJZ8D{nZ;Tg+M()J!JU?I7T2} za2N~NvGf0Hw*RRHH4O{mfvXKQt?k1Kb__0my$!wjzs-i)vFT6gc7(yxtNmYQqjdW= zoBTCW4(5Mrw(q5tzyI?8Hk|hCi#WcgrY) zFHEK&Y3TWM?S4x+v)mbltnjr)ZvQ7E$(Oo{CT>lMmGK9ydV-$Yk0yt9xZ!9r8Mz8Yo!^`Mq7L&8f7Ro6L(qPQsd6!W(FdsoU5Hyusqtes0(nPH3MM zq34>3(aIA!Fg6W^TN0_YHzKe{4#0_n4FOAAp9x}aVZ_s`<7l#B(>f$4)=RYwc#Bv* z{+xADDpuNGAzaFs9_lF#j3yS$CODTKvI47#Vp6Ugwz_NWWze^Scj%I9DdFym;MRth zgmn;4MaHBMg98-ISHK^TO&P8GFECc-CUV)UZqR2RLMMV{j`eo5Zw_Sxo`>Jo7B> zvyNf{0#z%L&VFmQid(}Tjp*dnv23juXL9sioMc<7Q@EuW&E8(;F<8LZa84?r7ylk! zWeN1{@8j$gy`18-KlS2G@D%YmvG)>DLiPfy(X)chQh~LXaEDI+vyZt}wBrhefePO-I%!l_a zP(82u+UzsA`j1VEf3=01`m*MR`7ePzL1rZi9#nKNgLxYx_t^B!XHc9itNrZ3C|xc_ z{ms2yA^W09Qyohmr<9&yB3f>k;&(i3au;pZTkYDQ!@Rs(WW z@ftxW^kMXHTxpRK2v@QR(p~q{{WepfFq`EFkxwd>1AABe_4^(<&g00nq9t1atuBIC*eT~5*Ud{ zf{my&wgMKgWy+I-PA3SD$s*h4yLbKF*4S;YyT5rX4_}{;lj_~PuaE5Fwg_8z1l|t| zGc(QIobRXQ>{~t$xDL-Ls84k2X=7V>e9zkB@tzbH5q(6zPB!eu?r8~+UB1pM3Bnc z!omwfoYF?I94%iBsq53B0zj~HpME8Uw4xQJ9rw5nI})tYseJn?1~_kKeer|c6qari z$a@7Pcx7T(WIF+z8tq&K)k*?FT!Od$F?lhMYG57CeG&(AG+gCpdaf;yG4NqFV)6!7 z=rC)wlaXk4SxF=Fe{S63CUUelDCtbo0uTly{eoj_5BtAPK~au$1ze#~9-cYN zP6DPZ#yBLI(i}P1xI{JUMSYTc3>}K{7vCjbns461BfJJ1Wfo)p&1#h#FLmt6;A*+! zM6DUWHS%S{?yjn8-bzmB4KxRcFNtV){*M?yZ%dV4c$rrQbLFY~m>dws*e#tE1b!5p zvX~`kKjD{~6B+KGGCx5*b{2K)k=t<^hce2`v&DhU8qSB_a@i~xI?Og(p1)Spfbrpx zYU$n%|5AIBAxLW0kLJO&)aAdoZU*H0T!)KmRKIk7;6zC|YpM9APm>|LhBMmKM7jv) z{h*UOXmJ*@{^thqP34&b+zo%zmlT+d=QQhxoa8k9yC7-qCz>0>r^Gg_I;Dguslr(_ zysVVFQ?@q^Q6Xws{Y^LA0`- z5griLiTvOX>8Tud|m3}+9eVEBeNNV5~nKeWnr&$<0CM3#XrtV!f&_(z-8@2Wr8&Xd|^r_5!v2CS;n*K&U%nN;Uw@ zrcOx29|elIgRUD$n@3Twd;)139KnN$*u~+M@cos9r=Cu&p6yL{k^g|H%zUyiO|9~m zX0&POdW0prW+-q`1toLb+=0k|6vC-r%g|9o6im#{<;>skhXF*}N0V4|$yc@I9RXTv zw}v;Hmh0NY9LRGJvC`;hpPl$Dnrt~hD8|44Kv5N%CUnjY64-dfU;>b=xn(ahT%w2fQT+UCtf ztR4q^cX7J9f0vKUg@rOm$GgX2(Q4(d{lbDDVuaPOKByd=UxkpTpYjUIzy*eh$Y83< z?5qeXXP!w{=C?hXEsc}ULufCU{q^TVy7$XL1oI|3{waO&a`LlR4c$$77{hH&cm~-` zd0VzJ6V&#U*DjfO4almYTB}{bROzQ{r9UFlkw~gRu?z2Guo#FOCP=~zw?Lb-pKwO&&ZrU#7!k+U2+sEYZ4RahqpY4VbbTe{-ZJbgubKybo-w9QuQK| zRq5fxYfu5^QN$Y;9J27Z`-lj$$;*}49>Wmya?zg}MbUIr0dpp=ny)5`+}>1ZJV2w8 zs+6MDLTwL6rl#= zwZG~dydE_=VuJTbmGjNUOa&qR-+btV3^2L5#;vv6;g`PNb#hW=Wk$b0Bup0Vi1ho# z0X^1>+ArVXr3gHMZziwll2G+sxbQ)-zqVfWt@v#j)I$o+#L3c^^+^|wXdxPv`hMY3 z_0zA`ExpUdwhc%AC(i6u-NdhHSuo96n+((32_oebe52d3@sDcn)xp&moqE9+v0Uh! zG<8Revg$Z?BQzY()}q6XzZJbbWA8~S$f=Gp=(H{Bdlw+}wJmZ?^(1J0#;{~)&!xwi z^ALOvN3BFHYX*ms!0{!4KWOX#QZ+AciGTL6s*q+dHvz;+8~^lU@MjW_;L3=+g&^zN zHxW#v$4&uvgyla8Ge-E>DVg7AloB&N3lXbVZA}jLbY9`qn`4%7d zDb+I;O&!SgJRN@&C5AJ0fD~bO@OQVJja79U*pvTsaKeQOg<)RDkX{F9qli~es0Vy1{S|81^WquyK4M4>&)(IZF_p!s@FTP z5V7*OOq{8IVYBGrLQxq#UnD>H8f{(`0!@=r&DZ%-wuf+R#(QE`w;HBd5CFhj`r{c= zbsDX8v>;V~3vF5s681vDt!pIr8JZ+N8U#E6k zT8SG8#qx#p)?`BRn&hW>V2vfbF~!GDT(!Chsl^ptPH86X;V21l2aAG?$0I0h=`~B< zHt}3DWdcqzmn{fgYK=KDB-7!wMCZ*l;TyGg(K=p<^6YhvbnCs$@iEt(I`pcz?7O-K z>wfl-L-<&(|0Qhf3^S?P0cS0Ro$qk|J$*``BbjZ|_PIKM*Y+yIX_8=ApstA1(>lnq zWFm~F<_1|ba{6x4Q>} zK2`nVb)K3Wdvl%Cv(Ltllm5FbO__@3h{1gl2rF0B#m)O#oxcU_#`{R@7`wIa%Ukl1 z5XPKzeEP?fYMEKO7x0r#Brh25-h^uZ-k@l1UqFuJZk8?OMUQH*4z^10pXIDS<`)ij zK-bT0lkiUHh1KbQ5SyC_Jx~IhHE1H6+ea$wfYoLs?<&CPkBMn*Zw~c(TKPEZqpa3X z?SBN|v#u;wYZ1kR5zeKxuN^q~#}|r$tDRc$t{3i)&V=)kt9^*2Bb;fHoz?P{a}on` zNR?iwnI>f$2m<1es;Qqna!iG(T+iM&SAHPZz7=`D>0;I;j+XAyM=a5Rflc1dTJ8(k zc0b9}Tt*RJu*e`uCtlT?L|g@%I+^`Jvldh%M-s)MeZEi6EKBracg+&!s2Fdw5Y$sb|=B zlOz%CGU0DQd+n_ErX&P$Fh6Qxp`xMn;0s91;zebxQ$g9k{9C|Az!m8y1nupk2lGhH zhYay(A0-C-f2IQ3)MN%8!W^ihLKS?VpMcmqDep?Ux%$`K-OJ865)xohf}hM}S4TwT z!VL*fBJP1!6vUcHK&wF`NEb5Z^(j|95GiUJkKDcNv3ePas4ZLu3EGKisq^@t5$GtA z5vRd5E4c5vCQ0+Bi!tSERtIsU?^QAts&C_`=VHP-Xx zx(kqVSRP=5-;xHF%_bT@X2}ljaU~+>NMp%a2dy&>{t8%ijuv&YY67AgpmBP;szC`( zh~Bkv6Efgo4azZd$wks0m2LgHJt)tXtK!qi>frW`T7$a;j73oa%V&$13978M5HN7V1*oW$MJXI%?p~l=<^1V*W{nU1pV5?3#u?d~2 z(Pt*O36)VI*1g`x8J?g6jBiZ~_hK{JU1?C8x=I)!!vb1QE>WSCf9(y7=(MDRkX}^= zo>M>ttqunf#LXFXEn2b=#JPg2;KXQhRzO`-5rLF$#`n?tW5K;U zU9$gAaEXqdfHgz;E{ngrqxJRf_+#)ucKOxt%y+gD(QDIkt=pNz#gqn}Lrkk$in=Dn z3AL>`-4Z^@k?$*PkuIQ-$c+eg=BQV-)^auHs2cofc62fcw@QeU>?)%+DsB!D z)BGrz9dk=JL*M$*`Pc$qSXctl;HjyAJr#`fErE}G64%r{ghTqppDNZ7gOya`V>L`o zb;JFoPS9c9#n_8dRGK7u^{}NWOs~Rau|v)ClD@#@9zUSIOC-8qv;TI;*41^Bo)(h7 zXBURzBFpH(a%V84-Mj|JCU>Ek`|iP!>FQjsEAD>KL#I_c%_h2y*PCPQM2pnUQx){+ zvHNmNjkGrkrx0OaUExOycMIz6;Ud*I^tv!7HX>Ma&ylrtH%l5@1t*TINS$R+D(4QMv_+W z7BOLvfQ)H-Iz6Rb9x`q8x1ujqe1&b$#8h+w?AjSnZ)%rT(Io|yNlW1;n^vm7!XV1V z03C>`iI5VV73ju;cz&p!_A?_d)G5aAF}X!yigTb?)EMlIY4!$ zr*6=JW9vGn@?z`8whj)F$`njV(iC-!-yQaEcX?j7(#&>oPGFF1)OPyQfL==UDIHdA z=!SEM>aB$IQ;k1u!1kjl5n~Q!$4(M~OUC=n3e8fVV{TYC?=q~_KKdxGJUx@Nnw?$asnNo3MMo^6hVY#w2L&a>8X-nwM!%j; zeLs%6A*#QwPZ#tNAio}#zPui~gP&u*+&)5how@=}T+$P54K~6l}ebO*JxY?;nD_ z+KFScm1^(D!@jg=w05LRScbLPxdXq)yFRU@F*tQMDNEwgyEyz6)yW``f#-(t zshjM(x^CYQrJ>$9@7}|G=Lhr*dQdEfCVvD(qSgzd3RbpfqDg`(0RuNcIfb|Ej{5!? zJ5-jkY2V@8dnh}cHT5&Z+>&931&UfdbZ~{wOlIaJ+Xin0@AD2Td&GU0-d8D;86jKc z=_!(hVk#6AyZaj$P}qov!|0@QPtbw@wjmqrEoBG>h~LbDsM+ZN%okX^Q6$K>r$s8+ zWw1Qa1gEuXN}zN6d?Bn+t*s6We=hIEXY*g?2?$x zCEi{G`>igNnU*w4D73V4Xw-WKEmWq3%#>REBx!{b3MNn*Ft!Iqma34%A=&ZR1(C`e z4cf~3nP+GF8BRj%4JwrXyDfVRKSHI>|H71p4V#jrO_l5@jT{4u*rt|G(%ce&<{WE&NK8E zwh1FCg^le!SYb2#3Q4?c3BS5}6rF z06At5dmtg~&;7vZ{e{im%`@}|*Qx6`u=5j_swr}X@IuWx0glIA@4g1tE-cQd8hA%p>^iczT7o$)HdR1R1agGQOHx^d!^1CR5LjfSmq#j04VN=*W=*B6~lfH)huh`SpW(dIi|7?~)OBJ#(w+ z%Jzgsa_y~bAlkXmw3lsTBeoTw$Hitw<{KY$3N{iJdqO`oB~zj%p`ME_r7i9|?$t7b z)KH=y^Q=>cnNR#uKLW2}%q52r#NP%gtCyCmmsW3h_)3|>iOo>|iZzCa68!M>-W z{RNk{QF%^t$231JXbpZDRWx$(U!9^!r=1)?9_n8;+<`+)K6S-Ree;pZ*{4kO95_PFMvS#h7 z{_0XEXKohK*8Tfqx^35|nMDW#?Q@1shEA4O%jXFiuW5V5P=IaGjCbi=Y1NuSO?qk= zax`P!;w?w9xCXfZ-ASEUxp&p_56wY9Q8F=ke6D4w+** z>F%LZ;19$b{gSO5i*`ouPWEU(FE-QiFS7)R9BAb<(dB9t=Se8*re^Wvu*Xf$0A1Ug zlJTI6>PTkJaIy%Ey{T|!?{LSBlSY}oMhwkw^uMSXY61j@#n${;FU7L*dVq<(OwyY} zW(|n!>{oSXx#J>-EJT=&j5k;F7wuP|H{6=|p%iG-?L@_#4QWGYWWAdnE<1X%K=5vQ zCr?(I1`=%0!%I^yr+Cmmx8W2!MjfYkFzcoQr{46PxO;k*EgJr^1QV+^CZRay$BW>W z8)7uoaeq(s`stmoAB&e@68S=g1x;MOJ^3)suiV9VG+cPxaEsAc>l&};tL`4cux z(E4Rf>)fD?7-y2e>;Rsk8B#VBEMA+jm9E*q0hXerkiV!EoB|& z21Vw-#tYwb50CC?>stCZk5xb*PW#J2)U;k7i8&5xe41|xepTF8H467mXHf=n1xqFC zEAXMQ&#hR@ITrfOw-CO_$gB4DrtRlyP)UQPE??_lA&u#|g(b9FlDVbni%R1Jmm-6? zLU*d90s#1DJ)rU9DcU~iuyh3hMp|_W_N?QVOI#tX8Yde=9TsCnX5D}RmadRFnkixcIRr4I(w4Lju z#HXJxpFRuU=!#{Vm3Nqg@dOyOAAe$Fa%7a^41XLk|6fEm4)?*9;j^>wA8KPIgO7l2 z0{qux{>tkxlJ6Uyz{w4Ri@sJ*`#4HxkPVoN2S*PT2v)+KmO&eq)i}qEmj;P*69;el z!$t8q7=oFBSM0kN%0E)xKeE5v@RZk##JG)o z<4>E}lHI985>5c6iuzOZ)%+d2FMBU*#GJ*ZK*EY`W2@L@Z=QTdqJ;f#dbcaOi5|MQ z{!^%-4R37Z0$v{fweYr;FhhRjq*dBX)=IOrC*wLB?w}u+JSvl{YKaY^-o7j`?nwP z6qdsYV1TlVD~?L06axB-o!E@)ppTg>!lIfk47qL4OY@65f$}#|?Nn@GS zZ;&rpB^+b%%v|DVhP^C?rA=6uBP3a~gDzVoirRsl^c!N8=EGFt{T^u#nKmg&vkN#H zwE~>;dO;H!5p<4E+BxQfk+Lb;C|(Nnc6bH5UD1vIVqa3^hZBvv{N6aQ%N0WHtZOIg zDM)S<@nlZNvHVF{BPv|k#=x+G_F%vM-jca|)_}7W zY8oR#vzT$;|GZXJ3%5_l2UTJUS!O<|qnD0ktyZ~4fzku*l_qk724nEsCP(T3^G_BS z<^*E^S^5^PQS9j4peuSsuTeC<$3LL|qq|)T#OeU!n&kY?Z~mj!Q-73Fxy%5w>kJUd z4rdu>jV;eZF;N_`>!@kw!lfCs1zwu>6}2|}56bQ_MwhVb7ku|_?Y3>(wr$(CZQHhO z+qP}n=AM3@^G-4+XEMorsHE!3s*hE<@9VeLzmVUpO$zvp{Lzr=R3#pGhoY<^m25V= zkGubs5dz-um43*T<1k%>uTXdaa97w4x3&PAn{(HIg+<- zoIqa1S;oNXISH9uQ57p}s|M>SN~e7LHxw&&Nhxv}FGVW@vTE0>QlUi?X2sdwL019i zusxhN#r{G3BobS#WWVPxz}45ybH)}^a?vtG4;2+AU*KT86j~=x6i+yQLgi1MRT)Oo zRl;Oc)7P#G$KHB^TME> zbl53rO~Yf?_NgbLXp}H#ZciS=e3vo_jv`o_4WI*k!dF)9wy2hHmxk3n;w^woJ`y&r zT08IH=)v$|_kDT^OKN&cL$evnr@37cX5uu3up;uIYIV3ABL;KuhL=Ln=$ODR`mb-{ zw2X#ZH5*i$y??_`QM~;nKp&Z#;Zy`~ceolg`cpe4cZhz7nGSc~=5z_Rm+TvH{OtRA z_@CCm8^NW;!S1j2;hThe>R(T|$9`4Zuh3uC@Lp!a9w^UT?kpXn5h2q=M^HRo$P*FQ0@albN_%+3Kql0bPKNvF9M~>lZ1AP2 z_^aaVWF%@95(UO)zeS;Jo70HU&bdLxa7udNN&av%UOr9X>uVq4$=>>j)|LY4q^lXN zP3HC%YqFiHvM~n2u9_EmgslyiLAD&x&3k8*HWML#3!j<@BUgG=+CqhS|E#CoT zLB%hTU2W(qE*2lqI+*?`t7N02bX_1;2^F#w1hB?ID%V;GQ`!Kq7#3amXf%@1LF~6( zr+ef$O)g{^%R0D?_}uCslrPSX77qXVWrtL24eA(%gz(mSkAtIi?VE;j}@)_C$&nJ zaYbJiHGk$DJyFWnda^<#Wpm{vEBT5lhjq}q1d*Gm0A$`Y94@knS3T?$S@p7>Nc*GV zKvt{VI&vDcdd*;z)8k?PmN-a}<=?2eu4 z5K+xSa6tL#gt~Svx^;RAM?Rc#}Z|78#2&m<<>dR8TGWA^0KkGh`rhwwfPqI0PA7I8Dc-dbCP^ z)4di{!gf1KZNWoBpr{oj2fPewlDspdSyp4Rzl-QVH`1yn4%u{jj0x!{;XB;sT6DJ$kmX@w}drxPc|X+2iP`T+LO~ z_RA>92Co8FI$_(8^`7`HwLmKWz1Rd+{_jer&hIjG9ye$14_qhe|5SSJRSEv*j>=ZJ z&ex(hudr>+O@XVO#F%YG4iii6hfcPC?1tvU)`nTKBqE0h3o$(gv{YHGkdNJse<|iZ z&qU8`v{#*6eF)CjY5DVcaY#>ZdoORy*KWpwc70|GZBPk`9Wt;qv0@5@$SnPv5hG2K z9PhT0&66%h0J6fM+M35u-%ZO`m@=TJQ`^bQ}P&PF@y8c9?OfvD1*V+I`rz>X)M+m8c={4Ji zuO9pD@)Uz#riVEZb&aJMR5qZV z;4E-ZEcjQwEB4vEG_1Za9W8Q{OdSc?r*HEDAfz`$(_s>7)6LI3mSo@c;0`7+Paefm zc5|7=WpPW4V84!V^md%MFxOjJkxN|uZDT+0LYmH^z@oTvj&ZFr=|kixxe9Xog=cIk zxaf9;Q1J&{5)_d^-;L0Z<-_|@N4%P?Bndtk_|?P|b~Wzn3Sg1p6uufb!44isACW;A zv$tv0!WQP=r6z+8+C@wWAvKe9gg8lGDX8iT*)q2n1eD%eEy&kd<)(f1Hr5awZ`q!0 zT$s6{-y_G#97PV36?hcNWfOUqEKPbi=cUkY-NNy*8c73JeZ{e>$tWJE14tzgM)W6A zGA-+n!-|_H^dT?#R&$r4D8%ZP)Xrhr+;U?z2iqx{F4^45Lvl@a$*&Nkrt7Nn6 z@RAs?dd;`B-D1!^6VlLheANV*UF@az=+w#{@YL(|O?gah1?FMpAZu^q=9E}eFXvDt zN3$&~)&i8EpJE1)h**^kUf`K_N$+aM=E~XBhpo*|)bH>*$hgrihb~e+jHejZ>sC2S zmvJhTCrtuZFk|1=WOj-2<^HWKV(OW1R@m8ZTis{`u@5_vH7fXdW!%yYkV1xWFr|Ny zD|4Nffn`VM(UZ%bbW{=GM?<2hLCC)r*G|eG?%+l-dPqsmX|4O9D{zU@3J{@{#fR-!v!1xT4Hr4Hy%jR1ooo zPA5{k_p&~mx^Bkd!`Q#_?{EI6Q`lr% z4$>KM8+Jz)$p|_LsxQ;rmx9k8q>?8jZa%rqZU0tD+zhAI+YJ_SG@em~62Vb3nuOi1 z%L)8iFxdB%a8KbZY4fc-65N*GLTPq86$4nRS2vW`!u~y{y&6aOBthS6QN~aT%NOF- z?hwGpAjEB)491^n3*WyX88@9I5xccG-~>`_d$Xf;r%Q09DemD#H=uxiqZ?6cz_q9|+uI)0Y@$j?qb3q9!R z`&W?BtN+42XVwDaKTQQYD*!n_LnjoV+;uZQr8PnbM-L`Gq6FB}Aq5*Fc{SK`#$2f-U9&2+Ukf2F(gVfI0k%ucNhQbjfIWw)LoCX1jdf!KS=>w&i}-*IGc%7>BbQ&^~&&n z^=16#%iCent?R!*0g{KeDOBP1C6GHiE_^RE7Pg+Q>KLOYwX2~OAE0_XY$t|_zzB;P zcF+q;;AUM34WdxhVPCd;+SFTi&IX#(NT#p~{Y=^!Y?{po)eRG&(|TX%BEoD1g6`OE zlM0A=EGkR8(C^iZ2(T`t47rqxHRV7Lg%*7HC6|YgMHFK`LA{1YFtRA-Ys*+-(?mp& z1PYXn*uP0a*}py22@4?Tl6kE` z7D0<3_m}Bo^9OwdW^I#aBAzl4p0iNsM)5Dz27*j??z~R9va_oXn;{8u?AK`nFG4bp zNVIHQJyeJ2+8p@s+a4Ibt)*kSFo(n%8r>lzrjQi zH_plntgrqfwk+nOIP z4_|wC#1@~mk6foqpj_9Dm!1jN#BmFDCo{vC2W%~stjBj*rIiZBM-$BqS;sK22Pf55 zWbW!^<^2xui3R?&|4kpShp;yA`O0K={)ZmP4ivFiZIhNeF$%x#g^MjL1Y31E=PNcH zG`GS(t)gy=*3u5`*cCvOLkBo}%&T9LWNozBKVtfkX^KwRJEE<24z>lKt9l+|O#VZU z8r`|6r6A$*^5Dd+b#*44ioAN6i1xdF1Da;-QWimTSBgNG3+g~toN7hBbo(j&F|(T< zcX(0mm1`(!jwpj0@3b!1^*I7Iy12v5xbu&k9pEuXqr+m z`LE?tcCAQ8O?9fMtN^5ikhadgLE%sA=EF&@?mJ$|VYfJ5H(z3uI##1BzEbL5gD5}t zIHxsFBb1+ZXvXh7p89D56h{Sbhz;mPc;*ap8e(0(_y3y{Mmw0dDK?N9&bs&@KuS4@ z!>$A!Eo?<#wNw2u2BtlwYth{q(_4|{VI^1_IZJPN=JNW*LSl_Z@{JYpuc;OvezRwu zY=2v$PM*uKM}d}Crr;QtTzxK~`oL7Pt@%lrTl_MOh}@)s0}u#EyK&dw+@KvGL}=VJ*sWey$ZGUL zD@cf$M+Lj8&i-1V&U3AxnrX_LdhQ*+SyuD_jO#v~wn|V+XU2DEZhJE8;N$G@V_@?} z?xZZe3C>@^^J9oDo+Q*e+|h$k%PPuuN{XH^^1ArSrB-%+VHug^n+teN9hWLsAQ&jZ zUm;Q(l4Gxf$C%PkA2*lqVep=8k3mJd8#@hFr*B>To1(`Od#`5V)Oa;hrdnS@I7}1d zc`+%Ayb}H_-qKN@^8e58Ds}9k9;Ic|q@`2E$NV(Ga4@Ft^f(#RFj8vtIL6Eo`KQ$}1+R_G zjt>~S+8W;x9wPF3u5gm$a0<|oBcFaF7vVN9c7Qo;N-k7mhVsMXJ?Vf&f46D`4FE+9+`R_blTVbwCm~Yh~(xMMtFTzsLiUsM-8`bbIHJw63Ujbz2%0 zjoA3O6E>yRjirxVAZu^g2{t56%$CU6>nP6rRmoVv`2HO-eQu=@DxSW07^kMuCN~t7 zl&ovulBARr9c~1Zza_bMEzp_C>&f)!u&G;d=xDLB=}w|qX$o*_H|tx?ZBeiR3tT)z z%fzX!xJIO>bKbe;hLXfxFI&3T@|7}F;1yg*nV;XpjPsbN=7tjOWWeCoi1C+UyRaa- z(8s&5_#c8fW32K24vOZ5RjBPi_vT6HFLe|yja6>PMC@EVf1bpO+c@Y zDOPGQlE;oBY56OxeqRB)u>SdI>G1von%HD05rDq@;+mC0O?;k(R-kR( zS78(5^&SLD3mf{@n`)A>FxNVegjub{qy{lIA`X&ia}%4iU)FYomVT~u34$ax8osfm z*itbwV}T*M9Q!&psGz_&%dv%mwCv=IN*Mc~UyNl#oQ&hrLUGE&PSi{Kdh|Lb(X%~8 z*|Csa^CvZ#hem{(?yhk?M{WGgAm|UdBXd+Fh6)TL=XkOqPtzfB1IE>GkXy@BQxXkp9>M=7ujGWU(c?azw>eC)+ToHKB16E}RIf+Y-~gN8 zCA_ehYb8~g@tcflr-|na6KOpBuyuG^Jq6vIVYSy=1B!I=V{!O$VP0qU)9p??pHG{W zuMJI~ml5Z`&RG0gIXm`1zu!L(N-5GG+yW(^25qfVlbq}HXC+Iie+;FrBcI0b6w9OE z%*XYsZBU5Xyn>61C`hnYPbD77P^I|aNacT=CGQX`Al1+Ezu?k_(gnP-NAT+_zt?{M z<(IoPF({os*(X^4VVM7v?X5dbsa&Cg+;^ZC{08qHV~i=wgEx>FvFWU7W=AIMv?-M0~L@&f_)kK|!oh62Idbh_nb(uwM5(?D#Il1GwfXdY37|Vmu33BJ=p+EVmwL zY6dhl<*aFazPiPjQ#fSyPFSZ%Tq`s^cujPReIOwKA-5bkt|zGWAl)pKI87NZmOL3D zc>_n-rx6esYjkqdH+eV@I!VJhjsn^~l(ncIM_9&MK*Q)d4jNxl7Rhg|0O>AFA%FQE zh!#B~7e0%Xpq2($w&_wT)1V5qWNT@oDgSN1F_1gK`bO|5995}cyW_*h+0(&w!V*<< z);vH16&WIvZ)dm=RKs5wi#Kvi=|h@P7DCioyeU{8&w%&B#!_BlE&wG!iYJ^HPhyZ! z2#lR_9nqk`vh*=h!WbTRwzE+@N z%wLrOs0DSzTT{ubzgarmS=xm1WvjmVchM( zO615l&7|xB+5tvdtX-?)MW}AlPq@+3&&Po;jlNgBGxPoJ9ZMQq<4|{<%W;>e&$8QP zn)7Pz^9El!+4iP9#Q)0^0>KwFUM3`E5xr4b}ArVbrEvbOiyL)s* zd^ItiYF55Cbf-_{j_ugA{;&RgD$t91o;a(2Fay#&(X_YWC z8#d{scdodrFDFLt>G*-f-*4@Gn?>|>UQ}h^N)C<&LMFixpe#0<d~*CfSbK>Jb_wt}oHX8%av*qkt^RIl+e*n!nOXcLM;2 zMnSER%IWrEbFRxjTqqtQDLQ@D4I8x@#%)j~dS1nyC9QcC#r~b^AwAxYdWmc`L&bY0 zztd}xkT{0shZ4b^2#;pPP7bibwB%cI?SITE`^K@T41C5$irf%qbME@htb)IYNuLt4jrV(1}$P*1hx{KSndV!#M)59;#@p$ z5oxSK9KaIe-@5wFY$E4e?yg#7Vh7)Ulm0HPe%glDs~Yecc`q27Gx0!v!>r3W8;e;_ z9tHo|$kqh3MxDOCG?e7d`Fh7_iyx8tixvGQq%*904~Kcm3w}EsxciFShoM!&SLP@Z zkjDylJkSps<)iSj5Y5`rcUF+9@wTLveWOs$FevNIq~uATp&>~ATuGEKCvPl2XChrv zX0r@<5hHXl=7Y?cgvCNI_N;-KB&}G`6>h!L>(6MGT|rERP_62VbiCi|-4y-VrpJlo zY=$=fSa*3oWnviBX5>*;eh^A5Dgk7gFa4L>{puTo+4>;-disS-CS5^vt=vjAYs9je zIgv85LgZ1;-H~Eaa<9p7^a#1OonQ=`UJ*4+!oLT= z#>V!RHCrFUiJI6}jk;B!BX;QgJ>@iMKzx3gHQaXEISpD;`nK4)IeBsEVaCm8S8kL1 zlRf7)TnvmDHjTGD8vZOx)24yaXilV(Q|UnPE|8N6PdCrZMa(7bc46I%r?!{|au+|g z{3pn)pfhUKtTO{`c39nk&FsE~Y!?jAz;g)vnTa2rhbpgr+6)L=CRmfw#*VWugOTR`sGh3pl+hNl*l1NfG z6M{?X0Wg#$F@Ew7@C;}s_89Ft5%B3kEC;6}^149-H=*yMr{r%WEHZ~Sm;?}5boe!u z)Jq8!swEC1!sC0^`Xf+xb|JeqJ;)Cu5+IS~K;9dBK8t=rpnX=pVHRb>K_oE@tbjPd z@Bal(<*{d2LXD#%{}W09aiKzDD^GKY1Ab*%PS%l|-%~&Zbi>z?weA{?|E}w-8X8{d2rlz*O8xu4 zOMa_!s&W2Xb-_Gx!(Hj@6ZJcv`g@Zpb|*F2y?Xumgc9<`N=j9|f50hl<`Ljs7&efCiy*2N6}WysT=n z(SpCx4*10C$l(X+lu=@!V2y47HyBVdnjtg_ejDwz=@#I)R#29o=tB_I49)hTEKyVL zG|1ryFp}6_@cJNfJLqbl5COn>B@0T-(fo!c5(n^N>Urc8Cks^~4^eWEv%>tF83AR6 zWK$_NHtxgj^(e>a^6X@QzLsDM>cJgsj%F5i1h&xXXMRc5&uDt^izcYn==q$ma>EbE zvioDF*og@=Yto}D-PZA;+n(e?XDz@gUk@_pXS^vtrsEL3moOVR4mC~5)5HNa{kF=Z z@mQ-dkUQ%F6RFKIl7@n16Ju1TRx&48GQfSJz9DxK5hrO$8%PM{&YYVb(&Muw1{Aal zVIKZOW~yIpU&y9w(emacZ#%H2!40ERd2(S zpX$!-?6K<~TZy|w@R20|r!B+zt6b)22yoOWOk`9fsZ_&20cV&V9b6cbLMlXU&0jjP zXmNb_>ntLL_E`fblSuNW(W8cFpW^y4$I~uD{Em@X(&Mj8;wDTTy@N@0Cgio(PtAd2YQogvNvAR7^U?Y>L zyI(k==`Co!|Ng{W9HGmw&7o@m)|w@l5zgcCY0QNd^{P@>nE}&&ySo0vT=A|Uk~}f} z+hdmxGn$7LJ6*M6If;*Y)hrf)>^bP?$zGik8Xk5dZsqgDb^k2aBnY?g z$y}ZVR%MpLPR1{TOR?NAwDM$k^rU9DDzG5;`9MrL1oabb+Nt@51BPN>&9_~?3Bh=T zH?$5^KCIX}DsbS0YcDK5;sD+bvm`sGSc^EJT6Bc8+dF_SwN{+PiF3iF%LX9H0;3$J z0+DIVO29(f&op3G1=^Trfy^bb6Pi2Gp=z4mb6A4T^ZYjvl84dGroZap@71Ka68(l; z-_C>8RV_JxZ&pgNdoorp2hSMP;K>m|VdPHRjYj1~Z9>}q!6Z={?j2`G9phsXF;43# z@Cdnaus(_ja3c2{bbdS8(+tjwq>bZy&CC8PLGUp)U>88#K%xK*JkhYC1AVvKJ-O0? zHg#&C&8}x@f?d*Y!y5~Q9pCm2`eP5&#~}+Hq>Z^@jyo4TX{su?SY<4Fu(z^H--^#@ ziqkZ}=`dmjDdzT-W)-dxslj>1DFI0AYsN{|3_>DfVDU!F$Mv{uDsEq@yTx5@NeT#& ze8uVzWsT}m3yy|N9-&qDldDQF1>M}cVG>e8Ei8Sez>0kYG^C46N1PGfMXqHB*J1V?9>2MNO+0M^8GyIWx^ z^uIz;Cn-@WR5S>84=v0^_IsvEvd1{`8Dfx!>Y$_;%xyZ3Tq;HMlZax~4-kC-f2?}Fsfwk@qJYG%x37Xs|7_+6V-nEi_Pp-Q zL&eDMyKk$rIpmKT5l^N^2f@Dwlzicm&4*F6z_tH83W*RfI)DbdT!1IqOp%CSXoJ=4 zXBmg9^HLqF{E26h3mGq9X(N?O_)Y)*gsFD9xyl_=ZJd%P6Ea~kP;|Jq&m7>3bP(xZ z+zY#!`76DofD}m_Z*aW$UXABL4G$Z%QAkTH@zkahrfw17qbHk&kYUap?^qG_8i68F zRdxU$Y)6hMdu9sBEK2P+7Pt|fbeC4mkl*ATvwh|G0KfNoh-SGYJG-%|i&cPjnsxj@ z8KE*MKhFf47Xw|Qeuz#rk4iBg4yt5%8m+0 zp7#5@yuvJpG~UNwj{Kc~S{1%K1opiv-5WZi2x4m~ar4c2eKbngV?W`eXD@v?&=DDs{Q&9S3f5NwOK~Ex?NuNTp~e=)Bd@Q z!trxjl02eM$nV2Zqsd>TU#AzjlZ(1z;}N9bt!W~kyU4PTAf!aXG?-sw+Lqm9NS)*B zS-w}6Z8b$c8n^K$Uxv-s?3#Aq^EYsNjYZ~AD4$sJuxG*)M471L=yUXbkgpS0$39eF;ayntTp!52d9c=SZCUMge5W0=zXEK&-mL~>E>9}?c;I^cn zqQ$JUJGMdcp>_DN9#`@s2%DW&Qb%i&Q~Tujb!Z>??P5P~vlx-HKSOrf%~#%W?{E>d zYk6%TOP<|W`m$^v@?R3{SBo|F57Z)vQh@W?_vRXl;VYD8OzB?idK)#AcP%aB1<5g~>+ptb*z-%q)J!ujum!S*?S4#1^#$k^e*k`lxpEV7%?7efrDAgnas8g3uv6=LaQh!cQvsxSH+YaL&7fb`U}j=` zJ~m~Aygtj%QKDBvDtM-5eiUnSUtEZ~pz*uDmjp}Py`J`^JkV@%iCeErQ=SlIX5dUV z_p@5?i{fKtEI!wt40wqeLf2mA$*qC7O>S_kW)fV0 zu=ojUh@5Yp%5EgUWMdR%G^ZkH6v+c!m8vE{L)&B0OWdgEG!z-7F;ONMS*P{FA$j0} zw)^**#Qbn*KaI?pIwQdaC0r3ZRSdl7r*n95f7E4UlTFz~l;{MRyxzg?_xgC9TwebT zGi*1;donbUOrX@-LUBlLlU%jiMyT0f?x}qaK@`(`AoWVx0mk={dcuQ;>i}^ zjApM_Af*j!K9Y{fA3felP$^4Ns^X}}Vrm%kjB(SR-d<)?J1CL^(=jf#(E#Wt5$emq zGLo>#PL5KUC!0Y(j3sR7seqh#<(=el63%Ho!1~mxhJbdJ^8uLKgFF9$Lx$KpiK31% zw1@#NkDtnsd|WwSKe6RU4A=6djE>5U+}9U^64Q0oS<~y%o%e+t;}yl#ElyK;y^X@! zVq%qQW9JFUpmr02b+^qz>b=dV50nA(64H6U@pOq*p^^V4A1RAGPA7G(*OVB` zfOt&)kAphJbz;+<^>jAwfrPGP1IE?VtXs7{1MEqW`Gd_ZfP z#xu-B*-`f87MVIm`}aY9mJ~>Fu-D~qL=?}H%J8>-hopS#t`eAINp%W5vYNpz+^%(E!Xhgf|DJQ6?l%#za*LtAJ(_5JZyrpyIFP!9+%^=~9Pe zU_F(>!Ro$nLneT`=r_*%sD*$n1AJUTxDPz;X9UNPQ<@7Oq~7zvBKu$MW!oI4(>(M@ z5Fe_O8(UHQvaNr&FxAdMGiuS^igV(vNw=HpGaiaK)UNxZEZyQU$`7)&zl+l0V%)4KqQ)Mp|R#mJU*OkWC*TU0;!a_dm5riramsS=sSs}+6W)-ah~nZrxyDfF?SrwM>Mim(!yc4#RS>43Yr zY?q0mYDwSv!Wym*J(o|j@3p>H$q}TU(rY#zX*~=Foy;dtf&%iKG94n8Sw-}#RK8J$ z9&Ad^?>yEBp)KdUL5^x6F45qY$!7IgW8H^VZgTQoh-q@*{dL4a9@_p?hgQ3RJ)?s*t^p5dL&;&HgY6$qp^`vPGCj(vFK5}sHY(Vn{5Luqq^ z`1DXqm1Co43T?!Pet5;hpS7I_4mWqpu+{AYh2y-N5|JJx6P?0T8gIZJXN>9BW>1`! z)8JK}9_H*yCEW8EQeX6$p(fbV73@l2J?K`cxX7zoOVisPed0Vh z^0s!NmFnEX6;?RV?#>bMZR@DOQw@Z85xm0Tb9c})s6B>kMFI9&_E7_{=TAU?b{iz(E99XfI{6Mi81OTovoh zrvTFBf}J)Vd;-$cb5LIz+gt*8+QFsBy23vZ&KW5zv8Z|#onr&R{oHZ`HqMIj7;p$6 zGSWfum&!rhY+nook&7dWts@U5Eiuu(92%C8)NGppRhZc}{MRe3`r%fSP${69eo?J( zqL7~8ZfIC-rbqtqRQZ0$^#N+<#x7$WA;id=BbiGxCpmdF`sbY_ zc;7jq9*v$L7!%m^=ReA^)YO8))vSdF#?;n3qpje7viOYRUd|w*Uu(5lJc*bJ|DtCp z2SH6!3FMS2wspNsV2Sjk*?IoMhzqUdgxc*L@&9s%KB8~>hbU9k2WCvUtYg`$gYm`Q zCKj&NxK-NN^1hH4YQh!m-f_nAKA_5Vcc;x>;FnKsa#^ctI9V^Rg5v^Qa|e86Gfv^! zC+qe8BOS($nFie|JRyzDK+5@o%KIUNF?)f&SIp}6C9IeTy~~r;I5f0Ff7h6bv;K1e zHC-(EggSsz70$OhMS>5YeujCYw87j9<^Q*w3q8j=mF@g`35wKX_HXbEd&(NT2NjKb zNEp*!!mQ3j@u>P{;k~v_nb|SV{3qWU9*4=+ClR{e6pyw?vw%K}Ya-CY`_V)kJ305$ zKP~Meo_j(g#2k87p4erw83b1_%*f}!bs*8kX!PM-1jR82Qu2HE1G;x@9R2_iZDaJ4 z`AY1{R{ewx2Je3sxSEE!t#tc60Bifbk#i2vYVV4s>s}4>_vi>DM-tM{m8onp9=n*GvS95GGVZpKt&M^>^h3_VAj}B@gheX>}b=nARTS%^E5@uCp zivkEC<+H>E$WHE?$DrXGs@>reo}gB~j};JriI8!7JtEuaOOZ5aK;Uh@mK5@?A))p5 z9Eu2zExT-}!GM8+sYz}`aeoTPViRV}hqacf4O*rmzbTUP`n2d|cXM$p+x=9y&=Gb& zt)(f?7gp+mksh6EHxkAltceuZ1hxJu2nSS-7GG9f6|Zn8UZl*VFyc9cZ?gq zzc?+(ec<}~iQ3Y~TFAzf=Ygvm^V)EH(@+LRkjE35yy@f+?v;6=7|^Bjfwg|m4o8$EX3eA7C9~v{iIR|s4n(b(rhHwuY*xvpO`M`!uRwds>-bCsC+(1VIC>d5(|5;N8_%U9;yx|%)c>k zU(JSD+mf^f>ViL^Fv5VHflLjtsXyerJ}|O*_GPPn%|<8n0V9t<@+Z}K+^AI9@YPcB zdq+PL^}-_^?HqKShJQr+uBT(RZ8Aj(W?g0b>~!-5OHR#FmTMTtVpY#d7}eW<+STcv z%zv8YNyN5d65xn)YQ0AgprIggG=fKkfc|Zt2V>8osT{w8J;etch|Q%n42l81kf7J` z*k7dY=u1pCs24!OO3;ax9MdI_&i`KmeDWie{t@g9t!oHZrtg!(OaCJrg`T&$Z{0tO zJ@6aW-aANsB@R`wk8$n=VUrAlH@@V)4{3Uu`6`mX<)z{Z?rIrC1v;Z>Xa2IFA39qZ zOX{XapjyPo*mgKQsH(W?N@Y1ntJsX~hkE4@?-Z~Jb=b*)MGj=|qT<;OZKjzIbpu$6 z{qg+LUOfU`J1+b0mZ(-Tn_Bt&gg+Yz+ELx2MK2T4?(Lmx$EHEzIO4_q#&xfWf6D_jbtiVy!9wD?#{t@x33I|~6ujjZ{* z61wn6?=bc&kt5lasn)YJ!0N^Aw+VIz>nfcQteE30m6t$jTAFJdE_9u+*j3z&wsiU{ zAXejj7r&*oX@IekIb*i49qlQ8I=G@L$MFQF#b%x zH|1pkh;BZD9Rzir1oW}SLU*FqA;W}jaQVhf`UNWMUvBiI%q*Zx%XaNjVL<$JiI?aKs93CUFS!~gJkHk#}TVT_cwynEd z1>~=!poSmF^zQKh8_$rb_!zZTlCi`g5eIp-FjbFFnQ2vF@T$(3DB)o5WB+r2{7yPA ztef_)hw0yU##iE3BAkPu*l{oL4=29Y&Fa2@DkB2rqRraf09?lV_*gQXa9}Ci+nEzK z&CfPZq3&r!*b}j%TAC^KOZ-J*GiVYV(5*z?1!aXl5C+Z6M%2xxlSil z9@}e@YK|c+wjC(k(WT>*QV7R;IYaGqz>#7`fcR9rg790J#x{?uPX-dikmAjWxZFw7 zcwTI+1hqL_`rL{6s<4~%1`kTGo3ko8BN4=mi(xm**F0d95L*E-mZ#mCoRm;vNna^q zWvv}FH6GR3E5oyV_C6I?XL47C|FZo0`L>ht@0g0~ubfu+`RkF;L++h7No$%Fve zdZPZE7DKL3z>3zK7xS92pfy+8#c7~zrXDb0W-f6G+XJZkk1PoXCG)Fzo2VPUIcP5! zs3^Mg?{u=LnI?|;DHHLSsV8m^3h4Ld6`5^}2hg9^YVz9CqWoHIZHjCrA@?3&?APb= zQo&vxUw0q-g3FHwrPYoCY}zarC)*4RdiD9(jh>LWGqCv45ilb~HbJ!>1{{W-21gim zvq|}TJiVZRjFX73ONpZ^-R@J(WV1}0E6KcN{eGFM^SQUoQW{L(-Hh$fNA>E>v-1iV zZbzDvSAp|L%ReYiV-o{8^m(yW-ch1X{xb6QB| zRxp3J!3R4xLU%8Zhu`=p)!_iM3(9aZP!}UnIU`FWE%ROeP8o9(+ovBNmdgA!w55L9 zcoobDN{_#dqGfHpGykg-EahryknoN>X=~4Qw zPx1#U$HC(*oN=QxVmGLe&>=t;NAgekyUPvCB3Ab@EGP57GLR?8TK{A_Vg@ z`o&UXs8tpK$yF{?ayQZyCQ-}LU<|Q`&BR<9-mmBH z6u2qtQKKBj28t%~B&)xlWvcQ$JI*>!X&5S$tUnt9qz#qdetqwG&Rk~Tt@d+*Dz|mP zo5E_m-vwIE<%T-QkR(i63&=P!P=a(~N|`%#SQ<^G>fnm0C#wL&erBGs87?1q z=qkP?m9S1F)+Rn<{c~D7&wk{U2akVRteSqC!ue$|<>SBvbs-tuByQYZBDCDmRsAz6 zRg!jw+qn!uVE`P2Nh?*%K(YC1>>??2;|X8ny&auIVt8hXe`G68;&j}O|Kj)+wK*m4 zL2iN@!R%5W-Gs98cKtD=K>2F|X2US>pmj8J^fCkxDMqBCPNT9l7|~yM5wQ>MPzQup zGRd=bW9>J*zG|U9y!r9rVH3_i6P3GGKd~9=beo~j1abfQ=&ApV`5%ka8hJW^;xTjw zQ7)EIN+^sZOdTg)S28=AI6Wb71qo>U8HQ(vXHTkX-3KqUG;!adi^RZE$aX>K3T8tW zk1LD^P7B-ocC<8dD6$?Tta}i`QPLR4Wi_K9AjK^C{ zYCHb?kZ!wz>y)k8Weey`8Q$mPI_iKcIO&2Mc} z`JskmE~=kB=E;=ZT@`JX51jX(7X2AMQGsV74u=?G@wY7JAZRduf8mMbu|fVmK4fqQ zlG~}yzW|X!33X#08+rIGcO;BkSca04#I}iG1pu?WTG~DCuFTrQy41siLgC{0>p_(@ z%7g%_Xkku}{D;QaJ1^Gx`Ycu%T?D)mPe1{eeK~}G^Jm0lpjla)x6Z@^9F*7%O@B;k z6TKhoRb*?yV=LKmP3oZL`?VttQnPHfH&LvBOA#diy#DevImQcyoLJm4AoDNc0ZlBK zJ&+_CZU^` z_1i$!uauy8viZWjbIYP8g4LuTIu_W$ygSU$TgTXY=#12}SCRd?2RP38M0u*%9TW?R zY0=)j@00yDj6x;1ni=r!QVwh4Q5@DSB;$8xg1;32YX?zGVbtHu>ZM zvUyL4X(bAHk1co0O;E7LC3a&>T4TzExa9u@pg>>0(Bxcg0tiEy~Hi5-}q)u3XZ2k-Dr}unzx~_4Rl!3qzWwH#DS2b^-g72>cvNN~LlCn8`~`MFL)5m`v zmH7-KFYei9f?bnQ?vONal7`61s*;RY>F}mMV2D7b82grbbhkDv z#Uy~Uw+#izcKmDJpOBb=Fj@Ih*0ls)7W!0=3*ka^Zh z$qAx@6Oc?5Ml=A<(BEcK8gh&k&F{4pYUa}v@Qu<1vtmf`nz`)aKCV}Pj#?9?}*EgryPY?m~R6N?xwv)Sr0>Q+eK{-5ej1U(F@V(I16pMR$%0bl*yVdNzNA90?IJ~ zf)}&4Hzwp@NSQ92%iI`XV$EZ_5Q0;^4C>CP^Z?RSN)d6`mU!|+a}JivDzTAuy84bY z0bDe#OmD#gN=3|Widn+t@^-M_<$c4;c!s%k9?|NHkqiib*UV4409F%~j{4IdbpnvX z2{U|c`X{d*2ELD6i!u8#%_{dJnk2FwePtCF+7TAgk3GnB=i1uyT9UrjhDl7i3@4C4 zY7GwoWu$$A-1ZIDxdK*hd{x$5Yl!3mi*jUwGz-ogAd?zBmd?M>#ON@Ae+tWHah3i#*cp4=Q7!~mo;e=?+-2#StZCknYSF(2E+a8ta~Yae zJ1EH?Uc*xTRo@wqVYy}B>rp?T7P4c~as#-rSX-?xj)Fe>Y_kpGwO7tTysUtB8RMm@ zEvX!=eeno`c!&vMD|9#uBJ{-Q>CS_C3j$x_8y<)ry)sW%0XT}SGLh4KLt?Xa-896q zc)=`t2W>;GW1jB=AYHMT7prh5z|VeuWqV|Tg*av*8r`GG=LCW4yC1}VRLk%IrXn0> zh?r?9*@v-g&x?>6&#yV|ED110PTs-d_vnHp!2tyPAMCAOxjUVEeQQYg$`QO?)aW&Y zq6wiU7Hdut5z)l;Ze>A+esvST`bu^0>b9bp0{(?W;t>dsfGkSCi>8U|(L0ZTxq!5b zkbua0ru@)@<*b5eBA&ua)g6TX<<`pE+pPh_)>`qh0Nc`h#aLZp4vv3k$wT{}C6RFrFH&;|x-|-$2Vo&uK3Nnz9ya`*<$Am0D%-1`=TVSi{{D4UBY)3lIU}!^ zG)-9&N}@D?Lun7S`@C@b2crmhZd5}_F@R*K^kIDenkbqtn9>Cp=IQ55zw=aq2m8kk zpjdzY`Tc-6+@^kc5P1?m@EE}llAP!wPoGcF?85_ZPtMlUMC0g!CK70)0mpN_G@U@v zr{szwzp4HU9WG@SKfSecf(8|)$FX(20sHB!Fm4;6mPGPZktmunQOIP|+09QW#{P97 zVIOgThOH0o@#;DOw1qsfg5O#w068Kd5B9lRG?3X6kU=aWGpg5yEGZWIrK~y_4yZ(9 zXv5lBZvCj+FNomgt{IyXvy7!N5Mp{G0;{{XWQ>3L(;w!0I_2u4%BfZmE8ylg9&n)Q z@1E?B1IGA_ma9h$0N)RAg__0;S__zJ2S%B%_|Xab0;FUE?4wqzF+A@Xprsxg2QyDZ zbRQUZ{XITg+ohSC^}y?nU6~p0o+5{1Xj70L!nx4n6ls}eOi!!4NYi#<2CdChQ8|#P zsLq8anL<<*P@}AvqChV;`J-99)5?>2*|x1JX}hZ#SYnqyecz?aeD%j42Sjq}himOK zodd2AV74r+S0u2vEi%vVSMA>MxrkVqus@hA^7v1$ud1(A2koC;Up-rD=0(Ix3elL$ z`;nLVlk+lf^~rPdl#HazJCQO!*<2+DcQa-2pq0$>6#JXZn>Q75;y=B=znClJcMG@Uqpc3zgb`oJ;~xESNZHLnd<`i77kj#{aL5aV3& z2=dkE41G3J^5*L1!`17{yQ?>^h%JfxhSQYXiPFjAr*N`)`s}yPjEbUZc{If_k0iNH zxhkDM*0t_ve(5A8cBoGrbx&qXD4+A8S?{6&AZ$%>0j< zfLYAV3Ju#|h1gF9OZY=s%O5|y-M<1jdV@dzTC7%FktLN&7y42jn!4GuU%mRZNGZ6T zH3^0y26B-e|H(dHGw9vz5Ju8I6h|Aynyc$!*uPjBBcIX$T5bEvdyh@SmV=8sG&g37 z@1RgIQ6e|1gs1msge$8Kbnh9=QhIO4O3rA~t^s%HnZ3228svDo+hlmo>86)C*sJ9i zd>*X}*k0|SkGKqF$T+^feSLdfOKpJnp3=S9ws1g04r41tOPXC4YWarCNUYfaL*3G! z80RD5Ry2Gps+3w|%;T_bMUp#?o*FpmjHK+rl+E2Ue=x8x-S;&4xw<1bHg5c5a-yOvfE(k0uuZI(k?C6p*X*jpf&J((=EAq&l?va$%j7MW z3h_!<8qoeDz)!EoH$b+P{guXX{tETF4KUAPRTgDJ4SS+;qBa?iz|_BceFINQ^80Tw z&i3n<-@fSVrl&7r7 z&)mmpfAc)1{Xupv{O@f;bfPtT>uSyQ@AuJRV%iS%dpQch69FmTOl`$|2QV~|*Ey1h);_>>Cm>!*?#c{JVk^NyDP zVXXfCY3fG8&XaK|lt^~~u--JhSeTKCrJOGA$ z{l=I#7HTa`_mcMhee@+N-aR9Z?yLuq4+-wOsk~A@^U+z z>>~{Kryu5DS~Bawxv+jRFPM#{mU}sgsT2rspm!xbF^6efwDx-9DL{-3*H0jkBlB9l9eq35>eE5vDj+9HOM{y&P_Mk_YJ+a))7VOO(U(nQr&>IR z3>)ROi`f&Nb)%)t&msTDej*?{J=Pd0g%z0AI*91`W5E~sf&8xG#{Qbq)qCdd-jm>+I2x5|BFOOzHd*EZn}{dQ?y zwT7S8ziG^3SEii_O1EQ5E=kTJo^ghW+$i41j&+QzTuGM94Yy_L^K+Lrol%gDpTVU` zSb9cFO`fyA*)`47=FTs{-@QXqDzxD6v5cD#tjCx=>|@4r7!0>85@~mOo|f*os+VE= z#W>JdOyVMUNqE*Y;W1YmcPe8T=_!sq*J-j88lhR13mPq%^lFTDh=Hd&NF!!j08<3s z(d%TgA-PcYY_H{mcV1!eIxco9-@pN&@Qc7&@wxwpBqE7z>i`0e5s~NeBxa6L6$|Z{y$jm*M7{q@h`Ug-dmBs z7h<+iVL>YY3!kk(mep>WpBg!te~7NxKx8Ug7JmwfRQ|1AV1`)NEFYKvX$-yqxpR|4fT8z z6l0u_RRUaEC$21(Dx^8g^#YR7oH|iK4k>wRJU$f8sZfP!{h!msHPJs|*>^xFmeRD- z^H|+B!sA3dI5-OuJ=aEpv2ebl(LGCJqb5c3z9ni@ZFp0{Qp2>A<1`%i0;W71_s_^l2+%l z_%IZVBURu*r~>m@{OpJVS9CFit5xrqU=YKLmVsx-A^Fu(JWQ0B6p~GN=W%3ETkhEg z&RT<8^A~)fV$3T64i&hsSHch9z0qoV>f1}_OhxAr%a-Tnlg~y3E0J;~@&UB+mn0HN zVnX4>oV;e)(iQU*?Rr|mx=e_0(l2kg>-WrP_Xa{f8^((Jm|g!&bKyLSC>|mEXC>#S zkBzHR_}LTiifXu?qq!Ngn20sYa~?BEoNn-UT0D6QDUED`o!24R1P2-Xo8f3=Iqu4cB3Xu__42r{*A@!6`iZEt$?DLphIe{qABq#|zjRDL<+ zINsPp9+7>Qp#@d!feuJlWvgAIb+es!d2>zvgk|o}%##a+md+coqI>}Hb1g@^t=x?( zkYI^EL-m|53caH+yMU2!rFIQpq{}thb30VCa%=h9-T@Ws4!oMvbDP8)m}3P|P`Hqv zk+)*OQ#+f4Ij)&go^&;RTzNaML$171CRZt)CEbS{wKUcgPRSU&cOG-8|4VLf--3g* zNUfCz?nI+@9DErk(f;Ee^}!(Wn(H*yRb#S(1282a503-sxpdQaOCH_dcz#fk>wBqp ztFi#pf7@4Knd;pP*>c@^+V$2nPZvO_lp^A#Lt9}^SF3(wP`~?E8CJ}l*9F@lHZzm- z*8!f|mhD|l?CL>8m3I|tN^1wz{IwSPX*$5#8a9K>Ru?#mN^=zV=$>6;U9_JF+7+Vx z324*KHfbl6x@kvQI{?Ca#>ER0H4|Bp;FO@#qc|TRo7@J=wNAYv#qb z-+c4A^KU&}zUW>L+lZncQS?Iz)DDK24@cw$q2u?)#1DYkgyG*u)cbJM`!KBg5a3rB z=u!(!+)qq)J~|~!r=+aJ#@nqPuI+P?6EX9dn#w_Z zd2_AzMu4iPiJX##b=|t4z!oTNTdEXWWvaU)N1tTpbx5D&4vv|h+$%2MO|hcsM9&KF zPF4;cYMO6KEHV!Tq_@2Qh^;2SqFw@)!}*?|ydBz!%T{f+L}CjkW-9O6Y$t}d_Eq*_ zkhfStPPVwRLRPI`G=Cu#I)2+6F|@~eYqJ=%(9IU1k2Ia0V~ z%I{XaF-j5osQ+yd0!Wl+=Jkv%>6(io$G4RrN9HF`*&9(fmj>pCajlaLa(Z9>2?Dp^e4(UdN5S9EfF^WD2s-7&E1x_;AmB5><}{UCXHWxd45YS96Z(N;P45%X<_ zGu3m@)TY#W6+e2`nX>A;DV44-OhCE~KXjJawg+u_Nh+#}n!c!-OYijT%^61A%^+ej zHm}*G?=oSzTEQU6Nt6^)u^f$J2y~f}_d@Rkqojzz^T<*g!3coWT&$`AnP+GYxF2qE zvC^C0LXsaqjffoVPmC;WwA~h5EsNPS5-ZP)J2&U0YI8nI#O!=UbxpNVr*b|kl*r|I z%+@S9mwYjyd9>t;MXJczInDSa66snGHj&EdD*j5Vp9xLl2@0cXv9;@Bx~4qQHqr;C zl^ktQ)>TK2P&6@Vrr{jSzOOgc5;r0k|Kg$+S3K3i-hTq~Q`ipjP@sr`;~v34_W zezsvO)SswIx_^z?uJ!~3^PASUaEC*>-+uEA{P)F+7q$QX?!~vi`}SWhzIpM@i;I^p zFD}0QmlrQzzI^e!e<3f1H)r@&NJaC1d9nAm>W%wMuCJUKlGBGNnj(c{xj7I9t0Z$a z%|sZRrt#kT#q^tRr!Op&y6G7hT;*7sMj~fI>aYB@KEi(Uo5^JI8;=BB8(r+9Vkw3p zTb%aAZ*b1ME~FBx4`!;pVRN3sbotGSDH>BnVaAng=Q!UYmj!aNVChsFV6%cJG0UNF z`)S>@>4lz!djHNvddF8xD!R&Ek+evX-x%*6@mtZ@&fjQ-qQ8x?=A`){EY8-EDz*R^ z2L3%E4U+Y=$Bl^JVX1I4;Zpsj_QP8)RYk>k^+v75(?yZc-2X-EoJeR5==>jASFf!G z`i*R z|67wGraV%Be>H!(6G_$UD(eD1ba<;W5x>*JFOsgCdxp)W%X`Dzz<@&$Bpk_TuH14` zu6f%{Zf)+?s#&d{TgWJpQBE@kdtRp$0jBJo%;0>_*Sgm|C)NrJZR&|WAO4I=9$gmg zuF~q_@SS}erKA_sQiBUWOq9V950+mGA8pjtrM2V^N1coR+ycnq_4BXnC-;H&W>m@t zk%xy(+--qSEIpaAe0(&D-o_hjlMSoK&!KHp6~_TitpiYjjhMhHxTe&dpan@4lFVcK z+&$|ILnA{_SL1nmw|qibGasEVGn6Sa1V+~fq6-c>?i)P^oWb^U;|#7{;|v~WaLczk zXK?Q$Ge&ck1I6uac*xPMn+YpJ8VdM4Q<@>1)N>dNF0h|r&m^b5f=C&QrNIbTWkD^% z2y^X8i$rzmgQl_JF5}vaGjN55)5d)um_3T(>6Ap!1Q?{CKYzs#B$LO1Y#$i0-H%mh zR{*^;dnrm|2-Mj5 zlLyqge8;-6%hPF3GvrKW;En)N-0~eSk_tD7F|d8_-VpF#uG9jM6IpVW zd4s94T@KxCm$%N*)m__l*Y@DeRchCbVRkSAECxj2U1Ix{uviQ-1BjVONzNARBf7Zi z3{=NC%Mu!OG6x1*cqgb3g35(&WPNkor7FPFi>{s1Ss022btbh7n?^lgz+6BlnD%u+lge znMI&=%Q7ehSn&QeEH4h)SuLkVt^M-Wo*tDN0wZV3gU4#xZ|bHTN&*&2P$Frp#g53u z>N8>UZU503yytC~r5-%(T}NXC7t!P1p^w@)%%qWwUOQA&v$n>v+#q=R)ys?j`8z{1B8^m~ zArttxA!?b6VzI2Ya_4&I1NQ;PyKDg-#~`j+!fng-xX&2(8TD)2XN>!dai1~nGsb?hDUZn}JXI5s zPw=~5C)LbP9_3DJ3tQ~Gn5(xVB17f&UNik#iv z^Xw;<^Z5YMSCeSRAX2pnfkC|t=S^=YNtpcZ*`^yUzg4kqo#a_Mx~m_{&>3T1J~JIO z#=PtuwT7UIK^%&Z+g}N?27TiwFkLWO;H=!AvUDe+KnTmeD^G3uLb7kFPZO2XR03wE z1o_tpYi~qMgiULLk{A%8-6@y$Rw1O~Eno2lO=dM)=30fKWvy(oZKp5rFbZOhUs+h@RizRi}qp2xxuQ5 zfVy!ShYlh$seVd`5$xJ^-Fyl`gEj(W+kQ%jI0*z-(TS`=iG0sC$I>J%5vg4A3<)$0 zF_A?N`~*gVEds~Ib$UkL3#I>a^^r?mTpE)%g30$n!JYkCYT@(2O*8-kJ)Bb1N1!M? ziXLgwc(PI)T$1ZlFP^3?E^U-FMcBnO73qYnGPP+e!-zoS6$x|{XNp3Oarg!4m=M?z z7f@*+7@~?Tctln#UqA+!Xt`&8ra?sZU0{QK0^la3!uZwp`3_T|yMCYsyTBCxnrTmnH^!YaR+U|PQzT>_Ux%X>`|W~f9`mkUVD zxAgv*Nt1@V6P5sD)zLlM9Gz{A-lOaEs7%aM8Lv(g13&N){B|^asR*!(8ht(6YERg;<2SwXIymX)v*P#cyMp;Yb1`GXsXyWB z=Kp;8Z~t~t=l{I8c=`3n|M?WxGvfa&N7!dd{fQ0uWUQb1^YFJv_^I!0bA3WZQFE0v zpXT+aVEELZ>LvHoYLrKArO^v+y3mU>8#zBm&d-tav(=#4o%8b=C)lI#ezucC^w2_B z1)vROP*N?hb@(mc&e`hK^_VOYF{6ot_1cediMgvo<^9!&h*jQK84a)oQUEyc>+ zsP0{nEAbY~8ze!Tbk-{Hs;cLuR)M6>TA@wY1tc$U^s@ji<#P9sbpJN6tjo zXUK-VCuX5BTA@NU=J#`*9L&zJL8`?J`XKj#^x0-B_8U#(bCKK7Qiw_RD3P5XL3p#I zRPSva(>+m)oft40?1Japf2R5^6*gr%if3G-mO`2pDiW#WG15Jk3Z!{x^?TC;sHz*= zg^#=D*~-o~A$ckT!(7{lsT(Ww2?(m~6?#nDM_Aq1u0h1r_Imo*wt(Z~GCbY{yzdlA z{uzYH2grX6mESj1J{+hM5-$IQ0rLYUUQp2d6NJqV37iiPoev70|Fq%r1NtgBg#I%R zq8}iVz(D#>6G}g%9l_!Bzv_VcK(k{I5I8KXen4RTXBt{R5E{?}njP1LD zZtB|5MLY~_)mXJB1YOxHXc|0c5Z18H!E2Wgje~-->@_gVpdYN&SoLQH+S;k{{UEN! zrjKAQ?+RS<2KP<)(s$T!lV0#wwR!<@W?}8<1%=sb7>%S~g#gKqV6ng@Zh)E5ixX^p z0R6jNgf3M#%B}ajb9U4Y`OT)v^P|d&8})IV8(0bB)M%l+>0fMBg{hUOaGhNIhXOCY1$aC95i9v$6=PwqAZ zJ2%ikv$&3mL+-~9Z)J%O>w@9!Zbcm=b--?6Grz+4kOA=@#_$^+1=1D&adGi)-@bfN zkN0$7H&iWOk*Sv3)I4i`MVbFpxwo}|Gt)5 zZ1fIhjJ6r0ZN_Muouh4zx590dr+{W`N!MKD_P+0+OA4u2-XX=rRo=4 z^?}N1*N(1yg%?!BV{_>ke+u)J^^$F>C({oRKc+8sl)lUrGJn%>kB} z&w0eFZHz@!tgPxhq(7Hx`K(Yr_Pm5#HVRc%#Du3|+OWhEUYUs$Gnp$vR`i|`srS$v zw%tIjHYM+cVu&}e8%?cy7=_)oR!Qt*CL}W%(WK-vo^S;x2(z5gds1YJoW@L6S9QC& zr}3H__N$z&IeVz)Oimb;jHE(gMlzN{1)(~rAUuu4Dx(UT(AxTifO^~dc;#cB36Kd^ zvf7tEV(;G z3nsQ7P?o`9&RP5h@aDJf6W5DWxZ77BSyXgm&bDD9SQN{VA`w4?JoaB;hKGcQD@TtZ-N(h62ji8C@Ql-9;t%|=V1)htEvLAh%#Fw#V%Opn!-p15W@ zd&MK_xO|OEvJz62QnE22x){tUzhq>QGxV^_Vxp0sGuJk&NtCUSN&n(zm zx`POWbwlh<9P6i#uyIG$bkM~a%oeoIptOuxk>kP%Z`RS{|L$Hok*B3Fmwd6bvZOgK zmeoGk171;uM5Y*m;q|W94~pe0*Ba<5OM0Pe%2!#!Bd$zelNaO!I-9Fw2?K8;vePNK zgyYeG52V7CZwk^Mm7*-GqgA1>(abDd(XbQ?m)Nsqm>0`eXM{>AA`Vuf>$_@)qi7Bp z$Tck1uCXZ=%u{VrWzx+y@awVcjSwua0kJlnvV9)Gb$AWw8N31m?Hc58chERHyaom} zk%2LH4Xya_SOIru)o45NCxw0fHYoCLXK{o_;WY^3^0SG+YbfeZV9~y9eHpg4)P`1> zW%JBnE-fWA9JpsW(>jtuNTNYRJYvuvUIWw-UONnqAz^@cg$4uS6%rC?p9~BP#49*F z(0@Fvm9Rj44|}x7UYpELa9o?lwJE3-V?I!I^Mx{(i{lnG+i)qF}Zm0Vn6`j*Dr%w-ygsimaVSbM|VDklI(coK#?tN z9-+NFct-Cyr&7fVX>r2A`j84>-6d32oE?0{oL?1{kikS+Z=jcHPLGc1ZZ(MD5CjQT zZ7sw~f0d`osxVyzX5~Rn*mN-^als7X0fID7v9@v}6o8fgaP9#|8n<+=)yiVzKch1#<^nb(TSb$YN$}9Nky%YoZ-}RoxXD_XFd8VB8Ok z`+;#kP`f_A{lMs}8rP=4Yh0W5700+XjcZfyOXJ!!xZsc?`-L^x-eUK7V|M2a%tX8s z5G)gM2M!Ef7?GGHBBIKKwCY!kS549tdR5NIKSat96$F4>v0?^bn2GpAp0?mjMjY9Q zBYRpL*^)}^S6m9(VP)Qo(o^@7qsny0n~noKf7v;f#0uTzEWWAM+*rwoLXTq>lZ@pP z>})~i+)$_1#*u01A<$vf>I|fOEB%ZWRrTqxVqgXLXO3!VkYzppd%^Mz5o_kbh2D8#fFx*yoZlepEOPrx-_UIWdj&w+owyoPV@$j~j`mQWsroxZ$wvSN4H z^=&omnR3_fEt;V_z%9Xy%=V4f;0+qty$^?P)X3n?8X2@e=!5nO@c^NeAzRqqOyr0}^dAq$nk`ou|ffTc+|6V(< z22*LpXe!B(-CrNevizgNdbb}fBL^YM9F_lNhqO3%*0W&9$7ZZ_JH+I~+Wn_mZmCe! zA5+CA}8+o`NHx_9k``*17BfYq!2J`z=#OXy5d#o z69UK{1_Q`yo7K+@KUS^$2qOE^KxFVEYL$bd$;i)324g*EAgWc7D4vyvClWuEpvgWr zPSNV@(O;v{vOW-@JUDETpvR2kktT`3hFSX_y{r6iPO~@l{OO=UPqd;>bk}H=-LXR8 z&T!4FGjYM!EG?Ib6M1@ScgF`^z8+=y`GcpE{}{3WL4({9REn=$fDYgt9OO=W5?9)j zg7H3?`)qeW#4~oAJtZRI5nW|Z4~%%$?y;u^MvN}8t!u<9bX<>(r3-g=?e6Lt*k7ZI zYtUjlV1xue8t&Hm>|9!(Fga4V3u|;=eR}s*;0Orwo`kuq4&oLG0CS~^?+)nlM^qcC zi>?KaNmeN3C409tt1+Uz zMzq(6_NrbZ+G|96jcBjxHKM)t6~~D78qr?$YeakXR%%3hjcBiD;M^L~UZW%H*NgV* zN->#eot`eX8`7}rB{5T!C)yfV&>Z&X_Whw*CE>jlP3eN=Efcf4N${S(N@MVE$Vx_G zoF;Rgn;hRxnKXBKr$z|)bnN*7^kC#7#T3Y9IVzt-xmR)`dnJ0_MNy;3n z!JZBCyq#lyv&rSnHO@>=;)O)zEt%eULCqoCZ$wkAt&Y|gM_M@@tzRB>&AOl&H)Aws z`JK3D>GwS8OaWMF(|6VPF#Rw!j;c9NnDKKdp_`+1TuNx6mMm2~GO#gG5yjq3X;0eQ zP=A}bcWX596n+Ece2^+ZNrUPIZ!}eI@A_m^EpKu*=O2SBgpa$VvVXq2yMbcdl*$>& z3b}+7)caRZSes;q$oh$XGs6G+!`P z6{RT@>#GOWAuF6nOtv3h<+ry4U$Ju36QQ!qL?TUbnL0!^)`$)=W^YwqRF^(!vc8StKB!X_lf}QI*|o_wk&JCsW6B4)_^g7 zGjDHfv332FKMs%qzdEM`n?l(l8A>N)+|qGmhp7)T_U3U2CZ2`Vl=%(SgMyy zsk>Y8h$cV+LlKezcyD_jas3Ea<*Bzy8MG^xL@J&ngni6d&Q~l|G^svGq$nwPAeM`# zfJ`c~NUV_DCSg=I9LjgiHkxr9>um>rRXN;T-+E7@FfICSgYaBE;1LpEs3p<0H*`ca zikOt;7XdV!u(?90-I?E5E(w*gSmAWai&UF8Ja)P}N(!l14&Q-DrqfJ7j(z~~9z=oU%vQWzaG}3qWSrk3sNDT-AL|h_B7>1ER;T2?wXjZrZlvY&A2a$Iu z;%%-fTq`WR59LHwBIQctrDmyxS3n1ukKuW8rTXofGt3I=wSS({@(EP){npMGXXgY; zCd{^ZWUD63o(V~++GWE8to4OtdG}a3;2gCd8|Nro;~Z_f#yJ}NfQL5?F$XHvik^jF zV}T*&%&d-TwDw#O?6p#r3d(i%SoPAzWk6;AEHLQQvo$a6q{rB|NTiZWz}W(L+HKQB zPOfjrTp((n%r+R>i31q6IwUPtvli%NPxX5Mb|KKZP(k+V*)AyEBZBC{7J$IB+DAO4 z4R@&pIn?$&lO5pj33H8oaf{JFDTO=5p60wY+$R?15$pGd1$x6mPE;T3EcGcS;UoIA z$4UEqC++@z>}NV-10L#wpFJt?ETH?l!Df#NGaJp7(Omh$G~Z~hjOI$?HBQ>+J86H_ z=1MO>>xrRR0YhL29P5xktdL&r1z$Za>?%N-0Z^;Q1X+!T7GIDK9}g{>ztX9KLjX~S zheGvsRcFn+@I$&TTerJlL-~xWoaUSFZ!f_Ge}_q(Zr}A{huYsX+r}aX-YOh3_7=D%+!xQ$nh8`Zz>XQ*>$?^M=%55;w67^>uwCJ9h6iy{SzEX(uky>cUBL$&IC z59pEom(H1r&NKJcIW}%ZGkN|8_wR|W+8?(ENGrEd=R|JD0J<^SC)wlI?nw(uThcWbIkJy+)@4e(hQ=l@VoZP`4O`P!g2^Sf(PPG>dvk*g5O7e8X$6jt zSfq@sIc??Mgh3S*c@Czw`x36;G-t2KFXf2(<&6A-18I`8M9`S!zaW9(FKS6sAt#c@ zETZ`@Q}V-_9*2noewo0Vnf{p z#Dr%2c>YvfA6>r(iYULlNa52wMPlow^|Q}nrTHR^gzWe-Ulhm_X;cbJRlWhpA$EK$ zqI*5AP=iYH`rRAdMKDje$#Q78@UmR2dCcM|`HAKnwmHU#jF=?9J^AVK!(ZQDzPmbw zamPMpG>utI3R&hlFjCPUV(FUaB1M&cJqHunlp4|0aNp-lie$~=Gv8#5+|GrkS)nW_ z0EUR3;wjF~7#rx=pT~_u`aXnPE1{`N*a*LJ0~$-5lJ`QH z#092vVX8r!n#cUr`@0YS`{sx1_jlvaABX-Y9r`R?2MznT#`yGxl9REaS9IrmzWuQ! z?%i5ismoQm{)tu@+tbF15%T~9Ka{r6zMh+bUJ&02(p1Z-=e2qL*XuV|@9(a^zrOl# z5RVP;+75Bq?5JDD@FyvLS5TezoznU%S$J!{)R|(55;%YOox49T?x| zq9;Ld)nkPTu&qO;sjrSrzKhD#HwzqcESnV$>H80KKIZn+e_@*stdr8RsafDcHF+Np z;OX|f{l{R#s2hTb8xFzBGLTFloPyzt^YZQ}v0>y3PshYEjC&!Rc_EB|acToKE`@)7uf+>zdR&r+ zoGZmrSY07~nV6sHaak@->x)hj?eZEp(dM=qJ2VbzZ(4?-+v|NqbG1*ux!Qz9@L??+5LVzYAzpnU1 zU%62OhSypo#fr(ZGRj2XW$9X*VDeE`xtOoH49&3B%PC%7;q2nu?+jo_YFKu;$@C%$ zr8fwe!qn~24DYy?O0S~hE<#ci13SE8dHRa{e<%OvfBbWD`X47J|M_C_KmY50ocy0D z{NrCw|Ks$Z_K*K@dU|s5pMQDxr@Nc0|Kg|r{Li#l-Q!>XJo!&{^ zO_aBlR~=J@NoA`IwNdmQyrB_`SsF1&5?Zjbtr#MFm9CvzvA|;lRG7_WJeC_>ce`=w zdERu;*v`0jSx-wG$e#Xl=dJ5q47b*l(nC^ROAh2m9C7NOEV$(H@acgHJL}ElR0m>s zk^VepsnYujK>Nsw2C0UUqB!kzc1FajH}Z_UXKR+9k?Z+;p>EKqsGecsgM`n?D@c2< zh@uNH&a5By4475C0&qe;aM@@L?cK>=K}lLU;NLroG~sg=ZKC#Ynd%Y}A#PHY5JWd_ z3>4cW3^NQswo`OM+&R;O@^Dc~&t@%7aN~>AEx^cf1Q1x4>)B1%DY^Q{A}_PHe#4NPDgndyu*q3E5qqs| zdyVhG;DPSOKNFt9j4~)bOCMSp5jg&g4MAd_Lo(`(LqpiIAkVW9ikuvuAD?b*e~+b? z(A8j}%SuVU%90J#<2XJeTv@n;M`~)Ig=a(xqH^lc>TnlA67s_6m6PLt9-k4WqEqr9 z(qjeHpOQNadT<48L_t!9Ky~&}Z%4UGHZX08C=^0@sj`s9tB+in(@Z@!UVt=l>go-6 z!q@D4$!MaMcqo&Kbn*|D3jjN&=9dr$Utl_PGTg7#XL8h^3~={oCGe+#?CyWQySw=l zQ?+TMOR^_fu$^G}T;!`m&YyN>w659;sSx>(i%+U|2uf6sM~p|Bti4l^WI@}g+qOAv z+qOAvW7@WDbK16T+h(lkMzt824*cY`j-<28brgBA9=JRGg+B-7i-xwh^ zOHqJ?=)pqilCgODGszkFtz`igY)~bFLJI`BuPYy;wgJi_6q*KB)hZA?Spr$6*xCrv zIWK`UnB#0v#E0tJAUdZ#JSBz--(r_+JSZAAs<0o5d1;ILjh&HhszII_%2!s-hP|0x zGxNswV$2AIkEN?gd2wsWLn7~iHh`>8C z;H2Svs8r_5ao9#ZVJqe=FdN9#md#|gdKD`v(PNLEcxj7{02eI8{*gh1tGH$ z?YmOo5Ctoj+26)gNNUEqr*sRoP1D-Z5zN1{QMe&GDxeXzrGNi#H$scwZ`zm@1thnJ zbNYem*k#s86JVSC&$zJC!|f&nV+Rm5Ee1FP;LT{FVlqmY!`MrAE+C_a!R72t5dT@{ zGnpvjh2)Tn&j*K%$tN~5>j1X~Z|0!^7JIv=9nO>yYg=pKCu^*2S*q>yE6AE43qpc> zil;$^$z`DicU0Lp_D@NS3jpDm%{hS4>p;G}t*`2;8?zXC=!yB82IR|$fk>5J4=!Jv zOaO6MnAcomv`bVM5UPBak0N2XYaLHX5mPR<6V z=%3^LPcOCZ9+_0FYm((1m%{21M(u6*7io86Z6ib7{xAave4;!|9s@wP=|(qDwbkB7YM{ zX1F*Q=vt}B=nX}#(R|ia>(QioScD}#q^sEJ{m&*qx$&O?!w`ql;weHK1mE!;K@Z2u}%xwyb~0;E%GYR$EgT zsv~X63&|BhP5vEPP)E4je{_Lf4CFUEIoZVxcXVlviEI*}QiA-`#FicH0?MI<;i%DuMWsHF4l}^(I$2;GSwz ztK#kG!;rQZS6~sl=OHp%dq#TM;v3$Rrw7he_C$fr&0YV_gajdoL$-@7C^hGVr((1< zC@qYMwa&u=H+@X5p|{38PTxY)_dbX87PfPBW30{M?2g_Jj~$DDgn{EG(!$qr_vZ;m zb>s{j=i&156io&28-q4k3x?j4DLCMst$Wdf%&xvn2<)X|MzF)?6K>(4H>zsFz0>~w z+S~PLh^H0w(lBhb5B?~>6hJ_w^aY{eC{N60+yw2 zV}GoH2lq+_V!l%{taA292aHc;q~FR@V;V({IM1rS-;*&QZ9!RQB*mU%WeiPfd#Hzs z+2}j^(DM_Xf$dKO`UDHwDQUeEOwuZyXjQzqiI~50g$-p8Xu%9-S5i!s~r0;kymza*f_LXdh(({v|@dJv#8&E z!|o7Q$F6F{?wfiLhZrE@G*2uAj;)R@h0F!m8MY!1u|hm5^;njp zkfU_$07vK_Y7k3bG?lf#iB`M%O3G9$C*4yis^5Tex)O%xM%*;Ym6R+7s4$%Rje=$a8fD;^41UGs<4`2GM`OGt#aX1SNT=@YvfR|xDMu( zzDt+&@`P4EPB~>c^cAir8+GTiVSplG(rxAByGQueWNvAwSHzBy$Th-C@p2+x!gs~_ zKgPi8M*z-k1)2-1%M#?c$prZ!iWtf=>R;dJK7SP^LjvSbkuUX1+0D7BC2G(Marn_+ z*9TbB56jc5vM`$c9tP-H02V|#$%$ZAIjsge&|f79&_dBvj@XN&5tBbJ4bqCQZfd?+ z6IfElsVR}lsX~j}usKXyUSJ0JI=xecoo1w7+x^I?<+{neOKnH}K@O9p)bLG~&|hj) z=M0+>{=_SHo{S#UwL2-Pd+t6PZq)Zu1u@2+!a)Zx(=lf_R7kamIo?uq2e%>03bfHT z39`wn@$yURZ+BmqE^T507K25UU90nY*gZHuyA>ak;%Z$5nCYot?OC$?^b}pJ-9YU? zH=<=M3b4A$mwS~Aa7_=ORpV|QZId>bl3l~<_WV|v(f{fKzaBmlW%uh)?27AXmpteI zVlc(gg)naDNBvT#5BM;YRQhE~EFtK-D&ujC-;|}aMi9wNf^y11H>|V|lCm0{B+#fG z!4GRsmPV4)nju7m8C?PbWDH{gJ}X4Dqfw4!$KmMvYE6yl*C3%_U4lizPx#10Od{<# ziAyhC1OK|j^m$&+G)hO0y=&9YnmKj^4DCiF;*Mh9Wa6P6P0gj?UA$U^jeLC$cP;@- z7x0)zpxjn(RG%wmvq_}BD1xGY(6DL~wj{(i@3BwSQD@%yV6=v|vGdQk$RZ7H$))NC9oC?jEI1$6l)T_IZngv|3{b zepGA-o6eUaqfp5AD6FRD^)#XDk0c{{t)h$dv}%o-Sggb2QXHpJnpr-~@~)LwWLW_N z7E}s*|le{YrqV;Ik-Ya4=cW45- z+5{_^TFV__yGlGX?>zYyfMy8vaM}FD(STNYK)Ytr!f)dHF%_<5@0wU#$f!#wL}*Mb z%(+L{K(_2ZKn%YJDE-6fJ0>-wm%}1%wX;k*gD`3n?`$ANtzo$gvgj#ELcv)9ST1>6 z5%#sik2#R$PBr;Q#=T^@1zT$pInsmgj!!nR;Oh})piHWKfnzm=7{RqW`}8J}Z3F)A zf#J@5%y)WSaaCZ|asOl@fx~(d6w5%sMj-U?D6iJg!A`hixN$-Ps!SU2;=k+Nq_HpF znw>j|Qu>OQF{GjCk)b(NikC$5ACSrFALZ=sT}51WGN)f8UwHBQcM1!4tHdVDw(WjSJP<$A+XI@ zdQo>kz2VFHR5mrQW8peTNKI)bi?LA@x!6YPr{P;AHS*K@pyyFZhq59$svnUr7$S5~6m! zXG?Z)iBs>h0&C$$C&*Yf_3aNOfTIV#E+pg3o|QyF6T_0v5)<6bC>fbIq^)v5%m2a@ zRd_6mHe{6mp-NGX(Lv6jEN2^^oVp=)7H0(=rRDA$4DL6doE3#p=)7U)pv4M`-m@kU zs#4HRGqGQ1WIm9>NifEZ;dUn(fXVAcHiv)+1k*2ChgU5kWP&Z616OkS*CEyJS{jd! ze74svX)d5d=mL}dy1k{Y=%!dDc0^K5Box`k~85G-K{_5y2#SnBtue1SXI0vvJorY;Reb-+Bf(|>35d4tcIR2keU72 zMt(@a!B{92KT8=WI+ldYPvTT}OXFPW^S!V4C0Zg)v(@ixT$HbwW;`;qISCXv>9E&`Elj{E%(BflAia?huD- z<$5SxNoi>`L6If|qqt3{+=u!^jf7I_pu1ldHFOIpI1^PLV(`8`K#87X+}ndEus z^E{2I$LIDlH-5Tm5+q4*?tQ(^+t8|`^YCHywk4>@;6ar{ehB0%x@U{cTOR0dux8#x zlT!#@L*mdHpYq?o_M-zsr%d~i34v7b%?MMF8s&*mcUdZ2!@2ys^yzgp+;$%3m3{`0 znho))M1RUR=sT0jt-v;*3hS{K13T1iXk7^SRg7w{ncrnsO2#DEzAgPIc;HG4jfGCC9kys1|JX<=g@!RKycbv^ z>ug`)NIG)4Z8MvpASqTI(5G}-HEL7_vADa5@8S8}o8t-X&^df)bT{AYq%-(1FwYf+ zVU3>wbpP-`voL4MCQ@A2S2+30x0(~yV+ZGzIY%x2_C%Nze0W-8&*Z*ciT#Xtfvh(voLNbU+ zHmoL?O@FO|NQg2>B~Ew=(GP~t#-;tdFt;=pc-&Bxi}?5U67m;-=XK%Jp!|8BEBkF$ z*@Fq|CRSK-IC*V{mU-Hu{oY+Yw=Bc`^e_`NJ-AY$3~CqiUBScTR!y%LM&fDZ-%VL@ zD@q328EwQ_rnH=d6(LXv;b)bFQP?HZa{|&ODcV!9=KZl>`p(>VpzWhgyYM+-m)PoZ*|1<2>4GDajjsSrO)&nhpF+8^mz$mK6tf2l_jO=S$A!~s$JzsF?2 ztx^d^SFp765RLm*#TZTY*uxl{IFvSf^F^v$PrNn-i^aM2Bb;ULiH+h!D@j5MFu)p3 zEtqExlT6JSiIqfmiLxmz?Z&YGaBVngi`ACtf8E7U4J+GgF#P_&pN=vSb&N*$rZ3tR zrzT#Chjn(?ks0HfB{M@f!@?5u&#r?b27r-37PS8QZHq;tkIOo_uetj#mQ^{+LMd|b zRaU8l2%2;X7Y6f9|5LNts^&NObvF^wAG^-khm?rv*@a8s#SL6b-)OtC43-76=t2yG z=+kv-(6E~7rht|X2iXJPTszr=R%=~l4nWLbtmkny&70SK<=PS-M9CE=gS3u98{%mJ zQ-+Y|s0i$WlCx@H>MmK^wuTTwd>mRxodsrFRflDudO~ua3VNB{R_AS&&3L8!MHh>4 zl=PEge^iC3TO{~LjJZFBylz8)}k>sW@)4HY@5C7A{@Oh92PqHY8({JQFMmPW~2^|0w&bmPOFBPMydvx~f1bs#>hxmt|+} zG%sDYbE}2>S*LPY2btS6)anpxZ`$J`Lr@ z5irt(OWIMHfo_D`4|;_^bs#aXQQje^p}Jb#WW}>ZNr{j6YWZ(%~-JMwVXmZz9o{SxB(iV+d))oPmR{yH)Et8xK zLBCAQ7tps;+SmcBOUs5*qh@+Ox|%!`-3#R5J97IGFFKFG1)EqG#YPrN$*FWA=3Uu_&y*%Uujm^~x85D&dF6>B(jBJ z8x_3mwBMMpUO@+c-p34~=EC|EDeTM25b?l0M<^|k@c9q0PL%ku9BlQ}O-hy|4!dm$ z35{7Xq~oZdm$rd{>WGU_65uk{FU{Kw*Am9&RXSK5s(`QNWbbex%{3H_w|}Oz zrp*WU`JVhobqsDFzqo{#x{Ol3jo28R>H;`xs+9QKqW&_sKce{h=_MxqRlbf85)==C zb?$#Y4fb}g_;g?L_vQ~O*r-{dHrHjMYvi#ThqJpc#l{q~$jU3XPAAq>V0wNEch~l$ zg7dl2$~Xn9aSO*LDyO}i{C*il{tvr0TC^7iY&OmXlQ^$6Wz?v4ov0LJ`A3@(u`&NS z+5}qzU4c;XCYnZ#q|wK=Na8z4!sd=iyMd~0H^KztFNr}f5MA)Ij|doL5Ev{}ychCUJJDT41E~uLP4{J9s`bs<(8k_xayaou55AUtsa*K6> zIy5pNG4`a?%+3y=mz%3|Ib^g+6xu<*jZb9;yv3x6C^DFQ`k{io9B^4w2UYX{GsXkx?{acupPcAGB~c-xKM z{1&mL%di^QuyO$;D3v^Evw;lzT+Tbp#zD=;iGH&Iqf7PxiY|A(J|L?($c6ypG}mq~ z{*|!DcB4O$^4P{OHZP+QWBJK%mpf43Qp1S=_#c>6tVI)O$;|>q>@eL%jzr*tv^=oY zvft>Hx)z3m7ts^5&yn3FHz`z>Mhn)`H(27I2fUx12MmIq`4(wznp`&5&hT1fnEl5X7$=yMbH5n6Rss`rrJ#J+A1kW*Fo7dFW(3Qs1XB z=RH3UeNMdofWGw#hsmqv!da1YLkLRt69!_k+P&lemEKutrC<|14Fac#CyQzV1 zVC!r9c-r6$S*U8*ff_ z%hi4g(_p;KB%%QCjiUZz;`KcuGa!=;RPlu%zanw}^mnClo1?0)+=y^;PzjKH@3=$t zRm8-oRoL~fbaE>(z6w(5y8$Ls{%~roVk;;24TS})xbzFv^)3Hhbk?tZM2m+ngloY2DU0!n}B#M&655anA)l{V2xYlk$RWoUu{{^E|ngG zCb|mLtQX|~ftfny&zX#}P2IwJB(~y~yvW;B*2`znpkO~Cx^!&yqSze!mXCL zoM!yE$yL_Yk27>pW4X)Jw2`Vk`4R-GO`<2yCs+p4Bn6pPN+4hz+fh7*=*CiXyMd=f z{LuSJEkjy``ix)3JMIR{Bc$HSzv7rXhBUciSqNR_3k+`bSnLb*0nL8^=hD2I6u$kN z8~J{97$gHG@Yf4O5Un>WNm;Nq(y%j8i0LCQlq!Uxf{zPgbp2l-h9Y(af)cOD5$PSU z`Gz@KBdR?QfKsJ^nRMz$%(BZp(u!LQv7eAw1`|5wOF7>)3r9$j9X|)NEK0djs^PjW z8=nH3J+0(;_`21pCE-C#%-x6(e4|3#KPp;vlMuLb_R!6G3B>`)7emZ;{f&yls_Lzi zvZMtw;Ucf$tmbxjRi~bm3a%or5cv6>nx$r1VMHhSFeRqLwTa=locB`cz<-Z(zF5UZ zk~>FNio&KgfEhjU& zEond;zKNNnKrZGfnOSFY9uW_Nh{zkgSSssdQ7lPUFHTo0>PID&yol>w`juLVX*B(e zdPV5NL46HQHygCT=~2y@5@nFL*f8^0>1;$!y*xh0!ABmI|m}%%CeD()QgEZpJL##jl{p@Rg3pK;8#=xns zjwJ`i;7p;*rd3*s0SUmZ{VWPJJv|Jj*^)LTyTH+c@z2@|*H}7`A^=jxEDzcgtFQrm z!*GYgyx|50`-^dOLE8b~@Qs0QJM2o3k*u@Ex2!bR`i@@n!DIT4I5M`Cx&4RiX`AeF zu8i&QCjT1+jnjR>k+;5`v|2b?`3!Az(pN99!l$}HKcVDs zE@*WB%RaXiR#SR4fI$z-a1^hbXj%>@d8Y+;?1V~Yubeb%{c(9j;nC3rB_CBbH8^*< zKOvoMv3|+TPhu_FVMLyWOtswUcQYqd7U5Ayx@DjC{jQ;IbspBeC=k)$IZ7{P6colp zbH=26AD>_9klJBezSw3S(@|TxGPd``H(F>!|N0h&lgV!H4l_7K#YyJAI+wSQIWv>= zGj_+9i5n?D+X- zs(Qwi#$6os-0mgoJ5aV}oo#)BT|j0RdoJW(-Rfg9&bNiBO1Nca}$-k_!CWEMo5Mkg$nw zQ>R`piEIld?d3x}O$cK;RH?B7>`#-^%!NGVt3fJ5nxQe^IxBq?++M=OXTPLyg+LrJ)PZ6nx zLQwBuQ{B%j)+^j4U{_*OKwD&(f&4<`|0?v;9QZ$iel_+^Wd=u-jfvV^Phvc}#9jS4 zGiS+j?{o<^wl1};F^cDFOcmRXmI-3n3zzxDvcvuvMJNvn&LOn!f9af_X=fV^N7yH- zDf#Ui?I|R|^calK5D4DSSl5rWz)w3;ULh^ya6~KfVWACC^EomJ8c7b0iH`2gR!$ zn+ciO9bF8Z6&$mT6p}&gp}WU}lBr`p^867l`f*(@MiqRt=F+08BNgKvt5-^KLkLM2 z(0dQCG8J5^HU=IGYG&{pY{*2 zInx$ZCZ;?X8cmjZoh)Hr732?kRJku`B;25T zctCjzvqAe59d3x!ZD!%>`F4H9p2v=sVxHJ-v}orPq1v0zpYpwIEWxYT6iW= zYwl*LPyrEW7{r{dJHcT)AAwon0npJ$XhNAhRH&+idthrZW#73bV;7Q&n+^Db>`sQ< zdaG_C4)3-eUwdm6yfvNKZm(x?WWsg!byYeY|HbdHZE>4!J$iNDi+53r;mPVe3OS}X zK(~v=2R{xK=>3?ERHIfUg7@OSmn>1;Se=?DfI1ZinMU5-#aX&tSX>i@)$DaOz)SC^ zL|_w`iJ})$E;fKd%Z-HaoqNiz5iJ2tK!a{`U{M)>wSRJB`Fm+ca++_qB_=5V2H`!E34IhYI z(+*P|t0s`DO~cCeAKik3#jb5jzJSlSaUy5ckQNoKw2SUvr+8tDgR%h~F^@VW?(Q%U zDVSdsi!uh_oT|*EQvwrIlW9UGaB&NZguL*ud`hSo0Lg)1dLo~e?)6^@QfdZcW#rd0 z^5d|M`a3RAlT3xU6r+ zTsu}Jo|n_lv8$Q4$i}aQ{L03GSy&lLB3n7tvuSz+uWp@AY+i$6ul|4xU#ag$ELO6J zTri|~46%_)tzY&B@ zHM{97kHAsdBnDL{yD3e|xe-MB>*>hmDU9=s81?m|k?4Z_>f-gnkgeO`u=ePFgsJ8w z#4KrU*B<>4Y0YGaeOcL*b+)$bF(P8&8(a9F$$T?w*msvH2E%%&c6xfJoKx9B{M9ld!P+ztbqfa`45r(kf z@0Fuk;iG{eFQ(brRo?J=jYo-CgYqX5_aH9;BGSi*+$GVs0g);8&M;u^-?9ztTgx~LCK22vU!8dB~= z!@m4lW3&pOfck!Q$Ve|&@c#CgLV&mdp;fxI#G&8CRsuw)FI~1RP;o%O$gpclji++{ zA)Y+e?^o-QuJ1nGld=LX7JUH`6v29OxX4`OGgxx)U!zd)2b*zOGnixe!3i>vT(=ym zWsiusbm;A+)D%giKQo`^RG5Smm;!CM!c)hpXw}r}zOYPFwlCF9FmFV&?<6ej3mHJ$ zVX=u#gpty`2WRzZ)V|J z?*)L@9};-*->T7b)9+VtQD4lPT$U8^x@Zfo%r%@;mDTr*Zbtvspx13pFg6yFK4k9N z^Uz}i3Xn06Vb4xafsyfLtAUy20VnD|Ie***-3LefNRx;oB!W1$fJFXtnO zrVc8jz_CE+rm?V(#>HP5wB%2+1E?e5$SQo6g}~v5$x$skFp+%CYdd4*5mf9x~PL@rT7|7T>|z| zZC0d6=i-1oyQnX!Yow_G)PF^bSQo6>{MUAOR)VF>fcgYPn;%ogirXwztL7>b!K1BP zT{PHaa(AeKR0l-o5_OER->{DT9#1*8Ryw&-szP#n z`M$NdDK0OFejx!-S3&`INwaE5(T%B@Kn?WkIQ&$Z5-BSTDKfK3@XQ#l^#{zB7>wWx1H#A8=Ej9L2dAWl&cblt0~tUjNEQbk zLiO2iP-(#?4T_SRH0_4CXQ%=@jnfG>wXuS!8_U;qM>vJNMQgmmxv^6FS4W*H(`X5f zD8FK7TMsup=-ExBdT0;XMr*0W4V+hTz$1@CNs`KAz44+{z8ICQx@GP}`w~>-yt|$K zLa+e`*xs?I+9Ir%|6|Wd3LBWg)8`nU!#B5Sl%1aUx0x|ZCDYd{c-z?n6bJ4Y9F4zI zhKbtmD6BCQ&(zcF=+hDG?AWi&%x{0ET%75KHK=|}qD2FO;Derxr6=pPqW~X@MrN~8 zI7bGz47KWz=Uh|zxo_6Qak}4IvGHWSY-l!^(5DCSiyy#Tbdf-03J*Q(w7IJpSM*$b zu3eXe7QcL!#!&11{R-{e;CE2_hz&3(c`mgL!Y)W1TxS;di8t#R9XzAj3X1flM5;mW zfz{4P3wbG2t}kaLMhh9s^My9EtB*nXFnW#z`P2gIj;ttS9&W9 zacT9ubIKRB1&jX?E)!OF!O5<_CK6>;eWR?Ti724(VC_^7HPDqyT6!hvqIZ2~9AWU3 zQghbBO8a@DN-Z-XX>V_mwT$3~C!-GbIZ2-P>Jtn=c@(jSU<#JFwLq3HmGWeY_*`t? z-lgGjt3|czE&;>1yQ%!=qW66YE%KrEWNKyk&=n(u##F3hTzscYO<4FSe8Mc2jpq>M{|%i+G<3cV@=&?~g)Fu8HOvR<{vj1tGwj`DRO z0tJK$vC?ajpV(y_>@A1-3)%4y1jJEwnqt|1y-{|U&aY1-HrS2g)c4 z%#Q~an?RVZ$)Z{us(6eh?NhyXqA7LfE2pqUHN|A<+8M-tj;Y~ti-BT+S&I(ou7(m2 zEz5KYt0~H_gWlKFw@ihgZA#i#>P#$tqgT!AN0n`3K6i^{u8!=oMQ+|?S%};hV5(NA z;meqlrkgoNLPn?kPG-cVar5_kZtJ!*#+r*L2sxRBINWQw#axtHNZAYImpR~zZy-*T z=FDk#%@#C=7wI$g@aZFTA9 z9Et;QD!(BLcG^g{2GqA!Ss}|^wfY*cTghAPYP$RCC7x+W@aHVKfZRasF!`bGtw9xb zCV)%ZMs#5!t3M=N-tc?*IM>`Ee6+8FiClH*0h3&Qia)?v%IlrDMD+sy_WXEqUU)RE zylu>BvYq_v;J=57#^b&>FNYBg)w~a#{iM=nF7jPxi1k?BdJ&;KUMJhyKo7B?)v`pa znwjHM>9*U)dx_aUhg70=#P04$O(!1!5P>7DT*B!wne>SUYwBv)1s5FgW)_tYy91sW zc%zSF01StBC69bvUj$eMCA_OJf2v`>9FHdst+?eB@U$u*2H@B`cf6Ko&1idqOCZ#Y zx7SJaWJ*I-F4w>^oQ9wo*$=Wm?MV`<{^WsnIOzl=qx%8>l8m1VF6JLfS)bcbPN5(* zvqY$=F4`N>@ZlB(eT2E)#%P!`wZYcfk59Xq*&8i;%L~hrUj7DMNM1Qhf zbF^z3>GnD?WFRa!`@kk;!nN?a+0gwiEC`yeI0CwMx4rgrdQxBP zz98$4oV6v#;twtlP4PN1e->V zHjl3un}p*5=EeOw=JQ5VwXKrI54DmMn+Z2}hgA}CsiC+Low zZ*hg=3|?QR7QW?RWxPsB*E%~Ie*%^zP4C7$gqZI|1B6VIu(&}&^kI8YK^#>|mJ1tv zO6NX8{HI0%sj}TvroEBFO#HS;@zg@uop+6!%1NEAB32~HIIZ^bvOb}yr6?93;meD| zXdRz$ceL|S;+NbYYAhTHkc!D<&KJi!9GY>TVOLqU@T6zxKTYwInlDPyzPcziCTqPW z74oCYB=Xi$TC2e88hBKiYm?B>t}|B>BO4oa8N|90SCyFFZpWbkO^G!0^0EP29$$8P z2RQ<{B1tKeonE0!yQyceQ?NR`K%G|@OH`@9Si~G9pLR2kKj%(Rlp?OMGBn6~b>g?2 zNM))+Q?a#F-%WAi=YurPisab>9HH(#Xre`6-^T~2AVcOE!v+#ILB}xHg~4^dLB{F= z#(gX3b($ho6Pf9BZoQ+rZGRcCu@1|WV-MiDiYTQec%tnt@51A=OW zdTngiVRJ2B$!>heZIts1M4A$ZdicynMQfYyg(jc6N z&!x=Lv?7>_$8MFaM!#+UM=C|t4yO|rvUX58^$De|t57c98<#S(6x04-hdq$aG4&lo zeXFdf?x_xEVq4v~X+EQffWKiguKEnx8eR(mZj*m1S)Ap*R>`zHMfw79+F-reyYFEq zcskuLzQ%@kVy@dYqjcg%k*f}oiC=Vb=6>=TUXi4xO-({wf%u4;b_o>1qsQnlPs5XV zKQ{pLZc@40Rfy3wLJ)K!LVjhUK~`a}!TPtKLP0#fUhBzMYaks*?VHw9#5xPw>sp35 z&lmQP?;?nf*ay9SVU?kfv06|z{WGFxL>%XFpG{PIyYyH}lRJ^{GYv4ArS_<~p6 zS;n}PD;OZpg~lk$jT|jh)Pk0+fyruay@ol<3xeF?kPcz5)a6krIXfPp#;~lJ>aTI| z_z6`_Xw@x3S34b#MO5MKwM?K$QhGyKer>3p?5>ZUL`)5W$Spen=8{yU@OapfSF^+S z(!tD@X|sr@Mo+Kjz4-=C;VHUw+G?72CleJRxj;0^;4GRvu3r$?bT+4SFR=Q+<;89`fnsha+ zWx{YugSd~kYIc$L78gTc7owW)(@cWtW?P+sq&-Xvum*0E5)TKn?iuxSx3l=qmtmFJ z%dlYXblnnaR};Z9CxI@(JyuUYA>Yv7w8j`?1vUI^nJ#bU>?ng0I==TgOZZK>E7p>d zd8R8l3-}Dg=#IHT-J!;3wC?{Rxn%h>FPo{2Q@cVLgs{d=IN#c!yfUHDD`Zp8QQct~ zZS`O|k4vNG-E=4ENf}opfnLilmheC|71EmN8_7<+q_=|M(;`iP)$*X;P@L`Lkw9i7xAC!cPmOGs* zbi4NU^Nf|cV#r}gfu~)+rnANpUh9Pb*Xj>@%G~nRM>+<6#$mIqAQ8ECh{JGLh=zj` z7TP9Io}MMV6`LcwwY%~nv9cG6k_$R5-PRm1x>CUf+#I21+>dO%^hJV?Y7lyE1f}Z z2w&&H?Vu*dlR+T-HX5+v3p1f^+*Hl+T(9rb)5QdmlH0^^`RPsA)EuyIxG@wLd-|w% zpd=4D)D-R_98ZV@p1eBCh74b)=Q}G_|28_Go zhdr2q=FXFg_MbLLwRmhxFMqSNRVeXG4(mzpZpm1>7C2O20%U#zRN;DiC*1oS=iT(>0H?XkOc7K8=dv)7 zMr@8mg7i7k>LrG77c3h=9WJ4@Fmk8bGX^h1eyTB0 zykGQ&ro4jvVND6UsOQyc@ZndGGnF|2wII#M4~*kx$!BVef+tjoqYpI49zX*a&a&XV z9&3mGcbWSgI2IRcD@EWS^;Rno%O(xfuQSu4mFZZhVmVf(<>LZI7Br<;otfPGHOpHx zjZ(TnBy7OFF)YI;fC|`=RAOXHq^3}|e8%MLJGlUMVs&6bOs0lfG2TH>T%#xCi5%4~ zF;Q#DigvN1XaRZ*+zxdz7J4Mc4Q)`#Pw9UOlzoXn@%lb}M_90Q;zKRci`CSr_efVn zKglU|nh0U17r+RQfh?q41cFWGXZ)-7M=vjEoFj}!6R&mtHD$;q+6lUPQ}A3lKc-Xr z+I1}ETjMODdxJvlG(dR?Rhs5W5amyr5)-p}11)2^yJU$D#VCQ^Rq(G2^rjzQQwI0x zI+D7d#l#e!5eV<~BBRiyCHt+_7_qI{P3`-}YwJ1OF5iYFCY#*8sfn~jtx<<3zed_o zfECha55y#V5@CI06V0$%CNsG;v(XyGwnx(uXQV(e&xLSzJUh~Oj;we#-Hy7`h)}WwoZ>F!*?=L;bZ?*tGZ>N{mLA_6c@AI3R-Ccoi zhueecqcy+#LA`I~q*uDH$Mb%_hQ{x!)$zT(ov$_nLBxXzB&OqmsAB8`I9;LFx)IYy ztr;Bc-ye<>XKiD@;!-h-BVPNHY0qr%%Xc^(ssCj~>pUOKesZpE$7Hw^Vbou=yXe=< zjBBgwnpV}N1_js}G5A>uU(U@Uu81D1+1M*~Bu8KrG%Wlhb&P_yz{g&IAondnVCvWfW6d7vG9$M9`yJ3AJPWPFNjrYr9$=ld%UEAM)#VFHOkS!P%(wDH8vko;c) zCk3oBi6OMfks*#f7xDB9et!3uh5+HPZMNV(l^hb z+v)#;oN31^tsX>uFcN>i7>LsQ{)#8?`xT!_AbxlkhRpTef5u-sHuL>{)QTzav8jON zwQ*x&v07}%vTg67*NN7@P~<;)aHL`lXf}}QRA8i@pZWs-d$xd|hwN$WhM*hTHSqLx z2A@(m5=TV4b3Sc2OVow=Kz2rEuWFo3UQ(o4%~83DRr#&y!A!g`ADpHKg{t6IzpogX zw8lq3Tw-}YgspM`Y-Ca8OvyHw*OGgQAuAJl@YPPRGXxILlOpZc`DeR9jo7F7$y|kI zE3!jrsNuJ_A*^U>1j`*xH!4Jd`YH>kp2o_--*{B%TO*+z*3eZmGIO(MaG&kKg>a4 z85EX5Vd*@{L17sbmO)|p-773@j+~?M7#^E^b3_uE=TxL)$VEccyu_oe=dlaAONX;I zycrs7et%<6?T64zsvi|i*d^ha4|+aOA;>EXdrBniMeX&BCgK9GXe>t~7McZe+$3 z70DL3;%Xuc9G8*AKwB`QRn{cv)j8cQHLSRe$N?5USk$Ks9}e2|lx1{_F44Gpm0i}) z0@CI+WYR<-oE12U_5_q}6H9$neOmsuM*Eb}kH4cTJGndYW4ISd7ZiEGZ4Y zW3H!$UAtxM*k)sniwzENZ-@8v1sDqg`XM)sE~E&#e;^wT7xRAO0_1R;2t$1Fimo2M z6n!kDBX>zd$A-OoSWbdWT@JkvH36SC2y_23E5~asj+jYekfoc@(O>W%V>_b1_DKA@ zmH#%M=@6&E&GJMF!yejJ_`3cyS;#Eaq>$-2V|Q>5!QTlrM)4`w^sQvH;#-O+EJ8D5 zFR|K*$8-e<;*nyPGF^FP-y>(He^j#E5Zzjv+ukuc_h?3RS$J1ohUg%dtu9 z9gR?=LZ%aPEptZhWL8@7vMjv68>aP-a>_E?11<$LXbktZ3wuY9&gJNv!yVWD3^!;< zH7wItO^HaRGPqD|>*Dz`F?Zo9pHFKVlDK{Pzb0F9~#C-&$h~EwF z)xNjza@XY{`40Omn94c&=BC{7_q(h86wfksKUVkS@px>5v=6i_p6@1PP2?gVMbR&+i>)_jIZE;Cg8JC3v}NQX@RJ%@4jg<$NiQI|~ZS{&vUNldKdj z0>Y>z#z43wtVCU*WWuzbkoTHt+X6I?fQ5CNV?r+IlF&>$w;$vzSe1PQ($M2?Q)w1! z^4Jn=U1mnt<%oLg{R8@3lR~kCrA#C~{-iP-ZBl@qzV%=Q-b!GA4r_2OQiutR3S?Il z2U~z$8fuSyA;nlpX&}in8X3T6ye5oXcp-{Vo?AVZny_F-5+=Z6iKvjsZ0TP0{`{1@ zAP4qchp-Ye$^p!ZnGNe>6Z;nQhn9&2d_= z`tLQ{V0T*&K6=FVi@~Or73%ZC_0E~009N5OfBF|m=})*hHG9KF`G6^0yBNzs^F4z` zh?jrx7W*jJsjfn;V;Jh|==ULP1FKR&NH8Ueid5!nZ-X3$G+9K%Az$?>wwpCT1@Cwt zego<{*MV-RzoV6XRoAU8#M3VBa$CrCJ>*7a4DW4zh_>;wj}RW|Ho}`_u`)v2_}NET zZWNPiBeW8=K0*+D&pW~v19N=00*$MSJUI@RcOR=!i4i;Q8CTkPQ4hxg7c1L;1a~xN zoL-ynzTJ~Nr)p_cJCp)7VI-t~wLgb3-~jB!%QnJo^&WHy)oTX}Z#UcPrB2KylYRY) zk59tYJ~EmF14-)pLO7!jP=dQJgdV^JuoOCg8~yVK?hd;q(+^3`=L-|`rHqzhlQ*Wj zZxkmIE@G72G9_46<@OE`yG_wKUEG>=gbsokCA7-=TakTrb zEVVZN2$Ogouhl&lsl3Vg5bpq;4r@k<-L6y z%yUgol3Bf>cyWDPZwT>y3#RZEW`8F%_2!X#HeE=0OAb7Oe$LIJoK6y% zM_~G~=5u}ImV9i-c1XC$Lgh0Tz^VOR0bY`XQ2@z+Q-jrQeVDM5!SeE?vwWR!+fzrh z5bv$4AYoR@Q8dmFuR%{!=lr#;$Ee}@=9*ZZ^t<#@Dz z3F~AXCy6YD=@9gJz1Ezb4^NtxS#=mJ{$GN3^&a@#36`QOU)mPx`-!IRu z&M(g1-Wa$Z{!Q;}GegPS0%b1F)jWlNIFJ21Bk`%cJRv9)ujI$F-*&SY;ngNxELWk@84 zxda2yIE-ULZY23<$<&g}GdYD(SgyEPP$4zZJY@;Rw1Ms``!KiUsaNI;MI9(fm@tZF z1i%rH4G*d)!u&N!rC>yg*aq&o=;x0gX_{II^YP=)UU|-$p<_^c8hGpRdBn7liq2b& zjQCVARcn_$dLi$94;2*qF*z$z%rk!>OJT0d=_NIbE?Cca6KiZnN^M8u9XGCHVDfa4UfAE0RW(u|6C~}taGVhuz`X{(NEDMGzEHW~7LG(hF zSxTlfxkctkxq=JE63^u*f9l?zL-gj13LUKL3#-niY=1vM>RsQHDs8@4$%p73JhXD< zg5~hGr_r>9q@@5%wbC zwui^CBQl@=!Z4X3D3qC&c$ZA@OFqPQlgUu z%PDFzc-=-*2=&?Usc;mVfc4PwtCO~g6n9J+sEu+!ebo5r9Pk@thRYagI&S5xN=Lg+2Yi(K!c?_-GZtL5B9Li z_)q7QP=pBbx@CE+8^w2I(-d5AaSsV#SccJ6Wvu3RVsEtGrdD6#SnhtKf}H%Pjpe#_P^_cFy6f(^%YA@a#=2C>G%RYepiq!Sacy|wGO{{Tf?Fw6 z3_;ho%dvobUXQyl7FL7Ph6ywFihT7Iev?>Db_a!o5~lTqOxxtq%284^tIpP#T-dJ_ z*Ip+@QaQoCpm&eAP&5z+UpI!=jazEKe2%Ig_P|5SPai5rVazKc+gtt6-ujAsLykpN zm&I9{1TFMJ8n0j;X!pg$5z=dUE02%K56sZRl|Jn?=-@I?{zG+}T77aQ+uf0SJw}K6 zRNxw|vxO{5bj6Z`k8}e6x+ef|WrU5@Jq9Yq<=ZO!wIiylrDfd1eXejkk)qpcM*=BfEo&9OpPv zG~kZNJtIX%A&AHmBDY&S9+6A^;9e7F0a&H9Jryw<#0Dd+|8%dwObfmxn0@0$Jia`~ zv;fX2gPAX?5=3rln2*3!xlCM?Lfp0%r9WC(Hn>50mgSxW6tg|x8!;a@6-!s!(k!@2 z#|4Ej72FT;+d{to*2#7jc5Qd!M(X*iF}Smwfp;U#b~)B=b*k3`kyb$4pJ1%r3N4R; z`Yn%ai6n{#)v73OscI8{R;yD~#U=viCbqIxI`8xA1Rab(q?h#AR$M3kJm#`T+O780 zr>p&by+y~WD&BhW6e#jV}!O{Uk!PBf>Y5VL*qkd^*bo{PbR{uEs$B>2~YG z&o*Rv{kayD`TB4>DUE&R)`~=rKabThd#%oZR_}3q?p))+EBZ-Bwcef&VQs1Q-^PLS zQ9qTl&F9X^D9?9kJxJ_p+FS`8nGpNDkZGT}SB-){>ORIuI^zl7NQ;oo<~7flUTVW~ zsAiWV)EvB&LK?zFl9efpQ7Jk7Mk)=pRBOuZ%dYwlckW1k$QM0wAIYwc*;) z;nTPn4K?K!xwYbCgr`?+WJ#%@1fykNmE#o#`*kUa!ess0yM?}DG#%Uh|NC<{x(b+^ zyp0t*FmPZkXfyWgH|ljvXh9QhS}p^RIe|M_c=}m)dRcb9SgX#HEIRc(k9FzbIK8si zxKj~IxMqNeascXGoY{#K$P|6H>4_6yC%&;A<3_0k3BkhH*B|3LI9xPfN6o?kv#b8S zcT!{S`28z*^x9BmSh~NR5}h_=ZGMg3?`kk8m@-XLhX1EiS(>W6M{$?5adi(3IHTHJ zDmjG`6upfdZ>Tm{>Ej-pu2ZCMweDT+R6f)xrG|}dXS-J0?Hq3u6&i;0#EI6XM@;CJ zrHHGQg1KWHm3J^yei3BInbwVgVJ&n2dzn))R*a^At90EEjw!++TCm2c8PF;arpw%W z%|kJ&w_)2iOyfPE?p#<{1q`M3-^z?gPLl-}P7-QE1y0u)I>3B2=XXvqz%d{O&NBmK zyQ)v!N+)g{>Oqsenqb*;C|DP?!TQOuos+dq_k3ix+Y|m)pB^HzN(_8gl{kQ?)~(GZ zw%u;0*VXhgcGT^pyL3|SI^V0?l)GXw~uwHrEruAp`Uandbh+H=v=bp)^rsr6r?=~!`DYC`QWUBp{V zT!8B<4105ZGI7V16ghy#{!5^lSF^;Y3t|riQyg<&V;p+Gei6;*g3owDg~^tHy|!mn z>S${_5Yq4jFjG`4eHd}|o|XPXeA3qb?alF?DyYy@P{XG@<7T<~j`eyw+f}$J)$Baq zc$TlCKY@0(jazs=3&<}jy!W*OpFOJd%Ul%+#v$Eg8p|7Z8TF4>mnW{-n`>-VRq%80 zxvR?)&n2LGVGyL7@4vZdeyg`=g2kL!idB{|Zse^rEZjD-C7M3rVsQMLXKX}Hm@@b; zyVn0;OZx{}SH1 zYwMke4m{Fv=$o@URG-ek%ogWdXK+ZO*p|3{(p<;!tJ#De$&RD0%KT%A{wfuNyC1mc zZrO6!v|sb4bzJ(}+p!%UN~l#nIv)R!sKzNH{?O-ZS;4E@OW%FoVfmAdm8jQ7+pMg( z07e-5jAw(ovi*@kUHL6bzCm3X)Ro51uxY>CP5Zl6SDfkO5em!N!M{y&*`>dUqbZTl+UqVehRrTVA)w^%j}l zH2NJYfvqzAQ_Ay>QtDBuN4{(f@9*Dz{{Mw z$|I)@VrxapYclkmhgshWdG8Rmz8^XBK8fJN51x#zS-&?@F$34?8<}k4^*VN? zdYa@=56upKB@Z%oNu(f|l*N=Lwsx7gt7)j@OE+;D37@Y32OQ<~q--Bf>Jz&pM!-Z$T{8#&dyBb{`JGdY#@~3}Knt zKr%ay#RIQipM3Y-cmLwBNmeAnFR6FyVi?pNc)mRbz&iSfZ@ypaU`*!jD|IU3> zRA^ob?qUjZJtBHU@)22#NID|-BeLPNY#|p47LW1o>TZ0u-YWJsx@0jv`79TXz7uks zK>`;~gNA-82Vy4gA@NHJWfr+q+-#U*yYjMCarsnAONV25yR!0|QdBxnqg_FHM&+bk zG1;z^Y*t8Gj`W5tx%n>Bwk^R0@6UWZ$qIYhaeT9~Q|llUdxMyepB7AD0xX(IF}ETT z(^EFQZM1O+-3p7g@I*^;locGeM{LJwRh>bg(kaO4tC zM_A}b%BHsbCVc}1T7v|-2MBZy4)`Ji10Ed|@Y~5#(&66Io|j}`z|YHoLw=D@xFK2| zXsi>pzGSXeRE6yv>O^&i)RJ~hpb>t&z6=h6ymGtyEy9qy&`i;Ui+Sfu-c9^`4NQtZ z#P>Rn_=Oyu5$M+?23-XgJ3Mb$Br?Ys4FL8cczLQAh49gPI^6e$``%`X{6_A3wSC#~ zrdQvao9}mitMbW?rvMnm3n4^P-`Vtf7Z>#h-Y}jV7A4%$joJcZwut8 z*9(J%kmL-B4xe;{y;p~(Ur5$;Wp=XXi$5odhi2$L)v*^J^v z#>ihnW|a|}%~)doN=of5`tUpyd+=uZzxaRswTZlK@)+N+X;;@vh`^&hSkjLfrh>iL ziNg3MSXs)&17cAGnq{?zwd3+=VceyxO6S7JTX}6sSY~WQE4!3MsrJHhz#vtj_s9IbvAu)T@zq%|QmCL6p z>Q?pc$tP0y6JGOJ;o^;5+BGNG2nqKq2_o;&iwuio27OstWxS%8uMW!u>!|W$Pb}TC8&))fj2Xwl^TPN zwAE&rNyYA%A_u92Htdck=5Rv(Z>A(HvtV=dJvjFD#yjKFuxs*y96&RBd15K2hGok` zpW+A8`D|LKs0QhuzTdi-+YBEtv`#CCnTBfO0$gdN)i`EdwWq47V>}W zdQ+m<9C#PG@{yd|A@;N>8rR4|W^%r~E)=8bi4@u>*jbN0ps_!qp+ofQVULeKur~}b z($p669xF<~JHv@v$W#-WOLr2_`5hBsgpWCUA*1AVOZL;1+zn9+D2M2P4l_uVACGi` zg^?>I12_6gMo%ki6Ilv_-K5Mgm2=_hgN7Q*Fm;4maeGNuis?dP3aYS1smv+g2oCFl zV(ODz_4B4x?T{+v%TJ~HoPgnHNSxXW`r0*F>X)A;wa2u(rbZo-qBegzr$g zadEf5x>^SW!74-Sf#yZVMraBDZv2ZBj3im94O1iHr;08HJGqy*r0`a--NC^}b5_^; zyqZZhd3p5m=*27YE3sX_bpQX>{r@}iEBTcWa!E+-{{;R&CVUo;;iVm>v*7y+FR;** zLCxZ{%uwUQuEEWc$eh6#UjD0p23!e-Na3D*c>qH?bOpn6dW)LkF{I+NFF*Kp{Nj*E zQGfi7ORJ*z5gxoeoU9G`+lC?6Mhl~`i)TCaOhKdi>2{k1LxH<5Sz5q4yzsYG@A}_l z4v(&i-+lY&tD2q-QfO-x3GJ&f0G z4@P2V*b)}7Vf`L!X}Mo8@m^?ZxSnx3-5g+27g0a0HjC_=?jD#jn)#}~mNEIv!-&QH zz9HDw86j4$sg})8;i&p;4@+sDfAykJ5f5B>1CqZ&6@1F?YsA>B;{!1&w4<&`$Cp7mhL&zbOxNV2 z)vv*Kb}v=xY(S2fSXj|G3mMP-oR>t(0-CNriIoMp#-DSSi^^$CR}O?i48+0`W%9?5;w^W>+zj zD5mW(EoVNBJro-D<+LAZ-HV15X`Pe+4h!67R>%9`t9`nv)nT-cvEo73m((me9XJrr z=w9sduR6dBHBKKkYjpsp4BujREW#b^IpLa;{Z||F`nH~$ICv!sItNbbG>6qjmDv!_ z%-nIR0+xWMd`ej#iRH>P`Ki0BkCS(FNvM*gNS%u?_!ur$Ui{V`FwP3`Qp*!*@gjGaRYOWMhb6hWyFI*Jik496!!FcC$eseDbGDH^2EqK|y#HJDl4O%f_tvi?c)6smzbE!WzUQspYF|A*>&Vr4a0GKQ0K5Dy=eL4#TFct31Udfcnw)ZdTSc>Y zY<7$WqU5%mvW$W94acF+*zHb2fNDzT+w*gMY?+Qwo8w+H9RAb}-~P-tDf(SpLox8mgJtIeHC`_gxv7r6*=>f%Fcf@Tj|Q)<9q^B4+sFdqM6kS zG=~o$XLw1~ugD&IFyHTu$lk+D+y4nO(|Z$go(H@(7c-_RV+l5}=V^3QKFhK=fTvZa zQi%l#puRj|N=X$I?uZO&M#n|`>y+5n96%}D*k+qBl_ zGavjga+YE=<#8Pzva9QQu_7d1&)3q+H*%D+yCa>_mm_$Mc4$;n8xz%J@8w>A?`O+V zJjUv|nN*=eFxS7>BL`AJ&-NmoF?z@R1<3B2CAz5&w-)K|VrC?rOpT<2inzW$9-+Hu zb;CW-@}!klkXL}=HoJ1YRuki*e)F>m0Ccc*@%BK0-20>wjC4+5fxVxfcBdWIUm)kF zUWP?A4$_+R=XfL>9Ov{GDahFm*Y0(PpNSY-H+q`~avW&&SoabArBuuwkeyE4WB>H( zDQmwcr_@k9Y+aOHtaaw=krG_Ctc@y?Nj@PU$2@~Qenhq( z3ts4Kec=7o`IC-~ZCT^ij}3^1X*xFGhij(pc)~u_$?@Cb2cPD&*D(X240p`g@RR;%t(qe^|)-v616avoSZ@PK^%8!j4$C zE_l3Ri?w~7XzzSzC#KD#4r%562vV96QM9VE1D1y}%aD#nF*b@Xds`y>pX>CDrtrLi z^V2X(9~rzomFi|XU5C~lZdABTtG8@P07g5L%5sFNuP!qQOzo)DOii35|Ab^|lkqU1 zE4DSs$#$Y#u^FO@S4wNs(ku{D1%kv)y^%@|ru<3B(iO$uC296=Dykhny~Jt@8rrh_ zBju{{+f30^g2!6HiqzPKra2d1%w}p=TKpOMXoZA}bTdWk)I5P_>lz8R_ZHjWVWD1o z2hgbZwbVT=oi=B_)c?%J_?B^zR&@THZj;@b8a{zDu3+NY(ByWjeRDX;wtjYblJ)m_cvpQI))x`x z&aGB?@{xf*t0Z`SKSpcGr47ZF>c?03+FhUlR7_N!dRvYr6|(zvIPzGT~*E7X(a z7mX`dinZ2|@g0B^nmMci^-;g%n>!}n7QNsynW=cmI0B6{DGp${EjGU@l ztA)D#Gy#004&kgJ>A0`J9OHWJOZF#|eU~*#5pAe)Ty4MKWqdl+{G~qX*OgnNHN+xy zGyeQVsEqWCu+!-2yhTJdjHpFWy3{He8-*3$CK+8$)=Py(M;-{+^ zjF+rE0WIlZ>16e>q<~CHMG#mVIPzeW%szQU>Tz6&H1nLO@-v znC%L)=G|1~>vM8&5}>}`9e6GbQ!|>d!&rs(cmR*FT~Lu`9x+VV0~EB#pwCosNI!L) z6$|QfpKgo+=%iRfkKH}GH~^>hh=_fo;km$GI}07_{}a22AcsM8EM=*jvC!wohnzf# z!H%gWip{MC1j%nj96R`AOvuiVGTU%2tJ(eS1i+|Xg>@HHM*wN6wM;l%OCoxrItRyP zJ++ZHy2gex3E612RyONIAR$wBSxz&q7uUV*E^iweqYrbSbrO)n8FLxi>`&1+9DET6u003;+*oA0io*iFl1I(q=cB*rk`)^f!7ch1^=sO%ipKteWN48Kh zgOIuBmJ_nh9akv(cey5m7TJ8CHu4gG93^=%a1V^;Y%bMu5FWBOYj3$HundE1J)12b zkf($-wZ+130#|9D1I@TnJu0N&>Orspz^_a!$bu@}z82D*jih|RbxgHi64L^&yyBbT zt-ljJ`HgySrSyYuT8ud9YXbyaT;bMlUPOKNN%rL{ubn&em6r$5E;wG2+Om{`moFXw ziMxmpenN+nAYwg6kLM3+9SCfRXFM``^xQpN55O^Oo=Zj5lB7;`T{h&hRFYZtPTGc9 zr(Eq5KsskBFXr(^fS;ghhO4;YT_!k4s4PU2TNL>MAdtUTllWh(^!NZ#5u6z^Wfn^Q zVH~?+MG(&N>)f4X2~4TT2Vi~=4puA zh+5Ym?44^5?~1ktA+}zM*9FLy?ki5}k`ple2T4YU8bWJ$D|l8%Twg>cEW8lT3A%=b z%}7{iriRmkr`^!+N%Gqrxoj(Wo+MF(`Q2%qBEREf#mMQ53c<42B1#=0^gH+@^iGlPXK^ zc#6Rfn!L0_zIr-Ivv+rVb9=UyB|1YFERnz(U2r_Ntm!2T{feA(tZ!=nLW4`$$Iq&E z0nk9gEFOE)8&p3X7tU-W&5US1FET>~lZDQfTetZ!!Pw3hGIoy$8pj{P<8?j(Wea)Y z0l&s5AaX==DOh?Omx4)nQH#g0( zIVsDTNTDER1tV~}dqc+Am%qF-zd}>a?~S6CK+K^!zq5ctvHtCc{b7PJo)Noxzy$F9 z0$+*hjE3Ht^}>4vb6m09)ac~2l(>Y?LcCYelbBlE7`;j=4Rn)`7z z@p_9^=J35j$iWTm2C^uuq{UM#%QR;8SgAsY&A^P}&D2ocu~5-!Ej-N(MpZ#+lsPjL z%8L#E?3lNxJ!#ptUsYMQyWWE(wXlRbXZx})_thVM=#a^2A6{9X+Z-^3KxNBPdc^|v zensy2{ifZDpVNe0hJu>W#UhWsKRvI%R!7?JPtTuhY36Cd$`Ya}*SCFL<}Y5Cd2LUg znx&*K%Dhui=0`iLG=rDeyt|-`$DVm#AAZ&fhv9M zS-)ew9m*E~%D!bf5r1}O%iLVCTt+fue0arb!;SqxY7VYeY9Pf}8J>xa$>3c(dfuC z>})NBFAVAf_zbkbukPoFkWap?(7JnzLJ1Z<~e-h$9 z84cm9a+W__z2AQVh`rIDKb7-2H)KZjETq1aPSbFD_M2Bb6)6F?GbO=P#K>BtN8kI$ zR|NX-b4*3jwkVEGCDy`R4^#b%i4^N8bttRtU-?+6rs2my<_^nEnV~$>6}XfgUH4n? zR~S1wq(ckI{pHp!)k%Gzt6g-tvLFvaeCiWg+<^s?wH2erB{vU{#UVuVO*sVbbZN{_q|!J8cL zDd>V$GbWU>Lomr;hpsGJV&N^wyF>MoPGKTaIWuOi_=0C_YKNO~F|FkKxu(|`!pPR< zWl=+$YB&wx;m1!mL@*q#xrSXAf!BTzg2IQxA?VUC|6ygVG z1h~S0LDfcGshG!sZzY z12tv$S91yB|BOGQ&a{GS_>Y2Sxb}~SutU^g7d<7vS00`pgC1CD20Q_uFp3Iofn3)J zj+`0)h`cmO9#I?PfMJ_BF$dH4AzX9Y91d(p2b_yn!D|z~gqO*Ct_{X3;b>6y9|Qa> zKfZ)wTlr_2rs^%yb)R6afGf+gp@#RUyfn+4Cm`zIoL<6{n*8xw%(MO7*WbS0x=oK8 zE!kPmJ-Ge-3q%S5GrlhSKDZNxcwsjw(8+j~-AC1Iy$)G}2saAP?>=WAkNxG-IQ9q8 zT=+jXq3F<3_Ko+d5ZzVt*@oD4ghq;BHJ6HK10qq+K3;!*fAZb=dsqDz+@94EG&{s- z#AE&@9B$nj5o-bexYCPDkdKj#xGHAvedS#-*|^dNGMsn~)~cjc4Z$v6Gqu=IX8u5n zirPYQc$=?X9j^G`*4~3drk%&CF2V6f*YLcz_gkFC;00w#t0k&TYtPf36c+4d9U8iI z>`Fq*I07V*ry1oN6NFdJS<|cd&ucUz)lA;Cm}p8G-wqyJ>eM-?leF_5m5Uqt?J9r5 zUlRM-y@(Tx&@H&;)W5Qt%h3rezTI9feSS)jzgsxHZWm$g?`e5>x>PR-pO5wowsiB*|;la)Kf$vyzOKR%lO(wbR! z?uGTEd%-E17VhOCrU9+D*L)>UrIl6asS|Z(u^Q<_D#$D2m}*uQMRSQ}16QbdPIK3h zr&_XfkK?&Z72FSpFMa#03*A1NncX2p^hWvewm!HE5z~TUKeKn8>4Z@cwk`v+>?}ny zDW=t}s8qRj9?xaYwoR!^J-*gPavPRWO*AcQP?sI$AV;lil+-$Sw+ez0KyRFN-;?ZD z+>>l4^m(X0W#!ck^YM!6UAAEfyL2%tug=9KNpyMO4fE{_1xFPMF0XDSgUhRXtx*zP zM!39w8NJX}q1Nd@#Mj!ytG!cN_1V@MndQ}?!guwB?VkDaig6j^^$TfOuVWYfu5qsjh zZfscdQ|Q039|*_}JvlZ2sQ<#WEIpMk9qf=A)BE7+`EUA*RC9KhmInffcfCPMapYuCfKRpNO^VWJW^h} z^dMP(dxu4SvA!hb^&~5%H(dwlRZ?Evx|WpJq5GGV*Q1J2(cMi}=hsP!>TUyiDt4U? zgQGY0AbPzkIr>CZ`UAO@Tx!R!+^2Ny3di;irQV^m;p#QeUIX=4?@;O;N^4i|P{QlL z4kag`l-{JLf4P zd77KeO?8B-_6|#_l?8{7<=mxUJ;do@_c>R94A(4?Vtad@4cl?PI)>jDXFy{qNedO4 z@GNM?Q*M^QE8{BCQ^dWnX}Sa&p?R((O=e72W{h%(3r`Orjo57gL=kw$^2uyTlr-MA zx8Z{~mBHY3WOha^!2u|%L*T6Vr22;@GE05t@gHB4oTiXWeV%uqVfA za8A;3=L3WMu`c6^+~dep6{^C>FWiehO0tNi{|D>++8*=n?28-jw@&1rg&Z$UT$0Lv z;IsAY6#rvP26mZ%z2S2)oM~$Hi|9aV&_=wp?M)U*!mt_5S*16o#F1OK>(D77TT?zf zbPrJSvUOo?QjlU(u1%*J!T3TQVKf(0tPeRaGQ;z%TxEE{QU0o#hE{A76my)gssxy{ zUWT!lFj(eLSq73*MFXgyhm?NhEIt(cR7k=s{Z}*#ORRcW_C*N81QlB?k9D;X9w+iH zgtK6w=M_wF63%xtxn&~7y7jQgbSdcE)zGN4ep`8851btVvoU<86*A?0S6t{0dG0@G zZ1lG6d}_4UE51mW7Y6J{_MPZrYl7a|R9!$6uV5n3xL`JgauhVPM{*hRYF0LGygWqB z?wHclh{_uu*qV~n$~V+FE=lU>>btZ0`M;v6)a1KNCb#5_fq?grMXS{~JxmG4zEt2r zN(HKM`s4})&gryEtyZfs0TRQDz5>sVDEZY)-VKc$7MczDR(E97T5j1Ae67)|`5V4a z6XuNsg9`j^IpNiJXO>Kls`An?Gs$tn^4YQbQGkxgd{S{Tq>NLkW-e= z!Z44quE#A{mrEI6^s9pI_C1H~6+}?uZdGv~a_gUHFPsMf#RGKzto8h?#>Ul4_<0X_ zjWk?LP~1#eO5}nm#Z#t9pbb?`i)W7krM{Zr*6Wbf1Um`*6@p^lTPG+qopbR-NJ>P# zKq~`myz80Bu41-MXvQu+MTy$i_-tL;_CHq2r?iw2`CC9*B4oPRQu)g%j#I%stRu27 z8=6wX?r4X0RestlW!?Pdom^g!?{UoiEAuF6P|`V*bILmueqQO(?k9H{1|&FQwLFUXE3gmbHDFescnJ@Sa@tv7;l@D;?SGM;w zajQEOs=TR{ru1^qioMo{e!30tvWD*ihFEOnR4JY5VO-O9>WwS6ZvmQ752?-Q(ig4E-IMMe^b zPVE9TepSYGJaHP}r|T8NZuq&k=YHX0=e<#~G)n4PZoF6Zkhf2yB63`<)Kntz$>oLB zjUcL?W_m;#__{Yifh}`@;uS41-cQDNS7+wkeZi+b-LwhQ~I$3i( ztWdrY@sW85AglI5Ky1DF6|FR2Ih^eY#@k_?$hKBaOCs0e#N6b=n*G73@V=TJ27QYS z^khqG9I`I`qWBA~(DB<9o2hmb9Lgh0ZN~@6aXU$Lbq(abR%`x1M^Bh+l_55RCpAPnI3JDU`;3`y%;{ zYL=1@RM07EMK7-}zx(jYZVYH$7iWzgf$Qqm57L)cua5XoD>^`Av?tDOh56RgnO1wy ztQ@JuJbm!4Gv(BGBP!dzFa+o}+}JwiW*zj7W~Xv)Nl%`di8(-gwwHpy*!wqeyDOMIymz6(Q(ybV#TaF=JHg&Ige5h<= zk`>x8h58WWIE~0hX$TidR-|BbX2K`0Laefq^Lj4s0Ffr#sEqyzIEYlBdSFs zW>$Y$kV z6cSeFTv*^QUBd7y*XFk3OR7LLWqBr-maeZO`F3OGHsfVZt;pK4w5w7U@`f!dZc^-- z;!{fskusG*n(!QWQ0kBvm4-31cXFoeWUZ78YIbS`CKiSY9+mJ|CmN%6+bSW&&@eUU z0(d>_SKL;RmuAMea%F?boSMX0QK9~sR1Gbaci*f+?2D9@5xOk%po_>;3*{Xbu*X(` z1Tv!wuNG;j_UM=#D0zolX0xa;Tqi0k_whKc{HU6rZNP@rC+eVX=Q8Wl9s*!~v+*tD zGL_#u+J`VX)Fjl6!? zrQ=mtarEC_@BOXS#XXbjt02-TdN)F`uFy=mxC)T)%Do>-Cm%Ncws<}I=G)P0pOMh? z3?NsDYokOeCbj*_=OzsM&2NUo;cqJS^sNxf?hO-|(eG0p-uwpX&uO8JoL@Pzb!HV3 zAU(gCGec8qC{VAmaRAb;Bs5eVPMH{4fp%Q*EM*D?_n)@Q8@;gNcbe_K@ zqR6t}I72yET}k75e`5)>{XUj%Ak7cqkTn`xa>=X0DKHt==5Gx*-*ath1bJmDDX^3=1iPiUi|pG>)Oxj?e;1Y4mzY_ ziBu_+H4rJG8AFW`X6>R{E7AfN+E7s`3EQk5Z0gIflJ|Id;X5x>HCnfBtD0dW2I<1X zgT*n_2%^HV+7ZEi_1cH@fr_I*+mlnl{}o0H(drpBOdAkRl%N^9bp|1*#}#BML}di@ z{A^Ow{23{AvmN!ZAPgKe2qbIDGT`bKC|h)`6%D{xmHyiM0TjYUVl;wjFCJ#iJhlYqxw)~+2tJQOI(GeX>WsZ(Uq{VJyU_L`G-M?x!8|R3f=Tg`cc5GK{@iWK84wYMNlMA)Y zMFO;Ku{k=Y)o8rU9o_n}Tft|)g3sD**v=yYHf(ykC3>=MufgMGe;NC-DGuYLs^B7Q z#>OGzocb{GL6Ym&#Ho!Brl<$f>@qsCGdfT$GJ1^N=Phj+q`gy=Y|+xTxy!a~+qP}n zwad0`+qP}nw#{9(y3YB2^i5y&&5XGs*Sc9_WR98fM7%Fy2EEhY_PPB20bChCQtN3_ zLNfp7y3*cgH&ocVqvzKVg1xDcO$4MJ-1@deR||2;x9&kN*6AbrD9P@xGYH-KXFN48 z+9h9(tgq9T->+ThZuPov&sRz75BJEE(-of#`ZM=6UnLbs(id611Eq2E{;tr%pM6M{ z?h$vdzIZiik*7?{l!9cID)op9SG-Y0c^v2KMjHpnN@{6MVW zEqfAq; zE(=kinrymQz1`4N*NI!1hPE?Sja7z1o zeIT$KN}jBXrK$r=iGmd`T3;$Ge?FVNa)_BInwj?VbX|(PsoRj{U$QLG)@)35%ZI^Q z5(};W_+x-&8iZ=3-nc25V9e=7N9(Jmvei7OzsVNg!e3NSFpq9}6IjE3CIbe)(&vvX z3pr%i731b-uG9qKf^`|z31~|n@_*#NuTYrR^4I^(F_T9ZH_|a-G({@HRVrzfNYK&# z5^KJB&oWvq2_bhWWqq*B)IOZ5E_g)t;b znj*|l$tCujpb}&=7I~5>!^*k|fyQsfMANuZ!%&Ot3t;yT6hk)*wymf$x!}=MVHnp8 zZr2mgUG$UTA>JP!998GxzWzV7uBiwTrK+6|O+Z&IFQN+Mo2VTu{jk-@G&~+0?|8Ma z4O}**r&gY$6;D@GKPj2!-V{p)saV^x97S?(-w_r#xNXWj4RwYu#QE(M$c_xo@UW;0 zQWtx#*O`HT2Akn5q1ZLz%eT3JQ!+vlOjP#@LJSn;k$OTH!CgRpDvKLbt|0fgHbp{1 zM7FB1DXvNM@zP3hw6jtHBs%Tqw$<^;iF`!hgb-BodI`r!5c zZV{~bZ84ry)D=sf@cy;sqAuh-afQD8Ye^LCfNCWj>g|6@gF{ULjG94(Bd#qZ+U#GG zVRw5wMnLSR0EmE44#H*Xxsn^sW&2@ty0b3~zbDRStJ8W`txA1XS7zO*w<)g&9{>4t za+2_A_k^1|1ijg9GSqV5+^N8>w81_U;(CaePO#p7oJX`A#L`g@{ikgSpkhbLJg>E{nX$1po6|E+~}o3wAP|Z zx4UA#67&Bqu|*dAX@*&|a7PwiJ(_RK;!2&89^~RXw;YKgS$@|!Bu<8D6<0+_&kCPg z+vqxy+gK`f))=Dp?IH>qA}|)g6-mYbbO0W#{JpouB}K*QO#dueI_ui~E9tAHZxK{B zu=VlW!v^&sa~%Me92z|mY!#$kB!d~#MKRc5VRrOZN#tTv)C;NEU8(#FJl(XBFmKA4 zD#Qh~BXbAOAtcf&RA6Y??5O;sVQd8Sz4F{k(ZiH}RGkMXSe!!BUD9d7tv~A8?||-? zo(zYV-#V*Z15~WmrZKxRw$@1~|6zLzaSHFnojrpyz#tYV;caTlyj4<^ z9lPVqgGFW#eZ~8bih1msbKXDBIxZPOY@=$6Wl+6LWbEw~%w4#!k<~kw0x6KkHzlEm z!Fy_J!dCr>Ab1IoqkDZ+Zb0*5)$9H(OgiJau5fVqO81+%9cVqIAGmy{(7b?Di%f}y{tDyS%$}-ezHy?N zYYqa1rFajlF%`c5t~(UD=>HbW31;9h52aA~$%Oa{V zbT@qqFihLBc;##SD3(f}unHS!!cEFtPW59A7sA&`b_jD5Sc%4EBNkxlgn|rEEkkPX zf72Ml*`@aIYmsR-Ie%Vim_^d>!G0{h?^W^KI%n-8b6ub$PZ_%@zV@t#S!pljkP6G@ z;DgjnWviK|JCi8ldzv|M_h5tB2sdt-X)pqpb{;rv;o&br^M194YmcR2vdP#3u@sfP zN_c%Izy<_BJkgH#pdC!o2K_GU3q6L$yzTdK#cj|>Twy!d*3CyM`~iJos^uR z|Hce^)Fr#TL1AAc#+qef&RX-(SBe<2`mCW~LC#g8AouBK0S zG35|-yF7JzDWjtDJqzLMYKH;5kw<^czVWQOu*WAbjX#S0-An!YIPO0!Og#f^WLLdz zR)!c8DUL`EDfx7f17vR_MH`Uxv7wPyfCd{N=prUBLT_-lNr^UMhZk1~>`U3-l3%+< z{-;082%RPcmBzgE`(r5ME_fm>laJ=jxCy!z#$O};*1;2InY(pBP>wRW`S?cT@bCEz z0AmaFag_w35XJBkd5yt5&)P9VOZu}nB?y4=lP^K3<}oabpQkr!`5y;Q4`&pPzop^+ zuP~RRND;6BMuI$tM&SpL16yJS$8v^={L=L>jaCnOmBCFU)E!{>C1ww(B((FAUSBub zwuVTM{I1*L(4?pi2$3H5^?Wca%l2e#G^nkR4>p%G5xPs{Sp*Wk_1?Q|wz)zZ(`yQ}YONA1rC`s!l&PiKh1 zY~!n~HHKcry>0O-_@`#dSM`=g<(pPEXF`MgZL7njeZ`k*XK~V1>G!2a=48*1t=>T^ z-Q8yW(9OJN^sYtW@_#E21SWYNz(RBvr^^H$fLZzdLyC0T%oIx4UhhI4Mf-atBBlr| z@dK3Oss~pVI!KHrWLRVktm%z&C}Tb7De~FU>sYhX%^Fx1t$fFO-AdFvKvI3quR|a% z6$81mHyVmoa=tpVe+To^1h@b21%*Gm4YGiy)Jc|#{Eg)1PGl zG15ZsgN6aAei9=0gB{Yg32$a2$6+wFvR}n@F>+sI9$RWBwl9?gCA9Xe8_?hQjEpTw zLZswf8rpz$8+maudGNo6Me8S`%a|q`oJJYkUF>~SUs`d-r%qr`6GJu8uW*%>rt_n(x2mSF+H?+`Kez}VKZ=AwOln*d0Ulwj$L(qdx96e z}?S`OS%JTcy znQ(hC<$5?{2)bPOVph-I?!zP52PjD17r9pUcT2Tr@Q)XV_Lab(Pp|O|CI&);VkY<&s8+9D&D8&IkYk#po%A2kFgXmlv_rf7Afl`6l%zL+6-9Iig z&K0$;Ch|wj3!VO6g_%DG`3~UvbZnTK5Y-ENsbo+$ObH@H+gvW1(}%DO{p1Zh>4pOZ znAsT9GI8jr5`dV2Njvkpgq;~)8Dn><;i>U&ZdSC&m92t#c<24EMYZO%6z;L5B8N>x zm&bMk4g0?@?^5bFaNAAAUH4(uRIbsiq^%g|N5dU4Zd1Thr=F*<(=!_oJETdFV*`RB zd`MPfl}oSteM&)wCA13$|<1^estQhk|6C7eSySnPsSzWtm4g< z9qF#ft{1K7(XK)l@6UuXZlWGLjsI!Xw~#mrC|5jyX1JfR>}QcE6J3d`W z!>pZw#9a4=>!h+MYHSeYq_8ULToCP`vM~-#ZdDag@9kizw93&h<+-+`a56pOD*ud+ zO=aofl(I~|*VnCGoFG}9pecmrz`lGOER|3PuWODOSCLg%H<1<&|X=H9HI|4!>pBs#Y? z$VZ+ujW0i>-4&Cl{5uC?G^aHoV3afM`tT%C*i!ICkhihwWzWEKg^c>*2F zJgIG^eg+D*qT<6|xUNC|zNgHYmq$mFKYO*Jp3ogElxNzezmvv(3`Hu*dZ*ayaol_u z*iZ{*z~@^rcf>bJkFPGTFF^7t3F`FcQlHFmqcCj&mj(SMGJVzsF3fGfv~e^l%#B}Z z{SZu)`|rb=5t!&BX?=5LtlF9bj}x^{SG%RFlG^Ckg^YG~nl%`7xDWGA)zg)fjo-`ii_O7ga71zm@9ZOXAjC1%Nv7*O2&y_d_fDUIOim9sX_-$R}v_dK37`1 zOli({Cf);i{+lgs;)_7dFjJ(2<0d>tHi>>7a32-Z2=4@%r{0Cz?at!?lZ9efboH>@ z{H>jN1m64U_@LNI<%osS+PvM^L?vG!%n(NsN9qqTB|8tXxP-``^Zq*v-;fU2Jco0p zxXs&M80&-^R&DvHkD0lXl5HcVja$k%KN^kj9e#myWl{b zmIN}wGO)|YQD^|v-Eru)mckKTJcW*8DQ9I0I2|E?h4C!DB`X-S#qqI!(Ji`#R8Hn8 zN|;U?yUJD0ZKA;^3-o)^xlU38cg^=NvlukzBveHUUb*WB#JR{Sz{$ClIP~i>9K^Ne z>I~&^#3?d}LB%wt5i<|IwZk!^g!)MJWU6lekgerw5oI2{HJky2H zF|XKl2av6lyDNCAeax{O+G|!4YXP?U*pJ#oz}&F>?{M19b3VW8ggS$VR2e}1$}L9& zj|Mu`^KFpxZ}r!)LMcq3*Wp!B5az__)KyFYOf}d~POJZ~64O6cDsq*@=na)G;_R}& z{ueb|-~X{QbVd2+NSUY=DeA~+A|{rR<-^{n6=XaHVp%&DLUd20f-M|6wq z28@oH28CySby$TiWeXF&$+b!wKOtbrb-<@3Cq~_A{?mU+57Jj3Nc$1t6{k<&CKh zN3+=7v@C3B&kP@kX}WTUkAx$<{6UA2oHx5EF~dr39ywQaZYj}-p`186KaFgBh-E{& zp`EF1$!s8m(a_Jiq+c(@IhUzPOZJvbG+-*IG7NLPpbc-K{JQ{+|7A(0X=Z*B;P`wX z5_r@`W!RB@aiW0s%Ky+?e~gmZ z#07XU2{;+!s27MTBKzfc-IHO106aer6fIh=9}@8}=;Acryx2T4&SO@%lmowM)3gEE zOiHBM*HPnAbz)-GU|FquCws>p>ISw;a;5QtTi2>1LG|(y0L5|8y#*Cv&<*6 zi#qnyPBnCWannhyyRaNB-56m0-5;oPhlPOzIQJc|q{GhcS)H*9*Ekr$ZLO$4@Vg}9 zL&tvw?b;xJWONT=3yJAK|M|~nO&4p1@M-WGIhL5SE{Rfdngrf*_Mm{ zrsNXNMdShTFjgCUWy9JV!dRtt`k`o`SK{lFiWaAYEa6XthV5ZSdm<(N6%m(>HjwNh z`T0rxIraU1xn0)N?fINt9rXRF{dv3piQ2>aIsDCiwf-FX_INzqANzh^55BOap8gE$ zeZBZb82Uu|e!Wco7@z*2aEw)|`My~%J^l+VW@bGafG)-)l;1@xjIiE5{5l3`f{OVF zfU%VlL@c`p!na2oxFmBD?}+@jFZ7peX8kH{RkCa;QBfWCN<^>Q1LV}5g1yuIJahH- zs5!F?tdNs`;q62T=Pnr>>y}kWz7S^(%2hN$`$R-^8gx@9P+<)rbU{`9T{;eFD)T!3 zh23 zJG=z80B1u-um$!N#46|NDZA*>B-8{>I*vFTh8TfQ!gL|95%^hTPW7%1#sD``c!@g4 zVbaeYAl{rXMX*B(q>&30_^d>#6sGu)BUSNF#3vBG-=qC;*}u`t4hh-I*_8)wEgPoZ z+kQ?zFF<=F`+f|wWO1mzwwX0W(HNXTa?HUO!8s51dx9{yLu!c;RBFerX#KXstzrU> z2mfSGl996IAjD5-v>`%sQi_mGigXj{zX^9*qBH6_UUDp#&F7{XqJ!tx_9N?Ekvs zRDWjCKxCtj_0*1^Kp^MK2xVMGMKBvhNR!WI5$k&H{0CbDJ1~C-*xCL_B9?o3LsVLH zXpxKnCRg!$E=S0W{Pyp&Pz3E`$cj#Ak@IB&$X@$9?B@>F*$Q!W@P1cxf$&)w(bQ+9 zZZ{SwnP%`zqh{%kq!QBag*P3+3hE0zx{;iGeCCiO0}GJ50iMCc=RKz2G(-qW4eg9H zXCHX-!tBBbG1Be{x0CY@h=3!(as|Ae8iOY|fN(fZ!o%#31~{=$z_`0Rc|BUleDO4N z5gWO6=$tunP)wixito8&7X$r@3Z}{j-!?kr2Llz5Fhqo$IlZC?zNze=O-vU4@CGc5 z*N$Z)i-DH#5wa~vvL5qGX~6f>(`RpMIVWXWL5!x14d|28vG5k%edb`DPB*pPVdjO4 zty1n`=+zx!6sD)=D~XCTe4;5K2H*sDI_^av!Kv0zZ)_Qb_q|kUZI}1%Y-#(QwmLW;Y6lLJue@+$IWS_rV6|Ric^QREc|h?`2ovqO@kpB>Qxsi%+sM(bIw}1+!hHu(xCJuHEfY z{cc}2KA;cBwpr6mRbaq&MgIU+r5!I8;#vjfs;)vUfuDy6M~dHWYEe(K=IWdhuN6Oe z?NHZSfV027y_cQ62Xi+T5oXA1S^=G{Xo?euQu!t3wUvo<@dSIFx%>V7();lR9twx* zB|t07o8#5D@1e*<3E&};+FbTLTw%5$!1>ON+{=r7w{Gn@PI`{|0%732Tx1sEHl1CuOGsEi@Dj zH)KBCxCP#!QqkcO%)GwtHz_ET+tFXu;Eu3g`<@_AEEGq7eT*!W);rJ^<4K`%u{Pf6 z?+B!`s=JO_7p82n*eXZ2^s-k3*iX@2jAsdiez$XupX!pONLv}zAE9ta((k8NCTFdq z(sxYT&Vwdz$Tb7>4O&rRL&;27to(XZo8}8I@EE}d3EX~Ya3fr<*$dW#mFJLgsL(NW z9kvUm)0ucY6JOO$qs*YMT(wU}48xN>&c-)lJr?wQUH9kCqp2QD;O3pT6RxpvC#KD! zi9hbQZ&YW=@{ep+JYcbkdKt`omcZ)^Fcr|+*#yTalMzc?_fg&1IcixA5Vv)>l(DH) z`)|NP+sxeZNYr{*{!iGfm94*)v5B@jm$B&{uV!mksognJ?e$3~ZCw%T>b_i%jJCIT zPt~W}4`+%Vm!RQ=4y|1JsXUT>Eu%04rjoIYwl~(PrspkFz&l0!scq_4j-n&Sv*pZV z5H6m+xF4pWtxsZDSXj`~$SF=fmP)ROEzq6G^I=kwo;7Yk0keF4@rUB2J3+-^b|TaQ zzU+cc3rYe>Hu}Jq!zgN2%FzH95%s7GtFp$+;Y5CUs^azD~pG?gS_=+}h~3b0ROC4_rnM z3s9(vFLSI-b2*fcGB~Rf%{P}HEz?%GP-Ro8Ow4$)isJJuSF;z*6=QtGZmO4xWJGt~ zYugK1yoxe$a-T+|Sa>BZ62k+kG51=Q5Oaq6i0bfiNqNr$s6FRE-G49JNcUpcj>gu8 z9-Q;5;s2`aB62WH!>4P%wewa%=##`?$;<8jIBE8MorKKAN3`@tU*CdRq0Q<9BNI_Y zn^Q2a&0Sg})54Rca^pw3q)VISGf=v~_4>YJFWGk_ zg>s}f4dJ*uCv8xVr`>5=#e`U-3ovRC^v%3ztxs{M2u(U>Dp%3_KVt|V2ppy3 zRhXa`9&z}%vu6Pal92sB8f~zQbc3C>oJaJnIqGF#o8>(Ss&OKX`Ar2C2@lJOo;J1w z$DvBF)=ni}`%~Ps{+$baV+HZsDwAwy=+JRYqQFe3mI1`j-j0;~RLqONrQ<&13@YBz z2(!rxeda+@*RsRyL4doq2JU7J&s zdM7f~J;C$Cg9adApN6x)yA731fE2FQu0m=eVCjKN6ZLqUx2XA`o($zHjr2Hd<2^Pe zwXv`Ym&*(j^Le!vIEyrk3nd#sRLS_E1ysf(T2|?yV*W8WOf3R7BDVn31NL!}uO75Y zqh42~ixUjH1KwFtD9D6sT9J`8c)-f|if1yIp(!XdeNjUL+7d)a>xwU<^V_Yea$#Vn z#aLLXA@AX8i$3g~*lYcHI}=am)5nsH;hBq*DFHhQmyzWT>V>J9CPQD75Y^&?DeW+) z%y_@pM>GJJt=nL2|e!ONb%k9%uyMm6pn2>%`BmUAqoB-Dy3QBsfQ{BNp+j z5cr+kpI0*P|8DUeV7!z3I{%yQ)A3H~166-i0L-l6mGt|Kzt=)Q^|6RynvQrRb7By` z*0_jn&)AJ9@A(9}Sp@IOGYwd^^EiM{SwfF zTU0b}FAPLRi4)dqYVTikL=bks*%yMvoO5Ml8$<`x#>#Y$H$M#VV^X zY%Bs(IAFI&3V|xe0h@&zfrBqwcFXSp%#h|hk2KTTgFj?G!kT#Xnz09_?v%j>FIdGB z%OPX0371fXfpM4EffexZsdE_IYvl)Pa*%s{|EBGa*h4Nh5l5`dMWPUsEDQe)Li&s9 zQugd&WHvZv&p|&k>oRk#(+AuH77FPRS(pJ6ItYTKE7Fc_4G_K13DKbd@bEcQR2>}Y z+8HPsQ81l$Po*5c&Xm&}nf3qU-JEAmH+I6zI+z2pZO+z5_c#RXV^OCUtUr`7k{W0| znx^VQs*pe@BGKywoSgn0us*%))$`@$_^`XH{{nA%vX(TL9pyf>F7lmb)%8Xg6Ue|V zl{{%9RRIr!qc)1USa4)9pKC^{f?-!tMyEqp?JtBh0J#@(>o(t**6>Lvp{|yB0Px}} z^?5bH$Q7sM)6x69K?$RKP)GU!=TzihRVbKZ=TiqL z`#3R(MQkF7Nk+3?D}Y{-03i@we!yI&fT-5LibPQJ)j>NrW)4Blyf`gfmXv>W7BP=} z5a3{8YTlWpAsG5Umq%HI=TSRt5wewRvP2(7fG^Yd#MW6#0g zZ7N7X3S3WXRtKE>6Rh)wip%;qK+xP&^aw}?G2`!fFaYfsi5pr4<6#*873B`D6cZ5@ z+@Fl9UbSmRZBiw>`sa@PR%taYpwab^o-b3|ME0v8F$!u)k(=RQ@%(1{;z1n<_c}$+ z_E5njWPIiP^Z{7A3VrajUKFDghQI-IVOgcX{l9Bx@fmgYzs40#0LP8h7DnQf8W=*N zEN}Yj3O789}^fK}N61Djse*03* z#17f-C_}XXu%VIp)7`=*S?ShP#2tD3Lqxel*_$#R7c}|?Mh~I3v9|IOo%o8AA%GV# zMB^X)jw@O-7R_AJ6G!_L9NH!~oFqIVLPM=ShzBPLjO9AN5tc$|Cw9bt#ceZ}fBw#N zn=`EAje8eyeT)f7xXGPvxvb>{y0OxiR0tuiJ0HUgtTwkvr5kD+gna}=Ifa=V{oD&T z5H|@HFqLE4opE6V)AH+E-ER9=5Os#^X{$BPfEo~5CR>3W;iZ!gD~T%drqkc>)m>n#IL$z>&B6oERY4>kkOjSmNDxFB`GwfqjAhB0h2aJz zNJmiIWl%o8gGHr8Y$>piB@r{H`)^2rNI-#T(1y%AaV(8QOs4DwmT1iQve*FnfbH;^ zhJbPF=$Z-gHgb*L3Yzv=zHT5dd8IKv(y042nj+GkwqbTHjy84 zrc#U$LI!y`OFCNmzB_u9IcSWAlV2!E;CxDcII`gN!0J|$G0Pgd+s7Y=;FER@&{7y8 zq?#rIi4p(hel&)vKO+tnbHWJ#NQf<{}MWbs9<1F&5#-o^b`GIeFq3pQ$!wZYAJ|A-nqIuWg+Bi564gm z3sOat2$IIwM`8rQ>J@C=V5|N4(qh!rynrnsB7&J7AY>vfK~;52x{m@IZPpN14N%2W%WELJ%A~PQv6KD)0!yrPDFukdB5?k#a*l z@&_1ldc}wt^A0(Qj%~IIaI23=MN-zLUbMbzM>Zr63IAOwHP2d}=Av!{k|WVN>U zji?|!8U5!KQ`_0Y4-D2kgrv_g!$eiQiZBl3kzjHc3n>(HzUt@XAX11;$X2;;~(ckKZ#D$G2^<8DTc__KKUbe(E z9(}1ht{?<*ccsiET1!bNm251Ktr0OyBc0wo|J45O*``k94MhL1H-$LYwdQ^hc9EUS z=)wWvnYucAH>SOa#7t6%F4&3KTKQtsJqLwl#0}qmn&cWuRx5YYa<82q<$72}Ts5-m z1g*)1Zh%qHx;l)ZfDWZwTn`*yieqgqFW{@HtnnQXd_5zg<@Y1w%0!MbsiF0k0#gj?`qj8UP;48q(d{B00sn@>!4Vj%N z1swEf8bjJu3@wC8LtO^XnUp~LXWjjNtl}Tf(LcK2ae{ILtLVhTAnr^a5ARZOMVZOE zurA(sKoWw~JY!v6s`{br-gXDx>5rq{hNz#$!S1T%NOy>7oyo4002#HMCvhVucnAfN zcR8n1IOP28q%z{R91hL05OiZwUiaWeWx6=VlUsnZHxDVdKO2OzH;#}VDn5P7KBJ~i z{rEGHX38c~omZAwcur)7hW*LN`ggkW!{_XdJWOeI4a>HA-);^dEmLZ=-;2`?ex#C> zOy$t4kQRJ!P-MRvxw_9>4+F?)XI{C+!6%VIStaPaxUYR^#)q_LH&M1jxhF9aVjeuY z@Y1A$m7$AImOEvH5)?VYW#rZBsZFxbyeIyTK5b+Um?c_)&<|D`>jkDE16OSRYO93qaV|=D>PdG*e zCs)*BmSG1QtWc{87mD=|y|(H7GR+{%aB4RI_`hB7MWkvXpePtk`TSRci;cgtKJo*C zMbgRr>j5OvmKALHD}ljs6nU4(h(xL=uL zV?u;Fj|gOK%o%w;@x;WA9=|~HEh@00oHmpFf>@C@JmR2-I6N&*+jsxdVW~-FU{IF9 z*hs)xuS3+I{mS2}EU#_?@apC4p`U-lSliaVewpHoAbyR}Wg-QAGo^0W6Ex(bY#n$` zjJ>!XPmU%{!`{i|66InJ(oBG;?hT#v@=Em@3q{T@p;Y>coFNl2mH!epm-RE2bfO6T zA0ui%WbUs?7d~%d2VQ3yIN~M7 z5Ac>t97Pq=OXOH7l2cR*k>$Jj!{Gm&ue>Epr>FZtILYf8fgM$LD%;YhadjStDPCM;1WL zYo{lGzZP6P+pK;|Bb4HuLcT63v)KFDcj6`aa6CD6f`w+d1Dx`hTQYevji5QeyE-y-l` z=|Bx=;^UT`IPe^oswG3fDf#P-wr@NF2Z9vz>2l8wA~J2D1LrdfhyM!Ma(kgGoe^>* z^m`FtEJv!t4Y&43dxKsmFDc&{D7auQT0QW4y!`cG0si`c1o$5&x8)qML6pf9Vbl_C z-S8pI3s+ukM_G5Co$dCSzD8Ev1ZBZD)bL?f`p`iz&j2YmQ8aDTh^h00D3rq1Ak4JV z%5MwP20wY0oI21SP3&_H2nZ(k9F6?c)ddxOUKgJpzi`_jzuD)rfu+)b1q~^Ve7nqq zf?>F63YE8q$ZOh>p7wr#T~bNZEzDSScnJ(u`LsB7V9wLGBwf}V*YI3|66)h__uGY^ z-Bap!`r2N2X1g&NM9slw54X#Q0&gGY15z!8U-cQ6T) zvkHHoLDEA=4bxH_hf;at#_M>a82XpwYKcONRItXsr2JU}e`}#pEi0zfz!{vKoQR<( zd_9}Y@YyeGAJCHd{|31buQK&9l`N$#tgTzt#Z(AJk$B~lo4fo8+D7mtH?crq_mA=h z|8QWMRMtEGrW8iRA3i<|ufL6EM!KS%s(~?(iYcd5B)0x9e%qw>!iGQL5!Wj&AlNX$ zE|&pNU*EKiFEj4699;R;Y{8m*pXzKqWNaPc|y#oT`OaFXAk+48-7SdpT9}H|r&L9$0a& zK-&M zP33=(tSpju@v*hleEwVn`!559ec(Z)H^kB-ex9?hNFL569Nees5nmZQ-LPsQSbI}ARxXtBxe*l+<)Z_ zW7U_kFnL6?nBVg?ehi|4&y1^2pd+iPeoru)X-oHMbK`g_rYYs?6UlI4vTAyTej}OO zmNQLvH>!|;2K3TrK69c-Gnh-AThF1yjAcQDk}Y_G(-Tu0+nud=~y}|FWuktZ;Y#X9HxkmYakc zLLzSh&TmKuyf$}^;GC9|1hzPv9ZgIlXJ0%uW`L}?j$58MyZ3)+>W9eA^8cc#MhC!n zoGKaN!~dJ4E>o)6llI1w!4_B7J*MN6rLk=ajYB+23Mc{qCBejL187pGji5qzXf`%) zS*R&zM3z%!`71B4Z?=(BfrIYY3ZhZ}cAe&JFlPV@-O;dFr@=IFRWJ_{@@=?IHpisO zQ^-*VXw>tw0U}PFFyKx^*|ctBJW;MV<*f;{mFjP#CN6N+w{r<$TSBaKsG7EoC`m#| zWT#?}#h{Pk`@~P>0~v*xLE=#B>RMqieX^xB&%v+t*ICI1ps|2r<` z^!|Pq<2q()zM}sxh}u8^j9SY%kflOMQwJ=pW>r3v(@wwSF<)hOR6kkMMa0D0j6aII zG`2aG1<5&#`6?QcL9d7q85L1#38KgUdRuR2r!-D&B$*hs%jht2FHL(ov!0z`DHJU- zZE4DynV>aK3;gL)R^Z_TP&XY(O~lc~8W0ocASjy`FyZHA3{?VpWO%QTA%#qN!7J?* zcMIWe2_j}4)-O4f{LZPk3`#C#eT^_!@1EEj5HDDCE6SxwB`zfLNUopLmg8FjEdcEn z7!2qwKnV}gjvsNZ4LN%qbkUDT?CxunUJqwd~|udcKgnhq`FMhu;u&w6yf3o;jYANFIE^ zCj4`$UNg1Fnc_i!VIB`;nJ31Xm6P7gdRpg=4#_CGba6GWYHv9SwXKopAb2-oT_?`& z1}RER_O|BfWZNR%{`=>A#jVl1;clAEHN(1#AajWAfEXvkKEZ~UZXtYTgyn=7%yvei z!$w51YHg|w^GXp&76K*y z)`BHxgK3-qUd>Iwac4Ddr)*`-b-raH^Z&tW4l)^gVy1}7E!{HX=gU6tl_$Bv3Os|L zqE|UstMpO~6(lQ}HP4C%8Ar;UQP&aska`_S=N5YP z0nmUO3!I>+fVt-Eglf&)h-fn@WA}S)8daDxeZ$au!xy&(Min3rTBP28pfH~$Z(mpi z!8BLrjazb)TiM#LoADR^OVBR<2c(S*Ka;lZ9Ibdg{UGXuisMicW$mRTrhw#<<`MP=9;nY_ zMjC5+ltZYA(M(u#XobIx9bWd4Qq(3OHcR$+&S|gL`ld2KaG7>-uH}M9~DBdj+f!V z9(CClSOy>(%vh3C6_gx$Jng5?sER)9$4n*Y>G#1*4{g9U8K6R@%>>9efdCF8VfrJ6 zGI2r0bIoh(f=oR4hk(*0?FWt(ZY@=?qD)qTzvA*0GUr!|Z!B-G=b#ZyLJ|QOEN*xy zET+#eYR~W=fc^hN)#yO0fpFgLL11*daQlCB*HkE_b^|EbG#r`nL5>cq0A*UA!7A*K zvv5*fIF@|?0M6>R8E|Ds<4e=6{$vj z&ib^1Ft3J-G-n5#wunDElDm01g{##@$;C325~nWGY|>L$NdPSpB;$nUQ5X+tTBZgI z`A1_gHt|~tU;Rw?*~Lk`cv8!ac%K*l9;eyv^U97uLLyvM4~wkA0aC(KJd#EWO-7*V ziy9i#6vc;ISzALpy;LtF9rU}OkBq2BhT+3z@nz}2Ug^u*9=|`HI25lBO`n@c3EY%D z4J&h0%}-7<9(*4MsTLVbZiP5zz}c=l5DCO)?$BEqJ%-vhIA*Z*G> zapdpQrd5xS?zoyv5S*pj7K8XNE93t!Bm3W5`1TN9$^Rg=-}K%uPtymY{-ta(YIr34 z|D|nv`TlES5W>~%|Alc|%VH4Ro-yl?UvuzuGw|M&r|t&m?U32{LPUdih~1o8T*Ei= z|I7wTg9l_J~6a{w1e;ex$|MOB}OaQGI=<#sjkl$U5gM;+QWXU8}T#@l+HZ zcv=Z)YRc8EeDh=(ai)T-)H;kQp6fuW=Fo*l7D*8?lz1k2(UQ9#Ywg$I7aP%T#w{c& zgdu<*+Q}ScVI95?EmT~FWM<%>!~nV7m-SaT^j|An_wRe!v{`ryV1hK^zNeVh?EfI~ z5mv{lSBu#9@jXwp?3ye9(2>c=`sWWKYD`opDG7vlcmlJjeY@sJ> z2qV@eLQ#l`W`!4nV16Px6usLhne}#Ab5KuAx{Pcq^!}Ir`TSahW+p%cj{E>=3N&Mz z{rHd6{L~1)96SycReJ}zHv01Vr1S?}(@6)f(_cH9Mt#@ZYx4|gMot)6`!oO64Ox2V zZhL?|OltJ}wY!pfl6|fF6O=uOW#Xv#gjzlSe4hS{*HFV!EkVC2NRpCE=JNklGsICDU$&t8kDuXl) z7d3pB^I&%s@K5F!4$zFL6j@DI35*2Mi78jB_|Qt@L3u;U_LxiL;gx%r;qa?II;jT6 zO~A+*=ca_p6Y?%j!{(6o0vs$%O*%8>Jth?2d#}-n%T1Lhm%PqKr#uEr$Pom&0+EzR zznV%h-lTVTF3exV4adnzCpzG*;h@iQ`H}i6Vqh-7rejXvP+-dCq7PZgeLV05WrA5} zH_6lokxH97-`@w&cJ2J!roWc(LABMVw7|IEf!i<1*)0wN1k6lC_x`jH(@l>9f6$H) zyP#Ck?S=7OP;6t1)8muD{>ZHCR=Qx&CQ`Jidv4EZl~h*yA6g0R`ZTsmV7nX?BBK@; zyc`G?&26+T?AHWwt5ale2@yy_!dJ{m8-TH^&;w8HMlejK2^c^VmX`P5GFv^0%dD{z zK_GSb-LI=QGY}_NMG+KceA?NI>L#W>Yt`y=ktPYTiCw|B5@ySM!qb!Vfe@k;y!e5K zqfBgPRSlhjh@R2_ZuU0{{XYREKia^Z4u|sx%~Yqe`NIxpv&w=je$-crNHAxHrqob( zX3J>I=Li17o?Ok|b5Y!*v!)^Zty&5wTh$ zbUmj;QIX2|+Q%%DWwrdV5qXB28LOT^|JY8V_Iv0!%XNSpwxG@Em}N-*aHsV8P94hq zrsU>Mr;T&Ik{S3+XqdDe;!)=e4|bU|NNcq@gWUO;b1qt_?An|yS+36+=;q_iIZ6e( z<06%JdKc346Ta%tX=0DN;bN+*K7zyIybj8b5fQO1;DmX) zq>O4 z;p}Lo9Xx4;D z@e@LQ!=w<#F+jsOH)PJIGei$UNhZaVcuf_0{R2izMeeAY6G{@A%s}m>f~19lEEmIQ zx*Td_#brzILDMYfzZy3IzXR_dGed)&$r+bCwXAJ%)fUy~?)ABQeePbLyVvLLML?y` z-RpDrw#}-~-RpDrwmsJ8?lny9*~RqtxqE%?UZ1OOa`&)utEeeT|q;`4p( z-o~rX-Fwoxd)lOYV?=&T@Sii5R>C&M#bjbNE~#+zHG5$Q-VWw_XA#uQ3?Posd0jWW z?&3rsa$YeF@pyuqe|i@mY1kgf1mFH7k~qgm37n?D76+pwlNv3sxUghKg5t%!D!3SL<*sH;cISMvKnj*ynO(=K@?lADGs3$}YF4?wgoAXzwKu zVcRm`_~kF9q5nu%KTGEL-QZ}uQ`}f7n`;cZ2D{a29Ldp&yWoQ#qk zXA?5v;1K{D{Q$!&DT-rSTTw^~Z+7!c3fvS$0=JJSKv3y?F%Xb!I00M<(>oFRQcnZpw8)CI;Ji1~0 zC#7@CJ9Q+4<`#;L$UB;4W18IF$oF!pKZ$dtq^i#)qm~NI3URyA`&3S?M35K8dxM)6 z45uLwH%GE6qp*9}?>lZ$Ll9=akJwWkUsn<1>(}4>5z)*_jDLI$t~x!y0|zw265u(_ zGAkrj5y%4ikmc`^@9gcuF9=TI(dCMUg_CjXGoSiYK zy&Scy+8f?~nz=&%<4h*EBy~3{miX0Fv_ll6ug;|A517+D51|B#-qoh%3tQ8}6{p96 zw=t52*_SVQAm;FI^zE+2_k>`PunMG|cCBzi4pKO~V`*^_bSx~KUX8e-Bxg!PuLJWV z?9^#S`J9wB#rL0ZOeO3R&RZVZ>R&iOm25;+$X1FwWtTE_FTpXwY^(;cpe_|WNZ*Ga z%emK2nf)akGkod+4i|i;uSy;^;^rfI& zepvbNM=5~4V*oD%NTH{YYYdX&g1i~MdHp3w(#=XQ2fMzHfg~Z89%NoVE3m`dJ~;8d zO#0(KF$;dO!aS?giFgUj-O4+a0L@n&b4X+Jj|kDlc+Yd@4iunVlP09M9JyMjgcsx` zK6!*ORId)QWp07z_jybBe{GTH_c;Z}MYTjnbl|LJB~Koh0anN)^r1+|}tg%i*SKQH^8d0`4n zbiPlrLi5ETPE!mY4}9PYvT+ymcg8p3PjknlBfTCk2qqID4Qb2pI?^G5wwgKNR38@* zi%uvkPm-=1{~+Z1a7xg&{o1$-Tj9SM@{nZHAR)w-U)s8qdIlJLse~iO-1{y`nCz2N zj^R)@Gb*IMDl(U;XW{C?ozvj#A&TW0PpEtOX9F*NR`#vW?%vO3OD`yq0r|W5yghqk z22~?++*O(}Wg0@Ow!jwKjlGu%ZODgP>(=I;By)(rw*bI}5}30aj7UK;Df2N+ZZZ0F zH9HuZOwlRjLYE=#7Y#uP+jvtZr|;0J-!gAGb>@Fiqboa8x@Y~#fa*aTX3>ZvnVi0F z&Lv!%111a}ehNaS?3!gjHXh>~oIxcjM_xY4)Yn^(DGHZ5nX$CUz^2^^74gSwBNd&p zQ-DYdSU;`5QG!yt0g1-@_JAPdN8}`fV++1}Bb&x~$1{fJ^i1A?A2J0SHJ6H;hN$H2 z+R824APBC7*4?tD*X}h-6mtQgc6&jT@XAM}v6*}BmTd@@ZlTtjCFm8uV8spVBn{Kq zp(htiEjYV7b_{Q5(S3*;rH}1Y^zm2lALrOVNmHkQ6q-$n3{?p|A~feeGNri`19Hnn zIv@p4|I%#cZGnLFmiu-nTw~YAP$LVHI}rY8qJs_eeq~p*ZOfcCiQSu7=+J&)&tqkg zyZg}slXN}y8f0FF6Dy~!R&ox^5KeCdgCEVLn1U$_th^0h8*H3Hd-B(o{m!ZVe#_!v zp0q}%QqpP+7XHGIz7N5(sVXoV$A1%Mpe8jrc%52pbR?6K~ z*2lrMRk+L-;I{U(Vtm4!=777w@eqnYqWm(aOP}&MUY2s7kuq}*SW5}fIcgMV3r46K zbEBwQhHOgkVl078S~=*S1yf5<-5{c?^aCjdVZJHmwasPfI?Z}yStYy8RJYJf4W|W9 z*>PnHwvot<>dz)I`+;}w1I-~21)jH?g-8oKrfdBoeNLfNQ!4ns5TXe+Y$}!g^QBH? z?%)jE^i>6zbm`1N+R0JiWOEXDwK!r1If*ca>qpsnClHc5Z9*qb?RikWUnhk@bWRgC zA{Uh^(ST@)Viat)p(N;l(9FzaF`W@D=hecfbI1eE+>m4 z-WRq{S@KMh+OsuhYyaig&K}ohX1pUOsk#q!79t@FYm(3sq&>>b{qDEW-2g#~51=G_ zoJ7ovaVQeRV|Sy`{reS0_Twy~51Lv3Exse-5B53Gy?!i^kv|WD0ge_N%9{$f$5Eru9o%0D z53Xm$#=kZNX|4{ePCJNJ+!G(|hjLPfbx}^R-c7#1Mka^WHwlC#V z8$F1C%HYUAoIj&Yqt<+}p%Wt8Z9(3+Pqkj3xPwa9UQ^n(TCFyuTUQ7F-cOzSeRQ_I zy+1;A_UFk1V<>3bPacTI4x=Ue1?*NR7cwV#77@0b4UnV_8oE~hZXUdL+`D*YWleaR zy=JklT#)uZpzJADh7f z=Ctipi2-(7o3Nt2!BFczcu9)hCfW%j(-`zDY*x8HWW6s?y@xxd0UvFRc{?n)6lvQ_ zQznI=Lx?=bsA*%#wH#_>&idEq$k^fox{s7^eUvX__M5#aEn%rFK`AV+jzMFq6qVlw zk;}j?x}Ut|Fu7i4avdmHUSP8K{FsYEWbF}VbrTX0x~-Azd&KpULq-h5zkz>wq4HYr z@$pyRERXRJtr2pSi~BO+x#{;D^JUmSXf~$$7yV26%kr1_m#1IWr~hClsZ0`SbJ6U- zsm#g(BHPMbvls|Jgm}E!mhved3YCtUm zpoS&SV(=F(FnV2Ti-khAzz;XHGbUfJ${1(5oKIGKhK@N(G3mj<=z|^^Rv!z2M*W)1@uOLdB zb@(LYhQYq7**chNP_uq`F4)C~tFDNc-gwzM&q>dRv4ZXw^lsZD8+3V}F>b7NTvI$F zfI9ndE)s6p8qBVta+P-l@`S|Lc5XFWnrFUhWB#F?=7x(+cTKC{aCc^3ussl5Mb~AH z%0y$Q9&7ACGgp>!1v20A=TI-QA7OuNi@L=-*u8j%D7Gm#bZTq6Luz)DnLQ`9#UXKOD#GqTGnGvsbEmZo>H?M5dZ4E` zDhlNz`~sPStAs})wy2EU)SegOUPdex`8}LGM=e6Kx&i>CMxlcCq5KR5D7J60?QgdG zdL4N^fr<1#pAsHV?-EChX0EZb5nL{5YunKU z`qX#=s9oeiOW3`6e}f*SfdK&_ODh#m*-WJ_r^@s@c~hWSmb0u-fd6ujxf$xo6k$|@ zB2S-v9sC{UXP0@tQt>Ju6Rv({9*=~3%w4l`s8dAez`T*BD&!DrNc#4WG6ld8E`@<*xQ zYz@X7!g4y=X-}DH5D46HF3daP^GYEYFoYxDs(Q{UbSH=qGf5#2uQmzMq9!;x+fX*= zrbt(vlSa3nPT38O)RI3M70twAVGMMYF|k^TROCFVe~7?Y-qGp&8HGQje1)O_^l~h7 zYxFo_DA>_QU=n;UHOSf{c>d@Dz@Cma6U}N;!#%duLHH1*U5*=ZsJw!Qt-kk3vE8BoK1BFJZ_fDEW%KkehQ6Fv?Di}m{z{Jj-eTp{x0!ueNW zH>R6(vj{gyqMpcw8q5C-_Gsjj*l6#u&E{Ae(+;ITO&Dd$e!8CL4sL?=P{;K;jY61x zhhud5y)}BRqoT`GQ{Up_ld!e-{Mzp1Jho+RWOz(5w;DEpWmX|y+viW3=xJ7_pA!0m zwU-iJW?fFWaF;kX#BIbldk}dB*ayVg=Hdyua5O@^*h9EJEu0VlDuzX`iIQe7j@;mC z{0M4l|MeJlSN0&A^wXZ~=&TIklzo0S*-ccjW4&P@ygpjl;bky}O7{0dA{($`#uCTA zBxP*Kf)AsKJrKn1fgpA_yQ}vE01`1TqDYllNRH=hNI~FC7vgRTYT!R}6z}bBlQKVAA$}AIRrSN<`WmlWkbU~hqN_a6oDw-zGIf0v=|G~Po+k0qOg{C5wWf~|$kADKEr`c`70X$A* zEW*Jv@aO?2hlka6=bf!d&5n*N`kLUGc59R{(vLmJHY~d$`r#R&V$3sX^A{wyGlzPoD&=ww2PWCAH<8Z1KqGhby9Bmi4xN7SJn;4VvQW|xOO z3B&U}`7@!@5Xml?EFsG%s#%=#5$);UnG?F)|x+G+;1T2m`r%Y!K|R zDVR5AzFK-0l|72QfI!6iO#bXjbM`5O&;j^00`kBTqNEePX1RdmgEI3w{H6R0dC)#zy&|G_2k z>?CL(WFL2VeI))Sksh4ag2$>3x6rSju4i{XypeQRc~y{IH58^BWwx+f1r9OVChg)* z0wG{@IR^n`lk8ZbT2WYTGIq&Rkz8`!ZY1n;Am9LfVmflSp-4L+w_1neI-QF+7A^Q& zZtrBQ%}4H{qU;+sF?UyR^g-Y)_uz<_GJ6FRyBz?zwgKd-ck>_}aUVd}7Z~N=8F1Ig z!5Rr#e*pCQ0)Sql7C^wb>u~SwF*s~}TPhYB1~pppoJWPof!`GEeCtY}k+KwbD;1mJ zSgL&M4P(X7GO>nybqnuA#**#n!9YC)EL87RJS2}As-$|Y(ye}X5ld+5K#J>#`%C_~ zy@#TubMSK$_}t`e|FjAScOM~qheO_>_jtk4^E0NGyC%0|HLCq(lQWq+9;_aM1 zk1=L8kDu5Oi8IZ}nv;uUwdALmS`p(}W~oI-W5BRPpR_Lu7lMN?@!tH8%bUp1?|4!# z>dK7?Q#rfH*7$RE`_yJ_0MZKVsDKrhXO+!UDLEJ-8;uI?fhwxgG!=UT5D~zsiBZZ% zi-;!|9*e=NS?i%rYk4lSr1e+FL~2j2&o&~WNv7MFY3tjt+=JG6n+rPnMv_AD2#8TP zSW|T1p0OvvRtbkt1ltj*S>k?;D1e+kuuDv?dazP>KZ~#4Y^S= z>;LKi(+UeWlzWh@{HqBqQz6B;ltJIiTG_nMZxaMKf!HYN(T9xXU)yZIT>f>K$iJ?Md_ea4f(t9~LEVWY(K)Ub2?0?z z)uYIL2GU4D`dkhpG?!UBW`uu*YrHTliO!0@Ag+Xe1#R#*D*MXtCj2XW!0;Ntq3G;_ zy<$@M*GQQihE>toj8}$Ru~SD3<5_fe!vWi(aRti-yhe{zs58)BVY@!O`fxGo&kbN? zY*shOXdKhFK^zVL+SbM#H97~ZjS=c|?-mcyh;@^hbPiPwsD9>^QysS144j0^bf4Y> zpi&t+N(h{UmSjF2)As5mcOLcR$4HX%M0WOt%Zd5U5zzw@Xo{I0PnJnsW<+TrGkg`y z^}X;qV;x5h`j74l_-0S9F7Yg6;yew!ESdYMq~2H7q_#$E8fddRq2 zEx8`Et-3YOckMZ#u+EWqi9OV|xxR%;C^B}4bE}?5NeCau+Am=Qd)Y^ z*I%}w>%=bvVUS!STB7vO>I5}~fD{Xb^_ybG9mz=y7UxM)dsq`Qy*Ds)sP3aEeo!;h zg=Hen*ey5#sypBo`=G8ri>NF*jo-mJ+H+)54`!;4NU$BXBa&(=`G+LE{qP{xl^dQ8 zV89uERt>IolA~AsKgqkH(z(p=V=mdXD&2Np7Q_F-XSVH}q0^XJ4}BbQ`r_P~?dLAu zVaxTuN}kjq66h8^wBdezl1Uu#98az(HBBqRh=SD`L8u}w$!bKbw}t10jDRYMQX)Di zIYV#^+_ab>hf+{S-ZkH93h$N3rHWxAXboI%0-jK6Da{?Vu2QCrCdGr zB$k`;Q}(UP--jpw8`vm{vqtVUb#1j+7AhByB4;PDf_KEDjEd7K`yV1#FwB{_=Y@Q9 zPHqPQY{OGEd&5rPH73(k#F7^xS)W?hC%QSi25LXBRK3VVEvQ5_ae*dJW2l_?S3QSm zH2@B01zS)FceJuX$Ii<}1#mUb&>ERSg@ z5F#F^#H|%}M-^QKGyrNqq&3jI zTz2jqLp&T~f=<3{xJiHu>Gg-0ggc#r!b+Yypk%}*FFc6k^@op)Xm)7G$RSvy{R$2f z8ShRB2%iW}1sDhi2@C`YbV`KOJ}~TK{BcuYKOcfTf|ORkhz~xJ^3Sse@f2jO9KXkh z8$rpjxX%R~x%+pmO5PFw=J^5K>f<;NG3z45O+f?EtDHMB)L%MP> zvV|pXt=WCn%;cKAJ%4-t<{kTmnWEp)zhBY6U$bA>FO0EU#%ljE_;XTx^~WEjGA4?x;mO<6=|+{mYN>LqwonT*c&1Q0DY%C#1qhao3;EG*!QR3+ zys^7go4V0;Xzy(mzy50Lt)iVke+%?3-Br(9yUB4J}?$Mv1lk} zVpePy+3|6~@Lh63G`Fc{nqR38s&G!r3S6!bNrEG7=Xeei)NDQN)3RU_X5YQY)=zxh z`W`^9$Rw$~i7Uh#bFSG@t+7X@F=hZkHpm5F3&NuJSE3@BX=Ng^eCwp6dy{G; zbWJ`Q`x=scpHv=`4~RMw6V40rkjd1pxidB|3vX6DDVU)kre(qYJyp5*cklU5A=)Jy zhnR@SdKC2w2{3Rq14fv_<{AV3vijl~;OM4XDRf*3l zkxQarBcK9spjL_Q)-WkoH1P-%71z={7aYRbo_LF=sed2exp&_<$0CJ;8}um0g+U~? zi(I8sRzYUcIW9f-AUa&+0~4k@PrEx9m_k8|(cygRQRI(OJe@zO+;rx|$ean`8l3|w z%{hY8u)B{}AK$TyIHo07YOyF2TpW7p!S$U%V)hv;W&HndMb?F2x4eVuq>lef$RAHj zK_CEv&9MK?KB7R~Z+FU+PS;bXE{xmmRouS!>{)jdE;+EOex#H(0`aW_5gDW0?HgV8 z8v$jgvM@G>2fVZTxeres)db42fQGQ zinXOP`bUc*#*kBO10WiL;gPgq^}dM3mJWzsOZ78 zGti2<_-VHBX025jyZC9wuB3iw0LnGa$vJyK7Bi!kmP!{c#)r1Ynd1(mLqvdA-4UFZ zKWTy0pPT9fh+UTo3~`z+^xZ%RO}+cPFnt^2?}ai$Kdn{Co(QxMl6j}>POjduYmdea z09hJE84Jgem(Woe^eZ|bj837GGj@&Un|{ZR#OLChqce8&d7;feS+M}l!qlbp0yJf{ zjldT+QR(+TEF_wZX&x&KVFW}PCh}b6_K?Ew1_<$sRJzJlD!n)gm{xs}+d{zGPCuQ;;_+O^{OuWh#-d3T zwK|!7!rP-Mo5@rrJWtj&@Sy6sh00xl;K+Ju+cDxzjJy89TB8 z*}mG=vC4lgb72%@kjA~RPdBx!xzDb6!BN=~?n73|eKU*aa9V7sEP5;k7O3zdkf!%T zd2aQ&@?WMpm-r?m@VsLmR3^?~aWS*H=+B>WS@a`;g@M&e{VH@o8-8U+Wqk9W>n>V_;mC96&q>HG;NtmhgEyWrjZhEp-lH>o9x;vLuhCXB9PB3 z5fxQv<7~-|Fkxw#6cFe22; zZ1uNYMUhx77h$ovmtwX2ZdP~Mn0xHIS<9M%frRR5bmSasmdJ(ZNfrwVlv9~3R3086 z2LNHv&+I+Di@_0*N)i!SPa8DE7T#ut(-Duh0K%3s3On%p)AhyG`|D{M|6!?~CWV@m zT1;for!@j%ZUUn~LLyaGot$QEo%Yc>XW0)L{ea*)pm@n#sp5>~oSd=TBH|_q_G6I? zaprIKdNIeIM|*lrcwWKzGLvPD4DM5kef>0ZZ`*@-Gigk(J%}}f0JDY4f%dUJx}u1n zX@Gk_B}x8*-7+NOp+cWTZ}NVBr+g9%jJIomaqzNOVzdDW5^8#DFHr#Bi*!q9d}|0= z@Necks=7vr)qyy{ejfK;xtiN$mh)I?q&_vRu1y;rr!spri)q+su{v~XgG6R=caPS4 z^Aet|TO|0t_1L--7H+L~#G0qGmikFc(Be$j`d`TezcN|HRX=~pW0U>58eZTqWanOG zzYoJbq(CbVGf)+q8j(aATs3 zp_Emu=nm?J%!_e{7S-ZURV>(C7LICIWsXY)w2sGiJ*@{$d33XHFgW=?{^LLDDb8>H z_{}#{c13K*QfSLP<~AgjK956guT^Lm(P$(sMWChferbtCOt&U7Dlpm-7a#^8*|-u(5$$0 zku-3UhWQ(HAsLC-o4huxXqBsf;$T3yv$y;qh6wr;^FlHY-lmO^Tno7FxHB7gA6pmBYe3rB-eB^jKJ;sHga;6KO)2uf4_nEo* zp07M^SIA;i01{9vD>}ds{I%!IwzSckg|ZW2uX%;(Ab#majRpiIfes|%%#C=TWV~6l zF(}bI^W?Z&4n`BdZUKl_s2KEzEDTg}$kW*}W|&n*>kgOJqUs937+E=iRVbtaCF#L4 z#^+ikWr43&Kl+On3bk2tuu|P)-Vz4kh3jo-HT(UtPqwAO6id^R0H^g{(kq9o`rnvE zA2gc%anmjR(iS~kDex+QS_ef?`!(&~Vh$V3T85d*vm17D=|X+&ao|l>hJw79e4?*$Jn+oathT;U~ISfd=;)j89cPN_jJ_(7ydY zHG>Fp7(~Zfl{q;JElD4sRYV1GL=Go{u#C)4UOgy$A92WH@k6$%-H&*Z z*hC=fUCB zd+pQVG}<*gb3jELUIqa8M%IiKepW~h_;7c2qvCfi3d-4k1uzglHfjVaQD|D(6WU5d z-b}Ajf9e9Xk_VNt0X>5^k2Q-`R5~Iv==UrPlu*CpzEg}mS4j=R2$2<7(_Uy+qPuHQoYBP}h1EvS|=n(SeKFXM8JY~bQ zAhvHe7M?j`7Y8V#Jvon{tO2{KrBz;l80OuhztVGju2lRE)8KiQDU@~kjF2hL$h^*C z_(QLFBw%JcK^Wi+8Ao@ zvPi`^c&7YZ7oc3K-Hu9<)hT0WU9gB-P_Q2Z$aSQx$pI$A5aR}Icc#0 z++1vE>$gWipMA9)Q+Vyn9bSorZRU6-YAYxQYhOIWBpzcz*b42>f(Sh^db#tU!Gge- zcqId)N3ZGWdH_x#(v`}2zGg9PUDqwSEM79p&Pm%)>saQy1dyg8mSr051o+8k)wD+@ zScn5!=g|Y2e6Ax5p9OIJ_d556bV#`72-X)3cnwwXgmKEnTChY#JaMC2Q^+u`ZUIPhat2vZ!?+HC$0sNaSbmsIt1OAh3%8D)FPkUmogqV{a&TM z-BQaAiswZXB$&UutV`tY=tyB%vTmBQTV95WBA{ZhvnO0j~{eC@DvP3{^gi z?=D%v^LtU40tl7$HN)?`RN}$zxdYg(KmGJ!L>_M2xIC#miJxSQ!4I09m?BSKPtxqu zlk6rg8fYRpx}b>++DO6i(x|2rDEgFLOGG*~|A!8jis8y^?OaEL2s888y54|$XkL=r zMion@Wm+Z$&x9&?wlx_+8Xw>SEp7#o(rJg$uW|64qAu#XyJAAgWOQW03#Ot128O?W3ki#)F6=bGx zuFO0|SSBKrF0-t=GlO(9FSs5FRMf=6)1ttrDu6~wMZp1HZ1NXU-dXKQqqc3UDi*^! zJ3(yv5^&CTRbBMeAAT5-$!Q*Lw6B73FA>?YvR;uc#uq%^YcCu6-{$6Smg0v zFR$yb)hF#=FRx!MH1mBVDhSb7>W2d^^B2cu-WZeD<|#RVGH(US{9it)Q9P@TrX+H#v71a5RV)j_Q6?&**bDPE`Hb!*(sgDQ6?7>YrNP?5!(vyJ z&fQdy>1q#R!?BXl&srU2qbzpeUN*j~C6k;PDStdYwhBAh2;p;uI>vG!hxW&F%GgIs z(|u;NaeFi%6yV32HD-m4-7M$+M=41LTRMql_Pv7re0i3=*Kb!{U;fIfREE8BlmXX#gray;FwS9s3pmKPoD`J(IS=#{iCV0*QLJd!#TA>;UFb~(FgP#fUAmvnD- zDGq4Jer%;^$yXO;vAmKxQjcPUp>E+%$oa^m?H(+LUH;d_Z3EAF=YvOE+Zl4>?^stV z6_gihFt?|^vn+L?Qkr@v9kU7!R-S}EkGyW6GhH5Z92KWBRD2E{xLf#qE!Gk#va2qv0~Jx z-@9s2ZtsL^?-k9aB*eq zLm&~C=l0&!-pv-BEqx}(iQU1PEvdglFpbwDf9!yn-&3Q4hLG*w=WAMrE#AAgckewj ztYh;r!STm4c;5Q^&78*Ih1`f%BUFXfR;RtHS+J9LXhQASR)kh@1Slde6D~Uwgd6Lu z?N$79hHj*q%exj6%~|W)?gW?9b`EfowjQIZaT7aS)h)aena}PdoS=kp!8Momm1Zu- zsBW=zdn;x0Q);lUU#id8v&p`nwzT~BWAzU&Q#TW~UW`jssBDV>*4vgB>#Gl+xWr)T zMC2R1^P?!Rc33XIj%1>jX3Jj1Bf_w6uE@Nxq1Kv)mvxWtv#Y3hdqx~HSWhY+liYV( zd!=!T=@U3<9+H)|kHQO|%&bW2;)c28NC5+Q#e&XWi&%^K0PW*sTlL7MvU%o$>PQ9M!dz z8Og>oc62oTdAU1wZsu46fsJJLXjX891;7sG{K1^}uHP{~NVBU)F7xr6Azi)xYiAFs zu5C5q7K|cYo%!tCBGt9E5*)=hQe7jMN2+TZ4wB8cw`k-S<0YxCSBaS3cI|fi`Ae$nMa`&Sc9UlPMp;qgeL%0puQQ@>JdNGUzMddQU+I>9Psd7>+VML-Q<@QQ z?BPJ^aG=z29d@9H9jLty2TF$nrH$)wpoG_+50uD2sZNt#*I^RDcV9%2DzoBFJ%|7g zd64nBQSLKaqP&cyu?e>rw+njJ8h%FpX0eD}nRX=K5tV3j# zg%-(zuq`tmpS!Z@NI`=a=B`-k~WqSaA5*N>U2ebF3cm zc_nk03^Ng_te>8zV>qsxW!P~c2bzdkT;`61=aDBemc`ng$`B$w$GPVQO;?@9_-d6a z9xa9TYK(RWg{QlaMr2z6Qv}{IdNNtFTov|guj7MvUSaS$D!U?I!vUc3i@;jRh5tXA zsU)_U$A5amRw9pR#)0`I5nC=XdfSMX?w7y%hAmZ@>!}~s{TA+_g>Q|vf+d3Mg1vpi zQkj)Ts0R(7XYTy*n-SA0+|UU(aW+q_X!fiS4UQ}wS|1qXkGPBtyNAS-->X@nzAzVk zkYy1p|M$lIIvn#({>6^p2P^WgQq9*zSdz-$@!5KIioF?_)7$ZCw^oB#?~e%HzgVSn}X-?K>r;H|4|j?j9g72OBnI1?A#i>S7c|FuqWqFj{8! zh!2^TNg-EB)k^mQNq*l=!#&>w#~dd_l>nF4i7QKF1;QNWMuDt&&Rtglhm<}gj}M1) zDimQx{^vY#P4rJ#cAXG~$avQ4d8}_6;c=#(TsR8?JvU|oSvcSF=s{#L;?_eW<8{VU z!qD)j-x}}hGx8%~Hipf#LZ!TGi%UHs&;19DL~niTQ=`8=myeOK#(??At`&XkP0-t@ zDg{JIZzh6_b8b_Bqu_~Il53Y&(-^qJ+LbQ2HtamR_F70KM;%usKC8I1?Kbk)d2;j{C*5ptJyKZB!(9)0?(FH z@()Y(G%3`i)M6rgk0XQH@*vi5)*9TJzu^ltW4=(}P=WhK6Mp*k%82QyZ!evTB07)6 zYI#ndd^KH=s!SFt9|0?W!6KC;lnSR7>{6_ju9%l-*UJLdt&|D}{qm-}d5>nhHxcsr zI8@x{9Qs$vh4U<3@eJ&rHO@~zHm(lgXHURuqTyzN=4LEnrXEF}%UEdUWP`uclF3W- z(g97d_u40#;3$LN6Da1rO@YGWRA#S4qy*pv8XKVVSF1#}HM4cZ6LIq~$kd+Uvvq6R z-t^#824F<~<|Zx6RNU>U{Oy3_cykYNM0Qm}_q-5Kd<0#Ut#$*}%?{qh?G5`Ymbp7J zPp%5Ibgop&H)E2dkYT>i>e+UOFageXN;p` z9IU**+b5&3A~CVtCy0E4(&L#;Miw@mh7D-^stRK~p&j7IS;MjGZXf))Ul{EC;FPSK zlDd`~Z?}4=+ZQTlYVIR7Rg?JQ_QvduAgZ1xddgb#x^+Q;El}CEyeLGvD*6ZV;FIjV z_UV({!ZGusd&TkHlqt_9W>tW9vUc#$kbF~SBlEC>%(fQ-V(a8r+#_JwpYI9E+oGMQ zwi>G?QX6q%RC(8CyD&W6SKEgHZ*c*fY;jFP)~#POe}M`ezwK)Y)7Pdhluj`hER|-H zMm{gUI(XJ&tZ0#=@tM<+!b}wYu$qlghM|ws#)g5Qa;97aqD7U4GJ%UZ4a`u}S*|%Jan7!v2zsFtC$?W#q_orrHVApkX)p{Z@^S{0q zUS8cS@wr;GhsbCvoQHtDGC8aJzjy5smxlGvyWj2CQQpVtT z6q!w6gm~3lrS*KwGqeWW4}S3`%-rZMEI*Ww9*h(@3SB8Fx`QCH-0UKT3X=dpMc$+?#I6P`y)S%|18b8*gBauTWR(M&d#>1i7O!HAy;&*BMo zM%`lTmc{&$%f#47pM()|yhT{o9XYDt3DHc$IhcLlY^pVGL@@uwWi6&MGrhm2tkF~A zI`s||{4R~fDp6~*x;IyHze}sng|*_wa2aUZr%EGQ_l7Y#I5KD01cNe*MV>&iXbO@j zrg@B}<6M|uRw6f*HMSCLwqm0;g)7SW)!kzqt!dwD<=c%_rm{&P@>FIZ@nOIM$AX;{ zOCfVYk7X$@B66ky43^4Un02=wtuotnT6!gnYUf^Cv5HMUZ`p!f1`AZtl0RDeSOe@I zA-{sPzrS|2>x{{!U}^l0E3$DjZ-2IBJ~W@G_w}%@*{t>iI_BRx-$GsEq0o_8Lw73G z#UryR7cuN0uza(Ve#edwwQrS_IZx<+jYyOr6yCA_`M>`SOBFHg!QtlrceoDM;W}Ku Tm+Sup009602w@Th0Im-J1B`F# literal 0 HcmV?d00001 diff --git a/released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.200.tgz b/released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.200.tgz new file mode 100644 index 0000000000000000000000000000000000000000..107ec904c701839fbae36c9d8f27239138aa3821 GIT binary patch literal 113776 zcmZ^}b8u!s*X|u#6JwH0Y-?iMw(i(YCbn%(FtIhUjXSn&+sS?AdCqyO&R1WZUA4Pc z_rCg{?p=G=TEB}p8V(ceKNpAwjLuj}h1o<(o>R_~n*+e6!ECC^VWp$W&8euN!6~n4 zYi(?A>Zzvez%ONHYX^4G_31*uo%Ew!@V!>3>^=0to7C)idFt)xGIUtw`J{w_j=t&r zXtU!4x>5+el2i#YpSs@S-QPb@E?;1j7BlLP?X>Hn#Kqt83aA7r@;hEEtg)o>F&PB= zqCEhMw3^qOxpZo#{R!=R`iLNtVYkogCf9Z^=wI*r?r-S#e%9gd`S{r5_j&oB+XM7A z+0*Isc-aDaTkJ_lhsEu9rukcNW@sSbRdqS^8O)~!XH~YVaPGkGw;y5**np z*Fb68Zx?J?_o#AKj6*gJevkBKJj#4rH`lTS$djz{6G@3&*V7!CvWpOwZ}dMyRu3*X z3OsXfp_rd+FC{-(PPyi54Z3}v$~|0O=AFKl+37L_&>&BEL5BYCi%YMdt3%E0*kh0h zpJ9RvXQ{Y3oW1ABY@Ha3?-O*JzO#HQWy;6n#btbQn;M-plI&QH#YDH`R8kDB#FCm5 z4={sLA_oUE2IXuc?>8&HdK%a5`%MmLcWw^{%>qL;QNm4+7Cx#HT`f zO@Uf!4eWuSf5+>w9rK@EaclFGkZ<7A@9}aU5r512P~`S*285L?D0wgcar}7hNv5$5 z*K{2kb?A{tA1X7xf~MM8Z`mr`K)LRlK4{s_{gyO~2V^(6WuMmlAwXs-%Rq8qIo7bK z#-y08vPIZM*|uQbuUseC=a2O&GMm!oPm^iJmbG!|$1kltjFf%Ax<7Vw!VyU9mPj5` zOz&IblC~oJiPsCiz+#+dV7pSIo0IFJ{Lg!F>Ze%5oPt;H% zA?01^ql-~d4{n#G@Z7(hl#|gb1+_Nq=U>cN9sI`RoU^1@j-%(riro=ka;*NQENtlk ztF-D{+@D>2FL+2RYYCXNGSf<~#hO>w=zTP>k2pAh%a3Dx_l7#==6niUk=HcS2#3Zy zRpao`r9qC{bDaX8j9E-QxpI`#D80%z0e-e|f3!GmB+c-eltIGUFgP2X@O8*T8qSlH zE{vAL{$|#uM0v#baP_{DU!Wq}9;dIbZ!K5J_n(RkLvhpHinU+MKOR4aPaZ)Z=Rmvn z>19KI-ZOvV{nfkd{G6v@wm@pD>S0m90SBsmczib{2%7Ks+CMLWDOrSuazdWeMZy3i zXo`@Qdp1qG_;h?cf9*N^@DMIH1;<@6!1w6@LhdE%vh=Aa(_+3eQ<%I9@p+Ag-s@f5 zZa+3}Dhe}<<5N{C!DlWC^V6T-|s|DXf8Aq&*xBjxEc?|5jrxJfI>#DlLZNndq||#{byom_E&b4 zoS0p|47+@wL7NMp?zgwY<^5L>?ljIIv5NS0=`SV3Nj1_?hCm~JG;WYy&gv!uO3Kf>}OQoKLF{I5YHRw-ep5Y$4WTScgxkVpaIu`rkjmaR=^w4hj5Q*?WeI;n*oc93 ztbI&^{rAnRE2DOpE89Nn1eJ#lMkP%9k+x)br};!9ceGR|yRU}(QsTD8q$BMD%jTw` zllWbLvZ)#e=qV;ak7aTp>y!K{q!VY`C9U|4BXeGE9q(Lh?KK@>W$jOAo@yZaWq-K9 zG5HIjwf7X56WMqUL^a$dmu;r)l8g1NsO|kU8)h%~^O_FT6jTnGNawAFY=JDO=80sJ zwmWPz;?5Zd!IA(64K0~UPl0c4O*2T})|?Vt;*C^Vz20%Sp`a4<#sbX{KqLR4f~{?> zc%DTgiYa>_a$_hvie_gS4z(^m--{wCJA(vCs0fEeqdkkPJP{|1pd5VEZ#bq~j=KwB zG)&H--^WuV)vOe8Y~+T1>az$!R5TW5qulPNK{ls{Ec7 zEL(7wFrw%D1|8lVD{;Q*9!|SiTwI}S9?CSPakAu1g5B>N9hsJY5ppwtPiw7SJ)t4keQB8 z@s!lD#opg#)#atC)+$2MyQ0xvnYZz0cEj&(ujbGU&E59{?noCHy`)eH1Ek7XfYfHk;UtyNC0YUs)DDWbdO(q(M5=WM` z&&djPjs0l$0fm&ZG#q4@-;npK+d?{`rTQY&OwAN|?m`tJnoi}wA+dhejLBH5?yh|S zmH~b1s^7Hu$q?(3tVLbx8#vqlzw$>TUnS)bb9oNh!!gUV>%a8&w}{lhXr!ucTi_Wu z36;9QYuP5Yu{c4kjeD5)J$B_SJvDWCPKWEgx^p7YUOOeD3Q6K^7G4~(mYm9kV3HJ8 zM`FSOLSC)FfN|?n?Y+PJ9yyL{LLji4o}xhUhIWCH1EV4g5)7Kki4ld-nK+ZuYOwMD zz`kgjdM^GGO5k1P6nvqreaGkZTSDVc{j#3mOibzF1H0pw>?}j7t)S+dUKED&ZEsW8 z%{0Zl=3K8}=>cpo`-=%`WtqGaHNc6`yWmkSAIyGMc{%)XL1yKXzTRsba=2+xsrb$k zyb|U}_Gxs4$jS3V3=7DXRhLrq!}X7G zD1P$}yf#ad5!47^h7D_kF7U zEz%5m22n!WB!z<~PkHHPn%X9&Vfep|U_#Y5c+5*0$O#_7!rwOQagaf=&wCtlocweR zfd1GHpnad%AT(GX^NVJ(CX--~D3pI62LJs>b0tz~m*?Thei z{elsAPxgTk2TY|r3%m6mNu6o?Y2l`k)<)0(2veG8w!6ckMdD zwzIOp=iaw>kldsZL6_ig!3zASIvk%$Lfps8|IK=@bqV#6Bafq+gbfyla4h2&SUF5D zc2h3}4Khi0SP09ok7m?mGe*cVBj{h^W1;x!U7tjL8)#RMjp=Ro#SixJlJyZ)$#J)) z9qxyGR(wfVTMlsE>bh?JNN$Zb)up0onAjsA1n-!?AAT~(J(RyanY32={uV!z?Bwod z&ob9yDq?TO$kw*9;DlOA{2d8}m7+a^d#u^ev14s*eAZmxtln# zV!=d`zxf&OaV0HXGW(U<1}ay1X~pxu`~Tl2=-&bS?et;J_7rRtc#v~Pwi8BlJWdJn zpE7Hgl=5Yq7ZT&g=fL0|GZm5N6$EpsfZnHn&8nHv@D}k)4Kgljj-|b+2~`<2NC65Q$?+|h@C`0H&j%_j<^+1 z5suBBA6Y|e5V-x!V3$`-OUfySPs$~CVVp~AdU^B+ij66BP;d@7|8u2p#e8yE_LkdG zx6xA?Qvo{(G_)U3cb{4R(qL{Pah_Bw&P*9AW08T|;MYqIu{K@!{IkS->Do$cYEi%b zLkalIi6|si^sr>TX6dA$j78U9cusqEDBN##Zts!7x3?ISMNm6(@eS1l$ag0-54$?> zAsm(|G|K69Nx#Y8WrK_d_E*AifPvIh(ATupEX0MR@8((d zQK=*VG_5LtlavV*o_)fP_qju*0Vq7noF9-#n5JckK}Z~G34Q0#-}XkTqdp2s4S*IW zcI>}kJ&Fl)Xc2hmvUC}5J-j&}cR|?R@hUZcu|j{}*246yf42@6hiGct&C*)ao}WPY zf!lnj#=$#p=gIKov&~fPWzS@&cHc@V>0#^Q+Ats)$2g=+uXd)E3NuYjK}^$t%pKH2 zI7D>8>EsmgqcvQa@$9fc=12+F=+W59@HWcnu@u*)Fg@Si{qV&S+_CsDbloR~gx==d?eC_URE4bi@y?8-V}tq2 zrLIaz+K4~4K8#3tDa^E=%hnTr|A|T(TYd;>s*kFMeZcCdGOkNoqTRN}*`( zdNeuOObA70Y+Bl5nbJxZ;p)K`hLgJEADr5fBzlkcZT_SL8%nqB4r1pCSuV`n}VmC zZ_eFc8SnO4fm$Cc8QypINqvzBxGNXf)lm~Soz7Y|IXYoyWH7X+4Cl7gWC4`GOB0Cw z08w2?Nq2kfEHlRDt+Uik@4=kfDB|G||EqEOGzknx1-_PaGxM=N1MS?(P@fv!XC@u9 zr3qdsY@bOnH+aEiCWD7ij!dap6U{m}Fgpxx1=8AguoV@wh}I*JR!7$tKUkwPikrbr zK<-@>6BjdB%5yE{6besoY+X2F;Ela|&@|d}pQLPFgd-jjyvw-<&fuB;*@+L-yi+i~`AkccnBx zgl)&{r}CZ}yPHHeu8jz>y+C{f1+Ed#bJ#6WL^yM{q|@L@GWH0`pUDG7V^U&EqIhMX zbfq;BYiuFq1|;hiy}@$Wdm6C~dhPjuZ*DoY%S%l??^ZVJC?=73HA~tu?)`INY(-b! zdH;Io>Uye7GQ@2$yRK3)hc#g&gmI zgOQi#YKs{ET7Huc?*qWU5zANCHQxUAe~8svRBAQzSK*=Y-cg; zCt2lmvQEfH_rC|^KSrcpSkV1qLWs$BN2GrF4FBK5m){mKAr8NL~XSQX4|M#){w@v}4{0BiE`lo$xgU4j01=S1h# zvJH^ypoW2MH;x4GqNHMX?nfICH@gJi%YCU#WS~!2-+y7vdIfTDQ2;Px@W3o|sMmBl z%uvE$YqIk%HYLUTOAc}-trGEC3FFT#^FHctnS`EiQGSg&Q7;oUC5pmr*Cdo1^n28j zOgFgNe}isUpt)YkF9`bEh{@|Op)V8$ePD7>4baJ;zzCxXFioO+t#d**NjPw68xZ1^ zas|p99_XRzZ{#0BBn;V_3SVuys*?mX{msI)TBm=T5L08|5lbBwi=STjBcwg=1V$ON z79a^7??s!;E9;oXMdTqN*6rzSa3^==jJv^~Lf3XgBU^d^sh%^%O1Ix$Gn3`>`Z2Kj zZdfz5W#9@=meyAno)eW)Tr`uaId6RbqJ=@Zq$h2R0};hfVZ)^XI}?IHe+31zWjm>o zas$ltGysYl;5tl!`DeB6aN zK4tl6Lvm5zpokzRo>ZFHlo-K<*D(T<0f-fIF;+Jun@o7FIKuM7cIb4m-$k-$Joj0a zn!FryidFA4g1D^y<(b7SZGOI9UYe}4H0h<~au4MNZwh&P!g)mtGt!r3Ie);oqz|mc z#d!+iq^J%{^89uO3*i~I_W&YPUSkcm>63{9w_TcO2(py+C@fT0fB1~x>||<+oNA;c zF*gt@>yngI52}-;8EfpfL62{nhl_UC$`=7EE25o7f=n|Ox$q* zpMjkGSby9q2D@g;UBKx)=UW2Ga-UtB3Ps%*cgEposFg3Kyk)j{qJ37fK9ACY_tBN> zz-uO^t#I~LYJP0juM>*zsJmf(;%YgpnzoZ>%G%UxW3{3~WrC^9kp|<)vvSp*b8+?) zDR6~6xg=a#4roV8%@??iXh+G+7CuiFv%7d)6y@#1?yl^1#|bZk$&b%6Fc{(lMZUrC zvt>HXsuT71Vd0aK9K*+h$T6%=cQEaZ5NH7X&0_dNCfobm$#>hj$)OVO(m5l&@_hMK!HxLo*Ky$Lz%Bo!?HyF6`Hew=Wul|UX1g=^W@e-tC_yM zcPkWw_RrB;g7Uwe=zt<&kQ&P0#&g*Q2_K?gnYUE_L~S;+$J?+bejq6UrL+(yT&B>| z<(-7SK{rXh3>@U?b1B=(B>Wn|DVg%(ULBCUW zzS+JqL2dZc+F)#i#RCDI`W1Vdv60o&gH_7G>{ntAJ^*s4LiNi z?}=d!)l9ng?L3(j@4PqNgDy;hsiG`Q4-JG8fwOL!<*I#I;<8=+U;?x$F$SFF(wFu zYdIjRBZbn7%y#x%HSceC|akx+R*4yIo!$(A^1(b`kctWasj1_ZoX~;%YbvgN53jRAV?vu-oNkKT^FEyhp_(Gps<$ z!kDINGnyo#N=K`tkPhqVnA^30DGE=={;Z_%k{=s_l(ilUQeuURBY-NJ@5qHq`DJ6q zEY{*O>2O1rhr1V$5QF%0h|!j-pK&nsh{k3PCl`#$FfoO0G;BS=Q%}IzP9TAqvY2E# zUNPSA0+%E1k|CSrK%J#|b{*f=8~jE+*UqSE%#CG|N=z1j$-u_D zqbX&j9J>E^Iv#ZXbNFsl?k;FU*2xwuR@IrV+Ep95DG~Y`(!Ug6H1{?n8xEBi{7CZ0 zqHOySA#S|yZEvhgp6;7Jd`h4#BMfwwsn4WBdW^YwWU6ooX0l;s5?T|(h9QcU;Gwh( zw?q~J!}+^07kK3>JIY3$gF~&qk$E(Q*3Yd#_zE&rmvS#D?p!YV;;YR4E52gR463m7 zwmSU0L}Vu21Cl8-8OGYugW85Vm)u$HW*XICcD9326n9g_rlEm6Jo%2pg*TIU%);=h zXsI(c+;JI1yMrkD+x==>o0b-q&M}pUX-rl6@WSH)0rgc9Udo!aPk~?rGihIGWfbTt zgYelTh;%>;-?#_cUuLDM>8QWjY>x5@+=#dzEqR~T)Bn<97U@mzDHpBBL@6KnKNcTi zO_FzITE&}E6qWf@@PnfJx6mR>a@8F!NX^GMp>KL&t~em2de7x^)o}X9vaG`O>uXg` zXnDt|2mpskMHIJMiHN~qH<0jp0Sn?mqRiZP30EfRpu?f(^KG3*q5i=P-r3XL?Fl#; z&V|Oe-4l(PER&b%XiTXhkEU81sobT8JnQ@IxZ5fz9&bk>*l9fia!le{N!Z1V^A`ODKJho2foQ`yZp4vtM`_4`{Mq&Pj1T zzAe2evDA@VuSV>NYX7$i0Q>&h4OG4cB|4&@EuNoB`Sr_hF3M-b0H^SJO0Xwbr4PoR zrTZBbRsGD)Q)~B5p0b0oZ2&HbqgiYTpRR%KpC&HlTAhLQthi}IInaXw-ulW*^8S6e zi0>z)+FpeE%+-p0DOv~Ag~6*0N*9AQnbk((R4h(G?ksXU=Q9Y8&E|-1X_)ab3>cYB-&B03TU0T!PZveGaglefs4tQ~p)98i+o>`0@~I-o$Bv?$u-?%tfkH=D z@g#P(n_LM(ynJ3l*^TUVcA;NAxZf^4@XfScb|_B`l{OtB-$_7S{7T#0;O!YVqS&>gN5olQeMy zwG`HSv1`N+pQRnUu($ma+#LUR1~xx#_-yIfA2r8?T_arJYa(WmpXpcSbyKR732A+8 z-|#So1yS0)gc=h>w#MQ!52e8&6>V|u^-pt+-*Svyz_#Mt;}!qF)CE!spoRlHhZ})~qQO?p!}+jir}+oubH%k*qWFB=IJ? zbJH5>5J|hwwlZ5w##mJ3YvJ!{Ceod38w>*oZ5v{!!|utC#;H}!4rrn{l~K49`@f!O znBFre3tLBxl1*cfy_j4M&{Pi$+zg&Lgi+>r|H#LOv+xQ?%NN6S4rb!Py7Qj1F+F8t zqgrXih}re1d@n#lRStut?hl>}N0H`V$FBr)C~x6cdRFx#E_fNvK+GFd`#B-^tM159 z_>q6F%()M_bd?);aui0PQdB>=7hfxrHUCnOypg5MDSK9N2=%$eC^Tksb>-}|d3%ZU zJZ2ye;3tnlOA0WWVP*$uZ((qA$t4`?{gUe`gAY%wA|&OO%zf(6Wa7_Iq@WE}s(mE+ zivoMbVjT|2!qiZ57I-FAwRKxT8+nItq%zmANU6`f&)6S~CfKhb)(Z9H44dEAa~wr@ zfKW#84(S-)3Z5(G&69uXAF&F`Q)q}}z6QmSXUCHu;&uZXm|@W&>lOjAWcQ9;q}sL| zC%+ECnzvNKqsu-gib8UI&oq*Fv%%CGwA2f8tVPCN7blqnb3ae_Mrhjdr8UcMbW+g* zk-sHArMphTQH1XJ)9I~G9a9YAY}w3#|E=woL7fg528X0o2NZ&{lgZK@(Y39)zw56E zx;0Wqby|#Jk|B1x!|-Ybl`PTCClwV#c@xaxWt8)Brx*>Z7?wLp6`a4~XpqfPnQ8=- z3uyX?V@-2Dl2|ScIn)&O6mb0_)SMUe_iz%e+1eCQB=>F%!Xo@aiO8(CXK!6wQgx=} ze1Xq(sVT5wyeG_KaQ2}oD@<2?>8WX0W|vPrJSxTj(E0Z|YwtY!q%A&88DAH=!O;DV zTy|f5gfTvpfDoxOpkXJuJb>)-og_V1*T9IXN!Pr!@y~1*C9$EX9y@H>PP++(F&iB3 zn86B$>9tJyNy0QnJO=qnrdPck8ZhKE^RphixEXkES@mHXAMiO`vmwR0PdbDmj~Yhf zT}RkVq`y0Z;yi;4c@EWbKWA==5Kh1uM45ADn@d$o8LIL#4B~ zGA)vZ{a`V0G}{mF4nqrOWHg)Q&OD|QkIVt$Iwq0JNyJ9+RBY3Hnx84;BgBiJp(;0<5Zy2`E$a>J0Jb(Zc=X(+E?{E48qTqX= z4XNga7WWW>cavp7f@W}b81kYr;>-8)KH9S4?7}UVNe@-T0z}&Fv^n&Pw?VFL=;2pw zRi$Y}jV;X$+bt>M71400dGauV=g4!~GFjzuZWeWt9~C5fw2{Kt?gYG#7|>O9ur6!h ztoC$Biyn&tb&*{;w651NO-%bx*e=yCSr)c^jIJVVEB9L8cB=Nhx7C%?_1Qak%sV`T zl+u-iu~QHm8h(!RYn^mc-8FLJXLzm`{;q+f{ILYxX4cz`28>2_=&~ zC2$H176#Qr%*;zoWw{CGLgUa(W`2Bqiz39;UH9$z=QILaRFRiCAt@Z!Wa@ppJGyvF z&+gg!aCZNCx~sU32zyVVWG`jQy=A`Mst;Nggp^1vDJ@Upu2IE;*yE_gt%4H`dlpXJ z{k@Xa!Mz}&Y}{ElubD?MTZLc@y*T2vVaY>Iy-P2zy_WG7=qu#FcOs9)B2%-ysrOa; zq8wS6Nd4R!$hQ)r#fld&_RQFBF=#fz%b)teuNld=ag8_|Gg12^AysZQMUPB1#J)p# z%g|4=9-JAp79YCH4&)q^0oY`*xRTJVmRBcK6k!h+FSQNlnDaRHn!MzjJvvk~<3*O< z`6jWF#3svLN}(xLnu;iKigSq>sjL4~9-|K&^5PtAGCX(VrnKAx&j>a5I&XHetxM9l zY>k@51PnM^rx`6Hf$1yzj;Q#!MLpLg7d4%O?UZ=f)H7QwU`F+Q5@0)9#4rn6Xj9+O z(^4n>$0p^;RQ%eFR35c4l?Tk-aYM#u)MZvF!4SfLavoA=6|8N(20JK6a4PXvYKX8K zH>NoW2fF-Jht4JVS8)?kI#7U7>_Ot95Y*0E`$J0SgeAhpM&WQ8HX|oXB^OFgCS22J zp^^?Ng#zTTTmdL2lWe{8rwF`_Gm~)q~Vo&a6+WK_z2(o=NtSo^G=Y~Z3 z;{be@eVQ!}ynm8!9L)SCVR_zU4T|{ZI6JV&EcHpFlr*&xY~>POCopo>RJ*0F1r3-l zdq(`R7Onc5t=YWqZ}#Pd&U-gj&Ibw@*niA`H+Mp`k*>`Wvr2!hOH4V*aZkG@dV9oy zLt0>YV>&xcFHHe@+ggYxym=!!Q9JT~8?n8eIF=!}Mvv>#;F`X2qt&*~cjcZfK4x6P z1{;V5hD4U}n2_;h&%LY(jvt3#S@XQoC86`Z11o2y1RF=h@&CL~Z~byaY1OiNlhD=* zo4=qWUU<3)Z{f0-jAz*05*_c-kN@N?IE}I)8=ns5~z;pY%pG*DhQ`OC%7&bYBYakd&xJ(>RnF3^;&$shcsQPOshK>`JzIDL+B6d zG2oY4m{k)*_CH@66U)R}{CE?-cgoYY-_LZcq+Dn$`@Ke2y_VoxT>kBmXj|X6T#@b! ze3kM-KxWAf)(gxt{qI<(?gO96a3UMpMU?$$)pcu;Ua&Ss&YatxuOU^D==^CR;XUpO z{_jO!RqwnTebt2~ITq7Sr18rO{}Ykr*V?bET5?1Z7V|$ul2-&1fcXWKjHy58S+$(z zff_Xw%Z~>)$Vt6h{2Pv*Psy>WqiSDd6xvWWduQ{GA zFENQZwCwZc{O)}hs zFs-xVVw6(Sj48Z^2(6S3wbTuJOi6Ymr^a;i+_#K5G|1luC%+YN1DN6xN1qsJ;v?^| ze(mNf_z}(!z}m{4ZhH-1E(B^PbFfh*ECm?z3H&Ra?%;*rn%U5@60w(0qR+6R$cT|jGFQk#nLK!iUDI}QU02C@?Vb@l;d?AHfvsj&VkJJR=yz3T?7((Ms&EP9%tp8@9&f5*lyn zD0EA=2zuKhX6hr%? zZQ2IHLFwvdnZY-bvTt%5|J*Q;9Aj?UgV<(*itjAMlV-Kt69$dq_yX7^5B?a6TkBY0rBV!v{&6#M+ z&%76Mo5eYZP{J&0YW`D>xmCZn%uFHJA&#pa5%P3IkC@5Ye{2fA#Tbh6=wR@*?qS+o z&qaz$8_Uj4H=DvzU*`>m^yi%3RGa^E&IJ3cVrS0K*Nw}@;Ix!RH*e|5ENN`2HD%NM z=ViJ>{I6A!1SKDmAadV34DE66i9XwcvT=%BVCQIi#}nFJS23Vhb=N*z;-|^^7`XU0 z_|=iyBLR_qj-S`ukSI4r%Y-j2W_HrGRobMbvj?4j3gV}N9`zy(4Exb4 zHisf!*6l`k&`{vN1d@*H30uxw>|fS3*ry9-SH7c%TseV*6C(a-Rp5DG-fTg$d=A}c z$UVd80q6eU8jePiswPukF=*rLWT7|TF%@V>ozCx;G}0(@^Qsu3Q%zzkF5u321>=3A zEaXd>6_;APIdKA>T=%M8N*~jKJ8YAA-~R{{W%ZlD>rN|wheDyjX0-g)6#D5afzgp$CQE?R<1{a%+R3EJk}tmw*bJl? zsf{Q0Rd7m_IdYv<<*~M@UMEgUDG2CehqJoza3p}n$>N3UZcKi@yiLrT=~Kd7-R_dMeCpkChRl`SA=Cc* zM=N)1=iw@(f zKwZxQ5*T9}=%#{-*z;@~V9DF-x<0tU@v_Nr9j%;jMvj6Caot-C zI6lUr_Z*KId+&iwlP&^86mxzOdH>~kjs3fNMw|TwRqfw?nt-sRT!`reZ`vv_?mVfe!pH4wqpfehMyiI)|Ng zjlv`&;zgM184e`CXRiKP@17x@d0N%X0b$XHl=weO@AAQxbqZ0$N!X7YL*qmhg=Tw9zbH`lW1P8Qdm@*6H0@x`9XiSvoBr zorid}(2T988GXXGPaoCX9fEGlV}ns57OZ_h=vlxIU^0g?rb4yT)tbngAZZTnZ1zoj=jRvSlw;AdzHyYWo zA;h{?Jva~hHbyF3(POqRWH-u;fD}>n_nsI)e!|;9TTgk*RjSRhVTr(|nWQ}AJDDfM z2IS_zmID0qNK#E3Jtn0Yoy0X9M_t@flWxg5gI(e%gWaX=^3DAW63Bsm42r<^cV)fT|)q+O43 z7V%dD4uq&F;v)iVX-zf!5&idb3sEP<8*8J^3s272KDRZxqJ%^!JBiM!LIt|GcJy#y z%UuG>_P3m~liT}O?eaBat-W_V0Cq4J65j=r_lF1Z%va&c;q!$+{-g}7T-S_M zJEX?l5t=}?@K;#-+ydt{?Ih^}QAh$;k6x~!-ll<{zvu1OEX>6g)C^@IQ9p8UblFd{ znv7I2j$3`NwXyhT*g-BrJ&m+QjRCo}+1T4$W3>^s1DJE2g$kG+3CGeCX|C^D^tU6f82A$~~=`<-%)VmWF^^Y_Hd=xgQgWoT&(V(z{(6Y7S zyk2y(K%sV9jk%p^mqQIP6luZ#@$F(<5TMpD5xPq4y%Qqx2xR%}u{F@&>fwPjHctQrYs!LpLZbAO7^y!$;|T!*(hvCtQN6 zsa>NxkkV_w40Ed~9RldJYqK@rxb@XhKlBzcLcjUhz42yp_HA*tFY|Ik(dA~Y&+Hnp z2|P7TQzVA{BySw#;qH6tYYl5){xOy(d8PC4`ixB7<4;a}IOvD$&016FwS2VK=>X=bZ zmqswVezjFKb0AJ(OVPTjjfm zu}QsV*{rHMcbgS(#p(bUpTYS{oy0S4jZwJ|YEu8U4}lB_3BCIKigtD1w;EHOG}buJW&*NM?RaJH@DkAcmA03C7G~Ga$KX@6N*7rP@onX+qj}%X{{VO4Y1=m z5|zc^D#IDbaCE@0eHSV&(7f39k73(h{bSgy4HI>V2&}}IiXP}@LSlEq^*53fja414 zp2OF;+!mgcTy!{ziAe;au@r{{=IvD{{H8ib_H$t$Z9+zfLyH>XuyWEAeq?kx_viA6f5iGIovy@%hTX=TTGNeD7S7Q{-@0YFof}hl6KKx?Q znF^pjLup#u%xgMYkGJ7RHC_<#xDwW~LjuX~Vj3_V^}T`+6>r>bG@+UAb3VpyvT=mZ zM4yAaSspdgeo-{+SLPTP5z%~e`1e*fRJ^daFOg^RniYOLt(#mVIxod1t5b~nYv&PO zEP6j;QR&#b7jNuds(71gQBvKHgi`B!QJ9uD644XRIPHg&H!8@S_RmYf(QXDIuQ~{1 zk+2r<(@-5wc)SIK5Wc1bkKX1Vrbaesciy`>-xx&wMsn`=@6saDormmWCJGs1UcAD6 zXWh`EIhi$JM3b-`(aQr?ENbb-+fSKrO@yse*L{~uRhMtemq1<`q?=p7eqq2 zg?&a(LxgwR^b14$5glmQ2y3qg|7)l$4Z@|vI&`Xyl6z5$kis=t4MWtihTDg5L1Z?h zjnVRd(5Ent*X1*Iv@ppxE&Hk7{{I*HgwWmAM6M+-^(yZt!u*No0%jcx7Os;aO0CpX z%kvD2uQFr0`q1%T=1J%!Ve)8MMHIVOJ^kOVu)ZC%{yz{Dc+Z`sCt>3Da{u2MNTq*Z z^!&XCc8VLnQk2-=eE2LEr*rXnZM>Bwab?-aWIvJ(l`ET?$7sId&0u7((npAR{w$_9 zb+(Oz68FNBkoma=u}g9P!jBTWdGpe&#YX1{V(=a=TmQR9T*Km}acOj;`q0`*GlL_) zQQ@VF+qo|4#LsoT^uuaJvGY3Mqt2$+PV@Rf5Ozy+L09cFGKOSx*zaX99XO5@75 zc-cY=`SCMYXkv@`EOxPJZ9au^GQzOu&2KOxoy%cp%Ca?Bmn!!xUh z;S-;w9N#^XUfC8nG$Woj#l*q0O^T@(zBY^d4v5;QoC0=JjtYB8{yn{AHXorXFUJf_ z|H)?ZH`y(3s*f5=oPcJ zD>M;ZRqmC~gI?*;St0YMGpH@)uWgew&O~eU&5yzOI;?Mufn6KmmN(aJ0N6H&v*9nW z4HEkRs@Yr=%Qs@c6R0%VmUQC1hivS~WE3K-HiLd5a4?{vt9^fzPp?)ATNjzffIFbN zWnq`pT9A#Vz#@-Sw{!`p^nbXgZTJT;-on5A#Yu+I(t_aS{|7zmG`@Kni1_SwQ4$If zFOm|pY01Tl89UPmwr$(CZQJH8+q`Alwr$(CT{ZQ0Pj^hjykwj>x$`mO zoLFnGZ>w2iE1r6O2QP^~LN<<^s1hGjmAf~W!3#9d`Z}pJOYH2rXv_S3ZVkbtWwV4{o>B$lNb3y4Pv!JYDtIJ8y zd=E~Y3hFy!reSk~{miRrRy&{WZj-8GhoEXpj1O{=EQmZW%R9TVLS3(G!jgCD>4Dnw zoLa_(Qm;Cnp{@I21F2^&FIw3Nt;1jr5Jeh}e4p?c&mG6tzx1vHp^gn6jclc0+0hv@ zJU;Ubv1)fY9!<&n8|e?pWXF@f5FQ@O>HLrDq+rd}{RYJ<;c1nR^fNLDp-G zu}Iwk)o79y&&H{N6WYC-jLPX_U=!I5|6j)wvh#lpODfI(*(~c~7Ts=@_!@XE`Q1AH zt+X->9n>oH zpllO+wYfqbfzmOe34sh!)<&_~OmX_qSx*i8dHSX}l#=(DGvZE+p_+8qFNk6hhGv!e z9B?$X+Bkp&f9o9BDAiqnX|6oMOk>sNa#0SYwjX!W0(`W!ie7m~ z<)fGM*|B`Ki)pz#3R!)!Y2PZl4zyzya!P;3NW{M(=Eg@&M8|dR@;vS87*bG25L82+ zc65B7{6#D}m<7Ssaa1FiPO>s~EYfzO~KES4O8Npt2MTMP6tWrCt}n#YASqg`VxV=flL> z+r~siHxcHwQpW7RY4_oQPOlLt-5(fqm5l6S$>Ua86^O8vO2b-07>sRjl@K>WtLtNV zXp!K%epx*qTj2)EAXH_%3x|TUxZI!yW)lmebMR-tuDe_|l|k}0UpJ?>o_#Tr7}5Mq zVDNi=WWzCI0Mea~(`>|4oSR4G`xkAJd;1z56D7xJX~gy`Fb}^soguK^ zPbl2;;jj2stsJH0hJ)+>$vCUp7_RI4?Rq|-6jcg? zohZ`?)L{Z}7J0&vx?7^y9*|8~t_Jqc+^!nx|EHit4)$WFKAOeQ50Yh)H`-8|E1uDf zyms7`bo{|sNa@JsN9z^1!eZWP-6x(d3m}6qimEpD*}2{g99Kd)nEov=M%YXdT9k`N zJF};Z>Ta7xZwV|A&xOJL#kiUDX>4H`8BsZ?0x>n2)LDcj$V8JxkD3q#(gv0zq4S-C z6y`A88kx>4RsSRi?{FEskE9Av;`%0K76_0zHM|>ZS@RMEqTpRu_d4)f(LDYgwBN zz?xJtj4b+E$dm_dj%KK0B&0Z2?k-Y3CYO40NaA68@&e>d?KCcA*b#pkyp~dNg3C?~ ze3~d8JaQWp7B>UlKGce;=`u2c&NYLLZj%v&i+?i9ZXkF=cmgo!D~QKGJx6^;Hnj-w z8_gBqP}BjbRo>9%NjQ$c$WRo5gtrkRu*4DYg~#${_bpnB)kc9oCB(`X+}7?5CB91p z4_e@!VF!a?dmsl+>l4zIi?u-Z-X&k4PE1i**UE}et_IR?Au|Uh6-_kR>faWm{!3ft zcWXr_>oUEX0lHw@++cO}p=y861ppu}YDPUU0bE8rzlJFyG*_OUuokCZ_`(SM^M?k_ z2+*6O8`p{=kZo>S^KxiO8+sEzXF!v1@!gA7(W54mX)EVWXa)mm z!V?A!TF0!D*_^uSqRi&s3f9Sl_qh%(s{b`;wIJ8eBrcjo*nWZgK_ADiVbK|ui2;Ue zL#DU2V%S#`CUdcu%@6WFo79nO%<&Z&9ftXD zf;pU&nX79(rvVcp!y;3s0FalmrGFtwkDvga(k#}2QK~v=AbKwqr|TCn2 z<{`Dwd3trG(NCYGC<-6)j3(=pie_m66Ya@Hri;Msx9%MfmYbz`)Vczmcu+tfoH3l5 z%>QL4H`x+H?ev8Dkh5e5oPtk{_?WguoAp;^$j{`vTGljL3Oy$mi!OS3yFC^0R+WMq zXV!j@Yqa2;0v_tjlRntaJw#!MP4m}MwG%XSA0#-!n#$Nqu7tn%WW~YBl*GDD8tGd( ztG>uw`SiQVD6B9J#oaNIw>13ZLF=6Kym#~@PzMdBg?nPR+0jSJC~@g?Mpj#Oucv`( zwxwvVBo4@pOMw3yep-ejJLH45fuPx%iOxngnPiAlnzxX-Yf~3pAFK2j7au=yI^No6 z5_K#;jli%kz_-kUt~n(I;~-mnX{RCDm7NuvfYrDgLNdV-lpq}fB7DC@VU*~QC8P&0 z8|6`<5|j{3BvFSf!?(!8?^~eHuq9nr=h=`H)0Y&2arVq}<1_&1W)~&g=qThSomSfo z{>%C1!f%IN`|ERFU?{zh{KxU!>ES4Ty!nsC`9F^5Z4|}VzzOUB7@1eUm2RTH558FA zuHSmT|EE;zf4xs1+QuZeLd{`g9Clz|8dV3?$rDwfkMEF{OIW_gfQ69Ffw-t3pcE)A0*;)Snja(bCAT1HI5AesZ^ZV zt@9zo7@-${URK67324gzV1#KvegPkah z0B%s(R7>_Toz8lz+i>jHVB4>QyeYN|16LD7t3uHR^Tq?3+Lf2;K!l zBs`AE8B^RafHwr^Q>MEAMl~+3*M&x3QX&B5f;(_9_oAxEz)^g_TQgUd?A)Cl-p?e^ z;E$3v8DGlettGolG*}D9wyHiAXdk&8@{~)^XVct7Y4mje>{qW@5+p)XjT{BvAyPG| zxBxse1vBaD0xdq(m+3cv=Tbqq=Lgbrt1SX?Kn6l=+BW7(}&9_dSIEEv!g=bKYGXYYQ41HF17HEQk0J8fg zo;~8aSw7RYXQwsC9V%+%B#zKN0t(_x?Z3-;HapGtBX9Yv47WyFVmc}0*!~#!@-#E*US1T9KxLp{gr=Ye zSgwgIs|KXgC-!pcF9_V&D}&jqX7M#Ld!c%3uE^p%V%rV4UF=Jqrqn~_y59Iegk4*~ zYFi69XFmO7E;5u^!?Hs~J3J;Kv#nrUAeF-K*q~A%t4*W}cnWq8ukRzrkO*b^f{5H% zX;qW0pSWTO5ZD5KVc$-l4T`q;HU8_g?DojXWFxMREJ)w(?nf?KCPKL}fnrHcYDip* z7IJq2P!RT{08~)b{z4dH3-^+k%&_9>y8 zaP~pw2&SQe9=E60Ry`f=y*{pq(HR;%2Ph8b&457c>|CcwyTdJ6bDEhl{9%7BWxA(e}9=&}EyCFIJ+t#>ir)`0bD_FPK zCtGUvw5K5EFC96p=!uc`%4j7y6PJhzskYO_!14CDv+6aR`v$mze%Bk55nNE$5-Yu0 ztA|*|Jg%}IuByf@FJn*%b=NgB3?;COL`pQKV|*kEaZ(fB-#_Gf+PqCm2Tb#N9`s01 z4MQSzMahvQF9Oyw&7QBRY>#WCW{}M=J%zMmQ6_39>d*LZvk|AJyuFz-A1;6w#6PmJX?xA zoQTsFVrN1bojR#flOPsIlRUcgbbP*S44>Y<_*+iE;LwvA!`Z#%` zqF80IZROTR|McSg77)}i{`Ew=Fj>l61GWUQ2?i5yv>BOdTPChkdbi74PM?d8+Koy_ z%~-7SFk_=`wg#z)Ls{4}t3wazK9^47@)%X>+4P~%IYt$jO$X@ygvyI{s8*4qmDG@T zQ$NXCZ+xo})(Mi{+&^=oj&3|5+%yP5Vct$5))-v^yNEwC#b}c5s zr6??srQ*pO(9r(k!m=JzX&ZjrKz?$BPE7&L3?&$L$B6JCs`Psfgj%A_EQDUy9pAk4 z3~H$C`i1r3rZ)J%dO+pN*R+qXlw$-jK)a1Ak%&;9kSx{& z$zLZ8is8Z&3v3(_J4;ow|W~f25hq~!-M|T zQ)@8=V1kQVqIb&w)lTsd&E=wB+kx8E>2TV>>HcbkbIGZY`-R91$z!+A@5E{0%ym*%W}6M&@b7*>ua_*2(u_@pAqL z@tkaqbM%X6Ts?tPn53UGt+UOL&Wozb+)n9kD?|taEp|q5JgIjiyO~U|a{N56NS!!9 zriPto9-wR{XDq+0CXbpX{JHDVll{K>`P`XN`(+UNRef8%?en?n^XlDEAMmO!{M{M10itEpK2z=zYZrBVg$mDheP!=SAkJ@C7@g)Q2@Hbd;d*~BS_L<2 zFH3-F^v<45SoF{Hg{Y3O8hPy>on=oqer;je1&X%#ig`MHw!x=9OO!NLqBREyXHs{ zmKy~2U#`$Y$soOAq$|_i~rVOY?^=hk%bgX9gH5D0lOes8Ci=VK@hdp1O z0qB*MWQ5C#|8~Q>6MmDIe4Atmk`gkU8+&gxDAW?4MELsvTFFiWwU35(_rokaxp7`UMYl7W({`+|*E!U+h62lFHvDp?pK#F|eImNLk#C8qVQ2zQlbO!P0vwa? zj9~?lFH-Zoo}8~c$y@Qi`R=(`3c?$+Stxh?w^zSrsbacpT6JvSp88v#tHRlE(SX*Fe=%G#}|08AJqaXt~cvf0HVHH|BRuvLC$d%u!| zZs#re!?^9!!Nv~w%yqtQa819dWyN(BMffsj377HUTo|EKKy&-x(g+H7^qCf9g3qr7 z+|&>O5nakDbAp5{@+e&D7V4B-iPh{fu40gha-hcRkSipr524b5zABob#A9>vMt!#G z46TzB#6D}Drv8k(6MSwQSFk<(cK%%L(swmE2%S^($Ct#_j>JLTz|cJG3)FHPY%ja=7rWad!!Kvxh3&}}b`;aXCJk0w9-J`)(* zPx%oOvPA=SUKrW}OpeQ){(#ZzX?rggJ8~J=EPe1so3LAAxDYUgH`+|+b?)Mx~;c$iS!kA^J`DQnFI6Zs# zEd_>TCvgrZ{>+8>&0a2Ki&@Y%rQ)l(0OX~xv+?0`Q8jJ$c7}oL(UD%sO%%3>1{Zf7 z42!iM@mur-EgK=PhNB*$$ji>g0`<2vT1OZxIAaXJM7r1+aypb(XK4Q6NfphbDZFQP zLyEf2%{8|BcV@R`t=k8_4T${d!Xk-WlP;x8|AoIs&V!TjWam@Xu_2DDOLFJCl0IdggJxakQqPY`0bRo$hLXxQmDu&0+NwC zur+ra6&Aa!525`ZT64ftel99n^275;OO+t63BheZm7pLXs~7;sM!?W|-XJ|sC`z)s z-Aqvbl&kMm3NAOI(!GXnuUqe4D}K8Sp&=u-5$Y8yse!gCwS|j$I;IR+Rm}Tr_%}=E z>UK2};q9Z1@m3z>+`yg#0m3@BF?kMmgl-uubf^?i(?m-lD;9 zi<+*c`>HyJmA7v@u%jN@pF<(Z=w(oZxku6VCaU)h?V%VIND1;LVW(J@#>iJEL<{`E zEDek*NOf!%X$sMVOiKeS*)2@sMQu2U7Zm0n1_@McZrL^Ud;!O&OSLd%EkVed`VRpy zr&#rrXUUr(k5a>N0RQ7K>DU`65;+aB@fUzdME7zW>DJkiF6Tt|)2{$nm_0+3NZvAR zHr?IR+D2n!23(%FL}CC=h0wk(9cfQ{+kM3r6M?oT(b<1qHBr&SA9ft zHm1*9^@NvV!QO*Rs@&W#Ef8qLox%mrJnG%C@Q_O6n31HBUaIUl#lF0r4cV_lnQxCS zybGGMjIekZ^3RPA)q?%j5zVoV&!OEpDUgoDZn6&%KocVCN!nvVbtrfqxO|9Gdap8R zji5^=(Rv$c+x!}OKUoL84C4wp9=_93p)2|ZQ34*OH*|4z<6j;X3e;fUR zZ&W280hwsiJPaY|`c9FiN>zfERu%Wuk&pqSh2QUkSFM^XzeivrQwaCxo}B+>NPX(| zK3xAL`|(l{FmB}^>Hy62{PFJgg+=}T!SAu}julyHIK8fh9JH-&!Lzuiqshy^6uDAe zua98bq}w8;euKo=yZa2xA50RD>^M{DOY{DY{8m(T`Fqx`ivf3>O|AZRgDEr6gkO+1 zuJD1uhf?YcK6B=C+(e02@yVpWzat%l;1n4xHqOXhqS}8l8L84!LMP?|SHN{>Wapzv z6(X(!3$Cd;JPq28tv!)Uqt|135-8R=sH9FNR5&Ln-A1i!-Gp_UAQ5$h8$pGy1p?R*Wim()%OK(^5ZJc?i zK$WP0W3q%Q>%6qhOT#nHg7!f7iLbWpR&6ro^^HWQ4_< z~yW@7Uj3CtYWO_2LGP)F6YRl!E5;uQZSygY$=46d|Qu@ z2wIb%!2O4K))iQ4w~10}6*UtTnG~tN@uA)gLD7O{l5$o1owrbOvbhAYIS1@8(@C{oJ~v3Mfb1dz&Or!3(M~ZPdo%e zAlwQI&G86p@%TlSm!sE<;{p!7;-tq;W?6RVZc%yIvtPEe=WSIUCxEJ(}Yp05E?8K}80u&W3 zJC*uSHlcrS&(0&PVq{$2yQhlSDore4b(xBq08}@K-d>OB1gE)*wB@H+!5!x_sz05c z2s*Hms4II)tc>Hpfb_;crTKq4fRa$4KWOveg6+`ahK&l}3!Rg;Rtn<&2^5)rLtg;8 zT&hr@?WA6TgNoRzi^cbmV+$+ejmvfRo;Bu;Pp+g^ zndV$nk)k7<2WPvSdM*paB34|yR0?txn4{HGxKg`L=YWg|R>_NqmS!pKoCEArOvlf9 z={bGB9GbYO#63IIs|pX`)0<0d2q}Dz{i}kUvgq%4=h$P?#ti?b&!p7qfxoG$D$45i zrr)SDmra)v~uLN9QE-B4`$ljAqOzQi2mKb5uK;Lb%7dyU? zFS#NRO^mX1syd9?y7ygKa&_cg0>iT1?$GTwv0~RY>AAgR@=>x}Eo{)0`oh4!+i2RN zq-2&pR)Dsqj!Z)`4?0TISI$70Yykji!@Zo(K^LeV*x|4IY*SZYP>3o<2)o<>aio3$ zjz-Nl&q#8H)q$oed^R%a#Y8RO+#D@63Fm|SW~*cwbg3eNZ2GC1gw&Wb9utWo0BTJS zLEwy}Hp2tj*bl79l0i9HwPGJBAs#U5`pZ7S*XDqToq^4=s-=ZkbM-4yc8FX28Hp@_ z>Fuq8Z?7`|bf$~TbHrF;@}KIc$7BEploC*ZlriX4f_}4?if!PO5s!6`p-b;BgH^m4 zsMqc;y-K7uKPA*&OQz+OY|o0_Y@uW=?nC4aodYlK!boRW z+8#G384zu7=BHgS()r=7_db zArciJd*MrA?MG(KX&C(Us!B)c+>sS3D!PvS?s1hYe3tNG*A=FSgLa?WIr06jr49o8 zBJ698@esmcj$MIJ6)DzO2FUa2`Lra`Sqx?3aqTUPh^O*6@ND@PXGNc>+~W`UAgRk; zTX;Htd%;niMLTHfu5rXT=)$5Mf=c1(rjMo<2N#O7+HQoU({A%G6G@wj%*WN|CQRUG z+V6!XT&751__@==-fRS_-H_CaDpJ_!R;o=0mpfg(~Q!%&<4cX+4M6dG(fA= ziAXe4YKf!dcjKLc2!cUSKqC%*UX(4<1uDUE%$qi4vuOmk97)h&J&RmB7Q=Usv;;n5 z-=D=>moxP{SBQgyMwb6zaOwZkpyp_)-h4(`xi5W^SKS#~lZQ&4wx~#5)(4{?ySg8A z|3me>>fCc759OHS7bvoQHbYaNWsyk8)5BZ@EQfyg(>yNWA+Ak@meUxJ%R@h- zu3X~z*M?H)`rmjTETxxC4Tq`H7i%G%3!xR4J{WWUt_5RG=YhwTY}|R>cJS~m3`lTG z(k&+6)__MNO|g#WS)8=(77J&+j#K@DQ!)!gpVi}8o{gmq1kV}O*;w5RS>#jxf)m=^ zz2_N3nrtqB7FORF>+4Ox`l=%*J*|_jjUQJw2VQL}{S%a!IH`PLBs{m6`H^aQB%)|* zXhN61f+>KI&F(07@UH6uNK_da^a^56uFi^Z#T(ppLHyGgH;S{T{Z8F~<0g>-ywrBH zUOw>(HtzQ&(xh&#LkulbcWX0jTsthP}D4yOED zqNzuDU_%Ho!#@oqZ9Tp-v=`q^^=ZzJ@wL?~wgF3J1A@B*T;Mg`@_D6bYsXT2WnxzU zz8#+iVe?Ejec>4#zmpqB_Gl+d@XMnO9@)&K0XJz;Gi<`6<_Ot%>xXT)o!sdDjmwaH zED_pgF_4r{Dd%Q!9yrPv{mJQav$5S6{Uh>n@`kE2tvuFEqUf41c6q?W(t#o|eHuk` zp)Tq8QX-9Pp1=b%htABO?sWZj)8biWn=6oyhflE~G23A&Ck+VwrQWq2tD+Erni^1x zUQ0WGYCp0k+{)04eUvgZW*b255;-YVNQL7}Kbs?7&2Z~!J3k>Sv&5xzGL~D`PYtVw zD1lersQxU9-Yz?>*vy+q;o}0OBqTgnRW!-TOKJe%z<*}t zNaW}Wg_c~JS^o22RutzoDhnc{kah;2yL~seZty0r08*>fkfK3qN_zM+>+$uv=h@rn z`)U8xsDw%UX*1zlg|d=#&}a;qbC|nr3;hyw*jyIB>Wy7RGy$8k3b!WYhZ+ z4)={z&|Z%Sh1=X~u&!n;g-U?(z;KOV#0WC;aDvCDeKXa(*cEG{b-t$C4C*&)G7w%P z8ua|d4SVu_br50k%Iy!h?h<%=R2AgI-PeH+$Z)h9kXhdF(Lt8Zyl)EZfL@D`TRf;0 z^rKHuyQQ-NY&!q3*%E|0;USGZ1WJ`+cij%g{e!2x6mLS!z^bX926)xigX<#LqMBOlSxQkBgXQzQ zcm8?5wd9=a+k_IEC@F0@M%wB4P@q37s_bsf4%KA;{@0Zav4ds~rhTQToylu~pbI6R zlZ0dmb@`w1U-M)GT{DbpcNIog%MBs!WaF5bk}8v-1cRKq=wxepjOUeWQn@J0yT)r!Z$S_ElAh#J2NFVF=*S>O)6lj-;l8jXEKrM^`DSbw~RqvhX_uk{Q z;7ysbV9ZYH8hn`{tKo%>xellHq+znv@>c3<`zZl8&5rFn%UTby%4GLZ+!gCe3<}ECYa`f11gMasnP)BrI}26M7_802(jH z_^+7po@bsGv=$Od1a&ou>yZoWnZz<`+&_fXhT^^V_iw+*!-vJDo~^Dff3l8yU@0@_DQqMu}$+l@p*8@JB~_D9}i1+xi^7Yu1Gh5P;91%d){ z=S7{Uc;Dy!v)NIB3`e8hG#4?5s;Bp%oZ`P#*9(#H-fh!H9(uK()%jz8M`C#H_h!aJ zLp}SY)uq?}v4!HMtVeH%PT?o`1t_0TbZMchJjHO9|8t{3J6@wX-uQ%RCc~*x3(KG0 zOs9$S3qsyW)Ue#M2&1YXA*70DWIRw=7?(bjiTB=3$E8kV;UH!$xnk|{gsdN#;QM)- z$)=XHVgvDb+iKbQorG{bIh@`IOb(6wnHm`(KN@$}GPHzM=@AG=G)%guey@Y0Ih+W^ zWw=kWLX+CXU-ssU><8rKA<6jNJE|=>_R?&R9@681Ps$wH36{q1MVX+IL+nqWkFqYy zeC1pg;`$D6&D2*wM{Z|$LThnk3uTm$+&;)_Q0CGn4PdAc;kR$_u!)6asZm5MA1^7N%vtSv##8pO}r5$B$Nr>9N*FK6oIArVOv0h>MAvu&bbp1Nki?8jU$05 zosdx}PL+ZT6yq`h@>R)820wdD&WXsCpwh&P4Kb+rV4`@gT#rhF*J*{8@hwe&sm*F( zmp0I9DziY(rPt3llX&(BGWM4|ywbePuJL_qYCN!c)|Qx;rV>myZjBNjqb~Zs81X2? zuwqsio)LUL2u3c;e5`=6Ujt z!5@J*U(@*s#{Nk7`XrrUL=enAb^F0OG;9WGu+SYkeS(!N4z0mWQ)SoBB~z`9tf*ozX)_W`jhtNp5Ut^iap z9npY!5`)xuJ+)88r$M5NFvJtfSF=hb4Y5pK+H}`E2B|?L5(N-I5LgjwAEcf#`*YK4 zg90&e#6)gU(2fq$8M+K**oEg0&Kh-&5=bwD3e)daf<%hCLXV7eZiIf`bJpT>DT^_J zwy(`=@RL#ENcmL&P3uoE-}aJ#E*1uLpy?gD5!Uu&WdeX(czhWwh1B(4TTN$@d}T`Y z(mcfELStx>iWGJIa?&et2OrhTEY^Yd%f?}Tt`)(0^@l}>_thdVoBDTXN|S}p z=?(!!Vr&%4i$QsGaEF4ip{v2`5sb>Zr>2rz??KTMLX(y!>H|j)wpmP%g$GJezROqi zIl;39$Yz^VVaC#(W>Z%R?Ks;q>vlN3%_p(ov$gXN0(>H3qju9^P6(@Oz9t;Fr5e8D z;I9rfiy6kYtW4`LCP_=qJ82_$wJ_9e=(ijZ;G`@#>E@tJb=QKk;;X+sP=*%nG{|7zk$jvBWd`+xWtpTp_P$jejEmYN zVMcxEI%zw+j5?IK4`Q0dCoM6H0o9`myf#t}U=YkFgFt1RNy}ubHX3_kUS4jIqFx_0 zz1!8R znpFVXT&LzCy1)|*3SnW*LcO{c+0cbk_b6J$V@iu_xvS|&{7@P6tqQPva2b0cjhh2>^FccV~uS-v+k{JAKOk{en{uXYiZLPuSiQxkk?f%Xz#pL^Hb)!g^R^+>Oat|h&46<$Lmde@4U^`C>>^?QcQ0{D|2 zvN29Fho#R21~g2Gt+o9Zg9&N1k!HTwe(DvJaC}CKSJKguF)RBYx?P~?W_yO*cVaC! zA_bv}dxn$lI25{D1>T00PI_B2ZAh&i;PIao8Mbm>&g1ExwaB~X%jU7Z6=)mF+fJ}< zOl{Q-Ofas%fhYQ@k};=GhYXabGGG06Ln;N^e&T)r1v!7~-lMI$g~QFDcJyWrj|nm~%&?CrET2Ad*ThJvb=b``BqY{Q?*O zK&0DJxTu|eMLAcZ2&&d9VF@W%36?(IMwRG|&S-w2gJM(f;wG zl`e;79UA!*Q2zKC38Bm$w<=v=xuz4fL&eD%kC$tzZTp8fOhEU0$!cKgz<02pF5XThM{vR6~ZD+f-a8N|BMOqG@J}^s*%_$ zz`ml{6tmJY;P1`oU5$~tw73J#lb|T?wc)j$BwyrLFNpM(s1${;NJ}qkwpr7br1$2O z`ciWjuo4tJ;C9=g!rmvc*2JU$VT>2B?sS&%H_y^7_CzN8q!#FX){+<>4Ho}QpKxCg zc9lu5Slee=>3sumUx_Vf);rdhdUz^>z{+oUAPJc5Xgfn*V)0U8w5iW?o23siwnUJ$ z!;HH^4)KEy5h;7Vx)=-iOwY6SB;5OJ;OL;&Hl=m8;iJ-^RVvmbcIr;0ov`|JE4t?J z)m_xWP;VaQ_;rU@zs|ae#^z7Xi)9;z#SqV+_M+wVKnxrZxv{W7QcGhE>l=Wm7B2+1 z?u*X=)>goWVya@CfF@1k-=UK#y&`h$hD;p;F7`DZ58nba#M9@|lM=p?*4n zxvMi@pBt$tilnGU0AN7#41gedlSV`T*a=lrppUa!&Beeh0)4~;cYh|J4}8T5QlRB zS+(sr%e>-tZA6kCJ6gI5t%!X1sF+w8>^*7L=OlT_XQAS33T)27929DP;9N3JJg%bq z6OljrPy3|PGC##TP%R-`d*p*WZ9TtjcZniGqy79n!KG&pWNegXSh2Co^d&hp!#!x# z7UNXHoQTgq^71*FxnCJuSUC`x^H(#BRdVRBjRP99Vvt8oqXqoY0&U$s+`BJ^kl(@5&%&*bDV- z54ukCE`qx3_qya`!z}1j@sgtuHr=GvgjO{WbXVGbN5+>H+Je%2e3Es3#|t%IhKmQ4 z@0grnbL{7SrIb>lzQ)i_5b3cuTyAHQo7)QnEu$ggag6-Bj#DX2z*vW_I@4x`+}%HV z4w+TD#UuS4TSICGG`J+%Xk|%k5H^9E@9vWVil+jwu?^Z2w$6$!Dm#A+k5;MeP$n)> zV|)zw0eN?d;84}(L+db&YKn<(9|0x8IvOHsLdjiik&on-ehhEt11c?!3l z`qbaNC58nHb!#)&^Y8KTh&U(zU@iNH@9aZqKrKg)+WXw%y>OP_v55L|9^Y~#sl{v1 z_e=|VYWr>NcM>AFsX)x7IJw!K0U)^7t2e3Cm8cEihbZ=a>r) zM3oxot4Z|`gO)WkKw_zq(qqt&j!L~c+Gqfcxu4V(?=iZTP*h|rGBqZ9RDiB;8ecT+}x|T+v{Vvj;V0oM?o%tHNd#K|k zDsK$KY7YlUCX6K_AKEo_9n-^DB2_J=*XV6D$u_MC1qsmnxO$?m2#}Cv^^ZM94gp|G z{ZcT8=T6u;g?vS(5nB0rT)`n`JccYtfH?ehD)?!r>gLt<)&T%USm_Vor1`{}&mo*< ztC7YsExoi1(n^TUVqaD0+!*bCM8M}LwTssD^nQjM3qG49MwTVoal>rRI8Tl2)B64* zeAlS27s$A^&ir%~V_YvzkT(}70 zu1O$Ne>xKfCiR4_NodhlMGpwC%~kjVBKpDY!O_+o zT>o!~j#*}6WpqZGApxn8ZH{>$@-+Lga~*{nQ03}-|Bt@-ea?=-Q;=Qv_jS<;J)cV9 zJHOWm*&`bcF*!_hG>E`a^;JXh4W(f+XLX3_NCcCS_l{ZBMyOcmqrRVHpzxtZ1Gt)(pH84qtIDU$_N}I0Il7%uZP$7 z*OJ!O0-zv7ZD+;^aGTts+NaF<$a^o~kwbQRW|eO@N1Frd15Vn4Zz(KU4wvdTh$y|0 zfeBuR296~YF;(9EL1Mb?KWLJizMEXts1E<~9J8Sh4{Y8G-Vk;_j2tKzM{qf;n&fs8 zbW3GQ#%c)mL`LmFW2^yQEZi%buguf88==~bQe5IOG>oGdN))Y@<{OdE87^idS8WEF z?1;!PXh8|ONz&{9%cno*fTC%mFyo4yC0au6`g=`Ct5x>1rx!NI?Go;#Pj zc3uZTi;InIANYZR4%k1|uQ;(Tu05W7DSo<0-#K(1=oAM?Q?mAPDDzvG2R;ZSeD=zA@STk`_18?7kl;183FiG` zpx5DA&h#+^kZXD0w3FnUBaGf1wGxy{$aBt*k*PGI>hv`FIX6h?+f^A=e z3`kz=up&5=xYz_V_s~oUcSEQ>pt{xqOJ%AD%IvYEjHqV8HV(K_Pt&%|x}KVU7z%Ya zvTaqTo77^y)k3xR37zZ636~r|#0_4DU|)M+gVy!X)#IqtFMY8?mG=lS3f`Rk#Rlzw zdXl_83&RFwFSc@Az~X?~&;1^oi^N-$;DD>Dw4Lb79#=rX@k#v^-hWl1M@AB%>eJoo zNdBOfl&K@Db@R8oYc1qzaCpp0@#jxENN%7*+&e z0543@RagQr0dCogFjrx=cys_K^@qYMhQc~wu6-@(Mxx@i--VYPyueAZluIu36F^$m zSNTS>PL}T?aIYtq8hj9I+Uww-^by2!EgL=zaZYnFXFlu?2R&mYu6_Yl_U=P@ENmfQ z+kF3!zmE1W{pI#Gm##3^88}Uq#SN~~KbKc3?=(tVW<>U^tKoB=%#~{zv-~a4)#a%A zygjxp8!C1sS2~M#qK<(+LmTpR-Qt>^DzI}q$#f|-qL0@N*|^m7BhL?3V%}yw0{P_6 z05FfQSO9l%w*FV>-Fe3Lp}nqyPf*w(35{8xe|3PtfpBMyW<4!h%Y{RpajeCx!TSTK z*Z`3}o(Zi-bT=5J{fYi^qT0&QXo?aQC~{FY#UHrkE{1qgz%2@JiOgy1pn~^qUiF+_ z*02j#xwsl$x@uyRql0)ciau*M=E9M62z}5u8@Y=O6R1gyN!@i}fb(CwI>5MDU=!k9 ztO7+lx{v~?IMNO9^_3hF(w%m~eqzAjk?vpP3z%jr1Ni_m|58C$0 zn!_lqTa6*8{&K$O{T=~wrUSfEE@={}Zf7 z-gsVJWff1^B%&YG>9v=W$n}o~+OEF?RDEc&fq%0?EC~y65V!vFjxMDI^7+*M3 zo~BYC&aTr3UP2f(%TV<9gUP@1k#XT23wgU&DC&Rd35cjxr@r`bV;d6QUo;vK?MX^p z;Pbh4sFFq^4mtwh-&Il7AGM{9 zGRlMMZL4mC2L96U6`G1Xj~ykmGggHs+ZGfqiFe~Ysf&lf7R6bDi{0n}BfqNAm}XLv zmVEjhByJfyJ{bAkk&gs&b#bq+D|E?)7R3h77ZW{z2|Tc_=Q1piLJnjPq}sH!YU6MA z#^W%ZtZU_sT{ev2JtFQLyab2Ehe|c?)?>~Fg5%xfCmy~5X^~c*SMG}}S8g_JgC!li zG>@feHcLc^K-UiH_S)QbzVS{_RW9mLnrhA_uwp^Wj2%JSq!x#>eaftKEBvb{)M(IY z27W;>u27eCibX56QVj?VcV~_-Y)4-BlLD%g-BU6KJfUP>5~`J8>)1ZeBAr=mM7HS5XOubuzh~!gFqDLkjDU(f77K_LD)>LvmGX3Z> z1#fG>i%y5dhNk>kkWL8A`!zzmY)3F;?PNYsZ68b7i5bJ^bh1ng92V$heW4EK+l=NfAHPg}SgNO0s{5St&_jTU4j;`MR7!)I zW7vURh{IJu*l3XH<-1Q1qhqL?>l5Nbfy$b5jb@CWU0l{7q03saU(b>(jrOo%Oep<0 zXw@oF^fjYx%6t{YHul%s70VkS0j{cX6AG%NajKz+hcg*T1$!e;)dm>0fO`Zq=p#%e zmns#Hloh{G(F74RYL&DBMu2pw-NvA3j$v=y5@&h1aogc8Xni2E^N+kWZ)AKsx%;c_ zwpQJ4TU(1@2lL4yS!7f~zgaR$;bgTV=Y;olBkkVIsUQK)-Pi)(^Jrmn@GSS4gZQHhOo43F3ob%lK+#l7ut7=#M=>Ai+ z_FC)h;Lz8?Pn|M5I(?zl-l6UMd}l+Hmb=X4W0-=fqcCD%!ez+jYVboC8tuVNa5FPo zfG|CsYI4}0b<=+|TM1%5<|g85aq^RnFj(mC|JQaj@>|5mr)$zcwRnzPmF9cnms0%JM;{CRcb!TU)AP*sEAm4jw68XN{a zL2nL&ugpEUKP=dl#-UJS<^>K78e_vx(OEV}B#*u+h3`hW z3BBI0uu)gIV|~K}i(JhO(uK)&{wWbt;2Dc${GH15nFo1pS#^zMbIYbhDm6=tVWg^^ zV%>awOUKx1JvjqKa*)!mc1}A%c---3*|&UCH|1{4s$fcJ5Nl#T;eP+hijgw^s~!iT zg1V8KnvgoO@ngzzjnF#wy~HiYB1*f;oL8X&fQd=yCO%wjRXlx{`=_vo$MhIlAN_o=DxYPUw(Yv%NE~MokJMe6uU)JniwL5+Ohm zZi4A1^v>o*U%$=3B!vXJg;Ja9bv4zR;hVW)K|NX3He#tjiB5z|d2O6b$qWZ%e%TjW zoQz)(?$Asmu%lx{t8jB7(bRpGuZ0aT1oi!lzuUSlqV_1?c9qYcDH+yC>~D3&2p1oFX)wz@}f#<1=8JmQ7`Q3zq6J zMSgJ`nKXc+QAxxv)EWY)$zy9*MEr4cSU$+gl&VMS)|G$y*83}#w-(^YDyUn2{?ZCZ zFH0)Fw7-7h4-|%(7^(-`EFP&JSMXjqtSD}&LwO6^-&E3^4N6 z4~L$`-`!$`2@f|Vt5RcD^?zD#mw}CwR7PZ^s2kbPyV1rU5?xAKrc>0OvF|z8t?Dpq zeMp@WK4lBTP=+zvME5r5sA9CELJl+ZQ2vvvb3{eM44a7etFY}{{fvbOY$C31o}V)x9xhoQv=$z@sLTF*_qmR}G@KW6|VJBaGd z;RRI^DvQJ74X*h@4+&GSDJfbyK z>)&INp?s`7es{&+sE`sR-2V<26r|HA=_BRWrNkLABB`&RdD9v}n=<*6JZJYgx9@+? z1C6yvvd)4GKvncQO~#lY+g>3omz9)cF(jl(GJ=8oV{~gdNd0<>h{!Fc_a{PA)$l<; zjjYSqA=5!*;IrBgUB*IW0lubHYDWdkP0SdZhT?mYT%spSnOjmVO6Rn8L-Jfz(blH` z#gaqZ)*bpEbRG0630Do&i1iT#U)AuQ3>Y%Zhn-bonrsC2i*|>k zQ%rrNOiYRYo(-eVClbvASmJ2Orb*I~56OE-S*vtbmz_@vX5S>mBzi!ae4-Jfcc_?TitJK>0vbNit*zDX^y!Qjvv^tWc*wVPT% zQZ+H%!r&&$FgV!A>GC60GKMve@qW`{p_>clPJYc#C}j4aQ6eRdChGSrr4AQpm16Js zV@Aq^YnOrD@)>H8nDo(7Jik@F(643ddi)4 zn|n%N6$jPDF1J;guC-K`8^dl&K2hIA(7Tu{H*ifD&d-Mco2Vm>3D0=24oCmtmyoSp zhH7`!oXdC0+-A1JzQZ6wFWLOUI78%Pl|??H2wif8Fys#o@CFAKK$$TeO#8CC2 zBZ0eYM46P{_)+pu)$i-oE1M7I9esDw);(*@>ITba$BEwh*`p|r3dq9pcgOy>+Bm0y z9s8y6oCO(^f{Zaal1W-rX%tgMUsDkQQwn>1;V+gvm+s)>T<+l;5Q+#zUxZrFQHnY$u zaTN82<~`BodLb;U$J-?hm0u@O%h6hxo?8?+540EFXDCv6xyPwC05rEs5fX^F zWM^Gvvp+<^re*s9nAQ%Oz!c@=Qi08iRpd7H;~;oVDk6sTGb%TI=_B#{0?J6aF&8Fe z{5le$3!~JO?E96nr`5bNFzk<}0^^kTnN+3K;LA^sEU>@69kU)_px{Vt+$te~wsV)v ze)dQF`0r@j)oI9)PWM;sf_zKJb1Vlbj=yjd$Usw2I*{0d9iun$<>R_GwzlF4`Pv79 zs>3hTDu**%=TubYm!unn61Kkq(pPo+SHCL^8k?-ebp(m;uqub)nxKPv&nQ1tR$8W- zRJINBl55btq^?+QRZ!w<{LVp7*xfrEViIL;4HDyP2UveIWRx5rWXGDgc|BA6+LPm~ z(>VQbDs>0#k}5T!IvuEO!}O@g!^>C5z?1pwPGXW%2Dtx@kw?IO`a6$cDN-Q@_u=Og z)QT3&fLPZnoSNIl1f1nF_U(tsD!X)gH~8Ggx8sj3gQ(io_PLCV0eqqBu;)%M7m>H1JFPMV zzv8PqS@g5ePDBM;%(w?D#AT)jVtrw^4b|XdV24PpyL@wG2Ak|y_;`5mhuRD$t#3Ux zHfOmZ_8;F5Yx&y7`gR)w;L}lOYSbqXO7rF$WVOR7V2O&<6=44|v8w38LsL%owk9@s zri!X>-6ipz(yA@Bl%~oPQ{EeL&ap^|0J%Tc%WP}9I?}i~Tej*yCNJG=6pBl2$SvCT z=8i{WQHuicqDdcNrrb8Zq@p@UMf;-4r#_Vl;8b8TUkng`*mM2O5T*13Bt&dOF&sIZ z8x`*nLgUccD4kRc7t5z8kRkzqMw=;gpl7tr$aOSA{3GRrtrxyFO{HVU+F>d=soAHs|H&u zKvOJP{;oE$#A3uTcz#g$Lxn+{acjrCs8uzWBv(B(PU`mD&n7d&**3F`>ZK?7GQp4xfCPVg41%NS=qfn*z32OvL;e+B`WJG>*Bnl8 zOzPL&=^2m)oLkzuIQ;VD0dCx6ps^irK9I2!z(Dhzpz*`#wEvgW(H)E(cNsI?RQ3TVH2a&0B&-%s1X$-d-TXXGPR6zW3?5S%T{|83-2bLCohT5u1re; zc!q#`pYjZ)Q%aO7i>v+hr&5@aZX9u3>QDA_)B*~tplEQrFr}NW2 zI8uvX9vSht3MZM1gIuNN1bN#?O8K!~vf&dhfcg9Jh0@Lk z#Cv6VC#h1xvGElg9*zr-#8@o_ftK+Ruxs9oWe_g(&{L>2)aDRUmunUHp_We=y$R0& zFPd1s(KO3S+WpbELuP$W>UJLA7hSA~n%KOCqscZZN!qupOSZi9JG}1O2XWM1W*DlD zk7p#K+@Jc?0zF(`E(V8BD{C&KBpo!6-mF7pNvAQ`PX}2Lc15*zV&!_HfTzyCSc!^<5rMpMYBcA^_tOuJlRP|sk!q3h~ zU-&j&Qm4Zue{q4^GB=#jy4N(GaY=M;NThe#zP~HZ26fu@%R4$BOr%jAx#jF_Md+@N zdw9sf8D!{0m{_(Bj7^h*lccBz{?URjgA}Xy34~@v=g3a+>STptoA~l?GSdaqKC+B*8r6m&GYH$k@l)oOgOJf{xWmk_xWGT3iO{EJRq@v5KNetL44#t`sTvBC zc|$r-+#t68DDCbPLa1&{E6ztxcG<ko`fkUTtDs*iEes>5}-Op+luv75X!2iWrR@ zr?cr0bnj7k5)Gkh{sAGsNn@^OISKbGgNq)XX>MAYBxwGIBpa zrBGf{IiFd^I>8pGR;c1Td2)Xlim(wEwFd`gPXx*=gPvg4EHM?y53q7U1j`@-e=Ab* zuSZhNU5+)xKe6SW{<~G4WW3b3>9X{lq4Ke$==rUy%IT7nLd@_Os+UgQZKFP z@NLp;ca;uZCPK%jc3f4MQC|j^ZG3d$q+9d`+z}pk;aA#+1Xaz3;+|nkhZKv#`bGgH z>0GN(qu*0nuW=4rv_hCv$DEUF9qumvw-m>|ZX?jnylez`*sJL0KSRhf3`=lgVI!N( zH{!AV{mCAA!)>IkUzON9(07-=8qkivGsoysDEmi#=Zpznfsy6A7|i-ZNZsGl)Dt{7 zffizGO)1;K)u<82r^@4wdcJILx9`p(Y!>Jthv)ImlDE5Iq)DE(levnRtp3?!!!mb`Mp^r5d{tv`bP8tisVFgDyhV$hw77>iI3<8y7l z$#5fSAw&&!j%xpf12Q(z#tGyqstaMX1}-!nXXX|27|tpQ(dWX()A*bFfS)i_rK_@PrV_K+QI1%!#WDM_U=V7alnJ=_)$)_Hn$ zygrg?dr=1>qK=UqxVlE=(!ePIlz47CFv!mbsp0*FQ*=;cgI(=%9Waa5e@mP9V0qy zBw_hEy|E20<-TSs{63vmriMUV=lhf@B>)?D`|4S$`57K(eMaV#RPrGz)_r*&S;He< zm)c9*cJOoBr@po}CP0dOUl)x8H6p6xX_+^*3U+TMM|hE$ZY3C^DGm6PW^rK8Uy?qKe@NsX88(Vy-IC31Mb5e!958p~!|PXT+#|$6Gk@7$>;-fmor|#TA^& zH~a$?8e93m8$`ZV3E9V2B=Ec_2CgYG_S?cO6rFcbt#?(4G173T=35;4gUgU^8qc_< zVDS77VLfAX>c`sSAAuixrO$|v*a}NuKj+phFG5&f?AQ8e3W7HRnbHZn)vY&HhYl1~B@iMSD zpS(2%64?;R-I;jFzvAW7XoFvcjhxc0f7DPoz$N!=|9BfB4Oy}Ko9PWuc#IS6V4U}c zYiJU@*a75w?xc9IPx8}xTaWX+xQ%R!y1`kWhN?QL-sC!|OQmZDpOQjSkI> z|BO)m%gT%p5207rZqhq-5P_LfT}Z8Xzl=`H&HpAGJtyvb^=%Cr6xsTd0psbl49fHj z&z{M3IWu^G9qRboXkS@aT>!!_((@fbqV+9?G&p-g&)WMi;t6BY{Oam9BGs=o_I<|2 z3+r^ySFUKcNGl86tIy|NAwnaq9Z`no5hJ1}wo{+c>7kV1)|oLxtQ$l)5I6_{(LQcf zrOnGw+ZkN=-;qRcyiYBp&`>!0PppH8oEbd0-^HX!XFoUy2MQga@<|^~2%agO{P}fy| zi-){-q|X+P(R&-~;Pcb)K=jR((YuFvVGOr^dmO9wD=Ur>6v-z<;K}RM*$)Xc zUhVzGN?Nim{X}T#OvF++)5~=6W8`F}dzLFtAjo@Lv^_4G_^4+ON#D}l%dndoahR|S z8<(o(Ua(4!KMN;gQA>DPd0k)@vCOLIdTib%wLOiTiBEjm^*gY09VA(L@p__Torzbl zsm#2KJaPY#DF6M2qbiA(qP{YTw#qd(U|qy)4?#0?7becCHHYSh)1^M~)Q(-ZCPF40 zKlTq&*G@Z4sEPdSh1*7BhfhX(>gOM1T9o~tYabtUATz}H7Dx~2zlt}TVp*k5#r~8RqGE{{@af9l74k9GGu(YwTbN6BQ3ro7ZOiFG8MSlJmxBD zDp;{HzFx-`#w{hBS)ChiW;ij*Y8GP_lk2(tVwmd~5oVj{1(|+uPV<~K z9JATg<@uGGUQ}|4qAbN$#XJ{0gW@GS0yf1nVc(i}c;b`6J%AksYNPIvK8If%iYtO( zQ1WXf?K|p4<#r;tHjA@C1tWs`xpZjcOsv$e&=sahbB=CUDh*$J}z4%l1O0AMLr>1R;2QRU3P+m zP`X&}4#1V_tLW*-AB&9Bz&cyoV{UmoBY02CrOXr!DVm#_x%h+jfe$=V?{#-_ z+t22bL&P2V_gKFq3?KfKM4%F&RTFI9X-6vcp`SJ$;%xB4lL$543lJa z=)w&Bz5bde60u06BwRcZzw#N~!R`sl*=P|a2TE#GAz6)bs?9=Njg&7L{}{2W!$dDo`rkE*i6v5&j>i(_ILmWUrghFH#sJd@0 zGgenSITb50OxIh+JB2FxZwe6`S)`39KyLEP5*yCoZIe4J1l(YmvloJ`3m(QWMF%R| zgK+_Y@YKc_y&O!cz!R=hG+kw}4!eZjMQk&KHQ zj0+I+czdGQm9XsEjUw5-m%XFddC4j`KdpoKLk5z7@4B}1;$cLZz?(RLMx#cC_FPKm zqT2I#gkw_?bNr0zf+>g6ml!?@hSR6EBe5R=fIA7@cg^IuBPt~9zb1`C6lTY+K;9iA zmk7uayLF^Kyv}t*+yqw)f|n24n1^z*GshKe%LY6$ES9ql%i-HB;g~LjH&_g)*9$(DQ(CDmL-DM?y#uu8jMTfH zYQ18XK9`&?o{;1v%3~!v+qnom`w82h$qXX;j>V8fJO#o%f+^hdEJbrh7>5+h?PIo} zAMk<-I~ieR@}}qcyh)e5(NbGU(Uu?4h;0JEO8m`H2)muzryH&%pn4Y`5tSoirDGcE zdaCO`Kxd;(>Ttcdv$D7%c?pJKdGplR@lKu2iK@DD+)U4-;}spAg~;$UCtX!$?e7jR z@!HXzmWduOHxOQqAthV3=0aqg6Sd?z9e4^WFA=ba)cSnPI-$0=%fW8HOa zs$Yi?gmrkt^&WUJ__Hy-WF6-w1zv_NMsIaFPy39HB#LF4b!P?;PHn_^7<(6t@S*;6 z^e3SIT`otnIQwu$tYtlf{>ot=-BRVTdvj^SY+|;L9ldbqf#+C2Ki!Wv#b(h)0zN-J zNGC(Zq&w0m>fo)XBC;@7`=!@VbI{;Wnl;~})9tV5rG8}=mwY*Syy2lwaH}n&?=9=+ z_;kt9ryfa@kxVV{`q9)-javHksjg8CQeTeOmyosUx4beWX;z(rcDHh?S4gBqSM)Vb z@d&rzy5!o94Z$xKHzHt$-wA!)8pF`(%u7rH8xy(7#qub#+)p}5mPbiA*}Ww2Ux8|W zTylRPIX#_5^>T0gXcaJk4gjxqPi!kL+LREP98Og-0~6w($fuW*2T5gkl7g)_t{UOf zQXvdQl7w@AimHM3{j@tx=?u!v{wFFEbD&4p= z^=KhG^^{7o2`#31aIN~SOr8s}aym0_ucxrd?}wzKfw>(RQauYV5%ijXR%A?SNpw3v zueO-D)57wsXms{RW8@et2OX`h{28{bBche0rP#H%a4kN5@76Z)Whux%=dn!mG?yU`vR*ZP zw|_Ln}*@1BQ_kwQA2j~56{^f9m>T~%r?XfGt{ z6Mj!Eq6IWquL+)PaC0bxHXIfV`>Dj8aU4TE(?J2DFH2iyNPMPRRw+3f4PJ``-b_p< z6Mu1#7gPEar)XiSfv7rF(S7o&V=*C=ztZLg?m7zb;j26|e4jT7zaCTHXF%BjYB>H4 zam(kS0-pA529=)3w8*Jc7SOhuH1TOsq~#?jSrL|!^yASjs)!jOv+982+*^T6V${_9 z`drkr()64_K8b!ykvm60)_B=eA-*@srR0q1L#j-Ml_}!G zK^<01xEz_0sA5MuiYPQZaPs*)wW0-`0K$>{aE0T~0!LWax<`RgqTiXjS}H4_!HLs&rm!&e!@q zGw|Wu=>1&ERo6DU#5ZGGmfY@AD$KWC9|S_x0!>FWIL|)JZ@M=0ddLI8Oqg=pzL*)I zSIJOids(%mt>^V~xgSboZqLS3s5r+3nXZ6VvXE@5vEPI5m3Y(5ps|;%(QTClGDbI6 z+_3{`55_*^-rWEJFqR79VZaOXd$5Kt>~X4@Mnb2Sqk=i1Ig4j)hT$AJX3zDPDX3>F zN`qowk3g}Hyw-nWr=SjU;YU~n)7?QU`?zcTDq~He5#+^7Y$;>Fo^ftcgWgOEF~G?1 z`(S@UL>N5=m>JLgXI4Ep$lJALJH7Dhs(L(`Mol>Nic2XHQzTc$P!EgO>L(<=TK)r= zyhQzTkieKfU`{(CKM$5A!o& z%@yb3cP63B+hq3obSgl(NR^qOJvvAbNa?E3LP2%#XmYEM_NAR)F z;k7$L^G%+`B7c0~ zaHc{$m7SDIF?H^?&K0a;7VftnJ@2tlohp5FI}WJkt_Rwcc&DRFH5vjY$ZJsmI@NQK z-2OJ7LB4%Wv#Hzkj`Jqc8=h+#KZJ|Os~O&y zx&Aq@0^E=0NqwWzbHH9YZxDmt21W*p%W^B{rPY@6Xp(@fMu}9RjuAdQ4(u?RhWsaz zg9$I7gcMiPR${wIv!u8mn3Om$ZhF-V_9%aB;DE^610+#@C2v^_70tRutJFDMg=gdu zJb29JJ(h5@wLdOnRtbx6V<1F2kWY$rBjQ|bB$exeb;k8m3;dH}SAj<^--SB@3o`>= z$~xOf&#^C4=6lj=R8M}SA?g|p4%>}mWj-Q5OoBG?X4QmG*lOlfSdxIJp>TdF?j5}8 z#IM>=6L<7a2MdPu#t~6ka~u#<>H_hfthVC*7eXc`7zoT&#{u7s6>0+uXyvf#Y{ZEpv+I4K|m%rI24bEdD zp*p)-T2Y?f&XT6+4W0kpyy5tBm`RRGA0CG0XB)LvBd>abmRZ}bI11l?jSiquM<_%9 zN)xdo7K$61S6URizwv`8#Sl7tUA*GYUEjR9n&b$t&Dz|dMpfGx$lJ|MD3Vq6k@dIq z*Dd;Zr$EBLixA0UU1VrC8t1}b>fQ#ezDHJQ6mpRElvdC*RV%|7oygC2cI(eaAA>6? z?hEHQlT!{}C6SCdm-VE^-9U-br-i!Kzig<~D;9eWQ75DG_!j<1UgI3I6&XYgVcXy# z2)&>X$uP8&`h;iW}HR$&H|@KtN@~8;mVHR z{0kXrvIH$?zn6niYu|~{dlWPT#GTOi=8L0zdQ?SCJ*NXbq4#(Gph18U`8d zoezmKM6*W$e*i5oekV?klv#6@dqQ2}Fu_do?%13KokopYt;%&fmku|9uz(v7)(x!d z16k1hD(S%G?+Q>3PzS`NQB5$#af>S+p-(xgCb<%YsiR|WTWYT*`iXD8ALaK%hP_sD zzm$dU0&Jw=r3SM$p4B2Lsb@2ofN_5KX6^$ zre-=#D~d%obs}b-N*q)Ri%zDyMZqKiEHx?JZsn>vWX@3BW~CDT{s=d<(aX5_mC~9aLJi)6Jv-v2R1vy?)pHq%PHhH9MS~htXTLDYREs} zFPCyYuZMC<>4tk_qazP56E6%dd^-Hsp3i7}vYK9|y?2%*qcE5AR*H!N<-y0DIq>b5 z+kiHGzr%LTFCe90xEyNpB7f{5+#Yp7b8zlD|6#aXl7{9&;)X?Lma(q4zAKef48h98 z|FZj{X?*r$RmtAx_xJCAdwu+LVM}{N1=#$ISHa8YLt{~*<$<-0^fZ|u^NYf{+i!Gz za?}qQ?d*g5)gV|d*mU2ni)GflI}((Xq$BTesg4$(>+1o#Il0CziP!U48?`@n_YmH8 zBPT>gcHtu{dSdfg*M(Ds&g*8-gKS>!2Gxs+&x|b`@6#pRAPf6j`LXfGlbl9m7gAS% z{u&M{MKMO7y=S@#OmGU8R&ir~%EU60z-xArGClTwVogl@EWk=qw4nPD*VMr`Q_B1t zA{dE~!h#}r+g8Ngo`fqK10a(!+ub4#Lq?XrJ9D&}S_3gvz@bIk86cir%mMcO&xlV} zJfcjk&axuSDK#=(+%)qR8?DeXES{GPbJb0e00ruuQcx4WRtk?i9XOt)!K00UMaKa* zVWp#SDs7v0^1pPVml2C<%;4#a`Ucnkz{MRGvH#MGJbO|sEs=wkUuStW?kuVv+0lci zn@2u~2@Wi(Z@QnokqdrMkqb|%BmXdqP5&^9Y={wV6s4Gc8h}E4RJ*%xGSX#ipiQDj zn<@I$M;!WtVrpqfu5PN(?>-fPDW;vA^(~*1KH+h@wzV^aE`IA;X}KDa+Wc043^I4d%4-vm zx4lqp(@T=37ddQ^$k4ivKJrwl%5G?D{o%RcdTbnUBQDgjSb^Plc}*2y$&_Gr%0e__ zAhE>%`;^Q8&N4+$6nnh$FI$}zEJ>$*7M!Zfx3Gh>Dlo2-WJ`bY@uDAkgK;C(AY9AF z*a~n*661*qg`>k-Xg0ZcwwZx<@Kg+MDdc&@!}@=WBjMc{9QKiv_H~_fA6W$uX1Q`@ zVul#GcqL>CLcPM6nMKpE_QoR&=5`q;!sE1XRl`Zqc8N!?K}1}uU*zo+x7Cf%x9J|( zK%Dpvo-JLQ9FNdV*#S!Xez z$u?mk{?w8~x2p+3o+-7>lwKYe*{oUa@fP{s%3c{687v^!=5DK>6!|XvV4q`ZLbj_q zuupaIF(+MA?qRbm8FKsxB~hR_#5n-U3Lj^l*fIo?v8t}})bCWheDkK1F6s5)*|D!Hi_;zTYx*|8|r6eHzq-csiw+5XbHMEJcr-lI}v%7S) z^L%}tULm!iZQ2?_Uq0CboIB{J@O7FtIR?;v--@3H;{fnQLAnT9jR`;n~( zV8h{Ou9Y|RrczzA?V@?0U=Pa`_sHfu@vmy=kxkC7d2OanP)^BiCeHBtyDE`muS#`p z#extg#q}jkCn#=y-2hY8*Vmf;H z@wLlx3bun?K&1^2;OGTXug7B&;D};6{i17iP>42Pm#p;6r?z61T3C>K7=>y`HuUAz|5fx`jGlh{pYC-WgD9MSV_@IC^=5EIzz*GyQgw99ijFmr;K z=dwIVBx24iTFyB!8jy6Vd9cOT-jVm(FNXR@U*u`B40-_!_=y$r(?~o*#;x0BUMkaC zb=Bvp)Shn=0iEXs;S~nBB2X4^M=1IhOq!So@qpATCs_llq9*VGU!+W&Ny`EubP^F& z_&<_#_D0RMn8)-(i^SAXr*O{&w*HrcFzB>n{Dc0jbTWwCS3SZTF}Y}o;(<-3#!F=7 zdcG#vniecKgba3aiK5U0cbD{nsx7h}&2JG}c4?`h1A$|1F5=Bnw0z}{#v|sVF&J7# zn)qz;A>b?J{iy}R-D^o z_&(p2s{geYNwXPr!f>ScPZvBoH_pGOhVgDS{&~*qk@h~^_{yfJ>G(?ZJa76s9OVZW zyn~<*Q@@cMp^{v#%MJ3>h1YemF2>R7J`$%X_g`)1IM1{yOiQ(E%f7WCrRyn?lfKg- zO4nn7gdmW=^&Tmk2pXn&oFVRUjN6gz%58%k6-}6x9j~1vE+zI)?6<~n#^qv04bm|n zEMo@hi+RPxp5{}2GH4E#O&&*DZz!@vj779z~0!8Ti@4R8(LHkSvjaNz2Y*sle)O_f@M^^S2 zPPyX8nOm-jsXv>@>8(HRvD=)5*Az^k2bC&&Tnl_%SZcicf=@Rq(E}2U`KS0YF zFprwL)<2#$7><&!D(wW-=C_Jiav(BpBHt{YqS4pA;h};2VnG4ruMCq6p>|W;0Ca=l zAH2on?WkG~E_@A?7P{C56v|n+O)cdPfMNn*a^^q&;vLXmG&>c0{HB97oyKOEu-@6# z_UW_NCCL&k+yWK7-$O2(Gvb@^o}K40*x|^HTD)&pEV+O1DSxyv{Eh*t5tbk`LWd%9 z+;~>-G2uan4RTlI&QbMqq845uemT_?PG`8_mnBU;T}jaI61IhuIcax#S2%p-{Lc&& za?+;~x6FK6%)}(Ag=C`aMzsF`jF~D8JHqfa;3!tZM9HQVO%v<_s88MHfInL6qJMf+ zHC49guw{tZ%Ci?x&Ql4pX{ZU+!((LQ5UnIMPZ2=e-JdKm4NO6zfZx-ey=#BU zhjRi2#@=kgN`@WP1y?(D-9%jI@b!^xn6Y0srVWc!NT_>k& z(Y>B71P(oZp5VsOutam8opB$)h~VV6X*5y7smjn9DTexemtWDWMQP(oX6=)C_uw(Y zF8i^IvHNNfQ~_R{!(9Pq_-w~HW&(d9m|&?Lr(DgZ8z*_Y_W%I)jxBrX03jSpx6fME zg}Lvw9$Rn#!%O=1EFm1Wbe*uzn}z5YF+-z#8Xd;Cn91>D)e(6kV6yY-8F?dUk|5MT zn9z4}hU`RaWb_-_$xxmmnHIRb`kD?;?qRqJO947y-38Cd)(QND2k-jkIMLY7P1i>l za|H?g_7YZ?EbK40^-sF+NF(20>@l--%&sFB_bI$RP?by*OgZ8OyQeI21EXNh9{!U0 zhAbMZ7>@+T*!}t52iE^F7~TFg7#Hp&e=$+~$6ypX^ixMUv5xA^F<&T0`^R8JBmo+X zHW+yzp2SvuKyC(TFq-{iFk)MkbflY`(S`qZS^~w}mr|Ds)chL0Q|2Ds5q>iBoRJR} zj>`-``fh=$d&-)$>TXGRz&iLsp5>k_>Xwb`SC+KOR|iGn!_5hyT~5|PiC!K) zcV3A#|9Bqa;&QZ+jK0e&ING5Z^U9TT5-xSZF46Z{i(Q}RVe5(ZU6<}`g$0>rOouVf zlX!|HNoM|B4}ANUd#}aB(HGpAZoUWnk10eo&|t&?30K|Bg#XuIRK^7wj9ME<bm6z_>cH zQ#6s!BWu*w&`0%RMn@xv`{Yn`B#i0+cbxFEf{Glo48@YkDw8Sx_9Y#=={YjaKgn@` z`d8leq9EqxdK8?YZ1IWHns9eUZcLJz@c^b&f)h00?=U9POi^Jh%xP;FKc27zfkg{R z0vU^je`4$*S%sANbvc#{JE{g1kCp_GVC=*H^)JEL?fpAaShYPLs0XR(2ZG^#;7xO3 zT1%e*(**u&E~ZfcCB_WK|ALD^hY`_8`h<|T3CJ`8N2S*a;HfK56X}yLruc`!1aIcS zf8fUdoNF5VAKOTbsX2;YlEkP1wd!j(Ks|Z-qHR&!J5s)Y=|VdrbE&m=JiBN-QmQ0w z)%_#GfZvG-kk6VVEr`P}Te;cwS5pE}R;iE~odnGRuFfrsf>CzF+31Z#;Ng?}Z!DG) zNVZO831Gs(G#^3NubkV6mLgZ5<26TG3sSHwoP4b0)%!BYvQ{Xqie`4~7?!=sm}c|_ zEReh)HvZpo@jIBMFviety~E|Eecd(P(`bl{AFuia8verpeoI8S8G?durNwN=_98>5 z3??G+kzj8jD+aQZo(J=L^Hu*CjMNW?cWBL`3KEVijaf5<;w|&snyuWZ^Y;ineQZ`i zd$K#IhiR`AXQX~Qz6lf+lnu$SijgvzQx-*2;xlApDpIGF_4@R=nRG+~lZ&us8ode7 zGA_1Q-nLa`$~E=_4nTy_NO2aT%?Za<+Yoixb+rOgc$h!f(#Jx_kb>S{UnZ#h7rhMJ zw$TVpfzt1=7DxT1b%bWefX0kpS8&G|`MFna;n8K-q;>Ii9Dnc9O;^DVdKre1b13Dd zN`#f-aEHP*fCytbrb41q=CuB#J-wpnb2@GJno6$F$6E5&9v9OZWi)i~sH8HBRU?(r zi(tk#Bl=?m7apG*H?o@lM^#4tt^crrjbBqdXpw>S-v~?&}1HHm;p=@ z`B^f)xB}OHym5j^OP$>y%G2?UhLBix*a(9x%L#nWoyZP$Ai@a0EOTa!5JNA^%#*X1 zQy;&!&$|Ffi)UvUGi7mW#f@2MY73zeS zUDXDE^p`gbpQ5)JPdfq(|7IM?^oth0<^2;>i&g$YCO=arcdc*~k16=hrofNnYewRR zaM5fs1;k#oW^#T1H5lFdAzXn5V>Z{x^xi)PqiyhdUFIXY0|>-B`(Ol|cm=7=vThyQ zK9;4~wkg4Sh?)Er=?@z9jLdUa6G>QANpl3X4{!?iIEBlxW0HIuSI1?hUVPV8=HI-# zH;?$sX;8>`@i#`7*A?OqG`}QjehI`B14!++Vm1k`ik#^-+Dg4G=xKNhs&enFV;n_x z<^pUf*JaA~RL2lGNmvN{F$1&|M92Om7#q%TXgS=x?5}wSM3Qo|Bl!O%7`y%@82|i- zVBFU+&mm5klpP!@ny5E@tB3aQ>50*0U?Z+aa{}rf?Tmr#YpK^!!ve!Scw}yh+UGH#QS8s2Ri;vwA^g}dD3c%q;iXC4qw(3s|x2w!HO|T#fQ9)*j;VOE?>twNozFX;GQf;IPob_&zF#Q=ddJIR4jj3n2 zhDEON+~FS{rGr_L(h?MhZpA;8mWE^{tHy&xR+Y^0=Bb(k-Y(m-t(vv%yJ45Ix@uAi zx4@_7#dK1y!%9`rp4H6xu#h(~! z0XBFM7jkCU6)EMDpDK0seRl)cbk8eliPC1MKPzGAo}#AzA??XN}_x%k~#gp$sagW8ep)5ZTK81VHWC#%3qe#!GBuWciD4pCXe9->Y zJT7DOdwve!#%oq0+shSX+Ja8{@9Gq=n#b3O_}E@7*fHMgE{ag<>t%f{YSQQZdT}0x z#WCrqHkZhQ75-%@!7QBRlD2YEX^kX>S)|DVM%kptzCmz+UTR=yp~-lvj*I`Lof&@* zpCQe=H}(iZbN*lg|FJQ80MI!sGLow0HN+JA!}&*H#7uPZyfhsl{UxTi-#K?j-FV@s zSe^tXiB4F$8t8!J2HVPepnd2e^+NoGEuJS~@lRLdrSf`B`lfIY1_{OF*#1?dNUGmb z{q%H`GQR|9Z|$ha8Xagdusok_D%t%`rizWPkEwu+*pdxhvhqgv-^avZsur-=|HIZj z2S*lmeWQ+T+qUgYY}>ZYiEZ1qZQJI=p4iEkdEVzeU!6MVpS$nfwR=}})vm7YzJ6;h z?7_X&sw4yh^6;v;a4Q4KyB=N00il8CI7Vv8ySPX(m#d%pSJcf@C}mf0Lu%0x;!4d| zn`{#|8p`#Wb%w5$8sR~v zH@`!C8N7^#JW0VLJnJvR=#mLE>;R{u%fg?q46qVIQm}R^VZS=Ldn$=vrn77h7FE^L zQ6Ec7m0)84)LQMP*ALQHhRGtlrR^o|U{>s(P(NaYtp+fbetLte_WkP(p06V-`*Y9A zx%>S~n=L9S-aqs{{Z+cj2ffWwi|#n1IJy~svod6|1i&`qc&CoE> z_TukF^RKbPkS7^wA$*W(G|UFIUIdmlERO+qJ|5%J-!8~x>WC@xsOos&B!BG=0k`095sGhrbJFO zjJ2!sS52b1h6!5oNLYxFuc&Yie(@vg$Q%B|9W;53dlt6Y$(lSOsLw#57#^H>Ynj>1 zv7fX|yO;S}XdPuZ_5ImM*$XTyKUfUVI+BLEnbT}9OcN?I-{HS~-oM_C`P@-)5rENI zj;Xi^I_b?{sJH|?>3$wM#slsHMD;|#tw%wldn4f5xX~Znd{H%eV%kFNnuS(RXg6z$ z5TZ&rJXyw6dcML_Y;w^c2CrN$&%m>E=?O^DMQbUz(imu=WK5eN-gWq(v zG`dkp2UbS-{?*T6g9}z7qgHRsI28#28nqu%d-piKt$grdFNlKAdYpUrTR;McGO)gD zU0fY$AjypAQwokV*gE5Z8#!5gVt01ap6zPPXY0@N_4)9tEorB}3xpffOB|pyHtIrAEasvY@7%rJY+p^p^vqw!v&3?= zZ(o@^({^x0z+f}73u9LHPhiiLHVx6$n=T#Iw)LMlepzH9J{9} zRjZ2Diy#dc_7JV_=|OOMl2<_7@(bw-b=KBPXuTbkC+034+v<2?u5X)Xkm4+`ct99c zPh5r=KSwH|0e`(}LU!jkLS13}f>G=_Rs`v2exP}%Q3_Eig)P`+sqq7Zd#d+ux&c#b zJ>9J|8`b?!59v>RaY-*`>^rwZr|?o;Q>sxS-BWz-7@$HQ8=D+8f~_2LnLK`md~Uwv z8KX8Hx?&Tzd&Mf}7CDrHSq$|=<{T__cpCX{jL|Z&&zuK}sF!(3^U(h%`B1d2eoPKpzdg7P7SVZl zF=DG#7z>&HyA&GI`MQpfKe$zdFuNr}Qx<(sF1kdZpL_{9!AR7o!eL(%#>z%I8<5c; zw6rCpfR3Iw;FUGx)n`5GCamA-D$LZhKFZpk(H_Gn!bDO*x`<*u%P(p~hC3=nSgx5f zl<5XazTYuwrEr{S?2x70w)(jm`L-=aD2X^!x37~=!nMn%H+!=b{-sf;8`z|B2PYt> zI9FTqw@4Zc6N+0^pCSymTUFVnPYogRTDA&L0;yiv^k|Ip7$)S%XzkVj5($!_V+94_ zMgHNLYz$?XI2i@nmwE(^liTOm3ovnN)!2|}F)@>(quRV={vB?mw(0{w1{)^id~u&F z!(w4sV-(8Y1(Xewa8Az9t!5?1!Idf=($#xxh3x`{gM#oDW-L8&Z&_WV4uYaEdkeQR zWE1czU`wT|J^wlqb|xRtxC|Ju&@;NaTN#7pFk1fAvosa#d~198lic(mB?Q&%Vhu?$ z=y<6W+Uxn0FfddBQK>cqFhvLr!Hc#vsE(hgLm8<=V^ncattyR*reMqbqo9RyIw@#> zk*@B4gANwY1efM4CBHILD+*|}R!d1(Bz~oz!$C?mv)A8GZv(vH7GV|DUQwWoB&eQA zpHgi-Xz&=G=|PWg3iZO8O6M`WrmFyB_;NI5we=F>ueVa_`4hWpKH)B;(fj6;vbchA^Or(k z&dkwsOs&;Ad5pX7>@PnG8(J* zVl>FHcZE5jbMH{v?WSQ!pF5|lH@d-aRx#s+U&e^#R0!i?Zjr{q^lx$)BAzA)gK@YF zW;c%YY&QaR0(CcsxXnQc*}Pf7o)?JZXr6N$iqSIFRieFi%g=<_YV{gTyjoaD4GD{k zUsEak(!#iP2=!55-;H8pXaN&WSb>p>6#Tzhj!=0PZjt6*l1X~rW6+^BT&~Hig<7(r z&LAuQyy8Eqk*psUULR~J6|o-m!t^8|afB3E`j5%CmHsjLhP!Jl0-b~)>5AyBLxQUz z#IIe7!HrNTnc8CU@b5|ZNWsguq0TENLd7Hx{UAc_1^*6-l)!(O@ZP_lJ8>vB|= zqpWud-&G}B$Qq!q21``@~kdhc>+hkQXbW`>N;L*~u_2J>b&3 zR)gt&ZD`)nAmdGZex~wC4}G+Bc3-;cOlE<5z}2k}E1XbhZR5FiaA>JiMcZxyp#xys z$aHby7k`!=WIto^50oeA+%vd=g4nFB?3FaGu1l)`oMN|MnRu~AuHHz}#Sk4s>6nEwQ4Yt$|E2aK-2YHJ zN}t{h0P6$1W=)|6V0R7w)GZ2o zPok-mIOA(H?eqJHBopHP%TB!E6{Erb7@JJehlFv@U^=mRHr@lHRy>ItluLIVj@z#M zKxE0+RB@n>O9V~!(V)yyqiTer6bf4Q`{U_jlilv*5LV_bZ-6%`4hNd(&yL=rmna3L z(^o7~eZ<&(#VGoW)xzQ#LeB)itp5NYaU50s96&~VFyg&VvSloL7bE{;BSl1)*)$0; zwXYqlD_THF&E^h8lN7ps$@P&u=c4Je3RdV?a;~2N3zCZ@8fn@&^fN zakoAD16u8Y=S!`hyOZ$Fw>>m#{M7VM#^wbVVo~QF6F<@>x>#)=mFGlTFyAyKGghN| zOHh#4i!=25v0rzQB{?KhO*Sn118~sf_wK#Oadmd_j#wp(DkpO7)K5)-!LksLAVMul zMBLNe@BR+cc=zN-|AN~)OW!LxB`=B~a0?l_+O38ldKQ1g%4;ELFj(CGIy+hH;jDeL zFYY-_OyEd(GextGu87hRxzkTy9@AsZIMC672bXyRsp>#PxM{JN4t@P>f>hnt*E%Da zSZ$`o=6K`X12Xu`QtU93$5b|D@{40gCbhPOM>06*!Eyjt!0q2wcw5P%+v0^0H>|1# zp$psre}0U;BXe0QlLd<63lQa$t6goi%oWV);y6@03K{G6!J4BAhWz+M?oe zA2glx(kn&L91)`6)L4ncT95zHr-PYBhM&8SizSN?z-(tbM#BW_#Nf8BHt6KiFKJVZ zna=)!_o2JNI&#uNN`6i2XlfVrM=r84Q{rol2y}NHCdS}^E-C~MW*T8%pvgTH4`z`a z>3DXfLz%qk|2@byPA9S}8Ox-+8?j;$*;y0(wER%|IphB4X-&PKg%3V=1I6PYhw{!e zqU(Ro%{Ker-Cr)1T8B3T+=1W}kYI-aI#soQdh*CY_Ry`9x-6!5mWd z=8cwojg};4?;TuquD;*CWd}wz1sHxP2bPK-v@re5P5Sj^VrxCl#F9b&O^xv0ody4l z9d}*Ads@GQkMXhgioo^EZhh4E!A%T|2%&=BUSuf5intWRU^WsB%7eAdc1`}u7BH81 zIV?c4o%18ZswP7-OxxdEOG2vdoLS8q9pl8TI}i*D!$Z%pyBne1G?o`h+KG8#P9xe+N+yfhDq9=_D-*ULw?C?yhulQ90}l=2#qqL@^>4e&(cko z7R>&KH*J!K`#p5`rpCV8!0Ta2)8nX2B4sVuho8${tk^%o?!md5WxAe%A#s`WPuLY7 zeuO<_X`oFx*NVoX1PGib1RhKEdj=vg-nn8UG3iK1t9{8E63DVx9Acv6Gz4O*0*<^Q zjkHdE6s+CRsk@>FGQ&M@R*|vUX;Ym|U8?f9GhrUZa1g3uReu%6xg-BPrg+Uc=D9Ap zD7hLyKh({ttj<_DHKG3#8_f|tsxFJJLH;gE8R4yys))*w)33rZ;2n!a zyG6f9+Dw29;xIy($xnxV7qO+3=HBVC8^y$00j@Eyr`H>{v|`9<(2=$k0cCw+4>M)| z_%Lu?iMw-5T-&53Eho{w*tm?y~8hHARLGf0YRUzR=L#Jif(iS~;n)r$pF=LOWf*(Ix(X!Gn~F#5=$s*d8l@Q3Qr=$;F-_ zdGApy(jbSZWN2j{m#=|zY~$u3reVme^aOVsHAZ#(2>YsT)_GRF7n*eE`g9HJRrKDW zDgYM&rcNCUJ^U7F{LD%jFG_WWM0_-)Xa^eRORG66=3>7Y6S_GXKYH8+wiBSw$$gp> zW>>hT6C=8s6P&e>NGJ=aVe#!8__k0Reev7k|TZKNp0!+INhoTJ^b zkuN#RwtevcnMEGGmH=nR$&6V2A5R^+xlF})GnrO>r+u*!veiLv+mcJxCFnq zp@R()5xkRY#zyTRLlNxE7Lm*&A*-kjASDeAnM+8pT%wQhgn#Y14^NptJ zRf^~600ZmDN25&gjCSuFP*zrUcyGXgFTh<95avv$JmxuonJ=`(QF{EKFXSzFh{xeG zVtuCVu}6crS@VBOG}ozdH4`otl_SF9?Y8u=6rsX8uajQlkzBaC{WEsw@h-uReqIe6D8BYi7p)#vEdoWCuU=aNMjOuC>)Pb>UQ z`4=C#*VnbAk=puGLHJ_VP*aBUOF4YiBCBY6Hc>#;+Ez6mhkq9>=KxFV^)~jCKDw1N z<|aP3$~YBq|gw)vOCmY59x%)0Z-Y#^x=dOz^T}S5`xIA>W~()ii(3kHc@TDZxfEcW~FYya<6 zzWyP*mm;lE16&p0ZlsEK(q!?xyvU7-P0w1xFST~N9`24 zMo?9kAq82X4(C(8h6XrabJ3WWeRnpnyW?{1{37I$sYCFOWJ^8{zkoSWu%fY&X$JZ- z`I~B#APj=2sR{`2D3Guc&(OnWu!=1d5k5>8*!n37(gu6*PQfH9uADZNOhVM)BYfdt zmi)_vMPGR>p&H6@#ij8*ifyzIwKK~~Zv79kH@G#O-%HD@af6_5PNSx92g|kDZSZ^G zW99)B@o0#Y^C`y}Ufy}jV!Mb&P-)24TJSFfaEG}z)j>MC+C9-or6J~9TmeFEQ%#`7be8UkwOK2A!ujgLRCwX z0(YI>_MiN!@gd*hUUk_n-v5uXgAzlJuP4xW$TDC2KHt=fBNkG~Q=JGaA##gBWe??i z9hViFWRg4mud*jp^=*>Q=YK6ve&4ccSWibogh9bWAbLW2Y|Ag)I8K!iA;cVk7mT6SWjc`4U;(`g5k?a#y&9 zqZd##epT=Wd7HU1&XqT{3KM75-yixH*l}NFgrVs!9jjig4PjVa>Deu8_Ogb zOM54(-LT|mTyK1X8jN`qcVP&9?c_&|h9w~~HSs8Fu`43=PL(H@D{(Nht`5-BN<;a( zX>46B!Cv@rPfVQ1>6kW*+2zTcrEudE1=3du z+ayBjjT5o_ZXz6~Peaa@V3ScbJ6i-6UMkO%h;eN<2oKzF)?leq}3uQcqh7Fb#+ z3YL~2kbLkg0fEr~JZn;1&#ZH;HH+`yEymn8)Yczp$374dEn11^vaZd*-oXfAvS)&? z8Dy@wModHPl9co9Vj=}igo+qE!#5D2XPOYk)CpPwjfKk`u?NlZl<~|2>GA=I4p*=@vSsu3aT$nogUY{d%UzO3T9Ez&7UbxoTBF0tl_e_BtWu`>U zp|S@ai-?6z$R2#PASyZh1jJ?|vCx7fcLgvpphx;$MA81#;sajAyFtZP(0`Oy+z=#YOAU@;_V-ZDr zXh7193iur^WySus{U@(6IuwK5CY26nN9O4&#%QOE=sAjKG=&_>P(cr;tIKu64lhz4 z&&2554i6fN%bD?4AYgu>$K=D}o>oiAGt3`j4^b04vfo!~aoAa?D4iy+ys1Rs{L8$_ zIF1o{D1?*I-fuUvemuQk-vS()uukxoQ&OOe5Zugv`Bdn)=G3{-mZNv8p#E~P<1>fI zluK>o%KV1+l5SAEeHWhnt{YO?j>r|*t0&y9^_bncqHFUi*!YjM2jkUvZdhpZDWI~& zYJN zVi)qIPKZXWe}#=nko~I98`tsDNisK@6zJFKDBw|Z;af1FzAOE<92+|4cE$!RB~)GM z1aSb}c~KB~Rz)L_;hBP z@)F&NT)F~^H*}AeT%n<5wpVe6?=`ZE@FF9XTh|kzJJjmX*RTqjp2~3bBCd1KNvx3S zvmb$(%xJ4#7iPPd1)$8cZZ@hlI}%E;t1~|1j(4K%OZO#JeE;4+K}DrQR@-s^uzQ>k z`poS5`B$jNKyp!rF+lf`o6cAhx?y4n$l&X)I1X}9!PS98r+3DQphl8}c5BCGSnGMV zC@*9e3>yl(_Wy(-0G_%+pGwg zE*?-49^ZIK7ZV!2M9Z}8Y0I}%Ay@bI*MVA@S6BEY$yy2Wgp9Go2eNfCV97DH6DUnx zZGTOqMsK%ZC$8gK8?3EctK21JdqA%q%|b$1X^@xt3_SXZK|@&oUNQA>=pDqW6kT`7 zG}wHVAXH;H`TpfeuH5(&s{7_s3#YiG>eG1{Ag10f7}#DfY)~WTh#{e7%3)z>VjepT z_O%JW&v#ERYZiWs)o$6zjX0oucrZw1S~ zzeG{eNo19}4s#z96bh~xts_z=D->CW2&V&LuU6-#&qE*JWJ4eytFA*Xn+9D-#B#Q} zkI|;)I6b-1bDO*Yyf8;Lox*RR5a>1_L><4xo7h$<3U?i4vo(gvW2K%Oip` z)M%W(X0Iq5?c08!OGT4~IzdkZQ9EQ}cWlh|0EH;9KB0qQL4SqeS*>{%C|xdaI1;Bc z4%Fqvhk9t&AM(Y6X?cMgLP5opQ9nmODa#LT4{#S^ldcgupn=If*X!t49zskb`qVHq zIGCHde9X}cnB>++fr^G&b8Gz>sVR+e%NMcb7FaO;ZL~&do%EfGk|f1Se!^y4cc1C& zWd(lM$=2=I9GETZG{6AXtJS5^V%wy2SBD1G?tV1r?mF5sD~nBDOP_JSZt`{6=bjlYqHlp2`vz>+o^*oty(5wVc> zeQ4Q6muu3&hd=}<%oR(2^=+&Y(vE|uhSfZ5#CnjVy9}^(k!8jVC49@l-zT%WEWB%$DPJIbXM(>l7m)HL zF)(Z@t2i%g2LPRi7l%#0Zn$~uZ(;!pYe@6Q5m83 z5>CnE1!sR1ZV#HXKimo(N>EO_a}5vASZhFxjJD3r&AMGK$-|2v&j<4GCJkfE=xxo7 zVs}tBTvrxj_L)p>t@M#X?N%}GT;}9+>Wd1^nUn9cTLbr_-UPSgps+h|AW2OyXGYhN z!XrEZe+u@Czt3Ms+RHd)ZlqZm@CVMh6HFOPu2BtOaCdPh+M3?TNHOV5q%6MvHL3IH znzsTNx3<;C?hx6Mg&wchC&;5EAon|DyY9{>*@T#`!G!fv%H*gHt2NR6&|u0Kkb`BA zJEmN%{=Mq&7gx}(O@J???iB;1^Nb5hqFyr!e&8Saug~l>@b9mo>yW-nr2JSY6yr4GRO3#VfL)NVTm5JZv`h*FZ z`dY~GpFB+V8Y4*1vLNgpdS~r6Q$Ym#^`!np8UkClBr z_A}iUU{Y7=N_L04BGH9j*`dpaJ;04s$JS$bn97deT}&ds>~#cgBE%<=U% zaMOMTvg+$rsQu^4owSa>DQaVaogD<*Q@jAU+*ut*oHJG)m#BT=WYL{kM^|p7QvyTz zCnI1P5Jw2G_J07JR|Ep{TBC^{QeT_D2F{e>C-c4nBvy^u%o&Yh8-$sFu{mg9Zi#J1=9 zAzre_93VX@9!m*d1ISUL3>>Ay19_WY4Vm1!A7dnXBceCGBSh15v4d0L^oR;*925Sv zjHaJAYflV9Ml_dZf+yT9-I#5OVAq8;9zHC$o{n$6x~&U`54c(52`~>j1?eFnPsWqH2w)~c>sjH@$T9XmF_IQ#)@^5tG6&GL^rLUtC z>hriXcI$Y2rp+^Md7jYTT%UPE^Xe^1I`e;i71+n|z6fw`nW~fBGORMvnh(4~eKZ|A z7-V+tw=$D9+b?5B=3#4BmrLvL?E()vYb8kjMzwh8=sgtGM%;(>`A8viGsG;z?#%Qs z*IU!U8E@K3NHVdJv2~LcG_*TCU_HDV5pwRT)Lp|(P}9ma!b}9HcKASXqetY7hw1a` zLx5qe1e-<*Y--_bQIpQF!Q<~e_WE3eIja4m!~jVaHCSrcavVlF@bo)>@TN3qHZbo2 zR%EXO*x0i)bwY$=JZLen6KA~_S?kM_fm!Iu!OC!R z?aJ`V#plBX6G0`9U?0D3G`PqIKCL}3L5Xzyg%X9*Dzgaj15d6K%K*v*OE43x3r{eU z%#;z73D&lGgmx~`Dt{!mKGO4B?k>h?&QQ0+7WTROznhFP+^Y~<=I0WJo+rj7V~>;& zrceQAdE0g@5T+5@yWEc1d3xs=fH9m@%#6)?Q+YT5Due4}^`)lHuJEvdM}!&D`HTYS zaEZ1~9s7{+Q{J61QD-^~YPF)dTofi0D?r@+@$(_3f4zrMwyF*lI|&|kV*Fm23*x`6 zOTQbd&E8Y>Od|ws)^Xe3z&zgE)WKKpg*I?kE5Dt=jvO8|3g5H8pWmOP5bXQ(iv#MO2D~>cYYzG5o%&SE1VgfcRF5# zv4c;YDM)3U{Sov_9^c#g|GbPQ6yo!xS?hths` zF6=};)kF~nBJU)u^MrB9m>*0>N=!{T0dzq-?=`_(h|L1|a#IUOmTL%#OTn~^RCt9w zq>8M`@Y#o<+|Sw}3D;b5O9OHe&a<&>AldElc_MLYJv0s7v#Xb0`copv{nHQNY(q7h zQHaeTR@)_I+I(6@kP-`y^r)FOd4)i+oQk%n_te`+74^y@r$bo9X2(=Oese)=Po(h5PJFyWD}=s_ z5tkwS6^4Kbdef>F-RWfU(PYX1ybg>JWR*t0NZ}EFI(6od75MHgl;S6{omUerLW`#4 zqH+vtb6GWOQ-01$KF&%Q7c=6?=|szPJ|dIa?U}Xw>gYgRDXr1%JWHcxcD0{x4KDh~ z##TmTBvPG1*4vGULp6L5At<)sPv$XHtLrPXyI`4%z-m)y>j$D@!NxYs>l$OCz}|u`S@!eZWk0(wug~2xKmL#Br(yc)m|Q#e6o+A?_|lNz13z{idR8T4TFG*8 z$<_!S2G`QD6ovAUzfMv`*k7}Mx1VcxQmLt2XbN4~fuTK-5fmyhY$+0~9^99x)v{ftHI3ZxXsyeQ|SqrmR$d>nk#szQz` z*H)iiS`U~4-}n&k6AB{@v#?LQph{qwC!NOX&h%2xtkj%L$W9Ph-;ttgMO$Dv?Dk_% z_LzWivLC*54y1Fs%Vy}T;(i{lOIBpO>wC=jFr2Y2V9q+Bzm-xoz3iU6kEV*$X}+!s z(5XFiNoPDt9<+`Ac9fXdGBfcAaaA=LYT$ZJtJqGXIfT;*=J&8|6{cP{sp#QV+0Ci2 zlUr`p8ul+e-~7B0)6faArc-*ndYehBu=6urZjJsxCVk3chuTwrr_%&>Gr^;UfLfl6 zsm_GV82AwyWrYw#3hdBZ!c`vP*>$6Y8yf7BucfB8l>*HFvNS$!jg^@n*3RP7kr04KKB1(b**uROxta4xfoA zNEgXQ7n{$rY6=Oeyk+2F+Ai~F^HSDu&%`qJ|M!B9^f2h zO8o>M82h+R+Tf4;CFkLvraL6li8~zgI@DY-;?M>AG7LK_DUzp)Z}+g{Y8B_&uN(M#$DnzdY^R7`urdK1-36eW?B4?D3iKGO2pto6;5wuU zXqQZ@(mSn%g_-(eE%EqKMe2%{zO&Z+x7YA6k?@TeFfBXtL>2tUpHDYvHkv=t?8=ye zQmcM>NE6Eac3APhx@V4lg|2_Vj9%;tLzzpE`4g68pD$-$V$(5i^@sqofh%|1GKC#s zRyU#Jt)A8lt2&jRHWQl16h)xoXP8{!J(0d-%T^NT`wkXK39waZ9O>aj7;TbVO)#}O zkZ<<`=4*a+Fb6TBk1G1mi>#;fZKoYIIz50aMwK<#`|iRF`pM%rP$58oX{gE-y-x(M z6$uqNITEu)ZADhG(CBMn+!?34`%8RPYuCXD%h7DHi$lVfY_ih74Z&f=ULfI!9i!Ia z0c16a_Y!_{lh?}gAi&32+0Yr})$roOJs7=Be9T;*fz+gsPs+~1FVT9g^1$wS|# zOv}tUMy^A$y|nXb1*1SJ@g4`lM^G+8YfGw3l@{-3bros}F`InG`ybSK0YJ8EySmzJ z(g*3bVua?~zB71X>AA(ul&>?wg#oD*#nBj0P9mquC~BE>+)NNxZFt4&K{L`M=pIuV z!+Q>IU8n%zZqSgkvZu`#6(ekSh?b}Qg2mQ8sP?fK>Yy z;lq6{6Y45#Eqkqw<-BPXxwu+ey_rM1TJ3vd>eTP`k*`{0S&`M{LQ4D#%rJdyh4*XA z0K0@T==-ne3t*L8D;`#>sn5mYw%JF9i+7_Jx*t?a!GDZ1%!kKX3jFpCwkx3iDt4vm zrc{IVDCs(Q2Nu`j8qrOrkC4R?x=2Wg$RZ~q8e7n8)K(c_P9m{cjOPx!%{YVxihx(F zJkd^Y=D0%B4y9{eyO%m6gr=_lHi1G${eirOebMXJh&-cHAX}|(0;6zX8sn~QWHw`_ z8vl6OB%bRoR%1JQh7p+Q=j|v?6ZJb4>R9LC$5q$DsScRv^vaZhu48#q=fGaa#k_Dv z)d>m;vsHPGJ?d61`Ek}gY_b-y^|MnR*x*z!c0r;tLq7n_*d~Jka81zu!(jfvQU zjY>i1)r-s({^swM8x0MrNXc{00glz5RBgQ@A;q8?QM2j<6MLtS_|@a>7FAvK`-zBI zEq0IQg(TIqdAeJtjiF92$9e?>8mXJ~F-;}mXC=k7ZM(r5J$FG#lvG)MjaFn3ThJZT zrD7CLUo73xaTqa%qb26s!^e`J7yjOY=bi@@-V#Rs1-bX|IE;kJC|Af{FawIaP+!1d zV+qFmaydADLoXk)u>E9<416`uES{3ET`M8-P)z{mr9@foCx@B* zz)q;w0Nw?^p6v~7+EeRJh%KNpMEz9N@YbgM>KB{)#A0XaC?fSqHhDOO6K|TE_oC&F zOHXEX2h@5}+S3W!qrVsZUTYA1_h5tH=oDCo#RE?qOw#=n86c@u$`;~n+$z&M$^qxF zyDVdlQq;+Rw%1>5!|rUkyY^9LN=e}f`WZ};r5HxPUA%@Oo7i7tdAJm@M%;}+rfb~mKL=xm>ga&M+*KGdE>J*#0)jK{6v2z#ghZPSmq3$aa z1YXpep}@3=DTO3vx2-pElsMJ%cJ6Q`0B2eH=^uD+4nb%`Rs_cxKsG z5Mo26)!M*uVs*Q>Q+x1dbYKwR!h1T@XkB(^Ernm`;R;qL;13a(cyZVtaP|z#7Me!v zl3T7j9NRhASw!Jx%uBC$g`Rek%z-h9?I;hDmDJ)b%%|EJU-%?(53`NgxUOacN_ut& z{T=?_=FPMiy0dM*Yk&$?3Z|4AbB8hJ5CbPjL$v~o0b2BIyMHsx*i;M$&94hU=f9{F zT^$ucpEm8l_FAt%?b7stL*`xo4s31Ttc^rn3!H<8%Nf!s4}XsXsL|OX+6I@Tr@|-w z)Ilvr0rhw9XUCXznIY%v=d>ebB2SpvYDo;*C6FGAwL5Zo!IqJw-a%+ET7RcXkr@z-BV$RkX^ZUu5sMT$UT>h_Fo zOZB$Fiihp+&3LSAjmZ+1LuehN0V25R^){(qO*huMA(;9MXz?2eq{$s2(+)Cc8g-jYw(?~j!|0b~pjvqlpbV>N>0VZ5d zqu;pWrQ&+svB$_dZp>j`6g$*yt=iezQWqup9*u12qD|JU%v}t#fSkN05c-LrIP~_3 zt@Eg{LAhO`Do>KIuuHXvb>J zVawbnO)Sv`w!i6s%k?;HhYl#g3fNYzQ4}IW(A>4lO`vG+jAsaOf{iC1L+VO?f@3is zT&fBkL!qPP7wZE5o%KbMHE_>gpjl;h>s<01=p{L(bWwP1Id{zx~?@n6NKz%8;Z{H!wIlyvgo`qmqvZidsQIN^M58T&H4i&H)SvSeT;Nww0hLnQ~#>c^|DmyFvof62irRA>@$`lE-vJ>x;P{7VGAgTRY1m=%gW=E&jo&I*#_O#$A(IwlZtC*7vxS!(ASdy@=QlP)4|18gajRg8(V$m}8 zGjdS0ccxRw_G47W#weza-8_}iCbU)G%5ydtr-D}`E?$L%WtE>yJ=BtYD5b3!^k#bF zF}Fn8$0fXd*|pTj)I;Z%xIhyca2m@0x=vZoFwpz6$Doj~^Q?=t>aOKU)`wq4o`H2Bn^F{LzmUe*5wSVuH93KlZ&+M+5lQ8*tWn>Dd* z*<9gWy)cTBU~2|!4bs}{kHUy@SvFvIAgrhG+h;$_QtcJ3);@n{Fy#3k)a1dLR*4{J zMCCy*M+GDK6Cz>`B|j6`?{K#)7I8$qW{=!+?7&?+mAIFtWR8s@OqyN1nz?;`e2?IQ z3U?Uap2~?)eUaFHU13yyu1YVMC-;YQ{I7dR>fbMNhcQu>C7wclAEnF%NBBPtWr(iR z8`TB_NQu;VhJ}{;HE1~cjBtewBg1jdvuDyM3i?0i!}^=^V?=MCYE+OgP8bBw}7~j+P>Tb$}^2O7rA|qYZ&=#%-zOt=@AOGD{V^V%l3c zjPJO;;tA9hB477Z=cW1CG)RR5FKCJLwdwfjV!<$mWAd=i=Dr{IC@t&0BNcWIwHr z5Y}CVIE08Y2QgbqC7NrQ^PEJM3@W113XPQ?NAsVgZ-r;Rf4fh0L1E}H2u=4E^O0g_ zRC(YTg#p->5CqL2Om2kswY2?tULlJx!ePleP_h|BUM9-g&(+?9fD_4KUDHCJd%Xq* zc8Xu1i9r{`^#84e?_w|rbgHWpLLhQs29nu2SI7tsxZiN`P-H*qw0M78f@kKE5f6Ba zgMF5tAFX&Z*q~isLZ$oO!BqXegm7AsdM8&YdzHvldPbFY<07SoPv|l;e1#2)t+WB5 zH_$3pQg_BWEz-s?)u?4IjHRm*g;w?*cI-ATQVzj-?l_RXyY>e4<3c~1L!;9WQZeb9eWNTgZIY4YgUgJq^8-V?cv(zx`@T6 zU?_Hx#+gJ>D@XfP4!l&(1y`Rnvpa6EuWo)%pk%!(--FJ!?OgjhJug5=q(E1!9hHdX ztwHL75@n)a>K;x~)kPiCA>{E-Hl5T}8^`Ng_SuxwIbYa|{&`+iLw_o6Wq(oBv6=*X z)X~#v(=jY+pHYgj5OuZuR$&@XXHoO2AQ=BuLNlDvfWh^xYpz-@%j+MY()}HIf8#zP zI}VzN^=-29VP|di1;61t-=jIaHX~s+uc?TCl9;$YgdF@O<0@+n>cxgCFr-3}51N0BoU?~iZll#Kwz0nm2>o5QP7TGx z|75MwB8dG}?lhbfi)_Kc9bIEc(NZeGvyn!6mfmrCvVS5t#GO@R9;`HVe=cVR=-__m z{V$ zTY8ihS|nj{;r}KY^+n3akTbLqDI6|Ishdy86=DixWyF`V|08d${r}L-vZY_N2oerm zbvks~FV_3>gb;94%`@(%t}7``n6=9S>mXxKnu(qIE1AD57;TIl$4o8Pki{F( zB!wGZ9XKTHhj=FNozJ`l@GNm`P|Sj@2PgWSC0VX^_*vw_HI)*=rUOpW7FgV{ha9Tk zH!R9o@=WW3C`G*L9zGH_V0AwOBXfHvhXY|lTzw*oT|ixSE$L#a9a%sLRJ1hIL$-qkZt$ z5fJP40Xt)MzPR)_fZ3%IW|ur=JL{AP;NgVmtVhnf6pHsTZi31yir+?V5NE@L4JyYh z0hH$}r){}lK$)R=DMhd79OZ;1HjRS5i9yhO5*)EFgX-S>j6z@pD^4H;i6Sp?M_Cx= z$bcu*ZbG2(e8&-L!4Rr}c%|?}q~&8Z9R5PI%P#v{P5OU`I>%U1dT?zo>}A`wZQHhO z+qP}nwr$(i-pe+=^`4V2=f`x~PSRwWOf&6s-`CSNe(NH>?pt7U91(vok(57_L=f!G z=a6_7AaB2Wt(io|y*DzM%>bVNX?d}9BN;LL=aRq6+n z#fb}4(L5QV)UO5$s|nrYcR@m_uXv}!N9abg!_`oHR-wYs2k(jQg-FpD!aL~3ycK&= z#U|e^4Jk2zYq?%;rNuENNCO}}bp|gQZonU|e3Q#M(balACnR}d!wD3ji!QPFBeWS- zZ-87{>R>4x(jh5&-i6t3@P z+Pc^wCoT2iYuN^8?h?*snAd^tNfeb3Ix2v^TXrWG%CqCGnk6EEKwPy$TWWm^!PHmbL z!O9_7w`IVps0Nfl%SAt0e*k&z3ztPIz9iYn0k*ieM#-$oQaB)MaM7l zF9gH@k#iOT$aXQH!tCiaV9PQCwIEF>X9UDdaSG-ahODSOBM|lwcrG%L=u0s<;@Usq z;kp%P@N2f)t2juVQYgo)(6#3ysv5sw44OdOrPU>pIMm3;HXtb+{;zvFQ zW8V1Nf+ZDBD^RS!uG8JPg1qS*_4DNg=IayzY2{>QO#N8=o*d~2pR0bZHqq^Ainz^9 z&n^LN$F84zCd}W3a!0^dZtS53r~oAYfa+NgQ@kz(9cOwR4m^;|cy9E@7f(~MJ`_?M z3`7 zZTRPjEe-^PREPUbyU*lz%Y>|8t~-m5{RJupg=$Lo)n4aB$$_3swNEed{q+`iw#L`T z=l607Vh?g^s(f)WRAg(+3r8J^)l^{5zv9TmWVD&wS*+1Ya>+0uIdb#D5%INJtl?wj z{JE;ptdFMwPEbo&oJbxpTwq>wxqvERXq=$KFpS2vspM)X9_r4pky|FMliS;PZGf}?C{l;c~O`to4G=WE5JdEw%ooW7-YVvUaXn;x!|2I8ZTlZ^dw}XMs>T1jO8@QT_ zpilmq2#%T=3h$6@ji}Tv_o7S!!xN0hDDIQmoa{u?SPA3L#FHWqR7jexE#(-!GDq{T zCu`c(#28YJ{x*$m{-Obu_ZH&O6PI&aa{7?ZX71fijY+l?9dY6818b) z{?EIS43QvsKmH0`RFZ3lo>SzuR51k(v#WkPb?Qz)niQI(KPh0HWzANpsoBOiOcJzB zif5V+8MYpo8ATVL5`~Woq>vLyUkhIxf1YxJSzWG*?ya@g`CNPH@GtH{$)LT+j4m(X zOmNT~F*7N8!Rs_xZ-}nd9KvG(f;S+}4CehlD&Xm+4Lm`>A=h~|ocYnq^!U{b-wP@O z9}iS`fCU&{ammadd_~z~w;33n0IKtP2RlHwgK&-?#r+wfgF7NRd^DF%Z%h#raDDv5 zYV3^XwPCqW3LPj9(j}me;Vutbr6zFJ|5A$V4k%7QN zNSxuc=Bnn&;73+hQA$3%ZeGbdspeL|fd-ErP3P`7o=YeMr0s_yT4Q@%+?N@kz3&AO z_W|QU=jaLvmXe-i`SX^fFb-@@MoJn})kTl(JSBAzM!^qBdTHy`Le1DPgUG&e%p!E=`5sdhEdO-U2cO8K zt#*UIOaBGhfjV$Iw7eBEw~(0Hl_!|9tCXt{Wm%f;%U~yLK#AWkFy>SII^VdFa8??| zRR5DjgY<_%%6lryXxr-*e4*8DP2&TywLpQ|Dnv%P zj*Wqx&>0Z+ON(EKg?(K9R*2$OR?V-w6^f6hRio{BzIxjT&$j#y8t6I*AfMIUWM>!Ab`UzefDFlfry7b09^m*q2 zM4W?Q%>#~R1UsthtO)%GrB=+(RuJ@=71dbr+S}Mz;sTFO$ zk%I4FYqnPR?Yn%5&+|z;foo5Hi3!~$pH1s2&N_527sW#6PVQ*_LtQin$84L7{z`Zv zibyR?x^P~h0-fmV(xnV7P)iNY1+8hMth^va5S5+sU#JBs!{Dsw{RwN*Nm$?sTPCR+ zAlI`qoZq6Cdo|f~$Vl;u=fkqN&uWa8*vvlZ5A^Tu&9e=Z-qLH{A}h`A$*i7d!@Nfj z*<>|u3kXA;{g#JLii$hN!DL0+m`G6+RlBQMgb19N^$X~Fx}R2ES%dgnCh83wsuT}> zYCj#E zDRbB|9y)&yW#qp&#D02xzFV&So$7fQ(V;+oodH7!Nzd^YYo`ut! zFSU()nr4g$IjE)*>wi2^Uouzs_}ojH>0$?DiD*&14{Oo94QVmF z2Yms(H9tBJq1}hmo@$^vHb(&5`oZAFvb&qIM=mR~=R*)RDjF`{#im>fT@j%p30x5! zvn#RUPyn0aDsUx0+f%>nw-0zg!ylnd+5a+P@~7gtVuZMi%&Ew6H^!nj)DE?`dZn<+ z3yrrTw6_k4#u11}-=U*io+fhll`FDT8|7)AW=@dEtV8LsK#jq4NJp^DEKQ#Tz(1E~ zOk05JNs@#;K0j2eD}nVcCrO|d)C<@(++n?1P_>@!mcD?3D)rxmovcf)WoN+vynxl0 z){vL5)N_&V35yp6x|ngUz^Mo~rX;8U+D)BKo0hx{2{2fQMP57@-c)0-8kf0%Zt5sY zFj3gsYY+reDaxD7kRMcqQIa6SLbkLSl1B%%E1Vp%8onGsuL8v@1N9#w1kZ|0)=r9y zuDqKTv)ucPRiS^)-!l}3Fcu?SZqh~=%E!FpVss*ifXtb?VOGI#>UypXA(c z;ur@B)Z<&zyceku>axOqv?Bh;l_+`9;QzNj`Gkn6N}qIB1DzRBm2B!ry|wQhG4uoN zXFW?6CJ04B1F(7UedSs*dJI=H3h;PGKbkh$4ljci1?~+v<=>l%+&RC}afQ~0V)jLF zdf!q={cT0a-x<}b`a!wpXVM5#uaCO^UE9q<^%MsXj>nj$eR&c=&=QAG*_%IvV%sqh zFMk?uPslE>Yt?MZuH^_6yLIFA=|g-27p=y$djNK^0E$HF0?yLOh3DM^;k4_R=RodF zT_hPh^)om{a$xpnqX87>gRhp=@EC_iWcRpRf*H44@f@L!XN+f9k-y(^3Pj1^Mc0N< z7z_hU)7PhuMG+dfZH}k8yZlh3)!gKo12WrBZo~>8q`xW+l$oXUgplAoanH-1TlyP> zJ#jrU8BV!@)}9z0R|>7&j2(fbW&P#;{kdId&Q`4rC-J{QN2gakXgcCirzZ=Tv5IGH zTFchUN0Vvw<;El7;K-Phlg(xuu-#UqGxH;)mJ^Q5vUE?EqD={n>ROHa>ag8bw?Z4L z*8?1NZH~;Mb^Gq>q1}D&tZ}@(5~hOAwcFRl$yU{|8cOwM7#l)CB$&I4dnhKCvk7_& zwF%yaZ3175@aR~mx&l0C_%FsHv=T$su|nk;%rtRsMyA-_m=xqv+9?E|j8;?@|b~R30my6>ycrA65 z)_NMbf>9})MpP%&earwLv-0_zzmIU%|A`Je86ev~{E;aJa?{sflZ6nRX#+`6v7NYl zexzkKlHZ8;jf05SGd&ihAfZo6k@hiqW2ZhjB~$HkOa?I1D6b8R4A51M4`<6{KAOFA#S(;-Fh ze(s7Q4f=|uBPK$#$~>cfsGY{CALb2egeze8&v*Y*9Hu9Rx?C3A`j*lUY-++xuW!Tf zc0HJqJvW(sd}2BPRQ7L4V8iEqxORxKK7O3<>ya1puD~h=H+XsxEY~nRmT*ocjE^{I)bFA>xygOBADO9JYGt@@|Iz zi7g7LkGv*A^e>Bo_pcfER63b*3$%4`jNo-XC#6AbyOY69ZKd5K46vS2ZX1Y&wt?3! zX;7VXL}YfciINU|p_^bchD08jheSlR);(_Jy=bI$#eqvyF%F(QOc337h~Kd-N5O>H z1Y}CdAF|F(^Y7)rFF^7X4cFP}c0J5i=;CDAnanfi>ePG$p-(5?$G0Z6M?(_6{kt%J!x8d`K^CfWyG=^*fl zV9QF;0LW{?bIMW%TzG&#yS6k=QHq8pTA$fNElcY>L`F z&rxFOP)4w~B?i8$06Px;ueaA@M2ATGUM%*-VUKeFA)4hnS3n_nIr3ouSx2;6QsoEl znJ7GLL$TyRGH#c_+F5+yBLuMkP_}9*Os6jpY|s ztDmBFY0=sS)FL`ou6iC7kz(OBsR6mcocF-C39dWpVRne@!Yua?>)5iVWU|bYl-rnS zubMu!O~>|M>TK>#YBLaT11PvWEQ>R+?6UX^qcP3T&Tfx4*ETA&p8=slKKW^0sc_mu z3exj1#Evj^7YTmtzFzBPciJMpuY%UB+DX5PXv&(pSkZFXr*9(6LnoGs=R=otdfX5! zzxy7m?xK1XKih(_Fm`cZ9$)hCN;u0_%%6kxGHN-54TetqD6fN_FuM~^fdCNFOhy?G zRK!FUt~4mbFN7jzAtA||1oq2nKSW)C!cTX2QBio{?7TCeECCkaw-WkBmR zNCSixTKZ@iH|NZLzR$tCfEjNN4YZ(qQP>2Z9M8jRo`Q)(44Cx2h#Gh`XM)hU&o@uiusegytCNhD85bBQT~PTG0~tv zoq+;S7Bg2N$1mJQUnZ%KnP*gW?)1r=rmQegEvNdkb&I;e+H!67kiYCBDMwRIEhm@y zd;L&^aF*N|Q++v)Z#SZ}(haD4q$WMK!w!zS2vRsJKunj4%kI$C1(d&YN-x(L9(&;- z?i(zg0o8sYmU9QYjF;xM7t&)X^`}?;kdub^s#uIVE3Qd*pV!IuSLqoWNUXsOeNJ5} zjF|*-cw^qr8V^CQ9k>SEJv*rAPx1{wSm2FHB0k84Phz=u`G(zOWG9rc1n0;1r-!GG zW$|d=H3qA0pY>*?9~nB!iIwo+w6Afm<50?af{Cmj|{T2@p=hNe`e?Eb^r&RYB^R6@xkgXP{>nI zvAmFJb-?!5L#Nso%w9#G?SnbY)glg2Hg{#wPbnrgfPGoqxjNc@tb@#FbW1k$df%GP zMBk)RVr`O~fq7QvUF661>4U%sKJgm5$1<VORd^sCr>yYlX$wu(cml6aI9qLmD?W*Kozw7W8g#LUmtims$|NXU) z?>d$+03m$@3TnWkkY1)gka4OwslFVyI8Yp;YiL?%pAM$$&vX8W|A@$ahp+RBtpzc1=>NjWijJWKi_p zBpp5(+JmW>2 zD)4_BI1A1hfnfmD?d^U3FXPKb1`M2l-@U~j%rURL?loz-=K>6sJnmt-d#~awE9s?Y z#9QpN8P9TPB8`X14~QteslIW{R5gqs)DSTqFK^m;iA&)g;uF?%R2)S43y5iV?&wzH zAG`Cz)T?rN5|;T@x9VxKet813^)|hI=`wxz#5L@P@rSwH#olzRA6}@A*b}}~?>PC5 zK*2gkiw@l(pWVFpy8Vc<2c?g+HoPR~NA)2_xr!Yi9R1)UgDHp=VL`>Q+h8Z zVRtX-+wBl91GcrgFlhsi9vOZ$`fhmIvIamGKWAJA{E&$x`@=lZQ*RinudoX~A?y52 z2``+NmU+V8vtPfJJIx1gqbMk8nThuqU==j5gPH6E?64x3D%ipa+=IeLUZs(hrp$W~g_3V{gTGm7|axaFCBJ+gbIz@Sl$C zL@fI@Po;nNrR_~f>W8&LC@#)GKCal5+?+#Vq|Qe;H}o;x#fC`PVF1aar0jUa6LHne zA4N8{ze@x!%SZkS0w(0hd+~{V6=W&`H{jhwnjnxh%Gl!xX5vyQdEVwB5|-v;pbTc} zzEIYU$LAQ)V;@%F$;-e?kvcy>Y9Ep%-@FAL_z%FcZ~j;V{0QzJhx|2j`$J6cS0Z+Y z%U@kFIIR92NYo(%xGEVsSdE{`Q+RUgI*^NxR%V1ZOY|w#r#@J!YQvu`LUZakksKWI zupK52Jja6Cd4;u+Q15^GojNR&0?hXg;GIEH%N%*(l4A%uh<%v%_A^K2xLp^79||N~ zD{)1hFlyqXyIkk^Vox<;mLzVOEZUES zob!gMU=e7)=?kZF84-9)@I{@m$l z$Kk>5^B`}m@C^;JzJ1FUvbn{;vPW9^XD<)STjaW8Uvv46p~J#usi|UemHxib)da0o znrTDye5p?&TKBKs^y~?=b7#NW67Y2C!u6`sv!>BaVG7Fw>5^&}cI7bYc!bM5{Gigi z;l)z;ins2`Jb?5kt$Z-q(-{J~q1pDt^5U)!^$=B-Q~48$+eS-pzc05i=usQ=%fq z+ZR~!N}gsUfzuoqxu&l2Fr0Vm3C-(*DptYDi;97jiY68r8q|tWbXEJ&6KBqKY}KGT z?+yiH44Z_AZe-0Ad%>wG^2k1Al;M6M_X+#LjIYDmIcDrVqUxDlG4|F<=vwck!S@-t zR&+V=Q8%(0k|UA$nL7AFDE5-6Hq-d)Qeu<=h4kXAy@eDmdzd%T#F%7qCm{x&dJL1A zuLpy%(+GN-BQRrpm8*XDXKoDW5uxXUwa5v;sKIx%{rRW{F3IZ0Li>ZQRdwum?IwHX zc&#pPqK+?vpA<>_BjfWu#zMyT>$l_WNoY>t>s^&wtjzcE^h4VFy;XA6BQczDt?e)t zrt`TlxmC3;2+5lhCN7nNEpz$r3U3=7C&}10{crB}$}#n%Iu8vj%IOJ?1nL72Gj-6s z!#xMC_Iuofz+S_RMO4x8ohf#Ion#qbYU)bYnw`|LEMm@%&^~=OY$`<$MBpbKg%!LBO zUAgApPihNeG^*rrC}UdzaL>vp;GVW6j#Db3jkY~ELIXiKe8oMHpD9xCF<5L(z0)U22-Yt9Un$)?#gq)SS{R^m*umoLyKdR z=1U14LHQnBHuD)4Nx=p)2Wu`Z?b`Z%z*4T$*%$bNNkvUlc+d=cM{6PB31K8!4kcpA z`va#lSH&cw`@^9Mz*vPO_AEYz%TJLr5dsi{%GYEssW?I-0k9uS`ijzX)vYS zeo{$Xsb%uAa1x2XX2S;bQk4aU)a%FXEDc-SW=6xwW?)0~@;|r&d5R)I-ahi8sNfIa zA-pORH%O)2SF}Zob?$E$)IoiYf#M#<@ADt5^wHB1f{{_KtJZAXeZg0A9B`*cZan-vdX%~mA zprqYj`v|$cJHQe4*8)QO3aVZmDMgLKia_f)(pP!n#&6aR4N6CRo%8FI2os@3y03cOK`H^Q^62#ToobCUi$ z)L(&@avX?sS(#Xx`)fo{j3zitDDI`T+il|3-FEB9kUHRfDRWCj#sB%|n1iq$Q595HYi13Xd>30n2)0S!^4R$9Soy9{Wet z#x*gjd5-mKON8s`nK6(9*HNLi+!T(vbFw{45=p6B^ZlVp>YnG>9eunK8Iz=O%}~h0 znS=xmdlPR}Wddzywh-wgj+-QtnD3Q$HoO$?RNGGmYls6&3QGdxCT1W-uzs+=_P zBr*tX97?wSNvPqKTJ*edAA!@uZY1*TdK>a$QF}3-no$BWPgzl((kp361l6&O1;bBN z&2)*u{et>r@-uCFyBkEvGlOfw6~B3-v4=7XEbhwS4B~AToOp4Hn`OwP5+Tp{Lm+;I zau}PCWAHn3i$(6bmfNc%{?xAHrEK)q0lGy1y#)JCscX~o#Qq(V^P7`GzC?J?3Ty&E z-_l2;*j@vh6{h{)OLyP)V8`J4WLL_dWO>PufY4YBW1-@ZO%ZEQ(${>U-o{l8h<$nm zm&J7IkOiHgO3?skX5Rd>T}g4SUX@qf&5Lh_gE%1^v4YFLGcH@H&n%W_p?y_?NXDWb z-zn9DC}7F{{k0bth-fhbSTYP|z>FbOZ?F|?uyJl^hC&dJwI*QtYc#Ofuw8C_Eu5^mv$OLMYV9En@0~ZB0AApZU%YR(d>+p4 z+17?TaHkT^U;Aq8ZiNgtU)7y{@u4?Yo(|^#-ma$0P^P~?I;@Ttpo}!51rcy(<02+~ zBcg_4#+^9nd#E_hXh~D7r;Zg5i=dn&2i+~b*3ARDT}>;39Ogkfp>+vgjB|w#Gu>21 z^-F)Ln;1Gw?gpwD0;=vdjC5t!_lJi#jCL~g6}T#LC{SmAFfW-&`Ka%2M}?!7VjH4H2WG2Oa`cQ$w{Nrm06>2ff5)5k{G~W6tZv9#SoxrO?t6UsE2|Z5BqDZc$VU z67oAAQ~W}++hB9gS~O;s0e|OnON13hdYdB_)%utJOiuD#1>#}q7bs;#H94uS4*O?X zRaqH_>Z$h|A-O}Dooh0h=U$)FAj;G>0o(E{2}1X!lD^H*d13+Y>sbcy@*C9my#)n3 zN4UPW%n{9$dqWg$t9mE+l;xgAg_`8%*MwXC!Q0pI{=5U#6byVCGqt9pE4s$#`tx1? znViEB+YTDXIt9#Ry&Zxg%4J9PdX1{E%hCRl^#~C~v?hc*SNr~v>oRl=;(5`;$~}K6 zXbr7(A$Vd3gvcKbOsb{tPW!u1GVZ_fV#r<4RIW=<@$`7Zr9TDiB9_X0%X*fN@4)qH z1Ojma$Z@hBej`tv+S5o4cfvnRSSf{VW>M1Av#iV0{p3LZg#|*Ce}w>M8ySaH7%3B( zR;hm#8<{k3HGZ8FPVvIE|3zFw-)7BoXXAx?vG?5URIGevpuNg!tZFPSkuyz+>DZu1 z325^-DMG|iD0|awGz$=|-EC8itQ43wZ>KURQ68$+J*hGq36ZvB!ni1mzpmPzQJ2Sa z1}Jpb1Vfs(G5*CFo~Why{QC2fFhJrXVQzO@iw#y-;BQc;o2k>8k607w%AYF`IMr9& zPI9U;MRI9|vYyp@w2zr)jziDv=LQf#Rf|{#JYB|}dQ7!9G0BaETnuR@{lTe^qmHWe zGVogUdS2i%t`kU=ibJoxWRAn7z+Ub$cZ)VCOeVJ-Vy}W4-J<`w>f|=DzF2%lmbKiG zZLHK9sWJQ6A#!?CT){en62I!0c}W%9jek|W{|pGuQtxwq`qyhye}$TB6sGHk@O`BD zeXMXNo=#*=WXMSGzgeb^KT;?BvlepdHI^Lup{T4On~JV@OSNrWx9j$PyZzG`@Wmv`~1DUzsBmmuTIePdf)F?`V!LQxLmv?ODaCw(!l(z+#LH7 z&t6j4iT({?i)1P?SPUuicUG+Vl2%(Uzp+h32lt!Oo#}l~oE$r|1mmdMwR;c}BTagr zpVittbJbO*Ae^ojnQ{y!w0q~NL6!ci+S|F~{tDGjmW-Nd5ef5~N##BZ{r7D<#4J-$ zddlsU(i_j#W~kq=CJ|Gx;aJD3S6001%3 z2Ck&px9{0{!Uvz=B7&Wm>H_ew2&Zbhz>CH6U<|c)I~=}Vm)1f;Dv}vZBBAGzhhK_8 z$H&DDIOz4b*E7MdP*VujM0}Y|<&znmxUZr{CA0?^7E>N|UM(xk2rBN|YK;oI?5+-Mz6y-H-WNVU%x68lD+zz^+0F)n7XXNTY zQtL!PlZrqM)>>&Ik+WyXj3lgi?qsOjKX1B$ki@DSKV~aVDH;h1Gp^BIr}rrwGxH>l znjusg>3xhZoSOH?fRxA1!IurbDd!V)W;wgmprh9llOZ z7b>OdH~7s2Ej%9vGVVg;^mZHM_+_6B+#=EpaKhq-#eqk9eMQ`Xo)b08>cRRcj53OfgCDhsA^)A(Sjs0EHETE7_pkM z?1lH>St4iEeP08Qx4}>u))>^=E7&S^x%?ejMUM=I;Acx@NEOq80jCTb2&NANVn?S@ z<4v1VMzF?-^3&s<`AaNEk&=J^GAjg+BX`UtShQ@YrlJ$Vx`ZO^)|k=yp%~mI|0Q~- z1nC(!Tp0#g%8ti{eznRb5Qsd`x=VVG~D;QU_SS7N`;qWFB@!X~~S7;@*Pzn8X6`%FLPuBBtGemVwr_Y6L8KI9(8Qoqd1 zjJclkPV4aIzL&6_O+qRt3~l%#HE3WIyv~vi%osnVL-XRyUmL(yJOgLq^c4W~NF+KW zhk3RF4s6yb4WR{XV+L6Z9wtqdTE^y;f^S(Ry$kj4N_2_f7RU(fYjCr(f(&7#)g&N#tv*R2mdpSusX#QsSWH^kD zYain!%5^vPMHeV5<9B!^$A=ZFpz-0h^UtaI#Vl_5pVbP)_N~@PG@=S>0Ha%$lTC{F zM`54S12`M+y&LJGU;^E?z+YUD!A$2jR*B9P`VL_@U4;AbnFdz`KB?^lY6iN<;aa0u zeo!C}?${X~?1$i#%Ues9x3X)ln(jkKLY;y(&pid^=rF01=GGa8f6n@y0Wo{FBbX}~ z0|1x6hvZPNBXZ0|R`_PH@h%?}-^rxuSVx5-OyClawTIc4vOfwSFO{)+4MArcEgId- zPnek8{=0fj<0InmOJ$$UTi7o6zMqm_36c8jCf&nc^phCY&^YJIDS+@8+iW!Q`iEEHL1$s>Y9#Y>C;cW7# zGnUie_+3sS6ADSDmh!Hj29p9|u9>Opy_j9Gu@nDN-uY@8{=2|7JZfX%Davdup(U&!62K zIKwnZvI3oydHcU?nzu$pJKY})Ve+UfG;cm)Oc&`Z*E4vkGPHJkNeb3K02rb1tJUJh zp2v%0fHv?DPF`6guz@?ORVF(@_T`l`T}o61Jy1bDM%Cm_S>MUq45kc#N)(W3f6+BF z1g57F2n-1L*~&Tx5yk50n_0QLPmRG{)w@VK0U3u;B6iH%=-vh^0$y zS~19PV73XS0b#i?z(5)V?5VG`4jJwOfVoIK3BS0C8!llPlRuxHpCi57eWQ>JGOyHf z%kaz_D=O3LI?jE`2ZmDrxB_mRx)tau{A(4`$+;N`qU**D& zRK-^D*r@55}fu016p76C+&@KT-J3iR@Qf1e3KHIJ4L*E!`MzS3&YQ&f-p^`k{^Ldy}EX~^AFrbAF`4EnUHUQp8 zqSsS267HW1^%BdsoNU?2G^!tG><)U@gzu1I{BAX|pTeyiV<^m!kq+Lp>d#vg4*3!t zQyu=-ksUQAy2x2u8Z#ndqP&eY)I?Z%3~D>JJal+mvX?*(B-bUcXS;Q{{ zW8lnb84gZ@hSX${ z>zoqsS;k_8NjQW!r#}bP`MqoP{mcS?(FHd99_!uYB7EHd{1Eqbk^7T)HUqPpbs5q*@_i(mw zMa_pO_>egF8f?h#s#&t0eU@43;z)JnJR0-XYM4(ZU}uk$&L%Xwc{vJQSHMC9)PA{Y zRfr}k_a6@J3iiid$R_Vy>dx;eTHFLq-^N5rLYy_J*&CCXerQnD1mN2R4@)>sm58Qx z)+8zW_}WBqXaz+~FIB*eklCUgge)|S3KNvhxT&tO9K#wGyAyI)L0_nB^+F{qZu}|^ zWK*96Sp)mdp0c2-ZEJ~?f2stE@g|@JkicM9G668SrQntBez%`c)2B5fsFh6F2YNbt z(0@dsIWoO=?s~R5;s4p-U?PZ$cUrcRXfA3CINRl{Zd5N?=vu@m9ji(Y6k$i?BBy)q zH8Z$A(Cpo&t}k$-x^zLtR_HsL>il4Q;ycb6?50uuD-aHc1sL7tfmwiK}|9$L`B;3G?Gj~Nog9TzFH-+N9~ zbkrkgVL5t|Zp0)gPY6-nkJ`^Tk_QW%&>FgnP`@bm0%t3ioVaX5&q^1-3~qB+|E2?8 zu)n2_a}38NBQNnqFzct=<9O1W9Bx9h4n*lDB(yawWinVm1aWv2%`w=5O&d-<5zPDd zj}KAAg{`ljxScSqBSH9T8n7ObFCd3&OO*B=V++~y!V@lX!gZnDu^72gpe`2<|SwHzt7IJc$qwH+KaP@EU!4IFKH}j-b(x$f=f_Ld@ zFJSH7&7S7BhRivOG8JGk5DD6p0SN{ZOVacc_g0SU8uswN-_9dQQs_jw^Xwvm)gxwA zKA}^4`~B!^W(uyOckW4Gp0$aROpJG>NmImgXj`av4ioNH zG$)h>&#Ym$=FA&yeQbx)!NkOxs$t#Q+$*jceRQBqh{)xvqAc>Hw(~I7OO*zd8U36j z5gRBdOV+gKEE<+d30ov>mh545N-Rbdmf>wJcY<00n+w$UmEd-5sUVzkpPti;K<%y(<&pKX3c?Sp(N2VT51_wp3&!mdHX**2ZO@LpR(!^1rma zu;|13w-kxQ4FZ&QMD=ifHm-F9g(FQ5%xK*LF&hJkRG=} z!l)q_hwC9QAYGkv-zvv&?jm%8T>K|6ej-ZFp%b8i26sczkeP2*QEqrI^WQ-3&2Tw! z!+7JS^j4i9B+!J+sx_P};zTuVVn`v^0Ffyo6UeRyg&iOwmm+{g7NA8T1?l=P5xw%a z7(VKUm08Sk*xJ~6^yb^WXb7U$ux#lCi@qGDw)ytxKL={7EYOqAi!7u%LwC}hp+2NK zM*lT_i|+{M81cftau^4zZwO!7AHLXH%gr}9(9_~o5U6KfaI}QLu9OzNhQ~XXzn`4% ztR-N)-%nRK3xpahOj$BBF2kHud#kOTjeD3Ofty&g96E(sS2@@0jV}2B2gi{MZHv8{ z@ep!B<cZfk`6acJSn@WpG#d@usbw3F!t5-iAw6Fi*~TmNi^izCY;JtpEutgXXOUBUekisDuNVraod>Yrxp!zOJ861dG7UI z1#nbbMm5Tgj_`XXM3d7Zmv=*>=Ba8o5_b&K}Qj{4Fe*jkBYHW2jJC{ZUw?s$v-=5`=9M8}$+$4^Px8BHg2!WBE&oA;MUwuV$=K`|UJu z826AG&oI(0N)uglyVm<-j6Bn>s9z)@iVVgzOYe0uD4GyMLBl$WAu!5CJYL|{xh^>~_{DZxp9Oc&9;X;QFB^ffZ&K!past~rf1|_Co-55@uEMNQVx`f!qF-GQSba2UcH0c z)x?8mjH4q^XdV|ktv-o)YS<|HG2--motL?00Gr5|9@F&4-8lU#_u^mP9}~QP%USu) zNXxw-En#>C$52MsJKVtPpX$>*Zw@p2!XDVxo>8nSrS1!Vs!3pJgdPwABpv6tE~dcq zCp>@B``vy?-U5VK^iVU5K{YR^<+}7pRfl5^2YRa^&@oGY0+H&TOfoE7=haeEEPK&OE*O-cIrm<6&K+dQ@{WAw zOK=5P8lm(Y%(zs7 z_Mf!xga9vXdR_C^!N#Q90?UfalLPK!MH}H1zf=mgxTJ1E+COwQ%fR@zbC72mxB(8Y zf0J0(boj%qBNH+*H2Q;Vw6`zq%Z(f#q-EMOsvQ}(s>M1kPE!6$j6_~o3HooIl z{$-0o2w?%+coLWWSa!Mzleu13EuIBIjn|DaYY^YuKn+vX)A%gdd$x)9Wr^klL&umU9T(N+!}a_6 z>XYU#fq%JM#fj!5gtM=5CW-kc|aQz=iPW!Nn0nDjr%Y;k+ zv5Y<5`ki>@he>)L?I0nZH(|CGtL0{DRi}Fee?4!C-K1aag}0yUvpkJ@2GhuKc2tux z@%{f}>Yc(Xi?(&`I2GHrQL$~?wrx~w+pgHQE4J+!+fGi_I(wi0znOjTwm)OG_ibPM z@n!~~$!7kgrf5&&&)|!`_T4YZ*e_1H2=IcoJ3isO#Pv&V`}KT$b<47cz;y;#Sbbn23Kp!njH87dATimpyuI&o2QO;%Np^hUx;!40_3-jBz=Wt@68( zyImpRo-Zi&S4IBUs1jY`eDeUyXhyScO2$1hO0+l8k8q>*f&gxical$8Hhy8w@%+x? z(skaS&RO-K-${Y-=v~$wFQxL;rIp$%Y+qdJ_}VvNIKwjFZ%+|gKnE5EHFWvOKc zCv_mlx0REPlZPru(Q4GW1rzm9j4Z|D0@_&N4(21|rqvYg(_wfItUgUez@*G)@Pg!~ zs7{fTJ<^jRWC~umMp%@e13+Ac>uk8-$}BH@%ilA_vo2gXCw|FNJBhVqbL|xnz9v;H z3N<|*8jgueKW(3}G0)om33dE{#R_Ncs%2|RPoYI&F+H4dzVn@R@SE~&EYCNh zLlXn1WD_4jv$ADF-7yV+k&MKPo6uv*UWmRfPnNPgANA;vq#YvT`%Cv%S#!r&nPn>U2 zsHFL0N#5sh`T?_6@6bI~&KT=N0}&nVE3Wx%_i~(MdigNB(c|xu5nFfx(|;-uXWZ9eOq-%Nr$^1vk9K zhoZ~uCEl$5tD?y(+dk$WM*k>u%COaa(`{if{*a{0D>2r=HA?8_kQ!g{JF$Ti2>Ku=8}nU$|~nQ&QtM*+oxUd0k;cB_L!13 zpTK`fJ8lO4n)WAp(kqo9>`{HmJGbUhM3gz1ehDh7j=gG0xcZ_9qU$q=c= zgC`^y)p3Rut?hi&=n7g1@AdvEWxopbio|IqpdT|HOEKcKppIuEN-bskh{U*l(pC9$ zSr*jWG>FUV`bolV511!s#3+DUF9o*A-qA^-t2s_6#qzsLOXx)R{i1vM?ld0{=m5*m zyw%G1g8)>w>$N2Li}V1;&cDATJA<_LKTT|9a#Jw(a2w%H7<|P?u4+|lp(!j`l4MdH zMy0Htq}tyMq_})3)xb~XMRdkOU~AJ-qN(_*OpBEtr-V6xLX>t7{d=OadhG<&tTx!~ zqd&uMZm()I-FGKi0^_YZ!-fZt$v}4VXd=atQW-4M3KSntgSpT|{SW0o!;tQ-bvZbF z0l}AP!}is5Nl!hT8O<-;cRl~48Mu>;p%}nqaYy`r1Hl@Hfm$$)BLm4E;?#Q*J5VY{ zZyTtBv?YIg#R53VMnSfrpm55F{>RSc+R7*V+b$MG(-6ak$<<*P$$Hrw^a!*?f)t z`j;oX%B>*z3a~<_4dApOS2$DLaIg=sWo;UOo&a^{weSdRplAuZ#Cp1k$tej$#%@O% zX(bGMrpd@KkqyMG>fk#yB$|{y>J;vjQ zq6l?V(T64D4LAw6{|sf_TaU4yipv_JQE!SkU$X~2`DgG?<#H3{Z6?N*ow`3r7vZRx z=`&X0#SUhm^b?=4+(HzZU@Z8TXx7Qk^PxvR5+(#~FV`j?aPt3(B7a>6q4OO`r(Pt| z9*JaAAa+_tI8qqu zdy2;!13dcWEM@;**hw+(wfutm+U+4eaDjRHmx!b}sWpBw6h`WqutGhoWMK%0`LPE! zdDUoe37b(#k=m5FP#}Vb%MSE+Aq)tFY+L&@#1j@N@fKIEKHyU9CB#F| zoM*8!oTBeUo%E2*ME`n}spd=6nkPP=Hki0pep+t(Asd_GEp-ZWyaIFQ#5by?2k50_ z)Qxc?=^@#{6p7C?B`ZS|kv08DnHXG=tolBDw>CafRZVQZhwpVnGWs~7902Eu`Wg{v znw{ib&^&RZ%&nM^ZK#CgP0f_+fQGb3LiiD0hI%BbV0yc%F0Yeu(|+{b+J{AXWRxn9 z7;V3{mN_R=U5~6vf49a^h3daPJ=Kd_ueTDF3?J*lZZ-Fe!B!G@*1Pl5<`PoQn~;CH z3PheBTcs1p)Hi5N{a$btMp2+&+7JqpC!ZzAw9@pp| zSz4`cu2Dt5VlwB8e7a-$JxL4BN}h^3-+xI-_KHeQ)ZSC&!pw%KV>KNO>&|R9JKFKc z@#UI7Y>DfqhF}~Sj>|FaxKu;DVvWwbk5S>ODq@)OCP8MKPXV=CaQgy6BCTe(#R>6# z5T*4d^kReYKI`+$iK!e`L8-`E^Ss0VR|cbFS1M6G3!DaL(y%;pC~DPxE=tZzCPCU5b*Y~@G9@luLI=4*A*q-IGmett1~6SIhf)luYv`z z5_lHPey>r7|MT}aKc(x>9z4t3eoaElv2f$HdYKx3`r_ud5l2}TsyneKX0dtBrvBz` zoK^+;RQ2u9ef4OIVM{6CYafD~DeN1&l4OouubXlYoq z@bsN`kfGu+$ERf)PzQqPj;Rf8fGKcW8J{g?L_BSunC(52mO_WbfJWA-Tp0euxPK1+ zy&p&?I<}7&9Wz*GhaV66w6-2uc=`52-5y9PO>Au+vL!tsYW`IS;Nfkis*cG$X0Jh* zxnKvOEG8Lp_P|%SUTgO#97xtj)gK2wDAJYdFptt0%Xd+I%NA2vnPNZ!+DXAvG<1jD zlUP87o!E(aITP@dDig_Nw0Cv>f*~U--JZbM(yc}w&tFx41)GAgv|TzLSgRu(wfxh<)kJ*eHL)6?b0qYZS_4vVg3lHdQ!;A zUJAPY#wI=fIr)6SaaM!WtJB-TsXiDcthetQ8Adt4N1uSNz=&wJ661#027qeGR62sN z%N+~KFuvU5vK-7Up@T5YKnHx+-U6C+Jj$LC2;S-t@87TB?>1a{o$-%6LucsaxWr%2 z;BOX&UMq}zUEcBAfYvO&bvEA7^RbSzoISUNs51u{FdjO)k{EMIFyHVvI`7ysTA^Xe(0-d^5Dhuy_but;6L}PoCxcAf}$lb-E@Y%o@kULLvXjI z38q5K>8LiEBAt|kQp$Bv&TU?(cN``?ct=?=$%HxjF-(F7!K=~VHKRdiUASj~xTfwR zo%nGFZaxW_Qb^~>$7Z-|y37DQ*iQ7gQ?+QF^*TjdL&Uh>q2ibWMO$HJ2_PHT)L-`(`cn@WD_S>v1G*Zyop}5i-J?m$bJ?q zt@Pt&va-#%_M00($yJAT^cZC^;Uqky-mkx&SUD>q!~60bCqAzC6T*v)I6bGFJLm1S z#tn@jlu`uC)9x^T8t)!)8wcYx)HGKf1e{5iuRK-a9`=T`D#a%w*9N)huEZLB*KJ^pK z?#Wz$huCFQ&LpgWou`ZAiGW0b9A$mxytu z1Sd}X>=?cr-}g&lob81Xl`0;UQWCLnND0p?E)&1VeuB95GHNnvtt0Ji7XJydsOXas zGUq$?g-fNZS^#a03RS)quU>?G);#dHi=v9Ifx?Na`&i?;m4L}sGFO^OPC>n~{e^K* z<|b2_PCn{c-$!h>Io7v`63I;z1+RH41mI}h*{pnlP3hbnCDpM%z}Fs_y`<&UUX7N{ zJkO#??o{pmXpUhanvBm(>FdkRPPx}N6du#h{Msel-m%EV9yc zQ|E;L^uGL48wjsoiLEblG`ks=v8v$7w@)lvae|j{pkM+Yr3#?RmEpnOGewsxZ6Hu} z8EO+&o|ss}gqozZlFo5D>Aqm##=~tpVkQz8J4ofmwC^bHM83e(&k210?UPz$Yei{o zJjy;)e3Zrcf5qgsBb)T!qjIyX$$gqN=j!e$_yNjrAhw~Lx^0%A@2w+AT4j=!GcPDi zoO-=Gl0U6vW?Lc)5dg4@BaqqVzO+41ZscVIGUM6J6uwz*%b`3Me8~Z_*EA@1M;qbgvZFZfGNV~gp3Fq{vV4I}x#o7Gt(oZ!E3wE?{s+!?eJUNQZFN*{Z98r~qKCiKdZp*Q;`8s_@6w z3JTyaa;}fUAPAgM$X<%T)ZK^p`w+E$Y;^QTunTGS!U5!Xv!`79mGeNm!rImg(jIfh zBz@0E`zgYwm7Vao!Q~x%ECIqr{oTZHICU-gxp6%hIzW__!_sX5wp~CviK+&8GrV(? zcg>oeRnKAI&u4lISSMfOl)IqAp9Nf055eB}M8}kWwCHX)+>M|is)q7slY&fkG^i;EQ+#z9J=vLuSH9;8{ZPb5B>?T*dbG|& zs40UPV^x3Wk!xFZQBC(b7uQL)1F&NH0!~fE+@u)2qJhMaD{oF04;qVdIFNhLykYRZ zx)8*Sh*7gnGa2&5yr?{(pD*|E@s--ThkP|JjT+TS&A}Hs+%Zf3>5^S%t7`Rh2QOfqC$a)WrMs{Wz>R*IxcFS-uLFx-9 z>8Okjz*O3jYDVtI4MuI@e%0u-#?VNu{^zC8+E50)EYtR ze-nNDd?mLNSG;`e35Og0ZkD#t1SqEac6(Vy46^w1M^N5k<|b}p+y~hGHVa+ftj9D) z$p9^tO`GGrxOk7vo726xD8Mv(K)S%COYBLj!X--R;ja*}sszfk?raoa-eeS2uAtoO zxh%W;A-ej55Crmil1~B0ODLhE!|Czv>NmoPtNnw43x%T`Ai0!rO9jSV}&- zlnb;dS}JGSIY;HI9-~(X3N$j&BPLd{dtdU`bvW-e6#(fg4#6d6U)f7cgJ|xZoEBnVFUcTn^2G>3~&gEU~ ziuUwx`)AYOcJcOx^hjo(Bs0pllp`=(1h-*oOr%;5l)1Gg+BZtIjZL}Sbx2SbeSZ*^w>6HjZ#K(qw0W}FHiI~Foz;5U7OP>j258PCrS0kmO;w8Ls<44BV*9HLY-wevK?2bJ8rkKwyaZw~b+ecK)GrGBi2~=VU8E zeIqkKJOZ55gZ*mdB@jol^}TvU1zU#X_=P@eGTA)K5s(3AM@qfZ8|qs|mzywwkQ(=z zk;kV3~)SF5cU7h4`5H)CAi@=4WI=kj~-v#ugLvFNA=+_>u#Kg+D^ zS5)^q&J;05c!tHnsBMs@P3Bp?B~M4mtCczG$)T3>njAcTHRL4}cB?jbcH(#0U*aZs zes?dq#dKqX(toG2_3au`C;c{_;}YX((q@DEFk;YJ^Ki6T>;_iDq62J>+OYx!x*SD`1^M~NF{F5+Kgbgb6-jFSGT#;X`a$sY4V@< zqvZJ=@1ILl#eV<2wwIywHWFw1Kli_unTsEudzgwJ{BXv+l%;xo|9_7@=l<_Y!bDBU z+)8xD4e-&Ry&S>gWJ&Q5 z@ky04J5$<{2y*Hr%xJ{HoS}0*(@E+1CXIE%5(!idyid2W@c6HRby{4nv3f(O*) zcm;jI+Y1@hEy=S=9jsBMjPmPWqhAHai`$EeX_y3UuMszGxYbv$Q27jhY9otp5(a35 zhhvyhQw4#j##zVC>!-|0i(^h!vRf(W7lJHB;N+ugYWK9#>1qX**TH+o@LW>=sm%y$ zJdq?N)~v=X^dBf?^^GjhvN8%maH-si)00eQ^ieF4XLn!J1I_LJ$yWn-)rKUSPN! z7t%$`e(T)frR`9E(;ROxulCI_9f*)VWgo=q@c}(M1QHgy4f&PYG$wCChyNSW*}o_= z-h(KT+S&b*2*5oxR413xj>qLN+@Ay*+Cy}a>UxQTFP!b>F|b<@ouGZpr%INUbZwDJ zXL0Aiz!#qKk*%LntPFP&&0VBLUt9T6uwg}nLQ_40meLTOvRs85d?~RPy^;pR+HHfq zegX9Y4J6M(ArrUMJfB&#VVq#w^5ez5|+P;V^$ewA~rL{=cdwW6!`=Bn-H z45!8uK7^y(tZE4KyUZ7ioc4r>Y+>B>`DEs;!cp$_lIWR;Sm9Y3ct3954A0VlQrxfk zdWb#pg0u=%E-2&F%1HK0K~3!~BGeUOU>){E(+g#WiqB+;wSmevQcSD!%=MT*9SK5& znS7)(`;aKzqj3DyXfqI4NT@N1*93jV*Mxk8=^(TPTvF%$`yk zsXpR6DVuGB(u22C!74(TfqH9ttiWji06xbWXQ<>FP{DP?>GKo?5ph3GVvJCPq!ka#>u0RRM@PDW{g62+In#px0oD5p z{o&S7_jW&+HVrN5*&FWmA=0N}h%`6GJZ=5h^Psy#^>qSkuIxA`c2O=f@oa$KHpSPB2hqY_sDJE@B9#B9tiZ>0Nxz*q^A)O$c zZ6z%Y&nY?^8Goq7|9N>%Fl|r7w>#rDxCzR9F9iZ&Xb({>&x(VAeco5HetWJ9tZ9B+ zG*VZtBD%GP`chX)T1mRY_xusYn){~q0Sz4&;G*vYc@59L$(!Iy%hC4eR4||`51BJT z(NGh!AZN-NS}ED?pe5+4JKA*Z7WPqfkY0Dy?Q)S|?ymDba92!;l6qz>fzDz`a8jrb zo=+nS;b%l8S;h_{c)r==|GM727fFUhrhnU2z9zt|W;AdUTAoPZ>Z>M^B#mestJh+f ziMebw!iQePChovEJUd`o!4ITcd(Hq`v)#w``;&K8tj2k0obHh!$5-;4FfRHK??qI& zGECdmZ>Nc(hiWa6-?P_u=gREkKMX(kKZ*cpt15&k;BO(J(Rt5?_Bb=0pZB@Wq2#e6ky)=s-y_=-K7IPq{nDXs?!5+^{er*{i@Z1pj^m8zPg z?*7(YGXQX0!|TADkHe>oc! z>dI(ATvItdsG;qos0v!m8bW7E95-?OY`+m^Hz|6J@|)gM;d}KK&=Ja$j$f}8zX_f1 z63|`OPshe=N-#`9gYwE{roU#AdemR`2U!aarJity`9Nt4g!j8)&{R~FaD<+$dN?Sc zXjE|oe*KZxs!7KNa}Jvn*sO_L)Qq$J9`0}501X0C{|Gk{E6#&NuPrz)dhc@!kDJlh z2Uoz~vEh7O6pFzVm5C8UjHIJ!&F0O`==3RhoW+td^n}=dy|AC(^iomo&;x_#(<-{n(0C$kZtbDO#npj%sdObh6?enKWoR$lhT zw%O?RXZpkQY{XYY9RRL62zjKW6y%j>B6$kYazUP!J=e#S>hJztz(P|^_ zD|`^(nY31N@K%klK3Mu~Wxn)21GV%feDl;YxA;_SOIwhoWb=Tnc4?6bdWqw?-K|~I zi&tQq40;yYU(t6$WW+^{dToiPHe?TGkNu6b$QB3SQ?Yu7jvJD`$bYz%JhNApB2X2AT%jP%Ku8`p9K%WM;EOm< zY|&GU%+*n!8~kkO0NU9Myr}q%1GMI~ed-pAxNj5y1kN$`EMy6I-$0n7|MM~=n_}8# z**&;z`<1*hsYpVkZD_`^C@=&qQJz*BOY*o}Tr7{Snp)5lNY!5_b0#pRrW2PfNsOgd zj>YGcVsdDsdYhcHckLHcFrCBadV}$a#{4g1)ZArxWP$BZwpQt~6g%!dAL%k-{~?GFlUa{CRn3Gcb>{{XYRwf21p?~a zb5FQ{9cx(9NJLnCw@i!uwaUS~lAxpP>|<_`-sjfoWXa%$T7@yWBqV8zr?p%f2x(@q zddk)*9^%3s_krXpAG=%d&({*1;tThV4?XycUoO&9?u13i)O6?w4V}^WAlC5wmkf{- zXbeC9V+)n0h~&WB=DnIc0C0y}Ea)hHxRVUp7ZTL@Oc@;DdjXQB=v%OgudG{6iYXf7 z%_a{43gGvc7sf^MC1pUSV<^ioTEpRk_gvC-luXt6_io#Gv9fVXYC8>=GLW}bDtZ3( z12L(UW%LWjhZXAr<57m+B|P<~vgC=7-f*q8Xc>^MT#T?{jvTd7#+p;9x-4^1o0p-@$k0t;vC6Dl<-Ox9c({n2x3;P2 z=RW~%nvaJHAZ>y8DW|kwn!NXGGUX%$;DB&s0}i+b|EbJ%xgQ~2<;XZao_;;qv**?F zZ$ZWt1{v-8595kLnmz-=5r{(m)Czu=#Kaq8QLQ+#s-6YbpzY1qjMC{)i8hz=}?e(K6|ZS061?EG$6yXiYvo30!xQ1*xebQ+0&Y`IBQE0Yci`X~~dxhWnKkJ8)-r5V4bIEjgKU4Ay!QgTc`|8$C=sP`Z#5I?Dy#S z`aXmCdo_D-?!x|$I;2<<>xRNh?apb;Js``KfIe%VpHqcr?%AzX=d1FvQ(YXRMVfnZ zPC0D0!}c0PXZ>FgNt56^i*Eh2ea#s9%Khj

    ?wsBRSBw-&)t=7jr9GH9w?t=_P= zL@HEG+GjVFF^O#PZwpq!G3$>59;yoE`vIRpw!+O2`Et)3H0u^avMDpAh{PJg80;~U zwKqSay_<3yxH@?}+l;@{m{xbbu~b-Rs_@T?gQcCmvUOlCnVATJF|1^C`}Ch&Mle)C z|B)MVr4px@r7-{cOceiOslZD=(JcjyC{GU#SZG_0`T4d1q26BV>Y(`E?&f;>uiS81 zjYc&!RyDMf@Jy!XwN`*D?P2J1!2uB+(acI_2a*C2UJn*32)T7Ey~Z;GUcGM4;<3b+ zg!gFOP~?SJRp$9Qfu)F48)DeSpuQP!sNG6oJsV)pTCb)%Y=}|DAH7H=0tr&#IL}7J z*_Fixyy7}yDLY+&K>$rjXx&{v#vJlk-$%Le<21|;JJ*T@TORb^r%*WsKLQsqsIaS$E=Gm=nH>7IDr70i?1bBJ8L3djm~~ zJ$d+StM4N|b3$lL-?$oO6U^+eIfUv>C8|q2WRQb+%(ITD34aMl!=2}3EeJgPwNf<3 zoVkSJMi|nUwnCj%KNJ zXva8JD!It=R#Q_-0bZ|?WjHEkI!yI=(ZhKtJ*3yo*mP)$tC#sp+4{+N4e%AN1taEt ziJSk?7*t9bIdt3uLTbIoMQC5!PYbKDgBuP71Ie6hfrWo0231RGa+n0^L1tLeP&+mn71e<@=2}IwWzY+mfpjfyF==y|N0!4< zWghmlaj~Mtl?&d*)Nc*4*6>0}BFW{J@a3}JQ8~3U5Tn=mi-a07HQc0SQ1sfm!plND z@gg>nupW;dx^Y@E+YcNSoW>BmYtvenak~gJmw$(IHTHYaxHk)mqxF0!Dar4&hBTn* zs(^zKN(miE=ru?bjsQPxO5VDyve#T>yBx2&p10dl3?eI>$1oo$bS-w_0#P6~K?rqQ zzj_sDY|FPrd4Rh+l5^34FH3pxE!0W=KV?Djuxn$+H;OF`yGpbrXf5||X)sOH4OQjl zByC_>KT94mRXDZf_>?PxU&wfXsVV8@d6HlDKM(v2sqJ|2ggi=(Vb1muu#UI?+6o!j z`K81MQ0hoXd>{jH;n3PtmhJX8|FIR;O7M*&w~hQL(Bm~9ktI%qJzLCJl&x(l6QX>c zU}(VeTb%D1_GBZ^c;trPbPh5_#5-|(^$~|QE2?bbhH|6w@!ej&__>yfb*P`kif}AY$h7J^e-9?X8lThdg%R7a*-HZG%oo^d2eS~#_v{=g+*@4z! z;vQIdBEXehZOJ+fr~bMSBj>JVGG_0uobndv#!=#N)ASJJtS{1W&v{A^L31T(de+LS zU&}AiN!Ix%AB!hm;+k%Gz%KO9#4;Wt1T@b6;Q{!d959! ztcaupxS_FHQ717L>~A#bX$Bf?Vm)dpx1VnTHOra7@LKMVD3}&hvM6^(HhAGgH3wu% z_*HXjn#h*(nW%cg>OZyXVlx@Z=DSi=&uX|<78B2|Mn?+vi@RWCUzp7jzwI=Yo)Ll zu7eyClf}o!M~drPSof>(q`BGG%iuBvq#nWY$gq9;%GsTpbk>!ssZb-u#50oYxYL5# zfVc213YVIdx&;;WA!8ymhFL`ck9ei~N-MPdIou?$FqTbnWxrzLtfVk+zWy)c|6%zE zeE*B|Z|whz@^iD7KxbM{oPHko%KIVxW15!*Tt5=P&Nr*X^v}urE&EXwe3wCY54+Y# zjG)nue_Ra3FfVN?o(cnU7W>jOE~xz-FkQ(KM*vRgJs~;fhbMd{AsI@Jzs|}f{wpUlV8oHFU)N8{Zu=T zJrUZ}UK)(o7KlrjuajP!w#DC|FOJ$)x~{r}p0=Mn@CR2+<4#ctI~27}{WO^x(IZaD z9OZ|EV;^N(uFn}bDotmeafMoUYv8VGO@xXuh1}CEe~~cOt-yajvCF^94F6yqGQNLy z;p^%m-sX6l*LA>H(Dr`o8jyWz$vM?TVNPx zd;h-B;wjPo?PNJ9<`^uE(~5JutreJ3b7D(} zUI7P5+(Y8&4(Y<$Nd*llK=2^-b!UhKNqWfXF7w!}c&90OP;BL?KHE_Kv(w$4E~B=X zI!KA(@OKrw@ENCB7*TyyL(OTxkwn$jZ4Fh#9sID;eM1X5TzY-)u3n_R0S&Pb2xJK8 z>>fdzk$4Em`p-!5t>1?J81=caCvOA?Pv2<^HpH9ny~I;T(kCF1_UUDd35)(Ctn$mY z5tE;fks{42`3E^f93Ikm2#W79mQVq{kr&zP^ukLgMzS$Z)KFw;c~^hl9KMb#5uBYw zQPj(C)KcPcafpepYfn>=q$;w%eAnLw~cW`u`E!KX4X7rx-lB+mgVJnWz9}_d`?tq13?~{nX_G&kUgS~?TwCUbh zGPc$>-O&8~&eLQphGw&eTN;NgsEd`Y&M*AxYu1@1#i>WGh(-*40@9lC&prvwPt#S~ z80WBRkSO*KO&f3nXEDLx{a(eh!HZOofxc73=c;U=ku_;6qt@OTnZiU`WYuGjF0 zArPkj&N^pNgCGV@5;@51$MQx|UQu+a{T`5_lJXs`=&Wp4*yk$miugd@*u9RV;=yN> zFJ?`$;Io#z+(Lvu6N>CGJt#&W8&qi~YpG&4nPj!B8}j1EKCe#Yh8m8faVipBpTSOP zbSgq4KF1xX`-J)&b~C-(@7khSDqi)>F`m@C(yQA@dpa4t-cm0>=58qG!&yksf<`1*~?@4tUIUojWkzdxw zN@&|9?}zfgj|X?XvKd*S+zs>nuMq&{+4%gwwEyE>#r-}Osz4`PR*_1~?%eIsb>?9R z{vfb=@K(tX-eyBJ1qh9EP%FF*lo$AYKBlY=>~BW*@y26Ee%8r39e2bv)+9h(?^ByO{PU50|Df)%RU88G*CR$7 zsnKA{vT{?yiV)0eA-0aIPg$ro;gJNInqc)H?q#lZOID_Rd;XnmHC=zrjLp3+V)hOT zB)Hz}+n=$etDl4=UQU*DdgjfHy!4vD2DM@t#KtNo0ag(mvfoi5Tf@^A0*0!qNnFnH z(HqdBhr*2rHYE(DX6@cPTq+KM;q6qfspd9AH6}vLtM?jcyPLP(8>))Sx-7bQjZ++g z<CI#<$@OazMT2?`QAAO~cz>GFTB4)%5Yc*I&P>;v^rP;h+e|t&B zn2Koh8LW(`2bh*<)_xk>+foN9FiFe&f{h@D``vb~$2!^jnpF}rJ7&u7I@x!9+c|n) zPp|CV`E&IDbbX<66@Kv*L(!cCnr||6dh6Xh%?KzIpK5AFf*fnAaqhC>z^Vn43=Zd8 zc~G<*UH!3Ao!8McrBKPkNo%iisxISW-xpi>ogaM9VrprAA|4B@t1;gR@mtD{Z%6lg z=A{;SkVJ7WfJC$oYR-nqh|C_Y!(2;xggZd$ORYi#|7wH!n)n_E`e*1A8wEQhYQaX0 z`qN6U^*^9CzsES|A{#cn9}rhNsIPDC|`60KP9gKGOOe^OqBny^gxegBOF0pWtgTv|wjH@N4tZubeVbbsGSAtKZ z3;mS^sW!tKfvOYwx3l0Falb&$o%|Fi2HQTjYOj#xUnHx0&d&WPe|4e)Fy7Si=JXAuWPQ-8&4>LB_I)*)OnIs6t)C zWSp-aCF~JBAF}}28P(ZserfmD+sS}g<=z?Ap}v+~%!=x1>u?Uh0cfX72Wx(h-mCD8 z-wHj8e-xy^MxgUX9@DI$cP*aN+HRB!C$4ZEpZlEkMBgd2LaUR>`W*R3EsoqOHr$>d zJ2WRe6fXWWL#^rluDD#&=iAP4_p8EsMpC+Z^m*t-$+T-r{*%U1#h@*~-Lb+ZR=;nh zOLr8p+BAU1Jf?m(>98gf_a*C3Kf|2cnhhV{XP3-{X`nO%l#0(R3o0@%;d8$%WH2MRNolhcb9c))gML{UUL&zlcC z;1L);5S#_enT|!yz$^$SV*I(*kiaU+9B>zOX#A(7I0kJXC{@8gse7F!XgU5*u{9ES zoc)d-w5BLoJ-EP(e;;D<0!Zh`8tQwh5>q336}+S zT#aSVIu^KB`?5|;(xCjgpm*T#Uc|DQ3}Oq|J*}Ob2`cDatD}qOaGl zjQpCUUju^4fP_>WAxWVmRu3pkx%rA>ijx5RIOPgxE02(;;KCF-{*8%^>{cw?G zcS&CvnW{c&NZTi8g=^fpA1r_UgYirML-luhIDZKK|0DH3$lv1!;oll({m=d0M;WTm z?%JQ99kGV( zb2YpRmVJZC8R|SXVhM9>8L*O&mhl+rUtj>>?B4xeZ9Zrr1E!MdWU)qCW6O9f-j}cQpNB{n%aXWCiX2{JDK?H@;`zFxAA?0ni++m6uYl4J+D$M<7~NYd@xqk^i#h@q32OE&;G zr)0p!hxFq~gcJ)>l`2b!TLaLz!#H2(WQ0;wb7u{vo#>UsUJ|Pa*Hw)KJ`wD{CkV!j zO6^4)RHzFq)EJb9?^3ow5fN(|<4rFgq&piF)WJ)?uG|r#u2TM_He702>zidb>?^%Z zIfOFo_U#frm2>`GrEF>!2A}PC1Mn}f z|J7-#`yM)iSc;d+=s{@=SZii2I&FmLz#kFFm|nOIy!mMFv+6(iNito z4y~%Kj`H({>G$)D91xWjYYk4t$uwP$w_tAGUiP%PE-n08@d8xj?0N-hdq(va|jP( z-VucxDD=y9I0jaNmN@pR9xr>>?}zceF&{UATt(lwzUtYths9wUWu-bLA!m+9(2EmM zv37={sQ8k-x%(2NtG+VS;gf&Pfqb^zXQ8y5 zo_=>1&XGy9qJruH^NQZiTi-;ISk#y@fr${`@P;JUA~3@JZf*^~`3_2&C(Kn4!65m) zidKVXl~g>fF7DTn?i}s=@hq#)^Ndd~*5*P(v$-H?1^Lg-9Eh31(w%dPk!4_t17y)f%9EZjZu%a&hUO4#+3G; z^#%?Y6Ky$aHEC?RoMO0ZIG%0Jw>{%(%XRH0RZ8KeVZV~aH zbC6egGvIjx*6>z(1jt?G!y;+0&ar%26@Yw-G+AYe8)IC5r*-Dz0_Q(lXTo@Dn+kX2 ztvM%oB`x>sD>eL-`&j?|Q4;`^Dk;B?eQeAOW(dKQm|J@n9$Y^{=`m6UsPE!0M5k0h zQn=QzKMi~lBCpew%~~tiZIj?g*e*y1NedV}grXvGjs;Vqvv{5`cc6Y6@y__j0U?+gJsOq~ie8_mU%GF` z9TS`WRG<{^8_W-op}}$L?{=b^3Pp_`E@84{%mx>*1NjHGoQ~{ z#Yv&K2`|@g9J^B2aU zB)gPWis!CH&$I=gi?Yh*^113w4^taQn4P<)Sdyk4+7C1E!+GA}K1Oy)krthEONOf| zNVV0lu(_P%Ec*QniUGv@WC%R+@{&Uf-+X|V=bEs(`oFW8oBgs~mD2FS>jYOplm$L@ z+d5H?jA#uxMObRzy6XEf3$eWT;7jh^&m#VZlHAB-rlRC-`6*7876Jn_te#pIlGj%D zLRw74w8n!WFjU& z+e2xkas&qxWtu3uca@bZ7MYm2-;It)r~WCiJh73Eq)Ep?b>2yx;!W7Z5mG&{XX{(9 z-U%`kiIBJ-1c$WTv)TmcSpIjB2Z>V81><_pDt4;Y|FZ37wrM&!T(N<=f!DzI&jfU! zvcT5IC*sCI{0X^E@1!-}7fHn$i)p|9N4YX18pX5kS1s~F#!jHt#jNFqc|0yJTy@kl z48%GXE~`#AZwM@az)I6H!d_G16a0$b&&+Dka>^xzj2PZ_W$Y93DhD`v2s{e;F{zy( zg@{d=rM)TZ(n;P1(JChOWF3K!h-fJ+{3_2Z(l=M3V!;0ifHZ&0tGuanrxml<55pmi zP``{0*y;K(m^}fq7N|n*9?dmZ3>irlL}o5o%%}bz`iEC_!+rFJ+6#%Vprngt+M>Vm zX7WG7x92#}pUK6CYeLIah3=EjdA1{TOL+!z$rRIoA#dN#-@Ti^9k>8evgWIG-_)B_ z$w`&`XHX^o-Z@j=Q@(fnaM02k`$6*!7qQ+ zZdzWA)Yn1lg;sWKzpTL8j_#Dz?uRuzn*(}ec{^bZe&s86$2vsWEtz8ZP>j8+dO+cQ ztH!lG2y#sUH4d?Vu)>$3!N2te$t5}Y-5=H`r&!9Y8#XT4s>*1o_oPHLIr;hjc{}?r z|KI=hdL#cK|FQYU`XA{(9{;g>^K*~z>kZE`ZZk~me{OhQDTw`7r6ehILt^Yfk{zR^ z>;*2J{9cMmv73@D`ICR0^eptd+CW|Mr_NH9Y{ezi(1LXIHO*77hn7P)MF^{#3J~UA z`Tp8?fQ{uVazcr$7PEqma0BbxNo!}apo!BT+{+<{w`Ki({VQ_>_1q+49&I$~~#6WR_G;EEY1Eg+_ARK$qe1z78<=B7a@*Ts+Q{Q&WQ7E*|T6l>#l z?$F^#*!_C%rlln#=btWzBWE65Qn$gAXCOG>`d`o!VBBJZl#RfWr-W)95zi&fP4P5K zqGTDhjb^l#+Bh4ACmu#JISihG>FV!UY$wcH|DnbT)>94FO!ff?BcjlDMIwh?FJRr* zN#YWpNL)_MUu#~#4dWTLX+>sMoBW_{x|%q0)OCJJJ_)7&rycJNho;t zSxbV0id+!moHBLww65K9VcF?jFHIq5oS$bBT$1ZtTTW)?btz71h+9i47x@e@8{V>hh+?zoc3S5+Z%vm_(lcd`@$F-0s#cTB7s|U7wb=o<3t~|9tiBr`_~!)5f8O0qmPnY?xZJN}{S`QOdo6 zf$x*LjiX8GzIy|Ofe zx=+Rjn~|0Nb*ER7X&%(dI3L_I$dxQaIwyBxQ|Aik9WmZEn51nwsRY#ESRuMsJZiFQ zUby%c#$!o>r%eB(&MhrO`kws1IeCZtB_07D@R#dLce(!se)+pQST6EA{H0`S#Z$7t z65aZ;eVwyMOpqgqsafqvMQde9*oaL%Nb{LD;sKuba%8tL`?K4{4)(ukz zCp@mn?LeCmcVEZ@J3@NOy^d;OWzaE=T0fiud4yf_G_QS;wzbD^SbJcr+PWdF^U#lI zQoG-Zc93RVdsLl+OZ5KnA~rgjTQOK z6=pgI4UW7kdQQPGGp>$aW7`vb&iRIxJFRTHB~V9T=E4rqYATo#2_A@@e_=hosBri4 zPzg_;Gf3`aqJ|woUF#p;1FOH~?61KTsijn-)17)D7{id72NqnFHwBh0jo16dk?j35 zoU4wB##SrMXq6B9{bFMWIN2JP3dY_%CO!LcI^8LUJNu;fC@lJc4s=g zJliK7Ie;HPc{=V0LS9j4^1QDj$TNJR;U3cmcb7g$@v?oT`_;BiWR&XqVy&g))afX5 zCv;5W8%e)J3+dxGk3OtzG+B81sl7nM=oe^F9MkkQC^E)1hCZw%H1SSjbTjDoS~{tY zTjS%bWmI$L!`nI&F|00;o@Xesp>yqOaFQL-$~hvE&^(7pPOpZ2i1hRq=JGdgj%>~R zlBf5u*c41RViY=?` zjw!j{(c1RugJ6C)o&t3&@7bovsB+Y88kyQ)R_@GHc|7|KtVGJop%jLY60%__uQpLK z^5jQw?e7YPm<`-NBv9A)qR9g$mNrG0oG0(T75?Osyn1B|D>0f|hb*$VNZCoN8WVog zP55KeDg=ug8-U4cL*NY&CHcrUP$KGitM6TW5_4He{tJUNnz&84hq~cS@=peJf$VNr z!^1f5JVMnT3LEyrKq&vk6cop+UJBIq6S%82%?+%Y=bnO{0b(`@tg>~n@wb*^>H$1D z>k^PAV!P>dBv~-^$QX*SJG*|ZJ4Y+SUJVdXW7P)05jZN7b*Im6x6XPK;lB6WdM!TA zdDdlQ8xgA)w#rSy6LOzNqmHh&a3ps0+L!|ZEyBNb^TS1b0XQXYSGpb`$C~8hxMOsF zb8X)5Wh7>PW&oQcjeVEAwqTj6F9Ij){LbgeX$hWLi0ApR{{1;DyKKy#E zE&}ip%J^cb5I6;=wGvb^Nb9Nc2+9^@Hz4*_T+JW;4cIFYn@yE-wL61C6MRuAQOdJa z>t1J)uV%DN)?6{DhjK;>K7+|Y;+vdr(%;l6b_dJF2k!1O-`&f`q-?)wfSpfdwE$^jvr35)L)8Gubxtnm zhGiGjR}A%qw-UfSGrb*$Z|25PdT4kM3q1V;wms z;Jax{pOi_sypuI8X`)yOz4!1^avx{}9~oA%O^gbW5?ZOXC=b?fnu_c*d%HA$!oMW? zE^u;1O!;l>EB8^P{+57y!n^rV12}9ipy^h((QkODcFUcuK?2n3IaNY zu(?xGl_kqnw%hxLm$I>o!Nb?YUch^TqQ6F%L;VG~@BNJw5}I2|djn~cg@k!e>)N2cxTJk&bhPHm%)aBI*Olxl{zU~9VN!nW}C zl58)bzWx!z>MOz=+lHSO+zE_qKV6;r<{IIvhSL$eYb$026&(94m{yGHn%NjfY18gj zP7baT=^#u%DckG&ndmJ!zq!T{&&hY*! z?x;Qm)IObkv3e-fJTz{Sxc61)PCZ#X*x?0%iM<*8w!5ES1{-6 z79Q#^O@N6>pdeBE`NBICRkSGh`Jtjl!2(7>s=fk8gT;)36pvo)sQrA!!bj~Vk|U#D zla2)P_A{8~jK%82mX+=1R*8VFXuf93_$+unls4XeV&!5?I=OQ?V^Yh5{Lx80ADL#} zej@D7-bCWl&x3SHH$gon6+MFH*ktwg6Uz$tc$3)M&jAVTQFKWQ`x>4c87JLIRMLC< zIVb@>a-v$EMkd2YQtYM7M<&L1Mm26ZLkaWkXLRy>GJ+DRuD~$zgFGK>Ng4XZX0&`MYmLRBmVwGeX;qpHU$Fzx{k! z)i}OHKyV1Qguv)>0pZED%Lzo44hWKTmKN}o5s0whqRI@!D?vxqa!rpMS1I}Sq34fqwH$h|*y5p^hRC)+fBMVg<~fwIRo3duNBTJAr;9nfCA z2KoP8-3b>;V{Q=N{%9JD`hyL5l2s|9zknTJesl;~RXvZLi6_CaC^u*#BUR_n_nK2%jx#KDYulmz znxd>UQ5DS&3bHm#!vGkxro&K_f3aX|LJOL3IS^(m8z-B&e40*E z-VtmgyAcO2%tYik_jvBSFemxK{#1|Lbxgf;fc&JouU4M~;LcH8O8yH2WyPIVLkzz+ z<7(CM*K+pc7RcNwS}K-$TYE?FXtyiPPz(KLAb5r|Nm2&?8PbjyqEaAp;f^e}Nhn4d zsX}K|s+&?Q*gX%2u6kWUr6QQA50UK!?nlExVddE-oTgN$%;RG?y@# zXHBp(Euw0o5uRg$s5Fr?b7!Jn4}R&dyg(Z!C>4A!|`)bOf|m}AMP^!L~wnBw<2|2vkv;j+~&o9h2ws#CI|$(rXejtG!u z5+HPXv5bERe2Xi-ts9r8sk%JR`)ssqPSS5U?VVLCcC|fbd*XKHk*hyiPL`P|xut6&l(o z^WLw^6>BQvt*;yXw#y6wQqGlsS##=;oHZpfRu1>#>{bI??%{?=A<`4s{(WSRsa}$1 zAyO2P_cbjrvz4OB+5qP8UjXYhw2j)3QMMDOO4ddqs*)EOBY&!0YNu?uWQqE3q>|QT zf%k`(ymoB;$^N(h*55$Cl7!!jDBy4fFWT$RjvuClG@zz7_@Xh*#=#;eb+KOz&9V*& zImiCCt&KDw3FE1A(4-|JpTwQ%NPS9fz{}A51^j)V#MKi^Dpx{WfV-U$w=Np1iLl|k zIuW*p6$3@1l`w1QSgi-PYf2WIs2)TjPD5^R8@Ir4$bU7C6tP+G90ykC!8PBsPEsdQ zO1}g{I%Hw}fxd1x@DY`*Ywxa0q78-cS`oRczgINt=1`kIc_T@^Lb;DTOA}gRa-2z_ zv0d>IF`odu6vc;Ufnn#RaShQ@@dVl|nU1fH7*r_ps%FSL?6nlJ3HSTI*}rHCR&tSo zQEyBNCzsd9;kC(KGu$bbR;JX4wu5kSCr8z3+oo;ko0ep*PvxBad1pa50LVeyse>dG zKkX)oBE{A*Uy71#SxH`}0uZch%M;b>Ol6<{o0S5XEN3gK__mHiShHPOShFN=$!j1+ z_-4aWP8G{`u5uX0(~Mr_;g3JR@{y;^%|MBpjxa=}Z%-1|*P#pIu_t{f zP1$7=768U?faQ>Kn(s(eBw~Y}r;KS$5mHeXC8G~Rvwx&L$uo7xojTX1D6O+Df4W1oY42fZk zoS5vvb~!(bD=5T(FU4=q&_{WdQK@+H=S(CIdd4xg)yesfcfH?rW|))nAMeN|mk*(A z7u%JzZ68wdfF-3*P9#|i=$Hw1Z`7Ez|^fX7vdAC>c(5p{EL2U&CRm zuz!6i@4e2X?jpBh-Zq%tiqpZm?L`DFM)hT)Pw3PZkaM#bK8LjWKVo1zpOE&~xv@NB>laEDAI zJWgN=DNhN8UM&-SitLZsyWNh*Fw_ADh-!?C#+m2 zXDQpB$&|i3g`wGcMyfpz4^1k`t9P&F+MaQ<652kspYr>1U%h=rUW*b& zqm9>$(JixSpIFNhbnrKG_s;sdrZ-Q>79kk;NI&OUY*VijtDn45WyN0UU0RAVK{*WJ z(lrBw#b;lEInqp(=jJ~As5cw79Z5Tx!$Xxz@(L>Wzxskwo&?L}i*_4$VWB64!|=Q}fuH(zCeo>6|)uAaxjbo$NdFICC3>JihV z&%V2_z39J_OR6X;F(z@%wes~{sL#a$@@h?aH@9X+qEvB?4inR*i*_-Zr-yo9{;J=yIbqw&$#&KjC|?rr=Y7 zE!&N|@NP}Dz#*F|QxHdjjnzBtyS@un)}`C1DcVRb8HRPz_ZH?|(`x^~r)OAFA0hoO zeUDO$U^Zad;=wVm8b+`+q`0I>yR;WpKK_g7EePsGUv z;V@z%AWez4Z11y`z-Dz_FW5mJa^4bFtd}t{ybD&Wzq{)?@burvcXzd3*qkFz_A3lm zqOozL571t4%(dUt;z{BC?Dn)<+8yv!p%zH(*XMV~^WH zZ?^g^F7(;$)%oSetNAAV&00Lpl$ceL&A4*kM_;BrE~EsmV;AwWb?lSxC3=j(HKVzJ zrKA)>osyCoSH4qh5Mwedt1QD6S0!VoZGVU->HqlmbZc6%V%X2|S9D^%ovYx-dQpEx8!{wpAy(nt)94(&OJR`)q7cS~+ zUFMbRr9Gr2O@+ix5PB_6<9w1d-SGUIIEoy-)PHmDh7@^4V;ykv9>QB@zQqabb9b79}zyL{_EgYU_JK?_k-nHyCN z*moTGftRIGp2mc-8X>X~DI*JBw*l9RfURc?cczC67Bzl(-UULo`jor{-Q(?l{?Grp zfwB8;U_svg@ehBPlS|V?hqJm@Vr|~hk^#P%0y^8@NY5;=xf2XN72AqpbzZ$`8BY}U z(85D*nlyTeQv3ZHe*$ZHN;3Yy$WlUe-loP2!rwd;6Pg3)90t(rie&1G02l&Jq5UMM zPG3uC!27^P zAz}*#MATOt#H=e}8SrQo!8d`@MZK{Et{7|}!!s7HR=A0{S+19RCEJ5kTfE%5Kli%p zb}ow`N&jUscx8kqAG}if7e|n2#KnS7-1UM_%q4@5KQ4ezkFRUVfJc1U+`5n@SVYz6 z$HRfGLrw1nniIN^BC8aVZvN4TohVL%LD|}IAaQCkEl~u*KCY6XUuu~TAGHL%x4hvD zW*7_^1+vV;A)^u9)4w4*@yIq}#J>9SUy3xv6_S!yoh}ozb{v&J$j$hBV>q4 z9%F*tU6a=rb*hH#w|bo`RxWA6-n30KKW@loN~~#~W;PFmuqV@TPJbyaIV4t|w_Eo( zGAkntHlP-Z-@s1~w7hK%45onN_v^8>tvS~W0QU!ork$ut<6yVlR1#5Y6D-twf=W`d zmDW{DtObZ=1}puCXJOKggzIZz?~EJP=cly}+NDvF#g?a5(Z`0WTbof@P$}y^McxIH zBH>_Aw{{GbaZoo>rdYY*IqP8e;~du5rPNdVH)5f4k+Pd=k#V`c8|jVwH1JbIKlEaZ z=%Mu41pB_r|DV09dv4pt_V@Yz6`1tF$xLLodpn&@W~Vcbo%DJ(O}(+(KJGvyY+*wY zDnZ)O{p;@l2VbN};6Re?cq_cbk;o%_iy|h=A9P-55%^5T`%he6DhpUN|?h8KPdiUtSQePLXIxuPWk(s$*7QtFb8VTLX3U(|b&mY42 z{DlvXVj@dXbdFC&kDqr}rf~3+b1WI7tLwLoPFITi`kprB>E%S~KwstYPlsBZ6{306 z0L#vV(#90KfffE>Z|`@}!QTE1?Ct8=K4DI8Ef_mi)S#4S=nPgM?1;md_&_0xAAZ8j zZa->)f@hX*5>6j$Fx7IR+UrPLg8<$ujqL$mgTOJd5(tI}eY|QOYe0Z{4eU1ZHQd=W z(2i0-R)_Pj-Z5g}0C=Km)J-e6M=rGHwC#g-fE;f|fyIGi#QT zh@02FoS7GQ-$m2aZONklxUtpDZu(`XPUbOHq1v|g=T64L>pV<2Iyf->+Pcm`*qR$148^$Q@7f&(8VIXXH% zK031A1T%5F_Gb1YVRa!&m{jR%-tb1Y`r!8WM(fT=yNsMERW(3g1N^>7yTPp@_rh$ib;$x8cxHBq= zZb`|TZR7WstmNGiYaRI`$S-nKK# zRpDOEu$b8mrivxj#LmB3d|55jPN&!+(O6Ad$lG2JktTV~RQ zxH^$uYQa+&@T$Dy+8CvuQ#w(|@1QPYuG{t2sphyb@%Oo|6+KI~x27VVE?Zyf+ zr|R5VRoyM0uv$M_Y@3hUQJOkJp-hD^{Dpz!u1BNFNXb^LE;UrRpJ}nRryIXh4;w4^ zQwDehd)&J(Z9~XMcn~7%<601r5R;mz?Z2v~Mzm&;EXx zXB9=^#)tBS0ejICQ9UI`!i=Det|f;w?yoYg@8M#uZYoiHMj?s3hbIR&W%J<>N<`g( zCz?BcGd61|IBs-Eff27Je7^PAjfJ|)fop#8x8Kkx0qW5~n?0#d2Uyzv z9uRBuO)!a!qzAJF-4@IfNg^StkA6OT*MF(M0DeAu_a8yDaa%ACd0uk)`M|RA7hu`g z81?6FLpxAxe8m(SkF-aTy&5`KWri+bc_cz3#pQWO9-$75V+~&#-_LrWI~EXMzx#Nd z_yG7`Jsj!O{WH=-8>n3ySK`O-s9k`~VU}&B)bREbTTPq{162kd9oPvCIlbgMjsU1$ z9cSz0u!EKGn4G`6{PgbZ^!nZT8)D`2P%%9w*TS0>CvOFwPff=|`g*-K+a|5OFII!1 z(3)J-yme7aF~zH>MD2+ESHf5{Z+ZI~)GUL#zF_^|m=wv#CB#y=YERsp5f=^{kAP*% z08fIC{LrU}4@tB!h8Eu>vWPtLiMBZ$9UocMsB*Y9Ht^N`oLaLnr3sdDe^wn6@~fpd zeXX>c0XR-1(Z<%)d%8#D+jCoX^RS}vP#-Pjj@5}{7_|x7iXg}Eldt)2pFZsN)3C0P zKYS*ZOWu+Nl?#{F=c5tas@}dvseR6O)mD2QB#fhQqeah+*kR8#4EcS(u0lt-$0t$<6Xvtd2tC+&)d$1KNQHk3;Jm-;4_y!`Y zXLP1|cQ^eXk0x&e#8pT5HaSgL$7SbSyq=`NdsV=Oy%1MX=N@`rpCmqic*U9}muf2+ z)yyJdA8{V-qOQ5sH>J)^g_$NcIJFB+rzUL@jp-@e+ul|Uo3SrkYFmZQT@Z~wy{9~G z0fUA$L0N+pyj!h@5lde4nGkBtfxz%vRcing)!E2kAfUIp(xNfu_Ep30c*Uk^mf8ic zZv*mRO?Avn8W!7VgId3`4I<@z-loGbL=n<<6G}RgFlj@oYBJ_LP_ZR(fe! zy&``w^Xp1IS1Z0~$^Am;8+9j5yHex01X@R0m-gKg^}bRI;jrsT(OLhJc+cV1I&Ai? zYfZ;aSqo;MgR)4(YU@l_xn5Sh{;Ub&&1RbFj~Q$p11jIGv+((=WT}Z z^m@I5s0X(dm_U$l%YE@857GLOTb#TYZ@H6li9?7wy0|*Kx)>07!Dl_QzTFQeTDqNC zKMo5tW!9fM5OtGx*DQ+#U7dFA;+)Gu+%fc}#=?df(>md{6F~|&``^<`EQbgtoWR!e ziph){(0DD4jJ?%Mo%aE_TNnqt(vQ}`svNz12@V~E*;w>=|&`a=sL|~ zu$#ey5dJ52?=hx3=;wcSw1S@cxU2oC-^<9#*wMDV`_WkdI?41Y2v4*Pt)=R6Eb!Bj zae5t*mu<01qCV{@BpxbjdiaA2g`fWQJ$i`re8d`JdKJCYuaXa3wh(~{vNTba4vda@ z@@jH%sbM)+|Dt8tyn*w~f{`@(_9h$|9)dmTWxHPSLSNOc&n~qLNq+nR&=daWZ$Eq+ z8O+CuRL`_`Jfgp8Cq*GQHc~4pSDt6htW}s*YPj5yht-S zh@Tz7JczV68iT+4aawN2dZ`BVUNrcm^vm80g9rul-7sftO2z+LR>_riw+2la^QPFf z6B**MMTJ^A5t$>43YJcK$;3{){Vk@o{xlh0(@{oOonF8peI{PscJ z5=w<)Jt-ZoW3WW*34l+2BN`1`#UXv!LvorF<=2LMVo6t%V3TS~2%*ilT>kk8{lBDO z`9tu1)D{qdU`4UrSU0_@vhQCJ31 zc7i-;{YxhidfH$Mcz#=2iTXB;<}1Qr2UfaRg7qqDEXShGCg`vy8W%z?c!mzoi>>pe zqv>|8mPs`7JOth3AdR*M!E}reNkTT{H0Lo&;y5pI7*#T0KSoK7GbDrb5gufe>^8-f zJi>^K5{zL@cHGD)iCO%~=*DL;DdVP9z_y&^R7Odh;9Z_#S4PRiaG8>vC7R93jFL%E z+|9n^>^@Kse9pe?$n5M(77#TQ4AH|xP2-dgXqhA+hlrCuWQd%giI|{)$PgSMj0g!K zvLx<@I>Hw;iA09XJo2Pr$sv~T1y3>I3x;gM7d-cL&UAJx)d?2r44I>R)t~N%2;PPbQKMd_nW!gpbD}n|w(J*+BW4Lv5hs2Hc>8rh{^zWX-BH zSGF(Ntl6k$Ic9APfA+AIam!TyS;U-8GBE~^rf+tEG<~;Aw#q9oPk*=DWYycCy+aKz z@+8<+y-jiPA@|||8e*K44|}d6xch>qvlV76pPw&yX1^>|6gU7A9Df-ScVPqcCBH*S zHbbB zVjwkt+s)-+^d+B>F=r_$eF@Lam?62(;+SS>%+Zgw`hmdaHI7i91fk`*$uOUzn`^FwCJ#IZ^GvSl~sFiiTgU#`g=8?lXMiDaT2)+|G@ z%r#g(y%`cM7y@_pU?wtr2gdvV^;m!&(YtRlIujU+zT~*}@z#ffYyV+f`&Wjm)_Wv`1KEd{aD$nU*D+b;M7M?zOTfmZ&3OBw|gz>g87T!ZA4|4J-JH zGoZnz@HtEeOYebH^d+lq3^76-5Nic@6SMW(>Z0VDO+{A=)B#~p`Yq#F!~ShF4qWS@ z<<~(?LZcUSEru6tqmp#R4PwE*cL?@n#Tz}XuUH}K7!R^9y~*=#D8bGmV_!yIW6Q2_ zyvKL6;w5j_&UJ1m?kKD?)6pogr_zryp{rFRXt7{2XgBD3iF)CZ~-M3`P z>rSZ#h<5|k{D<$+%MGiPW7YA^zz4IcRsec#v~shnq_S><-`9i(13#oWio%hrTe0W8 z2CLnov{mG}k9sVn#HLb6je}$K+e8Ka?8JQCVsgs=2~YNu$?b>Z;87C|?s0i|?5NSF z)7r01i$9JjxT?F@IqxuH(g9kHT8!w%kOC$c#N^J|V`;SemA54n* zdRM}(G)EOIjft-#cnpcNu9;(S5{^E-J@4;IpJ*v0d0UC%GdXAa9uS^)6Fo76P~4Hb zs+pI&a|;~s@ShPLelw4C!1F-EU(#DVor=1#>!qe&voNh&E|G5*;(peOStr?yM*?3E zt@zB=>RW6({sE8ou1l@ZjtBj@I`KcfJy*vJ2HlNIa>Cl;q+qMXiK)t0(Jf0+^Hwxy z2E0>Jh^jKE8sdhWvDLx}dH5DR7DD<;2rPnhFy+--X2u5t-^_D2n8%(3&y0Zh0lH_u z!16~|_62Z*6W~v|RE!6V~-{x346ez0yM_zOx6{HWv|D(28CBinxqi!IS;_i2X1? zHr)!#@gHuolUkHhw&}kv+G#MC0nBligYuTP?4F`o#%)vjnBs2ePcJXX&meI(kkv-C zppl)6CFN))r2rf{tk$IyM?juBg%bA+z#Z$P2ov31u3g{HJw*6 zcUphrujs9sbWFc>QgW&OC0AD;v?0B#t!A4DZ8qDU%jSV)yW4t#eJ2Bn^r9|Rb(!qN zCmA^avg$(2btFgJUvs_S#plbwUM?E-Ssi@TJC26m?XqE-N?+oyt=GYhe`T7iUMEya zQE=}dNdTt$!=luO#cs{eC;gV^mmN4uj4gvxDSinx{jgKjVWMO(HC*?&8LaLH7JX;8 zHx|J3rf#({Lx;0Dh>oMdIGP{O_HVSLiErJxH}(Cr&Y053BS}D}Y^%BXd||F$%)*t<;v3Izi^z=R?#1)+ zVlqcE_K?|liMx{zbl6u8URLH^m{pgkX*}OO+jP%~*WQ!JkUl@yA}4?`|qOtfq&11uRy zyO;1-OqNl8Zjn1(qPu)Nr3i1#%i-w@ZB*v!VHI2mF!G>D`3tHS(59R+3+6O>g1u`||4Y?Juv?5GKqU7w2PMMk^o0f7~rU zWzfcqV{mV++%dz(9$0a-^UVa`A&K%};odFF2P8-KRnFh8re)8@VfP}^#;pybFUXd* zU2nJPE1bWmHQq4DR-bG9gwniZ5B}=~t%dy5RjeUJ)ybAMa4*proBcWPQK*Z4QFWy@ z$+Ox59O$fqMlAbC4X;60a$f{L)f4-x-h@P>wSB<47}bhzdAsQ5$Awr13i64G-DuY* z^GeK5mQ*!CsmpD{=Uporc~Y`FR-H(GJEKjp;4LfKu3;y1#b<@6@6>b?wLD&y->5BW zM(c70ofK-jQ@cC8qr6f&<|n2$LAtT|_f3MLr4^~W<(xIzdv4z*D^W_g9zss0%iUk{ zT8+orU`uR*6t}dwWg*vVIHo0ARbssy@w&u}q|-*x6;_dWYIPkIkh^lDMh zTGlLitxp3zgt5`sXrUh+^0Hkp-WaM7vZQTc46hnES2VBoGk#sY+k_3?->JQOYR#%t zJ-<~;_BnX^;9Af-u+NlCs>8t2Y3N(gKH58W%FH%5px(EzUV9%kW6zDui~jfho{pbP z!-~#y7yS3=^QM#Dkh|~v|MW=C3^KX?0`RL?`G&Mj2j{8LlFTRnbts2&D2H+=Pg4Fr P00960KcKQ`0B#Nd+Y!QG literal 0 HcmV?d00001 diff --git a/released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.201.tgz b/released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.201.tgz new file mode 100644 index 0000000000000000000000000000000000000000..d44bd338eb9e255db43781e0c672a3c7e1ee632f GIT binary patch literal 113735 zcmaI7b8s)g7PcGP*wKz{+qP}nc7CyKbH~Y!jUC&zZ5v!7zn?KAfIi}(kdhB8GA*5m-P%oxqmqoyE{Gl4(mL zB;>dL)+#i>Pc;BM-<-X?yxun1w|l;Gb93#!uTNWQ{=KIy>wllO==*+Nvg@C2>jT~| z*}vcDPac4bpZSVaG(N^plZMyyHuy(^u=Zi7$1;5GK?=aAvu_V+dZkQF#9k$Zf(v1# z=GaH(q>inrGfRTI1jVJ256bS*L!F6Wv*X!EK2}J$+7coUa<-upk!eO%0Q#~f|;kLMVa2@&}rfdGA`a)(sOKWboIU7Tqay`qr$t5G{hR?6}0P#B_Os68uD zO*psPX4@0pT)v-s%GXCX!_HsJ9Mlm!NT4U&-#-t(xb*sc_3&_h`vHhPhINtq)jEO3 zq)o+^hiF(T0gcu|>;d+eWVDvRA_jc$K3d`rM<%L@ z0i|Rlh4OD(56XBV&jdr!gNwl^)1hOIh7WO5k#7v4P|}st&3MujDVweQq9P1>i`cZA zR08lcuh^`!mE4Uq=ftuLa3L6aR`&F+ul|b;Ku^OfBi{6Djoa}-8u};<(SZ#5dwt;6 zJ>X6D{R80o_I7SReE-duOFt9SwW$B`d99qB2yP07o6+zrZH2H+-%<}V&JQC<; zE`r)fCQe;3+>Xnu`KZB6tpZ}d=slepF@XB!a=yP7I6lPvyr#bacdyEa{<-(xm*?}g zuiyIrUXLCP+qbC^@Ms~Q?CJ&jq*<4+h7x$^uAeBN;w)%G#_ZrviiGA@TQ0+DL6j)550*X z3U3)Vs2PZ?%tggXjk23+e%?$pM^)w}*#?uUv-`22&9hGQOsB*2;MrAvJ*TNVu_A zB!YPWj!CHByDa?>6X3;7ZQSvsWqa%5Lvy#dU)gxzoN4^8A?kMi_#nFaa-c+?%6?by zF{jyS){wli3sY$oA?XrerhT*IaolD0E3xc=WYXLhIgwsB@kUoS&L1sPg) zWWYND#^mX{MfaN*S57wvkT@gcgRwK3;8_4a)wo6U8{!xfMbVk9zb#baJ!=LXML*VO zN_c{&kKY9Gz!UB3cT)Z5((AkUM!WpfGk+5rH{Uy7*PDLS!ZS|M^7nmB>H1S%jXr?& z41mACdY6UCd0A}?qBy4&6gDtojj(}$?;G?5>oK+c%_pi)R*V!}z8;JL*7XXQfurGl z%oC-0oTfM5o{t_`Ma0S@c3BAayxac5@#pngd{Z%KCOH`gsayo}eT{-J>Sf*b%C~A_ zjd+_LftN}K4*r5=98>B;dmGZ#&_Z*YsVX>gZq$6t1uzbe-md}l0QZ-FKaU?zzCS7C z??3w0_LZtz^Zx}_uylL}Wh?4gJJ>fUQ4!gBh#7eXsdBufG@h9%nrUgx60v>?-qia~ z@8lgQBA1v`UoP}Ol6X?07;Q^Qm3v(Ifd#RFH(i4ZSrZ-I!M|+}55+q22o6gZK76BT zDKCB-2KVlNHx!K{^iSncNK)n|W`OQP9?zJ4_q zn~Tv>9VxAdxrNMC--Z_4D;x#E9F+1^hXHs#zK`}UJ~jtww966VY!9)crlIL^Li!7gy;_G^k^XX#^d~=G zb}n=v4GMU1Hy-?VFZE#^fxtZl)TPtg5FLJ+Si9=WNq(PbMv2TIM4FmC)t%`JIz}BZ zeQhE4r_b{iqK;{ts{Bt^>{OGQ9B6h4gK)Mk>=+udy{FpIL}bJF{nKYk-TUMNBr`Wg zx-0eAt(|E6C-EMv%Tju8)LQs+!EGC~MY5E9l{1YX!IGjIVk(LxxMYGiY#mb`Y8`K@ zO|;)Um__I^HJh?c%(a_!bI>V7YXhmJfK<%3tEI@UUAA_{j7>XXIOZ1tFxj@Yb+^L`%{0t3YXI*61;TI=BUwMA=V<=gYsyijR|r}Mvd3uCzQ+&hI+n$M zDfe16f`DbGGi-AfaGmti`@q_U^KnG|Z8GXab-j`$K2~*uZzggS!=*22qsG7ta78Fz z6?9Tseic_ZoYdVVgJCbWR1jH$1Y|TC)kHMO^zssY$y2;VZ^;5jOaWpQ`E}i2MsL<=QwqjMxIAUi0#_oC}k4edjTJMn34W+f%|6QvK zAhRB@7Ex>_=(E`ny7^6jlKLx~3H)1vY0a%42$=<9H|i1)jnN}VW7W? z+qQoWH7^9_G~acD8>0CoL^6gN$PA-N6nn5L*tzX8kBT^`ppb{MD><|r5{RSKT-wIi zplTQ=Z+M8;KWdDyA`iHopOB>PE%yz9okqyQ{l~!-kWI8@{83x&)3C`Us z8Q(R70NPAC-(L3;NQ&3m-8!9@og#9`ZM;)g4Ii#L_)nnwWeb*Dq*<|O#f zjEuRMdj#NPrIMY?t#r=yAGBCJe5pVx$t|GOl*;32oOvT4h0>@=$-}2c;F|MxOcpWe z$VFa}BO4~_TFGb={-vnI>*#Zwn7VSW;u!CJbqkYz8FDpS28K(S)sRu_dMZ-IICqu2 zisd;5T*6a&w80q%o46Iq1qVz*XbLftHj9WuNQ%p$B$!@>NWe1z0XWr0$6#cjF#<;d zgP>PG4h!|h0f;C;5Kl_o^)&XP{;O@g1A#sEwwWhfog>p<8}nvca0#6XSrEmnPa4Px z>eK_8M|g=qp_D!9@dY|46_nFY+HKCii7l8kyWHeoZUDLg=p z*xT=N_>eYov9-a$TWdot1=x~Ii4>Dz5hLVK(xa#qq7_!(K?JkE%CT79G0^@|eA=Me zZNGC%FJz|kSzZ>iVTsX;{F!e3`qI!626(uZ4WtTh(_ukuCC33Wam@+8-gn>PdH$oka^mGi=eRH}mb0qR{nqNKFuWsmH~pMRN<%@@A6iAbl4dVm(ttR>oky$wT+PYFVZ$y2 zSn*TvZp2j!?jf4+W}xc@A&IRrRSr}@duhy?fIE4!%y2T6A&ux>R^X8mtROmiP!VksQV>Vgt0T6nujkoHiPws`5Rlf0i)DP6uaaFRj)LZZ2lpWpdCN9{?4fL@HA&n-PEEe(< z$kA58=;1}!*;g^8fs7^{>$MEgsg>(X3ocOwp<0q=qWCP<=|>t$AZ!(e&)H8~vw{kU=5Q2{gxQ^_LhMf18_~8Z+X& zY?hhN>bR%NhQ;I@7mRnY9#<6OE`7y#oA(cA&G^Q!1AYeFEmv^~(=_J4%?|SzHZDE> zgxMD2Uqs${U19ARkc%9pn`vF$BHx<$E} znrvj$)2cWu4Yf8ckdjya>5b;UT@Zs-cY`Jn5m9lA+`L$rGfb2Q@>c8LLOnc^Y`3fC;REEF zUo0CQyk>D8>DosL;ESH)ZcI>&w%k$6eoRm$ z)9JI#1#l2;*7mD)MZe85-6ER^jgT~y2lwKKpjb8t0-lP;3qqk;W;g;MFezpfh{3U~ z$^?RzVTlIfw9#LM<2DTp;;ex-lFL)!%z`grTUl|MVK;7Fcl>Txyy)!vip?4)<>DgGCZ2@L=j1XP zYgAxVS<&brM*8ZIYCD7caY^xH;2ser4A#pV?W9PruF4d~1$2%`{T`_tea=6qfs+H~ z+CdFjkfyr!qGYVsbyqnTL)t_%D{wFkZH9u&dA?d#b?o875x1Yu{Cheo8Q$PsI=Z#J zcwgJPfHsGPyvdVMls>2Ae7Wm93^u&b#&-%WM~%ViQ{6ha?qV^7wS}?=i=DbdS5}dc z{KZgI#JX5zEm37B0EyJtOJ}M|lOE=e8FNW}B5M+69ljcTJ)lcEp&)hyi=kj6B_`uw z0*~l3s$l?FPXaqiQ>)rBlx_!!g__`FH)beq`7SM`B`?88~xtd1$u-+8aN zn}%5y;cd)GhxWjEvkefVY9^ZW^qw?OZgCdv!?+a8x8Z|_EX~m4as{`~i-c&%7Pl8Z zOHLarERr>v*Du01!-H3pS|qo~V}i||>3}%m(cqzsbEWN9CD~by`0QCyII-I?bmd_` zMxgA0)-g44)hvOM&H176Vdm8h5%VX%}d1Ns5_S*Qvdz*Ra-%sB7;~n#x@4q4L zkL3SGG3L>LYt6C$b^oi`x*a2r0N7&{{8TuAoo#gaO%0GbF^;kyAbY(_FGJ4CZ&A^q zui3lUhz}q|`yiu_a8*z9G<@+`i4LA)f}fLs@QHVaC0-a&{Gx+@!bxVazPN-NW0DU{ zXnwK2YaU|~pJSK*32O2fQMx~)|8w1E2a9+&j~r#|y_7TcfN5B|p7(tz;5BJ!t=z9V z(us~#l672CGT|29W*n@{KMjVm6BYAX)U~~Nfm$C# zZsXG45Dk@L9GWJgG0@tK=oHcbS5?+&;$W72+Wb0;uw$L8mGh60yjGE|HybG>dj}#L zHOT)r#@#{OB0&BT`INGe(|k^Th%^fCSh9=h{_a_)w8;C$!p3J&t?)28PjbNQrU?Xv>mOJ)g4 zP648Z0?%|~v~`D&^uyseqB;9Not&M)xloM14yt4kZ{M zk-TEo+^LWjffdelasr7{_Q`x{@4EBO$iKNsMsm)2Y&ZZJ}>3wlt zDl>Pcfw0FFgA|9wfI@vgPQm0(L4CHK$(fLl8G%2yiwUgA48fx5(|05zC{ZlLC_WO1 z)F7Lp(PYN#5h`K`LyK@-u9)}Lc)!h0;kx#BWVLSCEs9kLx3jZ1)MZ?L3cF*do`toY zY2-)w^2${=jgBgE(Ln679=XP;a&@G0mQAPR`Wm+uk(DhJS$pL=2{h}b&SmmG*XY50 zi4i%%6A>L{2B+Dr8mPSP|)ZN(uU48&h*JW=sULiwVUC zfhYW#ucDKC$~Q!dZ^efO@N3{0zDT^4Tu^KP8n1&p!pZdq1xj-)M<~D6X}e%LdiO3} za!Q%{e9QI5MWNqIg?2-S!8u~Fk9gP}-Od=yj9B4H z&NEzB!>`v`*7r;LwBw&gN!!-f+X!Y^rQrSL@^wP`8*w+ZS9Bq}9?3-3Q&XFweRR6W zh$T-eoked9KJlj{ITvG>M2Rfs$|G!7w?!~fV6)1!Loi`(ICZp|CmLqHk@_bSdwq7c zDoZ$%Jh$o}22VQ08quY85|XXTxLqV?^VUu6YgzA0RjXm4OjW1hh9)pn-QTOR;5&@^ zHo_=A92@UC1C54my`ly6qbRh*{FV%#)?}*CHtgHF7VORinFU* zRnnG`4JOaQ<>_n4s{x}s=)n;6y>Gt}$N=xU4Ta*dyZi;!pR5RISr&XMg^+?NL~tbN zP=<$55q!{(gB^ajDc39~JM9d>xej!IkKb%!Sxa)!MFUYzf6Ii^Tvk2+zW7Y$tXj*j~in4BT0BE%*$$hn$l#H zDC@*Z%1@96R#>OUc<72My7Oea2%DFLYIs`F;^$aX9P1)+g@BrNi#kVS)q4w3(+V>@V8R+laH{Aoy^z13ZjP(1a+|eM!S$`!^ z2T+QkUAUvyr-$b}D_S8nq`N$1qr!3A4Hk0z_PIDFG-gr+Hm%Qzh z%TA;azFnkL2CRJ>GW!gnu&+UHyknmIq}57+wyg-wKAW~JsXyoM%8AP+%)w7IRpPP(R61v^gepcD?aOgyMt$fbA*qrH5;T^}mYM+y+)tci39` z$Q&`v#QUO!TuZ{`E@AOAv|&_l+)@WLBfrVIh^VJcN)s z`4xy3T&$|)v`uQR>1x|mlM^21iiXYUbOPLYnP@UR|2*ydb^!sXFM1YPjdT+gbf@`z z=|t85TVPLjJJXm%_1_~-=xA>RO<~O{1K}v}sTIJ|Oq$q=9tpNO@-u`sYVMsYDE5^d z3M`?Wg)aHC8bNj$y^r=q;gO2Gn`I?-4b2s%;gFTpujEo$JNL&&I(a&BOSps~?LRQW zQw%kZZF37R+)P|F!?esl&g_IY=-w}tcPA!0pSqsRD3A_AT}KzkaA+7cYs%uDvk>-y zj9IlET`w^IbYcuOW|m9?QHA3OQN>NlTAr+g9w^aF@@U(ekgo_f(I%1RNF$vQ?!;OFF!&%hBhOPe5UeU|b^7 zA~#9J8hjOEHze>3YViW}x2&+g)3s%aO-CQiWVisV40EMtBMY{uh@7T;7o71p#GyE~ zykuX<Txx-RxJ^e|-6dgL zj|fc044s3z5ep&J;4nnsd*S%ALEC!-)HvT;i4@m7>oFHE1lbhZ)k+JlGX79O5gy`6-?BdBQ3^**#z5hMkAe(|s5+Nk+ zRZHw!!HV}K<8YRyoE68X1cqNvM`Sf+KtWAgyvM1P5!Yf=b-6WkLncc|rz{f>5}ORsz}u*C&c=Fl#p+) zaC?+D!+PiSW4Umum&)Yqy(k4FUVj0=CbZnU}L8%8NR*`4X?Du9> z1im@z8KJE}SoeFa&*?G?$7PB6yMobYR29Uf0|zKdY0^Pj`76j#&0%-@nn`hZMcAK; zrDF5ZYJ1)VW4pIEJZwfUAV3eMqE}4VEx=?6tZFfwk90!-9n4&XDidg7O{8!)jJAK8 z>Jj&!`_O?OFvArC8(7a5P~C5ZltbmpKH^HS=&l2dw2;{tq5GV0PIW}-vrbd>SFkrRVv8t{x0)}-HRED;f? z3sHm4RD@=l+`7kuWXpFb9$Rwl>PugS&0>lM<=s^Ol7> zCDKka6t|=GP*W)F@^PoI)a#Ma!H+UOG!0m1AgdstFs*c93Z$5t&Ues9V#j)`cU>{# zM~f;1-l94$7PYvcvnlico@O;Rzb`GS@M0E=>e}~Tf6LMp)p32i{x<_$_LIB++y*`V z9kW;v$Ioo+It@E@=3Q;NkuGszU0XLhkQw$`h`wm;KY4cMog1Q7g)h#g>E4-BCRp(V|D^O7hIbg8Ln^Yxpg#~(h2a$*RBpa9#d#<;<>eR zXscGm*sX&sgR-shEjM;Q_Cz;KzS7wH5@in4EnB;u2dvvB!D?;1nXOsI!D_9)A>&v^ zy}!`P5OK7)R&G{1KZnP70MkC-YBMY)D zaR)`gRr7%VT`Gejlpp%)ncRDEuF2X_L9l22JvG288=GL|C7V8N*d1-0^a*ldkYp;t zm~GCeE|x(>EU(xY;neDh^3)>lxjM{(H7E*^MPh6-yBqyg?B-E|qz zo_F^SHpo7t^FmY7XK2pq; z5+*SpRR%o2Ed;!(6f!|QD&Yy8*XHLIx@jOqFx1IZlv0@@(7^EaQ(MX-3oH+uRmO|l`Hc>hN{dSpBT z5_uGyb|zrtZ`ri6Gs2=%6P~6G&!wmBpVP9iOJv2*Oj%%__aRl^0OhqbfF}d3^?;fE9&P@E%3xF(jY!7t1FLqj{Nt>=OAsn7XXqs z;b9U+&E3iZTkwhaAODjK9+21GUKDz)%| z;k`?xktQ#Si?w|ofp3WP;tB2VRCrDcs3F|eLct0i8bWxh?&Y-*S{ZxjNM0e2GrJ`* zE|p$oXVv~ca}XVlElx-$S24E2DpZSDC(?Of>oKTQ8j-ot;J#WFcpkkm5nT8oJCWo( z8qD>!D9!jiOwn4WEVp@6HRM{v!F!%9_U~0r)lUvT(|eGu716JG{i%+@K3}8Pc`JFC zKxMDm73}4++CVOn5wc_J#7x*uyNq-pVLhzy&eJqP{s2>l=uRwR`=OC6#yhf`DNIjh zv90I?_8g1%1@hDLCnf3(I2lmETVhWCF_ z@N@au5$?W_=lFf03fQK~3z&CEE~eGa~r43`d=l1vXO}L5DwXig_1?Dl0_N0 zCs)_>tye#5UXa(l?6eZFKf1mK7clfgG7qOSv3uSS zsIL)q0AupH7{EB+Q~y71CZqs`7y;5fPE{?r**-mDEsBH1{0dXyrUei_@hTbgg|W%m zi?*Zo@{k$u6nkn*XgA-p%xjSSk1EQtV{qDQ*a|j#PUVAH;@-xH-6cPx4wx~iWnoYn{swUHvOTmR^Fn2r^Xu-gju-em}mDQ_v zc&|^GvR~3Ff{0kE-Cp2JX)Wf<|2DoJpVAuc-P6>4#aT8=S$e^9=c7YCpJUNGU$Gb} zSa>DD=_j~EM+x*AVtXSQOgQjW(6=nLoLj=QU?!4L-QLceaaf`fEq_*ZcVOHf!5=QAg`&M5jfqjeqh|}gNZKT$ zW0ho0<3I)q$rFlbrS>fco0Q;Du_aDvsH54Y5(fs{6i7ZYQZfXOtf7i4r@|<0P!|iY zbh_lF8v~u`0c1uQvC(czgHu(k%KMjqBV?r(q!N9F6;!~P=33H9FDJu$MQU!&4XAd$ zV_ri8sY*(4=L;UT%{dUN|DFcT^A|c=#QZbO`i8^b?i!&AqL%yP3UUwSpwRJO(aEQ1 zGhhKajwut<=a<|-o{@<;qxfL-##v4lFmJnezvWadr{E2xYzQcv$b(AtL$eC&;vYxwnC^SAv}f^!wM}Uq!$^WYz)8d&?kBzSgw)*FJdGltJvX zQ(6y$i+Zpd1bO{hLaPnO zJXAoN&^pD9Um3h~b4Y{Yw?jeBJ*ITG+69J`kqzrc3hNE{TbsE}{7b>_K$Op3yl>Y~ zrJN~DHi-})iJXl^-lslj(iLilKB+gIyMNQA+LOss$4b1OYP@!oQWcjNxCB5t(9aA4 zC7VD5x<*+pfvu`KaiJJii<3>tSw+$vY^uIuH%Og2=1LgJajA}R8qV>u}H66u* zVjIR`x#p&$OfgsjD|Jcou+I#3vEcHpH{Jqk7BhFl#^7?I&yqaNk`sHRyk0qT?6U(SKg2DHNd&BC&owtR@WmV5Ay}YaQVDB z(mx9mpH`KkbUY=&6-f-sTsr(@UU`J$DM!QrK_?%Q#wl1aFbQ1)no-!2lAu=^Ioqy8 z$&y!FTHHX28S}=gz@5twsJkpeWXWC9Ri>(@2O3iL?q0wix0bOOaE_(?Hk|y$SiIfE zS@Q4$IHbPQ=lDw=;wV3FqA5T7kJ zfrK%x|K+hJ;&qnD*i(tZ~qKZ#B z4rUmD?Tf}AYcdtkpvd{!@9Im>!Z%E3N@PBOdz=kGw&noL2@EE;76wH=Eb z4$PFGiQd;!ClF1EXY_VCB-H{oy;?9SxnvYmCg{D+(Mc=X)SA<)e07Psl(@avR5h})AE*;CRrsz-j2qkFC z1ve3?UZQnPz%V&mKuoC^E0Pcdlgg*`B?|WwWAKoQg58nQAP^r^MWdW(@n|t<$B|o4 zF}}+@^z&4}UqP#{DW(0^OjH((WSW^krff~b~vb z1|5vYFf=^35^+AWFv~eXw*KSnA&Vb#Zh37GU#|C+o;FJ=rY zf#k&i3w5Fa)ay3a8+O`l>i}5FQOnln~=s$VzC;34IJThGnvmI78EBLBqdU_Rjyie z>k&hZd5t_jT~_D1Rd^|*lWLu$Gg~eXvAO}Vm)dpJoZ9kq{@)6qk3T7lD5@}s1!)9x z7MisQDK}OMSm~{eZq?h9c`nV9glr<~#js)Jqkfx?6WY25u`|;5M|Hs(3+nP)dL0*0 z!$j%gt6Fb^#sPw1bZ-tb#4e5YSo{cIB5EG81ahfn8XnBhG&-?%lNI@^w1(DH9H9J* z*sw61qBD{4477QEuXp{c@Gp>kt9E41J%2lsk%DTQ0*4eHhaM-JjFmS(9{&Q>IG@it zk4UQ;0oX!3M~o9w6949TeZ7d7qz* zt3CT6z@}qKFyUl_4g!^bC#_|eeZAbtwCWqn*_aZMDC<^E_M1qep{kw8bxtOiibiAI z-TmhVmx8lVMOAFc32}kw*6%B|=RulK<#BO9-myhyNllJs#rV)T2+vGd2bM+hIa9&( zatK1wa@^e8=1?5?T88jAg?;1ZTiQ#TVu;&lg0b@LNeMO?F0mm-H$fq?sg2608o z2PwPi>U$(15zb~B3xBLw(}iNtFRWVUOU_Mf0Krrh`qKVest9QI>!;Y%#PHMlKa`w| zH{E484f4AfyyzXVl;+Ajo2ov%ks2KYkn#>scyiw{{R#UrZ-4g>offSWYBIOm>FX^b{m{iU~!3^&}^3RJqBy~B^@2C-jdGHdqSdaZNV|J zJU-TFB}Dz@l++H^NICDknz` z&F69mgiVTK?ncM^$hDO3`_%@PNc40W0%_gq*eRUvigfXrYDsfbxiqaQ=i?-~xVlh1 zL87^}dR9qhM#my0wUlW_F)F<;9!zQ#gEn>&lI35xQF!H-Sw>1CR2>yLhUB|B{#p8e z*#uHs`SdtDW+#0@76kRkC=4~oN6NBbnnnp`NWLv)QcYPx&~8a1#3?Y@*3p%rTD#hx zwQ7VV6J5K*^JvsOw!c$Q=LZa|8jMO;P%Mj(zA&1DU(nR;6>0wo{IY!R!f2#;rfM~O zWJ>Sb;B&-q{oyJ9f#-|GFjV>plVM%=Vqi8oGA@p;?)S^*&uQxJUE;H#b;tfgzeN#E zzJV|KBl-T7e)~V+i}GvV;LV&AodjHR=HLE^+>iagrs9YU&%=#hid0YAW&GAp^SkH@ zf;t-MR^C8=xz>4xlb$uotzmSQa2t@?Bks;)AJ|(^$?D$!{nWIOxHB3$2uEzaqpK!-fhy$3;m7{xj^LKh3EAZXANNh!dOAl_z=@T zGg?u#D}!pnf7z%9d4K=s3*HKBdzmZ0Q$(V=q4M}c-|8mnWm88>T>2+z}I}YI@h;?pxvAKibei)CunUwQH-@|G4#2K{M=@ zIb3(?*{$Pda`x?Uwm0LlPuBTnuGjP$rU^JjOf+)5n9s}RRMr24 zktlXJq__1w^Tkh|z2LJ9V29nqo0K)Unzqo!#Et4e1Sp*;_;o_Ra(2>Yo>Zwe?z#lL zm(QWq+Hzd->ZX(riCZ(OTbrI;AfvinEvzXlbW0-|_{Fq+@Lfk;`|mnGqWWeG>Y0E> z2lUgGtVmOyp-_Tp&J0_u*+9%GS->^qD^#k1Qb94_dU0qz>N%yVE-$^WMR;h47bFme z;q|Q3NxJd)e)E)0+ue|Jd&wtPbKOI6rTY17LD4Xk!w6fJB5PQIO!HD(wak>S1Y0r= zhhma0d!r{;n+zZaQkSjunkYJ#}0?>HIKZ?hhz2s*&DVe%Q zZAHW)?a8pkBV|C&45)bmC%jVl1-Pv##(n#l3||B!33s97b!OsJGe zHg2899pb?Ue4iyn3wXWC0 zpZy5Tl51FFt~t^Qz$T5s>wo|>9jX%msy4*UnlBJ|okMB@+AI%w`4UWh46RdWk(Hv*2GVo7Lu#Uwx8&qE_QP){9$%Q|jiRFYffq0=ixE z`R!pg3*UiD;i?T~piA^NNS?aYwT01?D(bwJXiUNQxmu{K8>>zZZ9Vm6PsUQ+G_ zFCm31bi&-$vF9vkh8R`{w1X}>{36~DsM)mQWa8<#q_^!39e8OQfhxZ(cu)y+RwoY(F?2`;(P#?7u zg-eea1-qco#>3M*GaKt%-XpB@3c)&CF9nxMJeGm+Xo#De^k&|Zo@(zIhJ|O0c5%nS ztJ$8wXA6y4??!p)yl~%R?yYiz+jmSUtCZpG1|U8!EpL3Z)jddF^(=gr)!5W6HVBj^-cn0=rYOg7RwIJ}^c&=|hZU)mEP`pvCOBZW{X7Itz2 zL#NkkW*24B^+#Yk-%)&9zna?OfbNbse;-~MX^Jq5pxkYGgi zsjt5TgkiF)*8I|DHF&Wrg{S|=Iq$LlgFAmX=re#DyHfl=VD!p^PdsV-2ap2z{*!S9 zI{V4_d_VVa{&Y_ErzbQv?*kj&^sKSi$xz<0ZERTTj&|KpMPY5!)VJ?tI;S9A7^|0{ zbZ~OGjRSjgj|1A=bx(Y;&7Ya;YA@~RJ9O8XFbHzVS1$Hios+BW5V>`;tEra6T5JQ( zfpKi}thKhi42D*Zd{SHZkSC4P&YRjFdoG(t!D;P$nJ*iM!K-aQ!($o;MX}HdYx*%a zX#<_LTh=zEklOY%cSxE#!W6~snU;eo3!1;$?`B3L_uvuXwOWn@)-xaSGvP`yw%{dP zGn+^C!y?PHZLzn3rOQ&Hg1eyoa$V$*W&r3$%xYQDdiX}#3O=*mk))=hOb5PXk%Rk(pkLq zB(N#}>KnL+V@&7sOL>=p+0aCJxx0U}s9XHE>d9engLC5UB&{TebkOCrb}<4~X3~)` zbz4)BjoOOZIP_bWt$*VD#^oVM6Y?b7^Qa!5zh4Xj6;WnSzM;hzGeE$n07{si(mCC4 z5edOslUu|omFLmDMjkg^o|Gy`f&P%N5drp$(kcwRj-sLY%y1z=qif$)7v+$3qPWns zT6WD~NH-Xg&@Z?;+yVOH5P<>WJD1umo;u(10kde8rtdX}pO>!~5>bJj#ao+N3R;L!b=H=b3kV2SxZ0JcC$ zzXpsMnM>RIe#`B5q5tG(QP}XF6%hn2>Dn6XYzZ2iRza%GR=ao(W@;~oVnk``t27SI zWHbLlYb0_4?eVD=iD`}n%{I*;aOUGTS5=$zjk%8N>7T#9xJ6g*@1Q4=zFEPF4u1#4 zba#C=kF9NOTCc(<=A2Urt(pnbgITTIm4Z4tox%V4%3k9%6`Gq@PKd4i0nKHB-_v>4 z*gK28kJcHiawcBuWj7myRT~KiG4)EJ38|M4^!7E2tXEl2D7s!=&9B{MY7Yf(l(a^d z*KS+F7aEiitL{Qu3>p9%lf(p_qCcWX^hdZ_zY772bZBx-hb^|AT;Wg;a?lL}>jb)Nw4e_=*3`f))1b8^du50`Y@TjaEUQP#u}W6$ z6Qr+jscIq)3&SY~4Z*krS2ReKhb5#z&G%Znu!ZR@L9s^&Pu&)dMfMF;VBE5M1$u2Wv*QO~UpA)8OAw zmc{u`=hqXh5km32+qZpIxmJ6)ySLZDHZ>88=`ZKqV&Oiq{Asl(1;HsjSZs}Jbyz_i z5@eI}HA&3{Ubjq4p&_pfMBenvke|RZI7Z%#kvC)H%@}zTcxQ~f86$7T$eT{IjFC5E zcaGL|i2?$THo=PTWKRE96m~ctFN&g~IZ_-Ul+(ms5@Iow4?1oWNqP1zppO zEXjpTa0YuGD*~K(zIR;}Wz|K~*D>496NI`1Gql8%ppbDmj`Y__TAWL^D?|H8<_FM1q_78zcKdQl@=5tgW(k}cJAkPjUp#vnobL)dg+ z>}>b_2EBd-REs65pofeqU%dkB%iFW-UvB?;`^(w+yUVM-BO2~gn&1M@X-31md&dgi z{0taXnx3SB7iOKJWDu`e$6!SmGMo>p3hy+nx!Xf61!l?#JAL)J4Vp#Cw4nM_j~h;h z1SOoMDM?#XKd=wztpmNOBSz8n``gR^6+bGnG!o?=IFJV$Ax$O&FnMF6dq!M(-s!32 z@3>0j;l3$ZJ2Jn9fO4La8M-!15xVULd4Kg?%?7~yt3PIn;w;-BEs3phMvMztaIdz4 z>XKR}F15)u7C4iE10KT%HLHK8g~>=fRqvyeFs`gzsz-u=TEP=!WK-jY2&}3OC#skw zuvo_isdQ_-uEqpSJOHzlL~h+SmJQa@svcJmoI-3^fz=A^ngO6WmiHtzug=UpY$a)F zI{?_}-DxZ=2v(&aaQ}vd+&Mvn;dvH{Jc|m7#OZsMZEiSM-&Y}3k=yxm)f2p_LBnMW zM#^*wXo5hlxJu^d_4XZrJVnXQNK0HLlSIwXJG?I5aqwgHET6W?_sB}IMZYtx!0F0r3p4X$ab@?Nf@k} zR>s5-1J}c4OG$+3?kq}TkocE!PBNlQ#4W`2V`W+in1=FLIl>5^bi!l_?LxF_tWe5H z9j}Nb`swlZx6v*BR%l zeCk~u6@cypu2Ne6%pMnMh~lGoHCEmZ1eoknO0v`%B1|~8KF?XP!c({~dVt%UG0^K*oN?}Q(WI40bw3H2;$r}j#xHl$x^Yec=rcUNEP(~5dPb_u&rl6AX*9zfnjT{7<$J}oj%zyZvtDRv$}5^?<2Zvin`{h2^p_~a=rZz zZRk4v)!qHIWWl(JnP|q5y9TqSX{raNwdmUBtF2iWE7yw3W^(wXnsmTv+-&VILH}7w zg>dD5ZuOj~Vvd2F60bGIq(!gC_ZTptla#n9{%Xj4AzNO8=PB z@7^3!`gfi&rGHH6A5;3rlzw=|l>Xs!8&mqnl>RZLzwwMI{X3(KDgB>Evfh}|@18NG ze@y8gQ~Jl0{;g+B=^s=2$CUm)7g|a^sg^NW2iAb!h*g}Ii-p!ux%aZxBkowDtK7HB z(Pgd4lBfx!HJC7+VL)vlC8RY9A|VZcp^Nw5&l*V&UQ?zw6{0WZ7-sXHB{5FP8nIoG zpccPL#-)iV0MI_y)Cx03oYX-T$jWm<7~%zC#t-G%G9auJPF6ELJ_|y1*`d|wn)MQ# z8{`U-V`>IKI1yY*l$V*JMKy$P#|Xp#naHdPVc=LG#uN`R{dQxeTLNdjf!81#O(3B? zFVx1kT#e(23aL<%QMmqLb|xnjMwtYh`U-MIVXe|GmZflO6iOOLV?B%=Af?jY(bDIc zz^-?Q*=)B~*zOdDaAVq^8iVv;0aBi47b-&QbgpGfm`++krFS-wb#Jo6Pv)sQ==LPAp;qz{-t(_9s3wU zV=5>&bE#qg9|Toer=rs2(t%xbJK)j}y6J>_=RnsWHGgNRaa_#_nhQ!6Xh9jytOv?R zUyvh$jX*7>7EL*Gjup3t8T#2SLWz#UD%#W(P&pF7bjFW#;eNgV6VyiUCihy&YQNjGZS36nzWW&+D2u zym4{5>2VtmWtH42_o)*yIuD3Id)mLqyNjhiOgG&AG@XS$=i;%^wWuYwh9> zr{MgT6T@6IXY_Mund2B4UGAHK*nyy4Fv-Q4<*vM>uw0Xvpdz9Kg!el+m1h171>1pVK zRTK~e;JHYir*_ZhT$9n2d+y)fz z-zHvUKx!ST!}hARnHxi622SRa`|u3vdjw{MMyID{yfQ`w5fYlisSmKDZ!=6o8C?j~ z4Ue9-jQ$Qh^`3ZN33&US*qg@?I3(l8oZ)Mp+E3t+n!*JgqLz%veLr}6ybtwS+Gkb& zQXN+FmOYBzy*f|%gohoBc5AuM>w zQmda=hLCq#6TadMgdCHD6bM^2Pb)@TbC}n&*QXzsP2O!a#M2nLs@SAC8&95*E3gqg zt9MputLtY_S5*Lh(#jZ#Dusv8OAu+aEZE3Ocr~aDOk7&K*6-#|I@{(D8=~#fg~QZj zzwS8ZtuAs$=%sn{SVAo7t0!--UG~Le5zM1(E&bxLz@S4HeK_b5I@-649|wOTE4(HU zCrdLdyqN?RE=RX!RnY8~ur(E&fuCxP1%;d{n+ZWTd`A44Moz(xGR@(MGltU7hUiMi=gfjI>g^d}r5D{l6qDYjHJu!8M@+7#l~oua6fga;XBj$>2d;a^&gg8N?JgCf5~WKGF>_`)OG7* zeEGfcNCh#(m)3CwAq%a!82!INHc5&tVmjB;0fuTeh29nSRd>l>TJ5B^}B#E7Teql z8xvWwl!y#ND|Lg_)Q+`#Tj-f;x?4iQ9E1C+F406YdQun?Nl8YOOXJyzRrb?k!P9p( z|1-F*>-xQV_a*uf&q-#imuH$uVY5_&_AYV1A>vzI6F14L;OWlfL+Tl>2kp8A;>%U{ zT!&kwavMuE`D&$2vVkLUPd3&ip5p>Z#eHp$jm@+wQ*HQ|$uk8ins4f!;fnLj`q;Q2 zUKg7nN>H*U2#YyY0*g(R-wO_fO+{0GD~Z^EJOqJIAb53x)HEjuaOBh^66QRm3m{-i zxH}<$-M;-&5;0wtG$kjEjq7qB1Z4xL*zqy<`yDPIjso7++iNHu_E@&MT-$`s&LO#2 zVn%;8_)f4QOD^<3U&@3Rb{Bv*zG|QqZ;XD|2~k>B3VsSfip*X|t~_!EiK775cGT_* z&xqPPga3is=4Yy0sIKh#E%qa9#1>$#|t4O{P%B)=qCr-&|n`!U9t|2)PShyOVcj zNhLad{nhE}cw$O}w9T-BEXxcFy(_{*XQBW2->1`m`#=Bp%Uu4K{IC4KRm%BR$7nm_F!2dMv0#M8lZWQ5YVrGWE=Xy)AK14fU^)W7` zaYmv4&}Sr3nOWz5L~oiTi6Fb&u6@^=cZ`GF`P{1?jfN?;oTP;%S>S{qEIWgcT03pd zlrveG(@+~>YsX;oqaBEFZJI)#c0ypXY{EDpDmiJ2BPVvzCx0~mG1c?__idDUT!#V9 z?z2(#^q|?sb*omLd=V6_TN zD-Q9tOCwwI2Mu;bi*60d-gpiq*hBOuRUApd(>Lhd%4H?m^`$txAklINad?yA~)^|12fy4_};q&$9GY z@pg(Vn`3dsb8pyXS-T=ATe$KFlNr)|lU^ndnin zqxQ_VKix3n_bj$L;wND%{q^LBSCVhbDcu|Wlp^wO2AzNhmXH5uyJY&}>4L@K_bUtE zSNW(n2Cz3AB2)x^zw+1iy-I5j zLBs~4f%`j^^rh>DB8TKgCaT+g*w+5dd!Y3rtkF$wE4bx#B%SzUnE-mpHgvOk169NgMb zJZWJJg&OR}R&(=y9udseQ!A_;e-6UaVP_ByrV9khg{pt`gwTbKL4QAqy*o+lC3v|W z61$l-$1+NEeYQ3d2W%kGcTD1&Mm$Hmh{HFE*snzdng?p9K0|YeXJ|(dQ{cUqWejTq zv0wWK6kNvO#t%(gdZ7-(@nLWo)yQH077mE}JHzeOyrD8Rc)<>6+YsSNsGt2fXHdf4 zhkJ&TaKcR*BHJ)L=jq+Yi)}-f&XRkh(0RoPwuLaMET9HzA z#=-c#m#c6D>FuA-^qg95$E{FzD`cjm$oQt2|FY}(nOyi~x9c7pLgn1O)W?(ou-LR_-W7*D!@F^vN$9+8R* zyzJR~^N!naklT%7#}|-sXMwb&qON;&C)AxXsW3~(pa3YS4dBVdXvf!F*f&jr+O3Uy z<&7zB5n<=?yH!|`MVZ|aCAZs#xMIjfh7;0uWI?j<9m$IfD^GIFz=#)%<`bJrd-4Tf zBBi1$vZYV@%SlR0Z~N*t9)AX(itRn_HroKGlBjTUZ*m>#OcyW9+iE|4bmX#E2xiU_ zZg>k%$#Em)#f<3({I0IYW-3V7DB716z$?TBdPj1|!+9F^gUClQQi7zv5{Ryf+k`tP z&QiyOWsuV1cEf3W)@mBK&D^1I{#N6GroY;%Ek?$Y+^AUz@Ffj12do7I1lSn>=3)a& zSA4{L>nNt0z=Jmm9M!J!yjAvXPSgV-=I*$4_-kDDS_=t^-Vm}<<{E)^RyHD2pWSvb zn>w`ME+B3+=$O&0O~}p_Ss}J$HV)2EUqF?Kj%_~>IR=&c4u%$CSiJu5wi4vM9JkF~ z_uyl=p!SxGJ4R>Mm+n?|1}M1P&2J<%#iOy2XadJb5Xe)o@r{P{Tl~#H4$>s#D#3BK zCPE=W624^g*FY6yGkPVbYg9|9m0%Jx;1o z)aC@Dv+2B4T*#AD3%w_jE~i)|E2;=&pPb-=PGND(WCG>s7gglt-hA<%`kVQ*_wp~) zD1g}UdBY^Ct#O&NHy5{eRqSj)b<(;d>|hN-)|;sjPT9hh+^LEN5SE5J>ov;D$#M?d zriuepyes7rT{83*=OlZJLmB7Kyp<3|HPzd(|7PZ%e6Q{ey;Yc{ShyTDef8G~MbEri zH&A$~fed09Ye72(qgj*tq(s8yovg6Hi6R0D9GgqYf1pj&mn9`vDYD=x!lhbqvA2X% zm%W*~+ok@={F3Oqz)KY|HBLhGn%aDfKJ>51mjT=>HSosfQ1*s~8X#`rmis3@8xH_)@2ba?B zwzq^}Di9D{<2}e&D}^9TWt*)rf{?9#3Z~WC=>=vh!}@JWO=4Og!hIjER+V7pAZ<;g z2^R7wK=(DVn&IUmMjjmL>7@c7r#TB^GB_)ngMF{3$%>1^ZWQBfEwYX|>t0O|dTXW4 zP*Zzpxd2rsUfaroL74S=?Jk*mmyiJlw;up1HHl2n1JU|5>+4VCmX_-y+?ceB2Da0i zlNDZ5E@D~|H&Ljse-k_$s&oj)Rr8XKSfkxmN?o>9G*lh$mj zw5J}B(Ix0Z0;qdh`{LwKsC8-0BvqdEHntBn%a~4CyPobXqwO=#GNv=t6!0BAIj+4B51s?td_G}5Z1ahv z$f(z(rw&i^*^Wzu*h(lIg7}(EQq}*OqS+>LaZ*G6w zPN_6YbvWv!4|^VRW1hNOk=8HZBs{x1?-z)o+K77g#Z9(3v^B-WE(5iqyQMWyP9Pp| zV{Dw5*#_@66g&c^AeqerB2XKruAS0{j$w^Tk%k`g+7<%!oLm)az@+}6@)Qg}9s(`G z1s(S<4h`e(`f<45W0}>qHAE-a*kft7NS^{<>Sf2oIZzgy7H7!*fHRs_0~xx%WPSa_ z-E+m&C7Ym&N9sy*oO2?txPo7v1)XN%dmz)+{xQ{`z`E0@5EM(?=CQVcYI~^E+BO#s zA61}(>}}fGe4M_=IGcheYSuN9L3SiaE?PUXJGE+1GhifGuw|L=L3aeteTvdjn1*#y z39QJHCMYK&5E0dW3eDf+rVz<>%`=d~V*BlyC$?`e=xC%L-n826NHH@)+KpckT(LiT zt93P>k1HBCCT4EP+*J7byT0atpnpRJrhQGn^>gNm1~tF6HkRfvdITzw-rqIONQB^R z1Xg0ZEb_&U#4TYDro_%yhrfu(Nlz= zgG#wZMfVo&YCc>2^O`|)4JdV7hfCSWFbxF2p#7tYI_wHiQY`Gdh&mLmT|gR-k@}O$ zQTEV`Lb3*xhWRh72Q;x)r(AqrwHttrO}R-dc(B#m!_EelWMyiizW^*Kg2OtB3`XG~ zqWVyM;sj2s4b^78zHBx9TyHhOfKV^vS%uAtF3~xkCU|~8UleqE8HE5@=xY$O>lt|>g(rZp5f9+ zWP>$oJo`t z_}@P1c+N`&JQwcBVjb$VJ;Z2|VX3YKpOZV<@4DJf&c{-jhMNzzmvGe@&aARucy^h- zDOP0at=H0g21xvRZFd4Q36pu!0$a;Mssb8eIYuTbjWgm}0D@c(cIi)yAlu<@AXffd z=9o33k3Q;tTD!PWQg*8(9u`*zdf?yeLWYn?5pBVj{sWn7pqa_K} z|1H!6t1}N%c)_ka{1M<%$)S@!Hq5e%q&p04Oi!pI4pQCs|P8Ww^2{UVfBxI~TdH zRcw<6hv))EADH&0ct%8bD~Fv98|~5o1y7G<^ZUs1p*!im1y2pnzpG$@-N1A>HxYp5 zFA%)eMVA`C$~AIOrZ4)6ASIxa`yVSC;e;#}BvJp~XeI^kchgX1sr#e*ubmR9eNvwp zFQOF41-$6)b2oojmVp8NBEh(B@`gM#Z>|wj6&Yt)3xst2^6QPXQ6JXy=z)m^L0A0N z_HLP=YcQMCzkmVrieEgEr1WL@^&D5P3$YzuR=W(%x>_#7niQQo(8m|J#i0jV_hch0 zw~cjEf@@{cXV-U*7~|jh@2(|rKCk;^+r++lOlS4=hJNXnU`qQSHte}jDc!6DTHb8-{qCYJI6>6+zyby5bR=aJT)<_RU!kL3s*R3acY|sk}N4FKsfOrB1$Z zJf%9ct&kmmwpUdEz+O798l1U0l{56Gjf*OR2qP0n>j4R6blX|424drwFSsCUBGAi} zLr5-J)5PD1@&6@)1CcSZ#EPyf$BMHN(K(J6Wfz!1%Il2WWlw(%8Kv8MA-SKg=B z&L`}fVunUe*y4oMb?6O@@Vcj4B`qs;%rU~AW}^S8X$@CJ`OO*G;}q@D5O3X` z1=&WQm7k0+1iGj+*63?a)-lIW1884&WgBcMQ7cjncu!>kZN0yP6+3g=(7%y6+Nen| zYY$n+rFYikHg!A+vxVeLymWCbdCprDbO7=Nl_F zOM8frd$g_Y%q0ud%?rzTJx!|jZ%-X+4~F(_Ox<&5#Wkbevki5l51sFV8PI@wr^$5a zhUsrTJ*2&K4-)+u2?uH>-7|i;f%H>aN89$$9!&4sG`g={bg)tMv$TjlY;)+I?doj^ zy=N=vC$Dv<33Q;*vk!Q<{c}W%XAj`c#?O(>ojoACT0Zx+b>6%EufK`&;aUS*r*MQ^ z5+#zjxN{?Y>77yN7lVh;hf; zl=NnCUMEf!yu&~rmN)Q&yvVRrH2G7;lY715nA_&~?C0B^?^-Kl=wPWbA4Nfjk~#-KImL}?|y4mfI>4*EJ=hPBr!{!>!m^}ad#|4zteUh z?}8qRHj*2GR4ziR!J7eZ8(yLZ91KNN-0+7Px}(J#bkXRWVQNvg2cfb~^A13@3M}l6 zQTL#Ar_pE8g=w-S-=HJ%sJ=Oxprgly)c?cOLLP-|@t1j(1O#qSWvsg62tva z&2y-Y4-9el{`~zL5K>ca{OOQ*jffCjR4Pvc-Eg@kJTC;#sq6`h0qZgx0e>7$gc}3Q zQGQt*?H0(=r^tPT+R{Ob0>g>q|37>0+8noyEsE~X^D9u!RLQ=jZrMpDvyacz>{28- zqcgUwV=2kqpE76?-Hj2O;1FcXJ?EbPehX^>AlOX;V0X)Q5@J{FiCg3%9t-RJ&=`0< zH|b@krs|!k^JLIeVU~ukh@=ly8Z3Jw3|%K@DO;b(l)gHJsUf21)>3929+*^;XRn^w z8id*A)Ln726LV48Px&2$&t5(w&qWEdNoYL62QvTU_H?b z&XdlnDr*0pDLMWb$ljt%Os``kAs;kM&nDQV^1N*cP(l`f?nMp{R4&OgPz9cSLMl%p zlni18rt8btoyL#_a(!v&yyLJ>T|U~^EC7dMyU)*8^xq;USKr_1X}tI>8+1T1b+daO zLAlo%OaEP$Oo<*5lFYezc3XN;zmrQ^Q50fyHgw<4TVAN{#SDry=whw?k{O8-84{rS z3xAw<8ZE<_yI`fQ2TFAbW^&2UwVu8< zxkDC~`+`r-FreOn`8$1$REwZBJaw?}Ia<R1rckAL9-&CPVN%fBx~q_16Hk|lsL}=g7({QfeKCYOC&jT2sTPFx#-b&cV6TAx&5K|5wxT!k3 zzk8BNBW^YjhXD%#YD&CC_zxBWo89euz)X6d`xM0Qd&0X7or+y=E?yOws zIGXxPD!_Cl8v9Np$@rZ0Mudm&*GlBP5~U}CcDI-e>^6C)-^7%Ct<|Ne9%@Re<3^u-xH`XlcQsw5UoFMsq!N=_vI(#H`B5-qBPu*L9EDo+`h#{i z5xXtX47%5)x-+}&kX{N=osyF33TwS&gJ_juUS}EZcvUiX>e@p*m1K_3r=4ZRl3|~* zjg@RL8TQxiCQpoN@wC35LHl;~&c18nY{27I35W>{gm=$H34LtZ_`#|KmJ4;ur<#|1 zf?FBGOJFh|*nHoO`oQLxh1^c5g&MppuOLmuYsS;t(YbTFl*T96s<P`6Idv+@ zpMvssN@|||m%mEZ0J84QLGU#q_0sjyT+))JLSkPhwHK#xHc6VUc>YCP#gKsI$D#MB zj5=G+xX)nPiINuwo(>sBp`-3%jP$b?PlrYh(v%wm#;iL+Xsy>T{@4z-x=$}g^5r^@ z<$b~OyNV_c9y|8Phd(PH9_k4*VKJ#aZw@^ywHvpInn5K00;$eZdbcpD>K*N=a^ALF zm}j?`ul*TpPdZw!5JjE!XSP885l(zhW~qgzA+D^3h^$1)$c$IEm6^zGk$m8p9xRyI z91@q)wwqtQ1li-|pa1-4PZp)K8-l$2?%QvtGHnC4w>Rd1rfLN5` zpLp0j_lCr{ohYOh{B$|E+$k?*%B||=%l=rCCY7!u$u{HA(B^?{OckM#cpD9FxOPltFIgD#&n})gh68?FfOs6ME9z;oGMN567)$jeRENBaDN8;1M zY2XE!tpbt}n<#G@QEn)<3Qa`O-W_+lo|HzwqqUh>1?u7L%q75LuqzqQShxi4DuT0I z&$s%31fe>(?C{U6UimF%5d`UHCY>xJy!aqX*<~C-pb?A(M;v>>5yNC~`27MncJSI# z2E5|)hU-G6b`jP11uq9S0@n?JXin%%ima{>bn{0|cA_u|CS?ke0>!al98v_tKCV2j zpK9q3AGNQEw`T4HRv2^{1xlBMT}FOg@k`YckE|m`oU7rVu})Ynpn5r+OC5PnpbGIK{PbOJ}!UoV{<2Ufr9S!WAiNO+Z{(d>u>Y7u90Kh+h zG;Ks(Y6H7z(Upi&sbHaoMpTlLEtITUVu4vFU;Ch#v?Im!Ik9)z4C}Mg8UyWI3&~>5 zQzPhOm+rO6>My92w)vfRgQQ3}DAdl0p)d~OhRwxo#qP%$tg-dAr=WbqM&}}BxAiRJ za(Oq<8hO+4Dn>u-_!!Yb>C*|eZI?tcsNc3`ZYf-lZmG0ghcE8Bqr&uT_5Bc#5t1=o zvqBw&GxwjG4u|U3AM?Wf-K(@`ncU7zHpCevHJx~-v4<>yYz zX-yepYkuK!?kn)`jpgn#}Qb?x-R4VU;!DvpL8G zf?q$cuo1GiLiE7u!%(*>uAXgoVQbw5Q&qxeP#R|FbZ#J0#O;`PM znlQLgmT(8na6?+XH4;ip+osNfTYA+pS+W&{|9qo%qq7i3*Wi*Uv7lm@*v!h6Bw~Kr z%9(k#e&tP9H)Bvwskxcv;HBTTjEd^$E1~<_g*_zAXnZYjEpb1Oyv*1}Sd(TuqU?wf z{jEkPz~}_=8E$_jM83}CK6lqhqX8ZyX<>wtAB{?~n zPESsZH$fwAUCk%|Nm!nU6p<=C%{eb+1&q7VkKMJd%v>86L)fnXbBpVy8&w}2bLZde z#dsTbYjg1RLTwG6*T7eU%W7J~U`KGc9;W#;d5%9$lcGM=4@_5VCCW{hL>M6IhX2+m0Zt*s2gEEjJ|9`uN6JF=*Le{2dY>oy^CB ztCGM9S!tcKlp-(lDq@nFffAlcn3rx^U3(X*;~a9qpMblie`lB z^i=RA==6qURGtI4wgRI5a%c9@Q2+zk^hSJ_H3)ZlW?Fa=bMVqw zrY~(NLmx(M;e5`sHqx8QbasR5T>J6|;AuCS){>QzMa|QrB4~ix&XWi_`{treVBhdr z$;ic$<~hq8mbq0dvCp9FmQV~-P&`7VhhIk))aNX1^D8M2nAOpR0UL|Sn+sCWa=|L~ zI?3zRjCpR;=PPCR`4hVi%fP}-{`u#d=!y?rXY?q_EPdoDhUiH0TmgLX`HL_-KJvb% zCV_=%!x$`#z{+&G5LX=OIRNhK!=c6%$13pZIVBUhJ$95bX15(kr^0b<M#+nTr?C8T^&N894TKbE@Cx}$(TCwu7hBZ5?d!a^ra^>cLMti<6&2jB zs4H28@qkdEY{e=HqhV)|&MJg2f1GX*YU+Z_RTDi8Q1qvjr^@)^sP1EKz;(!^KtmrS=8*;o|By(P(3l zu%_gB%H_k@W#f0yWn<^mf9*E3vBkz0++yPs(I|3MLuZi=kOfR13D-z*d+9chPz+-V zDi&3s$IJc3P1Tq9a7jFv1~7)hF2e0(ZdYW^%TCBE^@ETc;s~(aw(XnUd+cZ>oRZ6{+YeV4=l55auZe-rUBPrp?nPr(?9~dI zerga8+05%ylTDg8zE~)VLUVGR^U6jo`2?>d6S`2=hZC({!n8fCU_jR}0UpX+Qo z+zjmoZ)4SzkoTtX=&6!!wu<9;5^c;(8&7u!e8ab8J##1O5A^{kYnBJta1;?V6Nx;- z56#Sf{P6a$PvgCc{P2ZXt$0P2R4#2=UlWaBZ}t8&3emY{tM;OGm@pnyH~!=Y^YE6! zW`EwP9`BChQ}Z zV5@-K1yMHKyU*k1bkHy+C}Xg~ccFiBD`LshWgmwz2V#fcEZbl~QOHI{0|8yYq(!OC z?M2DgJY)TBmZ~Ms7f$nFXm!kV8W!7GgSx-6aw6n9)9}O^ zPbL$vr#%0sl1tO<1^JojuPgCf-T0&;k4pg>buIO}Lg#22^yjI0_e{O7#6o0tEhv!n zFG=G$+*^hnOm&Uv*a~Y72HH{6gGwb&;L|F3Sl4Y`_#d%#VFS$&_nnf!$rfirttrKoG5uuQazn$O4 z_7I5)CouE8V{(87)ICcLX9(P%U%LZ@=e**y5`i4RwpE~(m00PkaBTp9 zV;h)p3#OkVJ9UIPXjh5kw%XoS80IO-*&}|{%bm>If6+m-3Rh|N*Vlh>+$evw>DW3+ z*8{OBT?c&(4l{TV!v7UZd$j2e_xXR`In@5t-sQ;2nA0}9dt)sCwPe5r@rkOW zxl~&oTlncjJH1ZG^C~HVRiBO&5|5MBJN(v$!uNmuh#n%q$5=y5YofRCDtXIgg%Owt z3mRoXV6@MZmy_#TD9c&=LesQ-jr`0MBPl_96Sf&%ME9iU)u!MHsA~5Yw*W(u|NIWC zCw%kucP~AM`Kcn+2iiM6p}*-ML1AcYBnT>ZO`kP=R}rh!aao!jE6$AZeV?^%A08dj zgZ(K95|P_2B0{{aF!v!M4yo`7Ohbvt!P+AKSNBRMij(yG#ohURG|m1i(Y^{uKa@`B zcShKV`M<|q6mQIpx5Ai~>2 zg6A&G3){JVJ=^4$*LOG2Gz>3<$!Tnrx<5LNIBJ6>zwZ+zkcQ&X~j^MD0`ahzT4c6%G^?s@fot4XRyD+v)3N|HvW!(3l# zVa}wyNR1q%!43xxJnQww;2+LT)BU<$ssnu#WqeZlZR>@t2nGGO?VPbb5&uiMC3oO% zb(YfQO)+=JbHrVjD(dQZV0K(8ygK14xcCd_~30R+eE=nj{#W8)kDaol*luvc@i4`q+i%lw$;FdPu z^ZF03(Elz}mftPDA4LK@W%)Zx?R$Xs72yw*+V?;lTB6t~LF|DVU7WZnKKu!sI2sKj z5y2GLH^HKK4ZPh6hLzU8wGeTqb!~yBzb(x~z6e+I6>hKtOKmK{rtlieW2?>v+F|!B z&Mmpnbm(aMVne>PH{H(8GFXj#SOwkSA$6`NqSJ8%NaA)w4);8cg4o>`*^MgM>V6yr z)!!i*p?CB_j)Gl2-lMvj6wsDEHe4iNpYy!;V|)@izeCA>9C*F?>VG;0}S!i0c(N2qbAb3kJIe4g@@)$Ds4l za8-#6?K{|v*bamPS8f6%_U%R3jJ>vFm;grxbt>GRTC|KtMx}OCY9q(*K&cJ&QXHs* zwu++lbyXYybGQFuZ-2!hYHe>P#&)O0fr3G>Cu3yKMF;9|vOBa7V>5<#WE^spl)Mz* zn{fc-b{EHRm&PIT(VqPro3Wo!&JoN+ zy5E8J{(m_Zpik)C*BPCG8jH;s;@Xe5K8&vYr*ZAy>0TY9U%zuTqhG%nqhEhCfs7`Q z-7)(0Tgw{#`lDZe^y~Y^QT_T_JV&Q~H1d5RK7HLK>pV$BomcnbfdyTAQA*nm)ZhZ2 zPQ#;h%9SQH__WXUi$=*&941d$Y9Yp&eAUa9+Jz}OCnZaG!5Ox}r}#UfgK6&(DdLpq6yjG$?#Ji4Y{@u6H*DY2k zj}^yv10VFQDzNCemdZ6%31!_n--m_=TYgB*irkaSD{*966D!?DNvn~3KkBiN5F1J% z)eer%zXm4ouUgDDRZLF#|HdcV$>iq8?&48B3vTuDXlh4wJ{^`m7D}6r%o_yF+h~Kv zOq(POdk$YV-QseAa05qn%$#d)g(kDlCV$XJe2?E3B1RrA*@DYzKnosxyp2wh=L>9^ zu&T3)7nxnTXT27b=5?;gm^!veibV^s#9qK{@Z5f%yp1$i126YM_-7Q>INJhCnCqi2bQ$bdj$grIH2wG(w_JwdCuBX|c(( zB=zw_CcpO7{n(kluKB?o%m?G8b#p<*Kbk4B;M0FhV*M6U%r=KM>&^WKUD&&|CR+NC+CK3Qax6h5n@AZ2!y(^=+or?m-xMi&a{7`%0s za;g58+}*teLwcPX$urNfo{N~qq4gQkv%GN4n#eXBQvk^Ru3Z|(Nl0vIOhMjF%YaCQ&T z_Gr+K<|nlMYbmMcua@ui{k>mi3`yjkB&sg`e9LWI-D7klUE444WMWKg+vda*+qP}n zwr#6p+nU(M#J2h7zTf9L=dAOgt84GQ`b)2_RlREeuj?1yV{XU?YJ*x(#=LgcvSIFJ z{~HG5{k5CU|F3e|hdB5}z=RJ>H{~LZY8;1_K@rmaf$O%1) zj0r18)2J;n_0OAP#BQ{^;Ol)G8&#DD1~58ER7OFt4phOVeFC233jyQk_XU3KNmNo- z)hyiEv+j_(k}FC-R?|toVYacYZDhEST7@JrOyOTYuazV;;dHa&2iVd|yIZ#`o)#R& znA}ft+P|`7q$v7g!Gf!zYNn#Xr;2L+n6_BQw~Bio>(=XwgLinPTBOswEt{+`{r` zF(xqk))MDE-?_b{FBhJ#PKIaS{SzP7iX8x}2ug?^Of9UdnYc*`Bwdk|vXA=C&q~o` zc@v{dS5L{xIpXK^uuWD^S!=iVE2EB7+fhChvIS{B{S%p?D!Qzyt`-h-Vof^& z9Wkj*34`lTkoW$UQ-3xObEr{;3vc>PQ%dk|#4N3-uS2dajNTd7^L$O!-(!jZ=bvYE z6K?h4HqEQ8P>YuPo>b}*TeDeoa!=kqu5TY5=%yE0aq@_2UU?BI>oXpIBn^-b`Fd1o^#qR(;!vrYcnqa05j#5GHJ~n zuhL7mF$PU<@CRgtj|BbqBTVW_)I2fq1V9QZwLGJL(j*(w24wLGxq5bhbk0FZKX4Ih zlEEU~qFqFP!pDF$r3yf!zJ0Q98w3%FRP0UdtU!@U=h{Mjx+GkUUS#tg@y0xfUw75lf&=c+?vmkRDC>n8C>NZv>gn=j`+m%u z#v>Y~z?f#k3yEOVi=D}Ckgv8CznB|pt6;`?m)dIS9$Gezt{viKsZ^@n;3j}%W;`*z zP3cg<9979-$xZSgfLXFxCAHEd>Otflj&3%7NY&IE1mIE3l2W1R%(H6G4FUqkQheDg zO*~ymtM`5u$oUwf^1^^VQTxyQE49wzlC1HvBkr%+PfyR>4;pjN0_2qdJ}2H9_7hh1 z9*a+~qhGV6V}Ie*S|f^U#Fdvu#hToTd@0RyXw*4ofp55Vr4pEUB>yi$6cd^#9U)%<#!9KZT}Kl*Zen9TjUe_;20eYAXdTh{G) zKa~CA*ZDR|a|%;XX}|Uk`nK0}HfoH#jKP8ucxB|p%1Ei5-9SfSf|I$)1SGMudy=JY zwAkD^J`VY$>BN=;{q%qKOC!rO5iXYcn9oT4$oc3yDJl{oeylU#NaLJ)a$({jfpm7m{L;z zg?X&#%JSj)c!cL{%ZYr?sYwGISGY;vVnxX8Ejp^swoUPsMOJl3AIOS539d2tI}Sc< zM%?4_!tj}BsrYWc4rm%CQq;E>savv%0l9UTF>AE@zJT=g#yL#-OyE1*qzPuiysQl$ z1@xUc8~&6ZL_D?Xli9%${{FANewN$a7O0~f64RuN$|Zl{n>cmqd|qWFXCP*eHUQKP zI(kW`scBx>vRo3I@`9swe$7rgW2i}+U$|9u0+O=0%OJ5c!3vg>z=beZ9F74h-wNu@ zPvh`u3$q$>YT9U^xkNNn`6tW7%#g3?hQ8fK>pSo^1G`PWmbpGNdguA)x_P^Q46bHv z4i1>m^GRFZxH1AP#D3+1wOEo@YjcyU3NA&Hw8yRmH&ChJ#-gxSr(i%LDrfK(B~pps zLt=PU#T!I@I!`#lI#wZ^vJEH$=uvThMbRNU5vJW>73{*k5zldb5pFzuZSH!wqiBLy z8o?k;>Imv21~;5G!*sAlGu~oM{o^~qO0W^1G%f^KRWXlU9iEjcMWov18#=E_SomNf z*Gj`2kAeUo6&WdyrK6#JQJR?jQaReHDtA(22IN1VQh1DGwTs||y=-D^4N#%@WYMMYpBlk*9pLsOh= zLr`hICFH6X!`WT6X7L}=Hyf@quTzQ8NjKip%;I`jWfP4kgBDzW^7#-&H`6XEVoxR5PtCjdjELMR+?=w1eh3Z*f%#BMd&< zfjf-0(*s#jJ454>E+7a-!-*hdFf!+RSCjmB>)lCn>keDpcfI6V;l>K0(?G!t8j_fh zAZKP1rR&zKKfPEu`3bj07y8$0-c8dPkyW97Bmtxe)@>?&T3jXDLNGhymnga1)xua) z*LIiR*A4o{l&(b95q%mO>DOy)xD|BUFAB4{60@(%xJxRe=oC{!x{TZ@xqBW<|Lxah z)lJ2V$h0shM*aa4r?e-IOEJ!bIEcuys)Z%K5|lOrVO_T24Qe- zfRKjigI}1l7aj}ztKI-giqaZ^2CdzIiRW_R1Kc!o9hmK&L9l*Jq3Wx@Kb7Q)s4xQm zWFgESNAoh|$An6WHR_8-vOSoO|(egFz$5|N0{9pz1nHc|qV%D%`_UqUhxGi4o-udk^JIR1$ zTZEOYg%U&(qVFR4nE>3`ZaDMC**-;6?XP+4I@}hz=Wbb+Q?<2^CDIfT;n^FHJa|Dr z35r{-NFit<`pwR=B{F{4NtH1OdNogtH2`qxAEGOji!g1P`+o2$lsNRMha_%>5=W9b z1(e~^1FrP281?x4M@DHWx!3ar&&}B-|ESM(IVP!3vk6LRLD#RYX@99+os%wL;2&Yy zITeBeE#`0OzuO%1;C!I%Rwf~bIbU6M@^!Zn=UEQYob0fZNPeUtb;bF>n&Wne=M(vM z^z@MO`M5>G=%cRJXvzETN^2_1>oPCG$p=6r9WOo-E$M_Ykx{QlpVJCK*W^oBB`ZTd z3oCARv{#s?JZ!Q)GLBh{El()F*$A&DqM~c?Q}WvQ&=|55YP#JIX!fHKpcN{;+Xv3# z)b#i~@O>6BXBKa5>nO|axQaK?2zRM9KN-|GCk3)pBo+Iv@GJ^VUK{~m8Nl`iZN#1N5%gDGKntx0Er>UX4WLmb8?yz=NW z%8wi~y^0GQp;BifFJqzpxp{jL!BQ>}EuCb)@|=?)N0jnJ;{DUS;58PJK-r%lu#D>9 zP=L~sh+F^(QfMxlA0C@X_UYAsXF>D_%4Z%*VPi7|c=mIrq|4T(Vq4gA-6utfbduC8 zGdi*^o4-_NHNBW&^XVpyNV_$M_DU1G0?GCz;%bLK)0AymUDmGePx$a4>?eT(d2P$I zt!WZEPr6z76N_jcmF|luo%&WMfl`7_vKIuH!b|D} ziVNF>p*eB5G%MW0g~cPYQ8+6bm@FS5Lz1>lg;PxaA>2Ub^Y4{5FW1^fZlkK3;E88z(b?H|0DT5tuCpfzHJ( zj+CHKt*tqo8T9Q0W}IWECfNRnQ14_XsO9V67KB0l?XB73n%S?EO)%sYT9|#R5grj{U@k&8)&SA$?y}bI z?k(+}t9>+`L1kR!srL*^#=;xe!;^W*&}WmsG=dSB@OLV=-O-=3;8nwyy>lO4=Q)?y z`)KDq_V_(_n89n|Jy%uN_w6FL`_qQ~>uB2WbGj5mSK~9*JL97Q*>A)6nb}Wk3&cJR zov2bZ1ns@1dM706{>aPUUIGs^XE3V^!%9zGGEsecW-bT+7b0 zNO8==WZqUM@$1g_X|mP=$6p%M?QG<`{c5tJgqu_~R$}GwJ{87@cs1whShWN4hVwzi z-20`+Wk1$!wqYNh}Pxrb2tBGeU#UTvzDx{HqXU}9#$B|YJb)TB#ybJ4}} zBuUv10rGT8fjZuR_Xx`NN}MXe!x-|u8rrLq0r7MpbcUY@H*?EftiEZoEL*^mI!2s@ zDAmhELWuADbYZ3sOL7UsGdlrW{v>BCm0X;IIM5_6KaIdoPBtudtE}@FU^StsxkikI`YLNsTwfVz92If)=A&1;Rc?LRV zqe+tsVeyhSi1G&F&Y1xSSGBgZH4K+MW;$fuuh$c7Wwk1E1*{@Y2@Bi9Mv%tj22MYYre;fsiVkmLSFAQg&-awJdE6jv*nP>W)Yo4LEdxYyJ8t12-+1Hcv{lZ+sGMB@Bf?JzU6<=y;JCMUh5c9j zpx;N`S3p|nb**#t>WLS5*`~af*5zZ2NfU9%k5zhwfm*c`1bYa1hE+>x!1|HAc+f>M zI`ZK0yKjemODa~Blx6HH_*P5sn1D4-AyO)5={nb>OPDLD-W(iAEYx#M04EDYC(o`d zo~Tfd7PE(hl*@3mXaEUW_Xf7`7T)ZK>m;OTT8pTzq<=NT-LbO(>1b=-ompDd&i%a0 zJI71D0FD>7m6=uPFDFAm`_qfM$%yy5)7i|O;S^8eR3D}4iB3j+)h(L;XHh+8WJ`ONig7^!L+v9CGs!eG4@kGGHrCUUbmOh2WX$^=?P0nF^s)D=@HFcE+ibn zi0DY`ba|bO(CF&cRP#Wo=0g7+7_19($LsI9Xjux8rC`&14EuzVJ^+Nb8^3Salit(G zXl6SjAD~u3R%w(-cN;7P2H7A)-CYHnc@di{(h2^ZVsRM$*n(T86hN}WIs07nSTZO! zfzn2d1FE28Zm8_?%WXI@keJh8uUvwHrMFvb@41#>JVg2wrR||&*Phijsbw9n^CQ)_ z%u#arA{Yr!J%&H)pk@4V_GledBmBT$xZ9|zSdPMN_w`I)?g7hi^Z}tevP&USUzNC^ zUh;^I3*0f!Jp4#7SsyIuGH##uWp-eM50NT0+C?EmhKB8WRp-s3i#l8=7!EMisQ(FL z!>%dHu{I&f(`*^#aXy9durf*+<3ST8AB+32vhzKR2^GzJp|EuO{)W$^7;S`ieR%6UAkq^6X^P0sh=M*_{jbW7Vjhb5?h@R6`_$F<+&L6=q zxEA;k^S(~9uS_FWRmIBU!EWU<1KGPsW^l*m)*mgn7qFdwO@vA*rU>Xe3i0qCYM~Qu z_Pca_>eR;D-(QHs*=e_KC8POo#Z*zPL5z zm2!HAt`g%N=0BXej>z3XV4D0O46N9I2a<51+J&zTi~G2b|C@ryl&A5TH*}@6bj6Yk z`vX(nlCQqt^K!+qAyi#*G>-ENAjEWZ{8tip7=c1O5m0JgQzA zV*o6>Se*BbLz#X6EQ`!{Z8S8~f*5}Y7S-s^19&^~c?{uZWJf964ru5jOV~l-#T0}; z9Yp+ZkS+wyH$0($n9CTyYy_fwxZ_j=D0?-_{LQ*hdAifT8%phXr$AOZjgP2>80@|g zb!=Err#7l^MAO!5zaCk=W@{w4BrSvs{6~8XSW@@X>vFP3O=6~Fj_h%qLifz&i$PXC z@rbK!PM+5^%3xfk)eLo{#vBVz9?!NW5lDsPn{}qCdFvRkK2*(v>h>3dSX&r-G1#j% ztNY5*u-{vaj4g{dlC&V;h18GabR_rJ0O()}@tA<4s!0-x$AJp|M_U<6riFM65Hb|? zWyVAz_GnYbQik|7^pxRCnik8f1nTby_J#~0}EX!$h{-a@87qSIBJ>db&$i~wi?BMRm@J3>8Dy&V?NN-7unX)M=JyvMb zV7YM_uR&hIM*Y+)(+{)yjc&4QTst$#ywSBufd;9OB~Q=s$+So1o4vGadTVS%YZl<6 zLB}B)=3ux8W6X-fySB?~-NrwFbo)4(=Zu4&$Ubzsoshw-%JBsw)p~z{*GL_*MCv`^ z)ua53+o@3kkxCsvB9d7QA*11j``F&}<@RgJw%lKVM zmx|A@i;n?>0UhvdPy$LiFAz5i*s*po_%XaL9Yqn~SVpfbqwt+LJ=xG=(nN}YeU=;X z8V2)jyw?GErcSq*TU^qohKlt8g5$BQ;T^Abqs*wraNDddBc6)j z>HUSZti!ihhM&AEWmvG^zm{%WppM989{KZZ#}dmvMTG@r<4g_MNTaKu*NzAqTk9_N z!A;va-c91cF7$%#6wjd6r@)2$E6?E8CxPIZrw@URKz1MO;MeItgKbX%up>R5yBlw` z`&-YhvRR&AE+Qj6SA%Vyaz0VM+gOJ09n8bePoqOIH&=%5o@P=1yuD$3@ecRI{yQ`B zT|qkX{KWXViTS;*NBRG)66cbBb{Pj<{tS3ZGt7LY1PR>n)SpuO1=;Po)+Og@@h&9X z|CFh-3Hibwe~nk@E~@+rQaO!GF5t5*_Uwa#U`X9k)gKV$TKME(&?MYxAh%~C@U$ZlLnje zNQJmFT3TFZOAGtBs59olsJX_3HS?Wwy8kHF8cR56Mxa)v08$R2r`^X8oLaIfpbVDn zJ&#oel@vzsO68IwapbfcZgT>ywnms4X{K!|KH=KBlQHDabaPz&89AA0pJf3_c!h6E zHpiutA5QF{S=%~$*|t+-j*}MQ6O#4Zi{BUJSp*4-YSPQ<>mswTMQ&BkW9tsF&1uwZ zLh^U!;K0^xm}vRM`;C@$HbLIHI_ECx#DgJO4(5iVCWVH)u{wpO#;qW5L)dZ;P9tX* zD&Dd^pPIq>Qjc)@uWhdeTn_ASOa@}NZc7b_$)dc)+h!xjPeuo-X9f~YiowtIj}Ka) z*)k{rQ~7aH$*$(CwDRz|y@{fi!;g(|#RBf2#9w4fTR-GgHd{2zaq(dY`*Ih1o?{b3 zJ%;~eeecD)=|~H4^g(r!DX&tij~a~?#6QE~Ej_{6E@!2t_<5jIhy5&Pawojy*!~;I zli23#DS8dYOc=~ZE0Gh%E&4gb*YIoIL;zy6-Bo$hg#J{EeoDOm&!22dwX-s_Hob1| zXkB1_Qrju?D>KF!17H0uNA%>m2+qpz+0axP8{q*J;SjYf*Lo*8zomr1II}vlfrMPi zdzs6@TG%j`-s*?Nq)y}=tn5fN!Ik<7=$F@X03p00-IPN7XoJu`6g8DQ*%Cm@@zL#( z;txa)J()yH+Of*2X|MWJcfeQp`|-!y_*2c8d&Vgp|3Bqg%+?sVvqwqX*BkRRr99sS zTgzjLS@9GzAx$G3oBk24^7{xW(5ag`X=biqH6%L)bugCE_PqwC0!C3GS^B}O~k96zEEC6;zBW@qqLOi0X# z`6Ds-14^#)C{VK_wAO92GK6{4Nwiwpy27iJ2BkJX#YjBtKN z39+&^@GID_5~7h~nz{#9Dphy~QDAn($TQ%98BSxoj8b5<3{zl0e81jC#AbY4L9J1u zp1kG4y&%GdxdQfLqHt1PF)8UIdc8&^R)cS15QsLB5^ic{v7p#TnrXy_u4o zM$Ppj9=0C<=E9u@3$^bZrC842pwGD*Dj5qo#2gzWp0k$Bf+^Vd9iK^{c7fA2yteqsknJcVyR%{(u{-MVtIaydtpdedGHdlcXNDLBR^};XsVrHvhpu1madaxHSOL~B= zD*-r?YG21pcu0dM{5%>#Y4zozNkqNeghHip7m6gL!n7m6+==8MoTXWe zIIIkvp)*uz7nlf`NyJQeYN?T%`s^JxJ!pfd^Yo5epXHwbk*Q$+iiy(gerI(`A42oh zWTKlGLP!;{mfl@v96`vcGf+FS;^uY!l!!_nXRXp7QTa!OqRk&QVsg@;RF~-L;aRE$ zR@GU2FXO|G1Hh-0dO<>#{NA8sA~aBtB(g*iuxJ7WW=3My&kn*d`TZhtNnvX>7&rQ@ zI|wo|5lEN@LBVlpJIDwDuuUm|d;JCS)*BP(z33~vC*RtSUoCRB8M?jP-nsW zp4og(c=@FL*OUpclDxQ8@VjHga(-FD?~O(0*ZHoF29^T9 z;j?g(u6L~{j|zVbYn3p@65L&kD7J|Kte!5NDUobnHu!}uK;1GfmvgO}b)o{*az3KY zEcjeqehE+u@6r17BH3CpQtNYN{DxQaQFF0&MVObMMwsm7?#lZd#^-h;-j5bK8%q%J z9Dwo!D|;`p7$u-MjU$?0?)xrMc0|GA94&8#6g~4S ziDZFXt?E=4=&>#@8)f&PHr}^S$7n1}#zrl?#@Vy!Z?%N;m(Qv4-ForP#n;u-{z(K* zq0O7Fm9Vs3AX{sWCNKo1U@E^e=j3)LKG8z2}g3#|2Z)BTn3^l}k9*u7o9QCJ@`5VY1KxudLfOI&zrG-G}X zJj5?UTstKXXocQY61vf-W{eMu`(vd1tp>{Aw8$tukCJ*(H{boUi2v`QEpBFfg0GTf z1`J0$w=op$7bEG_GJwXtV)N3(vyJ4`OESeetc?1>t<+wLtN>{Bbauf(SKcQ7cUT1g z#;#vb?Iff~z*{0hu^y2X;l&`8`s~lO7M53e-NP8b=-z(@IznB=D|qv}1$Vrb61V=m zwRri_txfXFa&SQYW2MN+VUZr4MRhESq0~5M=(NkDnO_b{ht)QH&b$MnBJ<6Dr`CcR zKy_X?MfCtYKo@aZA)cF}Q6+1)sHOOPs6*1Z*KW1V=0^>TJ6f^YT~e{)Eix^~v8RTC zOd5%=*XR68sIJY_w)TUvqq1s%H;q|NebPd`IZUzZ-M$dvQbsBfgo<$WQ6BzIi-#W> zi>hNL<8fSkmAc32pWATdS2vx7WGEuw{mh3xfFp?nrA<}?6A`<+FdtUJsF487{8>bT z(!vMw#~!{clxfWvKCYdjLowkm?C{ALj6rht@8_KK0i*)Vq(A$lErlE!?1NURZraL9 z_WRG(womi#H(T7_T{nQ=ush{!WFZ>>!=fGh3qI&LJYRzoF zC>yVuc2#x%4P_!(ir8@Q5;WFN0|mf z9LxhK@};~T>gS$z&#hCX*>GMYANxE`rxPUK%$W#{_4_X3Tpp%0M8S8ysebr_`<7|X z_LKW|q2Q|L#N_SpH>cjt3KpbDn$J(%$$&TGj?;vwn$}CF^2hIJ?iI)9FX@O^B|Zl2 zx?~FWznT^Jrb7u;YT^yy03mVo^MwG>+DBc;UtZMNP?rLt+9IAP_0jneG(1$swH-Ls zegWStL4uj0hXfG}m%leKXad@iLiq+VX>_UcRq?c;#a=STTTNFhTt~15r<*-mj2C4y!S?3|JKew9Yf!HHioxul#aC6o$BGx+ZArF@sJxd(Dri$81$ATgah=lVr z_grX_6gh)SX=;)jKp4G*$DmUJ%L8YPFpV5Cl-QTvhQr;oL<#@I3)1gsr;>1Ob#G5y z%tO4dR&V*&qh3WoU8%i}6(g&GuCQacX4FnI`^|+CAy7m;%Ftmm=??^_dgZh68Cs^8 zPl?r9oK@(mRRq;JQJCxMF<3}C1yE8t6v%NQqwKj##v6Am>P?P5gAk{(5#d?;xT02} zP;J*$Oh@4TR!keW&Ngl#+7pju+vLRyyC4_NHZJl@E!p>md-~w^EW&n|uvy7SF5UO= zA+FFwF?lsBIExxyhRRJ`mWWD0EkFJNDs8C38$725w}Mw@H;LbNp0orfQc?qyKqUTr z)y2lU=a^!Z(0$*_1{2s^J2!~H3;`h>5N6{D*Kc8pLeCGQPUrx&R0WQEAteVEH;ZJG z=8qzv;wm9|Tc)&N>M_P1RMK~l|K7jLq9CR zRLVV{Au3r|uGY5O<}n075-Yy{Z{dU{5~^Hv}XkK7*7f!5l>B3$fmo$ z8WOeqe-J@bYOe&5-H?+s4A4%+03XPAWxrf8V zC!DQQzSzoFa!eo7tgkE(j8WZ6d7r1ZFIwP#4x6pfm$nOPQ;K*Fd}ON+7KSkg<`*@7 zm%hc5c6Xv0R!y^ouu;M?sz;Gh@0?B z7$kGT6o0p5%I1O(+t7_`we*qK)D4qc*ZYChcj!G+THTD@GjSI|OLTc=q}MxQ^Fyfo zOo*K^RE-0Zoql&?D8}^^92ko@i7+?r=LZ#dBIwJdtncfgtYTKdgYm)s>-*t*YDX>| zfg7(^1U`8*FY{k_R>T8P*HhN=KLjd*PTMo!IXAEnK4!-s9#5oS8-9H50^p@N+^+5uUrhwM)F;r&`53|CBC;OjE!b)T*z zMMbHoJ8a6MrRT;*(%t+5BiH2Xh1|`0hTT1$$05wj$b=zm4D3Kcam&_lme3W`LTc#c z`=jVOIl-l|x#MGw#9LUYaA$ue&NSMygzO5|22{W?3z>`@ZOFm%uSz6XM#g42YjMWR zI^%$Qe%f*^rcr7`eD`9>rKBhc{|oksLm-~inH3mVLSC6UDcHX6xZb`{^KV*-42EKV z$9N<$F|nb-=_Xb~m>fyRW;L(xr`__7;AmutU%aIFR`uE|3e=}mh(F_Jn77$z1XrMO zyrr3IZbk|c!(Yn#HS=gE@XFwRz%?s`5cSr#F4(kBP5sEwFQ-PI&#r zn!-I26zbsnR1A;I*z+HH@rXYM#LC5ff#Z)#OK3LTlnSb4;d*l~Sg*+Xk=B_ekV%$x z_4F+o(yYh11AnC^kWGv9l%+k)WaB*EQB!j;JKG!@y0KiCNho8xCg{PEP1Bq4*uH{M zPUb?p@Ri$?>I1Y!MFV=`>mW?kM6!ePEZ`F{T2Hsl+tuLaF5V z7K$|?jty?8BWwko@4%CYe0(3-7zXye&fzFw$!OPU=ecD7PLZonCSI(ei&sL11mYW# zsYw(Y<8V6qK*^9{1}bq28vsR=Vo)&YFL1=Q-d+AyQE%NaRj=l$HPETgpDW-9+o-l{ zajEZHc#wQ4ZubW81J7>7ZI)`5Nh(cYCRa)r_k-MNl>)?fTi)(6(iWGb$%Io24xOGB zI60<_4ih>#Y(&#m*~eSNdrJo;L`0Cl5bL|`L1M(ah=YBO=}DO$yPyG)rN{g%5!r{W z%2e=)Bcx>hvQU>m2uob71wxBZaK@T%d(rZl1`QX74)Cg}~P* zFVqV9=m3$|$Jc8B(e^{jum|E2fxS1;OjeZT1D^5i>yRW9^6v9Wto{Y1{`Zio)WTx? zAkg`bQ#qr{8dZ|h?^|IFORo%_b7$BZy_5uGmSRuB#yV(O{7?qgffAAgo$aNMyXWV} z;yPtpfw*qDU8#gv%uhtbr&Om&NK)siFXc0`%xT&|^kK_65Edm}(%;N^_Pu@*$tz|+ zlcNIRFU4xs9Us*Txv%0V!fPNO;^DXq;Rjd=H{v6ceNpg2-?Qsvd{N;`8tc*Y;6n5k_`RpFNQ{^ z*L_;gG*y-Eb8qiZyG^$R$@If=Zd+DuBn5apIzWFdt3GCwn3tEeISW`Fz*A7c+~-U) z9i87_de=|sEv36vrd+T=Hb6jO2mAvtn$zP#{tGa!O8o;c3fBB&UQ8AEMOroXP{o19 zCm6_Nkb-_{Fav}kja0f%`U3MJ_W1+wz=dD?3mS`jsbImy8@r48J9Ln@B~M)gntsDQ z1SgG8tx^$L<$AUQ9ePSE%EM4A6L;38NIgMM3CGO@rXgO>9=7ju=TvE+epifIm0q}{}*Z=VIG&=SeKf+mJrs0SB*2YCRZ0J1$fZ)f}ILEZUq8m{WrmQ8izfQ z-1Xa)qZv-Vu7Y_dwH>M*n_Q`u1_Tr4w0Q;3Z7VRm9bcG|Djw2yap3S4KVQMJ z$8VHu;H=h_QxT{fLYffBp=7KLmYM6AIo6jK{k!hoZoX4_ZP7&U@dFjV@)?DFNm=pV^TOaTqNb7GkVT1(gIrsl!)k&e>c{$e=s=c~wk#2=-zM z3U2c`AlT$5%2zM5Z7(E$`44WScug`l>!~v3V`jMnAnms9x=$)7tkEaCV^%$K2o^|L z$iMTe^$MO!7_~Fr^r7DbBWbjpP)bul#nrQO;~| z4La*As=j)YV*QXz=)HAlEQ1)r7vvCJRQ5%;ZldaUB)FUet$n)e_5r50TPth()8T2` zwI@rryQ3RQTi!Q!E(pzOnEA4FlS{?!iIqUf+#@BWpw~IY8SW-S8dfEUaNs%5%8k7F z(8kw7ey)?LU#5(g-NsSc+t>BuYuGp0 z3@6+H9%n32I!quDnCpdK^eM`7^-d};p(mdzKJ`s7yM_1;8`6kWfsM393?+ZPI`wh= z35yBnQ1`(>$3DXtyMUyQbrPdJPI9)gDz2mmZMe8y$xw#*q-}@MNiP1?RU$2FgZzzK zT%C@JHnoDD|F<$Ubv^;Qom8~w#tkJl#4X{3~Dkw&5&s6XlN4&tuq7=PnTyCjH5_pyHT(2hrneNV#;?hTI4?n zW6{YQ_qrECfrp`B1ySss={oYpVxIqMKs-}+FB?CBsut&SlrqYyDF>pPqH)##`tuduBL>1W( z(BiAAO$K61Doy5x{gO6q1LSLmDMV8zKranaD~S7ac9VQ(k63%qcMQ`NFOk=&{dLl; z+dORi2AF{O!YOXBauPO9e{*iZ^}@{P=QgFnpI=V+6+*o&4rz8OwD!*8fo$n@zU0!Mp$ zgf9$G{OFBnuhrf)eplO8f!$}*8`3tVB3}T68LJ;P`~tn8EW_o_@ZEDFL^-mKKcnce z{=`wtDc*PyYWGWa4J)Y1UKDf=|FXR+cQsFfXh&?dDF0ygWKh5#7M&d~RO}s+n2S{C ztN1l}8NqKo?c?U^y5*xzcu8EeQTb5TgPc*_n&gwna!#Mg&((f3ELyj-Sf3+}T<5TX ziadsXD`mJUH2EnEL^sWx!zBVCrnfABE5%Sp?N>D-H4h}$c7C8ryC`L>Y+!v=Cqa|^vjhhy6KOk%j?uS1;UdGmlfD>tSgYu%({9Hc za<63+XKDpl%ohH(Z-UYJnDeXU??<#zJWN!&-QK8lpt@DY8i=B%lk?r;63xt?ru{i- zIKHOD$6wK#OK_$8xlI7brpqIhX(((**yE&o4MizB719NxC2nJqgF6mpn;T4GFxry{ zDrjtXcJkpz9cVkG`4!hMwQ=7>oRk8&%KtfJn zK`KBf39IUikmi6K93DO=7sNe|S&bh{1cD4=^x3ZNNQNm_t*lf@%C@#ikdX|bft+$J zEyVA#Fv|l~38<$r#=|MpVtgp(Q~YNt3dS5Nx^q4AGtTASoP|9wwf`QbSP66Z_{|id zC?qInD|goB9&<5*GycX%H)e;$fq|92L71d?2g0w0h7|IUaP6-BN=T%c%cD|WOP;IFO6gxQvS)* z&w=R+=j4BD>ugqCr6k(*TDrhQpXS$kOM>JoVacBFyP1-d1wK>5~pyNV7f}$JtTRiby zC}kJXk%5b$!af|mpseAunkT4JUJdq5$?|dr+Vs4WBk$O<_oH#@;QDx%WgeLmPlCFQ z?Wvq@HK{XSovmK-B8uG`r6v=cxZp#Ko z%eytT2Fi??6&#d6Y%5S~3>bnFIj%?6r6y!!E}<)+)O`r&H}F^V4H1aKnHX}j>2e5; z;05f)MBslMMzGTPMC=+V@jeNt$-fo3J3{nKf4niZgIIpX!fA@Mg2+0Ob;Y`MdP6)O z@`HvNy{B<`Q7e2vYbnrZ%@A6Qg>5_)wv4=$t4qFBSLmJ_50&04pYyB}Ys)|1=V3#; z&Y!d{UI(T?Mu+YU?T94JGTkKQNo!uTgGB<1_{kwBVX zyV_y9qidK!mNX>Z+?X?0t@6?a=-FKtE=Nj3(h6snYVfuEFT;q)0m+dTxDTZ{G#i1a zigLJkzc?-{Np{tOwOfwc_I=S`4fioKfw2{sKFCm8OMk%HR6zI2N?;nw7hglV!x2R% zfMo-M&;$SU4i-02f7rOpYz|9CiLDpIyw!>KY}!w1YVYU7A3g7f2dOQfL*UowJT8v( zXNsFQ|J<<2@btT;GX){Aw&}-_;$&a&;hKG!$>*t(-%|QR83*9B zqU2*0<=4sxNhPT+zQ@-9QtUxQF8|If;bv+lglh-(WzOiPnjOR0K>_r?3}ddCCiaN5 z@nS@!Oxy8dfR*;B)ABjoi~5MX{@Zl@Q51LSyel2&%ZUI0+KJ277vM~i`rK&nN?pvh zoYoL%Yg1F38)axS>fXNl@||sXiX>M}Q!L9)N^>>r{unihlg~{2-d*vv<4^P^JKV?b z4ftdv<;(SLZR>vd%j#c)0jz@Xe3(k2V@a2%ZcQhfatY6SAa;y0tyXf1~k!7QYRuQ8k)0ak>oJIu#Q9R zOwG!NbKGpm$oa7*BN;n~e#)$Gy1T-NGqcxT+N{r&JAxNBE0RgSJfYi&ANet5$|X{_ zG2QHl8ayE=J5()tgWJy-+J#MWBAntS;7Gb0>AN2KZeJBZd zdh4m_a2P;5H}kUxtKlhfCBMgD+fJ%)(f%XsSo$mWUJS1?!EV74>>;8uU=z3R^7XL_wFxU)w}ogTkBrM z$@ALEh`EhPZONrSaQ8=Zc6SWzt~Rs}r*lwX^sKyAhd>(sIo!n1aZJLZG!h#57OacU zC3j7|p!!mm;Y2W>JnBv&U-id2aY~Ln)T~C4X7y^g|JgqxP|RgYvh>iQ5b`F0*cnQq zDn(CPqE~pM^!FpO7DD7Z06P3~LxKzf&nNL*M(>r05|i6QlCtB(2{1vT!e&?EP2wPV z1#~b>|Cfb|M0iDlkjiO~Q$3=qRw=+P?uN%`G9rQdU{68YQ&XeO0886{{EFXdXw=O} zg{rr@@gjzVWWD)UOC{EE$2iPXRr&T@A^ti<9tMT#eDWYehwSE%GrBXxUII~+fV`hj ziCxXFRH>F73l1CwDN(SKpEQcFb`53j&x{pg`(wUJg zZuW$0cJiZ9OtebPA+HR5BIQI8D#00Tb|WmqtQN6^!Q8BTw|i};w{yRfGhlmi)z)hb zn#!@@^TDa2A93gG>AUBKd!b`RI6fANRwAeW*FRyi)42?Kh(~UjX4JYAD;-m_)I=pg zm`~)bT&273_U@!V+#j_(?|(ea1h|irRoFgK&ki~stH!t&=5?{+ke$~2y&S`aN0K}V zFh|E_y@6S^rN^>V#^!aDobTOgmKF~|T5|jVYFv(-5<4nZVDMH%3?#=d5ZZm6WTlqi z{Flh$$4dv%N0-Hfg<}{Zr=vmJ2=xFjg=K4YW>5j|9`iAL*L9wEa;~3Xnjr^Rd4^EQ z!}xFnvTYM>hc{;TOwjq=P%)}zavTmtCn|SKfYtv=8)5(oO4c%CWEh49wdNS z#wmO|Z=24nyks#vq_E|ryjeeSMsb^Y||gVBR?&ps}6lY){-{Di^?zc`e+?VL*BOZ zn@j&6f)3EysjXI>34-()dna@FYA>&3nylWM_^_=D^`&?xj~>7j?d+oLqxfpwm5k0) zon!J3&P#*`d#UFWm6>nnY|CnRKc7AzEXkUn9uX`~w1tHzA`>Vil#v#8YOp@s*i)-; zunLSctT)ae!iAS%7;^Ai#cR=z>b4i(P=+u^K8e@(_FIS-W9)8@6o(5RGZo!B z`mE4@0WB_;P`K((hX0vD|5$D$@Y39$T~v0(vwx)Q_EhZfk7lQfbvX6PCG1Sn!zLu-d2l*$`OhFok)INVMVE=?@5KvFbQ5QyM1=Kg+8 z+tx<&U5-vf^}gJXDn<5umAKw#f}Z;MHzqRQ{mSa@|FFogGCX(5wy6YI@r~e>N+{%> z{V1VoK{_P$l6u^)Qg1+|GH0zPfQ8@=X#NuH+Xb9T+o5xwF|Gw?TW1WAi50`Tqz(oj z+Be14+NbzQ8{Q%esb?=EjyzPWp@W3oH6wZO9HL|}gkcnUO%+2rS)Qt&Xjj6P%3=xk znrnT5U|$#ln{T73eWx8NO-FRU9hqoexbE7Al<1g}4H4-cVsXU$=XzR5 zXQ&WtpI;jR5{nlpyy0stHv){weg4^FR@O zHzT1Gr0BoRR4Vx1@#L7FTRQ}FV)-MbN*1&yekf}XY?D;J7ppuu8V;<2VV;$i<3Og; z@3h0XiS$@L4i^f=k7a2#;q=Tw-8iuN?eZ@IYG*QezNN;US3c869G{sX(Tp`iHg1|K zwVADQl+%?R z0bg*d2tjsB1g9+ej-0Ae-VX8^oH!T{Q_L!;jEJNbpB)~h;kiv;iFjtEF*_Z z1=hLuzA$%9A;RHkKKf0KR059ew(arLDd?w_+BN@b1yg9A;VD_FtR5n1Anb1(vO1K( zX;0NZSG=ZUU@oSpu|{L)7Wef;I1Zu#x3`r(`cOzv3>+#+agXwMPGln}!o<7*9R&P0X{Vg43(sUt2=qqd`wWK_*G9SCKTz^!n7KlZDLAOPobqZC!ypiX?kJeO6`VNrT(qRQJbNreH4`6RCXK z`(!yVEFZR}?8bIn?8SN#T^}NV=Iy8XBzmtr(t4h)>6E?9E8&Hp?2@8%VGo9sQfIQR zS7Q(4iY!;}Xoxo=zo+KwBkN@(5T?cX@`==#p^$Zr zeRe{@RCK?r(?NL0T)aRN!G@Z?YYt-eDIwi$qEjhRJI2V+d-4j$M(g&XrqP_qX98J;ln# z$((M(QT^;&aU)mmJ7t`^(H&ZMBgm~`#7O>BY{tHFtg9@Mr^_7F71Wbzmaafmgo?{r zma<4RcZ>4tFr4Pmz8cMgXF(344(pE?isRB^8bo+hlFmwDL~H$_5zmXrju(?A|9S?D zgeDVpO<056=o)gZgA@kUO=^W_xP?th*~N_23i{^Z0Q-QBRtWCt3NRt* zC>mve;-tw?YQ3B!WvV)NwD&>sRgNMfCHT^?qi2wv1TK_%tUxfLlJ=W?W zb*SvG@&p=@vNp-veQ0JdjXx>^{e);HduYhBTRmoecyP=atv+=|{lnsySpU-ZH<3>> z{HpvH#((y5{bzNBp<6I!{B7a7c+rc6^=qKc%&M-uU!Hkc-v`fk=q6P^x%H}gS|x|0 z!-smnv9RQt+}k#N)j=~^7oR=;A3omhs(m6@6iqV2u$#ZJ?R`2ZJZamxK4G)mGU*<7 z43w#j?Htpvc&T3+*{Je+?WBdq4!CaaiDUT{%@5Nw^SrSuShxwdQ)~7N&2Qa0@m_O7 zkm<5%#J$>jH#)lMw+JRm!K!}L6`DYMGvLxkgRvbY{g|{F%l0m-_DrP`D*=M!zbfvx z4*i&y0ehIv2`BEPKF=bb#VLUy)w-tS!SBP=+}H??sQZ`;tLh3IewbMc%5|D*5kNXw zO0PQ{KUN3CwPJ*+0DCMknXFJUJ_9|)*?!XxtdmQ6)9aCJNlXL}$DXu%3UQuI- z6jUJ8LqY(NsF2=on(Ev7fkhHSs;cm@lim;DphALR^$q*HUn+QrHJ#qFn~cB*l%oiw zvNIVrg)>Zdv0G_!muN5~G!07H2MKbEV&djQ#Kj~OYL5KSg{F*`?RCjDLR+4WxP&4jcIGC`}LyK@>JK)P>X6+B;@d+vpvxB-g{K+5q)rZP8j=F>O z2Ko_W59)<*c^X#o#bEN~%QZ$i(Dg-?V8t6ko%a$Fu81cA>!x*Ybm?e>J4}UiDC-}i z)-pH^ICDd6&P`AH7U1|`C2x!hO|(je@$!Ly1-@>MucOCI4tJSE-ZDFQ65^47u(s#r z2Y*D#@vN^x;VQzruCv?V`-}%C&Y)VxKBhdoKFA_TYGywZBmE&Swc@pXxY{YX59$cQ zYYnEc(Fi{E!0h0>^79rp=*xNVv~o`l<>{tX@8n?uhr?rCjA-HP1QDo`SHU~DWbXCX zf0Vt~oooZH`}cVp?&slit?gLn^>rR;Li<0=-V3VVVadC1SYKWLK-m>=oJB?cXVT%G zp)#3^yv&sD_@lVuZ{Y~vuCucx$)1NS#m$6>0Wbsi!OeZrZ_(2 zUa}zKybdqD`Z6_AZ3C`6vyRSG?WVB>eDDo^_1I!FAmt_)g5F?J+pIq?-;h}%D2eC8~4~jq`_Yn2$wdi#eC#uH-S9;_m4Frd%eT z?dto4lF`h6&s}x@?+U6`No9&_IM{)JRiqrVy?lI8jb#BH@Brfxx-ZnuQD>z_L7;p9 zTaRE0_0w8)%2YM_z)Dx`$I|rmHoUXfq%+EXtbvwHM6W-ATL>C8+9TL{s*P|sLY&K! zzpa{+0MlG45m$IE=Hwr;lFw+IA=(d`x0Tq>t5JS1!AJ0#uoXM&0~DeQ_c=j=T8L#h ztcp#V9mk?y3i4EJp}LM!DoQZ%Fmbk2=1{8MM-kT``|nk*v;3e$*HSgD=!DA`{OJ5~8kRbvc57R@Rq$tty>pE1p%}Tt4qJIdZ5N+k9Q> zi9%MNY(9YJHl%veBw-F@iA4pT_S|w+K~+%^X{mxD?nbr5QM{k45A4dEfHl}pEGEv`O^A~ukOnoaYaxwbwDo`kfI@`oT3>?v0%@O z#UL2U<9{MXpki=Mc>8{j1n|?ALM``z$5iQY171pvyg$#i`C7h|J5IH&-GalJv&;Sm z*!!7qk2Yzj+P;3#S1|KP6_eZLG)xlcG{*Et&>OMiDWh(M7q@5TYD#2Sl3l>=IufND zr(+2`%Ew~KjDV43l~PDy3Gp?+pA0y6R}+bjJwCUpeTluRg>MomT=^5Z*FiC?8-bD7 zS~<-KPvo$Iihssb3gcd7GTMqBE%U@hi?3#B5h(>(bP89VSck_C z;hGK422+dFwg_5?(?m%{^Ww2h|6lqjv>`S$guWT~lC{5;i&pggMx zo3OsBGrNKa4UkA@t2ipQ<@2*|U;pt+jjF`e8f_fd++@*1g(*Y8T9xMk=Q71#idAu? z5g~Kz1`m+XT!jX5adQoUmJ)TQz})E7CvfeDoH!+f5y=q&7ny(f_Vq2u{N8H83c}R; zkqXkbT7f}h7}0Sj2%`Z08g}CQ36GbUIv(Tn+{)`Ba>Gc6G@OUcMUt!vq#3x0<_$r4 zBdS1C^^nZOXA`;03qm6MtP$-J0)FmBC=)v&-=G1g?je0_peaIXdqluPZDdpS+ z&n{D3{m^X#wkf2^0=3(Gs{QI|zLmKpn3=t`Imtsta z7q1M>(A4Y?4!WTgkE33bxy?hL%TI5zuDQ1s$GnlrX1Uis3 z?e#1kn<=;j=Hd(_T+JB9XUc&0Uub{b-X-hVxao3dMOa0HyS(A(5{BS#A^+p+lZCMI z5b*7}xCWUwcuX(K-6{0B4DTzyZ0*g8kPziR@9Zd z-0PZV*F98fbyv=FC9_K&e>Ht-6Bpv*jbOvg2CZR@&=FrqJ!0;p5l!ZKySlt|zc+5Q z$0Io0njCqTHS5@w43?Sa*KP50aGJ@EHTeD5p*4wIf4hOo^jqz0@~R;n^CQyV$35qE zgNc(Lq!aZ_&rgB{6raZ=ef#XJr@d74GTC#j2P=_N7brRSlTH6Y3pf>lSj*V zm~)|#G{Z{Cd~Fa2eYqIS3I36u!+r9q>Tb_1IEW?q3w->%skHk7dkB-I_Be8{uU|{~ z^KPOEc+7Zj8M~}8P_7n&potdxwN4g7B@#+Rzqos>z0Jj`ew{Q(t?-C1U0yvv-qD^W zxVt{x2bgze>krzTq)>;%NR6YWvGh}1+HPU_65)8};$EbU^evrKT>)x&cCD5EG>bDB zbwQ6`R{NR>Ex+(>Zt6;*wfCh#@x^SQru{A`=keBztfA>y!vNQ8U($LR+bvzp1C=%G zZ5pI_@hoS~Pkw7xa4d-62)X>n*tKX=&`jvz|1tIn5=Wa`a3b(zr$Od6g}5g9V7BXR zSObZ&N@svbUv@!kie2n z6jV;eoD-MQ+R3UYCy3H7#cyKYtOx>r*ux07x=J`pQ`hxJ{`r2nyx_U-CqwbUHIp>Y zSNtGH@lkV_G{5aplJrSY>??VitN6N`uJ}3+x+#jcd6Xo- z{`=nlxrz{NQ_^#h=CBctI%p4iWgB^_RAGL^*2J1uy>WPr!#1T@YBMQSi5x*S@SxMM zv&BEguD}Rx4#eU9@zLr?cbdPPw3-RcfZ_;S_`)k^kd?rq-$^Jyj@H#d;QnqSBD1v*1$%?uu|}rjLAZ(SMPumtswu_rMn zV&wz^o@kUJYF3fN97-NEmBt`@Puwc1XbvmLzsByOe2GLS ztYGq?;tBb(bYYOEWNsTO%5Hc(1}w7evN3c1j)kk8W#cw5ETlowI_^zLl9_00oQhfmKKdkv$47PQR`4BipuAd4U zQ6ntfIJYHYWz@pEMuxy1fyKFj}E5b))nmE>`{Tye(WOt6-wS{4EsTS zohjY!_cp6Ln^OFo{L#(`nY~qZH{qXpL>|hv)$^+Rrgou}K)#IQ7?A-3LhQ+x{J`Wn>b(F(az z#zezbzQPB@$OY=N2R+@il1=r-c{{Y)3OSXWc&8PpFAKgbMh1^G9nk>`2vq0V0c{|* z?_~v^R4@p|*}2#1HPTgEPW@y}yfN+OVjnKFiY^n3?C71_v4fv*7X!m!w7`o?Iq|N9 z&Yk>47&=7>EK(D&TBw_Y*DINO{t{zKPipZnFCnz*OTYA)8cQ~}AgObXi_Vbfvls>& zNNp^i;-+4a`Ju@Hmn-KQ?QsVHYK>Rb11%W465Yr@pS`RiBEb_w$!xe^fbItQFH+mt zvl!d7c_*c)JhhJ)nDnK9D#m*Lv|cX?qXD}lZET6<+I#G9U{TbG}UBK0wUEYB0U=`{?6F2 z^>WzA$Mx7Y@@Jyb)m3YiHt3lfQl*i3u6t_=uWV=W#~n| zOZv|m!G{5a zLGmojeT1JcxNNA7NS!!WU=<{c?w_ezm5n|Nvx|)thJ2v90`=zz2ONk$3L{}F6AMsVwyb`L zIzM2vWo|9b4@m63gCy=mXdQ~$v@q2I2_#)^1p6Nm=K3G6J>s4;X)@PfQv_ShRvrua z^P)$s%mntMZTqJc5Eep7;RJxNG|{Ue$c=`KshDL2?<##rv86?@gD4g8Nl{y2XQX#; z-AmcI|A-RIR{(yyQhgo$fh^J$OZdE*XLk36;R20y_(cMKs5mv&4u^U1Ub4Nl=Ko$J zQ>%5USGtfzAJu=2W}8xtb(zFn6D&xp^Fp7q*?8HwFg$i1dF17i%*R!YO&{&JbA{Q} zk=t)Ob5t!=*SNm(+bsO}N!Ej-ZCIT6S6Hf~Zptjy>x5X2#Bkk2SLcVs}clPIB>S5G#WG=UT=y z8m~xU>snH0?sIc_-r7-j=cIV*aDJRVY?pxJLmBc&B3^h zhZbFnb>vYz@ruLey%14M(ynYUVO%wvxFvWG>=GbH68-Fo)t};pfgM*KPy% zXZRWPCO_SIBTBOCy}zb<*Y}pm_Eymju5zX@s_qoaHEV{f5m>I#A81v@ zS9&)c#E2`AeS3X}YKNij(f-FW#qyk%3q_5tY}8eDHY|tLd|(>&W3zx{8*Y3&9gy_g5R;$)@3DpCl(&q{A zcLqosf#HB##(L7Fe5GMheo4*oJH!H-cx1s#^2{wKCo#70<&L5bx0|50Z|(|{Werf_ zf*8`*k|_)@1J5+(?$vyOTczWd(BCCNG`}F%hg%dy zZtLxd9Ph=b;wHc>`GVZ~Gn?(xOAh7FU{DvgVDalstDQIN`J$}PT1092xS>=Ak#$%;iXBHM<4Hf)gdpvBvnqJ=>8eIKJ z)57&`OEJ63Ge2VgvJ}+sK$|qVcmD80E9-k^(Pb`BE?6@k~XLfxdj{8Db? zsPGd)CSeCQTGc4KVFel7+`x(e+rM|y8(z8pB#6~9jlYD7n8(X;NcVU3PP9N%yCAnfKe@6MM zxu+m?2P4IfHg}Llh!<)>l(4yVzxRXmg^|_c3n`MhllvzVS&y)=#tu1X&v4pfuj%?A zWORL9E_n9!>XXZk?60=ij-$u9q4TlRH}_4+#06J7(%g+xDQYk!wFl=9X7a}^Q4KyI zvYI@sO7WO|yF&l?RE3;nuBco`u>p?8o1|lN)Z4YxtY)@ZRf_f7SkE1+{I_$lF=uw> z9yV!Y1q@#b`waTI9)6juag=fn5ewPWdnb-BN!nuyMaMlDWZjeE&Dtb7Y!*c(N@=8^ z+8GKP$1h;-i@qt}q$;C1eY-F1)|xuji49f3n}F}3C?P$bB9anp(oF4alEVRKM&1*5 z4+(S3`|cMs4^vm3KLrdIq+NwBsqA*}J#XS2zHcL>_w;KFHD`mKQU97x?GLcJ4%(VZ zTI^P^p$V|HX)2|6c=d>doVE}rgHX+%IQx!8w-F9ty*|LnT>WO0XLDh@pY5sZWKS?} zC!v^F%hIcxjv4%facNGb7cJmb%rE)yr?E z%f|ewFF?RwZY;Pcx4un%kA7*4A~kaP(%Lg9(X;nn({qqY4eLr_-Pc7C4nxz z^WO^x@9R*Hw6z?i#g)qXBuCXLLQMqjypZrgT-u8lMr)X-4pVi_pQpfDAM zq1A-YYRCsWJCOkDzdv>Vh0^Owz079-m7`unS}=+&;?hP~)5Q2D#HM4to+nJ`p{JvD zNx8aG3UgxI1s(b(SDt{#i<|tewg)@Qf?YHKzq-)WV^Gytv^ci>dc2xw3!A=_jK;j+ zM@@7EBnaVB@%^wOZ|>LC@BVYM=fM(m;(EuBMJ|`HDJaEGF6-@n3WvkR&?DJ2a|Hyb zyrYng3yKv(K^SdGQB}nx@FhS2e3Gdsn;Fs#pDvCx?{8>Md7}yv(RH@4YSJdX*La4q z086K2Yzvuv4ajL^_om9hB#-;o+Qiw_uuOEX-d;wz<3Cp}KkFUlo2xkugRBN}+Rmsm z=Q1(_6q&Il$1MSr)dEF|Dw^WHb1%bHlxqvz&Y=}+T~jffF8X!0WU#9;zLHm%RCPD9 zlp?#7rJ<@Ob@$&RLGldCX(4NK~_=Q0d!Vg2bsZH?m^SP`wVt%X?6ur-l(D{mwq1cAAlE_h^WeVW)#j=u()nWh`#bV*0CNxhOnG#^Z-Net>h=ElgU}}^J zMOyuSPx$k5=2+4~h6!@1guB*%1ZT!3dM+$c*Q=dZKmbCE5});P?3C|Im(KKS|LgOM zXS>X|+}HZE`BUw+cEs0O_kH8+?@Nd&rW!S(yM;RYr|aOoB9q8cK~hAKQ{^a;;d6u) zX0in=U#oD(;TP<-w=E!x`0y-8uZK*_Gm=Kbh_KzZe(bY0QnAr;ETyZMrRBibObXiU zqBhZps)ji+;{EaJDx=Cg$K>eCd0>bu4Wy|(Cu2XLp}rHaz1`K%*`GEZyeOSbGwPK$ z6$?fkq#lq45!zluD1od!Up3d+9@^Yq(M-Kcp^!|M+OjW(tNBI;CX50&bVw$fDSnSk}<^uBMyDwHczK57$??(xs z8e{l3*kfEfPBGnO@sMbkYj)oh=Ul(Z4h~MdpzBWSx-^SW&4<*&jsQv5L{*zL1lKO* zms=ZH)-%y0BuPd_o9dMx^!!fQa5KtEY<=kIc2zNdkp2c3l(FE2(#bUWQf9#NQtVnp zLJ^22kK)Eaq)V)eW?~szxX1rh2o&fpgg7&&^5))MO^FdR;ieWa^^g?WDY@t#XR9HQ zw(`6bypc1WecKCj^QoLE4qOvRFES)(Jp!p*`vv+awKQh6;~=7bqG>P|2OCjvXh5&x zi4`y}RzW0e%E$clM|lSMD=eK0eVK~r4|~Hi6sRd7$`VvNpH(%9EdiW(VdxjQVNG%H zTwFrsLdHmHp7Ssqex*5QFRY0GXB%+a(xNPwyOe8tg0@$~E`X1{lB+Lt!9{>TKQEOs zr&C_xcxdVCmx=CYv6?4#!NLr6_7s73u<;J6E!?fAC3HgRiS3juu31;9#q=^86JrxV zurBIDpI{(S{sP+gG1SRNPt7}NK)>Q47FqV0_PpK;Xfj_Nl&j{9$f*GrB1tL^I%dW1 z_bi_Hh+YfFirVds#+^=+eHT~c+HB<8=QA-G@(l-b`dQ_%ZT)kMLCcm-xMo!;vi?eO z)mCbWPzseom~&zU^hDw>SH7lH4^XUJs-Km5{b)Bg%I_wHwPa(fQ`w9Oh+`aArF z`8q#q{n13@Jw(!%R)>B@Se|;jZF~~$44dVy6J#zu?iwjO>~yt04#Q!p zTYhfAk||fURK0bFmFa{@fd>ydwetL2LmYIlh&Hlok7~8mNWpWh0MQ76dLrm!}C5D)= z#lp{y)6+6IH3uFPC#@p@SL91$Olzn?&|rOk!{iLnb7_8p20zUtfR#;Pg2sewW#{gGL&W=KbAvYz&@h-&%YAWeb3?ydo3Yhr7Vs*9Ix);G?(*Qf9<8tuA z+-sAEv(#jS9UodNUa%pkm|9MYRl+*?w1+CT&f;3whiIry+#|U(j^_l`u~rSr$*eK! z&xW38Vv3;C`LALFBo-^X=+>up8QCGFNj6dWf;Ae4=NFWqLp|}KGK`rFv(SgnvxF|< znW;3LzB3w%&^{TzxeK0$$M?VU&Rn(AWpjU1nUyY*4g$&;H9W(Uv%NX56oTEvY!&VS zc#d1PkxT3KwcGhLYqkE5#xDInp0(ru{^*68Tp+5#HQZQhx3oTDpN7uIE;nZ_71Wj8kmFbYpSO zZxCH&_z9UEpos^U2+wn)VzC8Ge{U=Zl$S_q8S8eSW;X__fx_<*qe!;xmo=r*yhZL- z*zTjo45y(NxKE;xQFkJzWn1zb7L{*s1Yxc7L2MWT!C=_4j>cukTI-X*kjit>!(!q{ z$2ul~J8O*ma<2?i$?hyj&Q{tT97DZnC7Py-V4q zD>un;j78Zhx^i{Q4;PXS!zN5tt``7|5!b3e0HFmncp54c9!db{S*s9sUBAs-<7)w} z-fnDAMoa$l7-V0gt>a;EC@3FND`HWdWNhOS9JhA9->#wuc%F%z)?xE%UP@NZm}9(l zSs&`~v2Rd8q?Wu&pVUwldR0@%*mM}I({&M+!AzAG(r!hAvW7e~UMa@l@Way@pF$L) zKlsD=aQagI^~Bp({5X2A%w54CxE%X8A`vrTJjNNeA4Z@2Cddzb%v6SOuYlasVEx&VE?tCnNR1|~&VJ9xXho5!{X!ac~6RDp{1y9rwJT=p8* z$0)KH;rXC_Vn^M+n-=|E*s9AYCVh{}*`#%5GO8_81aTI+v7#(TMo2{#D^P%BvCO~C z4qCARvPgT4Epq`p23SYTQn8vlj+tr+<+2&r6qFe}c3$&fCq>iBx~`i=w+_2M{>)HM zbZ))4+DtqJ^HKyI!wBBeK0U-{#%=hCuFG2Un~r%Qc6%VDeFK>(;u`efhx8F7r?*rPzCk_+VNz2?lKcoCKQzlqam4<`dkfF}Rg;LZp%09<$H(7?9f0ylV z>nQuHUOvAWa%2=pB?HXI$+Hcjz?UvjbxHM&kVOAeh6<;MqofB$Yqc;mS|c1-Nn(3* zS_OQyF@AwjavS>Qrjn0DA8+g|}QjQHjx0(y2a!P)RhGHQSdA>gEad7kBqHNE#t zQ41ukCE-Z7vJt1l!P!C&+X|`j2zC9_+ZKs*2iO>>*|xZggNrJGBY(A&TWyZ-W!3&J z^z4m^#Djqct-4QuA8E+$YN7G&UB%h{eeave>eTz`{`~usHkJJ*Vp9>HfI5#@5-_N zr~@rnDwtGk$Q$FCLkOB73DfmA0CUx`>e*$Pv8osfncEP7Dfmz+x;Q9;zG&Ts?Xz8n z*`n`| zzL{^waEehp^EHN`g!myZnfH(dl*-_3<7WX(23-Z~bR>@`Wh_eS@K&?Vun2@ZHGO(H zSAxur!GBOpO9%P4xG?t^L8CFJ&evcwF%LfptL=xqGFl`OW0zNKXR41qdK^Nxch-GX zdwjO2B4W!V4G8{KkB@ovTJmOQgR=CrDv4Zd3r--R>JOnv$exbR-GUAv4-T8e&a3{B zvjANCk(2k=@y&Qz@gFr7?^sgdl1o-XbLYtHqRBtSw3~qn2|+)O^oHmGql_cM2k_Fr zvN;edv%Z+(RKj&@z0%cjfk2voGSOuF%@6YvVdIv^xeH87<(%ufQJ3%E`1+qDhfI`? zv~1z_2aTu+7Qcm6-KFHOg{X1EQ3gpz(nS=S7ewL&B8q$BXA21NY9`&*JvS}a(}68^ z_CZrV(~{J_Uc0T%_Lhn`#m9JbdpC88c6I)83!a zytG?AtNUfp(d1?FA`}`N$mKSV6<2lDiI4k`x*>jhEAG0X%?2`jua2eR`0W0!zA>$S@SR>>JMno`eKY zQ`&M|ptqgiVCG>NLtaZa4-(V3n@fQeuq8z3jvDzK>@We==s9l5#WgP_jtR~>I?q-C z-E1ajrTc4A6C}5sw;mGist`edz29k)CTigU`hh(Bmu*xiH>t&|grx`Zm>-mQqa2CESG&V7#|-|k5t#Q zW6}?uf5(Pd(10;h0d)*2dWXZ^J-&rR&xcXsUNoxq^OHNKxL7tzPbOsP>h6XCi@Dc{ zW!PFn@pT_DW}~7Mj7(|fu!;hJd*GcgwHd!>PJic)_YZ zU|g^$-xfA@jOfLR)qd{s<<=pEeFx5}0Ls0@K-`ixn!j}#6;AkT123AqFdk9l6FJ|tg%kq#Ss@zZis51ObFhGeDPZ7x$#`o z(;z1~7?-fQcHPe%D#CF&e3OvoY(Ao(@j9RP_9FX#&FcCI+RW=Y1V+bl z1?M=|ggoyvL|{_MIQvF_rNC&U(nMxIlJ(ceVJXMgFK^`&SxB(Bx9(q{b?7r^W8ywo z-ZiXwM82_WoXZU2)0@e33MqU}WmQAbm<>3~D`3+_3;(POFInP7aG|gy%Ix;a12JjA zL9(~H*vUsXA#}*{e81|dBYPR>wh-NNl@4?Sy1`~!kD&!Z0bVWM`!d3>3W^-V0$JL3 z;FSfSzaKz!v@a@Kq~u_$`}GPWYNNr$dpz>rz?w!B!G3ZP)>Nwg_AN#P`9kDghtZ1l_yGqq^AnDyIAh9#!TQ5AXvp@+h0MH0kN$^D z9Rp24r7RKk2w35~@bpD?xC75hF&~3Jt8{rxlmF8~-ni}r+?46JyMV-7lLZkGH*jRx zduAxVae{KH3FDNEhjB=Xs`z4C%%E%^zvG3COji2MffN0C2b?K2GlW3ym_Q4j zz}8oJLs~^red<{kun!9ia_}y)ax2gbV1AA@NAJiVXasgU17~0J($k|;OzpYZCjn!$ zJu0BHQu|#k8bc~J`H0rJ!|?oaL_nbJl$C>aYgg*;(tEAzL3!#0 z_6^mvtKaS@My_>Zyqs??e5*2@%AJqE{WAKvrsYw-8Ui&1#2q64cDT7D$ zHVdy>NuHBeol2!=@4^or#q+bf-41Y-^YsGVyMkSJXJmHbBc0h^It z8sI5&8{i-hrs+@EEy>hK(r|4PC@D5L)8g+}N3R1t4@YRa6_($#W_vQvVOpi4n3vth z8Ky>MFMFj(Ilk>k4wX24G^to!2~FsD8)}MjvHXX8UB$Dn{U^=L3Prn~;(qUB##glU z)R(|I-I`h@#yZC-wWieBzLx`ICT75todHvJ`RcW-?C9@ID#1g^sb>j&>AePM8|QRo z8xzyOHg>Xbnn)E&)!*`jP2#mAyrRnzTBzG@$xGe4@JJx)Bhj=jLB!MUn;`aJa?MmN zUQK2bbM{eihV3lIXLG~Ew|xhorm?26f?M}qEKFS%A+EWcpn08*+XKE3BDtN{biH30 zS*7L1RK*4pjE!W*SH|DlIF{{GP`JPH?HAY*o`kyfUJh6Y{MuRzx)@<;%$lX*lL;c$ zswB_Nz3(6X%^F;p^heHU!_3Yr-d-Zys2i%Ss8ef$ZYOPR!GGbNvdB=|aWoNEOH*D@ zL8xr$dH`~$!T$f2n;O+O5;O_Bwk8u=J*36SN~vGC z%4Wsab9XIt<_vm`kqw9mr}gBXGcB$C0K=W(lZ+WeYZp+q;UDcZqT476S~e#kf4yu& z3%6kv9wOQid55eKoRNn%K!n)%!`|S3=ma$LcFfOs29Kh`_i_0%TjnzpXX1q>f{9HQ zz6+>L|2W7Wo)fiK9c8V;mM#@uxcU&fPby;}316Xhi=mKlY!$#>_9)9vkp#7XkV;c* z`XMz#SH8KkxZU~pSZ-r7!2}rRy^bV7~d^@b@t%#W@{j9|Z zbTMpFxvEz3Hi<-e?PvI?1gUU+-k7)RUJBCX+8#_!X;2OM464bLc4U&4b}U_F^xNp~ z^^x|Q9^2l1&l_r=v_Rv7_UymBvo8Js^KGnfYLJ_-xz;&+Q@BmR++#SWKkKG(yh5$h zIc(E6)r?MsK{km!nZ%=sfpu71z~ldms&@*qrD?l%+qP}nwr$(CZQES!UTvD(avrs%G9}T!Ri}O+Ll}fhoQTOnAlY$JPu4qOk%Mrcm!|FG{>nJBIiJVMsJukf?p0 z@F<$_C@LYoD1G5jsaVx2|9&+xYIoBi8fG^fS$Gza}-WY-q4<;86u3|9l z{Q77g?wLctV2<$?Eie~VP@TNPw)J`v8IQi`c(S|SFRmTqdp9zHj-XZ?({lK1ZE#@g zRRG&b9W8Rzzz%wF`zd1pf)sj;!o-euUe412$%vegEl8}#g7CQj-=H(oQ5!J&BS=tM z+I=Z+gfZ=V*Cvs%Q+R-IYHA!c0D)>A`KYIdyEs>*ak-CHBr8Z@70g^fJq+{8Arl$4%H>|19K_s_qhB+_^KVwLGZpsNmd%TTUc^OxG5#xXoI z!`H5B*=>SBYl~B-LYt? zv@}NUr5aqhO1SG_p9cO%Q5F5^r~&#Of7-ZGo$sfX&k_j)i6|W8)1%H7a-jHDi`*yE zh5mt)jXkIYaE9^Tiu9arc>Rzk1F>mNtEoJMLy-()S~U**Q9C5{gv-I~3jh1ZD$Q2^ z@zL5)0O7vqx0GQq!Z(P51lBBqYXXkEs%Ahhp+&EZ7M^87 zn$|VOLEz-4W6e56qB+Pp#M~ranI*$vS+3&(v6U;d+H6}>L-`W7G&q~`p;@yWSOpaO zx+Hih)qo0ErO0>VCjie=@w{-+j}!+bz&6+RAh~H_94AyQ9@>mfF0GWpr2uR8v{wue z1y>QEbPFRo?50)&jvOm+J<_CNvUk`Nmr!A@|D5UrB5@mm_bd~s?k^@MeCsiw?pib^dp936<}s^F@LuXT0)`h6eTu`|A~(W_}1*VZzF_y!^8TRS+J z(e85pn1tdi>g8Aj=T*0mQc31!0InY`-kp02Ak;>MI)5eAK~?BHTFnyTsFB~^uurkJ z&|iv&#i%A=_sNYM!ER(u28A+$Q}uFy^wJWuhMue*uQqhVkEI_sTbR}~MLd=U=VyQx zl+QCorzxJh-M1vOE*pIbrDN1=&$*P_-Jw~R z_a-M*x@R8!XM(=wig@*=ayhRF4R(Q*ucBl5vo+>>9BnK@%?Q476N9$PM?HR2#-R6$ z(jcH@I=)w(9z*N*UKB+Oy=elRFEnvzG&B0I)>>yOPK*@lT?Wzbhd1~WcK$AI|BrW2 z2hd|Pm5ZZ+B0Cd4c$z5eh5`qHB`0QPh&UEpcS3toAz1)J7rHdQ`le zHOmcKO)&>XZ3F6^_wC5dwYlMO>_^3}>9TpAH!|e0u1v>CTW6>51KW$PVVM6qv~7py zeq{tP4-oHaTvFE)pc5D=dchYP{WGoE*qty!Pa9^UqKU%LRrBIQ4i(VMsuVGcwpDm= zcRCdv1lv-{qj)sM1KE!r%(J%CQuh+Uy%kyn{u#;KdOosx9d&fp7h2aoA(dPOe6tsY zag_~Fd4?@&MWnTPrzN8q?^!&?^6wMorH5+^N|`^0Ugf!={nE8;sm2%;IO|j@&}JP> zOrhi$uM^m(Pa4qpuOME$F$q~vBH+PHN+FVzCVy`|4#Or`5wVMa9a#bH!JkbzfWGQW z5D7sH63)|yBs(^1IYqBY=TqRYxEXZNCa!xc|3Z@rBnPNBE!!$LG}!!vNrp8`bxm}m z#?>Y_r11VJPwD0gEoe*HSrm4t%<4fk+f|%yn6gV0rX5JA5@K@P^JLzy}lQ zV+BS~S}+fQSW@xaZUn|4gl@my!U@!CBbpIF^>{{X=(vf)#;d-VSmgcBCqXfYZ~|se}X_U5Z&{*(-iFr$lt`a5dP7WG82i1kUZXO z+Dg@%+!-TXLJ7sdmR%BmJEvng0RjrX1C@tcQ#O$ZxTx(fTbjywRA)|r_JQAZ>>;}m znU>qjM{-uW;`e8P@(j2d94vNp#SaU%^R)b80F~$q*|M!o6D32Vvw53!?CNR5Vyt>$ zSI2jgC<^J(U8_yow>gC@$fZF{!kOG~#hfQ>v%My1o{e2jI1-b#37=)qL9X|N`F)6J z=2E4zHfzcaIZTwzusYxB>dgKMuekS_po+;SgUGSAnVjm#_qe4ZRCIr$3ps^doYM|s zm*^9(5MlUbcy-)zYRx;nD3>jOk26~-PN6K&AIDP2fP!$Gw#K92Yq4?PZ$3JJrS+me zNI4N$qoq^}c8K>4pmR*(G{MR}{EaH0MQd*jrz0D=1>*1NXRMf}ivSxMtz-kq|ao$E!t4e1~L_x38@b}(e+0E=pw6~{jn{{S+LXQaE zqhfi^p-8$Ty%=i2$B0p}2yX=8;4bt@W z@%tfHp!jv4OiJwN#*f4kA*nQKi-4Vme@?1%@yJ}8zq4P>;7*7BFh4&LZC zQkrEdWxMS0=nI`H6Ip^@a2m{OrfG(utR&Sd@8BVoMSFgFuV<^#V8dZB4-+eEUaW`PF%Zn0$@Wf6xt1em1Z&AIT+F!=lM0VGXB zG~i?a>b&qOtryp}qi`qC6l$1z_cXSfv}4kcC! zlPR8-sl+7uJ-07F_f=Phw@0t-D=*GU5klkqXKYHwFf=EAbIKmO_wBpamQDT$!1Znq z=Rf1+Sw=qYH=4KV^0X@EyBMx6GIL1w57Rjj_G$rRu=1X@%ucs|GOy!Zv*;2+FYa<9o3J;-*3yF3$>GSSp@f$}S7juIP;Giq;)1`gCP z>y)9)mT4}y=i_is*WnAda8M=fHbgrBt~^J0dqdiD%$+Omv$Q~*b zSR!|>Q@5x0eld3q==y`~t_kCY*)79W8?!eCuSa~ z++D)~jCW`1dm&Wg#@LH{+c&^SZcl5@*g-|^QXrycb=m$s_b;a`2PD`iA}0i=^nBP@ zwD;1uLOcnu#*`n&-6I~5h&LD$t~~}U;V4{J%ux5vc?mhbidd}bf}!S0?=S2k!arM( znyb1wV+llM9x>34E}|Lw3KiIkRdV$GEg`= zY7l!-C@PxFQm^L)QjsCSLRZxoPzMBdDs8Q?t6vHUn5C@P?k2DC?AVqWXkXzhio-LPNq$|YftKQ& zhcf|f06f_-il7fR#7m@yjK3vJz5KS4xn@y3&zHMVPPhn47dRZ6Vv{li9s}C|Uq1_t;^ePR*~(4hH9jznA;cI?yEMiszce zaK`t#cE#v4QEcF5{sBlv-c{xTil`YLpiRzVbE=eP1rI( z)9-4eXZL93E#OgAoRV~;;Cc|ed5+54pK0>cfJ~{gHrB_byhR8x9z8cdP)v|}0Jv@P z2JD%y1Ur=y(>1F6-K&aE;$%?RG&KOcE%I&ZuC_=*3#Qan>1L9yJ`=}l`11EoTHAT( z97eTpB5{RO?;azd#LCZG;WonAzz+ueNPyg6zw1!3@1xds!wjUrEL%u|s)eNK{dHNB zvFtM3KYUP}{^8C*1t~*v{HXix13T^B3E3L=4N;(h1|=OBw3m)*R5)uh+@ZEWS)8d= z?`yHxe8vr+N)QOtKTBdwa&_OVqwmfmEPXTU(UxV_dE*uoF{v}O!_Wle>JBYJ(EnwLrby7U;J{ zwdH9#FJ&qQzWRM^+tN@$$ODGp1Ig9(1!W)$3PP2`!SyaGKCt#E=c7&v;qGRl=7A`E zJFk-7U6BtX%xz^pbHZb7=M^raj@UX`P47R*ceP#e*T|`v%F}BRmaEq`T@obk>$z~u zpyvpBY;-8=m~*0&+8LatekT7?m;#P~0uS(PFFg_TiL$`fkMK4?6B8CjLtCc1%YpQy zfr;F+O|!1o^4&$jEswAMq7H_JSJacD6X`v^Bnf zEvruA%FX_pp-7Be4l^zttj6A9oflw2P&O}S57Kij1F4|eIt*oII>%iZV2DYOODeHI zsGFjTsxrnr1OO?v86^PZTptq&8*|fZPlkh->_6?r(*Kpd%)I5Nv`7M(WE>s3UWZ<8 ziWGrl7IHY%Q_CeIHP)N(5V9WTH$<9C;mx46NH5!ip5j8v_};GfT_64)1HNAGKlO+f z#H#jNjXtDQew2?7*XEClSugpYu{D+t4x8&39T4A9IH?GmC&nd!>fl1|NI3eQp~o|z z5991g4}4YuwjTi8?QO-255foBEcGVh&GQ4JSQWT6L8JJ&2;lZ zDXb_5dyIPNl&0CvcRmjRQ9w3fz(iAPkY1?Glu-2>Ytx@~EM+aqy^u--$i;>aD7%dw18ZDOInYWdbQ z96EeyuzNVGPeHzIqvG+h&QHN{$Pvs9$2LB@xIf-p+p5xi28Idy=BI4^Hh3fZvfB(thsP*vB)iIvGceG_BtJF}KQ@4IF&;DuuQ-{)9& z7S*Zx+ZBw2b4UR5`cXtwz*{wA{p_ul(#RvOF}4##d++6h+aGxe27;1hG0A$OA-!5b zSt&-yR1NQOx+CnhU}*9dF$-@E9R7H)c%l>7K`73YCxsBwdB^NONs{@f0NSKO86q~( zF~qP-=J4wepZs9Z;AM8v_Q^9wZ2D zIdv8KANu9XH0?3#gu2#)A%)9~4K}*z*kHPLUN1yPzQqA*+t***$&5?e*|qN8APg~r zHFwI)K;HA)ojAQ@4f>wAL7#oUjq@&&EZ!Or%eDNnGi-Sd^>jx0o(fUntCH#B02Ppe60m8GNJ`4g#nq=&(rRBSM8Ly2oYE@C~p)7{F$ z#VQsN;~t3JpB9tWUYhj2$xif)T#sHMWgq-6c+b=q$rhyxhya$|a9R`&yUW7Jbz<0i=d@(FW19 z=5;WWMu7NpG)h+>J!_JU5T4E?2=6#Fr1#iWe`y#i@u!4AUl`UAmN1W4dZhNP^B94V zzJdib5HWC`_fAf(uyuciA)$BpZDeo z`B(Fj36R^i4T(rJpq%l^_Uoe(dRfvUajIzV{at2U%bZ5v=XGaJZlayD^zX+;TeRS8Banjn`E>NRsDqcOHLX*n?>9{ zXY95?zx3PH=)-6B-+N^T)EIaW>c|-bpMRh7>xQH6$uIrh9niwoiV7V zt7SM-(vRE0Dc!)?>3_dRd}9DvrJuKVA$&b0b1Mw`~2X=R^E)<|J*| zwRZQ1NgHiwtR!YZiF%Tp*i%ELA@%^;Po@tAS*40Qn_wj=l~v?x8X{+FJO#~Wq3H`} z+j)467eDpq2AQ}Cz7ekv0HEz>DVMR)Fg; zcj7w~(k&>eiH3cf?{n#}N(r_&JV0;(M=y8gLrje$ZYS|$J>1J0QRH=75q&O_a;v}> zf5NIsi0N`)6pTC9hF_ApE{nifa+Fy*tYC9ei7z@Q7nk=_Aw6ofJyO-it18D?GM3*u z>OLP=^c`MgA~lXXJ*}8j^i3*TpL${r``ATRoN4oetGd+TFA6BTi==#fWwR#&Y6uTY3TZD`PQ)ord+jQ0|0=^I}n_Qsy_F%mq!!>rK0YQd4<`aO>q zhu?#OiSic=_}Z_@E_{8LnQfP>Vqq^I$4Bg{Voz)BiMid%ZLzUpe4X*B!QC9QS%!5( z>~gJ7Dn@U?aBBJj)}^CQa|vj&bmeMY^-0V0rZA2Do@`aU6SrareJt927GXg3&FE$+ zV%=BoVh+gJhPUVUDlgfkP=>GqfLXuA9z7&jd*3nT6`0zE488`Jpm3H*%c-H^)L?Pe z?jo>)x1|qMNtv3jf9KQ)a5$aO3F_@>``_21aSlK@m@1U^u4fBPS(qrBl9jOEKA}?9 z3$&t$U1z~4wDeVn5Ph33=%1I>af+6o)r@S^v~VafV3ti{s@hJUxN@)Jss}Xq52%^q ze)Si6QMFSXg(qgHBYRY_#)n0`7o5v8eokwrSn*HD>Q|1%ID0E$n?2XYUze0Rv1OoV zT_~EUP9&0-nh-1DIBVuQtYhzM$uY)MGRrfL*0OjUk-j7oqf#jy#Mp!yajY7CUd$#g zBN(mDAk2x??gm{ydGVm9#9lA9VkZE@Mqe?GS0mc^WGmm{j#oSDTDZyjJujUQRh zw+T?D48fK8{RMjo>)R7~&-dX9Jg@lEh4vjz&ih>U4fEaE29@TCB+3X!% zx>gsQ-0gs+N25&JT(MZ~bDQrRCFgP2m~xsL?{JpS)Wo`iq1<$&2_!wo0MjeVPuxad z>PrO5BkDw2GlS4I>hiq{^2Ga=L(zMa3}{&Bet-kTSIvHgiGK@{_~xbKvHP}!PZ4?& zTM3J|Yr;ioy{F#I^R8QB6TNsvy(ML3`v^SC0p-fZ zxT~G?rXr7d+N|PMZlzZ$BrO!B#Xqz0Z1(Y9wg#pO`Sh2dA!0#*Fu&M8DYlU)>!Go$ zfg|O4v10}6!NL9V`4WXkX#4W}GG*He2|zw)Klq{|X}vyQiP71^_=4Lq?UxPUAn=+HA>VTlgJ)MP6i^Wk-s};;zkjX?$v8*>RKD zAX6Kb!P7F?Brw)+`pZlEPJv%=G;55`HNgcmRTSJJ2cO+ZEYk|R8DVjo5F0_W}H*Ndif=qpjgOvr$myrq$N4JY#H~TzeY{X zTp>QaaTPoqPMZhpWTTE^qG zhk(bY4FYjDJus}Npz_s;O3XOC2&|SfW0^O8)P7~(v1F)9#by{dkRGw2)m;0*`jY26 zYzq5432oOSpeGyq=Qvy1d1^4f!%_6t6*K)?0GPQ{;Di2WBQo8TFo$|OElKomvd}7m zw9R0s{rqrX=G2(57+q+PNWxotyVKOYv*p%_F|E(%QuY>_THq6K)LF;iEm`{osH`CO zraY3^o*PbK)SUUyDstarT!{!TBZbE_N@a6!#mCdF7%0$t&LybtraH676<=WeVcVb6BXOIE82FlIqBwN><|0^mwwOe#m`!$B>{($s%QvZY1pKLP`pc zvyQ*)x`f;JJxR-wZ%%NnVfjc?2`DR(E{;ZJmD$e>)TXf09uccM1SqU_RYn$d6cvm< z3N2UnBwYVWBX(Z6i^%0^KNxj#y$N+OuQQ)O!z2lnr=p}l<(;!2isn?xis>(=ZnnVa zaY1u5{+YhH-3=)0mB~HkM$owSuZt=hJpRh?1oCYff@HpuhjqZT0x{3zLoi{9Y7mEr zv;RA*gH`^zme;#2;n=?IrF7V}@neG!W&!Si#RN3DFLE({Drb49w-6FQ&*}otrPFg9H&giNf>w8TZY!S9a^m@ZRd*T7j7NS6X#H zI(SMzU+v8W5=MMKjvSK(5L5W?_GSeqT!JTtkqGqteIFjR$~1p|SXV7&{4@^tVk6UV#{sZoig~3x zY-G~rUN;NR-5{Ob9HbOG8SQ0q_;$ohRpH5ZjRF*5wJ=f$#_`C{>Qms68rH&4m_KtP zC~d555qEa3Tcs=b<@J*EJ!D(QT6c0yY&X?mAxOpSHO>d)$ykf z35;UQtmL?FA8IgI^Zr(_;Z{>@p>VdLW6eL3wjV{XN&G7GDt{CIlTscx2Bz*XH-nkg zO_ZMuiZTNW_PGE@!o*@-k(dydRleYj2toVCmO$wZbDuCHb}%*xqJbz^Qyj(>y05Ua zxOJHc&wZ>U_$v48EE+0A7HE>;Id(qratPREV3t4#(Lu3CbvKcHCFN?oc$-%oynq%W(bq}JErKx9;xm2s(^ z>wXbaIF~!PrC@sR_qp_=O>Gi!E>6RfdGMC?Z${0Liu>Pgu!GixYrmeQt2wwJ^|j}Y z>t@`UVC&j6xFKh)jIyiLr*!`1)GfIF_12i+m^fCqAl!ncED#l1E-18f%oL;IKS~;hV4KD3Db;RRFV z;X3+4UAb^#lph>M{+h8-iQ3MkWvb`cP+$fwg0L7v|BI%S^Y=2))I6%zOohz4Mzc_Q z>^Er1JaQC&QV^*v%YJ?b>zKR9lS>%s&B-+@RrN|}Te zr)_?dcJVBkM6C83))Da=4_0CCzYB+3k@PA4X{&hNtCcZrDe^zG|VN(+U;XTJ$Ls<6Y2WCZ=|0uznzYs zuY*edUnRcY*LS@C>;8-X>pk?t3%%dZ`H}jMpq}4q`GGQ(?2&&b&#QJv@<%97PxToA-d`grgb_vkDY}Yfhp=r@{kE9t12%9(O&sUy~oSeGws^L>uHn|W}!DOl5`MO!p zU4<5=VH~ez8Zl1f#EWN>L00$s6z|MJ?U-nJyWr}2dkWA7gZ~%2L!;u6!nYK znSNmpL(RM)#(_PvGl3Q5ko#loi@celMn2g(?|<=n7u$e}s!3_NjD`7+KDTx}W_(NE zUzou`oUiWX&6f_(nL@a*yJo+%kKoPKwwmb@*I_n*i^EK@?(_5gJbY(Ih?a3A(%t&R zJGhxoNz}qDWYb5~po&dw9ht(jhNZgTp}lzjy3m4Kb9hC)<}&kx2}9$~UQE1?%A%i) zQYDQl!}MUBMajjkHifedbV|4lKtADyv`oM#^}%0_S3MIIbIE3;)tpX0a{)$|s8qEz zDfErnxt9Gg>+y{Gx_41(JU2>G74M+f_3fJCp-$iX%#O_l*af7>j_RJPI5T^t#a+)d z>IqH=TWO;Ke>sFb1n40x7RYHFe?oZ>CD^7grU91&N|i3ZP*!zHESj?opc(Mk4n^?z zkcu4LW#Aw5`T;sW*&1x<(qw{5#w}k9bcA>a2i{_vP;;-8k|7S4=RZe=yIF@tuSv{m z`BNStbI@z_v~+r#Rg(n^z@6*5s3(y1E0WZ7Oks;!u>u8CG#sAvwKRqXd_f|1bD5GY zGb(3->=-M#ZOEx^vK5uAT)PY^k($-&G?j*>=6{nIo~_&|uXeJ|fSm}=rGMzg)Hz>8 z(KhJV%8o-m4O;EfZSim`cKQ1PIMV*+Pv-vNQOeBwgFrYo2B`~CE-!bSW4Vz#Cp-XQ zuCwaT3WK-&)kY~|H+_&<5Vh6^iey4YE4p4YRwsz(u_vrQIUT@Rzw^X>TZsE4Z@0)# z*^%J=1jb$bF=Y^9u}~E_GW}_~*PD3>hw^W``nI00$RTC`$BP#OporA&iA7pDj!|gxv=o<`NQC?Nz+AVpT=!hzG1zY?P9}bQgC6r_Rhk>|h5RWtJ`bOR?>8y`@`P*2L$+ki9I1lh+ z2LJmuyjJgO)xZ1oppu^KV`jvIkNHF1Ir}T=iob)Iv*zmr&D%fv%Kegm3Sav3rIHpAW=Y{RFWeqM0gwU zuolD02u6rDR;Z1TY3gj*B|Kqy#QqJ6tED#Ef9blR9K(8#>sQ(1EV3#@mVLc%I#*N% zGH+Cem7%0bJZBJZ@YaX_BS}4nnzPEUvez)q58jq|T|nbwBnU#-#D@XzY=$CUu3kOy z>WlWMJ4Ttqp#yL8eb_eXeDuSksFaW7pRY)rS(os%jnh1P-8tvIQzIm_C$#`u4jJw) zEfUNXXhH?AwdS<7PCeFC1TZu7a7LCd-6-jMo_n>K1J*Gh)y~O#qJPZM)}XDw$_!;> zu_Qjt>{I2zmWG8P3lj%Y418P`-GZ{mMAFOn816&o{h^0p(O{s;3?Yixxu+qsKGKc` zA;6Tqx@i7R;k+e44f+ORa+EhZ>80`xZjTksY_E=c8CEmF#xTrN+=$yaiRUyf|93_h zr>>N41P+rF24L&zyrlT-!Nr&hm%DI;l0y&Mv%9eE*`eV@`%J)NN~{`tX3EQ4CrbB?x%RONkdP^qvXUx0A! zhYSr)e<=`Zq%71lH204U*jzz}fj!^12L19ftdHr=2UYm6<(nHle{LXFAesmmgCdmT z(xfkK)Kg97X`=J40FFG?zWvfjnE{eac9eTL4R=HOMd5?PK_x_@ zkXvcPOZ@?dvM^LSnh<)_1BEluW+<0oE##!K&TVgRJy$}_gar}>HwvYKort!<2}B6H z8629gtJZFpRTb4Dg;fW*KKP;j`9mOk6{yyckwW0&G;^E50bY=oJKz0BnFBV&|2~G53$bk0_ssRn zA1kRa>OQXcC;)-iE?gnSV0;mJ3_WGz+Y$i~35H2w1%tOd!T|vWYVGnK{cK(&6&v9v z)hvGneo*bPCiG4)2sa}fT6pe?nTx9_IGe)mS0lhGGWl#A;`yoV@p$6@Hkj*7{p(oU zPJY`VQu~)e{eq14IV&9JuWHU9waT>3N(UXjkiG>K)YiYD;&IuE&Ej#@ng2REKg{J$ z$y6)sm6E9s>oOHOSP^O<5 zp+3$VDMedpKoTunfBK=fuPyeHP|{1`9X}7Qi-@A9ex4NI&dU z7*U-JQZMO7!nH;?Z}^Qr4R!7f3oVn}+VUW?zdcwV&XqIR^$WZj?27dCm?63LrE!dx z>?-YDL5kN((%0x0%)Bil!k^csh`Rmd zRvLz|{kdl@c;MX#Lz>ZQu-p;XeR#Lne@Y?$kE^Dfd$}va=b2kIbdgMKrQW5E;qnCV zrrzikMa=|rB5iM4paYAmz5>dw8s7b~b2my3Ukv6Ra2 zd09;f60V>1-UE?~%ejY(pt9F8g<5HW2syP%=)}T%9zBjc*Q12DIWmNU2t zs{6l5{NIEyxzZC816Oa_a-ljbk@v(&1Qy3#g=)xzz6KCR)Eg_7re2$E4Vwb40nG2E zrzru0!Gxl=72KVUYUsr6r2<65km3t7?LyKiRFRiu%bY2yoa5AG4pF-y6rSyQ$ZLS65X=K z2(q#C0+Iv(L4ryH>i>_ricy5|mlbA+{2F?T0h<2iXJosBT|5rkyYOd6KG1?&XzQgy zYO8t0yLqJ^`(N>$Vk^FuBy&S|e1>3R85K@FL>7Q_h31WWPoN9{Ni+yVn$(sp{2s)N zOr*?yq67((el4IndMSO~liJ&a(@Ws=FX$+*&Y+&IEO)p*y?=edj<-$=59FwoxN)kmvT#$ifAOBx zaa`I+w0qVY?tUPqS5hAMxPG|PJSZz;QV*hjU=RKMU!Gt5KeskoKHhfxfAi9nzhCI* zy6Zo0aM?aiWWKkth8>xE*w2OfYF*b~hV{8Pcd~JX3J#IF*}or;{&lfeYA?N|Z1h~C zpX4ZY%2RHaqTI~JCGUR~Cm(caGI;eZyG(>avs>E9X=n7XR{rpi-lscIxl}P+f!IiA z@N^&2@HXACks~#`XqjetA}3yWQ{ONKg;oi)NvyS%Lg(1&v_sjyv#vauv7e8Zm8AQk zM-n!u0Mhj*{Y`fu?QuS=t=}g2_IVmiqCz3sj%^VUsuDS%@&i-W-^G_HcLqFo*r@A0 zCoSKfZ_V74sSBH$ug;*(g!}!7?lx7V>_>$_n)H*PkYn+&p8&=B5rMl?$DY~)E{DY0 z>Vr0rjg$U|sI=s48|$6*NvwX+dy1)PnG-B2YSJ{9<6+{{q;{Wj%b7iJ&zx0-owvb& z);l*x<9vM$M$anST$`i77IeS3mGRs*_>-Ay%0((e`oLcL3#}?t@|u3iK;!mR9gG5G z!xeWBoBYymPu@^zoK&uJKcv2gB0o#z4KQuG(~fgsGWeF^Xn|~_t-mBz*kq^rTp?h# zFsePmPR28x8qKO*c7uHy!k59N&ArWR27}SIW%i77YXK`|UDl{~IuMg+P@n@o@aX-1 zkWIV`p&sx&r1gZY8d-`Av1LXc%I4&3si>=kb*DnVo;XHsFH!=DXut8!iyVkW0i#Nc z>C^f{yt3F0u4X3(nW{vBL)3Tm4lbF*t2SWChvvdOOo)P0=nC2t&SkM})iMOP?e1wB zUZ0I9c+$1?TxaaPv`4@0E(fij7tUalgax?)Sr zK(ZdTqkP?#-%?^!9hFy3fO^ogrqHsPN2k=59PKSy2=5aCQPi-V!_6rCkM32oKT0UB z-dysmivsAD{v1k|-9J2Y4IlQRKW2NI`&Y*|>-qrk&jnA3udtf#X0k2$A%Wq;6{@9R zmc>uc7KIA90`>nWGW)4?SX%NUc+ae`iAOZgNLu2 z5$z7$+`)-evfxKzU{T{r%i%WDbc6%clvkV-&Ukr$t3`&!Zsl~RZw!3_>kE_4{-d=j5Gm`fv3kC>D zn?z}D5vHqmw75Hk>JvJM-^pWAoXO79?m7;nZsDdia-?ZDQP&tm%d9fl-oiNHk=g}k z=T84x_!3*fR?l}b$6wa(Y|ObtC4?x(SZOk>Sl7>Wg;0%90Jx@S=BU!|t=M#DB{v#@ zWrpJ|vU6CqB}duzju1(`hU0Zpxr@Bfw%bfNWtZ4ZARisW|LN2z;Gb;KHbPnc+QP^a ze_XEH-}F{i%))E+@6T4@2mABzwru}K?g&2iol`u{#Jh6}aq2dMwE=FL7R`5R^gid` zXeodJ9xgN5MIl0_)^WT!a19O~9E(QqPYYwpO~dh{u_YyW%BOwgx#;IY{+j&+mJie?cpN!4f$I14v=6p~O zg7>wD6QN>ofph3YFoY+IMVUbwWJuModw|LEteE;k>2^WwE6O*~Lzu*Auk1imRAqfs zB465_Mp?0B=Mc=Lx>g8g^qco*^jdK zz=qlC9qGdJz2l>aLpBD5?8(y`RBCq-8%@m}866n2Nm7t$JUU4sQmAu7RqM?wmrnd* z=GBNtrNnh@f24}-5amRat~K^{+Y~1*GFR2lrrzZJijhl1`G+>i+IHKjx8NA&zy!te ze_{xvIgMJxG(?AWAEO=<5SWQh){DE`XKh}xq(u^9B$rV#6HB(>vdBg|gCdH0HF$@X`^1cy6lQT zQU9L2YF;Pj%5Hkz#W1M#Xsg<$0GC_OF5Otghc0(VSgEy%kLF8;$W@a5jTh*JjK*rx zM-`(nXDEzjNGe=~D;nD}wn!x^h#SFXBpi(ykcrx{C4LX3hWAb$)iY0QVVoR7u?aRf z>-0;_(;&w)&XZ?V8ehz^a5=-I_gQ3o9V8k)dzX~@Bc=EjE7}LG%PV|e5!5U~1zbRFb@x*AzqmWS2iSK)Qk9Y$1`> zS~V@wFl~Gp1fPO1^-=lbAb;jbnOMY-9ppNf!%a)p1o1W1Dnfl~avspDnY7JtNvOL` zJ$)g1((Jck`m$7t&*xNWfJ8o2;ub~^_ym?Ife=SN^RP-+{Gn&7a)h^m@k&N;@9Y49 zMc!^L_Am2^HzB}V5g_2vtB8v>!S!i;jATTkAZTq?brHOOxKZvgv^$8df!?Wyd4`vU zBHaCb4rWJIy|Cth{TyKq`^3KJA$?=Y#}Roy0g1nv0Rw~yMlG^NDlX^j=3My-Ddiyg z`%b#qf*gtkzZHx>%a%CnxFki`iC}Ma7rZ7Bz+-Pd%$_)klt*v3t(D>lur<$2Vz^MJ zauVT(vt~!KXNc=Sh-FTe8TbV5Fw7n(A~Cua_DMtUm=peJY5wU*KV|Jb#_eBY}fJL72YVYP|dE~Gmp9K;g z{Lm4Qko<&uUUoc3Awqt{@)BTQn%gjZ|i>x;2R+!f0!gZ zZt^UKrCc?m3V$MO_31WdtQflvE5~=$65#`wr|$Qz&s|*lB($Om4FDo~^cQqSwR;nU z%@LaKnb8hE+Mb`zMX9Cgk0>w3%)c9excF1EX63cW4*-f0khpMpI)NW& zAT!&7U0I(z5z`j4-sDW0-9F$CHKnE^rASxTwZ#-VrPcFX3{ z&R!v|GXk9CMRFTJ9Cr&v-Q-43crKjyx0G_{M2~wP87wzi9^CCu{vT)W6kS=gwQI+= zZQH5Xso1t{+qP}nwv!dxwkxP475~}a`S#6!b=tXEZT2zRSl4ro=jr{m7eWNCY4z*p zf)!}*;vLWXz+;6bW(^rXp4W7wXUz4HmVz*VPH{0nSj%PSWUUfwf+R5C^)=|`x5P*> z^y)@%dpbtl`L$F*tyyz=TnyCxPpOB}x)kR1>-xG-tAWKl3c!VFUMX?>(+MAfE|nKa zPurfum&X_N@Iz!W^(rze1H2%dj;=ZH;&+91{rf&X@_y!cP(LY1w$-p`OGnQKeGf?0 zPUIy)=9QP19A5YfVDk_b4O|WH=WGvZ_AHe%y8M=(!LJMEZ%7RpZGEwFKJ@Z#Mj|nG z*$cSj(Riz~Hw3oF_K|?g&A@;Cyn&4D$tYJdpb3N&>_zTJElrfm4Rqz)rSAJ|B*({r z(I6M%l^(U=hLn~^H0J2hRcmtoi-*#8{Rw2>@vQ*l7Wo_%R5k4v=G#9fGR{LV%^se5 zVEl4C#22m=O~(6;NJ?;pYafg^#$4*td3EOKEUVq9^NlNwTaR-kCG6ZzMHI+-Z((f3 z?IQ(MyPS0rMM*Ujt;BmX546s^JNN{=UXzUC-vcky?|?d`jw1&cqo#tu%tPYQ1$hOS)*i2A~NaIW>uw z{YX|6c<5^(tBW(GTT}eAmaAg2;Sq4l9X%$4poNc$I#QA(T; zO10pMw(p{f?JWZ-b@7c*UgO$r`!Ncu8%8G;K6zCc(Raz$wuM1MQ}3k! zzMI^l^Fb$eOZ&4&N7Z7BNh$KAYC8~;5StPm5PZ4>uiJ>q2=aY+RH|o?Qb}QECm))Z zOlScRGG_VhHAMD$b4567@BilVbwBC;y23k~2a{D!N1j@v$Y#bNFUMwV>q-3pUje-) zt)O?OO;7|q!<^3vP6>jxob$K%F@ySF01Oue zs+NWY5_x6C2ma@cy*#w}AAmjX@#*oTf`ts3k;r;l>K!zzA;0`@fLehBEJsx#pkKxi)W-Z^kZ;+U0X)Fh;5*!Uz}Y1Ax^_6gidx+Vz+ZdN&~Rffwc#^*KX zDK~%dEp^`9xlEmA+LNUr=xNblwEI5_n>VE9qq=Pf5i93fFD$AULl|F6GNvR2y|0_o$EWi5!P@h}UkyUWZAIZt{=o?LVu*kN2>jhBzsCKYf(7jbk*#K-qxPb3 zJM-YL$##;dcI2(QU|=0KtfiUu&Pa{y-y+|Sxqi8ogaVgpf9f7?5L<4r=e)b6ra|>^ z2_urC3xP)j@q9R6c7fR#?|eV=*4)Ah`2HT2UrklZzpU-)>hFZnl`Fa_H!%N3JTQr2 zgF`4vOA!OKP-tn7yl>1ITU)njWs0gy$4RK!c`gdj$MeY*KG#YI{?Gw#l zBG0ZPU@jaGw6j-Aw}1qvcs^A*_gl1iw0+f~4UT}>YNJr>YeX$}3(3R1(OlPAK=Bvb z5mham<3i;_DMW;-9kf1@(tl05wcBtVKU)8Eeq}>wgQfd883N!t9mfUxNeuOSIW)~f zV;wi+hY;W-Z+7i`QJ>d7IaUd9#g@&RckGK#c}~ys_7_Hcix8cvru75!ziCcq~3MM(#=1sYC}U3ocAC^03^cf4{%e7adiP-+G_k zmR%fPr{8oW&QOc*jJ#Q3%WiP=ahhf0$RE!;{V%uwr$z4k(|+*#CyNlF1I@&2ESKez z0LUQt@gxXIVvKVeC|H)8RZ{OL{;{M&ZU*!bek;O>vqyU7s79k1p4O5hSt`Y4R1V*h z?CJ{^8u8DhIAr(oJ%h0h*v71sSQ>#UONZu{OM;x!!h=qayAPDrwVKHa1w&9fe?D`+ zZr_SjJ#QCA!UKJ}NpJl>GL&C&Jq-7YQ*I|3L$E@q^v%)l!s!QHv^?s(8v2 z7;-9s9vOnE*p}4lI(cx|LddMq7qfHCu?#t*DG07=iAaY@VH8^I?!Ddoi>H9-g~m&K zLs6#*AQOq<&O;nqpK!*kye+&~2Ek-pkkk&O(yqK7C_Ibe|0jV#F0C>75F&J}J9^2b zbNv^q{-L&cOYPivXjoAB*%8gxfPRwkz;;2#-Fyj!ryMp%{XaN~t7#@D9u#m9tFNgv zq{ZFR#)y=&sgzqFt(9Z3ItwNyXh+>tgV+&8e}ovL^OHNqg9@8fek`Y0s`(m6osaGt zAX~`DshYME5kr}`<>KvGXQ&%RGbI7cI0HDtdw%zPmT-Sa@iEd?%S*aCp)9mh$h-%P zl(FLIQ~F5mnrom7FK`rms?1p=*M!s9JpN|zZf!MZU9t~I!jSy82Px|_mQJ@pt~nj| zOMbvznewQ@b6(Ay!x6lo#tU`HK#FQQQ?jipN(vV*1I&$ylE# z05HdrhSImupt1+kgkLBPzTu(s2NXqCIpBe$Qu?-`%rmPoiH>@1dZyU5Sg~gN&WA_< zb+hT{@g%iS_D@>nQ|MxA#U80sEKOq6AR1%eiG zBF@C=rJi*hoAp!I^EvxX{x0}CB4&wx9aUOfl-ZiPn36E)SnO6MrgVM?hw0xZaK=rW z!3+$+dlQ=}&xa?(AXTVvpj_Q05$}AV>!tYv^p{YKgdvggp{EUm?}oR@6$-CW4`s5KWt8*5rY{F8Q@=9 zZY}oAG7hWa2}%CvkQ8vm&GyGh#A}xxnX5xdr($$pe*-hN%J=8j*D0gSO(dA?I5*S5 z<-}wu6{H529!E_m-nnsmzAz2k($FyP8Ye%wmR{S0tWHFV&fYX&Pqg&Cry$zqOgNZK z`8f4!owm37iT8u2xKdxEiZ<{b7afcK))Jg0qAo0{C>Am65z7l^3Achtn8!Vf3v=BA*>}+=Rg#IQZL- zhi+}du?ss{^mxE8ZpsavOTYP?pkJY`ngphLS&Zfa)+-5!0H>XismbJImC(3hufL*_ zQS|)Q2zSOkAJX?S0iB#?{ORj4yyQX{RY&r{s@cFamWxi6&lCBIfqS=7USb}naPxJ* z_?KjYz*qVA-}i5}aRzREHMzPuf!uGGmtpXLvvBo$OSL`op9C>h#aV~4T~t*BC-#DO zl4sv78c4<-X+3&(MZrH8_e7h03*Kk!z!eva#v*=X)0o>-;kx!d~N`_k~L z(WlQ3qmQ){ZNoP5fX`8QI1_|#h!>>}oNG2ySTa@$1K(Jzt`O3dq@OF4QPcvhYzel{ z2Gf6Ht$oRJs~NmCKx4LJVIaTY3jV1|$dNK5pK(gg_CA}MN{@($0d7;Mis)nhb&U6Q z7)UENd4L+*GP#U`It}n|br)G=eFb5`?wF+3+~D(>E9C`JH_|BlhHN%fZBphlYYRlq z9oq+cGSG;N7rD5352Ih!P`Wm`&Lk31k)~OLJDglctzYt2woKC6004V3ND7ggsYB_`_W{}K}_0IunVcT%q zmZPM|i!e~i&fddJ18SE|iG+vSuT7W*tUO?1Lb(K62Lp`hrwgg6aP2+UARo||Om?2T zWyUT68u(Vpjb1Ej@?)2~9N5*A#!n_S1b*)SvjEW8S?Uu@o-(OH=;!~>o@>CRNzJYA z*BTMmPjP-?Kdr%c7ts2)Yk|)R5$Oxc!I6jc*r3s-&?`}s$hx_7&rL9Iq!o+Y!NL7v z6f~H3R)`&6*M{WbsRs4YznQegbWpgv*MAWnsI0dh@19ASmbsU7zUYPg1c@(tTb`Tlc zGV1%9q=}rg)vVV@f=#~t?@8>huih?&8FZ-PR^ zvrHWn1b@{97NuMYWsE5N)ih=B`o(#TCmrcN*WdIo>hHJ(doaaxI+OlbB)|~dtp&hB zf;}6ZL0c@7n%GUXDay6W3w_1o;>k6_hD|Oeo=s+KGY^?bI-Ws-IQi&Q0qwNhOS<{j z1F!ig`dB3@BmEca(Zpqz$myuz(joIqRH8DE4|QAzQhX;|dhUb?A`8@ zTfn7Z`kuLtkMVRUqY(|BIR&p)BVhlDw#hgPonC$eG(Us^N|g6v7J3Uu5VMV~E8 z8`reCj6z#({*Nt?)bptw0_H?)1RpP%*DKVEwUY`ua-h&r+3VgYDYEpa(?iyoTiG64 z%COcNLSv4h{O4|Wd)oAxQmRm8`U6%wg2*M;8iI(Crs+*Jq~33%KlpzxQ>gwFFvg`n z*)9fPccT)N`~y!T86tN`-~odF0{wkWr7pO%PFTP*27gD=UQU|zHJx}4LE}os4s<2VNydVBMvJnd7Z~RrX7GpFl~?qJvy2?BCiy$*njS>u%E&d& zi3XZHJ^$A4&Ee~;8qwKF3{}7CPCP9E50-@FPyIz2vQ$;hcQ1=7t3FSZea+g4hznK! zWWaR55HKl=s!<^@8!2qmQ@Gf7#fe=Q|2 z4a%OSDsrf2d~e5yoi<|n=Q&Y4r7+MlE~As|Edb5BkEm>qfNc4pym=npxT{-zzrHTg zeEvNVSu)?IAawjM1k`4OFH5G*+OuQcy#v~gxlXb-3$xCzjLy_86@~iU*#rN+mNhn6 zY5JL5R3k<|L21o|7oSA-)!FG?%xbvPoJdZu^%)RDJ7Pm&CVgr&;-|^L!7j7JSDK$Y zlC!DmlU6>NnKGo>g28M?*=`3;WHA(x$`5HDk-Uilg9~rtNR7XsamrVV zR^5D2`Dg_$=?nH2NY#VrJo1b}DYPs1rdOL;@h;=>Tn7iZh3e8{bqoz<9gmYN7qyZ< zLu3dz90j4} zZvdN6;WVOAzu8@AY$I^JX&@ur*ySb+G!aDU&UX&2_Q5eJto+eR z6-bZ=a}sTn8$5x-0@tLxQNO<)PF41xh&^|AMiW%)R0(ds4k2ehoVoQf6WR8|yxWb@sET%k$#w9%yyU4Q=QqHQMljW*r^9KCuG`9l~h1fjv>Q{W{_@n=l!&f{49d2 ztHF(rfWY#oKc>mnxUWpf=Yy z39^ggkuxWUu8hsv{5DiuPv(A1h|z`-I}zzcuqi_<_v+%=<5qD9is+<%O*6L{tuqm3 z)p*oE-`{@htF5BaMVHkdwONu^xJ1cHMnB=&IOn3F)2!%A7YS_-N_!JF(1Wtn0fN(p zO2m%0X{&xW(fREBM{OQ2aPdc?Y5JT-B|0l3ra{J4sjcG{Y0o7DEEw!5UZG}SUHkT( z&+`SMBTeeCB0Pqs-y3u_J^C>_|Mtu6W$E=~{7PO#n@y*jtq@%IE+*X6eH>=j2Odl{ zE3dSa$|1)z6;!Wz%s>o_r3P_wkf)K&{av{_>2#8YN948BF>8uuE$Z@T<~<5XuDf5mC9Dc z46W4cX>7@X@C2lgtrg!DselPjr@7>m6JhLL6@O@;)=~+m%d+z@sF34&l^E>xZ&zMWj(8gJ{k znATC16JR;Vr-VnCl{$t6eKE$#36wv%>`Q<$z)^gARJekD!`mQ$s~ZiuFC3zbTQKtM zJw#+$k}!iz41ki>#0y-cwi+BGYP>9X42X={y6C z$pKWUEvaVYa@KUz0p(kZUSkZ6#142(9z6|ZAm~9wa}4T_OWG97WaxQyBT1zJyI!Ky z!{-yZr?lSHS1&N(RMJDjW*wN9;m^f(DLKM0&=*dzL&6+n)o2Ft;lP!H((MO<>I|qs-z62ptFt7%VY*#nXNPmg+MEg z#$E;Nm7VVH{y5cy&_j=}FxqAs{oxiyk1X1N~w<25f=$CUkci9~y%7_Oal%JbPmrRr`|5 z*wOqQo5q2t$J$uZBduSFXO$i)N1?az|B6!KA~E=)&S*E#de|)JYyFD)J zVqg^7VbsZE{Z9je*+%Xao9@q199k3q7A?1+m2c=WS6y%D^Y7-i>#xSVLlM7t@xJ{D zDZ^zjT_=NooWf9uyKQ|^tm)8FkM<;SoabzAI+NGAHX8AGaB31>&NJ1;&&Or%dSS- zBriZUJ3H@#L$cH2k0aUa+J3Y|(hwLBVhW@%stX*$#?t&FT=ej1tpVwNgw6Ho@W@Yd^(~<&SN0V%$vmoZB>M13P!sd)+=ez=!)uq^SXw=K*?zVKUlg5Ucw z+Txz2vcxyqqCn_hdE(FcvV^aD-|YWveo>e7FZ`6V>OVjBq#E`x7w!K&__OC<|MO4( z=j5@lbSLF93&rIC)*Y_Ks93AcC2rLn!RlKyzI02puX7xOv22=5uCNB^kjoe{yPy=5 zHC<*1Q$UW6@0Z;!l-FGrOK%~PNQUwG%o%T_qtq(uRyY{@W44JfNg0sDyN8l~7ac|(*=F)aj=&Y5a3wt*s&sjW-&Goyz}0KFeM! z?-K(x0}?2m6{|SWL$J1fQTB?6O$W>i^;d1l-+( z(piV;Z)S$}(ER%A-tVo^692b3#dZ$oie)MUGkuXhY{~y0LPa_s95euvL}L*`AhFeB z1Z$cgu1fbXl&Wf4zcoDJ4;$t%uj;9b#UQq~JA%$%c*Fi0>%6=3!HAjLN&){A60a{R)W=g*egz+x+jP?O0bz4mV9*;DPlEj;wQv5-Z0+V z_#n&6O_i3-l>4+mybC!@JL-Ef)^T>vVjLR}?)Kkz_7iV!Zuj=~gRhM8iX9e!^YnQq zk!BfvvMia}bXNlHZp#R5RXAgDTKAV1e^?7Q9mzC$d1UXiLtFX%f?v!{()pJ=#Rp96 z*0fDl!wlGHx{+9BSDw-96EeOnViZY`Nm&BI=6u6o^{Ih>*=~anz`=lcqmMo9Mr+OT zwZGcn>0zkY+CqQ|f8z=6$AP2CkmGyhTxv@!`xCvyl>3b`2m*h{c_bnix|W39bT%GD z7Mer2oi<k<43_oBP$t@3xwM$c!_Ug&Q7y;*d3 zp~!>wY*u`z=1b6`Vxbd41i4lfvk-X(X1nRN3a{z(@O8ZLjs~e26;ubI^!p~(^;;~7 zMTIE?j2!+8!LE2;5LRSR&8>-_-?*%G$y@~q3{n81cRgfYNyYQ0dw&+`!LfcgUlc(K zVT=gepn6>k%aPu2cV@5mv&rbeubwC`FHv6ZM@IH=i?<1iJ=gPPOK;=$hiKOX->3A& zHdd^>gYtx@iCqQ9RfM(|FAa=@wO)Ja9&LW+uro5*?CW;O$e!Nf+v-sjyG8emmCutH zDC+Zke#kP^=R+U-HMu%pp9cfuer{xe0Fe^+OnsCeEYQrp!!iJPh)LU(01;77;K4&j z>o$E&ODBO8SV>F6Gm0ueBc5vYd)rzQ$k_|>C&If4YlJjAP6dM-+J(Z&ufnvesOO8e zdaqXpH_641za1`9LVxakt<4;_sF^rG*WVE2Zx!<(dA!-47Q zL>OM3?}nWrUm_j%Ck)w&p^oBs$Q#zllX$6a1OKo&&N=j{zSKMxr20r3GmTL!vq6PW zq^SVjvHMkMesZkbeG$43nk zMLN+KUaie1+d}QiUthY6?l=SUX))MxfG<#$UN__4S-m+H=1;zP@jBeg*7rk`1?#;UCYy&~DZ~H32H8{1-feOqepv&d; z0wH>RY<8uJE{SJ=eb@W}q|L!$NbbwY+u2a>pF=p~vNj>(UG-KrENB{BZjqVFcd-$< zdFee_3LSDOfA%De@&513WO?Dnm*XND=``91yvetj1mj{wR-NoaX6BquLt#>z*`di^0|>h$cN=kn7iPFM#`uij+LgrGZsvPrqSr68nA zeoJB!e;Vza)S$!;9AfZNauQXk$MiDKj+A~y`gCf%CE$2>VKzQ6h`v{xp?C2-aLDe` z>q@weaDR_29RxIaq^~W<&#pi!j;vga9AY#zN&l1aaY~nO$>$QLq>&fs!T%2bL0UmY zoOHn}JEPl_WTR;sc61hk@d2qO#qgl~F!1;{MTPhC4{?Y5vJdo?LUe93kAk!t!#7Jq zyD_7pFt=%MS+Hq0X2Mwfnb5Sk3Ppp^%3a`V%CbseDFq2xtqZs%@VE!1eQk2zYk%{P)GV8(Ed1jWnb5(V*xFCpx8f}r zJx9D$j(uG{y$iav<5~I=aD039jlA3zaLlh_6^;@=Dt#?J>e{^e$Y8A5e%(RE{fMn1lM2w9_U}K_Y^0<;i zmnpSs2YD$w>daTif7d-MSOg_>_S4Hpam#o1#fHxIpSvdFx880S3R#j8-%uI1tQZa9 z#<^3C1sHB6X#^c^SQMZD%1AGlb0rQu>vitK2Ypb1OCeKaS>80*}srAB(D|@6FF1bhc#lp8#()I8c8byrcDmfLLebhHCoTAnH~yC-^q}ufZM9gWUs|sOU5Pwe%jBqEQ6)k1|iGqzs zEMKq;AGOd`yM#6SQ64hLNqAT8K|0C3g4xESOi6#f5%ooX8T06fhI?vIW#`Z_xsP%*w@=O$FaM|2P#(nbdJ-d^#U=9DTs%q+qW(r^lkTg zxw{&4H|^pGxI0#DJu&weHwp0y;WyRPN4fhuDYSFuND*26&KOD6>Ak+KeO0U({v$YO zaOe79{~^{ebLhK%r-+SZ%N#3M4j`+)ANN#JDL)N-4YL*P#N91DbyTa_2uo$lmL!+z z3SzP%i#OTvCq6jP-8eT$=iW6%!DLn$f5%h)ksAo=D#L4geOjBrTyVz23&yfiFdW1C z9@m8@41Vked!l5M9dYR36#Gsz&`>LH2(Ps&K_eE5!Xvgi7gCOA6~Qr{@oMjfKReaN zi0giqAB($MiAw)Jx#83JKXQYIN8kJ<6a33c`%h+9tI)z@orqnB(s0ta*PnG z(?pEI4L5i~0+3rI)%<|3%uo9Ul-*?!d`@>xxz@lSmTFoOkbbH_twRUkGO6Y!&;OCa z%8$KXB`a`M%zRiHFJi{lp!Jhpv|`husA}Bisb(1`F*FfX)6eg*8^{D$KOv|(ks#tP z>SPU|CaXAUZ2>04PJm5M*{e$p2k?XioZCBKC8){* zD?gk20^E0yl!XG#F{L3++_Xz=p*Gf1MGKWMOW8pR?e4K*i=Qd&#^feFoSgBiv14ZC zh*GL8rrC>lArz5R%F1|3`Zx4$yEpI&d%;S<1}vR!=|q$rHY)I%u=j!}jnqHx!jUSU z6_cm#(S+j|oK;gU`y}BY;#_UXSe^z7Kf3mIVQEaBj|3HkQ@IgcD8_2QV7M-m0||o$ zy~647WhA+`YP;+WH@N{%sI2Gx>Liiq8qX=L&lH6=r)YsFaM~c`x?PBF1#;W58nU|} zC8KG9s9-buJLrj3h{Ev`U;~gHr$|bZ>)yP>Y2iFEsAa-~btCB|)zJi%-!wThK@x!@ z^GKZ-RFPD+jrVd#Yl1*WOKPc~|8Yb%_AsIH5XKwzAv(x53*dv8@07n06>~B(3d)O$ zq0|xc_y+|gKte-TT5{4iXsplYXd3MmLGBs-l)D}Bxu)$b^ z7O*)xqaTJzUG?w_+uAvn76sqd4v%g~Uata40Gk{)Oj^qA9a}L)zzMZq!q5*zJ10NJ zIPsk1^SD6x6S+9(@DLLHiqg1k=Dg_hM=Yp0Wa)Ddz`n>NCG}A|))4yuXjqDjp*<4b zn%M|_gT7&3RS`FieoDFo`m>Bp$%s$fWf*-QPk?^|Iw}bn;-wFzj*}8iod6w5oh1T5 zMP!}TV^!QIPNb{4Er zM({{wr^3zlNFQu-8nCF4WW;~DhDV1bi@=5>PQ#?26YBH&BvjGT^H&A@^0ch|6EQjh zm7rittQw!@U@BU|$|<0xg^6cPB^nvo6pkey zl@s>??=LBFiWOtsKvgeuumMz{X}}k25~NBiDMSJkg()R>n91Bp7n4ypNLpzuhyKFn zM5hP}3eymX)YXD(-|K9)j$BGY*MP3^ zR*1tLmzxD12T?YlkpZfL3-@bv2rnzB=|0Wfw;<*x)XcX32ioVwtQ7ti>EGJ^m+~LD z{}1E;+2p&?X6yWM0Pe2-XAiPM?#BT*^M_AzW>E{*`x=W`0Y%iP{u8_EXq>RlX<&R5 z$&46n3cC_La_aibCqI7WAsB7RF228cz8wt>;hh(LI_Oylo4A_R69$d=^z|hxKsPef z)*XE9W;>-5;F)LG9GyI?*wzJl?c&&0rGdNC2W}T&)8boa>5E%{ZJzz8xf`a!7O!hJ zf5{=(zDI%C(gFX}vPOW}(grVYQ$o)$S%Bn=H@3Y)Le}nBy;Cnuu|@)WU9!sXHsRb? z$x-`u7M9|I7tg|Gv7-fKZ@n69!;)g|#ZEMDDBDitSVd+C=aiu@jy>%s;NI&DjlB1& z4$<5lF!u1i2S071QH{-J*cbB3A}51D+fXcywo$jr5FUVi(KCIQ~EJ{TQvA zgBd;t-}v<^g~>>>bh_ehp0o&Fc!|qi709?VvOWv8c8*CiS=qLng1s%El+r)ynkF~Z5qsiBc6oMJs1jKIe1q9t=aQDURHG!RNkvKCMKipV+Q6*^YhDrD%q)S7a-HideEt? zrJZv-zeE|b?=j!RN#p@VAj-aq5AgJ!ZPtE4X8fLylIy5m;p2`wpHp+{?#D}K-W8E0 z@@fr5!+VBC7}Emq6z%M3dZFqL`OeT{8Q3bGob688FqbP^Tpx4k&sk-bm8G4|!q=mS z7Sym0d5leCo0%K$MyZ22toP!G-9J5Q^kgznr?jCYC3;*;8f$bc`ldUD=RTgTJ#FEY z8)!v|i&;8*>!#3z7760hxuF!;Y)InCBh;SKU!r*v`TG{1#t|AhV6n>9iq_qIk$I_v zPZ;xm&J$^cFnHw~g_G&IZOpDVuo0eq$8{MPKr7uvyju{DdhGv&*%y zr!E<7E2LI$@Jr$yDy=9GXoo8Ua6!62*LWvV$4yHVM_;t68#tG|qYeX5@-~xOkr7lQ z(BiGmRW^}0pH&c0Zt~V4iVo{$2lTxtGpuqF2Al9AH0HZUR|a4iWR}0EqzXkzg1AVx zC=4G#(r$mxvN(Tzp3GGCAqzkBbVn0c>s0e@e~!vF$jFWuge`fti+0G<`|I5Tk`_`3 z;kAvW@wuyv1vzjVO{od?T>&F#Fb|VJ4`v$SA24Zy(4MUSMf1G>eY(g^``=~Rqe5s; zW9}#Uqx`G{&YK^K&#nKX0qljz+Y0Zl{}<~2ta$&_Kb#-h6IG8=eTHW&)QOlwtQ4!$ z_2g1_=I+4joHAF1jyMWaf={h$|67_39@nB2l!EBFF6^vB56gH)q=1G86#4jl$3fSt{+>N-Q zng&YOQ)29Pw5Z8&FZ^{GLb)dw_deH(eK2Ha<%gem+$dc@h*`sFBh5hPnXk60Vi!$T zU(`lfe!((18zt?ebJK#eibj)yFJm~2JvjYS=s*wBVh0db8xjdC!G?|c3!vl8`CfUJ zz<+Ts(Ij(0wE}~k8QU=Pvc$%5hq&(o3K|0XlCV%Cu(5sn#rxqF-hn=KL=h2N)$awO zh7t28-*4yh=C=HCDt;|Ltj(fB&Qch*YabhN>NXC&=M@L4ij7ZNT5*oZ20j#u_I;l8d z=B)eb8~a<;$b)Q>&w&h)gE&i8eEPUn=tai)!qbc>xj&UAG5fu3a%&Sv9ohy9Q&uV8bM%xx}* zINa)H)t4Q>0%pA-sEU1^9aNN4g}(ufF!zYdhRxEF1}Nip=Sow9rK&1v@D*3h2{Wc4 zhoK4Sfer>ua%s-9ts7m~_l!t2aq6|W8hW=!XxI=|e9{GC2~4oAL*_L7=>b2GZ;D1B z-Je16=O*^QdS2N7PzH2`Jq1v)$7m1t(t?zJb}oKOxvVLVsqR)lJy>h(9|33q{C7QG z!k8Nww8uN>JrXEeo*52WXxP649C+ebm{>ai*$2$NQHVCCS*F6#QodD7yy)3L8=nYP zp^*zFJ1q?_Oj8vim-!#-(cRqUHd8@{obL;*Z=SWkHqe1U$ckap4h{l!P%dm@4-3z$ zHL07J4N9~V1O21B1}#ALCN%aN|1}2a?cu;~yZ6O5sthJquwwW+w2p&NPP8+nMOc55 z&MDthjl=E`-iy&q1Q>_d`|;IT1Ffd zn;b2W?^}^xh*kcyLp66Bscba&`}FYG_t#**APe6>n`O{Xuw+p)eX z)^KdC!*~?6!MTmfJf`(D>#!;F{x%C>m}C9HQ3yx_b}8KF28ZH6%JGS1prQ+tTdcrX zx|5n|I3i#}jZc2FQS7;cfy{#2BQb-$e)LX;KIai!9O~39(t?!JvkSi1MB6Pscw#NC zoo7o#4SoT^1|YH{I-s$vOijC?q9^Zb4G6bmtWIwSr^b3qi(@bcyV>&t1>BwLUiKny ziO;bX4)1P%q($0`fRlVDZ<}3q{EB|hyG!QJc8|}&mcj9W4%?l_(S@~1Pm*V_4^r=# z>~2wz;%Cd}-(>tYuy#>-(LM4U>MpCmO(Zed4s_~$LWFn8{WhBW(rTUnH=@Y;<)m$Z z5nbkGffHRv-M4uOuGP7!!x20zuUif(cVuQ6uKYllsuIHe;#_?iGK>exL#}5X6+5aV z>~1!tEUwh2!*Ye8&!jY;WS0TL2_r|Zaxn8bO_Ub0snw1E>>kChRW}hq<4@kZykHS!Op#%bO}0P$%R;s@TpZ2p($KLdU!{?ZS?{{i;@1N{qssQuA9$N#{7 zWeNY{pYq3qBmUeIZ`eg!wBP#g!5^}(_g@XbewiN6i;_7i!PHpv;iXIB8Jo|AO&evg9X|Uh^zDMW2XoC?>@V!mk4nf)A)S$ zoF~drN)2TjBDB>hCm=*r1~}olvuu@ZE^~#u14P$zP(x01(CM$pMiX2Jjac%Nj=un+ zQtLwD?UmMFmaahn{YIG62T-9TbqQHEjdG7e{#`8=C>#<=^L9v}abO`e0n?|MVJUvl z1Z3b^0dB6a;Cq<@k4tCKQDnMOBH59{hsYl$3bZ~a9EVHV2=vfKDb{t~P~~C;6#UpH z^Jz#Wh8b*n-#ln5>+pS}t;Qjz@;m5v*+=CgQqX1~V)@e|6?+;e<~B$E@>*`vP}nqO z>&v+o1J0rgdM2USwk&hap%xff9v(OW_jxs?pZ*KH?Iyy^pOz%M9teW`O)!o;uc|;~ zmifXZ*E@6&!%y3{Iy3R#+8V2SxgzK#L0BM1XGSu5*a^2+R2R``)$5sOq zMW;40>AaQqAkXkx*e$OdYvT!vlseVMCxJJ-=R zO(%bLzYg{io}O+F_jZFG_4A4x7Lpbi3s1t#GW#UhGPM}5c-!2TklL%T#$wcNZ~uH_ z%wKmT(P`(AJkO49*0R#B3R2fp-e}ApC zCsce3-eSvtM(GBCeBs}dkP2T(z;8Jl52K3A!Cg%n>6xU2lXO8V=V-2HwT(aNuquf37HFF@c`~o`~zdpcC%u+W!T*z{KYKIEX~H*G6&w~cQRJ6I}qqq?3EAFX}kwWyr$fD%HeQ^hVuorB(N zd8)x}IzIjcG`~r zzp>pOnP~BKKVag_Z1-;Std82IeZa}*O$-q8eY`$lAMW#_335!SE&KufXt(pD^LTJn z_&3U90+9Y@)?KCn$tT$Ky@_C9bwuvJXsFz#9_Sgx5d5m>>A6PGgs6qntUv#@*ZcqK z2mcoQwFz&GI6XlNjTO?1%*LiHxzd-O!vR+tZ)ZS~+*v3*R2qZe-jhQE+N&^!7rC%8)Qve|p!yAT{+V?u zysM^}e`~(F9kN?8`zkG^X2M$-wmt_F@u6ZxBaqquxlKsjV&K)%M#0@z?|v5~1k(eu zmSI+-g8!@1y{{4D88UHRPB>I9(CHCxL(n2S4<`o%q?fZKVnUKaw6OpnlD<%SPH`0o zGv*@Z$#4Z!e}#}T>Az}b^o0L*5JZYZdsGKnAa48=vrycqPIO`Y=f&HD3bh*17n+(| zf83(~$d4D3y4x5#A}f6dH$8!BJt9}0q*ZcLG%A8Vvqn?PbpJEbOyJ`}E;6ZZ9ei5I z0Y|_+zrI`!$4T^X@5yZ-bN7$@x!m)B7y2T?#7p2!4Y_Dji3!AhT{_4zns;oKwff7X z>fFy5Os`Qk$CXsNLs4)EWzCLJ;#y^_wYrUc^B!!|7p4>sW|(A z>#bG)f$JU%iO#~XU!b()n6K2H`<`A>G%>u0J8{;Oaf5WBnhv%OupTAU^3lA% zRc;U^F+mEP<zVC$r`ZgmO-JTTlH$j+BO z|1+`1ff+=UYmRE=DdOIwxK)I2uyF&cG_yiotZ zXYlDu0v1SRaLLOvaldC(^Es|=QW`O#sjJeh& zJd9utIrI(u7hP=J=JZaU5E$1yd+AfSgO;Lo_@jW+#z&D#N)_YGSl%`@ybG$?dSJBB zI6%2+@r=lXgj3{6<1vfaIsX3(mNaS0Y!R!>6(tvtVIrea4tLf(O%nY$p;GcyUT3<~ zidpQ3VUtFvUq%OPRek77tpo=+3+u{Lk?1Id=4Ca`EAs&~jCw`Q&q+?Fijco`GC4$uywL+qd&~@8)lN4uF)b z`D)$0>P@QTq)PrXsFHtg?Wy1{-`jrJX=yL}nh<9tVfFs>8)cO+QedMMhD747wYzjS z!#@Jv4fv|o(e_!`one#>fQz(PMigmh()7_V@0zG`;c7IUVWBK1bh`<-LvqhwW$T4Br*Sp4 z>dEf?@>i{<71T&W6|`PxX2;gc8kpPBm9m=ku=+=HK#i=xTXa`t|_3#!S@fh@TI8nZ=FtZNlt$EhxN%RrZQ{0jZ3zwGFs|2DG^Oh ze*S;n&i>2)_kX?K$bZOxZ2qzSNBWP)f9&4;+#&pW!?TRr2ow9y4bLkDzW=I}B!y~7 zj6F!QW3-eV$EBCwOHnCyQ?ez03eS@sg??6FP?!9vHB}{BaS1uJARK*7^Azqw%RZbU zxYbPt2y?D{e{C$l=H@GMLW!&vvx1H=1MAaCYiF{ciPs+7i6MulrTe~q%WOeCHi_8y zEi*o>W@6T^!lZR-P++x=m|Nn6HXQ{xW5!4eh-rt47;(A)Yh5{R>XmYB{K(!5i2t*Y zLUg3qJ8tU??e~P;ulG(`S~7C}>9XH*7QiL73p@onf*p2$K}&!!i}g}A0!y9}s&z!% zmozuY(=3USWz-g$(OPP4Z0H~OFp|l0;prK!{+`8l!npMh4lC$}I-D~(1R#v?LfaXM z?6#XgSJz466rV_(PR(CyUcdUvO)3}p z3^3!CdVr`~G%oE_in29do(~0RE*LSNN0|=qKr~O0(S)TocOlhtK^0r^glt&33iY$l za>~DSgGqo!Wb^drX9>eH`mUVzFTv#*a|7dFN=K8n(JgT~qarNt>Q%Kt_r zz?_`>u35S@pEn4MCTUGo>#MD*Wi%%Y71MqL@3M2Eos!43kSN6+dhpc)+r2t%?L1!` z<*V!b)v1F%w)TN@zrYFq3jX$L-Z=#OZ&IOy@gTjn%Hp(}&S_d3)X;%_Q;H2!YgS2A zbu3D`(^0sPWSXt?ZiZODM3gDdJ0VPy&NAsNlg={fER)XCn43vwnRJ$4x6U$9m%i;y z+N)o%7Fj9@Bqssvpru8qQYBx26|7IfCStQ`=3sDDdCb;NJr%NhN-T^}a+dyrqODQB zI!CK4%^>fSvB73!rQdGVN;1WR8WHEcYX-5Bg-GY*PHbGPfL;+}ZG%DDqLWHM4vrO~ zd&Q$ByXJ+DZ=pYyBv{JyD=xOQ5b1mJ|K{W!@|So7c)(w-Fa7EM7x?Ax?qIse@9<5@ z)QYEMfhoH6Vf#8~j~F0F5|gvq6N=V|kgy&b*Gco4H{|#Dor0C7vXB0jKWysr?TLxI zE+1#*<7_sY>2cZum_3C&bD<1o$9uTB*@lfaoMk6m@b(#{ zZe78Y-T{v*a@$j8#9tTkz>1K8bg!dISQ&Iot=9L4KptV$0>x`zq-^c+3)UW3s@4^x z^=|qRMQZm;(e~1eD^KgIIq4J5hq35Dt)T;}tc64Nf;DKLQGGTnBu3Vq?bK1~S7hSW z%(p)MG~?GSwqnv(5i7$rX2(~TZR;uh3;mqJvbG1kgh!T?{Z~6=hO9ing0Y8{iXEzk zFqju$@a7vT40~8f*q85fr~vF?rC(pZ&!IxEhn0AJ={^Sy6U{3X=)1%6?c5ob;R+`A zi)Ld+K68Yb%0az7Z;PH&xR@DJN2jpuiQeaYL(833w*3;QB`|YgyJ$5P42c8_#4bFs z0bA5?_41(1yl0&C^^+LD|Luek{;Htb%uxx3( z-cOEX&!7HSbqqANT4_eByx;B@>pQ@~IvgV<53I}~yw((@bFh?ty4Ow6TUWZ9ZRe~G89?R*_j%=WJi>8j_@SZ?J&t1)UXecp5eq? z;lj<4rI}xH_a5e(f+)uGBoS3U93FYsdAx6bx1Z_@Q>_q!Z<*Qz79l$LrYAJpJ93lg zA>3(`48n>NX(G1P;?X6FK)ky>%15}oz@P3(64VZ)xH3;-?zB4-i7i|-uhGV9Tv9I= z+$pNqvdZq5lKT~{ZJj=F=C}PRkjL_#ZHkO4Pu`}Hp$%r{&Pq`d44VHi?E zHZ0}UCQ3%0{0OG~UBM8uf$N6^Tz)T_JYZmHorKA|^X?n&PcF%;S2nQ{qq#N6B8!WZ zoiwsB;Wzz+Kh~u}FuAb-n7lRw-Vjlek8A@eqMkSV!O15vhn3{NFbJcGTZDVa8(s(h zWRMrgu7gxS{V*%fPfmSHUN&mUYV#ny?5Jr)@u*< zec;q<@Nv$wHX~b)n48!tHvvz`eF2R+I@`jL*fDs=>=9@Y_N|*AF5Cg&mAGx`dVn0O zgOB63(fQ4_dA=3Txy9dDiggVs9;|_FFYccnN8IF;xicf>Wmil?=jqsyu?S1=;n8y%ksUhkpb1O2lSU`b^`B#qj5ZVF~ z)=OiPI^JI0-Mb*kfCkT9Hme%8SuduZaGo!1Hh7oM)&^yVuLfB8L{o(~>5Nl~8*R4<-MGM(~kgC0oR(5GkRRT8r{v4X4h?KC`Dw z{S*F@=(E7f6*1|zv98=lk%mhG?g{Vur5bS9oIq2pZlj+FP;H^NjF4W_?f7Wpz?5NE zX3&+{yHH8Nh)Uy;mHlE0L2DkztI)X2)OZ7fE4Yt}9q<`lE%zkP0?{>j$jINFvQb28Mt&7z|A?Kknleh#i`?GzlUJlh3==8GBcKE`*9ImAbp&~pOuoO%= zPGU4O5=!>dZ2NgwZ04Uv6j#$G5zf2fy7%I$#^9ZcjF3$JL_*CLA5GJmidg18EZNZD z_d5x5zHZ{7?$iu0F&Rim)NEgPg`$!c4Sv2asnK8pqd}^n1V_Eej0PzlJ=sySeZ|B_ z%@)a#QIAPa0C}_ZhB;%hI8n&-=p0n=Mu@#)Ol5hchO$e2_m{ zq30vR%$qIZ-q{&QeE9hwUD6Ivj|oMOpgA^Jz1d<}0b4MLz1a>3Xpf>x8raw2!I5#& zokRt_H`_r0@R0-6@-#9SK9XW5WIi%5zSXO7(>W9{-)y6U=Oc%`7h*pcNFPbo8*bkd zR3Aw)F7&<*u#Y5ryfFM`8wkm7wn(XqZ6t@qSpaQ|xt(G2hx50eipbp1>}G_v8$Y6f z@c(A}vZ`@>ih#i`*c1Yz(*+Cg7x z-)#OY-**ivHLk-(4rG)E05IfmR8fyz0g~K@eHT%i!d9|P<7cFP#W~6znP-&R| z!uNpY?A6Hs?_4EZNR7EceEXv*EE;w;RS(S7fB>?fPDEYRhqk zg>G#*)L)aAl_sj9*+EX$nrRpSgVwYkit;b!Y)xoE6Rv_6#qrumWC!=s*ta%>S<2eT zW)7da(p0bq+sJCf0|#azavXa+cV3vCd|_YJJ@;+X;20o2$<@{Bk^tN}ic86VVW6z| z!)l1(_qtz=JpNkFp4?=m0ZAB3orfkZ8TlmcOhxKbasyU|`WLYGeG*qsEUA0}aRc1#^|-as zSha@@$JO$%)vP#>G+GHWho0GbV7oeHvGMAGC*pL-3~v1v=nna>#*iX53!Y=gTpV2e zO=~3eBBk_0(4|8rHtgtYR|6lB+1gomeG;wDh1c-NUH!eHSv!W>{1o&gbrR)1@+?hg ziNSFugvM6IN5p&r@KO{XfeD6{m&Ptf>D!Zp?l|<~2)y3hRw6=o zd$EGhvWti6e`sE#u3Q=Jkpp(opia}(>{Lk;p06Sb@ZL9{bai<3Y~ddWw}spq*8i@d zh&|~|Y0@qmw*WAH4J?O{(|kv&A`u(3JY`I4iV%vrC>ed|8~r2gNS>)e?o=W7pP@po zvEK*x-wy`&XKMJh3t{V{*xAn=L{Q|tN1muuQK@FgF^=6BH0+1!SO%Byt|(ZZ_Dqoy zX2Bge5p;@@krm6~fWpugQZiX(;8-{AU5Ej+#o!OP6a8SL{~B5t=2fyL6BE8}FFZT4 z=o7=}IWf_L&2)YiS5Sx^TT1voLm%Z;My2A(pEHp>=n==9Rww5_-gVw*=WU(o4L=>s+fG#Ekp@vCwszB;-1Fi+xoTwE#_W~tk8oK> zmWAZ(D#h%n3UY(LxPfMx)k*lSA6*8M#Zya75Lby$c z-GUiX-SkRsc>`3BweW#Y;K8yMk0cf7`hXZY!pc%$j*7kM1_wYQHbp5mTn>0J!Lk8c z!0$4RusFe0NCi?bbaI*KU1VRfgXrVHaLk|K!0V-r1UMzCom$4Sspc$0Ukk|)tJGZf zov?D9oTY4gCR6(E6uM^f8L8$t0yL>4uim|ylRLiQ87;HjX>-K&Oz8Wm{Z!bN`|9m0 z@>-P88-01r7~L`(_KCSHK?i>`_pfZIYI@ywdKsSKs7oU1Gou)yT0hq_@qj#uhr!TDsh5jqN#e7!LT} z%PII&V99o4F1%Y)EpW)D$`tsKU}5!2hmP-pl`eG~HAx%EB}2DP`rg949j)dIAw9#A z`Uv5F>3ft~1fv1d1{b~t{4~$)pF%{plxK9oGp=^}bbd2$1y4$tfM;#@k?KR!9{>k6 zd95j&J!--8X6`hHa5gxTgaQ?hrov$pUhiuaLo60LxQ7lVEARq;{{Hs*;A2bg``BYk zKihk3!5>VbQBUDsY-oLXp_A)hpI5BObi@JJOzB{4wXN7nT*13R0b&!#!fC44?yrHk zpNO3e!ePWfK$?STAFIco(c#e|Oh5;OXDUcXv)NtoKnM z`W3n>(b#t)NyeAV3*H;vUmKBgCCb>kz7Y2hvrRslH!=Dl5n09(YompMS<(Ui>$y%a zb04>f-fZ?;oanRLtMki`SMyE!o3(hHDKV=gn{nkokG@QKTnGtV$4=sBYuG2>OSBk+ zX-0DaOGzn&Iwd7FrhKp1Am+-jtg;MeT$PNSHtivSp#S5a(~V)pis6v4jg@S)7!Idd zB`?fs@v`23K!;}a&b@1Wyqf9s96zuf89?GKMG2Yj+x)>)0>gzAvvYHne1TmVbCy77 zZrSqCiMnM=3>a%iKS8=gmMcIM2hDh9I(lc$L_L3jsfq*K52uIv_PnTdJDNYWZX?8c z5H1=jT^5wN-SGUI*os36R`8r3QlEI9`sTMiw-@kaTYtj0 z>#T{!_ebsh!+Xyax%CaUJ%dpjdb5*%&t~}TS&`N={&gIBU&^Sn=ZyObrkyB#apdZd zNfkQkEXHU*2c7AVb6eWXFo$-hCV^OD{zL{)vHo`ke*%Y}V*@9=d$gYC(HK?_k- znIBaR*mvysfrq70p2oPcY9X=_DI*K+%7AM{z~(cCGc&*i3x{8xw}Ft2IwfyG_jvoC z|MP#YVeFw3Sdh1W{KFsS6r;OXM(|}Vp&nl&Z`$K z)Wus%r@acpunqhD%>i?yz&0RQdDwTcCVf*e5J)Y%mKzEK2boxY#@oLSmXp!=+LD zOy-`vkqN|R#xvy_!&s9#jH4&OE8|dm;DPOAx3@uc!`!}Ww58^5i9A!~9lDrpJanR? zD1uH>8XxE~*pW)-uH*`O`7#rPj-(WtcoQB?v0Vbr=V z=sKJkA~s<_M1I9y%(@bm0gsjud^3=`sMD8$BL)k|@Qe*-E8Ik!EZ57ul`n7(7RC+PNQpJg)6B+!5cXs$&gn0uC5OPu z^JeKDPh@4pg$=01;y3WqJtc1&9fKiY|HFE$yKBxh1HkzKqG>0p(iqrnHI+n^`U*Bw zdxA<*vX$0VOUwm`X$C9(!?Q4HN5b_ruy@7`8?w_{1MSi%$zsb>tLS4v)vb*vEvS^P zPEl}zq)0eis2eMW$~dSSDO0T6@SL@<`*8+qtWp}t{TngSxk%YfwaBxF3a{fD|3 zmHzen{Qqa~>Ym%SvHg9%e+4Fea559w?cPqOliBHvV<)|yO;c~|wvRgy30v4ugi4Th zbpQH0z`++O5;%}#JKhQ}aU}8x-#9oQzuzkSJbG!bDmmndx0^F)YL=@TW)D{rE8Q1- z!1)lQp!T~-0@+i$pfwRuj3jtnLs?i+Zj1nT04DVGR63Y@pVZu&>2SF+cOh7e2CH+B zJ8HN3^p!Q?v)Rc70>6IR0%v6u%rg@x64mu1Nu|CnT6JL3>?1RC!7PHckTepyl@;t* zMxH-}_4x}Q9>qkKqUao-iXK1ju1w+JC+Ao)MpxHw8=bBc_w_w(%G1k<)PcUrA z#AenkB@s8TdpR>N?!JqrtJ{)A|8Zlhnceiuo>5T^y+?XUdLDf7z81YKp+EQBOe|-~ z%y$RMj)RwB`5l)y*1ZXvhlc6{uq)WVFl6Vp7z`vos|LEucPMc0oCe!p${$+4E4nr0RF^%E z3tsa;60su{51a$@F&vZ$A=<=y&QZbp@65CP2*Q>vSE8ZKnv~`~zP45j+Drov>%_+( z^KoZX65W!LH`~VVFImaECDuCfN62esK>zyizv2xSjdLz|{srtbAtc@L&1n(9vG@FBx3TJLat{tW8fE~Tlj2RkL zTD@&&maD?Onqe`s8%z~T&eY5(FXBdfY22YN9h6~g zMh)hC&8z;Tx5#v^gS*=J@-yb?_%!V#Yi73{FZVh@6T9tAf!Jr?pY=D`_k7+ka<-s# z&8pzY9DpTG8I(f^#RP)l9*`cMM;6pmLfbqOc)+Sd0|R=C$@??X(&m=6>UC0g%Q=gz zrl*6ld-}w#-7>JClmGbRBO38xY>e(jQ?(>L(gz3}d=s zM7PYO3vqQKz0`uIFyK{r$F(s^Kc{q}kl#UF#$31Sty9f$W8{m-)F}A#&X{OKyC9M; zyQ-x%6P>Kqk*V-F9iBR~D)t4YF6QiV5BJY74Xn%yJ3zfdY|7gtA(lyM7PS+X7YzI^ zI@*mDWKPw&wW_*XK4GhYA{mJuW%fZD`+Q z2%r7^FwZKA!i^8*3j_9|C!%^vj)WOO8(m8dY206BT;IdRT-{Wn_>4jlc@IwxZp!Av zA(V)^15Y$}{AO&{P;lJnkOCuKP5wqq&2VYJ77Yz?S5IOZAT$%&QkexRI7HNytc7?$ z4N$gZE!A+Mv!7CKN7H62L#Z>i{hl$X5VhnbGtx^n78(n6mjl=Q;%~p9Q3BMXgEo6o zpAN9J{XHPo=9^#=8A%Uj3%V_sCz3=$R3H6(_OAa@e*ye__U=D|XydkE9`d~8^7DaZ z<1fInu`%k;-G+9c*!YSmHXdn@B6~G-uF4Eu!173hMvBYxkUT;i7{?mEG`^qpKzA%4 zzJB-dI`IMUy?Qv(srzT7hc-~VHm<~v-%+~&o5L*IN~z)PC$^e683w8hJUXxw8ghEc zbsPauy*kd;$zca8;W0UXclqhv+3EGW^EbrG=b>VHOs<7DD^A`DJfE75hxGM&ZMIEX zdta;uMWHphsCnz6mST!mQHk0S`>%wtXx{SnHK);U{17-#&fV z?WbW~A%FNxESJ0`3n~{bt~RY#$z6*xbh(=<%@~ zq=z1#3Zj~VnsxQx9s88kB_KPZ30dq59|L?VD+Lr5-O!S?lvgo@&-Y*}R-zKOd3eqv zo$w7rR?p~6_3m!^KORlq28gSU@NIIMu#U^lxp+NEgZHX{4SON3qRu_^zCKBO{_u)5 zOD@$`GOC$H#6IFY+C^P+t8Yr3n+h{cY;bB9nodpHBpTCGxVOEn8a88JxYV`^ox30! ze|k@O+yVv-Yl5-{D|okB4n~ z(=4?MUf%}f!J6urnKUf6(FV1CWgA4uO^DU2;N!2?q-ILkg3FyR52_lGSmW7jrtK*& z|E=`WvU)}SVCL7AdahP{(USXx&^PK%ns%keaS61Jv@Y$tC+dBr7Q$iIlcKZ!CGnoa zt##P!UDuk9ow63pKnG=!h}G7au5!Jsc>P%u#GB1b%?T62Sbw&&wPCb^Jw0#p*=Edl z+Rxhzi|;gFXv(ZVbs*{{@2*)E3%WY(+Qm7Sg}7trOO1sMGp2RIZ6|^ha`wNcmsk!F zOgMq9=M|F~H=yxa8X0@9}Ul&^>J7GQ@@vym9e93d-tQW0CbY+QxKkL8(K@% zwEMN>G_B?#Plk9sb3`@xNIQ;6J%+k zEFBmf^W@d!;!?wMuKq>KvUvmNnFS+h^zBVJGCTx((#v+e;)TAdU7uZQ8It_?1E44T z&)bPYh6v^UQo4@cGu{<0P4HW={LA zHk|rqqU8@@1hW=a_NAZIp*lmdMk7BynCWJ+q2vkt4ywh_3vl&|w0Jv@!;|)7>f~?m zsZd8(`f2O6QmX_)jT*I$s|}nfRM;u)y9-fBERgy|z^1bsKm>|pwj;FCgCX6p@6znv32 zcV=H0=K4)^Q(Rx)>_AHxz7jU4u?Ka(_dR0A9wra66aSH!^Oe5!?|%PDZ3Av5ZMEDN zq7`*^;Q!^wYyI^NPn7ySnTHfM!8rw>l$+qZlO~_ZwEMex++6t8 z`1tLEx+Rnf#d=aYT*qLE*b@Ms{6;hywu(dgvWMg}Dax-6`NWd0Cc!4vmJmXlZ@K*Q z5&C~g!SaXT`=~7-0?R)NwI2~W1;U?z+K))gg(wanh$B+b;KUw$_z|2qW*Q|W?)L4#1olVeTPc$xsT<{DX zo)=r^OGne~TrHDmWxLiJHbKAJ8&MKn@Wnf5;FyK@%}S1Cb#( zLKqPeLS#wY4|RkuXcCDGnR(<%!;(WR;R~K(!WRtLgfDpR>7428SgI2&)EP2I`Kmo_ zSC5Z6Lu{0}I#XKq=7R;9hmzv04xdaU9r%Lg!wDacMK<}84zhvrHHX?j$ql$c2~7v( zK*^d_X|8NvvRSiH&2r4z82;>GE8~`_{!<{h*LiZ;cnm?3kMe{qsuG3Q!4$;8-aTFg`o zlAMf4&c#4#{WA_zsNs|Ld^;J)(EtWOODl7JbQa?c=Qv2iN|?xc09M zSI5DxKiZmuU*DI5U;khNIha5;%fYYTYu3T9fAH%c{Q9x7SHHed&%vpWo_t@4Pv5X) zofd`Y>h@ZEW=Yo`>e99$HQB(2yW!EUV;!+ zN*Y%16=y($PvLWz4wl{nspv~q-56qoIv~~x?j~mIx79_-HJggA7N`TlqV!wFv4;KI zXdJlKL(8v&nuJC#=voXf*hVGkiW|g&eeV$L%ZfL8T3@k3)G;1pUwV`0-B5y^MaI62 zyvCMY<9LtnXvIt3uAS@LP~1^iXQrc3Vo#+XWkOf0M$lrxWYBKVflX#5N~XgyF%`#MKYNXXYY$WkegagIwpr`=6PyV(s0#D|zX|^%iKt2oZuH}~ zxT_y)3bUs5^@cCCg|kvRqB>G7*HMDZw6*_QtnQSeqX&vzb_01~!VIuBr zB&lIy8qBg}%JW-Vd}ej2>GYsW%5_bb2E){mjwxEhhQFk@csdnzW7kVfzh+@tw_GCMEX4h+6|+vV z8IJ_MAX@R6t<|^KcKib#?_HN#p&bwUb9Lf>dV8*p84S7`m*j-C#Yw?dixX3oucBL) zqUNn=&0rvMx6F(W2ELi+ZZMBM37#1N z@dI?veu3qWuIvl?8XEYX`Z)4NaHNOAZH8RjfI42Xl88IjG`wVzxZNbY`SNN{1c6)i z=>Z1+Nn!9au1Ue>rQX`yylA=PbtbIq<8EI`ID4gsOnhe#u5B(NvY-{a_!V&(xq>JA z_YwPHfNZ)Img7I%WGA&Kr)<-IU9{6+E(4h3E(hf;ZP`6Vvy9uO^fATV(4Ssjke@-~ zZXm0TXh9=87fZ^~OiBSbbXcuRCyszTbqXc!8Gt+1se6{W0UeMo_pDTSogy#-*-&3k zVq-=zVaW21Y9d)Jx%L7D!3l;x6v$^GQWq4D*vk7LZh39jtuQXl8yeF^4w}M~Y6?!jpT{Y$Q{K4?RFS6j_C5!!6FJ(tY`%XYW*1p7_~66r-< zs_HV?i%&9g0A$sLnCnQ6xWDFl!HdtAfxTQb>a#ldsCOI4LdU~0JTaWh!m z4=no5Zf`7r=}p~gV}=fAa}XUzgK;!JpzYsiNfY0?b8qVVX`L~pkw=oK#_s0>wiZ|f4sM`4a98T0{};}(1i)rW(KcykP*IVv;?-aM5e5OdZ|gEvpB1N%d7PS{p+^ZCMDy_kh7oy9kv-xiS> z$=!?R<;7%3MCN#wT{?pd5Mbm%3!@rDH{m4R*X4s? zCR^%a2EQjT#J0v3@$1#VUE)4IcuAf)C)~lfzu8D{+?PEFC2N!b-RVX&M9d9%Y(iJ} z3+D9lLfz+e#u%;SF&W9Go{^M^rv~AgP)yAg6!M6XTw*72_+(Ui+Ihg2f-7-iK)VU~JUG$ALIc$R7 zlUj94iYos4YS0+h;uUMd$)>K+H3X!qzinhwqT$wYG-nHX$3@qG+*Xhm<|}<@twraI zgMc(3;-D-S_3y<=bCgsUb|5H!jY{yo^>p zi2t}-e#)SY8OPw>TDfC}jXkj9Xy=;=zC#k_!NR>;mJdjd?5mu=T}{iLjl=Fmq>Wn} zMqiLEZM)uX(^oiuQER+mkgYz~_z9(X$sYXI3t9{LsjFB+imH<>Yv5j@GdBBk;G<9% z{i5nhZIWlT1vt=I1&vttks4luuH?Q5eyS(-SG@^|Mr-?kbup?H-|}|R&5sMQ3>4%O z6T8u_Pv(`FpDd|rf>M{;hR?fJH1ecmcdR;*{B}m0V!>Nhv|Yna=!(w@QQxWQCTe-S zEWc4()Qr~U3_2;)cBgiCdPjMsbj(joZGv=T^Y5DkMN2DEcgs0zwD;V;O;)0ma6N>a zOqaXAIpTGR8A+#&qARM@vuGPX`Lov=xRjDa zfgsf;X?JzWno2`CEcFhxc^;cfjaGu@Og*_`jjFcN5A_AOR7W#&qMZ-RJvQ2|vHNec z&FIylp0%u5@>-t;dI)2qvC%?5I^<=$V7xI@A!JG0!WdpPaIR=x?PvVDdbbH1yuVX> z_tctIsd|2^mh5xz^ue{DcVM3>nN){?rPI*2qJ6Y??39^pZa}?nVZHV~YQ~-$nHT-< z`#l{$nT8de=`Q&1(dSJky&-qs`TyyWoEc-xgAVdv`KAV;HI`CgGL@3&kn`eZH(}LaGE-%@)=}l=P}I=ikk_=cF?KNX zQd4&1mom4r2f6I|bj9sRrRo%XuM_e*PQ84WlF6$x^LuzsGqI-VY%ov#?d-7ATLZg> zn56X!93MnJDtY?*3l3T+AOVprtH@5V)TfHWwDKK<>tETGG)k+E%s9?b9)UEUvL;zL z;H0HnvI}{*+$H$V`B!{jfSk8|l$4a4-#+(ORX1N(%d36w+iknOZ_nAuyPumARgQh1 z*VzH0l+ajRFVrQ2`@0GR{43A<{^Up&0NQFQ%ljwRP}FLt(ex$=+SEksqcK>NXa*{2 zLsD7V+`1a8EYxQle$67XSzbe9F3QG!Sg+XWc=@7a+zP3k*IXj(fh4)7mu0e6m}hK; zQ)m*hqf2(3KJPTtOc))izb}xt=i7K+o-^M#mgI@hCLn$%-xrR38$92;xxT+x^1kEme1m4j!O}BD zET;G+MbSns*D+7s#mS3MjUQJRJsiv68CVh*)Mb`?<*!N%PEbOaW)Dwu$ z`zbaQ2wD@vdaz#qi;eNCTY?XO|LYO92zFkwTox?>ra1JlC5(LqISjvHB3=H(@?G>p z*GZl7KuMMg>6+qn-=qn(lgwow#B3wC!nJ!}UMU%Av>bfiyxGGCdoZDSCRyljGCvCV zq*LK-Y$h}-6A{6lwK+xCnt>;hLy53&3KMxWmn^bwv-1U3l{jpJU>=KJX&K?=V?@hn zzH)ClANA*X*<(E+zPB6Y)8$jTK*jbUlbbGjJ$7_23HC!c~?Wm_OaBwJe2Xtr%$Dz{ge zha$(A14-jo=TmT+wewq^d3FtuMX}b{z_`VGJ7=2prNqKwa_^A;onWyV{YQAFI(y+C zHH0mXb}NNl$%p0D#k0qCP_Ah10>bQK7!{-sWo-%5B}3||0zf4vXe+VQ%&J*u0fObD zC5goG-79lE@@CuNH{;~9?#az+`>*_*n*bYXci(3}@29?>6*rs`b>Al*l$+1_b$xH! z<==h)%PB{b!)DGnSTSi^L;_UOI&LRk-$(X0%G;d(I$p1w3^9xQ~7Mj@U^ci{OVOT z(n|pn4oXD`M30KYRI;$Dr??)**2-(bP2rWZ^A^iKUn6*winiacZ--U8S8D;i1fPP0 zN7i`(Yc_h77?_WiN~sneed(-|wusmA8ZzR;?6XpIj`eVoeMuTUbdz$jv^u{_1z`++ z-eP|w^HB{x+Lh$u{0$^y6c@SFm8Qm+-Htb!D=m2D7qyZf*6Wq{_AV>`2*%4u>llKGvMoLp8|!8g zwDJf1rYo^~4ec6cb&>!1rXNw>kC#u}EGzuUnsoHhCtVbXGyTFzFV1PB%-puX(MX%( z5X*^>8_{U!X+5ZPboaKLLv>l|JF08^JKsF^I&8-`x!|S)A9+ar39?BJaf|4?XfoHywiAx%R4-Q z%#oUwQ0HcVx6BSafH8)Il-n52l3j2E(#y<$8B9WSeUjQI)AuIkm*xPM;~X;SamA)wBDTs z@SXIPNL>W{0l=8wJQSWAoqqK3ctL(|w|@IRE#LIw&wh`2_6pIKz`efx)%x?ko>ZyM z%}9;{YZ=YNF6-&92a|`^LQ;}*9}H97e)<7~JkOi%{rY6~>i0@ati=o(!~u}(1v^zl zyj4hBP+a~dzjn6{)E&IRRr;>2Df*>R5kQaaIfh-HPV1S5!mN+V(M5Y=X0Sj<4kl6F z9Gtwa+2q*oDgNg{Hw&%8$)H=Jdb&}j+o7)5wI)>!u!wFE*+eUxNwOdNb1`EX>H7uv zE^GRde}-h?&cJk`k@9dAP4q4~jCtD39Aepm@-2GciZ(}=nx}Q56)aTUbV)!*o&=Xf z^77NfT!7NV$7vnwvlDg>p-$7TbPZ?sYQ+wE5z(nkb|Ek&t39SZOL0Yx*DBpbHn5yzQj)3LaX^3${Q(Bta>8;GVadjnV(#n#$Xt)a!-#=-&qZ#VgfH8fW0F{1P7*}} z$vq00J2;Geo2#AYuY7f@Y+9;Yw!kM;Y0zzJ!>+u3%*y(W)AL3dn|kq(y*UX5sXI5y zZPfK8w-UJ;S!5?1y51i4hg*n@j-JaL?kmx(`6?WeWu{_*_wyx5s^rBodEAgFXC6t+<)+Zj%}BDF#Y+c@}5{*v9XqmJ-3_a2%cs01BO$ zg{`K*zr6pDbcyFJC4i`zIvxS^E0tn0|itdM?W5n4~F`3|89h)y9~D ztd`$!EJV|t3N2W_>ziUHMY6N$2K2B$8M)r!J}X z$OfiadtMT)uZANm=o22tm&7T@`Sr-2i=#tehY9k?pqTIlB;&1FAmr$L{7LKdE+qo<`iI*58m{@l3XZFHo_9a821pl@y z89kJT{4$yFe0q2VmzHVyb>(?ddxXlXxb{rfG<3S{5io}qo-I=6m~OQNj#D=rJvjok zqHP?^XY~VC#HzGn@XU(TxSYre3_T))A1dfHJ93=?l#gckDO8hJGR2+Y^@e4mZ!Y~mzLo5h0WQ36_$ zdz&z>scxoRWD?+qb?p;mCEZaW+9Q}$d?hLDn8jpFI;-1x3ghmgAoXZf;uW%YQ4(~Z z#(~f7*+C$10wpbBPIvP!hZ?E01Zv4E6Ur-uF}0USiP;3UZbGJej3vO9Lu?R70xRzLrAskdLR$t2ki;j}>f zS9Fv%Q+Zq{RvRBq)_psEGq`8POP^ZD!ZiN(I+34-MsuV=*?x=FCEF?zSFtraKWxr- z@M}rZ)k#tnJcsZJlG-`^Hvr9R0^`Fq++QgiYWKN5dK5i^WTo1au{n>0G|<+K?a7#X z5!GE#wmSbjP`QF#jR8-mztZ@=#KZh^E;$_)-Eedr{aTi@Y()#|;%*VW=5swa50?X{ zD8NRLihpZ!h3F2tF>e~KP8g=xE>qoP8DhK6su8S%ALld&Yf*tXviF5atF2ny*#dP1 z*v{r(6pW6oAQi2G%oA%2N!$1vb}~u}72-~$VTsVMFvIfJ`0gTiJ07jVw3KZ*hx(jf zk^+U%Lq}m<(qoZ{*`+9Y<8ARM1bkfs?! zK(6g(9C&c-!+wh#2S4qC$zW{Hl*53S7&ZvAHB((_or1z(in$D5Q2y6N9f_05`$Jd0 zzjp=)ok>tSg2U&^#uxtird|HgE6Nw_)DaEZuc^O12Qs$|Gdj6p7T0h`V#L)trSe(H zlObkXM571iVW+;N)ceyqwd_~ZB$k&i?rgavRK!}Sx+v4YtP}6F6zVaMr46b@V+b`dlo1r*u1;9VkI<>?f>_}d1t9?0ga>oRT8(@=CN_< zNEWO&(5n%7XSId&R-n%c)PGNc%X~tYF!>P0mT-$L2FtJ&>(7s&jTDxRs>u!ax7KVZ zPc3I6quf@;5a_D(Y9i2 z36JB@P0%FCH%6do_AyenHi?K!o*q16avQ~LFj$qNNETH$0|n%90A>`JP{0$ zU9Di?0up8aN<%VkZn64^^^pUoJEUtNF0&HF%|*|O;SR}<9enQ_)hFJB=J(IAn!7sC zfpt8b5OJ{Orb1Nf4ebLtcp?hBsY)B~(#?CF%hz5*>nA_{TD&2fm@iGj6&i68oF`dsZW1u~p(t^8NLx;_#CU`^LN~-_bbCk5GX|FZ#T{VHWl3;1&6iv`18oT)JmDRx+GJ_ zVo4IMoUE<7sSp5?Q{5U53jqIN4~w_nsqK`uzUEz{`Sud2Wr)EKfc>6M)2;?k{K@ew zWSo*q4(V;g(}aK3^SCxNP1Qy_A<|x8H+~}j5b5<@$6WbMA|9_lKmyV%dzc|+@B&(& zN`&kT{4R9%`IH2)xWc{Cka%lK_JIW} zC@~nHc*{GB1-r|={r?0PmVi)4!T+5n^c*4}wP4DleQgiFhPu1Lz_#iXxSPHAbRBy6 z2NpN?nvGQCC}WQtARV_|$>qEEZ3J%QhA5=9XsP~%II%oYW>NidBEN@x9DUh`)|-VRQA^Z8TUC;%(_ zot{A+#`@<{F*^}*@QlnfFpm`n?ZCaDNe(K%7vr=9Y#vg0JqtL8v0{pivH+`3_&L93 zZ~_;+$`(ocL*&6#TC$?_+bi2}OKYChNHG1fBoEv`k&JDTWSNOJj`pGp$Y9D^pyUYNQwpU=)*m)UzIzF=UM~-gJ2@LytV@11nBG!q zY0FdapXjr!^amTYbEtl=`$K0>is@xHGk$}S7EFhQ{dDBiH0D>!&1-x-Ns;yJ7&&KQ zfhO_u8*xXVSwPo7qQdunn1*dh9E6pb0no6$BHubQRa7%AP z2r!y`Gye>B*f7g@o#mgV8!8}^*UhIRI6MnVuS zd`1g-pcGH6$&;iehB&i}I^vD`RzZ(x^N8MXc_#n-VAr8mA733C^T0sMRrb%h7bBph zyE$y&K3zno<+I02H6`trN6S0OC{eYGa?`PYyTjDr%i2GupDgvH(IlI4U&lK~+x3Ag ztT!_`L3Z7rsRFks0M3zXuCQB21=|>7XrS6ecmHCUe?7W-GOXJ%)Z2L`5Jwu$1IKYi z=TG>AZvLiv^Ns!j-v~hev>WgdDvmFLZaoPcB@{>6$_0PJ6^st8A&uM9rPb$zX&U6* z3Ts4tvUz*X&DLK+GW=!heq#3t+QyGj?OHkB`)9c$Ftz(kS4eHvC+Fr=X$MkI2XsRU zz3U;b&|`&!u+^gP^=$w0^nC$yM&i>W;_OZ8`PH8rCxyg28p zmm1($6+U@XwnI26l3l)Y-kybgusqIkoPGs2lsko97YZ-*m27&Q@4e~t7O+;AuO0uK6w*`D$!2DN|_dFkM%JglcJen2Wr! zuInX>=OecEXfai58`deG(>{pjYx_mg3M?S@CAZtzMX!8e9*AKdPMsZWqdnI-LxjZ#WZ;RP9QrM`FhG z?=x(|&x;Bdzv}~p1zj#U)O7S=nHLItY@j#JmLYX;eF;1>?O#*}|0LXuXkws8vt+5_mYYvaNj(mJaLGoym>6apk)4<< z2FP4p{MJg$fyt3C*#~2s_zmXRukpMWi_kix2_)w?B2 zQIVoWx~S#`V{(~gX-<%?tiC&2x`V81Tc}B(2PbuwHQBB;@`E^V<5t!ngq+v!j6w$xDDN@|Ule*SdyC%&iQen)!tWMM}7T_e6kP@=r% zZ&;J41&B`k(W?{FGd}e#aJrJ->z~0VtPszIR3iCk^%RzDzv{20l+N5{%OyY49;q&R zIAzq_$Rh%{$!YdmdbQ>Em>^zlP`t*@kEe76@F^?z@#IOuant~yACEDQjnJTp; zwz^Mbc2VCj>$d?`PT8iA&BKL3wJZ@ahGDc}aQ~a>jP|p>8)rx;d*XE+W{osF2I$HyNDC)xnM4 z@HhjVu47K$J@LCk?0GC=Xg-~ydnUm(Lcnup9x;$nPM0Dc4;BzxJf^O~V8}u(ZFT`C zcY_y(8(g5F@3={7s_tyvSydPw;(?3B<9-C$ag%O5ID22^_Hz#rT%Y&(Z71GURKT0& z@3sO%2X>At$NQ`Lm|5s9aok>iD`+xHUJW!yNkFRrP%UlYC}AeT?%G!m!Mtg7Hn-4A zVJf_sb_$`oa4DATKI#k?fX+7+c`MIe>;aK0OxF$s8dG;FYgw!G5>Hx+-w>;2OsQv@ zYw{IGNoG4ZB8fE>7frLM^-Hoo<_&lW09ScEJi-wk%Dkd7TqLe|+nnO1Og3$FUacjuMR(7~LT?mP&%oEJX z#Mx%0D_er?LT*Kbe}&pSgT|E-3w69S%e3knr&)*4qWPaw16lL7q}5o&S(`v+ZVJkMpqe*`jzHFe#0)-9 znu`Dx1eyc^%HOd5w}y$%jgVeM6M@w%Ky$WxV(Y{vnPDv_VD;0_4AnVT(iz++16H>$ zp(Ke$q7;PS11Qk5zqOQLZ2jZ|jDbv@ z%t<0Z)7h+;Q{;xlGb40${ykX<9w{(3>*=#TJ8;=w2l`sEtxZ!9xn%^E4ez8MVmUDq z5|jTo-Yl+$-t)AxN1h%{GNlEBYbm?Hh^|5FxTxMOy1pK8&d{skgm3J@PPGI|x@gXo zf6djelAYj7%;`K`H9KBF1%j}Vfy8FUh>DiJWS?6nGrrBF`f6wNmO`GGK~*jREG{qP zP0c*wF~ef{`Gs4JN;d1?Xi1fE{)<8g9zx+eFR@tbrvTO?eCtPMws|WcM}B<9q?cO`_c0Zv{(c z|Fr8LqJP`W%rrTgGCAFUynigqMsg(b>M&$iR{7k&t;*VHbN5&v|cE z{~@qoJ14Re4Da!v^Eq2?<-97jcwad2f~JPFa_9s@ElWOvsCW%Ep)J|wSUW9=s0`0q z=BwO#yxy6A$=vDZ3JIS%5D;VlS2-Xd>K{fs7ePOy zNb`i><1u>Z56X1S!~xO&1rograng*Zs-})5F|+O|z~C6=S%G{gaYwQ-Xl3xShIwK( z02#%}v;s9$nZX*eW?4piUwX!fWm-t6O+i~$%t~^^oPjzuIDTr>N(Y&F%ASm;!4?&T zwiH7=-Tk9R$q~0z$yVBVe2qmoya0|)6XJey9K2?#!DJ$H;;L~R)Sp2)sD#=YtyB6u z3foDOkDn)rUP(3xt%%)eQWXLgmbwqAqxINKI@8UkD#A&upreC&{qTO*^0ZT?^`dR* zUWL5d0@eL^Gu#|Tw_?gABJE~;V&tRTA6*OH6~rb4Btj=clnObvuKOMQiPX8#=3QUH z^vSCF2Y+#cH=9QM==qH0{|@t7+uv7K)daE2#SNVYuXyqd#SJ_kum6jHmj8=AeC~ps z;KeQ%#tX8V{+flKIrk|s-^!4>q^)n5AI^$+Ey7r~4FsN_`{YHfz6LUsF5?8*7Q0%? zF|9rDF&z|F>BDsMF|@x1w2;>s53;%hycFJ8niy|x8@PA1nllLT#n-QoIG<4IZWFk7 za_Op9$2x3+t%7rG2&^{uKJ^2dfUk6pek56A46C-kE`m1gli_u?-Yhn(ywGOvswCQ{{hk?Smyb)d@s`g}H0}kMCVzrm8YP>H zG3QV+Yf5C&kSZ!SN4d0np+2`MdaaMKVULJIWs{lO&G}@KMr4q@R6aD;!MY^upxAr! z0oL!NZD_>*kk3qW)o*I&do}DfdrCE#klDPa?!$z6MzZh;p%B;!G)tYYuV_Jf%Jy6Z zb>`o{!;El_>is1v9W=HW3}OFlw8Q`WppTkC|Gf{(Y z-Za>%qcC@451x{9?7)b*iElXTlz({ye!6;EKvD#YfD?W!c;_>W8O`(<%o1^yj<{E! z)*?z~IiVWxay}gNs#e4T^Q1x`a#3GEQ0%US9K&K;MIeD6wajaYJo$LGiR6GzKaJjz~`y;vIJX*Myo=DtDOU?v*uPao?|_ug`%UN-|Yq`BTV8h$=- z9B71cHESG1ELN6PliokCt(!M`-xIS%^?UrZBrrM)E$nOSsBEzYnOS7)orK zR@EQkgrJ|X1|9oW3feY2Z2VLtj{~i1-fm%{{Nuu$2-Rq(CiCSOKhw~m9WtS6$k$~> z4~-w(s!X)`QQd4E^NIYzWS39r@zM~vtzbs++lz!N`RIrdZF*NX!sz83VWas)JkK3g zBzV*YR9)4FelI|EIk&kWpI*n>i>lEqW1q_ALu|&P(P%~I0U-T!DhWIXVxxEn!~R55 z@@cU)+M~7-_Ok$V&e-k(_8r&+CJE$i^v7Y?HF!yB#t!L_`g+BfHPii3NkqodDg~q>iKG+06G8w=-B? ztP(qbM9y5R{}(L1Tfp)%rF^QoQ;bdIys`vzuVb47x?lNxZA=eieg4LrR@%O8{Yc@!kv2wPrV0M0&!>1y>6wL>`mGm^4DsE8&OND z(Nt3qif~A3ld#M(9Zbg@iUKk23*z{R4q8Qwy)`!1t^nqJWTGb z@BXm{JrI>6sOoc~5~+0t!B0oPvt>ojfS%X0$II;z^Ia6g7ixK@pcA%YHvI`f-+0wYPD%S2?F*Ew0f9F*2>mZVHz0gQD|=O+ZGhC$V^AcuX+rzOf(o( zVKL=*O$Ff^^y6sI&Js%T>G>ycIJ*2zut=0nE=xdpfRopqvJ|S&*g^P4FjILc%SNNAS zJzDz4Ar5@bL_cW!UP#t*-{PPdSzhIfvJ94{2E#I`uu#n(SeC{LXHf_Z^$0ZeX;iIh z(-5`J76WzDUwem24;BOynHM=pD%ei;P3Sx%jNo z)^aIXJ@RBR;2dwaFjw*xoGS4|WFhTsCfm_Bb}*JDng{cVO<1eJDe;VcB!%xRR>nC5 z`D80-L?qfSN)((hY7%N1#B;qd?b~&>Waf==86)?i8D7UKCS3_E2j94RQ>`>sb(Y5H zFf#b+kh!dM=-D-$j7h@Z6Bh-RBDrDu;U`mb9oUTUdoAukn0&WEGuSJUW}9lINooAL zNbm8BcsP`DrvffNgf1x`K@ahON&YEf2!Esm2~tSe#X;m-u9k5ZrlSU_HL&LA z+*7LOQ4ZVc2Oq2vHXN(Tyc`ECzUNX&g^W3^Nyi2X%ob zhIlw34=_#YngEOV7&fsxcvj{KJkl~2y+*iKuT#BkJ5(pZuAIYrQ(VxGbd_>s`>5XO^X zq*4Q-|RG6J%S|x+s z1tB+>hsU2z&@VqVCakr|@TB()weq5bOf+XP&0gf}t+CRPDDn4;{!+B$4na)NO5m9l zXpe_>y%g&GvqjaXL=|_Tu9>}P=b)>K@yS}8pQtNzTXLdvTL_8hridZaBPQ=eOxp!2 z70|jO&MJFS0FzFY372KP<1%0a9(n%~`p9Rpfd8usO84XB2!hl!&yu z2)21Es4rl7jsE~+?j`C z9Q7yfY{r6M>0>Tq}pQ+6EZAa{X_IJj@uIE2xuJXTXmQ>sEpZ@<(`n|&Xe;Wnl z!_$}KsZC{6gWL8y4%5s`jfmKmZ~16npm@;Dt6%FLoi?tRNiRVx;K*gnFcoklpf2D* zCMH1j&%M6iSjPT_uA^SehMUK9MQHMxO~NWOi(RXgQi|CnJ6IS-2eHbxwF$!}RX8tz zGdtoYMz{-RI*4$w$41tGqpZp#$cHTKyqvRf1A4>GAi6+KFtdXb<-jnIPfp3r7vT)H znL?NZ%9&||F*(s8n?^@u_;)od&<8c`^xG!HQY6gfVcMAL)sEhYg{e_ZQ0aX$@g}3e z70ZDs_(66Q)oWN|PN}rB!;!}pHxP{eNKmo9u{wK@Gg{>xwrka;wex@zZD+nxj1~5- z2ccHfP_9J6_>I-YmoHs4E2T_6Re|xWspAAaKl3v(FtMdnI|-RyaMJeAU6j1hL4`76XhINz`nO8gaGWnfAu~owc83~s;7c$~jjFP>%UOSI z2fou8^tRhzk86Q#LRMeX5?Adp1Q3!OzWHCu?F#r&G2=MOfJ8x>N=#`E_gJ*<5W?pO zgGf{oc{`_N=3NR=r;zNeJM4kd_wnIwpXftuFUo*YMf;$3SSg^sWCz>`xwk379QY_3 zp~?nUJafiHGEd#2d8t4*3-2A% z<`|pUrVp4(zvt)09HfP6KF&1;rfZUS*|zD7|5cfC7O&77mN8W)=yxb}8m*EA*)-r_ zx4Q>%g9KH~ATByNA8IZ=J=QZzrt9N*J$?y)Y;nJPM|1j`iZW)%VtwOoo_0>N7B7-s z^47I%=*fO7S06#PXm;}Od0!1QlT0OBH!(4}sr20>ZKsN(yIE*^yI!u(&uBT;&P-+n zlh-6kTld}-w=-)M+~7Nyz?ZoqG;Yi@4_=)Ne`IqTpn-z{yVWC`HRW|+KiRr(J8GvY zm|p`!4ZQ|}f${tls?T-1HSTo8F8G4)Fy()ubO49@>xjn4Le%nO+1O`!V>-5w8JzNA z-p>>2i65*?Q2x--+<1ziO%ssQ6LkHANtPvqNwiIXD-hK$QcO z7^`^`u!@?qKnq6Ki(%2A$RjpgT+wPXnxDTYmdsaek{W>TzNE%)X<4~KQkDS(3X{QD z-+DOVLSpJ@!PGV-Kip}v)`;d~2+KL$`pw0}BLD0*t5}|;6&>%Yfi-l25{a7-h6}C9 zD#IYH<({ruuS$-eqHt`(*|!GhY1l2~#7fSNW2{ByE%R12FF&!CSJ8k7TAKsJQU^s( zAtTvze%hIlcjKu+Q83i#UwAx7=GwbPBF?*?4I0}t8hYS8Xkd1noQ8QlNQuy$Pf0q~ z=|8`UqD&Xt(SLpv_7{j^`f;72@NBdJ2%!VWXuBzpDP>vdx-%huGDvb-sLx%d{m1@- z@@--v!*WQh#HBLQ6#IPd_8xIQ!1wGplYNXd4P+vP*K~wU%e@cYjyD=A9KO6Y16Mnq zPPq?DXc`2w2l)<(CuF2os(57u?CiMhJ_EZLC!)`u3T`84=> z_eNj+_KyH(-v0(Gl4i!6tF(Q(@3zZCxqnT9Yhc(Kv;IlK;%pKW7^0b1BmJopQ?m z`@<>d8mlk;)WA072g9zoxrgTM8ySM=;lEXLPBIiT%{yyMD>Dvde9P39B4-StekLJj zXk{B`8OLfmr-h&p9<~~)Cb@&Aa%C|8*p<#Fy&9ll0{QaPnNzon$sn++r?`a7q?68C zCJwQi@qF}B^{=?%NUiDQI=Z3IV!)NtAy;zmg=dFe3(gX4T;mLm z(Z3~L+rKP{Yd>{tGGm&wFHL;Yfnn_IeIMON*p3hkYiH#H!gg;THPjt~t*aAiF(Rr> zWL^liTwh>cW0vq?Oj(O;Ezxq+6GhVi8)D0UoGyf07|l&mn@5;j{(F_6^qC)v+gweZ z)8elZzJBx0uYm_H`6n+caGPPE8}cp~7@YhHQTp&xtUGm*S!+%qYJ$2olZ)D_+ zMndC6Sv+F#($MO!k|PJ;IidMjn$WguE2u)6(OI+2?II2z?(df>gj z-QKM3Q7_5ah1>!Gcf8`PrY{&}?s1-bOw@tUi<<`?t9Z`tFLQ)_C@@dRu7p(kHB^9*=JW>I}*KaJ!qyCSQQ$GCZvLspkh`t^l%`n>Ka`HPX z5Jla+k(#?(=jQZ-d#wJ`JHL3Djf|7^*sIC&WohzYBPdF5q%8EQ(fIribI&;NVco2( z?CdjP)YyCp`y>OWi>)V1IM%Buyc7L)93O_$>Doz+zYhX+AnI2|XTOz!AaXjmp_K2K}uTy%ESlyy+7Ko%Bh*U8?Fsg+;$q(7wGq-> zF!@6@Oug+mVD@_T`agaAnReeR<@P-L)94Yl5hzndODuuorg-(u+tcYJ&;riL`gO=i z;z9rR(FK*VE0~1D#l@RgS666bz}S1PP+0n14a9Er6EVynw3Jp>xP))YIn=XzQ>^gI zMW;xR(+eD13F0)W3c&9FENf&Q&_9((mzF8Kd9_oubR_%_X+QL&`1MmOMkQ^THEqq$FHz9kua`EImU?B8jQnFeJ_K%JZUXmQpV0g= zM-0rs0YO6yrE9X(=cv>W+H(Z>d78&RHG zl7)$+5d{6&4ASm=e&0N0vkteEyx#FCH9QY6JpTt{vsA!|T9=_{*?`UR)7rGnRjh?t zGmqWOM>DYB%j@F1vXY=>XTOJ$k5nPxG7vrd!^)J(P-0}5=xxO^+l*^(WJC3c z7@^mStBAsL7<0*xak8#1H8Et3p4X$`@nBZz4eZHZxw1h{ zmWV#jM_I7~*BDFh5?*X0ZUs}y9#Io2J_pytMq0EkRZ%kE&ciBPYh$qwOXZaR(wt4)=*cX+;4fftjZdC+q!&3mL z+uMv*{?q;%pE;(b7tBsc=aK9A{@@oYt$Ckj#eWH?ekZ&;6-IaOSTZ)LW4lct0^WK) zgy`%0(ERGzglz50NH`*G&eKI@OM*CmmaZJXgP!d{7eX+skXgDBr5KkgrN;|2h)yd? zdcj*Eg~4@03U=X609M%dxW_q!>1|@&YA`Ovo+$RlY;``DF|8q5%|Q(uSVhgD$&uK@ z0=)W(obmw!Snx~bTi2Ze_?vNxv0pbOL})!0Nkh>T%+A5BLR{SnY9=CbIrK|9DtIjW zws#a@Q>oMe@&x6L~rTLk`XE-7pgLU9?kT)R_g+)Xr zZ$xY9PemBFcd|^B!eQ7rDUFO>UT;|4^vO4$bZxvUPz_jNc^~YDSVC+1S6Um{ zE9;>lR|fF{H;DQRe;y;li5<}1dx{y)z7fc+ot{Kr9G0(fz% zB>w}W*Pa5B$y5ITX@J0gkzXL^|6;!1ZT;N;oYRBZX|3&t;HEbNYiv#m)OR>LJGO@7 zJ$E#5csmWv-3Phu8E7}=niUv5++1GM;DNl8pbiiHQ$HNb7uJUQD+k6d{Y@53qCCm9 z%l&rOlo|&lUj3XJniYvQ`=AR@T>E@mon3FE(e-2Bv^D`0plSL=OXpMnRqF&Ky@Ma? zRr45Rjs0h2Z1adXHhNLr5Y{$*u&Zv{#+3|m$G-L-vX-t0Wr+ut)lllf*00X{xryj~ zL?lF=wqv2qtjB^Zgwo6%L@76|J$9!Y7HJsiHg7vfA%FfV3r!3$-=ke@)onQX`F-DnmpbAWL(E*9Z%BPG=qhQb*d* ze6F_`r`mO(q=k5dJXw@)R3){pJFFE5hUXnv6>1A{c?3%f`jbuJ97~aFb_v&uwGZlw zcy;Dm{DWuw54tUvF1dA&7 zktPPg_3?L&y-6*&JbCCG{YW+4d6cJ%>+9fc1C4!ToB8(tr=I4>d8o*PDbp7Ff8I+` z)`BC39#tKa$fXMY7ziKFKX>oge`HMC@fyec=9Xax-Hyd-S1k z8dhkdT$?|z^M`IrD`(2ULL+0j;`Tqpv%_vVb#;xcP!TjT;-nGLDtu|5N)zdQ;!Fx95%>Xt|=2+<| zTLd@YJ4ToN&|GHyqNAz3R0vfww$`33oc$~e&;@Y2X=5%N$MRw?)k1C)p@&&0r)9Ra z5@m(Rc%8WN6;ff1ZJ9YfEYtuQ7))O)kP4${QV3BY-_(nGM{Up<6jsNTA2Sm|#2L-Wmi``h-KSj>2}mCq zm#Sryg_9~D7NTLo1C!Vkh<1ylWFB4(wBYvRL~KqkJ?nn}r@`UWKQ|=TU!3_rpi{c> zmwNtZalzFrvh(*`Vd=Hx7j8cP^3cmjdf{zPZ0;ty`(dvC)cg-5)tLD|T)O8~-tIQi zD!YB#Ns7$3qSWzTZu0JF@aZ2laHnVuyU<+m7oObS(i~43iJ{4?Dcg)G;lN7^tJtMG z2mAarwSsgQXQ*}kpAVFR=|6SJhEgzGoy>>%MBl~=xJa$Nq0}&LtaUlh8C`rHy62iJ z!sa`hwGr=E7ZFf=_;Q3&LCzBK2{QFn3qh!$PISd4%hF`^-jmRzGJo|pwsfu)O_nD3 z_S}0bBC5V>8LbB`-OL;&kf+YvBd`AzF1Qk=GSh9Y%2=xKsfEcehmnbc%E2J0h(Xs& zw$vH0$n`?H$&O&h+G*s~c2>OjNk08%Xgy3Sz0gQ%Qz`gX7zrfof0ONf*(2cqCD}Jx zDne>bbB|7w%@4qN)P2xYbVj5rtmK%gr`;pD0~&ro%HWq^cwtb01IL*r%LEx#=WJ>! zJO?~<_CE>OBKbnWDS6t9qsoCq<|T#_Ojw5kBB6Am@IUa(SpPUSyn2Ldv;mj&!^ltZ z3dU7v`rhx4AJ0oNdbU3u-Jh@b>u*AXKN5*sdmYl}Xm7Ub{8@N_gp-O#%65a)N=VTL zEtct25rUyl0?PY2q%5wVe|v_~?E9s4ysQI^<>;wOxt9-u7x4HXO3cLPmlxqKf!q&x zZO%jG9G||A_kRXs!YQK!+rVHC`-DXk#sDO>H%_w=QnFp#$=^7t5#3sAB$lHmYw&V2 zOALdnp%ntHJNUMByi^+g(Egmqq~)_tFpEm)TVx^}@S|*2ROPl8CWlE_*++p)8}9m! z-11GG@0jV)Bg!m&kP<~wP^6s4;pQse0;8=hw&DR+ln;cF8$(bo*YS~Wsn?X#@gc$e z_UFfGv_u&NG&PowAOn}cV<_u30d^Pzm_{FAiA_~7IKXL$sjtHVIJ>u?LqYi~k%4da z=;66Y!|S-i~K5?e*Xi_7ugWjk?PRIuR-$&e?l#Y)NKMS>Ew@SwBai-7UXhMUqsmN=z>B- zC;I8YMuH|sypOW~UPoUAEGghtiK!PT!>(5!=!~b%q)d8L7_Bmh_~mLBEIkXw)swPo zpr(tCxPi=~oodzQzUMnY@5_yVdi+ls9_r0AS0hp@PuWE?vhHcpZ?0JC^p8Dk6cVu` z4jUNmGtxVNeYCOIuaX4Rwh#wyJT4vIw|M>e9LDTeaPKcgq^T)~`0^?Ey~gV9z#WCy zw!AX;Kh!mNAz>+BTaFldUo?l&j59hde>hB|Oe4((ajy!4Ep`bm+Y%^(d}X-c-0NEz5xK(ssA|SaOeiez!JPjj4 z==rat+pe~-t&>FF1dNnIcFqdW<{r-j9T^MHBk8s`ct_ebB0pGrj3x5HQuDq#^dZiU zG?_8_VoT+jGliwN|nSoPiFKkpH^OH41a`Pr{`C@n)44=l3Hj z9ai^Mnx&unnNhVjznNR0439VE*Qa4}ml0#xqO)jlNY47C$m40YDU>7ml>DX2-cik>p3of742D?JBn^-iFz85*1-C}Bx5 zX2xGu%h{Bv-M9<*1hmcnFg5)TyfknM;(wx(Fnb$xfONdX^cDR7SW!ahh6E&gwp7oO zd(~`qnMQ??L``R)n&_xi4qWs3$rBC#R{Nx8jX?y-5&tRa_SckCt!RueBHKg{iXWa+ zg);yXEo*dXd~_qOy};6E-l#%u<_N;uOnojH#^qA=O(dxxT?&DekJQSZDO@rsER8=} zg#4hOY7HQNL+ijSPIHN z${YMktF-h*xPxa?A;+gQ%m4Ly@Fgvml`^(D>aJ|Uwmt?}v+r%Q%`%Bj?Wmb!syO%` z`^ST*%LX%C_}$N;9){`?$V!w6DNJV?3{~j`f9s>>363FdW;9H?ioXs^M?p5+D2(QZD{GkQkQ5&r{elHrJTvVcy@OfI=>hvnYDKYfgTum_> z?y@86n6hoB*}=Z655UcPJJh)u(oq9+O`IgLY!&cc2 zPbUC{cY|D>I89+}x3X?Mwnl~2i(4msC_>T;>>N;L92{OJ_Z&&QWoJR{Ap@yDOxGSy zRK#yJX;2w@mL0X`D^lwh)se&LvM8_~ED`xy(PW@Ay8*QO`;tt;&pABlsVg`-P}hqk z>tuO8cnG|!cf5WKqk(xOhGePOB}vraVP&k>q;RW+<`OL;Ap>w`0>w{~=WS@6~u zh{s#f(bc&qbzdQ9{uN1fIn(fZG5>X8sXtUsj-mM#Qy@%OcHQ7J({JEdW#1jb7Cpz% zs?E^%Sr`epqqplKg8=_=rH((T!)i%)uzuUH*ZezcYWW9(|Hb&vA1o-`RcZED+N~C7 z*`J`zy6ktPmOmh$En%o=vFah`wO!^`$HTL!ehF`<+?)aL*nVnxb7y5}HIZ_Bfq}=i z=RlXI8PE%|!l?XC0|g^g1wBAAT_oEofZN?7&&PDYuw$=uCcg>DXC&6bVq3nDQX&HT z9k^}m8-cFmXSJms#gL^=qnLab8#qTny;DAtzthGA2g+VJje@2P5PXo;LTD67GqH7M z7L^*cr>9SI1v6!8g}Wfy&xz6N>KD%;q(s8KxQKy_uN!$==_xy0du^+?bEx zSXUauF#$aB$l6Gu2}Niq+me7#DFqk}F6ulRl?vI%F@=2>XQhM0;v4%y37bDp} z-eD!}$UJ_%1_JFfr6JB87}wZiTdKCS7j)I{9of$4DKUmh7$s@r=Ey1;_IpeI+ zI`rwOk}1;APFw6~I^H&%@_f*DMNXQ0qx=@s!ap{#FpE4_nY>`X8|zkrOPyjujq*An1}oyPGev8kjXG9wbLDw;RkDJ9DL5vLQz1A1 zt@s+Pnsuf!CJJibsSY9^n8?DvHdTSBc2)7MYgcwvk@4vzJ``qD03IB~|Cj$tIrsyJ zNK4`CO)Inm05%79AOWskZTz~e7L3Fc>^E0isbBbHnSH~ta2$Ge_5k-ucdfd*g7@`e zj4CFYq)sm}<0FWSA58*ofGO$^`F|dQBwh7f{k5}*L^YjZ_{t3RIJ}6V$jjsvw1srrP!zSuZ zBXf{Bu6t3&BMlk6hn865QTt#Pf4l&f5KE~vc72Bp$6B>Mhec=+C}KiZqo8#o70qv} zSmaUXu#Ffp-{N&b8?dgrGy@+Qtv8fPonz&dXXt~18C6;{0dfQ*e)E9nv~aQBI0)Hy z{G4OkmPXg==k34(a0H-bE0*omSxAgJYejd3dh<}`L=Zq<&db+!JsHhuWD$y;3wf90 zL@*9<&N=P7+U-V~x<=fpSSvUXtgR6|A8RT{e#SO2ej&RyAgfz0edTf52LJr2I zq%8`F?bvPNa5G6(%r8*U$*PPdE@l+nfTkF&pRAqjz?XDHdEfBKmi+nZ`MyDI`z-l1 z`JP#t=(+0kj9Z{ApjKY^vXNFR>kZe2Y%{of*um&jJQR-w@d7Uplu_xa5b6Z+GBps2 zEmH0cVhq!yn3RVnL(#(aK53yMQcGL|E+6yFyW9+~< z`FkPI2&9a2AdhbH_dSD~AZ&b+{RgGXES}K+(!S$a%VwJn*8aqy#+wnnc+ox{CE3sq z$-njzn&14YkxgOR&`4UqDzFMGU@FELx4+2@(rX>UZ>%2TAhq-34|Nt zGS5i9M} z%KDJB4cSnj_rV0&9o#eEZ)ZxAZINT(;k-rbVa9LPeopnZaj!rWfZL@LQAzC+^RO;2ua5S zlKQ$)Z&~SK*hC!WGoBv{Fbv)^`V|D;h|TjlGTyF4Z_SzWU2`#H_&3J05U#p!uRcu@ z#WdN}s+itA^|xM0G42Kc9s_v%Lc1>%Ki`iIu*e=eHIp9;Gi-{BUOo2LGF&IQ5DjJW zew`aLJJJ+g*ow4mTet&;J8i-l#p1drlN*&LfZ=IP>DPbjc;-(sk5w%jYp+gtse;E^ zGx8G@ZOs=d8lT|>EpgFXdlbZU+O0|LMXe3<+qXiju68=X)O`k)<=2$t!OHB#+>ZEV zgYg~#7+d3)hW=tkqHcu2Uw@xPOEB;WNs~|6j>Tt@Mq*RCP@^jUH>^{?NZ;BsO)gYN0J^X6)nzN^T9Yn}dk zd`VdCNEp=iPr1OW%TRM5ED&5Fu^_PP1x554A?!9ARA`J~^(+YeQWwm1%XL0SVhnNh zcLt^d+4fKyt|f;5X!7ChGlI7MoE6*wmiFAXf-Lz4UE{ zLC6k#UyE@7CA#!#HDQGy*(}7XhZ#`F-uCKTWp+Gc6muPWH^{ek*1loixoT_%v`K%X>B#2UZcTmz{E~7& z7+>2lJ{>*`^QH9vtL=}on!7Jk5+xdjm1?YNhEH@a|A%26V)#cF6wth5NJ0V9Zj9Z4 z^9*p95w_4(kevFq-sEPA!+LuVSW3xxbW?tBtO84cvv-Gqo2?Bv3^wAIK8rI5tBMR%r8Z+Px|3)e- z9{XqlIHzQnVGA{+cAi=bEw8?5%^EeME(O$*#_@N0$DDKa(L|$ZXjC;GgNfo#ccI>~ zZx-~o!Maj*%Xs%xSUbt!CKd~lV2EX#S zCc*6VxUk`Q!v?jnLI}zx=wK8m7DIXy#9A9Z#bEN}a39(^R4M&j-4z)ANUr@(-z+|K zgbL2KqJL+~L37&$wkI^|;&!~<$m!#G|5o`l07y#5TU24ODJCmCUH%nc4ERYR< zf4^~yYrfg@PQz3#Kp|C3>?Vb;2Oi;>kALb zg-|$!S`{g%pObCR>sb_BIu?1-bP&BzUCZ!`hr`IWKcY+a+9xz7JHAJ^7OjBS<9pk@ z2>_aqnN89jA!|aw^1x(`i|K>PBz1z$nME2M(B^GBN;ZOve>-MiD1P)Rag~B-qj)P+ z=rl)>RZNg~cjec&o|EAvK>+FE^ir@pwEE|}F;p=~UavIe+x_T{*RC}n(#3Z2v zTWVf89F@&N4p5Px)cEp8BO>kK~0PtYHywx)$Ht6qx3tg zgqG<{wkja_ZK@j4%*|=2P;<`*Ei}|iaFmg(M~Ri6Nh!Z2Ut6lBo4Pu=f1j3FI?mG>W_1Y3&A*=cN`K zCuA;>Z8sT6)M?8h6aIlIBRO|)3ehCXQZ#}E)>rMHhi%6%R6sEpj9Q-tg{}=NYspiP z&zt%6F_gd9&!<}@Jud>$w*z~L0yxQ7=wxC-Hc?ll6^=J-4?pJ_qb-nGtSodHHG1u< z4LcU619k_{JT_K^n+qRFZCi40oVhtcmMDO!Gl$u-Ycq9`pfb5TQ8W57ygf){$ao4H zLLuKtO+AnCU19l<#N00&7hLBP=NG7x$~3)s9%6-$8(m>_Q>-+x)HI=*lioBjj5ML{ z_c`ch%#cimSaHYwMSDtrT--C`-mnXU*MJBTfY(8qtHeD=X8}1!&oGfz6IZLf@}krU zOx$=NpKwXX|n12V!3@k}8`2v(v#E_fmZXII|X)bPE zHOf_XY-t1?hZqF1j*LQL*x20)_7~~>OW5GX3v7O{*rf12OIImJHa}~iy}_TGolv0< zle);GnC<^(R3KNVHTU3qC{J%wiwE|_gR)`0IrtP9!-H@NQvpVIO)8 z$5wd399Q54wX!Cs)#FzVt&8-V$k#H9W{^H4Qn{T-$X$^1gfm=U=P7wwSr4h-#G5yD}Z#2?UK^Sh*@~~XQFT`IMpspKN<}@CS)PvT%rtP4jKsz)lB)o zbsD|fCL^Z~xlk)j?uV>44}2sDjGws*+QYxs%=hOlg{2f(McYWnigQuk0RQ5r`!oUo+ zKqMFO>`Ut)QV@JwSeK}I0$=A+loH9YXMcXPOc(MRM2yJYTZDOrgu`?94a7rxW%=Kr zHM!ZJ%Fda+jguGze^~M(bmT3K)`~aFrx^>-Ii}o2J1lA=f&oT&fPm*1^7C2>Ua`8` z8~k(GR_8xvoWkca zVc&qYx!|xDr1bxS0z%IPp2Cn=tC$rt-rnn%9vzyNfPwhCB2BQ`v!7-S2G8HQDrToi z*Mlm@u_CgbNc!sF+vMV46mJ$=*nL^U8wee*%%^{nJ1d(Z=eebq(@nvFL91+CNXL6p z8<_e)q)TgZ65N6%2;z_|O(0v~0=LH3M~!K46lh%+NcJlUG`Jr%Qz1-@ukIG#hO-Y@ zt`)c(cIaTL{~!)*nse~-_V(zd#D7cjs@|P2;7Qy(b!NsaB%5-#gVM4TcNo^l}|oUf~)HokDPqvHTRh9c5YcYGmA(3DV!FHBN2> z(Z}%drg#}XDJq#z^`}J^De=HiNG%c%ur)34SC&a>fdja)A75Q1wK!R~Vr!ip4jpp{ zyU+MjI4*1}`q(+N-5&00#ZwH>7L`bB*U35#0KNI1i-Cc{`vQnYo+8HswAx8kf#3iy zNmk09M+WU$jE7@=W~W?2c8)MJB~fl;98@bY5{kXx+1kCG3_tSX3$UWu{ zNi&e7b$4G-xY0K1Ri&T7$SR0R``+8gGQ@!2uEBQcxN4dLOX})Qn6V?047VlrLgi}i z`fUXQbqQKL&=v;3=;OEBMBTpls#F~pK<_oD0!;QNYx75T4V=WV4ma#QMwo%jwI?H( zTw)7n)8{Ht^eW+f(iNeIcY06AC8y(UpdK3f6cu9FDS_oM&&?q!wS1IyLLIm8B1Olh zFzUUwSOiXz61@G8rP*ZySj%s%@EZg=HRbcukFbblpys62T`TnJwtn5nba}}hZMpDt z(~rBmmkO3^wVeP%t<9=315uMAfxDyIVesG2^p7J|*n`^^$p-QBk^y@~4a=iM53s^I zSe@RC5md(w0ap@L_o2a@7WY_i#NFo&(e(P->vKu2MWxYrh&3Xk1QMlWbIufmeN~wx zBro7yeXtiWJT!+*gf^-wX*w^R-3IO8f#QV(Q3d$@@FH@|YT(9|O|#9kKlr#pt-LDM zn8eYNovU8L9i`KK&;i*}o>kE0YeQE#Ai(py+uH8rQdwpmkF};Eg5bY2UUfK8(t?d? zcP4m@5zjslH6%anLQH=9v2@~Z;m98v1kBLLI3i_7EjHy$EdDlDtFT{|1`uqTosg(6 zR3BAS8_tv!(tgj~9ju(ID=$)4h{C{V-;Y94SuJ3r8@R%?MQ)~6W)O|=%!u@5BW2M_ zK5jETid|wF6YP3%O*zW^UioS0i8m`$R41(CP#?_}jL!SfPO+gY5vCqz-s?dQWqR?2 zRk@nB5&RuBIVUXTujVnzPTkc&+){QRmP$ovvOlE(Q0ao~65gC}T}n9hloHtI##{!Y zPC><>z_X)ThX*#xLIK3WJ0Z$Yptz1d|@Wv<>PTK>p|OSV{o3$K~atNlx=*&Xf*)^%L~fovtUswn2@ z?5crOw8qsKz#GZ2U0lc#@xX3ZzKaF=Ufbz+bL19Wls|^^>!>+H9@%6T`Qh=f`PpQS zCJMivc~HrnS2#LMA|m19V(@S%ah|Z^VCYU@?XK(ixRT+5hY(X$01g2#vbgT}`Jl)I zip>=S%q1i_v(~S0W~X-xjR|=8vin}xn)awdK0f>`;jkY&5+Dtlcjk4la!lmZ4G2v@ z3cK83wWK_meiA~hPkF&;0Q{TIR!fNBl?a`}z912#xPPr0TD#y(eba><{!Gl_r^w7d zkvCOqgCQ3uat&RI0Qod#Ak5alm#tg}g`@+d{*kJl zCa&3Wwx8DrzpbzLqD_j1qeKg@X>&=!>i;;CAQ&^{|Lkj~QZ0Z1^;NO&w4*4gC_g zrud8G!lG(DGL|b8c*t#DO-blx2a0N>2VhMjG3?4IlJGFW?`$p5y^PaF1F$g`B-bNu z04Pb~9#GK_H79O70h}mc5pdzj=u-Mu8PV3==(ugST0)I;Wr5-=(6E(qLh()$mr!wY zGs&p!6$itfo7%p`6_dMp5n1$8E?z7Y11@&F$=yNKb-FV~r1UrFUjocl%L5b5;)_1$ z5V~aDviDe|U>G!n>{k%abVrn!&jM0g?+b43BUKv$8%I!t_@fll&s&1>D3>9Lf1c^& zBbe;XtLav)XDKP*s+H;lB@zS1z0YZ<_p2k9t~!rryZ1I34B~gQQIBwV#e^MueV~l} ztPM+$2fzKsqPQh@^m6=?gh83=W5+rTnc(Wnkt}-POQP;$|=mfZbPXDPw6G1j~bS8U08w-id-opZ9M+2gHQ2a^Lv%iAIi-`$y1 z8$;rXN{HKx$!V+L|4qi3&?{72?TczbKfKJUQv{MU)TkYswv5l497u#AC#-K|3r=RhPb1AJvohqh{U-`5#N z<`gzcpR9^OMLFsJysHz!uBTohp~1D7tT+nI|nKCKc4AUC$RePFqtC?V_0!nbrOb zFGG}e@L*=5R%f_sVrf8xAsPJD)G@|Tpw3x!V=~*V)m5?6WXHT~rvRuA2(-85AjglB z!R$?&)N7w-{kC`;KVwT_;0hsmjFfTHA(yj?*$}%y)+8H{as)ZA*lEn!fR)8zB5vjx zTopdC54nPQDPzIHQ3#shGN>LAa(QMk20_>B?^SHz>M2f^L3Bn-dG2O;p1g`d`BtxL%`n z&#Qt(>d-&su`e*<~CV+nrRJLMnfKLxYS`DPUoOpOaZx)~7IUVLs?94=x?J_`Rb zDi?{LAtbV(jDg@IGgV{+x4j{LyJbt3kceUniWTM; zwavZ1cq^kc1~n7hne8#&`cEqV84Hz4WQihW`Ku8`oNsy)-LWM(j=MXzE?EiqbnASK zs7tq+6lp@K3Fv~{r&fKU;l=AOi>2xOdZJwOiP8Y>|HzOaos6LE8C!HoAB{T;KI~5r z-L)I4N6-4{{Rfl7RZ9W1bN?aug1^`qVd)iw280oAQmA}|ZeFmkVthPRW96?~U5!NNBR92?VCadh z&Se<-qG3TD=xP&uOn*v&;?yAJx@qd1rZmy%f#U{LEY4Q8Gz&>U4|6bz9km6y1IMIx zczGq;{~iG&D*&-&gH{fgn_o49RM<7UEd0_eOeKku6_)QT;W$ zr`-w`vazwnb%<|dY-CzG@;h#3+s~>a>tfG$Eb8@*b`jUap|f>8(KKmU+8{#!mnMO- zE6uAiL7p*COS70h7++H%8^U(K$18gxQhjcwr_AUlXyCO-(cI>T&{P)?7PX5oYX5{O z!^lQkLGogV(z5T&F)k{&_m`#~fuT*%sozpaL31}jSz{VhD6AwpJ3Sqw@&0B|Zd`4* z8tf4LEjlsuC#uh-R7vnycwu>lW8WLo^|-7<5^gkzfuo-H$EahO>m-g@TK3L!A#9^i z_OY2tcmr=P8wrXiQ(hx?pY;SJ&-%uO2IKmM&!1=KFUt-njSK44azyTcd0K%I2cS57 z>ybeYz_gqYTFGNSP{uNJH**#>Jh59ZJs; zhB^!d>hHjyv2ryb!oz~{^kl>nhE01rR)D+s)D?Lj*DmF;h`Zr7hByna6oHPy3BW0EhhpQzLIOYgSI$GWXD|0R#Ww*CI+g& zY7Kxx#6>ZN5)PKb$hZ!M(KoA9`1v9y ztyWzUDT^MWp5JMThAa#)WsH$|kx7Qh{`r%4V7mEQ9Wt5b##kTw0;74x3JABMCXKws zhChp1H?f7fJ4f3FU1(g1=ai8q#R_&th=M!PSxR4JsZct)D2%ez7`074yD+p`?brNm zfmNx#SBUxC(dY>xjT^AILQ@acU(S8Z)SLl6Gyp*2Z3%4TP9LLeD-n3|W^zHX2^g^` z?(RBeX!U1QpO8Tjl83w9a>Cm9#FUTWn;O;e3Z+V?Ly{J?d@4v^-1GPlMz>p~F3?=( ziQ1v!g!IS#A>}voSl+%IVtMENmR2-cR-BRBc#MSZFi>|hY)>IUF>U~xfB*PAI)U)x z-V8r=F1w6F=9DS|^U?B%*<7UQ<7O+l>rhl6GL@pfmods@Bxk_h82)k4hiy}3^E!#c zAiGtARdW@2kX}9wsw{;o&IUt}e_XUs880cgJ}TZ4ojwK|DrN(U2{RT0{n=c5f`RTW}HzwuAQvX5Ay;wY6;ZO_1{Mz=lZ0t&+Rre%g_;Z z>#Yo@hF(>b+}45@ngCIFcZyf3KzrCMrcoKco*;3?O7;uN_*{@-nM1~DpFWjKRC^y) zfS!vxECPK!pFq`f^*r>Fk^+Qc2&Pm0=a-b`h*!-vF9EQ*5+V>o5v{cQkVe>e%vtf^Uzg4z*ijcaS$eD?q)g=+v-I9D)XZeZp)MZ-Pbz>1 z-LuDU|B@wVL}&yup+Jhft($&x-M0_7u4e%96aNPrHmbv2o@mL?tOz2uY4(9FuPr7P zlSlCcb%sBuigwHa1O`6}3cmy9>H=o3VaMg6vQw$`K;UiDmy1SZQD!WfmO#^>E1oXu zqayOcqdT?2jW|A}R2={2c8p4D?Xy)&T=1foYvO7-ath0S6(;cSzgzS-iMf!y`M(;B zzci_{rI;_!kRLfIARN+KWid%oj}!MVsRo@;Ugqf`55KiYgE5pq1cURJlthZ)VSLFX zugsGgVK%d*-I4oU1kWeD77;H`dy}z)uP&Xx`g#=huExVAA3o68nk8REAk$VDfrMht z=hJ@qm;49d@AX_|&eR~Tw)oI({Agg+=zwL`$lzqr=Zv|rZfIC#Q~!Wrj?`XJz$6Yf z7Q_+n!&BY%MRVT&n{HlIKGh zOMVrz&XOiCxI(7#bPrl1ADX+}h~!ZG2bVB}70|Lp>t*Vi%efIzdhBTFs-z;~;iF=r zWw8IGT9=*ZC7+Js*&IZQhbc6~^4Q6Ilz0k5hw`sb9$VXVTX{jUr@u;k*yiAeY3gu( z+wS?_AxZ@&ud(%=Q;@Mys$qG?F5{P^lyld>Rco|UF;jdV--yfSsHP_=&Xm$JPeA67 zgtIW@sQPy6C>YNwo|QGnR_vjbvvPCMe2*jZesMj?xl|zQo)n- zs`ZFvy?$54t=EK}^^lgo&F?2!=XczY^X1q$koo5nOd2ykx9cU8GIjL^jshqj{ZR@# ziN4b=#(c2~-#u&)2R_qd$Hnjfcfv{DErO zJwD(XO9O2_yw^SAlNms=;7pV3&Az|yY0^wLt{Ih?^wf$tc^@VT=cEQPT})!UfXphe zn$0PB-eUObMuCc3Ys%$a?jejiv9&>Srd?_(K2TS6psl4gLI_<7mQ-m|Gvf4NCDK&W zFShFsq&wa0Q^8b>d?_r{ z999ZtZ|m-8?btRy4C-l`d{4%Hu5{#S=O7=Jut2F= zT&>p|Zj^4_5)9<0{&x1p*bpEj&g`9jh#vccF8e|W6In20=NSCypNVJd<9!ATpY1SI zhUkac+pLruFJ3vR)Y=TtTL&}Q3bHU0m&M+X*;pZX-@d-B{O_1-Y>mKsX(H=#!-tNq z5naXX8OP>lzg6zLKzf8(tQ|X4>Wux=z&5on0RDSMb=^SHrFG_~BOmR0aVqb*YGh$ud`i5*qw2E;<7;yL zB<|{T=ZH{v8;VJ<&`<$#PrwCPeEZtw(Vw-h`LJU` zE+0D=Zyc$HAMwT-zo# zu*4BJW9#Pkx8uX&mb9DR%x3{B*0)ZRqZwV`1{CGz#p(0e3_LZ6B%GWn$Au2rdyr39 z_n}s((swuI&YY3Gh--t;hm^ZASrV7q#wYbN4gWmhBI1K|Uk0)PA<1UC%ZR$HZj<9pSc+WVwZG|BHi)H7o&>y!D;r?Wb;%S95f_;D4d5DH+lU(7hAa`Gc;ut)V zRm*`vY~u%{@A%WPODXuhE4)4j)aRfp&7N$l`-zJV3{#9?)c#|}X7MeYEMd&nfkQRY zI~gE{?tb;3y?2>V=*85=6(=1?qWeC-pBAi|rW+P+JHIkAwH~)zP(Qm&tt)2_jEifx zC+{k;auEs$1SIiz;gSJO9dy0v;!e>3%)&lcFgVVOr{P_kY3YTpcI|T@ufIl~^6yp` zK~>-&4=q=jb=(L)7Hvc>yVg$0^G8y3E+YFo7F-8gkYv}HPM(i`)I+OfUR{v=Z4&|^ihhqG)G9$hhYE7@P z4Zu=WA3?N)tf}K{KDW%pa-P}WjE9m6i7uvLK9ulSxH?w@t%!rG$i?6+oPH8?WRC_A z+q53t%N~(~@A$y)kR#IAiYdr_=O83_jOHGdt5qshu@@0JB<-csO1Rh_m4gR+l8M&- z%#|LuGd*(DfPGes_Fr9aX{+h5|2vtgU2HgtjJ27>21y)tzO@;Nw+JR8$a7+hxw_Vd z762)C5Nh@~%b?&h5n`G;Xa>7y^Gyq2D3cMI%?u9&;DIjO3WEpA$0>agYAnbS_Yc59 z^`Y>JuCPv!VP8X%k)U|(cj6%f$9K{$;gk#Y1dy8bRi4qTRpq@1)a%Zn0vE`f`Z|b` zHiB@jam9@$%5Ey`$bwV(9g%r+I=jGfhhp=>*Nd$u(yToFSo6^G={!T$7-r< zZ*Z3Uxx7+(r&72wA+Tj$4V!agtXyN8%P_ikx(ptO|w)giM+K{E` z7FF+5f|=V%qDih1e!Ot@zkE*SibWhrb4*6&Br@(1zb8Q*ePdxK8Wmmq*0*;6vLXCJ<)xdq9fV_~1S4|g?zuKpw+ z$cc3gYdxe6ZGeLwwoP1JJN#yf6~MkD!k|^+0RGK%#yfgyRfZa4^PmpRZVMZ19KqUV z^y`D0*+6E`oR>!Qq-eA{7N})#6U4`7)Q|R{U5wda#tL&@uO4mWipgyk|2dA5fJ4rD z#?n`pZBh5_XexHjm(KPC+!%l1rq}hS2ODbE`>cojBhN#MIh*vT$pfWM3r)!+quOkgsIV7&4}iybNz3)%|W%Bjw0taOE3H+SW^+BYTbCoD5QGI8Dq0F}RiRIU_ktribaMr)4UOusZ9Q1GZge$;U}?3H z{GxlrBKs-4_Q3r(RUn&3jm}^ zMPh^@4{0QRRuaxp=HtFn+~cD9b+OtgMJ%KFW6bZkdI7&(?C2^%;a5h72NtxFRHWmrpZ zj;imfrdI6qHt>u#6)@@yR`Il#Y@Tb55fdQ&Fqms}4%J=A>6hFapL{rXT;4jN|J+&) zp{SR9Q8-^+F|r6}P*>^ol#Ier)w=9w+%05-SK5dT&R2=aP^fwlJ^r-xO}u|ls;HLr zEKWA&5>>IFq{mOF3{y)X*}P_yc@?m!h&8x(Xo6kijTWm)JH()tS}FU5gt<1x6&52c zpd^DRWcQSe0Zk~FmV{`;TidtOGf7?)8&GcfZ)T`fgQ=s@8Lgw}gF6DotmcRdqrScK znXC265D>mAN_0!7B4lt%%;WGF-do6Q#bljjq~mP%dD3bxTT_?5iZDo_c)rI-RqpVI zuN}_@Ywckxx&HnQ{<3TYe%I-UvRJx*tmKAfL-7nrDu{5$1m6ue1^N*nW#{Q~&>3O~ z$U`Nm;qi7G(17bxN0#f;{&>SzN0{joS!=LGVGf-`lgV`|*=*|}+_T|t3=$D>k|EMH zglCxQ5YWbH&v5m@&8w?~mOLOP+-=A4Yfg91q9t*0J4VW3WZ5C5-q8J|i6MvH-LHRfrt4@9E&d($6-90J(q|brx6)~g>o{dQT*cK;F71Cb0Mgo$JLoC z=ubp)A5JbY+n_{GlSHTK@40zzeRWQXC&?WC@+*4zI@)jbDC^1Xq=kL``Kv2EM7wXwCq z#>s4K+qP|NtcmSxY+EIfUBP(|z6cYr&|!CB z(JSQdRvP)~5^RzRS*K$x1Y9x41PP?M<1)+dxy#X>vp*|C%d~{lcn}VmQ-f zJKYNzf5v<*XKKzLhQP2XPBd^?&wsii*ImpQeg{rjzH+LlOc~g8FFii`rZJPndBvBu z-`&!;kbjs*zN56Nhvtu2)@(VITn~cM8(y8hwnGGK8a+_rG{UpI(myq;IqL}@{0u`S zA2}8DdDJ(!KG;M9{(xQ3>|D{zUxA<3?QCNd?>($MW!zk6MEYLi>D=4Q!qllE;;nWl;ekxn>84IbW#8()$Js(9DZUx$6+Z!_Rw!7%M5EW z_x88#{vsp`eX#mBd>5>QagM+?HV-S%+<}~y#gr(_z}2j( zgK=Sa|GS2`cb2LATj2L(R0!NGGY+yAIstcfil6KPUK69R@C@rYtczK&m_gDVX~rLK zHAK^?Z?z-ic;D#p#z5dDW(mmoI4H&~-R+fu`kiWM;p-T4T^*!p*V9!CT*$qwJ#S|L$%icNBhj+{M53dG$pNy>Ezf4Ee0keQ@{gOlT9%-T+xo)h zoxcRX)#0n2k_*?)dxo5;ySV$vnrO;mhHv%+on;)nHzNheAOKmeLvQV#3=KPs%u-2U z+NktsUxw1p7(gxKXLaH=ub>xl*{TP5i}g(BtX-l(k6(K1OjQkc79H74WZMt&X;7=t z_JW?jF;zvCTALVQz@%2WDZ6IQ%il^W9jF+cQ+<0F=sFJM^)g2u)j0R&_+vv455y?Y zjs7?i*uv~xbh|1s(CMF1hB(D->R{R(rD$I<-=&zZiMuQ_rG6H2ZWr2k+}}8VB>Ztq zijc}#&DhZyi7DXU!%Zh>W)lUzygj4gVHg}`ruAWc*a6$UCZE{CaN(IGVB)-IKGr{~ zE_f#Gw!)9xXm2BW2(O~7-c%~DyZx4X=|0M&>jQQFP31P;?ClVTb^%VQkW5-bdQe79 zj>xPb3W8I_=0#eg$S}d8t?DO;6=acClPr5?ey!T)PBS`fadM@#^Hq#cpcw3|z+(GR zVmOu_eZ>kJDy^iD0BaqdwKK=~z?rT1JzQgJrHnvDBGtb3*diTof;V%XS^Zu(c{$Ar z4*e4u>a$Kk#>l=)l5c_ZeBi+`1m|dy>uV{mzG}7=&h583vDgcg&t_>Qs`R){9iSHM zrt>QYwHS>u|3Kyhj~ign+2=c+s;+U1R9*hQe_PiN-YJ(;_MEWBEixS?`b-bar?Q>S z#m*vevhZ_dyKvW}lFA7xHK*RRi+YoSx!(wECNHD@NuHZJd=T%P3z=yPwKiB9?^=g_ z?ekksIsN0}0?L(o*WXh?GjkuAT$3%4LORuChh*m{11n2qA{Q{q55jL29HVQ-koz?b z-@!G!3Y*Z&Ht)L@9XkWSqniqC*d_|)tQibnEr0X4L@v12rHnG{TfJk{Sf7^EpSB@o zT7GtQP5CA_^3TB9{<-AI;mo*8uH0h#^mooojo-V1rqdgoZ4pbtU{N6@NHdU0rTQv!H$%YdJ~CoY$ZD$83><& z8V>zN&s(&ip;Vi>;2v_D`$Qfv$Xj>#(Erb=oeAR10P2bDABFAj;(u;#*G>sPe?oVa z)8X4x(AT_ zqbi)BanpBR#k{=ma6Nn#ak?*Be%AL_G&hP0jcocXX|0qS`x$+|e^{L*&#At+$kKow zuZlNlU5gejUvckJHe_TrBG*tf_6Qd*C*mjHwXNv(t2Cb`DYB2rA4t>#kq3FDb~>YO zn;eDIuRHU9;L?d{JNFFP7jv+3-_=(+h@*h16Dz(AlpBsNWJtFdtkI3b9o7E)3S=c( zk4qdEt6b5ridh+&kt;!^*#bnYc+r==nklq0u_kLHr=k^_mhVl#M10blTXHQPZdR4K zXt7$0US=sHb|%y!v*UBgQR!c#2jaA`U{hAjHj!RglTX+a%JLqbH2`Ki=PXv!&mK!t z(g-bHd>3#{liO5>bfjQI2oi^225q1yuUmH0$Rq6xV9QMHB`l- z63^=Pgy_Muo%fvM%T!HD=e`{tL7Zgqv{hfaF>V9iAX{z^(GH(ki^WGjpN7Rag7m(l zH(IGS0^FqBFv29pD@+*Db0(GU_-*{QUY0mFRL>()Lt&YP`^{ZaAGt3=(H6mE%(p?& zxT#nC`H5d=Y0{yME3T%bN5dm2vPtCPgb8WmG_=`?jPY}zfdK;ZMsTt;r$joWKl{zS zmQ3!DrdaDB9d?a_jA{xrU&8!oWS0{tLURvhAotrE=V84@%ixg*QNHO| zCPAHJQ|T;1%{)MTd;tHfS-`o!;9=NHUmYNVWh5+GL4=KbE63KUC0$)2j%wy{KdC$g zc#<~nE<$cShDqSdc5Jl|%$8G8{6M}lf>DAM&&G?B65T7xz*<-(3(Z@hdESQ9%}Hjq z=`AXcbE|M2V8HY=3ebQXfj{(=A;4zkMzf-ZJDt19k`o)Q98r2rrJ$hlaXsm}usjvg z__U+Kp#ZQQBo^m&d~O~JQ5e=tZ2krT9bizrC(c`Ie3#2z=T?FigycFihcLl^=dGEk zxeT>Rcar02MU+7Ul?(eJB^cZoy-}UpW{BKp??jVFkg0($JQm~8C7SxzoW>66?^1%J|Jmd3PGGT=d`0-Hg3DzS!Uyr_Eys{b5 zwWy3VTdELUEXSWvKfQ?74jG{wgLmJm98)n|IvnMx_lf;q<5YK{beMZ8(o^rSn!khq z+7X>unl86*d(QqZ8O&POn*b9aasKi-Jd8#ng;^1eN3+sJVck-VYWVUH&q^(gAd6$m z`%IcQON{AU`iW{y<(8aQrWjThPG56mG)!Y%K_Qd^A+nf1h$5Rp{_Q#N(3)fn)^`q8 zWql(Vbmn8bxXZ!5d`sMG%{RF;{s65JI5fCCnLAf=Hleb7@#-!Y$DlWr{8)vk9`@)x z=ysJ0WX(9VR{Z&AEbPw!!UvHPWo^rpgGCY+%u?0u?}Wf#MWC;RBfeybUPC79;qy@X z2(YCf46f?8r9b)l9^kQ8O?_T9ZdvD89Xn|kGvs|8R&`fPey?Y5>A70Cd1$S>)(T&W z$!Gu7!G&&#C5s)XXy!03+Y)ZB{(JSLogMsT> zo@BdMQHFoS%I2lg9lwy;Ydl4?HPaTT1%|QR+lw)ze8=5*b}EpMEle^46yhk_Y=zD9)A`Y-bhfnKh#2Sq^j)&V+*I4SkTH}{>J7u3Yb+RH@|=J2FoK` z;zljf=MMDxONr7-PoEUw-KP<>s&zz=d!OfM)uNJE^?vdk3w;oYdg~##80^LbfsvHi z*f;6s$yjO(pB;-q>t(&VOU0JOlY6zI++G^!1o>KyB>y&yheGPp0CuxclRD@H4))qG z&Kju%I`1Y9AGPu+nV>3^_z8cHwx5`pu^E=N<&wjhIYNMB1 zfK{1r<612%ODYYcN;cp73IsLGz$&TASXxSa9Q^f>U#7Cy4xKz@D6$Lxv=(uU^z97O z+9#5k3g_ajj2Ekvw7lltZCuv(FzAzf)(vU$Gj#IP3ZY*T_~~(b?zZ)Qy(V~m@afI@ z^@_f3+W(waY%p*Ei|s%FK*f%G5h2}*m@bUX`hWgkD0Wh}0=V%%>Pvt0WLgujGX~rNDzjA6snBYyF89_S z%MnL=ai#Fo!aEwJj!KQJ|KL`E6IA8ruaa1zmaUizMh(Hi4HwFlHj_<5Jzs}M>$aVsqa-8z$fqpBYaAJJc$B1k7Z5EjU80OwMmgmX;CubttU zLFGoYuT^}t!v7=G1+6uD!2?M0R2&unMLy0s9#L&C;kilN;D6q~O5|?sa7A(I2-wvi z?FZ9=9Wfo9rI~XfLTytc-^ahU>8^;4NX&YaGqS)<(JC3a+b=7*P$;Nmp*Y397I7H@ z2_zYV6Z#upl!7AftQpYrV=w>X`6P@yi4kbYX-)`Qhek?r&6>&^24D(OhJ3(30kvrl zlPPb_B)zO~^XJ|PMl@-F)YxIU(@e`zmzndFAE@(2%4?mu>SD*jZlQE4c62YQaU<#i zrXda4vu(GM(GsgSEO9U>20U^=EFsh9;`pnHY0&bANe*Gjk}JaI)Kh;KWW%u&Xfd9c zlS($%mbb*$b1I-WSQJ3rE#a!V+~P>S0~GJ3D!{6a-YrniRFN1`YVb zcaz=;F~55v*4LC4`gb8QQf#tF}85rD{&3sf{3;7Gvi&Fx^6>d*SM`qwo!Tgya;=%IZQTd z?mWw!_bVWc$tuKe7{Xgp7#|mXli->%hBV)x8lRt>f_Ha_R2U7<;3A5|A?E0#!!?j} zVy&R2NJul)m)F#N6VWF}*K zDA|j2set%FqSbAnZdj3(W|P0ztRDYe^_A9A<5HI}tS1&|+6y8k|Fa3BLP1_9J9(|Z zZxR~{9fQ1)J2$q{5Nx>_?5V&A3jAGk=j|L7sPq$|o6ZrZ9vEsRY%5uc;drYj1|{Xy z?)NZo9%8Zx1r`!^_}W(=To)QyKSX777pc5hYm&$=q5W^Oi$!K51}5$`2GTI8XnDBW zyt~||)v@@eH@q>`FyZ#{kC^Ft895LuvNNsI<9#(oySw{`z86}x07hR(mif6gu?32g!wwDm$4h?p{*1nBE&F)gZ*n7>>{8E9qG5m9yO8^hWNg1*uN*^5`7fqQj;j@A zREWsyf*-Qwgy0j;Poqn9T;XxHr)28M$L|u7y%%?tb^KBdCw;^n`&`q2MyL9i09lH? zALu0CBBDATmj%*m;7(`q#57n*SArp1GO7x`+Z_}Ttg%b*yIMqg+U}uC@?#E_4o7?1 z{`_hV_ZI-Y6WRH`2G;d!r2h?fWPPw(WWB_2zhpyN$e*BQi+UT&Tb&d(-twhxcBH|o#^FfNa9y*!XXw=(Em%0vh`NG?FT8~ON7 z;ix00YZ|1y^@`Zx-vBf!*HP-s%?i@y$)}AIQMUQ@;sa&K=8cqXQeAo0k?R|lL&vV- zW_8`(pC)y#<50Zd4=O*SY{G|BcPj>#`z<#tHu5~ zMRcKD#ushJa#OVHg+)5ILK&A_%R&azM2sd4DFx;q2|m7qgqo`&}_25!Ue4E3&n{Xcx~Wk9wKkB+7%CoUy8St;UN}G!aF7 z#gkvtTczLf&Y%i)C|(n9aeWBHX1(&<6;WbveS4UkR+o0ad5_1PXpAQ0Mu&vcyo)L} zeZr96!GuD%j!*-!9^fn!mlr*N%ak|L9+rmQX2+Mo8x(feUCZWb;n6ij-R3X5tq?8C zC0#0yDe9A7$D_cJ+M2)}JZ|_i^?f(4|Ext$u_u=5RjObU+gdPql{fF<3QeW^=Y)^o zq!692?F9d`)#$c_2ZHTOsD^s6`wUklxdOfDJt}z8Uh=QS6jY&v{Reix%ip59VB#G1 znCWH|&6{hw_Ct|1;e^A10PPl3W{Gb<6*}i9Smus$wUdji1#(W2KE*30(zT&S{cE&0 znRZfc7Almq62j5>T_NF-ry1gQ+2S|6dKdkLATmB9`nx{*!5bWr?pfTIv(pEcppQVu z`YXa30+4=^p6!Sbt#2`AAUF|vH{X3tDVdTM*4B0qX?(76?lCu?+h%?h5svnVw6Vgw z{CFA@B{b39kzjmUF(G>7H~~yf52psV&x|8uUn3)cAV3OB^z&(`Za#$C&)^|CMiLNi0!N84;)ux)o#CX977@!B&FL2tnC2rWNKQ~#Shv8Hl;;9r z*`&L$?$6sFP9MB)?bz+24v^bXUdA=?h++m1+NvQ!)f|Rj;`Ltq{iTTR zb(ndqbCrmmr1DEO!YJ-6O9`Mlb6!>T7~J|QzgprI*!n2Kw&WCp^5`2&apzNm^7x|^ z<)zyo)az=Zx6S6mKSV4)t%SdLlZs+#@H91Wp107=i9r*aw z^Wj0VB{>s!!&}+odIXtf5 zgVZf1YbnxVZZb`3)O4Se4bJV@R})3)h+Y$IAt{dMdEko5*W3Gj5}fq--Sk!e-QhggV|7!}&3WW&6>;!Q>k%WEs1U|e+gVX5+J{9ZK-N$99*5t&@siG@rD7-q$6o4j0eI1WpW#C5*Uw3wI= zP!?evIPBD^&zzQ_*RFOq_Fosb*+tUHK7ft0Y0sl&`gLJQJhkJ{tAmt{AcVt2>fUXm z0}U+9wf4}h=LUpl!U-UZV&c|)x&i?3LI~FW)7olIqbfD@l;+m?cU-Ji-OpT)H;Gip zJ7m#eO)Wx+<*ynxRl8*1_e|^DZ<_c0Eqkn9qhH@9B&yGZ2k` zO~Cvsr!6bvq7jFbL}M_G%~$f{9od-B7VajXqzBDHv@%UI_u(|l)L&tgSv>Iz4Ef-O zzWn1jWhVP5WhSIZWu}LixZL*xm{lt5%hz1YXC#y;H;7?;9B#VXJcxI?KISQM+4A@e z{;R)|8aL0ehGDV{$8-(f{Mm1~6-$k!hD)~!<)OC6z}LR}!eIB@EoA)xUt1TyS^!Zz z*Ez&eR>^-lX1$r^e?9_v`93Tday>aUg^}Y&I^@_7%8Ne*8RFPGLba5)&X|2WSUehh zfHOKkM!Qtm3H#U11`80oJwjo#4X>4?AXRjIigRT6ll+4|qqpkr4b~XO^W#To{cDDw z^gXoxy}auzlGBU+-l656YnTrGsdK}^wNu_hZ3K%3qar*y#eyl+1{azpvUFHivvg`< z%XlX0j7!lwz|aBQu85+(E@4WbjCK`@%^1znEac@#C8sIVC{39b?CtNsmBev~_>oD6 z8pJUfe$l%8aLQQh@|<(HV&=F+%Gp(tDx!RY-YbIq0dO%e(?})p$;C!K+KM-Xw7_+e z&X-$0BQ|NVq>2V&BU@G)52qhxW=w(SUaw>XXn{r?U zYmw-ZZj=+d(5+f}Y0=d1{K8+wHAoI+5`js#lz@fn^`F1Z;joEkbd(7F!cb+wz(yNF zNdkgmsc>=7__}|@nUvO|qLb%8&`Nk?GjIhaB;<<)V;d2ZQ9MBe5{Xuk(fVND>Ou?_IJ3!Tp`iTzqy zF(ww^d2DWe4;ao=s%J~5%(4j_X?);EU=cyE3=3$n4TB>ifC{~Pj4Th zVv7<{eSAvNdsViyj!`mPa}I1oL@I>Km-Yr(yB1mMqr`{NToY8H7h&OF{JLUiAK;~U zlY#bk*WMl%OfT-98ds2A?K?^}CeR*`NI=%z4=QT@kS+1Py#2_E_~Z;Xx5MqC)?uhR zH$vADNnWM$PyT{+4RW;|(aJi(U(m}FR2l+)){1t+?jpB5(PO@7r{Kqj_fV&RGaq{}t^Y4i38vVu>Y*dhoC9{~@K^ z2%krXb~^wEBIprW$dOx!Bkm)lbms^0y~@6CedE9XT;A-?4mZ!HUB}whGRXt-3$29)-jBo{O;FSqaLEUm}smfYd38BU`*zzNeAmK=F>8h$_T6KZ=S*zYr}WT zcNm|8vQgs=fggO%19;R2CNsQ{S=dT1b&`${(BOI=@{mss6&AO6%jCL&R{OeT`-T>K z-AkBcTVd-LFa-*OX*G=L&(B>Jl317mtsKBbg@A=LvPvK)jBc`UjiwHxg1CI|!)32E zu*N5arfIp}*|V`}T{Ce>iAYRc1CncpxY9*bB~Orika{H)F4VhjJW1Znoq@hv zZTaQjtXiqRadLP~?OI1E`e@K!*bIAF8U7TviisX-bc7}YL>W#>Naq=6pF(UC9Sv^p z<_1adyTWC&SKsT*^jaXwk`o7@>4=kSEh96ppGSfNC zv9p8GFo{ZbMscLdaJ?yE!Cr@Z5P8e$Lk^Q^Vp83PyZNO31fAnu4`pgRF|ZNN(*W&# zsYI1^E(SaRO_LRcD`ZwU1*3hC zp;ll3=U~~Tc*>C9&+t?YTt!Yx+y(N!wV7%!R;|0A5<>qX09a|VhNR-TsT(i_a{M>F zxv2m}%>`5IN&Z{L2UqOXJia31Rq^xJ>-EclfIEg45fp>vg!-A^IzYHzvktoO&_B4w zSWx?@D|hCr={f}&)f3MD(~aTC;f_J?@sw-n*%{>k!+yt*pO+{;+PJrp=zb|7IKay|A(1-3p_s9{Jp+ptR*hxMCu|@0 zgK;9ybOptbal(RllIwwT<^!jNyiAs(L_HYoF#?PCC5ZR$%!@v?#&xmQ5v-;zW(U*3 zK;yStFGKu3ivdL2Ig35SGw3}(l+)B|pbWqwLvcd&SDQ`UwmuWEp6RKB<23MXT-175 zOrw^&(`7Lim!eMHy!*#vF#ePZFGaJ{L@qy}3cLBwOu6~`2U=X#LQ^^0KdGrs%rk?= z+m#`kp9#SrhJ-%?mV%_VbY$bnXp2jeeM)eN`&;Kczst>)03D_s#d!ollEfkmup8;L zSb*YVcjSD70NhRAXpiXw0jdCwJo6)3v$9p28H!I6qUSVr6kwZ+hC? zRlcB4?-JyTK2a$gFB?rC@nsnx)zf=DuXyW%FPqd@T z;`O)(vRO*b`5nDIq*po$#&k|RWeCRbH66V=bgXpq#v*BP{X&GGmFo$LHvjWp-fr%WwOc9?lPQM=!c%U#q7X-+Hp5wlwx<-kY`oRYu+< z6I8}Xb)IOjxoS`la?N};zmFSU;FBKDRGqc!g?^p$e1Wg5=e$7DaPShr>q$~+=y0E( zV^`QM>Q%tdtFNp^3FwxLu}rK8y1ImV4D9@+gp-H}f}eF{W0WkC#~h7eyFE_Ts7Eqt zHmM(2?INxY3wk|_`0YpgRy6WPgU;N%Otcz$2XA~%t{Z-=x{2)`x3+rPU-25ddQA8e zsNO&sYBYr^ym-S`rLwa=ql0jPJ3l&^HH8K1uh&Y?v**33A=g+=wA+QPsl7fUMxLndok7k_Fir+j7JZ|J*jvTRMd`+Wqb z2#zJbN>DeO?^CyBZ^8VE=#wLqcgdQ0;@NS&(fFeIP{px`EOi=gs1t{rdLM*>Y(7TJ zN*Z06SbV@^*`)gbmrd6=ISr->cSX?6+SrXjNgTnc++3F5#N;xZQ8ai9++lS_;NoO! z?b(mCrXbWoaOih}aioX~+vjvd1kY`D7pr{ygdhOPb%|FC;YB*MBOHN~c^W^}B$*NO zOx^dEMk15h6j?Rmx%bm%_;hfijQ7J2UoepM8qET33X)35P?yhsz$%>sbJ9CN?|7xy zLsik*vS;bOjRugZSG$|n*AIY850sC9Xzs37BZ%F+2vV|}%iX!{uW$l$wnKa|aVT|b zDU%VX#H-69H@)L5@JMcS26{z2Py&!!h~2a`4J}>mqWGu^*}zX*ZiXTRq7|x2oBAQh9&za#?B6@&|7FJ`hmET z*=}7;b}P$;bJS-IC~NG*psgPnjzL2Mc|n?vG5NjTUIL&_MQGmD{sT>btj4DwKft!y z7xk+;L2jFJLU#|+N!d-y>+4z%OOrSn+xOF6h=sT$XJsfQ?re@b44iwQs#K7+{>X%L z)iw3ZO}+S!zaoWuFRn5lvTB}_tUTi!zpP_T!#k%5z49EIHbZ)t(;vpmE~YiZXEuKV zEHJOB{!SQDQCAhB(bf;7v=~P#W^_~GwEm&~DQ9T$G3=gu3)b`*Zu zg=q4PrqQx9k_7u5IE%^-QXy?fHc-{0R2BpQpAXo}M)V{!yuRrmCmshlTSWBRL{@^> zyt|+q#Jg5p#Nuj|Di(R@39=4OhoEt<@Mvy8M(a~}RBJprA<|`UgqQhy*WDD4>SdC@ z-3m}p-e(j-iNy*o-<(5}5*%+yCiTzUOYBi{*+sN(U{|IcjG3fk1>dh@08hK|&3IcH6(88QUP?5f0g3a_BQr z`z7?oLnO9H|JvCalx;>!o-+n#wM#ov#)k+yEsnkqeibqc)lnh^Ph`xl5pPB+;3t2? zYN?H-e#1H{%Eh&1GsTlKm+RGuf}!4lX)mcQd)uU7$;b--&K$0$*FjDd@$1rc2T0|Xaf8Dr00BAiiofdhm%mDRCWQt| zrKUOHB@^31MtA3@Ej_6gBt$(c@6a=0nj@=0gNEp&`sgb0INWC=FY&O*C)@RWDT)M9 z3*F5BlNG=JqZVU^POdusw-#0&_y0vxJ1F0c{ofr!dy_slp{NEgIK<(rzn87$D4kuF$YY*>xBV($YiLY)d zQJy|=WwTBCMB92^XG6kLw_ICNHmdE?Zi%KqIXbvbzMEC7^($amRD?Ip*y(PA85W#7 zSKrfvuugI;S$M#QS@OHKa6wQ;aNpQuuzFL{G%70@LE>i z>rI`gS*GNzH}aAB4lAr7t2XX~c1~ACDQzMpaZj4;f!MAgia2Tsd3?B)67cok&g|yi?*EGb)1Nv zQclb&ll3cc?c7$U% zck`EB9(I4csg-d8JuNxiYZr}#@bg`nxNZ0u$sSTF2b zvHn_cg~O!u{Yh6f24* zgEGWY3L$X@bdf0Au^+jcfVeu9?TXL)nyH9vXTBuuZBhtD(JjtXmBcGKc{o4bzTRHe zY$}do$iK)0@v4hB*@lL;_7vJkP?b4-OpURvcx#J#n{`p}3yI#VgRz0*LL-!_g+)P4 zN76N>8iX%2uU*P~mgR^k7xGW%xcpffGPIDH=JL^Fm$8p&m}8`#M8wxvjy6QS!lvKPWZ)Tb-$AW7vc8YUXu9ovrETAd&1Pa$9$mRD zr{bJ$L8-2J%1quOcKbhO${vwTm)*K8hK97#p6bP-Zpo!$z( zONvPbN|MemsJB_pKQ6n0aLHywCc<0E?a_iToAhX#l*xn|UiGGI`;rk=byY|8DXYaZ=P|FDh-GaY&F|VzY4= z+oRz&iTUQ>^r|c>j??vjQsbAxXdCsvuX;OFbGwap%+vcS=tnIfuyB5Intj}W_yUV$1!LM` z-a{P8YUcN$#hTw|J1o8Wo98pOoRf81FeMncKMJNv+g|n%6TY7Jbg`iLDFOUsNi_7V zxW(bU6dGfvD*mXC2V2)ddPl1nVa%@rcOLW_Hs-z8Ad?(ytY8&Hc^>nrkW**s)<6-hON+@ak!dO!gcgz&ub%(v=%6- z39udZQlxXUuXWv4`M^@frmn@;cno2l$xyHbu*P73PI_&&=wp~|h&R-jG^bI*{DK9J z`rl+$-VtD6(z$Gn=k@Cf%T}SJVtJ!sK?DN>M&a|Hd7qN4>3DODBtT^0Ru=908Ky(?^JvmU~X&Z;!o|WC^^ILZZm%<)J}XyS%#Koh8)OS+;w8iQR@^#*gW4#k0jB z#b@tKvh4(5^EMZV)#HYrRX4t^FXZ~I_{Xti^>X}QhH?DhDf)M|SyIk;PjY^^-B=#; zQO#1y&kCAOPCCtfD1Q<+7WY1u^~ASaM{D?q#sT&H__D8r9L_*<6>Ot1N}T;YOmB+n zH$ifg-AG3)*1TlXQ$G-=3z2~9StWdVQUP+Dr%*wE%B@W0;Fy1c(&$QS7`q+T8@Gl5YRu_O;7IL>t8-{< z$$um6m(_>v^c>TrU^K$dl-H4z8OnE(B<+Qq%6^3%&EI-K3M6yy3)Jbu-u2mzFF3=0 zPX>LG77JUtO5793L3W8?rky{Dj$-D>=4M)LMBNCO?7n)IajoWKWB8hy`_a_+v>M zQzGLjM3C%a6Rl4c+?^r(aN^`Imc8<;kZX{$R4HrY0jk#B{NBjU#Z1MPPp%H?0@sFO zE;Ha-i%`vCZ8qO*%s4;OdGEx`Jc9)RiJ!q4kM$r*{*Ph&`Nc5OigS=*A193T_K2Sj zT7npi>TK6NHT~Ax(t$tXH5k^RVWeEujxhgX7(t+)aTn3@76otkFk+mzX5L{98WV|U z3MH?-iS_$ryM|OW70>fK7r6`$RWE0$kX>khs?R=IJQx-VM8@PtNtXPMNGilC3NGRT zUW5zVO?|xVTy(zIORP&uwJn{_04Uk?9jV_btd&nQ#Tg=z@lB$mXo6f}Qv=($JsCiItM_-Q3hl7G?EU@jK@t2B*>Ic{*c1%S zvY^BI9vybRTSr-JKLi|@{Fs{`LfcW0r>ZT@TBXfejrA?8LWQiktnNmi4F@CY2;2zx z4`Gyyb(8)=7=xx*ixGIh`>KzECq$OW_x~Y`u5phE5mLiLa{>6b*vq(C3qFT@ici(l zCmMy=EI*+4A07nR@=o6jk{>za#Tl5)`=Ur&5Y6kXtdZqRX4rw6x(!0KOYyRt+;5H9 zjl))F&8}SJpZe0`mgm0q_nD<8(V$uJKWxH*gDN75=0H^m6@eVqQ_LJ@mFf8ER4`6B zdwQ20;A@=l1Z-26{V7bV>fMZ!xQ2I~n0AO#e3&=re+Xk*t`8?_XaLnHDZOT3d?1Bv zE!u2mp*k#VcKD17Yn;sKiVhE$D(;0)4VGugH>fkLVJTCf?1_!BH>3vF&zTx%&r|;> z>UUj}|Hm%+zV4;Y_OSlXT>PRKjUuVv`wzdQ#u(~%6PbTqSv6mu8A#S|rp`JHr_O%a zjsN;S7qR~z!YH^WBJ1&g5k}^1-n#GxYk?))@*}gwmxwQfk>|0>)dk0<-t+{07MJNi zgz?*d2qSqyEL3blMa*Tf!mMZwbps~`3A!^v!*ePnv%;vkNe78A@Pi^P7F!i0_f=0- zHvMoy24BywlFx*WGT)HQ zRzaiMSt>Z=W{hC`n~9}jlj$cN6Wiby!^o{=l|po5_#eYq5^0M zc8g7rn-KO4tdI{!ysS+v*4XyeTS3=HBAiECf!+#G1nGqe{G$1snisjo(Tc?_+nxKb zoW1nP2gfj`{?NbrNlRm$H81tfQF8c2m8@6`1tOT19;6JByUt3YWR}HZOcq6hdegPd z@?fN-%0jyW&wr2mPFH`s2!P!9J%7iqIOE7}VyfZ9LFt@5H{qW9as}@sMg=#oVm+g_ zw^(Pq#6&KbCSF=U_6>JJds2K1CMN;Xy+g*O6!7>0cnh20NGJ8rQ-Kw4@XTOIX1v1z z@jL2(*FGpVSj`G*r)j<8+!B~rrF*9{J7qo8qewf7l3lS2o&$P=|22aa5xEY6No*Wd zG^HkBhHd~az)f){4yQT2TooPRjT)>~OxpPeF=l*0jG*g^r+P>+3<|vbMt}1n<8==O z)X6jA-Pp#>**sdYE(b+?Cu+v(H4!XdhGN?KTS(YzddUa-Ao25)BS(A$J-s>!GnyJN%Rh>`E1weE!n-WI3TfeT z2wX&W?0N88aDAuI@~%-jvDZUcBq*}c8m&(CISofg*AfCQsTu0gA@w0-B<-qxy^6=P zpfjaH5F>sd*^^$1z=QvBb*&c=Fez?Yvk*f;K=Qrwtb@%fD!rLMI&31|>t76X5JM6{ zIw11s({OAw9$*jhVD-6uxs4xvtqOMcl(e^I33J=s##sTwn`wA4Ol&Upg=$fU+@`FG ztSeP<5A1}9lNk3`(CDiWHZ%M?yV~T-$$MnKOD<7(J{$DDY`S^TdQipS#5f}BeIq79 zcTy1$vqblLQg-!^VZ2vU`eGQT2_OQaIZ}?d0xnnLt8oTKZz7Ys(jcI!iQHPh7{>9N z{}$SO%h~C<_t1rDMUriv?;aTee4h{>pnzt)1A^2fO*CVaW{qv{a_-h?Jzk`RNrN1? zX`T)O{t)#dn$;Y6zkq)!L@(2?gvnnD{Szbv!M9nTQLmpZ9Xl6c>rs%<4L=yvT2HM? z9G}G&n;h5GGzwbN6C-}mmsZ24U8HXi3!ZY(*nVn1WX2u3yi5*~3F?Qc``I6!$23Ln zq2(;f0g4t5;GA8rfae$w362wp+=`lff<0XizSnzj&Tvr)Xt(xfErcrwEY{9WzFz0Z z43_m%1DS8&TGN8XdnLDuoJ*VlAK7i%WRZEIqO>ye)$sCa)^a?p?31=4I+Jie`M1Oo zvm%x2)Pyz9p_0@j3K@%0)kAKW6D%)&vv7z*g8VYssUKUkd zZRr|`K8pq~W=232egsg_0!Ll0yy3s-)GKdC33%U!sQ6=BuwnK*$gOLt7p9*KV}V6F zFY%D_%U(Qd^u9CZ`B^nuQfRIO#_Ue7Aj#CrD|F11`Frr$oJBI0Lo)w|ta}V^bZ^@Q zUUzC6Q@fqowr$&(dTLu!x2bL0wrx&r8@p>gYwh=W_x^I{pB!mECTV`>bzbA~dJHNz z`E*jSMd|vM;MmD+21J%^bX{0w4L{Q(Ykm+o7xMv4Y@Ysby3m7kHhl5;>Hk+fE#ReT zk~d%EQf%->bzT9~id_4vp}vrs4Ywy60#og3Rmj~{Fveic23)25shz=_TGfHsyB7-p zT^pueQHpD;IRqXurp<;f#-kIL?3e@~X;(5&D#MJGOmOOv9ch7x4$2Ua_TeEwU zf0;Vmv~l|AD|&2{%`T|pP7e1!Q(@cF`GIKyO7h1XK174cYdPa6uAT4v4o6=jq#xU86TZR2Zqs=WQxaHYm^y|yhX zux?yF6=7Hd8K%?l#fVBh?q=d5sVC5tCsv1 zh{?z*Vc8Kp-*t6}F4Ka*Z(I`jg5;F}1;ekLq~9Q+_yh;bDMp0o@b4RnN`t8zXV8kz z;QK`*BgIrZZq}&AF4Prkb;=CdTJ3F1+o#J}@44Jjjn{xssRtxm9oR*eO4gb$a!2{K z9ReA?LH`^^om|*<7(v(mQABJx5)QPHBLV=HMMslc!Rmb#T{PqH)4Nk1=OiP_njWcK zXdVh*sWc@;26%yCzl>bOqMbJ2Qj`wVlD1L^)J}o`a1@aKu=FyMfzmd#FJZp9x_YXK zU8QlnM#*Uzn8?m&rAA}p0$18?0qTaB@*-rIpHsHu_OQx#&TyWx@GHK4Eu5O0R|lpZ zIZz39;ou;x-{#wW=O9JkmXnhhnEPDslj{gU?{}=Ube{7mk*(C4S{-L1es2Kg5GcYM zW(zU*ly1R@^D94_$I$;u%8#c?Cf&0vu*Dp@>*&yJucG`swKS6@hiVUx+V-;{Dcs}U z%7*#%xF=l!RO|(EydK;>)83(M%#4*sfwyvnL*x?i1JDW=VoGo{#YT&@XWJI?-FV24 zf9$s>s1r@jEOtI&Ka?w06Rz&Y27Co?BF!42LdgLBuq2vq;Yo@yPO z1bF^oxKcJAriO`*XE#rh(}akMAy0hV45Xk6ZGg*YaxRD(sNAw_u^221ca_k7I8hz8 zk(fsQ zFDOjg8DRr};P>N%x8`IPM)Qz$R$*N$jzvx0S84eMuM%TLV=Jx2ip@-MOCKLeb`L4<B2qH;=)lm zJW~TniS2WQ96<1Sl1-K}-VDno?+Zt$p|7b$YDA# zm|v(Kx-VL?ufM_$7n9)cQFu=dry9lPqBjf~c ziZCbCQlusclh(jpw9dqYIF78=5Nal|3|83w7I*4E`~&3>ap!ITPdXM1^s3V_C6I1^ zCYSrpWGkh3{teQO&V*aDi#n(XX51wQSYGFpd7mzlBew84_tTvA>M>cLooY+Gj}`-E)Td4>a)lEzw2%fQNO>D9FpUnz|+m>8LV*_mzGoD}0m^EA?_U z;7BAGWawwV+N;~qRhg3)TW%ym`u+5)&nzNPq(S*@(_GVHEy-zkw^Gz^gLMlY_`$=u z12!kuzk?5ElK%uBpf75a-imh44<(37wNv@{T_&6;^IJQkfFfcrh&noXY~H0HW}ic1 zdk*m7zm|*Qd?H{&BwLH@@NFFj+=A&eKqkvTXv16Z0qmNr20PTd-0YnUxtiv1+nqvP z>R4ofrL2+=iQ!gfo<6>Eh!uS2!()+M&$q)$5uKlnuD5NV$G$;z@ys{q=^Z`qmH=y` zQcETv*a!lVEN*!A(p?WHf4HoUNC62| zEvSCBw0JNbR*5^z76C_WQKx#o0X%5GA9VhlpucYL>S24=f2D~mY)xf8qCM%Z z=f`CC)%#)IjfNETBdaP#ZlMF$Q1YO@HulyJ9nQMZBo7rZpV{h$CyqRX3Ep9WS~(0V z!JPVmpM3v=d0)I0haZH*CmI$mFZuKBB;l_N1P9_&@=o`Sa~EmZoUa`zLlL_`(_iTa zOA{l||2O@>ftoJ{0>rH>BJq;{8skiVvWAO=^n(zgN;-nRFD6Awi&P)-*=3ICtK z1AhV%!jG1;}Wd zeh_smAvZ-_;jgInpbT4Nl8{^jM+oC3wtSC69m-y7GWmj$QZqQ7^&alp(7=^f#o4_MO++(1Vk&@>Q6?LwdGx>VuRl?TZ~1>SgBEB zW8=6)5=Hm93SY{PfSD_pkaMN{GV}|@{z*O5k0Cocz_(Zx?FCn8xJgzXvI%bF($9&Z z=$J8g%08vH4>$>kBkjzd%af0yFXIlcoDtuWA7bjB62FjL&!RWx~wmfsN|}aZCwx4X93cH2mPFl>nH~ zka{*4mMlWoMwK8)=8e)=d}F=8!A_m|S{5)U*#v1Il~+T$+OCXdvr@=Qnj=9pI`1St zUD^?qQFRG1eMzuDpkpJJL!aa%X(p()(>k?_B=yNDzKQx$!C(XuG%}Tr-F@{nn9=_Z z_dMJw^9+Jpvrv2ad(iV5=Iagd#bpt9DgQ?=-JUV+0P{&i4ReFm^8njvgztI%ZG`nQ z25@~*fu7x5=eOTEjov&_uS5i|ny>fFmk}!&LX{KSlgqTZ&S06%N#ss@x1}Ud4_0;_8zY$ z4;^b+CE`t$!c4fSVvBzNt-YRfHz(KFRT6auUDUIEsM8!^CyIlK6F?|I9b7O#@UU_c z-plgtW<(P@ch}D<&CN7{EVD&FSFx*Hm0AI4u{#Yoy;bmuFEVQ9i2G80(pDb^pa z37)0#=e;2Y>)8?&7@Pk6o` z?F+|$W_5gCMz1x#h+H3Dc0$uUYDl?s0b(->E#xx2J(7sHN>pvcVo1mz*F7#I=}Al> z&_eW~nn z|D*0}_aQQ7w-8=-`r9(R*-;iOqT7Q<>o_Q|5AA-ukAp#U!mH{xxG4Ce@9!bJb)i#I>BEe>n7kdHU)`ReRb%} zonh|Q?BZ`V*9D2s8;0B}Yz%ruS9fz^p=Xv1A}`Q;TB5YhU33^*&{Gdd8er^h((OuR z%CO^(B^SBy-HMl58+AWcTy|@Chba1pQFmqz zgoN_DYX_;ixlU}dm);Y$KvB0a9e3hWpodbSh);7u;9dE>V%SUNN5V|2G(?-&Xpr1a zcILU{A@4KepK@c@R~1;TETVPdlYx)7`0 z@ka$T>;`&J@zR9CC#)w@$KS)_?VA+R4)XFCo-f2_HyYO{+BWtp&wI2zD0kR{lknUp zX5DAkf218vg7y1f(%$#Cv~!oc)w*ynKK?-qvn=8tqMkFjq;+l&U7eDa{8p}HyrYZ} zTpBxo9qB+-vwbILH`V2K>ms{3ZTyXDT>xsNhJfheou$JpFplc*vly`~l)K8q)1ZS4 zG$Z&*1%w+E8ZwfF1Gky&QrK{ZFG z6^QAcAY?RkwykQBU6^j;4W=S?SgE$STUjr`Q%EY)W{J6tALtdg5MX}kB!>caBWh+2o z!NEZTiXpiVzoW+Xqh~CKm09uQ3{}9wWIr{JO%uO*$8Ubbe(E5i`~Xh^^(7kQs#+|0 zW?kLBs&f-d_@JKz6(jqJI_RH45cG!kI_BNkIY!J9>2b+>Q+u&*Se1)ao*4u7)9f|q z1&w26=B01NF}~hnQ`%6q+v+Kul$_SZ&h))GAHxb5u;nOwvy^<7uH_}MQiW}cac3Uu zd)~KBFg4}Rv%#gt8@vK9(8;AM{oV%bXxW6>Tt6o|+HRV^N?)!!7OBqU-Noc#zwMNC zXk<7Q3+De)>C09O*;v+ES+jT?WF@3(IDvhY$^ui0LP4Y%;~(_rrFDkmzU&pwh{;8j zBNNkdp={N5Exk-!8OOo_Gm`8&V zaFaK%xU3lBTxH~M&AOXe@XL>l6h(<*n3^Y+%>e5LMIEAOIF0hgG`u~P$d22l@Si)! zq+_UVOd^}ov23z=lsAL0Cm4US07Q1HQ>bop&!ebrw{B1Kg~K?nUr$iloA~>=XWaju zo|Z}~5Agm7wjieEDn@EA?Vp?ijw5Klh`sMx*%qGWA7WPztpf{TEjwf?6LV;+Dg(7T zM7aEm*r~#=#TY7C2ex_zlk$>Of^}xW~Uy_#b)#`!J6KnD1ENN z8YX`Pd!32-co-9aLc3iV)o5$@ zf&73qlPuy1G9VsppJT-w8?8~RxHDNOsL4M`laT($6A9fnSgmidSTWX(HiO36?=4T1 zW(a)8m*TbKN26*H08C-^LeAf`_dkabIXoi;{GY@qRQ1njAKzKr?m=8=6Z0?r682s2 zzl6QYyY*R*jW6TtpT}ojC*gNzNfga#@Tul3SJ(3G3#;zp**h9q5x-lSGTdF3G|cjE zLc#X}3p*L=fVTG%6$wX^pbSJ_wz&Th_LP5w{pc@YU#@JD>8EIU`8c@w4E>~H@E{rG z`ALGnO6Z;znZ4H#c9Ck%F-_*XXV)URx6@g9<6`VR2f7lPFfoG0C{o;by8nLf0fz&0 zTjkB6mTtO|WG-=*`M0oR&Z~-pmIT?C&@HLYO1s1Vg8e>U{*i%BMtrQ?L{2#t#OP4+ zfebdEL_|oDmW$KNR7RFwY?{<-_BVXglq>^)z?PV}#^zjCkX!sK*T2$d2g z-ww5sHJ1tWnZSsSIzbrw^H;Ky+%8Sr;2C%%sd&?MQH!8yB?w(+U()IIm6TqsS8FF~ zeG5M`z6vyH=6KG2oS&qdMOI6cDm>W3+du|L7z9#g87IV3U!^wRe5Uh9G7aj`1Zu`- zK=@6poFnx;PIu3fP+WU98EqZpyGqC98be8GWd2&5u0iv<-xoOWP(OYoT3TawsQ7W4 zK#uD6yTo+E+MwDJ8!KKAR@-+>H7-$oqoo`Z`Py#5-$dG=pSJ&ADX0LfI-6U?#pp?n zbIb&MU$EY?T%1ZBrAnOi`R6mBon-3%N!K^VM50B`S`DOwzRlr&)&+jf_x+35hyFwC z$`K4q|3&O62&M!m ziajvK6#=iJv>}GY5t@++NOS4oz}qn zN10mR2g1vo8&b#(|1?vZ##Qa5u9z_KykPiwyJcRlGjQ^Qv>~17`%3VD67ZM;AUH*+ z?GS+J+Y;(%Sc1R74lN#XP%k<`V2EZr#xp^wD=#0t3qorlUlmq-b0U=3c#9sfTF(!IJQv_8hkYtf`Z&mqCG(E%fLf zF9bWqH;STicj|ai=A(hPo}suP#5uom@%Xn(y%=w1ytnI*TAM9b&;oZIFbUH*@<|EVW$w+e4XrVNf;5@-pyN02$<{4DBt#Tg;Oz+~DPj9mk%Q)hP0 zmiton0X40>FJ%Y(t?c-JDSOhFvinr!6VRm3JmW*aFm%Ev+^dk$x5(PAxm7WYj6T9WX|u-#%NW70zDdFK-SnIy=P$P z1fj-lUbD-7Tm(*2d~waBEbx&$&idLSF-BR?bt_Hzt|a-HFw0kP*T+UPXwmJ^>+LbI=$M6SNbhthqQzsv;-6XH3(l z#we`Pam!LHxrR)tP?oR)xX)?O*%E}3u%gBoc^1gw=HS)tPDlW&_crn@?hF0<#u&BW zKwcocX5yB^W&w-x#F(R@uumN3fdDYmOE$dHu~|oBpcz=0ffAgxc1l61YWoY`cEwd% zvei&603wsH2FjWnuHxkA=1&xe#m*7WB%t`Uz%tNE~&Al6_c;HE4Lwa&PfW&_}yIvgHf1LgK#>Z0x zUCZkqX9q}Qjj6fA`3k^h1kpIo{h&1gRs%2kIEiQzd6ndoT6s^cqpOpK9V~E)*tyf| z1ir2{69Rb>>`(g3*=h0VA?wV_528dX-8$y2D-P1vEsvNkO2QfWl;>zF24E427 zcI?ayScH&Eb0;V`oURv@8av+5PSk?ST-Xk1)x>Qb+KoEM!AOvA*j{x0ff(jlH*=4biJ&{KPIWYhKM*(0h@<%c zt?M|g&ss1#I4ZW5p#L?U~b);6JGT=X|3u{QzLM|yB0m^My|8ownZaY=(?pv=p)xmS@r(AvG8aU%bwY{du1rFYr>m*E{J8uNYUr)m|gU zQ+T>7Mu9e)D`{R>honWq#^`Aaz)=_+?sxQOwUKe2qvd#h+1vh_8>JBuPy;?H&S<&l z6juxefrux_@44J&y^*b_=UE<=T^uqSuTSz61?$<~hOEL!L(~kXl8f@z#Sz>*hkfc8 z78vfqC6QaE;;q26pD@s!(Cc_>w!U#GBFHQpeg(+vuCV_SM%O2HSH6s#UEDVN89@c) zGdqeI;onQV#}Ue`iSAU3tQ+a?7ba!3^s=#=T^ALC$!3#9ceW*SaGq(jSxWR6$vu=r zj%=u)huhw6x@w0HV~1~Ib@Fu!&FO@cE5LtbzQx$b{1jYq%oD(_kvZc)AK!gPJq$Mq z9llZfmYGZh$+y7sH?>p#P3?SHpFh3f{-yTRzo^~C^o!axny1x0&=;chs-UkpxxVuR z%M?&?rpx#tcu3bu-n5GGUhWd>A6G z8a8QOv}`Jo8Of-SkH{eoN`c1QVMzyrvUQnJ{%3L}#gs{WjMGZk8&)SaW6cZthUlh6 zXyP@UfVLl#xAIIzB6#TR=F}sN8kwry>oyAK_o4OrJZ~-x$~FV6^oWhiA%jnM7XvGh zD&U31^w>wDhBp3uOkI+A7O65=ZM65k%ayd<%tTVT6+IEU(I%&!+R1NgsVo~0n)>$K zyJCRsPaQ0kvA=ZmoK#KeT%OTmR*971abg&F@7unV0vW8>%22HGE$5V9Gb5#i!J{qt zru#24@P)TUuAjd@N<3s0RgDc{{DG4TVTL*K$y9=Q$jXm&rC*xAk^}GR3anQRqe`l# z@^s&uj#G|9?=mDt?kA5+Etae$B*snW;`&-T*(hWo5j3+P4$O5}s|yH~2xlj!y?#1Js8Jgv$@T;emlk5ArT3Z>SvepwQhUIY1oA+1R_g!1|^y{&=M%XCz z>p;a~6%|peWKY$7H7uWHB5Be!Q(3fBpj7ts)q&dO*)!%R$?mW3CcjcYXX`b4X#kGXT4qf|a}Y4YpC)Gv-jyy7jY zH;zW9!LDt}g*%8ie#qs!3ZiL+DSmDpG9m?OfH%YFu^Sg?DK~p~BpjT84Jmx}{*u$e zp2IS_<>)Exa-;r0X>bw$j2&ZrQc}3N4PlJKSdwGNf zznsi=%*-$>wW>88!9zme5HFs-$5aIy%Wt4SA)FE0ZbY*>1iuqhAA;BgTS03CY3SsK zPzAVQ)T0!dl_?JW zDLNxoagt;u#{XP!SEUt4ND|*x3*r>-cf>E$ou%T_z7>{ndZ51%xk;*O?)fTe4F)qK zR_+@1a#xF7VtTMDDL4QlhGQi%a;wh)NLo2^6mL{Emt(7hTe;|`LMkSnqiU*q$zb4n z2HV*S-&chrTi3^^|T4f~w*E!c*jdACD;Fy4?HUd&L! z&9oM&aSyoHJDZOJ(}H)^2dUD+RuRXMbleOP8zC@N8d^yN(vtf};=`13!qc?FzymEsw6Nu)up}BI<=w53Tw_$hU-;&b>vsH; zXQ-I{7A}~%T(PRh>mM82+FBbdS61mTfAz_TknVUHtu5YkhnzOOmbQQ=-UuYr9N{-* z&ybmb7Mg+~)G~aeuX6nv`$Zx%*fpWnZJ>X=FIk~c8QFFwugz0Mw8bSr>ki0=Vp8jl znRDkBW(I^>*%f80D$tOcc(fP+-;IbP2Gc{V$=-AYOz8LGEtsd{(^_mgKKwK#Ixt1h zt}q)!bB8GNe$aZ7^Q8;LbjU0uGi{5r)-a(s9plIW|MW|IvE(In{U^=hhN=!{5U=*f z!WA^#MoWzgqTfJUrox{BDvdN-A7ve`(8;x5S`cZJfgMF?lr}6NwKyN$$m{hi@2fc~ zGVF)6r@<~vR{9SxY#K~j4L9lwb=ViEMlwk@HqLbPCIU9&s&?(e+pU`%DxC^KPb&f# z{$8$^U*U?}wtNYoucdfW7LD1eh2NXLS8iS0^6*SsB~|AT4R#!leB<58*PKResaTle zAI7CShiaCVZ3%%TYAHZ2i2v19_*hQY>pP4;meYSVtvaOAf~T70!ok+aObtEU)qpgl zVbFVn3SE8HF#oXEkw>M0Ac*!ArX>EQwzi+Nq+R|1QR}0O8V;}<&z4>;(v8fC3Fpj2 zWaQVXKkuXo_Dji$irOCa6k9Qd8(M0P(;d97t~>>dBU_oMHsBWTN}vlnm6{z zCCu^Ensf@o)1w(-DJPQ{akFj+163e5H1rfQd%MHb{*ExC5YCML4vF=&ud^Hb6v>4b zjeSg_rJP?CF}^biUss?JqD(a9jeRkzVr?3i?pwEHXJpi-Pm~D220tVdMUN<#=4XO$ z6@%&fF=RH|HLxPl-+^V!9 zkrD*5(HDGnd$y z4L!aj?PsAskbTTZLD$L1MNlYs(DVHz(y;)g`~xQrx#ZibJ%>yp7V=K|>mY&Ecgg2o z1!9)GUJ`+)m-JoM$M4fa@au14161gE5RY3jr`T3?qcWsm=px>Mh z>t_9B67ch@+8^{|2>+cVpP z95(}3d&$C4S_zHCg*}&{J<^A-cT=HFTN>e^wwIs{LXL)ejwFWbY3w06`$y#1_&DHS z2$=pkrYh4kNcjyTH64Zpn+MmoR$Xk|GI}3Wyx`P5f%Z?zcZ;|+!poaXPEYR%S1lL` znTB}SY&x7!7fs#9zj$w8=YK38r)a)aF!6U9NyaHFM~qYB9gT%;)Hy`heRpyB#cQi$ z{pzkG-LWaxMF*_04+ZjZZOKis`)TfXiqBvYuAL>A`jSbBZLs~Eo`+N@Ur3oiIe(2h z%FGZ$nPB0RN9o`duKh`K;VZF@w)}8X8&XUn&d)e+z9zmlnp?%R5X0QIU*f< zs)RU>3N|Oyrf2bWXz6s_;}qzcX92}^R5mrV>^c(A04hzYtLV>Moml~8zDo)*X9`*b zvSF8Qoj49A&o_QqlQACO_Fr*lIhhxv6skdAhDwV38fZJDCfhM3O&*2FL2!Ay%|eQL zBWHTglIB_KdgG3VwH&+XUT7L-YVUJz&P18DZPC3gVxox2o7CL6eCyhJKyVH<8_?EL z=Uo~qUZpS7N$i9DqKd^gH|flA)%M`gHX*raG|L$XLz*~Do* zw;g&QfS+l5+0;~Osr+F=L%pU)(e33K6nSNzJ>2!e$gbiO2_~Q^HgyN6D2+^_E9|6g zivH!;osO>}fr8e|dP4LqR6Ti8OX}J4qYVSHDsKfLP2hL`Cf4F*3SlF;_{0UXmq*cX zfzo$?mO-JA0Eut9)k&?GT?`bhvI=7@m57Rd2dTT9TcL9REAZ#-LeE}&dA1*s5+1{9 zyMXjp09OeiQUFc6qHIsz3VX`mHFG%62Cr~Fb;&2=X;O5(efza9(apWcrOh$4AhA+r z0gKicv*g zh=H$#0DN+KbQ%Keo4$)%DTakruKzkKun_rANIppRGh^Yw)JLU{JYzmVjdSu!WaG|R zte>7H*;&#USrS16On}K9911lfDME>SiCC!hvUyU%4;{U@w!SMgNvtGs>kY3@0=)pB zO=er7kLq9~W$zgymV3)eVa`fvq`T=M`pja$yB03vhkef~L%r?MeqnI})Ai<$G-!#u z3KE+EeIdtIL#EpijrS1^n_?~;4cpB5u{$J64;$A(cpDkqGxb%?3kVgQ)6NzW!@Mfc zc!D)dCPIy`Rf4BkQ3R&<0`&PmxvIsylv_p{Z9iC-)A5^)3y1NSIH^diPDds^S+Tc? zvo@lylnG~RurkLI_W-7deWA48w-pB|mDpK+h7Z&vSBcX|k)tDR3RbJw?UQ;c*PL^sNHKi@8c4-*aJ%0*Np z<7O*J5F$4uYE9}BjGkHuXW>4JJ}*3$c1S3bUBPa7c2>2lM~F~HbV6j{eRPz=brP*d zxHOH#bb}l7eFrZ%6Rigd3=2qnIyyRttN=x+A3h!Q*XV^nHkCy$&Dqx0mx~BXb~Uo} zg$@QRN>(tl-;ZvHfnf-f2nu@)Y)i#wg;kiX?kg`13aTtsRL>G95O5PyBM8JT(+C!^|f`@rooRvFw}uN5VMV}hL z2#8E=P?dS5S1oONo~|ZwITc-ks-%CAp?cn7%TTHkk8yH@%YA91t#;PE@N3R7Zm;)5 z$z8fw>7?Rog4ISuL=m_GpTc%Wq)CjaLSjBmxZ{6cc(RHQ9|dg z%p|7Nj}wBWAKpmHed|VzAMEZmc(-)=*bI9+soXw~}MOf8G} z4f4Tk8Sz#28(8EW%h*x2@nJ{? z4jC!!vPq@7+g4PxZ2)1Ks4ab*u|&ZW57T>p8y`K*=9D4*vb$JB@n;IcS{GOS@p7MB z6lZv5CAbi2LP6jm89|R*!PI-yY8YPRL01L-WQydvxFXX=9p4{5Q}=$KFfgZw@|S5F z_z?zen;*iJ%SItJ7m6!3Qj0`Vq?E#(W6L~85>H$?l8K(c_*uNb8g+)TTy7L`loj<- zeao{Mp$IsUE~K*=gpn=mNjGhZ${ojZ6&k!;Vsi8oq2!N=(D`n$aX60Wk_bZ!mB&wQ_!>3Zz* z^?*--yCov-tZup-Z=eT2uYpoow{$uoP(Z@JA7 ze&-WQfMA4dPQMFowq~+m%B~9lrrHU*hAvUd*T2@d(y?bIZ}N6^@k(4rQ-3$z@3Ur2 zJ9f)`jKDhYnMLh{9z==-)CYLGYg+atuET=kB|k5Y8-A1@p36s8^RYIU-`ozrmz3mV z$V0s+jmXIFqt~HGUpYE9hAWat!>1tdijz72_({3IkQE&4coS_4HIaWU1`^$O0Zg*z zu(H-*(S>NaVSo#0-RL_r_k8EkEHa&9CxF)e$2ga*;|8hbeAMs_7B(Z^G()S!-BXKx z^Bkc%+NnZ0nRlcsZ|Q5s(*+$Zu~3aj&R6%aY_1%VaUjVtY?%v$QMC=fA1Wax1rQ?T z8RA;yV$Ft(E$xxIRSw;OsM<+zfZ2jX9&G2>9SkKmuDN-MHVk&N;Am!j@cvmUKTLaXds3=K8`->RcNaeUQ%#H4KgM$xy9*D0jpd4>ERshv>qTM^7S3?cvyIke zuw3t*#HbQt*~@JFMb|tAE9HLZd)-pyS*bF?W$^QwTgA*8Y~y`!{DWDCQrgUeB75V;95c>R^FHooUq=9n?LSZ4i zTAk~o!uM;}YpZ;XpcPv+we#qS^ACacm0r5;hI@kY!BxVRotsK8lcB|Vipf$a0Xpxp#VnKoZwYkIAqOl z`=n=zk+|ImtosL{#NRj?n7tspu{%2uep>MSt+kQU_r#rsCc*iQMtDM3f|$_Ug!%#w z8cLBzmKunG=MeqJga#JN=_sg0dGi_53>r2h9TfMk;d5tSBTe%vPk&3T)o-z8Q&P); z7gs?gqYbR}J_PF;^xbIgCM;a)%Ebl4%+RR#afWzL(y8%>)MKQ_Itma?167O#CX3=( zOC$Q?e0&x}3|Rq5^vrsxTT_qLZientbLr9s$T-shKyJt4A8X&jZ3WE;+;zo>3aCc5 z1DGUYc11_nI|_(4W;D1F#=L+d5P_tb4LIJt*zRZ`|f2DiF2^(bX-c5p|lb6j%&Rg$Z}c`Z}qw)Je= zbV6;cWU!jGF%SHhIb;X*-95zQGddN{Y3_vMH*CV~I0-PRRnj`r^=~%DSJXco1HWV$ zGL<3^|2|%Punzoc%+j-uG}B55i_>3al&r!u@^ywBNS44%4UGNgVsFj_MI29mLyaN2 zn30=qGxDeEP-j{XCm5nfk|Kg28xY{XnpU|cn%*Whew}r=7i{-SvO9Zpvc} zfu;>i@DfwycNhLWO=S&9bmkUfX#XoWsNLiu%$^FAv?{j=rg*9v1Lmd~e{&x+N-mBP z(ANnzo~yM3|0U^a@IG_SUpbc-uGV>Ct_1fT{p1W7rF);ozSI~^-+M#q z(mcM99gYwl%*SBp5QuIi6EGm&7RQI|!i&}fXIYq!BoyBkAT9)O6MJ$4VSg8@ zC;+!2o# z);Pt8=*C0UGJ^xDEd6sXUL{Pg$}3eJ9|)u#C=Fe<$KpJP8jGMx#Z7ohHS5H{gSzs- z)yMxlF?6DEv}M(DFl0nMH^Gdu&1@xguMCSeo<)sDL1kppyvK~b1y>-J?byzWKd$3> z7jNoMt&!Zv;EaT<7N=1iGkVhN%fy6DR03o9`qA2${t64WdtC}(n_G`@uPT)20{!XA zNqdPrZULk@O6k*Emd-pArn#w<2pkNpVn}xyZj7$@j$efDT2ZiYMf%6kM}$SjsXdH) zo_XdhBgMJ!CHoTy=jE1I131lCJhe_*+|DODCyh z-(~8RBlJvNt&*T%iK^rGUr#y+BR?saFh|F=c6R>ko}cnWmrjTJLpvwL#WKa7h*phS z5H1OJRB}DYg8QeR4F5(WN%!;hRgj|8wv|vxqETCMImFq_jFP~#hLh2!4}2gvt%?d0 zp}gQ&f8_NbB7~Z-k>dijZvzLj2nFc3)I@}Pe~dtM+WbMXbV}jPo~)ZLERxD zI|4fQ;=GCB@Q2sM62~hrLtrh^f~g%`YtDmiRQ{aOKeC)Gr}KlMXH~6@u(6+(_DO%S z^0nUNq)ckOf|U!8X)G=LJJN#YH*-}Wr;vgdWR$(r2RNJpG!@*lI)xs7in=5hqXy}_ zxO6?8-B4gLj%DJBrozB1&0EF{G}PRod(F&7Q7zC;$ks?YtWy;J^Epin>JULBP9w6K zvYDKR8c{4I{^m5eYLw-N{=CQ%c`i_Q4; zTFmz0YpEv~wL6%{y~^8B#RbyY_0a;~`XP!ch<(;D9@c_1eBej3oSpC(AC;3Id=ETcbh>*Oxf+bHF4Hd#D|$+<72vW70d9E@>Y$rY|;F6z|EmG*>twD2(=QCEz} zIjI;SN?A(n_h1J^Tc(cKONK2jg_XdK3W?hABFj(0vck_8=|)S#3c}AGej%w{poDfh zWQkWsObz3qn*rC$MY;sXbZvUfQ4xtx;h6^3jGSYB! zusP6BNzyFu>!YTU8`1~{M1)gBVE9KX_xZcl;f?y=Rw?c4_URH+(g zcr2Ww)@m!=hF5-*Ya|-pVK~8r>jzXz6Xq?xaKO_AM&05ylz12G)qoVu1YPs#l~uxc+rw^cQK(m@;o+zT@`)g8qroP+2l#DcO_E4py|Izt{SYp|UVq)? zg?bhz7CDNPbXExmZ`(ImQYqT)QvT-m36yybUMW@=(A!%lA|zE}SSKK@^@v4yecG~- z#GFi@5LKv!@sLP|37SFj*5JD3!1!9SbLO5w*LGm%^6f3#58uUZH`sEeCH1&Ng* z43hEp=>$CVP@|A~9jjmo$8_C0iH{M2^_oLKp@O}WTeD4u1? z2o|Y(f+TR-!Vv2faT#6hZF5=JK2o5MgZG}5I~K3k;$tK+Z2R|~MnuOwaK|Xy9>*L80HeRoPbHi16@{|P1V;HPI2+_n(sQZpI+tj5yaMMraGI*ntfei8J)ySn zQ+o>+nK3?k>8EUS;4Iu!7&Nn=i2++ubW{?>s-GSQpqBYUm`ZN=aZ=-K>fTdQv33Lx z=RSw#g1>1L*jHqe&ua8Z#VE9|OxSWPgl|+Pleu#cxu3fiH1*s|HiMxi2{FPS!NQJ# z_q7yjBNavf_CHr%bTiziA3J1=9=>LmJhDxoC%sCa{LQp&T)SF4ES^Zlz!T3Lm!OZV%!0HR{FRpK%XgnS=z+mp)DT8;rbzN+JW@& zHJ_f$UIU!1RML{Iu0cRMJ-$C-pp>M{hyqE|cpCY8-YH3AxLv!X)z(i)DB$uxq8MC) z$cOD0zU=-*tLR$1n)Ulf?1M=)>nV&2=0v@|ZC;BEl9H0*NOzOI@9%m856!2;r)Me= z;++D7GM#=}2tbL*^xQcP`P)7mFMrNPcdX1!q$1=jZQn}q-1d+`EjY*~7~6|1tV*)0 zW^dzNEoq`*<36!}AgvRP@aL>eKG`X+5M!q*tE5cCncX)Bhwwqkyc?wl7VaEw1$xK| zDs3@A$;403f4-&RzDk%|@`cr)MWLs0_KJ#m-;BTx_IuLwgbCGL$8D@%??S5Hm}pl# zEUA<9?9QIF_(~`<6w#IV$af}o3XQFG<`4Kz@Q#X#7Y^l~;jL}{vWx1DnqkW#UOfY0 z8;oB^&$A1spu=b-Y|xxVV9sbhb@T@9kIi`pfQ+UIN%&* zm*_9tcG-EGUqc;%wi!JChpu-D5~buu);413zh&#sxEPJgzKkF z@uj4hV0`bzrR)AhGm}0pR8oJ&S zpWYG&!pjPTl#rR%3Thy6v=ZTfiEVN&Z!zW;5Q2w*oOBicn-4sx5Ocd4~@#5qtgiO z!UIFMG1*-1-LKZ2otw9MIZEyi3pGg{n$fH!p+AoVo!yxjhzJrxnvmZlzLQ@d8(D!@( z>Sz?fd2RSw(P=k)X`uhq{vowN*oR?mY!i3>q^G$QOaL7IJAw%gyn&^tpG%NPY}*m* zaDR|~bS;4Cw$)1x9X3cpbTbsC9Z6|WatOJq^nex%z8%39LtPeJo&E286;wl^Fz>lQs0Q7y zb}m9+=mmZus%MT>BBGR9VN{q0RS%~#<|pa?5EE|v%a1&k)lSWk=_~(}T?9cRKf>?? zQ@I4UH;L5yE&RMkKwsI(?Do;9#8uYFUNy6CUW+X~x~*k1ij^G76-6=Z+VL@MjT)Og zF9Zn`F!qAIdGuuGY7H5Yxp*BAd#^k>8hk$PrHRmZ&^c3HXu3%=DosLFXeO-B(M zyCf*1?7mvP?2i&C)^%|JOOmcRuu_HB%8xIun|xWmf;9;?vafWu)kQ+of&^ZWObk>p zolJ5GxnmyY?0K&cATqZ+K*<++MEXsQ8Y~&6-@5piVUl0e1iL_Pe$brqGXh~2!QXi% z5?#p!dtBQmJnGj@4U4Tt6RKqg4638Pkm^zmQEV;ndintRvG-vO{-nJCoXHb{;KADo z>ZbN8c|FE z1&me|N&JAfAgl*JYX}i-Ol1k;E>F%%!(Av=K$)ti(TfpR5%=zy z5yx&Ool4g%IBD6=2mKfo0JlRSND_h|Mis^~im4VuB#O8UC#YVX%c@5aH2<`oz2r%k zn_CWgDlcRy4=uYjos!w`o?!HkNCVP*TYi%Hr5m%VZ0Ew=ON$ikkFlkRT|Y(|SZ5?W z;Mx4WX);dzFBr9;y%7M_s}!AWnwPg%rBNHseZ zLO9)@?=jqHCD5e>9O4<=XDaV2-iA zqJ6;XTgZ_P2Yks}jR6G8KOW)pvMFaaoB?PI`Bwrm1{SDN4lzoBW_Sow$l?&@Rv(To z)Fg-iu-ZJW-a3JKliOd&_qt&!Yqm~Ku-;|k64-V&Q}sGui9zmb34JKt*HMmyE^&tmwSSS8Q;e z)wtuMz2f#BcuQ|bWM=jAle`zE`+S$8*u!mvg^3^BPs9D$x|?s;gN*fu=-AMriIAeU zT)odbc(?W9&{xB&rps{_D+uiQw^kFkFLer$7frpFfc>~3jWHj)$=ZULaU)_eW?w+k zENFUK6Sm3&_FDs;T)IvoZN03-gk4|82)ga5rq(szebJ$7gd-xG03yTUHZ|Lp?QKOx zu;|rB_j(AuvBVk5Ce{V=Gu8ys2rhP18q^X)OD47S*4-aJ% zYh;-w^m{yi#Xcy14-at5|S!CZeY?Zqa-6SJ7q@a^L0TkCx#dwS5^6kZ&b+L?oKH|+f8VG=3YT+^$&9!YjDH8gv z-%ahUuj6BEDGja>(I;6nuO&+@ng`P*u7LOhRm`XChY$o;1sMgSwa3%?eewL1?8Nx> zn6qY>Ch>B}_~tSCmb+{j-gPgBRwO;dB-0^7FUa+hWDYFjnYV5~8`#4M04F?VLI%mQ zO9UUS7M_7LnvcjlH`bRdcJP|sM{={N>@Tn^J-`ZJAC0Mg;--EJPYJEazs<1S@g_<-Uk#gYF~q8JqBbX`9R*dCncJ?pc+BEvMs&j5)^w(Er_q3f9tzS$>? z-Fx-jV+kj4#^89ghwz?pb1fqo59rUkce#}p@f-|W-ou0J1X z{$N>{i-tKKvh|-7aE{YolwI( z7W8@g{mcFg+utJ^#-#Xs9^e6&Jp^O=cYdBv(48Ez(B&!dgfzzf^{ub%^J$X{6o`h_ zTGS2zFm}J->=Fn>ipf4ZZbD;mQiG_Gj%NWWTnAEqw+@?tV5^bet^{5O{WbjpCm2l=h zZwYuo83fXMZQ8XTJlCCJD%sURa-Bwb^9Z%8#sfH9ONdU~or(C@};s`@bFmjb;OM^CkNjH zo+K_j`B>&>6MQ9f zMU0Ltcu9Q7?!*R51!Rn;$Q=*Tn*3(FxyKC_`Uq`|?uY>zdo(~x)KmT1b{;0Wj6k%^ z5^2$)Y6grU&>Yp<1cSvb5T1I-@LPI8;^r-1Vvat-(>94hmBOq?r?oVR$7aYxvi$30 zlkrDjwLsrUhUry7!(PmWcP5;rX;%_B%@6?+>k$>J$1jIf-{RWR-9(oj6uUanAZ z-YsbLT7B+f0?roc)#8*`_^2v%4yp%TFK0DCVqLlz+UdK!4BM5s4&fT5W@^9`{;U(q zF03c*TapR=WYGrt$Kk_y9gTZ=nvAM@o+7*<^u6Q0_62M=?46 zC4=YKx0dQ8ihZNw)pK@fFz0mgfsEUKat8^Zcsxkb_V^V~+-?J))40Q6j|dTT4*!aG z-HY64W7#GYw>_li2=k@yvml>!gd8tH@jiuk#KON&B)4Bvh`VRO3;}25K_wug=bK5O_I(L7 zlq)XicI#ouTMtn8JLl_IKbgDpxmNy~CMF9mMUk~FS-8J4jisBADYP~x1UMCU3&JO& z6%-8=;zu6<{u-Kbx0Mt@PbEfnjVgN29KjRUo8(7L4FGNneH%HeEE2Xnv zM04wX6x~T~*bcozFXd0ft&nKngYzji_23|L?PI6n4e(=}f=G4NxGCL!V=Xk}@RzO@ z!;{do5VO3$E^9EDazOvUhQ-JnAM}+H(jo%G$Qkk$T$NVIY8I8H<)Le;Ui|uiTp|6hbS{$q|7rtPV61eg)ID6w_Js&R^k4kX;Y}pz>V9P)3+KY{%Cy% zGE3o9<9g!$-c;duktkkKh>N59anW)$T^@3~%YRF9`shsM+k^sN>ZpHqii-1OvY>hQ zPX&K7Ee>N(n7U6=QRlrrnDOzdG>bdup|b0YhVh^DE+t#{C&EXgPsXo8zCn3tp}=|; zpyeMag6H!_1Z%)oGM$77?K1O>`mt6Tr*4=am=T%)gKw@YNMVSM2!`pLza^_5V=HZfYA6LoQ0{@!V`(X6|V{Pmx@AoSY=3Smm6s}NO5ggYLJdSww z1+0#zJA81+A0DM;VtNJx^nfsg)HHFl{dW;}SR6Rz{n;6;X!6_ktmLpwN=^-oiZR$q z#hW|n-1m&WFdd~~A)>`}vF>jNQH4R<@Y(!255kDc{PVY&wW3ugJsKyuUrK zRF7l6;@Om@@NQbR4I8uFeegUVUTibt5&bxL<0oL3ZZ<+&63>Acd)OCgQf8YuMp`=y zLs~RUaht*fVV)5*F3d&`Bmc+|s(|67T6CCLO-9?S@e6w$YuJ1!f}LBLbt9m_mLe-W z;TP})81ur%<#YWzLfhjhBL9H+*25?w?+TgtK(ygZWm@5BWY#^{NVF3Zrf?Y*zbMrR z?^6sQ|5=I9`Mf2-B;jM*N^|&^maY_9v~>#D%|VwXZRqaKs5wiir^-_4LM-$&=7MIk zPS*t2``drhKw4EIF7suVXl+X?vwDLnv;M94mTbwBCSm0{K*Yie6OAjt{2SpINUeJz z)+!QSv0{A(?xi;g*u6M2qmj#r3Xiw_$)F=sfxZT}p3 zh&rIX+xW@`+IeggWmti^$@nEH<=i!J)g0qg+?0@a7xip8s_B(9TW}FS$9HPa&|6=) zpmMmX&adX_#9b1WEygaO#bqfo_Qq;&PLXEo()Yj>(dtqROV&m9=XpDMsUN45ckz#V zn~B>lX0*P)Gk%sI9Fz|+P6Pt*zJ{Q#PN!(Mo0nbwM#mo&40SNRK`eCP~I;d;c1 zUcW1{_2-yN^Idem%1>JW?#%%{&Eu;a{1W`4CHMD0oveB`VZDJPKk7%n$Df_?XMZ3l zDdu0V_(`%`7G$M-_%yYs0f%dXejA2*cM+5H_K>lkJJWksJ}spDG({Q+L9J)>p^F5m z*HWNWT9i*hb46Wrn|M;6R^6ju$tekU5+>OeJUcub!s?|G8?j6*NG2G1_NgF3C_}+K zhSh$WXO%?DVca$lP0&Ny(E7Hn5H4#OP#6pUdN3+av~#i+!elPx=exRNzRKGSBTW$G zAWK7L_*oQajl|(i?ZnS)6U)}gc#Q|oBV@Q>g^|fZy}D`a$G4>Muvo0q-vWk@8yoRy zM-vNLI2GJSdakcTWtQyeS5Z?2}B z?6a39wa}D*6=xH%|N?7-#8 zQrOVgQaFP;Z*6EAx{pGDnYLysZ$dyZ886`eh0-4lkW3g#M?6SW={Tf?dZ1P`Ed7yR}mm0$>@%_4IF~Ql=>tV#}vfa*$036XA;IMV8eq{LsN{TOt@R-s=l&y!UorLI)JrWPHi3IpzPU2o`EG#7U-C#Y z_IZ1siN-pjbNbsXKL7N%%D2Lg6EFac8+hw8c#mt)F8KGyMVP5@@k8)R){0UTcDTB^ z==x(FNKPEA1;1I2WU7eNjrw*W%+5V4_Joqczf@KfGHj#|6SAjDa4)3CTL=!}azsr~ z$|6_wmeOsas2^PF5(?6YU$=24Athmg%J+!cJKs#hJL)A3l!$`=7aYRS8G0^0v(&r` zQEJ|TraBu!?DGyehvfY;q)Nvf@m5E;B)ZPYlizcO&#z}`NeoWOCY{CNpkk+bc2w@> zT*=Nf^x~zk$)ol6@Xv<>q9LIwr&OS;q~7(w@882cq|{-?xPT_%@0jnj=|^eC+X%@w zFXpK|qB$POQQk(GQ`bv;;N7Q>jGXOkpNHeBvNHez5b&DgJHBhAClsIfcNZ^RzkBwX z$&W1eZVoqIwMiF4nU6fyOivE_2QqqpbtoziOA{wkeK8fF`-6luYcMhi9={#_8T2yW z@*I=l4>xQc3LHT;AB-GGCwt(ksuhVGL}(UD7OWNMOmPe_hP5rd980__tFMf-yPJX9 zj8a^~F*J-LU~**6lI9!X&l4C-2+iu$zp_T5VNe3%HaSjQz%1u9yMQ98Jj0c`g28G3 zCXZ!bQ-t7*ZGypn^$gh^wRD%q?=Z1rbTuvzrcl9X{m0DBxz{n%M6iYQZiq6U2cwxa zwaY%O-$?qvPcrKltu;Z2Z>POK6~Au4Cs>+Vy5UKh@&p zq5*-S5G3LS3wpFVSbEdNonj3fVhx;`Ub|^EY+ygP7tC8V=SAAHf8>YBigcQ^SHtA! zd#;WnVZvT>CMenfT`HK8cx=MCIkQQwIhEu^M;1(G^7;#qco@5}Zd^mm4oOflcCmrv zFf(>NV~Kg|=da<4+vH!L-kC20mPN^t!=J<__LfnoiCls96X=8?YL&4UQn18i67oIG z!(}Z^8NgY~)cv8Xx=-%#VrGA6K_+heZ$#?=;HZ7*7Q0Ip2;jc~e*2L+_#s%3x{?)B z+kG(4S0Z-1N!G|sa8%tLu!wzzTNN_&KUF@;FQJL7t3c9Tn(1MlC?XFi*0sQr7i#`i zdo0N#`O{$IdT>(HL0YDij?7MV1Ul;()~Yd#p&~r6{A{gaT@PWUj@WY~b`=C67Pz8M zt2$_FQIu=}KT9RX?KZ~C znz1X(u$K<_wvO`7$K}0-7a2(mqEAoDC*{53OV_8Sn1X*L_3|@qZm^Y?n_LCHrFUTz zkM#5kK4T%LJYkC1{W_m|LMgyTgka-*k*BMQ^!+s84CNySiP5Inr-X<^@7StbW-l0u zYWZ&al2XjFQgva+VKv;`#+)n4<-p3NqK|8uHSH7|OXZ^6`Im@!tfXXTj&3U`E#_(WUd-yVZ=6bTD~T~P)=nr zvN*GyRkXvnWQ|p45|D(RRjfBPeFo#$v0I4=c)W1oyjAX=RqrA{f#rsDNwpnpekXjt zkHakFqujmf!IJNsv*6y?i>*0R(D(bQ9V43}OSU<;tn?Y8+ejvutUj@_V zvo&(Orr3%p4>j*bQBQd&7N6R%TLZ^YKhtU+Kh;2nF`|@enSHRF&Si`EA(kAMMD8NW zDo~4UQTzF5JbD_-xis2Q@4Dc%2bB4KS?#5NUTcqKQYk^1aadY$H__ zJyx^Bnep3jCFuAt`bm+-UNgNtX)dIHzW)x~UwmX2ygx;`M$3GiPQ9ePK1wH5J`f`) zS6dI^K(#;TCpOE}^g-}s1&dZBT1cBen&)JoRmB(Bq;eUVZ5dRKsrFPdqZ}V*CQ|Q# zny7*0?C;oduHNIu`F9(x%_ED9X7y`CTkEU!;8-j51ef*J%3;H!7VW5DQ?2bp4I;34 zWWN3Kc2`b=3Zu%PmNAHFTKTEjSwnPVKnFPVx5ycsG-Vn8U$B^7;{mQMSPQAesm`1^XlKO1}Jv5!NsIV||?&WuA|W z4`!Ol*}Q^LXQm}1JT1+B^KFvafZYwH7}At0OmAV2s@}3K&KPtVYSbzb8z@oUpOdWJ zcFyPX4|YVGelMlWjnJr&$DoXK_`w}3p@6$v7upXf3#hkDzvS)qMdQtD315#NNnod~ z3`(@f&zm21;Vn@U4+blUMFkYRtn>nW%ZClA3>_x^ur*tfC2a6M2Z+K*wJJ{(^hKXr z;Ux2@Xk|4;=x0z)-I-I8=9mOD9jW`pk}a#^|6Cir~_& zg-f#JgTS%c*pQ7qpd?GJD*akvtITXN?X*)lthA9DoUf8n_@m+vYWG^*c7F3rpb$Q# zyff06id*yx$lJg5uNIl@!}u_*vb`TunyDmAIPK!ruOUyEUEcvUO;OIKhW^14H>YH{ zx~$h7e_&&7GjM}EdW((-*3Wtu|ue2@xu0bUGpgBilQC&sedlc9d2m_+S2O)B?=i*JB4pP9II+u6JGe zh>*Lpxi>K62daO74vh!slX3Qz%@IXMM%d!gc5#;lYN7oE;q6L;YceraIew~@?3P3y z)y1;HCn{@Xr`ApKp8^mz+^vh(fsW6Eh7J?MskK%-Q*nGlAj$<3Q{s$2HCCJh$@nRx z>j^P}y0IL~V7ykX{y&%dN2Yf*@UtNJI`H}FZUFPr0}u0q(Tr$rWcxMfHm!X2?E1t|50zvtqxi+m!6i>O=RzPqk2y#GzMn$+ zSE5DY5Vy0I_Q{B1tn8RTr?1vaDsYpUqgcP4%b}(iLPDhUx``X2#5gR=wPn#uJRHM? zu3GFL6&vUH2***@uM1&Lr)Nfg4qSWr>Qa3;=JxT{ED0>dPVM)H3dwt%XIJ!5a|&b$ z!~=AYqg>$>H*6D&iB7;I0^vGY_y2i1r+t;AQ$=9}Wh-}SF6_+T?IFO-_*?Z4PR!&2%!GNp-x zdr<+z0IBO*s1#bLA=1Fs@7yrz_4L z27u5^PE=88_Uv22l@`qCq7O*x-%*Low-#PEFkd{>Ou@wVvWUt#-rWbygFP4qydc&n z`K641Pg^dLyV-L=puN3xQhHsHjeX+zv0~S3`dZ|s?0hHnLJ>$tCu+Js?ZG?U;Pcn0 z^4@zhyx^y{Wx95!1Sx=cOt$D&G}My-h=)tn^Lve&R0Cd&U|MZ zt)=v=X-VuXRJ`H$W;Ms}!q8@EK$}8JM>9)tcTxpoQ~>I6HKX!ylneU%)12tTC|md> zgF{uMcHxw|fuYUluCIc@ui|daKt@K*cKlF?O1|H~pgwZ=1a+w;B4y%3F?>JD&EWj8jg_*%T@4ToI1+PKpaw)9hFv_S$TK!| z3RPk9)`PJ47i25!>CRY*u zo%;L6R?P?wqfZ@XJ|5m+F_0JjFk`|hhg(4&Z9pbi{UoeEi((P`l&b=XsgvT`c204lpZo+#SyoYMs;h+r znOs&%>NjJev$y8{Zc>MqVG61hqw7`1$g-l=KWrT zf}JH)+g;*}X3VuFg0^9~8Tig}50gYqa$_o^TKd7$)AoM61=SS@_%M8Q!9!PYh1cQZ zqvkz6jV-DbAewRHhr#;Xe_xR0g5>EEL4Je1`62xtI24yb5M!b`;5GBE_rlc$qmG4Z z>P*0zUiFlB-vS7MKM0sWQ`^>c!vByu$5KEsHaMQx*E41&{|I8=htfGoeu${69^f&~ zbeegBN{j11P%TlXXFf$K{(b*LrZcJ2mEN;?Wh?e^N)oK3q)a2Tj#|89_N~k~Ij94` zDrBx*pWrl{Xqco_DU<{iFTWAsL5IBO7Oza6GRKz^h?ey#3I`erUN zVK{{%sia)bq;dNz_Vw_J6{0=Kcx*|3n>Nj!juooL=5@4LvhbQ>_9)4+sIt054mT#Q zVTDo=(BkV-gp89=@?_X(6d_r?)uJ0&&NX)2OF^MgovhNos5Bi9m$GEzz9#;)cU@iA zl%sKRFLB)hM_INnDdG)J(y@AWODd_HB==Ra^nGzAfhnl=b8XRWH|mq%wx)UWH_tK8 z3s~}6*=}oBKU|ydG>ci95av<*b%nyd=1>!uF?S?gt%P-}UXDyD27_FaOG1xe#0QGF zAF^An8Hd}bnf?fodJ#*YP>_D07Hs{gqx?FTl_T z?sH7{a~I+Et6H^CnU>NAno(^il$wcW%(60_PLZN~GphE zO3~@}`3>4Wc6htr5AePZmTrDtM|eN?mhgV3M}A!2hHiAc?mm9-e~S&yUzHT*?s>Iw zKdZLJz67#&miMK^@s7#omEw~~r9cZajIT`kM@71PsM3<*S1*q~UwrC0IJ{u=LRhe@ zvqR${%6Oj?cUV876qh8R94_VSu=m6)yJspu6(5&uu3fXerD=cV#K-Ho13ku)*$z{V zJ`H-|#Y*yC*;x`gqv(7BNb1AmYvD%@G;=hR*+rFsbc>ODzY^uQlpY4YKU#P4kh!Bl*vbqVfk~9awM7y-(?(J#uD@s;LV!nuk zUPGHvRTi1p((w_bw=L;3!MpF!;yRQI7V`c#A{)See=)34w8puc3+QA!nXmiywsZv7 z)8nV1pNw>~JnaHzK1zmt*+6sA1=qyD00qGG62hjWnK z?KzQYe2U0XHIM{7sguOnmA7Ijrc?K)SYF{-N$UI_oh)m@MKmqs>#vwgm!4)W5&CZm zV})=^tEa8aiBhrB1%5qtJ^HJbppz6iwM7a!R{2{ko3I$&5XmU>s#kv091z9o+?-Wn zatyQcvfgs8!89Mw(J#yk&Lc$-7V=}Vew$agZ%^PEEU(JuD@ocW((Hi1T~rkptN7+~@!W zMAk6Ol8Vs`>Z)<_6>)lI@(2c(b+^m;`ESo2Hg8Spj#~TF&bu)U!_DjmZRuh5!E_ws zCOZv}D@)<;TpB(+JD>yqymy%e5h9pY(SUiuLe3%tu&;bl<3#jhu!VnK$e6|+cabc9 z7|7F#*T^4ad%qt-e!tKPRnF%ey6@K^JhG3O5mz3j4_S|lulOt84knK3uM;p2pO7n; zOWrHI-(^{GSF1kjJ>FcuYi65Jit|G2zQl|hnT4*hWP@|YZkaH=dGhy0u$2xVmU;b! z0X>t5j~EeNEdKD+ucFh^!-Hq-sdL7@G3J ztmflOm)J%vL<#XzRg4e{F{S`%u=8-R+c^8@1Zbk`?SQCQu~XcAzxZrF!lkQ6tX+_E zPy1Y;sYTOxmln>zVn%q8Go;J|RTBJ;BuL~({`LQZe}WK(?>SPJS{`o!gUB^xW~s?| zSA6dcPy&C48XW`<%koop26IA+V02Q%yNN0rMMd9>mEVZmIEvvgC}Tb&NLE$I(EkG+ z{|;c~{6^_2mB$6SGT$&}ZHJxC3huGfX-1c`nIihW@IG=o63WE0kNXknx*zwZ2a=Ty zG_+UX%O0qp8SJX1f{5NGByT z$gTy?GMf};D!-L#RJQO#Fv~G3!jJVNcmgO^bvtMiNJcjHD&^v{B6(oP&fsSs6sKI? zYNDKxZDZtAFD5eDB&=!91t@2Sajg`W&Jg@t*2grc>7y;tZ2l+!m;@mtr+O`keKtzM z0Hcj(>45k}25ZMEG7J%k2RX+u_bby-9vorXUzRm2_g(A++&>{Qv=#v~x+A9H=AG@Q*T-+8chyQSc9LQjRwFxAH# z3PKPWsDh}mcjWd8^(Y>LhDg~ppX)&Z79I-qgau(Gr*egIUH@Tfh~U?2xz%pZ{&@k{ zlvVNp@%%>did^QjI+s=SV0B#l8Oc|*o`;wFPJJ>Y@@GV9!23nTyJL>z%04SLdD~xbtc&Nn0Sc<ChR%C$x zDn5HMEX`f&Yj3YiSoY{GtQk#55H!jEuqeMgvwfjd{g0#*46t;|3d(nj=5{=Z+gcK^ zfBpy#bc1rC))xy_AbiZDeCh_bvCGr^^!UCT9=?+|l*)RJp9b;D@jFbaPaTLy0Em{R zs70=u-sA?21yrW)U&*y7p~K`Dyw(geKNob`UopJs%r<7GT&33#pS1E93Q84D8K@pp z1=vN(S%Xwc%a&}dw6b}0jVM9hYx)XDq{`L`N9QL03trQd+QgHv(w7RyIjl&Pt5eKn z%f|V|>?8kRH=4ScdEcU+2%k>;#k(Q%74L1@ymZ_apw#t{wMefXS&zmv=n_tPo@t3O(z@?5q5>c{|6U5dnGBT6NjXEB?i> zGPrvX?_mti_zx<_V^os_sM?oe4u$G7G9Vad0eXobpgdz>sUyr8v7<))64kV%FvG&e zOq*GQjfA8|AT~oGWr^kp%!%vk#ao-j4UHRmnsdG0^LsuccON*;LqZDUzxox%{x4IF zESE~3=Z7?tC|_P67GHWnGx}In*iJK7T_-C&& zw_8SJe*Vg7*-t)tc1yyv9`U7vP`HJQ|O%{ zjnq`XFYhlBeqRF!1Ii5+Gs}$SHl}4B=>W#}(u=gLuF&Wl*J(7~=5mmjO~x!ZufV)= z2aP<*6p7Fat6A0+W!8JrG`q0%ATrl@+^KkW8Jskh0o%?!%uOiHmBCzN#a=3;%5>xf zZvdXqHTz_UJ&9E#Ir3DQ1q|8y^F^}7eb5z*$JbHzud=;(BvW*IBP5#k9j zqgYHjyTgWcQpTAzXc-h zSRn=LG$9C#UFjx`#&$}W8U2&@$Xm_pP{y11;aEl0clal7cdaC8JWxhhCbSRDUTUGb z2sgA)WnZujpRKffdMGBDEuQ0sIO`y3_>*HPBl;cRd9bbgud>Ou<3^$`) z?^ao@HuI~eksVazZRbCfE0jGTg)z>N#l{TQ zglI-%@i@txLw5lN(;JjSKO_8S0P#?{Oa9d8fryxKBm#B7X8|4V>i1A(!vi=TY7w3F zJ({c7<1>HO7gV@=r|*t7wR^}ezWPlcdgmteXQ6)6KwWv>Sl(OH;=o>bfD`T5w9eJq ztB>o6#kd<@)(?(kXQJ}(xZThX(A&;V=l9i(&%^tZ-uKJS_r^`h=Z#Ljm%-bPhvoB3 z+GiJ2 zrugc-S(4eYv{3a;m1i&baRbm1p%Gd%?PI&0va0Js&C)*`mx8iLb9WBMIPkP0NLz$t z>Mnn(w|~;#U>7j^IW@cuh4(?BF9$Sn@KkfH;W>SaXs-bjPPDq7)>x=&UBt>-m~4vN zNR>tnm8zArX|QPAY~4oc6#XdRh?Cx8zKSHo~s+v=Kev2Sg*Sny#1S2GC zkY(v@&BNT%-*FXDCXbPoP1Ajag!Sv^GF*(^+vFTXo_(mbpOK^)%O}l|Znloh6Xq^1 z5h?4W8!1h4tp4^YJE^d3gI{TWM(GH}@k13D;)BhliP;X^#YfsYD0TY2(j$9W2o66f zPh(b;8pjl?ocAnlehH8LxV`o3?KGn781z1*nHzzd$!gCC=)mc3iqYZ_T5w{YiUV z_vxJ=%LnID{mp3+`%C^>YRaoi{aNF}Uq%lQTk;fKLKiojIbj1)$Y7Llk$oCk_$$oa ze^jhZ0wpLAVdHk4zq*LW04w&Gb0FI>4&d)$=i2?-1!2-#+O66`UM@Q8^)8KtX5VyO zvbHYY!wA6>s_7_(Es%wsDox5Z_Em8;ksZ-8fWa6}J;RB`D-*^q!q1x#)D$fB*pypv zNMY{Y%JWAcOoP~Gl$ocZLoAk^^y7Fb4*OgX*71Z&+PczCm0YU9w^ZZAOcku-bu1pt+b;s?sqEHvI`1g9cXNdg`n7t~19T5m0{ z-$D)vT+5v1&?{84%DY7FaI5+|*bbj-neSDPCQ}F~k2H?8R6gV9VS(U8$%HSn#k0;* zPH{$z;&yc5Se1Z_qYsrPlT>)nG`FY79ifBfUNbf{oD+Y>(=0>9t4!iQ%m%zeiqgC& z)X}`E2|@hK4yYbwleY+`T&Y92R+%c4WA%<8LHXsb(WD! z!)@|@OPAvTPrtp6S-p|j{TbWKDja9z-Z=$7b(z832w<#;<~cQZpYv(7;zthPCuK9()9ts>p(2FqYyN(Y%iF)-j4fnDxX8JV9C9O)2!Q(2XfnE<^s+ z$C~#@me_4(mG~VjaVW_JzLoox>^KW_+T-@|kwpKI4gu4^m#Wur+YF1|PNeR>ffFU_ zet-iDB~?TrNg#??pN&st&4__*+kw%OU`ZU^y)lMR9ntJkM3f6B|K!(DtKD-Vv@|d^ zku*j_FPAZSYJ)=cB6O*?wkdUvKA9>Bp2@8hA1HymsHbePdF9xNSID*+`lt}MzF~`4 z-WRAChn%&>_HLDE|CiKB`Ln4vZr{B35<&K%OuXjZs`4!$lF2VtzN}sZo}{Z$gNT~& zu=QiqbpjkC&fa2i*W;`WOq!%XOoaF{Txw#;MpXKl-2wt5VbWr8kR8znXI)lgE>aSd zHQi9izIMT}A%)fwc`bEO{~!{^|SEHIZ&SV ze2-N8esn{Ks-wQCW>mZS6y2g=Dfjx_9o|hnB+5YgT=lxb(LxM|7_;k z&GP+q-w}62-h*8ml>%7zV*+8wHnM5f5L%;txHC0A<+=Ex+k;Iy(Kr9HGno4xPv= zzwK``taJrai7iHC@EUJ6y0MS0`#Tx`nkeQIY3Ub8lMVmX9!a97-egyX2|xs1L>n2e zHTorajGr{!T=O_G9cD<=V6~B}mr!mzSMBsWA&_Z3$0q45j;*O=?C9{6K*OZ&MHfVQ z%H(VLtC`fRsuQ800W;vqprn_YaXQXpoKaEw%*i^Z&m3ig!7_jSF=sMc$gSktxia{2 zA)#_ixBec%-$MII!Wa*@H4TJN_T!(~zg^!QA;t&T_PDq7+)oHPbh#nqa51FQuz&lb zYy+YEY<>Fv{#u6I4)v1_D;0*$_V-`=uYT;*#g445qu8O%>d+rERMU!dejH$h@C+|6 zgyP;d7~sdSp8JTO8b~QepYHvMe3b1Oq}E#&`J zGx#iB;;8>CF2qI%bL+L>J_#Q%{36)ko;f#W;)=&yCK?-6>BuOO6@END`o}=}^kC`) zLCqhb*uerFPL3;RjZ1=1O&Z2Nvl~?7?-iDHB?I%B$F}6XK89aK_L^%iip* zf%N{>hwUg6iV^G$R>wgXMS;|w{3fP>TNHy2?^-D)NX7Fpue}Eryq9kFT2sah6FDf z>X{u0hUh=neQg~yhuWVVe@?Emr%gXS;7+df-XMOwXGuRjDx_auM*C!5Um$*P&5^#n z`g>&mi+T2T$UZ;#GH!4FH`cNq=mQ6B^#7UcCDH-?*=7*nf2QpX*_B#Hzz*ROQ_I4&9(B)f*Nu|6(0eL{w^2L75 zOC{nAMMo8^CEODr(<~XzMYX0tQskF=3kuBl`4xOD;0*-L;RvQj#cROdor9%QqurQ~ z%$Z&9=XuOamHVJr2JuzsB#=FuGbgn1h3_3m{o;-{OL_4R3)_Bj0IJ%^Pxec6X#DHN z=s0WLgD;6n<(Qf17VPbNfiqP#6aT)9f9*mNB|K1@Z05Qb+rhYaD%b0(v%4gy@wltu z4g0$jpkca`vVqC|?YdYrF1ZW+&xsU3AI;QRdeS{&>j0;DqtUV_h>H|o8yVq@x<9+^ z96<;Ep+WXjTh2B4%qe3<-y^+Q$4UfS4O$I99AIUWcMmrduS+qP}1Ds9`gZQHgh(zY|dT>I?(3%+))&bo=1 zZ_GC0Dq4#<$J0me$%(MN$P_2NxYb-%wx-Gv#t_`ooo~I5Li3Z<1NW|Qt`Fy+Tg$}? zO7-frqh7$SH%abNY?5fV7cVbDO~xkEs0lE1(@JrpcftTD>O^h~F4fClUfh1D2cR=6 zPF?a&O27}efZ>;#U4nps&M)_e8`?H;C8g86cxx4t=4AB$INNK+WyL{cmoWch<&hbc zg`lwe@beeBn?3r~!wJmRoRU+>SuTP#se!{q*Lr5_^fpbgg2%D*NI=_R?Y!T4w$AcQ-ZBx?%-2Hb z$l>q?QHX;yrQSt|$ENneGR?}@@ceScaC`i0r!H!2Z<>1}BP$Ot>Gx>jfa4Gf>YfNC z@6{a8D(`mR1Mr-|7&z{s=X#2@kem0eKger-O9RY&dfKA!Wzi3Apj>+^=X_0qG6NqqF9BY4zO@KQ^aRxwN|!Zqq+^*l&P@!YI`WrTtIKj+fhTM}0q zB45Q+Q1j2vO52SztB_w86emY@l>^B%-?aufQe69}?_uesLn$kE0E4i{*38kosJzHUE~boCR<$V@N!gLGpF%*OB=Y&$n7L)vW#QEW=#OJ%1wXJj1L14bZoQ>d`lnRl_#*0Xrk_SAs^99! zOY=SGg0D_x^k@Z-CY2qo8ItY=Fdq-o<}kwFLu8;Az_zvyjq|sWAP5gq;-b&i2jy{P zfNdEcM`Y2YfycVwaMNso$65f#ZmME<5{I?&m(uk$VTjB?2rc>tO2B(quw<`h%+{A# z6i}&;^03h7vSu>L8k0!VWydTm)?wE4-(AccRzD#*!!raz(z!qkGFq5q8pk-ME-16- zoI~p#ab$&q@%P-)a)2RmVS8H?VMGiDQCC}*%cqoQ3?Y*uEZdts%Uj0NI#yvb>gNMj zmwn4(!e;4KD@hEgTKGY38UJXY`c&l`8p8HgM(Ojq0*;?a2Z!hJD=C*PV1AepBM)wU z8HkO})@~I3=x%Tza_6ODR3&2j3;q3T3*~@6%YSmxy-KsIn74HvLSMqvG9E`q=%$d|3x*dxmwQOw|@t5d{U)Jxx zk$YuY{Y#YszjqR_gFE zp_5O95A$FNpV4R4`811weYKTbDFE8NG?+*jL{T0|6#}(*C2DEF9r@cbvN1{uex}%_ z*LjOkGa-V8m|F}O%(#lR(YVwYDg5vwYa{y0+;DcI7paWip$J5rX|VL~i+*GjcMb6p z9*b2|Zgk3VQ5An;m9p#Ztdj_VHc3Q0DUFFoKjCe);S?_2lV{}0OLg;x>akJ(0Kbx} z1FDZc-uTR(&78EG*#h#4EXJ>#(+qz&I_Jykb>+YNO{oP?{Q08)dAgq)ST8r!?1xO#ckv3@Fpg|Q)w8wT&Sfa)ulp~AHn>UxXMwSB_dF! z*3)t!M`=Zp;egfZOy2**QGW-I*%=DlC2mrdvrz9a9@OVUtfIa;YMHE6jk@o*%DAN* zfiD-8)<>dV&-;5%8uaKH$2ilQ0YEqE97Sza2?Ez zre)8uX+Wr~9>!?HTUyDP7V80%(#Bu+#H2q*)~MIZ)u-Y)#QnZ1mKdJ9&aIlZ-iPMb za3L%1OO#J#t}qyBCwB*nox`?$2BHj9c6&`mOglR{U+(4yO2{#xA@%MsDeFcv_7YTs zuD@CAdJ<=m0UnPiba4!Un_7rWG8XYLwZ+fEi84G$KKk=6Z9Wk^5!2008b%@0Wzo8x zk(1s9e9J|_DvqMR?rf131`vp+QsW)~hP(k15oX$5LZ|i`jW)i0)jMJ}n|yFPc&SOx z*+sY{W|D2u&(UBa3fGXr;(0+Np}*A}Qir0g1Ps=VZL9J!fHQzyn7&xo8fjXf_E`vf{;jN&Nz9Ndcg7**EmHW4P zjjy1<fr({7d^- zWH+&SnY6P(AYa9tE!~c@X?eSzOM_ zE=&t>h}C$)MKpOZsU@k)29vF?4?rWEG&V5T3ONRcNs}voSDBUZs-<&%$l$u*J&`wI zFXAgE3IR71rLQXChU?x^>`bi+JJ<12GZ|0yGNw(WjqLiZMo+l7rrQpaAaT^^{H@m! znO@;;ADKx!D-Z3bdWe&J_0J~x9Ws0Y6G@}d<}`wd`$%tj3bWVIu_}7^F_J5XSD!C@ z(8}xmnaZML?oTbDYm-uG%@9&#Nk(tDB{IYH01Tx`tjtc}4oePo`}TFK=liCIzB;s? zl9Z4Ufq=oc^QV)*_rFPz~;^H`slpd9X{$16~DqKylke zqrJqm(Bfrz^9{0o2oRY1pbyS!mvA7D4^i-3Ui&zp?Os%DGPkAII59Jvum z3&sGO`z#_ZOU#IL#4a%%@MvNpH7F!9c9}?#PaFB%I?&x}Os!Dw4r*k?P#FOM`0dl| zCNjtN;lYUBK1Q{+%H=s-$PJ-nsFE8EZ#q$K%*B_JvqUzVr^e6c+m1uUjhkmq#bCu4z3@u4gn3zO*1_5pY=$pRr zKL^{bjT!nXyF*6?tqC;^{WhYV?53p9vg25RxJ6qqUU=w`9zGpYzpzTE^JG$$8$Ru0 z!>S-RdN8hp@8SCI3g3Juf6RnQ^-V7)aw(y1UC4z=6@m9lDmL@`;pvv$v=W|MzpA@M zb0kW@aK}F?ihP)xMioz)9@*+3($%>$45Ber)#!(9TDhT(a|n7X(3<(1_QorE zE|yt_lg73nRr&xOMq@kJG5iLg6TL-V4&uT=*GkLXkl4mSuiIEP5Wr^J^d>U~5H-%u zT3i#k@|bQ}Qe`d<^pCXXm@iF9Av*t3ZtGUC|LR-lR9J29f^`)0Or~_#zcfQ-H=LMAe|J~L9s5(vCR#2 zhST1OYm^=tPgEci&&YOMFd1hg9Vd3+!Lj^<<8&Lz#*;g0?MB0qN@P+hGtI%+Wh&N# z(OQ$cNQ2SQav)_t6y_#%;yN_q+Wamrt+2O#Sob$VbqjF$h>mZL{Y?}j25&@}eP-IV z@eo*`$4*~6Q2BaxH>Xy9 zTjBFP#<>adR=tFT@=!=vZ1yQX^cdkv)QK^v?2RldC!Q^h5Nus7Q2w3O0ew zuMu$T3bcW3jCw*YG1+??HnU~TUkQvJzfu;gi6-BA2&WFEjzPlh(n=S@7J({Zw&F)O zb85tuA;37dG5rHd7EchHc2biO)ybbo*ED{V&JCsG9w;MAR`YIt++Xg;tX!c3(#fio z_o`@qa-a(fZ|}_F5hp5hd}*1Kn|4=HcGv5oK+MVeCjFlL-49I6q+*x{%t8!Pb(mu4 zb^O?|%-1G@DzXL&Cbr^j2J1=&CR4#wVJa~N^~zEx#h}DRsyv-|*!?>E({U}jXO!mT)hA>co6Il)bCcL5Iju;?Q1uUd!fpJ7de`+0yObRPZc9pB`yOFm+2zD z_ybrBH*EJDNg~O@usmcw`FRugdgorf2Pv=8&Ss14DuPisQz>dY+l7nm-ESZTbzx`$cb4``b$Qsfz&XS!sbEd6PK{R8YnGPXC;pQyP0c?lcw2_t z1nhkma8cd)zfJtq-lXEFAJ_8woYVHEI}OXB$2F6fWGCy#ftL^+5(lNxRdKjl@Paf9 za+cZxj5if2s0h+s^qqWuu`X=AE!X*@2v6FKxp5m=xzeJf_oa`N17Soz*{FzUsLeU6 zOtO9aD5A^b&``=wsLC$rj}JQa;!t*{HZP<9aR`<(4Axs)gqU_SYWh|zH@uV+k>mLI zobVY zQ1FAm(zPtj)YixM-)CF>xGV)9yR4JOfu@2_`AAf;5kC}$#rVAJirhJ9dt>1foMGao zZ)e9#&W#>vuvq>kDEX~EO8%PhptLX3akd2=-pmiC7p*enwl+Q$4~(=Oc|xtYdayQ; zJjf;2uKFI|8YEEt&n5b!@CBL;l&Y``^WoVbZRjJLAQs9d#FX`9Z0dB08St360L{go zm2qPL_tH#4;(;Jmm$DxeP*agO?wq@S>l)UY|POIkg^U6RBTOBJ6wT8+nqycv;H2^v+ z0}dTiUVsKFMSL;Ao%NRld*wO#|A)vOsP)q&=3;LW8irlgn3E<5^P>x_EUR=S8U}VeYU|4s?+8UVdzIw*m8k)ur zHxMQ0o1P;&@fsUPLOyv*kSuJ5&TVVv@-&{JRbnX$N50gGrm|D{@j^;-eF8`_zH-;~ z5yee3r;izp{mu*9u%d@t{-ylYnv3TRL0=M2o^KOx@k;Pj!Cy7UuLw9t^))+*`nvnuOa+WPe$`3M&RK4avM`!w~ z7{jThVof^aI-54?!}ywmw!Qkc%Z~~mooq91J1jiH-&+(evwem5z|uUT>ENOHNpAWe z4DE>xG_1jpfktN^-%T6N5Kv}*CC`4N=URk2` z*Uh`1kd+Abh|;-XsaAOoAjCM@;>z8AP-pTx?xM1Mo8FUFn(OL6x!qBqVarpzOs?4q z2~M^{{Wn_t^q{xGK}bRpx5!W02ZZHvui}4ZJ^ju}k;ZZb58j&R(Fksq8YfL z-IlWv{z}Fe3DUUArcvNhZ}cU=3|+4`E>JoWKS2NLu8&Cj@tlf zP-j^ZSWtJCxml8>pB-=7tH;CTt>C(Fz;2P^njH00RYcP4$l+oox140GRoZVXUR9?d zbvAS5HX%8vKx?qQAteT*JxQjtFW6laMBCn+f;AK=t#Z*K-ZecgI0(0X@eF8(&m%#3 z!AA6Hhe^w=&VuY0NCdr(|;;Mw9P5q0yT$)@i0Ms zVJccHRjGZ1(5448{p!rZs*QFm#Zv0Xq>4=umwz*4IS9kWBKKoUk^O`vBwr!u(Q5R^ z&n%WUqY#F4g6(=qC1;c!Gc^o}%{BE+kQN_A1+qx7vJ|?@)Tj!eo=r-LJP<~u5#vjw zo!~E3WLcxRe{!N%!NJq?(}~a(ZTZzkx}g|NK*&NFlxVDF5{~geu1!4*1R6M6>Dk{~ z*E@@fkm}n|I}a}a5ZGls7G;Js-$A#Gp;L3_zEPx#H^z{m0zFX{GISHP@b z37As)#R^S2H@E6N>`izupE);wke1u*3Q5u9$6X8Mt;5vmqTCr=97eean`RSUF#| z*mWqA(f?~vjE(sd6tDb6>Mt^v6I7t8+9>*)q7e{*RP}vUxKv~jXvg8t-Fcbzi$E_s z33ieu?-?a$ZCWgi;A4A#VoCmcV2>!V)9(W86!)LuR8DFa zKLK1*Lkx0B9C)1e!+lwx7(PO)v}fz&-0iAqzb<#;9v&|Cck}}8^rq!o&Buf7P_eZHe$Nua z_d1P$Ko`fu^T<5VlAQ9!LJTi-8e-)B_7m$I4V~qj?|nS2+Y8Gx19v@4IQu>dc>OR9 zQY|WB(@l%_PeKkKC?n7pp=TcVLDC6i0gK6Ii?j#JHkHYYaqskztDFjeh3|W2^m=e5k~!2b^E5B|K5W*Q0{zKq!jgMLt}M#4{-~r2Zg<^Mz=MbIT3N z)2HUrAjn}{SU+K=g7gm{=+dL&(}ma=GKSc{N$ zVkd!<(N*f~TqVn`Z?uNRS%h5n``R+uAz0tZqP1ZFNO?WTfFoW{$0n?TeLmW*hZS6d zeLvcA?L+7Uoe-2@#uR@-bGyE@@7rQt8}Sd&pvR!nesG>`^(H&p{Bg2%s6JuISJ`02CB4g_(?-`4l`jaN-@@NBRwTr=vWFnN*10xAcdaaxD+6>5S5?Mfv zx+L=Ll>Y)}3xa;9YfXoti1647x1A%~Y-AE9L#IhOKq4y#tsj6qm|BozlSGb?KAI5dv;AeZGMenuD*d4TsUB2*Eg<>I%K zNZw7m7Vh`x`_`>9_53FHEv3C=XTgZ~E@u)aCPxE9(puTtR>-z^*~mDelH0)e$|RMR z)Vyr^t=*8BqWtBCmymn@9OZfe?2>Q813$cUnxk}ID6^eV7G6#BUr~gKSz@40v(*x z(3%lwmLe5|md!y5))^f{H;gzrCC@bBbBa;Y%m{Gjd_jNisU#wfImZM)WyhL(eb7#ecmwXLCJcXsx8{k>iIk`euj&)D>z@F_TW`GtgG5Zplf#smlVs(GKAIMA!D|8rZA= zUy1`>0n!B#b5dw84J}slfg)8av6qS(t((z&*3z!y7Y7|urx&Tn;R(?q_JnzUr<4Q_ zui6p6#dG~nmdDa=_tpIubc1x7oZ!w2^iKyFA}cpB?TV-0=s8Bka?Go0Xu|F#ujw%QxhhA*u7+`x}WAoy|Yz<%~E$Yo6^{`EnNvnC+)HdyB z;>x4~@lP#V)73@(A!zZkl9ET_hr^;GIdqleyhi_@0xiW3mZI)D(|v_|%+I%%Y5xEm7P= z`Fd{sg_Yixw_qPH#n?sXYVGg3@Rg9tQd3Wa1;|vi=m_~8k@z4^@HLMm0SDnJ-#1x> zGE)?C5NZn^P43&|TU*SC8$S5q6xt^ewAeK1Nq%>I`7{ys05xABH*ICoVn7)W@B8ZXw?yil(&|YmNm0Zt5j2{Yv|S1J3gC zdy%&4X2e^=)gB2sYs-W%KwoyjB~azWlN!2cSR9!QQ2CfcI^8IO7;v3GVx;N;yw&|*=tv_6ZPbzf=^z%vkH}IEGqK5Rl4d@VD7iUH9+b2z=wrPcpI7hpX9L`T z_$a0_o*O&>o6q>vS7N!vFs-foQ9Q0}et+5C;d9ki~~|%DVE+ zHBrh(CyIq&oH_(9$@?KZc0fsFAewf!;Z~gI%RZLoEiwev_I`4B`a1A2<;K2}lYJfw zSsZl^eabjL%M~iBh)%kYUfO6%0P%KXkDXlGsBWdUMFbhD`Nf5Z;_Y?av`d`4l(xy#40I61BqVSrTUHsFy9{T)#Q5^J0! zs;5$t?w!!Fij86H-u%#D+?M93^gB$kYMX)^426O4Cx&|ntnjn}^qk|>i@OV7cA@~r z%7@htzhy`u*qutHl_I+;6N%-aSoHLt1Dy*VxRo;vhjxf6L|T48lwk^32J`j$V?-E~ z3mNvoUl!Ak5&t+eO(Mjq8`mKzZf%Oj4voOXZEsF`%2vO_06F!DGqYw{6L!d>K9+4vhs}jJrDB&-OLhPILgJuzl`A+RQc= zQ!Ni&z^(0hXS=7~aQUINS5U`vrqbcQon6vrQ1{t5~l=%`=n<8|qrAaNO# zN4av69Fw1MY%RubzPx3fMxM2>{1!MY7dD1+-CM=b2Erb4Ro#0sNwC=@GJH!Mq>w0- zxfo_UWWkUV7@_b=9Ex!2>Sn-Wm98Q5Z=%e)3lU>2BWtQ898gAC_$OubF`Z{^^iHSmlxNFr3i>LVWu8j)=6T8?`oghSdNxU^ z_UjlTpI+j*YQ2w|jp4AbtH_qeza+@seShe0MAf#@+D&p$sP6?%iw>(bwJ#!=l+M9)bU88u*t)T*?xO{;cE6;Ax4| zT7bjzsNMI8)axicLCDml4IJR#t{--++iK;-Kp}w20jpAIt{1=KZlg~*4^yo>w)eg$ z@1RmV2Z9rFG%ponW7G`cRyCC|=aSt|FAmEu@<_?)`$loRcV7ft0g&*FCk@cOVxt(q zqq$NI5sFHM3Na^9_Ho5x*i(pK%@ zh=@tu!l|al-K5(pkAc~$3gGe^a&xwN+fh}L<3MyZ`HSr9h%jQSEJb<0WnpFj(+7c4 zEoD<}rn-yB;T0&oxE9T*9dzDmfKEYPR z0V#v5P+a`0uzOwW+`EgN-xs0?ywBKii%vk+eytq49%=s%iJ_KpZ$(Lk=c3_l@vy=a zmQ(4N>o%3&4?lNHQr5>b(odzj0X)s|BHte6M9v-f~kL6~Ip^`^iwokO{xQ?~xYxtsG$NLQ7Vhcih>ntKoApiSP_X^N4!LQs*~aQXyJQH@yLv9Y8yrii)Ld7kGM`SqZ*VG9SgRX81v;L4!;$%-8ZA0lrxODOK_k;)+x-v zRVn2&RF>C%FE#uyo@~a_Y2+Kv`>moqjB!a$%;RJnI1`>(9?FMBZ8Mr`__=30jDF9T zpHo+jjjXkqBaHD(Zqzwx90(gj`6wr=eVr4T@oMj(jjTqL5=oOFHJmg~IslAFI(BAR zS*}LM{vYMQ0c{%2fJ9b)yIArRsT^fi1l+6-(p$GxQb5YO2J+;X)ukUBl*lCGe6zRt zBhSyBVWI54!4_{J5Ui}32|UUWAq}9 zqNvzkU{cfc)LKONRFbYGfy`HRmW?pKjHVZiz zMgp1-x(|3fW{TMXlyy|nW6nyY-{YH;%?$Y(u(Gp>Xh9=sl8A4m0{EAnJ})*j$G>gAJoUU{vYSR?)cy8&m(QR zHknb=*Ta}P4^{<_@;Cn9z3cfg#(`DgL+@uaeA)}TeCk!*1_>ELa#tT4T~L)aB>C5E7KS7)z}L*D!OsBzT5&d^=l(@;uc+T4%f9UcZrtYZI$e( zsWr%x(>&%*bE6*x$08zvi9(nlgwd@9a?EDa@+l*JENYaStE?en`!3V2!lvZ2?I-Df z(LU{;7S=NXHmq^xE^Nf(+B~k3HL#{`z)=S+Jy4T{ zdKFOV3^@bdSma~_(C6j}Cc;daW{hg0X;j2+3XNfoogT=`?9Lt>!z@^&BBB{2M%J@p zX~ZL`L^0!cj+Ic3i(SO)_wLvYe;WYG;i)OVn2j347^gci*=V!pD=|5m_M{vJgWM-g z+y_P68((In74{h(AGsFmH6;#+t~}Od8pwTYXRIVot|%r6l%?FFw!jOWQm()Y8LF6U zRY2&98D8Ppr6*F@<gK8tX}1D4Z~g2 zw3MKve~zSnd>yc4K;C`Qi#NO=xBuSPBBOF4V%>EZNRZJYa`NjYQout!b~l2A&sHoE zTJ$y26x7cmqAqD(kY{aIPbkQg6dYR$>B!mEdB1tx^4DG%Orq*cA|)B|4;_8OX*UXt zr#kYhU{FKy&`|O==^}&A&wHl=P6G}C6*Vp&6a+OFMc167A9|dgJbiyWhjjYqa;XI|6Im{TQ^W^D`cq>DcCizN41WiHbYe6Gw`CV46UZn-g_Q zS*~uUZts`2MU6#zvS#{>iAfGq}O1qL$NkGmv6 zB*hY3$Ys`uNwqa+3Qj#;;+hKsOST~MqDC_I7FUgT2<$?niW$KKSZv4w2}4oc1isiA z0D^tv=e8J)tp9LXQ)$!pF?D7<#uMh)?S3?gP%67bJ#P#hkFDVW02}g3Os>OFD;t}k zLamni9d*}coZh%>%tx5;HnoryX)=}4tW2752|q8^stkwnmb9n*e+}_VJrSFwar}$; z|3&=&BL067|G$X;U&Q|};{O-%|BLwlMg0FF{(lkw|4WGfkN9aeJX#9V^1_R4KG3r$ zvlXVK8O)g>jhg@m2>;bLZ@*Paf;;gwosv10(d6=z7z>XiUqpP<0FKL%lsO>3+n5=M z6O<|zv$D$n`{oHjk5$-9Z6EdBCtV6i;5@>yGU!2px*%0PMx$V#iK7i{J}K*?B%JjU z3J=XR7DSaw=f20%3HPnXFV&Y`Nj$2Dx^6!aDBCo%AzR+bBbep_sbjn31hQ;Yox$YM z^a6|ThWGXR9l})S%bpmU|Kt++$aOK|6j#rc{HN4oyUPJA%s*=Ng-|i0P^K_+HGV9( zNCkX5$NX`CZ;Mi4p0y*8<68Fb$miYEqJ&Vi_`8lBMCQrB=kuj8g0=k5i$C53tJ|7_ z-xS*v=+cvtU#4!QwAl3_SDW>Ux3-TTxn|MD;vORV6+O29n9P!;RQ6oG?eF=`Ca#^+ zRH0L*tw%K%(TpG17bY%=zbD=NqILz23Tk=+*RQZAmvIBgw*ePK(n5sg2&+1LGNI-M_JPx$Gx1ET^}3CM+}FydOUPD_ z`DkGYjkqu#^CE3*Y{Y9xnN0MzO0_0-LfSONNoe^INR?whAG?+>@Uq1T01dEa{@s>l!MaM%mzHB2p4INb>91lTo zG-wqJ_AZSJZ}f5Gd7#!YYH9wSboy;G=b?C1F@k~#I^7r5v&qgGjZDNm?MnMoyZbS| zEWQDcxKZ0tW!_N_;x)j`0YS{4ck4^F&Jh8Fm|wUb&N{a6uqhrmlW!<=ze@b2e84=! z&`RA>B|hoSWk|_&Tk}`TF9&VpV6*IC7$3$C zxu1T`((A5(JSOLej3FrOWXiu4T{S9bk=; zCP;&}cY1ZX-=LtBbx{vC;^@ z59b5XuY`TJgtZOkD*_iFT8^W1(6%B4t5~9IAg$sNCc<%#WHJPB5#3=_7%ox8PBe)s zFk8MLwmF+lYHOZkQx@7XRi^b2J?|1%Zl^&n1M?TV@$_{-Pk(WP+* zRe`L}Nj2(tXP71}#^DD-ypPqVz+q2S*elJ1qi|r0zn(w$(7Tc0KC4zF=*HIUd|Nm& z45%8aH(HI)s0xa76OiWsfTORYhxeXOzps^vs`rrhkw=0Izrru~_mR(~8J>Rn7Ve4G zD2BSP&D&1J-M1RaZ^!H4!PNi~FHxyACvDD`F4QE$7E-O7nNN@Tg4vlmSLPNaZfVn<*^pV+%B4@g|Gt>2sQvM%I}4?wDhM)@xW;HNP1{E`!Zi z1Xk5re9K>E^$7f!dqK_2$ZOxehiC1w$R*GJ^F5Tsl&g`UWMbX`K=_nYgb|Bv0hn(E zC_ZA&X0!aJyMeo#p4 z)?%6dq^FhrqwvX21dI;ocbS^6`sn1^4Sz5ev4SB^E~VLJ*HO zl+DsM>ZA%wbrc7>Vtaz|7R~b=ScV_pM34I_h(U&PqOd{w|GY?9*?woN&ujRuaZ2UV z`K)9(%lGIL*DE87%Yv*5NJYqhrw{+2UX2Zu8Fby4?vqzLVASGsQ69yosACWu(`bVU zcNKlv2dS!O3Fwp?2G59V^8L2m9YaO16v;%W#u}7FC(?=Ks;e>ryAQ{-!hxMf&r$|) zw68?kqQ+-kgQM5>hWV%?=~FD$D>IUUiR&i)vXk8=^a~UF4e>3b7|*)&3)B0&gfEVG z2j5AQuJVvfPR-XMXr_013m!`!FpiWrX6G!IsIyi0-YXw8$Jp1-fZm# zqti#QY@=O&eE0VVS{oh(^L{mqhp~vbT>FXwX(cRYvBFu15TRVHW%hp4jAHZSJ(yJt zjfxgVp^NP+l87aO)ExYLB(>aGImZd|^hlj~?(%G$%JTb9uWjr`xl-OU3}oW7>BmzF zIBF&bt3%BkgY+9KbS=h{iqItc@4>|-lMc`EYeBxE+RBSQ!o4_BldmQCwAiE(Er!Qd z#kxF8$i7aXzKoh0hI0o}gPfk3ZjjoMBwwFT-Z$tje6{_DwzqRu>Bbu6+^gV&4G|ml zVCqzEn)E2Fmq{d3DhRm8PHIn6dq(EsXkCL1=B}BSkd+RG5y1S*EvfnOk^nZ z&@Mkip5{{fhg*4Qxg19EOOyOyIDxGVK3<5H&*ZuuaHYaz#VA>~(;$1S;92h0J{6Ay z{k3^_k5t^TY`%fIQ%rN~ruj(Km)b4*Ww+k}RSuDf+_g+0*P2R+)xkxuXK)4s-F$mP z`~qO3K!L_j#r+crHuG_K&%lW#3y*}xXfEJ0Z&d!=ePr0xj6TjTCk3eVT59b%HfPeJ zWz{pPnw+v((e0Ok%@W=}PmU;l`n>MXjU+{pNy+gvnNeVVz>1(dSIfZ3))Px|h`A%DyJiCJEmudx z<@^lk{Pqq<=O<^{ykhQT1W^Bq#D`KLgotfF;1jIxY?TD}D^myVY8A8n5ebFw#)F)4 zjou{jymnhB38>u{P7ke$a<4=YA>7`=KOolD-Ia4AfjR|O)XpGhbX(5~8$@?ushJzb z(Vi#7`1V3rEg!#3jSoSqvdQALKXm(`j2*enwuy+O65B40%Y!pLoR&!*xzp>DF6_jG zHh`r3sg-}+x8eaV@MLf&kRu%r3LaS zmc0||bBvHaRtL`OhGCd1M!qSdzx`ttY5dC;IsC5zJ(%SiROV9pA-d_5lWgBO5F^eH z)wRym=jwyhcF>sV&L4$0tF~Nd63Nm$OuYM?(B)tkWVe>{#0Z=G~) zOf_t~w_fp-=tjgiWxHUlc@Cb2RXL(u2W}qCl@>J6W`^Q*xlIE9K{wcG|JbYN1FvD5u<&6Y@%-J2<0gu#~{?sZI25_lT z{jRJ2K4{7P;eGe4q64``o_{thM_dJK(1fDG3VcxZ_+bK5kAvuCRgI4D1%I9tdeJ=I zww@!D57k}y9k=39?o#74w&J8ohEt6R5aK8S%Nf`uyq2MBKB+lH>?k#>eU~%^u6NYXB(U~b0j$a!w}f06 z6-7lV32OpM!p_lFsFkdvsK>NurYi|_H~HX*+mos#cAB>b)}_QEXOWg}GArhnuz#2) zX2k~}C?{_#iev?3{<$co^-(0-yOw2ZEDSRwUECfJ8tckK@-|i?Zs;9DV?1f8tKRgAdzAvghrBv00=Hky=2xn+t;o5SzsPNgjNP8y zdNwzjNi_<#@>HIQ?nu0-BD2bc zT1&i?a>c6e$uGb^fQarUSzd44HvR~)bFIksWLSI6+Ko}0oqJq^bQtRgJniN8Gbr#d zd0s$l-T0?IKI{S{);&TF;C!w=8=nfX-t;2gK$g+#bK?l)p~nW+zCu>pEEewG!ktC; zG%KzdDdupt{+C3BZbm-4Zu*q_6qNxbS#!WS8+++)4b>D8^X=&U2PZ<(bc@i&DedNI zBUn-TCGA@9Wos>IXBWwaQfZ9eVC`!>!$|U8378uQ@kUjJ(#|%a_mVxQznjf)Wv;)` zM!dyP>2z9@Zz9`;?IB>7CJw&;M`C?Idrp{ce8dLM`HjE#5!@vMbK;du`_HC56Ha=H zU&r^F)0|yZcUnKhMb*R}D07=#mWNLBV((^CB~E`ZhBWw;>jqoG+Zh5(?5W61{5tAfv#mRRJi7hx6 z6D7CBNU@>5`_dasugGvO=A;9mB=8I7yT0{Pqb4;{Jip`>iuU~w6)5liAr>$e>5nRx zeO|iNZMa|H8UYwB9VsOK-MIxmkjbc#wOUuNvq^;{k2a+yjkOVfBxLaS0-YMesDCVL z01HJE9}pvZ{4&aL=Ni%K_6Uwl;EP`<)ed~hn0JiCG6G)FqD4cke+ORIvVjDAq2Me5 z^M;L&i$%UAp*-u=frkb}z#&g7M;x$6O!+8yNDTUys|%YwEARJj%HQ56M{T>>F7xZ~Xa5|MdnfV*HM6oFc}CIDA9{&^o#k*T5nC(G@RRTwC7O z6r>HiukfGiFW0yFatH75-})HV(0}GmK>7o$N>D;2@eoN)q-p=Z0FEbd*x*Sc5OITx zN;43z1f5jNH8pZvspQ+uo#p$kMWw-Y*vNs5at{E89FHm*uq!~4d%y1@YE#%swrTu~ zG_TZ-vd1EpgnsH^8dTK5-z01+#^Rjw^OO zdJ0D|)erS6R^c?ap~lP?3YyaG_Mkp9K)ukj&SjV%BSshYtU{&zXcw}odKNq5Pl9bx zZt;qYRGnQvC{ArT&aluYTMqS?V9fqR(i#b~pTF`_m??rLE zHWJyvgEaP?4PlnDF|wJ%r>QjM?ZGax8gbyjOhk@jkLS)yvy(6FtGef|ZR#BZ#3$8t zwfZCgcaGvx^1m}sR@`AV#PEC5uT~y^EoaX@0hv2ROT|)eY3~Rg?N+53Dxu$W1ovPs#hgcDuR*v;Mrc{dNdpqR-SFZ zX-XBFJJW`=+X#(ckL|vsxrELsCMQx`qHL=gdFvb?TUyH6=1u4%g!B zW&>Lt;D$&c(lgn9KeEPDFG#ZxDT>JZnigEMm7>YU0Os%)z+lf6%ZHTZl}ksi^gg^Y&fothpl17K+%p5vq>w)c?l*PuY2cC#o$P8}%7U&N7 zZ^n=!wo9I4$Lct^=9|_?>O@NEhoDQxOswD0*R2LVBC~aE-E~Q{As1fDBX|9`ie}vy zYV#+rC#jbx_mO95LQ4#eGa)p#Dn26S6M&bZ`0z|Hth_X)AzCV)K$#^|@zvpj3PoPk z40(sOmLeA6{_vf{gQj357b#ro&6UE*<@I)WX=2w5cZ!vjDfOo9AY9zRQFYk1DI5B# zC7J78xgdYsTM!Naau9dwAPLD&yFsEzv9--tqGUT(l9#Cf1S{L|MD;3D+4g_4QUH_X zY)uv4)qV(jZC4i7EXix~5{MDL-LjNZ#j?FC9fq+qqg8qM<4@0gL z!>eZte<0iza%)-t`-UR+S#L^{cG^RJ-n;*PFt|Tc!>?NiTOY->{k(<Q>27h@EV*5Iz`FIn&ognVQ32}nXEE!tQ+?(!~oi2@JHN317Dto;_I(iDC4dnCQWFIzNjmD8zs*#ebinkMcUBQt{-EnMfY=h+|Hx zvx^_^dhc~cn3Ibi@5mLG520umTa~nZKcwUVQ%awmNwN`8F%xWS7K)H-AuXiS&}vj# z$O-Vo>=E=)G92ns4;7-mhTT?S`}#`WdyPrmNpAVPtuwvlr-OOhi;6r_FKWcrZd#Cg zUc4pOtxVgPy|VieE}Muv4^^W)!P=mz0d@aTmm=4n>9)w2d`n)i&+2zCX5_`^mDK;p z)k?nbnN4oCHC`J+xJ`)Nk{MF{^h)*edZ?ai;XR+ggJmNgNh;9w0Worfm8HNO6$jG| z4uC{#i&AX440tfXvH@Gb?J|w9IKfp&c~UU+a+&B|WM8s_7~(*G%%9=Fo0W|Om=V=Y zEo0eKbC#j6g`|&F8ZP@zSh-HlQ?@&oDSb18uGxG>syz-5O)ANYH!l|Cj&FHJ%WOYu zkGPo$eLuCI^4oG>ynaDmiV}LGFRvM+J7&W^F_$Ii;I9_$mGxCkZ(8UsLeTM%e$2Dj zqF!fKKY5|bioMXQv=U{4av0pD8wLoAkG=$Rq!}vD&3X7u4{Hb=`c6HANEd}_bG|8z5=Ti<`WdEPFKQvMEgzebB|Zt{&T5pYAbax8@OwuRN$ zd?#8*mm96IJ!KC40pABX1wR*9vfY>q?>1Bm9I~x41%4!0SiRD|bc? zp<5??Yhm6st@aB(J;RcE58;35Ta;P^qXE+v7rq4iG|%l%KB7CyGrHs%S9^Urzgl#H zCnZe4leYUv^`Y$#fP1_?-U!vTp3nXmf?)6lCfFa9^wi5Km9q~ z8dj_r_8Hq)$wrG|f0|YD%&ZnK>)i*mZ&vT>cdd_CGo7B}2eu~xB;HDtkomsLA50}M zTu3pyFlWgZ*p)G733TQYTOB)5pV$fm#=6l@kS>ws3J}F!GoG1_!I?8r&tG7w;sE#I z^ibcP7qw|8^QSg#gjn~&MSZ2qymGy?o3x~W>A>?-WfQJa+8q9R8~3@K{fng~g=xdUL3HW!$(8Y6hA78D@w9)qCnlNZYks z*k=z8-}=vBdop0qLKIczMpXm$9Xo#HVQG}7F|Mpeh-^j5$dcD(z_lV^^BKdL>EVK9 zjbC1Lfsm~_C9gsEc>Qnx_HPZ0-FE^D^7{9```vm4l_;F~F+v;Bqi z%mkY=!QfM|tSDyZ)r*$#L}3jr+~lT6qn9YP->>l}Fqbou@drj$60-9)IbIO{=AoF- z96;yLfo4@CQ(pwY5HJcI203-=T0#Nd2ezN%(ifE1*tsjJ-1+-0P`)ed6PC6%m<1pf zrT9-=Y@T}|G3}(`(kOl=b5GvN1Y$GenR1POtVt8bF%aODai~4;!1l7=Td%rdZr=^s zQggRNo~iO4UCcJ_JJC@TK_{t=$Z26YA$q`Mw>Hn3b@C9cm!gB%kxW%)aR7*=`^%&> zVGLVZK6uA&al8w1tA|_zaWQ^o$Ljhnx~oQ;3H0-9u{cBVAW9+?EzOSBe|H~cL0f2t z@!!*;Rci&JssseWs7+JQHJlkDHeor3E>!2&WoW8rLt z+lZ6pW_6IVJxI01%dPYCpt^47un3a$A0~rGMtJbSBc*?E1c^o*EZE|X7i=+y3^u=C z09%i*Ysr9HeAS$~5G7bd<><%Ffu%!D?FO0?x|AZT6q0U!G-4-;lb};JcN|EZnoLU+ zfv}IuWayV#=EEmVLGMj(IEN7iT}FW@^RUZkMD_G<=$?4uJ7UDT`r=>)=4vP!rctq) zfEYZ8eHyKJGvy zEMY?tEJ4cA{p;@l2VbN}e2B6gZ-tjQ5_yDgoO5u_@8@%RgbXoGV@$C5HF|wvQZ+Q+ z>UG(W`W|QGjcc0utFOQEaQfCUIJgRS^r zQcT)`;`*G}JLQJ;`DwL-_FgH;Y(sOc=mVkZMrV{(m~+EZDfM9gMs#$^a&p@)3d&dWL~rEHz^f4buye-<9!j50(Dz*;P9)UM zhPbGOQoF_65JXWMXC;jt9@jq z49v_~3qdELSy|4GrR3Q|Sf0P|;fYUV&a&3?4f+X zb$)(3k~+{;dF<1!7N>HAn3JZ6{~u)#f{Iy1Fh&^dI-Sn#oPS?Kl<1&|9RJ;LU?A z_O3-POX$x7H#3&AWM;b~%8wX9MRL3ZI9>wypMAtj0B4()tCe!3I>5ac2so>t^llF< zgR@er^wogA7l=R#cJ3(A$;s*I$%(#AP!qRp?q@$DQf4fNNfoZaP#G*2jc4IiFn zRr^*waJnXIR&T>wgcc%R?nqS<-pI4uvb8_Xsc!ls#DAhoFH+d}$)$J3a_Zb0fDax= z8>f9+@=a21&<59D(p_DW4)UCCD34>^8}WHas6GI@g8eIo>|7Uxfn;Y@Pj~q)3fw!T z!TOidht}?jW(^tD<-p?-uX#igu}3N%aTl0RaX}dnB3-qE`3duMc$&7H)U#zv^Mg*%z;1h= zMeMU5F1j1+2fC;Ux>(_|B!zQi_P`Ry9Lg?)VgNz$07wrnBMa&|p>19WJYdmA0|Q!* z$%hNn;Ce|K@j5Eo^@4a-)AK>uJ%3`?vj7U zPCk!JiGsgqm5YWoE5zx#EgD=B*79QOnF>$S;h{6DAYWkW#++T|;qDnGft6{d2dHz1 zjomhJh-KoEMeWSw1p~i}jCLa#T3~T*RYkj`BVOw#i*2)UJ3>>BP$)wo41ZxDxx2xr zGL(~wl(~cow=>PR_GIHH^|11SKWBi4v&UV1X=*ICrM1|Aw1=MFBV776lEa7Uy!a#Z z(SS)FD`*h*xZq^hp?#wveERp@JS#5>cYG+H8?fg+5yew{Aj}BbXj*bib_vv=O`qR5AbBqQdS@Kp+tlYJks1@%UG=;=eUs}1xmb_{52b!;aq_&DjMRp9K|$< z&`fZHc@n5#A5oW+2I2uFK-ro!Si*_UehOVXsy1sGLY>j=w~Rp==HlAepPkXWcw z4qWw%zx@`C5+EM!wb_#Tw1A~;?Eqh!@104cBt4ohXqgd9BpC@&ee(0gRrjUt0{Hpj z>OX>LW0?^Pd7e}L`N*>I7hu`g8TFU$LpxGze8m(SPqas&gE~5^JV6)GJQA*x;`Y)d zj}QmOse~`}?`Iv*9Sw*t-+j7Hd<1;24vuul{`BNcT5J zMG|xiu@t7-BbIZ7!J*?3V%aj_Cc#F2$Wz3IBBo(`W#M9Pqb=O7~C2i z_-cMmtXZGZ1WUO)t42D`<(5nz4kgt7>~k@ zKlxcd+%wqB$2;ipz8$249v=##8iSfO^`DM?O3ECN9is_Z^b0o*zLk~&3X5!LP8v)L zpTcK*uwfM|*fI^zd7u-%fyn9^o{8R_rvJyI$?E`d(Gj*yMiZ8C*(rwCvo!di3Ru4v z{3`0gLhs9y#O4oIq+U}lwvs{3%p>**=g|~(&8)sLb#5%oG_b*mU1&TtX_shBPT|h> zR@G!izECcG6*6~$)%NrryK!?EG_(s!JFMW{V%v{cvYO9`Q0)!`hTo#t0-&hOMg|7~ zUdl?dTDjY+nr>)8#%Y$C6)l$zd9b89CMpe!?6g6wU*0$oawB5pD!BRe4wXa*TTwpQ zco5a_#2U|LGwDxx{coX{=EWQI2T{K+)N`@ovj#n^n6#){uG$qE$2HJ8;xgCoo{9H` zS_p?-M~ck)=g8h1?ybWn@4DJ`Y?L);1{x@fK&-aRbmiN1LCepQAYN@|Vosg0NU zF~9B+dBJBLx4zyFM_Rg{Ti*{0H0IVHI}l})r)!qk3RmZCv$~`_V;d4})M(f+)&}E2RKQH|PgqF0SxM6`Dz^+%I z{r2Bg5UrT2xcKSa z-<@lepG-QoO49X6w9s{u$6%Vn10nin?B1hXchJxOY;gfSbu-of)a~WS%IMM7y?bLk z04*o-6oe<58kbyjc`WeLiMsSUL9d&v3Zgz8C?p;#t9tmO356g3^#k4z$@v)Ti0M@H zR=$cpQrstxSS^W#=dHoK~GYv*kOY4mpGQ0@(q}R>1qM0<+ z?k;Yn432*M0niiv=WjoJ>lw_aid0YZcRb;J(*+iVJ!ly8$ZX%PdMf&G(OK0LF8TrQT`F$+S z@g>n+3b20&o6xzjlNkV)H}ijeJb!=nQE@uR5CVW#^V~r06ZI9pl7?q}V1UZFo0*#) zpKpn7M#+2=bK0l+aLW6UmOp|MOnX?#mu^;v=nPJ3iTwCzuA9+@qGz~w5G{sY0MpOY z;{9$Mp0yuCCx0EE3UxA*G zZvTX~0W*{KTJ9^>urfLD|90TD?)ru&E+93f7Jz1FPec(r-I2^dc10cm15P zF%|!7StWCM-Rd-D=r%>K9nTOCEvl%cVAs9@=YmyGYkJKSPQJfvb1oI?OgsR_=L zH2FlP-QU&Y%HS8{W48}%mQW}Z>sje=4TELGo&fmd_pFw%RTR>fEhMK(QGTn)C)T(c z1)CIGf(vcF=kiZS=>H`I%kP5kM{NNfSpGq%eUH#F5dHwvzDHszM6m-w?2#G`PHe%4 zpWqTlO~c5EpaJ%EuqZ48FFQdRwEnG;2tBQ^1uVZUE?Bt?qxmv7*n#9GmS9_Xo#nBp zvjIBnk;b`@3znh7@?y(;X>Yonsbvt2JPkoNI7ox-iC{X85Q$tiu2TBB=vn>;uooz`1qJ|Pf^e|FWKjlNTOyrP5 z_{kpe$Q0**@!tCWMXt44O@1O zG-=xfTV)lP=eO;4S@m{k@1lk`@+8<-y$x~kMefBtG(!60j3qTmFMLFc7(QwgQ=4%!mS zK$zHa9U!qU7ojbCbw`>4hmx2I`&En9(a_PTJsP!<1g3Mk1 z#Zi966ti}eiLuMHn5Y;8IT<547aghT+iofkqb=!-j44Y==u7e3j0uvvERJE8#uWW% zPd-Om_S4IfIUa3^V|z^0BV2CC{dpg4*;Bbn;DU5sie!aM>=LyW{QQuKGUM1JZP~LM zQy3;~IV{)Y#769+Sw=EZ_G^})Sf)BGpWh7`Ef@lK4&WwIdl)X%IFMW zEZUNCwIA<&I9}~P&ei^0adjN;^#@yXyw|toc&~qSfgD{RyXAPV-)YwIUjKNnf4tZC zm4n{vEA<>M^`j@>S8}JXShCKujJ0KR$3Bzb)n1g*wj(vzz{j)jaGO(MNhOc=xq49> zIpTyVbCMg0u`XZnawB@-6rH1*WVE6LXz($74%0!?dqgVwoD}zp7@>5CwH(_-ZT-5s zQF7I$BC7@J0MjV_nsKZq|5h4DT3@_MDC2>U+V!@$z2=b+(wVc*- zlCjdqgKSG@@?7;L=vk!v%aLYm-qwcqc!LX?(`IX~&K1QShIOVoI!f$0x1)@3Rn-h< zE5e<2gAS}RE2CuUycZyklnStvEA*sdi)z;Bun|@9IPEj^rt&=JMa(EWk9Np36gx9`!4wKYF= zb0EKypMiZIdrKx1%LWw$^9FtQEn3sE6{v7r=Fb-^+CZJ+{wwrsI& zVsgs=2~T#D$@PcB;87zD?r?cn?5M$~!`jDESksYtgVOTW)}VINW*Gs_;Y-UFS2BVOrrDn~s&F%NyI-~h;6}V|LDZ}-lSM;rxJFBIjUf3jC}3EV+fpe^&$o*;pEf%%kHl9 z3FnNX_XW#7qe~*~0QbBb>4`ps;zaJMdXZ1(7C7SJzaTvPdg1GUmw|@A#>;p*6=AW< zr6ym~Fs*wok#AP)Vb-u&%gKy-0$(Cp@tJJJx3TT`2Rz;}ml`H79^~iZ#Q*gEQXDfe z=x&swGty*d8L3uhsw!Vax2#!78&*d%;GLt46@^08VE5>PR4XIo@mus%2z$ow*EPj#CcGC2q(A zj%FFxP3dBao1s6yy+%KS#AzU_HETd4yJTxjqnVT(aA>z$w?-TSdEyib*cpI3)(SgI zSwKgm%L6MFR;O^BKswadlGvzG3^=mvMK$82z1i2&3o+AMUI-nvuX;Q7gr@-6u#@U?#5r>rI>U?zIB#UF8)RH`A6wUZ%eJ&211+F zwr8?=VA)PvPq6PKAdy~|xu`DTo%kdr2S8R$h`Eg9@ZZMc{IcFKQ7bF3|RC`$D^01iJ40+P;d4B1E)5O@^IhFiI zsOpDFRfma^z|?Tp;bzdfA9(bQ-(GnD!<)L+#uOdS?jRbD26fT=h`xWNC5?P*&b_hk z$92Y#M(#t%_A`fk*ExcZe@0P{6>i?|UVXj>7CuGUx&_`#ty? zsyPmjISetiIle;Vi!4{5FqFPwt*SFV81)AY(5w8!uox*+7Rw<=`b{-nm(IftvdB?M8Cx zJTix~?7|sz9+92gxIl(C93)l-#oT;MJJG)%ff&Cnqe}aDUF&a3)yP zOxn#9^XGpBg~sHEMK0c$XxUH(STK_IAmOnwSw`u(Mdozz?(+VWqIhRs3QwQwqf(}a zR&XJ}$buGnHHdcPlJro<2a1_&A;S!QkHrw%DqqB}^WJrd`S^HC^1?acj?VqvMq1}S z??5PNrv&Iu_pC;2p}=DUy1HF3=eO6wo|hS8xZtN~Ab($}K_UCcS~$3A$hvBLQ{m{_ ze^%dqvP1HB^Mav9Zr8Y+iPa{({EoBL(}Mm^eTsB6v+Pjmx{-+t9gcS7^AT9~-otok zrL5#$fy21BJ~P&jsr7C_vZY!EDA)tk*Perc z?v^cs6hWDbLWQBPyvc48WdxbjzsagZP_i`6<0NCLDtYYvsfY8+~B;(av`heETHIy@k73=Z{E^ zY^$8UU5(404a4qvqz!u;24CO}ZraXn(^WWs5o^3AkgdLu_zAgsNgw=oD_k=EsVzv2 zvZCb;slhIh8JpcXaKnV5pA~H`UGk*V00%Owpl0hXQo~!&mCP5;Pj$rpDmNikOKl&p zE(W#YC2dyi;xuDxM?pSQu^Y|yY*Dbq*&2%`2z9xs>7s2|&ChbOA;lS|%Nee-6>Uh? zv^6=y6`f_Q+=%JMN`AV|zY$y1443%~I?2^`$98wT!L$%M<|iUHLADwcCF4>9|w0 z!a_asw(*lad$og0C`lLyQgxDcTjr!LB$UHi?ohkuu`+6;60{)V$%@pX+Co2+25>Hp zW@1E}J1q0qV7rFw-+G_XD_J>fNWG?|JPqU!`bJ}?g?4n%>t;o0t*AoK8aJ78yh`9) zR=+vS__gJ<3G2K+sl5kkO_htD->W5u96Wh&t?&l?GdbbnFwk@w(kePcdxuV$+3p6^ z`4-k|=c9V)xq*4n{l44N{*$R+(V6Um{~ml^b<#Vu`Of}Nj^s=slglpvzl!AVP*b;X io+>R#eez$&axBMkEXVRJ<^KZ!0RR80Ojud~at;90-EYhQ literal 0 HcmV?d00001 diff --git a/released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203.tgz b/released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203.tgz new file mode 100755 index 0000000000000000000000000000000000000000..61abe98a2bef94637f8af12e34a8c25641dd93f4 GIT binary patch literal 113953 zcmYhibx>Ws7x#<1ySux)6fN%VZU>6HAEZEW=iu&8+?_&kcXxO9+voS*ckay}*=w!+ z&1BC`CNs%rh4dF37TAB~iyn;8R7Q=>Tt<;c!JD7kj8luvLY>=IPo1AfSxbvYQQO|m z^oNDFhN`2mjHSH;*m>87D`8s-UAyR8?Kkhkl=C+kxtv-H|GURjGh3SWI?I$I=O3Hh z)$q&6i8}6(#9)e%N#kFi2(aG*Q1@_7%zLh-Y6>ngC|H{^Plhmq+^usLGKhTzA zwiL5_yo^lq_91uYTO?mu|BBz!1n+eZEiLWZm+$RG<<;lK0xzv`_P_XPr8e!C$L;Bw zV~@xSubWFyoo}uh1Jmcl{*1W;>!tRs$xv&5lnafqs03Xfg0&yN{BJe<4Ap=vwESaW z;yrhLI_cDO4AVpjap-}hxIfwqLG{p>CHM0BPRjX+~XvtK5; zJHP-kakWXK!iP$0`h>{5FkqlDTe(xJY>^gJSDQ$ZO`jBO-b%wZnw@(55*)6SG-mH| zLlfc6mi5+nx4_HmO6lgrPTbLZt+N(}HyO;d=V#C7W97x&SI1R1{?ym7SNAt-i{LQ@ z@`i()!u&|H$8$utjsgtTNVeCrla7`-Xk31+s3IFN&H`gTO4)E|F#r=?j_83&>al&?K#987&mS0JWx4YNA};lR&x{D~Wk zO^l*#wJB$H;&5 zXplc!S}1?lW&fp6(}Hzao&xjq-IqLx=oTWF>B(eZpdHaCD0lPjYs>Fbhd=M=J@D<+ zLjUt?gV)%f`@cT84i5RXMozsxPFIL6PXPBlFYmfaSW0#MuQlBLH=>`xR?>o|NrzFxQZwK;_~QC@@ZwY2RAbgI?wz~u zmoESfr}C0{xJS&p+Ik&?EQ~kSz6Sf)q>hc+Qu>hyiaDS)*NRYJ%=UL(8hCPg+1wEz zm5+)i%s3P%eOj57=YGxr;M4`zrn=J;sWTUvMFY>8(S9GDY#yGL7n|XjsHW27J&-|x zT0x?oe6C^S;xWeeA5FJ3?l1Y88mNTO@*!XN zDcAAYrI_53V=pCL3Aw7TJogU8v$T_f4{FsB=l&HSOB`mxDRUkoMNDzg%^}FzQfc#K zBWa>8Goq^JM^~PuURJmDiWQ(?JPDAlty68pOM5r&U!IZS!sk8JJvIlv{}ac8j54d8!d zL?n3o1&mV;J~F?2{i^?1e0k&ku|a$Ema7*)!^ieBy`W7>D_Vuzc()@8$x#cf> z8c4dga+`_Ae-UF2p*pJ<@^kPn0A(G8)Ia7EUg+q*iN~6x2G>8Y*pCP_`VzH)NzHkk zqDXl?!fm*+mEJ%989jyWvl;6BF8T=@90d0zuX zM(2dSelN6YFtQv^2(JZGJJIcYl}JV`+|UWRpL0 z#Q_zsqS0(#_r}#bGl3-d3s=WIdXW8B<#UDG*m6{z7C&dF0!dO58@r*xZA#9*4>WTK z+xvdX=*q3!!h1$q?}M1`J5W@E`9&mb(txklRAVoJNs{2)=~s?=Q9tGj%zhL*SZLF2 z5IEuqpj!4^&xYoY?mblUt1c_PM3wTUQpLz!ms?*TVTa`bKnc{c#)Z(6MI~TamhYdV zA3Fv#d;>K016_5yYK9o@Q-2KKhJRJ^UXa$XOrDb3$wMosa;7XD9~;syxDRwX-y@OB zZmMaCG;W4?Dy_hL8sSJuyYypC+66Qs-u`{BfQ}BYPf>p)=&EQeClc+H-tvFDSlasc z;p7u-{AhfoVy9uj5fGzZF^Q=Zd{W<2>OJ=Z5~$E6iT!zYN1lal_7c8orj(~Pv!`zF z(ai5p0&BZJtpq=h_Sa^xP*ah532I8-Vo+KJZl8w`?#foiU!Unh+ns-9mVSLRMV3x*5^J58 z_?V~S#PpcO@a*8~W!`y0E(=`Jnh~g+?@2}K+(Vil!xkEgNN0i1+(>cdV6{!f0H@T@ z>l-<*T;Vn8q_}=zo`}@oV>P1GveKnCYFV0TTa;rMvPIw=TuI4OK);dxWjlWQ^Xu*K zqqy#E>K>L;5I5bOarDJQD*l6V7tw7sy{}<4;w%5A4c;bIPPxjJNsMe!*8?>bLl#;# z!56WPBNwwyxYa&7U<1k~e2I}q-9F~Z1JE3D0@FH2ZTn45asAJ%O~D3V%V^Asn*^I+ z#AumD;O5JmzFilUlompkgG1fTuv#+{C(~*mWYdSVZ#jufDNQ;om^DYn zC))JKM0epCJEVF$dVA3&(!9VOFR|s5g+D)Q9TTxf7+GBbxgf^hff<;QY=AFncDa{v zAYG_PMO0!cX}dr;@{|hTH>EJ4d@xP?G#o-IgKQMlxQ2R!o@zP$aO%1F>)$b787wmNgU}K0PFBnrUw!o4jf)uMCJ}SkHsPYjrdCiV{tnysz z`vIe2Z~i|i+lGnNQGr?qM3(@6UwCP(1Z0B=P7%?`y3YXP&J$`ScKK2@Q_W_lr9bRJ zfO$_sTPYkjvXjP-nmQy|$&8@}8q;Vh)n5DxUcn!r!$Lj=IP{_HLOwmG1j=YFx3*Cp zxLWp!YazM%RWgWOq+dWfom%lU-LBF6?&@J>8gD?NTq3h+?R`^MOz$r{M33PI6!Vu_|G! z=jAkRJbBjiK1IfEW5T*GKX$7Hm7cvO!36idSQ1$?@az42O4#9W0&N7b$yPP350*4|y_Ypq%B}C~YLL7Z{q|Bov&;g5exO&PN=)K$mpx577 zw(uRf)QigQy=C(R47e!FCJSsYvmNyT$0PFaQLKCR2v5bC>HwyYhiBWU#m{r4DP%(A z8PO)vWRgnRbLuCi6w5?QEf^EgAD9q>|{OE-9(1ldg~+O`x;a?2O5N`J9}j}!jP z%78#rRV)gLmP(2qE_>)V5LOhhS9_W>?a~jvJGS2z@`}tw=ayW9HT^(dMiS>{} znG}&G$V|7BX1)jm@w2HWz)TnN9;mvAXNi2pIZAMeZyEES^RIfw9wA8h79(sKqqcKHR!yQ^pxC+aUCYuNOj1HPEAU;E9 zFk90xgA-XTro7KqtwM=}#DyU~lXm%0^T@m~w_7NtGdQO@py|#@YCc0c@@fu|9ttwE zL!3R@BHf-a-%P~sj#rk`A)~H~?nqP^Lymd}UbMUyw*Iovr=@RD*jwX+@F+cszUUGf z%h-+Kt(0;e3bYWyFHN&1p!AoQK2F6I+8a~Ed~$m2>oXxYry6TZv44YZ8LO@)ayTp` zS$l}~IiKV_txHfRdeHHb7WSAo_svy}yYTXE%!sR(-v0N)v#pc4rFG5!t0!pXs zU>h=?Le3bD*-Gu$786;Wf7mx+ z-g8{CYrDcaf@Yo@cHFBA(o2Fn+y+^SJP zlfT)p0*B3wVp7zW1_#`JtZuOb3;3#?u0jsM%0Lyh4dKF~);BTt&H8L4afP+X-KJb5 z;0dQyqXS)t*yXCe$2r~4jFN0KhX_2VMU6VXB6bL5UYR`q6PGem2xKm$Ja8BUu6dc@ zZ~}(u?FS&-jYlQr_hZ||TYMivz{sxe?AU6*`WK&< zg0}5ZV)`h8PghhTxh|@lOQ6v(n=LiDh36c+nIHYOY8!oOSd9x0RU>n@5+?3OP)NN4 z`f`TF|7dC2-bBmY?l7(89bLB^)xmbi8xT>zU79BU@@Zpu5|{_q3DjB9&N4Ijq90m4 zrYg%cq*ZskIoNCliX3y zo|LsBQ55K$%GZl1YtAlT$vrvEPXs*NFAL2Mg%D(4rv+8)S%lcSa{P3{M?z`n5p_!c zNIf~x#;_!{ohOvI7*=_cE)({%;4=;!@5;3z!x7~AwE+LnYyviJFQ%c0&_M!Yzy zz|47C2(OW-zqq0z4W^{EHVicc{<9e>)_#MDZ_M7lYmxE8SF)-$iexA>&}xiHOB&Nj zsdGBbvSdWeSU0vZ%&$i9skUykD$+Hc=>+uq6(fM$xceLtpq5ZDTw{U`wo2`yKvDY! zwk(Gh(R%nb-P-j@3D)3&;?3&yP1*gAHX$CE+?zJ0H7xPA^zuMhP+4wvx^=|cc44uy zWGhm5Xxl>vqS-@_zXVALN)Y=Y`|}{-+t-6QDdf<{6c>z(W8vp8l0OpuEv!$6N-p|W z0(g+WSo{o|@X*_j5I?SYmI41#b`gSIJhA1s&C*yhBAfWFB|K3Z&v1gBYHwjPf&`dn z!#SUE4BwcmHLC}{LiNAbo3?6kU~3L;fysQ>irERQL!jxOnNyTz@G$9<*`}SayX51C zszmIsMSq+lY&c)k)BnPPhRx?)=F34p751btFTwF0aUAUi{Kw+BBY7WoM5Z*7`Tdrb ziLVs#EfC@g7V*Xa(JyZ^(hHm0?j^_F;OC0%kCJtsllZm#imIv%grkCdiCvhdjtuQx zVXr0;zRN|zE0lv9h%+Q(!s6>6WDdt~M&y@9WoWP6#u2_(ky|w6Uq)?wo~(aApP#;E zb!>@~LI%#@A1a3UtL)n}zhNWiE5tfWseudBu`6=Cjx z0*alFk|nFq_dJ>Bpqb7>h7ZchsY2<{_wI!20E}&Os&_niQR)7;glluEPVXU^XLgK$ z=ulG1one{hZ0qRItE|iaD|q0P?r+Kc-+NS{e+}m(`+dK-h7%3;y=0rMw*=S%=k){^ zYBg0Si>b=3`0436x`Q1uz_72?$iqA#_PWXx`1Gd_1P#uwV;8YDHENqQ?+>pgu6;bk zJ+4DzlsrM``7YzviEzL0mLA1woKl0aQ__$oqd7NtL|4K6{-{^p@g73)jMAi=7bKdm z2f5m##qWueeC5Ahl^gX2+EdO9m_b^c7UFSEBg;aqIG4F?Z*(5tn+o&tO&w1iWWh-{ z@?062X5;Gks#EafCxVYF$Oj7oT9|sTzgZF{cfYa8|3%79fM(%@ZrM}CyqFVh{DeLh zSp`SsM_E`c3Y+enM8>PF>=_VJKOK)SHs>ajB~ zM6pR>e&b+(3S8ESWS6;x-ZIT2!Pux*)8)sN#1*t@0vj;n>6Co(XfLqn)e}&RZUx}@ zTTw8jlBgDQ&lIZHF~wBb@`IVm+4mNj#rljU2`V~)cuBk|DYiNVE4^r%_>mq-7@&;j zl8ZR+!4ad5GE$u#v~420{cd*dUrWd4JdZ?7B{}hKRZLP7u~O}W>(AEQN7z)#V)C7C68us_L3el!)exAgssea)H~E5jUcN( zi^U=6bt^dS7&PG(cit=CkFnB5BrY9~!L;HFw4f10aCHmR(?Ep(hP%_vfzmZgu#yC# zo&-qcbwtcqoYN$X{_Sf8<@2JLcQ1tOF=gj_5_QTVeiBqCGwh%3?R7*&PSS}gc~it; zr+VHl6W!ZJVdwC~j@F@Xm;CRPkG@$_pql678Ih4h(fI+#Qe7y8G10Qa9_1nOstc&1 z!%^oN!S8&u0M0pWb)3j}25OWPYx<4A2+u9GDUfmee*5@Zt9`}F;^-S!0Bbe{9>X6+ z^7j*RH4w{RMCuFtLNqF%d0RMd=KBofn(Mc{f1=At@Q)Z$ss2Uu;p^&@8p2TB9l}d- z-AEs9|F_8rmeZfL?c5!%&7VPQIS7mVnij^_rv|-poA=CQ6-UC8o^Etk5G>VT4pdPa z-c!?pfCNeZWcP~K$z%sXG#ke}85pJ-!<_p#XUP3Tqp8f0DE)pIhxR!ix^7-W4zd;Hb;5xn zXNU2Jk+f%5(5N&~%`$I8RFZ@X^_ga|RlGv>B6e&dj6c%pFc}^3Jhi~Yt13G<^4~M; zYeovDVAhP7@D{6Tm*^f+UJ9nFL+!6J3)=1>X4CJg+a5TCT8#$Ioq=N|w!P)Rek8U0AX zxIwLLDB^1{oGgE4p5Q11F?go3?A#Z&K+q+AsH+iP(jSw~t)LIzxm`BwYP(M{%FG2j zkjuZ}T99OQne>)+GOkju;^i5_B)n(`c9Hme#@WG`^vf_C;tKi4Sm)%{>&ZrP5-uM_FtV8b-&tr=Ms z{%At!-1+p){i>8bGv@Gu&JVW#E%GyDWGi5)>NvstS=j~<7zX)=285b&Y@|{Q2Pq3J zuJdA6pe*ixQ)4W3Ac!pRjL19DC%;76=1#~^T@#9DJ1yJJKd_|oF%8I~mg28t9d}7|tveAd zesou>l2L-1EKzd~PP0%8<~6Ad#P9tmt!M8uJeE$AmCL_+vEOT@kVPHEXJ9hEq)yV1 zt4gqC5P)L$m}uaL8!M~0vQ~GDsBW5OL}h_4a#OT4s51MB_RZm$j#X2YAyaE^DWmlz z{wGjg#lHgV5a-KxA(x5IsqaV8j{e!`VrPxA)t^t4PS%_CF~tLw@iDIzl)~P>C5*FB zb&|Fa8z_5^cXe(#442@kYQ~<3eRuc}Zz@>%Q}8-ToFD-mPpUGvcI)}V0C}I}hfP9i zhW5mPo-7RP8@;Wn5+^+1&>Psh(O%b9;(~3jXJYzp*|t=M=>dCi_=ZeV%ocmus*HZe z{`f}nQ+kcQ^uOt38No4-2UgV(j$jtb6dLp2PG@gxEvq+tB~7k+5FVP`ES}Tm5*A=z zR5eO;-&-{ZWC(DljaioLkv+gc;naSfgsn%TBBu{-O-7}mSln^yo&gA1pN;;|Cm>B~ zL*lX^mD&-U1-@f#;wZZD)+ksUxCOtJ&te(W|9o;=P*sg{YS1W|Bw;r_QmRIly6CtE zJ6uX1ySnRs4ma{q#nrpF#PLl)W`jZLNH=3GE|V`pvk)UKu)RxOK)_XmSJ!I`#%K>C zgEqBINnQ6G(bY24zXH(ini7Xe#}fH~Ikr=++}wYhWr=k3<(?l4t2GxGs!kKjiwXds zaKImsOR@#D?(p)SW%ip{F27k$&{Tja(UCH#NH0<~@KSQ*gW8OBfawmu-E3@)lj`zp z<=uevwjKqtf_r>nq6j&blFuce8A0GA8P59Q;cu)Bx+*UEEwqD%f~R=;@q>!-dd8fY z!9vBB7TAInRaGl|hV4RppQ-K6T&pK9O4{SZs>t-bUw^2zwWZTin1+}ew_!F2IXEBp>1{Us5q-6lCav9eJwE3q$HT#Jhl>nZz!5`C`y%eMj)insWtm2t>H@DktnSC`t1snu%H2XUPKxDEX%MzR)PAdpO! zQWs4Qrq4Mf$jxsFGZ@3M8Y%qPXX$;&?*K!B2`yO_rgS;{LV7ujE{TiU;gy57cT}6M z7@~fM#|AwuZap29D%!bb`d8szVVa!wJ{>Mvatzi7YVhfn;;`&JNLGjbEPtx&CC zi8i!yZ%x4`>A?Ax2Dzy0ov0R@a40?T8nCR`YbRO_`Bb{LR!JJMY6edb>uLf#l^F#7 zB2kMyLS|&~J!}rMAgMb=eA}`PDxd}A*vo9)@NVza5VQyDnU!5r;!2wJ|*T~ zQ7_@6&|vrWM#PXzJ@Id~#8P+=z+@g7SG!OB{_-On2PW!4H=hL%uA8Je2?6tUVcoOJ z`7^^xLG3B$j!4U&3d4Br7++NNB7uTI%a&J7mho5?;%55r8G>A%V)2tGWMFMW!mEW+SyDgXirACJc0Eyc9 zexqe8;NxOkq3+g_-Obs@`*m*OCoh`NR?jcgIlbHrwUQD81>_PVN@|~Sf`T`SN&htl zSke=28*<0KunzC)Piu|FRzQ*M%k=&md<87Pg)cO@IB_?e)-z-&)EG$F4 zn@<1Eena^YZ=<^n7&gA$^NkgH!K9G9;~NJ6V$n`A7vo1B0+5pdTM^98fnw%*Aa#c} zTtWpn4cY zYGuqJAs)dgEAEA#A>ccp2Zn|wZ~ZjTcdai{XzyB(;G>vcUr)AodAZ_rGo)U7(6{q0 z$1viA7rb*A;0Udrw``Lb^W5Jz3(ycns0!l;YZ42RU>+yOiWt(~{0M$c;L~mTU@5Hg z;nMnW};5Hd#&6bgr^42{J!DN*~RoW&9rgS z;GKJuq~FXeus|7+;I6;-tR^n8?clfdyiGrG*8RTt!P;TC#(_(g^L_bzx79Vd`Uk3@ zVOBN6qI8Qx@EJIvLoPsX%g1DB<7^sK|OPdHe|RBpOM5 zTyq`ZktmFvFtO_YNWaR!JJYDi<3kn5P!sJYCD3{oL^CYI-9xxYwDa5?6unCkqL|3ebKEtaAfb@pyWqXD1jR3N6~QA+ zGIah-#hpTNjbUv?w0u!D)w%4bCsd@%j?wfX=Nu|7B#BRw2Zzc-sz>!;52%9ZEZ%(l zwxRsuAG%9u&fHpvV^GBp^`S@2ch^ygQx#;2kjiM%L@kURJSDC@O{A+eVZmkwILyLu zUQ!6b-B8*~h02?-dIqsSKN-}87=SC92ZCLq@%AR!D8q7npt8Sxjmh$$AAW4bTimf* zfJ?dd%e#}Y_crR;J6RCaXb+B6!w}ap^-k)aI-xh^W+YEHCYvFW@#WXIzmQF#lBA_5xHQwPC!%K<&>}qrnG}b^f7O0JcwK4WjA;|%c zfrQbh;EI8X#?Jt-8(;gaU3k`f?OUrZU*}+>LouJM5}ez^gQRN}6ca%h_YM(9CMAz9 zbkfNs-Ew=|3OskLjnWjfHb%hmZZxi8pjGA}8sFVbru^lPDpIdion;p?rBCKM00YGvFqF_P5n|TC8`6$R1g^^J4Pb z-`?$-byXzr?M*Gp@!kE!cK0|aW8p+xP z;)?C^whB`<+mMY`eSSE%r=ezYhLlsJ`(kC_#SlC;la%rhP=r|%wR3w&GCNM(=?^AJ z75)kj{2HnWzI3%4=sC_>8?zc+{H8OL*I%nm%eVF4^4`b8jsEL|^=QLvN2KoExrr9K zk6u{EJ_g{fBSws2k#xr`I{|IfqM(pZUW+8Tc|R7P+snZxy&0XrYra2$=Z)!Q9o>mf z={WQ^Q>pR)2IstNqdV)8UKgHA|HU6Ur8m!`IixrJNJN_0Z-<2c*YIEPpImjUOm;&6QYa3@-L|8ZW)?QFG-#D%e2RwUzhoL~LKrfRNDwP|f*INciB8GJmXf)ZErRwz_MWmDi_1gGB z!b=9cO=#_Tw+__IeKpF4cZMcex!lkXop}fTVhe}J)=@%UROvkI>&wda+G4tqYKxKd zaxkjM=-RSK^$IO@=De!C2;M5gB=OGr`M*0WpMn)04m1jVt*iX;X@93PiY;+b%Db>& zX8k+8jsh#qxiZw2(*1`E+{c^mpz>MzkeJym>6Z8yh;)v-hw}#XgTu7o&SA+T5g`T+ zv#b{>GaXL(b+twJMA==wl1RQ6NQI~68_oaK3Z=FywUFl~-k10u!7hXLg~mgSC%ER{ zBVB6*v0xU-a7dV6?(TAJCj`R?ZPc)44D6%qcHOw-!y3YuZN+N=Zeib6`K zlnj?|hv}Bm;ST~9*>%vvk&Z$t`UMpMmyas)!5J?7O2+;_LabCdn9D>K_rmAM#o$YA zQO_ZL_P#luMyR?yd>-z84aP+=#YncnqU`rc%Os6}DHyFC=b)$Mc=|BB2-aYD zx7Nxp#*WvL=Vg^zgx4UchyLgg+cfsqZUATdI*rRH;2YzSkv9Wmq3?;~tXEd&wHKvE z$~(BkKu=n12Mu3~O`LAonsQ($FTBxFM>8^}ohFdwXxGcDGM zF>L77RdWe_qJVk$ zv=AU70yXL3)_Y9JJ(bW*y>h}RrV4-*&aXL^nSjZKCrug6eUH!LQ~1sKyq$VzN=pG~ zE-^A~1M0g5pEs0mIRzG_x3GO<%Oyl0U_dKhh`J`oRU#dO5H4zcWcws-$LjdIqPo6D z5p_+XY=PA=@g`Z8?2oYWc#FYl>}Lhg?H7_*bVFoEx@(iTKI=W&5sM^dw>6T2I}pQi zEl6T8@+v|yj0|2DULL}C`8T%z(?sF;)9<;oEL)D)^)tlOStvphiw@l-DkLpMMsu@> z;Ip0jVyb>OPaJA?nRi!yT6|TSU7X$5I*w{61qtseBGXW10n_?W4{|+jExLoESnWZK z4=?9%rD;Urp0sUqT@wO~HEdp^bcZ&douC1ZAQ5!jLp&uk#23Fj{b<8{El-2!x`*-L znG(fga2J#qOd2;*eps?c%vUg%SSwjkISLr3B2v`R1Q10~$?D@NvhAVd4i;myjg6q( z;xXK<{_^&~4degvnecE|(6Db0i9{qLGlj^A{w07a2001FaRlMJ{>?mLHw2;*S!P)p zG|2f^ny20hfqD1>^-L)Ebh(+&i3d536JJw|eVr>@|7~2;JsPqNE4P+_No(L>K^#J~ z8EryHDUt&Eg*J40+?Yay7}0JMoY#&!cI*Vb*7Z1E%mK_~OD&5Kuaif0sT^LI7gbWm z1{Y1e$hZ7e)Z*1WrA!A;E_`zzzh0)D!zCL?q*l~;@L5p^r4s>MBJr0AMuE-CJYQKLG?{Jl> zg)7bm8FT#faAVDiGy5+WY6>HVcO6?@Htlv$Ku{on~>gAq0)7 za%_$~>UPP&9$A$`nh%RFdC)?NtKRtDB95wAaQ0l6b@Z%R-BdA9=9xo~mi%9a2-S1x);qeTQBl zhyKIV#TetD?c^UASMEviD2kiGWvMP+>YSO^w{3EmvQd zwj$k}taK2d=-j3gbv9CEE2kodi@3YK>k33*a#F%-RYkJPM`XRjgfu2Q_u0@wcf#B& zEJiqRYvZU#>8IPXhe!AKLBJpGPJ$Z`Ms$mlie-~?s)t}Cx1wW)rt)F{&P`}AR9gd1 z;1q0OAdOh>m1vQAak&%zzOt0ZMm}Kk?c~V@kQ`S-@|4^=3Y*J)rO%3%+;{K}Cx2#J zE1Zz3zy7n>i%E0Xivyq6hyJqz6;2$5{wXKv{#8c_RlNW7|37Kq8UFvsoKR&7f?@S2Vsj$qhO7vLMQ`o8v~S)fiyXO z|9EPUo()+_K2Z!i{>2}@(rGOltzIu}uT53<$1%~_)(ioxaf-XCKN_9ZT?M-SHVZA> zODz3HqOBPTjxj80K_PAmsAA}0!`*Jx1$6||2HZ~vfukuwrC}Ucme{Bw@2s&yuz#cB zs1(QJ!--)3Bcaf

    vYjtLwPU{Z|@O#%2n!iJe7z&#OS3A=v_}CNMpF1U^ia2E4Qz zXrQW7+4#$new`pJacD*d)f`r)ywS7q-kaw48L=79S~YgFU>Ny&`eW%3nXpb!GHoT@ z!cPRXXv3VTq6O=svc!XVgf~X!)({(OM9JR2dUH&&5jgoblkl7a7w*Ye==_%3ss7)K z2IXB2xUZiFX@1|#m%)ht{T5ykSZ-+cT_k)u9bt6BpaQSgS1e_*yo{^O&17jErS(4K zhrrGz|1`JE#Fnldk+v)F5SR$9rxMP27JNH{yB}dfsUlx4r9PQu{-@eB{L>6KUvdOv zJ+oolOAgI2kJ_sv)VVCs_4aBj|3!K$!lX>YV5dr4U3yvV3Y-mYOZRWR)obwp)4V3T zeBi^vMyG!P?s}($AnWm>lVpPeF$0pvpAG&`#x>s?h_4cLr8&LnpfX1 zjyul_v14DwKS8Cln<&*zLz796QQgqzNA44Zo2`5s_pLEM>*ao=ylEhCNNnvfW$x`? zruH1jzvN^i?qEae-A(>J9IH&+Xwql4@GC!PEzn>wE3RWeHQ`m~+gqRxa$wCQ;PD1) z2L{oOqs_QJnChv!xw6#DrW$Aa-T6wq>UBJS!1H|_46@-);C~S59rBGeQp`}a})seE`1I7s@5tv$NNEYIa|s8(@7;^*qt{f3jOv9@o388Xv(AE@4C; zv+ug1;Ne&!b;!BdM=5@cW7D1D=mS_v_z<+4U_(QJd$A-Q)e*OVTz|Z*xfozg+t`D{ zi$7U`gA*f?Eh`B;vu(5>seFa4*X6uowtz#ww?yLN$Lsw({oQ5fa5yxb9-Q=YEFu*0 zN)oJ_KXX!!UmL9|78-i!bP9QXoQX82B8@BVK2SK!T-XDt+(o;o4YAq%{qc|;3T5P( z-TFDI^bwPZ9&LkH*i1PRqCgPe)WYNz-F7TC7Q{!aXg2 z(nd*}26!=q8Yz56%&GV~TR@fm@8jc#nZl`Z-J)%1qsQdfRlT#vpLEpHy<`}nT+f27 zF+fCSCa9&Ak(cMHjK%z^C^8zpXOZJS(r}1I_4B7kDdhVbi=nLikmSSrWYGOu6LV4M zOGJkY=L;jlmPsx8$TwWlEQ~z1lS75p`v~@uQ>WRQtEaE{^P1Q}xs4ps1#&y&_Yjf< z%!oYo7)B@zkeF$UH4hyxg_F(vgW)zEZaZw;E46~L-j%=BUGMuly{X7?9u5jymRR22 z^WhFvn^OZmRZOPye~A#?!x3NT55u|

    %_Z8W%6@uu5MGjuZ0I<#ow3)vcI0>vq{Ufi z5|(C++F@&Fy6h|fE862vYF3DE8&C@SU!P_hz6WpIT>Lt7d@Ed*{n&!fTDs zqU-v(OBQWCh{>bHWlHPgk{<`ie)<3nqVqyEd`36OkdlBY7WedBV}4aeHMx5dwSd-d zp3z(KZnfNUuxVEX^&N~}{utrpxBpJf2@~P!E1w$?xi~V*VjD*FW?B)*Oz`qrL+G0L zig~qg_)dDoh(TJ(x+OQd^K{@n(tr)0n#Dubzlo;@ZhS`6>^p}Wn=@({?1rga)Wa~F zxbEhU^zQ|wW=re`_EDuBQMKRE0l53y@ROSZCp{i~E?Kf$?wtlTddR2P-*v5#e>9(;QtQ+8fr$rk`s{f#6#i=(1~kkhX$ zmPPNXecL;$`p+7kdw9)*RcI$sjH+ObgZ>BvI zjq_xiGQjh*u06`0`5a%slF)p3b3-um8V-IvKFLa#$m-$`=ocg9a`KXsh~%Irqs+?w z+;F(+>CRdEtV@g4LtMSNeBLGh8W^qoZ#O;eXItbP$IV!}MliH6Bpa-4Mu8Wt4n4LOIA6@9B4gdjCh=zocM!)5Ln{K2JDCo$uCC0{&dy z@Q)avc;Y}!BvGO2_YbLrnWCC#2M@x-lB3gG8w1l@r7YgQ_|HF?mnY7sGPL&20XVh#UNcd@3G&{_K2I-*Szv(fMW`_xxg}((af2V>uZd z$y@siyEzR`*A@XwsdA+Sh|L zOvw?zy(Q#2Qno%EvLuf<#36UTUqvLDJku;v!4-~XxraJk-wzD$Jhfog80Q5QM!!nZ zMTWuTHr{tHkXcx1OreWC2v5O5>l{m;!U3!Qt3MSjclVUJ;sEzA#YOiM5a+-Mnzzab zMm>Fv_Oi3a7VbZIUfHf8cEDKw^1Ed-BB(kka+1}t_RHttbN9CSiOz@Yk!U)-@HqHf zH1Fg4%+b?5>GWseu{Gi*B!NGc@NZ#Qu1`9j?MtHRt!Gs#dtzs#ExnYQvHg~8l+`l~ zfmZpmtZGpcRou*OHC#ZS8}DEbe8oKHP#d{72y64B~Py3noNaSXc}!gEl8)d6_g2!vz~aa zYE^}PI@=|? z<#ml%9nNqasAZmOVs`x%xoYv=mB(36`2FSljTvJ3EdS`M%nFPKtx!%}-dJ!fv1*iH zl1uDyPU*~@O;q`GD^L2j{X3Y!ET6`!*cgzCb4a}ab!YH>Zu6p4wqL&FoRmz`tNGt0 z6$7at?pj=-u2xXvC$+B&#?QLGS0WUeFVrT~zj!d(RKwS~TW2wdUa@PaDeicpAj{H&Mo_d*ZS_NV$v`ZkMO;TTo%^pjt6c|*(pkoJ@IF!z*)wR!1Hkb?RX_o7)9 zvQkXPJ!20Gm%Ryq`5wka{LC7SQ|1IDx2f*ZZJy6tt!Kvb)aRwN7sZzOQwS@*Lu=;r zAJ%?&pGNecMBZ8j46B_c>DKi?UdanRxv2AF-En-@4bZVIE@{D5J`EyKRKmOcq-o5J zE52*h-()K8zQh3@@mTOjO&>v3jo>R1R|(Fl56%b`l04|o7AlO#X%Z1TlVJJQ94{Ca(b$7nz#SJub!dTSl~uN z=oJ8zku^)k%3{+1dWd@(_#0*0O6_guu*W}4Vq%gtvB8Dd80+#_;^K<;;WbVw7-uCC z%MAI(4R!=c|5~}fqY{|K47|W_%&)Z9ucZzRTd;(Dqj#qh-3Z+LP!YDH0K*{ztGsXAkhZD37DD@VEAPC@7_P5f~Lm zc_m+}j)g7s4yYuTIQcnNNTf0>%Yx#prtcs*XfJQ1m8Pk6G1tGKm_=U()dkW)`y}=MN3F5%dm@=3y$(czfI56*GEp`;Ng4p?l_4Dd z0o5i7E~q)sfL1?+O_(kSea60Me%8hyJA+J{yV+jf0&$0GhoZ?cr^)Wh?5MH<{JkR$ zkXN&5tFj@%a~dcH7_88p2S3B*iRi4+(or44s;DI4MZoVzjjN6%xMT=@ykMGlrEGph z5iaRac^6l;Ps`8d9(E^)`i;nan`+jM{6`10`Vp}!h$7Yd4$C-~3O>927}*I=Fi}g6S~0KaXf)5)L)a7bFD}F3Vj*4ZZ}XD_t;B;hHYgDEpg`oQerlg7s5a z0s~PoEQe>yo$Cj^eZ_QvQeF$7|_?s|AxONLv7AlNr_w#C7;A_CV;A*jH$1qpv zMx+;H*U7jseF`H6s5aHkh-Nm>lJKL{ni$h+uMQ!Ss$ReBAd*>bcFo_+k{*+2XgiG` zo`$)x4#TC=Ur%cBkw%;&rcz1id}8`!L`Jj>?Bq0)ICjkRDEK!`UYNlLqscuqs2VF6 z*FckzjFAgFEP+xCY#q=kU4CX!PCB@C<^Zo4Gqh5~1u&e9oc!R4d9a-Q>O-eZANJJOS36{zn00_Tg8s%{ydZBatH*#6y=)(+O`U! zD;#veO^Rn=9yzpNhvwk{>D)PWL>55vR90Sj(-<8= zwx??WplV_!v)TJhrtW&zJ6P^TVjA8ube26@(l%-wG7!Ij1yCa1*JjRCqs?+ieHvWkA7q4%+c)J^zLm}-63JO@P|6-Agi zg)0~;fvRf)KBWw*&?0@|W(cyL9Lq2;_Mj_)Y!QkR-Xmd2R- zWL=c2_g;7ndr9*eQN8k68SJZrc-BVeyv!uCRd|uB0mXdcY^k>yV58Ep0CfUTWN)h)_chI^O(75tIw!*Hss;=aeDYBgBw z3E8{+l=W3r9!C4h1E`Npo^KZN{i?#PAkU8A=mEYnC|si`v&_%nyRZ(x++oko{0l$u4L?1Z#z+R+ zKQI!kctWW1%w(O);E2HI&*#ZR3-(=vy0$E*?k0e)+lnC(rC*bUf!RLc)>-S+LMju6 zE>VuuGF*o_+u7fDpI3jfjO?&p|9{kzxhZ@$0%~9CgyjyvM>)cJV93yux?M76qv!1D3G9Zm!i4g`4MoJ&lKT>$}&=Tb&A@9m0Q}nP#+da)!b0hM)GYC zn8{#y$1G|9Snn_~g8P8$ zxvh8rRV$|2z7(9}G}zAtNQYT-HU!7YayQvxRx`efSs0g9u7xsriReh3q~aNJUaeJ` z1tBD8FEJokf76c&vv7O>aX$Cht4e3J|1mjtl_;>}+SH~{2!)$PjYXQ$rWVVM3f%8{ zdzDqVNHNQ=`%$8Hi#^Z3=yXhdwxsCX4{bBG^g#il+Py!3g=mA+;KR@2){cB)|8u0F zB5WBV&wYC;gSSGvf@kw8qe4F;J#^?X<-xYjK1cn#bv?m7@m7kuH&=BOM3BDvOZM{)*rZIi&uDcp`fon$&&c%CD1^FPxP}?T5Cy0Xi z4^6SgB5*9-w1q;L-G6?wNAeOwOu$BHZB#%s%^5#MJA5ikP85`;2g zwo=g%GR-ARevqIpOt~hjvJ}m()8M$WK-DJpRJK)hh9-oL{9AK;vi?d*^&2hy^h~yJPuW7t?ZgB$E1M(tkd8jugmg{TU;Xe@Zhi)fM@b?dI>CrW+pq@+tbk z$*GKqR@f-8)XqCbvwKy&f>a>S0kMOieg;m{Oc!xetWTMh6*+e~=xsj|F+_8O0~7Le zmc~^5h)qiMMd`5jc|?Qg#G$?r8L*LASKWFAYIJ^lZa@kx4$=f}Bo$h@1#YB=t z^EZLP@AZia$BY3;YiyinLZxQ7c#=MG)WWzoS4gbHj#uF2rR6^j9SESWmsI6-6ek9YSlfny%oy!^jb3w2pKcoIF~UmDeG(Ce zlai#K#Np+s-2Ef1EjQu)RF?LHQ5rx{FIMrBY^&6kQgg$=fA#sJRU5 zp)gdnntnP=0L&xz(S^rLX>B1@#56YG09;*KQ9+=6<;Wn{JGHS~WTEujGlFqu3IcKL zJ~Q=GEGOq5l!cUzTtA9WAa<6s_G|uej9EbG__0*g@oySkKH&Ir3iV2F0lOyFO0Y5l zeA=0PWt3BG1kzzJAR^bsw~rI{OpgV{Wi*uYh-zcR3QUi%cJR~0E&a;kjE1LB-lQ^b zzQOpzYlAwIZJK#iXr7@?X!(#kOkl;F0%7$wy#)J%Zo>J3v4MqwBz`>BtKr=r#|p<@ zt7lTv%ot+VPoPp3{xER$Ta{LbU=_tl3=D(4Pxfnyhz9Lk5%K86-))%*k>p4Y&<0!dI!m;Qko3*>_ zdkrx7b3&n={*Z+RdGpTF3|GrnaM2F0dLH+hFOWV0aD)s)BDKe40>ghm`T%fSl{lwCK20FP~k;JScgJ+IKkrO z56a-eM@JAAkn*=?iDC3cavV-QrqcF-M>9?{R%;Y>FEL1Y-~x2;2++_YWLBo5KEoPf zI7@tu*L1NjaS&M{N_VVHS1;XI^^IKt0PtgECroPN21^oVRVgqdSEWN{!$69*A7i|> z*f*iW>@sOUccS*7#$ISy0s5Rgs7qmVhPf{1(^Wrf?t;BxFC*qH?+&jQ8H%sxPboo8;AcH_O zVmL*aXJ#k4*cKvm`$B)nTW|xYgnIKT_F5mA<@QpG)~@ zD!`4>8oVgf+p^69k9L$w9dG5Ia3~~a`sq7$3OsZl#4AFY%GgV?g}t;(h=&v}h;bdu z=vz6fzQ`Q-2)oHBsByCp9H_`wxBTS6=#=nvbo3-sqq8v}O|d(!=r1$NJoPrB>TGy7 zu|OLgX)3Hq!{#U_z_LeWRN;`G_DGe%S8vW#Wh1FfGQ=wFHx;*PQx82EFEf*n7e#pGmVs zhN7Pb@#Wu@TmPTYo~OwFyJ+V`P^ye6=|h#H zy^=)(k;ShO45^suPbo}cV56u2aUmeR^Y{0M2GLoc)%atv;NuYXfc16*@i2u3Q8N|d z;y&A0D>DNq!1_tLronJ%0%s|ZhKDSKP$&N6Yo4|iSYT5Bm}T*ZnLsHmS0koQgRZ|* zfVP06^b`ODnZH!nf7Z$1+beWGbbO>V6@ow5(1WS_1jReHmCjPTm29_|#s!eXjVD3t z=qVKr+zJFJl8jI*e3R3Mf&JtO|CICus>v%=)`#kmZKDJw4$Lb<>VONC*SR#`xsg_% zU>P#5mZ3JX`r&P*Ka`AOajE&o6I2qyr2K(na#&2)$`h3PB0&Aw#kj8t z#L9aU_!H~gBWd1wB?PPqC^SiR{@OL(I-c<#yNV5al`QN+RN0MA#sEcjfSw=Pk74Yz zGi^OLhlMmqTE=}SLDTYX9FnIT9Ni{%?u)!alfY{;C^GNP5qq0cWMDG50dxdYgpeD^IEDf1Y*!^Zf$?F;IAo=NHnLWu69uFJVVfi z6HRnHR&{%^T#}hqd8i&AM)EHtg_<;PyCGnuUB$4@xI2a@eu$-3nx*YF)f4c*=+uS- z`2%pHjXkVJYfW*qeA;l(LYXr+{{zYMYWVjr8Wi4|497e5S_`c7NAOx*?kjBLAJF&4 zV8kEsDj}Cu-6mEiBlF4LF>hzQYyqE`-pbk2$Hhps;Zl4-K_~VnK-Wi^U<>jB=)Cs5 zxr5}n9lw%oq#G(gyB#902XvqiW%ZE@RB9T5kq#))e&ZcNz5Gtzw#pR*5_p|J0#{OlW3hq$XrDTs#f z&8oBL<=d^@ZLZekzoI*oT^Cy(PgsvK$;+8ydN>d9dd2xCqZ!|xL8Yzm9RA%pf-SQ} zp^hyWx0pj)YWCD8bhR%XIj*P)vHJ3;1!TT1~Iol)nNOV~G!5CwxTud}s+ z-s{)rA!nPv6G)v2?>!5W8{Hv};{Edzyi=j_#k^&;3`VGg`+rO_(VQ|judX8xJC;mx zk7#ub$Bnb%oE=z%Qn1Tc(P5CTOK4fV%{cjVr2(qH2jZn9phIuyFl3~QrO1NYZL=cj zdf0Hw@Pl9HIjixF^H|Ude%MCA&U0L4a|3>VFz*eO3zM(G|?x8I8KQm!zRGiZC19!aiUScFxmVC3HdM+(_{hXY6^*S7_k%s@qRE zHz|`g)XT@zsBGe4u*10O>uB$=(ZngQt-P$Qi&fGr2S%i`Ddgw8m0td+{i-iVhC%Pz zS3wl~<5>jMC(97kt;;`k?a8ev)8D-$2Eh&qAOeBV-^>!nyq`Bg($3lrfX+J;;3{{c#}3)h`Fh1$B?v|1XHLhXI3{sy(AMSxS3P&p z#chmFxJ_0*r6WNXlNGxc?G&or$f2*48qY`X_AjW1_Pp$W3C?R;%)OmqXo!j-SP9`bJ zxw(oOSyeG4CCoybU=(8wQ}t6F1X51uuPZ*e;-7E5pO*;jZ>4XhpOf>W9asJCQHx{+ zw2HHDwvtL^eG$4}ImzqW4U8_OBgv>gZ=gbcNyW|*;kG|-V;$kBBGs;7x^Oj$DMcu9 z1T9?8!$xvE^|&?Al5wxRtF6c?Ud>LrIo*^L9xG}6xvu=}sq?W(|74-dRQdo@+2jxV z9GVg|XOcLjj}1n|L+9oeM{94S1K@Xw1KK~sVEY0HF(f9YN1hd}@F#+Gz={|LiYO+i zFPWS;VH49V--vBy2}A+cHl2@Zwi|Ttwud$~K1>)TOAZNWsrp_>0d-d}f+pAXObWAl z#*#eN{^jVtV=*rHy>;dw-mAb~>)FT4%%hgMkN%q_Em z^D}{ls0-Dqe3Ti*FnoB7NFrF&eo079aLudv3B>G^DffwTpd1)iah@%D&T$GDcuCan z{kYXqE=4-fvc^%P^Lg@dLhm+$@_Yw61+jh>sj3=?flD% z80)a)rrgk%GiTPhOS|C;jz~vSv>mdG-5Pe+jB+?Y;5xNE(C9X%uqXmV)OuswPjuifKf zT@3%a_TcjfZ$FZJecw4k!n;+`?D!&YWbOs97~vpPh112aGpm<|HWDo6b};y&wo# z;bAs+$_nXp*pNAh*%%eJt_PZ*?Y4oddJL?}E-A|bl-mkB9SO(>;5`8_wa3m4p7q7LM+*H~ z=gZw?1Y`SazCRD`f*uVQFi|QB`_W?0zqx~9TXPJPRMrRW%D)i|At(5CIl>Wu_{_V> zlo^O*I}g7WyhkB-!>enJ)$W}Bn+^HJpuomeSkDAI zeAA^JL?mwa?OcAc=*VRo)UHLqL?SZGHuagJGlOTRJ>l*5UEBt7bZN)rY;-Tok17B~ z*9T`Ue^;^~S~v(R%~Z)8hv-rE5912tz?U8vuxV?*h$5)fIEx|M8PEt5T#=g)1jvYbcry|6m%(LPA96t!5E zX_K&j`oOKAmN0^`gFw=@1;$}0HsTLi;nk?W@t#&Z8is22VX7Yj9qQBwYtr*8bg!_a zh?=of&SOeKV)FL$k`4Das5fQvOY4R;aIR#2|5( z%WWbyi=ysi>fhd*b5HAH|G=nx9|OQnVeMQu;t=l45d*$ZZ)748@pmS_)AClC)}VcA z7io1c3L0Cs%we;tV!w?^9HnyMLZQmD5gFpMm3yT@-59fa#W1u}nMjeqRmCydGAfkIcg?3ZglP2dy_ahwz z6pE9>CY`^InZn`a^VdmhXc|nJtV*gMb{XHeD-Clmkw$wgtK1yGz@oK5x1ckV`lQ#U zoSlEDLy>k4RLIU=ww{eW(cybg3sON@sSD@B&h&ch<$QYxkx9$M?|ooE6AMVpqEd;omw`MuW6x(8@r- zEHF8fQd+-qagCr$2GM%kAB)zl1skD-R)wJ8q#t_K*mA*C(cGm9blSu4iUufqdx|St zFDZy(AizGB?SROp-{e~5<~2+rh_zo$j%HPsu6{FPWgQ3Wh?uoD8u$L;YDi0^%6*4i|YCx zmZp?sXnB|YrYdUmK#iJ}>-aJ^NDO`Z55Qc-gi(+!q$<6J?r&jRi#Fc=D2WbpeXcGJ zjXjnl!eSB!q@eeAw!VQpNwm7IXnTP!gtDm;8YMlQ)K&wjGg8a-BeG{G_Ukkx8g!K) ziAdlI$PS(Cd^D+2lyzXiHC2ZvVY{)jrJythW41@ZL2IK5+AYQw zuX8{Q9e-Zpf9)krbh5BPnkmcDibooDMj!GGk!Oib7iZgy>%4c=Mx07AfIEF?p6jY2 zECu(ZcC0y9kDZ)B3uVAG8N%#1HR;<45tv<^XqdfepKnD|WV}T6LE*2(rXPp7&(S>z zVs91?3T_HWa|$$xCF|b2_pl;I_0O<7Nf+xGE9=lKi7)GE2kX#xyBxJsCrHNwtU2Q0 zk)AT1=eNu`SFOUKRe}8kp*3OVs_-sR89**kQ%oh)MbxX$yvcNe<5wO@CR~+2$Il~I ziINS8@$7LHR7GFTJ{R9D*<5*b6LJV)H(rmsjLA zc~Z1>Y9Tp&bE}z0Fv#xXsa}sHW-Um&!5M9?@RYtFE4iYe1nLHDaILUPn?oe4Y@GIP z6+k&hw~MQ$M$Wt<8z|iKO?8McjK%y9^P7k|lq$ejfJOa5wUXa(oyBf9OUP-0EY!)8 zdc&zL{2d8_5EQOTWRwdYzH7@UNTi~Cpj9$COazMv`TudLpya+K7VOW&%R>X<|3h~&c_zpEWY2|?_L zY7sX~;^2O%?6vC5~seby}B+tw}p0rPZ+8(?*2JWm-6UB0qa%*~Lm1XYisho;{XcGW{S zOGm-V-Ojae__2pH5Zhf@PJE?wRkc7Z@W`xWm_dL7R9m@_kMt(j(szN#7FTA*xCe^j zMj@M-f;PbWZB1;98&YB@&^ynN9G2r~@H}ZJ1DP70-Os&^cC&_2e^(Nd!@KE`)9C9BYJQ7OdA zAFWczafkYR>S1`mO=&@hEYaj9I6oT)iIrti%i~omb~ZVYU@=E>6C!qE&uv3H z9g)svJf(k|qLK;hy4WTFV75N9Q83WCUVeX)CQ5Svt+$hxLOCFck(IM%k-@kZV&PgI z*((;1pF&TLNtW1}1kQcblc`kIhpqI~-feO)fpR-jeKlPybBqOoQufBH-QN`Eue1-l zRqJFhvGbwPee~Be_AwB)s<2%-tsAAlk-2%|r*4QQLaqxxP`O#Sf13S4U4a+&HiZGw zd-!iP(R3_7DOW}X(z;Kn{1gAlUi+3>2O`z0#|nRm6{I0|?#Kuw6P1LZ>i~6W96o8YWg6Q01 zZFHFUSNB>g{s4hZO8x!jkDpK3TXE9vq8)T~*SKP2zOZcjW2NYP&5x(IiyDG!y%iT# zxyiaL16iFUk)yN2VHoLq;@h4)_||!yV1x8=&XBdVg7sdc=TC7Juv&XkAGGxnmpzWE zcVBl(n`1mM6=vdnlS#0HsO1c^$zF>?&kwyaDFitp#HF~AE15uDW` zQUgtmER&nsYJbRI5d-GBAWw!vm50CGg3PEi?sSag5R-dQ{5p3M2y zf0uYZ+brn%xu&ZE2;gEUet~@=9$3|NYK^Q5GUj$lg&7)U)V=Fp8OBei z2usjrEQ91rH2jkS0V_N_ib&O7jZHNTo2Q-GEKGI^3LwNhBOzHwxHhb&K9oK!q~n37 zCqyMrUsj;57=eMwVGx0&x{}96-+z&9o77mj$S?xol^*upQp}=_a>Qn49HZ1ICe-QT zhH8xEqxzSz8~!wZUcI1(Lt_M62qxEOE6Jv|NVrOzWtS%jwDIX1R`qhyM(9WM*t~$W zuad_YCuLhBVPo-*coH?9>F$^YV7VilOJqaBO*#JfU8;YVJ7W>7Dk(XwEXS^LH5T|- zlkSQ@@OrMfohgM{o{f(B;EB0xyNAc6lm~sig~4Se3uPtJbB1*>ir2Xt+LRyoJd1Q8 z539K6=`r?so=5!Aj2OE#&3Wc^4{Sch0>@@U$cw(qZsD}sb*@izPHvv?y>=?ktGS|u z;4!-@7q4qMi*(jcbcT0#?|BA+CY$FU7Z#rwtK0LxOUt*-m1U2c=bmrU=@2Uz>#TkR zM~Ou7{r%~v$2zLSL2;rDe{rST(_dGlt)56{fbPp&V0bgBbvZF7S7%k&{3Y(X0RAwJ zozi^9kVh7~$}KFgkNS4+%RTpi;@n}(Z$`~yxRGr}!B0+Ci?1!#2%^Z#$s3jYS()Sg zczi0hdX|^1pD&bYKyi6OK>7FtXSO;O zE}S&(!I8eVZ}y)z+mo(kC@0772b{LUdxAtk3$ENYR!&LWT7ki_FyUt#Y}RC_llOe+ zwTX`?4M3e{hnZz${Z-PDqGz|J2Sa45nPy2$J`YynXiNJ}+K}pS$}5EqFyGzi(&pPSQ$h z5seD&X;)w;nZa`Mq3{WQ^*`z@z1T~15eZvB8t}YN>LhM-K6on$`-YkS+&ktnMKwgs8Cj_j_1}p*0p zBm(0FEd9>j8C^>ljQzCrG&yhBFO^bao>`!K^VY5>9#FnYM#q-m+)OcRx<|oq%d(OkOcfH`{-;*~(Gqd_dNZyOne?B#+4sq*|`sA5S-+@cryc=!Rd6kg? zFIg*1lEczq-uRq#`Tn-!(pTZ}>G0hofn!<%I}!pORdtcW_Et|_jH^oGQ; zpLM|_=e=CL9F>CE`$O$lQ`~g8OUGdOyDNA1ps<^LhMJWT1R3xSU>QiIZn=HG?-ri6 zt)+H8)SHWPu8g&A!IfAuUoC~vcV-^!t9N*-SA%DO(Q~!PAoR8+S4WUKp%LM=U~yZ^ zcsqJL;w6Y|S>Zzfp#d!=J4IgMP=PYGuDp6>J##*iYYjPK!U|gThwis@HvX0P65U)| zw#_;)KmBH+pGh)5XNkw(aa=?}!0pr|jkX~ck@>r}r2e^Nebe6_Ol%i6#*nIvLPa$d z@Vc!L%A&7YDyqV@lqx?E&GBjH?D@23(J9)Y9y$;XlOS0OtoZvEd2%%rDh5U@54Gz% zcS~l_R*E^`+NJDlQrAtKE=azlu&}salWq-P)Ff3+BbcjNa#&W!E3_nj^6ss%p;Ddk zlBu~a9)@(_dwuILO@StR`Gv`Rr+RzoW}O}Dwv_^q!O!pZx{W+9Mh1&7RZ_oAzQx

    b*sah%ooKIA{FM^PH!?Vv zXwN}9;Z}*{9}46jk$$;^+b%|tet228|Al_CTz{flKaYMQIX}}M8IsNiITj^trk%nFMgSEn&7I(xgq74p1U(qra9|soijlKlpMY3_PYv&Trx?u_F+hzK%T5 zF$$R%0>1|(&luZpE<=6SH|4yXM&G7Tx8I)s@~i+-M>|O-l)8pF+bYBbokTKnZFG5+ zik{bwwc?=p_Dkq6Xf-^@@zlRk&1f96|2Xd`BGY0n9iNlVq*p^IK{g@eK3EPp3SL+a z-A9shjp{hFUFRK9<{-3{Sha&InZZMQ!1;kJJKh=tjfZ3QJqRsunUjH4sj`!5-OD8? z^@S1s(2$<>uCHx@!bN2exS}+x)z6!b2Bl?^@yy7kTJTeKbC8Y*{|+(MU89B9V|6b{ zUc4&*hWw&=+5aERO6EcIi2c{c+rY75DkwJE-lDQ)LVvEk^EW9t zC53mTc3ENWKIiS3)fWsjrIWPBPcA9}?SuW8*Gqx2s;ns!!^eGSUzNpH#W;GXEv+~R zxG|MvSU5@qJN2J-KW7{A029Ibua0Fkr+Zz0D`!eWScA$6s>6$hhE$%(HV!Efq8X$F zazNQ(#%itOz}mrDAqBp>?;oZ1A?cQJK9Fh0XV`yohhjH;+TQLm(+kROkQJm_%NZ5} z<`H~9$5AIarkq;}505>vIs4JV0c-%?=`%Ft!78G#TIJTusgMX)wOdJGI;@V`WehPI zS3==o^HEZcVQWmYMjV5XWEx5hg3RzoHVobS_?*$A_?pB=mUcEk9icG6#WbV`zFoB* zgWwo=Cok4I$c8Ma4Ust_vH0vGE=qBMQi9b7dZ}pwJlSH+TVf7b9tu7#f^o2@O-!RT zLnfAIBLeRPTuO9dKtfrGDVrn}9mL>1$pKA`eTrmL90FNC;z7^_yEv~tS`B}0B)_}X8&vNyICn62W<;JI7 zkBN!Ro^X6|#=80XR=;Y)%De<%A3k=B z&ddcKAi{Ozbo7a{tFZTc|<`CIw5Z`QjIRGdBYm z=pGlFpByC0lAo~ZN&rrzI=2Cno-*J`|5fV@@ZuS=95eWl*50O4L^aAyDV7`eAxT0j z%)$aKoJo!%SenI&!^_YaI>VIre-Zs+5;Yf@W^3f3zW4`|5xhy*dH%p-!17=FkeN~c zDw^{BVP~~!A3`(!WRkl$LTDASw*JFLJVEH13y>#*($#H#pQvgdSFQ56m;x82VoxtM zk}`5YwI5as))t+!p` zuiYVXNG%+(KYV%0xS^|&+1&+FjAZK_}A;KU6bNYCY-{?Mh?{b z&>zo3g}P#K4^cT-W}>$g6fNO;qJo7cz-oR(Fgx2hL23JN*n`{MHwkgJdC4EVRh!GC z%6mcp#y_wSt27j%vxB`>^-8!?`S!IdLiaAaN)l+-^5S=94vuUEf}ttJt_gzS=g zvOTw-Z(QkZ%?=4tI!*$y9V@68$55x3%v%Z0amFt)=-}}<&qRybIa*oq%}w<|IE_>s zRaxYx?a!<6`a<6dKv5_rx9Vr2KLEArldb|^!UoUBec(fZh2lXR>L+U?K zeUz1MONdO5hANqX2=Px9(MibzWzxe-K{XoJjO}Rhd~TF~)?gZ*1B^5BD5;n9@;$x) zB74tvAXy2CJu1|h(40T8Pe|HtHgbG60F6h**0rfu8_Bu1RH{ux8THd^o`W)30npm{ z+@hnN(l&npf{F(EZg5!bJgr2?dooI?F|{SZy+|(g#rUl@mUnsG(^!G=W56s_q=u?@ z%+|JuPJ*^FkHLeE#F&GJ+xWi=!9Mv9l|pAPMFw=%6|qRh5|iu!GYBshez{1#jhCpC z#?H9%40lJ}?G<%^+JZ=`+7Viy9^#B*0uM!_>fimrHO1$t4``QO`?WS(;2LNTwBps< z3hF*SRFS@>HmxIDrCa;2??@!9TOV+n8Fk4wVR!}SAx;4b0*F)CaV{&k z&r56_Jy+4JQg^;W<~BnOHo&I)1wMoeo}YypZ&*6E+nP2*Fx!7en_bx~iuMTlOOik- z+E~Ibril|59dX}24}0hDbnd9Q2q5Sz$5dPd9rWg}R9yU?bU#!3Sl~mTsGbOf^$1u@ zPb6Gx7xX)JPbAHbu=aqP=0Pn&!gv7>+!uc|;zEejCX;b2IipEE9QaZuYYI zXm0oV^5gxki#;0#JgPN+j`FCag`q)jgKg132lZe#$d2~#{5bX)gJlg!nZ;BXAZeK# zU%1$%-;p#K8B&i#uRk!V7>SOI3Da8j6fhb|4iBP5M^K_8>(GEtdtQG2v48}6-dl3l z34d&=Bax^#MOCT4(Izy;aN~*#vUqR&gypIhzktX~G{1umN(GZTZWGUF4=#O`o7$LR zgxCDeFHoU9p(d=X%=%sX>P|RcnYA$8Q3N3Wo3|39zWzQ$TqMA}4kvuV zu4WwcKXvBLKa<09ksZH{%PJF7Db^tIZ8N}93vluM~p6TS49$Nx_` zxuf{WL9J>%C7C&8Oe*O)Ba40eyZH?r7;Z<>D$wV&Y{EQF@CRCyP%KsqGes9howsY> zS}R{-af>jx8Z&y%8kJW)xIc4CHo-1=nj)44tk}KBRK0fLkI?J#t)rkOqEntxT_>hS zL&;#n4}hD+eSaC>p|Onv%c76@vmO^()X3gI=qJXP=6-Hc;z+X}QYSg0px@34ly@kZ zOtwqcvk*H|{D4zwda{kmP0oAXQY3bznviaWrfB*MiH4xy*D!^eqk~ia+b}Y+`=A2u0=# zyDc}L^US%l5+!GS!Rl7RKbWoye}JVC@yytN{jeN1NipiPEI?$+k_q;foAICV4tncaZm=vRQ(FO1TkT=RsTBx%|l|{#P zAU{hMum##3kB)WoI*?78m~v(UvPXAID~j{`dE#`v(#wp#JJO`%95Q6O$Ox1G+nA0z zdDSzNocd11aoE9IR8nenxDq(gB$fCv3&kzX8!hsEhyOr)v0eTxLW!5oA73uExqQ3y zu1|2uRj=~Wuf6kfbbwx>-tM{9g;1ZIUnuC2{CN!P+-=rl!pL-;`!ALc%*_TF$I+mb z&DC4|ilouSLJ}XqK?>Xj$kGxC$RX<)c^Exfku(=-L9E0F@X^{Vh9aZMV@^7gs zbkv?eG6r<)E~#7L(d2M8?Or?x8*-6c6XL(;Z zCR@!5uA+xmAoUVgB%@PN%TIZKXAT3rp^EEhYT?T4r|{cwl9%B`OYDFWi6mZcy4d&* zq*ASs)jajnLIkwbEeyjmLW0Nygj+Zv3|tr@)AB+92yLJjs!_31((+*Ob4a%70Vsm1 zEs|393*B_KTj}V(g>TI;r6BccG%6Yct))(pEWyNFP?QiPL&bbUCe42&^hTr_ia8cj zg@tp<0PP3uuKj?hW@~xhVFs;r`cdy zj6mIV^|XLz5?<0yCPcoR_x;a&qfEI7lp-pNBp1*gDh7EK2#TwRr0*M&;rr2wLog4N zHwmx}4sy5jiDhp~YRg1sX#vCB$Y}D;$lF^)0$<@p)MJs^@j)X!-~ANVT3LlBj+Em-R3i)EY6%KEJRtyvO6UxaYL;$E=T7T{v{nSlw)Tvq zZ?vY&hd{b|nJ`LqazDyXKHse5XF+uFjcGzVR zd%?iAH#5L$emrAjw})HQRXr+vJT{li-!s!=m|Yy2L%bb+c-mdqZPXo0RvZzvl0}_D z%_1u>iztNr58wCEb16Fl4?f?J zT!U(E#$9J-gkvc8Q>L;BLM36loi#{}miri;dLC!Z^0)L}GzOcY79Ywx9-^Jmha@LA zo=Xpg>p9s_l{lX0muOIssLMn z@j57AF+3hAR{lrWNJpImw74u>u=_zfAV>9-?aeTJSPO*VhDrPDwoGQjw<}pmNjmx= zi{fPZwX>0QKfl1ZCFOQ8cdL$J{{Ze|Kaf^rY#%ndsxQ8XbyGM~=(1rBHN@uqVOYJ4 z@WR-{`SGuW2YAU~J3l7wWU9-U>{8|$mZ~!rGI<%=fTQq=&fP()(i)7zEvV3e~t_D(7WtGB>!h$p2E445N)b@|8Q=P-P z;MvlXa;V$DHU`i9O$hdYkhK=D;-}OH@7DPQi~93-9WtXQW59FFm^v?JCArblZhG`m zQk^H0YS>Qp|GR>Zu9-Vz!mRwPksCfAQ@;w}!mNbI{icF4F}yO-Xl^?wo>PVXRvJy@{0#VHDVxbK;MQuVW*)d!#{l``whv zGZ7r-_afT;uG$ioO*gHIYE`(=)C<-tx^ZHCp#^06 z*Jj$p13JPSu0wnF9L=BGI_W`kQ;-?Aam1s_W-lhDaYzIcrC`k<`Wj83tx4<3R)whz zDdU99#dgjs=fR~bbou(c|5oN8KM8i281_lC1r4TSpcJNJOg^W4!CyEGbqi>yJSmv5 z%)l4XgyCbLGebuS;V$LFxV9ZyoW}2!tv1QGoXou68|uLXCj$n$wooP&amYSrP#e>v zBDzy#j%@tySb}3G{=PoWf+;dGnoVMOHSdKJ0W;XsoZY>4IbQ&`z||aKg6pCJuPk=(9JgjYk)lSQ4wjDEMiGMfnSB%bju}TJ zSW2JX4G8NW2#sqpbuZhq*KX_&cQNAGS$N?a6#hZU9;ASCj26fKa2Hb~AOoBnsmG?t_^W7^mnljU+2)Y?`ks)T~eNup?{D*%LQ>hph{$e49COu9w z?7DdFQ1)|7qKIsScu(4Xh+$hjLt;_IR|`pmLPlXPf@Vq{w(<)!rSo*6g$dgx;vGg2QgmzqXle zsyaF3+1aOdpJ@x0?T6vov8vik4)lC>g!?|B@{(C-R9@_K5WGBur=Ws<%%NwxxO}|! zX`a@PVZIZk-LOSi#v!r(y-XcKRwT=XaA}36QB$8S@7&dys*7z}K_5~pshL!X?L^}n z3T`rprCSyy0HV(#@i#H;FzyifjktFC#;13m!u+p#l;Xyc%wzRGK()W8SXC#Iao+<9 zH;Ye&dO2P5c2y8HPDLEfQ*SSqKy|8W6+=%E$NeaZIq8@#apK3+LUyFdRoZf+r0N!S zk$P)mCdEg{p0alqzU*+UJa(q`@*5+bk#7}MMeQO zt2zTprrTx{Lnv5}V)A=38X@0b6T2uL%p%*;3G7OTF((<6_ok7Z8ANvAEhhh)OGdFT z@+t2{<<8X(ax;nS+KnPR&wPGjZ(QD%KRYm$4yXR_3%Gw`KU;scd~>pHbsA|?*bTOq zQH%1iU7cs;oJG;TgH=u3DgQ@bR7pdiatv)kFoTq}Sq7LbPaaz9sX;tXyB!E&<2xaX zycYgea~s*|L!tSPzW5G$Dz#EDj1=$rlw-&K5olUK-*QFLZN`wK=l=5NT;lS&hYbJY zs;BJ-zc}k1AVsv?spuGq^b9a3%vB3g!^N%`M!V&lhpNnDvxVz8$vi7L-k>Y<-Vm3v zKWAR>M*n@H79$Vp zoe|MrT`RYg0b;zVpsdW-c+zVc$=S5A^|9O?j4VDWGsezi^m3_4#uCIFhx%(8_a>`4 zvi_{#>^!~d1X55((8*EGLw4CR4hjUV{pM(PuPU!t@%JM%-+ur`G(qEa;w+mDP75_Z zI^VIi1Nw9BL>gw#n+p*cXAyPPC&^}(1;Xm9TSRckef<2@0EgPG7pwboFn!vTqJV4W z3hxhK0KMJx&p-Fin+?5b`fWX(uBYE95Kkk1 zyNz%K$A`V=^Y55%syPm%BRq~oh%AHJ!r1GK=lMJ7yu_Y-s)V!;qii?g2d&@6 zw2Exx?BXc-8`Wvg>^DuuK$AV^M?c@>iDqF5L+ngOXTr4p@~ZgeBDCS+b!8(7=Cih4 zMrZki_ZP|Z=*`k&kHmUyWlcI2y+HqUMG{aGC1)Xb)um8m)~8wmlz*_)S{dl==5x>Tt}TrbBPq> z>jK>oJ-YTU9h2UnhO#_~%%8)x=R$;~4YDGtdk#Na&%g~V76vT_#S-RKvfqc1mBzkv zcsq!*4S)xyw-d$1IvGwB@Xxn%U|W@#m(U}XwvfD0U2r+|(5xhURM{*2gv8c!?Rrbu z?FHKW3>3}udkIm_wqLmswBIw3gB(ViLxRfG^$+|&oF52`-te%}Hi1YpZofX_llT}U zA`?kzOg#2Eg(g%VKiwcQZuW|5M5<>w?g2IT$>b;&@zZR%4Qv z*V@Z4>~}R!fhK_daINr*Qq*Ro-q8C-rtrO9W8mVy~Lod=<=mu&vdRTjP@Lh65Qr!Wi#1C)2Sz6H=`EqWuVRf(LUh@SJXLzoU z?gKGrbS^J~P(&Y4F0rH{d{SyL`6B!{$pmXeeghk~r|?WG)wyKVWcwY5#kM8H!xsDA zkwUe^t^6 zJg8Rit6Pv%0TFY?CR(cy@g^uq? zE48V=o4yiG%H5L>BCcm%3-VzihfppA3sR{9nye8?|ZT&IEIe2{Y>l`ma`=8FyPuT!H`{XcvaQB8^|xyr!Ap{sk#+ z`XCG)$qh71p}%29R9`r$Rh_|Mh=H_Eq62h$klJSXoTE9HD^S)+^^x9>%i2JJHd5mX zU)pr6`$-)KFUwxKJBe+6(gfyACo7|l6 zQWzsXGQ1Fk`+%{EmA&L+#VhB&gW^K02!m-C=$QQp?{doZUHSu?FiwDu&Zs>Yl?l?Y z&OG-or)_V4vou39KhkutAP>uBOM2#rxmt!RJ-lfG{I=Pg$<9HRnPkjU+HWjL*9J(I zjaj>oi;t&CnQrbwi$ZD6vsU)T1ZqL+xI3{kg_Gu&tk@v`a*O2C)JHm_x|CfLBU#jF;uHw58U1Ku0BCSz9 zT;s2uNEPkHiQ;+rkR**t`e&LsnQN_s)A?oNu?i(|t6qj|2Ywd<(jwMWX+bQ0S-L-+ z*;*3tvPvb)s6;4EFb!|<{8#@d zz;vLuu6Gs%p7HZtzgQ!1G$>$&06SYy@T0w~`P5Nl1exAMBrzJ~BW%q;mcsjJ@nErr zKn-P?>dEi{rBzfx!kMKxcMe~?ZIMT_{RhJM2-i2jW)*TEyN7(7^-g|49H8T$OkPFN zlm?|3Et4~2Q92_&M>3&8eO}$DPgjsbOCT`K24(hxSNkpF#SZhQWksbzz3rH@)ntd6 z@{G5`0n1(65P8*oy$W1-lt0wc&qBwLoGwsbCIsL>Cj+x*h{miBeN z5hjvWocm)+Y??hmgFM}u?92Su;20Z$9s&U=l3qBkNWzzh`YxO^9Ry>keGpn-iphHxwF z)W4{$!(GL&o)gtLcfXOg^GRONJx}-bK+5rbM2Unhg1LpFS#6O@Dbg=$=>m9I-IgJ= zt};Ym)@<$Q_^^vJ9-$tqKcXDoW_@cW@1>Asxl+{bn!$QTZeSy-T)7MsSV##sam`^z z#Ll>mYyMB1ulOmJ4lw!=vd$CorqZnn{}KSoi8$nJJV@m|iS4nGi2}xop(PYJMMU47 z`=Kyi7YW7vM`3Koyzli~SDXBWa=U{;&qUM|+i2i5wH|L&mK~7gVUM4q;1kyi(0B2y zKS-gZRHw}6)P6$#dzuyPs3(d}XfseakcxQSyO0y{fEd?u)4R zl1Y;+2f5LrQfEbfZ0sT_=!TN69tErm{s+RSad90*V)6rFg#14c#_bR^tiZENV{h+u zX{%H`6<;yeJLZctqka|%#!8nrw_rX>Br-R|tP!E=0=SL@`Np9S* zcZ;#w?8Znp!+p$5U~C0uPrB4LHlHxI6;Qo$l9)yc#kapb;D}-p!Kwhk=!N6GgT+nM zpSBLOTfD%?? zEe?79CA27R8a!|P^AU8wJ3DV?${SwB&OZgU0-qWtc=CDA#0GBUXC*<4(96y~IxdI7 z#3yFHcA(Wf1CQUmT<$F}oebR3#TMYSAfr*Xe@ z>J-U$Gx_T`!V%TN;x{w@p9Ud>rW;k&3 zLvyn8is-B~unXHh&NG~>>@va>#o&oN)o<7*WmOmtiFgmvA?Pgj7`H6*WJz-*oNF9$ zBbBXKu!^6Qp$IXplCM zY(YyRy2ef*pdtAHz^u&|qZ3Q(GLfIiqPe5*vL}?zeW@ z*Hm%KRWmqiexMj>0;CWQPjs}hi_BGEx7!rT^lLGMG(bSnjit;eA3BWNbZE@*DP^`o1hrmcQk;b49f0K_f0dYciJDV( z;ki8eL>@8@7HwuDJk7Kkv53*kv~;&~ZD)J?wkvvv-JvZ?hFi}_c_BMXnw1MkbF&N9 z!JU8lgBo`J?0#~R!vB(y5u2R< zUh9|X3_%-k&}Ka=`j*esbjo5)HBo;%2deXz29L3UoP9~LrzZhcTP>sS`3cL{87kG8 zSCzK8{Zcu{vIk_(^2OHRuICclQL+SuwiLYHZv@JDf-G>bxD&p=l8>D= zjQm-**k==Zg08dRgbg>zE1PYj!8GFC9)f?^G^9D1e0*jy+66>aJ z_>1PJ9UaxnIoakHHWm*jK$}Ev3>zc3K@UftLARv3Ekf8qrO;jl4tMj~OCveB_R9!v zg$Jqzua2oXSnu+q1tV-l6&lRU{qt_x3yEZj!k#WY759ch_a6CX>eR&c=_(KLgmRK( z4W@e{qEzP3fopaVgr*wb?6jI{1YqR%)x@c}>Z`^upT1L1{gIf4vQh{X9`KKGI|}k+2b{}x4k~D)8SQ? zU3$w;d@)*b7*%EgSH1Z9e}*}Se+DVE40M(^DlT1aI@1p&$DT{Ane7)P!&kCBtgd;e z&6sA(<~V+aw7rvAg5=jDa`h%JbpjZdnc8A}TlY@igbq$&ju8r#&PpcO$@WRv2d5>X zgGqW7^yFn16`N|hKX@1KuuIY>NN0=-Gwq>C@@S+AaU~>0y_*bgx3+X@>}-Ogb!#oG zFi2rl==#6-u41(5Cu$AVkafGupD9C`qd&zOe1^2d%CL8LCJQ4)&YKHw9Q{^lSpdo` z;){L-GLp-)>pbX8C*7FY<&Q=vbPIem!1G&5p)K@p&+k=RzQ=;f^Shu!AL)xxxan%J z*mpDT@F$`SEkwHMZl&b*ww7w-7=wNYOEI$$GBs&WXeU~BAw{UTL^k>e0XnUZv>7a9 zVVB>Ycr80W!3CMwD$T;zs{M8BB-fd}?Z%)J&)xb>^Y^Z1rg z2l8c%l=^ahTT@LkR6umCLSTyI&K&N2@m%`~zLNeY{%|4*`JebhFOPHh_d>_#zinY} z@G)Ai`y;v@@FMx&GL_%pumRLfMK{?ti@k3CRc!&| zY`}CO4fuo2?X3G*KXG7gu3D`$vuJHD!S+i@|- zw7>qFdpISH>HssbvF%^`AwYh*wRyx3dX1ipV>#*_bK@(})|h=BZB`f5z~PlxocMo2Ml&`LW{?3bzg_9MzL6Su*D{*q!}!M9@}HNR#$j) z)QPRm;{>)E;8Lo%g)QviKu=?N0aXoPX;Z7{LX_B6hOCA|N>(xjA+^Tij-R>a;a>yT z*zP(gi}rn2LqV-9|NK-V$?nuy9RWR}KJ@7wp?cZ+HDHf_6c99dw5;&kC40`VSXn$U z5;EU768cTyvKi(6BxQz~{DC60&V@y?SG6SkqOKpMNFI3>jbX{QOa)6|k2$Fw_( zSFHvo79W_q(UxJO7;Cc3It%Zg2hxvPNTLU#AktmJIptmWI`LYS;o=}99sHAdkdN=( zVb}y^>!Pf{sy#gB!mT$aPJo3w`(Tc@h3YG-XOS2+B(xuG8{}C-n#}XD|l-xN_)^#uee3**#=!qjQSnADeefw)ma38we* zN)1NmZwY~9VH66RgnXq>WX@f!*u32ViUBZ00uRKJsGJ*fG0i&-23%v+5Qa zTGQO;A{9!<4#+$iL3YX~&Nmfkspj{|Ld-lRqQ8xIEGDkSJsaUb3A<7hc{)=@ucbPv zX;c~JVmexjywXHJlN63FUL1{%EMzm36luRNSEq7ce6mpQ4P|+2hi3w%V(6r#V|5CHF9T{GSuZ@q{PJ# z=X4)~kpz}JIC3DIaQ{YsgwWI#@|^CeLxFE2B_VTxFNqU@JNOqY=3kP${n)=jF(ShG z2eFJldrPSa%G!@W6kFqPM&N{Jq2@yAT11J=gg>qASVZy965(r{aTDdCVTP3ndDCVv z16rM{OmP08wGlH_6m!lOO0?7)I0AkWg6>MS)U|{SCaK0uLJL?iDW-LcEN| zBg9k&vNUwh$lpSQs-%id>KNYu+<#Ri=xv|JrBz8XnF5MH8WR%}5fWoz(W~5{Xl+$H z0A&r-KZ&WDqWSfnp~*h#Z1-dCPGst2dLmsGs=+m=s&A@I=TY17E0Pr5&zX<6 zf6w@7lN&hMyz2lTXGAXMCU-L!I2HKSziDG)vXdgcLs?q>sz2JL`>MIL-1=d74A*q{ z6Mgkc#1>Yr=OK^)9-Ex$fOCEoA{$z_EJ*mnuP*_76Men)O+M%LDkHj|?R$0WCHAMp zn%aOb9L<`_6tOp}Kb$0!yM*2(>nCB=w)BbCe6{GzogyCAZQ`NTH}r`w8;3zF zt?c^9*7o9HphlPV!mpBgS}Qd!ooQ3mBZzF{+IrGE4$|G{`2^~;N{xq!;bDKAy{36` zDZrd50o|CDU{+7++HZeBZAi5XSO)Xt&gI_NQHpOsrJp)rQHxjqbyEdVJh(8e1oGY> zg?@g;P}3LJs!oz3_+D-zQLJceKq0|05631e@G**#J|u-KzGcKT-Y^{YjlkgmL*anW zNgIxpFM5tUPU`P4Be!=#nmDAR7&9|jI>!7&gx&le<79YPK@{~MB-Aa2k!v8)uQgB8 zFch^VMNn6f&Zr0Xl)HD3LH0q-7dgqG{fWRZ*OS_QT)A!JXet8E**#Y3lc!*#yb0h8 z_u>V<`eT$XQ_^PZgvqoub56eQW>{JKwDwNT95$lpo0yA3;*;fr5+WinuqfhtodIA( ziAnLhjO6G!dS_dUSnXU|ljdT#>qUv>$z!BMz7mx)4E2!9GfMN2OMNwTtwrF)SjEnL zB@LuQ)X2isaR8sN-pF?l_@@`hB%)qY+Zb*D*soaXf0&*93H%LrAM9tYejZWk+hF4B z+c8ec-|bt4WYrT&jrSfFx$$=##!b!9>e}(hFU@Mv1#SS`YRiz$=7n1#^KJ%8!aC`& zo>FhjGG#Oiiv)!r-}yh?Jl{`~>zr-^^||u9+KDkpfQWY2)u%i^%uf345!Dzza$huz zK4rl)V^+~69%uq!+Y>6D2*KiOY^XQj86tmq8_a%GtcNBP`&^M~XgGLX**le#V`jI` z&D-t>Xne*8r^ICCtdnmSD*yV5E=(*}Y$z8{+7;(1KuX{AMQ+MCV6z47B4BgNWgYVU z7Q)Vc@Co1S8)j&&T$9&-&70yqVd80NWf7<39v6M2*h8vQyzd2_W)QMCJTiAhXbJhNTv* zuxY&9ulvxW~?1{(v zuEwoRp|;|4F8IuHlZWpJN~LXcKu?bYJ%=!d+jcUb{jLSu4CO`J1l9Q`G(sU9c(but zq0Oa8YTr?&C)+w~y-|sC;rKn&L`W5N2J=3i0TM9;iArNcV$hqB1O`ms!XS2>AIBdd z3G%P6KY<254`&*geeFIjmd--tx^7JhO;9cSg|v6JK=mzHo&{A7`KXpJ%&fVzFGKppONu zC^i}&wE30WFwCQCJV3jL>>IRlA~cmJ{fE~v;jES>OqL=KE@V}}^^f7NL)d;FQH9-- zGgi?JZucSlw5j+D@$@|vV#^soigLgAG-J2rq@LWzW)>KLF+Zl3`dES2O8AWbhRg5f z{x4mpCSudX<{X6Z&~A_&DerX}4mNjze!(dnqAH0>?;qB5Ff}K%=Q~^%R`*xR=Dg9; z&Cq#(3uj@t>pF1vAQYd(11CwjGH$7@R#oI%43%FBqdZ5-!$PWxL(wN(TS>*HkPYHF ztM{XuPvTc_TCM_4PaQ8Mecoz@Gs@`EuOjI_2Gyu#r^*Mda4Unb{e9CVpri;JeuSXk zgi8+Lgh@LZeivs66GgR5n{%D$d!sC8h641?FS_U7Qxk*`^f-dH?ku^qs1u$o@pM!F z8cj6rU&XJwFrXZ0!^cOYnsl4iVXDyS*KwLa)0lFO;?=Ae>mO?fZDR z_i=Wd{_S*s|9b9{d~G1Y5~+|j8&2oi+uz|a4RzHG7D+WdZBI#+QCuMrx@>7sg9L*) z1-=;QLd4?otUxU$aT%DY>Saw*Um-zU@_TV#`2HVScbmGKn)#viHe0QKY5lQ(^6)$M zOG*D(G|pp36wi`>f(?^z)B<~xdDcEhsvxd=pDHZmy^XFt_SFjBkl3D$TxA3W(29NJ zJ^fjo4d6)U-oBKRHk_6*ZiR;yqb;ToV?kL|Lmqlx-m9v%AP5TQ2IaS@>L)j`B-vc4 znT)+Ml+~g9Jt;&LRw3QA<8P^PoIa zl!dDg=<4=_EiM~!=ohDLMnGvz?nO@CJvsM_|H|8@XkoWgLaMR1pL#u8*Z_Wp~}6#`bo#ut{{jvK;8-f0l77-vLdVuYqDFs=OX zUY%{&6_V&pFJ2#oy!=)-;U*jluEuii3>}~}KbC@`zeA+iq%29)R$qaM^pC8gN*WB% z4m>JE$pS%8$TY5F?8Z-tD*BJ`=v|?^U-_+7j!iQa|=b#&_ zRB5+O>0#CU35#)skrBhZdj(LB%*>T@(TuEpoba11YM%vO=X}V#5yoGe^26K5_8M@O zHWtH2i6`cm3(2=9(E(v-Z{qgYNW(5NlV&CT)qvx4O6dQAh4$k5Azs_uQGq`z#3mfn z;RZ|}Hvx+WAzfa!gF&z{nGYii2H%>EH&6c3BUdCu2vg3|%th-^3+dR-%}dO{m{#cp z?J;eP=_K~qSKZ07*sA+Xlj2;Tu4S=?-8)(d;K&QrrVFZ#*CK(GSt;g0p~f1Yhk+dF zNDFmiGi%IL6hLoCH$&q^N3iU21oSqQ%$UsOihMaasHwTx+5>w>Izh@;>9b=*hqvHb z^p4zh!XaR+`uFHi{53KeEUK_8Yi-yq)2?f@cg!=SZC_r*UTBu{zRzs0>3UxKwHP@%)k1Bk8Ro$ z%(b^0sLX>ZXA@U-shFP;qTL-duBZRV`X-bULr+C2U<@9!6me!=Vsi*Uiq@D~tcCzc zutEC0rlJK`05tJj>m(*{r#G#*p4SP6gQXH>gG3L(#VDgenB#@U@94g@Czt7WQ(Z4Z za6mw-p$zmWtoWI*=8VGqs_ky8rnr5;fQ zs&g3$RHJ`BZ#)B7Tnm3`EB;lkoHjG`xzU?psvoV#Z4|JCk{nSOggL=8jXC;i zKboQ8*()kUy2$`*jY2}3bCcAc&PN03q}nV6vO)P~+DeAqrJnyo>y(16{-M8_1Nmoi z;~^&aMDKVHgJt7pEn$`U)#EynVs=U~C!3iIqq3|Dh#3kALBTp_JVY^g>7!#uj_Ayy z!yZvNc6+wHfjeE`RubmA@BdrKuhpd~KRu@Z7p?#Lk@J_@A4UIH(64!ZhAovJX{RSv zvk^aa`CpfQPci?;<9#NAlJ5N!#}g`mEqb2yQPCgm%~%u}UDeX*uhjC=H=2iLjVedO zPyb`E_P?4p{ZYzh0| z5R(P6;g)Co_hqjGGvWVb>%qD^s=B7(At~PNHDgkI39~&GF;UWlxn2sVv~8NRw*!T9 zB-9+5-#;A|kU`ZMU>R>%_Ck79W716%yGtbv{2~VLnD2fW)E*+`gwr5SD}*g8)>Snd zoSuDN^IxOyqJdB`cZR5iPqKXBwd41kmphS)Qgs>H^Sk2ER|IRbePk4?ovZaU2Eu_w z9^^28TxR6vB&}T`tyf(nDckf_0>H8eYauOv(U$5FqYwx*{%h+3FumANt2?S`7(L*l zjkBdKeVSY~7FS@Ja4whJyIZYQ>vXU_^bU@iv>0llQ%Q!S66&h(3o~E-IEdjujq<`Q zsD%y{Eu0ghGR{cqOGd)^oa2Qfn7a~nKsL!gw!Zvh>(`_D7S@6cisrdyvoWQ*hhr6h z457L8vMAnfh50lKO1-7sZ)euCopaOn&OS$#;}r-2c9ieB9G}THf*lvDF|wY7dJ=61 z$eQm_cpGMc5S zQ7BWc4v?}DM)OaTczQZ~J;=0>%m%o54Xd+XstMh+-R`fC_;%;mmwSKddta-iV_Pw% zI3{uzgVBQINIs;jlAN-_H&NCrxr_|Rpk11qzo`jU?J8Ake+{m*lWjkN(1jz9w@*}d z`LN=U8E;19ZPhHp@Twpct(sjEu|Y-rZK4o#7O{UPhH=(S+i9#L{(Ss$)O;#6d)zWt~8dP4M2V*;33fepSQGU>uNe#Khxy<~tk+sL(UwgCc6 z-eZ_uNUdI=aFl3tCy0%T{8#U@ySLt!$8$X8NA#0=gUU}7a8;MF(G;HU3y?wer-asx z&wL_*LqZT&JIV>QOt%?1QtPst&JxmHoNjlVgJR-xvq}Yy3sagdIwYI|fB}>Ub2~1! z*r4R9hdjx7Ab%El z5^?Oq0m5Svg@1o8AOFeH3GgAvxD0LucRp(L#|X^Cbj>zLr(;{n5^~ySF9+(FnjDVQ zQ#en9Gf~*-$E(j%{`e|A{zG@m(!6Ja;A$!QZ1KCsXhy{5b@AdC>_y)c zh_--|hKKN0#Kt91tbuFn*b+@Ow5`$ue7A{BxCa^O^s0^^<$*?6r3UBp+zV&__RIZ1*Ft0m-`9`2?_Mks7`#KJ)YI99CM^tN5sM%_JnoXx=| zP`hP*l%-Qj66^;z@gh=_=SbPs9d-FuE2OI4{(4Yrld8(@Wl3v3-k=edm_Uzq7Hnyz z77~Yvi;d6>dhT{BcCz|ED}6Qft7S)=-1lfz)7i)kmb z0GIMLvt5rg`UiM_eK~c1;MGJsk4u7s`2$;f_d58l4aAUziyS4$I)qCzV&ykbZd5^! zLY<9mVkxiTHGYK+UzWPi=*pi-E_+V9rRZ)Q!AA|}rJ8rxD~v?N=0J0YlfbnT>MCfd z6NW{lP1nSAsNX~BlL6;9fzHx4j{a@fahvD7DjB~^=s;ilIG!X{;ZmM|Zqz;NoSAtN zBkAQMMH;9xPT#aq6#47deyT-h#Yvf=ql=^&J3cou>3k%`hhW6*qL))hVY1We+zHNQ zg%(9EB2LKtfb}AqGYv}obgx@8=t59bLS;H+ufpetrJh0^YGT-bK*cgOc2l}r7*RwN zT|&u}L5ju(H#wn=|3cc*ftW9As@T)@p7{H2RuJ(zf5eNOBJJZ(aAu$ItB;satD=Lw zwE&n$_i1ypGeNh-JhcjU_bRoT7^#I{JvmLW9^+Bc6 zaDkxT@1;IrBhzk8R*m50J-Na@n+{17nx*P>?0UONu@FX(zG`r^qXxOO{>2mgQ;msp1$wq@px+Pg!s#M=6A^1VVlYhmz} z`iO7fkysnNjbKdiw{PlZ7EiYU`^}YbtRl(ySLdF-O%n~s{=SCk$uYOHd5^%XAdF&G zv=L+QJv#ftZLoD&-naQFn5|mMdXsHfANzVFd%KA#Br7qYX+!c2c9Y*u_%pwTOn5p6 zP8jK7(4_E695}?g-xmPGoOi=Fk>>nd5nGb_%CxT8F9c&KQkrmvA-L8VBX(aa zfaF#w!8dtu4K-~*T<(?TtIUHSJ#=q1h&_uB6T;YIU2%^4?p%Xm+mQQPHE%#N=`n>j zWjU~M;dlNx(Z)ZmyEyF){T(&~N*$bW+#0o7g{rXxI`(ERZ93>9DLFhRS>ifqJiT7{v;ROF+<-bcz@aKWE|8K#aY_+?eFT zSZHmo*OSOZ0}Wi2LuXa5wZn~- zxhe|9FRMt7EhuE=BY+TD9qgo;$Qu8UQIr8h@A4L&C_aEN@47g`7=HzM4C7N}v|V8kyC^t(f45=v^Q>spo+(VE{!xF(5l(c#eXrAQi@>hHdyWNFq@y`(E z@pE8=zfK+Klp(!hEQLpTc^b&)8KtM$T?r=}MtSAPi4t{o7%s<8Js4j&`CNvWySU?+ z$aq1b9s?2yd%;pz`i{2B7B-Cx`XoB>9ByKd<)*a9f1Esz4_l6(e;#j3BrCRYB+K4B zm9T^?>N+`pI+Z;Oh^p%Xm)=OQwj|<=?vElOu8#jz-Hh?)I6Bb5c$bp?o@~#Fg7bWb zU!!s3ug|ZXDYUk3?>Nm6fqn3PmRhKNdQxd*GA@*oFojei)?(4gQ~NBsW1Z2%Uqa^6 zo_c%G0S)hocR~5W=43%){x^@LgI0LIb7XK^UZ2wzX*gl7{;V%aRZg}wh(c)F;)(aq zJm-i~o(7wd!B@rA=5T3j*D(E5Mrz+MJ)*riKl7;Y8O%$$2wYOz?hts~_}RBiB9Psh zRT-$yM#2MrTukowvAOhbPbVz&<+3aDvA3uzq_%r@fd`*9kt72lnmxE<*b~DFx(eWT z7p`Wig4r6lFvDL$w?`1CCTYag>+8g?<0{0g{CuCny0w>*a&58FU%-v_FC9Y|Amy+| zXYXB+=8?ql-QqET02?bU&>$8zPS$qn&sp9-ygF@TXBkuYpk{}Q{cN)9MP+Oetx9Bx zkHPifE&lRLH6e=#E-ITYQ|MX4kf{U54J-|P!;uEf=NKmDI#rnj{V@+h9Q?>$|5?)d z_Odt=S36n*eYr~wJ!1L&b(xf?+%wSErvob+<<_U6=g~KXNvKLDSJG=5C5qw3b95F$ zfnpwI4CUMv$|x;m7-fv5Z5E~Vw@{T2qDv3S73`mGrf8mjK40kPu1L>hM~q<}`Pfpi z=L!ez*M>zSkCYI`Q2wX6o7F53#^IWOIP5cXbk5TFa2*tl>kvL-!s3T z*S~V%ZYvTjpm!YvBFi)eVJP#0`e#U?%Me6V>QFrf#Em;NgRb#4%Cc>Rq-jFMLT|}x zH={<*^We5-v|PBG!0ke}Sf7{D%A6c1i7PDs$ohT<`bOT|ipPF`ou4T7Ga`YQW&WDC zXexuI`b>L+v&KE21axp;h%@H0w_+iHP_3oQc1gN>{n*z2<%WCdy#j+Kc9E%fAC0T; z;=gbuz3yTguIctNvjNHMfg%W0(wa->0rQkHE4~~Tn~35R8aN#QIIaepofAhr1OeQ9v5LQW6D}N{u9%kS|skK7dqOThA0WhZB}OUUD(W znxJ=r2$N8to}rZhbZTyF4h#fB*V)J#&CDX-|AP%tfZR5O0o-+MR5X(Ly7+^9)Eh+g z@^2)PVRs$-j-z2twiUV#1b+f?4IbD*c*VQmxw5&x4BBg9^rl%&5S0@<}Ey{xR+L%vu2rY;f+Rrs#G+bAx$y z6+z1hCtYMi4FfU~32uU>uT=cXx9zX$AHl+iz-7a!Xj|f^d6r%QZgZO?O z^hRTqpSV-jQVTh~fQCGuflnrhhFxK*;sJegvx=eAcn8CGb+cp#wSq6(vVw!AESs~- zdB}NlC~{<}W~lL*CEpS7`-f-`e<*3FnQe*&idfod8d~PoBu~YpQl-(P^l0AJwgg=> z+8o0{rw{w0(G-k>t*&#MKr-j6bc)te_PgPVcqNA0j=R*C@swo|bjI=aTyh27ibwKs zI!MH3!3TDqs?qO~NNeaP<}8SS;pn&bz3Fz^+bkuwS`0@ZH&lPGPH>WDl25QzYX=*S@^-y{h#BnDmv3TPmMy< zbHUXx!@g;npc=E5&^lHE3eRDcgHsKn%G9)MS$>7F?`RtKm$7!zTeIz-o#p2FCgyR_ zMWU1$zm0|hxe8a?(Ej{Wbpmbr$ZH2p|K!mypC;HTwvhgRAE3kB_3-CbEy1FWzMX}c zYFB5NviYQls8pP;3-Q_(dHW*9&?nh*UvH8<-oms>B?!BdSqxMp?HMsNTQzV%D*B>8 zH$lyMPIO~Q71TwO;^PZr`t3->6(-mC>#)aW31jxP0kT6+6>>kB2x9=dLLPIJ z%Nt0jnMLG#NkTAm6WVEmK5~~F2d#yANoebPIcBw}xuQj(^LC{ewwjW}Pv+n5VK@0V zP{|>-Zr*NGFy5vzSd87BTpy(k~Gfqyd!@Z7z=+K5BN{{ zDdD$G5^@HgUj|XIdTba}v@1TX$2C&e3sJ>RLpj5{BYjDiEXC3H?9Y=EU@Oyz)58lf zS|vCeVQO?C-|qU)Rta`72Qs1$%X`raZKnU;Og*f3cmSFAFKM&)-UjOTk;Sj0LVy4h znw2j2{t@s3@dF2YVz$VQh&(nLT@B1Tlpt4Mv9Ct$8Xy4~%T}8hBs|Gx3vJjiTn4;l zQjX{eYF!>*`#GZT;E(IL4*px-U%W+=&&k!jfwSwUK;0jkurU#ytj(-ekKxCLy^RsE zZrXL=qH}U20TKO{C*FiMn-f?t^Pa-(9y?*&C~c*GWH$&2mO-2 zCyeV;Q_0=CQx@@Xq;|`7aS&UjxKE0U^Vu{zh4{gdt3h&%b>@b9#9q(q$6Ap!M!#r=4}VM>dWuhu9{5@N zAX)#~29D^m5^M&w`={8iIkn4}XZvD%Fgu`<;wdTlk$CBM^!glM zhbM5guH}0^>*c$dvKD8dPp*rANSnui7P2iw)CN%LOoFKTk^a8$%z7<0D#}U0>KZZL zE2<_FV+4@swAk5!MofLH`4Tp$4a@R%co8AArELd^7&2Oa*!kuIo*aYX#753!dA8BS z41v)^^SZgo#L?n3(~-OH=5^HS2J|K)aQ)YV0o+=mS0dEGCWjBV4U2oS-)tSLLrStH z)nye!%N5u|4Ba^==-`BUS$Z4P)iScf)NAlqC1O(ur)-E`QXlNB7*&cc0N8<5N)4b2 z|F2JmBv*{O!}7{8$8Oy2@=pWqnKvG42?M!NEg6jCwc|o^WjYX}7x9B7akXS)6^PQ# z-&q=<&evaVv+L)<)k|%$;?U~JpVsM$%kuy+v4l6lIO-sCLJOPReqA3bOmgjXXD$-T9E?ppLmsVlCdIR7%Ob#^MI-Jb}e z98@&ek}N3!C28ycKBLJJzZP34`#OjMtu^-cdC+J;Z4nE3t6wn;w-w?rD&n zO7q=@**zxTr(Bwq@MEN+%zUgBL^eDCyGcDyaQnV+nXylb<{d~dOAdmhfPUt>+llvb zEsdTihaAFhGxUEIV@&`1aO2Y|{PyB^_a4S{6-7KrucJ|dHscW55-y4knVun%@P7^i z`I97(l6@o9niy)=e)i6!f4eiT(LbH^Oc5#q>mbk+@5^$Yiq4&>r#1~HZ-1t~V7G7l z{jp<^q*P?{!C)nQIG@YJFCW9Ql~k3?6)YHTuOe-wE$tjsqcz%qsP0fx!k*m^BwomZ z4~x=^8)6($YfJRfhn6ZWGw&N+ZLgc{ZVkr!0nR-q_iHW5Z7j#}3E!T;B>eY?+Tz3^ zcfi@x%$q7Au#0ZF?r^MUVCidv&DmF;^Kv{L#@P~M`hj>x!!4IiHeJ|E32nSSh4+V8~a`oks|fErHMtqzlrlZP~TUI&E1t z5Ij341fBP(bZ~J{0C~~84U@3lgx;a&pUD*26o7to?l*<9rHqR$glK)4|6tF zNZVIA({OX=2NgS;rv~eCzcy0mJGhMtg&rR*_x5v%1yvrtIAlT=^A1zdG^{M`j-X$n z-;}1(fO=|d*j(4Svm~=Gc)bIdN5d&d6%4_hd@?%7$K33+Lukb+@5-OrD=}GwGuVv) z4l0cZB&H6}zwOE1cGxiponD%EdF`>8!gB~sbXK6e8(#f$>h;v`>_(L-8I|T)_*UFt zLKS$yNeG@!kNZLnfH3wObS^x;e;a-A%!W@s&gM2_=|sV+%s;Tl!^V~@1!m8YIfSF& zL~zx8h$i_U#qNXy!lt#Z1N6H4O*}EhI!F>T}OQfKScN%VI#K01l z&zN#eie(;aI#HMJ+yC@EjSUzpBx~Bh?)Mwg5H6}sU8&g>y_gFdH65iHwIy9dDtm&( zQ`b`5k$qb!#2n~${Vcd^xLAqrws(x1kDgkgi=rO)`aC*nDotRj*hpC)U#hcUeQ;)k z?R9H49MP!_Z-Ku-JZb4AmwyCmi3;)gLyq1+1G=H%lqdj-nm?>P14~U;0+kT{H6j6- zYRp`Z6GC6)P*qHO5>;d*ZDgI?tNB?K@VCouGo()eHeo}#R8E*2LG{2PJA<;Nqn;I% z18g+$2vb|U9~_H$|3aDn2nro7w^3VQH@lxCW9){%P_5MD%GvBY&}Vc)>qZbFE|T(5 z`asXM68C7cYvC;EH(;$w9V0DJr?WgXZM^pU`|Y6%FiC&zgf2xrL0^AyWwXr_M;Sjc z0BRZqDYXgFVx_jyoOorB_ogFG1{4S#a>3r3 z-YY=vDyKe6D}(47cGF}=tB_`03-{@uNIe-uLqk}|$;ZEt zON1A}ilG|nx4jiw-=|{>D#E|!BKNzRMAhX zWx50joD%Jg>c+-mQ`K~K1F|BVYs9q8Xniu(trI4wK__7mLLDR`1D%w(=V1qG^; z*{b>z8!0H@L3(2P^TXXQpi(jUS6pHpDQdc1h-8XI-^KSSJZ|!1D)7nIGK7hq=;-=Nz-g=#8mBnk7EUOBU10;BG68%w<{we5h4 z7lYNAbt>}yx>col`Qh@Hpt~=%hF=dG_+nB^Ju(b^XF;nid!TWj%lI1*vX>AUR0jwQ zmyu2$Y)02>oTSZq8oSO^kB*z)qQTqMHKhmh>CU7*h2(w2b80aEOevn{Q^lt`u5ESw7tXf=uXRBimVC>?qJrNG5PRKWw_`$=n5bEJk{sq<|d*3_5IBdbIiG zL5$F$euD$+k;0JKK&(WMzjDyhy^OLtI^>rw(EM>D0`LhTYp1~?dR+6{!K6bO#r$9= z!=)FjTyJ|`^g_FjB@3ScReBQ-2W>yJTVBN5>z-2u`Ud>94z2mu8GJCvLqQk*#;+^p0_KRs{j+f_S4S4bbIpus~KAKKvF$=h=$@-qrdV>GN_V8w6d*FcZ9CbLwXK`< zf*mM=j(GU=jd>4~M3ouJRJq}*e#+W$-=&8nU>`QpMR)S^@BFu1<8O_xfffk8pB zJH8|Cf9@dZQP6m-Z=0RqobC_5N!Qnla9H@-_G_w zGOLY5rDEWk<@iw>QRGIEyXG)oNFzGh-~wa3l2YL>8(EkK*)^vJhX=x4baHv>t`c*{ z`vN9P8}~cy2RYT-#@EeTh|P#wmPV62byEejhy0Ot@ETa`2L zDy?Wgc6!Wbjd2pP`^~(dXkVlF-76=)rMjg8Mqz;$(!OxOzC@(N7zwsy59z0^UAM1+ zxeU1Uw1B9Hro%{lG#xEPZVBaz_m%3x(sy^G1D`jFR|!P5*DZIiM4Ry2q}-gp{x&-ILwN$S5<#x@EW^O>nqns z;&{*0;KeU2J|s;ob!K#iF!Q6`xL|Np^;7PK4qS0{n3aosOMgRmnz60gOR1Zs&wtoEfO#s3xeE1F!3ooYs zL)SY+$r5Z`+ilynZDY4>+qP|6yKURHZQI&yTVJ1Z-tpi4H&IcMd6grhM%0>fK5JnX zJS3U=I=~IcVnxtGoQ)rj95ObI{4Izs8-A=3ON@K3D&A&|BTY7<k*U&;o;Hxzw%E$^w zCLpl__%D5*#Fwh^7kM%E_)-fg_8(#=Ne? z%1D*|cL|g^%4dc+(?+Ot&s6F#&zP0gh?Uxi_X;qoO|M(1)Npa`7u8U`tw$|P-q=X4 z>gL#Q;>r8tV&!mhhNuS;m$#3?u-6GIqHx#ZVTedCu`cLf&dMPB@q6BLO{CNA?UH}V z?Y>sB)fqnfkqLGF?D#V+#4I*OgmvBpupQOZFxB^Op@ny2GlU^Zq9rPfZF%N(-|vwO z$qHHn#rVz(UVhmJ+}V!UD5-Cu!#p=Rhkf(J*293CMFsBTV!>Hl6RG_Pkx$5_`1#r< zge57s!rhWQO6zspd<5m3(_FN+sZ2khmk)1r1EipDo`%fl($YGx7_SUW;Aee;lU;Wl zXZkWzq&71Q_;pG*m2=&aztr;IB=JrS+E&&?f^wciak)xisaVO-!aB7n89 zmkj+8@+Z0Nl>g-mWF&tJYI*2k1uga~zpFc?%x>li6Vgm8+9W^opHURJxGAnkthl8K^w@Ay)xo0`Sb zUk0YXkCt3=py~O|_8D+Kz*zneeLx^!sOqkF`B1UWS`y1PNSB-dvgjVp7T+5iqQI&-Ux=;Dnu`sSjPt);seQb2eq)2Mvy)!VaXO`s=x8wR0vr z-CwPoB@hT0D(nT&p)QtkL-4H?x=p1DHh7VZKWO`NhHgJd_hM{#{*WgDv1yE}DnERb z{HiHS=4wuw|7qXpZ2E|o;#8qg@54A(OA8!G%Ky%Pov80o?)T%OKY6Rzs8V~15}Hvb zR|h2#hFLJvFbJ7>VP7}4sb5Z8Yo3y-d5&QqeELJ*xJr>=4SEVOI|f)vkzwDG>&i}G z{{*GA-PKrE!oeY{W?Mq{GA+p~qEfeS%cUL#vWSt#b@lQE|1SZ(xyJH}cs~!o`oWqz z*E(DEgyQn4P5B&Kl*3k&fnpxVzoYVN94Vdk^-uqmBUG0*E9>heW!5VQcAD*~Iwt|oO^ zi?@C4$peCr;j2js_x1{d*d`(8n`xf3@X^Y^xVXYR>g9Ma=T(oOV@dj!Kdvt=-mTkT zK&nkkd48*Shu_~ft(s-Tv6at(n72Qz|MhL6S`oWVb!H3npp!Dl|3P?Epz1p=FJHf` zJ*m~j6CN^n^25glt}*!wK7E@{YcPm zn&W=!EfFQqLQhgY89LqdPtyI?(41>fv%LZxJcr&ZUSF$uv~pdUJcwZ>yWrwm;i2^L z64N7=HYT2CC|(&!gO0nKJx(Pu@B5^_ps%Phj&Id&J!6Mi1SKOC8bYkMe?Bl|U5X#? zJWCP|?6|}}jp*n7bM)aNcQ?1!>j9_@$cfqV>Hf8hJAF1m#KDLS1+Glf*3?uwQ**V6 zq9yoO_NadSA|!WM%V4pxi^547aK5a~Jh!e7BIlqCX)kx;ie5ei1~H z;+W|E-56}D6&af-_yLvT5&Y$({cm_f23ZiIkARgXD#@o!&na?Cs)!ob*;O9{ZSuNr zvKX55Pm+I_=0!{Sx<-rNAc>Gx@wUk>UlP^*<#OW) zw63+>7iQ~Ub*Oc3D(&lk>yu_j?ePp5(J4jxk2##jtG7|Knu5BIXt{l(jbLBbm1FPl zTEXJVS>)Xq38B8T(KtUa#&(3vM}zVT_S1O~DYM$KZKgMu9Q|G|Eb(_|v{BoSvit+}dsH2jv;RgzH%ub)>I`fGPB=tM`rfT4GL z6b~#C3e)yYrQO`one=T4<`{4z;IU;l=B3b}#8EbsrTj6Q8!d>Z{|m~p(B2N26u9xQ z_+kJR?+@O#sZ9|fM5D8QD?fa<_u({D$FHI1zm6A$^y_TUqaI$LLl)%KAR^&RYt_P7 zNZVp_L(=*udNJl$NZL|5#}FN{#tZgq2TVB|A(gRRSz^FxD2ImK@m5!FT*$xZG;Dw@ zEY$!j&FC`yr#;*2APym;_YFheOMI zm6g)9)dBN|QoAFY5S*q2^x0TaAMzd>13O_bBJPzK-;$8{u)3~jp2M-)2k{+snN(@g zD-luBsW*RLmss^N`w{PMvpD9Tnqz^52kld_JZDoV-jZTh+2Qi*VJkS&8WWW2^BVw^ z$?UANBNC7xix^aTN0Q1;x!|t(@t%V;zQ2B6$K}bZFYm)Z`nZ0bd_HxuKgfJK-ZU=sRv_<%@t7Oj8L@5p$fk2ADd%w3dt0(8JdQng@_A(ME5 zt?P>@#z>|Qdh?d{IyC7W-lMaj`)9J|Gx)b@p6B65q3jRFl9R}pcaYAk{zAZx_3~~M zrmvUkG3_vaoY0LDri*KqLvDXl5(#~*HZD_ypjfeC*LK&Olvtd%~~WC9hlRWKVV33pM8@HP;y4v8nnpk;aLfwt8_N= z5J2fNz5d+HbQ*iccB_Dci^4OcK{UtUU*m4z%^-=NrH z)_#w?Cv&}KUG@q1oPH(D>72Y|PVoYt0wqvY{QS)s&<7DR;!y{+38`a(w9@g`ZE?4R zG&8D^{uvEb+az6lDq0t;uEaqCcoD-!VXu1L7S+nwuC||DI@ax#$DtXa=Y|v=Ge0B zD@-Qa5uWRQ89{0{WHEI@p($crmm}YzX@OGqVk+$R^jh!a&jh|a&T5+^+Aw)#I_qXS zNQ%>?{6H6LS`3Z?&272>&HXC{mRqL>klXFEZ4btCF!{U^qJ2d*fP33N$Vh%eW5(E7 zLE@Y*tYCH7@ipI&U6c(HWT?&!$tk-SGaBi?UYaMC2(j9LFU#FENnu1OR7hEeeZ72furcA|I*qn{Bl+n2>4v=mD34!&LirMXx)2eTN zWb0;UNCS%Hrx|7IIN7oWXygCw6E8wr9k88zKOM|MrS4av^dT=oqJ^n}dTz6xwO+vH z=dLKdk#O+dwZ?4~3cGHR9pKtpQIw9t(N={pfLdPGVEXrVStuC^6Fg)?ixFi+V9VUm zfxG_00?Z09Ss5r~7#Tt*GD~MUDzNftTHNaBBS($#-C%Y!9Bm?Aw$7@PBoYwoiI>Tl zI1<3P17LxDOq%^m!N9fY*&AXEf-y8RT&8}7;$tpKQI1bV)7+;%5H6LP|Jep#aGqo zMm%gXW;x`Rp=0XK_PWgI$sw8bpwS}{8l=~^ruisJGt70hZJ{=z=thFdW)!FZSSclL zswyzu!;H|9#9B6GwBFk9iWKIB{@Z~e8w-rOp@VV`>SDEnnh}q?1ubEsvmZkTW0#Og zhYoK7oa*7BGGHm7W^A$LxtL=WlF_de+F-I&)sW%$U?3ClAoOd2?X?7in%Y(g2&Ua6$`Yf4_CJhzs=o`N7ionC|M@tlH5Q z=v%7g5*2BDw6QoSJI(je)Pu&6DmqOlO*fn&w%4IYR-+wv6(b|>I|6ylk_Cv98MHW# zR0n#E4G6D?%Ei6u59EZj-a)fq_L_bJ1*;ryi90PMAt!%$8;^J(TZ_@UIKGSvPEH?l zP#O+vKT@=4Yt#B#%e@$hX?9^8`hsF;DI~P**m}Ex>u}$^Xc_NsMYgfL^#*>ibk?L@ z2@UaP932FVh(CQD^-x_dZRz(OWD~SKq#1BA)V+SR^y<4;*Ptb(26QS*?VePM&hVnP(3|J-4*dU zd0kZ`v4JIiRkM+x^B=xf@OJ75z0D+QCi7A_otSQ_^Ek0$M#aZf*%Ql4IG+T1KvaN*e(_M9=p**MdH!c!>_tYr48fifKkv1MyZ?6GoEqnP& zLT;XU3hnT5B#=J3%(zg-cF4J|P-(2OefN90#B9zLN*x#^%BKa98M#4J<`vlJ;jfZq zwa_~MXVzvAU0D47x3gRVV$-M=L1LQR$WK3jAXU3%@~?zRPzUuVz?pibU4_VM+1l?k zhK1U6BJ`b^^8-R( z2NWb;76;d7Zr+})8+lg+b|4!!9aVP-sf%U0xHdyEG#|IQ@l;CJnZ3JGdKICKuA1I& zi0^8*q}kB1rNYB^2^MR=Ws)Xf*4J&`q;B^v#Q4bYH!F*}liaRE<1m(YnJOQxEYBlY z9Hu9VwscBk^8if=uf8-M0;m-=?uHKM*i$B@xRMD9omDccHgWwx?#fFG3?1>gD0h=Y z&G%S69~3Y0-RA@|uW;0Ub~}7ZKX7~77p5;mgxna)n1&IMzV1wDYg=?WcZYx!=CNa6 z1!T8@nLZ}A&N!hiI8P)mIhe$6fI)vdf5_)|5Su{BzOQmWmU)jBLQP2#Y?1uzOi~98x=JwWoD^rXXaL3OG zBffF&fi&MFJOPJa`4rtR#J6dH1fSX*!9&}*v2(7cAA#@1hkuqzJ%pS0?=1Wp^iFt5 z@;M~)04E!B`a)apSX)mVx>GZauxqNa#1Xf3dm-f}|8)uyBiC)8^9QSuS7_G-m>`t( zi|Kn+&9ShVUu-+>RhACE zXqLl+9ih&D1Tf}JFWVI&=st$x2+|6pN-_Hj*z^3{Mb*+1z({o$F^;gt9>&xnQ`t49Q0c-Dm z1nk^!v4lb_u3wKd&7M7pH}UYY6+X{^Hii?09@dFjb^&({0bke0S@lHAHucIJuaUJJ%Lr^eQO|1s2J@aKa)0*?B>{#<#kUY)-1cH61zzm+YYZKDU z_yxP#svX^o-EP-+Xxn!?ecH@;wfS^pkfuOXDcD{7RhumBW|7H7R7e3u6Gw=d)NUeg3Y$5 zy0o*@&&{sVb03}s=N!0utC7hOmYh+5J${I_%U10BH`%es7jsH=H;8W7xSvr~uE}oU zW5XioQ~{5#5Ix&m#1+13FyOAZ{hD;6bBG&K{q~^y^ojs}rW_XsssNjuVKegcxKUa) zRo`I5L=fe*->tSg@e~LIEzM$vEa z26zyPaFvB6fpO3ZO#W)!C#Pz~gW9&BxQLl~DCmbWi0KcgRV1LW&S zZb<3h5EsV`PBdVrU|pX_VN6^Y;9sLZC#dPH`b7$}fqj zG<^>-$5M@eJ1W*JPzh&i?`UsnUjumT?{b;?jKYJPdZuacYonQuRq;C$4*bof(=fHt z%wF~U%BYmyYBVk$Nrr7KaT&lxtVegeOMR$RhDrEq55zu$T_S4!=c};E2gfHmiTMcq z2qxg+LCVelHqlD9Is6E~wHl~-!O$pfp!fm+XVV_j?Hy)!Oc&PxZbPNSUCG9d9OmKg z-%G$=tgh^>O}_?#Cezx5gW28Bai_x1c8SpziH-og%>@^Kqg$3BaKg`<@~+X0>-d=; zjYS~Jr|BpAtt`!{2!!JH79X@T&zkBVJWK6imH4Oq%&;V~hm`4>6DQ$!) zf!r$U^X7{=J3Z5Q4?Xuj%sgXItiTH;-VY;t?qN*;tncE5{ePq{t*A2qLJ)Ob+PwfC zl5^@WlBb*ZF`#6N-&cp*y@%9;AL4|Ysr0LyEz6OU;UP{R#0gFHd2RZfVMtzD@OU)N zv;#AX;tj?ZoY|-dsKPe@6aU2FwaPhq`;&)32eVYs zDi6=l|HxL+5W!U03&}(eU0M0Dz?j?P@72;*UzG~+$ZQ$XP>kr4!g+y0cuXO(X zkLMr)g$zFg`G?W60;>nzpP*G6g{>V9Pa#c0WiIRT87H;7h&JG{s1UtIl@7*N>Kh)C# z?NMOtvFNdK2AUfY>bZ40tDX??M~ah_eb4r(WZ_iC!Hm3a$R~{I>>tScC8x5x^MM%I zZzuN~hM2A*MdU0a(7z*O9Q+cA_z_JXg*LXRzKwjeA9>S=ks*dYsvKKj{Y(Mm`abu? z@$xN^M(>VViHju^xtg~Tu+?BuGFT~lscihWuW_|=KXj@oyYxM|LqI?#Z(dSY;9R&= z1NfB9`2QTNBMfUn9P(C=4u)**_T~15>Ngo2h}(cZ=+sf-1Q4?IwJp9XOT>zrs%hsA zHWvi{R=Tt5?SpgIbw!Y_sR|f*ST3(a;5_#oeI`QF3W`NV!M-i@J9nD?owqzXr1~d{ zUhc*RDLx9RgM<&u8S9a?WW-O`fUnXJCUE{>0(m$rD_YwPXgBLW$`lELO-w{v?rDm$_*M^U_Za zINR=%6MnhHR|utWm<065!0?+45OT~N0uF-+;*b942tZ~C0A?sW3fKpMk6@@AHyRLY zo@3bMX^OBAxX#l*HxTC(7w0MAwEq>4@6 z<||ZaOe$F>uqxd%yP09KPCsvvS!+}v5v{e*ZhY_r-lpTKRP}%R?AYe3*ulHhS-2#aX|Dh!(ghzNnE=$vB zf@5$TtOv*S?;?eEOkd!muB31Xjs%hy+Q4f(@rSffl65ZdI0u+PgHLP}>)Vh74v_{K zk-~MXb+A6?ivHW%bo@B3(cTQ=lrY*&pXX064)h%Pe7~cCNS^$&Kc6MM`Po)h$Z?ddI?}dAen;Sg7`~)${K!j?>^@&dE$XC7GTR6Pq#y z@>Ai4XtgXt7{1}&Ls$D-yokUa!{G%W;=g!xDW#d}D>tE;OSL9c3^XXSKnmauyOq0J18g`HTP`Quy0HwC<(ST&+FE825`-=Mxj-#sc)ryx=?P@<`1 zbh}Bgbyq}L#NAhsr+!%>9(Nb z`IXpn8{AYrRnbh@DQuAGO^cuz=}Z$C#xT8BbBE$SUt%fOsjLhA5Hc~dRDKM@p3%_| z@q{qa-^`KNpIiNhYgfgt-;U=4C3Gyck)|gBZ)`g2oips1O0#Sd_2z&nYf){mIqbV; z#Uqkm3)&^9$xVbb{)v_7D|9lA`mdSQK1Q~`TPjq$2l$0DQ>HO71(05TwF)RE!reZh z2ra_GELB7)=Qp5+`ULBprbOpsI9N&lhPpR^V zNDu#S0_XsbV7{En{YSJ$JtYI_!(A!NH=q2Ak=<*{3HXaE9|k=(JG$~`VTb`V;nyhX z%8hm8@N>DpjzcsR4;C;#_&KBSHCMZMd6K>3*VP4`T1QE{{L!YMvD*RSak?gp zL6)4~&Fhy%C~xsL@2gr@OPiDGQ+Jf;$B~xLf07hNwv{_rhck=$dpk&WjpF2}8>m7= zBQBfQ6Lc_%IZC>2ipc|i>}1@%a(Y1#3{`Wcm4>yj%| zCfuzEAW^1m=%R6Iqse80Z9RhT=-KY$Ftps;7S|zJp4}GZABtiIEZJ}No7y+vYd&Ik zb~gizq<18Z(BRB`6R}~yuFQWT+We?WV!bxEzl8eYr(hZ(c@RWY$nozwXdUcU)#C%T zQYkEh;y!9!1M2Yr0)h4VmPzS*qn_9&3bYb9tp(mlvX-J6$EIS;|4#^jN43MFnaBAn zFEpGfM4Azl4Hm@?UknkP|(kDcssYPKvQiZ#=UJys0;xSnf*KAQ*aygptXWvm%pNrpF@ zAT{AD6*D9|=ImwYtK~SSBT2WJHd#C^73C~B;9(`SZa%O3(YP$gX+BRkxH@K#ZZ`gA zx|57}#lkshEp4med21=TXX*KzmWqs)?apCV#g9y5L4IWx8S>CukX>>VMvAxd*L+ZX#nl{W#%+R6rzf9tYMDuZ86H&O2wtY^Hnn`>;frIw8(IYSZ9u&5|bgx2D2Ev#w> zKlQd;Jby}P6pdyn>v{iDje)Z0rwJQo`CFWWvk4h*`O&cXD1=SqXQOAC8+!^(VRqW+ zo4CQ$0%l%2UUE7pNDs)&KB>qZykjMcGL<@&6yLQyOWq^G!GUDJ0P;?9|$iuIL)S%kQtn zdnMNsjsq;74Vv6EgG0J1`{su)kX;>w-f?~+4oB{zyGzTq8x6np?mu=yE1}?; z+Tk$d}skH1h?FFYA%henXUX04SYcXDW<>Nz&$nSl!-%*WB2(G;_fFLO}MB5O^R zO|5D)O033b%!kd=DQ>0(kcu4Agpl4GKj*ratDabyFSD<8taOY@=b8vi zx-}Re9RR0g%Y|#??}n`xOQ`xoQ%yNrS}aF=-%MnVBi|@mb|O!zsD@k@4`rb={KBfc zQCS_$>?2pJ<@agaMBfX;KhGOxFPO|4^5lyQfxF!F7V6Hi!rh=vHC3fE9I(gHl|Qy1 zaI4Nb?`Bx1k!Dl&Wx%U+DJRlR9S5b_PW2&yE9=?&U0ueUx=pn;VNe?Kxf;<-${=Wt zq7JL{bogv~J#Y9;I>a)hld(JSSrUlpaJNRSJmXADvnZWLIa}Z-b{I=G-8^QV+vQHx zc&fAc$9r6PI}1L%Qs?%iEZp*#3Ht3kH?@d-gs%0Pf8fy^O`&TB;nh>3j&~7gtx%Aw zZq0t~>3h?}7MQe{IU6G&yR@g7(sNCia&64VQ>86l`BfU9jCB}TcNb(5-eXef^?LrJ zc@FyN^?0{`?DBWL5BB~{R@UnIe%&vt>2-TPefW92E#K&V?_c;4{+bPz?#h!(?)7x} z-n2TCK0DJwo2I>Y^3~A{qj;>;^*9leFCNYM89ndQxbzQpV|Hirjj78LP&;@h9iwzeQK%gAa!|TiE+uY+MEcslQfp@OQbi6jYWH(Y%O- zo`)w@bmZGVF6ck$xN7C7uE9k%$C-LMoa@Z4C-wD* zdogiA73P9v6wPT=7$#?uEsFjv=u$d40%wFd0_G6xO34QdRUG}8d)hKlLshKDI?QVK z{0fd8!m^q6q*^Dnblp31R!l{;ZNQ6El;BikuskEy%DO@z(79|ltHLKF;k>l6f~pY=?m8HVvP%JwZvv4YFcf0``jteeu3 zp!Ko!uSF4!W$C0G1=y?F@_>Esj1sry)u&-34ufCXb^h=W4c+DKpf&(dYbYJgjVEOX zMTCVGt{BajdkLOGa#7p&)^&Ls43c$^F^3$T(Oi4FRESU>!e2mOHr8>%M)H+eof3YfS*3Wku7mHj6u?&HXG zBeVG&jfW-5aX9c@X>?n6Ju5>h>4Y~6qcR0o6HmZwLD_JV0fT)MfW8Aid?`E?F<7%Z z7UjCc->L9Zbt#Cqgnb$R%^rkUpwkG3$Ni8RLOo;bmKT3z8xjYL8KQ)9GI#O&$Sxza zfT!=XjHFjo43{ho)io7|FubY))s>sJz7c};GD$~CXB5G|Ijn4=n03$7BPO2BiKKjNwr zEiz-6euOXif4*;izCYBspL1)!Z|{$df8J1L(M^BOY#a3&zRcXnMw@@O^lxtJzGA;h zKMr%g%*>2`@4c?go%vqGbv6pIpft4MkJO-rt$dy#ADlIQO^4ynox3%HuXqB<#P2Tv z=#flxN{;YqQ3`D}suX90XlI4m44%Qxlv%_RlB*AHRoKXM+BBi>gmQ@N{ui^!9%GSF zCcO|D@X)@l(w8=&GNuMCMdGo7e2>2}hOT^f*@Xu+d!AEgr(;wUvHy##LiaWJ14dW} zj0NZI)EccnYioD&M)uwvp~U0l!nk+UxXU)_V*VEJOPoSb{(4q?@1T@}OCQ#y_q|?Z z00Oi~=+a40#R1cm!A0U_l_JcD+02aEl)144$O?FymVi?2mGU`mzc`KsjSNX}j`5x7 z>*7oYVV5h9`a*UDd!|mbpZw#6Equqb}Ss1`!s$;kw1=M}s+;ECcV*mDqv8tsl># zJZG9(8#s!xr_h#=W8)fiI_E5~7Iq>7{&tkl!<4ncAIeXbb%*$}hCYNGHwBOU?~$>B z!#j}(u6`+nFbCbh%t`_3jcu>}BL0y67qwO$BEJFS&rsYq%_I#9FEoj3JPOvpdh6bm*Mu{3J z1G(H1o6?NQ5p)pP4v6d6t#7splM<0yi9*!-u-gt0gJ%n(sRH^pKv6v;n`RA(b2hTv zAf26eX}{<}CRN8;U@+VmKGA4Ph(ihIo#2<_o7rsuHp6)4VE^x^f$a&Y%7l+APqDVtygFibT(qnX^!N}_j{~Q5aHWFdnSNF;DmfO@vk$MJHX^iK`LX|KMA{t zPyI9-X_$QW^ym3t{KEWYFf^nN_GNKsi`zAP8&a{8+h(_)(s8-Oo732!T~2_+KLh)` zVN^d3v)Y+9J?3w4UN@OYiBzAT&y(@JM&E=zzmA&x;4dAFOKc;N^v%a#<{6_FGDB*CV?=Cza>Pm(4ki*B)xQ&E zHT8od)X_}4J8UaTN9PM4&Yu}ixM9$bP+!;+LHKydZqnDQmpLXwX1j963&?zPz%eson)GAH~ zzT|BkDVRSKyN>^+ZO~6iDDjs*S zB~h(PHOG}t2#7mIg5xw{SYNF|!AX@R+!f~e{+<$kJsZ(B68{vL&#K#0D&(X2r+61E znSd>??8)>c;q(Qc_2Lf5x*Y{ttUv1B*~+e`z?WMsiiH@lf|Hp(EB|4(O zMN1Y_G-TYQg+0iGRB{MvOA=C=aD>2`7;cR;$|f;o4QB-1QA+<#{XeAIW4yAXx;j;Q z+9*Ho!y5EI$+TI1$Ww9izw`SXY72S?8qOdD*Z>=>L0C1&RUV8f$fVZUH0qhgVg*UO zM7SqE`&9tD)N~9o2Rk#&5njlnu`XQyrK_Nd**IR32pA((#k;3-%bup9XP%{qm*lX9V&CX)O`5J8=@E^xi3Lk<_O{B%&u7 z|3EzC6L$R=Z&EqxftS8#xlD6f%H9MIU;PjHJqnc_5?9g*?b{EFB89qBF%*;cO7-XWWNs$H#&6?lB_WP#Do*BP z)^Dm5bs>Zzp_@{#ks~0}8)?#Heez2oSdHM=nJx|7`1T`~1+?-rX=K{;$(g~09lkIU z>S?cIi^@hnVXzhrizm!Is%vA7#>oz54xHJUzVqjbBBZ2c{gT|oGe{Y0$FdoKu{~WN z>EST0Oig{38)@5ot^v&N<(Fvy2E(!WOP5iv^$vtHAJ`ZOGw}`^eko-MC&+(0Tvd%a z#Y(*kXQg8?8G%}yOkRrm|9T9FT_13F?_)RSchH`k=x~+#C)ypp%x;6mu;HBas)|IS z1m|(otT^UN^;)%+AX-je-Y1FKJK*SuedgR#vSjL_SONwaaX$9W3asG`lz2es8==D%+V)1XX8$S6gSNP@|0 z>-+hfUxWz)%qo?T&FwNLCpc{Bvn+R8rW`QsoyLQmjNXfdt~CN87*uZB0%<*I7 zA2?fnZ`=Zrc+HW4b(s+c$FJ@nip6$}n;iwozw@u=wlCpN2z9I^>)!{--(D_Cnh2H> zkq_-bbCy`FD#8mZ65r)($73rmU%dha?Ims zO&2&=lq&wMe!KUk_~SGl{>GCM66(efL1rkm2vq`*_(ySgg@;f}wMOWRrYY;5ew#p) z@qC3LSdNFyWss+<3mD6@OpT!D%YE&YqblI-EC*Ax8Q`q5IOOE=r+Ao>Vd94j^tf0% z9$K97f>LkOdq?PGGlj5cuKVamgt;Y9(&03akv=bZs%- zvl@JRqV&-clbo!?L9YAyUj@6WT_58JWd z57HI(E8%HfZ{2R@Q_a91ppJF{GzJDH$`sn$Yn+HLkpCnrrIZ(5D-vr0sMprwMNP>ZsC zErH{Q)H4g|F|C|Qb;XNRi&L55+PhjFafmd=pc5h!bUZr$oDU~d+!t%xYuGy#)I?dk zFFVCy(u<+&5mRWo1F7G#iT#3}!0u*Ob2Su01cy5BQpCfP&9#ST_0OR{`~PyGGw}7o zLRaY~Qqjd^j!%PFt58!x_Y zrPKq&#+s%(xv{&KTQvBb1veo6Wp*>-Izsv}^GvZ2O_M~cH6=mZEKu~Ec}h$1@=+Oz z1Z2Y%vlpHE((6dtRBoD5s&hNCx(6aZ3*q%QX@1g*wP(`*mgZ=MY^SZiB$nr4q55nk zU^X|TKc-H?GZ`EUtz~zGeHzA>#-+`Y5%(XwIoh;?lRD`j0#uXnr<6>pTM13q-` z`+l%VxC^Ep^f+SmfUFu_P7k(WMjx&OZLh1StA%x=Lcg9oLGCD21PSlB@yd-Dj6ngT zN{H^))FxP6>H$}^H4B!cM1o7$bNvb;83(M~XUT=?z&u2Nf}8IM+z`TLv1{IRgum(R zY8YIb4$phox%TW_e?}HTAhXd^j9#UPJXfDp>>RG;X`%Q>#|95mu=<7~k*H3t@*7mL zC9W%43*A<}a!q3)IjW4rBhN!U;8B}r(ZZ|I*o+YQE{X@=6%kfQql?X6BQ#U%#KjXa z2vd6`VZl`vcu`{!sm-h!#YEekrYP0mXm#&=>wG5fE9|!NA@LPj$zGqsr7+mbueV&D zB8X|)!IMF$0H#p=?H;Qh5_N)x;;;uAUBdZ~7Uv$aMe8vj(B{!JV$xQzm7|TL#bB<@ zhi)Kd>-t(hSn^>%tv+DD;4(~4W0iqoQDQaC8CEXS8FrIQ$7q4|zr%NgbBuU_xg4g! z${XU9c9<(p=2DXtE)GV5Dl*N?3!bzv*roD<_w-oi+wXoG%vuH@_<3eWbYjZlbmk~3 zY6%C$8)$#hvI;?9soOk{{upp`oDq;2U)l|RM+&AVo5Y&<9ZOr%|bPE?&D zc$f=%hZ3WGQLLwZRTqZ*nIBX;&Y|cPNxf3HU0k|yFWCAFNJ^!C4105xiXQN6!#;cn z_hqVTyWLU#TLONadrP()2YBlJdDQxu)E0DfE30Udo@3_>;@oK#a}~riDT43J`1Ox} zgN-0MNQmr67ljDHH<|_1^ z6+j_35-GdQLP&ADu0exFn?L~hj;c4YJ*Oee^I#xSWw`G`PI^<^wKZrmI2 zGZ;3aZsnrqmE7P8_I+g%5xeIYTkPVjSP30eKib=(wsS_Wp+#@Yg-Tm&t8aosX#!*A ziYi253G(U{h$sloYd)qOCPC4nEiBeoSrE!WxM95B}MMsxSg(Th?O~Db82P{^` zoFToi=OhJ|L&bm?GRy>=OP1}+B4}(8HnQe54kHjuyLf`p`(yP%5KN0K0%8~xc!mCFM;PM5c2sjeu3z-}=2`;W-tP-WDA}*pc zO_E`UH;K+Gh(hh9L6^j%gw_aAR}(9}glz43#ud>@fo+#3g8PM#7$cc;weL!2BXL?1 ztg=rnQ6~vq^^5iNs*l$LXS`7bFAiNaN?`qu2gG6f=;k?N7|n)_uC&C|UszJF*Q(54 z{{rjo9BMu{mh+F=9>kGIHE1haCx2F3u1=k41xD^yhrx*z@%AQ*JILgsD#tQ(LPw*O zD5COV7%~(lQzYdNgC%vXscJ=%r37_gGGh;>G>L>vnWCSA2_gNH`?d6A+h}M<*v!0j zPC5fpin$3VNthPCv^>x8=-SBKkzl`LBuuPANDgw{^FgM?%e*)m>SaN`)tR>_)pXoOxJ1_7 z`YyiU-#5E9R9}Wl@#!BG8eoAB)hNw<8+^P=36O&pMjHe`Nq$Zz5g?o-WKkGj)BB@SJX z@bS^?QS5euLW6Ov5$rdELOJCWPVTE~xHmGGCQxw)D;Sej(QhB)qRRreo;9!a0MBH4 zUh}v9*S*TW3+Aq>%i#ro>mgU`hzM@)MD;*9iy+h6-adm#Ma^|gPLGGqPh^tXen`wsNtH$ndFm?MAl zI@Te7`waBLH$(pL?eCI*egymF-rgX8cbCe%zWjF$+vfK&jLAT+-2W|*e|pUl>w*6K zZfY-qTRPMV4C!rgzAxG>ak2plR#)vu&b zp+IHHWN-O#9#2YT2)wVmdC9_z>-UbupB&60wpS z0<^5&vy&N=qoJj(E9)Jd78r}!Z(x5~*_xap(@jbWS_>xeiy`DhvW}Kl*3$nxg+0Q!5Y%!5W1?FDcSId)hJ3dO`yE5SYDMzc8#yoWBAMv0>a?g$E z)(=fOGZdY~HH|leFY?;^@T5t6P$|B0Jy*{fGw;x)$RIO0J^kxLK3)j<%I zCN6!bEz!#yIB?_4A~iP%aTT_?YKsHAyznLaz!b|maA_a!O^(V*%q7!xD;N7$T-ls( z{f~XmVF9U!g;NISDI1>k-hJ(7K9VP{>c_IORZf?^y5xJ&2Yp?fa-A`*V{Ndg*a|g-mQ67t_Px9`W>A!aM3h# z{bP8gQ}9>6WE>VUheC3xc%7cVd;1Hr_;lMk?{q!sBWoxA$CQ%dq!uVqX;Tf%QvfdQ za8DTX{we50^uNg=rh*PqWIy1CEJxpO2YZRmU+TE>pHgWi-yXo}GF_w4xmZQx_dg?%MQFnNKZgK{;s zAjFnU6bk}UUUEF&P#w97cK_q@q^^loqe_a1%2<|!+J*Zp$C|}1xa5~ML5r|W>@lFu z63jOCxZ#J1Jy2DgTfYPhbxe={uxS8JZzCglLj8kf@5yO1s=-)Htms$;Yn=PN)AQa zFM@aJfe>1>59ENqVZjo;>M>hiCQU%Lyi^B-J{Gi+@s?@%>MvTR!8pfR%Lls{IZHl5 zvib)I1f+9;>{9AzG-`)LM()Vdw?63&A4KB9Nz@Mk`Q`BuQL*R8Z2mO7+M$of&dYB) zOs-&Yar(8}Aq8vS^A#rvnu=~`ZXWx$=K1Xlj1S_ulQk)m1ByWik@Z;{u2s2RU2O9A zEq+`5O}aWh&AUjsY>kt&7|{%5Gu41wZEfu$H{ zOS3DH>H!B@-SuoE0E@q)W$)EZn3jr9`7OkJW*!))W=7 zTQy@cX_Io(I8QBG4PNLuVuZui{TphROjAIqyfhK&0H-`~$MVvFkVMl_w^~|Wlo@y^BH*7&u7Zzw>a{!nH(+L?!`Ut!2L3md# zAERry9ClX$e#0^5jdZKv7a*w~nM( zd9@=r)w9YR_@z%X%bM~^y^^zg|6)1(@!Ejg8SBlQLi0);!ZRd}^gDnrUKOG||4Av) zyq{Cx_CQoaugPuHHlKnGbc9Mu4ajb1!4L|`L|kfm>IPQfEi3r>G+Kv!TP>TA<-F4~ zea#H>cd2XXd&>R<5Lars?uDmX~xdG>~*hnuyoRyfs!7%)BU=m^g9yU4THi@hjsEiSdmq4ASI zsfLoVCsW;7BDiCJX9y~rlQ0%$P4ib?A zPuA8t`VZavhRC8on--d-7Jp0GQwae!yp?xf;RTf3POK1PN(V4(z%htcA6N>Sn^NSh56u(GwC48K&39|Xqn@<#T1UhO*nuE@p41O zAUfA|kAT+Vq^>_XT{0P0c9Kqd%6}4Y^q=d9lH#=2U{%l@q_{mxkI!pbvqE9 zzkB6FAzQ**K_k6I6to2&pRz0W?{!$-K!L{vDemtt|6VGOl-d=`u0`fmhSx=HvzuOk z`r1TTA{6jQngmiu+)`F-M$-6~_OZ-_q6jA~4k7mG5TaC6MizRxJ;yX)Ob{!MQQuSC zGlMU*61)gnq&$^8=M!-b-V*04d>;)-Lk2oN$K$OttY1A4)BKF+ z%;52co+H!jk;di$X{GjYGhfpZz@=B4f9?A{wPxafam;U)itOa9roxtg+4=aqlNZAa z`xhJFrrJ6g9!VsER^rfOvkAgK)@{fVq6VAo>1AJF=OEG2YaEi%2}@X8qaV`e&wFXl z8#TM+3B*(03;J9JZ7;dweFn@e)|9YiL|I2_K2e~VJ?d6cR23p=)c2(zFf1Ee85kxU z|HMuK)Ppo<7rkkkT|cthEz(`fnzNR27E*+O7)!F&m2jYR9m;oS)PIw++#F+aC|8sbgOtySk{-c%#DNf^HqbHD>g`Wr z7&$I=78lWp99`<7j^ASfc%4SWk&+JHZeI=N9rK{7N!*&W>g$JblFPF@L!HoZZx$g* zOrzwkJa-v0Nk(tJCVXD6eAIN&v*@YG+0pUoyxZURka`~mD*m`>@0c8Ot2)R}+ZAsk zDZ|^d=Drg>du>ob(w{M!lGbFjg4USYjfgGW=dHa^8&=%FnO}R`t(Ik=xDdHv6q#gg z>1^*y!YM}_Ki>~MWQ{rxSjvul9MQrW0)P2?P-?i~}L}mx!b!E;aNagXBcuy}q7wKQG_VMFM3G zP1JMKKu5Dai9)T@uZ|6)eIJ-pH|I)Ao<-V6ATr3hUV`m8I-8ktrY{kIT3QgWR!_Ai z6_aMAC)|LMnTrQIac4)-<+W2Age4iC6$y%L7-}wl6fB^L`968^xTBO_sN!tTpDn2% z7q+G>NG`s`Na8|0-@v>^)I?|2{|J{Ek;u<4NQEadX}v!IZIT z_=hHTmIq^>?##n%r1Q|5%n+Gh(Z4aV8m$Ew z>2!HU$%NdBRY5^;*&HE}N+ghm2|`|#6Z47^pjxiBoPB)}d7f2<=bx^Deb8d4(U2r+NaSpR!l8T6CkQi9b{!SwvNhOLIf3UBF zvR~{XUVn7OYB*>(R0>Z`;b1-(Jx>=p9@1Obr<@9pQ{?ibjBfoI(*_&U`Xh!7KV2LP zu)GR$+xO(`dv2GqL$2v*Fc~zXPlaPb#;sO2w)@1RUvZyFEz>}qJokYsDVz;K@+43W zI^uw&!;-FnZPbuQrXe$XV+ADfd~6MmJ{lFu!%gP?3ie`QuYii^CvZ^w$~Q=iNIhhK zAAjOptizf(puPfMm#HWFv7ND!Jh`HfBv6)ekJ17!bWXVfFQl(*bX5VV{agPA*XBHt z!X}qKI_1e~-WRh28L#jUcrsBxscj+`5Zou|?@J0*{)JWiT&`ibTbh;<f2g5;Z@KdqY|8WgIG~pN5ijPT z{aqEm=4Lb`=0y%!Jf~7uBxFZVKY5Z5j;!U$U-Qtz6a0lUMHqjIW(A+Q#XbZ2eCPuF zZw~zxtMr0`q{B%dM=1WR0@@*uj&W2IbHmFJRRE{Seifc`1AnT9SnAJ7RcH~hE_>bD zYBj^|@phrP*L!m}D+I*`N@3z6*0#2$2_)WGf~eJItyUbU0&#s&?F7EqnL`BI#!p^h z8X5oLvZm6etxeIH@fdfQQSL#<3~hBC1#0HBD| zW|-c%Y{*BD5Hht;6>0R8(yT<9@eDuzyHzQ#ey9o)(N>7xWj7eI?Y=RRrTmY!1uDGp z8^1h`T)(16JzIYsblko?T$Tj({&4oVK>il;2EWqg66PPt8!*KvWF|l|C?bq|ODmRZ zUr^XOz6fQam@tEh;RcDNwy)l9)BN^ePfvT+88#uwOh*S!{dm*(!1v(}F|jBNYs``5 zA{qF;cwcgqO@k@@I#$ctyqH(;3&OAgl`DB4SUW{ZDvzKBmcS<1X|zTcGc%SQ`QBJ? zTWU0;m-#>6w$0N1YncTvJ(j&#@r&iN49ac68u`BXAqmRu!RpT<*BE%8k?BLs8=c|PVFcv2+uciws8QXRouAYNp-yqQv|DZ@#JUN>`@5V0 zrrg1S#iDx6+&u5hf3ihJ!(TaPW50udqsI&$%a#A)omBN*GLHIrt)Qe!IDzgn7e+h`#Qny>14koljpOrhj@&t;6jepT%W0*X-Rx-zg@_40TBrnX^~H` z4#dEw?WW~$ih5U_Dy#sHsr>ITDnN&h-rA@AePT-%UG>I>7uIUdHfuf*&2fwwFL?`> z+Vz3;r;?d_c5;5NU9vK~>l9W1s@`ZVF9qby;QZ#5Y?Wj>b;Tv@(aEqGU4rm`xo~OB??M)BAhIcA7{tV&dNdW!AIqrpcM7Ueaw{u zw4*QSCGf3c7MjX*Y3i{rjGCqxeJ1mZU+7>A)1e&z=q5r)1Xu=>6r%o@ z*N|&&vJ~S4ic{^z zdbQ?QxCtN-*8Jlt@kxNKwn_|{{hSKYiB!Qs+TFLZegzPKTsGAN#$ML6y_!JVPcK## z64c6JY6bD`o;ITIsXALds=Eei@^}gxN&NJadD>m|gL)XfIl_spa3&-Oub#Q;k(hbi z*MP{nyGg&f;;B<$XLv92$x~iucsU&7N5o4U+W792N*uztZoV>M^Kzhci;aTc%bQFh ziscl0c}J!9q9U<6{UA9q+TzdACrc)daZzo8+gbw=Bz0LKP$eR9c3?kR4k$pG12Q@> z@fJ${^r{rAku{bsmi(Ghtb>c?xy)5b#gJx`hVejXi2POfITq8^TH!G4OoQRZ z-NKkm<%;AqoR3ib4A=#GMH@!4tMd7tS&w(*n)goJZAvPXFA}r=s?G*Z4~He0@v_J} zW)by3m)%ZX0J2!suPlC$!?{lYXXlw{$=wE~X+zpY!%913=Bye?nsN-@r9O{QnwG(#jZ6s zaS6UP?=dT_Rprm?E+{zI@&u2f7q&utvz<_g7MquD7Ds9CiVtTAxDP)pqoU8dEx2V}S5Ta&6#^r< zaf^ZcqGdNvw*mTBz$Qp3oiH_=ju^2_kjhx0AMYnt8tRI1@prgm@BE*yK!HfgRH zh<&OGi5A;(G+4=Tjxkm#@6;77X_ArJnYpr=;_sKj)mr|<$N48aPN1~P+nVP=+gzJK z)DbN%w>$l4#e6euBhu*J&aD=r7!&S>5YD+4BrCNc_qYAFu`E1FmW!V?1XU4CPiUkf z>{Vn;zdlho^Jrd^@ipUdT>7$ zFn=!sQ4&_x86x!q+1r2Ib%+q3_F0TS1`ERKMdz{OKadPls>xd7BP~wa#6yLpf)HFe zNL!g^Ggmm-g16tt*JXzKADxEO8)5!X4kyb9`t-&tG%pa^T4_2pa*RmOsHZ*p11y-J zAST}YZPc;HyQjejfk7Z_+y(_Y0wScyt@}3BFTn*ChX7I|z@9F^|K2R;;nG7JKdyEtSB8YpQ`pPd%tO z3pY52%bc20#o7(tdhJC@qTRSf8#G4N3Ito0XQ}rG=BeD1j(N&znk)fJyI}JwdI+#5 zP20Q+6&+(T{AGHGuO#1DG4gd6saC?`J&)|1U6Y}qntd}7b@sxfYp&;Ca7H2&RCCHE zb1M4_K%D^~7JrIBN$m&lRmz-U947-u$;`8z zi=U(a9-wWU)-A@8rcQrB)a<M`sNF1_OdmeMq}!y$H~6c%x*3RbG>BF z`BuRm2df2nz4=5n28vb~hVg}4#OkP&SECVGJY;-2eqKYip8v`?zdM$TKnMs3P`1cD zchkN~!wjv@Mlu>W3YLa|?<_Gqf$azgba6a9kMt8Q$vI!F$FO3LK6NcqP@^aN~BaLo40)h1}LeT|Hu=g7x*q2+*?;HliqJr@yx`2X^wE z-a^I�M~n0k2Xuqls!trhe=EH9eK7oqQCbCEug~^7mxt>`mefUE+4to2jCz>6|_* z72rP!-H~;rO0I#OU`e7E{!yiYss;1CgF#If?_2lc9@y-ROjbKu9Fx+=SJ_tE)D}M99Rn6E5%_xNFPJ&b_3spBTU+^II!Sq z0v8S{3g?M?TzV0B?{ZvP&OsCbO2K4{kH-~ypVmKMpMJKD*u!|KajHlRKOl)sJ=kIIHglp`q1)Npa5`p+G{;Y z#{-MrFyg_bSGn519oJ1I6Sh@pNTFVh`^>U7AQ`kf7PRV!@((StS2(dvhb3S!wwaXg z2aimG7}~%Xk4=p(O2VwGif;_YHl4t@4CvH3q_08cp4PqcT%O&N!_IE}*z6OiRjy54 z&o714A>9mVZ2IWU)p0k=zut?v@2tjD{yN-lyiA!7@A$YwCfN4mwZ$GPCJB6-Jy3)K zR9!rNyA>bVm}FOQTWSAwNM@ikYg+-apR!j`C~^@gYpM85zjSLBO00qZWw@nVM2!Ot zjGIfR<<&Ys)LiG#L>F-gZyWWJ))`2PlUduq=hfcDLf_djfPP*TgZ}5KWJ3}(88$25 zSm{fxF1}&j6-gpFR3S&&D2eg5fMygjZ&kxyEs1mjRT$prLB@_%J>R`m2b2 zDrXH3wjlR{=x{=h|NEVqR&(`iZOyZq+%P&Tr$TD_Yo?)E`Op0pT;7qoGwg643_$RG z&;y&Qw0ux2@N&-6O#n%yoXq#6l zdY9J}zb;&lFr<0P3szj3jjlizZ*ByA-U22+xbk3x$&y0&bFX;PBK$wg*;uZR*jxI+ z6LuU=!JvEAQXE1RMi%GTSO_#2lWbNiHclN_ydSC?6@59#7R2{bQKDtu$&+;x`WY#4vi^OqPa;%! zgC2|`dq?;h-5YW*`A)dmaok5+p^!9*MD%~0M5Q-T@;$#EhO zKGAZ@X(o*%UN1TQlU7w+WqJiwc8#<9i`voY`l&jg=d>o3Zd!!5b_^EQL&0w?3N-)ZH1MgTv01rfpje;bgKOkx{+_FwP z7FBU<_=>-)%(Z%C3DVmILkxxRl-m+@Zm{cQGpE@9_@82vaF0vMbfI`)V@>RsOadY` z#q$~t^)E?gQAWy^C~l&B4VV7HN>B59@Q>GatfEVm_P^TCl|Pgur(OsOkf>1!DHjw4Z+>yyasLgoPx$l$joiQTr_@0MTXkSQBW7DK2`CWD8(nQz; zRK35saV64Xds<8{0;N6<_lwojEJ`YVwfjJ)%w)#>+kO!!G?8Ld$L+|Df$p>J^-GQB zOf&lIq;p&bmDV|XTxFxTe9iBYup8s0P6;_%)0ptR?u@(-(DKncHB7;vSi&!$r9%#B z^uv$>UqHamN+HfSeBg3K~7FSahxB9%-b$v-J zVq*Io>bJFV3NmE%)>+K>@bR5FoiBG$4i8E1ErJ$;m0&>wB5c3F3HN?a-{SZxvozzM z4L#;%yfyvoXrd$bU9%NLPNJ&pqt)*=59c!#2MVL^+j^LS ze*eQjG`)eek-x`u5x{%h!vBOQ0!PkicG+~&f`Tdq)-8~+y(E&7LYwli!P)DZCRxG1 z=KDB$K9~x5@B5}3IBEq9n)5^IeFETZL=eV$A#k_Dz3XZq;gO>adYm^7)wL~e4{P}b*?#q#o zh113X{YEEG5g%rZxg9YAl+c79O5v zc8BY1SU!lXm97XvF0n$44y*gfxbI%wS2v=D48cu!9bYr%z`lDKbWU1t%j(I6)WMCj zu$+@zRU>_G+!bFC@}%{5kg@R?NsRwz$N`iDP0cb;iM<8U@a|5qkiDg0`RjcD9$^E6 z5pXjwcWJZj5Itu&(2Vl=nx);!->KGNr$+uYMtBg$+p=+XuXDNG$^EpAB{*WH zc_#WzH~?eb;MCxa_OR2-@cavJcpnQ-bT|2R=d$k2iqAC#KKy6>9EBY; z4I;D+>M;O*{YrAnEgM?B$%@5wsrd}=NwWR769GW};4P&?ScIDm_Q0$A5T0h|l~%0_ z!m}cb^`7ZDgMYxfP=)B%Pr0VJX6LcJwMJY9t(M5;LlE=3JYSIdWh`~31OPsAWPR37 zG=dQ~g1vAm6CSrt2FY(%UJL``87(|L1nCkq3RR_)?*@p{EBTeWpv8FO{{kB_Se<-k zQ7$+&uL*0cx*eQ1puMDAF~Fc}1?T3;{*5#+tIP%en`p@0MLzdCTs{7OFb%}NMpFl9 zo(Zt^U~ya+hVUfhL&WAX$OpNi$%K=IIA2jiY-OZNbvgT=OzSbZ4y+^TN4%Pv;A&pq%6@pYI3MKJJ81Gde8BoSS%G37gMyOEJ4 z2pCc=|ESCIq8*GR#95ljtjPI|vP<_L9U+m|JE&R`KIRW-ingB+F=y7g`&!azp_Dxg%8klVa?RXg3?kLi zxSW*4?Bp&H=XIv2$40x4;TN%5u%UE$?zQ-a!)Qa@B?v`dc)T&ou;^ z*^A^&m4eNr`^Ypp`UXse9#{-W4LjM{W0s?ajY|+DlpBpQ=5Yea!YC9KaTIi}Xq~sO z;9_?I6asXa+MH7e$XhLy;MRWJ@gvpIGVLxcDD#*zxM>}X+708F*JrVhva}0HW^%tL%uD_6>;k@XUvF5eVH3Yv?8OWXXKA~Y`3fcQ2BqbAM2iXpVf!|t z&b|iQT00>KDReC?Z?7})rC?Mo=|AMcFE>h1QjqkjHGB$H;y@z$ndupAr${XMv(AjG zZh;IT_+_Gv0n?dz%)N0U&v7bt;s^qBhACzuaCuVcHqPt4npn=-{|m2x!GFTrgpN9v z76$dEX~?}t)j#l?{|}{QU(e`TO8kbKMlTgRD(n>TpcRbuj^!G3g`Yu7fUaz&#uq6jk7ox*F2t zn8mdZ8?VsLCezm*1p#jLU_WAt+=+K0d z^HwPh3>D&4jS5k0KEBXIKwt!(xM&ZJ|L;V{c zKMsdBWth{(6l5SNTGVTfF?C<68SgJ46^-;u{5+blO(QNlYYeT-NgTP@W>>Qi3ipzp2mHfOayEk^dlHo?G9hw{3G=c8D-97&f+S zjE7o4lU$dWrM$_`gJWkjWMis|0a$g^bXTfw?TMQyUKV=$Pcy4Ai_}}Wo12}-0YMte z4z6+QmF7wC)DtMS4vsS%qYAEm8FZ71@TNIj^<9Wj(T$Vz3cPo2=hz&Vek1IO?i;des(e?d&Sm?PCy~!&?@MnOjG9}ruH6#u+atILS8YaU00d?2vG-% z0!y|zGaN!H1;j1Up7+G)o3*3xN zM-W}kb3(XCrVxVL+O^(H!Vqs-m83iX1lI<(Z(H%)F?8KVN)iK5GCE#1#iGdBt+;Eg!F)bMKW#3A6{weU$tJN^-ndB6b|8TT)zm8XItQaaPVPWrJkwWU3D}cr5f|hPL%a0+A#C)Ir*Uyv8 z$G70=g;3uPiAAPLr0VLJ&0WQNQG>sy;CD5c+CBFWv~=@nZCVw%3CAKn=b68slmBKV zR$G66`u-^CLSYlxJ8&AeWwx~uO+`;*5!G6wODu1HQF$6iC2R?Z^^a5d&07N1?BqC6 z)E$ee{yr&uif~W~S995AQ4S?S1@7`ZMKhtzRYgv*Mh|`L(D065pgw0=y5)9)5EJ$U z`T{p-s-X0(4D#;<6hTN~KaL|UGXkez0PXmk6O*qmsx8c3#DRxyE-6APZ7Oc9?-Luk zY3ZSTuq6-HVYWHypN*Rdqy?0Gn9akH-FNs+20*zn z6WYLk$N$0t$U0@J(_JEAjub2-BpC0?uo}$CL)GjL*<$372b;l>?{NSvumnFh(OXIMCz6&G8|zp2VS+lbG@C3-gEe|j z#88a|oUEgbr&u+lX<4*lUzg1!YtJ1tJkh~U*rx$4$XZi?T2_hSW?-TH`7$5 zlm*U|C=Ui{DsbfB5PyqL8tOIGIc&(MqCTr-d58_u2Ib%9X+yHDgedZCW!d0Ta|jG> zCVP%BHyf`o9b(3Px%f&vQ1bp1GRjhaC%5iI61{tNYR_8cqzP0Hc{B+_3}^aF;nQ(TK{smRaQ{p7A4+V6nw2+ zPD>UuGb*6e>#Ykl0AqQ1eBUd!ihW9CZ6;mA&wCnZ6!C=^x8^UBz_)3Ea-x)n->S%+ zZUMmqXpxC$IK@!Dns#ZEHRnfMz#hrU-h^LD;Z)5OA;-CVTbg~<<+eMunn@l&BF;pv z!A`BhYv*Z`ezl0%)i7Z5tGcnkSB>rqw+ggc|4A$ zYZRMGpptSo;wW#I{@Iwp>2Ke4zD3g2GpdeuSh&WKG(RxxHBvA|1MNBE80i|@ zCa@0}yrJN)j*Q`#cH2XWE=Eee?aHlGW`CJ~;}jA`$HYgGr}$n}6{Zvw7jaBohsztyd_I0&=YP~2 zZ~p$#wsJ7ngPd;NmZ+D&GD)u?$l0E<{JZYhT#*(%Y?W;j)nRPqe$#eM^W}31NGscf z+Xe%dz;}znX|``L3aA*5SQ;`kKdHq8grPmLfrd5sN1(yQM7i{9SSGrLT`*zeFZ6o2 z-zV?kN==MR?SZf}o4>h@z-Mw>skmnhuk~Y`k?E2s^Y4tcn5@HVV zDx_epRH6$Xnp9ph%j<}#^R^J3+NUz4u&MOXVuoJHtycP;;3}M^^*JH#76H=#lQ{4F zeuy%^WA;Dk_Or#YpLbsW(foVnzQbwN?++VdfDQCn%YRq(DGR@Hzwh+#ori*wZRCqg zWaqsYx7dIoqbBt;?DAW@<+li2$;JpThiEzj>13%Xf=Xb$Uk9OB1f+qi$x?zC{4&*i z-YuqJJg(Ad+j60VlZ=nY2HArgq!(dVLjLKm(oBSiia>>4)n#x~4#rLJ)%>d3Ov%Xd zwKyMg%`~8S5_5(PvpX{ZN>+}g@9k(^k=AzhlFdapeEg;g(3E4%<0$l-SK%jx& zZ^3%I0A15?NU0t*fLRE^y}&N(sVMUg(;YPP7&=u)?mGplctf0MpHtl7zZ!6NFaoU+a+V^a6 z@s-PEi`~02Y2Aae5-bctP~7rQ$txtT2dF?%)lszfeFoncQq?z^A=2S_KdpzKwrAv9 zj{RLNg%^q(!W8shweA?h7yjsVcbh z0vIRS#4z`$>mh7Z!{DEGx;|@q$S1mZ5&PuI0`t={iX)FKx*!M$JUs{}()UuFjR|X@ z;XkHq@RF~HKe&xL9){Z|nfHc@93%D~@w-9KjSz$c?}L6MH}=UI65}yKG=vnGr??V^ zQ$46&5gu|)4Kc_japJ1m4sU0HqI(Ig(qE*LbGLI?y#)3NrAbytc$G^u6YR{KdM3Uw?Bk}a#pP*WKpQb)l}Wv>uqkH!&Hhf5Vfk&&(ev(N=;hV%=VfL0ZwfOCojTJSY2)TR%>sHDnc{_! z*5I-=*1ihrKWv(&9RrkLyj-KiWuP;Y}+c8SWS`E%Qm&BlDbub=_- zkDu;?z+l$^{ywGoyppo+AmI;4`x)1B)k_eRTbsd%$RAb2td=uTaI&yG%(cupnjt1i zTf_|1EL1$KcjJjDm5FjVG9N(H?rHLP;ip7}bgqw$da$ayWh;a4V!azLgX`R*yFVlG z8$xVE%(eZb!^2?Qm1r>$-@WheUHKLb%x;uF&|B2*C>v0_EIjgQp>yz>g!F9KsH~Sx z1SEroMSj@ZR*hq1xeCk{SD9?ZlA74eWOvHi#THSVx)V4p_5l!dNGOHC1H|R#cU^3; z!6DT#pquLxp6)Q2tFm|t{0TVzFrE&P1t#Z@D?0GG1joKW;(ij?%h@wPPy%TTE%%37 zKs^}W9Y3X@CcHp`-#tcp+Ug^{3@3OPB3lZ-oOiV~F1<3hPEi5*%%?D-B|*o;rsU3> zYSkhp-I^<5rMA{Od-Z7Wn%NwXi56dVz=X7ob#66GX(%6R$EN%_Oar4iuOO$d!F+x? zA;S2*hV}Mz;@^+kj*%V!TvXsS{^w*j=G(sr*0!Fzpol%bcNX;!{x|rLwOaQ<(P*D+ zQvqp6DiMXqsC`w==i3nidQLCj&uHg?RZ!-82@r@qU9c$GB^dU_m28owkCh6L`swK3 zFM1kf;co?$wRJP%D&pN9=b!k?uA60lP*Lze&${>Vwy)@0J;*u$whR|Xf^e!lSFCh7 z;wjiAnB(Sj)nteL9x(Q9gbUScxcdz<4na>fMJ7=o6$cvVp@r9{a(0vkpjkHL(7rZ{ z4Z(Si&9!vH_UMVkK#$%+4upKlYB|>?%bS7Qh10K+5-Nt=dBLkQ(4l{o%&GX&cD%1+ zP}G@t)HRTCcUHJu#|Xf+{Vb%IRm$Nr7rAx-Fz;DnrsR2oCH!q}(Uydb(z0+ez<%4< z3c`mZ$oYWz!@P-81;>OZesF{KV(t_t-xX;{i6cG>=DJV#58FP(&?dVTV7Y=i_uUCj_yE|tQv#H9W%b{h{UZrSmCLM>nLh56wASB$hdV9DWGOb9 zDyG{{;RgKAGnugX>NV0y0b49S=bV}n87zC@{Tp|#T`Bx$az}Cx-7aV|$iw&E=Vc@! zH3cS6+Z9P*^YAXwrKSpxqjI+wzbA-zu%c?&0>0Ztc3%`xcKHGUC;gFeT$7lSW7iA| zvaAEg35P92w|}?YBQ83`6(6fBi#L}ub)Jrb=YfCuCB;X0isHFuPm2vLe9f8sL6{Dy z?JmsYYzs(my-|P{TE(vppdj?B)z*x7V!*8L>N->X^7_56xe&dD2fk$DW&68#DxsM~ zVmw^xQh@qse%9Al)qKBk)ugLD3)pNdu|D#NoT{Ppf=X5`?W#}C{{o-B3?{Cd{cg8U zU~73sEl6a2Kn>pwUEL^;Bb8OL-mc|loSo%Y*|EHGsAHm3?$gU#DmAaohp)D0EOQ5= z1gvJ2R3mOCa{6yX?1m!nQEr4)v@CKu9iHr73|n~XzenB6c8NdJ?3yj0_8yv2q>?hP zF!GM#E8>$q&`%Mvhj?(H-WY{X`)SZy`FWKr6rvuktQa z{x5Oc&0z2E{-A^SsVYZ~UDwV62$1q^qqer8Gr(Yt>c0j2Gy}_bZz8*UKPk#J&H3MP zz7wk0T9o>KzLbe5%qqYs^{O$gbdQD}&k=?C1vo5?j@r!Koj68$)#Qu1|PXS&mhS?q^llSZgtMh9$Fedvvz09gxEA$E`Enk)J)NftzA4q1$+ z{!jhlwJW%f_E38u@inA$(M(%(XWk6{XZZF4JNh%Ze0M`=xvtQB@-ff$gzhNMKrWeN z8qnq4>&2Tli`P8|KuR`zz3E={CRK7$CI1;z$-lMsRB)FcY(MO@w3mHNh_jNgdVl(j zvPu{!u+<7fB5~K+T{@rRkAQarzN&S!Ll*Y<_X4ZvGbEW4EIbDv8liO!#nA~fJp|OV z4?7xy1p9%&-lAOxwF_*?A-gEJ6^&wN7-b9KA}y8?McSD(eKah(CaPSx8cpX|D9Z`m zZUXL*-1Ar2dM3?jTurTdvU|V$RjX+QHPTQ8t!J9qvGuYB=5}b{i~llgkNrXmT?Lvq(Iaj{FF&1ER^A$OvL{`grK}VQ@_35OwGg;8YYY*6<0(mFLLuv$mVEpbAdjsl!9W26Pdv_nOVI9-6X zt{pe^O1UOI#TQ%w{?d0d&2HF2PZ8p8M*jy)$chA;F8(}o&p`g4!d8_ z5@5_?y_Ai>k~2cJj)?n`<|cWXB~h}B+Cnp0ORbF!{R1CHGI=gMJ;T-Cv)E1;xBi2} z3c8^V=S&U(2qV1Ec19w*?IzIGb&@#6XA-AV^VfzKaKZ$7ZAy`u*(N{eJDnqr9Cee= z$OobHf381seN2WEeq9MBKL`cSK50s@Q;`#5j8i7Bp4PP+CM-L=o0UoAjN=Oof=hCf z>zk7qxl6?<4RL#u%0)g0%($fxV!^!j8LyYe82m`#@NP3 zQTlGtIQze}I0Z)e--rZQkPF{6OSk6p27%Eet*L5#wNkfdTo`(X*ZqI zv^J=r1N*iVTc$RwlBnuflyaw|a3RSwTj|{lv3`jtQ=WH1m?oWN(pe^*WztzDoux51 zlg={fEWd1>WuPv7+naPyzhEP>R1!!|0@y)Ii%_LXz62{+pM*`scH7Ls;HvVNt)F@- zWcQR<7@_2>`~^i@qkM6JR#}=s-X~*&&B$86-Kv#jiU&0!&U@DkVkHZaF36qOx>y0d zBF5SVgS15_m4F-^Yee^oM@@Fa3m@M?e=JF`l<8MoY-u6Vx8(oL$s6P^@d)sMKiypU z)BP{;%irC>bdlfSo06$DPstKfbnCkjw)eg&@r`I-yZ^bf>jF? zuYH!XwWlvwdt|9vSCH1b=|>c)JuF4rOEa!Kt*_>!PdFdPq64*tj;yj44%rLVpnXF1 z*|3lpS$DQmN2yTWraV24&zt5opu*a2tef~a&3cVgz;`O=v95hTc zuT-G#4$HR-XIO?Sm^>_+jT!mO5oRg}_4d3idS-AjGp3GCVcRpk&-s>?d#!ByB~VLX z=E8Q-YAP5K2^NTbcwz&#sNw46Ln%B%#vr+uiRw25wQv9U9NhXF#(oE;NG&CYPWS4C za2bZsJh;JCd7WU{(s+589Lb(P{jus8Xl%98j8=KS-7nU6fP-~7MoJ!7nL~K3DN5&H zDgAoGuwg%(@S>-n0%QO}vU^kE<;gbb$PWAf%F}6kFk}_=2G55of;_<{I$UG==<3o( zDPFd&bT`}9nT%3hpRKfXoH`wK-5J^@@r9(HqlEP7i$@<se zERW~Ef|*Ep*%!hvq=al)%ByXZj6C}hO#AzSA!Y;D4+*&ZUNm{Yz|uMilXvIcH{73G zk{2&*VkJg%Ymh}27b!byWMjf_`U$_UONC%^V*@aGX$ZU`q9pIx7E(k#ZT5qcPht)$ z$^XtEj3#ao?jdh@9sH9)ULd;~_TpiTcLAYlH-&Zkp(B+4-6Rypqh1Qs_7ga(HO(!| zTHu_5l>uTl2&}SsvGHBYF|GrT-n;~)_SkM)6-ky%Ju-$O?9R?##8$ZpctY+AXw=c!7EZ*D!8>M;K#Q<% z-TrXt4gjyjZA;f9LLIyA&oDl3V~fPb4pOjAgrg#BPd&tU60sXbG3N* zcVMqXY`0a;)&3k3P4H!J@mAIdo`_#6fYfp2oLO@HM=?2eX; z58Pj8zP*-z=6DaGEg)gNG&ZT@r|Y|W7bF?b;JM3YRl_#x#ncnd^Oem8@ABE&pzQF~ z04tx!Y6;TDMwJpJ`mzC%o19$IEz2%xC>iQAFC~C^=6X4fU(Bs1^-%wU-YJ@=v`o!1 z=%c?*ar4ZhwI2!(HIUp=#u{?Yz;@G=J}HxMcqbcL(nPTmYVYBpWZ0nDpCNSMI$?!zBR^gm?W?4LEF0ps7~3)lUSd zw$NKfNN?zFe6(?3%CIYQ=*s*}sH9*-rSZtheldlhHIL&}Xk2D$yo|fz6?y{Ay(*`L z+z55$2nUA(b|iQCUIV5F6a+L3VR5IVDod8DY=7{LAZ2qe1`A*9djabSihhSMhx`k0 z-iHe*Bs8~_4m#2#3jycq7M zSwo-tM-!yp8fg>pXbvrlleFr!DS8v6S&!GO5|(0OJIHQxg9`qt(kwC~k4)dM^P$rD zc4%9@g&Uo=pj6YnCEL&)7q*0VkYsZT_3@7w)=(1W*fRXI;9g*4v$b{V+Z%+h8cs*> zuFaS=sNmSPWLhzDIkVA^(xlzaoIE&7q=hg6rR<>YXQG$n;`Ro6ydd8NgFDO&<$IHE zNNsqT&I<|-I=z;&R&QN?ivg0+)lowVsBNuvv3e-vJTzt!mmubFwolc|q1pnSUiR4z zpShRAwNxQgga-qbf+@#IjAlkc$$pycFb|8({L_fyYT6{ic~@Nbo?X=#ymOHelF6S) zsM+G9XAjOj>J8HJCnE0sKA~`bZG3f~)Z?@hrXG~TncC2g`w@L(5MGF;E#|J1PJ^a-dqCMh3%2QtX7xM+U~XdNpo3hXUrCZFKN_ z<0tsBguNh?R$diBT2@E-q!*4kz`L7hTm)hA^FV~DRr@p%DM>G)r-)vu2HI7daFxUl~LSS^dfZ@S4(+NbS4j3fqO)U^eBM@ai<8lKZglB5G6EO15eI zjMT386t^73{$-vKsNgftiRL#~#m}mu4ql+E;bYecLoR28d5` zb+x)A0C$e!Qu4nuP*(h5HN^0H-LFO-e=TRvJ^`6KMN7rfU}^6N9&J~p=_{dMcLeuv zCP~WRzeC#bQdA0LE}W6YE*bKXMyk*mmFl(>OLotPU00ndp;8fy)CbS@64#^Vpkd|N z2Arl;vAH*GNVAR5`1RQCOPWjQ%##M#8WvHGXoTgMASzAd%$%91*MnX9D^JjtN!b%N z&~2?*`HyN#^Lfc=3P5B-gmBC{12uo6c$zrA&S0M1qz=!@h%uIo%5aVSo*{mp^S@!r z8!j8wvZ?-esb*wLlMT;f3=tsBBtYo&WEuMq*cR7(=L(nTJ`Nhru{kz8lbwmv@{=or z;E?1+OT6{vk~(Zy63-x|S)446G5~|LKIy`S70{zdhO#!)ZG@ON*&Sjw0%jyKXj!ou zAiU6&PdD^9tJ9nesOR{Q8tU4p>wQ?4D>hWd-@b13)4pp6kn+y_^IoTpiCI%3V`YCW z&UQAi)d6mZ6e2y7&G#c~Om%`Z3z4FTymz$VnynN~HU=<}c^0?+qPxif72!T#&NcNZ|MB;ofW5;$DLgZB8d{fA*8 z4alhtwrC8q@vsO=U91;Fv#dozF0j6BV<8Pl!dU7&G-=7m2XSXAQqRaOSQ+ZSfW7a7 zxc$gC6 z$bU126tP|M96RRX;OcK$BdHfDr5}PW9W$|EM_;=d_=wEb&bsT9XniichDYxDZxzkj zG1TTyK~GXAQSKwp(u9^69A`pkY*l^4(qR}&Gg_7VKmPR0M}agqJt=Nl!Vs0d z14-zPLobfN>&eZte<0iza%))syM`k6S#L^{cG^RJKDhsWFt|Tc!>?TkTOY;Fe(oTGBJVx&M5T&KHA9YZ?8cyB zKUBvuxP*5_!Sb|cij*)5?!bwlQr8L>>0sXWq9Ttph#IlAn-=7r z7jMaRBhxl!uWWyW%Q_-2K-DNuur{b_K;3`TrO5SXx-Bv$-;x*Xv-;hO8F}$}CG~%D zwURGFW|Nz(!)rqbw+XRZGDE7HUdb(Qfa<9hKJW=VST^F3qyk+Z5F`QhKeH<8$`7<1Nv$Bx@Gosq5 zWh|R&&NB41kPNX(&1K&SE7!?+%68{6rEg}?HJi^!HOCR4NhNvl=EZ{C@h#72neAuI z5!W-J@2B=tVO#Et*DuIRQ9^I@ zsMnd*PhP09VlVV6twfoi90qskh5^FjV<^EKsfWsQa~{6eiw(<;q`k}$pvonA0U7*X zd_gHs2GitYL&`T-u``X{C316R<$S}pk~Ys#UwUC|`q+JWv88_(Il2Dho$1D_uQEYT zNWW@lFL1;3+Rf?TtCDHeBc@27efCg$(SIjbR8dr7OyHVt=G|GS_r((8YE61Kzh*|F zRE7kk{yGfFYje_n=#E_Cdw~6UOFoF4&0wPvy;IFUe=NCT0kIQtplHqvW8FHp)#fb_ zg1>>g&C#;V#L}WOpW3hQKi!Pz*7u)op0`V*l)ppWuh!z~n|!TH47i~hITnWWwuRN$ zLMK{Fmm96IJ!KBV0pABX1wR*9vfY>q?>1Bm9I~x41%4!0SiRDri-tNB7m&#;j4pY`)n1>@uNJM~ zNeL71r0qUZeQ5dv;GiZiHHGs>EqGonoaPYD24|8`pyJU~IBde}L#<+n#X<-7(7|K{ zUf}2NKiwRCZ0UU;du-`vdyg&n!6X{>6z;`_)|Y2Gx&HNe#hOe<9DvP~4%SxNimk*I zyc-lCHi0ahrh4uE9Ekgg*x4W)Mhpa`DG8?SeX3KD*9m6s<2KQo&3=m$eg5hC;_ChNVw?VIBOd2U%qz*}T=~zVFH;^D zLIO9jllajZ_R04WEyiG)(Oke%QVOAFq@>1_?-d)wTp3nXmf?)6lCfFS9uf%pKm9q~ z7*?zp4jJ26$wrIeaGF)}%&ZnK>-`6GXjbpsyVl36nNH8~1KX1UB;HDtkomsNA50}M zTu3pyFlWgZ*p)G733TQYTOB)5pV$fm#@f+OkS>ws3J}FXGoG1_-kCE|&tG7w;sE!< z>7l+oFKXRR=1;BL2(cc7i-t;<1?75aH)%;zA+ZvKo{L$WO_HWto_`ZtaY(@mp7TTM z6VFrM{I=)z5}s`9PxyA7HPQI~sJ(x9@3|tkzQMLW`~=XDa()R;k=z zs6Q4gzf&}M2-vZwbNH*C!(%;R78aAb_2y9Z%D8cB)C@BDHz;+U)4PSJs`u2BkhX2P zu+JVGzV6Rpdop0qLKIczM^yv%9Xo#HVQG}7F|Mpyh-^j5$dbD<;93!|`HbPr3~<5H z;g=U}AY`LX$!pL(UjN&_{aX!V51qh*y#D>~ezzc3ricz_u2!PE-qDf)zL^3#J6uT5 zOt3i<3_cahieh$Ny=WOv6xPtfO>T-b28mMpeTP4Rxtx)VKQOYAke#>A@q+NT0L6sn z06K>b)T<(y`XT^^0i)1ikW;I!B^2O&VEZ{PeL=ay&RtRE&);u>@@-+Cu(YwkEC8`6 z#b0r;|9|$buepsI$=~yR3RLz%c9kh7d#Th`YHO=x$;qkKcC@CFJZ^zAkcjngz#Ys` z=6(7rpz&{pGeCo+Bzr@=SSDwh_>b;J_wUE+Xh=*58ZM3EXOMg9013n*;~Bcfc&v#} z;}}Wss<`GJ_{6qyx3*Dr!&u)w+EUGK33H~acjN-vcjr+KikamQ!aB7<6m% ztQn_>P&X94h#kq=&J2zY#8UNTQkpb|6>UC6+iv4{&&iEyvJ1q8{Fx1N{4T1hMw?00 z^X&Zm47LZ+5ZThktZ4Q5^ih`dh4v=?d%6y|R&-XC(1|eZ(i6I-ks+{v0SJ7>(U|pC z*a>(vMDSGtx@e~^i6aIGWO&8WXoV}p$#Q)+fNW1n4d!xieh%1mdxu3*Wc)B0Ju=db zPaY||2S-vU;$VS-J6@n*4jCx%djTjr^V;nUu*C2DsjIUD*C>pBSR6ndYPcI{P3S_3 zs%t^C|I%zbsF|cIWwGP*j^o4xTan)EaY%;oUCaFNQ6cD~@P;$p!sL}vBFj8|Wt735 z{sq~IN460W;~L9@8R@IBY#6U%`Ggoah+`UmELSG1eaz{RGQ=dum|*j3^5W8^YFNJ2 z>$+vl9WB_)&@_w34cSbIC9TWK=7A9Q*)YzjUn(1}6Du!5>Yji81qd*Mo%-OQ zn6x9s^#!qa#tj?u(^?1Zol%m-hL={+2SU}2%_v<{DIHHyw1cE5xHhPR5d&phs~aV2 zS+n9b>&5Ql9M-^68o~ZWbaX9BcGE2?E|>F6Z{&xOS0Vag=Z+CPlrfuN=({A6X{enI z3sDQTc1xurh`gMSM}?W%n)M-cMo7g>zO)*MpzgnUGAi}yuk||oJZiL8l^pWK+szp? zHOtivvxlpRmF^2Z;Cu*DQ2X5^f$XVW(wc}UMiRWPp)9N@H%5Rv026w8DxKWD&+6{Y zyl|NtTL>1T!Rj33j@qq0ZL%irY!12tfnUF9fwM9S=9vi;iR${1q*7lOtvWDi_K}$} zFpFR?L#eg49SXEBkbC_2ZdqQ}o)SEg|AlXEN?qpRz;k4{&Lhx&mw z<;BfJ>Of!R@lS_ZoE4&Z)BwxQgwnJ_lt$X8&qX`mgYfUIf3^onvDchU`)!^)FpgP-gO%L;EHPk;tq{rQvX zjhna!$QLe&QVUuJiOsB8Nh0oE^>Svu*?bpGSGOgL{^QP8GrQ?GJ*T1?dXMyyym|1& z-?ivv3H^EGW@0%@X1+U6enbQn$>|c{bO{iD_7N`uf^Ax_RxXL@fbe1<;jDr(xIOR; z&PJ`WR|EE50D%-7+)&Hh4IU5FAURl1sYypgRwxV?QGwsmFe z>aQ5m_X@ghIO0PTlr7}W|FqY^>yKNPgKrw@FnE5{=W4Q99>pKXTlMm=JfY+Te0W~0 zyI1Cc^A%f(W}Dt3tPu5bPpXmdQlI6Xt^ILMb=My${u5gUk;2YTuDvs!Q|HbBd`KK^ zob_$#H(9+Q8`?xkcWuc!$Vvu)BhMekhW`lx_od^iDHoXjEzSww+n73J+?A#oTT%RV5!`O@(%=wyE{Yh_;>0AeQwYkgBn5W~@w3Dov-FLh^>I6;fws!?$ zpZ)2wzrp^*7Y!qqOIp{g3XaSHSmKmJIfPJ5ASfOI>EY|hf_hG9o38{Ouj#Ll)#tI z55n;9z^4H96Ad$tG2JktTV~RQxH^$uXu(q$@T$D!+8L#vQ#w(|@1Tq^*X?@iRCC-o z`64nk3jU%qE*jA;iR7!UYH7_xC#!8_Dm+bxr_QX3eTJ!vIlJ7${WDAhEAzq*Q11|% zx^0pW%Oo|6+H02=4E!!S+Km-tLDjjnuDW|Z;kACU*ft-xqcnAdLYWF-_yYsU-Ht|; zk&>-hU23RsKht7sPdEOc9yVU^=M3-&_PDp7+lH!bX{9zG>!Ig&gx0Z*dfu8z0IS2JA&oMD>&$2{VE=x|W>MxWCA_zQ>EX zx~oL-356u`6FfPvl+A}jC=q1?Pc(PjGB#@{IBs-Eff27JeL-Nss0Wx-Xa~l0-sOpZ$FKw*OLp0sMUV z_CJDXCz9_GhGrc2K)^OyZ~Ss6&9wVV3Qs)bREr zTTh$}162kd9ry_iIlbgMjsU1$9cSz0u!EQIoLs%V`S|wo;`Z&;kHpI7p<;SYZiRO% zPFe+?Pff=|`g*-G+a|63U91L0p*6X#dF!HvWPtLiS{|1ou66NsB*Y9 zHt^N`oLaLnr3sdDe^#9n@{6T7eWkRU0XR-1(Z<%)-*k`2x97I(7GXu>p*~v5hSiB< z7_|x7iXg}Eqp$g|AKxAJ)3C0PKYS@xE8dbNl}ne_=c5tas@}gwseR6O)n0oYB#fhQ zJe$q5Kjp>0lwMj^FUjxB{JK)l)rv1#@~{-zqVA+=S85zrKW7S@41t5i9?7w zyPjXpuLne4@LA8TZ}-EAmhR`)kHZ2@x%H!U5R?Ssf z{q4uU2G=NmbLrS7NjDwnU+Y<`6E%z}|L+Ika?3=hGc^rGFa zd7(|U+shj*Lz2Jz0O$$-^XDJFjSS{fMXG1|JD%{q=^#ZRH#Sl$Ds#`XX4WdqDm7eg z&&H}Vr}(~S#qEQkgZ*ItodhJ!K{aseeP#_@q#k*?U9OZ|4NhUD_9hxqcJf6xY{xJJ1q_uZ7KN>_OcheUCV>hsmSt#J^|e ze5I}a!|k8cHsEH`Udw$cT2W^Q{@;we)?eT7#3iJrRMYMOCj#O)$LMw^iFNl}djF|O zsz-x_z=V>N=yaItE2GTWlox3x2l2Bbm(-ztW49@G?L>xnY*C?>PDJL&qJpK9UNW&0?|6$T^N_+OIHv%V zaub{n(&RIlc7HRE8-rhskKaD1TSBQ&tY@Xebqtn>Jpu5^??j_vt2m@Ddq_@`qWsE` zPps&A5^Pd!2_dxkp36TUq5pjfmOljFM{NNSSpHF{{fN*h5dH+zenes}L~#H?9Fd9! zC-&gOPjHE2rXg}7Sb%*SEDFmY%1)36t$*VrLQflP0ncwsD^cI4(R@W1?7&JFOR!x> zo#j~6*#sT-MB_rp1<%mod9iiAbTr-0)iQ}jo`;~D9Hi0qAefF3B1y=GoaQ`6NgU@z z4x>s2?8hjnafW1&KEi{HlHI1bl1CVkQGzk7$&MQtB{7RX8Qu6SCS}~T3fPvDoXRMP z6THh)?8+#a7%o$ivqZC5nNczcio4mDoZSZsg3sBP1DTzD$pWH=f+2dCsA-(?0WFgR zbvogs6SuiDdg_4ueW#73E`Go@v3K3I@>C@J3R@X18dfiGx2obd5jWRoxH zAR8!Oa;OcI+<+UD&~#7^l&o2m=F0XZn>8ENEXS;k;m;nnGVYn`KZ}^NNhZeN(X?e3 zNYl1mvQ=Jzd4Ah&msM|v_6{|?$dh1S^)|)Dhun(?XozuEKJ2-Q;O+~a&Q_SQe15** znfB#WtVST(ecMovcU$*4t^KY&r2;!@1CL3^NRQ>=;^GI#kG zC;1g~%-TsN#y-FJ!a|=AvfgyypO)@sa$1nK?W}&Ss^pK#H@ulKV+s%9Gj#sdv;?E z!=x|A<(fRO5&LMCNG8f*%`z0rT!-cJyCKnnA#mpiZX&~XU~d1v91qYF-tL=>&IHDy zFF9BHc<;mMYX5Pr_UDGH<8-e-+M3h7zAvYH{gVsibP};HU-fdUdf}X0kcJg}%^A?(Q}`UFgQfRCD*BRDcZL|D4v4h^+r(`Bwz?>} zW>eAC0(C%Glzz)N*06sWjRV(uX!&hWlhEk}U5nub+o>d7bAwoL>>YxAUh_sz>p3e# z9pgdvr8jxr4kg%GWcPGaZc*dm;TO6S`hEf)-0A zgLZ=sY%(iRGHu=qkVk3-Sj$yYtsW{I3>@^O|9;g)j1gIo!v(@n@I2USA z73cwe7yd^QQI!_l=r7;mOh48XW=(7JhOe}Tvr;;uIvV;vfScsL5`X@lEJfGI^DqbU zJN+5h=h#~^rC7G4VpO)|yKl*g*PT)g5bp-6`48Wtmm5|o$ExGIfe&U?tpW7hXys;C zNoCyzzpn`o2KSKWC<;feZpD%J8mxAU(pHh@KI*ZQ5}QgPH5VMC-zF;X?@lbXEheY@ zAMj*9ncRLj4jwhp;2xKU$Br6(I<0-&D{C5=H>fRdYYkdAZBa1b9KP~wakT)si6J{? z&UF-_$@a6&AB=6j$LEE>=)(=W=d#V9;DN{c(@FCB9w-x5UDfh+tSP?^e+d6Y*dpNevUzV3s9Qp5M^o6RS&2rw3h9Zfm+S7^aSNjFkh)lbPkJ zfR_mysCg?IGy~oRDMVEnR1I-QF4=nNggkzWo(ds-Ed&-pI+*h6 zEi>bTfo~SM8_ZKrg0GB#_z}A2xWMvfbNhleLxa1gK90N*9O!MM7lbh~hbQ~?i2X1?Hr)%$@$YW3lUkHhzUez(~1;rz_^4^JiUfXpm z%$4RHjp-sMP2pKJ1u3hyHC$LvHU(tIt>6m`&b;+grm(1tyv?IN%t!A4DZ8qDU z%jSV)d)Rt{eJ2Bn^tvupb(!qNCmA^avg$(2btFgpzUFqxi%&O!zg#rxvpV>wcN`7B zJ7mK&mA=87t+&CBKQ~QQuM;YzD7e2MNdTt$!=luO#bM3RC;gu1mmN4uj4gvxDQ<+C zemJP=Fi|p?8g6^s3|998kG}KU8xLT5Q@7ffp~Kl7M90x!E}9?F_iwbMiErJxH}(Cr z&Y053BS}UB=mRpxJ@^)? z83)Lmh8SrD`SyqJzn=nco`h(QYN#>r<`_hCRA>~uc`8L9c3C$K-aM@i91p!Y;aknk z=L>W7Vjiw^7T4GJNnVCU6y>Jr?AIB^w^k85_?8L(Qb! zOtEe(npt*#Z~Xgx8wQLRT2g&(JM0e|! zL5iTxMd8ZOH{Rs133^Xzm6a4#{IzM&n5)G(Ys1N=%;*{d($(KKvMJGUdvUa2OS<8r zYd~%*$T#LIeQ0e(=bVLIB4F0_q8u5i5B^JS%$36WQD*EjkERpu^qCzbi`w~Uiq}T2 z)v1W49Q`ePzOR67=K8Czjd1j&f{hh-U0CsAizeIj*M#ad@`g%QlJ~Tx_h9?JnBTm4 z|56QM!o6{QHFnEr<%9SShvlaX+L&<+9<7xJX4u#RD~@))o8UVnQ64PZ&8mDva%5lS z{OxL5_G}z>FCuN++c5fqY-!u|cALJ!`ChH@hC#OaLgOct<|TXZ-!5q__&O6`(owFNlPSp|()^^qE0fv)7f2!5(3_7}YgiAHPtfORpd z72orA*)7fsu?iIA*CuwO-M(H_V)1%KRTGrD+%|mCwW5))OSWOvYsv3tv?-RnWkuUH z>@{8USt06;nr@<&=d1EhYKxlDx|~5Lh1%}a?oKz9S4zkH$kZlCcQ*gNOHj15B6YV~ zutwjW+qcPDloHHC$jNlM`zv0n@z@${iCvK5mNxe+k|+?Q+9d6+E?HA)D2J8ap?1$>W7KFRXu;HzYu2c0EB#O#z@<8x znG@~qu-s##?HaRxn|(&F7WJ%U&5GChG|)pB8;zY7`q3dT+9l(Sp$Z`@+7`y~s)2Jw z^YS?3*VTtj*x>zx+IytdtV`ANd$r`4gQpL!CEb93resnb29{1kTSdoc@7O6b+ueYA z-@Dc zVQyr3R8em|NM&qo0PKBha~n6ZXg<%c=u3L9q^vn4^{{qX>swcm6-TwUtdgAMro6sd zaHdHjngM133?)X^`R%9hm?wu1Jt8NkG#?}m256ug-His&Xb8fB35pKmA$IUO;XO|QSVv%mKZ^d6(~ zRZl7v5#RJ4Tvr{rKgmNF^z?!=r?#RX;Kj+{w_adSa|5fX_V4IrZwcVxkm=FrpFa3~w-qh(MSULCG*e35vrIAt6#?2$U%f zGoA`i7$*@?D1FZxM|?;kHv*{$^)CRc^j!nba7?8VvjMbPo=0OcHn{{QTW{a(*N6k}AUz7DiyL1>>!GcnL;rlTC0K{Ry}~)I1Hse&_kRI z1kshdQP?ZK>fCOev;~oAs)qv@kw~IRB4J21XcE06LyY7AZf?zo(vaI~S&|16%tkbm zFhn9yeB_tNzNcBos7M}iHlkw#$s`GkG;GSoasZz`J7BuiA8Cv{RRievr02EUaF|NP zWBMC{njoY}NEDtcK@^T>Kt~`^dDYZ{`e!`Sb^K^P>+UbV+s4J@`bS2lghrYW1L%96 zz-$z=n783)gjA*^ie?}%;BkyB1jdzSR+(TxM>7bWWaOoRuux}+kW6*swHRng2so1g z<*78Fg9)br8bLDnNff>n8xlzllm$YYD^i;mEU^EDk|0tBoB^^a6`aM$l!Pm)CJ<3A z5(akOl$RjWV4|ykPZ_;Thv>ucNDCH(9IgnfU{WfUGK;M;jT`YO;#ZW74fKdIorQ$I zrqXIa5d2~B7neoB_GHMPoq$4 zCEXVaL#=qsuUsItrb8njz()q#8VtpC*IFEpM}~JKDnlX*N^40C>?IHjhe{YDL(S45 zq>{3+?SnLm%=b(oW>#EHEm+nyitjXyqH_!cDl2TB#2^(^%?>$Jcx?zVl5Yi1lL5Ti z+uPaIqLQ+M#&>L&3=i6YDA1>D)6=e2q=aSBL6hBTszV%~Ek46~mdIREAR z;^XoABhM2<5}0&DHcKE!u>Y+o3TNLP92OjFayE3&qSB{4gshcdReB9rZpLb<5e)SR zM0q#lf$RpH1(+z=O-#vd!oyBR+m1`qdS50-nVK~X^4dn;Lrfw*v!bgeM8QNWii%s;FJccusSrmDM7%D z^lP@VWN~=e&<}4;&h?-2)UkK`*=;_Btn-dp7|k@zAfv^bTp#ZUK@Dg$n8LxX)_DClCGOg zrw^dD-Ku24kjY+EI?Al6jULNOS~LhuW4tedoylym2jGDJmc9jBW+01}6;JzgNc<(@Joz#Tzidvv$S>2a@Du6$_W28&#`v#)g@0xGPqL-|zGwih$3rs*3aKzD zv)5gbveF7k9Sf&oM}o(>#?I0BflKuhkJ1>8g3VFNSn409v?kF1vAm~CpAt10z(2B| z?u*IkKIOmNH-RMlz@nK|;9u;Vp;Sungp7$@6+7V!zvy;-Ci1i&UQFCAzSwBf@Ph0w#W?tx`lW425^avtoVDQ%*Vy4L&q#pVMB3#o;9m}RPq@)uDhT={at^@G|6&}X@jez)U;C7CGMJQM9$WojIE_>Ly44i_HNfW$}-c}Ug3CtmOahu zfBDi(_vFLJqjO(fs|VDvV*h7*zyGSX{xoN6I2zVS5rfub$n~ol_om!F5I&lkKE%1M`YsYRj;;UJLaI0sDP9dIrcyn}d z`r+*3>ld5aG6_@!V^q-TERm0@?w1$T+EFT{msxUT)Xagpdem*hOY3}8=Wm*?Z zxS8V)y4@G9je{3C*-htRB(d6q?>Gs+BN1T%ieiJ`d5jV<|meT+_SNH10jiMLN zkIsHNK5Xbn1OCC?c%Rl)`hMdk>++~XPoJ`}?sDDxG`ZcF>-Yk#!OhKFe;UkhZx`@F zzQnzTIG=uab8&L;{-{PgW7I!_5Jb=-N%DIA(zf7BwJPdTt%iZfTTMXv+i02%?+U8F6t%MED3qd6CiFZZnuZ zWTEbryX*f|Dl)T&ZzK{KRVU8?l4#CVG0kjDuT2(5qg{r+yJ*8=~rwBGOkGaaJyrt#lW z<$fACOV^+B!AIv@nyIPRbr-{w#sjnMqNk{OYiCqvhW3zNLc`{cFa#2pPThWXmwi6XnBWrM}y>b zX!~FWx;Kp{l^$peD!%tKTIeRf(sgLGBn&YidR&q`M)+q=TuXqFS@Q zb2u}^d2@2E^J=3@8`4|8cRT_&s#+kqy>=u`@QZ_XEo}t|y)s1(pU7yy4Mbw~k zvX425vpfqktknk@FY1>U2A{#}^}D&$&YUzBO4S0%+geGza{~)q+WCuY)u7pW@4|S? z^;x$ z=el*8%&yWJ*X6qz<`XFX3yGuouTY|3^=C!6OH!kilXI8T5@RICiJ{G9$afd%aab(k zl`<>a-0s@mr+or9*wxD&pf@jtIFC-XqCh;Ms0ao~b?)G{+)%o9cZ>RU_dH(klPuVY?B#G=!``#sG;Q-#4 zoOi+`arhi&|dA-SA#3A09Z%!<1jGyfdrAhc7@`h)lt*2BQsHjZ8M@$@~UY zFmdh*ZfWv#Be^rCsmaB#?$`cyv;rR(1c z#OJN1vTIA8ZO-G>mYlb$%B8;mYpyUy6Cmqd^Lx%>Shqi$Y>g(Pu;zJJv}(>JZ@&BL zWvkSz*^p(D&bd+KwKljl8*Xn0bDtF%!|iRWUgv4ab9=5#;nrPXXLwJHOSpmaE;rdn^+T;-}QDS;H6s~o2Bv#SHG^iom!3WvV+F7LRFpw}-pfB10z@#6S& zYt`z1siC?13^Yz~iqAQp_O}}uC~L3rUe1ay@*%Ajt4j@(+EJ2zTk#6&Ae)vuIb&f* znPpv;5vtK=zupCIU9M*~1$y(Hrp?%gjqYsvKaee>MfJTZY>$ z(rna#qEloj<*DF9tTtq# zRPq*8of?UCKdGm#-yDG?q)%RFev)opwu&PLHQ6f4Ps`3=jome;t*YKS%^I!ju#-7g z&x5Y3xCY4cS*pHe4^oltfMQ)KHZ)^lp0X!f&57-9?QYP*O^UScz}Hkp5H?15aq$vf zm`1|j_1%DU3WMB2$k!1TlBvj=C(h?DNKjAWGx)-)%xYh%{;uo za?8IqP1l;JwSu1)4@G|lNm);$H5#<@OZxU(<#>r-x^zB zi7lHJl!7G_9jvmSIzr%W~D5*MQ-2q?hZ&hiTMx(8V}Wvo};!(Ty>rX*_`U z=Dh90Fl@F7?q^A?gHe8dq>9q2g7@pac@yCtR>eA4*Rt$F z&VXK{Re6l8(z-+`Y*x+(>%myZ@nIdFtc2t$IV)5nbyZvj)`hXmUttbLDO^~E&GHyx z>q$x(OfDp^8djQ~=Q_>Ls_{RONynX^5j?_s*#Rr<|9&n0<92^{|JnY3lBXuAVn~9_ zVR~MU&DSFKmCj*Ddv{>;j7L~85=;S-stFhLH?unGU;fP;@R{}-Yy!<}_p}QhWl%Rk zsRmvLNJ34ZG&z7z8+fgdX?*0yXRo}E51%#?9%ddZCOQ~Jn`w$-CQxxA>R{A5V z0Un|A!O9fD668F9c_sK@RAf5*6@zRsqB5s)E~#E+N&7y;dW6~3vz7HHf7a0d4-Nyq zYW-)guK)Y{{hjCapC@@9Q~$g8sMG!s70ERIDGxJ;U+aneKW{B4TY^ahoze)$<>1?G zICHT}ZCFd3>S8DZ5)}~z1n0^I5++f^uTC>KM|rj~z$^m0z%XSYVamE@FwQy}5d0NF zDh;5bMWq^F8X&_|!4;a2JBi>^8k)1)Hiqp8nM9xrLQK@eG%OFmDtK}@AM3XR2k+jQ zpZ0)azy&%t2NSnjY9JN2hYoDyyR;iwO12Z7CnSRFQ4qsC#cp`!uOYu;S44ydr^iJh z&5u$cb4~z<5utJZHQTn=3G-2LZQAkaVL|Y!yN-J=*6=$JQ#OEXojxYlHfr)-C6KcD z+J;jUF*UJ)u@u8nb3n>$FPa|AyUoNGzrrZ8v6A%sWB?my8teg^ZJ1@hca){qSp|kS ztQ-Q7Qq$WW!!<#vh(H&2`XEUTM9c*UVj^U#31M)4WMD0>D@~FJV`Pd%ZhBPC`aYG) zWVf_7dnNhmV;jEbVn{<1i{1skHn^H7!G69SQXyuIoLNNcC#^K|5i<@kG(vl(C1a02 zz5TOl{LlQ^f5-iw{_f6P{J-b;KTq^D?(w>b#vf>;UT{8#)DIR`4iz>XxSKCm9m^|A z>W^w2*!wFQj*1i^)sphCvewZON0&_#LShsD(+s>6o^cB{8CS4rhT6H@S&+o7E!e7h zk1jmxlYK0=sOpSax)!Ag`}{MM4l&N36sqr&SNFT_zqz$^YwK%E=kNclssCNbj{6M* zE7$+_>-+!xoxSJv|0j8t%>V8bS!LNck}X)>cQ{#i6#G$KhaRRz?j2*OqJvsZ;VMm* zBK}b&PZ0sBwf5+j_1@w^aPE$o)xhdS3W${>!p{*}{$NkD{`V&s#rBSbN2p`f{_kGD zzW%rOs<-{D|DWP%!zob;g(6M-XojiFul_+MK-n4?&nnUcCmkf4doiN5E* zIlnkpT%gy6LmtPR!B2z+_2pIKed`a&rT49`;>7#*zq~g5LsnXcbn=Uy28dsBVm9Kf?3UX;dW#CqFyU~_M%?rM{qKJVoJk&`r^}g3 zj7?UJHfy;bRs)J<74 zeM=N;+ngars1Q1xBo*U2#Vies2->@TC1{wM=Sy+K10E-wnK-gUN*+*itF4jkB5tw4 z%G4#xL2LaA(eh@mBwLX WKhMt^&wmF10RR6|A_>y~kN^Nv-~s6X literal 0 HcmV?d00001 diff --git a/released/assets/rancher-operator-crd/rancher-operator-crd-0.1.000.tgz b/released/assets/rancher-operator-crd/rancher-operator-crd-0.1.000.tgz new file mode 100644 index 0000000000000000000000000000000000000000..0f8d47a985bee66d4d12e4c831b271f34998642b GIT binary patch literal 7035 zcmV->8-(N^iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBTcjGqBaIf<#boSn9rnBAdnY&Cf(@i^_$s5nK*DwX!d`*!m zNjb^v+5i3=Np_qMiysmtI*EAEo{4P&1OX5L0Z;-bOOz9lqXaGFgvj*Avn5DGkXezjRca$UqG%&F^CZILLV=8_mC^el^Oy4CNUfKJ#B~4T0 z?~;FLS>QkReuYDZDhGmhGwrxe-71aQ-k(Wi2nr|V&-eV2$n*$u`X@?71%H>Ue>#FZ zzx(IO@tfn5qZAd9G}qOiuIee0FPkZnvqEW+U7-?%BzTT<%4tQBBLmF!0|+N4N3nOZ z-PkMt8nc{%M)f0+sp_l4TM$=w|JJuTzDtyrlrI{7Oc+J3r${8~ z&yeB0d44ZuNCcnL#lFcFQWW`}7Pz;J`sWq4NwT3&z3A#MIV&Wv9U+dAL=jO={dubi z)ADb{Om678nW{$kUGm@m9VN*c7)>h$U4JNYeteel@7N87hTX5-g zV&;;rLE|YQsP^uHENBBrbZf;Z$X9s}G#W+gx`8(L{WO zq>xnKwz9Y)(_NulQ-W85_24xa6#L;)q)BPJtLwoQuvZl}ezf)B0{ge6BUVq@k7wJs zp4HpXuKMb&D)NPd6sKB(#>HMgz~&>R5-6XdT%-If(&jVWZo5}A{Uzk8^GvEj=S*-? zNQs;@IyiO%@w&n%z*NTLym$A$5jqnD*d}&&TIgj{6wJg11kO#`4+7AMj8amoEc((kRAKNI@}-g%MM1&aLcetzHZiz!4AxOQ7J z168i;KMglXwvB-_l?|S^C;A35G+ji6gP_#%bb(x#c1Z_gP%TUIq<2(HAl1EV-+&AO z`;ajDUrV7-_6fl#VuXnzy_8~2)BRXjh3s0L+2(LwiOZR`U}6T$bh5b2lGL|MB}S8N zC}&ayz$cV1Olo60Ty9|=!O@ZuJ^3y;PRJ5T`*GHi1@AHRv~v7bEf;3k`_ zhY8*5xI{rk!xKkj7+j=aI00!0m-h?3(5NdGjI|kcP%s+!bxz^{E@eFiWQQA^yD;#V zHA+dFZCEcH9RORu0^bXX!yYOC=~E4R33WjH*2qBocq#4ND(=|{A zGs>vGoz{8M!>w?G!;}ES!GUjcuz$6APl3Uf#`)KBzG0X9Ab(+C(3LYVILx~Wpdl?C zjU0xxtqO$~o8-?w?$u$mKWqy{f=n(?m7)v2oBrZ_IEt+^ zbCzsyc!P6)3Gph1ezW>|q^c(h=j>T=;s(Npx~;)d{>W-r7k0)3SxvQ&urP9#Yjkv` zCe|cRk0oq}bLfOFxR5wm3sz(}f$!mhrCJtBPf}b{f|K0hZTn2^6mopQQ;`AX(c+04@Frc-F9Nwkh^jy6&3U{1!>$dgXgj|FA8+StUe^Y?7f~ig@62 zi+R>N0#R+Otn%p|-5dwJ`QC8uBt-^>^2&Pjw8RYx8Qe^yJs6xg2h8qIuI(vy$xFRk zEfh`!(Xgh*I71TJj?Nr{8?K60;@<@-?YfWd45APuSx$tEq+*;XS%n~jkg=R7mVFT7 z=6S91B@TV}oKj`X1ahUmB8qN0c`%gP64G*B!ghq@xPUoapn)K_+#e?Wd4hNFt;b4# z2q-ONBzJ`J%6P!ZoY|AB+zp4g{;esew_nJ0$yOxT0`iFz1y8l4`GnZ+6%((M(3Iu6 z9X%y~Wf9%=bv7xASf*L&+m&u!N)Olg*tnn}&Vsrge&R4=5_83CDs=(u%zA2tOuDO? zq3*u;5{_M*L&5YU^657hEL!Yfo3D@y!JKX}UfPM(-Qc%WMpQ}T{j^p~Tb7{OP?io!P4Ui4VMH+Nvxx_Vc zJ*9lX@KR8&KLTZiS%JCO%~okBS29J0#1Kk;&Xt7q3adi?-ua#8r{>y1XK0D5zH`~W zq(y@%FWu~@nZp_`MV^8-Hs|n$>mJZzjPk{|3WK0$oGS)Ntqs3%s1q~o7w+DuBtFNz zA42DSHEOMnKLRNJ`uYAE5p~j5su2U1w1zDl& z-l?j|t~b=7Tf32QbtxEaZqpU!?7|x@;Z!#FJAK~%M76vReBG9z-4vfaHXYtTUjr-R z0R1RM77Vbv5nZ<=`UCRc@%9RhHJIL5_+e6xm8sWw2P_glOFnVpzTt4G+Z>tig#+N@ za{rk4I66r(r^wRye0A?Fmjl_-iZHf<_Tdon*wSry{o`S5EfHJ;<<0Tv&iEw$yPMKA zRrbWxq0rfG*hWlL1mS=<{ka}ZPG5BRQjowQ~TLW7PVfc?rI zT&oWZl&0kUwkkCoOS&Iub7d>+_6DB#ogFzyP3=k`@k*t06}QCmT&YWK&6W4{=!;;E z=UUYu?A($z-B%<5$ddBKABLvCtuRRZ7%Qb}<>m_Xi^I38im>mA@d`bxYE(AXZq!kKr6n;KU;a=29OLUx86>&G&wxo=l&D zJBrNXFFT3Mv+>vNZeJrv&ZbhNM}N)DWp^|zob3-k{`Ls$w_t#n_xJdD`m@%rB)6t~Z`(?+h zhv?CytzC1fwWPB`yHMM|=%v*nhH&CTUFs%DDz5o8$n^Bm5~3aLt{&|!_tda@w6ZIF zkxE)5i*-ORX=5KI{^?`Gqv&O!C8O2rMpysbyAIg3k)0OVcpWfI+KP`?eqIa&{WA83 z$Iw%}55Zq^!~wHh-=5q0!t`?)gDEX6MF5__6VE_B{ceB0r(Yx-w`p#9x9)`on_1yt zl=Nsc_7m*ZAQ!0r`s?#}51CwF)AZGo!Bq(`ys5MH#^_QM3@q=j@5bwjLyVV#EzwAN zi{LqHl&W?)hB^TaDt^w?290mup26+ug5V`eMU_UbBW1nD*TFqyQs-%GR_sHEx^foP zSD1?!YJkeBlT}|A4UUx0g`)AXSW~wsY-~MLH$;q*z==G~1vQk6wSu4cs-TybJL$Oh zOQFKn(z$PaY^v+12cP5qP!%WlfGiEmc1s=WZOCdF|S0CvbLj^6-NP0~6spHX?6^9=D z2^XWPoky{CV;ekuNvcbq_~>kw-$h#Li2E4>8l_=b2{*P`5YgetmqH6Z#=Vj}eFh=Q z(#p9OGTtp!{C#@mEg5nt%5R{h7XC%2n%22YF_TRl3$1ozu#7q9CAa=TJG|=QQ5>}! ztrOAe(JEoC9zIE=yAcFmpTyGL@JTV%9BF z@z`SLVv5}ub!#Z_97RL}Bd8ydAj^5i{_{A8hLNM(h+HfDni%YJmu0Ebbj1r>w*70Z# zwn8K6(HuMkGvPiKDvw(1>qxn^%9kkd6<4<0+1ZSe+nA*&k5D-bPIgPMjLO6gUvk3F zW-D-!;uKlc*r$mkejV~0$>u;Vj|CbCWoZQXycd^Cv8IOS%{-tOur2ZwG)}byjf+O} zzzLR%5|x56$`{`%s3tjemQYvKox#mF4r`$Gv=*87QV@>n!AUtN%T9P9=YW_6DdWeh zVuq5VMrBCNw<2pqa&srua5HAx`%wcv>%|SD0VU>)5@@802NY9O<25PTX(8>m>3yi! zQO)u<--|Mv3@bPjDGRoL#t(Fj1s7XwDFmAQUcX!GR4;3To@%H7E(@ z3^>PEPJ~PsO}N-kkZ^Nlh2X;b4}hq~yR(ha)S4 z8Jc>B`aU-jlHWboX^uXN)N(Hsj;6VggRrO+rX#|d-w|=EOvwOBEl(H7^=VDe; zRcd*L!)(O{l=-G6D7fEESvH{|4Ye)}<_7#$o_4jfa6U(3E#B!Toa2xm)em4zGdxXG zd#+|b;Mc&4!!>Dx=`V9ueJEM6tjY0)V*fgFiF10>B=g-aKXOUepz*3M;A@c6PBtl3 z=XD}xx5LA3+=o+pg*2qR1qAc#Ia8w2Lhe-}HpVdgG;v}H#UWQqVayB+5$!P2PYMkh zOH+f+DFMBIwN^CjF>V`(#EoWkgMnsQHJ|5ELS0R|-MBBNh1!UXnlx$|7kg#~WL4y6 zRbSRYgH`BO`O)G?cS+T(oaHsJ|A@j~-|3#AEm0$Pc?8aVO7-@=;}#{pE#B(D3t8!f6D{o6~n>A>Hr9NW|1s0R_eR9+uA5vfxj zt!OB^)ejDjo{O}_z)QmQ;i2X1TW-)gm;z;=b_xenEZsuQ+nOjiK?imXx9YNB?4mR? zjmpx^{D2~*`jZ$o`s{V4^cGZ|3z@+IMC>xSId$pw=o7cz%v%SqdzpGlzxRN%t2XF& zNAjwIycaxt4IPnDJ=Hc@zdt-5Dj4qM?9dFyy%)VKSZ}0i_nrg8HF`CkZ@ni;yM0ME z7D3fM99IvloWJUr;~6xA2-nE< z6=?iKGaBX^^?3yq{jR0@4P&`pq4bLdD>=bQ7kMZxe-~m_Nag$tsc+b_9t6k|UE`wd z!TjxGsqRNr1&uYTO5 zwN5)%A2^Y>RSTgAMLwJIh{&ZYqe1j&cm~rK)P?O5mtNuR z&;iCS=+?vc(e6jT?jGPwx(7KE$9IEF<4{)8I%-;v=NRt=R14zpKGwrAin-4i#k?Me zvXWOQ<}^jFsdj!{Y&!ykq+4LS8aQ^|MZ{YKopvJ-EBS?&cEhJ?`tgW+pWjxc#>HCG z3`Ozm$lY3w>jPsZZk~-akM>2|X-50v(FCu^zG(HcPWKi*i))d9WZnrh(NNE0jigkzWBHGI+iL|5>DXDWo10x>M!znc!Lq#+tk0xV_?0k@t+IgT3J~ zUgnLLc`sm<17GGvRfkRri8ULU9-8Q!t0~I$a8C;DAd3u|pA88QcGQ9|T0guFEjS0t zrq_^vF$#{GVYon!5;T_bPx<0r!`JR}53H>zpGzn$G@u;i#gM?AbagJpO=HyBMO%-` z>qU$8>rh^UDg`TlDYC@0=;+Ula`~b;c9hFD(0Y5r%=R*n**38}(PLetadGBnayrg^ zt2AcKy?Shl3Rq5guTK_iAH_Z6jqL%0g1L*uH40u(aJsScMo2Ip8Q%OU1_AY1G{0vT z3JwQ006TDCAL|Er2Z1!m4sl=uY!FI)F0MHf(EDrjL`Y1VJ5L4$a$0Di2pH_TFyK6sSfvm8(5FiY!RWa*da5g}O5}XaVDNT{U z0I(!S!xKiK;Y>I001dLd47H@h62K1wiZ3X?xip2b0>Kd}GC`ncjg*V@;z7)?UvSmy z)V-^}`VH*fEr)B$Q*o^>ha{oVEiCedgw*&tycGwV50y&8WtBZ9{_t7%jsKD}=-VxO z2=^}`SG_9=k>YtttP7quCy6@2atXkt$WY^_Qe&KhHooEHc5^Wok_5N_Sx6vwiIR#C zuR$!hka!N52|h)08wAf-jcpwc$-XXYXdm@y{7B*)C31r4{@PR{Axx~LkRj1xubgz& zBN=G2{BV<(CL|Tjrky3K=$3A4eP}p*V6sFD8i>~?-0E#%OBmKEAJQxT&pGeWd%@<2 ztwWIBLz_3ls<`zN%&__8DZk4NM>;sr)nk2O)y@ik3aoH;-h-jWy;}&m#M;43aRE5r&;G~e{dC;ix?B~>Vg-?K~{26QSpOpq(JRnWe2EhWk zKF6Gi+oyTM%`_y8BG=QZVqxE7oJOW=WVlU&SHKAcua(RbHfd1lWR19NOO(e1v}Slr#gWRfYWi{CIH{hCJ`=3Swrlxq`sH(VW1Ae8KRDj# zt?9=8uU1rpdhn-5Y*F`;PM#vM>4#tMOTD_w8s+LQIV&Wv-7=1nL=jO={dwC)KP~@O z%pR5gY$PW6@BfY}yO*Z-*hS>XPcJY2d^;se%}FWZbVt*7|NIsg#@&7Cei%8fqX)C`#prw~ z7;4ON1{zI@-$yB535H)cb3V|_4}k5|^QI=GSKa*N0h&F6-K+p1r%lbs8x=%1|I+g7 zW&yQ6Z*ph|Ti#$eRCJ#Kstpaw4-3r(J={3kzIk4Wex6aDQoaahpUZoSx)i^A270N( zyBg>B&w=+f?v2O6c5Qm>Dc zVQyr3R8em|NM&qo0PH|UtnfC6UdCMfzZrbTgZamXI!xU`unj%$_ za+2Az|NS0GcAO839}*=xiTKc-iERP|0T2KIPy#1QloOGo1TEx*$n?jvB}jdI3mN+% z#CY@O&71%E>8I-dZ{ECl{QoyUpS=CyrO{*b&00^KqS zr9uAirZcR^i+d&mI2Rf;6!XZPI1HrqQc3h`!mBwuE&m=Mgg_H8Z}Ni^8fDS=aZ9vK9c``o}BzN%Ks4KzUV+s@kS#r|D}#s|5By+ ztxsmC;pAvVdHTLlRE{##kb;I%iPTaI_?#~GO}3Dt$nUhky=Bxtudq#$4SniGSAWS_A%X1(ag-#Ah;r)BTTPgj ze=BBkL(k1rHNx+c|NQqTN!Gwe zC6zI4rt?e)hQObEzRJ|^cpDz0RWU=!QKQ=Gtl%J+SS%=Ce7(*0?Q4=yjoIE08~|HD zJEIO#!tIk!xk&NXQdRllZDQnlq^PLGbV|SPWivl2uzdg)q`@SffFqGc!+f|m?3NApNA*CjoUmhbHdGYoqG<5-N@i(FviR% z9}HHhJSsb<=_qLd(YPt9m~qqw9xx~@FI@Uyk^KsI^9@+M0y$VWpT8|Y8PK-i(&@y^ zC0&EYQ$kSf-37RIgz)y?gpZX_zFoO zslIJxaYd%PLb;{{uLSGCYcMGG!=*@*(sozZgDqgMDs22{>%#^1Z%aq4p0Xd$wsAeH zccESN)jL(>3kfMswFHfey?%hrM@l77K1I1k`B|jRXS&^XuV(s7$W`Z=RE5r&;G~ce zIcaoo>;~d>g-?K~jK_KJ?tLS4CJ3-i?C!MC%cdxpi46#xq1>=$_FMOqgq^1J)_eZw!N5JlkHZOsf+ zxvqaV+#uOD2GUeEc;24q8_3Xf5fu)CQp?i?a$VXb9gIP>EX|YNQ7wT~_pW^dG6d{H z!svf3g+kdU1fz%%CW`b@iZxC5V__AtYjtLu!+9kxXWD{^88Fky;xbE8-!hdLO}3$& zNfiK}P`)s!jqPx`g?R)=OG@OC*iwzds0Mvq#IY&Fy^rCa%YR^1y?eY_c9E zbg$zQ1r-fX9Fbvgk%Hj_q#<11FZ4pAu2?YEX4FB!XyDg5i37Nl^%#&HZgB3xz+cuV zC2h80y>N5@Z2by+FC-3or~ssAReD%$z9@Aqq>)#{dQ6YNH(MM%g1(5c-sb3WKY%N9 zXJBw!CjJ0qCFXMzbhiV4->m0_Y;<5B&Th^F*gyNnn_O^w8V(IJ`)^e1W*P4`_Z4bs zF$7yoegzso(Tq9}#A`F}=KWBRm02#jVEw|=14`5C7b&u-2A+aUKYa)& zU^enG0qF-|zzNFf%8*+XTC|yH4wv==F@qbL71^hIE50fio{1uaVCIr$Aa76CKpD&^ zqxyDQ=SdH@!VL~n0t^QSzRkh@)#g0~23s2EU(5N1UG9VYg@Hj=&cNU>?<#hF8FTxi}T?qw$991 zvccgE&iy6Cs~Gyt>g$oJo+zBNXT^yd2p{UU221%Pt6^Q(853kR)k4C;$XTw@(V3c9 zlRQ0^upQ2!6T09+;$$sYk>LcshYOZ!Stvb8aZL$Ma*Ma^GqqFHC0zU(3cZ{Z(l}Sr z+x`%k%q>^E{Q*x!29!sOCvL!-bVr$wXw3wr+ajB9Ps9Q!?}|b85qhd>(SE^Hz;IqGm-XSaN-;=yFaP-;s^%Xtag5t8Eq=5T=qg4}X{nDplf-odvXEBzs$ zw2+b95y~s$0Vi{2Pp)z|9OC-7rkvh>A=f2akzfnRCsGtV)sp5DV!KyNyiP(>mg{!( zl>C)Nbl2C}q$pyUW~Faex_K!*T;pTof`&K?>U#Kz!;DGH6|bq(1+X*gsTDHmu4ab1 z`{GMDc5w~`)04=j-(0Y0v4d^CLM{Yzy2W^DCsucZ-%=S-C5`vfS}ko^f@+gbMmd5! zEwoSs7|KhK&|G~PuFgDuIm}$Ro_eLf0Iqn_z zEO98MZ-wlD!9d&9P?&6?@;s0V2~C?LNYAZ>LNTioBmz~eKi5uxVNNwS^%v}Db5?o5 zm2Cz$(?Xh)*Sr8HepjJBN;Y22UdUrGL;`1#D=iVSsuOzU3%&?7W?Xljns_eA3T5|B zRZVuip$^^Jjf|^H!Dw@vt}tg8-e?J@vbo>s^Y$mI<$dJqwhZm2`0TOi@CN!CSP=*4 zFH&T|0J|H}bxWc@Apae2uh3Y7>5YXSCgoU}dX0C$BJs226DRH)4wt&kk@;RY06s4F zkBN_?lO%JBERD}s_ug_jkS(nUV=HJM4k3>%-GIUd~^pTvK6Q@WKf417Fzt?pMn9!-xR91y2J*Q3eliw<835*VuN=|8J_u0KSa0!-p;K7OOeCE+99Bq=z9c*LL#JJIJ4*uS0-1*EXKxdz<#{REk{~t&=CZ%U)h6e z^^t+nlziA$rG{fk_XBONY=zz4z!Sf-BL}IeT?r&!sdTR5mUx~kb*Zhn^1dE@5zO&i zs~UuzThgZciX;G8Qoi`Z(Db(z28kbIrBtolT!DUZ_;z&>6NUH^UOoF65x%=BXoZ7Q zJ-vt2+PZ@GB(?o0Om+8`Y)lSNOOV#)LH#1($N>cNhv5uVC!9T3q0%L z<#D#!DAQf^cDN*p9)`N|7eu>mN%|GU3XAwLoWlv6c*MY5>O?jNuDP9&cM%8jUniPA#?3ncs zJ({$&YfiP6bXI5=YWo+xv|7XvPJF0K-6ToHHNOU#o?co)w4>eCquu468di^1c7-oe zNsDB$4(KIq?8C%AeQbCXy)3k3w0hm>>Ysbp0lPM`(;^$M1BOXk@$t&fi-DkD#@_H4 zdW!cU_-l?hV3zCKb6a1SelBA$rG=#kz!P}l8K|eDcwKRb@lvoQ8cA;v zJZFtk)h@?SC!j&a&zahw@$K6)xIJAEyhN#}(#UnBtk?KDxTj3&JdMqYedthE&Z7DX za}h%gP+4`d>g%Gxk@C4vG(Hw<>K28Kt%vG{h*1(ak*B$!hLW*X@DpDZ^zw2i9ru1I zRM=WN_pOgjbshEKbKD=Q;^ZEXCFG}tUY=7$#2Q^RsgEbHoqmeSO-1@l9^a;+oN5YM zI9?<4h{)d&kDm?qUhwj8vGk|z8xyC%qnCXtqz3ltBVA*tpd}hfkI6oDJo>WY(1SnW zVpO&BD7J2FgQqV^b?Flyoz3#QNJ|}YKVv|nG%PFO#x@HgIvn{@Xu-$0SCXgCAVgVO zIoCqQyQPZ1Pp`ZsLoP-64Ybt4zvxucI+rPCvZ-UC)ou)yG3UJG)<0;6S3Nw6qjsZp zB3eCKCCt^sCy8`7g5c|uSh^cNDW+Fm!F5cmFpY zTkKp+u^Xdqt%h#_#BOwy|Mn;+t;-{Jqa*T3w-X|1TRgEFu@}%%3n%0G=r}s;PTK;F z-H0mNt;;udBerz3D(={g_~^GO{n(Az__tP0hi_YYV_4t8j8>7?7(Gt=cs(cT;cJD_ z<9vc)&mN~jxuyh9N%au_SFu88Ph_|n@*<_k54V0ZN$@78vTDOVMIyLM%~3E^eKnV_ z&KfIWL)={aU5MGO?RD2)?kyHl6b_O4=XPf$aY2=in^dil1CLnV8@r$7_U7>5?+xWF z#*Jb8>tdRL{iV}B5m@1E`K_2Jj9rV0iK6Rci1B zXuO7~R!%O3Mp8OA=hb`bqY4>S$i1Ny`^ZaN93Cj~+7vA$EHL&HI2$xBBcGk>R%wjd z&Zsu^pT!FxE_VelI!7>eJIb*QxP2U2L&QS}rX55Z?!$O-$yL?W$CHRrLKNRR9?ij4 zXe2$FgNI-y+{Z%YQHy;YDYsVn5+%Ok%9cAjn^AHbvlQhKDu=Z-akxcSCm4YZ!tBJ*Af!cjdqDFiFb0oE z_bj<%%<`0!9N6h_WMwcz zQ}0mU=SD*EyXQL1(Pxob?xn)fG#7FZ7L~$uL|F4XB5su_89=G!=>oYvEljr_E?2rr zEzfY6t=NDv-_!&J_q!>}CN!j>)}_JRfZxi~u67pA=SZx@JN<-n9P*?30jz0;r)g@> z)$9lS8d!0-CT%eNWzMP(B`cOSIo?q0Uq>!+PH&oIzT4$TF6kOHUeyJB4RYGaCZ+1U zPQ>hXc-W2maB8oRhLpE}V4gi^N>p0Ny-LK!7>1uFPAs7~|p+RG5 zYS1|)p!cuViiSPLZ3B_G(X4JT&@8Lw^E^tZt4X&T_rF}-Mr-Squqwt9kqisW zR{9tgnv*#n7UVWi5D=p6XfC=lomEw>iW#2fjW2+@cp{Kyw0dQ;_Jj%FAe#MN$b-#C`MOCAJd&xE(_*<1@d-@yoAcB|5>mw&3b?T!P z4Mn&5!Qs(!k+v9kNw_{dw48m*4O$0NpzPC5;ed*zTc~+k69p&ez^>s|T^5X8lxC(; zS-P1YP^46U62nHHz0Q>0f~s>NGdO^VT?RL&F5Mn|;?|pa>)>@SQ%~vl9&mQm2L0|x zUR99yf`_l6BQmO|+9vDwhv!2D!=0QRn&G(jqL&5hja2R4b6~heug3GO_atezFUiIt zs5)+VK2_1;Rg6x{YrVh#MD=?RAxXI4SDR;SzFmD93EK$Mm$3diu^uB$o5%LSr6EY# z<#{g0uJ}(!r+rMi>}7I~yj5qTHt4q^bUiw+yyMz~(cYJ*>(P?4>oJnO9oant61y?D z;wu!&UrVJj9wv=2+t73*XCq8sa;{O%Msha7^dn~r%`|}H>VcK>R~>UagJuxn8o9m# zjh|>n!(5|2ub`sewN$@hEY~ZPez9OBCphUM52fYrLd*)OoSz}}4O`ZO09m4IT(muy zzkN)VHURWNUJ3f%akXP=7lnP;8hFgaYo6-)=cv7oOuT`U=yH)xkra~Z+e_=!kDIjC zY3J%AC-SyxArzs=XHy;#xpZYTh#n2EfK;zG(YB*ypYNu(4fX;mG9!b!uwCNPE4&># zz}N-ddiXxt{pi=-1Dr|sAZOzEZjfml%1T;CP3!R-d$IiQmc#ELZZUkZ_zwpv-_*6|l9&zvU+p5&KSZkW0 zD4rd;Tg!2MV9dnLvytY}zGyqmXkR><;1$^yt$x<&-oj^bEfSEt#kuvKwPLn`NH^a2 zIKkaCusUOf(kL(TE8s&0&o|&dixe+~)Pq8Is(d~ZTuZ@Nb5|U6PqM}TJS~dhu5J6=Rn!? z8uBkj!ErMT7sye9#!~(%U)*c>+I{YUwKe5)38jSwl%u>D61bDD&ZW3%j9R;B>rr{V zXt91B%4<-iVC64GmY5bD{kc&tUo^*#a@hu2Z*Q2{UIsGTCYC39tcx@*&iqVH$GLBn z#;mzlk4;el%PH^m$%5^pxM#evJz!8Ucd@ue!3zpbH+J3#3Fa4uH-CyjKz$a?@7aZd z!+{OJ4jkAo^#iqJVR|+*D3A|8R@ht!5C+z&nDs9>8z4go&Ia6+rbu7_ zSdydR38T<(rki(w23cN)T2f*O;D-Ul7nI*zn!;Ft;D{8NAkec$%0+tdAZFMvxaxK4 z-qm0I26pe3!!_lpxK@`#lF;ZD7WqO#YJ45uii6FEN~Phl${rJc_^kWJf5{p2?Up@+ z`2&JtC0OSiQ?G#oxKS)v6E#Oo7o^|r7j4C|B+>6QQIocHLxU~|OQ zAxQ6`&6{CW-1-S-*!=R8-{poQ9USQDvA(csXN7MAE1aG8V5o8L7D6tub}*Bitf1Q6 zDDBL~jkcdH)l9WL(s3qLp>rlUDP(ybG^#xNIdxs(6JRQT#@hR5r9l@DNYk`Iut2WQ zF=yiTY2I)%4GE*j^|Y#3*!LKxk?9&4Zj;~@a6-XrCG&($8dSQOj~OWaRRUMloL^~E z-HC&Wu_&q%(ziSXjeSDNP^rcnyzbLW1l81cqxCVzV5idm(| z(qHSWtUaedv(k|W=@VVmB=vg`fApvI<`hcSC%b=DTQsSwwCWEwsyDs2Or?b^IkEoB z(PT0?y4SfSft=!vMqbT#y!w|qrsBu-$qY4|993;qlC!GY%(mnCInF7sr1U654e7?i ztC7g1C=pi25;$3+JSLzu!(%FrRE|~CkNd_+^<4CsU`4iF%Wu;!pQ{_&$Z;J#n2j$+=S#s* zW0o_}Xj1$>O8H7K{JNR*fo6UHY^R<#H6gv~<|hx(>=Eo{1qeB9YDV6uAiDXNmR~mu zsP%c1Lqpi|2E(DE`wUQRXi$DwXg28K#@Y7G^GfvdjPjK7ML7Fh-c!`2_}w$mOC8?T zIKO`me5i46JPx*N8{BB$0G?Jr9gO$wQ4l5&v#<4KyP29USw?SS^d?4c;vOE+y@|(K z_r3eE_Xu~VbFWgKRY0V(`TLaePKW+pitlgw+kU?N-Hy7=R~QFphDI XV;tjn9^?N500960T!2)b0Hy%|{j$ob literal 0 HcmV?d00001 diff --git a/released/assets/rancher-operator-crd/rancher-operator-crd-0.1.200.tgz b/released/assets/rancher-operator-crd/rancher-operator-crd-0.1.200.tgz new file mode 100644 index 0000000000000000000000000000000000000000..2550ea820b8c72e0f4d5fdd4994c9b75756be5b1 GIT binary patch literal 7039 zcmV-_8-U~=iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH|T&yS?2rZ<%D;O*@^*jc3|tn1XFyQ>02# zPBMG;zuzOtj`LyhL!v|{5g*z!u}y#=00JNYO5kLPaw2k+poN?enSOu11gVejAY8I15{&{-x-O1@sKm72+cgaZ*=$26^ z4f4B_&aj>??u88CTxif#aP{seNeF0QVsT7BYlg>Ed{0nnI;WVvOE$c+_iIaUC@*gJekze6D4dj&@0pj#^ayhLCrU*H zf0wL(ID$OC|L4i^>G2OoDJmjquB$&?*Ha{)H&Z0%h0-FsMkNYK@B-(Q(~4e42AJzd z5Kc~xV()X)*em}Uvz&oO^*xcP>Z}Ni^8e%MPp79pKau~RPe=J5W;_%Q$SK}xMyZZBEVdKcBb6g5zX)ks{TkSn zq+Fvs7p%x?O*Bbu0Iqx^0TYUKYyH(C1z0nF-dY+O0cHe zIjVU!WZsT_-zf(XTuZ^O7;yZ+(_B!lAAciBc)=LV7`{tN1^?v3rish36zbVz)(Q9Q z!V`!>?wz&%QOQe-%`QCsOw9fdiGK7EuGD$8`@t3s8GIA`Tw;n`Q(!gMg(pKwRnFk9 z3WTb&gg1QUw|<%=(O`M!Nk5~?xV z`+);s3utH5K}xuL_9+)B{#vRkU%X9>T#pnLm6%THx4mrUi2TDP?3d7ccvP(h1BT>> zsaiJhYYS+NyIYP$UIYTuBzyIsTxsA0OFkZAT?}T(8u{n(NpIse56ql!^IYei17bHa zxE+i!Gs*{pRVt6l&S^SIT0k^ziYjItwSfl=3d;+ZK3HVG0^WQB7H>cf*3IW{3s45M zEx2?#F>^`Rpz(|lRC{;9arP!voEI}j$sp5DANmiE$KhHm5*NMLaH_Jl)dx=GU9P)< zXd=EsQb?-rT3K9?>8?<&DZy*Odhi+yiv4gY(xkNA)%9Qt*sBT~Kic|mf&JUk5v!-{ z$Fpr*&+5m}uKManRpbi^DNeNnjf=g0fXzorB~U&^xkmX(q|Il#-FB~L`b)@F=b2Q6 z&bi>EkPUl3YVMV(4R6X3o z4+_0Rt|@^gTgj&V6znIdW!+AgKg8eY-Z;%<^WT)=4DbYEK=uY_OCeUBfY_sUrAi`8 zG>D29K&O=@^>xCWE`Fi=t;;@OTAW1V$0hd*Nx!vb{!Hu_c;`i07bx=k`}uvtFQyPh z;M#4?3{<(Ue>dD9*)|5!R5p0tp6DCM&~y_fune=UVV*(U^}h!G}=^h$~~P4{DA6|x(3Zkxk-B`#;$f{7V0)5+p8OH$u5 zl^9L7p`1w-0H094FsY60aJhwf0!K?q^yHi1I3Y_Ujpx5V2xPM-%dpMueEcS^$A0q2 zgPUx!9wv0J;}QiG4bL2rVQ`Ux;RK{1T;4DALZhx&FxF<&LBVL?*Exv;xRmu6kR5Jt z?!&;J*C-`zwqd<+bO3Dq3VbUh4tuBoq~}$7SZ%&2bt9yaSHpTtPrx@@96f@*jIrM4 z=y5-QD|2UHa9bvR4`e0ga}#v81ApJF7lmweU?0zJ&I8y#`-j_HaC{yP4Kw?1RO@CL z?>6@}YH2Y9TTFfp8b8vEIuOKbGwih#r)9M!~vZ)51 zf=oZY4=7+Z@-YGFdtkr`%IV6GTNPTgnP?7|_5(44TbdQw#|JCEE*PGRB7|V(l4c<9 z&elK~%qXM!Zd&I_54XY%4pRaQ2M4~*!T#0eJp~3^8s}fi`G#HYqx^+|L08Ve;4trN ze1^1iG;$c$wki}}ZjwL$cu-t(2{O4nQ;IJ5Zu-lM z;V8Dw%vrL*;SJ9HCB*9(`pxR=k*c03oU>=ei5mzX>b3?;`6H`gUDz2DWHr@7!otW| zuF=t%npl%OJ(jQ?&Y=^!;6mbLEm)D^1ipm}mTFljJxOs*2~Kj0x9u~vQ`99~{2B_q zoD|YHSJK=55SYv@SG@fJPelflM~f$Jz?*bQzX;?GA*%kMH|Op454$#~qV489vdX7>a&sK;=6l1rlN1>k$}8*9(-Jo*WN-hLt1C0mhT3&}YdVdBK%!2Dj5fnv>VO04IJ|p*~7BUd>*}V=zPlXOSx{5wfZidgTkg3N>b2cb%Ge zA;=14_fAz!cDM_ z1h8M(gB$gMfzp(`-&UoDV@dY|ZLVyE-QK_xzq2C;si|EFBwnd>uHu$>o-1{!t-12P z9(@ta@m#AKgk4zDru&K{09jJL_`}fjw-pA7A7iCdt=wFJesTDEeHjyl_!3?{`xz0w zyDDgfgHt`dht%4-g7+k~{U}Uz|CVe_4p2*w*5*O|BH_pZ1oP!QTsDgP_HXL+96Vs_ zU2_XO>*3{bw%RDuUG#RiB#It}y7Cu9yKYJP6~qdQ_%WQr37mMuz+CD>;wv!9t@+-s z)RXB`a7U4O`ei4Pc`^Rl{q1W6$=Otj^ysg-x$KUHg|q$P$KM`-{Z=gQ9Z)wvn-dTt zx813Sn{m_`C1)ae=z<PV06*ETFaypt6 zd%x_M^$NyQDn0hyj%Swgg<-PNPr<(?W= zk5+btFH%X1WU&tDC2j1(#6Nv(coe-Xv}Ck;-RSC{d)EQGHnP(q8?OU~Nn7#p%Fl~| zpkKz`@ECfE_aXRejyPbJ>$?kEUzmO_V=$$Kr3kkGI&T@buNsi@M(b)>A<_&T_!OzJ$1&5C{K zP*={P`WkZ)Lk&<_b+YQ~qQQ~!xllAd7HjGjg^jI;>V}9>5;&2kxuAxUu~zUCUlsKF zawi@4ekoMgS~~Zwk4<$Q_26^dAFATy9*`yEXN6u~P({QVT{NkWC$ODAr|ugQr@*6^eJP{{_U0p9W2m4d8cC1IK6O0$ zs^ZXtKjC6jweu*pZft|6FG+Rj6Ca(;^7}|j9dSQrK%+D)E8)gA3nDrk`BG@X$GBIL zr!OExSz0+aLdLtLioZ{9yd^^}MfnZ1)WW~&RMR?_DQ2>%W1-b<43;tHyyVtDXopul zJc^@sqje%$Jz6Eq)x#%=bT@+F>yucz8$KzfyAg}P-buY3(RFvC9{@Y(#8ba^c|kCA zZJqb-0C?~DUBX*-B@=3Q7B57MZu^X`$&{7L0D%-8gH+CbobhIk&*p2w;w<-PDjoA3NR!)a+TY6(y-@%Mlk=GbKPWyN} zC+gvAh0)`DhGEYhr$V`=1kXtI5dRmkLT688xEk^zrN|Greltn%Hm9;`!#+hKxJ%7Z zFjRdtm#@wmD`7+2T>M>#*`4im*Iw=|7E%-rk@}Z*XC-k#m5!TKt&szdSl%1EpXK)E z@Zj$a@Vc;a&Nym?(^0nYSYsB4P&Kn4H-Xjikrq%oouQSrK4( z`T0$1@C9hRfv8qaE`>%?IyV>9d+VbL8CA%Gp%nYTOI#ctDDm19EhH>3_7gZ8G_E3_ zo$5|$jM~nqHuYb`3m`6c1+O|sFm^l2u?@I=99l!fLkOlFL>unIcyY;9)z!z7h*3fm z-#Q-6!B%J_J(`1uU?x1oLgi75eH|&cR{0VozTwK2dpny^au>4{!O3n3mQk75 z;Y&{V*=z+aQk){I8v8Vn#IHl1BiS6t<*`5mp)8F6U-sg1Dc02RyqO0S1GYt;g2t(q zpmEV?9yq~rQKC{XM)~4v1=S>{&JyaXx-+=_%3%$(p4KAsUJAldJvb=`W!VWYq14z$g))>Itqwh_ee95+;h&2F)2_5`@AfEjX~DNkMHL zyapw~oB`+f#)**Wq6ruKDKc6#FM4q~D;CXp0i#Ff3^f^#`qm2Q24Rgu>);%ex)IWt z`fxA?k4X0~#c&O5rvap?L^X)AN~`AtrsaPPm;2%1Errq?GW@(oDXHlKIULOLl$0FU z*>GfKFhf)CP~Yc9Lh`%kI?d5%ky`Gh!qGGrau61k!gNGf^E)DLl_?oOspZ)MxjrjQ zw;nE6x=Jn2ahR>xfHL3I1O@lIDa$4_q@mWO!Q6n~%G0iP7S88Lti?P1gmWD7qxu1? zX@+NMYR}c|2mBgXakwUJF#ToDst+YAmNhxvQ0!kvE^$t8n`FM*Y`4>>~?tAjr(wFuaJh6w}4pR^uv?XffE|0*uPpN)<@3=*YFS&ej zN`Vkm%IG(=#3J!cDV-H$<(gyNH!h@5T4d)CACv71WbrYX3ud`y90m`G3&-x5{o+w4 zg&%bX2P z(~&1VmufBo!dorjOfHP8@PGe0`l>AgQ!V>FwKR@;CENRfuV42n7u0AFyIGCa)-7RG zj3pu&7MQK{F)TDEb3QD{ZJ;0^MBC9^bZ0uNs#+B@Jj)wj0Cn+1AkAp?%4Y2e6*AmW z>gou&_gwEO_)mGH@Oz!7WAzgq%fkJN8HwwD??#KNM*sGbZ94F`D#!NpH|jwIFO}B^ zPDJX|M=KhNZuNu1qvs-RG4PUbb9iVu`<5HD4yHiar=7w96-&2J^R^}mPSAnfz@54( z7`rUZOrx@NGe4k6ss1R2jXrywDZK?%=R#(101>+kZqHo0J^IA0H}lrP>t3dw(r-QB z?5Yj=-I2ViAnyeaUqeS^R8O@{)*lYfhYE%}IXg7NaqmSh3)UN{+P&w%aE)G#=UeYd z(r#apjYUv(-0*y=qQ$EiotD>nfdPo>_aH)&aKW!P&)9su{x}l05vDI;{dHnJMw&K{ z?So50khIJ5T#jAwpN~%am~`38ObY6MKwFjfUFHhH_C1=-TBzrru zdj=$SV{pY+D3rgJN@YAu8ez7f=}68-n7-s(qnwT8Y=r4Y&K8E9b8|=6D9p zAi_0reGM8v(u{_=Mtxa9MZasQe#2O-|en2Fas)yvOOdmEW}11HhtBAp^BB-M9U z)~g>kX|2=F)dx=GUDZM;LXpp=JR)-G%4iTh8D0UYUTvanN6S9nO>Z0Q1yp2426bV( z#HCkwH*|op3%d32eYE?@ue%30lkP#z#PQuA(>Rosw2qqA<0Zy>0o8&yypQ#GjAHIH zMlr9)p{(Q$iaAY@YpR`J7u${iA?X&_t_F^scM(>pg45 zYy**Qyzy~@yJ=u`&I+YbUgp=phYX%?z<&}cUJ0oOh3-`Od@i__g0beVIBu_aROCIU z>0obojF)-iW!@`T<-nJDQPrW7LSoHEriUiF;A)C;J=~K*JIEq~=4V5~gB`WttJV*1 zLkrGpi05YUy3X-Ejs#hqg=jfjveK)4Yc0gFtfc3WVTH#PxM$9X^h8KZn>$Yi1#(tsp$Hi4 zx-j5Ut};-6_Y1`IGDsK*^C5(11EhC#K>5P-Y-Ug(?}4naxey=>tW`1VUvM@+h7z0& zxG7DMzyPo$N5d0Fq2Ww7?*I+5ybQIZ#1g;{1Bx#wzr8Yru>!#nDKbHzXN{DL^zu>6 zuwQW1>(srgzxoaA-Yth4%2RQpu7)I`(Jd_Ug@n}jI=mGJn-7&r!)28{CjR(Y_l^IO zGw9nbdkpt4Ay>UC3X$SPNvunrHz$cY!Ey<}rN~g@$5LZlfHuD2HgYOBOy$zrH~=f zVy~QZ)*~5cvixwHmnI|?&8D3ts_2$(Ykg=qd|h^<4A-b0%=!>YLTBh0Y**!^1+SINGd5{Z>1IA=p!63B zTvc;^p-pus4l2f?s7gp*^At4p2_-|N8gKBrPcIQvQ{Rp5vp?tYkh51G_cFIZ#2uLY z`H?GTl_E=jt+TTBoC3{CM@pVpgGC|RHG{#9+!q^{DcKiH_=^uaQf z7P92T`Y%V5$>iuk=avL=inkhhHQ({-U+S2O@7Jd@)Np!KwN**Zt8O#fj^`IRr@WHV zqYO2q8xOBWBA22>SRG5?WQp>afYuC;sW?(OR!u)18Yk6r(dU8{*>)|zO+SCCZfuj| z@(0Hoy*1s~|J90WP>=rfge~e`(#dlqHvRDHeW_P>Rij+}C1-^Mwp+$gk|-j|sXuMo z=%?l1irJIWpN+&M|M~AxW%ttb0lSDC`PtRwpFd8?60>`Mc%MSt5@|b{l;#t%1T%YF zTp@$WZg+uiRZx*tZ4>*&F3 zd^I{>3Wgf9oPkD@;`dR?*Mi}f&76-k^CMt8^}MMG=~XvBdw^z-U^gp3$Z1nE@-Q2&zl??!j?A}4i()OfNDd7^20*2K@T_1wr`#{qMv7!r<5gB{xI3MDmGZ0tBAw0O=ahFk^!HMHf79Rg^X>0;)NQ`%_z5>@cT=Y) d8|J%ljAI<*7{|*P{~rJV|Npy)uS5W*0RVEZpH%<= literal 0 HcmV?d00001 diff --git a/released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300.tgz b/released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300.tgz new file mode 100755 index 0000000000000000000000000000000000000000..073d30206d9e859a9a8096a18a567c65ba4c16e0 GIT binary patch literal 8634 zcmV;rAw}LFiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBRciXnIf1mv+xX!z>owj@Lv-0NHZtLA#{I`;Ipgo<9Bm=|BH@`qSHAPk%l={ny){-=6+-`u3l1|NZMv$*C7~ zLo201;-}NWSWgG{Od4X0E2Ic#^4&?2V5AV`*&B?MqVR_Be_#-bED5CVl9pEver-k4 z6xh4uzmzE9zYczdp&Vp^Fg*0M<2rdS732qh#^t+&5?0|L_?`2-ck!#_{oynXY_NeU7RQmFb*H%%AG=eCRFyp)RPHz0W_FkHZrFjCLg zi3W4?2;ubfB=$OYwS)U#L0(X#K>h=ZR1Ovd+Wr6Q>A!yc`R$Ya|L@a(|1$0W5N&^R zpn|}i0#^M?zFGgbtTx!@?E(~fd$J}heb>1ePI6EvMG93yq}dmkmQsO`Z(0`HZQ2uA z0It4>(zO0HqSt~j1>&63GH)c&Ecws;^QUX1R_~HGQXy5!Hv&+4f086yh?|FhtNQ}p zB~l5(vW_2PN`R?3U;*kA%3-gcKg$JR&Xy!Q)LABYSv>6Xyc*MBK! zDG=RF#7UA!%&V?HZ6#q^{jFSxc0Sv#8iL;?|MR~mNwPtdq_u!}P!ey>E8E8RLqZdwYG2uSDT`$0CdBz}Jg zhj-`$9+B%{V1R#~%T))z_CV`g-Ku3p=?SK5?=_9&D1)nmTi5rH2$Kpi4Aqtifk)8- zXeX;aHY!Yv?Le6oZI0tSpo{j$Su(u((wgFfXV$#St41^|;{cY}PFHJz1;*TTYmWi2 zdNE_Q<~h0xCiil}f?-v3$CtO`J~}{kAin=%6~!GE09rg zZ+<&Xrlx5OkmzGPY*4jBEEf#a3mlkw6&zYh5Erdq!UL9;ZlhZ91!WlbpkqWK$Ob7m z!x-ej6}RlYOH3B!f)X60`}w|8<#9XSW1N6&l!L9TT@dn;VR2umVGv!DF9DZ=sQX^W z(8%*HL2L+y8%{@XrD&AM@yg0NQ&!3JTd`mM_aG+mD4?&}=S`WN5+ z%k?j^EHZ&om@9!4WCxuirXyu45Mgr=8xWs(+HF6W?drOxzqnWr?n&0_2?*h2+3X=eS7Q!3c}g^n1lHEz^Tq^>~#ZD%A>@A{ceq zN+#(i(cvjIjN6LxefqUW604p}XGN*e0gfOVVsBxw;(R>_#Ky^q5nh32t2hB#jVx(m ztV@#pMh;t-V_+H%iQ11V?&pGh@6G%BY@1Dl=Ta_IeCti)hh<8~F1Egdp8EtP_nE zz{anj@1=mSN(G_xyv~_z%oizdxzO^e-xJdl_->11L}*%lX)AUh} z()WlWhC$5NnuJr|TbuH3cj-8YIl3cxnSaZ}W+6z9#QoU@5sDUs5_Las zE{}v8VN1gtBMQO6x7lpJn@&%jVJqYOOVwZ4;XcY=2n<~x27+TgTzm{^=_p_*tZh|F z*rq9d+`Fiz@6#k^O9>wlLm8x3^)(-Lf4RLq=cRLTCMC((uKTNta5J{a_4)kX@q%-I zg?JM~z8TMYxV~iR@33d2Ntc7~D_R59{=@6AN7x1Bcs*BKpiIkIw%*Z&oLSu+7|V4+ zGR6hWHk_6@%+Pm#&Qc{xsb(o`2!>fFMp?Bx)j*s0KRMA$xg^#!Ljqr*!{K`~|3Lb0Xtwj62 zGs1^}#{!UoS=gOR7m%P;2YAIpHu|gZ7^)n>C z?daUXxnV14+bguT>uAp)5|F^F85fa6jMYrmE=VuaSalT3KJXEF-pFDFp<~Y}k=jfk z+u4^`lD51N1)&TsE$bm{n@^7On8Sq>!oUpi!(_aZ-~+x=lGs6Vg2~t=t0UMlZ{`KHmSMPfq$n6s=p>cN$IS0&H>f7cpdpb9WmVt{r zTWA?CLdVVm@@8aPTRqR!@Fdgac!|Ek1>Qd4qDLP1kb$z+j|X~Qg9zp z@h9BhfcEaYGZk)>BsPX{Pbv~O*F|E*ec@f1% zXYj;LcN9n{Vip34Qwp=~c1s-fN>k!MU-6`AV@;T)UaJc;UKp;cjO9r{ctu$DQB!Qa z7X^tMW2Ho{?T!ND((v`>Dkcf>cX<5EI9x}v0C~Ih1)NGdq3LZ1Z>Pd=|N}HoKBp*7D|_&vTZgA`o|%z+&7|G zwj|?j#F~ouKAhumoH+QvZ0_a77hr@L@7cW2lgyYKciJ*fzihQ-p3QmfA^I9&=d`&P zBc9jnj_j6(g|+?R#@`N({a!5Y>`>P~SLTr-yVYr$opCgnBmj-~X=~S|+ChqBD;YoC| z(2~jOwVPM>+`9qP_1QZ;vhfB`nDpH~PWgE;2z1NX3s0fr_CAL5nk5a87wZ1PRF7+% zU<{xh;p_{^K`N9RpTCYlWC|22 zB7YYM!!-!PQ>$C*-l%o4PIu%U^_(sVLzH~CD8IXF)@RObdq$hu#<9F@888q?S>~{K zA))p8e&pI9j$&?^m8?>7ww540^PPZH22%?F_dRQu-%;o@1*wN2{+Lc zlTwSv7mk6@N7dKQ z=-BPDH&dk0+%cNhlem5s4=RZ9&3SJmCjCXQyY>xFqr2V>O=Ay5w$&~UT-A>gDalE9 z^^3!8sIxDLXQK^Wd1t3e`;6u^!?u`?Gu-1x(&DX#$1SLC$dSTz;SZ3~El`{EF#-A$ z+BApD9Q$n$cP2wPG_kJ5eYnM?ysli?W0`t#M$-lldElVEO}dK_`S_PTyy=5Qp)0ku zGqSo-T%ZiB9wvI+!kxx9Z6!4Ogy8Vh9p~IRF@*1H6-$Hr;f3D+rlp0u zZNz&V<76W$Br;Hc{q<=o4U*j65}S01mpu)(LV&_uQ%G;R@EL^y!)s)__PVYHPIWqZ zl97ydsn%Me)Q_jc5GP0>8NZBKOUBo)&!C`5R_9GiA{8(dsSss+89Y*P(;|({iet!7 zTh1ct1_~ZS3=mO!XvezyZ#nY?mn1$F8)BDV5L*s4w_&2xR0Nh5oM@`J_rgzHMbOJD zXK1)mAiP4wS*cbRL}I=H8%gSN64-V>Zz5%WJCASE z5JnV1id)_=9FdT}BdVX4d#_lfT&xnTBRd|Q>`N{bvWeEbY){wZD(Fc@GMcMk>yN&! zIrQi?T#SciSQJ|~w!t&jP8Cu8$d+tYJa}5Z?P^EFFsv%v*k(b*14psqinGb@l@#eS za8XuP&Mg=5qEzwM>6O2dR0v*u0}RRJFS`1pbwc-O^&c&3pYK|*B6iNXi9M1T`zN{f zN^u>Su{a=K(xtBBu6d!?t;oo>xm11JwOA9}Gaq!|RV%k#P}e&#Vef&ty7E3e$=6 z2MR|%aY_&yg5eBfUNZHCufh5x5=_RTG9|!{_eq5$fxChP45DX61T|g3Isj3n3aHxNEJ7!S^+~W;)@%xpP1f84v#)=C>Ajy zhVjG2Bu80P0@iR}eJdsjIcG$1n@0>@dU9mJdBhC7DLJzz8OeyrnQ`@pC7}`{3Rj>k!@ z$heNIJLSDp5cP#Ym+DEe6^2Eu;6>*M#(p8%A@0!2z2xj#n%*e3{CZqxnu~|M7YQ!* z!1EAwje6oSt`Nnyjwf@l7a7Tj=HM}y3Hwx7zNQp;8*gN>0s*i1X3K+}O$ok_c@^ae zDaXOdb_teInb_h>R`i){g_TmpH5Z-cz1b40dXU4qV4!ZfSnCXZhrw!=fMtZ;U9n7n zl;;nRZe0t)1yT3LV!)n=;3>=v)$ZMj5?XSq1&2C}P{W&s+KbP7aE0I-l6E_K{V<8* zw0%gkb7~CdO*?f3%OzlchkHvQXgtyShqQZKz(4M8A+3^GoCz==lIzC_!VWu>_9}}M zDVQsP6l9$&Wd&ukT`F}!SoXC>)y=5&eA?QSIlBAG&<2sFTZ1v;WVzV#v5nOt4J+Y9 zoCRS9qO>2c%LNDq3Z&-Fkdas|k!`TNBV=z{`y7-YSkCJr9FvXGXM~fDG8jcet$>0O zj5_DV0Y#_9CR1oKg(g#IGKJcfqq})2%!zno7(tUEHi9A6dVl(uNC=Zp&9AS0XgnJh zM4(Oo_BpBbg?9W0H#}5n5qBP;%%0mg^})(&m^ZK#AXi_A-a+hte!of(=iT1R@j(C7 zYyNRSO%8a!sJMa+2>0O9{lK#iumNr0+b?!1c=3T}P4ZSaSg7$X+fwUuO7!75-{2S( zrcjq>$l}K0s)}dKI|YJW+%uGiFZ{$bFxw!v8auRU7#X@`$2(Jmt zK5;f@C?xjwAauSe*?LaC2b^zFvfmfQ`L^m^P~gvd+#P{}wu;WjCVF1KF|^U&VHgEJ zteGbnQguoq!fK9rNS{gtZI#^ZAGVU6;q9MC$bn6uEw;P{@hPazlC>ynZXJi!9nE#i ztAHzPt|j9c&s6HmFI*|%43jfd34d^@K7nG=e8Iyz_P%P2 z0DmpWhET{Lji8q|dA>`U4+?88mEajNv~|4^%P&DimNAO}BT6t29bLzim#GQO8Zq%U z7du~Au&E%XcQu1f!IC1z;FV88uF3(IoTil8=RCNAmRYw7nlAlJnXda^n=)PdLr$5l zZJTmU`w?{uXak`wl>$k5%fp?-2W8yy^zcwL+QmEvC`|?ETmk-6ddl${#Ju{iMveKy zTXCrv%Hi_{gdjSnoj=S<#tVk%S-5GXXaTx+@7*jo@9|WZaq86&PYpFy{LN{hjSl+5 z5nQJtj7b_1mr9qMA?2!03p^`z6+4=K^yP@8T%ALhrD&n_RYttRX|tewBZV55LWJpV zJ{Wo0*3Pmy4vlr6$fCC2IKYbJaF(X#I-}#jTbxfKnzY{Jm%bvjuf1XzlMzNYjzYka z+;#1F%dR_UF9g{j1#L!u$37iolM;E+6cHV!Jj}+uKe1N|O{#-Om}k$K0;J;Npb#-J zhUTY<6-!8l3c2Fis+K-{g4+2LTp+mBXxMRMlwv3g^>v&v756dt){PQGm1mF zOSW6A%O%6&zV?WBSZDef)6JG?#X#XsQDtKkEf8Lp#W`n7qJ3<{yT=RcN}uDRBQx=a>+jl8{d2hKyiR*N^6jenSgOr9V7`>=STx`jzElRw$ zEiybdEx445=jSLsCD7grjZevvQ$s{Q3>^Y8%je<8rK72ed<0v^>O53ajF#|))Xf+-l@a|abl&5aa8(TMlt5=9(~iQ` zO@0KUHf)%B*zbuUko`iI_mXX1_9!!=wXp3(t?@BL&sT3l-t#p*CgS;@z+1%|ITAEt@z z#B`llcbV9PFXgM{+l=hROP0IwgGiaW+LF@%m+barC8PUi;1Vw%oQOt_2l|BIKC_{p-F|K}0Z6mOcTLQn%tfncibl0B$ zC5}GuanUI(S9)MX#R?id(o0 zu15lr^LFmNX1$m#(9}&4A1mCpzS}u1r2=tP)Nc`nbDp>GpLhxnFCm6QpYHL$f}q!Q zkH2Z_aslRd^Xy(ntA)imNdrE=H-)BOF!N5K>3(Q-+BKGPpVaFs*tnB=ZCa&XX}1Hw zL9bpg**xqUZl`XM1HW%O>GT)8V_u6+Um`;1x2X86-8goK_6!&Zq@ddWgk^gL?}zst z*!Cc7DbT~~;8$V6C(Gj%h?mLoXj)}?6oTJ%#>Z`Jk4Y83U>15UsyMKUo3zX;*g2Dy zX_~|2IROh2?q%XG9!%RFt*eV~SA*M4kzgIVtdF+7HB9HVxw^bZmb z?E79S$h#}Hn$#}BN#QOuUg#zKypf^6XhGPh&$K29MwDQF&N`oK@Cx&=$vbtDS2)#K3DqaeZxrsn z@gPv2cse>iFhm2eLxmEK8yKR$QN&nxXHdHYCukm2Q^1i^+BAwN(oBkb;47h3d$!&9If zqmd<2!PBcpSqbC9-2&Rc=;E(N8Q*faB`oE)@;c-cYTZF)kqMN-TnVHgJIJ6$8ce>E zRA|!S97d>1&B@W-SB5r-)Sb0PbV1SBC&kCOe{r!MU7GL|E~**5Vnz2oVk<10SW^lV z6nv<}$^}x|SMco;sFqw{4|!ObKp3t;5bopo+l+Am7YK6B=Af^X>FCEbjl<$TxXl=b zxP)&ByB4q{cVoC-JCOw}K>)*$9HA)3rb-1E!kj;*U4iyXO#70!+>8 zni-!CQ~=R3T_?k}*H}Du$XO#~eqfUhk*?=silq7?5R-MEUr1Nw6AKYz5L6Y?*CIs< z#ze_M%FbMv;oS>Bva9mz@ZNvqai6`{ACJFKR)S{@&a@IiLl)g^mD} z{vfNmcKrdupZsalYN2HFcK5G(iDpfmpyq>C^rm~ml!}Xr6Pv%B%x1Hbz1qPEDhS*u zV0C|Q*8eTv5dM$N+XX1}_M|TCo1EA6j<;{_UBHsCdY7K$pitT#AR8hI!7GC08-W;J zfp~+FQWV}0ej*E~%g*i_C)LD>b56^AJC^^qdz@i zi{>@6PWPSv;6VGiOhf!to4^JQ;*x20y5EZ2BIlN8*G3@xE0BejG7}9$)F#Q&*5>I!#QciRm=4M@RJ2#8avJ&R*?3q1{UF z)xxuOhzvG=f1G(MrGIe74?jEAzrVxvwukjss~>-z4mWj1vSEIj+SH~twb#-9F8~1l M|2%W;lmHk40OT&ktN;K2 literal 0 HcmV?d00001 diff --git a/released/assets/rancher-operator-crd/rancher-operator-crd-0.1.400.tgz b/released/assets/rancher-operator-crd/rancher-operator-crd-0.1.400.tgz new file mode 100755 index 0000000000000000000000000000000000000000..15aff04637084bd2b24777fd72bfc904e033cac9 GIT binary patch literal 8647 zcmV;&AvoS2iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBBciXs>_neRS_4_UG!;z5FdY!i#_6HCIc02JzlLO~#gS0HA*0D%-2Gc3}7oUf2jZ|+e} zfAP^yPft((^Y`ED|DT?oKK=jcKmU39%iG^ie?NWu>#uL${?{+3Z~yu0>94;er(Vzv zt&|FhUrq;OJssRLX^1hdkRqJPcPB}LkwTPbZ!l7d!W+W>fk7y;B#^#KT3$K$wG~NI zVDFOuP@;tYIQSKYa*zeW@X*ta>*T#ukRSXRm+ulvSb2BwQvno^gjv=3fqt<_Pf$U= zgOG%?cgg106I2ur|2%#3_Ra4nDM&0xq3S=~G+iWL+AfmwQYxO`faImXZ~;rgNIhRC z8qCcjgwxZL*z4TY4(@*ic|nl^`422oIam;A_y6yw|M|~fe|xh3|Lg7P@6-Md(e^h7 zDhS*uVAa3moArOoYJ+XwEqBLJoMCrPq}xOw=ux-Z~e zB9$O4>-aII1elrw7N9<(9QOM8t6Tu)Y)P_1on?ZT#lt?|8%FcoFs|Fyz2V%RuZPw-^zt(=dS2_hEGO3i|AKq}6s^kz2nGt|R%UsJpghY6 z%f8+hht@Soh=Tm!2Nu8vXlv4u5a|A=PZ>|)LnW$Q>DDoF(^8N`KsqNs4zigg@%uwK zyh9)Gh+GE)1N`e;t~&U&2U_RqRxK+^PcU73uW2Ml8C)IQy1s`*m{f>isJ2W9Jc<@T zJ6ZLyQDI_i2g;WlHt|Y))XH+v*ul1HKJh|2e8C;x>^e?Fy^LPdklcp ziy5mm&(U2lxt9|b46D*jwHe)Isq{e9uCjo?OOR?_aCOznCk@|w6uetg{wvB}fsB%S z^V?}MHBDoHL?7c}gQ^{3xnQ7P;K03+T+mU-Nc*AWzujp7>1I*1`J85Z}2 z8V1od`4Vs`h`R6P$VQ%b31UMq+;BQVFh-+>j(0}7RE)iH2{wR(qOkL$ZD`DM*l=Ag zpy_g)fMMr&*1!3VfUbX&WswP#!dwZYAUhadF*&8FK!nXfY(RYGX}1Mpw#@6E{>{aD za8I%(=bSTK3IPmv#*NI5(QQqShpx2heDtVkCpzUA(e_B>tW>M6!v!51U~~@Ru;3de zQGr#z?GfEx{+))K!uHhZuZK0fWEo-L`@AAeIr|r1d?h*X()nbi?O=pOYWlrmn3m~5 zt$Mu550z>KOc9K_Y$cQQlj!i28pdr!`9A$xr^c!$leZ}~I=~S`L+mXqR-CT~f!Kse zF~Td*Y!xR!tC1zmDeaPEe~`o0xvI>Q(Mhd9 z>U5T|fi&l!J~750ODRE&iJ;wLnDR2c7JNg}!&DeI*{wV`^zCcu`S?mrF z>%;qsqS-c-Gpi$!Gr}^R*w{9kGnOYfN)W7OKRAOKUIFgZ|Lzb#7f*&^>f7Pa(E7A; z--DaA$z(IrL2W=%6#B^#2}6tE6lO>m&T+>>FBPbo1!FBn6BLXFzbSAW;A*eOK(;t< zdI$r5*?wO0>f>Y_&vgFzFg|i?G*l@UN1_~>A*hj-IV-usQ1gef;0Fz9O|d{e-Wj+ z_xP~BZ$JryA=sny8>HYP$%(~;I4$Nwzwb-D*6)iURR6#0`S7mct`2p6LX~Othv4~K zA(kSMethq7gPEp}a+JPD6fq29zSg9y`rg`Cf3S(xl7c_jOtW)&9flurBO^a=e}^E>NcB zEZgYlLe8viAB+_`AsOQWW*bh+9A@Z;zhJ2nrBt&NHUz`0FnHT8U0X$6{Kc@zA^TcE`tV460}=-@?aR`9^rf z8h&M}MFo#F@m8XJKN#Udz+(YO!7S&DD6Z`>aZ-Rw%8?>0n=w$gT&$z5C|%5QP%9n} zzA%_)qZ1I-#>#7-?#aoq$CK}tb7v_~q`9@;w2_9`l8~djnJ@=~6YGH4e&@=ZVwb$s zv(-|p&FeB05vMR3Db(6*OwZP(GBK_no7S2Hdmi5RPytV57qrm^ZMmVMyk zK#FDfHk|+pe2x(alVcUFioW~q4q!0#XI6q9r^8_F8jcR2) z0;J+1k~>0JZ9KqiNzKVs_J%`T|5lgNJ1%l_Wh)XkN5xF=lBG(JVunrUiiwjZ)MdGD z+epb@c|>=8lh4XBmT6Y`c9ol#lH)Z#S{KxZE@JLO{sTW{2cC&FeR3n)K1*{1rKj)i-%?Rs@{G;EunFD3poeO zS?b&7Fh@E!h?arNL|bSXFG9!80`g{LTU$Ne?X4W$%}b$AqjdsK+>$a}?5udVhkaVY zK2picLMj0$ub;Z9qf#$I*=xt$BuQUzyaqA6W?ol>K~oXKSQoJg)V@b}4XpDR#9^AW zr4t*lKb0z4Kxfv3o&A7H$l;<468wV}u zAA;xJfbF9OO)0ofsQ3%+Z$NwZ-I)qEN)j7GxF;2fTj(OO;=XXSG!X`UK8^=^Z1O%5 zm&i_%ED6vwK40xUO?V_rT2G9rkVrU!9F}x@tog@rEG_0tA;P-P0SD8QxUX(XHbj~) z1cV}IyJW{fj{~nY?*vS$=?TISar$#rO;%qF6}PGF>F@PD+E2V>-A@F0v8(e6!mN7y z+qn&};04Nzm03nPZj9hi2ters_LV@Z33wv?uV8qVN}o9-x(P{b?*5~mbq+wGP(>XoL%fxhBN)5e-GOTAVXX1p+5 zR~ajkfbfd2?31S0dM^qRH^xedT-&(<6fjx z%(L;=9!_5)?3^|iV?=+=&SkeWEUfJhH~w}A?Dt}E=YYEYxiXIw*{x2~?2MzqBw0_A zgDe=)WVDlw<7poIvzOQ&E|w&QgcHQ#=IhIj!Z4n~b-AEKuI7_Taq!EQSr5^pNn5+- zOesMYrLviA_gj9w1`)!E_jRb7Bq_gTw@9RC*M<=7WOt2dciE?gHLaIj;Yw7}BUx+! zc}XApFmX>G3s0hxg_cZKuid=5=iUvVuFu}-k&QQi!ldu^amvq&L7-d4UU&)}xA!sl zYnC)XUa0#EQ$4P64r3rCrQs5QBY5H%s3$+n&!&w_gzYjFE672ZoZn}3X4)9{=M<6r zE93>Ws3bA6qh?dUw{PE7LyU2yztnx;M?F27Z3`>Md!jj8PsVCkBar7b6?LV2!r51n zgH$LtK7Sp9$P_44M1Bwm!!-!PQ>$C*-l%o4PIu%U^_(sVLzMimD8IXF);{O9J)=!+ z6IkB13>XNcEOS`AkmocNEqzX&avw&gXaRK65r?pxbVT!-L|S`~V{XSjo@3HG@{$Z$ zv83;+CEF;BWr+WH=>7gS0<}(j+O&pSot$(}#P*olrk>8T;ao-B!ZWcb?ZrI7^t1g* z)?l)nX09%nIeVej;DD&iR)+apn@3RocBgz(q9C-Yv1rRy6fH0H1<$r zTkYb&RsA@TlALr`zc}262K$nDHrmjYcMhtw&uC6FY>VkQ!##c^E#7K)+=A+c94TBE z{s1Z64r-G=CP05eo91wtW4{gJ&SVIOCf2pM54X6K*Oe=KEK^U;XxiW*4;-|&Np~?K zAOEsPG<~orbfvbI93LG|?vhE}jI3@H7bpX(hlw7yaNhW)t%PQu5FDPm4k< z;We^ddtFxpr#c-y$w)@KRBJ6!>c>-Jh!docj9{(Y)6`$q$5E-W&5MH6;tW>KDA~D~9jU;vP z1h(DJo0BrXoyWIn2qTIh#Vv0bj!4Mg5!Fx2y;rPKE>;QFkpquT_9Yhz*__tA>`2!X zD(Fc@GFqr$8;`!OIrQi?T#SciSQJ|~w!t&jP8Ct($d+tYJVaW)?`lWHFsv%v*k(aQ zhoe|=#n}}1N{aLugeWU3=a!3jr&RIR>6O2dR0v*u0}RRJFS`1pbwc-O^&c&3pYK|* zB6iNXi9M1T`zN{fN^u>Su{a=K(xtBBu6d!?t;oo>xm11JwOA9}Gaq!|RV%k#P}e&# zVef&ty7E3X{kA6NMvtoD#%_U^v5=mrQ--Yq0i2g2`A^rUcmWKBA|GBN-kHK6>=sW+1Kgoac@`sUGl}f>0N+P&Mh*#0zuF1%t}B;q>7tVt$-mG@x_hU zPfTx54v+raP%L7c7{)&?COOKY60nB*>RT~M$T=g5+dN|M(vu?#&Ld{vP05)($w)>_ z&Wx)+ED4nuQMmf@DkXS^6x^byR!$+f0$e#a7d%HKY7YM-LVA&rj3`2+q?fFs#iGKe z)1ox>jz-M4vU^ysA>%r-?v(dZLDUxpU8*O=Ru~p%1ur^BF!l@44(ATN!b{GfrRj}g z%df``rnyAedy(K`4?GW1*Qh5R;|fuH>v%E;dy$chXbv8OnXpfVm{(Drka8THY?ojem5D9BWJRCJR#+)jTyxQB-kUA4ss}l&3kK?zi?z_9}}MDVQsP6l9$&Wd&ukT`F}!SoW<()y=5&eA?QSIlBAC&<2sFTZ1v; zWVzV#v5nOt4J+Y9oCRS9qO>2c%LNDq3Z&-Fkdas|k?mo5$C15h?Q>9qU^%aga7;Ez zpAk+r%3u@?wE_xCFzTEa2Nazan@pj}6q-z-$rNf^j_&5AFel=TVFXQv*a(JL8~y2H zA|XsZH^092q48{35P>%R+vlX#7uxZk-0)DP#kuncW%k_0sXwf&hIs=^0dn<~=mW(5 z=l7cgao!!h91rv_z2+YW)D(dCi;64QfN&2X-H$x`2piBIeEY>t1us7GtV!Mq2Maac zWm{@}PKo|_&Nnzlh3TlvGh}gNaaF}L=A8n;F76r1LvnKiJ6A}BM9mh(HBaZ|g6VU< z{GzV7RA(756@KH^w>qv%N}ChP2*7h=f}LkzwiM_)McUkB-;h!vO0T3M+NVoAqgHU& zf-gx(k-SFBHF_`j8uZs>p1<8zkMx`pU@E8uwTBzjh+3BmI4elltwVp~Wx%K?p(cNdBf}C&g2Z0K0YKY&-&M}he2C=NN;9|he6$-g=8Gm$+5fV6s&^Aqt zxxt}fd9kE$*GR{?3}{F-z~K$J2G?{;U<}OmXik&+Gy?Jl1V#7X#WJib&o}ZDj<5%O17Sp9|7lElcs+6zH8NI{#?-?2{z*`!2XG(|**DG#%8?@#QNLX+y? z5$4%*rU0q9I4DF+jG_5yV#N}Yp+c^>wyLF%n4ot41XoBwWonQm!AKn*t&t4VWMO22 zNbKgUNvr7_+Kdtq?vm{m>vGAkxUVDP9oCtC#&ok~S}{<#Q&ia)MGJ)2WpU2gl4u_r z@gDI4yVB=9>;juwrKHU?`;(XE2Tp7Qv6ZkPYJa5LgQ1iSoMLvS9 zW91Lk6r&}4B{@iia^nkl_CmMvLk$<45(n96HJrwx2^S8-VbKI2le!t>rZS@6gf4pg z60VBDof7CwWZF@QW)#^^`^ts(BU~zb7k7=`_20C*rtWk zoV}3jgy*h_l8!c2?nY|WsHuk0&#mX0B>mPUX)S`fXou6#oM*5F>p#5S1N1Pd_Dt9U za&`lfmjc7Ln~&4Pc4E3tth-EX+BB!#O|+aEVoLkT(WYgB+Zi-Z+n{w!hOA|>H@$Un zq(0>Ln&_qt9{Iqrdz*V#o^D!C&TiT??fs_RF(9#P!3AF_L42r$%A`y>G5gHvG@YH8 zuG6^zv6!Z_6Vq)vdq}1Lj;jMz)?c+ufwoPsvrF&U08=+efxp_W&nu|tb}Th+7|Zqu zWn3y~#R*oj$U$hiyAX>~NULCP)7-+AO~VMUz&0-0ALeftQ>71pI?5wK*E6nuOl>2u zk6Qx2&a9>>uXNX*|0n~egcdxV11<$o_vWXY>~?E&D?{$C?nSr**WMnAe6wpZh@Ld3 zfYhiq(e`m~2YbTVvFsb{MIiA)`&!+hHpqn?5|>`Xedqw=5OSMlp9ggC*TVyx$?za& z@*r%V|44dAO`G-{-HSCIZ1&jqO5YN_M3;0bPsCRfn(=G zws?=A)2?}9CAaX>uDKKyc-rEg=l2zQ3a;Xm^f z9$rEWhd$loe+7qL(>?yCt;+?N-_5go9jz7?=OhjI{N8jl{eqcyI-2f>W~W_aDfdae zzJiTAsn@1e>Xmi}037t{1(VIgzTtN27CG?ywv$eO!8_))==3EbbbgD9FWQY`=d@?Q zKp+Lx{wFNkD|kP=@4&VPVM~D?UI)Jl3qDyMuRy#^mPgYn%cBtduJe4{#`c(0@e5|5 z*P@C8tGG$ayn>xGX_=-;yn?hG7&)G_%nN3rNz3#@o3uVyj8*B23O1xqyQ5`-gB$7YkV}wUKQq$cKaGaF`z! zMH4p<2l*$LDjeD;j6%YFDV7xOLgR&A!Y>;c3XB$njrvS$l3+v$=I5;QxdyK=51YJG zCwYZaot031!u&zu?mG_x^_i!m^8-UP06SDD;kbbz`Ugdfb(hBViWGz&7@`5#0ff5X zw~TV6c?Q!H78j6qzdPa;8A%#r+iToB!}$$k))AvRA7GP>{~EE6C{ z=Cc;$J;H0~E(75QYh5nJ-#9HusEyOY%}ELv1;7#vG>^pl#+kQ|qz4&Z4oVPgND=Y_ z#WKR~u60L?o^W^ylw&lqL@IcC^(ZT0T)1068yH>u)hOdz4!4A*{8nCvoI-6ls4Oyp zQkW}&6l4b()JTIVc9IHBI-J7@b*VWyy8Fh^29dh6)`%`B8rxHRjQejc)}u=kp29^n zqgSlxzDI0@Wpmb)0tE#hE3tBcl=c;Ty9BBw7uZ7{RwfXJYY>F{c>XqHT)+i_oU=LT zD`h&yaZTf}xDReKh9M#0Tf(jdEXmy%q1R4i0ZS0TFrR{Y>L94yOn zr10wUuBgmd!n@5&!x4ksg>S<%$zz;SRAix!$r}@QgJ@|wXtTPJ>vRLvlDHlN)}K>Z zoZC4li*Br%TR)-&bid^9cHU_@4;J(4Fup!gty}D@;aATBXXn9asw@sWzN)CUFx9Lq zvBu@8Y~9Xr^ehF*pu9zRNzun`k+(fnbqKJO^=7J+!^cOpQS>od^9y(3xqOY zsySW!`R01}9AZj8gBUAz}=IszUl!q)5S-C^<;knF}+#djUvxRel}b`_DY?v-kSrQTo^IY zEy&Uj&E1m&TA*9#2tesivZ`y>A0Yh6pEj))N;YqI|Eia0*3=1VK4?X6x;IRzxTrX> z`OC>{Happ?9h{(oz?}kC_xEP~-|`LN|Jb};fI@Fi>cYOsd0p>#`{v#SED5W3=}8U> zrL6Q@bM3MuZ>k@> zY30_uwg2l8HBgWK^n@*%*UXZiiD+MBY}Tb2-E~89{g;B40@2+tPLf1oUUmI>`;cQ= z{jFR)DL&KgnB;%{_oTLaNxH`_ya0A~ef9mfIbK2j;BFrhh}%ipwl1OhWLmtLJvOe8 z#$-3UKw9_5pCxK`dHi9S+#I8e<2NbNX<*%MhQUm?G<^^EZ*XDk-Iw9Y$Z{Mbn2j$+ z<_k_iL0(X#KqvTJgz^oi@U`vpkz{@ZwiC~79fwh6^G{D8AK2L40uU9X>p8qm0Wr+K zH2k`IgBl;$JvM?3uYevaxzB*qjwkYti_8u=+}YcqeqM=uUJ#ZNmie>K#h#$9w%?wC zUdiyG#`(S;c;C?8sSdVd3vRTx!1Ef^!g$}R0zZM6LyxcY>#6IIW%4E_Z({N$_UMT2 zO+1yl@9fpy6WXoxUM)Q9fXHC;_ve|nQu+sH{P43={rfvyZ+lpOwfgbb>2OnLBpc?J ZsZDKaQ+p2W{{jF2|Nrw5Y1sf60st~!;FACV literal 0 HcmV?d00001 diff --git a/released/assets/rancher-operator/rancher-operator-0.1.000.tgz b/released/assets/rancher-operator/rancher-operator-0.1.000.tgz new file mode 100644 index 0000000000000000000000000000000000000000..3f60df2b482fc65d1a6371c9cdc3a1e801e28651 GIT binary patch literal 1085 zcmV-D1j73tiwFSx@Z4Vj1MOICi{myBzR&&@!cZ0p_S$)K3G~Bu?|Ky4ZOFlWT@-tq zs3%KClEZDo{`VWd#G5#dv)xUzJ?e*m)qX{={vq^Jm2pd6WkqDHFgcjt%adBJ#0 zisxifJiWoFd{!X-Fqi~>;0-4p@%(WR`0vR0Uzp1QGHs~BsYFr;1~j6HZtaKN;<#g+ zY900SJArEY|8_-{aUW>H&t?PnV=@{Y_kR%V`aeMb2f+~i@11Q19r&O7p9&!jHB1UU zwFn8RpRfelh-se(qRIZ&-s)zKNlxd(a#Ar;i^?R1Z7yvAgVQ6yTMl+jwK+l zVM=VHGO$}au2>X-=-D-%Pj%&YF zUjYZI!O6`ZT5eU5dP+DG*;k9E>@!+JCrrtDfUjx&>bbt_Svav!vD6fzTPci^oXkrj zB-2bR$wy}XOtp2y{(5gb&$G7vKRExmK`EyO^!XyeKj;4dUwZz(1P=VaraS|E)&Ovd z{|Ej!_y2H=zezA6-oW!Gqn`gS0hZ7uGn7?I`}_= zl*@-aD!-BqPMm+=9}ODkf9Q>d{rSHHc2f_`J9M7kd|?6;w)eIBtpp5ijG_7YJ(6JP z6vDh&V;&TupgihDX81c@0N15}_iihFeC+A}zl{$5ucA9Gzk*jpf>ZUs?*+~LKk&Ss|1W{PtH&)zHO~Jt`01^e z(c^{aIRE!6;AwsdZqnDKfTzy?aNsr0|6u4(`tyGYY&H(T!V`<+jylxAIG%T8aa|gg zS9{x(sr5>)R!bEVCMNa|`r3Zc09g7%{bE1O2Sn8T|JM82qeqV(-wVD0@MHy>03-ka Dnw%%F literal 0 HcmV?d00001 diff --git a/released/assets/rancher-operator/rancher-operator-0.1.100.tgz b/released/assets/rancher-operator/rancher-operator-0.1.100.tgz new file mode 100644 index 0000000000000000000000000000000000000000..2c01c4acc05ea0ca7fe6908a8b09900be58631d0 GIT binary patch literal 1115 zcmV-h1f=^PiwFQ2@!Vek1MOJdZ`(Ey@3a02LckDUfD}o#tiiw@va~A(Y*~;3eGM4t zWOJoRfuy`Oo-i(n7^&+|`(kcJv2g`Qi4 z#MDqO7cP#5gUjSOEsS)S!0B^7C*9@Z#47nYqb6PsD#xGxw`<@3?q@EMbMDf+4Is1&>FbQ+A3h*^=Up?1%eG3DN70XSI z1^LL#pSiYn_+LG-=Xus9|GoW>KPczafIeO&`1kl9MYHLM|EHi{{#TS2ppRMr4&i^` zhh_f5U=kwyBmM`TKlMlaKLxRjE}%qy1-aA=SHOJ>ALj!wX6OPjszxP3D(&ln^J~dj zjGDitSJGT7(1_)hwczp&5xqt~M7{EfkQ#;GLrM#7ZeYQ*DV^H3bvWFSj!b*-KY^Uf z`?4y(5)BUQf8U=5o&7&S2pISODQLU(z`jG5{mmC9uwi@Orr*lI;Eyr1+`l^-44p$< ze%9Cr#mK0)des^JPVa#0nn6k@gZ6l14EnZWsNI1T}^ zdNkuS)496%91o0FC^!*5l5GbSt231h;z@ zJ0fV^ZqzlX6^r2_j%6Xt)v%|xUg0C{qdoYq?r40JKJXC!PrRsu|9%(-BmSR)w(-A8 zIG*>HQn7!kI|290Pr5nu)mXjUk4hGK1;kF->y;g+mW7I; z;c18!7+pOhaHnjM(Y$_bakPBJqwHOya`xj{-*#EW`qmQ)nG|~C;IX&qnB)k()x!en z@$c$#qd$Y*&469=Gb#`+tFEd0DdhkiZYRoeLcJMUj^kJ_&(kl+U}EvCbfI`t+BVbO z;|-g0kLbmR7)@%2szG`u=Hr$7YvB;WC`Ud@oRfYg0000(iO9lV{ literal 0 HcmV?d00001 diff --git a/released/assets/rancher-operator/rancher-operator-0.1.200.tgz b/released/assets/rancher-operator/rancher-operator-0.1.200.tgz new file mode 100644 index 0000000000000000000000000000000000000000..cf340b127539719ce4730cdd9115abd2a3834998 GIT binary patch literal 1088 zcmV-G1i$+qiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI*zZ{s!)%~`)@{GhvCJ+- z66DC;)X;w~^kK!8Y$r{E1dHljEK!^p(&T$Hq-BaP&<5I|Wu)!N<$_rX?^!O7UJFqa zMd#CL{ToG5|2LY=qNDh9Hak0u&!%y76vfl&d2|HPtBv3Q3P;QyMK6xkpWJr>rj#Z| zLMxYe0Gtt%Itw`?k{Ako!V1!XP>z_C3G}y1z-{_-&WJB|8gsNH<^t2sa%VUEX3&Zp z6)~BBPqsjRXUBy|Q&b1LD3+r$jN^{Mx_d{M?=;gc0V!1RZRb~G^-`qhf^2CM;IeRp z)`e|=jgHHBr@cjq%wbRsZa6NF8Sw?J6Ivy(oOsNb?llVIaN?!txD|%#rc15JY6&-u z8z`Jm8GI7-r*Yn%2+J*hQRJ=Hf587GlLfk06@bV1KZ(!!{GY`m|K9{6XBk$^w`jBz zr0spTeNG132!L3Yz_Qtu0JZgXA?3A}g5M|b+x$w?wMB=DJTH^_j>%S6NY-%x8Ww)Q zIV&XHU?v<@L4DtQ??2;zhynizb0Zm{JGot;G?mPed6^VE#{bhvKmX67>15>pTVS;c zAjP>*2!2D%+q7Zkt!=64Lr|7p)ltkL{L?e$ z{=;}srTypk{y)Dr9N>S7M(X>jDtloy@Cg6ocsl9x|LlA=^8YQcS$Z;KTvfq-6)H{O zL$~~1j>J+%tjgbe3QT8^SDzh9g$ui@9YkxYZ{;mvcnu;z3*DXjffTGmXG~j z0M-Mkz_lVK6xz6w;KS}L()Df1EjV7Sx(Of9-4M!hwdy3ZHVz*OH7Ltu@R?W!WqI61+_PR=1KOzI>WOZR`A+Bn;`o!sU zVL7&K4!K2g^)uIMF0!1N=C#w&>UD|st~ELS@p$OF%3?$BDZ^YVw+`@7+w@#Y;i!Jd zu=)MFzT6tlU~u>2H|;r7EW^5L>VKL`#9nJ}l+}a=GxUNW@SeX;zX+8Il|5;>w8S>G zt*3h+ng=l46#EN=;_ffxRPTny?DJOk*l!82ai_Ohg*VM*T6nc?Ez2>Hf zS)UhVg2&GPabN!@(R4B$_5Urfb@jYfj~+9hpd9Z#jS(Y8j2Q7B@oxYC0RR7Ym^^9# GAOHYcG9lam literal 0 HcmV?d00001 diff --git a/released/assets/rancher-operator/rancher-operator-0.1.300.tgz b/released/assets/rancher-operator/rancher-operator-0.1.300.tgz new file mode 100755 index 0000000000000000000000000000000000000000..89ee6c239bb7ca0e30031c23df8e96cdcd787014 GIT binary patch literal 1087 zcmV-F1iDc zVQyr3R8em|NM&qo0PI-bZ`(Ey&a?iCgMcBx04bF1+Jk^SbZJ)%*s>r6`Wi6QS>{TS z1W9?#4E^teeps<3*~yZ?K{0(VmMGpGY4ZE-NJAxCp$U{mL!B}gmn&*qcuzBN_F5o> zkojy@{SrdDzhto>XVHvI2$@Hdh@6pVHk(e)fV|oWjv%*=nltj^Sl!8eC!kU)M;%wv z#vTBpjtZ5Aj5;SU%?yIlfilAkl`*lN(2p>cf4F=;IayWuyDhG!@p z6*2hEeoxIC))7c`bD8N+(wQLWoo5=Pm7)&-t$L@w_X1p|JPLHXkS$T9^?Ncde`Oud_MC3B;XlMv1GnMtt@xS z+_&53qPL9z98F_b*Siv+vcArRxK@I*`xt&(UMY8N(4usnmkM=9MWZWDRB-@m7Jk4b z&4s(clv`H@^?mQH|BU}3di-~oX+a&@i`x|nUCNx(FO!1D_&=R=^Z$ZGvyuO&z-ALb zf=ezD{F<1zNzKe#(@@igpeVeuBVR)JrOppEwYMp5kkYN0He9+T_&?YS|5*-DSZrVX zhw-3Hy3cR@e|~Q`!v6%dQ1@k3_QGo55&lQfY|`cbyIC~y{}k9QJ*n2VtYE)#nZ)p+ zU4Ab^M-%F3nZFMdm{ubzKU);YoHBK)uTBQP(>oNlZh$h#fH}Z+-!+Ci5le_YABVjF zYzI<;Dd{MeXj;osC)N*cf@V5b@BjGt`TG6k$My?ARS5rTR2J_v0xUU-j1&YFN%q^NVXZW5ml}mRu9OVLK1GSH74gjp7(v1S*-6pp_nOYw*ek%n~qDtt*ahV ztbhNmF1PwK=-vJJb$do7O|hz)x}TN;vD4ZaWjUeV480%-yyvgeFI*;ErcYWfC9p|t z+vy&O<^l9K#o+=WzxxZBt9CU8F&By literal 0 HcmV?d00001 diff --git a/released/assets/rancher-operator/rancher-operator-0.1.400.tgz b/released/assets/rancher-operator/rancher-operator-0.1.400.tgz new file mode 100755 index 0000000000000000000000000000000000000000..2c0657d5d4825a7d0f3636affe2017e37748a08c GIT binary patch literal 1091 zcmV-J1ibqniwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI-bYveW%&a?lD!B7GPJMzYtErvc^bJwHLrXdIS8WefftDY(E- zkc&93e+eP|UoxMQlPD%JiDt7XnxBv;j$?8HQC-F0hLlY>bR0N z@c zs@_F`Vdow|?cur*;#vvL?i2WJai!d~L5tFPUMAEX6|J^7QO5#k znD_w~v=HtFGj3fK*!R7+{zLv}81Ua=t_5{y&u*6}bR~06zf1}qMVxH7zZD2+Go{I`RdCUz+^T(0Y^NM(Ny{X~U&kfd7L%^PlAa zg~jg0e;5zSwEz6p|L6CH1N=`>3w2*rWiPA-9^ro!#j`&D-^KHZ|Hr^~=}EP=RR#N% z%QS%x-ST@mI+{{PtK7Y(z_c1!_1U68=9FpDe0?(bo!+6aO#@UxM$7>=`>r+IidaGH z_}K3SU^9>kOi4$%MAKPTIO%Neqw-{{5n#blq&K+O zZEf4Hsaq!9;KS}L()Df1EjV4Ty9poA-4M!hz3wElHVz*OH7Ltu@Y&G}%JQ^}xM#g~ z2DDwh`2&x=E>MAC-a{EU!0R@ z(*I*%TmS0?r-fT8!~d!8gu<^s+4fqaNeY+E)yItz_>`<*3V}B90-&0IGOEzE5LY!^ zed4sLFbvx^i_D<2^)pj)!Lyv|=C#w&>UD+Yt~ELR@pS0B%3?$BDaBk#y9w}6+w@!t zZe9J5Ve|WUeYrK9!Qk%4Z`yMzX@+&x)c>>)h`rX{D60t#X6OY$;5~nxe&I6ZGJDc; zDS>Tj+f4UBG!J07DfSl##ob@XT)i6_v(G!(W4|T9)}7vZ9o{sTY2nqTwJfJ3^IROz z|2DhRW_@0e2_8HDM}7UDk(k7j{vQK7SI-;u=rQvN%JJ6Im@r|&gbDu<{{{d6|NkSU J*Vh0b005v1E~x+j literal 0 HcmV?d00001 diff --git a/released/assets/rancher-prom2teams/rancher-prom2teams-0.2.000.tgz b/released/assets/rancher-prom2teams/rancher-prom2teams-0.2.000.tgz new file mode 100755 index 0000000000000000000000000000000000000000..0dcc569988cfcdb83cfd16dc8545b6bcc1f655be GIT binary patch literal 4289 zcmV;y5I*l8iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH;bZ`(MN`?LOvIrS_0xLSVX)z7#Bmvz!^@HL5%WOuPB76C1d zZEh%1OHxj~uJ3O@kd$P}mK~?*WxwLW0*yruXNHe?a5$1AJRGBJBvQm3jU-mh-k3-o zOi9ds_%@~0YPI%vckSO+tF`>MwYRhTLwmQi+iG_@?e@VBt@iHz!R`;x`bP9OmQ-mX ze`r0J*7D%KlR`KbnrJGx>Usbn(S(Un5E88!22?adl$s7HMqSAEN-fx!MiKHZ_*$mu z*MbPu1x9)LxwcgzL!z+3NsI-l(zf(SLVrQ2sNh|gv^|m}#p6!U3EEzSDwH(Qw(1am zLKZ`4_A(5GgucOaWiY{jD2zaG&|`!&QCcF2VXSqcy3OW@>Tx;D;4N)ah8KTj$68}t5X{&G{Owum2TdmkU#28!R z?atd%>H(uMErWHIz&fqgDfK*sazaBp0zFNz3q6)9jq;>#SQ1iq;ce^fKRs{3xPcuD zrH!((|EiDxq2L@tEo9ed$wu+mNF^&bt1isu9>6mgNs%VkgrU^xdN75MaI*;nM-W2` z@zOVo;lmg3OS;-VQ?4}Op=(q)K}q%0J!qm+<$k7dOr)zGQa(bNNXoT+mMI?yadVwY z=D+e_nVYUq39>40@bc*R$DcpI7dSb4e-2;Z*TajmlQUCsd~tDp0bihZadLIi zJN#%c=SaF1+{}5ls}rKfU1*9#m&`?Tj4TcXAJS3NNz@-5H-AGq+6e9b1e8lhTBy0E{ux3jyz^ua7hjw+GVtfX6|Wt@aDGrAC! zLIt-}k0}Sjrwc-6(JUGfH%KdB{=V4*B2h?CdPb|3PQ} z;7R@;qs(T_*D#@R7Zhsi(Hj@?U2LW$9Ag(=H|KNDo6Q;!;gE6!-`S<>$T{iPGV{`X zXw2spkPadE#T_D@m!BW=YrXrTn|0=f;6GPQ|Emxnk5+zrW`N$Wlto zjL}=2P21Wqt&I|PH<=B%L38>k$56~k$R5?YSzl9u!y$&c3;vn7%os4$#zQ35U+|Cr zObPRsr>2$-m3bMJ1yvYNQ1(Qen3JCWU+tj1+i3X^^hiPmlu_e}2LDP2m_=oR4^(GA zEuH~tvZV1B0U^s4Q)nSK0-naPW!!F>-TVw*s~(mQ=mpGLfURad-$~}- zA9e)YciS&)iO*s(9G0qEQt(=-y*GmkwbyvA{3UFT?tQk}W+^#jMwywNP+oNBqPd`r zaMKVWx9TuXnWiQ0F2aO~X^dPepd3OG4=BgT?G|;XoLM9}(~Bip^%s})|4Qr!>LpCX zvEabS0NG|{9Ejs&)faU!-q{Q&4_O-3>5IT{V2!N2x5E^{rLxy#&Lak>qBw!-y|xga{84vS!VJ)t7BZBVUr`2v5YLRXfg7E4Sx z8DZ2IOshOyy7<-dlK$PU(f^CG(f@ZLsF)-Vy9~H9{(rFI|L?b+;{T6QtcjcuMk8Y* z8C4p58xHlsKRJ7U?t`C&Lw)dVIMfF}4~JH4Iu{yVj)^K%cUjx!fmcWBRnc!qCh7Qaqw!e7r|&t|6e%W2&BO8<-h%PoVcBzI&ZuS^>{+UUuYPUiSg+c zOc?tRK|up<$H;3j09EGHwK~}5Ysh@XEIR3=&|xxF&apSTmntwuD394d?gMKgN2p7E zBVpV`p#eWrr2{C8W4?4uh?_J4f715t3=Qe%lq5d9TxSC_TOPoxdYFah7rc7qEJEc5 z_lEMQ3k4-FMol83Nw<90v(X9{9L(ogpS9p6W*oG00M^3i{y_j=fKwhJ*Rbn)E?t=e z__-S}7UIS?y9FEBdc3g@X)=-|!d2kLEz;3g`(5yN{AzQ4Vbn;;Mn7$q>!P#m1@pP3Vf)sT`Q)w$ z4(%w@3|YVe2VXK~eJoXUlFwwQpzzuIX37ta2J9DqCQ|K8p~r)vK@tyZV?Wd9$dlyx#m z64fje^HH(*E1G$GE&DZk{A)F{N-)fB@fi(?st8m0(%+HE!(2{>$3%zYkB+jf0QmZ2 z;ky2t&ufdD>>8-LQEW{gkmw3?*u{ zV0F30lF{Nf60^!ac)Lc?155-HBiqT&kQUXsWj!THw^VuGeV-w6x5_nC7w72m z+?EDgCABu>Zpf8(x$PP((pZcQTxr&1R70>|N?lp$vdC+x_B76cs?JkB!m-v#rJ*z- z{c@&Bxg=6(5en9Yt6sm<=2q|2?6NiFR+iC}*mUUMm6lQJgnUv)pCdo)_pf{BXYWrw zT)#j0cwC{9#p3JjwxduEkgOu_U!0$Iu8t2+FR%OO7gyUOx1QOysDC=Yya#HUY>l{g zes*@;yE?zP*Q{ht;kHCRT%7;hzdrnUd~tPo{o`-jlUnxJY6&iKv&w3vFdSK9NzJr7 zWdutx?WJs-AWy`pkgQ4BS(HT531v9Ks0%~F6joZ-rHQOU62`=BKSy?~Lc+51>?&+n zy2j})iBTj)vRv1I!;c>;Q&3U2OW7(VRaSe^RI9^RX10v93beFl6~MKam(Cj%Q_#n};tXS$i+@j~O+O0Iz z|0dz>jpx5aJuvd?${pvwcDud&{>T1qXaDK^_ZX#o{&SJ0=A=D9P4Z)4UqpGjsPh27 z_B7Z?RPqf@cXh_`ZbLT~N}r*=74oK9dD8DyEBYr#i;9J6@tnF~*o7CTsnQoE<@Um! zCO;Z&UV*bPhkR<=(0m7wZTzHqgKj}~^g0WsxWXcw9%CZAn?>Ru^f^&6qP z%e|-^q#E#|I4-^TH_>QMt-0xcnK)M{htPBbrVSY_i&-p76+f1{_B&arI>) zaY#Ssui^j4s{qb9o7!(OB#tFW(7um{ffpQIUSDb<(R&8jOCG=UE+L{)dBKS4rv2Zs z?*)UuWYhkiSBytZ^I!g`CcL>oG$7$kn%H+AmG?SOw~6;U7?2z9b)e(Kd;LG&Gx&u_ zDpCa}N5{$w5-E&_?*%kM(sXcA{NV)?6^aO(-;pm;BmdP5!f!z14*B2NX)Wjf@9nmq zzW?Ys1zAtkI2Y>leJ|Z(lE`&1b3TF6^=0`fsmsne%8p9yNkN5$1E4J$HB0t6-mEHM+KU!1?EFe$PAbhz{ZTJm)0;tj%UN zUS4DmugW-PGg#1Zcwk;&)>Jb)UwtWJ)MHE)*jyOco)9a;6^rzI4llDWLS%KXYKMlQ z%W3Gsr&)2|Dc zVQyr3R8em|NM&qo0PH<$a~n63`8>a(m&%qcpJqtv zQp%(v;+x)$+iDK(3rU1Au85+X$$FIe;-2aPpmm5-j9kr(Cx? zRVtN(Zg)b}G#dpWPrA>kz)=0)E5iEQ-IMQRTc1vFcE&{{2c8eplz2WQs00nA=U3YD z{GzplP^JiFC`=tp2#p7j5Tz)Q!30tM&+n+DBH>9uxd&j;;tJ?|&v)OX!c%0voFYzV zC9LTf1tToNKmI2{$z?i4fqFm%uqlR$i{H1$-cp=Po{13c@a8del8sO>R4BU!&9c4N zDu_JINx2>Lw}XDK@7=d-eF^Cj{eMd04CO6M0GI3kesA~joc`b6+h6PdyGR@G9LFS! z6;VBkUg&E$sdRVFyrTQfO^}G>hXS9@B6(fS2RfTpbCN$du>B zeDX7%VmyFd&vUBv4aQWemrS8JCGi0IiRbAr$d0&B1K8i)-SIreBRs~~s5;yKR8TIc znjOYO%GXBo=|OJ5uObG;frKH->J;IXf9hdxz;7DKKqV+l(wHcWJb+BZcKR4}yJdwS zvIq_2X{bkNdiLMF|L*A@L``km0@Ij=L=K?ud16FD+s<){p`LRkoJ}=20dKxPI0S)C z9fO?mERJA=5DIktuzw9e&-9*`%5)K|qvN9$L5)c)(eosVQySty81js%MPLcIavG7k z;PPH-KyRmLrX}EGP*a=(qBvv{15@_p7#LR|Q2}9*gJtL;GTZ`U0Z|DPWGHltkV(oW z2JkqGW0Ri~FP{&+4LHoC;t4!|eGDOIV>-!%v8r_IBLosf80o*~c^Oh3NiSmZ(9|=W zwqfAvftXo-0|0#J2iw6;uPv-niUn&rEJkd7ToX3_Y|+ z+AmrnJIQQlyXBg*nNA70zR4_k_~c1&Z2J4`+4++v!Ovub@hbyT$Y;+kHeoaaUFb)_ zv-JDfvuB$IIj?l*B@oAPuSg1KR81ij=$HI!FlN-cmICO3l&+jKk!XL*W+S zN2LwG*oa7u6F{bP7d-&{NTs4|GBAJJvY#E|^NxKA)aTuGvTB*uwI6b4omU#sgm_qF z48t@VW|B;BC^6(Ll0(H6iQC$Lx0AfzZ0m$=Oixj_(asjo=;?#*gJtc_(FuU({8WAd zpiC;lLactPqD}X^l2xw!7M0HnRPs|EEh?V!s7Vbo;6eG@tLTjnA+^%Z2@)Ee)@-l6lD7c|Y^F7=AV9<a@N%aiabj*yV&Pq_KP?)_F1hFDPz-XxvT{}9w}qvev;jg z_@j(PF`BW}8~lOB*fv~9%miBv0+(lci0n`A*AX$|IX)S34RZg@m=1K4?gwr-|_zmDXZS zBcG1jY~Rwr*UNBiu22RQD3I{Tn(hYNKX?XbriL~%sn8-yrIYDMw=v_HwsU~QX8KoX zG+#_+z$`><%xhyvTix2gF>nu#UV^o@Av3V_KtrA+88axhc9pXpd|NVr0}UXj{Fdzs zm3h}JFVX4}{T>|%04^?IN+gUB8AO=Ie5R%GB?AIu zJkv6mDU?PfmC~Q9)R;<@tI?`sg~u^J)4#ONB`kUx=hC*R3{^6qJWgo^aN^K&1NMVHsLi{M}(i1|Jh%jHYq z=A{-xE;@IY^j}H-hf|DG6f#ihb+!VQ$p3DCd%Ge3{a$Z(E&q3sHsFohlhq7pXIJQ0 zkN(hkhK9oV^gG~RT$q9tA+UP_`F3#YUO-VT6_lwlbp9&4oofNm64LxzTSsPvDB(Cu z^%~Ig&d_xZT+`+t+5jE4MsdWP~w4bDt|Fv{qu;{E9h= zB!q?W8cs3F;@m*y5~~osM_t{`DuPX}uXFthbcP;Ta8yw-4Yj@Bh}KP&vH z7h)`g{T=fsO^%K09XfueeNdiV^#Uo{&=c?sG%ZaW1&}l~0|~spqlIqDE8T`3l%AeL zqSqXfCkTHlP-}-jrWotRk3j2t&)JqrcsQCF)I5KEtjp>tS*93n2HwjtxHt<7#I0kc z3y-k-Cd$g#2=#&|0wT3lkj1g{$FLM0nN616}G!n#&UM7&{+$U3%AfTHnet(V@t(k zgz@V1HkCRHM^{C@{X17Ne}cd?CLu!SzdFzvcCIgNP36$Oi@5TT>N}pV7cq0aSm5>} zePc-ioSzpQ_>i(N&Z3o!^vy-!&G?%9)M%*V{^+a(q=jkj+oD;gtE83e{}6>rtk>i^ z;Xq65|DB!wM-~5Akb6~)P3rsJ1{8*g#CYuXMP5poq1Xb-fQtx) z@to%61m_A4530K#+T8Xw%&v;IF3xZ?<^05|TQ;edl(l$Gvr~~Xp;D7OpmbG)$d!Y;ugN+alygx62MhkMgiGN;4-aZpK*~ zlv!@*3C4|lwLw-u-_A%iWy~f*Wq_eT_4?)j0iwcDdVb!@T6H(8b(~myzrnE$D!WY@ zg7GVH=0dhY5;)`s^WZwBD~AVe|D?|N%yFCD8O)@Oq5v}Dr&tLYYH+;bc5q<#ckZ04 z4QU$e91<71cUx4qi28vt634Tx0vUNwS6#FVAs{Jr=7r2HtoxCNTNH(r1mKggf0ft( z5i@a$X6M_#-dL_vEzrZRE=o*Pz$bubf+H)|=Y3D7UtC(v{&R7Kg2(8OD2phY_#{(P zKf)L%MDa`Q!e!@w`px+7?fsqJ-rD}Vi`20H#E68|RcKWin>nduK)LU_aCqI|6QcD z{=WnL-w>7C)ciN>$$E_4Z|^kse|EO}Yx%#6Q-`9Sk^cAMfoBhPS-3yYSfR*|$TUu)!Tf17Xggj8OOBU8{die> z@svki3Arp)oEfbQ_hIm8vwlkQ+oC+N$4g!1xf7)3(BQK%B@I}73i?& z`1_@3D=>3IMBO7^YP#l@(euwwqYs?;-wnzxom6jtl}|SFEyhkWd~nWgDJ>jrrtyD} zByKP9Cr}n4Q?PqkSYm4%^`krGZ5D5Gd#b(RqT1z6FFCzb5^+g$MYW>2{aXvbTy6bl z5bfvZU(2A4)z*Vc)_>bO`+JS`-|p`II{xoY(sfrIIe*sFOElq|9amhJ!V?KJm)9{0D``#*P*v{ZB-d2h|#C1Xf3smy`>*hcr8 zdrvMQzahCtBycrFaYm)Pk;QR^Jr0<1Y7bB`u8Pa!z*P4hb*ttwVNvT=)Wa*;C!6cg zg)!j+$JDF5F7Gss3MO1-N|wzZw6v`*?l-^WCJ+O7X5W zZkwW86g05NIIrBv`>yk-^S+1-a6fBGY9;x%_xvQtuJ;_sfPc-|J&|DWZza0?+yO z3j*sD*E(^NZrq62D-nD}qT8f(pIOu7^eFDUY?jJB@$MQ4_!F3OzJJ#&TKFWc=J=Vz z)tr;jq7TCpnI$d=%X(CtckZF_>A| zf(~}^yV&uo?1dKWQ@!=1f>ry326SrZT6kTTMoy(qrgBg|z5y2(gSl))CU9}lskeAk zd0%6$M)~+gwWmZ(Ds1dSw|u)J|K$7DXXvL~sHYXU&;)Uys)~xYk2`%S%{_=5fx9nDoMNU^n95e^NHe8MJUA63Xj^%ihN`u z*4R^NxpP=~M38Sa(4gt#TS;%U6rSJhtLf_u5L8%&pI{ zG~t}q7{k5hGKWZ`?Cd4hx&2y+uWPbU4z7Ne_98{sUigahg1w!*CJ}}F+gE3n@_+IA zmQp6(*QS`BB10*U1RvExbab&F?Nz;Ha+hOIk;H2HM?K5*q7Gaq8BS3*`_tREN5_>M z%BZ3wevUDj9oqnc0qpcDGdGFoXW6sn=6vy#P0j9@3$SSAin4Oa3H{y@R+yV{i|1de zrOG#9Diy2K?~06Plq^-VL(UX_tf8I6F+V#J^pwUp!51b9CzMVa`KzV-*B#epfS2bs!-Ep03u@t@-=6=SbOHL5{22r>Gg}O)9Q8Xmx_1w z;`TbCS_QmTe3^{T>-6TO?YT0V6Jo2KTF}+NK^>$@(m6=gZ?`i=R$FYF-sZYsso^gu zvtVTNrgQzltphcHc8}#+Igns0kPVI+Q=;{ z)^71%fSKAwqRWs|z0`XZ(4s3j$$tzBg4Zf=Q}o z?Fs@#rZ@mJ6l_Trr?0&aX2PlE;S+u!!NrIq}@dA#E_BLJ7i|Lr!3Z}3)gl0w#s6*3o&SEkyS<+O z?<6gW|5#ubtmErGO?;i-l(c&cxSQ+B$^mz#TbwBp`zeonk|{1j5}U1`%6xZ{jnG|< zx7OG9m2R&8m#+Yq>Hl7@-@N~4dwu`=-K6`_|7*qHrd}7`4Ya^AZ@Dt4^Qcq52B^6H zC%+G9(KSHp^p&QS^nV(Su6Og3P0RHEZm${t+3WY#_WzxvhDV|0so$!9tg7=<6Y*2H z;jET#c?9^jZio8fCyLy8v;xX&Zz3D`wYQCHn}#b@&ozFl8>tmU{S{{0hsJx#%X-lQ zqTY}D3V&Vi2Nh{G{V%V1^Pf#i^#9Ioe_sFZuJ!+&q^2s6Y4!R~-}hJ2`NuB8$UR`c z*7%od{DpzZZ9&O3U;S8G50LF&rj_uUj2*}WHuGGt)Y1YbnyQljDwE2TvEK-rMfsp|v`nXW4>F17V_x%S zZx7v!)N3zugW~t*N!G2ePiudkX(juwxW@Vu#s6$K?Z0*W&t0WU@2Ojd|E$A*zQ*vM zuP5qf9qjX!r|ZrCZSg;gErF%+KaZRHzx(@-*Y7{vNxIVhZ*dXrI{xPq#sA!Y*w2-t zebx)MFFD;@|KB+Nr}ud7{olRq$Lsrl?j+rZ{$DHpik`j7lVHUgV2npt`Kv1xQP+C` zY&H3xd-r?gxBtFbDgL`@|Lyks>-fJrNw@p{-`cvX3wcFW7RNqc)7GmQdH7Kw(`3qB zvnWjC$P^7t_4SLd>(r7~(*Jf>_SzvJOYOg2)Bfx2@9eGh|6QcTzQu*_KHAF|zFz&_ z@aL*o>J++QsL)J^Dwf4FkM1V1h2B{dijK9C&TnS4SBEVse}c2yRGBNv{}o>QnNQ2? zzyAK*`>(zJdi{4NX@P_{_s<$TWAnG6(&xiyE?YGD$aLzpH)I_b4;g| z+u>5d6%TnlfVYQ7=8Ga?g6gPtaaujx_PP{UcCoBchb{fp8M?^Y!uy=kRrEixX8x6@ zfo1mJ{@nV1duRRr+ufvw{a0VmE%F33CyIRO_|=+(H(3YY@A~%=`46TTCv?KNz?-$P zO#b)!jrSk>`}^B#`|nQD1{@KkP%sIKgQYf{O_9MUqp^9zDJ9_vnV<~34KVLS$t*Pn z3dkwOF-&4UvWIsln`~*xBZ{7)xzM%pov_H;0EQD|9m2y@;Fx~Q-Av!kES=y+?sOOT9vbjY5-@G_@{^~`LL^o~Ya{2G?^!J+bzxQ}=9shABX#ku|wLuyJ?-X&S=Gy>O3I1dZ-ybaADDDYnyl~kehyb3A$L4WtZOqm~1!5d6D zykukUc^^J}2sx8HMo;$*gw7&S1QnJDd6H!2s@!};ZJB`^Cgo<7z8z%+YL-Ssp>EOh zhR2BTuE;BKr9TC7YPrB*OaE`E3w13|>IMmmAmX99-`#Gx49(!2G=O=Lp*FY;_(?am z<9!RJRq9Hh8RBcsac7COqHQX5@9jR&Zm_QDrui`u)R= z+V4#mVa(6;s4JLseOQW2S8fG-{>tde7|mEaPAjH?FvmFW4u3j$^Y%UXzH56%{KWfeaCLyyQz3I@U7 z<5(M^PU$)^Fk5Cb+HM$;`=87#i)mpG*h6fVfo!XW2j3n{kO(zl%aJ7q zZDg!!fD}Uo7VMQZNg+pa%FnI}#4yFiM$JUX7sxMIWS({PytiD>(j`u|0GZ5${qmvy z4#@{2Js%pci+nIseU6=)#Brf*ifRYkQd_T=O$P#aIj-hY3HUMPW|C%lvNexG7-&;2 zHN_4Ozy{10uifSq6nCw+yLC0nUBr4$J;wosEb{9Qx@y$Donp&M07Aly#OV{4yI->TKU;oJ-Un2Xwh!_9%E zaDD0Ec`q0l#dZpz(rIw}@N`Ht$r^M~T#LLJR0Kr9hpqQ1tZW~s@Roe9i)MJ_53T-E$=yr3xmH$yQS zz=QMQP#cBA;nRP2{waBaL)-VE@j-suxp?3lp^bNJikJW3$&=uX%YF8&Jk(U2^;h8( z<-kTF8aJ-~k<5m+Pp&ze>Coo-CbQ(>lPAHk>F={==TDvl=3bXq2BeVBo?UEeOz1); z-s$_R)Sp%{FbBD zS3{;V$|8O?fSttZ!AFl?|MK?5;L#&EMr9-TBmhdr+ZKT9{>RV|4Ag`@&N1r0HgccDgXcg literal 0 HcmV?d00001 diff --git a/released/assets/rancher-pushprox/rancher-pushprox-0.1.0.tgz b/released/assets/rancher-pushprox/rancher-pushprox-0.1.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..722fba8774d599a26debbc0e8f326a0654b7f0d8 GIT binary patch literal 5934 zcmV+}7t!b+iwFQc@!Vek1MOXTbK6F;&)@tM^QdHPr3_HiX|s}S=}B_pS|2J&$$Kf6 z%L0KRi4_PS7(g~-dq4Yj_Z%1;ykuF`!>+q=lHIS@OR3 z&Fx=XTU!TvdyIbX@6+$C?Opj>U97)zuz%1$*xKFOVO#zEt)2ciZ0`%u(zptddl`@t zByk*aFYuodi-TC{!zq3>B|NbuQ z|G~lj_BU+n)+ktT{XgG-FOHMk%floVgAQZ9mwQn%cHws(aW_nQlQ0N)JYd~CD|pvx zq9g~~_&m$QQOJViagy=dnq!&%@9pfN{_pH<_qPuY_Sn`oc!0fo{lANAgPnrP@GKTA zPng_y_HM#sHY~y@0L5gWuvgxggCuXTi%BS$DAF{^KurY5O2o!dGGtRP_b1T$5d&QX zalYozFP~WVL0e#en2$-=*~2vBqwqZs*t-zg{nw_;Ud7RjB{B6xl32faUEY|=2_Rhg}RsZ`3JN?~z{lANAqv@DBhwMz= zV?KgGP!IuX3YwyCzt(Q<&BIBar()3Sf%Z*`q3b8po*J;H8*PH`^l~PQV?C}oR&Ncr zs+}ql-xeL5=$!;y*%T*H=Z~t8oZvie7*Wm zn`kWkjC(n6(nhQGJ)qF{xxmjn%-AFm`2zv=FMpS0SG35Ck3*zdTEIFVTy_YI&XOsI z0l?f;f+`To5VH1zaWgDsr&w z67PZEpIolMT3gGKX$tBUxyxWKuD=W{wGDO84W@?4F#fH z!W&cXiqj|@*_E)%o|^h{$#PL+fRjeWKpQ=|+=rpdT?V3qJAMh0$9<6J^Q#b1e>j@K z$ejyIa8VJJ-GP-zoeoNq=NY3nLbX+*^V(80V9K-r)tdDdTE&GuHkrZ_pfwu^Or#ph zuz<)d^@8+804^d4<3?v`!Ks%)v;jgYG^usdrF0LMEe%t^M_v)-?AnV81bINf2KyNV zKJy~_u))scJ_ntTfELvR>?7E56F0%9llR^<1rk0&D+e#8emm7q)Zo&H(j|OB`=M_b zV>INrToob0ZhTaFK`M%4C}B7S&DW!l6##OKeoJGV#JLy7qGHNsAYJdgIJcxr%IGET z9&FwZzq~rXc>C=1r@;@_Oh1((iWC8Oc>R2&+HAabw^>(FT2bVMs zx>1ne+i(-TA)xr))I$T;J5Kxp-80Ew4{Q>^!3{--+K)E3ve1iI=235svLdz{K^>HF zw^Tp0C8bMYhv>Bevu;I#941XdGE52hwg^52(n?TwFutH%WWsSCh9SA^CC##wjH*Bh z9?3qi37Gr1RD!F*`qqu8fR+j#z=e_D^u3fc6&e_O&*MN*Z*k|PLJA@A)MiRML8(%M zQV$@E%eci};0JQ17=rDX)NzX=fJNab^z}};?Ab_7OL_<*8=`)f5DZw2g9~J43<1xh z%2rx#c;a14I~9d~P9Y_Qk3jsBo&6{Eb>LS2nnk#lSJyntz+1}w(UwZLKuAf$0WY=E zYBT42_`uxXq)97H%coD$tGf6tm^I2Oxi58E3ciQf(04VOj1u3A2G&TjGcotmr|xAb zV3#G;ijPuoy4~993c;V_sJO$pLP|GzY!rE8+*&Cja<{Df6L1=|i9EQ{C!rj=)Uiut zsxIk+!4){cvK@DYwN`zsw4#lSxJw@ig;yo1c>m&lFLYOK> zU>4>_(k=502Mtm1lQiULSpcTuI%1CK&dX*pIl~e#2V~%5b}~)#8IY%kEfB8_XSM>l z2DcE}p;4(>IGU>o7?SY3RdY+OJOyG5;J~G-&D1<0Y8e`jT&1@lj+n#UFGA!MpDm&h zzW(YY`rgqpPI_ONml+pHk%0s%JI(YBz~0kPg$_ocbpWe$&)2ezLx1>G8ydakIpK>W zlcVF`N(=ByG7!=MRGg~x{*CeSB;qn!ki?P;f}Z7VqEC+kJzu|3Lr9m_f@TctQpVl# zOk`N9*^4SBDg9&xnClpLI9qdc3F?w}Ww@K5&5=emka4Pk{4oFHt;bsxQf{`FlEC(@ zl;f_lk>x${qTjo$(>dq7Ov#mHzgtMkm4j{4 z&T$!tQUp99wwR2Q+5t2Q?$^$|{xz;f{y*oyJTSK6_D+JVeg0z`zCXA>|8W;rWB*ke z=r#|4EUEwQZ|&~X>%ZIm{rmdQU0fR`9VIuOENERQOyw5~2kiI57tbANHpMD!Kt2N- z9CJUyEXTE%g)*3wUMTehVK7V=%)sX|V_`7YXr>RRVAQp*#Yl6Q*ix+HjINf3^|DG{%(K&$&>!}lPB9-zCZHd+S&3R@A>-& zBmTJGE9csH-gln&_i$k^lbjC_ddk4r1Im*k&_QA*BQ*^X$|Pmwpvg=xcM4)^d3o&i zP;6E@!e^MZ+S{N3wM0bG5>bT|s1qu)GbL6o36mihU1FY;5;&CD@DQ2_1Yv|l9>J6{ zvlV&Caa{f zRgnS~wAnGOVF>fL8H*TTX@#A^rqT8COE}!I(wGCbeX#SyUK+0_ZfO)nny8k3tjSIZ zzpIQ%r<#-=FyM=dAO@6%=ycRB3>x1swqa)|5hquUR#j4!264iuO{D(zvk<26NbP{;my63B8l(c`%K;gg~ zkex-URNX#W&t`ooMzWeHv)3}OfR(L!dPr@G zReFk{x9#<4L}vTF0ek%h=OEA})h6R$ZPA*~%vsgaAj&zYUG9ws?3zxfI;vg2{2p-z zY!{5*t#$6wgnp9FkQ?IJ;+dmxn1Kv9!$Qo4bevYr+;?~SV0=1cW|nvteI`PBnZ`LC zsl663(wGB>HZBHJN$_E%T~p0k_D!Z-u#8jSnF6$9k+$acIpf>kI=z}XJEy;H+c^5J z`{rwhDEHSFycXntY6>izZ0PwnNenEB|99cPTKvD)-@QNoc_-J04-SITnj3`Jul);M zD1Zi)=PF1vD#yUwtH%PL!?^Buu0k{{M-t4QfhofX1vs61Xuss+5fFrG$zx=JD1cSd zy4a@6Tt>h;@`fDI3Utv)=VlMt2>X0w5I7;mVY}ErD*yrDkwPHH`FBLf*M`(YzPhTdi?-ERi!7LC%~mSt1nBj8=+1+B+-m-|8^0s!{Ht9 zDzSE75DDSpy1EqJwN~`HJLc%Cksb*5sITLE#$Nw7+yHO)Rks|-IO8LnS#SD+RY0qz zz^+ZRD28~RPlftp624g$uv<`n6REzhXogP&iojyA*Zve176u&~O zs4!uH;l_hAyn7hW9>7fqwefkl`QI058gV-J7b(kVH+=!xK+PY>yIwrzss)PpG{gtj z)JF!v==%ZN-`m^SgIgmZmF|{?gMd50XNAs^gu*JBkkhRAOiQXmKiXt@xI~fVum@b7 zI(eXPfOE)rZa(T$GI)d1Aw2j+-BOkStE;E<UcuP=M8f&Xt@6I}BA*G~W7poafyS&#LyBzjRx>P4KtDd4>;UkWEa&?RG{ zo2dBK@q!@3RH!C}Jx^xRiKojSh+T57DWvLB&Vk(U}h_Qd{ zU3*y%f});;=%ROJj@o0YLTR(Asr9JijY+H_Y(q^XzxuJqbH676MoG)K_ZqB+bQgRbl86>H8+-4h>V;O}#L zNfeI1Ok#{tEB?lONwGTX16ZsJ*{y`GYFQLUzCall%}vwx5j#3Tm{}y!qZ@KNS_J6^ znqtzbc3ZoAHrLCSJxd?o-&!c7x6R1P(<%+;jYUo3p}1AQU9FWaci^@5%RITm#Kg88 zzV+dwB?;W0B&>VRy^LPuVwKU!8KyJ+R0f?@ko8e1cHPD($fN=L_QTQ1*~QzZ&z_&W zeR=reAy)cp}hzK&NsxCEoAA;((4q4;e{1NrTOUnjqGHC&oUMrmqaXSKO*DqF( z4<^wOsc-8u;lS3-i^H>@PcCff_0yJ4jUMdd$L0$C$utSr?(Xiw_H#)$&wfeDYiuXN z&AoQI>s{*Ymr*^x`FwtR4URW2Y9p;~yjG{~=zqPb*ErNvX_F?DJUulw@SU;A36{!@MP%lc)YCFj4kcXqey=fC#% z`uFvpySQr6diBAMW*MmcZAA5IQ29izE8jRoPh8axp{PMtsS#1Nr#APOEfv)!TY8Yg zyuwG7`RVMiGL*8eWFE;_J;$_8+Lqq@W!%qO0a}f$d`*qtbZWMkv418*s#y)n$CWyG z<~g|VvN6w9J&P7&H*lH-GMoM9&B~ZL4cB@eZqDZ1dWCJ-iKzduN~JkJgfCK(yHxSb zQY1(SKdZ2TZ<*sUJzcVTH3L?hCw>B=b#Wx~w>inwsivomfa|wss>A%Z^Bvq3`tAhl~0f~-j}oT z`H^PNWv540IJr?RjD1c4NRqeY*oNI`{X-kF_vatkXx)AoYllZx^ zpx99TTUgD9lhC4CFOz9~0kY-Q^^1rGtUMXF3Poj}N-yEtw`}kudsup<3+*t~Ex~w* z?<#5YBS}`vZ*|IuT6{ebU9LY1q^CZm9XVvx8pxf_+V_08q zbW^}WVbDppDSw+Qi+wfGgDtNf3kTxNHS%)v8dg-wWld{B?H0=a3hYv->n^xeg;}dG ztATlM%&S^5zuf@0rtX_Q!6AjK*tEM~-<({(LrIP{9xf?I%(u{%`MnXtzcyO9zwWR5 Q>;KaAZ|yZd>i~KH0MfgrTmS$7 literal 0 HcmV?d00001 diff --git a/released/assets/rancher-pushprox/rancher-pushprox-0.1.1.tgz b/released/assets/rancher-pushprox/rancher-pushprox-0.1.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..4e4581a087d7f12267bf73caab9e08d8d50cbbd5 GIT binary patch literal 5926 zcmV+>7uo0^iwFQv@!Vek1MOXTbKAy}&)@tMvsChIr3{c1b=a&Vue6e!xSkJ{q+~bc za#0nNd)KU>FMLw-2)`^Vt>LjC!L8&nkDZ$ z-`xJy?RF3L_89%%->2W*on84`U98tX*gxnUboaXZtlQh~_PgJ(y)QsZ?V5?)%Yc+1 ziQ|xafj1S6?V#Ccv}7E$4)gnOa%I*1Kbm-1?#{hwbZc_}KlXQb7w`XmzhCTsuMhiw z0P^w;>)sj#ORoRt`|rhZl6!fW#A485%=dCHO2#hy&Li%INoNuU0gnf)oo6%Nwwfr( z!8Sh6@^BRLV8GPf=610+cEnudeA?VG;}Q1+cW?kRhmqMv zx)U*AQ5etOx4bm`jb{RuIAGU3_?ViHUAO0UTLBk-7N$AfI_J4yvy^!(;Axc1r##MC zGGh6Jvs0Mx6eeUi>zsLU0L_j)4y%A}*h;rRlA;j03b(a@=zN~SZJ;I!ecFK5wM|y9 zbtn5@(|>ouqiHyflZ@Zi9INzyufK=-zqixh+uiB*SQmcm_3!onF0L(h3M#|1Sg<@{ za^Kmz36I%u7DfRmCIf}N^2Qt_d5c|4Lczo=O_L1NM1ZVBY#b#+HuZ9U0<9l0&{YuU zYYzSLiFF^e1qO)un1r1@Ofxy^d@Sw_5JC z@RNXd?nZ+@@2ctl*~#JYixYPm+}<3^^}n~%KiDbjfA65*-MQEQySTRMj;VFX&g4Dj zBNzk)5um1^Df;$n?dIM*oaA{b2AvLQ-()s){bbrv19o(yZSb95&V+HS$0f(=ZQxe5 zQ$=Dt_OICxtOU=wfcvnIfE8M;XEE$l6bbgay0E3h(n>`q&p7XlCr*k6ucIwrr#jR& z8cRRpUe4>Z(Q17UDD-_U@G}oHHc3SOK!E+r-zC`&ji7ZPf*qca9J+=~R5`xy8Zz}^zcaMw@b zQ8=Ducq?ImioBE)@_|va&=+h36EN=i6Ag)qMQ6!uJfVA%{8sB%f$jqs5#pZ2K9`+v z9+E3^C1LIjBhE%Z8TK6|QIx#He!}N5np?o74*NZs0qaU+l}Pd!dL$)ilVlbJ3~((Q za?A#u`6p8LV289PKV16lzA!`w>9wwKdGqDf;DH6Hj= zB!$0E6H=psh~CbD+l7C<8WmR{*$%PM(6VAy&HrC6E>6$cj5v?5To5VH1zaWgDsr&w z67PZEpIolNT3gGKX$tU&1ewHX($lo z65g14SDZ%S$gYH4cGT3DE0&8I1DrG}2HNP!<+9%>U2<;JkJ=t5vr{co!6G40aKP1mGf)Fm7~~7Myw+L>nNaLX%oGT}tEyjPO@V}u(8|G!sozfd6E(OrqI3yg(0=F} z#uyDbE>}f}up1whUXY677)lsULG$$}WCeg6quo{b}%nHPcUph$2M*UY@|@icznK8Njz?j5<~fUyo6uWW8M}*uf=@ zgKiWg_%_@`X9y_1GxgBGb&eB%hVGfXeoi4Jg^xh|lm7mb>N;?%f6XFX%d2aiW#BF4{%A|3TOg#Q;eeM~ zX|IPG?2bu+=Afkc7)!4Bh+P~0EYBv}FQI@X|VsXz^7h6;pXv<}6m5#+e+ zqB0{;EJeODVV+#^xZsOMHX0YfEj7KuIz$l;WX*ec`fNG78nDb7ObS9l_U8QjIivo7 zI{*W4|4J;M4mb8V%y5oF3o$CIQfxg&Izt2~vp8^Nf`~Fd@Oz5PfyH|$;@3$8PK7X4 zjKD0+kEC1X84env;3sLw(Xs$c#dX9S(VdsgWpaikU=GN@$LwU9=5ruV4?9D=Hk{iE z-xljwU#t2pU>WnN}nB(n@8P}ymwZvgh5hAMP03atZJrF*`XZ5;Z;r^?XiEzb#G zB$*r?|5jRnUy^~44xr>zrT4FmmnRXI(SjtFToCjuZWDca6zKW-jT%C_v<5U|V3#uP zmS-ZvQqEqKF-hSkOTb*mz{B~5qf1biyeq=p1Z|Eqs)3AC4djRUA9o*jOQhUvFC~G^ zTPep~XCsS&q@}Dtxyp!ZY~@3cXJZ<-3+7lnO{x<~ucZ(z5>^O7>-&o^9ndbJvY{SI zrKoG#52$J%!G3&{`umeqV4re4luN?h3w$pND9-eJ3`M_pS*vxq zG|+7x09jH0-S6)9tM%WV?(Tj4=Ps@-la7)bPZqQ)6sGcvg#-5c;fv=EG@D|THXxsY z4UV}VVV2|C%R(7UN-vapf-o4S3+CW+nXxdKYc$h`Q!wh<*J7kOOmeH7pc9q`BtT3t zrX*!<1Arn;dYt%IJVWAOl1=lmG8@K09EKc3c7M0G|Kv$;=gE_uuJ4aLxcXi1@t(hb zFyfDUono%7=RN0nZx0vtGRgS>p{ER-J)k_91v*H~WTd7cLXo5_9W27(ZC-HB!?GWvNXpKHe1##t$Si%8K_2zWV_ z*ioyuA)1sT3rb-CpW!KoXx?ho67P7j!Hd+ns668M7i03El9Jmq!l~JOz}oE=smVI2 zY*nOy1#P!XYZ$`(ZN?%7SXyCcuxWI?`~nWQtTg6;?Hu%<*h}Np#4U}YNE7AKk2TpT z;dhlWX_b@G0|tCi5yXJf5UrNlg+c8b#<)vM5pd_3U{C*sE0xSUq=WHp0pnV$wJj5S1>-5*9(vr%y!GxfE;I znQ0Qplweq{nxegwvQc1lRUeeiW-U0u#+p6a)Wt6mk%|PM6 z9FUzws#M)Um??1*GpEYFna@S4OF9Xp>a3i8fO{rGF<>7)$wso8D6`ixuYi@UYI;a* zidA}wp||bzXhdfFy#agu2InBqCDkV5U~SQw&&^rY!XU~ys9o-j2ke>-&N`}HulOEu z25c9M->!6S(}aGK&XF79+47mAaF~G%IK!Ek59v6qnz`rp@oa31%*+b!qR&J~FH<|G zBemB8MjCVA(8k4JDhWQUwQH(b!@kLs3zl(ac%}gDSfs7Fea`syw@$BS!OrQgn>LQV zYrpy0AncRUawNg*8JIGRP=M39hxSW89sxn9mOMrlhyqwO zt&45i%w+_uBX7tNtw0x@bguW1jj+#027wb|9JY)7vl$=&JW>ec{|x>iMT`0%O`_1B zKX_9%>3BcT;D(xnTu`HHo(-V^Uaubjs4DfO^8~mwXZ>XZe4XDQcpq9 zhCsPq)M*l&DB+kV4xo!#ndub{P_-Arax9Nz>y{If{8r%|4MDu8*9uF&Jfd8;8BQsdWYYUy7X-VId z`;+H4op@hPtXHRowAhB%jhFRUFH4fXU{gyaGS#7$hk_kQeg_M%ymw{lig#(4+pfl$ zsZ05;#WUM|D;%{ZmP0n7D!hVNNYH2i|I;uN`G0}K{Y7?B4Mhn$zuX+Sv*IL~1$3lV zG-X;Ti%wa-@;nmmyjA6`x0$Ly%9$F9xip4bBnhF_U}3Y|8yEBzX+d)X`AS%=)?YQX zd#eZ-1@ezsl5_jJ+6Dn)%EqFY$zhH&`Xh*c{Pv+b-M(G=jDjCQ{{1b) zwdE!%zID7H$gtI`vx{;A!e|ca`HyulrWa_}uBeo*3#mn^2A?yOaIc|ALC>aSdAn)A z3PT$7!>*9o%tG?vJ15d#F5~QivCF7;-S+j$PL(d*!V%EKxu!NZCT~@0!=9K*V-8~M zA3N7x)`6g?BhkO;T$!Wxn5t0PtZHf<>Ud)kD+t?A6UncB?C{+02oVval7egf>8AAB zlXAZ+K3~zzfhLVz<-zGyy?xKYW~C7pth;iH$Je%&N&}`;)KYyqPxLfPrUUCH#DXD@ z0+o%a-N!&_zyNCHGvF=7ytSE7i>uQNSd&Flr&#JEXlqd)W`RN1_4JZ8XQu9n4>Iug zxxFL`$6qEf#;7HKW4@$Vo%H}LR)y@A0#sTSg^@2%#zlS8w0*>mP7r1miS+1(+>Qo8 zx`C#cw5r|KE}t#*@bJ|a($x;U(tedEcbJ&i zw!^nRe6%Ei`;&yV&$*Y;i(ITSIyu91uAj=FvkJ04D#fl{8wHs(VBdZ?Iyt*|`}EoK zleaGqUz~iZHw4>;?f!N0`_g98)X|8CwK1*M#dqhgemy%n0WdHENm8OsGWjR2I2<7JIE5t*6GL)pJ>Y=J=4l^Ji)M z0o&c(UD|#j>E_ulNqL3s zM7X)vOn0?Qwf!op7dKzbZ?DGj+U`o8AFkwjy<1rck5;^H(QO}G(Kb)=J923V^NDs_)lGi-{5OGT&k3D*@P zn@uTA^>wO4YcNDtz0}z>yzYxgf7ffB`cL`IFPoQvR-FIZ>F@4T&wuUr5AN$fcX3ss z_40!q^)gWN+lZ>wpyG*KSH5wGp17(WLQ#XPQzN2kPi5{eTPmtdw(=l{d4-QE^V8X3 zWkO|L$vl#=evWCAv@N~)%ebGn0<;=g`I;KPX;rK=WB*QuRI?fsk1MtC%yV$zWn-SJ zdKN9lZs61lWH$TH>yB=b#Wx~w>inwsivoifbzEAkS+J%W7BIL|1U$6n?Di0!vFVo zc6t^6-#^&BfB*lTTn(9W`BVy}q%G%DdQZ%X;~(aMmi4WwdY#G_HL7xsjZc5b$6#)L z_+#<3w{Z4j@!;j7A3Bk{FgjmSu&S1;DzK#fCY<%pkTmpN`vghteK~8NAF20Tb$Vot zlN;s2*yj|0BzY^2ZP<-AKeQoxfBun;#x2>r)K~4dMxpQa0Nr1}^elvPX==&UDm+&_ zfL?}k(ttI;#BwvhR_(e9udP`2JzV?h*Ao2qcEY0+)XUA&&wCZnD*U&0F6ZT@0Rtx za(fX?*4iPvRat@gUcYZxHIofjwIWg?QR!5FY{+Wew1_I@r^ZDm@pENCv7!2ZVbvc_ zLW^p>Os4S#$d*^vFCrSS;$+-96cu?Yy@YSyvcZq+Vd0f7w8K=l1mhvTtE9<~Bv~cD zWhT%s^)a7|S6H^$!&<-M&Cw0hY;QM7ZmpwiV@YYfYGT^z{nI;d^;7SY`A)d-U;R}v z-vvPbLT{;n$aa$mJ;Wkq!|GUBm@3L~B+nEtk}x};Rn=32Zod7K_~6H z{B5r-_T@wmw!C^Q9EdYF$jdEiSW+pM)vXD&TPpu+uuGw?yWmzCX05}l8s@z*uPVv> zW&_-qy07~LhZL@4)9!+O3v&GqB{`aSxS|}f*g{+8_eKo=+Gyeay1(wP|4Y~Z0^$qT I!2o&y00TCvO#lD@ literal 0 HcmV?d00001 diff --git a/released/assets/rancher-pushprox/rancher-pushprox-0.1.2.tgz b/released/assets/rancher-pushprox/rancher-pushprox-0.1.2.tgz new file mode 100644 index 0000000000000000000000000000000000000000..b60ae4b37c855c690ea49976a69ad8f9ed88607d GIT binary patch literal 6095 zcmV;=7cl4_iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBxbKAD^X#VD>*ekaucBi5wzmjN9&K+MnJVd#I=1@Ar4NxAp)1e!u>If9J){v%%Jj7dtzHo$W#YS%0v-v)O+J{Re~Kh9?)2 z@Mryd_f;R<-{c`_$|RALrD7NWL`0H=O~QysnP5m+Z%X4B(;;*u&#~hbv6Q3AM93u_ zQ;dgT-?o=a$qYqCA{>J0pgUtJm5kGL(iL+dan@duV}e9rS2a-dQP6BaGWsiWL0LM4 zi$OrLtoYdv2Vp;mQAC_(QolMuDIm{)K#W|!3ZHELSPIul?>)A=OA&GB}AeKgP`o5&d3BIVyPrFrRfAl zOindVmaM3L8K#3TM8E`7Ovm{|(RP_TEog-Jk1#2*sG84mIZ$jlXAB7Q{ z^)k+8D5sctKoVl(e(T4 z>k!_K)tteUTp)-HBT5qBC?uzm))_wrYp_m33>~0i%JL)zmL_xHd8#@=8O3&>Y7+G) z1v6&}WC=;pRnonXC_%Km2UCv81hu0R9r=c zsU2I%VoB-4@u3!OrAV=(7;5n_?Dd?u>t0?K6LEdr)rG^$OQq#AK_a}q4#h=hKDRT4x zR~#sQ1SY4*zfggYpkf^=AwV+f7 z$SSCdI4Y@1964#3lIyQ>3M9rqa`in!KBGbysguUKO#g`H) zj;YflF^uMF;w6I_IY%J5oH9=Ti?J04#Z>5Sa)Flp_e^X19Aiu+C5gD*uwyC|vf$+8 z5Cld!r*aO_6r*#~6HWD7JUOSz8mHrVwfzIiwMd?;folRYRGy-m8^Y&sdUyiLv(V@| zN3F-~m>da2BvtG+W_cRxc2)TU$}Qcietx0}YQIBMktRU6pJ~NfmxB^CdG47(f}%2PqzrZ-W$TlPpS`XbQ!kcm@%QG`MmICN`Ywl(B&kV z4BA z1X|22(JpezSw5LsEmPAlR!R7Vk+V5e(}jw8*?-v&09KkcTdZZ?^n9on$|fS9xozU~x6Y?;?V>zAf8x{d{|oP|_j!s*hFpX)yWdj4690c|cW1Ze z|GyXvcAxzJ$9UG@*sjL9ZDY&eZ z1|<=-O2=l&GJNN1`K8+iQHNZ6@S&2+EIlM6OoV~nu7wV@-|qJU*Vn!?>AUrXLwW^& zt5INtXq=oN3!|*k%TQfU`&Z(6l&hi$3RQW0eK&7h$jMr?i zq66pD7r&JOXN?J1Z`2cI#b!4f8*P-^sA$S~RN7fw*3F-rd9R-JC%+fr_oBsB{66l$ zI!&V_kDHj)WY&Rjqm6{tX)4=B2UTLKF~`2K&K6Oa!Mf?T&ZmVf@V)33s4pkFNnljC zNsl{C`rBBU>$0IseVEkNG)qN^FMBGVoNeKqKOJhtO-@t8D*7E5SP{N4%S53m1k zu>WcfoapiqiSDv7w8Z|~?r-<2_TT26+|orT3SH;|`A7_vu?HWY=K?D= zwZ2wE>)u9JX>^k`Ua%zP5a0gwrgc5ld>2xdy5)-x$A@Zgot|Ar>v$vj*qNa0d@6*F zs@v_}W3K-XO=Fr)zUh>+1dnm7dUlh3!zcoPCc)ksW|5D6$4FW-Fb!5`NV^KR#)PS2 zgDC3y#Tbb#Q&vn&4TO75$|``|ck1c`F?`y)7>rO7H>e{PpI9b6(%=93;}RK0L%mT$ zFKB`jf74;ggnWnc3*+a-s-}AP_GrIa=;-Z1`GV)^p78fz>Ity!tTz_)=mI0 z7KZ5_s5y=#exD}uW5)Edx>+$OQE|bNeC8VK!gGNUNBR7|GS+PhSU&8+bDU*zen9zi z_d?GKkyG_TZ--(0vwdYHK}O{Ch~t=k)udBex9<>RZ}Z!Xq1+pxHW=dMBFpqB~sKjGI_4qYoTp}Mr$F6)8T3fi?xxnZq8BGuG z+VQUG*p1FM>7h+McOKSDH!K7Cf=R7}NZAUFeaK6Y>^Cw?ZmwPHx~5%P`u3x-imogB zor`<+>((&pb!?h!v#Qh+r@|PGg~9(51gn9lERZ@7bt<3jEkI)*FS zcG`6mh2G_@_OozrCe&=(z>;nwEH{ba`g*vqm?V=D-f~;Gc%ksBZM8;yThy;@J>bw^ z_wpOUYH`9RqU@;)-R}60IDP%y`p@rAPCvgr+NgZfOPJl9C$GO-KRSN@|9<=Y;rOsx z#QL{g631MXdVhRcEud|*uHy68O=HXr(2rfxp_DF=t_;-~p)>bdf>emqp#+__25Sgu z;SWDT%14$0KNr|d+{c?RyP)l=)w^o>W@JwtE?1%}&S}=Y&}Hrn-m;|)zhfO5)m1k3 z>)r+7J)WmMWBrR>xyuz&*0bDfW2$<(;+;XPS=a?MiTU)phcfC3k!X|35U%%UnCW8= z)q3YRUsA1mj_p+=vO=fbh;&u4N(&3dU3-P;h0mo%fLRvxSYOAJ|HRpB=)D9OQ%qvJ z8q;{M9Hk)$Nn|cU@^c!?bgZnI%_*MEt z((d>>mMR~$qHl_i+E<4`zu&JD*#kMKdRW?x{6*2YXil1wkE&ufrrZN@rmC3fXd$FK za7wYP>X-Gyrxt4YvSz8{2mKp~^q~<+Q!4itD({G8bB#mspnAI+E4N&M*UB%`@iX=c?R)-u!lBF(c}9i+hbWz0&2kllLEv_ust!ZhcJC*pjw}xd&Z2 z&k)9-Pnkid2_;;CP$H$P%-kuG7`iD8HoSfccyH59ZIH`*@yB|r@icI>yf5!hi9$m6 zzm@4T-Cx5${$Xe2Cqffr1!;harK*lD@|8*$v^H78+~O9`alTT6O(fj_C257TL2mmj zn=2M5N}CY*@9I6NhP{`kd&mENbLvxXl(kf9)PSq2<_M$djK#3My?tZ(g`hk1S;%W> z*MJxA+TpHOsh3{{_2S}-@l6^SZ_KX2`QB2jH!HT(T8jBqYP8x(RSs-5KVUf)BOgtf?&{m@4y}L?x9erkCP38yf7(R)TRp4n{}^7sYxLLh`2Ruu{Qu@)dvoh) z|K~BD7EjrnO42T==f@lU^vK~~jWE?^TOrj**uQ4*S7T6*9ANd}Nd42ps~QkLM08aP z8op6*RSP5!5red3+Wzd&s&6x@l>@8%mv@P*D&m){J^M%zR)hACsJlj3EokmO5mt5M z@2_yn(bKc&S=s)($Bj_S?7ywey8YMRc{>03IM2h_f3@(R;z0WYYKsR5|5>6sU_tbc zImmVQ;Gf0aK0xfx;>N3?KM*Wgow;Gdvc6qe+u^fQcc&PlmbxoP5ShAni63g#Toyfa zi{PJDyK<%2pX%1?eYOw{3`+uk{6e=6`^k#qYWEBJX`R&DZx+|+hCwrE)rI?eOoJkh3WC*AGCS*erK0$fpI$Ts$_`>1# z!+u(Ayyvru{bz-ry(8}ShTszWZ*yyVvu6KoZufVd?7zo&YT~zgsJR&iUOV)>z#J@Z z^$jD&k?G*jUR}PrBjYQG*(C?A{{(Tn;7s^Jx$CwN-7z06_v{vmlaTgGzSU#QZWFed z5l&`>ZSh$|Q&gz@s0)7z8rt`FHqvJ6u)MBPtB?3p3vO%D>cRL0x=j<=NB>FFI4%}M zTbD!^OwNNx*gu@I|4W=ySg7tRB)3G{uMpUrP$4nZw+pTw&AhTP-~+IdHLwgVPv*dF zpN9SqrBxM{Qs*ff5zrVB9xc~pf=F|DFM|sxZh)9XtTvur39llI4g;7qEn5GlR zNOVpnD2iLaMV@K717eCv0+WP|jEJV`AIfjQ?MAD z=!O5a5yJa4nFC98O$8EU$RVLAhCz66^7%wEj`}9!*^H&|>;4JEl#3voP}$S}8t{W~ z^k3f7|GF2`Nl*Rbeu|5v(RrSkkcr@jP<+XPAHoqi4}J*cO#RI`odiGp|6mP% zC7iNcz}tg2B2XIpcZ_5Z(iln46zA;sAiNL}i?R22Sov=7|M8o>gJ0f+v-siqSaSYz zbL+)so&WngPxrq(%Cpu?TM_KJI{_h@5-wpx1jfM9;`K*&m+GhWmYen66{N0^y{29i zX*UikX*b9%l5P}tx3Uxn{HHk4<8I0hgWzo{BuNqhAL|3V5m-G^(UTmpH<@-bCGdJq z^7ZOXZD@PRT>RXC&0HExQtz5+%JsJ5a{;N@f7F9C%Xi4_P0=+xgs=x6kBTe>@IFIM zB;&2aFm9Hg)PULI8}<9%_m6cNheR-EVa3Hg^@R!OpJVf{oY&E}NTR7rm{Jbf+_hU= zpc@9k2b1_91*+yGjnGt5{b;(e^C2!d1p3jQ>9az}YSny2GZj19cpv7gBFfzS zO_CcC<2QlkRML#PRp@n%Mpfa@KwDA!Rc3gRBgXgG`4s;j_lYUM^P z;)zE$IaZ3)6JnI9FpMlIRSN7WtrZvJwjh{h%<`K~@1RqM#G;Ig#;+MhQj2iCvY}5z z=~_lC8_K8>lv#@~bSHU^XO?iQ7hzN;W|}tv4f*X-;M1Qr;Jfhdy>}q!Lh# zQy(eq0A-d9{Ol?&ZAc}lN1wb|0_c?A6xptNJ+XI;a|pyJ^|XkCRlz6}&bNgTm!mGlxsd z^~YW|7YLy({;V~#OZ)Cs=d2{Kvl8key@?uMr&Al9f1F>9P$#1^c|dfoBuye_w!FLm zk^x7f!7V=ttI!RPomo+JrhgQ6h3eo;$86Q0sH`BXQg2eDRT@WQiXxZTJJ;k4G{iYZx^Cu4EBCcJ+4 zj^5skt`=Kn1ti^&r{(7E?78i}m4MvMlSsTHY(deN@wz*R`hofG5+sP7`Cepq}8zSE@$)H`?<;nRIhn z1ev@A z2b`Diu9m3m3eH~kU-m1Y+-)umfbCP+j9gnZk!3?hQr1klT8k@8;7G6WnBBTBG>Id^ zW9?^>NV%dvgb)NLh~<)886fZgi*jXS8+zu@IHKAEo@%rdD^7L>lu!u2^~&qh^YlDD VPtUh~{wDwc|Np9n1P}m#005c49|iyb literal 0 HcmV?d00001 diff --git a/released/assets/rancher-pushprox/rancher-pushprox-0.1.201.tgz b/released/assets/rancher-pushprox/rancher-pushprox-0.1.201.tgz new file mode 100755 index 0000000000000000000000000000000000000000..2dbb296395e685fa3b75ef6e8f37d0bab49bcf75 GIT binary patch literal 6104 zcmV;}7boZ+iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBxbK5qyc>m_7I6t}F*qw@!{7f|4{f)1kZZqp99^2`?olGW% z$Ri0gMX&(qL~Hwg_B(iy;6s-DsI#3h|41wnkAs8r1P*XGNuw$9ZkCH_#@UzN!IW?r z&dDtK=CPiBzu({8-q!#3`~CX={hhtNZwA}_&3=D(usP^|(;sYa?`?kr{YQh~mM0gI z@NfDL?yEkyzsN(BQz^n=0a$XL;SflcB{b3~4laGLHv5C%Yft|-4gS9*Nsi)C1;7&i z-|g>g*ZF^MbN8A5pW<1ALmZPlkzghs#*8;8ISkg|Y)S=C0R(>A|K+GVW_(7Z#2Cgj zK~>-oql9pTOTsA`B`82L7$Iat2#kTIlEIwi93;-Ngh&)&5R~218JQqNER}?&G@ZbR z$*Jbak`>i2!*uYO2$*1soM;$0o9VA(mL%-6s(#3#3*-v8U=5~HW@6auO{kpaqcCE# zUdGuB<}X&5k6Bn1uB81kTEXd>I%YN4c9w~rr+P( zgz#pp<_xCf5Q`HH|D7FJtlc+x_ zm^n)zOGt{YlJ12>5eiK^dhQh<%pj#`XG8U>!1_#+1X9FU6&ENy0uj)&qgORfF~LYO zZm5VQifk14syD`Cnog3rnzI9zj_D*fUxQ$hun|eDUX%%{zW|J)vUGcb6DlO1524cu zG@B?Qo@Fdm*wFJs1&mOUfK_%FTa>8*Z3IQ>A#{qri?%cZJg!h9oT0+MB^x*V5rT*~ z$uJJ=_hZK85H|O=Uim{qI7NO*BmBicV_LDGiK6X-qrAod(>P-^m4T=-yG)7xY_W+-#$k78_ zaiI7Cn4BX2Oa(%Migl=jG*1$R9aZc-Pc&6p{Am7QdJ=x9NK%EXG2@>JkAbAB^*?ge zK}iEsH4kr&RrSHkg1+px&@sYuHag^d6p7kH%5r+OH|m?Xkb zNQDvgv>Cae*~rqtB_;6l+1c@F09L?j_FRKQre$g|LIn)vXbLHaoQx>}`~SLXL8%Uq zRZtgkR8o~Va?&y-*I(rnNQ{5v>U)NKMujj^CyjNR1jY%O*nX^(vrS8;aHHSU+m-AB zQ>RB_7|qqhO9nG?fk1LOWt{#SV=E4dsnFfz0xkRRo7N6E#+XV<5^=X-$5bd}!RhG{ z2#j)0}^gpkk~)pNt`8!?2d8&l|AW|Wjx zZc2eE7IP*8vm(Pyisz)H0aUb}ZV`OFH-rx#RUg{uGHk;!V?s&udEv>F0@3uL%SkdB z!libry0+Y){I2W_lEy>$(5Y4K=nf;6%@sDpo7;PyQO=d7>?U-?37>aIxtNc%*JVK% zgj<7f5CmG@EKxIZ%2_^{T6I%XHC9{r7LqeQRMUm7dD(y24**u0K3lA10`lK(JYuk_qlBb^|#K)ukEWmKac-3{Qtr`>wTJHk|7tN%pSHBu*Co0 z+THHg{QtfF?%>(~e~M=fPV9yKOWKHN#+@vmGy0k znS#qoX;2bTt8`+PEW@|1mS4JU5Ov742OlbN%+ez=!bBM8?ONzi`|W-&aC753lfGMD zIHcF`N6w@!>J}n~aFLIYrzlaZ0+I7AN?Q2#6AXWZb!%qF&^fa*#97_~kSbrL0H}18 zfbp6QR&?N;`r@}T;H)tL>y3J%tk~>kW22378x>6%k4ig>%ewh2{^WNe{7xuW zarj-_fpwZjNgg+GsR^qC;YJ(LtkYDsjR&gaQ)7n%V~;JODT8OzZJjdhYmKKg9G#F_wSYe_Nn({-JyOrWsK$kI- zo&;M4q`M%iLTV4fRdxMnfyk|{5G_F7ccQCVtRlsp0(~{;d_1<}aPgQlh8D|YPvG7Q z;eWRNzs3HmIdG!OM#?TV`Z@XW&|27A^JDbn;-%~v88WD^}X;GEd%LdIU<*utH z4Y&5B{nPN`r3fkOT@Hc^s{F|VvzU3p5)5W2NlYYBZmZcmU0K8f7;e>7T2yLHkA!dy zDNSP~JhnBf<_U^n&;^pwe{z;*%8`DNv4lqR7ayyhym}wI#VuWgqR@pdk&nbs8GG>I zMJ}*XQ)_QEwC-Irmqs^9;{{7n4)N_@Z(G+>&37SXsav&pe{!S-*Xh}1w2n8T51k3h z&c{Losk+_n1Lpd_Xd2UW@>QptC3u2k)w7%QTSgH8Gzs?3FpGTjJ4VuyfoZThL)uli zGbT(G8$?mpHpXOZnX+PHY9KslQdR-vp;K2Mh~d-Te6ZLjK zoxcbG1Rl{e|FZado@EKnFqI^+lF={vOD?1?{=&Q^=>%;FMdCA>4xw*<0?f#lA?)t# zZ0!U9V_}%?k(%R3;&*8>KVeKStD6;r5*3#$$!D&yF1!#Jag;9}Dr4QIfaSw3yueu| z=ZBQPa4+<%5II#Z^mZ7=KigMU5@bY9k2#L%7fm{)t@{=+_BOxG7|Oj7YJ(w8Pmj!| zh}p@o+eAN~ogKIMs;zK4>{;6K1bz8u`PbLBPoAGY_ql`pfA5&E+wK3s)?j<5X8-s1 zcDA1F|EG8!$^IuV1?EeZc{EW zx=BXUqx*KeYdUtLvrT$vQ_sDJ_0kQ?fWBZ-D{|3tZv|4rreXH&%%6cy9??cEJ`aB*D7 zJwwNEMcYohj-t?;yVZUc?#+anZ5vq9ZG`3CFx=b>7Z#IbQo>vA1{W_BUbU^(sBeq< zwXFvn`m11mLs%_N_(YUFb)nlG{}HD@e!KqjyVJ8zZ;m%A-}HiJH|NQZ->x5@y!)Tu zKD|FVsur>SZI{F`SEb&aoK*{G8?CGO{Kuv-<_74;F6mH87f4rz>Wt8tdo4jKMCu5F zPFsUDgtYL7A0g!?ZExZJ1rqcGc=#wR|(Orw*4Z(G?do>t5W-0qH)ojG$$Wb#coWw2jWas zG1JjPNcZ5BVp-KM>qkv3)beG`QpXSaw-V`NBa)_69xPPe5zFQphvHH7b~RRRxdN}1 zU#7{sAf~?Th`b-y9wlHjWzacA!lNloCtet(R)*PJFHYEl3pOmykX@(IibB#5zP&nl zeRB5cr#DBhKfT@m<@HUo;04ZAxqrR>?bc#O)ae%Y8*O@}%WtRe-k%)2{_)%OF->Dj z+8X8_bmcrl7=u1#2Aw99a1BC`YGVOOEz&5az|r!) zygwxh3Eh8Jrq6VL1AqIQospjiO^g+!0VqVj z?$Bo;uc2K7Uc76EyI!SUei_t@i!a7EX<)oDy9Vd`OR?Up*ivgL=2xlFYA01Wu+;#m zuL+ld@CE^l8xO-j3*k=Y0J}uKd^z|h)liFNR1rn116LB&17WkF^KGEjh1crP9qd0Q z_KINsRv>Fs(FF2Nu0U;4?$>6EpU}kUJ)3TGB33qv%hMomXG^tfl-z9wYrQ~i-(y)1 zceRBpn@+0(?sklPG-bN0ud_R}0z%xbmpzgIRRjEa6X`GYtg`=Oc>TW7U(4hF2isfq z_^++Ko#*|Zr+8XCWpfxwyQH2UZ}ig>hkrGKR+nvsRO4d*GlRbxgL>ist4BxbpB`S- zfcP<@t6I?Tm4d5UAbE@!q$Sh#XNOjOol&hESmnRGPh?dQzhv#%CyKBdw1-69H^OQ` za}SBIsvCb_|Bj>QXYsSL{r7+yp_bWyTbp(JufM(5f42Xg;&~kVuNMAOoMV4PZSe@< zKTA{xEQtOw$GYwx{Ij^*M~MAd+;}zg2ZAN5Gq-G5*0(EbJA8KP?iEASQg`JDB2)K1 z@k7m;%c6(w5d70>SFRNMQ{7s9$QGi3VM*YRU+C^(KUr~j?O{Pbt&@89&Ek5!6}F0( z+3|lV;Z@kZj61i;Qdj2DmAT1eaj27bF1r%xWKXuX6mxQuGsz;B4B_m+gltH{Cn%3y zhl{ETUpU--*w3qt4}4a!|E%z{cf{S@5L{yaZEkIE*6hE{t)0DR`|l~9n)t0Aac+iz z*N#9hFbB(9eZz=xWI8ysSC_Bu0Qm}HcFFPUKSA6sI3d1J?z$~Rcg#o2J-dbCB&5BP zZ}k|nyM%3Kgp*leTYM7H6cs8z=)xa^hW7oPjkMW1EU&B7>LWhWg4>$3dN6*0Zqr2e z(SO=Bj*A7+)+Nyelk?~i_K&CR|07N+EL8Uul3SwfR|srQsF0ZI+XYvTW?tDC@BvuK z8d!#wXLI1LPecEQQ%q)bk}{5u)yES3-{0BVso(#-yZ3zl>q(w9I3`jeH@6g;d56za zOktGMB&O*EG7?>o35wztaFJ(P?tqwLlE5TkBO{_|I{5)OCPdOp)L{(Xdy>Y%8l*Te zce<`;`V=h2CVJujZG`YHP3FK-T~mPs8FENyieV5Qo_;!&jHABEcs64x{CaQ-G36o% zCsg+IzXtpu9Q~X3^uO-KbkbA*xS!%O?UfCUNOX~BCS)S`J`|s`;QMeyE`skvIa7Z# zPA9?l{~N5quY^;U3wU$*S_DdC|BjIiLK-9Knc|%N9)y=7Vlnpq3M=0Y{y%xWfB4Jm za27vaA4|@EZf@;u*7?7``F#J&lRRt9v=za=yAu$iDd7@EL|_aoEna_cSEznmZ@F3D z-8||F*=y=Wk#^&-l6HgKA?ZeOWh+a8z`u$UJ?^ILFbLkHLXspA@S#4iTY=Rh6+Ouj zdy{E5Qv$E&Bww%I)P}Z~%*D?Q*vzHDB=xSDrd)3;z7UX_{YO1WvwVl#-V|NKLkRou z;kd|B0Piy7L^9qw4C7|`Ne!4SzEQvL{oq8WaYzJn7FJx`Q(u^X{y8@P%6T1qizJ%5 zgem2q%@w=Fy}4l!yf=vtQlM&1(g;l@)sLnttxBlW*GRjY*~8dX6%R&x^LHBC{#sF{T(h zBHOqf9!;9MZ4C|Ks6kQQlJM?#XXElN^#&9d`3TLjT>;CIULF4Rh3Gcrgg%m@LBUw5 zN{pmduyF384$oIWt^F^dFXrDo428xA^NwVyDQ7>1?B4Zxx13+e93SX z$FN*_A(19VT)5N<+Bt^v=2^w_jUYJlui#H(CwG+Rqj@?mMII@H-dM4%C7lnqW)ErQ z&|7P4fVCyUAXsapp*XAXg*3@klxJo*&=pn#)~f(0kqZZEU36LAv*}bQFVZB~#6JoE z?>^Nv_3Om?kHIw@yAI$Q4$G`ca1F1&kXe=>TnE?CRS($zyVYO1zpTB$&ousH_;;_Tf0QJuAlls8 zdvy-i7E$KHZ<5@KD3|eOHAJdQ!BS>5l=k2$+1$To)Duzw*|p8W0v1^dIz04Bo<{{G=9l2 zl3Il8l?{C&O4l-C*-%E6pv+o?p*zWQJhy~fy$GW^5f!7QVh^Z+X}uYdOmiw5m-4k!su0Qs&xj+bQ@n@}>UD|iAI_D*UotID-=}px5I-T0+{Nwy;ggP0W$pfNu zC20~dv*o1&kPJ8)4Q}~KScPtQ?A(f~bN!>RD^v&PI%cZ|MP&t9m3o~Ttirxnp;;i(D?e12gEJTd zQ6yfTSs|%1%)ArT=QcA(#4?J)WE0Y9&WcDWvXyhIr{@ZTLk-nVX7!w&OEP0mM=!wcp8}*kMz;vY;<(;d1hG6v zw-A%$E90^VCb4q52tct}U#t)Bl4V&3*79Bv?xUK%x~Vno2Rxb9b#@rT1@#0!zEU;X zztNr-%A}jqDrjEGbXQ)UulfGNN83atuFtn-%5-B!xO2`cRuiF ze#h30QO7=eIpDm6ceO-i*Kq!_|FT~J<$iN%0BoPiX5`wUi7Xp3lCoyX)mmI(D%a__ z6pb4tay*=}dPhcUS<ZAS#F;`2LJ$Lp@81*%Tidrf727-xaG}U*P=O@b5ni14nv| z$L!X9rb!$T9&107M9LNYK7=4RMJ$)($^d~!Sd=Rp+t4$I#u3#X@KmFvSaGs5poBvB ewO3xBpXcZKd49g`^M3&V0RR6}LZXQPfB*p7I_Y2l literal 0 HcmV?d00001 diff --git a/released/assets/rancher-pushprox/rancher-pushprox-0.1.300.tgz b/released/assets/rancher-pushprox/rancher-pushprox-0.1.300.tgz new file mode 100755 index 0000000000000000000000000000000000000000..05c25b59ebbf103d2c6a572e02d5b6504ef7163d GIT binary patch literal 6318 zcmV;f7*XdRiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBxbK5rdX#eJ?I9F~rai*fA*l`j~yLWu;w9TxWcx<nsN52cQ7Sf zhI2AYzS`8&@AvzAySw`Te!pM;zrVNh;;X@Kf44t){(LZa`Bi_gyZiFRSJ2-W1WTS= zNW#DBe|BH>!TpCkBu$wllCo3`1AvG~lCVh_5h)W4DeFyX9Ai3!j^sIZT8l6-goLK~ zC-1AJEA=@-F6o$JJOul;y=USV=RndJ2pkfevGf#mDOW-Pnovxo2!jP+$$5rDAX%2sNKZg;>4UY??*|Vs{|)}X zBuS29qXJ+B|L^r*?AH1J<<9OS|3AdD1&25$c_P6~Jd7D{&}tZL!P%4wpaKZ|w*T`{ zcg*;VNQp6wX@aW2Aw~(|2$zIYGD=W@WH3U=h!7Y9O(lal%Q;A#WeJfe!XPNSr!z7^ zh*&BKO=&uT5tCERbtSW@UxuyViU^osikxT|IGgFOW0oZBN>x8((FJk^T(AXGDKjzb z^(ItK^HCVFSuf*khH{Fz=tgWd%Tp@nJ;%PiQNl(&L=uni<=)=j?qKir>%sHaub=m$ zXiNwpJALx%MYQ*FjIRd0vahY9LHB6zLJjO4lQ;xAhFmCk2t*0XV>Oyf8YBN!!<({L zA!L|N{>JU z^z7(WjZ;i8l8hTFVu>Of1-|Ny@tCHQWUl7yfTd$P$<5awm?UgO5~~+wg6b~-qlzru zp5TNE$>&4pbOOyLiil?!OBFWs{7?ZSR3u>48O9c6YCzjTQF;iS;_sp@jR21;)Cgy& z@Ndb+4S$3nB2F@l1N;4$aXEzNFLz%1Lqj-4en}(z*+64jv7m{f?SiAc#sJeeV>Fe4 zs5CKz002|P^zjgsoe%_e7KV*40N%i^rZk#XRjcD~HMJQNviwpEn+2e&58?IB-fP|B z+cD&+K&iNj3R63_lEsqJFDFM@xRoNsj$)|A!?4$L;;wsrT};I7ZC4i#udkIJ&jg9^ z_BIrkQ5Yq;kjTS?MI;$sUz>6Yu-jV=)Ttrs5yFhc+5%GIz^73qFAZ%NV*_JgxfC=; zTTJ%=S5xHZ0j@Yud<#rYkzY}Pkf356Dk062L}5o2`-LZ(DlL9Ae=t1>-&Q24!qu4Z zE5c(SscQYtTy;>=z*Nn{+hbLI@cd=i5BuT3G;6DCo;KpiL1^2s$oHv8%Mpc*03a85 zq|m2&7{Zt&!ca(s5%shgxuDs|(!nJq@YC7Z@o4~7z-#v0f;hA#M`9Sw)x=8%Gjf4Iayez3{tII(4vMMJ-Q)r-`|q394mie`N=g!O zw_(RrC}hFu=@AHwa!%zOqA5lfrYD-}w|II%mAy^J^J@EtlxvYZR|D4sW~e+xH8+IM z;q2%Xl<%O?b%9!s*)cg1h)Al~Ys~UA*6phDhm>2oSN;4z6V#rCrXr=I1t^Y{+9qje zK20N`ZN}+W&QWAcs}2p7Kq+ZD5k;4(lcLWHoL7EFH7o)%Xx&5&>7Wp!|fX} zgzH;V=zV6ClvZv^fhiVqCIhn~!%d3khNJ;hw4QDee7!e>55KEEw9#eQhGWKrlIHWm zS1ARe=|h*3WHN+H?KpL9xk33|*%>5_hw!0OtK88YMl72vY>2nZd!A9wm8R?_bi@gt zcSpIHkF;N9K^TNPgK!W8THdTsGjhsVKABo|Q&TloTlf}|Gd@()g|2zkf7K5F)|x(B ztYrfA#Hbg_I3l0~TH?gI?{IE@4&7)LOriVSHiPKzr;GEP%DhR!#l*SS{%n8uC2gDvTp$uRprksaV$rHtPc|b0sL^fl z{rx3!u6!<2%oJQzsseja>BKBWhwof1zjWIm>X7Son@}lXmL8E2CYC1b8uw7I*7&`^ z?XACr;4kJB%Mds4XU?Q9>Xx5|P~v+Xh@3}RQpeXHVfZ~fwa!%xoinRBoWCUisq#<@ zfJz4$7_V90MF(yvr}(Y7)0&X*v{6r#6`S2`Z@0;-MnzM`lTDq)W!?O_nfL11RfKOu z_>Bm~WiXf+iMfL0V?q*{o?KoUKCXJ!R zGT9Tj_d@u?*?&vy|C$3Yx_m^U`)mxZvj6+L{i^-{e6Y9If3*J};%V27V0251(zL5A zpn0a;SJ$NB)*iJj8(zH9hTP>KxS(k~gac!QpRfdj8A=ipNrnM{*&bh8*aH~8)m2)Q zYfYnsa04k#VA4^J|d&}jbT_v%WHdLO&ROv1)-?p<`4MmI_01xu0+@$Fxit?PnzDN>fYRjXf4j?~~fJ-dwB z@kaEaGeOz;y%0vKZnygxbN&Bl8q;+0MW>u4c!FcqvzzoKqX+<+1bb(gMLzliBWcON zG+3P>?KIpO6Q+s{ld0<+V?4G@Surs+5I$>C)&b;mr>;H_!>7H=f$}TeppIF5YMJy{ zfB*L%m&h<0>Ww;jNfVs-n@&?Eo$cf zA9mph&N4Yar2L6{p=X82sd}NeLoxozzOs@aBXWAoaZEpH(kZRpcZjhU{9wjV?u}6! z40C#VWH!ajPL|y!{ORoMxW#L2h1+4z(v~Oa%RkG%zO;Sv`24lc9qj*m#{@37{|7re zgXcB-zyI>ZWBl)fJR7qANtTJy{44gNH>rqQTyt-QcO!r ze==2UK~b^K-`(9i02eHX+_R<(>$Qb*=ujOUK~U{y;Rax+WkUl=x{a_5K!DrZ;lg5) zOiFmmkb~ld!mBn28})5bzqWO=Lx0iDZwRZ!37?3vr!I86<3Ho{`>&t=^#1hhXH&LBLJ_IMR61=9))3Od3w{`$k1Pd#F0h-pkIOK-pzW$@y>9tt_*fk- zSE4H}Xx6>dW$q2$s`V4UV;z6jRfhccy-UJ-JWqSZ#Sp#fCZ^?P8@Sig74HpV&5SRg zNzAA3dnlux5Q(izhM7J+Q>}M_^A**)7ua4kB5QQojYwA&tF*9S+_hJjUiw^W z1ej$}kM;GI_z#@ThTcnnF~uadOFoVF${QPkkVNJpG>&znC&k6}Zidh%(QK%EvjrzD zn$0ZRtI=Dmq2Hiee>`BR#81*6lJ@!Eu~a$26@62D)C&SI==b||BHNG`tcRt2)t?oO zi{_*``KT&(W6C`cXR3;sjut|?2d5Nkw|-eaG;g7jFKd?8!=S&ENH>j0no@bNP#bBcsVQ<_e^SY53Qv$QPNNltq#=BLeemYw?Bfq_kKTNIxBv5-+h#!>W%Kp*Ki>Sdw3rcfy2brQn_lVi z+v)pXP7dCD|Mk-`O=C;i8s;8!MQL*mcJ82*79cl-<3CGyp4&OfMzS}dcAC|V!5lBhlt zHhVs!4Ya!OS|7TD{Y_%8I5E-+WQ{7CK;Fp}s7=cK+HCO?ni#!j(``<~+D37CJS|SFIgF;gMbE`Hs^fvfzZ&7ItF}U_5wicD z!C#F*J#c{4#*zA$hgUTq-b8d&3mU#qa8(N=n}|VLF>QZ!Xw{b))!Kno{>%GBRu%C} z*3^8U2&+MRNYs5JtQIu)IT2QMyX+xuv3h*&`>bvMea4MotL(qsm-YDn{)_(L(f)gg zXEXL+E&Qjr$6$lnVgunnD^v$8i2gALyzU?Tv$)$0#QrR9yc+rg!HR{GC3}hOJBb^P zBC-UqGKQ$7+(SnY84y;+4>gOe0Q3&QKdr{=TCqRXt<}%jLNqX}2>kI2-979lE6&P& zUeHhL1m1nKxL$9Kt>RVA!he*6ER1W$o$qC-EA!~eT$i&r)X6&rUWs(F2WeZ1IpNHi zWD!e-aCTrqHYDK_l*g{aMO8(sm|A<-|IMq7>)3x*F4;Q*?`{aLu>YR#?AGJIpYQBF z#(zJ^Q5hH(AeS zEQMbWP9dgT1mT3rp8nT>AB3ZS@t*$Iy_imV>L2%0T&BIUp%IBL^2|gt1kXZol?Bhj z5xEGSg>t6;W}HrfXa5sy!LNi6zl3{SkzhB4RQ2{u5Td z8~lIrX8-W#H{mSaTpugWe?H%N`Ml2m{hi1AUmoPyY9=NL_T8P35KRe}Fd_nDU}^FC zgS$fa_opqH72M6Uu8>VrAd18)hn2)Ca^qGwX1ph%h2N9N4E@v0AZwY~*iN3}i0a1xfmn&&8^_`GPF zDl(fA9%G8JBeLz~@MzN1ZEI)pY&O_hJ-@Faq4AH*@-(6X6FQ`|) z&)teq?&AA=h>b{)VC9F}>r;0E4&BC{+(xCw5cs~)ibcdNg2f%Aft z&f#Xwq$xL+FEop)Haz#ywc_WCDS6Oti&Qc`m;^G!xVe_P42_=Ki#)%x#|{5J{Lbs? z?f#7E$KHcakhcl*@Ru9-`V;+|G47N{tF2n@|%bd`oRSN7YtrZvJwjh{h%<`K~@1ax2 z#G(vY#!neWQj2iCvY`(v=~_lC8_K8>lv#@~bSHU^=az7*7hzN;W|}tv4f* zX-;M1Qr;Jfhdy>}q!Lh#Qy(eq0A-d9{Omd|ZA>MpPCiPgXrw{t+O#Z@n<<_A$#kpv zFi#{^{9T%0Hcf(1$V^#WNfIJ_HLMdmDXK_lB(+Pa-Nzd^f4#H!x;_rO4ywlD?p!wW z<0Msa8L!R5p>TQL%;D2=5we%f2SR9zKWokG)4s9PIWGz9yo9<)Z==T7>C{H&pR`va z)aeFI9vGb~OOuG1EiWB}WWdpAaLZ4^Ds;nR=T=mm>mP+(p*lF%F}q z6_Uq5VPUtFdFOO7I$p>L$|XVB%DL5pZH2+1hH59XdW6m;8L|hL7hv}<0n(muTLfcq zlI{zFSRQd(h)ME=aaqK9SUFw9hS;n>)`xe=(yRk(d9R4XQB7ap)|&RimrUzAJCNam zdV(iksT%FyXwM5W(#>fVG_T~XD6i4ieE;Eh+e9U<&$njEbaO_ydzwiLmg?$7)g~$R zWW_LdKJaLM$JUKe$F95_fL_AGTB5oeIDgfD)vthZzqvF3wohd<4sFpymJJz6Su^Eo zEv_+@PwBW6joT%1Je;z6M@DN|i&p2LDu^I>c1E+Io+ZU>iVqD_G&$`%#cDSfIKMIc z`**{@kzV65yLDGIi6g>e?PromxuVZP2!d0@a!IZX5ZJ(?T-n&Ro;fs*sP=%T8ZE_& klbr!26v8jP^7{BZK9A4i^JSm^4FCZD|2ZxiB>;i|0D_88tN;K2 literal 0 HcmV?d00001 diff --git a/released/assets/rancher-sachet/rancher-sachet-1.0.100.tgz b/released/assets/rancher-sachet/rancher-sachet-1.0.100.tgz new file mode 100755 index 0000000000000000000000000000000000000000..0bb35071cd6b3588bdbb340d8bf7b32f6166a4de GIT binary patch literal 3512 zcmV;p4M*}HiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI{}bK5wQ&oe(oFLPU&*^{6 zku3>h5WoPSY^~$_>{kFtiKHY;iM>u{MtF!NpaC?1?jO1vtti5?DXK`5Y>K9LHYLi$ zb5gJ;4_A^TNsbQ>-QOfhx_^_S!{kZ-FgZ;6gF(N4@+7fePM$#WfIMt0r8Y!8N$x#Y zcX7XyLO2(O7%I3<1AvSe!o(!bh%pRfDtZ|zL&p^J6e?L+OE#r>jy#3Xs1n1qBtoaa zC@-(qwkl*uG)9~hxR|OE%YaDwGb&95PhmC)h?I-3Nj!)Tf*f_Gs5GwX6#ffY0hyI$ z7z+g#ZWI_1jX4MoW{OZsZ4{CMrp8E}_IeX)rsXKkMA0iyYcjzRRe7)CU@co_E-?in zC8L?!!(djk)sK_7pCrN8KHqJnqyIC)O4JVw09*8baCmsw)&GP3V6Xp=QJ%tU9Fvk6 z@JH|T#S23mJcXa8R0GvO;P0pJevHOK6~q|KVN4lXg4dWaq7Y_8Q8Hqv!3Y>3NTRK> zQEmjxMXA7GAsI2K;~19u&CJifD@{Xnx_z2G_mTZCCTvp43(le zx_YOTjT+B)7>rBCI!$2^WP*?B?tT5qe7lxx*O>9 zMof%)1Bia8dVDYBuVO;bHP6dVN$SnPF?wf5~Zx@0*z`$Gq+ri)n}}1TT;q4Oi4mfl;ehmDE+NyaZilQ#<`T%IRe}!WiC;t#(2#;EM3pN*dit?pJFZ zb7R4nxT1XGMrV{;5|aN~YS&)a2{>j}fYkh@Tff3WxYZ+MrDAg!DdP5KY*4|oRo#T_N*_EVP=H#f@lOoRZFIoRx%z_ zPR-mke{GEZXO_e;)K&Ahi3k=D!p!jkd>pco6Y^T_vX(~HtPS! zDKd#l$41`Q71*NxhlArmNB@rx_x}Iml$)E#8ZDF~gx&!ESlKWiRb_&Q5Z&GemXMAi z{@Hto-h{9H_qC?`qMKBdn=yoc)xGeG2C#-!_j7P_(|Zy8LU}H(bd67NMHvH<=L@*_ObX$-xTqMg)k50wto0JU`K=@@ z>~76kHgsk4v<_5bF++7G3TfTA@ZbA!|1e5Ih|h>5Bg&|usN=ttBdkI$@ekBgAKf@3 zG$gjxq~d7ZyH=#fvBfkx$~%cR9`UI)H{Cr`g@~5UVC8EH@8;#`@0_A!hDJ-G93>NT zZyZw&nJ7k-V_w*YX4xJo(72+=gsOZmikCC}sF?YJcb*1WI^Uim}5jv9{wBj-ou-rcgySKMye*E(ph7Vf$c zg?h_2w(qjtRxhg0|KeCrU+sRLOCA@S;0I|*=VC4G+Pk=mn(VDYc=T5tc1H8_?lk5a zEnn66Gf@BjKr0ihkB656lv!=@@_^lMC3nQze6oiur=Fw>G z2ddBM!UsauYI^MoZ`<(hBBQk&_(1uZJ@UF0ujku294<1}-$^ zSfH(=15g_;hNuY|@9P&tLN4qjFAU%{)h31opwO|a{*DQ8SxN|J{Sd-4Cur}84B@+V zm{HkaF+5*wU*6gA^XDE}8V`m2;F9t@g~bd(frjM7khJ-vuo0~mGvD4;^lM2QOn6F< zqibo|;)3`DobnvGfkWS`^AZaX*0L5okiw_P^|dGGg37fWQmtk2^x*k#zeU`D5q~EIYpwLSrfdNE zT{A4+GHSxc4F*3KV7~-5tzTF@W-^))-@8VU=G&*AqBdbYz!t=0(;qj_x@y(008Ong z)qstCT8nG#N6;Fp+StDV*}h*=chK|Box5udiy`Y>w59Vn));YZBCf@>l!b!I^gy;U1>ICvSz|zBe7$p%QEYu-BSu>8e7%euBkDy z)zH}8VKeKZS)>w1WP+ve)7h}m#^?+=YCTk9gzfq4JU{sCn$}3fOjGDZJ=?Y0=BDp3 zsF39J3+J$X=etZY6Ra%ooz;+)Z7Xc;&<}|wtMh+4!}`tjCVJ$DYf!8x(lQ67b#BeX zmK8}|_Sr0>E1I)B_=-1G%R=fReR(3aFm!%S`cOu6Wl9Q8@Ka3~2 z(f^ZLK2#d;w)kH^S;_x7PWJxaqm-uq=R-ohS$~9v)NbH#X-|0&`x0+3l3L!=!;^~6 zD8mWnDU1ozR?`V%;%ZnoywMq9#Qy}KrkDzC&e2>6b=j_bJ3MPw4Bx(9RxA@veb}jF zn8LGnr8XZLiKow;NBN_5GFo(w=9JG}dnqMDmlVZZYN}p8-2pRsJjeb$D@=c{;LtmVp5u^Q1l-TNaM@z{o{0f8+;H9?{NV? zp@XRih@?%-wN?I(s~!`)uj8_KmK3|LrRhmEhRG|Eo%%nb zJg0neUl`b?|Hp%_{+}Eq`~2@mDPN%f|KX+LTZaL`@B@x5b2SXyvBChL0dSwU9$k)p z#mrQgWRS$hiE8D=tDBV_o>xCD4)0(Rp!pNzHT>0$8y+zA+86sBasc))`sXek z{Ew%|3OeCJ;ls_bHU4wZ#s9;>ak9t%$0$!>NQ^<{fA{83-sk>~O3JLC2a;r$WP*C} z|AFXII#2~YMaE#l#K`ATQ9gMI3K=nUhVF^HQBQatJOz#upG^FnR5+&BnEOZTzdVoO zJ!f+e-1W39fkgMSJ&c3+^~J{vBNPTtq565q&u15qQ>BA=LQT*8>)8+D(LYqr{aaT| zCq4U5{Z-F+Z#mG2WS6CM3D7!t5$h`%yog8SGI$Z2!hRNtPJ$Qz7d(ZZiK3#^@b>i^ z9mG-z>-YsR&5`sxxe~ty@l0nT$KLM&S3COeHeq1}+66sA{I@?iUWxx6?DPL0r99OC mN@I}WM3KUY%Dc zVQyr3R8em|NM&qo0PH(|Z`(Ms{ac@6p4$c5pqA}4Keh(m1G0(H&1;kToNV{Hi$y?7 zW0?&_swCyao8~_IfutnMvize-klQ_kev$MV1c?Ru=V_|tql_v68 z``)ywllz-A!nx2yQ^8f&0| zybe%mI-(eMA?vM&<0M9vkN~?tm8PPprb=U64=j-(QP?zt3cR@%dnBQsP%0{T7bYE# zBuVkJ<8Qb9wilubBu%vKJAkh#4KBf`f`r7hYKiInlNT%1gSDzdW=9AYf|16 z93jM5_#VLdm@1$OxX_SD5vGA1^ED;R&fkXtj!=RYFxEOz-B#=B>dOCO>1C{&xxq+C z2vHNtl<(Ega56uicE`Kh`d96LLRgCGVI9C4`|s@R?^o@Acf0*$|BulUDJC>T*#)PD zULd%}YuzV$+=WKN<08Z}WEf~6yKr;sB_cfFnjVZslv6$ZK!(U>0KflH1vp0;F9I2@ z{y0G?X^582C}nJ+(~FoG5|();&ComnILB~=Ba$*bz=$d>r*;59nD;7?$^ez+8Gyzl z!hXtFUoaX>yKp=@6}m4`A=l;iXBbG-$}$N+WH5F#NgVF&bYa^u@aAp%I{%R*!QKu- z_cJ4ZT9umT#A|R#OoXCZ7?v~hYt8w9=FGQv0GdRF*8+GBDk1z#3rQk8pC$;_Vj&^Ue`V+DK^0RM9K2;Qm!6%W#IGqTo&5p`lC%q*wsFmg z@k2@@*PjGSV?1Pp#$B+0$jOiyw?86Gp%a`V*M;48)GK}-GNRO}^>cO&Nf4k?C&FmK z07>|(q#92MpLzgpf{v4zTwfTOnN{93R_FamlS|6Y+pj6gXW$WoFENTi9y9*SUp8Mcg~8HhYI zk4r_foau~ZC$@ZBG5c!ak(&?`9gKU|iA1IHXg+^;iPJ6&Q4@cDS}<0vt<_`b10e>0(C-|Ct4bitwKJxxjAhp z_*^zlb_=p8iD46UTcNTR=^d7N-2yk^3TZUf-O@BD*Rx4DqeLFyY}Svb*ei5zPQ^A5 zbR`CECp zq7_=_Jt0h)iK>KA4UN~06)4JbGLFhRVvC?=XPIoguhevEkq9QD>H9h9lzLYy#wu-C z=a28A4hyz2QwalEf||*HiLR{DmJRgfJ2YkkovG8BJLt{EnzKfCmS|6H_r@9o#b()Q zw^!)Y{o?->`QI3s$?or+{;fU#+u!R{^1r>kr}O{EX=R7xj@2%*c=$qQ2Wt%*_*R06 zEc(le0JR5l#jr$Du1C=LLA4rpLV!$R@uM;0$5=r1*)tif*SkA8ucCozH;+2_Dk zx4eZ6H9veeuru^UzTk>trv_1x7?h4G;Tvd~@&NYU*hdM4}N$ zL1UCMHl39UfFz0K-1mM(huy+!L&MBM!4LzIDg-5Bg!e`G>*hP6$U+4~A}|_LjUi|O zdQ26(98Rq)j!w@EEaefX1cO(;cRYfutm2Raf@?y#a$<9RRKpcz42B4)GJGl^midg^ zrJ~KxcWbq&diYzwECtv|g z-h11qI(Jvwa;ZtdmkVM+i_auxYe2t&Nq4x0A1k4+omRG>re$s#|m9VGAjwQYpzeed&1M3*>itUCqBksp5i@WG zR*wH4zw`#5FMc{W>s|B@&VR1MZru0GKuaZmxV11b6g@5gALpd_79X($(8LUK7=A6tOO|K}W8DCo< z+nXU+byT}J<{k^^7OzxVE3Md)t*!17gr8l1C@)_9ZHdy_2ByQ^gm8D@9ED~w3Fg)% zhsQY4(X&kOK9|zF;Isy;d@HehkwRz@2-b!3!+u`7 zBr-x>zP(sI23aMgX0z!%&+o?5IAItg*UBCx|7LGp!a@JohjRfcO$@uBu1Jzl9)U=; zh0C-Dh9tN|9=?Vvdx{Js*ElPUFvI6pcan9==`MfXX*a1Lcu0kKkkxja`NgHyQboG7 zs%r;)-*SJa__GZ?5X=$zi=O~4Uhpkes<~uFO_NW0^SR=W-hyovy;Un*iZ_x;Fpqb) zU57X8t>WE$Sr`0&b^rIr$YN@5%skj0vo8MMeY0Er{$uB9|9_nJ9Qs6?9Ylc^;1(XP z#>ioqQWhF-osi&?M5ui4x%L)z(o&(3o zeM$8)kvO8)7{V3RWB8v}K78bC3WD2_h9#3O1EU;$&p$f5Fj+f#&*4zSvEcCO@C-sK zmFGuPx9nfXzUL4Blr8%=?-)ld^C$nQCcHI6WOk!8fe~e>ye(f{CEk`lB$wWnuVeEp zB#peSe|gX06OmM;3XYF@$}@)b1q1E*G(^&J;8J|?{D}%gh^@cF*8x@gAM_56PI`VE zJ|K;?`G2RH|G(LL%KsmyrW?kjyn=T#ack&OgMQU8xueS^6x~hhG%hx&1!>!RH?@SACrM3PKU2CiHc* zw15yb%9wJ@372^>v$jIun6WSwX_*iELiv9OU-8tQ+Ee@QYX1%Z0RR7H&sPNiLI41; C3twsg literal 0 HcmV?d00001 diff --git a/released/assets/rancher-tracing/rancher-tracing-1.20.002.tgz b/released/assets/rancher-tracing/rancher-tracing-1.20.002.tgz new file mode 100755 index 0000000000000000000000000000000000000000..dbf8472965fe416daa8dca5c2776d003aa36191e GIT binary patch literal 3273 zcmV;)3^wy0iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH(|Z`(Ms{ac@6p4$c5pqA}4Keh(m1G0(H&1;kToNV{Hi$y?7 zW0?&_swCyao8~_IfutnMvize-ki9*GeQPUh#+-uCXc{#E;*5SF5PSO>7i{yV#!cGdoOc6Xob|1nx3#e{|^yWrH& z3k27At@}ieyU=KOT!eUr37jAC7M1%)i(}U57a;m2v$Pn2K;P*eO0Ou&)7*VC=)D8d$^Ij!V8KAN}1JIa6 z*iRYj3r2%!7mi1#LiZ&qVku}yyjxGQA zRO&<+br>KCf0b0@3E@)@z)jF`5|ir-BQvwyyT<&yKWTDFxq16FMLF#Ysk`uYr_=Ei z$_WjuCY3iorzXzX8t>e+@UNX zQ8WXQhvspqXqGdbvFyZ_Z!2bBEgW$ZVxog_?>dpFR36Re?=ErLg&}I<&o8Ul-3l-O zk)R}Y!#d`rZWj{H@EQIk;Ss`%OPs!j7Zbvu`@i6Sas9$HYG7^qHZfx)*`*bGOt_UCR`zn#=2XY2IYD-31^hZ1DwtJ@f3T7 z?#-##27<1{z>OT1j-aGnt3v5zKnvltWvK$xEicDL)UtWr+Y48SY~YA1*1J|p^#XVZ zhh8DH&ZjT8xec{qt-~*wAmt%mzlIl7V_devO%}BYY%c%W+_a1}7>fQ1msP;zUA0c% zfjEns2UxU1>%1p~DKk-(Fsh;Py0HR9Sx&}LSx0OU)a)#ijrWzBPAw9_L^ORrC!JF7 zYQ|m{7 z1K&z8kwt%55uo-!t{9d`%Jm2uKd4sYP6&`GEPga*{1^+UK6@sk^?KI{;h{aK=OjiD zBl{fK>Xx^Vq2`D026l$N$QN8u?9?DC5`)rFC42)dQy#$H8~aG(vvf3~*U)G#^6L0I zlt?rJDQJvR#-_7U0gxoIocrFd=&)OOZD^QTC>UZuQiY&IjPSk)f8BgX6j`W%NCZY> zsxbsDK#!?{m&2)*#nI`Rfu%eGm0IJe?Z4UCd-DH}(aM!lk|e4% z>3Elvhg~=-*58X!laOfAEl$X9Zf0rIqJ?MaQK_JNb2G2dw%bA3cr%OSNRl|%JeI^M47vS2^_Ctx0b*$uOk_|7(rwE}-!Rfkb zZ9KKL)63}17xi6JG{k^N-`3WBDq56(!9aJRVXHEY0x*#xMm@&V9;K*2k_1cj|2m+= zRzez`o$bB1jjD5ZB`uel6nwcL7PRCrcusivQA^O z^5!fyx5ck6Gz=HnYOV-@j7pbQFk^I9%7fe6?&5n*BDlS6RH>HhkflLcNK^rt&nb{k zs;M#^0e-Dgt`-N25@01GcEb7T;OJd%aMA1k+&k$F4n8cVT8nBj8-3P4IK4PK|2Q~! z*Sk3X-0#&6&lp%v{pfhmJ3Rk5_Uccqofyte4*q#@J~%k+oz;$BR3=yO z^k=osifZNf|M5$2@cH7WgR|a6|KR-RI_$=M&kVFw@`u~ovPLexu_4RtEwt+0nFXoJ zkI@NoRH`q<5a(0&vDV2u)bpJHiM@T$s`k2it8p@=Hxfxm9~%8V?P_96;3p#Gx^hO5 zFOpH<3jNrCyL%Uzc2<2|KH;J!U+-xPfR#>m237di&Nh@I)7sJVMU%lwBxTOY+|l%k zQkwC#1+u*vf>lSgi(~GwfNt?hrM1$EE!o=Y?mqb0t%vgB)nAe*t!-dB+yw}C2hLGw zCX--pU2=Gg6Fohm?vBY_&WD!A|H&kHple|3?tktrod4|Z?>?RXJW9KxLc0{9Uk6sb ze7TrBENJ#arwT=ozi_K)aaXOvI7+jNM;WH&Pf8vEbg-`!t0|9$gh|Buot#_H@k%Q|aJH@|+osl_g2qU&xIiBC87Tk5g5~+Mf<^^QMdZ`Py!mEBMhv#!Cy$eojz{-~q%NHqx7J*=0 zI6v&?wM!x+)a6Ty)nkxVQffAv-t+u!JdG2EF>KgW(QHA z1-ONWt1)sIrj&)oTPGyABoQj#d+t7Q%KWtEh;_(UWXse=KpVYpYs35X?aNJc?U3Xx{#IoheTlrg4@U~i~CC74!JKT=RS@U z_H#<#ISGfv-W4E>i7S|j)ZRgmX5S|~gjjH@g@lkQE$J}T7(z?~DYBSI`JVTGu(fq6 zGAw H073u&&3kJ_ literal 0 HcmV?d00001 diff --git a/released/assets/rancher-tracing/rancher-tracing-1.20.100.tgz b/released/assets/rancher-tracing/rancher-tracing-1.20.100.tgz new file mode 100755 index 0000000000000000000000000000000000000000..4e03203f1d80a0f3af573aa532230003a69c52e7 GIT binary patch literal 3691 zcmV-x4wUg9iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH;Na@#nP`OT;3Q?j))u85Kxf6S=ru1aI8GQM#fo#e@0c5BN8 zku3>h5MTgMw#M;2`xO9^A}Q)4j@Pr3GJe<+*ywIFx*OeSP?GRqhO((82`HboPG&@E ze?cPl;?Y{W-EJQp9N7QucDwq&ecai9(K%=zv^)FzozC%#cIROKP5TA3ACHCgEm4}t z7wxa6Rh`_Qq!G@ACYlPax*kA4G+|=u2SjUzJ{7GQ4MXHzXlR*WqZUM{E-=cI+rraS zugv2BrKS^#VHeWgdN@uZR51y#3sh+;nrfjmM)klF84`s}GbqQKX|YFQ`T?b)f_Guw z@kku!UpxMO+i!azszB0M+rA!rN@#EmMin&tH^C`NxOBLHa-|7lRz{F0)1_w!gs~>& zO~DaDjD+t2T+XNhs(=d(u@qqv*fF0H!tDHg7~%vaXaO^=W7Tc7Zfe9bu%}Z z2niu-LYeZt`Wenk^XatP-ow_vYX5V>5>$`t0JhkF=kVaDYX1kv2haBZ6fKrwPD7Mk zaBAoUf@{3h1EObLXf!-7LL4E(KnvN0yL&GdVUKItn@lLDdT~z1$d&;A_-7U15@oas zWVHJI9HpcoS~`=2v6W75%EXwk)H7*@<`aN(45v6D3DZNIQl;g>4gd(VUL_J4pt3vz z(1=WNkT5n7j0TG?oJ}r-9!ONkb@BNK1BqH$CIN^HW{xI_!lQ#O>^lbD{Mf$DzQl2G zbimMkP03$Wr3N6!Bygx=756zAGvg5_gemkqCw%i*Vk{KZ!b~VN&Q?UF6cWQ`$yGF$ zF31DWWSToSfR~_R!be(2GR4b9j9?8L0>WX8(1YXskGDH&oO;U~T2w!*rZi0@Jh}>QonHgm`G{))uPUCCJ z&C^c_%EdrP-Gv_yIvr1;oYTPSS#fK0OXys&@!d^3&WPPg5+a z&e72iM-TMPPtmIWUt<(AqEWT3NNT{oj=yd%*y8^WkK5Jw@96mW=-K~2MZ3Fe?LoHE z(98pq>tu|Qqef*Sl28Py6$l<+tnG&hohH)SMvEv#r@R@9uxa*+7VNd|@4dUbrtyW8 zBQ#8Rwi`6y-da+jYw0|w#PBqclut*&48w#`K0TXqk$3lRF-UC8X2%#Jlm{#cD^!MS zkTt+}^Z{aNVzI{}I9P`*rDz5s56#E5qFK*$%CZw%wyl_bHFvd5h=>km{o7cgQdu;g zJ-fz57sjZGUtU(TyX9a2B1TE|FgX!K}Wwd6? z&Ou5jniT?dLMRh03`kcYn_Fp4I|@FNjg#GqYzku7Mcp>2tVQ~OW!|>HO}Ifio#}32 z8kFnhB%Dzq4{$l_r&H_=x>r)M9Ryv8fg2etoj^gmHigpbfL6k3%TfiXTU?HvsHOA# zYA;+NvV$Y8SnpOT)eGP;9D0S&HlM!U=62MItq#9nf|Q4N`x;(RjZx7GcUjaXuu}fD zyJ;C~Fckd_E-Q!0x@w)i1928t23WO1>%8ZLDKk+OGpeESy0HO8QBKBDSx0OU)a)$t zo%fZRPAy`=#B}jXNjinz&5E%}8@Bo5hp5Aftt?f-Ko+2u@?WDXo3v#Iefa{7*+FOO zwB`YNv$N)G(VaEgQ`^0>20^}AcG~R?I`wt&|Azc;hRmexU!DGKJ^wpC>QwW;qv!Mg zr)fopc8~9d&i8T64ivYC;a`~`WQm!Y^_={>a9)tjy!u(5P$&ays z>Sxbnv|j%Mk%6Ur3M$6nd*3^oKw4IDNCLq% zp?HD{+Pt#t7qh@^t6JbQ zmxROO51p9Y;GEY|?-w(;w36muRHK5;(ftxVTlcwQ|LgsKh%pn32>Dl+gSVak?H{%) z{{Q&R!SS>Ie~MPDl#)1Bt$D}0rabJzX}k|S~KV6$*Gtxjbz(F`TkwlGjcIC5w9%N*8ruM#x?#?={GsubYb(DuB* z$Tn6oGf9URZVbaGFhjwX?b%Qo7?hM7aE3(bTv1GKt`ntE0{96EY`vOeRuV_CR4b- zZ&axk>yU*(X-HH7Dd!Z(=hal1P5?huDObyXd6BP@5j)}h)H{9KA71qbKlk7DhrRRF zRBKgDmZL|5-o@4E^8K*)wtsc`anP?Fo-(kW`svxQe{%VL`0?sP@BG(#BrS)fWvp!{ zRKN5;ZbWpAi^jH7fDHM``}1>)_Ui9vgI~@ru719}99#|F4=-y;{CLpm)baSP|ITps zuJ^xJm&4vke^fhqRhe8#(_dCIE2@>@|DRv`!;e=#^+x@xLGSYCI_$=MFAcO%@`wBT zqDHPhu_4R-J+$iGnFXoJkI^}DRB9l_7|SX9OzZe9>T)MQY;Pa5s=cnFYMe~ri9{08 z$438^b~U#}?sp>Lx^hO5Es{~-3jN4{yL%U@c2<2|HsQSLUhiphfQ?Re36=ZT&OQ_) z)7sJHqRDV0k|O7%bTqx8lxBQwj_hcOVAE0Unlbe`s~nTSU*5r3QcxHqlIq2Y)B5GY z$%OaRh2TRWbl1e-Sbp@YLTQg_+Bqh>ZTEt}tm(z>Arq_~^E^-uoeCBTgay4@vq9J0 z(eSYu)JG;orm0Fi0j!J&+Tgnrg&1PxJRw5+PGa>2kHZSq7f3Uev zE{vgI_!H$J<hZ6;>6yFi|Jb_l6ZqSJbSb8n8Q%jJ z@S9q>gqZ-KnXg+a+}P%oh5MV9OZRN2$(HVY+EQW`I$6{dl?O0KIZgo*g)8gfm}t#A zW7H&Dfq@7|DJGZveoM=dom3FU#LYm`Ib}G-z6ywYxnOw#b|U21zIHKMs6ew+ihtev zt9hoJ38ul5Enb$6J0f!1g`>m6H;2XAE#+P4WMdL$($GZdp^09-!nF@6;u8{+F=bTK zY<+v@=Uy?=tw)o_#~Eaq%N2^Nyf@2CLU|$z&nZuC%Lpy9p1tp@k~n4=-=*_;SZHWKo!PCTl?W2|Y@8R*$bN%;8+5=O;)Lqx= zdnHm__24Tx;bZ&j{E&a;y@AzJwJMCGw0yN7CD*JOx&*4(7FS<~$X{x>yW2_JDg3`S z5ngZq=^4f&_<$|;zkhsqymJ5J;MxA4q-{#;YD_nK{cu-{U8zKEyH%WN9VwTJ+|cam zba&k~=+dd<9~0fV7lI0;vKg5NkY3i6I(I9)>X$NjUMlIi!|58Z;_F7mi_}7kK(H=c zo(!_Pi$qRQ7hg-NmO(d3$;9t3vv*@@lm=VMUM2aveVqz=gEJp4g^k4wH|mDOG38Sb ziMDX5_Q03~*T}=yaAR+g0Le7YN+V41`5Vt1YLwHx)%Bp=q=Miv72;7=+i~XSZ>tq< zq!w0n>wqs??k^O7x}gVxIU@h&Y1rzUd-+N=*UYFn(>nH`R4e+yTd}RYw`zrJ@lItN zl<^+6>+q(%RlK_|>x%!c?*IM_Sw!uP`A6Ghw#EO4Z>s0N2M5pl|I@UWFd*9OAPTeq zxA1T?Lk{DFve0rtC1EGy_awzqDXM~ za593BO6B=es$2H2W8d?~zsr{Wn{~{lE%PV)s^+}4L}YfOB!&rPsJuO2-NfFWKPK1S zp06YGSx7qd_WsX%2_J~0B2jR5+E<=2tlu!uo=-z0Ee9^eZ=OF_fe5knXDC`#?SI(s zoxbb)QTT{7w&wqxYX1M`@Hzi~nwEuhp4Wq+(}nc9@0chIL2w(nrEy>3*8$uwrj&jh zMcAKH@tu=!NbFr=$63CI zPy~rRXSB4mfDkpxh;qyb7kM$WwnE^Tvak?Ikq`So`F{pq@!X!Dc zVQyr3R8em|NM&qo0PH+}QyaOG`S<2ibeX+Ma+?|3K*-)4P?senN9_yYV6$7Vwq6B! zrfutxrCCX1;!F7MSNdho35v5THUQy|B?ntcs52EPgOBSiE&oY?%tS4 zoy^FDJ-L_G>-BnDo16CkUa!~uzu$Y=f70LVt@nCc{q=tDNw5F1*MIp0diOK^^{rHz z$S1vTo~y~+KS?8;3r#c?T%{2}Ml@k!lw?F}h6xqj45g++ig^lNS6abxstQJCF((sD zVR~Y<3HFW-TA>Y;DoBPYoRtHN)l6xew1Nti0;9bA-1=4`L!vNDyHMhY6!bTgiVB{> zv>%b8nE&i2y`&fAs4__l?H~fdOq4ksNin54N;u#e<&b0u&-RWEo<}q@z+1VS9Ytq2I~OunX%qwHLrIjDWu{As(S%U03FRp5TbvNe zQpgCy!G8wynJ@x!j2`=yaKBpiaHK>jGql(Oxg)B_<-p+S8lg*$8dWzl9LI&{IN*q; zHDUF7(PJy>s{JLc&HhgbD^cB_1GvHd_g=o-Y})_zt@V}te~32SLu2EN?H>!JQ|NRe zfI>)}!sg~i1VFjMtd#hckx>erzImS$O)@)B`4Oc;>8z1MK$J4Z&i~9L=EyZAOr2mR zQJeXKG3!)xFE)^>W8aRDqa+$r(6YoRvX*L3a4iL6DBlxKMvihiAtQ7sB^E+aE#z!& z7rPTGrI47%?Y7R&8yv~RVYRrlVR+h4)|0-myduXFWSD6oQ}}WbMI$B#gn75AnWw<{ zvNt#+CDX?^qDmWLI-T#*gtqN}jgx{A;~YMXkrgOaqKj`Z1vl;gjrC^y_iD5EYPJ6# zqJ8-iLykkr5jswDKjlt!KS{5<9f&V3A_GW=ko@MHgVX&GiM8tdd{`kV*F)(1tLk>{ zgaDbs`H#+m9_0C@=f@W4KUuqe|Id4^;miad(ovjEZW$WfwEtf<^S|}=&0cS{{~w|? z(xfxW^Az^%Lcb?PG(k;_vrp%#M^zPkr_bcRe1YWHxzXe>bi>6(6cBiAO3dICzFKej z$2)5W{^4AwjSXxv2Rjy@Hx@ohNiM|^iG}?Nf0jbqxf*C34LeuR));4^p7wd|n+9}< zi{c?8qxNCd(5X7yasC^Xx+KiOwhcD{S!I}$Q6=Ikv=l|sj)y`8J@TF*lD%n*;C^+MXR-BxV7R)5mi+uwS0}h9n=@bsd z{%6cejdLWTFwiE^-TzFLRxLwL{KmU!j6yl38NSXkQF47)4Dn88j8FoZx%2Fqi0%wK%olU2FXpA{I{cp{swPzcSy862-s??#zlo6!QJ)KWRzvNGsOb7Kq-G)Rt%{4L&12o(-~1(>!Wr^Ik>in&+Sm9zS#c=%Z7d8%A%zy1U@82%cNB~W zkt5VcHQ2fbT86>L4tZ9s(w2|^<$z>&%K&bQ|9idlM*QFJ_cm7X|3kFzDgJMoQ6Dl~ zSA@8mO>Ek4tJ}DawKG%OtvpJBGpp_x8!f>B}KCp=JZ;(|>zN*4GcUqRhsGicuwGUM46JDC-Zo)yH7lJ+jJFen( z6BAcao(Umy%Bvf%We#UtmYSl$WZ>lXyWVW~pDE8NAGPdyQc$BdC}V>Kxu%PsYS zX^g7(TukbBj6++`@UpmuoCsh+&3tnFtdSc=;+x1&<=}rX(={{XYay-X_P&g4`(!3F zy?Kgnv(Q&B+0};nZc9>i3pdVDU5LL{^0yK7V@DvX_LyzS_+MhKVrS)Vp99=@|7Yt} z^Zc*3zN-H}NNZG6uRdrCw{h$t`xQ~U0cgH{Z6t6lpySPXeHES^aeH8nla>O>O6d{$(rL@A8&H+x|b^fBokDelp4LX^tEA|I3Y+jr_mAx$$y! z|K~y4+Ok)lqd%4d{KvDq6cU~TRVLss1Xpyx5Qaj6EIFrq1cWirV+7-rhC)v45fL5I zES$&z6QWR{$3(-qA+eA+rJ_`9W{?2okO_(K%bbiwp;7^(XK3;NviBYc&+W6Jn4x|F zgHpqoOc4f%942ClIfzonVi;?Q2wE8W#JLNw?D+cSZV0?814}0b!wGT?lxrOMBN<0} zMmP)*a-1R)1?FaQ%CyDliz^0sjs?1NCo!zEBr$s0GCPaot<*vq zvm0g`ijwE>hgpQh(#@@bqH!+i6lJ35NQIc&b;UUrOw0`aZXr?PpCwgPqe{kl!k#Bl zw6+FE)fZ6|&(&=!c?BOgevINO3)6nm-!y%%y*B~DVJ1phBjiAdN0d zn$ahhp~1)Fzu9G|QmKUj<(O&nXn=z|fxnB=u9H@XIh|i5_5BjeyXu z`*YZZ<4_cVT|cdPdY$L~R}!6`p4!Ul8ti{2#@ZO3OuQ6SI1d8$0o%3-ZQ}lJC1TnR zkGqSvi@;|)JnovwqK0tRuM>_jtC?oeF&50Y4Eyg`Fl!#|$vnw)Nf@|q5MEgQMRzz| zUzpU)Js@fvWkkdF_Wp;r@HOBEQWR_k@er;&sI#oQL$MD9`LnE-bwlX7UAarPJMZ_= z>9+d-XmQbOH(HEulj?vdv|*vhF^?BAuEAI2T!&vsegDH-C;9irt5I&8qBHS=gU#!W ztb=;gB;U03^$Q5O$W&Job*8%RsB=OJpZ0YFUjI9`Xk(AI>&^Xp>RnnC9Sr9iVs1pW zfQf~`a6s#flUW_iVKB36Ou2Kd!Epw&SarL5M+fjD?42CEu-k?s<`#@lu5G|zi`P!2 zF6&KX-nzs3FiGPoM#(9s#xxnjv!i8+Y30g;75=XR3Y0b=u`Ig#4}KLEBm_6%cmIoq zeQ_QL#zeUY!_$)o!!C_;m?EdhGh8VB8XO9ZDV$KAp_|`hDix}*+AjdPGBJpCNJda5 z96H6%_Cn(?AAjE8`*8U7;N8x4LG(D*!mXz}93Ki9d!lzwVSq!UY#}DA%orI;4X=jP zAD#t88=>|R_zL9w44!_m_rT$Y{>4-HYF3It%;CrN=l=n@i2fyvb4zIP{b2w7#TjhVN{BM>2x%}_3_u^x; zHv4aH-Wi$P(sh90o!@D9-fmV=~RXB z#thx7%zWRRU40HyCF5Nvw(QNppQ@1KUJ^)vRzUp4jYXQ&YDEu*R~2_?y{Jp2Idri9{y=4VzUZ}A+|D?)6Q1VZ7SQ%D%QMo64c@09IKED&}rT($m zUz2ipYa^Me^0%tVwQRJL70LlkvW}YlHL}9nYsk8U_}dhAE+S7~i;lu!fT_`XSgBPm zrKrDOuJ~2-E`fQuB=owd;CWruuKIffmlo}My)(Mjxp^P&3<*>Ceg1KPRa>=H`+wd3 QF8~1l{~+pC830ZI0Ne5eBme*a literal 0 HcmV?d00001 diff --git a/released/assets/rancher-vsphere-csi/rancher-vsphere-csi-2.1.000.tgz b/released/assets/rancher-vsphere-csi/rancher-vsphere-csi-2.1.000.tgz new file mode 100755 index 0000000000000000000000000000000000000000..09c7044fd2c03061a838f93e9e57c4dde9064eea GIT binary patch literal 5776 zcmV;B7H{bviwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH>ea~e6a`}6!2DtxbAQfCIRosXqr*YjeMqb{+1VCUY})|D;K zG@!E>%}N>^Hk<$bmA;1g1nfA@?ORlp7)Da7)oOLOx_bo2Q7{GGoQrr09GZb3t=<%K z=`Zk%{_rTJ-EOyE9vtYu?RLBPx6^*n`Jr>r-fOpCcJ?~$AKIN4?Y;I7sQoy@uP%v@ znE%lJ>amKG`-2o5MNDEzSR}e0LIIYTvWXvHDJl4bwF2Ohj0uEYWO=2sSx7`o@uC^w z8FbNnq`3+8MuW=Ms+EXw09|yO+(1(-goIgTQzp8Ik|_C9S<8U}7T|_mGO>qa@)5Wo zEb5|p$HQ@)e%lKqef#877g$Bm%B$ zVTK9qq5xC4`5y;9V2VCwo;B!_A< zIO}rTQqcw2}HoLgf5ai0sY9dx`0_sb;a-cDMG)z zqwEILf7!1V+a?LoA^Q9oariYM975FaKN?oIRPfVzp;;m%x&ah(HYXv34fHI8F;1vN z^_^VJL=W%OR9gQW{f>T3m<06Yi$zV5$skpP>Ihiw<7ipkFRd;2V_eqsQ8lIZZsD6_ ziYL__v%HZ7;MUlmw!Ip9ljSn7=yQLrK28<1aUXf-1Sf}E?)%BZaz?D;=MPB^Aymx_Sr`A|%K6CW``LhiGyK zq(q?3x8)~K7;C*pu@E^@TRl-!ErK*fpy@15j7U$LT2SYVl3;PVR9{Nms5-bDzSoaD zBjW9mNm4r_bB?i4Em;@3!}r$nb*0MwlUAXM*3}ef3|#m!{t8oYjs4f&-z%Q~UmbMz zw)Wpsl+T}=D12 zsDSiKV~Gz$Vd?YtCg>lmtls}wnHi*ZRWpQ`vc(Ld&Af!G_kZW0yQzNV|%<5A+k=k|^w=lawKHem5M)qBZY$Gmu!R&~B=Ys~O8yThE{}`-jGk@lV}j zW#x+)0tJdgOi6%67bz1%IQvU$;u)5~^gX@-Dx9%_<9Nluj_Gap4941e$w68N%NjR~ z7JQQ0M6k%~&%oy-fa4%wNhD8KQ^whBque|ZDhTG>3CPcOSf1=umpdY-_v&Q2N%k|I zQRJiFQADB;B8gt-0V_eAf1spy28^~E6>YBJ8F zyBx(Zf5oXz6=U|J#^=u|Gp^9dKKk+{b1=@Ypa$h<4xRqe(neptbnnqo;tBflB})y= zCz(l^i8Y$d`QbsM{8W+|utXm2x7(tkT9YCSIS6t1muJT(C&T_|^t_@W1+30Enkxy5 za;p=~i|80STX4BLgtT|Fi&{$4Y2Q2xZZl2hj3zVqpf+S_mNWI#9MoEFKQD_JRDlE8 z3<)oqOnFK#&+WcFuw?g0mR0iS^l!x}4w?HhitD%Klds~FoOD~FwnoK#16H`#`ft4G zVNZJ}W{L8c6XmE9U{GmTO zKkoH&9HCJ>Pbf`g^fA4|3$YPTD6sw0lk>B|=|weTBoX=4ZMEw7V+rbiuN1HkXD9t? zK#k?X7UydKd>ozstv~E*Fuk+Ww}W>zfLb7fmi7uMjGRsH2P_&_LwiI4U5#l8#!r{SQO(NKL&-5qRp+;y&ANpOgvJDDID~Pz#@3m=?uVt^J}a=_tPL>HMrN%c@0h^A##%y=1b(|!t=%IR+fSg8ecu7gQGzHYxR zw1_#AEMT;YE_&ygx=L4}De92&&c%!}kj#Xt5i!B6syY%8NiaPDiWegYSQM(WL_62U zDyFo0KUW(ACoD`WU*sysn9zj7#gv1XG8$$(JKDLqHnZ+c^eqH?j;i+)^ZBk{sp+$- zJSRLG8}61BOsYy9hZj|9E?n?UD4vUQ+>heqR{ z+gwOa0@-xH{}AWNEWi|2=|ow{`y!K)lYL@*lNE^=*-Re2W0$Ac6`C4mv0R)G6Dw~v zo5gHR=Xz}@mYTUZdLxHHHo~5|P%^n7#xvd1_<&0e1e9CffW#d)m(jok>?`I{gR}EC8+YT-CO)MyEoR{$ z8nd%V^PNjhP*eEcafxktn)0CdAHTuDJ<>zh<$oR&~2L zmQ|`S(9BqeK{~QSWjW0y1{SLd6!MzCYINHopjZgQXMrGw=N`yI>&G;!ZLEjceaK%= z>PTe$3Ke4pk+3_`jGo$mrNNhLT!%)9=_)Y7F@aAKA|*S-3R(n-kZk52>7*%AiIzp? zYu36%_cfciQYQXHqL4(BZy*|PEM$?~{2Kyk1!SczK;=_+IhM7F*jM7%dJoFde-lxT z(nVN7hCiF(ySe>ml6@cYTF{#OuTH1^vS9ypUhHq}zb7e=l>dcc#-b5CB>hYA)jbox z?w{&q2QlhkBsrEaS(w&x5knU>hKy1YO)ibXFcLZY$bp{WPnQv%V?yx_1(SOAmAPXU zIaAhWjomBj$T?wFrRsmZ&+?RoU_Fi%uNACxS+40?^jPNomDX4JqLF{H&Jn2_Ddwgi zQ)(zB(2TL19{%Oo$#C$oKfD_D-(8K)dVjwsEzH8Ab(3mv5DzFJD@7%v+S)wCto?F-;~U60K^tQ5hZmnir9a9*ZP=$~g#Q zPUeKdB;!`HxK(;I-NXzAh4|gN*j;X|>bqu}rA-O}>}ExP`o|2s>d^Qf*uF4vHm%O zY}Qn58)!`Nq=rx@{hu!1RgfkhNLmvj{>t$1x`6D%8FWPu_93bOp#aDDhEO626vA6L z4An_?^z-QI_~gUjwDGTOc#=|fckaOUMS!V!rE(Kh^I*1I9V6R8YeLOCYoo^xQhqTD zMN>Db?|5HBAOj_(mS9Luu|zmp7|_BH3Xw>V5RjY_u~eQ2bI3u7Ig9ZGO9;^o4sMZT zdh_Wwy=OR>k_h|~^0tp&*~U*KB;16CF)i<<5auL+6~qf+UZ?e|^?p7v?LSHL=aSLZ zss5T=vPV?>o9B?#cG}1&D5M{3nm6`n7H1)Lem_C7kr>%2#@csKA=qAd6-HsjYwcmR z+w`owB2PZ_sF1QqmLc`g`9yD4me#DG_v52gbAqWy@{ISiU$%&BwQzkrgf}Kzg?OvS zA|vZ+UWuxEcS)7yOHbyVr^;@nm!&HDeQz(;wmh_K?*BCc=pna4t$Y9fVE>@#|2=rM zz5nS+O5q)~%Cs(b^OAnQz7X4YF(0j*%8uU6GsZUY|2o*k!=COUW4d~*{B2SC71o=V z2M`6>tg%1aRRZ_e|C#Xf{iMK}{oiT7D#m~IUbVOT|4B+=|7Y*gNs}sz+rE^f=%hfV zb5<6VL_uzp(j{kwD@k*Fmw#iNh%`}HSJw}cUiFh5DU-iln?M<3j%OfkL}eAVvUda_ zBh&KN2G!w~>zKQRE%##Rsm|Y{)=t=|4GWu^6KN%qgQwRvG>cyZU6P`LFoi7$pO+!o%j4sYlb5- z1|dbuT=$lCdgZs1PU|@$0%09bA!8C~t${)iWD-G$B(s;np=JJ}6N=WygJw9w6PT$Q z7G)-O#)Bzn-wNXbJ?ou`=SU>M6k&n>zSKhKVhV-fwa;3l;}}nyP{@!-!bDrr`u3I7 z5lMc75Zy6;OBoIY;z<;dXrl1Rj&!L56ur@4H-+u){u8??ZXZ7=-L;DX9HBc-Bp@7x z$lTauT{1$uu!{JR>}VQ6mPmxP>q{X&V<8zYv{yJ_9I}lA7J~12z0tr;-V)c1CmFf{ zL?R(ErP_~{>uwUcghD@)iHFXj01#F)Mgg0}SQ53A7PMg)wftso1}d(AyQ^2F%9$x#>ma|)3L$aDx$%_7AxGY%2%lFMB)mkbRs2c&pfZ53jG9iMAvcj=B0nhoKj z!B|btO*S(?I%zqD1-c`YqKN7HkS%E6^BhHO@9dhgXc=>5N+2kz+~I}jDhAm>Z+<#5 zF;3KZ)4Dn8qFw=piN&h^_NseyIqGjOCL57HUcUtrq;*NUewarlzIQUWy$D zQ7`;+bcBX3;T9d)an+~eFtp!%@A~>$9dx}N)c=HMG1aqD=KAsqX-i`30NK&%pcIR~ zg@s`kBGR6_h{-ANJ7OhLmT3&?V@#-5c6I#j2_*HrA;eUPTmAo(QKg=ZzQ=*0k%`I+qhi4L_s0BG z#xg(W$P-eD%9C1$p1I0Bcai&QPOszjRoq_1?;CRbN}k`0>-%SKHRo5dzBWr0UpdK? z zusMt8mET5}9e?W~_zy2t=YJf>O%6Dm!Q=P<)|~(MIz|6)=f%N6XM6sCin2ZbZ_oeR z^Z)kz|2XG=^lS)Y)t#Yh<3+w!r|IhxkeH~2KUx0hnz(+xwGO^}snY+yCLr_*JDl+f!m6t{xIG6d!W;JXb`dhXxNBhA!vT3wRG{61F z$*J?z*}h&rPtlyz(}$IFT7hKdBwUS8kIiPdDImsNCyi4gq{1l1a;hx{?QpXoeAM?R z`aIpy@9LQ|^`85z&(#HroT%=-0tSyVHRoq2j(Ayoo|~_$H3q`BAi48#6!AJQKF{Ih zYFFS@0$hjLT0xSM$D&p%J5c(DR1VqGvh)2R0_2}%&vr&0_$c+vxTnUb$qI$cTCLvh zYKu2kO4URAT2+C7RTrIQY1cPL95vsiPO#2f3M_|s1d91MsUWNtm<+U!a!#bo( zIa_t~GcAe)tP`jCP9`p*16?bX)jDLeS#FgoT8#@RTboy#!}ktDZ4hW!N+PKvz1p%7 z+@%6dS%yhu-7?Am#L*(xP3a1KZv>d-QS1&vrpBSUVFJSEe(h`vGOF+fNOt?4>!(P+ z7@{z}F1{ObUEa)Z8ApPtRnhNS==W4pM@>MJP(881(X-Jm8vea+e@GHU#Q;VOT(?*( zTl^NTeWU}OYU-w!Hn$vsDGO2^QTZNAN%bwaVX503l-zVAA z^RlPy_VQ<8#OV&afitlC{QU#l*D_QnQdjFeJsd(&#p0K>*Q^bhJ#M)94b>IjETWFeG`Qsg_E^ zywO<#2dcnK8Zue7m+P(#95l>BYbm_342IHw_5xcC}ZueRk_wmAV!`$hoDmn_y< z#Ute`z;%eGH^H2#)ccP-7zu?W<9q-_FJn+f^PmaOs2~O^MV*|{lhf^tBgw#XQ>vi!xq>LvL zDx#Z4LIRf0srF}O>D^xm!(LMI+rI=j2^PRz7=o`+xZaB>?MJgYh(tetFQNd8oi~?{ z`|%$@%*Aq!)A&{jID&u2?b&twdtI-^|2b?6|8cC=IR9Mbe?O)xu&EgQv{vD<%|{WD zLot4)aF84RT z-93zMZttoZLNXcrlN9seMj_�T0FyZkHD2ql`<+v0D}MRKB^^BA-^PYQChC)6r9q zE1{=?dY2tyk(U?rv>tOso;9}CDh+FgJJl%9u>4aM@engM2)E8ohcy@Myi+w#iBat? z=S=HZZLCj~hfzkPKjcihLE|^RFOo>#H;(nv`1rrue*Q1Aa|Zp_b-O$I&l$A*e-6vJ z{vprx_RX2|3f?~;uu3kjXu{l*Qt4SzPC?gLA(lc5U+^LM{dQ!mIjm%r?G2`JBe?XE zzAM|0e>tK4Y3_lJ;lI~)YxsA%UW@;;*e2q$jMGHVgk=9TAO3DRt{2F$;P4|B;34o8 zBq7ne5KS2FXDO2SKrr;$iB)y&=VfMkYK#n(O#aNyPk4^pBCjVL;f@Jr94wXe1P_8!^CQBePV>Gf=_wbojDFZM6zbeH1*DgXf0_2Os0=(K2n*>P|pY&j>*IlEpf! zc%+;KxDL_uCYUpodjF9JBcYIFoDYELWemz_9@L^Ch-Dd<&hTNY;~(=8bE-j|a3}ch z{O|R>Ud#XIuzLO%lqaB0y8#^If5)-Y{P&$6?gW;d=HGLjmjBOTY)+?;GQWgaD5iy6 zR?K$2OS_s*kyAHWl#r~8QNsC1aOPw4U&4E#M-mi7+AyYEOeill7v$>nj*y)CKSM|p zuE#KCN~e)Kol7ss2ebYBUzD7H3Xb7_fSbb>{*e&u7XN3lO|3*r zYGE7CEDAQ2QX!CTMHI4WlDivoWCg6IDa^NY(pst+#jAyiv%3yDh6RH!#b7cq+9en? zzocA~-us*(spJt0A_2Kze!(iWkQ>BR*6k6Xsl`;!h6E>iy|Ec)Q^jc&E<)-daorw1 zhm`R|LPdJhNJzl)Io1BGEWP_HVc1Jbg!`8RC&2=^3q$ZVir9M*rTu6&2a)Ip@I@40 zvHd1eazFk9h`CtKap>Pl0Y~s}JFZp7|G??B_&SAvv7`_-rY6u%mS%i}-OS%N2#k!Yn zF_-(B-|ikpH@A0H4I!Bf{z;1YaH9}0&wvMG2)9d%@=?Yg<=D-NZ7SbfYmrZ@RW)DI z$tmb5$d%AjLA}ckG0DpddYX^9BF`F|Yn6tz!<}lBXITEJig<_(8-!bDr^A{HcHXI) zr(~#hmvg3dtTxuC%EKrl&mVI3+@S6o-xo=w?;FQ@X?*p8t0{b#u? z|DVHhu7AjLz5V6Peg*Fz5LG1?S2WSxl27SbQcgkFSRs}|3t#Xd`TcfetU0V?mF*3t zaU;0&lD;e3kAFF#{%O7g9mBudb87gv@vg=HIcyX0S;lFiXF{@nnh$@s9M=ovSaA3e z3-A#53X+iMU5F+O_p=m9d>|Nl?Zm3O_VcoCdTNXel}!H3&P;fY+#<3hnPUSEu}l+4wi7Y8Fct r>5z23Q`eoZ>HxTc>Y=k94@5!z{?hB&T5GMf_Fn8?wwd%804e|gYNd9h literal 0 HcmV?d00001 diff --git a/released/assets/rancher-webhook/rancher-webhook-0.1.0-beta900.tgz b/released/assets/rancher-webhook/rancher-webhook-0.1.0-beta900.tgz new file mode 100644 index 0000000000000000000000000000000000000000..2535be4fb46ff874cf8d1dd54ac54329f34ceb3b GIT binary patch literal 1215 zcmV;w1VH;AiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI;?Z{s!-&9i>Rz`%!nvMkA$e5o{|nBSN<9tkmrRqrX0f<=H8_sr zOh%*P*KwTouQMKbH}3HEc06{+BiFrg+>tkNZ@_uIDI7;?i0K>W#kSfn_eQ{^RK$oY zX?zPHV8n!4*a0IFXmd3PP!o?hhCWn#rL)a5i$kQwafLpJlO_prqh{t30=O8T(!ES4nAU&nTBr$0wx@2wC`pm{Cupp0v#Smxj$>W=3qOxG|5r?;XkJ$UPVwLK z+&2Hm?v?*%0gu@NbLMMIl;NcGy4l%-_6`Riw(w!K%OZech-oUsR0$reefT+gR5aCS zP?BXWgqkx^i3^Fs7(hw=4;Zmj&yxxJ2lcoctV?r2MQaR`#HuWmevhM__*{4~UZ0^^x4k z=B8Vsxughs|1*Q$Hw}QoVDqQ9oe#>e{e0>5d}}z){}2O22xS$Gcx2K2GoMADS9~ z!VUgWtJvQu1c*3_aE8%-X;nUDwDg;~+s$>SXyFb?6e0CkT-ob#aCXi*lrhB3^nZxB=5+!D5eVXquRhoQwKN=0I zT7!DU1H20Yl}dW-oa?3e@n6Sr{nv9Ayv{xFl>avxw&On&*Bf5-{~XxW|Kf|Yl$J{K zzl)fV{q%ohbG1Db?nP<{^-Kx;fydux{(Fw+-Cp^B4zw8Gd5WHvflI%|72k^E{I5#R zaQ;umQym zFV$o!hhgPbKXW9OKL>)Nq|#!QNGi3ejzc^b@pvWyUAP`a{ARFn2Rq5o;#HNjwjqz& zfr%Iwsm3PhwUA2Z7nLIDRhK^ener7Acz74tSq=chLwty$;w}S^O6KDbk5Q%c5d$Sd dDc zVQyr3R8em|NM&qo0PI;!kJ~m7-Lrnhz(A3cWl2_?Mz`%|TNG#)#->P*0WFPeHWaCn zBd1$K|Gm(sZCPFiS;Iyey^Cdj%up2H<8Y{%3|FYfpK-BL>eJ+I#WdMZED<+ngX1{P z%=gP*$8oy9&THShaec>goSEyn&W+>x-qgDR=X^srj?56#H_nTFbzklq0h3Y@Bd(+g zEP#*^6KZLPj7Xr()g(ksJmwe$P_LEVW-A^=C<7Rg&T!P*M6v`;%0djFDjb_9Lzwh7 zRwe+!W%f^Rtww>&;J7f^j;mS27EAdD)P^e=z}mA|nznx(+qIqX0*Sq~A~d1qDU}r; znBWm3E|<4a!cEco&&nLcO2cF20_Z74WA(dT_c(D}>)K!Vd35=|W+Fp#UI948f6sHf z{P$-A|1Scbuq77E*O)59N$IC{Wly>*9Dvv|fb}km07?_{Oo+J>JbVh^*Z4uvT%$or zmbDaW!9*=CBuZxh74_d?%rZfbxa5Wk&!f?`C*(Urm;Z!GDj1=ed|aVOQ5&1m7fQh? z{!cxp!~faLeKYX?64-3U5Mj(E!l>fp$EYIZM_sdW1mirniiSJ}`$M%sRIF~cy$aDxA?=Xd%4X6jD| z{$B#Su`)|jGg-UVCoZD^-nHM~N|0E@h!tCRf9z{g42xQW0z*=|+T;^P;p#WGKw+u^ zD103D256RD-EYTV0kLP|s1bl>7zIKliE)X#?O2G!dTV7|zstkz@AvQLw|Dn#4L}(N z|EyIK>=XjT97Xhq@qTGtK4-KF+Oga1ai?ut#ai%cvuWS=8PT;N&o`S^FU!vMHcEp$ z4-Tq{Eg{cewI2IF*4}t_1GmwE!A=v%^HJM9RhrDak>10%|R=HwP>=G|DsivKI6;+IPle)4y&>;ixMs^ zlP&(jun?hf-RJ$Dq#PYlRbD5fHXHk~$|u|*n|E34$KX2gw zMX*Pk{miNR1=QXn(tcLAiN)G5VO%~2&;$U)^b)BP6{K2`3Y7@pkGr|GjbWOoVn4v_ z4Fs<}rQZ}z@}E^w`Vtv9#edhC?epI&o(KM40v*Qp?xLq<;M#97;A?T5|8>a)_W#-I z*9ZImaQ}N5?B#!&o6kB4(SHQk-jvoCq<2cje3@0vkBi0j`qrwKRvEXqP9Jg2@pC&TUnEsp)#M?b%XmC<0bPb3W&UQeb|*WRq2;S8X>C&;O#l-! zE;5bnrPop_T^v-(q*qgV|98gMOyJ>JWM?`643F?Wj?1$QJSbV%A)cVh=sku?MkWB) Z8Dw_AfC1;ke*pjh|Noir!$bfk002P$Sa<*c literal 0 HcmV?d00001 diff --git a/released/assets/rancher-webhook/rancher-webhook-0.1.000.tgz b/released/assets/rancher-webhook/rancher-webhook-0.1.000.tgz new file mode 100755 index 0000000000000000000000000000000000000000..f958933beb849424e2c4b7f4562661160ef56bd8 GIT binary patch literal 1213 zcmV;u1VZ~CiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI;!Z{s!-&RM@=VBp1`EK{=LywxqurbU4^FuX;23}|U&v!O_p zq`Y+v{r5tjwq-dEHi3{GaSw+DuN}d;a8k5rFNdFAQ%{I>=~aC_+WcQpo}zwV2XKo2u5;7ozjt%p z^Zy)RFLr`A`L}1yCrMrkqbDXTjQsU!n(TrV2F* zV_6F>=ag5j#qh!uKuP@17}1oQ87`PMx!u9w($n$Xq0N7Tal)xVJ$hOqPf%&wByV&D zr}#g1NsIrJiQDu4EZA&@5Msmx!k}d3Q&`gSNmaZYz%a|KydjIgek>1&lGpW-+{x#r zTcVgS5e)vPM}u!tfLvqqXRsX)im?5B>G}L=iZ@>ePVnDxy*B@E#@9~I z|8rnBR;Ed!M=QsAW+L?AbF=bGMr2j5e1R0%*mj2wX!hBASw>6kl-)mF=}`j&^=-|oLmZ}0A#HvmN# z{F9Qgzas>Q81it2(Y~~jPpMh@&Dibcy3@2RV=ef!*)-q#g44Aj%Qlp1TJ)tm4~09PYJ+MfIsV8*$i(6mhl7$FE2l{l_Op^{@`5o7;J{X+Iw)mB8pcdm zI-UQCLGFZxRi7_=F6HQmN_mxx+HCAunNPAGYH5~zC!Xgx|10nO4ldyI{cn75{~P!G zKMVF~v!6M2UP0|WBJF2&>sYJ_6Nbg34|M=ws9KYm4xWN0&MH0Rhjfoiij=JviWgmu`SHS|RTTzaOcafdx0MIPN`zR{zGVmZpuE($#Woo`)AVsKs ba6VF5xkry49{~Rb00960DdGx+044wcY)V_W literal 0 HcmV?d00001 diff --git a/released/assets/rancher-windows-exporter/rancher-windows-exporter-0.1.000.tgz b/released/assets/rancher-windows-exporter/rancher-windows-exporter-0.1.000.tgz new file mode 100755 index 0000000000000000000000000000000000000000..19bdbc89973fb85795bc51f0294ba4db9a896aa9 GIT binary patch literal 4955 zcmV-h6Qt}PiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH+zcjGpa`OIHYD|^>=KarArb~MxTw#Rl7@ATnkd6GBJ-A{qY zl7tup7yy*5alF5M9}ZH~W%)>)?zhGVA7G(S1=NM3APJ9$D8nnt6LFw`E zB6Tz-Df{NBrP*vY_jh;g?`E?(`@4CtxBpFRx4GMFZEv?)2j4VX`>nm!H_&`?&-W;~ z(nNmKd~#p2%zY(=a4s~_RB+V}0AivE6N4xwS~HBOXbfqRAa6rW%N%P9L4<09m!Haa zFIfg4MyY9^V$ud*yBLm>6jerIY=grdrh-!~B;|upjg`i9aYKm=iNeqzDEpX`>40SP zN0f>R-iA>tAX!%a+l-pgZjhjgCC#+0>Y!GTXE31wQq+>h3i?u{@RLIiTqLMqLT>w8r+0K zU&y5*76of?KBNk$0s{Yf`~F?n7cwPUV*-83&;T4^%!ou75lKmpp#m+ShmaAaFagT7 zfU(FWXiPIkG^!{F*5FX^J{{!JNp3J;qDPoFNt&Vg3&7a`Pw^QJsM2!WhFYzP0ilC( zL}PsK6c_Z6=t7HCp~Hci0%}75fZPzAw87ZAAXqav(@b#WT7ils$?i4+!P;67Git!w z^XLG~D7N9-gKzf(0Gg74XG>xxl%Zl=s&~VWeYY64F_=X*&+WP&G1Qt z1T~>df#5LII#caNV?gyV?-_&D$V%%M#v)B~PW5<>jR1hifkSRO8@1u)b~09njwm5j z8)_VNU8uUBsJff{dYt9;Sk;*r(3r4pLe*tm$5}naRLF5X7T(O(9PwwUL@r|lMpLSd zgOa{R`K~S4M{D%0tSYqQ;)hLuCUSty(Yoh!IL@9dH1k1w-jwHC%j#vIlDBSc9@MKryLX zF(@z!%bDpz3&<71#f``eB17l#HC0;O`iVX-bm@)mJjLK4bdrw&8x zxlR&lEIwfqTkE_(UT4O=81k6l15`zu#PzPUS>!0!O#xxQ*yaP{4~hmPF$2I8z-uiD z>>OAkNUTw+Iw(<$s&PGPC~}qIB$TCi%`?_TZmglY~~DA z4WctQtkDNU>a1+6>cg%#Cvsg#%oI`!Q;KWZ>Z9|{I4_WQb;?K&nQ}c|zE&a0vNqh@ zl;QBQp@D1=k23vyfbAM6s9AT zCU7?TQTuBvYVC&28bpUABR$Hfrl=yLQhxCreNVOj)8et=($Z+jk<64E^%Y zs(HL_GveJz=lu9X_w?i0c>rz+X=PL5uQ`>NKLpUoe7mOA4qEe*EF>-`^b{bq_zjdv|tbrKOvY3uJF;PK`Zos?_m32 zPX7;@FZ%x+WwFD8+gqb^OMR-*lB(q(S*9AL`8cuy(?R`s^YQ1I4YOJ^vX&+b~K zM90H-kHow0$SPRy7%M|#%43Os?T`Z$gqt$68F>fFh0**%{4*Pn_dq%o>Mp_Q_Z8o| zZN(1{lo3w0n>qqS$?(?rQ0#N96QjRv9dgXtH?^x3}%3V44gj zG#jeZlo(~XsAX4bSgS)V?3 zJ3LERUSZK~?ynXTyQrv&N2|FYl%DKmRJy2cCNGVx?J!o_FY3q#-38u}V0nt~jYuvS z<}1oon9*!jrT|jY;*{uN8$NxCJ{g!#-otiHtL}7zIYFHSO$#tqB;zhY|Efe>=G=?+ zl9dyYgQ*#Jher!YC;%7C=9eOfe}o7=K=|g6^e88C91exjVMg?Dsn{8a2I{ymcjw^u zl4Q!MK3r)c%AWn=j?*?i zFG4&!mh*U3-une(P2w1pdJz6hFdC2NF=irB80V7eu?3+xh0v6Xja=bWOM66STHkXP z4LM=>1OfUx?CmE5y5L6C()Gby`$@OkGpmHz!FBrF7`1w+Nioo;BI$T#KDFP! z#<4E8wK7RZl;HrAHuMQoMh{E?_W|{lkeAbyC#Q$g6{jahlM0#hx9Xn?{obB2?QPgN zGqrE|c*Ab~y`wz8Uj9ALGKMK~O_(>TRnYgj(iVKf)e=6ahR`YHZD^K(UrMgqu)nvr zvljsLm9q)I6FP|``N-M$ObBgHLG03KG89wceFz)MO5R5CZxJDz3c{GU!sG{EW!r={ zUOtuBr`O8^{d+)_f%`P`6BH9 zB*QX_g+!rjKGCdK@W`i}!;?(*^ZAxP?ovV7Q)eEv+n4dN`~!XAFQR8DYftW*Tj!RX zTesnln+We-Ih`@Di__Zp{?634of5s@VX5fS1Ijo zMz6Lu%KD6v*e=P;SD$sZ-YUN93E6EZkUpr(0%xk!udJ&j;floeazoer9${AtP1v3E zEN%M;GTqXx4xGj_l$vq*i}_LBvB-$O1H7@YqXcc#<-Rz=+64!T_*rkQZ$E16V%073 z_A)7AR7yy-aKzj~bs@EBamXzfNKb{;cF}r@#&X%*?HWVUo!lVrW+LgD6>pbjE1=4o z6#_qam`C4!Dr`)IL_-|J~c!o6Y~;d3pcgdCD4` z60K3X)K@p(W{tt2ms6HdJ^-J1tjg?fm1lO918Rtj!GMXLb2yX_>Q*a_NwXU{m3qRH zU=279TvE_xX7_k7fh($q@E=pcB*;(#qa33kI_h*gT1d2c-f1d0{CL=b zgh~}e1F9SLrz1azdjFOU`?IJR4jSf1@vj>3#spE1#Fu$y^Ve1IDpFTj@G9z&%ivX{ zQ}efwbP&Ay-(U@XB$A3;!O79F3ZhJkUoh4|L=z+p2QI}gK{QgaNU-rG==Z9!RR7P8 z-yXd`j?(1meXP*`oxR!o&(_{vbNfaApQEfTe@`TMTjYlN1j8Otn1J9mgYe?6bpH~` z=gr4H6tD$ey{x4e8MR|$hzT?6hpUu^6F{4tsQha!WODr&M8C*QcQ7&GE`=ZG-e!jvep zFm1AFnE<-rQ3r#EB#BF7l^6?YO}ahJHt;FQ;OAoKe+Gq;qH-2l50Ogv*a^vi3#Dlc z_Ph>dMx?fHcC5h%kszG8J*?Ee0T6U3kFgxUM4)ny6F8qyImR)I301GskJlN-S^)vG za!KHnW(b=5(EIR7mq27$Kh`)dNf`I8{J;3};0ku~)d*c*6Cx94*! z>HBvutX;6LtQb|b!9O$Wld6=vw>SvIxzZvn8`){NB9jd35hZZ;kK>jjtRSl6^~mp} z)ZJ4$&QAF}Yr-UwWDG+x!r5soX6`SJBHzM7_7J(T6)x>Ov!wRn!XW4gp_P^-vu~gH zm79GUgd~Y$52tJVx`Nb^f=rKezwe+2WVo?h}=gmAO)~;({NR)<= z<=GA2WMt;}z8X@7usH=5G7U3>x&>~4ev(vU_=E9G>zf;v48fhJN^@o3jG9nz)4Z)i zU*tT2(M{_%fv8MqqKcxe9pn`c6BO?htEu%6Kmzq>Y9FmW}-!OU2G z$@ciU%S!t{lZ5t|K347j?QFMZ?|FSx_kq*Zx6oRuLS|^ z!{$2jQM>ZeM`4VnTg*Z^yXoGCgxWukPTRW&ufK)!!_)Tb=Idt7dzQS%s4~uFeRIQn zyJ_A!6`mm93WCDhSetJ}62dU^ZL5f0bo*gtrT+U2y{GiC>imDZIrIKU>!7vsvj6ui zWo7(VhHNguDJ)Z-e8`p&NmAG>ub*Dn3e+e!-xHn?n^5-#*6oecI@k*VCPX`>88XUE zSL<5lxb+z>T+sD-{j|u^+6wG1V}#C8>ClFK?xzJREKvaza-o-iy1&oI8A6$8xK(X$ z${NHBiQBSKB=u()eadhO>Xxl{<@cS6QE-DPEP;l!P-{01L$9e&6e zD^cDCl{``ttp=6a4|wG}^7zd^mW^^IruwYlzpc#Pxg=cmQHI|cW*#= zv(i$TEH`15Xk5FmK-FcX$-aW!5vawHE3}%(iH?PI*PbNzK zggX8-|J2*mWJ75BGA$MX&sEqp9fU_p-`&gNhKByLoZFB-m|wnyhb~Dc zVQyr3R8em|NM&qo0PK8iQyV+7@cHa2{zE?wPXT9{v4I56dM~v%8*&nA^Fl##Qd=Pv z%QJ0T8;vwa(%5(t?r*=<~ycx#wQy1K1j=)vbO}cS~)}WHLq_O}R8tk&iS> zQFk7VnYQtaW#XrA@N~P~?*9Gz?ti!2UHsoY*xCJQ=YIEocV~BZXXoIj?#_d~gYHkz z{T7p7_Y}r5{Zsd==UOE05ArZ6m1UMIX?iVygjpukC{CEQ0%NW^32MuS9Mc{ISy|dm zvJ6em66}F*^b%!e#$vW~gfcyta+#{BS^8e1KxQx^$kp6UIc>3=|AyLdC3`U0ZLvJB zzINlCxZ6t6B%0^eH9cpNjnIG}&gBT~7zqah2K59rO#EnIGKECRAs-dmEe^0mD`S8O z(E?CIn5ja;8;?Fnm7-~7j7!V7L~VMl2ry$@^nmFJmubvrC`U~Hrzs4^iJ~R(gt72u zxAi$f?JTFhc`kV35Nb{4gm&YdZnt$i{x8@62@?gHZ)E_k(fb{*82sbm^Jmde>5N&6DGa$l*W(Bi z!8F2zY0d@$4Oj&Ogq#_JDR60(*B^^nE|^6VueE64qq@pb(@3ZR6TLNWAgn<55x|?3 zfcYtoxUqWHgLd1&AslHoI|e&u7IKY4et}MVE8TT!pKFz%F(=H9%{CMsJ7*P2)ZBU? zOUA(-5csv0he*SEko3;a!?Z6Yg3^#FjZO36mvzzF_*HRAjcLuo5RTN>nH3l?LQBc2 z=?n!XR%vIYtP)txk!v;KDW)Drn#nJy>8-V*U~W>sX0(hvW216G@4>5=M=v)kW3<%+ zjk#b6VQk01r0?z*^q+;XL?Br^<4E#QH0H{1tB4mthC1`NmW_Haadz1;)Zx~HPyTI+ zgJRT!Arl6Di{QqhtRTIgL&~+fm^EL#cWwUlbj&S2w(A0htD8@oAA z;qnq~avs2+6ZrGGeT?w}zZA%#3SDWq5wMKc0M)+S1jvVCfLfwOb3WkGeU04WeI*cq z_9hVIh|3HA_e+PV+`8F@f=P)Yt&ejQoG5LZ{QdL6pZERuz`N>grc&&|l-Xp=<)~~e zzkAibk#v;U+=IW(N;TVt{(PktoSr_Jiv9pCi$Bw6%7q{+!DS)}r`yml0zLS6>1RD2 zRt8|3Y=yywaVPZKM1~xGs#bC$EAQ^#V3}ZGyH^A8hXHnAIEB%(6 zKbY--paq6(PQ7)z&P*tl276CCr8Jfaff@>#A{lK(Yu`X9n5PZnjCAbn_q}^?;yhr` z$WjOV^zp-^=a1tog#iv}ld*c{+*k!DJwi04%589Bw}B7K4Q3lqnnDK?K2rtoEW?yD zi(*!;p(l`lBoqRA<3A@c_S2+?&P+R|P83gp$r%)qON)}GW`eA{!QTs%NyV2T28>%aK*{^(wc*u`+h6TB=vij!t{<+93FW8q`#R=H^2TPf;VW zEY)nJq>1CO!gIQuRS2}z_Mm(4W;}yw#^0BQ_OHIV-b6z0=#Zk)`(@nqG-Yh&Tm&|A zVmUz2g{+gb4Tj4kOwTPrcaV`hh7@z5X5^)K4`D%1oLeT0g2IqkoM@Gy9b;i4??jZ{ zGbL%4raqoEr(Wve`TWIiJ6j%yhjWL-OYUcABp*wY!2VuvjcMie{Jk=86{=PRm3O2v z;~lAMcex+!FaK|QmdAgUW8Qf`MvOM@@8ptHXoO3F6|K7|KD`lw}XH( zUGjw@$R{XK(_TXFIzO+q9%-Z~j#XA`SO_tL-wP&OR*QDWa@T!B8)_jFH^9RFp4$Ws z3@~AZK`<(7m@*m$LyjW#W>4^plQFc)Z=sumnX`UJFV3hhSyhu`vK6njj)xHPTOLXk zO!;lswQ<{U+PpJG=$H6Xl$)q5R}!T)K60&g?j#VNraWxP8jUJ6?Z<8>!i(GmkYfa) zr_G)>I={N^2lfzzeGx>>W5PSVGR*HW*bdEcqp7tO`Lc z4D9bkdk+qG_v5wJ&z+K=r2vvedL0Z>Ow$I@Ygno)BJf!VEB^?0ml9}Q*`)Q?n_lYMCa$4$1$FJaeoTwym?QdSH20$~v>28RpKe)NWR z_uS~Y&j0gSx{T#taTsv@`QQDf|F_%SJ=neT|GvjVx~rKS&3C+7-q=~e#u?krTI&Os zX)mPepR;_em7!%Rv&;q2KFfUF2Dc8Eml16^vfR%6$Z&%A`Qc#~Uk~H_7V8FuB-x5R zcpW~0~51(G6>is&a{OZgyyl8?qk%$_1ME30i3TLr2r8 zb!=Y+BbCaphf(&r0w9W_x$V8J>Ag<>Q-+z62EXPuz;)+;I|qA<`oFhxr~lvOxtad6 zJU5-W5jb+fafbG*jKG(Ad^N=0zAHWDA8SA;oO2YLG9B*^5;A6!@w3~&-495W=$8QN z%j*uuZUg+6034t~oSudAgjEomZthjMWlo@RMj5<%tNy_9@Pe1qUE=M*8q^b>;KL+Qg|sieSR2amAsc{tewbCB z-_mX{Kj895xJ}qA6E`%&t<}xV6weQM+i;}`E-!nxhHu%Z0%_T(wivV=S;olTylv-G zGj4A~I~vm8q}RE!OTL?rnleYSUgxngwsSSJ@Xh!JfO4{g zxTlYwJ%4}t__yP;=@M2YTK4-@)GE{qKX_`*-(0zspmP?i{aKVaH1Ie>s0Q{_u;-B-ipj{`me> z3A|O%7vC~ii*FjN#aDtgT?q77Az99!XjSB<2X8lWC3rI1aK2D=MCM6~ zXK1HxOXToogqmXTPfV;A1rP145wQLHS8jd2K`&3QE+X{D;_4N`ypDAyI|H<=BJxC~ zXFiI#P|h}d#_1WC#l`1(6nQQ%Lur`^=C0A1!gDuZBQ!HPYD5efmp$mtUD1qP^kDzN zgS`jTHZ)#aza>nKEPW}(>{Kc1QsFK>uB}WntchU5V4~4(RNu?+!?m~@r2Go2?z;282mAN0 z)c#&SXjuB#!(&pv_R1lloi6|8FY>(tQ_H<{l}?QG?(T7wIbhQtrhbWStktA>Yr<^ zcw!QjV&{L>6^Z5gUtKi+CUab){|EQGi~4{6VE5oo|G&pm-T#C)TpD;?rLEUm535%` z`QvW=jhRdZ8u);ie^~`>S=i=oPi`tryYg0fqr6c;3p8%oU2!hK%w!V7v4vE*3yj>r zU`CFTBrF&hp5+3;r_{)lmG`>r*x#;nS0ux%{qx0Ak3N|ZpTYCi$Q9e+RLtB_nZGJp z(j!w(vag7naOO-_S@>5SiW;(K2?AbVQrJ+HQ)1|Db~>bIU<6_gL#1)zYAjtr!&5b_ z(MnF_Up-SQ_(V2G9}vmuudMNE$jd@Sz4;}3$>PwT5fV6 zeLbo#DVe(4x1QmfiQro#Tsbo)GzA=7vv2X5Kr0JMr@qvo$WsbNnjLCYAM`oJjLEd* ze+Y1)120sHaOzLh$eT9~Ig*N}D6*iOuF}Y&O#S`i^3Jf+sKqJ~UxZ=@a}&7;`C&Ca1f`HLK_2kJ+HzB?<|-9aNnbo$U)@l1Qp$wU6L$&QOO!tXL;V*x zvrOBloHKG4Uz;;3T@$Q6jG2J}qFk(~+42N)Q!^LKOqLpk>eN5QME9%GvIPYy#p((@ z8)k7SN~8&+{;jLc`pyz@3H_>|HLex1_T9B=qAb`dk8Md!!lbKtLcu4fohZ0_>3&T} zgpR$|lu|KMg}cQbGXCDUSJ%mv^ctHK#;U9-N>et!2u{}U^zV;%ycMk^CzR`j;Az{d zoHzR6Iye&){LP$Pda>l%*t$6W#p4tDyUIStZkDG0c6{y-9l~2@43x6QYL>fgs;t2p z(*BcHzx`0(e*6MC#2f*E#CMxxYje}ItU919{||&3bTUT$JHcJ`}+#&BO5 z7$n7DqR6Jt7nb@-MJB<*3~dZG>G*7Kx1(uvVnepW7akhF{U%B#+*Rz8J-Y|bnJk!q z*Ul1FCM*=sQTHtK=8NUIR-|OaEN3`rfvy_qZ5R}m$PCDNNQLnhSE!NaD6RCYX@HzT z9#u7)H7$?f;gIB7sL{x?g&+_zzBZ4R-EG|xy`fDNWR5UbL+OnCB1odOUJ|_Uo|ZtU z#Ay#Hd(vCE8GDKehs5asZA?uIp3k?;a2ddbbty{AhqK@e`F0Acfay`;Onu|W89uXf zZuX<7bPW=vHJV(>)Ib;&NOFEb-30g6TK#^1j@?>o^9kDM5zmgv+>o2}hReO(_m#c> zl?!6ThO_&J(5|D?-q?!C1kyVPn3mZ2T8Sdh!6HSWi&DnrkB=0f5o;G!?E+3AQwzJT{4Zr<88=&Wz!eb z8(*n4?yo8~_MT{tdZ=_(RZ;iH2mpseOe~+!np@4259QX^uem^dulA*TRP&{o zuwzw>#$;y6oAEWvDC@Em`=pRY!F>$pOcG1%e9x)7TP~;}I34m)=tHU;zb2^pF#Nnx zwI6yk>c+{#;-u}o3^?yBUbnLF~R?(F~T=-F_VYvly>3@|mIMQP^^+^LV znWi3d#Vh>3#j1+0^D(YF|KIKIFZzEE_U?ZF<-0uVkF{3%VM4NUqH&0tB4jv(jWetA z4gaeuXLSc9{6H13xhJw=%5;mr#|2qo+;3Yw6jL@cYpv;+3*6k@YetC(7Sc=aXdtq zFQpHB2%E3a*vPq1{;%t|1s`jLc0<^Vq_Qje`p>UsIYJdVZ8ZRZ`$619AoEV7A=lG| zIzuk7+3yrHHNoiEVg}JECWST#(XSMuG$*aCGaUPCR-fQyVWSs?5ObK9C9UrEB-%nt z|Gj$g0;gfRFbjQgT&EdzsAO2p0;@Yl=P@Q{$ zgAGQm%R&e^ghwi$H91-#0nrf}%cXbaJP~fZ!wKc2ccpf)LSwylThswOgykdFT9^L% z>FR;)WrtFW@k-m_Rv&%DX@Spj!JBHhFhO$=@k07TpKC`#^bFaM7G%*jEg5jc^;)YT z^AOP*6LG<%uYSn44bhRYOE6tI6G5TK>dHE`mri<>5}I!%kn?3Lv>YW+P;= z9=Z{AZl0Hgg+nOUVoA>D@GAN)>vPyHa)`V$;lB4b%HzVr1y+;^rVTgk8_g|7PgS|* zFAH0Vd5KZvu98AK{uy+h0FpuNK|(>;A-tAs!nklhf}5gA;1DdWjSD*|+!4xfIcitx zQJb-SRwNYX`JV<15}mevKfK@;x}}adgq|^DA760$h^CGtLU$?DQ>Xu!dJv6Kb=Zv; zi@LZPUe_N6r#y9sDH;>x69l}-F`+A3Rll5=m`nR`Rt?x+vWyC3$|MT^y zaV#{|T*Rv55fV^MBhmNaQ%B5)%@HuEd5^QOLnMuZ0h4pdLavgCj;k>pvJN@pVlEZC zO_=0E7Q=%Msc4z9%3Q($4?`9|NP<17ga*(ZY~rdKE6s*;DJ6>-Rm{mI7sw{rzfvxl zs`f{+Lt>_HguLc)-{%UZ2PpgzmpY}9VsgX-RvR_COw-0(W#yDYw#eE(#(i4*Wns%8437PT+ z0>?DaI#HckO&UQx9w4u*GC=iKzFR$%jw;2ps)5KtnKo+F_a?J5DhXJxd#}AoH|50& z+JAq*q9O0cLb4a>V~PE*x3_oD{06p6rLfmW3Hp8w(e@?3*#z+ztv zhrrvR3S;e4V!#~+iHHvE!MqLLGmp50HMQpeU&#haV20!$gXIvOs%24;iglI;isekqSh}YTuB-MEyTI*!ysN z;19zW>SKxigUUCj^uN_^Z}8t*${T~#yx-yPAK#Z@#18~?oyL#CBfjSu6Jan1Xf~J! z9>dhZrv_*Pj0s>9EkzVDxdn!X2Lnr{(dHCsK_X&79WXr+nn5kq<`GIu_KyxH5`*#& z(ykwfVa?$j97Klvlo<-PM5Du`1gqn^vcr-h)ohC>#>f@Qn8{HcT$uq5(JJy7z79(3dg|OT7pK@|10SDw#o?iX)8ka6}mbEzBor_>DFJ zMlrhqV;DrRT>--x4u=Kap0_UZ3x z@362N%!Vonf}mxxP}RA8*lM%w{F-I@8|B(8jp3T_MLhjr_b`$s=BTp!k;N*738dM? zlTZvPj}5`$DPgzZ8>qR{Q;kbwg+5@5;S_5)MXVO#4y{fkfW~&~^@NoamiSZ5ON)GA zgiIpX8gNvm*;BK^Jt>A{EK=#TrX&_}&dIaM3mGzkNlH@LH?w3qer=PqDQhffC1JCG z?+(`Hg(88EkN>rsjn*dqw~m7AUpTa0q>p9szh+|^|Fv5?jSc==N8v+o?efsx^pT`# zze7eQ3`DYG5F>FhBI7i=Qw0tabr1(~oah5MB{9HPu?TWC*UU zJ+`+do-3T9Lkf5=p-2=u+~$R>o5F~D7~~_R4i945jTkWmBoh5Tdd7eR3X|o{5vvCv zDV0{FkSpY|Tnb=xh%rZGJ^`54Plj%Bkbq2(SLkIOVDOfvTBv}6#|&dIFp5|&KK~U0 z8t4kZcy5eP1>U=u{DQXEtoYajKlApk_X0hvIkQWc6XA@zA09aS?1qldZOHV*gcuFW zs$=B{<`BBruBCRs5|;Rk4Z#<1`{HLF0V;Eyy|yZSlcjwAPu#obJPnrl|IOBJ+5T_W zo9+6>{;#7HuP4CKSG7^YyXG-ifDidz@Pqo)d%=Ze#B5h<|1sZ$DRL za)0lkQA8FB9tK)S{7!6y@Cf}xWh=-O_rfhuwo_fpf>>Ch5|anm5R!?41xes^fLX|D zs)WjZfl+mOymxn1!h6L3Y>|^a6<~yu2Gy#mG?Way#i@sx*)CL8D${IdZQ?W=M^SZG zQpVdY5a3EY$g3dT(!TR$Tqb}aTvdvk>zs*V@u;{4?rQPV$>rYZ;pOMOqr(q-7az}Z z3S!SsSm%qgPY0FRmWLlNPxg)v&QJID4`y2}+_o8=gG!accuW=0bP9EVnV_apZg!eR z(W!`dFz%4O2&Q1N@(UEo$tI$7$c_;jmGge(wAFnSny&(CixZaw!bDm$4YVz%TCxOqi+3yQRY2=-y8AX3PBG>!DJ z2%#+;357>ChK9Gt1!*T-CX$x>dTlfN)t2)4fAaC-;M~`@`dRx}G5@3B|LyEj+I6nK5Y?BaX#Q=I>!@gm-G}CAldERb9+;5>WL$(9`#1f53w4 z>9A`S!9?e#Q;eQ2GRLdMQYZagWkJ;|l*k2i$07v}Q7;PYnm{YCO2Nfa10ggCkXOf! zL*^F~=m;uPw~FA{VIo3hxZ|$V)3+;Hj*ammV9rT3AwSlUVF(@%!ONCg&-=M}8G-i| zDARkBHX?dG9&j2Fyiu4*32{WB2-M`+f?E?U8LJH`&Pxp&Y^>-1ZYkS;ccwpcC~#T+ zM{~yh@9u1G?tj-(rqa`_>*w(K0>5t>#XZLLGjT8ck|9H5imI(v(?B_V42UoLC50A& z0IYYhe`;!AslbY!7O2X;PzY$^W!@4%a^_yq(W2!@k`hXRtvQMTIOym4-tedoqpC8>|A%;lBW&N}Tdn z&_9+;iBty6)xCTF4n9Xrb_*3?Cq#Va2tS=2Jxn{*3;ZnJC%Dnf_6&6HIoClt3w*ozDZ_& zDw{%rcfNE}GdacA-B>VH{#CP%$SQM$keTe#eLDvO2s{bZR?$Nf?w&y!_)4kqBw z+~6F;#`t1h?j~$52WKn*pV*|)l`PR@Yb~7h08FPCW|bl9@tCh_18`kImz^t_zqIhw z;U^|oIolc?SQey`>#-r>D-B

    CwI#@+tzsxnhAGMF-YUuEY{RADDoJbLpN35p^oN zbo1EQw68>D-}cy^S8eMeAqo{wnqbYYHLTNIL#U~`wpPZSrjrW%CR1nV6P_^4k1qe3 zd7N`Eiv>v9?Q~_o*pxo=HBG|otIZO#44nb15~F619~6pKgIx_~>`y=)Gh&yYy{@bU z!(Lv8VtqcSLS4Qp^C}k+=K{<Sj*p{p``nj$RX{t_#gNIn9f+h^g+TFb9 z#T%TWVVVO?z$DQq8PKLPOb57=Z0k9O>9*IaY6(+c9SEaHkGVs_t|LLi^U~E%Ir-0} zEl(vG6PHnaYJx-)RgT6NKzwp=@!Q9_WVl0)56*tc zGTCevTiyZqWh}h3!!34O`71uD;MEv>`h6k#Fx3fHCJVsIVq5vn4!Ff$B%wdr_Wur# z_VXvlMbT{mZ}3u@eRWB*jQ*+oE!Yy5aXP#-+X6(#jnN^ELSEo&tIGdmnS1~5a{8X@ z2v~Oi-`L%rvj2_7?&kh)E#;y6f0zBaH2r%v6?7GI{@Nqo6f9Hs|HkqUY4WTYK+E*M zz1yC~e~soQ|7R^_uKwG9Y;a7I#i|d_SJd;Yxx*sl-Cd>dreLLWN2W07^m~M)dVdcv z3BOi4#q9eT!u$IQ$?yU;y5Fie=r^aE{N+N+AH(iE*vsA_taN_AtMH`U;iL)lbpJ=O zulp^W0UifY8ZuJJ-tRa9fLO`f=Whd|Z1?ZJ1`}A;|H}c30A4CzC+p1r+ilF||84xg zwG`aK=AwCK(^lO}Id3Bo(1>(?A|VenP;rTm5xyImyjiAWlE!^T-d=B!wGOZPzO(uNZ)+(}k2n9#Zjj~Pf!j$Q?y57^ zL%J-Q`aqvRH5=kyoM@=hF8)h46X2ff#B5xbxn9 h!2ic>@ODc zVQyr3R8em|NM&qo0PH+#Z{s+U{aL@F&S{``8!h<}Cp{3bz~$1JyqBCZ#bWVM50XVnD!Rupk=mP*guQwa==FNN z!{N~W@AZ1^|NUO?{j2`4H|X^a`-6V(Rj=QFKODS*-qWztgiL87U-iDbu6E;o5Fnfj zO*9o;`3^upG+`q00-`lTkBV-9QqwWT&<9C)5Tjg*7E+ZmGIcpg(1&v>mSW*uijpSC zHDNwp3B+K+;s( zq{|qAq$#6;?R5w-WnyZ&1dvCRBaDTFe`F(+95pH@7KZCs>s0yOuC%N;G%&Qv#J~u! z@`~{>jUh^*R$V3{p==p7iJW=+Ck+OBednd8;SOF1jQ*bxmZ5q&1F%m2@Avmx`hPI! z^>+IIIe;c4!b-IpRpADLYbh8*>1Y!9FtJJkO4u{n9SRKsS^(ur6UH2dTAlDfPE&o7 z5NZ^BCoga&#e{|kgaeu!tKvSQexsl$03--R#x+QcsM6BvMu( zVQiEo?{|3 z7W3j~$~4NNvX>U69}X45GwWHyEuq>fbsZz*vT8J5AQFTu z^&AJ_EgZ)f+*pjc(kzKt<>tdpHo`zNaJjAiJa^o^N*x$3OhJ)pP@3pW75;PEaLwzx zmeiQ2vA8xIAy=71n2HP{)IcC$nbIf=3ju_OaC+uAmjbjD*@&Tvh0qWfT7KRRL$GKg z6OpoMn=o!FOhu?Hbu;U&z^L_iq$ ze}j+)8aiVtO}25lEKXId+lNJ{Jb2}NrbYbGfzHg(k|RKtWS(_=UDTN=i-}SB6yW;+-n?XtVmeL zg578EZaC3&f?kLdn;MWHwp-|2qvV9O5H_0tt(pRq+D!;2k=^QkEScH{e>HTio@~)A zb}Udezqi&Tm+Wt-`Yl+LHt%3cpLrA1OETDOdDssqfpBG<)IvO2VSZ1YpWXfRzYZ5FT? zWRmKsMWGutU!{y{PbJhnEPsZ`u=tr43d{v7X5Zc@!&-MtIbrm7l#6UP^In$MnqqH`Lp{A}R4uI< zm1T*mkShk3nv*AJ{(^wpy{dZGxb^Avt!f}s_@K@GR{i9<&emPkhh5aISfnjl$kGA8 z?U3684jf6M`^+1np*?35-vByxKrx4xIw zc_q7XZ&vh@`+qCFlT_|90m&A?a3wLD$Lu!TYxS4-XIack=%n&fcy-I8jm;L@DF(nQnX zsEi@)`2V`^(6m|MyvS_Unf+R?Yxd6c0ObM8!iA&svV0W{YIvKy`6K9&ru@&(gtn;w z*2w>0f7rhNbI?0{zmxyxfV%t}r*>}YKU8yJt%=`I6Q~peLqZ|LKnv;H5RJt6z#qv7 znaUHOMZIXwbIm)W23q(dWLT&k8 ziB-@^E3?!DwZu-RO?ELRx=p6QD7_ea!>NW)Q(enx)wo+*cQuUb7_f+&a#2xT(ox7K z^)V=}mi_Yi>geqB>g&w>cvE=EOtItQDPA<-lj!za# zt(>+cUU5~TVGv9b%x3;VuxzJU>?~vK%pI>H*<&Z*2fZPxYDYW5EcP5Y00BBo<|sp8q< zzk2<_LHqvK!QfyQ|M@J?Qv1s<*cdHXcNCT!O>`%H!qS-R7v95(nMrx+CGNxBcZlryS`(UbOf`k_hH==3$i)%}*OGf1)E4kHbjbfWS9@1PR{>cTC&`VRTb!Iis4nU=BicO`FE4kG0xC5MK2N}Vn|Y| z>@9$tm%Nl$=z(IeS8?b~2Ht;aogP;?pX#jVkSV;9c3xeP@p1yK2J_TGCD-$JT)P2AydKX-J5 z)IL;SQfLtf=ELRjnN86|MyStfSk1kp6+1pJ-N}DoSStU;ntoeqV6FXsKWMN2-uHL* z|5@N6`7e)7*PihHe?LV1fx*bX7b8n(#D&Bssbih|9}EuL@Bj1qv_{G8 z6E*oHfZG^(exr->2vQQq5=_O_XpB#M*h!Fjy`-k z@sjX~>R2QHgWjOM|JxtD-}(Q~0`@g8$NASe6~F$a`DVypfvWZkCF@=*^c=^k2>T)- z+)~D>7hZIX_HC27-|!A@V;aOcnl?J8j(c7`v*J0cd0UNR|O zepI$8rle6iC?$qvRe7_d$TYqKg;>59lk?%m*S3MxlPfaGW7HgHZ?6cGDemby&IKaW zp3<`g8@1$TS1K=jCegk)si;QfIHpDA3zW6~gud5503m_nEz0s5QcmHtM%!_YZKSGg zWaWJsMK1H6w0%6nk|7M=*_IX$Yh9cEDI^@yn0d0oA9lSjtZ z>Z(1$ImfcQ@=KALamQV%iuAwPec|itYsWdQ%?3N68jKjHWj;{u(mL{FJMFw~PV}Gk zr;2J15zU_~vZgAZkHvFAE1n4gyrar2XP0!3%NuRo@:: + +# comma separated list of domains or ip addresses that will not use the proxy +noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local diff --git a/released/charts/fleet/fleet/0.3.200/templates/_helpers.tpl b/released/charts/fleet/fleet/0.3.200/templates/_helpers.tpl new file mode 100644 index 000000000..f652b5643 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.200/templates/_helpers.tpl @@ -0,0 +1,7 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.200/templates/configmap.yaml b/released/charts/fleet/fleet/0.3.200/templates/configmap.yaml new file mode 100644 index 000000000..c546c4b97 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.200/templates/configmap.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: fleet-controller +data: + config: | + { + "agentImage": "{{ template "system_default_registry" . }}{{.Values.agentImage.repository}}:{{.Values.agentImage.tag}}", + "agentImagePullPolicy": "{{ .Values.agentImage.imagePullPolicy }}", + "apiServerURL": "{{.Values.apiServerURL}}", + "apiServerCA": "{{b64enc .Values.apiServerCA}}", + "agentCheckinInterval": "{{.Values.agentCheckinInterval}}", + "ignoreClusterRegistrationLabels": {{.Values.ignoreClusterRegistrationLabels}}, + "bootstrap": { + "paths": "{{.Values.bootstrap.paths}}", + "repo": "{{.Values.bootstrap.repo}}", + "secret": "{{.Values.bootstrap.secret}}", + "branch": "{{.Values.bootstrap.branch}}", + "namespace": "{{.Values.bootstrap.namespace}}", + }, + "webhookReceiverURL": "{{.Values.webhookReceiverURL}}", + "githubURLPrefix": "{{.Values.githubURLPrefix}}" + } diff --git a/released/charts/fleet/fleet/0.3.200/templates/deployment.yaml b/released/charts/fleet/fleet/0.3.200/templates/deployment.yaml new file mode 100644 index 000000000..25c505ad8 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.200/templates/deployment.yaml @@ -0,0 +1,23 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: fleet-controller +spec: + selector: + matchLabels: + app: fleet-controller + template: + metadata: + labels: + app: fleet-controller + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + name: fleet-controller + imagePullPolicy: "{{ .Values.image.imagePullPolicy }}" + serviceAccountName: fleet-controller diff --git a/released/charts/fleet/fleet/0.3.200/templates/rbac.yaml b/released/charts/fleet/fleet/0.3.200/templates/rbac.yaml new file mode 100644 index 000000000..59df51b1f --- /dev/null +++ b/released/charts/fleet/fleet/0.3.200/templates/rbac.yaml @@ -0,0 +1,106 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fleet-controller +rules: +- apiGroups: + - gitjob.cattle.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - fleet.cattle.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - "" + resources: + - namespaces + - serviceaccounts + verbs: + - '*' +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - roles + - rolebindings + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fleet-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fleet-controller +subjects: +- kind: ServiceAccount + name: fleet-controller + namespace: {{.Release.Namespace}} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: fleet-controller +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: fleet-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: fleet-controller +subjects: +- kind: ServiceAccount + name: fleet-controller + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fleet-controller-bootstrap +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fleet-controller-bootstrap +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fleet-controller-bootstrap +subjects: +- kind: ServiceAccount + name: fleet-controller-bootstrap + namespace: {{.Release.Namespace}} diff --git a/released/charts/fleet/fleet/0.3.200/templates/serviceaccount.yaml b/released/charts/fleet/fleet/0.3.200/templates/serviceaccount.yaml new file mode 100644 index 000000000..bd99d9958 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.200/templates/serviceaccount.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fleet-controller + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fleet-controller-bootstrap diff --git a/released/charts/fleet/fleet/0.3.200/values.yaml b/released/charts/fleet/fleet/0.3.200/values.yaml new file mode 100644 index 000000000..fb3e231fc --- /dev/null +++ b/released/charts/fleet/fleet/0.3.200/values.yaml @@ -0,0 +1,38 @@ +image: + repository: rancher/fleet + tag: v0.3.2 + imagePullPolicy: IfNotPresent + +agentImage: + repository: rancher/fleet-agent + tag: v0.3.2 + imagePullPolicy: IfNotPresent + +# For cluster registration the public URL of the Kubernetes API server must be set here +# Example: https://example.com:6443 +apiServerURL: "" + +# For cluster registration the pem encoded value of the CA of the Kubernetes API server must be set here +# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA. +apiServerCA: "" + +# A duration string for how often agents should report a heartbeat +agentCheckinInterval: "15m" + +# Whether you want to allow cluster upon registration to specify their labels. +ignoreClusterRegistrationLabels: false + +bootstrap: + # The namespace that will be autocreated and the local cluster will be registered in + namespace: fleet-local + # A repo to add at install time that will deploy to the local cluster. This allows + # one to fully bootstrap fleet, it's configuration and all it's downstream clusters + # in one shot. + repo: "" + secret: "" + branch: master + paths: "" + +global: + cattle: + systemDefaultRegistry: "" \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.300/Chart.yaml b/released/charts/fleet/fleet/0.3.300/Chart.yaml new file mode 100644 index 000000000..a6b88e2ff --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/Chart.yaml @@ -0,0 +1,15 @@ +annotations: + catalog.cattle.io/auto-install: fleet-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/experimental: "true" + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: fleet-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 + catalog.cattle.io/release-name: fleet +apiVersion: v2 +appVersion: 0.3.3 +description: Fleet Manager - GitOps at Scale +icon: https://charts.rancher.io/assets/logos/fleet.svg +name: fleet +version: 0.3.300 diff --git a/released/charts/fleet/fleet/0.3.300/charts/gitjob/.helmignore b/released/charts/fleet/fleet/0.3.300/charts/gitjob/.helmignore new file mode 100644 index 000000000..691fa13d6 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/charts/gitjob/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.300/charts/gitjob/Chart.yaml b/released/charts/fleet/fleet/0.3.300/charts/gitjob/Chart.yaml new file mode 100644 index 000000000..a1d0b9a8f --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/charts/gitjob/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v2 +appVersion: 0.1.12 +description: Controller that run jobs based on git events +name: gitjob +version: 0.1.12 diff --git a/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/_helpers.tpl b/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/_helpers.tpl new file mode 100644 index 000000000..f652b5643 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/_helpers.tpl @@ -0,0 +1,7 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/clusterrole.yaml b/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/clusterrole.yaml new file mode 100644 index 000000000..bcad90164 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/clusterrole.yaml @@ -0,0 +1,38 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: gitjob +rules: + - apiGroups: + - "batch" + resources: + - 'jobs' + verbs: + - '*' + - apiGroups: + - "" + resources: + - 'pods' + verbs: + - 'list' + - 'get' + - 'watch' + - apiGroups: + - "" + resources: + - 'secrets' + verbs: + - '*' + - apiGroups: + - "" + resources: + - 'configmaps' + verbs: + - '*' + - apiGroups: + - "gitjob.cattle.io" + resources: + - "gitjobs" + - "gitjobs/status" + verbs: + - "*" \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/clusterrolebinding.yaml b/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..0bf07c4ef --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: gitjob-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gitjob +subjects: + - kind: ServiceAccount + name: gitjob + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/deployment.yaml b/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/deployment.yaml new file mode 100644 index 000000000..93b549432 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/deployment.yaml @@ -0,0 +1,34 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gitjob +spec: + selector: + matchLabels: + app: "gitjob" + template: + metadata: + labels: + app: "gitjob" + spec: + serviceAccountName: gitjob + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.gitjob.repository }}:{{ .Values.gitjob.tag }}" + name: gitjob + command: + - gitjob + - --tekton-image + - "{{ template "system_default_registry" . }}{{ .Values.tekton.repository }}:{{ .Values.tekton.tag }}" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +{{- if .Values.proxy }} + - name: HTTP_PROXY + value: {{ .Values.proxy }} + - name: HTTPS_PROXY + value: {{ .Values.proxy }} + - name: NO_PROXY + value: {{ .Values.noProxy }} +{{- end }} diff --git a/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/service.yaml b/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/service.yaml new file mode 100644 index 000000000..bf57c1b55 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: gitjob +spec: + ports: + - name: http-80 + port: 80 + protocol: TCP + targetPort: 8080 + selector: + app: "gitjob" \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/serviceaccount.yaml b/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/serviceaccount.yaml new file mode 100644 index 000000000..5f8aecb04 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/serviceaccount.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: gitjob diff --git a/released/charts/fleet/fleet/0.3.300/charts/gitjob/values.yaml b/released/charts/fleet/fleet/0.3.300/charts/gitjob/values.yaml new file mode 100644 index 000000000..650f62af2 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/charts/gitjob/values.yaml @@ -0,0 +1,17 @@ +gitjob: + repository: rancher/gitjob + tag: v0.1.12 + +tekton: + repository: rancher/tekton-utils + tag: v0.1.1 + +global: + cattle: + systemDefaultRegistry: "" + +# http[s] proxy server +# proxy: http://@:: + +# comma separated list of domains or ip addresses that will not use the proxy +noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local diff --git a/released/charts/fleet/fleet/0.3.300/templates/_helpers.tpl b/released/charts/fleet/fleet/0.3.300/templates/_helpers.tpl new file mode 100644 index 000000000..f652b5643 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/templates/_helpers.tpl @@ -0,0 +1,7 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.300/templates/configmap.yaml b/released/charts/fleet/fleet/0.3.300/templates/configmap.yaml new file mode 100644 index 000000000..c546c4b97 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/templates/configmap.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: fleet-controller +data: + config: | + { + "agentImage": "{{ template "system_default_registry" . }}{{.Values.agentImage.repository}}:{{.Values.agentImage.tag}}", + "agentImagePullPolicy": "{{ .Values.agentImage.imagePullPolicy }}", + "apiServerURL": "{{.Values.apiServerURL}}", + "apiServerCA": "{{b64enc .Values.apiServerCA}}", + "agentCheckinInterval": "{{.Values.agentCheckinInterval}}", + "ignoreClusterRegistrationLabels": {{.Values.ignoreClusterRegistrationLabels}}, + "bootstrap": { + "paths": "{{.Values.bootstrap.paths}}", + "repo": "{{.Values.bootstrap.repo}}", + "secret": "{{.Values.bootstrap.secret}}", + "branch": "{{.Values.bootstrap.branch}}", + "namespace": "{{.Values.bootstrap.namespace}}", + }, + "webhookReceiverURL": "{{.Values.webhookReceiverURL}}", + "githubURLPrefix": "{{.Values.githubURLPrefix}}" + } diff --git a/released/charts/fleet/fleet/0.3.300/templates/deployment.yaml b/released/charts/fleet/fleet/0.3.300/templates/deployment.yaml new file mode 100644 index 000000000..25c505ad8 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/templates/deployment.yaml @@ -0,0 +1,23 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: fleet-controller +spec: + selector: + matchLabels: + app: fleet-controller + template: + metadata: + labels: + app: fleet-controller + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + name: fleet-controller + imagePullPolicy: "{{ .Values.image.imagePullPolicy }}" + serviceAccountName: fleet-controller diff --git a/released/charts/fleet/fleet/0.3.300/templates/rbac.yaml b/released/charts/fleet/fleet/0.3.300/templates/rbac.yaml new file mode 100644 index 000000000..59df51b1f --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/templates/rbac.yaml @@ -0,0 +1,106 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fleet-controller +rules: +- apiGroups: + - gitjob.cattle.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - fleet.cattle.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - "" + resources: + - namespaces + - serviceaccounts + verbs: + - '*' +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - roles + - rolebindings + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fleet-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fleet-controller +subjects: +- kind: ServiceAccount + name: fleet-controller + namespace: {{.Release.Namespace}} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: fleet-controller +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: fleet-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: fleet-controller +subjects: +- kind: ServiceAccount + name: fleet-controller + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fleet-controller-bootstrap +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fleet-controller-bootstrap +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fleet-controller-bootstrap +subjects: +- kind: ServiceAccount + name: fleet-controller-bootstrap + namespace: {{.Release.Namespace}} diff --git a/released/charts/fleet/fleet/0.3.300/templates/serviceaccount.yaml b/released/charts/fleet/fleet/0.3.300/templates/serviceaccount.yaml new file mode 100644 index 000000000..bd99d9958 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/templates/serviceaccount.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fleet-controller + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fleet-controller-bootstrap diff --git a/released/charts/fleet/fleet/0.3.300/values.yaml b/released/charts/fleet/fleet/0.3.300/values.yaml new file mode 100644 index 000000000..36af75dc9 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/values.yaml @@ -0,0 +1,38 @@ +image: + repository: rancher/fleet + tag: v0.3.3 + imagePullPolicy: IfNotPresent + +agentImage: + repository: rancher/fleet-agent + tag: v0.3.3 + imagePullPolicy: IfNotPresent + +# For cluster registration the public URL of the Kubernetes API server must be set here +# Example: https://example.com:6443 +apiServerURL: "" + +# For cluster registration the pem encoded value of the CA of the Kubernetes API server must be set here +# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA. +apiServerCA: "" + +# A duration string for how often agents should report a heartbeat +agentCheckinInterval: "15m" + +# Whether you want to allow cluster upon registration to specify their labels. +ignoreClusterRegistrationLabels: false + +bootstrap: + # The namespace that will be autocreated and the local cluster will be registered in + namespace: fleet-local + # A repo to add at install time that will deploy to the local cluster. This allows + # one to fully bootstrap fleet, it's configuration and all it's downstream clusters + # in one shot. + repo: "" + secret: "" + branch: master + paths: "" + +global: + cattle: + systemDefaultRegistry: "" \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.400/Chart.yaml b/released/charts/fleet/fleet/0.3.400/Chart.yaml new file mode 100755 index 000000000..b62e294de --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/Chart.yaml @@ -0,0 +1,15 @@ +annotations: + catalog.cattle.io/auto-install: fleet-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/experimental: "true" + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: fleet-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 + catalog.cattle.io/release-name: fleet +apiVersion: v2 +appVersion: 0.3.4 +description: Fleet Manager - GitOps at Scale +icon: https://charts.rancher.io/assets/logos/fleet.svg +name: fleet +version: 0.3.400 diff --git a/released/charts/fleet/fleet/0.3.400/charts/gitjob/.helmignore b/released/charts/fleet/fleet/0.3.400/charts/gitjob/.helmignore new file mode 100755 index 000000000..691fa13d6 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/charts/gitjob/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.400/charts/gitjob/Chart.yaml b/released/charts/fleet/fleet/0.3.400/charts/gitjob/Chart.yaml new file mode 100755 index 000000000..5724324d7 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/charts/gitjob/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v2 +appVersion: 0.1.13 +description: Controller that run jobs based on git events +name: gitjob +version: 0.1.13 diff --git a/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/_helpers.tpl b/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/_helpers.tpl new file mode 100755 index 000000000..f652b5643 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/_helpers.tpl @@ -0,0 +1,7 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/clusterrole.yaml b/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/clusterrole.yaml new file mode 100755 index 000000000..bcad90164 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/clusterrole.yaml @@ -0,0 +1,38 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: gitjob +rules: + - apiGroups: + - "batch" + resources: + - 'jobs' + verbs: + - '*' + - apiGroups: + - "" + resources: + - 'pods' + verbs: + - 'list' + - 'get' + - 'watch' + - apiGroups: + - "" + resources: + - 'secrets' + verbs: + - '*' + - apiGroups: + - "" + resources: + - 'configmaps' + verbs: + - '*' + - apiGroups: + - "gitjob.cattle.io" + resources: + - "gitjobs" + - "gitjobs/status" + verbs: + - "*" \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/clusterrolebinding.yaml b/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..0bf07c4ef --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: gitjob-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gitjob +subjects: + - kind: ServiceAccount + name: gitjob + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/deployment.yaml b/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/deployment.yaml new file mode 100755 index 000000000..a12a30d92 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/deployment.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gitjob +spec: + selector: + matchLabels: + app: "gitjob" + template: + metadata: + labels: + app: "gitjob" + spec: + serviceAccountName: gitjob + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.gitjob.repository }}:{{ .Values.gitjob.tag }}" + name: gitjob + command: + - gitjob + - --tekton-image + - "{{ template "system_default_registry" . }}{{ .Values.tekton.repository }}:{{ .Values.tekton.tag }}" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.proxy }} + - name: HTTP_PROXY + value: {{ .Values.proxy }} + - name: HTTPS_PROXY + value: {{ .Values.proxy }} + - name: NO_PROXY + value: {{ .Values.noProxy }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/service.yaml b/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/service.yaml new file mode 100755 index 000000000..bf57c1b55 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: gitjob +spec: + ports: + - name: http-80 + port: 80 + protocol: TCP + targetPort: 8080 + selector: + app: "gitjob" \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/serviceaccount.yaml b/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/serviceaccount.yaml new file mode 100755 index 000000000..5f8aecb04 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/serviceaccount.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: gitjob diff --git a/released/charts/fleet/fleet/0.3.400/charts/gitjob/values.yaml b/released/charts/fleet/fleet/0.3.400/charts/gitjob/values.yaml new file mode 100755 index 000000000..051e88b83 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/charts/gitjob/values.yaml @@ -0,0 +1,26 @@ +gitjob: + repository: rancher/gitjob + tag: v0.1.13 + +tekton: + repository: rancher/tekton-utils + tag: v0.1.1 + +global: + cattle: + systemDefaultRegistry: "" + +# http[s] proxy server +# proxy: http://@:: + +# comma separated list of domains or ip addresses that will not use the proxy +noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local + +nodeSelector: + kubernetes.io/os: linux + +tolerations: + - key: cattle.io/os + operator: "Equal" + value: "linux" + effect: NoSchedule diff --git a/released/charts/fleet/fleet/0.3.400/templates/_helpers.tpl b/released/charts/fleet/fleet/0.3.400/templates/_helpers.tpl new file mode 100755 index 000000000..f652b5643 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/templates/_helpers.tpl @@ -0,0 +1,7 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.400/templates/configmap.yaml b/released/charts/fleet/fleet/0.3.400/templates/configmap.yaml new file mode 100755 index 000000000..c546c4b97 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/templates/configmap.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: fleet-controller +data: + config: | + { + "agentImage": "{{ template "system_default_registry" . }}{{.Values.agentImage.repository}}:{{.Values.agentImage.tag}}", + "agentImagePullPolicy": "{{ .Values.agentImage.imagePullPolicy }}", + "apiServerURL": "{{.Values.apiServerURL}}", + "apiServerCA": "{{b64enc .Values.apiServerCA}}", + "agentCheckinInterval": "{{.Values.agentCheckinInterval}}", + "ignoreClusterRegistrationLabels": {{.Values.ignoreClusterRegistrationLabels}}, + "bootstrap": { + "paths": "{{.Values.bootstrap.paths}}", + "repo": "{{.Values.bootstrap.repo}}", + "secret": "{{.Values.bootstrap.secret}}", + "branch": "{{.Values.bootstrap.branch}}", + "namespace": "{{.Values.bootstrap.namespace}}", + }, + "webhookReceiverURL": "{{.Values.webhookReceiverURL}}", + "githubURLPrefix": "{{.Values.githubURLPrefix}}" + } diff --git a/released/charts/fleet/fleet/0.3.400/templates/deployment.yaml b/released/charts/fleet/fleet/0.3.400/templates/deployment.yaml new file mode 100755 index 000000000..c64f94ddb --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/templates/deployment.yaml @@ -0,0 +1,31 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: fleet-controller +spec: + selector: + matchLabels: + app: fleet-controller + template: + metadata: + labels: + app: fleet-controller + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + name: fleet-controller + imagePullPolicy: "{{ .Values.image.imagePullPolicy }}" + serviceAccountName: fleet-controller + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/released/charts/fleet/fleet/0.3.400/templates/rbac.yaml b/released/charts/fleet/fleet/0.3.400/templates/rbac.yaml new file mode 100755 index 000000000..59df51b1f --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/templates/rbac.yaml @@ -0,0 +1,106 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fleet-controller +rules: +- apiGroups: + - gitjob.cattle.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - fleet.cattle.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - "" + resources: + - namespaces + - serviceaccounts + verbs: + - '*' +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - roles + - rolebindings + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fleet-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fleet-controller +subjects: +- kind: ServiceAccount + name: fleet-controller + namespace: {{.Release.Namespace}} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: fleet-controller +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: fleet-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: fleet-controller +subjects: +- kind: ServiceAccount + name: fleet-controller + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fleet-controller-bootstrap +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fleet-controller-bootstrap +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fleet-controller-bootstrap +subjects: +- kind: ServiceAccount + name: fleet-controller-bootstrap + namespace: {{.Release.Namespace}} diff --git a/released/charts/fleet/fleet/0.3.400/templates/serviceaccount.yaml b/released/charts/fleet/fleet/0.3.400/templates/serviceaccount.yaml new file mode 100755 index 000000000..bd99d9958 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/templates/serviceaccount.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fleet-controller + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fleet-controller-bootstrap diff --git a/released/charts/fleet/fleet/0.3.400/values.yaml b/released/charts/fleet/fleet/0.3.400/values.yaml new file mode 100755 index 000000000..726f35877 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/values.yaml @@ -0,0 +1,47 @@ +image: + repository: rancher/fleet + tag: v0.3.4 + imagePullPolicy: IfNotPresent + +agentImage: + repository: rancher/fleet-agent + tag: v0.3.4 + imagePullPolicy: IfNotPresent + +# For cluster registration the public URL of the Kubernetes API server must be set here +# Example: https://example.com:6443 +apiServerURL: "" + +# For cluster registration the pem encoded value of the CA of the Kubernetes API server must be set here +# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA. +apiServerCA: "" + +# A duration string for how often agents should report a heartbeat +agentCheckinInterval: "15m" + +# Whether you want to allow cluster upon registration to specify their labels. +ignoreClusterRegistrationLabels: false + +bootstrap: + # The namespace that will be autocreated and the local cluster will be registered in + namespace: fleet-local + # A repo to add at install time that will deploy to the local cluster. This allows + # one to fully bootstrap fleet, it's configuration and all it's downstream clusters + # in one shot. + repo: "" + secret: "" + branch: master + paths: "" + +global: + cattle: + systemDefaultRegistry: "" + +nodeSelector: + kubernetes.io/os: linux + +tolerations: + - key: cattle.io/os + operator: "Equal" + value: "linux" + effect: NoSchedule \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.500/Chart.yaml b/released/charts/fleet/fleet/0.3.500/Chart.yaml new file mode 100755 index 000000000..6ab92a3d4 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/Chart.yaml @@ -0,0 +1,15 @@ +annotations: + catalog.cattle.io/auto-install: fleet-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/experimental: "true" + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: fleet-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 + catalog.cattle.io/release-name: fleet +apiVersion: v2 +appVersion: 0.3.5 +description: Fleet Manager - GitOps at Scale +icon: https://charts.rancher.io/assets/logos/fleet.svg +name: fleet +version: 0.3.500 diff --git a/released/charts/fleet/fleet/0.3.500/charts/gitjob/.helmignore b/released/charts/fleet/fleet/0.3.500/charts/gitjob/.helmignore new file mode 100755 index 000000000..691fa13d6 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/charts/gitjob/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.500/charts/gitjob/Chart.yaml b/released/charts/fleet/fleet/0.3.500/charts/gitjob/Chart.yaml new file mode 100755 index 000000000..62e1e0255 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/charts/gitjob/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v2 +appVersion: 0.1.15 +description: Controller that run jobs based on git events +name: gitjob +version: 0.1.15 diff --git a/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/_helpers.tpl b/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/_helpers.tpl new file mode 100755 index 000000000..f652b5643 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/_helpers.tpl @@ -0,0 +1,7 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/clusterrole.yaml b/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/clusterrole.yaml new file mode 100755 index 000000000..bcad90164 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/clusterrole.yaml @@ -0,0 +1,38 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: gitjob +rules: + - apiGroups: + - "batch" + resources: + - 'jobs' + verbs: + - '*' + - apiGroups: + - "" + resources: + - 'pods' + verbs: + - 'list' + - 'get' + - 'watch' + - apiGroups: + - "" + resources: + - 'secrets' + verbs: + - '*' + - apiGroups: + - "" + resources: + - 'configmaps' + verbs: + - '*' + - apiGroups: + - "gitjob.cattle.io" + resources: + - "gitjobs" + - "gitjobs/status" + verbs: + - "*" \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/clusterrolebinding.yaml b/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..0bf07c4ef --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: gitjob-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gitjob +subjects: + - kind: ServiceAccount + name: gitjob + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/deployment.yaml b/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/deployment.yaml new file mode 100755 index 000000000..a12a30d92 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/deployment.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gitjob +spec: + selector: + matchLabels: + app: "gitjob" + template: + metadata: + labels: + app: "gitjob" + spec: + serviceAccountName: gitjob + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.gitjob.repository }}:{{ .Values.gitjob.tag }}" + name: gitjob + command: + - gitjob + - --tekton-image + - "{{ template "system_default_registry" . }}{{ .Values.tekton.repository }}:{{ .Values.tekton.tag }}" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.proxy }} + - name: HTTP_PROXY + value: {{ .Values.proxy }} + - name: HTTPS_PROXY + value: {{ .Values.proxy }} + - name: NO_PROXY + value: {{ .Values.noProxy }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/service.yaml b/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/service.yaml new file mode 100755 index 000000000..bf57c1b55 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: gitjob +spec: + ports: + - name: http-80 + port: 80 + protocol: TCP + targetPort: 8080 + selector: + app: "gitjob" \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/serviceaccount.yaml b/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/serviceaccount.yaml new file mode 100755 index 000000000..5f8aecb04 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/serviceaccount.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: gitjob diff --git a/released/charts/fleet/fleet/0.3.500/charts/gitjob/values.yaml b/released/charts/fleet/fleet/0.3.500/charts/gitjob/values.yaml new file mode 100755 index 000000000..90ca446a9 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/charts/gitjob/values.yaml @@ -0,0 +1,26 @@ +gitjob: + repository: rancher/gitjob + tag: v0.1.15 + +tekton: + repository: rancher/tekton-utils + tag: v0.1.1 + +global: + cattle: + systemDefaultRegistry: "" + +# http[s] proxy server +# proxy: http://@:: + +# comma separated list of domains or ip addresses that will not use the proxy +noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local + +nodeSelector: + kubernetes.io/os: linux + +tolerations: + - key: cattle.io/os + operator: "Equal" + value: "linux" + effect: NoSchedule diff --git a/released/charts/fleet/fleet/0.3.500/templates/_helpers.tpl b/released/charts/fleet/fleet/0.3.500/templates/_helpers.tpl new file mode 100755 index 000000000..f652b5643 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/templates/_helpers.tpl @@ -0,0 +1,7 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.500/templates/configmap.yaml b/released/charts/fleet/fleet/0.3.500/templates/configmap.yaml new file mode 100755 index 000000000..c546c4b97 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/templates/configmap.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: fleet-controller +data: + config: | + { + "agentImage": "{{ template "system_default_registry" . }}{{.Values.agentImage.repository}}:{{.Values.agentImage.tag}}", + "agentImagePullPolicy": "{{ .Values.agentImage.imagePullPolicy }}", + "apiServerURL": "{{.Values.apiServerURL}}", + "apiServerCA": "{{b64enc .Values.apiServerCA}}", + "agentCheckinInterval": "{{.Values.agentCheckinInterval}}", + "ignoreClusterRegistrationLabels": {{.Values.ignoreClusterRegistrationLabels}}, + "bootstrap": { + "paths": "{{.Values.bootstrap.paths}}", + "repo": "{{.Values.bootstrap.repo}}", + "secret": "{{.Values.bootstrap.secret}}", + "branch": "{{.Values.bootstrap.branch}}", + "namespace": "{{.Values.bootstrap.namespace}}", + }, + "webhookReceiverURL": "{{.Values.webhookReceiverURL}}", + "githubURLPrefix": "{{.Values.githubURLPrefix}}" + } diff --git a/released/charts/fleet/fleet/0.3.500/templates/deployment.yaml b/released/charts/fleet/fleet/0.3.500/templates/deployment.yaml new file mode 100755 index 000000000..c64f94ddb --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/templates/deployment.yaml @@ -0,0 +1,31 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: fleet-controller +spec: + selector: + matchLabels: + app: fleet-controller + template: + metadata: + labels: + app: fleet-controller + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + name: fleet-controller + imagePullPolicy: "{{ .Values.image.imagePullPolicy }}" + serviceAccountName: fleet-controller + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/released/charts/fleet/fleet/0.3.500/templates/rbac.yaml b/released/charts/fleet/fleet/0.3.500/templates/rbac.yaml new file mode 100755 index 000000000..59df51b1f --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/templates/rbac.yaml @@ -0,0 +1,106 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fleet-controller +rules: +- apiGroups: + - gitjob.cattle.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - fleet.cattle.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - "" + resources: + - namespaces + - serviceaccounts + verbs: + - '*' +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - roles + - rolebindings + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fleet-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fleet-controller +subjects: +- kind: ServiceAccount + name: fleet-controller + namespace: {{.Release.Namespace}} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: fleet-controller +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: fleet-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: fleet-controller +subjects: +- kind: ServiceAccount + name: fleet-controller + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fleet-controller-bootstrap +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fleet-controller-bootstrap +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fleet-controller-bootstrap +subjects: +- kind: ServiceAccount + name: fleet-controller-bootstrap + namespace: {{.Release.Namespace}} diff --git a/released/charts/fleet/fleet/0.3.500/templates/serviceaccount.yaml b/released/charts/fleet/fleet/0.3.500/templates/serviceaccount.yaml new file mode 100755 index 000000000..bd99d9958 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/templates/serviceaccount.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fleet-controller + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fleet-controller-bootstrap diff --git a/released/charts/fleet/fleet/0.3.500/values.yaml b/released/charts/fleet/fleet/0.3.500/values.yaml new file mode 100755 index 000000000..d81363b8f --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/values.yaml @@ -0,0 +1,47 @@ +image: + repository: rancher/fleet + tag: v0.3.5-rc5 + imagePullPolicy: IfNotPresent + +agentImage: + repository: rancher/fleet-agent + tag: v0.3.5-rc5 + imagePullPolicy: IfNotPresent + +# For cluster registration the public URL of the Kubernetes API server must be set here +# Example: https://example.com:6443 +apiServerURL: "" + +# For cluster registration the pem encoded value of the CA of the Kubernetes API server must be set here +# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA. +apiServerCA: "" + +# A duration string for how often agents should report a heartbeat +agentCheckinInterval: "15m" + +# Whether you want to allow cluster upon registration to specify their labels. +ignoreClusterRegistrationLabels: false + +bootstrap: + # The namespace that will be autocreated and the local cluster will be registered in + namespace: fleet-local + # A repo to add at install time that will deploy to the local cluster. This allows + # one to fully bootstrap fleet, it's configuration and all it's downstream clusters + # in one shot. + repo: "" + secret: "" + branch: master + paths: "" + +global: + cattle: + systemDefaultRegistry: "" + +nodeSelector: + kubernetes.io/os: linux + +tolerations: + - key: cattle.io/os + operator: "Equal" + value: "linux" + effect: NoSchedule \ No newline at end of file diff --git a/released/charts/longhorn/longhorn-crd/1.0.200/Chart.yaml b/released/charts/longhorn/longhorn-crd/1.0.200/Chart.yaml new file mode 100644 index 000000000..7dc68d42b --- /dev/null +++ b/released/charts/longhorn/longhorn-crd/1.0.200/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/release-name: longhorn-crd +apiVersion: v1 +description: Installs the CRDs for longhorn. +name: longhorn-crd +type: application +version: 1.0.200 diff --git a/released/charts/longhorn/longhorn-crd/1.0.200/README.md b/released/charts/longhorn/longhorn-crd/1.0.200/README.md new file mode 100644 index 000000000..3db83649d --- /dev/null +++ b/released/charts/longhorn/longhorn-crd/1.0.200/README.md @@ -0,0 +1,2 @@ +# longhorn-crd +A Rancher chart that installs the CRDs used by [longhorn](https://github.com/rancher/dev-charts/tree/master/packages/longhorn). diff --git a/released/charts/longhorn/longhorn-crd/1.0.200/templates/crds.yaml b/released/charts/longhorn/longhorn-crd/1.0.200/templates/crds.yaml new file mode 100644 index 000000000..e63cf8c72 --- /dev/null +++ b/released/charts/longhorn/longhorn-crd/1.0.200/templates/crds.yaml @@ -0,0 +1,172 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.0.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.0.2 + longhorn-manager: Engine + name: engines.longhorn.io +spec: + group: longhorn.io + names: + kind: Engine + listKind: EngineList + plural: engines + shortNames: + - lhe + singular: engine + scope: Namespaced + version: v1beta1 + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.0.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.0.2 + longhorn-manager: Replica + name: replicas.longhorn.io +spec: + group: longhorn.io + names: + kind: Replica + listKind: ReplicaList + plural: replicas + shortNames: + - lhr + singular: replica + scope: Namespaced + version: v1beta1 + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.0.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.0.2 + longhorn-manager: Setting + name: settings.longhorn.io +spec: + group: longhorn.io + names: + kind: Setting + listKind: SettingList + plural: settings + shortNames: + - lhs + singular: setting + scope: Namespaced + version: v1beta1 +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.0.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.0.2 + longhorn-manager: Volume + name: volumes.longhorn.io +spec: + group: longhorn.io + names: + kind: Volume + listKind: VolumeList + plural: volumes + shortNames: + - lhv + singular: volume + scope: Namespaced + version: v1beta1 + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.0.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.0.2 + longhorn-manager: EngineImage + name: engineimages.longhorn.io +spec: + group: longhorn.io + names: + kind: EngineImage + listKind: EngineImageList + plural: engineimages + shortNames: + - lhei + singular: engineimage + scope: Namespaced + version: v1beta1 + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.0.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.0.2 + longhorn-manager: Node + name: nodes.longhorn.io +spec: + group: longhorn.io + names: + kind: Node + listKind: NodeList + plural: nodes + shortNames: + - lhn + singular: node + scope: Namespaced + version: v1beta1 + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.0.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.0.2 + longhorn-manager: InstanceManager + name: instancemanagers.longhorn.io +spec: + group: longhorn.io + names: + kind: InstanceManager + listKind: InstanceManagerList + plural: instancemanagers + shortNames: + - lhim + singular: instancemanager + scope: Namespaced + version: v1beta1 + subresources: + status: {} diff --git a/released/charts/longhorn/longhorn-crd/1.0.201/Chart.yaml b/released/charts/longhorn/longhorn-crd/1.0.201/Chart.yaml new file mode 100644 index 000000000..ba1c26d89 --- /dev/null +++ b/released/charts/longhorn/longhorn-crd/1.0.201/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/release-name: longhorn-crd +apiVersion: v1 +description: Installs the CRDs for longhorn. +name: longhorn-crd +type: application +version: 1.0.201 diff --git a/released/charts/longhorn/longhorn-crd/1.0.201/README.md b/released/charts/longhorn/longhorn-crd/1.0.201/README.md new file mode 100644 index 000000000..d9f7f14b3 --- /dev/null +++ b/released/charts/longhorn/longhorn-crd/1.0.201/README.md @@ -0,0 +1,2 @@ +# longhorn-crd +A Rancher chart that installs the CRDs used by longhorn. diff --git a/released/charts/longhorn/longhorn-crd/1.0.201/templates/crds.yaml b/released/charts/longhorn/longhorn-crd/1.0.201/templates/crds.yaml new file mode 100644 index 000000000..e63cf8c72 --- /dev/null +++ b/released/charts/longhorn/longhorn-crd/1.0.201/templates/crds.yaml @@ -0,0 +1,172 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.0.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.0.2 + longhorn-manager: Engine + name: engines.longhorn.io +spec: + group: longhorn.io + names: + kind: Engine + listKind: EngineList + plural: engines + shortNames: + - lhe + singular: engine + scope: Namespaced + version: v1beta1 + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.0.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.0.2 + longhorn-manager: Replica + name: replicas.longhorn.io +spec: + group: longhorn.io + names: + kind: Replica + listKind: ReplicaList + plural: replicas + shortNames: + - lhr + singular: replica + scope: Namespaced + version: v1beta1 + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.0.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.0.2 + longhorn-manager: Setting + name: settings.longhorn.io +spec: + group: longhorn.io + names: + kind: Setting + listKind: SettingList + plural: settings + shortNames: + - lhs + singular: setting + scope: Namespaced + version: v1beta1 +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.0.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.0.2 + longhorn-manager: Volume + name: volumes.longhorn.io +spec: + group: longhorn.io + names: + kind: Volume + listKind: VolumeList + plural: volumes + shortNames: + - lhv + singular: volume + scope: Namespaced + version: v1beta1 + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.0.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.0.2 + longhorn-manager: EngineImage + name: engineimages.longhorn.io +spec: + group: longhorn.io + names: + kind: EngineImage + listKind: EngineImageList + plural: engineimages + shortNames: + - lhei + singular: engineimage + scope: Namespaced + version: v1beta1 + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.0.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.0.2 + longhorn-manager: Node + name: nodes.longhorn.io +spec: + group: longhorn.io + names: + kind: Node + listKind: NodeList + plural: nodes + shortNames: + - lhn + singular: node + scope: Namespaced + version: v1beta1 + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.0.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.0.2 + longhorn-manager: InstanceManager + name: instancemanagers.longhorn.io +spec: + group: longhorn.io + names: + kind: InstanceManager + listKind: InstanceManagerList + plural: instancemanagers + shortNames: + - lhim + singular: instancemanager + scope: Namespaced + version: v1beta1 + subresources: + status: {} diff --git a/released/charts/longhorn/longhorn-crd/1.1.000/Chart.yaml b/released/charts/longhorn/longhorn-crd/1.1.000/Chart.yaml new file mode 100644 index 000000000..b9dba3761 --- /dev/null +++ b/released/charts/longhorn/longhorn-crd/1.1.000/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/release-name: longhorn-crd +apiVersion: v1 +description: Installs the CRDs for longhorn. +name: longhorn-crd +type: application +version: 1.1.000 diff --git a/released/charts/longhorn/longhorn-crd/1.1.000/README.md b/released/charts/longhorn/longhorn-crd/1.1.000/README.md new file mode 100644 index 000000000..d9f7f14b3 --- /dev/null +++ b/released/charts/longhorn/longhorn-crd/1.1.000/README.md @@ -0,0 +1,2 @@ +# longhorn-crd +A Rancher chart that installs the CRDs used by longhorn. diff --git a/released/charts/longhorn/longhorn-crd/1.1.000/templates/crds.yaml b/released/charts/longhorn/longhorn-crd/1.1.000/templates/crds.yaml new file mode 100644 index 000000000..836264585 --- /dev/null +++ b/released/charts/longhorn/longhorn-crd/1.1.000/templates/crds.yaml @@ -0,0 +1,420 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: Engine + name: engines.longhorn.io +spec: + group: longhorn.io + names: + kind: Engine + listKind: EngineList + plural: engines + shortNames: + - lhe + singular: engine + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The current state of the engine + jsonPath: .status.currentState + - name: Node + type: string + description: The node that the engine is on + jsonPath: .spec.nodeID + - name: InstanceManager + type: string + description: The instance manager of the engine + jsonPath: .status.instanceManagerName + - name: Image + type: string + description: The current image of the engine + jsonPath: .status.currentImage + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: Replica + name: replicas.longhorn.io +spec: + group: longhorn.io + names: + kind: Replica + listKind: ReplicaList + plural: replicas + shortNames: + - lhr + singular: replica + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The current state of the replica + jsonPath: .status.currentState + - name: Node + type: string + description: The node that the replica is on + jsonPath: .spec.nodeID + - name: Disk + type: string + description: The disk that the replica is on + jsonPath: .spec.diskID + - name: InstanceManager + type: string + description: The instance manager of the replica + jsonPath: .status.instanceManagerName + - name: Image + type: string + description: The current image of the replica + jsonPath: .status.currentImage + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: Setting + name: settings.longhorn.io +spec: + group: longhorn.io + names: + kind: Setting + listKind: SettingList + plural: settings + shortNames: + - lhs + singular: setting + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Value + type: string + description: The value of the setting + jsonPath: .value + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: Volume + name: volumes.longhorn.io +spec: + group: longhorn.io + names: + kind: Volume + listKind: VolumeList + plural: volumes + shortNames: + - lhv + singular: volume + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The state of the volume + jsonPath: .status.state + - name: Robustness + type: string + description: The robustness of the volume + jsonPath: .status.robustness + - name: Scheduled + type: string + description: The scheduled condition of the volume + jsonPath: .status.conditions['scheduled']['status'] + - name: Size + type: string + description: The size of the volume + jsonPath: .spec.size + - name: Node + type: string + description: The node that the volume is currently attaching to + jsonPath: .status.currentNodeID + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: EngineImage + name: engineimages.longhorn.io +spec: + group: longhorn.io + names: + kind: EngineImage + listKind: EngineImageList + plural: engineimages + shortNames: + - lhei + singular: engineimage + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: State of the engine image + jsonPath: .status.state + - name: Image + type: string + description: The Longhorn engine image + jsonPath: .spec.image + - name: RefCount + type: integer + description: Number of volumes are using the engine image + jsonPath: .status.refCount + - name: BuildDate + type: date + description: The build date of the engine image + jsonPath: .status.buildDate + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: Node + name: nodes.longhorn.io +spec: + group: longhorn.io + names: + kind: Node + listKind: NodeList + plural: nodes + shortNames: + - lhn + singular: node + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: Ready + type: string + description: Indicate whether the node is ready + jsonPath: .status.conditions['Ready']['status'] + - name: AllowScheduling + type: boolean + description: Indicate whether the user disabled/enabled replica scheduling for the node + jsonPath: .spec.allowScheduling + - name: Schedulable + type: string + description: Indicate whether Longhorn can schedule replicas on the node + jsonPath: .status.conditions['Schedulable']['status'] + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: InstanceManager + name: instancemanagers.longhorn.io +spec: + group: longhorn.io + names: + kind: InstanceManager + listKind: InstanceManagerList + plural: instancemanagers + shortNames: + - lhim + singular: instancemanager + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The state of the instance manager + jsonPath: .status.currentState + - name: Type + type: string + description: The type of the instance manager (engine or replica) + jsonPath: .spec.type + - name: Node + type: string + description: The node that the instance manager is running on + jsonPath: .spec.nodeID + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: ShareManager + name: sharemanagers.longhorn.io +spec: + group: longhorn.io + names: + kind: ShareManager + listKind: ShareManagerList + plural: sharemanagers + shortNames: + - lhsm + singular: sharemanager + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The state of the share manager + jsonPath: .status.state + - name: Node + type: string + description: The node that the share manager is owned by + jsonPath: .status.ownerID + - name: Age + type: date + jsonPath: .metadata.creationTimestamp diff --git a/released/charts/longhorn/longhorn-crd/1.1.001/Chart.yaml b/released/charts/longhorn/longhorn-crd/1.1.001/Chart.yaml new file mode 100755 index 000000000..2ce321e37 --- /dev/null +++ b/released/charts/longhorn/longhorn-crd/1.1.001/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/release-name: longhorn-crd +apiVersion: v1 +description: Installs the CRDs for longhorn. +name: longhorn-crd +type: application +version: 1.1.001 diff --git a/released/charts/longhorn/longhorn-crd/1.1.001/README.md b/released/charts/longhorn/longhorn-crd/1.1.001/README.md new file mode 100755 index 000000000..d9f7f14b3 --- /dev/null +++ b/released/charts/longhorn/longhorn-crd/1.1.001/README.md @@ -0,0 +1,2 @@ +# longhorn-crd +A Rancher chart that installs the CRDs used by longhorn. diff --git a/released/charts/longhorn/longhorn-crd/1.1.001/templates/crds.yaml b/released/charts/longhorn/longhorn-crd/1.1.001/templates/crds.yaml new file mode 100755 index 000000000..836264585 --- /dev/null +++ b/released/charts/longhorn/longhorn-crd/1.1.001/templates/crds.yaml @@ -0,0 +1,420 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: Engine + name: engines.longhorn.io +spec: + group: longhorn.io + names: + kind: Engine + listKind: EngineList + plural: engines + shortNames: + - lhe + singular: engine + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The current state of the engine + jsonPath: .status.currentState + - name: Node + type: string + description: The node that the engine is on + jsonPath: .spec.nodeID + - name: InstanceManager + type: string + description: The instance manager of the engine + jsonPath: .status.instanceManagerName + - name: Image + type: string + description: The current image of the engine + jsonPath: .status.currentImage + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: Replica + name: replicas.longhorn.io +spec: + group: longhorn.io + names: + kind: Replica + listKind: ReplicaList + plural: replicas + shortNames: + - lhr + singular: replica + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The current state of the replica + jsonPath: .status.currentState + - name: Node + type: string + description: The node that the replica is on + jsonPath: .spec.nodeID + - name: Disk + type: string + description: The disk that the replica is on + jsonPath: .spec.diskID + - name: InstanceManager + type: string + description: The instance manager of the replica + jsonPath: .status.instanceManagerName + - name: Image + type: string + description: The current image of the replica + jsonPath: .status.currentImage + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: Setting + name: settings.longhorn.io +spec: + group: longhorn.io + names: + kind: Setting + listKind: SettingList + plural: settings + shortNames: + - lhs + singular: setting + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Value + type: string + description: The value of the setting + jsonPath: .value + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: Volume + name: volumes.longhorn.io +spec: + group: longhorn.io + names: + kind: Volume + listKind: VolumeList + plural: volumes + shortNames: + - lhv + singular: volume + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The state of the volume + jsonPath: .status.state + - name: Robustness + type: string + description: The robustness of the volume + jsonPath: .status.robustness + - name: Scheduled + type: string + description: The scheduled condition of the volume + jsonPath: .status.conditions['scheduled']['status'] + - name: Size + type: string + description: The size of the volume + jsonPath: .spec.size + - name: Node + type: string + description: The node that the volume is currently attaching to + jsonPath: .status.currentNodeID + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: EngineImage + name: engineimages.longhorn.io +spec: + group: longhorn.io + names: + kind: EngineImage + listKind: EngineImageList + plural: engineimages + shortNames: + - lhei + singular: engineimage + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: State of the engine image + jsonPath: .status.state + - name: Image + type: string + description: The Longhorn engine image + jsonPath: .spec.image + - name: RefCount + type: integer + description: Number of volumes are using the engine image + jsonPath: .status.refCount + - name: BuildDate + type: date + description: The build date of the engine image + jsonPath: .status.buildDate + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: Node + name: nodes.longhorn.io +spec: + group: longhorn.io + names: + kind: Node + listKind: NodeList + plural: nodes + shortNames: + - lhn + singular: node + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: Ready + type: string + description: Indicate whether the node is ready + jsonPath: .status.conditions['Ready']['status'] + - name: AllowScheduling + type: boolean + description: Indicate whether the user disabled/enabled replica scheduling for the node + jsonPath: .spec.allowScheduling + - name: Schedulable + type: string + description: Indicate whether Longhorn can schedule replicas on the node + jsonPath: .status.conditions['Schedulable']['status'] + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: InstanceManager + name: instancemanagers.longhorn.io +spec: + group: longhorn.io + names: + kind: InstanceManager + listKind: InstanceManagerList + plural: instancemanagers + shortNames: + - lhim + singular: instancemanager + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The state of the instance manager + jsonPath: .status.currentState + - name: Type + type: string + description: The type of the instance manager (engine or replica) + jsonPath: .spec.type + - name: Node + type: string + description: The node that the instance manager is running on + jsonPath: .spec.nodeID + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: ShareManager + name: sharemanagers.longhorn.io +spec: + group: longhorn.io + names: + kind: ShareManager + listKind: ShareManagerList + plural: sharemanagers + shortNames: + - lhsm + singular: sharemanager + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The state of the share manager + jsonPath: .status.state + - name: Node + type: string + description: The node that the share manager is owned by + jsonPath: .status.ownerID + - name: Age + type: date + jsonPath: .metadata.creationTimestamp diff --git a/released/charts/longhorn/longhorn/1.0.200/.helmignore b/released/charts/longhorn/longhorn/1.0.200/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/longhorn/longhorn/1.0.200/Chart.yaml b/released/charts/longhorn/longhorn/1.0.200/Chart.yaml new file mode 100644 index 000000000..915d207db --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/Chart.yaml @@ -0,0 +1,35 @@ +annotations: + catalog.cattle.io/auto-install: longhorn-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/provides-gvr: longhorn.io/v1beta1 + catalog.cattle.io/release-name: longhorn + catalog.cattle.io/ui-component: longhorn + catalog.cattle.io/os: linux +apiVersion: v1 +appVersion: v1.0.2 +description: Longhorn is a distributed block storage system for Kubernetes. +home: https://github.com/longhorn/longhorn +icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.svg +keywords: +- longhorn +- storage +- distributed +- block +- device +- iscsi +kubeVersion: '>=v1.14.0-r0' +maintainers: +- email: maintainers@longhorn.io + name: Longhorn maintainers +- email: sheng@yasker.org + name: Sheng Yang +name: longhorn +sources: +- https://github.com/longhorn/longhorn +- https://github.com/longhorn/longhorn-engine +- https://github.com/longhorn/longhorn-instance-manager +- https://github.com/longhorn/longhorn-manager +- https://github.com/longhorn/longhorn-ui +- https://github.com/longhorn/longhorn-tests +version: 1.0.200 diff --git a/released/charts/longhorn/longhorn/1.0.200/README.md b/released/charts/longhorn/longhorn/1.0.200/README.md new file mode 100644 index 000000000..068bb5d66 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/README.md @@ -0,0 +1,49 @@ +# Rancher Longhorn Chart + +> **Important**: Please install Longhorn chart in `longhorn-system` namespace only. + +> **Warning**: Longhorn doesn't support downgrading from a higher version to a lower version. + +The following document pertains to running Longhorn from the Rancher 2.0 chart. + +## Source Code + +Longhorn is 100% open source software. Project source code is spread across a number of repos: + +1. Longhorn Engine -- Core controller/replica logic https://github.com/longhorn/longhorn-engine +2. Longhorn Instance Manager -- Controller/replica instance lifecycle management https://github.com/longhorn/longhorn-instance-manager +3. Longhorn Manager -- Longhorn orchestration, includes CSI driver for Kubernetes https://github.com/longhorn/longhorn-manager +4. Longhorn UI -- Dashboard https://github.com/longhorn/longhorn-ui + +## Prerequisites + +1. Rancher v2.1+ +2. Docker v1.13+ +3. Kubernetes v1.14+ +4. Make sure `curl`, `findmnt`, `grep`, `awk` and `blkid` has been installed in all nodes of the Kubernetes cluster. +5. Make sure `open-iscsi` has been installed in all nodes of the Kubernetes cluster. For GKE, recommended Ubuntu as guest OS image since it contains `open-iscsi` already. + +## Uninstallation + +1. To prevent damage to the Kubernetes cluster, we recommend deleting all Kubernetes workloads using Longhorn volumes (PersistentVolume, PersistentVolumeClaim, StorageClass, Deployment, StatefulSet, DaemonSet, etc). + +2. From Rancher UI, navigate to `Catalog Apps` tab and delete Longhorn app. + +## Troubleshooting + +### I deleted the Longhorn App from Rancher UI instead of following the uninstallation procedure + +Redeploy the (same version) Longhorn App. Follow the uninstallation procedure above. + +### Problems with CRDs + +If your CRD instances or the CRDs themselves can't be deleted for whatever reason, run the commands below to clean up. Caution: this will wipe all Longhorn state! + +``` +# Delete CRD instances and definitions +curl -s https://raw.githubusercontent.com/longhorn/longhorn/v0.8.1/scripts/cleanup.sh |bash -s v062 +curl -s https://raw.githubusercontent.com/longhorn/longhorn/v0.8.1/scripts/cleanup.sh |bash -s v070 +``` + +--- +Please see [link](https://github.com/longhorn/longhorn) for more information. diff --git a/released/charts/longhorn/longhorn/1.0.200/app-readme.md b/released/charts/longhorn/longhorn/1.0.200/app-readme.md new file mode 100644 index 000000000..cb23135ca --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/app-readme.md @@ -0,0 +1,11 @@ +# Longhorn + +Longhorn is a lightweight, reliable and easy to use distributed block storage system for Kubernetes. Once deployed, users can leverage persistent volumes provided by Longhorn. + +Longhorn creates a dedicated storage controller for each volume and synchronously replicates the volume across multiple replicas stored on multiple nodes. The storage controller and replicas are themselves orchestrated using Kubernetes. Longhorn supports snapshots, backups and even allows you to schedule recurring snapshots and backups! + +**Important**: Please install Longhorn chart in `longhorn-system` namespace only. + +**Warning**: Longhorn doesn't support downgrading from a higher version to a lower version. + +[Chart Documentation](https://github.com/longhorn/longhorn/blob/master/chart/README.md) diff --git a/released/charts/longhorn/longhorn/1.0.200/questions.yml b/released/charts/longhorn/longhorn/1.0.200/questions.yml new file mode 100644 index 000000000..26566901f --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/questions.yml @@ -0,0 +1,346 @@ +categories: +- storage +namespace: longhorn-system +questions: +- variable: image.defaultImage + default: "true" + description: "Use default Longhorn images" + label: Use Default Images + type: boolean + show_subquestion_if: false + group: "Longhorn Images" + subquestions: + - variable: image.longhorn.manager.repository + default: longhornio/longhorn-manager + description: "Specify Longhorn Manager Image Repository" + type: string + label: Longhorn Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.manager.tag + default: v1.0.2 + description: "Specify Longhorn Manager Image Tag" + type: string + label: Longhorn Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.engine.repository + default: longhornio/longhorn-engine + description: "Specify Longhorn Engine Image Repository" + type: string + label: Longhorn Engine Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.engine.tag + default: v1.0.2 + description: "Specify Longhorn Engine Image Tag" + type: string + label: Longhorn Engine Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.ui.repository + default: longhornio/longhorn-ui + description: "Specify Longhorn UI Image Repository" + type: string + label: Longhorn UI Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.ui.tag + default: v1.0.2 + description: "Specify Longhorn UI Image Tag" + type: string + label: Longhorn UI Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.instanceManager.repository + default: longhornio/longhorn-instance-manager + description: "Specify Longhorn Instance Manager Image Repository" + type: string + label: Longhorn Instance Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.instanceManager.tag + default: v1_20200514 + description: "Specify Longhorn Instance Manager Image Tag" + type: string + label: Longhorn Instance Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.csi.attacher.repository + default: longhornio/csi-attacher + description: "Specify CSI attacher image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Attacher Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.attacher.tag + default: v2.0.0 + description: "Specify CSI attacher image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Attacher Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.provisioner.repository + default: longhornio/csi-provisioner + description: "Specify CSI provisioner image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Provisioner Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.provisioner.tag + default: v1.4.0 + description: "Specify CSI provisioner image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Provisioner Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.nodeDriverRegistrar.repository + default: longhornio/csi-node-driver-registrar + description: "Specify CSI Node Driver Registrar image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Node Driver Registrar Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.nodeDriverRegistrar.tag + default: v1.2.0 + description: "Specify CSI Node Driver Registrar image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Node Driver Registrar Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.resizer.repository + default: longhornio/csi-resizer + description: "Specify CSI Driver Resizer image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Resizer Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.resizer.tag + default: v0.3.0 + description: "Specify CSI Driver Resizer image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Resizer Image Tag + group: "Longhorn CSI Driver Images" +- variable: privateRegistry.registryUrl + label: Private registry URL + description: "URL of private registry" + group: "Private Registry Settings" + type: string + default: "" +- variable: privateRegistry.registryUser + label: Private registry user + description: "User used to authenticate to private registry" + group: "Private Registry Settings" + type: string + default: "" +- variable: privateRegistry.registryPasswd + label: Private registry password + description: "Password used to authenticate to private registry" + group: "Private Registry Settings" + type: password + default: "" +- variable: longhorn.default_setting + default: "false" + description: "Customize the default settings before installing Longhorn for the first time. This option will only work if the cluster hasn't installed Longhorn." + label: "Customize Default Settings" + type: boolean + show_subquestion_if: true + group: "Longhorn Default Settings" + subquestions: + - variable: defaultSettings.registrySecret + label: Private registry secret + description: "The Kubernetes Secret name" + group: "Longhorn Default Settings" + type: string + default: "" + - variable: csi.kubeletRootDir + default: + description: "Specify kubelet root-dir. Leave blank to autodetect." + type: string + label: Kubelet Root Directory + group: "Longhorn CSI Driver Settings" + - variable: csi.attacherReplicaCount + type: int + default: + min: 1 + max: 10 + description: "Specify replica count of CSI Attacher. By default 3." + label: Longhorn CSI Attacher replica count + group: "Longhorn CSI Driver Settings" + - variable: csi.provisionerReplicaCount + type: int + default: + min: 1 + max: 10 + description: "Specify replica count of CSI Provisioner. By default 3." + label: Longhorn CSI Provisioner replica count + group: "Longhorn CSI Driver Settings" + - variable: persistence.defaultClass + default: "true" + description: "Set as default StorageClass" + group: "Longhorn CSI Driver Settings" + type: boolean + required: true + label: Default Storage Class + - variable: persistence.defaultClassReplicaCount + description: "Set replica count for default StorageClass" + group: "Longhorn CSI Driver Settings" + type: int + default: 3 + min: 1 + max: 10 + label: Default Storage Class Replica Count + - variable: defaultSettings.backupTarget + label: Backup Target + description: "The endpoint used to access the backupstore. NFS and S3 are supported." + group: "Longhorn Default Settings" + type: string + default: + - variable: defaultSettings.backupTargetCredentialSecret + label: Backup Target Credential Secret + description: "The name of the Kubernetes secret associated with the backup target." + group: "Longhorn Default Settings" + type: string + default: + - variable: defaultSettings.createDefaultDiskLabeledNodes + label: Create Default Disk on Labeled Nodes + description: 'Create default Disk automatically only on Nodes with the label "node.longhorn.io/create-default-disk=true" if no other disks exist. If disabled, the default disk will be created on all new nodes when each node is first added.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.defaultDataPath + label: Default Data Path + description: 'Default path to use for storing data on a host. By default "/var/lib/longhorn/"' + group: "Longhorn Default Settings" + type: string + default: "/var/lib/longhorn/" + - variable: defaultSettings.replicaSoftAntiAffinity + label: Replica Node Level Soft Anti-Affinity + description: 'Allow scheduling on nodes with existing healthy replicas of the same volume. By default false.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.storageOverProvisioningPercentage + label: Storage Over Provisioning Percentage + description: "The over-provisioning percentage defines how much storage can be allocated relative to the hard drive's capacity. By default 200." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 200 + - variable: defaultSettings.storageMinimalAvailablePercentage + label: Storage Minimal Available Percentage + description: "If the minimum available disk capacity exceeds the actual percentage of available disk capacity, the disk becomes unschedulable until more space is freed up. By default 25." + group: "Longhorn Default Settings" + type: int + min: 0 + max: 100 + default: 25 + - variable: defaultSettings.upgradeChecker + label: Enable Upgrade Checker + description: 'Upgrade Checker will check for new Longhorn version periodically. When there is a new version available, a notification will appear in the UI. By default true.' + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.defaultReplicaCount + label: Default Replica Count + description: "The default number of replicas when a volume is created from the Longhorn UI. For Kubernetes configuration, update the `numberOfReplicas` in the StorageClass. By default 3." + group: "Longhorn Default Settings" + type: int + min: 1 + max: 20 + default: 3 + - variable: defaultSettings.guaranteedEngineCPU + label: Guaranteed Engine CPU + description: 'Allow Longhorn Instance Managers to have guaranteed CPU allocation. The value is how many CPUs should be reserved for each Engine/Replica Instance Manager Pod created by Longhorn. For example, 0.1 means one-tenth of a CPU. This will help maintain engine stability during high node workload. It only applies to the Engine/Replica Manager Pods created after the setting took effect. +WARNING: After this setting is changed, all the instance managers on all the nodes will be automatically restarted. +WARNING: DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES. +By default 0.25.' + group: "Longhorn Default Settings" + type: float + default: 0.25 + - variable: defaultSettings.defaultLonghornStaticStorageClass + label: Default Longhorn Static StorageClass Name + description: "The 'storageClassName' is given to PVs and PVCs that are created for an existing Longhorn volume. The StorageClass name can also be used as a label, so it is possible to use a Longhorn StorageClass to bind a workload to an existing PV without creating a Kubernetes StorageClass object. By default 'longhorn-static'." + group: "Longhorn Default Settings" + type: string + default: "longhorn-static" + - variable: defaultSettings.backupstorePollInterval + label: Backupstore Poll Interval + description: "In seconds. The backupstore poll interval determines how often Longhorn checks the backupstore for new backups. Set to 0 to disable the polling. By default 300." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 300 + - variable: defaultSettings.taintToleration + label: Kubernetes Taint Toleration + description: 'To dedicate nodes to store Longhorn replicas and reject other general workloads, set tolerations for Longhorn and add taints for the storage nodes. All Longhorn volumes should be detached before modifying toleration settings. We recommend setting tolerations during Longhorn deployment because the Longhorn system cannot be operated during the update. Multiple tolerations can be set here, and these tolerations are separated by semicolon. For example, `key1=value1:NoSchedule; key2:NoExecute`. Because `kubernetes.io` is used as the key of all Kubernetes default tolerations, it should not be used in the toleration settings. +WARNING: DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES.' + group: "Longhorn Default Settings" + type: string + default: "" + - variable: defaultSettings.priorityClass + label: Priority Class + description: "The name of the Priority Class to set on the Longhorn workloads. This can help prevent Longhorn workloads from being evicted under Node Pressure. WARNING: DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES." + group: "Longhorn Default Settings" + type: string + default: "" + - variable: defaultSettings.autoSalvage + label: Automatic salvage + description: "If enabled, volumes will be automatically salvaged when all the replicas become faulty e.g. due to network disconnection. Longhorn will try to figure out which replica(s) are usable, then use them for the volume. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.disableSchedulingOnCordonedNode + label: Disable Scheduling On Cordoned Node + description: "Disable Longhorn manager to schedule replica on Kubernetes cordoned node. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.replicaZoneSoftAntiAffinity + label: Replica Zone Level Soft Anti-Affinity + description: "Allow scheduling new Replicas of Volume to the Nodes in the same Zone as existing healthy Replicas. Nodes don't belong to any Zone will be treated as in the same Zone. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.volumeAttachmentRecoveryPolicy + label: Volume Attachment Recovery Policy + description: "Defines the Longhorn action when a Volume is stuck with a Deployment Pod on a failed node. `wait` leads to the deletion of the volume attachment as soon as the pods deletion time has passed. `never` is the default Kubernetes behavior of never deleting volume attachments on terminating pods. `immediate` leads to the deletion of the volume attachment as soon as all workload pods are pending. By default wait." + group: "Longhorn Default Settings" + type: enum + options: + - "wait" + - "never" + - "immediate" + default: "wait" + - variable: defaultSettings.mkfsExt4Parameters + label: Custom mkfs.ext4 parameters + description: "Allows setting additional filesystem creation parameters for ext4. For older host kernels it might be necessary to disable the optional ext4 metadata_csum feature by specifying `-O ^64bit,^metadata_csum`." + group: "Longhorn Default Settings" + type: string +- variable: ingress.enabled + default: "false" + description: "Expose app using Layer 7 Load Balancer - ingress" + type: boolean + group: "Services and Load Balancing" + label: Expose app using Layer 7 Load Balancer + show_subquestion_if: true + subquestions: + - variable: ingress.host + default: "xip.io" + description: "layer 7 Load Balancer hostname" + type: hostname + required: true + label: Layer 7 Load Balancer Hostname +- variable: service.ui.type + default: "Rancher-Proxy" + description: "Define Longhorn UI service type" + type: enum + options: + - "ClusterIP" + - "NodePort" + - "LoadBalancer" + - "Rancher-Proxy" + label: Longhorn UI Service + show_if: "ingress.enabled=false" + group: "Services and Load Balancing" + show_subquestion_if: "NodePort" + subquestions: + - variable: service.ui.nodePort + default: "" + description: "NodePort port number(to set explicitly, choose port between 30000-32767)" + type: int + min: 30000 + max: 32767 + show_if: "service.ui.type=NodePort||service.ui.type=LoadBalancer" + label: UI Service NodePort number +- variable: enablePSP + default: "true" + description: "Setup a pod security policy for Longhorn workloads." + label: Pod Security Policy + type: boolean + group: "Other Settings" \ No newline at end of file diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/NOTES.txt b/released/charts/longhorn/longhorn/1.0.200/templates/NOTES.txt new file mode 100644 index 000000000..cca7cd77b --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/NOTES.txt @@ -0,0 +1,5 @@ +Longhorn is now installed on the cluster! + +Please wait a few minutes for other Longhorn components such as CSI deployments, Engine Images, and Instance Managers to be initialized. + +Visit our documentation at https://longhorn.io/docs/ diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/_helpers.tpl b/released/charts/longhorn/longhorn/1.0.200/templates/_helpers.tpl new file mode 100644 index 000000000..5cac51cfa --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/_helpers.tpl @@ -0,0 +1,47 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "longhorn.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "longhorn.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "longhorn.managerIP" -}} +{{- $fullname := (include "longhorn.fullname" .) -}} +{{- printf "http://%s-backend:9500" $fullname | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "secret" }} +{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.privateRegistry.registryUrl (printf "%s:%s" .Values.privateRegistry.registryUser .Values.privateRegistry.registryPasswd | b64enc) | b64enc }} +{{- end }} + +{{- /* +longhorn.labels generates the standard Helm labels. +*/ -}} +{{- define "longhorn.labels" -}} +app.kubernetes.io/name: {{ template "longhorn.name" . }} +helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/version: {{ .Chart.AppVersion }} +{{- end -}} + + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/clusterrole.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/clusterrole.yaml new file mode 100644 index 000000000..491c3e6a5 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/clusterrole.yaml @@ -0,0 +1,40 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: longhorn-role + labels: {{- include "longhorn.labels" . | nindent 4 }} +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - "*" +- apiGroups: [""] + resources: ["pods", "events", "persistentvolumes", "persistentvolumeclaims","persistentvolumeclaims/status", "nodes", "proxy/nodes", "pods/log", "secrets", "services", "endpoints", "configmaps"] + verbs: ["*"] +- apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] +- apiGroups: ["apps"] + resources: ["daemonsets", "statefulsets", "deployments"] + verbs: ["*"] +- apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["*"] +- apiGroups: ["scheduling.k8s.io"] + resources: ["priorityclasses"] + verbs: ["watch", "list"] +- apiGroups: ["storage.k8s.io"] + resources: ["storageclasses", "volumeattachments", "csinodes", "csidrivers"] + verbs: ["*"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +- apiGroups: ["longhorn.io"] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status"] + verbs: ["*"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["*"] diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/clusterrolebinding.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..30c7fa78c --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/clusterrolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: longhorn-bind + labels: {{- include "longhorn.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: longhorn-role +subjects: +- kind: ServiceAccount + name: longhorn-service-account + namespace: {{ .Release.Namespace }} diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/daemonset-sa.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/daemonset-sa.yaml new file mode 100644 index 000000000..1717aa4d9 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/daemonset-sa.yaml @@ -0,0 +1,112 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-manager + name: longhorn-manager + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app: longhorn-manager + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-manager + spec: + containers: + - name: longhorn-manager + image: {{ template "system_default_registry" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: IfNotPresent + securityContext: + privileged: true + command: + - longhorn-manager + - -d + - daemon + - --engine-image + - "{{ template "system_default_registry" . }}{{ .Values.image.longhorn.engine.repository }}:{{ .Values.image.longhorn.engine.tag }}" + - --instance-manager-image + - "{{ template "system_default_registry" . }}{{ .Values.image.longhorn.instanceManager.repository }}:{{ .Values.image.longhorn.instanceManager.tag }}" + - --manager-image + - "{{ template "system_default_registry" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}" + - --service-account + - longhorn-service-account + ports: + - containerPort: 9500 + name: manager + readinessProbe: + tcpSocket: + port: 9500 + volumeMounts: + - name: dev + mountPath: /host/dev/ + - name: proc + mountPath: /host/proc/ + - name: varrun + mountPath: /var/run/ + mountPropagation: Bidirectional + - name: longhorn + mountPath: /var/lib/longhorn/ + mountPropagation: Bidirectional + - name: longhorn-default-setting + mountPath: /var/lib/longhorn-setting/ + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: DEFAULT_SETTING_PATH + value: /var/lib/longhorn-setting/default-setting.yaml + volumes: + - name: dev + hostPath: + path: /dev/ + - name: proc + hostPath: + path: /proc/ + - name: varrun + hostPath: + path: /var/run/ + - name: longhorn + hostPath: + path: /var/lib/longhorn/ + - name: longhorn-default-setting + configMap: + name: longhorn-default-setting + {{- if .Values.defaultSettings.registrySecret }} + imagePullSecrets: + - name: {{ .Values.defaultSettings.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account + updateStrategy: + rollingUpdate: + maxUnavailable: "100%" +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-manager + name: longhorn-backend + namespace: {{ .Release.Namespace }} +spec: + type: {{ .Values.service.manager.type }} + sessionAffinity: ClientIP + selector: + app: longhorn-manager + ports: + - name: manager + port: 9500 + targetPort: manager + {{- if .Values.service.manager.nodePort }} + nodePort: {{ .Values.service.manager.nodePort }} + {{- end }} diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/default-setting.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/default-setting.yaml new file mode 100644 index 000000000..2eb10b4dc --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/default-setting.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: longhorn-default-setting + namespace: {{ .Release.Namespace }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +data: + default-setting.yaml: |- + backup-target: {{ .Values.defaultSettings.backupTarget }} + backup-target-credential-secret: {{ .Values.defaultSettings.backupTargetCredentialSecret }} + create-default-disk-labeled-nodes: {{ .Values.defaultSettings.createDefaultDiskLabeledNodes }} + default-data-path: {{ .Values.defaultSettings.defaultDataPath }} + replica-soft-anti-affinity: {{ .Values.defaultSettings.replicaSoftAntiAffinity }} + storage-over-provisioning-percentage: {{ .Values.defaultSettings.storageOverProvisioningPercentage }} + storage-minimal-available-percentage: {{ .Values.defaultSettings.storageMinimalAvailablePercentage }} + upgrade-checker: {{ .Values.defaultSettings.upgradeChecker }} + default-replica-count: {{ .Values.defaultSettings.defaultReplicaCount }} + guaranteed-engine-cpu: {{ .Values.defaultSettings.guaranteedEngineCPU }} + default-longhorn-static-storage-class: {{ .Values.defaultSettings.defaultLonghornStaticStorageClass }} + backupstore-poll-interval: {{ .Values.defaultSettings.backupstorePollInterval }} + taint-toleration: {{ .Values.defaultSettings.taintToleration }} + priority-class: {{ .Values.defaultSettings.priorityClass }} + registry-secret: {{ .Values.defaultSettings.registrySecret }} + auto-salvage: {{ .Values.defaultSettings.autoSalvage }} + disable-scheduling-on-cordoned-node: {{ .Values.defaultSettings.disableSchedulingOnCordonedNode }} + replica-zone-soft-anti-affinity: {{ .Values.defaultSettings.replicaZoneSoftAntiAffinity }} + volume-attachment-recovery-policy: {{ .Values.defaultSettings.volumeAttachmentRecoveryPolicy }} + mkfs-ext4-parameters: {{ .Values.defaultSettings.mkfsExt4Parameters }} diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/deployment-driver.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/deployment-driver.yaml new file mode 100644 index 000000000..bee055d8e --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/deployment-driver.yaml @@ -0,0 +1,84 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: longhorn-driver-deployer + namespace: {{ .Release.Namespace }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + app: longhorn-driver-deployer + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-driver-deployer + spec: + initContainers: + - name: wait-longhorn-manager + image: {{ template "system_default_registry" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done'] + containers: + - name: longhorn-driver-deployer + image: {{ template "system_default_registry" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: IfNotPresent + command: + - longhorn-manager + - -d + - deploy-driver + - --manager-image + - "{{ template "system_default_registry" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}" + - --manager-url + - http://longhorn-backend:9500/v1 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + {{- if .Values.csi.kubeletRootDir }} + - name: KUBELET_ROOT_DIR + value: {{ .Values.csi.kubeletRootDir }} + {{- end }} + {{- if and .Values.image.csi.attacher.repository .Values.image.csi.attacher.tag }} + - name: CSI_ATTACHER_IMAGE + value: "{{ template "system_default_registry" . }}{{ .Values.image.csi.attacher.repository }}:{{ .Values.image.csi.attacher.tag }}" + {{- end }} + {{- if and .Values.image.csi.provisioner.repository .Values.image.csi.provisioner.tag }} + - name: CSI_PROVISIONER_IMAGE + value: "{{ template "system_default_registry" . }}{{ .Values.image.csi.provisioner.repository }}:{{ .Values.image.csi.provisioner.tag }}" + {{- end }} + {{- if and .Values.image.csi.nodeDriverRegistrar.repository .Values.image.csi.nodeDriverRegistrar.tag }} + - name: CSI_NODE_DRIVER_REGISTRAR_IMAGE + value: "{{ template "system_default_registry" . }}{{ .Values.image.csi.nodeDriverRegistrar.repository }}:{{ .Values.image.csi.nodeDriverRegistrar.tag }}" + {{- end }} + {{- if and .Values.image.csi.resizer.repository .Values.image.csi.resizer.tag }} + - name: CSI_RESIZER_IMAGE + value: "{{ template "system_default_registry" . }}{{ .Values.image.csi.resizer.repository }}:{{ .Values.image.csi.resizer.tag }}" + {{- end }} + {{- if .Values.csi.attacherReplicaCount }} + - name: CSI_ATTACHER_REPLICA_COUNT + value: {{ .Values.csi.attacherReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.provisionerReplicaCount }} + - name: CSI_PROVISIONER_REPLICA_COUNT + value: {{ .Values.csi.provisionerReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.resizerReplicaCount }} + - name: CSI_RESIZER_REPLICA_COUNT + value: {{ .Values.csi.resizerReplicaCount | quote }} + {{- end }} + {{- if .Values.defaultSettings.registrySecret }} + imagePullSecrets: + - name: {{ .Values.defaultSettings.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account + securityContext: + runAsUser: 0 diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/deployment-ui.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/deployment-ui.yaml new file mode 100644 index 000000000..0de0c9b3b --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/deployment-ui.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ui + name: longhorn-ui + namespace: {{ .Release.Namespace }} +spec: + replicas: 1 + selector: + matchLabels: + app: longhorn-ui + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-ui + spec: + containers: + - name: longhorn-ui + image: {{ template "system_default_registry" . }}{{ .Values.image.longhorn.ui.repository }}:{{ .Values.image.longhorn.ui.tag }} + imagePullPolicy: IfNotPresent + securityContext: + runAsUser: 0 + ports: + - containerPort: 8000 + name: http + env: + - name: LONGHORN_MANAGER_IP + value: "http://longhorn-backend:9500" + {{- if .Values.defaultSettings.registrySecret }} + imagePullSecrets: + - name: {{ .Values.defaultSettings.registrySecret }} + {{- end }} +--- +kind: Service +apiVersion: v1 +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ui + {{- if eq .Values.service.ui.type "Rancher-Proxy" }} + kubernetes.io/cluster-service: "true" + {{- end }} + name: longhorn-frontend + namespace: {{ .Release.Namespace }} +spec: + {{- if eq .Values.service.ui.type "Rancher-Proxy" }} + type: ClusterIP + {{- else }} + type: {{ .Values.service.ui.type }} + {{- end }} + selector: + app: longhorn-ui + ports: + - name: http + port: 80 + targetPort: http + {{- if .Values.service.ui.nodePort }} + nodePort: {{ .Values.service.ui.nodePort }} + {{- else }} + nodePort: null + {{- end }} diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/ingress.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/ingress.yaml new file mode 100644 index 000000000..e3e9e3eea --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/ingress.yaml @@ -0,0 +1,30 @@ +{{- if .Values.ingress.enabled }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: longhorn-ingress + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ingress + annotations: + {{- if .Values.ingress.tls }} + ingress.kubernetes.io/secure-backends: "true" + {{- end }} + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - path: {{ default "" .Values.ingress.path }} + backend: + serviceName: longhorn-frontend + servicePort: 80 +{{- if .Values.ingress.tls }} + tls: + - hosts: + - {{ .Values.ingress.host }} + secretName: {{ .Values.ingress.tlsSecret }} +{{- end }} +{{- end }} diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/postupgrade-job.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/postupgrade-job.yaml new file mode 100644 index 000000000..1860be5fe --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/postupgrade-job.yaml @@ -0,0 +1,35 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + name: longhorn-post-upgrade + namespace: {{ .Release.Namespace }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + activeDeadlineSeconds: 900 + backoffLimit: 1 + template: + metadata: + name: longhorn-post-upgrade + labels: {{- include "longhorn.labels" . | nindent 8 }} + spec: + containers: + - name: longhorn-post-upgrade + image: {{ template "system_default_registry" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: Always + command: + - longhorn-manager + - post-upgrade + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: OnFailure + {{- if .Values.defaultSettings.registrySecret }} + imagePullSecrets: + - name: {{ .Values.defaultSettings.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/psp.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/psp.yaml new file mode 100644 index 000000000..66479b4fa --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/psp.yaml @@ -0,0 +1,66 @@ +{{- if .Values.enablePSP }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: longhorn-psp + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + privileged: true + allowPrivilegeEscalation: true + requiredDropCapabilities: + - NET_RAW + allowedCapabilities: + - SYS_ADMIN + hostNetwork: false + hostIPC: false + hostPID: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + fsGroup: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - secret + - projected + - hostPath +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: longhorn-psp-role + labels: {{- include "longhorn.labels" . | nindent 4 }} + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - longhorn-psp +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: longhorn-psp-binding + labels: {{- include "longhorn.labels" . | nindent 4 }} + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: longhorn-psp-role +subjects: +- kind: ServiceAccount + name: longhorn-service-account + namespace: {{ .Release.Namespace }} +- kind: ServiceAccount + name: default + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/registry-secret.yml b/released/charts/longhorn/longhorn/1.0.200/templates/registry-secret.yml new file mode 100644 index 000000000..eeb9a8f4a --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/registry-secret.yml @@ -0,0 +1,10 @@ +{{- if .Values.defaultSettings.registrySecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.defaultSettings.registrySecret }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ template "secret" . }} +{{- end }} diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/serviceaccount.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/serviceaccount.yaml new file mode 100644 index 000000000..a2280b44f --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/serviceaccount.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: longhorn-service-account + namespace: {{ .Release.Namespace }} + labels: {{- include "longhorn.labels" . | nindent 4 }} diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/storageclass.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/storageclass.yaml new file mode 100644 index 000000000..3fee340f4 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/storageclass.yaml @@ -0,0 +1,14 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: longhorn + annotations: + storageclass.kubernetes.io/is-default-class: {{ .Values.persistence.defaultClass | quote }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +provisioner: driver.longhorn.io +allowVolumeExpansion: true +parameters: + numberOfReplicas: "{{ .Values.persistence.defaultClassReplicaCount }}" + staleReplicaTimeout: "30" + fromBackup: "" + baseImage: "" diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/tls-secrets.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/tls-secrets.yaml new file mode 100644 index 000000000..7a75df09c --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/tls-secrets.yaml @@ -0,0 +1,15 @@ +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: longhorn + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/uninstall-job.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/uninstall-job.yaml new file mode 100644 index 000000000..d32157145 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/uninstall-job.yaml @@ -0,0 +1,36 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded + name: longhorn-uninstall + namespace: {{ .Release.Namespace }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + activeDeadlineSeconds: 900 + backoffLimit: 1 + template: + metadata: + name: longhorn-uninstall + labels: {{- include "longhorn.labels" . | nindent 8 }} + spec: + containers: + - name: longhorn-uninstall + image: {{ template "system_default_registry" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: Always + command: + - longhorn-manager + - uninstall + - --force + env: + - name: LONGHORN_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: OnFailure + {{- if .Values.defaultSettings.registrySecret }} + imagePullSecrets: + - name: {{ .Values.defaultSettings.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/userroles.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/userroles.yaml new file mode 100644 index 000000000..ba6d40643 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/userroles.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-admin" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: [ "longhorn.io" ] + resources: [ "volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status" ] + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-edit" + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: [ "longhorn.io" ] + resources: [ "volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status" ] + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-view" + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: + - apiGroups: [ "longhorn.io" ] + resources: [ "volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status" ] + verbs: [ "get", "list", "watch" ] diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/validate-install-crd.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/validate-install-crd.yaml new file mode 100644 index 000000000..4899b977c --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "longhorn.io/v1beta1/Engine" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the longhorn-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/longhorn/longhorn/1.0.200/values.yaml b/released/charts/longhorn/longhorn/1.0.200/values.yaml new file mode 100644 index 000000000..a29b9497d --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/values.yaml @@ -0,0 +1,136 @@ +# Default values for longhorn. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: + cattle: + systemDefaultRegistry: "" + +image: + longhorn: + engine: + repository: rancher/longhornio-longhorn-engine + tag: v1.0.2 + manager: + repository: rancher/longhornio-longhorn-manager + tag: v1.0.2 + ui: + repository: rancher/longhornio-longhorn-ui + tag: v1.0.2 + instanceManager: + repository: rancher/longhornio-longhorn-instance-manager + tag: v1_20200514 + csi: + attacher: + repository: rancher/longhornio-csi-attacher + tag: v2.0.0 + provisioner: + repository: rancher/longhornio-csi-provisioner + tag: v1.4.0 + nodeDriverRegistrar: + repository: rancher/longhornio-csi-node-driver-registrar + tag: v1.2.0 + resizer: + repository: rancher/longhornio-csi-resizer + tag: v0.3.0 + pullPolicy: IfNotPresent + +service: + ui: + type: ClusterIP + nodePort: null + manager: + type: ClusterIP + nodePort: "" + +persistence: + defaultClass: true + defaultClassReplicaCount: 3 + +csi: + kubeletRootDir: ~ + attacherReplicaCount: ~ + provisionerReplicaCount: ~ + resizerReplicaCount: ~ + +defaultSettings: + backupTarget: ~ + backupTargetCredentialSecret: ~ + createDefaultDiskLabeledNodes: ~ + defaultDataPath: ~ + replicaSoftAntiAffinity: ~ + storageOverProvisioningPercentage: ~ + storageMinimalAvailablePercentage: ~ + upgradeChecker: ~ + defaultReplicaCount: ~ + guaranteedEngineCPU: ~ + defaultLonghornStaticStorageClass: ~ + backupstorePollInterval: ~ + taintToleration: ~ + priorityClass: ~ + registrySecret: ~ + autoSalvage: ~ + disableSchedulingOnCordonedNode: ~ + replicaZoneSoftAntiAffinity: ~ + volumeAttachmentRecoveryPolicy: ~ + mkfsExt4Parameters: ~ + +privateRegistry: + registryUrl: ~ + registryUser: ~ + registryPasswd: ~ + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + # + +ingress: + ## Set to true to enable ingress record generation + enabled: false + + + host: xip.io + + ## Set this to true in order to enable TLS on the ingress record + ## A side effect of this will be that the backend service will be connected at port 443 + tls: false + + ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS + tlsSecret: longhorn.local-tls + + ## Ingress annotations done as key:value pairs + ## If you're using kube-lego, you will want to add: + ## kubernetes.io/tls-acme: true + ## + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md + ## + ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set + annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: true + + secrets: + ## If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using kube-lego, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + # - name: longhorn.local-tls + # key: + # certificate: + +# Configure a pod security policy in the Longhorn namespace to allow privileged pods +enablePSP: true diff --git a/released/charts/longhorn/longhorn/1.0.201/.helmignore b/released/charts/longhorn/longhorn/1.0.201/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/longhorn/longhorn/1.0.201/Chart.yaml b/released/charts/longhorn/longhorn/1.0.201/Chart.yaml new file mode 100644 index 000000000..7cf478dd8 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/Chart.yaml @@ -0,0 +1,36 @@ +annotations: + catalog.cattle.io/auto-install: longhorn-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Longhorn + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/provides-gvr: longhorn.io/v1beta1 + catalog.cattle.io/release-name: longhorn + catalog.cattle.io/ui-component: longhorn + catalog.cattle.io/os: linux +apiVersion: v1 +appVersion: v1.0.2 +description: Longhorn is a distributed block storage system for Kubernetes. +home: https://github.com/longhorn/longhorn +icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.svg +keywords: +- longhorn +- storage +- distributed +- block +- device +- iscsi +kubeVersion: '>=v1.14.0-r0' +maintainers: +- email: maintainers@longhorn.io + name: Longhorn maintainers +- email: sheng@yasker.org + name: Sheng Yang +name: longhorn +sources: +- https://github.com/longhorn/longhorn +- https://github.com/longhorn/longhorn-engine +- https://github.com/longhorn/longhorn-instance-manager +- https://github.com/longhorn/longhorn-manager +- https://github.com/longhorn/longhorn-ui +- https://github.com/longhorn/longhorn-tests +version: 1.0.201 diff --git a/released/charts/longhorn/longhorn/1.0.201/README.md b/released/charts/longhorn/longhorn/1.0.201/README.md new file mode 100644 index 000000000..068bb5d66 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/README.md @@ -0,0 +1,49 @@ +# Rancher Longhorn Chart + +> **Important**: Please install Longhorn chart in `longhorn-system` namespace only. + +> **Warning**: Longhorn doesn't support downgrading from a higher version to a lower version. + +The following document pertains to running Longhorn from the Rancher 2.0 chart. + +## Source Code + +Longhorn is 100% open source software. Project source code is spread across a number of repos: + +1. Longhorn Engine -- Core controller/replica logic https://github.com/longhorn/longhorn-engine +2. Longhorn Instance Manager -- Controller/replica instance lifecycle management https://github.com/longhorn/longhorn-instance-manager +3. Longhorn Manager -- Longhorn orchestration, includes CSI driver for Kubernetes https://github.com/longhorn/longhorn-manager +4. Longhorn UI -- Dashboard https://github.com/longhorn/longhorn-ui + +## Prerequisites + +1. Rancher v2.1+ +2. Docker v1.13+ +3. Kubernetes v1.14+ +4. Make sure `curl`, `findmnt`, `grep`, `awk` and `blkid` has been installed in all nodes of the Kubernetes cluster. +5. Make sure `open-iscsi` has been installed in all nodes of the Kubernetes cluster. For GKE, recommended Ubuntu as guest OS image since it contains `open-iscsi` already. + +## Uninstallation + +1. To prevent damage to the Kubernetes cluster, we recommend deleting all Kubernetes workloads using Longhorn volumes (PersistentVolume, PersistentVolumeClaim, StorageClass, Deployment, StatefulSet, DaemonSet, etc). + +2. From Rancher UI, navigate to `Catalog Apps` tab and delete Longhorn app. + +## Troubleshooting + +### I deleted the Longhorn App from Rancher UI instead of following the uninstallation procedure + +Redeploy the (same version) Longhorn App. Follow the uninstallation procedure above. + +### Problems with CRDs + +If your CRD instances or the CRDs themselves can't be deleted for whatever reason, run the commands below to clean up. Caution: this will wipe all Longhorn state! + +``` +# Delete CRD instances and definitions +curl -s https://raw.githubusercontent.com/longhorn/longhorn/v0.8.1/scripts/cleanup.sh |bash -s v062 +curl -s https://raw.githubusercontent.com/longhorn/longhorn/v0.8.1/scripts/cleanup.sh |bash -s v070 +``` + +--- +Please see [link](https://github.com/longhorn/longhorn) for more information. diff --git a/released/charts/longhorn/longhorn/1.0.201/app-readme.md b/released/charts/longhorn/longhorn/1.0.201/app-readme.md new file mode 100644 index 000000000..cb23135ca --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/app-readme.md @@ -0,0 +1,11 @@ +# Longhorn + +Longhorn is a lightweight, reliable and easy to use distributed block storage system for Kubernetes. Once deployed, users can leverage persistent volumes provided by Longhorn. + +Longhorn creates a dedicated storage controller for each volume and synchronously replicates the volume across multiple replicas stored on multiple nodes. The storage controller and replicas are themselves orchestrated using Kubernetes. Longhorn supports snapshots, backups and even allows you to schedule recurring snapshots and backups! + +**Important**: Please install Longhorn chart in `longhorn-system` namespace only. + +**Warning**: Longhorn doesn't support downgrading from a higher version to a lower version. + +[Chart Documentation](https://github.com/longhorn/longhorn/blob/master/chart/README.md) diff --git a/released/charts/longhorn/longhorn/1.0.201/questions.yml b/released/charts/longhorn/longhorn/1.0.201/questions.yml new file mode 100644 index 000000000..26566901f --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/questions.yml @@ -0,0 +1,346 @@ +categories: +- storage +namespace: longhorn-system +questions: +- variable: image.defaultImage + default: "true" + description: "Use default Longhorn images" + label: Use Default Images + type: boolean + show_subquestion_if: false + group: "Longhorn Images" + subquestions: + - variable: image.longhorn.manager.repository + default: longhornio/longhorn-manager + description: "Specify Longhorn Manager Image Repository" + type: string + label: Longhorn Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.manager.tag + default: v1.0.2 + description: "Specify Longhorn Manager Image Tag" + type: string + label: Longhorn Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.engine.repository + default: longhornio/longhorn-engine + description: "Specify Longhorn Engine Image Repository" + type: string + label: Longhorn Engine Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.engine.tag + default: v1.0.2 + description: "Specify Longhorn Engine Image Tag" + type: string + label: Longhorn Engine Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.ui.repository + default: longhornio/longhorn-ui + description: "Specify Longhorn UI Image Repository" + type: string + label: Longhorn UI Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.ui.tag + default: v1.0.2 + description: "Specify Longhorn UI Image Tag" + type: string + label: Longhorn UI Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.instanceManager.repository + default: longhornio/longhorn-instance-manager + description: "Specify Longhorn Instance Manager Image Repository" + type: string + label: Longhorn Instance Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.instanceManager.tag + default: v1_20200514 + description: "Specify Longhorn Instance Manager Image Tag" + type: string + label: Longhorn Instance Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.csi.attacher.repository + default: longhornio/csi-attacher + description: "Specify CSI attacher image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Attacher Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.attacher.tag + default: v2.0.0 + description: "Specify CSI attacher image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Attacher Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.provisioner.repository + default: longhornio/csi-provisioner + description: "Specify CSI provisioner image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Provisioner Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.provisioner.tag + default: v1.4.0 + description: "Specify CSI provisioner image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Provisioner Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.nodeDriverRegistrar.repository + default: longhornio/csi-node-driver-registrar + description: "Specify CSI Node Driver Registrar image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Node Driver Registrar Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.nodeDriverRegistrar.tag + default: v1.2.0 + description: "Specify CSI Node Driver Registrar image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Node Driver Registrar Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.resizer.repository + default: longhornio/csi-resizer + description: "Specify CSI Driver Resizer image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Resizer Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.resizer.tag + default: v0.3.0 + description: "Specify CSI Driver Resizer image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Resizer Image Tag + group: "Longhorn CSI Driver Images" +- variable: privateRegistry.registryUrl + label: Private registry URL + description: "URL of private registry" + group: "Private Registry Settings" + type: string + default: "" +- variable: privateRegistry.registryUser + label: Private registry user + description: "User used to authenticate to private registry" + group: "Private Registry Settings" + type: string + default: "" +- variable: privateRegistry.registryPasswd + label: Private registry password + description: "Password used to authenticate to private registry" + group: "Private Registry Settings" + type: password + default: "" +- variable: longhorn.default_setting + default: "false" + description: "Customize the default settings before installing Longhorn for the first time. This option will only work if the cluster hasn't installed Longhorn." + label: "Customize Default Settings" + type: boolean + show_subquestion_if: true + group: "Longhorn Default Settings" + subquestions: + - variable: defaultSettings.registrySecret + label: Private registry secret + description: "The Kubernetes Secret name" + group: "Longhorn Default Settings" + type: string + default: "" + - variable: csi.kubeletRootDir + default: + description: "Specify kubelet root-dir. Leave blank to autodetect." + type: string + label: Kubelet Root Directory + group: "Longhorn CSI Driver Settings" + - variable: csi.attacherReplicaCount + type: int + default: + min: 1 + max: 10 + description: "Specify replica count of CSI Attacher. By default 3." + label: Longhorn CSI Attacher replica count + group: "Longhorn CSI Driver Settings" + - variable: csi.provisionerReplicaCount + type: int + default: + min: 1 + max: 10 + description: "Specify replica count of CSI Provisioner. By default 3." + label: Longhorn CSI Provisioner replica count + group: "Longhorn CSI Driver Settings" + - variable: persistence.defaultClass + default: "true" + description: "Set as default StorageClass" + group: "Longhorn CSI Driver Settings" + type: boolean + required: true + label: Default Storage Class + - variable: persistence.defaultClassReplicaCount + description: "Set replica count for default StorageClass" + group: "Longhorn CSI Driver Settings" + type: int + default: 3 + min: 1 + max: 10 + label: Default Storage Class Replica Count + - variable: defaultSettings.backupTarget + label: Backup Target + description: "The endpoint used to access the backupstore. NFS and S3 are supported." + group: "Longhorn Default Settings" + type: string + default: + - variable: defaultSettings.backupTargetCredentialSecret + label: Backup Target Credential Secret + description: "The name of the Kubernetes secret associated with the backup target." + group: "Longhorn Default Settings" + type: string + default: + - variable: defaultSettings.createDefaultDiskLabeledNodes + label: Create Default Disk on Labeled Nodes + description: 'Create default Disk automatically only on Nodes with the label "node.longhorn.io/create-default-disk=true" if no other disks exist. If disabled, the default disk will be created on all new nodes when each node is first added.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.defaultDataPath + label: Default Data Path + description: 'Default path to use for storing data on a host. By default "/var/lib/longhorn/"' + group: "Longhorn Default Settings" + type: string + default: "/var/lib/longhorn/" + - variable: defaultSettings.replicaSoftAntiAffinity + label: Replica Node Level Soft Anti-Affinity + description: 'Allow scheduling on nodes with existing healthy replicas of the same volume. By default false.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.storageOverProvisioningPercentage + label: Storage Over Provisioning Percentage + description: "The over-provisioning percentage defines how much storage can be allocated relative to the hard drive's capacity. By default 200." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 200 + - variable: defaultSettings.storageMinimalAvailablePercentage + label: Storage Minimal Available Percentage + description: "If the minimum available disk capacity exceeds the actual percentage of available disk capacity, the disk becomes unschedulable until more space is freed up. By default 25." + group: "Longhorn Default Settings" + type: int + min: 0 + max: 100 + default: 25 + - variable: defaultSettings.upgradeChecker + label: Enable Upgrade Checker + description: 'Upgrade Checker will check for new Longhorn version periodically. When there is a new version available, a notification will appear in the UI. By default true.' + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.defaultReplicaCount + label: Default Replica Count + description: "The default number of replicas when a volume is created from the Longhorn UI. For Kubernetes configuration, update the `numberOfReplicas` in the StorageClass. By default 3." + group: "Longhorn Default Settings" + type: int + min: 1 + max: 20 + default: 3 + - variable: defaultSettings.guaranteedEngineCPU + label: Guaranteed Engine CPU + description: 'Allow Longhorn Instance Managers to have guaranteed CPU allocation. The value is how many CPUs should be reserved for each Engine/Replica Instance Manager Pod created by Longhorn. For example, 0.1 means one-tenth of a CPU. This will help maintain engine stability during high node workload. It only applies to the Engine/Replica Manager Pods created after the setting took effect. +WARNING: After this setting is changed, all the instance managers on all the nodes will be automatically restarted. +WARNING: DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES. +By default 0.25.' + group: "Longhorn Default Settings" + type: float + default: 0.25 + - variable: defaultSettings.defaultLonghornStaticStorageClass + label: Default Longhorn Static StorageClass Name + description: "The 'storageClassName' is given to PVs and PVCs that are created for an existing Longhorn volume. The StorageClass name can also be used as a label, so it is possible to use a Longhorn StorageClass to bind a workload to an existing PV without creating a Kubernetes StorageClass object. By default 'longhorn-static'." + group: "Longhorn Default Settings" + type: string + default: "longhorn-static" + - variable: defaultSettings.backupstorePollInterval + label: Backupstore Poll Interval + description: "In seconds. The backupstore poll interval determines how often Longhorn checks the backupstore for new backups. Set to 0 to disable the polling. By default 300." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 300 + - variable: defaultSettings.taintToleration + label: Kubernetes Taint Toleration + description: 'To dedicate nodes to store Longhorn replicas and reject other general workloads, set tolerations for Longhorn and add taints for the storage nodes. All Longhorn volumes should be detached before modifying toleration settings. We recommend setting tolerations during Longhorn deployment because the Longhorn system cannot be operated during the update. Multiple tolerations can be set here, and these tolerations are separated by semicolon. For example, `key1=value1:NoSchedule; key2:NoExecute`. Because `kubernetes.io` is used as the key of all Kubernetes default tolerations, it should not be used in the toleration settings. +WARNING: DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES.' + group: "Longhorn Default Settings" + type: string + default: "" + - variable: defaultSettings.priorityClass + label: Priority Class + description: "The name of the Priority Class to set on the Longhorn workloads. This can help prevent Longhorn workloads from being evicted under Node Pressure. WARNING: DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES." + group: "Longhorn Default Settings" + type: string + default: "" + - variable: defaultSettings.autoSalvage + label: Automatic salvage + description: "If enabled, volumes will be automatically salvaged when all the replicas become faulty e.g. due to network disconnection. Longhorn will try to figure out which replica(s) are usable, then use them for the volume. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.disableSchedulingOnCordonedNode + label: Disable Scheduling On Cordoned Node + description: "Disable Longhorn manager to schedule replica on Kubernetes cordoned node. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.replicaZoneSoftAntiAffinity + label: Replica Zone Level Soft Anti-Affinity + description: "Allow scheduling new Replicas of Volume to the Nodes in the same Zone as existing healthy Replicas. Nodes don't belong to any Zone will be treated as in the same Zone. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.volumeAttachmentRecoveryPolicy + label: Volume Attachment Recovery Policy + description: "Defines the Longhorn action when a Volume is stuck with a Deployment Pod on a failed node. `wait` leads to the deletion of the volume attachment as soon as the pods deletion time has passed. `never` is the default Kubernetes behavior of never deleting volume attachments on terminating pods. `immediate` leads to the deletion of the volume attachment as soon as all workload pods are pending. By default wait." + group: "Longhorn Default Settings" + type: enum + options: + - "wait" + - "never" + - "immediate" + default: "wait" + - variable: defaultSettings.mkfsExt4Parameters + label: Custom mkfs.ext4 parameters + description: "Allows setting additional filesystem creation parameters for ext4. For older host kernels it might be necessary to disable the optional ext4 metadata_csum feature by specifying `-O ^64bit,^metadata_csum`." + group: "Longhorn Default Settings" + type: string +- variable: ingress.enabled + default: "false" + description: "Expose app using Layer 7 Load Balancer - ingress" + type: boolean + group: "Services and Load Balancing" + label: Expose app using Layer 7 Load Balancer + show_subquestion_if: true + subquestions: + - variable: ingress.host + default: "xip.io" + description: "layer 7 Load Balancer hostname" + type: hostname + required: true + label: Layer 7 Load Balancer Hostname +- variable: service.ui.type + default: "Rancher-Proxy" + description: "Define Longhorn UI service type" + type: enum + options: + - "ClusterIP" + - "NodePort" + - "LoadBalancer" + - "Rancher-Proxy" + label: Longhorn UI Service + show_if: "ingress.enabled=false" + group: "Services and Load Balancing" + show_subquestion_if: "NodePort" + subquestions: + - variable: service.ui.nodePort + default: "" + description: "NodePort port number(to set explicitly, choose port between 30000-32767)" + type: int + min: 30000 + max: 32767 + show_if: "service.ui.type=NodePort||service.ui.type=LoadBalancer" + label: UI Service NodePort number +- variable: enablePSP + default: "true" + description: "Setup a pod security policy for Longhorn workloads." + label: Pod Security Policy + type: boolean + group: "Other Settings" \ No newline at end of file diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/NOTES.txt b/released/charts/longhorn/longhorn/1.0.201/templates/NOTES.txt new file mode 100644 index 000000000..cca7cd77b --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/NOTES.txt @@ -0,0 +1,5 @@ +Longhorn is now installed on the cluster! + +Please wait a few minutes for other Longhorn components such as CSI deployments, Engine Images, and Instance Managers to be initialized. + +Visit our documentation at https://longhorn.io/docs/ diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/_helpers.tpl b/released/charts/longhorn/longhorn/1.0.201/templates/_helpers.tpl new file mode 100644 index 000000000..5cac51cfa --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/_helpers.tpl @@ -0,0 +1,47 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "longhorn.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "longhorn.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "longhorn.managerIP" -}} +{{- $fullname := (include "longhorn.fullname" .) -}} +{{- printf "http://%s-backend:9500" $fullname | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "secret" }} +{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.privateRegistry.registryUrl (printf "%s:%s" .Values.privateRegistry.registryUser .Values.privateRegistry.registryPasswd | b64enc) | b64enc }} +{{- end }} + +{{- /* +longhorn.labels generates the standard Helm labels. +*/ -}} +{{- define "longhorn.labels" -}} +app.kubernetes.io/name: {{ template "longhorn.name" . }} +helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/version: {{ .Chart.AppVersion }} +{{- end -}} + + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/clusterrole.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/clusterrole.yaml new file mode 100644 index 000000000..491c3e6a5 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/clusterrole.yaml @@ -0,0 +1,40 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: longhorn-role + labels: {{- include "longhorn.labels" . | nindent 4 }} +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - "*" +- apiGroups: [""] + resources: ["pods", "events", "persistentvolumes", "persistentvolumeclaims","persistentvolumeclaims/status", "nodes", "proxy/nodes", "pods/log", "secrets", "services", "endpoints", "configmaps"] + verbs: ["*"] +- apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] +- apiGroups: ["apps"] + resources: ["daemonsets", "statefulsets", "deployments"] + verbs: ["*"] +- apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["*"] +- apiGroups: ["scheduling.k8s.io"] + resources: ["priorityclasses"] + verbs: ["watch", "list"] +- apiGroups: ["storage.k8s.io"] + resources: ["storageclasses", "volumeattachments", "csinodes", "csidrivers"] + verbs: ["*"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +- apiGroups: ["longhorn.io"] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status"] + verbs: ["*"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["*"] diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/clusterrolebinding.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..30c7fa78c --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/clusterrolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: longhorn-bind + labels: {{- include "longhorn.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: longhorn-role +subjects: +- kind: ServiceAccount + name: longhorn-service-account + namespace: {{ .Release.Namespace }} diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/daemonset-sa.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/daemonset-sa.yaml new file mode 100644 index 000000000..1717aa4d9 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/daemonset-sa.yaml @@ -0,0 +1,112 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-manager + name: longhorn-manager + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app: longhorn-manager + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-manager + spec: + containers: + - name: longhorn-manager + image: {{ template "system_default_registry" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: IfNotPresent + securityContext: + privileged: true + command: + - longhorn-manager + - -d + - daemon + - --engine-image + - "{{ template "system_default_registry" . }}{{ .Values.image.longhorn.engine.repository }}:{{ .Values.image.longhorn.engine.tag }}" + - --instance-manager-image + - "{{ template "system_default_registry" . }}{{ .Values.image.longhorn.instanceManager.repository }}:{{ .Values.image.longhorn.instanceManager.tag }}" + - --manager-image + - "{{ template "system_default_registry" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}" + - --service-account + - longhorn-service-account + ports: + - containerPort: 9500 + name: manager + readinessProbe: + tcpSocket: + port: 9500 + volumeMounts: + - name: dev + mountPath: /host/dev/ + - name: proc + mountPath: /host/proc/ + - name: varrun + mountPath: /var/run/ + mountPropagation: Bidirectional + - name: longhorn + mountPath: /var/lib/longhorn/ + mountPropagation: Bidirectional + - name: longhorn-default-setting + mountPath: /var/lib/longhorn-setting/ + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: DEFAULT_SETTING_PATH + value: /var/lib/longhorn-setting/default-setting.yaml + volumes: + - name: dev + hostPath: + path: /dev/ + - name: proc + hostPath: + path: /proc/ + - name: varrun + hostPath: + path: /var/run/ + - name: longhorn + hostPath: + path: /var/lib/longhorn/ + - name: longhorn-default-setting + configMap: + name: longhorn-default-setting + {{- if .Values.defaultSettings.registrySecret }} + imagePullSecrets: + - name: {{ .Values.defaultSettings.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account + updateStrategy: + rollingUpdate: + maxUnavailable: "100%" +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-manager + name: longhorn-backend + namespace: {{ .Release.Namespace }} +spec: + type: {{ .Values.service.manager.type }} + sessionAffinity: ClientIP + selector: + app: longhorn-manager + ports: + - name: manager + port: 9500 + targetPort: manager + {{- if .Values.service.manager.nodePort }} + nodePort: {{ .Values.service.manager.nodePort }} + {{- end }} diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/default-setting.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/default-setting.yaml new file mode 100644 index 000000000..2eb10b4dc --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/default-setting.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: longhorn-default-setting + namespace: {{ .Release.Namespace }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +data: + default-setting.yaml: |- + backup-target: {{ .Values.defaultSettings.backupTarget }} + backup-target-credential-secret: {{ .Values.defaultSettings.backupTargetCredentialSecret }} + create-default-disk-labeled-nodes: {{ .Values.defaultSettings.createDefaultDiskLabeledNodes }} + default-data-path: {{ .Values.defaultSettings.defaultDataPath }} + replica-soft-anti-affinity: {{ .Values.defaultSettings.replicaSoftAntiAffinity }} + storage-over-provisioning-percentage: {{ .Values.defaultSettings.storageOverProvisioningPercentage }} + storage-minimal-available-percentage: {{ .Values.defaultSettings.storageMinimalAvailablePercentage }} + upgrade-checker: {{ .Values.defaultSettings.upgradeChecker }} + default-replica-count: {{ .Values.defaultSettings.defaultReplicaCount }} + guaranteed-engine-cpu: {{ .Values.defaultSettings.guaranteedEngineCPU }} + default-longhorn-static-storage-class: {{ .Values.defaultSettings.defaultLonghornStaticStorageClass }} + backupstore-poll-interval: {{ .Values.defaultSettings.backupstorePollInterval }} + taint-toleration: {{ .Values.defaultSettings.taintToleration }} + priority-class: {{ .Values.defaultSettings.priorityClass }} + registry-secret: {{ .Values.defaultSettings.registrySecret }} + auto-salvage: {{ .Values.defaultSettings.autoSalvage }} + disable-scheduling-on-cordoned-node: {{ .Values.defaultSettings.disableSchedulingOnCordonedNode }} + replica-zone-soft-anti-affinity: {{ .Values.defaultSettings.replicaZoneSoftAntiAffinity }} + volume-attachment-recovery-policy: {{ .Values.defaultSettings.volumeAttachmentRecoveryPolicy }} + mkfs-ext4-parameters: {{ .Values.defaultSettings.mkfsExt4Parameters }} diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/deployment-driver.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/deployment-driver.yaml new file mode 100644 index 000000000..bee055d8e --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/deployment-driver.yaml @@ -0,0 +1,84 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: longhorn-driver-deployer + namespace: {{ .Release.Namespace }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + app: longhorn-driver-deployer + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-driver-deployer + spec: + initContainers: + - name: wait-longhorn-manager + image: {{ template "system_default_registry" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done'] + containers: + - name: longhorn-driver-deployer + image: {{ template "system_default_registry" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: IfNotPresent + command: + - longhorn-manager + - -d + - deploy-driver + - --manager-image + - "{{ template "system_default_registry" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}" + - --manager-url + - http://longhorn-backend:9500/v1 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + {{- if .Values.csi.kubeletRootDir }} + - name: KUBELET_ROOT_DIR + value: {{ .Values.csi.kubeletRootDir }} + {{- end }} + {{- if and .Values.image.csi.attacher.repository .Values.image.csi.attacher.tag }} + - name: CSI_ATTACHER_IMAGE + value: "{{ template "system_default_registry" . }}{{ .Values.image.csi.attacher.repository }}:{{ .Values.image.csi.attacher.tag }}" + {{- end }} + {{- if and .Values.image.csi.provisioner.repository .Values.image.csi.provisioner.tag }} + - name: CSI_PROVISIONER_IMAGE + value: "{{ template "system_default_registry" . }}{{ .Values.image.csi.provisioner.repository }}:{{ .Values.image.csi.provisioner.tag }}" + {{- end }} + {{- if and .Values.image.csi.nodeDriverRegistrar.repository .Values.image.csi.nodeDriverRegistrar.tag }} + - name: CSI_NODE_DRIVER_REGISTRAR_IMAGE + value: "{{ template "system_default_registry" . }}{{ .Values.image.csi.nodeDriverRegistrar.repository }}:{{ .Values.image.csi.nodeDriverRegistrar.tag }}" + {{- end }} + {{- if and .Values.image.csi.resizer.repository .Values.image.csi.resizer.tag }} + - name: CSI_RESIZER_IMAGE + value: "{{ template "system_default_registry" . }}{{ .Values.image.csi.resizer.repository }}:{{ .Values.image.csi.resizer.tag }}" + {{- end }} + {{- if .Values.csi.attacherReplicaCount }} + - name: CSI_ATTACHER_REPLICA_COUNT + value: {{ .Values.csi.attacherReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.provisionerReplicaCount }} + - name: CSI_PROVISIONER_REPLICA_COUNT + value: {{ .Values.csi.provisionerReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.resizerReplicaCount }} + - name: CSI_RESIZER_REPLICA_COUNT + value: {{ .Values.csi.resizerReplicaCount | quote }} + {{- end }} + {{- if .Values.defaultSettings.registrySecret }} + imagePullSecrets: + - name: {{ .Values.defaultSettings.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account + securityContext: + runAsUser: 0 diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/deployment-ui.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/deployment-ui.yaml new file mode 100644 index 000000000..0de0c9b3b --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/deployment-ui.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ui + name: longhorn-ui + namespace: {{ .Release.Namespace }} +spec: + replicas: 1 + selector: + matchLabels: + app: longhorn-ui + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-ui + spec: + containers: + - name: longhorn-ui + image: {{ template "system_default_registry" . }}{{ .Values.image.longhorn.ui.repository }}:{{ .Values.image.longhorn.ui.tag }} + imagePullPolicy: IfNotPresent + securityContext: + runAsUser: 0 + ports: + - containerPort: 8000 + name: http + env: + - name: LONGHORN_MANAGER_IP + value: "http://longhorn-backend:9500" + {{- if .Values.defaultSettings.registrySecret }} + imagePullSecrets: + - name: {{ .Values.defaultSettings.registrySecret }} + {{- end }} +--- +kind: Service +apiVersion: v1 +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ui + {{- if eq .Values.service.ui.type "Rancher-Proxy" }} + kubernetes.io/cluster-service: "true" + {{- end }} + name: longhorn-frontend + namespace: {{ .Release.Namespace }} +spec: + {{- if eq .Values.service.ui.type "Rancher-Proxy" }} + type: ClusterIP + {{- else }} + type: {{ .Values.service.ui.type }} + {{- end }} + selector: + app: longhorn-ui + ports: + - name: http + port: 80 + targetPort: http + {{- if .Values.service.ui.nodePort }} + nodePort: {{ .Values.service.ui.nodePort }} + {{- else }} + nodePort: null + {{- end }} diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/ingress.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/ingress.yaml new file mode 100644 index 000000000..e3e9e3eea --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/ingress.yaml @@ -0,0 +1,30 @@ +{{- if .Values.ingress.enabled }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: longhorn-ingress + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ingress + annotations: + {{- if .Values.ingress.tls }} + ingress.kubernetes.io/secure-backends: "true" + {{- end }} + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - path: {{ default "" .Values.ingress.path }} + backend: + serviceName: longhorn-frontend + servicePort: 80 +{{- if .Values.ingress.tls }} + tls: + - hosts: + - {{ .Values.ingress.host }} + secretName: {{ .Values.ingress.tlsSecret }} +{{- end }} +{{- end }} diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/postupgrade-job.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/postupgrade-job.yaml new file mode 100644 index 000000000..1860be5fe --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/postupgrade-job.yaml @@ -0,0 +1,35 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + name: longhorn-post-upgrade + namespace: {{ .Release.Namespace }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + activeDeadlineSeconds: 900 + backoffLimit: 1 + template: + metadata: + name: longhorn-post-upgrade + labels: {{- include "longhorn.labels" . | nindent 8 }} + spec: + containers: + - name: longhorn-post-upgrade + image: {{ template "system_default_registry" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: Always + command: + - longhorn-manager + - post-upgrade + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: OnFailure + {{- if .Values.defaultSettings.registrySecret }} + imagePullSecrets: + - name: {{ .Values.defaultSettings.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/psp.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/psp.yaml new file mode 100644 index 000000000..66479b4fa --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/psp.yaml @@ -0,0 +1,66 @@ +{{- if .Values.enablePSP }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: longhorn-psp + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + privileged: true + allowPrivilegeEscalation: true + requiredDropCapabilities: + - NET_RAW + allowedCapabilities: + - SYS_ADMIN + hostNetwork: false + hostIPC: false + hostPID: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + fsGroup: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - secret + - projected + - hostPath +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: longhorn-psp-role + labels: {{- include "longhorn.labels" . | nindent 4 }} + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - longhorn-psp +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: longhorn-psp-binding + labels: {{- include "longhorn.labels" . | nindent 4 }} + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: longhorn-psp-role +subjects: +- kind: ServiceAccount + name: longhorn-service-account + namespace: {{ .Release.Namespace }} +- kind: ServiceAccount + name: default + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/registry-secret.yml b/released/charts/longhorn/longhorn/1.0.201/templates/registry-secret.yml new file mode 100644 index 000000000..eeb9a8f4a --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/registry-secret.yml @@ -0,0 +1,10 @@ +{{- if .Values.defaultSettings.registrySecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.defaultSettings.registrySecret }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ template "secret" . }} +{{- end }} diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/serviceaccount.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/serviceaccount.yaml new file mode 100644 index 000000000..a2280b44f --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/serviceaccount.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: longhorn-service-account + namespace: {{ .Release.Namespace }} + labels: {{- include "longhorn.labels" . | nindent 4 }} diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/storageclass.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/storageclass.yaml new file mode 100644 index 000000000..3fee340f4 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/storageclass.yaml @@ -0,0 +1,14 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: longhorn + annotations: + storageclass.kubernetes.io/is-default-class: {{ .Values.persistence.defaultClass | quote }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +provisioner: driver.longhorn.io +allowVolumeExpansion: true +parameters: + numberOfReplicas: "{{ .Values.persistence.defaultClassReplicaCount }}" + staleReplicaTimeout: "30" + fromBackup: "" + baseImage: "" diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/tls-secrets.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/tls-secrets.yaml new file mode 100644 index 000000000..7a75df09c --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/tls-secrets.yaml @@ -0,0 +1,15 @@ +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: longhorn + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/uninstall-job.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/uninstall-job.yaml new file mode 100644 index 000000000..d32157145 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/uninstall-job.yaml @@ -0,0 +1,36 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded + name: longhorn-uninstall + namespace: {{ .Release.Namespace }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + activeDeadlineSeconds: 900 + backoffLimit: 1 + template: + metadata: + name: longhorn-uninstall + labels: {{- include "longhorn.labels" . | nindent 8 }} + spec: + containers: + - name: longhorn-uninstall + image: {{ template "system_default_registry" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: Always + command: + - longhorn-manager + - uninstall + - --force + env: + - name: LONGHORN_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: OnFailure + {{- if .Values.defaultSettings.registrySecret }} + imagePullSecrets: + - name: {{ .Values.defaultSettings.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/userroles.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/userroles.yaml new file mode 100644 index 000000000..ba6d40643 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/userroles.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-admin" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: [ "longhorn.io" ] + resources: [ "volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status" ] + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-edit" + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: [ "longhorn.io" ] + resources: [ "volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status" ] + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-view" + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: + - apiGroups: [ "longhorn.io" ] + resources: [ "volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status" ] + verbs: [ "get", "list", "watch" ] diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/validate-install-crd.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/validate-install-crd.yaml new file mode 100644 index 000000000..4899b977c --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "longhorn.io/v1beta1/Engine" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the longhorn-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/longhorn/longhorn/1.0.201/values.yaml b/released/charts/longhorn/longhorn/1.0.201/values.yaml new file mode 100644 index 000000000..a29b9497d --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/values.yaml @@ -0,0 +1,136 @@ +# Default values for longhorn. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: + cattle: + systemDefaultRegistry: "" + +image: + longhorn: + engine: + repository: rancher/longhornio-longhorn-engine + tag: v1.0.2 + manager: + repository: rancher/longhornio-longhorn-manager + tag: v1.0.2 + ui: + repository: rancher/longhornio-longhorn-ui + tag: v1.0.2 + instanceManager: + repository: rancher/longhornio-longhorn-instance-manager + tag: v1_20200514 + csi: + attacher: + repository: rancher/longhornio-csi-attacher + tag: v2.0.0 + provisioner: + repository: rancher/longhornio-csi-provisioner + tag: v1.4.0 + nodeDriverRegistrar: + repository: rancher/longhornio-csi-node-driver-registrar + tag: v1.2.0 + resizer: + repository: rancher/longhornio-csi-resizer + tag: v0.3.0 + pullPolicy: IfNotPresent + +service: + ui: + type: ClusterIP + nodePort: null + manager: + type: ClusterIP + nodePort: "" + +persistence: + defaultClass: true + defaultClassReplicaCount: 3 + +csi: + kubeletRootDir: ~ + attacherReplicaCount: ~ + provisionerReplicaCount: ~ + resizerReplicaCount: ~ + +defaultSettings: + backupTarget: ~ + backupTargetCredentialSecret: ~ + createDefaultDiskLabeledNodes: ~ + defaultDataPath: ~ + replicaSoftAntiAffinity: ~ + storageOverProvisioningPercentage: ~ + storageMinimalAvailablePercentage: ~ + upgradeChecker: ~ + defaultReplicaCount: ~ + guaranteedEngineCPU: ~ + defaultLonghornStaticStorageClass: ~ + backupstorePollInterval: ~ + taintToleration: ~ + priorityClass: ~ + registrySecret: ~ + autoSalvage: ~ + disableSchedulingOnCordonedNode: ~ + replicaZoneSoftAntiAffinity: ~ + volumeAttachmentRecoveryPolicy: ~ + mkfsExt4Parameters: ~ + +privateRegistry: + registryUrl: ~ + registryUser: ~ + registryPasswd: ~ + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + # + +ingress: + ## Set to true to enable ingress record generation + enabled: false + + + host: xip.io + + ## Set this to true in order to enable TLS on the ingress record + ## A side effect of this will be that the backend service will be connected at port 443 + tls: false + + ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS + tlsSecret: longhorn.local-tls + + ## Ingress annotations done as key:value pairs + ## If you're using kube-lego, you will want to add: + ## kubernetes.io/tls-acme: true + ## + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md + ## + ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set + annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: true + + secrets: + ## If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using kube-lego, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + # - name: longhorn.local-tls + # key: + # certificate: + +# Configure a pod security policy in the Longhorn namespace to allow privileged pods +enablePSP: true diff --git a/released/charts/longhorn/longhorn/1.1.000/.helmignore b/released/charts/longhorn/longhorn/1.1.000/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/longhorn/longhorn/1.1.000/Chart.yaml b/released/charts/longhorn/longhorn/1.1.000/Chart.yaml new file mode 100644 index 000000000..2d86b61fe --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/Chart.yaml @@ -0,0 +1,37 @@ +annotations: + catalog.cattle.io/auto-install: longhorn-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Longhorn + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: longhorn.io/v1beta1 + catalog.cattle.io/release-name: longhorn + catalog.cattle.io/ui-component: longhorn +apiVersion: v1 +appVersion: v1.1.0 +description: Longhorn is a distributed block storage system for Kubernetes. +home: https://github.com/longhorn/longhorn +icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.svg +keywords: +- longhorn +- storage +- distributed +- block +- device +- iscsi +kubeVersion: '>=v1.16.0-r0' +maintainers: +- email: maintainers@longhorn.io + name: Longhorn maintainers +- email: sheng@yasker.org + name: Sheng Yang +name: longhorn +sources: +- https://github.com/longhorn/longhorn +- https://github.com/longhorn/longhorn-engine +- https://github.com/longhorn/longhorn-instance-manager +- https://github.com/longhorn/longhorn-share-manager +- https://github.com/longhorn/longhorn-manager +- https://github.com/longhorn/longhorn-ui +- https://github.com/longhorn/longhorn-tests +version: 1.1.000 diff --git a/released/charts/longhorn/longhorn/1.1.000/README.md b/released/charts/longhorn/longhorn/1.1.000/README.md new file mode 100644 index 000000000..eae11ef6d --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/README.md @@ -0,0 +1,32 @@ +# Longhorn Chart + +> **Important**: Please install the Longhorn chart in the `longhorn-system` namespace only. + +> **Warning**: Longhorn doesn't support downgrading from a higher version to a lower version. + +## Source Code + +Longhorn is 100% open source software. Project source code is spread across a number of repos: + +1. Longhorn Engine -- Core controller/replica logic https://github.com/longhorn/longhorn-engine +2. Longhorn Instance Manager -- Controller/replica instance lifecycle management https://github.com/longhorn/longhorn-instance-manager +3. Longhorn Share Manager -- NFS provisioner that exposes Longhorn volumes as ReadWriteMany volumes. https://github.com/longhorn/longhorn-share-manager +4. Longhorn Manager -- Longhorn orchestration, includes CSI driver for Kubernetes https://github.com/longhorn/longhorn-manager +5. Longhorn UI -- Dashboard https://github.com/longhorn/longhorn-ui + +## Prerequisites + +1. Docker v1.13+ +2. Kubernetes v1.16+ +3. Make sure `curl`, `findmnt`, `grep`, `awk` and `blkid` has been installed in all nodes of the Kubernetes cluster. +4. Make sure `open-iscsi` has been installed in all nodes of the Kubernetes cluster. For GKE, recommended Ubuntu as guest OS image since it contains `open-iscsi` already. + +## Uninstallation + +To prevent damage to the Kubernetes cluster, we recommend deleting all Kubernetes workloads using Longhorn volumes (PersistentVolume, PersistentVolumeClaim, StorageClass, Deployment, StatefulSet, DaemonSet, etc). + +From Rancher Cluster Explorer UI, navigate to Apps page, delete app `longhorn` then app `longhorn-crd` in Installed Apps tab. + + +--- +Please see [link](https://github.com/longhorn/longhorn) for more information. diff --git a/released/charts/longhorn/longhorn/1.1.000/app-readme.md b/released/charts/longhorn/longhorn/1.1.000/app-readme.md new file mode 100644 index 000000000..cb23135ca --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/app-readme.md @@ -0,0 +1,11 @@ +# Longhorn + +Longhorn is a lightweight, reliable and easy to use distributed block storage system for Kubernetes. Once deployed, users can leverage persistent volumes provided by Longhorn. + +Longhorn creates a dedicated storage controller for each volume and synchronously replicates the volume across multiple replicas stored on multiple nodes. The storage controller and replicas are themselves orchestrated using Kubernetes. Longhorn supports snapshots, backups and even allows you to schedule recurring snapshots and backups! + +**Important**: Please install Longhorn chart in `longhorn-system` namespace only. + +**Warning**: Longhorn doesn't support downgrading from a higher version to a lower version. + +[Chart Documentation](https://github.com/longhorn/longhorn/blob/master/chart/README.md) diff --git a/released/charts/longhorn/longhorn/1.1.000/questions.yml b/released/charts/longhorn/longhorn/1.1.000/questions.yml new file mode 100644 index 000000000..f7ace54c7 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/questions.yml @@ -0,0 +1,512 @@ +categories: +- storage +namespace: longhorn-system +questions: +- variable: image.defaultImage + default: "true" + description: "Use default Longhorn images" + label: Use Default Images + type: boolean + show_subquestion_if: false + group: "Longhorn Images" + subquestions: + - variable: image.longhorn.manager.repository + default: rancher/longhornio-longhorn-manager + description: "Specify Longhorn Manager Image Repository" + type: string + label: Longhorn Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.manager.tag + default: v1.1.0 + description: "Specify Longhorn Manager Image Tag" + type: string + label: Longhorn Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.engine.repository + default: rancher/longhornio-longhorn-engine + description: "Specify Longhorn Engine Image Repository" + type: string + label: Longhorn Engine Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.engine.tag + default: v1.1.0 + description: "Specify Longhorn Engine Image Tag" + type: string + label: Longhorn Engine Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.ui.repository + default: rancher/longhornio-longhorn-ui + description: "Specify Longhorn UI Image Repository" + type: string + label: Longhorn UI Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.ui.tag + default: v1.1.0 + description: "Specify Longhorn UI Image Tag" + type: string + label: Longhorn UI Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.instanceManager.repository + default: rancher/longhornio-longhorn-instance-manager + description: "Specify Longhorn Instance Manager Image Repository" + type: string + label: Longhorn Instance Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.instanceManager.tag + default: v1_20201216 + description: "Specify Longhorn Instance Manager Image Tag" + type: string + label: Longhorn Instance Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.shareManager.repository + default: rancher/longhornio-longhorn-share-manager + description: "Specify Longhorn Share Manager Image Repository" + type: string + label: Longhorn Share Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.shareManager.tag + default: v1_20201204 + description: "Specify Longhorn Share Manager Image Tag" + type: string + label: Longhorn Share Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.csi.attacher.repository + default: rancher/longhornio-csi-attacher + description: "Specify CSI attacher image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Attacher Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.attacher.tag + default: v2.2.1-lh1 + description: "Specify CSI attacher image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Attacher Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.provisioner.repository + default: rancher/longhornio-csi-provisioner + description: "Specify CSI provisioner image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Provisioner Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.provisioner.tag + default: v1.6.0-lh1 + description: "Specify CSI provisioner image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Provisioner Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.nodeDriverRegistrar.repository + default: rancher/longhornio-csi-node-driver-registrar + description: "Specify CSI Node Driver Registrar image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Node Driver Registrar Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.nodeDriverRegistrar.tag + default: v1.2.0-lh1 + description: "Specify CSI Node Driver Registrar image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Node Driver Registrar Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.resizer.repository + default: rancher/longhornio-csi-resizer + description: "Specify CSI Driver Resizer image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Resizer Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.resizer.tag + default: v0.5.1-lh1 + description: "Specify CSI Driver Resizer image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Resizer Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.snapshotter.repository + default: rancher/longhornio-csi-snapshotter + description: "Specify CSI Driver Snapshotter image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Snapshotter Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.snapshotter.tag + default: v2.1.1-lh1 + description: "Specify CSI Driver Snapshotter image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Snapshotter Image Tag + group: "Longhorn CSI Driver Images" +- variable: privateRegistry.registryUrl + label: Private registry URL + description: "URL of private registry. Leave blank to apply system default registry." + group: "Private Registry Settings" + type: string + default: "" +- variable: privateRegistry.registryUser + label: Private registry user + description: "User used to authenticate to private registry" + group: "Private Registry Settings" + type: string + default: "" +- variable: privateRegistry.registryPasswd + label: Private registry password + description: "Password used to authenticate to private registry" + group: "Private Registry Settings" + type: password + default: "" +- variable: privateRegistry.registrySecret + label: Private registry secret name + description: "Longhorn will automatically generate a Kubernetes secret with this name and use it to pull images from your private registry." + group: "Private Registry Settings" + type: string + default: "" +- variable: longhorn.default_setting + default: "false" + description: "Customize the default settings before installing Longhorn for the first time. This option will only work if the cluster hasn't installed Longhorn." + label: "Customize Default Settings" + type: boolean + show_subquestion_if: true + group: "Longhorn Default Settings" + subquestions: + - variable: csi.kubeletRootDir + default: + description: "Specify kubelet root-dir. Leave blank to autodetect." + type: string + label: Kubelet Root Directory + group: "Longhorn CSI Driver Settings" + - variable: csi.attacherReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Specify replica count of CSI Attacher. By default 3." + label: Longhorn CSI Attacher replica count + group: "Longhorn CSI Driver Settings" + - variable: csi.provisionerReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Specify replica count of CSI Provisioner. By default 3." + label: Longhorn CSI Provisioner replica count + group: "Longhorn CSI Driver Settings" + - variable: csi.resizerReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Specify replica count of CSI Resizer. By default 3." + label: Longhorn CSI Resizer replica count + group: "Longhorn CSI Driver Settings" + - variable: csi.snapshotterReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Specify replica count of CSI Snapshotter. By default 3." + label: Longhorn CSI Snapshotter replica count + group: "Longhorn CSI Driver Settings" + - variable: defaultSettings.backupTarget + label: Backup Target + description: "The endpoint used to access the backupstore. NFS and S3 are supported." + group: "Longhorn Default Settings" + type: string + default: + - variable: defaultSettings.backupTargetCredentialSecret + label: Backup Target Credential Secret + description: "The name of the Kubernetes secret associated with the backup target." + group: "Longhorn Default Settings" + type: string + default: + - variable: defaultSettings.allowRecurringJobWhileVolumeDetached + label: Allow Recurring Job While Volume Is Detached + description: 'If this setting is enabled, Longhorn will automatically attaches the volume and takes snapshot/backup when it is the time to do recurring snapshot/backup. +Note that the volume is not ready for workload during the period when the volume was automatically attached. Workload will have to wait until the recurring job finishes.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.createDefaultDiskLabeledNodes + label: Create Default Disk on Labeled Nodes + description: 'Create default Disk automatically only on Nodes with the label "node.longhorn.io/create-default-disk=true" if no other disks exist. If disabled, the default disk will be created on all new nodes when each node is first added.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.defaultDataPath + label: Default Data Path + description: 'Default path to use for storing data on a host. By default "/var/lib/longhorn/"' + group: "Longhorn Default Settings" + type: string + default: "/var/lib/longhorn/" + - variable: defaultSettings.defaultDataLocality + label: Default Data Locality + description: 'We say a Longhorn volume has data locality if there is a local replica of the volume on the same node as the pod which is using the volume. +This setting specifies the default data locality when a volume is created from the Longhorn UI. For Kubernetes configuration, update the `dataLocality` in the StorageClass +The available modes are: +- **disabled**. This is the default option. There may or may not be a replica on the same node as the attached volume (workload) +- **best-effort**. This option instructs Longhorn to try to keep a replica on the same node as the attached volume (workload). Longhorn will not stop the volume, even if it cannot keep a replica local to the attached volume (workload) due to environment limitation, e.g. not enough disk space, incompatible disk tags, etc.' + group: "Longhorn Default Settings" + type: enum + options: + - "disabled" + - "best-effort" + default: "disabled" + - variable: defaultSettings.replicaSoftAntiAffinity + label: Replica Node Level Soft Anti-Affinity + description: 'Allow scheduling on nodes with existing healthy replicas of the same volume. By default false.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.storageOverProvisioningPercentage + label: Storage Over Provisioning Percentage + description: "The over-provisioning percentage defines how much storage can be allocated relative to the hard drive's capacity. By default 200." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 200 + - variable: defaultSettings.storageMinimalAvailablePercentage + label: Storage Minimal Available Percentage + description: "If the minimum available disk capacity exceeds the actual percentage of available disk capacity, the disk becomes unschedulable until more space is freed up. By default 25." + group: "Longhorn Default Settings" + type: int + min: 0 + max: 100 + default: 25 + - variable: defaultSettings.upgradeChecker + label: Enable Upgrade Checker + description: 'Upgrade Checker will check for new Longhorn version periodically. When there is a new version available, a notification will appear in the UI. By default true.' + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.defaultReplicaCount + label: Default Replica Count + description: "The default number of replicas when a volume is created from the Longhorn UI. For Kubernetes configuration, update the `numberOfReplicas` in the StorageClass. By default 3." + group: "Longhorn Default Settings" + type: int + min: 1 + max: 20 + default: 3 + - variable: defaultSettings.guaranteedEngineCPU + label: Guaranteed Engine CPU + description: "Allow Longhorn Instance Managers to have guaranteed CPU allocation. By default 0.25. The value is how many CPUs should be reserved for each Engine/Replica Instance Manager Pod created by Longhorn. For example, 0.1 means one-tenth of a CPU. This will help maintain engine stability during high node workload. It only applies to the Engine/Replica Instance Manager Pods created after the setting took effect. +In order to prevent unexpected volume crash, you can use the following formula to calculate an appropriate value for this setting: +'Guaranteed Engine CPU = The estimated max Longhorn volume/replica count on a node * 0.1'. +The result of above calculation doesn't mean that's the maximum CPU resources the Longhorn workloads require. To fully exploit the Longhorn volume I/O performance, you can allocate/guarantee more CPU resources via this setting. +If it's hard to estimate the volume/replica count now, you can leave it with the default value, or allocate 1/8 of total CPU of a node. Then you can tune it when there is no running workload using Longhorn volumes. +WARNING: After this setting is changed, all the instance managers on all the nodes will be automatically restarted +WARNING: DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES." + group: "Longhorn Default Settings" + type: float + default: 0.25 + - variable: defaultSettings.defaultLonghornStaticStorageClass + label: Default Longhorn Static StorageClass Name + description: "The 'storageClassName' is given to PVs and PVCs that are created for an existing Longhorn volume. The StorageClass name can also be used as a label, so it is possible to use a Longhorn StorageClass to bind a workload to an existing PV without creating a Kubernetes StorageClass object. By default 'longhorn-static'." + group: "Longhorn Default Settings" + type: string + default: "longhorn-static" + - variable: defaultSettings.backupstorePollInterval + label: Backupstore Poll Interval + description: "In seconds. The backupstore poll interval determines how often Longhorn checks the backupstore for new backups. Set to 0 to disable the polling. By default 300." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 300 + - variable: defaultSettings.taintToleration + label: Kubernetes Taint Toleration + description: "To dedicate nodes to store Longhorn replicas and reject other general workloads, set tolerations for Longhorn and add taints for the storage nodes. +All Longhorn volumes should be detached before modifying toleration settings. +We recommend setting tolerations during Longhorn deployment because the Longhorn system cannot be operated during the update. +Multiple tolerations can be set here, and these tolerations are separated by semicolon. For example: +* `key1=value1:NoSchedule; key2:NoExecute` +* `:` this toleration tolerates everything because an empty key with operator `Exists` matches all keys, values and effects +* `key1=value1:` this toleration has empty effect. It matches all effects with key `key1` +Because `kubernetes.io` is used as the key of all Kubernetes default tolerations, it should not be used in the toleration settings. +WARNING: DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES!" + group: "Longhorn Default Settings" + type: string + default: "" + - variable: defaultSettings.priorityClass + label: Priority Class + description: "The name of the Priority Class to set on the Longhorn workloads. This can help prevent Longhorn workloads from being evicted under Node Pressure. WARNING: DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES." + group: "Longhorn Default Settings" + type: string + default: "" + - variable: defaultSettings.autoSalvage + label: Automatic salvage + description: "If enabled, volumes will be automatically salvaged when all the replicas become faulty e.g. due to network disconnection. Longhorn will try to figure out which replica(s) are usable, then use them for the volume. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.autoDeletePodWhenVolumeDetachedUnexpectedly + label: Automatically Delete Workload Pod when The Volume Is Detached Unexpectedly + description: 'If enabled, Longhorn will automatically delete the workload pod that is managed by a controller (e.g. deployment, statefulset, daemonset, etc...) when Longhorn volume is detached unexpectedly (e.g. during Kubernetes upgrade, Docker reboot, or network disconnect). By deleting the pod, its controller restarts the pod and Kubernetes handles volume reattachment and remount. +If disabled, Longhorn will not delete the workload pod that is managed by a controller. You will have to manually restart the pod to reattach and remount the volume. +**Note:** This setting does not apply to the workload pods that do not have a controller. Longhorn never deletes them.' + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.disableSchedulingOnCordonedNode + label: Disable Scheduling On Cordoned Node + description: "Disable Longhorn manager to schedule replica on Kubernetes cordoned node. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.replicaZoneSoftAntiAffinity + label: Replica Zone Level Soft Anti-Affinity + description: "Allow scheduling new Replicas of Volume to the Nodes in the same Zone as existing healthy Replicas. Nodes don't belong to any Zone will be treated as in the same Zone. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.volumeAttachmentRecoveryPolicy + label: Volume Attachment Recovery Policy + description: "Defines the Longhorn action when a Volume is stuck with a Deployment Pod on a failed node. `wait` leads to the deletion of the volume attachment as soon as the pods deletion time has passed. `never` is the default Kubernetes behavior of never deleting volume attachments on terminating pods. `immediate` leads to the deletion of the volume attachment as soon as all workload pods are pending. By default wait." + group: "Longhorn Default Settings" + type: enum + options: + - "wait" + - "never" + - "immediate" + default: "wait" + - variable: defaultSettings.nodeDownPodDeletionPolicy + label: Pod Deletion Policy When Node is Down + description: "Defines the Longhorn action when a Volume is stuck with a StatefulSet/Deployment Pod on a node that is down. +- **do-nothing** is the default Kubernetes behavior of never force deleting StatefulSet/Deployment terminating pods. Since the pod on the node that is down isn't removed, Longhorn volumes are stuck on nodes that are down. +- **delete-statefulset-pod** Longhorn will force delete StatefulSet terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods. +- **delete-deployment-pod** Longhorn will force delete Deployment terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods. +- **delete-both-statefulset-and-deployment-pod** Longhorn will force delete StatefulSet/Deployment terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods." + group: "Longhorn Default Settings" + type: enum + options: + - "do-nothing" + - "delete-statefulset-pod" + - "delete-deployment-pod" + - "delete-both-statefulset-and-deployment-pod" + default: "do-nothing" + - variable: defaultSettings.allowNodeDrainWithLastHealthyReplica + label: Allow Node Drain with the Last Healthy Replica + description: "By default, Longhorn will block `kubectl drain` action on a node if the node contains the last healthy replica of a volume. +If this setting is enabled, Longhorn will **not** block `kubectl drain` action on a node even if the node contains the last healthy replica of a volume." + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.mkfsExt4Parameters + label: Custom mkfs.ext4 parameters + description: "Allows setting additional filesystem creation parameters for ext4. For older host kernels it might be necessary to disable the optional ext4 metadata_csum feature by specifying `-O ^64bit,^metadata_csum`." + group: "Longhorn Default Settings" + type: string + - variable: defaultSettings.disableReplicaRebuild + label: Disable Replica Rebuild + description: "This setting disable replica rebuild cross the whole cluster, eviction and data locality feature won't work if this setting is true. But doesn't have any impact to any current replica rebuild and restore disaster recovery volume." + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.replicaReplenishmentWaitInterval + label: Replica Replenishment Wait Interval + description: "In seconds. The interval determines how long Longhorn will wait at least in order to reuse the existing data on a failed replica rather than directly creating a new replica for a degraded volume. +Warning: This option works only when there is a failed replica in the volume. And this option may block the rebuilding for a while in the case." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 600 + - variable: defaultSettings.disableRevisionCounter + label: Disable Revision Counter + description: "This setting is only for volumes created by UI. By default, this is false meaning there will be a reivision counter file to track every write to the volume. During salvage recovering Longhorn will pick the repica with largest reivision counter as candidate to recover the whole volume. If revision counter is disabled, Longhorn will not track every write to the volume. During the salvage recovering, Longhorn will use the 'volume-head-xxx.img' file last modification time and file size to pick the replica candidate to recover the whole volume." + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.systemManagedPodsImagePullPolicy + label: System Managed Pod Image Pull Policy + description: "This setting defines the Image Pull Policy of Longhorn system managed pods, e.g. instance manager, engine image, CSI driver, etc. The new Image Pull Policy will only apply after the system managed pods restart." + group: "Longhorn Default Settings" + type: enum + options: + - "if-not-present" + - "always" + - "never" + default: "if-not-present" + - variable: defaultSettings.allowVolumeCreationWithDegradedAvailability + label: Allow Volume Creation with Degraded Availability + description: "This setting allows user to create and attach a volume that doesn't have all the replicas scheduled at the time of creation." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.autoCleanupSystemGeneratedSnapshot + label: Automatically Cleanup System Generated Snapshot + description: "This setting enables Longhorn to automatically cleanup the system generated snapshot after replica rebuild is done." + group: "Longhorn Default Settings" + type: boolean + default: "true" +- variable: persistence.defaultClass + default: "true" + description: "Set as default StorageClass for Longhorn" + label: Default Storage Class + group: "Longhorn Storage Class Settings" + required: true + type: boolean +- variable: persistence.reclaimPolicy + label: Storage Class Retain Policy + description: "Define reclaim policy (Retain or Delete)" + group: "Longhorn Storage Class Settings" + required: true + type: enum + options: + - "Delete" + - "Retain" + default: "Delete" +- variable: persistence.defaultClassReplicaCount + description: "Set replica count for Longhorn StorageClass" + label: Default Storage Class Replica Count + group: "Longhorn Storage Class Settings" + type: int + min: 1 + max: 10 + default: 3 +- variable: persistence.recurringJobs.enable + description: "Enable recurring job for Longhorn StorageClass" + group: "Longhorn Storage Class Settings" + label: Enable Storage Class Recurring Job + type: boolean + default: false + show_subquestion_if: true + subquestions: + - variable: persistence.recurringJobs.jobList + description: 'Recurring job list for Longhorn StorageClass. Please be careful of quotes of input. e.g., [{"name":"backup", "task":"backup", "cron":"*/2 * * * *", "retain":1,"labels": {"interval":"2m"}}]' + label: Storage Class Recurring Job List + group: "Longhorn Storage Class Settings" + type: string + default: +- variable: ingress.enabled + default: "false" + description: "Expose app using Layer 7 Load Balancer - ingress" + type: boolean + group: "Services and Load Balancing" + label: Expose app using Layer 7 Load Balancer + show_subquestion_if: true + subquestions: + - variable: ingress.host + default: "xip.io" + description: "layer 7 Load Balancer hostname" + type: hostname + required: true + label: Layer 7 Load Balancer Hostname +- variable: service.ui.type + default: "Rancher-Proxy" + description: "Define Longhorn UI service type" + type: enum + options: + - "ClusterIP" + - "NodePort" + - "LoadBalancer" + - "Rancher-Proxy" + label: Longhorn UI Service + show_if: "ingress.enabled=false" + group: "Services and Load Balancing" + show_subquestion_if: "NodePort" + subquestions: + - variable: service.ui.nodePort + default: "" + description: "NodePort port number(to set explicitly, choose port between 30000-32767)" + type: int + min: 30000 + max: 32767 + show_if: "service.ui.type=NodePort||service.ui.type=LoadBalancer" + label: UI Service NodePort number +- variable: enablePSP + default: "true" + description: "Setup a pod security policy for Longhorn workloads." + label: Pod Security Policy + type: boolean + group: "Other Settings" diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/NOTES.txt b/released/charts/longhorn/longhorn/1.1.000/templates/NOTES.txt new file mode 100644 index 000000000..cca7cd77b --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/NOTES.txt @@ -0,0 +1,5 @@ +Longhorn is now installed on the cluster! + +Please wait a few minutes for other Longhorn components such as CSI deployments, Engine Images, and Instance Managers to be initialized. + +Visit our documentation at https://longhorn.io/docs/ diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/_helpers.tpl b/released/charts/longhorn/longhorn/1.1.000/templates/_helpers.tpl new file mode 100644 index 000000000..3fbc2ac02 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "longhorn.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "longhorn.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "longhorn.managerIP" -}} +{{- $fullname := (include "longhorn.fullname" .) -}} +{{- printf "http://%s-backend:9500" $fullname | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "secret" }} +{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.privateRegistry.registryUrl (printf "%s:%s" .Values.privateRegistry.registryUser .Values.privateRegistry.registryPasswd | b64enc) | b64enc }} +{{- end }} + +{{- /* +longhorn.labels generates the standard Helm labels. +*/ -}} +{{- define "longhorn.labels" -}} +app.kubernetes.io/name: {{ template "longhorn.name" . }} +helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/version: {{ .Chart.AppVersion }} +{{- end -}} + + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{- define "registry_url" -}} +{{- if .Values.privateRegistry.registryUrl -}} +{{- printf "%s/" .Values.privateRegistry.registryUrl -}} +{{- else -}} +{{ include "system_default_registry" . }} +{{- end -}} +{{- end -}} + +{{- /* + define the longhorn release namespace +*/ -}} +{{- define "release_namespace" -}} +{{- if .Values.namespaceOverride -}} +{{- .Values.namespaceOverride -}} +{{- else -}} +{{- .Release.Namespace -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/clusterrole.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/clusterrole.yaml new file mode 100644 index 000000000..c69761756 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/clusterrole.yaml @@ -0,0 +1,47 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: longhorn-role + labels: {{- include "longhorn.labels" . | nindent 4 }} +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - "*" +- apiGroups: [""] + resources: ["pods", "events", "persistentvolumes", "persistentvolumeclaims","persistentvolumeclaims/status", "nodes", "proxy/nodes", "pods/log", "secrets", "services", "endpoints", "configmaps"] + verbs: ["*"] +- apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] +- apiGroups: ["apps"] + resources: ["daemonsets", "statefulsets", "deployments"] + verbs: ["*"] +- apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["*"] +- apiGroups: ["policy"] + resources: ["poddisruptionbudgets"] + verbs: ["*"] +- apiGroups: ["scheduling.k8s.io"] + resources: ["priorityclasses"] + verbs: ["watch", "list"] +- apiGroups: ["storage.k8s.io"] + resources: ["storageclasses", "volumeattachments", "csinodes", "csidrivers"] + verbs: ["*"] +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses", "volumesnapshots", "volumesnapshotcontents", "volumesnapshotcontents/status"] + verbs: ["*"] +- apiGroups: ["longhorn.io"] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status"] + verbs: ["*"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["*"] +- apiGroups: ["metrics.k8s.io"] + resources: ["pods", "nodes"] + verbs: ["get", "list"] diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/clusterrolebinding.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..66ac62f9b --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/clusterrolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: longhorn-bind + labels: {{- include "longhorn.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: longhorn-role +subjects: +- kind: ServiceAccount + name: longhorn-service-account + namespace: {{ include "release_namespace" . }} diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/daemonset-sa.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/daemonset-sa.yaml new file mode 100644 index 000000000..e40793591 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/daemonset-sa.yaml @@ -0,0 +1,114 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-manager + name: longhorn-manager + namespace: {{ include "release_namespace" . }} +spec: + selector: + matchLabels: + app: longhorn-manager + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-manager + spec: + containers: + - name: longhorn-manager + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: IfNotPresent + securityContext: + privileged: true + command: + - longhorn-manager + - -d + - daemon + - --engine-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.engine.repository }}:{{ .Values.image.longhorn.engine.tag }}" + - --instance-manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.instanceManager.repository }}:{{ .Values.image.longhorn.instanceManager.tag }}" + - --share-manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.shareManager.repository }}:{{ .Values.image.longhorn.shareManager.tag }}" + - --manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}" + - --service-account + - longhorn-service-account + ports: + - containerPort: 9500 + name: manager + readinessProbe: + tcpSocket: + port: 9500 + volumeMounts: + - name: dev + mountPath: /host/dev/ + - name: proc + mountPath: /host/proc/ + - name: varrun + mountPath: /var/run/ + mountPropagation: Bidirectional + - name: longhorn + mountPath: /var/lib/longhorn/ + mountPropagation: Bidirectional + - name: longhorn-default-setting + mountPath: /var/lib/longhorn-setting/ + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: DEFAULT_SETTING_PATH + value: /var/lib/longhorn-setting/default-setting.yaml + volumes: + - name: dev + hostPath: + path: /dev/ + - name: proc + hostPath: + path: /proc/ + - name: varrun + hostPath: + path: /var/run/ + - name: longhorn + hostPath: + path: /var/lib/longhorn/ + - name: longhorn-default-setting + configMap: + name: longhorn-default-setting + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account + updateStrategy: + rollingUpdate: + maxUnavailable: "100%" +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-manager + name: longhorn-backend + namespace: {{ include "release_namespace" . }} +spec: + type: {{ .Values.service.manager.type }} + sessionAffinity: ClientIP + selector: + app: longhorn-manager + ports: + - name: manager + port: 9500 + targetPort: manager + {{- if .Values.service.manager.nodePort }} + nodePort: {{ .Values.service.manager.nodePort }} + {{- end }} diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/default-setting.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/default-setting.yaml new file mode 100644 index 000000000..14c264e27 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/default-setting.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: longhorn-default-setting + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +data: + default-setting.yaml: |- + backup-target: {{ .Values.defaultSettings.backupTarget }} + backup-target-credential-secret: {{ .Values.defaultSettings.backupTargetCredentialSecret }} + allow-recurring-job-while-volume-detached: {{ .Values.defaultSettings.allowRecurringJobWhileVolumeDetached }} + create-default-disk-labeled-nodes: {{ .Values.defaultSettings.createDefaultDiskLabeledNodes }} + default-data-path: {{ .Values.defaultSettings.defaultDataPath }} + replica-soft-anti-affinity: {{ .Values.defaultSettings.replicaSoftAntiAffinity }} + storage-over-provisioning-percentage: {{ .Values.defaultSettings.storageOverProvisioningPercentage }} + storage-minimal-available-percentage: {{ .Values.defaultSettings.storageMinimalAvailablePercentage }} + upgrade-checker: {{ .Values.defaultSettings.upgradeChecker }} + default-replica-count: {{ .Values.defaultSettings.defaultReplicaCount }} + default-data-locality: {{ .Values.defaultSettings.defaultDataLocality }} + guaranteed-engine-cpu: {{ .Values.defaultSettings.guaranteedEngineCPU }} + default-longhorn-static-storage-class: {{ .Values.defaultSettings.defaultLonghornStaticStorageClass }} + backupstore-poll-interval: {{ .Values.defaultSettings.backupstorePollInterval }} + taint-toleration: {{ .Values.defaultSettings.taintToleration }} + priority-class: {{ .Values.defaultSettings.priorityClass }} + auto-salvage: {{ .Values.defaultSettings.autoSalvage }} + auto-delete-pod-when-volume-detached-unexpectedly: {{ .Values.defaultSettings.autoDeletePodWhenVolumeDetachedUnexpectedly }} + disable-scheduling-on-cordoned-node: {{ .Values.defaultSettings.disableSchedulingOnCordonedNode }} + replica-zone-soft-anti-affinity: {{ .Values.defaultSettings.replicaZoneSoftAntiAffinity }} + volume-attachment-recovery-policy: {{ .Values.defaultSettings.volumeAttachmentRecoveryPolicy }} + node-down-pod-deletion-policy: {{ .Values.defaultSettings.nodeDownPodDeletionPolicy }} + allow-node-drain-with-last-healthy-replica: {{ .Values.defaultSettings.allowNodeDrainWithLastHealthyReplica }} + mkfs-ext4-parameters: {{ .Values.defaultSettings.mkfsExt4Parameters }} + disable-replica-rebuild: {{ .Values.defaultSettings.disableReplicaRebuild }} + replica-replenishment-wait-interval: {{ .Values.defaultSettings.replicaReplenishmentWaitInterval }} + disable-revision-counter: {{ .Values.defaultSettings.disableRevisionCounter }} + system-managed-pods-image-pull-policy: {{ .Values.defaultSettings.systemManagedPodsImagePullPolicy }} + allow-volume-creation-with-degraded-availability: {{ .Values.defaultSettings.allowVolumeCreationWithDegradedAvailability }} + auto-cleanup-system-generated-snapshot: {{ .Values.defaultSettings.autoCleanupSystemGeneratedSnapshot }} diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/deployment-driver.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/deployment-driver.yaml new file mode 100644 index 000000000..c4b6e3587 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/deployment-driver.yaml @@ -0,0 +1,93 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: longhorn-driver-deployer + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + app: longhorn-driver-deployer + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-driver-deployer + spec: + initContainers: + - name: wait-longhorn-manager + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done'] + containers: + - name: longhorn-driver-deployer + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: IfNotPresent + command: + - longhorn-manager + - -d + - deploy-driver + - --manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}" + - --manager-url + - http://longhorn-backend:9500/v1 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + {{- if .Values.csi.kubeletRootDir }} + - name: KUBELET_ROOT_DIR + value: {{ .Values.csi.kubeletRootDir }} + {{- end }} + {{- if and .Values.image.csi.attacher.repository .Values.image.csi.attacher.tag }} + - name: CSI_ATTACHER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.attacher.repository }}:{{ .Values.image.csi.attacher.tag }}" + {{- end }} + {{- if and .Values.image.csi.provisioner.repository .Values.image.csi.provisioner.tag }} + - name: CSI_PROVISIONER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.provisioner.repository }}:{{ .Values.image.csi.provisioner.tag }}" + {{- end }} + {{- if and .Values.image.csi.nodeDriverRegistrar.repository .Values.image.csi.nodeDriverRegistrar.tag }} + - name: CSI_NODE_DRIVER_REGISTRAR_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.nodeDriverRegistrar.repository }}:{{ .Values.image.csi.nodeDriverRegistrar.tag }}" + {{- end }} + {{- if and .Values.image.csi.resizer.repository .Values.image.csi.resizer.tag }} + - name: CSI_RESIZER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.resizer.repository }}:{{ .Values.image.csi.resizer.tag }}" + {{- end }} + {{- if and .Values.image.csi.snapshotter.repository .Values.image.csi.snapshotter.tag }} + - name: CSI_SNAPSHOTTER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.snapshotter.repository }}:{{ .Values.image.csi.snapshotter.tag }}" + {{- end }} + {{- if .Values.csi.attacherReplicaCount }} + - name: CSI_ATTACHER_REPLICA_COUNT + value: {{ .Values.csi.attacherReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.provisionerReplicaCount }} + - name: CSI_PROVISIONER_REPLICA_COUNT + value: {{ .Values.csi.provisionerReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.resizerReplicaCount }} + - name: CSI_RESIZER_REPLICA_COUNT + value: {{ .Values.csi.resizerReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.snapshotterReplicaCount }} + - name: CSI_SNAPSHOTTER_REPLICA_COUNT + value: {{ .Values.csi.snapshotterReplicaCount | quote }} + {{- end }} + + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account + securityContext: + runAsUser: 0 diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/deployment-ui.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/deployment-ui.yaml new file mode 100644 index 000000000..da7c0ea5b --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/deployment-ui.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ui + name: longhorn-ui + namespace: {{ include "release_namespace" . }} +spec: + replicas: 1 + selector: + matchLabels: + app: longhorn-ui + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-ui + spec: + containers: + - name: longhorn-ui + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.ui.repository }}:{{ .Values.image.longhorn.ui.tag }} + imagePullPolicy: IfNotPresent + securityContext: + runAsUser: 0 + ports: + - containerPort: 8000 + name: http + env: + - name: LONGHORN_MANAGER_IP + value: "http://longhorn-backend:9500" + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} +--- +kind: Service +apiVersion: v1 +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ui + {{- if eq .Values.service.ui.type "Rancher-Proxy" }} + kubernetes.io/cluster-service: "true" + {{- end }} + name: longhorn-frontend + namespace: {{ include "release_namespace" . }} +spec: + {{- if eq .Values.service.ui.type "Rancher-Proxy" }} + type: ClusterIP + {{- else }} + type: {{ .Values.service.ui.type }} + {{- end }} + selector: + app: longhorn-ui + ports: + - name: http + port: 80 + targetPort: http + {{- if .Values.service.ui.nodePort }} + nodePort: {{ .Values.service.ui.nodePort }} + {{- else }} + nodePort: null + {{- end }} diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/ingress.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/ingress.yaml new file mode 100644 index 000000000..5b3a40588 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/ingress.yaml @@ -0,0 +1,31 @@ +{{- if .Values.ingress.enabled }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: longhorn-ingress + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ingress + annotations: + {{- if .Values.ingress.tls }} + ingress.kubernetes.io/secure-backends: "true" + {{- end }} + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - path: {{ default "" .Values.ingress.path }} + backend: + serviceName: longhorn-frontend + servicePort: 80 +{{- if .Values.ingress.tls }} + tls: + - hosts: + - {{ .Values.ingress.host }} + secretName: {{ .Values.ingress.tlsSecret }} +{{- end }} +{{- end }} diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/postupgrade-job.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/postupgrade-job.yaml new file mode 100644 index 000000000..6b6a38591 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/postupgrade-job.yaml @@ -0,0 +1,35 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + name: longhorn-post-upgrade + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + activeDeadlineSeconds: 900 + backoffLimit: 1 + template: + metadata: + name: longhorn-post-upgrade + labels: {{- include "longhorn.labels" . | nindent 8 }} + spec: + containers: + - name: longhorn-post-upgrade + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: IfNotPresent + command: + - longhorn-manager + - post-upgrade + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: OnFailure + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/psp.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/psp.yaml new file mode 100644 index 000000000..a2dfc05be --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/psp.yaml @@ -0,0 +1,66 @@ +{{- if .Values.enablePSP }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: longhorn-psp + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + privileged: true + allowPrivilegeEscalation: true + requiredDropCapabilities: + - NET_RAW + allowedCapabilities: + - SYS_ADMIN + hostNetwork: false + hostIPC: false + hostPID: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + fsGroup: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - secret + - projected + - hostPath +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: longhorn-psp-role + labels: {{- include "longhorn.labels" . | nindent 4 }} + namespace: {{ include "release_namespace" . }} +rules: +- apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - longhorn-psp +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: longhorn-psp-binding + labels: {{- include "longhorn.labels" . | nindent 4 }} + namespace: {{ include "release_namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: longhorn-psp-role +subjects: +- kind: ServiceAccount + name: longhorn-service-account + namespace: {{ include "release_namespace" . }} +- kind: ServiceAccount + name: default + namespace: {{ include "release_namespace" . }} +{{- end }} diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/registry-secret.yml b/released/charts/longhorn/longhorn/1.1.000/templates/registry-secret.yml new file mode 100644 index 000000000..1c7565fea --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/registry-secret.yml @@ -0,0 +1,11 @@ +{{- if .Values.privateRegistry.registrySecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.privateRegistry.registrySecret }} + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ template "secret" . }} +{{- end }} \ No newline at end of file diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/serviceaccount.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/serviceaccount.yaml new file mode 100644 index 000000000..ad576c353 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/serviceaccount.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: longhorn-service-account + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/storageclass.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/storageclass.yaml new file mode 100644 index 000000000..dea6aafd4 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/storageclass.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: longhorn-storageclass + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +data: + storageclass.yaml: | + kind: StorageClass + apiVersion: storage.k8s.io/v1 + metadata: + name: longhorn + annotations: + storageclass.kubernetes.io/is-default-class: {{ .Values.persistence.defaultClass | quote }} + provisioner: driver.longhorn.io + allowVolumeExpansion: true + reclaimPolicy: "{{ .Values.persistence.reclaimPolicy }}" + volumeBindingMode: Immediate + parameters: + numberOfReplicas: "{{ .Values.persistence.defaultClassReplicaCount }}" + staleReplicaTimeout: "30" + fromBackup: "" + baseImage: "" + {{- if .Values.persistence.recurringJobs.enable }} + recurringJobs: '{{ .Values.persistence.recurringJobs.jobList }}' + {{- end }} diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/tls-secrets.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/tls-secrets.yaml new file mode 100644 index 000000000..a7ebf13e0 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/tls-secrets.yaml @@ -0,0 +1,16 @@ +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: longhorn + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/uninstall-job.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/uninstall-job.yaml new file mode 100644 index 000000000..e7e9f1457 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/uninstall-job.yaml @@ -0,0 +1,36 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded + name: longhorn-uninstall + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + activeDeadlineSeconds: 900 + backoffLimit: 1 + template: + metadata: + name: longhorn-uninstall + labels: {{- include "longhorn.labels" . | nindent 8 }} + spec: + containers: + - name: longhorn-uninstall + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: IfNotPresent + command: + - longhorn-manager + - uninstall + - --force + env: + - name: LONGHORN_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: OnFailure + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/userroles.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/userroles.yaml new file mode 100644 index 000000000..37e8e3ddb --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/userroles.yaml @@ -0,0 +1,38 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-admin" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: [ "longhorn.io" ] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status"] + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-edit" + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: [ "longhorn.io" ] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status"] + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-view" + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: + - apiGroups: [ "longhorn.io" ] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status"] + verbs: [ "get", "list", "watch" ] diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/validate-install-crd.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/validate-install-crd.yaml new file mode 100644 index 000000000..4899b977c --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "longhorn.io/v1beta1/Engine" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the longhorn-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/longhorn/longhorn/1.1.000/values.yaml b/released/charts/longhorn/longhorn/1.1.000/values.yaml new file mode 100644 index 000000000..c1e38eed9 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/values.yaml @@ -0,0 +1,162 @@ +# Default values for longhorn. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: + cattle: + systemDefaultRegistry: "" + +image: + longhorn: + engine: + repository: rancher/longhornio-longhorn-engine + tag: v1.1.0 + manager: + repository: rancher/longhornio-longhorn-manager + tag: v1.1.0 + ui: + repository: rancher/longhornio-longhorn-ui + tag: v1.1.0 + instanceManager: + repository: rancher/longhornio-longhorn-instance-manager + tag: v1_20201216 + shareManager: + repository: rancher/longhornio-longhorn-share-manager + tag: v1_20201204 + csi: + attacher: + repository: rancher/longhornio-csi-attacher + tag: v2.2.1-lh1 + provisioner: + repository: rancher/longhornio-csi-provisioner + tag: v1.6.0-lh1 + nodeDriverRegistrar: + repository: rancher/longhornio-csi-node-driver-registrar + tag: v1.2.0-lh1 + resizer: + repository: rancher/longhornio-csi-resizer + tag: v0.5.1-lh1 + snapshotter: + repository: rancher/longhornio-csi-snapshotter + tag: v2.1.1-lh1 + pullPolicy: IfNotPresent + +service: + ui: + type: ClusterIP + nodePort: null + manager: + type: ClusterIP + nodePort: "" + +persistence: + defaultClass: true + defaultClassReplicaCount: 3 + reclaimPolicy: Delete + recurringJobs: + enable: false + jobList: [] + +csi: + kubeletRootDir: ~ + attacherReplicaCount: ~ + provisionerReplicaCount: ~ + resizerReplicaCount: ~ + snapshotterReplicaCount: ~ + +defaultSettings: + backupTarget: ~ + backupTargetCredentialSecret: ~ + allowRecurringJobWhileVolumeDetached: ~ + createDefaultDiskLabeledNodes: ~ + defaultDataPath: ~ + defaultDataLocality: ~ + replicaSoftAntiAffinity: ~ + storageOverProvisioningPercentage: ~ + storageMinimalAvailablePercentage: ~ + upgradeChecker: ~ + defaultReplicaCount: ~ + guaranteedEngineCPU: ~ + defaultLonghornStaticStorageClass: ~ + backupstorePollInterval: ~ + taintToleration: ~ + priorityClass: ~ + autoSalvage: ~ + autoDeletePodWhenVolumeDetachedUnexpectedly: ~ + disableSchedulingOnCordonedNode: ~ + replicaZoneSoftAntiAffinity: ~ + volumeAttachmentRecoveryPolicy: ~ + nodeDownPodDeletionPolicy: ~ + allowNodeDrainWithLastHealthyReplica: ~ + mkfsExt4Parameters: ~ + disableReplicaRebuild: ~ + replicaReplenishmentWaitInterval: ~ + disableRevisionCounter: ~ + systemManagedPodsImagePullPolicy: ~ + allowVolumeCreationWithDegradedAvailability: ~ + autoCleanupSystemGeneratedSnapshot: ~ + +privateRegistry: + registryUrl: ~ + registryUser: ~ + registryPasswd: ~ + registrySecret: ~ + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + # + +ingress: + ## Set to true to enable ingress record generation + enabled: false + + + host: xip.io + + ## Set this to true in order to enable TLS on the ingress record + ## A side effect of this will be that the backend service will be connected at port 443 + tls: false + + ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS + tlsSecret: longhorn.local-tls + + ## Ingress annotations done as key:value pairs + ## If you're using kube-lego, you will want to add: + ## kubernetes.io/tls-acme: true + ## + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md + ## + ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set + annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: true + + secrets: + ## If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using kube-lego, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + # - name: longhorn.local-tls + # key: + # certificate: + +# Configure a pod security policy in the Longhorn namespace to allow privileged pods +enablePSP: true + +## Specify override namespace, specifically this is useful for using longhorn as sub-chart +## and its release namespace is not the `longhorn-system` +namespaceOverride: "" diff --git a/released/charts/longhorn/longhorn/1.1.001/.helmignore b/released/charts/longhorn/longhorn/1.1.001/.helmignore new file mode 100755 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/longhorn/longhorn/1.1.001/Chart.yaml b/released/charts/longhorn/longhorn/1.1.001/Chart.yaml new file mode 100755 index 000000000..733dfe1cb --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/Chart.yaml @@ -0,0 +1,37 @@ +annotations: + catalog.cattle.io/auto-install: longhorn-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Longhorn + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: longhorn.io/v1beta1 + catalog.cattle.io/release-name: longhorn + catalog.cattle.io/ui-component: longhorn +apiVersion: v1 +appVersion: v1.1.0 +description: Longhorn is a distributed block storage system for Kubernetes. +home: https://github.com/longhorn/longhorn +icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.svg?sanitize=true +keywords: +- longhorn +- storage +- distributed +- block +- device +- iscsi +kubeVersion: '>=v1.16.0-r0' +maintainers: +- email: maintainers@longhorn.io + name: Longhorn maintainers +- email: sheng@yasker.org + name: Sheng Yang +name: longhorn +sources: +- https://github.com/longhorn/longhorn +- https://github.com/longhorn/longhorn-engine +- https://github.com/longhorn/longhorn-instance-manager +- https://github.com/longhorn/longhorn-share-manager +- https://github.com/longhorn/longhorn-manager +- https://github.com/longhorn/longhorn-ui +- https://github.com/longhorn/longhorn-tests +version: 1.1.001 diff --git a/released/charts/longhorn/longhorn/1.1.001/README.md b/released/charts/longhorn/longhorn/1.1.001/README.md new file mode 100755 index 000000000..eae11ef6d --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/README.md @@ -0,0 +1,32 @@ +# Longhorn Chart + +> **Important**: Please install the Longhorn chart in the `longhorn-system` namespace only. + +> **Warning**: Longhorn doesn't support downgrading from a higher version to a lower version. + +## Source Code + +Longhorn is 100% open source software. Project source code is spread across a number of repos: + +1. Longhorn Engine -- Core controller/replica logic https://github.com/longhorn/longhorn-engine +2. Longhorn Instance Manager -- Controller/replica instance lifecycle management https://github.com/longhorn/longhorn-instance-manager +3. Longhorn Share Manager -- NFS provisioner that exposes Longhorn volumes as ReadWriteMany volumes. https://github.com/longhorn/longhorn-share-manager +4. Longhorn Manager -- Longhorn orchestration, includes CSI driver for Kubernetes https://github.com/longhorn/longhorn-manager +5. Longhorn UI -- Dashboard https://github.com/longhorn/longhorn-ui + +## Prerequisites + +1. Docker v1.13+ +2. Kubernetes v1.16+ +3. Make sure `curl`, `findmnt`, `grep`, `awk` and `blkid` has been installed in all nodes of the Kubernetes cluster. +4. Make sure `open-iscsi` has been installed in all nodes of the Kubernetes cluster. For GKE, recommended Ubuntu as guest OS image since it contains `open-iscsi` already. + +## Uninstallation + +To prevent damage to the Kubernetes cluster, we recommend deleting all Kubernetes workloads using Longhorn volumes (PersistentVolume, PersistentVolumeClaim, StorageClass, Deployment, StatefulSet, DaemonSet, etc). + +From Rancher Cluster Explorer UI, navigate to Apps page, delete app `longhorn` then app `longhorn-crd` in Installed Apps tab. + + +--- +Please see [link](https://github.com/longhorn/longhorn) for more information. diff --git a/released/charts/longhorn/longhorn/1.1.001/app-readme.md b/released/charts/longhorn/longhorn/1.1.001/app-readme.md new file mode 100755 index 000000000..cb23135ca --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/app-readme.md @@ -0,0 +1,11 @@ +# Longhorn + +Longhorn is a lightweight, reliable and easy to use distributed block storage system for Kubernetes. Once deployed, users can leverage persistent volumes provided by Longhorn. + +Longhorn creates a dedicated storage controller for each volume and synchronously replicates the volume across multiple replicas stored on multiple nodes. The storage controller and replicas are themselves orchestrated using Kubernetes. Longhorn supports snapshots, backups and even allows you to schedule recurring snapshots and backups! + +**Important**: Please install Longhorn chart in `longhorn-system` namespace only. + +**Warning**: Longhorn doesn't support downgrading from a higher version to a lower version. + +[Chart Documentation](https://github.com/longhorn/longhorn/blob/master/chart/README.md) diff --git a/released/charts/longhorn/longhorn/1.1.001/questions.yml b/released/charts/longhorn/longhorn/1.1.001/questions.yml new file mode 100755 index 000000000..f7ace54c7 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/questions.yml @@ -0,0 +1,512 @@ +categories: +- storage +namespace: longhorn-system +questions: +- variable: image.defaultImage + default: "true" + description: "Use default Longhorn images" + label: Use Default Images + type: boolean + show_subquestion_if: false + group: "Longhorn Images" + subquestions: + - variable: image.longhorn.manager.repository + default: rancher/longhornio-longhorn-manager + description: "Specify Longhorn Manager Image Repository" + type: string + label: Longhorn Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.manager.tag + default: v1.1.0 + description: "Specify Longhorn Manager Image Tag" + type: string + label: Longhorn Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.engine.repository + default: rancher/longhornio-longhorn-engine + description: "Specify Longhorn Engine Image Repository" + type: string + label: Longhorn Engine Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.engine.tag + default: v1.1.0 + description: "Specify Longhorn Engine Image Tag" + type: string + label: Longhorn Engine Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.ui.repository + default: rancher/longhornio-longhorn-ui + description: "Specify Longhorn UI Image Repository" + type: string + label: Longhorn UI Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.ui.tag + default: v1.1.0 + description: "Specify Longhorn UI Image Tag" + type: string + label: Longhorn UI Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.instanceManager.repository + default: rancher/longhornio-longhorn-instance-manager + description: "Specify Longhorn Instance Manager Image Repository" + type: string + label: Longhorn Instance Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.instanceManager.tag + default: v1_20201216 + description: "Specify Longhorn Instance Manager Image Tag" + type: string + label: Longhorn Instance Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.shareManager.repository + default: rancher/longhornio-longhorn-share-manager + description: "Specify Longhorn Share Manager Image Repository" + type: string + label: Longhorn Share Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.shareManager.tag + default: v1_20201204 + description: "Specify Longhorn Share Manager Image Tag" + type: string + label: Longhorn Share Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.csi.attacher.repository + default: rancher/longhornio-csi-attacher + description: "Specify CSI attacher image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Attacher Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.attacher.tag + default: v2.2.1-lh1 + description: "Specify CSI attacher image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Attacher Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.provisioner.repository + default: rancher/longhornio-csi-provisioner + description: "Specify CSI provisioner image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Provisioner Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.provisioner.tag + default: v1.6.0-lh1 + description: "Specify CSI provisioner image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Provisioner Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.nodeDriverRegistrar.repository + default: rancher/longhornio-csi-node-driver-registrar + description: "Specify CSI Node Driver Registrar image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Node Driver Registrar Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.nodeDriverRegistrar.tag + default: v1.2.0-lh1 + description: "Specify CSI Node Driver Registrar image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Node Driver Registrar Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.resizer.repository + default: rancher/longhornio-csi-resizer + description: "Specify CSI Driver Resizer image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Resizer Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.resizer.tag + default: v0.5.1-lh1 + description: "Specify CSI Driver Resizer image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Resizer Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.snapshotter.repository + default: rancher/longhornio-csi-snapshotter + description: "Specify CSI Driver Snapshotter image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Snapshotter Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.snapshotter.tag + default: v2.1.1-lh1 + description: "Specify CSI Driver Snapshotter image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Snapshotter Image Tag + group: "Longhorn CSI Driver Images" +- variable: privateRegistry.registryUrl + label: Private registry URL + description: "URL of private registry. Leave blank to apply system default registry." + group: "Private Registry Settings" + type: string + default: "" +- variable: privateRegistry.registryUser + label: Private registry user + description: "User used to authenticate to private registry" + group: "Private Registry Settings" + type: string + default: "" +- variable: privateRegistry.registryPasswd + label: Private registry password + description: "Password used to authenticate to private registry" + group: "Private Registry Settings" + type: password + default: "" +- variable: privateRegistry.registrySecret + label: Private registry secret name + description: "Longhorn will automatically generate a Kubernetes secret with this name and use it to pull images from your private registry." + group: "Private Registry Settings" + type: string + default: "" +- variable: longhorn.default_setting + default: "false" + description: "Customize the default settings before installing Longhorn for the first time. This option will only work if the cluster hasn't installed Longhorn." + label: "Customize Default Settings" + type: boolean + show_subquestion_if: true + group: "Longhorn Default Settings" + subquestions: + - variable: csi.kubeletRootDir + default: + description: "Specify kubelet root-dir. Leave blank to autodetect." + type: string + label: Kubelet Root Directory + group: "Longhorn CSI Driver Settings" + - variable: csi.attacherReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Specify replica count of CSI Attacher. By default 3." + label: Longhorn CSI Attacher replica count + group: "Longhorn CSI Driver Settings" + - variable: csi.provisionerReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Specify replica count of CSI Provisioner. By default 3." + label: Longhorn CSI Provisioner replica count + group: "Longhorn CSI Driver Settings" + - variable: csi.resizerReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Specify replica count of CSI Resizer. By default 3." + label: Longhorn CSI Resizer replica count + group: "Longhorn CSI Driver Settings" + - variable: csi.snapshotterReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Specify replica count of CSI Snapshotter. By default 3." + label: Longhorn CSI Snapshotter replica count + group: "Longhorn CSI Driver Settings" + - variable: defaultSettings.backupTarget + label: Backup Target + description: "The endpoint used to access the backupstore. NFS and S3 are supported." + group: "Longhorn Default Settings" + type: string + default: + - variable: defaultSettings.backupTargetCredentialSecret + label: Backup Target Credential Secret + description: "The name of the Kubernetes secret associated with the backup target." + group: "Longhorn Default Settings" + type: string + default: + - variable: defaultSettings.allowRecurringJobWhileVolumeDetached + label: Allow Recurring Job While Volume Is Detached + description: 'If this setting is enabled, Longhorn will automatically attaches the volume and takes snapshot/backup when it is the time to do recurring snapshot/backup. +Note that the volume is not ready for workload during the period when the volume was automatically attached. Workload will have to wait until the recurring job finishes.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.createDefaultDiskLabeledNodes + label: Create Default Disk on Labeled Nodes + description: 'Create default Disk automatically only on Nodes with the label "node.longhorn.io/create-default-disk=true" if no other disks exist. If disabled, the default disk will be created on all new nodes when each node is first added.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.defaultDataPath + label: Default Data Path + description: 'Default path to use for storing data on a host. By default "/var/lib/longhorn/"' + group: "Longhorn Default Settings" + type: string + default: "/var/lib/longhorn/" + - variable: defaultSettings.defaultDataLocality + label: Default Data Locality + description: 'We say a Longhorn volume has data locality if there is a local replica of the volume on the same node as the pod which is using the volume. +This setting specifies the default data locality when a volume is created from the Longhorn UI. For Kubernetes configuration, update the `dataLocality` in the StorageClass +The available modes are: +- **disabled**. This is the default option. There may or may not be a replica on the same node as the attached volume (workload) +- **best-effort**. This option instructs Longhorn to try to keep a replica on the same node as the attached volume (workload). Longhorn will not stop the volume, even if it cannot keep a replica local to the attached volume (workload) due to environment limitation, e.g. not enough disk space, incompatible disk tags, etc.' + group: "Longhorn Default Settings" + type: enum + options: + - "disabled" + - "best-effort" + default: "disabled" + - variable: defaultSettings.replicaSoftAntiAffinity + label: Replica Node Level Soft Anti-Affinity + description: 'Allow scheduling on nodes with existing healthy replicas of the same volume. By default false.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.storageOverProvisioningPercentage + label: Storage Over Provisioning Percentage + description: "The over-provisioning percentage defines how much storage can be allocated relative to the hard drive's capacity. By default 200." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 200 + - variable: defaultSettings.storageMinimalAvailablePercentage + label: Storage Minimal Available Percentage + description: "If the minimum available disk capacity exceeds the actual percentage of available disk capacity, the disk becomes unschedulable until more space is freed up. By default 25." + group: "Longhorn Default Settings" + type: int + min: 0 + max: 100 + default: 25 + - variable: defaultSettings.upgradeChecker + label: Enable Upgrade Checker + description: 'Upgrade Checker will check for new Longhorn version periodically. When there is a new version available, a notification will appear in the UI. By default true.' + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.defaultReplicaCount + label: Default Replica Count + description: "The default number of replicas when a volume is created from the Longhorn UI. For Kubernetes configuration, update the `numberOfReplicas` in the StorageClass. By default 3." + group: "Longhorn Default Settings" + type: int + min: 1 + max: 20 + default: 3 + - variable: defaultSettings.guaranteedEngineCPU + label: Guaranteed Engine CPU + description: "Allow Longhorn Instance Managers to have guaranteed CPU allocation. By default 0.25. The value is how many CPUs should be reserved for each Engine/Replica Instance Manager Pod created by Longhorn. For example, 0.1 means one-tenth of a CPU. This will help maintain engine stability during high node workload. It only applies to the Engine/Replica Instance Manager Pods created after the setting took effect. +In order to prevent unexpected volume crash, you can use the following formula to calculate an appropriate value for this setting: +'Guaranteed Engine CPU = The estimated max Longhorn volume/replica count on a node * 0.1'. +The result of above calculation doesn't mean that's the maximum CPU resources the Longhorn workloads require. To fully exploit the Longhorn volume I/O performance, you can allocate/guarantee more CPU resources via this setting. +If it's hard to estimate the volume/replica count now, you can leave it with the default value, or allocate 1/8 of total CPU of a node. Then you can tune it when there is no running workload using Longhorn volumes. +WARNING: After this setting is changed, all the instance managers on all the nodes will be automatically restarted +WARNING: DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES." + group: "Longhorn Default Settings" + type: float + default: 0.25 + - variable: defaultSettings.defaultLonghornStaticStorageClass + label: Default Longhorn Static StorageClass Name + description: "The 'storageClassName' is given to PVs and PVCs that are created for an existing Longhorn volume. The StorageClass name can also be used as a label, so it is possible to use a Longhorn StorageClass to bind a workload to an existing PV without creating a Kubernetes StorageClass object. By default 'longhorn-static'." + group: "Longhorn Default Settings" + type: string + default: "longhorn-static" + - variable: defaultSettings.backupstorePollInterval + label: Backupstore Poll Interval + description: "In seconds. The backupstore poll interval determines how often Longhorn checks the backupstore for new backups. Set to 0 to disable the polling. By default 300." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 300 + - variable: defaultSettings.taintToleration + label: Kubernetes Taint Toleration + description: "To dedicate nodes to store Longhorn replicas and reject other general workloads, set tolerations for Longhorn and add taints for the storage nodes. +All Longhorn volumes should be detached before modifying toleration settings. +We recommend setting tolerations during Longhorn deployment because the Longhorn system cannot be operated during the update. +Multiple tolerations can be set here, and these tolerations are separated by semicolon. For example: +* `key1=value1:NoSchedule; key2:NoExecute` +* `:` this toleration tolerates everything because an empty key with operator `Exists` matches all keys, values and effects +* `key1=value1:` this toleration has empty effect. It matches all effects with key `key1` +Because `kubernetes.io` is used as the key of all Kubernetes default tolerations, it should not be used in the toleration settings. +WARNING: DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES!" + group: "Longhorn Default Settings" + type: string + default: "" + - variable: defaultSettings.priorityClass + label: Priority Class + description: "The name of the Priority Class to set on the Longhorn workloads. This can help prevent Longhorn workloads from being evicted under Node Pressure. WARNING: DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES." + group: "Longhorn Default Settings" + type: string + default: "" + - variable: defaultSettings.autoSalvage + label: Automatic salvage + description: "If enabled, volumes will be automatically salvaged when all the replicas become faulty e.g. due to network disconnection. Longhorn will try to figure out which replica(s) are usable, then use them for the volume. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.autoDeletePodWhenVolumeDetachedUnexpectedly + label: Automatically Delete Workload Pod when The Volume Is Detached Unexpectedly + description: 'If enabled, Longhorn will automatically delete the workload pod that is managed by a controller (e.g. deployment, statefulset, daemonset, etc...) when Longhorn volume is detached unexpectedly (e.g. during Kubernetes upgrade, Docker reboot, or network disconnect). By deleting the pod, its controller restarts the pod and Kubernetes handles volume reattachment and remount. +If disabled, Longhorn will not delete the workload pod that is managed by a controller. You will have to manually restart the pod to reattach and remount the volume. +**Note:** This setting does not apply to the workload pods that do not have a controller. Longhorn never deletes them.' + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.disableSchedulingOnCordonedNode + label: Disable Scheduling On Cordoned Node + description: "Disable Longhorn manager to schedule replica on Kubernetes cordoned node. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.replicaZoneSoftAntiAffinity + label: Replica Zone Level Soft Anti-Affinity + description: "Allow scheduling new Replicas of Volume to the Nodes in the same Zone as existing healthy Replicas. Nodes don't belong to any Zone will be treated as in the same Zone. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.volumeAttachmentRecoveryPolicy + label: Volume Attachment Recovery Policy + description: "Defines the Longhorn action when a Volume is stuck with a Deployment Pod on a failed node. `wait` leads to the deletion of the volume attachment as soon as the pods deletion time has passed. `never` is the default Kubernetes behavior of never deleting volume attachments on terminating pods. `immediate` leads to the deletion of the volume attachment as soon as all workload pods are pending. By default wait." + group: "Longhorn Default Settings" + type: enum + options: + - "wait" + - "never" + - "immediate" + default: "wait" + - variable: defaultSettings.nodeDownPodDeletionPolicy + label: Pod Deletion Policy When Node is Down + description: "Defines the Longhorn action when a Volume is stuck with a StatefulSet/Deployment Pod on a node that is down. +- **do-nothing** is the default Kubernetes behavior of never force deleting StatefulSet/Deployment terminating pods. Since the pod on the node that is down isn't removed, Longhorn volumes are stuck on nodes that are down. +- **delete-statefulset-pod** Longhorn will force delete StatefulSet terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods. +- **delete-deployment-pod** Longhorn will force delete Deployment terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods. +- **delete-both-statefulset-and-deployment-pod** Longhorn will force delete StatefulSet/Deployment terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods." + group: "Longhorn Default Settings" + type: enum + options: + - "do-nothing" + - "delete-statefulset-pod" + - "delete-deployment-pod" + - "delete-both-statefulset-and-deployment-pod" + default: "do-nothing" + - variable: defaultSettings.allowNodeDrainWithLastHealthyReplica + label: Allow Node Drain with the Last Healthy Replica + description: "By default, Longhorn will block `kubectl drain` action on a node if the node contains the last healthy replica of a volume. +If this setting is enabled, Longhorn will **not** block `kubectl drain` action on a node even if the node contains the last healthy replica of a volume." + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.mkfsExt4Parameters + label: Custom mkfs.ext4 parameters + description: "Allows setting additional filesystem creation parameters for ext4. For older host kernels it might be necessary to disable the optional ext4 metadata_csum feature by specifying `-O ^64bit,^metadata_csum`." + group: "Longhorn Default Settings" + type: string + - variable: defaultSettings.disableReplicaRebuild + label: Disable Replica Rebuild + description: "This setting disable replica rebuild cross the whole cluster, eviction and data locality feature won't work if this setting is true. But doesn't have any impact to any current replica rebuild and restore disaster recovery volume." + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.replicaReplenishmentWaitInterval + label: Replica Replenishment Wait Interval + description: "In seconds. The interval determines how long Longhorn will wait at least in order to reuse the existing data on a failed replica rather than directly creating a new replica for a degraded volume. +Warning: This option works only when there is a failed replica in the volume. And this option may block the rebuilding for a while in the case." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 600 + - variable: defaultSettings.disableRevisionCounter + label: Disable Revision Counter + description: "This setting is only for volumes created by UI. By default, this is false meaning there will be a reivision counter file to track every write to the volume. During salvage recovering Longhorn will pick the repica with largest reivision counter as candidate to recover the whole volume. If revision counter is disabled, Longhorn will not track every write to the volume. During the salvage recovering, Longhorn will use the 'volume-head-xxx.img' file last modification time and file size to pick the replica candidate to recover the whole volume." + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.systemManagedPodsImagePullPolicy + label: System Managed Pod Image Pull Policy + description: "This setting defines the Image Pull Policy of Longhorn system managed pods, e.g. instance manager, engine image, CSI driver, etc. The new Image Pull Policy will only apply after the system managed pods restart." + group: "Longhorn Default Settings" + type: enum + options: + - "if-not-present" + - "always" + - "never" + default: "if-not-present" + - variable: defaultSettings.allowVolumeCreationWithDegradedAvailability + label: Allow Volume Creation with Degraded Availability + description: "This setting allows user to create and attach a volume that doesn't have all the replicas scheduled at the time of creation." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.autoCleanupSystemGeneratedSnapshot + label: Automatically Cleanup System Generated Snapshot + description: "This setting enables Longhorn to automatically cleanup the system generated snapshot after replica rebuild is done." + group: "Longhorn Default Settings" + type: boolean + default: "true" +- variable: persistence.defaultClass + default: "true" + description: "Set as default StorageClass for Longhorn" + label: Default Storage Class + group: "Longhorn Storage Class Settings" + required: true + type: boolean +- variable: persistence.reclaimPolicy + label: Storage Class Retain Policy + description: "Define reclaim policy (Retain or Delete)" + group: "Longhorn Storage Class Settings" + required: true + type: enum + options: + - "Delete" + - "Retain" + default: "Delete" +- variable: persistence.defaultClassReplicaCount + description: "Set replica count for Longhorn StorageClass" + label: Default Storage Class Replica Count + group: "Longhorn Storage Class Settings" + type: int + min: 1 + max: 10 + default: 3 +- variable: persistence.recurringJobs.enable + description: "Enable recurring job for Longhorn StorageClass" + group: "Longhorn Storage Class Settings" + label: Enable Storage Class Recurring Job + type: boolean + default: false + show_subquestion_if: true + subquestions: + - variable: persistence.recurringJobs.jobList + description: 'Recurring job list for Longhorn StorageClass. Please be careful of quotes of input. e.g., [{"name":"backup", "task":"backup", "cron":"*/2 * * * *", "retain":1,"labels": {"interval":"2m"}}]' + label: Storage Class Recurring Job List + group: "Longhorn Storage Class Settings" + type: string + default: +- variable: ingress.enabled + default: "false" + description: "Expose app using Layer 7 Load Balancer - ingress" + type: boolean + group: "Services and Load Balancing" + label: Expose app using Layer 7 Load Balancer + show_subquestion_if: true + subquestions: + - variable: ingress.host + default: "xip.io" + description: "layer 7 Load Balancer hostname" + type: hostname + required: true + label: Layer 7 Load Balancer Hostname +- variable: service.ui.type + default: "Rancher-Proxy" + description: "Define Longhorn UI service type" + type: enum + options: + - "ClusterIP" + - "NodePort" + - "LoadBalancer" + - "Rancher-Proxy" + label: Longhorn UI Service + show_if: "ingress.enabled=false" + group: "Services and Load Balancing" + show_subquestion_if: "NodePort" + subquestions: + - variable: service.ui.nodePort + default: "" + description: "NodePort port number(to set explicitly, choose port between 30000-32767)" + type: int + min: 30000 + max: 32767 + show_if: "service.ui.type=NodePort||service.ui.type=LoadBalancer" + label: UI Service NodePort number +- variable: enablePSP + default: "true" + description: "Setup a pod security policy for Longhorn workloads." + label: Pod Security Policy + type: boolean + group: "Other Settings" diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/NOTES.txt b/released/charts/longhorn/longhorn/1.1.001/templates/NOTES.txt new file mode 100755 index 000000000..cca7cd77b --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/NOTES.txt @@ -0,0 +1,5 @@ +Longhorn is now installed on the cluster! + +Please wait a few minutes for other Longhorn components such as CSI deployments, Engine Images, and Instance Managers to be initialized. + +Visit our documentation at https://longhorn.io/docs/ diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/_helpers.tpl b/released/charts/longhorn/longhorn/1.1.001/templates/_helpers.tpl new file mode 100755 index 000000000..3fbc2ac02 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "longhorn.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "longhorn.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "longhorn.managerIP" -}} +{{- $fullname := (include "longhorn.fullname" .) -}} +{{- printf "http://%s-backend:9500" $fullname | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "secret" }} +{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.privateRegistry.registryUrl (printf "%s:%s" .Values.privateRegistry.registryUser .Values.privateRegistry.registryPasswd | b64enc) | b64enc }} +{{- end }} + +{{- /* +longhorn.labels generates the standard Helm labels. +*/ -}} +{{- define "longhorn.labels" -}} +app.kubernetes.io/name: {{ template "longhorn.name" . }} +helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/version: {{ .Chart.AppVersion }} +{{- end -}} + + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{- define "registry_url" -}} +{{- if .Values.privateRegistry.registryUrl -}} +{{- printf "%s/" .Values.privateRegistry.registryUrl -}} +{{- else -}} +{{ include "system_default_registry" . }} +{{- end -}} +{{- end -}} + +{{- /* + define the longhorn release namespace +*/ -}} +{{- define "release_namespace" -}} +{{- if .Values.namespaceOverride -}} +{{- .Values.namespaceOverride -}} +{{- else -}} +{{- .Release.Namespace -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/clusterrole.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/clusterrole.yaml new file mode 100755 index 000000000..c69761756 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/clusterrole.yaml @@ -0,0 +1,47 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: longhorn-role + labels: {{- include "longhorn.labels" . | nindent 4 }} +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - "*" +- apiGroups: [""] + resources: ["pods", "events", "persistentvolumes", "persistentvolumeclaims","persistentvolumeclaims/status", "nodes", "proxy/nodes", "pods/log", "secrets", "services", "endpoints", "configmaps"] + verbs: ["*"] +- apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] +- apiGroups: ["apps"] + resources: ["daemonsets", "statefulsets", "deployments"] + verbs: ["*"] +- apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["*"] +- apiGroups: ["policy"] + resources: ["poddisruptionbudgets"] + verbs: ["*"] +- apiGroups: ["scheduling.k8s.io"] + resources: ["priorityclasses"] + verbs: ["watch", "list"] +- apiGroups: ["storage.k8s.io"] + resources: ["storageclasses", "volumeattachments", "csinodes", "csidrivers"] + verbs: ["*"] +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses", "volumesnapshots", "volumesnapshotcontents", "volumesnapshotcontents/status"] + verbs: ["*"] +- apiGroups: ["longhorn.io"] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status"] + verbs: ["*"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["*"] +- apiGroups: ["metrics.k8s.io"] + resources: ["pods", "nodes"] + verbs: ["get", "list"] diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/clusterrolebinding.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..66ac62f9b --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/clusterrolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: longhorn-bind + labels: {{- include "longhorn.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: longhorn-role +subjects: +- kind: ServiceAccount + name: longhorn-service-account + namespace: {{ include "release_namespace" . }} diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/daemonset-sa.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/daemonset-sa.yaml new file mode 100755 index 000000000..e40793591 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/daemonset-sa.yaml @@ -0,0 +1,114 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-manager + name: longhorn-manager + namespace: {{ include "release_namespace" . }} +spec: + selector: + matchLabels: + app: longhorn-manager + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-manager + spec: + containers: + - name: longhorn-manager + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: IfNotPresent + securityContext: + privileged: true + command: + - longhorn-manager + - -d + - daemon + - --engine-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.engine.repository }}:{{ .Values.image.longhorn.engine.tag }}" + - --instance-manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.instanceManager.repository }}:{{ .Values.image.longhorn.instanceManager.tag }}" + - --share-manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.shareManager.repository }}:{{ .Values.image.longhorn.shareManager.tag }}" + - --manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}" + - --service-account + - longhorn-service-account + ports: + - containerPort: 9500 + name: manager + readinessProbe: + tcpSocket: + port: 9500 + volumeMounts: + - name: dev + mountPath: /host/dev/ + - name: proc + mountPath: /host/proc/ + - name: varrun + mountPath: /var/run/ + mountPropagation: Bidirectional + - name: longhorn + mountPath: /var/lib/longhorn/ + mountPropagation: Bidirectional + - name: longhorn-default-setting + mountPath: /var/lib/longhorn-setting/ + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: DEFAULT_SETTING_PATH + value: /var/lib/longhorn-setting/default-setting.yaml + volumes: + - name: dev + hostPath: + path: /dev/ + - name: proc + hostPath: + path: /proc/ + - name: varrun + hostPath: + path: /var/run/ + - name: longhorn + hostPath: + path: /var/lib/longhorn/ + - name: longhorn-default-setting + configMap: + name: longhorn-default-setting + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account + updateStrategy: + rollingUpdate: + maxUnavailable: "100%" +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-manager + name: longhorn-backend + namespace: {{ include "release_namespace" . }} +spec: + type: {{ .Values.service.manager.type }} + sessionAffinity: ClientIP + selector: + app: longhorn-manager + ports: + - name: manager + port: 9500 + targetPort: manager + {{- if .Values.service.manager.nodePort }} + nodePort: {{ .Values.service.manager.nodePort }} + {{- end }} diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/default-setting.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/default-setting.yaml new file mode 100755 index 000000000..14c264e27 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/default-setting.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: longhorn-default-setting + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +data: + default-setting.yaml: |- + backup-target: {{ .Values.defaultSettings.backupTarget }} + backup-target-credential-secret: {{ .Values.defaultSettings.backupTargetCredentialSecret }} + allow-recurring-job-while-volume-detached: {{ .Values.defaultSettings.allowRecurringJobWhileVolumeDetached }} + create-default-disk-labeled-nodes: {{ .Values.defaultSettings.createDefaultDiskLabeledNodes }} + default-data-path: {{ .Values.defaultSettings.defaultDataPath }} + replica-soft-anti-affinity: {{ .Values.defaultSettings.replicaSoftAntiAffinity }} + storage-over-provisioning-percentage: {{ .Values.defaultSettings.storageOverProvisioningPercentage }} + storage-minimal-available-percentage: {{ .Values.defaultSettings.storageMinimalAvailablePercentage }} + upgrade-checker: {{ .Values.defaultSettings.upgradeChecker }} + default-replica-count: {{ .Values.defaultSettings.defaultReplicaCount }} + default-data-locality: {{ .Values.defaultSettings.defaultDataLocality }} + guaranteed-engine-cpu: {{ .Values.defaultSettings.guaranteedEngineCPU }} + default-longhorn-static-storage-class: {{ .Values.defaultSettings.defaultLonghornStaticStorageClass }} + backupstore-poll-interval: {{ .Values.defaultSettings.backupstorePollInterval }} + taint-toleration: {{ .Values.defaultSettings.taintToleration }} + priority-class: {{ .Values.defaultSettings.priorityClass }} + auto-salvage: {{ .Values.defaultSettings.autoSalvage }} + auto-delete-pod-when-volume-detached-unexpectedly: {{ .Values.defaultSettings.autoDeletePodWhenVolumeDetachedUnexpectedly }} + disable-scheduling-on-cordoned-node: {{ .Values.defaultSettings.disableSchedulingOnCordonedNode }} + replica-zone-soft-anti-affinity: {{ .Values.defaultSettings.replicaZoneSoftAntiAffinity }} + volume-attachment-recovery-policy: {{ .Values.defaultSettings.volumeAttachmentRecoveryPolicy }} + node-down-pod-deletion-policy: {{ .Values.defaultSettings.nodeDownPodDeletionPolicy }} + allow-node-drain-with-last-healthy-replica: {{ .Values.defaultSettings.allowNodeDrainWithLastHealthyReplica }} + mkfs-ext4-parameters: {{ .Values.defaultSettings.mkfsExt4Parameters }} + disable-replica-rebuild: {{ .Values.defaultSettings.disableReplicaRebuild }} + replica-replenishment-wait-interval: {{ .Values.defaultSettings.replicaReplenishmentWaitInterval }} + disable-revision-counter: {{ .Values.defaultSettings.disableRevisionCounter }} + system-managed-pods-image-pull-policy: {{ .Values.defaultSettings.systemManagedPodsImagePullPolicy }} + allow-volume-creation-with-degraded-availability: {{ .Values.defaultSettings.allowVolumeCreationWithDegradedAvailability }} + auto-cleanup-system-generated-snapshot: {{ .Values.defaultSettings.autoCleanupSystemGeneratedSnapshot }} diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/deployment-driver.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/deployment-driver.yaml new file mode 100755 index 000000000..c4b6e3587 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/deployment-driver.yaml @@ -0,0 +1,93 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: longhorn-driver-deployer + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + app: longhorn-driver-deployer + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-driver-deployer + spec: + initContainers: + - name: wait-longhorn-manager + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done'] + containers: + - name: longhorn-driver-deployer + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: IfNotPresent + command: + - longhorn-manager + - -d + - deploy-driver + - --manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}" + - --manager-url + - http://longhorn-backend:9500/v1 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + {{- if .Values.csi.kubeletRootDir }} + - name: KUBELET_ROOT_DIR + value: {{ .Values.csi.kubeletRootDir }} + {{- end }} + {{- if and .Values.image.csi.attacher.repository .Values.image.csi.attacher.tag }} + - name: CSI_ATTACHER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.attacher.repository }}:{{ .Values.image.csi.attacher.tag }}" + {{- end }} + {{- if and .Values.image.csi.provisioner.repository .Values.image.csi.provisioner.tag }} + - name: CSI_PROVISIONER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.provisioner.repository }}:{{ .Values.image.csi.provisioner.tag }}" + {{- end }} + {{- if and .Values.image.csi.nodeDriverRegistrar.repository .Values.image.csi.nodeDriverRegistrar.tag }} + - name: CSI_NODE_DRIVER_REGISTRAR_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.nodeDriverRegistrar.repository }}:{{ .Values.image.csi.nodeDriverRegistrar.tag }}" + {{- end }} + {{- if and .Values.image.csi.resizer.repository .Values.image.csi.resizer.tag }} + - name: CSI_RESIZER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.resizer.repository }}:{{ .Values.image.csi.resizer.tag }}" + {{- end }} + {{- if and .Values.image.csi.snapshotter.repository .Values.image.csi.snapshotter.tag }} + - name: CSI_SNAPSHOTTER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.snapshotter.repository }}:{{ .Values.image.csi.snapshotter.tag }}" + {{- end }} + {{- if .Values.csi.attacherReplicaCount }} + - name: CSI_ATTACHER_REPLICA_COUNT + value: {{ .Values.csi.attacherReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.provisionerReplicaCount }} + - name: CSI_PROVISIONER_REPLICA_COUNT + value: {{ .Values.csi.provisionerReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.resizerReplicaCount }} + - name: CSI_RESIZER_REPLICA_COUNT + value: {{ .Values.csi.resizerReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.snapshotterReplicaCount }} + - name: CSI_SNAPSHOTTER_REPLICA_COUNT + value: {{ .Values.csi.snapshotterReplicaCount | quote }} + {{- end }} + + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account + securityContext: + runAsUser: 0 diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/deployment-ui.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/deployment-ui.yaml new file mode 100755 index 000000000..da7c0ea5b --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/deployment-ui.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ui + name: longhorn-ui + namespace: {{ include "release_namespace" . }} +spec: + replicas: 1 + selector: + matchLabels: + app: longhorn-ui + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-ui + spec: + containers: + - name: longhorn-ui + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.ui.repository }}:{{ .Values.image.longhorn.ui.tag }} + imagePullPolicy: IfNotPresent + securityContext: + runAsUser: 0 + ports: + - containerPort: 8000 + name: http + env: + - name: LONGHORN_MANAGER_IP + value: "http://longhorn-backend:9500" + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} +--- +kind: Service +apiVersion: v1 +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ui + {{- if eq .Values.service.ui.type "Rancher-Proxy" }} + kubernetes.io/cluster-service: "true" + {{- end }} + name: longhorn-frontend + namespace: {{ include "release_namespace" . }} +spec: + {{- if eq .Values.service.ui.type "Rancher-Proxy" }} + type: ClusterIP + {{- else }} + type: {{ .Values.service.ui.type }} + {{- end }} + selector: + app: longhorn-ui + ports: + - name: http + port: 80 + targetPort: http + {{- if .Values.service.ui.nodePort }} + nodePort: {{ .Values.service.ui.nodePort }} + {{- else }} + nodePort: null + {{- end }} diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/ingress.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/ingress.yaml new file mode 100755 index 000000000..5b3a40588 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/ingress.yaml @@ -0,0 +1,31 @@ +{{- if .Values.ingress.enabled }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: longhorn-ingress + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ingress + annotations: + {{- if .Values.ingress.tls }} + ingress.kubernetes.io/secure-backends: "true" + {{- end }} + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - path: {{ default "" .Values.ingress.path }} + backend: + serviceName: longhorn-frontend + servicePort: 80 +{{- if .Values.ingress.tls }} + tls: + - hosts: + - {{ .Values.ingress.host }} + secretName: {{ .Values.ingress.tlsSecret }} +{{- end }} +{{- end }} diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/postupgrade-job.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/postupgrade-job.yaml new file mode 100755 index 000000000..6b6a38591 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/postupgrade-job.yaml @@ -0,0 +1,35 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + name: longhorn-post-upgrade + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + activeDeadlineSeconds: 900 + backoffLimit: 1 + template: + metadata: + name: longhorn-post-upgrade + labels: {{- include "longhorn.labels" . | nindent 8 }} + spec: + containers: + - name: longhorn-post-upgrade + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: IfNotPresent + command: + - longhorn-manager + - post-upgrade + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: OnFailure + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/psp.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/psp.yaml new file mode 100755 index 000000000..a2dfc05be --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/psp.yaml @@ -0,0 +1,66 @@ +{{- if .Values.enablePSP }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: longhorn-psp + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + privileged: true + allowPrivilegeEscalation: true + requiredDropCapabilities: + - NET_RAW + allowedCapabilities: + - SYS_ADMIN + hostNetwork: false + hostIPC: false + hostPID: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + fsGroup: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - secret + - projected + - hostPath +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: longhorn-psp-role + labels: {{- include "longhorn.labels" . | nindent 4 }} + namespace: {{ include "release_namespace" . }} +rules: +- apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - longhorn-psp +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: longhorn-psp-binding + labels: {{- include "longhorn.labels" . | nindent 4 }} + namespace: {{ include "release_namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: longhorn-psp-role +subjects: +- kind: ServiceAccount + name: longhorn-service-account + namespace: {{ include "release_namespace" . }} +- kind: ServiceAccount + name: default + namespace: {{ include "release_namespace" . }} +{{- end }} diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/registry-secret.yml b/released/charts/longhorn/longhorn/1.1.001/templates/registry-secret.yml new file mode 100755 index 000000000..1c7565fea --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/registry-secret.yml @@ -0,0 +1,11 @@ +{{- if .Values.privateRegistry.registrySecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.privateRegistry.registrySecret }} + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ template "secret" . }} +{{- end }} \ No newline at end of file diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/serviceaccount.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/serviceaccount.yaml new file mode 100755 index 000000000..ad576c353 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/serviceaccount.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: longhorn-service-account + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/storageclass.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/storageclass.yaml new file mode 100755 index 000000000..dea6aafd4 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/storageclass.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: longhorn-storageclass + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +data: + storageclass.yaml: | + kind: StorageClass + apiVersion: storage.k8s.io/v1 + metadata: + name: longhorn + annotations: + storageclass.kubernetes.io/is-default-class: {{ .Values.persistence.defaultClass | quote }} + provisioner: driver.longhorn.io + allowVolumeExpansion: true + reclaimPolicy: "{{ .Values.persistence.reclaimPolicy }}" + volumeBindingMode: Immediate + parameters: + numberOfReplicas: "{{ .Values.persistence.defaultClassReplicaCount }}" + staleReplicaTimeout: "30" + fromBackup: "" + baseImage: "" + {{- if .Values.persistence.recurringJobs.enable }} + recurringJobs: '{{ .Values.persistence.recurringJobs.jobList }}' + {{- end }} diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/tls-secrets.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/tls-secrets.yaml new file mode 100755 index 000000000..a7ebf13e0 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/tls-secrets.yaml @@ -0,0 +1,16 @@ +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: longhorn + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/uninstall-job.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/uninstall-job.yaml new file mode 100755 index 000000000..e7e9f1457 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/uninstall-job.yaml @@ -0,0 +1,36 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded + name: longhorn-uninstall + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + activeDeadlineSeconds: 900 + backoffLimit: 1 + template: + metadata: + name: longhorn-uninstall + labels: {{- include "longhorn.labels" . | nindent 8 }} + spec: + containers: + - name: longhorn-uninstall + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: IfNotPresent + command: + - longhorn-manager + - uninstall + - --force + env: + - name: LONGHORN_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: OnFailure + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/userroles.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/userroles.yaml new file mode 100755 index 000000000..37e8e3ddb --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/userroles.yaml @@ -0,0 +1,38 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-admin" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: [ "longhorn.io" ] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status"] + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-edit" + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: [ "longhorn.io" ] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status"] + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-view" + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: + - apiGroups: [ "longhorn.io" ] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status"] + verbs: [ "get", "list", "watch" ] diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/validate-install-crd.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/validate-install-crd.yaml new file mode 100755 index 000000000..a4be98416 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/validate-install-crd.yaml @@ -0,0 +1,21 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "longhorn.io/v1beta1/Engine" false -}} +# {{- set $found "longhorn.io/v1beta1/Replica" false -}} +# {{- set $found "longhorn.io/v1beta1/Setting" false -}} +# {{- set $found "longhorn.io/v1beta1/Volume" false -}} +# {{- set $found "longhorn.io/v1beta1/EngineImage" false -}} +# {{- set $found "longhorn.io/v1beta1/Node" false -}} +# {{- set $found "longhorn.io/v1beta1/InstanceManager" false -}} +# {{- set $found "longhorn.io/v1beta1/ShareManager" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/longhorn/longhorn/1.1.001/values.yaml b/released/charts/longhorn/longhorn/1.1.001/values.yaml new file mode 100755 index 000000000..b1d0995d9 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/values.yaml @@ -0,0 +1,162 @@ +# Default values for longhorn. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: + cattle: + systemDefaultRegistry: "" + +image: + longhorn: + engine: + repository: rancher/mirrored-longhornio-longhorn-engine + tag: v1.1.0 + manager: + repository: rancher/mirrored-longhornio-longhorn-manager + tag: v1.1.0 + ui: + repository: rancher/mirrored-longhornio-longhorn-ui + tag: v1.1.0 + instanceManager: + repository: rancher/mirrored-longhornio-longhorn-instance-manager + tag: v1_20201216 + shareManager: + repository: rancher/mirrored-longhornio-longhorn-share-manager + tag: v1_20201204 + csi: + attacher: + repository: rancher/mirrored-longhornio-csi-attacher + tag: v2.2.1-lh1 + provisioner: + repository: rancher/mirrored-longhornio-csi-provisioner + tag: v1.6.0-lh1 + nodeDriverRegistrar: + repository: rancher/mirrored-longhornio-csi-node-driver-registrar + tag: v1.2.0-lh1 + resizer: + repository: rancher/mirrored-longhornio-csi-resizer + tag: v0.5.1-lh1 + snapshotter: + repository: rancher/mirrored-longhornio-csi-snapshotter + tag: v2.1.1-lh1 + pullPolicy: IfNotPresent + +service: + ui: + type: ClusterIP + nodePort: null + manager: + type: ClusterIP + nodePort: "" + +persistence: + defaultClass: true + defaultClassReplicaCount: 3 + reclaimPolicy: Delete + recurringJobs: + enable: false + jobList: [] + +csi: + kubeletRootDir: ~ + attacherReplicaCount: ~ + provisionerReplicaCount: ~ + resizerReplicaCount: ~ + snapshotterReplicaCount: ~ + +defaultSettings: + backupTarget: ~ + backupTargetCredentialSecret: ~ + allowRecurringJobWhileVolumeDetached: ~ + createDefaultDiskLabeledNodes: ~ + defaultDataPath: ~ + defaultDataLocality: ~ + replicaSoftAntiAffinity: ~ + storageOverProvisioningPercentage: ~ + storageMinimalAvailablePercentage: ~ + upgradeChecker: ~ + defaultReplicaCount: ~ + guaranteedEngineCPU: ~ + defaultLonghornStaticStorageClass: ~ + backupstorePollInterval: ~ + taintToleration: ~ + priorityClass: ~ + autoSalvage: ~ + autoDeletePodWhenVolumeDetachedUnexpectedly: ~ + disableSchedulingOnCordonedNode: ~ + replicaZoneSoftAntiAffinity: ~ + volumeAttachmentRecoveryPolicy: ~ + nodeDownPodDeletionPolicy: ~ + allowNodeDrainWithLastHealthyReplica: ~ + mkfsExt4Parameters: ~ + disableReplicaRebuild: ~ + replicaReplenishmentWaitInterval: ~ + disableRevisionCounter: ~ + systemManagedPodsImagePullPolicy: ~ + allowVolumeCreationWithDegradedAvailability: ~ + autoCleanupSystemGeneratedSnapshot: ~ + +privateRegistry: + registryUrl: ~ + registryUser: ~ + registryPasswd: ~ + registrySecret: ~ + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + # + +ingress: + ## Set to true to enable ingress record generation + enabled: false + + + host: xip.io + + ## Set this to true in order to enable TLS on the ingress record + ## A side effect of this will be that the backend service will be connected at port 443 + tls: false + + ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS + tlsSecret: longhorn.local-tls + + ## Ingress annotations done as key:value pairs + ## If you're using kube-lego, you will want to add: + ## kubernetes.io/tls-acme: true + ## + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md + ## + ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set + annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: true + + secrets: + ## If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using kube-lego, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + # - name: longhorn.local-tls + # key: + # certificate: + +# Configure a pod security policy in the Longhorn namespace to allow privileged pods +enablePSP: true + +## Specify override namespace, specifically this is useful for using longhorn as sub-chart +## and its release namespace is not the `longhorn-system` +namespaceOverride: "" diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/Chart.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/Chart.yaml new file mode 100755 index 000000000..03fb6469b --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/Chart.yaml @@ -0,0 +1,21 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Alerting Drivers + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: rancher-alerting-drivers +apiVersion: v2 +appVersion: 1.16.0 +dependencies: +- condition: prom2teams.enabled + name: prom2teams + repository: file://./charts/prom2teams +- condition: sachet.enabled + name: sachet + repository: file://./charts/sachet +description: The manager for third-party webhook receivers used in Prometheus Alertmanager +keywords: +- monitoring +- alertmanger +- webhook +name: rancher-alerting-drivers +version: 1.0.100 diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/app-readme.md b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/app-readme.md new file mode 100755 index 000000000..ea3f11801 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/app-readme.md @@ -0,0 +1,11 @@ +# Rancher Alerting Drivers + +This chart installs one or more [Alertmanager Webhook Receiver Integrations](https://prometheus.io/docs/operating/integrations/#alertmanager-webhook-receiver) (i.e. Drivers). + +Those Drivers can be targeted by an existing deployment of Alertmanager to send alerts to notification mechanisms that are not natively supported. + +Currently, this chart supports the following Drivers: +- Microsoft Teams, based on [prom2teams](https://github.com/idealista/prom2teams) +- SMS, based on [Sachet](https://github.com/messagebird/sachet) + +After installing rancher-alerting-drivers, please refer to the upstream documentation for each Driver for configuration options. \ No newline at end of file diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/.helmignore b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/.helmignore new file mode 100755 index 000000000..50af03172 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/Chart.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/Chart.yaml new file mode 100755 index 000000000..463385d4b --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: rancher-prom2teams +apiVersion: v1 +appVersion: 3.2.1 +description: A Helm chart for Prom2Teams based on the upstream https://github.com/idealista/prom2teams +name: prom2teams +version: 0.2.0 diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/files/teams.j2 b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/files/teams.j2 new file mode 100755 index 000000000..f1cf61d4e --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/files/teams.j2 @@ -0,0 +1,44 @@ +{%- set + theme_colors = { + 'resolved' : '2DC72D', + 'critical' : '8C1A1A', + 'severe' : '8C1A1A', + 'warning' : 'FF9A0B', + 'unknown' : 'CCCCCC' + } +-%} + +{ + "@type": "MessageCard", + "@context": "http://schema.org/extensions", + "themeColor": "{% if status=='resolved' %} {{ theme_colors.resolved }} {% else %} {{ theme_colors[msg_text.severity] }} {% endif %}", + "summary": "{% if status=='resolved' %}(Resolved) {% endif %}{{ msg_text.summary }}", + "title": "Prometheus alert {% if status=='resolved' %}(Resolved) {% elif status=='unknown' %} (status unknown) {% endif %}", + "sections": [{ + "activityTitle": "{{ msg_text.summary }}", + "facts": [{% if msg_text.name %}{ + "name": "Alert", + "value": "{{ msg_text.name }}" + },{% endif %}{% if msg_text.instance %}{ + "name": "In host", + "value": "{{ msg_text.instance }}" + },{% endif %}{% if msg_text.severity %}{ + "name": "Severity", + "value": "{{ msg_text.severity }}" + },{% endif %}{% if msg_text.description %}{ + "name": "Description", + "value": "{{ msg_text.description }}" + },{% endif %}{ + "name": "Status", + "value": "{{ msg_text.status }}" + }{% if msg_text.extra_labels %}{% for key in msg_text.extra_labels %},{ + "name": "{{ key }}", + "value": "{{ msg_text.extra_labels[key] }}" + }{% endfor %}{% endif %} + {% if msg_text.extra_annotations %}{% for key in msg_text.extra_annotations %},{ + "name": "{{ key }}", + "value": "{{ msg_text.extra_annotations[key] }}" + }{% endfor %}{% endif %}], + "markdown": true + }] +} diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/NOTES.txt b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/NOTES.txt new file mode 100755 index 000000000..a94c4132b --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/NOTES.txt @@ -0,0 +1,2 @@ +Prom2Teams has been installed. Check its status by running: + kubectl --namespace {{ .Release.Namespace }} get pods -l "app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/_helpers.tpl b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/_helpers.tpl new file mode 100755 index 000000000..ffc0fa356 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/_helpers.tpl @@ -0,0 +1,73 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "prom2teams.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "prom2teams.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "prom2teams.namespace" -}} +{{ default .Release.Namespace .Values.global.namespaceOverride }} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "prom2teams.labels" -}} +app.kubernetes.io/name: {{ include "prom2teams.name" . }} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +app.kubernetes.io/instance: {{ .Release.Name }} +release: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/configmap.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/configmap.yaml new file mode 100755 index 000000000..ccf38953e --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/configmap.yaml @@ -0,0 +1,39 @@ +{{- $valid := list "DEBUG" "INFO" "WARNING" "ERROR" "CRITICAL" -}} +{{- if not (has .Values.prom2teams.loglevel $valid) -}} +{{- fail "Invalid log level"}} +{{- end -}} +{{- if and .Values.prom2teams.connector (hasKey .Values.prom2teams.connectors "Connector") -}} +{{- fail "Invalid configuration: prom2teams.connectors can't have a connector named Connector when prom2teams.connector is set"}} +{{- end -}} +{{/* Create the configmap when the operation is helm install and the target configmap does not exist. */}} +{{- if not (lookup "v1" "ConfigMap" (include "prom2teams.namespace" . ) (include "prom2teams.fullname" .)) }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ include "prom2teams.namespace" . }} + name: {{ include "prom2teams.fullname" . }} + labels: {{ include "prom2teams.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": pre-install, pre-upgrade + "helm.sh/hook-weight": "3" + "helm.sh/resource-policy": keep +data: + config.ini: |- + [HTTP Server] + Host: {{ .Values.prom2teams.host }} + Port: {{ .Values.prom2teams.port }} + [Microsoft Teams] + {{- with .Values.prom2teams.connector }} + Connector: {{ . }} + {{- end }} + {{- range $key, $val := .Values.prom2teams.connectors }} + {{ $key }}: {{ $val }} + {{- end }} + [Group Alerts] + Field: {{ .Values.prom2teams.group_alerts_by }} + [Log] + Level: {{ .Values.prom2teams.loglevel }} + [Template] + Path: {{ .Values.prom2teams.templatepath }} + teams.j2: {{ .Files.Get "files/teams.j2" | quote }} + {{- end -}} diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/deployment.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/deployment.yaml new file mode 100755 index 000000000..c7149b9da --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/deployment.yaml @@ -0,0 +1,77 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "prom2teams.fullname" . }} + namespace: {{ include "prom2teams.namespace" . }} + labels: {{ include "prom2teams.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "prom2teams.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "prom2teams.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + serviceAccountName: {{ include "prom2teams.fullname" . }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: {{ toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: config + configMap: + name: {{ include "prom2teams.fullname" . }} + containers: + - name: {{ .Chart.Name }} + image: {{ include "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 8089 + protocol: TCP + volumeMounts: + - name: config + mountPath: /opt/prom2teams/helmconfig/ + env: + - name: APP_CONFIG_FILE + value: {{ .Values.prom2teams.config | quote }} + - name: PROM2TEAMS_PORT + value: {{ .Values.prom2teams.port | quote }} + - name: PROM2TEAMS_HOST + value: {{ .Values.prom2teams.ip | quote }} + - name: PROM2TEAMS_CONNECTOR + value: {{ .Values.prom2teams.connector | quote }} + - name: PROM2TEAMS_GROUP_ALERTS_BY + value: {{ .Values.prom2teams.group_alerts_by | quote }} + resources: {{ toYaml .Values.resources | nindent 12 }} + {{- if .Values.securityContext.enabled }} + securityContext: + privileged: false + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + {{- if .Values.nodeSelector }} + {{- toYaml .Values.nodeSelector | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + {{- if .Values.tolerations }} + {{- toYaml .Values.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsNonRoot: {{ if eq (int .Values.securityContext.runAsUser) 0 }}false{{ else }}true{{ end }} + runAsUser: {{ .Values.securityContext.runAsUser }} + runAsGroup: {{ .Values.securityContext.runAsGroup }} + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} + diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/psp.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/psp.yaml new file mode 100755 index 000000000..37f21f52a --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/psp.yaml @@ -0,0 +1,28 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "prom2teams.fullname" . }}-psp + labels: {{ include "prom2teams.labels" . | nindent 4 }} +spec: + privileged: false + allowPrivilegeEscalation: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/role.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/role.yaml new file mode 100755 index 000000000..25391d588 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/role.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "prom2teams.fullname" . }}-psp + namespace: {{ include "prom2teams.namespace" . }} + labels: {{ include "prom2teams.labels" . | nindent 4 }} +rules: + - apiGroups: + - policy + resourceNames: + - {{ include "prom2teams.fullname" . }}-psp + resources: + - podsecuritypolicies + verbs: + - use diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/rolebinding.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/rolebinding.yaml new file mode 100755 index 000000000..3ca8bc252 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "prom2teams.fullname" . }}-psp + namespace: {{ include "prom2teams.namespace" . }} + labels: {{ include "prom2teams.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "prom2teams.fullname" . }}-psp +subjects: + - kind: ServiceAccount + name: {{ include "prom2teams.fullname" . }} diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/service-account.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/service-account.yaml new file mode 100755 index 000000000..a9572c5cd --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/service-account.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "prom2teams.fullname" . }} + namespace: {{ include "prom2teams.namespace" . }} + labels: {{ include "prom2teams.labels" . | nindent 4 }} diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/service.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/service.yaml new file mode 100755 index 000000000..cc95cad35 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "prom2teams.fullname" . }} + namespace: {{ include "prom2teams.namespace" . }} + labels: +{{ include "prom2teams.labels" . | indent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: 8089 + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "prom2teams.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/values.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/values.yaml new file mode 100755 index 000000000..dcbbd8cfa --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/values.yaml @@ -0,0 +1,62 @@ +# Default values for prom2teams. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + namespaceOverride: "" + +nameOverride: "prom2teams" +fullnameOverride: "" + +replicaCount: 1 + +image: + repository: rancher/mirrored-idealista-prom2teams + tag: 3.2.1 + pullPolicy: IfNotPresent + +resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 200m + memory: 200Mi + +service: + type: ClusterIP + port: 8089 + +prom2teams: + host: 0.0.0.0 + port: 8089 + connector: the-connector-url + connectors: {} + # group_alerts_by can be one of + # ("name" | "description" | "instance" | "severity" | "status" | "summary" | "fingerprint" | "runbook_url") + group_alerts_by: + # loglevel can be one of (DEBUG | INFO | WARNING | ERROR | CRITICAL) + loglevel: INFO + templatepath: /opt/prom2teams/helmconfig/teams.j2 + config: /opt/prom2teams/helmconfig/config.ini + +# Security Context properties +securityContext: + # enabled is a flag to enable Security Context + enabled: true + # runAsUser is the user ID used to run the container + runAsUser: 65534 + # runAsGroup is the primary group ID used to run all processes within any container of the pod + runAsGroup: 65534 + # fsGroup is the group ID associated with the container + fsGroup: 65534 + # readOnlyRootFilesystem is a flag to enable readOnlyRootFilesystem for the Hazelcast security context + readOnlyRootFilesystem: true + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/.helmignore b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/Chart.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/Chart.yaml new file mode 100755 index 000000000..493bd9d9e --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/Chart.yaml @@ -0,0 +1,11 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: rancher-sachet +apiVersion: v2 +appVersion: 0.2.3 +description: A Helm chart for Sachet based on the upstream https://github.com/messagebird/sachet +name: sachet +type: application +version: 1.0.1 diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/files/template.tmpl b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/files/template.tmpl new file mode 100755 index 000000000..08f24e138 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/files/template.tmpl @@ -0,0 +1 @@ +# reference: https://github.com/messagebird/sachet/blob/master/examples/telegram.tmpl diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/NOTES.txt b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/NOTES.txt new file mode 100755 index 000000000..247a91fc1 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/NOTES.txt @@ -0,0 +1,3 @@ +rancher-sachet is now installed on the cluster! +Please refer to the upstream documentation for configuration options: +https://github.com/messagebird/sachet diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/_helpers.tpl b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/_helpers.tpl new file mode 100755 index 000000000..eaa61fee5 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/_helpers.tpl @@ -0,0 +1,79 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "sachet.namespace" -}} +{{ default .Release.Namespace .Values.global.namespaceOverride }} +{{- end }} + +{{/* +Expand the name of the chart. +*/}} +{{- define "sachet.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "sachet.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "sachet.labels" -}} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{ include "sachet.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "sachet.selectorLabels" -}} +app.kubernetes.io/name: {{ include "sachet.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + + diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/configmap-pre-install.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/configmap-pre-install.yaml new file mode 100755 index 000000000..8472914a9 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/configmap-pre-install.yaml @@ -0,0 +1,21 @@ +{{/*This file is applied when the operation is helm install and the target confimap does not exist. */}} +{{- if not (lookup "v1" "ConfigMap" (include "sachet.namespace" . ) (include "sachet.fullname" .)) }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ include "sachet.namespace" . }} + name: {{ include "sachet.fullname" . }} + labels: {{ include "sachet.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": pre-install, pre-upgrade + "helm.sh/hook-weight": "3" + "helm.sh/resource-policy": keep +data: + config.yaml: |- + {{- with .Values.sachet.providers }} + providers: {{ toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.sachet.receivers }} + receivers: {{ toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/deployment.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/deployment.yaml new file mode 100755 index 000000000..17215eebd --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/deployment.yaml @@ -0,0 +1,75 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "sachet.fullname" . }} + namespace: {{ include "sachet.namespace" . }} + labels: {{ include "sachet.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: {{ include "sachet.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: {{ toYaml . | nindent 8 }} + {{- end }} + labels: {{ include "sachet.selectorLabels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + {{- if .Values.nodeSelector }} + {{- toYaml .Values.nodeSelector | nindent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + {{- if .Values.tolerations }} + {{- toYaml .Values.tolerations | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: {{ toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "sachet.fullname" . }} + {{- with .Values.podSecurityContext }} + securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + securityContext: {{ toYaml .Values.securityContext | nindent 12 }} + image: {{ include "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 9876 + protocol: TCP + livenessProbe: + httpGet: + path: /-/live + port: http + readinessProbe: + httpGet: + path: /-/ready + port: http + volumeMounts: + - mountPath: /etc/sachet/ + name: config-volume + {{- with .Values.resources }} + resources: {{ toYaml .Values.resources | nindent 12 }} + {{- end }} + - name: config-reloader + securityContext: {{ toYaml .Values.securityContext | nindent 12 }} + image: {{ include "system_default_registry" . }}{{ .Values.configReloader.repository }}:{{ .Values.configReloader.tag }} + imagePullPolicy: {{ .Values.configReloader.pullPolicy }} + args: + - -volume-dir=/watch-config + - -webhook-method=POST + - -webhook-status-code=200 + - -webhook-url=http://127.0.0.1:{{ .Values.service.port }}/-/reload + volumeMounts: + - mountPath: /watch-config + name: config-volume + volumes: + - name: config-volume + configMap: + name: {{ include "sachet.fullname" . }} + defaultMode: 0777 diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/psp.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/psp.yaml new file mode 100755 index 000000000..1cc5b0895 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/psp.yaml @@ -0,0 +1,28 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "sachet.fullname" . }}-psp + labels: {{ include "sachet.labels" . | nindent 4 }} +spec: + privileged: false + allowPrivilegeEscalation: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/role.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/role.yaml new file mode 100755 index 000000000..05d4410e3 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/role.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "sachet.fullname" . }}-psp + namespace: {{ include "sachet.namespace" . }} + labels: {{ include "sachet.labels" . | nindent 4 }} +rules: + - apiGroups: + - policy + resourceNames: + - {{ include "sachet.fullname" . }}-psp + resources: + - podsecuritypolicies + verbs: + - use diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/rolebinding.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/rolebinding.yaml new file mode 100755 index 000000000..174f0d9e8 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "sachet.fullname" . }}-psp + namespace: {{ include "sachet.namespace" . }} + labels: {{ include "sachet.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "sachet.fullname" . }}-psp +subjects: + - kind: ServiceAccount + name: {{ include "sachet.fullname" . }} diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/service-account.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/service-account.yaml new file mode 100755 index 000000000..8833f1b3b --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/service-account.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "sachet.fullname" . }} + namespace: {{ include "sachet.namespace" . }} + labels: {{ include "sachet.labels" . | nindent 4 }} diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/service.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/service.yaml new file mode 100755 index 000000000..216e8322c --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "sachet.fullname" . }} + namespace: {{ include "sachet.namespace" . }} + labels: {{ include "sachet.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + {{- if contains "NodePort" .Values.service.type }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + selector: {{ include "sachet.selectorLabels" . | nindent 4 }} diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/values.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/values.yaml new file mode 100755 index 000000000..b00cf0b18 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/values.yaml @@ -0,0 +1,63 @@ +# Default values for sachet. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + namespaceOverride: "" + +nameOverride: "sachet" +fullnameOverride: "" + +configReloader: + repository: rancher/mirrored-jimmidyson-configmap-reload + pullPolicy: IfNotPresent + tag: v0.4.0 + +sachet: + # reference: https://github.com/messagebird/sachet/blob/master/examples/config.yaml + providers: {} + + receivers: [] + +replicaCount: 1 + +image: + repository: rancher/mirrored-messagebird-sachet + pullPolicy: IfNotPresent + tag: 0.2.3 + +imagePullSecrets: [] + +podAnnotations: {} + +podSecurityContext: + +securityContext: + runAsUser: 1000 + runAsNonRoot: true + runAsGroup: 1000 + +service: + type: ClusterIP + port: 9876 + nodePort: 30001 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/questions.yml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/questions.yml new file mode 100755 index 000000000..741808c23 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/questions.yml @@ -0,0 +1,14 @@ +categories: + - monitoring +namespace: cattle-monitoring-system +questions: + - variable: prom2teams.enabled + default: false + label: Enable Microsoft Teams + type: boolean + group: "General" + - variable: sachet.enabled + default: false + label: Enable SMS + type: boolean + group: "General" diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/templates/NOTES.txt b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/templates/NOTES.txt new file mode 100755 index 000000000..59c1415e0 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/templates/NOTES.txt @@ -0,0 +1,2 @@ +rancher-alerting-drivers is now installed on the cluster! +Please refer to the upstream documentation for each Driver for configuration options. \ No newline at end of file diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/templates/_helpers.tpl b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/templates/_helpers.tpl new file mode 100755 index 000000000..e57f6ff74 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/templates/_helpers.tpl @@ -0,0 +1,91 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "drivers.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "drivers.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "drivers.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "drivers.labels" -}} +helm.sh/chart: {{ include "drivers.chart" . }} +{{ include "drivers.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "drivers.selectorLabels" -}} +app.kubernetes.io/name: {{ include "drivers.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "drivers.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "drivers.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +https://github.com/helm/helm/issues/4535#issuecomment-477778391 +Usage: {{ include "call-nested" (list . "SUBCHART_NAME" "TEMPLATE") }} +e.g. {{ include "call-nested" (list . "grafana" "grafana.fullname") }} +*/}} +{{- define "call-nested" }} +{{- $dot := index . 0 }} +{{- $subchart := index . 1 | splitList "." }} +{{- $template := index . 2 }} +{{- $values := $dot.Values }} +{{- range $subchart }} +{{- $values = index $values . }} +{{- end }} +{{- include $template (dict "Chart" (dict "Name" (last $subchart)) "Values" $values "Release" $dot.Release "Capabilities" $dot.Capabilities) }} +{{- end }} + + +{{/* +Get the list of configMaps to be managed +*/}} +{{- define "drivers.configmapList" -}} +{{- if .Values.sachet.enabled -}} +- {{ include "call-nested" (list . "sachet" "sachet.fullname") }} +{{- end }} +{{- if .Values.prom2teams.enabled -}} +- {{ include "call-nested" (list . "prom2teams" "prom2teams.fullname") }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/templates/cluster-role.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/templates/cluster-role.yaml new file mode 100755 index 000000000..e3022a7ca --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/templates/cluster-role.yaml @@ -0,0 +1,50 @@ +{{- if and (not .Values.sachet.enabled) (not .Values.prom2teams.enabled) -}} +{{- fail "At least one Driver must be enabled to install the chart. " }} +{{- end -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "drivers.fullname" . }}-admin + labels: {{ include "drivers.labels" . | nindent 4 }} + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - "" + resources: + - configmaps + resourceNames: {{ include "drivers.configmapList" . | nindent 6 }} + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "drivers.fullname" . }}-edit + labels: {{ include "drivers.labels" . | nindent 4 }} + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: + - "" + resources: + - configmaps + resourceNames: {{ include "drivers.configmapList" . | nindent 6 }} + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "drivers.fullname" . }}-view + labels: {{ include "drivers.labels" . | nindent 4 }} + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: + - apiGroups: + - "" + resources: + - configmaps + resourceNames: {{ include "drivers.configmapList" . | nindent 6 }} + verbs: + - 'get' + - 'list' + - 'watch' diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/values.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/values.yaml new file mode 100755 index 000000000..ff9ab90e0 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/values.yaml @@ -0,0 +1,17 @@ +# Default values for rancher-alerting-driver. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + # the registry where all images will be pulled from + systemDefaultRegistry: "" + # set this value if you want the sub-charts to be installed into + # a namespace rather than where this chart is installed + namespaceOverride: "" + +prom2teams: + enabled: false + +sachet: + enabled: false diff --git a/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/Chart.yaml b/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/Chart.yaml new file mode 100755 index 000000000..dd3f43a33 --- /dev/null +++ b/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/Chart.yaml @@ -0,0 +1,11 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-resources-system + catalog.cattle.io/release-name: rancher-backup-crd +apiVersion: v2 +appVersion: 1.0.4 +description: Installs the CRDs for rancher-backup. +name: rancher-backup-crd +type: application +version: 1.0.400 diff --git a/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/README.md b/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/README.md new file mode 100755 index 000000000..046410962 --- /dev/null +++ b/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/README.md @@ -0,0 +1,3 @@ +# Rancher Backup CRD + +A Rancher chart that installs the CRDs used by `rancher-backup`. diff --git a/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/templates/backup.yaml b/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/templates/backup.yaml new file mode 100755 index 000000000..a4b9471c0 --- /dev/null +++ b/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/templates/backup.yaml @@ -0,0 +1,119 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: backups.resources.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.storageLocation + name: Location + type: string + - JSONPath: .status.backupType + name: Type + type: string + - JSONPath: .status.filename + name: Latest-Backup + type: string + - JSONPath: .spec.resourceSetName + name: ResourceSet + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + group: resources.cattle.io + names: + kind: Backup + plural: backups + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + encryptionConfigSecretName: + description: Name of the Secret containing the encryption config + type: string + resourceSetName: + description: Name of the ResourceSet CR to use for backup + type: string + retentionCount: + minimum: 1 + type: integer + schedule: + description: Cron schedule for recurring backups + example: + Descriptors: '@midnight' + Standard crontab specs: 0 0 * * * + type: string + storageLocation: + nullable: true + properties: + s3: + nullable: true + properties: + bucketName: + type: string + credentialSecretName: + type: string + credentialSecretNamespace: + type: string + endpoint: + type: string + endpointCA: + type: string + folder: + type: string + insecureTLSSkipVerify: + type: boolean + region: + type: string + type: object + type: object + required: + - resourceSetName + type: object + status: + properties: + backupType: + type: string + conditions: + items: + properties: + lastTransitionTime: + type: string + lastUpdateTime: + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + nullable: true + type: array + filename: + type: string + lastSnapshotTs: + type: string + nextSnapshotAt: + type: string + observedGeneration: + type: integer + storageLocation: + type: string + summary: + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/templates/resourceset.yaml b/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/templates/resourceset.yaml new file mode 100755 index 000000000..665ef786d --- /dev/null +++ b/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/templates/resourceset.yaml @@ -0,0 +1,94 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: resourcesets.resources.cattle.io +spec: + group: resources.cattle.io + names: + kind: ResourceSet + plural: resourcesets + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + controllerReferences: + items: + properties: + apiVersion: + type: string + name: + type: string + namespace: + type: string + replicas: + type: integer + resource: + type: string + type: object + nullable: true + type: array + resourceSelectors: + items: + properties: + apiVersion: + type: string + kinds: + items: + type: string + nullable: true + type: array + kindsRegexp: + type: string + labelSelectors: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + type: string + nullable: true + type: object + type: object + namespaceRegexp: + type: string + namespaces: + items: + type: string + nullable: true + type: array + resourceNameRegexp: + type: string + resourceNames: + items: + type: string + nullable: true + type: array + type: object + nullable: true + required: + - apiVersion + type: array + required: + - resourceSelectors + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/templates/restore.yaml b/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/templates/restore.yaml new file mode 100755 index 000000000..1ad7d1721 --- /dev/null +++ b/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/templates/restore.yaml @@ -0,0 +1,102 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: restores.resources.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.backupSource + name: Backup-Source + type: string + - JSONPath: .spec.backupFilename + name: Backup-File + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + group: resources.cattle.io + names: + kind: Restore + plural: restores + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + backupFilename: + type: string + deleteTimeoutSeconds: + maximum: 10 + type: integer + encryptionConfigSecretName: + type: string + prune: + nullable: true + type: boolean + storageLocation: + nullable: true + properties: + s3: + nullable: true + properties: + bucketName: + type: string + credentialSecretName: + type: string + credentialSecretNamespace: + type: string + endpoint: + type: string + endpointCA: + type: string + folder: + type: string + insecureTLSSkipVerify: + type: boolean + region: + type: string + type: object + type: object + required: + - backupFilename + type: object + status: + properties: + backupSource: + type: string + conditions: + items: + properties: + lastTransitionTime: + type: string + lastUpdateTime: + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + nullable: true + type: array + observedGeneration: + type: integer + restoreCompletionTs: + type: string + summary: + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.200/Chart.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.200/Chart.yaml new file mode 100644 index 000000000..b09f805f1 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.200/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-resources-system + catalog.cattle.io/release-name: rancher-backup-crd +apiVersion: v1 +description: Installs the CRDs for rancher-backup. +name: rancher-backup-crd +type: application +version: 1.0.200 diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.200/README.md b/released/charts/rancher-backup/rancher-backup-crd/1.0.200/README.md new file mode 100644 index 000000000..f7efdcc7f --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.200/README.md @@ -0,0 +1,2 @@ +# rancher-backup-crd +A Rancher chart that installs the CRDs used by [rancher-backup](https://github.com/rancher/dev-charts/tree/master/packages/rancher-backup). diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.200/templates/backup.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.200/templates/backup.yaml new file mode 100644 index 000000000..a4b9471c0 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.200/templates/backup.yaml @@ -0,0 +1,119 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: backups.resources.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.storageLocation + name: Location + type: string + - JSONPath: .status.backupType + name: Type + type: string + - JSONPath: .status.filename + name: Latest-Backup + type: string + - JSONPath: .spec.resourceSetName + name: ResourceSet + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + group: resources.cattle.io + names: + kind: Backup + plural: backups + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + encryptionConfigSecretName: + description: Name of the Secret containing the encryption config + type: string + resourceSetName: + description: Name of the ResourceSet CR to use for backup + type: string + retentionCount: + minimum: 1 + type: integer + schedule: + description: Cron schedule for recurring backups + example: + Descriptors: '@midnight' + Standard crontab specs: 0 0 * * * + type: string + storageLocation: + nullable: true + properties: + s3: + nullable: true + properties: + bucketName: + type: string + credentialSecretName: + type: string + credentialSecretNamespace: + type: string + endpoint: + type: string + endpointCA: + type: string + folder: + type: string + insecureTLSSkipVerify: + type: boolean + region: + type: string + type: object + type: object + required: + - resourceSetName + type: object + status: + properties: + backupType: + type: string + conditions: + items: + properties: + lastTransitionTime: + type: string + lastUpdateTime: + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + nullable: true + type: array + filename: + type: string + lastSnapshotTs: + type: string + nextSnapshotAt: + type: string + observedGeneration: + type: integer + storageLocation: + type: string + summary: + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.200/templates/resourceset.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.200/templates/resourceset.yaml new file mode 100644 index 000000000..665ef786d --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.200/templates/resourceset.yaml @@ -0,0 +1,94 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: resourcesets.resources.cattle.io +spec: + group: resources.cattle.io + names: + kind: ResourceSet + plural: resourcesets + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + controllerReferences: + items: + properties: + apiVersion: + type: string + name: + type: string + namespace: + type: string + replicas: + type: integer + resource: + type: string + type: object + nullable: true + type: array + resourceSelectors: + items: + properties: + apiVersion: + type: string + kinds: + items: + type: string + nullable: true + type: array + kindsRegexp: + type: string + labelSelectors: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + type: string + nullable: true + type: object + type: object + namespaceRegexp: + type: string + namespaces: + items: + type: string + nullable: true + type: array + resourceNameRegexp: + type: string + resourceNames: + items: + type: string + nullable: true + type: array + type: object + nullable: true + required: + - apiVersion + type: array + required: + - resourceSelectors + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.200/templates/restore.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.200/templates/restore.yaml new file mode 100644 index 000000000..1ad7d1721 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.200/templates/restore.yaml @@ -0,0 +1,102 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: restores.resources.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.backupSource + name: Backup-Source + type: string + - JSONPath: .spec.backupFilename + name: Backup-File + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + group: resources.cattle.io + names: + kind: Restore + plural: restores + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + backupFilename: + type: string + deleteTimeoutSeconds: + maximum: 10 + type: integer + encryptionConfigSecretName: + type: string + prune: + nullable: true + type: boolean + storageLocation: + nullable: true + properties: + s3: + nullable: true + properties: + bucketName: + type: string + credentialSecretName: + type: string + credentialSecretNamespace: + type: string + endpoint: + type: string + endpointCA: + type: string + folder: + type: string + insecureTLSSkipVerify: + type: boolean + region: + type: string + type: object + type: object + required: + - backupFilename + type: object + status: + properties: + backupSource: + type: string + conditions: + items: + properties: + lastTransitionTime: + type: string + lastUpdateTime: + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + nullable: true + type: array + observedGeneration: + type: integer + restoreCompletionTs: + type: string + summary: + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.201/Chart.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.201/Chart.yaml new file mode 100644 index 000000000..ebb25151d --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.201/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-resources-system + catalog.cattle.io/release-name: rancher-backup-crd +apiVersion: v1 +description: Installs the CRDs for rancher-backup. +name: rancher-backup-crd +type: application +version: 1.0.201 diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.201/README.md b/released/charts/rancher-backup/rancher-backup-crd/1.0.201/README.md new file mode 100644 index 000000000..b8bbba6fd --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.201/README.md @@ -0,0 +1,2 @@ +# rancher-backup-crd +A Rancher chart that installs the CRDs used by rancher-backup. diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.201/templates/backup.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.201/templates/backup.yaml new file mode 100644 index 000000000..a4b9471c0 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.201/templates/backup.yaml @@ -0,0 +1,119 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: backups.resources.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.storageLocation + name: Location + type: string + - JSONPath: .status.backupType + name: Type + type: string + - JSONPath: .status.filename + name: Latest-Backup + type: string + - JSONPath: .spec.resourceSetName + name: ResourceSet + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + group: resources.cattle.io + names: + kind: Backup + plural: backups + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + encryptionConfigSecretName: + description: Name of the Secret containing the encryption config + type: string + resourceSetName: + description: Name of the ResourceSet CR to use for backup + type: string + retentionCount: + minimum: 1 + type: integer + schedule: + description: Cron schedule for recurring backups + example: + Descriptors: '@midnight' + Standard crontab specs: 0 0 * * * + type: string + storageLocation: + nullable: true + properties: + s3: + nullable: true + properties: + bucketName: + type: string + credentialSecretName: + type: string + credentialSecretNamespace: + type: string + endpoint: + type: string + endpointCA: + type: string + folder: + type: string + insecureTLSSkipVerify: + type: boolean + region: + type: string + type: object + type: object + required: + - resourceSetName + type: object + status: + properties: + backupType: + type: string + conditions: + items: + properties: + lastTransitionTime: + type: string + lastUpdateTime: + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + nullable: true + type: array + filename: + type: string + lastSnapshotTs: + type: string + nextSnapshotAt: + type: string + observedGeneration: + type: integer + storageLocation: + type: string + summary: + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.201/templates/resourceset.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.201/templates/resourceset.yaml new file mode 100644 index 000000000..665ef786d --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.201/templates/resourceset.yaml @@ -0,0 +1,94 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: resourcesets.resources.cattle.io +spec: + group: resources.cattle.io + names: + kind: ResourceSet + plural: resourcesets + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + controllerReferences: + items: + properties: + apiVersion: + type: string + name: + type: string + namespace: + type: string + replicas: + type: integer + resource: + type: string + type: object + nullable: true + type: array + resourceSelectors: + items: + properties: + apiVersion: + type: string + kinds: + items: + type: string + nullable: true + type: array + kindsRegexp: + type: string + labelSelectors: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + type: string + nullable: true + type: object + type: object + namespaceRegexp: + type: string + namespaces: + items: + type: string + nullable: true + type: array + resourceNameRegexp: + type: string + resourceNames: + items: + type: string + nullable: true + type: array + type: object + nullable: true + required: + - apiVersion + type: array + required: + - resourceSelectors + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.201/templates/restore.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.201/templates/restore.yaml new file mode 100644 index 000000000..1ad7d1721 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.201/templates/restore.yaml @@ -0,0 +1,102 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: restores.resources.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.backupSource + name: Backup-Source + type: string + - JSONPath: .spec.backupFilename + name: Backup-File + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + group: resources.cattle.io + names: + kind: Restore + plural: restores + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + backupFilename: + type: string + deleteTimeoutSeconds: + maximum: 10 + type: integer + encryptionConfigSecretName: + type: string + prune: + nullable: true + type: boolean + storageLocation: + nullable: true + properties: + s3: + nullable: true + properties: + bucketName: + type: string + credentialSecretName: + type: string + credentialSecretNamespace: + type: string + endpoint: + type: string + endpointCA: + type: string + folder: + type: string + insecureTLSSkipVerify: + type: boolean + region: + type: string + type: object + type: object + required: + - backupFilename + type: object + status: + properties: + backupSource: + type: string + conditions: + items: + properties: + lastTransitionTime: + type: string + lastUpdateTime: + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + nullable: true + type: array + observedGeneration: + type: integer + restoreCompletionTs: + type: string + summary: + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.300/Chart.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.300/Chart.yaml new file mode 100644 index 000000000..909e94ff1 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.300/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-resources-system + catalog.cattle.io/release-name: rancher-backup-crd +apiVersion: v1 +description: Installs the CRDs for rancher-backup. +name: rancher-backup-crd +type: application +version: 1.0.300 diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.300/README.md b/released/charts/rancher-backup/rancher-backup-crd/1.0.300/README.md new file mode 100644 index 000000000..b8bbba6fd --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.300/README.md @@ -0,0 +1,2 @@ +# rancher-backup-crd +A Rancher chart that installs the CRDs used by rancher-backup. diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.300/templates/backup.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.300/templates/backup.yaml new file mode 100644 index 000000000..a4b9471c0 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.300/templates/backup.yaml @@ -0,0 +1,119 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: backups.resources.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.storageLocation + name: Location + type: string + - JSONPath: .status.backupType + name: Type + type: string + - JSONPath: .status.filename + name: Latest-Backup + type: string + - JSONPath: .spec.resourceSetName + name: ResourceSet + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + group: resources.cattle.io + names: + kind: Backup + plural: backups + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + encryptionConfigSecretName: + description: Name of the Secret containing the encryption config + type: string + resourceSetName: + description: Name of the ResourceSet CR to use for backup + type: string + retentionCount: + minimum: 1 + type: integer + schedule: + description: Cron schedule for recurring backups + example: + Descriptors: '@midnight' + Standard crontab specs: 0 0 * * * + type: string + storageLocation: + nullable: true + properties: + s3: + nullable: true + properties: + bucketName: + type: string + credentialSecretName: + type: string + credentialSecretNamespace: + type: string + endpoint: + type: string + endpointCA: + type: string + folder: + type: string + insecureTLSSkipVerify: + type: boolean + region: + type: string + type: object + type: object + required: + - resourceSetName + type: object + status: + properties: + backupType: + type: string + conditions: + items: + properties: + lastTransitionTime: + type: string + lastUpdateTime: + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + nullable: true + type: array + filename: + type: string + lastSnapshotTs: + type: string + nextSnapshotAt: + type: string + observedGeneration: + type: integer + storageLocation: + type: string + summary: + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.300/templates/resourceset.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.300/templates/resourceset.yaml new file mode 100644 index 000000000..665ef786d --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.300/templates/resourceset.yaml @@ -0,0 +1,94 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: resourcesets.resources.cattle.io +spec: + group: resources.cattle.io + names: + kind: ResourceSet + plural: resourcesets + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + controllerReferences: + items: + properties: + apiVersion: + type: string + name: + type: string + namespace: + type: string + replicas: + type: integer + resource: + type: string + type: object + nullable: true + type: array + resourceSelectors: + items: + properties: + apiVersion: + type: string + kinds: + items: + type: string + nullable: true + type: array + kindsRegexp: + type: string + labelSelectors: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + type: string + nullable: true + type: object + type: object + namespaceRegexp: + type: string + namespaces: + items: + type: string + nullable: true + type: array + resourceNameRegexp: + type: string + resourceNames: + items: + type: string + nullable: true + type: array + type: object + nullable: true + required: + - apiVersion + type: array + required: + - resourceSelectors + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.300/templates/restore.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.300/templates/restore.yaml new file mode 100644 index 000000000..1ad7d1721 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.300/templates/restore.yaml @@ -0,0 +1,102 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: restores.resources.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.backupSource + name: Backup-Source + type: string + - JSONPath: .spec.backupFilename + name: Backup-File + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + group: resources.cattle.io + names: + kind: Restore + plural: restores + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + backupFilename: + type: string + deleteTimeoutSeconds: + maximum: 10 + type: integer + encryptionConfigSecretName: + type: string + prune: + nullable: true + type: boolean + storageLocation: + nullable: true + properties: + s3: + nullable: true + properties: + bucketName: + type: string + credentialSecretName: + type: string + credentialSecretNamespace: + type: string + endpoint: + type: string + endpointCA: + type: string + folder: + type: string + insecureTLSSkipVerify: + type: boolean + region: + type: string + type: object + type: object + required: + - backupFilename + type: object + status: + properties: + backupSource: + type: string + conditions: + items: + properties: + lastTransitionTime: + type: string + lastUpdateTime: + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + nullable: true + type: array + observedGeneration: + type: integer + restoreCompletionTs: + type: string + summary: + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.301/Chart.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.301/Chart.yaml new file mode 100755 index 000000000..a05487e1f --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.301/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-resources-system + catalog.cattle.io/release-name: rancher-backup-crd +apiVersion: v1 +description: Installs the CRDs for rancher-backup. +name: rancher-backup-crd +type: application +version: 1.0.301 diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.301/README.md b/released/charts/rancher-backup/rancher-backup-crd/1.0.301/README.md new file mode 100755 index 000000000..b8bbba6fd --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.301/README.md @@ -0,0 +1,2 @@ +# rancher-backup-crd +A Rancher chart that installs the CRDs used by rancher-backup. diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.301/templates/backup.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.301/templates/backup.yaml new file mode 100755 index 000000000..a4b9471c0 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.301/templates/backup.yaml @@ -0,0 +1,119 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: backups.resources.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.storageLocation + name: Location + type: string + - JSONPath: .status.backupType + name: Type + type: string + - JSONPath: .status.filename + name: Latest-Backup + type: string + - JSONPath: .spec.resourceSetName + name: ResourceSet + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + group: resources.cattle.io + names: + kind: Backup + plural: backups + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + encryptionConfigSecretName: + description: Name of the Secret containing the encryption config + type: string + resourceSetName: + description: Name of the ResourceSet CR to use for backup + type: string + retentionCount: + minimum: 1 + type: integer + schedule: + description: Cron schedule for recurring backups + example: + Descriptors: '@midnight' + Standard crontab specs: 0 0 * * * + type: string + storageLocation: + nullable: true + properties: + s3: + nullable: true + properties: + bucketName: + type: string + credentialSecretName: + type: string + credentialSecretNamespace: + type: string + endpoint: + type: string + endpointCA: + type: string + folder: + type: string + insecureTLSSkipVerify: + type: boolean + region: + type: string + type: object + type: object + required: + - resourceSetName + type: object + status: + properties: + backupType: + type: string + conditions: + items: + properties: + lastTransitionTime: + type: string + lastUpdateTime: + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + nullable: true + type: array + filename: + type: string + lastSnapshotTs: + type: string + nextSnapshotAt: + type: string + observedGeneration: + type: integer + storageLocation: + type: string + summary: + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.301/templates/resourceset.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.301/templates/resourceset.yaml new file mode 100755 index 000000000..665ef786d --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.301/templates/resourceset.yaml @@ -0,0 +1,94 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: resourcesets.resources.cattle.io +spec: + group: resources.cattle.io + names: + kind: ResourceSet + plural: resourcesets + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + controllerReferences: + items: + properties: + apiVersion: + type: string + name: + type: string + namespace: + type: string + replicas: + type: integer + resource: + type: string + type: object + nullable: true + type: array + resourceSelectors: + items: + properties: + apiVersion: + type: string + kinds: + items: + type: string + nullable: true + type: array + kindsRegexp: + type: string + labelSelectors: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + type: string + nullable: true + type: object + type: object + namespaceRegexp: + type: string + namespaces: + items: + type: string + nullable: true + type: array + resourceNameRegexp: + type: string + resourceNames: + items: + type: string + nullable: true + type: array + type: object + nullable: true + required: + - apiVersion + type: array + required: + - resourceSelectors + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.301/templates/restore.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.301/templates/restore.yaml new file mode 100755 index 000000000..1ad7d1721 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.301/templates/restore.yaml @@ -0,0 +1,102 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: restores.resources.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.backupSource + name: Backup-Source + type: string + - JSONPath: .spec.backupFilename + name: Backup-File + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + group: resources.cattle.io + names: + kind: Restore + plural: restores + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + backupFilename: + type: string + deleteTimeoutSeconds: + maximum: 10 + type: integer + encryptionConfigSecretName: + type: string + prune: + nullable: true + type: boolean + storageLocation: + nullable: true + properties: + s3: + nullable: true + properties: + bucketName: + type: string + credentialSecretName: + type: string + credentialSecretNamespace: + type: string + endpoint: + type: string + endpointCA: + type: string + folder: + type: string + insecureTLSSkipVerify: + type: boolean + region: + type: string + type: object + type: object + required: + - backupFilename + type: object + status: + properties: + backupSource: + type: string + conditions: + items: + properties: + lastTransitionTime: + type: string + lastUpdateTime: + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + nullable: true + type: array + observedGeneration: + type: integer + restoreCompletionTs: + type: string + summary: + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup/rancher-backup/1.0.200/Chart.yaml b/released/charts/rancher-backup/rancher-backup/1.0.200/Chart.yaml new file mode 100644 index 000000000..714ad0b16 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.200/Chart.yaml @@ -0,0 +1,19 @@ +annotations: + catalog.cattle.io/auto-install: rancher-backup-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/namespace: cattle-resources-system + catalog.cattle.io/provides-gvr: resources.cattle.io.resourceset/v1 + catalog.cattle.io/release-name: rancher-backup + catalog.cattle.io/scope: management + catalog.cattle.io/ui-component: rancher-backup + catalog.cattle.io/os: linux +apiVersion: v1 +appVersion: v1.0.2 +description: Provides ability to back up and restore the Rancher application running + on any Kubernetes cluster +icon: https://charts.rancher.io/assets/logos/backup-restore.svg +keywords: +- applications +- infrastructure +name: rancher-backup +version: 1.0.200 diff --git a/released/charts/rancher-backup/rancher-backup/1.0.200/README.md b/released/charts/rancher-backup/rancher-backup/1.0.200/README.md new file mode 100644 index 000000000..feb526977 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.200/README.md @@ -0,0 +1,69 @@ +# Rancher Backup + +This chart provides ability to back up and restore the Rancher application running on any Kubernetes cluster. + +Refer [this](https://github.com/rancher/backup-restore-operator) repository for implementation details. + +----- + +### Get Repo Info +``` +helm repo add rancher-chart https://charts.rancher.io +helm repo update +``` + +----- + +### Install Chart +``` +helm install rancher-backup-crd rancher-chart/rancher-backup-crd -n cattle-resources-system --create-namespace +helm install rancher-backup rancher-chart/rancher-backup -n cattle-resources-system +``` + +----- + +### Configuration +The following table lists the configurable parameters of the rancher-backup chart and their default values: + +| Parameter | Description | Default | +|----------|---------------|-------| +| image.repository | Container image repository | rancher/backup-restore-operator | +| image.tag | Container image tag | v0.1.0-rc1 | +| s3.enabled | Configure S3 compatible default storage location. Current version supports S3 and MinIO | false | +| s3.credentialSecretName | Name of the Secret containing S3 credentials. This is an optional field. Skip this field in order to use IAM Role authentication. The Secret must contain following two keys, `accessKey` and `secretKey` | "" | +| s3.credentialSecretNamespace | Namespace of the Secret containing S3 credentials | "" | +| s3.region | Region of the S3 Bucket (Required for S3, not valid for MinIO) | "" | +| s3.bucketName | Name of the Bucket | "" | +| s3.folder | Base folder within the Bucket (optional) | "" | +| s3.endpoint | Endpoint for the S3 storage provider | "" | +| s3.endpointCA | Base64 encoded CA cert for the S3 storage provider (optional) | "" | +| s3.insecureTLSSkipVerify | Skip SSL verification | false | +| persistence.enabled | Configure a Persistent Volume as the default storage location. It accepts either a StorageClass name to create a PVC, or directly accepts the PV to use. The Persistent Volume is mounted at `/var/lib/backups` in the operator pod | false | +| persistence.storageClass | StorageClass to use for dynamically provisioning the Persistent Volume, which will be used for storing backups | "" | +| persistence.volumeName | Persistent Volume to use for storing backups | "" | +| persistence.size | Requested size of the Persistent Volume (Applicable when using dynamic provisioning) | "" | +| nodeSelector | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | {} | +| tolerations | https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration | [] | +| affinity | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | {} | + +----- + +### CRDs + +Refer [this](https://github.com/rancher/backup-restore-operator#crds) section for information on CRDs that this chart installs. Also refer [this](https://github.com/rancher/backup-restore-operator/tree/master/examples) folder containing sample manifests for the CRDs. + +----- +### Upgrading Chart +``` +helm upgrade rancher-backup-crd -n cattle-resources-system +helm upgrade rancher-backup -n cattle-resources-system +``` + +----- +### Uninstall Chart + +``` +helm uninstall rancher-backup -n cattle-resources-system +helm uninstall rancher-backup-crd -n cattle-resources-system +``` + diff --git a/released/charts/rancher-backup/rancher-backup/1.0.200/templates/_helpers.tpl b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/_helpers.tpl new file mode 100644 index 000000000..411cfc63a --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/_helpers.tpl @@ -0,0 +1,76 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "backupRestore.fullname" -}} +{{- .Chart.Name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "backupRestore.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "backupRestore.labels" -}} +helm.sh/chart: {{ include "backupRestore.chart" . }} +{{ include "backupRestore.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "backupRestore.selectorLabels" -}} +app.kubernetes.io/name: {{ include "backupRestore.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +resources.cattle.io/operator: backup-restore +{{- end }} + + +{{/* +Create the name of the service account to use +*/}} +{{- define "backupRestore.serviceAccountName" -}} +{{ include "backupRestore.fullname" . }} +{{- end }} + + +{{- define "backupRestore.s3SecretName" -}} +{{- printf "%s-%s" .Chart.Name "s3" | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create PVC name using release and revision number. +*/}} +{{- define "backupRestore.pvcName" -}} +{{- printf "%s-%d" .Release.Name .Release.Revision }} +{{- end }} + diff --git a/released/charts/rancher-backup/rancher-backup/1.0.200/templates/clusterrolebinding.yaml b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..cf4abf670 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "backupRestore.fullname" . }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "backupRestore.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io diff --git a/released/charts/rancher-backup/rancher-backup/1.0.200/templates/deployment.yaml b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/deployment.yaml new file mode 100644 index 000000000..776351ae5 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/deployment.yaml @@ -0,0 +1,59 @@ +{{- if and .Values.s3.enabled .Values.persistence.enabled }} +{{- fail "\n\nCannot configure both s3 and PV for storing backups" }} +{{- end }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "backupRestore.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "backupRestore.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "backupRestore.selectorLabels" . | nindent 8 }} + annotations: + checksum/s3: {{ include (print $.Template.BasePath "/s3-secret.yaml") . | sha256sum }} + checksum/pvc: {{ include (print $.Template.BasePath "/pvc.yaml") . | sha256sum }} + spec: + serviceAccountName: {{ include "backupRestore.serviceAccountName" . }} + containers: + - name: {{ .Chart.Name }} + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: Always + env: + - name: CHART_NAMESPACE + value: {{ .Release.Namespace }} + {{- if .Values.s3.enabled }} + - name: DEFAULT_S3_BACKUP_STORAGE_LOCATION + value: {{ include "backupRestore.s3SecretName" . }} + {{- end }} + {{- if .Values.persistence.enabled }} + - name: DEFAULT_PERSISTENCE_ENABLED + value: "persistence-enabled" + volumeMounts: + - mountPath: "/var/lib/backups" + name: pv-storage + volumes: + - name: pv-storage + persistentVolumeClaim: + claimName: {{ include "backupRestore.pvcName" . }} + {{- end }} + nodeSelector: + kubernetes.io/os: linux + {{- with .Values.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + tolerations: + {{- include "linux-node-tolerations" . | nindent 8}} + {{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.200/templates/pvc.yaml b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/pvc.yaml new file mode 100644 index 000000000..ff57e4dab --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/pvc.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.persistence.enabled -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "backupRestore.pvcName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +spec: + accessModes: + - ReadWriteOnce + resources: + {{- with .Values.persistence }} + requests: + storage: {{ .size | quote }} +{{- if .storageClass }} +{{- if (eq "-" .storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: {{ .storageClass | quote }} +{{- end }} +{{- end }} +{{- if .volumeName }} + volumeName: {{ .volumeName | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.200/templates/rancher-resourceset.yaml b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/rancher-resourceset.yaml new file mode 100644 index 000000000..c04d9901c --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/rancher-resourceset.yaml @@ -0,0 +1,62 @@ +apiVersion: resources.cattle.io/v1 +kind: ResourceSet +metadata: + name: rancher-resource-set +resourceSelectors: + - apiVersion: "v1" + kindsRegexp: "^namespaces$" + resourceNameRegexp: "^cattle-|^p-|^c-|^user-|^u-" + resourceNames: + - "local" + - apiVersion: "v1" + kindsRegexp: "^secrets$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" + labelSelectors: + matchExpressions: + - key: "owner" + operator: "NotIn" + values: ["helm"] + - apiVersion: "v1" + kindsRegexp: "^serviceaccounts$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" + - apiVersion: "v1" + kindsRegexp: "^configmaps$" + namespaces: + - "cattle-system" + - apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^roles$|^rolebindings$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" + - apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterrolebindings$" + resourceNameRegexp: "^cattle-|^clusterrolebinding-|^globaladmin-user-|^grb-u-" + resourceNames: + - "eks-operator" + - apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterroles$" + resourceNameRegexp: "^cattle-|^p-|^c-|^local-|^user-|^u-|^project-|^create-ns$" + resourceNames: + - "eks-operator" + - apiVersion: "apiextensions.k8s.io/v1beta1" + kindsRegexp: "." + resourceNameRegexp: "management.cattle.io$|project.cattle.io$|catalog.cattle.io$|eks.cattle.io$|resources.cattle.io$" + - apiVersion: "management.cattle.io/v3" + kindsRegexp: "." + - apiVersion: "project.cattle.io/v3" + kindsRegexp: "." + - apiVersion: "catalog.cattle.io/v1" + kindsRegexp: "^clusterrepos$" + - apiVersion: "resources.cattle.io/v1" + kindsRegexp: "^ResourceSet$" + - apiVersion: "eks.cattle.io/v1" + kindsRegexp: "." + - apiVersion: "apps/v1" + kindsRegexp: "^deployments$" + resourceNames: + - "eks-config-operator" + namespaces: + - "cattle-system" +controllerReferences: + - apiVersion: "apps/v1" + resource: "deployments" + name: "rancher" + namespace: "cattle-system" diff --git a/released/charts/rancher-backup/rancher-backup/1.0.200/templates/s3-secret.yaml b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/s3-secret.yaml new file mode 100644 index 000000000..0401b554b --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/s3-secret.yaml @@ -0,0 +1,31 @@ +{{- if .Values.s3.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "backupRestore.s3SecretName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +type: Opaque +stringData: + {{- with .Values.s3 }} + {{- if .credentialSecretName }} + credentialSecretName: {{ .credentialSecretName }} + credentialSecretNamespace: {{ required "When providing a Secret containing S3 credentials, a valid .Values.credentialSecretNamespace must be provided" .credentialSecretNamespace }} + {{- end }} + {{- if .region }} + region: {{ .region }} + {{- end }} + bucketName: {{ required "A valid .Values.bucketName is required for configuring S3 compatible storage as the default backup storage location" .bucketName }} + {{- if .folder }} + folder: {{ .folder }} + {{- end }} + endpoint: {{ required "A valid .Values.endpoint is required for configuring S3 compatible storage as the default backup storage location" .endpoint }} + {{- if .endpointCA }} + endpointCA: {{ .endpointCA }} + {{- end }} + {{- if .insecureTLSSkipVerify }} + insecureTLSSkipVerify: {{ .insecureTLSSkipVerify }} + {{- end }} + {{- end }} +{{ end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.200/templates/serviceaccount.yaml b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/serviceaccount.yaml new file mode 100644 index 000000000..f333b746c --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "backupRestore.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.200/templates/validate-install-crd.yaml b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/validate-install-crd.yaml new file mode 100644 index 000000000..8f04e51e8 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/validate-install-crd.yaml @@ -0,0 +1,16 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "resources.cattle.io/v1/Backup" false -}} +# {{- set $found "resources.cattle.io/v1/ResourceSet" false -}} +# {{- set $found "resources.cattle.io/v1/Restore" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-backup-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.200/values.yaml b/released/charts/rancher-backup/rancher-backup/1.0.200/values.yaml new file mode 100644 index 000000000..dafb30b76 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.200/values.yaml @@ -0,0 +1,49 @@ +image: + repository: rancher/backup-restore-operator + tag: v1.0.2 + +## Default s3 bucket for storing all backup files created by the backup-restore-operator +s3: + enabled: false + ## credentialSecretName if set, should be the name of the Secret containing AWS credentials. + ## To use IAM Role, don't set this field + credentialSecretName: "" + credentialSecretNamespace: "" + region: "" + bucketName: "" + folder: "" + endpoint: "" + endpointCA: "" + insecureTLSSkipVerify: false + +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## If persistence is enabled, operator will create a PVC with mountPath /var/lib/backups +persistence: + enabled: false + + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack). + ## Refer https://kubernetes.io/docs/concepts/storage/persistent-volumes/#class-1 + ## + storageClass: "-" + + ## If you want to disable dynamic provisioning by setting storageClass to "-" above, + ## and want to target a particular PV, provide name of the target volume + volumeName: "" + + ## Only certain StorageClasses allow resizing PVs; Refer https://kubernetes.io/blog/2018/07/12/resizing-persistent-volumes-using-kubernetes/ + size: 2Gi + + +global: + cattle: + systemDefaultRegistry: "" + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.201/Chart.yaml b/released/charts/rancher-backup/rancher-backup/1.0.201/Chart.yaml new file mode 100644 index 000000000..c646351b1 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.201/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/auto-install: rancher-backup-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Rancher Backups + catalog.cattle.io/namespace: cattle-resources-system + catalog.cattle.io/provides-gvr: resources.cattle.io.resourceset/v1 + catalog.cattle.io/release-name: rancher-backup + catalog.cattle.io/scope: management + catalog.cattle.io/ui-component: rancher-backup + catalog.cattle.io/os: linux +apiVersion: v1 +appVersion: v1.0.2 +description: Provides ability to back up and restore the Rancher application running + on any Kubernetes cluster +icon: https://charts.rancher.io/assets/logos/backup-restore.svg +keywords: +- applications +- infrastructure +name: rancher-backup +version: 1.0.201 diff --git a/released/charts/rancher-backup/rancher-backup/1.0.201/README.md b/released/charts/rancher-backup/rancher-backup/1.0.201/README.md new file mode 100644 index 000000000..feb526977 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.201/README.md @@ -0,0 +1,69 @@ +# Rancher Backup + +This chart provides ability to back up and restore the Rancher application running on any Kubernetes cluster. + +Refer [this](https://github.com/rancher/backup-restore-operator) repository for implementation details. + +----- + +### Get Repo Info +``` +helm repo add rancher-chart https://charts.rancher.io +helm repo update +``` + +----- + +### Install Chart +``` +helm install rancher-backup-crd rancher-chart/rancher-backup-crd -n cattle-resources-system --create-namespace +helm install rancher-backup rancher-chart/rancher-backup -n cattle-resources-system +``` + +----- + +### Configuration +The following table lists the configurable parameters of the rancher-backup chart and their default values: + +| Parameter | Description | Default | +|----------|---------------|-------| +| image.repository | Container image repository | rancher/backup-restore-operator | +| image.tag | Container image tag | v0.1.0-rc1 | +| s3.enabled | Configure S3 compatible default storage location. Current version supports S3 and MinIO | false | +| s3.credentialSecretName | Name of the Secret containing S3 credentials. This is an optional field. Skip this field in order to use IAM Role authentication. The Secret must contain following two keys, `accessKey` and `secretKey` | "" | +| s3.credentialSecretNamespace | Namespace of the Secret containing S3 credentials | "" | +| s3.region | Region of the S3 Bucket (Required for S3, not valid for MinIO) | "" | +| s3.bucketName | Name of the Bucket | "" | +| s3.folder | Base folder within the Bucket (optional) | "" | +| s3.endpoint | Endpoint for the S3 storage provider | "" | +| s3.endpointCA | Base64 encoded CA cert for the S3 storage provider (optional) | "" | +| s3.insecureTLSSkipVerify | Skip SSL verification | false | +| persistence.enabled | Configure a Persistent Volume as the default storage location. It accepts either a StorageClass name to create a PVC, or directly accepts the PV to use. The Persistent Volume is mounted at `/var/lib/backups` in the operator pod | false | +| persistence.storageClass | StorageClass to use for dynamically provisioning the Persistent Volume, which will be used for storing backups | "" | +| persistence.volumeName | Persistent Volume to use for storing backups | "" | +| persistence.size | Requested size of the Persistent Volume (Applicable when using dynamic provisioning) | "" | +| nodeSelector | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | {} | +| tolerations | https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration | [] | +| affinity | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | {} | + +----- + +### CRDs + +Refer [this](https://github.com/rancher/backup-restore-operator#crds) section for information on CRDs that this chart installs. Also refer [this](https://github.com/rancher/backup-restore-operator/tree/master/examples) folder containing sample manifests for the CRDs. + +----- +### Upgrading Chart +``` +helm upgrade rancher-backup-crd -n cattle-resources-system +helm upgrade rancher-backup -n cattle-resources-system +``` + +----- +### Uninstall Chart + +``` +helm uninstall rancher-backup -n cattle-resources-system +helm uninstall rancher-backup-crd -n cattle-resources-system +``` + diff --git a/released/charts/rancher-backup/rancher-backup/1.0.201/app-readme.md b/released/charts/rancher-backup/rancher-backup/1.0.201/app-readme.md new file mode 100644 index 000000000..15a021cdb --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.201/app-readme.md @@ -0,0 +1,15 @@ +# Rancher Backup + +This chart enables ability to capture backups of the Rancher application and restore from these backups. This chart can be used to migrate Rancher from one Kubernetes cluster to a different Kubernetes cluster. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/backups/v2.5/). + +This chart installs the following components: + +- [backup-restore-operator](https://github.com/rancher/backup-restore-operator) + - The operator handles backing up all Kubernetes resources and CRDs that Rancher creates and manages from the local cluster. It gathers these resources by querying the Kubernetes API server, packages all the resources to create a tarball file and saves it in the configured backup storage location. + - The operator can be configured to store backups in S3-compatible object stores such as AWS S3 and MinIO, and in persistent volumes. During deployment, you can create a default storage location, but there is always the option to override the default storage location with each backup, but will be limited to using an S3-compatible object store. + - It preserves the ownerReferences on all resources, hence maintaining dependencies between objects. + - This operator provides encryption support, to encrypt user specified resources before saving them in the backup file. It uses the same encryption configuration that is used to enable [Kubernetes Encryption at Rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/). +- Backup - A backup is a CRD (`Backup`) that defines when to take backups, where to store the backup and what encryption to use (optional). Backups can be taken ad hoc or scheduled to be taken in intervals. +- Restore - A restore is a CRD (`Restore`) that defines which backup to use to restore the Rancher application to. diff --git a/released/charts/rancher-backup/rancher-backup/1.0.201/templates/_helpers.tpl b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/_helpers.tpl new file mode 100644 index 000000000..411cfc63a --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/_helpers.tpl @@ -0,0 +1,76 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "backupRestore.fullname" -}} +{{- .Chart.Name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "backupRestore.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "backupRestore.labels" -}} +helm.sh/chart: {{ include "backupRestore.chart" . }} +{{ include "backupRestore.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "backupRestore.selectorLabels" -}} +app.kubernetes.io/name: {{ include "backupRestore.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +resources.cattle.io/operator: backup-restore +{{- end }} + + +{{/* +Create the name of the service account to use +*/}} +{{- define "backupRestore.serviceAccountName" -}} +{{ include "backupRestore.fullname" . }} +{{- end }} + + +{{- define "backupRestore.s3SecretName" -}} +{{- printf "%s-%s" .Chart.Name "s3" | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create PVC name using release and revision number. +*/}} +{{- define "backupRestore.pvcName" -}} +{{- printf "%s-%d" .Release.Name .Release.Revision }} +{{- end }} + diff --git a/released/charts/rancher-backup/rancher-backup/1.0.201/templates/clusterrolebinding.yaml b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..cf4abf670 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "backupRestore.fullname" . }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "backupRestore.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io diff --git a/released/charts/rancher-backup/rancher-backup/1.0.201/templates/deployment.yaml b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/deployment.yaml new file mode 100644 index 000000000..776351ae5 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/deployment.yaml @@ -0,0 +1,59 @@ +{{- if and .Values.s3.enabled .Values.persistence.enabled }} +{{- fail "\n\nCannot configure both s3 and PV for storing backups" }} +{{- end }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "backupRestore.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "backupRestore.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "backupRestore.selectorLabels" . | nindent 8 }} + annotations: + checksum/s3: {{ include (print $.Template.BasePath "/s3-secret.yaml") . | sha256sum }} + checksum/pvc: {{ include (print $.Template.BasePath "/pvc.yaml") . | sha256sum }} + spec: + serviceAccountName: {{ include "backupRestore.serviceAccountName" . }} + containers: + - name: {{ .Chart.Name }} + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: Always + env: + - name: CHART_NAMESPACE + value: {{ .Release.Namespace }} + {{- if .Values.s3.enabled }} + - name: DEFAULT_S3_BACKUP_STORAGE_LOCATION + value: {{ include "backupRestore.s3SecretName" . }} + {{- end }} + {{- if .Values.persistence.enabled }} + - name: DEFAULT_PERSISTENCE_ENABLED + value: "persistence-enabled" + volumeMounts: + - mountPath: "/var/lib/backups" + name: pv-storage + volumes: + - name: pv-storage + persistentVolumeClaim: + claimName: {{ include "backupRestore.pvcName" . }} + {{- end }} + nodeSelector: + kubernetes.io/os: linux + {{- with .Values.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + tolerations: + {{- include "linux-node-tolerations" . | nindent 8}} + {{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.201/templates/pvc.yaml b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/pvc.yaml new file mode 100644 index 000000000..ff57e4dab --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/pvc.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.persistence.enabled -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "backupRestore.pvcName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +spec: + accessModes: + - ReadWriteOnce + resources: + {{- with .Values.persistence }} + requests: + storage: {{ .size | quote }} +{{- if .storageClass }} +{{- if (eq "-" .storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: {{ .storageClass | quote }} +{{- end }} +{{- end }} +{{- if .volumeName }} + volumeName: {{ .volumeName | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.201/templates/rancher-resourceset.yaml b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/rancher-resourceset.yaml new file mode 100644 index 000000000..c04d9901c --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/rancher-resourceset.yaml @@ -0,0 +1,62 @@ +apiVersion: resources.cattle.io/v1 +kind: ResourceSet +metadata: + name: rancher-resource-set +resourceSelectors: + - apiVersion: "v1" + kindsRegexp: "^namespaces$" + resourceNameRegexp: "^cattle-|^p-|^c-|^user-|^u-" + resourceNames: + - "local" + - apiVersion: "v1" + kindsRegexp: "^secrets$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" + labelSelectors: + matchExpressions: + - key: "owner" + operator: "NotIn" + values: ["helm"] + - apiVersion: "v1" + kindsRegexp: "^serviceaccounts$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" + - apiVersion: "v1" + kindsRegexp: "^configmaps$" + namespaces: + - "cattle-system" + - apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^roles$|^rolebindings$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" + - apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterrolebindings$" + resourceNameRegexp: "^cattle-|^clusterrolebinding-|^globaladmin-user-|^grb-u-" + resourceNames: + - "eks-operator" + - apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterroles$" + resourceNameRegexp: "^cattle-|^p-|^c-|^local-|^user-|^u-|^project-|^create-ns$" + resourceNames: + - "eks-operator" + - apiVersion: "apiextensions.k8s.io/v1beta1" + kindsRegexp: "." + resourceNameRegexp: "management.cattle.io$|project.cattle.io$|catalog.cattle.io$|eks.cattle.io$|resources.cattle.io$" + - apiVersion: "management.cattle.io/v3" + kindsRegexp: "." + - apiVersion: "project.cattle.io/v3" + kindsRegexp: "." + - apiVersion: "catalog.cattle.io/v1" + kindsRegexp: "^clusterrepos$" + - apiVersion: "resources.cattle.io/v1" + kindsRegexp: "^ResourceSet$" + - apiVersion: "eks.cattle.io/v1" + kindsRegexp: "." + - apiVersion: "apps/v1" + kindsRegexp: "^deployments$" + resourceNames: + - "eks-config-operator" + namespaces: + - "cattle-system" +controllerReferences: + - apiVersion: "apps/v1" + resource: "deployments" + name: "rancher" + namespace: "cattle-system" diff --git a/released/charts/rancher-backup/rancher-backup/1.0.201/templates/s3-secret.yaml b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/s3-secret.yaml new file mode 100644 index 000000000..0401b554b --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/s3-secret.yaml @@ -0,0 +1,31 @@ +{{- if .Values.s3.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "backupRestore.s3SecretName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +type: Opaque +stringData: + {{- with .Values.s3 }} + {{- if .credentialSecretName }} + credentialSecretName: {{ .credentialSecretName }} + credentialSecretNamespace: {{ required "When providing a Secret containing S3 credentials, a valid .Values.credentialSecretNamespace must be provided" .credentialSecretNamespace }} + {{- end }} + {{- if .region }} + region: {{ .region }} + {{- end }} + bucketName: {{ required "A valid .Values.bucketName is required for configuring S3 compatible storage as the default backup storage location" .bucketName }} + {{- if .folder }} + folder: {{ .folder }} + {{- end }} + endpoint: {{ required "A valid .Values.endpoint is required for configuring S3 compatible storage as the default backup storage location" .endpoint }} + {{- if .endpointCA }} + endpointCA: {{ .endpointCA }} + {{- end }} + {{- if .insecureTLSSkipVerify }} + insecureTLSSkipVerify: {{ .insecureTLSSkipVerify }} + {{- end }} + {{- end }} +{{ end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.201/templates/serviceaccount.yaml b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/serviceaccount.yaml new file mode 100644 index 000000000..f333b746c --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "backupRestore.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.201/templates/validate-install-crd.yaml b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/validate-install-crd.yaml new file mode 100644 index 000000000..8f04e51e8 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/validate-install-crd.yaml @@ -0,0 +1,16 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "resources.cattle.io/v1/Backup" false -}} +# {{- set $found "resources.cattle.io/v1/ResourceSet" false -}} +# {{- set $found "resources.cattle.io/v1/Restore" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-backup-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.201/values.yaml b/released/charts/rancher-backup/rancher-backup/1.0.201/values.yaml new file mode 100644 index 000000000..dafb30b76 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.201/values.yaml @@ -0,0 +1,49 @@ +image: + repository: rancher/backup-restore-operator + tag: v1.0.2 + +## Default s3 bucket for storing all backup files created by the backup-restore-operator +s3: + enabled: false + ## credentialSecretName if set, should be the name of the Secret containing AWS credentials. + ## To use IAM Role, don't set this field + credentialSecretName: "" + credentialSecretNamespace: "" + region: "" + bucketName: "" + folder: "" + endpoint: "" + endpointCA: "" + insecureTLSSkipVerify: false + +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## If persistence is enabled, operator will create a PVC with mountPath /var/lib/backups +persistence: + enabled: false + + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack). + ## Refer https://kubernetes.io/docs/concepts/storage/persistent-volumes/#class-1 + ## + storageClass: "-" + + ## If you want to disable dynamic provisioning by setting storageClass to "-" above, + ## and want to target a particular PV, provide name of the target volume + volumeName: "" + + ## Only certain StorageClasses allow resizing PVs; Refer https://kubernetes.io/blog/2018/07/12/resizing-persistent-volumes-using-kubernetes/ + size: 2Gi + + +global: + cattle: + systemDefaultRegistry: "" + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.300/Chart.yaml b/released/charts/rancher-backup/rancher-backup/1.0.300/Chart.yaml new file mode 100644 index 000000000..404b29b06 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.300/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/auto-install: rancher-backup-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Rancher Backups + catalog.cattle.io/namespace: cattle-resources-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: resources.cattle.io.resourceset/v1 + catalog.cattle.io/release-name: rancher-backup + catalog.cattle.io/scope: management + catalog.cattle.io/ui-component: rancher-backup +apiVersion: v1 +appVersion: v1.0.3 +description: Provides ability to back up and restore the Rancher application running + on any Kubernetes cluster +icon: https://charts.rancher.io/assets/logos/backup-restore.svg +keywords: +- applications +- infrastructure +name: rancher-backup +version: 1.0.300 diff --git a/released/charts/rancher-backup/rancher-backup/1.0.300/README.md b/released/charts/rancher-backup/rancher-backup/1.0.300/README.md new file mode 100644 index 000000000..feb526977 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.300/README.md @@ -0,0 +1,69 @@ +# Rancher Backup + +This chart provides ability to back up and restore the Rancher application running on any Kubernetes cluster. + +Refer [this](https://github.com/rancher/backup-restore-operator) repository for implementation details. + +----- + +### Get Repo Info +``` +helm repo add rancher-chart https://charts.rancher.io +helm repo update +``` + +----- + +### Install Chart +``` +helm install rancher-backup-crd rancher-chart/rancher-backup-crd -n cattle-resources-system --create-namespace +helm install rancher-backup rancher-chart/rancher-backup -n cattle-resources-system +``` + +----- + +### Configuration +The following table lists the configurable parameters of the rancher-backup chart and their default values: + +| Parameter | Description | Default | +|----------|---------------|-------| +| image.repository | Container image repository | rancher/backup-restore-operator | +| image.tag | Container image tag | v0.1.0-rc1 | +| s3.enabled | Configure S3 compatible default storage location. Current version supports S3 and MinIO | false | +| s3.credentialSecretName | Name of the Secret containing S3 credentials. This is an optional field. Skip this field in order to use IAM Role authentication. The Secret must contain following two keys, `accessKey` and `secretKey` | "" | +| s3.credentialSecretNamespace | Namespace of the Secret containing S3 credentials | "" | +| s3.region | Region of the S3 Bucket (Required for S3, not valid for MinIO) | "" | +| s3.bucketName | Name of the Bucket | "" | +| s3.folder | Base folder within the Bucket (optional) | "" | +| s3.endpoint | Endpoint for the S3 storage provider | "" | +| s3.endpointCA | Base64 encoded CA cert for the S3 storage provider (optional) | "" | +| s3.insecureTLSSkipVerify | Skip SSL verification | false | +| persistence.enabled | Configure a Persistent Volume as the default storage location. It accepts either a StorageClass name to create a PVC, or directly accepts the PV to use. The Persistent Volume is mounted at `/var/lib/backups` in the operator pod | false | +| persistence.storageClass | StorageClass to use for dynamically provisioning the Persistent Volume, which will be used for storing backups | "" | +| persistence.volumeName | Persistent Volume to use for storing backups | "" | +| persistence.size | Requested size of the Persistent Volume (Applicable when using dynamic provisioning) | "" | +| nodeSelector | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | {} | +| tolerations | https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration | [] | +| affinity | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | {} | + +----- + +### CRDs + +Refer [this](https://github.com/rancher/backup-restore-operator#crds) section for information on CRDs that this chart installs. Also refer [this](https://github.com/rancher/backup-restore-operator/tree/master/examples) folder containing sample manifests for the CRDs. + +----- +### Upgrading Chart +``` +helm upgrade rancher-backup-crd -n cattle-resources-system +helm upgrade rancher-backup -n cattle-resources-system +``` + +----- +### Uninstall Chart + +``` +helm uninstall rancher-backup -n cattle-resources-system +helm uninstall rancher-backup-crd -n cattle-resources-system +``` + diff --git a/released/charts/rancher-backup/rancher-backup/1.0.300/app-readme.md b/released/charts/rancher-backup/rancher-backup/1.0.300/app-readme.md new file mode 100644 index 000000000..15a021cdb --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.300/app-readme.md @@ -0,0 +1,15 @@ +# Rancher Backup + +This chart enables ability to capture backups of the Rancher application and restore from these backups. This chart can be used to migrate Rancher from one Kubernetes cluster to a different Kubernetes cluster. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/backups/v2.5/). + +This chart installs the following components: + +- [backup-restore-operator](https://github.com/rancher/backup-restore-operator) + - The operator handles backing up all Kubernetes resources and CRDs that Rancher creates and manages from the local cluster. It gathers these resources by querying the Kubernetes API server, packages all the resources to create a tarball file and saves it in the configured backup storage location. + - The operator can be configured to store backups in S3-compatible object stores such as AWS S3 and MinIO, and in persistent volumes. During deployment, you can create a default storage location, but there is always the option to override the default storage location with each backup, but will be limited to using an S3-compatible object store. + - It preserves the ownerReferences on all resources, hence maintaining dependencies between objects. + - This operator provides encryption support, to encrypt user specified resources before saving them in the backup file. It uses the same encryption configuration that is used to enable [Kubernetes Encryption at Rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/). +- Backup - A backup is a CRD (`Backup`) that defines when to take backups, where to store the backup and what encryption to use (optional). Backups can be taken ad hoc or scheduled to be taken in intervals. +- Restore - A restore is a CRD (`Restore`) that defines which backup to use to restore the Rancher application to. diff --git a/released/charts/rancher-backup/rancher-backup/1.0.300/templates/_helpers.tpl b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/_helpers.tpl new file mode 100644 index 000000000..411cfc63a --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/_helpers.tpl @@ -0,0 +1,76 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "backupRestore.fullname" -}} +{{- .Chart.Name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "backupRestore.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "backupRestore.labels" -}} +helm.sh/chart: {{ include "backupRestore.chart" . }} +{{ include "backupRestore.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "backupRestore.selectorLabels" -}} +app.kubernetes.io/name: {{ include "backupRestore.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +resources.cattle.io/operator: backup-restore +{{- end }} + + +{{/* +Create the name of the service account to use +*/}} +{{- define "backupRestore.serviceAccountName" -}} +{{ include "backupRestore.fullname" . }} +{{- end }} + + +{{- define "backupRestore.s3SecretName" -}} +{{- printf "%s-%s" .Chart.Name "s3" | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create PVC name using release and revision number. +*/}} +{{- define "backupRestore.pvcName" -}} +{{- printf "%s-%d" .Release.Name .Release.Revision }} +{{- end }} + diff --git a/released/charts/rancher-backup/rancher-backup/1.0.300/templates/clusterrolebinding.yaml b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..cf4abf670 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "backupRestore.fullname" . }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "backupRestore.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io diff --git a/released/charts/rancher-backup/rancher-backup/1.0.300/templates/deployment.yaml b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/deployment.yaml new file mode 100644 index 000000000..776351ae5 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/deployment.yaml @@ -0,0 +1,59 @@ +{{- if and .Values.s3.enabled .Values.persistence.enabled }} +{{- fail "\n\nCannot configure both s3 and PV for storing backups" }} +{{- end }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "backupRestore.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "backupRestore.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "backupRestore.selectorLabels" . | nindent 8 }} + annotations: + checksum/s3: {{ include (print $.Template.BasePath "/s3-secret.yaml") . | sha256sum }} + checksum/pvc: {{ include (print $.Template.BasePath "/pvc.yaml") . | sha256sum }} + spec: + serviceAccountName: {{ include "backupRestore.serviceAccountName" . }} + containers: + - name: {{ .Chart.Name }} + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: Always + env: + - name: CHART_NAMESPACE + value: {{ .Release.Namespace }} + {{- if .Values.s3.enabled }} + - name: DEFAULT_S3_BACKUP_STORAGE_LOCATION + value: {{ include "backupRestore.s3SecretName" . }} + {{- end }} + {{- if .Values.persistence.enabled }} + - name: DEFAULT_PERSISTENCE_ENABLED + value: "persistence-enabled" + volumeMounts: + - mountPath: "/var/lib/backups" + name: pv-storage + volumes: + - name: pv-storage + persistentVolumeClaim: + claimName: {{ include "backupRestore.pvcName" . }} + {{- end }} + nodeSelector: + kubernetes.io/os: linux + {{- with .Values.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + tolerations: + {{- include "linux-node-tolerations" . | nindent 8}} + {{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.300/templates/pvc.yaml b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/pvc.yaml new file mode 100644 index 000000000..ff57e4dab --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/pvc.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.persistence.enabled -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "backupRestore.pvcName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +spec: + accessModes: + - ReadWriteOnce + resources: + {{- with .Values.persistence }} + requests: + storage: {{ .size | quote }} +{{- if .storageClass }} +{{- if (eq "-" .storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: {{ .storageClass | quote }} +{{- end }} +{{- end }} +{{- if .volumeName }} + volumeName: {{ .volumeName | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.300/templates/rancher-resourceset.yaml b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/rancher-resourceset.yaml new file mode 100644 index 000000000..c04d9901c --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/rancher-resourceset.yaml @@ -0,0 +1,62 @@ +apiVersion: resources.cattle.io/v1 +kind: ResourceSet +metadata: + name: rancher-resource-set +resourceSelectors: + - apiVersion: "v1" + kindsRegexp: "^namespaces$" + resourceNameRegexp: "^cattle-|^p-|^c-|^user-|^u-" + resourceNames: + - "local" + - apiVersion: "v1" + kindsRegexp: "^secrets$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" + labelSelectors: + matchExpressions: + - key: "owner" + operator: "NotIn" + values: ["helm"] + - apiVersion: "v1" + kindsRegexp: "^serviceaccounts$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" + - apiVersion: "v1" + kindsRegexp: "^configmaps$" + namespaces: + - "cattle-system" + - apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^roles$|^rolebindings$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" + - apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterrolebindings$" + resourceNameRegexp: "^cattle-|^clusterrolebinding-|^globaladmin-user-|^grb-u-" + resourceNames: + - "eks-operator" + - apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterroles$" + resourceNameRegexp: "^cattle-|^p-|^c-|^local-|^user-|^u-|^project-|^create-ns$" + resourceNames: + - "eks-operator" + - apiVersion: "apiextensions.k8s.io/v1beta1" + kindsRegexp: "." + resourceNameRegexp: "management.cattle.io$|project.cattle.io$|catalog.cattle.io$|eks.cattle.io$|resources.cattle.io$" + - apiVersion: "management.cattle.io/v3" + kindsRegexp: "." + - apiVersion: "project.cattle.io/v3" + kindsRegexp: "." + - apiVersion: "catalog.cattle.io/v1" + kindsRegexp: "^clusterrepos$" + - apiVersion: "resources.cattle.io/v1" + kindsRegexp: "^ResourceSet$" + - apiVersion: "eks.cattle.io/v1" + kindsRegexp: "." + - apiVersion: "apps/v1" + kindsRegexp: "^deployments$" + resourceNames: + - "eks-config-operator" + namespaces: + - "cattle-system" +controllerReferences: + - apiVersion: "apps/v1" + resource: "deployments" + name: "rancher" + namespace: "cattle-system" diff --git a/released/charts/rancher-backup/rancher-backup/1.0.300/templates/s3-secret.yaml b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/s3-secret.yaml new file mode 100644 index 000000000..a07623d90 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/s3-secret.yaml @@ -0,0 +1,31 @@ +{{- if .Values.s3.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "backupRestore.s3SecretName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +type: Opaque +stringData: + {{- with .Values.s3 }} + {{- if .credentialSecretName }} + credentialSecretName: {{ .credentialSecretName }} + credentialSecretNamespace: {{ required "When providing a Secret containing S3 credentials, a valid .Values.credentialSecretNamespace must be provided" .credentialSecretNamespace }} + {{- end }} + {{- if .region }} + region: {{ .region }} + {{- end }} + bucketName: {{ required "A valid .Values.bucketName is required for configuring S3 compatible storage as the default backup storage location" .bucketName }} + {{- if .folder }} + folder: {{ .folder }} + {{- end }} + endpoint: {{ required "A valid .Values.endpoint is required for configuring S3 compatible storage as the default backup storage location" .endpoint }} + {{- if .endpointCA }} + endpointCA: {{ .endpointCA }} + {{- end }} + {{- if .insecureTLSSkipVerify }} + insecureTLSSkipVerify: {{ .insecureTLSSkipVerify | quote }} + {{- end }} + {{- end }} +{{ end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.300/templates/serviceaccount.yaml b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/serviceaccount.yaml new file mode 100644 index 000000000..f333b746c --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "backupRestore.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.300/templates/validate-install-crd.yaml b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/validate-install-crd.yaml new file mode 100644 index 000000000..8f04e51e8 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/validate-install-crd.yaml @@ -0,0 +1,16 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "resources.cattle.io/v1/Backup" false -}} +# {{- set $found "resources.cattle.io/v1/ResourceSet" false -}} +# {{- set $found "resources.cattle.io/v1/Restore" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-backup-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.300/values.yaml b/released/charts/rancher-backup/rancher-backup/1.0.300/values.yaml new file mode 100644 index 000000000..46d231fd2 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.300/values.yaml @@ -0,0 +1,49 @@ +image: + repository: rancher/backup-restore-operator + tag: v1.0.3 + +## Default s3 bucket for storing all backup files created by the backup-restore-operator +s3: + enabled: false + ## credentialSecretName if set, should be the name of the Secret containing AWS credentials. + ## To use IAM Role, don't set this field + credentialSecretName: "" + credentialSecretNamespace: "" + region: "" + bucketName: "" + folder: "" + endpoint: "" + endpointCA: "" + insecureTLSSkipVerify: false + +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## If persistence is enabled, operator will create a PVC with mountPath /var/lib/backups +persistence: + enabled: false + + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack). + ## Refer https://kubernetes.io/docs/concepts/storage/persistent-volumes/#class-1 + ## + storageClass: "-" + + ## If you want to disable dynamic provisioning by setting storageClass to "-" above, + ## and want to target a particular PV, provide name of the target volume + volumeName: "" + + ## Only certain StorageClasses allow resizing PVs; Refer https://kubernetes.io/blog/2018/07/12/resizing-persistent-volumes-using-kubernetes/ + size: 2Gi + + +global: + cattle: + systemDefaultRegistry: "" + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.301/Chart.yaml b/released/charts/rancher-backup/rancher-backup/1.0.301/Chart.yaml new file mode 100755 index 000000000..aa39ba99d --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.301/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/auto-install: rancher-backup-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Rancher Backups + catalog.cattle.io/namespace: cattle-resources-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: resources.cattle.io.resourceset/v1 + catalog.cattle.io/release-name: rancher-backup + catalog.cattle.io/scope: management + catalog.cattle.io/ui-component: rancher-backup +apiVersion: v1 +appVersion: v1.0.3 +description: Provides ability to back up and restore the Rancher application running + on any Kubernetes cluster +icon: https://charts.rancher.io/assets/logos/backup-restore.svg +keywords: +- applications +- infrastructure +name: rancher-backup +version: 1.0.301 diff --git a/released/charts/rancher-backup/rancher-backup/1.0.301/README.md b/released/charts/rancher-backup/rancher-backup/1.0.301/README.md new file mode 100755 index 000000000..67f7cc4d9 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.301/README.md @@ -0,0 +1,69 @@ +# Rancher Backup + +This chart provides ability to back up and restore the Rancher application running on any Kubernetes cluster. + +Refer [this](https://github.com/rancher/backup-restore-operator) repository for implementation details. + +----- + +### Get Repo Info +``` +helm repo add rancher-chart https://charts.rancher.io +helm repo update +``` + +----- + +### Install Chart +``` +helm install rancher-backup-crd rancher-chart/rancher-backup-crd -n cattle-resources-system --create-namespace +helm install rancher-backup rancher-chart/rancher-backup -n cattle-resources-system +``` + +----- + +### Configuration +The following table lists the configurable parameters of the rancher-backup chart and their default values: + +| Parameter | Description | Default | +|----------|---------------|-------| +| image.repository | Container image repository | rancher/backup-restore-operator | +| image.tag | Container image tag | v0.1.0-rc1 | +| s3.enabled | Configure S3 compatible default storage location. Current version supports S3 and MinIO | false | +| s3.credentialSecretName | Name of the Secret containing S3 credentials. This is an optional field. Skip this field in order to use IAM Role authentication. The Secret must contain following two keys, `accessKey` and `secretKey` | "" | +| s3.credentialSecretNamespace | Namespace of the Secret containing S3 credentials. This can be any namespace. | "" | +| s3.region | Region of the S3 Bucket (Required for S3, not valid for MinIO) | "" | +| s3.bucketName | Name of the Bucket | "" | +| s3.folder | Base folder within the Bucket (optional) | "" | +| s3.endpoint | Endpoint for the S3 storage provider | "" | +| s3.endpointCA | Base64 encoded CA cert for the S3 storage provider (optional) | "" | +| s3.insecureTLSSkipVerify | Skip SSL verification | false | +| persistence.enabled | Configure a Persistent Volume as the default storage location. It accepts either a StorageClass name to create a PVC, or directly accepts the PV to use. The Persistent Volume is mounted at `/var/lib/backups` in the operator pod | false | +| persistence.storageClass | StorageClass to use for dynamically provisioning the Persistent Volume, which will be used for storing backups | "" | +| persistence.volumeName | Persistent Volume to use for storing backups | "" | +| persistence.size | Requested size of the Persistent Volume (Applicable when using dynamic provisioning) | "" | +| nodeSelector | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | {} | +| tolerations | https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration | [] | +| affinity | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | {} | + +----- + +### CRDs + +Refer [this](https://github.com/rancher/backup-restore-operator#crds) section for information on CRDs that this chart installs. Also refer [this](https://github.com/rancher/backup-restore-operator/tree/master/examples) folder containing sample manifests for the CRDs. + +----- +### Upgrading Chart +``` +helm upgrade rancher-backup-crd -n cattle-resources-system +helm upgrade rancher-backup -n cattle-resources-system +``` + +----- +### Uninstall Chart + +``` +helm uninstall rancher-backup -n cattle-resources-system +helm uninstall rancher-backup-crd -n cattle-resources-system +``` + diff --git a/released/charts/rancher-backup/rancher-backup/1.0.301/app-readme.md b/released/charts/rancher-backup/rancher-backup/1.0.301/app-readme.md new file mode 100755 index 000000000..15a021cdb --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.301/app-readme.md @@ -0,0 +1,15 @@ +# Rancher Backup + +This chart enables ability to capture backups of the Rancher application and restore from these backups. This chart can be used to migrate Rancher from one Kubernetes cluster to a different Kubernetes cluster. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/backups/v2.5/). + +This chart installs the following components: + +- [backup-restore-operator](https://github.com/rancher/backup-restore-operator) + - The operator handles backing up all Kubernetes resources and CRDs that Rancher creates and manages from the local cluster. It gathers these resources by querying the Kubernetes API server, packages all the resources to create a tarball file and saves it in the configured backup storage location. + - The operator can be configured to store backups in S3-compatible object stores such as AWS S3 and MinIO, and in persistent volumes. During deployment, you can create a default storage location, but there is always the option to override the default storage location with each backup, but will be limited to using an S3-compatible object store. + - It preserves the ownerReferences on all resources, hence maintaining dependencies between objects. + - This operator provides encryption support, to encrypt user specified resources before saving them in the backup file. It uses the same encryption configuration that is used to enable [Kubernetes Encryption at Rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/). +- Backup - A backup is a CRD (`Backup`) that defines when to take backups, where to store the backup and what encryption to use (optional). Backups can be taken ad hoc or scheduled to be taken in intervals. +- Restore - A restore is a CRD (`Restore`) that defines which backup to use to restore the Rancher application to. diff --git a/released/charts/rancher-backup/rancher-backup/1.0.301/templates/_helpers.tpl b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/_helpers.tpl new file mode 100755 index 000000000..411cfc63a --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/_helpers.tpl @@ -0,0 +1,76 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "backupRestore.fullname" -}} +{{- .Chart.Name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "backupRestore.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "backupRestore.labels" -}} +helm.sh/chart: {{ include "backupRestore.chart" . }} +{{ include "backupRestore.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "backupRestore.selectorLabels" -}} +app.kubernetes.io/name: {{ include "backupRestore.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +resources.cattle.io/operator: backup-restore +{{- end }} + + +{{/* +Create the name of the service account to use +*/}} +{{- define "backupRestore.serviceAccountName" -}} +{{ include "backupRestore.fullname" . }} +{{- end }} + + +{{- define "backupRestore.s3SecretName" -}} +{{- printf "%s-%s" .Chart.Name "s3" | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create PVC name using release and revision number. +*/}} +{{- define "backupRestore.pvcName" -}} +{{- printf "%s-%d" .Release.Name .Release.Revision }} +{{- end }} + diff --git a/released/charts/rancher-backup/rancher-backup/1.0.301/templates/clusterrolebinding.yaml b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..cf4abf670 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "backupRestore.fullname" . }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "backupRestore.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io diff --git a/released/charts/rancher-backup/rancher-backup/1.0.301/templates/deployment.yaml b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/deployment.yaml new file mode 100755 index 000000000..776351ae5 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/deployment.yaml @@ -0,0 +1,59 @@ +{{- if and .Values.s3.enabled .Values.persistence.enabled }} +{{- fail "\n\nCannot configure both s3 and PV for storing backups" }} +{{- end }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "backupRestore.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "backupRestore.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "backupRestore.selectorLabels" . | nindent 8 }} + annotations: + checksum/s3: {{ include (print $.Template.BasePath "/s3-secret.yaml") . | sha256sum }} + checksum/pvc: {{ include (print $.Template.BasePath "/pvc.yaml") . | sha256sum }} + spec: + serviceAccountName: {{ include "backupRestore.serviceAccountName" . }} + containers: + - name: {{ .Chart.Name }} + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: Always + env: + - name: CHART_NAMESPACE + value: {{ .Release.Namespace }} + {{- if .Values.s3.enabled }} + - name: DEFAULT_S3_BACKUP_STORAGE_LOCATION + value: {{ include "backupRestore.s3SecretName" . }} + {{- end }} + {{- if .Values.persistence.enabled }} + - name: DEFAULT_PERSISTENCE_ENABLED + value: "persistence-enabled" + volumeMounts: + - mountPath: "/var/lib/backups" + name: pv-storage + volumes: + - name: pv-storage + persistentVolumeClaim: + claimName: {{ include "backupRestore.pvcName" . }} + {{- end }} + nodeSelector: + kubernetes.io/os: linux + {{- with .Values.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + tolerations: + {{- include "linux-node-tolerations" . | nindent 8}} + {{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.301/templates/pvc.yaml b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/pvc.yaml new file mode 100755 index 000000000..ff57e4dab --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/pvc.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.persistence.enabled -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "backupRestore.pvcName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +spec: + accessModes: + - ReadWriteOnce + resources: + {{- with .Values.persistence }} + requests: + storage: {{ .size | quote }} +{{- if .storageClass }} +{{- if (eq "-" .storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: {{ .storageClass | quote }} +{{- end }} +{{- end }} +{{- if .volumeName }} + volumeName: {{ .volumeName | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.301/templates/rancher-resourceset.yaml b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/rancher-resourceset.yaml new file mode 100755 index 000000000..c04d9901c --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/rancher-resourceset.yaml @@ -0,0 +1,62 @@ +apiVersion: resources.cattle.io/v1 +kind: ResourceSet +metadata: + name: rancher-resource-set +resourceSelectors: + - apiVersion: "v1" + kindsRegexp: "^namespaces$" + resourceNameRegexp: "^cattle-|^p-|^c-|^user-|^u-" + resourceNames: + - "local" + - apiVersion: "v1" + kindsRegexp: "^secrets$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" + labelSelectors: + matchExpressions: + - key: "owner" + operator: "NotIn" + values: ["helm"] + - apiVersion: "v1" + kindsRegexp: "^serviceaccounts$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" + - apiVersion: "v1" + kindsRegexp: "^configmaps$" + namespaces: + - "cattle-system" + - apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^roles$|^rolebindings$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" + - apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterrolebindings$" + resourceNameRegexp: "^cattle-|^clusterrolebinding-|^globaladmin-user-|^grb-u-" + resourceNames: + - "eks-operator" + - apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterroles$" + resourceNameRegexp: "^cattle-|^p-|^c-|^local-|^user-|^u-|^project-|^create-ns$" + resourceNames: + - "eks-operator" + - apiVersion: "apiextensions.k8s.io/v1beta1" + kindsRegexp: "." + resourceNameRegexp: "management.cattle.io$|project.cattle.io$|catalog.cattle.io$|eks.cattle.io$|resources.cattle.io$" + - apiVersion: "management.cattle.io/v3" + kindsRegexp: "." + - apiVersion: "project.cattle.io/v3" + kindsRegexp: "." + - apiVersion: "catalog.cattle.io/v1" + kindsRegexp: "^clusterrepos$" + - apiVersion: "resources.cattle.io/v1" + kindsRegexp: "^ResourceSet$" + - apiVersion: "eks.cattle.io/v1" + kindsRegexp: "." + - apiVersion: "apps/v1" + kindsRegexp: "^deployments$" + resourceNames: + - "eks-config-operator" + namespaces: + - "cattle-system" +controllerReferences: + - apiVersion: "apps/v1" + resource: "deployments" + name: "rancher" + namespace: "cattle-system" diff --git a/released/charts/rancher-backup/rancher-backup/1.0.301/templates/s3-secret.yaml b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/s3-secret.yaml new file mode 100755 index 000000000..a07623d90 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/s3-secret.yaml @@ -0,0 +1,31 @@ +{{- if .Values.s3.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "backupRestore.s3SecretName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +type: Opaque +stringData: + {{- with .Values.s3 }} + {{- if .credentialSecretName }} + credentialSecretName: {{ .credentialSecretName }} + credentialSecretNamespace: {{ required "When providing a Secret containing S3 credentials, a valid .Values.credentialSecretNamespace must be provided" .credentialSecretNamespace }} + {{- end }} + {{- if .region }} + region: {{ .region }} + {{- end }} + bucketName: {{ required "A valid .Values.bucketName is required for configuring S3 compatible storage as the default backup storage location" .bucketName }} + {{- if .folder }} + folder: {{ .folder }} + {{- end }} + endpoint: {{ required "A valid .Values.endpoint is required for configuring S3 compatible storage as the default backup storage location" .endpoint }} + {{- if .endpointCA }} + endpointCA: {{ .endpointCA }} + {{- end }} + {{- if .insecureTLSSkipVerify }} + insecureTLSSkipVerify: {{ .insecureTLSSkipVerify | quote }} + {{- end }} + {{- end }} +{{ end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.301/templates/serviceaccount.yaml b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/serviceaccount.yaml new file mode 100755 index 000000000..f333b746c --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "backupRestore.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.301/templates/validate-install-crd.yaml b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/validate-install-crd.yaml new file mode 100755 index 000000000..f63fd2e2e --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/validate-install-crd.yaml @@ -0,0 +1,16 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "resources.cattle.io/v1/Backup" false -}} +# {{- set $found "resources.cattle.io/v1/ResourceSet" false -}} +# {{- set $found "resources.cattle.io/v1/Restore" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-backup/rancher-backup/1.0.301/values.yaml b/released/charts/rancher-backup/rancher-backup/1.0.301/values.yaml new file mode 100755 index 000000000..46d231fd2 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.301/values.yaml @@ -0,0 +1,49 @@ +image: + repository: rancher/backup-restore-operator + tag: v1.0.3 + +## Default s3 bucket for storing all backup files created by the backup-restore-operator +s3: + enabled: false + ## credentialSecretName if set, should be the name of the Secret containing AWS credentials. + ## To use IAM Role, don't set this field + credentialSecretName: "" + credentialSecretNamespace: "" + region: "" + bucketName: "" + folder: "" + endpoint: "" + endpointCA: "" + insecureTLSSkipVerify: false + +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## If persistence is enabled, operator will create a PVC with mountPath /var/lib/backups +persistence: + enabled: false + + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack). + ## Refer https://kubernetes.io/docs/concepts/storage/persistent-volumes/#class-1 + ## + storageClass: "-" + + ## If you want to disable dynamic provisioning by setting storageClass to "-" above, + ## and want to target a particular PV, provide name of the target volume + volumeName: "" + + ## Only certain StorageClasses allow resizing PVs; Refer https://kubernetes.io/blog/2018/07/12/resizing-persistent-volumes-using-kubernetes/ + size: 2Gi + + +global: + cattle: + systemDefaultRegistry: "" + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/Chart.yaml b/released/charts/rancher-backup/rancher-backup/1.0.400/Chart.yaml new file mode 100755 index 000000000..0cc5ada17 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/auto-install: rancher-backup-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Rancher Backups + catalog.cattle.io/namespace: cattle-resources-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: resources.cattle.io.resourceset/v1 + catalog.cattle.io/release-name: rancher-backup + catalog.cattle.io/scope: management + catalog.cattle.io/ui-component: rancher-backup +apiVersion: v2 +appVersion: 1.0.4 +description: Provides ability to back up and restore the Rancher application running + on any Kubernetes cluster +icon: https://charts.rancher.io/assets/logos/backup-restore.svg +keywords: +- applications +- infrastructure +name: rancher-backup +version: 1.0.400 diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/README.md b/released/charts/rancher-backup/rancher-backup/1.0.400/README.md new file mode 100755 index 000000000..00fc96d92 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/README.md @@ -0,0 +1,69 @@ +# Rancher Backup + +This chart provides ability to back up and restore the Rancher application running on any Kubernetes cluster. + +Refer [this](https://github.com/rancher/backup-restore-operator) repository for implementation details. + +----- + +### Get Repo Info +```bash +helm repo add rancher-chart https://charts.rancher.io +helm repo update +``` + +----- + +### Install Chart +```bash +helm install rancher-backup-crd rancher-chart/rancher-backup-crd -n cattle-resources-system --create-namespace +helm install rancher-backup rancher-chart/rancher-backup -n cattle-resources-system +``` + +----- + +### Configuration +The following table lists the configurable parameters of the rancher-backup chart and their default values: + +| Parameter | Description | Default | +|----------|---------------|-------| +| image.repository | Container image repository | rancher/backup-restore-operator | +| image.tag | Container image tag | v0.1.0-rc1 | +| s3.enabled | Configure S3 compatible default storage location. Current version supports S3 and MinIO | false | +| s3.credentialSecretName | Name of the Secret containing S3 credentials. This is an optional field. Skip this field in order to use IAM Role authentication. The Secret must contain following two keys, `accessKey` and `secretKey` | "" | +| s3.credentialSecretNamespace | Namespace of the Secret containing S3 credentials. This can be any namespace. | "" | +| s3.region | Region of the S3 Bucket (Required for S3, not valid for MinIO) | "" | +| s3.bucketName | Name of the Bucket | "" | +| s3.folder | Base folder within the Bucket (optional) | "" | +| s3.endpoint | Endpoint for the S3 storage provider | "" | +| s3.endpointCA | Base64 encoded CA cert for the S3 storage provider (optional) | "" | +| s3.insecureTLSSkipVerify | Skip SSL verification | false | +| persistence.enabled | Configure a Persistent Volume as the default storage location. It accepts either a StorageClass name to create a PVC, or directly accepts the PV to use. The Persistent Volume is mounted at `/var/lib/backups` in the operator pod | false | +| persistence.storageClass | StorageClass to use for dynamically provisioning the Persistent Volume, which will be used for storing backups | "" | +| persistence.volumeName | Persistent Volume to use for storing backups | "" | +| persistence.size | Requested size of the Persistent Volume (Applicable when using dynamic provisioning) | "" | +| nodeSelector | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | {} | +| tolerations | https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration | [] | +| affinity | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | {} | + +----- + +### CRDs + +Refer [this](https://github.com/rancher/backup-restore-operator#crds) section for information on CRDs that this chart installs. Also refer [this](https://github.com/rancher/backup-restore-operator/tree/master/examples) folder containing sample manifests for the CRDs. + +----- +### Upgrading Chart +```bash +helm upgrade rancher-backup-crd -n cattle-resources-system +helm upgrade rancher-backup -n cattle-resources-system +``` + +----- +### Uninstall Chart + +```bash +helm uninstall rancher-backup -n cattle-resources-system +helm uninstall rancher-backup-crd -n cattle-resources-system +``` + diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/app-readme.md b/released/charts/rancher-backup/rancher-backup/1.0.400/app-readme.md new file mode 100755 index 000000000..15a021cdb --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/app-readme.md @@ -0,0 +1,15 @@ +# Rancher Backup + +This chart enables ability to capture backups of the Rancher application and restore from these backups. This chart can be used to migrate Rancher from one Kubernetes cluster to a different Kubernetes cluster. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/backups/v2.5/). + +This chart installs the following components: + +- [backup-restore-operator](https://github.com/rancher/backup-restore-operator) + - The operator handles backing up all Kubernetes resources and CRDs that Rancher creates and manages from the local cluster. It gathers these resources by querying the Kubernetes API server, packages all the resources to create a tarball file and saves it in the configured backup storage location. + - The operator can be configured to store backups in S3-compatible object stores such as AWS S3 and MinIO, and in persistent volumes. During deployment, you can create a default storage location, but there is always the option to override the default storage location with each backup, but will be limited to using an S3-compatible object store. + - It preserves the ownerReferences on all resources, hence maintaining dependencies between objects. + - This operator provides encryption support, to encrypt user specified resources before saving them in the backup file. It uses the same encryption configuration that is used to enable [Kubernetes Encryption at Rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/). +- Backup - A backup is a CRD (`Backup`) that defines when to take backups, where to store the backup and what encryption to use (optional). Backups can be taken ad hoc or scheduled to be taken in intervals. +- Restore - A restore is a CRD (`Restore`) that defines which backup to use to restore the Rancher application to. diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/eks.yaml b/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/eks.yaml new file mode 100755 index 000000000..59f47ce47 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/eks.yaml @@ -0,0 +1,17 @@ +- apiVersion: "eks.cattle.io/v1" + kindsRegexp: "." +- apiVersion: "apps/v1" + kindsRegexp: "^deployments$" + resourceNames: + - "eks-config-operator" +- apiVersion: "apiextensions.k8s.io/v1beta1" + kindsRegexp: "." + resourceNameRegexp: "eks.cattle.io$" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterroles$" + resourceNames: + - "eks-operator" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterrolebindings$" + resourceNames: + - "eks-operator" diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/fleet.yaml b/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/fleet.yaml new file mode 100755 index 000000000..140a11978 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/fleet.yaml @@ -0,0 +1,49 @@ +- apiVersion: "v1" + kindsRegexp: "^namespaces$" + resourceNameRegexp: "^fleet-|^cluster-fleet-" +- apiVersion: "v1" + kindsRegexp: "^secrets$" + namespaceRegexp: "^fleet-|^cluster-fleet-" + labelSelectors: + matchExpressions: + - key: "owner" + operator: "NotIn" + values: ["helm"] + - key: "fleet.cattle.io/managed" + operator: "In" + values: ["true"] +- apiVersion: "v1" + kindsRegexp: "^serviceaccounts$" + namespaceRegexp: "^fleet-|^cluster-fleet-" +- apiVersion: "v1" + kindsRegexp: "^configmaps$" + namespaceRegexp: "^fleet-|^cluster-fleet-" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^roles$|^rolebindings$" + namespaceRegexp: "^fleet-|^cluster-fleet-" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterrolebindings$" + resourceNameRegexp: "^fleet-|^gitjob-" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterroles$" + resourceNameRegexp: "^fleet-" + resourceNames: + - "gitjob" +- apiVersion: "apiextensions.k8s.io/v1beta1" + kindsRegexp: "." + resourceNameRegexp: "fleet.cattle.io$|gitjob.cattle.io$" +- apiVersion: "fleet.cattle.io/v1alpha1" + kindsRegexp: "." +- apiVersion: "gitjob.cattle.io/v1" + kindsRegexp: "." +- apiVersion: "apps/v1" + kindsRegexp: "^deployments$" + namespaceRegexp: "^fleet-|^cluster-fleet-" + resourceNameRegexp: "^fleet-" + resourceNames: + - "gitjob" +- apiVersion: "apps/v1" + kindsRegexp: "^services$" + namespaceRegexp: "^fleet-|^cluster-fleet-" + resourceNames: + - "gitjob" diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/gke.yaml b/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/gke.yaml new file mode 100755 index 000000000..a77019235 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/gke.yaml @@ -0,0 +1,17 @@ +- apiVersion: "apiextensions.k8s.io/v1beta1" + kindsRegexp: "." + resourceNameRegexp: "gke.cattle.io$" +- apiVersion: "gke.cattle.io/v1" + kindsRegexp: "." +- apiVersion: "apps/v1" + kindsRegexp: "^deployments$" + resourceNames: + - "gke-config-operator" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterroles$" + resourceNames: + - "gke-operator" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterrolebindings$" + resourceNames: + - "gke-operator" diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/rancher-operator.yaml b/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/rancher-operator.yaml new file mode 100755 index 000000000..3518fb5b7 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/rancher-operator.yaml @@ -0,0 +1,27 @@ +- apiVersion: "rancher.cattle.io/v1" + kindsRegexp: "." +- apiVersion: "apps/v1" + kindsRegexp: "^deployments$" + resourceNames: + - "rancher-operator" + namespaces: + - "rancher-operator-system" +- apiVersion: "v1" + kindsRegexp: "^serviceaccounts$" + namespaces: + - "rancher-operator-system" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterrolebindings$" + resourceNames: + - "rancher-operator" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterroles$" + resourceNames: + - "rancher-operator" +- apiVersion: "apiextensions.k8s.io/v1beta1" + kindsRegexp: "." + resourceNameRegexp: "rancher.cattle.io$" +- apiVersion: "v1" + kindsRegexp: "^namespaces$" + resourceNames: + - "rancher-operator-system" diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/rancher.yaml b/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/rancher.yaml new file mode 100755 index 000000000..fdfc067f6 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/rancher.yaml @@ -0,0 +1,44 @@ +- apiVersion: "v1" + kindsRegexp: "^namespaces$" + resourceNameRegexp: "^cattle-|^p-|^c-|^user-|^u-" + resourceNames: + - "local" +- apiVersion: "apps/v1" + kindsRegexp: "^deployments$" + namespaces: + - "cattle-system" +- apiVersion: "v1" + kindsRegexp: "^secrets$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" + labelSelectors: + matchExpressions: + - key: "owner" + operator: "NotIn" + values: ["helm"] +- apiVersion: "v1" + kindsRegexp: "^serviceaccounts$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" +- apiVersion: "v1" + kindsRegexp: "^configmaps$" + namespaces: + - "cattle-system" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^roles$|^rolebindings$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterrolebindings$" + resourceNameRegexp: "^cattle-|^clusterrolebinding-|^globaladmin-user-|^grb-u-" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterroles$" + resourceNameRegexp: "^cattle-|^p-|^c-|^local-|^user-|^u-|^project-|^create-ns$" +- apiVersion: "apiextensions.k8s.io/v1beta1" + kindsRegexp: "." + resourceNameRegexp: "management.cattle.io$|project.cattle.io$|catalog.cattle.io$|resources.cattle.io$" +- apiVersion: "management.cattle.io/v3" + kindsRegexp: "." +- apiVersion: "project.cattle.io/v3" + kindsRegexp: "." +- apiVersion: "catalog.cattle.io/v1" + kindsRegexp: "^clusterrepos$" +- apiVersion: "resources.cattle.io/v1" + kindsRegexp: "^ResourceSet$" diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/templates/_helpers.tpl b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/_helpers.tpl new file mode 100755 index 000000000..411cfc63a --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/_helpers.tpl @@ -0,0 +1,76 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "backupRestore.fullname" -}} +{{- .Chart.Name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "backupRestore.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "backupRestore.labels" -}} +helm.sh/chart: {{ include "backupRestore.chart" . }} +{{ include "backupRestore.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "backupRestore.selectorLabels" -}} +app.kubernetes.io/name: {{ include "backupRestore.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +resources.cattle.io/operator: backup-restore +{{- end }} + + +{{/* +Create the name of the service account to use +*/}} +{{- define "backupRestore.serviceAccountName" -}} +{{ include "backupRestore.fullname" . }} +{{- end }} + + +{{- define "backupRestore.s3SecretName" -}} +{{- printf "%s-%s" .Chart.Name "s3" | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create PVC name using release and revision number. +*/}} +{{- define "backupRestore.pvcName" -}} +{{- printf "%s-%d" .Release.Name .Release.Revision }} +{{- end }} + diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/templates/clusterrolebinding.yaml b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..cf4abf670 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "backupRestore.fullname" . }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "backupRestore.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/templates/deployment.yaml b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/deployment.yaml new file mode 100755 index 000000000..776351ae5 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/deployment.yaml @@ -0,0 +1,59 @@ +{{- if and .Values.s3.enabled .Values.persistence.enabled }} +{{- fail "\n\nCannot configure both s3 and PV for storing backups" }} +{{- end }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "backupRestore.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "backupRestore.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "backupRestore.selectorLabels" . | nindent 8 }} + annotations: + checksum/s3: {{ include (print $.Template.BasePath "/s3-secret.yaml") . | sha256sum }} + checksum/pvc: {{ include (print $.Template.BasePath "/pvc.yaml") . | sha256sum }} + spec: + serviceAccountName: {{ include "backupRestore.serviceAccountName" . }} + containers: + - name: {{ .Chart.Name }} + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: Always + env: + - name: CHART_NAMESPACE + value: {{ .Release.Namespace }} + {{- if .Values.s3.enabled }} + - name: DEFAULT_S3_BACKUP_STORAGE_LOCATION + value: {{ include "backupRestore.s3SecretName" . }} + {{- end }} + {{- if .Values.persistence.enabled }} + - name: DEFAULT_PERSISTENCE_ENABLED + value: "persistence-enabled" + volumeMounts: + - mountPath: "/var/lib/backups" + name: pv-storage + volumes: + - name: pv-storage + persistentVolumeClaim: + claimName: {{ include "backupRestore.pvcName" . }} + {{- end }} + nodeSelector: + kubernetes.io/os: linux + {{- with .Values.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + tolerations: + {{- include "linux-node-tolerations" . | nindent 8}} + {{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/templates/pvc.yaml b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/pvc.yaml new file mode 100755 index 000000000..ff57e4dab --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/pvc.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.persistence.enabled -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "backupRestore.pvcName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +spec: + accessModes: + - ReadWriteOnce + resources: + {{- with .Values.persistence }} + requests: + storage: {{ .size | quote }} +{{- if .storageClass }} +{{- if (eq "-" .storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: {{ .storageClass | quote }} +{{- end }} +{{- end }} +{{- if .volumeName }} + volumeName: {{ .volumeName | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/templates/rancher-resourceset.yaml b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/rancher-resourceset.yaml new file mode 100755 index 000000000..05add8824 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/rancher-resourceset.yaml @@ -0,0 +1,13 @@ +apiVersion: resources.cattle.io/v1 +kind: ResourceSet +metadata: + name: rancher-resource-set +controllerReferences: + - apiVersion: "apps/v1" + resource: "deployments" + name: "rancher" + namespace: "cattle-system" +resourceSelectors: +{{- range $path, $_ := .Files.Glob "files/default-resourceset-contents/*.yaml" -}} + {{- $.Files.Get $path | nindent 2 -}} +{{- end -}} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/templates/s3-secret.yaml b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/s3-secret.yaml new file mode 100755 index 000000000..a07623d90 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/s3-secret.yaml @@ -0,0 +1,31 @@ +{{- if .Values.s3.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "backupRestore.s3SecretName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +type: Opaque +stringData: + {{- with .Values.s3 }} + {{- if .credentialSecretName }} + credentialSecretName: {{ .credentialSecretName }} + credentialSecretNamespace: {{ required "When providing a Secret containing S3 credentials, a valid .Values.credentialSecretNamespace must be provided" .credentialSecretNamespace }} + {{- end }} + {{- if .region }} + region: {{ .region }} + {{- end }} + bucketName: {{ required "A valid .Values.bucketName is required for configuring S3 compatible storage as the default backup storage location" .bucketName }} + {{- if .folder }} + folder: {{ .folder }} + {{- end }} + endpoint: {{ required "A valid .Values.endpoint is required for configuring S3 compatible storage as the default backup storage location" .endpoint }} + {{- if .endpointCA }} + endpointCA: {{ .endpointCA }} + {{- end }} + {{- if .insecureTLSSkipVerify }} + insecureTLSSkipVerify: {{ .insecureTLSSkipVerify | quote }} + {{- end }} + {{- end }} +{{ end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/templates/serviceaccount.yaml b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/serviceaccount.yaml new file mode 100755 index 000000000..f333b746c --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "backupRestore.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/templates/validate-install-crd.yaml b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/validate-install-crd.yaml new file mode 100755 index 000000000..f63fd2e2e --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/validate-install-crd.yaml @@ -0,0 +1,16 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "resources.cattle.io/v1/Backup" false -}} +# {{- set $found "resources.cattle.io/v1/ResourceSet" false -}} +# {{- set $found "resources.cattle.io/v1/Restore" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/values.yaml b/released/charts/rancher-backup/rancher-backup/1.0.400/values.yaml new file mode 100755 index 000000000..d6bb015bc --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/values.yaml @@ -0,0 +1,49 @@ +image: + repository: rancher/backup-restore-operator + tag: v1.0.4-rc3 + +## Default s3 bucket for storing all backup files created by the backup-restore-operator +s3: + enabled: false + ## credentialSecretName if set, should be the name of the Secret containing AWS credentials. + ## To use IAM Role, don't set this field + credentialSecretName: "" + credentialSecretNamespace: "" + region: "" + bucketName: "" + folder: "" + endpoint: "" + endpointCA: "" + insecureTLSSkipVerify: false + +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## If persistence is enabled, operator will create a PVC with mountPath /var/lib/backups +persistence: + enabled: false + + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack). + ## Refer https://kubernetes.io/docs/concepts/storage/persistent-volumes/#class-1 + ## + storageClass: "-" + + ## If you want to disable dynamic provisioning by setting storageClass to "-" above, + ## and want to target a particular PV, provide name of the target volume + volumeName: "" + + ## Only certain StorageClasses allow resizing PVs; Refer https://kubernetes.io/blog/2018/07/12/resizing-persistent-volumes-using-kubernetes/ + size: 2Gi + + +global: + cattle: + systemDefaultRegistry: "" + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/Chart.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/Chart.yaml new file mode 100644 index 000000000..de2b2e1a4 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/release-name: rancher-cis-benchmark-crd +apiVersion: v1 +description: Installs the CRDs for rancher-cis-benchmark. +name: rancher-cis-benchmark-crd +type: application +version: 1.0.100 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/README.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/README.md new file mode 100644 index 000000000..6c3044b1a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/README.md @@ -0,0 +1,2 @@ +# rancher-cis-benchmark-crd +A Rancher chart that installs the CRDs used by [rancher-cis-benchmark](https://github.com/rancher/dev-charts/tree/master/packages/rancher-cis-benchmark). diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscan.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscan.yaml new file mode 100644 index 000000000..921430fb4 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscan.yaml @@ -0,0 +1,112 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscans.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.lastRunScanProfileName + name: ClusterScanProfile + type: string + - JSONPath: .status.summary.total + name: Total + type: string + - JSONPath: .status.summary.pass + name: Pass + type: string + - JSONPath: .status.summary.fail + name: Fail + type: string + - JSONPath: .status.summary.skip + name: Skip + type: string + - JSONPath: .status.summary.notApplicable + name: Not Applicable + type: string + - JSONPath: .status.lastRunTimestamp + name: LastRunTimestamp + type: string + group: cis.cattle.io + names: + kind: ClusterScan + plural: clusterscans + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + scanProfileName: + nullable: true + type: string + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + display: + nullable: true + properties: + error: + type: boolean + message: + nullable: true + type: string + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + lastRunScanProfileName: + nullable: true + type: string + lastRunTimestamp: + nullable: true + type: string + observedGeneration: + type: integer + summary: + nullable: true + properties: + fail: + type: integer + notApplicable: + type: integer + pass: + type: integer + skip: + type: integer + total: + type: integer + type: object + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscanbenchmark.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscanbenchmark.yaml new file mode 100644 index 000000000..4ad81c651 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscanbenchmark.yaml @@ -0,0 +1,49 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanbenchmarks.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.clusterProvider + name: ClusterProvider + type: string + - JSONPath: .spec.minKubernetesVersion + name: MinKubernetesVersion + type: string + - JSONPath: .spec.maxKubernetesVersion + name: MaxKubernetesVersion + type: string + group: cis.cattle.io + names: + kind: ClusterScanBenchmark + plural: clusterscanbenchmarks + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + clusterProvider: + nullable: true + type: string + customBenchmarkConfigMapName: + nullable: true + type: string + customBenchmarkConfigMapNameSpace: + nullable: true + type: string + maxKubernetesVersion: + nullable: true + type: string + minKubernetesVersion: + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscanprofile.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscanprofile.yaml new file mode 100644 index 000000000..21bb68396 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscanprofile.yaml @@ -0,0 +1,37 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanprofiles.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.benchmarkVersion + name: BenchmarkVersion + type: string + group: cis.cattle.io + names: + kind: ClusterScanProfile + plural: clusterscanprofiles + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + benchmarkVersion: + nullable: true + type: string + skipTests: + items: + nullable: true + type: string + nullable: true + type: array + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscanreport.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscanreport.yaml new file mode 100644 index 000000000..017020a95 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscanreport.yaml @@ -0,0 +1,40 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanreports.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.lastRunTimestamp + name: LastRunTimestamp + type: string + - JSONPath: .spec.benchmarkVersion + name: BenchmarkVersion + type: string + group: cis.cattle.io + names: + kind: ClusterScanReport + plural: clusterscanreports + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + benchmarkVersion: + nullable: true + type: string + lastRunTimestamp: + nullable: true + type: string + reportJSON: + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/Chart.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/Chart.yaml new file mode 100644 index 000000000..4f913ffe4 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/release-name: rancher-cis-benchmark-crd +apiVersion: v1 +description: Installs the CRDs for rancher-cis-benchmark. +name: rancher-cis-benchmark-crd +type: application +version: 1.0.200 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/README.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/README.md new file mode 100644 index 000000000..f6d9ef621 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/README.md @@ -0,0 +1,2 @@ +# rancher-cis-benchmark-crd +A Rancher chart that installs the CRDs used by rancher-cis-benchmark. diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscan.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscan.yaml new file mode 100644 index 000000000..921430fb4 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscan.yaml @@ -0,0 +1,112 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscans.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.lastRunScanProfileName + name: ClusterScanProfile + type: string + - JSONPath: .status.summary.total + name: Total + type: string + - JSONPath: .status.summary.pass + name: Pass + type: string + - JSONPath: .status.summary.fail + name: Fail + type: string + - JSONPath: .status.summary.skip + name: Skip + type: string + - JSONPath: .status.summary.notApplicable + name: Not Applicable + type: string + - JSONPath: .status.lastRunTimestamp + name: LastRunTimestamp + type: string + group: cis.cattle.io + names: + kind: ClusterScan + plural: clusterscans + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + scanProfileName: + nullable: true + type: string + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + display: + nullable: true + properties: + error: + type: boolean + message: + nullable: true + type: string + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + lastRunScanProfileName: + nullable: true + type: string + lastRunTimestamp: + nullable: true + type: string + observedGeneration: + type: integer + summary: + nullable: true + properties: + fail: + type: integer + notApplicable: + type: integer + pass: + type: integer + skip: + type: integer + total: + type: integer + type: object + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscanbenchmark.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscanbenchmark.yaml new file mode 100644 index 000000000..4ad81c651 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscanbenchmark.yaml @@ -0,0 +1,49 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanbenchmarks.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.clusterProvider + name: ClusterProvider + type: string + - JSONPath: .spec.minKubernetesVersion + name: MinKubernetesVersion + type: string + - JSONPath: .spec.maxKubernetesVersion + name: MaxKubernetesVersion + type: string + group: cis.cattle.io + names: + kind: ClusterScanBenchmark + plural: clusterscanbenchmarks + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + clusterProvider: + nullable: true + type: string + customBenchmarkConfigMapName: + nullable: true + type: string + customBenchmarkConfigMapNameSpace: + nullable: true + type: string + maxKubernetesVersion: + nullable: true + type: string + minKubernetesVersion: + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscanprofile.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscanprofile.yaml new file mode 100644 index 000000000..21bb68396 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscanprofile.yaml @@ -0,0 +1,37 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanprofiles.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.benchmarkVersion + name: BenchmarkVersion + type: string + group: cis.cattle.io + names: + kind: ClusterScanProfile + plural: clusterscanprofiles + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + benchmarkVersion: + nullable: true + type: string + skipTests: + items: + nullable: true + type: string + nullable: true + type: array + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscanreport.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscanreport.yaml new file mode 100644 index 000000000..017020a95 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscanreport.yaml @@ -0,0 +1,40 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanreports.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.lastRunTimestamp + name: LastRunTimestamp + type: string + - JSONPath: .spec.benchmarkVersion + name: BenchmarkVersion + type: string + group: cis.cattle.io + names: + kind: ClusterScanReport + plural: clusterscanreports + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + benchmarkVersion: + nullable: true + type: string + lastRunTimestamp: + nullable: true + type: string + reportJSON: + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/Chart.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/Chart.yaml new file mode 100644 index 000000000..e5ad1ef62 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/release-name: rancher-cis-benchmark-crd +apiVersion: v1 +description: Installs the CRDs for rancher-cis-benchmark. +name: rancher-cis-benchmark-crd +type: application +version: 1.0.300 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/README.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/README.md new file mode 100644 index 000000000..f6d9ef621 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/README.md @@ -0,0 +1,2 @@ +# rancher-cis-benchmark-crd +A Rancher chart that installs the CRDs used by rancher-cis-benchmark. diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscan.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscan.yaml new file mode 100644 index 000000000..beca6e1f8 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscan.yaml @@ -0,0 +1,149 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscans.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.lastRunScanProfileName + name: ClusterScanProfile + type: string + - JSONPath: .status.summary.total + name: Total + type: string + - JSONPath: .status.summary.pass + name: Pass + type: string + - JSONPath: .status.summary.fail + name: Fail + type: string + - JSONPath: .status.summary.skip + name: Skip + type: string + - JSONPath: .status.summary.warn + name: Warn + type: string + - JSONPath: .status.summary.notApplicable + name: Not Applicable + type: string + - JSONPath: .status.lastRunTimestamp + name: LastRunTimestamp + type: string + - JSONPath: .spec.scheduledScanConfig.cronSchedule + name: CronSchedule + type: string + group: cis.cattle.io + names: + kind: ClusterScan + plural: clusterscans + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + scanProfileName: + nullable: true + type: string + scheduledScanConfig: + nullable: true + properties: + cronSchedule: + nullable: true + type: string + retentionCount: + type: integer + scanAlertRule: + nullable: true + properties: + alertOnComplete: + type: boolean + alertOnFailure: + type: boolean + type: object + type: object + scoreWarning: + enum: + - pass + - fail + nullable: true + type: string + type: object + status: + properties: + NextScanAt: + nullable: true + type: string + ScanAlertingRuleName: + nullable: true + type: string + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + display: + nullable: true + properties: + error: + type: boolean + message: + nullable: true + type: string + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + lastRunScanProfileName: + nullable: true + type: string + lastRunTimestamp: + nullable: true + type: string + observedGeneration: + type: integer + summary: + nullable: true + properties: + fail: + type: integer + notApplicable: + type: integer + pass: + type: integer + skip: + type: integer + total: + type: integer + warn: + type: integer + type: object + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscanbenchmark.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscanbenchmark.yaml new file mode 100644 index 000000000..aa6fc2218 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscanbenchmark.yaml @@ -0,0 +1,55 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanbenchmarks.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.clusterProvider + name: ClusterProvider + type: string + - JSONPath: .spec.minKubernetesVersion + name: MinKubernetesVersion + type: string + - JSONPath: .spec.maxKubernetesVersion + name: MaxKubernetesVersion + type: string + - JSONPath: .spec.customBenchmarkConfigMapName + name: customBenchmarkConfigMapName + type: string + - JSONPath: .spec.customBenchmarkConfigMapNamespace + name: customBenchmarkConfigMapNamespace + type: string + group: cis.cattle.io + names: + kind: ClusterScanBenchmark + plural: clusterscanbenchmarks + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + clusterProvider: + nullable: true + type: string + customBenchmarkConfigMapName: + nullable: true + type: string + customBenchmarkConfigMapNamespace: + nullable: true + type: string + maxKubernetesVersion: + nullable: true + type: string + minKubernetesVersion: + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscanprofile.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscanprofile.yaml new file mode 100644 index 000000000..21bb68396 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscanprofile.yaml @@ -0,0 +1,37 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanprofiles.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.benchmarkVersion + name: BenchmarkVersion + type: string + group: cis.cattle.io + names: + kind: ClusterScanProfile + plural: clusterscanprofiles + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + benchmarkVersion: + nullable: true + type: string + skipTests: + items: + nullable: true + type: string + nullable: true + type: array + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscanreport.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscanreport.yaml new file mode 100644 index 000000000..017020a95 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscanreport.yaml @@ -0,0 +1,40 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanreports.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.lastRunTimestamp + name: LastRunTimestamp + type: string + - JSONPath: .spec.benchmarkVersion + name: BenchmarkVersion + type: string + group: cis.cattle.io + names: + kind: ClusterScanReport + plural: clusterscanreports + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + benchmarkVersion: + nullable: true + type: string + lastRunTimestamp: + nullable: true + type: string + reportJSON: + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/Chart.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/Chart.yaml new file mode 100755 index 000000000..3edb07a29 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/release-name: rancher-cis-benchmark-crd +apiVersion: v1 +description: Installs the CRDs for rancher-cis-benchmark. +name: rancher-cis-benchmark-crd +type: application +version: 1.0.301 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/README.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/README.md new file mode 100755 index 000000000..f6d9ef621 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/README.md @@ -0,0 +1,2 @@ +# rancher-cis-benchmark-crd +A Rancher chart that installs the CRDs used by rancher-cis-benchmark. diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscan.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscan.yaml new file mode 100755 index 000000000..beca6e1f8 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscan.yaml @@ -0,0 +1,149 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscans.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.lastRunScanProfileName + name: ClusterScanProfile + type: string + - JSONPath: .status.summary.total + name: Total + type: string + - JSONPath: .status.summary.pass + name: Pass + type: string + - JSONPath: .status.summary.fail + name: Fail + type: string + - JSONPath: .status.summary.skip + name: Skip + type: string + - JSONPath: .status.summary.warn + name: Warn + type: string + - JSONPath: .status.summary.notApplicable + name: Not Applicable + type: string + - JSONPath: .status.lastRunTimestamp + name: LastRunTimestamp + type: string + - JSONPath: .spec.scheduledScanConfig.cronSchedule + name: CronSchedule + type: string + group: cis.cattle.io + names: + kind: ClusterScan + plural: clusterscans + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + scanProfileName: + nullable: true + type: string + scheduledScanConfig: + nullable: true + properties: + cronSchedule: + nullable: true + type: string + retentionCount: + type: integer + scanAlertRule: + nullable: true + properties: + alertOnComplete: + type: boolean + alertOnFailure: + type: boolean + type: object + type: object + scoreWarning: + enum: + - pass + - fail + nullable: true + type: string + type: object + status: + properties: + NextScanAt: + nullable: true + type: string + ScanAlertingRuleName: + nullable: true + type: string + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + display: + nullable: true + properties: + error: + type: boolean + message: + nullable: true + type: string + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + lastRunScanProfileName: + nullable: true + type: string + lastRunTimestamp: + nullable: true + type: string + observedGeneration: + type: integer + summary: + nullable: true + properties: + fail: + type: integer + notApplicable: + type: integer + pass: + type: integer + skip: + type: integer + total: + type: integer + warn: + type: integer + type: object + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscanbenchmark.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscanbenchmark.yaml new file mode 100755 index 000000000..aa6fc2218 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscanbenchmark.yaml @@ -0,0 +1,55 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanbenchmarks.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.clusterProvider + name: ClusterProvider + type: string + - JSONPath: .spec.minKubernetesVersion + name: MinKubernetesVersion + type: string + - JSONPath: .spec.maxKubernetesVersion + name: MaxKubernetesVersion + type: string + - JSONPath: .spec.customBenchmarkConfigMapName + name: customBenchmarkConfigMapName + type: string + - JSONPath: .spec.customBenchmarkConfigMapNamespace + name: customBenchmarkConfigMapNamespace + type: string + group: cis.cattle.io + names: + kind: ClusterScanBenchmark + plural: clusterscanbenchmarks + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + clusterProvider: + nullable: true + type: string + customBenchmarkConfigMapName: + nullable: true + type: string + customBenchmarkConfigMapNamespace: + nullable: true + type: string + maxKubernetesVersion: + nullable: true + type: string + minKubernetesVersion: + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscanprofile.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscanprofile.yaml new file mode 100755 index 000000000..21bb68396 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscanprofile.yaml @@ -0,0 +1,37 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanprofiles.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.benchmarkVersion + name: BenchmarkVersion + type: string + group: cis.cattle.io + names: + kind: ClusterScanProfile + plural: clusterscanprofiles + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + benchmarkVersion: + nullable: true + type: string + skipTests: + items: + nullable: true + type: string + nullable: true + type: array + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscanreport.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscanreport.yaml new file mode 100755 index 000000000..017020a95 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscanreport.yaml @@ -0,0 +1,40 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanreports.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.lastRunTimestamp + name: LastRunTimestamp + type: string + - JSONPath: .spec.benchmarkVersion + name: BenchmarkVersion + type: string + group: cis.cattle.io + names: + kind: ClusterScanReport + plural: clusterscanreports + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + benchmarkVersion: + nullable: true + type: string + lastRunTimestamp: + nullable: true + type: string + reportJSON: + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/Chart.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/Chart.yaml new file mode 100755 index 000000000..5d62a6b99 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/release-name: rancher-cis-benchmark-crd +apiVersion: v1 +description: Installs the CRDs for rancher-cis-benchmark. +name: rancher-cis-benchmark-crd +type: application +version: 1.0.400 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/README.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/README.md new file mode 100755 index 000000000..f6d9ef621 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/README.md @@ -0,0 +1,2 @@ +# rancher-cis-benchmark-crd +A Rancher chart that installs the CRDs used by rancher-cis-benchmark. diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscan.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscan.yaml new file mode 100755 index 000000000..beca6e1f8 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscan.yaml @@ -0,0 +1,149 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscans.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.lastRunScanProfileName + name: ClusterScanProfile + type: string + - JSONPath: .status.summary.total + name: Total + type: string + - JSONPath: .status.summary.pass + name: Pass + type: string + - JSONPath: .status.summary.fail + name: Fail + type: string + - JSONPath: .status.summary.skip + name: Skip + type: string + - JSONPath: .status.summary.warn + name: Warn + type: string + - JSONPath: .status.summary.notApplicable + name: Not Applicable + type: string + - JSONPath: .status.lastRunTimestamp + name: LastRunTimestamp + type: string + - JSONPath: .spec.scheduledScanConfig.cronSchedule + name: CronSchedule + type: string + group: cis.cattle.io + names: + kind: ClusterScan + plural: clusterscans + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + scanProfileName: + nullable: true + type: string + scheduledScanConfig: + nullable: true + properties: + cronSchedule: + nullable: true + type: string + retentionCount: + type: integer + scanAlertRule: + nullable: true + properties: + alertOnComplete: + type: boolean + alertOnFailure: + type: boolean + type: object + type: object + scoreWarning: + enum: + - pass + - fail + nullable: true + type: string + type: object + status: + properties: + NextScanAt: + nullable: true + type: string + ScanAlertingRuleName: + nullable: true + type: string + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + display: + nullable: true + properties: + error: + type: boolean + message: + nullable: true + type: string + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + lastRunScanProfileName: + nullable: true + type: string + lastRunTimestamp: + nullable: true + type: string + observedGeneration: + type: integer + summary: + nullable: true + properties: + fail: + type: integer + notApplicable: + type: integer + pass: + type: integer + skip: + type: integer + total: + type: integer + warn: + type: integer + type: object + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscanbenchmark.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscanbenchmark.yaml new file mode 100755 index 000000000..aa6fc2218 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscanbenchmark.yaml @@ -0,0 +1,55 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanbenchmarks.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.clusterProvider + name: ClusterProvider + type: string + - JSONPath: .spec.minKubernetesVersion + name: MinKubernetesVersion + type: string + - JSONPath: .spec.maxKubernetesVersion + name: MaxKubernetesVersion + type: string + - JSONPath: .spec.customBenchmarkConfigMapName + name: customBenchmarkConfigMapName + type: string + - JSONPath: .spec.customBenchmarkConfigMapNamespace + name: customBenchmarkConfigMapNamespace + type: string + group: cis.cattle.io + names: + kind: ClusterScanBenchmark + plural: clusterscanbenchmarks + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + clusterProvider: + nullable: true + type: string + customBenchmarkConfigMapName: + nullable: true + type: string + customBenchmarkConfigMapNamespace: + nullable: true + type: string + maxKubernetesVersion: + nullable: true + type: string + minKubernetesVersion: + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscanprofile.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscanprofile.yaml new file mode 100755 index 000000000..21bb68396 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscanprofile.yaml @@ -0,0 +1,37 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanprofiles.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.benchmarkVersion + name: BenchmarkVersion + type: string + group: cis.cattle.io + names: + kind: ClusterScanProfile + plural: clusterscanprofiles + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + benchmarkVersion: + nullable: true + type: string + skipTests: + items: + nullable: true + type: string + nullable: true + type: array + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscanreport.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscanreport.yaml new file mode 100755 index 000000000..017020a95 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscanreport.yaml @@ -0,0 +1,40 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanreports.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.lastRunTimestamp + name: LastRunTimestamp + type: string + - JSONPath: .spec.benchmarkVersion + name: BenchmarkVersion + type: string + group: cis.cattle.io + names: + kind: ClusterScanReport + plural: clusterscanreports + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + benchmarkVersion: + nullable: true + type: string + lastRunTimestamp: + nullable: true + type: string + reportJSON: + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/Chart.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/Chart.yaml new file mode 100755 index 000000000..d20c8563b --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/release-name: rancher-cis-benchmark-crd +apiVersion: v1 +description: Installs the CRDs for rancher-cis-benchmark. +name: rancher-cis-benchmark-crd +type: application +version: 1.0.402 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/README.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/README.md new file mode 100755 index 000000000..f6d9ef621 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/README.md @@ -0,0 +1,2 @@ +# rancher-cis-benchmark-crd +A Rancher chart that installs the CRDs used by rancher-cis-benchmark. diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscan.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscan.yaml new file mode 100755 index 000000000..beca6e1f8 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscan.yaml @@ -0,0 +1,149 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscans.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.lastRunScanProfileName + name: ClusterScanProfile + type: string + - JSONPath: .status.summary.total + name: Total + type: string + - JSONPath: .status.summary.pass + name: Pass + type: string + - JSONPath: .status.summary.fail + name: Fail + type: string + - JSONPath: .status.summary.skip + name: Skip + type: string + - JSONPath: .status.summary.warn + name: Warn + type: string + - JSONPath: .status.summary.notApplicable + name: Not Applicable + type: string + - JSONPath: .status.lastRunTimestamp + name: LastRunTimestamp + type: string + - JSONPath: .spec.scheduledScanConfig.cronSchedule + name: CronSchedule + type: string + group: cis.cattle.io + names: + kind: ClusterScan + plural: clusterscans + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + scanProfileName: + nullable: true + type: string + scheduledScanConfig: + nullable: true + properties: + cronSchedule: + nullable: true + type: string + retentionCount: + type: integer + scanAlertRule: + nullable: true + properties: + alertOnComplete: + type: boolean + alertOnFailure: + type: boolean + type: object + type: object + scoreWarning: + enum: + - pass + - fail + nullable: true + type: string + type: object + status: + properties: + NextScanAt: + nullable: true + type: string + ScanAlertingRuleName: + nullable: true + type: string + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + display: + nullable: true + properties: + error: + type: boolean + message: + nullable: true + type: string + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + lastRunScanProfileName: + nullable: true + type: string + lastRunTimestamp: + nullable: true + type: string + observedGeneration: + type: integer + summary: + nullable: true + properties: + fail: + type: integer + notApplicable: + type: integer + pass: + type: integer + skip: + type: integer + total: + type: integer + warn: + type: integer + type: object + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscanbenchmark.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscanbenchmark.yaml new file mode 100755 index 000000000..aa6fc2218 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscanbenchmark.yaml @@ -0,0 +1,55 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanbenchmarks.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.clusterProvider + name: ClusterProvider + type: string + - JSONPath: .spec.minKubernetesVersion + name: MinKubernetesVersion + type: string + - JSONPath: .spec.maxKubernetesVersion + name: MaxKubernetesVersion + type: string + - JSONPath: .spec.customBenchmarkConfigMapName + name: customBenchmarkConfigMapName + type: string + - JSONPath: .spec.customBenchmarkConfigMapNamespace + name: customBenchmarkConfigMapNamespace + type: string + group: cis.cattle.io + names: + kind: ClusterScanBenchmark + plural: clusterscanbenchmarks + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + clusterProvider: + nullable: true + type: string + customBenchmarkConfigMapName: + nullable: true + type: string + customBenchmarkConfigMapNamespace: + nullable: true + type: string + maxKubernetesVersion: + nullable: true + type: string + minKubernetesVersion: + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscanprofile.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscanprofile.yaml new file mode 100755 index 000000000..21bb68396 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscanprofile.yaml @@ -0,0 +1,37 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanprofiles.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.benchmarkVersion + name: BenchmarkVersion + type: string + group: cis.cattle.io + names: + kind: ClusterScanProfile + plural: clusterscanprofiles + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + benchmarkVersion: + nullable: true + type: string + skipTests: + items: + nullable: true + type: string + nullable: true + type: array + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscanreport.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscanreport.yaml new file mode 100755 index 000000000..017020a95 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscanreport.yaml @@ -0,0 +1,40 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanreports.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.lastRunTimestamp + name: LastRunTimestamp + type: string + - JSONPath: .spec.benchmarkVersion + name: BenchmarkVersion + type: string + group: cis.cattle.io + names: + kind: ClusterScanReport + plural: clusterscanreports + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + benchmarkVersion: + nullable: true + type: string + lastRunTimestamp: + nullable: true + type: string + reportJSON: + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/Chart.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/Chart.yaml new file mode 100644 index 000000000..7ba2c55be --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/Chart.yaml @@ -0,0 +1,17 @@ +annotations: + catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 + catalog.cattle.io/release-name: rancher-cis-benchmark + catalog.cattle.io/ui-component: rancher-cis-benchmark + catalog.cattle.io/os: linux +apiVersion: v1 +appVersion: v1.0.1 +description: The cis-operator enables running CIS benchmark security scans on a kubernetes + cluster +icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg +keywords: +- security +name: rancher-cis-benchmark +version: 1.0.100 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/README.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/README.md new file mode 100644 index 000000000..50beab58b --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/README.md @@ -0,0 +1,9 @@ +# Rancher CIS Benchmark Chart + +The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded. + +# Installation + +``` +helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system +``` diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/_helpers.tpl b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/_helpers.tpl new file mode 100644 index 000000000..67f4ce116 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/_helpers.tpl @@ -0,0 +1,23 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "cis.namespace" -}} + {{- .Release.Namespace | default "cis-operator-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux_node_tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-cis-1.5.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-cis-1.5.yaml new file mode 100644 index 000000000..39e8b834a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-cis-1.5.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.5 +spec: + clusterProvider: "" + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-eks-1.0.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-eks-1.0.yaml new file mode 100644 index 000000000..bd2e32cd3 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-eks-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: eks-1.0 +spec: + clusterProvider: eks + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-gke-1.0.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-gke-1.0.yaml new file mode 100644 index 000000000..72122e8c5 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-gke-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: gke-1.0 +spec: + clusterProvider: gke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-rke-cis-1.5-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-rke-cis-1.5-hardened.yaml new file mode 100644 index 000000000..b5627f966 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-rke-cis-1.5-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-rke-cis-1.5-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-rke-cis-1.5-permissive.yaml new file mode 100644 index 000000000..95f80c0f0 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-rke-cis-1.5-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/cis-roles.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/cis-roles.yaml new file mode 100644 index 000000000..08af2b185 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/cis-roles.yaml @@ -0,0 +1,51 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: cis-admin + namespace: {{ template "cis.namespace" . }} +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["create", "update", "delete", "patch","get", "watch", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + namespace: {{ template "cis.namespace" . }} + name: cis-edit +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["create", "update", "delete", "patch","get", "watch", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + namespace: {{ template "cis.namespace" . }} + name: cis-view +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["get", "watch", "list"] \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/configmap.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/configmap.yaml new file mode 100644 index 000000000..7f14b1396 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/configmap.yaml @@ -0,0 +1,11 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: default-clusterscanprofiles + namespace: {{ template "cis.namespace" . }} +data: + # Default ClusterScanProfiles per cluster provider type + rke: "rke-profile-permissive" + eks: "eks-profile" + gke: "gke-profile" + default: "cis-1.5-profile" \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/deployment.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/deployment.yaml new file mode 100644 index 000000000..1f64ea5db --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/deployment.yaml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cis-operator + namespace: {{ template "cis.namespace" . }} + labels: + cis.cattle.io/operator: cis-operator +spec: + selector: + matchLabels: + cis.cattle.io/operator: cis-operator + template: + metadata: + labels: + cis.cattle.io/operator: cis-operator + spec: + serviceAccountName: cis-operator-serviceaccount + containers: + - name: cis-operator + image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}' + imagePullPolicy: Always + env: + - name: SECURITY_SCAN_IMAGE + value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }} + - name: SECURITY_SCAN_IMAGE_TAG + value: {{ .Values.image.securityScan.tag }} + - name: SONOBUOY_IMAGE + value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }} + - name: SONOBUOY_IMAGE_TAG + value: {{ .Values.image.sonobuoy.tag }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + nodeSelector: + kubernetes.io/os: linux + {{- with .Values.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + tolerations: + {{- include "linux_node_tolerations" . | nindent 8}} + {{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/network_policy_allow_all.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/network_policy_allow_all.yaml new file mode 100644 index 000000000..6ed5d645e --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/network_policy_allow_all.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-allow-all + namespace: {{ template "cis.namespace" . }} +spec: + podSelector: {} + ingress: + - {} + egress: + - {} + policyTypes: + - Ingress + - Egress diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/patch_default_serviceaccount.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/patch_default_serviceaccount.yaml new file mode 100644 index 000000000..1efa3ed1c --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/patch_default_serviceaccount.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: patch-sa + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +spec: + template: + spec: + serviceAccountName: cis-operator-serviceaccount + restartPolicy: Never + containers: + - name: sa + image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] + args: ["-n", {{ template "cis.namespace" . }}] + backoffLimit: 1 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/rbac.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/rbac.yaml new file mode 100644 index 000000000..816991f23 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/rbac.yaml @@ -0,0 +1,43 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cis-operator-role +subjects: +- kind: ServiceAccount + name: cis-serviceaccount + namespace: {{ template "cis.namespace" . }} +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: cis-operator-installer +subjects: +- kind: ServiceAccount + name: cis-operator-serviceaccount + namespace: {{ template "cis.namespace" . }} +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofile-cis-1.5.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofile-cis-1.5.yml new file mode 100644 index 000000000..d69ae9dd5 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofile-cis-1.5.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.5-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.5 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofile-rke-hardened.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofile-rke-hardened.yml new file mode 100644 index 000000000..2a9819389 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofile-rke-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.5-hardened \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofile-rke-permissive.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofile-rke-permissive.yml new file mode 100644 index 000000000..01266cf06 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofile-rke-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.5-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofileeks.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofileeks.yml new file mode 100644 index 000000000..49c7e0246 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofileeks.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: eks-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: eks-1.0 \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofilegke.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofilegke.yml new file mode 100644 index 000000000..2ddd0686f --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofilegke.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: gke-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: gke-1.0 \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/serviceaccount.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/serviceaccount.yaml new file mode 100644 index 000000000..ec48ec622 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ template "cis.namespace" . }} + name: cis-operator-serviceaccount +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ template "cis.namespace" . }} + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-serviceaccount diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/validate-install-crd.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/validate-install-crd.yaml new file mode 100644 index 000000000..bf516759a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/validate-install-crd.yaml @@ -0,0 +1,17 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-cis-benchmark-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/values.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/values.yaml new file mode 100644 index 000000000..c726c9bc4 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/values.yaml @@ -0,0 +1,39 @@ +# Default values for rancher-cis-benchmark. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + cisoperator: + repository: rancher/cis-operator + tag: v1.0.1 + securityScan: + repository: rancher/security-scan + tag: v0.2.1 + sonobuoy: + repository: rancher/sonobuoy-sonobuoy + tag: v0.16.3 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +global: + cattle: + systemDefaultRegistry: "" + kubectl: + repository: rancher/kubectl + tag: v1.18.6 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/Chart.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/Chart.yaml new file mode 100644 index 000000000..f07e91e78 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/Chart.yaml @@ -0,0 +1,18 @@ +annotations: + catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: CIS Benchmark + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 + catalog.cattle.io/release-name: rancher-cis-benchmark + catalog.cattle.io/ui-component: rancher-cis-benchmark + catalog.cattle.io/os: linux +apiVersion: v1 +appVersion: v1.0.2 +description: The cis-operator enables running CIS benchmark security scans on a kubernetes + cluster +icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg +keywords: +- security +name: rancher-cis-benchmark +version: 1.0.200 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/README.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/README.md new file mode 100644 index 000000000..50beab58b --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/README.md @@ -0,0 +1,9 @@ +# Rancher CIS Benchmark Chart + +The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded. + +# Installation + +``` +helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system +``` diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/app-readme.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/app-readme.md new file mode 100644 index 000000000..f170ba263 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/app-readme.md @@ -0,0 +1,12 @@ +# Rancher CIS Benchmarks + +This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/). + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/). + +This chart installs the following components: + +- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded. +- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed. +- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans. +- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources. diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/_helpers.tpl b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/_helpers.tpl new file mode 100644 index 000000000..67f4ce116 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/_helpers.tpl @@ -0,0 +1,23 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "cis.namespace" -}} + {{- .Release.Namespace | default "cis-operator-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux_node_tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-cis-1.5.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-cis-1.5.yaml new file mode 100644 index 000000000..39e8b834a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-cis-1.5.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.5 +spec: + clusterProvider: "" + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-eks-1.0.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-eks-1.0.yaml new file mode 100644 index 000000000..bd2e32cd3 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-eks-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: eks-1.0 +spec: + clusterProvider: eks + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-gke-1.0.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-gke-1.0.yaml new file mode 100644 index 000000000..72122e8c5 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-gke-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: gke-1.0 +spec: + clusterProvider: gke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-rke-cis-1.5-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-rke-cis-1.5-hardened.yaml new file mode 100644 index 000000000..b5627f966 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-rke-cis-1.5-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-rke-cis-1.5-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-rke-cis-1.5-permissive.yaml new file mode 100644 index 000000000..95f80c0f0 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-rke-cis-1.5-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/cis-roles.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/cis-roles.yaml new file mode 100644 index 000000000..b8b3989dc --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/cis-roles.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cis-admin +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["create", "update", "delete", "patch","get", "watch", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cis-view +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["get", "watch", "list"] \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/configmap.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/configmap.yaml new file mode 100644 index 000000000..7f14b1396 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/configmap.yaml @@ -0,0 +1,11 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: default-clusterscanprofiles + namespace: {{ template "cis.namespace" . }} +data: + # Default ClusterScanProfiles per cluster provider type + rke: "rke-profile-permissive" + eks: "eks-profile" + gke: "gke-profile" + default: "cis-1.5-profile" \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/deployment.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/deployment.yaml new file mode 100644 index 000000000..1f64ea5db --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/deployment.yaml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cis-operator + namespace: {{ template "cis.namespace" . }} + labels: + cis.cattle.io/operator: cis-operator +spec: + selector: + matchLabels: + cis.cattle.io/operator: cis-operator + template: + metadata: + labels: + cis.cattle.io/operator: cis-operator + spec: + serviceAccountName: cis-operator-serviceaccount + containers: + - name: cis-operator + image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}' + imagePullPolicy: Always + env: + - name: SECURITY_SCAN_IMAGE + value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }} + - name: SECURITY_SCAN_IMAGE_TAG + value: {{ .Values.image.securityScan.tag }} + - name: SONOBUOY_IMAGE + value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }} + - name: SONOBUOY_IMAGE_TAG + value: {{ .Values.image.sonobuoy.tag }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + nodeSelector: + kubernetes.io/os: linux + {{- with .Values.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + tolerations: + {{- include "linux_node_tolerations" . | nindent 8}} + {{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/network_policy_allow_all.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/network_policy_allow_all.yaml new file mode 100644 index 000000000..6ed5d645e --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/network_policy_allow_all.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-allow-all + namespace: {{ template "cis.namespace" . }} +spec: + podSelector: {} + ingress: + - {} + egress: + - {} + policyTypes: + - Ingress + - Egress diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/patch_default_serviceaccount.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/patch_default_serviceaccount.yaml new file mode 100644 index 000000000..1efa3ed1c --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/patch_default_serviceaccount.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: patch-sa + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +spec: + template: + spec: + serviceAccountName: cis-operator-serviceaccount + restartPolicy: Never + containers: + - name: sa + image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] + args: ["-n", {{ template "cis.namespace" . }}] + backoffLimit: 1 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/rbac.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/rbac.yaml new file mode 100644 index 000000000..816991f23 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/rbac.yaml @@ -0,0 +1,43 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cis-operator-role +subjects: +- kind: ServiceAccount + name: cis-serviceaccount + namespace: {{ template "cis.namespace" . }} +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: cis-operator-installer +subjects: +- kind: ServiceAccount + name: cis-operator-serviceaccount + namespace: {{ template "cis.namespace" . }} +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofile-cis-1.5.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofile-cis-1.5.yml new file mode 100644 index 000000000..d69ae9dd5 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofile-cis-1.5.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.5-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.5 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofile-rke-hardened.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofile-rke-hardened.yml new file mode 100644 index 000000000..2a9819389 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofile-rke-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.5-hardened \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofile-rke-permissive.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofile-rke-permissive.yml new file mode 100644 index 000000000..01266cf06 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofile-rke-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.5-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofileeks.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofileeks.yml new file mode 100644 index 000000000..49c7e0246 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofileeks.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: eks-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: eks-1.0 \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofilegke.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofilegke.yml new file mode 100644 index 000000000..2ddd0686f --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofilegke.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: gke-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: gke-1.0 \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/serviceaccount.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/serviceaccount.yaml new file mode 100644 index 000000000..ec48ec622 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ template "cis.namespace" . }} + name: cis-operator-serviceaccount +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ template "cis.namespace" . }} + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-serviceaccount diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/validate-install-crd.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/validate-install-crd.yaml new file mode 100644 index 000000000..bf516759a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/validate-install-crd.yaml @@ -0,0 +1,17 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-cis-benchmark-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/values.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/values.yaml new file mode 100644 index 000000000..c726c9bc4 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/values.yaml @@ -0,0 +1,39 @@ +# Default values for rancher-cis-benchmark. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + cisoperator: + repository: rancher/cis-operator + tag: v1.0.1 + securityScan: + repository: rancher/security-scan + tag: v0.2.1 + sonobuoy: + repository: rancher/sonobuoy-sonobuoy + tag: v0.16.3 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +global: + cattle: + systemDefaultRegistry: "" + kubectl: + repository: rancher/kubectl + tag: v1.18.6 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/Chart.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/Chart.yaml new file mode 100644 index 000000000..a55691657 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/Chart.yaml @@ -0,0 +1,18 @@ +annotations: + catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: CIS Benchmark + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 + catalog.cattle.io/release-name: rancher-cis-benchmark + catalog.cattle.io/ui-component: rancher-cis-benchmark +apiVersion: v1 +appVersion: v1.0.3 +description: The cis-operator enables running CIS benchmark security scans on a kubernetes + cluster +icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg +keywords: +- security +name: rancher-cis-benchmark +version: 1.0.300 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/README.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/README.md new file mode 100644 index 000000000..50beab58b --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/README.md @@ -0,0 +1,9 @@ +# Rancher CIS Benchmark Chart + +The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded. + +# Installation + +``` +helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system +``` diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/app-readme.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/app-readme.md new file mode 100644 index 000000000..5e495d605 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/app-readme.md @@ -0,0 +1,15 @@ +# Rancher CIS Benchmarks + +This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/). + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/). + +This chart installs the following components: + +- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded. +- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed. +- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans. +- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources. +- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish. + - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts. + - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart. diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/_helpers.tpl b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/_helpers.tpl new file mode 100644 index 000000000..67f4ce116 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/_helpers.tpl @@ -0,0 +1,23 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "cis.namespace" -}} + {{- .Release.Namespace | default "cis-operator-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux_node_tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/alertingrule.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/alertingrule.yaml new file mode 100644 index 000000000..1787c88a0 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/alertingrule.yaml @@ -0,0 +1,14 @@ +{{- if .Values.alerts.enabled -}} +--- +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: rancher-cis-pod-monitor + namespace: {{ template "cis.namespace" . }} +spec: + selector: + matchLabels: + cis.cattle.io/operator: cis-operator + podMetricsEndpoints: + - port: cismetrics +{{- end }} diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-cis-1.5.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-cis-1.5.yaml new file mode 100644 index 000000000..39e8b834a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-cis-1.5.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.5 +spec: + clusterProvider: "" + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-cis-1.6.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-cis-1.6.yaml new file mode 100644 index 000000000..93ba064f4 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-cis-1.6.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.6 +spec: + clusterProvider: "" + minKubernetesVersion: "1.16.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-eks-1.0.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-eks-1.0.yaml new file mode 100644 index 000000000..bd2e32cd3 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-eks-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: eks-1.0 +spec: + clusterProvider: eks + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-gke-1.0.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-gke-1.0.yaml new file mode 100644 index 000000000..72122e8c5 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-gke-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: gke-1.0 +spec: + clusterProvider: gke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.5-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.5-hardened.yaml new file mode 100644 index 000000000..b5627f966 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.5-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.5-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.5-permissive.yaml new file mode 100644 index 000000000..95f80c0f0 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.5-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.6-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.6-hardened.yaml new file mode 100644 index 000000000..d75de8154 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.6-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.6-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.16.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.6-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.6-permissive.yaml new file mode 100644 index 000000000..52428f4a7 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.6-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.6-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.16.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke2-cis-1.5-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke2-cis-1.5-hardened.yaml new file mode 100644 index 000000000..3d83e9bd8 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke2-cis-1.5-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.5-hardened +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.18.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke2-cis-1.5-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke2-cis-1.5-permissive.yaml new file mode 100644 index 000000000..f66aa8f6e --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke2-cis-1.5-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.5-permissive +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.18.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/cis-roles.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/cis-roles.yaml new file mode 100644 index 000000000..23c93dc65 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/cis-roles.yaml @@ -0,0 +1,49 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cis-admin +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["create", "update", "delete", "patch","get", "watch", "list"] + - apiGroups: + - catalog.cattle.io + resources: ["apps"] + resourceNames: ["rancher-cis-benchmark"] + verbs: ["get", "watch", "list"] + - apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cis-view +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["get", "watch", "list"] + - apiGroups: + - catalog.cattle.io + resources: ["apps"] + resourceNames: ["rancher-cis-benchmark"] + verbs: ["get", "watch", "list"] + - apiGroups: + - "" + resources: + - configmaps + verbs: ["get", "watch", "list"] diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/configmap.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/configmap.yaml new file mode 100644 index 000000000..16e43f576 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/configmap.yaml @@ -0,0 +1,14 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: default-clusterscanprofiles + namespace: {{ template "cis.namespace" . }} +data: + # Default ClusterScanProfiles per cluster provider type + rke: |- + <1.16.0: rke-profile-permissive-1.5 + >=1.16.0: rke-profile-permissive-1.6 + rke2: "rke2-cis-1.5-profile-permissive" + eks: "eks-profile" + gke: "gke-profile" + default: "cis-1.6-profile" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/deployment.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/deployment.yaml new file mode 100644 index 000000000..0d3c75e39 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/deployment.yaml @@ -0,0 +1,57 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cis-operator + namespace: {{ template "cis.namespace" . }} + labels: + cis.cattle.io/operator: cis-operator +spec: + selector: + matchLabels: + cis.cattle.io/operator: cis-operator + template: + metadata: + labels: + cis.cattle.io/operator: cis-operator + spec: + serviceAccountName: cis-operator-serviceaccount + containers: + - name: cis-operator + image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}' + imagePullPolicy: Always + ports: + - name: cismetrics + containerPort: {{ .Values.alerts.metricsPort }} + env: + - name: SECURITY_SCAN_IMAGE + value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }} + - name: SECURITY_SCAN_IMAGE_TAG + value: {{ .Values.image.securityScan.tag }} + - name: SONOBUOY_IMAGE + value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }} + - name: SONOBUOY_IMAGE_TAG + value: {{ .Values.image.sonobuoy.tag }} + - name: CIS_ALERTS_METRICS_PORT + value: '{{ .Values.alerts.metricsPort }}' + - name: CIS_ALERTS_SEVERITY + value: {{ .Values.alerts.severity }} + - name: CIS_ALERTS_ENABLED + value: {{ .Values.alerts.enabled | default "false" | quote }} + - name: CLUSTER_NAME + value: {{ .Values.global.cattle.clusterName }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + nodeSelector: + kubernetes.io/os: linux + {{- with .Values.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + tolerations: + {{- include "linux_node_tolerations" . | nindent 8}} + {{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/network_policy_allow_all.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/network_policy_allow_all.yaml new file mode 100644 index 000000000..6ed5d645e --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/network_policy_allow_all.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-allow-all + namespace: {{ template "cis.namespace" . }} +spec: + podSelector: {} + ingress: + - {} + egress: + - {} + policyTypes: + - Ingress + - Egress diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/patch_default_serviceaccount.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/patch_default_serviceaccount.yaml new file mode 100644 index 000000000..1efa3ed1c --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/patch_default_serviceaccount.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: patch-sa + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +spec: + template: + spec: + serviceAccountName: cis-operator-serviceaccount + restartPolicy: Never + containers: + - name: sa + image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] + args: ["-n", {{ template "cis.namespace" . }}] + backoffLimit: 1 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/rbac.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/rbac.yaml new file mode 100644 index 000000000..816991f23 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/rbac.yaml @@ -0,0 +1,43 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cis-operator-role +subjects: +- kind: ServiceAccount + name: cis-serviceaccount + namespace: {{ template "cis.namespace" . }} +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: cis-operator-installer +subjects: +- kind: ServiceAccount + name: cis-operator-serviceaccount + namespace: {{ template "cis.namespace" . }} +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-cis-1.5.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-cis-1.5.yml new file mode 100644 index 000000000..d69ae9dd5 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-cis-1.5.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.5-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.5 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-cis-1.6.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-cis-1.6.yaml new file mode 100644 index 000000000..8a8d8bf88 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-cis-1.6.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.6-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.6 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.5-hardened.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.5-hardened.yml new file mode 100644 index 000000000..4eabe158a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.5-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened-1.5 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.5-hardened \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.5-permissive.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.5-permissive.yml new file mode 100644 index 000000000..1f78751d1 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.5-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive-1.5 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.5-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.6-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.6-hardened.yaml new file mode 100644 index 000000000..d38febd80 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.6-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened-1.6 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.6-hardened diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.6-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.6-permissive.yaml new file mode 100644 index 000000000..d31b5b0d2 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.6-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive-1.6 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.6-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke2-cis-1.5-hardened.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke2-cis-1.5-hardened.yml new file mode 100644 index 000000000..83eb3131e --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke2-cis-1.5-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.5-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.5-hardened diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke2-cis-1.5-permissive.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke2-cis-1.5-permissive.yml new file mode 100644 index 000000000..40dc44bdf --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke2-cis-1.5-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.5-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.5-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofileeks.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofileeks.yml new file mode 100644 index 000000000..49c7e0246 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofileeks.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: eks-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: eks-1.0 \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofilegke.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofilegke.yml new file mode 100644 index 000000000..2ddd0686f --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofilegke.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: gke-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: gke-1.0 \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/serviceaccount.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/serviceaccount.yaml new file mode 100644 index 000000000..ec48ec622 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ template "cis.namespace" . }} + name: cis-operator-serviceaccount +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ template "cis.namespace" . }} + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-serviceaccount diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/validate-install-crd.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/validate-install-crd.yaml new file mode 100644 index 000000000..bf516759a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/validate-install-crd.yaml @@ -0,0 +1,17 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-cis-benchmark-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/values.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/values.yaml new file mode 100644 index 000000000..b75a7b6fc --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/values.yaml @@ -0,0 +1,45 @@ +# Default values for rancher-cis-benchmark. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + cisoperator: + repository: rancher/cis-operator + tag: v1.0.3 + securityScan: + repository: rancher/security-scan + tag: v0.2.2 + sonobuoy: + repository: rancher/sonobuoy-sonobuoy + tag: v0.16.3 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +global: + cattle: + systemDefaultRegistry: "" + clusterName: "" + kubectl: + repository: rancher/kubectl + tag: v1.18.6 + +alerts: + enabled: false + severity: warning + metricsPort: 8080 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/Chart.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/Chart.yaml new file mode 100755 index 000000000..876903b86 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/Chart.yaml @@ -0,0 +1,18 @@ +annotations: + catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: CIS Benchmark + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 + catalog.cattle.io/release-name: rancher-cis-benchmark + catalog.cattle.io/ui-component: rancher-cis-benchmark +apiVersion: v1 +appVersion: v1.0.3 +description: The cis-operator enables running CIS benchmark security scans on a kubernetes + cluster +icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg +keywords: +- security +name: rancher-cis-benchmark +version: 1.0.301 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/README.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/README.md new file mode 100755 index 000000000..50beab58b --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/README.md @@ -0,0 +1,9 @@ +# Rancher CIS Benchmark Chart + +The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded. + +# Installation + +``` +helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system +``` diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/app-readme.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/app-readme.md new file mode 100755 index 000000000..5e495d605 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/app-readme.md @@ -0,0 +1,15 @@ +# Rancher CIS Benchmarks + +This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/). + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/). + +This chart installs the following components: + +- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded. +- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed. +- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans. +- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources. +- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish. + - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts. + - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart. diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/_helpers.tpl b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/_helpers.tpl new file mode 100755 index 000000000..67f4ce116 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/_helpers.tpl @@ -0,0 +1,23 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "cis.namespace" -}} + {{- .Release.Namespace | default "cis-operator-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux_node_tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/alertingrule.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/alertingrule.yaml new file mode 100755 index 000000000..1787c88a0 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/alertingrule.yaml @@ -0,0 +1,14 @@ +{{- if .Values.alerts.enabled -}} +--- +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: rancher-cis-pod-monitor + namespace: {{ template "cis.namespace" . }} +spec: + selector: + matchLabels: + cis.cattle.io/operator: cis-operator + podMetricsEndpoints: + - port: cismetrics +{{- end }} diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-cis-1.5.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-cis-1.5.yaml new file mode 100755 index 000000000..39e8b834a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-cis-1.5.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.5 +spec: + clusterProvider: "" + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-cis-1.6.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-cis-1.6.yaml new file mode 100755 index 000000000..93ba064f4 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-cis-1.6.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.6 +spec: + clusterProvider: "" + minKubernetesVersion: "1.16.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-eks-1.0.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-eks-1.0.yaml new file mode 100755 index 000000000..bd2e32cd3 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-eks-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: eks-1.0 +spec: + clusterProvider: eks + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-gke-1.0.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-gke-1.0.yaml new file mode 100755 index 000000000..72122e8c5 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-gke-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: gke-1.0 +spec: + clusterProvider: gke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.5-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.5-hardened.yaml new file mode 100755 index 000000000..b5627f966 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.5-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.5-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.5-permissive.yaml new file mode 100755 index 000000000..95f80c0f0 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.5-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.6-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.6-hardened.yaml new file mode 100755 index 000000000..d75de8154 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.6-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.6-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.16.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.6-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.6-permissive.yaml new file mode 100755 index 000000000..52428f4a7 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.6-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.6-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.16.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke2-cis-1.5-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke2-cis-1.5-hardened.yaml new file mode 100755 index 000000000..3d83e9bd8 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke2-cis-1.5-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.5-hardened +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.18.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke2-cis-1.5-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke2-cis-1.5-permissive.yaml new file mode 100755 index 000000000..f66aa8f6e --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke2-cis-1.5-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.5-permissive +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.18.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/cis-roles.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/cis-roles.yaml new file mode 100755 index 000000000..23c93dc65 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/cis-roles.yaml @@ -0,0 +1,49 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cis-admin +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["create", "update", "delete", "patch","get", "watch", "list"] + - apiGroups: + - catalog.cattle.io + resources: ["apps"] + resourceNames: ["rancher-cis-benchmark"] + verbs: ["get", "watch", "list"] + - apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cis-view +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["get", "watch", "list"] + - apiGroups: + - catalog.cattle.io + resources: ["apps"] + resourceNames: ["rancher-cis-benchmark"] + verbs: ["get", "watch", "list"] + - apiGroups: + - "" + resources: + - configmaps + verbs: ["get", "watch", "list"] diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/configmap.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/configmap.yaml new file mode 100755 index 000000000..16e43f576 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/configmap.yaml @@ -0,0 +1,14 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: default-clusterscanprofiles + namespace: {{ template "cis.namespace" . }} +data: + # Default ClusterScanProfiles per cluster provider type + rke: |- + <1.16.0: rke-profile-permissive-1.5 + >=1.16.0: rke-profile-permissive-1.6 + rke2: "rke2-cis-1.5-profile-permissive" + eks: "eks-profile" + gke: "gke-profile" + default: "cis-1.6-profile" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/deployment.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/deployment.yaml new file mode 100755 index 000000000..0d3c75e39 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/deployment.yaml @@ -0,0 +1,57 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cis-operator + namespace: {{ template "cis.namespace" . }} + labels: + cis.cattle.io/operator: cis-operator +spec: + selector: + matchLabels: + cis.cattle.io/operator: cis-operator + template: + metadata: + labels: + cis.cattle.io/operator: cis-operator + spec: + serviceAccountName: cis-operator-serviceaccount + containers: + - name: cis-operator + image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}' + imagePullPolicy: Always + ports: + - name: cismetrics + containerPort: {{ .Values.alerts.metricsPort }} + env: + - name: SECURITY_SCAN_IMAGE + value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }} + - name: SECURITY_SCAN_IMAGE_TAG + value: {{ .Values.image.securityScan.tag }} + - name: SONOBUOY_IMAGE + value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }} + - name: SONOBUOY_IMAGE_TAG + value: {{ .Values.image.sonobuoy.tag }} + - name: CIS_ALERTS_METRICS_PORT + value: '{{ .Values.alerts.metricsPort }}' + - name: CIS_ALERTS_SEVERITY + value: {{ .Values.alerts.severity }} + - name: CIS_ALERTS_ENABLED + value: {{ .Values.alerts.enabled | default "false" | quote }} + - name: CLUSTER_NAME + value: {{ .Values.global.cattle.clusterName }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + nodeSelector: + kubernetes.io/os: linux + {{- with .Values.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + tolerations: + {{- include "linux_node_tolerations" . | nindent 8}} + {{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/network_policy_allow_all.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/network_policy_allow_all.yaml new file mode 100755 index 000000000..6ed5d645e --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/network_policy_allow_all.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-allow-all + namespace: {{ template "cis.namespace" . }} +spec: + podSelector: {} + ingress: + - {} + egress: + - {} + policyTypes: + - Ingress + - Egress diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/patch_default_serviceaccount.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/patch_default_serviceaccount.yaml new file mode 100755 index 000000000..1efa3ed1c --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/patch_default_serviceaccount.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: patch-sa + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +spec: + template: + spec: + serviceAccountName: cis-operator-serviceaccount + restartPolicy: Never + containers: + - name: sa + image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] + args: ["-n", {{ template "cis.namespace" . }}] + backoffLimit: 1 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/rbac.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/rbac.yaml new file mode 100755 index 000000000..816991f23 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/rbac.yaml @@ -0,0 +1,43 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cis-operator-role +subjects: +- kind: ServiceAccount + name: cis-serviceaccount + namespace: {{ template "cis.namespace" . }} +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: cis-operator-installer +subjects: +- kind: ServiceAccount + name: cis-operator-serviceaccount + namespace: {{ template "cis.namespace" . }} +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-cis-1.5.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-cis-1.5.yml new file mode 100755 index 000000000..d69ae9dd5 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-cis-1.5.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.5-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.5 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-cis-1.6.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-cis-1.6.yaml new file mode 100755 index 000000000..8a8d8bf88 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-cis-1.6.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.6-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.6 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.5-hardened.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.5-hardened.yml new file mode 100755 index 000000000..4eabe158a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.5-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened-1.5 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.5-hardened \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.5-permissive.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.5-permissive.yml new file mode 100755 index 000000000..1f78751d1 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.5-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive-1.5 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.5-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.6-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.6-hardened.yaml new file mode 100755 index 000000000..d38febd80 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.6-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened-1.6 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.6-hardened diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.6-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.6-permissive.yaml new file mode 100755 index 000000000..d31b5b0d2 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.6-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive-1.6 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.6-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke2-cis-1.5-hardened.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke2-cis-1.5-hardened.yml new file mode 100755 index 000000000..83eb3131e --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke2-cis-1.5-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.5-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.5-hardened diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke2-cis-1.5-permissive.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke2-cis-1.5-permissive.yml new file mode 100755 index 000000000..40dc44bdf --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke2-cis-1.5-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.5-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.5-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofileeks.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofileeks.yml new file mode 100755 index 000000000..49c7e0246 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofileeks.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: eks-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: eks-1.0 \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofilegke.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofilegke.yml new file mode 100755 index 000000000..2ddd0686f --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofilegke.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: gke-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: gke-1.0 \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/serviceaccount.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/serviceaccount.yaml new file mode 100755 index 000000000..ec48ec622 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ template "cis.namespace" . }} + name: cis-operator-serviceaccount +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ template "cis.namespace" . }} + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-serviceaccount diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/validate-install-crd.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/validate-install-crd.yaml new file mode 100755 index 000000000..562295791 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/validate-install-crd.yaml @@ -0,0 +1,17 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/values.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/values.yaml new file mode 100755 index 000000000..bfb6b96b2 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/values.yaml @@ -0,0 +1,45 @@ +# Default values for rancher-cis-benchmark. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + cisoperator: + repository: rancher/cis-operator + tag: v1.0.3 + securityScan: + repository: rancher/security-scan + tag: v0.2.2 + sonobuoy: + repository: rancher/mirrored-sonobuoy-sonobuoy + tag: v0.16.3 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +global: + cattle: + systemDefaultRegistry: "" + clusterName: "" + kubectl: + repository: rancher/kubectl + tag: v1.18.6 + +alerts: + enabled: false + severity: warning + metricsPort: 8080 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/Chart.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/Chart.yaml new file mode 100755 index 000000000..2ca42fb2b --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/Chart.yaml @@ -0,0 +1,18 @@ +annotations: + catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: CIS Benchmark + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 + catalog.cattle.io/release-name: rancher-cis-benchmark + catalog.cattle.io/ui-component: rancher-cis-benchmark +apiVersion: v1 +appVersion: v1.0.4 +description: The cis-operator enables running CIS benchmark security scans on a kubernetes + cluster +icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg +keywords: +- security +name: rancher-cis-benchmark +version: 1.0.400 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/README.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/README.md new file mode 100755 index 000000000..50beab58b --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/README.md @@ -0,0 +1,9 @@ +# Rancher CIS Benchmark Chart + +The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded. + +# Installation + +``` +helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system +``` diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/app-readme.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/app-readme.md new file mode 100755 index 000000000..5e495d605 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/app-readme.md @@ -0,0 +1,15 @@ +# Rancher CIS Benchmarks + +This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/). + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/). + +This chart installs the following components: + +- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded. +- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed. +- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans. +- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources. +- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish. + - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts. + - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart. diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/_helpers.tpl b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/_helpers.tpl new file mode 100755 index 000000000..67f4ce116 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/_helpers.tpl @@ -0,0 +1,23 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "cis.namespace" -}} + {{- .Release.Namespace | default "cis-operator-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux_node_tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/alertingrule.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/alertingrule.yaml new file mode 100755 index 000000000..1787c88a0 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/alertingrule.yaml @@ -0,0 +1,14 @@ +{{- if .Values.alerts.enabled -}} +--- +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: rancher-cis-pod-monitor + namespace: {{ template "cis.namespace" . }} +spec: + selector: + matchLabels: + cis.cattle.io/operator: cis-operator + podMetricsEndpoints: + - port: cismetrics +{{- end }} diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-cis-1.5.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-cis-1.5.yaml new file mode 100755 index 000000000..39e8b834a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-cis-1.5.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.5 +spec: + clusterProvider: "" + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-cis-1.6.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-cis-1.6.yaml new file mode 100755 index 000000000..93ba064f4 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-cis-1.6.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.6 +spec: + clusterProvider: "" + minKubernetesVersion: "1.16.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-eks-1.0.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-eks-1.0.yaml new file mode 100755 index 000000000..bd2e32cd3 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-eks-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: eks-1.0 +spec: + clusterProvider: eks + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-gke-1.0.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-gke-1.0.yaml new file mode 100755 index 000000000..72122e8c5 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-gke-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: gke-1.0 +spec: + clusterProvider: gke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.5-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.5-hardened.yaml new file mode 100755 index 000000000..b5627f966 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.5-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.5-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.5-permissive.yaml new file mode 100755 index 000000000..95f80c0f0 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.5-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.6-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.6-hardened.yaml new file mode 100755 index 000000000..d75de8154 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.6-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.6-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.16.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.6-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.6-permissive.yaml new file mode 100755 index 000000000..52428f4a7 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.6-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.6-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.16.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.5-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.5-hardened.yaml new file mode 100755 index 000000000..3d83e9bd8 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.5-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.5-hardened +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.18.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.5-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.5-permissive.yaml new file mode 100755 index 000000000..f66aa8f6e --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.5-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.5-permissive +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.18.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.6-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.6-hardened.yaml new file mode 100755 index 000000000..3593bf371 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.6-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.6-hardened +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.20.5" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.6-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.6-permissive.yaml new file mode 100755 index 000000000..522f846ae --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.6-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.6-permissive +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.20.5" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/cis-roles.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/cis-roles.yaml new file mode 100755 index 000000000..23c93dc65 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/cis-roles.yaml @@ -0,0 +1,49 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cis-admin +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["create", "update", "delete", "patch","get", "watch", "list"] + - apiGroups: + - catalog.cattle.io + resources: ["apps"] + resourceNames: ["rancher-cis-benchmark"] + verbs: ["get", "watch", "list"] + - apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cis-view +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["get", "watch", "list"] + - apiGroups: + - catalog.cattle.io + resources: ["apps"] + resourceNames: ["rancher-cis-benchmark"] + verbs: ["get", "watch", "list"] + - apiGroups: + - "" + resources: + - configmaps + verbs: ["get", "watch", "list"] diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/configmap.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/configmap.yaml new file mode 100755 index 000000000..9832ac285 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/configmap.yaml @@ -0,0 +1,16 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: default-clusterscanprofiles + namespace: {{ template "cis.namespace" . }} +data: + # Default ClusterScanProfiles per cluster provider type + rke: |- + <1.16.0: rke-profile-permissive-1.5 + >=1.16.0: rke-profile-permissive-1.6 + rke2: |- + <1.20.5: rke2-cis-1.5-profile-permissive + >=1.20.5: rke2-cis-1.6-profile-permissive + eks: "eks-profile" + gke: "gke-profile" + default: "cis-1.6-profile" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/deployment.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/deployment.yaml new file mode 100755 index 000000000..0d3c75e39 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/deployment.yaml @@ -0,0 +1,57 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cis-operator + namespace: {{ template "cis.namespace" . }} + labels: + cis.cattle.io/operator: cis-operator +spec: + selector: + matchLabels: + cis.cattle.io/operator: cis-operator + template: + metadata: + labels: + cis.cattle.io/operator: cis-operator + spec: + serviceAccountName: cis-operator-serviceaccount + containers: + - name: cis-operator + image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}' + imagePullPolicy: Always + ports: + - name: cismetrics + containerPort: {{ .Values.alerts.metricsPort }} + env: + - name: SECURITY_SCAN_IMAGE + value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }} + - name: SECURITY_SCAN_IMAGE_TAG + value: {{ .Values.image.securityScan.tag }} + - name: SONOBUOY_IMAGE + value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }} + - name: SONOBUOY_IMAGE_TAG + value: {{ .Values.image.sonobuoy.tag }} + - name: CIS_ALERTS_METRICS_PORT + value: '{{ .Values.alerts.metricsPort }}' + - name: CIS_ALERTS_SEVERITY + value: {{ .Values.alerts.severity }} + - name: CIS_ALERTS_ENABLED + value: {{ .Values.alerts.enabled | default "false" | quote }} + - name: CLUSTER_NAME + value: {{ .Values.global.cattle.clusterName }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + nodeSelector: + kubernetes.io/os: linux + {{- with .Values.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + tolerations: + {{- include "linux_node_tolerations" . | nindent 8}} + {{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/network_policy_allow_all.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/network_policy_allow_all.yaml new file mode 100755 index 000000000..6ed5d645e --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/network_policy_allow_all.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-allow-all + namespace: {{ template "cis.namespace" . }} +spec: + podSelector: {} + ingress: + - {} + egress: + - {} + policyTypes: + - Ingress + - Egress diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/patch_default_serviceaccount.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/patch_default_serviceaccount.yaml new file mode 100755 index 000000000..1efa3ed1c --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/patch_default_serviceaccount.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: patch-sa + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +spec: + template: + spec: + serviceAccountName: cis-operator-serviceaccount + restartPolicy: Never + containers: + - name: sa + image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] + args: ["-n", {{ template "cis.namespace" . }}] + backoffLimit: 1 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/rbac.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/rbac.yaml new file mode 100755 index 000000000..816991f23 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/rbac.yaml @@ -0,0 +1,43 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cis-operator-role +subjects: +- kind: ServiceAccount + name: cis-serviceaccount + namespace: {{ template "cis.namespace" . }} +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: cis-operator-installer +subjects: +- kind: ServiceAccount + name: cis-operator-serviceaccount + namespace: {{ template "cis.namespace" . }} +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-cis-1.5.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-cis-1.5.yml new file mode 100755 index 000000000..d69ae9dd5 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-cis-1.5.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.5-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.5 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-cis-1.6.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-cis-1.6.yaml new file mode 100755 index 000000000..8a8d8bf88 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-cis-1.6.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.6-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.6 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.5-hardened.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.5-hardened.yml new file mode 100755 index 000000000..4eabe158a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.5-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened-1.5 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.5-hardened \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.5-permissive.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.5-permissive.yml new file mode 100755 index 000000000..1f78751d1 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.5-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive-1.5 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.5-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.6-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.6-hardened.yaml new file mode 100755 index 000000000..d38febd80 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.6-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened-1.6 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.6-hardened diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.6-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.6-permissive.yaml new file mode 100755 index 000000000..d31b5b0d2 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.6-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive-1.6 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.6-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.5-hardened.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.5-hardened.yml new file mode 100755 index 000000000..83eb3131e --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.5-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.5-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.5-hardened diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.5-permissive.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.5-permissive.yml new file mode 100755 index 000000000..40dc44bdf --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.5-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.5-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.5-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.6-hardened.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.6-hardened.yml new file mode 100755 index 000000000..c7ac7f949 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.6-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.6-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.6-hardened diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.6-permissive.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.6-permissive.yml new file mode 100755 index 000000000..96ca1345a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.6-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.6-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.6-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofileeks.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofileeks.yml new file mode 100755 index 000000000..49c7e0246 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofileeks.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: eks-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: eks-1.0 \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofilegke.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofilegke.yml new file mode 100755 index 000000000..2ddd0686f --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofilegke.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: gke-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: gke-1.0 \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/serviceaccount.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/serviceaccount.yaml new file mode 100755 index 000000000..ec48ec622 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ template "cis.namespace" . }} + name: cis-operator-serviceaccount +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ template "cis.namespace" . }} + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-serviceaccount diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/validate-install-crd.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/validate-install-crd.yaml new file mode 100755 index 000000000..562295791 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/validate-install-crd.yaml @@ -0,0 +1,17 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/values.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/values.yaml new file mode 100755 index 000000000..6246eb3b3 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/values.yaml @@ -0,0 +1,45 @@ +# Default values for rancher-cis-benchmark. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + cisoperator: + repository: rancher/cis-operator + tag: v1.0.4-rc1 + securityScan: + repository: rancher/security-scan + tag: v0.2.3-rc2 + sonobuoy: + repository: rancher/mirrored-sonobuoy-sonobuoy + tag: v0.16.3 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +global: + cattle: + systemDefaultRegistry: "" + clusterName: "" + kubectl: + repository: rancher/kubectl + tag: v1.20.2 + +alerts: + enabled: false + severity: warning + metricsPort: 8080 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/Chart.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/Chart.yaml new file mode 100755 index 000000000..a5e64c864 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/Chart.yaml @@ -0,0 +1,18 @@ +annotations: + catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: CIS Benchmark + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 + catalog.cattle.io/release-name: rancher-cis-benchmark + catalog.cattle.io/ui-component: rancher-cis-benchmark +apiVersion: v1 +appVersion: v1.0.4 +description: The cis-operator enables running CIS benchmark security scans on a kubernetes + cluster +icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg +keywords: +- security +name: rancher-cis-benchmark +version: 1.0.402 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/README.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/README.md new file mode 100755 index 000000000..50beab58b --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/README.md @@ -0,0 +1,9 @@ +# Rancher CIS Benchmark Chart + +The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded. + +# Installation + +``` +helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system +``` diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/app-readme.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/app-readme.md new file mode 100755 index 000000000..5e495d605 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/app-readme.md @@ -0,0 +1,15 @@ +# Rancher CIS Benchmarks + +This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/). + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/). + +This chart installs the following components: + +- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded. +- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed. +- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans. +- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources. +- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish. + - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts. + - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart. diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/_helpers.tpl b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/_helpers.tpl new file mode 100755 index 000000000..67f4ce116 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/_helpers.tpl @@ -0,0 +1,23 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "cis.namespace" -}} + {{- .Release.Namespace | default "cis-operator-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux_node_tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/alertingrule.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/alertingrule.yaml new file mode 100755 index 000000000..1787c88a0 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/alertingrule.yaml @@ -0,0 +1,14 @@ +{{- if .Values.alerts.enabled -}} +--- +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: rancher-cis-pod-monitor + namespace: {{ template "cis.namespace" . }} +spec: + selector: + matchLabels: + cis.cattle.io/operator: cis-operator + podMetricsEndpoints: + - port: cismetrics +{{- end }} diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-cis-1.5.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-cis-1.5.yaml new file mode 100755 index 000000000..39e8b834a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-cis-1.5.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.5 +spec: + clusterProvider: "" + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-cis-1.6.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-cis-1.6.yaml new file mode 100755 index 000000000..93ba064f4 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-cis-1.6.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.6 +spec: + clusterProvider: "" + minKubernetesVersion: "1.16.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-eks-1.0.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-eks-1.0.yaml new file mode 100755 index 000000000..bd2e32cd3 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-eks-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: eks-1.0 +spec: + clusterProvider: eks + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-gke-1.0.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-gke-1.0.yaml new file mode 100755 index 000000000..72122e8c5 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-gke-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: gke-1.0 +spec: + clusterProvider: gke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.5-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.5-hardened.yaml new file mode 100755 index 000000000..b5627f966 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.5-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.5-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.5-permissive.yaml new file mode 100755 index 000000000..95f80c0f0 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.5-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.6-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.6-hardened.yaml new file mode 100755 index 000000000..d75de8154 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.6-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.6-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.16.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.6-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.6-permissive.yaml new file mode 100755 index 000000000..52428f4a7 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.6-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.6-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.16.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.5-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.5-hardened.yaml new file mode 100755 index 000000000..3d83e9bd8 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.5-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.5-hardened +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.18.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.5-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.5-permissive.yaml new file mode 100755 index 000000000..f66aa8f6e --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.5-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.5-permissive +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.18.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.6-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.6-hardened.yaml new file mode 100755 index 000000000..3593bf371 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.6-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.6-hardened +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.20.5" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.6-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.6-permissive.yaml new file mode 100755 index 000000000..522f846ae --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.6-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.6-permissive +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.20.5" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/cis-roles.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/cis-roles.yaml new file mode 100755 index 000000000..23c93dc65 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/cis-roles.yaml @@ -0,0 +1,49 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cis-admin +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["create", "update", "delete", "patch","get", "watch", "list"] + - apiGroups: + - catalog.cattle.io + resources: ["apps"] + resourceNames: ["rancher-cis-benchmark"] + verbs: ["get", "watch", "list"] + - apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cis-view +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["get", "watch", "list"] + - apiGroups: + - catalog.cattle.io + resources: ["apps"] + resourceNames: ["rancher-cis-benchmark"] + verbs: ["get", "watch", "list"] + - apiGroups: + - "" + resources: + - configmaps + verbs: ["get", "watch", "list"] diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/configmap.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/configmap.yaml new file mode 100755 index 000000000..620d9abfa --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/configmap.yaml @@ -0,0 +1,16 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: default-clusterscanprofiles + namespace: {{ template "cis.namespace" . }} +data: + # Default ClusterScanProfiles per cluster provider type + rke: |- + <1.16.0: rke-profile-permissive-1.5 + >=1.16.0: rke-profile-permissive-1.6 + rke2: |- + <1.20.0: rke2-cis-1.5-profile-permissive + >=1.20.0: rke2-cis-1.6-profile-permissive + eks: "eks-profile" + gke: "gke-profile" + default: "cis-1.6-profile" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/deployment.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/deployment.yaml new file mode 100755 index 000000000..0d3c75e39 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/deployment.yaml @@ -0,0 +1,57 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cis-operator + namespace: {{ template "cis.namespace" . }} + labels: + cis.cattle.io/operator: cis-operator +spec: + selector: + matchLabels: + cis.cattle.io/operator: cis-operator + template: + metadata: + labels: + cis.cattle.io/operator: cis-operator + spec: + serviceAccountName: cis-operator-serviceaccount + containers: + - name: cis-operator + image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}' + imagePullPolicy: Always + ports: + - name: cismetrics + containerPort: {{ .Values.alerts.metricsPort }} + env: + - name: SECURITY_SCAN_IMAGE + value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }} + - name: SECURITY_SCAN_IMAGE_TAG + value: {{ .Values.image.securityScan.tag }} + - name: SONOBUOY_IMAGE + value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }} + - name: SONOBUOY_IMAGE_TAG + value: {{ .Values.image.sonobuoy.tag }} + - name: CIS_ALERTS_METRICS_PORT + value: '{{ .Values.alerts.metricsPort }}' + - name: CIS_ALERTS_SEVERITY + value: {{ .Values.alerts.severity }} + - name: CIS_ALERTS_ENABLED + value: {{ .Values.alerts.enabled | default "false" | quote }} + - name: CLUSTER_NAME + value: {{ .Values.global.cattle.clusterName }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + nodeSelector: + kubernetes.io/os: linux + {{- with .Values.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + tolerations: + {{- include "linux_node_tolerations" . | nindent 8}} + {{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/network_policy_allow_all.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/network_policy_allow_all.yaml new file mode 100755 index 000000000..6ed5d645e --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/network_policy_allow_all.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-allow-all + namespace: {{ template "cis.namespace" . }} +spec: + podSelector: {} + ingress: + - {} + egress: + - {} + policyTypes: + - Ingress + - Egress diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/patch_default_serviceaccount.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/patch_default_serviceaccount.yaml new file mode 100755 index 000000000..1efa3ed1c --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/patch_default_serviceaccount.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: patch-sa + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +spec: + template: + spec: + serviceAccountName: cis-operator-serviceaccount + restartPolicy: Never + containers: + - name: sa + image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] + args: ["-n", {{ template "cis.namespace" . }}] + backoffLimit: 1 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/rbac.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/rbac.yaml new file mode 100755 index 000000000..816991f23 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/rbac.yaml @@ -0,0 +1,43 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cis-operator-role +subjects: +- kind: ServiceAccount + name: cis-serviceaccount + namespace: {{ template "cis.namespace" . }} +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: cis-operator-installer +subjects: +- kind: ServiceAccount + name: cis-operator-serviceaccount + namespace: {{ template "cis.namespace" . }} +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-cis-1.5.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-cis-1.5.yml new file mode 100755 index 000000000..d69ae9dd5 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-cis-1.5.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.5-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.5 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-cis-1.6.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-cis-1.6.yaml new file mode 100755 index 000000000..8a8d8bf88 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-cis-1.6.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.6-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.6 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.5-hardened.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.5-hardened.yml new file mode 100755 index 000000000..4eabe158a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.5-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened-1.5 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.5-hardened \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.5-permissive.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.5-permissive.yml new file mode 100755 index 000000000..1f78751d1 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.5-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive-1.5 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.5-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.6-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.6-hardened.yaml new file mode 100755 index 000000000..d38febd80 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.6-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened-1.6 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.6-hardened diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.6-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.6-permissive.yaml new file mode 100755 index 000000000..d31b5b0d2 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.6-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive-1.6 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.6-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.5-hardened.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.5-hardened.yml new file mode 100755 index 000000000..83eb3131e --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.5-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.5-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.5-hardened diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.5-permissive.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.5-permissive.yml new file mode 100755 index 000000000..40dc44bdf --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.5-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.5-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.5-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.6-hardened.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.6-hardened.yml new file mode 100755 index 000000000..c7ac7f949 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.6-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.6-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.6-hardened diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.6-permissive.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.6-permissive.yml new file mode 100755 index 000000000..96ca1345a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.6-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.6-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.6-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofileeks.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofileeks.yml new file mode 100755 index 000000000..49c7e0246 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofileeks.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: eks-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: eks-1.0 \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofilegke.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofilegke.yml new file mode 100755 index 000000000..2ddd0686f --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofilegke.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: gke-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: gke-1.0 \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/serviceaccount.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/serviceaccount.yaml new file mode 100755 index 000000000..ec48ec622 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ template "cis.namespace" . }} + name: cis-operator-serviceaccount +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ template "cis.namespace" . }} + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-serviceaccount diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/validate-install-crd.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/validate-install-crd.yaml new file mode 100755 index 000000000..562295791 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/validate-install-crd.yaml @@ -0,0 +1,17 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/values.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/values.yaml new file mode 100755 index 000000000..ff4a49495 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/values.yaml @@ -0,0 +1,45 @@ +# Default values for rancher-cis-benchmark. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + cisoperator: + repository: rancher/cis-operator + tag: v1.0.4-rc1 + securityScan: + repository: rancher/security-scan + tag: v0.2.3-rc1 + sonobuoy: + repository: rancher/mirrored-sonobuoy-sonobuoy + tag: v0.16.3 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +global: + cattle: + systemDefaultRegistry: "" + clusterName: "" + kubectl: + repository: rancher/kubectl + tag: v1.20.2 + +alerts: + enabled: false + severity: warning + metricsPort: 8080 diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/.helmignore b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/Chart.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/Chart.yaml new file mode 100644 index 000000000..a6867f4ef --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/Chart.yaml @@ -0,0 +1,24 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: External IP Webhook + catalog.cattle.io/namespace: cattle-externalip-system + catalog.cattle.io/release-name: rancher-external-ip-webhook + catalog.cattle.io/ui-component: rancher-external-ip-webhook + catalog.cattle.io/os: linux +apiVersion: v1 +appVersion: v0.1.4 +description: | + Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 +home: https://github.com/rancher/externalip-webhook +keywords: +- cve +- externalip +- webhook +- security +maintainers: +- email: raul@rancher.com + name: rawmind0 +name: rancher-external-ip-webhook +sources: +- https://github.com/rancher/externalip-webhook +version: 0.1.400 diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/README.md b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/README.md new file mode 100644 index 000000000..9223987da --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/README.md @@ -0,0 +1,70 @@ +# externalip-webhook + +## Chart Details + +This chart will create a deployment of `externalip-webhook` within your Kubernetes Cluster. It's required to mitigate k8s CVE-2020-8554. + +## Installing the Chart + +To install the chart with the release name `rancher-external-ip-webhook`: + + +```bash +$ helm repo add rancher-chart https://charts.rancher.io +$ helm repo update +$ helm install rancher-external-ip-webhook rancher-chart/rancher-external-ip-webhook --namespace cattle-externalip-system -f values.yaml +``` + +## Configuration + +The following table lists the configurable parameters of the externalip-webhook chart and their default values. + + +| Parameter | Description | Default | +| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | +| `allowedExternalIPCidrs` | Set allowed external IP CIDRs separated by a comma | `""` | +| `certificates.caBundle` | If cert-manager integration is disabled, add here self signed ca.crt in base64 format | `""` | +| `certificates.certManager.enabled` | Enable cert manager integration. Cert manager should be already installed at the k8s cluster | `true` | +| `certificates.certManager.version` | Cert manager version to use | `""` | +| `certificates.secretName` | If cert-manager integration is disabled, upload certs data (ca.crt, tls.crt & tls.key) as k8s secretName in the namespace | `"webhook-server-cert"` | +| `global.systemDefaultRegistry` | Pull docker images from systemDefaultRegistry | `""` | +| `image.pullPolicy` | Webhook server docker pull policy | `"IfNotPresent"` | +| `image.pullSecrets` | Webhook server docker pull secret | `""` | +| `image.repository` | Webhook server docker image repository | `"rancher/externalip-webhook"` | +| `image.tag` | Webhook server docker image tag Defaults to | `".Chart.appVersion"` | +| `metrics.enabled` | Enable metrics endpoint | `false` | +| `metrics.port` | Webhook metrics pod port | `8443` | +| `metrics.prometheusExport` | Enable Prometheus export. Follow [exporting-metrics-for-prometheus](https://book.kubebuilder.io/reference/metrics.html#exporting-metrics-for-prometheus) to export the webhook metrics | `false` | +| `metrics.authProxy.enabled` | Enable auth proxy for metrics endpoint | `false` | +| `metrics.authProxy.port` | Webhook auth proxy pod port | `8080` | +| `metrics.authProxy.image.pullPolicy` | Webhook auth proxy docker pull policy | `"IfNotPresent"` | +| `metrics.authProxy.image.pullSecrets`| Webhook auth proxy docker pull secrets | `""` | +| `metrics.authProxy.image.repository` | Webhook auth proxy docker image repository | `"gcr.io/kubebuilder/kube-rbac-proxy"` | +| `metrics.authProxy.image.pullPolicy` | Webhook auth proxy docker image tag | `"v0.5.0"` | +| `metrics.authProxy.resources.limits.cpu` | Webhook auth proxy resource cpu limit | `"100m"` | +| `metrics.authProxy.resources.limits.memory` | Webhook auth proxy resource memory limit | `"30Mi"` | +| `metrics.authProxy.resources.requests.cpu` | Webhook auth proxy wesource cpu reservation | `"100m"` | +| `metrics.authProxy.resources.requests.memory` | Webhook auth proxy resource memory reservation | `"20Mi"` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `rbac.apiVersion` | Rbac API version to use | `"v1"` | +| `resources.limits.cpu` | Resource cpu limit | `"100m"` | +| `resources.limits.memory` | Resource memory limit | `"30Mi"` | +| `resources.requests.cpu` | Resource cpu reservation | `"100m"` | +| `resources.requests.memory` | Resource memory reservation | `"20Mi"` | +| `service.metricsPort` | Webhook metrics service port | `8443` | +| `service.webhookPort` | Webhook server service port | `443` | +| `serviceAccountName` | Webhook serviceAccountName. Just used if metrics.authProxy.enabled = false | `"default"` | +| `tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `[]` | +| `webhookPort` | Webhook server pod port | `9443` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm repo add rancher-chart https://charts.rancher.io +$ helm repo update +$ helm install rancher-external-ip-webhook rancher-chart/rancher-external-ip-webhook --namespace cattle-externalip-system -f values.yaml +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/app-README.md b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/app-README.md new file mode 100644 index 000000000..38c317119 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/app-README.md @@ -0,0 +1,9 @@ +# externalip-webhook + +This chart was created to mitigate [CVE-2020-8554](https://www.cvedetails.com/cve/CVE-2020-8554/) + +External IP Webhook is a validating k8s webhook which prevents services from using random external IPs. Cluster administrators +can specify list of CIDRs allowed to be used as external IP by specifying `allowed-external-ip-cidrs` parameter. +The webhook will only allow services which either don’t set external IP, or whose external IPs are within the range specified by the administrator. + +For more information, review the Helm README of this chart. diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/questions.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/questions.yaml new file mode 100644 index 000000000..8b0e19040 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/questions.yaml @@ -0,0 +1,7 @@ +questions: +# allowedExternalIPCidrs +- variable: allowedExternalIPCidrs + label: Allowed external IP cidrs + description: Set allowed external IP CIDRs separated by a comma + type: string + group: Configuration \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/NOTES.txt b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/NOTES.txt new file mode 100644 index 000000000..74271bdd5 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/NOTES.txt @@ -0,0 +1,3 @@ +To verify that externalip-webhook has started, run: + + kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "externalip-webhook.name" . }},release={{ .Release.Name }}" diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/_helpers.tpl b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/_helpers.tpl new file mode 100644 index 000000000..cc8a9a0d3 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/_helpers.tpl @@ -0,0 +1,50 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "externalip-webhook.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "externalip-webhook.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if ne $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s" $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* Generate basic labels */}} +{{- define "externalip-webhook.labels" }} +app: {{ template "externalip-webhook.name" . }} +heritage: {{.Release.Service }} +release: {{.Release.Name }} +{{- end }} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +kubernetes.io/os: linux +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/admissionregistration.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/admissionregistration.yaml new file mode 100644 index 000000000..d8152faa5 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/admissionregistration.yaml @@ -0,0 +1,30 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: +{{- if .Values.certificates.certManager.enabled }} + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ template "externalip-webhook.fullname" . }}-server-cert +{{- end }} + creationTimestamp: null + name: {{ template "externalip-webhook.fullname" . }}-validating-webhook-configuration +webhooks: +- clientConfig: +{{- if not (.Values.certificates.certManager.enabled) }} + caBundle: {{ .Values.certificates.caBundle }} +{{- end }} + service: + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} + path: /validate-service + failurePolicy: Ignore + name: {{ template "externalip-webhook.fullname" . }}.{{ .Release.Namespace }}.svc + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - services \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/clusterrole.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/clusterrole.yaml new file mode 100644 index 000000000..46e18bf00 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/clusterrole.yaml @@ -0,0 +1,33 @@ +{{- if and (.Values.metrics.enabled) (.Values.metrics.authProxy.enabled) -}} +apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} +kind: ClusterRole +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} +kind: ClusterRole +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/clusterrolebinding.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..2fa40817f --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/clusterrolebinding.yaml @@ -0,0 +1,31 @@ +apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} +kind: ClusterRoleBinding +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-cluster-view +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view +subjects: +- kind: ServiceAccount + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- if and (.Values.metrics.enabled) (.Values.metrics.authProxy.enabled) }} +--- +apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} +kind: ClusterRoleBinding +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "externalip-webhook.fullname" . }}-proxy-role +subjects: +- kind: ServiceAccount + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/deployment.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/deployment.yaml new file mode 100644 index 000000000..c82754deb --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/deployment.yaml @@ -0,0 +1,107 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + seccomp.security.alpha.kubernetes.io/pod: runtime/default + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ template "externalip-webhook.name" . }} + template: + metadata: + annotations: + seccomp.security.alpha.kubernetes.io/pod: runtime/default + labels: {{ include "externalip-webhook.labels" . | indent 8 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + spec: + containers: + {{- if and (.Values.metrics.enabled) (.Values.metrics.authProxy.enabled) }} + - name: {{ template "externalip-webhook.fullname" . }}-auth-proxy + args: + - --secure-listen-address=0.0.0.0:{{ .Values.metrics.port }} + - --upstream=http://127.0.0.1:{{ .Values.metrics.authProxy.port }}/ + - --logtostderr=true + - --v=10 + image: {{ template "system_default_registry" . }}{{ .Values.metrics.authProxy.image.repository}}:{{ .Values.metrics.authProxy.image.tag }} + imagePullPolicy: "{{ .Values.metrics.authProxy.image.pullPolicy }}" + ports: + - containerPort: {{ .Values.metrics.port }} + name: webhook-metrics + protocol: TCP + resources: +{{ toYaml .Values.metrics.authProxy.resources | indent 10 }} + readinessProbe: + tcpSocket: + port: webhook-metrics + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: webhook-metrics + initialDelaySeconds: 5 + failureThreshold: 10 + periodSeconds: 30 + {{- end }} + - name: {{ template "externalip-webhook.fullname" . }} + image: {{ template "system_default_registry" . }}{{ .Values.image.repository}}:{{ default .Chart.AppVersion .Values.image.tag }} + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + command: + - /webhook + args: + - --webhook-port={{ .Values.webhookPort }} + {{- if .Values.allowedExternalIPCidrs }} + - --allowed-external-ip-cidrs={{ .Values.allowedExternalIPCidrs }} + {{- end }} + {{- if .Values.metrics.enabled }} + {{- if .Values.metrics.authProxy.enabled }} + - --metrics-addr=127.0.0.1:{{ .Values.metrics.authProxy.port }} + {{- else }} + - --metrics-addr=0.0.0.0:{{ .Values.metrics.port }} + {{- end }} + {{- end }} + ports: + - containerPort: {{ .Values.webhookPort }} + name: webhook-server + protocol: TCP + {{- if and (.Values.metrics.enabled) (not (.Values.metrics.authProxy.enabled)) }} + - containerPort: {{ .Values.metrics.port }} + name: webhook-metrics + protocol: TCP + {{- end }} + volumeMounts: + - name: server-cert + mountPath: /tmp/k8s-webhook-server/serving-certs + readOnly: true + resources: +{{ toYaml .Values.resources | indent 10 }} + readinessProbe: + tcpSocket: + port: webhook-server + initialDelaySeconds: 5 + failureThreshold: 10 + periodSeconds: 30 + livenessProbe: + tcpSocket: + port: webhook-server + initialDelaySeconds: 5 + failureThreshold: 10 + periodSeconds: 30 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + {{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 6}} + {{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 6 }} + {{- end }} + serviceAccountName: {{ template "externalip-webhook.fullname" . }} + volumes: + - name: server-cert + secret: + defaultMode: 420 + secretName: {{ .Values.certificates.secretName }} diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/issuer.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/issuer.yaml new file mode 100644 index 000000000..ff1c2de10 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/issuer.yaml @@ -0,0 +1,52 @@ +{{- if .Values.certificates.certManager.enabled -}} + {{- $certmanagerVer := split "." .Values.certificates.certManager.version -}} + {{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 1) (ge (int $certmanagerVer._1) 0)) }} +apiVersion: cert-manager.io/v1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 16)) }} +apiVersion: cert-manager.io/v1beta1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 11)) }} +apiVersion: cert-manager.io/v1alpha2 + {{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11)) }} +apiVersion: certmanager.k8s.io/v1alpha1 + {{- else }} +# Setting latest version as default +apiVersion: cert-manager.io/v1 + {{- end }} +kind: Certificate +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-server-cert + namespace: {{ .Release.Namespace }} +spec: + dnsNames: + - {{ template "externalip-webhook.fullname" . }}.{{ .Release.Namespace }}.svc + - {{ template "externalip-webhook.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + issuerRef: + kind: Issuer + name: {{ template "externalip-webhook.fullname" . }}-issuer + secretName: {{ .Values.certificates.secretName }} +--- + {{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 1) (ge (int $certmanagerVer._1) 0)) }} +apiVersion: cert-manager.io/v1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 16)) }} +apiVersion: cert-manager.io/v1beta1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 11)) }} +apiVersion: cert-manager.io/v1alpha2 + {{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11)) }} +apiVersion: certmanager.k8s.io/v1alpha1 + {{- else }} +# Setting latest version as default +apiVersion: cert-manager.io/v1 + {{- end }} +kind: Issuer +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-issuer + namespace: {{ .Release.Namespace }} +spec: + selfSigned: {} +{{- end -}} + + diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/service.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/service.yaml new file mode 100644 index 000000000..256add3e4 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/service.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: Service +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: webhook-server + port: {{ .Values.service.webhookPort }} + protocol: TCP + targetPort: {{ .Values.webhookPort }} + selector: + app: {{ template "externalip-webhook.name" . }} + type: "ClusterIP" +{{- if .Values.metrics.enabled }} +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-metrics-service + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: webhook-metrics + port: {{ .Values.service.metricsPort }} + protocol: TCP + targetPort: {{ .Values.metrics.port }} + selector: + app: {{ template "externalip-webhook.name" . }} + type: "ClusterIP" +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/serviceaccount.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/serviceaccount.yaml new file mode 100644 index 000000000..895df4f5b --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/servicemonitor.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/servicemonitor.yaml new file mode 100644 index 000000000..c481ea31d --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/servicemonitor.yaml @@ -0,0 +1,16 @@ +{{- if and (.Values.metrics.enabled) (.Values.metrics.prometheusExport) -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-monitor + namespace: {{ .Release.Namespace }} +spec: + endpoints: + - path: /metrics + port: https + selector: + matchLabels: + app: {{ template "externalip-webhook.name" . }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/admissionregistration_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/admissionregistration_test.yaml new file mode 100644 index 000000000..0660aa6e8 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/admissionregistration_test.yaml @@ -0,0 +1,32 @@ +suite: Test Admission Registration +templates: +- admissionregistration.yaml +tests: +- it: should render Admission Registration + asserts: + - equal: + path: apiVersion + value: admissionregistration.k8s.io/v1beta1 +- it: should render Admission Registration annotation and not caBundle if certificates.certManager.enabled = true + release: + name: rancher-externalip-webhook + namespace: test + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: metadata.annotations + value: + cert-manager.io/inject-ca-from: test/rancher-externalip-webhook-server-cert + - isNull: + path: webhooks[0].clientConfig.caBundle +- it: should render Admission Registration caBundle and not annotation if certificates.certManager.enabled = false + set: + certificates.caBundle: test + certificates.certManager.enabled: false + asserts: + - equal: + path: webhooks[0].clientConfig.caBundle + value: test + - isNull: + path: metadata.annotations diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/clusterrole_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/clusterrole_test.yaml new file mode 100644 index 000000000..9e563807b --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/clusterrole_test.yaml @@ -0,0 +1,37 @@ +suite: Test Cluster Roles +templates: +- clusterrole.yaml +tests: +- it: should not render Cluster Roles if metrics.enabled = false or metrics.authProxy.enabled = false + set: + metrics.enabled: false + metrics.authProxy.enabled: false + asserts: + - hasDocuments: + count: 0 + template: clusterrole.yaml +- it: should render Cluster Roles if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - hasDocuments: + count: 2 + template: clusterrole.yaml +- it: should render Cluster Roles with default rbac api version if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1 +- it: should render Cluster Roles with custom rbac api version if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + rbac.apiVersion: v1beta + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1beta \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/clusterrolebinding_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/clusterrolebinding_test.yaml new file mode 100644 index 000000000..2129573a3 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/clusterrolebinding_test.yaml @@ -0,0 +1,42 @@ +suite: Test Cluster Role Bindings +templates: +- clusterrolebinding.yaml +tests: +- it: should render Cluster Role Bindings with default rbac api version + set: + rbac.apiVersion: v1 + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1 +- it: should render Cluster Role Bindings with custom rbac api version + set: + rbac.apiVersion: v1beta + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1beta +- it: should not render Cluster Role Binding proxy if metrics.enabled = false or metrics.authProxy.enabled = false + set: + metrics.enabled: false + metrics.authProxy.enabled: false + asserts: + - hasDocuments: + count: 1 + template: clusterrolebinding.yaml +- it: should render Cluster Role Bindings proxy if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - hasDocuments: + count: 2 + template: clusterrolebinding.yaml +- it: should render Cluster Role Bindings with default rbac api version if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1 \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/deployment_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/deployment_test.yaml new file mode 100644 index 000000000..50e3f9ec1 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/deployment_test.yaml @@ -0,0 +1,202 @@ +suite: Test Deployments +templates: +- deployment.yaml +tests: +- it: should render Deployment with allowed-external-ip-cidrs arg if allowedExternalIPCidrs is set + release: + name: rancher-externalip-webhook + set: + allowedExternalIPCidrs: "1,2" + asserts: + - equal: + path: spec.template.spec.containers[0].args[1] + value: --allowed-external-ip-cidrs=1,2 +- it: should render Deployment with default port, nodeSelector and tolerations if metrics.enabled = false and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP + - equal: + path: spec.template.spec.tolerations[0] + value: + key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + - equal: + path: spec.template.spec.nodeSelector + value: + kubernetes.io/os: linux +- it: should render Deployment with default port and custom nodeSelector and tolerations if metrics.enabled = false and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + set: + tolerations: + - key: "cattle.io/test" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + nodeSelector: + kubernetes.io/test: linux + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP + - equal: + path: spec.template.spec.tolerations[0] + value: + key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + - equal: + path: spec.template.spec.tolerations[1] + value: + key: "cattle.io/test" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + - equal: + path: spec.template.spec.nodeSelector + value: + kubernetes.io/os: linux + kubernetes.io/test: linux +- it: should render Deployment with custom port and image if metrics.enabled = false and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + set: + webhookPort: 9000 + image.repository: test + image.tag: dev-test + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].image + value: test:dev-test + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9000 + name: webhook-server + protocol: TCP +- it: should render Deployment with default metrics port if metrics.enabled = true and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + set: + metrics.enabled: true + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP + - equal: + path: spec.template.spec.containers[0].ports[1] + value: + containerPort: 8443 + name: webhook-metrics + protocol: TCP +- it: should render Deployment with custom metrics port if metrics.enabled = true and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + set: + metrics.enabled: true + metrics.port: 8000 + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP + - equal: + path: spec.template.spec.containers[0].ports[1] + value: + containerPort: 8000 + name: webhook-metrics + protocol: TCP +- it: should render Deployment with default metrics port if metrics.enabled = true and metrics.authProxy.enabled = true + release: + name: rancher-externalip-webhook + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook-auth-proxy + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 8443 + name: webhook-metrics + protocol: TCP + - equal: + path: spec.template.spec.containers[1].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[1].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP +- it: should render Deployment with custom metrics port and image if metrics.enabled = true and metrics.authProxy.enabled = true + release: + name: rancher-externalip-webhook + set: + metrics.enabled: true + metrics.authProxy.enabled: true + metrics.port: 8000 + webhookPort: 9000 + image.repository: test + image.tag: dev-test + metrics.authProxy.image.repository: auth + metrics.authProxy.image.tag: auth-test + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook-auth-proxy + - equal: + path: spec.template.spec.containers[0].image + value: auth:auth-test + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 8000 + name: webhook-metrics + protocol: TCP + - equal: + path: spec.template.spec.containers[1].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[1].image + value: test:dev-test + - equal: + path: spec.template.spec.containers[1].ports[0] + value: + containerPort: 9000 + name: webhook-server + protocol: TCP \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/issuer_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/issuer_test.yaml new file mode 100644 index 000000000..eeeb660b2 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/issuer_test.yaml @@ -0,0 +1,106 @@ +suite: Test Issuers +templates: +- issuer.yaml +tests: +- it: should not render issuer if certificates.certManager.enabled = false + set: + certificates.certManager.enabled: false + asserts: + - hasDocuments: + count: 0 + template: issuer.yaml +- it: should render issuer if certificates.certManager.enabled = true + set: + certificates.certManager.enabled: true + asserts: + - hasDocuments: + count: 2 + template: issuer.yaml +- it: should set issuer apiVersion with default cert-manager + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 1.0.0 using capabilities + capabilities: + apiversions: + - cert-manager.io/v1 + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 0.16.0 using capabilities + capabilities: + apiversions: + - cert-manager.io/v1beta1 + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1beta1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 0.11.0 using capabilities + capabilities: + apiversions: + - cert-manager.io/v1alpha2 + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1alpha2 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager < 0.11.0 using capabilities + capabilities: + apiversions: + - certmanager.k8s.io/v1alpha1 + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: certmanager.k8s.io/v1alpha1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 1.0.0 using parameter + set: + certificates.certManager.version: 1.0.0 + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 0.16.0 using parameter + set: + certificates.certManager.version: 0.16.0 + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1beta1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 0.11.0 using parameter + set: + certificates.certManager.version: 0.11.0 + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1alpha2 + template: issuer.yaml +- it: should set letsEncrypt apiVersion with cert-manager < 0.11.0 using parameter + set: + certificates.certManager.version: 0.9.0 + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: certmanager.k8s.io/v1alpha1 + template: issuer.yaml diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/service_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/service_test.yaml new file mode 100644 index 000000000..a0ba4d352 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/service_test.yaml @@ -0,0 +1,69 @@ +suite: Test Services +templates: +- service.yaml +tests: +- it: should render webhook-server service with default webhookPort if metrics.enabled = false + set: + metrics.enabled: false + asserts: + - equal: + path: spec.ports[0] + value: + name: webhook-server + port: 443 + protocol: TCP + targetPort: 9443 +- it: should render webhook-server service with custom webhookPort if metrics.enabled = false + set: + metrics.enabled: false + webhookPort: 9000 + asserts: + - equal: + path: spec.ports[0] + value: + name: webhook-server + port: 443 + protocol: TCP + targetPort: 9000 +- it: should render webhook-server and webhook-metrics services with default webhookPort and metrics.port, if metrics.enabled = true + set: + metrics.enabled: true + asserts: + - equal: + path: spec.ports[0] + value: + name: webhook-server + port: 443 + protocol: TCP + targetPort: 9443 + documentIndex: 0 + - equal: + path: spec.ports[0] + value: + name: webhook-metrics + port: 8443 + protocol: TCP + targetPort: 8443 + documentIndex: 1 +- it: should render webhook-server and webhook-metrics services with custom webhookPort and metrics.port, if metrics.enabled = true + set: + metrics.enabled: true + metrics.port: 8000 + webhookPort: 9000 + asserts: + - equal: + path: spec.ports[0] + value: + name: webhook-server + port: 443 + protocol: TCP + targetPort: 9000 + documentIndex: 0 + - equal: + path: spec.ports[0] + value: + name: webhook-metrics + port: 8443 + protocol: TCP + targetPort: 8000 + documentIndex: 1 \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/serviceaccount_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/serviceaccount_test.yaml new file mode 100644 index 000000000..5aebbc74b --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/serviceaccount_test.yaml @@ -0,0 +1,9 @@ +suite: Test Service Accounts +templates: +- serviceaccount.yaml +tests: +- it: should render Service Account + asserts: + - hasDocuments: + count: 1 + template: serviceaccount.yaml diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/servicemonitor_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/servicemonitor_test.yaml new file mode 100644 index 000000000..21989265e --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/servicemonitor_test.yaml @@ -0,0 +1,20 @@ +suite: Test Service Monitors +templates: +- servicemonitor.yaml +tests: +- it: should not render Service Monitor if metrics.enabled = false or metrics.prometheusExport = false + set: + metrics.enabled: false + metrics.prometheusExport: false + asserts: + - hasDocuments: + count: 0 + template: servicemonitor.yaml +- it: should render Service Account if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.prometheusExport: true + asserts: + - hasDocuments: + count: 1 + template: servicemonitor.yaml diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/values.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/values.yaml new file mode 100644 index 000000000..dc17e9796 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/values.yaml @@ -0,0 +1,67 @@ +## Allowed external IP cidrs +allowedExternalIPCidrs: "" +## Certificates generation for webhook +certificates: + certManager: + # Enable cert manager integration. Cert manager should be already installed at the k8s cluster + enabled: true + version: "" + # If cert-manager integration is disabled, add self signed ca.crt in base64 format + caBundle: "" + # If cert-manager integration is disabled, upload certs data (ca.crt, tls.crt and tls.key) as k8s secretName in the namespace + secretName: webhook-server-cert +## Details about the image to be pulled. +image: + pullPolicy: IfNotPresent + pullSecrets: [] + repository: rancher/externalip-webhook + tag: v0.1.4 +## Enabling metrics endpoint +# Webhook emits `webhook_failed_request_count` metrics whenever it rejects service creation or update operation +metrics: + enabled: false + port: 8443 + # Enable webhook metrics export to Prometheus + prometheusExport: false + # Webhook metrics auth proxy. This option is just available for amd64 arch + authProxy: + enabled: false + port: 8080 + image: + pullPolicy: IfNotPresent + pullSecrets: [] + repository: rancher/kube-rbac-proxy + tag: v0.5.0 + resources: + limits: + memory: 30Mi + cpu: 100m + requests: + memory: 20Mi + cpu: 100m +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## RBAC +rbac: + apiVersion: v1 +## CPU and Memory limit and request for externalip-webhook +resources: + limits: + memory: 30Mi + cpu: 100m + requests: + memory: 20Mi + cpu: 100m +service: + metricsPort: 8443 + webhookPort: 443 +## Webhook serviceAccountName. Just used if metrics.authProxy.enabled = false +serviceAccountName: default +## List of node taints to tolerate (requires Kubernetes >= 1.6) +tolerations: [] +## Webhook server pod port +webhookPort: 9443 +global: + systemDefaultRegistry: "" diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/.helmignore b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/Chart.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/Chart.yaml new file mode 100644 index 000000000..3143d5139 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/Chart.yaml @@ -0,0 +1,24 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: External IP Webhook + catalog.cattle.io/namespace: cattle-externalip-system + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: rancher-external-ip-webhook + catalog.cattle.io/ui-component: rancher-external-ip-webhook +apiVersion: v1 +appVersion: v0.1.6 +description: | + Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 +home: https://github.com/rancher/externalip-webhook +keywords: +- cve +- externalip +- webhook +- security +maintainers: +- email: raul@rancher.com + name: rawmind0 +name: rancher-external-ip-webhook +sources: +- https://github.com/rancher/externalip-webhook +version: 0.1.600 diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/README.md b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/README.md new file mode 100644 index 000000000..4890065a7 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/README.md @@ -0,0 +1,69 @@ +# externalip-webhook + +## Chart Details + +This chart will create a deployment of `externalip-webhook` within your Kubernetes Cluster. It's required to mitigate k8s CVE-2020-8554. + +## Installing the Chart + +To install the chart with the release name `rancher-external-ip-webhook`: + +```bash +$ helm repo add rancher-chart https://charts.rancher.io +$ helm repo update +$ helm install rancher-external-ip-webhook rancher-chart/rancher-external-ip-webhook --namespace cattle-externalip-system -f values.yaml +``` + +## Configuration + +The following table lists the configurable parameters of the externalip-webhook chart and their default values. + + +| Parameter | Description | Default | +| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | +| `allowedExternalIPCidrs` | Set allowed external IP CIDRs separated by a comma | `""` | +| `certificates.caBundle` | If cert-manager integration is disabled, add here self signed ca.crt in base64 format | `""` | +| `certificates.certManager.enabled` | Enable cert manager integration. Cert manager should be already installed at the k8s cluster | `true` | +| `certificates.certManager.version` | Cert manager version to use | `""` | +| `certificates.secretName` | If cert-manager integration is disabled, upload certs data (ca.crt, tls.crt & tls.key) as k8s secretName in the namespace | `"webhook-server-cert"` | +| `global.systemDefaultRegistry` | Pull docker images from systemDefaultRegistry | `""` | +| `image.pullPolicy` | Webhook server docker pull policy | `"IfNotPresent"` | +| `image.pullSecrets` | Webhook server docker pull secret | `""` | +| `image.repository` | Webhook server docker image repository | `"rancher/externalip-webhook"` | +| `image.tag` | Webhook server docker image tag Defaults to | `".Chart.appVersion"` | +| `metrics.enabled` | Enable metrics endpoint | `false` | +| `metrics.port` | Webhook metrics pod port | `8443` | +| `metrics.prometheusExport` | Enable Prometheus export. Follow [exporting-metrics-for-prometheus](https://book.kubebuilder.io/reference/metrics.html#exporting-metrics-for-prometheus) to export the webhook metrics | `false` | +| `metrics.authProxy.enabled` | Enable auth proxy for metrics endpoint | `false` | +| `metrics.authProxy.port` | Webhook auth proxy pod port | `8080` | +| `metrics.authProxy.image.pullPolicy` | Webhook auth proxy docker pull policy | `"IfNotPresent"` | +| `metrics.authProxy.image.pullSecrets`| Webhook auth proxy docker pull secrets | `""` | +| `metrics.authProxy.image.repository` | Webhook auth proxy docker image repository | `"gcr.io/kubebuilder/kube-rbac-proxy"` | +| `metrics.authProxy.image.pullPolicy` | Webhook auth proxy docker image tag | `"v0.5.0"` | +| `metrics.authProxy.resources.limits.cpu` | Webhook auth proxy resource cpu limit | `"100m"` | +| `metrics.authProxy.resources.limits.memory` | Webhook auth proxy resource memory limit | `"30Mi"` | +| `metrics.authProxy.resources.requests.cpu` | Webhook auth proxy wesource cpu reservation | `"100m"` | +| `metrics.authProxy.resources.requests.memory` | Webhook auth proxy resource memory reservation | `"20Mi"` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `rbac.apiVersion` | Rbac API version to use | `"v1"` | +| `resources.limits.cpu` | Resource cpu limit | `"100m"` | +| `resources.limits.memory` | Resource memory limit | `"30Mi"` | +| `resources.requests.cpu` | Resource cpu reservation | `"100m"` | +| `resources.requests.memory` | Resource memory reservation | `"20Mi"` | +| `service.metricsPort` | Webhook metrics service port | `8443` | +| `service.webhookPort` | Webhook server service port | `443` | +| `serviceAccountName` | Webhook serviceAccountName. Just used if metrics.authProxy.enabled = false | `"default"` | +| `tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `[]` | +| `webhookPort` | Webhook server pod port | `9443` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm repo add rancher-chart https://charts.rancher.io +$ helm repo update +$ helm install rancher-external-ip-webhook rancher-chart/rancher-external-ip-webhook --namespace cattle-externalip-system -f values.yaml +``` + +> **Tip**: You can use the default [values.yaml](https://github.com/rancher/externalip-webhook/blob/master/chart/values.yaml) diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/app-README.md b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/app-README.md new file mode 100644 index 000000000..bd8acd382 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/app-README.md @@ -0,0 +1,12 @@ +# externalip-webhook + +This chart was created to mitigate [CVE-2020-8554](https://www.cvedetails.com/cve/CVE-2020-8554/) + +External IP Webhook is a validating k8s webhook which prevents services from using random external IPs. +Cluster administrators can specify list of CIDRs allowed to be used as external IP by specifying `allowed-external-ip-cidrs` parameter. The webhook will only allow services which either don’t set external IP, or whose external IPs are within the range specified by the administrator. + +External IP Webhook certificates are required. They can be generated in 2 ways: +* cert-manager: This is the default chart configuration. Cert manager should be already installed at the k8s cluster +* uploading certs: Disable `Cert Manager integration` and set `Secret name` and `CA Bundle` at `Certificates` section. + +For more information, review the Helm README of this chart. diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/questions.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/questions.yaml new file mode 100644 index 000000000..3ea9edd93 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/questions.yaml @@ -0,0 +1,26 @@ +questions: +# allowedExternalIPCidrs +- variable: allowedExternalIPCidrs + label: Allowed external IP cidrs + description: Set allowed external IP CIDRs separated by a comma + type: string + group: Configuration +- variable: certificates.certManager.enabled + default: true + description: Enable cert manager integration. Cert manager should be already installed + label: Enable Cert Manager integration + type: boolean + group: "Certificates" + show_subquestion_if: false + subquestions: + - variable: certificates.secretName + default: webhook-server-cert + description: Use certificates from secret. Secret should exists in the app namespace, with certs data (ca.crt, tls.crt & tls.key) + label: Secret name + type: string + required: true + - variable: certificates.caBundle + description: Use self signed CA Bundle. It should be provided in base64 format + label: CA Bundle + type: string + required: true diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/NOTES.txt b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/NOTES.txt new file mode 100644 index 000000000..74271bdd5 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/NOTES.txt @@ -0,0 +1,3 @@ +To verify that externalip-webhook has started, run: + + kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "externalip-webhook.name" . }},release={{ .Release.Name }}" diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/_helpers.tpl b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/_helpers.tpl new file mode 100644 index 000000000..cc8a9a0d3 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/_helpers.tpl @@ -0,0 +1,50 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "externalip-webhook.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "externalip-webhook.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if ne $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s" $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* Generate basic labels */}} +{{- define "externalip-webhook.labels" }} +app: {{ template "externalip-webhook.name" . }} +heritage: {{.Release.Service }} +release: {{.Release.Name }} +{{- end }} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +kubernetes.io/os: linux +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/admissionregistration.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/admissionregistration.yaml new file mode 100644 index 000000000..d8152faa5 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/admissionregistration.yaml @@ -0,0 +1,30 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: +{{- if .Values.certificates.certManager.enabled }} + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ template "externalip-webhook.fullname" . }}-server-cert +{{- end }} + creationTimestamp: null + name: {{ template "externalip-webhook.fullname" . }}-validating-webhook-configuration +webhooks: +- clientConfig: +{{- if not (.Values.certificates.certManager.enabled) }} + caBundle: {{ .Values.certificates.caBundle }} +{{- end }} + service: + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} + path: /validate-service + failurePolicy: Ignore + name: {{ template "externalip-webhook.fullname" . }}.{{ .Release.Namespace }}.svc + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - services \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/clusterrole.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/clusterrole.yaml new file mode 100644 index 000000000..46e18bf00 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/clusterrole.yaml @@ -0,0 +1,33 @@ +{{- if and (.Values.metrics.enabled) (.Values.metrics.authProxy.enabled) -}} +apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} +kind: ClusterRole +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} +kind: ClusterRole +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/clusterrolebinding.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..2fa40817f --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/clusterrolebinding.yaml @@ -0,0 +1,31 @@ +apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} +kind: ClusterRoleBinding +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-cluster-view +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view +subjects: +- kind: ServiceAccount + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- if and (.Values.metrics.enabled) (.Values.metrics.authProxy.enabled) }} +--- +apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} +kind: ClusterRoleBinding +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "externalip-webhook.fullname" . }}-proxy-role +subjects: +- kind: ServiceAccount + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/deployment.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/deployment.yaml new file mode 100644 index 000000000..c82754deb --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/deployment.yaml @@ -0,0 +1,107 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + seccomp.security.alpha.kubernetes.io/pod: runtime/default + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ template "externalip-webhook.name" . }} + template: + metadata: + annotations: + seccomp.security.alpha.kubernetes.io/pod: runtime/default + labels: {{ include "externalip-webhook.labels" . | indent 8 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + spec: + containers: + {{- if and (.Values.metrics.enabled) (.Values.metrics.authProxy.enabled) }} + - name: {{ template "externalip-webhook.fullname" . }}-auth-proxy + args: + - --secure-listen-address=0.0.0.0:{{ .Values.metrics.port }} + - --upstream=http://127.0.0.1:{{ .Values.metrics.authProxy.port }}/ + - --logtostderr=true + - --v=10 + image: {{ template "system_default_registry" . }}{{ .Values.metrics.authProxy.image.repository}}:{{ .Values.metrics.authProxy.image.tag }} + imagePullPolicy: "{{ .Values.metrics.authProxy.image.pullPolicy }}" + ports: + - containerPort: {{ .Values.metrics.port }} + name: webhook-metrics + protocol: TCP + resources: +{{ toYaml .Values.metrics.authProxy.resources | indent 10 }} + readinessProbe: + tcpSocket: + port: webhook-metrics + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: webhook-metrics + initialDelaySeconds: 5 + failureThreshold: 10 + periodSeconds: 30 + {{- end }} + - name: {{ template "externalip-webhook.fullname" . }} + image: {{ template "system_default_registry" . }}{{ .Values.image.repository}}:{{ default .Chart.AppVersion .Values.image.tag }} + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + command: + - /webhook + args: + - --webhook-port={{ .Values.webhookPort }} + {{- if .Values.allowedExternalIPCidrs }} + - --allowed-external-ip-cidrs={{ .Values.allowedExternalIPCidrs }} + {{- end }} + {{- if .Values.metrics.enabled }} + {{- if .Values.metrics.authProxy.enabled }} + - --metrics-addr=127.0.0.1:{{ .Values.metrics.authProxy.port }} + {{- else }} + - --metrics-addr=0.0.0.0:{{ .Values.metrics.port }} + {{- end }} + {{- end }} + ports: + - containerPort: {{ .Values.webhookPort }} + name: webhook-server + protocol: TCP + {{- if and (.Values.metrics.enabled) (not (.Values.metrics.authProxy.enabled)) }} + - containerPort: {{ .Values.metrics.port }} + name: webhook-metrics + protocol: TCP + {{- end }} + volumeMounts: + - name: server-cert + mountPath: /tmp/k8s-webhook-server/serving-certs + readOnly: true + resources: +{{ toYaml .Values.resources | indent 10 }} + readinessProbe: + tcpSocket: + port: webhook-server + initialDelaySeconds: 5 + failureThreshold: 10 + periodSeconds: 30 + livenessProbe: + tcpSocket: + port: webhook-server + initialDelaySeconds: 5 + failureThreshold: 10 + periodSeconds: 30 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + {{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 6}} + {{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 6 }} + {{- end }} + serviceAccountName: {{ template "externalip-webhook.fullname" . }} + volumes: + - name: server-cert + secret: + defaultMode: 420 + secretName: {{ .Values.certificates.secretName }} diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/issuer.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/issuer.yaml new file mode 100644 index 000000000..ff1c2de10 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/issuer.yaml @@ -0,0 +1,52 @@ +{{- if .Values.certificates.certManager.enabled -}} + {{- $certmanagerVer := split "." .Values.certificates.certManager.version -}} + {{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 1) (ge (int $certmanagerVer._1) 0)) }} +apiVersion: cert-manager.io/v1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 16)) }} +apiVersion: cert-manager.io/v1beta1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 11)) }} +apiVersion: cert-manager.io/v1alpha2 + {{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11)) }} +apiVersion: certmanager.k8s.io/v1alpha1 + {{- else }} +# Setting latest version as default +apiVersion: cert-manager.io/v1 + {{- end }} +kind: Certificate +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-server-cert + namespace: {{ .Release.Namespace }} +spec: + dnsNames: + - {{ template "externalip-webhook.fullname" . }}.{{ .Release.Namespace }}.svc + - {{ template "externalip-webhook.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + issuerRef: + kind: Issuer + name: {{ template "externalip-webhook.fullname" . }}-issuer + secretName: {{ .Values.certificates.secretName }} +--- + {{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 1) (ge (int $certmanagerVer._1) 0)) }} +apiVersion: cert-manager.io/v1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 16)) }} +apiVersion: cert-manager.io/v1beta1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 11)) }} +apiVersion: cert-manager.io/v1alpha2 + {{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11)) }} +apiVersion: certmanager.k8s.io/v1alpha1 + {{- else }} +# Setting latest version as default +apiVersion: cert-manager.io/v1 + {{- end }} +kind: Issuer +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-issuer + namespace: {{ .Release.Namespace }} +spec: + selfSigned: {} +{{- end -}} + + diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/service.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/service.yaml new file mode 100644 index 000000000..256add3e4 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/service.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: Service +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: webhook-server + port: {{ .Values.service.webhookPort }} + protocol: TCP + targetPort: {{ .Values.webhookPort }} + selector: + app: {{ template "externalip-webhook.name" . }} + type: "ClusterIP" +{{- if .Values.metrics.enabled }} +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-metrics-service + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: webhook-metrics + port: {{ .Values.service.metricsPort }} + protocol: TCP + targetPort: {{ .Values.metrics.port }} + selector: + app: {{ template "externalip-webhook.name" . }} + type: "ClusterIP" +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/serviceaccount.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/serviceaccount.yaml new file mode 100644 index 000000000..895df4f5b --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/servicemonitor.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/servicemonitor.yaml new file mode 100644 index 000000000..c481ea31d --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/servicemonitor.yaml @@ -0,0 +1,16 @@ +{{- if and (.Values.metrics.enabled) (.Values.metrics.prometheusExport) -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-monitor + namespace: {{ .Release.Namespace }} +spec: + endpoints: + - path: /metrics + port: https + selector: + matchLabels: + app: {{ template "externalip-webhook.name" . }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/admissionregistration_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/admissionregistration_test.yaml new file mode 100644 index 000000000..0660aa6e8 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/admissionregistration_test.yaml @@ -0,0 +1,32 @@ +suite: Test Admission Registration +templates: +- admissionregistration.yaml +tests: +- it: should render Admission Registration + asserts: + - equal: + path: apiVersion + value: admissionregistration.k8s.io/v1beta1 +- it: should render Admission Registration annotation and not caBundle if certificates.certManager.enabled = true + release: + name: rancher-externalip-webhook + namespace: test + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: metadata.annotations + value: + cert-manager.io/inject-ca-from: test/rancher-externalip-webhook-server-cert + - isNull: + path: webhooks[0].clientConfig.caBundle +- it: should render Admission Registration caBundle and not annotation if certificates.certManager.enabled = false + set: + certificates.caBundle: test + certificates.certManager.enabled: false + asserts: + - equal: + path: webhooks[0].clientConfig.caBundle + value: test + - isNull: + path: metadata.annotations diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/clusterrole_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/clusterrole_test.yaml new file mode 100644 index 000000000..9e563807b --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/clusterrole_test.yaml @@ -0,0 +1,37 @@ +suite: Test Cluster Roles +templates: +- clusterrole.yaml +tests: +- it: should not render Cluster Roles if metrics.enabled = false or metrics.authProxy.enabled = false + set: + metrics.enabled: false + metrics.authProxy.enabled: false + asserts: + - hasDocuments: + count: 0 + template: clusterrole.yaml +- it: should render Cluster Roles if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - hasDocuments: + count: 2 + template: clusterrole.yaml +- it: should render Cluster Roles with default rbac api version if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1 +- it: should render Cluster Roles with custom rbac api version if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + rbac.apiVersion: v1beta + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1beta \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/clusterrolebinding_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/clusterrolebinding_test.yaml new file mode 100644 index 000000000..2129573a3 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/clusterrolebinding_test.yaml @@ -0,0 +1,42 @@ +suite: Test Cluster Role Bindings +templates: +- clusterrolebinding.yaml +tests: +- it: should render Cluster Role Bindings with default rbac api version + set: + rbac.apiVersion: v1 + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1 +- it: should render Cluster Role Bindings with custom rbac api version + set: + rbac.apiVersion: v1beta + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1beta +- it: should not render Cluster Role Binding proxy if metrics.enabled = false or metrics.authProxy.enabled = false + set: + metrics.enabled: false + metrics.authProxy.enabled: false + asserts: + - hasDocuments: + count: 1 + template: clusterrolebinding.yaml +- it: should render Cluster Role Bindings proxy if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - hasDocuments: + count: 2 + template: clusterrolebinding.yaml +- it: should render Cluster Role Bindings with default rbac api version if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1 \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/deployment_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/deployment_test.yaml new file mode 100644 index 000000000..50e3f9ec1 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/deployment_test.yaml @@ -0,0 +1,202 @@ +suite: Test Deployments +templates: +- deployment.yaml +tests: +- it: should render Deployment with allowed-external-ip-cidrs arg if allowedExternalIPCidrs is set + release: + name: rancher-externalip-webhook + set: + allowedExternalIPCidrs: "1,2" + asserts: + - equal: + path: spec.template.spec.containers[0].args[1] + value: --allowed-external-ip-cidrs=1,2 +- it: should render Deployment with default port, nodeSelector and tolerations if metrics.enabled = false and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP + - equal: + path: spec.template.spec.tolerations[0] + value: + key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + - equal: + path: spec.template.spec.nodeSelector + value: + kubernetes.io/os: linux +- it: should render Deployment with default port and custom nodeSelector and tolerations if metrics.enabled = false and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + set: + tolerations: + - key: "cattle.io/test" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + nodeSelector: + kubernetes.io/test: linux + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP + - equal: + path: spec.template.spec.tolerations[0] + value: + key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + - equal: + path: spec.template.spec.tolerations[1] + value: + key: "cattle.io/test" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + - equal: + path: spec.template.spec.nodeSelector + value: + kubernetes.io/os: linux + kubernetes.io/test: linux +- it: should render Deployment with custom port and image if metrics.enabled = false and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + set: + webhookPort: 9000 + image.repository: test + image.tag: dev-test + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].image + value: test:dev-test + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9000 + name: webhook-server + protocol: TCP +- it: should render Deployment with default metrics port if metrics.enabled = true and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + set: + metrics.enabled: true + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP + - equal: + path: spec.template.spec.containers[0].ports[1] + value: + containerPort: 8443 + name: webhook-metrics + protocol: TCP +- it: should render Deployment with custom metrics port if metrics.enabled = true and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + set: + metrics.enabled: true + metrics.port: 8000 + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP + - equal: + path: spec.template.spec.containers[0].ports[1] + value: + containerPort: 8000 + name: webhook-metrics + protocol: TCP +- it: should render Deployment with default metrics port if metrics.enabled = true and metrics.authProxy.enabled = true + release: + name: rancher-externalip-webhook + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook-auth-proxy + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 8443 + name: webhook-metrics + protocol: TCP + - equal: + path: spec.template.spec.containers[1].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[1].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP +- it: should render Deployment with custom metrics port and image if metrics.enabled = true and metrics.authProxy.enabled = true + release: + name: rancher-externalip-webhook + set: + metrics.enabled: true + metrics.authProxy.enabled: true + metrics.port: 8000 + webhookPort: 9000 + image.repository: test + image.tag: dev-test + metrics.authProxy.image.repository: auth + metrics.authProxy.image.tag: auth-test + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook-auth-proxy + - equal: + path: spec.template.spec.containers[0].image + value: auth:auth-test + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 8000 + name: webhook-metrics + protocol: TCP + - equal: + path: spec.template.spec.containers[1].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[1].image + value: test:dev-test + - equal: + path: spec.template.spec.containers[1].ports[0] + value: + containerPort: 9000 + name: webhook-server + protocol: TCP \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/issuer_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/issuer_test.yaml new file mode 100644 index 000000000..eeeb660b2 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/issuer_test.yaml @@ -0,0 +1,106 @@ +suite: Test Issuers +templates: +- issuer.yaml +tests: +- it: should not render issuer if certificates.certManager.enabled = false + set: + certificates.certManager.enabled: false + asserts: + - hasDocuments: + count: 0 + template: issuer.yaml +- it: should render issuer if certificates.certManager.enabled = true + set: + certificates.certManager.enabled: true + asserts: + - hasDocuments: + count: 2 + template: issuer.yaml +- it: should set issuer apiVersion with default cert-manager + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 1.0.0 using capabilities + capabilities: + apiversions: + - cert-manager.io/v1 + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 0.16.0 using capabilities + capabilities: + apiversions: + - cert-manager.io/v1beta1 + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1beta1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 0.11.0 using capabilities + capabilities: + apiversions: + - cert-manager.io/v1alpha2 + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1alpha2 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager < 0.11.0 using capabilities + capabilities: + apiversions: + - certmanager.k8s.io/v1alpha1 + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: certmanager.k8s.io/v1alpha1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 1.0.0 using parameter + set: + certificates.certManager.version: 1.0.0 + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 0.16.0 using parameter + set: + certificates.certManager.version: 0.16.0 + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1beta1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 0.11.0 using parameter + set: + certificates.certManager.version: 0.11.0 + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1alpha2 + template: issuer.yaml +- it: should set letsEncrypt apiVersion with cert-manager < 0.11.0 using parameter + set: + certificates.certManager.version: 0.9.0 + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: certmanager.k8s.io/v1alpha1 + template: issuer.yaml diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/service_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/service_test.yaml new file mode 100644 index 000000000..a0ba4d352 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/service_test.yaml @@ -0,0 +1,69 @@ +suite: Test Services +templates: +- service.yaml +tests: +- it: should render webhook-server service with default webhookPort if metrics.enabled = false + set: + metrics.enabled: false + asserts: + - equal: + path: spec.ports[0] + value: + name: webhook-server + port: 443 + protocol: TCP + targetPort: 9443 +- it: should render webhook-server service with custom webhookPort if metrics.enabled = false + set: + metrics.enabled: false + webhookPort: 9000 + asserts: + - equal: + path: spec.ports[0] + value: + name: webhook-server + port: 443 + protocol: TCP + targetPort: 9000 +- it: should render webhook-server and webhook-metrics services with default webhookPort and metrics.port, if metrics.enabled = true + set: + metrics.enabled: true + asserts: + - equal: + path: spec.ports[0] + value: + name: webhook-server + port: 443 + protocol: TCP + targetPort: 9443 + documentIndex: 0 + - equal: + path: spec.ports[0] + value: + name: webhook-metrics + port: 8443 + protocol: TCP + targetPort: 8443 + documentIndex: 1 +- it: should render webhook-server and webhook-metrics services with custom webhookPort and metrics.port, if metrics.enabled = true + set: + metrics.enabled: true + metrics.port: 8000 + webhookPort: 9000 + asserts: + - equal: + path: spec.ports[0] + value: + name: webhook-server + port: 443 + protocol: TCP + targetPort: 9000 + documentIndex: 0 + - equal: + path: spec.ports[0] + value: + name: webhook-metrics + port: 8443 + protocol: TCP + targetPort: 8000 + documentIndex: 1 \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/serviceaccount_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/serviceaccount_test.yaml new file mode 100644 index 000000000..5aebbc74b --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/serviceaccount_test.yaml @@ -0,0 +1,9 @@ +suite: Test Service Accounts +templates: +- serviceaccount.yaml +tests: +- it: should render Service Account + asserts: + - hasDocuments: + count: 1 + template: serviceaccount.yaml diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/servicemonitor_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/servicemonitor_test.yaml new file mode 100644 index 000000000..21989265e --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/servicemonitor_test.yaml @@ -0,0 +1,20 @@ +suite: Test Service Monitors +templates: +- servicemonitor.yaml +tests: +- it: should not render Service Monitor if metrics.enabled = false or metrics.prometheusExport = false + set: + metrics.enabled: false + metrics.prometheusExport: false + asserts: + - hasDocuments: + count: 0 + template: servicemonitor.yaml +- it: should render Service Account if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.prometheusExport: true + asserts: + - hasDocuments: + count: 1 + template: servicemonitor.yaml diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/values.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/values.yaml new file mode 100644 index 000000000..19145a81b --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/values.yaml @@ -0,0 +1,67 @@ +## Allowed external IP cidrs +allowedExternalIPCidrs: "" +## Certificates generation for webhook +certificates: + certManager: + # Enable cert manager integration. Cert manager should be already installed at the k8s cluster + enabled: true + version: "" + # If cert-manager integration is disabled, add self signed ca.crt in base64 format + caBundle: "" + # If cert-manager integration is disabled, upload certs data (ca.crt, tls.crt and tls.key) as k8s secretName in the namespace + secretName: webhook-server-cert +## Details about the image to be pulled. +image: + pullPolicy: IfNotPresent + pullSecrets: [] + repository: rancher/externalip-webhook + tag: v0.1.6 +## Enabling metrics endpoint +# Webhook emits `webhook_failed_request_count` metrics whenever it rejects service creation or update operation +metrics: + enabled: false + port: 8443 + # Enable webhook metrics export to Prometheus + prometheusExport: false + # Webhook metrics auth proxy. This option is just available for amd64 arch + authProxy: + enabled: false + port: 8080 + image: + pullPolicy: IfNotPresent + pullSecrets: [] + repository: rancher/kube-rbac-proxy + tag: v0.5.0 + resources: + limits: + memory: 30Mi + cpu: 100m + requests: + memory: 20Mi + cpu: 100m +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## RBAC +rbac: + apiVersion: v1 +## CPU and Memory limit and request for externalip-webhook +resources: + limits: + memory: 30Mi + cpu: 100m + requests: + memory: 20Mi + cpu: 100m +service: + metricsPort: 8443 + webhookPort: 443 +## Webhook serviceAccountName. Just used if metrics.authProxy.enabled = false +serviceAccountName: default +## List of node taints to tolerate (requires Kubernetes >= 1.6) +tolerations: [] +## Webhook server pod port +webhookPort: 9443 +global: + systemDefaultRegistry: "" diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/.helmignore b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/.helmignore new file mode 100755 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/Chart.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/Chart.yaml new file mode 100755 index 000000000..aebc35572 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/Chart.yaml @@ -0,0 +1,24 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: External IP Webhook + catalog.cattle.io/namespace: cattle-externalip-system + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: rancher-external-ip-webhook + catalog.cattle.io/ui-component: rancher-external-ip-webhook +apiVersion: v1 +appVersion: v0.1.6 +description: | + Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 +home: https://github.com/rancher/externalip-webhook +keywords: +- cve +- externalip +- webhook +- security +maintainers: +- email: raul@rancher.com + name: rawmind0 +name: rancher-external-ip-webhook +sources: +- https://github.com/rancher/externalip-webhook +version: 0.1.601 diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/README.md b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/README.md new file mode 100755 index 000000000..4890065a7 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/README.md @@ -0,0 +1,69 @@ +# externalip-webhook + +## Chart Details + +This chart will create a deployment of `externalip-webhook` within your Kubernetes Cluster. It's required to mitigate k8s CVE-2020-8554. + +## Installing the Chart + +To install the chart with the release name `rancher-external-ip-webhook`: + +```bash +$ helm repo add rancher-chart https://charts.rancher.io +$ helm repo update +$ helm install rancher-external-ip-webhook rancher-chart/rancher-external-ip-webhook --namespace cattle-externalip-system -f values.yaml +``` + +## Configuration + +The following table lists the configurable parameters of the externalip-webhook chart and their default values. + + +| Parameter | Description | Default | +| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | +| `allowedExternalIPCidrs` | Set allowed external IP CIDRs separated by a comma | `""` | +| `certificates.caBundle` | If cert-manager integration is disabled, add here self signed ca.crt in base64 format | `""` | +| `certificates.certManager.enabled` | Enable cert manager integration. Cert manager should be already installed at the k8s cluster | `true` | +| `certificates.certManager.version` | Cert manager version to use | `""` | +| `certificates.secretName` | If cert-manager integration is disabled, upload certs data (ca.crt, tls.crt & tls.key) as k8s secretName in the namespace | `"webhook-server-cert"` | +| `global.systemDefaultRegistry` | Pull docker images from systemDefaultRegistry | `""` | +| `image.pullPolicy` | Webhook server docker pull policy | `"IfNotPresent"` | +| `image.pullSecrets` | Webhook server docker pull secret | `""` | +| `image.repository` | Webhook server docker image repository | `"rancher/externalip-webhook"` | +| `image.tag` | Webhook server docker image tag Defaults to | `".Chart.appVersion"` | +| `metrics.enabled` | Enable metrics endpoint | `false` | +| `metrics.port` | Webhook metrics pod port | `8443` | +| `metrics.prometheusExport` | Enable Prometheus export. Follow [exporting-metrics-for-prometheus](https://book.kubebuilder.io/reference/metrics.html#exporting-metrics-for-prometheus) to export the webhook metrics | `false` | +| `metrics.authProxy.enabled` | Enable auth proxy for metrics endpoint | `false` | +| `metrics.authProxy.port` | Webhook auth proxy pod port | `8080` | +| `metrics.authProxy.image.pullPolicy` | Webhook auth proxy docker pull policy | `"IfNotPresent"` | +| `metrics.authProxy.image.pullSecrets`| Webhook auth proxy docker pull secrets | `""` | +| `metrics.authProxy.image.repository` | Webhook auth proxy docker image repository | `"gcr.io/kubebuilder/kube-rbac-proxy"` | +| `metrics.authProxy.image.pullPolicy` | Webhook auth proxy docker image tag | `"v0.5.0"` | +| `metrics.authProxy.resources.limits.cpu` | Webhook auth proxy resource cpu limit | `"100m"` | +| `metrics.authProxy.resources.limits.memory` | Webhook auth proxy resource memory limit | `"30Mi"` | +| `metrics.authProxy.resources.requests.cpu` | Webhook auth proxy wesource cpu reservation | `"100m"` | +| `metrics.authProxy.resources.requests.memory` | Webhook auth proxy resource memory reservation | `"20Mi"` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `rbac.apiVersion` | Rbac API version to use | `"v1"` | +| `resources.limits.cpu` | Resource cpu limit | `"100m"` | +| `resources.limits.memory` | Resource memory limit | `"30Mi"` | +| `resources.requests.cpu` | Resource cpu reservation | `"100m"` | +| `resources.requests.memory` | Resource memory reservation | `"20Mi"` | +| `service.metricsPort` | Webhook metrics service port | `8443` | +| `service.webhookPort` | Webhook server service port | `443` | +| `serviceAccountName` | Webhook serviceAccountName. Just used if metrics.authProxy.enabled = false | `"default"` | +| `tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `[]` | +| `webhookPort` | Webhook server pod port | `9443` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm repo add rancher-chart https://charts.rancher.io +$ helm repo update +$ helm install rancher-external-ip-webhook rancher-chart/rancher-external-ip-webhook --namespace cattle-externalip-system -f values.yaml +``` + +> **Tip**: You can use the default [values.yaml](https://github.com/rancher/externalip-webhook/blob/master/chart/values.yaml) diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/app-README.md b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/app-README.md new file mode 100755 index 000000000..bd8acd382 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/app-README.md @@ -0,0 +1,12 @@ +# externalip-webhook + +This chart was created to mitigate [CVE-2020-8554](https://www.cvedetails.com/cve/CVE-2020-8554/) + +External IP Webhook is a validating k8s webhook which prevents services from using random external IPs. +Cluster administrators can specify list of CIDRs allowed to be used as external IP by specifying `allowed-external-ip-cidrs` parameter. The webhook will only allow services which either don’t set external IP, or whose external IPs are within the range specified by the administrator. + +External IP Webhook certificates are required. They can be generated in 2 ways: +* cert-manager: This is the default chart configuration. Cert manager should be already installed at the k8s cluster +* uploading certs: Disable `Cert Manager integration` and set `Secret name` and `CA Bundle` at `Certificates` section. + +For more information, review the Helm README of this chart. diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/questions.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/questions.yaml new file mode 100755 index 000000000..3ea9edd93 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/questions.yaml @@ -0,0 +1,26 @@ +questions: +# allowedExternalIPCidrs +- variable: allowedExternalIPCidrs + label: Allowed external IP cidrs + description: Set allowed external IP CIDRs separated by a comma + type: string + group: Configuration +- variable: certificates.certManager.enabled + default: true + description: Enable cert manager integration. Cert manager should be already installed + label: Enable Cert Manager integration + type: boolean + group: "Certificates" + show_subquestion_if: false + subquestions: + - variable: certificates.secretName + default: webhook-server-cert + description: Use certificates from secret. Secret should exists in the app namespace, with certs data (ca.crt, tls.crt & tls.key) + label: Secret name + type: string + required: true + - variable: certificates.caBundle + description: Use self signed CA Bundle. It should be provided in base64 format + label: CA Bundle + type: string + required: true diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/NOTES.txt b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/NOTES.txt new file mode 100755 index 000000000..74271bdd5 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/NOTES.txt @@ -0,0 +1,3 @@ +To verify that externalip-webhook has started, run: + + kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "externalip-webhook.name" . }},release={{ .Release.Name }}" diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/_helpers.tpl b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/_helpers.tpl new file mode 100755 index 000000000..cc8a9a0d3 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/_helpers.tpl @@ -0,0 +1,50 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "externalip-webhook.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "externalip-webhook.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if ne $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s" $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* Generate basic labels */}} +{{- define "externalip-webhook.labels" }} +app: {{ template "externalip-webhook.name" . }} +heritage: {{.Release.Service }} +release: {{.Release.Name }} +{{- end }} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +kubernetes.io/os: linux +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/admissionregistration.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/admissionregistration.yaml new file mode 100755 index 000000000..d8152faa5 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/admissionregistration.yaml @@ -0,0 +1,30 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: +{{- if .Values.certificates.certManager.enabled }} + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ template "externalip-webhook.fullname" . }}-server-cert +{{- end }} + creationTimestamp: null + name: {{ template "externalip-webhook.fullname" . }}-validating-webhook-configuration +webhooks: +- clientConfig: +{{- if not (.Values.certificates.certManager.enabled) }} + caBundle: {{ .Values.certificates.caBundle }} +{{- end }} + service: + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} + path: /validate-service + failurePolicy: Ignore + name: {{ template "externalip-webhook.fullname" . }}.{{ .Release.Namespace }}.svc + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - services \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/clusterrole.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/clusterrole.yaml new file mode 100755 index 000000000..46e18bf00 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/clusterrole.yaml @@ -0,0 +1,33 @@ +{{- if and (.Values.metrics.enabled) (.Values.metrics.authProxy.enabled) -}} +apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} +kind: ClusterRole +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} +kind: ClusterRole +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/clusterrolebinding.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..2fa40817f --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/clusterrolebinding.yaml @@ -0,0 +1,31 @@ +apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} +kind: ClusterRoleBinding +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-cluster-view +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view +subjects: +- kind: ServiceAccount + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- if and (.Values.metrics.enabled) (.Values.metrics.authProxy.enabled) }} +--- +apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} +kind: ClusterRoleBinding +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "externalip-webhook.fullname" . }}-proxy-role +subjects: +- kind: ServiceAccount + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/deployment.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/deployment.yaml new file mode 100755 index 000000000..c82754deb --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/deployment.yaml @@ -0,0 +1,107 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + seccomp.security.alpha.kubernetes.io/pod: runtime/default + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ template "externalip-webhook.name" . }} + template: + metadata: + annotations: + seccomp.security.alpha.kubernetes.io/pod: runtime/default + labels: {{ include "externalip-webhook.labels" . | indent 8 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + spec: + containers: + {{- if and (.Values.metrics.enabled) (.Values.metrics.authProxy.enabled) }} + - name: {{ template "externalip-webhook.fullname" . }}-auth-proxy + args: + - --secure-listen-address=0.0.0.0:{{ .Values.metrics.port }} + - --upstream=http://127.0.0.1:{{ .Values.metrics.authProxy.port }}/ + - --logtostderr=true + - --v=10 + image: {{ template "system_default_registry" . }}{{ .Values.metrics.authProxy.image.repository}}:{{ .Values.metrics.authProxy.image.tag }} + imagePullPolicy: "{{ .Values.metrics.authProxy.image.pullPolicy }}" + ports: + - containerPort: {{ .Values.metrics.port }} + name: webhook-metrics + protocol: TCP + resources: +{{ toYaml .Values.metrics.authProxy.resources | indent 10 }} + readinessProbe: + tcpSocket: + port: webhook-metrics + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: webhook-metrics + initialDelaySeconds: 5 + failureThreshold: 10 + periodSeconds: 30 + {{- end }} + - name: {{ template "externalip-webhook.fullname" . }} + image: {{ template "system_default_registry" . }}{{ .Values.image.repository}}:{{ default .Chart.AppVersion .Values.image.tag }} + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + command: + - /webhook + args: + - --webhook-port={{ .Values.webhookPort }} + {{- if .Values.allowedExternalIPCidrs }} + - --allowed-external-ip-cidrs={{ .Values.allowedExternalIPCidrs }} + {{- end }} + {{- if .Values.metrics.enabled }} + {{- if .Values.metrics.authProxy.enabled }} + - --metrics-addr=127.0.0.1:{{ .Values.metrics.authProxy.port }} + {{- else }} + - --metrics-addr=0.0.0.0:{{ .Values.metrics.port }} + {{- end }} + {{- end }} + ports: + - containerPort: {{ .Values.webhookPort }} + name: webhook-server + protocol: TCP + {{- if and (.Values.metrics.enabled) (not (.Values.metrics.authProxy.enabled)) }} + - containerPort: {{ .Values.metrics.port }} + name: webhook-metrics + protocol: TCP + {{- end }} + volumeMounts: + - name: server-cert + mountPath: /tmp/k8s-webhook-server/serving-certs + readOnly: true + resources: +{{ toYaml .Values.resources | indent 10 }} + readinessProbe: + tcpSocket: + port: webhook-server + initialDelaySeconds: 5 + failureThreshold: 10 + periodSeconds: 30 + livenessProbe: + tcpSocket: + port: webhook-server + initialDelaySeconds: 5 + failureThreshold: 10 + periodSeconds: 30 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + {{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 6}} + {{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 6 }} + {{- end }} + serviceAccountName: {{ template "externalip-webhook.fullname" . }} + volumes: + - name: server-cert + secret: + defaultMode: 420 + secretName: {{ .Values.certificates.secretName }} diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/issuer.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/issuer.yaml new file mode 100755 index 000000000..ff1c2de10 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/issuer.yaml @@ -0,0 +1,52 @@ +{{- if .Values.certificates.certManager.enabled -}} + {{- $certmanagerVer := split "." .Values.certificates.certManager.version -}} + {{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 1) (ge (int $certmanagerVer._1) 0)) }} +apiVersion: cert-manager.io/v1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 16)) }} +apiVersion: cert-manager.io/v1beta1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 11)) }} +apiVersion: cert-manager.io/v1alpha2 + {{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11)) }} +apiVersion: certmanager.k8s.io/v1alpha1 + {{- else }} +# Setting latest version as default +apiVersion: cert-manager.io/v1 + {{- end }} +kind: Certificate +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-server-cert + namespace: {{ .Release.Namespace }} +spec: + dnsNames: + - {{ template "externalip-webhook.fullname" . }}.{{ .Release.Namespace }}.svc + - {{ template "externalip-webhook.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + issuerRef: + kind: Issuer + name: {{ template "externalip-webhook.fullname" . }}-issuer + secretName: {{ .Values.certificates.secretName }} +--- + {{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 1) (ge (int $certmanagerVer._1) 0)) }} +apiVersion: cert-manager.io/v1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 16)) }} +apiVersion: cert-manager.io/v1beta1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 11)) }} +apiVersion: cert-manager.io/v1alpha2 + {{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11)) }} +apiVersion: certmanager.k8s.io/v1alpha1 + {{- else }} +# Setting latest version as default +apiVersion: cert-manager.io/v1 + {{- end }} +kind: Issuer +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-issuer + namespace: {{ .Release.Namespace }} +spec: + selfSigned: {} +{{- end -}} + + diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/service.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/service.yaml new file mode 100755 index 000000000..256add3e4 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/service.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: Service +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: webhook-server + port: {{ .Values.service.webhookPort }} + protocol: TCP + targetPort: {{ .Values.webhookPort }} + selector: + app: {{ template "externalip-webhook.name" . }} + type: "ClusterIP" +{{- if .Values.metrics.enabled }} +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-metrics-service + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: webhook-metrics + port: {{ .Values.service.metricsPort }} + protocol: TCP + targetPort: {{ .Values.metrics.port }} + selector: + app: {{ template "externalip-webhook.name" . }} + type: "ClusterIP" +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/serviceaccount.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/serviceaccount.yaml new file mode 100755 index 000000000..895df4f5b --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/servicemonitor.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/servicemonitor.yaml new file mode 100755 index 000000000..c481ea31d --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/servicemonitor.yaml @@ -0,0 +1,16 @@ +{{- if and (.Values.metrics.enabled) (.Values.metrics.prometheusExport) -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-monitor + namespace: {{ .Release.Namespace }} +spec: + endpoints: + - path: /metrics + port: https + selector: + matchLabels: + app: {{ template "externalip-webhook.name" . }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/admissionregistration_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/admissionregistration_test.yaml new file mode 100755 index 000000000..0660aa6e8 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/admissionregistration_test.yaml @@ -0,0 +1,32 @@ +suite: Test Admission Registration +templates: +- admissionregistration.yaml +tests: +- it: should render Admission Registration + asserts: + - equal: + path: apiVersion + value: admissionregistration.k8s.io/v1beta1 +- it: should render Admission Registration annotation and not caBundle if certificates.certManager.enabled = true + release: + name: rancher-externalip-webhook + namespace: test + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: metadata.annotations + value: + cert-manager.io/inject-ca-from: test/rancher-externalip-webhook-server-cert + - isNull: + path: webhooks[0].clientConfig.caBundle +- it: should render Admission Registration caBundle and not annotation if certificates.certManager.enabled = false + set: + certificates.caBundle: test + certificates.certManager.enabled: false + asserts: + - equal: + path: webhooks[0].clientConfig.caBundle + value: test + - isNull: + path: metadata.annotations diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/clusterrole_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/clusterrole_test.yaml new file mode 100755 index 000000000..9e563807b --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/clusterrole_test.yaml @@ -0,0 +1,37 @@ +suite: Test Cluster Roles +templates: +- clusterrole.yaml +tests: +- it: should not render Cluster Roles if metrics.enabled = false or metrics.authProxy.enabled = false + set: + metrics.enabled: false + metrics.authProxy.enabled: false + asserts: + - hasDocuments: + count: 0 + template: clusterrole.yaml +- it: should render Cluster Roles if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - hasDocuments: + count: 2 + template: clusterrole.yaml +- it: should render Cluster Roles with default rbac api version if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1 +- it: should render Cluster Roles with custom rbac api version if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + rbac.apiVersion: v1beta + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1beta \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/clusterrolebinding_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/clusterrolebinding_test.yaml new file mode 100755 index 000000000..2129573a3 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/clusterrolebinding_test.yaml @@ -0,0 +1,42 @@ +suite: Test Cluster Role Bindings +templates: +- clusterrolebinding.yaml +tests: +- it: should render Cluster Role Bindings with default rbac api version + set: + rbac.apiVersion: v1 + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1 +- it: should render Cluster Role Bindings with custom rbac api version + set: + rbac.apiVersion: v1beta + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1beta +- it: should not render Cluster Role Binding proxy if metrics.enabled = false or metrics.authProxy.enabled = false + set: + metrics.enabled: false + metrics.authProxy.enabled: false + asserts: + - hasDocuments: + count: 1 + template: clusterrolebinding.yaml +- it: should render Cluster Role Bindings proxy if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - hasDocuments: + count: 2 + template: clusterrolebinding.yaml +- it: should render Cluster Role Bindings with default rbac api version if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1 \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/deployment_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/deployment_test.yaml new file mode 100755 index 000000000..50e3f9ec1 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/deployment_test.yaml @@ -0,0 +1,202 @@ +suite: Test Deployments +templates: +- deployment.yaml +tests: +- it: should render Deployment with allowed-external-ip-cidrs arg if allowedExternalIPCidrs is set + release: + name: rancher-externalip-webhook + set: + allowedExternalIPCidrs: "1,2" + asserts: + - equal: + path: spec.template.spec.containers[0].args[1] + value: --allowed-external-ip-cidrs=1,2 +- it: should render Deployment with default port, nodeSelector and tolerations if metrics.enabled = false and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP + - equal: + path: spec.template.spec.tolerations[0] + value: + key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + - equal: + path: spec.template.spec.nodeSelector + value: + kubernetes.io/os: linux +- it: should render Deployment with default port and custom nodeSelector and tolerations if metrics.enabled = false and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + set: + tolerations: + - key: "cattle.io/test" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + nodeSelector: + kubernetes.io/test: linux + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP + - equal: + path: spec.template.spec.tolerations[0] + value: + key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + - equal: + path: spec.template.spec.tolerations[1] + value: + key: "cattle.io/test" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + - equal: + path: spec.template.spec.nodeSelector + value: + kubernetes.io/os: linux + kubernetes.io/test: linux +- it: should render Deployment with custom port and image if metrics.enabled = false and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + set: + webhookPort: 9000 + image.repository: test + image.tag: dev-test + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].image + value: test:dev-test + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9000 + name: webhook-server + protocol: TCP +- it: should render Deployment with default metrics port if metrics.enabled = true and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + set: + metrics.enabled: true + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP + - equal: + path: spec.template.spec.containers[0].ports[1] + value: + containerPort: 8443 + name: webhook-metrics + protocol: TCP +- it: should render Deployment with custom metrics port if metrics.enabled = true and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + set: + metrics.enabled: true + metrics.port: 8000 + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP + - equal: + path: spec.template.spec.containers[0].ports[1] + value: + containerPort: 8000 + name: webhook-metrics + protocol: TCP +- it: should render Deployment with default metrics port if metrics.enabled = true and metrics.authProxy.enabled = true + release: + name: rancher-externalip-webhook + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook-auth-proxy + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 8443 + name: webhook-metrics + protocol: TCP + - equal: + path: spec.template.spec.containers[1].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[1].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP +- it: should render Deployment with custom metrics port and image if metrics.enabled = true and metrics.authProxy.enabled = true + release: + name: rancher-externalip-webhook + set: + metrics.enabled: true + metrics.authProxy.enabled: true + metrics.port: 8000 + webhookPort: 9000 + image.repository: test + image.tag: dev-test + metrics.authProxy.image.repository: auth + metrics.authProxy.image.tag: auth-test + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook-auth-proxy + - equal: + path: spec.template.spec.containers[0].image + value: auth:auth-test + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 8000 + name: webhook-metrics + protocol: TCP + - equal: + path: spec.template.spec.containers[1].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[1].image + value: test:dev-test + - equal: + path: spec.template.spec.containers[1].ports[0] + value: + containerPort: 9000 + name: webhook-server + protocol: TCP \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/issuer_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/issuer_test.yaml new file mode 100755 index 000000000..eeeb660b2 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/issuer_test.yaml @@ -0,0 +1,106 @@ +suite: Test Issuers +templates: +- issuer.yaml +tests: +- it: should not render issuer if certificates.certManager.enabled = false + set: + certificates.certManager.enabled: false + asserts: + - hasDocuments: + count: 0 + template: issuer.yaml +- it: should render issuer if certificates.certManager.enabled = true + set: + certificates.certManager.enabled: true + asserts: + - hasDocuments: + count: 2 + template: issuer.yaml +- it: should set issuer apiVersion with default cert-manager + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 1.0.0 using capabilities + capabilities: + apiversions: + - cert-manager.io/v1 + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 0.16.0 using capabilities + capabilities: + apiversions: + - cert-manager.io/v1beta1 + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1beta1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 0.11.0 using capabilities + capabilities: + apiversions: + - cert-manager.io/v1alpha2 + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1alpha2 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager < 0.11.0 using capabilities + capabilities: + apiversions: + - certmanager.k8s.io/v1alpha1 + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: certmanager.k8s.io/v1alpha1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 1.0.0 using parameter + set: + certificates.certManager.version: 1.0.0 + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 0.16.0 using parameter + set: + certificates.certManager.version: 0.16.0 + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1beta1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 0.11.0 using parameter + set: + certificates.certManager.version: 0.11.0 + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1alpha2 + template: issuer.yaml +- it: should set letsEncrypt apiVersion with cert-manager < 0.11.0 using parameter + set: + certificates.certManager.version: 0.9.0 + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: certmanager.k8s.io/v1alpha1 + template: issuer.yaml diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/service_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/service_test.yaml new file mode 100755 index 000000000..a0ba4d352 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/service_test.yaml @@ -0,0 +1,69 @@ +suite: Test Services +templates: +- service.yaml +tests: +- it: should render webhook-server service with default webhookPort if metrics.enabled = false + set: + metrics.enabled: false + asserts: + - equal: + path: spec.ports[0] + value: + name: webhook-server + port: 443 + protocol: TCP + targetPort: 9443 +- it: should render webhook-server service with custom webhookPort if metrics.enabled = false + set: + metrics.enabled: false + webhookPort: 9000 + asserts: + - equal: + path: spec.ports[0] + value: + name: webhook-server + port: 443 + protocol: TCP + targetPort: 9000 +- it: should render webhook-server and webhook-metrics services with default webhookPort and metrics.port, if metrics.enabled = true + set: + metrics.enabled: true + asserts: + - equal: + path: spec.ports[0] + value: + name: webhook-server + port: 443 + protocol: TCP + targetPort: 9443 + documentIndex: 0 + - equal: + path: spec.ports[0] + value: + name: webhook-metrics + port: 8443 + protocol: TCP + targetPort: 8443 + documentIndex: 1 +- it: should render webhook-server and webhook-metrics services with custom webhookPort and metrics.port, if metrics.enabled = true + set: + metrics.enabled: true + metrics.port: 8000 + webhookPort: 9000 + asserts: + - equal: + path: spec.ports[0] + value: + name: webhook-server + port: 443 + protocol: TCP + targetPort: 9000 + documentIndex: 0 + - equal: + path: spec.ports[0] + value: + name: webhook-metrics + port: 8443 + protocol: TCP + targetPort: 8000 + documentIndex: 1 \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/serviceaccount_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/serviceaccount_test.yaml new file mode 100755 index 000000000..5aebbc74b --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/serviceaccount_test.yaml @@ -0,0 +1,9 @@ +suite: Test Service Accounts +templates: +- serviceaccount.yaml +tests: +- it: should render Service Account + asserts: + - hasDocuments: + count: 1 + template: serviceaccount.yaml diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/servicemonitor_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/servicemonitor_test.yaml new file mode 100755 index 000000000..21989265e --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/servicemonitor_test.yaml @@ -0,0 +1,20 @@ +suite: Test Service Monitors +templates: +- servicemonitor.yaml +tests: +- it: should not render Service Monitor if metrics.enabled = false or metrics.prometheusExport = false + set: + metrics.enabled: false + metrics.prometheusExport: false + asserts: + - hasDocuments: + count: 0 + template: servicemonitor.yaml +- it: should render Service Account if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.prometheusExport: true + asserts: + - hasDocuments: + count: 1 + template: servicemonitor.yaml diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/values.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/values.yaml new file mode 100755 index 000000000..832d2199e --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/values.yaml @@ -0,0 +1,67 @@ +## Allowed external IP cidrs +allowedExternalIPCidrs: "" +## Certificates generation for webhook +certificates: + certManager: + # Enable cert manager integration. Cert manager should be already installed at the k8s cluster + enabled: true + version: "" + # If cert-manager integration is disabled, add self signed ca.crt in base64 format + caBundle: "" + # If cert-manager integration is disabled, upload certs data (ca.crt, tls.crt and tls.key) as k8s secretName in the namespace + secretName: webhook-server-cert +## Details about the image to be pulled. +image: + pullPolicy: IfNotPresent + pullSecrets: [] + repository: rancher/externalip-webhook + tag: v0.1.6 +## Enabling metrics endpoint +# Webhook emits `webhook_failed_request_count` metrics whenever it rejects service creation or update operation +metrics: + enabled: false + port: 8443 + # Enable webhook metrics export to Prometheus + prometheusExport: false + # Webhook metrics auth proxy. This option is just available for amd64 arch + authProxy: + enabled: false + port: 8080 + image: + pullPolicy: IfNotPresent + pullSecrets: [] + repository: rancher/mirrored-kube-rbac-proxy + tag: v0.5.0 + resources: + limits: + memory: 30Mi + cpu: 100m + requests: + memory: 20Mi + cpu: 100m +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## RBAC +rbac: + apiVersion: v1 +## CPU and Memory limit and request for externalip-webhook +resources: + limits: + memory: 30Mi + cpu: 100m + requests: + memory: 20Mi + cpu: 100m +service: + metricsPort: 8443 + webhookPort: 443 +## Webhook serviceAccountName. Just used if metrics.authProxy.enabled = false +serviceAccountName: default +## List of node taints to tolerate (requires Kubernetes >= 1.6) +tolerations: [] +## Webhook server pod port +webhookPort: 9443 +global: + systemDefaultRegistry: "" diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/Chart.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/Chart.yaml new file mode 100644 index 000000000..5ed89e38d --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/Chart.yaml @@ -0,0 +1,11 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/experimental: "true" + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-gatekeeper-system + catalog.cattle.io/release-name: rancher-gatekeeper-crd +apiVersion: v1 +description: Installs the CRDs for rancher-gatekeeper. +name: rancher-gatekeeper-crd +type: application +version: 3.1.100 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/README.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/README.md new file mode 100644 index 000000000..a499b53e7 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/README.md @@ -0,0 +1,2 @@ +# rancher-gatekeeper-crd +A Rancher chart that installs the CRDs used by [rancher-gatekeeper](https://github.com/rancher/dev-charts/tree/master/packages/rancher-gatekeeper). diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/config-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/config-customresourcedefinition.yaml new file mode 100644 index 000000000..73ffbdc32 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/config-customresourcedefinition.yaml @@ -0,0 +1,106 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: configs.config.gatekeeper.sh +spec: + group: config.gatekeeper.sh + names: + kind: Config + listKind: ConfigList + plural: configs + shortNames: + - config + singular: config + scope: Namespaced + validation: + openAPIV3Schema: + description: Config is the Schema for the configs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfigSpec defines the desired state of Config + properties: + match: + description: Configuration for namespace exclusion + items: + properties: + excludedNamespaces: + items: + type: string + type: array + processes: + items: + type: string + type: array + type: object + type: array + readiness: + description: Configuration for readiness tracker + properties: + statsEnabled: + type: boolean + type: object + sync: + description: Configuration for syncing k8s objects + properties: + syncOnly: + description: If non-empty, only entries on this list will be replicated into OPA + items: + properties: + group: + type: string + kind: + type: string + version: + type: string + type: object + type: array + type: object + validation: + description: Configuration for validation + properties: + traces: + description: List of requests to trace. Both "user" and "kinds" must be specified + items: + properties: + dump: + description: Also dump the state of OPA with the trace. Set to `All` to dump everything. + type: string + kind: + description: Only trace requests of the following GroupVersionKind + properties: + group: + type: string + kind: + type: string + version: + type: string + type: object + user: + description: Only trace requests from the specified user + type: string + type: object + type: array + type: object + type: object + status: + description: ConfigStatus defines the observed state of Config + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/constraintpodstatus-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/constraintpodstatus-customresourcedefinition.yaml new file mode 100644 index 000000000..f8e552080 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/constraintpodstatus-customresourcedefinition.yaml @@ -0,0 +1,68 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constraintpodstatuses.status.gatekeeper.sh +spec: + group: status.gatekeeper.sh + names: + kind: ConstraintPodStatus + listKind: ConstraintPodStatusList + plural: constraintpodstatuses + singular: constraintpodstatus + scope: Namespaced + validation: + openAPIV3Schema: + description: ConstraintPodStatus is the Schema for the constraintpodstatuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus + properties: + constraintUID: + description: Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch + type: string + enforced: + type: boolean + errors: + items: + description: Error represents a single error caught while adding a constraint to OPA + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + type: string + observedGeneration: + format: int64 + type: integer + operations: + items: + type: string + type: array + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/constrainttemplate-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/constrainttemplate-customresourcedefinition.yaml new file mode 100644 index 000000000..ca171c738 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/constrainttemplate-customresourcedefinition.yaml @@ -0,0 +1,99 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constrainttemplates.templates.gatekeeper.sh +spec: + group: templates.gatekeeper.sh + names: + kind: ConstraintTemplate + plural: constrainttemplates + shortNames: + - constraints + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + crd: + properties: + spec: + properties: + names: + properties: + kind: + type: string + shortNames: + items: + type: string + type: array + type: object + validation: + type: object + type: object + type: object + targets: + items: + properties: + libs: + items: + type: string + type: array + rego: + type: string + target: + type: string + type: object + type: array + type: object + status: + properties: + byPod: + items: + properties: + errors: + items: + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + description: a unique identifier for the pod that wrote the status + type: string + observedGeneration: + format: int64 + type: integer + type: object + type: array + created: + type: boolean + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true + - name: v1alpha1 + served: true + storage: false diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/constrainttemplatepodstatus-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/constrainttemplatepodstatus-customresourcedefinition.yaml new file mode 100644 index 000000000..804dca48c --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/constrainttemplatepodstatus-customresourcedefinition.yaml @@ -0,0 +1,67 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constrainttemplatepodstatuses.status.gatekeeper.sh +spec: + group: status.gatekeeper.sh + names: + kind: ConstraintTemplatePodStatus + listKind: ConstraintTemplatePodStatusList + plural: constrainttemplatepodstatuses + singular: constrainttemplatepodstatus + scope: Namespaced + validation: + openAPIV3Schema: + description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: ConstraintTemplatePodStatusStatus defines the observed state of ConstraintTemplatePodStatus + properties: + errors: + items: + description: CreateCRDError represents a single error caught during parsing, compiling, etc. + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + description: 'Important: Run "make" to regenerate code after modifying this file' + type: string + observedGeneration: + format: int64 + type: integer + operations: + items: + type: string + type: array + templateUID: + description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + type: string + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/Chart.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/Chart.yaml new file mode 100644 index 000000000..8d1a18729 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/Chart.yaml @@ -0,0 +1,11 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/experimental: "true" + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-gatekeeper-system + catalog.cattle.io/release-name: rancher-gatekeeper-crd +apiVersion: v1 +description: Installs the CRDs for rancher-gatekeeper. +name: rancher-gatekeeper-crd +type: application +version: 3.1.101 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/README.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/README.md new file mode 100644 index 000000000..26079c833 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/README.md @@ -0,0 +1,2 @@ +# rancher-gatekeeper-crd +A Rancher chart that installs the CRDs used by rancher-gatekeeper. diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/config-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/config-customresourcedefinition.yaml new file mode 100644 index 000000000..73ffbdc32 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/config-customresourcedefinition.yaml @@ -0,0 +1,106 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: configs.config.gatekeeper.sh +spec: + group: config.gatekeeper.sh + names: + kind: Config + listKind: ConfigList + plural: configs + shortNames: + - config + singular: config + scope: Namespaced + validation: + openAPIV3Schema: + description: Config is the Schema for the configs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfigSpec defines the desired state of Config + properties: + match: + description: Configuration for namespace exclusion + items: + properties: + excludedNamespaces: + items: + type: string + type: array + processes: + items: + type: string + type: array + type: object + type: array + readiness: + description: Configuration for readiness tracker + properties: + statsEnabled: + type: boolean + type: object + sync: + description: Configuration for syncing k8s objects + properties: + syncOnly: + description: If non-empty, only entries on this list will be replicated into OPA + items: + properties: + group: + type: string + kind: + type: string + version: + type: string + type: object + type: array + type: object + validation: + description: Configuration for validation + properties: + traces: + description: List of requests to trace. Both "user" and "kinds" must be specified + items: + properties: + dump: + description: Also dump the state of OPA with the trace. Set to `All` to dump everything. + type: string + kind: + description: Only trace requests of the following GroupVersionKind + properties: + group: + type: string + kind: + type: string + version: + type: string + type: object + user: + description: Only trace requests from the specified user + type: string + type: object + type: array + type: object + type: object + status: + description: ConfigStatus defines the observed state of Config + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/constraintpodstatus-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/constraintpodstatus-customresourcedefinition.yaml new file mode 100644 index 000000000..f8e552080 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/constraintpodstatus-customresourcedefinition.yaml @@ -0,0 +1,68 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constraintpodstatuses.status.gatekeeper.sh +spec: + group: status.gatekeeper.sh + names: + kind: ConstraintPodStatus + listKind: ConstraintPodStatusList + plural: constraintpodstatuses + singular: constraintpodstatus + scope: Namespaced + validation: + openAPIV3Schema: + description: ConstraintPodStatus is the Schema for the constraintpodstatuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus + properties: + constraintUID: + description: Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch + type: string + enforced: + type: boolean + errors: + items: + description: Error represents a single error caught while adding a constraint to OPA + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + type: string + observedGeneration: + format: int64 + type: integer + operations: + items: + type: string + type: array + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/constrainttemplate-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/constrainttemplate-customresourcedefinition.yaml new file mode 100644 index 000000000..ca171c738 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/constrainttemplate-customresourcedefinition.yaml @@ -0,0 +1,99 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constrainttemplates.templates.gatekeeper.sh +spec: + group: templates.gatekeeper.sh + names: + kind: ConstraintTemplate + plural: constrainttemplates + shortNames: + - constraints + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + crd: + properties: + spec: + properties: + names: + properties: + kind: + type: string + shortNames: + items: + type: string + type: array + type: object + validation: + type: object + type: object + type: object + targets: + items: + properties: + libs: + items: + type: string + type: array + rego: + type: string + target: + type: string + type: object + type: array + type: object + status: + properties: + byPod: + items: + properties: + errors: + items: + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + description: a unique identifier for the pod that wrote the status + type: string + observedGeneration: + format: int64 + type: integer + type: object + type: array + created: + type: boolean + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true + - name: v1alpha1 + served: true + storage: false diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/constrainttemplatepodstatus-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/constrainttemplatepodstatus-customresourcedefinition.yaml new file mode 100644 index 000000000..804dca48c --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/constrainttemplatepodstatus-customresourcedefinition.yaml @@ -0,0 +1,67 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constrainttemplatepodstatuses.status.gatekeeper.sh +spec: + group: status.gatekeeper.sh + names: + kind: ConstraintTemplatePodStatus + listKind: ConstraintTemplatePodStatusList + plural: constrainttemplatepodstatuses + singular: constrainttemplatepodstatus + scope: Namespaced + validation: + openAPIV3Schema: + description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: ConstraintTemplatePodStatusStatus defines the observed state of ConstraintTemplatePodStatus + properties: + errors: + items: + description: CreateCRDError represents a single error caught during parsing, compiling, etc. + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + description: 'Important: Run "make" to regenerate code after modifying this file' + type: string + observedGeneration: + format: int64 + type: integer + operations: + items: + type: string + type: array + templateUID: + description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + type: string + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/Chart.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/Chart.yaml new file mode 100644 index 000000000..0528569c7 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/Chart.yaml @@ -0,0 +1,11 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/experimental: "true" + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-gatekeeper-system + catalog.cattle.io/release-name: rancher-gatekeeper-crd +apiVersion: v1 +description: Installs the CRDs for rancher-gatekeeper. +name: rancher-gatekeeper-crd +type: application +version: 3.2.101 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/README.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/README.md new file mode 100644 index 000000000..26079c833 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/README.md @@ -0,0 +1,2 @@ +# rancher-gatekeeper-crd +A Rancher chart that installs the CRDs used by rancher-gatekeeper. diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/config-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/config-customresourcedefinition.yaml new file mode 100644 index 000000000..73ffbdc32 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/config-customresourcedefinition.yaml @@ -0,0 +1,106 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: configs.config.gatekeeper.sh +spec: + group: config.gatekeeper.sh + names: + kind: Config + listKind: ConfigList + plural: configs + shortNames: + - config + singular: config + scope: Namespaced + validation: + openAPIV3Schema: + description: Config is the Schema for the configs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfigSpec defines the desired state of Config + properties: + match: + description: Configuration for namespace exclusion + items: + properties: + excludedNamespaces: + items: + type: string + type: array + processes: + items: + type: string + type: array + type: object + type: array + readiness: + description: Configuration for readiness tracker + properties: + statsEnabled: + type: boolean + type: object + sync: + description: Configuration for syncing k8s objects + properties: + syncOnly: + description: If non-empty, only entries on this list will be replicated into OPA + items: + properties: + group: + type: string + kind: + type: string + version: + type: string + type: object + type: array + type: object + validation: + description: Configuration for validation + properties: + traces: + description: List of requests to trace. Both "user" and "kinds" must be specified + items: + properties: + dump: + description: Also dump the state of OPA with the trace. Set to `All` to dump everything. + type: string + kind: + description: Only trace requests of the following GroupVersionKind + properties: + group: + type: string + kind: + type: string + version: + type: string + type: object + user: + description: Only trace requests from the specified user + type: string + type: object + type: array + type: object + type: object + status: + description: ConfigStatus defines the observed state of Config + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/constraintpodstatus-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/constraintpodstatus-customresourcedefinition.yaml new file mode 100644 index 000000000..f8e552080 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/constraintpodstatus-customresourcedefinition.yaml @@ -0,0 +1,68 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constraintpodstatuses.status.gatekeeper.sh +spec: + group: status.gatekeeper.sh + names: + kind: ConstraintPodStatus + listKind: ConstraintPodStatusList + plural: constraintpodstatuses + singular: constraintpodstatus + scope: Namespaced + validation: + openAPIV3Schema: + description: ConstraintPodStatus is the Schema for the constraintpodstatuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus + properties: + constraintUID: + description: Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch + type: string + enforced: + type: boolean + errors: + items: + description: Error represents a single error caught while adding a constraint to OPA + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + type: string + observedGeneration: + format: int64 + type: integer + operations: + items: + type: string + type: array + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/constrainttemplate-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/constrainttemplate-customresourcedefinition.yaml new file mode 100644 index 000000000..41daf22de --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/constrainttemplate-customresourcedefinition.yaml @@ -0,0 +1,97 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constrainttemplates.templates.gatekeeper.sh +spec: + group: templates.gatekeeper.sh + names: + kind: ConstraintTemplate + plural: constrainttemplates + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + crd: + properties: + spec: + properties: + names: + properties: + kind: + type: string + shortNames: + items: + type: string + type: array + type: object + validation: + type: object + type: object + type: object + targets: + items: + properties: + libs: + items: + type: string + type: array + rego: + type: string + target: + type: string + type: object + type: array + type: object + status: + properties: + byPod: + items: + properties: + errors: + items: + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + description: a unique identifier for the pod that wrote the status + type: string + observedGeneration: + format: int64 + type: integer + type: object + type: array + created: + type: boolean + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true + - name: v1alpha1 + served: true + storage: false diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml new file mode 100644 index 000000000..804dca48c --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml @@ -0,0 +1,67 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constrainttemplatepodstatuses.status.gatekeeper.sh +spec: + group: status.gatekeeper.sh + names: + kind: ConstraintTemplatePodStatus + listKind: ConstraintTemplatePodStatusList + plural: constrainttemplatepodstatuses + singular: constrainttemplatepodstatus + scope: Namespaced + validation: + openAPIV3Schema: + description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: ConstraintTemplatePodStatusStatus defines the observed state of ConstraintTemplatePodStatus + properties: + errors: + items: + description: CreateCRDError represents a single error caught during parsing, compiling, etc. + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + description: 'Important: Run "make" to regenerate code after modifying this file' + type: string + observedGeneration: + format: int64 + type: integer + operations: + items: + type: string + type: array + templateUID: + description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + type: string + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/_helpers.tpl b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/_helpers.tpl new file mode 100644 index 000000000..39b26c195 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/_helpers.tpl @@ -0,0 +1,7 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/jobs.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/jobs.yaml new file mode 100644 index 000000000..709005fd9 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/jobs.yaml @@ -0,0 +1,92 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-create + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": post-install, post-upgrade, post-rollback + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-create + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: create-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-delete + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-delete + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + initContainers: + - name: remove-finalizers + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + containers: + - name: delete-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - delete + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/manifest.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/manifest.yaml new file mode 100644 index 000000000..31016b6ef --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/manifest.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-manifest + namespace: {{ .Release.Namespace }} +data: + crd-manifest.yaml: | + {{- $currentScope := . -}} + {{- $crds := (.Files.Glob "crd-manifest/**.yaml") -}} + {{- range $path, $_ := $crds -}} + {{- with $currentScope -}} + {{ .Files.Get $path | nindent 4 }} + --- + {{- end -}}{{- end -}} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/rbac.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/rbac.yaml new file mode 100644 index 000000000..bdda1ddad --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/rbac.yaml @@ -0,0 +1,72 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: ['create', 'get', 'patch', 'delete'] +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ .Chart.Name }}-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Chart.Name }}-manager +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +spec: + privileged: false + allowPrivilegeEscalation: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/values.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/values.yaml new file mode 100644 index 000000000..f65bba463 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/values.yaml @@ -0,0 +1,11 @@ +# Default values for rancher-gatekeeper-crd. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + +image: + repository: rancher/kubectl + tag: v1.18.6 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/Chart.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/Chart.yaml new file mode 100755 index 000000000..f8022e80b --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-gatekeeper-system + catalog.cattle.io/release-name: rancher-gatekeeper-crd +apiVersion: v1 +description: Installs the CRDs for rancher-gatekeeper. +name: rancher-gatekeeper-crd +type: application +version: 3.3.000 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/README.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/README.md new file mode 100755 index 000000000..26079c833 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/README.md @@ -0,0 +1,2 @@ +# rancher-gatekeeper-crd +A Rancher chart that installs the CRDs used by rancher-gatekeeper. diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/config-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/config-customresourcedefinition.yaml new file mode 100755 index 000000000..73ffbdc32 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/config-customresourcedefinition.yaml @@ -0,0 +1,106 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: configs.config.gatekeeper.sh +spec: + group: config.gatekeeper.sh + names: + kind: Config + listKind: ConfigList + plural: configs + shortNames: + - config + singular: config + scope: Namespaced + validation: + openAPIV3Schema: + description: Config is the Schema for the configs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfigSpec defines the desired state of Config + properties: + match: + description: Configuration for namespace exclusion + items: + properties: + excludedNamespaces: + items: + type: string + type: array + processes: + items: + type: string + type: array + type: object + type: array + readiness: + description: Configuration for readiness tracker + properties: + statsEnabled: + type: boolean + type: object + sync: + description: Configuration for syncing k8s objects + properties: + syncOnly: + description: If non-empty, only entries on this list will be replicated into OPA + items: + properties: + group: + type: string + kind: + type: string + version: + type: string + type: object + type: array + type: object + validation: + description: Configuration for validation + properties: + traces: + description: List of requests to trace. Both "user" and "kinds" must be specified + items: + properties: + dump: + description: Also dump the state of OPA with the trace. Set to `All` to dump everything. + type: string + kind: + description: Only trace requests of the following GroupVersionKind + properties: + group: + type: string + kind: + type: string + version: + type: string + type: object + user: + description: Only trace requests from the specified user + type: string + type: object + type: array + type: object + type: object + status: + description: ConfigStatus defines the observed state of Config + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/constraintpodstatus-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/constraintpodstatus-customresourcedefinition.yaml new file mode 100755 index 000000000..f8e552080 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/constraintpodstatus-customresourcedefinition.yaml @@ -0,0 +1,68 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constraintpodstatuses.status.gatekeeper.sh +spec: + group: status.gatekeeper.sh + names: + kind: ConstraintPodStatus + listKind: ConstraintPodStatusList + plural: constraintpodstatuses + singular: constraintpodstatus + scope: Namespaced + validation: + openAPIV3Schema: + description: ConstraintPodStatus is the Schema for the constraintpodstatuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus + properties: + constraintUID: + description: Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch + type: string + enforced: + type: boolean + errors: + items: + description: Error represents a single error caught while adding a constraint to OPA + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + type: string + observedGeneration: + format: int64 + type: integer + operations: + items: + type: string + type: array + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/constrainttemplate-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/constrainttemplate-customresourcedefinition.yaml new file mode 100755 index 000000000..41daf22de --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/constrainttemplate-customresourcedefinition.yaml @@ -0,0 +1,97 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constrainttemplates.templates.gatekeeper.sh +spec: + group: templates.gatekeeper.sh + names: + kind: ConstraintTemplate + plural: constrainttemplates + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + crd: + properties: + spec: + properties: + names: + properties: + kind: + type: string + shortNames: + items: + type: string + type: array + type: object + validation: + type: object + type: object + type: object + targets: + items: + properties: + libs: + items: + type: string + type: array + rego: + type: string + target: + type: string + type: object + type: array + type: object + status: + properties: + byPod: + items: + properties: + errors: + items: + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + description: a unique identifier for the pod that wrote the status + type: string + observedGeneration: + format: int64 + type: integer + type: object + type: array + created: + type: boolean + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true + - name: v1alpha1 + served: true + storage: false diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml new file mode 100755 index 000000000..804dca48c --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml @@ -0,0 +1,67 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constrainttemplatepodstatuses.status.gatekeeper.sh +spec: + group: status.gatekeeper.sh + names: + kind: ConstraintTemplatePodStatus + listKind: ConstraintTemplatePodStatusList + plural: constrainttemplatepodstatuses + singular: constrainttemplatepodstatus + scope: Namespaced + validation: + openAPIV3Schema: + description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: ConstraintTemplatePodStatusStatus defines the observed state of ConstraintTemplatePodStatus + properties: + errors: + items: + description: CreateCRDError represents a single error caught during parsing, compiling, etc. + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + description: 'Important: Run "make" to regenerate code after modifying this file' + type: string + observedGeneration: + format: int64 + type: integer + operations: + items: + type: string + type: array + templateUID: + description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + type: string + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/_helpers.tpl b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/_helpers.tpl new file mode 100755 index 000000000..39b26c195 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/_helpers.tpl @@ -0,0 +1,7 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/jobs.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/jobs.yaml new file mode 100755 index 000000000..709005fd9 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/jobs.yaml @@ -0,0 +1,92 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-create + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": post-install, post-upgrade, post-rollback + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-create + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: create-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-delete + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-delete + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + initContainers: + - name: remove-finalizers + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + containers: + - name: delete-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - delete + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/manifest.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/manifest.yaml new file mode 100755 index 000000000..31016b6ef --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/manifest.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-manifest + namespace: {{ .Release.Namespace }} +data: + crd-manifest.yaml: | + {{- $currentScope := . -}} + {{- $crds := (.Files.Glob "crd-manifest/**.yaml") -}} + {{- range $path, $_ := $crds -}} + {{- with $currentScope -}} + {{ .Files.Get $path | nindent 4 }} + --- + {{- end -}}{{- end -}} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/rbac.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/rbac.yaml new file mode 100755 index 000000000..bdda1ddad --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/rbac.yaml @@ -0,0 +1,72 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: ['create', 'get', 'patch', 'delete'] +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ .Chart.Name }}-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Chart.Name }}-manager +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +spec: + privileged: false + allowPrivilegeEscalation: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/values.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/values.yaml new file mode 100755 index 000000000..f65bba463 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/values.yaml @@ -0,0 +1,11 @@ +# Default values for rancher-gatekeeper-crd. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + +image: + repository: rancher/kubectl + tag: v1.18.6 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/Chart.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/Chart.yaml new file mode 100755 index 000000000..00336402c --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-gatekeeper-system + catalog.cattle.io/release-name: rancher-gatekeeper-crd +apiVersion: v1 +description: Installs the CRDs for rancher-gatekeeper. +name: rancher-gatekeeper-crd +type: application +version: 3.3.001 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/README.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/README.md new file mode 100755 index 000000000..26079c833 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/README.md @@ -0,0 +1,2 @@ +# rancher-gatekeeper-crd +A Rancher chart that installs the CRDs used by rancher-gatekeeper. diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/config-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/config-customresourcedefinition.yaml new file mode 100755 index 000000000..73ffbdc32 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/config-customresourcedefinition.yaml @@ -0,0 +1,106 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: configs.config.gatekeeper.sh +spec: + group: config.gatekeeper.sh + names: + kind: Config + listKind: ConfigList + plural: configs + shortNames: + - config + singular: config + scope: Namespaced + validation: + openAPIV3Schema: + description: Config is the Schema for the configs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfigSpec defines the desired state of Config + properties: + match: + description: Configuration for namespace exclusion + items: + properties: + excludedNamespaces: + items: + type: string + type: array + processes: + items: + type: string + type: array + type: object + type: array + readiness: + description: Configuration for readiness tracker + properties: + statsEnabled: + type: boolean + type: object + sync: + description: Configuration for syncing k8s objects + properties: + syncOnly: + description: If non-empty, only entries on this list will be replicated into OPA + items: + properties: + group: + type: string + kind: + type: string + version: + type: string + type: object + type: array + type: object + validation: + description: Configuration for validation + properties: + traces: + description: List of requests to trace. Both "user" and "kinds" must be specified + items: + properties: + dump: + description: Also dump the state of OPA with the trace. Set to `All` to dump everything. + type: string + kind: + description: Only trace requests of the following GroupVersionKind + properties: + group: + type: string + kind: + type: string + version: + type: string + type: object + user: + description: Only trace requests from the specified user + type: string + type: object + type: array + type: object + type: object + status: + description: ConfigStatus defines the observed state of Config + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/constraintpodstatus-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/constraintpodstatus-customresourcedefinition.yaml new file mode 100755 index 000000000..f8e552080 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/constraintpodstatus-customresourcedefinition.yaml @@ -0,0 +1,68 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constraintpodstatuses.status.gatekeeper.sh +spec: + group: status.gatekeeper.sh + names: + kind: ConstraintPodStatus + listKind: ConstraintPodStatusList + plural: constraintpodstatuses + singular: constraintpodstatus + scope: Namespaced + validation: + openAPIV3Schema: + description: ConstraintPodStatus is the Schema for the constraintpodstatuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus + properties: + constraintUID: + description: Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch + type: string + enforced: + type: boolean + errors: + items: + description: Error represents a single error caught while adding a constraint to OPA + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + type: string + observedGeneration: + format: int64 + type: integer + operations: + items: + type: string + type: array + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/constrainttemplate-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/constrainttemplate-customresourcedefinition.yaml new file mode 100755 index 000000000..41daf22de --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/constrainttemplate-customresourcedefinition.yaml @@ -0,0 +1,97 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constrainttemplates.templates.gatekeeper.sh +spec: + group: templates.gatekeeper.sh + names: + kind: ConstraintTemplate + plural: constrainttemplates + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + crd: + properties: + spec: + properties: + names: + properties: + kind: + type: string + shortNames: + items: + type: string + type: array + type: object + validation: + type: object + type: object + type: object + targets: + items: + properties: + libs: + items: + type: string + type: array + rego: + type: string + target: + type: string + type: object + type: array + type: object + status: + properties: + byPod: + items: + properties: + errors: + items: + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + description: a unique identifier for the pod that wrote the status + type: string + observedGeneration: + format: int64 + type: integer + type: object + type: array + created: + type: boolean + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true + - name: v1alpha1 + served: true + storage: false diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml new file mode 100755 index 000000000..804dca48c --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml @@ -0,0 +1,67 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constrainttemplatepodstatuses.status.gatekeeper.sh +spec: + group: status.gatekeeper.sh + names: + kind: ConstraintTemplatePodStatus + listKind: ConstraintTemplatePodStatusList + plural: constrainttemplatepodstatuses + singular: constrainttemplatepodstatus + scope: Namespaced + validation: + openAPIV3Schema: + description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: ConstraintTemplatePodStatusStatus defines the observed state of ConstraintTemplatePodStatus + properties: + errors: + items: + description: CreateCRDError represents a single error caught during parsing, compiling, etc. + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + description: 'Important: Run "make" to regenerate code after modifying this file' + type: string + observedGeneration: + format: int64 + type: integer + operations: + items: + type: string + type: array + templateUID: + description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + type: string + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/_helpers.tpl b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/_helpers.tpl new file mode 100755 index 000000000..39b26c195 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/_helpers.tpl @@ -0,0 +1,7 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/jobs.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/jobs.yaml new file mode 100755 index 000000000..709005fd9 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/jobs.yaml @@ -0,0 +1,92 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-create + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": post-install, post-upgrade, post-rollback + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-create + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: create-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-delete + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-delete + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + initContainers: + - name: remove-finalizers + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + containers: + - name: delete-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - delete + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/manifest.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/manifest.yaml new file mode 100755 index 000000000..31016b6ef --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/manifest.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-manifest + namespace: {{ .Release.Namespace }} +data: + crd-manifest.yaml: | + {{- $currentScope := . -}} + {{- $crds := (.Files.Glob "crd-manifest/**.yaml") -}} + {{- range $path, $_ := $crds -}} + {{- with $currentScope -}} + {{ .Files.Get $path | nindent 4 }} + --- + {{- end -}}{{- end -}} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/rbac.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/rbac.yaml new file mode 100755 index 000000000..bdda1ddad --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/rbac.yaml @@ -0,0 +1,72 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: ['create', 'get', 'patch', 'delete'] +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ .Chart.Name }}-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Chart.Name }}-manager +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +spec: + privileged: false + allowPrivilegeEscalation: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/values.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/values.yaml new file mode 100755 index 000000000..657ccacf8 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/values.yaml @@ -0,0 +1,11 @@ +# Default values for rancher-gatekeeper-crd. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + +image: + repository: rancher/kubectl + tag: v1.20.2 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/.helmignore b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/CHANGELOG.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/CHANGELOG.md new file mode 100644 index 000000000..c68d23c24 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/CHANGELOG.md @@ -0,0 +1,15 @@ +# Changelog +All notable changes from the upstream OPA Gatekeeper chart will be added to this file + +## [Package Version 00] - 2020-09-10 +### Added +- Enabled the CRD chart generator in `package.yaml` + +### Modified +- Updated namespace to `cattle-gatekeeper-system` +- Updated for Helm 3 compatibility + - Moved crds to `crds` directory + - Removed `crd-install` hooks and templates from crds + +### Removed +- Removed `gatekeeper-system-namespace.yaml` as Rancher handles namespaces for chart installation diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/Chart.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/Chart.yaml new file mode 100644 index 000000000..0d94d3278 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/Chart.yaml @@ -0,0 +1,21 @@ +annotations: + catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/experimental: "true" + catalog.cattle.io/namespace: cattle-gatekeeper-system + catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1 + catalog.cattle.io/release-name: rancher-gatekeeper + catalog.cattle.io/os: linux +apiVersion: v1 +appVersion: v3.1.1 +description: Modifies Open Policy Agent's upstream gatekeeper chart that provides + policy-based control for cloud native environments +home: https://github.com/open-policy-agent/gatekeeper +icon: https://charts.rancher.io/assets/logos/gatekeeper.svg +keywords: +- open policy agent +- security +name: rancher-gatekeeper +sources: +- https://github.com/open-policy-agent/gatekeeper.git +version: 3.1.100 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/README.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/README.md new file mode 100644 index 000000000..280a64565 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/README.md @@ -0,0 +1,33 @@ +# Gatekeeper Helm Chart + +## Parameters + +| Parameter | Description | Default | +| :------------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------ | +| auditInterval | The frequency with which audit is run | `300` | +| constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20` | +| auditFromCache | Take the roster of resources to audit from the OPA cache | `false` | +| auditChunkSize | Chunk size for listing cluster resources for audit (alpha feature) | `0` | +| disableValidatingWebhook | Disable ValidatingWebhook | `false` | +| emitAdmissionEvents | Emit K8s events in gatekeeper namespace for admission violations (alpha feature) | `false` | +| emitAuditEvents | Emit K8s events in gatekeeper namespace for audit violations (alpha feature) | `false` | +| logLevel | Minimum log level | `INFO` | +| image.pullPolicy | The image pull policy | `IfNotPresent` | +| image.repository | Image repository | `openpolicyagent/gatekeeper` | +| image.release | The image release tag to use | Current release version: `v3.1.1` | +| resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi | +| nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` | +| affinity | The node affinity to use for pod scheduling | `{}` | +| tolerations | The tolerations to use for pod scheduling | `[]` | +| replicas | The number of Gatekeeper replicas to deploy for the webhook | `1` | +| podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` | +| customResourceDefinitions.create | Whether the release should install CRDs. Regardless of this value, Helm v3+ will install the CRDs if those are not present already. Use --skip-crds with helm install if you want to skip CRD creation | `true` | + +## Contributing Changes + +This Helm chart is autogenerated from the Gatekeeper static manifest. The +generator code lives under `cmd/build/helmify`. To make modifications to this +template, please edit `kustomization.yaml` and `replacements.go` under that +directory and then run `make manifests`. Your changes will show up in the +`manifest_staging` directory and will be promoted to the root `charts` directory +the next time a Gatekeeper release is cut. diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/_helpers.tpl b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/_helpers.tpl new file mode 100644 index 000000000..f5d0ab307 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/_helpers.tpl @@ -0,0 +1,52 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "gatekeeper.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gatekeeper.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gatekeeper.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "gatekeeper.labels" -}} +app.kubernetes.io/name: {{ include "gatekeeper.name" . }} +helm.sh/chart: {{ include "gatekeeper.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/allowedrepos.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/allowedrepos.yaml new file mode 100644 index 000000000..9abb84ecb --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/allowedrepos.yaml @@ -0,0 +1,35 @@ +apiVersion: templates.gatekeeper.sh/v1beta1 +kind: ConstraintTemplate +metadata: + name: k8sallowedrepos +spec: + crd: + spec: + names: + kind: K8sAllowedRepos + validation: + # Schema for the `parameters` field + openAPIV3Schema: + properties: + repos: + type: array + items: + type: string + targets: + - target: admission.k8s.gatekeeper.sh + rego: | + package k8sallowedrepos + + violation[{"msg": msg}] { + container := input.review.object.spec.containers[_] + satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)] + not any(satisfied) + msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos]) + } + + violation[{"msg": msg}] { + container := input.review.object.spec.initContainers[_] + satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)] + not any(satisfied) + msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos]) + } diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-admin-serviceaccount.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-admin-serviceaccount.yaml new file mode 100644 index 000000000..4b68998cb --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-admin-serviceaccount.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-audit-deployment.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-audit-deployment.yaml new file mode 100644 index 000000000..561ac5c6e --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-audit-deployment.yaml @@ -0,0 +1,96 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-audit + namespace: '{{ .Release.Namespace }}' +spec: + replicas: 1 + selector: + matchLabels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + template: + metadata: + annotations: +{{- toYaml .Values.podAnnotations | trim | nindent 8 }} + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + spec: + containers: + - args: + - --audit-interval={{ .Values.auditInterval }} + - --log-level={{ .Values.logLevel }} + - --constraint-violations-limit={{ .Values.constraintViolationsLimit }} + - --audit-from-cache={{ .Values.auditFromCache }} + - --audit-chunk-size={{ .Values.auditChunkSize }} + - --emit-audit-events={{ .Values.emitAuditEvents }} + - --operation=audit + - --operation=status + - --logtostderr + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: '{{ .Values.image.pullPolicy }}' + livenessProbe: + httpGet: + path: /healthz + port: 9090 + name: manager + ports: + - containerPort: 8888 + name: metrics + protocol: TCP + - containerPort: 9090 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 9090 + resources: +{{ toYaml .Values.resources | indent 10 }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + serviceAccountName: gatekeeper-admin + terminationGracePeriodSeconds: 60 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-controller-manager-deployment.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-controller-manager-deployment.yaml new file mode 100644 index 000000000..06a54b686 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-controller-manager-deployment.yaml @@ -0,0 +1,117 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-controller-manager + namespace: '{{ .Release.Namespace }}' +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + template: + metadata: + annotations: +{{- toYaml .Values.podAnnotations | trim | nindent 8 }} + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: gatekeeper.sh/operation + operator: In + values: + - webhook + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - --port=8443 + - --logtostderr + - --emit-admission-events={{ .Values.emitAdmissionEvents }} + - --log-level={{ .Values.logLevel }} + - --exempt-namespace=gatekeeper-system + - --operation=webhook + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: '{{ .Values.image.pullPolicy }}' + livenessProbe: + httpGet: + path: /healthz + port: 9090 + name: manager + ports: + - containerPort: 8443 + name: webhook-server + protocol: TCP + - containerPort: 8888 + name: metrics + protocol: TCP + - containerPort: 9090 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 9090 + resources: +{{ toYaml .Values.resources | indent 10 }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /certs + name: cert + readOnly: true + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + serviceAccountName: gatekeeper-admin + terminationGracePeriodSeconds: 60 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: gatekeeper-webhook-server-cert diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-role-clusterrole.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-role-clusterrole.yaml new file mode 100644 index 000000000..b03f23f63 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-role-clusterrole.yaml @@ -0,0 +1,125 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - config.gatekeeper.sh + resources: + - configs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - config.gatekeeper.sh + resources: + - configs/status + verbs: + - get + - patch + - update +- apiGroups: + - constraints.gatekeeper.sh + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - use +- apiGroups: + - status.gatekeeper.sh + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates/finalizers + verbs: + - delete + - get + - patch + - update +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates/status + verbs: + - get + - patch + - update +- apiGroups: + - admissionregistration.k8s.io + resourceNames: + - gatekeeper-validating-webhook-configuration + resources: + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-role-role.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-role-role.yaml new file mode 100644 index 000000000..73e2c5cf7 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-role-role.yaml @@ -0,0 +1,32 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-role + namespace: '{{ .Release.Namespace }}' +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml new file mode 100644 index 000000000..22194d2ad --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gatekeeper-manager-role +subjects: +- kind: ServiceAccount + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-rolebinding-rolebinding.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-rolebinding-rolebinding.yaml new file mode 100644 index 000000000..4bf6087dc --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-rolebinding-rolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-rolebinding + namespace: '{{ .Release.Namespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: gatekeeper-manager-role +subjects: +- kind: ServiceAccount + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml new file mode 100644 index 000000000..f19216687 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml @@ -0,0 +1,58 @@ +{{- if not .Values.disableValidatingWebhook }} +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-validating-webhook-configuration +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /v1/admit + failurePolicy: Ignore + name: validation.gatekeeper.sh + namespaceSelector: + matchExpressions: + - key: admission.gatekeeper.sh/ignore + operator: DoesNotExist + rules: + - apiGroups: + - '*' + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - '*' + sideEffects: None + timeoutSeconds: 5 +- clientConfig: + caBundle: Cg== + service: + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /v1/admitlabel + failurePolicy: Fail + name: check-ignore-label.gatekeeper.sh + rules: + - apiGroups: + - "" + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None + timeoutSeconds: 5 +{{- end }} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-webhook-server-cert-secret.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-webhook-server-cert-secret.yaml new file mode 100644 index 000000000..bf89ae8b4 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-webhook-server-cert-secret.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-webhook-server-cert + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-webhook-service-service.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-webhook-service-service.yaml new file mode 100644 index 000000000..473bc4b25 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-webhook-service-service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' +spec: + ports: + - port: 443 + targetPort: 8443 + selector: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/requiredlabels.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/requiredlabels.yaml new file mode 100644 index 000000000..e93e6a0a7 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/requiredlabels.yaml @@ -0,0 +1,57 @@ +apiVersion: templates.gatekeeper.sh/v1beta1 +kind: ConstraintTemplate +metadata: + name: k8srequiredlabels +spec: + crd: + spec: + names: + kind: K8sRequiredLabels + validation: + # Schema for the `parameters` field + openAPIV3Schema: + properties: + message: + type: string + labels: + type: array + items: + type: object + properties: + key: + type: string + allowedRegex: + type: string + targets: + - target: admission.k8s.gatekeeper.sh + rego: | + package k8srequiredlabels + + get_message(parameters, _default) = msg { + not parameters.message + msg := _default + } + + get_message(parameters, _default) = msg { + msg := parameters.message + } + + violation[{"msg": msg, "details": {"missing_labels": missing}}] { + provided := {label | input.review.object.metadata.labels[label]} + required := {label | label := input.parameters.labels[_].key} + missing := required - provided + count(missing) > 0 + def_msg := sprintf("you must provide labels: %v", [missing]) + msg := get_message(input.parameters, def_msg) + } + + violation[{"msg": msg}] { + value := input.review.object.metadata.labels[key] + expected := input.parameters.labels[_] + expected.key == key + # do not match if allowedRegex is not defined, or is an empty string + expected.allowedRegex != "" + not re_match(expected.allowedRegex, value) + def_msg := sprintf("Label <%v: %v> does not satisfy allowed regex: %v", [key, value, expected.allowedRegex]) + msg := get_message(input.parameters, def_msg) + } diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/validate-install-crd.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/validate-install-crd.yaml new file mode 100644 index 000000000..10977fd7d --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/validate-install-crd.yaml @@ -0,0 +1,17 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "config.gatekeeper.sh/v1alpha1/Config" false -}} +# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintPodStatus" false -}} +# {{- set $found "templates.gatekeeper.sh/v1beta1/ConstraintTemplate" false -}} +# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintTemplatePodStatus" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-gatekeeper-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/values.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/values.yaml new file mode 100644 index 000000000..2afac2bfe --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/values.yaml @@ -0,0 +1,31 @@ +replicas: 3 +auditInterval: 300 +constraintViolationsLimit: 20 +auditFromCache: false +disableValidatingWebhook: false +auditChunkSize: 0 +logLevel: INFO +emitAdmissionEvents: false +emitAuditEvents: false +image: + repository: rancher/openpolicyagent-gatekeeper + tag: v3.1.1 + pullPolicy: IfNotPresent +nodeSelector: { kubernetes.io/os: linux } +affinity: {} +tolerations: [] +podAnnotations: + { container.seccomp.security.alpha.kubernetes.io/manager: runtime/default } +resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi +global: + cattle: + systemDefaultRegistry: "" + kubectl: + repository: rancher/kubectl + tag: v1.18.6 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/.helmignore b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/CHANGELOG.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/CHANGELOG.md new file mode 100644 index 000000000..c68d23c24 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/CHANGELOG.md @@ -0,0 +1,15 @@ +# Changelog +All notable changes from the upstream OPA Gatekeeper chart will be added to this file + +## [Package Version 00] - 2020-09-10 +### Added +- Enabled the CRD chart generator in `package.yaml` + +### Modified +- Updated namespace to `cattle-gatekeeper-system` +- Updated for Helm 3 compatibility + - Moved crds to `crds` directory + - Removed `crd-install` hooks and templates from crds + +### Removed +- Removed `gatekeeper-system-namespace.yaml` as Rancher handles namespaces for chart installation diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/Chart.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/Chart.yaml new file mode 100644 index 000000000..a77621b17 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/Chart.yaml @@ -0,0 +1,22 @@ +annotations: + catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: OPA Gatekeeper + catalog.cattle.io/experimental: "true" + catalog.cattle.io/namespace: cattle-gatekeeper-system + catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1 + catalog.cattle.io/release-name: rancher-gatekeeper + catalog.cattle.io/os: linux +apiVersion: v1 +appVersion: v3.1.1 +description: Modifies Open Policy Agent's upstream gatekeeper chart that provides + policy-based control for cloud native environments +home: https://github.com/open-policy-agent/gatekeeper +icon: https://charts.rancher.io/assets/logos/gatekeeper.svg +keywords: +- open policy agent +- security +name: rancher-gatekeeper +sources: +- https://github.com/open-policy-agent/gatekeeper.git +version: 3.1.101 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/README.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/README.md new file mode 100644 index 000000000..280a64565 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/README.md @@ -0,0 +1,33 @@ +# Gatekeeper Helm Chart + +## Parameters + +| Parameter | Description | Default | +| :------------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------ | +| auditInterval | The frequency with which audit is run | `300` | +| constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20` | +| auditFromCache | Take the roster of resources to audit from the OPA cache | `false` | +| auditChunkSize | Chunk size for listing cluster resources for audit (alpha feature) | `0` | +| disableValidatingWebhook | Disable ValidatingWebhook | `false` | +| emitAdmissionEvents | Emit K8s events in gatekeeper namespace for admission violations (alpha feature) | `false` | +| emitAuditEvents | Emit K8s events in gatekeeper namespace for audit violations (alpha feature) | `false` | +| logLevel | Minimum log level | `INFO` | +| image.pullPolicy | The image pull policy | `IfNotPresent` | +| image.repository | Image repository | `openpolicyagent/gatekeeper` | +| image.release | The image release tag to use | Current release version: `v3.1.1` | +| resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi | +| nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` | +| affinity | The node affinity to use for pod scheduling | `{}` | +| tolerations | The tolerations to use for pod scheduling | `[]` | +| replicas | The number of Gatekeeper replicas to deploy for the webhook | `1` | +| podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` | +| customResourceDefinitions.create | Whether the release should install CRDs. Regardless of this value, Helm v3+ will install the CRDs if those are not present already. Use --skip-crds with helm install if you want to skip CRD creation | `true` | + +## Contributing Changes + +This Helm chart is autogenerated from the Gatekeeper static manifest. The +generator code lives under `cmd/build/helmify`. To make modifications to this +template, please edit `kustomization.yaml` and `replacements.go` under that +directory and then run `make manifests`. Your changes will show up in the +`manifest_staging` directory and will be promoted to the root `charts` directory +the next time a Gatekeeper release is cut. diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/app-readme.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/app-readme.md new file mode 100644 index 000000000..d44cf7b2b --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/app-readme.md @@ -0,0 +1,14 @@ +# Rancher OPA Gatekeeper + +This chart is based off of the upstream [OPA Gatekeeper](https://github.com/open-policy-agent/gatekeeper/tree/master/charts/gatekeeper) chart. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/opa-gatekeper/). + +The chart installs the following components: + +- OPA Gatekeeper Controller-Manager - OPA Gatekeeper is a policy engine for providing policy based governance for Kubernetes clusters. The controller installs as a [validating admission controller webhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#validatingadmissionwebhook) on the cluster and intercepts all admission requests that create, update or delete a resource in the cluster. +- [Audit](https://github.com/open-policy-agent/gatekeeper#audit) - A periodic audit of the cluster resources against the enforced policies. Any existing resource that violates a policy will be recorded as violations. +- [Constraint Template](https://github.com/open-policy-agent/gatekeeper#constraint-templates) - A template is a CRD (`ConstraintTemplate`) that defines the schema and Rego logic of a policy to be applied to the cluster by Gatekeeper's admission controller webhook. This chart installs a few default `ConstraintTemplate` custom resources. +- [Constraint](https://github.com/open-policy-agent/gatekeeper#constraints) - A constraint is a custom resource that defines the scope of resources which a specific constraint template should apply to. The complete policy is defined by a combination of `ConstraintTemplates` (i.e. what the policy is) and `Constraints` (i.e. what resource to apply the policy to). + +For more information on how to configure the Helm chart, refer to the Helm README. diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/_helpers.tpl b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/_helpers.tpl new file mode 100644 index 000000000..f5d0ab307 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/_helpers.tpl @@ -0,0 +1,52 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "gatekeeper.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gatekeeper.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gatekeeper.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "gatekeeper.labels" -}} +app.kubernetes.io/name: {{ include "gatekeeper.name" . }} +helm.sh/chart: {{ include "gatekeeper.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/allowedrepos.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/allowedrepos.yaml new file mode 100644 index 000000000..9abb84ecb --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/allowedrepos.yaml @@ -0,0 +1,35 @@ +apiVersion: templates.gatekeeper.sh/v1beta1 +kind: ConstraintTemplate +metadata: + name: k8sallowedrepos +spec: + crd: + spec: + names: + kind: K8sAllowedRepos + validation: + # Schema for the `parameters` field + openAPIV3Schema: + properties: + repos: + type: array + items: + type: string + targets: + - target: admission.k8s.gatekeeper.sh + rego: | + package k8sallowedrepos + + violation[{"msg": msg}] { + container := input.review.object.spec.containers[_] + satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)] + not any(satisfied) + msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos]) + } + + violation[{"msg": msg}] { + container := input.review.object.spec.initContainers[_] + satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)] + not any(satisfied) + msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos]) + } diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-admin-serviceaccount.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-admin-serviceaccount.yaml new file mode 100644 index 000000000..4b68998cb --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-admin-serviceaccount.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-audit-deployment.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-audit-deployment.yaml new file mode 100644 index 000000000..561ac5c6e --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-audit-deployment.yaml @@ -0,0 +1,96 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-audit + namespace: '{{ .Release.Namespace }}' +spec: + replicas: 1 + selector: + matchLabels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + template: + metadata: + annotations: +{{- toYaml .Values.podAnnotations | trim | nindent 8 }} + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + spec: + containers: + - args: + - --audit-interval={{ .Values.auditInterval }} + - --log-level={{ .Values.logLevel }} + - --constraint-violations-limit={{ .Values.constraintViolationsLimit }} + - --audit-from-cache={{ .Values.auditFromCache }} + - --audit-chunk-size={{ .Values.auditChunkSize }} + - --emit-audit-events={{ .Values.emitAuditEvents }} + - --operation=audit + - --operation=status + - --logtostderr + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: '{{ .Values.image.pullPolicy }}' + livenessProbe: + httpGet: + path: /healthz + port: 9090 + name: manager + ports: + - containerPort: 8888 + name: metrics + protocol: TCP + - containerPort: 9090 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 9090 + resources: +{{ toYaml .Values.resources | indent 10 }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + serviceAccountName: gatekeeper-admin + terminationGracePeriodSeconds: 60 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-controller-manager-deployment.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-controller-manager-deployment.yaml new file mode 100644 index 000000000..06a54b686 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-controller-manager-deployment.yaml @@ -0,0 +1,117 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-controller-manager + namespace: '{{ .Release.Namespace }}' +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + template: + metadata: + annotations: +{{- toYaml .Values.podAnnotations | trim | nindent 8 }} + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: gatekeeper.sh/operation + operator: In + values: + - webhook + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - --port=8443 + - --logtostderr + - --emit-admission-events={{ .Values.emitAdmissionEvents }} + - --log-level={{ .Values.logLevel }} + - --exempt-namespace=gatekeeper-system + - --operation=webhook + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: '{{ .Values.image.pullPolicy }}' + livenessProbe: + httpGet: + path: /healthz + port: 9090 + name: manager + ports: + - containerPort: 8443 + name: webhook-server + protocol: TCP + - containerPort: 8888 + name: metrics + protocol: TCP + - containerPort: 9090 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 9090 + resources: +{{ toYaml .Values.resources | indent 10 }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /certs + name: cert + readOnly: true + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + serviceAccountName: gatekeeper-admin + terminationGracePeriodSeconds: 60 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: gatekeeper-webhook-server-cert diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-role-clusterrole.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-role-clusterrole.yaml new file mode 100644 index 000000000..b03f23f63 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-role-clusterrole.yaml @@ -0,0 +1,125 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - config.gatekeeper.sh + resources: + - configs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - config.gatekeeper.sh + resources: + - configs/status + verbs: + - get + - patch + - update +- apiGroups: + - constraints.gatekeeper.sh + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - use +- apiGroups: + - status.gatekeeper.sh + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates/finalizers + verbs: + - delete + - get + - patch + - update +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates/status + verbs: + - get + - patch + - update +- apiGroups: + - admissionregistration.k8s.io + resourceNames: + - gatekeeper-validating-webhook-configuration + resources: + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-role-role.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-role-role.yaml new file mode 100644 index 000000000..73e2c5cf7 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-role-role.yaml @@ -0,0 +1,32 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-role + namespace: '{{ .Release.Namespace }}' +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml new file mode 100644 index 000000000..22194d2ad --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gatekeeper-manager-role +subjects: +- kind: ServiceAccount + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-rolebinding-rolebinding.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-rolebinding-rolebinding.yaml new file mode 100644 index 000000000..4bf6087dc --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-rolebinding-rolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-rolebinding + namespace: '{{ .Release.Namespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: gatekeeper-manager-role +subjects: +- kind: ServiceAccount + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml new file mode 100644 index 000000000..f19216687 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml @@ -0,0 +1,58 @@ +{{- if not .Values.disableValidatingWebhook }} +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-validating-webhook-configuration +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /v1/admit + failurePolicy: Ignore + name: validation.gatekeeper.sh + namespaceSelector: + matchExpressions: + - key: admission.gatekeeper.sh/ignore + operator: DoesNotExist + rules: + - apiGroups: + - '*' + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - '*' + sideEffects: None + timeoutSeconds: 5 +- clientConfig: + caBundle: Cg== + service: + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /v1/admitlabel + failurePolicy: Fail + name: check-ignore-label.gatekeeper.sh + rules: + - apiGroups: + - "" + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None + timeoutSeconds: 5 +{{- end }} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-webhook-server-cert-secret.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-webhook-server-cert-secret.yaml new file mode 100644 index 000000000..bf89ae8b4 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-webhook-server-cert-secret.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-webhook-server-cert + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-webhook-service-service.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-webhook-service-service.yaml new file mode 100644 index 000000000..473bc4b25 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-webhook-service-service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' +spec: + ports: + - port: 443 + targetPort: 8443 + selector: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/requiredlabels.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/requiredlabels.yaml new file mode 100644 index 000000000..e93e6a0a7 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/requiredlabels.yaml @@ -0,0 +1,57 @@ +apiVersion: templates.gatekeeper.sh/v1beta1 +kind: ConstraintTemplate +metadata: + name: k8srequiredlabels +spec: + crd: + spec: + names: + kind: K8sRequiredLabels + validation: + # Schema for the `parameters` field + openAPIV3Schema: + properties: + message: + type: string + labels: + type: array + items: + type: object + properties: + key: + type: string + allowedRegex: + type: string + targets: + - target: admission.k8s.gatekeeper.sh + rego: | + package k8srequiredlabels + + get_message(parameters, _default) = msg { + not parameters.message + msg := _default + } + + get_message(parameters, _default) = msg { + msg := parameters.message + } + + violation[{"msg": msg, "details": {"missing_labels": missing}}] { + provided := {label | input.review.object.metadata.labels[label]} + required := {label | label := input.parameters.labels[_].key} + missing := required - provided + count(missing) > 0 + def_msg := sprintf("you must provide labels: %v", [missing]) + msg := get_message(input.parameters, def_msg) + } + + violation[{"msg": msg}] { + value := input.review.object.metadata.labels[key] + expected := input.parameters.labels[_] + expected.key == key + # do not match if allowedRegex is not defined, or is an empty string + expected.allowedRegex != "" + not re_match(expected.allowedRegex, value) + def_msg := sprintf("Label <%v: %v> does not satisfy allowed regex: %v", [key, value, expected.allowedRegex]) + msg := get_message(input.parameters, def_msg) + } diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/validate-install-crd.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/validate-install-crd.yaml new file mode 100644 index 000000000..10977fd7d --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/validate-install-crd.yaml @@ -0,0 +1,17 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "config.gatekeeper.sh/v1alpha1/Config" false -}} +# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintPodStatus" false -}} +# {{- set $found "templates.gatekeeper.sh/v1beta1/ConstraintTemplate" false -}} +# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintTemplatePodStatus" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-gatekeeper-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/values.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/values.yaml new file mode 100644 index 000000000..2afac2bfe --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/values.yaml @@ -0,0 +1,31 @@ +replicas: 3 +auditInterval: 300 +constraintViolationsLimit: 20 +auditFromCache: false +disableValidatingWebhook: false +auditChunkSize: 0 +logLevel: INFO +emitAdmissionEvents: false +emitAuditEvents: false +image: + repository: rancher/openpolicyagent-gatekeeper + tag: v3.1.1 + pullPolicy: IfNotPresent +nodeSelector: { kubernetes.io/os: linux } +affinity: {} +tolerations: [] +podAnnotations: + { container.seccomp.security.alpha.kubernetes.io/manager: runtime/default } +resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi +global: + cattle: + systemDefaultRegistry: "" + kubectl: + repository: rancher/kubectl + tag: v1.18.6 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/.helmignore b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/CHANGELOG.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/CHANGELOG.md new file mode 100644 index 000000000..c68d23c24 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/CHANGELOG.md @@ -0,0 +1,15 @@ +# Changelog +All notable changes from the upstream OPA Gatekeeper chart will be added to this file + +## [Package Version 00] - 2020-09-10 +### Added +- Enabled the CRD chart generator in `package.yaml` + +### Modified +- Updated namespace to `cattle-gatekeeper-system` +- Updated for Helm 3 compatibility + - Moved crds to `crds` directory + - Removed `crd-install` hooks and templates from crds + +### Removed +- Removed `gatekeeper-system-namespace.yaml` as Rancher handles namespaces for chart installation diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/Chart.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/Chart.yaml new file mode 100644 index 000000000..b2d23d5b0 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: OPA Gatekeeper + catalog.cattle.io/experimental: "true" + catalog.cattle.io/namespace: cattle-gatekeeper-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1 + catalog.cattle.io/release-name: rancher-gatekeeper + catalog.cattle.io/ui-component: gatekeeper +apiVersion: v1 +appVersion: v3.2.1 +description: Modifies Open Policy Agent's upstream gatekeeper chart that provides + policy-based control for cloud native environments +home: https://github.com/open-policy-agent/gatekeeper +icon: https://charts.rancher.io/assets/logos/gatekeeper.svg +keywords: +- open policy agent +- security +name: rancher-gatekeeper +sources: +- https://github.com/open-policy-agent/gatekeeper.git +version: 3.2.101 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/README.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/README.md new file mode 100644 index 000000000..8a5157bf3 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/README.md @@ -0,0 +1,33 @@ +# Gatekeeper Helm Chart + +## Parameters + +| Parameter | Description | Default | +| :------------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------ | +| auditInterval | The frequency with which audit is run | `300` | +| constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20` | +| auditFromCache | Take the roster of resources to audit from the OPA cache | `false` | +| auditChunkSize | Chunk size for listing cluster resources for audit (alpha feature) | `0` | +| disableValidatingWebhook | Disable ValidatingWebhook | `false` | +| emitAdmissionEvents | Emit K8s events in gatekeeper namespace for admission violations (alpha feature) | `false` | +| emitAuditEvents | Emit K8s events in gatekeeper namespace for audit violations (alpha feature) | `false` | +| logLevel | Minimum log level | `INFO` | +| image.pullPolicy | The image pull policy | `IfNotPresent` | +| image.repository | Image repository | `openpolicyagent/gatekeeper` | +| image.release | The image release tag to use | Current release version: `v3.2.1` | +| resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi | +| nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` | +| affinity | The node affinity to use for pod scheduling | `{}` | +| tolerations | The tolerations to use for pod scheduling | `[]` | +| replicas | The number of Gatekeeper replicas to deploy for the webhook | `1` | +| podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` | +| customResourceDefinitions.create | Whether the release should install CRDs. Regardless of this value, Helm v3+ will install the CRDs if those are not present already. Use --skip-crds with helm install if you want to skip CRD creation | `true` | + +## Contributing Changes + +This Helm chart is autogenerated from the Gatekeeper static manifest. The +generator code lives under `cmd/build/helmify`. To make modifications to this +template, please edit `kustomization.yaml` and `replacements.go` under that +directory and then run `make manifests`. Your changes will show up in the +`manifest_staging` directory and will be promoted to the root `charts` directory +the next time a Gatekeeper release is cut. diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/app-readme.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/app-readme.md new file mode 100644 index 000000000..d44cf7b2b --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/app-readme.md @@ -0,0 +1,14 @@ +# Rancher OPA Gatekeeper + +This chart is based off of the upstream [OPA Gatekeeper](https://github.com/open-policy-agent/gatekeeper/tree/master/charts/gatekeeper) chart. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/opa-gatekeper/). + +The chart installs the following components: + +- OPA Gatekeeper Controller-Manager - OPA Gatekeeper is a policy engine for providing policy based governance for Kubernetes clusters. The controller installs as a [validating admission controller webhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#validatingadmissionwebhook) on the cluster and intercepts all admission requests that create, update or delete a resource in the cluster. +- [Audit](https://github.com/open-policy-agent/gatekeeper#audit) - A periodic audit of the cluster resources against the enforced policies. Any existing resource that violates a policy will be recorded as violations. +- [Constraint Template](https://github.com/open-policy-agent/gatekeeper#constraint-templates) - A template is a CRD (`ConstraintTemplate`) that defines the schema and Rego logic of a policy to be applied to the cluster by Gatekeeper's admission controller webhook. This chart installs a few default `ConstraintTemplate` custom resources. +- [Constraint](https://github.com/open-policy-agent/gatekeeper#constraints) - A constraint is a custom resource that defines the scope of resources which a specific constraint template should apply to. The complete policy is defined by a combination of `ConstraintTemplates` (i.e. what the policy is) and `Constraints` (i.e. what resource to apply the policy to). + +For more information on how to configure the Helm chart, refer to the Helm README. diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/_helpers.tpl b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/_helpers.tpl new file mode 100644 index 000000000..f5d0ab307 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/_helpers.tpl @@ -0,0 +1,52 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "gatekeeper.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gatekeeper.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gatekeeper.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "gatekeeper.labels" -}} +app.kubernetes.io/name: {{ include "gatekeeper.name" . }} +helm.sh/chart: {{ include "gatekeeper.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/allowedrepos.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/allowedrepos.yaml new file mode 100644 index 000000000..9abb84ecb --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/allowedrepos.yaml @@ -0,0 +1,35 @@ +apiVersion: templates.gatekeeper.sh/v1beta1 +kind: ConstraintTemplate +metadata: + name: k8sallowedrepos +spec: + crd: + spec: + names: + kind: K8sAllowedRepos + validation: + # Schema for the `parameters` field + openAPIV3Schema: + properties: + repos: + type: array + items: + type: string + targets: + - target: admission.k8s.gatekeeper.sh + rego: | + package k8sallowedrepos + + violation[{"msg": msg}] { + container := input.review.object.spec.containers[_] + satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)] + not any(satisfied) + msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos]) + } + + violation[{"msg": msg}] { + container := input.review.object.spec.initContainers[_] + satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)] + not any(satisfied) + msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos]) + } diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-admin-podsecuritypolicy.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-admin-podsecuritypolicy.yaml new file mode 100644 index 000000000..78f36ecfb --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-admin-podsecuritypolicy.yaml @@ -0,0 +1,35 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-admin +spec: + allowPrivilegeEscalation: false + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - projected + - secret + - downwardAPI diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-admin-serviceaccount.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-admin-serviceaccount.yaml new file mode 100644 index 000000000..4b68998cb --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-admin-serviceaccount.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-audit-deployment.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-audit-deployment.yaml new file mode 100644 index 000000000..d9ee16076 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-audit-deployment.yaml @@ -0,0 +1,96 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-audit + namespace: '{{ .Release.Namespace }}' +spec: + replicas: 1 + selector: + matchLabels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + template: + metadata: + annotations: +{{- toYaml .Values.podAnnotations | trim | nindent 8 }} + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + spec: + containers: + - args: + - --audit-interval={{ .Values.auditInterval }} + - --log-level={{ .Values.logLevel }} + - --constraint-violations-limit={{ .Values.constraintViolationsLimit }} + - --audit-from-cache={{ .Values.auditFromCache }} + - --audit-chunk-size={{ .Values.auditChunkSize }} + - --emit-audit-events={{ .Values.emitAuditEvents }} + - --operation=audit + - --operation=status + - --logtostderr + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: '{{ .Values.image.pullPolicy }}' + livenessProbe: + httpGet: + path: /healthz + port: 9090 + name: manager + ports: + - containerPort: 8888 + name: metrics + protocol: TCP + - containerPort: 9090 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 9090 + resources: +{{ toYaml .Values.audit.resources | indent 10 }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + serviceAccountName: gatekeeper-admin + terminationGracePeriodSeconds: 60 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-controller-manager-deployment.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-controller-manager-deployment.yaml new file mode 100644 index 000000000..22ceed00a --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-controller-manager-deployment.yaml @@ -0,0 +1,117 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-controller-manager + namespace: '{{ .Release.Namespace }}' +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + template: + metadata: + annotations: +{{- toYaml .Values.podAnnotations | trim | nindent 8 }} + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: gatekeeper.sh/operation + operator: In + values: + - webhook + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - --port=8443 + - --logtostderr + - --emit-admission-events={{ .Values.emitAdmissionEvents }} + - --log-level={{ .Values.logLevel }} + - --exempt-namespace=gatekeeper-system + - --operation=webhook + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: '{{ .Values.image.pullPolicy }}' + livenessProbe: + httpGet: + path: /healthz + port: 9090 + name: manager + ports: + - containerPort: 8443 + name: webhook-server + protocol: TCP + - containerPort: 8888 + name: metrics + protocol: TCP + - containerPort: 9090 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 9090 + resources: +{{ toYaml .Values.controllerManager.resources | indent 10 }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /certs + name: cert + readOnly: true + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + serviceAccountName: gatekeeper-admin + terminationGracePeriodSeconds: 60 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: gatekeeper-webhook-server-cert diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-role-clusterrole.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-role-clusterrole.yaml new file mode 100644 index 000000000..690aebcfd --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-role-clusterrole.yaml @@ -0,0 +1,127 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - config.gatekeeper.sh + resources: + - configs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - config.gatekeeper.sh + resources: + - configs/status + verbs: + - get + - patch + - update +- apiGroups: + - constraints.gatekeeper.sh + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - policy + resourceNames: + - gatekeeper-admin + resources: + - podsecuritypolicies + verbs: + - use +- apiGroups: + - status.gatekeeper.sh + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates/finalizers + verbs: + - delete + - get + - patch + - update +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates/status + verbs: + - get + - patch + - update +- apiGroups: + - admissionregistration.k8s.io + resourceNames: + - gatekeeper-validating-webhook-configuration + resources: + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-role-role.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-role-role.yaml new file mode 100644 index 000000000..73e2c5cf7 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-role-role.yaml @@ -0,0 +1,32 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-role + namespace: '{{ .Release.Namespace }}' +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml new file mode 100644 index 000000000..22194d2ad --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gatekeeper-manager-role +subjects: +- kind: ServiceAccount + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-rolebinding-rolebinding.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-rolebinding-rolebinding.yaml new file mode 100644 index 000000000..4bf6087dc --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-rolebinding-rolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-rolebinding + namespace: '{{ .Release.Namespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: gatekeeper-manager-role +subjects: +- kind: ServiceAccount + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml new file mode 100644 index 000000000..dade6a945 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml @@ -0,0 +1,58 @@ +{{- if not .Values.disableValidatingWebhook }} +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-validating-webhook-configuration +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /v1/admit + failurePolicy: Ignore + name: validation.gatekeeper.sh + namespaceSelector: + matchExpressions: + - key: admission.gatekeeper.sh/ignore + operator: DoesNotExist + rules: + - apiGroups: + - '*' + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - '*' + sideEffects: None + timeoutSeconds: 3 +- clientConfig: + caBundle: Cg== + service: + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /v1/admitlabel + failurePolicy: Fail + name: check-ignore-label.gatekeeper.sh + rules: + - apiGroups: + - "" + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None + timeoutSeconds: 3 +{{- end }} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-webhook-server-cert-secret.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-webhook-server-cert-secret.yaml new file mode 100644 index 000000000..bf89ae8b4 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-webhook-server-cert-secret.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-webhook-server-cert + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-webhook-service-service.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-webhook-service-service.yaml new file mode 100644 index 000000000..473bc4b25 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-webhook-service-service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' +spec: + ports: + - port: 443 + targetPort: 8443 + selector: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/requiredlabels.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/requiredlabels.yaml new file mode 100644 index 000000000..e93e6a0a7 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/requiredlabels.yaml @@ -0,0 +1,57 @@ +apiVersion: templates.gatekeeper.sh/v1beta1 +kind: ConstraintTemplate +metadata: + name: k8srequiredlabels +spec: + crd: + spec: + names: + kind: K8sRequiredLabels + validation: + # Schema for the `parameters` field + openAPIV3Schema: + properties: + message: + type: string + labels: + type: array + items: + type: object + properties: + key: + type: string + allowedRegex: + type: string + targets: + - target: admission.k8s.gatekeeper.sh + rego: | + package k8srequiredlabels + + get_message(parameters, _default) = msg { + not parameters.message + msg := _default + } + + get_message(parameters, _default) = msg { + msg := parameters.message + } + + violation[{"msg": msg, "details": {"missing_labels": missing}}] { + provided := {label | input.review.object.metadata.labels[label]} + required := {label | label := input.parameters.labels[_].key} + missing := required - provided + count(missing) > 0 + def_msg := sprintf("you must provide labels: %v", [missing]) + msg := get_message(input.parameters, def_msg) + } + + violation[{"msg": msg}] { + value := input.review.object.metadata.labels[key] + expected := input.parameters.labels[_] + expected.key == key + # do not match if allowedRegex is not defined, or is an empty string + expected.allowedRegex != "" + not re_match(expected.allowedRegex, value) + def_msg := sprintf("Label <%v: %v> does not satisfy allowed regex: %v", [key, value, expected.allowedRegex]) + msg := get_message(input.parameters, def_msg) + } diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/validate-install-crd.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/validate-install-crd.yaml new file mode 100644 index 000000000..10977fd7d --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/validate-install-crd.yaml @@ -0,0 +1,17 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "config.gatekeeper.sh/v1alpha1/Config" false -}} +# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintPodStatus" false -}} +# {{- set $found "templates.gatekeeper.sh/v1beta1/ConstraintTemplate" false -}} +# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintTemplatePodStatus" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-gatekeeper-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/values.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/values.yaml new file mode 100644 index 000000000..bec986402 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/values.yaml @@ -0,0 +1,40 @@ +replicas: 3 +auditInterval: 300 +constraintViolationsLimit: 20 +auditFromCache: false +disableValidatingWebhook: false +auditChunkSize: 0 +logLevel: INFO +emitAdmissionEvents: false +emitAuditEvents: false +image: + repository: rancher/openpolicyagent-gatekeeper + tag: v3.2.1 + pullPolicy: IfNotPresent +nodeSelector: { kubernetes.io/os: linux } +affinity: {} +tolerations: [] +podAnnotations: + { container.seccomp.security.alpha.kubernetes.io/manager: runtime/default } +controllerManager: + resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi +audit: + resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi +global: + cattle: + systemDefaultRegistry: "" + kubectl: + repository: rancher/kubectl + tag: v1.18.6 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/.helmignore b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/.helmignore new file mode 100755 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/CHANGELOG.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/CHANGELOG.md new file mode 100755 index 000000000..c68d23c24 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/CHANGELOG.md @@ -0,0 +1,15 @@ +# Changelog +All notable changes from the upstream OPA Gatekeeper chart will be added to this file + +## [Package Version 00] - 2020-09-10 +### Added +- Enabled the CRD chart generator in `package.yaml` + +### Modified +- Updated namespace to `cattle-gatekeeper-system` +- Updated for Helm 3 compatibility + - Moved crds to `crds` directory + - Removed `crd-install` hooks and templates from crds + +### Removed +- Removed `gatekeeper-system-namespace.yaml` as Rancher handles namespaces for chart installation diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/Chart.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/Chart.yaml new file mode 100755 index 000000000..6e7996477 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/Chart.yaml @@ -0,0 +1,22 @@ +annotations: + catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: OPA Gatekeeper + catalog.cattle.io/namespace: cattle-gatekeeper-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1 + catalog.cattle.io/release-name: rancher-gatekeeper + catalog.cattle.io/ui-component: gatekeeper +apiVersion: v1 +appVersion: v3.3.0 +description: Modifies Open Policy Agent's upstream gatekeeper chart that provides + policy-based control for cloud native environments +home: https://github.com/open-policy-agent/gatekeeper +icon: https://charts.rancher.io/assets/logos/gatekeeper.svg +keywords: +- open policy agent +- security +name: rancher-gatekeeper +sources: +- https://github.com/open-policy-agent/gatekeeper.git +version: 3.3.000 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/README.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/README.md new file mode 100755 index 000000000..45cf27c79 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/README.md @@ -0,0 +1,39 @@ +# Gatekeeper Helm Chart + +## Parameters + +| Parameter | Description | Default | +| :---------------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------ | +| auditInterval | The frequency with which audit is run | `300` | +| constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20` | +| auditFromCache | Take the roster of resources to audit from the OPA cache | `false` | +| auditChunkSize | Chunk size for listing cluster resources for audit (alpha feature) | `0` | +| disableValidatingWebhook | Disable the validating webhook | `false` | +| validatingWebhookTimeoutSeconds | The timeout for the validating webhook in seconds | `3` | +| enableDeleteOperations | Enable validating webhook for delete operations | `false` | +| emitAdmissionEvents | Emit K8s events in gatekeeper namespace for admission violations (alpha feature) | `false` | +| emitAuditEvents | Emit K8s events in gatekeeper namespace for audit violations (alpha feature) | `false` | +| logLevel | Minimum log level | `INFO` | +| image.pullPolicy | The image pull policy | `IfNotPresent` | +| image.repository | Image repository | `openpolicyagent/gatekeeper` | +| image.release | The image release tag to use | Current release version: `v3.3.0` | +| image.pullSecrets | Specify an array of imagePullSecrets | `[]` | +| resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi | +| nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` | +| affinity | The node affinity to use for pod scheduling | `{}` | +| tolerations | The tolerations to use for pod scheduling | `[]` | +| controllerManager.priorityClassName | Priority class name for controller manager | `system-cluster-critical` | +| audit.priorityClassName | Priority class name for audit controller | `system-cluster-critical` | +| replicas | The number of Gatekeeper replicas to deploy for the webhook | `1` | +| podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` | +| secretAnnotations | The annotations to add to the Gatekeeper secrets | `{}` | +| customResourceDefinitions.create | Whether the release should install CRDs. Regardless of this value, Helm v3+ will install the CRDs if those are not present already. Use --skip-crds with helm install if you want to skip CRD creation | `true` | + +## Contributing Changes + +This Helm chart is autogenerated from the Gatekeeper static manifest. The +generator code lives under `cmd/build/helmify`. To make modifications to this +template, please edit `kustomization.yaml` and `replacements.go` under that +directory and then run `make manifests`. Your changes will show up in the +`manifest_staging` directory and will be promoted to the root `charts` directory +the next time a Gatekeeper release is cut. diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/app-readme.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/app-readme.md new file mode 100755 index 000000000..d44cf7b2b --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/app-readme.md @@ -0,0 +1,14 @@ +# Rancher OPA Gatekeeper + +This chart is based off of the upstream [OPA Gatekeeper](https://github.com/open-policy-agent/gatekeeper/tree/master/charts/gatekeeper) chart. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/opa-gatekeper/). + +The chart installs the following components: + +- OPA Gatekeeper Controller-Manager - OPA Gatekeeper is a policy engine for providing policy based governance for Kubernetes clusters. The controller installs as a [validating admission controller webhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#validatingadmissionwebhook) on the cluster and intercepts all admission requests that create, update or delete a resource in the cluster. +- [Audit](https://github.com/open-policy-agent/gatekeeper#audit) - A periodic audit of the cluster resources against the enforced policies. Any existing resource that violates a policy will be recorded as violations. +- [Constraint Template](https://github.com/open-policy-agent/gatekeeper#constraint-templates) - A template is a CRD (`ConstraintTemplate`) that defines the schema and Rego logic of a policy to be applied to the cluster by Gatekeeper's admission controller webhook. This chart installs a few default `ConstraintTemplate` custom resources. +- [Constraint](https://github.com/open-policy-agent/gatekeeper#constraints) - A constraint is a custom resource that defines the scope of resources which a specific constraint template should apply to. The complete policy is defined by a combination of `ConstraintTemplates` (i.e. what the policy is) and `Constraints` (i.e. what resource to apply the policy to). + +For more information on how to configure the Helm chart, refer to the Helm README. diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/_helpers.tpl b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/_helpers.tpl new file mode 100755 index 000000000..f5d0ab307 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/_helpers.tpl @@ -0,0 +1,52 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "gatekeeper.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gatekeeper.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gatekeeper.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "gatekeeper.labels" -}} +app.kubernetes.io/name: {{ include "gatekeeper.name" . }} +helm.sh/chart: {{ include "gatekeeper.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/allowedrepos.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/allowedrepos.yaml new file mode 100755 index 000000000..9abb84ecb --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/allowedrepos.yaml @@ -0,0 +1,35 @@ +apiVersion: templates.gatekeeper.sh/v1beta1 +kind: ConstraintTemplate +metadata: + name: k8sallowedrepos +spec: + crd: + spec: + names: + kind: K8sAllowedRepos + validation: + # Schema for the `parameters` field + openAPIV3Schema: + properties: + repos: + type: array + items: + type: string + targets: + - target: admission.k8s.gatekeeper.sh + rego: | + package k8sallowedrepos + + violation[{"msg": msg}] { + container := input.review.object.spec.containers[_] + satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)] + not any(satisfied) + msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos]) + } + + violation[{"msg": msg}] { + container := input.review.object.spec.initContainers[_] + satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)] + not any(satisfied) + msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos]) + } diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-admin-podsecuritypolicy.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-admin-podsecuritypolicy.yaml new file mode 100755 index 000000000..78f36ecfb --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-admin-podsecuritypolicy.yaml @@ -0,0 +1,35 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-admin +spec: + allowPrivilegeEscalation: false + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - projected + - secret + - downwardAPI diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-admin-serviceaccount.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-admin-serviceaccount.yaml new file mode 100755 index 000000000..4b68998cb --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-admin-serviceaccount.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-audit-deployment.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-audit-deployment.yaml new file mode 100755 index 000000000..95ccaa767 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-audit-deployment.yaml @@ -0,0 +1,103 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-audit + namespace: '{{ .Release.Namespace }}' +spec: + replicas: 1 + selector: + matchLabels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + template: + metadata: + annotations: +{{- toYaml .Values.podAnnotations | trim | nindent 8 }} + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + spec: + automountServiceAccountToken: true + containers: + - args: + - --audit-interval={{ .Values.auditInterval }} + - --log-level={{ .Values.logLevel }} + - --constraint-violations-limit={{ .Values.constraintViolationsLimit }} + - --audit-from-cache={{ .Values.auditFromCache }} + - --audit-chunk-size={{ .Values.auditChunkSize }} + - --emit-audit-events={{ .Values.emitAuditEvents }} + - --operation=audit + - --operation=status + - --logtostderr + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: '{{ .Values.image.pullPolicy }}' + livenessProbe: + httpGet: + path: /healthz + port: 9090 + name: manager + ports: + - containerPort: 8888 + name: metrics + protocol: TCP + - containerPort: 9090 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 9090 + resources: +{{ toYaml .Values.audit.resources | indent 10 }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: true + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: +{{ toYaml .Values.audit.nodeSelector | indent 8 }} + affinity: +{{ toYaml .Values.audit.affinity | indent 8 }} + tolerations: +{{ toYaml .Values.audit.tolerations | indent 8 }} + imagePullSecrets: +{{ toYaml .Values.image.pullSecrets | indent 8 }} +{{- if .Values.audit.priorityClassName }} + priorityClassName: {{ .Values.audit.priorityClassName }} +{{- end }} + serviceAccountName: gatekeeper-admin + terminationGracePeriodSeconds: 60 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-controller-manager-deployment.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-controller-manager-deployment.yaml new file mode 100755 index 000000000..b050f3574 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-controller-manager-deployment.yaml @@ -0,0 +1,124 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-controller-manager + namespace: '{{ .Release.Namespace }}' +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + template: + metadata: + annotations: +{{- toYaml .Values.podAnnotations | trim | nindent 8 }} + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: gatekeeper.sh/operation + operator: In + values: + - webhook + topologyKey: kubernetes.io/hostname + weight: 100 + automountServiceAccountToken: true + containers: + - args: + - --port=8443 + - --logtostderr + - --emit-admission-events={{ .Values.emitAdmissionEvents }} + - --log-level={{ .Values.logLevel }} + - --exempt-namespace=gatekeeper-system + - --operation=webhook + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: '{{ .Values.image.pullPolicy }}' + livenessProbe: + httpGet: + path: /healthz + port: 9090 + name: manager + ports: + - containerPort: 8443 + name: webhook-server + protocol: TCP + - containerPort: 8888 + name: metrics + protocol: TCP + - containerPort: 9090 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 9090 + resources: +{{ toYaml .Values.controllerManager.resources | indent 10 }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: true + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /certs + name: cert + readOnly: true + nodeSelector: +{{ toYaml .Values.controllerManager.nodeSelector | indent 8 }} + affinity: +{{ toYaml .Values.controllerManager.affinity | indent 8 }} + tolerations: +{{ toYaml .Values.controllerManager.tolerations | indent 8 }} + imagePullSecrets: +{{ toYaml .Values.image.pullSecrets | indent 8 }} +{{- if .Values.controllerManager.priorityClassName }} + priorityClassName: {{ .Values.controllerManager.priorityClassName }} +{{- end }} + serviceAccountName: gatekeeper-admin + terminationGracePeriodSeconds: 60 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: gatekeeper-webhook-server-cert diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-role-clusterrole.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-role-clusterrole.yaml new file mode 100755 index 000000000..05577fb22 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-role-clusterrole.yaml @@ -0,0 +1,139 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - config.gatekeeper.sh + resources: + - configs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - config.gatekeeper.sh + resources: + - configs/status + verbs: + - get + - patch + - update +- apiGroups: + - constraints.gatekeeper.sh + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mutations.gatekeeper.sh + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - policy + resourceNames: + - gatekeeper-admin + resources: + - podsecuritypolicies + verbs: + - use +- apiGroups: + - status.gatekeeper.sh + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates/finalizers + verbs: + - delete + - get + - patch + - update +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates/status + verbs: + - get + - patch + - update +- apiGroups: + - admissionregistration.k8s.io + resourceNames: + - gatekeeper-validating-webhook-configuration + resources: + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-role-role.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-role-role.yaml new file mode 100755 index 000000000..73e2c5cf7 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-role-role.yaml @@ -0,0 +1,32 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-role + namespace: '{{ .Release.Namespace }}' +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml new file mode 100755 index 000000000..22194d2ad --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gatekeeper-manager-role +subjects: +- kind: ServiceAccount + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-rolebinding-rolebinding.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-rolebinding-rolebinding.yaml new file mode 100755 index 000000000..4bf6087dc --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-rolebinding-rolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-rolebinding + namespace: '{{ .Release.Namespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: gatekeeper-manager-role +subjects: +- kind: ServiceAccount + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml new file mode 100755 index 000000000..ba72d918e --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml @@ -0,0 +1,61 @@ +{{- if not .Values.disableValidatingWebhook }} +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-validating-webhook-configuration +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /v1/admit + failurePolicy: Ignore + name: validation.gatekeeper.sh + namespaceSelector: + matchExpressions: + - key: admission.gatekeeper.sh/ignore + operator: DoesNotExist + rules: + - apiGroups: + - '*' + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + {{- if .Values.enableDeleteOperations }} + - DELETE + {{- end}} + resources: + - '*' + sideEffects: None + timeoutSeconds: {{ .Values.validatingWebhookTimeoutSeconds }} +- clientConfig: + caBundle: Cg== + service: + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /v1/admitlabel + failurePolicy: Fail + name: check-ignore-label.gatekeeper.sh + rules: + - apiGroups: + - "" + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None + timeoutSeconds: {{ .Values.validatingWebhookTimeoutSeconds }} +{{- end }} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-webhook-server-cert-secret.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-webhook-server-cert-secret.yaml new file mode 100755 index 000000000..5438a377d --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-webhook-server-cert-secret.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + annotations: +{{- toYaml .Values.secretAnnotations | trim | nindent 4 }} + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-webhook-server-cert + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-webhook-service-service.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-webhook-service-service.yaml new file mode 100755 index 000000000..473bc4b25 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-webhook-service-service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' +spec: + ports: + - port: 443 + targetPort: 8443 + selector: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/requiredlabels.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/requiredlabels.yaml new file mode 100755 index 000000000..e93e6a0a7 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/requiredlabels.yaml @@ -0,0 +1,57 @@ +apiVersion: templates.gatekeeper.sh/v1beta1 +kind: ConstraintTemplate +metadata: + name: k8srequiredlabels +spec: + crd: + spec: + names: + kind: K8sRequiredLabels + validation: + # Schema for the `parameters` field + openAPIV3Schema: + properties: + message: + type: string + labels: + type: array + items: + type: object + properties: + key: + type: string + allowedRegex: + type: string + targets: + - target: admission.k8s.gatekeeper.sh + rego: | + package k8srequiredlabels + + get_message(parameters, _default) = msg { + not parameters.message + msg := _default + } + + get_message(parameters, _default) = msg { + msg := parameters.message + } + + violation[{"msg": msg, "details": {"missing_labels": missing}}] { + provided := {label | input.review.object.metadata.labels[label]} + required := {label | label := input.parameters.labels[_].key} + missing := required - provided + count(missing) > 0 + def_msg := sprintf("you must provide labels: %v", [missing]) + msg := get_message(input.parameters, def_msg) + } + + violation[{"msg": msg}] { + value := input.review.object.metadata.labels[key] + expected := input.parameters.labels[_] + expected.key == key + # do not match if allowedRegex is not defined, or is an empty string + expected.allowedRegex != "" + not re_match(expected.allowedRegex, value) + def_msg := sprintf("Label <%v: %v> does not satisfy allowed regex: %v", [key, value, expected.allowedRegex]) + msg := get_message(input.parameters, def_msg) + } diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/validate-install-crd.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/validate-install-crd.yaml new file mode 100755 index 000000000..875d7af02 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/validate-install-crd.yaml @@ -0,0 +1,17 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "config.gatekeeper.sh/v1alpha1/Config" false -}} +# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintPodStatus" false -}} +# {{- set $found "templates.gatekeeper.sh/v1beta1/ConstraintTemplate" false -}} +# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintTemplatePodStatus" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/values.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/values.yaml new file mode 100755 index 000000000..717517977 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/values.yaml @@ -0,0 +1,60 @@ +replicas: 3 +auditInterval: 300 +constraintViolationsLimit: 20 +auditFromCache: false +disableValidatingWebhook: false +validatingWebhookTimeoutSeconds: 3 +enableDeleteOperations: false +auditChunkSize: 0 +logLevel: INFO +emitAdmissionEvents: false +emitAuditEvents: false +image: + repository: rancher/mirrored-openpolicyagent-gatekeeper + tag: v3.3.0 + pullPolicy: IfNotPresent + pullSecrets: [] +podAnnotations: + { container.seccomp.security.alpha.kubernetes.io/manager: runtime/default } +secretAnnotations: {} +controllerManager: + priorityClassName: system-cluster-critical + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: gatekeeper.sh/operation + operator: In + values: + - webhook + topologyKey: kubernetes.io/hostname + weight: 100 + tolerations: [] + nodeSelector: { kubernetes.io/os: linux } + resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi +audit: + priorityClassName: system-cluster-critical + affinity: {} + tolerations: [] + nodeSelector: { kubernetes.io/os: linux } + resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi +global: + cattle: + systemDefaultRegistry: "" + kubectl: + repository: rancher/kubectl + tag: v1.18.6 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/.helmignore b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/.helmignore new file mode 100755 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/CHANGELOG.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/CHANGELOG.md new file mode 100755 index 000000000..c68d23c24 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/CHANGELOG.md @@ -0,0 +1,15 @@ +# Changelog +All notable changes from the upstream OPA Gatekeeper chart will be added to this file + +## [Package Version 00] - 2020-09-10 +### Added +- Enabled the CRD chart generator in `package.yaml` + +### Modified +- Updated namespace to `cattle-gatekeeper-system` +- Updated for Helm 3 compatibility + - Moved crds to `crds` directory + - Removed `crd-install` hooks and templates from crds + +### Removed +- Removed `gatekeeper-system-namespace.yaml` as Rancher handles namespaces for chart installation diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/Chart.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/Chart.yaml new file mode 100755 index 000000000..95989f1f6 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/Chart.yaml @@ -0,0 +1,22 @@ +annotations: + catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: OPA Gatekeeper + catalog.cattle.io/namespace: cattle-gatekeeper-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1 + catalog.cattle.io/release-name: rancher-gatekeeper + catalog.cattle.io/ui-component: gatekeeper +apiVersion: v1 +appVersion: v3.3.0 +description: Modifies Open Policy Agent's upstream gatekeeper chart that provides + policy-based control for cloud native environments +home: https://github.com/open-policy-agent/gatekeeper +icon: https://charts.rancher.io/assets/logos/gatekeeper.svg +keywords: +- open policy agent +- security +name: rancher-gatekeeper +sources: +- https://github.com/open-policy-agent/gatekeeper.git +version: 3.3.001 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/README.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/README.md new file mode 100755 index 000000000..45cf27c79 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/README.md @@ -0,0 +1,39 @@ +# Gatekeeper Helm Chart + +## Parameters + +| Parameter | Description | Default | +| :---------------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------ | +| auditInterval | The frequency with which audit is run | `300` | +| constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20` | +| auditFromCache | Take the roster of resources to audit from the OPA cache | `false` | +| auditChunkSize | Chunk size for listing cluster resources for audit (alpha feature) | `0` | +| disableValidatingWebhook | Disable the validating webhook | `false` | +| validatingWebhookTimeoutSeconds | The timeout for the validating webhook in seconds | `3` | +| enableDeleteOperations | Enable validating webhook for delete operations | `false` | +| emitAdmissionEvents | Emit K8s events in gatekeeper namespace for admission violations (alpha feature) | `false` | +| emitAuditEvents | Emit K8s events in gatekeeper namespace for audit violations (alpha feature) | `false` | +| logLevel | Minimum log level | `INFO` | +| image.pullPolicy | The image pull policy | `IfNotPresent` | +| image.repository | Image repository | `openpolicyagent/gatekeeper` | +| image.release | The image release tag to use | Current release version: `v3.3.0` | +| image.pullSecrets | Specify an array of imagePullSecrets | `[]` | +| resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi | +| nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` | +| affinity | The node affinity to use for pod scheduling | `{}` | +| tolerations | The tolerations to use for pod scheduling | `[]` | +| controllerManager.priorityClassName | Priority class name for controller manager | `system-cluster-critical` | +| audit.priorityClassName | Priority class name for audit controller | `system-cluster-critical` | +| replicas | The number of Gatekeeper replicas to deploy for the webhook | `1` | +| podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` | +| secretAnnotations | The annotations to add to the Gatekeeper secrets | `{}` | +| customResourceDefinitions.create | Whether the release should install CRDs. Regardless of this value, Helm v3+ will install the CRDs if those are not present already. Use --skip-crds with helm install if you want to skip CRD creation | `true` | + +## Contributing Changes + +This Helm chart is autogenerated from the Gatekeeper static manifest. The +generator code lives under `cmd/build/helmify`. To make modifications to this +template, please edit `kustomization.yaml` and `replacements.go` under that +directory and then run `make manifests`. Your changes will show up in the +`manifest_staging` directory and will be promoted to the root `charts` directory +the next time a Gatekeeper release is cut. diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/app-readme.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/app-readme.md new file mode 100755 index 000000000..d44cf7b2b --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/app-readme.md @@ -0,0 +1,14 @@ +# Rancher OPA Gatekeeper + +This chart is based off of the upstream [OPA Gatekeeper](https://github.com/open-policy-agent/gatekeeper/tree/master/charts/gatekeeper) chart. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/opa-gatekeper/). + +The chart installs the following components: + +- OPA Gatekeeper Controller-Manager - OPA Gatekeeper is a policy engine for providing policy based governance for Kubernetes clusters. The controller installs as a [validating admission controller webhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#validatingadmissionwebhook) on the cluster and intercepts all admission requests that create, update or delete a resource in the cluster. +- [Audit](https://github.com/open-policy-agent/gatekeeper#audit) - A periodic audit of the cluster resources against the enforced policies. Any existing resource that violates a policy will be recorded as violations. +- [Constraint Template](https://github.com/open-policy-agent/gatekeeper#constraint-templates) - A template is a CRD (`ConstraintTemplate`) that defines the schema and Rego logic of a policy to be applied to the cluster by Gatekeeper's admission controller webhook. This chart installs a few default `ConstraintTemplate` custom resources. +- [Constraint](https://github.com/open-policy-agent/gatekeeper#constraints) - A constraint is a custom resource that defines the scope of resources which a specific constraint template should apply to. The complete policy is defined by a combination of `ConstraintTemplates` (i.e. what the policy is) and `Constraints` (i.e. what resource to apply the policy to). + +For more information on how to configure the Helm chart, refer to the Helm README. diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/_helpers.tpl b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/_helpers.tpl new file mode 100755 index 000000000..f5d0ab307 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/_helpers.tpl @@ -0,0 +1,52 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "gatekeeper.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gatekeeper.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gatekeeper.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "gatekeeper.labels" -}} +app.kubernetes.io/name: {{ include "gatekeeper.name" . }} +helm.sh/chart: {{ include "gatekeeper.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/allowedrepos.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/allowedrepos.yaml new file mode 100755 index 000000000..9abb84ecb --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/allowedrepos.yaml @@ -0,0 +1,35 @@ +apiVersion: templates.gatekeeper.sh/v1beta1 +kind: ConstraintTemplate +metadata: + name: k8sallowedrepos +spec: + crd: + spec: + names: + kind: K8sAllowedRepos + validation: + # Schema for the `parameters` field + openAPIV3Schema: + properties: + repos: + type: array + items: + type: string + targets: + - target: admission.k8s.gatekeeper.sh + rego: | + package k8sallowedrepos + + violation[{"msg": msg}] { + container := input.review.object.spec.containers[_] + satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)] + not any(satisfied) + msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos]) + } + + violation[{"msg": msg}] { + container := input.review.object.spec.initContainers[_] + satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)] + not any(satisfied) + msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos]) + } diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-admin-podsecuritypolicy.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-admin-podsecuritypolicy.yaml new file mode 100755 index 000000000..78f36ecfb --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-admin-podsecuritypolicy.yaml @@ -0,0 +1,35 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-admin +spec: + allowPrivilegeEscalation: false + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - projected + - secret + - downwardAPI diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-admin-serviceaccount.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-admin-serviceaccount.yaml new file mode 100755 index 000000000..4b68998cb --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-admin-serviceaccount.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-audit-deployment.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-audit-deployment.yaml new file mode 100755 index 000000000..95ccaa767 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-audit-deployment.yaml @@ -0,0 +1,103 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-audit + namespace: '{{ .Release.Namespace }}' +spec: + replicas: 1 + selector: + matchLabels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + template: + metadata: + annotations: +{{- toYaml .Values.podAnnotations | trim | nindent 8 }} + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + spec: + automountServiceAccountToken: true + containers: + - args: + - --audit-interval={{ .Values.auditInterval }} + - --log-level={{ .Values.logLevel }} + - --constraint-violations-limit={{ .Values.constraintViolationsLimit }} + - --audit-from-cache={{ .Values.auditFromCache }} + - --audit-chunk-size={{ .Values.auditChunkSize }} + - --emit-audit-events={{ .Values.emitAuditEvents }} + - --operation=audit + - --operation=status + - --logtostderr + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: '{{ .Values.image.pullPolicy }}' + livenessProbe: + httpGet: + path: /healthz + port: 9090 + name: manager + ports: + - containerPort: 8888 + name: metrics + protocol: TCP + - containerPort: 9090 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 9090 + resources: +{{ toYaml .Values.audit.resources | indent 10 }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: true + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: +{{ toYaml .Values.audit.nodeSelector | indent 8 }} + affinity: +{{ toYaml .Values.audit.affinity | indent 8 }} + tolerations: +{{ toYaml .Values.audit.tolerations | indent 8 }} + imagePullSecrets: +{{ toYaml .Values.image.pullSecrets | indent 8 }} +{{- if .Values.audit.priorityClassName }} + priorityClassName: {{ .Values.audit.priorityClassName }} +{{- end }} + serviceAccountName: gatekeeper-admin + terminationGracePeriodSeconds: 60 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-controller-manager-deployment.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-controller-manager-deployment.yaml new file mode 100755 index 000000000..b050f3574 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-controller-manager-deployment.yaml @@ -0,0 +1,124 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-controller-manager + namespace: '{{ .Release.Namespace }}' +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + template: + metadata: + annotations: +{{- toYaml .Values.podAnnotations | trim | nindent 8 }} + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: gatekeeper.sh/operation + operator: In + values: + - webhook + topologyKey: kubernetes.io/hostname + weight: 100 + automountServiceAccountToken: true + containers: + - args: + - --port=8443 + - --logtostderr + - --emit-admission-events={{ .Values.emitAdmissionEvents }} + - --log-level={{ .Values.logLevel }} + - --exempt-namespace=gatekeeper-system + - --operation=webhook + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: '{{ .Values.image.pullPolicy }}' + livenessProbe: + httpGet: + path: /healthz + port: 9090 + name: manager + ports: + - containerPort: 8443 + name: webhook-server + protocol: TCP + - containerPort: 8888 + name: metrics + protocol: TCP + - containerPort: 9090 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 9090 + resources: +{{ toYaml .Values.controllerManager.resources | indent 10 }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: true + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /certs + name: cert + readOnly: true + nodeSelector: +{{ toYaml .Values.controllerManager.nodeSelector | indent 8 }} + affinity: +{{ toYaml .Values.controllerManager.affinity | indent 8 }} + tolerations: +{{ toYaml .Values.controllerManager.tolerations | indent 8 }} + imagePullSecrets: +{{ toYaml .Values.image.pullSecrets | indent 8 }} +{{- if .Values.controllerManager.priorityClassName }} + priorityClassName: {{ .Values.controllerManager.priorityClassName }} +{{- end }} + serviceAccountName: gatekeeper-admin + terminationGracePeriodSeconds: 60 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: gatekeeper-webhook-server-cert diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-role-clusterrole.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-role-clusterrole.yaml new file mode 100755 index 000000000..05577fb22 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-role-clusterrole.yaml @@ -0,0 +1,139 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - config.gatekeeper.sh + resources: + - configs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - config.gatekeeper.sh + resources: + - configs/status + verbs: + - get + - patch + - update +- apiGroups: + - constraints.gatekeeper.sh + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mutations.gatekeeper.sh + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - policy + resourceNames: + - gatekeeper-admin + resources: + - podsecuritypolicies + verbs: + - use +- apiGroups: + - status.gatekeeper.sh + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates/finalizers + verbs: + - delete + - get + - patch + - update +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates/status + verbs: + - get + - patch + - update +- apiGroups: + - admissionregistration.k8s.io + resourceNames: + - gatekeeper-validating-webhook-configuration + resources: + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-role-role.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-role-role.yaml new file mode 100755 index 000000000..73e2c5cf7 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-role-role.yaml @@ -0,0 +1,32 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-role + namespace: '{{ .Release.Namespace }}' +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml new file mode 100755 index 000000000..22194d2ad --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gatekeeper-manager-role +subjects: +- kind: ServiceAccount + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-rolebinding-rolebinding.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-rolebinding-rolebinding.yaml new file mode 100755 index 000000000..4bf6087dc --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-rolebinding-rolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-rolebinding + namespace: '{{ .Release.Namespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: gatekeeper-manager-role +subjects: +- kind: ServiceAccount + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml new file mode 100755 index 000000000..ba72d918e --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml @@ -0,0 +1,61 @@ +{{- if not .Values.disableValidatingWebhook }} +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-validating-webhook-configuration +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /v1/admit + failurePolicy: Ignore + name: validation.gatekeeper.sh + namespaceSelector: + matchExpressions: + - key: admission.gatekeeper.sh/ignore + operator: DoesNotExist + rules: + - apiGroups: + - '*' + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + {{- if .Values.enableDeleteOperations }} + - DELETE + {{- end}} + resources: + - '*' + sideEffects: None + timeoutSeconds: {{ .Values.validatingWebhookTimeoutSeconds }} +- clientConfig: + caBundle: Cg== + service: + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /v1/admitlabel + failurePolicy: Fail + name: check-ignore-label.gatekeeper.sh + rules: + - apiGroups: + - "" + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None + timeoutSeconds: {{ .Values.validatingWebhookTimeoutSeconds }} +{{- end }} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-webhook-server-cert-secret.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-webhook-server-cert-secret.yaml new file mode 100755 index 000000000..5438a377d --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-webhook-server-cert-secret.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + annotations: +{{- toYaml .Values.secretAnnotations | trim | nindent 4 }} + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-webhook-server-cert + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-webhook-service-service.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-webhook-service-service.yaml new file mode 100755 index 000000000..473bc4b25 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-webhook-service-service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' +spec: + ports: + - port: 443 + targetPort: 8443 + selector: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/requiredlabels.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/requiredlabels.yaml new file mode 100755 index 000000000..e93e6a0a7 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/requiredlabels.yaml @@ -0,0 +1,57 @@ +apiVersion: templates.gatekeeper.sh/v1beta1 +kind: ConstraintTemplate +metadata: + name: k8srequiredlabels +spec: + crd: + spec: + names: + kind: K8sRequiredLabels + validation: + # Schema for the `parameters` field + openAPIV3Schema: + properties: + message: + type: string + labels: + type: array + items: + type: object + properties: + key: + type: string + allowedRegex: + type: string + targets: + - target: admission.k8s.gatekeeper.sh + rego: | + package k8srequiredlabels + + get_message(parameters, _default) = msg { + not parameters.message + msg := _default + } + + get_message(parameters, _default) = msg { + msg := parameters.message + } + + violation[{"msg": msg, "details": {"missing_labels": missing}}] { + provided := {label | input.review.object.metadata.labels[label]} + required := {label | label := input.parameters.labels[_].key} + missing := required - provided + count(missing) > 0 + def_msg := sprintf("you must provide labels: %v", [missing]) + msg := get_message(input.parameters, def_msg) + } + + violation[{"msg": msg}] { + value := input.review.object.metadata.labels[key] + expected := input.parameters.labels[_] + expected.key == key + # do not match if allowedRegex is not defined, or is an empty string + expected.allowedRegex != "" + not re_match(expected.allowedRegex, value) + def_msg := sprintf("Label <%v: %v> does not satisfy allowed regex: %v", [key, value, expected.allowedRegex]) + msg := get_message(input.parameters, def_msg) + } diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/validate-install-crd.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/validate-install-crd.yaml new file mode 100755 index 000000000..875d7af02 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/validate-install-crd.yaml @@ -0,0 +1,17 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "config.gatekeeper.sh/v1alpha1/Config" false -}} +# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintPodStatus" false -}} +# {{- set $found "templates.gatekeeper.sh/v1beta1/ConstraintTemplate" false -}} +# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintTemplatePodStatus" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/values.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/values.yaml new file mode 100755 index 000000000..899119fc6 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/values.yaml @@ -0,0 +1,60 @@ +replicas: 3 +auditInterval: 300 +constraintViolationsLimit: 20 +auditFromCache: false +disableValidatingWebhook: false +validatingWebhookTimeoutSeconds: 3 +enableDeleteOperations: false +auditChunkSize: 0 +logLevel: INFO +emitAdmissionEvents: false +emitAuditEvents: false +image: + repository: rancher/mirrored-openpolicyagent-gatekeeper + tag: v3.3.0 + pullPolicy: IfNotPresent + pullSecrets: [] +podAnnotations: + { container.seccomp.security.alpha.kubernetes.io/manager: runtime/default } +secretAnnotations: {} +controllerManager: + priorityClassName: system-cluster-critical + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: gatekeeper.sh/operation + operator: In + values: + - webhook + topologyKey: kubernetes.io/hostname + weight: 100 + tolerations: [] + nodeSelector: { kubernetes.io/os: linux } + resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi +audit: + priorityClassName: system-cluster-critical + affinity: {} + tolerations: [] + nodeSelector: { kubernetes.io/os: linux } + resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi +global: + cattle: + systemDefaultRegistry: "" + kubectl: + repository: rancher/kubectl + tag: v1.20.2 diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/.helmignore b/released/charts/rancher-grafana/rancher-grafana/6.6.401/.helmignore new file mode 100755 index 000000000..8cade1318 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.vscode +.project +.idea/ +*.tmproj +OWNERS diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/Chart.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/Chart.yaml new file mode 100755 index 000000000..83ff41050 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/Chart.yaml @@ -0,0 +1,28 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-grafana +apiVersion: v2 +appVersion: 7.4.5 +description: The leading tool for querying and visualizing time series and metrics. +home: https://grafana.net +icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png +kubeVersion: ^1.8.0-0 +maintainers: +- email: zanhsieh@gmail.com + name: zanhsieh +- email: rluckie@cisco.com + name: rtluckie +- email: maor.friedman@redhat.com + name: maorfr +- email: miroslav.hadzhiev@gmail.com + name: Xtigyro +- email: mail@torstenwalter.de + name: torstenwalter +name: rancher-grafana +sources: +- https://github.com/grafana/grafana +type: application +version: 6.6.401 diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/README.md b/released/charts/rancher-grafana/rancher-grafana/6.6.401/README.md new file mode 100755 index 000000000..957f019ec --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/README.md @@ -0,0 +1,514 @@ +# Grafana Helm Chart + +* Installs the web dashboarding system [Grafana](http://grafana.org/) + +## Get Repo Info + +```console +helm repo add grafana https://grafana.github.io/helm-charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release grafana/grafana +``` + +## Uninstalling the Chart + +To uninstall/delete the my-release deployment: + +```console +helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Upgrading an existing Release to a new major version + +A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an +incompatible breaking change needing manual actions. + +### To 4.0.0 (And 3.12.1) + +This version requires Helm >= 2.12.0. + +### To 5.0.0 + +You have to add --force to your helm upgrade command as the labels of the chart have changed. + +### To 6.0.0 + +This version requires Helm >= 3.1.0. + +## Configuration + +| Parameter | Description | Default | +|-------------------------------------------|-----------------------------------------------|---------------------------------------------------------| +| `replicas` | Number of nodes | `1` | +| `podDisruptionBudget.minAvailable` | Pod disruption minimum available | `nil` | +| `podDisruptionBudget.maxUnavailable` | Pod disruption maximum unavailable | `nil` | +| `deploymentStrategy` | Deployment strategy | `{ "type": "RollingUpdate" }` | +| `livenessProbe` | Liveness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } "initialDelaySeconds": 60, "timeoutSeconds": 30, "failureThreshold": 10 }` | +| `readinessProbe` | Readiness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } }`| +| `securityContext` | Deployment securityContext | `{"runAsUser": 472, "runAsGroup": 472, "fsGroup": 472}` | +| `priorityClassName` | Name of Priority Class to assign pods | `nil` | +| `image.repository` | Image repository | `grafana/grafana` | +| `image.tag` | Image tag (`Must be >= 5.0.0`) | `7.4.5` | +| `image.sha` | Image sha (optional) | `2b56f6106ddc376bb46d974230d530754bf65a640dfbc5245191d72d3b49efc6` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Image pull secrets | `{}` | +| `service.type` | Kubernetes service type | `ClusterIP` | +| `service.port` | Kubernetes port where service is exposed | `80` | +| `service.portName` | Name of the port on the service | `service` | +| `service.targetPort` | Internal service is port | `3000` | +| `service.nodePort` | Kubernetes service nodePort | `nil` | +| `service.annotations` | Service annotations | `{}` | +| `service.labels` | Custom labels | `{}` | +| `service.clusterIP` | internal cluster service IP | `nil` | +| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `nil` | +| `service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to lb (if supported) | `[]` | +| `service.externalIPs` | service external IP addresses | `[]` | +| `extraExposePorts` | Additional service ports for sidecar containers| `[]` | +| `hostAliases` | adds rules to the pod's /etc/hosts | `[]` | +| `ingress.enabled` | Enables Ingress | `false` | +| `ingress.annotations` | Ingress annotations (values are templated) | `{}` | +| `ingress.labels` | Custom labels | `{}` | +| `ingress.path` | Ingress accepted path | `/` | +| `ingress.pathType` | Ingress type of path | `Prefix` | +| `ingress.hosts` | Ingress accepted hostnames | `["chart-example.local"]` | +| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). | `[]` | +| `ingress.tls` | Ingress TLS configuration | `[]` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Toleration labels for pod assignment | `[]` | +| `affinity` | Affinity settings for pod assignment | `{}` | +| `extraInitContainers` | Init containers to add to the grafana pod | `{}` | +| `extraContainers` | Sidecar containers to add to the grafana pod | `{}` | +| `extraContainerVolumes` | Volumes that can be mounted in sidecar containers | `[]` | +| `extraLabels` | Custom labels for all manifests | `{}` | +| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | +| `persistence.enabled` | Use persistent volume to store data | `false` | +| `persistence.type` | Type of persistence (`pvc` or `statefulset`) | `pvc` | +| `persistence.size` | Size of persistent volume claim | `10Gi` | +| `persistence.existingClaim` | Use an existing PVC to persist data | `nil` | +| `persistence.storageClassName` | Type of persistent volume claim | `nil` | +| `persistence.accessModes` | Persistence access modes | `[ReadWriteOnce]` | +| `persistence.annotations` | PersistentVolumeClaim annotations | `{}` | +| `persistence.finalizers` | PersistentVolumeClaim finalizers | `[ "kubernetes.io/pvc-protection" ]` | +| `persistence.subPath` | Mount a sub dir of the persistent volume | `nil` | +| `persistence.inMemory.enabled` | If persistence is not enabled, whether to mount the local storage in-memory to improve performance | `false` | +| `persistence.inMemory.sizeLimit` | SizeLimit for the in-memory local storage | `nil` | +| `initChownData.enabled` | If false, don't reset data ownership at startup | true | +| `initChownData.image.repository` | init-chown-data container image repository | `busybox` | +| `initChownData.image.tag` | init-chown-data container image tag | `1.31.1` | +| `initChownData.image.sha` | init-chown-data container image sha (optional)| `""` | +| `initChownData.image.pullPolicy` | init-chown-data container image pull policy | `IfNotPresent` | +| `initChownData.resources` | init-chown-data pod resource requests & limits | `{}` | +| `schedulerName` | Alternate scheduler name | `nil` | +| `env` | Extra environment variables passed to pods | `{}` | +| `envValueFrom` | Environment variables from alternate sources. See the API docs on [EnvVarSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core) for format details. | `{}` | +| `envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` | +| `envRenderSecret` | Sensible environment variables passed to pods and stored as secret | `{}` | +| `extraSecretMounts` | Additional grafana server secret mounts | `[]` | +| `extraVolumeMounts` | Additional grafana server volume mounts | `[]` | +| `extraConfigmapMounts` | Additional grafana server configMap volume mounts | `[]` | +| `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` | +| `plugins` | Plugins to be loaded along with Grafana | `[]` | +| `datasources` | Configure grafana datasources (passed through tpl) | `{}` | +| `notifiers` | Configure grafana notifiers | `{}` | +| `dashboardProviders` | Configure grafana dashboard providers | `{}` | +| `dashboards` | Dashboards to import | `{}` | +| `dashboardsConfigMaps` | ConfigMaps reference that contains dashboards | `{}` | +| `grafana.ini` | Grafana's primary configuration | `{}` | +| `ldap.enabled` | Enable LDAP authentication | `false` | +| `ldap.existingSecret` | The name of an existing secret containing the `ldap.toml` file, this must have the key `ldap-toml`. | `""` | +| `ldap.config` | Grafana's LDAP configuration | `""` | +| `annotations` | Deployment annotations | `{}` | +| `labels` | Deployment labels | `{}` | +| `podAnnotations` | Pod annotations | `{}` | +| `podLabels` | Pod labels | `{}` | +| `podPortName` | Name of the grafana port on the pod | `grafana` | +| `sidecar.image.repository` | Sidecar image repository | `quay.io/kiwigrid/k8s-sidecar` | +| `sidecar.image.tag` | Sidecar image tag | `1.10.7` | +| `sidecar.image.sha` | Sidecar image sha (optional) | `""` | +| `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` | +| `sidecar.resources` | Sidecar resources | `{}` | +| `sidecar.enableUniqueFilenames` | Sets the kiwigrid/k8s-sidecar UNIQUE_FILENAMES environment variable | `false` | +| `sidecar.dashboards.enabled` | Enables the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` | +| `sidecar.dashboards.SCProvider` | Enables creation of sidecar provider | `true` | +| `sidecar.dashboards.provider.name` | Unique name of the grafana provider | `sidecarProvider` | +| `sidecar.dashboards.provider.orgid` | Id of the organisation, to which the dashboards should be added | `1` | +| `sidecar.dashboards.provider.folder` | Logical folder in which grafana groups dashboards | `""` | +| `sidecar.dashboards.provider.disableDelete` | Activate to avoid the deletion of imported dashboards | `false` | +| `sidecar.dashboards.provider.allowUiUpdates` | Allow updating provisioned dashboards from the UI | `false` | +| `sidecar.dashboards.provider.type` | Provider type | `file` | +| `sidecar.dashboards.provider.foldersFromFilesStructure` | Allow Grafana to replicate dashboard structure from filesystem. | `false` | +| `sidecar.dashboards.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` | +| `sidecar.skipTlsVerify` | Set to true to skip tls verification for kube api calls | `nil` | +| `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `grafana_dashboard` | +| `sidecar.dashboards.labelValue` | Label value that config maps with dashboards should have to be added | `nil` | +| `sidecar.dashboards.folder` | Folder in the pod that should hold the collected dashboards (unless `sidecar.dashboards.defaultFolderName` is set). This path will be mounted. | `/tmp/dashboards` | +| `sidecar.dashboards.folderAnnotation` | The annotation the sidecar will look for in configmaps to override the destination folder for files | `nil` | +| `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` | +| `sidecar.dashboards.searchNamespace` | If specified, the sidecar will search for dashboard config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | +| `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` | +| `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `grafana_datasource` | +| `sidecar.datasources.labelValue` | Label value that config maps with datasources should have to be added | `nil` | +| `sidecar.datasources.searchNamespace` | If specified, the sidecar will search for datasources config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | +| `sidecar.notifiers.enabled` | Enables the cluster wide search for notifiers and adds/updates/deletes them in grafana | `false` | +| `sidecar.notifiers.label` | Label that config maps with notifiers should have to be added | `grafana_notifier` | +| `sidecar.notifiers.searchNamespace` | If specified, the sidecar will search for notifiers config-maps (or secrets) inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | +| `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials. | `""` | +| `smtp.userKey` | The key in the existing SMTP secret containing the username. | `"user"` | +| `smtp.passwordKey` | The key in the existing SMTP secret containing the password. | `"password"` | +| `admin.existingSecret` | The name of an existing secret containing the admin credentials. | `""` | +| `admin.userKey` | The key in the existing admin secret containing the username. | `"admin-user"` | +| `admin.passwordKey` | The key in the existing admin secret containing the password. | `"admin-password"` | +| `serviceAccount.annotations` | ServiceAccount annotations | | +| `serviceAccount.create` | Create service account | `true` | +| `serviceAccount.name` | Service account name to use, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `` | +| `serviceAccount.nameTest` | Service account name to use for test, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `nil` | +| `rbac.create` | Create and use RBAC resources | `true` | +| `rbac.namespaced` | Creates Role and Rolebinding instead of the default ClusterRole and ClusteRoleBindings for the grafana instance | `false` | +| `rbac.useExistingRole` | Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to the rolename set here. | `nil` | +| `rbac.pspEnabled` | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `true` | +| `rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`) | `true` | +| `rbac.extraRoleRules` | Additional rules to add to the Role | [] | +| `rbac.extraClusterRoleRules` | Additional rules to add to the ClusterRole | [] | +| `command` | Define command to be executed by grafana container at startup | `nil` | +| `testFramework.enabled` | Whether to create test-related resources | `true` | +| `testFramework.image` | `test-framework` image repository. | `bats/bats` | +| `testFramework.tag` | `test-framework` image tag. | `v1.1.0` | +| `testFramework.imagePullPolicy` | `test-framework` image pull policy. | `IfNotPresent` | +| `testFramework.securityContext` | `test-framework` securityContext | `{}` | +| `downloadDashboards.env` | Environment variables to be passed to the `download-dashboards` container | `{}` | +| `downloadDashboards.envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` | +| `downloadDashboards.resources` | Resources of `download-dashboards` container | `{}` | +| `downloadDashboardsImage.repository` | Curl docker image repo | `curlimages/curl` | +| `downloadDashboardsImage.tag` | Curl docker image tag | `7.73.0` | +| `downloadDashboardsImage.sha` | Curl docker image sha (optional) | `""` | +| `downloadDashboardsImage.pullPolicy` | Curl docker image pull policy | `IfNotPresent` | +| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) | +| `serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` | +| `serviceMonitor.namespace` | Namespace this servicemonitor is installed in | | +| `serviceMonitor.interval` | How frequently Prometheus should scrape | `1m` | +| `serviceMonitor.path` | Path to scrape | `/metrics` | +| `serviceMonitor.scheme` | Scheme to use for metrics scraping | `http` | +| `serviceMonitor.tlsConfig` | TLS configuration block for the endpoint | `{}` | +| `serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` | +| `serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `30s` | +| `serviceMonitor.relabelings` | MetricRelabelConfigs to apply to samples before ingestion. | `[]` | +| `revisionHistoryLimit` | Number of old ReplicaSets to retain | `10` | +| `imageRenderer.enabled` | Enable the image-renderer deployment & service | `false` | +| `imageRenderer.image.repository` | image-renderer Image repository | `grafana/grafana-image-renderer` | +| `imageRenderer.image.tag` | image-renderer Image tag | `latest` | +| `imageRenderer.image.sha` | image-renderer Image sha (optional) | `""` | +| `imageRenderer.image.pullPolicy` | image-renderer ImagePullPolicy | `Always` | +| `imageRenderer.env` | extra env-vars for image-renderer | `{}` | +| `imageRenderer.serviceAccountName` | image-renderer deployment serviceAccountName | `""` | +| `imageRenderer.securityContext` | image-renderer deployment securityContext | `{}` | +| `imageRenderer.hostAliases` | image-renderer deployment Host Aliases | `[]` | +| `imageRenderer.priorityClassName` | image-renderer deployment priority class | `''` | +| `imageRenderer.service.portName` | image-renderer service port name | `'http'` | +| `imageRenderer.service.port` | image-renderer service port used by both service and deployment | `8081` | +| `imageRenderer.grafanaSubPath` | Grafana sub path to use for image renderer callback url | `''` | +| `imageRenderer.podPortName` | name of the image-renderer port on the pod | `http` | +| `imageRenderer.revisionHistoryLimit` | number of image-renderer replica sets to keep | `10` | +| `imageRenderer.networkPolicy.limitIngress` | Enable a NetworkPolicy to limit inbound traffic from only the created grafana pods | `true` | +| `imageRenderer.networkPolicy.limitEgress` | Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods | `false` | +| `imageRenderer.resources` | Set resource limits for image-renderer pdos | `{}` | + +### Example ingress with path + +With grafana 6.3 and above +```yaml +grafana.ini: + server: + domain: monitoring.example.com + root_url: "%(protocol)s://%(domain)s/grafana" + serve_from_sub_path: true +ingress: + enabled: true + hosts: + - "monitoring.example.com" + path: "/grafana" +``` + +### Example of extraVolumeMounts + +```yaml +- extraVolumeMounts: + - name: plugins + mountPath: /var/lib/grafana/plugins + subPath: configs/grafana/plugins + existingClaim: existing-grafana-claim + readOnly: false +``` + +## Import dashboards + +There are a few methods to import dashboards to Grafana. Below are some examples and explanations as to how to use each method: + +```yaml +dashboards: + default: + some-dashboard: + json: | + { + "annotations": + + ... + # Complete json file here + ... + + "title": "Some Dashboard", + "uid": "abcd1234", + "version": 1 + } + custom-dashboard: + # This is a path to a file inside the dashboards directory inside the chart directory + file: dashboards/custom-dashboard.json + prometheus-stats: + # Ref: https://grafana.com/dashboards/2 + gnetId: 2 + revision: 2 + datasource: Prometheus + local-dashboard: + url: https://raw.githubusercontent.com/user/repository/master/dashboards/dashboard.json +``` + +## BASE64 dashboards + +Dashboards could be stored on a server that does not return JSON directly and instead of it returns a Base64 encoded file (e.g. Gerrit) +A new parameter has been added to the url use case so if you specify a b64content value equals to true after the url entry a Base64 decoding is applied before save the file to disk. +If this entry is not set or is equals to false not decoding is applied to the file before saving it to disk. + +### Gerrit use case + +Gerrit API for download files has the following schema: where {project-name} and +{file-id} usually has '/' in their values and so they MUST be replaced by %2F so if project-name is user/repo, branch-id is master and file-id is equals to dir1/dir2/dashboard +the url value is + +## Sidecar for dashboards + +If the parameter `sidecar.dashboards.enabled` is set, a sidecar container is deployed in the grafana +pod. This container watches all configmaps (or secrets) in the cluster and filters out the ones with +a label as defined in `sidecar.dashboards.label`. The files defined in those configmaps are written +to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported +dashboards are deleted/updated. + +A recommendation is to use one configmap per dashboard, as a reduction of multiple dashboards inside +one configmap is currently not properly mirrored in grafana. + +Example dashboard config: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: sample-grafana-dashboard + labels: + grafana_dashboard: "1" +data: + k8s-dashboard.json: |- + [...] +``` + +## Sidecar for datasources + +If the parameter `sidecar.datasources.enabled` is set, an init container is deployed in the grafana +pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and +filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in +those secrets are written to a folder and accessed by grafana on startup. Using these yaml files, +the data sources in grafana can be imported. + +Secrets are recommended over configmaps for this usecase because datasources usually contain private +data like usernames and passwords. Secrets are the more appropriate cluster resource to manage those. + +Example values to add a datasource adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file): + +```yaml +datasources: + datasources.yaml: + apiVersion: 1 + datasources: + # name of the datasource. Required + - name: Graphite + # datasource type. Required + type: graphite + # access mode. proxy or direct (Server or Browser in the UI). Required + access: proxy + # org id. will default to orgId 1 if not specified + orgId: 1 + # url + url: http://localhost:8080 + # database password, if used + password: + # database user, if used + user: + # database name, if used + database: + # enable/disable basic auth + basicAuth: + # basic auth username + basicAuthUser: + # basic auth password + basicAuthPassword: + # enable/disable with credentials headers + withCredentials: + # mark as default datasource. Max one per org + isDefault: + # fields that will be converted to json and stored in json_data + jsonData: + graphiteVersion: "1.1" + tlsAuth: true + tlsAuthWithCACert: true + # json object of data that will be encrypted. + secureJsonData: + tlsCACert: "..." + tlsClientCert: "..." + tlsClientKey: "..." + version: 1 + # allow users to edit datasources from the UI. + editable: false +``` + +## Sidecar for notifiers + +If the parameter `sidecar.notifiers.enabled` is set, an init container is deployed in the grafana +pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and +filters out the ones with a label as defined in `sidecar.notifiers.label`. The files defined in +those secrets are written to a folder and accessed by grafana on startup. Using these yaml files, +the notification channels in grafana can be imported. The secrets must be created before +`helm install` so that the notifiers init container can list the secrets. + +Secrets are recommended over configmaps for this usecase because alert notification channels usually contain +private data like SMTP usernames and passwords. Secrets are the more appropriate cluster resource to manage those. + +Example datasource config adapted from [Grafana](https://grafana.com/docs/grafana/latest/administration/provisioning/#alert-notification-channels): + +```yaml +notifiers: + - name: notification-channel-1 + type: slack + uid: notifier1 + # either + org_id: 2 + # or + org_name: Main Org. + is_default: true + send_reminder: true + frequency: 1h + disable_resolve_message: false + # See `Supported Settings` section for settings supporter for each + # alert notification type. + settings: + recipient: 'XXX' + token: 'xoxb' + uploadImage: true + url: https://slack.com + +delete_notifiers: + - name: notification-channel-1 + uid: notifier1 + org_id: 2 + - name: notification-channel-2 + # default org_id: 1 +``` + +## How to serve Grafana with a path prefix (/grafana) + +In order to serve Grafana with a prefix (e.g., ), add the following to your values.yaml. + +```yaml +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/rewrite-target: /$1 + nginx.ingress.kubernetes.io/use-regex: "true" + + path: /grafana/?(.*) + hosts: + - k8s.example.dev + +grafana.ini: + server: + root_url: http://localhost:3000/grafana # this host can be localhost +``` + +## How to securely reference secrets in grafana.ini + +This example uses Grafana uses [file providers](https://grafana.com/docs/grafana/latest/administration/configuration/#file-provider) for secret values and the `extraSecretMounts` configuration flag (Additional grafana server secret mounts) to mount the secrets. + +In grafana.ini: + +```yaml +grafana.ini: + [auth.generic_oauth] + enabled = true + client_id = $__file{/etc/secrets/auth_generic_oauth/client_id} + client_secret = $__file{/etc/secrets/auth_generic_oauth/client_secret} +``` + +Existing secret, or created along with helm: + +```yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: auth-generic-oauth-secret +type: Opaque +stringData: + client_id: + client_secret: +``` + +Include in the `extraSecretMounts` configuration flag: + +```yaml +- extraSecretMounts: + - name: auth-generic-oauth-secret-mount + secretName: auth-generic-oauth-secret + defaultMode: 0440 + mountPath: /etc/secrets/auth_generic_oauth + readOnly: true +``` + +### extraSecretMounts using a Container Storage Interface (CSI) provider + +This example uses a CSI driver e.g. retrieving secrets using [Azure Key Vault Provider](https://github.com/Azure/secrets-store-csi-driver-provider-azure) + +```yaml +- extraSecretMounts: + - name: secrets-store-inline + mountPath: /run/secrets + readOnly: true + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: "my-provider" + nodePublishSecretRef: + name: akv-creds +``` + +## Image Renderer Plug-In + +This chart supports enabling [remote image rendering](https://github.com/grafana/grafana-image-renderer/blob/master/docs/remote_rendering_using_docker.md) + +```yaml +imageRenderer: + enabled: true +``` + +### Image Renderer NetworkPolicy + +By default the image-renderer pods will have a network policy which only allows ingress traffic from the created grafana instance diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/dashboards/custom-dashboard.json b/released/charts/rancher-grafana/rancher-grafana/6.6.401/dashboards/custom-dashboard.json new file mode 100755 index 000000000..9e26dfeeb --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/dashboards/custom-dashboard.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/NOTES.txt b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/NOTES.txt new file mode 100755 index 000000000..1fc8436d9 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/NOTES.txt @@ -0,0 +1,54 @@ +1. Get your '{{ .Values.adminUser }}' user password by running: + + kubectl get secret --namespace {{ template "grafana.namespace" . }} {{ template "grafana.fullname" . }} -o jsonpath="{.data.admin-password}" | base64 --decode ; echo + +2. The Grafana server can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster: + + {{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}.svc.cluster.local +{{ if .Values.ingress.enabled }} + If you bind grafana to 80, please update values in values.yaml and reinstall: + ``` + securityContext: + runAsUser: 0 + runAsGroup: 0 + fsGroup: 0 + + command: + - "setcap" + - "'cap_net_bind_service=+ep'" + - "/usr/sbin/grafana-server &&" + - "sh" + - "/run.sh" + ``` + Details refer to https://grafana.com/docs/installation/configuration/#http-port. + Or grafana would always crash. + + From outside the cluster, the server URL(s) are: +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{ else }} + Get the Grafana URL to visit by running these commands in the same shell: +{{ if contains "NodePort" .Values.service.type -}} + export NODE_PORT=$(kubectl get --namespace {{ template "grafana.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "grafana.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ template "grafana.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{ else if contains "LoadBalancer" .Values.service.type -}} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc --namespace {{ template "grafana.namespace" . }} -w {{ template "grafana.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ template "grafana.namespace" . }} {{ template "grafana.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + http://$SERVICE_IP:{{ .Values.service.port -}} +{{ else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ template "grafana.namespace" . }} -l "app.kubernetes.io/name={{ template "grafana.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + kubectl --namespace {{ template "grafana.namespace" . }} port-forward $POD_NAME 3000 +{{- end }} +{{- end }} + +3. Login with the password from step 1 and the username: {{ .Values.adminUser }} + +{{- if not .Values.persistence.enabled }} +################################################################################# +###### WARNING: Persistence is disabled!!! You will lose your data when ##### +###### the Grafana pod is terminated. ##### +################################################################################# +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/_helpers.tpl b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/_helpers.tpl new file mode 100755 index 000000000..76ad78876 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/_helpers.tpl @@ -0,0 +1,145 @@ +# Rancher +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "grafana.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "grafana.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "grafana.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account +*/}} +{{- define "grafana.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "grafana.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{- define "grafana.serviceAccountNameTest" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (print (include "grafana.fullname" .) "-test") .Values.serviceAccount.nameTest }} +{{- else -}} + {{ default "default" .Values.serviceAccount.nameTest }} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "grafana.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "grafana.labels" -}} +helm.sh/chart: {{ include "grafana.chart" . }} +{{ include "grafana.selectorLabels" . }} +{{- if or .Chart.AppVersion .Values.image.tag }} +app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.extraLabels }} +{{ toYaml .Values.extraLabels }} +{{- end }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "grafana.selectorLabels" -}} +app.kubernetes.io/name: {{ include "grafana.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "grafana.imageRenderer.labels" -}} +helm.sh/chart: {{ include "grafana.chart" . }} +{{ include "grafana.imageRenderer.selectorLabels" . }} +{{- if or .Chart.AppVersion .Values.image.tag }} +app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels ImageRenderer +*/}} +{{- define "grafana.imageRenderer.selectorLabels" -}} +app.kubernetes.io/name: {{ include "grafana.name" . }}-image-renderer +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Return the appropriate apiVersion for rbac. +*/}} +{{- define "rbac.apiVersion" -}} +{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/_pod.tpl b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/_pod.tpl new file mode 100755 index 000000000..2ba9f115c --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/_pod.tpl @@ -0,0 +1,496 @@ +{{- define "grafana.pod" -}} +{{- if .Values.schedulerName }} +schedulerName: "{{ .Values.schedulerName }}" +{{- end }} +serviceAccountName: {{ template "grafana.serviceAccountName" . }} +{{- if .Values.securityContext }} +securityContext: +{{ toYaml .Values.securityContext | indent 2 }} +{{- end }} +{{- if .Values.hostAliases }} +hostAliases: +{{ toYaml .Values.hostAliases | indent 2 }} +{{- end }} +{{- if .Values.priorityClassName }} +priorityClassName: {{ .Values.priorityClassName }} +{{- end }} +{{- if ( or .Values.persistence.enabled .Values.dashboards .Values.sidecar.datasources.enabled .Values.sidecar.notifiers.enabled .Values.extraInitContainers) }} +initContainers: +{{- end }} +{{- if ( and .Values.persistence.enabled .Values.initChownData.enabled ) }} + - name: init-chown-data + {{- if .Values.initChownData.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}@sha256:{{ .Values.initChownData.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.initChownData.image.pullPolicy }} + securityContext: + runAsNonRoot: false + runAsUser: 0 + command: ["chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }}", "/var/lib/grafana"] + resources: +{{ toYaml .Values.initChownData.resources | indent 6 }} + volumeMounts: + - name: storage + mountPath: "/var/lib/grafana" +{{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} +{{- end }} +{{- end }} +{{- if .Values.dashboards }} + - name: download-dashboards + {{- if .Values.downloadDashboardsImage.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}@sha256:{{ .Values.downloadDashboardsImage.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.downloadDashboardsImage.pullPolicy }} + command: ["/bin/sh"] + args: [ "-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh /etc/grafana/download_dashboards.sh" ] + resources: +{{ toYaml .Values.downloadDashboards.resources | indent 6 }} + env: +{{- range $key, $value := .Values.downloadDashboards.env }} + - name: "{{ $key }}" + value: "{{ $value }}" +{{- end }} +{{- if .Values.downloadDashboards.envFromSecret }} + envFrom: + - secretRef: + name: {{ tpl .Values.downloadDashboards.envFromSecret . }} +{{- end }} + volumeMounts: + - name: config + mountPath: "/etc/grafana/download_dashboards.sh" + subPath: download_dashboards.sh + - name: storage + mountPath: "/var/lib/grafana" +{{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} +{{- end }} + {{- range .Values.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + readOnly: {{ .readOnly }} + {{- end }} +{{- end }} +{{- if .Values.sidecar.datasources.enabled }} + - name: {{ template "grafana.name" . }}-sc-datasources + {{- if .Values.sidecar.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + {{- if .Values.sidecar.datasources.envFromSecret }} + envFrom: + - secretRef: + name: {{ tpl .Values.sidecar.datasources.envFromSecret . }} + {{- end }} + env: + - name: METHOD + value: LIST + - name: LABEL + value: "{{ .Values.sidecar.datasources.label }}" + {{- if .Values.sidecar.datasources.labelValue }} + - name: LABEL_VALUE + value: {{ quote .Values.sidecar.datasources.labelValue }} + {{- end }} + - name: FOLDER + value: "/etc/grafana/provisioning/datasources" + - name: RESOURCE + value: "both" + {{- if .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ .Values.sidecar.enableUniqueFilenames }}" + {{- end }} + {{- if .Values.sidecar.datasources.searchNamespace }} + - name: NAMESPACE + value: "{{ .Values.sidecar.datasources.searchNamespace }}" + {{- end }} + {{- if .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ .Values.sidecar.skipTlsVerify }}" + {{- end }} + resources: +{{ toYaml .Values.sidecar.resources | indent 6 }} + volumeMounts: + - name: sc-datasources-volume + mountPath: "/etc/grafana/provisioning/datasources" +{{- end}} +{{- if .Values.sidecar.notifiers.enabled }} + - name: {{ template "grafana.name" . }}-sc-notifiers + {{- if .Values.sidecar.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + env: + - name: METHOD + value: LIST + - name: LABEL + value: "{{ .Values.sidecar.notifiers.label }}" + - name: FOLDER + value: "/etc/grafana/provisioning/notifiers" + - name: RESOURCE + value: "both" + {{- if .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ .Values.sidecar.enableUniqueFilenames }}" + {{- end }} + {{- if .Values.sidecar.notifiers.searchNamespace }} + - name: NAMESPACE + value: "{{ .Values.sidecar.notifiers.searchNamespace }}" + {{- end }} + {{- if .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ .Values.sidecar.skipTlsVerify }}" + {{- end }} + resources: +{{ toYaml .Values.sidecar.resources | indent 6 }} + volumeMounts: + - name: sc-notifiers-volume + mountPath: "/etc/grafana/provisioning/notifiers" +{{- end}} +{{- if .Values.extraInitContainers }} +{{ toYaml .Values.extraInitContainers | indent 2 }} +{{- end }} +{{- if .Values.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} + - name: {{ . }} +{{- end}} +{{- end }} +containers: +{{- if .Values.sidecar.dashboards.enabled }} + - name: {{ template "grafana.name" . }}-sc-dashboard + {{- if .Values.sidecar.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + env: + - name: METHOD + value: {{ .Values.sidecar.dashboards.watchMethod }} + - name: LABEL + value: "{{ .Values.sidecar.dashboards.label }}" + {{- if .Values.sidecar.dashboards.labelValue }} + - name: LABEL_VALUE + value: {{ quote .Values.sidecar.dashboards.labelValue }} + {{- end }} + - name: FOLDER + value: "{{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}" + - name: RESOURCE + value: "both" + {{- if .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ .Values.sidecar.enableUniqueFilenames }}" + {{- end }} + {{- if .Values.sidecar.dashboards.searchNamespace }} + - name: NAMESPACE + value: "{{ .Values.sidecar.dashboards.searchNamespace }}" + {{- end }} + {{- if .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ .Values.sidecar.skipTlsVerify }}" + {{- end }} + {{- if .Values.sidecar.dashboards.folderAnnotation }} + - name: FOLDER_ANNOTATION + value: "{{ .Values.sidecar.dashboards.folderAnnotation }}" + {{- end }} + resources: +{{ toYaml .Values.sidecar.resources | indent 6 }} + volumeMounts: + - name: sc-dashboard-volume + mountPath: {{ .Values.sidecar.dashboards.folder | quote }} +{{- end}} + - name: {{ .Chart.Name }} + {{- if .Values.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}@sha256:{{ .Values.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.command }} + command: + {{- range .Values.command }} + - {{ . }} + {{- end }} + {{- end}} +{{- if .Values.containerSecurityContext }} + securityContext: +{{- toYaml .Values.containerSecurityContext | nindent 6 }} +{{- end }} + volumeMounts: + - name: config + mountPath: "/etc/grafana/grafana.ini" + subPath: grafana.ini + {{- if .Values.ldap.enabled }} + - name: ldap + mountPath: "/etc/grafana/ldap.toml" + subPath: ldap.toml + {{- end }} + {{- range .Values.extraConfigmapMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath | default "" }} + readOnly: {{ .readOnly }} + {{- end }} + - name: storage + mountPath: "/var/lib/grafana" +{{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} +{{- end }} +{{- if .Values.dashboards }} +{{- range $provider, $dashboards := .Values.dashboards }} +{{- range $key, $value := $dashboards }} +{{- if (or (hasKey $value "json") (hasKey $value "file")) }} + - name: dashboards-{{ $provider }} + mountPath: "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json" + subPath: "{{ $key }}.json" +{{- end }} +{{- end }} +{{- end }} +{{- end -}} +{{- if .Values.dashboardsConfigMaps }} +{{- range (keys .Values.dashboardsConfigMaps | sortAlpha) }} + - name: dashboards-{{ . }} + mountPath: "/var/lib/grafana/dashboards/{{ . }}" +{{- end }} +{{- end }} +{{- if .Values.datasources }} + - name: config + mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml" + subPath: datasources.yaml +{{- end }} +{{- if .Values.notifiers }} + - name: config + mountPath: "/etc/grafana/provisioning/notifiers/notifiers.yaml" + subPath: notifiers.yaml +{{- end }} +{{- if .Values.dashboardProviders }} + - name: config + mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml" + subPath: dashboardproviders.yaml +{{- end }} +{{- if .Values.sidecar.dashboards.enabled }} + - name: sc-dashboard-volume + mountPath: {{ .Values.sidecar.dashboards.folder | quote }} +{{ if .Values.sidecar.dashboards.SCProvider }} + - name: sc-dashboard-provider + mountPath: "/etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml" + subPath: provider.yaml +{{- end}} +{{- end}} +{{- if .Values.sidecar.datasources.enabled }} + - name: sc-datasources-volume + mountPath: "/etc/grafana/provisioning/datasources" +{{- end}} +{{- if .Values.sidecar.notifiers.enabled }} + - name: sc-notifiers-volume + mountPath: "/etc/grafana/provisioning/notifiers" +{{- end}} + {{- range .Values.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + readOnly: {{ .readOnly }} + subPath: {{ .subPath | default "" }} + {{- end }} + {{- range .Values.extraVolumeMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath | default "" }} + readOnly: {{ .readOnly }} + {{- end }} + {{- range .Values.extraEmptyDirMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + {{- end }} + ports: + - name: {{ .Values.service.portName }} + containerPort: {{ .Values.service.targetPort }} + protocol: TCP + - name: {{ .Values.podPortName }} + containerPort: 3000 + protocol: TCP + env: + {{- if not .Values.env.GF_SECURITY_ADMIN_USER }} + - name: GF_SECURITY_ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.userKey | default "admin-user" }} + {{- end }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) }} + - name: GF_SECURITY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.passwordKey | default "admin-password" }} + {{- end }} + {{- if .Values.plugins }} + - name: GF_INSTALL_PLUGINS + valueFrom: + configMapKeyRef: + name: {{ template "grafana.fullname" . }} + key: plugins + {{- end }} + {{- if .Values.smtp.existingSecret }} + - name: GF_SMTP_USER + valueFrom: + secretKeyRef: + name: {{ .Values.smtp.existingSecret }} + key: {{ .Values.smtp.userKey | default "user" }} + - name: GF_SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.smtp.existingSecret }} + key: {{ .Values.smtp.passwordKey | default "password" }} + {{- end }} + {{ if .Values.imageRenderer.enabled }} + - name: GF_RENDERING_SERVER_URL + value: http://{{ template "grafana.fullname" . }}-image-renderer.{{ template "grafana.namespace" . }}:{{ .Values.imageRenderer.service.port }}/render + - name: GF_RENDERING_CALLBACK_URL + value: http://{{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}:{{ .Values.service.port }}/{{ .Values.imageRenderer.grafanaSubPath }} + {{ end }} + {{- range $key, $value := .Values.envValueFrom }} + - name: {{ $key | quote }} + valueFrom: +{{ toYaml $value | indent 10 }} + {{- end }} +{{- range $key, $value := .Values.env }} + - name: "{{ tpl $key $ }}" + value: "{{ tpl (print $value) $ }}" +{{- end }} + {{- if .Values.envFromSecret }} + envFrom: + - secretRef: + name: {{ tpl .Values.envFromSecret . }} + {{- end }} + {{- if .Values.envRenderSecret }} + envFrom: + - secretRef: + name: {{ template "grafana.fullname" . }}-env + {{- end }} + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 6 }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 6 }} + resources: +{{ toYaml .Values.resources | indent 6 }} +{{- with .Values.extraContainers }} +{{ tpl . $ | indent 2 }} +{{- end }} +nodeSelector: {{ include "linux-node-selector" . | nindent 2 }} +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 2 }} +{{- end }} +{{- with .Values.affinity }} +affinity: +{{ toYaml . | indent 2 }} +{{- end }} +tolerations: {{ include "linux-node-tolerations" . | nindent 2 }} +{{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 2 }} +{{- end }} +volumes: + - name: config + configMap: + name: {{ template "grafana.fullname" . }} +{{- range .Values.extraConfigmapMounts }} + - name: {{ .name }} + configMap: + name: {{ .configMap }} +{{- end }} + {{- if .Values.dashboards }} + {{- range (keys .Values.dashboards | sortAlpha) }} + - name: dashboards-{{ . }} + configMap: + name: {{ template "grafana.fullname" $ }}-dashboards-{{ . }} + {{- end }} + {{- end }} + {{- if .Values.dashboardsConfigMaps }} + {{ $root := . }} + {{- range $provider, $name := .Values.dashboardsConfigMaps }} + - name: dashboards-{{ $provider }} + configMap: + name: {{ tpl $name $root }} + {{- end }} + {{- end }} + {{- if .Values.ldap.enabled }} + - name: ldap + secret: + {{- if .Values.ldap.existingSecret }} + secretName: {{ .Values.ldap.existingSecret }} + {{- else }} + secretName: {{ template "grafana.fullname" . }} + {{- end }} + items: + - key: ldap-toml + path: ldap.toml + {{- end }} +{{- if and .Values.persistence.enabled (eq .Values.persistence.type "pvc") }} + - name: storage + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "grafana.fullname" .) }} +{{- else if and .Values.persistence.enabled (eq .Values.persistence.type "statefulset") }} +# nothing +{{- else }} + - name: storage +{{- if .Values.persistence.inMemory.enabled }} + emptyDir: + medium: Memory +{{- if .Values.persistence.inMemory.sizeLimit }} + sizeLimit: {{ .Values.persistence.inMemory.sizeLimit }} +{{- end -}} +{{- else }} + emptyDir: {} +{{- end -}} +{{- end -}} +{{- if .Values.sidecar.dashboards.enabled }} + - name: sc-dashboard-volume + emptyDir: {} +{{- if .Values.sidecar.dashboards.SCProvider }} + - name: sc-dashboard-provider + configMap: + name: {{ template "grafana.fullname" . }}-config-dashboards +{{- end }} +{{- end }} +{{- if .Values.sidecar.datasources.enabled }} + - name: sc-datasources-volume + emptyDir: {} +{{- end -}} +{{- if .Values.sidecar.notifiers.enabled }} + - name: sc-notifiers-volume + emptyDir: {} +{{- end -}} +{{- range .Values.extraSecretMounts }} +{{- if .secretName }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + defaultMode: {{ .defaultMode }} +{{- else if .projected }} + - name: {{ .name }} + projected: {{- toYaml .projected | nindent 6 }} +{{- else if .csi }} + - name: {{ .name }} + csi: {{- toYaml .csi | nindent 6 }} +{{- end }} +{{- end }} +{{- range .Values.extraVolumeMounts }} + - name: {{ .name }} + persistentVolumeClaim: + claimName: {{ .existingClaim }} +{{- end }} +{{- range .Values.extraEmptyDirMounts }} + - name: {{ .name }} + emptyDir: {} +{{- end -}} +{{- if .Values.extraContainerVolumes }} +{{ toYaml .Values.extraContainerVolumes | indent 2 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/clusterrole.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/clusterrole.yaml new file mode 100755 index 000000000..f09e06563 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/clusterrole.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.rbac.create (not .Values.rbac.namespaced) (not .Values.rbac.useExistingRole) }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + name: {{ template "grafana.fullname" . }}-clusterrole +{{- if or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.rbac.extraClusterRoleRules) }} +rules: +{{- if or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled }} +- apiGroups: [""] # "" indicates the core API group + resources: ["configmaps", "secrets"] + verbs: ["get", "watch", "list"] +{{- end}} +{{- with .Values.rbac.extraClusterRoleRules }} +{{ toYaml . | indent 0 }} +{{- end}} +{{- else }} +rules: [] +{{- end}} +{{- end}} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/clusterrolebinding.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..4accbfac0 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/clusterrolebinding.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.rbac.create (not .Values.rbac.namespaced) }} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "grafana.fullname" . }}-clusterrolebinding + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +subjects: + - kind: ServiceAccount + name: {{ template "grafana.serviceAccountName" . }} + namespace: {{ template "grafana.namespace" . }} +roleRef: + kind: ClusterRole +{{- if (not .Values.rbac.useExistingRole) }} + name: {{ template "grafana.fullname" . }}-clusterrole +{{- else }} + name: {{ .Values.rbac.useExistingRole }} +{{- end }} + apiGroup: rbac.authorization.k8s.io +{{- end -}} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/configmap-dashboard-provider.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/configmap-dashboard-provider.yaml new file mode 100755 index 000000000..65d73858e --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/configmap-dashboard-provider.yaml @@ -0,0 +1,29 @@ +{{- if .Values.sidecar.dashboards.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + name: {{ template "grafana.fullname" . }}-config-dashboards + namespace: {{ template "grafana.namespace" . }} +data: + provider.yaml: |- + apiVersion: 1 + providers: + - name: '{{ .Values.sidecar.dashboards.provider.name }}' + orgId: {{ .Values.sidecar.dashboards.provider.orgid }} + {{- if not .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} + folder: '{{ .Values.sidecar.dashboards.provider.folder }}' + {{- end}} + type: {{ .Values.sidecar.dashboards.provider.type }} + disableDeletion: {{ .Values.sidecar.dashboards.provider.disableDelete }} + allowUiUpdates: {{ .Values.sidecar.dashboards.provider.allowUiUpdates }} + updateIntervalSeconds: {{ .Values.sidecar.dashboards.provider.updateIntervalSeconds | default 30 }} + options: + foldersFromFilesStructure: {{ .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} + path: {{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }} +{{- end}} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/configmap.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/configmap.yaml new file mode 100755 index 000000000..de32b7ab2 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/configmap.yaml @@ -0,0 +1,80 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +data: +{{- if .Values.plugins }} + plugins: {{ join "," .Values.plugins }} +{{- end }} + grafana.ini: | +{{- range $key, $value := index .Values "grafana.ini" }} + [{{ $key }}] + {{- range $elem, $elemVal := $value }} + {{- if kindIs "invalid" $elemVal }} + {{ $elem }} = + {{- else }} + {{ $elem }} = {{ tpl (toYaml $elemVal) $ }} + {{- end }} + {{- end }} +{{- end }} + +{{- if .Values.datasources }} +{{ $root := . }} + {{- range $key, $value := .Values.datasources }} + {{ $key }}: | +{{ tpl (toYaml $value | indent 4) $root }} + {{- end -}} +{{- end -}} + +{{- if .Values.notifiers }} + {{- range $key, $value := .Values.notifiers }} + {{ $key }}: | +{{ toYaml $value | indent 4 }} + {{- end -}} +{{- end -}} + +{{- if .Values.dashboardProviders }} + {{- range $key, $value := .Values.dashboardProviders }} + {{ $key }}: | +{{ toYaml $value | indent 4 }} + {{- end -}} +{{- end -}} + +{{- if .Values.dashboards }} + download_dashboards.sh: | + #!/usr/bin/env sh + set -euf + {{- if .Values.dashboardProviders }} + {{- range $key, $value := .Values.dashboardProviders }} + {{- range $value.providers }} + mkdir -p {{ .options.path }} + {{- end }} + {{- end }} + {{- end }} + + {{- range $provider, $dashboards := .Values.dashboards }} + {{- range $key, $value := $dashboards }} + {{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }} + curl -skf \ + --connect-timeout 60 \ + --max-time 60 \ + {{- if not $value.b64content }} + -H "Accept: application/json" \ + {{- if $value.token }} + -H "Authorization: token {{ $value.token }}" \ + {{- end }} + -H "Content-Type: application/json;charset=UTF-8" \ + {{ end }} + {{- if $value.url -}}"{{ $value.url }}"{{- else -}}"https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download"{{- end -}}{{ if $value.datasource }} | sed '/-- .* --/! s/"datasource":.*,/"datasource": "{{ $value.datasource }}",/g'{{ end }}{{- if $value.b64content -}} | base64 -d {{- end -}} \ + > "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json" + {{- end -}} + {{- end }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/dashboards-json-configmap.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/dashboards-json-configmap.yaml new file mode 100755 index 000000000..59e0be641 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/dashboards-json-configmap.yaml @@ -0,0 +1,35 @@ +{{- if .Values.dashboards }} +{{ $files := .Files }} +{{- range $provider, $dashboards := .Values.dashboards }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "grafana.fullname" $ }}-dashboards-{{ $provider }} + namespace: {{ template "grafana.namespace" $ }} + labels: + {{- include "grafana.labels" $ | nindent 4 }} + dashboard-provider: {{ $provider }} +{{- if $dashboards }} +data: +{{- $dashboardFound := false }} +{{- range $key, $value := $dashboards }} +{{- if (or (hasKey $value "json") (hasKey $value "file")) }} +{{- $dashboardFound = true }} +{{ print $key | indent 2 }}.json: +{{- if hasKey $value "json" }} + |- +{{ $value.json | indent 6 }} +{{- end }} +{{- if hasKey $value "file" }} +{{ toYaml ( $files.Get $value.file ) | indent 4}} +{{- end }} +{{- end }} +{{- end }} +{{- if not $dashboardFound }} + {} +{{- end }} +{{- end }} +--- +{{- end }} + +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/deployment.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/deployment.yaml new file mode 100755 index 000000000..4d77794cd --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/deployment.yaml @@ -0,0 +1,48 @@ +{{ if (or (not .Values.persistence.enabled) (eq .Values.persistence.type "pvc")) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.labels }} +{{ toYaml .Values.labels | indent 4 }} +{{- end }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.replicas }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 6 }} +{{- with .Values.deploymentStrategy }} + strategy: +{{ toYaml . | trim | indent 4 }} +{{- end }} + template: + metadata: + labels: + {{- include "grafana.selectorLabels" . | nindent 8 }} +{{- with .Values.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }} + checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }} +{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} +{{- end }} +{{- if .Values.envRenderSecret }} + checksum/secret-env: {{ include (print $.Template.BasePath "/secret-env.yaml") . | sha256sum }} +{{- end }} +{{- with .Values.podAnnotations }} +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- include "grafana.pod" . | nindent 6 }} +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/headless-service.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/headless-service.yaml new file mode 100755 index 000000000..2fa816e04 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/headless-service.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "statefulset")}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "grafana.fullname" . }}-headless + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + clusterIP: None + selector: + {{- include "grafana.selectorLabels" . | nindent 4 }} + type: ClusterIP +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/image-renderer-deployment.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/image-renderer-deployment.yaml new file mode 100755 index 000000000..d17b9dfed --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/image-renderer-deployment.yaml @@ -0,0 +1,117 @@ +{{ if .Values.imageRenderer.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "grafana.fullname" . }}-image-renderer + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.imageRenderer.labels" . | nindent 4 }} +{{- if .Values.imageRenderer.labels }} +{{ toYaml .Values.imageRenderer.labels | indent 4 }} +{{- end }} +{{- with .Values.imageRenderer.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.imageRenderer.replicas }} + revisionHistoryLimit: {{ .Values.imageRenderer.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} +{{- with .Values.imageRenderer.deploymentStrategy }} + strategy: +{{ toYaml . | trim | indent 4 }} +{{- end }} + template: + metadata: + labels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 8 }} +{{- with .Values.imageRenderer.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} +{{- with .Values.imageRenderer.podAnnotations }} +{{ toYaml . | indent 8 }} +{{- end }} + spec: + + {{- if .Values.imageRenderer.schedulerName }} + schedulerName: "{{ .Values.imageRenderer.schedulerName }}" + {{- end }} + {{- if .Values.imageRenderer.serviceAccountName }} + serviceAccountName: "{{ .Values.imageRenderer.serviceAccountName }}" + {{- else }} + serviceAccountName: {{ template "grafana.serviceAccountName" . }} + {{- end }} + {{- if .Values.imageRenderer.securityContext }} + securityContext: + {{ toYaml .Values.imageRenderer.securityContext | indent 2 }} + {{- end }} + {{- if .Values.imageRenderer.hostAliases }} + hostAliases: + {{ toYaml .Values.imageRenderer.hostAliases | indent 2 }} + {{- end }} + {{- if .Values.imageRenderer.priorityClassName }} + priorityClassName: {{ .Values.imageRenderer.priorityClassName }} + {{- end }} + {{- if .Values.imageRenderer.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.imageRenderer.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- end }} + containers: + - name: {{ .Chart.Name }}-image-renderer + {{- if .Values.imageRenderer.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}@sha256:{{ .Values.imageRenderer.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.imageRenderer.image.pullPolicy }} + {{- if .Values.imageRenderer.command }} + command: + {{- range .Values.imageRenderer.command }} + - {{ . }} + {{- end }} + {{- end}} + ports: + - name: {{ .Values.imageRenderer.service.portName }} + containerPort: {{ .Values.imageRenderer.service.port }} + protocol: TCP + env: + - name: HTTP_PORT + value: {{ .Values.imageRenderer.service.port | quote }} + {{- range $key, $value := .Values.imageRenderer.env }} + - name: {{ $key | quote }} + value: {{ $value | quote }} + {{- end }} + securityContext: + capabilities: + drop: ['all'] + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /tmp + name: image-renderer-tmpfs + {{- with .Values.imageRenderer.resources }} + resources: +{{ toYaml . | indent 12 }} + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + {{- if .Values.imageRenderer.nodeSelector }} +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.imageRenderer.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + {{- if .Values.imageRenderer.tolerations }} +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + - name: image-renderer-tmpfs + emptyDir: {} +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/image-renderer-network-policy.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/image-renderer-network-policy.yaml new file mode 100755 index 000000000..f8ca73aab --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/image-renderer-network-policy.yaml @@ -0,0 +1,76 @@ +{{- if and (.Values.imageRenderer.enabled) (.Values.imageRenderer.networkPolicy.limitIngress) }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "grafana.fullname" . }}-image-renderer-ingress + namespace: {{ template "grafana.namespace" . }} + annotations: + comment: Limit image-renderer ingress traffic from grafana +spec: + podSelector: + matchLabels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} + {{- if .Values.imageRenderer.podLabels }} + {{ toYaml .Values.imageRenderer.podLabels | nindent 6 }} + {{- end }} + + policyTypes: + - Ingress + ingress: + - ports: + - port: {{ .Values.imageRenderer.service.port }} + protocol: TCP + from: + - namespaceSelector: + matchLabels: + name: {{ template "grafana.namespace" . }} + podSelector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 14 }} + {{- if .Values.podLabels }} + {{ toYaml .Values.podLabels | nindent 14 }} + {{- end }} +{{ end }} + +{{- if and (.Values.imageRenderer.enabled) (.Values.imageRenderer.networkPolicy.limitEgress) }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "grafana.fullname" . }}-image-renderer-egress + namespace: {{ template "grafana.namespace" . }} + annotations: + comment: Limit image-renderer egress traffic to grafana +spec: + podSelector: + matchLabels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} + {{- if .Values.imageRenderer.podLabels }} + {{ toYaml .Values.imageRenderer.podLabels | nindent 6 }} + {{- end }} + + policyTypes: + - Egress + egress: + # allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # talk only to grafana + - ports: + - port: {{ .Values.service.port }} + protocol: TCP + to: + - namespaceSelector: + matchLabels: + name: {{ template "grafana.namespace" . }} + podSelector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 14 }} + {{- if .Values.podLabels }} + {{ toYaml .Values.podLabels | nindent 14 }} + {{- end }} +{{ end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/image-renderer-service.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/image-renderer-service.yaml new file mode 100755 index 000000000..f5d3eb02f --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/image-renderer-service.yaml @@ -0,0 +1,28 @@ +{{ if .Values.imageRenderer.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "grafana.fullname" . }}-image-renderer + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.imageRenderer.labels" . | nindent 4 }} +{{- if .Values.imageRenderer.service.labels }} +{{ toYaml .Values.imageRenderer.service.labels | indent 4 }} +{{- end }} +{{- with .Values.imageRenderer.service.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + type: ClusterIP + {{- if .Values.imageRenderer.service.clusterIP }} + clusterIP: {{ .Values.imageRenderer.service.clusterIP }} + {{end}} + ports: + - name: {{ .Values.imageRenderer.service.portName }} + port: {{ .Values.imageRenderer.service.port }} + protocol: TCP + targetPort: {{ .Values.imageRenderer.service.targetPort }} + selector: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 4 }} +{{ end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/ingress.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/ingress.yaml new file mode 100755 index 000000000..44ebfc950 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/ingress.yaml @@ -0,0 +1,80 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "grafana.fullname" . -}} +{{- $servicePort := .Values.service.port -}} +{{- $ingressPath := .Values.ingress.path -}} +{{- $ingressPathType := .Values.ingress.pathType -}} +{{- $extraPaths := .Values.ingress.extraPaths -}} +{{- $newAPI := .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} +{{- if $newAPI -}} +apiVersion: networking.k8s.io/v1 +{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" }} +apiVersion: networking.k8s.io/v1beta1 +{{- else }} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.ingress.labels }} +{{ toYaml .Values.ingress.labels | indent 4 }} +{{- end }} + {{- if .Values.ingress.annotations }} + annotations: + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ tpl $value $ | quote }} + {{- end }} + {{- end }} +spec: + {{- if .Values.ingress.ingressClassName }} + ingressClassName: {{ .Values.ingress.ingressClassName }} + {{- end -}} +{{- if .Values.ingress.tls }} + tls: +{{ tpl (toYaml .Values.ingress.tls) $ | indent 4 }} +{{- end }} + rules: + {{- if .Values.ingress.hosts }} + {{- range .Values.ingress.hosts }} + - host: {{ tpl . $}} + http: + paths: +{{ if $extraPaths }} +{{ toYaml $extraPaths | indent 10 }} +{{- end }} + - path: {{ $ingressPath }} + {{- if $newAPI }} + pathType: {{ $ingressPathType }} + {{- end }} + backend: + {{- if $newAPI }} + service: + name: {{ $fullName }} + port: + number: {{ $servicePort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- end }} + {{- else }} + - http: + paths: + - backend: + {{- if $newAPI }} + service: + name: {{ $fullName }} + port: + number: {{ $servicePort }} + pathType: {{ $ingressPathType }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- if $ingressPath }} + path: {{ $ingressPath }} + {{- end }} + {{- end -}} +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/nginx-config.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/nginx-config.yaml new file mode 100755 index 000000000..f847c51ce --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/nginx-config.yaml @@ -0,0 +1,75 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-nginx-proxy-config + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +data: + nginx.conf: |- + worker_processes auto; + error_log /dev/stdout warn; + pid /var/cache/nginx/nginx.pid; + + events { + worker_connections 1024; + } + + http { + include /etc/nginx/mime.types; + log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)'; + + proxy_connect_timeout 10; + proxy_read_timeout 180; + proxy_send_timeout 5; + proxy_buffering off; + proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g; + + server { + listen 8080; + access_log off; + + gzip on; + gzip_min_length 1k; + gzip_comp_level 2; + gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png; + gzip_vary on; + gzip_disable "MSIE [1-6]\."; + + proxy_set_header Host $host; + + location /api/dashboards { + proxy_pass http://localhost:3000; + } + + location /api/search { + proxy_pass http://localhost:3000; + + sub_filter_types application/json; + sub_filter_once off; + sub_filter '"url":"/d' '"url":"d'; + } + + location / { + proxy_cache my_zone; + proxy_cache_valid 200 302 1d; + proxy_cache_valid 301 30d; + proxy_cache_valid any 5m; + proxy_cache_bypass $http_cache_control; + add_header X-Proxy-Cache $upstream_cache_status; + add_header Cache-Control "public"; + + proxy_pass http://localhost:3000/; + + sub_filter_types text/html; + sub_filter_once off; + sub_filter '"appSubUrl":""' '"appSubUrl":"."'; + sub_filter '"url":"/' '"url":"./'; + sub_filter ':"/avatar/' ':"avatar/'; + + if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) { + expires 90d; + } + } + } + } diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/poddisruptionbudget.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/poddisruptionbudget.yaml new file mode 100755 index 000000000..61813a436 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/poddisruptionbudget.yaml @@ -0,0 +1,22 @@ +{{- if .Values.podDisruptionBudget }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.labels }} +{{ toYaml .Values.labels | indent 4 }} +{{- end }} +spec: +{{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} +{{- end }} +{{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} +{{- end }} + selector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/podsecuritypolicy.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/podsecuritypolicy.yaml new file mode 100755 index 000000000..19da50791 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/podsecuritypolicy.yaml @@ -0,0 +1,49 @@ +{{- if .Values.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.rbac.pspAnnotations }} + annotations: {{ toYaml .Values.rbac.pspAnnotations | nindent 4 }} +{{- end }} +spec: + privileged: false + allowPrivilegeEscalation: false + requiredDropCapabilities: + # Default set from Docker, without DAC_OVERRIDE or CHOWN + - FOWNER + - FSETID + - KILL + - SETGID + - SETUID + - SETPCAP + - NET_BIND_SERVICE + - NET_RAW + - SYS_CHROOT + - MKNOD + - AUDIT_WRITE + - SETFCAP + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'csi' + - 'secret' + - 'downwardAPI' + - 'persistentVolumeClaim' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'RunAsAny' + fsGroup: + rule: 'RunAsAny' + readOnlyRootFilesystem: false +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/pvc.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/pvc.yaml new file mode 100755 index 000000000..8d93f5c23 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/pvc.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "pvc")}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} + {{- with .Values.persistence.annotations }} + annotations: +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .Values.persistence.finalizers }} + finalizers: +{{ toYaml . | indent 4 }} + {{- end }} +spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.storageClassName }} + storageClassName: {{ .Values.persistence.storageClassName }} + {{- end -}} + {{- with .Values.persistence.selectorLabels }} + selector: + matchLabels: +{{ toYaml . | indent 6 }} + {{- end }} +{{- end -}} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/role.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/role.yaml new file mode 100755 index 000000000..54c3fb0b2 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/role.yaml @@ -0,0 +1,32 @@ +{{- if and .Values.rbac.create (not .Values.rbac.useExistingRole) -}} +apiVersion: {{ template "rbac.apiVersion" . }} +kind: Role +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +{{- if or .Values.rbac.pspEnabled (and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.rbac.extraRoleRules))) }} +rules: +{{- if .Values.rbac.pspEnabled }} +- apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ template "grafana.fullname" . }}] +{{- end }} +{{- if and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled) }} +- apiGroups: [""] # "" indicates the core API group + resources: ["configmaps", "secrets"] + verbs: ["get", "watch", "list"] +{{- end }} +{{- with .Values.rbac.extraRoleRules }} +{{ toYaml . | indent 0 }} +{{- end}} +{{- else }} +rules: [] +{{- end }} +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/rolebinding.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/rolebinding.yaml new file mode 100755 index 000000000..34f1ad6f8 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/rolebinding.yaml @@ -0,0 +1,25 @@ +{{- if .Values.rbac.create -}} +apiVersion: {{ template "rbac.apiVersion" . }} +kind: RoleBinding +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role +{{- if (not .Values.rbac.useExistingRole) }} + name: {{ template "grafana.fullname" . }} +{{- else }} + name: {{ .Values.rbac.useExistingRole }} +{{- end }} +subjects: +- kind: ServiceAccount + name: {{ template "grafana.serviceAccountName" . }} + namespace: {{ template "grafana.namespace" . }} +{{- end -}} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/secret-env.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/secret-env.yaml new file mode 100755 index 000000000..5c09313e6 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/secret-env.yaml @@ -0,0 +1,14 @@ +{{- if .Values.envRenderSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "grafana.fullname" . }}-env + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +type: Opaque +data: +{{- range $key, $val := .Values.envRenderSecret }} + {{ $key }}: {{ $val | b64enc | quote }} +{{- end -}} +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/secret.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/secret.yaml new file mode 100755 index 000000000..4fdd817da --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/secret.yaml @@ -0,0 +1,22 @@ +{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +type: Opaque +data: + {{- if and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }} + admin-user: {{ .Values.adminUser | b64enc | quote }} + {{- if .Values.adminPassword }} + admin-password: {{ .Values.adminPassword | b64enc | quote }} + {{- else }} + admin-password: {{ randAlphaNum 40 | b64enc | quote }} + {{- end }} + {{- end }} + {{- if not .Values.ldap.existingSecret }} + ldap-toml: {{ tpl .Values.ldap.config $ | b64enc | quote }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/service.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/service.yaml new file mode 100755 index 000000000..276456698 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/service.yaml @@ -0,0 +1,50 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.service.labels }} +{{ toYaml .Values.service.labels | indent 4 }} +{{- end }} +{{- with .Values.service.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }} + type: ClusterIP + {{- if .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{end}} +{{- else if eq .Values.service.type "LoadBalancer" }} + type: {{ .Values.service.type }} + {{- if .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.service.type }} +{{- end }} +{{- if .Values.service.externalIPs }} + externalIPs: +{{ toYaml .Values.service.externalIPs | indent 4 }} +{{- end }} + ports: + - name: {{ .Values.service.portName }} + port: {{ .Values.service.port }} + protocol: TCP + targetPort: {{ .Values.service.targetPort }} +{{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} + nodePort: {{.Values.service.nodePort}} +{{ end }} + {{- if .Values.extraExposePorts }} + {{- tpl (toYaml .Values.extraExposePorts) . | indent 4 }} + {{- end }} + selector: + {{- include "grafana.selectorLabels" . | nindent 4 }} + diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/serviceaccount.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/serviceaccount.yaml new file mode 100755 index 000000000..7576eeef0 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.serviceAccount.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + name: {{ template "grafana.serviceAccountName" . }} + namespace: {{ template "grafana.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/servicemonitor.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/servicemonitor.yaml new file mode 100755 index 000000000..23288523f --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/servicemonitor.yaml @@ -0,0 +1,40 @@ +{{- if .Values.serviceMonitor.enabled }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "grafana.fullname" . }} + {{- if .Values.serviceMonitor.namespace }} + namespace: {{ .Values.serviceMonitor.namespace }} + {{- end }} + labels: + {{- include "grafana.labels" . | nindent 4 }} + {{- if .Values.serviceMonitor.labels }} + {{- toYaml .Values.serviceMonitor.labels | nindent 4 }} + {{- end }} +spec: + endpoints: + - interval: {{ .Values.serviceMonitor.interval }} + {{- if .Values.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} + {{- end }} + honorLabels: true + port: {{ .Values.service.portName }} + path: {{ .Values.serviceMonitor.path }} + scheme: {{ .Values.serviceMonitor.scheme }} + {{- if .Values.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml .Values.serviceMonitor.tlsConfig | nindent 6 }} + {{- end }} + {{- if .Values.serviceMonitor.relabelings }} + relabelings: + {{- toYaml .Values.serviceMonitor.relabelings | nindent 4 }} + {{- end }} + jobLabel: "{{ .Release.Name }}" + selector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 8 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/statefulset.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/statefulset.yaml new file mode 100755 index 000000000..b2b4616f3 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/statefulset.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "statefulset")}} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 6 }} + serviceName: {{ template "grafana.fullname" . }}-headless + template: + metadata: + labels: + {{- include "grafana.selectorLabels" . | nindent 8 }} +{{- with .Values.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }} + checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }} + {{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} +{{- end }} +{{- with .Values.podAnnotations }} +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- include "grafana.pod" . | nindent 6 }} + volumeClaimTemplates: + - metadata: + name: storage + spec: + accessModes: {{ .Values.persistence.accessModes }} + storageClassName: {{ .Values.persistence.storageClassName }} + resources: + requests: + storage: {{ .Values.persistence.size }} + {{- with .Values.persistence.selectorLabels }} + selector: + matchLabels: +{{ toYaml . | indent 10 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-configmap.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-configmap.yaml new file mode 100755 index 000000000..ff53aaf1b --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-configmap.yaml @@ -0,0 +1,17 @@ +{{- if .Values.testFramework.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "grafana.fullname" . }}-test + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +data: + run.sh: |- + @test "Test Health" { + url="http://{{ template "grafana.fullname" . }}/api/health" + + code=$(wget --server-response --spider --timeout 10 --tries 1 ${url} 2>&1 | awk '/^ HTTP/{print $2}') + [ "$code" == "200" ] + } +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-podsecuritypolicy.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-podsecuritypolicy.yaml new file mode 100755 index 000000000..1acd65128 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-podsecuritypolicy.yaml @@ -0,0 +1,30 @@ +{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "grafana.fullname" . }}-test + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +spec: + allowPrivilegeEscalation: true + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + fsGroup: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + runAsUser: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - projected + - csi + - secret +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-role.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-role.yaml new file mode 100755 index 000000000..6b10677ae --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-role.yaml @@ -0,0 +1,14 @@ +{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "grafana.fullname" . }}-test + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ template "grafana.fullname" . }}-test] +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-rolebinding.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-rolebinding.yaml new file mode 100755 index 000000000..58fa5e78b --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-rolebinding.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "grafana.fullname" . }}-test + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "grafana.fullname" . }}-test +subjects: +- kind: ServiceAccount + name: {{ template "grafana.serviceAccountNameTest" . }} + namespace: {{ template "grafana.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-serviceaccount.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-serviceaccount.yaml new file mode 100755 index 000000000..5c3350733 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-serviceaccount.yaml @@ -0,0 +1,9 @@ +{{- if and .Values.testFramework.enabled .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "grafana.labels" . | nindent 4 }} + name: {{ template "grafana.serviceAccountNameTest" . }} + namespace: {{ template "grafana.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test.yaml new file mode 100755 index 000000000..cdc86e5f2 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test.yaml @@ -0,0 +1,48 @@ +{{- if .Values.testFramework.enabled }} +apiVersion: v1 +kind: Pod +metadata: + name: {{ template "grafana.fullname" . }}-test + labels: + {{- include "grafana.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test-success + namespace: {{ template "grafana.namespace" . }} +spec: + serviceAccountName: {{ template "grafana.serviceAccountNameTest" . }} + {{- if .Values.testFramework.securityContext }} + securityContext: {{ toYaml .Values.testFramework.securityContext | nindent 4 }} + {{- end }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 4 }} + {{- end }} + containers: + - name: {{ .Release.Name }}-test + image: "{{ .Values.testFramework.image}}:{{ .Values.testFramework.tag }}" + imagePullPolicy: "{{ .Values.testFramework.imagePullPolicy}}" + command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"] + volumeMounts: + - mountPath: /tests + name: tests + readOnly: true + volumes: + - name: tests + configMap: + name: {{ template "grafana.fullname" . }}-test + restartPolicy: Never +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/values.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/values.yaml new file mode 100755 index 000000000..9491c1a1f --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/values.yaml @@ -0,0 +1,732 @@ +global: + cattle: + systemDefaultRegistry: "" + +autoscaling: + enabled: false +rbac: + create: true + ## Use an existing ClusterRole/Role (depending on rbac.namespaced false/true) + # useExistingRole: name-of-some-(cluster)role + pspEnabled: true + pspAnnotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + namespaced: false + extraRoleRules: [] + # - apiGroups: [] + # resources: [] + # verbs: [] + extraClusterRoleRules: [] + # - apiGroups: [] + # resources: [] + # verbs: [] +serviceAccount: + create: true + name: + nameTest: +# annotations: +# eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here + +replicas: 1 + +## See `kubectl explain poddisruptionbudget.spec` for more +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +podDisruptionBudget: {} +# minAvailable: 1 +# maxUnavailable: 1 + +## See `kubectl explain deployment.spec.strategy` for more +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +deploymentStrategy: + type: RollingUpdate + +readinessProbe: + httpGet: + path: /api/health + port: 3000 + +livenessProbe: + httpGet: + path: /api/health + port: 3000 + initialDelaySeconds: 60 + timeoutSeconds: 30 + failureThreshold: 10 + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: "default-scheduler" + +image: + repository: rancher/mirrored-grafana-grafana + tag: 7.4.5 + sha: "" + pullPolicy: IfNotPresent + + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistrKeySecretName + +testFramework: + enabled: true + image: "rancher/mirrored-bats-bats" + tag: "v1.1.0" + imagePullPolicy: IfNotPresent + securityContext: + runAsNonRoot: true + runAsUser: 1000 + +securityContext: + runAsNonRoot: true + runAsUser: 472 + runAsGroup: 472 + fsGroup: 472 + +containerSecurityContext: + {} + +extraConfigmapMounts: [] + # - name: certs-configmap + # mountPath: /etc/grafana/ssl/ + # subPath: certificates.crt # (optional) + # configMap: certs-configmap + # readOnly: true + + +extraEmptyDirMounts: [] + # - name: provisioning-notifiers + # mountPath: /etc/grafana/provisioning/notifiers + + +# Apply extra labels to common labels. +extraLabels: {} + +## Assign a PriorityClassName to pods if set +# priorityClassName: + +downloadDashboardsImage: + repository: rancher/mirrored-curlimages-curl + tag: 7.73.0 + sha: "" + pullPolicy: IfNotPresent + +downloadDashboards: + env: {} + envFromSecret: "" + resources: {} + +## Pod Annotations +# podAnnotations: {} + +## Pod Labels +# podLabels: {} + +podPortName: grafana + +## Deployment annotations +# annotations: {} + +## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service). +## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it. +## ref: http://kubernetes.io/docs/user-guide/services/ +## +service: + type: ClusterIP + port: 80 + targetPort: 3000 + # targetPort: 4181 To be used with a proxy extraContainer + annotations: {} + labels: {} + portName: service + +serviceMonitor: + ## If true, a ServiceMonitor CRD is created for a prometheus operator + ## https://github.com/coreos/prometheus-operator + ## + enabled: false + path: /metrics + # namespace: monitoring (defaults to use the namespace this chart is deployed to) + labels: {} + interval: 1m + scheme: http + tlsConfig: {} + scrapeTimeout: 30s + relabelings: [] + +extraExposePorts: [] + # - name: keycloak + # port: 8080 + # targetPort: 8080 + # type: ClusterIP + +# overrides pod.spec.hostAliases in the grafana deployment's pods +hostAliases: [] + # - ip: "1.2.3.4" + # hostnames: + # - "my.host.com" + +ingress: + enabled: false + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + # Values can be templated + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: / + + # pathType is only for k8s > 1.19 + pathType: Prefix + + hosts: + - chart-example.local + ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + ## Or for k8s > 1.19 + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: service + + + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +## Node labels for pod assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +# +nodeSelector: {} + +## Tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +## Affinity for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} + +extraInitContainers: [] + +## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod +extraContainers: | +# - name: proxy +# image: quay.io/gambol99/keycloak-proxy:latest +# args: +# - -provider=github +# - -client-id= +# - -client-secret= +# - -github-org= +# - -email-domain=* +# - -cookie-secret= +# - -http-address=http://0.0.0.0:4181 +# - -upstream-url=http://127.0.0.1:3000 +# ports: +# - name: proxy-web +# containerPort: 4181 + +## Volumes that can be used in init containers that will not be mounted to deployment pods +extraContainerVolumes: [] +# - name: volume-from-secret +# secret: +# secretName: secret-to-mount +# - name: empty-dir-volume +# emptyDir: {} + +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + type: pvc + enabled: false + # storageClassName: default + accessModes: + - ReadWriteOnce + size: 10Gi + # annotations: {} + finalizers: + - kubernetes.io/pvc-protection + # selectorLabels: {} + # subPath: "" + # existingClaim: + + ## If persistence is not enabled, this allows to mount the + ## local storage in-memory to improve performance + ## + inMemory: + enabled: false + ## The maximum usage on memory medium EmptyDir would be + ## the minimum value between the SizeLimit specified + ## here and the sum of memory limits of all containers in a pod + ## + # sizeLimit: 300Mi + +initChownData: + ## If false, data ownership will not be reset at startup + ## This allows the prometheus-server to be run with an arbitrary user + ## + enabled: true + + ## initChownData container image + ## + image: + repository: rancher/mirrored-library-busybox + tag: "1.31.1" + sha: "" + pullPolicy: IfNotPresent + + ## initChownData resource requests and limits + ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + +# Administrator credentials when not using an existing secret (see below) +adminUser: admin +# adminPassword: strongpassword + +# Use an existing secret for the admin user. +admin: + existingSecret: "" + userKey: admin-user + passwordKey: admin-password + +## Define command to be executed at startup by grafana container +## Needed if using `vault-env` to manage secrets (ref: https://banzaicloud.com/blog/inject-secrets-into-pods-vault/) +## Default is "run.sh" as defined in grafana's Dockerfile +# command: +# - "sh" +# - "/run.sh" + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## Extra environment variables that will be pass onto deployment pods +## +## to provide grafana with access to CloudWatch on AWS EKS: +## 1. create an iam role of type "Web identity" with provider oidc.eks.* (note the provider for later) +## 2. edit the "Trust relationships" of the role, add a line inside the StringEquals clause using the +## same oidc eks provider as noted before (same as the existing line) +## also, replace NAMESPACE and prometheus-operator-grafana with the service account namespace and name +## +## "oidc.eks.us-east-1.amazonaws.com/id/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:sub": "system:serviceaccount:NAMESPACE:prometheus-operator-grafana", +## +## 3. attach a policy to the role, you can use a built in policy called CloudWatchReadOnlyAccess +## 4. use the following env: (replace 123456789000 and iam-role-name-here with your aws account number and role name) +## +## env: +## AWS_ROLE_ARN: arn:aws:iam::123456789000:role/iam-role-name-here +## AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token +## AWS_REGION: us-east-1 +## +## 5. uncomment the EKS section in extraSecretMounts: below +## 6. uncomment the annotation section in the serviceAccount: above +## make sure to replace arn:aws:iam::123456789000:role/iam-role-name-here with your role arn + +env: {} + +## "valueFrom" environment variable references that will be added to deployment pods +## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core +## Renders in container spec as: +## env: +## ... +## - name: +## valueFrom: +## +envValueFrom: {} + +## The name of a secret in the same kubernetes namespace which contain values to be added to the environment +## This can be useful for auth tokens, etc. Value is templated. +envFromSecret: "" + +## Sensible environment variables that will be rendered as new secret object +## This can be useful for auth tokens, etc +envRenderSecret: {} + +## Additional grafana server secret mounts +# Defines additional mounts with secrets. Secrets must be manually created in the namespace. +extraSecretMounts: [] + # - name: secret-files + # mountPath: /etc/secrets + # secretName: grafana-secret-files + # readOnly: true + # subPath: "" + # + # for AWS EKS (cloudwatch) use the following (see also instruction in env: above) + # - name: aws-iam-token + # mountPath: /var/run/secrets/eks.amazonaws.com/serviceaccount + # readOnly: true + # projected: + # defaultMode: 420 + # sources: + # - serviceAccountToken: + # audience: sts.amazonaws.com + # expirationSeconds: 86400 + # path: token + # + # for CSI e.g. Azure Key Vault use the following + # - name: secrets-store-inline + # mountPath: /run/secrets + # readOnly: true + # csi: + # driver: secrets-store.csi.k8s.io + # readOnly: true + # volumeAttributes: + # secretProviderClass: "akv-grafana-spc" + # nodePublishSecretRef: # Only required when using service principal mode + # name: grafana-akv-creds # Only required when using service principal mode + +## Additional grafana server volume mounts +# Defines additional volume mounts. +extraVolumeMounts: [] + # - name: extra-volume + # mountPath: /mnt/volume + # readOnly: true + # existingClaim: volume-claim + +## Pass the plugins you want installed as a list. +## +plugins: [] + # - digrich-bubblechart-panel + # - grafana-clock-panel + +## Configure grafana datasources +## ref: http://docs.grafana.org/administration/provisioning/#datasources +## +datasources: {} +# datasources.yaml: +# apiVersion: 1 +# datasources: +# - name: Prometheus +# type: prometheus +# url: http://prometheus-prometheus-server +# access: proxy +# isDefault: true +# - name: CloudWatch +# type: cloudwatch +# access: proxy +# uid: cloudwatch +# editable: false +# jsonData: +# authType: credentials +# defaultRegion: us-east-1 + +## Configure notifiers +## ref: http://docs.grafana.org/administration/provisioning/#alert-notification-channels +## +notifiers: {} +# notifiers.yaml: +# notifiers: +# - name: email-notifier +# type: email +# uid: email1 +# # either: +# org_id: 1 +# # or +# org_name: Main Org. +# is_default: true +# settings: +# addresses: an_email_address@example.com +# delete_notifiers: + +## Configure grafana dashboard providers +## ref: http://docs.grafana.org/administration/provisioning/#dashboards +## +## `path` must be /var/lib/grafana/dashboards/ +## +dashboardProviders: {} +# dashboardproviders.yaml: +# apiVersion: 1 +# providers: +# - name: 'default' +# orgId: 1 +# folder: '' +# type: file +# disableDeletion: false +# editable: true +# options: +# path: /var/lib/grafana/dashboards/default + +## Configure grafana dashboard to import +## NOTE: To use dashboards you must also enable/configure dashboardProviders +## ref: https://grafana.com/dashboards +## +## dashboards per provider, use provider name as key. +## +dashboards: {} + # default: + # some-dashboard: + # json: | + # $RAW_JSON + # custom-dashboard: + # file: dashboards/custom-dashboard.json + # prometheus-stats: + # gnetId: 2 + # revision: 2 + # datasource: Prometheus + # local-dashboard: + # url: https://example.com/repository/test.json + # token: '' + # local-dashboard-base64: + # url: https://example.com/repository/test-b64.json + # token: '' + # b64content: true + +## Reference to external ConfigMap per provider. Use provider name as key and ConfigMap name as value. +## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both. +## ConfigMap data example: +## +## data: +## example-dashboard.json: | +## RAW_JSON +## +dashboardsConfigMaps: {} +# default: "" + +## Grafana's primary configuration +## NOTE: values in map will be converted to ini format +## ref: http://docs.grafana.org/installation/configuration/ +## +grafana.ini: + paths: + data: /var/lib/grafana/data + logs: /var/log/grafana + plugins: /var/lib/grafana/plugins + provisioning: /etc/grafana/provisioning + analytics: + check_for_updates: true + log: + mode: console + grafana_net: + url: https://grafana.net +## grafana Authentication can be enabled with the following values on grafana.ini + # server: + # The full public facing url you use in browser, used for redirects and emails + # root_url: + # https://grafana.com/docs/grafana/latest/auth/github/#enable-github-in-grafana + # auth.github: + # enabled: false + # allow_sign_up: false + # scopes: user:email,read:org + # auth_url: https://github.com/login/oauth/authorize + # token_url: https://github.com/login/oauth/access_token + # api_url: https://api.github.com/user + # team_ids: + # allowed_organizations: + # client_id: + # client_secret: +## LDAP Authentication can be enabled with the following values on grafana.ini +## NOTE: Grafana will fail to start if the value for ldap.toml is invalid + # auth.ldap: + # enabled: true + # allow_sign_up: true + # config_file: /etc/grafana/ldap.toml + +## Grafana's LDAP configuration +## Templated by the template in _helpers.tpl +## NOTE: To enable the grafana.ini must be configured with auth.ldap.enabled +## ref: http://docs.grafana.org/installation/configuration/#auth-ldap +## ref: http://docs.grafana.org/installation/ldap/#configuration +ldap: + enabled: false + # `existingSecret` is a reference to an existing secret containing the ldap configuration + # for Grafana in a key `ldap-toml`. + existingSecret: "" + # `config` is the content of `ldap.toml` that will be stored in the created secret + config: "" + # config: |- + # verbose_logging = true + + # [[servers]] + # host = "my-ldap-server" + # port = 636 + # use_ssl = true + # start_tls = false + # ssl_skip_verify = false + # bind_dn = "uid=%s,ou=users,dc=myorg,dc=com" + +## Grafana's SMTP configuration +## NOTE: To enable, grafana.ini must be configured with smtp.enabled +## ref: http://docs.grafana.org/installation/configuration/#smtp +smtp: + # `existingSecret` is a reference to an existing secret containing the smtp configuration + # for Grafana. + existingSecret: "" + userKey: "user" + passwordKey: "password" + +## Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders +## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards +sidecar: + image: + repository: rancher/mirrored-kiwigrid-k8s-sidecar + tag: 1.10.7 + sha: "" + imagePullPolicy: IfNotPresent + resources: {} +# limits: +# cpu: 100m +# memory: 100Mi +# requests: +# cpu: 50m +# memory: 50Mi + # skipTlsVerify Set to true to skip tls verification for kube api calls + # skipTlsVerify: true + enableUniqueFilenames: false + dashboards: + enabled: false + SCProvider: true + # label that the configmaps with dashboards are marked with + label: grafana_dashboard + # value of label that the configmaps with dashboards are set to + labelValue: null + # folder in the pod that should hold the collected dashboards (unless `defaultFolderName` is set) + folder: /tmp/dashboards + # The default folder name, it will create a subfolder under the `folder` and put dashboards in there instead + defaultFolderName: null + # If specified, the sidecar will search for dashboard config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces + searchNamespace: null + # If specified, the sidecar will look for annotation with this name to create folder and put graph here. + # You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure. + folderAnnotation: null + # provider configuration that lets grafana manage the dashboards + provider: + # name of the provider, should be unique + name: sidecarProvider + # orgid as configured in grafana + orgid: 1 + # folder in which the dashboards should be imported in grafana + folder: '' + # type of the provider + type: file + # disableDelete to activate a import-only behaviour + disableDelete: false + # allow updating provisioned dashboards from the UI + allowUiUpdates: false + # allow Grafana to replicate dashboard structure from filesystem + foldersFromFilesStructure: false + datasources: + enabled: false + # label that the configmaps with datasources are marked with + label: grafana_datasource + # value of label that the configmaps with datasources are set to + labelValue: null + # If specified, the sidecar will search for datasource config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces + searchNamespace: null + + ## The name of a secret in the same kubernetes namespace which contain values to be added to the environment + ## This can be useful for database passwords, etc. Value is templated. + envFromSecret: "" + notifiers: + enabled: false + # label that the configmaps with notifiers are marked with + label: grafana_notifier + # If specified, the sidecar will search for notifier config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces + searchNamespace: null + +## Override the deployment namespace +## +namespaceOverride: "" + +## Number of old ReplicaSets to retain +## +revisionHistoryLimit: 10 + +## Add a seperate remote image renderer deployment/service +imageRenderer: + # Enable the image-renderer deployment & service + enabled: false + replicas: 1 + image: + # image-renderer Image repository + repository: rancher/mirrored-grafana-grafana-image-renderer + # image-renderer Image tag + tag: 2.0.1 + # image-renderer Image sha (optional) + sha: "" + # image-renderer ImagePullPolicy + pullPolicy: Always + # extra environment variables + env: + HTTP_HOST: "0.0.0.0" + # RENDERING_ARGS: --disable-gpu,--window-size=1280x758 + # RENDERING_MODE: clustered + # image-renderer deployment serviceAccount + serviceAccountName: "" + # image-renderer deployment securityContext + securityContext: {} + # image-renderer deployment Host Aliases + hostAliases: [] + # image-renderer deployment priority class + priorityClassName: '' + service: + # image-renderer service port name + portName: 'http' + # image-renderer service port used by both service and deployment + port: 8081 + targetPort: 8081 + # In case a sub_path is used this needs to be added to the image renderer callback + grafanaSubPath: "" + # name of the image-renderer port on the pod + podPortName: http + # number of image-renderer replica sets to keep + revisionHistoryLimit: 10 + networkPolicy: + # Enable a NetworkPolicy to limit inbound traffic to only the created grafana pods + limitIngress: true + # Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods + limitEgress: false + resources: {} +# limits: +# cpu: 100m +# memory: 100Mi +# requests: +# cpu: 50m +# memory: 50Mi diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/Chart.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/Chart.yaml new file mode 100755 index 000000000..3f1c0a6b8 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/Chart.yaml @@ -0,0 +1,21 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.29.100 + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Istio + catalog.cattle.io/namespace: istio-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 + catalog.cattle.io/release-name: rancher-istio + catalog.cattle.io/requests-cpu: 710m + catalog.cattle.io/requests-memory: 2314Mi + catalog.cattle.io/ui-component: istio +apiVersion: v1 +appVersion: 1.8.3 +description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ + for details. +icon: https://charts.rancher.io/assets/logos/istio.svg +keywords: +- networking +- infrastructure +name: rancher-istio +version: 1.8.301 diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/README.md b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/README.md new file mode 100755 index 000000000..199e45312 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/README.md @@ -0,0 +1,69 @@ +# Rancher Istio Installers + +A Rancher created chart that packages the istioctl binary to install via a helm chart. + +# Installation Requirements + +## Chart Dependencies +- rancher-kiali-server-crd chart + +# Uninstallation Requirements +To ensure rancher-istio uninstalls correctly, you must uninstall rancher-istio prior to uninstalling chart dependencies (see installation requirements for chart dependencies). This is because all definitions need to be available in order to properly build the rancher-istio objects for removal. + +If you remove dependent CRD charts prior to removing rancher-istio, you may encounter the following error:: + +`Error: uninstallation completed with 1 error(s): unable to build kubernetes objects for delete: unable to recognize "": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"` + +# Addons + +## Kiali + +Kiali allows you to view and manage your istio-based service mesh through an easy to use dashboard. + +#### Dependencies +- rancher-monitoring chart or other Prometheus installation + +This dependecy installs the required CRDs for installing Kiali. Since Kiali is bundled in with Istio in this chart, if you do not have these dependencies installed, your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` when installing Istio for a succesful installation. + +> **Note:** The following configuration options assume you have installed the dependecies for Kiali. Please ensure you have Promtheus in your cluster before proceeding. + +The Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +#### External Services + +##### Prometheus +The `kiali.external_services.prometheus` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` being set in your rancher-monitoring or other monitoring instance. + +##### Grafana +The `kiali.external_services.grafana` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `grafana.service.port` being set in your rancher-monitoring or other monitoring instance. + +##### Tracing +The `kiali.external_services.tracing` url and `.Values.tracing.contextPath` is set in the rancher-istio values.yaml: +``` +http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} +``` +The url depends on the default values for `namespaceOverride`, and `.Values.service.externalPort` being set in your rancher-tracing or other tracing instance. + +## Jaeger + +Jaeger allows you to trace and monitor distributed microservices. + +> **Note:** This addon is using the all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io/docs/1.21/getting-started/) documentation to determine which installation you will need for your production needs. + +# Installation +``` +helm install rancher-istio . --create-namespace -n istio-system +``` \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/app-readme.md b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/app-readme.md new file mode 100755 index 000000000..0e42df083 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/app-readme.md @@ -0,0 +1,45 @@ +# Rancher Istio + +Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. It also includes: +* **[Kiali](https://kiali.io/)**: Used for graphing traffic flow throughout the mesh +* **[Jaeger](https://www.jaegertracing.io/)**: A quick start, all-in-one installation used for tracing distributed systemm. This is not production qualified, please refer to jaeger documentation to determine which installation you may need instead. + +### Dependencies + +**Rancher Monitoring or other Prometheus installation** + +The Prometheus CRDs are required for installing Kiali which is enabled by default. If you do not have Prometheus installed your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` to bypass this requirement. + +### Customization + +**Rancher Monitoring** + +The Rancher Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +**Custom Prometheus Installation with Kiali** + +To use a custom Monitoring installation, set the `kiali.external_services.prometheus` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` in your rancher-monitoring or other monitoring instance: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +**Custom Grafana Installation with Kiali** + +To use a custom Grafana installation, set the `kiali.external_services.grafana` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `granfa.service.port` in your rancher-monitoring or other grafana instance: +``` +http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} +``` +**Custom Tracing Installation with Kiali** + +To use a custom Tracing installation, set the `kiali.external_services.tracing` url and update the `.Values.tracing.contextPath` in the rancher-istio values.yaml. + +This url depends on the values for `namespaceOverride`, and `.Values.service.externalPort` in your rancher-tracing or other tracing instance.: +``` +http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} +``` + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/istio/v2.5/). diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/Chart.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/Chart.yaml new file mode 100755 index 000000000..3225c111e --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server +apiVersion: v2 +appVersion: v1.29.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: kiali +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.29.1 diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/NOTES.txt b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/NOTES.txt new file mode 100755 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/_helpers.tpl b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/_helpers.tpl new file mode 100755 index 000000000..dd33bbe48 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/_helpers.tpl @@ -0,0 +1,192 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Identifies the log_level with the old verbose_mode and the new log_level considered. +*/}} +{{- define "kiali-server.logLevel" -}} +{{- if .Values.deployment.verbose_mode -}} +{{- .Values.deployment.verbose_mode -}} +{{- else -}} +{{- .Values.deployment.logger.log_level -}} +{{- end -}} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: "kiali" +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- if .Values.external_services.custom_dashboards.enabled }} + {{- $includere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- $excludere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} + {{- else }} + {{- print "" }} + {{- end }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/cabundle.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/cabundle.yaml new file mode 100755 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/configmap.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/configmap.yaml new file mode 100755 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/envoy.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/envoy.yaml new file mode 100755 index 000000000..8d961b848 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/envoy.yaml @@ -0,0 +1,55 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics +# discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/go.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/go.yaml new file mode 100755 index 000000000..01ebed7b5 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/go.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/kiali.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/kiali.yaml new file mode 100755 index 000000000..0d5b5caa2 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/kiali.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100755 index 000000000..e89e1200c --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,42 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100755 index 000000000..ab487dccc --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,64 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100755 index 000000000..d7014951d --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/microprofile-1.1.yaml new file mode 100755 index 000000000..c00446c10 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/microprofile-x.y.yaml new file mode 100755 index 000000000..d15f527d9 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,37 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/nodejs.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/nodejs.yaml new file mode 100755 index 000000000..d772a16c0 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/nodejs.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/quarkus.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/quarkus.yaml new file mode 100755 index 000000000..4fc3e9ac0 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/quarkus.yaml @@ -0,0 +1,32 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml new file mode 100755 index 000000000..2ff4ae576 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/springboot-jvm.yaml new file mode 100755 index 000000000..8bd43055b --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/springboot-tomcat.yaml new file mode 100755 index 000000000..4b27aee4f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/thorntail.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/thorntail.yaml new file mode 100755 index 000000000..513488df4 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/thorntail.yaml @@ -0,0 +1,21 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/tomcat.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/tomcat.yaml new file mode 100755 index 000000000..28fd7f1cc --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/tomcat.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-client.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-client.yaml new file mode 100755 index 000000000..17392d87f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-client.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-eventbus.yaml new file mode 100755 index 000000000..fa659b55c --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-jvm.yaml new file mode 100755 index 000000000..ac03ea2e0 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-pool.yaml new file mode 100755 index 000000000..3715e9c10 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-server.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-server.yaml new file mode 100755 index 000000000..686295468 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-server.yaml @@ -0,0 +1,61 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/deployment.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/deployment.yaml new file mode 100755 index 000000000..de5ae7ebe --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/deployment.yaml @@ -0,0 +1,174 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + {{- if .Values.deployment.pod_labels }} + {{- toYaml .Values.deployment.pod_labels | nindent 8 }} + {{- end }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: null + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LOG_LEVEL + value: "{{ include "kiali-server.logLevel" . }}" + - name: LOG_FORMAT + value: "{{ .Values.deployment.logger.log_format }}" + - name: LOG_TIME_FIELD_FORMAT + value: "{{ .Values.deployment.logger.time_field_format }}" + - name: LOG_SAMPLER_RATE + value: "{{ .Values.deployment.logger.sampler_rate }}" + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/hpa.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/hpa.yaml new file mode 100755 index 000000000..934c4c1e9 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/hpa.yaml @@ -0,0 +1,17 @@ +{{- if .Values.deployment.hpa.spec }} +--- +apiVersion: {{ .Values.deployment.hpa.api_version }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "kiali-server.fullname" . }} + {{- toYaml .Values.deployment.hpa.spec | nindent 2 }} +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/ingress.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/ingress.yaml new file mode 100755 index 000000000..e4c98db1b --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/ingress.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/oauth.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/oauth.yaml new file mode 100755 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/psp.yaml new file mode 100755 index 000000000..f891892cc --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/psp.yaml @@ -0,0 +1,67 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-psp +subjects: + - kind: ServiceAccount + name: kiali +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "kiali-server.fullname" . }}-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/role-controlplane.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/role-controlplane.yaml new file mode 100755 index 000000000..a22c76756 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/role-controlplane.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - secrets + verbs: + - list +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/role-viewer.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/role-viewer.yaml new file mode 100755 index 000000000..a496c0828 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/role-viewer.yaml @@ -0,0 +1,96 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/role.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/role.yaml new file mode 100755 index 000000000..bd51e8d5e --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/role.yaml @@ -0,0 +1,107 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/rolebinding-controlplane.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/rolebinding-controlplane.yaml new file mode 100755 index 000000000..fcd8fd579 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/rolebinding-controlplane.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kiali-controlplane +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/rolebinding.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/rolebinding.yaml new file mode 100755 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/route.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/route.yaml new file mode 100755 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/service.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/service.yaml new file mode 100755 index 000000000..69dc395d1 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/service.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/serviceaccount.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/serviceaccount.yaml new file mode 100755 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/validate-install-crd.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/validate-install-crd.yaml new file mode 100755 index 000000000..b42eeb266 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/web-root-configmap.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/web-root-configmap.yaml new file mode 100755 index 000000000..970d4e4f5 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/values.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/values.yaml new file mode 100755 index 000000000..39255bc38 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/values.yaml @@ -0,0 +1,93 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + hpa: + api_version: "autoscaling/v2beta2" + spec: {} + repository: rancher/mirrored-kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.29.0 + ingress_enabled: true + logger: + log_format: "text" + log_level: "info" + time_field_format: "2006-01-02T15:04:05Z07:00" + sampler_rate: "1" + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + pod_labels: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + version_label: v1.29.0 + view_only_mode: false + +external_services: + custom_dashboards: + enabled: true + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: + rbac: + pspEnabled: false diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/.helmignore b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/Chart.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/Chart.yaml new file mode 100755 index 000000000..6e368616d --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/Chart.yaml @@ -0,0 +1,12 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: istio-system + catalog.rancher.io/release-name: rancher-tracing +apiVersion: v1 +appVersion: 1.20.0 +description: A quick start Jaeger Tracing installation using the all-in-one demo. + This is not production qualified. Refer to https://www.jaegertracing.io/ for details. +name: tracing +version: 1.20.1 diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/README.md b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/README.md new file mode 100755 index 000000000..25534c628 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/README.md @@ -0,0 +1,5 @@ +# Jaeger + +A Rancher chart based on the Jaeger all-in-one quick installation option. This chart will allow you to trace and monitor distributed microservices. + +> **Note:** The basic all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io) documentation to determine which installation you will need for your production needs. diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/_affinity.tpl b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/_affinity.tpl new file mode 100755 index 000000000..bf6a9aee5 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/_affinity.tpl @@ -0,0 +1,92 @@ +{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} +{{- define "nodeAffinity" }} + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityRequiredDuringScheduling" . }} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityPreferredDuringScheduling" . }} +{{- end }} + +{{- define "nodeAffinityRequiredDuringScheduling" }} + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - {{ $key | quote }} + {{- end }} + {{- end }} + {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} + {{- range $key, $val := $nodeSelector }} + - key: {{ $key }} + operator: In + values: + - {{ $val | quote }} + {{- end }} +{{- end }} + +{{- define "nodeAffinityPreferredDuringScheduling" }} + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - weight: {{ $val | int }} + preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - {{ $key | quote }} + {{- end }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinity" }} +{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} + podAntiAffinity: + {{- if .Values.podAntiAffinityLabelSelector }} + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityRequiredDuringScheduling" . }} + {{- end }} + {{- if or .Values.podAntiAffinityTermLabelSelector}} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityPreferredDuringScheduling" . }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "podAntiAffinityRequiredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} + - labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinityPreferredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + weight: 100 + {{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/_helpers.tpl b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/_helpers.tpl new file mode 100755 index 000000000..56cfa7335 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "tracing.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "tracing.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/deployment.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/deployment.yaml new file mode 100755 index 000000000..25bb67fd3 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/deployment.yaml @@ -0,0 +1,86 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + selector: + matchLabels: + app: {{ .Values.provider }} + template: + metadata: + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + annotations: + sidecar.istio.io/inject: "false" + prometheus.io/scrape: "true" + prometheus.io/port: "14269" +{{- if .Values.jaeger.podAnnotations }} +{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} +{{- end }} + spec: + containers: + - name: jaeger + image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + env: + {{- if eq .Values.jaeger.spanStorageType "badger" }} + - name: BADGER_EPHEMERAL + value: "false" + - name: SPAN_STORAGE_TYPE + value: "badger" + - name: BADGER_DIRECTORY_VALUE + value: "/badger/data" + - name: BADGER_DIRECTORY_KEY + value: "/badger/key" + {{- end }} + - name: COLLECTOR_ZIPKIN_HTTP_PORT + value: "9411" + - name: MEMORY_MAX_TRACES + value: "{{ .Values.jaeger.memory.max_traces }}" + - name: QUERY_BASE_PATH + value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} + livenessProbe: + httpGet: + path: / + port: 14269 + readinessProbe: + httpGet: + path: / + port: 14269 +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumeMounts: + - name: data + mountPath: /badger +{{- end }} + resources: +{{- if .Values.jaeger.resources }} +{{ toYaml .Values.jaeger.resources | indent 12 }} +{{- else }} +{{ toYaml .Values.global.defaultResources | indent 12 }} +{{- end }} + affinity: + {{- include "nodeAffinity" . | indent 6 }} + {{- include "podAntiAffinity" . | indent 6 }} + {{- if .Values.global.rbac.pspEnabled }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + serviceAccountName: {{ include "tracing.fullname" . }} + {{- end }} +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumes: + - name: data +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} + persistentVolumeClaim: + claimName: istio-jaeger-pvc +{{- else }} + emptyDir: {} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/psp.yaml new file mode 100755 index 000000000..44b230492 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/psp.yaml @@ -0,0 +1,86 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "tracing.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "tracing.fullname" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "tracing.fullname" . }} + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - emptyDir + - secret + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/pvc.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/pvc.yaml new file mode 100755 index 000000000..9b4c55e4f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/pvc.yaml @@ -0,0 +1,16 @@ +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: istio-jaeger-pvc + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} +spec: + storageClassName: {{ .Values.jaeger.storageClassName }} + accessModes: + - {{ .Values.jaeger.accessMode }} + resources: + requests: + storage: {{.Values.jaeger.persistentVolumeClaim.storage }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/service.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/service.yaml new file mode 100755 index 000000000..4210a9b5f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/service.yaml @@ -0,0 +1,63 @@ +apiVersion: v1 +kind: Service +metadata: + name: tracing + namespace: {{ .Release.Namespace }} + annotations: + {{- range $key, $val := .Values.service.annotations }} + {{ $key }}: {{ $val | quote }} + {{- end }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: {{ .Values.service.type }} + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.service.externalPort }} + protocol: TCP + targetPort: 16686 + selector: + app: {{ .Values.provider }} +--- +# Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin. +apiVersion: v1 +kind: Service +metadata: + name: zipkin + namespace: {{ .Release.Namespace }} + labels: + name: zipkin + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.zipkin.queryPort }} + targetPort: {{ .Values.zipkin.queryPort }} + selector: + app: {{ .Values.provider }} +--- +apiVersion: v1 +kind: Service +metadata: + name: jaeger-collector + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: ClusterIP + ports: + - name: jaeger-collector-http + port: 14268 + targetPort: 14268 + protocol: TCP + - name: jaeger-collector-grpc + port: 14250 + targetPort: 14250 + protocol: TCP + selector: + app: {{ .Values.provider }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/values.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/values.yaml new file mode 100755 index 000000000..18ff81c3c --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/values.yaml @@ -0,0 +1,44 @@ +provider: jaeger +contextPath: "" +nodeSelector: {} +podAntiAffinityLabelSelector: [] +podAntiAffinityTermLabelSelector: [] +nameOverride: "" +fullnameOverride: "" + +global: + cattle: + systemDefaultRegistry: "" + defaultResources: {} + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + arch: + amd64: 2 + s390x: 2 + ppc64le: 2 + defaultNodeSelector: {} + rbac: + pspEnabled: false + +jaeger: + repository: rancher/mirrored-jaegertracing-all-in-one + tag: 1.20.0 + # spanStorageType value can be "memory" and "badger" for all-in-one image + spanStorageType: badger + resources: + requests: + cpu: 10m + persistentVolumeClaim: + enabled: false + storage: 5Gi + storageClassName: "" + accessMode: ReadWriteMany + memory: + max_traces: 50000 +zipkin: + queryPort: 9411 +service: + annotations: {} + name: http-query + type: ClusterIP + externalPort: 16686 diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/configs/istio-base.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/configs/istio-base.yaml new file mode 100755 index 000000000..c484f5988 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/configs/istio-base.yaml @@ -0,0 +1,85 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + addonComponents: + istiocoredns: + enabled: {{ .Values.istiocoredns.enabled }} + components: + base: + enabled: {{ .Values.base.enabled }} + cni: + enabled: {{ .Values.cni.enabled }} + egressGateways: + - enabled: {{ .Values.egressGateways.enabled }} + name: istio-egressgateway + ingressGateways: + - enabled: {{ .Values.ingressGateways.enabled }} + name: istio-ingressgateway + k8s: + service: + ports: + - name: status-port + port: 15021 + targetPort: 15021 + - name: http2 + port: 80 + targetPort: 8080 + nodePort: 31380 + - name: https + port: 443 + targetPort: 8443 + nodePort: 31390 + - name: tcp + port: 31400 + targetPort: 31400 + nodePort: 31400 + - name: tls + port: 15443 + targetPort: 15443 + istiodRemote: + enabled: {{ .Values.istiodRemote.enabled }} + pilot: + enabled: {{ .Values.pilot.enabled }} + hub: {{ .Values.systemDefaultRegistry | default "docker.io" }} + profile: default + tag: {{ .Values.tag }} + revision: {{ .Values.revision }} + meshConfig: + enablePrometheusMerge: {{ .Values.meshConfig.enablePrometheusMerge }} + values: + gateways: + istio-egressgateway: + name: istio-egressgateway + type: {{ .Values.egressGateways.type }} + istio-ingressgateway: + name: istio-ingressgateway + type: {{ .Values.ingressGateways.type }} + global: + istioNamespace: {{ template "istio.namespace" . }} + proxy: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }} + proxy_init: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }} + {{- if .Values.global.defaultPodDisruptionBudget.enabled }} + defaultPodDisruptionBudget: + enabled: {{ .Values.global.defaultPodDisruptionBudget.enabled }} + {{- end }} + istiocoredns: + coreDNSImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.image.repository }} + coreDNSPluginImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.pluginImage.repository }}:{{ .Values.istiocoredns.pluginImage.tag }} + coreDNSTag: {{ .Values.istiocoredns.image.tag }} + {{- if .Values.pilot.enabled }} + pilot: + image: {{ template "system_default_registry" . }}{{ .Values.pilot.repository }}:{{ .Values.pilot.tag }} + {{- end }} + telemetry: + enabled: {{ .Values.telemetry.enabled }} + v2: + enabled: {{ .Values.telemetry.v2.enabled }} + {{- if .Values.cni.enabled }} + cni: + image: {{ template "system_default_registry" . }}{{ .Values.cni.repository }}:{{ .Values.cni.tag }} + excludeNamespaces: + {{- toYaml .Values.cni.excludeNamespaces | nindent 8 }} + logLevel: {{ .Values.cni.logLevel }} + {{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/requirements.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/requirements.yaml new file mode 100755 index 000000000..b60745780 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/requirements.yaml @@ -0,0 +1,17 @@ +dependencies: +- name: kiali + version: "" + repository: file://./charts/kiali + condition: kiali.enabled + tags: [] + enabled: false + importvalues: [] + alias: "" +- name: tracing + version: "" + repository: file://./charts/tracing + condition: tracing.enabled + tags: [] + enabled: false + importvalues: [] + alias: "" diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/samples/overlay-example.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/samples/overlay-example.yaml new file mode 100755 index 000000000..5cf3cf3b0 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/samples/overlay-example.yaml @@ -0,0 +1,37 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + components: + ingressGateways: + - enabled: true + name: ilb-gateway + namespace: user-ingressgateway-ns + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal + - enabled: true + name: other-gateway + namespace: cattle-istio-system + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/_helpers.tpl b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/_helpers.tpl new file mode 100755 index 000000000..3f7af953a --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/_helpers.tpl @@ -0,0 +1,12 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "istio.namespace" -}} + {{- .Release.Namespace | default "istio-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/admin-role.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/admin-role.yaml new file mode 100755 index 000000000..ad1313c4f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/admin-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: istio-admin + namespace: {{ template "istio.namespace" . }} +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/base-config-map.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/base-config-map.yaml new file mode 100755 index 000000000..5323917bc --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/base-config-map.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-base + namespace: {{ template "istio.namespace" . }} +data: +{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/clusterrole.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/clusterrole.yaml new file mode 100755 index 000000000..a93b3df95 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/clusterrole.yaml @@ -0,0 +1,120 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-installer +rules: +# istio groups +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - install.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - rbac.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - security.istio.io + resources: + - '*' + verbs: + - '*' +# k8s groups +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions.apiextensions.k8s.io + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - apps + - extensions + resources: + - daemonsets + - deployments + - deployments/finalizers + - ingresses + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - pods + - pods/exec + - persistentvolumeclaims + - secrets + - services + - serviceaccounts + verbs: + - '*' +- apiGroups: + - policy + resourceNames: + - istio-installer + resources: + - podsecuritypolicies + verbs: + - use diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/clusterrolebinding.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..9d74a0434 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: istio-installer +subjects: +- kind: ServiceAccount + name: istio-installer + namespace: {{ template "istio.namespace" . }} +roleRef: + kind: ClusterRole + name: istio-installer + apiGroup: rbac.authorization.k8s.io diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/edit-role.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/edit-role.yaml new file mode 100755 index 000000000..d1059d58d --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/edit-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-edit +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-cni-psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-cni-psp.yaml new file mode 100755 index 000000000..5b94c8503 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-cni-psp.yaml @@ -0,0 +1,51 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +spec: + allowPrivilegeEscalation: true + fsGroup: + rule: RunAsAny + hostNetwork: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - secret + - configMap + - emptyDir + - hostPath +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: psp-istio-cni +subjects: + - kind: ServiceAccount + name: istio-cni +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +rules: +- apiGroups: + - policy + resourceNames: + - psp-istio-cni + resources: + - podsecuritypolicies + verbs: + - use +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-install-job.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-install-job.yaml new file mode 100755 index 000000000..9a13f5698 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-install-job.yaml @@ -0,0 +1,50 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-installer + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + backoffLimit: 1 + template: + spec: + containers: + - name: istioctl-installer + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + - name: FORCE_INSTALL + value: {{ .Values.forceInstall | default "false" | quote }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/run.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{- end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{- end }} + serviceAccountName: istio-installer + {{- if .Values.global.rbac.pspEnabled }} + securityContext: + runAsUser: 101 + runAsGroup: 101 + {{- end }} + restartPolicy: Never diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-install-psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-install-psp.yaml new file mode 100755 index 000000000..f0b5ee565 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-install-psp.yaml @@ -0,0 +1,30 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-psp.yaml new file mode 100755 index 000000000..b3758b74f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-psp.yaml @@ -0,0 +1,81 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: istio-psp +subjects: + - kind: ServiceAccount + name: istio-egressgateway-service-account + - kind: ServiceAccount + name: istio-ingressgateway-service-account + - kind: ServiceAccount + name: istio-mixer-service-account + - kind: ServiceAccount + name: istio-operator-authproxy + - kind: ServiceAccount + name: istiod-service-account + - kind: ServiceAccount + name: istio-sidecar-injector-service-account + - kind: ServiceAccount + name: istiocoredns-service-account + - kind: ServiceAccount + name: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +rules: +- apiGroups: + - policy + resourceNames: + - istio-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-uninstall-job.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-uninstall-job.yaml new file mode 100755 index 000000000..a7f156325 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-uninstall-job.yaml @@ -0,0 +1,45 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-uninstaller + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + spec: + containers: + - name: istioctl-uninstaller + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/uninstall_istio_system.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{ end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{ end }} + serviceAccountName: istio-installer + securityContext: + runAsUser: 101 + runAsGroup: 101 + restartPolicy: OnFailure diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/overlay-config-map.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/overlay-config-map.yaml new file mode 100755 index 000000000..287d26b2c --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/overlay-config-map.yaml @@ -0,0 +1,9 @@ +{{- if .Values.overlayFile }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-overlay + namespace: {{ template "istio.namespace" . }} +data: + overlay-config.yaml: {{ toYaml .Values.overlayFile | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/service-monitors.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/service-monitors.yaml new file mode 100755 index 000000000..c3d60c4fc --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/service-monitors.yaml @@ -0,0 +1,51 @@ +{{- if .Values.kiali.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: envoy-stats-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-proxies +spec: + selector: + matchExpressions: + - {key: istio-prometheus-ignore, operator: DoesNotExist} + namespaceSelector: + any: true + jobLabel: envoy-stats + endpoints: + - path: /stats/prometheus + targetPort: 15090 + interval: 15s + relabelings: + - sourceLabels: [__meta_kubernetes_pod_container_port_name] + action: keep + regex: '.*-envoy-prom' + - action: labeldrop + regex: "__meta_kubernetes_pod_label_(.+)" + - sourceLabels: [__meta_kubernetes_namespace] + action: replace + targetLabel: namespace + - sourceLabels: [__meta_kubernetes_pod_name] + action: replace + targetLabel: pod_name +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: istio-component-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-components +spec: + jobLabel: istio + targetLabels: [app] + selector: + matchExpressions: + - {key: istio, operator: In, values: [pilot]} + namespaceSelector: + any: true + endpoints: + - port: http-monitoring + interval: 15s +{{- end -}} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/serviceaccount.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/serviceaccount.yaml new file mode 100755 index 000000000..82b6cbb7e --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/view-role.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/view-role.yaml new file mode 100755 index 000000000..5947d3eba --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/view-role.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-view +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: ["get", "watch", "list"] + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: ["get", "watch", "list"] diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/values.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/values.yaml new file mode 100755 index 000000000..94ab4b032 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/values.yaml @@ -0,0 +1,94 @@ +overlayFile: "" +tag: 1.8.3 +##Setting forceInstall: true will remove the check for istio version < 1.6.x and will not analyze your install cluster prior to install +forceInstall: false + +installer: + repository: rancher/istio-installer + tag: 1.8.3-rancher1 + +istiocoredns: + enabled: false + image: + repository: rancher/mirrored-coredns-coredns + tag: 1.6.2 + pluginImage: + repository: rancher/mirrored-istio-coredns-plugin + tag: 0.2-istio-1.1 + +base: + enabled: true + +cni: + enabled: false + repository: rancher/mirrored-istio-install-cni + tag: 1.8.3 + logLevel: info + excludeNamespaces: + - istio-system + - kube-system + +egressGateways: + enabled: false + type: NodePort + +ingressGateways: + enabled: true + type: NodePort + +istiodRemote: + enabled: false + +pilot: + enabled: true + repository: rancher/mirrored-istio-pilot + tag: 1.8.3 + +telemetry: + enabled: true + v2: + enabled: true + +global: + cattle: + systemDefaultRegistry: "" + proxy: + repository: rancher/mirrored-istio-proxyv2 + tag: 1.8.3 + proxy_init: + repository: rancher/mirrored-istio-proxyv2 + tag: 1.8.3 + defaultPodDisruptionBudget: + enabled: true + rbac: + pspEnabled: false + +# this can be removed in 1.7 as it is default +meshConfig: + enablePrometheusMerge: true + +# Kiali subchart from rancher-kiali-server +kiali: + enabled: true + auth: + strategy: anonymous + deployment: + ingress_enabled: false + repository: rancher/mirrored-kiali-kiali + tag: v1.29.0 + external_services: + prometheus: + custom_metrics_url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + tracing: + in_cluster_url: "http://tracing.istio-system.svc:16686/jaeger" + grafana: + in_cluster_url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" + url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" + +tracing: + enabled: false + contextPath: "/jaeger" + jaeger: + repository: rancher/mirrored-jaegertracing-all-in-one + tag: 1.20.0 diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/Chart.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/Chart.yaml new file mode 100755 index 000000000..d420915c8 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/Chart.yaml @@ -0,0 +1,21 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.32.100 + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Istio + catalog.cattle.io/namespace: istio-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 + catalog.cattle.io/release-name: rancher-istio + catalog.cattle.io/requests-cpu: 710m + catalog.cattle.io/requests-memory: 2314Mi + catalog.cattle.io/ui-component: istio +apiVersion: v1 +appVersion: 1.8.4 +description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ + for details. +icon: https://charts.rancher.io/assets/logos/istio.svg +keywords: +- networking +- infrastructure +name: rancher-istio +version: 1.8.400 diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/README.md b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/README.md new file mode 100755 index 000000000..199e45312 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/README.md @@ -0,0 +1,69 @@ +# Rancher Istio Installers + +A Rancher created chart that packages the istioctl binary to install via a helm chart. + +# Installation Requirements + +## Chart Dependencies +- rancher-kiali-server-crd chart + +# Uninstallation Requirements +To ensure rancher-istio uninstalls correctly, you must uninstall rancher-istio prior to uninstalling chart dependencies (see installation requirements for chart dependencies). This is because all definitions need to be available in order to properly build the rancher-istio objects for removal. + +If you remove dependent CRD charts prior to removing rancher-istio, you may encounter the following error:: + +`Error: uninstallation completed with 1 error(s): unable to build kubernetes objects for delete: unable to recognize "": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"` + +# Addons + +## Kiali + +Kiali allows you to view and manage your istio-based service mesh through an easy to use dashboard. + +#### Dependencies +- rancher-monitoring chart or other Prometheus installation + +This dependecy installs the required CRDs for installing Kiali. Since Kiali is bundled in with Istio in this chart, if you do not have these dependencies installed, your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` when installing Istio for a succesful installation. + +> **Note:** The following configuration options assume you have installed the dependecies for Kiali. Please ensure you have Promtheus in your cluster before proceeding. + +The Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +#### External Services + +##### Prometheus +The `kiali.external_services.prometheus` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` being set in your rancher-monitoring or other monitoring instance. + +##### Grafana +The `kiali.external_services.grafana` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `grafana.service.port` being set in your rancher-monitoring or other monitoring instance. + +##### Tracing +The `kiali.external_services.tracing` url and `.Values.tracing.contextPath` is set in the rancher-istio values.yaml: +``` +http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} +``` +The url depends on the default values for `namespaceOverride`, and `.Values.service.externalPort` being set in your rancher-tracing or other tracing instance. + +## Jaeger + +Jaeger allows you to trace and monitor distributed microservices. + +> **Note:** This addon is using the all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io/docs/1.21/getting-started/) documentation to determine which installation you will need for your production needs. + +# Installation +``` +helm install rancher-istio . --create-namespace -n istio-system +``` \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/app-readme.md b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/app-readme.md new file mode 100755 index 000000000..0e42df083 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/app-readme.md @@ -0,0 +1,45 @@ +# Rancher Istio + +Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. It also includes: +* **[Kiali](https://kiali.io/)**: Used for graphing traffic flow throughout the mesh +* **[Jaeger](https://www.jaegertracing.io/)**: A quick start, all-in-one installation used for tracing distributed systemm. This is not production qualified, please refer to jaeger documentation to determine which installation you may need instead. + +### Dependencies + +**Rancher Monitoring or other Prometheus installation** + +The Prometheus CRDs are required for installing Kiali which is enabled by default. If you do not have Prometheus installed your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` to bypass this requirement. + +### Customization + +**Rancher Monitoring** + +The Rancher Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +**Custom Prometheus Installation with Kiali** + +To use a custom Monitoring installation, set the `kiali.external_services.prometheus` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` in your rancher-monitoring or other monitoring instance: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +**Custom Grafana Installation with Kiali** + +To use a custom Grafana installation, set the `kiali.external_services.grafana` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `granfa.service.port` in your rancher-monitoring or other grafana instance: +``` +http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} +``` +**Custom Tracing Installation with Kiali** + +To use a custom Tracing installation, set the `kiali.external_services.tracing` url and update the `.Values.tracing.contextPath` in the rancher-istio values.yaml. + +This url depends on the values for `namespaceOverride`, and `.Values.service.externalPort` in your rancher-tracing or other tracing instance.: +``` +http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} +``` + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/istio/v2.5/). diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/Chart.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/Chart.yaml new file mode 100755 index 000000000..9b6fdf385 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server +apiVersion: v2 +appVersion: v1.32.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: kiali +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.32.1 diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/NOTES.txt b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/NOTES.txt new file mode 100755 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/_helpers.tpl b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/_helpers.tpl new file mode 100755 index 000000000..dd33bbe48 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/_helpers.tpl @@ -0,0 +1,192 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Identifies the log_level with the old verbose_mode and the new log_level considered. +*/}} +{{- define "kiali-server.logLevel" -}} +{{- if .Values.deployment.verbose_mode -}} +{{- .Values.deployment.verbose_mode -}} +{{- else -}} +{{- .Values.deployment.logger.log_level -}} +{{- end -}} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: "kiali" +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- if .Values.external_services.custom_dashboards.enabled }} + {{- $includere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- $excludere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} + {{- else }} + {{- print "" }} + {{- end }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/cabundle.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/cabundle.yaml new file mode 100755 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/configmap.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/configmap.yaml new file mode 100755 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/envoy.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/envoy.yaml new file mode 100755 index 000000000..85b402017 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/envoy.yaml @@ -0,0 +1,56 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics + discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/go.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/go.yaml new file mode 100755 index 000000000..2d2f42a93 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/go.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/kiali.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/kiali.yaml new file mode 100755 index 000000000..b1f011b4f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/kiali.yaml @@ -0,0 +1,44 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100755 index 000000000..2e1ed5cff --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100755 index 000000000..d64596882 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,65 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100755 index 000000000..76e8d0a4a --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,68 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/microprofile-1.1.yaml new file mode 100755 index 000000000..1d4951196 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/microprofile-x.y.yaml new file mode 100755 index 000000000..57ddc60ef --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,38 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/nodejs.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/nodejs.yaml new file mode 100755 index 000000000..1ffe0aa10 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/nodejs.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/quarkus.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/quarkus.yaml new file mode 100755 index 000000000..cef5f3dce --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/quarkus.yaml @@ -0,0 +1,33 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml new file mode 100755 index 000000000..42d87d890 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/springboot-jvm.yaml new file mode 100755 index 000000000..ced3acdd9 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/springboot-tomcat.yaml new file mode 100755 index 000000000..c07016aa2 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/thorntail.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/thorntail.yaml new file mode 100755 index 000000000..6bd85e6f5 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/thorntail.yaml @@ -0,0 +1,22 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/tomcat.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/tomcat.yaml new file mode 100755 index 000000000..9a803342f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/tomcat.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-client.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-client.yaml new file mode 100755 index 000000000..2d591d6b0 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-client.yaml @@ -0,0 +1,60 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-eventbus.yaml new file mode 100755 index 000000000..65f9ee2ec --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-jvm.yaml new file mode 100755 index 000000000..2663186f3 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-pool.yaml new file mode 100755 index 000000000..f6af921b3 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,68 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-server.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-server.yaml new file mode 100755 index 000000000..de6b89df9 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-server.yaml @@ -0,0 +1,62 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/deployment.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/deployment.yaml new file mode 100755 index 000000000..100c57922 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/deployment.yaml @@ -0,0 +1,174 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + {{- if .Values.deployment.pod_labels }} + {{- toYaml .Values.deployment.pod_labels | nindent 8 }} + {{- end }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: "" + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LOG_LEVEL + value: "{{ include "kiali-server.logLevel" . }}" + - name: LOG_FORMAT + value: "{{ .Values.deployment.logger.log_format }}" + - name: LOG_TIME_FIELD_FORMAT + value: "{{ .Values.deployment.logger.time_field_format }}" + - name: LOG_SAMPLER_RATE + value: "{{ .Values.deployment.logger.sampler_rate }}" + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/hpa.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/hpa.yaml new file mode 100755 index 000000000..934c4c1e9 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/hpa.yaml @@ -0,0 +1,17 @@ +{{- if .Values.deployment.hpa.spec }} +--- +apiVersion: {{ .Values.deployment.hpa.api_version }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "kiali-server.fullname" . }} + {{- toYaml .Values.deployment.hpa.spec | nindent 2 }} +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/ingress.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/ingress.yaml new file mode 100755 index 000000000..e4c98db1b --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/ingress.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/oauth.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/oauth.yaml new file mode 100755 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/psp.yaml new file mode 100755 index 000000000..f891892cc --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/psp.yaml @@ -0,0 +1,67 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-psp +subjects: + - kind: ServiceAccount + name: kiali +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "kiali-server.fullname" . }}-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/role-controlplane.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/role-controlplane.yaml new file mode 100755 index 000000000..a22c76756 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/role-controlplane.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - secrets + verbs: + - list +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/role-viewer.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/role-viewer.yaml new file mode 100755 index 000000000..9fdd9fd1d --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/role-viewer.yaml @@ -0,0 +1,97 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/role.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/role.yaml new file mode 100755 index 000000000..8444bc753 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/role.yaml @@ -0,0 +1,108 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/rolebinding-controlplane.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/rolebinding-controlplane.yaml new file mode 100755 index 000000000..5a0015836 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/rolebinding-controlplane.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-controlplane +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/rolebinding.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/rolebinding.yaml new file mode 100755 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/route.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/route.yaml new file mode 100755 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/service.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/service.yaml new file mode 100755 index 000000000..9ccf4f388 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/service.yaml @@ -0,0 +1,47 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if and (not (empty .Values.server.web_fqdn)) (not (empty .Values.server.web_schema)) }} + {{- if empty .Values.server.web_port }} + kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}{{ default "" .Values.server.web_root }} + {{- else }} + kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}:{{ .Values.server.web_port }}{{(default "" .Values.server.web_root) }} + {{- end }} + {{- end }} + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/serviceaccount.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/serviceaccount.yaml new file mode 100755 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/validate-install-crd.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/validate-install-crd.yaml new file mode 100755 index 000000000..b42eeb266 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/web-root-configmap.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/web-root-configmap.yaml new file mode 100755 index 000000000..970d4e4f5 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/values.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/values.yaml new file mode 100755 index 000000000..aada4e09a --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/values.yaml @@ -0,0 +1,93 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + hpa: + api_version: "autoscaling/v2beta2" + spec: {} + repository: rancher/mirrored-kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.32.0 + ingress_enabled: true + logger: + log_format: "text" + log_level: "info" + time_field_format: "2006-01-02T15:04:05Z07:00" + sampler_rate: "1" + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + pod_labels: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + version_label: v1.32.0 + view_only_mode: false + +external_services: + custom_dashboards: + enabled: true + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: + rbac: + pspEnabled: false diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/.helmignore b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/Chart.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/Chart.yaml new file mode 100755 index 000000000..6e368616d --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/Chart.yaml @@ -0,0 +1,12 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: istio-system + catalog.rancher.io/release-name: rancher-tracing +apiVersion: v1 +appVersion: 1.20.0 +description: A quick start Jaeger Tracing installation using the all-in-one demo. + This is not production qualified. Refer to https://www.jaegertracing.io/ for details. +name: tracing +version: 1.20.1 diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/README.md b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/README.md new file mode 100755 index 000000000..25534c628 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/README.md @@ -0,0 +1,5 @@ +# Jaeger + +A Rancher chart based on the Jaeger all-in-one quick installation option. This chart will allow you to trace and monitor distributed microservices. + +> **Note:** The basic all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io) documentation to determine which installation you will need for your production needs. diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/_affinity.tpl b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/_affinity.tpl new file mode 100755 index 000000000..bf6a9aee5 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/_affinity.tpl @@ -0,0 +1,92 @@ +{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} +{{- define "nodeAffinity" }} + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityRequiredDuringScheduling" . }} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityPreferredDuringScheduling" . }} +{{- end }} + +{{- define "nodeAffinityRequiredDuringScheduling" }} + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - {{ $key | quote }} + {{- end }} + {{- end }} + {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} + {{- range $key, $val := $nodeSelector }} + - key: {{ $key }} + operator: In + values: + - {{ $val | quote }} + {{- end }} +{{- end }} + +{{- define "nodeAffinityPreferredDuringScheduling" }} + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - weight: {{ $val | int }} + preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - {{ $key | quote }} + {{- end }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinity" }} +{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} + podAntiAffinity: + {{- if .Values.podAntiAffinityLabelSelector }} + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityRequiredDuringScheduling" . }} + {{- end }} + {{- if or .Values.podAntiAffinityTermLabelSelector}} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityPreferredDuringScheduling" . }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "podAntiAffinityRequiredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} + - labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinityPreferredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + weight: 100 + {{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/_helpers.tpl b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/_helpers.tpl new file mode 100755 index 000000000..56cfa7335 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "tracing.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "tracing.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/deployment.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/deployment.yaml new file mode 100755 index 000000000..25bb67fd3 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/deployment.yaml @@ -0,0 +1,86 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + selector: + matchLabels: + app: {{ .Values.provider }} + template: + metadata: + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + annotations: + sidecar.istio.io/inject: "false" + prometheus.io/scrape: "true" + prometheus.io/port: "14269" +{{- if .Values.jaeger.podAnnotations }} +{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} +{{- end }} + spec: + containers: + - name: jaeger + image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + env: + {{- if eq .Values.jaeger.spanStorageType "badger" }} + - name: BADGER_EPHEMERAL + value: "false" + - name: SPAN_STORAGE_TYPE + value: "badger" + - name: BADGER_DIRECTORY_VALUE + value: "/badger/data" + - name: BADGER_DIRECTORY_KEY + value: "/badger/key" + {{- end }} + - name: COLLECTOR_ZIPKIN_HTTP_PORT + value: "9411" + - name: MEMORY_MAX_TRACES + value: "{{ .Values.jaeger.memory.max_traces }}" + - name: QUERY_BASE_PATH + value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} + livenessProbe: + httpGet: + path: / + port: 14269 + readinessProbe: + httpGet: + path: / + port: 14269 +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumeMounts: + - name: data + mountPath: /badger +{{- end }} + resources: +{{- if .Values.jaeger.resources }} +{{ toYaml .Values.jaeger.resources | indent 12 }} +{{- else }} +{{ toYaml .Values.global.defaultResources | indent 12 }} +{{- end }} + affinity: + {{- include "nodeAffinity" . | indent 6 }} + {{- include "podAntiAffinity" . | indent 6 }} + {{- if .Values.global.rbac.pspEnabled }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + serviceAccountName: {{ include "tracing.fullname" . }} + {{- end }} +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumes: + - name: data +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} + persistentVolumeClaim: + claimName: istio-jaeger-pvc +{{- else }} + emptyDir: {} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/psp.yaml new file mode 100755 index 000000000..44b230492 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/psp.yaml @@ -0,0 +1,86 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "tracing.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "tracing.fullname" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "tracing.fullname" . }} + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - emptyDir + - secret + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/pvc.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/pvc.yaml new file mode 100755 index 000000000..9b4c55e4f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/pvc.yaml @@ -0,0 +1,16 @@ +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: istio-jaeger-pvc + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} +spec: + storageClassName: {{ .Values.jaeger.storageClassName }} + accessModes: + - {{ .Values.jaeger.accessMode }} + resources: + requests: + storage: {{.Values.jaeger.persistentVolumeClaim.storage }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/service.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/service.yaml new file mode 100755 index 000000000..4210a9b5f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/service.yaml @@ -0,0 +1,63 @@ +apiVersion: v1 +kind: Service +metadata: + name: tracing + namespace: {{ .Release.Namespace }} + annotations: + {{- range $key, $val := .Values.service.annotations }} + {{ $key }}: {{ $val | quote }} + {{- end }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: {{ .Values.service.type }} + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.service.externalPort }} + protocol: TCP + targetPort: 16686 + selector: + app: {{ .Values.provider }} +--- +# Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin. +apiVersion: v1 +kind: Service +metadata: + name: zipkin + namespace: {{ .Release.Namespace }} + labels: + name: zipkin + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.zipkin.queryPort }} + targetPort: {{ .Values.zipkin.queryPort }} + selector: + app: {{ .Values.provider }} +--- +apiVersion: v1 +kind: Service +metadata: + name: jaeger-collector + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: ClusterIP + ports: + - name: jaeger-collector-http + port: 14268 + targetPort: 14268 + protocol: TCP + - name: jaeger-collector-grpc + port: 14250 + targetPort: 14250 + protocol: TCP + selector: + app: {{ .Values.provider }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/values.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/values.yaml new file mode 100755 index 000000000..18ff81c3c --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/values.yaml @@ -0,0 +1,44 @@ +provider: jaeger +contextPath: "" +nodeSelector: {} +podAntiAffinityLabelSelector: [] +podAntiAffinityTermLabelSelector: [] +nameOverride: "" +fullnameOverride: "" + +global: + cattle: + systemDefaultRegistry: "" + defaultResources: {} + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + arch: + amd64: 2 + s390x: 2 + ppc64le: 2 + defaultNodeSelector: {} + rbac: + pspEnabled: false + +jaeger: + repository: rancher/mirrored-jaegertracing-all-in-one + tag: 1.20.0 + # spanStorageType value can be "memory" and "badger" for all-in-one image + spanStorageType: badger + resources: + requests: + cpu: 10m + persistentVolumeClaim: + enabled: false + storage: 5Gi + storageClassName: "" + accessMode: ReadWriteMany + memory: + max_traces: 50000 +zipkin: + queryPort: 9411 +service: + annotations: {} + name: http-query + type: ClusterIP + externalPort: 16686 diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/configs/istio-base.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/configs/istio-base.yaml new file mode 100755 index 000000000..7ff972e2d --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/configs/istio-base.yaml @@ -0,0 +1,89 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + addonComponents: + istiocoredns: + enabled: {{ .Values.istiocoredns.enabled }} + components: + base: + enabled: {{ .Values.base.enabled }} + cni: + enabled: {{ .Values.cni.enabled }} + egressGateways: + - enabled: {{ .Values.egressGateways.enabled }} + name: istio-egressgateway + ingressGateways: + - enabled: {{ .Values.ingressGateways.enabled }} + name: istio-ingressgateway + k8s: + service: + ports: + - name: status-port + port: 15021 + targetPort: 15021 + - name: http2 + port: 80 + targetPort: 8080 + nodePort: 31380 + - name: https + port: 443 + targetPort: 8443 + nodePort: 31390 + - name: tcp + port: 31400 + targetPort: 31400 + nodePort: 31400 + - name: tls + port: 15443 + targetPort: 15443 + istiodRemote: + enabled: {{ .Values.istiodRemote.enabled }} + pilot: + enabled: {{ .Values.pilot.enabled }} + hub: {{ .Values.systemDefaultRegistry | default "docker.io" }} + profile: default + tag: {{ .Values.tag }} + revision: {{ .Values.revision }} + meshConfig: + defaultConfig: + proxyMetadata: + {{- if .Values.dns.enabled }} + ISTIO_META_DNS_CAPTURE: "true" + {{- end }} + values: + gateways: + istio-egressgateway: + name: istio-egressgateway + type: {{ .Values.egressGateways.type }} + istio-ingressgateway: + name: istio-ingressgateway + type: {{ .Values.ingressGateways.type }} + global: + istioNamespace: {{ template "istio.namespace" . }} + proxy: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }} + proxy_init: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }} + {{- if .Values.global.defaultPodDisruptionBudget.enabled }} + defaultPodDisruptionBudget: + enabled: {{ .Values.global.defaultPodDisruptionBudget.enabled }} + {{- end }} + istiocoredns: + coreDNSImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.image.repository }} + coreDNSPluginImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.pluginImage.repository }}:{{ .Values.istiocoredns.pluginImage.tag }} + coreDNSTag: {{ .Values.istiocoredns.image.tag }} + {{- if .Values.pilot.enabled }} + pilot: + image: {{ template "system_default_registry" . }}{{ .Values.pilot.repository }}:{{ .Values.pilot.tag }} + {{- end }} + telemetry: + enabled: {{ .Values.telemetry.enabled }} + v2: + enabled: {{ .Values.telemetry.v2.enabled }} + {{- if .Values.cni.enabled }} + cni: + image: {{ template "system_default_registry" . }}{{ .Values.cni.repository }}:{{ .Values.cni.tag }} + excludeNamespaces: + {{- toYaml .Values.cni.excludeNamespaces | nindent 8 }} + logLevel: {{ .Values.cni.logLevel }} + {{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/requirements.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/requirements.yaml new file mode 100755 index 000000000..b60745780 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/requirements.yaml @@ -0,0 +1,17 @@ +dependencies: +- name: kiali + version: "" + repository: file://./charts/kiali + condition: kiali.enabled + tags: [] + enabled: false + importvalues: [] + alias: "" +- name: tracing + version: "" + repository: file://./charts/tracing + condition: tracing.enabled + tags: [] + enabled: false + importvalues: [] + alias: "" diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/samples/overlay-example.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/samples/overlay-example.yaml new file mode 100755 index 000000000..5cf3cf3b0 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/samples/overlay-example.yaml @@ -0,0 +1,37 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + components: + ingressGateways: + - enabled: true + name: ilb-gateway + namespace: user-ingressgateway-ns + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal + - enabled: true + name: other-gateway + namespace: cattle-istio-system + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/_helpers.tpl b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/_helpers.tpl new file mode 100755 index 000000000..3f7af953a --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/_helpers.tpl @@ -0,0 +1,12 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "istio.namespace" -}} + {{- .Release.Namespace | default "istio-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/admin-role.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/admin-role.yaml new file mode 100755 index 000000000..ad1313c4f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/admin-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: istio-admin + namespace: {{ template "istio.namespace" . }} +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/base-config-map.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/base-config-map.yaml new file mode 100755 index 000000000..5323917bc --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/base-config-map.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-base + namespace: {{ template "istio.namespace" . }} +data: +{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/clusterrole.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/clusterrole.yaml new file mode 100755 index 000000000..a93b3df95 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/clusterrole.yaml @@ -0,0 +1,120 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-installer +rules: +# istio groups +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - install.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - rbac.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - security.istio.io + resources: + - '*' + verbs: + - '*' +# k8s groups +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions.apiextensions.k8s.io + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - apps + - extensions + resources: + - daemonsets + - deployments + - deployments/finalizers + - ingresses + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - pods + - pods/exec + - persistentvolumeclaims + - secrets + - services + - serviceaccounts + verbs: + - '*' +- apiGroups: + - policy + resourceNames: + - istio-installer + resources: + - podsecuritypolicies + verbs: + - use diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/clusterrolebinding.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..9d74a0434 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: istio-installer +subjects: +- kind: ServiceAccount + name: istio-installer + namespace: {{ template "istio.namespace" . }} +roleRef: + kind: ClusterRole + name: istio-installer + apiGroup: rbac.authorization.k8s.io diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/edit-role.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/edit-role.yaml new file mode 100755 index 000000000..d1059d58d --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/edit-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-edit +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-cni-psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-cni-psp.yaml new file mode 100755 index 000000000..5b94c8503 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-cni-psp.yaml @@ -0,0 +1,51 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +spec: + allowPrivilegeEscalation: true + fsGroup: + rule: RunAsAny + hostNetwork: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - secret + - configMap + - emptyDir + - hostPath +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: psp-istio-cni +subjects: + - kind: ServiceAccount + name: istio-cni +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +rules: +- apiGroups: + - policy + resourceNames: + - psp-istio-cni + resources: + - podsecuritypolicies + verbs: + - use +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-install-job.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-install-job.yaml new file mode 100755 index 000000000..9a13f5698 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-install-job.yaml @@ -0,0 +1,50 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-installer + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + backoffLimit: 1 + template: + spec: + containers: + - name: istioctl-installer + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + - name: FORCE_INSTALL + value: {{ .Values.forceInstall | default "false" | quote }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/run.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{- end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{- end }} + serviceAccountName: istio-installer + {{- if .Values.global.rbac.pspEnabled }} + securityContext: + runAsUser: 101 + runAsGroup: 101 + {{- end }} + restartPolicy: Never diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-install-psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-install-psp.yaml new file mode 100755 index 000000000..f0b5ee565 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-install-psp.yaml @@ -0,0 +1,30 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-psp.yaml new file mode 100755 index 000000000..b3758b74f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-psp.yaml @@ -0,0 +1,81 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: istio-psp +subjects: + - kind: ServiceAccount + name: istio-egressgateway-service-account + - kind: ServiceAccount + name: istio-ingressgateway-service-account + - kind: ServiceAccount + name: istio-mixer-service-account + - kind: ServiceAccount + name: istio-operator-authproxy + - kind: ServiceAccount + name: istiod-service-account + - kind: ServiceAccount + name: istio-sidecar-injector-service-account + - kind: ServiceAccount + name: istiocoredns-service-account + - kind: ServiceAccount + name: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +rules: +- apiGroups: + - policy + resourceNames: + - istio-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-uninstall-job.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-uninstall-job.yaml new file mode 100755 index 000000000..a7f156325 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-uninstall-job.yaml @@ -0,0 +1,45 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-uninstaller + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + spec: + containers: + - name: istioctl-uninstaller + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/uninstall_istio_system.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{ end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{ end }} + serviceAccountName: istio-installer + securityContext: + runAsUser: 101 + runAsGroup: 101 + restartPolicy: OnFailure diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/overlay-config-map.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/overlay-config-map.yaml new file mode 100755 index 000000000..287d26b2c --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/overlay-config-map.yaml @@ -0,0 +1,9 @@ +{{- if .Values.overlayFile }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-overlay + namespace: {{ template "istio.namespace" . }} +data: + overlay-config.yaml: {{ toYaml .Values.overlayFile | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/service-monitors.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/service-monitors.yaml new file mode 100755 index 000000000..c3d60c4fc --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/service-monitors.yaml @@ -0,0 +1,51 @@ +{{- if .Values.kiali.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: envoy-stats-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-proxies +spec: + selector: + matchExpressions: + - {key: istio-prometheus-ignore, operator: DoesNotExist} + namespaceSelector: + any: true + jobLabel: envoy-stats + endpoints: + - path: /stats/prometheus + targetPort: 15090 + interval: 15s + relabelings: + - sourceLabels: [__meta_kubernetes_pod_container_port_name] + action: keep + regex: '.*-envoy-prom' + - action: labeldrop + regex: "__meta_kubernetes_pod_label_(.+)" + - sourceLabels: [__meta_kubernetes_namespace] + action: replace + targetLabel: namespace + - sourceLabels: [__meta_kubernetes_pod_name] + action: replace + targetLabel: pod_name +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: istio-component-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-components +spec: + jobLabel: istio + targetLabels: [app] + selector: + matchExpressions: + - {key: istio, operator: In, values: [pilot]} + namespaceSelector: + any: true + endpoints: + - port: http-monitoring + interval: 15s +{{- end -}} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/serviceaccount.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/serviceaccount.yaml new file mode 100755 index 000000000..82b6cbb7e --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/view-role.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/view-role.yaml new file mode 100755 index 000000000..5947d3eba --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/view-role.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-view +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: ["get", "watch", "list"] + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: ["get", "watch", "list"] diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/values.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/values.yaml new file mode 100755 index 000000000..a641abdc1 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/values.yaml @@ -0,0 +1,95 @@ +overlayFile: "" +tag: 1.8.4 +##Setting forceInstall: true will remove the check for istio version < 1.6.x and will not analyze your install cluster prior to install +forceInstall: false + +installer: + repository: rancher/istio-installer + tag: 1.8.4-rancher1 + +##Deprecated as of 1.8, native support provided by enabling `dns.enabled=true` +istiocoredns: + enabled: false + image: + repository: rancher/mirrored-coredns-coredns + tag: 1.6.2 + pluginImage: + repository: rancher/mirrored-istio-coredns-plugin + tag: 0.2-istio-1.1 + +##Native support for dns added in 1.8 +dns: + enabled: false + +base: + enabled: true + +cni: + enabled: false + repository: rancher/mirrored-istio-install-cni + tag: 1.8.4 + logLevel: info + excludeNamespaces: + - istio-system + - kube-system + +egressGateways: + enabled: false + type: NodePort + +ingressGateways: + enabled: true + type: NodePort + +istiodRemote: + enabled: false + +pilot: + enabled: true + repository: rancher/mirrored-istio-pilot + tag: 1.8.4 + +telemetry: + enabled: true + v2: + enabled: true + +global: + cattle: + systemDefaultRegistry: "" + proxy: + repository: rancher/mirrored-istio-proxyv2 + tag: 1.8.4 + proxy_init: + repository: rancher/mirrored-istio-proxyv2 + tag: 1.8.4 + defaultPodDisruptionBudget: + enabled: true + rbac: + pspEnabled: false + +# Kiali subchart from rancher-kiali-server +kiali: + enabled: true + auth: + strategy: anonymous + deployment: + ingress_enabled: false + repository: rancher/mirrored-kiali-kiali + tag: v1.32.0 + external_services: + prometheus: + custom_metrics_url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + tracing: + in_cluster_url: "http://tracing.istio-system.svc:16686/jaeger" + grafana: + in_cluster_url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" + url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" + +tracing: + enabled: false + contextPath: "/jaeger" + jaeger: + repository: rancher/mirrored-jaegertracing-all-in-one + tag: 1.20.0 diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/Chart.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/Chart.yaml new file mode 100755 index 000000000..487e7401a --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/Chart.yaml @@ -0,0 +1,21 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.32.100 + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Istio + catalog.cattle.io/namespace: istio-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 + catalog.cattle.io/release-name: rancher-istio + catalog.cattle.io/requests-cpu: 710m + catalog.cattle.io/requests-memory: 2314Mi + catalog.cattle.io/ui-component: istio +apiVersion: v1 +appVersion: 1.8.5 +description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ + for details. +icon: https://charts.rancher.io/assets/logos/istio.svg +keywords: +- networking +- infrastructure +name: rancher-istio +version: 1.8.500 diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/README.md b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/README.md new file mode 100755 index 000000000..199e45312 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/README.md @@ -0,0 +1,69 @@ +# Rancher Istio Installers + +A Rancher created chart that packages the istioctl binary to install via a helm chart. + +# Installation Requirements + +## Chart Dependencies +- rancher-kiali-server-crd chart + +# Uninstallation Requirements +To ensure rancher-istio uninstalls correctly, you must uninstall rancher-istio prior to uninstalling chart dependencies (see installation requirements for chart dependencies). This is because all definitions need to be available in order to properly build the rancher-istio objects for removal. + +If you remove dependent CRD charts prior to removing rancher-istio, you may encounter the following error:: + +`Error: uninstallation completed with 1 error(s): unable to build kubernetes objects for delete: unable to recognize "": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"` + +# Addons + +## Kiali + +Kiali allows you to view and manage your istio-based service mesh through an easy to use dashboard. + +#### Dependencies +- rancher-monitoring chart or other Prometheus installation + +This dependecy installs the required CRDs for installing Kiali. Since Kiali is bundled in with Istio in this chart, if you do not have these dependencies installed, your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` when installing Istio for a succesful installation. + +> **Note:** The following configuration options assume you have installed the dependecies for Kiali. Please ensure you have Promtheus in your cluster before proceeding. + +The Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +#### External Services + +##### Prometheus +The `kiali.external_services.prometheus` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` being set in your rancher-monitoring or other monitoring instance. + +##### Grafana +The `kiali.external_services.grafana` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `grafana.service.port` being set in your rancher-monitoring or other monitoring instance. + +##### Tracing +The `kiali.external_services.tracing` url and `.Values.tracing.contextPath` is set in the rancher-istio values.yaml: +``` +http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} +``` +The url depends on the default values for `namespaceOverride`, and `.Values.service.externalPort` being set in your rancher-tracing or other tracing instance. + +## Jaeger + +Jaeger allows you to trace and monitor distributed microservices. + +> **Note:** This addon is using the all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io/docs/1.21/getting-started/) documentation to determine which installation you will need for your production needs. + +# Installation +``` +helm install rancher-istio . --create-namespace -n istio-system +``` \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/app-readme.md b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/app-readme.md new file mode 100755 index 000000000..0e42df083 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/app-readme.md @@ -0,0 +1,45 @@ +# Rancher Istio + +Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. It also includes: +* **[Kiali](https://kiali.io/)**: Used for graphing traffic flow throughout the mesh +* **[Jaeger](https://www.jaegertracing.io/)**: A quick start, all-in-one installation used for tracing distributed systemm. This is not production qualified, please refer to jaeger documentation to determine which installation you may need instead. + +### Dependencies + +**Rancher Monitoring or other Prometheus installation** + +The Prometheus CRDs are required for installing Kiali which is enabled by default. If you do not have Prometheus installed your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` to bypass this requirement. + +### Customization + +**Rancher Monitoring** + +The Rancher Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +**Custom Prometheus Installation with Kiali** + +To use a custom Monitoring installation, set the `kiali.external_services.prometheus` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` in your rancher-monitoring or other monitoring instance: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +**Custom Grafana Installation with Kiali** + +To use a custom Grafana installation, set the `kiali.external_services.grafana` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `granfa.service.port` in your rancher-monitoring or other grafana instance: +``` +http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} +``` +**Custom Tracing Installation with Kiali** + +To use a custom Tracing installation, set the `kiali.external_services.tracing` url and update the `.Values.tracing.contextPath` in the rancher-istio values.yaml. + +This url depends on the values for `namespaceOverride`, and `.Values.service.externalPort` in your rancher-tracing or other tracing instance.: +``` +http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} +``` + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/istio/v2.5/). diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/Chart.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/Chart.yaml new file mode 100755 index 000000000..9b6fdf385 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server +apiVersion: v2 +appVersion: v1.32.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: kiali +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.32.1 diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/NOTES.txt b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/NOTES.txt new file mode 100755 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/_helpers.tpl b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/_helpers.tpl new file mode 100755 index 000000000..dd33bbe48 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/_helpers.tpl @@ -0,0 +1,192 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Identifies the log_level with the old verbose_mode and the new log_level considered. +*/}} +{{- define "kiali-server.logLevel" -}} +{{- if .Values.deployment.verbose_mode -}} +{{- .Values.deployment.verbose_mode -}} +{{- else -}} +{{- .Values.deployment.logger.log_level -}} +{{- end -}} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: "kiali" +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- if .Values.external_services.custom_dashboards.enabled }} + {{- $includere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- $excludere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} + {{- else }} + {{- print "" }} + {{- end }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/cabundle.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/cabundle.yaml new file mode 100755 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/configmap.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/configmap.yaml new file mode 100755 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/envoy.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/envoy.yaml new file mode 100755 index 000000000..85b402017 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/envoy.yaml @@ -0,0 +1,56 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics + discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/go.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/go.yaml new file mode 100755 index 000000000..2d2f42a93 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/go.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/kiali.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/kiali.yaml new file mode 100755 index 000000000..b1f011b4f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/kiali.yaml @@ -0,0 +1,44 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100755 index 000000000..2e1ed5cff --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100755 index 000000000..d64596882 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,65 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100755 index 000000000..76e8d0a4a --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,68 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/microprofile-1.1.yaml new file mode 100755 index 000000000..1d4951196 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/microprofile-x.y.yaml new file mode 100755 index 000000000..57ddc60ef --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,38 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/nodejs.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/nodejs.yaml new file mode 100755 index 000000000..1ffe0aa10 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/nodejs.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/quarkus.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/quarkus.yaml new file mode 100755 index 000000000..cef5f3dce --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/quarkus.yaml @@ -0,0 +1,33 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml new file mode 100755 index 000000000..42d87d890 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/springboot-jvm.yaml new file mode 100755 index 000000000..ced3acdd9 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/springboot-tomcat.yaml new file mode 100755 index 000000000..c07016aa2 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/thorntail.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/thorntail.yaml new file mode 100755 index 000000000..6bd85e6f5 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/thorntail.yaml @@ -0,0 +1,22 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/tomcat.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/tomcat.yaml new file mode 100755 index 000000000..9a803342f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/tomcat.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-client.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-client.yaml new file mode 100755 index 000000000..2d591d6b0 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-client.yaml @@ -0,0 +1,60 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-eventbus.yaml new file mode 100755 index 000000000..65f9ee2ec --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-jvm.yaml new file mode 100755 index 000000000..2663186f3 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-pool.yaml new file mode 100755 index 000000000..f6af921b3 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,68 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-server.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-server.yaml new file mode 100755 index 000000000..de6b89df9 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-server.yaml @@ -0,0 +1,62 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/deployment.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/deployment.yaml new file mode 100755 index 000000000..100c57922 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/deployment.yaml @@ -0,0 +1,174 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + {{- if .Values.deployment.pod_labels }} + {{- toYaml .Values.deployment.pod_labels | nindent 8 }} + {{- end }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: "" + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LOG_LEVEL + value: "{{ include "kiali-server.logLevel" . }}" + - name: LOG_FORMAT + value: "{{ .Values.deployment.logger.log_format }}" + - name: LOG_TIME_FIELD_FORMAT + value: "{{ .Values.deployment.logger.time_field_format }}" + - name: LOG_SAMPLER_RATE + value: "{{ .Values.deployment.logger.sampler_rate }}" + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/hpa.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/hpa.yaml new file mode 100755 index 000000000..934c4c1e9 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/hpa.yaml @@ -0,0 +1,17 @@ +{{- if .Values.deployment.hpa.spec }} +--- +apiVersion: {{ .Values.deployment.hpa.api_version }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "kiali-server.fullname" . }} + {{- toYaml .Values.deployment.hpa.spec | nindent 2 }} +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/ingress.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/ingress.yaml new file mode 100755 index 000000000..e4c98db1b --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/ingress.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/oauth.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/oauth.yaml new file mode 100755 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/psp.yaml new file mode 100755 index 000000000..f891892cc --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/psp.yaml @@ -0,0 +1,67 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-psp +subjects: + - kind: ServiceAccount + name: kiali +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "kiali-server.fullname" . }}-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/role-controlplane.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/role-controlplane.yaml new file mode 100755 index 000000000..a22c76756 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/role-controlplane.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - secrets + verbs: + - list +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/role-viewer.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/role-viewer.yaml new file mode 100755 index 000000000..9fdd9fd1d --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/role-viewer.yaml @@ -0,0 +1,97 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/role.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/role.yaml new file mode 100755 index 000000000..8444bc753 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/role.yaml @@ -0,0 +1,108 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/rolebinding-controlplane.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/rolebinding-controlplane.yaml new file mode 100755 index 000000000..5a0015836 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/rolebinding-controlplane.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-controlplane +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/rolebinding.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/rolebinding.yaml new file mode 100755 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/route.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/route.yaml new file mode 100755 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/service.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/service.yaml new file mode 100755 index 000000000..9ccf4f388 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/service.yaml @@ -0,0 +1,47 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if and (not (empty .Values.server.web_fqdn)) (not (empty .Values.server.web_schema)) }} + {{- if empty .Values.server.web_port }} + kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}{{ default "" .Values.server.web_root }} + {{- else }} + kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}:{{ .Values.server.web_port }}{{(default "" .Values.server.web_root) }} + {{- end }} + {{- end }} + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/serviceaccount.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/serviceaccount.yaml new file mode 100755 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/validate-install-crd.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/validate-install-crd.yaml new file mode 100755 index 000000000..b42eeb266 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/web-root-configmap.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/web-root-configmap.yaml new file mode 100755 index 000000000..970d4e4f5 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/values.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/values.yaml new file mode 100755 index 000000000..aada4e09a --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/values.yaml @@ -0,0 +1,93 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + hpa: + api_version: "autoscaling/v2beta2" + spec: {} + repository: rancher/mirrored-kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.32.0 + ingress_enabled: true + logger: + log_format: "text" + log_level: "info" + time_field_format: "2006-01-02T15:04:05Z07:00" + sampler_rate: "1" + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + pod_labels: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + version_label: v1.32.0 + view_only_mode: false + +external_services: + custom_dashboards: + enabled: true + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: + rbac: + pspEnabled: false diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/.helmignore b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/Chart.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/Chart.yaml new file mode 100755 index 000000000..6e368616d --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/Chart.yaml @@ -0,0 +1,12 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: istio-system + catalog.rancher.io/release-name: rancher-tracing +apiVersion: v1 +appVersion: 1.20.0 +description: A quick start Jaeger Tracing installation using the all-in-one demo. + This is not production qualified. Refer to https://www.jaegertracing.io/ for details. +name: tracing +version: 1.20.1 diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/README.md b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/README.md new file mode 100755 index 000000000..25534c628 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/README.md @@ -0,0 +1,5 @@ +# Jaeger + +A Rancher chart based on the Jaeger all-in-one quick installation option. This chart will allow you to trace and monitor distributed microservices. + +> **Note:** The basic all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io) documentation to determine which installation you will need for your production needs. diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/_affinity.tpl b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/_affinity.tpl new file mode 100755 index 000000000..bf6a9aee5 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/_affinity.tpl @@ -0,0 +1,92 @@ +{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} +{{- define "nodeAffinity" }} + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityRequiredDuringScheduling" . }} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityPreferredDuringScheduling" . }} +{{- end }} + +{{- define "nodeAffinityRequiredDuringScheduling" }} + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - {{ $key | quote }} + {{- end }} + {{- end }} + {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} + {{- range $key, $val := $nodeSelector }} + - key: {{ $key }} + operator: In + values: + - {{ $val | quote }} + {{- end }} +{{- end }} + +{{- define "nodeAffinityPreferredDuringScheduling" }} + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - weight: {{ $val | int }} + preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - {{ $key | quote }} + {{- end }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinity" }} +{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} + podAntiAffinity: + {{- if .Values.podAntiAffinityLabelSelector }} + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityRequiredDuringScheduling" . }} + {{- end }} + {{- if or .Values.podAntiAffinityTermLabelSelector}} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityPreferredDuringScheduling" . }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "podAntiAffinityRequiredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} + - labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinityPreferredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + weight: 100 + {{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/_helpers.tpl b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/_helpers.tpl new file mode 100755 index 000000000..56cfa7335 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "tracing.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "tracing.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/deployment.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/deployment.yaml new file mode 100755 index 000000000..25bb67fd3 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/deployment.yaml @@ -0,0 +1,86 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + selector: + matchLabels: + app: {{ .Values.provider }} + template: + metadata: + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + annotations: + sidecar.istio.io/inject: "false" + prometheus.io/scrape: "true" + prometheus.io/port: "14269" +{{- if .Values.jaeger.podAnnotations }} +{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} +{{- end }} + spec: + containers: + - name: jaeger + image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + env: + {{- if eq .Values.jaeger.spanStorageType "badger" }} + - name: BADGER_EPHEMERAL + value: "false" + - name: SPAN_STORAGE_TYPE + value: "badger" + - name: BADGER_DIRECTORY_VALUE + value: "/badger/data" + - name: BADGER_DIRECTORY_KEY + value: "/badger/key" + {{- end }} + - name: COLLECTOR_ZIPKIN_HTTP_PORT + value: "9411" + - name: MEMORY_MAX_TRACES + value: "{{ .Values.jaeger.memory.max_traces }}" + - name: QUERY_BASE_PATH + value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} + livenessProbe: + httpGet: + path: / + port: 14269 + readinessProbe: + httpGet: + path: / + port: 14269 +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumeMounts: + - name: data + mountPath: /badger +{{- end }} + resources: +{{- if .Values.jaeger.resources }} +{{ toYaml .Values.jaeger.resources | indent 12 }} +{{- else }} +{{ toYaml .Values.global.defaultResources | indent 12 }} +{{- end }} + affinity: + {{- include "nodeAffinity" . | indent 6 }} + {{- include "podAntiAffinity" . | indent 6 }} + {{- if .Values.global.rbac.pspEnabled }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + serviceAccountName: {{ include "tracing.fullname" . }} + {{- end }} +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumes: + - name: data +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} + persistentVolumeClaim: + claimName: istio-jaeger-pvc +{{- else }} + emptyDir: {} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/psp.yaml new file mode 100755 index 000000000..44b230492 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/psp.yaml @@ -0,0 +1,86 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "tracing.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "tracing.fullname" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "tracing.fullname" . }} + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - emptyDir + - secret + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/pvc.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/pvc.yaml new file mode 100755 index 000000000..9b4c55e4f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/pvc.yaml @@ -0,0 +1,16 @@ +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: istio-jaeger-pvc + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} +spec: + storageClassName: {{ .Values.jaeger.storageClassName }} + accessModes: + - {{ .Values.jaeger.accessMode }} + resources: + requests: + storage: {{.Values.jaeger.persistentVolumeClaim.storage }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/service.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/service.yaml new file mode 100755 index 000000000..4210a9b5f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/service.yaml @@ -0,0 +1,63 @@ +apiVersion: v1 +kind: Service +metadata: + name: tracing + namespace: {{ .Release.Namespace }} + annotations: + {{- range $key, $val := .Values.service.annotations }} + {{ $key }}: {{ $val | quote }} + {{- end }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: {{ .Values.service.type }} + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.service.externalPort }} + protocol: TCP + targetPort: 16686 + selector: + app: {{ .Values.provider }} +--- +# Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin. +apiVersion: v1 +kind: Service +metadata: + name: zipkin + namespace: {{ .Release.Namespace }} + labels: + name: zipkin + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.zipkin.queryPort }} + targetPort: {{ .Values.zipkin.queryPort }} + selector: + app: {{ .Values.provider }} +--- +apiVersion: v1 +kind: Service +metadata: + name: jaeger-collector + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: ClusterIP + ports: + - name: jaeger-collector-http + port: 14268 + targetPort: 14268 + protocol: TCP + - name: jaeger-collector-grpc + port: 14250 + targetPort: 14250 + protocol: TCP + selector: + app: {{ .Values.provider }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/values.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/values.yaml new file mode 100755 index 000000000..18ff81c3c --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/values.yaml @@ -0,0 +1,44 @@ +provider: jaeger +contextPath: "" +nodeSelector: {} +podAntiAffinityLabelSelector: [] +podAntiAffinityTermLabelSelector: [] +nameOverride: "" +fullnameOverride: "" + +global: + cattle: + systemDefaultRegistry: "" + defaultResources: {} + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + arch: + amd64: 2 + s390x: 2 + ppc64le: 2 + defaultNodeSelector: {} + rbac: + pspEnabled: false + +jaeger: + repository: rancher/mirrored-jaegertracing-all-in-one + tag: 1.20.0 + # spanStorageType value can be "memory" and "badger" for all-in-one image + spanStorageType: badger + resources: + requests: + cpu: 10m + persistentVolumeClaim: + enabled: false + storage: 5Gi + storageClassName: "" + accessMode: ReadWriteMany + memory: + max_traces: 50000 +zipkin: + queryPort: 9411 +service: + annotations: {} + name: http-query + type: ClusterIP + externalPort: 16686 diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/configs/istio-base.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/configs/istio-base.yaml new file mode 100755 index 000000000..7ff972e2d --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/configs/istio-base.yaml @@ -0,0 +1,89 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + addonComponents: + istiocoredns: + enabled: {{ .Values.istiocoredns.enabled }} + components: + base: + enabled: {{ .Values.base.enabled }} + cni: + enabled: {{ .Values.cni.enabled }} + egressGateways: + - enabled: {{ .Values.egressGateways.enabled }} + name: istio-egressgateway + ingressGateways: + - enabled: {{ .Values.ingressGateways.enabled }} + name: istio-ingressgateway + k8s: + service: + ports: + - name: status-port + port: 15021 + targetPort: 15021 + - name: http2 + port: 80 + targetPort: 8080 + nodePort: 31380 + - name: https + port: 443 + targetPort: 8443 + nodePort: 31390 + - name: tcp + port: 31400 + targetPort: 31400 + nodePort: 31400 + - name: tls + port: 15443 + targetPort: 15443 + istiodRemote: + enabled: {{ .Values.istiodRemote.enabled }} + pilot: + enabled: {{ .Values.pilot.enabled }} + hub: {{ .Values.systemDefaultRegistry | default "docker.io" }} + profile: default + tag: {{ .Values.tag }} + revision: {{ .Values.revision }} + meshConfig: + defaultConfig: + proxyMetadata: + {{- if .Values.dns.enabled }} + ISTIO_META_DNS_CAPTURE: "true" + {{- end }} + values: + gateways: + istio-egressgateway: + name: istio-egressgateway + type: {{ .Values.egressGateways.type }} + istio-ingressgateway: + name: istio-ingressgateway + type: {{ .Values.ingressGateways.type }} + global: + istioNamespace: {{ template "istio.namespace" . }} + proxy: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }} + proxy_init: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }} + {{- if .Values.global.defaultPodDisruptionBudget.enabled }} + defaultPodDisruptionBudget: + enabled: {{ .Values.global.defaultPodDisruptionBudget.enabled }} + {{- end }} + istiocoredns: + coreDNSImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.image.repository }} + coreDNSPluginImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.pluginImage.repository }}:{{ .Values.istiocoredns.pluginImage.tag }} + coreDNSTag: {{ .Values.istiocoredns.image.tag }} + {{- if .Values.pilot.enabled }} + pilot: + image: {{ template "system_default_registry" . }}{{ .Values.pilot.repository }}:{{ .Values.pilot.tag }} + {{- end }} + telemetry: + enabled: {{ .Values.telemetry.enabled }} + v2: + enabled: {{ .Values.telemetry.v2.enabled }} + {{- if .Values.cni.enabled }} + cni: + image: {{ template "system_default_registry" . }}{{ .Values.cni.repository }}:{{ .Values.cni.tag }} + excludeNamespaces: + {{- toYaml .Values.cni.excludeNamespaces | nindent 8 }} + logLevel: {{ .Values.cni.logLevel }} + {{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/requirements.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/requirements.yaml new file mode 100755 index 000000000..b60745780 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/requirements.yaml @@ -0,0 +1,17 @@ +dependencies: +- name: kiali + version: "" + repository: file://./charts/kiali + condition: kiali.enabled + tags: [] + enabled: false + importvalues: [] + alias: "" +- name: tracing + version: "" + repository: file://./charts/tracing + condition: tracing.enabled + tags: [] + enabled: false + importvalues: [] + alias: "" diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/samples/overlay-example.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/samples/overlay-example.yaml new file mode 100755 index 000000000..5cf3cf3b0 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/samples/overlay-example.yaml @@ -0,0 +1,37 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + components: + ingressGateways: + - enabled: true + name: ilb-gateway + namespace: user-ingressgateway-ns + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal + - enabled: true + name: other-gateway + namespace: cattle-istio-system + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/_helpers.tpl b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/_helpers.tpl new file mode 100755 index 000000000..3f7af953a --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/_helpers.tpl @@ -0,0 +1,12 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "istio.namespace" -}} + {{- .Release.Namespace | default "istio-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/admin-role.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/admin-role.yaml new file mode 100755 index 000000000..ad1313c4f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/admin-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: istio-admin + namespace: {{ template "istio.namespace" . }} +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/base-config-map.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/base-config-map.yaml new file mode 100755 index 000000000..5323917bc --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/base-config-map.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-base + namespace: {{ template "istio.namespace" . }} +data: +{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/clusterrole.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/clusterrole.yaml new file mode 100755 index 000000000..a93b3df95 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/clusterrole.yaml @@ -0,0 +1,120 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-installer +rules: +# istio groups +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - install.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - rbac.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - security.istio.io + resources: + - '*' + verbs: + - '*' +# k8s groups +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions.apiextensions.k8s.io + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - apps + - extensions + resources: + - daemonsets + - deployments + - deployments/finalizers + - ingresses + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - pods + - pods/exec + - persistentvolumeclaims + - secrets + - services + - serviceaccounts + verbs: + - '*' +- apiGroups: + - policy + resourceNames: + - istio-installer + resources: + - podsecuritypolicies + verbs: + - use diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/clusterrolebinding.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..9d74a0434 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: istio-installer +subjects: +- kind: ServiceAccount + name: istio-installer + namespace: {{ template "istio.namespace" . }} +roleRef: + kind: ClusterRole + name: istio-installer + apiGroup: rbac.authorization.k8s.io diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/edit-role.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/edit-role.yaml new file mode 100755 index 000000000..d1059d58d --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/edit-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-edit +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-cni-psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-cni-psp.yaml new file mode 100755 index 000000000..5b94c8503 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-cni-psp.yaml @@ -0,0 +1,51 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +spec: + allowPrivilegeEscalation: true + fsGroup: + rule: RunAsAny + hostNetwork: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - secret + - configMap + - emptyDir + - hostPath +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: psp-istio-cni +subjects: + - kind: ServiceAccount + name: istio-cni +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +rules: +- apiGroups: + - policy + resourceNames: + - psp-istio-cni + resources: + - podsecuritypolicies + verbs: + - use +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-install-job.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-install-job.yaml new file mode 100755 index 000000000..9a13f5698 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-install-job.yaml @@ -0,0 +1,50 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-installer + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + backoffLimit: 1 + template: + spec: + containers: + - name: istioctl-installer + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + - name: FORCE_INSTALL + value: {{ .Values.forceInstall | default "false" | quote }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/run.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{- end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{- end }} + serviceAccountName: istio-installer + {{- if .Values.global.rbac.pspEnabled }} + securityContext: + runAsUser: 101 + runAsGroup: 101 + {{- end }} + restartPolicy: Never diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-install-psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-install-psp.yaml new file mode 100755 index 000000000..f0b5ee565 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-install-psp.yaml @@ -0,0 +1,30 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-psp.yaml new file mode 100755 index 000000000..b3758b74f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-psp.yaml @@ -0,0 +1,81 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: istio-psp +subjects: + - kind: ServiceAccount + name: istio-egressgateway-service-account + - kind: ServiceAccount + name: istio-ingressgateway-service-account + - kind: ServiceAccount + name: istio-mixer-service-account + - kind: ServiceAccount + name: istio-operator-authproxy + - kind: ServiceAccount + name: istiod-service-account + - kind: ServiceAccount + name: istio-sidecar-injector-service-account + - kind: ServiceAccount + name: istiocoredns-service-account + - kind: ServiceAccount + name: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +rules: +- apiGroups: + - policy + resourceNames: + - istio-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-uninstall-job.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-uninstall-job.yaml new file mode 100755 index 000000000..a7f156325 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-uninstall-job.yaml @@ -0,0 +1,45 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-uninstaller + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + spec: + containers: + - name: istioctl-uninstaller + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/uninstall_istio_system.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{ end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{ end }} + serviceAccountName: istio-installer + securityContext: + runAsUser: 101 + runAsGroup: 101 + restartPolicy: OnFailure diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/overlay-config-map.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/overlay-config-map.yaml new file mode 100755 index 000000000..287d26b2c --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/overlay-config-map.yaml @@ -0,0 +1,9 @@ +{{- if .Values.overlayFile }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-overlay + namespace: {{ template "istio.namespace" . }} +data: + overlay-config.yaml: {{ toYaml .Values.overlayFile | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/service-monitors.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/service-monitors.yaml new file mode 100755 index 000000000..c3d60c4fc --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/service-monitors.yaml @@ -0,0 +1,51 @@ +{{- if .Values.kiali.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: envoy-stats-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-proxies +spec: + selector: + matchExpressions: + - {key: istio-prometheus-ignore, operator: DoesNotExist} + namespaceSelector: + any: true + jobLabel: envoy-stats + endpoints: + - path: /stats/prometheus + targetPort: 15090 + interval: 15s + relabelings: + - sourceLabels: [__meta_kubernetes_pod_container_port_name] + action: keep + regex: '.*-envoy-prom' + - action: labeldrop + regex: "__meta_kubernetes_pod_label_(.+)" + - sourceLabels: [__meta_kubernetes_namespace] + action: replace + targetLabel: namespace + - sourceLabels: [__meta_kubernetes_pod_name] + action: replace + targetLabel: pod_name +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: istio-component-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-components +spec: + jobLabel: istio + targetLabels: [app] + selector: + matchExpressions: + - {key: istio, operator: In, values: [pilot]} + namespaceSelector: + any: true + endpoints: + - port: http-monitoring + interval: 15s +{{- end -}} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/serviceaccount.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/serviceaccount.yaml new file mode 100755 index 000000000..82b6cbb7e --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/view-role.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/view-role.yaml new file mode 100755 index 000000000..5947d3eba --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/view-role.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-view +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: ["get", "watch", "list"] + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: ["get", "watch", "list"] diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/values.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/values.yaml new file mode 100755 index 000000000..90f3d026f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/values.yaml @@ -0,0 +1,95 @@ +overlayFile: "" +tag: 1.8.5 +##Setting forceInstall: true will remove the check for istio version < 1.6.x and will not analyze your install cluster prior to install +forceInstall: false + +installer: + repository: rancher/istio-installer + tag: 1.8.5-rancher1 + +##Deprecated as of 1.8, native support provided by enabling `dns.enabled=true` +istiocoredns: + enabled: false + image: + repository: rancher/mirrored-coredns-coredns + tag: 1.6.2 + pluginImage: + repository: rancher/mirrored-istio-coredns-plugin + tag: 0.2-istio-1.1 + +##Native support for dns added in 1.8 +dns: + enabled: false + +base: + enabled: true + +cni: + enabled: false + repository: rancher/mirrored-istio-install-cni + tag: 1.8.5 + logLevel: info + excludeNamespaces: + - istio-system + - kube-system + +egressGateways: + enabled: false + type: NodePort + +ingressGateways: + enabled: true + type: NodePort + +istiodRemote: + enabled: false + +pilot: + enabled: true + repository: rancher/mirrored-istio-pilot + tag: 1.8.5 + +telemetry: + enabled: true + v2: + enabled: true + +global: + cattle: + systemDefaultRegistry: "" + proxy: + repository: rancher/mirrored-istio-proxyv2 + tag: 1.8.5 + proxy_init: + repository: rancher/mirrored-istio-proxyv2 + tag: 1.8.5 + defaultPodDisruptionBudget: + enabled: true + rbac: + pspEnabled: false + +# Kiali subchart from rancher-kiali-server +kiali: + enabled: true + auth: + strategy: anonymous + deployment: + ingress_enabled: false + repository: rancher/mirrored-kiali-kiali + tag: v1.32.0 + external_services: + prometheus: + custom_metrics_url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + tracing: + in_cluster_url: "http://tracing.istio-system.svc:16686/jaeger" + grafana: + in_cluster_url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" + url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" + +tracing: + enabled: false + contextPath: "/jaeger" + jaeger: + repository: rancher/mirrored-jaegertracing-all-in-one + tag: 1.20.0 diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/Chart.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/Chart.yaml new file mode 100755 index 000000000..87fc3eb52 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/Chart.yaml @@ -0,0 +1,21 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.32.100 + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Istio + catalog.cattle.io/namespace: istio-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 + catalog.cattle.io/release-name: rancher-istio + catalog.cattle.io/requests-cpu: 710m + catalog.cattle.io/requests-memory: 2314Mi + catalog.cattle.io/ui-component: istio +apiVersion: v1 +appVersion: 1.9.2 +description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ + for details. +icon: https://charts.rancher.io/assets/logos/istio.svg +keywords: +- networking +- infrastructure +name: rancher-istio +version: 1.9.200 diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/README.md b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/README.md new file mode 100755 index 000000000..199e45312 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/README.md @@ -0,0 +1,69 @@ +# Rancher Istio Installers + +A Rancher created chart that packages the istioctl binary to install via a helm chart. + +# Installation Requirements + +## Chart Dependencies +- rancher-kiali-server-crd chart + +# Uninstallation Requirements +To ensure rancher-istio uninstalls correctly, you must uninstall rancher-istio prior to uninstalling chart dependencies (see installation requirements for chart dependencies). This is because all definitions need to be available in order to properly build the rancher-istio objects for removal. + +If you remove dependent CRD charts prior to removing rancher-istio, you may encounter the following error:: + +`Error: uninstallation completed with 1 error(s): unable to build kubernetes objects for delete: unable to recognize "": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"` + +# Addons + +## Kiali + +Kiali allows you to view and manage your istio-based service mesh through an easy to use dashboard. + +#### Dependencies +- rancher-monitoring chart or other Prometheus installation + +This dependecy installs the required CRDs for installing Kiali. Since Kiali is bundled in with Istio in this chart, if you do not have these dependencies installed, your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` when installing Istio for a succesful installation. + +> **Note:** The following configuration options assume you have installed the dependecies for Kiali. Please ensure you have Promtheus in your cluster before proceeding. + +The Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +#### External Services + +##### Prometheus +The `kiali.external_services.prometheus` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` being set in your rancher-monitoring or other monitoring instance. + +##### Grafana +The `kiali.external_services.grafana` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `grafana.service.port` being set in your rancher-monitoring or other monitoring instance. + +##### Tracing +The `kiali.external_services.tracing` url and `.Values.tracing.contextPath` is set in the rancher-istio values.yaml: +``` +http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} +``` +The url depends on the default values for `namespaceOverride`, and `.Values.service.externalPort` being set in your rancher-tracing or other tracing instance. + +## Jaeger + +Jaeger allows you to trace and monitor distributed microservices. + +> **Note:** This addon is using the all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io/docs/1.21/getting-started/) documentation to determine which installation you will need for your production needs. + +# Installation +``` +helm install rancher-istio . --create-namespace -n istio-system +``` \ No newline at end of file diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/app-readme.md b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/app-readme.md new file mode 100755 index 000000000..0e42df083 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/app-readme.md @@ -0,0 +1,45 @@ +# Rancher Istio + +Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. It also includes: +* **[Kiali](https://kiali.io/)**: Used for graphing traffic flow throughout the mesh +* **[Jaeger](https://www.jaegertracing.io/)**: A quick start, all-in-one installation used for tracing distributed systemm. This is not production qualified, please refer to jaeger documentation to determine which installation you may need instead. + +### Dependencies + +**Rancher Monitoring or other Prometheus installation** + +The Prometheus CRDs are required for installing Kiali which is enabled by default. If you do not have Prometheus installed your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` to bypass this requirement. + +### Customization + +**Rancher Monitoring** + +The Rancher Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +**Custom Prometheus Installation with Kiali** + +To use a custom Monitoring installation, set the `kiali.external_services.prometheus` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` in your rancher-monitoring or other monitoring instance: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +**Custom Grafana Installation with Kiali** + +To use a custom Grafana installation, set the `kiali.external_services.grafana` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `granfa.service.port` in your rancher-monitoring or other grafana instance: +``` +http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} +``` +**Custom Tracing Installation with Kiali** + +To use a custom Tracing installation, set the `kiali.external_services.tracing` url and update the `.Values.tracing.contextPath` in the rancher-istio values.yaml. + +This url depends on the values for `namespaceOverride`, and `.Values.service.externalPort` in your rancher-tracing or other tracing instance.: +``` +http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} +``` + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/istio/v2.5/). diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/Chart.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/Chart.yaml new file mode 100755 index 000000000..9b6fdf385 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server +apiVersion: v2 +appVersion: v1.32.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: kiali +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.32.1 diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/NOTES.txt b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/NOTES.txt new file mode 100755 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/_helpers.tpl b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/_helpers.tpl new file mode 100755 index 000000000..dd33bbe48 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/_helpers.tpl @@ -0,0 +1,192 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Identifies the log_level with the old verbose_mode and the new log_level considered. +*/}} +{{- define "kiali-server.logLevel" -}} +{{- if .Values.deployment.verbose_mode -}} +{{- .Values.deployment.verbose_mode -}} +{{- else -}} +{{- .Values.deployment.logger.log_level -}} +{{- end -}} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: "kiali" +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- if .Values.external_services.custom_dashboards.enabled }} + {{- $includere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- $excludere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} + {{- else }} + {{- print "" }} + {{- end }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/cabundle.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/cabundle.yaml new file mode 100755 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/configmap.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/configmap.yaml new file mode 100755 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/envoy.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/envoy.yaml new file mode 100755 index 000000000..85b402017 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/envoy.yaml @@ -0,0 +1,56 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics + discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/go.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/go.yaml new file mode 100755 index 000000000..2d2f42a93 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/go.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/kiali.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/kiali.yaml new file mode 100755 index 000000000..b1f011b4f --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/kiali.yaml @@ -0,0 +1,44 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100755 index 000000000..2e1ed5cff --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100755 index 000000000..d64596882 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,65 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100755 index 000000000..76e8d0a4a --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,68 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/microprofile-1.1.yaml new file mode 100755 index 000000000..1d4951196 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/microprofile-x.y.yaml new file mode 100755 index 000000000..57ddc60ef --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,38 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/nodejs.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/nodejs.yaml new file mode 100755 index 000000000..1ffe0aa10 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/nodejs.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/quarkus.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/quarkus.yaml new file mode 100755 index 000000000..cef5f3dce --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/quarkus.yaml @@ -0,0 +1,33 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml new file mode 100755 index 000000000..42d87d890 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/springboot-jvm.yaml new file mode 100755 index 000000000..ced3acdd9 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/springboot-tomcat.yaml new file mode 100755 index 000000000..c07016aa2 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/thorntail.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/thorntail.yaml new file mode 100755 index 000000000..6bd85e6f5 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/thorntail.yaml @@ -0,0 +1,22 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/tomcat.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/tomcat.yaml new file mode 100755 index 000000000..9a803342f --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/tomcat.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-client.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-client.yaml new file mode 100755 index 000000000..2d591d6b0 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-client.yaml @@ -0,0 +1,60 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-eventbus.yaml new file mode 100755 index 000000000..65f9ee2ec --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-jvm.yaml new file mode 100755 index 000000000..2663186f3 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-pool.yaml new file mode 100755 index 000000000..f6af921b3 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,68 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-server.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-server.yaml new file mode 100755 index 000000000..de6b89df9 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-server.yaml @@ -0,0 +1,62 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/deployment.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/deployment.yaml new file mode 100755 index 000000000..100c57922 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/deployment.yaml @@ -0,0 +1,174 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + {{- if .Values.deployment.pod_labels }} + {{- toYaml .Values.deployment.pod_labels | nindent 8 }} + {{- end }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: "" + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LOG_LEVEL + value: "{{ include "kiali-server.logLevel" . }}" + - name: LOG_FORMAT + value: "{{ .Values.deployment.logger.log_format }}" + - name: LOG_TIME_FIELD_FORMAT + value: "{{ .Values.deployment.logger.time_field_format }}" + - name: LOG_SAMPLER_RATE + value: "{{ .Values.deployment.logger.sampler_rate }}" + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/hpa.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/hpa.yaml new file mode 100755 index 000000000..934c4c1e9 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/hpa.yaml @@ -0,0 +1,17 @@ +{{- if .Values.deployment.hpa.spec }} +--- +apiVersion: {{ .Values.deployment.hpa.api_version }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "kiali-server.fullname" . }} + {{- toYaml .Values.deployment.hpa.spec | nindent 2 }} +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/ingress.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/ingress.yaml new file mode 100755 index 000000000..e4c98db1b --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/ingress.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/oauth.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/oauth.yaml new file mode 100755 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/psp.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/psp.yaml new file mode 100755 index 000000000..f891892cc --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/psp.yaml @@ -0,0 +1,67 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-psp +subjects: + - kind: ServiceAccount + name: kiali +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "kiali-server.fullname" . }}-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/role-controlplane.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/role-controlplane.yaml new file mode 100755 index 000000000..a22c76756 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/role-controlplane.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - secrets + verbs: + - list +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/role-viewer.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/role-viewer.yaml new file mode 100755 index 000000000..9fdd9fd1d --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/role-viewer.yaml @@ -0,0 +1,97 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/role.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/role.yaml new file mode 100755 index 000000000..8444bc753 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/role.yaml @@ -0,0 +1,108 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/rolebinding-controlplane.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/rolebinding-controlplane.yaml new file mode 100755 index 000000000..5a0015836 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/rolebinding-controlplane.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-controlplane +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/rolebinding.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/rolebinding.yaml new file mode 100755 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/route.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/route.yaml new file mode 100755 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/service.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/service.yaml new file mode 100755 index 000000000..9ccf4f388 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/service.yaml @@ -0,0 +1,47 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if and (not (empty .Values.server.web_fqdn)) (not (empty .Values.server.web_schema)) }} + {{- if empty .Values.server.web_port }} + kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}{{ default "" .Values.server.web_root }} + {{- else }} + kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}:{{ .Values.server.web_port }}{{(default "" .Values.server.web_root) }} + {{- end }} + {{- end }} + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/serviceaccount.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/serviceaccount.yaml new file mode 100755 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/validate-install-crd.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/validate-install-crd.yaml new file mode 100755 index 000000000..b42eeb266 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/web-root-configmap.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/web-root-configmap.yaml new file mode 100755 index 000000000..970d4e4f5 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/values.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/values.yaml new file mode 100755 index 000000000..aada4e09a --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/values.yaml @@ -0,0 +1,93 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + hpa: + api_version: "autoscaling/v2beta2" + spec: {} + repository: rancher/mirrored-kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.32.0 + ingress_enabled: true + logger: + log_format: "text" + log_level: "info" + time_field_format: "2006-01-02T15:04:05Z07:00" + sampler_rate: "1" + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + pod_labels: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + version_label: v1.32.0 + view_only_mode: false + +external_services: + custom_dashboards: + enabled: true + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: + rbac: + pspEnabled: false diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/.helmignore b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/Chart.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/Chart.yaml new file mode 100755 index 000000000..6e368616d --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/Chart.yaml @@ -0,0 +1,12 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: istio-system + catalog.rancher.io/release-name: rancher-tracing +apiVersion: v1 +appVersion: 1.20.0 +description: A quick start Jaeger Tracing installation using the all-in-one demo. + This is not production qualified. Refer to https://www.jaegertracing.io/ for details. +name: tracing +version: 1.20.1 diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/README.md b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/README.md new file mode 100755 index 000000000..25534c628 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/README.md @@ -0,0 +1,5 @@ +# Jaeger + +A Rancher chart based on the Jaeger all-in-one quick installation option. This chart will allow you to trace and monitor distributed microservices. + +> **Note:** The basic all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io) documentation to determine which installation you will need for your production needs. diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/_affinity.tpl b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/_affinity.tpl new file mode 100755 index 000000000..bf6a9aee5 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/_affinity.tpl @@ -0,0 +1,92 @@ +{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} +{{- define "nodeAffinity" }} + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityRequiredDuringScheduling" . }} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityPreferredDuringScheduling" . }} +{{- end }} + +{{- define "nodeAffinityRequiredDuringScheduling" }} + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - {{ $key | quote }} + {{- end }} + {{- end }} + {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} + {{- range $key, $val := $nodeSelector }} + - key: {{ $key }} + operator: In + values: + - {{ $val | quote }} + {{- end }} +{{- end }} + +{{- define "nodeAffinityPreferredDuringScheduling" }} + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - weight: {{ $val | int }} + preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - {{ $key | quote }} + {{- end }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinity" }} +{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} + podAntiAffinity: + {{- if .Values.podAntiAffinityLabelSelector }} + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityRequiredDuringScheduling" . }} + {{- end }} + {{- if or .Values.podAntiAffinityTermLabelSelector}} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityPreferredDuringScheduling" . }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "podAntiAffinityRequiredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} + - labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinityPreferredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + weight: 100 + {{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/_helpers.tpl b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/_helpers.tpl new file mode 100755 index 000000000..56cfa7335 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "tracing.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "tracing.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/deployment.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/deployment.yaml new file mode 100755 index 000000000..25bb67fd3 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/deployment.yaml @@ -0,0 +1,86 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + selector: + matchLabels: + app: {{ .Values.provider }} + template: + metadata: + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + annotations: + sidecar.istio.io/inject: "false" + prometheus.io/scrape: "true" + prometheus.io/port: "14269" +{{- if .Values.jaeger.podAnnotations }} +{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} +{{- end }} + spec: + containers: + - name: jaeger + image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + env: + {{- if eq .Values.jaeger.spanStorageType "badger" }} + - name: BADGER_EPHEMERAL + value: "false" + - name: SPAN_STORAGE_TYPE + value: "badger" + - name: BADGER_DIRECTORY_VALUE + value: "/badger/data" + - name: BADGER_DIRECTORY_KEY + value: "/badger/key" + {{- end }} + - name: COLLECTOR_ZIPKIN_HTTP_PORT + value: "9411" + - name: MEMORY_MAX_TRACES + value: "{{ .Values.jaeger.memory.max_traces }}" + - name: QUERY_BASE_PATH + value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} + livenessProbe: + httpGet: + path: / + port: 14269 + readinessProbe: + httpGet: + path: / + port: 14269 +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumeMounts: + - name: data + mountPath: /badger +{{- end }} + resources: +{{- if .Values.jaeger.resources }} +{{ toYaml .Values.jaeger.resources | indent 12 }} +{{- else }} +{{ toYaml .Values.global.defaultResources | indent 12 }} +{{- end }} + affinity: + {{- include "nodeAffinity" . | indent 6 }} + {{- include "podAntiAffinity" . | indent 6 }} + {{- if .Values.global.rbac.pspEnabled }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + serviceAccountName: {{ include "tracing.fullname" . }} + {{- end }} +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumes: + - name: data +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} + persistentVolumeClaim: + claimName: istio-jaeger-pvc +{{- else }} + emptyDir: {} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/psp.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/psp.yaml new file mode 100755 index 000000000..44b230492 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/psp.yaml @@ -0,0 +1,86 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "tracing.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "tracing.fullname" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "tracing.fullname" . }} + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - emptyDir + - secret + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/pvc.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/pvc.yaml new file mode 100755 index 000000000..9b4c55e4f --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/pvc.yaml @@ -0,0 +1,16 @@ +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: istio-jaeger-pvc + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} +spec: + storageClassName: {{ .Values.jaeger.storageClassName }} + accessModes: + - {{ .Values.jaeger.accessMode }} + resources: + requests: + storage: {{.Values.jaeger.persistentVolumeClaim.storage }} +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/service.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/service.yaml new file mode 100755 index 000000000..4210a9b5f --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/service.yaml @@ -0,0 +1,63 @@ +apiVersion: v1 +kind: Service +metadata: + name: tracing + namespace: {{ .Release.Namespace }} + annotations: + {{- range $key, $val := .Values.service.annotations }} + {{ $key }}: {{ $val | quote }} + {{- end }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: {{ .Values.service.type }} + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.service.externalPort }} + protocol: TCP + targetPort: 16686 + selector: + app: {{ .Values.provider }} +--- +# Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin. +apiVersion: v1 +kind: Service +metadata: + name: zipkin + namespace: {{ .Release.Namespace }} + labels: + name: zipkin + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.zipkin.queryPort }} + targetPort: {{ .Values.zipkin.queryPort }} + selector: + app: {{ .Values.provider }} +--- +apiVersion: v1 +kind: Service +metadata: + name: jaeger-collector + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: ClusterIP + ports: + - name: jaeger-collector-http + port: 14268 + targetPort: 14268 + protocol: TCP + - name: jaeger-collector-grpc + port: 14250 + targetPort: 14250 + protocol: TCP + selector: + app: {{ .Values.provider }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/values.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/values.yaml new file mode 100755 index 000000000..18ff81c3c --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/values.yaml @@ -0,0 +1,44 @@ +provider: jaeger +contextPath: "" +nodeSelector: {} +podAntiAffinityLabelSelector: [] +podAntiAffinityTermLabelSelector: [] +nameOverride: "" +fullnameOverride: "" + +global: + cattle: + systemDefaultRegistry: "" + defaultResources: {} + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + arch: + amd64: 2 + s390x: 2 + ppc64le: 2 + defaultNodeSelector: {} + rbac: + pspEnabled: false + +jaeger: + repository: rancher/mirrored-jaegertracing-all-in-one + tag: 1.20.0 + # spanStorageType value can be "memory" and "badger" for all-in-one image + spanStorageType: badger + resources: + requests: + cpu: 10m + persistentVolumeClaim: + enabled: false + storage: 5Gi + storageClassName: "" + accessMode: ReadWriteMany + memory: + max_traces: 50000 +zipkin: + queryPort: 9411 +service: + annotations: {} + name: http-query + type: ClusterIP + externalPort: 16686 diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/configs/istio-base.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/configs/istio-base.yaml new file mode 100755 index 000000000..7ff972e2d --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/configs/istio-base.yaml @@ -0,0 +1,89 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + addonComponents: + istiocoredns: + enabled: {{ .Values.istiocoredns.enabled }} + components: + base: + enabled: {{ .Values.base.enabled }} + cni: + enabled: {{ .Values.cni.enabled }} + egressGateways: + - enabled: {{ .Values.egressGateways.enabled }} + name: istio-egressgateway + ingressGateways: + - enabled: {{ .Values.ingressGateways.enabled }} + name: istio-ingressgateway + k8s: + service: + ports: + - name: status-port + port: 15021 + targetPort: 15021 + - name: http2 + port: 80 + targetPort: 8080 + nodePort: 31380 + - name: https + port: 443 + targetPort: 8443 + nodePort: 31390 + - name: tcp + port: 31400 + targetPort: 31400 + nodePort: 31400 + - name: tls + port: 15443 + targetPort: 15443 + istiodRemote: + enabled: {{ .Values.istiodRemote.enabled }} + pilot: + enabled: {{ .Values.pilot.enabled }} + hub: {{ .Values.systemDefaultRegistry | default "docker.io" }} + profile: default + tag: {{ .Values.tag }} + revision: {{ .Values.revision }} + meshConfig: + defaultConfig: + proxyMetadata: + {{- if .Values.dns.enabled }} + ISTIO_META_DNS_CAPTURE: "true" + {{- end }} + values: + gateways: + istio-egressgateway: + name: istio-egressgateway + type: {{ .Values.egressGateways.type }} + istio-ingressgateway: + name: istio-ingressgateway + type: {{ .Values.ingressGateways.type }} + global: + istioNamespace: {{ template "istio.namespace" . }} + proxy: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }} + proxy_init: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }} + {{- if .Values.global.defaultPodDisruptionBudget.enabled }} + defaultPodDisruptionBudget: + enabled: {{ .Values.global.defaultPodDisruptionBudget.enabled }} + {{- end }} + istiocoredns: + coreDNSImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.image.repository }} + coreDNSPluginImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.pluginImage.repository }}:{{ .Values.istiocoredns.pluginImage.tag }} + coreDNSTag: {{ .Values.istiocoredns.image.tag }} + {{- if .Values.pilot.enabled }} + pilot: + image: {{ template "system_default_registry" . }}{{ .Values.pilot.repository }}:{{ .Values.pilot.tag }} + {{- end }} + telemetry: + enabled: {{ .Values.telemetry.enabled }} + v2: + enabled: {{ .Values.telemetry.v2.enabled }} + {{- if .Values.cni.enabled }} + cni: + image: {{ template "system_default_registry" . }}{{ .Values.cni.repository }}:{{ .Values.cni.tag }} + excludeNamespaces: + {{- toYaml .Values.cni.excludeNamespaces | nindent 8 }} + logLevel: {{ .Values.cni.logLevel }} + {{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/requirements.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/requirements.yaml new file mode 100755 index 000000000..b60745780 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/requirements.yaml @@ -0,0 +1,17 @@ +dependencies: +- name: kiali + version: "" + repository: file://./charts/kiali + condition: kiali.enabled + tags: [] + enabled: false + importvalues: [] + alias: "" +- name: tracing + version: "" + repository: file://./charts/tracing + condition: tracing.enabled + tags: [] + enabled: false + importvalues: [] + alias: "" diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/samples/overlay-example.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/samples/overlay-example.yaml new file mode 100755 index 000000000..5cf3cf3b0 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/samples/overlay-example.yaml @@ -0,0 +1,37 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + components: + ingressGateways: + - enabled: true + name: ilb-gateway + namespace: user-ingressgateway-ns + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal + - enabled: true + name: other-gateway + namespace: cattle-istio-system + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/_helpers.tpl b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/_helpers.tpl new file mode 100755 index 000000000..3f7af953a --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/_helpers.tpl @@ -0,0 +1,12 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "istio.namespace" -}} + {{- .Release.Namespace | default "istio-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/admin-role.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/admin-role.yaml new file mode 100755 index 000000000..ad1313c4f --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/admin-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: istio-admin + namespace: {{ template "istio.namespace" . }} +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/base-config-map.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/base-config-map.yaml new file mode 100755 index 000000000..5323917bc --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/base-config-map.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-base + namespace: {{ template "istio.namespace" . }} +data: +{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/clusterrole.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/clusterrole.yaml new file mode 100755 index 000000000..a93b3df95 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/clusterrole.yaml @@ -0,0 +1,120 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-installer +rules: +# istio groups +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - install.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - rbac.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - security.istio.io + resources: + - '*' + verbs: + - '*' +# k8s groups +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions.apiextensions.k8s.io + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - apps + - extensions + resources: + - daemonsets + - deployments + - deployments/finalizers + - ingresses + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - pods + - pods/exec + - persistentvolumeclaims + - secrets + - services + - serviceaccounts + verbs: + - '*' +- apiGroups: + - policy + resourceNames: + - istio-installer + resources: + - podsecuritypolicies + verbs: + - use diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/clusterrolebinding.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..9d74a0434 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: istio-installer +subjects: +- kind: ServiceAccount + name: istio-installer + namespace: {{ template "istio.namespace" . }} +roleRef: + kind: ClusterRole + name: istio-installer + apiGroup: rbac.authorization.k8s.io diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/edit-role.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/edit-role.yaml new file mode 100755 index 000000000..d1059d58d --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/edit-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-edit +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-cni-psp.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-cni-psp.yaml new file mode 100755 index 000000000..5b94c8503 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-cni-psp.yaml @@ -0,0 +1,51 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +spec: + allowPrivilegeEscalation: true + fsGroup: + rule: RunAsAny + hostNetwork: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - secret + - configMap + - emptyDir + - hostPath +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: psp-istio-cni +subjects: + - kind: ServiceAccount + name: istio-cni +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +rules: +- apiGroups: + - policy + resourceNames: + - psp-istio-cni + resources: + - podsecuritypolicies + verbs: + - use +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-install-job.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-install-job.yaml new file mode 100755 index 000000000..9a13f5698 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-install-job.yaml @@ -0,0 +1,50 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-installer + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + backoffLimit: 1 + template: + spec: + containers: + - name: istioctl-installer + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + - name: FORCE_INSTALL + value: {{ .Values.forceInstall | default "false" | quote }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/run.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{- end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{- end }} + serviceAccountName: istio-installer + {{- if .Values.global.rbac.pspEnabled }} + securityContext: + runAsUser: 101 + runAsGroup: 101 + {{- end }} + restartPolicy: Never diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-install-psp.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-install-psp.yaml new file mode 100755 index 000000000..f0b5ee565 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-install-psp.yaml @@ -0,0 +1,30 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-psp.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-psp.yaml new file mode 100755 index 000000000..b3758b74f --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-psp.yaml @@ -0,0 +1,81 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: istio-psp +subjects: + - kind: ServiceAccount + name: istio-egressgateway-service-account + - kind: ServiceAccount + name: istio-ingressgateway-service-account + - kind: ServiceAccount + name: istio-mixer-service-account + - kind: ServiceAccount + name: istio-operator-authproxy + - kind: ServiceAccount + name: istiod-service-account + - kind: ServiceAccount + name: istio-sidecar-injector-service-account + - kind: ServiceAccount + name: istiocoredns-service-account + - kind: ServiceAccount + name: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +rules: +- apiGroups: + - policy + resourceNames: + - istio-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-uninstall-job.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-uninstall-job.yaml new file mode 100755 index 000000000..a7f156325 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-uninstall-job.yaml @@ -0,0 +1,45 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-uninstaller + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + spec: + containers: + - name: istioctl-uninstaller + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/uninstall_istio_system.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{ end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{ end }} + serviceAccountName: istio-installer + securityContext: + runAsUser: 101 + runAsGroup: 101 + restartPolicy: OnFailure diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/overlay-config-map.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/overlay-config-map.yaml new file mode 100755 index 000000000..287d26b2c --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/overlay-config-map.yaml @@ -0,0 +1,9 @@ +{{- if .Values.overlayFile }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-overlay + namespace: {{ template "istio.namespace" . }} +data: + overlay-config.yaml: {{ toYaml .Values.overlayFile | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/service-monitors.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/service-monitors.yaml new file mode 100755 index 000000000..c3d60c4fc --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/service-monitors.yaml @@ -0,0 +1,51 @@ +{{- if .Values.kiali.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: envoy-stats-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-proxies +spec: + selector: + matchExpressions: + - {key: istio-prometheus-ignore, operator: DoesNotExist} + namespaceSelector: + any: true + jobLabel: envoy-stats + endpoints: + - path: /stats/prometheus + targetPort: 15090 + interval: 15s + relabelings: + - sourceLabels: [__meta_kubernetes_pod_container_port_name] + action: keep + regex: '.*-envoy-prom' + - action: labeldrop + regex: "__meta_kubernetes_pod_label_(.+)" + - sourceLabels: [__meta_kubernetes_namespace] + action: replace + targetLabel: namespace + - sourceLabels: [__meta_kubernetes_pod_name] + action: replace + targetLabel: pod_name +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: istio-component-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-components +spec: + jobLabel: istio + targetLabels: [app] + selector: + matchExpressions: + - {key: istio, operator: In, values: [pilot]} + namespaceSelector: + any: true + endpoints: + - port: http-monitoring + interval: 15s +{{- end -}} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/serviceaccount.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/serviceaccount.yaml new file mode 100755 index 000000000..82b6cbb7e --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/view-role.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/view-role.yaml new file mode 100755 index 000000000..5947d3eba --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/view-role.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-view +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: ["get", "watch", "list"] + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: ["get", "watch", "list"] diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/values.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/values.yaml new file mode 100755 index 000000000..d4909e15a --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/values.yaml @@ -0,0 +1,95 @@ +overlayFile: "" +tag: 1.9.2 +##Setting forceInstall: true will remove the check for istio version < 1.6.x and will not analyze your install cluster prior to install +forceInstall: false + +installer: + repository: rancher/istio-installer + tag: 1.9.2-rancher1 + +##Deprecated as of 1.8, native support provided by enabling `dns.enabled=true` +istiocoredns: + enabled: false + image: + repository: rancher/mirrored-coredns-coredns + tag: 1.6.2 + pluginImage: + repository: rancher/mirrored-istio-coredns-plugin + tag: 0.2-istio-1.1 + +##Native support for dns added in 1.8 +dns: + enabled: false + +base: + enabled: true + +cni: + enabled: false + repository: rancher/mirrored-istio-install-cni + tag: 1.9.2 + logLevel: info + excludeNamespaces: + - istio-system + - kube-system + +egressGateways: + enabled: false + type: NodePort + +ingressGateways: + enabled: true + type: NodePort + +istiodRemote: + enabled: false + +pilot: + enabled: true + repository: rancher/mirrored-istio-pilot + tag: 1.9.2 + +telemetry: + enabled: true + v2: + enabled: true + +global: + cattle: + systemDefaultRegistry: "" + proxy: + repository: rancher/mirrored-istio-proxyv2 + tag: 1.9.2 + proxy_init: + repository: rancher/mirrored-istio-proxyv2 + tag: 1.9.2 + defaultPodDisruptionBudget: + enabled: true + rbac: + pspEnabled: false + +# Kiali subchart from rancher-kiali-server +kiali: + enabled: true + auth: + strategy: anonymous + deployment: + ingress_enabled: false + repository: rancher/mirrored-kiali-kiali + tag: v1.32.0 + external_services: + prometheus: + custom_metrics_url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + tracing: + in_cluster_url: "http://tracing.istio-system.svc:16686/jaeger" + grafana: + in_cluster_url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" + url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" + +tracing: + enabled: false + contextPath: "/jaeger" + jaeger: + repository: rancher/mirrored-jaegertracing-all-in-one + tag: 1.20.0 diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/Chart.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/Chart.yaml new file mode 100755 index 000000000..cfd5826eb --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/Chart.yaml @@ -0,0 +1,21 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.32.100 + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Istio + catalog.cattle.io/namespace: istio-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 + catalog.cattle.io/release-name: rancher-istio + catalog.cattle.io/requests-cpu: 710m + catalog.cattle.io/requests-memory: 2314Mi + catalog.cattle.io/ui-component: istio +apiVersion: v1 +appVersion: 1.9.3 +description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ + for details. +icon: https://charts.rancher.io/assets/logos/istio.svg +keywords: +- networking +- infrastructure +name: rancher-istio +version: 1.9.300 diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/README.md b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/README.md new file mode 100755 index 000000000..199e45312 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/README.md @@ -0,0 +1,69 @@ +# Rancher Istio Installers + +A Rancher created chart that packages the istioctl binary to install via a helm chart. + +# Installation Requirements + +## Chart Dependencies +- rancher-kiali-server-crd chart + +# Uninstallation Requirements +To ensure rancher-istio uninstalls correctly, you must uninstall rancher-istio prior to uninstalling chart dependencies (see installation requirements for chart dependencies). This is because all definitions need to be available in order to properly build the rancher-istio objects for removal. + +If you remove dependent CRD charts prior to removing rancher-istio, you may encounter the following error:: + +`Error: uninstallation completed with 1 error(s): unable to build kubernetes objects for delete: unable to recognize "": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"` + +# Addons + +## Kiali + +Kiali allows you to view and manage your istio-based service mesh through an easy to use dashboard. + +#### Dependencies +- rancher-monitoring chart or other Prometheus installation + +This dependecy installs the required CRDs for installing Kiali. Since Kiali is bundled in with Istio in this chart, if you do not have these dependencies installed, your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` when installing Istio for a succesful installation. + +> **Note:** The following configuration options assume you have installed the dependecies for Kiali. Please ensure you have Promtheus in your cluster before proceeding. + +The Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +#### External Services + +##### Prometheus +The `kiali.external_services.prometheus` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` being set in your rancher-monitoring or other monitoring instance. + +##### Grafana +The `kiali.external_services.grafana` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `grafana.service.port` being set in your rancher-monitoring or other monitoring instance. + +##### Tracing +The `kiali.external_services.tracing` url and `.Values.tracing.contextPath` is set in the rancher-istio values.yaml: +``` +http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} +``` +The url depends on the default values for `namespaceOverride`, and `.Values.service.externalPort` being set in your rancher-tracing or other tracing instance. + +## Jaeger + +Jaeger allows you to trace and monitor distributed microservices. + +> **Note:** This addon is using the all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io/docs/1.21/getting-started/) documentation to determine which installation you will need for your production needs. + +# Installation +``` +helm install rancher-istio . --create-namespace -n istio-system +``` \ No newline at end of file diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/app-readme.md b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/app-readme.md new file mode 100755 index 000000000..0e42df083 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/app-readme.md @@ -0,0 +1,45 @@ +# Rancher Istio + +Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. It also includes: +* **[Kiali](https://kiali.io/)**: Used for graphing traffic flow throughout the mesh +* **[Jaeger](https://www.jaegertracing.io/)**: A quick start, all-in-one installation used for tracing distributed systemm. This is not production qualified, please refer to jaeger documentation to determine which installation you may need instead. + +### Dependencies + +**Rancher Monitoring or other Prometheus installation** + +The Prometheus CRDs are required for installing Kiali which is enabled by default. If you do not have Prometheus installed your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` to bypass this requirement. + +### Customization + +**Rancher Monitoring** + +The Rancher Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +**Custom Prometheus Installation with Kiali** + +To use a custom Monitoring installation, set the `kiali.external_services.prometheus` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` in your rancher-monitoring or other monitoring instance: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +**Custom Grafana Installation with Kiali** + +To use a custom Grafana installation, set the `kiali.external_services.grafana` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `granfa.service.port` in your rancher-monitoring or other grafana instance: +``` +http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} +``` +**Custom Tracing Installation with Kiali** + +To use a custom Tracing installation, set the `kiali.external_services.tracing` url and update the `.Values.tracing.contextPath` in the rancher-istio values.yaml. + +This url depends on the values for `namespaceOverride`, and `.Values.service.externalPort` in your rancher-tracing or other tracing instance.: +``` +http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} +``` + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/istio/v2.5/). diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/Chart.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/Chart.yaml new file mode 100755 index 000000000..9b6fdf385 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server +apiVersion: v2 +appVersion: v1.32.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: kiali +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.32.1 diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/NOTES.txt b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/NOTES.txt new file mode 100755 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/_helpers.tpl b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/_helpers.tpl new file mode 100755 index 000000000..dd33bbe48 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/_helpers.tpl @@ -0,0 +1,192 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Identifies the log_level with the old verbose_mode and the new log_level considered. +*/}} +{{- define "kiali-server.logLevel" -}} +{{- if .Values.deployment.verbose_mode -}} +{{- .Values.deployment.verbose_mode -}} +{{- else -}} +{{- .Values.deployment.logger.log_level -}} +{{- end -}} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: "kiali" +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- if .Values.external_services.custom_dashboards.enabled }} + {{- $includere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- $excludere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} + {{- else }} + {{- print "" }} + {{- end }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/cabundle.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/cabundle.yaml new file mode 100755 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/configmap.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/configmap.yaml new file mode 100755 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/envoy.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/envoy.yaml new file mode 100755 index 000000000..85b402017 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/envoy.yaml @@ -0,0 +1,56 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics + discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/go.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/go.yaml new file mode 100755 index 000000000..2d2f42a93 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/go.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/kiali.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/kiali.yaml new file mode 100755 index 000000000..b1f011b4f --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/kiali.yaml @@ -0,0 +1,44 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100755 index 000000000..2e1ed5cff --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100755 index 000000000..d64596882 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,65 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100755 index 000000000..76e8d0a4a --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,68 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/microprofile-1.1.yaml new file mode 100755 index 000000000..1d4951196 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/microprofile-x.y.yaml new file mode 100755 index 000000000..57ddc60ef --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,38 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/nodejs.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/nodejs.yaml new file mode 100755 index 000000000..1ffe0aa10 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/nodejs.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/quarkus.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/quarkus.yaml new file mode 100755 index 000000000..cef5f3dce --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/quarkus.yaml @@ -0,0 +1,33 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml new file mode 100755 index 000000000..42d87d890 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/springboot-jvm.yaml new file mode 100755 index 000000000..ced3acdd9 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/springboot-tomcat.yaml new file mode 100755 index 000000000..c07016aa2 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/thorntail.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/thorntail.yaml new file mode 100755 index 000000000..6bd85e6f5 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/thorntail.yaml @@ -0,0 +1,22 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/tomcat.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/tomcat.yaml new file mode 100755 index 000000000..9a803342f --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/tomcat.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-client.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-client.yaml new file mode 100755 index 000000000..2d591d6b0 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-client.yaml @@ -0,0 +1,60 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-eventbus.yaml new file mode 100755 index 000000000..65f9ee2ec --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-jvm.yaml new file mode 100755 index 000000000..2663186f3 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-pool.yaml new file mode 100755 index 000000000..f6af921b3 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,68 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-server.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-server.yaml new file mode 100755 index 000000000..de6b89df9 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-server.yaml @@ -0,0 +1,62 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/deployment.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/deployment.yaml new file mode 100755 index 000000000..100c57922 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/deployment.yaml @@ -0,0 +1,174 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + {{- if .Values.deployment.pod_labels }} + {{- toYaml .Values.deployment.pod_labels | nindent 8 }} + {{- end }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: "" + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LOG_LEVEL + value: "{{ include "kiali-server.logLevel" . }}" + - name: LOG_FORMAT + value: "{{ .Values.deployment.logger.log_format }}" + - name: LOG_TIME_FIELD_FORMAT + value: "{{ .Values.deployment.logger.time_field_format }}" + - name: LOG_SAMPLER_RATE + value: "{{ .Values.deployment.logger.sampler_rate }}" + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/hpa.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/hpa.yaml new file mode 100755 index 000000000..934c4c1e9 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/hpa.yaml @@ -0,0 +1,17 @@ +{{- if .Values.deployment.hpa.spec }} +--- +apiVersion: {{ .Values.deployment.hpa.api_version }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "kiali-server.fullname" . }} + {{- toYaml .Values.deployment.hpa.spec | nindent 2 }} +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/ingress.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/ingress.yaml new file mode 100755 index 000000000..e4c98db1b --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/ingress.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/oauth.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/oauth.yaml new file mode 100755 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/psp.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/psp.yaml new file mode 100755 index 000000000..f891892cc --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/psp.yaml @@ -0,0 +1,67 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-psp +subjects: + - kind: ServiceAccount + name: kiali +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "kiali-server.fullname" . }}-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/role-controlplane.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/role-controlplane.yaml new file mode 100755 index 000000000..a22c76756 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/role-controlplane.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - secrets + verbs: + - list +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/role-viewer.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/role-viewer.yaml new file mode 100755 index 000000000..9fdd9fd1d --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/role-viewer.yaml @@ -0,0 +1,97 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/role.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/role.yaml new file mode 100755 index 000000000..8444bc753 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/role.yaml @@ -0,0 +1,108 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/rolebinding-controlplane.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/rolebinding-controlplane.yaml new file mode 100755 index 000000000..5a0015836 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/rolebinding-controlplane.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-controlplane +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/rolebinding.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/rolebinding.yaml new file mode 100755 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/route.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/route.yaml new file mode 100755 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/service.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/service.yaml new file mode 100755 index 000000000..9ccf4f388 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/service.yaml @@ -0,0 +1,47 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if and (not (empty .Values.server.web_fqdn)) (not (empty .Values.server.web_schema)) }} + {{- if empty .Values.server.web_port }} + kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}{{ default "" .Values.server.web_root }} + {{- else }} + kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}:{{ .Values.server.web_port }}{{(default "" .Values.server.web_root) }} + {{- end }} + {{- end }} + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/serviceaccount.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/serviceaccount.yaml new file mode 100755 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/validate-install-crd.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/validate-install-crd.yaml new file mode 100755 index 000000000..b42eeb266 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/web-root-configmap.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/web-root-configmap.yaml new file mode 100755 index 000000000..970d4e4f5 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/values.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/values.yaml new file mode 100755 index 000000000..aada4e09a --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/values.yaml @@ -0,0 +1,93 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + hpa: + api_version: "autoscaling/v2beta2" + spec: {} + repository: rancher/mirrored-kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.32.0 + ingress_enabled: true + logger: + log_format: "text" + log_level: "info" + time_field_format: "2006-01-02T15:04:05Z07:00" + sampler_rate: "1" + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + pod_labels: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + version_label: v1.32.0 + view_only_mode: false + +external_services: + custom_dashboards: + enabled: true + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: + rbac: + pspEnabled: false diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/.helmignore b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/Chart.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/Chart.yaml new file mode 100755 index 000000000..6e368616d --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/Chart.yaml @@ -0,0 +1,12 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: istio-system + catalog.rancher.io/release-name: rancher-tracing +apiVersion: v1 +appVersion: 1.20.0 +description: A quick start Jaeger Tracing installation using the all-in-one demo. + This is not production qualified. Refer to https://www.jaegertracing.io/ for details. +name: tracing +version: 1.20.1 diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/README.md b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/README.md new file mode 100755 index 000000000..25534c628 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/README.md @@ -0,0 +1,5 @@ +# Jaeger + +A Rancher chart based on the Jaeger all-in-one quick installation option. This chart will allow you to trace and monitor distributed microservices. + +> **Note:** The basic all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io) documentation to determine which installation you will need for your production needs. diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/_affinity.tpl b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/_affinity.tpl new file mode 100755 index 000000000..bf6a9aee5 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/_affinity.tpl @@ -0,0 +1,92 @@ +{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} +{{- define "nodeAffinity" }} + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityRequiredDuringScheduling" . }} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityPreferredDuringScheduling" . }} +{{- end }} + +{{- define "nodeAffinityRequiredDuringScheduling" }} + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - {{ $key | quote }} + {{- end }} + {{- end }} + {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} + {{- range $key, $val := $nodeSelector }} + - key: {{ $key }} + operator: In + values: + - {{ $val | quote }} + {{- end }} +{{- end }} + +{{- define "nodeAffinityPreferredDuringScheduling" }} + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - weight: {{ $val | int }} + preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - {{ $key | quote }} + {{- end }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinity" }} +{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} + podAntiAffinity: + {{- if .Values.podAntiAffinityLabelSelector }} + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityRequiredDuringScheduling" . }} + {{- end }} + {{- if or .Values.podAntiAffinityTermLabelSelector}} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityPreferredDuringScheduling" . }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "podAntiAffinityRequiredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} + - labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinityPreferredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + weight: 100 + {{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/_helpers.tpl b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/_helpers.tpl new file mode 100755 index 000000000..56cfa7335 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "tracing.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "tracing.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/deployment.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/deployment.yaml new file mode 100755 index 000000000..25bb67fd3 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/deployment.yaml @@ -0,0 +1,86 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + selector: + matchLabels: + app: {{ .Values.provider }} + template: + metadata: + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + annotations: + sidecar.istio.io/inject: "false" + prometheus.io/scrape: "true" + prometheus.io/port: "14269" +{{- if .Values.jaeger.podAnnotations }} +{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} +{{- end }} + spec: + containers: + - name: jaeger + image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + env: + {{- if eq .Values.jaeger.spanStorageType "badger" }} + - name: BADGER_EPHEMERAL + value: "false" + - name: SPAN_STORAGE_TYPE + value: "badger" + - name: BADGER_DIRECTORY_VALUE + value: "/badger/data" + - name: BADGER_DIRECTORY_KEY + value: "/badger/key" + {{- end }} + - name: COLLECTOR_ZIPKIN_HTTP_PORT + value: "9411" + - name: MEMORY_MAX_TRACES + value: "{{ .Values.jaeger.memory.max_traces }}" + - name: QUERY_BASE_PATH + value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} + livenessProbe: + httpGet: + path: / + port: 14269 + readinessProbe: + httpGet: + path: / + port: 14269 +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumeMounts: + - name: data + mountPath: /badger +{{- end }} + resources: +{{- if .Values.jaeger.resources }} +{{ toYaml .Values.jaeger.resources | indent 12 }} +{{- else }} +{{ toYaml .Values.global.defaultResources | indent 12 }} +{{- end }} + affinity: + {{- include "nodeAffinity" . | indent 6 }} + {{- include "podAntiAffinity" . | indent 6 }} + {{- if .Values.global.rbac.pspEnabled }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + serviceAccountName: {{ include "tracing.fullname" . }} + {{- end }} +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumes: + - name: data +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} + persistentVolumeClaim: + claimName: istio-jaeger-pvc +{{- else }} + emptyDir: {} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/psp.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/psp.yaml new file mode 100755 index 000000000..44b230492 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/psp.yaml @@ -0,0 +1,86 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "tracing.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "tracing.fullname" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "tracing.fullname" . }} + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - emptyDir + - secret + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/pvc.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/pvc.yaml new file mode 100755 index 000000000..9b4c55e4f --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/pvc.yaml @@ -0,0 +1,16 @@ +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: istio-jaeger-pvc + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} +spec: + storageClassName: {{ .Values.jaeger.storageClassName }} + accessModes: + - {{ .Values.jaeger.accessMode }} + resources: + requests: + storage: {{.Values.jaeger.persistentVolumeClaim.storage }} +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/service.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/service.yaml new file mode 100755 index 000000000..4210a9b5f --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/service.yaml @@ -0,0 +1,63 @@ +apiVersion: v1 +kind: Service +metadata: + name: tracing + namespace: {{ .Release.Namespace }} + annotations: + {{- range $key, $val := .Values.service.annotations }} + {{ $key }}: {{ $val | quote }} + {{- end }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: {{ .Values.service.type }} + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.service.externalPort }} + protocol: TCP + targetPort: 16686 + selector: + app: {{ .Values.provider }} +--- +# Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin. +apiVersion: v1 +kind: Service +metadata: + name: zipkin + namespace: {{ .Release.Namespace }} + labels: + name: zipkin + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.zipkin.queryPort }} + targetPort: {{ .Values.zipkin.queryPort }} + selector: + app: {{ .Values.provider }} +--- +apiVersion: v1 +kind: Service +metadata: + name: jaeger-collector + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: ClusterIP + ports: + - name: jaeger-collector-http + port: 14268 + targetPort: 14268 + protocol: TCP + - name: jaeger-collector-grpc + port: 14250 + targetPort: 14250 + protocol: TCP + selector: + app: {{ .Values.provider }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/values.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/values.yaml new file mode 100755 index 000000000..18ff81c3c --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/values.yaml @@ -0,0 +1,44 @@ +provider: jaeger +contextPath: "" +nodeSelector: {} +podAntiAffinityLabelSelector: [] +podAntiAffinityTermLabelSelector: [] +nameOverride: "" +fullnameOverride: "" + +global: + cattle: + systemDefaultRegistry: "" + defaultResources: {} + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + arch: + amd64: 2 + s390x: 2 + ppc64le: 2 + defaultNodeSelector: {} + rbac: + pspEnabled: false + +jaeger: + repository: rancher/mirrored-jaegertracing-all-in-one + tag: 1.20.0 + # spanStorageType value can be "memory" and "badger" for all-in-one image + spanStorageType: badger + resources: + requests: + cpu: 10m + persistentVolumeClaim: + enabled: false + storage: 5Gi + storageClassName: "" + accessMode: ReadWriteMany + memory: + max_traces: 50000 +zipkin: + queryPort: 9411 +service: + annotations: {} + name: http-query + type: ClusterIP + externalPort: 16686 diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/configs/istio-base.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/configs/istio-base.yaml new file mode 100755 index 000000000..7ff972e2d --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/configs/istio-base.yaml @@ -0,0 +1,89 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + addonComponents: + istiocoredns: + enabled: {{ .Values.istiocoredns.enabled }} + components: + base: + enabled: {{ .Values.base.enabled }} + cni: + enabled: {{ .Values.cni.enabled }} + egressGateways: + - enabled: {{ .Values.egressGateways.enabled }} + name: istio-egressgateway + ingressGateways: + - enabled: {{ .Values.ingressGateways.enabled }} + name: istio-ingressgateway + k8s: + service: + ports: + - name: status-port + port: 15021 + targetPort: 15021 + - name: http2 + port: 80 + targetPort: 8080 + nodePort: 31380 + - name: https + port: 443 + targetPort: 8443 + nodePort: 31390 + - name: tcp + port: 31400 + targetPort: 31400 + nodePort: 31400 + - name: tls + port: 15443 + targetPort: 15443 + istiodRemote: + enabled: {{ .Values.istiodRemote.enabled }} + pilot: + enabled: {{ .Values.pilot.enabled }} + hub: {{ .Values.systemDefaultRegistry | default "docker.io" }} + profile: default + tag: {{ .Values.tag }} + revision: {{ .Values.revision }} + meshConfig: + defaultConfig: + proxyMetadata: + {{- if .Values.dns.enabled }} + ISTIO_META_DNS_CAPTURE: "true" + {{- end }} + values: + gateways: + istio-egressgateway: + name: istio-egressgateway + type: {{ .Values.egressGateways.type }} + istio-ingressgateway: + name: istio-ingressgateway + type: {{ .Values.ingressGateways.type }} + global: + istioNamespace: {{ template "istio.namespace" . }} + proxy: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }} + proxy_init: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }} + {{- if .Values.global.defaultPodDisruptionBudget.enabled }} + defaultPodDisruptionBudget: + enabled: {{ .Values.global.defaultPodDisruptionBudget.enabled }} + {{- end }} + istiocoredns: + coreDNSImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.image.repository }} + coreDNSPluginImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.pluginImage.repository }}:{{ .Values.istiocoredns.pluginImage.tag }} + coreDNSTag: {{ .Values.istiocoredns.image.tag }} + {{- if .Values.pilot.enabled }} + pilot: + image: {{ template "system_default_registry" . }}{{ .Values.pilot.repository }}:{{ .Values.pilot.tag }} + {{- end }} + telemetry: + enabled: {{ .Values.telemetry.enabled }} + v2: + enabled: {{ .Values.telemetry.v2.enabled }} + {{- if .Values.cni.enabled }} + cni: + image: {{ template "system_default_registry" . }}{{ .Values.cni.repository }}:{{ .Values.cni.tag }} + excludeNamespaces: + {{- toYaml .Values.cni.excludeNamespaces | nindent 8 }} + logLevel: {{ .Values.cni.logLevel }} + {{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/requirements.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/requirements.yaml new file mode 100755 index 000000000..b60745780 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/requirements.yaml @@ -0,0 +1,17 @@ +dependencies: +- name: kiali + version: "" + repository: file://./charts/kiali + condition: kiali.enabled + tags: [] + enabled: false + importvalues: [] + alias: "" +- name: tracing + version: "" + repository: file://./charts/tracing + condition: tracing.enabled + tags: [] + enabled: false + importvalues: [] + alias: "" diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/samples/overlay-example.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/samples/overlay-example.yaml new file mode 100755 index 000000000..5cf3cf3b0 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/samples/overlay-example.yaml @@ -0,0 +1,37 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + components: + ingressGateways: + - enabled: true + name: ilb-gateway + namespace: user-ingressgateway-ns + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal + - enabled: true + name: other-gateway + namespace: cattle-istio-system + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/_helpers.tpl b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/_helpers.tpl new file mode 100755 index 000000000..3f7af953a --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/_helpers.tpl @@ -0,0 +1,12 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "istio.namespace" -}} + {{- .Release.Namespace | default "istio-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/admin-role.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/admin-role.yaml new file mode 100755 index 000000000..ad1313c4f --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/admin-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: istio-admin + namespace: {{ template "istio.namespace" . }} +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/base-config-map.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/base-config-map.yaml new file mode 100755 index 000000000..5323917bc --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/base-config-map.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-base + namespace: {{ template "istio.namespace" . }} +data: +{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/clusterrole.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/clusterrole.yaml new file mode 100755 index 000000000..a93b3df95 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/clusterrole.yaml @@ -0,0 +1,120 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-installer +rules: +# istio groups +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - install.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - rbac.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - security.istio.io + resources: + - '*' + verbs: + - '*' +# k8s groups +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions.apiextensions.k8s.io + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - apps + - extensions + resources: + - daemonsets + - deployments + - deployments/finalizers + - ingresses + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - pods + - pods/exec + - persistentvolumeclaims + - secrets + - services + - serviceaccounts + verbs: + - '*' +- apiGroups: + - policy + resourceNames: + - istio-installer + resources: + - podsecuritypolicies + verbs: + - use diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/clusterrolebinding.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..9d74a0434 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: istio-installer +subjects: +- kind: ServiceAccount + name: istio-installer + namespace: {{ template "istio.namespace" . }} +roleRef: + kind: ClusterRole + name: istio-installer + apiGroup: rbac.authorization.k8s.io diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/edit-role.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/edit-role.yaml new file mode 100755 index 000000000..d1059d58d --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/edit-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-edit +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-cni-psp.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-cni-psp.yaml new file mode 100755 index 000000000..5b94c8503 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-cni-psp.yaml @@ -0,0 +1,51 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +spec: + allowPrivilegeEscalation: true + fsGroup: + rule: RunAsAny + hostNetwork: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - secret + - configMap + - emptyDir + - hostPath +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: psp-istio-cni +subjects: + - kind: ServiceAccount + name: istio-cni +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +rules: +- apiGroups: + - policy + resourceNames: + - psp-istio-cni + resources: + - podsecuritypolicies + verbs: + - use +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-install-job.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-install-job.yaml new file mode 100755 index 000000000..9a13f5698 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-install-job.yaml @@ -0,0 +1,50 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-installer + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + backoffLimit: 1 + template: + spec: + containers: + - name: istioctl-installer + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + - name: FORCE_INSTALL + value: {{ .Values.forceInstall | default "false" | quote }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/run.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{- end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{- end }} + serviceAccountName: istio-installer + {{- if .Values.global.rbac.pspEnabled }} + securityContext: + runAsUser: 101 + runAsGroup: 101 + {{- end }} + restartPolicy: Never diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-install-psp.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-install-psp.yaml new file mode 100755 index 000000000..f0b5ee565 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-install-psp.yaml @@ -0,0 +1,30 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-psp.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-psp.yaml new file mode 100755 index 000000000..b3758b74f --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-psp.yaml @@ -0,0 +1,81 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: istio-psp +subjects: + - kind: ServiceAccount + name: istio-egressgateway-service-account + - kind: ServiceAccount + name: istio-ingressgateway-service-account + - kind: ServiceAccount + name: istio-mixer-service-account + - kind: ServiceAccount + name: istio-operator-authproxy + - kind: ServiceAccount + name: istiod-service-account + - kind: ServiceAccount + name: istio-sidecar-injector-service-account + - kind: ServiceAccount + name: istiocoredns-service-account + - kind: ServiceAccount + name: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +rules: +- apiGroups: + - policy + resourceNames: + - istio-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-uninstall-job.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-uninstall-job.yaml new file mode 100755 index 000000000..a7f156325 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-uninstall-job.yaml @@ -0,0 +1,45 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-uninstaller + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + spec: + containers: + - name: istioctl-uninstaller + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/uninstall_istio_system.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{ end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{ end }} + serviceAccountName: istio-installer + securityContext: + runAsUser: 101 + runAsGroup: 101 + restartPolicy: OnFailure diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/overlay-config-map.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/overlay-config-map.yaml new file mode 100755 index 000000000..287d26b2c --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/overlay-config-map.yaml @@ -0,0 +1,9 @@ +{{- if .Values.overlayFile }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-overlay + namespace: {{ template "istio.namespace" . }} +data: + overlay-config.yaml: {{ toYaml .Values.overlayFile | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/service-monitors.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/service-monitors.yaml new file mode 100755 index 000000000..c3d60c4fc --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/service-monitors.yaml @@ -0,0 +1,51 @@ +{{- if .Values.kiali.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: envoy-stats-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-proxies +spec: + selector: + matchExpressions: + - {key: istio-prometheus-ignore, operator: DoesNotExist} + namespaceSelector: + any: true + jobLabel: envoy-stats + endpoints: + - path: /stats/prometheus + targetPort: 15090 + interval: 15s + relabelings: + - sourceLabels: [__meta_kubernetes_pod_container_port_name] + action: keep + regex: '.*-envoy-prom' + - action: labeldrop + regex: "__meta_kubernetes_pod_label_(.+)" + - sourceLabels: [__meta_kubernetes_namespace] + action: replace + targetLabel: namespace + - sourceLabels: [__meta_kubernetes_pod_name] + action: replace + targetLabel: pod_name +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: istio-component-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-components +spec: + jobLabel: istio + targetLabels: [app] + selector: + matchExpressions: + - {key: istio, operator: In, values: [pilot]} + namespaceSelector: + any: true + endpoints: + - port: http-monitoring + interval: 15s +{{- end -}} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/serviceaccount.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/serviceaccount.yaml new file mode 100755 index 000000000..82b6cbb7e --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/view-role.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/view-role.yaml new file mode 100755 index 000000000..5947d3eba --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/view-role.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-view +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: ["get", "watch", "list"] + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: ["get", "watch", "list"] diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/values.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/values.yaml new file mode 100755 index 000000000..98320a858 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/values.yaml @@ -0,0 +1,95 @@ +overlayFile: "" +tag: 1.9.3 +##Setting forceInstall: true will remove the check for istio version < 1.6.x and will not analyze your install cluster prior to install +forceInstall: false + +installer: + repository: rancher/istio-installer + tag: 1.9.3-rancher1 + +##Deprecated as of 1.8, native support provided by enabling `dns.enabled=true` +istiocoredns: + enabled: false + image: + repository: rancher/mirrored-coredns-coredns + tag: 1.6.2 + pluginImage: + repository: rancher/mirrored-istio-coredns-plugin + tag: 0.2-istio-1.1 + +##Native support for dns added in 1.8 +dns: + enabled: false + +base: + enabled: true + +cni: + enabled: false + repository: rancher/mirrored-istio-install-cni + tag: 1.9.3 + logLevel: info + excludeNamespaces: + - istio-system + - kube-system + +egressGateways: + enabled: false + type: NodePort + +ingressGateways: + enabled: true + type: NodePort + +istiodRemote: + enabled: false + +pilot: + enabled: true + repository: rancher/mirrored-istio-pilot + tag: 1.9.3 + +telemetry: + enabled: true + v2: + enabled: true + +global: + cattle: + systemDefaultRegistry: "" + proxy: + repository: rancher/mirrored-istio-proxyv2 + tag: 1.9.3 + proxy_init: + repository: rancher/mirrored-istio-proxyv2 + tag: 1.9.3 + defaultPodDisruptionBudget: + enabled: true + rbac: + pspEnabled: false + +# Kiali subchart from rancher-kiali-server +kiali: + enabled: true + auth: + strategy: anonymous + deployment: + ingress_enabled: false + repository: rancher/mirrored-kiali-kiali + tag: v1.32.0 + external_services: + prometheus: + custom_metrics_url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + tracing: + in_cluster_url: "http://tracing.istio-system.svc:16686/jaeger" + grafana: + in_cluster_url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" + url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" + +tracing: + enabled: false + contextPath: "/jaeger" + jaeger: + repository: rancher/mirrored-jaegertracing-all-in-one + tag: 1.20.0 diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/Chart.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/Chart.yaml new file mode 100644 index 000000000..c4dbb210b --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/Chart.yaml @@ -0,0 +1,19 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.23.001 + catalog.cattle.io/certified: rancher + catalog.cattle.io/namespace: istio-system + catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 + catalog.cattle.io/release-name: rancher-istio + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.cattle.io/ui-component: istio + catalog.cattle.io/os: linux +apiVersion: v1 +appVersion: 1.7.1 +description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ + for details. +icon: https://charts.rancher.io/assets/logos/istio.svg +keywords: +- networking +- infrastructure +name: rancher-istio +version: 1.7.100 diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/README.md b/released/charts/rancher-istio/rancher-istio/1.7.100/README.md new file mode 100644 index 000000000..d373dff8d --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/README.md @@ -0,0 +1,28 @@ +# Rancher Istio Installers + +A Rancher created chart that packages the istioctl binary to install via a helm chart. + +# Installation Requirements + +## Chart Dependencies +- rancher-kiali-server-crd chart +- rancher-monitoring chart or other monitoring installation + +### Kiali +The `kiali.external_services.prometheus` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` being set in your rancher-monitoring or other monitoring instance. + +The Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +# Installation +``` +helm install rancher-istio . --create-namespace -n istio-system +``` diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/Chart.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/Chart.yaml new file mode 100644 index 000000000..b1643d95c --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server + catalog.cattle.io/os: linux +apiVersion: v2 +appVersion: v1.23.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: rancher-kiali-server +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.23.0 diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/NOTES.txt b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/NOTES.txt new file mode 100644 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/_helpers.tpl b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/_helpers.tpl new file mode 100644 index 000000000..9dd3d7ff0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/_helpers.tpl @@ -0,0 +1,176 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- $includere := "" }} +{{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} +{{- end }} +{{- $excludere := "" }} +{{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} +{{- end }} +{{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/cabundle.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/cabundle.yaml new file mode 100644 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/configmap.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/configmap.yaml new file mode 100644 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/envoy.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/envoy.yaml new file mode 100644 index 000000000..8d961b848 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/envoy.yaml @@ -0,0 +1,55 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics +# discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/go.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/go.yaml new file mode 100644 index 000000000..01ebed7b5 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/go.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/kiali.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/kiali.yaml new file mode 100644 index 000000000..0d5b5caa2 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/kiali.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100644 index 000000000..e89e1200c --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,42 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100644 index 000000000..ab487dccc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,64 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100644 index 000000000..d7014951d --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/microprofile-1.1.yaml new file mode 100644 index 000000000..c00446c10 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/microprofile-x.y.yaml new file mode 100644 index 000000000..d15f527d9 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,37 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/nodejs.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/nodejs.yaml new file mode 100644 index 000000000..d772a16c0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/nodejs.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/quarkus.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/quarkus.yaml new file mode 100644 index 000000000..4fc3e9ac0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/quarkus.yaml @@ -0,0 +1,32 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/springboot-jvm-pool.yaml new file mode 100644 index 000000000..2ff4ae576 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/springboot-jvm.yaml new file mode 100644 index 000000000..8bd43055b --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/springboot-tomcat.yaml new file mode 100644 index 000000000..4b27aee4f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/thorntail.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/thorntail.yaml new file mode 100644 index 000000000..513488df4 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/thorntail.yaml @@ -0,0 +1,21 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/tomcat.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/tomcat.yaml new file mode 100644 index 000000000..28fd7f1cc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/tomcat.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-client.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-client.yaml new file mode 100644 index 000000000..17392d87f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-client.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-eventbus.yaml new file mode 100644 index 000000000..fa659b55c --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-jvm.yaml new file mode 100644 index 000000000..ac03ea2e0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-pool.yaml new file mode 100644 index 000000000..3715e9c10 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-server.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-server.yaml new file mode 100644 index 000000000..686295468 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-server.yaml @@ -0,0 +1,61 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/deployment.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/deployment.yaml new file mode 100644 index 000000000..6fab9ee49 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/deployment.yaml @@ -0,0 +1,165 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: null + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + - "-v" + - "{{ .Values.deployment.verbose_mode }}" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/ingess.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/ingess.yaml new file mode 100644 index 000000000..5a427e896 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/ingess.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/oauth.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/oauth.yaml new file mode 100644 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/role-viewer.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/role-viewer.yaml new file mode 100644 index 000000000..790406017 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/role-viewer.yaml @@ -0,0 +1,101 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - config.istio.io + - networking.istio.io + - authentication.istio.io + - rbac.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["authentication.maistra.io"] + resources: + - servicemeshpolicies + verbs: + - get + - list + - watch +- apiGroups: ["rbac.maistra.io"] + resources: + - servicemeshrbacconfigs + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/role.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/role.yaml new file mode 100644 index 000000000..34a47dd89 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/role.yaml @@ -0,0 +1,118 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - config.istio.io + - networking.istio.io + - authentication.istio.io + - rbac.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.maistra.io"] + resources: + - servicemeshpolicies + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["rbac.maistra.io"] + resources: + - servicemeshrbacconfigs + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/rolebinding.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/rolebinding.yaml new file mode 100644 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/route.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/route.yaml new file mode 100644 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/service.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/service.yaml new file mode 100644 index 000000000..69dc395d1 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/service.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/serviceaccount.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/serviceaccount.yaml new file mode 100644 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/validate-install-crd.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/validate-install-crd.yaml new file mode 100644 index 000000000..01d33e632 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-kiali-server-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/web-root-configmap.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/web-root-configmap.yaml new file mode 100644 index 000000000..0daa7bb23 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:rancher-istio-kiali:20001/proxy'; +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/values.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/values.yaml new file mode 100644 index 000000000..12ea7379d --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/values.yaml @@ -0,0 +1,79 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + repository: rancher/kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.23.0 + ingress_enabled: true + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + verbose_mode: "3" + version_label: v1.23.0 + view_only_mode: false + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/configs/istio-base.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/configs/istio-base.yaml new file mode 100644 index 000000000..c66e769dd --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/configs/istio-base.yaml @@ -0,0 +1,99 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + addonComponents: + istiocoredns: + enabled: {{ .Values.istiocoredns.enabled }} + components: + base: + enabled: {{ .Values.base.enabled }} + cni: + enabled: {{ .Values.cni.enabled }} + egressGateways: + - enabled: {{ .Values.egressGateways.enabled }} + name: istio-egressgateway + ingressGateways: + - enabled: {{ .Values.ingressGateways.enabled }} + name: istio-ingressgateway + k8s: + service: + ports: + - name: status-port + port: 15021 + targetPort: 15021 + - name: http2 + port: 80 + targetPort: 8080 + nodePort: 31380 + - name: https + port: 443 + targetPort: 8443 + nodePort: 31390 + - name: tcp + port: 31400 + targetPort: 31400 + nodePort: 31400 + - name: tls + port: 15443 + targetPort: 15443 + istiodRemote: + enabled: {{ .Values.istiodRemote.enabled }} + pilot: + enabled: {{ .Values.pilot.enabled }} + policy: + enabled: {{ .Values.policy.enabled }} + telemetry: + enabled: {{ .Values.telemetry.v1.enabled }} + hub: {{ .Values.systemDefaultRegistry | default "docker.io" }} + profile: default + tag: {{ .Values.tag }} + revision: {{ .Values.revision }} + meshConfig: + enablePrometheusMerge: {{ .Values.meshConfig.enablePrometheusMerge }} + values: + gateways: + istio-egressgateway: + name: istio-egressgateway + type: {{ .Values.egressGateways.type }} + istio-ingressgateway: + name: istio-ingressgateway + type: {{ .Values.ingressGateways.type }} + global: + istioNamespace: {{ template "istio.namespace" . }} + proxy: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }} + proxy_init: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }} + {{- if .Values.global.defaultPodDisruptionBudget.enabled }} + defaultPodDisruptionBudget: + enabled: {{ .Values.global.defaultPodDisruptionBudget.enabled }} + {{- end }} + istiocoredns: + coreDNSImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.image.repository }} + coreDNSPluginImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.pluginImage.repository }}:{{ .Values.istiocoredns.pluginImage.tag }} + coreDNSTag: {{ .Values.istiocoredns.image.tag }} + {{- if or .Values.policy.enabled .Values.telemetry.v1.enabled }} + mixer: + {{- if .Values.policy.enabled }} + policy: + image: {{ template "system_default_registry" . }}{{ .Values.policy.repository }}:{{ .Values.policy.tag }} + {{- end }} + {{- if .Values.telemetry.v1.enabled }} + telemetry: + image: {{ template "system_default_registry" . }}{{ .Values.telemetry.v1.repository }}:{{ .Values.telemetry.v1.tag }} + {{- end }} + {{- end }} + {{- if .Values.pilot.enabled }} + pilot: + image: {{ template "system_default_registry" . }}{{ .Values.pilot.repository }}:{{ .Values.pilot.tag }} + {{- end }} + telemetry: + enabled: {{ .Values.telemetry.enabled }} + v1: + enabled: {{ .Values.telemetry.v1.enabled }} + v2: + enabled: {{ .Values.telemetry.v2.enabled }} + {{- if .Values.cni.enabled }} + cni: + image: {{ template "system_default_registry" . }}{{ .Values.cni.repository }}:{{ .Values.cni.tag }} + {{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/requirements.lock b/released/charts/rancher-istio/rancher-istio/1.7.100/requirements.lock new file mode 100644 index 000000000..40950318d --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/requirements.lock @@ -0,0 +1,6 @@ +dependencies: +- name: rancher-kiali-server + repository: file://../../rancher-kiali-server/charts + version: 1.23.0 +digest: sha256:33579a1f60d18cd1c2fd2e6e569018acdfe3c2459b9a1b77f341d53001512759 +generated: "2020-10-02T23:45:54.868279746Z" diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/requirements.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/requirements.yaml new file mode 100644 index 000000000..6c0a47abd --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/requirements.yaml @@ -0,0 +1,7 @@ +dependencies: + + - name: rancher-kiali-server + alias: kiali + condition: kiali.enabled + version: 1.23.0 + repository: file://../../rancher-kiali-server/charts diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/samples/overlay-example.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/samples/overlay-example.yaml new file mode 100644 index 000000000..5cf3cf3b0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/samples/overlay-example.yaml @@ -0,0 +1,37 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + components: + ingressGateways: + - enabled: true + name: ilb-gateway + namespace: user-ingressgateway-ns + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal + - enabled: true + name: other-gateway + namespace: cattle-istio-system + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/templates/_helpers.tpl b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/_helpers.tpl new file mode 100644 index 000000000..3f7af953a --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/_helpers.tpl @@ -0,0 +1,12 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "istio.namespace" -}} + {{- .Release.Namespace | default "istio-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/templates/admin-role.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/admin-role.yaml new file mode 100644 index 000000000..ad1313c4f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/admin-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: istio-admin + namespace: {{ template "istio.namespace" . }} +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/templates/base-config-map.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/base-config-map.yaml new file mode 100644 index 000000000..5323917bc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/base-config-map.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-base + namespace: {{ template "istio.namespace" . }} +data: +{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/templates/clusterrole.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/clusterrole.yaml new file mode 100644 index 000000000..3e621d897 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/clusterrole.yaml @@ -0,0 +1,112 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-installer +rules: +# istio groups +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - install.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - rbac.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - security.istio.io + resources: + - '*' + verbs: + - '*' +# k8s groups +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions.apiextensions.k8s.io + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - apps + - extensions + resources: + - daemonsets + - deployments + - deployments/finalizers + - ingresses + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - pods + - pods/exec + - persistentvolumeclaims + - secrets + - services + - serviceaccounts + verbs: + - '*' diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/templates/clusterrolebinding.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..9d74a0434 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: istio-installer +subjects: +- kind: ServiceAccount + name: istio-installer + namespace: {{ template "istio.namespace" . }} +roleRef: + kind: ClusterRole + name: istio-installer + apiGroup: rbac.authorization.k8s.io diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/templates/edit-role.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/edit-role.yaml new file mode 100644 index 000000000..d1059d58d --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/edit-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-edit +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/templates/istio-install-job.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/istio-install-job.yaml new file mode 100644 index 000000000..0e9c732e1 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/istio-install-job.yaml @@ -0,0 +1,45 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-installer + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + backoffLimit: 1 + template: + spec: + containers: + - name: istioctl-installer + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + - name: FORCE_INSTALL + value: {{ .Values.forceInstall | default "false" | quote }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/run.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{- end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{- end }} + serviceAccountName: istio-installer + restartPolicy: Never diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/templates/istio-uninstall-job.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/istio-uninstall-job.yaml new file mode 100644 index 000000000..b5946e55f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/istio-uninstall-job.yaml @@ -0,0 +1,42 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-uninstaller + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + spec: + containers: + - name: istioctl-uninstaller + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/uninstall_istio_system.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{ end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{ end }} + serviceAccountName: istio-installer + restartPolicy: OnFailure diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/templates/overlay-config-map.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/overlay-config-map.yaml new file mode 100644 index 000000000..287d26b2c --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/overlay-config-map.yaml @@ -0,0 +1,9 @@ +{{- if .Values.overlayFile }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-overlay + namespace: {{ template "istio.namespace" . }} +data: + overlay-config.yaml: {{ toYaml .Values.overlayFile | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/templates/service-monitors.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/service-monitors.yaml new file mode 100644 index 000000000..c3d60c4fc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/service-monitors.yaml @@ -0,0 +1,51 @@ +{{- if .Values.kiali.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: envoy-stats-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-proxies +spec: + selector: + matchExpressions: + - {key: istio-prometheus-ignore, operator: DoesNotExist} + namespaceSelector: + any: true + jobLabel: envoy-stats + endpoints: + - path: /stats/prometheus + targetPort: 15090 + interval: 15s + relabelings: + - sourceLabels: [__meta_kubernetes_pod_container_port_name] + action: keep + regex: '.*-envoy-prom' + - action: labeldrop + regex: "__meta_kubernetes_pod_label_(.+)" + - sourceLabels: [__meta_kubernetes_namespace] + action: replace + targetLabel: namespace + - sourceLabels: [__meta_kubernetes_pod_name] + action: replace + targetLabel: pod_name +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: istio-component-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-components +spec: + jobLabel: istio + targetLabels: [app] + selector: + matchExpressions: + - {key: istio, operator: In, values: [pilot]} + namespaceSelector: + any: true + endpoints: + - port: http-monitoring + interval: 15s +{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/templates/serviceaccount.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/serviceaccount.yaml new file mode 100644 index 000000000..82b6cbb7e --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/templates/view-role.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/view-role.yaml new file mode 100644 index 000000000..5947d3eba --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/view-role.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-view +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: ["get", "watch", "list"] + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: ["get", "watch", "list"] diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/values.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/values.yaml new file mode 100644 index 000000000..4647a6df0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/values.yaml @@ -0,0 +1,95 @@ +overlayFile: "" +tag: 1.7.1 +forceInstall: false + +installer: + repository: rancher/istio-installer + tag: 1.7.1-rancher1 + +istiocoredns: + enabled: false + image: + repository: rancher/coredns-coredns + tag: 1.6.2 + pluginImage: + repository: rancher/istio-coredns-plugin + tag: 0.2-istio-1.1 + +base: + enabled: true + +cni: + enabled: false + repository: rancher/istio-install-cni + tag: 1.7.1 + +egressGateways: + enabled: false + type: NodePort + +ingressGateways: + enabled: true + type: NodePort + +istiodRemote: + enabled: false + +pilot: + enabled: true + repository: rancher/istio-pilot + tag: 1.7.1 + +#Mixer Policy is deprecated in 1.7.x, will not be supported in 1.8.x +policy: + enabled: false + repository: rancher/istio-mixer + tag: 1.7.1 + +telemetry: + enabled: true + #Telemetry v1 is deprecated in 1.7.x, will not be supported in 1.8.x + v1: + enabled: false + repository: rancher/istio-mixer + tag: 1.7.1 + v2: + enabled: true + +sidecarInjectorWebhook: + enableNamespacesByDefault: false + objectSelector: + enabled: true + autoInject: true + rewriteAppHTTPProbe: true + +global: + cattle: + systemDefaultRegistry: "" + proxy: + repository: rancher/istio-proxyv2 + tag: 1.7.1 + proxy_init: + repository: rancher/istio-proxyv2 + tag: 1.7.1 + defaultPodDisruptionBudget: + enabled: true + +# this can be removed in 1.7 as it is default +meshConfig: + enablePrometheusMerge: true + +# Kiali subchart from rancher-kiali-server +kiali: + enabled: true + auth: + strategy: anonymous + deployment: + ingress_enabled: false + repository: rancher/kiali-kiali + tag: v1.23.0 + external_services: + prometheus: + custom_metrics_url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + tracing: + enabled: false diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/Chart.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/Chart.yaml new file mode 100644 index 000000000..61cd6d05b --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/Chart.yaml @@ -0,0 +1,19 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.24.001 + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Istio + catalog.cattle.io/namespace: istio-system + catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 + catalog.cattle.io/release-name: rancher-istio + catalog.cattle.io/ui-component: istio + catalog.cattle.io/os: linux +apiVersion: v1 +appVersion: 1.7.3 +description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ + for details. +icon: https://charts.rancher.io/assets/logos/istio.svg +keywords: +- networking +- infrastructure +name: rancher-istio +version: 1.7.300 diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/README.md b/released/charts/rancher-istio/rancher-istio/1.7.300/README.md new file mode 100644 index 000000000..c90394f2e --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/README.md @@ -0,0 +1,36 @@ +# Rancher Istio Installers + +A Rancher created chart that packages the istioctl binary to install via a helm chart. + +# Installation Requirements + +## Chart Dependencies +- rancher-kiali-server-crd chart + + +## Kiali + +### Dependencies +- rancher-monitoring chart or other Prometheus installation + +This dependecy installs the required CRDs for installing Kiali. Since Kiali is bundled in with Istio in this chart, if you do not have these dependencies installed, your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` when installing Istio for a succesful installation. + +> **Note:** The following configuration options assume you have installed the dependecies for Kiali. Please ensure you have Promtheus in your cluster before proceeding. + +The `kiali.external_services.prometheus` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` being set in your rancher-monitoring or other monitoring instance. + +The Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +# Installation +``` +helm install rancher-istio . --create-namespace -n istio-system +``` diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/app-readme.md b/released/charts/rancher-istio/rancher-istio/1.7.300/app-readme.md new file mode 100644 index 000000000..e24468457 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/app-readme.md @@ -0,0 +1,30 @@ +# Rancher Istio + +Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. It also includes: +* **[Kiali](https://kiali.io/)**: Used for graphing traffic flow throughout the mesh + +### Dependencies + +**Rancher Monitoring or other Prometheus installation** + +The Prometheus CRDs are required for installing Kiali which is enabled by default. If you do not have Prometheus installed your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` to bypass this requirement. + +### Customization + +**Rancher Monitoring** + +The Rancher Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +**Custom Prometheus Installation with Kiali** + +To use a custom Monitoring installation, set the `kiali.external_services.prometheus` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port`: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/istio/v2.5/). diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/Chart.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/Chart.yaml new file mode 100644 index 000000000..e4ab2a590 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server + catalog.cattle.io/os: linux +apiVersion: v2 +appVersion: v1.24.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: rancher-kiali-server +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.24.0 diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/NOTES.txt b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/NOTES.txt new file mode 100644 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/_helpers.tpl b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/_helpers.tpl new file mode 100644 index 000000000..9dd3d7ff0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/_helpers.tpl @@ -0,0 +1,176 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- $includere := "" }} +{{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} +{{- end }} +{{- $excludere := "" }} +{{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} +{{- end }} +{{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/cabundle.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/cabundle.yaml new file mode 100644 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/configmap.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/configmap.yaml new file mode 100644 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/envoy.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/envoy.yaml new file mode 100644 index 000000000..8d961b848 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/envoy.yaml @@ -0,0 +1,55 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics +# discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/go.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/go.yaml new file mode 100644 index 000000000..01ebed7b5 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/go.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/kiali.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/kiali.yaml new file mode 100644 index 000000000..0d5b5caa2 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/kiali.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100644 index 000000000..e89e1200c --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,42 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100644 index 000000000..ab487dccc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,64 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100644 index 000000000..d7014951d --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/microprofile-1.1.yaml new file mode 100644 index 000000000..c00446c10 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/microprofile-x.y.yaml new file mode 100644 index 000000000..d15f527d9 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,37 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/nodejs.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/nodejs.yaml new file mode 100644 index 000000000..d772a16c0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/nodejs.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/quarkus.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/quarkus.yaml new file mode 100644 index 000000000..4fc3e9ac0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/quarkus.yaml @@ -0,0 +1,32 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/springboot-jvm-pool.yaml new file mode 100644 index 000000000..2ff4ae576 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/springboot-jvm.yaml new file mode 100644 index 000000000..8bd43055b --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/springboot-tomcat.yaml new file mode 100644 index 000000000..4b27aee4f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/thorntail.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/thorntail.yaml new file mode 100644 index 000000000..513488df4 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/thorntail.yaml @@ -0,0 +1,21 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/tomcat.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/tomcat.yaml new file mode 100644 index 000000000..28fd7f1cc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/tomcat.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-client.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-client.yaml new file mode 100644 index 000000000..17392d87f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-client.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-eventbus.yaml new file mode 100644 index 000000000..fa659b55c --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-jvm.yaml new file mode 100644 index 000000000..ac03ea2e0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-pool.yaml new file mode 100644 index 000000000..3715e9c10 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-server.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-server.yaml new file mode 100644 index 000000000..686295468 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-server.yaml @@ -0,0 +1,61 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/deployment.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/deployment.yaml new file mode 100644 index 000000000..6fab9ee49 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/deployment.yaml @@ -0,0 +1,165 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: null + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + - "-v" + - "{{ .Values.deployment.verbose_mode }}" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/ingess.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/ingess.yaml new file mode 100644 index 000000000..5a427e896 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/ingess.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/oauth.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/oauth.yaml new file mode 100644 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/role-viewer.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/role-viewer.yaml new file mode 100644 index 000000000..790406017 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/role-viewer.yaml @@ -0,0 +1,101 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - config.istio.io + - networking.istio.io + - authentication.istio.io + - rbac.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["authentication.maistra.io"] + resources: + - servicemeshpolicies + verbs: + - get + - list + - watch +- apiGroups: ["rbac.maistra.io"] + resources: + - servicemeshrbacconfigs + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/role.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/role.yaml new file mode 100644 index 000000000..34a47dd89 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/role.yaml @@ -0,0 +1,118 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - config.istio.io + - networking.istio.io + - authentication.istio.io + - rbac.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.maistra.io"] + resources: + - servicemeshpolicies + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["rbac.maistra.io"] + resources: + - servicemeshrbacconfigs + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/rolebinding.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/rolebinding.yaml new file mode 100644 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/route.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/route.yaml new file mode 100644 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/service.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/service.yaml new file mode 100644 index 000000000..69dc395d1 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/service.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/serviceaccount.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/serviceaccount.yaml new file mode 100644 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/validate-install-crd.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/validate-install-crd.yaml new file mode 100644 index 000000000..01d33e632 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-kiali-server-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/web-root-configmap.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/web-root-configmap.yaml new file mode 100644 index 000000000..0daa7bb23 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:rancher-istio-kiali:20001/proxy'; +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/values.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/values.yaml new file mode 100644 index 000000000..fccc6d4ce --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/values.yaml @@ -0,0 +1,79 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + repository: rancher/kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.24.0 + ingress_enabled: true + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + verbose_mode: "3" + version_label: v1.24.0 + view_only_mode: false + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/configs/istio-base.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/configs/istio-base.yaml new file mode 100644 index 000000000..c66e769dd --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/configs/istio-base.yaml @@ -0,0 +1,99 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + addonComponents: + istiocoredns: + enabled: {{ .Values.istiocoredns.enabled }} + components: + base: + enabled: {{ .Values.base.enabled }} + cni: + enabled: {{ .Values.cni.enabled }} + egressGateways: + - enabled: {{ .Values.egressGateways.enabled }} + name: istio-egressgateway + ingressGateways: + - enabled: {{ .Values.ingressGateways.enabled }} + name: istio-ingressgateway + k8s: + service: + ports: + - name: status-port + port: 15021 + targetPort: 15021 + - name: http2 + port: 80 + targetPort: 8080 + nodePort: 31380 + - name: https + port: 443 + targetPort: 8443 + nodePort: 31390 + - name: tcp + port: 31400 + targetPort: 31400 + nodePort: 31400 + - name: tls + port: 15443 + targetPort: 15443 + istiodRemote: + enabled: {{ .Values.istiodRemote.enabled }} + pilot: + enabled: {{ .Values.pilot.enabled }} + policy: + enabled: {{ .Values.policy.enabled }} + telemetry: + enabled: {{ .Values.telemetry.v1.enabled }} + hub: {{ .Values.systemDefaultRegistry | default "docker.io" }} + profile: default + tag: {{ .Values.tag }} + revision: {{ .Values.revision }} + meshConfig: + enablePrometheusMerge: {{ .Values.meshConfig.enablePrometheusMerge }} + values: + gateways: + istio-egressgateway: + name: istio-egressgateway + type: {{ .Values.egressGateways.type }} + istio-ingressgateway: + name: istio-ingressgateway + type: {{ .Values.ingressGateways.type }} + global: + istioNamespace: {{ template "istio.namespace" . }} + proxy: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }} + proxy_init: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }} + {{- if .Values.global.defaultPodDisruptionBudget.enabled }} + defaultPodDisruptionBudget: + enabled: {{ .Values.global.defaultPodDisruptionBudget.enabled }} + {{- end }} + istiocoredns: + coreDNSImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.image.repository }} + coreDNSPluginImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.pluginImage.repository }}:{{ .Values.istiocoredns.pluginImage.tag }} + coreDNSTag: {{ .Values.istiocoredns.image.tag }} + {{- if or .Values.policy.enabled .Values.telemetry.v1.enabled }} + mixer: + {{- if .Values.policy.enabled }} + policy: + image: {{ template "system_default_registry" . }}{{ .Values.policy.repository }}:{{ .Values.policy.tag }} + {{- end }} + {{- if .Values.telemetry.v1.enabled }} + telemetry: + image: {{ template "system_default_registry" . }}{{ .Values.telemetry.v1.repository }}:{{ .Values.telemetry.v1.tag }} + {{- end }} + {{- end }} + {{- if .Values.pilot.enabled }} + pilot: + image: {{ template "system_default_registry" . }}{{ .Values.pilot.repository }}:{{ .Values.pilot.tag }} + {{- end }} + telemetry: + enabled: {{ .Values.telemetry.enabled }} + v1: + enabled: {{ .Values.telemetry.v1.enabled }} + v2: + enabled: {{ .Values.telemetry.v2.enabled }} + {{- if .Values.cni.enabled }} + cni: + image: {{ template "system_default_registry" . }}{{ .Values.cni.repository }}:{{ .Values.cni.tag }} + {{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/requirements.lock b/released/charts/rancher-istio/rancher-istio/1.7.300/requirements.lock new file mode 100644 index 000000000..a48bab22b --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/requirements.lock @@ -0,0 +1,6 @@ +dependencies: +- name: rancher-kiali-server + repository: file://../../rancher-kiali-server/charts + version: 1.24.0 +digest: sha256:c7007a5ff0aa6a0d2db2a2c01e7cbf89c28b6337466e5942c32bc752d79dd98f +generated: "2020-11-10T00:01:51.992186001Z" diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/requirements.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/requirements.yaml new file mode 100644 index 000000000..1887bbf5a --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/requirements.yaml @@ -0,0 +1,7 @@ +dependencies: + + - name: rancher-kiali-server + alias: kiali + condition: kiali.enabled + version: 1.24.0 + repository: file://../../rancher-kiali-server/charts diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/samples/overlay-example.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/samples/overlay-example.yaml new file mode 100644 index 000000000..5cf3cf3b0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/samples/overlay-example.yaml @@ -0,0 +1,37 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + components: + ingressGateways: + - enabled: true + name: ilb-gateway + namespace: user-ingressgateway-ns + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal + - enabled: true + name: other-gateway + namespace: cattle-istio-system + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/templates/_helpers.tpl b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/_helpers.tpl new file mode 100644 index 000000000..3f7af953a --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/_helpers.tpl @@ -0,0 +1,12 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "istio.namespace" -}} + {{- .Release.Namespace | default "istio-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/templates/admin-role.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/admin-role.yaml new file mode 100644 index 000000000..ad1313c4f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/admin-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: istio-admin + namespace: {{ template "istio.namespace" . }} +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/templates/base-config-map.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/base-config-map.yaml new file mode 100644 index 000000000..5323917bc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/base-config-map.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-base + namespace: {{ template "istio.namespace" . }} +data: +{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/templates/clusterrole.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/clusterrole.yaml new file mode 100644 index 000000000..3e621d897 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/clusterrole.yaml @@ -0,0 +1,112 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-installer +rules: +# istio groups +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - install.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - rbac.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - security.istio.io + resources: + - '*' + verbs: + - '*' +# k8s groups +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions.apiextensions.k8s.io + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - apps + - extensions + resources: + - daemonsets + - deployments + - deployments/finalizers + - ingresses + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - pods + - pods/exec + - persistentvolumeclaims + - secrets + - services + - serviceaccounts + verbs: + - '*' diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/templates/clusterrolebinding.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..9d74a0434 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: istio-installer +subjects: +- kind: ServiceAccount + name: istio-installer + namespace: {{ template "istio.namespace" . }} +roleRef: + kind: ClusterRole + name: istio-installer + apiGroup: rbac.authorization.k8s.io diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/templates/edit-role.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/edit-role.yaml new file mode 100644 index 000000000..d1059d58d --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/edit-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-edit +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/templates/istio-install-job.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/istio-install-job.yaml new file mode 100644 index 000000000..0e9c732e1 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/istio-install-job.yaml @@ -0,0 +1,45 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-installer + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + backoffLimit: 1 + template: + spec: + containers: + - name: istioctl-installer + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + - name: FORCE_INSTALL + value: {{ .Values.forceInstall | default "false" | quote }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/run.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{- end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{- end }} + serviceAccountName: istio-installer + restartPolicy: Never diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/templates/istio-uninstall-job.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/istio-uninstall-job.yaml new file mode 100644 index 000000000..b5946e55f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/istio-uninstall-job.yaml @@ -0,0 +1,42 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-uninstaller + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + spec: + containers: + - name: istioctl-uninstaller + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/uninstall_istio_system.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{ end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{ end }} + serviceAccountName: istio-installer + restartPolicy: OnFailure diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/templates/overlay-config-map.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/overlay-config-map.yaml new file mode 100644 index 000000000..287d26b2c --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/overlay-config-map.yaml @@ -0,0 +1,9 @@ +{{- if .Values.overlayFile }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-overlay + namespace: {{ template "istio.namespace" . }} +data: + overlay-config.yaml: {{ toYaml .Values.overlayFile | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/templates/service-monitors.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/service-monitors.yaml new file mode 100644 index 000000000..c3d60c4fc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/service-monitors.yaml @@ -0,0 +1,51 @@ +{{- if .Values.kiali.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: envoy-stats-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-proxies +spec: + selector: + matchExpressions: + - {key: istio-prometheus-ignore, operator: DoesNotExist} + namespaceSelector: + any: true + jobLabel: envoy-stats + endpoints: + - path: /stats/prometheus + targetPort: 15090 + interval: 15s + relabelings: + - sourceLabels: [__meta_kubernetes_pod_container_port_name] + action: keep + regex: '.*-envoy-prom' + - action: labeldrop + regex: "__meta_kubernetes_pod_label_(.+)" + - sourceLabels: [__meta_kubernetes_namespace] + action: replace + targetLabel: namespace + - sourceLabels: [__meta_kubernetes_pod_name] + action: replace + targetLabel: pod_name +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: istio-component-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-components +spec: + jobLabel: istio + targetLabels: [app] + selector: + matchExpressions: + - {key: istio, operator: In, values: [pilot]} + namespaceSelector: + any: true + endpoints: + - port: http-monitoring + interval: 15s +{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/templates/serviceaccount.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/serviceaccount.yaml new file mode 100644 index 000000000..82b6cbb7e --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/templates/view-role.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/view-role.yaml new file mode 100644 index 000000000..5947d3eba --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/view-role.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-view +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: ["get", "watch", "list"] + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: ["get", "watch", "list"] diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/values.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/values.yaml new file mode 100644 index 000000000..9c301d889 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/values.yaml @@ -0,0 +1,96 @@ +overlayFile: "" +tag: 1.7.3 +##Setting forceInstall: true will remove the check for istio version < 1.6.x and will not analyze your install cluster prior to install +forceInstall: false + +installer: + repository: rancher/istio-installer + tag: 1.7.3-rancher2 + +istiocoredns: + enabled: false + image: + repository: rancher/coredns-coredns + tag: 1.6.2 + pluginImage: + repository: rancher/istio-coredns-plugin + tag: 0.2-istio-1.1 + +base: + enabled: true + +cni: + enabled: false + repository: rancher/istio-install-cni + tag: 1.7.3 + +egressGateways: + enabled: false + type: NodePort + +ingressGateways: + enabled: true + type: NodePort + +istiodRemote: + enabled: false + +pilot: + enabled: true + repository: rancher/istio-pilot + tag: 1.7.3 + +#Mixer Policy is deprecated in 1.7.x, will not be supported in 1.8.x +policy: + enabled: false + repository: rancher/istio-mixer + tag: 1.7.3 + +telemetry: + enabled: true + #Telemetry v1 is deprecated in 1.7.x, will not be supported in 1.8.x + v1: + enabled: false + repository: rancher/istio-mixer + tag: 1.7.3 + v2: + enabled: true + +sidecarInjectorWebhook: + enableNamespacesByDefault: false + objectSelector: + enabled: true + autoInject: true + rewriteAppHTTPProbe: true + +global: + cattle: + systemDefaultRegistry: "" + proxy: + repository: rancher/istio-proxyv2 + tag: 1.7.3 + proxy_init: + repository: rancher/istio-proxyv2 + tag: 1.7.3 + defaultPodDisruptionBudget: + enabled: true + +# this can be removed in 1.7 as it is default +meshConfig: + enablePrometheusMerge: true + +# Kiali subchart from rancher-kiali-server +kiali: + enabled: true + auth: + strategy: anonymous + deployment: + ingress_enabled: false + repository: rancher/kiali-kiali + tag: v1.24.0 + external_services: + prometheus: + custom_metrics_url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + tracing: + enabled: false diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/Chart.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/Chart.yaml new file mode 100644 index 000000000..afa6127f8 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/Chart.yaml @@ -0,0 +1,19 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.24.003 + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Istio + catalog.cattle.io/namespace: istio-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 + catalog.cattle.io/release-name: rancher-istio + catalog.cattle.io/ui-component: istio +apiVersion: v1 +appVersion: 1.7.3 +description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ + for details. +icon: https://charts.rancher.io/assets/logos/istio.svg +keywords: +- networking +- infrastructure +name: rancher-istio +version: 1.7.301 diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/README.md b/released/charts/rancher-istio/rancher-istio/1.7.301/README.md new file mode 100644 index 000000000..96634b713 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/README.md @@ -0,0 +1,46 @@ +# Rancher Istio Installers + +A Rancher created chart that packages the istioctl binary to install via a helm chart. + +# Installation Requirements + +## Chart Dependencies +- rancher-kiali-server-crd chart + + +# Addons + +## Kiali + +Kiali allows you to view and manage your istio-based service mesh through an easy to use dashboard. + +### Dependencies +- rancher-monitoring chart or other Prometheus installation + +This dependecy installs the required CRDs for installing Kiali. Since Kiali is bundled in with Istio in this chart, if you do not have these dependencies installed, your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` when installing Istio for a succesful installation. + +> **Note:** The following configuration options assume you have installed the dependecies for Kiali. Please ensure you have Promtheus in your cluster before proceeding. + +The `kiali.external_services.prometheus` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` being set in your rancher-monitoring or other monitoring instance. + +The Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +## Jaeger + +Jaeger allows you to trace and monitor distributed microservices. + +> **Note:** This addon is using the all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io/docs/1.21/getting-started/) documentation to determine which installation you will need for your production needs. + +# Installation +``` +helm install rancher-istio . --create-namespace -n istio-system +``` \ No newline at end of file diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/app-readme.md b/released/charts/rancher-istio/rancher-istio/1.7.301/app-readme.md new file mode 100644 index 000000000..6a99367cb --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/app-readme.md @@ -0,0 +1,31 @@ +# Rancher Istio + +Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. It also includes: +* **[Kiali](https://kiali.io/)**: Used for graphing traffic flow throughout the mesh +* **[Jaeger](https://www.jaegertracing.io/)**: A quick start, all-in-one installation used for tracing distributed systemm. This is not production qualified, please refer to jaeger documentation to determine which installation you may need instead. + +### Dependencies + +**Rancher Monitoring or other Prometheus installation** + +The Prometheus CRDs are required for installing Kiali which is enabled by default. If you do not have Prometheus installed your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` to bypass this requirement. + +### Customization + +**Rancher Monitoring** + +The Rancher Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +**Custom Prometheus Installation with Kiali** + +To use a custom Monitoring installation, set the `kiali.external_services.prometheus` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port`: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/istio/v2.5/). diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/Chart.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/Chart.yaml new file mode 100644 index 000000000..f15dcf604 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server +apiVersion: v2 +appVersion: v1.24.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: rancher-kiali-server +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.24.0 diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/NOTES.txt b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/NOTES.txt new file mode 100644 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/_helpers.tpl b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/_helpers.tpl new file mode 100644 index 000000000..9dd3d7ff0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/_helpers.tpl @@ -0,0 +1,176 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- $includere := "" }} +{{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} +{{- end }} +{{- $excludere := "" }} +{{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} +{{- end }} +{{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/cabundle.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/cabundle.yaml new file mode 100644 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/configmap.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/configmap.yaml new file mode 100644 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/envoy.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/envoy.yaml new file mode 100644 index 000000000..8d961b848 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/envoy.yaml @@ -0,0 +1,55 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics +# discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/go.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/go.yaml new file mode 100644 index 000000000..01ebed7b5 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/go.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/kiali.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/kiali.yaml new file mode 100644 index 000000000..0d5b5caa2 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/kiali.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100644 index 000000000..e89e1200c --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,42 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100644 index 000000000..ab487dccc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,64 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100644 index 000000000..d7014951d --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/microprofile-1.1.yaml new file mode 100644 index 000000000..c00446c10 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/microprofile-x.y.yaml new file mode 100644 index 000000000..d15f527d9 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,37 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/nodejs.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/nodejs.yaml new file mode 100644 index 000000000..d772a16c0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/nodejs.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/quarkus.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/quarkus.yaml new file mode 100644 index 000000000..4fc3e9ac0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/quarkus.yaml @@ -0,0 +1,32 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/springboot-jvm-pool.yaml new file mode 100644 index 000000000..2ff4ae576 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/springboot-jvm.yaml new file mode 100644 index 000000000..8bd43055b --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/springboot-tomcat.yaml new file mode 100644 index 000000000..4b27aee4f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/thorntail.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/thorntail.yaml new file mode 100644 index 000000000..513488df4 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/thorntail.yaml @@ -0,0 +1,21 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/tomcat.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/tomcat.yaml new file mode 100644 index 000000000..28fd7f1cc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/tomcat.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-client.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-client.yaml new file mode 100644 index 000000000..17392d87f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-client.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-eventbus.yaml new file mode 100644 index 000000000..fa659b55c --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-jvm.yaml new file mode 100644 index 000000000..ac03ea2e0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-pool.yaml new file mode 100644 index 000000000..3715e9c10 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-server.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-server.yaml new file mode 100644 index 000000000..686295468 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-server.yaml @@ -0,0 +1,61 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/deployment.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/deployment.yaml new file mode 100644 index 000000000..6fab9ee49 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/deployment.yaml @@ -0,0 +1,165 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: null + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + - "-v" + - "{{ .Values.deployment.verbose_mode }}" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/ingess.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/ingess.yaml new file mode 100644 index 000000000..5a427e896 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/ingess.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/oauth.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/oauth.yaml new file mode 100644 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/role-viewer.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/role-viewer.yaml new file mode 100644 index 000000000..790406017 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/role-viewer.yaml @@ -0,0 +1,101 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - config.istio.io + - networking.istio.io + - authentication.istio.io + - rbac.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["authentication.maistra.io"] + resources: + - servicemeshpolicies + verbs: + - get + - list + - watch +- apiGroups: ["rbac.maistra.io"] + resources: + - servicemeshrbacconfigs + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/role.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/role.yaml new file mode 100644 index 000000000..34a47dd89 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/role.yaml @@ -0,0 +1,118 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - config.istio.io + - networking.istio.io + - authentication.istio.io + - rbac.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.maistra.io"] + resources: + - servicemeshpolicies + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["rbac.maistra.io"] + resources: + - servicemeshrbacconfigs + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/rolebinding.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/rolebinding.yaml new file mode 100644 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/route.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/route.yaml new file mode 100644 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/service.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/service.yaml new file mode 100644 index 000000000..69dc395d1 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/service.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/serviceaccount.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/serviceaccount.yaml new file mode 100644 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/validate-install-crd.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/validate-install-crd.yaml new file mode 100644 index 000000000..01d33e632 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-kiali-server-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/web-root-configmap.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/web-root-configmap.yaml new file mode 100644 index 000000000..970d4e4f5 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/values.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/values.yaml new file mode 100644 index 000000000..fccc6d4ce --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/values.yaml @@ -0,0 +1,79 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + repository: rancher/kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.24.0 + ingress_enabled: true + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + verbose_mode: "3" + version_label: v1.24.0 + view_only_mode: false + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/.helmignore b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/Chart.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/Chart.yaml new file mode 100644 index 000000000..0a3437798 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/Chart.yaml @@ -0,0 +1,12 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: istio-system + catalog.rancher.io/release-name: rancher-tracing +apiVersion: v1 +appVersion: 1.20.0 +description: A quick start Jaeger Tracing installation using the all-in-one demo. + This is not production qualified. Refer to https://www.jaegertracing.io/ for details. +name: rancher-tracing +version: 1.20.001 diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/README.md b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/README.md new file mode 100644 index 000000000..25534c628 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/README.md @@ -0,0 +1,5 @@ +# Jaeger + +A Rancher chart based on the Jaeger all-in-one quick installation option. This chart will allow you to trace and monitor distributed microservices. + +> **Note:** The basic all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io) documentation to determine which installation you will need for your production needs. diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/_affinity.tpl b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/_affinity.tpl new file mode 100644 index 000000000..bf6a9aee5 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/_affinity.tpl @@ -0,0 +1,92 @@ +{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} +{{- define "nodeAffinity" }} + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityRequiredDuringScheduling" . }} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityPreferredDuringScheduling" . }} +{{- end }} + +{{- define "nodeAffinityRequiredDuringScheduling" }} + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - {{ $key | quote }} + {{- end }} + {{- end }} + {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} + {{- range $key, $val := $nodeSelector }} + - key: {{ $key }} + operator: In + values: + - {{ $val | quote }} + {{- end }} +{{- end }} + +{{- define "nodeAffinityPreferredDuringScheduling" }} + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - weight: {{ $val | int }} + preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - {{ $key | quote }} + {{- end }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinity" }} +{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} + podAntiAffinity: + {{- if .Values.podAntiAffinityLabelSelector }} + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityRequiredDuringScheduling" . }} + {{- end }} + {{- if or .Values.podAntiAffinityTermLabelSelector}} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityPreferredDuringScheduling" . }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "podAntiAffinityRequiredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} + - labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinityPreferredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + weight: 100 + {{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/_helpers.tpl b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/_helpers.tpl new file mode 100644 index 000000000..56cfa7335 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "tracing.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "tracing.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/deployment.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/deployment.yaml new file mode 100644 index 000000000..e7ecfadd8 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/deployment.yaml @@ -0,0 +1,80 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + selector: + matchLabels: + app: {{ .Values.provider }} + template: + metadata: + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + annotations: + sidecar.istio.io/inject: "false" + prometheus.io/scrape: "true" + prometheus.io/port: "14269" +{{- if .Values.jaeger.podAnnotations }} +{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} +{{- end }} + spec: + containers: + - name: jaeger + image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + env: + {{- if eq .Values.jaeger.spanStorageType "badger" }} + - name: BADGER_EPHEMERAL + value: "false" + - name: SPAN_STORAGE_TYPE + value: "badger" + - name: BADGER_DIRECTORY_VALUE + value: "/badger/data" + - name: BADGER_DIRECTORY_KEY + value: "/badger/key" + {{- end }} + - name: COLLECTOR_ZIPKIN_HTTP_PORT + value: "9411" + - name: MEMORY_MAX_TRACES + value: "{{ .Values.jaeger.memory.max_traces }}" + - name: QUERY_BASE_PATH + value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} + livenessProbe: + httpGet: + path: / + port: 14269 + readinessProbe: + httpGet: + path: / + port: 14269 +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumeMounts: + - name: data + mountPath: /badger +{{- end }} + resources: +{{- if .Values.jaeger.resources }} +{{ toYaml .Values.jaeger.resources | indent 12 }} +{{- else }} +{{ toYaml .Values.global.defaultResources | indent 12 }} +{{- end }} + affinity: + {{- include "nodeAffinity" . | indent 6 }} + {{- include "podAntiAffinity" . | indent 6 }} +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumes: + - name: data +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} + persistentVolumeClaim: + claimName: istio-jaeger-pvc +{{- else }} + emptyDir: {} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/pvc.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/pvc.yaml new file mode 100644 index 000000000..9b4c55e4f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/pvc.yaml @@ -0,0 +1,16 @@ +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: istio-jaeger-pvc + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} +spec: + storageClassName: {{ .Values.jaeger.storageClassName }} + accessModes: + - {{ .Values.jaeger.accessMode }} + resources: + requests: + storage: {{.Values.jaeger.persistentVolumeClaim.storage }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/service.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/service.yaml new file mode 100644 index 000000000..4210a9b5f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/service.yaml @@ -0,0 +1,63 @@ +apiVersion: v1 +kind: Service +metadata: + name: tracing + namespace: {{ .Release.Namespace }} + annotations: + {{- range $key, $val := .Values.service.annotations }} + {{ $key }}: {{ $val | quote }} + {{- end }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: {{ .Values.service.type }} + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.service.externalPort }} + protocol: TCP + targetPort: 16686 + selector: + app: {{ .Values.provider }} +--- +# Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin. +apiVersion: v1 +kind: Service +metadata: + name: zipkin + namespace: {{ .Release.Namespace }} + labels: + name: zipkin + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.zipkin.queryPort }} + targetPort: {{ .Values.zipkin.queryPort }} + selector: + app: {{ .Values.provider }} +--- +apiVersion: v1 +kind: Service +metadata: + name: jaeger-collector + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: ClusterIP + ports: + - name: jaeger-collector-http + port: 14268 + targetPort: 14268 + protocol: TCP + - name: jaeger-collector-grpc + port: 14250 + targetPort: 14250 + protocol: TCP + selector: + app: {{ .Values.provider }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/values.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/values.yaml new file mode 100644 index 000000000..0002f11f8 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/values.yaml @@ -0,0 +1,42 @@ +provider: jaeger +contextPath: "" +nodeSelector: {} +podAntiAffinityLabelSelector: [] +podAntiAffinityTermLabelSelector: [] +nameOverride: "" +fullnameOverride: "" + +global: + cattle: + systemDefaultRegistry: "" + defaultResources: {} + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + arch: + amd64: 2 + s390x: 2 + ppc64le: 2 + defaultNodeSelector: {} + +jaeger: + repository: rancher/jaegertracing-all-in-one + tag: 1.20.0 + # spanStorageType value can be "memory" and "badger" for all-in-one image + spanStorageType: badger + resources: + requests: + cpu: 10m + persistentVolumeClaim: + enabled: false + storage: 5Gi + storageClassName: "" + accessMode: ReadWriteMany + memory: + max_traces: 50000 +zipkin: + queryPort: 9411 +service: + annotations: {} + name: http-query + type: ClusterIP + externalPort: 16686 diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/configs/istio-base.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/configs/istio-base.yaml new file mode 100644 index 000000000..daf77f5c7 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/configs/istio-base.yaml @@ -0,0 +1,102 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + addonComponents: + istiocoredns: + enabled: {{ .Values.istiocoredns.enabled }} + components: + base: + enabled: {{ .Values.base.enabled }} + cni: + enabled: {{ .Values.cni.enabled }} + egressGateways: + - enabled: {{ .Values.egressGateways.enabled }} + name: istio-egressgateway + ingressGateways: + - enabled: {{ .Values.ingressGateways.enabled }} + name: istio-ingressgateway + k8s: + service: + ports: + - name: status-port + port: 15021 + targetPort: 15021 + - name: http2 + port: 80 + targetPort: 8080 + nodePort: 31380 + - name: https + port: 443 + targetPort: 8443 + nodePort: 31390 + - name: tcp + port: 31400 + targetPort: 31400 + nodePort: 31400 + - name: tls + port: 15443 + targetPort: 15443 + istiodRemote: + enabled: {{ .Values.istiodRemote.enabled }} + pilot: + enabled: {{ .Values.pilot.enabled }} + policy: + enabled: {{ .Values.policy.enabled }} + telemetry: + enabled: {{ .Values.telemetry.v1.enabled }} + hub: {{ .Values.systemDefaultRegistry | default "docker.io" }} + profile: default + tag: {{ .Values.tag }} + revision: {{ .Values.revision }} + meshConfig: + enablePrometheusMerge: {{ .Values.meshConfig.enablePrometheusMerge }} + values: + gateways: + istio-egressgateway: + name: istio-egressgateway + type: {{ .Values.egressGateways.type }} + istio-ingressgateway: + name: istio-ingressgateway + type: {{ .Values.ingressGateways.type }} + global: + istioNamespace: {{ template "istio.namespace" . }} + proxy: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }} + proxy_init: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }} + {{- if .Values.global.defaultPodDisruptionBudget.enabled }} + defaultPodDisruptionBudget: + enabled: {{ .Values.global.defaultPodDisruptionBudget.enabled }} + {{- end }} + istiocoredns: + coreDNSImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.image.repository }} + coreDNSPluginImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.pluginImage.repository }}:{{ .Values.istiocoredns.pluginImage.tag }} + coreDNSTag: {{ .Values.istiocoredns.image.tag }} + {{- if or .Values.policy.enabled .Values.telemetry.v1.enabled }} + mixer: + {{- if .Values.policy.enabled }} + policy: + image: {{ template "system_default_registry" . }}{{ .Values.policy.repository }}:{{ .Values.policy.tag }} + {{- end }} + {{- if .Values.telemetry.v1.enabled }} + telemetry: + image: {{ template "system_default_registry" . }}{{ .Values.telemetry.v1.repository }}:{{ .Values.telemetry.v1.tag }} + {{- end }} + {{- end }} + {{- if .Values.pilot.enabled }} + pilot: + image: {{ template "system_default_registry" . }}{{ .Values.pilot.repository }}:{{ .Values.pilot.tag }} + {{- end }} + telemetry: + enabled: {{ .Values.telemetry.enabled }} + v1: + enabled: {{ .Values.telemetry.v1.enabled }} + v2: + enabled: {{ .Values.telemetry.v2.enabled }} + {{- if .Values.cni.enabled }} + cni: + image: {{ template "system_default_registry" . }}{{ .Values.cni.repository }}:{{ .Values.cni.tag }} + excludeNamespaces: + {{- toYaml .Values.cni.excludeNamespaces | nindent 8 }} + logLevel: {{ .Values.cni.logLevel }} + {{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/requirements.lock b/released/charts/rancher-istio/rancher-istio/1.7.301/requirements.lock new file mode 100644 index 000000000..f47835c14 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/requirements.lock @@ -0,0 +1,9 @@ +dependencies: +- name: rancher-kiali-server + repository: file://../../rancher-kiali-server/charts + version: 1.24.0 +- name: rancher-tracing + repository: file://../../rancher-tracing/charts + version: 1.20.001 +digest: sha256:92116a2b3454607da3ef18e994de75a2b75db56c4dfc8baf9b76e839d007b1cc +generated: "2021-01-07T05:24:11.644300126Z" diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/requirements.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/requirements.yaml new file mode 100644 index 000000000..e0429b593 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/requirements.yaml @@ -0,0 +1,13 @@ +dependencies: + + - name: rancher-kiali-server + alias: kiali + condition: kiali.enabled + version: 1.24.0 + repository: file://../../rancher-kiali-server/charts + + - name: rancher-tracing + alias: tracing + condition: tracing.enabled + version: 1.20.001 + repository: file://../../rancher-tracing/charts diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/samples/overlay-example.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/samples/overlay-example.yaml new file mode 100644 index 000000000..5cf3cf3b0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/samples/overlay-example.yaml @@ -0,0 +1,37 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + components: + ingressGateways: + - enabled: true + name: ilb-gateway + namespace: user-ingressgateway-ns + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal + - enabled: true + name: other-gateway + namespace: cattle-istio-system + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/templates/_helpers.tpl b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/_helpers.tpl new file mode 100644 index 000000000..3f7af953a --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/_helpers.tpl @@ -0,0 +1,12 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "istio.namespace" -}} + {{- .Release.Namespace | default "istio-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/templates/admin-role.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/admin-role.yaml new file mode 100644 index 000000000..ad1313c4f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/admin-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: istio-admin + namespace: {{ template "istio.namespace" . }} +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/templates/base-config-map.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/base-config-map.yaml new file mode 100644 index 000000000..5323917bc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/base-config-map.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-base + namespace: {{ template "istio.namespace" . }} +data: +{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/templates/clusterrole.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/clusterrole.yaml new file mode 100644 index 000000000..3e621d897 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/clusterrole.yaml @@ -0,0 +1,112 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-installer +rules: +# istio groups +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - install.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - rbac.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - security.istio.io + resources: + - '*' + verbs: + - '*' +# k8s groups +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions.apiextensions.k8s.io + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - apps + - extensions + resources: + - daemonsets + - deployments + - deployments/finalizers + - ingresses + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - pods + - pods/exec + - persistentvolumeclaims + - secrets + - services + - serviceaccounts + verbs: + - '*' diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/templates/clusterrolebinding.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..9d74a0434 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: istio-installer +subjects: +- kind: ServiceAccount + name: istio-installer + namespace: {{ template "istio.namespace" . }} +roleRef: + kind: ClusterRole + name: istio-installer + apiGroup: rbac.authorization.k8s.io diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/templates/edit-role.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/edit-role.yaml new file mode 100644 index 000000000..d1059d58d --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/edit-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-edit +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/templates/istio-install-job.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/istio-install-job.yaml new file mode 100644 index 000000000..0e9c732e1 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/istio-install-job.yaml @@ -0,0 +1,45 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-installer + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + backoffLimit: 1 + template: + spec: + containers: + - name: istioctl-installer + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + - name: FORCE_INSTALL + value: {{ .Values.forceInstall | default "false" | quote }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/run.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{- end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{- end }} + serviceAccountName: istio-installer + restartPolicy: Never diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/templates/istio-uninstall-job.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/istio-uninstall-job.yaml new file mode 100644 index 000000000..b5946e55f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/istio-uninstall-job.yaml @@ -0,0 +1,42 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-uninstaller + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + spec: + containers: + - name: istioctl-uninstaller + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/uninstall_istio_system.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{ end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{ end }} + serviceAccountName: istio-installer + restartPolicy: OnFailure diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/templates/overlay-config-map.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/overlay-config-map.yaml new file mode 100644 index 000000000..287d26b2c --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/overlay-config-map.yaml @@ -0,0 +1,9 @@ +{{- if .Values.overlayFile }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-overlay + namespace: {{ template "istio.namespace" . }} +data: + overlay-config.yaml: {{ toYaml .Values.overlayFile | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/templates/service-monitors.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/service-monitors.yaml new file mode 100644 index 000000000..c3d60c4fc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/service-monitors.yaml @@ -0,0 +1,51 @@ +{{- if .Values.kiali.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: envoy-stats-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-proxies +spec: + selector: + matchExpressions: + - {key: istio-prometheus-ignore, operator: DoesNotExist} + namespaceSelector: + any: true + jobLabel: envoy-stats + endpoints: + - path: /stats/prometheus + targetPort: 15090 + interval: 15s + relabelings: + - sourceLabels: [__meta_kubernetes_pod_container_port_name] + action: keep + regex: '.*-envoy-prom' + - action: labeldrop + regex: "__meta_kubernetes_pod_label_(.+)" + - sourceLabels: [__meta_kubernetes_namespace] + action: replace + targetLabel: namespace + - sourceLabels: [__meta_kubernetes_pod_name] + action: replace + targetLabel: pod_name +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: istio-component-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-components +spec: + jobLabel: istio + targetLabels: [app] + selector: + matchExpressions: + - {key: istio, operator: In, values: [pilot]} + namespaceSelector: + any: true + endpoints: + - port: http-monitoring + interval: 15s +{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/templates/serviceaccount.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/serviceaccount.yaml new file mode 100644 index 000000000..82b6cbb7e --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/templates/view-role.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/view-role.yaml new file mode 100644 index 000000000..5947d3eba --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/view-role.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-view +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: ["get", "watch", "list"] + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: ["get", "watch", "list"] diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/values.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/values.yaml new file mode 100644 index 000000000..da4042282 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/values.yaml @@ -0,0 +1,106 @@ +overlayFile: "" +tag: 1.7.3 +##Setting forceInstall: true will remove the check for istio version < 1.6.x and will not analyze your install cluster prior to install +forceInstall: false + +installer: + repository: rancher/istio-installer + tag: 1.7.3-rancher2 + +istiocoredns: + enabled: false + image: + repository: rancher/coredns-coredns + tag: 1.6.2 + pluginImage: + repository: rancher/istio-coredns-plugin + tag: 0.2-istio-1.1 + +base: + enabled: true + +cni: + enabled: false + repository: rancher/istio-install-cni + tag: 1.7.3 + logLevel: info + excludeNamespaces: + - istio-system + - kube-system + +egressGateways: + enabled: false + type: NodePort + +ingressGateways: + enabled: true + type: NodePort + +istiodRemote: + enabled: false + +pilot: + enabled: true + repository: rancher/istio-pilot + tag: 1.7.3 + +#Mixer Policy is deprecated in 1.7.x, will not be supported in 1.8.x +policy: + enabled: false + repository: rancher/istio-mixer + tag: 1.7.3 + +telemetry: + enabled: true + #Telemetry v1 is deprecated in 1.7.x, will not be supported in 1.8.x + v1: + enabled: false + repository: rancher/istio-mixer + tag: 1.7.3 + v2: + enabled: true + +sidecarInjectorWebhook: + enableNamespacesByDefault: false + objectSelector: + enabled: true + autoInject: true + rewriteAppHTTPProbe: true + +global: + cattle: + systemDefaultRegistry: "" + proxy: + repository: rancher/istio-proxyv2 + tag: 1.7.3 + proxy_init: + repository: rancher/istio-proxyv2 + tag: 1.7.3 + defaultPodDisruptionBudget: + enabled: true + +# this can be removed in 1.7 as it is default +meshConfig: + enablePrometheusMerge: true + +# Kiali subchart from rancher-kiali-server +kiali: + enabled: true + auth: + strategy: anonymous + deployment: + ingress_enabled: false + repository: rancher/kiali-kiali + tag: v1.24.0 + external_services: + prometheus: + custom_metrics_url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + tracing: + in_cluster_url: "http://tracing.istio-system.svc:16686" + +tracing: + enabled: false + jaeger: + repository: rancher/jaegertracing-all-in-one + tag: 1.20.0 diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/Chart.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/Chart.yaml new file mode 100755 index 000000000..8df587ad9 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/Chart.yaml @@ -0,0 +1,21 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.29.000 + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Istio + catalog.cattle.io/namespace: istio-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 + catalog.cattle.io/release-name: rancher-istio + catalog.cattle.io/requests-cpu: 710m + catalog.cattle.io/requests-memory: 2314Mi + catalog.cattle.io/ui-component: istio +apiVersion: v1 +appVersion: 1.8.3 +description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ + for details. +icon: https://charts.rancher.io/assets/logos/istio.svg +keywords: +- networking +- infrastructure +name: rancher-istio +version: 1.8.300 diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/README.md b/released/charts/rancher-istio/rancher-istio/1.8.300/README.md new file mode 100755 index 000000000..199e45312 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/README.md @@ -0,0 +1,69 @@ +# Rancher Istio Installers + +A Rancher created chart that packages the istioctl binary to install via a helm chart. + +# Installation Requirements + +## Chart Dependencies +- rancher-kiali-server-crd chart + +# Uninstallation Requirements +To ensure rancher-istio uninstalls correctly, you must uninstall rancher-istio prior to uninstalling chart dependencies (see installation requirements for chart dependencies). This is because all definitions need to be available in order to properly build the rancher-istio objects for removal. + +If you remove dependent CRD charts prior to removing rancher-istio, you may encounter the following error:: + +`Error: uninstallation completed with 1 error(s): unable to build kubernetes objects for delete: unable to recognize "": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"` + +# Addons + +## Kiali + +Kiali allows you to view and manage your istio-based service mesh through an easy to use dashboard. + +#### Dependencies +- rancher-monitoring chart or other Prometheus installation + +This dependecy installs the required CRDs for installing Kiali. Since Kiali is bundled in with Istio in this chart, if you do not have these dependencies installed, your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` when installing Istio for a succesful installation. + +> **Note:** The following configuration options assume you have installed the dependecies for Kiali. Please ensure you have Promtheus in your cluster before proceeding. + +The Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +#### External Services + +##### Prometheus +The `kiali.external_services.prometheus` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` being set in your rancher-monitoring or other monitoring instance. + +##### Grafana +The `kiali.external_services.grafana` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `grafana.service.port` being set in your rancher-monitoring or other monitoring instance. + +##### Tracing +The `kiali.external_services.tracing` url and `.Values.tracing.contextPath` is set in the rancher-istio values.yaml: +``` +http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} +``` +The url depends on the default values for `namespaceOverride`, and `.Values.service.externalPort` being set in your rancher-tracing or other tracing instance. + +## Jaeger + +Jaeger allows you to trace and monitor distributed microservices. + +> **Note:** This addon is using the all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io/docs/1.21/getting-started/) documentation to determine which installation you will need for your production needs. + +# Installation +``` +helm install rancher-istio . --create-namespace -n istio-system +``` \ No newline at end of file diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/app-readme.md b/released/charts/rancher-istio/rancher-istio/1.8.300/app-readme.md new file mode 100755 index 000000000..0e42df083 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/app-readme.md @@ -0,0 +1,45 @@ +# Rancher Istio + +Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. It also includes: +* **[Kiali](https://kiali.io/)**: Used for graphing traffic flow throughout the mesh +* **[Jaeger](https://www.jaegertracing.io/)**: A quick start, all-in-one installation used for tracing distributed systemm. This is not production qualified, please refer to jaeger documentation to determine which installation you may need instead. + +### Dependencies + +**Rancher Monitoring or other Prometheus installation** + +The Prometheus CRDs are required for installing Kiali which is enabled by default. If you do not have Prometheus installed your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` to bypass this requirement. + +### Customization + +**Rancher Monitoring** + +The Rancher Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +**Custom Prometheus Installation with Kiali** + +To use a custom Monitoring installation, set the `kiali.external_services.prometheus` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` in your rancher-monitoring or other monitoring instance: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +**Custom Grafana Installation with Kiali** + +To use a custom Grafana installation, set the `kiali.external_services.grafana` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `granfa.service.port` in your rancher-monitoring or other grafana instance: +``` +http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} +``` +**Custom Tracing Installation with Kiali** + +To use a custom Tracing installation, set the `kiali.external_services.tracing` url and update the `.Values.tracing.contextPath` in the rancher-istio values.yaml. + +This url depends on the values for `namespaceOverride`, and `.Values.service.externalPort` in your rancher-tracing or other tracing instance.: +``` +http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} +``` + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/istio/v2.5/). diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/Chart.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/Chart.yaml new file mode 100755 index 000000000..e08a9b65b --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server +apiVersion: v2 +appVersion: v1.29.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: kiali +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.29.0 diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/NOTES.txt b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/NOTES.txt new file mode 100755 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/_helpers.tpl b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/_helpers.tpl new file mode 100755 index 000000000..dd33bbe48 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/_helpers.tpl @@ -0,0 +1,192 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Identifies the log_level with the old verbose_mode and the new log_level considered. +*/}} +{{- define "kiali-server.logLevel" -}} +{{- if .Values.deployment.verbose_mode -}} +{{- .Values.deployment.verbose_mode -}} +{{- else -}} +{{- .Values.deployment.logger.log_level -}} +{{- end -}} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: "kiali" +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- if .Values.external_services.custom_dashboards.enabled }} + {{- $includere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- $excludere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} + {{- else }} + {{- print "" }} + {{- end }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/cabundle.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/cabundle.yaml new file mode 100755 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/configmap.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/configmap.yaml new file mode 100755 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/envoy.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/envoy.yaml new file mode 100755 index 000000000..8d961b848 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/envoy.yaml @@ -0,0 +1,55 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics +# discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/go.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/go.yaml new file mode 100755 index 000000000..01ebed7b5 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/go.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/kiali.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/kiali.yaml new file mode 100755 index 000000000..0d5b5caa2 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/kiali.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100755 index 000000000..e89e1200c --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,42 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100755 index 000000000..ab487dccc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,64 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100755 index 000000000..d7014951d --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/microprofile-1.1.yaml new file mode 100755 index 000000000..c00446c10 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/microprofile-x.y.yaml new file mode 100755 index 000000000..d15f527d9 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,37 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/nodejs.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/nodejs.yaml new file mode 100755 index 000000000..d772a16c0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/nodejs.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/quarkus.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/quarkus.yaml new file mode 100755 index 000000000..4fc3e9ac0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/quarkus.yaml @@ -0,0 +1,32 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml new file mode 100755 index 000000000..2ff4ae576 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/springboot-jvm.yaml new file mode 100755 index 000000000..8bd43055b --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/springboot-tomcat.yaml new file mode 100755 index 000000000..4b27aee4f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/thorntail.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/thorntail.yaml new file mode 100755 index 000000000..513488df4 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/thorntail.yaml @@ -0,0 +1,21 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/tomcat.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/tomcat.yaml new file mode 100755 index 000000000..28fd7f1cc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/tomcat.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-client.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-client.yaml new file mode 100755 index 000000000..17392d87f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-client.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-eventbus.yaml new file mode 100755 index 000000000..fa659b55c --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-jvm.yaml new file mode 100755 index 000000000..ac03ea2e0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-pool.yaml new file mode 100755 index 000000000..3715e9c10 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-server.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-server.yaml new file mode 100755 index 000000000..686295468 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-server.yaml @@ -0,0 +1,61 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/deployment.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/deployment.yaml new file mode 100755 index 000000000..de5ae7ebe --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/deployment.yaml @@ -0,0 +1,174 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + {{- if .Values.deployment.pod_labels }} + {{- toYaml .Values.deployment.pod_labels | nindent 8 }} + {{- end }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: null + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LOG_LEVEL + value: "{{ include "kiali-server.logLevel" . }}" + - name: LOG_FORMAT + value: "{{ .Values.deployment.logger.log_format }}" + - name: LOG_TIME_FIELD_FORMAT + value: "{{ .Values.deployment.logger.time_field_format }}" + - name: LOG_SAMPLER_RATE + value: "{{ .Values.deployment.logger.sampler_rate }}" + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/hpa.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/hpa.yaml new file mode 100755 index 000000000..934c4c1e9 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/hpa.yaml @@ -0,0 +1,17 @@ +{{- if .Values.deployment.hpa.spec }} +--- +apiVersion: {{ .Values.deployment.hpa.api_version }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "kiali-server.fullname" . }} + {{- toYaml .Values.deployment.hpa.spec | nindent 2 }} +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/ingress.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/ingress.yaml new file mode 100755 index 000000000..e4c98db1b --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/ingress.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/oauth.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/oauth.yaml new file mode 100755 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/role-controlplane.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/role-controlplane.yaml new file mode 100755 index 000000000..a22c76756 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/role-controlplane.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - secrets + verbs: + - list +... diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/role-viewer.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/role-viewer.yaml new file mode 100755 index 000000000..a496c0828 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/role-viewer.yaml @@ -0,0 +1,96 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/role.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/role.yaml new file mode 100755 index 000000000..bd51e8d5e --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/role.yaml @@ -0,0 +1,107 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/rolebinding-controlplane.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/rolebinding-controlplane.yaml new file mode 100755 index 000000000..fcd8fd579 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/rolebinding-controlplane.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kiali-controlplane +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/rolebinding.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/rolebinding.yaml new file mode 100755 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/route.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/route.yaml new file mode 100755 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/service.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/service.yaml new file mode 100755 index 000000000..69dc395d1 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/service.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/serviceaccount.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/serviceaccount.yaml new file mode 100755 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/validate-install-crd.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/validate-install-crd.yaml new file mode 100755 index 000000000..b42eeb266 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/web-root-configmap.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/web-root-configmap.yaml new file mode 100755 index 000000000..970d4e4f5 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/values.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/values.yaml new file mode 100755 index 000000000..46d703c18 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/values.yaml @@ -0,0 +1,91 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + hpa: + api_version: "autoscaling/v2beta2" + spec: {} + repository: rancher/mirrored-kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.29.0 + ingress_enabled: true + logger: + log_format: "text" + log_level: "info" + time_field_format: "2006-01-02T15:04:05Z07:00" + sampler_rate: "1" + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + pod_labels: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + version_label: v1.29.0 + view_only_mode: false + +external_services: + custom_dashboards: + enabled: true + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/.helmignore b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/Chart.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/Chart.yaml new file mode 100755 index 000000000..bae6dfa47 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/Chart.yaml @@ -0,0 +1,12 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: istio-system + catalog.rancher.io/release-name: rancher-tracing +apiVersion: v1 +appVersion: 1.20.0 +description: A quick start Jaeger Tracing installation using the all-in-one demo. + This is not production qualified. Refer to https://www.jaegertracing.io/ for details. +name: tracing +version: 1.20.0 diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/README.md b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/README.md new file mode 100755 index 000000000..25534c628 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/README.md @@ -0,0 +1,5 @@ +# Jaeger + +A Rancher chart based on the Jaeger all-in-one quick installation option. This chart will allow you to trace and monitor distributed microservices. + +> **Note:** The basic all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io) documentation to determine which installation you will need for your production needs. diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/_affinity.tpl b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/_affinity.tpl new file mode 100755 index 000000000..bf6a9aee5 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/_affinity.tpl @@ -0,0 +1,92 @@ +{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} +{{- define "nodeAffinity" }} + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityRequiredDuringScheduling" . }} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityPreferredDuringScheduling" . }} +{{- end }} + +{{- define "nodeAffinityRequiredDuringScheduling" }} + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - {{ $key | quote }} + {{- end }} + {{- end }} + {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} + {{- range $key, $val := $nodeSelector }} + - key: {{ $key }} + operator: In + values: + - {{ $val | quote }} + {{- end }} +{{- end }} + +{{- define "nodeAffinityPreferredDuringScheduling" }} + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - weight: {{ $val | int }} + preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - {{ $key | quote }} + {{- end }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinity" }} +{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} + podAntiAffinity: + {{- if .Values.podAntiAffinityLabelSelector }} + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityRequiredDuringScheduling" . }} + {{- end }} + {{- if or .Values.podAntiAffinityTermLabelSelector}} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityPreferredDuringScheduling" . }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "podAntiAffinityRequiredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} + - labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinityPreferredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + weight: 100 + {{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/_helpers.tpl b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/_helpers.tpl new file mode 100755 index 000000000..56cfa7335 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "tracing.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "tracing.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/deployment.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/deployment.yaml new file mode 100755 index 000000000..e7ecfadd8 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/deployment.yaml @@ -0,0 +1,80 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + selector: + matchLabels: + app: {{ .Values.provider }} + template: + metadata: + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + annotations: + sidecar.istio.io/inject: "false" + prometheus.io/scrape: "true" + prometheus.io/port: "14269" +{{- if .Values.jaeger.podAnnotations }} +{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} +{{- end }} + spec: + containers: + - name: jaeger + image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + env: + {{- if eq .Values.jaeger.spanStorageType "badger" }} + - name: BADGER_EPHEMERAL + value: "false" + - name: SPAN_STORAGE_TYPE + value: "badger" + - name: BADGER_DIRECTORY_VALUE + value: "/badger/data" + - name: BADGER_DIRECTORY_KEY + value: "/badger/key" + {{- end }} + - name: COLLECTOR_ZIPKIN_HTTP_PORT + value: "9411" + - name: MEMORY_MAX_TRACES + value: "{{ .Values.jaeger.memory.max_traces }}" + - name: QUERY_BASE_PATH + value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} + livenessProbe: + httpGet: + path: / + port: 14269 + readinessProbe: + httpGet: + path: / + port: 14269 +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumeMounts: + - name: data + mountPath: /badger +{{- end }} + resources: +{{- if .Values.jaeger.resources }} +{{ toYaml .Values.jaeger.resources | indent 12 }} +{{- else }} +{{ toYaml .Values.global.defaultResources | indent 12 }} +{{- end }} + affinity: + {{- include "nodeAffinity" . | indent 6 }} + {{- include "podAntiAffinity" . | indent 6 }} +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumes: + - name: data +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} + persistentVolumeClaim: + claimName: istio-jaeger-pvc +{{- else }} + emptyDir: {} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/pvc.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/pvc.yaml new file mode 100755 index 000000000..9b4c55e4f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/pvc.yaml @@ -0,0 +1,16 @@ +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: istio-jaeger-pvc + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} +spec: + storageClassName: {{ .Values.jaeger.storageClassName }} + accessModes: + - {{ .Values.jaeger.accessMode }} + resources: + requests: + storage: {{.Values.jaeger.persistentVolumeClaim.storage }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/service.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/service.yaml new file mode 100755 index 000000000..4210a9b5f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/service.yaml @@ -0,0 +1,63 @@ +apiVersion: v1 +kind: Service +metadata: + name: tracing + namespace: {{ .Release.Namespace }} + annotations: + {{- range $key, $val := .Values.service.annotations }} + {{ $key }}: {{ $val | quote }} + {{- end }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: {{ .Values.service.type }} + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.service.externalPort }} + protocol: TCP + targetPort: 16686 + selector: + app: {{ .Values.provider }} +--- +# Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin. +apiVersion: v1 +kind: Service +metadata: + name: zipkin + namespace: {{ .Release.Namespace }} + labels: + name: zipkin + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.zipkin.queryPort }} + targetPort: {{ .Values.zipkin.queryPort }} + selector: + app: {{ .Values.provider }} +--- +apiVersion: v1 +kind: Service +metadata: + name: jaeger-collector + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: ClusterIP + ports: + - name: jaeger-collector-http + port: 14268 + targetPort: 14268 + protocol: TCP + - name: jaeger-collector-grpc + port: 14250 + targetPort: 14250 + protocol: TCP + selector: + app: {{ .Values.provider }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/values.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/values.yaml new file mode 100755 index 000000000..cae26c748 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/values.yaml @@ -0,0 +1,42 @@ +provider: jaeger +contextPath: "" +nodeSelector: {} +podAntiAffinityLabelSelector: [] +podAntiAffinityTermLabelSelector: [] +nameOverride: "" +fullnameOverride: "" + +global: + cattle: + systemDefaultRegistry: "" + defaultResources: {} + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + arch: + amd64: 2 + s390x: 2 + ppc64le: 2 + defaultNodeSelector: {} + +jaeger: + repository: rancher/mirrored-jaegertracing-all-in-one + tag: 1.20.0 + # spanStorageType value can be "memory" and "badger" for all-in-one image + spanStorageType: badger + resources: + requests: + cpu: 10m + persistentVolumeClaim: + enabled: false + storage: 5Gi + storageClassName: "" + accessMode: ReadWriteMany + memory: + max_traces: 50000 +zipkin: + queryPort: 9411 +service: + annotations: {} + name: http-query + type: ClusterIP + externalPort: 16686 diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/configs/istio-base.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/configs/istio-base.yaml new file mode 100755 index 000000000..c484f5988 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/configs/istio-base.yaml @@ -0,0 +1,85 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + addonComponents: + istiocoredns: + enabled: {{ .Values.istiocoredns.enabled }} + components: + base: + enabled: {{ .Values.base.enabled }} + cni: + enabled: {{ .Values.cni.enabled }} + egressGateways: + - enabled: {{ .Values.egressGateways.enabled }} + name: istio-egressgateway + ingressGateways: + - enabled: {{ .Values.ingressGateways.enabled }} + name: istio-ingressgateway + k8s: + service: + ports: + - name: status-port + port: 15021 + targetPort: 15021 + - name: http2 + port: 80 + targetPort: 8080 + nodePort: 31380 + - name: https + port: 443 + targetPort: 8443 + nodePort: 31390 + - name: tcp + port: 31400 + targetPort: 31400 + nodePort: 31400 + - name: tls + port: 15443 + targetPort: 15443 + istiodRemote: + enabled: {{ .Values.istiodRemote.enabled }} + pilot: + enabled: {{ .Values.pilot.enabled }} + hub: {{ .Values.systemDefaultRegistry | default "docker.io" }} + profile: default + tag: {{ .Values.tag }} + revision: {{ .Values.revision }} + meshConfig: + enablePrometheusMerge: {{ .Values.meshConfig.enablePrometheusMerge }} + values: + gateways: + istio-egressgateway: + name: istio-egressgateway + type: {{ .Values.egressGateways.type }} + istio-ingressgateway: + name: istio-ingressgateway + type: {{ .Values.ingressGateways.type }} + global: + istioNamespace: {{ template "istio.namespace" . }} + proxy: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }} + proxy_init: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }} + {{- if .Values.global.defaultPodDisruptionBudget.enabled }} + defaultPodDisruptionBudget: + enabled: {{ .Values.global.defaultPodDisruptionBudget.enabled }} + {{- end }} + istiocoredns: + coreDNSImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.image.repository }} + coreDNSPluginImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.pluginImage.repository }}:{{ .Values.istiocoredns.pluginImage.tag }} + coreDNSTag: {{ .Values.istiocoredns.image.tag }} + {{- if .Values.pilot.enabled }} + pilot: + image: {{ template "system_default_registry" . }}{{ .Values.pilot.repository }}:{{ .Values.pilot.tag }} + {{- end }} + telemetry: + enabled: {{ .Values.telemetry.enabled }} + v2: + enabled: {{ .Values.telemetry.v2.enabled }} + {{- if .Values.cni.enabled }} + cni: + image: {{ template "system_default_registry" . }}{{ .Values.cni.repository }}:{{ .Values.cni.tag }} + excludeNamespaces: + {{- toYaml .Values.cni.excludeNamespaces | nindent 8 }} + logLevel: {{ .Values.cni.logLevel }} + {{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/requirements.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/requirements.yaml new file mode 100755 index 000000000..b60745780 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/requirements.yaml @@ -0,0 +1,17 @@ +dependencies: +- name: kiali + version: "" + repository: file://./charts/kiali + condition: kiali.enabled + tags: [] + enabled: false + importvalues: [] + alias: "" +- name: tracing + version: "" + repository: file://./charts/tracing + condition: tracing.enabled + tags: [] + enabled: false + importvalues: [] + alias: "" diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/samples/overlay-example.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/samples/overlay-example.yaml new file mode 100755 index 000000000..5cf3cf3b0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/samples/overlay-example.yaml @@ -0,0 +1,37 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + components: + ingressGateways: + - enabled: true + name: ilb-gateway + namespace: user-ingressgateway-ns + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal + - enabled: true + name: other-gateway + namespace: cattle-istio-system + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/templates/_helpers.tpl b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/_helpers.tpl new file mode 100755 index 000000000..3f7af953a --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/_helpers.tpl @@ -0,0 +1,12 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "istio.namespace" -}} + {{- .Release.Namespace | default "istio-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/templates/admin-role.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/admin-role.yaml new file mode 100755 index 000000000..ad1313c4f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/admin-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: istio-admin + namespace: {{ template "istio.namespace" . }} +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/templates/base-config-map.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/base-config-map.yaml new file mode 100755 index 000000000..5323917bc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/base-config-map.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-base + namespace: {{ template "istio.namespace" . }} +data: +{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/templates/clusterrole.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/clusterrole.yaml new file mode 100755 index 000000000..3e621d897 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/clusterrole.yaml @@ -0,0 +1,112 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-installer +rules: +# istio groups +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - install.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - rbac.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - security.istio.io + resources: + - '*' + verbs: + - '*' +# k8s groups +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions.apiextensions.k8s.io + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - apps + - extensions + resources: + - daemonsets + - deployments + - deployments/finalizers + - ingresses + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - pods + - pods/exec + - persistentvolumeclaims + - secrets + - services + - serviceaccounts + verbs: + - '*' diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/templates/clusterrolebinding.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..9d74a0434 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: istio-installer +subjects: +- kind: ServiceAccount + name: istio-installer + namespace: {{ template "istio.namespace" . }} +roleRef: + kind: ClusterRole + name: istio-installer + apiGroup: rbac.authorization.k8s.io diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/templates/edit-role.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/edit-role.yaml new file mode 100755 index 000000000..d1059d58d --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/edit-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-edit +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/templates/istio-install-job.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/istio-install-job.yaml new file mode 100755 index 000000000..0e9c732e1 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/istio-install-job.yaml @@ -0,0 +1,45 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-installer + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + backoffLimit: 1 + template: + spec: + containers: + - name: istioctl-installer + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + - name: FORCE_INSTALL + value: {{ .Values.forceInstall | default "false" | quote }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/run.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{- end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{- end }} + serviceAccountName: istio-installer + restartPolicy: Never diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/templates/istio-uninstall-job.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/istio-uninstall-job.yaml new file mode 100755 index 000000000..b5946e55f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/istio-uninstall-job.yaml @@ -0,0 +1,42 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-uninstaller + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + spec: + containers: + - name: istioctl-uninstaller + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/uninstall_istio_system.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{ end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{ end }} + serviceAccountName: istio-installer + restartPolicy: OnFailure diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/templates/overlay-config-map.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/overlay-config-map.yaml new file mode 100755 index 000000000..287d26b2c --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/overlay-config-map.yaml @@ -0,0 +1,9 @@ +{{- if .Values.overlayFile }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-overlay + namespace: {{ template "istio.namespace" . }} +data: + overlay-config.yaml: {{ toYaml .Values.overlayFile | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/templates/service-monitors.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/service-monitors.yaml new file mode 100755 index 000000000..c3d60c4fc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/service-monitors.yaml @@ -0,0 +1,51 @@ +{{- if .Values.kiali.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: envoy-stats-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-proxies +spec: + selector: + matchExpressions: + - {key: istio-prometheus-ignore, operator: DoesNotExist} + namespaceSelector: + any: true + jobLabel: envoy-stats + endpoints: + - path: /stats/prometheus + targetPort: 15090 + interval: 15s + relabelings: + - sourceLabels: [__meta_kubernetes_pod_container_port_name] + action: keep + regex: '.*-envoy-prom' + - action: labeldrop + regex: "__meta_kubernetes_pod_label_(.+)" + - sourceLabels: [__meta_kubernetes_namespace] + action: replace + targetLabel: namespace + - sourceLabels: [__meta_kubernetes_pod_name] + action: replace + targetLabel: pod_name +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: istio-component-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-components +spec: + jobLabel: istio + targetLabels: [app] + selector: + matchExpressions: + - {key: istio, operator: In, values: [pilot]} + namespaceSelector: + any: true + endpoints: + - port: http-monitoring + interval: 15s +{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/templates/serviceaccount.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/serviceaccount.yaml new file mode 100755 index 000000000..82b6cbb7e --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/templates/view-role.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/view-role.yaml new file mode 100755 index 000000000..5947d3eba --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/view-role.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-view +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: ["get", "watch", "list"] + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: ["get", "watch", "list"] diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/values.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/values.yaml new file mode 100755 index 000000000..653572f03 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/values.yaml @@ -0,0 +1,92 @@ +overlayFile: "" +tag: 1.8.3 +##Setting forceInstall: true will remove the check for istio version < 1.6.x and will not analyze your install cluster prior to install +forceInstall: false + +installer: + repository: rancher/istio-installer + tag: 1.8.3-rancher1 + +istiocoredns: + enabled: false + image: + repository: rancher/mirrored-coredns-coredns + tag: 1.6.2 + pluginImage: + repository: rancher/mirrored-istio-coredns-plugin + tag: 0.2-istio-1.1 + +base: + enabled: true + +cni: + enabled: false + repository: rancher/mirrored-istio-install-cni + tag: 1.8.3 + logLevel: info + excludeNamespaces: + - istio-system + - kube-system + +egressGateways: + enabled: false + type: NodePort + +ingressGateways: + enabled: true + type: NodePort + +istiodRemote: + enabled: false + +pilot: + enabled: true + repository: rancher/mirrored-istio-pilot + tag: 1.8.3 + +telemetry: + enabled: true + v2: + enabled: true + +global: + cattle: + systemDefaultRegistry: "" + proxy: + repository: rancher/mirrored-istio-proxyv2 + tag: 1.8.3 + proxy_init: + repository: rancher/mirrored-istio-proxyv2 + tag: 1.8.3 + defaultPodDisruptionBudget: + enabled: true + +# this can be removed in 1.7 as it is default +meshConfig: + enablePrometheusMerge: true + +# Kiali subchart from rancher-kiali-server +kiali: + enabled: true + auth: + strategy: anonymous + deployment: + ingress_enabled: false + repository: rancher/mirrored-kiali-kiali + tag: v1.29.0 + external_services: + prometheus: + custom_metrics_url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + tracing: + in_cluster_url: "http://tracing.istio-system.svc:16686/jaeger" + grafana: + in_cluster_url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" + url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" + +tracing: + enabled: false + contextPath: "/jaeger" + jaeger: + repository: rancher/mirrored-jaegertracing-all-in-one + tag: 1.20.0 diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.23.001/Chart.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.23.001/Chart.yaml new file mode 100644 index 000000000..445f3599d --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.23.001/Chart.yaml @@ -0,0 +1,7 @@ +annotations: + catalog.cattle.io/hidden: "true" +apiVersion: v2 +description: Installs the CRDs for rancher-kiali-server. +name: rancher-kiali-server-crd +type: application +version: 1.23.001 diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.23.001/README.md b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.23.001/README.md new file mode 100644 index 000000000..a5d564749 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.23.001/README.md @@ -0,0 +1,2 @@ +# rancher-kiali-server-crd +A Rancher chart that installs the CRDs used by [rancher-kiali-server](https://github.com/rancher/dev-charts/tree/master/packages/rancher-kiali-server). diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.23.001/templates/crds.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.23.001/templates/crds.yaml new file mode 100644 index 000000000..d14366ad5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.23.001/templates/crds.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: monitoringdashboards.monitoring.kiali.io +spec: + group: monitoring.kiali.io + names: + kind: MonitoringDashboard + listKind: MonitoringDashboardList + plural: monitoringdashboards + singular: monitoringdashboard + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.001/Chart.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.001/Chart.yaml new file mode 100644 index 000000000..d3f2f682a --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.001/Chart.yaml @@ -0,0 +1,7 @@ +annotations: + catalog.cattle.io/hidden: "true" +apiVersion: v2 +description: Installs the CRDs for rancher-kiali-server. +name: rancher-kiali-server-crd +type: application +version: 1.24.001 diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.001/README.md b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.001/README.md new file mode 100644 index 000000000..3847c18a1 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.001/README.md @@ -0,0 +1,2 @@ +# rancher-kiali-server-crd +A Rancher chart that installs the CRDs used by rancher-kiali-server. diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.001/templates/crds.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.001/templates/crds.yaml new file mode 100644 index 000000000..d14366ad5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.001/templates/crds.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: monitoringdashboards.monitoring.kiali.io +spec: + group: monitoring.kiali.io + names: + kind: MonitoringDashboard + listKind: MonitoringDashboardList + plural: monitoringdashboards + singular: monitoringdashboard + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.003/Chart.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.003/Chart.yaml new file mode 100644 index 000000000..e4dd7cdf5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.003/Chart.yaml @@ -0,0 +1,7 @@ +annotations: + catalog.cattle.io/hidden: "true" +apiVersion: v2 +description: Installs the CRDs for rancher-kiali-server. +name: rancher-kiali-server-crd +type: application +version: 1.24.003 diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.003/README.md b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.003/README.md new file mode 100644 index 000000000..3847c18a1 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.003/README.md @@ -0,0 +1,2 @@ +# rancher-kiali-server-crd +A Rancher chart that installs the CRDs used by rancher-kiali-server. diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.003/templates/crds.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.003/templates/crds.yaml new file mode 100644 index 000000000..d14366ad5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.003/templates/crds.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: monitoringdashboards.monitoring.kiali.io +spec: + group: monitoring.kiali.io + names: + kind: MonitoringDashboard + listKind: MonitoringDashboardList + plural: monitoringdashboards + singular: monitoringdashboard + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.000/Chart.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.000/Chart.yaml new file mode 100755 index 000000000..8dea63886 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.000/Chart.yaml @@ -0,0 +1,7 @@ +annotations: + catalog.cattle.io/hidden: "true" +apiVersion: v2 +description: Installs the CRDs for rancher-kiali-server. +name: rancher-kiali-server-crd +type: application +version: 1.29.000 diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.000/README.md b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.000/README.md new file mode 100755 index 000000000..3847c18a1 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.000/README.md @@ -0,0 +1,2 @@ +# rancher-kiali-server-crd +A Rancher chart that installs the CRDs used by rancher-kiali-server. diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.000/templates/crds.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.000/templates/crds.yaml new file mode 100755 index 000000000..d14366ad5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.000/templates/crds.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: monitoringdashboards.monitoring.kiali.io +spec: + group: monitoring.kiali.io + names: + kind: MonitoringDashboard + listKind: MonitoringDashboardList + plural: monitoringdashboards + singular: monitoringdashboard + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.100/Chart.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.100/Chart.yaml new file mode 100755 index 000000000..d20de9142 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.100/Chart.yaml @@ -0,0 +1,7 @@ +annotations: + catalog.cattle.io/hidden: "true" +apiVersion: v2 +description: Installs the CRDs for rancher-kiali-server. +name: rancher-kiali-server-crd +type: application +version: 1.29.100 diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.100/README.md b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.100/README.md new file mode 100755 index 000000000..3847c18a1 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.100/README.md @@ -0,0 +1,2 @@ +# rancher-kiali-server-crd +A Rancher chart that installs the CRDs used by rancher-kiali-server. diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.100/templates/crds.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.100/templates/crds.yaml new file mode 100755 index 000000000..d14366ad5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.100/templates/crds.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: monitoringdashboards.monitoring.kiali.io +spec: + group: monitoring.kiali.io + names: + kind: MonitoringDashboard + listKind: MonitoringDashboardList + plural: monitoringdashboards + singular: monitoringdashboard + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.32.100/Chart.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.32.100/Chart.yaml new file mode 100755 index 000000000..2ec92b491 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.32.100/Chart.yaml @@ -0,0 +1,7 @@ +annotations: + catalog.cattle.io/hidden: "true" +apiVersion: v2 +description: Installs the CRDs for rancher-kiali-server. +name: rancher-kiali-server-crd +type: application +version: 1.32.100 diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.32.100/README.md b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.32.100/README.md new file mode 100755 index 000000000..3847c18a1 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.32.100/README.md @@ -0,0 +1,2 @@ +# rancher-kiali-server-crd +A Rancher chart that installs the CRDs used by rancher-kiali-server. diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.32.100/templates/crds.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.32.100/templates/crds.yaml new file mode 100755 index 000000000..ae7c49349 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.32.100/templates/crds.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: monitoringdashboards.monitoring.kiali.io +spec: + group: monitoring.kiali.io + names: + kind: MonitoringDashboard + listKind: MonitoringDashboardList + plural: monitoringdashboards + singular: monitoringdashboard + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/Chart.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/Chart.yaml new file mode 100644 index 000000000..8083cf929 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server + catalog.cattle.io/os: linux +apiVersion: v2 +appVersion: v1.23.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: rancher-kiali-server +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.23.001 diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/NOTES.txt b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/NOTES.txt new file mode 100644 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/_helpers.tpl b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/_helpers.tpl new file mode 100644 index 000000000..9dd3d7ff0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/_helpers.tpl @@ -0,0 +1,176 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- $includere := "" }} +{{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} +{{- end }} +{{- $excludere := "" }} +{{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} +{{- end }} +{{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/cabundle.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/cabundle.yaml new file mode 100644 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/configmap.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/configmap.yaml new file mode 100644 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/envoy.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/envoy.yaml new file mode 100644 index 000000000..8d961b848 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/envoy.yaml @@ -0,0 +1,55 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics +# discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/go.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/go.yaml new file mode 100644 index 000000000..01ebed7b5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/go.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/kiali.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/kiali.yaml new file mode 100644 index 000000000..0d5b5caa2 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/kiali.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100644 index 000000000..e89e1200c --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,42 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100644 index 000000000..ab487dccc --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,64 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100644 index 000000000..d7014951d --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/microprofile-1.1.yaml new file mode 100644 index 000000000..c00446c10 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/microprofile-x.y.yaml new file mode 100644 index 000000000..d15f527d9 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,37 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/nodejs.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/nodejs.yaml new file mode 100644 index 000000000..d772a16c0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/nodejs.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/quarkus.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/quarkus.yaml new file mode 100644 index 000000000..4fc3e9ac0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/quarkus.yaml @@ -0,0 +1,32 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/springboot-jvm-pool.yaml new file mode 100644 index 000000000..2ff4ae576 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/springboot-jvm.yaml new file mode 100644 index 000000000..8bd43055b --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/springboot-tomcat.yaml new file mode 100644 index 000000000..4b27aee4f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/thorntail.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/thorntail.yaml new file mode 100644 index 000000000..513488df4 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/thorntail.yaml @@ -0,0 +1,21 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/tomcat.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/tomcat.yaml new file mode 100644 index 000000000..28fd7f1cc --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/tomcat.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-client.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-client.yaml new file mode 100644 index 000000000..17392d87f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-client.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-eventbus.yaml new file mode 100644 index 000000000..fa659b55c --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-jvm.yaml new file mode 100644 index 000000000..ac03ea2e0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-pool.yaml new file mode 100644 index 000000000..3715e9c10 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-server.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-server.yaml new file mode 100644 index 000000000..686295468 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-server.yaml @@ -0,0 +1,61 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/deployment.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/deployment.yaml new file mode 100644 index 000000000..6fab9ee49 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/deployment.yaml @@ -0,0 +1,165 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: null + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + - "-v" + - "{{ .Values.deployment.verbose_mode }}" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/ingess.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/ingess.yaml new file mode 100644 index 000000000..5a427e896 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/ingess.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/oauth.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/oauth.yaml new file mode 100644 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/role-viewer.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/role-viewer.yaml new file mode 100644 index 000000000..790406017 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/role-viewer.yaml @@ -0,0 +1,101 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - config.istio.io + - networking.istio.io + - authentication.istio.io + - rbac.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["authentication.maistra.io"] + resources: + - servicemeshpolicies + verbs: + - get + - list + - watch +- apiGroups: ["rbac.maistra.io"] + resources: + - servicemeshrbacconfigs + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/role.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/role.yaml new file mode 100644 index 000000000..34a47dd89 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/role.yaml @@ -0,0 +1,118 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - config.istio.io + - networking.istio.io + - authentication.istio.io + - rbac.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.maistra.io"] + resources: + - servicemeshpolicies + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["rbac.maistra.io"] + resources: + - servicemeshrbacconfigs + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/rolebinding.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/rolebinding.yaml new file mode 100644 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/route.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/route.yaml new file mode 100644 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/service.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/service.yaml new file mode 100644 index 000000000..69dc395d1 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/service.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/serviceaccount.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/serviceaccount.yaml new file mode 100644 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/validate-install-crd.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/validate-install-crd.yaml new file mode 100644 index 000000000..01d33e632 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-kiali-server-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/web-root-configmap.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/web-root-configmap.yaml new file mode 100644 index 000000000..0daa7bb23 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:rancher-istio-kiali:20001/proxy'; +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/values.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/values.yaml new file mode 100644 index 000000000..12ea7379d --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/values.yaml @@ -0,0 +1,79 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + repository: rancher/kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.23.0 + ingress_enabled: true + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + verbose_mode: "3" + version_label: v1.23.0 + view_only_mode: false + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/Chart.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/Chart.yaml new file mode 100644 index 000000000..a94f55dbf --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server + catalog.cattle.io/os: linux +apiVersion: v2 +appVersion: v1.24.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: rancher-kiali-server +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.24.001 diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/NOTES.txt b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/NOTES.txt new file mode 100644 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/_helpers.tpl b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/_helpers.tpl new file mode 100644 index 000000000..9dd3d7ff0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/_helpers.tpl @@ -0,0 +1,176 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- $includere := "" }} +{{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} +{{- end }} +{{- $excludere := "" }} +{{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} +{{- end }} +{{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/cabundle.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/cabundle.yaml new file mode 100644 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/configmap.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/configmap.yaml new file mode 100644 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/envoy.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/envoy.yaml new file mode 100644 index 000000000..8d961b848 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/envoy.yaml @@ -0,0 +1,55 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics +# discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/go.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/go.yaml new file mode 100644 index 000000000..01ebed7b5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/go.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/kiali.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/kiali.yaml new file mode 100644 index 000000000..0d5b5caa2 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/kiali.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100644 index 000000000..e89e1200c --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,42 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100644 index 000000000..ab487dccc --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,64 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100644 index 000000000..d7014951d --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/microprofile-1.1.yaml new file mode 100644 index 000000000..c00446c10 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/microprofile-x.y.yaml new file mode 100644 index 000000000..d15f527d9 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,37 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/nodejs.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/nodejs.yaml new file mode 100644 index 000000000..d772a16c0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/nodejs.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/quarkus.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/quarkus.yaml new file mode 100644 index 000000000..4fc3e9ac0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/quarkus.yaml @@ -0,0 +1,32 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/springboot-jvm-pool.yaml new file mode 100644 index 000000000..2ff4ae576 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/springboot-jvm.yaml new file mode 100644 index 000000000..8bd43055b --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/springboot-tomcat.yaml new file mode 100644 index 000000000..4b27aee4f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/thorntail.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/thorntail.yaml new file mode 100644 index 000000000..513488df4 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/thorntail.yaml @@ -0,0 +1,21 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/tomcat.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/tomcat.yaml new file mode 100644 index 000000000..28fd7f1cc --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/tomcat.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-client.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-client.yaml new file mode 100644 index 000000000..17392d87f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-client.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-eventbus.yaml new file mode 100644 index 000000000..fa659b55c --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-jvm.yaml new file mode 100644 index 000000000..ac03ea2e0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-pool.yaml new file mode 100644 index 000000000..3715e9c10 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-server.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-server.yaml new file mode 100644 index 000000000..686295468 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-server.yaml @@ -0,0 +1,61 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/deployment.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/deployment.yaml new file mode 100644 index 000000000..6fab9ee49 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/deployment.yaml @@ -0,0 +1,165 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: null + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + - "-v" + - "{{ .Values.deployment.verbose_mode }}" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/ingess.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/ingess.yaml new file mode 100644 index 000000000..5a427e896 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/ingess.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/oauth.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/oauth.yaml new file mode 100644 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/role-viewer.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/role-viewer.yaml new file mode 100644 index 000000000..790406017 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/role-viewer.yaml @@ -0,0 +1,101 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - config.istio.io + - networking.istio.io + - authentication.istio.io + - rbac.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["authentication.maistra.io"] + resources: + - servicemeshpolicies + verbs: + - get + - list + - watch +- apiGroups: ["rbac.maistra.io"] + resources: + - servicemeshrbacconfigs + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/role.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/role.yaml new file mode 100644 index 000000000..34a47dd89 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/role.yaml @@ -0,0 +1,118 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - config.istio.io + - networking.istio.io + - authentication.istio.io + - rbac.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.maistra.io"] + resources: + - servicemeshpolicies + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["rbac.maistra.io"] + resources: + - servicemeshrbacconfigs + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/rolebinding.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/rolebinding.yaml new file mode 100644 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/route.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/route.yaml new file mode 100644 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/service.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/service.yaml new file mode 100644 index 000000000..69dc395d1 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/service.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/serviceaccount.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/serviceaccount.yaml new file mode 100644 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/validate-install-crd.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/validate-install-crd.yaml new file mode 100644 index 000000000..01d33e632 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-kiali-server-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/web-root-configmap.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/web-root-configmap.yaml new file mode 100644 index 000000000..0daa7bb23 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:rancher-istio-kiali:20001/proxy'; +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/values.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/values.yaml new file mode 100644 index 000000000..fccc6d4ce --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/values.yaml @@ -0,0 +1,79 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + repository: rancher/kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.24.0 + ingress_enabled: true + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + verbose_mode: "3" + version_label: v1.24.0 + view_only_mode: false + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/Chart.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/Chart.yaml new file mode 100644 index 000000000..57e2d891d --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server +apiVersion: v2 +appVersion: v1.24.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: rancher-kiali-server +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.24.003 diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/NOTES.txt b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/NOTES.txt new file mode 100644 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/_helpers.tpl b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/_helpers.tpl new file mode 100644 index 000000000..9dd3d7ff0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/_helpers.tpl @@ -0,0 +1,176 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- $includere := "" }} +{{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} +{{- end }} +{{- $excludere := "" }} +{{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} +{{- end }} +{{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/cabundle.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/cabundle.yaml new file mode 100644 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/configmap.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/configmap.yaml new file mode 100644 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/envoy.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/envoy.yaml new file mode 100644 index 000000000..8d961b848 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/envoy.yaml @@ -0,0 +1,55 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics +# discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/go.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/go.yaml new file mode 100644 index 000000000..01ebed7b5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/go.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/kiali.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/kiali.yaml new file mode 100644 index 000000000..0d5b5caa2 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/kiali.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100644 index 000000000..e89e1200c --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,42 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100644 index 000000000..ab487dccc --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,64 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100644 index 000000000..d7014951d --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/microprofile-1.1.yaml new file mode 100644 index 000000000..c00446c10 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/microprofile-x.y.yaml new file mode 100644 index 000000000..d15f527d9 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,37 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/nodejs.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/nodejs.yaml new file mode 100644 index 000000000..d772a16c0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/nodejs.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/quarkus.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/quarkus.yaml new file mode 100644 index 000000000..4fc3e9ac0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/quarkus.yaml @@ -0,0 +1,32 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/springboot-jvm-pool.yaml new file mode 100644 index 000000000..2ff4ae576 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/springboot-jvm.yaml new file mode 100644 index 000000000..8bd43055b --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/springboot-tomcat.yaml new file mode 100644 index 000000000..4b27aee4f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/thorntail.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/thorntail.yaml new file mode 100644 index 000000000..513488df4 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/thorntail.yaml @@ -0,0 +1,21 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/tomcat.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/tomcat.yaml new file mode 100644 index 000000000..28fd7f1cc --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/tomcat.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-client.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-client.yaml new file mode 100644 index 000000000..17392d87f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-client.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-eventbus.yaml new file mode 100644 index 000000000..fa659b55c --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-jvm.yaml new file mode 100644 index 000000000..ac03ea2e0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-pool.yaml new file mode 100644 index 000000000..3715e9c10 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-server.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-server.yaml new file mode 100644 index 000000000..686295468 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-server.yaml @@ -0,0 +1,61 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/deployment.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/deployment.yaml new file mode 100644 index 000000000..6fab9ee49 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/deployment.yaml @@ -0,0 +1,165 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: null + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + - "-v" + - "{{ .Values.deployment.verbose_mode }}" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/ingess.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/ingess.yaml new file mode 100644 index 000000000..5a427e896 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/ingess.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/oauth.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/oauth.yaml new file mode 100644 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/role-viewer.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/role-viewer.yaml new file mode 100644 index 000000000..790406017 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/role-viewer.yaml @@ -0,0 +1,101 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - config.istio.io + - networking.istio.io + - authentication.istio.io + - rbac.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["authentication.maistra.io"] + resources: + - servicemeshpolicies + verbs: + - get + - list + - watch +- apiGroups: ["rbac.maistra.io"] + resources: + - servicemeshrbacconfigs + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/role.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/role.yaml new file mode 100644 index 000000000..34a47dd89 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/role.yaml @@ -0,0 +1,118 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - config.istio.io + - networking.istio.io + - authentication.istio.io + - rbac.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.maistra.io"] + resources: + - servicemeshpolicies + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["rbac.maistra.io"] + resources: + - servicemeshrbacconfigs + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/rolebinding.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/rolebinding.yaml new file mode 100644 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/route.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/route.yaml new file mode 100644 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/service.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/service.yaml new file mode 100644 index 000000000..69dc395d1 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/service.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/serviceaccount.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/serviceaccount.yaml new file mode 100644 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/validate-install-crd.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/validate-install-crd.yaml new file mode 100644 index 000000000..01d33e632 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-kiali-server-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/web-root-configmap.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/web-root-configmap.yaml new file mode 100644 index 000000000..970d4e4f5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/values.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/values.yaml new file mode 100644 index 000000000..fccc6d4ce --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/values.yaml @@ -0,0 +1,79 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + repository: rancher/kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.24.0 + ingress_enabled: true + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + verbose_mode: "3" + version_label: v1.24.0 + view_only_mode: false + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/Chart.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/Chart.yaml new file mode 100755 index 000000000..9ad884d7b --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server +apiVersion: v2 +appVersion: v1.29.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: rancher-kiali-server +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.29.000 diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/NOTES.txt b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/NOTES.txt new file mode 100755 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/_helpers.tpl b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/_helpers.tpl new file mode 100755 index 000000000..dd33bbe48 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/_helpers.tpl @@ -0,0 +1,192 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Identifies the log_level with the old verbose_mode and the new log_level considered. +*/}} +{{- define "kiali-server.logLevel" -}} +{{- if .Values.deployment.verbose_mode -}} +{{- .Values.deployment.verbose_mode -}} +{{- else -}} +{{- .Values.deployment.logger.log_level -}} +{{- end -}} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: "kiali" +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- if .Values.external_services.custom_dashboards.enabled }} + {{- $includere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- $excludere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} + {{- else }} + {{- print "" }} + {{- end }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/cabundle.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/cabundle.yaml new file mode 100755 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/configmap.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/configmap.yaml new file mode 100755 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/envoy.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/envoy.yaml new file mode 100755 index 000000000..8d961b848 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/envoy.yaml @@ -0,0 +1,55 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics +# discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/go.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/go.yaml new file mode 100755 index 000000000..01ebed7b5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/go.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/kiali.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/kiali.yaml new file mode 100755 index 000000000..0d5b5caa2 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/kiali.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100755 index 000000000..e89e1200c --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,42 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100755 index 000000000..ab487dccc --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,64 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100755 index 000000000..d7014951d --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/microprofile-1.1.yaml new file mode 100755 index 000000000..c00446c10 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/microprofile-x.y.yaml new file mode 100755 index 000000000..d15f527d9 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,37 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/nodejs.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/nodejs.yaml new file mode 100755 index 000000000..d772a16c0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/nodejs.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/quarkus.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/quarkus.yaml new file mode 100755 index 000000000..4fc3e9ac0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/quarkus.yaml @@ -0,0 +1,32 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/springboot-jvm-pool.yaml new file mode 100755 index 000000000..2ff4ae576 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/springboot-jvm.yaml new file mode 100755 index 000000000..8bd43055b --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/springboot-tomcat.yaml new file mode 100755 index 000000000..4b27aee4f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/thorntail.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/thorntail.yaml new file mode 100755 index 000000000..513488df4 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/thorntail.yaml @@ -0,0 +1,21 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/tomcat.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/tomcat.yaml new file mode 100755 index 000000000..28fd7f1cc --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/tomcat.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-client.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-client.yaml new file mode 100755 index 000000000..17392d87f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-client.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-eventbus.yaml new file mode 100755 index 000000000..fa659b55c --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-jvm.yaml new file mode 100755 index 000000000..ac03ea2e0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-pool.yaml new file mode 100755 index 000000000..3715e9c10 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-server.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-server.yaml new file mode 100755 index 000000000..686295468 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-server.yaml @@ -0,0 +1,61 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/deployment.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/deployment.yaml new file mode 100755 index 000000000..de5ae7ebe --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/deployment.yaml @@ -0,0 +1,174 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + {{- if .Values.deployment.pod_labels }} + {{- toYaml .Values.deployment.pod_labels | nindent 8 }} + {{- end }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: null + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LOG_LEVEL + value: "{{ include "kiali-server.logLevel" . }}" + - name: LOG_FORMAT + value: "{{ .Values.deployment.logger.log_format }}" + - name: LOG_TIME_FIELD_FORMAT + value: "{{ .Values.deployment.logger.time_field_format }}" + - name: LOG_SAMPLER_RATE + value: "{{ .Values.deployment.logger.sampler_rate }}" + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/hpa.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/hpa.yaml new file mode 100755 index 000000000..934c4c1e9 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/hpa.yaml @@ -0,0 +1,17 @@ +{{- if .Values.deployment.hpa.spec }} +--- +apiVersion: {{ .Values.deployment.hpa.api_version }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "kiali-server.fullname" . }} + {{- toYaml .Values.deployment.hpa.spec | nindent 2 }} +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/ingress.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/ingress.yaml new file mode 100755 index 000000000..e4c98db1b --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/ingress.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/oauth.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/oauth.yaml new file mode 100755 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/role-controlplane.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/role-controlplane.yaml new file mode 100755 index 000000000..a22c76756 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/role-controlplane.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - secrets + verbs: + - list +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/role-viewer.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/role-viewer.yaml new file mode 100755 index 000000000..a496c0828 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/role-viewer.yaml @@ -0,0 +1,96 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/role.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/role.yaml new file mode 100755 index 000000000..bd51e8d5e --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/role.yaml @@ -0,0 +1,107 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/rolebinding-controlplane.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/rolebinding-controlplane.yaml new file mode 100755 index 000000000..fcd8fd579 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/rolebinding-controlplane.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kiali-controlplane +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/rolebinding.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/rolebinding.yaml new file mode 100755 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/route.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/route.yaml new file mode 100755 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/service.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/service.yaml new file mode 100755 index 000000000..69dc395d1 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/service.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/serviceaccount.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/serviceaccount.yaml new file mode 100755 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/validate-install-crd.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/validate-install-crd.yaml new file mode 100755 index 000000000..b42eeb266 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/web-root-configmap.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/web-root-configmap.yaml new file mode 100755 index 000000000..970d4e4f5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/values.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/values.yaml new file mode 100755 index 000000000..46d703c18 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/values.yaml @@ -0,0 +1,91 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + hpa: + api_version: "autoscaling/v2beta2" + spec: {} + repository: rancher/mirrored-kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.29.0 + ingress_enabled: true + logger: + log_format: "text" + log_level: "info" + time_field_format: "2006-01-02T15:04:05Z07:00" + sampler_rate: "1" + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + pod_labels: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + version_label: v1.29.0 + view_only_mode: false + +external_services: + custom_dashboards: + enabled: true + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/Chart.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/Chart.yaml new file mode 100755 index 000000000..3d52d054c --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server +apiVersion: v2 +appVersion: v1.29.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: rancher-kiali-server +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.29.100 diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/NOTES.txt b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/NOTES.txt new file mode 100755 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/_helpers.tpl b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/_helpers.tpl new file mode 100755 index 000000000..dd33bbe48 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/_helpers.tpl @@ -0,0 +1,192 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Identifies the log_level with the old verbose_mode and the new log_level considered. +*/}} +{{- define "kiali-server.logLevel" -}} +{{- if .Values.deployment.verbose_mode -}} +{{- .Values.deployment.verbose_mode -}} +{{- else -}} +{{- .Values.deployment.logger.log_level -}} +{{- end -}} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: "kiali" +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- if .Values.external_services.custom_dashboards.enabled }} + {{- $includere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- $excludere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} + {{- else }} + {{- print "" }} + {{- end }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/cabundle.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/cabundle.yaml new file mode 100755 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/configmap.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/configmap.yaml new file mode 100755 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/envoy.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/envoy.yaml new file mode 100755 index 000000000..8d961b848 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/envoy.yaml @@ -0,0 +1,55 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics +# discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/go.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/go.yaml new file mode 100755 index 000000000..01ebed7b5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/go.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/kiali.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/kiali.yaml new file mode 100755 index 000000000..0d5b5caa2 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/kiali.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100755 index 000000000..e89e1200c --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,42 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100755 index 000000000..ab487dccc --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,64 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100755 index 000000000..d7014951d --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/microprofile-1.1.yaml new file mode 100755 index 000000000..c00446c10 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/microprofile-x.y.yaml new file mode 100755 index 000000000..d15f527d9 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,37 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/nodejs.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/nodejs.yaml new file mode 100755 index 000000000..d772a16c0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/nodejs.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/quarkus.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/quarkus.yaml new file mode 100755 index 000000000..4fc3e9ac0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/quarkus.yaml @@ -0,0 +1,32 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/springboot-jvm-pool.yaml new file mode 100755 index 000000000..2ff4ae576 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/springboot-jvm.yaml new file mode 100755 index 000000000..8bd43055b --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/springboot-tomcat.yaml new file mode 100755 index 000000000..4b27aee4f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/thorntail.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/thorntail.yaml new file mode 100755 index 000000000..513488df4 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/thorntail.yaml @@ -0,0 +1,21 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/tomcat.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/tomcat.yaml new file mode 100755 index 000000000..28fd7f1cc --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/tomcat.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-client.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-client.yaml new file mode 100755 index 000000000..17392d87f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-client.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-eventbus.yaml new file mode 100755 index 000000000..fa659b55c --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-jvm.yaml new file mode 100755 index 000000000..ac03ea2e0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-pool.yaml new file mode 100755 index 000000000..3715e9c10 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-server.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-server.yaml new file mode 100755 index 000000000..686295468 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-server.yaml @@ -0,0 +1,61 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/deployment.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/deployment.yaml new file mode 100755 index 000000000..de5ae7ebe --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/deployment.yaml @@ -0,0 +1,174 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + {{- if .Values.deployment.pod_labels }} + {{- toYaml .Values.deployment.pod_labels | nindent 8 }} + {{- end }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: null + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LOG_LEVEL + value: "{{ include "kiali-server.logLevel" . }}" + - name: LOG_FORMAT + value: "{{ .Values.deployment.logger.log_format }}" + - name: LOG_TIME_FIELD_FORMAT + value: "{{ .Values.deployment.logger.time_field_format }}" + - name: LOG_SAMPLER_RATE + value: "{{ .Values.deployment.logger.sampler_rate }}" + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/hpa.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/hpa.yaml new file mode 100755 index 000000000..934c4c1e9 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/hpa.yaml @@ -0,0 +1,17 @@ +{{- if .Values.deployment.hpa.spec }} +--- +apiVersion: {{ .Values.deployment.hpa.api_version }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "kiali-server.fullname" . }} + {{- toYaml .Values.deployment.hpa.spec | nindent 2 }} +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/ingress.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/ingress.yaml new file mode 100755 index 000000000..e4c98db1b --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/ingress.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/oauth.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/oauth.yaml new file mode 100755 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/psp.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/psp.yaml new file mode 100755 index 000000000..f891892cc --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/psp.yaml @@ -0,0 +1,67 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-psp +subjects: + - kind: ServiceAccount + name: kiali +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "kiali-server.fullname" . }}-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/role-controlplane.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/role-controlplane.yaml new file mode 100755 index 000000000..a22c76756 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/role-controlplane.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - secrets + verbs: + - list +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/role-viewer.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/role-viewer.yaml new file mode 100755 index 000000000..a496c0828 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/role-viewer.yaml @@ -0,0 +1,96 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/role.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/role.yaml new file mode 100755 index 000000000..bd51e8d5e --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/role.yaml @@ -0,0 +1,107 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/rolebinding-controlplane.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/rolebinding-controlplane.yaml new file mode 100755 index 000000000..fcd8fd579 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/rolebinding-controlplane.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kiali-controlplane +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/rolebinding.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/rolebinding.yaml new file mode 100755 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/route.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/route.yaml new file mode 100755 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/service.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/service.yaml new file mode 100755 index 000000000..69dc395d1 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/service.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/serviceaccount.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/serviceaccount.yaml new file mode 100755 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/validate-install-crd.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/validate-install-crd.yaml new file mode 100755 index 000000000..b42eeb266 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/web-root-configmap.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/web-root-configmap.yaml new file mode 100755 index 000000000..970d4e4f5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/values.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/values.yaml new file mode 100755 index 000000000..39255bc38 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/values.yaml @@ -0,0 +1,93 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + hpa: + api_version: "autoscaling/v2beta2" + spec: {} + repository: rancher/mirrored-kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.29.0 + ingress_enabled: true + logger: + log_format: "text" + log_level: "info" + time_field_format: "2006-01-02T15:04:05Z07:00" + sampler_rate: "1" + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + pod_labels: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + version_label: v1.29.0 + view_only_mode: false + +external_services: + custom_dashboards: + enabled: true + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: + rbac: + pspEnabled: false diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/Chart.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/Chart.yaml new file mode 100755 index 000000000..0216620e2 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server +apiVersion: v2 +appVersion: v1.32.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: rancher-kiali-server +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.32.100 diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/NOTES.txt b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/NOTES.txt new file mode 100755 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/_helpers.tpl b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/_helpers.tpl new file mode 100755 index 000000000..dd33bbe48 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/_helpers.tpl @@ -0,0 +1,192 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Identifies the log_level with the old verbose_mode and the new log_level considered. +*/}} +{{- define "kiali-server.logLevel" -}} +{{- if .Values.deployment.verbose_mode -}} +{{- .Values.deployment.verbose_mode -}} +{{- else -}} +{{- .Values.deployment.logger.log_level -}} +{{- end -}} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: "kiali" +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- if .Values.external_services.custom_dashboards.enabled }} + {{- $includere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- $excludere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} + {{- else }} + {{- print "" }} + {{- end }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/cabundle.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/cabundle.yaml new file mode 100755 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/configmap.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/configmap.yaml new file mode 100755 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/envoy.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/envoy.yaml new file mode 100755 index 000000000..85b402017 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/envoy.yaml @@ -0,0 +1,56 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics + discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/go.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/go.yaml new file mode 100755 index 000000000..2d2f42a93 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/go.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/kiali.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/kiali.yaml new file mode 100755 index 000000000..b1f011b4f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/kiali.yaml @@ -0,0 +1,44 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100755 index 000000000..2e1ed5cff --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100755 index 000000000..d64596882 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,65 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100755 index 000000000..76e8d0a4a --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,68 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/microprofile-1.1.yaml new file mode 100755 index 000000000..1d4951196 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/microprofile-x.y.yaml new file mode 100755 index 000000000..57ddc60ef --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,38 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/nodejs.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/nodejs.yaml new file mode 100755 index 000000000..1ffe0aa10 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/nodejs.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/quarkus.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/quarkus.yaml new file mode 100755 index 000000000..cef5f3dce --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/quarkus.yaml @@ -0,0 +1,33 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/springboot-jvm-pool.yaml new file mode 100755 index 000000000..42d87d890 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/springboot-jvm.yaml new file mode 100755 index 000000000..ced3acdd9 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/springboot-tomcat.yaml new file mode 100755 index 000000000..c07016aa2 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/thorntail.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/thorntail.yaml new file mode 100755 index 000000000..6bd85e6f5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/thorntail.yaml @@ -0,0 +1,22 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/tomcat.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/tomcat.yaml new file mode 100755 index 000000000..9a803342f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/tomcat.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-client.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-client.yaml new file mode 100755 index 000000000..2d591d6b0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-client.yaml @@ -0,0 +1,60 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-eventbus.yaml new file mode 100755 index 000000000..65f9ee2ec --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-jvm.yaml new file mode 100755 index 000000000..2663186f3 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-pool.yaml new file mode 100755 index 000000000..f6af921b3 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,68 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-server.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-server.yaml new file mode 100755 index 000000000..de6b89df9 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-server.yaml @@ -0,0 +1,62 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/deployment.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/deployment.yaml new file mode 100755 index 000000000..100c57922 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/deployment.yaml @@ -0,0 +1,174 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + {{- if .Values.deployment.pod_labels }} + {{- toYaml .Values.deployment.pod_labels | nindent 8 }} + {{- end }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: "" + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LOG_LEVEL + value: "{{ include "kiali-server.logLevel" . }}" + - name: LOG_FORMAT + value: "{{ .Values.deployment.logger.log_format }}" + - name: LOG_TIME_FIELD_FORMAT + value: "{{ .Values.deployment.logger.time_field_format }}" + - name: LOG_SAMPLER_RATE + value: "{{ .Values.deployment.logger.sampler_rate }}" + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/hpa.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/hpa.yaml new file mode 100755 index 000000000..934c4c1e9 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/hpa.yaml @@ -0,0 +1,17 @@ +{{- if .Values.deployment.hpa.spec }} +--- +apiVersion: {{ .Values.deployment.hpa.api_version }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "kiali-server.fullname" . }} + {{- toYaml .Values.deployment.hpa.spec | nindent 2 }} +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/ingress.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/ingress.yaml new file mode 100755 index 000000000..e4c98db1b --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/ingress.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/oauth.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/oauth.yaml new file mode 100755 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/psp.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/psp.yaml new file mode 100755 index 000000000..f891892cc --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/psp.yaml @@ -0,0 +1,67 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-psp +subjects: + - kind: ServiceAccount + name: kiali +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "kiali-server.fullname" . }}-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/role-controlplane.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/role-controlplane.yaml new file mode 100755 index 000000000..a22c76756 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/role-controlplane.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - secrets + verbs: + - list +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/role-viewer.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/role-viewer.yaml new file mode 100755 index 000000000..9fdd9fd1d --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/role-viewer.yaml @@ -0,0 +1,97 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/role.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/role.yaml new file mode 100755 index 000000000..8444bc753 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/role.yaml @@ -0,0 +1,108 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/rolebinding-controlplane.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/rolebinding-controlplane.yaml new file mode 100755 index 000000000..5a0015836 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/rolebinding-controlplane.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-controlplane +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/rolebinding.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/rolebinding.yaml new file mode 100755 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/route.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/route.yaml new file mode 100755 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/service.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/service.yaml new file mode 100755 index 000000000..9ccf4f388 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/service.yaml @@ -0,0 +1,47 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if and (not (empty .Values.server.web_fqdn)) (not (empty .Values.server.web_schema)) }} + {{- if empty .Values.server.web_port }} + kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}{{ default "" .Values.server.web_root }} + {{- else }} + kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}:{{ .Values.server.web_port }}{{(default "" .Values.server.web_root) }} + {{- end }} + {{- end }} + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/serviceaccount.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/serviceaccount.yaml new file mode 100755 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/validate-install-crd.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/validate-install-crd.yaml new file mode 100755 index 000000000..b42eeb266 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/web-root-configmap.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/web-root-configmap.yaml new file mode 100755 index 000000000..970d4e4f5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/values.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/values.yaml new file mode 100755 index 000000000..aada4e09a --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/values.yaml @@ -0,0 +1,93 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + hpa: + api_version: "autoscaling/v2beta2" + spec: {} + repository: rancher/mirrored-kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.32.0 + ingress_enabled: true + logger: + log_format: "text" + log_level: "info" + time_field_format: "2006-01-02T15:04:05Z07:00" + sampler_rate: "1" + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + pod_labels: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + version_label: v1.32.0 + view_only_mode: false + +external_services: + custom_dashboards: + enabled: true + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: + rbac: + pspEnabled: false diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/.helmignore b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/.helmignore new file mode 100755 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/Chart.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/Chart.yaml new file mode 100755 index 000000000..aab9c879e --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/Chart.yaml @@ -0,0 +1,24 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-kube-state-metrics +apiVersion: v1 +appVersion: 1.9.8 +description: Install kube-state-metrics to generate and expose cluster-level metrics +home: https://github.com/kubernetes/kube-state-metrics/ +keywords: +- metric +- monitoring +- prometheus +- kubernetes +maintainers: +- email: tariq.ibrahim@mulesoft.com + name: tariq1890 +- email: manuel@rueg.eu + name: mrueg +name: rancher-kube-state-metrics +sources: +- https://github.com/kubernetes/kube-state-metrics/ +version: 2.13.101 diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/LICENSE b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/LICENSE new file mode 100755 index 000000000..393b7a33b --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright The Helm Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/OWNERS b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/OWNERS new file mode 100755 index 000000000..206b4fee7 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/OWNERS @@ -0,0 +1,6 @@ +approvers: +- tariq1890 +- mrueg +reviewers: +- tariq1890 +- mrueg diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/README.md b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/README.md new file mode 100755 index 000000000..e93a3d252 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/README.md @@ -0,0 +1,66 @@ +# kube-state-metrics Helm Chart + +Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics). + +## Get Repo Info + +```console +helm repo add kube-state-metrics https://kubernetes.github.io/kube-state-metrics +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Install Chart + +```console +# Helm 3 +$ helm install [RELEASE_NAME] kube-state-metrics/kube-state-metrics [flags] + +# Helm 2 +$ helm install --name [RELEASE_NAME] kube-state-metrics/kube-state-metrics [flags] +``` + +_See [configuration](#configuration) below._ + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +## Uninstall Chart + +```console +# Helm 3 +$ helm uninstall [RELEASE_NAME] + +# Helm 2 +# helm delete --purge [RELEASE_NAME] +``` + +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ + +## Upgrading Chart + +```console +# Helm 3 or 2 +$ helm upgrade [RELEASE_NAME] kube-state-metrics/kube-state-metrics [flags] +``` + +_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ + +### From stable/kube-state-metrics + +You can upgrade in-place: + +1. [get repo info](#get-repo-info) +1. [upgrade](#upgrading-chart) your existing release name using the new chart repo + +## Configuration + +See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments: + +```console +helm show values kube-state-metrics/kube-state-metrics +``` + +You may also `helm show values` on this chart's [dependencies](#dependencies) for additional options. diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/NOTES.txt b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/NOTES.txt new file mode 100755 index 000000000..5a646e0cc --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/NOTES.txt @@ -0,0 +1,10 @@ +kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. +The exposed metrics can be found here: +https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics + +The metrics are exported on the HTTP endpoint /metrics on the listening port. +In your case, {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc.cluster.local:{{ .Values.service.port }}/metrics + +They are served either as plaintext or protobuf depending on the Accept header. +They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. + diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/_helpers.tpl b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/_helpers.tpl new file mode 100755 index 000000000..4f76b188b --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/_helpers.tpl @@ -0,0 +1,76 @@ +# Rancher +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "kube-state-metrics.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kube-state-metrics.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "kube-state-metrics.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "kube-state-metrics.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "kube-state-metrics.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/clusterrolebinding.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..af158c512 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/clusterrolebinding.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.rbac.create .Values.rbac.useClusterRole -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: {{ template "kube-state-metrics.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole +{{- if .Values.rbac.useExistingRole }} + name: {{ .Values.rbac.useExistingRole }} +{{- else }} + name: {{ template "kube-state-metrics.fullname" . }} +{{- end }} +subjects: +- kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end -}} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/deployment.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/deployment.yaml new file mode 100755 index 000000000..4ab55291b --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/deployment.yaml @@ -0,0 +1,217 @@ +apiVersion: apps/v1 +{{- if .Values.autosharding.enabled }} +kind: StatefulSet +{{- else }} +kind: Deployment +{{- end }} +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" + app.kubernetes.io/version: "{{ .Chart.AppVersion }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + replicas: {{ .Values.replicas }} +{{- if .Values.autosharding.enabled }} + serviceName: {{ template "kube-state-metrics.fullname" . }} + volumeClaimTemplates: [] +{{- end }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + app.kubernetes.io/instance: "{{ .Release.Name }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 8 }} +{{- end }} +{{- if .Values.podAnnotations }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8 }} +{{- end }} + spec: + hostNetwork: {{ .Values.hostNetwork }} + serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + runAsGroup: {{ .Values.securityContext.runAsGroup }} + runAsUser: {{ .Values.securityContext.runAsUser }} + runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + containers: + - name: {{ .Chart.Name }} +{{- if .Values.autosharding.enabled }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +{{- end }} + args: +{{ if .Values.extraArgs }} + {{- range .Values.extraArgs }} + - {{ . }} + {{- end }} +{{ end }} +{{ if .Values.collectors.certificatesigningrequests }} + - --collectors=certificatesigningrequests +{{ end }} +{{ if .Values.collectors.configmaps }} + - --collectors=configmaps +{{ end }} +{{ if .Values.collectors.cronjobs }} + - --collectors=cronjobs +{{ end }} +{{ if .Values.collectors.daemonsets }} + - --collectors=daemonsets +{{ end }} +{{ if .Values.collectors.deployments }} + - --collectors=deployments +{{ end }} +{{ if .Values.collectors.endpoints }} + - --collectors=endpoints +{{ end }} +{{ if .Values.collectors.horizontalpodautoscalers }} + - --collectors=horizontalpodautoscalers +{{ end }} +{{ if .Values.collectors.ingresses }} + - --collectors=ingresses +{{ end }} +{{ if .Values.collectors.jobs }} + - --collectors=jobs +{{ end }} +{{ if .Values.collectors.limitranges }} + - --collectors=limitranges +{{ end }} +{{ if .Values.collectors.mutatingwebhookconfigurations }} + - --collectors=mutatingwebhookconfigurations +{{ end }} +{{ if .Values.collectors.namespaces }} + - --collectors=namespaces +{{ end }} +{{ if .Values.collectors.networkpolicies }} + - --collectors=networkpolicies +{{ end }} +{{ if .Values.collectors.nodes }} + - --collectors=nodes +{{ end }} +{{ if .Values.collectors.persistentvolumeclaims }} + - --collectors=persistentvolumeclaims +{{ end }} +{{ if .Values.collectors.persistentvolumes }} + - --collectors=persistentvolumes +{{ end }} +{{ if .Values.collectors.poddisruptionbudgets }} + - --collectors=poddisruptionbudgets +{{ end }} +{{ if .Values.collectors.pods }} + - --collectors=pods +{{ end }} +{{ if .Values.collectors.replicasets }} + - --collectors=replicasets +{{ end }} +{{ if .Values.collectors.replicationcontrollers }} + - --collectors=replicationcontrollers +{{ end }} +{{ if .Values.collectors.resourcequotas }} + - --collectors=resourcequotas +{{ end }} +{{ if .Values.collectors.secrets }} + - --collectors=secrets +{{ end }} +{{ if .Values.collectors.services }} + - --collectors=services +{{ end }} +{{ if .Values.collectors.statefulsets }} + - --collectors=statefulsets +{{ end }} +{{ if .Values.collectors.storageclasses }} + - --collectors=storageclasses +{{ end }} +{{ if .Values.collectors.validatingwebhookconfigurations }} + - --collectors=validatingwebhookconfigurations +{{ end }} +{{ if .Values.collectors.verticalpodautoscalers }} + - --collectors=verticalpodautoscalers +{{ end }} +{{ if .Values.collectors.volumeattachments }} + - --collectors=volumeattachments +{{ end }} +{{ if .Values.namespace }} + - --namespace={{ .Values.namespace | join "," }} +{{ end }} +{{ if .Values.autosharding.enabled }} + - --pod=$(POD_NAME) + - --pod-namespace=$(POD_NAMESPACE) +{{ end }} +{{ if .Values.kubeconfig.enabled }} + - --kubeconfig=/opt/k8s/.kube/config +{{ end }} +{{ if .Values.selfMonitor.telemetryHost }} + - --telemetry-host={{ .Values.selfMonitor.telemetryHost }} +{{ end }} + - --telemetry-port=8081 +{{- if .Values.kubeconfig.enabled }} + volumeMounts: + - name: kubeconfig + mountPath: /opt/k8s/.kube/ + readOnly: true +{{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + ports: + - containerPort: 8080 + livenessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: / + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 +{{- if .Values.resources }} + resources: +{{ toYaml .Values.resources | indent 10 }} +{{- end }} +{{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} +{{- end }} +{{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} +{{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 8 }} +{{- end }} +{{- if .Values.kubeconfig.enabled}} + volumes: + - name: kubeconfig + secret: + secretName: {{ template "kube-state-metrics.fullname" . }}-kubeconfig +{{- end }} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/kubeconfig-secret.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/kubeconfig-secret.yaml new file mode 100755 index 000000000..a7800d7ad --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/kubeconfig-secret.yaml @@ -0,0 +1,15 @@ +{{- if .Values.kubeconfig.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "kube-state-metrics.fullname" . }}-kubeconfig + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" +type: Opaque +data: + config: '{{ .Values.kubeconfig.secret }}' +{{- end -}} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/pdb.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/pdb.yaml new file mode 100755 index 000000000..d3ef8104e --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/pdb.yaml @@ -0,0 +1,20 @@ +{{- if .Values.podDisruptionBudget -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} +{{ toYaml .Values.podDisruptionBudget | indent 2 }} +{{- end -}} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/podsecuritypolicy.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/podsecuritypolicy.yaml new file mode 100755 index 000000000..e822ba0e7 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/podsecuritypolicy.yaml @@ -0,0 +1,42 @@ +{{- if .Values.podSecurityPolicy.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.podSecurityPolicy.annotations }} + annotations: +{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} +{{- end }} +spec: + privileged: false + volumes: + - 'secret' +{{- if .Values.podSecurityPolicy.additionalVolumes }} +{{ toYaml .Values.podSecurityPolicy.additionalVolumes | indent 4 }} +{{- end }} + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/psp-clusterrole.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/psp-clusterrole.yaml new file mode 100755 index 000000000..217abc950 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/psp-clusterrole.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: psp-{{ template "kube-state-metrics.fullname" . }} +rules: +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} +- apiGroups: ['policy'] +{{- else }} +- apiGroups: ['extensions'] +{{- end }} + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "kube-state-metrics.fullname" . }} +{{- end }} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/psp-clusterrolebinding.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/psp-clusterrolebinding.yaml new file mode 100755 index 000000000..feb97f228 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/psp-clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: psp-{{ template "kube-state-metrics.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: psp-{{ template "kube-state-metrics.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/role.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/role.yaml new file mode 100755 index 000000000..6259d2f61 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/role.yaml @@ -0,0 +1,192 @@ +{{- if and (eq $.Values.rbac.create true) (not .Values.rbac.useExistingRole) -}} +{{- if eq .Values.rbac.useClusterRole false }} +{{- range (split "," $.Values.namespace) }} +{{- end }} +{{- end -}} +--- +apiVersion: rbac.authorization.k8s.io/v1 +{{- if eq .Values.rbac.useClusterRole false }} +kind: Role +{{- else }} +kind: ClusterRole +{{- end }} +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" $ }} + helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/instance: {{ $.Release.Name }} + name: {{ template "kube-state-metrics.fullname" $ }} +{{- if eq .Values.rbac.useClusterRole false }} + namespace: {{ . }} +{{- end }} +rules: +{{ if $.Values.collectors.certificatesigningrequests }} +- apiGroups: ["certificates.k8s.io"] + resources: + - certificatesigningrequests + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.configmaps }} +- apiGroups: [""] + resources: + - configmaps + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.cronjobs }} +- apiGroups: ["batch"] + resources: + - cronjobs + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.daemonsets }} +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.deployments }} +- apiGroups: ["extensions", "apps"] + resources: + - deployments + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.endpoints }} +- apiGroups: [""] + resources: + - endpoints + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.horizontalpodautoscalers }} +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.ingresses }} +- apiGroups: ["extensions", "networking.k8s.io"] + resources: + - ingresses + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.jobs }} +- apiGroups: ["batch"] + resources: + - jobs + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.limitranges }} +- apiGroups: [""] + resources: + - limitranges + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.mutatingwebhookconfigurations }} +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - mutatingwebhookconfigurations + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.namespaces }} +- apiGroups: [""] + resources: + - namespaces + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.networkpolicies }} +- apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.nodes }} +- apiGroups: [""] + resources: + - nodes + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.persistentvolumeclaims }} +- apiGroups: [""] + resources: + - persistentvolumeclaims + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.persistentvolumes }} +- apiGroups: [""] + resources: + - persistentvolumes + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.poddisruptionbudgets }} +- apiGroups: ["policy"] + resources: + - poddisruptionbudgets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.pods }} +- apiGroups: [""] + resources: + - pods + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.replicasets }} +- apiGroups: ["extensions", "apps"] + resources: + - replicasets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.replicationcontrollers }} +- apiGroups: [""] + resources: + - replicationcontrollers + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.resourcequotas }} +- apiGroups: [""] + resources: + - resourcequotas + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.secrets }} +- apiGroups: [""] + resources: + - secrets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.services }} +- apiGroups: [""] + resources: + - services + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.statefulsets }} +- apiGroups: ["apps"] + resources: + - statefulsets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.storageclasses }} +- apiGroups: ["storage.k8s.io"] + resources: + - storageclasses + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.validatingwebhookconfigurations }} +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - validatingwebhookconfigurations + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.volumeattachments }} +- apiGroups: ["storage.k8s.io"] + resources: + - volumeattachments + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.verticalpodautoscalers }} +- apiGroups: ["autoscaling.k8s.io"] + resources: + - verticalpodautoscalers + verbs: ["list", "watch"] +{{ end -}} +{{- end -}} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/rolebinding.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/rolebinding.yaml new file mode 100755 index 000000000..732174a33 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/rolebinding.yaml @@ -0,0 +1,27 @@ +{{- if and (eq .Values.rbac.create true) (eq .Values.rbac.useClusterRole false) -}} +{{- range (split "," $.Values.namespace) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" $ }} + helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/instance: {{ $.Release.Name }} + name: {{ template "kube-state-metrics.fullname" $ }} + namespace: {{ . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role +{{- if (not $.Values.rbac.useExistingRole) }} + name: {{ template "kube-state-metrics.fullname" $ }} +{{- else }} + name: {{ $.Values.rbac.useExistingRole }} +{{- end }} +subjects: +- kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" $ }} + namespace: {{ template "kube-state-metrics.namespace" $ }} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/service.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/service.yaml new file mode 100755 index 000000000..4f8e4a497 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/service.yaml @@ -0,0 +1,42 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} + annotations: + {{- if .Values.prometheusScrape }} + prometheus.io/scrape: '{{ .Values.prometheusScrape }}' + {{- end }} + {{- if .Values.service.annotations }} + {{- toYaml .Values.service.annotations | nindent 4 }} + {{- end }} +spec: + type: "{{ .Values.service.type }}" + ports: + - name: "http" + protocol: TCP + port: {{ .Values.service.port }} + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + targetPort: 8080 + {{ if .Values.selfMonitor.enabled }} + - name: "metrics" + protocol: TCP + port: {{ .Values.selfMonitor.telemetryPort | default 8081 }} + targetPort: 8081 + {{ end }} +{{- if .Values.service.loadBalancerIP }} + loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" +{{- end }} + selector: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/serviceaccount.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/serviceaccount.yaml new file mode 100755 index 000000000..2e8a1ee38 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/serviceaccount.yaml @@ -0,0 +1,18 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- if .Values.serviceAccount.annotations }} + annotations: +{{ toYaml .Values.serviceAccount.annotations | indent 4 }} +{{- end }} +imagePullSecrets: +{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }} +{{- end -}} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/servicemonitor.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/servicemonitor.yaml new file mode 100755 index 000000000..7d1cd7aa1 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/servicemonitor.yaml @@ -0,0 +1,34 @@ +{{- if .Values.prometheus.monitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" + {{- if .Values.prometheus.monitor.additionalLabels }} +{{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }} + {{- end }} +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + endpoints: + - port: http + {{- if .Values.prometheus.monitor.honorLabels }} + honorLabels: true + {{- end }} + {{ if .Values.selfMonitor.enabled }} + - port: metrics + {{- if .Values.prometheus.monitor.honorLabels }} + honorLabels: true + {{- end }} + {{ end }} +{{- end }} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/stsdiscovery-role.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/stsdiscovery-role.yaml new file mode 100755 index 000000000..9770b0498 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/stsdiscovery-role.yaml @@ -0,0 +1,29 @@ +{{- if and .Values.autosharding.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resourceNames: + - {{ template "kube-state-metrics.fullname" . }} + resources: + - statefulsets + verbs: + - get + - list + - watch +{{- end }} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/stsdiscovery-rolebinding.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/stsdiscovery-rolebinding.yaml new file mode 100755 index 000000000..6a2e5bfe7 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/stsdiscovery-rolebinding.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.autosharding.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/values.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/values.yaml new file mode 100755 index 000000000..f64645690 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/values.yaml @@ -0,0 +1,184 @@ +global: + cattle: + systemDefaultRegistry: "" + +# Default values for kube-state-metrics. +prometheusScrape: true +image: + repository: rancher/mirrored-kube-state-metrics-kube-state-metrics + tag: v1.9.8 + pullPolicy: IfNotPresent + +imagePullSecrets: [] +# - name: "image-pull-secret" + +# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data +# will be automatically sharded across <.Values.replicas> pods using the built-in +# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding +# This is an experimental feature and there are no stability guarantees. +autosharding: + enabled: false + +replicas: 1 + +# List of additional cli arguments to configure kube-state-metrics +# for example: --enable-gzip-encoding, --log-file, etc. +# all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/master/docs/cli-arguments.md +extraArgs: [] + +service: + port: 8080 + # Default to clusterIP for backward compatibility + type: ClusterIP + nodePort: 0 + loadBalancerIP: "" + annotations: {} + +customLabels: {} + +hostNetwork: false + +rbac: + # If true, create & use RBAC resources + create: true + + # Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to it, rolename set here. + # useExistingRole: your-existing-role + + # If set to false - Run without Cluteradmin privs needed - ONLY works if namespace is also set (if useExistingRole is set this name is used as ClusterRole or Role to bind to) + useClusterRole: true + +serviceAccount: + # Specifies whether a ServiceAccount should be created, require rbac true + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + # Reference to one or more secrets to be used when pulling images + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + imagePullSecrets: [] + # ServiceAccount annotations. + # Use case: AWS EKS IAM roles for service accounts + # ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html + annotations: {} + +prometheus: + monitor: + enabled: false + additionalLabels: {} + namespace: "" + honorLabels: false + +## Specify if a Pod Security Policy for kube-state-metrics must be created +## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +## +podSecurityPolicy: + enabled: false + annotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + additionalVolumes: [] + +securityContext: + enabled: true + runAsNonRoot: true + runAsGroup: 65534 + runAsUser: 65534 + fsGroup: 65534 + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +nodeSelector: {} + +## Affinity settings for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +affinity: {} + +## Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +# Annotations to be added to the pod +podAnnotations: {} + +## Assign a PriorityClassName to pods if set +# priorityClassName: "" + +# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +podDisruptionBudget: {} + +# Available collectors for kube-state-metrics. By default all available +# collectors are enabled. +collectors: + certificatesigningrequests: true + configmaps: true + cronjobs: true + daemonsets: true + deployments: true + endpoints: true + horizontalpodautoscalers: true + ingresses: true + jobs: true + limitranges: true + mutatingwebhookconfigurations: true + namespaces: true + networkpolicies: true + nodes: true + persistentvolumeclaims: true + persistentvolumes: true + poddisruptionbudgets: true + pods: true + replicasets: true + replicationcontrollers: true + resourcequotas: true + secrets: true + services: true + statefulsets: true + storageclasses: true + validatingwebhookconfigurations: true + verticalpodautoscalers: false + volumeattachments: true + +# Enabling kubeconfig will pass the --kubeconfig argument to the container +kubeconfig: + enabled: false + # base64 encoded kube-config file + secret: + +# Namespace to be enabled for collecting resources. By default all namespaces are collected. +# namespace: "" + +## Override the deployment namespace +## +namespaceOverride: "" + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 64Mi + # requests: + # cpu: 10m + # memory: 32Mi + +## Provide a k8s version to define apiGroups for podSecurityPolicy Cluster Role. +## For example: kubeTargetVersionOverride: 1.14.9 +## +kubeTargetVersionOverride: "" + +# Enable self metrics configuration for service and Service Monitor +# Default values for telemetry configuration can be overriden +selfMonitor: + enabled: false + # telemetryHost: 0.0.0.0 + # telemetryPort: 8081 diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.6.000/Chart.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.6.000/Chart.yaml new file mode 100644 index 000000000..5da44c496 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.6.000/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/release-name: rancher-logging-crd +apiVersion: v1 +description: Installs the CRDs for rancher-logging. +name: rancher-logging-crd +type: application +version: 3.6.000 diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.6.000/README.md b/released/charts/rancher-logging/rancher-logging-crd/3.6.000/README.md new file mode 100644 index 000000000..57b839d2b --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.6.000/README.md @@ -0,0 +1,2 @@ +# rancher-logging-crd +A Rancher chart that installs the CRDs used by [rancher-logging](https://github.com/rancher/dev-charts/tree/master/packages/rancher-logging). diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_clusterflows.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_clusterflows.yaml new file mode 100644 index 000000000..ce242e787 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_clusterflows.yaml @@ -0,0 +1,552 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusterflows.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterFlow + listKind: ClusterFlowList + plural: clusterflows + singular: clusterflow + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_clusteroutputs.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_clusteroutputs.yaml new file mode 100644 index 000000000..1eaeb2ebb --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_clusteroutputs.yaml @@ -0,0 +1,4142 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusteroutputs.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterOutput + listKind: ClusterOutputList + plural: clusteroutputs + singular: clusteroutput + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_type: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + store_as: + type: string + required: + - azure_container + - azure_storage_access_key + - azure_storage_account + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + enabledNamespaces: + items: + type: string + type: array + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer_chunk_limit: + type: string + hostname: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + type: string + ca_path: + type: string + client_cert: + type: string + client_key: + type: string + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + type: object + status: + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_flows.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_flows.yaml new file mode 100644 index 000000000..fd4aaa812 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_flows.yaml @@ -0,0 +1,548 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: flows.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Flow + listKind: FlowList + plural: flows + singular: flow + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + localOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_loggings.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_loggings.yaml new file mode 100644 index 000000000..4600ae7b1 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_loggings.yaml @@ -0,0 +1,2411 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: loggings.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Logging + listKind: LoggingList + plural: loggings + singular: logging + preserveUnknownFields: false + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + allowClusterResourcesFromAllNamespaces: + type: boolean + controlNamespace: + type: string + defaultFlow: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + outputRefs: + items: + type: string + type: array + type: object + enableRecreateWorkloadOnImmutableFieldChange: + type: boolean + flowConfigCheckDisabled: + type: boolean + flowConfigOverride: + type: string + fluentbit: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorage: + properties: + storage.backlog.mem_limit: + type: string + storage.checksum: + type: string + storage.path: + type: string + storage.sync: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + customConfigSecret: + type: string + extraVolumeMounts: + items: + properties: + destination: + pattern: ^/.+$ + type: string + readOnly: + type: boolean + source: + pattern: ^/.+$ + type: string + required: + - destination + - source + type: object + type: array + filterAws: + properties: + Match: + type: string + imds_version: + type: string + type: object + filterKubernetes: + properties: + Annotations: + type: string + Buffer_Size: + type: string + Dummy_Meta: + type: string + K8S-Logging.Exclude: + type: string + K8S-Logging.Parser: + type: string + Keep_Log: + type: string + Kube_CA_File: + type: string + Kube_CA_Path: + type: string + Kube_Tag_Prefix: + type: string + Kube_Token_File: + type: string + Kube_URL: + type: string + Kube_meta_preload_cache_dir: + type: string + Labels: + type: string + Match: + type: string + Merge_Log: + type: string + Merge_Log_Key: + type: string + Merge_Log_Trim: + type: string + Merge_Parser: + type: string + Regex_Parser: + type: string + Use_Journal: + type: string + tls.debug: + type: string + tls.verify: + type: string + type: object + image: + properties: + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + inputTail: + properties: + Buffer_Chunk_Size: + type: string + Buffer_Max_Size: + type: string + DB: + type: string + DB_Sync: + type: string + Docker_Mode: + type: string + Docker_Mode_Flush: + type: string + Exclude_Path: + type: string + Ignore_Older: + type: string + Key: + type: string + Mem_Buf_Limit: + type: string + Multiline: + type: string + Multiline_Flush: + type: string + Parser: + type: string + Parser_Firstline: + type: string + Parser_N: + items: + type: string + type: array + Path: + type: string + Path_Key: + type: string + Refresh_Interval: + type: string + Rotate_Wait: + type: string + Skip_Long_Lines: + type: string + Tag: + type: string + Tag_Regex: + type: string + storage.type: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + type: object + timeout: + type: string + type: object + mountPath: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + parser: + type: string + podPriorityClassName: + type: string + position_db: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + positiondb: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + targetHost: + type: string + targetPort: + format: int32 + type: integer + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + type: object + fluentd: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + configCheckAnnotations: + additionalProperties: + type: string + type: object + configReloaderImage: + properties: + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + disablePvc: + type: boolean + fluentLogDestination: + type: string + fluentOutLogrotate: + properties: + age: + type: string + enabled: + type: boolean + path: + type: string + size: + type: string + required: + - enabled + type: object + fluentdPvcSpec: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + image: + properties: + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + type: object + timeout: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + type: object + podPriorityClassName: + type: string + port: + format: int32 + type: integer + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + scaling: + properties: + replicas: + type: integer + required: + - replicas + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeModImage: + properties: + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + volumeMountChmod: + type: boolean + workers: + format: int32 + type: integer + type: object + loggingRef: + type: string + watchNamespaces: + items: + type: string + type: array + required: + - controlNamespace + type: object + status: + properties: + configCheckResults: + additionalProperties: + type: boolean + type: object + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_outputs.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_outputs.yaml new file mode 100644 index 000000000..cc5caa94d --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_outputs.yaml @@ -0,0 +1,4136 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: outputs.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Output + listKind: OutputList + plural: outputs + singular: output + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_type: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + store_as: + type: string + required: + - azure_container + - azure_storage_access_key + - azure_storage_account + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer_chunk_limit: + type: string + hostname: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + type: string + ca_path: + type: string + client_cert: + type: string + client_key: + type: string + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + type: object + status: + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.6.001/Chart.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.6.001/Chart.yaml new file mode 100644 index 000000000..deb301813 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.6.001/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/release-name: rancher-logging-crd +apiVersion: v1 +description: Installs the CRDs for rancher-logging. +name: rancher-logging-crd +type: application +version: 3.6.001 diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.6.001/README.md b/released/charts/rancher-logging/rancher-logging-crd/3.6.001/README.md new file mode 100644 index 000000000..d4beb54fa --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.6.001/README.md @@ -0,0 +1,2 @@ +# rancher-logging-crd +A Rancher chart that installs the CRDs used by rancher-logging. diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_clusterflows.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_clusterflows.yaml new file mode 100644 index 000000000..ce242e787 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_clusterflows.yaml @@ -0,0 +1,552 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusterflows.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterFlow + listKind: ClusterFlowList + plural: clusterflows + singular: clusterflow + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_clusteroutputs.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_clusteroutputs.yaml new file mode 100644 index 000000000..1eaeb2ebb --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_clusteroutputs.yaml @@ -0,0 +1,4142 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusteroutputs.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterOutput + listKind: ClusterOutputList + plural: clusteroutputs + singular: clusteroutput + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_type: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + store_as: + type: string + required: + - azure_container + - azure_storage_access_key + - azure_storage_account + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + enabledNamespaces: + items: + type: string + type: array + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer_chunk_limit: + type: string + hostname: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + type: string + ca_path: + type: string + client_cert: + type: string + client_key: + type: string + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + type: object + status: + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_flows.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_flows.yaml new file mode 100644 index 000000000..fd4aaa812 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_flows.yaml @@ -0,0 +1,548 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: flows.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Flow + listKind: FlowList + plural: flows + singular: flow + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + localOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_loggings.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_loggings.yaml new file mode 100644 index 000000000..4600ae7b1 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_loggings.yaml @@ -0,0 +1,2411 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: loggings.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Logging + listKind: LoggingList + plural: loggings + singular: logging + preserveUnknownFields: false + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + allowClusterResourcesFromAllNamespaces: + type: boolean + controlNamespace: + type: string + defaultFlow: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + outputRefs: + items: + type: string + type: array + type: object + enableRecreateWorkloadOnImmutableFieldChange: + type: boolean + flowConfigCheckDisabled: + type: boolean + flowConfigOverride: + type: string + fluentbit: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorage: + properties: + storage.backlog.mem_limit: + type: string + storage.checksum: + type: string + storage.path: + type: string + storage.sync: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + customConfigSecret: + type: string + extraVolumeMounts: + items: + properties: + destination: + pattern: ^/.+$ + type: string + readOnly: + type: boolean + source: + pattern: ^/.+$ + type: string + required: + - destination + - source + type: object + type: array + filterAws: + properties: + Match: + type: string + imds_version: + type: string + type: object + filterKubernetes: + properties: + Annotations: + type: string + Buffer_Size: + type: string + Dummy_Meta: + type: string + K8S-Logging.Exclude: + type: string + K8S-Logging.Parser: + type: string + Keep_Log: + type: string + Kube_CA_File: + type: string + Kube_CA_Path: + type: string + Kube_Tag_Prefix: + type: string + Kube_Token_File: + type: string + Kube_URL: + type: string + Kube_meta_preload_cache_dir: + type: string + Labels: + type: string + Match: + type: string + Merge_Log: + type: string + Merge_Log_Key: + type: string + Merge_Log_Trim: + type: string + Merge_Parser: + type: string + Regex_Parser: + type: string + Use_Journal: + type: string + tls.debug: + type: string + tls.verify: + type: string + type: object + image: + properties: + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + inputTail: + properties: + Buffer_Chunk_Size: + type: string + Buffer_Max_Size: + type: string + DB: + type: string + DB_Sync: + type: string + Docker_Mode: + type: string + Docker_Mode_Flush: + type: string + Exclude_Path: + type: string + Ignore_Older: + type: string + Key: + type: string + Mem_Buf_Limit: + type: string + Multiline: + type: string + Multiline_Flush: + type: string + Parser: + type: string + Parser_Firstline: + type: string + Parser_N: + items: + type: string + type: array + Path: + type: string + Path_Key: + type: string + Refresh_Interval: + type: string + Rotate_Wait: + type: string + Skip_Long_Lines: + type: string + Tag: + type: string + Tag_Regex: + type: string + storage.type: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + type: object + timeout: + type: string + type: object + mountPath: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + parser: + type: string + podPriorityClassName: + type: string + position_db: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + positiondb: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + targetHost: + type: string + targetPort: + format: int32 + type: integer + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + type: object + fluentd: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + configCheckAnnotations: + additionalProperties: + type: string + type: object + configReloaderImage: + properties: + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + disablePvc: + type: boolean + fluentLogDestination: + type: string + fluentOutLogrotate: + properties: + age: + type: string + enabled: + type: boolean + path: + type: string + size: + type: string + required: + - enabled + type: object + fluentdPvcSpec: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + image: + properties: + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + type: object + timeout: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + type: object + podPriorityClassName: + type: string + port: + format: int32 + type: integer + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + scaling: + properties: + replicas: + type: integer + required: + - replicas + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeModImage: + properties: + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + volumeMountChmod: + type: boolean + workers: + format: int32 + type: integer + type: object + loggingRef: + type: string + watchNamespaces: + items: + type: string + type: array + required: + - controlNamespace + type: object + status: + properties: + configCheckResults: + additionalProperties: + type: boolean + type: object + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_outputs.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_outputs.yaml new file mode 100644 index 000000000..cc5caa94d --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_outputs.yaml @@ -0,0 +1,4136 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: outputs.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Output + listKind: OutputList + plural: outputs + singular: output + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_type: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + store_as: + type: string + required: + - azure_container + - azure_storage_access_key + - azure_storage_account + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer_chunk_limit: + type: string + hostname: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + type: string + ca_path: + type: string + client_cert: + type: string + client_key: + type: string + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + type: object + status: + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.8.201/Chart.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.8.201/Chart.yaml new file mode 100644 index 000000000..388f9665e --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.8.201/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/release-name: rancher-logging-crd +apiVersion: v1 +description: Installs the CRDs for rancher-logging. +name: rancher-logging-crd +type: application +version: 3.8.201 diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.8.201/README.md b/released/charts/rancher-logging/rancher-logging-crd/3.8.201/README.md new file mode 100644 index 000000000..d4beb54fa --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.8.201/README.md @@ -0,0 +1,2 @@ +# rancher-logging-crd +A Rancher chart that installs the CRDs used by rancher-logging. diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_clusterflows.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_clusterflows.yaml new file mode 100644 index 000000000..4b462a388 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_clusterflows.yaml @@ -0,0 +1,627 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusterflows.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the flow active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterFlow + listKind: ClusterFlowList + plural: clusterflows + singular: clusterflow + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_clusteroutputs.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_clusteroutputs.yaml new file mode 100644 index 000000000..b46916c7e --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_clusteroutputs.yaml @@ -0,0 +1,4531 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusteroutputs.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the output active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterOutput + listKind: ClusterOutputList + plural: clusteroutputs + singular: clusteroutput + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_type: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + store_as: + type: string + required: + - azure_container + - azure_storage_access_key + - azure_storage_account + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + enabledNamespaces: + items: + type: string + type: array + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer_chunk_limit: + type: string + hostname: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + insecure_tls: + type: boolean + key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + clustername: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + oneeye_format: + type: boolean + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + syslog: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + app_name_field: + type: string + hostname_field: + type: string + log_field: + type: string + message_id_field: + type: string + proc_id_field: + type: string + rfc6587_message_size: + type: boolean + structured_data_field: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insecure: + type: boolean + port: + type: integer + transport: + type: string + trusted_ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - host + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_flows.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_flows.yaml new file mode 100644 index 000000000..394d91927 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_flows.yaml @@ -0,0 +1,623 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: flows.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the flow active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Flow + listKind: FlowList + plural: flows + singular: flow + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + localOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_loggings.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_loggings.yaml new file mode 100644 index 000000000..256cc738e --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_loggings.yaml @@ -0,0 +1,2754 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: loggings.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Logging + listKind: LoggingList + plural: loggings + singular: logging + preserveUnknownFields: false + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + allowClusterResourcesFromAllNamespaces: + type: boolean + controlNamespace: + type: string + defaultFlow: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + outputRefs: + items: + type: string + type: array + type: object + enableRecreateWorkloadOnImmutableFieldChange: + type: boolean + flowConfigCheckDisabled: + type: boolean + flowConfigOverride: + type: string + fluentbit: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorage: + properties: + storage.backlog.mem_limit: + type: string + storage.checksum: + type: string + storage.path: + type: string + storage.sync: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + coroStackSize: + format: int32 + type: integer + customConfigSecret: + type: string + enableUpstream: + type: boolean + extraVolumeMounts: + items: + properties: + destination: + pattern: ^/.+$ + type: string + readOnly: + type: boolean + source: + pattern: ^/.+$ + type: string + required: + - destination + - source + type: object + type: array + filterAws: + properties: + Match: + type: string + account_id: + type: boolean + ami_id: + type: boolean + az: + type: boolean + ec2_instance_id: + type: boolean + ec2_instance_type: + type: boolean + hostname: + type: boolean + imds_version: + type: string + private_ip: + type: boolean + vpc_id: + type: boolean + type: object + filterKubernetes: + properties: + Annotations: + type: string + Buffer_Size: + type: string + Dummy_Meta: + type: string + K8S-Logging.Exclude: + type: string + K8S-Logging.Parser: + type: string + Keep_Log: + type: string + Kube_CA_File: + type: string + Kube_CA_Path: + type: string + Kube_Tag_Prefix: + type: string + Kube_Token_File: + type: string + Kube_URL: + type: string + Kube_meta_preload_cache_dir: + type: string + Labels: + type: string + Match: + type: string + Merge_Log: + type: string + Merge_Log_Key: + type: string + Merge_Log_Trim: + type: string + Merge_Parser: + type: string + Regex_Parser: + type: string + Use_Journal: + type: string + tls.debug: + type: string + tls.verify: + type: string + type: object + flush: + format: int32 + type: integer + forwardOptions: + properties: + Require_ack_response: + type: boolean + Retry_Limit: + type: string + Send_options: + type: boolean + Tag: + type: string + Time_as_Integer: + type: boolean + type: object + grace: + format: int32 + type: integer + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + inputTail: + properties: + Buffer_Chunk_Size: + type: string + Buffer_Max_Size: + type: string + DB: + type: string + DB_Sync: + type: string + Docker_Mode: + type: string + Docker_Mode_Flush: + type: string + Exclude_Path: + type: string + Ignore_Older: + type: string + Key: + type: string + Mem_Buf_Limit: + type: string + Multiline: + type: string + Multiline_Flush: + type: string + Parser: + type: string + Parser_Firstline: + type: string + Parser_N: + items: + type: string + type: array + Path: + type: string + Path_Key: + type: string + Refresh_Interval: + type: string + Rotate_Wait: + type: string + Skip_Long_Lines: + type: string + Tag: + type: string + Tag_Regex: + type: string + storage.type: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + mountPath: + type: string + network: + properties: + connectTimeout: + format: int32 + type: integer + keepalive: + type: boolean + keepaliveIdleTimeout: + format: int32 + type: integer + keepaliveMaxRecycle: + format: int32 + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + type: object + parser: + type: string + podPriorityClassName: + type: string + position_db: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + positiondb: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + targetHost: + type: string + targetPort: + format: int32 + type: integer + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + type: object + fluentd: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + configCheckAnnotations: + additionalProperties: + type: string + type: object + configReloaderImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + disablePvc: + type: boolean + fluentLogDestination: + type: string + fluentOutLogrotate: + properties: + age: + type: string + enabled: + type: boolean + path: + type: string + size: + type: string + required: + - enabled + type: object + fluentdPvcSpec: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + forwardInputConfig: + properties: + add_tag_prefix: + type: string + bind: + type: string + chunk_size_limit: + type: string + chunk_size_warn_limit: + type: string + deny_keepalive: + type: boolean + linger_timeout: + type: integer + port: + type: string + resolve_hostname: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_keepalive_packet: + type: boolean + skip_invalid_event: + type: boolean + source_address_key: + type: string + sourceHostnameKey: + type: string + tag: + type: string + transport: + properties: + ca_cert_path: + type: string + ca_path: + type: string + ca_private_key_passphrase: + type: string + ca_private_key_path: + type: string + cert_path: + type: string + ciphers: + type: string + client_cert_auth: + type: boolean + insecure: + type: boolean + private_key_passphrase: + type: string + private_key_path: + type: string + protocol: + type: string + version: + type: string + type: object + type: object + ignoreRepeatedLogInterval: + type: string + ignoreSameLogInterval: + type: string + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + type: object + podPriorityClassName: + type: string + port: + format: int32 + type: integer + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + rootDir: + type: string + scaling: + properties: + podManagementPolicy: + type: string + replicas: + type: integer + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeModImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + volumeMountChmod: + type: boolean + workers: + format: int32 + type: integer + type: object + loggingRef: + type: string + watchNamespaces: + items: + type: string + type: array + required: + - controlNamespace + type: object + status: + properties: + configCheckResults: + additionalProperties: + type: boolean + type: object + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_outputs.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_outputs.yaml new file mode 100644 index 000000000..01b84e408 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_outputs.yaml @@ -0,0 +1,4525 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: outputs.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the output active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Output + listKind: OutputList + plural: outputs + singular: output + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_type: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + store_as: + type: string + required: + - azure_container + - azure_storage_access_key + - azure_storage_account + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer_chunk_limit: + type: string + hostname: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + insecure_tls: + type: boolean + key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + clustername: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + oneeye_format: + type: boolean + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + syslog: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + app_name_field: + type: string + hostname_field: + type: string + log_field: + type: string + message_id_field: + type: string + proc_id_field: + type: string + rfc6587_message_size: + type: boolean + structured_data_field: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insecure: + type: boolean + port: + type: integer + transport: + type: string + trusted_ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - host + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.000/Chart.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.000/Chart.yaml new file mode 100755 index 000000000..d9ace18ce --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.000/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/release-name: rancher-logging-crd +apiVersion: v1 +description: Installs the CRDs for rancher-logging. +name: rancher-logging-crd +type: application +version: 3.9.000 diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.000/README.md b/released/charts/rancher-logging/rancher-logging-crd/3.9.000/README.md new file mode 100755 index 000000000..d4beb54fa --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.000/README.md @@ -0,0 +1,2 @@ +# rancher-logging-crd +A Rancher chart that installs the CRDs used by rancher-logging. diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_clusterflows.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_clusterflows.yaml new file mode 100755 index 000000000..9fc6e22a5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_clusterflows.yaml @@ -0,0 +1,765 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusterflows.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the flow active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterFlow + listKind: ClusterFlowList + plural: clusterflows + singular: clusterflow + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_clusteroutputs.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_clusteroutputs.yaml new file mode 100755 index 000000000..a82252ad9 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_clusteroutputs.yaml @@ -0,0 +1,4563 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusteroutputs.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the output active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterOutput + listKind: ClusterOutputList + plural: clusteroutputs + singular: clusteroutput + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_imds_api_version: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_sas_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + required: + - azure_container + - azure_storage_access_key + - azure_storage_account + - azure_storage_sas_token + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + enabledNamespaces: + items: + type: string + type: array + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer_chunk_limit: + type: string + hostname: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + insecure_tls: + type: boolean + key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + clustername: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + oneeye_format: + type: boolean + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + syslog: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + app_name_field: + type: string + hostname_field: + type: string + log_field: + type: string + message_id_field: + type: string + proc_id_field: + type: string + rfc6587_message_size: + type: boolean + structured_data_field: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insecure: + type: boolean + port: + type: integer + transport: + type: string + trusted_ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - host + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_flows.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_flows.yaml new file mode 100755 index 000000000..a01a1331d --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_flows.yaml @@ -0,0 +1,761 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: flows.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the flow active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Flow + listKind: FlowList + plural: flows + singular: flow + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + localOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_loggings.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_loggings.yaml new file mode 100755 index 000000000..d14c80e2c --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_loggings.yaml @@ -0,0 +1,3536 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: loggings.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Logging + listKind: LoggingList + plural: loggings + singular: logging + preserveUnknownFields: false + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + allowClusterResourcesFromAllNamespaces: + type: boolean + controlNamespace: + type: string + defaultFlow: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + outputRefs: + items: + type: string + type: array + type: object + enableRecreateWorkloadOnImmutableFieldChange: + type: boolean + flowConfigCheckDisabled: + type: boolean + flowConfigOverride: + type: string + fluentbit: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorage: + properties: + storage.backlog.mem_limit: + type: string + storage.checksum: + type: string + storage.path: + type: string + storage.sync: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + coroStackSize: + format: int32 + type: integer + customConfigSecret: + type: string + disableKubernetesFilter: + type: boolean + enableUpstream: + type: boolean + extraVolumeMounts: + items: + properties: + destination: + pattern: ^/.+$ + type: string + readOnly: + type: boolean + source: + pattern: ^/.+$ + type: string + required: + - destination + - source + type: object + type: array + filterAws: + properties: + Match: + type: string + account_id: + type: boolean + ami_id: + type: boolean + az: + type: boolean + ec2_instance_id: + type: boolean + ec2_instance_type: + type: boolean + hostname: + type: boolean + imds_version: + type: string + private_ip: + type: boolean + vpc_id: + type: boolean + type: object + filterKubernetes: + properties: + Annotations: + type: string + Buffer_Size: + type: string + Dummy_Meta: + type: string + K8S-Logging.Exclude: + type: string + K8S-Logging.Parser: + type: string + Keep_Log: + type: string + Kube_CA_File: + type: string + Kube_CA_Path: + type: string + Kube_Tag_Prefix: + type: string + Kube_Token_File: + type: string + Kube_URL: + type: string + Kube_meta_preload_cache_dir: + type: string + Labels: + type: string + Match: + type: string + Merge_Log: + type: string + Merge_Log_Key: + type: string + Merge_Log_Trim: + type: string + Merge_Parser: + type: string + Regex_Parser: + type: string + Use_Journal: + type: string + tls.debug: + type: string + tls.verify: + type: string + type: object + flush: + format: int32 + type: integer + forwardOptions: + properties: + Require_ack_response: + type: boolean + Retry_Limit: + type: string + Send_options: + type: boolean + Tag: + type: string + Time_as_Integer: + type: boolean + type: object + grace: + format: int32 + type: integer + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + inputTail: + properties: + Buffer_Chunk_Size: + type: string + Buffer_Max_Size: + type: string + DB: + type: string + DB_Sync: + type: string + Docker_Mode: + type: string + Docker_Mode_Flush: + type: string + Exclude_Path: + type: string + Ignore_Older: + type: string + Key: + type: string + Mem_Buf_Limit: + type: string + Multiline: + type: string + Multiline_Flush: + type: string + Parser: + type: string + Parser_Firstline: + type: string + Parser_N: + items: + type: string + type: array + Path: + type: string + Path_Key: + type: string + Refresh_Interval: + type: string + Rotate_Wait: + type: string + Skip_Long_Lines: + type: string + Tag: + type: string + Tag_Regex: + type: string + storage.type: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + mountPath: + type: string + network: + properties: + connectTimeout: + format: int32 + type: integer + keepalive: + type: boolean + keepaliveIdleTimeout: + format: int32 + type: integer + keepaliveMaxRecycle: + format: int32 + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + type: object + parser: + type: string + podPriorityClassName: + type: string + position_db: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + positiondb: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + targetHost: + type: string + targetPort: + format: int32 + type: integer + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + type: object + fluentd: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + configCheckAnnotations: + additionalProperties: + type: string + type: object + configReloaderImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + disablePvc: + type: boolean + fluentLogDestination: + type: string + fluentOutLogrotate: + properties: + age: + type: string + enabled: + type: boolean + path: + type: string + size: + type: string + required: + - enabled + type: object + fluentdPvcSpec: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + forwardInputConfig: + properties: + add_tag_prefix: + type: string + bind: + type: string + chunk_size_limit: + type: string + chunk_size_warn_limit: + type: string + deny_keepalive: + type: boolean + linger_timeout: + type: integer + port: + type: string + resolve_hostname: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_keepalive_packet: + type: boolean + skip_invalid_event: + type: boolean + source_address_key: + type: string + sourceHostnameKey: + type: string + tag: + type: string + transport: + properties: + ca_cert_path: + type: string + ca_path: + type: string + ca_private_key_passphrase: + type: string + ca_private_key_path: + type: string + cert_path: + type: string + ciphers: + type: string + client_cert_auth: + type: boolean + insecure: + type: boolean + private_key_passphrase: + type: string + private_key_path: + type: string + protocol: + type: string + version: + type: string + type: object + type: object + ignoreRepeatedLogInterval: + type: string + ignoreSameLogInterval: + type: string + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + type: object + podPriorityClassName: + type: string + port: + format: int32 + type: integer + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + rootDir: + type: string + scaling: + properties: + podManagementPolicy: + type: string + replicas: + type: integer + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeModImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + volumeMountChmod: + type: boolean + workers: + format: int32 + type: integer + type: object + globalFilters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + loggingRef: + type: string + watchNamespaces: + items: + type: string + type: array + required: + - controlNamespace + type: object + status: + properties: + configCheckResults: + additionalProperties: + type: boolean + type: object + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_outputs.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_outputs.yaml new file mode 100755 index 000000000..b04c809ce --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_outputs.yaml @@ -0,0 +1,4557 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: outputs.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the output active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Output + listKind: OutputList + plural: outputs + singular: output + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_imds_api_version: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_sas_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + required: + - azure_container + - azure_storage_access_key + - azure_storage_account + - azure_storage_sas_token + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer_chunk_limit: + type: string + hostname: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + insecure_tls: + type: boolean + key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + clustername: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + oneeye_format: + type: boolean + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + syslog: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + app_name_field: + type: string + hostname_field: + type: string + log_field: + type: string + message_id_field: + type: string + proc_id_field: + type: string + rfc6587_message_size: + type: boolean + structured_data_field: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insecure: + type: boolean + port: + type: integer + transport: + type: string + trusted_ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - host + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.001/Chart.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.001/Chart.yaml new file mode 100755 index 000000000..35114d22f --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.001/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/release-name: rancher-logging-crd +apiVersion: v1 +description: Installs the CRDs for rancher-logging. +name: rancher-logging-crd +type: application +version: 3.9.001 diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.001/README.md b/released/charts/rancher-logging/rancher-logging-crd/3.9.001/README.md new file mode 100755 index 000000000..d4beb54fa --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.001/README.md @@ -0,0 +1,2 @@ +# rancher-logging-crd +A Rancher chart that installs the CRDs used by rancher-logging. diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_clusterflows.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_clusterflows.yaml new file mode 100755 index 000000000..9fc6e22a5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_clusterflows.yaml @@ -0,0 +1,765 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusterflows.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the flow active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterFlow + listKind: ClusterFlowList + plural: clusterflows + singular: clusterflow + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_clusteroutputs.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_clusteroutputs.yaml new file mode 100755 index 000000000..a82252ad9 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_clusteroutputs.yaml @@ -0,0 +1,4563 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusteroutputs.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the output active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterOutput + listKind: ClusterOutputList + plural: clusteroutputs + singular: clusteroutput + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_imds_api_version: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_sas_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + required: + - azure_container + - azure_storage_access_key + - azure_storage_account + - azure_storage_sas_token + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + enabledNamespaces: + items: + type: string + type: array + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer_chunk_limit: + type: string + hostname: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + insecure_tls: + type: boolean + key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + clustername: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + oneeye_format: + type: boolean + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + syslog: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + app_name_field: + type: string + hostname_field: + type: string + log_field: + type: string + message_id_field: + type: string + proc_id_field: + type: string + rfc6587_message_size: + type: boolean + structured_data_field: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insecure: + type: boolean + port: + type: integer + transport: + type: string + trusted_ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - host + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_flows.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_flows.yaml new file mode 100755 index 000000000..a01a1331d --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_flows.yaml @@ -0,0 +1,761 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: flows.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the flow active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Flow + listKind: FlowList + plural: flows + singular: flow + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + localOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_loggings.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_loggings.yaml new file mode 100755 index 000000000..d14c80e2c --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_loggings.yaml @@ -0,0 +1,3536 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: loggings.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Logging + listKind: LoggingList + plural: loggings + singular: logging + preserveUnknownFields: false + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + allowClusterResourcesFromAllNamespaces: + type: boolean + controlNamespace: + type: string + defaultFlow: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + outputRefs: + items: + type: string + type: array + type: object + enableRecreateWorkloadOnImmutableFieldChange: + type: boolean + flowConfigCheckDisabled: + type: boolean + flowConfigOverride: + type: string + fluentbit: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorage: + properties: + storage.backlog.mem_limit: + type: string + storage.checksum: + type: string + storage.path: + type: string + storage.sync: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + coroStackSize: + format: int32 + type: integer + customConfigSecret: + type: string + disableKubernetesFilter: + type: boolean + enableUpstream: + type: boolean + extraVolumeMounts: + items: + properties: + destination: + pattern: ^/.+$ + type: string + readOnly: + type: boolean + source: + pattern: ^/.+$ + type: string + required: + - destination + - source + type: object + type: array + filterAws: + properties: + Match: + type: string + account_id: + type: boolean + ami_id: + type: boolean + az: + type: boolean + ec2_instance_id: + type: boolean + ec2_instance_type: + type: boolean + hostname: + type: boolean + imds_version: + type: string + private_ip: + type: boolean + vpc_id: + type: boolean + type: object + filterKubernetes: + properties: + Annotations: + type: string + Buffer_Size: + type: string + Dummy_Meta: + type: string + K8S-Logging.Exclude: + type: string + K8S-Logging.Parser: + type: string + Keep_Log: + type: string + Kube_CA_File: + type: string + Kube_CA_Path: + type: string + Kube_Tag_Prefix: + type: string + Kube_Token_File: + type: string + Kube_URL: + type: string + Kube_meta_preload_cache_dir: + type: string + Labels: + type: string + Match: + type: string + Merge_Log: + type: string + Merge_Log_Key: + type: string + Merge_Log_Trim: + type: string + Merge_Parser: + type: string + Regex_Parser: + type: string + Use_Journal: + type: string + tls.debug: + type: string + tls.verify: + type: string + type: object + flush: + format: int32 + type: integer + forwardOptions: + properties: + Require_ack_response: + type: boolean + Retry_Limit: + type: string + Send_options: + type: boolean + Tag: + type: string + Time_as_Integer: + type: boolean + type: object + grace: + format: int32 + type: integer + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + inputTail: + properties: + Buffer_Chunk_Size: + type: string + Buffer_Max_Size: + type: string + DB: + type: string + DB_Sync: + type: string + Docker_Mode: + type: string + Docker_Mode_Flush: + type: string + Exclude_Path: + type: string + Ignore_Older: + type: string + Key: + type: string + Mem_Buf_Limit: + type: string + Multiline: + type: string + Multiline_Flush: + type: string + Parser: + type: string + Parser_Firstline: + type: string + Parser_N: + items: + type: string + type: array + Path: + type: string + Path_Key: + type: string + Refresh_Interval: + type: string + Rotate_Wait: + type: string + Skip_Long_Lines: + type: string + Tag: + type: string + Tag_Regex: + type: string + storage.type: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + mountPath: + type: string + network: + properties: + connectTimeout: + format: int32 + type: integer + keepalive: + type: boolean + keepaliveIdleTimeout: + format: int32 + type: integer + keepaliveMaxRecycle: + format: int32 + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + type: object + parser: + type: string + podPriorityClassName: + type: string + position_db: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + positiondb: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + targetHost: + type: string + targetPort: + format: int32 + type: integer + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + type: object + fluentd: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + configCheckAnnotations: + additionalProperties: + type: string + type: object + configReloaderImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + disablePvc: + type: boolean + fluentLogDestination: + type: string + fluentOutLogrotate: + properties: + age: + type: string + enabled: + type: boolean + path: + type: string + size: + type: string + required: + - enabled + type: object + fluentdPvcSpec: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + forwardInputConfig: + properties: + add_tag_prefix: + type: string + bind: + type: string + chunk_size_limit: + type: string + chunk_size_warn_limit: + type: string + deny_keepalive: + type: boolean + linger_timeout: + type: integer + port: + type: string + resolve_hostname: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_keepalive_packet: + type: boolean + skip_invalid_event: + type: boolean + source_address_key: + type: string + sourceHostnameKey: + type: string + tag: + type: string + transport: + properties: + ca_cert_path: + type: string + ca_path: + type: string + ca_private_key_passphrase: + type: string + ca_private_key_path: + type: string + cert_path: + type: string + ciphers: + type: string + client_cert_auth: + type: boolean + insecure: + type: boolean + private_key_passphrase: + type: string + private_key_path: + type: string + protocol: + type: string + version: + type: string + type: object + type: object + ignoreRepeatedLogInterval: + type: string + ignoreSameLogInterval: + type: string + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + type: object + podPriorityClassName: + type: string + port: + format: int32 + type: integer + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + rootDir: + type: string + scaling: + properties: + podManagementPolicy: + type: string + replicas: + type: integer + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeModImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + volumeMountChmod: + type: boolean + workers: + format: int32 + type: integer + type: object + globalFilters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + loggingRef: + type: string + watchNamespaces: + items: + type: string + type: array + required: + - controlNamespace + type: object + status: + properties: + configCheckResults: + additionalProperties: + type: boolean + type: object + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_outputs.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_outputs.yaml new file mode 100755 index 000000000..b04c809ce --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_outputs.yaml @@ -0,0 +1,4557 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: outputs.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the output active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Output + listKind: OutputList + plural: outputs + singular: output + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_imds_api_version: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_sas_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + required: + - azure_container + - azure_storage_access_key + - azure_storage_account + - azure_storage_sas_token + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer_chunk_limit: + type: string + hostname: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + insecure_tls: + type: boolean + key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + clustername: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + oneeye_format: + type: boolean + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + syslog: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + app_name_field: + type: string + hostname_field: + type: string + log_field: + type: string + message_id_field: + type: string + proc_id_field: + type: string + rfc6587_message_size: + type: boolean + structured_data_field: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insecure: + type: boolean + port: + type: integer + transport: + type: string + trusted_ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - host + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.002/Chart.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.002/Chart.yaml new file mode 100755 index 000000000..f40269b60 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.002/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/release-name: rancher-logging-crd +apiVersion: v1 +description: Installs the CRDs for rancher-logging. +name: rancher-logging-crd +type: application +version: 3.9.002 diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.002/README.md b/released/charts/rancher-logging/rancher-logging-crd/3.9.002/README.md new file mode 100755 index 000000000..d4beb54fa --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.002/README.md @@ -0,0 +1,2 @@ +# rancher-logging-crd +A Rancher chart that installs the CRDs used by rancher-logging. diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_clusterflows.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_clusterflows.yaml new file mode 100755 index 000000000..9fc6e22a5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_clusterflows.yaml @@ -0,0 +1,765 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusterflows.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the flow active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterFlow + listKind: ClusterFlowList + plural: clusterflows + singular: clusterflow + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_clusteroutputs.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_clusteroutputs.yaml new file mode 100755 index 000000000..a82252ad9 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_clusteroutputs.yaml @@ -0,0 +1,4563 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusteroutputs.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the output active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterOutput + listKind: ClusterOutputList + plural: clusteroutputs + singular: clusteroutput + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_imds_api_version: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_sas_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + required: + - azure_container + - azure_storage_access_key + - azure_storage_account + - azure_storage_sas_token + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + enabledNamespaces: + items: + type: string + type: array + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer_chunk_limit: + type: string + hostname: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + insecure_tls: + type: boolean + key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + clustername: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + oneeye_format: + type: boolean + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + syslog: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + app_name_field: + type: string + hostname_field: + type: string + log_field: + type: string + message_id_field: + type: string + proc_id_field: + type: string + rfc6587_message_size: + type: boolean + structured_data_field: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insecure: + type: boolean + port: + type: integer + transport: + type: string + trusted_ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - host + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_flows.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_flows.yaml new file mode 100755 index 000000000..a01a1331d --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_flows.yaml @@ -0,0 +1,761 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: flows.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the flow active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Flow + listKind: FlowList + plural: flows + singular: flow + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + localOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_loggings.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_loggings.yaml new file mode 100755 index 000000000..d14c80e2c --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_loggings.yaml @@ -0,0 +1,3536 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: loggings.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Logging + listKind: LoggingList + plural: loggings + singular: logging + preserveUnknownFields: false + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + allowClusterResourcesFromAllNamespaces: + type: boolean + controlNamespace: + type: string + defaultFlow: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + outputRefs: + items: + type: string + type: array + type: object + enableRecreateWorkloadOnImmutableFieldChange: + type: boolean + flowConfigCheckDisabled: + type: boolean + flowConfigOverride: + type: string + fluentbit: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorage: + properties: + storage.backlog.mem_limit: + type: string + storage.checksum: + type: string + storage.path: + type: string + storage.sync: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + coroStackSize: + format: int32 + type: integer + customConfigSecret: + type: string + disableKubernetesFilter: + type: boolean + enableUpstream: + type: boolean + extraVolumeMounts: + items: + properties: + destination: + pattern: ^/.+$ + type: string + readOnly: + type: boolean + source: + pattern: ^/.+$ + type: string + required: + - destination + - source + type: object + type: array + filterAws: + properties: + Match: + type: string + account_id: + type: boolean + ami_id: + type: boolean + az: + type: boolean + ec2_instance_id: + type: boolean + ec2_instance_type: + type: boolean + hostname: + type: boolean + imds_version: + type: string + private_ip: + type: boolean + vpc_id: + type: boolean + type: object + filterKubernetes: + properties: + Annotations: + type: string + Buffer_Size: + type: string + Dummy_Meta: + type: string + K8S-Logging.Exclude: + type: string + K8S-Logging.Parser: + type: string + Keep_Log: + type: string + Kube_CA_File: + type: string + Kube_CA_Path: + type: string + Kube_Tag_Prefix: + type: string + Kube_Token_File: + type: string + Kube_URL: + type: string + Kube_meta_preload_cache_dir: + type: string + Labels: + type: string + Match: + type: string + Merge_Log: + type: string + Merge_Log_Key: + type: string + Merge_Log_Trim: + type: string + Merge_Parser: + type: string + Regex_Parser: + type: string + Use_Journal: + type: string + tls.debug: + type: string + tls.verify: + type: string + type: object + flush: + format: int32 + type: integer + forwardOptions: + properties: + Require_ack_response: + type: boolean + Retry_Limit: + type: string + Send_options: + type: boolean + Tag: + type: string + Time_as_Integer: + type: boolean + type: object + grace: + format: int32 + type: integer + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + inputTail: + properties: + Buffer_Chunk_Size: + type: string + Buffer_Max_Size: + type: string + DB: + type: string + DB_Sync: + type: string + Docker_Mode: + type: string + Docker_Mode_Flush: + type: string + Exclude_Path: + type: string + Ignore_Older: + type: string + Key: + type: string + Mem_Buf_Limit: + type: string + Multiline: + type: string + Multiline_Flush: + type: string + Parser: + type: string + Parser_Firstline: + type: string + Parser_N: + items: + type: string + type: array + Path: + type: string + Path_Key: + type: string + Refresh_Interval: + type: string + Rotate_Wait: + type: string + Skip_Long_Lines: + type: string + Tag: + type: string + Tag_Regex: + type: string + storage.type: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + mountPath: + type: string + network: + properties: + connectTimeout: + format: int32 + type: integer + keepalive: + type: boolean + keepaliveIdleTimeout: + format: int32 + type: integer + keepaliveMaxRecycle: + format: int32 + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + type: object + parser: + type: string + podPriorityClassName: + type: string + position_db: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + positiondb: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + targetHost: + type: string + targetPort: + format: int32 + type: integer + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + type: object + fluentd: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + configCheckAnnotations: + additionalProperties: + type: string + type: object + configReloaderImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + disablePvc: + type: boolean + fluentLogDestination: + type: string + fluentOutLogrotate: + properties: + age: + type: string + enabled: + type: boolean + path: + type: string + size: + type: string + required: + - enabled + type: object + fluentdPvcSpec: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + forwardInputConfig: + properties: + add_tag_prefix: + type: string + bind: + type: string + chunk_size_limit: + type: string + chunk_size_warn_limit: + type: string + deny_keepalive: + type: boolean + linger_timeout: + type: integer + port: + type: string + resolve_hostname: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_keepalive_packet: + type: boolean + skip_invalid_event: + type: boolean + source_address_key: + type: string + sourceHostnameKey: + type: string + tag: + type: string + transport: + properties: + ca_cert_path: + type: string + ca_path: + type: string + ca_private_key_passphrase: + type: string + ca_private_key_path: + type: string + cert_path: + type: string + ciphers: + type: string + client_cert_auth: + type: boolean + insecure: + type: boolean + private_key_passphrase: + type: string + private_key_path: + type: string + protocol: + type: string + version: + type: string + type: object + type: object + ignoreRepeatedLogInterval: + type: string + ignoreSameLogInterval: + type: string + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + type: object + podPriorityClassName: + type: string + port: + format: int32 + type: integer + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + rootDir: + type: string + scaling: + properties: + podManagementPolicy: + type: string + replicas: + type: integer + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeModImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + volumeMountChmod: + type: boolean + workers: + format: int32 + type: integer + type: object + globalFilters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + loggingRef: + type: string + watchNamespaces: + items: + type: string + type: array + required: + - controlNamespace + type: object + status: + properties: + configCheckResults: + additionalProperties: + type: boolean + type: object + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_outputs.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_outputs.yaml new file mode 100755 index 000000000..b04c809ce --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_outputs.yaml @@ -0,0 +1,4557 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: outputs.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the output active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Output + listKind: OutputList + plural: outputs + singular: output + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_imds_api_version: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_sas_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + required: + - azure_container + - azure_storage_access_key + - azure_storage_account + - azure_storage_sas_token + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer_chunk_limit: + type: string + hostname: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + insecure_tls: + type: boolean + key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + clustername: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + oneeye_format: + type: boolean + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + syslog: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + app_name_field: + type: string + hostname_field: + type: string + log_field: + type: string + message_id_field: + type: string + proc_id_field: + type: string + rfc6587_message_size: + type: boolean + structured_data_field: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insecure: + type: boolean + port: + type: integer + transport: + type: string + trusted_ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - host + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.400/Chart.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.400/Chart.yaml new file mode 100755 index 000000000..012115ac4 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.400/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/release-name: rancher-logging-crd +apiVersion: v1 +description: Installs the CRDs for rancher-logging. +name: rancher-logging-crd +type: application +version: 3.9.400 diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.400/README.md b/released/charts/rancher-logging/rancher-logging-crd/3.9.400/README.md new file mode 100755 index 000000000..d4beb54fa --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.400/README.md @@ -0,0 +1,2 @@ +# rancher-logging-crd +A Rancher chart that installs the CRDs used by rancher-logging. diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_clusterflows.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_clusterflows.yaml new file mode 100755 index 000000000..9fc6e22a5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_clusterflows.yaml @@ -0,0 +1,765 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusterflows.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the flow active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterFlow + listKind: ClusterFlowList + plural: clusterflows + singular: clusterflow + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_clusteroutputs.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_clusteroutputs.yaml new file mode 100755 index 000000000..029e28ec8 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_clusteroutputs.yaml @@ -0,0 +1,4721 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusteroutputs.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the output active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterOutput + listKind: ClusterOutputList + plural: clusteroutputs + singular: clusteroutput + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_imds_api_version: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_sas_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + required: + - azure_container + - azure_storage_access_key + - azure_storage_account + - azure_storage_sas_token + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + enabledNamespaces: + items: + type: string + type: array + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + gelf: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + host: + type: string + port: + type: integer + protocol: + type: string + tls: + type: boolean + tls_options: + additionalProperties: + type: string + type: object + required: + - host + - port + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + hostname: + type: string + ingester_domain: + type: string + ingester_endpoint: + type: string + request_timeout: + type: string + tags: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + insecure_tls: + type: boolean + key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + clustername: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + oneeye_format: + type: boolean + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + syslog: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + app_name_field: + type: string + hostname_field: + type: string + log_field: + type: string + message_id_field: + type: string + proc_id_field: + type: string + rfc6587_message_size: + type: boolean + structured_data_field: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insecure: + type: boolean + port: + type: integer + transport: + type: string + trusted_ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - host + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_flows.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_flows.yaml new file mode 100755 index 000000000..a01a1331d --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_flows.yaml @@ -0,0 +1,761 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: flows.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the flow active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Flow + listKind: FlowList + plural: flows + singular: flow + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + localOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_loggings.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_loggings.yaml new file mode 100755 index 000000000..9d9c20fa1 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_loggings.yaml @@ -0,0 +1,7095 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: loggings.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Logging + listKind: LoggingList + plural: loggings + singular: logging + preserveUnknownFields: false + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + allowClusterResourcesFromAllNamespaces: + type: boolean + controlNamespace: + type: string + defaultFlow: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + outputRefs: + items: + type: string + type: array + type: object + enableRecreateWorkloadOnImmutableFieldChange: + type: boolean + flowConfigCheckDisabled: + type: boolean + flowConfigOverride: + type: string + fluentbit: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorage: + properties: + storage.backlog.mem_limit: + type: string + storage.checksum: + type: string + storage.path: + type: string + storage.sync: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + coroStackSize: + format: int32 + type: integer + customConfigSecret: + type: string + disableKubernetesFilter: + type: boolean + enableUpstream: + type: boolean + extraVolumeMounts: + items: + properties: + destination: + pattern: ^/.+$ + type: string + readOnly: + type: boolean + source: + pattern: ^/.+$ + type: string + required: + - destination + - source + type: object + type: array + filterAws: + properties: + Match: + type: string + account_id: + type: boolean + ami_id: + type: boolean + az: + type: boolean + ec2_instance_id: + type: boolean + ec2_instance_type: + type: boolean + hostname: + type: boolean + imds_version: + type: string + private_ip: + type: boolean + vpc_id: + type: boolean + type: object + filterKubernetes: + properties: + Annotations: + type: string + Buffer_Size: + type: string + Dummy_Meta: + type: string + K8S-Logging.Exclude: + type: string + K8S-Logging.Parser: + type: string + Keep_Log: + type: string + Kube_CA_File: + type: string + Kube_CA_Path: + type: string + Kube_Tag_Prefix: + type: string + Kube_Token_File: + type: string + Kube_URL: + type: string + Kube_meta_preload_cache_dir: + type: string + Labels: + type: string + Match: + type: string + Merge_Log: + type: string + Merge_Log_Key: + type: string + Merge_Log_Trim: + type: string + Merge_Parser: + type: string + Regex_Parser: + type: string + Use_Journal: + type: string + tls.debug: + type: string + tls.verify: + type: string + type: object + flush: + format: int32 + type: integer + forwardOptions: + properties: + Require_ack_response: + type: boolean + Retry_Limit: + type: string + Send_options: + type: boolean + Tag: + type: string + Time_as_Integer: + type: boolean + type: object + grace: + format: int32 + type: integer + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + inputTail: + properties: + Buffer_Chunk_Size: + type: string + Buffer_Max_Size: + type: string + DB: + type: string + DB_Sync: + type: string + Docker_Mode: + type: string + Docker_Mode_Flush: + type: string + Exclude_Path: + type: string + Ignore_Older: + type: string + Key: + type: string + Mem_Buf_Limit: + type: string + Multiline: + type: string + Multiline_Flush: + type: string + Parser: + type: string + Parser_Firstline: + type: string + Parser_N: + items: + type: string + type: array + Path: + type: string + Path_Key: + type: string + Refresh_Interval: + type: string + Rotate_Wait: + type: string + Skip_Long_Lines: + type: string + Tag: + type: string + Tag_Regex: + type: string + storage.type: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + mountPath: + type: string + network: + properties: + connectTimeout: + format: int32 + type: integer + keepalive: + type: boolean + keepaliveIdleTimeout: + format: int32 + type: integer + keepaliveMaxRecycle: + format: int32 + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + type: object + parser: + type: string + podPriorityClassName: + type: string + position_db: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + positiondb: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + targetHost: + type: string + targetPort: + format: int32 + type: integer + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + type: object + fluentd: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + configCheckAnnotations: + additionalProperties: + type: string + type: object + configReloaderImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + disablePvc: + type: boolean + fluentLogDestination: + type: string + fluentOutLogrotate: + properties: + age: + type: string + enabled: + type: boolean + path: + type: string + size: + type: string + required: + - enabled + type: object + fluentdPvcSpec: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + forwardInputConfig: + properties: + add_tag_prefix: + type: string + bind: + type: string + chunk_size_limit: + type: string + chunk_size_warn_limit: + type: string + deny_keepalive: + type: boolean + linger_timeout: + type: integer + port: + type: string + resolve_hostname: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_keepalive_packet: + type: boolean + skip_invalid_event: + type: boolean + source_address_key: + type: string + sourceHostnameKey: + type: string + tag: + type: string + transport: + properties: + ca_cert_path: + type: string + ca_path: + type: string + ca_private_key_passphrase: + type: string + ca_private_key_path: + type: string + cert_path: + type: string + ciphers: + type: string + client_cert_auth: + type: boolean + insecure: + type: boolean + private_key_passphrase: + type: string + private_key_path: + type: string + protocol: + type: string + version: + type: string + type: object + type: object + ignoreRepeatedLogInterval: + type: string + ignoreSameLogInterval: + type: string + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + type: object + podPriorityClassName: + type: string + port: + format: int32 + type: integer + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + rootDir: + type: string + scaling: + properties: + podManagementPolicy: + type: string + replicas: + type: integer + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeModImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + volumeMountChmod: + type: boolean + workers: + format: int32 + type: integer + type: object + globalFilters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + loggingRef: + type: string + nodeAgents: + items: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + name: + type: string + nodeAgentFluentbit: + properties: + bufferStorage: + properties: + storage.backlog.mem_limit: + type: string + storage.checksum: + type: string + storage.path: + type: string + storage.sync: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + containersPath: + type: string + coroStackSize: + format: int32 + type: integer + customConfigSecret: + type: string + daemonSet: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + minReadySeconds: + format: int32 + type: integer + revisionHistoryLimit: + format: int32 + type: integer + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + overhead: + additionalProperties: + type: string + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + maxSkew: + format: int32 + type: integer + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + ephemeral: + properties: + readOnly: + type: boolean + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + type: object + updateStrategy: + properties: + rollingUpdate: + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: + type: string + type: object + type: object + type: object + disableKubernetesFilter: + type: boolean + enableUpstream: + type: boolean + enabled: + type: boolean + extraVolumeMounts: + items: + properties: + destination: + pattern: ^/.+$ + type: string + readOnly: + type: boolean + source: + pattern: ^/.+$ + type: string + required: + - destination + - source + type: object + type: array + filterAws: + properties: + Match: + type: string + account_id: + type: boolean + ami_id: + type: boolean + az: + type: boolean + ec2_instance_id: + type: boolean + ec2_instance_type: + type: boolean + hostname: + type: boolean + imds_version: + type: string + private_ip: + type: boolean + vpc_id: + type: boolean + type: object + filterKubernetes: + properties: + Annotations: + type: string + Buffer_Size: + type: string + Dummy_Meta: + type: string + K8S-Logging.Exclude: + type: string + K8S-Logging.Parser: + type: string + Keep_Log: + type: string + Kube_CA_File: + type: string + Kube_CA_Path: + type: string + Kube_Tag_Prefix: + type: string + Kube_Token_File: + type: string + Kube_URL: + type: string + Kube_meta_preload_cache_dir: + type: string + Labels: + type: string + Match: + type: string + Merge_Log: + type: string + Merge_Log_Key: + type: string + Merge_Log_Trim: + type: string + Merge_Parser: + type: string + Regex_Parser: + type: string + Use_Journal: + type: string + tls.debug: + type: string + tls.verify: + type: string + type: object + flush: + format: int32 + type: integer + forwardOptions: + properties: + Require_ack_response: + type: boolean + Retry_Limit: + type: string + Send_options: + type: boolean + Tag: + type: string + Time_as_Integer: + type: boolean + type: object + grace: + format: int32 + type: integer + inputTail: + properties: + Buffer_Chunk_Size: + type: string + Buffer_Max_Size: + type: string + DB: + type: string + DB_Sync: + type: string + Docker_Mode: + type: string + Docker_Mode_Flush: + type: string + Exclude_Path: + type: string + Ignore_Older: + type: string + Key: + type: string + Mem_Buf_Limit: + type: string + Multiline: + type: string + Multiline_Flush: + type: string + Parser: + type: string + Parser_Firstline: + type: string + Parser_N: + items: + type: string + type: array + Path: + type: string + Path_Key: + type: string + Refresh_Interval: + type: string + Rotate_Wait: + type: string + Skip_Long_Lines: + type: string + Tag: + type: string + Tag_Regex: + type: string + storage.type: + type: string + type: object + livenessDefaultCheck: + type: boolean + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + metricsService: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + clusterIP: + type: string + externalIPs: + items: + type: string + type: array + externalName: + type: string + externalTrafficPolicy: + type: string + healthCheckNodePort: + format: int32 + type: integer + ipFamily: + type: string + loadBalancerIP: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + ports: + items: + properties: + appProtocol: + type: string + name: + type: string + nodePort: + format: int32 + type: integer + port: + format: int32 + type: integer + protocol: + type: string + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + publishNotReadyAddresses: + type: boolean + selector: + additionalProperties: + type: string + type: object + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + topologyKeys: + items: + type: string + type: array + type: + type: string + type: object + type: object + network: + properties: + connectTimeout: + format: int32 + type: integer + keepalive: + type: boolean + keepaliveIdleTimeout: + format: int32 + type: integer + keepaliveMaxRecycle: + format: int32 + type: integer + type: object + podPriorityClassName: + type: string + positiondb: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + serviceAccount: + properties: + automountServiceAccountToken: + type: boolean + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + secrets: + items: + properties: + apiVersion: + type: string + fieldPath: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + type: array + type: object + targetHost: + type: string + targetPort: + format: int32 + type: integer + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + varLogsPath: + type: string + type: object + profile: + type: string + type: object + type: array + watchNamespaces: + items: + type: string + type: array + required: + - controlNamespace + type: object + status: + properties: + configCheckResults: + additionalProperties: + type: boolean + type: object + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_outputs.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_outputs.yaml new file mode 100755 index 000000000..85ee16497 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_outputs.yaml @@ -0,0 +1,4715 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: outputs.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the output active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Output + listKind: OutputList + plural: outputs + singular: output + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_imds_api_version: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_sas_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + required: + - azure_container + - azure_storage_access_key + - azure_storage_account + - azure_storage_sas_token + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + gelf: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + host: + type: string + port: + type: integer + protocol: + type: string + tls: + type: boolean + tls_options: + additionalProperties: + type: string + type: object + required: + - host + - port + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + hostname: + type: string + ingester_domain: + type: string + ingester_endpoint: + type: string + request_timeout: + type: string + tags: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + insecure_tls: + type: boolean + key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + clustername: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + oneeye_format: + type: boolean + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + syslog: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + app_name_field: + type: string + hostname_field: + type: string + log_field: + type: string + message_id_field: + type: string + proc_id_field: + type: string + rfc6587_message_size: + type: boolean + structured_data_field: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insecure: + type: boolean + port: + type: integer + transport: + type: string + trusted_ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - host + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/.helmignore b/released/charts/rancher-logging/rancher-logging/3.6.000/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/Chart.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/Chart.yaml new file mode 100644 index 000000000..5f76d4fba --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/Chart.yaml @@ -0,0 +1,19 @@ +annotations: + catalog.cattle.io/auto-install: rancher-logging-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 + catalog.cattle.io/release-name: rancher-logging + catalog.cattle.io/ui-component: logging + catalog.cattle.io/os: linux +apiVersion: v1 +appVersion: 3.6.0 +description: Collects and filter logs using highly configurable CRDs. Powered by + Banzai Cloud Logging Operator. +icon: https://charts.rancher.io/assets/logos/logging.svg +keywords: +- logging +- monitoring +- security +name: rancher-logging +version: 3.6.000 diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/README.md b/released/charts/rancher-logging/rancher-logging/3.6.000/README.md new file mode 100644 index 000000000..b7cfcfc76 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/README.md @@ -0,0 +1,129 @@ + +# Logging operator Chart + +[Logging operator](https://github.com/banzaicloud/logging-operator) Managed centralized logging component fluentd and fluent-bit instance on cluster. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator +``` + +## Introduction + +This chart bootstraps a [Logging Operator](https://github.com/banzaicloud/logging-operator) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.8+ with Beta APIs enabled + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install --name my-release banzaicloud-stable/logging-operator +``` + +### CRDs +Use `createCustomResource=false` with Helm v3 to avoid trying to create CRDs from the `crds` folder and from templates at the same time. + +The command deploys **Logging operator** on the Kubernetes cluster with the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following tables lists the configurable parameters of the logging-operator chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `image.repository` | Container image repository | `banzaicloud/logging-operator` | +| `image.tag` | Container image tag | `3.6.0` | +| `image.pullPolicy` | Container pull policy | `IfNotPresent` | +| `nameOverride` | Override name of app | `` | +| `fullnameOverride` | Override full name of app | `` | +| `namespaceOverride` | Override namespace of app | `` | +| `watchNamespace` | Namespace to watch for LoggingOperator CRD | `` | +| `rbac.enabled` | Create rbac service account and roles | `true` | +| `rbac.psp.enabled` | Must be used with `rbac.enabled` true. If true, creates & uses RBAC resources required in the cluster with [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) enabled. | `false` | +| `priorityClassName` | Operator priorityClassName | `{}` | +| `affinity` | Node Affinity | `{}` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `tolerations` | Node Tolerations | `[]` | +| `nodeSelector` | Define which Nodes the Pods are scheduled on. | `{}` | +| `annotations` | Define annotations for logging-operator pods | `{}` | +| `podSecurityContext` | Pod SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"runAsNonRoot": true, "runAsUser": 1000, "fsGroup": 2000}` | +| `securityContext` | Container SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"allowPrivilegeEscalation": false, "readOnlyRootFilesystem": true}` | +| `createCustomResource` | Create CRDs. | `true` | +| `monitoring.serviceMonitor.enabled` | Create Prometheus Operator servicemonitor. | `false` | + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: + +```bash +$ helm install --name my-release -f values.yaml banzaicloud-stable/logging-operator +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Installing Fluentd and Fluent-bit via logging + +The previous chart does **not** install `logging` resource to deploy Fluentd and Fluent-bit on cluster. To install them please use the [Logging Operator Logging](https://github.com/banzaicloud/logging-operator/tree/master/charts/logging-operator-logging) chart. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `tls.enabled` | Enabled TLS communication between components | true | +| `tls.fluentdSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.fluentbitSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.sharedKey` | Shared key between nodes (fluentd-fluentbit) | [autogenerated] | +| `fluentbit.enabled` | Install fluent-bit | true | +| `fluentbit.namespace` | Specified fluentbit installation namespace | same as operator namespace | +| `fluentbit.image.tag` | Fluentbit container image tag | `1.5.4` | +| `fluentbit.image.repository` | Fluentbit container image repository | `fluent/fluent-bit` | +| `fluentbit.image.pullPolicy` | Fluentbit container pull policy | `IfNotPresent` | +| `fluentd.enabled` | Install fluentd | true | +| `fluentd.image.tag` | Fluentd container image tag | `v1.11.2-alpine-3` | +| `fluentd.image.repository` | Fluentd container image repository | `banzaicloud/fluentd` | +| `fluentd.image.pullPolicy` | Fluentd container pull policy | `IfNotPresent` | +| `fluentd.volumeModImage.tag` | Fluentd volumeModImage container image tag | `latest` | +| `fluentd.volumeModImage.repository` | Fluentd volumeModImage container image repository | `busybox` | +| `fluentd.volumeModImage.pullPolicy` | Fluentd volumeModImage container pull policy | `IfNotPresent` | +| `fluentd.configReloaderImage.tag` | Fluentd configReloaderImage container image tag | `v0.2.2` | +| `fluentd.configReloaderImage.repository` | Fluentd configReloaderImage container image repository | `jimmidyson/configmap-reload` | +| `fluentd.configReloaderImage.pullPolicy` | Fluentd configReloaderImage container pull policy | `IfNotPresent` | +| `fluentd.fluentdPvcSpec.accessModes` | Fluentd persistence volume access modes | `[ReadWriteOnce]` | +| `fluentd.fluentdPvcSpec.resources.requests.storage` | Fluentd persistence volume size | `21Gi` | +| `fluentd.fluentdPvcSpec.storageClassName` | Fluentd persistence volume storageclass | `"""` | diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/app-readme.md b/released/charts/rancher-logging/rancher-logging/3.6.000/app-readme.md new file mode 100644 index 000000000..7d5b9a50b --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/app-readme.md @@ -0,0 +1,3 @@ +Rancher Logging, powered by the [Bonzai Logging Operator](https://banzaicloud.com/docs/one-eye/logging-operator/), allows users to configure complex logging pipelines with a few simple resources. +To collect logs from a single namespace, users can create an [Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/output_types/) to define where logs are stored and a corresponding [Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/flow_types/) to describe what logs to include and what outputs to send to. +To collect logs from the entire cluster, users can similarly create a [ClusterOutput](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusteroutput_types/) and a corresponding [ClusterFlow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusterflow_types/). diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/NOTES.txt b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/NOTES.txt new file mode 100644 index 000000000..e69de29bb diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/_helpers.tpl b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/_helpers.tpl new file mode 100644 index 000000000..b2b289443 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "logging-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "logging-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Provides the namespace the chart will be installed in using the builtin .Release.Namespace, +or, if provided, a manually overwritten namespace value. +*/}} +{{- define "logging-operator.namespace" -}} +{{- if .Values.namespaceOverride -}} +{{ .Values.namespaceOverride -}} +{{- else -}} +{{ .Release.Namespace }} +{{- end -}} +{{- end -}} + + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "logging-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "logging-operator.labels" -}} +app.kubernetes.io/name: {{ include "logging-operator.name" . }} +helm.sh/chart: {{ include "logging-operator.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/clusterrole.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/clusterrole.yaml new file mode 100644 index 000000000..ed2e1e975 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/clusterrole.yaml @@ -0,0 +1,156 @@ +{{- if .Values.rbac.enabled }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: {{ template "logging-operator.fullname" . }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - "" + resources: + - namespaces + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - pods + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - daemonsets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - policy + resources: + - podsecuritypolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - clusterflows + - clusteroutputs + - flows + - loggings + - outputs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - loggings/status + verbs: + - get + - patch + - update +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/clusterrolebinding.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..46bf11e8b --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/clusterrolebinding.yaml @@ -0,0 +1,21 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ template "logging-operator.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + helm.sh/chart: {{ include "logging-operator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +subjects: + - kind: ServiceAccount + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "logging-operator.fullname" . }} + + {{- end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/crds.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/crds.yaml new file mode 100644 index 000000000..f573652d0 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/crds.yaml @@ -0,0 +1,6 @@ +{{- if .Values.createCustomResource -}} +{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }} +{{ $.Files.Get $path }} +--- +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/deployment.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/deployment.yaml new file mode 100644 index 000000000..3bd85416a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/deployment.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + ports: + - name: http + containerPort: {{ .Values.http.port }} + + {{- if .Values.securityContext }} + securityContext: {{ toYaml .Values.securityContext | nindent 12 }} + {{- end }} + {{- if .Values.podSecurityContext }} + securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} + {{- end }} + + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.rbac.enabled }} + serviceAccountName: {{ include "logging-operator.fullname" . }} + {{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/eks/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/eks/logging.yaml new file mode 100644 index 000000000..d47607bff --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/eks/logging.yaml @@ -0,0 +1,31 @@ +{{- if and .Values.additionalLoggingSources.eks.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-eks + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "eks" + Path: "/var/log/messages" + Parser: "syslog" + {{ with .Values.fluentbit_tolerations }} + tolerations: + {{ toYaml . | nindent 6 }} + {{ end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/k3s/logging-k3s-openrc.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/k3s/logging-k3s-openrc.yaml new file mode 100644 index 000000000..0418fad81 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/k3s/logging-k3s-openrc.yaml @@ -0,0 +1,34 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "openrc")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/k3s.log" + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{ with .Values.fluentbit_tolerations }} + tolerations: + {{ toYaml . | nindent 6 }} + {{ end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/k3s/logging-k3s-systemd.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/k3s/logging-k3s-systemd.yaml new file mode 100644 index 000000000..977db0518 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/k3s/logging-k3s-systemd.yaml @@ -0,0 +1,34 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "systemd")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/syslog" + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{ with .Values.fluentbit_tolerations }} + tolerations: + {{ toYaml . | nindent 6 }} + {{ end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke/logging-containers-rke.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke/logging-containers-rke.yaml new file mode 100644 index 000000000..0866b22c3 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke/logging-containers-rke.yaml @@ -0,0 +1,33 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke-containers + namespace: {{ .Release.Namespace }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke" + Path: "/var/log/containers/*rke*.log" + extraVolumeMounts: + - source: "/var/log/containers/" + destination: "/var/log/containers/" + readOnly: true + {{ with .Values.fluentbit_tolerations }} + tolerations: + {{ toYaml . | nindent 6 }} + {{ end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- end }} + diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke/logging-rke.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke/logging-rke.yaml new file mode 100644 index 000000000..8e4b5c26f --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke/logging-rke.yaml @@ -0,0 +1,34 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke" + Path: "/rke/*.log" + extraVolumeMounts: + - source: "/var/lib/rancher/rke/log" + destination: "/rke" + readOnly: true + {{ with .Values.fluentbit_tolerations }} + tolerations: + {{ toYaml . | nindent 6 }} + {{ end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/configmap.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/configmap.yaml new file mode 100644 index 000000000..d8910122a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/configmap.yaml @@ -0,0 +1,18 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke2 + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [INPUT] + Name systemd + Tag rke2 + Systemd_Filter _SYSTEMD_UNIT=rke2.service + + [OUTPUT] + Name file + Path /etc/rancher/logging/rke2.log +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/daemonset.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/daemonset.yaml new file mode 100644 index 000000000..20fc108bd --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/daemonset.yaml @@ -0,0 +1,33 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke2-journald-aggregator + template: + metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke2-journald-aggregator + spec: + containers: + - name: fluentd + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + volumeMounts: + - mountPath: /etc/rancher/logging/logs/ + name: logdir + - mountPath: /fluent-bit/etc/ + name: config + volumes: + - name: logdir + hostPath: + path: /etc/rancher/logging/logs/ + - name: config + configMap: + name: "{{ .Release.Name }}-rke2" +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/logging-rke2-containers.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/logging-rke2-containers.yaml new file mode 100644 index 000000000..721c0a981 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/logging-rke2-containers.yaml @@ -0,0 +1,32 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke2-containers + namespace: {{ .Release.Namespace }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke2" + Path: "/var/log/containers/*rke*.log" + extraVolumeMounts: + - source: "/var/log/containers/" + destination: "/var/log/containers/" + readOnly: true + {{ with .Values.fluentbit_tolerations }} + tolerations: + {{ toYaml . | nindent 6 }} + {{ end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/logging-rke2-journald.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/logging-rke2-journald.yaml new file mode 100644 index 000000000..f39651d0b --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/logging-rke2-journald.yaml @@ -0,0 +1,32 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke2-journald + namespace: {{ .Release.Namespace }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke2" + Path: "/etc/rancher/logging/logs/*.log" + extraVolumeMounts: + - source: "/etc/rancher/logging/logs/" + destination: "/etc/rancher/logging/logs/" + readOnly: true + {{ with .Values.fluentbit_tolerations }} + tolerations: + {{ toYaml . | nindent 6 }} + {{ end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/root/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/root/logging.yaml new file mode 100644 index 000000000..ee2a85038 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/root/logging.yaml @@ -0,0 +1,25 @@ +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + {{ with .Values.fluentbit_tolerations }} + tolerations: + {{ toYaml . | nindent 6 }} + {{ end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/psp.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/psp.yaml new file mode 100644 index 000000000..91d1bb35e --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/psp.yaml @@ -0,0 +1,32 @@ +{{ if and .Values.rbac.enabled .Values.rbac.psp.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + creationTimestamp: null + name: psp.logging-operator + namespace: {{ include "logging-operator.namespace" . }} + annotations: + seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default' +spec: + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + runAsUser: + rule: MustRunAsNonRoot + fsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + supplementalGroups: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + volumes: + - secret + - configMap +{{ end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/service.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/service.yaml new file mode 100644 index 000000000..b4cb7d25a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + type: ClusterIP + {{- with .Values.http.service.clusterIP }} + clusterIP: {{ . }} + {{- end }} + ports: + - port: {{ .Values.http.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/serviceMonitor.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/serviceMonitor.yaml new file mode 100644 index 000000000..0687b1ef9 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/serviceMonitor.yaml @@ -0,0 +1,19 @@ +{{ if .Values.monitoring.serviceMonitor.Enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + selector: + matchLabels: +{{ include "logging-operator.labels" . | indent 6 }} + endpoints: + - port: http + path: /metrics + namespaceSelector: + matchNames: + - {{ include "logging-operator.namespace" . }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/serviceaccount.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/serviceaccount.yaml new file mode 100644 index 000000000..3e87e7891 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + helm.sh/chart: {{ include "logging-operator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/userroles.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/userroles.yaml new file mode 100644 index 000000000..f4136b09a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/userroles.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-admin" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-view" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + - clusterflows + - clusteroutputs + verbs: + - get + - list + - watch diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/validate-install-crd.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/validate-install-crd.yaml new file mode 100644 index 000000000..187b5a91e --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/validate-install-crd.yaml @@ -0,0 +1,18 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterFlow" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterOutput" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Flow" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Logging" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Output" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-logging-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/values.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/values.yaml new file mode 100644 index 000000000..8b1eaecd4 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/values.yaml @@ -0,0 +1,118 @@ +# Default values for logging-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: rancher/banzaicloud-logging-operator + tag: 3.6.0 + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" +namespaceOverride: "" + +annotations: {} + +## Deploy CRDs used by Logging Operator. +## +createCustomResource: false + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +http: + # http listen port number + port: 8080 + # Service definition for query http service + service: + type: ClusterIP + clusterIP: None + # Annotations to query http service + annotations: {} + # Labels to query http service + labels: {} + +rbac: + enabled: true + psp: + enabled: false + +## SecurityContext holds pod-level security attributes and common container settings. +## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +podSecurityContext: {} +# runAsNonRoot: true +# runAsUser: 1000 +# fsGroup: 2000 +securityContext: {} +# allowPrivilegeEscalation: false +# readOnlyRootFilesystem: true + # capabilities: + # drop: ["ALL"] + +## Operator priorityClassName +## +priorityClassName: {} + +monitoring: + # Create a Prometheus Operator ServiceMonitor object + serviceMonitor: + enabled: true + +disablePvc: true + +additionalLoggingSources: + rke: + enabled: false + rke2: + enabled: false + k3s: + enabled: false + container_engine: "systemd" + eks: + enabled: false + +images: + config_reloader: + repository: rancher/jimmidyson-configmap-reload + tag: v0.2.2 + fluentbit: + repository: rancher/fluent-fluent-bit + tag: 1.5.4 + fluentd: + repository: rancher/banzaicloud-fluentd + tag: v1.11.2-alpine-2 + syslog_forwarder: + repository: rancher/fluent-bit-out-syslog + tag: 0.1.0 + +global: + cattle: + systemDefaultRegistry: "" + +fluentbit_tolerations: + - key: node-role.kubernetes.io/controlplane + value: "true" + effect: NoSchedule + - key: node-role.kubernetes.io/etcd + value: "true" + effect: NoExecute diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/.helmignore b/released/charts/rancher-logging/rancher-logging/3.6.001/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/Chart.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/Chart.yaml new file mode 100644 index 000000000..4282052dd --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/auto-install: rancher-logging-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Logging + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 + catalog.cattle.io/release-name: rancher-logging + catalog.cattle.io/ui-component: logging + catalog.cattle.io/os: linux +apiVersion: v1 +appVersion: 3.6.0 +description: Collects and filter logs using highly configurable CRDs. Powered by + Banzai Cloud Logging Operator. +icon: https://charts.rancher.io/assets/logos/logging.svg +keywords: +- logging +- monitoring +- security +name: rancher-logging +version: 3.6.001 diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/README.md b/released/charts/rancher-logging/rancher-logging/3.6.001/README.md new file mode 100644 index 000000000..b7cfcfc76 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/README.md @@ -0,0 +1,129 @@ + +# Logging operator Chart + +[Logging operator](https://github.com/banzaicloud/logging-operator) Managed centralized logging component fluentd and fluent-bit instance on cluster. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator +``` + +## Introduction + +This chart bootstraps a [Logging Operator](https://github.com/banzaicloud/logging-operator) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.8+ with Beta APIs enabled + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install --name my-release banzaicloud-stable/logging-operator +``` + +### CRDs +Use `createCustomResource=false` with Helm v3 to avoid trying to create CRDs from the `crds` folder and from templates at the same time. + +The command deploys **Logging operator** on the Kubernetes cluster with the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following tables lists the configurable parameters of the logging-operator chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `image.repository` | Container image repository | `banzaicloud/logging-operator` | +| `image.tag` | Container image tag | `3.6.0` | +| `image.pullPolicy` | Container pull policy | `IfNotPresent` | +| `nameOverride` | Override name of app | `` | +| `fullnameOverride` | Override full name of app | `` | +| `namespaceOverride` | Override namespace of app | `` | +| `watchNamespace` | Namespace to watch for LoggingOperator CRD | `` | +| `rbac.enabled` | Create rbac service account and roles | `true` | +| `rbac.psp.enabled` | Must be used with `rbac.enabled` true. If true, creates & uses RBAC resources required in the cluster with [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) enabled. | `false` | +| `priorityClassName` | Operator priorityClassName | `{}` | +| `affinity` | Node Affinity | `{}` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `tolerations` | Node Tolerations | `[]` | +| `nodeSelector` | Define which Nodes the Pods are scheduled on. | `{}` | +| `annotations` | Define annotations for logging-operator pods | `{}` | +| `podSecurityContext` | Pod SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"runAsNonRoot": true, "runAsUser": 1000, "fsGroup": 2000}` | +| `securityContext` | Container SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"allowPrivilegeEscalation": false, "readOnlyRootFilesystem": true}` | +| `createCustomResource` | Create CRDs. | `true` | +| `monitoring.serviceMonitor.enabled` | Create Prometheus Operator servicemonitor. | `false` | + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: + +```bash +$ helm install --name my-release -f values.yaml banzaicloud-stable/logging-operator +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Installing Fluentd and Fluent-bit via logging + +The previous chart does **not** install `logging` resource to deploy Fluentd and Fluent-bit on cluster. To install them please use the [Logging Operator Logging](https://github.com/banzaicloud/logging-operator/tree/master/charts/logging-operator-logging) chart. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `tls.enabled` | Enabled TLS communication between components | true | +| `tls.fluentdSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.fluentbitSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.sharedKey` | Shared key between nodes (fluentd-fluentbit) | [autogenerated] | +| `fluentbit.enabled` | Install fluent-bit | true | +| `fluentbit.namespace` | Specified fluentbit installation namespace | same as operator namespace | +| `fluentbit.image.tag` | Fluentbit container image tag | `1.5.4` | +| `fluentbit.image.repository` | Fluentbit container image repository | `fluent/fluent-bit` | +| `fluentbit.image.pullPolicy` | Fluentbit container pull policy | `IfNotPresent` | +| `fluentd.enabled` | Install fluentd | true | +| `fluentd.image.tag` | Fluentd container image tag | `v1.11.2-alpine-3` | +| `fluentd.image.repository` | Fluentd container image repository | `banzaicloud/fluentd` | +| `fluentd.image.pullPolicy` | Fluentd container pull policy | `IfNotPresent` | +| `fluentd.volumeModImage.tag` | Fluentd volumeModImage container image tag | `latest` | +| `fluentd.volumeModImage.repository` | Fluentd volumeModImage container image repository | `busybox` | +| `fluentd.volumeModImage.pullPolicy` | Fluentd volumeModImage container pull policy | `IfNotPresent` | +| `fluentd.configReloaderImage.tag` | Fluentd configReloaderImage container image tag | `v0.2.2` | +| `fluentd.configReloaderImage.repository` | Fluentd configReloaderImage container image repository | `jimmidyson/configmap-reload` | +| `fluentd.configReloaderImage.pullPolicy` | Fluentd configReloaderImage container pull policy | `IfNotPresent` | +| `fluentd.fluentdPvcSpec.accessModes` | Fluentd persistence volume access modes | `[ReadWriteOnce]` | +| `fluentd.fluentdPvcSpec.resources.requests.storage` | Fluentd persistence volume size | `21Gi` | +| `fluentd.fluentdPvcSpec.storageClassName` | Fluentd persistence volume storageclass | `"""` | diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/app-readme.md b/released/charts/rancher-logging/rancher-logging/3.6.001/app-readme.md new file mode 100644 index 000000000..8ecb81ec6 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/app-readme.md @@ -0,0 +1,21 @@ +# Rancher Logging + +This chart is based off of the upstream [Banzai Logging Operator](https://banzaicloud.com/docs/one-eye/logging-operator/) chart. The chart deploys a logging operator and CRDs, which allows users to configure complex logging pipelines with a few simple custom resources. There are two levels of logging, which allow you to collect all logs in a cluster or from a single namespace. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/logging/v2.5/). + +## Namespace-level logging + +To collect logs from a single namespace, users create flows and these flows are connected to outputs or cluster outputs. + +## Cluster-level logging + +To collect logs from an entire cluster, users create cluster flows and cluster outputs. + +## CRDs +- [Cluster Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusterflow_types/) - A cluster flow is a CRD (`ClusterFlow`) that defines what logs to collect from the entire cluster. The cluster flow must be deployed in the same namespace as the logging operator. +- [Cluster Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusteroutput_types/) - A cluster output is a CRD (`ClusterOutput`) that defines how to connect to logging providers so they can start collecting logs. The cluster output must be deployed in the same namespace as the logging operator. The convenience of using a cluster output is that either a cluster flow or flow can send logs to those providers without needing to define specific outputs in each namespace for each flow. +- [Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/flow_types/) - A flow is a CRD (`Flow`) that defines what logs to collect from the namespace that it is deployed in. +- [Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/output_types/) - An output is a CRD (`Output`) that defines how to connect to logging providers so logs can be sent to the provider. + +For more information on how to configure the Helm chart, refer to the Helm README. diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/NOTES.txt b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/NOTES.txt new file mode 100644 index 000000000..e69de29bb diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/_helpers.tpl b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/_helpers.tpl new file mode 100644 index 000000000..b2b289443 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "logging-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "logging-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Provides the namespace the chart will be installed in using the builtin .Release.Namespace, +or, if provided, a manually overwritten namespace value. +*/}} +{{- define "logging-operator.namespace" -}} +{{- if .Values.namespaceOverride -}} +{{ .Values.namespaceOverride -}} +{{- else -}} +{{ .Release.Namespace }} +{{- end -}} +{{- end -}} + + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "logging-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "logging-operator.labels" -}} +app.kubernetes.io/name: {{ include "logging-operator.name" . }} +helm.sh/chart: {{ include "logging-operator.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/clusterrole.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/clusterrole.yaml new file mode 100644 index 000000000..ed2e1e975 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/clusterrole.yaml @@ -0,0 +1,156 @@ +{{- if .Values.rbac.enabled }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: {{ template "logging-operator.fullname" . }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - "" + resources: + - namespaces + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - pods + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - daemonsets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - policy + resources: + - podsecuritypolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - clusterflows + - clusteroutputs + - flows + - loggings + - outputs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - loggings/status + verbs: + - get + - patch + - update +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/clusterrolebinding.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..46bf11e8b --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/clusterrolebinding.yaml @@ -0,0 +1,21 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ template "logging-operator.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + helm.sh/chart: {{ include "logging-operator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +subjects: + - kind: ServiceAccount + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "logging-operator.fullname" . }} + + {{- end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/crds.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/crds.yaml new file mode 100644 index 000000000..f573652d0 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/crds.yaml @@ -0,0 +1,6 @@ +{{- if .Values.createCustomResource -}} +{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }} +{{ $.Files.Get $path }} +--- +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/deployment.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/deployment.yaml new file mode 100644 index 000000000..da93d4c29 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/deployment.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + ports: + - name: http + containerPort: {{ .Values.http.port }} + + {{- if .Values.securityContext }} + securityContext: {{ toYaml .Values.securityContext | nindent 12 }} + {{- end }} + {{- if .Values.podSecurityContext }} + securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} + {{- end }} + + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.rbac.enabled }} + serviceAccountName: {{ include "logging-operator.fullname" . }} + {{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/eks/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/eks/logging.yaml new file mode 100644 index 000000000..6e3018ce1 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/eks/logging.yaml @@ -0,0 +1,44 @@ +{{- if and .Values.additionalLoggingSources.eks.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-eks + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "eks" + Path: "/var/log/messages" + Parser: "syslog" + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/k3s/logging-k3s-openrc.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/k3s/logging-k3s-openrc.yaml new file mode 100644 index 000000000..3d3b0a27b --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/k3s/logging-k3s-openrc.yaml @@ -0,0 +1,47 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "openrc")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/k3s.log" + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/k3s/logging-k3s-systemd.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/k3s/logging-k3s-systemd.yaml new file mode 100644 index 000000000..7df78e388 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/k3s/logging-k3s-systemd.yaml @@ -0,0 +1,47 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "systemd")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/syslog" + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke/configmap.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke/configmap.yaml new file mode 100644 index 000000000..2af01ac0c --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke/configmap.yaml @@ -0,0 +1,26 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [SERVICE] + Log_Level {{ .Values.additionalLoggingSources.rke.fluentbit.log_level }} + Parsers_File parsers.conf + + [INPUT] + Tag rke + Name tail + Path_Key filename + Parser json + DB /tail-db/tail-containers-state.db + Mem_Buf_Limit {{ .Values.additionalLoggingSources.rke.fluentbit.mem_buffer_limit }} + Path /var/lib/rancher/rke/log/*.log + + [OUTPUT] + Name file + Path /var/lib/rancher/logging/ +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke/daemonset.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke/daemonset.yaml new file mode 100644 index 000000000..5ed36a3b8 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke/daemonset.yaml @@ -0,0 +1,52 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke-aggregator + template: + metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke-aggregator + spec: + containers: + - name: fluentbit + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + volumeMounts: + - mountPath: /var/lib/rancher/rke/log/ + name: indir + - mountPath: /var/lib/rancher/logging/ + name: outdir + - mountPath: /var/lib/docker/containers/ + name: containers + - mountPath: /fluent-bit/etc/ + name: config + volumes: + - name: indir + hostPath: + path: /var/lib/rancher/rke/log/ + - name: outdir + hostPath: + path: /var/lib/rancher/logging/ + - name: containers + hostPath: + path: /var/lib/docker/containers/ + - name: config + configMap: + name: "{{ .Release.Name }}-rke" + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke/logging-rke.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke/logging-rke.yaml new file mode 100644 index 000000000..368544ed8 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke/logging-rke.yaml @@ -0,0 +1,48 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke" + Path: "/var/lib/rancher/logging/rke" + Parser: json + extraVolumeMounts: + - source: "/var/lib/rancher/logging/" + destination: "/var/lib/rancher/logging/" + readOnly: true + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/configmap.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/configmap.yaml new file mode 100644 index 000000000..d8910122a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/configmap.yaml @@ -0,0 +1,18 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke2 + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [INPUT] + Name systemd + Tag rke2 + Systemd_Filter _SYSTEMD_UNIT=rke2.service + + [OUTPUT] + Name file + Path /etc/rancher/logging/rke2.log +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/daemonset.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/daemonset.yaml new file mode 100644 index 000000000..a2f763d63 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/daemonset.yaml @@ -0,0 +1,41 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke2-journald-aggregator + template: + metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke2-journald-aggregator + spec: + containers: + - name: fluentd + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + volumeMounts: + - mountPath: /etc/rancher/logging/logs/ + name: logdir + - mountPath: /fluent-bit/etc/ + name: config + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + volumes: + - name: logdir + hostPath: + path: /etc/rancher/logging/logs/ + - name: config + configMap: + name: "{{ .Release.Name }}-rke2" +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/logging-rke2-containers.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/logging-rke2-containers.yaml new file mode 100644 index 000000000..8768f8479 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/logging-rke2-containers.yaml @@ -0,0 +1,45 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke2-containers + namespace: {{ .Release.Namespace }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke2" + Path: "/var/log/containers/*rke*.log" + extraVolumeMounts: + - source: "/var/log/containers/" + destination: "/var/log/containers/" + readOnly: true + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/logging-rke2-journald.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/logging-rke2-journald.yaml new file mode 100644 index 000000000..5a993f086 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/logging-rke2-journald.yaml @@ -0,0 +1,45 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke2-journald + namespace: {{ .Release.Namespace }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke2" + Path: "/etc/rancher/logging/logs/*.log" + extraVolumeMounts: + - source: "/etc/rancher/logging/logs/" + destination: "/etc/rancher/logging/logs/" + readOnly: true + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/root/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/root/logging.yaml new file mode 100644 index 000000000..b67c23d6c --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/root/logging.yaml @@ -0,0 +1,38 @@ +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/psp.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/psp.yaml new file mode 100644 index 000000000..91d1bb35e --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/psp.yaml @@ -0,0 +1,32 @@ +{{ if and .Values.rbac.enabled .Values.rbac.psp.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + creationTimestamp: null + name: psp.logging-operator + namespace: {{ include "logging-operator.namespace" . }} + annotations: + seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default' +spec: + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + runAsUser: + rule: MustRunAsNonRoot + fsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + supplementalGroups: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + volumes: + - secret + - configMap +{{ end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/service.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/service.yaml new file mode 100644 index 000000000..b4cb7d25a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + type: ClusterIP + {{- with .Values.http.service.clusterIP }} + clusterIP: {{ . }} + {{- end }} + ports: + - port: {{ .Values.http.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/serviceMonitor.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/serviceMonitor.yaml new file mode 100644 index 000000000..0687b1ef9 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/serviceMonitor.yaml @@ -0,0 +1,19 @@ +{{ if .Values.monitoring.serviceMonitor.Enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + selector: + matchLabels: +{{ include "logging-operator.labels" . | indent 6 }} + endpoints: + - port: http + path: /metrics + namespaceSelector: + matchNames: + - {{ include "logging-operator.namespace" . }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/serviceaccount.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/serviceaccount.yaml new file mode 100644 index 000000000..3e87e7891 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + helm.sh/chart: {{ include "logging-operator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/userroles.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/userroles.yaml new file mode 100644 index 000000000..f4136b09a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/userroles.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-admin" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-view" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + - clusterflows + - clusteroutputs + verbs: + - get + - list + - watch diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/validate-install-crd.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/validate-install-crd.yaml new file mode 100644 index 000000000..187b5a91e --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/validate-install-crd.yaml @@ -0,0 +1,18 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterFlow" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterOutput" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Flow" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Logging" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Output" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-logging-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/values.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/values.yaml new file mode 100644 index 000000000..83bf9c254 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/values.yaml @@ -0,0 +1,129 @@ +# Default values for logging-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: rancher/banzaicloud-logging-operator + tag: 3.6.0 + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" +namespaceOverride: "" + +annotations: {} + +## Deploy CRDs used by Logging Operator. +## +createCustomResource: false + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: + kubernetes.io/os: linux + +tolerations: + - key: cattle.io/os + operator: "Equal" + value: "linux" + effect: NoSchedule + +affinity: {} + +http: + # http listen port number + port: 8080 + # Service definition for query http service + service: + type: ClusterIP + clusterIP: None + # Annotations to query http service + annotations: {} + # Labels to query http service + labels: {} + +rbac: + enabled: true + psp: + enabled: false + +## SecurityContext holds pod-level security attributes and common container settings. +## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +podSecurityContext: {} +# runAsNonRoot: true +# runAsUser: 1000 +# fsGroup: 2000 +securityContext: {} +# allowPrivilegeEscalation: false +# readOnlyRootFilesystem: true + # capabilities: + # drop: ["ALL"] + +## Operator priorityClassName +## +priorityClassName: {} + +monitoring: + # Create a Prometheus Operator ServiceMonitor object + serviceMonitor: + enabled: true + +disablePvc: true + +additionalLoggingSources: + rke: + enabled: false + fluentbit: + log_level: "info" + mem_buffer_limit: "5MB" + rke2: + enabled: false + k3s: + enabled: false + container_engine: "systemd" + eks: + enabled: false + +images: + config_reloader: + repository: rancher/jimmidyson-configmap-reload + tag: v0.2.2 + fluentbit: + repository: rancher/fluent-fluent-bit + tag: 1.5.4 + fluentbit_debug: + repository: rancher/fluent-fluent-bit + tag: 1.5.4-debug + fluentd: + repository: rancher/banzaicloud-fluentd + tag: v1.11.2-alpine-2 + syslog_forwarder: + repository: rancher/fluent-bit-out-syslog + tag: 0.1.0 + +fluentbit_tolerations: + - key: node-role.kubernetes.io/controlplane + value: "true" + effect: NoSchedule + - key: node-role.kubernetes.io/etcd + value: "true" + effect: NoExecute + +global: + cattle: + systemDefaultRegistry: "" diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/.helmignore b/released/charts/rancher-logging/rancher-logging/3.8.201/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/Chart.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/Chart.yaml new file mode 100644 index 000000000..9bda54202 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/auto-install: rancher-logging-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Logging + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 + catalog.cattle.io/release-name: rancher-logging + catalog.cattle.io/ui-component: logging +apiVersion: v1 +appVersion: 3.8.2 +description: Collects and filter logs using highly configurable CRDs. Powered by Banzai + Cloud Logging Operator. +icon: https://charts.rancher.io/assets/logos/logging.svg +keywords: +- logging +- monitoring +- security +name: rancher-logging +version: 3.8.201 diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/README.md b/released/charts/rancher-logging/rancher-logging/3.8.201/README.md new file mode 100644 index 000000000..01027a254 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/README.md @@ -0,0 +1,129 @@ + +# Logging operator Chart + +[Logging operator](https://github.com/banzaicloud/logging-operator) Managed centralized logging component fluentd and fluent-bit instance on cluster. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator +``` + +## Introduction + +This chart bootstraps a [Logging Operator](https://github.com/banzaicloud/logging-operator) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.8+ with Beta APIs enabled + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install --name my-release banzaicloud-stable/logging-operator +``` + +### CRDs +Use `createCustomResource=false` with Helm v3 to avoid trying to create CRDs from the `crds` folder and from templates at the same time. + +The command deploys **Logging operator** on the Kubernetes cluster with the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following tables lists the configurable parameters of the logging-operator chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `image.repository` | Container image repository | `ghcr.io/banzaicloud/logging-operator` | +| `image.tag` | Container image tag | `3.8.2` | +| `image.pullPolicy` | Container pull policy | `IfNotPresent` | +| `nameOverride` | Override name of app | `` | +| `fullnameOverride` | Override full name of app | `` | +| `namespaceOverride` | Override namespace of app | `` | +| `watchNamespace` | Namespace to watch for LoggingOperator CRD | `` | +| `rbac.enabled` | Create rbac service account and roles | `true` | +| `rbac.psp.enabled` | Must be used with `rbac.enabled` true. If true, creates & uses RBAC resources required in the cluster with [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) enabled. | `false` | +| `priorityClassName` | Operator priorityClassName | `{}` | +| `affinity` | Node Affinity | `{}` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `tolerations` | Node Tolerations | `[]` | +| `nodeSelector` | Define which Nodes the Pods are scheduled on. | `{}` | +| `annotations` | Define annotations for logging-operator pods | `{}` | +| `podSecurityContext` | Pod SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"runAsNonRoot": true, "runAsUser": 1000, "fsGroup": 2000}` | +| `securityContext` | Container SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"allowPrivilegeEscalation": false, "readOnlyRootFilesystem": true}` | +| `createCustomResource` | Create CRDs. | `true` | +| `monitoring.serviceMonitor.enabled` | Create Prometheus Operator servicemonitor. | `false` | + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: + +```bash +$ helm install --name my-release -f values.yaml banzaicloud-stable/logging-operator +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Installing Fluentd and Fluent-bit via logging + +The previous chart does **not** install `logging` resource to deploy Fluentd and Fluent-bit on cluster. To install them please use the [Logging Operator Logging](https://github.com/banzaicloud/logging-operator/tree/master/charts/logging-operator-logging) chart. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `tls.enabled` | Enabled TLS communication between components | true | +| `tls.fluentdSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.fluentbitSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.sharedKey` | Shared key between nodes (fluentd-fluentbit) | [autogenerated] | +| `fluentbit.enabled` | Install fluent-bit | true | +| `fluentbit.namespace` | Specified fluentbit installation namespace | same as operator namespace | +| `fluentbit.image.tag` | Fluentbit container image tag | `1.6.4` | +| `fluentbit.image.repository` | Fluentbit container image repository | `fluent/fluent-bit` | +| `fluentbit.image.pullPolicy` | Fluentbit container pull policy | `IfNotPresent` | +| `fluentd.enabled` | Install fluentd | true | +| `fluentd.image.tag` | Fluentd container image tag | `v1.11.5-alpine-1` | +| `fluentd.image.repository` | Fluentd container image repository | `ghcr.io/banzaicloud/fluentd` | +| `fluentd.image.pullPolicy` | Fluentd container pull policy | `IfNotPresent` | +| `fluentd.volumeModImage.tag` | Fluentd volumeModImage container image tag | `latest` | +| `fluentd.volumeModImage.repository` | Fluentd volumeModImage container image repository | `busybox` | +| `fluentd.volumeModImage.pullPolicy` | Fluentd volumeModImage container pull policy | `IfNotPresent` | +| `fluentd.configReloaderImage.tag` | Fluentd configReloaderImage container image tag | `v0.2.2` | +| `fluentd.configReloaderImage.repository` | Fluentd configReloaderImage container image repository | `jimmidyson/configmap-reload` | +| `fluentd.configReloaderImage.pullPolicy` | Fluentd configReloaderImage container pull policy | `IfNotPresent` | +| `fluentd.fluentdPvcSpec.accessModes` | Fluentd persistence volume access modes | `[ReadWriteOnce]` | +| `fluentd.fluentdPvcSpec.resources.requests.storage` | Fluentd persistence volume size | `21Gi` | +| `fluentd.fluentdPvcSpec.storageClassName` | Fluentd persistence volume storageclass | `"""` | diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/app-readme.md b/released/charts/rancher-logging/rancher-logging/3.8.201/app-readme.md new file mode 100644 index 000000000..2de4ab4c5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/app-readme.md @@ -0,0 +1,22 @@ +# Rancher Logging + +This chart is based off of the upstream [Banzai Logging Operator](https://banzaicloud.com/docs/one-eye/logging-operator/) chart. The chart deploys a logging operator and CRDs, which allows users to configure complex logging pipelines with a few simple custom resources. There are two levels of logging, which allow you to collect all logs in a cluster or from a single namespace. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/logging/v2.5/). + +## Namespace-level logging + +To collect logs from a single namespace, users create flows and these flows are connected to outputs or cluster outputs. + +## Cluster-level logging + +To collect logs from an entire cluster, users create cluster flows and cluster outputs. + +## CRDs + +- [Cluster Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusterflow_types/) - A cluster flow is a CRD (`ClusterFlow`) that defines what logs to collect from the entire cluster. The cluster flow must be deployed in the same namespace as the logging operator. +- [Cluster Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusteroutput_types/) - A cluster output is a CRD (`ClusterOutput`) that defines how to connect to logging providers so they can start collecting logs. The cluster output must be deployed in the same namespace as the logging operator. The convenience of using a cluster output is that either a cluster flow or flow can send logs to those providers without needing to define specific outputs in each namespace for each flow. +- [Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/flow_types/) - A flow is a CRD (`Flow`) that defines what logs to collect from the namespace that it is deployed in. +- [Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/output_types/) - An output is a CRD (`Output`) that defines how to connect to logging providers so logs can be sent to the provider. + +For more information on how to configure the Helm chart, refer to the Helm README. diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/NOTES.txt b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/NOTES.txt new file mode 100644 index 000000000..e69de29bb diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/_helpers.tpl b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/_helpers.tpl new file mode 100644 index 000000000..b2b289443 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "logging-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "logging-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Provides the namespace the chart will be installed in using the builtin .Release.Namespace, +or, if provided, a manually overwritten namespace value. +*/}} +{{- define "logging-operator.namespace" -}} +{{- if .Values.namespaceOverride -}} +{{ .Values.namespaceOverride -}} +{{- else -}} +{{ .Release.Namespace }} +{{- end -}} +{{- end -}} + + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "logging-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "logging-operator.labels" -}} +app.kubernetes.io/name: {{ include "logging-operator.name" . }} +helm.sh/chart: {{ include "logging-operator.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/clusterrole.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/clusterrole.yaml new file mode 100644 index 000000000..b86030a00 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/clusterrole.yaml @@ -0,0 +1,161 @@ +{{- if .Values.rbac.enabled }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: {{ template "logging-operator.fullname" . }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - "" + resources: + - namespaces + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - pods + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - daemonsets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - policy + resources: + - podsecuritypolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - use + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - clusterflows + - clusteroutputs + - flows + - loggings + - outputs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - clusterflows/status + - clusteroutputs/status + - flows/status + - loggings/status + - outputs/status + verbs: + - get + - patch + - update +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/clusterrolebinding.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..46bf11e8b --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/clusterrolebinding.yaml @@ -0,0 +1,21 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ template "logging-operator.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + helm.sh/chart: {{ include "logging-operator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +subjects: + - kind: ServiceAccount + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "logging-operator.fullname" . }} + + {{- end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/crds.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/crds.yaml new file mode 100644 index 000000000..f573652d0 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/crds.yaml @@ -0,0 +1,6 @@ +{{- if .Values.createCustomResource -}} +{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }} +{{ $.Files.Get $path }} +--- +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/deployment.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/deployment.yaml new file mode 100644 index 000000000..da93d4c29 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/deployment.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + ports: + - name: http + containerPort: {{ .Values.http.port }} + + {{- if .Values.securityContext }} + securityContext: {{ toYaml .Values.securityContext | nindent 12 }} + {{- end }} + {{- if .Values.podSecurityContext }} + securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} + {{- end }} + + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.rbac.enabled }} + serviceAccountName: {{ include "logging-operator.fullname" . }} + {{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/aks/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/aks/logging.yaml new file mode 100644 index 000000000..83f2500db --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/aks/logging.yaml @@ -0,0 +1,39 @@ +{{- if .Values.additionalLoggingSources.aks.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-aks + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "aks" + Path: "/var/log/azure/kubelet-status.log" + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/eks/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/eks/logging.yaml new file mode 100644 index 000000000..5cc886c6a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/eks/logging.yaml @@ -0,0 +1,40 @@ +{{- if .Values.additionalLoggingSources.eks.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-eks + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "eks" + Path: "/var/log/messages" + Parser: "syslog" + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/gke/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/gke/logging.yaml new file mode 100644 index 000000000..af618a44f --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/gke/logging.yaml @@ -0,0 +1,39 @@ +{{- if .Values.additionalLoggingSources.gke.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-gke + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "gke" + Path: "/var/log/kube-proxy.log" + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/k3s/logging-k3s-openrc.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/k3s/logging-k3s-openrc.yaml new file mode 100644 index 000000000..3d3b0a27b --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/k3s/logging-k3s-openrc.yaml @@ -0,0 +1,47 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "openrc")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/k3s.log" + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/k3s/logging-k3s-systemd.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/k3s/logging-k3s-systemd.yaml new file mode 100644 index 000000000..7df78e388 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/k3s/logging-k3s-systemd.yaml @@ -0,0 +1,47 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "systemd")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/syslog" + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke/configmap.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke/configmap.yaml new file mode 100644 index 000000000..2af01ac0c --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke/configmap.yaml @@ -0,0 +1,26 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [SERVICE] + Log_Level {{ .Values.additionalLoggingSources.rke.fluentbit.log_level }} + Parsers_File parsers.conf + + [INPUT] + Tag rke + Name tail + Path_Key filename + Parser json + DB /tail-db/tail-containers-state.db + Mem_Buf_Limit {{ .Values.additionalLoggingSources.rke.fluentbit.mem_buffer_limit }} + Path /var/lib/rancher/rke/log/*.log + + [OUTPUT] + Name file + Path /var/lib/rancher/logging/ +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke/daemonset.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke/daemonset.yaml new file mode 100644 index 000000000..5ed36a3b8 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke/daemonset.yaml @@ -0,0 +1,52 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke-aggregator + template: + metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke-aggregator + spec: + containers: + - name: fluentbit + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + volumeMounts: + - mountPath: /var/lib/rancher/rke/log/ + name: indir + - mountPath: /var/lib/rancher/logging/ + name: outdir + - mountPath: /var/lib/docker/containers/ + name: containers + - mountPath: /fluent-bit/etc/ + name: config + volumes: + - name: indir + hostPath: + path: /var/lib/rancher/rke/log/ + - name: outdir + hostPath: + path: /var/lib/rancher/logging/ + - name: containers + hostPath: + path: /var/lib/docker/containers/ + - name: config + configMap: + name: "{{ .Release.Name }}-rke" + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke/logging-rke.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke/logging-rke.yaml new file mode 100644 index 000000000..368544ed8 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke/logging-rke.yaml @@ -0,0 +1,48 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke" + Path: "/var/lib/rancher/logging/rke" + Parser: json + extraVolumeMounts: + - source: "/var/lib/rancher/logging/" + destination: "/var/lib/rancher/logging/" + readOnly: true + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/configmap.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/configmap.yaml new file mode 100644 index 000000000..d8910122a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/configmap.yaml @@ -0,0 +1,18 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke2 + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [INPUT] + Name systemd + Tag rke2 + Systemd_Filter _SYSTEMD_UNIT=rke2.service + + [OUTPUT] + Name file + Path /etc/rancher/logging/rke2.log +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/daemonset.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/daemonset.yaml new file mode 100644 index 000000000..a2f763d63 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/daemonset.yaml @@ -0,0 +1,41 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke2-journald-aggregator + template: + metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke2-journald-aggregator + spec: + containers: + - name: fluentd + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + volumeMounts: + - mountPath: /etc/rancher/logging/logs/ + name: logdir + - mountPath: /fluent-bit/etc/ + name: config + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + volumes: + - name: logdir + hostPath: + path: /etc/rancher/logging/logs/ + - name: config + configMap: + name: "{{ .Release.Name }}-rke2" +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/logging-rke2-containers.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/logging-rke2-containers.yaml new file mode 100644 index 000000000..8768f8479 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/logging-rke2-containers.yaml @@ -0,0 +1,45 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke2-containers + namespace: {{ .Release.Namespace }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke2" + Path: "/var/log/containers/*rke*.log" + extraVolumeMounts: + - source: "/var/log/containers/" + destination: "/var/log/containers/" + readOnly: true + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/logging-rke2-journald.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/logging-rke2-journald.yaml new file mode 100644 index 000000000..5a993f086 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/logging-rke2-journald.yaml @@ -0,0 +1,45 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke2-journald + namespace: {{ .Release.Namespace }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke2" + Path: "/etc/rancher/logging/logs/*.log" + extraVolumeMounts: + - source: "/etc/rancher/logging/logs/" + destination: "/etc/rancher/logging/logs/" + readOnly: true + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/root/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/root/logging.yaml new file mode 100644 index 000000000..b67c23d6c --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/root/logging.yaml @@ -0,0 +1,38 @@ +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/psp.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/psp.yaml new file mode 100644 index 000000000..91d1bb35e --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/psp.yaml @@ -0,0 +1,32 @@ +{{ if and .Values.rbac.enabled .Values.rbac.psp.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + creationTimestamp: null + name: psp.logging-operator + namespace: {{ include "logging-operator.namespace" . }} + annotations: + seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default' +spec: + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + runAsUser: + rule: MustRunAsNonRoot + fsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + supplementalGroups: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + volumes: + - secret + - configMap +{{ end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/service.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/service.yaml new file mode 100644 index 000000000..f419ae2c4 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + type: ClusterIP + {{- with .Values.http.service.clusterIP }} + clusterIP: {{ . }} + {{- end }} + ports: + - port: {{ .Values.http.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/serviceMonitor.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/serviceMonitor.yaml new file mode 100644 index 000000000..529d0f051 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/serviceMonitor.yaml @@ -0,0 +1,19 @@ +{{ if .Values.monitoring.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + selector: + matchLabels: +{{ include "logging-operator.labels" . | indent 6 }} + endpoints: + - port: http + path: /metrics + namespaceSelector: + matchNames: + - {{ include "logging-operator.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/serviceaccount.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/serviceaccount.yaml new file mode 100644 index 000000000..3e87e7891 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + helm.sh/chart: {{ include "logging-operator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/userroles.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/userroles.yaml new file mode 100644 index 000000000..f4136b09a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/userroles.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-admin" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-view" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + - clusterflows + - clusteroutputs + verbs: + - get + - list + - watch diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/validate-install-crd.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/validate-install-crd.yaml new file mode 100644 index 000000000..187b5a91e --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/validate-install-crd.yaml @@ -0,0 +1,18 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterFlow" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterOutput" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Flow" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Logging" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Output" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-logging-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/values.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/values.yaml new file mode 100644 index 000000000..b36cf10a6 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/values.yaml @@ -0,0 +1,130 @@ +# Default values for logging-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: rancher/banzaicloud-logging-operator + tag: 3.8.2 + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" +namespaceOverride: "" + +annotations: {} + +## Deploy CRDs used by Logging Operator. +## +createCustomResource: false + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: + kubernetes.io/os: linux + +tolerations: + - key: cattle.io/os + operator: "Equal" + value: "linux" + effect: NoSchedule + +affinity: {} + +http: + # http listen port number + port: 8080 + # Service definition for query http service + service: + type: ClusterIP + clusterIP: None + # Annotations to query http service + annotations: {} + # Labels to query http service + labels: {} + +rbac: + enabled: true + psp: + enabled: false + +## SecurityContext holds pod-level security attributes and common container settings. +## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +podSecurityContext: {} +# runAsNonRoot: true +# runAsUser: 1000 +# fsGroup: 2000 +securityContext: {} +# allowPrivilegeEscalation: false +# readOnlyRootFilesystem: true + # capabilities: + # drop: ["ALL"] + +## Operator priorityClassName +## +priorityClassName: {} + +monitoring: + # Create a Prometheus Operator ServiceMonitor object + serviceMonitor: + enabled: false + +disablePvc: true + +additionalLoggingSources: + rke: + enabled: false + fluentbit: + log_level: "info" + mem_buffer_limit: "5MB" + rke2: + enabled: false + k3s: + enabled: false + container_engine: "systemd" + aks: + enabled: false + eks: + enabled: false + gke: + enabled: false + +images: + config_reloader: + repository: rancher/jimmidyson-configmap-reload + tag: v0.2.2 + fluentbit: + repository: rancher/fluent-fluent-bit + tag: 1.6.4 + fluentbit_debug: + repository: rancher/fluent-fluent-bit + tag: 1.6.4-debug + fluentd: + repository: rancher/banzaicloud-fluentd + tag: v1.11.5-alpine-1 + +fluentbit_tolerations: + - key: node-role.kubernetes.io/controlplane + value: "true" + effect: NoSchedule + - key: node-role.kubernetes.io/etcd + value: "true" + effect: NoExecute + +global: + cattle: + systemDefaultRegistry: "" diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/.helmignore b/released/charts/rancher-logging/rancher-logging/3.9.000/.helmignore new file mode 100755 index 000000000..50af03172 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/Chart.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/Chart.yaml new file mode 100755 index 000000000..3ce4441f5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/auto-install: rancher-logging-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Logging + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 + catalog.cattle.io/release-name: rancher-logging + catalog.cattle.io/ui-component: logging +apiVersion: v1 +appVersion: 3.9.0 +description: Collects and filter logs using highly configurable CRDs. Powered by Banzai + Cloud Logging Operator. +icon: https://charts.rancher.io/assets/logos/logging.svg +keywords: +- logging +- monitoring +- security +name: rancher-logging +version: 3.9.000 diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/README.md b/released/charts/rancher-logging/rancher-logging/3.9.000/README.md new file mode 100755 index 000000000..783816749 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/README.md @@ -0,0 +1,129 @@ + +# Logging operator Chart + +[Logging operator](https://github.com/banzaicloud/logging-operator) Managed centralized logging component fluentd and fluent-bit instance on cluster. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator +``` + +## Introduction + +This chart bootstraps a [Logging Operator](https://github.com/banzaicloud/logging-operator) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.8+ with Beta APIs enabled + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install --name my-release banzaicloud-stable/logging-operator +``` + +### CRDs +Use `createCustomResource=false` with Helm v3 to avoid trying to create CRDs from the `crds` folder and from templates at the same time. + +The command deploys **Logging operator** on the Kubernetes cluster with the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following tables lists the configurable parameters of the logging-operator chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `image.repository` | Container image repository | `ghcr.io/banzaicloud/logging-operator` | +| `image.tag` | Container image tag | `3.9.0` | +| `image.pullPolicy` | Container pull policy | `IfNotPresent` | +| `nameOverride` | Override name of app | `` | +| `fullnameOverride` | Override full name of app | `` | +| `namespaceOverride` | Override namespace of app | `` | +| `watchNamespace` | Namespace to watch for LoggingOperator CRD | `` | +| `rbac.enabled` | Create rbac service account and roles | `true` | +| `rbac.psp.enabled` | Must be used with `rbac.enabled` true. If true, creates & uses RBAC resources required in the cluster with [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) enabled. | `false` | +| `priorityClassName` | Operator priorityClassName | `{}` | +| `affinity` | Node Affinity | `{}` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `tolerations` | Node Tolerations | `[]` | +| `nodeSelector` | Define which Nodes the Pods are scheduled on. | `{}` | +| `annotations` | Define annotations for logging-operator pods | `{}` | +| `podSecurityContext` | Pod SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"runAsNonRoot": true, "runAsUser": 1000, "fsGroup": 2000}` | +| `securityContext` | Container SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"allowPrivilegeEscalation": false, "readOnlyRootFilesystem": true}` | +| `createCustomResource` | Create CRDs. | `true` | +| `monitoring.serviceMonitor.enabled` | Create Prometheus Operator servicemonitor. | `false` | + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: + +```bash +$ helm install --name my-release -f values.yaml banzaicloud-stable/logging-operator +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Installing Fluentd and Fluent-bit via logging + +The previous chart does **not** install `logging` resource to deploy Fluentd and Fluent-bit on cluster. To install them please use the [Logging Operator Logging](https://github.com/banzaicloud/logging-operator/tree/master/charts/logging-operator-logging) chart. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `tls.enabled` | Enabled TLS communication between components | true | +| `tls.fluentdSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.fluentbitSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.sharedKey` | Shared key between nodes (fluentd-fluentbit) | [autogenerated] | +| `fluentbit.enabled` | Install fluent-bit | true | +| `fluentbit.namespace` | Specified fluentbit installation namespace | same as operator namespace | +| `fluentbit.image.tag` | Fluentbit container image tag | `1.6.10` | +| `fluentbit.image.repository` | Fluentbit container image repository | `fluent/fluent-bit` | +| `fluentbit.image.pullPolicy` | Fluentbit container pull policy | `IfNotPresent` | +| `fluentd.enabled` | Install fluentd | true | +| `fluentd.image.tag` | Fluentd container image tag | `v1.11.5-alpine-9` | +| `fluentd.image.repository` | Fluentd container image repository | `ghcr.io/banzaicloud/fluentd` | +| `fluentd.image.pullPolicy` | Fluentd container pull policy | `IfNotPresent` | +| `fluentd.volumeModImage.tag` | Fluentd volumeModImage container image tag | `latest` | +| `fluentd.volumeModImage.repository` | Fluentd volumeModImage container image repository | `busybox` | +| `fluentd.volumeModImage.pullPolicy` | Fluentd volumeModImage container pull policy | `IfNotPresent` | +| `fluentd.configReloaderImage.tag` | Fluentd configReloaderImage container image tag | `v0.2.2` | +| `fluentd.configReloaderImage.repository` | Fluentd configReloaderImage container image repository | `jimmidyson/configmap-reload` | +| `fluentd.configReloaderImage.pullPolicy` | Fluentd configReloaderImage container pull policy | `IfNotPresent` | +| `fluentd.fluentdPvcSpec.accessModes` | Fluentd persistence volume access modes | `[ReadWriteOnce]` | +| `fluentd.fluentdPvcSpec.resources.requests.storage` | Fluentd persistence volume size | `21Gi` | +| `fluentd.fluentdPvcSpec.storageClassName` | Fluentd persistence volume storageclass | `"""` | diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/app-readme.md b/released/charts/rancher-logging/rancher-logging/3.9.000/app-readme.md new file mode 100755 index 000000000..2de4ab4c5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/app-readme.md @@ -0,0 +1,22 @@ +# Rancher Logging + +This chart is based off of the upstream [Banzai Logging Operator](https://banzaicloud.com/docs/one-eye/logging-operator/) chart. The chart deploys a logging operator and CRDs, which allows users to configure complex logging pipelines with a few simple custom resources. There are two levels of logging, which allow you to collect all logs in a cluster or from a single namespace. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/logging/v2.5/). + +## Namespace-level logging + +To collect logs from a single namespace, users create flows and these flows are connected to outputs or cluster outputs. + +## Cluster-level logging + +To collect logs from an entire cluster, users create cluster flows and cluster outputs. + +## CRDs + +- [Cluster Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusterflow_types/) - A cluster flow is a CRD (`ClusterFlow`) that defines what logs to collect from the entire cluster. The cluster flow must be deployed in the same namespace as the logging operator. +- [Cluster Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusteroutput_types/) - A cluster output is a CRD (`ClusterOutput`) that defines how to connect to logging providers so they can start collecting logs. The cluster output must be deployed in the same namespace as the logging operator. The convenience of using a cluster output is that either a cluster flow or flow can send logs to those providers without needing to define specific outputs in each namespace for each flow. +- [Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/flow_types/) - A flow is a CRD (`Flow`) that defines what logs to collect from the namespace that it is deployed in. +- [Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/output_types/) - An output is a CRD (`Output`) that defines how to connect to logging providers so logs can be sent to the provider. + +For more information on how to configure the Helm chart, refer to the Helm README. diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/NOTES.txt b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/NOTES.txt new file mode 100755 index 000000000..e69de29bb diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/_helpers.tpl b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/_helpers.tpl new file mode 100755 index 000000000..b2b289443 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "logging-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "logging-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Provides the namespace the chart will be installed in using the builtin .Release.Namespace, +or, if provided, a manually overwritten namespace value. +*/}} +{{- define "logging-operator.namespace" -}} +{{- if .Values.namespaceOverride -}} +{{ .Values.namespaceOverride -}} +{{- else -}} +{{ .Release.Namespace }} +{{- end -}} +{{- end -}} + + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "logging-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "logging-operator.labels" -}} +app.kubernetes.io/name: {{ include "logging-operator.name" . }} +helm.sh/chart: {{ include "logging-operator.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/clusterrole.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/clusterrole.yaml new file mode 100755 index 000000000..709eedb91 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/clusterrole.yaml @@ -0,0 +1,167 @@ +{{- if .Values.rbac.enabled }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: {{ template "logging-operator.fullname" . }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - endpoints + - namespaces + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - pods + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + - events.k8s.io + resources: + - events + verbs: + - create + - get + - list + - watch +- apiGroups: + - apps + resources: + - daemonsets + - replicasets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - policy + resources: + - podsecuritypolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - use + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - clusterflows + - clusteroutputs + - flows + - loggings + - outputs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - clusterflows/status + - clusteroutputs/status + - flows/status + - loggings/status + - outputs/status + verbs: + - get + - patch + - update +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/clusterrolebinding.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..89d17d094 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/clusterrolebinding.yaml @@ -0,0 +1,18 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "logging-operator.fullname" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +subjects: + - kind: ServiceAccount + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "logging-operator.fullname" . }} + + {{- end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/crds.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/crds.yaml new file mode 100755 index 000000000..f573652d0 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/crds.yaml @@ -0,0 +1,6 @@ +{{- if .Values.createCustomResource -}} +{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }} +{{ $.Files.Get $path }} +--- +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/deployment.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/deployment.yaml new file mode 100755 index 000000000..da93d4c29 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/deployment.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + ports: + - name: http + containerPort: {{ .Values.http.port }} + + {{- if .Values.securityContext }} + securityContext: {{ toYaml .Values.securityContext | nindent 12 }} + {{- end }} + {{- if .Values.podSecurityContext }} + securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} + {{- end }} + + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.rbac.enabled }} + serviceAccountName: {{ include "logging-operator.fullname" . }} + {{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/aks/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/aks/logging.yaml new file mode 100755 index 000000000..c7f6ce7e5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/aks/logging.yaml @@ -0,0 +1,55 @@ +{{- if .Values.additionalLoggingSources.aks.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-aks + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "aks" + Path: "/var/log/azure/kubelet-status.log" + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/eks/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/eks/logging.yaml new file mode 100755 index 000000000..30c22d82e --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/eks/logging.yaml @@ -0,0 +1,56 @@ +{{- if .Values.additionalLoggingSources.eks.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-eks + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "eks" + Path: "/var/log/messages" + Parser: "syslog" + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/gke/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/gke/logging.yaml new file mode 100755 index 000000000..a1f36c670 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/gke/logging.yaml @@ -0,0 +1,55 @@ +{{- if .Values.additionalLoggingSources.gke.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-gke + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "gke" + Path: "/var/log/kube-proxy.log" + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/k3s/logging-k3s-openrc.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/k3s/logging-k3s-openrc.yaml new file mode 100755 index 000000000..0143b6a89 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/k3s/logging-k3s-openrc.yaml @@ -0,0 +1,65 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "openrc")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/k3s.log" + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/k3s/logging-k3s-systemd.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/k3s/logging-k3s-systemd.yaml new file mode 100755 index 000000000..56aedb2d6 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/k3s/logging-k3s-systemd.yaml @@ -0,0 +1,65 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "systemd")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/syslog" + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke/configmap.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke/configmap.yaml new file mode 100755 index 000000000..2af01ac0c --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke/configmap.yaml @@ -0,0 +1,26 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [SERVICE] + Log_Level {{ .Values.additionalLoggingSources.rke.fluentbit.log_level }} + Parsers_File parsers.conf + + [INPUT] + Tag rke + Name tail + Path_Key filename + Parser json + DB /tail-db/tail-containers-state.db + Mem_Buf_Limit {{ .Values.additionalLoggingSources.rke.fluentbit.mem_buffer_limit }} + Path /var/lib/rancher/rke/log/*.log + + [OUTPUT] + Name file + Path /var/lib/rancher/logging/ +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke/daemonset.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke/daemonset.yaml new file mode 100755 index 000000000..3f41f7b0a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke/daemonset.yaml @@ -0,0 +1,127 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +{{- $containers := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke-aggregator + template: + metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke-aggregator + spec: + containers: + - name: fluentbit + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + volumeMounts: + - mountPath: /var/lib/rancher/rke/log/ + name: indir + - mountPath: /var/lib/rancher/logging/ + name: outdir + - mountPath: {{ $containers }} + name: containers + - mountPath: /tail-db + name: tail-db + - mountPath: /fluent-bit/etc/fluent-bit.conf + name: config + subPath: fluent-bit.conf + volumes: + - name: indir + hostPath: + path: /var/lib/rancher/rke/log/ + type: DirectoryOrCreate + - name: outdir + hostPath: + path: /var/lib/rancher/logging/ + type: DirectoryOrCreate + - name: containers + hostPath: + path: {{ $containers }} + type: DirectoryOrCreate + - name: tail-db + hostPath: + path: /var/lib/rancher/logging/tail-db/ + type: DirectoryOrCreate + - name: config + configMap: + name: "{{ .Release.Name }}-rke" + serviceAccountName: "{{ .Release.Name }}-rke-aggregator" + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +{{- if .Values.global.psp.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: "{{ .Release.Name }}-rke-aggregator" +rules: + - apiGroups: + - policy + resourceNames: + - "{{ .Release.Name }}-rke-aggregator" + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "{{ .Release.Name }}-rke-aggregator" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: "{{ .Release.Name }}-rke-aggregator" +subjects: + - kind: ServiceAccount + name: "{{ .Release.Name }}-rke-aggregator" +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + allowPrivilegeEscalation: false + allowedHostPaths: + - pathPrefix: {{ $containers }} + readOnly: false + - pathPrefix: /var/lib/rancher/rke/log/ + readOnly: false + - pathPrefix: /var/lib/rancher/logging/ + readOnly: false + fsGroup: + rule: RunAsAny + readOnlyRootFilesystem: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - emptyDir + - secret + - hostPath +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke/logging-rke.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke/logging-rke.yaml new file mode 100755 index 000000000..d25c0047f --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke/logging-rke.yaml @@ -0,0 +1,70 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +{{- $containers := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke" + Path: "/var/lib/rancher/logging/rke" + Parser: json + extraVolumeMounts: + - source: "/var/lib/rancher/logging/" + destination: "/var/lib/rancher/logging/" + readOnly: true + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- if .Values.global.dockerRootDirectory }} + mountPath: {{ $containers }} + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/configmap.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/configmap.yaml new file mode 100755 index 000000000..d8910122a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/configmap.yaml @@ -0,0 +1,18 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke2 + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [INPUT] + Name systemd + Tag rke2 + Systemd_Filter _SYSTEMD_UNIT=rke2.service + + [OUTPUT] + Name file + Path /etc/rancher/logging/rke2.log +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/daemonset.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/daemonset.yaml new file mode 100755 index 000000000..2b4672811 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/daemonset.yaml @@ -0,0 +1,101 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke2-journald-aggregator + template: + metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke2-journald-aggregator + spec: + containers: + - name: fluentd + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + volumeMounts: + - mountPath: /etc/rancher/logging/logs/ + name: logdir + - mountPath: /fluent-bit/etc/ + name: config + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: "{{ .Release.Name }}-rke2-journald-aggregator" + volumes: + - name: logdir + hostPath: + path: /etc/rancher/logging/logs/ + - name: config + configMap: + name: "{{ .Release.Name }}-rke2" +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +{{- if .Values.global.psp.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" +rules: + - apiGroups: + - policy + resourceNames: + - "{{ .Release.Name }}-rke2-journald-aggregator" + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: "{{ .Release.Name }}-rke2-journald-aggregator" +subjects: + - kind: ServiceAccount + name: "{{ .Release.Name }}-rke2-journald-aggregator" +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + allowPrivilegeEscalation: false + allowedHostPaths: + - pathPrefix: /etc/rancher/logging/logs + readOnly: false + fsGroup: + rule: RunAsAny + readOnlyRootFilesystem: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - emptyDir + - secret + - hostPath +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/logging-rke2-containers.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/logging-rke2-containers.yaml new file mode 100755 index 000000000..2bc1900ce --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/logging-rke2-containers.yaml @@ -0,0 +1,63 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke2-containers + namespace: {{ .Release.Namespace }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke2" + Path: "/var/log/containers/*rke*.log" + extraVolumeMounts: + - source: "/var/log/containers/" + destination: "/var/log/containers/" + readOnly: true + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/logging-rke2-journald.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/logging-rke2-journald.yaml new file mode 100755 index 000000000..72ac37bab --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/logging-rke2-journald.yaml @@ -0,0 +1,63 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke2-journald + namespace: {{ .Release.Namespace }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke2" + Path: "/etc/rancher/logging/logs/*.log" + extraVolumeMounts: + - source: "/etc/rancher/logging/logs/" + destination: "/etc/rancher/logging/logs/" + readOnly: true + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/root/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/root/logging.yaml new file mode 100755 index 000000000..09071405d --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/root/logging.yaml @@ -0,0 +1,64 @@ +{{- $containers := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- if .Values.global.dockerRootDirectory }} + mountPath: {{ $containers }} + extraVolumeMounts: + - source: {{ $containers }} + destination: {{ $containers }} + readOnly: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/psp.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/psp.yaml new file mode 100755 index 000000000..d0eab300c --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/psp.yaml @@ -0,0 +1,33 @@ +{{ if and .Values.rbac.enabled .Values.rbac.psp.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: psp.logging-operator + namespace: {{ include "logging-operator.namespace" . }} + annotations: + seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default,runtime/default' + seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + runAsUser: + rule: MustRunAsNonRoot + fsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + supplementalGroups: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + volumes: + - secret + - configMap +{{ end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/service.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/service.yaml new file mode 100755 index 000000000..f419ae2c4 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + type: ClusterIP + {{- with .Values.http.service.clusterIP }} + clusterIP: {{ . }} + {{- end }} + ports: + - port: {{ .Values.http.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/serviceMonitor.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/serviceMonitor.yaml new file mode 100755 index 000000000..1bb762cde --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/serviceMonitor.yaml @@ -0,0 +1,30 @@ +{{ if .Values.monitoring.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +{{- with .Values.monitoring.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} +{{- end }} +spec: + selector: + matchLabels: +{{ include "logging-operator.labels" . | indent 6 }} + endpoints: + - port: http + path: /metrics + {{- with .Values.monitoring.serviceMonitor.metricsRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.monitoring.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 4 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "logging-operator.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/serviceaccount.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/serviceaccount.yaml new file mode 100755 index 000000000..cbb2a94b4 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/serviceaccount.yaml @@ -0,0 +1,10 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/userroles.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/userroles.yaml new file mode 100755 index 000000000..f4136b09a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/userroles.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-admin" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-view" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + - clusterflows + - clusteroutputs + verbs: + - get + - list + - watch diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/validate-install-crd.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/validate-install-crd.yaml new file mode 100755 index 000000000..66e8725e5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/validate-install-crd.yaml @@ -0,0 +1,18 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterFlow" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterOutput" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Flow" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Logging" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Output" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/validate-install.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/validate-install.yaml new file mode 100755 index 000000000..bd624cc4b --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/validate-install.yaml @@ -0,0 +1,5 @@ +#{{- if .Values.global.dockerRootDirectory }} +#{{- if or (hasSuffix "/containers" .Values.global.dockerRootDirectory) (hasSuffix "/" .Values.global.dockerRootDirectory) }} +#{{- required "global.dockerRootDirectory must not end with suffix: '/' or '/containers'" "" -}} +#{{- end }} +#{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/values.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/values.yaml new file mode 100755 index 000000000..e07558390 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/values.yaml @@ -0,0 +1,149 @@ +# Default values for logging-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: rancher/mirrored-banzaicloud-logging-operator + tag: 3.9.0 + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" +namespaceOverride: "" + +annotations: {} + +## Deploy CRDs used by Logging Operator. +## +createCustomResource: false + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: + kubernetes.io/os: linux + +tolerations: + - key: cattle.io/os + operator: "Equal" + value: "linux" + effect: NoSchedule + +affinity: {} + +http: + # http listen port number + port: 8080 + # Service definition for query http service + service: + type: ClusterIP + clusterIP: None + # Annotations to query http service + annotations: {} + # Labels to query http service + labels: {} + +# These "rbac" settings match the upstream defaults. For only using psp in the overlay files, which +# include the default Logging CRs created, see the "global.psp" setting. To enable psp for the entire +# chart, enable both "rbac.psp" and "global.psp" (this may require further changes to the chart). +rbac: + enabled: true + psp: + enabled: false + +## SecurityContext holds pod-level security attributes and common container settings. +## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +podSecurityContext: {} +# runAsNonRoot: true +# runAsUser: 1000 +# fsGroup: 2000 +securityContext: {} +# allowPrivilegeEscalation: false +# readOnlyRootFilesystem: true + # capabilities: + # drop: ["ALL"] + +## Operator priorityClassName +## +priorityClassName: {} + +monitoring: + # Create a Prometheus Operator ServiceMonitor object + serviceMonitor: + enabled: false + additionalLabels: {} + metricRelabelings: [] + relabelings: [] + +disablePvc: true + +additionalLoggingSources: + rke: + enabled: false + fluentbit: + log_level: "info" + mem_buffer_limit: "5MB" + rke2: + enabled: false + k3s: + enabled: false + container_engine: "systemd" + aks: + enabled: false + eks: + enabled: false + gke: + enabled: false + +images: + config_reloader: + repository: rancher/mirrored-jimmidyson-configmap-reload + tag: v0.4.0 + fluentbit: + repository: rancher/mirrored-fluent-fluent-bit + tag: 1.6.10 + fluentbit_debug: + repository: rancher/mirrored-fluent-fluent-bit + tag: 1.6.10-debug + fluentd: + repository: rancher/mirrored-banzaicloud-fluentd + tag: v1.11.5-alpine-9 + +# These "fluentd" and "fluentbit" settings apply to every Logging CR, including vendor Logging CRs +# enabled in "additionalLoggingSources". Changing these affects every Logging CR installed. +fluentd: + resources: {} +fluentbit: + resources: {} + tolerations: + - key: node-role.kubernetes.io/controlplane + value: "true" + effect: NoSchedule + - key: node-role.kubernetes.io/etcd + value: "true" + effect: NoExecute + +global: + cattle: + systemDefaultRegistry: "" + # Change the "dockerRootDirectory" if the default Docker directory has changed. + dockerRootDirectory: "" + # This psp setting differs from the upstream "rbac.psp" by only enabling psp settings for the + # overlay files, which include the Logging CRs created, whereas the upstream "rbac.psp" affects the + # logging operator. + psp: + enabled: true diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/.helmignore b/released/charts/rancher-logging/rancher-logging/3.9.001/.helmignore new file mode 100755 index 000000000..50af03172 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/Chart.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/Chart.yaml new file mode 100755 index 000000000..2a2b73974 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/auto-install: rancher-logging-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Logging + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 + catalog.cattle.io/release-name: rancher-logging + catalog.cattle.io/ui-component: logging +apiVersion: v1 +appVersion: 3.9.0 +description: Collects and filter logs using highly configurable CRDs. Powered by Banzai + Cloud Logging Operator. +icon: https://charts.rancher.io/assets/logos/logging.svg +keywords: +- logging +- monitoring +- security +name: rancher-logging +version: 3.9.001 diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/README.md b/released/charts/rancher-logging/rancher-logging/3.9.001/README.md new file mode 100755 index 000000000..783816749 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/README.md @@ -0,0 +1,129 @@ + +# Logging operator Chart + +[Logging operator](https://github.com/banzaicloud/logging-operator) Managed centralized logging component fluentd and fluent-bit instance on cluster. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator +``` + +## Introduction + +This chart bootstraps a [Logging Operator](https://github.com/banzaicloud/logging-operator) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.8+ with Beta APIs enabled + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install --name my-release banzaicloud-stable/logging-operator +``` + +### CRDs +Use `createCustomResource=false` with Helm v3 to avoid trying to create CRDs from the `crds` folder and from templates at the same time. + +The command deploys **Logging operator** on the Kubernetes cluster with the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following tables lists the configurable parameters of the logging-operator chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `image.repository` | Container image repository | `ghcr.io/banzaicloud/logging-operator` | +| `image.tag` | Container image tag | `3.9.0` | +| `image.pullPolicy` | Container pull policy | `IfNotPresent` | +| `nameOverride` | Override name of app | `` | +| `fullnameOverride` | Override full name of app | `` | +| `namespaceOverride` | Override namespace of app | `` | +| `watchNamespace` | Namespace to watch for LoggingOperator CRD | `` | +| `rbac.enabled` | Create rbac service account and roles | `true` | +| `rbac.psp.enabled` | Must be used with `rbac.enabled` true. If true, creates & uses RBAC resources required in the cluster with [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) enabled. | `false` | +| `priorityClassName` | Operator priorityClassName | `{}` | +| `affinity` | Node Affinity | `{}` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `tolerations` | Node Tolerations | `[]` | +| `nodeSelector` | Define which Nodes the Pods are scheduled on. | `{}` | +| `annotations` | Define annotations for logging-operator pods | `{}` | +| `podSecurityContext` | Pod SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"runAsNonRoot": true, "runAsUser": 1000, "fsGroup": 2000}` | +| `securityContext` | Container SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"allowPrivilegeEscalation": false, "readOnlyRootFilesystem": true}` | +| `createCustomResource` | Create CRDs. | `true` | +| `monitoring.serviceMonitor.enabled` | Create Prometheus Operator servicemonitor. | `false` | + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: + +```bash +$ helm install --name my-release -f values.yaml banzaicloud-stable/logging-operator +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Installing Fluentd and Fluent-bit via logging + +The previous chart does **not** install `logging` resource to deploy Fluentd and Fluent-bit on cluster. To install them please use the [Logging Operator Logging](https://github.com/banzaicloud/logging-operator/tree/master/charts/logging-operator-logging) chart. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `tls.enabled` | Enabled TLS communication between components | true | +| `tls.fluentdSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.fluentbitSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.sharedKey` | Shared key between nodes (fluentd-fluentbit) | [autogenerated] | +| `fluentbit.enabled` | Install fluent-bit | true | +| `fluentbit.namespace` | Specified fluentbit installation namespace | same as operator namespace | +| `fluentbit.image.tag` | Fluentbit container image tag | `1.6.10` | +| `fluentbit.image.repository` | Fluentbit container image repository | `fluent/fluent-bit` | +| `fluentbit.image.pullPolicy` | Fluentbit container pull policy | `IfNotPresent` | +| `fluentd.enabled` | Install fluentd | true | +| `fluentd.image.tag` | Fluentd container image tag | `v1.11.5-alpine-9` | +| `fluentd.image.repository` | Fluentd container image repository | `ghcr.io/banzaicloud/fluentd` | +| `fluentd.image.pullPolicy` | Fluentd container pull policy | `IfNotPresent` | +| `fluentd.volumeModImage.tag` | Fluentd volumeModImage container image tag | `latest` | +| `fluentd.volumeModImage.repository` | Fluentd volumeModImage container image repository | `busybox` | +| `fluentd.volumeModImage.pullPolicy` | Fluentd volumeModImage container pull policy | `IfNotPresent` | +| `fluentd.configReloaderImage.tag` | Fluentd configReloaderImage container image tag | `v0.2.2` | +| `fluentd.configReloaderImage.repository` | Fluentd configReloaderImage container image repository | `jimmidyson/configmap-reload` | +| `fluentd.configReloaderImage.pullPolicy` | Fluentd configReloaderImage container pull policy | `IfNotPresent` | +| `fluentd.fluentdPvcSpec.accessModes` | Fluentd persistence volume access modes | `[ReadWriteOnce]` | +| `fluentd.fluentdPvcSpec.resources.requests.storage` | Fluentd persistence volume size | `21Gi` | +| `fluentd.fluentdPvcSpec.storageClassName` | Fluentd persistence volume storageclass | `"""` | diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/app-readme.md b/released/charts/rancher-logging/rancher-logging/3.9.001/app-readme.md new file mode 100755 index 000000000..2de4ab4c5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/app-readme.md @@ -0,0 +1,22 @@ +# Rancher Logging + +This chart is based off of the upstream [Banzai Logging Operator](https://banzaicloud.com/docs/one-eye/logging-operator/) chart. The chart deploys a logging operator and CRDs, which allows users to configure complex logging pipelines with a few simple custom resources. There are two levels of logging, which allow you to collect all logs in a cluster or from a single namespace. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/logging/v2.5/). + +## Namespace-level logging + +To collect logs from a single namespace, users create flows and these flows are connected to outputs or cluster outputs. + +## Cluster-level logging + +To collect logs from an entire cluster, users create cluster flows and cluster outputs. + +## CRDs + +- [Cluster Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusterflow_types/) - A cluster flow is a CRD (`ClusterFlow`) that defines what logs to collect from the entire cluster. The cluster flow must be deployed in the same namespace as the logging operator. +- [Cluster Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusteroutput_types/) - A cluster output is a CRD (`ClusterOutput`) that defines how to connect to logging providers so they can start collecting logs. The cluster output must be deployed in the same namespace as the logging operator. The convenience of using a cluster output is that either a cluster flow or flow can send logs to those providers without needing to define specific outputs in each namespace for each flow. +- [Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/flow_types/) - A flow is a CRD (`Flow`) that defines what logs to collect from the namespace that it is deployed in. +- [Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/output_types/) - An output is a CRD (`Output`) that defines how to connect to logging providers so logs can be sent to the provider. + +For more information on how to configure the Helm chart, refer to the Helm README. diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/NOTES.txt b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/NOTES.txt new file mode 100755 index 000000000..e69de29bb diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/_helpers.tpl b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/_helpers.tpl new file mode 100755 index 000000000..b2b289443 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "logging-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "logging-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Provides the namespace the chart will be installed in using the builtin .Release.Namespace, +or, if provided, a manually overwritten namespace value. +*/}} +{{- define "logging-operator.namespace" -}} +{{- if .Values.namespaceOverride -}} +{{ .Values.namespaceOverride -}} +{{- else -}} +{{ .Release.Namespace }} +{{- end -}} +{{- end -}} + + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "logging-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "logging-operator.labels" -}} +app.kubernetes.io/name: {{ include "logging-operator.name" . }} +helm.sh/chart: {{ include "logging-operator.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/clusterrole.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/clusterrole.yaml new file mode 100755 index 000000000..709eedb91 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/clusterrole.yaml @@ -0,0 +1,167 @@ +{{- if .Values.rbac.enabled }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: {{ template "logging-operator.fullname" . }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - endpoints + - namespaces + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - pods + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + - events.k8s.io + resources: + - events + verbs: + - create + - get + - list + - watch +- apiGroups: + - apps + resources: + - daemonsets + - replicasets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - policy + resources: + - podsecuritypolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - use + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - clusterflows + - clusteroutputs + - flows + - loggings + - outputs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - clusterflows/status + - clusteroutputs/status + - flows/status + - loggings/status + - outputs/status + verbs: + - get + - patch + - update +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/clusterrolebinding.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..89d17d094 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/clusterrolebinding.yaml @@ -0,0 +1,18 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "logging-operator.fullname" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +subjects: + - kind: ServiceAccount + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "logging-operator.fullname" . }} + + {{- end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/crds.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/crds.yaml new file mode 100755 index 000000000..f573652d0 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/crds.yaml @@ -0,0 +1,6 @@ +{{- if .Values.createCustomResource -}} +{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }} +{{ $.Files.Get $path }} +--- +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/deployment.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/deployment.yaml new file mode 100755 index 000000000..da93d4c29 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/deployment.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + ports: + - name: http + containerPort: {{ .Values.http.port }} + + {{- if .Values.securityContext }} + securityContext: {{ toYaml .Values.securityContext | nindent 12 }} + {{- end }} + {{- if .Values.podSecurityContext }} + securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} + {{- end }} + + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.rbac.enabled }} + serviceAccountName: {{ include "logging-operator.fullname" . }} + {{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/aks/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/aks/logging.yaml new file mode 100755 index 000000000..c7f6ce7e5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/aks/logging.yaml @@ -0,0 +1,55 @@ +{{- if .Values.additionalLoggingSources.aks.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-aks + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "aks" + Path: "/var/log/azure/kubelet-status.log" + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/eks/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/eks/logging.yaml new file mode 100755 index 000000000..30c22d82e --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/eks/logging.yaml @@ -0,0 +1,56 @@ +{{- if .Values.additionalLoggingSources.eks.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-eks + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "eks" + Path: "/var/log/messages" + Parser: "syslog" + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/gke/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/gke/logging.yaml new file mode 100755 index 000000000..a1f36c670 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/gke/logging.yaml @@ -0,0 +1,55 @@ +{{- if .Values.additionalLoggingSources.gke.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-gke + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "gke" + Path: "/var/log/kube-proxy.log" + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/k3s/logging-k3s-openrc.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/k3s/logging-k3s-openrc.yaml new file mode 100755 index 000000000..0143b6a89 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/k3s/logging-k3s-openrc.yaml @@ -0,0 +1,65 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "openrc")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/k3s.log" + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/k3s/logging-k3s-systemd.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/k3s/logging-k3s-systemd.yaml new file mode 100755 index 000000000..56aedb2d6 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/k3s/logging-k3s-systemd.yaml @@ -0,0 +1,65 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "systemd")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/syslog" + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke/configmap.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke/configmap.yaml new file mode 100755 index 000000000..ab91d93e2 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke/configmap.yaml @@ -0,0 +1,29 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [SERVICE] + Log_Level {{ .Values.additionalLoggingSources.rke.fluentbit.log_level }} + Parsers_File parsers.conf + + [INPUT] + Tag rke + Name tail + Path_Key filename + Parser docker + DB /tail-db/tail-containers-state.db + Mem_Buf_Limit {{ .Values.additionalLoggingSources.rke.fluentbit.mem_buffer_limit }} + Path /var/lib/rancher/rke/log/*.log + + [OUTPUT] + Name forward + Match * + Host {{ .Release.Name }}-fluentd.{{ .Release.Namespace }}.svc + Port 24240 + Retry_Limit False +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke/daemonset.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke/daemonset.yaml new file mode 100755 index 000000000..88c5bf31c --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke/daemonset.yaml @@ -0,0 +1,119 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +{{- $containers := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke-aggregator + template: + metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke-aggregator + spec: + containers: + - name: fluentbit + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + volumeMounts: + - mountPath: /var/lib/rancher/rke/log/ + name: indir + - mountPath: {{ $containers }} + name: containers + - mountPath: /tail-db + name: positiondb + - mountPath: /fluent-bit/etc/fluent-bit.conf + name: config + subPath: fluent-bit.conf + volumes: + - name: indir + hostPath: + path: /var/lib/rancher/rke/log/ + type: DirectoryOrCreate + - name: containers + hostPath: + path: {{ $containers }} + type: DirectoryOrCreate + - name: positiondb + emptyDir: {} + - name: config + configMap: + name: "{{ .Release.Name }}-rke" + serviceAccountName: "{{ .Release.Name }}-rke-aggregator" + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +{{- if .Values.global.psp.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: "{{ .Release.Name }}-rke-aggregator" +rules: + - apiGroups: + - policy + resourceNames: + - "{{ .Release.Name }}-rke-aggregator" + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "{{ .Release.Name }}-rke-aggregator" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: "{{ .Release.Name }}-rke-aggregator" +subjects: + - kind: ServiceAccount + name: "{{ .Release.Name }}-rke-aggregator" +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + allowPrivilegeEscalation: false + allowedHostPaths: + - pathPrefix: {{ $containers }} + readOnly: false + - pathPrefix: /var/lib/rancher/rke/log/ + readOnly: false + - pathPrefix: /var/lib/rancher/logging/ + readOnly: false + fsGroup: + rule: RunAsAny + readOnlyRootFilesystem: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - emptyDir + - secret + - hostPath +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke2/configmap.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke2/configmap.yaml new file mode 100755 index 000000000..86369d140 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke2/configmap.yaml @@ -0,0 +1,21 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke2 + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [INPUT] + Name systemd + Tag rke2 + Systemd_Filter _SYSTEMD_UNIT=rke2.service + + [OUTPUT] + Name forward + Match * + Host {{ .Release.Name }}-fluentd.{{ .Release.Namespace }}.svc + Port 24240 + Retry_Limit False +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke2/daemonset.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke2/daemonset.yaml new file mode 100755 index 000000000..3bf73f22f --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke2/daemonset.yaml @@ -0,0 +1,93 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke2-journald-aggregator + template: + metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke2-journald-aggregator + spec: + containers: + - name: fluentd + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + volumeMounts: + - mountPath: /fluent-bit/etc/ + name: config + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: "{{ .Release.Name }}-rke2-journald-aggregator" + volumes: + - name: config + configMap: + name: "{{ .Release.Name }}-rke2" +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +{{- if .Values.global.psp.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" +rules: + - apiGroups: + - policy + resourceNames: + - "{{ .Release.Name }}-rke2-journald-aggregator" + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: "{{ .Release.Name }}-rke2-journald-aggregator" +subjects: + - kind: ServiceAccount + name: "{{ .Release.Name }}-rke2-journald-aggregator" +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + allowPrivilegeEscalation: false + fsGroup: + rule: RunAsAny + readOnlyRootFilesystem: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - emptyDir + - secret + - hostPath +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke2/logging-rke2-containers.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke2/logging-rke2-containers.yaml new file mode 100755 index 000000000..2bc1900ce --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke2/logging-rke2-containers.yaml @@ -0,0 +1,63 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke2-containers + namespace: {{ .Release.Namespace }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke2" + Path: "/var/log/containers/*rke*.log" + extraVolumeMounts: + - source: "/var/log/containers/" + destination: "/var/log/containers/" + readOnly: true + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/root/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/root/logging.yaml new file mode 100755 index 000000000..09071405d --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/root/logging.yaml @@ -0,0 +1,64 @@ +{{- $containers := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- if .Values.global.dockerRootDirectory }} + mountPath: {{ $containers }} + extraVolumeMounts: + - source: {{ $containers }} + destination: {{ $containers }} + readOnly: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/psp.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/psp.yaml new file mode 100755 index 000000000..d0eab300c --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/psp.yaml @@ -0,0 +1,33 @@ +{{ if and .Values.rbac.enabled .Values.rbac.psp.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: psp.logging-operator + namespace: {{ include "logging-operator.namespace" . }} + annotations: + seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default,runtime/default' + seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + runAsUser: + rule: MustRunAsNonRoot + fsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + supplementalGroups: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + volumes: + - secret + - configMap +{{ end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/service.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/service.yaml new file mode 100755 index 000000000..f419ae2c4 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + type: ClusterIP + {{- with .Values.http.service.clusterIP }} + clusterIP: {{ . }} + {{- end }} + ports: + - port: {{ .Values.http.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/serviceMonitor.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/serviceMonitor.yaml new file mode 100755 index 000000000..1bb762cde --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/serviceMonitor.yaml @@ -0,0 +1,30 @@ +{{ if .Values.monitoring.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +{{- with .Values.monitoring.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} +{{- end }} +spec: + selector: + matchLabels: +{{ include "logging-operator.labels" . | indent 6 }} + endpoints: + - port: http + path: /metrics + {{- with .Values.monitoring.serviceMonitor.metricsRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.monitoring.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 4 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "logging-operator.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/serviceaccount.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/serviceaccount.yaml new file mode 100755 index 000000000..cbb2a94b4 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/serviceaccount.yaml @@ -0,0 +1,10 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/userroles.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/userroles.yaml new file mode 100755 index 000000000..f4136b09a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/userroles.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-admin" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-view" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + - clusterflows + - clusteroutputs + verbs: + - get + - list + - watch diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/validate-install-crd.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/validate-install-crd.yaml new file mode 100755 index 000000000..66e8725e5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/validate-install-crd.yaml @@ -0,0 +1,18 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterFlow" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterOutput" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Flow" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Logging" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Output" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/validate-install.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/validate-install.yaml new file mode 100755 index 000000000..bd624cc4b --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/validate-install.yaml @@ -0,0 +1,5 @@ +#{{- if .Values.global.dockerRootDirectory }} +#{{- if or (hasSuffix "/containers" .Values.global.dockerRootDirectory) (hasSuffix "/" .Values.global.dockerRootDirectory) }} +#{{- required "global.dockerRootDirectory must not end with suffix: '/' or '/containers'" "" -}} +#{{- end }} +#{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/values.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/values.yaml new file mode 100755 index 000000000..e07558390 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/values.yaml @@ -0,0 +1,149 @@ +# Default values for logging-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: rancher/mirrored-banzaicloud-logging-operator + tag: 3.9.0 + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" +namespaceOverride: "" + +annotations: {} + +## Deploy CRDs used by Logging Operator. +## +createCustomResource: false + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: + kubernetes.io/os: linux + +tolerations: + - key: cattle.io/os + operator: "Equal" + value: "linux" + effect: NoSchedule + +affinity: {} + +http: + # http listen port number + port: 8080 + # Service definition for query http service + service: + type: ClusterIP + clusterIP: None + # Annotations to query http service + annotations: {} + # Labels to query http service + labels: {} + +# These "rbac" settings match the upstream defaults. For only using psp in the overlay files, which +# include the default Logging CRs created, see the "global.psp" setting. To enable psp for the entire +# chart, enable both "rbac.psp" and "global.psp" (this may require further changes to the chart). +rbac: + enabled: true + psp: + enabled: false + +## SecurityContext holds pod-level security attributes and common container settings. +## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +podSecurityContext: {} +# runAsNonRoot: true +# runAsUser: 1000 +# fsGroup: 2000 +securityContext: {} +# allowPrivilegeEscalation: false +# readOnlyRootFilesystem: true + # capabilities: + # drop: ["ALL"] + +## Operator priorityClassName +## +priorityClassName: {} + +monitoring: + # Create a Prometheus Operator ServiceMonitor object + serviceMonitor: + enabled: false + additionalLabels: {} + metricRelabelings: [] + relabelings: [] + +disablePvc: true + +additionalLoggingSources: + rke: + enabled: false + fluentbit: + log_level: "info" + mem_buffer_limit: "5MB" + rke2: + enabled: false + k3s: + enabled: false + container_engine: "systemd" + aks: + enabled: false + eks: + enabled: false + gke: + enabled: false + +images: + config_reloader: + repository: rancher/mirrored-jimmidyson-configmap-reload + tag: v0.4.0 + fluentbit: + repository: rancher/mirrored-fluent-fluent-bit + tag: 1.6.10 + fluentbit_debug: + repository: rancher/mirrored-fluent-fluent-bit + tag: 1.6.10-debug + fluentd: + repository: rancher/mirrored-banzaicloud-fluentd + tag: v1.11.5-alpine-9 + +# These "fluentd" and "fluentbit" settings apply to every Logging CR, including vendor Logging CRs +# enabled in "additionalLoggingSources". Changing these affects every Logging CR installed. +fluentd: + resources: {} +fluentbit: + resources: {} + tolerations: + - key: node-role.kubernetes.io/controlplane + value: "true" + effect: NoSchedule + - key: node-role.kubernetes.io/etcd + value: "true" + effect: NoExecute + +global: + cattle: + systemDefaultRegistry: "" + # Change the "dockerRootDirectory" if the default Docker directory has changed. + dockerRootDirectory: "" + # This psp setting differs from the upstream "rbac.psp" by only enabling psp settings for the + # overlay files, which include the Logging CRs created, whereas the upstream "rbac.psp" affects the + # logging operator. + psp: + enabled: true diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/.helmignore b/released/charts/rancher-logging/rancher-logging/3.9.002/.helmignore new file mode 100755 index 000000000..50af03172 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/Chart.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/Chart.yaml new file mode 100755 index 000000000..d87e0ec48 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/auto-install: rancher-logging-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Logging + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 + catalog.cattle.io/release-name: rancher-logging + catalog.cattle.io/ui-component: logging +apiVersion: v1 +appVersion: 3.9.0 +description: Collects and filter logs using highly configurable CRDs. Powered by Banzai + Cloud Logging Operator. +icon: https://charts.rancher.io/assets/logos/logging.svg +keywords: +- logging +- monitoring +- security +name: rancher-logging +version: 3.9.002 diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/README.md b/released/charts/rancher-logging/rancher-logging/3.9.002/README.md new file mode 100755 index 000000000..ca7938e2a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/README.md @@ -0,0 +1,130 @@ + +# Logging operator Chart + +[Logging operator](https://github.com/banzaicloud/logging-operator) Managed centralized logging component fluentd and fluent-bit instance on cluster. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator +``` + +## Introduction + +This chart bootstraps a [Logging Operator](https://github.com/banzaicloud/logging-operator) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.8+ with Beta APIs enabled + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install --name my-release banzaicloud-stable/logging-operator +``` + +### CRDs +Use `createCustomResource=false` with Helm v3 to avoid trying to create CRDs from the `crds` folder and from templates at the same time. + +The command deploys **Logging operator** on the Kubernetes cluster with the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following tables lists the configurable parameters of the logging-operator chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `image.repository` | Container image repository | `ghcr.io/banzaicloud/logging-operator` | +| `image.tag` | Container image tag | `3.9.0` | +| `image.pullPolicy` | Container pull policy | `IfNotPresent` | +| `nameOverride` | Override name of app | `` | +| `fullnameOverride` | Override full name of app | `` | +| `namespaceOverride` | Override namespace of app | `` | +| `watchNamespace` | Namespace to watch for LoggingOperator CRD | `` | +| `rbac.enabled` | Create rbac service account and roles | `true` | +| `rbac.psp.enabled` | Must be used with `rbac.enabled` true. If true, creates & uses RBAC resources required in the cluster with [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) enabled. | `false` | +| `priorityClassName` | Operator priorityClassName | `{}` | +| `affinity` | Node Affinity | `{}` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `tolerations` | Node Tolerations | `[]` | +| `nodeSelector` | Define which Nodes the Pods are scheduled on. | `{}` | +| `annotations` | Define annotations for logging-operator pods | `{}` | +| `podSecurityContext` | Pod SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"runAsNonRoot": true, "runAsUser": 1000, "fsGroup": 2000}` | +| `securityContext` | Container SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"allowPrivilegeEscalation": false, "readOnlyRootFilesystem": true}` | +| `createCustomResource` | Create CRDs. | `true` | +| `monitoring.serviceMonitor.enabled` | Create Prometheus Operator servicemonitor. | `false` | +| `global.seLinux.enabled` | Add seLinuxOptions to Logging resources, requires the [rke2-selinux RPM](https://github.com/rancher/rke2-selinux/releases) | `false` | + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: + +```bash +$ helm install --name my-release -f values.yaml banzaicloud-stable/logging-operator +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Installing Fluentd and Fluent-bit via logging + +The previous chart does **not** install `logging` resource to deploy Fluentd and Fluent-bit on cluster. To install them please use the [Logging Operator Logging](https://github.com/banzaicloud/logging-operator/tree/master/charts/logging-operator-logging) chart. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `tls.enabled` | Enabled TLS communication between components | true | +| `tls.fluentdSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.fluentbitSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.sharedKey` | Shared key between nodes (fluentd-fluentbit) | [autogenerated] | +| `fluentbit.enabled` | Install fluent-bit | true | +| `fluentbit.namespace` | Specified fluentbit installation namespace | same as operator namespace | +| `fluentbit.image.tag` | Fluentbit container image tag | `1.6.10` | +| `fluentbit.image.repository` | Fluentbit container image repository | `fluent/fluent-bit` | +| `fluentbit.image.pullPolicy` | Fluentbit container pull policy | `IfNotPresent` | +| `fluentd.enabled` | Install fluentd | true | +| `fluentd.image.tag` | Fluentd container image tag | `v1.11.5-alpine-9` | +| `fluentd.image.repository` | Fluentd container image repository | `ghcr.io/banzaicloud/fluentd` | +| `fluentd.image.pullPolicy` | Fluentd container pull policy | `IfNotPresent` | +| `fluentd.volumeModImage.tag` | Fluentd volumeModImage container image tag | `latest` | +| `fluentd.volumeModImage.repository` | Fluentd volumeModImage container image repository | `busybox` | +| `fluentd.volumeModImage.pullPolicy` | Fluentd volumeModImage container pull policy | `IfNotPresent` | +| `fluentd.configReloaderImage.tag` | Fluentd configReloaderImage container image tag | `v0.2.2` | +| `fluentd.configReloaderImage.repository` | Fluentd configReloaderImage container image repository | `jimmidyson/configmap-reload` | +| `fluentd.configReloaderImage.pullPolicy` | Fluentd configReloaderImage container pull policy | `IfNotPresent` | +| `fluentd.fluentdPvcSpec.accessModes` | Fluentd persistence volume access modes | `[ReadWriteOnce]` | +| `fluentd.fluentdPvcSpec.resources.requests.storage` | Fluentd persistence volume size | `21Gi` | +| `fluentd.fluentdPvcSpec.storageClassName` | Fluentd persistence volume storageclass | `"""` | diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/app-readme.md b/released/charts/rancher-logging/rancher-logging/3.9.002/app-readme.md new file mode 100755 index 000000000..2de4ab4c5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/app-readme.md @@ -0,0 +1,22 @@ +# Rancher Logging + +This chart is based off of the upstream [Banzai Logging Operator](https://banzaicloud.com/docs/one-eye/logging-operator/) chart. The chart deploys a logging operator and CRDs, which allows users to configure complex logging pipelines with a few simple custom resources. There are two levels of logging, which allow you to collect all logs in a cluster or from a single namespace. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/logging/v2.5/). + +## Namespace-level logging + +To collect logs from a single namespace, users create flows and these flows are connected to outputs or cluster outputs. + +## Cluster-level logging + +To collect logs from an entire cluster, users create cluster flows and cluster outputs. + +## CRDs + +- [Cluster Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusterflow_types/) - A cluster flow is a CRD (`ClusterFlow`) that defines what logs to collect from the entire cluster. The cluster flow must be deployed in the same namespace as the logging operator. +- [Cluster Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusteroutput_types/) - A cluster output is a CRD (`ClusterOutput`) that defines how to connect to logging providers so they can start collecting logs. The cluster output must be deployed in the same namespace as the logging operator. The convenience of using a cluster output is that either a cluster flow or flow can send logs to those providers without needing to define specific outputs in each namespace for each flow. +- [Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/flow_types/) - A flow is a CRD (`Flow`) that defines what logs to collect from the namespace that it is deployed in. +- [Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/output_types/) - An output is a CRD (`Output`) that defines how to connect to logging providers so logs can be sent to the provider. + +For more information on how to configure the Helm chart, refer to the Helm README. diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/NOTES.txt b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/NOTES.txt new file mode 100755 index 000000000..e69de29bb diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/_helpers.tpl b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/_helpers.tpl new file mode 100755 index 000000000..b2b289443 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "logging-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "logging-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Provides the namespace the chart will be installed in using the builtin .Release.Namespace, +or, if provided, a manually overwritten namespace value. +*/}} +{{- define "logging-operator.namespace" -}} +{{- if .Values.namespaceOverride -}} +{{ .Values.namespaceOverride -}} +{{- else -}} +{{ .Release.Namespace }} +{{- end -}} +{{- end -}} + + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "logging-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "logging-operator.labels" -}} +app.kubernetes.io/name: {{ include "logging-operator.name" . }} +helm.sh/chart: {{ include "logging-operator.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/clusterrole.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/clusterrole.yaml new file mode 100755 index 000000000..709eedb91 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/clusterrole.yaml @@ -0,0 +1,167 @@ +{{- if .Values.rbac.enabled }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: {{ template "logging-operator.fullname" . }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - endpoints + - namespaces + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - pods + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + - events.k8s.io + resources: + - events + verbs: + - create + - get + - list + - watch +- apiGroups: + - apps + resources: + - daemonsets + - replicasets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - policy + resources: + - podsecuritypolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - use + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - clusterflows + - clusteroutputs + - flows + - loggings + - outputs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - clusterflows/status + - clusteroutputs/status + - flows/status + - loggings/status + - outputs/status + verbs: + - get + - patch + - update +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/clusterrolebinding.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..89d17d094 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/clusterrolebinding.yaml @@ -0,0 +1,18 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "logging-operator.fullname" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +subjects: + - kind: ServiceAccount + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "logging-operator.fullname" . }} + + {{- end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/crds.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/crds.yaml new file mode 100755 index 000000000..f573652d0 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/crds.yaml @@ -0,0 +1,6 @@ +{{- if .Values.createCustomResource -}} +{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }} +{{ $.Files.Get $path }} +--- +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/deployment.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/deployment.yaml new file mode 100755 index 000000000..da93d4c29 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/deployment.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + ports: + - name: http + containerPort: {{ .Values.http.port }} + + {{- if .Values.securityContext }} + securityContext: {{ toYaml .Values.securityContext | nindent 12 }} + {{- end }} + {{- if .Values.podSecurityContext }} + securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} + {{- end }} + + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.rbac.enabled }} + serviceAccountName: {{ include "logging-operator.fullname" . }} + {{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/aks/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/aks/logging.yaml new file mode 100755 index 000000000..916f93b41 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/aks/logging.yaml @@ -0,0 +1,58 @@ +{{- if .Values.additionalLoggingSources.aks.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-aks + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "aks" + Path: "/var/log/azure/kubelet-status.log" + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/eks/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/eks/logging.yaml new file mode 100755 index 000000000..da4af2d9e --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/eks/logging.yaml @@ -0,0 +1,59 @@ +{{- if .Values.additionalLoggingSources.eks.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-eks + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "eks" + Path: "/var/log/messages" + Parser: "syslog" + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/gke/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/gke/logging.yaml new file mode 100755 index 000000000..3823127b2 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/gke/logging.yaml @@ -0,0 +1,58 @@ +{{- if .Values.additionalLoggingSources.gke.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-gke + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "gke" + Path: "/var/log/kube-proxy.log" + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/k3s/logging-k3s-openrc.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/k3s/logging-k3s-openrc.yaml new file mode 100755 index 000000000..cf5e988f3 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/k3s/logging-k3s-openrc.yaml @@ -0,0 +1,68 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "openrc")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/k3s.log" + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/k3s/logging-k3s-systemd.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/k3s/logging-k3s-systemd.yaml new file mode 100755 index 000000000..c4b3db0e7 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/k3s/logging-k3s-systemd.yaml @@ -0,0 +1,68 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "systemd")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/syslog" + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke/configmap.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke/configmap.yaml new file mode 100755 index 000000000..ab91d93e2 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke/configmap.yaml @@ -0,0 +1,29 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [SERVICE] + Log_Level {{ .Values.additionalLoggingSources.rke.fluentbit.log_level }} + Parsers_File parsers.conf + + [INPUT] + Tag rke + Name tail + Path_Key filename + Parser docker + DB /tail-db/tail-containers-state.db + Mem_Buf_Limit {{ .Values.additionalLoggingSources.rke.fluentbit.mem_buffer_limit }} + Path /var/lib/rancher/rke/log/*.log + + [OUTPUT] + Name forward + Match * + Host {{ .Release.Name }}-fluentd.{{ .Release.Namespace }}.svc + Port 24240 + Retry_Limit False +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke/daemonset.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke/daemonset.yaml new file mode 100755 index 000000000..840b3e722 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke/daemonset.yaml @@ -0,0 +1,124 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +{{- $containers := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke-aggregator + template: + metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke-aggregator + spec: + containers: + - name: fluentbit + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + volumeMounts: + - mountPath: /var/lib/rancher/rke/log/ + name: indir + - mountPath: {{ $containers }} + name: containers + - mountPath: /tail-db + name: positiondb + - mountPath: /fluent-bit/etc/fluent-bit.conf + name: config + subPath: fluent-bit.conf + {{- if .Values.global.seLinux.enabled }} + securityContext: + seLinuxOptions: + type: rke_logreader_t + {{- end }} + volumes: + - name: indir + hostPath: + path: /var/lib/rancher/rke/log/ + type: DirectoryOrCreate + - name: containers + hostPath: + path: {{ $containers }} + type: DirectoryOrCreate + - name: positiondb + emptyDir: {} + - name: config + configMap: + name: "{{ .Release.Name }}-rke" + serviceAccountName: "{{ .Release.Name }}-rke-aggregator" + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +{{- if .Values.global.psp.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: "{{ .Release.Name }}-rke-aggregator" +rules: + - apiGroups: + - policy + resourceNames: + - "{{ .Release.Name }}-rke-aggregator" + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "{{ .Release.Name }}-rke-aggregator" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: "{{ .Release.Name }}-rke-aggregator" +subjects: + - kind: ServiceAccount + name: "{{ .Release.Name }}-rke-aggregator" +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + allowPrivilegeEscalation: false + allowedHostPaths: + - pathPrefix: {{ $containers }} + readOnly: false + - pathPrefix: /var/lib/rancher/rke/log/ + readOnly: false + - pathPrefix: /var/lib/rancher/logging/ + readOnly: false + fsGroup: + rule: RunAsAny + readOnlyRootFilesystem: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - emptyDir + - secret + - hostPath +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke2/configmap.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke2/configmap.yaml new file mode 100755 index 000000000..86369d140 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke2/configmap.yaml @@ -0,0 +1,21 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke2 + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [INPUT] + Name systemd + Tag rke2 + Systemd_Filter _SYSTEMD_UNIT=rke2.service + + [OUTPUT] + Name forward + Match * + Host {{ .Release.Name }}-fluentd.{{ .Release.Namespace }}.svc + Port 24240 + Retry_Limit False +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke2/daemonset.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke2/daemonset.yaml new file mode 100755 index 000000000..580522259 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke2/daemonset.yaml @@ -0,0 +1,104 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke2-journald-aggregator + template: + metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke2-journald-aggregator + spec: + containers: + - name: fluentd + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + {{- if .Values.global.seLinux.enabled }} + securityContext: + seLinuxOptions: + type: rke_logreader_t + {{- end }} + volumeMounts: + - mountPath: /fluent-bit/etc/ + name: config + - mountPath: /run/log/journal + name: journal + readOnly: true + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: "{{ .Release.Name }}-rke2-journald-aggregator" + volumes: + - name: config + configMap: + name: "{{ .Release.Name }}-rke2" + - name: journal + hostPath: + path: /run/log/journal +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +{{- if .Values.global.psp.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" +rules: + - apiGroups: + - policy + resourceNames: + - "{{ .Release.Name }}-rke2-journald-aggregator" + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: "{{ .Release.Name }}-rke2-journald-aggregator" +subjects: + - kind: ServiceAccount + name: "{{ .Release.Name }}-rke2-journald-aggregator" +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + allowPrivilegeEscalation: false + fsGroup: + rule: RunAsAny + readOnlyRootFilesystem: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - emptyDir + - secret + - hostPath +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke2/logging-rke2-containers.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke2/logging-rke2-containers.yaml new file mode 100755 index 000000000..7be4972e7 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke2/logging-rke2-containers.yaml @@ -0,0 +1,73 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke2-containers + namespace: {{ .Release.Namespace }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke2" + Path: "/var/log/containers/*rke*.log" + extraVolumeMounts: + - source: "/var/log/containers/" + destination: "/var/log/containers/" + readOnly: true + {{- if or .Values.global.psp.enabled .Values.global.seLinux.enabled }} + security: + {{- end }} + {{- if or .Values.global.psp.enabled }} + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- if .Values.global.seLinux.enabled }} + securityContext: + seLinuxOptions: + type: rke_logreader_t + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/root/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/root/logging.yaml new file mode 100755 index 000000000..b7581cad3 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/root/logging.yaml @@ -0,0 +1,74 @@ +{{- $containers := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + {{- if or .Values.global.psp.enabled .Values.global.seLinux.enabled }} + security: + {{- end }} + {{- if .Values.global.psp.enabled }} + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- if .Values.global.seLinux.enabled }} + securityContext: + seLinuxOptions: + type: rke_logreader_t + {{- end }} + {{- if .Values.global.dockerRootDirectory }} + mountPath: {{ $containers }} + extraVolumeMounts: + - source: {{ $containers }} + destination: {{ $containers }} + readOnly: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/psp.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/psp.yaml new file mode 100755 index 000000000..d0eab300c --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/psp.yaml @@ -0,0 +1,33 @@ +{{ if and .Values.rbac.enabled .Values.rbac.psp.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: psp.logging-operator + namespace: {{ include "logging-operator.namespace" . }} + annotations: + seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default,runtime/default' + seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + runAsUser: + rule: MustRunAsNonRoot + fsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + supplementalGroups: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + volumes: + - secret + - configMap +{{ end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/service.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/service.yaml new file mode 100755 index 000000000..f419ae2c4 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + type: ClusterIP + {{- with .Values.http.service.clusterIP }} + clusterIP: {{ . }} + {{- end }} + ports: + - port: {{ .Values.http.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/serviceMonitor.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/serviceMonitor.yaml new file mode 100755 index 000000000..1bb762cde --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/serviceMonitor.yaml @@ -0,0 +1,30 @@ +{{ if .Values.monitoring.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +{{- with .Values.monitoring.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} +{{- end }} +spec: + selector: + matchLabels: +{{ include "logging-operator.labels" . | indent 6 }} + endpoints: + - port: http + path: /metrics + {{- with .Values.monitoring.serviceMonitor.metricsRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.monitoring.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 4 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "logging-operator.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/serviceaccount.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/serviceaccount.yaml new file mode 100755 index 000000000..cbb2a94b4 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/serviceaccount.yaml @@ -0,0 +1,10 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/userroles.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/userroles.yaml new file mode 100755 index 000000000..f4136b09a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/userroles.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-admin" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-view" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + - clusterflows + - clusteroutputs + verbs: + - get + - list + - watch diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/validate-install-crd.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/validate-install-crd.yaml new file mode 100755 index 000000000..66e8725e5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/validate-install-crd.yaml @@ -0,0 +1,18 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterFlow" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterOutput" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Flow" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Logging" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Output" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/validate-install.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/validate-install.yaml new file mode 100755 index 000000000..bd624cc4b --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/validate-install.yaml @@ -0,0 +1,5 @@ +#{{- if .Values.global.dockerRootDirectory }} +#{{- if or (hasSuffix "/containers" .Values.global.dockerRootDirectory) (hasSuffix "/" .Values.global.dockerRootDirectory) }} +#{{- required "global.dockerRootDirectory must not end with suffix: '/' or '/containers'" "" -}} +#{{- end }} +#{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/values.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/values.yaml new file mode 100755 index 000000000..fab44ef84 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/values.yaml @@ -0,0 +1,156 @@ +# Default values for logging-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: rancher/mirrored-banzaicloud-logging-operator + tag: 3.9.0 + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" +namespaceOverride: "" + +annotations: {} + +## Deploy CRDs used by Logging Operator. +## +createCustomResource: false + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: + kubernetes.io/os: linux + +tolerations: + - key: cattle.io/os + operator: "Equal" + value: "linux" + effect: NoSchedule + +affinity: {} + +http: + # http listen port number + port: 8080 + # Service definition for query http service + service: + type: ClusterIP + clusterIP: None + # Annotations to query http service + annotations: {} + # Labels to query http service + labels: {} + +# These "rbac" settings match the upstream defaults. For only using psp in the overlay files, which +# include the default Logging CRs created, see the "global.psp" setting. To enable psp for the entire +# chart, enable both "rbac.psp" and "global.psp" (this may require further changes to the chart). +rbac: + enabled: true + psp: + enabled: false + +## SecurityContext holds pod-level security attributes and common container settings. +## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +podSecurityContext: {} +# runAsNonRoot: true +# runAsUser: 1000 +# fsGroup: 2000 +securityContext: {} +# allowPrivilegeEscalation: false +# readOnlyRootFilesystem: true + # capabilities: + # drop: ["ALL"] + +## Operator priorityClassName +## +priorityClassName: {} + +monitoring: + # Create a Prometheus Operator ServiceMonitor object + serviceMonitor: + enabled: false + additionalLabels: {} + metricRelabelings: [] + relabelings: [] + +disablePvc: true + +additionalLoggingSources: + rke: + enabled: false + fluentbit: + log_level: "info" + mem_buffer_limit: "5MB" + rke2: + enabled: false + k3s: + enabled: false + container_engine: "systemd" + aks: + enabled: false + eks: + enabled: false + gke: + enabled: false + +images: + config_reloader: + repository: rancher/mirrored-jimmidyson-configmap-reload + tag: v0.4.0 + fluentbit: + repository: rancher/mirrored-fluent-fluent-bit + tag: 1.6.10 + fluentbit_debug: + repository: rancher/mirrored-fluent-fluent-bit + tag: 1.6.10-debug + fluentd: + repository: rancher/mirrored-banzaicloud-fluentd + tag: v1.11.5-alpine-9 + +# These "fluentd" and "fluentbit" settings apply to every Logging CR, including vendor Logging CRs +# enabled in "additionalLoggingSources". Changing these affects every Logging CR installed. +fluentd: + resources: {} + livenessProbe: + tcpSocket: + port: 24240 + initialDelaySeconds: 30 + periodSeconds: 15 +fluentbit: + resources: {} + tolerations: + - key: node-role.kubernetes.io/controlplane + value: "true" + effect: NoSchedule + - key: node-role.kubernetes.io/etcd + value: "true" + effect: NoExecute + +global: + cattle: + systemDefaultRegistry: "" + # Change the "dockerRootDirectory" if the default Docker directory has changed. + dockerRootDirectory: "" + # This psp setting differs from the upstream "rbac.psp" by only enabling psp settings for the + # overlay files, which include the Logging CRs created, whereas the upstream "rbac.psp" affects the + # logging operator. + psp: + enabled: true + seLinux: + enabled: false diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/.helmignore b/released/charts/rancher-logging/rancher-logging/3.9.400/.helmignore new file mode 100755 index 000000000..50af03172 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/Chart.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/Chart.yaml new file mode 100755 index 000000000..62a9a2fee --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/Chart.yaml @@ -0,0 +1,19 @@ +annotations: + catalog.cattle.io/auto-install: rancher-logging-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Logging + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 + catalog.cattle.io/release-name: rancher-logging + catalog.cattle.io/ui-component: logging +apiVersion: v1 +appVersion: 3.9.4 +description: Collects and filter logs using highly configurable CRDs. Powered by Banzai + Cloud Logging Operator. +icon: https://charts.rancher.io/assets/logos/logging.svg +keywords: +- logging +- monitoring +- security +name: rancher-logging +version: 3.9.400 diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/README.md b/released/charts/rancher-logging/rancher-logging/3.9.400/README.md new file mode 100755 index 000000000..e2080b743 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/README.md @@ -0,0 +1,131 @@ + +# Logging operator Chart + +[Logging operator](https://github.com/banzaicloud/logging-operator) Managed centralized logging component fluentd and fluent-bit instance on cluster. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator +``` + +## Introduction + +This chart bootstraps a [Logging Operator](https://github.com/banzaicloud/logging-operator) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.8+ with Beta APIs enabled + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install --name my-release banzaicloud-stable/logging-operator +``` + +### CRDs +Use `createCustomResource=false` with Helm v3 to avoid trying to create CRDs from the `crds` folder and from templates at the same time. + +The command deploys **Logging operator** on the Kubernetes cluster with the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following tables lists the configurable parameters of the logging-operator chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `image.repository` | Container image repository | `ghcr.io/banzaicloud/logging-operator` | +| `image.tag` | Container image tag | `3.9.4` | +| `image.pullPolicy` | Container pull policy | `IfNotPresent` | +| `nameOverride` | Override name of app | `` | +| `fullnameOverride` | Override full name of app | `` | +| `namespaceOverride` | Override namespace of app | `` | +| `watchNamespace` | Namespace to watch for LoggingOperator CRD | `` | +| `rbac.enabled` | Create rbac service account and roles | `true` | +| `rbac.psp.enabled` | Must be used with `rbac.enabled` true. If true, creates & uses RBAC resources required in the cluster with [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) enabled. | `false` | +| `priorityClassName` | Operator priorityClassName | `{}` | +| `affinity` | Node Affinity | `{}` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `tolerations` | Node Tolerations | `[]` | +| `nodeSelector` | Define which Nodes the Pods are scheduled on. | `{}` | +| `podLabels` | Define custom labels for logging-operator pods | `{}` | +| `annotations` | Define annotations for logging-operator pods | `{}` | +| `podSecurityContext` | Pod SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"runAsNonRoot": true, "runAsUser": 1000, "fsGroup": 2000}` | +| `securityContext` | Container SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"allowPrivilegeEscalation": false, "readOnlyRootFilesystem": true}` | +| `createCustomResource` | Create CRDs. | `true` | +| `monitoring.serviceMonitor.enabled` | Create Prometheus Operator servicemonitor. | `false` | +| `global.seLinux.enabled` | Add seLinuxOptions to Logging resources, requires the [rke2-selinux RPM](https://github.com/rancher/rke2-selinux/releases) | `false` | + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: + +```bash +$ helm install --name my-release -f values.yaml banzaicloud-stable/logging-operator +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Installing Fluentd and Fluent-bit via logging + +The previous chart does **not** install `logging` resource to deploy Fluentd and Fluent-bit on cluster. To install them please use the [Logging Operator Logging](https://github.com/banzaicloud/logging-operator/tree/master/charts/logging-operator-logging) chart. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `tls.enabled` | Enabled TLS communication between components | true | +| `tls.fluentdSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.fluentbitSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.sharedKey` | Shared key between nodes (fluentd-fluentbit) | [autogenerated] | +| `fluentbit.enabled` | Install fluent-bit | true | +| `fluentbit.namespace` | Specified fluentbit installation namespace | same as operator namespace | +| `fluentbit.image.tag` | Fluentbit container image tag | `1.6.10` | +| `fluentbit.image.repository` | Fluentbit container image repository | `fluent/fluent-bit` | +| `fluentbit.image.pullPolicy` | Fluentbit container pull policy | `IfNotPresent` | +| `fluentd.enabled` | Install fluentd | true | +| `fluentd.image.tag` | Fluentd container image tag | `v1.11.5-alpine-12` | +| `fluentd.image.repository` | Fluentd container image repository | `ghcr.io/banzaicloud/fluentd` | +| `fluentd.image.pullPolicy` | Fluentd container pull policy | `IfNotPresent` | +| `fluentd.volumeModImage.tag` | Fluentd volumeModImage container image tag | `latest` | +| `fluentd.volumeModImage.repository` | Fluentd volumeModImage container image repository | `busybox` | +| `fluentd.volumeModImage.pullPolicy` | Fluentd volumeModImage container pull policy | `IfNotPresent` | +| `fluentd.configReloaderImage.tag` | Fluentd configReloaderImage container image tag | `v0.2.2` | +| `fluentd.configReloaderImage.repository` | Fluentd configReloaderImage container image repository | `jimmidyson/configmap-reload` | +| `fluentd.configReloaderImage.pullPolicy` | Fluentd configReloaderImage container pull policy | `IfNotPresent` | +| `fluentd.fluentdPvcSpec.accessModes` | Fluentd persistence volume access modes | `[ReadWriteOnce]` | +| `fluentd.fluentdPvcSpec.resources.requests.storage` | Fluentd persistence volume size | `21Gi` | +| `fluentd.fluentdPvcSpec.storageClassName` | Fluentd persistence volume storageclass | `"""` | diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/app-readme.md b/released/charts/rancher-logging/rancher-logging/3.9.400/app-readme.md new file mode 100755 index 000000000..2de4ab4c5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/app-readme.md @@ -0,0 +1,22 @@ +# Rancher Logging + +This chart is based off of the upstream [Banzai Logging Operator](https://banzaicloud.com/docs/one-eye/logging-operator/) chart. The chart deploys a logging operator and CRDs, which allows users to configure complex logging pipelines with a few simple custom resources. There are two levels of logging, which allow you to collect all logs in a cluster or from a single namespace. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/logging/v2.5/). + +## Namespace-level logging + +To collect logs from a single namespace, users create flows and these flows are connected to outputs or cluster outputs. + +## Cluster-level logging + +To collect logs from an entire cluster, users create cluster flows and cluster outputs. + +## CRDs + +- [Cluster Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusterflow_types/) - A cluster flow is a CRD (`ClusterFlow`) that defines what logs to collect from the entire cluster. The cluster flow must be deployed in the same namespace as the logging operator. +- [Cluster Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusteroutput_types/) - A cluster output is a CRD (`ClusterOutput`) that defines how to connect to logging providers so they can start collecting logs. The cluster output must be deployed in the same namespace as the logging operator. The convenience of using a cluster output is that either a cluster flow or flow can send logs to those providers without needing to define specific outputs in each namespace for each flow. +- [Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/flow_types/) - A flow is a CRD (`Flow`) that defines what logs to collect from the namespace that it is deployed in. +- [Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/output_types/) - An output is a CRD (`Output`) that defines how to connect to logging providers so logs can be sent to the provider. + +For more information on how to configure the Helm chart, refer to the Helm README. diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/NOTES.txt b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/NOTES.txt new file mode 100755 index 000000000..e69de29bb diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/_helpers.tpl b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/_helpers.tpl new file mode 100755 index 000000000..b2b289443 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "logging-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "logging-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Provides the namespace the chart will be installed in using the builtin .Release.Namespace, +or, if provided, a manually overwritten namespace value. +*/}} +{{- define "logging-operator.namespace" -}} +{{- if .Values.namespaceOverride -}} +{{ .Values.namespaceOverride -}} +{{- else -}} +{{ .Release.Namespace }} +{{- end -}} +{{- end -}} + + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "logging-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "logging-operator.labels" -}} +app.kubernetes.io/name: {{ include "logging-operator.name" . }} +helm.sh/chart: {{ include "logging-operator.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/clusterrole.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/clusterrole.yaml new file mode 100755 index 000000000..709eedb91 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/clusterrole.yaml @@ -0,0 +1,167 @@ +{{- if .Values.rbac.enabled }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: {{ template "logging-operator.fullname" . }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - endpoints + - namespaces + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - pods + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + - events.k8s.io + resources: + - events + verbs: + - create + - get + - list + - watch +- apiGroups: + - apps + resources: + - daemonsets + - replicasets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - policy + resources: + - podsecuritypolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - use + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - clusterflows + - clusteroutputs + - flows + - loggings + - outputs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - clusterflows/status + - clusteroutputs/status + - flows/status + - loggings/status + - outputs/status + verbs: + - get + - patch + - update +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/clusterrolebinding.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..89d17d094 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/clusterrolebinding.yaml @@ -0,0 +1,18 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "logging-operator.fullname" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +subjects: + - kind: ServiceAccount + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "logging-operator.fullname" . }} + + {{- end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/crds.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/crds.yaml new file mode 100755 index 000000000..f573652d0 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/crds.yaml @@ -0,0 +1,6 @@ +{{- if .Values.createCustomResource -}} +{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }} +{{ $.Files.Get $path }} +--- +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/deployment.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/deployment.yaml new file mode 100755 index 000000000..26d14cca2 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/deployment.yaml @@ -0,0 +1,68 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- with .Values.podLabels }} + {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + args: {{ range .Values.extraArgs }} + - {{ . -}} + {{ end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + ports: + - name: http + containerPort: {{ .Values.http.port }} + + {{- if .Values.securityContext }} + securityContext: {{ toYaml .Values.securityContext | nindent 12 }} + {{- end }} + {{- if .Values.podSecurityContext }} + securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} + {{- end }} + + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.rbac.enabled }} + serviceAccountName: {{ include "logging-operator.fullname" . }} + {{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/aks/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/aks/logging.yaml new file mode 100755 index 000000000..916f93b41 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/aks/logging.yaml @@ -0,0 +1,58 @@ +{{- if .Values.additionalLoggingSources.aks.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-aks + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "aks" + Path: "/var/log/azure/kubelet-status.log" + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/eks/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/eks/logging.yaml new file mode 100755 index 000000000..da4af2d9e --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/eks/logging.yaml @@ -0,0 +1,59 @@ +{{- if .Values.additionalLoggingSources.eks.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-eks + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "eks" + Path: "/var/log/messages" + Parser: "syslog" + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/gke/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/gke/logging.yaml new file mode 100755 index 000000000..3823127b2 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/gke/logging.yaml @@ -0,0 +1,58 @@ +{{- if .Values.additionalLoggingSources.gke.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-gke + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "gke" + Path: "/var/log/kube-proxy.log" + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/k3s/logging-k3s-openrc.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/k3s/logging-k3s-openrc.yaml new file mode 100755 index 000000000..cf5e988f3 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/k3s/logging-k3s-openrc.yaml @@ -0,0 +1,68 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "openrc")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/k3s.log" + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/k3s/logging-k3s-systemd.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/k3s/logging-k3s-systemd.yaml new file mode 100755 index 000000000..c4b3db0e7 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/k3s/logging-k3s-systemd.yaml @@ -0,0 +1,68 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "systemd")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/syslog" + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke/configmap.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke/configmap.yaml new file mode 100755 index 000000000..ab91d93e2 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke/configmap.yaml @@ -0,0 +1,29 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [SERVICE] + Log_Level {{ .Values.additionalLoggingSources.rke.fluentbit.log_level }} + Parsers_File parsers.conf + + [INPUT] + Tag rke + Name tail + Path_Key filename + Parser docker + DB /tail-db/tail-containers-state.db + Mem_Buf_Limit {{ .Values.additionalLoggingSources.rke.fluentbit.mem_buffer_limit }} + Path /var/lib/rancher/rke/log/*.log + + [OUTPUT] + Name forward + Match * + Host {{ .Release.Name }}-fluentd.{{ .Release.Namespace }}.svc + Port 24240 + Retry_Limit False +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke/daemonset.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke/daemonset.yaml new file mode 100755 index 000000000..840b3e722 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke/daemonset.yaml @@ -0,0 +1,124 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +{{- $containers := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke-aggregator + template: + metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke-aggregator + spec: + containers: + - name: fluentbit + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + volumeMounts: + - mountPath: /var/lib/rancher/rke/log/ + name: indir + - mountPath: {{ $containers }} + name: containers + - mountPath: /tail-db + name: positiondb + - mountPath: /fluent-bit/etc/fluent-bit.conf + name: config + subPath: fluent-bit.conf + {{- if .Values.global.seLinux.enabled }} + securityContext: + seLinuxOptions: + type: rke_logreader_t + {{- end }} + volumes: + - name: indir + hostPath: + path: /var/lib/rancher/rke/log/ + type: DirectoryOrCreate + - name: containers + hostPath: + path: {{ $containers }} + type: DirectoryOrCreate + - name: positiondb + emptyDir: {} + - name: config + configMap: + name: "{{ .Release.Name }}-rke" + serviceAccountName: "{{ .Release.Name }}-rke-aggregator" + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +{{- if .Values.global.psp.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: "{{ .Release.Name }}-rke-aggregator" +rules: + - apiGroups: + - policy + resourceNames: + - "{{ .Release.Name }}-rke-aggregator" + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "{{ .Release.Name }}-rke-aggregator" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: "{{ .Release.Name }}-rke-aggregator" +subjects: + - kind: ServiceAccount + name: "{{ .Release.Name }}-rke-aggregator" +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + allowPrivilegeEscalation: false + allowedHostPaths: + - pathPrefix: {{ $containers }} + readOnly: false + - pathPrefix: /var/lib/rancher/rke/log/ + readOnly: false + - pathPrefix: /var/lib/rancher/logging/ + readOnly: false + fsGroup: + rule: RunAsAny + readOnlyRootFilesystem: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - emptyDir + - secret + - hostPath +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke2/configmap.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke2/configmap.yaml new file mode 100755 index 000000000..f1ba032d5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke2/configmap.yaml @@ -0,0 +1,22 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke2 + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [INPUT] + Name systemd + Tag rke2 + Path {{ .Values.systemdLogPath | default "/var/log/journal" }} + Systemd_Filter _SYSTEMD_UNIT=rke2-server.service + + [OUTPUT] + Name forward + Match * + Host {{ .Release.Name }}-fluentd.{{ .Release.Namespace }}.svc + Port 24240 + Retry_Limit False +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke2/daemonset.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke2/daemonset.yaml new file mode 100755 index 000000000..f45b74b76 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke2/daemonset.yaml @@ -0,0 +1,110 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke2-journald-aggregator + template: + metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke2-journald-aggregator + spec: + containers: + - name: fluentd + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + {{- if .Values.global.seLinux.enabled }} + securityContext: + seLinuxOptions: + type: rke_logreader_t + {{- end }} + volumeMounts: + - mountPath: /fluent-bit/etc/ + name: config + - mountPath: {{ .Values.systemdLogPath | default "/var/log/journal" }} + name: journal + readOnly: true + - mountPath: /etc/machine-id + name: machine-id + readOnly: true + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: "{{ .Release.Name }}-rke2-journald-aggregator" + volumes: + - name: config + configMap: + name: "{{ .Release.Name }}-rke2" + - name: journal + hostPath: + path: {{ .Values.systemdLogPath | default "/var/log/journal" }} + - name: machine-id + hostPath: + path: /etc/machine-id +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +{{- if .Values.global.psp.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" +rules: + - apiGroups: + - policy + resourceNames: + - "{{ .Release.Name }}-rke2-journald-aggregator" + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: "{{ .Release.Name }}-rke2-journald-aggregator" +subjects: + - kind: ServiceAccount + name: "{{ .Release.Name }}-rke2-journald-aggregator" +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + allowPrivilegeEscalation: false + fsGroup: + rule: RunAsAny + readOnlyRootFilesystem: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - emptyDir + - secret + - hostPath +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke2/logging-rke2-containers.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke2/logging-rke2-containers.yaml new file mode 100755 index 000000000..7be4972e7 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke2/logging-rke2-containers.yaml @@ -0,0 +1,73 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke2-containers + namespace: {{ .Release.Namespace }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke2" + Path: "/var/log/containers/*rke*.log" + extraVolumeMounts: + - source: "/var/log/containers/" + destination: "/var/log/containers/" + readOnly: true + {{- if or .Values.global.psp.enabled .Values.global.seLinux.enabled }} + security: + {{- end }} + {{- if or .Values.global.psp.enabled }} + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- if .Values.global.seLinux.enabled }} + securityContext: + seLinuxOptions: + type: rke_logreader_t + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/root/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/root/logging.yaml new file mode 100755 index 000000000..797286d26 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/root/logging.yaml @@ -0,0 +1,111 @@ +{{- $containers := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + {{- if .Values.global.cattle.windows.enabled }} + nodeAgents: + - name: win-agent + profile: windows + nodeAgentFluentbit: + daemonSet: + spec: + template: + spec: + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.images.nodeagent_fluentbit.repository }}:{{ .Values.images.nodeagent_fluentbit.tag }}" + name: fluent-bit + tls: + enabled: {{ .Values.nodeAgents.tls.enabled | default false }} + {{- if .Values.additionalLoggingSources.rke.enabled }} + - name: win-agent-rke + profile: windows + nodeAgentFluentbit: + filterKubernetes: + Kube_Tag_Prefix: "kuberentes.C.var.lib.rancher.rke.log." + inputTail: + Path: "C:\\var\\lib\\rancher\\rke\\log" + extraVolumeMounts: + - source: "/var/lib/rancher/rke/log" + destination: "/var/lib/rancher/rke/log" + readOnly: true + daemonSet: + spec: + template: + spec: + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.images.nodeagent_fluentbit.repository }}:{{ .Values.images.nodeagent_fluentbit.tag }}" + name: fluent-bit + tls: + enabled: {{ .Values.nodeAgents.tls.enabled | default false }} + {{- end }} + {{- end }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + {{- if or .Values.global.psp.enabled .Values.global.seLinux.enabled }} + security: + {{- end }} + {{- if .Values.global.psp.enabled }} + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- if .Values.global.seLinux.enabled }} + securityContext: + seLinuxOptions: + type: rke_logreader_t + {{- end }} + {{- if .Values.global.dockerRootDirectory }} + mountPath: {{ $containers }} + extraVolumeMounts: + - source: {{ $containers }} + destination: {{ $containers }} + readOnly: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/psp.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/psp.yaml new file mode 100755 index 000000000..420067f59 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/psp.yaml @@ -0,0 +1,33 @@ +{{ if and .Values.rbac.enabled .Values.rbac.psp.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: psp.logging-operator + namespace: {{ include "logging-operator.namespace" . }} + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' + seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default' + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + runAsUser: + rule: MustRunAsNonRoot + fsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + supplementalGroups: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + volumes: + - secret + - configMap +{{ end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/service.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/service.yaml new file mode 100755 index 000000000..f419ae2c4 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + type: ClusterIP + {{- with .Values.http.service.clusterIP }} + clusterIP: {{ . }} + {{- end }} + ports: + - port: {{ .Values.http.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/serviceMonitor.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/serviceMonitor.yaml new file mode 100755 index 000000000..1bb762cde --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/serviceMonitor.yaml @@ -0,0 +1,30 @@ +{{ if .Values.monitoring.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +{{- with .Values.monitoring.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} +{{- end }} +spec: + selector: + matchLabels: +{{ include "logging-operator.labels" . | indent 6 }} + endpoints: + - port: http + path: /metrics + {{- with .Values.monitoring.serviceMonitor.metricsRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.monitoring.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 4 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "logging-operator.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/serviceaccount.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/serviceaccount.yaml new file mode 100755 index 000000000..cbb2a94b4 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/serviceaccount.yaml @@ -0,0 +1,10 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/userroles.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/userroles.yaml new file mode 100755 index 000000000..f4136b09a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/userroles.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-admin" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-view" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + - clusterflows + - clusteroutputs + verbs: + - get + - list + - watch diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/validate-install-crd.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/validate-install-crd.yaml new file mode 100755 index 000000000..66e8725e5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/validate-install-crd.yaml @@ -0,0 +1,18 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterFlow" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterOutput" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Flow" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Logging" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Output" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/validate-install.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/validate-install.yaml new file mode 100755 index 000000000..bd624cc4b --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/validate-install.yaml @@ -0,0 +1,5 @@ +#{{- if .Values.global.dockerRootDirectory }} +#{{- if or (hasSuffix "/containers" .Values.global.dockerRootDirectory) (hasSuffix "/" .Values.global.dockerRootDirectory) }} +#{{- required "global.dockerRootDirectory must not end with suffix: '/' or '/containers'" "" -}} +#{{- end }} +#{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/values.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/values.yaml new file mode 100755 index 000000000..b97ff1831 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/values.yaml @@ -0,0 +1,171 @@ +# Default values for logging-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: rancher/mirrored-banzaicloud-logging-operator + tag: 3.9.4 + pullPolicy: IfNotPresent + +extraArgs: [] +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" +namespaceOverride: "" + +## Pod custom labels +## +podLabels: {} + +annotations: {} + +## Deploy CRDs used by Logging Operator. +## +createCustomResource: false + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: + kubernetes.io/os: linux + +tolerations: + - key: cattle.io/os + operator: "Equal" + value: "linux" + effect: NoSchedule + +affinity: {} + +http: + # http listen port number + port: 8080 + # Service definition for query http service + service: + type: ClusterIP + clusterIP: None + # Annotations to query http service + annotations: {} + # Labels to query http service + labels: {} + +# These "rbac" settings match the upstream defaults. For only using psp in the overlay files, which +# include the default Logging CRs created, see the "global.psp" setting. To enable psp for the entire +# chart, enable both "rbac.psp" and "global.psp" (this may require further changes to the chart). +rbac: + enabled: true + psp: + enabled: false + +## SecurityContext holds pod-level security attributes and common container settings. +## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +podSecurityContext: {} +# runAsNonRoot: true +# runAsUser: 1000 +# fsGroup: 2000 +securityContext: {} +# allowPrivilegeEscalation: false +# readOnlyRootFilesystem: true + # capabilities: + # drop: ["ALL"] + +## Operator priorityClassName +## +priorityClassName: {} + +monitoring: + # Create a Prometheus Operator ServiceMonitor object + serviceMonitor: + enabled: false + additionalLabels: {} + metricRelabelings: [] + relabelings: [] + +disablePvc: true + +systemdLogPath: "/var/log/journal" + +additionalLoggingSources: + rke: + enabled: false + fluentbit: + log_level: "info" + mem_buffer_limit: "5MB" + rke2: + enabled: false + k3s: + enabled: false + container_engine: "systemd" + aks: + enabled: false + eks: + enabled: false + gke: + enabled: false + +images: + config_reloader: + repository: rancher/mirrored-jimmidyson-configmap-reload + tag: v0.4.0 + fluentbit: + repository: rancher/mirrored-fluent-fluent-bit + tag: 1.6.10 + fluentbit_debug: + repository: rancher/mirrored-fluent-fluent-bit + tag: 1.6.10-debug + fluentd: + repository: rancher/mirrored-banzaicloud-fluentd + tag: v1.11.5-alpine-12 + nodeagent_fluentbit: + repository: rancher/fluent-bit + tag: 1.6.10 + +# These settings apply to every Logging CR, including vendor Logging CRs enabled in "additionalLoggingSources". +# Changing these affects every Logging CR installed. +nodeAgents: + tls: + enabled: false +fluentd: + resources: {} + livenessProbe: + tcpSocket: + port: 24240 + initialDelaySeconds: 30 + periodSeconds: 15 +fluentbit: + resources: {} + tolerations: + - key: node-role.kubernetes.io/controlplane + value: "true" + effect: NoSchedule + - key: node-role.kubernetes.io/etcd + value: "true" + effect: NoExecute + +global: + cattle: + systemDefaultRegistry: "" + windows: + enabled: false + # Change the "dockerRootDirectory" if the default Docker directory has changed. + dockerRootDirectory: "" + # This psp setting differs from the upstream "rbac.psp" by only enabling psp settings for the + # overlay files, which include the Logging CRs created, whereas the upstream "rbac.psp" affects the + # logging operator. + psp: + enabled: true + seLinux: + enabled: false diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/Chart.yaml new file mode 100755 index 000000000..2b548e860 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-monitoring-system + catalog.cattle.io/release-name: rancher-monitoring-crd +apiVersion: v1 +description: Installs the CRDs for rancher-monitoring. +name: rancher-monitoring-crd +type: application +version: 14.5.100 diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/README.md b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/README.md new file mode 100755 index 000000000..48d2a8621 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/README.md @@ -0,0 +1,2 @@ +# rancher-monitoring-crd +A Rancher chart that installs the CRDs used by rancher-monitoring. diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-alertmanagerconfigs.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-alertmanagerconfigs.yaml new file mode 100755 index 000000000..b2ed16186 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-alertmanagerconfigs.yaml @@ -0,0 +1,1869 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: alertmanagerconfigs.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: AlertmanagerConfig + listKind: AlertmanagerConfigList + plural: alertmanagerconfigs + singular: alertmanagerconfig + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: AlertmanagerConfig defines a namespaced AlertmanagerConfig to be aggregated across multiple namespaces configuring one Alertmanager cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AlertmanagerConfigSpec is a specification of the desired behavior of the Alertmanager configuration. By definition, the Alertmanager configuration only applies to alerts for which the `namespace` label is equal to the namespace of the AlertmanagerConfig resource. + properties: + inhibitRules: + description: List of inhibition rules. The rules will only apply to alerts matching the resource’s namespace. + items: + description: InhibitRule defines an inhibition rule that allows to mute alerts when other alerts are already firing. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule + properties: + equal: + description: Labels that must have an equal value in the source and target alert for the inhibition to take effect. + items: + type: string + type: array + sourceMatch: + description: Matchers for which one or more alerts have to exist for the inhibition to take effect. The operator enforces that the alert matches the resource’s namespace. + items: + description: Matcher defines how to match on alert's labels. + properties: + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: Whether to match on equality (false) or regular-expression (true). + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + targetMatch: + description: Matchers that have to be fulfilled in the alerts to be muted. The operator enforces that the alert matches the resource’s namespace. + items: + description: Matcher defines how to match on alert's labels. + properties: + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: Whether to match on equality (false) or regular-expression (true). + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + type: object + type: array + receivers: + description: List of receivers. + items: + description: Receiver defines one or more notification integrations. + properties: + emailConfigs: + description: List of Email configurations. + items: + description: EmailConfig configures notifications via Email. + properties: + authIdentity: + description: The identity to use for authentication. + type: string + authPassword: + description: The secret's key that contains the password to use for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + authSecret: + description: The secret's key that contains the CRAM-MD5 secret. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + authUsername: + description: The username to use for authentication. + type: string + from: + description: The sender address. + type: string + headers: + description: Further headers email header key/value pairs. Overrides any headers previously set by the notification implementation. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + hello: + description: The hostname to identify to the SMTP server. + type: string + html: + description: The HTML body of the email notification. + type: string + requireTLS: + description: The SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints. + type: boolean + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + smarthost: + description: The SMTP host through which emails are sent. + type: string + text: + description: The text body of the email notification. + type: string + tlsConfig: + description: TLS configuration + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + to: + description: The email address to send notifications to. + type: string + type: object + type: array + name: + description: Name of the receiver. Must be unique across all items from the list. + minLength: 1 + type: string + opsgenieConfigs: + description: List of OpsGenie configurations. + items: + description: OpsGenieConfig configures notifications via OpsGenie. See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config + properties: + apiKey: + description: The secret's key that contains the OpsGenie API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + apiURL: + description: The URL to send OpsGenie API requests to. + type: string + description: + description: Description of the incident. + type: string + details: + description: A set of arbitrary key/value pairs that provide further detail about the incident. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + httpConfig: + description: HTTP client configuration. + properties: + basicAuth: + description: BasicAuth for the client. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + message: + description: Alert text limited to 130 characters. + type: string + note: + description: Additional alert note. + type: string + priority: + description: Priority level of alert. Possible values are P1, P2, P3, P4, and P5. + type: string + responders: + description: List of responders responsible for notifications. + items: + description: OpsGenieConfigResponder defines a responder to an incident. One of `id`, `name` or `username` has to be defined. + properties: + id: + description: ID of the responder. + type: string + name: + description: Name of the responder. + type: string + type: + description: Type of responder. + minLength: 1 + type: string + username: + description: Username of the responder. + type: string + required: + - type + type: object + type: array + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + source: + description: Backlink to the sender of the notification. + type: string + tags: + description: Comma separated list of tags attached to the notifications. + type: string + type: object + type: array + pagerdutyConfigs: + description: List of PagerDuty configurations. + items: + description: PagerDutyConfig configures notifications via PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config + properties: + class: + description: The class/type of the event. + type: string + client: + description: Client identification. + type: string + clientURL: + description: Backlink to the sender of notification. + type: string + component: + description: The part or component of the affected system that is broken. + type: string + description: + description: Description of the incident. + type: string + details: + description: Arbitrary key/value pairs that provide further detail about the incident. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + group: + description: A cluster or grouping of sources. + type: string + httpConfig: + description: HTTP client configuration. + properties: + basicAuth: + description: BasicAuth for the client. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + routingKey: + description: The secret's key that contains the PagerDuty integration key (when using Events API v2). Either this field or `serviceKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + serviceKey: + description: The secret's key that contains the PagerDuty service key (when using integration type "Prometheus"). Either this field or `routingKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + severity: + description: Severity of the incident. + type: string + url: + description: The URL to send requests to. + type: string + type: object + type: array + pushoverConfigs: + description: List of Pushover configurations. + items: + description: PushoverConfig configures notifications via Pushover. See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config + properties: + expire: + description: How long your notification will continue to be retried for, unless the user acknowledges the notification. + type: string + html: + description: Whether notification message is HTML or plain text. + type: boolean + httpConfig: + description: HTTP client configuration. + properties: + basicAuth: + description: BasicAuth for the client. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + message: + description: Notification message. + type: string + priority: + description: Priority, see https://pushover.net/api#priority + type: string + retry: + description: How often the Pushover servers will send the same notification to the user. Must be at least 30 seconds. + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + sound: + description: The name of one of the sounds supported by device clients to override the user's default sound choice + type: string + title: + description: Notification title. + type: string + token: + description: The secret's key that contains the registered application’s API token, see https://pushover.net/apps. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + url: + description: A supplementary URL shown alongside the message. + type: string + urlTitle: + description: A title for supplementary URL, otherwise just the URL is shown + type: string + userKey: + description: The secret's key that contains the recipient user’s user key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + type: array + slackConfigs: + description: List of Slack configurations. + items: + description: SlackConfig configures notifications via Slack. See https://prometheus.io/docs/alerting/latest/configuration/#slack_config + properties: + actions: + description: A list of Slack actions that are sent with each notification. + items: + description: SlackAction configures a single Slack action that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields and https://api.slack.com/docs/message-buttons for more information. + properties: + confirm: + description: SlackConfirmationField protect users from destructive actions or particularly distinguished decisions by asking them to confirm their button click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields for more information. + properties: + dismissText: + type: string + okText: + type: string + text: + minLength: 1 + type: string + title: + type: string + required: + - text + type: object + name: + type: string + style: + type: string + text: + minLength: 1 + type: string + type: + minLength: 1 + type: string + url: + type: string + value: + type: string + required: + - text + - type + type: object + type: array + apiURL: + description: The secret's key that contains the Slack webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + callbackId: + type: string + channel: + description: The channel or user to send notifications to. + type: string + color: + type: string + fallback: + type: string + fields: + description: A list of Slack fields that are sent with each notification. + items: + description: SlackField configures a single Slack field that is sent with each notification. Each field must contain a title, value, and optionally, a boolean value to indicate if the field is short enough to be displayed next to other fields designated as short. See https://api.slack.com/docs/message-attachments#fields for more information. + properties: + short: + type: boolean + title: + minLength: 1 + type: string + value: + minLength: 1 + type: string + required: + - title + - value + type: object + type: array + footer: + type: string + httpConfig: + description: HTTP client configuration. + properties: + basicAuth: + description: BasicAuth for the client. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + iconEmoji: + type: string + iconURL: + type: string + imageURL: + type: string + linkNames: + type: boolean + mrkdwnIn: + items: + type: string + type: array + pretext: + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + shortFields: + type: boolean + text: + type: string + thumbURL: + type: string + title: + type: string + titleLink: + type: string + username: + type: string + type: object + type: array + victoropsConfigs: + description: List of VictorOps configurations. + items: + description: VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config + properties: + apiKey: + description: The secret's key that contains the API key to use when talking to the VictorOps API. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + apiUrl: + description: The VictorOps API URL. + type: string + customFields: + description: Additional custom fields for notification. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + entityDisplayName: + description: Contains summary of the alerted problem. + type: string + httpConfig: + description: The HTTP client's configuration. + properties: + basicAuth: + description: BasicAuth for the client. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + messageType: + description: Describes the behavior of the alert (CRITICAL, WARNING, INFO). + type: string + monitoringTool: + description: The monitoring tool the state message is from. + type: string + routingKey: + description: A key used to map the alert to a team. + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + stateMessage: + description: Contains long explanation of the alerted problem. + type: string + type: object + type: array + webhookConfigs: + description: List of webhook configurations. + items: + description: WebhookConfig configures notifications via a generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config + properties: + httpConfig: + description: HTTP client configuration. + properties: + basicAuth: + description: BasicAuth for the client. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + maxAlerts: + description: Maximum number of alerts to be sent per webhook message. When 0, all alerts are included. + format: int32 + minimum: 0 + type: integer + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + url: + description: The URL to send HTTP POST requests to. `urlSecret` takes precedence over `url`. One of `urlSecret` and `url` should be defined. + type: string + urlSecret: + description: The secret's key that contains the webhook URL to send HTTP requests to. `urlSecret` takes precedence over `url`. One of `urlSecret` and `url` should be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + type: array + wechatConfigs: + description: List of WeChat configurations. + items: + description: WeChatConfig configures notifications via WeChat. See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config + properties: + agentID: + type: string + apiSecret: + description: The secret's key that contains the WeChat API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + apiURL: + description: The WeChat API URL. + type: string + corpID: + description: The corp id for authentication. + type: string + httpConfig: + description: HTTP client configuration. + properties: + basicAuth: + description: BasicAuth for the client. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + message: + description: API request data as defined by the WeChat API. + type: string + messageType: + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + toParty: + type: string + toTag: + type: string + toUser: + type: string + type: object + type: array + required: + - name + type: object + type: array + route: + description: The Alertmanager route definition for alerts matching the resource’s namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route. + properties: + continue: + description: Boolean indicating whether an alert should continue matching subsequent sibling nodes. It will always be overridden to true for the first-level route by the Prometheus operator. + type: boolean + groupBy: + description: List of labels to group by. + items: + type: string + type: array + groupInterval: + description: How long to wait before sending an updated notification. Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours). + type: string + groupWait: + description: How long to wait before sending the initial notification. Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours). + type: string + matchers: + description: 'List of matchers that the alert’s labels should match. For the first level route, the operator removes any existing equality and regexp matcher on the `namespace` label and adds a `namespace: ` matcher.' + items: + description: Matcher defines how to match on alert's labels. + properties: + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: Whether to match on equality (false) or regular-expression (true). + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + receiver: + description: Name of the receiver for this route. If not empty, it should be listed in the `receivers` field. + type: string + repeatInterval: + description: How long to wait before repeating the last notification. Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours). + type: string + routes: + description: Child routes. + items: + x-kubernetes-preserve-unknown-fields: true + type: array + type: object + type: object + required: + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-alertmanagers.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-alertmanagers.yaml new file mode 100755 index 000000000..724d488b0 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-alertmanagers.yaml @@ -0,0 +1,3218 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: alertmanagers.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: Alertmanager + listKind: AlertmanagerList + plural: alertmanagers + singular: alertmanager + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of Alertmanager + jsonPath: .spec.version + name: Version + type: string + - description: The desired replicas number of Alertmanagers + jsonPath: .spec.replicas + name: Replicas + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Alertmanager describes an Alertmanager cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Alertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalPeers: + description: AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster. + items: + type: string + type: array + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + items: + description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alertmanagerConfigNamespaceSelector: + description: Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + alertmanagerConfigSelector: + description: AlertmanagerConfigs to be selected for to merge and configure Alertmanager with. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + baseImage: + description: 'Base image that is used to deploy pods, without tag. Deprecated: use ''image'' instead' + type: string + clusterAdvertiseAddress: + description: 'ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918' + type: string + clusterGossipInterval: + description: Interval between gossip attempts. + type: string + clusterPeerTimeout: + description: Timeout for cluster peering. + type: string + clusterPushpullInterval: + description: Interval between pushpull attempts. + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/. + items: + type: string + type: array + configSecret: + description: ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains configuration for this Alertmanager instance. Defaults to 'alertmanager-' The secret is mounted into /etc/alertmanager/config. + type: string + containers: + description: 'Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `alertmanager` and `config-reloader`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + externalUrl: + description: The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. + type: string + forceEnableClusterMode: + description: ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica. Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each. + type: boolean + image: + description: Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Alertmanager is being configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Alertmanager configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP. Note this is only for the Alertmanager UI, not the gossip communication. + type: boolean + logFormat: + description: Log format for Alertmanager to be configured with. + type: string + logLevel: + description: Log level for Alertmanager to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + paused: + description: If set to true all actions on the underlying managed objects are not goint to be performed, except for delete actions. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are propagated to the alertmanager pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + type: object + portName: + description: Port name used for the pods and governing service. This defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + replicas: + description: Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the running cluster equal to the expected size. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours). + type: string + routePrefix: + description: The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. + type: string + sha: + description: 'SHA of Alertmanager container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use ''image'' instead. The image digest can be specified as part of the image URL.' + type: string + storage: + description: Storage is the definition of how storage will be used by the Alertmanager instances. + properties: + disableMountSubPath: + description: 'Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.' + type: boolean + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: EmbeddedMetadata contains metadata relevant to an EmbeddedResource. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + type: object + spec: + description: 'Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - Beta) * An existing PVC (PersistentVolumeClaim) * An existing custom resource/object that implements data population (Alpha) In order to use VolumeSnapshot object types, the appropriate feature gate must be enabled (VolumeSnapshotDataSource or AnyVolumeDataSource) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the specified data source is not supported, the volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change.' + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: VolumeName is the binding reference to the PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Represents the actual resources of the underlying volume. + type: object + conditions: + description: Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about last transition. + type: string + reason: + description: Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: 'Tag of Alertmanager container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use ''image'' instead. The image tag can be specified as part of the image URL.' + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: If specified, the pod's topology spread constraints. + items: + description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may be unevenly distributed. It''s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It''s a required field. Default value is 1 and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It''s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + version: + description: Version the cluster should be on. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, that are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with other supported volume types + properties: + configMap: + description: information about the configMap data to project + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken data to project + properties: + audience: + description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount user + type: string + volume: + description: Volume is a string that references an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the protection domain. + type: string + system: + description: The name of the storage system as configured in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: 'Most recent observed status of the Alertmanager cluster. Read-only. Not included when requesting from the apiserver, only from the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) targeted by this Alertmanager cluster. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this Alertmanager cluster (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Alertmanager cluster. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this Alertmanager cluster that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-podmonitors.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-podmonitors.yaml new file mode 100755 index 000000000..d474a0c0d --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-podmonitors.yaml @@ -0,0 +1,358 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: podmonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: PodMonitor + listKind: PodMonitorList + plural: podmonitors + singular: podmonitor + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: PodMonitor defines monitoring for a set of pods. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Pod selection for target discovery by Prometheus. + properties: + jobLabel: + description: The label to use to retrieve the job name from. + type: string + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + podMetricsEndpoints: + description: A list of endpoints allowed as part of this PodMonitor. + items: + description: PodMetricsEndpoint defines a scrapeable endpoint of a Kubernetes Pod serving Prometheus metrics. + properties: + basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the pod monitor and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + honorLabels: + description: HonorLabels chooses the metric's labels on collisions with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + type: string + type: object + type: array + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. + type: string + port: + description: Name of the pod port this endpoint refers to. Mutually exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Deprecated: Use ''port'' instead.' + x-kubernetes-int-or-string: true + tlsConfig: + description: TLS configuration to use when scraping the endpoint. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Pod objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + targetLimit: + description: TargetLimit defines a limit on the number of scraped targets that will be accepted. + format: int64 + type: integer + required: + - podMetricsEndpoints + - selector + type: object + required: + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-probes.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-probes.yaml new file mode 100755 index 000000000..7fd658e14 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-probes.yaml @@ -0,0 +1,202 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: probes.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: Probe + listKind: ProbeList + plural: probes + singular: probe + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Probe defines monitoring for a set of static targets or ingresses. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Ingress selection for target discovery by Prometheus. + properties: + interval: + description: Interval at which targets are probed using the configured prober. If not specified Prometheus' global scrape interval is used. + type: string + jobName: + description: The job name assigned to scraped metrics by default. + type: string + module: + description: 'The module to use for probing specifying how to probe the target. Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml' + type: string + prober: + description: Specification for the prober to use for probing targets. The prober.URL parameter is required. Targets cannot be probed if left empty. + properties: + path: + description: Path to collect metrics from. Defaults to `/probe`. + type: string + scheme: + description: HTTP scheme to use for scraping. Defaults to `http`. + type: string + url: + description: Mandatory URL of the prober. + type: string + required: + - url + type: object + scrapeTimeout: + description: Timeout for scraping metrics from the Prometheus exporter. + type: string + targets: + description: Targets defines a set of static and/or dynamically discovered targets to be probed using the prober. + properties: + ingress: + description: Ingress defines the set of dynamically discovered ingress objects which hosts are considered for probing. + properties: + namespaceSelector: + description: Select Ingress objects by namespace. + properties: + any: + description: Boolean describing whether all namespaces are selected in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + relabelingConfigs: + description: 'RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + type: string + type: object + type: array + selector: + description: Select Ingress objects by labels. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + type: object + staticConfig: + description: 'StaticConfig defines static targets which are considers for probing. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.' + properties: + labels: + additionalProperties: + type: string + description: Labels assigned to all metrics scraped from the targets. + type: object + relabelingConfigs: + description: 'RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + type: string + type: object + type: array + static: + description: Targets is a list of URLs to probe using the configured prober. + items: + type: string + type: array + type: object + type: object + type: object + required: + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-prometheuses.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-prometheuses.yaml new file mode 100755 index 000000000..c3f13d981 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-prometheuses.yaml @@ -0,0 +1,4432 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: prometheuses.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: Prometheus + listKind: PrometheusList + plural: prometheuses + singular: prometheus + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of Prometheus + jsonPath: .spec.version + name: Version + type: string + - description: The desired replicas number of Prometheuses + jsonPath: .spec.replicas + name: Replicas + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Prometheus defines a Prometheus deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalAlertManagerConfigs: + description: 'AdditionalAlertManagerConfigs allows specifying a key of a Secret containing additional Prometheus AlertManager configurations. AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + additionalAlertRelabelConfigs: + description: 'AdditionalAlertRelabelConfigs allows specifying a key of a Secret containing additional Prometheus alert relabel configurations. Alert relabel configurations specified are appended to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + additionalScrapeConfigs: + description: 'AdditionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible scrape configs are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + items: + description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alerting: + description: Define details regarding alerting. + properties: + alertmanagers: + description: AlertmanagerEndpoints Prometheus should fire alerts against. + items: + description: AlertmanagerEndpoints defines a selection of a single Endpoints object containing alertmanager IPs to fire alerts against. + properties: + apiVersion: + description: Version of the Alertmanager API that Prometheus uses to send alerts. It can be "v1" or "v2". + type: string + bearerTokenFile: + description: BearerTokenFile to read from filesystem to use when authenticating to Alertmanager. + type: string + name: + description: Name of Endpoints object in Namespace. + type: string + namespace: + description: Namespace of Endpoints object. + type: string + pathPrefix: + description: Prefix for the HTTP path alerts are pushed to. + type: string + port: + anyOf: + - type: integer + - type: string + description: Port the Alertmanager API is exposed on. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use when firing alerts. + type: string + timeout: + description: Timeout is a per-target Alertmanager timeout when pushing alerts. + type: string + tlsConfig: + description: TLS Config to use for alertmanager connection. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - name + - namespace + - port + type: object + type: array + required: + - alertmanagers + type: object + allowOverlappingBlocks: + description: AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. This is still experimental in Prometheus so it may change in any upcoming release. + type: boolean + apiserverConfig: + description: APIServerConfig allows specifying a host and auth methods to access apiserver. If left empty, Prometheus is assumed to run inside of the cluster and will discover API servers automatically and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + properties: + basicAuth: + description: BasicAuth allow an endpoint to authenticate over basic authentication + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: Bearer token for accessing apiserver. + type: string + bearerTokenFile: + description: File to read bearer token for accessing apiserver. + type: string + host: + description: Host of apiserver. A valid string consisting of a hostname or IP followed by an optional port number + type: string + tlsConfig: + description: TLS Config to use for accessing apiserver. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + type: object + arbitraryFSAccessThroughSMs: + description: ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files on the file system of the Prometheus container e.g. bearer token files. + properties: + deny: + type: boolean + type: object + baseImage: + description: 'Base image to use for a Prometheus deployment. Deprecated: use ''image'' instead' + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/. + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a Prometheus pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `prometheus`, `config-reloader`, and `thanos-sidecar`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + disableCompaction: + description: Disable prometheus compaction. + type: boolean + enableAdminAPI: + description: 'Enable access to prometheus web admin API. Defaults to the value of `false`. WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, shutdown Prometheus, and more. Enabling this should be done with care and the user is advised to add additional authentication authorization via a proxy to ensure only clients authorized to perform these actions can do so. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis' + type: boolean + enforcedNamespaceLabel: + description: EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created. + type: string + enforcedSampleLimit: + description: EnforcedSampleLimit defines global limit on number of scraped samples that will be accepted. This overrides any SampleLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the SampleLimit to keep overall number of samples/series under the desired limit. Note that if SampleLimit is lower that value will be taken instead. + format: int64 + type: integer + enforcedTargetLimit: + description: EnforcedTargetLimit defines a global limit on the number of scraped targets. This overrides any TargetLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the TargetLimit to keep overall number of targets under the desired limit. Note that if TargetLimit is higher that value will be taken instead. + format: int64 + type: integer + evaluationInterval: + description: Interval between consecutive evaluations. + type: string + externalLabels: + additionalProperties: + type: string + description: The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager). + type: object + externalUrl: + description: The external URL the Prometheus instances will be available under. This is necessary to generate correct URLs. This is necessary if Prometheus is not served from root of a DNS name. + type: string + ignoreNamespaceSelectors: + description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from the podmonitor and servicemonitor configs, and they will only discover endpoints within their current namespace. Defaults to false. + type: boolean + image: + description: Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Prometheus is being configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for Prometheus to be configured with. + type: string + logLevel: + description: Log level for Prometheus to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + overrideHonorLabels: + description: OverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in ServiceMonitor or PodMonitor to true, this overrides honor_labels to false. + type: boolean + overrideHonorTimestamps: + description: OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs. + type: boolean + paused: + description: When a Prometheus deployment is paused, no actions except for deletion will be performed on the underlying objects. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are propagated to the prometheus pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + type: object + podMonitorNamespaceSelector: + description: Namespace's labels to match for PodMonitor discovery. If nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + podMonitorSelector: + description: '*Experimental* PodMonitors to be selected for target discovery. *Deprecated:* if neither this nor serviceMonitorSelector are specified, configuration is unmanaged.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + portName: + description: Port name used for the pods and governing service. This defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + probeNamespaceSelector: + description: '*Experimental* Namespaces to be selected for Probe discovery. If nil, only check own namespace.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + probeSelector: + description: '*Experimental* Probes to be selected for target discovery.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + prometheusExternalLabelName: + description: Name of Prometheus external label used to denote Prometheus instance name. Defaults to the value of `prometheus`. External label will _not_ be added when value is set to empty string (`""`). + type: string + prometheusRulesExcludedFromEnforce: + description: PrometheusRulesExcludedFromEnforce - list of prometheus rules to be excluded from enforcing of adding namespace labels. Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair + items: + description: PrometheusRuleExcludeConfig enables users to configure excluded PrometheusRule names and their namespaces to be ignored while enforcing namespace label for alerts and metrics. + properties: + ruleName: + description: RuleNamespace - name of excluded rule + type: string + ruleNamespace: + description: RuleNamespace - namespace of excluded rule + type: string + required: + - ruleName + - ruleNamespace + type: object + type: array + query: + description: QuerySpec defines the query command line flags when starting Prometheus. + properties: + lookbackDelta: + description: The delta difference allowed for retrieving metrics during expression evaluations. + type: string + maxConcurrency: + description: Number of concurrent queries that can be run at once. + format: int32 + type: integer + maxSamples: + description: Maximum number of samples a single query can load into memory. Note that queries will fail if they would load more samples than this into memory, so this also limits the number of samples a query can return. + format: int32 + type: integer + timeout: + description: Maximum time a query may take before being aborted. + type: string + type: object + queryLogFile: + description: QueryLogFile specifies the file to which PromQL queries are logged. Note that this location must be writable, and can be persisted using an attached volume. Alternatively, the location can be set to a stdout location such as `/dev/stdout` to log querie information to the default Prometheus log stream. This is only available in versions of Prometheus >= 2.16.0. For more details, see the Prometheus docs (https://prometheus.io/docs/guides/query-log/) + type: string + remoteRead: + description: If specified, the remote_read spec. This is an experimental feature, it may change in any upcoming release in a breaking way. + items: + description: RemoteReadSpec defines the remote_read configuration for prometheus. + properties: + basicAuth: + description: BasicAuth for the URL. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: bearer token for remote read. + type: string + bearerTokenFile: + description: File to read bearer token for remote read. + type: string + name: + description: The name of the remote read queue, must be unique if specified. The name is used in metrics and logging in order to differentiate read configurations. Only valid in Prometheus versions 2.15.0 and newer. + type: string + proxyUrl: + description: Optional ProxyURL + type: string + readRecent: + description: Whether reads should be made for queries for time ranges that the local storage should have complete data for. + type: boolean + remoteTimeout: + description: Timeout for requests to the remote read endpoint. + type: string + requiredMatchers: + additionalProperties: + type: string + description: An optional list of equality matchers which have to be present in a selector to query the remote read endpoint. + type: object + tlsConfig: + description: TLS Config to use for remote read. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples to. + type: string + required: + - url + type: object + type: array + remoteWrite: + description: If specified, the remote_write spec. This is an experimental feature, it may change in any upcoming release in a breaking way. + items: + description: RemoteWriteSpec defines the remote_write configuration for prometheus. + properties: + basicAuth: + description: BasicAuth for the URL. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: File to read bearer token for remote write. + type: string + bearerTokenFile: + description: File to read bearer token for remote write. + type: string + headers: + additionalProperties: + type: string + description: Custom HTTP headers to be sent along with each remote write request. Be aware that headers that are set by Prometheus itself can't be overwritten. Only valid in Prometheus versions 2.25.0 and newer. + type: object + name: + description: The name of the remote write queue, must be unique if specified. The name is used in metrics and logging in order to differentiate queues. Only valid in Prometheus versions 2.15.0 and newer. + type: string + proxyUrl: + description: Optional ProxyURL + type: string + queueConfig: + description: QueueConfig allows tuning of the remote write queue parameters. + properties: + batchSendDeadline: + description: BatchSendDeadline is the maximum time a sample will wait in buffer. + type: string + capacity: + description: Capacity is the number of samples to buffer per shard before we start dropping them. + type: integer + maxBackoff: + description: MaxBackoff is the maximum retry delay. + type: string + maxRetries: + description: MaxRetries is the maximum number of times to retry a batch on recoverable errors. + type: integer + maxSamplesPerSend: + description: MaxSamplesPerSend is the maximum number of samples per send. + type: integer + maxShards: + description: MaxShards is the maximum number of shards, i.e. amount of concurrency. + type: integer + minBackoff: + description: MinBackoff is the initial retry delay. Gets doubled for every retry. + type: string + minShards: + description: MinShards is the minimum number of shards, i.e. amount of concurrency. + type: integer + type: object + remoteTimeout: + description: Timeout for requests to the remote write endpoint. + type: string + tlsConfig: + description: TLS Config to use for remote write. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples to. + type: string + writeRelabelConfigs: + description: The list of remote write relabel configurations. + items: + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + type: string + type: object + type: array + required: + - url + type: object + type: array + replicaExternalLabelName: + description: Name of Prometheus external label used to denote replica name. Defaults to the value of `prometheus_replica`. External label will _not_ be added when value is set to empty string (`""`). + type: string + replicas: + description: Number of replicas of each shard to deploy for a Prometheus deployment. Number of replicas multiplied by shards is the total number of Pods created. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration Prometheus shall retain data for. Default is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years). + type: string + retentionSize: + description: 'Maximum amount of disk space used by blocks. Supported units: B, KB, MB, GB, TB, PB, EB. Ex: `512MB`.' + type: string + routePrefix: + description: The route prefix Prometheus registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`. + type: string + ruleNamespaceSelector: + description: Namespaces to be selected for PrometheusRules discovery. If unspecified, only the same namespace as the Prometheus object is in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + ruleSelector: + description: A selector to select which PrometheusRules to mount for loading alerting/recording rules from. Until (excluding) Prometheus Operator v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps to PrometheusRule custom resources selected by RuleSelector. Make sure it does not match any config maps that you do not want to be migrated. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + rules: + description: /--rules.*/ command-line arguments. + properties: + alert: + description: /--rules.alert.*/ command-line arguments + properties: + forGracePeriod: + description: Minimum duration between alert and restored 'for' state. This is maintained only for alerts with configured 'for' time greater than grace period. + type: string + forOutageTolerance: + description: Max time to tolerate prometheus outage for restoring 'for' state of alert. + type: string + resendDelay: + description: Minimum amount of time to wait before resending an alert to Alertmanager. + type: string + type: object + type: object + scrapeInterval: + description: Interval between consecutive scrapes. + type: string + scrapeTimeout: + description: Number of seconds to wait for target to respond before erroring. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. The Secrets are mounted into /etc/prometheus/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. + type: string + serviceMonitorNamespaceSelector: + description: Namespace's labels to match for ServiceMonitor discovery. If nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + serviceMonitorSelector: + description: ServiceMonitors to be selected for target discovery. *Deprecated:* if neither this nor podMonitorSelector are specified, configuration is unmanaged. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + sha: + description: 'SHA of Prometheus container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use ''image'' instead. The image digest can be specified as part of the image URL.' + type: string + shards: + description: 'EXPERIMENTAL: Number of shards to distribute targets onto. Number of replicas multiplied by shards is the total number of Pods created. Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved. Increasing shards will not reshard data either but it will continue to be available from the same instances. To query globally use Thanos sidecar and Thanos querier or remote write data to a central location. Sharding is done on the content of the `__address__` target meta-label.' + format: int32 + type: integer + storage: + description: Storage spec to specify how storage shall be used. + properties: + disableMountSubPath: + description: 'Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.' + type: boolean + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: EmbeddedMetadata contains metadata relevant to an EmbeddedResource. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + type: object + spec: + description: 'Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - Beta) * An existing PVC (PersistentVolumeClaim) * An existing custom resource/object that implements data population (Alpha) In order to use VolumeSnapshot object types, the appropriate feature gate must be enabled (VolumeSnapshotDataSource or AnyVolumeDataSource) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the specified data source is not supported, the volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change.' + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: VolumeName is the binding reference to the PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Represents the actual resources of the underlying volume. + type: object + conditions: + description: Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about last transition. + type: string + reason: + description: Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: 'Tag of Prometheus container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use ''image'' instead. The image tag can be specified as part of the image URL.' + type: string + thanos: + description: "Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment. \n This section is experimental, it may change significantly without deprecation notice in any release. \n This is experimental and may change significantly without backward compatibility in any release." + properties: + baseImage: + description: 'Thanos base image if other than default. Deprecated: use ''image'' instead' + type: string + grpcServerTlsConfig: + description: 'GRPCServerTLSConfig configures the gRPC server from which Thanos Querier reads recorded rule data. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the ''--grpc-server-tls-*'' CLI args.' + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + image: + description: Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Thanos is being configured. + type: string + listenLocal: + description: ListenLocal makes the Thanos sidecar listen on loopback, so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: LogFormat for Thanos sidecar to be configured with. + type: string + logLevel: + description: LogLevel for Thanos sidecar to be configured with. + type: string + minTime: + description: MinTime for Thanos sidecar to be configured with. Option can be a constant time in RFC3339 format or time duration relative to current time, such as -1d or 2h45m. Valid duration units are ms, s, m, h, d, w, y. + type: string + objectStorageConfig: + description: ObjectStorageConfig configures object storage in Thanos. Alternative to ObjectStorageConfigFile, and lower order priority. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + objectStorageConfigFile: + description: ObjectStorageConfigFile specifies the path of the object storage configuration file. When used alongside with ObjectStorageConfig, ObjectStorageConfigFile takes precedence. + type: string + resources: + description: Resources defines the resource requirements for the Thanos sidecar. If not provided, no requests/limits will be set + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + sha: + description: 'SHA of Thanos container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use ''image'' instead. The image digest can be specified as part of the image URL.' + type: string + tag: + description: 'Tag of Thanos sidecar container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use ''image'' instead. The image tag can be specified as part of the image URL.' + type: string + tracingConfig: + description: TracingConfig configures tracing in Thanos. This is an experimental feature, it may change in any upcoming release in a breaking way. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + tracingConfigFile: + description: TracingConfig specifies the path of the tracing configuration file. When used alongside with TracingConfig, TracingConfigFile takes precedence. + type: string + version: + description: Version describes the version of Thanos to use. + type: string + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: If specified, the pod's topology spread constraints. + items: + description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may be unevenly distributed. It''s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It''s a required field. Default value is 1 and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It''s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + version: + description: Version of Prometheus to be deployed. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the prometheus container, that are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with other supported volume types + properties: + configMap: + description: information about the configMap data to project + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken data to project + properties: + audience: + description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount user + type: string + volume: + description: Volume is a string that references an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the protection domain. + type: string + system: + description: The name of the storage system as configured in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + walCompression: + description: Enable compression of the write-ahead log using Snappy. This flag is only available in versions of Prometheus >= 2.11.0. + type: boolean + web: + description: WebSpec defines the web command line flags when starting Prometheus. + properties: + pageTitle: + description: The prometheus web page title + type: string + type: object + type: object + status: + description: 'Most recent observed status of the Prometheus cluster. Read-only. Not included when requesting from the apiserver, only from the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) targeted by this Prometheus deployment. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this Prometheus deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Prometheus deployment. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this Prometheus deployment that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-prometheusrules.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-prometheusrules.yaml new file mode 100755 index 000000000..07a24df45 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-prometheusrules.yaml @@ -0,0 +1,90 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: prometheusrules.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: PrometheusRule + listKind: PrometheusRuleList + plural: prometheusrules + singular: prometheusrule + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: PrometheusRule defines recording and alerting rules for a Prometheus instance + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired alerting rule definitions for Prometheus. + properties: + groups: + description: Content of Prometheus rule file + items: + description: 'RuleGroup is a list of sequentially evaluated recording and alerting rules. Note: PartialResponseStrategy is only used by ThanosRuler and will be ignored by Prometheus instances. Valid values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/master/docs/components/rule.md#partial-response' + properties: + interval: + type: string + name: + type: string + partial_response_strategy: + type: string + rules: + items: + description: Rule describes an alerting or recording rule. + properties: + alert: + type: string + annotations: + additionalProperties: + type: string + type: object + expr: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + for: + type: string + labels: + additionalProperties: + type: string + type: object + record: + type: string + required: + - expr + type: object + type: array + required: + - name + - rules + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-servicemonitors.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-servicemonitors.yaml new file mode 100755 index 000000000..9dee64ff9 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-servicemonitors.yaml @@ -0,0 +1,375 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: servicemonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: ServiceMonitor + listKind: ServiceMonitorList + plural: servicemonitors + singular: servicemonitor + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: ServiceMonitor defines monitoring for a set of services. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Service selection for target discovery by Prometheus. + properties: + endpoints: + description: A list of endpoints allowed as part of this ServiceMonitor. + items: + description: Endpoint defines a scrapeable endpoint serving Prometheus metrics. + properties: + basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenFile: + description: File to read bearer token for scraping targets. + type: string + bearerTokenSecret: + description: Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service monitor and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + honorLabels: + description: HonorLabels chooses the metric's labels on collisions with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + type: string + type: object + type: array + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. + type: string + port: + description: Name of the service port this endpoint refers to. Mutually exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before scraping. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: Name or number of the target port of the Pod behind the Service, the port must be specified with container port property. Mutually exclusive with port. + x-kubernetes-int-or-string: true + tlsConfig: + description: TLS configuration to use when scraping the endpoint + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + jobLabel: + description: The label to use to retrieve the job name from. + type: string + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Endpoints objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + targetLabels: + description: TargetLabels transfers labels on the Kubernetes Service onto the target. + items: + type: string + type: array + targetLimit: + description: TargetLimit defines a limit on the number of scraped targets that will be accepted. + format: int64 + type: integer + required: + - endpoints + - selector + type: object + required: + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-thanosrulers.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-thanosrulers.yaml new file mode 100755 index 000000000..a470d4b9f --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-thanosrulers.yaml @@ -0,0 +1,3342 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: thanosrulers.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: ThanosRuler + listKind: ThanosRulerList + plural: thanosrulers + singular: thanosruler + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: ThanosRuler defines a ThanosRuler deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the ThanosRuler cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + items: + description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alertDropLabels: + description: AlertDropLabels configure the label names which should be dropped in ThanosRuler alerts. If `labels` field is not provided, `thanos_ruler_replica` will be dropped in alerts by default. + items: + type: string + type: array + alertQueryUrl: + description: The external Query URL the Thanos Ruler will set in the 'Source' field of all alerts. Maps to the '--alert.query-url' CLI arg. + type: string + alertmanagersConfig: + description: Define configuration for connecting to alertmanager. Only available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config` arg. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + alertmanagersUrl: + description: 'Define URLs to send alerts to Alertmanager. For Thanos v0.10.0 and higher, AlertManagersConfig should be used instead. Note: this field will be ignored if AlertManagersConfig is specified. Maps to the `alertmanagers.url` arg.' + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a ThanosRuler pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `thanos-ruler` and `config-reloader`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + enforcedNamespaceLabel: + description: EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created. + type: string + evaluationInterval: + description: Interval between consecutive evaluations. + type: string + externalPrefix: + description: The external URL the Thanos Ruler instances will be available under. This is necessary to generate correct URLs. This is necessary if Thanos Ruler is not served from root of a DNS name. + type: string + grpcServerTlsConfig: + description: 'GRPCServerTLSConfig configures the gRPC server from which Thanos Querier reads recorded rule data. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the ''--grpc-server-tls-*'' CLI args.' + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + image: + description: Thanos container image URL. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the ThanosRuler configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: Labels configure the external label pairs to ThanosRuler. If not provided, default replica label `thanos_ruler_replica` will be added as a label and be dropped in alerts. + type: object + listenLocal: + description: ListenLocal makes the Thanos ruler listen on loopback, so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for ThanosRuler to be configured with. + type: string + logLevel: + description: Log level for ThanosRuler to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + objectStorageConfig: + description: ObjectStorageConfig configures object storage in Thanos. Alternative to ObjectStorageConfigFile, and lower order priority. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + objectStorageConfigFile: + description: ObjectStorageConfigFile specifies the path of the object storage configuration file. When used alongside with ObjectStorageConfig, ObjectStorageConfigFile takes precedence. + type: string + paused: + description: When a ThanosRuler deployment is paused, no actions except for deletion will be performed on the underlying objects. + type: boolean + podMetadata: + description: PodMetadata contains Labels and Annotations gets propagated to the thanos ruler pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + type: object + portName: + description: Port name used for the pods and governing service. This defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + prometheusRulesExcludedFromEnforce: + description: PrometheusRulesExcludedFromEnforce - list of Prometheus rules to be excluded from enforcing of adding namespace labels. Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair + items: + description: PrometheusRuleExcludeConfig enables users to configure excluded PrometheusRule names and their namespaces to be ignored while enforcing namespace label for alerts and metrics. + properties: + ruleName: + description: RuleNamespace - name of excluded rule + type: string + ruleNamespace: + description: RuleNamespace - namespace of excluded rule + type: string + required: + - ruleName + - ruleNamespace + type: object + type: array + queryConfig: + description: Define configuration for connecting to thanos query instances. If this is defined, the QueryEndpoints field will be ignored. Maps to the `query.config` CLI argument. Only available with thanos v0.11.0 and higher. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + queryEndpoints: + description: QueryEndpoints defines Thanos querier endpoints from which to query metrics. Maps to the --query flag of thanos ruler. + items: + type: string + type: array + replicas: + description: Number of thanos ruler instances to deploy. + format: int32 + type: integer + resources: + description: Resources defines the resource requirements for single Pods. If not provided, no requests/limits will be set + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration ThanosRuler shall retain data for. Default is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years). + type: string + routePrefix: + description: The route prefix ThanosRuler registers HTTP handlers for. This allows thanos UI to be served on a sub-path. + type: string + ruleNamespaceSelector: + description: Namespaces to be selected for Rules discovery. If unspecified, only the same namespace as the ThanosRuler object is in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + ruleSelector: + description: A label selector to select which PrometheusRules to mount for alerting and recording. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + securityContext: + description: SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to use to run the Thanos Ruler Pods. + type: string + storage: + description: Storage spec to specify how storage shall be used. + properties: + disableMountSubPath: + description: 'Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.' + type: boolean + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: EmbeddedMetadata contains metadata relevant to an EmbeddedResource. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + type: object + spec: + description: 'Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - Beta) * An existing PVC (PersistentVolumeClaim) * An existing custom resource/object that implements data population (Alpha) In order to use VolumeSnapshot object types, the appropriate feature gate must be enabled (VolumeSnapshotDataSource or AnyVolumeDataSource) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the specified data source is not supported, the volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change.' + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: VolumeName is the binding reference to the PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Represents the actual resources of the underlying volume. + type: object + conditions: + description: Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about last transition. + type: string + reason: + description: Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: If specified, the pod's topology spread constraints. + items: + description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may be unevenly distributed. It''s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It''s a required field. Default value is 1 and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It''s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + tracingConfig: + description: TracingConfig configures tracing in Thanos. This is an experimental feature, it may change in any upcoming release in a breaking way. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + volumes: + description: Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with other supported volume types + properties: + configMap: + description: information about the configMap data to project + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken data to project + properties: + audience: + description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount user + type: string + volume: + description: Volume is a string that references an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the protection domain. + type: string + system: + description: The name of the storage system as configured in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: 'Most recent observed status of the ThanosRuler cluster. Read-only. Not included when requesting from the apiserver, only from the ThanosRuler Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) targeted by this ThanosRuler deployment. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this ThanosRuler deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this ThanosRuler deployment. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this ThanosRuler deployment that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/_helpers.tpl new file mode 100755 index 000000000..2da79e70f --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/_helpers.tpl @@ -0,0 +1,29 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/jobs.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/jobs.yaml new file mode 100755 index 000000000..d2aaa3b45 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/jobs.yaml @@ -0,0 +1,110 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-create + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": post-install, post-upgrade, post-rollback + "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed +spec: + template: + metadata: + name: {{ .Chart.Name }}-create + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + initContainers: + - name: delete-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - delete + - --ignore-not-found=true + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + containers: + - name: create-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-delete + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed +spec: + template: + metadata: + name: {{ .Chart.Name }}-delete + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + initContainers: + - name: remove-finalizers + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + containers: + - name: delete-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - delete + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/manifest.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/manifest.yaml new file mode 100755 index 000000000..31016b6ef --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/manifest.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-manifest + namespace: {{ .Release.Namespace }} +data: + crd-manifest.yaml: | + {{- $currentScope := . -}} + {{- $crds := (.Files.Glob "crd-manifest/**.yaml") -}} + {{- range $path, $_ := $crds -}} + {{- with $currentScope -}} + {{ .Files.Get $path | nindent 4 }} + --- + {{- end -}}{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/rbac.yaml new file mode 100755 index 000000000..bdda1ddad --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/rbac.yaml @@ -0,0 +1,72 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: ['create', 'get', 'patch', 'delete'] +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ .Chart.Name }}-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Chart.Name }}-manager +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +spec: + privileged: false + allowPrivilegeEscalation: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/values.yaml new file mode 100755 index 000000000..22a8a1c38 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/values.yaml @@ -0,0 +1,11 @@ +# Default values for rancher-monitoring-crd. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + +image: + repository: rancher/kubectl + tag: v1.20.2 diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/Chart.yaml new file mode 100644 index 000000000..c358c7e34 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-monitoring-system + catalog.cattle.io/release-name: rancher-monitoring-crd +apiVersion: v1 +description: Installs the CRDs for rancher-monitoring. +name: rancher-monitoring-crd +type: application +version: 9.4.200 diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/README.md b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/README.md new file mode 100644 index 000000000..9bd9adadd --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/README.md @@ -0,0 +1,2 @@ +# rancher-monitoring-crd +A Rancher chart that installs the CRDs used by [rancher-monitoring](https://github.com/rancher/dev-charts/tree/master/packages/rancher-monitoring). diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-alertmanager.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-alertmanager.yaml new file mode 100644 index 000000000..98030b4f8 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-alertmanager.yaml @@ -0,0 +1,4500 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: alertmanagers.monitoring.coreos.com +spec: + additionalPrinterColumns: + - JSONPath: .spec.version + description: The version of Alertmanager + name: Version + type: string + - JSONPath: .spec.replicas + description: The desired replicas number of Alertmanagers + name: Replicas + type: integer + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: monitoring.coreos.com + names: + kind: Alertmanager + listKind: AlertmanagerList + plural: alertmanagers + singular: alertmanager + preserveUnknownFields: false + scope: Namespaced + subresources: {} + validation: + openAPIV3Schema: + description: Alertmanager describes an Alertmanager cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Alertmanager + cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalPeers: + description: AdditionalPeers allows injecting a set of additional Alertmanagers + to peer with to form a highly available cluster. + items: + type: string + type: array + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + baseImage: + description: Base image that is used to deploy pods, without tag. + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Alertmanager object, which shall be mounted into the Alertmanager + Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/. + items: + type: string + type: array + configSecret: + description: ConfigSecret is the name of a Kubernetes Secret in the + same namespace as the Alertmanager object, which contains configuration + for this Alertmanager instance. Defaults to 'alertmanager-' + The secret is mounted into /etc/alertmanager/config. + type: string + containers: + description: Containers allows injecting additional containers. This + is meant to allow adding an authentication proxy to an Alertmanager + pod. + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + externalUrl: + description: The external URL the Alertmanager instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Alertmanager is not served from root of a DNS name. + type: string + image: + description: Image if specified has precedence over baseImage, tag and + sha combinations. Specifying the version is still necessary to ensure + the Prometheus Operator knows what version of Alertmanager is being + configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling prometheus and alertmanager images from registries + see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Alertmanager configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Alertmanager server listen on loopback, + so that it does not bind against the Pod IP. Note this is only for + the Alertmanager UI, not the gossip communication. + type: boolean + logFormat: + description: Log format for Alertmanager to be configured with. + type: string + logLevel: + description: Log level for Alertmanager to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + paused: + description: If set to true all actions on the underlaying managed objects + are not goint to be performed, except for delete actions. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are + propagated to the alertmanager pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + replicas: + description: Size is the expected size of the alertmanager cluster. + The controller will eventually make the size of the running cluster + equal to the expected size. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration Alertmanager shall retain data for. Default + is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` + (milliseconds seconds minutes hours). + type: string + routePrefix: + description: The route prefix Alertmanager registers HTTP handlers for. + This is useful, if using ExternalURL and a proxy is rewriting HTTP + routes of a request, and the actual ExternalURL is still true, but + the server serves requests under a different route prefix. For example + for use with `kubectl proxy`. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as the + Alertmanager object, which shall be mounted into the Alertmanager + Pods. The Secrets are mounted into /etc/alertmanager/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Prometheus Pods. + type: string + sha: + description: SHA of Alertmanager container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + storage: + description: Storage is the definition of how storage will be used by + the Alertmanager instances. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: Tag of Alertmanager container image to be deployed. Defaults + to the value of `version`. Version is ignored if Tag is set. + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + version: + description: Version the cluster should be on. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the alertmanager container, that + are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within a + container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When not + set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's + volume should be mounted. Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded using the container's + environment. Defaults to "" (volume's root). SubPathExpr and + SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: 'Most recent observed status of the Alertmanager cluster. Read-only. + Not included when requesting from the apiserver, only from the Prometheus + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Alertmanager cluster. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlaying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this Alertmanager + cluster (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Alertmanager + cluster. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this Alertmanager + cluster that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-podmonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-podmonitor.yaml new file mode 100644 index 000000000..9cf3c42e4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-podmonitor.yaml @@ -0,0 +1,260 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: podmonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: PodMonitor + listKind: PodMonitorList + plural: podmonitors + singular: podmonitor + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: PodMonitor defines monitoring for a set of pods. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Pod selection for target discovery + by Prometheus. + properties: + jobLabel: + description: The label to use to retrieve the job name from. + type: string + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects + are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + podMetricsEndpoints: + description: A list of endpoints allowed as part of this PodMonitor. + items: + description: PodMetricsEndpoint defines a scrapeable endpoint of a + Kubernetes Pod serving Prometheus metrics. + properties: + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. + type: string + port: + description: Name of the pod port this endpoint refers to. Mutually + exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before ingestion. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Deprecated: Use ''port'' instead.' + x-kubernetes-int-or-string: true + type: object + type: array + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Pod objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + required: + - podMetricsEndpoints + - selector + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-prometheus.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-prometheus.yaml new file mode 100644 index 000000000..704379fb2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-prometheus.yaml @@ -0,0 +1,6002 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: prometheuses.monitoring.coreos.com +spec: + additionalPrinterColumns: + - JSONPath: .spec.version + description: The version of Prometheus + name: Version + type: string + - JSONPath: .spec.replicas + description: The desired replicas number of Prometheuses + name: Replicas + type: integer + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: monitoring.coreos.com + names: + kind: Prometheus + listKind: PrometheusList + plural: prometheuses + singular: prometheus + preserveUnknownFields: false + scope: Namespaced + subresources: {} + validation: + openAPIV3Schema: + description: Prometheus defines a Prometheus deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Prometheus cluster. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalAlertManagerConfigs: + description: 'AdditionalAlertManagerConfigs allows specifying a key + of a Secret containing additional Prometheus AlertManager configurations. + AlertManager configurations specified are appended to the configurations + generated by the Prometheus Operator. Job configurations specified + must have the form as specified in the official Prometheus documentation: + https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. + As AlertManager configs are appended, the user is responsible to make + sure it is valid. Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible AlertManager configs + are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + additionalAlertRelabelConfigs: + description: 'AdditionalAlertRelabelConfigs allows specifying a key + of a Secret containing additional Prometheus alert relabel configurations. + Alert relabel configurations specified are appended to the configurations + generated by the Prometheus Operator. Alert relabel configurations + specified must have the form as specified in the official Prometheus + documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. + As alert relabel configs are appended, the user is responsible to + make sure it is valid. Note that using this feature may expose the + possibility to break upgrades of Prometheus. It is advised to review + Prometheus release notes to ensure that no incompatible alert relabel + configs are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + additionalScrapeConfigs: + description: 'AdditionalScrapeConfigs allows specifying a key of a Secret + containing additional Prometheus scrape configurations. Scrape configurations + specified are appended to the configurations generated by the Prometheus + Operator. Job configurations specified must have the form as specified + in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. + As scrape configs are appended, the user is responsible to make sure + it is valid. Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible scrape configs are going + to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alerting: + description: Define details regarding alerting. + properties: + alertmanagers: + description: AlertmanagerEndpoints Prometheus should fire alerts + against. + items: + description: AlertmanagerEndpoints defines a selection of a single + Endpoints object containing alertmanager IPs to fire alerts + against. + properties: + apiVersion: + description: Version of the Alertmanager API that Prometheus + uses to send alerts. It can be "v1" or "v2". + type: string + bearerTokenFile: + description: BearerTokenFile to read from filesystem to use + when authenticating to Alertmanager. + type: string + name: + description: Name of Endpoints object in Namespace. + type: string + namespace: + description: Namespace of Endpoints object. + type: string + pathPrefix: + description: Prefix for the HTTP path alerts are pushed to. + type: string + port: + anyOf: + - type: integer + - type: string + description: Port the Alertmanager API is exposed on. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use when firing alerts. + type: string + tlsConfig: + description: TLS Config to use for alertmanager connection. + properties: + ca: + description: Stuct containing the CA cert to use for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for + the targets. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - name + - namespace + - port + type: object + type: array + required: + - alertmanagers + type: object + apiserverConfig: + description: APIServerConfig allows specifying a host and auth methods + to access apiserver. If left empty, Prometheus is assumed to run inside + of the cluster and will discover API servers automatically and use + the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + properties: + basicAuth: + description: BasicAuth allow an endpoint to authenticate over basic + authentication + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: Bearer token for accessing apiserver. + type: string + bearerTokenFile: + description: File to read bearer token for accessing apiserver. + type: string + host: + description: Host of apiserver. A valid string consisting of a hostname + or IP followed by an optional port number + type: string + tlsConfig: + description: TLS Config to use for accessing apiserver. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + type: object + arbitraryFSAccessThroughSMs: + description: ArbitraryFSAccessThroughSMs configures whether configuration + based on a service monitor can access arbitrary files on the file + system of the Prometheus container e.g. bearer token files. + properties: + deny: + type: boolean + type: object + baseImage: + description: Base image to use for a Prometheus deployment. + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Prometheus object, which shall be mounted into the Prometheus + Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/. + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or modifying + operator generated containers. This can be used to allow adding an + authentication proxy to a Prometheus pod or to change the behavior + of an operator generated container. Containers described here modify + an operator generated container if they share the same name and modifications + are done via a strategic merge patch. The current container names + are: `prometheus`, `prometheus-config-reloader`, `rules-configmap-reloader`, + and `thanos-sidecar`. Overriding containers is entirely outside the + scope of what the maintainers will support and by doing so, you accept + that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + disableCompaction: + description: Disable prometheus compaction. + type: boolean + enableAdminAPI: + description: 'Enable access to prometheus web admin API. Defaults to + the value of `false`. WARNING: Enabling the admin APIs enables mutating + endpoints, to delete data, shutdown Prometheus, and more. Enabling + this should be done with care and the user is advised to add additional + authentication authorization via a proxy to ensure only clients authorized + to perform these actions can do so. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis' + type: boolean + enforcedNamespaceLabel: + description: EnforcedNamespaceLabel enforces adding a namespace label + of origin for each alert and metric that is user created. The label + value will always be the namespace of the object that is being created. + type: string + evaluationInterval: + description: Interval between consecutive evaluations. + type: string + externalLabels: + additionalProperties: + type: string + description: The labels to add to any time series or alerts when communicating + with external systems (federation, remote storage, Alertmanager). + type: object + externalUrl: + description: The external URL the Prometheus instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Prometheus is not served from root of a DNS name. + type: string + ignoreNamespaceSelectors: + description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector + settings from the podmonitor and servicemonitor configs, and they + will only discover endpoints within their current namespace. Defaults + to false. + type: boolean + image: + description: Image if specified has precedence over baseImage, tag and + sha combinations. Specifying the version is still necessary to ensure + the Prometheus Operator knows what version of Prometheus is being + configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling prometheus and alertmanager images from registries + see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Prometheus configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Prometheus server listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for Prometheus to be configured with. + type: string + logLevel: + description: Log level for Prometheus to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + overrideHonorLabels: + description: OverrideHonorLabels if set to true overrides all user configured + honor_labels. If HonorLabels is set in ServiceMonitor or PodMonitor + to true, this overrides honor_labels to false. + type: boolean + overrideHonorTimestamps: + description: OverrideHonorTimestamps allows to globally enforce honoring + timestamps in all scrape configs. + type: boolean + paused: + description: When a Prometheus deployment is paused, no actions except + for deletion will be performed on the underlying objects. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are + propagated to the prometheus pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + podMonitorNamespaceSelector: + description: Namespaces to be selected for PodMonitor discovery. If + nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + podMonitorSelector: + description: '*Experimental* PodMonitors to be selected for target discovery.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + prometheusExternalLabelName: + description: Name of Prometheus external label used to denote Prometheus + instance name. Defaults to the value of `prometheus`. External label + will _not_ be added when value is set to empty string (`""`). + type: string + query: + description: QuerySpec defines the query command line flags when starting + Prometheus. + properties: + lookbackDelta: + description: The delta difference allowed for retrieving metrics + during expression evaluations. + type: string + maxConcurrency: + description: Number of concurrent queries that can be run at once. + format: int32 + type: integer + maxSamples: + description: Maximum number of samples a single query can load into + memory. Note that queries will fail if they would load more samples + than this into memory, so this also limits the number of samples + a query can return. + format: int32 + type: integer + timeout: + description: Maximum time a query may take before being aborted. + type: string + type: object + remoteRead: + description: If specified, the remote_read spec. This is an experimental + feature, it may change in any upcoming release in a breaking way. + items: + description: RemoteReadSpec defines the remote_read configuration + for prometheus. + properties: + basicAuth: + description: BasicAuth for the URL. + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: bearer token for remote read. + type: string + bearerTokenFile: + description: File to read bearer token for remote read. + type: string + proxyUrl: + description: Optional ProxyURL + type: string + readRecent: + description: Whether reads should be made for queries for time + ranges that the local storage should have complete data for. + type: boolean + remoteTimeout: + description: Timeout for requests to the remote read endpoint. + type: string + requiredMatchers: + additionalProperties: + type: string + description: An optional list of equality matchers which have + to be present in a selector to query the remote read endpoint. + type: object + tlsConfig: + description: TLS Config to use for remote read. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples to. + type: string + required: + - url + type: object + type: array + remoteWrite: + description: If specified, the remote_write spec. This is an experimental + feature, it may change in any upcoming release in a breaking way. + items: + description: RemoteWriteSpec defines the remote_write configuration + for prometheus. + properties: + basicAuth: + description: BasicAuth for the URL. + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: File to read bearer token for remote write. + type: string + bearerTokenFile: + description: File to read bearer token for remote write. + type: string + proxyUrl: + description: Optional ProxyURL + type: string + queueConfig: + description: QueueConfig allows tuning of the remote write queue + parameters. + properties: + batchSendDeadline: + description: BatchSendDeadline is the maximum time a sample + will wait in buffer. + type: string + capacity: + description: Capacity is the number of samples to buffer per + shard before we start dropping them. + type: integer + maxBackoff: + description: MaxBackoff is the maximum retry delay. + type: string + maxRetries: + description: MaxRetries is the maximum number of times to + retry a batch on recoverable errors. + type: integer + maxSamplesPerSend: + description: MaxSamplesPerSend is the maximum number of samples + per send. + type: integer + maxShards: + description: MaxShards is the maximum number of shards, i.e. + amount of concurrency. + type: integer + minBackoff: + description: MinBackoff is the initial retry delay. Gets doubled + for every retry. + type: string + minShards: + description: MinShards is the minimum number of shards, i.e. + amount of concurrency. + type: integer + type: object + remoteTimeout: + description: Timeout for requests to the remote write endpoint. + type: string + tlsConfig: + description: TLS Config to use for remote write. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples to. + type: string + writeRelabelConfigs: + description: The list of remote write relabel configurations. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + required: + - url + type: object + type: array + replicaExternalLabelName: + description: Name of Prometheus external label used to denote replica + name. Defaults to the value of `prometheus_replica`. External label + will _not_ be added when value is set to empty string (`""`). + type: string + replicas: + description: Number of instances to deploy for a Prometheus deployment. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration Prometheus shall retain data for. Default + is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` + (milliseconds seconds minutes hours days weeks years). + type: string + retentionSize: + description: Maximum amount of disk space used by blocks. + type: string + routePrefix: + description: The route prefix Prometheus registers HTTP handlers for. + This is useful, if using ExternalURL and a proxy is rewriting HTTP + routes of a request, and the actual ExternalURL is still true, but + the server serves requests under a different route prefix. For example + for use with `kubectl proxy`. + type: string + ruleNamespaceSelector: + description: Namespaces to be selected for PrometheusRules discovery. + If unspecified, only the same namespace as the Prometheus object is + in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + ruleSelector: + description: A selector to select which PrometheusRules to mount for + loading alerting rules from. Until (excluding) Prometheus Operator + v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps + to PrometheusRule custom resources selected by RuleSelector. Make + sure it does not match any config maps that you do not want to be + migrated. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + rules: + description: /--rules.*/ command-line arguments. + properties: + alert: + description: /--rules.alert.*/ command-line arguments + properties: + forGracePeriod: + description: Minimum duration between alert and restored 'for' + state. This is maintained only for alerts with configured + 'for' time greater than grace period. + type: string + forOutageTolerance: + description: Max time to tolerate prometheus outage for restoring + 'for' state of alert. + type: string + resendDelay: + description: Minimum amount of time to wait before resending + an alert to Alertmanager. + type: string + type: object + type: object + scrapeInterval: + description: Interval between consecutive scrapes. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as the + Prometheus object, which shall be mounted into the Prometheus Pods. + The Secrets are mounted into /etc/prometheus/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Prometheus Pods. + type: string + serviceMonitorNamespaceSelector: + description: Namespaces to be selected for ServiceMonitor discovery. + If nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + serviceMonitorSelector: + description: ServiceMonitors to be selected for target discovery. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + sha: + description: SHA of Prometheus container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + storage: + description: Storage spec to specify how storage shall be used. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: Tag of Prometheus container image to be deployed. Defaults + to the value of `version`. Version is ignored if Tag is set. + type: string + thanos: + description: "Thanos configuration allows configuring various aspects + of a Prometheus server in a Thanos environment. \n This section is + experimental, it may change significantly without deprecation notice + in any release. \n This is experimental and may change significantly + without backward compatibility in any release." + properties: + baseImage: + description: Thanos base image if other than default. + type: string + grpcServerTlsConfig: + description: 'GRPCServerTLSConfig configures the gRPC server from + which Thanos Querier reads recorded rule data. Note: Currently + only the CAFile, CertFile, and KeyFile fields are supported. Maps + to the ''--grpc-server-tls-*'' CLI args.' + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + image: + description: Image if specified has precedence over baseImage, tag + and sha combinations. Specifying the version is still necessary + to ensure the Prometheus Operator knows what version of Thanos + is being configured. + type: string + listenLocal: + description: ListenLocal makes the Thanos sidecar listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + objectStorageConfig: + description: ObjectStorageConfig configures object storage in Thanos. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + resources: + description: Resources defines the resource requirements for the + Thanos sidecar. If not provided, no requests/limits will be set + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + sha: + description: SHA of Thanos container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + tag: + description: Tag of Thanos sidecar container image to be deployed. + Defaults to the value of `version`. Version is ignored if Tag + is set. + type: string + tracingConfig: + description: TracingConfig configures tracing in Thanos. This is + an experimental feature, it may change in any upcoming release + in a breaking way. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + version: + description: Version describes the version of Thanos to use. + type: string + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + version: + description: Version of Prometheus to be deployed. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the prometheus container, that + are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within a + container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When not + set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's + volume should be mounted. Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded using the container's + environment. Defaults to "" (volume's root). SubPathExpr and + SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + walCompression: + description: Enable compression of the write-ahead log using Snappy. + This flag is only available in versions of Prometheus >= 2.11.0. + type: boolean + type: object + status: + description: 'Most recent observed status of the Prometheus cluster. Read-only. + Not included when requesting from the apiserver, only from the Prometheus + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Prometheus deployment. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlaying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this Prometheus + deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Prometheus + deployment. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this Prometheus + deployment that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-prometheusrules.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-prometheusrules.yaml new file mode 100644 index 000000000..5546de38e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-prometheusrules.yaml @@ -0,0 +1,91 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: prometheusrules.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: PrometheusRule + listKind: PrometheusRuleList + plural: prometheusrules + singular: prometheusrule + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: PrometheusRule defines alerting rules for a Prometheus instance + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired alerting rule definitions for Prometheus. + properties: + groups: + description: Content of Prometheus rule file + items: + description: 'RuleGroup is a list of sequentially evaluated recording + and alerting rules. Note: PartialResponseStrategy is only used by + ThanosRuler and will be ignored by Prometheus instances. Valid + values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/master/docs/components/rule.md#partial-response' + properties: + interval: + type: string + name: + type: string + partial_response_strategy: + type: string + rules: + items: + description: Rule describes an alerting or recording rule. + properties: + alert: + type: string + annotations: + additionalProperties: + type: string + type: object + expr: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + for: + type: string + labels: + additionalProperties: + type: string + type: object + record: + type: string + required: + - expr + type: object + type: array + required: + - name + - rules + type: object + type: array + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-servicemonitor.yaml new file mode 100644 index 000000000..8f7a67c14 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-servicemonitor.yaml @@ -0,0 +1,459 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: servicemonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: ServiceMonitor + listKind: ServiceMonitorList + plural: servicemonitors + singular: servicemonitor + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: ServiceMonitor defines monitoring for a set of services. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Service selection for target discovery + by Prometheus. + properties: + endpoints: + description: A list of endpoints allowed as part of this ServiceMonitor. + items: + description: Endpoint defines a scrapeable endpoint serving Prometheus + metrics. + properties: + basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over + basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenFile: + description: File to read bearer token for scraping targets. + type: string + bearerTokenSecret: + description: Secret to mount to read bearer token for scraping + targets. The secret needs to be in the same namespace as the + service monitor and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. + type: string + port: + description: Name of the service port this endpoint refers to. + Mutually exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before scraping. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: Name or number of the pod port this endpoint refers + to. Mutually exclusive with port. + x-kubernetes-int-or-string: true + tlsConfig: + description: TLS configuration to use when scraping the endpoint + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + jobLabel: + description: The label to use to retrieve the job name from. + type: string + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects + are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Endpoints objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + targetLabels: + description: TargetLabels transfers labels on the Kubernetes Service + onto the target. + items: + type: string + type: array + required: + - endpoints + - selector + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-thanosrulers.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-thanosrulers.yaml new file mode 100644 index 000000000..82136d73e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-thanosrulers.yaml @@ -0,0 +1,4725 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: thanosrulers.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: ThanosRuler + listKind: ThanosRulerList + plural: thanosrulers + singular: thanosruler + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: ThanosRuler defines a ThanosRuler deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the ThanosRuler cluster. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alertDropLabels: + description: AlertDropLabels configure the label names which should + be dropped in ThanosRuler alerts. If `labels` field is not provided, + `thanos_ruler_replica` will be dropped in alerts by default. + items: + type: string + type: array + alertQueryUrl: + description: The external Query URL the Thanos Ruler will set in the + 'Source' field of all alerts. Maps to the '--alert.query-url' CLI + arg. + type: string + alertmanagersConfig: + description: Define configuration for connecting to alertmanager. Only + available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config` + arg. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + alertmanagersUrl: + description: 'Define URLs to send alerts to Alertmanager. For Thanos + v0.10.0 and higher, AlertManagersConfig should be used instead. Note: + this field will be ignored if AlertManagersConfig is specified. Maps + to the `alertmanagers.url` arg.' + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or modifying + operator generated containers. This can be used to allow adding an + authentication proxy to a ThanosRuler pod or to change the behavior + of an operator generated container. Containers described here modify + an operator generated container if they share the same name and modifications + are done via a strategic merge patch. The current container names + are: `thanos-ruler` and `rules-configmap-reloader`. Overriding containers + is entirely outside the scope of what the maintainers will support + and by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + enforcedNamespaceLabel: + description: EnforcedNamespaceLabel enforces adding a namespace label + of origin for each alert and metric that is user created. The label + value will always be the namespace of the object that is being created. + type: string + evaluationInterval: + description: Interval between consecutive evaluations. + type: string + externalPrefix: + description: The external URL the Thanos Ruler instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Thanos Ruler is not served from root of a DNS name. + type: string + grpcServerTlsConfig: + description: 'GRPCServerTLSConfig configures the gRPC server from which + Thanos Querier reads recorded rule data. Note: Currently only the + CAFile, CertFile, and KeyFile fields are supported. Maps to the ''--grpc-server-tls-*'' + CLI args.' + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to + use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container + for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + image: + description: Thanos container image URL. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the ThanosRuler configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: Labels configure the external label pairs to ThanosRuler. + If not provided, default replica label `thanos_ruler_replica` will + be added as a label and be dropped in alerts. + type: object + listenLocal: + description: ListenLocal makes the Thanos ruler listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for ThanosRuler to be configured with. + type: string + logLevel: + description: Log level for ThanosRuler to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + objectStorageConfig: + description: ObjectStorageConfig configures object storage in Thanos. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + paused: + description: When a ThanosRuler deployment is paused, no actions except + for deletion will be performed on the underlying objects. + type: boolean + podMetadata: + description: PodMetadata contains Labels and Annotations gets propagated + to the thanos ruler pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + queryConfig: + description: Define configuration for connecting to thanos query instances. + If this is defined, the QueryEndpoints field will be ignored. Maps + to the `query.config` CLI argument. Only available with thanos v0.11.0 + and higher. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + queryEndpoints: + description: QueryEndpoints defines Thanos querier endpoints from which + to query metrics. Maps to the --query flag of thanos ruler. + items: + type: string + type: array + replicas: + description: Number of thanos ruler instances to deploy. + format: int32 + type: integer + resources: + description: Resources defines the resource requirements for single + Pods. If not provided, no requests/limits will be set + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration ThanosRuler shall retain data for. Default + is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` + (milliseconds seconds minutes hours days weeks years). + type: string + routePrefix: + description: The route prefix ThanosRuler registers HTTP handlers for. + This allows thanos UI to be served on a sub-path. + type: string + ruleNamespaceSelector: + description: Namespaces to be selected for Rules discovery. If unspecified, + only the same namespace as the ThanosRuler object is in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + ruleSelector: + description: A label selector to select which PrometheusRules to mount + for alerting and recording. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Thanos Ruler Pods. + type: string + storage: + description: Storage spec to specify how storage shall be used. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + tracingConfig: + description: TracingConfig configures tracing in Thanos. This is an + experimental feature, it may change in any upcoming release in a breaking + way. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: 'Most recent observed status of the ThanosRuler cluster. Read-only. + Not included when requesting from the apiserver, only from the ThanosRuler + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this ThanosRuler deployment. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this ThanosRuler + deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this ThanosRuler + deployment. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this ThanosRuler + deployment that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/_helpers.tpl new file mode 100644 index 000000000..39b26c195 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/_helpers.tpl @@ -0,0 +1,7 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/jobs.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/jobs.yaml new file mode 100644 index 000000000..709005fd9 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/jobs.yaml @@ -0,0 +1,92 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-create + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": post-install, post-upgrade, post-rollback + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-create + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: create-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-delete + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-delete + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + initContainers: + - name: remove-finalizers + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + containers: + - name: delete-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - delete + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/manifest.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/manifest.yaml new file mode 100644 index 000000000..31016b6ef --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/manifest.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-manifest + namespace: {{ .Release.Namespace }} +data: + crd-manifest.yaml: | + {{- $currentScope := . -}} + {{- $crds := (.Files.Glob "crd-manifest/**.yaml") -}} + {{- range $path, $_ := $crds -}} + {{- with $currentScope -}} + {{ .Files.Get $path | nindent 4 }} + --- + {{- end -}}{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/rbac.yaml new file mode 100644 index 000000000..658304418 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/rbac.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: ['create', 'get', 'patch', 'delete'] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Chart.Name }}-manager +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/values.yaml new file mode 100644 index 000000000..3aac0a046 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/values.yaml @@ -0,0 +1,11 @@ +# Default values for rancher-monitoring-crd. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + +image: + repository: rancher/kubectl + tag: v1.18.6 diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/Chart.yaml new file mode 100644 index 000000000..25940b84a --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-monitoring-system + catalog.cattle.io/release-name: rancher-monitoring-crd +apiVersion: v1 +description: Installs the CRDs for rancher-monitoring. +name: rancher-monitoring-crd +type: application +version: 9.4.201 diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/README.md b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/README.md new file mode 100644 index 000000000..48d2a8621 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/README.md @@ -0,0 +1,2 @@ +# rancher-monitoring-crd +A Rancher chart that installs the CRDs used by rancher-monitoring. diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-alertmanager.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-alertmanager.yaml new file mode 100644 index 000000000..98030b4f8 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-alertmanager.yaml @@ -0,0 +1,4500 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: alertmanagers.monitoring.coreos.com +spec: + additionalPrinterColumns: + - JSONPath: .spec.version + description: The version of Alertmanager + name: Version + type: string + - JSONPath: .spec.replicas + description: The desired replicas number of Alertmanagers + name: Replicas + type: integer + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: monitoring.coreos.com + names: + kind: Alertmanager + listKind: AlertmanagerList + plural: alertmanagers + singular: alertmanager + preserveUnknownFields: false + scope: Namespaced + subresources: {} + validation: + openAPIV3Schema: + description: Alertmanager describes an Alertmanager cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Alertmanager + cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalPeers: + description: AdditionalPeers allows injecting a set of additional Alertmanagers + to peer with to form a highly available cluster. + items: + type: string + type: array + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + baseImage: + description: Base image that is used to deploy pods, without tag. + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Alertmanager object, which shall be mounted into the Alertmanager + Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/. + items: + type: string + type: array + configSecret: + description: ConfigSecret is the name of a Kubernetes Secret in the + same namespace as the Alertmanager object, which contains configuration + for this Alertmanager instance. Defaults to 'alertmanager-' + The secret is mounted into /etc/alertmanager/config. + type: string + containers: + description: Containers allows injecting additional containers. This + is meant to allow adding an authentication proxy to an Alertmanager + pod. + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + externalUrl: + description: The external URL the Alertmanager instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Alertmanager is not served from root of a DNS name. + type: string + image: + description: Image if specified has precedence over baseImage, tag and + sha combinations. Specifying the version is still necessary to ensure + the Prometheus Operator knows what version of Alertmanager is being + configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling prometheus and alertmanager images from registries + see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Alertmanager configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Alertmanager server listen on loopback, + so that it does not bind against the Pod IP. Note this is only for + the Alertmanager UI, not the gossip communication. + type: boolean + logFormat: + description: Log format for Alertmanager to be configured with. + type: string + logLevel: + description: Log level for Alertmanager to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + paused: + description: If set to true all actions on the underlaying managed objects + are not goint to be performed, except for delete actions. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are + propagated to the alertmanager pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + replicas: + description: Size is the expected size of the alertmanager cluster. + The controller will eventually make the size of the running cluster + equal to the expected size. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration Alertmanager shall retain data for. Default + is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` + (milliseconds seconds minutes hours). + type: string + routePrefix: + description: The route prefix Alertmanager registers HTTP handlers for. + This is useful, if using ExternalURL and a proxy is rewriting HTTP + routes of a request, and the actual ExternalURL is still true, but + the server serves requests under a different route prefix. For example + for use with `kubectl proxy`. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as the + Alertmanager object, which shall be mounted into the Alertmanager + Pods. The Secrets are mounted into /etc/alertmanager/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Prometheus Pods. + type: string + sha: + description: SHA of Alertmanager container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + storage: + description: Storage is the definition of how storage will be used by + the Alertmanager instances. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: Tag of Alertmanager container image to be deployed. Defaults + to the value of `version`. Version is ignored if Tag is set. + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + version: + description: Version the cluster should be on. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the alertmanager container, that + are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within a + container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When not + set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's + volume should be mounted. Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded using the container's + environment. Defaults to "" (volume's root). SubPathExpr and + SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: 'Most recent observed status of the Alertmanager cluster. Read-only. + Not included when requesting from the apiserver, only from the Prometheus + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Alertmanager cluster. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlaying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this Alertmanager + cluster (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Alertmanager + cluster. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this Alertmanager + cluster that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-podmonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-podmonitor.yaml new file mode 100644 index 000000000..9cf3c42e4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-podmonitor.yaml @@ -0,0 +1,260 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: podmonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: PodMonitor + listKind: PodMonitorList + plural: podmonitors + singular: podmonitor + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: PodMonitor defines monitoring for a set of pods. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Pod selection for target discovery + by Prometheus. + properties: + jobLabel: + description: The label to use to retrieve the job name from. + type: string + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects + are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + podMetricsEndpoints: + description: A list of endpoints allowed as part of this PodMonitor. + items: + description: PodMetricsEndpoint defines a scrapeable endpoint of a + Kubernetes Pod serving Prometheus metrics. + properties: + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. + type: string + port: + description: Name of the pod port this endpoint refers to. Mutually + exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before ingestion. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Deprecated: Use ''port'' instead.' + x-kubernetes-int-or-string: true + type: object + type: array + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Pod objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + required: + - podMetricsEndpoints + - selector + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-prometheus.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-prometheus.yaml new file mode 100644 index 000000000..704379fb2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-prometheus.yaml @@ -0,0 +1,6002 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: prometheuses.monitoring.coreos.com +spec: + additionalPrinterColumns: + - JSONPath: .spec.version + description: The version of Prometheus + name: Version + type: string + - JSONPath: .spec.replicas + description: The desired replicas number of Prometheuses + name: Replicas + type: integer + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: monitoring.coreos.com + names: + kind: Prometheus + listKind: PrometheusList + plural: prometheuses + singular: prometheus + preserveUnknownFields: false + scope: Namespaced + subresources: {} + validation: + openAPIV3Schema: + description: Prometheus defines a Prometheus deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Prometheus cluster. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalAlertManagerConfigs: + description: 'AdditionalAlertManagerConfigs allows specifying a key + of a Secret containing additional Prometheus AlertManager configurations. + AlertManager configurations specified are appended to the configurations + generated by the Prometheus Operator. Job configurations specified + must have the form as specified in the official Prometheus documentation: + https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. + As AlertManager configs are appended, the user is responsible to make + sure it is valid. Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible AlertManager configs + are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + additionalAlertRelabelConfigs: + description: 'AdditionalAlertRelabelConfigs allows specifying a key + of a Secret containing additional Prometheus alert relabel configurations. + Alert relabel configurations specified are appended to the configurations + generated by the Prometheus Operator. Alert relabel configurations + specified must have the form as specified in the official Prometheus + documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. + As alert relabel configs are appended, the user is responsible to + make sure it is valid. Note that using this feature may expose the + possibility to break upgrades of Prometheus. It is advised to review + Prometheus release notes to ensure that no incompatible alert relabel + configs are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + additionalScrapeConfigs: + description: 'AdditionalScrapeConfigs allows specifying a key of a Secret + containing additional Prometheus scrape configurations. Scrape configurations + specified are appended to the configurations generated by the Prometheus + Operator. Job configurations specified must have the form as specified + in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. + As scrape configs are appended, the user is responsible to make sure + it is valid. Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible scrape configs are going + to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alerting: + description: Define details regarding alerting. + properties: + alertmanagers: + description: AlertmanagerEndpoints Prometheus should fire alerts + against. + items: + description: AlertmanagerEndpoints defines a selection of a single + Endpoints object containing alertmanager IPs to fire alerts + against. + properties: + apiVersion: + description: Version of the Alertmanager API that Prometheus + uses to send alerts. It can be "v1" or "v2". + type: string + bearerTokenFile: + description: BearerTokenFile to read from filesystem to use + when authenticating to Alertmanager. + type: string + name: + description: Name of Endpoints object in Namespace. + type: string + namespace: + description: Namespace of Endpoints object. + type: string + pathPrefix: + description: Prefix for the HTTP path alerts are pushed to. + type: string + port: + anyOf: + - type: integer + - type: string + description: Port the Alertmanager API is exposed on. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use when firing alerts. + type: string + tlsConfig: + description: TLS Config to use for alertmanager connection. + properties: + ca: + description: Stuct containing the CA cert to use for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for + the targets. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - name + - namespace + - port + type: object + type: array + required: + - alertmanagers + type: object + apiserverConfig: + description: APIServerConfig allows specifying a host and auth methods + to access apiserver. If left empty, Prometheus is assumed to run inside + of the cluster and will discover API servers automatically and use + the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + properties: + basicAuth: + description: BasicAuth allow an endpoint to authenticate over basic + authentication + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: Bearer token for accessing apiserver. + type: string + bearerTokenFile: + description: File to read bearer token for accessing apiserver. + type: string + host: + description: Host of apiserver. A valid string consisting of a hostname + or IP followed by an optional port number + type: string + tlsConfig: + description: TLS Config to use for accessing apiserver. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + type: object + arbitraryFSAccessThroughSMs: + description: ArbitraryFSAccessThroughSMs configures whether configuration + based on a service monitor can access arbitrary files on the file + system of the Prometheus container e.g. bearer token files. + properties: + deny: + type: boolean + type: object + baseImage: + description: Base image to use for a Prometheus deployment. + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Prometheus object, which shall be mounted into the Prometheus + Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/. + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or modifying + operator generated containers. This can be used to allow adding an + authentication proxy to a Prometheus pod or to change the behavior + of an operator generated container. Containers described here modify + an operator generated container if they share the same name and modifications + are done via a strategic merge patch. The current container names + are: `prometheus`, `prometheus-config-reloader`, `rules-configmap-reloader`, + and `thanos-sidecar`. Overriding containers is entirely outside the + scope of what the maintainers will support and by doing so, you accept + that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + disableCompaction: + description: Disable prometheus compaction. + type: boolean + enableAdminAPI: + description: 'Enable access to prometheus web admin API. Defaults to + the value of `false`. WARNING: Enabling the admin APIs enables mutating + endpoints, to delete data, shutdown Prometheus, and more. Enabling + this should be done with care and the user is advised to add additional + authentication authorization via a proxy to ensure only clients authorized + to perform these actions can do so. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis' + type: boolean + enforcedNamespaceLabel: + description: EnforcedNamespaceLabel enforces adding a namespace label + of origin for each alert and metric that is user created. The label + value will always be the namespace of the object that is being created. + type: string + evaluationInterval: + description: Interval between consecutive evaluations. + type: string + externalLabels: + additionalProperties: + type: string + description: The labels to add to any time series or alerts when communicating + with external systems (federation, remote storage, Alertmanager). + type: object + externalUrl: + description: The external URL the Prometheus instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Prometheus is not served from root of a DNS name. + type: string + ignoreNamespaceSelectors: + description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector + settings from the podmonitor and servicemonitor configs, and they + will only discover endpoints within their current namespace. Defaults + to false. + type: boolean + image: + description: Image if specified has precedence over baseImage, tag and + sha combinations. Specifying the version is still necessary to ensure + the Prometheus Operator knows what version of Prometheus is being + configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling prometheus and alertmanager images from registries + see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Prometheus configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Prometheus server listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for Prometheus to be configured with. + type: string + logLevel: + description: Log level for Prometheus to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + overrideHonorLabels: + description: OverrideHonorLabels if set to true overrides all user configured + honor_labels. If HonorLabels is set in ServiceMonitor or PodMonitor + to true, this overrides honor_labels to false. + type: boolean + overrideHonorTimestamps: + description: OverrideHonorTimestamps allows to globally enforce honoring + timestamps in all scrape configs. + type: boolean + paused: + description: When a Prometheus deployment is paused, no actions except + for deletion will be performed on the underlying objects. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are + propagated to the prometheus pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + podMonitorNamespaceSelector: + description: Namespaces to be selected for PodMonitor discovery. If + nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + podMonitorSelector: + description: '*Experimental* PodMonitors to be selected for target discovery.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + prometheusExternalLabelName: + description: Name of Prometheus external label used to denote Prometheus + instance name. Defaults to the value of `prometheus`. External label + will _not_ be added when value is set to empty string (`""`). + type: string + query: + description: QuerySpec defines the query command line flags when starting + Prometheus. + properties: + lookbackDelta: + description: The delta difference allowed for retrieving metrics + during expression evaluations. + type: string + maxConcurrency: + description: Number of concurrent queries that can be run at once. + format: int32 + type: integer + maxSamples: + description: Maximum number of samples a single query can load into + memory. Note that queries will fail if they would load more samples + than this into memory, so this also limits the number of samples + a query can return. + format: int32 + type: integer + timeout: + description: Maximum time a query may take before being aborted. + type: string + type: object + remoteRead: + description: If specified, the remote_read spec. This is an experimental + feature, it may change in any upcoming release in a breaking way. + items: + description: RemoteReadSpec defines the remote_read configuration + for prometheus. + properties: + basicAuth: + description: BasicAuth for the URL. + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: bearer token for remote read. + type: string + bearerTokenFile: + description: File to read bearer token for remote read. + type: string + proxyUrl: + description: Optional ProxyURL + type: string + readRecent: + description: Whether reads should be made for queries for time + ranges that the local storage should have complete data for. + type: boolean + remoteTimeout: + description: Timeout for requests to the remote read endpoint. + type: string + requiredMatchers: + additionalProperties: + type: string + description: An optional list of equality matchers which have + to be present in a selector to query the remote read endpoint. + type: object + tlsConfig: + description: TLS Config to use for remote read. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples to. + type: string + required: + - url + type: object + type: array + remoteWrite: + description: If specified, the remote_write spec. This is an experimental + feature, it may change in any upcoming release in a breaking way. + items: + description: RemoteWriteSpec defines the remote_write configuration + for prometheus. + properties: + basicAuth: + description: BasicAuth for the URL. + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: File to read bearer token for remote write. + type: string + bearerTokenFile: + description: File to read bearer token for remote write. + type: string + proxyUrl: + description: Optional ProxyURL + type: string + queueConfig: + description: QueueConfig allows tuning of the remote write queue + parameters. + properties: + batchSendDeadline: + description: BatchSendDeadline is the maximum time a sample + will wait in buffer. + type: string + capacity: + description: Capacity is the number of samples to buffer per + shard before we start dropping them. + type: integer + maxBackoff: + description: MaxBackoff is the maximum retry delay. + type: string + maxRetries: + description: MaxRetries is the maximum number of times to + retry a batch on recoverable errors. + type: integer + maxSamplesPerSend: + description: MaxSamplesPerSend is the maximum number of samples + per send. + type: integer + maxShards: + description: MaxShards is the maximum number of shards, i.e. + amount of concurrency. + type: integer + minBackoff: + description: MinBackoff is the initial retry delay. Gets doubled + for every retry. + type: string + minShards: + description: MinShards is the minimum number of shards, i.e. + amount of concurrency. + type: integer + type: object + remoteTimeout: + description: Timeout for requests to the remote write endpoint. + type: string + tlsConfig: + description: TLS Config to use for remote write. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples to. + type: string + writeRelabelConfigs: + description: The list of remote write relabel configurations. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + required: + - url + type: object + type: array + replicaExternalLabelName: + description: Name of Prometheus external label used to denote replica + name. Defaults to the value of `prometheus_replica`. External label + will _not_ be added when value is set to empty string (`""`). + type: string + replicas: + description: Number of instances to deploy for a Prometheus deployment. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration Prometheus shall retain data for. Default + is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` + (milliseconds seconds minutes hours days weeks years). + type: string + retentionSize: + description: Maximum amount of disk space used by blocks. + type: string + routePrefix: + description: The route prefix Prometheus registers HTTP handlers for. + This is useful, if using ExternalURL and a proxy is rewriting HTTP + routes of a request, and the actual ExternalURL is still true, but + the server serves requests under a different route prefix. For example + for use with `kubectl proxy`. + type: string + ruleNamespaceSelector: + description: Namespaces to be selected for PrometheusRules discovery. + If unspecified, only the same namespace as the Prometheus object is + in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + ruleSelector: + description: A selector to select which PrometheusRules to mount for + loading alerting rules from. Until (excluding) Prometheus Operator + v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps + to PrometheusRule custom resources selected by RuleSelector. Make + sure it does not match any config maps that you do not want to be + migrated. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + rules: + description: /--rules.*/ command-line arguments. + properties: + alert: + description: /--rules.alert.*/ command-line arguments + properties: + forGracePeriod: + description: Minimum duration between alert and restored 'for' + state. This is maintained only for alerts with configured + 'for' time greater than grace period. + type: string + forOutageTolerance: + description: Max time to tolerate prometheus outage for restoring + 'for' state of alert. + type: string + resendDelay: + description: Minimum amount of time to wait before resending + an alert to Alertmanager. + type: string + type: object + type: object + scrapeInterval: + description: Interval between consecutive scrapes. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as the + Prometheus object, which shall be mounted into the Prometheus Pods. + The Secrets are mounted into /etc/prometheus/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Prometheus Pods. + type: string + serviceMonitorNamespaceSelector: + description: Namespaces to be selected for ServiceMonitor discovery. + If nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + serviceMonitorSelector: + description: ServiceMonitors to be selected for target discovery. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + sha: + description: SHA of Prometheus container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + storage: + description: Storage spec to specify how storage shall be used. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: Tag of Prometheus container image to be deployed. Defaults + to the value of `version`. Version is ignored if Tag is set. + type: string + thanos: + description: "Thanos configuration allows configuring various aspects + of a Prometheus server in a Thanos environment. \n This section is + experimental, it may change significantly without deprecation notice + in any release. \n This is experimental and may change significantly + without backward compatibility in any release." + properties: + baseImage: + description: Thanos base image if other than default. + type: string + grpcServerTlsConfig: + description: 'GRPCServerTLSConfig configures the gRPC server from + which Thanos Querier reads recorded rule data. Note: Currently + only the CAFile, CertFile, and KeyFile fields are supported. Maps + to the ''--grpc-server-tls-*'' CLI args.' + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + image: + description: Image if specified has precedence over baseImage, tag + and sha combinations. Specifying the version is still necessary + to ensure the Prometheus Operator knows what version of Thanos + is being configured. + type: string + listenLocal: + description: ListenLocal makes the Thanos sidecar listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + objectStorageConfig: + description: ObjectStorageConfig configures object storage in Thanos. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + resources: + description: Resources defines the resource requirements for the + Thanos sidecar. If not provided, no requests/limits will be set + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + sha: + description: SHA of Thanos container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + tag: + description: Tag of Thanos sidecar container image to be deployed. + Defaults to the value of `version`. Version is ignored if Tag + is set. + type: string + tracingConfig: + description: TracingConfig configures tracing in Thanos. This is + an experimental feature, it may change in any upcoming release + in a breaking way. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + version: + description: Version describes the version of Thanos to use. + type: string + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + version: + description: Version of Prometheus to be deployed. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the prometheus container, that + are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within a + container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When not + set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's + volume should be mounted. Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded using the container's + environment. Defaults to "" (volume's root). SubPathExpr and + SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + walCompression: + description: Enable compression of the write-ahead log using Snappy. + This flag is only available in versions of Prometheus >= 2.11.0. + type: boolean + type: object + status: + description: 'Most recent observed status of the Prometheus cluster. Read-only. + Not included when requesting from the apiserver, only from the Prometheus + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Prometheus deployment. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlaying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this Prometheus + deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Prometheus + deployment. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this Prometheus + deployment that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-prometheusrules.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-prometheusrules.yaml new file mode 100644 index 000000000..5546de38e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-prometheusrules.yaml @@ -0,0 +1,91 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: prometheusrules.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: PrometheusRule + listKind: PrometheusRuleList + plural: prometheusrules + singular: prometheusrule + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: PrometheusRule defines alerting rules for a Prometheus instance + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired alerting rule definitions for Prometheus. + properties: + groups: + description: Content of Prometheus rule file + items: + description: 'RuleGroup is a list of sequentially evaluated recording + and alerting rules. Note: PartialResponseStrategy is only used by + ThanosRuler and will be ignored by Prometheus instances. Valid + values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/master/docs/components/rule.md#partial-response' + properties: + interval: + type: string + name: + type: string + partial_response_strategy: + type: string + rules: + items: + description: Rule describes an alerting or recording rule. + properties: + alert: + type: string + annotations: + additionalProperties: + type: string + type: object + expr: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + for: + type: string + labels: + additionalProperties: + type: string + type: object + record: + type: string + required: + - expr + type: object + type: array + required: + - name + - rules + type: object + type: array + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-servicemonitor.yaml new file mode 100644 index 000000000..8f7a67c14 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-servicemonitor.yaml @@ -0,0 +1,459 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: servicemonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: ServiceMonitor + listKind: ServiceMonitorList + plural: servicemonitors + singular: servicemonitor + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: ServiceMonitor defines monitoring for a set of services. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Service selection for target discovery + by Prometheus. + properties: + endpoints: + description: A list of endpoints allowed as part of this ServiceMonitor. + items: + description: Endpoint defines a scrapeable endpoint serving Prometheus + metrics. + properties: + basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over + basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenFile: + description: File to read bearer token for scraping targets. + type: string + bearerTokenSecret: + description: Secret to mount to read bearer token for scraping + targets. The secret needs to be in the same namespace as the + service monitor and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. + type: string + port: + description: Name of the service port this endpoint refers to. + Mutually exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before scraping. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: Name or number of the pod port this endpoint refers + to. Mutually exclusive with port. + x-kubernetes-int-or-string: true + tlsConfig: + description: TLS configuration to use when scraping the endpoint + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + jobLabel: + description: The label to use to retrieve the job name from. + type: string + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects + are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Endpoints objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + targetLabels: + description: TargetLabels transfers labels on the Kubernetes Service + onto the target. + items: + type: string + type: array + required: + - endpoints + - selector + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-thanosrulers.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-thanosrulers.yaml new file mode 100644 index 000000000..82136d73e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-thanosrulers.yaml @@ -0,0 +1,4725 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: thanosrulers.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: ThanosRuler + listKind: ThanosRulerList + plural: thanosrulers + singular: thanosruler + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: ThanosRuler defines a ThanosRuler deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the ThanosRuler cluster. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alertDropLabels: + description: AlertDropLabels configure the label names which should + be dropped in ThanosRuler alerts. If `labels` field is not provided, + `thanos_ruler_replica` will be dropped in alerts by default. + items: + type: string + type: array + alertQueryUrl: + description: The external Query URL the Thanos Ruler will set in the + 'Source' field of all alerts. Maps to the '--alert.query-url' CLI + arg. + type: string + alertmanagersConfig: + description: Define configuration for connecting to alertmanager. Only + available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config` + arg. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + alertmanagersUrl: + description: 'Define URLs to send alerts to Alertmanager. For Thanos + v0.10.0 and higher, AlertManagersConfig should be used instead. Note: + this field will be ignored if AlertManagersConfig is specified. Maps + to the `alertmanagers.url` arg.' + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or modifying + operator generated containers. This can be used to allow adding an + authentication proxy to a ThanosRuler pod or to change the behavior + of an operator generated container. Containers described here modify + an operator generated container if they share the same name and modifications + are done via a strategic merge patch. The current container names + are: `thanos-ruler` and `rules-configmap-reloader`. Overriding containers + is entirely outside the scope of what the maintainers will support + and by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + enforcedNamespaceLabel: + description: EnforcedNamespaceLabel enforces adding a namespace label + of origin for each alert and metric that is user created. The label + value will always be the namespace of the object that is being created. + type: string + evaluationInterval: + description: Interval between consecutive evaluations. + type: string + externalPrefix: + description: The external URL the Thanos Ruler instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Thanos Ruler is not served from root of a DNS name. + type: string + grpcServerTlsConfig: + description: 'GRPCServerTLSConfig configures the gRPC server from which + Thanos Querier reads recorded rule data. Note: Currently only the + CAFile, CertFile, and KeyFile fields are supported. Maps to the ''--grpc-server-tls-*'' + CLI args.' + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to + use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container + for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + image: + description: Thanos container image URL. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the ThanosRuler configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: Labels configure the external label pairs to ThanosRuler. + If not provided, default replica label `thanos_ruler_replica` will + be added as a label and be dropped in alerts. + type: object + listenLocal: + description: ListenLocal makes the Thanos ruler listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for ThanosRuler to be configured with. + type: string + logLevel: + description: Log level for ThanosRuler to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + objectStorageConfig: + description: ObjectStorageConfig configures object storage in Thanos. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + paused: + description: When a ThanosRuler deployment is paused, no actions except + for deletion will be performed on the underlying objects. + type: boolean + podMetadata: + description: PodMetadata contains Labels and Annotations gets propagated + to the thanos ruler pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + queryConfig: + description: Define configuration for connecting to thanos query instances. + If this is defined, the QueryEndpoints field will be ignored. Maps + to the `query.config` CLI argument. Only available with thanos v0.11.0 + and higher. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + queryEndpoints: + description: QueryEndpoints defines Thanos querier endpoints from which + to query metrics. Maps to the --query flag of thanos ruler. + items: + type: string + type: array + replicas: + description: Number of thanos ruler instances to deploy. + format: int32 + type: integer + resources: + description: Resources defines the resource requirements for single + Pods. If not provided, no requests/limits will be set + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration ThanosRuler shall retain data for. Default + is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` + (milliseconds seconds minutes hours days weeks years). + type: string + routePrefix: + description: The route prefix ThanosRuler registers HTTP handlers for. + This allows thanos UI to be served on a sub-path. + type: string + ruleNamespaceSelector: + description: Namespaces to be selected for Rules discovery. If unspecified, + only the same namespace as the ThanosRuler object is in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + ruleSelector: + description: A label selector to select which PrometheusRules to mount + for alerting and recording. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Thanos Ruler Pods. + type: string + storage: + description: Storage spec to specify how storage shall be used. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + tracingConfig: + description: TracingConfig configures tracing in Thanos. This is an + experimental feature, it may change in any upcoming release in a breaking + way. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: 'Most recent observed status of the ThanosRuler cluster. Read-only. + Not included when requesting from the apiserver, only from the ThanosRuler + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this ThanosRuler deployment. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this ThanosRuler + deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this ThanosRuler + deployment. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this ThanosRuler + deployment that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/_helpers.tpl new file mode 100644 index 000000000..39b26c195 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/_helpers.tpl @@ -0,0 +1,7 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/jobs.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/jobs.yaml new file mode 100644 index 000000000..709005fd9 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/jobs.yaml @@ -0,0 +1,92 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-create + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": post-install, post-upgrade, post-rollback + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-create + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: create-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-delete + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-delete + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + initContainers: + - name: remove-finalizers + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + containers: + - name: delete-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - delete + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/manifest.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/manifest.yaml new file mode 100644 index 000000000..31016b6ef --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/manifest.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-manifest + namespace: {{ .Release.Namespace }} +data: + crd-manifest.yaml: | + {{- $currentScope := . -}} + {{- $crds := (.Files.Glob "crd-manifest/**.yaml") -}} + {{- range $path, $_ := $crds -}} + {{- with $currentScope -}} + {{ .Files.Get $path | nindent 4 }} + --- + {{- end -}}{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/rbac.yaml new file mode 100644 index 000000000..658304418 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/rbac.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: ['create', 'get', 'patch', 'delete'] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Chart.Name }}-manager +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/values.yaml new file mode 100644 index 000000000..3aac0a046 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/values.yaml @@ -0,0 +1,11 @@ +# Default values for rancher-monitoring-crd. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + +image: + repository: rancher/kubectl + tag: v1.18.6 diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/Chart.yaml new file mode 100644 index 000000000..39cce3f87 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-monitoring-system + catalog.cattle.io/release-name: rancher-monitoring-crd +apiVersion: v1 +description: Installs the CRDs for rancher-monitoring. +name: rancher-monitoring-crd +type: application +version: 9.4.202 diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/README.md b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/README.md new file mode 100644 index 000000000..48d2a8621 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/README.md @@ -0,0 +1,2 @@ +# rancher-monitoring-crd +A Rancher chart that installs the CRDs used by rancher-monitoring. diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-alertmanager.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-alertmanager.yaml new file mode 100644 index 000000000..98030b4f8 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-alertmanager.yaml @@ -0,0 +1,4500 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: alertmanagers.monitoring.coreos.com +spec: + additionalPrinterColumns: + - JSONPath: .spec.version + description: The version of Alertmanager + name: Version + type: string + - JSONPath: .spec.replicas + description: The desired replicas number of Alertmanagers + name: Replicas + type: integer + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: monitoring.coreos.com + names: + kind: Alertmanager + listKind: AlertmanagerList + plural: alertmanagers + singular: alertmanager + preserveUnknownFields: false + scope: Namespaced + subresources: {} + validation: + openAPIV3Schema: + description: Alertmanager describes an Alertmanager cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Alertmanager + cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalPeers: + description: AdditionalPeers allows injecting a set of additional Alertmanagers + to peer with to form a highly available cluster. + items: + type: string + type: array + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + baseImage: + description: Base image that is used to deploy pods, without tag. + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Alertmanager object, which shall be mounted into the Alertmanager + Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/. + items: + type: string + type: array + configSecret: + description: ConfigSecret is the name of a Kubernetes Secret in the + same namespace as the Alertmanager object, which contains configuration + for this Alertmanager instance. Defaults to 'alertmanager-' + The secret is mounted into /etc/alertmanager/config. + type: string + containers: + description: Containers allows injecting additional containers. This + is meant to allow adding an authentication proxy to an Alertmanager + pod. + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + externalUrl: + description: The external URL the Alertmanager instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Alertmanager is not served from root of a DNS name. + type: string + image: + description: Image if specified has precedence over baseImage, tag and + sha combinations. Specifying the version is still necessary to ensure + the Prometheus Operator knows what version of Alertmanager is being + configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling prometheus and alertmanager images from registries + see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Alertmanager configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Alertmanager server listen on loopback, + so that it does not bind against the Pod IP. Note this is only for + the Alertmanager UI, not the gossip communication. + type: boolean + logFormat: + description: Log format for Alertmanager to be configured with. + type: string + logLevel: + description: Log level for Alertmanager to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + paused: + description: If set to true all actions on the underlaying managed objects + are not goint to be performed, except for delete actions. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are + propagated to the alertmanager pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + replicas: + description: Size is the expected size of the alertmanager cluster. + The controller will eventually make the size of the running cluster + equal to the expected size. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration Alertmanager shall retain data for. Default + is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` + (milliseconds seconds minutes hours). + type: string + routePrefix: + description: The route prefix Alertmanager registers HTTP handlers for. + This is useful, if using ExternalURL and a proxy is rewriting HTTP + routes of a request, and the actual ExternalURL is still true, but + the server serves requests under a different route prefix. For example + for use with `kubectl proxy`. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as the + Alertmanager object, which shall be mounted into the Alertmanager + Pods. The Secrets are mounted into /etc/alertmanager/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Prometheus Pods. + type: string + sha: + description: SHA of Alertmanager container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + storage: + description: Storage is the definition of how storage will be used by + the Alertmanager instances. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: Tag of Alertmanager container image to be deployed. Defaults + to the value of `version`. Version is ignored if Tag is set. + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + version: + description: Version the cluster should be on. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the alertmanager container, that + are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within a + container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When not + set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's + volume should be mounted. Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded using the container's + environment. Defaults to "" (volume's root). SubPathExpr and + SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: 'Most recent observed status of the Alertmanager cluster. Read-only. + Not included when requesting from the apiserver, only from the Prometheus + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Alertmanager cluster. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlaying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this Alertmanager + cluster (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Alertmanager + cluster. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this Alertmanager + cluster that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-podmonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-podmonitor.yaml new file mode 100644 index 000000000..9cf3c42e4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-podmonitor.yaml @@ -0,0 +1,260 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: podmonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: PodMonitor + listKind: PodMonitorList + plural: podmonitors + singular: podmonitor + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: PodMonitor defines monitoring for a set of pods. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Pod selection for target discovery + by Prometheus. + properties: + jobLabel: + description: The label to use to retrieve the job name from. + type: string + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects + are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + podMetricsEndpoints: + description: A list of endpoints allowed as part of this PodMonitor. + items: + description: PodMetricsEndpoint defines a scrapeable endpoint of a + Kubernetes Pod serving Prometheus metrics. + properties: + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. + type: string + port: + description: Name of the pod port this endpoint refers to. Mutually + exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before ingestion. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Deprecated: Use ''port'' instead.' + x-kubernetes-int-or-string: true + type: object + type: array + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Pod objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + required: + - podMetricsEndpoints + - selector + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-prometheus.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-prometheus.yaml new file mode 100644 index 000000000..704379fb2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-prometheus.yaml @@ -0,0 +1,6002 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: prometheuses.monitoring.coreos.com +spec: + additionalPrinterColumns: + - JSONPath: .spec.version + description: The version of Prometheus + name: Version + type: string + - JSONPath: .spec.replicas + description: The desired replicas number of Prometheuses + name: Replicas + type: integer + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: monitoring.coreos.com + names: + kind: Prometheus + listKind: PrometheusList + plural: prometheuses + singular: prometheus + preserveUnknownFields: false + scope: Namespaced + subresources: {} + validation: + openAPIV3Schema: + description: Prometheus defines a Prometheus deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Prometheus cluster. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalAlertManagerConfigs: + description: 'AdditionalAlertManagerConfigs allows specifying a key + of a Secret containing additional Prometheus AlertManager configurations. + AlertManager configurations specified are appended to the configurations + generated by the Prometheus Operator. Job configurations specified + must have the form as specified in the official Prometheus documentation: + https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. + As AlertManager configs are appended, the user is responsible to make + sure it is valid. Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible AlertManager configs + are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + additionalAlertRelabelConfigs: + description: 'AdditionalAlertRelabelConfigs allows specifying a key + of a Secret containing additional Prometheus alert relabel configurations. + Alert relabel configurations specified are appended to the configurations + generated by the Prometheus Operator. Alert relabel configurations + specified must have the form as specified in the official Prometheus + documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. + As alert relabel configs are appended, the user is responsible to + make sure it is valid. Note that using this feature may expose the + possibility to break upgrades of Prometheus. It is advised to review + Prometheus release notes to ensure that no incompatible alert relabel + configs are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + additionalScrapeConfigs: + description: 'AdditionalScrapeConfigs allows specifying a key of a Secret + containing additional Prometheus scrape configurations. Scrape configurations + specified are appended to the configurations generated by the Prometheus + Operator. Job configurations specified must have the form as specified + in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. + As scrape configs are appended, the user is responsible to make sure + it is valid. Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible scrape configs are going + to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alerting: + description: Define details regarding alerting. + properties: + alertmanagers: + description: AlertmanagerEndpoints Prometheus should fire alerts + against. + items: + description: AlertmanagerEndpoints defines a selection of a single + Endpoints object containing alertmanager IPs to fire alerts + against. + properties: + apiVersion: + description: Version of the Alertmanager API that Prometheus + uses to send alerts. It can be "v1" or "v2". + type: string + bearerTokenFile: + description: BearerTokenFile to read from filesystem to use + when authenticating to Alertmanager. + type: string + name: + description: Name of Endpoints object in Namespace. + type: string + namespace: + description: Namespace of Endpoints object. + type: string + pathPrefix: + description: Prefix for the HTTP path alerts are pushed to. + type: string + port: + anyOf: + - type: integer + - type: string + description: Port the Alertmanager API is exposed on. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use when firing alerts. + type: string + tlsConfig: + description: TLS Config to use for alertmanager connection. + properties: + ca: + description: Stuct containing the CA cert to use for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for + the targets. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - name + - namespace + - port + type: object + type: array + required: + - alertmanagers + type: object + apiserverConfig: + description: APIServerConfig allows specifying a host and auth methods + to access apiserver. If left empty, Prometheus is assumed to run inside + of the cluster and will discover API servers automatically and use + the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + properties: + basicAuth: + description: BasicAuth allow an endpoint to authenticate over basic + authentication + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: Bearer token for accessing apiserver. + type: string + bearerTokenFile: + description: File to read bearer token for accessing apiserver. + type: string + host: + description: Host of apiserver. A valid string consisting of a hostname + or IP followed by an optional port number + type: string + tlsConfig: + description: TLS Config to use for accessing apiserver. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + type: object + arbitraryFSAccessThroughSMs: + description: ArbitraryFSAccessThroughSMs configures whether configuration + based on a service monitor can access arbitrary files on the file + system of the Prometheus container e.g. bearer token files. + properties: + deny: + type: boolean + type: object + baseImage: + description: Base image to use for a Prometheus deployment. + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Prometheus object, which shall be mounted into the Prometheus + Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/. + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or modifying + operator generated containers. This can be used to allow adding an + authentication proxy to a Prometheus pod or to change the behavior + of an operator generated container. Containers described here modify + an operator generated container if they share the same name and modifications + are done via a strategic merge patch. The current container names + are: `prometheus`, `prometheus-config-reloader`, `rules-configmap-reloader`, + and `thanos-sidecar`. Overriding containers is entirely outside the + scope of what the maintainers will support and by doing so, you accept + that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + disableCompaction: + description: Disable prometheus compaction. + type: boolean + enableAdminAPI: + description: 'Enable access to prometheus web admin API. Defaults to + the value of `false`. WARNING: Enabling the admin APIs enables mutating + endpoints, to delete data, shutdown Prometheus, and more. Enabling + this should be done with care and the user is advised to add additional + authentication authorization via a proxy to ensure only clients authorized + to perform these actions can do so. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis' + type: boolean + enforcedNamespaceLabel: + description: EnforcedNamespaceLabel enforces adding a namespace label + of origin for each alert and metric that is user created. The label + value will always be the namespace of the object that is being created. + type: string + evaluationInterval: + description: Interval between consecutive evaluations. + type: string + externalLabels: + additionalProperties: + type: string + description: The labels to add to any time series or alerts when communicating + with external systems (federation, remote storage, Alertmanager). + type: object + externalUrl: + description: The external URL the Prometheus instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Prometheus is not served from root of a DNS name. + type: string + ignoreNamespaceSelectors: + description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector + settings from the podmonitor and servicemonitor configs, and they + will only discover endpoints within their current namespace. Defaults + to false. + type: boolean + image: + description: Image if specified has precedence over baseImage, tag and + sha combinations. Specifying the version is still necessary to ensure + the Prometheus Operator knows what version of Prometheus is being + configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling prometheus and alertmanager images from registries + see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Prometheus configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Prometheus server listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for Prometheus to be configured with. + type: string + logLevel: + description: Log level for Prometheus to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + overrideHonorLabels: + description: OverrideHonorLabels if set to true overrides all user configured + honor_labels. If HonorLabels is set in ServiceMonitor or PodMonitor + to true, this overrides honor_labels to false. + type: boolean + overrideHonorTimestamps: + description: OverrideHonorTimestamps allows to globally enforce honoring + timestamps in all scrape configs. + type: boolean + paused: + description: When a Prometheus deployment is paused, no actions except + for deletion will be performed on the underlying objects. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are + propagated to the prometheus pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + podMonitorNamespaceSelector: + description: Namespaces to be selected for PodMonitor discovery. If + nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + podMonitorSelector: + description: '*Experimental* PodMonitors to be selected for target discovery.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + prometheusExternalLabelName: + description: Name of Prometheus external label used to denote Prometheus + instance name. Defaults to the value of `prometheus`. External label + will _not_ be added when value is set to empty string (`""`). + type: string + query: + description: QuerySpec defines the query command line flags when starting + Prometheus. + properties: + lookbackDelta: + description: The delta difference allowed for retrieving metrics + during expression evaluations. + type: string + maxConcurrency: + description: Number of concurrent queries that can be run at once. + format: int32 + type: integer + maxSamples: + description: Maximum number of samples a single query can load into + memory. Note that queries will fail if they would load more samples + than this into memory, so this also limits the number of samples + a query can return. + format: int32 + type: integer + timeout: + description: Maximum time a query may take before being aborted. + type: string + type: object + remoteRead: + description: If specified, the remote_read spec. This is an experimental + feature, it may change in any upcoming release in a breaking way. + items: + description: RemoteReadSpec defines the remote_read configuration + for prometheus. + properties: + basicAuth: + description: BasicAuth for the URL. + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: bearer token for remote read. + type: string + bearerTokenFile: + description: File to read bearer token for remote read. + type: string + proxyUrl: + description: Optional ProxyURL + type: string + readRecent: + description: Whether reads should be made for queries for time + ranges that the local storage should have complete data for. + type: boolean + remoteTimeout: + description: Timeout for requests to the remote read endpoint. + type: string + requiredMatchers: + additionalProperties: + type: string + description: An optional list of equality matchers which have + to be present in a selector to query the remote read endpoint. + type: object + tlsConfig: + description: TLS Config to use for remote read. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples to. + type: string + required: + - url + type: object + type: array + remoteWrite: + description: If specified, the remote_write spec. This is an experimental + feature, it may change in any upcoming release in a breaking way. + items: + description: RemoteWriteSpec defines the remote_write configuration + for prometheus. + properties: + basicAuth: + description: BasicAuth for the URL. + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: File to read bearer token for remote write. + type: string + bearerTokenFile: + description: File to read bearer token for remote write. + type: string + proxyUrl: + description: Optional ProxyURL + type: string + queueConfig: + description: QueueConfig allows tuning of the remote write queue + parameters. + properties: + batchSendDeadline: + description: BatchSendDeadline is the maximum time a sample + will wait in buffer. + type: string + capacity: + description: Capacity is the number of samples to buffer per + shard before we start dropping them. + type: integer + maxBackoff: + description: MaxBackoff is the maximum retry delay. + type: string + maxRetries: + description: MaxRetries is the maximum number of times to + retry a batch on recoverable errors. + type: integer + maxSamplesPerSend: + description: MaxSamplesPerSend is the maximum number of samples + per send. + type: integer + maxShards: + description: MaxShards is the maximum number of shards, i.e. + amount of concurrency. + type: integer + minBackoff: + description: MinBackoff is the initial retry delay. Gets doubled + for every retry. + type: string + minShards: + description: MinShards is the minimum number of shards, i.e. + amount of concurrency. + type: integer + type: object + remoteTimeout: + description: Timeout for requests to the remote write endpoint. + type: string + tlsConfig: + description: TLS Config to use for remote write. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples to. + type: string + writeRelabelConfigs: + description: The list of remote write relabel configurations. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + required: + - url + type: object + type: array + replicaExternalLabelName: + description: Name of Prometheus external label used to denote replica + name. Defaults to the value of `prometheus_replica`. External label + will _not_ be added when value is set to empty string (`""`). + type: string + replicas: + description: Number of instances to deploy for a Prometheus deployment. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration Prometheus shall retain data for. Default + is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` + (milliseconds seconds minutes hours days weeks years). + type: string + retentionSize: + description: Maximum amount of disk space used by blocks. + type: string + routePrefix: + description: The route prefix Prometheus registers HTTP handlers for. + This is useful, if using ExternalURL and a proxy is rewriting HTTP + routes of a request, and the actual ExternalURL is still true, but + the server serves requests under a different route prefix. For example + for use with `kubectl proxy`. + type: string + ruleNamespaceSelector: + description: Namespaces to be selected for PrometheusRules discovery. + If unspecified, only the same namespace as the Prometheus object is + in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + ruleSelector: + description: A selector to select which PrometheusRules to mount for + loading alerting rules from. Until (excluding) Prometheus Operator + v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps + to PrometheusRule custom resources selected by RuleSelector. Make + sure it does not match any config maps that you do not want to be + migrated. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + rules: + description: /--rules.*/ command-line arguments. + properties: + alert: + description: /--rules.alert.*/ command-line arguments + properties: + forGracePeriod: + description: Minimum duration between alert and restored 'for' + state. This is maintained only for alerts with configured + 'for' time greater than grace period. + type: string + forOutageTolerance: + description: Max time to tolerate prometheus outage for restoring + 'for' state of alert. + type: string + resendDelay: + description: Minimum amount of time to wait before resending + an alert to Alertmanager. + type: string + type: object + type: object + scrapeInterval: + description: Interval between consecutive scrapes. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as the + Prometheus object, which shall be mounted into the Prometheus Pods. + The Secrets are mounted into /etc/prometheus/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Prometheus Pods. + type: string + serviceMonitorNamespaceSelector: + description: Namespaces to be selected for ServiceMonitor discovery. + If nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + serviceMonitorSelector: + description: ServiceMonitors to be selected for target discovery. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + sha: + description: SHA of Prometheus container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + storage: + description: Storage spec to specify how storage shall be used. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: Tag of Prometheus container image to be deployed. Defaults + to the value of `version`. Version is ignored if Tag is set. + type: string + thanos: + description: "Thanos configuration allows configuring various aspects + of a Prometheus server in a Thanos environment. \n This section is + experimental, it may change significantly without deprecation notice + in any release. \n This is experimental and may change significantly + without backward compatibility in any release." + properties: + baseImage: + description: Thanos base image if other than default. + type: string + grpcServerTlsConfig: + description: 'GRPCServerTLSConfig configures the gRPC server from + which Thanos Querier reads recorded rule data. Note: Currently + only the CAFile, CertFile, and KeyFile fields are supported. Maps + to the ''--grpc-server-tls-*'' CLI args.' + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + image: + description: Image if specified has precedence over baseImage, tag + and sha combinations. Specifying the version is still necessary + to ensure the Prometheus Operator knows what version of Thanos + is being configured. + type: string + listenLocal: + description: ListenLocal makes the Thanos sidecar listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + objectStorageConfig: + description: ObjectStorageConfig configures object storage in Thanos. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + resources: + description: Resources defines the resource requirements for the + Thanos sidecar. If not provided, no requests/limits will be set + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + sha: + description: SHA of Thanos container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + tag: + description: Tag of Thanos sidecar container image to be deployed. + Defaults to the value of `version`. Version is ignored if Tag + is set. + type: string + tracingConfig: + description: TracingConfig configures tracing in Thanos. This is + an experimental feature, it may change in any upcoming release + in a breaking way. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + version: + description: Version describes the version of Thanos to use. + type: string + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + version: + description: Version of Prometheus to be deployed. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the prometheus container, that + are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within a + container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When not + set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's + volume should be mounted. Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded using the container's + environment. Defaults to "" (volume's root). SubPathExpr and + SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + walCompression: + description: Enable compression of the write-ahead log using Snappy. + This flag is only available in versions of Prometheus >= 2.11.0. + type: boolean + type: object + status: + description: 'Most recent observed status of the Prometheus cluster. Read-only. + Not included when requesting from the apiserver, only from the Prometheus + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Prometheus deployment. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlaying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this Prometheus + deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Prometheus + deployment. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this Prometheus + deployment that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-prometheusrules.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-prometheusrules.yaml new file mode 100644 index 000000000..5546de38e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-prometheusrules.yaml @@ -0,0 +1,91 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: prometheusrules.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: PrometheusRule + listKind: PrometheusRuleList + plural: prometheusrules + singular: prometheusrule + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: PrometheusRule defines alerting rules for a Prometheus instance + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired alerting rule definitions for Prometheus. + properties: + groups: + description: Content of Prometheus rule file + items: + description: 'RuleGroup is a list of sequentially evaluated recording + and alerting rules. Note: PartialResponseStrategy is only used by + ThanosRuler and will be ignored by Prometheus instances. Valid + values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/master/docs/components/rule.md#partial-response' + properties: + interval: + type: string + name: + type: string + partial_response_strategy: + type: string + rules: + items: + description: Rule describes an alerting or recording rule. + properties: + alert: + type: string + annotations: + additionalProperties: + type: string + type: object + expr: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + for: + type: string + labels: + additionalProperties: + type: string + type: object + record: + type: string + required: + - expr + type: object + type: array + required: + - name + - rules + type: object + type: array + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-servicemonitor.yaml new file mode 100644 index 000000000..8f7a67c14 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-servicemonitor.yaml @@ -0,0 +1,459 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: servicemonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: ServiceMonitor + listKind: ServiceMonitorList + plural: servicemonitors + singular: servicemonitor + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: ServiceMonitor defines monitoring for a set of services. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Service selection for target discovery + by Prometheus. + properties: + endpoints: + description: A list of endpoints allowed as part of this ServiceMonitor. + items: + description: Endpoint defines a scrapeable endpoint serving Prometheus + metrics. + properties: + basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over + basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenFile: + description: File to read bearer token for scraping targets. + type: string + bearerTokenSecret: + description: Secret to mount to read bearer token for scraping + targets. The secret needs to be in the same namespace as the + service monitor and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. + type: string + port: + description: Name of the service port this endpoint refers to. + Mutually exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before scraping. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: Name or number of the pod port this endpoint refers + to. Mutually exclusive with port. + x-kubernetes-int-or-string: true + tlsConfig: + description: TLS configuration to use when scraping the endpoint + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + jobLabel: + description: The label to use to retrieve the job name from. + type: string + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects + are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Endpoints objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + targetLabels: + description: TargetLabels transfers labels on the Kubernetes Service + onto the target. + items: + type: string + type: array + required: + - endpoints + - selector + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-thanosrulers.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-thanosrulers.yaml new file mode 100644 index 000000000..82136d73e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-thanosrulers.yaml @@ -0,0 +1,4725 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: thanosrulers.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: ThanosRuler + listKind: ThanosRulerList + plural: thanosrulers + singular: thanosruler + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: ThanosRuler defines a ThanosRuler deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the ThanosRuler cluster. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alertDropLabels: + description: AlertDropLabels configure the label names which should + be dropped in ThanosRuler alerts. If `labels` field is not provided, + `thanos_ruler_replica` will be dropped in alerts by default. + items: + type: string + type: array + alertQueryUrl: + description: The external Query URL the Thanos Ruler will set in the + 'Source' field of all alerts. Maps to the '--alert.query-url' CLI + arg. + type: string + alertmanagersConfig: + description: Define configuration for connecting to alertmanager. Only + available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config` + arg. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + alertmanagersUrl: + description: 'Define URLs to send alerts to Alertmanager. For Thanos + v0.10.0 and higher, AlertManagersConfig should be used instead. Note: + this field will be ignored if AlertManagersConfig is specified. Maps + to the `alertmanagers.url` arg.' + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or modifying + operator generated containers. This can be used to allow adding an + authentication proxy to a ThanosRuler pod or to change the behavior + of an operator generated container. Containers described here modify + an operator generated container if they share the same name and modifications + are done via a strategic merge patch. The current container names + are: `thanos-ruler` and `rules-configmap-reloader`. Overriding containers + is entirely outside the scope of what the maintainers will support + and by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + enforcedNamespaceLabel: + description: EnforcedNamespaceLabel enforces adding a namespace label + of origin for each alert and metric that is user created. The label + value will always be the namespace of the object that is being created. + type: string + evaluationInterval: + description: Interval between consecutive evaluations. + type: string + externalPrefix: + description: The external URL the Thanos Ruler instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Thanos Ruler is not served from root of a DNS name. + type: string + grpcServerTlsConfig: + description: 'GRPCServerTLSConfig configures the gRPC server from which + Thanos Querier reads recorded rule data. Note: Currently only the + CAFile, CertFile, and KeyFile fields are supported. Maps to the ''--grpc-server-tls-*'' + CLI args.' + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to + use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container + for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + image: + description: Thanos container image URL. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the ThanosRuler configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: Labels configure the external label pairs to ThanosRuler. + If not provided, default replica label `thanos_ruler_replica` will + be added as a label and be dropped in alerts. + type: object + listenLocal: + description: ListenLocal makes the Thanos ruler listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for ThanosRuler to be configured with. + type: string + logLevel: + description: Log level for ThanosRuler to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + objectStorageConfig: + description: ObjectStorageConfig configures object storage in Thanos. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + paused: + description: When a ThanosRuler deployment is paused, no actions except + for deletion will be performed on the underlying objects. + type: boolean + podMetadata: + description: PodMetadata contains Labels and Annotations gets propagated + to the thanos ruler pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + queryConfig: + description: Define configuration for connecting to thanos query instances. + If this is defined, the QueryEndpoints field will be ignored. Maps + to the `query.config` CLI argument. Only available with thanos v0.11.0 + and higher. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + queryEndpoints: + description: QueryEndpoints defines Thanos querier endpoints from which + to query metrics. Maps to the --query flag of thanos ruler. + items: + type: string + type: array + replicas: + description: Number of thanos ruler instances to deploy. + format: int32 + type: integer + resources: + description: Resources defines the resource requirements for single + Pods. If not provided, no requests/limits will be set + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration ThanosRuler shall retain data for. Default + is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` + (milliseconds seconds minutes hours days weeks years). + type: string + routePrefix: + description: The route prefix ThanosRuler registers HTTP handlers for. + This allows thanos UI to be served on a sub-path. + type: string + ruleNamespaceSelector: + description: Namespaces to be selected for Rules discovery. If unspecified, + only the same namespace as the ThanosRuler object is in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + ruleSelector: + description: A label selector to select which PrometheusRules to mount + for alerting and recording. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Thanos Ruler Pods. + type: string + storage: + description: Storage spec to specify how storage shall be used. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + tracingConfig: + description: TracingConfig configures tracing in Thanos. This is an + experimental feature, it may change in any upcoming release in a breaking + way. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: 'Most recent observed status of the ThanosRuler cluster. Read-only. + Not included when requesting from the apiserver, only from the ThanosRuler + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this ThanosRuler deployment. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this ThanosRuler + deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this ThanosRuler + deployment. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this ThanosRuler + deployment that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/_helpers.tpl new file mode 100644 index 000000000..39b26c195 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/_helpers.tpl @@ -0,0 +1,7 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/jobs.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/jobs.yaml new file mode 100644 index 000000000..709005fd9 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/jobs.yaml @@ -0,0 +1,92 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-create + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": post-install, post-upgrade, post-rollback + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-create + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: create-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-delete + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-delete + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + initContainers: + - name: remove-finalizers + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + containers: + - name: delete-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - delete + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/manifest.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/manifest.yaml new file mode 100644 index 000000000..31016b6ef --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/manifest.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-manifest + namespace: {{ .Release.Namespace }} +data: + crd-manifest.yaml: | + {{- $currentScope := . -}} + {{- $crds := (.Files.Glob "crd-manifest/**.yaml") -}} + {{- range $path, $_ := $crds -}} + {{- with $currentScope -}} + {{ .Files.Get $path | nindent 4 }} + --- + {{- end -}}{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/rbac.yaml new file mode 100644 index 000000000..bdda1ddad --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/rbac.yaml @@ -0,0 +1,72 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: ['create', 'get', 'patch', 'delete'] +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ .Chart.Name }}-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Chart.Name }}-manager +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +spec: + privileged: false + allowPrivilegeEscalation: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/values.yaml new file mode 100644 index 000000000..3aac0a046 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/values.yaml @@ -0,0 +1,11 @@ +# Default values for rancher-monitoring-crd. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + +image: + repository: rancher/kubectl + tag: v1.18.6 diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/Chart.yaml new file mode 100755 index 000000000..e13bacc12 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-monitoring-system + catalog.cattle.io/release-name: rancher-monitoring-crd +apiVersion: v1 +description: Installs the CRDs for rancher-monitoring. +name: rancher-monitoring-crd +type: application +version: 9.4.203 diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/README.md b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/README.md new file mode 100755 index 000000000..48d2a8621 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/README.md @@ -0,0 +1,2 @@ +# rancher-monitoring-crd +A Rancher chart that installs the CRDs used by rancher-monitoring. diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-alertmanager.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-alertmanager.yaml new file mode 100755 index 000000000..98030b4f8 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-alertmanager.yaml @@ -0,0 +1,4500 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: alertmanagers.monitoring.coreos.com +spec: + additionalPrinterColumns: + - JSONPath: .spec.version + description: The version of Alertmanager + name: Version + type: string + - JSONPath: .spec.replicas + description: The desired replicas number of Alertmanagers + name: Replicas + type: integer + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: monitoring.coreos.com + names: + kind: Alertmanager + listKind: AlertmanagerList + plural: alertmanagers + singular: alertmanager + preserveUnknownFields: false + scope: Namespaced + subresources: {} + validation: + openAPIV3Schema: + description: Alertmanager describes an Alertmanager cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Alertmanager + cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalPeers: + description: AdditionalPeers allows injecting a set of additional Alertmanagers + to peer with to form a highly available cluster. + items: + type: string + type: array + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + baseImage: + description: Base image that is used to deploy pods, without tag. + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Alertmanager object, which shall be mounted into the Alertmanager + Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/. + items: + type: string + type: array + configSecret: + description: ConfigSecret is the name of a Kubernetes Secret in the + same namespace as the Alertmanager object, which contains configuration + for this Alertmanager instance. Defaults to 'alertmanager-' + The secret is mounted into /etc/alertmanager/config. + type: string + containers: + description: Containers allows injecting additional containers. This + is meant to allow adding an authentication proxy to an Alertmanager + pod. + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + externalUrl: + description: The external URL the Alertmanager instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Alertmanager is not served from root of a DNS name. + type: string + image: + description: Image if specified has precedence over baseImage, tag and + sha combinations. Specifying the version is still necessary to ensure + the Prometheus Operator knows what version of Alertmanager is being + configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling prometheus and alertmanager images from registries + see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Alertmanager configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Alertmanager server listen on loopback, + so that it does not bind against the Pod IP. Note this is only for + the Alertmanager UI, not the gossip communication. + type: boolean + logFormat: + description: Log format for Alertmanager to be configured with. + type: string + logLevel: + description: Log level for Alertmanager to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + paused: + description: If set to true all actions on the underlaying managed objects + are not goint to be performed, except for delete actions. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are + propagated to the alertmanager pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + replicas: + description: Size is the expected size of the alertmanager cluster. + The controller will eventually make the size of the running cluster + equal to the expected size. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration Alertmanager shall retain data for. Default + is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` + (milliseconds seconds minutes hours). + type: string + routePrefix: + description: The route prefix Alertmanager registers HTTP handlers for. + This is useful, if using ExternalURL and a proxy is rewriting HTTP + routes of a request, and the actual ExternalURL is still true, but + the server serves requests under a different route prefix. For example + for use with `kubectl proxy`. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as the + Alertmanager object, which shall be mounted into the Alertmanager + Pods. The Secrets are mounted into /etc/alertmanager/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Prometheus Pods. + type: string + sha: + description: SHA of Alertmanager container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + storage: + description: Storage is the definition of how storage will be used by + the Alertmanager instances. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: Tag of Alertmanager container image to be deployed. Defaults + to the value of `version`. Version is ignored if Tag is set. + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + version: + description: Version the cluster should be on. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the alertmanager container, that + are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within a + container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When not + set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's + volume should be mounted. Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded using the container's + environment. Defaults to "" (volume's root). SubPathExpr and + SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: 'Most recent observed status of the Alertmanager cluster. Read-only. + Not included when requesting from the apiserver, only from the Prometheus + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Alertmanager cluster. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlaying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this Alertmanager + cluster (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Alertmanager + cluster. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this Alertmanager + cluster that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-podmonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-podmonitor.yaml new file mode 100755 index 000000000..9cf3c42e4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-podmonitor.yaml @@ -0,0 +1,260 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: podmonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: PodMonitor + listKind: PodMonitorList + plural: podmonitors + singular: podmonitor + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: PodMonitor defines monitoring for a set of pods. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Pod selection for target discovery + by Prometheus. + properties: + jobLabel: + description: The label to use to retrieve the job name from. + type: string + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects + are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + podMetricsEndpoints: + description: A list of endpoints allowed as part of this PodMonitor. + items: + description: PodMetricsEndpoint defines a scrapeable endpoint of a + Kubernetes Pod serving Prometheus metrics. + properties: + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. + type: string + port: + description: Name of the pod port this endpoint refers to. Mutually + exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before ingestion. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Deprecated: Use ''port'' instead.' + x-kubernetes-int-or-string: true + type: object + type: array + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Pod objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + required: + - podMetricsEndpoints + - selector + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-prometheus.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-prometheus.yaml new file mode 100755 index 000000000..704379fb2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-prometheus.yaml @@ -0,0 +1,6002 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: prometheuses.monitoring.coreos.com +spec: + additionalPrinterColumns: + - JSONPath: .spec.version + description: The version of Prometheus + name: Version + type: string + - JSONPath: .spec.replicas + description: The desired replicas number of Prometheuses + name: Replicas + type: integer + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: monitoring.coreos.com + names: + kind: Prometheus + listKind: PrometheusList + plural: prometheuses + singular: prometheus + preserveUnknownFields: false + scope: Namespaced + subresources: {} + validation: + openAPIV3Schema: + description: Prometheus defines a Prometheus deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Prometheus cluster. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalAlertManagerConfigs: + description: 'AdditionalAlertManagerConfigs allows specifying a key + of a Secret containing additional Prometheus AlertManager configurations. + AlertManager configurations specified are appended to the configurations + generated by the Prometheus Operator. Job configurations specified + must have the form as specified in the official Prometheus documentation: + https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. + As AlertManager configs are appended, the user is responsible to make + sure it is valid. Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible AlertManager configs + are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + additionalAlertRelabelConfigs: + description: 'AdditionalAlertRelabelConfigs allows specifying a key + of a Secret containing additional Prometheus alert relabel configurations. + Alert relabel configurations specified are appended to the configurations + generated by the Prometheus Operator. Alert relabel configurations + specified must have the form as specified in the official Prometheus + documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. + As alert relabel configs are appended, the user is responsible to + make sure it is valid. Note that using this feature may expose the + possibility to break upgrades of Prometheus. It is advised to review + Prometheus release notes to ensure that no incompatible alert relabel + configs are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + additionalScrapeConfigs: + description: 'AdditionalScrapeConfigs allows specifying a key of a Secret + containing additional Prometheus scrape configurations. Scrape configurations + specified are appended to the configurations generated by the Prometheus + Operator. Job configurations specified must have the form as specified + in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. + As scrape configs are appended, the user is responsible to make sure + it is valid. Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible scrape configs are going + to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alerting: + description: Define details regarding alerting. + properties: + alertmanagers: + description: AlertmanagerEndpoints Prometheus should fire alerts + against. + items: + description: AlertmanagerEndpoints defines a selection of a single + Endpoints object containing alertmanager IPs to fire alerts + against. + properties: + apiVersion: + description: Version of the Alertmanager API that Prometheus + uses to send alerts. It can be "v1" or "v2". + type: string + bearerTokenFile: + description: BearerTokenFile to read from filesystem to use + when authenticating to Alertmanager. + type: string + name: + description: Name of Endpoints object in Namespace. + type: string + namespace: + description: Namespace of Endpoints object. + type: string + pathPrefix: + description: Prefix for the HTTP path alerts are pushed to. + type: string + port: + anyOf: + - type: integer + - type: string + description: Port the Alertmanager API is exposed on. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use when firing alerts. + type: string + tlsConfig: + description: TLS Config to use for alertmanager connection. + properties: + ca: + description: Stuct containing the CA cert to use for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for + the targets. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - name + - namespace + - port + type: object + type: array + required: + - alertmanagers + type: object + apiserverConfig: + description: APIServerConfig allows specifying a host and auth methods + to access apiserver. If left empty, Prometheus is assumed to run inside + of the cluster and will discover API servers automatically and use + the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + properties: + basicAuth: + description: BasicAuth allow an endpoint to authenticate over basic + authentication + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: Bearer token for accessing apiserver. + type: string + bearerTokenFile: + description: File to read bearer token for accessing apiserver. + type: string + host: + description: Host of apiserver. A valid string consisting of a hostname + or IP followed by an optional port number + type: string + tlsConfig: + description: TLS Config to use for accessing apiserver. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + type: object + arbitraryFSAccessThroughSMs: + description: ArbitraryFSAccessThroughSMs configures whether configuration + based on a service monitor can access arbitrary files on the file + system of the Prometheus container e.g. bearer token files. + properties: + deny: + type: boolean + type: object + baseImage: + description: Base image to use for a Prometheus deployment. + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Prometheus object, which shall be mounted into the Prometheus + Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/. + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or modifying + operator generated containers. This can be used to allow adding an + authentication proxy to a Prometheus pod or to change the behavior + of an operator generated container. Containers described here modify + an operator generated container if they share the same name and modifications + are done via a strategic merge patch. The current container names + are: `prometheus`, `prometheus-config-reloader`, `rules-configmap-reloader`, + and `thanos-sidecar`. Overriding containers is entirely outside the + scope of what the maintainers will support and by doing so, you accept + that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + disableCompaction: + description: Disable prometheus compaction. + type: boolean + enableAdminAPI: + description: 'Enable access to prometheus web admin API. Defaults to + the value of `false`. WARNING: Enabling the admin APIs enables mutating + endpoints, to delete data, shutdown Prometheus, and more. Enabling + this should be done with care and the user is advised to add additional + authentication authorization via a proxy to ensure only clients authorized + to perform these actions can do so. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis' + type: boolean + enforcedNamespaceLabel: + description: EnforcedNamespaceLabel enforces adding a namespace label + of origin for each alert and metric that is user created. The label + value will always be the namespace of the object that is being created. + type: string + evaluationInterval: + description: Interval between consecutive evaluations. + type: string + externalLabels: + additionalProperties: + type: string + description: The labels to add to any time series or alerts when communicating + with external systems (federation, remote storage, Alertmanager). + type: object + externalUrl: + description: The external URL the Prometheus instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Prometheus is not served from root of a DNS name. + type: string + ignoreNamespaceSelectors: + description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector + settings from the podmonitor and servicemonitor configs, and they + will only discover endpoints within their current namespace. Defaults + to false. + type: boolean + image: + description: Image if specified has precedence over baseImage, tag and + sha combinations. Specifying the version is still necessary to ensure + the Prometheus Operator knows what version of Prometheus is being + configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling prometheus and alertmanager images from registries + see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Prometheus configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Prometheus server listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for Prometheus to be configured with. + type: string + logLevel: + description: Log level for Prometheus to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + overrideHonorLabels: + description: OverrideHonorLabels if set to true overrides all user configured + honor_labels. If HonorLabels is set in ServiceMonitor or PodMonitor + to true, this overrides honor_labels to false. + type: boolean + overrideHonorTimestamps: + description: OverrideHonorTimestamps allows to globally enforce honoring + timestamps in all scrape configs. + type: boolean + paused: + description: When a Prometheus deployment is paused, no actions except + for deletion will be performed on the underlying objects. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are + propagated to the prometheus pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + podMonitorNamespaceSelector: + description: Namespaces to be selected for PodMonitor discovery. If + nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + podMonitorSelector: + description: '*Experimental* PodMonitors to be selected for target discovery.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + prometheusExternalLabelName: + description: Name of Prometheus external label used to denote Prometheus + instance name. Defaults to the value of `prometheus`. External label + will _not_ be added when value is set to empty string (`""`). + type: string + query: + description: QuerySpec defines the query command line flags when starting + Prometheus. + properties: + lookbackDelta: + description: The delta difference allowed for retrieving metrics + during expression evaluations. + type: string + maxConcurrency: + description: Number of concurrent queries that can be run at once. + format: int32 + type: integer + maxSamples: + description: Maximum number of samples a single query can load into + memory. Note that queries will fail if they would load more samples + than this into memory, so this also limits the number of samples + a query can return. + format: int32 + type: integer + timeout: + description: Maximum time a query may take before being aborted. + type: string + type: object + remoteRead: + description: If specified, the remote_read spec. This is an experimental + feature, it may change in any upcoming release in a breaking way. + items: + description: RemoteReadSpec defines the remote_read configuration + for prometheus. + properties: + basicAuth: + description: BasicAuth for the URL. + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: bearer token for remote read. + type: string + bearerTokenFile: + description: File to read bearer token for remote read. + type: string + proxyUrl: + description: Optional ProxyURL + type: string + readRecent: + description: Whether reads should be made for queries for time + ranges that the local storage should have complete data for. + type: boolean + remoteTimeout: + description: Timeout for requests to the remote read endpoint. + type: string + requiredMatchers: + additionalProperties: + type: string + description: An optional list of equality matchers which have + to be present in a selector to query the remote read endpoint. + type: object + tlsConfig: + description: TLS Config to use for remote read. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples to. + type: string + required: + - url + type: object + type: array + remoteWrite: + description: If specified, the remote_write spec. This is an experimental + feature, it may change in any upcoming release in a breaking way. + items: + description: RemoteWriteSpec defines the remote_write configuration + for prometheus. + properties: + basicAuth: + description: BasicAuth for the URL. + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: File to read bearer token for remote write. + type: string + bearerTokenFile: + description: File to read bearer token for remote write. + type: string + proxyUrl: + description: Optional ProxyURL + type: string + queueConfig: + description: QueueConfig allows tuning of the remote write queue + parameters. + properties: + batchSendDeadline: + description: BatchSendDeadline is the maximum time a sample + will wait in buffer. + type: string + capacity: + description: Capacity is the number of samples to buffer per + shard before we start dropping them. + type: integer + maxBackoff: + description: MaxBackoff is the maximum retry delay. + type: string + maxRetries: + description: MaxRetries is the maximum number of times to + retry a batch on recoverable errors. + type: integer + maxSamplesPerSend: + description: MaxSamplesPerSend is the maximum number of samples + per send. + type: integer + maxShards: + description: MaxShards is the maximum number of shards, i.e. + amount of concurrency. + type: integer + minBackoff: + description: MinBackoff is the initial retry delay. Gets doubled + for every retry. + type: string + minShards: + description: MinShards is the minimum number of shards, i.e. + amount of concurrency. + type: integer + type: object + remoteTimeout: + description: Timeout for requests to the remote write endpoint. + type: string + tlsConfig: + description: TLS Config to use for remote write. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples to. + type: string + writeRelabelConfigs: + description: The list of remote write relabel configurations. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + required: + - url + type: object + type: array + replicaExternalLabelName: + description: Name of Prometheus external label used to denote replica + name. Defaults to the value of `prometheus_replica`. External label + will _not_ be added when value is set to empty string (`""`). + type: string + replicas: + description: Number of instances to deploy for a Prometheus deployment. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration Prometheus shall retain data for. Default + is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` + (milliseconds seconds minutes hours days weeks years). + type: string + retentionSize: + description: Maximum amount of disk space used by blocks. + type: string + routePrefix: + description: The route prefix Prometheus registers HTTP handlers for. + This is useful, if using ExternalURL and a proxy is rewriting HTTP + routes of a request, and the actual ExternalURL is still true, but + the server serves requests under a different route prefix. For example + for use with `kubectl proxy`. + type: string + ruleNamespaceSelector: + description: Namespaces to be selected for PrometheusRules discovery. + If unspecified, only the same namespace as the Prometheus object is + in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + ruleSelector: + description: A selector to select which PrometheusRules to mount for + loading alerting rules from. Until (excluding) Prometheus Operator + v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps + to PrometheusRule custom resources selected by RuleSelector. Make + sure it does not match any config maps that you do not want to be + migrated. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + rules: + description: /--rules.*/ command-line arguments. + properties: + alert: + description: /--rules.alert.*/ command-line arguments + properties: + forGracePeriod: + description: Minimum duration between alert and restored 'for' + state. This is maintained only for alerts with configured + 'for' time greater than grace period. + type: string + forOutageTolerance: + description: Max time to tolerate prometheus outage for restoring + 'for' state of alert. + type: string + resendDelay: + description: Minimum amount of time to wait before resending + an alert to Alertmanager. + type: string + type: object + type: object + scrapeInterval: + description: Interval between consecutive scrapes. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as the + Prometheus object, which shall be mounted into the Prometheus Pods. + The Secrets are mounted into /etc/prometheus/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Prometheus Pods. + type: string + serviceMonitorNamespaceSelector: + description: Namespaces to be selected for ServiceMonitor discovery. + If nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + serviceMonitorSelector: + description: ServiceMonitors to be selected for target discovery. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + sha: + description: SHA of Prometheus container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + storage: + description: Storage spec to specify how storage shall be used. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: Tag of Prometheus container image to be deployed. Defaults + to the value of `version`. Version is ignored if Tag is set. + type: string + thanos: + description: "Thanos configuration allows configuring various aspects + of a Prometheus server in a Thanos environment. \n This section is + experimental, it may change significantly without deprecation notice + in any release. \n This is experimental and may change significantly + without backward compatibility in any release." + properties: + baseImage: + description: Thanos base image if other than default. + type: string + grpcServerTlsConfig: + description: 'GRPCServerTLSConfig configures the gRPC server from + which Thanos Querier reads recorded rule data. Note: Currently + only the CAFile, CertFile, and KeyFile fields are supported. Maps + to the ''--grpc-server-tls-*'' CLI args.' + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + image: + description: Image if specified has precedence over baseImage, tag + and sha combinations. Specifying the version is still necessary + to ensure the Prometheus Operator knows what version of Thanos + is being configured. + type: string + listenLocal: + description: ListenLocal makes the Thanos sidecar listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + objectStorageConfig: + description: ObjectStorageConfig configures object storage in Thanos. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + resources: + description: Resources defines the resource requirements for the + Thanos sidecar. If not provided, no requests/limits will be set + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + sha: + description: SHA of Thanos container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + tag: + description: Tag of Thanos sidecar container image to be deployed. + Defaults to the value of `version`. Version is ignored if Tag + is set. + type: string + tracingConfig: + description: TracingConfig configures tracing in Thanos. This is + an experimental feature, it may change in any upcoming release + in a breaking way. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + version: + description: Version describes the version of Thanos to use. + type: string + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + version: + description: Version of Prometheus to be deployed. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the prometheus container, that + are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within a + container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When not + set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's + volume should be mounted. Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded using the container's + environment. Defaults to "" (volume's root). SubPathExpr and + SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + walCompression: + description: Enable compression of the write-ahead log using Snappy. + This flag is only available in versions of Prometheus >= 2.11.0. + type: boolean + type: object + status: + description: 'Most recent observed status of the Prometheus cluster. Read-only. + Not included when requesting from the apiserver, only from the Prometheus + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Prometheus deployment. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlaying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this Prometheus + deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Prometheus + deployment. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this Prometheus + deployment that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-prometheusrules.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-prometheusrules.yaml new file mode 100755 index 000000000..5546de38e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-prometheusrules.yaml @@ -0,0 +1,91 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: prometheusrules.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: PrometheusRule + listKind: PrometheusRuleList + plural: prometheusrules + singular: prometheusrule + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: PrometheusRule defines alerting rules for a Prometheus instance + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired alerting rule definitions for Prometheus. + properties: + groups: + description: Content of Prometheus rule file + items: + description: 'RuleGroup is a list of sequentially evaluated recording + and alerting rules. Note: PartialResponseStrategy is only used by + ThanosRuler and will be ignored by Prometheus instances. Valid + values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/master/docs/components/rule.md#partial-response' + properties: + interval: + type: string + name: + type: string + partial_response_strategy: + type: string + rules: + items: + description: Rule describes an alerting or recording rule. + properties: + alert: + type: string + annotations: + additionalProperties: + type: string + type: object + expr: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + for: + type: string + labels: + additionalProperties: + type: string + type: object + record: + type: string + required: + - expr + type: object + type: array + required: + - name + - rules + type: object + type: array + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-servicemonitor.yaml new file mode 100755 index 000000000..8f7a67c14 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-servicemonitor.yaml @@ -0,0 +1,459 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: servicemonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: ServiceMonitor + listKind: ServiceMonitorList + plural: servicemonitors + singular: servicemonitor + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: ServiceMonitor defines monitoring for a set of services. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Service selection for target discovery + by Prometheus. + properties: + endpoints: + description: A list of endpoints allowed as part of this ServiceMonitor. + items: + description: Endpoint defines a scrapeable endpoint serving Prometheus + metrics. + properties: + basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over + basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenFile: + description: File to read bearer token for scraping targets. + type: string + bearerTokenSecret: + description: Secret to mount to read bearer token for scraping + targets. The secret needs to be in the same namespace as the + service monitor and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. + type: string + port: + description: Name of the service port this endpoint refers to. + Mutually exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before scraping. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: Name or number of the pod port this endpoint refers + to. Mutually exclusive with port. + x-kubernetes-int-or-string: true + tlsConfig: + description: TLS configuration to use when scraping the endpoint + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + jobLabel: + description: The label to use to retrieve the job name from. + type: string + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects + are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Endpoints objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + targetLabels: + description: TargetLabels transfers labels on the Kubernetes Service + onto the target. + items: + type: string + type: array + required: + - endpoints + - selector + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-thanosrulers.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-thanosrulers.yaml new file mode 100755 index 000000000..82136d73e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-thanosrulers.yaml @@ -0,0 +1,4725 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: thanosrulers.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: ThanosRuler + listKind: ThanosRulerList + plural: thanosrulers + singular: thanosruler + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: ThanosRuler defines a ThanosRuler deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the ThanosRuler cluster. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alertDropLabels: + description: AlertDropLabels configure the label names which should + be dropped in ThanosRuler alerts. If `labels` field is not provided, + `thanos_ruler_replica` will be dropped in alerts by default. + items: + type: string + type: array + alertQueryUrl: + description: The external Query URL the Thanos Ruler will set in the + 'Source' field of all alerts. Maps to the '--alert.query-url' CLI + arg. + type: string + alertmanagersConfig: + description: Define configuration for connecting to alertmanager. Only + available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config` + arg. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + alertmanagersUrl: + description: 'Define URLs to send alerts to Alertmanager. For Thanos + v0.10.0 and higher, AlertManagersConfig should be used instead. Note: + this field will be ignored if AlertManagersConfig is specified. Maps + to the `alertmanagers.url` arg.' + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or modifying + operator generated containers. This can be used to allow adding an + authentication proxy to a ThanosRuler pod or to change the behavior + of an operator generated container. Containers described here modify + an operator generated container if they share the same name and modifications + are done via a strategic merge patch. The current container names + are: `thanos-ruler` and `rules-configmap-reloader`. Overriding containers + is entirely outside the scope of what the maintainers will support + and by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + enforcedNamespaceLabel: + description: EnforcedNamespaceLabel enforces adding a namespace label + of origin for each alert and metric that is user created. The label + value will always be the namespace of the object that is being created. + type: string + evaluationInterval: + description: Interval between consecutive evaluations. + type: string + externalPrefix: + description: The external URL the Thanos Ruler instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Thanos Ruler is not served from root of a DNS name. + type: string + grpcServerTlsConfig: + description: 'GRPCServerTLSConfig configures the gRPC server from which + Thanos Querier reads recorded rule data. Note: Currently only the + CAFile, CertFile, and KeyFile fields are supported. Maps to the ''--grpc-server-tls-*'' + CLI args.' + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to + use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container + for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + image: + description: Thanos container image URL. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the ThanosRuler configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: Labels configure the external label pairs to ThanosRuler. + If not provided, default replica label `thanos_ruler_replica` will + be added as a label and be dropped in alerts. + type: object + listenLocal: + description: ListenLocal makes the Thanos ruler listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for ThanosRuler to be configured with. + type: string + logLevel: + description: Log level for ThanosRuler to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + objectStorageConfig: + description: ObjectStorageConfig configures object storage in Thanos. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + paused: + description: When a ThanosRuler deployment is paused, no actions except + for deletion will be performed on the underlying objects. + type: boolean + podMetadata: + description: PodMetadata contains Labels and Annotations gets propagated + to the thanos ruler pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + queryConfig: + description: Define configuration for connecting to thanos query instances. + If this is defined, the QueryEndpoints field will be ignored. Maps + to the `query.config` CLI argument. Only available with thanos v0.11.0 + and higher. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + queryEndpoints: + description: QueryEndpoints defines Thanos querier endpoints from which + to query metrics. Maps to the --query flag of thanos ruler. + items: + type: string + type: array + replicas: + description: Number of thanos ruler instances to deploy. + format: int32 + type: integer + resources: + description: Resources defines the resource requirements for single + Pods. If not provided, no requests/limits will be set + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration ThanosRuler shall retain data for. Default + is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` + (milliseconds seconds minutes hours days weeks years). + type: string + routePrefix: + description: The route prefix ThanosRuler registers HTTP handlers for. + This allows thanos UI to be served on a sub-path. + type: string + ruleNamespaceSelector: + description: Namespaces to be selected for Rules discovery. If unspecified, + only the same namespace as the ThanosRuler object is in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + ruleSelector: + description: A label selector to select which PrometheusRules to mount + for alerting and recording. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Thanos Ruler Pods. + type: string + storage: + description: Storage spec to specify how storage shall be used. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + tracingConfig: + description: TracingConfig configures tracing in Thanos. This is an + experimental feature, it may change in any upcoming release in a breaking + way. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: 'Most recent observed status of the ThanosRuler cluster. Read-only. + Not included when requesting from the apiserver, only from the ThanosRuler + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this ThanosRuler deployment. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this ThanosRuler + deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this ThanosRuler + deployment. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this ThanosRuler + deployment that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/_helpers.tpl new file mode 100755 index 000000000..39b26c195 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/_helpers.tpl @@ -0,0 +1,7 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/jobs.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/jobs.yaml new file mode 100755 index 000000000..709005fd9 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/jobs.yaml @@ -0,0 +1,92 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-create + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": post-install, post-upgrade, post-rollback + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-create + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: create-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-delete + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-delete + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + initContainers: + - name: remove-finalizers + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + containers: + - name: delete-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - delete + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/manifest.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/manifest.yaml new file mode 100755 index 000000000..31016b6ef --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/manifest.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-manifest + namespace: {{ .Release.Namespace }} +data: + crd-manifest.yaml: | + {{- $currentScope := . -}} + {{- $crds := (.Files.Glob "crd-manifest/**.yaml") -}} + {{- range $path, $_ := $crds -}} + {{- with $currentScope -}} + {{ .Files.Get $path | nindent 4 }} + --- + {{- end -}}{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/rbac.yaml new file mode 100755 index 000000000..bdda1ddad --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/rbac.yaml @@ -0,0 +1,72 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: ['create', 'get', 'patch', 'delete'] +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ .Chart.Name }}-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Chart.Name }}-manager +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +spec: + privileged: false + allowPrivilegeEscalation: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/values.yaml new file mode 100755 index 000000000..3aac0a046 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/values.yaml @@ -0,0 +1,11 @@ +# Default values for rancher-monitoring-crd. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + +image: + repository: rancher/kubectl + tag: v1.18.6 diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/Chart.yaml new file mode 100755 index 000000000..e300c144d --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-monitoring-system + catalog.cattle.io/release-name: rancher-monitoring-crd +apiVersion: v1 +description: Installs the CRDs for rancher-monitoring. +name: rancher-monitoring-crd +type: application +version: 9.4.204 diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/README.md b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/README.md new file mode 100755 index 000000000..48d2a8621 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/README.md @@ -0,0 +1,2 @@ +# rancher-monitoring-crd +A Rancher chart that installs the CRDs used by rancher-monitoring. diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-alertmanager.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-alertmanager.yaml new file mode 100755 index 000000000..98030b4f8 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-alertmanager.yaml @@ -0,0 +1,4500 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: alertmanagers.monitoring.coreos.com +spec: + additionalPrinterColumns: + - JSONPath: .spec.version + description: The version of Alertmanager + name: Version + type: string + - JSONPath: .spec.replicas + description: The desired replicas number of Alertmanagers + name: Replicas + type: integer + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: monitoring.coreos.com + names: + kind: Alertmanager + listKind: AlertmanagerList + plural: alertmanagers + singular: alertmanager + preserveUnknownFields: false + scope: Namespaced + subresources: {} + validation: + openAPIV3Schema: + description: Alertmanager describes an Alertmanager cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Alertmanager + cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalPeers: + description: AdditionalPeers allows injecting a set of additional Alertmanagers + to peer with to form a highly available cluster. + items: + type: string + type: array + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + baseImage: + description: Base image that is used to deploy pods, without tag. + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Alertmanager object, which shall be mounted into the Alertmanager + Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/. + items: + type: string + type: array + configSecret: + description: ConfigSecret is the name of a Kubernetes Secret in the + same namespace as the Alertmanager object, which contains configuration + for this Alertmanager instance. Defaults to 'alertmanager-' + The secret is mounted into /etc/alertmanager/config. + type: string + containers: + description: Containers allows injecting additional containers. This + is meant to allow adding an authentication proxy to an Alertmanager + pod. + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + externalUrl: + description: The external URL the Alertmanager instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Alertmanager is not served from root of a DNS name. + type: string + image: + description: Image if specified has precedence over baseImage, tag and + sha combinations. Specifying the version is still necessary to ensure + the Prometheus Operator knows what version of Alertmanager is being + configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling prometheus and alertmanager images from registries + see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Alertmanager configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Alertmanager server listen on loopback, + so that it does not bind against the Pod IP. Note this is only for + the Alertmanager UI, not the gossip communication. + type: boolean + logFormat: + description: Log format for Alertmanager to be configured with. + type: string + logLevel: + description: Log level for Alertmanager to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + paused: + description: If set to true all actions on the underlaying managed objects + are not goint to be performed, except for delete actions. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are + propagated to the alertmanager pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + replicas: + description: Size is the expected size of the alertmanager cluster. + The controller will eventually make the size of the running cluster + equal to the expected size. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration Alertmanager shall retain data for. Default + is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` + (milliseconds seconds minutes hours). + type: string + routePrefix: + description: The route prefix Alertmanager registers HTTP handlers for. + This is useful, if using ExternalURL and a proxy is rewriting HTTP + routes of a request, and the actual ExternalURL is still true, but + the server serves requests under a different route prefix. For example + for use with `kubectl proxy`. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as the + Alertmanager object, which shall be mounted into the Alertmanager + Pods. The Secrets are mounted into /etc/alertmanager/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Prometheus Pods. + type: string + sha: + description: SHA of Alertmanager container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + storage: + description: Storage is the definition of how storage will be used by + the Alertmanager instances. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: Tag of Alertmanager container image to be deployed. Defaults + to the value of `version`. Version is ignored if Tag is set. + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + version: + description: Version the cluster should be on. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the alertmanager container, that + are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within a + container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When not + set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's + volume should be mounted. Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded using the container's + environment. Defaults to "" (volume's root). SubPathExpr and + SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: 'Most recent observed status of the Alertmanager cluster. Read-only. + Not included when requesting from the apiserver, only from the Prometheus + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Alertmanager cluster. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlaying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this Alertmanager + cluster (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Alertmanager + cluster. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this Alertmanager + cluster that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-podmonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-podmonitor.yaml new file mode 100755 index 000000000..9cf3c42e4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-podmonitor.yaml @@ -0,0 +1,260 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: podmonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: PodMonitor + listKind: PodMonitorList + plural: podmonitors + singular: podmonitor + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: PodMonitor defines monitoring for a set of pods. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Pod selection for target discovery + by Prometheus. + properties: + jobLabel: + description: The label to use to retrieve the job name from. + type: string + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects + are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + podMetricsEndpoints: + description: A list of endpoints allowed as part of this PodMonitor. + items: + description: PodMetricsEndpoint defines a scrapeable endpoint of a + Kubernetes Pod serving Prometheus metrics. + properties: + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. + type: string + port: + description: Name of the pod port this endpoint refers to. Mutually + exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before ingestion. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Deprecated: Use ''port'' instead.' + x-kubernetes-int-or-string: true + type: object + type: array + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Pod objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + required: + - podMetricsEndpoints + - selector + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-prometheus.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-prometheus.yaml new file mode 100755 index 000000000..704379fb2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-prometheus.yaml @@ -0,0 +1,6002 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: prometheuses.monitoring.coreos.com +spec: + additionalPrinterColumns: + - JSONPath: .spec.version + description: The version of Prometheus + name: Version + type: string + - JSONPath: .spec.replicas + description: The desired replicas number of Prometheuses + name: Replicas + type: integer + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: monitoring.coreos.com + names: + kind: Prometheus + listKind: PrometheusList + plural: prometheuses + singular: prometheus + preserveUnknownFields: false + scope: Namespaced + subresources: {} + validation: + openAPIV3Schema: + description: Prometheus defines a Prometheus deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Prometheus cluster. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalAlertManagerConfigs: + description: 'AdditionalAlertManagerConfigs allows specifying a key + of a Secret containing additional Prometheus AlertManager configurations. + AlertManager configurations specified are appended to the configurations + generated by the Prometheus Operator. Job configurations specified + must have the form as specified in the official Prometheus documentation: + https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. + As AlertManager configs are appended, the user is responsible to make + sure it is valid. Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible AlertManager configs + are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + additionalAlertRelabelConfigs: + description: 'AdditionalAlertRelabelConfigs allows specifying a key + of a Secret containing additional Prometheus alert relabel configurations. + Alert relabel configurations specified are appended to the configurations + generated by the Prometheus Operator. Alert relabel configurations + specified must have the form as specified in the official Prometheus + documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. + As alert relabel configs are appended, the user is responsible to + make sure it is valid. Note that using this feature may expose the + possibility to break upgrades of Prometheus. It is advised to review + Prometheus release notes to ensure that no incompatible alert relabel + configs are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + additionalScrapeConfigs: + description: 'AdditionalScrapeConfigs allows specifying a key of a Secret + containing additional Prometheus scrape configurations. Scrape configurations + specified are appended to the configurations generated by the Prometheus + Operator. Job configurations specified must have the form as specified + in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. + As scrape configs are appended, the user is responsible to make sure + it is valid. Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible scrape configs are going + to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alerting: + description: Define details regarding alerting. + properties: + alertmanagers: + description: AlertmanagerEndpoints Prometheus should fire alerts + against. + items: + description: AlertmanagerEndpoints defines a selection of a single + Endpoints object containing alertmanager IPs to fire alerts + against. + properties: + apiVersion: + description: Version of the Alertmanager API that Prometheus + uses to send alerts. It can be "v1" or "v2". + type: string + bearerTokenFile: + description: BearerTokenFile to read from filesystem to use + when authenticating to Alertmanager. + type: string + name: + description: Name of Endpoints object in Namespace. + type: string + namespace: + description: Namespace of Endpoints object. + type: string + pathPrefix: + description: Prefix for the HTTP path alerts are pushed to. + type: string + port: + anyOf: + - type: integer + - type: string + description: Port the Alertmanager API is exposed on. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use when firing alerts. + type: string + tlsConfig: + description: TLS Config to use for alertmanager connection. + properties: + ca: + description: Stuct containing the CA cert to use for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for + the targets. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - name + - namespace + - port + type: object + type: array + required: + - alertmanagers + type: object + apiserverConfig: + description: APIServerConfig allows specifying a host and auth methods + to access apiserver. If left empty, Prometheus is assumed to run inside + of the cluster and will discover API servers automatically and use + the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + properties: + basicAuth: + description: BasicAuth allow an endpoint to authenticate over basic + authentication + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: Bearer token for accessing apiserver. + type: string + bearerTokenFile: + description: File to read bearer token for accessing apiserver. + type: string + host: + description: Host of apiserver. A valid string consisting of a hostname + or IP followed by an optional port number + type: string + tlsConfig: + description: TLS Config to use for accessing apiserver. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + type: object + arbitraryFSAccessThroughSMs: + description: ArbitraryFSAccessThroughSMs configures whether configuration + based on a service monitor can access arbitrary files on the file + system of the Prometheus container e.g. bearer token files. + properties: + deny: + type: boolean + type: object + baseImage: + description: Base image to use for a Prometheus deployment. + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Prometheus object, which shall be mounted into the Prometheus + Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/. + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or modifying + operator generated containers. This can be used to allow adding an + authentication proxy to a Prometheus pod or to change the behavior + of an operator generated container. Containers described here modify + an operator generated container if they share the same name and modifications + are done via a strategic merge patch. The current container names + are: `prometheus`, `prometheus-config-reloader`, `rules-configmap-reloader`, + and `thanos-sidecar`. Overriding containers is entirely outside the + scope of what the maintainers will support and by doing so, you accept + that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + disableCompaction: + description: Disable prometheus compaction. + type: boolean + enableAdminAPI: + description: 'Enable access to prometheus web admin API. Defaults to + the value of `false`. WARNING: Enabling the admin APIs enables mutating + endpoints, to delete data, shutdown Prometheus, and more. Enabling + this should be done with care and the user is advised to add additional + authentication authorization via a proxy to ensure only clients authorized + to perform these actions can do so. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis' + type: boolean + enforcedNamespaceLabel: + description: EnforcedNamespaceLabel enforces adding a namespace label + of origin for each alert and metric that is user created. The label + value will always be the namespace of the object that is being created. + type: string + evaluationInterval: + description: Interval between consecutive evaluations. + type: string + externalLabels: + additionalProperties: + type: string + description: The labels to add to any time series or alerts when communicating + with external systems (federation, remote storage, Alertmanager). + type: object + externalUrl: + description: The external URL the Prometheus instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Prometheus is not served from root of a DNS name. + type: string + ignoreNamespaceSelectors: + description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector + settings from the podmonitor and servicemonitor configs, and they + will only discover endpoints within their current namespace. Defaults + to false. + type: boolean + image: + description: Image if specified has precedence over baseImage, tag and + sha combinations. Specifying the version is still necessary to ensure + the Prometheus Operator knows what version of Prometheus is being + configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling prometheus and alertmanager images from registries + see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Prometheus configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Prometheus server listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for Prometheus to be configured with. + type: string + logLevel: + description: Log level for Prometheus to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + overrideHonorLabels: + description: OverrideHonorLabels if set to true overrides all user configured + honor_labels. If HonorLabels is set in ServiceMonitor or PodMonitor + to true, this overrides honor_labels to false. + type: boolean + overrideHonorTimestamps: + description: OverrideHonorTimestamps allows to globally enforce honoring + timestamps in all scrape configs. + type: boolean + paused: + description: When a Prometheus deployment is paused, no actions except + for deletion will be performed on the underlying objects. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are + propagated to the prometheus pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + podMonitorNamespaceSelector: + description: Namespaces to be selected for PodMonitor discovery. If + nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + podMonitorSelector: + description: '*Experimental* PodMonitors to be selected for target discovery.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + prometheusExternalLabelName: + description: Name of Prometheus external label used to denote Prometheus + instance name. Defaults to the value of `prometheus`. External label + will _not_ be added when value is set to empty string (`""`). + type: string + query: + description: QuerySpec defines the query command line flags when starting + Prometheus. + properties: + lookbackDelta: + description: The delta difference allowed for retrieving metrics + during expression evaluations. + type: string + maxConcurrency: + description: Number of concurrent queries that can be run at once. + format: int32 + type: integer + maxSamples: + description: Maximum number of samples a single query can load into + memory. Note that queries will fail if they would load more samples + than this into memory, so this also limits the number of samples + a query can return. + format: int32 + type: integer + timeout: + description: Maximum time a query may take before being aborted. + type: string + type: object + remoteRead: + description: If specified, the remote_read spec. This is an experimental + feature, it may change in any upcoming release in a breaking way. + items: + description: RemoteReadSpec defines the remote_read configuration + for prometheus. + properties: + basicAuth: + description: BasicAuth for the URL. + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: bearer token for remote read. + type: string + bearerTokenFile: + description: File to read bearer token for remote read. + type: string + proxyUrl: + description: Optional ProxyURL + type: string + readRecent: + description: Whether reads should be made for queries for time + ranges that the local storage should have complete data for. + type: boolean + remoteTimeout: + description: Timeout for requests to the remote read endpoint. + type: string + requiredMatchers: + additionalProperties: + type: string + description: An optional list of equality matchers which have + to be present in a selector to query the remote read endpoint. + type: object + tlsConfig: + description: TLS Config to use for remote read. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples to. + type: string + required: + - url + type: object + type: array + remoteWrite: + description: If specified, the remote_write spec. This is an experimental + feature, it may change in any upcoming release in a breaking way. + items: + description: RemoteWriteSpec defines the remote_write configuration + for prometheus. + properties: + basicAuth: + description: BasicAuth for the URL. + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: File to read bearer token for remote write. + type: string + bearerTokenFile: + description: File to read bearer token for remote write. + type: string + proxyUrl: + description: Optional ProxyURL + type: string + queueConfig: + description: QueueConfig allows tuning of the remote write queue + parameters. + properties: + batchSendDeadline: + description: BatchSendDeadline is the maximum time a sample + will wait in buffer. + type: string + capacity: + description: Capacity is the number of samples to buffer per + shard before we start dropping them. + type: integer + maxBackoff: + description: MaxBackoff is the maximum retry delay. + type: string + maxRetries: + description: MaxRetries is the maximum number of times to + retry a batch on recoverable errors. + type: integer + maxSamplesPerSend: + description: MaxSamplesPerSend is the maximum number of samples + per send. + type: integer + maxShards: + description: MaxShards is the maximum number of shards, i.e. + amount of concurrency. + type: integer + minBackoff: + description: MinBackoff is the initial retry delay. Gets doubled + for every retry. + type: string + minShards: + description: MinShards is the minimum number of shards, i.e. + amount of concurrency. + type: integer + type: object + remoteTimeout: + description: Timeout for requests to the remote write endpoint. + type: string + tlsConfig: + description: TLS Config to use for remote write. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples to. + type: string + writeRelabelConfigs: + description: The list of remote write relabel configurations. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + required: + - url + type: object + type: array + replicaExternalLabelName: + description: Name of Prometheus external label used to denote replica + name. Defaults to the value of `prometheus_replica`. External label + will _not_ be added when value is set to empty string (`""`). + type: string + replicas: + description: Number of instances to deploy for a Prometheus deployment. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration Prometheus shall retain data for. Default + is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` + (milliseconds seconds minutes hours days weeks years). + type: string + retentionSize: + description: Maximum amount of disk space used by blocks. + type: string + routePrefix: + description: The route prefix Prometheus registers HTTP handlers for. + This is useful, if using ExternalURL and a proxy is rewriting HTTP + routes of a request, and the actual ExternalURL is still true, but + the server serves requests under a different route prefix. For example + for use with `kubectl proxy`. + type: string + ruleNamespaceSelector: + description: Namespaces to be selected for PrometheusRules discovery. + If unspecified, only the same namespace as the Prometheus object is + in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + ruleSelector: + description: A selector to select which PrometheusRules to mount for + loading alerting rules from. Until (excluding) Prometheus Operator + v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps + to PrometheusRule custom resources selected by RuleSelector. Make + sure it does not match any config maps that you do not want to be + migrated. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + rules: + description: /--rules.*/ command-line arguments. + properties: + alert: + description: /--rules.alert.*/ command-line arguments + properties: + forGracePeriod: + description: Minimum duration between alert and restored 'for' + state. This is maintained only for alerts with configured + 'for' time greater than grace period. + type: string + forOutageTolerance: + description: Max time to tolerate prometheus outage for restoring + 'for' state of alert. + type: string + resendDelay: + description: Minimum amount of time to wait before resending + an alert to Alertmanager. + type: string + type: object + type: object + scrapeInterval: + description: Interval between consecutive scrapes. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as the + Prometheus object, which shall be mounted into the Prometheus Pods. + The Secrets are mounted into /etc/prometheus/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Prometheus Pods. + type: string + serviceMonitorNamespaceSelector: + description: Namespaces to be selected for ServiceMonitor discovery. + If nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + serviceMonitorSelector: + description: ServiceMonitors to be selected for target discovery. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + sha: + description: SHA of Prometheus container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + storage: + description: Storage spec to specify how storage shall be used. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: Tag of Prometheus container image to be deployed. Defaults + to the value of `version`. Version is ignored if Tag is set. + type: string + thanos: + description: "Thanos configuration allows configuring various aspects + of a Prometheus server in a Thanos environment. \n This section is + experimental, it may change significantly without deprecation notice + in any release. \n This is experimental and may change significantly + without backward compatibility in any release." + properties: + baseImage: + description: Thanos base image if other than default. + type: string + grpcServerTlsConfig: + description: 'GRPCServerTLSConfig configures the gRPC server from + which Thanos Querier reads recorded rule data. Note: Currently + only the CAFile, CertFile, and KeyFile fields are supported. Maps + to the ''--grpc-server-tls-*'' CLI args.' + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + image: + description: Image if specified has precedence over baseImage, tag + and sha combinations. Specifying the version is still necessary + to ensure the Prometheus Operator knows what version of Thanos + is being configured. + type: string + listenLocal: + description: ListenLocal makes the Thanos sidecar listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + objectStorageConfig: + description: ObjectStorageConfig configures object storage in Thanos. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + resources: + description: Resources defines the resource requirements for the + Thanos sidecar. If not provided, no requests/limits will be set + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + sha: + description: SHA of Thanos container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + tag: + description: Tag of Thanos sidecar container image to be deployed. + Defaults to the value of `version`. Version is ignored if Tag + is set. + type: string + tracingConfig: + description: TracingConfig configures tracing in Thanos. This is + an experimental feature, it may change in any upcoming release + in a breaking way. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + version: + description: Version describes the version of Thanos to use. + type: string + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + version: + description: Version of Prometheus to be deployed. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the prometheus container, that + are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within a + container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When not + set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's + volume should be mounted. Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded using the container's + environment. Defaults to "" (volume's root). SubPathExpr and + SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + walCompression: + description: Enable compression of the write-ahead log using Snappy. + This flag is only available in versions of Prometheus >= 2.11.0. + type: boolean + type: object + status: + description: 'Most recent observed status of the Prometheus cluster. Read-only. + Not included when requesting from the apiserver, only from the Prometheus + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Prometheus deployment. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlaying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this Prometheus + deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Prometheus + deployment. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this Prometheus + deployment that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-prometheusrules.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-prometheusrules.yaml new file mode 100755 index 000000000..5546de38e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-prometheusrules.yaml @@ -0,0 +1,91 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: prometheusrules.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: PrometheusRule + listKind: PrometheusRuleList + plural: prometheusrules + singular: prometheusrule + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: PrometheusRule defines alerting rules for a Prometheus instance + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired alerting rule definitions for Prometheus. + properties: + groups: + description: Content of Prometheus rule file + items: + description: 'RuleGroup is a list of sequentially evaluated recording + and alerting rules. Note: PartialResponseStrategy is only used by + ThanosRuler and will be ignored by Prometheus instances. Valid + values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/master/docs/components/rule.md#partial-response' + properties: + interval: + type: string + name: + type: string + partial_response_strategy: + type: string + rules: + items: + description: Rule describes an alerting or recording rule. + properties: + alert: + type: string + annotations: + additionalProperties: + type: string + type: object + expr: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + for: + type: string + labels: + additionalProperties: + type: string + type: object + record: + type: string + required: + - expr + type: object + type: array + required: + - name + - rules + type: object + type: array + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-servicemonitor.yaml new file mode 100755 index 000000000..8f7a67c14 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-servicemonitor.yaml @@ -0,0 +1,459 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: servicemonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: ServiceMonitor + listKind: ServiceMonitorList + plural: servicemonitors + singular: servicemonitor + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: ServiceMonitor defines monitoring for a set of services. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Service selection for target discovery + by Prometheus. + properties: + endpoints: + description: A list of endpoints allowed as part of this ServiceMonitor. + items: + description: Endpoint defines a scrapeable endpoint serving Prometheus + metrics. + properties: + basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over + basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenFile: + description: File to read bearer token for scraping targets. + type: string + bearerTokenSecret: + description: Secret to mount to read bearer token for scraping + targets. The secret needs to be in the same namespace as the + service monitor and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. + type: string + port: + description: Name of the service port this endpoint refers to. + Mutually exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before scraping. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: Name or number of the pod port this endpoint refers + to. Mutually exclusive with port. + x-kubernetes-int-or-string: true + tlsConfig: + description: TLS configuration to use when scraping the endpoint + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + jobLabel: + description: The label to use to retrieve the job name from. + type: string + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects + are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Endpoints objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + targetLabels: + description: TargetLabels transfers labels on the Kubernetes Service + onto the target. + items: + type: string + type: array + required: + - endpoints + - selector + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-thanosrulers.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-thanosrulers.yaml new file mode 100755 index 000000000..82136d73e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-thanosrulers.yaml @@ -0,0 +1,4725 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: thanosrulers.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: ThanosRuler + listKind: ThanosRulerList + plural: thanosrulers + singular: thanosruler + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: ThanosRuler defines a ThanosRuler deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the ThanosRuler cluster. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alertDropLabels: + description: AlertDropLabels configure the label names which should + be dropped in ThanosRuler alerts. If `labels` field is not provided, + `thanos_ruler_replica` will be dropped in alerts by default. + items: + type: string + type: array + alertQueryUrl: + description: The external Query URL the Thanos Ruler will set in the + 'Source' field of all alerts. Maps to the '--alert.query-url' CLI + arg. + type: string + alertmanagersConfig: + description: Define configuration for connecting to alertmanager. Only + available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config` + arg. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + alertmanagersUrl: + description: 'Define URLs to send alerts to Alertmanager. For Thanos + v0.10.0 and higher, AlertManagersConfig should be used instead. Note: + this field will be ignored if AlertManagersConfig is specified. Maps + to the `alertmanagers.url` arg.' + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or modifying + operator generated containers. This can be used to allow adding an + authentication proxy to a ThanosRuler pod or to change the behavior + of an operator generated container. Containers described here modify + an operator generated container if they share the same name and modifications + are done via a strategic merge patch. The current container names + are: `thanos-ruler` and `rules-configmap-reloader`. Overriding containers + is entirely outside the scope of what the maintainers will support + and by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + enforcedNamespaceLabel: + description: EnforcedNamespaceLabel enforces adding a namespace label + of origin for each alert and metric that is user created. The label + value will always be the namespace of the object that is being created. + type: string + evaluationInterval: + description: Interval between consecutive evaluations. + type: string + externalPrefix: + description: The external URL the Thanos Ruler instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Thanos Ruler is not served from root of a DNS name. + type: string + grpcServerTlsConfig: + description: 'GRPCServerTLSConfig configures the gRPC server from which + Thanos Querier reads recorded rule data. Note: Currently only the + CAFile, CertFile, and KeyFile fields are supported. Maps to the ''--grpc-server-tls-*'' + CLI args.' + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to + use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container + for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + image: + description: Thanos container image URL. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the ThanosRuler configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: Labels configure the external label pairs to ThanosRuler. + If not provided, default replica label `thanos_ruler_replica` will + be added as a label and be dropped in alerts. + type: object + listenLocal: + description: ListenLocal makes the Thanos ruler listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for ThanosRuler to be configured with. + type: string + logLevel: + description: Log level for ThanosRuler to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + objectStorageConfig: + description: ObjectStorageConfig configures object storage in Thanos. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + paused: + description: When a ThanosRuler deployment is paused, no actions except + for deletion will be performed on the underlying objects. + type: boolean + podMetadata: + description: PodMetadata contains Labels and Annotations gets propagated + to the thanos ruler pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + queryConfig: + description: Define configuration for connecting to thanos query instances. + If this is defined, the QueryEndpoints field will be ignored. Maps + to the `query.config` CLI argument. Only available with thanos v0.11.0 + and higher. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + queryEndpoints: + description: QueryEndpoints defines Thanos querier endpoints from which + to query metrics. Maps to the --query flag of thanos ruler. + items: + type: string + type: array + replicas: + description: Number of thanos ruler instances to deploy. + format: int32 + type: integer + resources: + description: Resources defines the resource requirements for single + Pods. If not provided, no requests/limits will be set + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration ThanosRuler shall retain data for. Default + is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` + (milliseconds seconds minutes hours days weeks years). + type: string + routePrefix: + description: The route prefix ThanosRuler registers HTTP handlers for. + This allows thanos UI to be served on a sub-path. + type: string + ruleNamespaceSelector: + description: Namespaces to be selected for Rules discovery. If unspecified, + only the same namespace as the ThanosRuler object is in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + ruleSelector: + description: A label selector to select which PrometheusRules to mount + for alerting and recording. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Thanos Ruler Pods. + type: string + storage: + description: Storage spec to specify how storage shall be used. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + tracingConfig: + description: TracingConfig configures tracing in Thanos. This is an + experimental feature, it may change in any upcoming release in a breaking + way. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: 'Most recent observed status of the ThanosRuler cluster. Read-only. + Not included when requesting from the apiserver, only from the ThanosRuler + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this ThanosRuler deployment. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this ThanosRuler + deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this ThanosRuler + deployment. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this ThanosRuler + deployment that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/_helpers.tpl new file mode 100755 index 000000000..2da79e70f --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/_helpers.tpl @@ -0,0 +1,29 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/jobs.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/jobs.yaml new file mode 100755 index 000000000..006c5ffff --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/jobs.yaml @@ -0,0 +1,96 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-create + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": post-install, post-upgrade, post-rollback + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-create + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: create-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-delete + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-delete + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + initContainers: + - name: remove-finalizers + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + containers: + - name: delete-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - delete + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/manifest.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/manifest.yaml new file mode 100755 index 000000000..31016b6ef --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/manifest.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-manifest + namespace: {{ .Release.Namespace }} +data: + crd-manifest.yaml: | + {{- $currentScope := . -}} + {{- $crds := (.Files.Glob "crd-manifest/**.yaml") -}} + {{- range $path, $_ := $crds -}} + {{- with $currentScope -}} + {{ .Files.Get $path | nindent 4 }} + --- + {{- end -}}{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/rbac.yaml new file mode 100755 index 000000000..bdda1ddad --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/rbac.yaml @@ -0,0 +1,72 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: ['create', 'get', 'patch', 'delete'] +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ .Chart.Name }}-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Chart.Name }}-manager +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +spec: + privileged: false + allowPrivilegeEscalation: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/values.yaml new file mode 100755 index 000000000..22a8a1c38 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/values.yaml @@ -0,0 +1,11 @@ +# Default values for rancher-monitoring-crd. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + +image: + repository: rancher/kubectl + tag: v1.20.2 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/.helmignore new file mode 100755 index 000000000..93bf1ec02 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/.helmignore @@ -0,0 +1,26 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# helm/charts +OWNERS +hack/ +ci/ +kube-prometheus-*.tgz diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/CHANGELOG.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/CHANGELOG.md new file mode 100755 index 000000000..8178169b9 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/CHANGELOG.md @@ -0,0 +1,47 @@ +# Changelog +All notable changes from the upstream Prometheus Operator chart will be added to this file. + +## [Package Version 00] - 2020-07-19 +### Added +- Added [Prometheus Adapter](https://github.com/helm/charts/tree/master/stable/prometheus-adapter) as a dependency to the upstream Prometheus Operator chart to allow users to expose custom metrics from the default Prometheus instance deployed by this chart +- Remove `prometheus-operator/cleanup-crds.yaml` and `prometheus-operator/crds.yaml` from the Prometheus Operator upstream chart in favor of just using the CRD directory to install the CRDs. +- Added support for `rkeControllerManager`, `rkeScheduler`, `rkeProxy`, and `rkeEtcd` PushProx exporters for monitoring k8s components within RKE clusters +- Added support for a `k3sServer` PushProx exporter that monitors k3s server components (`kubeControllerManager`, `kubeScheduler`, and `kubeProxy`) within k3s clusters +- Added support for `kubeAdmControllerManager`, `kubeAdmScheduler`, `kubeAdmProxy`, and `kubeAdmEtcd` PushProx exporters for monitoring k8s components within kubeAdm clusters +- Added support for `rke2ControllerManager`, `rke2Scheduler`, `rke2Proxy`, and `rke2Etcd` PushProx exporters for monitoring k8s components within rke2 clusters +- Exposed `prometheus.prometheusSpec.ignoreNamespaceSelectors` on values.yaml and set it to `false` by default. This value instructs the default Prometheus server deployed with this chart to ignore the `namespaceSelector` field within any created ServiceMonitor or PodMonitor CRs that it selects. This prevents ServiceMonitors and PodMonitors from configuring the Prometheus scrape configuration to monitor resources outside the namespace that they are deployed in; if a user needs to have one ServiceMonitor / PodMonitor monitor resources within several namespaces (such as the resources that are used to monitor Istio in a default installation), they should not enable this option since it would require them to create one ServiceMonitor / PodMonitor CR per namespace that they would like to monitor. Relevant fields were also updated in the default README.md. +- Added `grafana.sidecar.dashboards.searchNamespace` to `values.yaml` with a default value of `cattle-dashboards`. The namespace provided should contain all ConfigMaps with the label `grafana_dashboard` and will be searched by the Grafana Dashboards sidecar for updates. The namespace specified is also created along with this deployment. All default dashboard ConfigMaps have been relocated from the deployment namespace to the namespace specified +- Added `monitoring-admin`, `monitoring-edit`, and `monitoring-view` default `ClusterRoles` to allow admins to assign roles to users to interact with Prometheus Operator CRs. These can be enabled by setting `.Values.global.rbac.userRoles.create` (default: `true`). In a typical RBAC setup, you might want to use a `ClusterRoleBinding` to bind these roles to a Subject to allow them to set up or view `ServiceMonitors` / `PodMonitors` / `PrometheusRules` and view `Prometheus` or `Alertmanager` CRs across the cluster. If `.Values.global.rbac.userRoles.aggregateRolesForRBAC` is enabled, these ClusterRoles will aggregate into the respective default ClusterRoles provided by Kubernetes +- Added `monitoring-config-admin`, `monitoring-config-edit` and `monitoring-config-view` default `Roles` to allow admins to assign roles to users to be able to edit / view `Secrets` and `ConfigMaps` within the `cattle-monitoring-system` namespace. These can be enabled by setting `.Values.global.rbac.userRoles.create` (default: `true`). In a typical RBAC setup, you might want to use a `RoleBinding` to bind these roles to a Subject within the `cattle-monitoring-system` namespace to allow them to modify Secrets / ConfigMaps tied to the deployment, such as your Alertmanager Config Secret. +- Added `monitoring-dashboard-admin`, `monitoring-dashboard-edit` and `monitoring-dashboard-view` default `Roles` to allow admins to assign roles to users to be able to edit / view `ConfigMaps` within the `cattle-dashboards` namespace. These can be enabled by setting `.Values.global.rbac.userRoles.create` (default: `true`) and deploying Grafana as part of this chart. In a typical RBAC setup, you might want to use a `RoleBinding` to bind these roles to a Subject within the `cattle-dashboards` namespace to allow them to create / modify ConfigMaps that contain the JSON used to persist Grafana Dashboards on the cluster. +- Added default resource limits for `Prometheus Operator`, `Prometheus`, `AlertManager`, `Grafana`, `kube-state-metrics`, `node-exporter` +- Added a default template `rancher_defaults.tmpl` to AlertManager that Rancher will offer to users in order to help configure the way alerts are rendered on a notifier. Also updated the default template deployed with this chart to reference that template and added an example of a Slack config using this template as a comment in the `values.yaml`. +- Added support for private registries via introducing a new field for `global.cattle.systemDefaultRegistry` that, if supplied, will automatically be prepended onto every image used by the chart. +- Added a default `nginx` proxy container deployed with Grafana whose config is set in the `ConfigMap` located in `charts/grafana/templates/nginx-config.yaml`. The purpose of this container is to make it possible to view Grafana's UI through a proxy that has a subpath (e.g. Rancher's proxy). This proxy container is set to listen on port `8080` (with a `portName` of `nginx-http` instead of the default `service`), which is also where the Grafana service will now point to, and will forward all requests to the Grafana container listening on the default port `3000`. +- Added a default `nginx` proxy container deployed with Prometheus whose config is set in the `ConfigMap` located in `templates/prometheus/nginx-config.yaml`. The purpose of this container is to make it possible to view Prometheus's UI through a proxy that has a subpath (e.g. Rancher's proxy). This proxy container is set to listen on port `8081` (with a `portName` of `nginx-http` instead of the default `web`), which is also where the Prometheus service will now point to, and will forward all requests to the Prometheus container listening on the default port `9090`. +- Added support for passing CIS Scans in a hardened cluster by introducing a Job that patches the default service account within the `cattle-monitoring-system` and `cattle-dashboards` namespaces on install or upgrade and adding a default allow all `NetworkPolicy` to the `cattle-monitoring-system` and `cattle-dashboards` namespaces. +### Modified +- Updated the chart name from `prometheus-operator` to `rancher-monitoring` and added the `io.rancher.certified: rancher` annotation to `Chart.yaml` +- Modified the default `node-exporter` port from `9100` to `9796` +- Modified the default `nameOverride` to `rancher-monitoring`. This change is necessary as the Prometheus Adapter's default URL (`http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc`) is based off of the value used here; if modified, the default Adapter URL must also be modified +- Modified the default `namespaceOverride` to `cattle-monitoring-system`. This change is necessary as the Prometheus Adapter's default URL (`http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc`) is based off of the value used here; if modified, the default Adapter URL must also be modified +- Configured some default values for `grafana.service` values and exposed them in the default README.md +- The default namespaces the following ServiceMonitors were changed from the deployment namespace to allow them to continue to monitor metrics when `prometheus.prometheusSpec.ignoreNamespaceSelectors` is enabled: + - `core-dns`: `kube-system` + - `api-server`: `default` + - `kube-controller-manager`: `kube-system` + - `kubelet`: `{{ .Values.kubelet.namespace }}` +- Disabled the following deployments by default (can be enabled if required): + - `AlertManager` + - `kube-controller-manager` metrics exporter + - `kube-etcd` metrics exporter + - `kube-scheduler` metrics exporter + - `kube-proxy` metrics exporter +- Updated default Grafana `deploymentStrategy` to `Recreate` to prevent deployments from being stuck on upgrade if a PV is attached to Grafana +- Modified the default `SelectorNilUsesHelmValues` to default to `false`. As a result, we look for all CRs with any labels in all namespaces by default rather than just the ones tagged with the label `release: rancher-monitoring`. +- Modified the default images used by the `rancher-monitoring` chart to point to Rancher mirrors of the original images from upstream. +- Modified the behavior of the chart to create the Alertmanager Config Secret via a pre-install hook instead of using the normal Helm lifecycle to manage the secret. The benefit of this approach is that all changes to the Config Secret done on a live cluster will never get overridden on a `helm upgrade` since the secret only gets created on a `helm install`. If you would like the secret to be cleaned up on an `helm uninstall`, enable `alertmanager.cleanupOnUninstall`; however, this is disabled by default to prevent the loss of alerting configuration on an uninstall. This secret will never be modified on a `helm upgrade`. +- Modified the default `securityContext` for `Pod` templates across the chart to `{"runAsNonRoot": "true", "runAsUser": "1000"}` and replaced `grafana.rbac.pspUseAppArmor` in favor of `grafana.rbac.pspAnnotations={}` in order to make it possible to deploy this chart on a hardened cluster which does not support Seccomp or AppArmor annotations in PSPs. Users can always choose to specify the annotations they want to use for the PSP directly as part of the values provided. +- Modified `.Values.prometheus.prometheusSpec.containers` to take in a string representing a template that should be rendered by Helm (via `tpl`) instead of allowing a user to provide YAML directly. +- Modified the default Grafana configuration to auto assign users who access Grafana to the Viewer role and enable anonymous access to Grafana dashboards by default. This default works well for a Rancher user who is accessing Grafana via the `kubectl proxy` on the Rancher Dashboard UI since anonymous users who enter via the proxy are authenticated by the k8s API Server, but you can / should modify this behavior if you plan on exposing Grafana in a way that does not require authentication (e.g. as a `NodePort` service). +- Modified the default Grafana configuration to add a default dashboard for Rancher on the Grafana home page. \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/CONTRIBUTING.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/CONTRIBUTING.md new file mode 100755 index 000000000..f6ce2a323 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/CONTRIBUTING.md @@ -0,0 +1,12 @@ +# Contributing Guidelines + +## How to contribute to this chart + +1. Fork this repository, develop and test your Chart. +1. Bump the chart version for every change. +1. Ensure PR title has the prefix `[kube-prometheus-stack]` +1. When making changes to rules or dashboards, see the README.md section on how to sync data from upstream repositories +1. Check the `hack/minikube` folder has scripts to set up minikube and components of this chart that will allow all components to be scraped. You can use this configuration when validating your changes. +1. Check for changes of RBAC rules. +1. Check for changes in CRD specs. +1. PR must pass the linter (`helm lint`) diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/Chart.yaml new file mode 100755 index 000000000..7568a480b --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/Chart.yaml @@ -0,0 +1,103 @@ +annotations: + artifacthub.io/links: | + - name: Chart Source + url: https://github.com/prometheus-community/helm-charts + - name: Upstream Project + url: https://github.com/prometheus-operator/kube-prometheus + artifacthub.io/operator: "true" + catalog.cattle.io/auto-install: rancher-monitoring-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Monitoring + catalog.cattle.io/namespace: cattle-monitoring-system + catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 + catalog.cattle.io/release-name: rancher-monitoring + catalog.cattle.io/requests-cpu: 4500m + catalog.cattle.io/requests-memory: 4000Mi + catalog.cattle.io/ui-component: monitoring +apiVersion: v2 +appVersion: 0.46.0 +dependencies: +- condition: grafana.enabled + name: grafana + repository: file://./charts/grafana +- condition: k3sServer.enabled + name: k3sServer + repository: file://./charts/k3sServer +- condition: kubeStateMetrics.enabled + name: kube-state-metrics + repository: file://./charts/kube-state-metrics +- condition: kubeAdmControllerManager.enabled + name: kubeAdmControllerManager + repository: file://./charts/kubeAdmControllerManager +- condition: kubeAdmEtcd.enabled + name: kubeAdmEtcd + repository: file://./charts/kubeAdmEtcd +- condition: kubeAdmProxy.enabled + name: kubeAdmProxy + repository: file://./charts/kubeAdmProxy +- condition: kubeAdmScheduler.enabled + name: kubeAdmScheduler + repository: file://./charts/kubeAdmScheduler +- condition: prometheus-adapter.enabled + name: prometheus-adapter + repository: file://./charts/prometheus-adapter +- condition: nodeExporter.enabled + name: prometheus-node-exporter + repository: file://./charts/prometheus-node-exporter +- condition: rke2ControllerManager.enabled + name: rke2ControllerManager + repository: file://./charts/rke2ControllerManager +- condition: rke2Etcd.enabled + name: rke2Etcd + repository: file://./charts/rke2Etcd +- condition: rke2Proxy.enabled + name: rke2Proxy + repository: file://./charts/rke2Proxy +- condition: rke2Scheduler.enabled + name: rke2Scheduler + repository: file://./charts/rke2Scheduler +- condition: rkeControllerManager.enabled + name: rkeControllerManager + repository: file://./charts/rkeControllerManager +- condition: rkeEtcd.enabled + name: rkeEtcd + repository: file://./charts/rkeEtcd +- condition: rkeProxy.enabled + name: rkeProxy + repository: file://./charts/rkeProxy +- condition: rkeScheduler.enabled + name: rkeScheduler + repository: file://./charts/rkeScheduler +- condition: global.cattle.windows.enabled + name: windowsExporter + repository: file://./charts/windowsExporter +description: Collects several related Helm charts, Grafana dashboards, and Prometheus + rules combined with documentation and scripts to provide easy to operate end-to-end + Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. +home: https://github.com/prometheus-operator/kube-prometheus +icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png +keywords: +- operator +- prometheus +- kube-prometheus +- monitoring +kubeVersion: '>=1.16.0-0' +maintainers: +- name: vsliouniaev +- name: bismarck +- email: gianrubio@gmail.com + name: gianrubio +- email: github.gkarthiks@gmail.com + name: gkarthiks +- email: scott@r6by.com + name: scottrigby +- email: miroslav.hadzhiev@gmail.com + name: Xtigyro +- email: arvind.iyengar@suse.com + name: Arvind +name: rancher-monitoring +sources: +- https://github.com/prometheus-community/helm-charts +- https://github.com/prometheus-operator/kube-prometheus +type: application +version: 14.5.100 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/README.md new file mode 100755 index 000000000..aa5d530f2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/README.md @@ -0,0 +1,455 @@ +# kube-prometheus-stack + +Installs the [kube-prometheus stack](https://github.com/prometheus-operator/kube-prometheus), a collection of Kubernetes manifests, [Grafana](http://grafana.com/) dashboards, and [Prometheus rules](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with [Prometheus](https://prometheus.io/) using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator). + +See the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) README for details about components, dashboards, and alerts. + +_Note: This chart was formerly named `prometheus-operator` chart, now renamed to more clearly reflect that it installs the `kube-prometheus` project stack, within which Prometheus Operator is only one component._ + +## Prerequisites + +- Kubernetes 1.16+ +- Helm 3+ + +## Get Repo Info + +```console +helm repo add prometheus-community https://prometheus-community.github.io/helm-charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Install Chart + +```console +# Helm +$ helm install [RELEASE_NAME] prometheus-community/kube-prometheus-stack +``` + +_See [configuration](#configuration) below._ + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +## Dependencies + +By default this chart installs additional, dependent charts: + +- [kubernetes/kube-state-metrics](https://github.com/kubernetes/kube-state-metrics/tree/master/charts/kube-state-metrics) +- [prometheus-community/prometheus-node-exporter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-node-exporter) +- [grafana/grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana) + +To disable dependencies during installation, see [multiple releases](#multiple-releases) below. + +_See [helm dependency](https://helm.sh/docs/helm/helm_dependency/) for command documentation._ + +## Uninstall Chart + +```console +# Helm +$ helm uninstall [RELEASE_NAME] +``` + +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ + +CRDs created by this chart are not removed by default and should be manually cleaned up: + +```console +kubectl delete crd alertmanagerconfigs.monitoring.coreos.com +kubectl delete crd alertmanagers.monitoring.coreos.com +kubectl delete crd podmonitors.monitoring.coreos.com +kubectl delete crd probes.monitoring.coreos.com +kubectl delete crd prometheuses.monitoring.coreos.com +kubectl delete crd prometheusrules.monitoring.coreos.com +kubectl delete crd servicemonitors.monitoring.coreos.com +kubectl delete crd thanosrulers.monitoring.coreos.com +``` + +## Upgrading Chart + +```console +# Helm +$ helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack +``` + +With Helm v3, CRDs created by this chart are not updated by default and should be manually updated. +Consult also the [Helm Documentation on CRDs](https://helm.sh/docs/chart_best_practices/custom_resource_definitions). + +_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ + +### Upgrading an existing Release to a new major version + +A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. + +### From 13.x to 14.x + +Version 14 upgrades prometheus-operator from 0.45.x to 0.46.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRDs manually before updating: + +```console +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +### From 12.x to 13.x + +Version 13 upgrades prometheus-operator from 0.44.x to 0.45.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating: + +```console +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +``` + +### From 11.x to 12.x + +The chart was migrated to support only helm v3 and later. + +### From 10.x to 11.x + +Version 11 upgrades prometheus-operator from 0.42.x to 0.43.x. Starting with 0.43.x an additional `AlertmanagerConfigs` CRD is introduced. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating: + +```console +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.43/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +``` + +Version 11 removes the deprecated tlsProxy via ghostunnel in favor of native TLS support the prometheus-operator gained with v0.39.0. + +### From 9.x to 10.x + +Version 10 upgrades prometheus-operator from 0.38.x to 0.42.x. Starting with 0.40.x an additional `Probes` CRD is introduced. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating: + +```console +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.42/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +``` + +### From 8.x to 9.x + +Version 9 of the helm chart removes the existing `additionalScrapeConfigsExternal` in favour of `additionalScrapeConfigsSecret`. This change lets users specify the secret name and secret key to use for the additional scrape configuration of prometheus. This is useful for users that have prometheus-operator as a subchart and also have a template that creates the additional scrape configuration. + +### From 7.x to 8.x + +Due to new template functions being used in the rules in version 8.x.x of the chart, an upgrade to Prometheus Operator and Prometheus is necessary in order to support them. First, upgrade to the latest version of 7.x.x + +```console +helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack --version 7.5.0 +``` + +Then upgrade to 8.x.x + +```console +helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack --version [8.x.x] +``` + +Minimal recommended Prometheus version for this chart release is `2.12.x` + +### From 6.x to 7.x + +Due to a change in grafana subchart, version 7.x.x now requires Helm >= 2.12.0. + +### From 5.x to 6.x + +Due to a change in deployment labels of kube-state-metrics, the upgrade requires `helm upgrade --force` in order to re-create the deployment. If this is not done an error will occur indicating that the deployment cannot be modified: + +```console +invalid: spec.selector: Invalid value: v1.LabelSelector{MatchLabels:map[string]string{"app.kubernetes.io/name":"kube-state-metrics"}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable +``` + +If this error has already been encountered, a `helm history` command can be used to determine which release has worked, then `helm rollback` to the release, then `helm upgrade --force` to this new one + +## Configuration + +See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments: + +```console +helm show values prometheus-community/kube-prometheus-stack +``` + +You may also run `helm show values` on this chart's [dependencies](#dependencies) for additional options. + +### Rancher Monitoring Configuration + +The following table shows values exposed by Rancher Monitoring's additions to the chart: + +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `nameOverride` | Provide a name that should be used instead of the chart name when naming all resources deployed by this chart |`"rancher-monitoring"`| +| `namespaceOverride` | Override the deployment namespace | `"cattle-monitoring-system"` | +| `global.rbac.userRoles.create` | Create default user ClusterRoles to allow users to interact with Prometheus CRs, ConfigMaps, and Secrets | `true` | +| `global.rbac.userRoles.aggregateToDefaultRoles` | Aggregate default user ClusterRoles into default k8s ClusterRoles | `true` | +| `prometheus-adapter.enabled` | Whether to install [prometheus-adapter](https://github.com/helm/charts/tree/master/stable/prometheus-adapter) within the cluster | `true` | +| `prometheus-adapter.prometheus.url` | A URL pointing to the Prometheus deployment within your cluster. The default value is set based on the assumption that you plan to deploy the default Prometheus instance from this chart where `.Values.namespaceOverride=cattle-monitoring-system` and `.Values.nameOverride=rancher-monitoring` | `http://rancher-monitoring-prometheus.cattle-monitoring-system.svc` | +| `prometheus-adapter.prometheus.port` | The port on the Prometheus deployment that Prometheus Adapter can make requests to | `9090` | +| `prometheus.prometheusSpec.ignoreNamespaceSelectors` | Ignore NamespaceSelector settings from the PodMonitor and ServiceMonitor configs. If true, PodMonitors and ServiceMonitors can only discover Pods and Services within the namespace they are deployed into | `false` | +| `alertmanager.secret.cleanupOnUninstall` | Whether or not to trigger a job to clean up the alertmanager config secret to be deleted on a `helm uninstall`. By default, this is disabled to prevent the loss of alerting configuration on an uninstall. | `false` | +| `alertmanager.secret.image.pullPolicy` | Image pull policy for job(s) related to alertmanager config secret's lifecycle | `IfNotPresent` | +| `alertmanager.secret.image.repository` | Repository to use for job(s) related to alertmanager config secret's lifecycle | `rancher/rancher-agent` | +| `alertmanager.secret.image.tag` | Tag to use for job(s) related to alertmanager config secret's lifecycle | `v2.4.8` | + +The following values are enabled for different distributions via [rancher-pushprox](https://github.com/rancher/dev-charts/tree/master/packages/rancher-pushprox). See the rancher-pushprox `README.md` for more information on what all values can be configured for the PushProxy chart. + +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `rkeControllerManager.enabled` | Create a PushProx installation for monitoring kube-controller-manager metrics in RKE clusters | `false` | +| `rkeScheduler.enabled` | Create a PushProx installation for monitoring kube-scheduler metrics in RKE clusters | `false` | +| `rkeProxy.enabled` | Create a PushProx installation for monitoring kube-proxy metrics in RKE clusters | `false` | +| `rkeEtcd.enabled` | Create a PushProx installation for monitoring etcd metrics in RKE clusters | `false` | +| `k3sServer.enabled` | Create a PushProx installation for monitoring k3s-server metrics (accounts for kube-controller-manager, kube-scheduler, and kube-proxy metrics) in k3s clusters | `false` | +| `kubeAdmControllerManager.enabled` | Create a PushProx installation for monitoring kube-controller-manager metrics in kubeAdm clusters | `false` | +| `kubeAdmScheduler.enabled` | Create a PushProx installation for monitoring kube-scheduler metrics in kubeAdm clusters | `false` | +| `kubeAdmProxy.enabled` | Create a PushProx installation for monitoring kube-proxy metrics in kubeAdm clusters | `false` | +| `kubeAdmEtcd.enabled` | Create a PushProx installation for monitoring etcd metrics in kubeAdm clusters | `false` | + + +### Multiple releases + +The same chart can be used to run multiple Prometheus instances in the same cluster if required. To achieve this, it is necessary to run only one instance of prometheus-operator and a pair of alertmanager pods for an HA configuration, while all other components need to be disabled. To disable a dependency during installation, set `kubeStateMetrics.enabled`, `nodeExporter.enabled` and `grafana.enabled` to `false`. + +## Work-Arounds for Known Issues + +### Running on private GKE clusters + +When Google configure the control plane for private clusters, they automatically configure VPC peering between your Kubernetes cluster’s network and a separate Google managed project. In order to restrict what Google are able to access within your cluster, the firewall rules configured restrict access to your Kubernetes pods. This means that in order to use the webhook component with a GKE private cluster, you must configure an additional firewall rule to allow the GKE control plane access to your webhook pod. + +You can read more information on how to add firewall rules for the GKE control plane nodes in the [GKE docs](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#add_firewall_rules) + +Alternatively, you can disable the hooks by setting `prometheusOperator.admissionWebhooks.enabled=false`. + +## PrometheusRules Admission Webhooks + +With Prometheus Operator version 0.30+, the core Prometheus Operator pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent malformed rules from being added to the cluster. + +### How the Chart Configures the Hooks + +A validating and mutating webhook configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks. + +1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end-user certificates. If the certificate already exists, the hook exits. +2. The prometheus operator pod is configured to use a TLS proxy container, which will load that certificate. +3. Validating and Mutating webhook configurations are created in the cluster, with their failure mode set to Ignore. This allows rules to be created by the same chart at the same time, even though the webhook has not yet been fully set up - it does not have the correct CA field set. +4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations + +### Alternatives + +It should be possible to use [jetstack/cert-manager](https://github.com/jetstack/cert-manager) if a more complete solution is required, but it has not been tested. + +You can enable automatic self-signed TLS certificate provisioning via cert-manager by setting the `prometheusOperator.admissionWebhooks.certManager.enabled` value to true. + +### Limitations + +Because the operator can only run as a single pod, there is potential for this component failure to cause rule deployment failure. Because this risk is outweighed by the benefit of having validation, the feature is enabled by default. + +## Developing Prometheus Rules and Grafana Dashboards + +This chart Grafana Dashboards and Prometheus Rules are just a copy from [prometheus-operator/prometheus-operator](https://github.com/prometheus-operator/prometheus-operator) and other sources, synced (with alterations) by scripts in [hack](hack) folder. In order to introduce any changes you need to first [add them to the original repo](https://github.com/prometheus-operator/kube-prometheus/blob/master/docs/developing-prometheus-rules-and-grafana-dashboards.md) and then sync there by scripts. + +## Further Information + +For more in-depth documentation of configuration options meanings, please see + +- [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator) +- [Prometheus](https://prometheus.io/docs/introduction/overview/) +- [Grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana#grafana-helm-chart) + +## prometheus.io/scrape + +The prometheus operator does not support annotation-based discovery of services, using the `PodMonitor` or `ServiceMonitor` CRD in its place as they provide far more configuration options. +For information on how to use PodMonitors/ServiceMonitors, please see the documentation on the `prometheus-operator/prometheus-operator` documentation here: + +- [ServiceMonitors](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/getting-started.md#include-servicemonitors) +- [PodMonitors](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/getting-started.md#include-podmonitors) +- [Running Exporters](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/running-exporters.md) + +By default, Prometheus discovers PodMonitors and ServiceMonitors within its namespace, that are labeled with the same release tag as the prometheus-operator release. +Sometimes, you may need to discover custom PodMonitors/ServiceMonitors, for example used to scrape data from third-party applications. +An easy way of doing this, without compromising the default PodMonitors/ServiceMonitors discovery, is allowing Prometheus to discover all PodMonitors/ServiceMonitors within its namespace, without applying label filtering. +To do so, you can set `prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues` and `prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues` to `false`. + +## Migrating from stable/prometheus-operator chart + +## Zero downtime + +Since `kube-prometheus-stack` is fully compatible with the `stable/prometheus-operator` chart, a migration without downtime can be achieved. +However, the old name prefix needs to be kept. If you want the new name please follow the step by step guide below (with downtime). + +You can override the name to achieve this: + +```console +helm upgrade prometheus-operator prometheus-community/kube-prometheus-stack -n monitoring --reuse-values --set nameOverride=prometheus-operator +``` + +**Note**: It is recommended to run this first with `--dry-run --debug`. + +## Redeploy with new name (downtime) + +If the **prometheus-operator** values are compatible with the new **kube-prometheus-stack** chart, please follow the below steps for migration: + +> The guide presumes that chart is deployed in `monitoring` namespace and the deployments are running there. If in other namespace, please replace the `monitoring` to the deployed namespace. + +1. Patch the PersistenceVolume created/used by the prometheus-operator chart to `Retain` claim policy: + + ```console + kubectl patch pv/ -p '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}' + ``` + + **Note:** To execute the above command, the user must have a cluster wide permission. Please refer [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) + +2. Uninstall the **prometheus-operator** release and delete the existing PersistentVolumeClaim, and verify PV become Released. + + ```console + helm uninstall prometheus-operator -n monitoring + kubectl delete pvc/ -n monitoring + ``` + + Additionally, you have to manually remove the remaining `prometheus-operator-kubelet` service. + + ```console + kubectl delete service/prometheus-operator-kubelet -n kube-system + ``` + + You can choose to remove all your existing CRDs (ServiceMonitors, Podmonitors, etc.) if you want to. + +3. Remove current `spec.claimRef` values to change the PV's status from Released to Available. + + ```console + kubectl patch pv/ --type json -p='[{"op": "remove", "path": "/spec/claimRef"}]' -n monitoring + ``` + +**Note:** To execute the above command, the user must have a cluster wide permission. Please refer to [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) + +After these steps, proceed to a fresh **kube-prometheus-stack** installation and make sure the current release of **kube-prometheus-stack** matching the `volumeClaimTemplate` values in the `values.yaml`. + +The binding is done via matching a specific amount of storage requested and with certain access modes. + +For example, if you had storage specified as this with **prometheus-operator**: + +```yaml +volumeClaimTemplate: + spec: + storageClassName: gp2 + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 50Gi +``` + +You have to specify matching `volumeClaimTemplate` with 50Gi storage and `ReadWriteOnce` access mode. + +Additionally, you should check the current AZ of your legacy installation's PV, and configure the fresh release to use the same AZ as the old one. If the pods are in a different AZ than the PV, the release will fail to bind the existing one, hence creating a new PV. + +This can be achieved either by specifying the labels through `values.yaml`, e.g. setting `prometheus.prometheusSpec.nodeSelector` to: + +```yaml +nodeSelector: + failure-domain.beta.kubernetes.io/zone: east-west-1a +``` + +or passing these values as `--set` overrides during installation. + +The new release should now re-attach your previously released PV with its content. + +## Migrating from coreos/prometheus-operator chart + +The multiple charts have been combined into a single chart that installs prometheus operator, prometheus, alertmanager, grafana as well as the multitude of exporters necessary to monitor a cluster. + +There is no simple and direct migration path between the charts as the changes are extensive and intended to make the chart easier to support. + +The capabilities of the old chart are all available in the new chart, including the ability to run multiple prometheus instances on a single cluster - you will need to disable the parts of the chart you do not wish to deploy. + +You can check out the tickets for this change [here](https://github.com/prometheus-operator/prometheus-operator/issues/592) and [here](https://github.com/helm/charts/pull/6765). + +### High-level overview of Changes + +#### Added dependencies + +The chart has added 3 [dependencies](#dependencies). + +- Node-Exporter, Kube-State-Metrics: These components are loaded as dependencies into the chart, and are relatively simple components +- Grafana: The Grafana chart is more feature-rich than this chart - it contains a sidecar that is able to load data sources and dashboards from configmaps deployed into the same cluster. For more information check out the [documentation for the chart](https://github.com/grafana/helm-charts/blob/main/charts/grafana/README.md) + +#### Kubelet Service + +Because the kubelet service has a new name in the chart, make sure to clean up the old kubelet service in the `kube-system` namespace to prevent counting container metrics twice. + +#### Persistent Volumes + +If you would like to keep the data of the current persistent volumes, it should be possible to attach existing volumes to new PVCs and PVs that are created using the conventions in the new chart. For example, in order to use an existing Azure disk for a helm release called `prometheus-migration` the following resources can be created: + +```yaml +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pvc-prometheus-migration-prometheus-0 +spec: + accessModes: + - ReadWriteOnce + azureDisk: + cachingMode: None + diskName: pvc-prometheus-migration-prometheus-0 + diskURI: /subscriptions/f5125d82-2622-4c50-8d25-3f7ba3e9ac4b/resourceGroups/sample-migration-resource-group/providers/Microsoft.Compute/disks/pvc-prometheus-migration-prometheus-0 + fsType: "" + kind: Managed + readOnly: false + capacity: + storage: 1Gi + persistentVolumeReclaimPolicy: Delete + storageClassName: prometheus + volumeMode: Filesystem +``` + +```yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app: prometheus + prometheus: prometheus-migration-prometheus + name: prometheus-prometheus-migration-prometheus-db-prometheus-prometheus-migration-prometheus-0 + namespace: monitoring +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: prometheus + volumeMode: Filesystem + volumeName: pvc-prometheus-migration-prometheus-0 +``` + +The PVC will take ownership of the PV and when you create a release using a persistent volume claim template it will use the existing PVCs as they match the naming convention used by the chart. For other cloud providers similar approaches can be used. + +#### KubeProxy + +The metrics bind address of kube-proxy is default to `127.0.0.1:10249` that prometheus instances **cannot** access to. You should expose metrics by changing `metricsBindAddress` field value to `0.0.0.0:10249` if you want to collect them. + +Depending on the cluster, the relevant part `config.conf` will be in ConfigMap `kube-system/kube-proxy` or `kube-system/kube-proxy-config`. For example: + +```console +kubectl -n kube-system edit cm kube-proxy +``` + +```yaml +apiVersion: v1 +data: + config.conf: |- + apiVersion: kubeproxy.config.k8s.io/v1alpha1 + kind: KubeProxyConfiguration + # ... + # metricsBindAddress: 127.0.0.1:10249 + metricsBindAddress: 0.0.0.0:10249 + # ... + kubeconfig.conf: |- + # ... +kind: ConfigMap +metadata: + labels: + app: kube-proxy + name: kube-proxy + namespace: kube-system +``` diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/app-README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/app-README.md new file mode 100755 index 000000000..af77e04ec --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/app-README.md @@ -0,0 +1,15 @@ +# Rancher Monitoring and Alerting + + This chart is based on the upstream [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) chart. The chart deploys [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator) and its CRDs along with [Grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana), [Prometheus Adapter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-adapter) and additional charts / Kubernetes manifests to gather metrics. It allows users to monitor their Kubernetes clusters, view metrics in Grafana dashboards, and set up alerts and notifications. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/). + +The chart installs the following components: + +- [Prometheus Operator](https://github.com/coreos/prometheus-operator) - The operator provides easy monitoring definitions for Kubernetes services, manages [Prometheus](https://prometheus.io/) and [AlertManager](https://prometheus.io/docs/alerting/latest/alertmanager/) instances, and adds default scrape targets for some Kubernetes components. +- [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus/) - A collection of community-curated Kubernetes manifests, Grafana Dashboards, and PrometheusRules that deploy a default end-to-end cluster monitoring configuration. +- [Grafana](https://github.com/helm/charts/tree/master/stable/grafana) - Grafana allows a user to create / view dashboards based on the cluster metrics collected by Prometheus. +- [node-exporter](https://github.com/helm/charts/tree/master/stable/prometheus-node-exporter) / [kube-state-metrics](https://github.com/helm/charts/tree/master/stable/kube-state-metrics) / [rancher-pushprox](https://github.com/rancher/charts/tree/dev-v2.5/packages/rancher-pushprox/charts) - These charts monitor various Kubernetes components across different Kubernetes cluster types. +- [Prometheus Adapter](https://github.com/helm/charts/tree/master/stable/prometheus-adapter) - The adapter allows a user to expose custom metrics, resource metrics, and external metrics on the default [Prometheus](https://prometheus.io/) instance to the Kubernetes API Server. + +For more information, review the Helm README of this chart. diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/.helmignore new file mode 100755 index 000000000..8cade1318 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.vscode +.project +.idea/ +*.tmproj +OWNERS diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/Chart.yaml new file mode 100755 index 000000000..6f950a023 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/Chart.yaml @@ -0,0 +1,28 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-grafana +apiVersion: v2 +appVersion: 7.4.5 +description: The leading tool for querying and visualizing time series and metrics. +home: https://grafana.net +icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png +kubeVersion: ^1.8.0-0 +maintainers: +- email: zanhsieh@gmail.com + name: zanhsieh +- email: rluckie@cisco.com + name: rtluckie +- email: maor.friedman@redhat.com + name: maorfr +- email: miroslav.hadzhiev@gmail.com + name: Xtigyro +- email: mail@torstenwalter.de + name: torstenwalter +name: grafana +sources: +- https://github.com/grafana/grafana +type: application +version: 6.6.4 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/README.md new file mode 100755 index 000000000..957f019ec --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/README.md @@ -0,0 +1,514 @@ +# Grafana Helm Chart + +* Installs the web dashboarding system [Grafana](http://grafana.org/) + +## Get Repo Info + +```console +helm repo add grafana https://grafana.github.io/helm-charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release grafana/grafana +``` + +## Uninstalling the Chart + +To uninstall/delete the my-release deployment: + +```console +helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Upgrading an existing Release to a new major version + +A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an +incompatible breaking change needing manual actions. + +### To 4.0.0 (And 3.12.1) + +This version requires Helm >= 2.12.0. + +### To 5.0.0 + +You have to add --force to your helm upgrade command as the labels of the chart have changed. + +### To 6.0.0 + +This version requires Helm >= 3.1.0. + +## Configuration + +| Parameter | Description | Default | +|-------------------------------------------|-----------------------------------------------|---------------------------------------------------------| +| `replicas` | Number of nodes | `1` | +| `podDisruptionBudget.minAvailable` | Pod disruption minimum available | `nil` | +| `podDisruptionBudget.maxUnavailable` | Pod disruption maximum unavailable | `nil` | +| `deploymentStrategy` | Deployment strategy | `{ "type": "RollingUpdate" }` | +| `livenessProbe` | Liveness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } "initialDelaySeconds": 60, "timeoutSeconds": 30, "failureThreshold": 10 }` | +| `readinessProbe` | Readiness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } }`| +| `securityContext` | Deployment securityContext | `{"runAsUser": 472, "runAsGroup": 472, "fsGroup": 472}` | +| `priorityClassName` | Name of Priority Class to assign pods | `nil` | +| `image.repository` | Image repository | `grafana/grafana` | +| `image.tag` | Image tag (`Must be >= 5.0.0`) | `7.4.5` | +| `image.sha` | Image sha (optional) | `2b56f6106ddc376bb46d974230d530754bf65a640dfbc5245191d72d3b49efc6` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Image pull secrets | `{}` | +| `service.type` | Kubernetes service type | `ClusterIP` | +| `service.port` | Kubernetes port where service is exposed | `80` | +| `service.portName` | Name of the port on the service | `service` | +| `service.targetPort` | Internal service is port | `3000` | +| `service.nodePort` | Kubernetes service nodePort | `nil` | +| `service.annotations` | Service annotations | `{}` | +| `service.labels` | Custom labels | `{}` | +| `service.clusterIP` | internal cluster service IP | `nil` | +| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `nil` | +| `service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to lb (if supported) | `[]` | +| `service.externalIPs` | service external IP addresses | `[]` | +| `extraExposePorts` | Additional service ports for sidecar containers| `[]` | +| `hostAliases` | adds rules to the pod's /etc/hosts | `[]` | +| `ingress.enabled` | Enables Ingress | `false` | +| `ingress.annotations` | Ingress annotations (values are templated) | `{}` | +| `ingress.labels` | Custom labels | `{}` | +| `ingress.path` | Ingress accepted path | `/` | +| `ingress.pathType` | Ingress type of path | `Prefix` | +| `ingress.hosts` | Ingress accepted hostnames | `["chart-example.local"]` | +| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). | `[]` | +| `ingress.tls` | Ingress TLS configuration | `[]` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Toleration labels for pod assignment | `[]` | +| `affinity` | Affinity settings for pod assignment | `{}` | +| `extraInitContainers` | Init containers to add to the grafana pod | `{}` | +| `extraContainers` | Sidecar containers to add to the grafana pod | `{}` | +| `extraContainerVolumes` | Volumes that can be mounted in sidecar containers | `[]` | +| `extraLabels` | Custom labels for all manifests | `{}` | +| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | +| `persistence.enabled` | Use persistent volume to store data | `false` | +| `persistence.type` | Type of persistence (`pvc` or `statefulset`) | `pvc` | +| `persistence.size` | Size of persistent volume claim | `10Gi` | +| `persistence.existingClaim` | Use an existing PVC to persist data | `nil` | +| `persistence.storageClassName` | Type of persistent volume claim | `nil` | +| `persistence.accessModes` | Persistence access modes | `[ReadWriteOnce]` | +| `persistence.annotations` | PersistentVolumeClaim annotations | `{}` | +| `persistence.finalizers` | PersistentVolumeClaim finalizers | `[ "kubernetes.io/pvc-protection" ]` | +| `persistence.subPath` | Mount a sub dir of the persistent volume | `nil` | +| `persistence.inMemory.enabled` | If persistence is not enabled, whether to mount the local storage in-memory to improve performance | `false` | +| `persistence.inMemory.sizeLimit` | SizeLimit for the in-memory local storage | `nil` | +| `initChownData.enabled` | If false, don't reset data ownership at startup | true | +| `initChownData.image.repository` | init-chown-data container image repository | `busybox` | +| `initChownData.image.tag` | init-chown-data container image tag | `1.31.1` | +| `initChownData.image.sha` | init-chown-data container image sha (optional)| `""` | +| `initChownData.image.pullPolicy` | init-chown-data container image pull policy | `IfNotPresent` | +| `initChownData.resources` | init-chown-data pod resource requests & limits | `{}` | +| `schedulerName` | Alternate scheduler name | `nil` | +| `env` | Extra environment variables passed to pods | `{}` | +| `envValueFrom` | Environment variables from alternate sources. See the API docs on [EnvVarSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core) for format details. | `{}` | +| `envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` | +| `envRenderSecret` | Sensible environment variables passed to pods and stored as secret | `{}` | +| `extraSecretMounts` | Additional grafana server secret mounts | `[]` | +| `extraVolumeMounts` | Additional grafana server volume mounts | `[]` | +| `extraConfigmapMounts` | Additional grafana server configMap volume mounts | `[]` | +| `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` | +| `plugins` | Plugins to be loaded along with Grafana | `[]` | +| `datasources` | Configure grafana datasources (passed through tpl) | `{}` | +| `notifiers` | Configure grafana notifiers | `{}` | +| `dashboardProviders` | Configure grafana dashboard providers | `{}` | +| `dashboards` | Dashboards to import | `{}` | +| `dashboardsConfigMaps` | ConfigMaps reference that contains dashboards | `{}` | +| `grafana.ini` | Grafana's primary configuration | `{}` | +| `ldap.enabled` | Enable LDAP authentication | `false` | +| `ldap.existingSecret` | The name of an existing secret containing the `ldap.toml` file, this must have the key `ldap-toml`. | `""` | +| `ldap.config` | Grafana's LDAP configuration | `""` | +| `annotations` | Deployment annotations | `{}` | +| `labels` | Deployment labels | `{}` | +| `podAnnotations` | Pod annotations | `{}` | +| `podLabels` | Pod labels | `{}` | +| `podPortName` | Name of the grafana port on the pod | `grafana` | +| `sidecar.image.repository` | Sidecar image repository | `quay.io/kiwigrid/k8s-sidecar` | +| `sidecar.image.tag` | Sidecar image tag | `1.10.7` | +| `sidecar.image.sha` | Sidecar image sha (optional) | `""` | +| `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` | +| `sidecar.resources` | Sidecar resources | `{}` | +| `sidecar.enableUniqueFilenames` | Sets the kiwigrid/k8s-sidecar UNIQUE_FILENAMES environment variable | `false` | +| `sidecar.dashboards.enabled` | Enables the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` | +| `sidecar.dashboards.SCProvider` | Enables creation of sidecar provider | `true` | +| `sidecar.dashboards.provider.name` | Unique name of the grafana provider | `sidecarProvider` | +| `sidecar.dashboards.provider.orgid` | Id of the organisation, to which the dashboards should be added | `1` | +| `sidecar.dashboards.provider.folder` | Logical folder in which grafana groups dashboards | `""` | +| `sidecar.dashboards.provider.disableDelete` | Activate to avoid the deletion of imported dashboards | `false` | +| `sidecar.dashboards.provider.allowUiUpdates` | Allow updating provisioned dashboards from the UI | `false` | +| `sidecar.dashboards.provider.type` | Provider type | `file` | +| `sidecar.dashboards.provider.foldersFromFilesStructure` | Allow Grafana to replicate dashboard structure from filesystem. | `false` | +| `sidecar.dashboards.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` | +| `sidecar.skipTlsVerify` | Set to true to skip tls verification for kube api calls | `nil` | +| `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `grafana_dashboard` | +| `sidecar.dashboards.labelValue` | Label value that config maps with dashboards should have to be added | `nil` | +| `sidecar.dashboards.folder` | Folder in the pod that should hold the collected dashboards (unless `sidecar.dashboards.defaultFolderName` is set). This path will be mounted. | `/tmp/dashboards` | +| `sidecar.dashboards.folderAnnotation` | The annotation the sidecar will look for in configmaps to override the destination folder for files | `nil` | +| `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` | +| `sidecar.dashboards.searchNamespace` | If specified, the sidecar will search for dashboard config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | +| `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` | +| `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `grafana_datasource` | +| `sidecar.datasources.labelValue` | Label value that config maps with datasources should have to be added | `nil` | +| `sidecar.datasources.searchNamespace` | If specified, the sidecar will search for datasources config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | +| `sidecar.notifiers.enabled` | Enables the cluster wide search for notifiers and adds/updates/deletes them in grafana | `false` | +| `sidecar.notifiers.label` | Label that config maps with notifiers should have to be added | `grafana_notifier` | +| `sidecar.notifiers.searchNamespace` | If specified, the sidecar will search for notifiers config-maps (or secrets) inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | +| `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials. | `""` | +| `smtp.userKey` | The key in the existing SMTP secret containing the username. | `"user"` | +| `smtp.passwordKey` | The key in the existing SMTP secret containing the password. | `"password"` | +| `admin.existingSecret` | The name of an existing secret containing the admin credentials. | `""` | +| `admin.userKey` | The key in the existing admin secret containing the username. | `"admin-user"` | +| `admin.passwordKey` | The key in the existing admin secret containing the password. | `"admin-password"` | +| `serviceAccount.annotations` | ServiceAccount annotations | | +| `serviceAccount.create` | Create service account | `true` | +| `serviceAccount.name` | Service account name to use, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `` | +| `serviceAccount.nameTest` | Service account name to use for test, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `nil` | +| `rbac.create` | Create and use RBAC resources | `true` | +| `rbac.namespaced` | Creates Role and Rolebinding instead of the default ClusterRole and ClusteRoleBindings for the grafana instance | `false` | +| `rbac.useExistingRole` | Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to the rolename set here. | `nil` | +| `rbac.pspEnabled` | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `true` | +| `rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`) | `true` | +| `rbac.extraRoleRules` | Additional rules to add to the Role | [] | +| `rbac.extraClusterRoleRules` | Additional rules to add to the ClusterRole | [] | +| `command` | Define command to be executed by grafana container at startup | `nil` | +| `testFramework.enabled` | Whether to create test-related resources | `true` | +| `testFramework.image` | `test-framework` image repository. | `bats/bats` | +| `testFramework.tag` | `test-framework` image tag. | `v1.1.0` | +| `testFramework.imagePullPolicy` | `test-framework` image pull policy. | `IfNotPresent` | +| `testFramework.securityContext` | `test-framework` securityContext | `{}` | +| `downloadDashboards.env` | Environment variables to be passed to the `download-dashboards` container | `{}` | +| `downloadDashboards.envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` | +| `downloadDashboards.resources` | Resources of `download-dashboards` container | `{}` | +| `downloadDashboardsImage.repository` | Curl docker image repo | `curlimages/curl` | +| `downloadDashboardsImage.tag` | Curl docker image tag | `7.73.0` | +| `downloadDashboardsImage.sha` | Curl docker image sha (optional) | `""` | +| `downloadDashboardsImage.pullPolicy` | Curl docker image pull policy | `IfNotPresent` | +| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) | +| `serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` | +| `serviceMonitor.namespace` | Namespace this servicemonitor is installed in | | +| `serviceMonitor.interval` | How frequently Prometheus should scrape | `1m` | +| `serviceMonitor.path` | Path to scrape | `/metrics` | +| `serviceMonitor.scheme` | Scheme to use for metrics scraping | `http` | +| `serviceMonitor.tlsConfig` | TLS configuration block for the endpoint | `{}` | +| `serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` | +| `serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `30s` | +| `serviceMonitor.relabelings` | MetricRelabelConfigs to apply to samples before ingestion. | `[]` | +| `revisionHistoryLimit` | Number of old ReplicaSets to retain | `10` | +| `imageRenderer.enabled` | Enable the image-renderer deployment & service | `false` | +| `imageRenderer.image.repository` | image-renderer Image repository | `grafana/grafana-image-renderer` | +| `imageRenderer.image.tag` | image-renderer Image tag | `latest` | +| `imageRenderer.image.sha` | image-renderer Image sha (optional) | `""` | +| `imageRenderer.image.pullPolicy` | image-renderer ImagePullPolicy | `Always` | +| `imageRenderer.env` | extra env-vars for image-renderer | `{}` | +| `imageRenderer.serviceAccountName` | image-renderer deployment serviceAccountName | `""` | +| `imageRenderer.securityContext` | image-renderer deployment securityContext | `{}` | +| `imageRenderer.hostAliases` | image-renderer deployment Host Aliases | `[]` | +| `imageRenderer.priorityClassName` | image-renderer deployment priority class | `''` | +| `imageRenderer.service.portName` | image-renderer service port name | `'http'` | +| `imageRenderer.service.port` | image-renderer service port used by both service and deployment | `8081` | +| `imageRenderer.grafanaSubPath` | Grafana sub path to use for image renderer callback url | `''` | +| `imageRenderer.podPortName` | name of the image-renderer port on the pod | `http` | +| `imageRenderer.revisionHistoryLimit` | number of image-renderer replica sets to keep | `10` | +| `imageRenderer.networkPolicy.limitIngress` | Enable a NetworkPolicy to limit inbound traffic from only the created grafana pods | `true` | +| `imageRenderer.networkPolicy.limitEgress` | Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods | `false` | +| `imageRenderer.resources` | Set resource limits for image-renderer pdos | `{}` | + +### Example ingress with path + +With grafana 6.3 and above +```yaml +grafana.ini: + server: + domain: monitoring.example.com + root_url: "%(protocol)s://%(domain)s/grafana" + serve_from_sub_path: true +ingress: + enabled: true + hosts: + - "monitoring.example.com" + path: "/grafana" +``` + +### Example of extraVolumeMounts + +```yaml +- extraVolumeMounts: + - name: plugins + mountPath: /var/lib/grafana/plugins + subPath: configs/grafana/plugins + existingClaim: existing-grafana-claim + readOnly: false +``` + +## Import dashboards + +There are a few methods to import dashboards to Grafana. Below are some examples and explanations as to how to use each method: + +```yaml +dashboards: + default: + some-dashboard: + json: | + { + "annotations": + + ... + # Complete json file here + ... + + "title": "Some Dashboard", + "uid": "abcd1234", + "version": 1 + } + custom-dashboard: + # This is a path to a file inside the dashboards directory inside the chart directory + file: dashboards/custom-dashboard.json + prometheus-stats: + # Ref: https://grafana.com/dashboards/2 + gnetId: 2 + revision: 2 + datasource: Prometheus + local-dashboard: + url: https://raw.githubusercontent.com/user/repository/master/dashboards/dashboard.json +``` + +## BASE64 dashboards + +Dashboards could be stored on a server that does not return JSON directly and instead of it returns a Base64 encoded file (e.g. Gerrit) +A new parameter has been added to the url use case so if you specify a b64content value equals to true after the url entry a Base64 decoding is applied before save the file to disk. +If this entry is not set or is equals to false not decoding is applied to the file before saving it to disk. + +### Gerrit use case + +Gerrit API for download files has the following schema: where {project-name} and +{file-id} usually has '/' in their values and so they MUST be replaced by %2F so if project-name is user/repo, branch-id is master and file-id is equals to dir1/dir2/dashboard +the url value is + +## Sidecar for dashboards + +If the parameter `sidecar.dashboards.enabled` is set, a sidecar container is deployed in the grafana +pod. This container watches all configmaps (or secrets) in the cluster and filters out the ones with +a label as defined in `sidecar.dashboards.label`. The files defined in those configmaps are written +to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported +dashboards are deleted/updated. + +A recommendation is to use one configmap per dashboard, as a reduction of multiple dashboards inside +one configmap is currently not properly mirrored in grafana. + +Example dashboard config: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: sample-grafana-dashboard + labels: + grafana_dashboard: "1" +data: + k8s-dashboard.json: |- + [...] +``` + +## Sidecar for datasources + +If the parameter `sidecar.datasources.enabled` is set, an init container is deployed in the grafana +pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and +filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in +those secrets are written to a folder and accessed by grafana on startup. Using these yaml files, +the data sources in grafana can be imported. + +Secrets are recommended over configmaps for this usecase because datasources usually contain private +data like usernames and passwords. Secrets are the more appropriate cluster resource to manage those. + +Example values to add a datasource adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file): + +```yaml +datasources: + datasources.yaml: + apiVersion: 1 + datasources: + # name of the datasource. Required + - name: Graphite + # datasource type. Required + type: graphite + # access mode. proxy or direct (Server or Browser in the UI). Required + access: proxy + # org id. will default to orgId 1 if not specified + orgId: 1 + # url + url: http://localhost:8080 + # database password, if used + password: + # database user, if used + user: + # database name, if used + database: + # enable/disable basic auth + basicAuth: + # basic auth username + basicAuthUser: + # basic auth password + basicAuthPassword: + # enable/disable with credentials headers + withCredentials: + # mark as default datasource. Max one per org + isDefault: + # fields that will be converted to json and stored in json_data + jsonData: + graphiteVersion: "1.1" + tlsAuth: true + tlsAuthWithCACert: true + # json object of data that will be encrypted. + secureJsonData: + tlsCACert: "..." + tlsClientCert: "..." + tlsClientKey: "..." + version: 1 + # allow users to edit datasources from the UI. + editable: false +``` + +## Sidecar for notifiers + +If the parameter `sidecar.notifiers.enabled` is set, an init container is deployed in the grafana +pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and +filters out the ones with a label as defined in `sidecar.notifiers.label`. The files defined in +those secrets are written to a folder and accessed by grafana on startup. Using these yaml files, +the notification channels in grafana can be imported. The secrets must be created before +`helm install` so that the notifiers init container can list the secrets. + +Secrets are recommended over configmaps for this usecase because alert notification channels usually contain +private data like SMTP usernames and passwords. Secrets are the more appropriate cluster resource to manage those. + +Example datasource config adapted from [Grafana](https://grafana.com/docs/grafana/latest/administration/provisioning/#alert-notification-channels): + +```yaml +notifiers: + - name: notification-channel-1 + type: slack + uid: notifier1 + # either + org_id: 2 + # or + org_name: Main Org. + is_default: true + send_reminder: true + frequency: 1h + disable_resolve_message: false + # See `Supported Settings` section for settings supporter for each + # alert notification type. + settings: + recipient: 'XXX' + token: 'xoxb' + uploadImage: true + url: https://slack.com + +delete_notifiers: + - name: notification-channel-1 + uid: notifier1 + org_id: 2 + - name: notification-channel-2 + # default org_id: 1 +``` + +## How to serve Grafana with a path prefix (/grafana) + +In order to serve Grafana with a prefix (e.g., ), add the following to your values.yaml. + +```yaml +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/rewrite-target: /$1 + nginx.ingress.kubernetes.io/use-regex: "true" + + path: /grafana/?(.*) + hosts: + - k8s.example.dev + +grafana.ini: + server: + root_url: http://localhost:3000/grafana # this host can be localhost +``` + +## How to securely reference secrets in grafana.ini + +This example uses Grafana uses [file providers](https://grafana.com/docs/grafana/latest/administration/configuration/#file-provider) for secret values and the `extraSecretMounts` configuration flag (Additional grafana server secret mounts) to mount the secrets. + +In grafana.ini: + +```yaml +grafana.ini: + [auth.generic_oauth] + enabled = true + client_id = $__file{/etc/secrets/auth_generic_oauth/client_id} + client_secret = $__file{/etc/secrets/auth_generic_oauth/client_secret} +``` + +Existing secret, or created along with helm: + +```yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: auth-generic-oauth-secret +type: Opaque +stringData: + client_id: + client_secret: +``` + +Include in the `extraSecretMounts` configuration flag: + +```yaml +- extraSecretMounts: + - name: auth-generic-oauth-secret-mount + secretName: auth-generic-oauth-secret + defaultMode: 0440 + mountPath: /etc/secrets/auth_generic_oauth + readOnly: true +``` + +### extraSecretMounts using a Container Storage Interface (CSI) provider + +This example uses a CSI driver e.g. retrieving secrets using [Azure Key Vault Provider](https://github.com/Azure/secrets-store-csi-driver-provider-azure) + +```yaml +- extraSecretMounts: + - name: secrets-store-inline + mountPath: /run/secrets + readOnly: true + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: "my-provider" + nodePublishSecretRef: + name: akv-creds +``` + +## Image Renderer Plug-In + +This chart supports enabling [remote image rendering](https://github.com/grafana/grafana-image-renderer/blob/master/docs/remote_rendering_using_docker.md) + +```yaml +imageRenderer: + enabled: true +``` + +### Image Renderer NetworkPolicy + +By default the image-renderer pods will have a network policy which only allows ingress traffic from the created grafana instance diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/dashboards/custom-dashboard.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/dashboards/custom-dashboard.json new file mode 100755 index 000000000..9e26dfeeb --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/dashboards/custom-dashboard.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/NOTES.txt b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/NOTES.txt new file mode 100755 index 000000000..1fc8436d9 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/NOTES.txt @@ -0,0 +1,54 @@ +1. Get your '{{ .Values.adminUser }}' user password by running: + + kubectl get secret --namespace {{ template "grafana.namespace" . }} {{ template "grafana.fullname" . }} -o jsonpath="{.data.admin-password}" | base64 --decode ; echo + +2. The Grafana server can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster: + + {{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}.svc.cluster.local +{{ if .Values.ingress.enabled }} + If you bind grafana to 80, please update values in values.yaml and reinstall: + ``` + securityContext: + runAsUser: 0 + runAsGroup: 0 + fsGroup: 0 + + command: + - "setcap" + - "'cap_net_bind_service=+ep'" + - "/usr/sbin/grafana-server &&" + - "sh" + - "/run.sh" + ``` + Details refer to https://grafana.com/docs/installation/configuration/#http-port. + Or grafana would always crash. + + From outside the cluster, the server URL(s) are: +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{ else }} + Get the Grafana URL to visit by running these commands in the same shell: +{{ if contains "NodePort" .Values.service.type -}} + export NODE_PORT=$(kubectl get --namespace {{ template "grafana.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "grafana.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ template "grafana.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{ else if contains "LoadBalancer" .Values.service.type -}} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc --namespace {{ template "grafana.namespace" . }} -w {{ template "grafana.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ template "grafana.namespace" . }} {{ template "grafana.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + http://$SERVICE_IP:{{ .Values.service.port -}} +{{ else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ template "grafana.namespace" . }} -l "app.kubernetes.io/name={{ template "grafana.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + kubectl --namespace {{ template "grafana.namespace" . }} port-forward $POD_NAME 3000 +{{- end }} +{{- end }} + +3. Login with the password from step 1 and the username: {{ .Values.adminUser }} + +{{- if not .Values.persistence.enabled }} +################################################################################# +###### WARNING: Persistence is disabled!!! You will lose your data when ##### +###### the Grafana pod is terminated. ##### +################################################################################# +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/_helpers.tpl new file mode 100755 index 000000000..76ad78876 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/_helpers.tpl @@ -0,0 +1,145 @@ +# Rancher +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "grafana.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "grafana.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "grafana.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account +*/}} +{{- define "grafana.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "grafana.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{- define "grafana.serviceAccountNameTest" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (print (include "grafana.fullname" .) "-test") .Values.serviceAccount.nameTest }} +{{- else -}} + {{ default "default" .Values.serviceAccount.nameTest }} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "grafana.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "grafana.labels" -}} +helm.sh/chart: {{ include "grafana.chart" . }} +{{ include "grafana.selectorLabels" . }} +{{- if or .Chart.AppVersion .Values.image.tag }} +app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.extraLabels }} +{{ toYaml .Values.extraLabels }} +{{- end }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "grafana.selectorLabels" -}} +app.kubernetes.io/name: {{ include "grafana.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "grafana.imageRenderer.labels" -}} +helm.sh/chart: {{ include "grafana.chart" . }} +{{ include "grafana.imageRenderer.selectorLabels" . }} +{{- if or .Chart.AppVersion .Values.image.tag }} +app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels ImageRenderer +*/}} +{{- define "grafana.imageRenderer.selectorLabels" -}} +app.kubernetes.io/name: {{ include "grafana.name" . }}-image-renderer +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Return the appropriate apiVersion for rbac. +*/}} +{{- define "rbac.apiVersion" -}} +{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/_pod.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/_pod.tpl new file mode 100755 index 000000000..2ba9f115c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/_pod.tpl @@ -0,0 +1,496 @@ +{{- define "grafana.pod" -}} +{{- if .Values.schedulerName }} +schedulerName: "{{ .Values.schedulerName }}" +{{- end }} +serviceAccountName: {{ template "grafana.serviceAccountName" . }} +{{- if .Values.securityContext }} +securityContext: +{{ toYaml .Values.securityContext | indent 2 }} +{{- end }} +{{- if .Values.hostAliases }} +hostAliases: +{{ toYaml .Values.hostAliases | indent 2 }} +{{- end }} +{{- if .Values.priorityClassName }} +priorityClassName: {{ .Values.priorityClassName }} +{{- end }} +{{- if ( or .Values.persistence.enabled .Values.dashboards .Values.sidecar.datasources.enabled .Values.sidecar.notifiers.enabled .Values.extraInitContainers) }} +initContainers: +{{- end }} +{{- if ( and .Values.persistence.enabled .Values.initChownData.enabled ) }} + - name: init-chown-data + {{- if .Values.initChownData.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}@sha256:{{ .Values.initChownData.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.initChownData.image.pullPolicy }} + securityContext: + runAsNonRoot: false + runAsUser: 0 + command: ["chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }}", "/var/lib/grafana"] + resources: +{{ toYaml .Values.initChownData.resources | indent 6 }} + volumeMounts: + - name: storage + mountPath: "/var/lib/grafana" +{{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} +{{- end }} +{{- end }} +{{- if .Values.dashboards }} + - name: download-dashboards + {{- if .Values.downloadDashboardsImage.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}@sha256:{{ .Values.downloadDashboardsImage.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.downloadDashboardsImage.pullPolicy }} + command: ["/bin/sh"] + args: [ "-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh /etc/grafana/download_dashboards.sh" ] + resources: +{{ toYaml .Values.downloadDashboards.resources | indent 6 }} + env: +{{- range $key, $value := .Values.downloadDashboards.env }} + - name: "{{ $key }}" + value: "{{ $value }}" +{{- end }} +{{- if .Values.downloadDashboards.envFromSecret }} + envFrom: + - secretRef: + name: {{ tpl .Values.downloadDashboards.envFromSecret . }} +{{- end }} + volumeMounts: + - name: config + mountPath: "/etc/grafana/download_dashboards.sh" + subPath: download_dashboards.sh + - name: storage + mountPath: "/var/lib/grafana" +{{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} +{{- end }} + {{- range .Values.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + readOnly: {{ .readOnly }} + {{- end }} +{{- end }} +{{- if .Values.sidecar.datasources.enabled }} + - name: {{ template "grafana.name" . }}-sc-datasources + {{- if .Values.sidecar.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + {{- if .Values.sidecar.datasources.envFromSecret }} + envFrom: + - secretRef: + name: {{ tpl .Values.sidecar.datasources.envFromSecret . }} + {{- end }} + env: + - name: METHOD + value: LIST + - name: LABEL + value: "{{ .Values.sidecar.datasources.label }}" + {{- if .Values.sidecar.datasources.labelValue }} + - name: LABEL_VALUE + value: {{ quote .Values.sidecar.datasources.labelValue }} + {{- end }} + - name: FOLDER + value: "/etc/grafana/provisioning/datasources" + - name: RESOURCE + value: "both" + {{- if .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ .Values.sidecar.enableUniqueFilenames }}" + {{- end }} + {{- if .Values.sidecar.datasources.searchNamespace }} + - name: NAMESPACE + value: "{{ .Values.sidecar.datasources.searchNamespace }}" + {{- end }} + {{- if .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ .Values.sidecar.skipTlsVerify }}" + {{- end }} + resources: +{{ toYaml .Values.sidecar.resources | indent 6 }} + volumeMounts: + - name: sc-datasources-volume + mountPath: "/etc/grafana/provisioning/datasources" +{{- end}} +{{- if .Values.sidecar.notifiers.enabled }} + - name: {{ template "grafana.name" . }}-sc-notifiers + {{- if .Values.sidecar.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + env: + - name: METHOD + value: LIST + - name: LABEL + value: "{{ .Values.sidecar.notifiers.label }}" + - name: FOLDER + value: "/etc/grafana/provisioning/notifiers" + - name: RESOURCE + value: "both" + {{- if .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ .Values.sidecar.enableUniqueFilenames }}" + {{- end }} + {{- if .Values.sidecar.notifiers.searchNamespace }} + - name: NAMESPACE + value: "{{ .Values.sidecar.notifiers.searchNamespace }}" + {{- end }} + {{- if .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ .Values.sidecar.skipTlsVerify }}" + {{- end }} + resources: +{{ toYaml .Values.sidecar.resources | indent 6 }} + volumeMounts: + - name: sc-notifiers-volume + mountPath: "/etc/grafana/provisioning/notifiers" +{{- end}} +{{- if .Values.extraInitContainers }} +{{ toYaml .Values.extraInitContainers | indent 2 }} +{{- end }} +{{- if .Values.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} + - name: {{ . }} +{{- end}} +{{- end }} +containers: +{{- if .Values.sidecar.dashboards.enabled }} + - name: {{ template "grafana.name" . }}-sc-dashboard + {{- if .Values.sidecar.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + env: + - name: METHOD + value: {{ .Values.sidecar.dashboards.watchMethod }} + - name: LABEL + value: "{{ .Values.sidecar.dashboards.label }}" + {{- if .Values.sidecar.dashboards.labelValue }} + - name: LABEL_VALUE + value: {{ quote .Values.sidecar.dashboards.labelValue }} + {{- end }} + - name: FOLDER + value: "{{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}" + - name: RESOURCE + value: "both" + {{- if .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ .Values.sidecar.enableUniqueFilenames }}" + {{- end }} + {{- if .Values.sidecar.dashboards.searchNamespace }} + - name: NAMESPACE + value: "{{ .Values.sidecar.dashboards.searchNamespace }}" + {{- end }} + {{- if .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ .Values.sidecar.skipTlsVerify }}" + {{- end }} + {{- if .Values.sidecar.dashboards.folderAnnotation }} + - name: FOLDER_ANNOTATION + value: "{{ .Values.sidecar.dashboards.folderAnnotation }}" + {{- end }} + resources: +{{ toYaml .Values.sidecar.resources | indent 6 }} + volumeMounts: + - name: sc-dashboard-volume + mountPath: {{ .Values.sidecar.dashboards.folder | quote }} +{{- end}} + - name: {{ .Chart.Name }} + {{- if .Values.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}@sha256:{{ .Values.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.command }} + command: + {{- range .Values.command }} + - {{ . }} + {{- end }} + {{- end}} +{{- if .Values.containerSecurityContext }} + securityContext: +{{- toYaml .Values.containerSecurityContext | nindent 6 }} +{{- end }} + volumeMounts: + - name: config + mountPath: "/etc/grafana/grafana.ini" + subPath: grafana.ini + {{- if .Values.ldap.enabled }} + - name: ldap + mountPath: "/etc/grafana/ldap.toml" + subPath: ldap.toml + {{- end }} + {{- range .Values.extraConfigmapMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath | default "" }} + readOnly: {{ .readOnly }} + {{- end }} + - name: storage + mountPath: "/var/lib/grafana" +{{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} +{{- end }} +{{- if .Values.dashboards }} +{{- range $provider, $dashboards := .Values.dashboards }} +{{- range $key, $value := $dashboards }} +{{- if (or (hasKey $value "json") (hasKey $value "file")) }} + - name: dashboards-{{ $provider }} + mountPath: "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json" + subPath: "{{ $key }}.json" +{{- end }} +{{- end }} +{{- end }} +{{- end -}} +{{- if .Values.dashboardsConfigMaps }} +{{- range (keys .Values.dashboardsConfigMaps | sortAlpha) }} + - name: dashboards-{{ . }} + mountPath: "/var/lib/grafana/dashboards/{{ . }}" +{{- end }} +{{- end }} +{{- if .Values.datasources }} + - name: config + mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml" + subPath: datasources.yaml +{{- end }} +{{- if .Values.notifiers }} + - name: config + mountPath: "/etc/grafana/provisioning/notifiers/notifiers.yaml" + subPath: notifiers.yaml +{{- end }} +{{- if .Values.dashboardProviders }} + - name: config + mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml" + subPath: dashboardproviders.yaml +{{- end }} +{{- if .Values.sidecar.dashboards.enabled }} + - name: sc-dashboard-volume + mountPath: {{ .Values.sidecar.dashboards.folder | quote }} +{{ if .Values.sidecar.dashboards.SCProvider }} + - name: sc-dashboard-provider + mountPath: "/etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml" + subPath: provider.yaml +{{- end}} +{{- end}} +{{- if .Values.sidecar.datasources.enabled }} + - name: sc-datasources-volume + mountPath: "/etc/grafana/provisioning/datasources" +{{- end}} +{{- if .Values.sidecar.notifiers.enabled }} + - name: sc-notifiers-volume + mountPath: "/etc/grafana/provisioning/notifiers" +{{- end}} + {{- range .Values.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + readOnly: {{ .readOnly }} + subPath: {{ .subPath | default "" }} + {{- end }} + {{- range .Values.extraVolumeMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath | default "" }} + readOnly: {{ .readOnly }} + {{- end }} + {{- range .Values.extraEmptyDirMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + {{- end }} + ports: + - name: {{ .Values.service.portName }} + containerPort: {{ .Values.service.targetPort }} + protocol: TCP + - name: {{ .Values.podPortName }} + containerPort: 3000 + protocol: TCP + env: + {{- if not .Values.env.GF_SECURITY_ADMIN_USER }} + - name: GF_SECURITY_ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.userKey | default "admin-user" }} + {{- end }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) }} + - name: GF_SECURITY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.passwordKey | default "admin-password" }} + {{- end }} + {{- if .Values.plugins }} + - name: GF_INSTALL_PLUGINS + valueFrom: + configMapKeyRef: + name: {{ template "grafana.fullname" . }} + key: plugins + {{- end }} + {{- if .Values.smtp.existingSecret }} + - name: GF_SMTP_USER + valueFrom: + secretKeyRef: + name: {{ .Values.smtp.existingSecret }} + key: {{ .Values.smtp.userKey | default "user" }} + - name: GF_SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.smtp.existingSecret }} + key: {{ .Values.smtp.passwordKey | default "password" }} + {{- end }} + {{ if .Values.imageRenderer.enabled }} + - name: GF_RENDERING_SERVER_URL + value: http://{{ template "grafana.fullname" . }}-image-renderer.{{ template "grafana.namespace" . }}:{{ .Values.imageRenderer.service.port }}/render + - name: GF_RENDERING_CALLBACK_URL + value: http://{{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}:{{ .Values.service.port }}/{{ .Values.imageRenderer.grafanaSubPath }} + {{ end }} + {{- range $key, $value := .Values.envValueFrom }} + - name: {{ $key | quote }} + valueFrom: +{{ toYaml $value | indent 10 }} + {{- end }} +{{- range $key, $value := .Values.env }} + - name: "{{ tpl $key $ }}" + value: "{{ tpl (print $value) $ }}" +{{- end }} + {{- if .Values.envFromSecret }} + envFrom: + - secretRef: + name: {{ tpl .Values.envFromSecret . }} + {{- end }} + {{- if .Values.envRenderSecret }} + envFrom: + - secretRef: + name: {{ template "grafana.fullname" . }}-env + {{- end }} + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 6 }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 6 }} + resources: +{{ toYaml .Values.resources | indent 6 }} +{{- with .Values.extraContainers }} +{{ tpl . $ | indent 2 }} +{{- end }} +nodeSelector: {{ include "linux-node-selector" . | nindent 2 }} +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 2 }} +{{- end }} +{{- with .Values.affinity }} +affinity: +{{ toYaml . | indent 2 }} +{{- end }} +tolerations: {{ include "linux-node-tolerations" . | nindent 2 }} +{{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 2 }} +{{- end }} +volumes: + - name: config + configMap: + name: {{ template "grafana.fullname" . }} +{{- range .Values.extraConfigmapMounts }} + - name: {{ .name }} + configMap: + name: {{ .configMap }} +{{- end }} + {{- if .Values.dashboards }} + {{- range (keys .Values.dashboards | sortAlpha) }} + - name: dashboards-{{ . }} + configMap: + name: {{ template "grafana.fullname" $ }}-dashboards-{{ . }} + {{- end }} + {{- end }} + {{- if .Values.dashboardsConfigMaps }} + {{ $root := . }} + {{- range $provider, $name := .Values.dashboardsConfigMaps }} + - name: dashboards-{{ $provider }} + configMap: + name: {{ tpl $name $root }} + {{- end }} + {{- end }} + {{- if .Values.ldap.enabled }} + - name: ldap + secret: + {{- if .Values.ldap.existingSecret }} + secretName: {{ .Values.ldap.existingSecret }} + {{- else }} + secretName: {{ template "grafana.fullname" . }} + {{- end }} + items: + - key: ldap-toml + path: ldap.toml + {{- end }} +{{- if and .Values.persistence.enabled (eq .Values.persistence.type "pvc") }} + - name: storage + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "grafana.fullname" .) }} +{{- else if and .Values.persistence.enabled (eq .Values.persistence.type "statefulset") }} +# nothing +{{- else }} + - name: storage +{{- if .Values.persistence.inMemory.enabled }} + emptyDir: + medium: Memory +{{- if .Values.persistence.inMemory.sizeLimit }} + sizeLimit: {{ .Values.persistence.inMemory.sizeLimit }} +{{- end -}} +{{- else }} + emptyDir: {} +{{- end -}} +{{- end -}} +{{- if .Values.sidecar.dashboards.enabled }} + - name: sc-dashboard-volume + emptyDir: {} +{{- if .Values.sidecar.dashboards.SCProvider }} + - name: sc-dashboard-provider + configMap: + name: {{ template "grafana.fullname" . }}-config-dashboards +{{- end }} +{{- end }} +{{- if .Values.sidecar.datasources.enabled }} + - name: sc-datasources-volume + emptyDir: {} +{{- end -}} +{{- if .Values.sidecar.notifiers.enabled }} + - name: sc-notifiers-volume + emptyDir: {} +{{- end -}} +{{- range .Values.extraSecretMounts }} +{{- if .secretName }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + defaultMode: {{ .defaultMode }} +{{- else if .projected }} + - name: {{ .name }} + projected: {{- toYaml .projected | nindent 6 }} +{{- else if .csi }} + - name: {{ .name }} + csi: {{- toYaml .csi | nindent 6 }} +{{- end }} +{{- end }} +{{- range .Values.extraVolumeMounts }} + - name: {{ .name }} + persistentVolumeClaim: + claimName: {{ .existingClaim }} +{{- end }} +{{- range .Values.extraEmptyDirMounts }} + - name: {{ .name }} + emptyDir: {} +{{- end -}} +{{- if .Values.extraContainerVolumes }} +{{ toYaml .Values.extraContainerVolumes | indent 2 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/clusterrole.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/clusterrole.yaml new file mode 100755 index 000000000..f09e06563 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/clusterrole.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.rbac.create (not .Values.rbac.namespaced) (not .Values.rbac.useExistingRole) }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + name: {{ template "grafana.fullname" . }}-clusterrole +{{- if or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.rbac.extraClusterRoleRules) }} +rules: +{{- if or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled }} +- apiGroups: [""] # "" indicates the core API group + resources: ["configmaps", "secrets"] + verbs: ["get", "watch", "list"] +{{- end}} +{{- with .Values.rbac.extraClusterRoleRules }} +{{ toYaml . | indent 0 }} +{{- end}} +{{- else }} +rules: [] +{{- end}} +{{- end}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/clusterrolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..4accbfac0 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/clusterrolebinding.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.rbac.create (not .Values.rbac.namespaced) }} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "grafana.fullname" . }}-clusterrolebinding + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +subjects: + - kind: ServiceAccount + name: {{ template "grafana.serviceAccountName" . }} + namespace: {{ template "grafana.namespace" . }} +roleRef: + kind: ClusterRole +{{- if (not .Values.rbac.useExistingRole) }} + name: {{ template "grafana.fullname" . }}-clusterrole +{{- else }} + name: {{ .Values.rbac.useExistingRole }} +{{- end }} + apiGroup: rbac.authorization.k8s.io +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/configmap-dashboard-provider.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/configmap-dashboard-provider.yaml new file mode 100755 index 000000000..65d73858e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/configmap-dashboard-provider.yaml @@ -0,0 +1,29 @@ +{{- if .Values.sidecar.dashboards.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + name: {{ template "grafana.fullname" . }}-config-dashboards + namespace: {{ template "grafana.namespace" . }} +data: + provider.yaml: |- + apiVersion: 1 + providers: + - name: '{{ .Values.sidecar.dashboards.provider.name }}' + orgId: {{ .Values.sidecar.dashboards.provider.orgid }} + {{- if not .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} + folder: '{{ .Values.sidecar.dashboards.provider.folder }}' + {{- end}} + type: {{ .Values.sidecar.dashboards.provider.type }} + disableDeletion: {{ .Values.sidecar.dashboards.provider.disableDelete }} + allowUiUpdates: {{ .Values.sidecar.dashboards.provider.allowUiUpdates }} + updateIntervalSeconds: {{ .Values.sidecar.dashboards.provider.updateIntervalSeconds | default 30 }} + options: + foldersFromFilesStructure: {{ .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} + path: {{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }} +{{- end}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/configmap.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/configmap.yaml new file mode 100755 index 000000000..de32b7ab2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/configmap.yaml @@ -0,0 +1,80 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +data: +{{- if .Values.plugins }} + plugins: {{ join "," .Values.plugins }} +{{- end }} + grafana.ini: | +{{- range $key, $value := index .Values "grafana.ini" }} + [{{ $key }}] + {{- range $elem, $elemVal := $value }} + {{- if kindIs "invalid" $elemVal }} + {{ $elem }} = + {{- else }} + {{ $elem }} = {{ tpl (toYaml $elemVal) $ }} + {{- end }} + {{- end }} +{{- end }} + +{{- if .Values.datasources }} +{{ $root := . }} + {{- range $key, $value := .Values.datasources }} + {{ $key }}: | +{{ tpl (toYaml $value | indent 4) $root }} + {{- end -}} +{{- end -}} + +{{- if .Values.notifiers }} + {{- range $key, $value := .Values.notifiers }} + {{ $key }}: | +{{ toYaml $value | indent 4 }} + {{- end -}} +{{- end -}} + +{{- if .Values.dashboardProviders }} + {{- range $key, $value := .Values.dashboardProviders }} + {{ $key }}: | +{{ toYaml $value | indent 4 }} + {{- end -}} +{{- end -}} + +{{- if .Values.dashboards }} + download_dashboards.sh: | + #!/usr/bin/env sh + set -euf + {{- if .Values.dashboardProviders }} + {{- range $key, $value := .Values.dashboardProviders }} + {{- range $value.providers }} + mkdir -p {{ .options.path }} + {{- end }} + {{- end }} + {{- end }} + + {{- range $provider, $dashboards := .Values.dashboards }} + {{- range $key, $value := $dashboards }} + {{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }} + curl -skf \ + --connect-timeout 60 \ + --max-time 60 \ + {{- if not $value.b64content }} + -H "Accept: application/json" \ + {{- if $value.token }} + -H "Authorization: token {{ $value.token }}" \ + {{- end }} + -H "Content-Type: application/json;charset=UTF-8" \ + {{ end }} + {{- if $value.url -}}"{{ $value.url }}"{{- else -}}"https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download"{{- end -}}{{ if $value.datasource }} | sed '/-- .* --/! s/"datasource":.*,/"datasource": "{{ $value.datasource }}",/g'{{ end }}{{- if $value.b64content -}} | base64 -d {{- end -}} \ + > "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json" + {{- end -}} + {{- end }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/dashboards-json-configmap.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/dashboards-json-configmap.yaml new file mode 100755 index 000000000..59e0be641 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/dashboards-json-configmap.yaml @@ -0,0 +1,35 @@ +{{- if .Values.dashboards }} +{{ $files := .Files }} +{{- range $provider, $dashboards := .Values.dashboards }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "grafana.fullname" $ }}-dashboards-{{ $provider }} + namespace: {{ template "grafana.namespace" $ }} + labels: + {{- include "grafana.labels" $ | nindent 4 }} + dashboard-provider: {{ $provider }} +{{- if $dashboards }} +data: +{{- $dashboardFound := false }} +{{- range $key, $value := $dashboards }} +{{- if (or (hasKey $value "json") (hasKey $value "file")) }} +{{- $dashboardFound = true }} +{{ print $key | indent 2 }}.json: +{{- if hasKey $value "json" }} + |- +{{ $value.json | indent 6 }} +{{- end }} +{{- if hasKey $value "file" }} +{{ toYaml ( $files.Get $value.file ) | indent 4}} +{{- end }} +{{- end }} +{{- end }} +{{- if not $dashboardFound }} + {} +{{- end }} +{{- end }} +--- +{{- end }} + +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/deployment.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/deployment.yaml new file mode 100755 index 000000000..4d77794cd --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/deployment.yaml @@ -0,0 +1,48 @@ +{{ if (or (not .Values.persistence.enabled) (eq .Values.persistence.type "pvc")) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.labels }} +{{ toYaml .Values.labels | indent 4 }} +{{- end }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.replicas }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 6 }} +{{- with .Values.deploymentStrategy }} + strategy: +{{ toYaml . | trim | indent 4 }} +{{- end }} + template: + metadata: + labels: + {{- include "grafana.selectorLabels" . | nindent 8 }} +{{- with .Values.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }} + checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }} +{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} +{{- end }} +{{- if .Values.envRenderSecret }} + checksum/secret-env: {{ include (print $.Template.BasePath "/secret-env.yaml") . | sha256sum }} +{{- end }} +{{- with .Values.podAnnotations }} +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- include "grafana.pod" . | nindent 6 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/headless-service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/headless-service.yaml new file mode 100755 index 000000000..2fa816e04 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/headless-service.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "statefulset")}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "grafana.fullname" . }}-headless + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + clusterIP: None + selector: + {{- include "grafana.selectorLabels" . | nindent 4 }} + type: ClusterIP +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/image-renderer-deployment.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/image-renderer-deployment.yaml new file mode 100755 index 000000000..d17b9dfed --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/image-renderer-deployment.yaml @@ -0,0 +1,117 @@ +{{ if .Values.imageRenderer.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "grafana.fullname" . }}-image-renderer + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.imageRenderer.labels" . | nindent 4 }} +{{- if .Values.imageRenderer.labels }} +{{ toYaml .Values.imageRenderer.labels | indent 4 }} +{{- end }} +{{- with .Values.imageRenderer.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.imageRenderer.replicas }} + revisionHistoryLimit: {{ .Values.imageRenderer.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} +{{- with .Values.imageRenderer.deploymentStrategy }} + strategy: +{{ toYaml . | trim | indent 4 }} +{{- end }} + template: + metadata: + labels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 8 }} +{{- with .Values.imageRenderer.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} +{{- with .Values.imageRenderer.podAnnotations }} +{{ toYaml . | indent 8 }} +{{- end }} + spec: + + {{- if .Values.imageRenderer.schedulerName }} + schedulerName: "{{ .Values.imageRenderer.schedulerName }}" + {{- end }} + {{- if .Values.imageRenderer.serviceAccountName }} + serviceAccountName: "{{ .Values.imageRenderer.serviceAccountName }}" + {{- else }} + serviceAccountName: {{ template "grafana.serviceAccountName" . }} + {{- end }} + {{- if .Values.imageRenderer.securityContext }} + securityContext: + {{ toYaml .Values.imageRenderer.securityContext | indent 2 }} + {{- end }} + {{- if .Values.imageRenderer.hostAliases }} + hostAliases: + {{ toYaml .Values.imageRenderer.hostAliases | indent 2 }} + {{- end }} + {{- if .Values.imageRenderer.priorityClassName }} + priorityClassName: {{ .Values.imageRenderer.priorityClassName }} + {{- end }} + {{- if .Values.imageRenderer.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.imageRenderer.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- end }} + containers: + - name: {{ .Chart.Name }}-image-renderer + {{- if .Values.imageRenderer.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}@sha256:{{ .Values.imageRenderer.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.imageRenderer.image.pullPolicy }} + {{- if .Values.imageRenderer.command }} + command: + {{- range .Values.imageRenderer.command }} + - {{ . }} + {{- end }} + {{- end}} + ports: + - name: {{ .Values.imageRenderer.service.portName }} + containerPort: {{ .Values.imageRenderer.service.port }} + protocol: TCP + env: + - name: HTTP_PORT + value: {{ .Values.imageRenderer.service.port | quote }} + {{- range $key, $value := .Values.imageRenderer.env }} + - name: {{ $key | quote }} + value: {{ $value | quote }} + {{- end }} + securityContext: + capabilities: + drop: ['all'] + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /tmp + name: image-renderer-tmpfs + {{- with .Values.imageRenderer.resources }} + resources: +{{ toYaml . | indent 12 }} + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + {{- if .Values.imageRenderer.nodeSelector }} +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.imageRenderer.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + {{- if .Values.imageRenderer.tolerations }} +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + - name: image-renderer-tmpfs + emptyDir: {} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/image-renderer-network-policy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/image-renderer-network-policy.yaml new file mode 100755 index 000000000..f8ca73aab --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/image-renderer-network-policy.yaml @@ -0,0 +1,76 @@ +{{- if and (.Values.imageRenderer.enabled) (.Values.imageRenderer.networkPolicy.limitIngress) }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "grafana.fullname" . }}-image-renderer-ingress + namespace: {{ template "grafana.namespace" . }} + annotations: + comment: Limit image-renderer ingress traffic from grafana +spec: + podSelector: + matchLabels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} + {{- if .Values.imageRenderer.podLabels }} + {{ toYaml .Values.imageRenderer.podLabels | nindent 6 }} + {{- end }} + + policyTypes: + - Ingress + ingress: + - ports: + - port: {{ .Values.imageRenderer.service.port }} + protocol: TCP + from: + - namespaceSelector: + matchLabels: + name: {{ template "grafana.namespace" . }} + podSelector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 14 }} + {{- if .Values.podLabels }} + {{ toYaml .Values.podLabels | nindent 14 }} + {{- end }} +{{ end }} + +{{- if and (.Values.imageRenderer.enabled) (.Values.imageRenderer.networkPolicy.limitEgress) }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "grafana.fullname" . }}-image-renderer-egress + namespace: {{ template "grafana.namespace" . }} + annotations: + comment: Limit image-renderer egress traffic to grafana +spec: + podSelector: + matchLabels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} + {{- if .Values.imageRenderer.podLabels }} + {{ toYaml .Values.imageRenderer.podLabels | nindent 6 }} + {{- end }} + + policyTypes: + - Egress + egress: + # allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # talk only to grafana + - ports: + - port: {{ .Values.service.port }} + protocol: TCP + to: + - namespaceSelector: + matchLabels: + name: {{ template "grafana.namespace" . }} + podSelector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 14 }} + {{- if .Values.podLabels }} + {{ toYaml .Values.podLabels | nindent 14 }} + {{- end }} +{{ end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/image-renderer-service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/image-renderer-service.yaml new file mode 100755 index 000000000..f5d3eb02f --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/image-renderer-service.yaml @@ -0,0 +1,28 @@ +{{ if .Values.imageRenderer.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "grafana.fullname" . }}-image-renderer + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.imageRenderer.labels" . | nindent 4 }} +{{- if .Values.imageRenderer.service.labels }} +{{ toYaml .Values.imageRenderer.service.labels | indent 4 }} +{{- end }} +{{- with .Values.imageRenderer.service.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + type: ClusterIP + {{- if .Values.imageRenderer.service.clusterIP }} + clusterIP: {{ .Values.imageRenderer.service.clusterIP }} + {{end}} + ports: + - name: {{ .Values.imageRenderer.service.portName }} + port: {{ .Values.imageRenderer.service.port }} + protocol: TCP + targetPort: {{ .Values.imageRenderer.service.targetPort }} + selector: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 4 }} +{{ end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/ingress.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/ingress.yaml new file mode 100755 index 000000000..44ebfc950 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/ingress.yaml @@ -0,0 +1,80 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "grafana.fullname" . -}} +{{- $servicePort := .Values.service.port -}} +{{- $ingressPath := .Values.ingress.path -}} +{{- $ingressPathType := .Values.ingress.pathType -}} +{{- $extraPaths := .Values.ingress.extraPaths -}} +{{- $newAPI := .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} +{{- if $newAPI -}} +apiVersion: networking.k8s.io/v1 +{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" }} +apiVersion: networking.k8s.io/v1beta1 +{{- else }} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.ingress.labels }} +{{ toYaml .Values.ingress.labels | indent 4 }} +{{- end }} + {{- if .Values.ingress.annotations }} + annotations: + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ tpl $value $ | quote }} + {{- end }} + {{- end }} +spec: + {{- if .Values.ingress.ingressClassName }} + ingressClassName: {{ .Values.ingress.ingressClassName }} + {{- end -}} +{{- if .Values.ingress.tls }} + tls: +{{ tpl (toYaml .Values.ingress.tls) $ | indent 4 }} +{{- end }} + rules: + {{- if .Values.ingress.hosts }} + {{- range .Values.ingress.hosts }} + - host: {{ tpl . $}} + http: + paths: +{{ if $extraPaths }} +{{ toYaml $extraPaths | indent 10 }} +{{- end }} + - path: {{ $ingressPath }} + {{- if $newAPI }} + pathType: {{ $ingressPathType }} + {{- end }} + backend: + {{- if $newAPI }} + service: + name: {{ $fullName }} + port: + number: {{ $servicePort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- end }} + {{- else }} + - http: + paths: + - backend: + {{- if $newAPI }} + service: + name: {{ $fullName }} + port: + number: {{ $servicePort }} + pathType: {{ $ingressPathType }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- if $ingressPath }} + path: {{ $ingressPath }} + {{- end }} + {{- end -}} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/nginx-config.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/nginx-config.yaml new file mode 100755 index 000000000..f847c51ce --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/nginx-config.yaml @@ -0,0 +1,75 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-nginx-proxy-config + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +data: + nginx.conf: |- + worker_processes auto; + error_log /dev/stdout warn; + pid /var/cache/nginx/nginx.pid; + + events { + worker_connections 1024; + } + + http { + include /etc/nginx/mime.types; + log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)'; + + proxy_connect_timeout 10; + proxy_read_timeout 180; + proxy_send_timeout 5; + proxy_buffering off; + proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g; + + server { + listen 8080; + access_log off; + + gzip on; + gzip_min_length 1k; + gzip_comp_level 2; + gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png; + gzip_vary on; + gzip_disable "MSIE [1-6]\."; + + proxy_set_header Host $host; + + location /api/dashboards { + proxy_pass http://localhost:3000; + } + + location /api/search { + proxy_pass http://localhost:3000; + + sub_filter_types application/json; + sub_filter_once off; + sub_filter '"url":"/d' '"url":"d'; + } + + location / { + proxy_cache my_zone; + proxy_cache_valid 200 302 1d; + proxy_cache_valid 301 30d; + proxy_cache_valid any 5m; + proxy_cache_bypass $http_cache_control; + add_header X-Proxy-Cache $upstream_cache_status; + add_header Cache-Control "public"; + + proxy_pass http://localhost:3000/; + + sub_filter_types text/html; + sub_filter_once off; + sub_filter '"appSubUrl":""' '"appSubUrl":"."'; + sub_filter '"url":"/' '"url":"./'; + sub_filter ':"/avatar/' ':"avatar/'; + + if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) { + expires 90d; + } + } + } + } diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/poddisruptionbudget.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/poddisruptionbudget.yaml new file mode 100755 index 000000000..61813a436 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/poddisruptionbudget.yaml @@ -0,0 +1,22 @@ +{{- if .Values.podDisruptionBudget }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.labels }} +{{ toYaml .Values.labels | indent 4 }} +{{- end }} +spec: +{{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} +{{- end }} +{{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} +{{- end }} + selector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/podsecuritypolicy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/podsecuritypolicy.yaml new file mode 100755 index 000000000..19da50791 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/podsecuritypolicy.yaml @@ -0,0 +1,49 @@ +{{- if .Values.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.rbac.pspAnnotations }} + annotations: {{ toYaml .Values.rbac.pspAnnotations | nindent 4 }} +{{- end }} +spec: + privileged: false + allowPrivilegeEscalation: false + requiredDropCapabilities: + # Default set from Docker, without DAC_OVERRIDE or CHOWN + - FOWNER + - FSETID + - KILL + - SETGID + - SETUID + - SETPCAP + - NET_BIND_SERVICE + - NET_RAW + - SYS_CHROOT + - MKNOD + - AUDIT_WRITE + - SETFCAP + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'csi' + - 'secret' + - 'downwardAPI' + - 'persistentVolumeClaim' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'RunAsAny' + fsGroup: + rule: 'RunAsAny' + readOnlyRootFilesystem: false +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/pvc.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/pvc.yaml new file mode 100755 index 000000000..8d93f5c23 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/pvc.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "pvc")}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} + {{- with .Values.persistence.annotations }} + annotations: +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .Values.persistence.finalizers }} + finalizers: +{{ toYaml . | indent 4 }} + {{- end }} +spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.storageClassName }} + storageClassName: {{ .Values.persistence.storageClassName }} + {{- end -}} + {{- with .Values.persistence.selectorLabels }} + selector: + matchLabels: +{{ toYaml . | indent 6 }} + {{- end }} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/role.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/role.yaml new file mode 100755 index 000000000..54c3fb0b2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/role.yaml @@ -0,0 +1,32 @@ +{{- if and .Values.rbac.create (not .Values.rbac.useExistingRole) -}} +apiVersion: {{ template "rbac.apiVersion" . }} +kind: Role +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +{{- if or .Values.rbac.pspEnabled (and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.rbac.extraRoleRules))) }} +rules: +{{- if .Values.rbac.pspEnabled }} +- apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ template "grafana.fullname" . }}] +{{- end }} +{{- if and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled) }} +- apiGroups: [""] # "" indicates the core API group + resources: ["configmaps", "secrets"] + verbs: ["get", "watch", "list"] +{{- end }} +{{- with .Values.rbac.extraRoleRules }} +{{ toYaml . | indent 0 }} +{{- end}} +{{- else }} +rules: [] +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/rolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/rolebinding.yaml new file mode 100755 index 000000000..34f1ad6f8 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/rolebinding.yaml @@ -0,0 +1,25 @@ +{{- if .Values.rbac.create -}} +apiVersion: {{ template "rbac.apiVersion" . }} +kind: RoleBinding +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role +{{- if (not .Values.rbac.useExistingRole) }} + name: {{ template "grafana.fullname" . }} +{{- else }} + name: {{ .Values.rbac.useExistingRole }} +{{- end }} +subjects: +- kind: ServiceAccount + name: {{ template "grafana.serviceAccountName" . }} + namespace: {{ template "grafana.namespace" . }} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/secret-env.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/secret-env.yaml new file mode 100755 index 000000000..5c09313e6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/secret-env.yaml @@ -0,0 +1,14 @@ +{{- if .Values.envRenderSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "grafana.fullname" . }}-env + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +type: Opaque +data: +{{- range $key, $val := .Values.envRenderSecret }} + {{ $key }}: {{ $val | b64enc | quote }} +{{- end -}} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/secret.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/secret.yaml new file mode 100755 index 000000000..4fdd817da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/secret.yaml @@ -0,0 +1,22 @@ +{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +type: Opaque +data: + {{- if and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }} + admin-user: {{ .Values.adminUser | b64enc | quote }} + {{- if .Values.adminPassword }} + admin-password: {{ .Values.adminPassword | b64enc | quote }} + {{- else }} + admin-password: {{ randAlphaNum 40 | b64enc | quote }} + {{- end }} + {{- end }} + {{- if not .Values.ldap.existingSecret }} + ldap-toml: {{ tpl .Values.ldap.config $ | b64enc | quote }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/service.yaml new file mode 100755 index 000000000..276456698 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/service.yaml @@ -0,0 +1,50 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.service.labels }} +{{ toYaml .Values.service.labels | indent 4 }} +{{- end }} +{{- with .Values.service.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }} + type: ClusterIP + {{- if .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{end}} +{{- else if eq .Values.service.type "LoadBalancer" }} + type: {{ .Values.service.type }} + {{- if .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.service.type }} +{{- end }} +{{- if .Values.service.externalIPs }} + externalIPs: +{{ toYaml .Values.service.externalIPs | indent 4 }} +{{- end }} + ports: + - name: {{ .Values.service.portName }} + port: {{ .Values.service.port }} + protocol: TCP + targetPort: {{ .Values.service.targetPort }} +{{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} + nodePort: {{.Values.service.nodePort}} +{{ end }} + {{- if .Values.extraExposePorts }} + {{- tpl (toYaml .Values.extraExposePorts) . | indent 4 }} + {{- end }} + selector: + {{- include "grafana.selectorLabels" . | nindent 4 }} + diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/serviceaccount.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/serviceaccount.yaml new file mode 100755 index 000000000..7576eeef0 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.serviceAccount.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + name: {{ template "grafana.serviceAccountName" . }} + namespace: {{ template "grafana.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/servicemonitor.yaml new file mode 100755 index 000000000..23288523f --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/servicemonitor.yaml @@ -0,0 +1,40 @@ +{{- if .Values.serviceMonitor.enabled }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "grafana.fullname" . }} + {{- if .Values.serviceMonitor.namespace }} + namespace: {{ .Values.serviceMonitor.namespace }} + {{- end }} + labels: + {{- include "grafana.labels" . | nindent 4 }} + {{- if .Values.serviceMonitor.labels }} + {{- toYaml .Values.serviceMonitor.labels | nindent 4 }} + {{- end }} +spec: + endpoints: + - interval: {{ .Values.serviceMonitor.interval }} + {{- if .Values.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} + {{- end }} + honorLabels: true + port: {{ .Values.service.portName }} + path: {{ .Values.serviceMonitor.path }} + scheme: {{ .Values.serviceMonitor.scheme }} + {{- if .Values.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml .Values.serviceMonitor.tlsConfig | nindent 6 }} + {{- end }} + {{- if .Values.serviceMonitor.relabelings }} + relabelings: + {{- toYaml .Values.serviceMonitor.relabelings | nindent 4 }} + {{- end }} + jobLabel: "{{ .Release.Name }}" + selector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 8 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/statefulset.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/statefulset.yaml new file mode 100755 index 000000000..b2b4616f3 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/statefulset.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "statefulset")}} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 6 }} + serviceName: {{ template "grafana.fullname" . }}-headless + template: + metadata: + labels: + {{- include "grafana.selectorLabels" . | nindent 8 }} +{{- with .Values.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }} + checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }} + {{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} +{{- end }} +{{- with .Values.podAnnotations }} +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- include "grafana.pod" . | nindent 6 }} + volumeClaimTemplates: + - metadata: + name: storage + spec: + accessModes: {{ .Values.persistence.accessModes }} + storageClassName: {{ .Values.persistence.storageClassName }} + resources: + requests: + storage: {{ .Values.persistence.size }} + {{- with .Values.persistence.selectorLabels }} + selector: + matchLabels: +{{ toYaml . | indent 10 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-configmap.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-configmap.yaml new file mode 100755 index 000000000..ff53aaf1b --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-configmap.yaml @@ -0,0 +1,17 @@ +{{- if .Values.testFramework.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "grafana.fullname" . }}-test + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +data: + run.sh: |- + @test "Test Health" { + url="http://{{ template "grafana.fullname" . }}/api/health" + + code=$(wget --server-response --spider --timeout 10 --tries 1 ${url} 2>&1 | awk '/^ HTTP/{print $2}') + [ "$code" == "200" ] + } +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-podsecuritypolicy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-podsecuritypolicy.yaml new file mode 100755 index 000000000..1acd65128 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-podsecuritypolicy.yaml @@ -0,0 +1,30 @@ +{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "grafana.fullname" . }}-test + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +spec: + allowPrivilegeEscalation: true + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + fsGroup: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + runAsUser: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - projected + - csi + - secret +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-role.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-role.yaml new file mode 100755 index 000000000..6b10677ae --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-role.yaml @@ -0,0 +1,14 @@ +{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "grafana.fullname" . }}-test + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ template "grafana.fullname" . }}-test] +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-rolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-rolebinding.yaml new file mode 100755 index 000000000..58fa5e78b --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-rolebinding.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "grafana.fullname" . }}-test + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "grafana.fullname" . }}-test +subjects: +- kind: ServiceAccount + name: {{ template "grafana.serviceAccountNameTest" . }} + namespace: {{ template "grafana.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-serviceaccount.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-serviceaccount.yaml new file mode 100755 index 000000000..5c3350733 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-serviceaccount.yaml @@ -0,0 +1,9 @@ +{{- if and .Values.testFramework.enabled .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "grafana.labels" . | nindent 4 }} + name: {{ template "grafana.serviceAccountNameTest" . }} + namespace: {{ template "grafana.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test.yaml new file mode 100755 index 000000000..cdc86e5f2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test.yaml @@ -0,0 +1,48 @@ +{{- if .Values.testFramework.enabled }} +apiVersion: v1 +kind: Pod +metadata: + name: {{ template "grafana.fullname" . }}-test + labels: + {{- include "grafana.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test-success + namespace: {{ template "grafana.namespace" . }} +spec: + serviceAccountName: {{ template "grafana.serviceAccountNameTest" . }} + {{- if .Values.testFramework.securityContext }} + securityContext: {{ toYaml .Values.testFramework.securityContext | nindent 4 }} + {{- end }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 4 }} + {{- end }} + containers: + - name: {{ .Release.Name }}-test + image: "{{ .Values.testFramework.image}}:{{ .Values.testFramework.tag }}" + imagePullPolicy: "{{ .Values.testFramework.imagePullPolicy}}" + command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"] + volumeMounts: + - mountPath: /tests + name: tests + readOnly: true + volumes: + - name: tests + configMap: + name: {{ template "grafana.fullname" . }}-test + restartPolicy: Never +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/values.yaml new file mode 100755 index 000000000..9491c1a1f --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/values.yaml @@ -0,0 +1,732 @@ +global: + cattle: + systemDefaultRegistry: "" + +autoscaling: + enabled: false +rbac: + create: true + ## Use an existing ClusterRole/Role (depending on rbac.namespaced false/true) + # useExistingRole: name-of-some-(cluster)role + pspEnabled: true + pspAnnotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + namespaced: false + extraRoleRules: [] + # - apiGroups: [] + # resources: [] + # verbs: [] + extraClusterRoleRules: [] + # - apiGroups: [] + # resources: [] + # verbs: [] +serviceAccount: + create: true + name: + nameTest: +# annotations: +# eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here + +replicas: 1 + +## See `kubectl explain poddisruptionbudget.spec` for more +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +podDisruptionBudget: {} +# minAvailable: 1 +# maxUnavailable: 1 + +## See `kubectl explain deployment.spec.strategy` for more +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +deploymentStrategy: + type: RollingUpdate + +readinessProbe: + httpGet: + path: /api/health + port: 3000 + +livenessProbe: + httpGet: + path: /api/health + port: 3000 + initialDelaySeconds: 60 + timeoutSeconds: 30 + failureThreshold: 10 + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: "default-scheduler" + +image: + repository: rancher/mirrored-grafana-grafana + tag: 7.4.5 + sha: "" + pullPolicy: IfNotPresent + + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistrKeySecretName + +testFramework: + enabled: true + image: "rancher/mirrored-bats-bats" + tag: "v1.1.0" + imagePullPolicy: IfNotPresent + securityContext: + runAsNonRoot: true + runAsUser: 1000 + +securityContext: + runAsNonRoot: true + runAsUser: 472 + runAsGroup: 472 + fsGroup: 472 + +containerSecurityContext: + {} + +extraConfigmapMounts: [] + # - name: certs-configmap + # mountPath: /etc/grafana/ssl/ + # subPath: certificates.crt # (optional) + # configMap: certs-configmap + # readOnly: true + + +extraEmptyDirMounts: [] + # - name: provisioning-notifiers + # mountPath: /etc/grafana/provisioning/notifiers + + +# Apply extra labels to common labels. +extraLabels: {} + +## Assign a PriorityClassName to pods if set +# priorityClassName: + +downloadDashboardsImage: + repository: rancher/mirrored-curlimages-curl + tag: 7.73.0 + sha: "" + pullPolicy: IfNotPresent + +downloadDashboards: + env: {} + envFromSecret: "" + resources: {} + +## Pod Annotations +# podAnnotations: {} + +## Pod Labels +# podLabels: {} + +podPortName: grafana + +## Deployment annotations +# annotations: {} + +## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service). +## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it. +## ref: http://kubernetes.io/docs/user-guide/services/ +## +service: + type: ClusterIP + port: 80 + targetPort: 3000 + # targetPort: 4181 To be used with a proxy extraContainer + annotations: {} + labels: {} + portName: service + +serviceMonitor: + ## If true, a ServiceMonitor CRD is created for a prometheus operator + ## https://github.com/coreos/prometheus-operator + ## + enabled: false + path: /metrics + # namespace: monitoring (defaults to use the namespace this chart is deployed to) + labels: {} + interval: 1m + scheme: http + tlsConfig: {} + scrapeTimeout: 30s + relabelings: [] + +extraExposePorts: [] + # - name: keycloak + # port: 8080 + # targetPort: 8080 + # type: ClusterIP + +# overrides pod.spec.hostAliases in the grafana deployment's pods +hostAliases: [] + # - ip: "1.2.3.4" + # hostnames: + # - "my.host.com" + +ingress: + enabled: false + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + # Values can be templated + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: / + + # pathType is only for k8s > 1.19 + pathType: Prefix + + hosts: + - chart-example.local + ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + ## Or for k8s > 1.19 + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: service + + + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +## Node labels for pod assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +# +nodeSelector: {} + +## Tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +## Affinity for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} + +extraInitContainers: [] + +## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod +extraContainers: | +# - name: proxy +# image: quay.io/gambol99/keycloak-proxy:latest +# args: +# - -provider=github +# - -client-id= +# - -client-secret= +# - -github-org= +# - -email-domain=* +# - -cookie-secret= +# - -http-address=http://0.0.0.0:4181 +# - -upstream-url=http://127.0.0.1:3000 +# ports: +# - name: proxy-web +# containerPort: 4181 + +## Volumes that can be used in init containers that will not be mounted to deployment pods +extraContainerVolumes: [] +# - name: volume-from-secret +# secret: +# secretName: secret-to-mount +# - name: empty-dir-volume +# emptyDir: {} + +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + type: pvc + enabled: false + # storageClassName: default + accessModes: + - ReadWriteOnce + size: 10Gi + # annotations: {} + finalizers: + - kubernetes.io/pvc-protection + # selectorLabels: {} + # subPath: "" + # existingClaim: + + ## If persistence is not enabled, this allows to mount the + ## local storage in-memory to improve performance + ## + inMemory: + enabled: false + ## The maximum usage on memory medium EmptyDir would be + ## the minimum value between the SizeLimit specified + ## here and the sum of memory limits of all containers in a pod + ## + # sizeLimit: 300Mi + +initChownData: + ## If false, data ownership will not be reset at startup + ## This allows the prometheus-server to be run with an arbitrary user + ## + enabled: true + + ## initChownData container image + ## + image: + repository: rancher/mirrored-library-busybox + tag: "1.31.1" + sha: "" + pullPolicy: IfNotPresent + + ## initChownData resource requests and limits + ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + +# Administrator credentials when not using an existing secret (see below) +adminUser: admin +# adminPassword: strongpassword + +# Use an existing secret for the admin user. +admin: + existingSecret: "" + userKey: admin-user + passwordKey: admin-password + +## Define command to be executed at startup by grafana container +## Needed if using `vault-env` to manage secrets (ref: https://banzaicloud.com/blog/inject-secrets-into-pods-vault/) +## Default is "run.sh" as defined in grafana's Dockerfile +# command: +# - "sh" +# - "/run.sh" + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## Extra environment variables that will be pass onto deployment pods +## +## to provide grafana with access to CloudWatch on AWS EKS: +## 1. create an iam role of type "Web identity" with provider oidc.eks.* (note the provider for later) +## 2. edit the "Trust relationships" of the role, add a line inside the StringEquals clause using the +## same oidc eks provider as noted before (same as the existing line) +## also, replace NAMESPACE and prometheus-operator-grafana with the service account namespace and name +## +## "oidc.eks.us-east-1.amazonaws.com/id/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:sub": "system:serviceaccount:NAMESPACE:prometheus-operator-grafana", +## +## 3. attach a policy to the role, you can use a built in policy called CloudWatchReadOnlyAccess +## 4. use the following env: (replace 123456789000 and iam-role-name-here with your aws account number and role name) +## +## env: +## AWS_ROLE_ARN: arn:aws:iam::123456789000:role/iam-role-name-here +## AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token +## AWS_REGION: us-east-1 +## +## 5. uncomment the EKS section in extraSecretMounts: below +## 6. uncomment the annotation section in the serviceAccount: above +## make sure to replace arn:aws:iam::123456789000:role/iam-role-name-here with your role arn + +env: {} + +## "valueFrom" environment variable references that will be added to deployment pods +## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core +## Renders in container spec as: +## env: +## ... +## - name: +## valueFrom: +## +envValueFrom: {} + +## The name of a secret in the same kubernetes namespace which contain values to be added to the environment +## This can be useful for auth tokens, etc. Value is templated. +envFromSecret: "" + +## Sensible environment variables that will be rendered as new secret object +## This can be useful for auth tokens, etc +envRenderSecret: {} + +## Additional grafana server secret mounts +# Defines additional mounts with secrets. Secrets must be manually created in the namespace. +extraSecretMounts: [] + # - name: secret-files + # mountPath: /etc/secrets + # secretName: grafana-secret-files + # readOnly: true + # subPath: "" + # + # for AWS EKS (cloudwatch) use the following (see also instruction in env: above) + # - name: aws-iam-token + # mountPath: /var/run/secrets/eks.amazonaws.com/serviceaccount + # readOnly: true + # projected: + # defaultMode: 420 + # sources: + # - serviceAccountToken: + # audience: sts.amazonaws.com + # expirationSeconds: 86400 + # path: token + # + # for CSI e.g. Azure Key Vault use the following + # - name: secrets-store-inline + # mountPath: /run/secrets + # readOnly: true + # csi: + # driver: secrets-store.csi.k8s.io + # readOnly: true + # volumeAttributes: + # secretProviderClass: "akv-grafana-spc" + # nodePublishSecretRef: # Only required when using service principal mode + # name: grafana-akv-creds # Only required when using service principal mode + +## Additional grafana server volume mounts +# Defines additional volume mounts. +extraVolumeMounts: [] + # - name: extra-volume + # mountPath: /mnt/volume + # readOnly: true + # existingClaim: volume-claim + +## Pass the plugins you want installed as a list. +## +plugins: [] + # - digrich-bubblechart-panel + # - grafana-clock-panel + +## Configure grafana datasources +## ref: http://docs.grafana.org/administration/provisioning/#datasources +## +datasources: {} +# datasources.yaml: +# apiVersion: 1 +# datasources: +# - name: Prometheus +# type: prometheus +# url: http://prometheus-prometheus-server +# access: proxy +# isDefault: true +# - name: CloudWatch +# type: cloudwatch +# access: proxy +# uid: cloudwatch +# editable: false +# jsonData: +# authType: credentials +# defaultRegion: us-east-1 + +## Configure notifiers +## ref: http://docs.grafana.org/administration/provisioning/#alert-notification-channels +## +notifiers: {} +# notifiers.yaml: +# notifiers: +# - name: email-notifier +# type: email +# uid: email1 +# # either: +# org_id: 1 +# # or +# org_name: Main Org. +# is_default: true +# settings: +# addresses: an_email_address@example.com +# delete_notifiers: + +## Configure grafana dashboard providers +## ref: http://docs.grafana.org/administration/provisioning/#dashboards +## +## `path` must be /var/lib/grafana/dashboards/ +## +dashboardProviders: {} +# dashboardproviders.yaml: +# apiVersion: 1 +# providers: +# - name: 'default' +# orgId: 1 +# folder: '' +# type: file +# disableDeletion: false +# editable: true +# options: +# path: /var/lib/grafana/dashboards/default + +## Configure grafana dashboard to import +## NOTE: To use dashboards you must also enable/configure dashboardProviders +## ref: https://grafana.com/dashboards +## +## dashboards per provider, use provider name as key. +## +dashboards: {} + # default: + # some-dashboard: + # json: | + # $RAW_JSON + # custom-dashboard: + # file: dashboards/custom-dashboard.json + # prometheus-stats: + # gnetId: 2 + # revision: 2 + # datasource: Prometheus + # local-dashboard: + # url: https://example.com/repository/test.json + # token: '' + # local-dashboard-base64: + # url: https://example.com/repository/test-b64.json + # token: '' + # b64content: true + +## Reference to external ConfigMap per provider. Use provider name as key and ConfigMap name as value. +## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both. +## ConfigMap data example: +## +## data: +## example-dashboard.json: | +## RAW_JSON +## +dashboardsConfigMaps: {} +# default: "" + +## Grafana's primary configuration +## NOTE: values in map will be converted to ini format +## ref: http://docs.grafana.org/installation/configuration/ +## +grafana.ini: + paths: + data: /var/lib/grafana/data + logs: /var/log/grafana + plugins: /var/lib/grafana/plugins + provisioning: /etc/grafana/provisioning + analytics: + check_for_updates: true + log: + mode: console + grafana_net: + url: https://grafana.net +## grafana Authentication can be enabled with the following values on grafana.ini + # server: + # The full public facing url you use in browser, used for redirects and emails + # root_url: + # https://grafana.com/docs/grafana/latest/auth/github/#enable-github-in-grafana + # auth.github: + # enabled: false + # allow_sign_up: false + # scopes: user:email,read:org + # auth_url: https://github.com/login/oauth/authorize + # token_url: https://github.com/login/oauth/access_token + # api_url: https://api.github.com/user + # team_ids: + # allowed_organizations: + # client_id: + # client_secret: +## LDAP Authentication can be enabled with the following values on grafana.ini +## NOTE: Grafana will fail to start if the value for ldap.toml is invalid + # auth.ldap: + # enabled: true + # allow_sign_up: true + # config_file: /etc/grafana/ldap.toml + +## Grafana's LDAP configuration +## Templated by the template in _helpers.tpl +## NOTE: To enable the grafana.ini must be configured with auth.ldap.enabled +## ref: http://docs.grafana.org/installation/configuration/#auth-ldap +## ref: http://docs.grafana.org/installation/ldap/#configuration +ldap: + enabled: false + # `existingSecret` is a reference to an existing secret containing the ldap configuration + # for Grafana in a key `ldap-toml`. + existingSecret: "" + # `config` is the content of `ldap.toml` that will be stored in the created secret + config: "" + # config: |- + # verbose_logging = true + + # [[servers]] + # host = "my-ldap-server" + # port = 636 + # use_ssl = true + # start_tls = false + # ssl_skip_verify = false + # bind_dn = "uid=%s,ou=users,dc=myorg,dc=com" + +## Grafana's SMTP configuration +## NOTE: To enable, grafana.ini must be configured with smtp.enabled +## ref: http://docs.grafana.org/installation/configuration/#smtp +smtp: + # `existingSecret` is a reference to an existing secret containing the smtp configuration + # for Grafana. + existingSecret: "" + userKey: "user" + passwordKey: "password" + +## Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders +## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards +sidecar: + image: + repository: rancher/mirrored-kiwigrid-k8s-sidecar + tag: 1.10.7 + sha: "" + imagePullPolicy: IfNotPresent + resources: {} +# limits: +# cpu: 100m +# memory: 100Mi +# requests: +# cpu: 50m +# memory: 50Mi + # skipTlsVerify Set to true to skip tls verification for kube api calls + # skipTlsVerify: true + enableUniqueFilenames: false + dashboards: + enabled: false + SCProvider: true + # label that the configmaps with dashboards are marked with + label: grafana_dashboard + # value of label that the configmaps with dashboards are set to + labelValue: null + # folder in the pod that should hold the collected dashboards (unless `defaultFolderName` is set) + folder: /tmp/dashboards + # The default folder name, it will create a subfolder under the `folder` and put dashboards in there instead + defaultFolderName: null + # If specified, the sidecar will search for dashboard config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces + searchNamespace: null + # If specified, the sidecar will look for annotation with this name to create folder and put graph here. + # You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure. + folderAnnotation: null + # provider configuration that lets grafana manage the dashboards + provider: + # name of the provider, should be unique + name: sidecarProvider + # orgid as configured in grafana + orgid: 1 + # folder in which the dashboards should be imported in grafana + folder: '' + # type of the provider + type: file + # disableDelete to activate a import-only behaviour + disableDelete: false + # allow updating provisioned dashboards from the UI + allowUiUpdates: false + # allow Grafana to replicate dashboard structure from filesystem + foldersFromFilesStructure: false + datasources: + enabled: false + # label that the configmaps with datasources are marked with + label: grafana_datasource + # value of label that the configmaps with datasources are set to + labelValue: null + # If specified, the sidecar will search for datasource config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces + searchNamespace: null + + ## The name of a secret in the same kubernetes namespace which contain values to be added to the environment + ## This can be useful for database passwords, etc. Value is templated. + envFromSecret: "" + notifiers: + enabled: false + # label that the configmaps with notifiers are marked with + label: grafana_notifier + # If specified, the sidecar will search for notifier config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces + searchNamespace: null + +## Override the deployment namespace +## +namespaceOverride: "" + +## Number of old ReplicaSets to retain +## +revisionHistoryLimit: 10 + +## Add a seperate remote image renderer deployment/service +imageRenderer: + # Enable the image-renderer deployment & service + enabled: false + replicas: 1 + image: + # image-renderer Image repository + repository: rancher/mirrored-grafana-grafana-image-renderer + # image-renderer Image tag + tag: 2.0.1 + # image-renderer Image sha (optional) + sha: "" + # image-renderer ImagePullPolicy + pullPolicy: Always + # extra environment variables + env: + HTTP_HOST: "0.0.0.0" + # RENDERING_ARGS: --disable-gpu,--window-size=1280x758 + # RENDERING_MODE: clustered + # image-renderer deployment serviceAccount + serviceAccountName: "" + # image-renderer deployment securityContext + securityContext: {} + # image-renderer deployment Host Aliases + hostAliases: [] + # image-renderer deployment priority class + priorityClassName: '' + service: + # image-renderer service port name + portName: 'http' + # image-renderer service port used by both service and deployment + port: 8081 + targetPort: 8081 + # In case a sub_path is used this needs to be added to the image renderer callback + grafanaSubPath: "" + # name of the image-renderer port on the pod + podPortName: http + # number of image-renderer replica sets to keep + revisionHistoryLimit: 10 + networkPolicy: + # Enable a NetworkPolicy to limit inbound traffic to only the created grafana pods + limitIngress: true + # Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods + limitEgress: false + resources: {} +# limits: +# cpu: 100m +# memory: 100Mi +# requests: +# cpu: 50m +# memory: 50Mi diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/Chart.yaml new file mode 100755 index 000000000..56ff36fc7 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: k3sServer +type: application +version: 0.1.3 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/README.md new file mode 100755 index 000000000..dcecc69da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/README.md @@ -0,0 +1,54 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/_helpers.tpl new file mode 100755 index 000000000..f77b8edf4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/_helpers.tpl @@ -0,0 +1,87 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) .Release.Namespace (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-clients-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-clients-rbac.yaml new file mode 100755 index 000000000..95346dee6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,74 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-clients.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-clients.yaml new file mode 100755 index 000000000..ed78792e5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-clients.yaml @@ -0,0 +1,135 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-proxy-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-proxy-rbac.yaml new file mode 100755 index 000000000..a3509c160 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-proxy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-proxy.yaml new file mode 100755 index 000000000..571e13138 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-servicemonitor.yaml new file mode 100755 index 000000000..2f3d7e54c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + proxyUrl: {{ template "pushProxy.proxyUrl" . }} + {{- if .Values.clients.https.enabled }} + params: + _scheme: [https] + {{- end }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/values.yaml new file mode 100755 index 000000000..e1bcf79a5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/values.yaml @@ -0,0 +1,86 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher1-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher1-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/.helmignore new file mode 100755 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/Chart.yaml new file mode 100755 index 000000000..1e90053e9 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/Chart.yaml @@ -0,0 +1,24 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-kube-state-metrics +apiVersion: v1 +appVersion: 1.9.8 +description: Install kube-state-metrics to generate and expose cluster-level metrics +home: https://github.com/kubernetes/kube-state-metrics/ +keywords: +- metric +- monitoring +- prometheus +- kubernetes +maintainers: +- email: tariq.ibrahim@mulesoft.com + name: tariq1890 +- email: manuel@rueg.eu + name: mrueg +name: kube-state-metrics +sources: +- https://github.com/kubernetes/kube-state-metrics/ +version: 2.13.1 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/LICENSE b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/LICENSE new file mode 100755 index 000000000..393b7a33b --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright The Helm Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/README.md new file mode 100755 index 000000000..e93a3d252 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/README.md @@ -0,0 +1,66 @@ +# kube-state-metrics Helm Chart + +Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics). + +## Get Repo Info + +```console +helm repo add kube-state-metrics https://kubernetes.github.io/kube-state-metrics +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Install Chart + +```console +# Helm 3 +$ helm install [RELEASE_NAME] kube-state-metrics/kube-state-metrics [flags] + +# Helm 2 +$ helm install --name [RELEASE_NAME] kube-state-metrics/kube-state-metrics [flags] +``` + +_See [configuration](#configuration) below._ + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +## Uninstall Chart + +```console +# Helm 3 +$ helm uninstall [RELEASE_NAME] + +# Helm 2 +# helm delete --purge [RELEASE_NAME] +``` + +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ + +## Upgrading Chart + +```console +# Helm 3 or 2 +$ helm upgrade [RELEASE_NAME] kube-state-metrics/kube-state-metrics [flags] +``` + +_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ + +### From stable/kube-state-metrics + +You can upgrade in-place: + +1. [get repo info](#get-repo-info) +1. [upgrade](#upgrading-chart) your existing release name using the new chart repo + +## Configuration + +See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments: + +```console +helm show values kube-state-metrics/kube-state-metrics +``` + +You may also `helm show values` on this chart's [dependencies](#dependencies) for additional options. diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/NOTES.txt b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/NOTES.txt new file mode 100755 index 000000000..5a646e0cc --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/NOTES.txt @@ -0,0 +1,10 @@ +kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. +The exposed metrics can be found here: +https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics + +The metrics are exported on the HTTP endpoint /metrics on the listening port. +In your case, {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc.cluster.local:{{ .Values.service.port }}/metrics + +They are served either as plaintext or protobuf depending on the Accept header. +They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. + diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/_helpers.tpl new file mode 100755 index 000000000..4f76b188b --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/_helpers.tpl @@ -0,0 +1,76 @@ +# Rancher +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "kube-state-metrics.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kube-state-metrics.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "kube-state-metrics.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "kube-state-metrics.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "kube-state-metrics.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/clusterrolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..af158c512 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/clusterrolebinding.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.rbac.create .Values.rbac.useClusterRole -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: {{ template "kube-state-metrics.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole +{{- if .Values.rbac.useExistingRole }} + name: {{ .Values.rbac.useExistingRole }} +{{- else }} + name: {{ template "kube-state-metrics.fullname" . }} +{{- end }} +subjects: +- kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/deployment.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/deployment.yaml new file mode 100755 index 000000000..4ab55291b --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/deployment.yaml @@ -0,0 +1,217 @@ +apiVersion: apps/v1 +{{- if .Values.autosharding.enabled }} +kind: StatefulSet +{{- else }} +kind: Deployment +{{- end }} +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" + app.kubernetes.io/version: "{{ .Chart.AppVersion }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + replicas: {{ .Values.replicas }} +{{- if .Values.autosharding.enabled }} + serviceName: {{ template "kube-state-metrics.fullname" . }} + volumeClaimTemplates: [] +{{- end }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + app.kubernetes.io/instance: "{{ .Release.Name }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 8 }} +{{- end }} +{{- if .Values.podAnnotations }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8 }} +{{- end }} + spec: + hostNetwork: {{ .Values.hostNetwork }} + serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + runAsGroup: {{ .Values.securityContext.runAsGroup }} + runAsUser: {{ .Values.securityContext.runAsUser }} + runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + containers: + - name: {{ .Chart.Name }} +{{- if .Values.autosharding.enabled }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +{{- end }} + args: +{{ if .Values.extraArgs }} + {{- range .Values.extraArgs }} + - {{ . }} + {{- end }} +{{ end }} +{{ if .Values.collectors.certificatesigningrequests }} + - --collectors=certificatesigningrequests +{{ end }} +{{ if .Values.collectors.configmaps }} + - --collectors=configmaps +{{ end }} +{{ if .Values.collectors.cronjobs }} + - --collectors=cronjobs +{{ end }} +{{ if .Values.collectors.daemonsets }} + - --collectors=daemonsets +{{ end }} +{{ if .Values.collectors.deployments }} + - --collectors=deployments +{{ end }} +{{ if .Values.collectors.endpoints }} + - --collectors=endpoints +{{ end }} +{{ if .Values.collectors.horizontalpodautoscalers }} + - --collectors=horizontalpodautoscalers +{{ end }} +{{ if .Values.collectors.ingresses }} + - --collectors=ingresses +{{ end }} +{{ if .Values.collectors.jobs }} + - --collectors=jobs +{{ end }} +{{ if .Values.collectors.limitranges }} + - --collectors=limitranges +{{ end }} +{{ if .Values.collectors.mutatingwebhookconfigurations }} + - --collectors=mutatingwebhookconfigurations +{{ end }} +{{ if .Values.collectors.namespaces }} + - --collectors=namespaces +{{ end }} +{{ if .Values.collectors.networkpolicies }} + - --collectors=networkpolicies +{{ end }} +{{ if .Values.collectors.nodes }} + - --collectors=nodes +{{ end }} +{{ if .Values.collectors.persistentvolumeclaims }} + - --collectors=persistentvolumeclaims +{{ end }} +{{ if .Values.collectors.persistentvolumes }} + - --collectors=persistentvolumes +{{ end }} +{{ if .Values.collectors.poddisruptionbudgets }} + - --collectors=poddisruptionbudgets +{{ end }} +{{ if .Values.collectors.pods }} + - --collectors=pods +{{ end }} +{{ if .Values.collectors.replicasets }} + - --collectors=replicasets +{{ end }} +{{ if .Values.collectors.replicationcontrollers }} + - --collectors=replicationcontrollers +{{ end }} +{{ if .Values.collectors.resourcequotas }} + - --collectors=resourcequotas +{{ end }} +{{ if .Values.collectors.secrets }} + - --collectors=secrets +{{ end }} +{{ if .Values.collectors.services }} + - --collectors=services +{{ end }} +{{ if .Values.collectors.statefulsets }} + - --collectors=statefulsets +{{ end }} +{{ if .Values.collectors.storageclasses }} + - --collectors=storageclasses +{{ end }} +{{ if .Values.collectors.validatingwebhookconfigurations }} + - --collectors=validatingwebhookconfigurations +{{ end }} +{{ if .Values.collectors.verticalpodautoscalers }} + - --collectors=verticalpodautoscalers +{{ end }} +{{ if .Values.collectors.volumeattachments }} + - --collectors=volumeattachments +{{ end }} +{{ if .Values.namespace }} + - --namespace={{ .Values.namespace | join "," }} +{{ end }} +{{ if .Values.autosharding.enabled }} + - --pod=$(POD_NAME) + - --pod-namespace=$(POD_NAMESPACE) +{{ end }} +{{ if .Values.kubeconfig.enabled }} + - --kubeconfig=/opt/k8s/.kube/config +{{ end }} +{{ if .Values.selfMonitor.telemetryHost }} + - --telemetry-host={{ .Values.selfMonitor.telemetryHost }} +{{ end }} + - --telemetry-port=8081 +{{- if .Values.kubeconfig.enabled }} + volumeMounts: + - name: kubeconfig + mountPath: /opt/k8s/.kube/ + readOnly: true +{{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + ports: + - containerPort: 8080 + livenessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: / + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 +{{- if .Values.resources }} + resources: +{{ toYaml .Values.resources | indent 10 }} +{{- end }} +{{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} +{{- end }} +{{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} +{{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 8 }} +{{- end }} +{{- if .Values.kubeconfig.enabled}} + volumes: + - name: kubeconfig + secret: + secretName: {{ template "kube-state-metrics.fullname" . }}-kubeconfig +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/kubeconfig-secret.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/kubeconfig-secret.yaml new file mode 100755 index 000000000..a7800d7ad --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/kubeconfig-secret.yaml @@ -0,0 +1,15 @@ +{{- if .Values.kubeconfig.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "kube-state-metrics.fullname" . }}-kubeconfig + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" +type: Opaque +data: + config: '{{ .Values.kubeconfig.secret }}' +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/pdb.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/pdb.yaml new file mode 100755 index 000000000..d3ef8104e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/pdb.yaml @@ -0,0 +1,20 @@ +{{- if .Values.podDisruptionBudget -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} +{{ toYaml .Values.podDisruptionBudget | indent 2 }} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/podsecuritypolicy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/podsecuritypolicy.yaml new file mode 100755 index 000000000..e822ba0e7 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/podsecuritypolicy.yaml @@ -0,0 +1,42 @@ +{{- if .Values.podSecurityPolicy.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.podSecurityPolicy.annotations }} + annotations: +{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} +{{- end }} +spec: + privileged: false + volumes: + - 'secret' +{{- if .Values.podSecurityPolicy.additionalVolumes }} +{{ toYaml .Values.podSecurityPolicy.additionalVolumes | indent 4 }} +{{- end }} + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/psp-clusterrole.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/psp-clusterrole.yaml new file mode 100755 index 000000000..217abc950 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/psp-clusterrole.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: psp-{{ template "kube-state-metrics.fullname" . }} +rules: +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} +- apiGroups: ['policy'] +{{- else }} +- apiGroups: ['extensions'] +{{- end }} + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "kube-state-metrics.fullname" . }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml new file mode 100755 index 000000000..feb97f228 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: psp-{{ template "kube-state-metrics.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: psp-{{ template "kube-state-metrics.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/role.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/role.yaml new file mode 100755 index 000000000..6259d2f61 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/role.yaml @@ -0,0 +1,192 @@ +{{- if and (eq $.Values.rbac.create true) (not .Values.rbac.useExistingRole) -}} +{{- if eq .Values.rbac.useClusterRole false }} +{{- range (split "," $.Values.namespace) }} +{{- end }} +{{- end -}} +--- +apiVersion: rbac.authorization.k8s.io/v1 +{{- if eq .Values.rbac.useClusterRole false }} +kind: Role +{{- else }} +kind: ClusterRole +{{- end }} +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" $ }} + helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/instance: {{ $.Release.Name }} + name: {{ template "kube-state-metrics.fullname" $ }} +{{- if eq .Values.rbac.useClusterRole false }} + namespace: {{ . }} +{{- end }} +rules: +{{ if $.Values.collectors.certificatesigningrequests }} +- apiGroups: ["certificates.k8s.io"] + resources: + - certificatesigningrequests + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.configmaps }} +- apiGroups: [""] + resources: + - configmaps + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.cronjobs }} +- apiGroups: ["batch"] + resources: + - cronjobs + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.daemonsets }} +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.deployments }} +- apiGroups: ["extensions", "apps"] + resources: + - deployments + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.endpoints }} +- apiGroups: [""] + resources: + - endpoints + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.horizontalpodautoscalers }} +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.ingresses }} +- apiGroups: ["extensions", "networking.k8s.io"] + resources: + - ingresses + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.jobs }} +- apiGroups: ["batch"] + resources: + - jobs + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.limitranges }} +- apiGroups: [""] + resources: + - limitranges + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.mutatingwebhookconfigurations }} +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - mutatingwebhookconfigurations + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.namespaces }} +- apiGroups: [""] + resources: + - namespaces + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.networkpolicies }} +- apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.nodes }} +- apiGroups: [""] + resources: + - nodes + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.persistentvolumeclaims }} +- apiGroups: [""] + resources: + - persistentvolumeclaims + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.persistentvolumes }} +- apiGroups: [""] + resources: + - persistentvolumes + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.poddisruptionbudgets }} +- apiGroups: ["policy"] + resources: + - poddisruptionbudgets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.pods }} +- apiGroups: [""] + resources: + - pods + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.replicasets }} +- apiGroups: ["extensions", "apps"] + resources: + - replicasets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.replicationcontrollers }} +- apiGroups: [""] + resources: + - replicationcontrollers + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.resourcequotas }} +- apiGroups: [""] + resources: + - resourcequotas + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.secrets }} +- apiGroups: [""] + resources: + - secrets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.services }} +- apiGroups: [""] + resources: + - services + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.statefulsets }} +- apiGroups: ["apps"] + resources: + - statefulsets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.storageclasses }} +- apiGroups: ["storage.k8s.io"] + resources: + - storageclasses + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.validatingwebhookconfigurations }} +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - validatingwebhookconfigurations + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.volumeattachments }} +- apiGroups: ["storage.k8s.io"] + resources: + - volumeattachments + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.verticalpodautoscalers }} +- apiGroups: ["autoscaling.k8s.io"] + resources: + - verticalpodautoscalers + verbs: ["list", "watch"] +{{ end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/rolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/rolebinding.yaml new file mode 100755 index 000000000..732174a33 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/rolebinding.yaml @@ -0,0 +1,27 @@ +{{- if and (eq .Values.rbac.create true) (eq .Values.rbac.useClusterRole false) -}} +{{- range (split "," $.Values.namespace) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" $ }} + helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/instance: {{ $.Release.Name }} + name: {{ template "kube-state-metrics.fullname" $ }} + namespace: {{ . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role +{{- if (not $.Values.rbac.useExistingRole) }} + name: {{ template "kube-state-metrics.fullname" $ }} +{{- else }} + name: {{ $.Values.rbac.useExistingRole }} +{{- end }} +subjects: +- kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" $ }} + namespace: {{ template "kube-state-metrics.namespace" $ }} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/service.yaml new file mode 100755 index 000000000..4f8e4a497 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/service.yaml @@ -0,0 +1,42 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} + annotations: + {{- if .Values.prometheusScrape }} + prometheus.io/scrape: '{{ .Values.prometheusScrape }}' + {{- end }} + {{- if .Values.service.annotations }} + {{- toYaml .Values.service.annotations | nindent 4 }} + {{- end }} +spec: + type: "{{ .Values.service.type }}" + ports: + - name: "http" + protocol: TCP + port: {{ .Values.service.port }} + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + targetPort: 8080 + {{ if .Values.selfMonitor.enabled }} + - name: "metrics" + protocol: TCP + port: {{ .Values.selfMonitor.telemetryPort | default 8081 }} + targetPort: 8081 + {{ end }} +{{- if .Values.service.loadBalancerIP }} + loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" +{{- end }} + selector: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/serviceaccount.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/serviceaccount.yaml new file mode 100755 index 000000000..2e8a1ee38 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/serviceaccount.yaml @@ -0,0 +1,18 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- if .Values.serviceAccount.annotations }} + annotations: +{{ toYaml .Values.serviceAccount.annotations | indent 4 }} +{{- end }} +imagePullSecrets: +{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/servicemonitor.yaml new file mode 100755 index 000000000..7d1cd7aa1 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/servicemonitor.yaml @@ -0,0 +1,34 @@ +{{- if .Values.prometheus.monitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" + {{- if .Values.prometheus.monitor.additionalLabels }} +{{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }} + {{- end }} +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + endpoints: + - port: http + {{- if .Values.prometheus.monitor.honorLabels }} + honorLabels: true + {{- end }} + {{ if .Values.selfMonitor.enabled }} + - port: metrics + {{- if .Values.prometheus.monitor.honorLabels }} + honorLabels: true + {{- end }} + {{ end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/stsdiscovery-role.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/stsdiscovery-role.yaml new file mode 100755 index 000000000..9770b0498 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/stsdiscovery-role.yaml @@ -0,0 +1,29 @@ +{{- if and .Values.autosharding.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resourceNames: + - {{ template "kube-state-metrics.fullname" . }} + resources: + - statefulsets + verbs: + - get + - list + - watch +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml new file mode 100755 index 000000000..6a2e5bfe7 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.autosharding.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/values.yaml new file mode 100755 index 000000000..f64645690 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/values.yaml @@ -0,0 +1,184 @@ +global: + cattle: + systemDefaultRegistry: "" + +# Default values for kube-state-metrics. +prometheusScrape: true +image: + repository: rancher/mirrored-kube-state-metrics-kube-state-metrics + tag: v1.9.8 + pullPolicy: IfNotPresent + +imagePullSecrets: [] +# - name: "image-pull-secret" + +# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data +# will be automatically sharded across <.Values.replicas> pods using the built-in +# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding +# This is an experimental feature and there are no stability guarantees. +autosharding: + enabled: false + +replicas: 1 + +# List of additional cli arguments to configure kube-state-metrics +# for example: --enable-gzip-encoding, --log-file, etc. +# all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/master/docs/cli-arguments.md +extraArgs: [] + +service: + port: 8080 + # Default to clusterIP for backward compatibility + type: ClusterIP + nodePort: 0 + loadBalancerIP: "" + annotations: {} + +customLabels: {} + +hostNetwork: false + +rbac: + # If true, create & use RBAC resources + create: true + + # Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to it, rolename set here. + # useExistingRole: your-existing-role + + # If set to false - Run without Cluteradmin privs needed - ONLY works if namespace is also set (if useExistingRole is set this name is used as ClusterRole or Role to bind to) + useClusterRole: true + +serviceAccount: + # Specifies whether a ServiceAccount should be created, require rbac true + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + # Reference to one or more secrets to be used when pulling images + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + imagePullSecrets: [] + # ServiceAccount annotations. + # Use case: AWS EKS IAM roles for service accounts + # ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html + annotations: {} + +prometheus: + monitor: + enabled: false + additionalLabels: {} + namespace: "" + honorLabels: false + +## Specify if a Pod Security Policy for kube-state-metrics must be created +## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +## +podSecurityPolicy: + enabled: false + annotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + additionalVolumes: [] + +securityContext: + enabled: true + runAsNonRoot: true + runAsGroup: 65534 + runAsUser: 65534 + fsGroup: 65534 + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +nodeSelector: {} + +## Affinity settings for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +affinity: {} + +## Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +# Annotations to be added to the pod +podAnnotations: {} + +## Assign a PriorityClassName to pods if set +# priorityClassName: "" + +# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +podDisruptionBudget: {} + +# Available collectors for kube-state-metrics. By default all available +# collectors are enabled. +collectors: + certificatesigningrequests: true + configmaps: true + cronjobs: true + daemonsets: true + deployments: true + endpoints: true + horizontalpodautoscalers: true + ingresses: true + jobs: true + limitranges: true + mutatingwebhookconfigurations: true + namespaces: true + networkpolicies: true + nodes: true + persistentvolumeclaims: true + persistentvolumes: true + poddisruptionbudgets: true + pods: true + replicasets: true + replicationcontrollers: true + resourcequotas: true + secrets: true + services: true + statefulsets: true + storageclasses: true + validatingwebhookconfigurations: true + verticalpodautoscalers: false + volumeattachments: true + +# Enabling kubeconfig will pass the --kubeconfig argument to the container +kubeconfig: + enabled: false + # base64 encoded kube-config file + secret: + +# Namespace to be enabled for collecting resources. By default all namespaces are collected. +# namespace: "" + +## Override the deployment namespace +## +namespaceOverride: "" + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 64Mi + # requests: + # cpu: 10m + # memory: 32Mi + +## Provide a k8s version to define apiGroups for podSecurityPolicy Cluster Role. +## For example: kubeTargetVersionOverride: 1.14.9 +## +kubeTargetVersionOverride: "" + +# Enable self metrics configuration for service and Service Monitor +# Default values for telemetry configuration can be overriden +selfMonitor: + enabled: false + # telemetryHost: 0.0.0.0 + # telemetryPort: 8081 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/Chart.yaml new file mode 100755 index 000000000..a82ef1d32 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: kubeAdmControllerManager +type: application +version: 0.1.3 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/README.md new file mode 100755 index 000000000..dcecc69da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/README.md @@ -0,0 +1,54 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/_helpers.tpl new file mode 100755 index 000000000..f77b8edf4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/_helpers.tpl @@ -0,0 +1,87 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) .Release.Namespace (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-clients-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-clients-rbac.yaml new file mode 100755 index 000000000..95346dee6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,74 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-clients.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-clients.yaml new file mode 100755 index 000000000..ed78792e5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-clients.yaml @@ -0,0 +1,135 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-proxy-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-proxy-rbac.yaml new file mode 100755 index 000000000..a3509c160 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-proxy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-proxy.yaml new file mode 100755 index 000000000..571e13138 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-servicemonitor.yaml new file mode 100755 index 000000000..2f3d7e54c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + proxyUrl: {{ template "pushProxy.proxyUrl" . }} + {{- if .Values.clients.https.enabled }} + params: + _scheme: [https] + {{- end }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/values.yaml new file mode 100755 index 000000000..e1bcf79a5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/values.yaml @@ -0,0 +1,86 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher1-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher1-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/Chart.yaml new file mode 100755 index 000000000..bfb047ae6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: kubeAdmEtcd +type: application +version: 0.1.3 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/README.md new file mode 100755 index 000000000..dcecc69da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/README.md @@ -0,0 +1,54 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/_helpers.tpl new file mode 100755 index 000000000..f77b8edf4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/_helpers.tpl @@ -0,0 +1,87 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) .Release.Namespace (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-clients-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-clients-rbac.yaml new file mode 100755 index 000000000..95346dee6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,74 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-clients.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-clients.yaml new file mode 100755 index 000000000..ed78792e5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-clients.yaml @@ -0,0 +1,135 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-proxy-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-proxy-rbac.yaml new file mode 100755 index 000000000..a3509c160 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-proxy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-proxy.yaml new file mode 100755 index 000000000..571e13138 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-servicemonitor.yaml new file mode 100755 index 000000000..2f3d7e54c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + proxyUrl: {{ template "pushProxy.proxyUrl" . }} + {{- if .Values.clients.https.enabled }} + params: + _scheme: [https] + {{- end }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/values.yaml new file mode 100755 index 000000000..e1bcf79a5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/values.yaml @@ -0,0 +1,86 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher1-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher1-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/Chart.yaml new file mode 100755 index 000000000..ffe9ae70c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: kubeAdmProxy +type: application +version: 0.1.3 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/README.md new file mode 100755 index 000000000..dcecc69da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/README.md @@ -0,0 +1,54 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/_helpers.tpl new file mode 100755 index 000000000..f77b8edf4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/_helpers.tpl @@ -0,0 +1,87 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) .Release.Namespace (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-clients-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-clients-rbac.yaml new file mode 100755 index 000000000..95346dee6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,74 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-clients.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-clients.yaml new file mode 100755 index 000000000..ed78792e5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-clients.yaml @@ -0,0 +1,135 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-proxy-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-proxy-rbac.yaml new file mode 100755 index 000000000..a3509c160 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-proxy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-proxy.yaml new file mode 100755 index 000000000..571e13138 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-servicemonitor.yaml new file mode 100755 index 000000000..2f3d7e54c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + proxyUrl: {{ template "pushProxy.proxyUrl" . }} + {{- if .Values.clients.https.enabled }} + params: + _scheme: [https] + {{- end }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/values.yaml new file mode 100755 index 000000000..e1bcf79a5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/values.yaml @@ -0,0 +1,86 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher1-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher1-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/Chart.yaml new file mode 100755 index 000000000..794197de1 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: kubeAdmScheduler +type: application +version: 0.1.3 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/README.md new file mode 100755 index 000000000..dcecc69da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/README.md @@ -0,0 +1,54 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/_helpers.tpl new file mode 100755 index 000000000..f77b8edf4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/_helpers.tpl @@ -0,0 +1,87 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) .Release.Namespace (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-clients-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-clients-rbac.yaml new file mode 100755 index 000000000..95346dee6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,74 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-clients.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-clients.yaml new file mode 100755 index 000000000..ed78792e5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-clients.yaml @@ -0,0 +1,135 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-proxy-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-proxy-rbac.yaml new file mode 100755 index 000000000..a3509c160 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-proxy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-proxy.yaml new file mode 100755 index 000000000..571e13138 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-servicemonitor.yaml new file mode 100755 index 000000000..2f3d7e54c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + proxyUrl: {{ template "pushProxy.proxyUrl" . }} + {{- if .Values.clients.https.enabled }} + params: + _scheme: [https] + {{- end }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/values.yaml new file mode 100755 index 000000000..e1bcf79a5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/values.yaml @@ -0,0 +1,86 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher1-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher1-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/.helmignore new file mode 100755 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/Chart.yaml new file mode 100755 index 000000000..194f0877b --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/Chart.yaml @@ -0,0 +1,26 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-prometheus-adapter +apiVersion: v1 +appVersion: v0.8.3 +description: A Helm chart for k8s prometheus adapter +home: https://github.com/DirectXMan12/k8s-prometheus-adapter +keywords: +- hpa +- metrics +- prometheus +- adapter +maintainers: +- email: mattias.gees@jetstack.io + name: mattiasgees +- name: steven-sheehy +- email: hfernandez@mesosphere.com + name: hectorj2f +name: prometheus-adapter +sources: +- https://github.com/kubernetes/charts +- https://github.com/DirectXMan12/k8s-prometheus-adapter +version: 2.12.1 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/README.md new file mode 100755 index 000000000..1fe1fad66 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/README.md @@ -0,0 +1,147 @@ +# Prometheus Adapter + +Installs the [Prometheus Adapter](https://github.com/DirectXMan12/k8s-prometheus-adapter) for the Custom Metrics API. Custom metrics are used in Kubernetes by [Horizontal Pod Autoscalers](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) to scale workloads based upon your own metric pulled from an external metrics provider like Prometheus. This chart complements the [metrics-server](https://github.com/helm/charts/tree/master/stable/metrics-server) chart that provides resource only metrics. + +## Prerequisites + +Kubernetes 1.14+ + +## Get Repo Info + +```console +helm repo add prometheus-community https://prometheus-community.github.io/helm-charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Install Chart + +```console +# Helm 3 +$ helm install [RELEASE_NAME] prometheus-community/prometheus-adapter + +# Helm 2 +$ helm install --name [RELEASE_NAME] prometheus-community/prometheus-adapter +``` + +_See [configuration](#configuration) below._ + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +## Uninstall Chart + +```console +# Helm 3 +$ helm uninstall [RELEASE_NAME] + +# Helm 2 +# helm delete --purge [RELEASE_NAME] +``` + +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ + +## Upgrading Chart + +```console +# Helm 3 or 2 +$ helm upgrade [RELEASE_NAME] [CHART] --install +``` + +_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ + +## Configuration + +See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands: + +```console +# Helm 2 +$ helm inspect values prometheus-community/prometheus-adapter + +# Helm 3 +$ helm show values prometheus-community/prometheus-adapter +``` + +### Prometheus Service Endpoint + +To use the chart, ensure the `prometheus.url` and `prometheus.port` are configured with the correct Prometheus service endpoint. If Prometheus is exposed under HTTPS the host's CA Bundle must be exposed to the container using `extraVolumes` and `extraVolumeMounts`. + +### Adapter Rules + +Additionally, the chart comes with a set of default rules out of the box but they may pull in too many metrics or not map them correctly for your needs. Therefore, it is recommended to populate `rules.custom` with a list of rules (see the [config document](https://github.com/DirectXMan12/k8s-prometheus-adapter/blob/master/docs/config.md) for the proper format). + +### Horizontal Pod Autoscaler Metrics + +Finally, to configure your Horizontal Pod Autoscaler to use the custom metric, see the custom metrics section of the [HPA walkthrough](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#autoscaling-on-multiple-metrics-and-custom-metrics). + +The Prometheus Adapter can serve three different [metrics APIs](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-metrics-apis): + +### Custom Metrics + +Enabling this option will cause custom metrics to be served at `/apis/custom.metrics.k8s.io/v1beta1`. Enabled by default when `rules.default` is true, but can be customized by populating `rules.custom`: + +```yaml +rules: + custom: + - seriesQuery: '{__name__=~"^some_metric_count$"}' + resources: + template: <<.Resource>> + name: + matches: "" + as: "my_custom_metric" + metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>) +``` + +### External Metrics + +Enabling this option will cause external metrics to be served at `/apis/external.metrics.k8s.io/v1beta1`. Can be enabled by populating `rules.external`: + +```yaml +rules: + external: + - seriesQuery: '{__name__=~"^some_metric_count$"}' + resources: + template: <<.Resource>> + name: + matches: "" + as: "my_external_metric" + metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>) +``` + +### Resource Metrics + +Enabling this option will cause resource metrics to be served at `/apis/metrics.k8s.io/v1beta1`. Resource metrics will allow pod CPU and Memory metrics to be used in [Horizontal Pod Autoscalers](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) as well as the `kubectl top` command. Can be enabled by populating `rules.resource`: + +```yaml +rules: + resource: + cpu: + containerQuery: sum(rate(container_cpu_usage_seconds_total{<<.LabelMatchers>>}[3m])) by (<<.GroupBy>>) + nodeQuery: sum(rate(container_cpu_usage_seconds_total{<<.LabelMatchers>>, id='/'}[3m])) by (<<.GroupBy>>) + resources: + overrides: + instance: + resource: node + namespace: + resource: namespace + pod: + resource: pod + containerLabel: container + memory: + containerQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>}) by (<<.GroupBy>>) + nodeQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>,id='/'}) by (<<.GroupBy>>) + resources: + overrides: + instance: + resource: node + namespace: + resource: namespace + pod: + resource: pod + containerLabel: container + window: 3m +``` + +**NOTE:** Setting a value for `rules.resource` will also deploy the resource metrics API service, providing the same functionality as [metrics-server](https://github.com/helm/charts/tree/master/stable/metrics-server). As such it is not possible to deploy them both in the same cluster. diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/NOTES.txt b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/NOTES.txt new file mode 100755 index 000000000..b7b9b9932 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/NOTES.txt @@ -0,0 +1,9 @@ +{{ template "k8s-prometheus-adapter.fullname" . }} has been deployed. +In a few minutes you should be able to list metrics using the following command(s): +{{ if .Values.rules.resource }} + kubectl get --raw /apis/metrics.k8s.io/v1beta1 +{{- end }} + kubectl get --raw /apis/custom.metrics.k8s.io/v1beta1 +{{ if .Values.rules.external }} + kubectl get --raw /apis/external.metrics.k8s.io/v1beta1 +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/_helpers.tpl new file mode 100755 index 000000000..35c38b621 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/_helpers.tpl @@ -0,0 +1,72 @@ +# Rancher +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "k8s-prometheus-adapter.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "k8s-prometheus-adapter.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "k8s-prometheus-adapter.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "k8s-prometheus-adapter.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "k8s-prometheus-adapter.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/certmanager.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/certmanager.yaml new file mode 100755 index 000000000..7999e3c21 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/certmanager.yaml @@ -0,0 +1,48 @@ +{{- if .Values.certManager.enabled -}} +--- +# Create a selfsigned Issuer, in order to create a root CA certificate for +# signing webhook serving certificates +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ template "k8s-prometheus-adapter.fullname" . }}-self-signed-issuer +spec: + selfSigned: {} +--- +# Generate a CA Certificate used to sign certificates for the webhook +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ template "k8s-prometheus-adapter.fullname" . }}-root-cert +spec: + secretName: {{ template "k8s-prometheus-adapter.fullname" . }}-root-cert + duration: {{ .Values.certManager.caCertDuration }} + issuerRef: + name: {{ template "k8s-prometheus-adapter.fullname" . }}-self-signed-issuer + commonName: "ca.webhook.prometheus-adapter" + isCA: true +--- +# Create an Issuer that uses the above generated CA certificate to issue certs +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ template "k8s-prometheus-adapter.fullname" . }}-root-issuer +spec: + ca: + secretName: {{ template "k8s-prometheus-adapter.fullname" . }}-root-cert +--- +# Finally, generate a serving certificate for the apiservices to use +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ template "k8s-prometheus-adapter.fullname" . }}-cert +spec: + secretName: {{ template "k8s-prometheus-adapter.fullname" . }} + duration: {{ .Values.certManager.certDuration }} + issuerRef: + name: {{ template "k8s-prometheus-adapter.fullname" . }}-root-issuer + dnsNames: + - {{ template "k8s-prometheus-adapter.fullname" . }} + - {{ template "k8s-prometheus-adapter.fullname" . }}.{{ .Release.Namespace }} + - {{ template "k8s-prometheus-adapter.fullname" . }}.{{ .Release.Namespace }}.svc +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/cluster-role-binding-auth-delegator.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/cluster-role-binding-auth-delegator.yaml new file mode 100755 index 000000000..2bc9eb740 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/cluster-role-binding-auth-delegator.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-system-auth-delegator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- kind: ServiceAccount + name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/cluster-role-binding-resource-reader.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/cluster-role-binding-resource-reader.yaml new file mode 100755 index 000000000..ec7e5e476 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/cluster-role-binding-resource-reader.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-resource-reader +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "k8s-prometheus-adapter.name" . }}-resource-reader +subjects: +- kind: ServiceAccount + name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/cluster-role-resource-reader.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/cluster-role-resource-reader.yaml new file mode 100755 index 000000000..319460a33 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/cluster-role-resource-reader.yaml @@ -0,0 +1,23 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-resource-reader +rules: +- apiGroups: + - "" + resources: + - namespaces + - pods + - services + - configmaps + verbs: + - get + - list + - watch +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/configmap.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/configmap.yaml new file mode 100755 index 000000000..fbc155dc8 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/configmap.yaml @@ -0,0 +1,96 @@ +{{- if not .Values.rules.existing -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "k8s-prometheus-adapter.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + config.yaml: | +{{- if or .Values.rules.default .Values.rules.custom }} + rules: +{{- if .Values.rules.default }} + - seriesQuery: '{__name__=~"^container_.*",container!="POD",namespace!="",pod!=""}' + seriesFilters: [] + resources: + overrides: + namespace: + resource: namespace + pod: + resource: pod + name: + matches: ^container_(.*)_seconds_total$ + as: "" + metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>,container!="POD"}[5m])) + by (<<.GroupBy>>) + - seriesQuery: '{__name__=~"^container_.*",container!="POD",namespace!="",pod!=""}' + seriesFilters: + - isNot: ^container_.*_seconds_total$ + resources: + overrides: + namespace: + resource: namespace + pod: + resource: pod + name: + matches: ^container_(.*)_total$ + as: "" + metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>,container!="POD"}[5m])) + by (<<.GroupBy>>) + - seriesQuery: '{__name__=~"^container_.*",container!="POD",namespace!="",pod!=""}' + seriesFilters: + - isNot: ^container_.*_total$ + resources: + overrides: + namespace: + resource: namespace + pod: + resource: pod + name: + matches: ^container_(.*)$ + as: "" + metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>,container!="POD"}) by (<<.GroupBy>>) + - seriesQuery: '{namespace!="",__name__!~"^container_.*"}' + seriesFilters: + - isNot: .*_total$ + resources: + template: <<.Resource>> + name: + matches: "" + as: "" + metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>) + - seriesQuery: '{namespace!="",__name__!~"^container_.*"}' + seriesFilters: + - isNot: .*_seconds_total + resources: + template: <<.Resource>> + name: + matches: ^(.*)_total$ + as: "" + metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>}[5m])) by (<<.GroupBy>>) + - seriesQuery: '{namespace!="",__name__!~"^container_.*"}' + seriesFilters: [] + resources: + template: <<.Resource>> + name: + matches: ^(.*)_seconds_total$ + as: "" + metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>}[5m])) by (<<.GroupBy>>) +{{- end -}} +{{- if .Values.rules.custom }} +{{ toYaml .Values.rules.custom | indent 4 }} +{{- end -}} +{{- end -}} +{{- if .Values.rules.external }} + externalRules: +{{ toYaml .Values.rules.external | indent 4 }} +{{- end -}} +{{- if .Values.rules.resource }} + resourceRules: +{{ toYaml .Values.rules.resource | indent 6 }} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml new file mode 100755 index 000000000..9bc1cbda1 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml @@ -0,0 +1,32 @@ +{{- if or .Values.rules.default .Values.rules.custom }} +{{- if .Capabilities.APIVersions.Has "apiregistration.k8s.io/v1" }} +apiVersion: apiregistration.k8s.io/v1 +{{- else }} +apiVersion: apiregistration.k8s.io/v1beta1 +{{- end }} +kind: APIService +metadata: +{{- if .Values.certManager.enabled }} + annotations: + certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "k8s-prometheus-adapter.fullname" .) | quote }} + cert-manager.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "k8s-prometheus-adapter.fullname" .) | quote }} +{{- end }} + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: v1beta1.custom.metrics.k8s.io +spec: + service: + name: {{ template "k8s-prometheus-adapter.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + {{- if .Values.tls.enable }} + caBundle: {{ b64enc .Values.tls.ca }} + {{- end }} + group: custom.metrics.k8s.io + version: v1beta1 + insecureSkipTLSVerify: {{ if or .Values.tls.enable .Values.certManager.enabled }}false{{ else }}true{{ end }} + groupPriorityMinimum: 100 + versionPriority: 100 +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/custom-metrics-cluster-role-binding-hpa.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/custom-metrics-cluster-role-binding-hpa.yaml new file mode 100755 index 000000000..93ade6f8f --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/custom-metrics-cluster-role-binding-hpa.yaml @@ -0,0 +1,23 @@ +{{- /* +This if must be aligned with custom-metrics-cluster-role.yaml +as otherwise this binding will point to not existing role. +*/ -}} +{{- if and .Values.rbac.create (or .Values.rules.default .Values.rules.custom) -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-hpa-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "k8s-prometheus-adapter.name" . }}-server-resources +subjects: +- kind: ServiceAccount + name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml new file mode 100755 index 000000000..33daf7113 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.rbac.create (or .Values.rules.default .Values.rules.custom) -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-server-resources +rules: +- apiGroups: + - custom.metrics.k8s.io + resources: ["*"] + verbs: ["*"] +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/deployment.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/deployment.yaml new file mode 100755 index 000000000..43fb65dc8 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/deployment.yaml @@ -0,0 +1,135 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ template "k8s-prometheus-adapter.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- with .Values.podLabels }} + {{- toYaml . | trim | nindent 8 }} + {{- end }} + name: {{ template "k8s-prometheus-adapter.name" . }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} + {{- toYaml . | trim | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} + {{- if .Values.hostNetwork.enabled }} + hostNetwork: true + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy }} + {{- end}} + containers: + - name: {{ .Chart.Name }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - /adapter + - --secure-port={{ .Values.listenPort }} + {{- if or .Values.tls.enable .Values.certManager.enabled }} + - --tls-cert-file=/var/run/serving-cert/tls.crt + - --tls-private-key-file=/var/run/serving-cert/tls.key + {{- end }} + - --cert-dir=/tmp/cert + - --logtostderr=true + - --prometheus-url={{ tpl .Values.prometheus.url . }}{{ if .Values.prometheus.port }}:{{ .Values.prometheus.port }}{{end}}{{ .Values.prometheus.path }} + - --metrics-relist-interval={{ .Values.metricsRelistInterval }} + - --v={{ .Values.logLevel }} + - --config=/etc/adapter/config.yaml + {{- if .Values.extraArguments }} + {{- toYaml .Values.extraArguments | trim | nindent 8 }} + {{- end }} + ports: + - containerPort: {{ .Values.listenPort }} + name: https + livenessProbe: + httpGet: + path: /healthz + port: https + scheme: HTTPS + initialDelaySeconds: 30 + readinessProbe: + httpGet: + path: /healthz + port: https + scheme: HTTPS + initialDelaySeconds: 30 + {{- if .Values.resources }} + resources: + {{- toYaml .Values.resources | nindent 10 }} + {{- end }} + {{- with .Values.dnsConfig }} + dnsConfig: + {{ toYaml . | indent 8 }} + {{- end }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["all"] + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 10001 + volumeMounts: + {{- if .Values.extraVolumeMounts }} + {{ toYaml .Values.extraVolumeMounts | trim | nindent 8 }} + {{ end }} + - mountPath: /etc/adapter/ + name: config + readOnly: true + - mountPath: /tmp + name: tmp + {{- if or .Values.tls.enable .Values.certManager.enabled }} + - mountPath: /var/run/serving-cert + name: volume-serving-cert + readOnly: true + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.nodeSelector }} +{{- toYaml .Values.nodeSelector | nindent 8 }} +{{- end }} + affinity: + {{- toYaml .Values.affinity | nindent 8 }} + priorityClassName: {{ .Values.priorityClassName }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.tolerations }} +{{- toYaml .Values.tolerations | nindent 8 }} +{{- end }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + volumes: + {{- if .Values.extraVolumes }} + {{ toYaml .Values.extraVolumes | trim | nindent 6 }} + {{ end }} + - name: config + configMap: + name: {{ .Values.rules.existing | default (include "k8s-prometheus-adapter.fullname" . ) }} + - name: tmp + emptyDir: {} + {{- if or .Values.tls.enable .Values.certManager.enabled }} + - name: volume-serving-cert + secret: + secretName: {{ template "k8s-prometheus-adapter.fullname" . }} + {{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml new file mode 100755 index 000000000..035f24694 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml @@ -0,0 +1,32 @@ +{{- if .Values.rules.external }} +{{- if .Capabilities.APIVersions.Has "apiregistration.k8s.io/v1" }} +apiVersion: apiregistration.k8s.io/v1 +{{- else }} +apiVersion: apiregistration.k8s.io/v1beta1 +{{- end }} +kind: APIService +metadata: +{{- if .Values.certManager.enabled }} + annotations: + certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "k8s-prometheus-adapter.fullname" .) | quote }} + cert-manager.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "k8s-prometheus-adapter.fullname" .) | quote }} +{{- end }} + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: v1beta1.external.metrics.k8s.io +spec: + service: + name: {{ template "k8s-prometheus-adapter.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + {{- if .Values.tls.enable }} + caBundle: {{ b64enc .Values.tls.ca }} + {{- end }} + group: external.metrics.k8s.io + version: v1beta1 + insecureSkipTLSVerify: {{ if or .Values.tls.enable .Values.certManager.enabled }}false{{ else }}true{{ end }} + groupPriorityMinimum: 100 + versionPriority: 100 +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/external-metrics-cluster-role-binding-hpa.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/external-metrics-cluster-role-binding-hpa.yaml new file mode 100755 index 000000000..0776029af --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/external-metrics-cluster-role-binding-hpa.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.rbac.create .Values.rules.external -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-hpa-controller-external-metrics +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "k8s-prometheus-adapter.name" . }}-external-metrics +subjects: +- kind: ServiceAccount + name: horizontal-pod-autoscaler + namespace: kube-system +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml new file mode 100755 index 000000000..4adbd6537 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.rbac.create .Values.rules.external -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-external-metrics +rules: +- apiGroups: + - "external.metrics.k8s.io" + resources: + - "*" + verbs: + - list + - get + - watch +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/pdb.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/pdb.yaml new file mode 100755 index 000000000..b70309f6f --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/pdb.yaml @@ -0,0 +1,22 @@ +{{- if .Values.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "k8s-prometheus-adapter.fullname" . }} + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + {{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: + app: {{ template "k8s-prometheus-adapter.name" . }} + release: {{ .Release.Name }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/psp.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/psp.yaml new file mode 100755 index 000000000..a88c9c2f2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/psp.yaml @@ -0,0 +1,68 @@ +{{- if .Values.psp.create -}} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "k8s-prometheus-adapter.fullname" . }} + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + {{- if .Values.hostNetwork.enabled }} + hostNetwork: true + {{- end }} + fsGroup: + rule: RunAsAny + runAsGroup: + rule: RunAsAny + runAsUser: + rule: MustRunAs + ranges: + - min: 1024 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - secret + - emptyDir + - configMap +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-psp +rules: +- apiGroups: + - 'policy' + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "k8s-prometheus-adapter.fullname" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-psp +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "k8s-prometheus-adapter.name" . }}-psp +subjects: +- kind: ServiceAccount + name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml new file mode 100755 index 000000000..ab75b2f6c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml @@ -0,0 +1,32 @@ +{{- if .Values.rules.resource}} +{{- if .Capabilities.APIVersions.Has "apiregistration.k8s.io/v1" }} +apiVersion: apiregistration.k8s.io/v1 +{{- else }} +apiVersion: apiregistration.k8s.io/v1beta1 +{{- end }} +kind: APIService +metadata: +{{- if .Values.certManager.enabled }} + annotations: + certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "k8s-prometheus-adapter.fullname" .) | quote }} + cert-manager.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "k8s-prometheus-adapter.fullname" .) | quote }} +{{- end }} + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: v1beta1.metrics.k8s.io +spec: + service: + name: {{ template "k8s-prometheus-adapter.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + {{- if .Values.tls.enable }} + caBundle: {{ b64enc .Values.tls.ca }} + {{- end }} + group: metrics.k8s.io + version: v1beta1 + insecureSkipTLSVerify: {{ if or .Values.tls.enable .Values.certManager.enabled }}false{{ else }}true{{ end }} + groupPriorityMinimum: 100 + versionPriority: 100 +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml new file mode 100755 index 000000000..0534af11e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.rbac.create .Values.rules.resource -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-hpa-controller-metrics +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "k8s-prometheus-adapter.name" . }}-metrics +subjects: +- kind: ServiceAccount + name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml new file mode 100755 index 000000000..01a307d69 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.rbac.create .Values.rules.resource -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-metrics +rules: +- apiGroups: + - "" + resources: + - pods + - nodes + - nodes/stats + verbs: + - get + - list + - watch +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/role-binding-auth-reader.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/role-binding-auth-reader.yaml new file mode 100755 index 000000000..60f18f2b3 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/role-binding-auth-reader.yaml @@ -0,0 +1,20 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-auth-reader + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: +- kind: ServiceAccount + name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/secret.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/secret.yaml new file mode 100755 index 000000000..38e7cb624 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/secret.yaml @@ -0,0 +1,15 @@ +{{- if .Values.tls.enable -}} +apiVersion: v1 +kind: Secret +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.fullname" . }} +type: kubernetes.io/tls +data: + tls.crt: {{ b64enc .Values.tls.certificate }} + tls.key: {{ b64enc .Values.tls.key }} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/service.yaml new file mode 100755 index 000000000..6bccda911 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/service.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: +{{ toYaml .Values.service.annotations | indent 4 }} + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + ports: + - port: {{ .Values.service.port }} + protocol: TCP + targetPort: https + selector: + app: {{ template "k8s-prometheus-adapter.name" . }} + release: {{ .Release.Name }} + type: {{ .Values.service.type }} + diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/serviceaccount.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/serviceaccount.yaml new file mode 100755 index 000000000..42ef0267e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/values.yaml new file mode 100755 index 000000000..d9108cb9a --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/values.yaml @@ -0,0 +1,180 @@ +# Default values for k8s-prometheus-adapter.. +global: + cattle: + systemDefaultRegistry: "" + +affinity: {} + +image: + repository: rancher/mirrored-directxman12-k8s-prometheus-adapter + tag: v0.8.3 + pullPolicy: IfNotPresent + +logLevel: 4 + +metricsRelistInterval: 1m + +listenPort: 6443 + +nodeSelector: {} + +priorityClassName: "" + +# Url to access prometheus +prometheus: + # Value is templated + url: http://prometheus.default.svc + port: 9090 + path: "" + +replicas: 1 + +rbac: + # Specifies whether RBAC resources should be created + create: true + +psp: + # Specifies whether PSP resources should be created + create: false + +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: +# Custom DNS configuration to be added to prometheus-adapter pods +dnsConfig: {} +# nameservers: +# - 1.2.3.4 +# searches: +# - ns1.svc.cluster-domain.example +# - my.dns.search.suffix +# options: +# - name: ndots +# value: "2" +# - name: edns0 +resources: {} + # requests: + # cpu: 100m + # memory: 128Mi + # limits: + # cpu: 100m + # memory: 128Mi + +rules: + default: true + custom: [] +# - seriesQuery: '{__name__=~"^some_metric_count$"}' +# resources: +# template: <<.Resource>> +# name: +# matches: "" +# as: "my_custom_metric" +# metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>) + # Mounts a configMap with pre-generated rules for use. Overrides the + # default, custom, external and resource entries + existing: + external: [] +# - seriesQuery: '{__name__=~"^some_metric_count$"}' +# resources: +# template: <<.Resource>> +# name: +# matches: "" +# as: "my_external_metric" +# metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>) + resource: {} +# cpu: +# containerQuery: sum(rate(container_cpu_usage_seconds_total{<<.LabelMatchers>>}[3m])) by (<<.GroupBy>>) +# nodeQuery: sum(rate(container_cpu_usage_seconds_total{<<.LabelMatchers>>, id='/'}[3m])) by (<<.GroupBy>>) +# resources: +# overrides: +# instance: +# resource: node +# namespace: +# resource: namespace +# pod: +# resource: pod +# containerLabel: container +# memory: +# containerQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>}) by (<<.GroupBy>>) +# nodeQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>,id='/'}) by (<<.GroupBy>>) +# resources: +# overrides: +# instance: +# resource: node +# namespace: +# resource: namespace +# pod: +# resource: pod +# containerLabel: container +# window: 3m + +service: + annotations: {} + port: 443 + type: ClusterIP + +tls: + enable: false + ca: |- + # Public CA file that signed the APIService + key: |- + # Private key of the APIService + certificate: |- + # Public key of the APIService + +# Any extra arguments +extraArguments: [] + # - --tls-private-key-file=/etc/tls/tls.key + # - --tls-cert-file=/etc/tls/tls.crt + +# Any extra volumes +extraVolumes: [] + # - name: example-name + # hostPath: + # path: /path/on/host + # type: DirectoryOrCreate + # - name: ssl-certs + # hostPath: + # path: /etc/ssl/certs/ca-bundle.crt + # type: File + +# Any extra volume mounts +extraVolumeMounts: [] + # - name: example-name + # mountPath: /path/in/container + # - name: ssl-certs + # mountPath: /etc/ssl/certs/ca-certificates.crt + # readOnly: true + +tolerations: [] + +# Labels added to the pod +podLabels: {} + +# Annotations added to the pod +podAnnotations: {} + +hostNetwork: + # Specifies if prometheus-adapter should be started in hostNetwork mode. + # + # You would require this enabled if you use alternate overlay networking for pods and + # API server unable to communicate with metrics-server. As an example, this is required + # if you use Weave network on EKS. See also dnsPolicy + enabled: false + +# When hostNetwork is enabled, you probably want to set this to ClusterFirstWithHostNet +# dnsPolicy: ClusterFirstWithHostNet + +podDisruptionBudget: + # Specifies if PodDisruptionBudget should be enabled + # When enabled, minAvailable or maxUnavailable should also be defined. + enabled: false + minAvailable: + maxUnavailable: 1 + +certManager: + enabled: false + caCertDuration: 43800h + certDuration: 8760h diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/.helmignore new file mode 100755 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/Chart.yaml new file mode 100755 index 000000000..887a6d5da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-node-exporter +apiVersion: v1 +appVersion: 1.1.2 +description: A Helm chart for prometheus node-exporter +home: https://github.com/prometheus/node_exporter/ +keywords: +- node-exporter +- prometheus +- exporter +maintainers: +- email: gianrubio@gmail.com + name: gianrubio +- name: vsliouniaev +- name: bismarck +name: prometheus-node-exporter +sources: +- https://github.com/prometheus/node_exporter/ +version: 1.16.2 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/README.md new file mode 100755 index 000000000..babde05e0 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/README.md @@ -0,0 +1,63 @@ +# Prometheus Node Exporter + +Prometheus exporter for hardware and OS metrics exposed by *NIX kernels, written in Go with pluggable metric collectors. + +This chart bootstraps a prometheus [Node Exporter](http://github.com/prometheus/node_exporter) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Get Repo Info + +```console +helm repo add prometheus-community https://prometheus-community.github.io/helm-charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Install Chart + +```console +# Helm 3 +$ helm install [RELEASE_NAME] prometheus-community/prometheus-node-exporter + +# Helm 2 +$ helm install --name [RELEASE_NAME] prometheus-community/prometheus-node-exporter +``` + +_See [configuration](#configuration) below._ + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +## Uninstall Chart + +```console +# Helm 3 +$ helm uninstall [RELEASE_NAME] + +# Helm 2 +# helm delete --purge [RELEASE_NAME] +``` + +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ + +## Upgrading Chart + +```console +# Helm 3 or 2 +$ helm upgrade [RELEASE_NAME] [CHART] --install +``` + +_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ + +## Configuring + +See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands: + +```console +# Helm 2 +$ helm inspect values prometheus-community/prometheus-node-exporter + +# Helm 3 +$ helm show values prometheus-community/prometheus-node-exporter +``` diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/NOTES.txt b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/NOTES.txt new file mode 100755 index 000000000..dc272fa99 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/NOTES.txt @@ -0,0 +1,15 @@ +1. Get the application URL by running these commands: +{{- if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ template "prometheus-node-exporter.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus-node-exporter.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ template "prometheus-node-exporter.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ template "prometheus-node-exporter.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ template "prometheus-node-exporter.namespace" . }} {{ template "prometheus-node-exporter.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ template "prometheus-node-exporter.namespace" . }} -l "app={{ template "prometheus-node-exporter.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:9100 to use your application" + kubectl port-forward --namespace {{ template "prometheus-node-exporter.namespace" . }} $POD_NAME 9100 +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/_helpers.tpl new file mode 100755 index 000000000..9fd0d600b --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/_helpers.tpl @@ -0,0 +1,95 @@ +# Rancher +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "prometheus-node-exporter.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "prometheus-node-exporter.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* Generate basic labels */}} +{{- define "prometheus-node-exporter.labels" }} +app: {{ template "prometheus-node-exporter.name" . }} +heritage: {{.Release.Service }} +release: {{.Release.Name }} +chart: {{ template "prometheus-node-exporter.chart" . }} +{{- if .Values.podLabels}} +{{ toYaml .Values.podLabels }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "prometheus-node-exporter.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{/* +Create the name of the service account to use +*/}} +{{- define "prometheus-node-exporter.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "prometheus-node-exporter.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "prometheus-node-exporter.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/daemonset.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/daemonset.yaml new file mode 100755 index 000000000..a3a1bc885 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/daemonset.yaml @@ -0,0 +1,183 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "prometheus-node-exporter.fullname" . }} + namespace: {{ template "prometheus-node-exporter.namespace" . }} + labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} +spec: + selector: + matchLabels: + app: {{ template "prometheus-node-exporter.name" . }} + release: {{ .Release.Name }} + {{- if .Values.updateStrategy }} + updateStrategy: +{{ toYaml .Values.updateStrategy | indent 4 }} + {{- end }} + template: + metadata: + labels: {{ include "prometheus-node-exporter.labels" . | indent 8 }} + {{- if .Values.podAnnotations }} + annotations: + {{- toYaml .Values.podAnnotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "prometheus-node-exporter.serviceAccountName" . }} +{{- if .Values.securityContext }} + securityContext: +{{ toYaml .Values.securityContext | indent 8 }} +{{- end }} +{{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} +{{- end }} + containers: + - name: node-exporter + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - --path.procfs=/host/proc + - --path.sysfs=/host/sys + {{- if .Values.hostRootFsMount }} + - --path.rootfs=/host/root + {{- end }} + - --web.listen-address=$(HOST_IP):{{ .Values.service.port }} +{{- if .Values.extraArgs }} +{{ toYaml .Values.extraArgs | indent 12 }} +{{- end }} + {{- with .Values.containerSecurityContext }} + securityContext: {{ toYaml . | nindent 12 }} + {{- end }} + env: + - name: HOST_IP + {{- if .Values.service.listenOnAllInterfaces }} + value: 0.0.0.0 + {{- else }} + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.service.port }} + protocol: TCP + livenessProbe: + httpGet: + path: / + port: {{ .Values.service.port }} + readinessProbe: + httpGet: + path: / + port: {{ .Values.service.port }} + resources: +{{ toYaml .Values.resources | indent 12 }} + volumeMounts: + - name: proc + mountPath: /host/proc + readOnly: true + - name: sys + mountPath: /host/sys + readOnly: true + {{- if .Values.hostRootFsMount }} + - name: root + mountPath: /host/root + mountPropagation: HostToContainer + readOnly: true + {{- end }} + {{- if .Values.extraHostVolumeMounts }} + {{- range $_, $mount := .Values.extraHostVolumeMounts }} + - name: {{ $mount.name }} + mountPath: {{ $mount.mountPath }} + readOnly: {{ $mount.readOnly }} + {{- if $mount.mountPropagation }} + mountPropagation: {{ $mount.mountPropagation }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.sidecarVolumeMount }} + {{- range $_, $mount := .Values.sidecarVolumeMount }} + - name: {{ $mount.name }} + mountPath: {{ $mount.mountPath }} + readOnly: true + {{- end }} + {{- end }} + {{- if .Values.configmaps }} + {{- range $_, $mount := .Values.configmaps }} + - name: {{ $mount.name }} + mountPath: {{ $mount.mountPath }} + {{- end }} + {{- if .Values.secrets }} + {{- range $_, $mount := .Values.secrets }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + {{- end }} + {{- end }} + {{- end }} +{{- if .Values.sidecars }} +{{ toYaml .Values.sidecars | indent 8 }} + {{- if .Values.sidecarVolumeMount }} + volumeMounts: + {{- range $_, $mount := .Values.sidecarVolumeMount }} + - name: {{ $mount.name }} + mountPath: {{ $mount.mountPath }} + readOnly: {{ $mount.readOnly }} + {{- end }} + {{- end }} +{{- end }} + hostNetwork: {{ .Values.hostNetwork }} + hostPID: true +{{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} +{{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- with .Values.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} +{{- end }} +{{- if .Values.nodeSelector }} +{{- toYaml .Values.Selector | nindent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.tolerations }} +{{- toYaml .Values.tolerations | nindent 8 }} +{{- end }} + volumes: + - name: proc + hostPath: + path: /proc + - name: sys + hostPath: + path: /sys + {{- if .Values.hostRootFsMount }} + - name: root + hostPath: + path: / + {{- end }} + {{- if .Values.extraHostVolumeMounts }} + {{- range $_, $mount := .Values.extraHostVolumeMounts }} + - name: {{ $mount.name }} + hostPath: + path: {{ $mount.hostPath }} + {{- end }} + {{- end }} + {{- if .Values.sidecarVolumeMount }} + {{- range $_, $mount := .Values.sidecarVolumeMount }} + - name: {{ $mount.name }} + emptyDir: + medium: Memory + {{- end }} + {{- end }} + {{- if .Values.configmaps }} + {{- range $_, $mount := .Values.configmaps }} + - name: {{ $mount.name }} + configMap: + name: {{ $mount.name }} + {{- end }} + {{- end }} + {{- if .Values.secrets }} + {{- range $_, $mount := .Values.secrets }} + - name: {{ $mount.name }} + secret: + secretName: {{ $mount.name }} + {{- end }} + {{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/endpoints.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/endpoints.yaml new file mode 100755 index 000000000..8daaeaaff --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/endpoints.yaml @@ -0,0 +1,18 @@ +{{- if .Values.endpoints }} +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ template "prometheus-node-exporter.fullname" . }} + namespace: {{ template "prometheus-node-exporter.namespace" . }} + labels: +{{ include "prometheus-node-exporter.labels" . | indent 4 }} +subsets: + - addresses: + {{- range .Values.endpoints }} + - ip: {{ . }} + {{- end }} + ports: + - name: metrics + port: 9100 + protocol: TCP +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/monitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/monitor.yaml new file mode 100755 index 000000000..2f7b6ae9e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/monitor.yaml @@ -0,0 +1,32 @@ +{{- if .Values.prometheus.monitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "prometheus-node-exporter.fullname" . }} + namespace: {{ template "prometheus-node-exporter.namespace" . }} + labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} + {{- if .Values.prometheus.monitor.additionalLabels }} +{{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }} + {{- end }} +spec: + selector: + matchLabels: + app: {{ template "prometheus-node-exporter.name" . }} + release: {{ .Release.Name }} + endpoints: + - port: metrics + scheme: {{ $.Values.prometheus.monitor.scheme }} + {{- if $.Values.prometheus.monitor.bearerTokenFile }} + bearerTokenFile: {{ $.Values.prometheus.monitor.bearerTokenFile }} + {{- end }} + {{- if $.Values.prometheus.monitor.tlsConfig }} + tlsConfig: {{ toYaml $.Values.prometheus.monitor.tlsConfig | nindent 8 }} + {{- end }} + {{- if .Values.prometheus.monitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.prometheus.monitor.scrapeTimeout }} + {{- end }} +{{- if .Values.prometheus.monitor.relabelings }} + relabelings: +{{ toYaml .Values.prometheus.monitor.relabelings | indent 6 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml new file mode 100755 index 000000000..cb433369c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml @@ -0,0 +1,15 @@ +{{- if .Values.rbac.create }} +{{- if .Values.rbac.pspEnabled }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: psp-{{ template "prometheus-node-exporter.fullname" . }} + labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} +rules: +- apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "prometheus-node-exporter.fullname" . }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml new file mode 100755 index 000000000..d36d93ecf --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml @@ -0,0 +1,17 @@ +{{- if .Values.rbac.create }} +{{- if .Values.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: psp-{{ template "prometheus-node-exporter.fullname" . }} + labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: psp-{{ template "prometheus-node-exporter.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "prometheus-node-exporter.fullname" . }} + namespace: {{ template "prometheus-node-exporter.namespace" . }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/psp.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/psp.yaml new file mode 100755 index 000000000..f00506c98 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/psp.yaml @@ -0,0 +1,52 @@ +{{- if .Values.rbac.create }} +{{- if .Values.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "prometheus-node-exporter.fullname" . }} + namespace: {{ template "prometheus-node-exporter.namespace" . }} + labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} +spec: + privileged: false + # Required to prevent escalations to root. + # allowPrivilegeEscalation: false + # This is redundant with non-root + disallow privilege escalation, + # but we can provide it for defense in depth. + #requiredDropCapabilities: + # - ALL + # Allow core volume types. + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'secret' + - 'downwardAPI' + - 'persistentVolumeClaim' + - 'hostPath' + hostNetwork: true + hostIPC: false + hostPID: true + hostPorts: + - min: 0 + max: 65535 + runAsUser: + # Permits the container to run with root privileges as well. + rule: 'RunAsAny' + seLinux: + # This policy assumes the nodes are using AppArmor rather than SELinux. + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/service.yaml new file mode 100755 index 000000000..b0a447fe3 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "prometheus-node-exporter.fullname" . }} + namespace: {{ template "prometheus-node-exporter.namespace" . }} +{{- if .Values.service.annotations }} + annotations: +{{ toYaml .Values.service.annotations | indent 4 }} +{{- end }} + labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + {{- if ( and (eq .Values.service.type "NodePort" ) (not (empty .Values.service.nodePort)) ) }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + targetPort: {{ .Values.service.targetPort }} + protocol: TCP + name: metrics + selector: + app: {{ template "prometheus-node-exporter.name" . }} + release: {{ .Release.Name }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/serviceaccount.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/serviceaccount.yaml new file mode 100755 index 000000000..07e9f0d94 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/serviceaccount.yaml @@ -0,0 +1,18 @@ +{{- if .Values.rbac.create -}} +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "prometheus-node-exporter.serviceAccountName" . }} + namespace: {{ template "prometheus-node-exporter.namespace" . }} + labels: + app: {{ template "prometheus-node-exporter.name" . }} + chart: {{ template "prometheus-node-exporter.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: +{{ toYaml .Values.serviceAccount.annotations | indent 4 }} +imagePullSecrets: +{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/values.yaml new file mode 100755 index 000000000..47dedd4d2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/values.yaml @@ -0,0 +1,177 @@ +# Default values for prometheus-node-exporter. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + +image: + repository: rancher/mirrored-prometheus-node-exporter + tag: v1.1.2 + pullPolicy: IfNotPresent + +service: + type: ClusterIP + port: 9100 + targetPort: 9100 + nodePort: + listenOnAllInterfaces: true + annotations: + prometheus.io/scrape: "true" + +prometheus: + monitor: + enabled: false + additionalLabels: {} + namespace: "" + scheme: http + bearerTokenFile: + tlsConfig: {} + + relabelings: [] + scrapeTimeout: 10s + +## Customize the updateStrategy if set +updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 200m + # memory: 50Mi + # requests: + # cpu: 100m + # memory: 30Mi + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + annotations: {} + imagePullSecrets: [] + +securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + +containerSecurityContext: {} + # capabilities: + # add: + # - SYS_TIME + +rbac: + ## If true, create & use RBAC resources + ## + create: true + ## If true, create & use Pod Security Policy resources + ## https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + pspEnabled: true + +# for deployments that have node_exporter deployed outside of the cluster, list +# their addresses here +endpoints: [] + +# Expose the service to the host network +hostNetwork: true + +## If true, node-exporter pods mounts host / at /host/root +## +hostRootFsMount: true + +## Assign a group of affinity scheduling rules +## +affinity: {} +# nodeAffinity: +# requiredDuringSchedulingIgnoredDuringExecution: +# nodeSelectorTerms: +# - matchFields: +# - key: metadata.name +# operator: In +# values: +# - target-host-name + +# Annotations to be added to node exporter pods +podAnnotations: + # Fix for very slow GKE cluster upgrades + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + +# Extra labels to be added to node exporter pods +podLabels: {} + +# Custom DNS configuration to be added to prometheus-node-exporter pods +dnsConfig: {} +# nameservers: +# - 1.2.3.4 +# searches: +# - ns1.svc.cluster-domain.example +# - my.dns.search.suffix +# options: +# - name: ndots +# value: "2" +# - name: edns0 + +## Assign a nodeSelector if operating a hybrid cluster +## +nodeSelector: {} +# beta.kubernetes.io/arch: amd64 +# beta.kubernetes.io/os: linux + +tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + +## Assign a PriorityClassName to pods if set +# priorityClassName: "" + +## Additional container arguments +## +extraArgs: [] +# - --collector.diskstats.ignored-devices=^(ram|loop|fd|(h|s|v)d[a-z]|nvme\\d+n\\d+p)\\d+$ +# - --collector.textfile.directory=/run/prometheus + +## Additional mounts from the host +## +extraHostVolumeMounts: [] +# - name: +# hostPath: +# mountPath: +# readOnly: true|false +# mountPropagation: None|HostToContainer|Bidirectional + +## Additional configmaps to be mounted. +## +configmaps: [] +# - name: +# mountPath: +secrets: [] +# - name: +# mountPath: +## Override the deployment namespace +## +namespaceOverride: "" + +## Additional containers for export metrics to text file +## +sidecars: [] +## - name: nvidia-dcgm-exporter +## image: nvidia/dcgm-exporter:1.4.3 + +## Volume for sidecar containers +## +sidecarVolumeMount: [] +## - name: collector-textfiles +## mountPath: /run/prometheus +## readOnly: false diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/Chart.yaml new file mode 100755 index 000000000..e5205567e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: rke2ControllerManager +type: application +version: 0.1.3 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/README.md new file mode 100755 index 000000000..dcecc69da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/README.md @@ -0,0 +1,54 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/_helpers.tpl new file mode 100755 index 000000000..f77b8edf4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/_helpers.tpl @@ -0,0 +1,87 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) .Release.Namespace (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-clients-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-clients-rbac.yaml new file mode 100755 index 000000000..95346dee6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,74 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-clients.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-clients.yaml new file mode 100755 index 000000000..ed78792e5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-clients.yaml @@ -0,0 +1,135 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-proxy-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-proxy-rbac.yaml new file mode 100755 index 000000000..a3509c160 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-proxy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-proxy.yaml new file mode 100755 index 000000000..571e13138 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-servicemonitor.yaml new file mode 100755 index 000000000..2f3d7e54c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + proxyUrl: {{ template "pushProxy.proxyUrl" . }} + {{- if .Values.clients.https.enabled }} + params: + _scheme: [https] + {{- end }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/values.yaml new file mode 100755 index 000000000..e1bcf79a5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/values.yaml @@ -0,0 +1,86 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher1-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher1-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/Chart.yaml new file mode 100755 index 000000000..7320aec04 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: rke2Etcd +type: application +version: 0.1.3 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/README.md new file mode 100755 index 000000000..dcecc69da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/README.md @@ -0,0 +1,54 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/_helpers.tpl new file mode 100755 index 000000000..f77b8edf4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/_helpers.tpl @@ -0,0 +1,87 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) .Release.Namespace (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-clients-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-clients-rbac.yaml new file mode 100755 index 000000000..95346dee6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,74 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-clients.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-clients.yaml new file mode 100755 index 000000000..ed78792e5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-clients.yaml @@ -0,0 +1,135 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-proxy-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-proxy-rbac.yaml new file mode 100755 index 000000000..a3509c160 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-proxy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-proxy.yaml new file mode 100755 index 000000000..571e13138 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-servicemonitor.yaml new file mode 100755 index 000000000..2f3d7e54c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + proxyUrl: {{ template "pushProxy.proxyUrl" . }} + {{- if .Values.clients.https.enabled }} + params: + _scheme: [https] + {{- end }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/values.yaml new file mode 100755 index 000000000..e1bcf79a5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/values.yaml @@ -0,0 +1,86 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher1-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher1-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/Chart.yaml new file mode 100755 index 000000000..1e2201169 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: rke2Proxy +type: application +version: 0.1.3 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/README.md new file mode 100755 index 000000000..dcecc69da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/README.md @@ -0,0 +1,54 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/_helpers.tpl new file mode 100755 index 000000000..f77b8edf4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/_helpers.tpl @@ -0,0 +1,87 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) .Release.Namespace (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-clients-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-clients-rbac.yaml new file mode 100755 index 000000000..95346dee6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,74 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-clients.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-clients.yaml new file mode 100755 index 000000000..ed78792e5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-clients.yaml @@ -0,0 +1,135 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-proxy-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-proxy-rbac.yaml new file mode 100755 index 000000000..a3509c160 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-proxy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-proxy.yaml new file mode 100755 index 000000000..571e13138 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-servicemonitor.yaml new file mode 100755 index 000000000..2f3d7e54c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + proxyUrl: {{ template "pushProxy.proxyUrl" . }} + {{- if .Values.clients.https.enabled }} + params: + _scheme: [https] + {{- end }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/values.yaml new file mode 100755 index 000000000..e1bcf79a5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/values.yaml @@ -0,0 +1,86 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher1-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher1-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/Chart.yaml new file mode 100755 index 000000000..4b076fb84 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: rke2Scheduler +type: application +version: 0.1.3 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/README.md new file mode 100755 index 000000000..dcecc69da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/README.md @@ -0,0 +1,54 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/_helpers.tpl new file mode 100755 index 000000000..f77b8edf4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/_helpers.tpl @@ -0,0 +1,87 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) .Release.Namespace (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-clients-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-clients-rbac.yaml new file mode 100755 index 000000000..95346dee6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,74 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-clients.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-clients.yaml new file mode 100755 index 000000000..ed78792e5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-clients.yaml @@ -0,0 +1,135 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-proxy-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-proxy-rbac.yaml new file mode 100755 index 000000000..a3509c160 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-proxy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-proxy.yaml new file mode 100755 index 000000000..571e13138 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-servicemonitor.yaml new file mode 100755 index 000000000..2f3d7e54c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + proxyUrl: {{ template "pushProxy.proxyUrl" . }} + {{- if .Values.clients.https.enabled }} + params: + _scheme: [https] + {{- end }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/values.yaml new file mode 100755 index 000000000..e1bcf79a5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/values.yaml @@ -0,0 +1,86 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher1-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher1-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/Chart.yaml new file mode 100755 index 000000000..09ef21031 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: rkeControllerManager +type: application +version: 0.1.3 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/README.md new file mode 100755 index 000000000..dcecc69da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/README.md @@ -0,0 +1,54 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/_helpers.tpl new file mode 100755 index 000000000..f77b8edf4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/_helpers.tpl @@ -0,0 +1,87 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) .Release.Namespace (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-clients-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-clients-rbac.yaml new file mode 100755 index 000000000..95346dee6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,74 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-clients.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-clients.yaml new file mode 100755 index 000000000..ed78792e5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-clients.yaml @@ -0,0 +1,135 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-proxy-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-proxy-rbac.yaml new file mode 100755 index 000000000..a3509c160 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-proxy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-proxy.yaml new file mode 100755 index 000000000..571e13138 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-servicemonitor.yaml new file mode 100755 index 000000000..2f3d7e54c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + proxyUrl: {{ template "pushProxy.proxyUrl" . }} + {{- if .Values.clients.https.enabled }} + params: + _scheme: [https] + {{- end }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/values.yaml new file mode 100755 index 000000000..e1bcf79a5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/values.yaml @@ -0,0 +1,86 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher1-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher1-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/Chart.yaml new file mode 100755 index 000000000..a4f4b02e4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: rkeEtcd +type: application +version: 0.1.3 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/README.md new file mode 100755 index 000000000..dcecc69da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/README.md @@ -0,0 +1,54 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/_helpers.tpl new file mode 100755 index 000000000..f77b8edf4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/_helpers.tpl @@ -0,0 +1,87 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) .Release.Namespace (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-clients-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-clients-rbac.yaml new file mode 100755 index 000000000..95346dee6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,74 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-clients.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-clients.yaml new file mode 100755 index 000000000..ed78792e5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-clients.yaml @@ -0,0 +1,135 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-proxy-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-proxy-rbac.yaml new file mode 100755 index 000000000..a3509c160 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-proxy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-proxy.yaml new file mode 100755 index 000000000..571e13138 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-servicemonitor.yaml new file mode 100755 index 000000000..2f3d7e54c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + proxyUrl: {{ template "pushProxy.proxyUrl" . }} + {{- if .Values.clients.https.enabled }} + params: + _scheme: [https] + {{- end }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/values.yaml new file mode 100755 index 000000000..e1bcf79a5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/values.yaml @@ -0,0 +1,86 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher1-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher1-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/Chart.yaml new file mode 100755 index 000000000..f86115b68 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: rkeProxy +type: application +version: 0.1.3 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/README.md new file mode 100755 index 000000000..dcecc69da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/README.md @@ -0,0 +1,54 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/_helpers.tpl new file mode 100755 index 000000000..f77b8edf4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/_helpers.tpl @@ -0,0 +1,87 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) .Release.Namespace (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-clients-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-clients-rbac.yaml new file mode 100755 index 000000000..95346dee6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,74 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-clients.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-clients.yaml new file mode 100755 index 000000000..ed78792e5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-clients.yaml @@ -0,0 +1,135 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-proxy-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-proxy-rbac.yaml new file mode 100755 index 000000000..a3509c160 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-proxy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-proxy.yaml new file mode 100755 index 000000000..571e13138 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-servicemonitor.yaml new file mode 100755 index 000000000..2f3d7e54c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + proxyUrl: {{ template "pushProxy.proxyUrl" . }} + {{- if .Values.clients.https.enabled }} + params: + _scheme: [https] + {{- end }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/values.yaml new file mode 100755 index 000000000..e1bcf79a5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/values.yaml @@ -0,0 +1,86 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher1-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher1-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/Chart.yaml new file mode 100755 index 000000000..9b58f56a5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: rkeScheduler +type: application +version: 0.1.3 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/README.md new file mode 100755 index 000000000..dcecc69da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/README.md @@ -0,0 +1,54 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/_helpers.tpl new file mode 100755 index 000000000..f77b8edf4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/_helpers.tpl @@ -0,0 +1,87 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) .Release.Namespace (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-clients-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-clients-rbac.yaml new file mode 100755 index 000000000..95346dee6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,74 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-clients.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-clients.yaml new file mode 100755 index 000000000..ed78792e5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-clients.yaml @@ -0,0 +1,135 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-proxy-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-proxy-rbac.yaml new file mode 100755 index 000000000..a3509c160 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-proxy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-proxy.yaml new file mode 100755 index 000000000..571e13138 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-servicemonitor.yaml new file mode 100755 index 000000000..2f3d7e54c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + proxyUrl: {{ template "pushProxy.proxyUrl" . }} + {{- if .Values.clients.https.enabled }} + params: + _scheme: [https] + {{- end }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/values.yaml new file mode 100755 index 000000000..e1bcf79a5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/values.yaml @@ -0,0 +1,86 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher1-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher1-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/Chart.yaml new file mode 100755 index 000000000..fba9162f2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/Chart.yaml @@ -0,0 +1,15 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: windows + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-windows-exporter +apiVersion: v1 +appVersion: 0.0.4 +description: Sets up monitoring metrics from Windows nodes via Prometheus windows-exporter +maintainers: +- email: arvind.iyengar@rancher.com + name: aiyengar2 +name: windowsExporter +type: application +version: 0.1.0 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/README.md new file mode 100755 index 000000000..6115b6f25 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/README.md @@ -0,0 +1,17 @@ +# rancher-windows-exporter + +A Rancher chart based on the [prometheus-community/windows-exporter](https://github.com/prometheus-community/windows_exporter) project (previously called wmi-exporter) that sets up a DaemonSet of clients that can scrape windows-exporter metrics from Windows nodes on a Kubernetes cluster. + +A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR and PrometheusRule CR are also created by this chart to collect metrics and add some recording rules to map `windows_` series with their OS-agnostic counterparts. + +## Node Requirements + +Since Windows does not support privileged pods, this chart expects a Named Pipe (`\\.\pipe\rancher_wins`) to exist on the Windows host that allows containers to communicate with the host. This is done by deploying a [rancher/wins](https://github.com/rancher/wins) server on the host. + +The image used by the chart, [windows_exporter-package](https://github.com/rancher/windows_exporter-package), is configured to create a wins client that communicates with the wins server, alongside a running copy of a particular version of [windows-exporter](https://github.com/prometheus-community/windows_exporter). Through the wins client and wins server, the windows-exporter is able to communicate directly with the Windows host to collect metrics and expose them. + +If the cluster you are installing this chart on is a custom cluster that was created via RKE1 with Windows Support enabled, your nodes should already have the wins server running; this should have been added as part of [the bootstrapping process for adding the Windows node onto your RKE1 cluster](https://github.com/rancher/rancher/blob/master/package/windows/bootstrap.ps1). + +## Configuration + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for an example of how this chart can be used. diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/check-wins-version.ps1 b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/check-wins-version.ps1 new file mode 100755 index 000000000..0e46f79d5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/check-wins-version.ps1 @@ -0,0 +1,20 @@ +$ErrorActionPreference = 'Stop' + +$winsPath = "C:\Windows\wins.exe" +$minWinsVersion = [System.Version]"0.1.0" + +function Get-Wins-Version +{ + $winsAppInfo = Invoke-Expression "& $winsPath cli app info | ConvertFrom-Json" + return [System.Version]($winsAppInfo.Server.Version.substring(1)) +} + +# Wait till the wins version installed is at least v0.1.0 +$winsVersion = Get-Wins-Version +while ($winsVersion -lt $minWinsVersion) { + Write-Host $('wins on host must be at least v{0}, found v{1}. Checking again in 10 seconds...' -f $minWinsVersion, $winsVersion) + Start-Sleep -s 10 + $winsVersion = Get-Wins-Version +} + +Write-Host $('Detected wins version on host is v{0}, which is >v{1}. Continuing with installation...' -f $winsVersion, $minWinsVersion) diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/copy-binary.ps1 b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/copy-binary.ps1 new file mode 100755 index 000000000..a9a28df96 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/copy-binary.ps1 @@ -0,0 +1,40 @@ +$ErrorActionPreference = 'Stop' + +function Create-Directory +{ + param ( + [parameter(Mandatory = $false, ValueFromPipeline = $true)] [string]$Path + ) + + if (Test-Path -Path $Path) { + if (-not (Test-Path -Path $Path -PathType Container)) { + # clean the same path file + Remove-Item -Recurse -Force -Path $Path -ErrorAction Ignore | Out-Null + } + + return + } + + New-Item -Force -ItemType Directory -Path $Path | Out-Null +} + +function Transfer-File +{ + param ( + [parameter(Mandatory = $true)] [string]$Src, + [parameter(Mandatory = $true)] [string]$Dst + ) + + if (Test-Path -PathType leaf -Path $Dst) { + $dstHasher = Get-FileHash -Path $Dst + $srcHasher = Get-FileHash -Path $Src + if ($dstHasher.Hash -eq $srcHasher.Hash) { + return + } + } + + $null = Copy-Item -Force -Path $Src -Destination $Dst +} + +Create-Directory -Path "c:\host\etc\windows-exporter" +Transfer-File -Src "c:\etc\windows-exporter\windows-exporter.exe" -Dst "c:\host\etc\windows-exporter\windows-exporter.exe" \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/proxy-entry.ps1 b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/proxy-entry.ps1 new file mode 100755 index 000000000..9d0581b66 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/proxy-entry.ps1 @@ -0,0 +1,11 @@ +# default +$listenPort = "9796" + +if ($env:LISTEN_PORT) { + $listenPort = $env:LISTEN_PORT +} + +# format "UDP:4789 TCP:8080" +$winsPublish = $('TCP:{0}' -f $listenPort) + +wins.exe cli proxy --publish $winsPublish diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/run.ps1 b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/run.ps1 new file mode 100755 index 000000000..aaabd626a --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/run.ps1 @@ -0,0 +1,44 @@ +$ErrorActionPreference = 'Stop' + +function Create-Directory +{ + param ( + [parameter(Mandatory = $false, ValueFromPipeline = $true)] [string]$Path + ) + + if (Test-Path -Path $Path) { + if (-not (Test-Path -Path $Path -PathType Container)) { + # clean the same path file + Remove-Item -Recurse -Force -Path $Path -ErrorAction Ignore | Out-Null + } + + return + } + + New-Item -Force -ItemType Directory -Path $Path | Out-Null +} + +function Transfer-File +{ + param ( + [parameter(Mandatory = $true)] [string]$Src, + [parameter(Mandatory = $true)] [string]$Dst + ) + + if (Test-Path -PathType leaf -Path $Dst) { + $dstHasher = Get-FileHash -Path $Dst + $srcHasher = Get-FileHash -Path $Src + if ($dstHasher.Hash -eq $srcHasher.Hash) { + return + } + } + + $null = Copy-Item -Force -Path $Src -Destination $Dst +} + +# Copy binary +Create-Directory -Path "c:\host\etc\windows-exporter" +Transfer-File -Src "c:\etc\windows-exporter\windows-exporter.exe" -Dst "c:\host\etc\windows-exporter\windows-exporter.exe" + +# Run wins +Invoke-Expression -Command c:\entry.ps1 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/_helpers.tpl new file mode 100755 index 000000000..7365b52f5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/_helpers.tpl @@ -0,0 +1,64 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# General + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +The components in this chart create additional resources that expand the longest created name strings. +The longest name that gets created adds and extra 37 characters, so truncation should be 63-35=26. +*/}} +{{- define "windowsExporter.name" -}} +{{ printf "%s-windows-exporter" .Release.Name }} +{{- end -}} + +{{- define "windowsExporter.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride -}} +{{- end -}} + +{{- define "windowsExporter.labels" -}} +k8s-app: {{ template "windowsExporter.name" . }} +release: {{ .Release.Name }} +component: "windows-exporter" +provider: kubernetes +{{- end -}} + +# Client + +{{- define "windowsExporter.client.nodeSelector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: windows +{{- else -}} +kubernetes.io/os: windows +{{- end -}} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector }} +{{- end }} +{{- end -}} + +{{- define "windowsExporter.client.tolerations" -}} +{{- if .Values.clients.tolerations -}} +{{ toYaml .Values.clients.tolerations }} +{{- else -}} +- operator: Exists +{{- end -}} +{{- end -}} + +{{- define "windowsExporter.client.env" -}} +- name: LISTEN_PORT + value: {{ required "Need .Values.clients.port to figure out where to get metrics from" .Values.clients.port | quote }} +{{- if .Values.clients.enabledCollectors }} +- name: ENABLED_COLLECTORS + value: {{ .Values.clients.enabledCollectors | quote }} +{{- end }} +{{- if .Values.clients.env }} +{{ toYaml .Values.clients.env }} +{{- end }} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/configmap.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/configmap.yaml new file mode 100755 index 000000000..c17b108df --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/configmap.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "windowsExporter.name" . }}-scripts + namespace: {{ template "windowsExporter.namespace" . }} + labels: {{ include "windowsExporter.labels" . | nindent 4 }} +data: +{{ (.Files.Glob "scripts/*").AsConfig | indent 2 }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/daemonset.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/daemonset.yaml new file mode 100755 index 000000000..f0fdea634 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/daemonset.yaml @@ -0,0 +1,74 @@ +{{- if .Values.clients }}{{ if .Values.clients.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "windowsExporter.name" . }} + namespace: {{ template "windowsExporter.namespace" . }} + labels: {{ include "windowsExporter.labels" . | nindent 4 }} +spec: + selector: + matchLabels: {{ include "windowsExporter.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "windowsExporter.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "windowsExporter.client.nodeSelector" . | nindent 8 }} + tolerations: {{ include "windowsExporter.client.tolerations" . | nindent 8 }} + serviceAccountName: {{ template "windowsExporter.name" . }} + containers: + - name: exporter-node-proxy + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: ["pwsh", "-f", "c:/scripts/proxy-entry.ps1"] + ports: + - name: http + containerPort: {{ required "Need .Values.clients.port to figure out where to get metrics from" .Values.clients.port }} + env: {{ include "windowsExporter.client.env" . | nindent 10 }} +{{- if .Values.resources }} + resources: {{ toYaml .Values.clients.proxy.resources | nindent 10 }} +{{- end }} + volumeMounts: + - name: wins-pipe-proxy + mountPath: \\.\pipe\rancher_wins_proxy + - name: exporter-scripts + mountPath: c:/scripts/ + - name: exporter-node + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: ["pwsh", "-f", "c:/scripts/run.ps1"] +{{- if .Values.clients.args }} + args: {{ .Values.clients.args }} +{{- end }} + env: {{ include "windowsExporter.client.env" . | nindent 10 }} +{{- if .Values.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} +{{- end }} + volumeMounts: + - name: wins-pipe + mountPath: \\.\pipe\rancher_wins + - name: binary-host-path + mountPath: c:/host/etc/windows-exporter + - name: exporter-scripts + mountPath: c:/scripts/ + initContainers: + - name: check-wins-version + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: ["pwsh", "-f", "c:/scripts/check-wins-version.ps1"] + volumeMounts: + - name: wins-pipe + mountPath: \\.\pipe\rancher_wins + - name: exporter-scripts + mountPath: c:/scripts/ + volumes: + - name: wins-pipe + hostPath: + path: \\.\pipe\rancher_wins + - name: wins-pipe-proxy + hostPath: + path: \\.\pipe\rancher_wins_proxy + - name: binary-host-path + hostPath: + path: c:/etc/windows-exporter + type: DirectoryOrCreate + - name: exporter-scripts + configMap: + name: {{ template "windowsExporter.name" . }}-scripts +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/rbac.yaml new file mode 100755 index 000000000..ebec8f235 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/rbac.yaml @@ -0,0 +1,78 @@ +{{- if .Values.clients }}{{ if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "windowsExporter.name" . }} + namespace: {{ template "windowsExporter.namespace" . }} + labels: {{ include "windowsExporter.labels" . | nindent 4 }} +rules: +- apiGroups: ['authentication.k8s.io'] + resources: ['tokenreviews'] + verbs: ['create'] +- apiGroups: ['authorization.k8s.io'] + resources: ['subjectaccessreviews'] + verbs: ['create'] +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: ['{{ template "windowsExporter.name" . }}'] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "windowsExporter.name" . }} + namespace: {{ template "windowsExporter.namespace" . }} + labels: {{ include "windowsExporter.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "windowsExporter.name" . }} +subjects: +- kind: ServiceAccount + name: {{ template "windowsExporter.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "windowsExporter.name" . }} + namespace: {{ template "windowsExporter.namespace" . }} + labels: {{ include "windowsExporter.labels" . | nindent 4 }} +{{- if .Values.clients.imagePullSecrets }} +imagePullSecrets: {{ toYaml .Values.clients.imagePullSecrets | nindent 2 }} +{{- end }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "windowsExporter.name" . }} + namespace: {{ template "windowsExporter.namespace" . }} + labels: {{ include "windowsExporter.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' + - 'hostPath' + allowedHostPaths: + - pathPrefix: \\.\pipe\rancher_wins + - pathPrefix: \\.\pipe\rancher_wins_proxy + - pathPrefix: c:/etc/windows-exporter +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/service.yaml new file mode 100755 index 000000000..944150e5c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/service.yaml @@ -0,0 +1,15 @@ +{{- if and .Values.serviceMonitor .Values.clients }}{{- if and .Values.serviceMonitor.enabled .Values.clients.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "windowsExporter.name" . }} + namespace: {{ template "windowsExporter.namespace" . }} + labels: {{ include "windowsExporter.labels" . | nindent 4 }} +spec: + ports: + - name: windows-metrics + port: {{ required "Need .Values.clients.port to figure out where to get metrics from" .Values.clients.port }} + protocol: TCP + targetPort: {{ .Values.clients.port }} + selector: {{ include "windowsExporter.labels" . | nindent 4 }} +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/servicemonitor.yaml new file mode 100755 index 000000000..a2c2f0b54 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/servicemonitor.yaml @@ -0,0 +1,44 @@ +{{- if and .Values.serviceMonitor .Values.clients }}{{- if and .Values.serviceMonitor.enabled .Values.clients.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: {{ include "windowsExporter.labels" . | nindent 4 }} + name: {{ template "windowsExporter.name" . }} + namespace: {{ template "windowsExporter.namespace" . }} +spec: + selector: + matchLabels: {{ include "windowsExporter.labels" . | nindent 6 }} + namespaceSelector: + matchNames: + - {{ template "windowsExporter.namespace" . }} + jobLabel: component + podTargetLabels: + - component + endpoints: + - port: windows-metrics + metricRelabelings: + - sourceLabels: [__name__] + regex: 'wmi_(.*)' + replacement: 'windows_$1' + targetLabel: __name__ + - sourceLabels: [__name__] + regex: windows_mssql_transactions_active_total + replacement: 'windows_mssql_transactions_active' + targetLabel: __name__ + - sourceLabels: [volume, nic] + regex: (.*);(.*) + separator: '' + targetLabel: device + action: replace + replacement: $1$2 + - sourceLabels: [__name__] + regex: windows_cs_logical_processors + replacement: 'system' + targetLabel: mode + relabelings: + - separator: ':' + sourceLabels: + - __meta_kubernetes_pod_host_ip + - __meta_kubernetes_pod_container_port_number + targetLabel: instance +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/values.yaml new file mode 100755 index 000000000..a75fbc34f --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/values.yaml @@ -0,0 +1,44 @@ +# Default values for rancher-windows-exporter. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +# Configure ServiceMonitor that monitors metrics +serviceMonitor: + enabled: true + +## Components scraping metrics from Windows nodes +## +clients: + enabled: true + + port: 9796 + image: + repository: rancher/windows_exporter-package + tag: v0.0.1 + + # Specify the IP addresses of nodes that you want to collect metrics from + endpoints: [] + + # Get more details on https://github.com/prometheus-community/windows_exporter + args: [] + env: {} + enabledCollectors: "net,os,service,system,cpu,cs,logical_disk,tcp,memory,container" + + # Resource limits + resources: {} + + # Options to select nodes to target for scraping Windows metrics + nodeSelector: {} # Note: {kubernetes.io/os: windows} is default and cannot be overridden + tolerations: [] # Note: if not specified, the default option is to use [{operator: Exists}] + + # Image Pull Secrets for the service account used by the clients + imagePullSecrets: {} + + proxy: + resources: {} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/ingress-nginx/nginx.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/ingress-nginx/nginx.json new file mode 100755 index 000000000..347c9eb05 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/ingress-nginx/nginx.json @@ -0,0 +1,1463 @@ +{ + "__inputs": [ + { + "name": "DS_PROMETHEUS", + "label": "Prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__requires": [ + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "5.2.1" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "5.0.0" + }, + { + "type": "panel", + "id": "singlestat", + "name": "Singlestat", + "version": "5.0.0" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + }, + { + "datasource": "${DS_PROMETHEUS}", + "enable": true, + "expr": "sum(changes(nginx_ingress_controller_config_last_reload_successful_timestamp_seconds{instance!=\"unknown\",controller_class=~\"$controller_class\",namespace=~\"$namespace\"}[30s])) by (controller_class)", + "hide": false, + "iconColor": "rgba(255, 96, 96, 1)", + "limit": 100, + "name": "Config Reloads", + "showIn": 0, + "step": "30s", + "tagKeys": "controller_class", + "tags": [], + "titleFormat": "Config Reloaded", + "type": "tags" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "iteration": 1534359654832, + "links": [], + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "${DS_PROMETHEUS}", + "format": "ops", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 0, + "y": 0 + }, + "id": 20, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": true, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "round(sum(irate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\"}[2m])), 0.001)", + "format": "time_series", + "intervalFactor": 1, + "refId": "A", + "step": 4 + } + ], + "thresholds": "", + "title": "Controller Request Volume", + "transparent": false, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "${DS_PROMETHEUS}", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 6, + "y": 0 + }, + "id": 82, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": true, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(avg_over_time(nginx_ingress_controller_nginx_process_connections{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",state=\"active\"}[2m]))", + "format": "time_series", + "instant": false, + "intervalFactor": 1, + "refId": "A", + "step": 4 + } + ], + "thresholds": "", + "title": "Controller Connections", + "transparent": false, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "${DS_PROMETHEUS}", + "format": "percentunit", + "gauge": { + "maxValue": 100, + "minValue": 80, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": false + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 12, + "y": 0 + }, + "id": 21, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": true, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\",status!~\"[4-5].*\"}[2m])) / sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\"}[2m]))", + "format": "time_series", + "intervalFactor": 1, + "refId": "A", + "step": 4 + } + ], + "thresholds": "95, 99, 99.5", + "title": "Controller Success Rate (non-4|5xx responses)", + "transparent": false, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "${DS_PROMETHEUS}", + "decimals": 0, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 18, + "y": 0 + }, + "id": 81, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": true, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "avg(irate(nginx_ingress_controller_success{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[1m])) * 60", + "format": "time_series", + "instant": false, + "intervalFactor": 1, + "refId": "A", + "step": 4 + } + ], + "thresholds": "", + "title": "Config Reloads", + "transparent": false, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "total" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "${DS_PROMETHEUS}", + "decimals": 0, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 21, + "y": 0 + }, + "id": 83, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": true, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "count(nginx_ingress_controller_config_last_reload_successful{controller_pod=~\"$controller\",controller_namespace=~\"$namespace\"} == 0)", + "format": "time_series", + "instant": true, + "intervalFactor": 1, + "refId": "A", + "step": 4 + } + ], + "thresholds": "", + "title": "Last Config Failed", + "transparent": false, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "decimals": 2, + "editable": true, + "error": false, + "fill": 1, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 3 + }, + "height": "200px", + "id": 86, + "isNew": true, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "hideEmpty": false, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": 300, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "repeatDirection": "h", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "round(sum(irate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress), 0.001)", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ ingress }}", + "metric": "network", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Ingress Request Volume", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 2, + "value_type": "cumulative" + }, + "transparent": false, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "reqps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "max - istio-proxy": "#890f02", + "max - master": "#bf1b00", + "max - prometheus": "#bf1b00" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "decimals": 2, + "editable": false, + "error": false, + "fill": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 3 + }, + "id": 87, + "isNew": true, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "hideEmpty": true, + "hideZero": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": 300, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\",ingress=~\"$ingress\",status!~\"[4-5].*\"}[2m])) by (ingress) / sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress)", + "format": "time_series", + "instant": false, + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "{{ ingress }}", + "metric": "container_memory_usage:sort_desc", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Ingress Success Rate (non-4|5xx responses)", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 1, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "decimals": 2, + "editable": true, + "error": false, + "fill": 1, + "grid": {}, + "gridPos": { + "h": 6, + "w": 8, + "x": 0, + "y": 10 + }, + "height": "200px", + "id": 32, + "isNew": true, + "legend": { + "alignAsTable": false, + "avg": true, + "current": true, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "sideWidth": 200, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum (irate (nginx_ingress_controller_request_size_sum{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[2m]))", + "format": "time_series", + "instant": false, + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "Received", + "metric": "network", + "refId": "A", + "step": 10 + }, + { + "expr": "- sum (irate (nginx_ingress_controller_response_size_sum{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[2m]))", + "format": "time_series", + "hide": false, + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "Sent", + "metric": "network", + "refId": "B", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Network I/O pressure", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "transparent": false, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "max - istio-proxy": "#890f02", + "max - master": "#bf1b00", + "max - prometheus": "#bf1b00" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "decimals": 2, + "editable": false, + "error": false, + "fill": 0, + "grid": {}, + "gridPos": { + "h": 6, + "w": 8, + "x": 8, + "y": 10 + }, + "id": 77, + "isNew": true, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "sideWidth": 200, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "avg(nginx_ingress_controller_nginx_process_resident_memory_bytes{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}) ", + "format": "time_series", + "instant": false, + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "nginx", + "metric": "container_memory_usage:sort_desc", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Average Memory Usage", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 2, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "max - istio-proxy": "#890f02", + "max - master": "#bf1b00" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "decimals": 3, + "editable": false, + "error": false, + "fill": 0, + "grid": {}, + "gridPos": { + "h": 6, + "w": 8, + "x": 16, + "y": 10 + }, + "height": "", + "id": 79, + "isNew": true, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "sort": null, + "sortDesc": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "avg (rate (nginx_ingress_controller_nginx_process_cpu_seconds_total{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[2m])) ", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "nginx", + "metric": "container_cpu", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + { + "colorMode": "critical", + "fill": true, + "line": true, + "op": "gt" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Average CPU Usage", + "tooltip": { + "msResolution": true, + "shared": true, + "sort": 2, + "value_type": "cumulative" + }, + "transparent": false, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "none", + "label": "cores", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "columns": [], + "datasource": "${DS_PROMETHEUS}", + "fontSize": "100%", + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 16 + }, + "hideTimeOverride": false, + "id": 75, + "links": [], + "pageSize": 7, + "repeat": null, + "repeatDirection": "h", + "scroll": true, + "showHeader": true, + "sort": { + "col": 1, + "desc": true + }, + "styles": [ + { + "alias": "Ingress", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "ingress", + "preserveFormat": false, + "sanitize": false, + "thresholds": [], + "type": "string", + "unit": "short" + }, + { + "alias": "Requests", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "Value #A", + "thresholds": [ + "" + ], + "type": "number", + "unit": "ops" + }, + { + "alias": "Errors", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "Value #B", + "thresholds": [], + "type": "number", + "unit": "ops" + }, + { + "alias": "P50 Latency", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": false, + "pattern": "Value #C", + "thresholds": [], + "type": "number", + "unit": "dtdurations" + }, + { + "alias": "P90 Latency", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "pattern": "Value #D", + "thresholds": [], + "type": "number", + "unit": "dtdurations" + }, + { + "alias": "P99 Latency", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "pattern": "Value #E", + "thresholds": [], + "type": "number", + "unit": "dtdurations" + }, + { + "alias": "IN", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "Value #F", + "thresholds": [ + "" + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "Time", + "thresholds": [], + "type": "hidden", + "unit": "short" + }, + { + "alias": "OUT", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "mappingType": 1, + "pattern": "Value #G", + "thresholds": [], + "type": "number", + "unit": "Bps" + } + ], + "targets": [ + { + "expr": "histogram_quantile(0.50, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le, ingress))", + "format": "table", + "hide": false, + "instant": true, + "intervalFactor": 1, + "legendFormat": "{{ ingress }}", + "refId": "C" + }, + { + "expr": "histogram_quantile(0.90, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le, ingress))", + "format": "table", + "hide": false, + "instant": true, + "intervalFactor": 1, + "legendFormat": "{{ ingress }}", + "refId": "D" + }, + { + "expr": "histogram_quantile(0.99, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le, ingress))", + "format": "table", + "hide": false, + "instant": true, + "intervalFactor": 1, + "legendFormat": "{{ destination_service }}", + "refId": "E" + }, + { + "expr": "sum(irate(nginx_ingress_controller_request_size_sum{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress)", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ ingress }}", + "refId": "F" + }, + { + "expr": "sum(irate(nginx_ingress_controller_response_size_sum{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress)", + "format": "table", + "instant": true, + "intervalFactor": 1, + "legendFormat": "{{ ingress }}", + "refId": "G" + } + ], + "timeFrom": null, + "title": "Ingress Percentile Response Times and Transfer Rates", + "transform": "table", + "transparent": false, + "type": "table" + }, + { + "columns": [ + { + "text": "Current", + "value": "current" + } + ], + "datasource": "${DS_PROMETHEUS}", + "fontSize": "100%", + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 24 + }, + "height": "1024", + "id": 85, + "links": [], + "pageSize": 7, + "scroll": true, + "showHeader": true, + "sort": { + "col": 1, + "desc": false + }, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "date" + }, + { + "alias": "TTL", + "colorMode": "cell", + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "pattern": "Current", + "thresholds": [ + "0", + "691200" + ], + "type": "number", + "unit": "s" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "decimals": 2, + "pattern": "/.*/", + "thresholds": [], + "type": "number", + "unit": "short" + } + ], + "targets": [ + { + "expr": "avg(nginx_ingress_controller_ssl_expire_time_seconds{kubernetes_pod_name=~\"$controller\",namespace=~\"$namespace\",ingress=~\"$ingress\"}) by (host) - time()", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{ host }}", + "metric": "gke_letsencrypt_cert_expiration", + "refId": "A", + "step": 1 + } + ], + "title": "Ingress Certificate Expiry", + "transform": "timeseries_aggregations", + "type": "table" + } + ], + "refresh": "5s", + "schemaVersion": 16, + "style": "dark", + "tags": [ + "nginx" + ], + "templating": { + "list": [ + { + "hide": 0, + "label": "datasource", + "name": "DS_PROMETHEUS", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": ".*", + "current": { + "text": "All", + "value": "$__all" + }, + "datasource": "${DS_PROMETHEUS}", + "hide": 0, + "includeAll": true, + "label": "Namespace", + "multi": false, + "name": "namespace", + "options": [], + "query": "label_values(nginx_ingress_controller_config_hash, controller_namespace)", + "refresh": 1, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".*", + "current": { + "text": "All", + "value": "$__all" + }, + "datasource": "${DS_PROMETHEUS}", + "hide": 0, + "includeAll": true, + "label": "Controller Class", + "multi": false, + "name": "controller_class", + "options": [], + "query": "label_values(nginx_ingress_controller_config_hash{namespace=~\"$namespace\"}, controller_class) ", + "refresh": 1, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".*", + "current": { + "text": "All", + "value": "$__all" + }, + "datasource": "${DS_PROMETHEUS}", + "hide": 0, + "includeAll": true, + "label": "Controller", + "multi": false, + "name": "controller", + "options": [], + "query": "label_values(nginx_ingress_controller_config_hash{namespace=~\"$namespace\",controller_class=~\"$controller_class\"}, controller_pod) ", + "refresh": 1, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".*", + "current": { + "tags": [], + "text": "All", + "value": "$__all" + }, + "datasource": "${DS_PROMETHEUS}", + "hide": 0, + "includeAll": true, + "label": "Ingress", + "multi": false, + "name": "ingress", + "options": [], + "query": "label_values(nginx_ingress_controller_requests{namespace=~\"$namespace\",controller_class=~\"$controller_class\",controller=~\"$controller\"}, ingress) ", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "2m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "NGINX / Ingress Controller", + "uid": "nginx", + "version": 1 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/ingress-nginx/request-handling-performance.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/ingress-nginx/request-handling-performance.json new file mode 100755 index 000000000..5635ae976 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/ingress-nginx/request-handling-performance.json @@ -0,0 +1,981 @@ +{ + "__inputs": [ + { + "name": "DS_PROMETHEUS", + "label": "Prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__requires": [ + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "6.6.0" + }, + { + "type": "panel", + "id": "graph", + "name": "Graph", + "version": "" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "1.0.0" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "", + "editable": true, + "gnetId": 9614, + "graphTooltip": 1, + "id": null, + "iteration": 1582146566338, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "description": "Total time taken for nginx and upstream servers to process a request and send a response", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 91, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(\n 0.5,\n sum by (le)(\n rate(\n nginx_ingress_controller_request_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", + "interval": "", + "legendFormat": ".5", + "refId": "D" + }, + { + "expr": "histogram_quantile(\n 0.95,\n sum by (le)(\n rate(\n nginx_ingress_controller_request_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", + "interval": "", + "legendFormat": ".95", + "refId": "B" + }, + { + "expr": "histogram_quantile(\n 0.99,\n sum by (le)(\n rate(\n nginx_ingress_controller_request_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", + "interval": "", + "legendFormat": ".99", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Total request handling time", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "description": "The time spent on receiving the response from the upstream server", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 0 + }, + "hiddenSeries": false, + "id": 94, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(\n 0.5,\n sum by (le)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": ".5", + "refId": "D" + }, + { + "expr": "histogram_quantile(\n 0.95,\n sum by (le)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", + "interval": "", + "legendFormat": ".95", + "refId": "B" + }, + { + "expr": "histogram_quantile(\n 0.99,\n sum by (le)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", + "interval": "", + "legendFormat": ".99", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Upstream response time", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 8 + }, + "hiddenSeries": false, + "id": 93, + "legend": { + "alignAsTable": true, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": " sum by (path)(\n rate(\n nginx_ingress_controller_request_duration_seconds_count{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ path }}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Request volume by Path", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "reqps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "description": "For each path observed, its median upstream response time", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 8 + }, + "hiddenSeries": false, + "id": 98, + "legend": { + "alignAsTable": true, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(\n .5,\n sum by (le, path)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ path }}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Median upstream response time by Path", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "description": "Percentage of 4xx and 5xx responses among all responses.", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 16 + }, + "hiddenSeries": false, + "id": 100, + "legend": { + "alignAsTable": true, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null as zero", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (path) (rate(nginx_ingress_controller_request_duration_seconds_count{\n ingress = \"$ingress\",\n status =~ \"[4-5].*\"\n}[1m])) / sum by (path) (rate(nginx_ingress_controller_request_duration_seconds_count{\n ingress = \"$ingress\",\n}[1m]))", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ path }}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Response error rate by Path", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "description": "For each path observed, the sum of upstream request time", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 16 + }, + "hiddenSeries": false, + "id": 102, + "legend": { + "alignAsTable": true, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (path) (rate(nginx_ingress_controller_response_duration_seconds_sum{ingress = \"$ingress\"}[1m]))", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ path }}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Upstream time consumed by Path", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 24 + }, + "hiddenSeries": false, + "id": 101, + "legend": { + "alignAsTable": true, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": " sum (\n rate(\n nginx_ingress_controller_request_duration_seconds_count{\n ingress =~ \"$ingress\",\n status =~\"[4-5].*\",\n }[1m]\n )\n ) by(path, status)\n", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ path }} {{ status }}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Response error volume by Path", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "reqps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 24 + }, + "hiddenSeries": false, + "id": 99, + "legend": { + "alignAsTable": true, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum (\n rate (\n nginx_ingress_controller_response_size_sum {\n ingress =~ \"$ingress\",\n }[1m]\n )\n) by (path) / sum (\n rate(\n nginx_ingress_controller_response_size_count {\n ingress =~ \"$ingress\",\n }[1m]\n )\n) by (path)\n", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ path }}", + "refId": "D" + }, + { + "expr": " sum (rate(nginx_ingress_controller_response_size_bucket{\n namespace =~ \"$namespace\",\n ingress =~ \"$ingress\",\n }[1m])) by (le)\n", + "hide": true, + "legendFormat": "{{le}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Average response size by Path", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "decbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 32 + }, + "hiddenSeries": false, + "id": 96, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum (\n rate(\n nginx_ingress_controller_ingress_upstream_latency_seconds_sum {\n ingress =~ \"$ingress\",\n }[1m]\n)) / sum (\n rate(\n nginx_ingress_controller_ingress_upstream_latency_seconds_count {\n ingress =~ \"$ingress\",\n }[1m]\n )\n)\n", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "average", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Upstream service latency", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": "30s", + "schemaVersion": 22, + "style": "dark", + "tags": [ + "nginx" + ], + "templating": { + "list": [ + { + "hide": 0, + "label": "datasource", + "name": "DS_PROMETHEUS", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": ".*", + "current": {}, + "datasource": "${DS_PROMETHEUS}", + "definition": "label_values(nginx_ingress_controller_requests, ingress) ", + "hide": 0, + "includeAll": true, + "label": "Service Ingress", + "multi": false, + "name": "ingress", + "options": [], + "query": "label_values(nginx_ingress_controller_requests, ingress) ", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 2, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-15m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "2m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "NGINX / Request Handling Performance", + "uid": "4GFbkOsZk", + "version": 1 + } diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/cluster/rancher-cluster-nodes.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/cluster/rancher-cluster-nodes.json new file mode 100755 index 000000000..b8c1ab7e6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/cluster/rancher-cluster-nodes.json @@ -0,0 +1,776 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 28, + "links": [], + "panels": [ + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode=\"idle\"}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load[5m] ({{instance}})" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_load5 OR avg_over_time(windows_system_processor_queue_length[5m])) by (instance)", + "interval": "", + "legendFormat": "Load[5m] ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(node_load1 OR avg_over_time(windows_system_processor_queue_length[1m])) by (instance)", + "interval": "", + "legendFormat": "Load[1m] ({{instance}})", + "refId": "B" + }, + { + "expr": "sum(node_load15 OR avg_over_time(windows_system_processor_queue_length[15m])) by (instance)", + "interval": "", + "legendFormat": "Load[15m] ({{instance}})", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Load Average", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - sum(node_memory_MemAvailable_bytes OR windows_os_physical_memory_free_bytes) by (instance) / sum(node_memory_MemTotal_bytes OR windows_cs_physical_memory_bytes) by (instance) ", + "interval": "", + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"} OR windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) by (instance) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"} OR windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) by (instance))", + "interval": "", + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_disk_read_bytes_total[$__rate_interval]) OR rate(windows_logical_disk_read_bytes_total[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Read ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(rate(node_disk_written_bytes_total[$__rate_interval]) OR rate(windows_logical_disk_write_bytes_total[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Write ({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_network_receive_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_received_errors{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Receive Errors ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(rate(node_network_receive_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_received_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Receive Total ({{instance}})", + "refId": "B" + }, + { + "expr": "sum(rate(node_network_transmit_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_outbound_errors{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Transmit Errors ({{instance}})", + "refId": "C" + }, + { + "expr": "sum(rate(node_network_receive_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_received_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Receive Dropped ({{instance}})", + "refId": "D" + }, + { + "expr": "sum(rate(node_network_transmit_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_outbound_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Transmit Dropped ({{instance}})", + "refId": "E" + }, + { + "expr": "sum(rate(node_network_transmit_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Transmit Total ({{instance}})", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 14 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_network_transmit_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]) OR rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Transmit Total ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(rate(node_network_receive_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]) OR rate(windows_net_packets_received_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Receive Total ({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Cluster (Nodes)", + "uid": "rancher-cluster-nodes-1", + "version": 3 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/cluster/rancher-cluster.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/cluster/rancher-cluster.json new file mode 100755 index 000000000..29cc91675 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/cluster/rancher-cluster.json @@ -0,0 +1,759 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 28, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode=\"idle\"}[$__rate_interval]))", + "legendFormat": "Total", + "interval": "", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load[5m]" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_load5 OR avg_over_time(windows_system_processor_queue_length[5m]))", + "interval": "", + "legendFormat": "Load[5m]", + "refId": "A" + }, + { + "expr": "sum(node_load1 OR avg_over_time(windows_system_processor_queue_length[1m]))", + "interval": "", + "legendFormat": "Load[1m]", + "refId": "B" + }, + { + "expr": "sum(node_load15 OR avg_over_time(windows_system_processor_queue_length[15m]))", + "interval": "", + "legendFormat": "Load[15m]", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Load Average", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - sum(node_memory_MemAvailable_bytes OR windows_os_physical_memory_free_bytes) / sum(node_memory_MemTotal_bytes OR windows_cs_physical_memory_bytes)", + "legendFormat": "Total", + "interval": "", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"} OR windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"} OR windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}))", + "legendFormat": "Total", + "interval": "", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_disk_read_bytes_total[$__rate_interval]) OR rate(windows_logical_disk_read_bytes_total[$__rate_interval]))", + "interval": "", + "legendFormat": "Read", + "refId": "A" + }, + { + "expr": "sum(rate(node_disk_written_bytes_total[$__rate_interval]) OR rate(windows_logical_disk_write_bytes_total[$__rate_interval]))", + "interval": "", + "legendFormat": "Write", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(rate(node_network_receive_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_errors{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Receive Errors", + "refId": "A" + }, + { + "expr": "(sum(rate(node_network_receive_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Receive Total", + "refId": "B" + }, + { + "expr": "(sum(rate(node_network_transmit_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_outbound_errors{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Transmit Errors", + "refId": "C" + }, + { + "expr": "(sum(rate(node_network_receive_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Receive Dropped", + "refId": "D" + }, + { + "expr": "(sum(rate(node_network_transmit_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_outbound_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Transmit Dropped", + "refId": "E" + }, + { + "expr": "(sum(rate(node_network_transmit_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Transmit Total", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 14 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_network_transmit_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]) OR rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit Total", + "refId": "A" + }, + { + "expr": "sum(rate(node_network_receive_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]) OR rate(windows_net_packets_received_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive Total", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Cluster", + "uid": "rancher-cluster-1", + "version": 3 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/etcd/etcd-metrics-detail.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/etcd/etcd-metrics-detail.json new file mode 100755 index 000000000..fbe71108e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/etcd/etcd-metrics-detail.json @@ -0,0 +1,662 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 32, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_network_client_grpc_received_bytes_total{job=\"kube-etcd\"}[5m])) by (instance)", + "interval": "", + "legendFormat": "Client traffic in({{instance}})", + "refId": "A" + }, + { + "expr": "sum(rate(etcd_network_client_grpc_sent_bytes_total{job=\"kube-etcd\"}[5m])) by (instance)", + "interval": "", + "legendFormat": "Client traffic out({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "GRPC Client Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "Kbits", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load5({{instance}})" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(etcd_debugging_mvcc_db_total_size_in_bytes) by (instance)", + "interval": "", + "legendFormat": "DB size({{instance}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "DB Size", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(grpc_server_started_total{grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) by (instance) - sum(grpc_server_handled_total{grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) by (instance)", + "interval": "", + "legendFormat": "Watch streams({{instance}})", + "refId": "A" + }, + { + "expr": "sum(grpc_server_started_total{grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) by (instance) - sum(grpc_server_handled_total{grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) by (instance)", + "interval": "", + "legendFormat": "Lease watch stream({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Active Streams", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_server_proposals_committed_total[5m])) by (instance)", + "interval": "", + "legendFormat": "Proposal commit rate({{instance}})", + "refId": "A" + }, + { + "expr": "sum(rate(etcd_server_proposals_applied_total[5m])) by (instance)", + "interval": "", + "legendFormat": "Proposal applied({{instance}})", + "refId": "B" + }, + { + "expr": "sum(rate(etcd_server_proposals_failed_total[5m])) by (instance)", + "interval": "", + "legendFormat": "Proposal failed({{instance}})", + "refId": "C" + }, + { + "expr": "sum(etcd_server_proposals_pending) by (instance)", + "interval": "", + "legendFormat": "Proposal pending({{instance}})", + "refId": "D" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Raft Proposals", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(grpc_server_started_total{grpc_type=\"unary\"}[5m])) by (instance)", + "interval": "", + "legendFormat": "Rpc rate({{instance}})", + "refId": "A" + }, + { + "expr": "sum(rate(grpc_server_handled_total{grpc_type=\"unary\",grpc_code!=\"OK\"}[5m])) by (instance)", + "interval": "", + "legendFormat": "Rpc failed rate ({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "RPC Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "decimals": null, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_wal_fsync_duration_seconds_bucket[5m])) by (instance, le))", + "interval": "", + "legendFormat": "WAL fsync({{instance}})", + "refId": "A" + }, + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_backend_commit_duration_seconds_bucket[5m])) by (instance, le))", + "interval": "", + "legendFormat": "DB fsync({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Sync Duration", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 2, + "format": "ms", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Etcd Metrics Detail", + "uid": "rancher-etcd-detail-1", + "version": 5 + } \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/etcd/etcd-metrics-summary.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/etcd/etcd-metrics-summary.json new file mode 100755 index 000000000..7ff64ee5f --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/etcd/etcd-metrics-summary.json @@ -0,0 +1,662 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 33, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_network_client_grpc_received_bytes_total{job=\"kube-etcd\"}[5m]))", + "interval": "", + "legendFormat": "Client traffic in", + "refId": "A" + }, + { + "expr": "sum(rate(etcd_network_client_grpc_sent_bytes_total{job=\"kube-etcd\"}[5m]))", + "interval": "", + "legendFormat": "Client traffic out", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "GRPC Client Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "Kbits", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load5({{instance}})" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(etcd_debugging_mvcc_db_total_size_in_bytes)", + "interval": "", + "legendFormat": "DB size", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "DB Size", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(grpc_server_started_total{grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"})", + "interval": "", + "legendFormat": "Watch streams", + "refId": "A" + }, + { + "expr": "sum(grpc_server_started_total{grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"})", + "interval": "", + "legendFormat": "Lease watch stream", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Active Streams", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_server_proposals_committed_total[5m]))", + "interval": "", + "legendFormat": "Proposal commit rate", + "refId": "A" + }, + { + "expr": "sum(rate(etcd_server_proposals_applied_total[5m]))", + "interval": "", + "legendFormat": "Proposal applied", + "refId": "B" + }, + { + "expr": "sum(rate(etcd_server_proposals_failed_total[5m]))", + "interval": "", + "legendFormat": "Proposal failed", + "refId": "C" + }, + { + "expr": "sum(etcd_server_proposals_pending)", + "interval": "", + "legendFormat": "Proposal pending", + "refId": "D" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Raft Proposals", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(grpc_server_started_total{grpc_type=\"unary\"}[5m]))", + "interval": "", + "legendFormat": "Rpc rate", + "refId": "A" + }, + { + "expr": "sum(rate(grpc_server_handled_total{grpc_type=\"unary\",grpc_code!=\"OK\"}[5m]))", + "interval": "", + "legendFormat": "Rpc failed rate", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "RPC Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "decimals": null, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_wal_fsync_duration_seconds_bucket[5m])) by (instance, le))", + "interval": "", + "legendFormat": "WAL fsync", + "refId": "A" + }, + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_backend_commit_duration_seconds_bucket[5m])) by (instance, le))", + "interval": "", + "legendFormat": "DB fsync", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Sync Duration", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 2, + "format": "ms", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Etcd Metrics Summary", + "uid": "rancher-etcd-summary-1", + "version": 4 + } \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/home/rancher-default-home-with-windows.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/home/rancher-default-home-with-windows.json new file mode 100755 index 000000000..4ff6e4e54 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/home/rancher-default-home-with-windows.json @@ -0,0 +1,1275 @@ +{ + "annotations": { + "list": [ + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "id": null, + "links": [], + "panels": [ + { + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 1, + "title": "", + "type": "welcome" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 8, + "x": 0, + "y": 4 + }, + "height": "180px", + "id": 6, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(1 - avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode=\"idle\"}[5m]))) * 100", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "65, 90", + "title": "CPU usage (5m avg)", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 8, + "x": 8, + "y": 4 + }, + "height": "180px", + "id": 4, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(1 - sum({__name__=~\"node_memory_MemAvailable_bytes|windows_os_physical_memory_free_bytes\"}) / sum({__name__=~\"node_memory_MemTotal_bytes|windows_cs_physical_memory_bytes\"})) * 100", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "65, 90", + "title": "Memory usage", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 8, + "x": 16, + "y": 4 + }, + "height": "180px", + "id": 7, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(1 - ((sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) + (sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0))) / (sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) + (sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0))))) * 100", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "", + "metric": "", + "refId": "A", + "step": 10 + } + ], + "thresholds": "65, 90", + "title": "Filesystem usage", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 0, + "y": 9 + }, + "height": "1px", + "id": 11, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": " cores", + "postfixFontSize": "30%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(1 - (avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode=\"idle\"}[5m])))) * sum(kube_node_status_allocatable_cpu_cores{})", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Used", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 4, + "y": 9 + }, + "height": "1px", + "id": 12, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": " cores", + "postfixFontSize": "30%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum (kube_node_status_allocatable_cpu_cores{})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Total", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 8, + "y": 9 + }, + "height": "1px", + "id": 9, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "20%", + "prefix": "", + "prefixFontSize": "20%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum({__name__=~\"node_memory_MemTotal_bytes|windows_cs_physical_memory_bytes\"}) - sum({__name__=~\"node_memory_MemAvailable_bytes|windows_os_physical_memory_free_bytes\"})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Used", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 12, + "y": 9 + }, + "height": "1px", + "id": 10, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum (kube_node_status_allocatable_memory_bytes{})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Total", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 16, + "y": 9 + }, + "height": "1px", + "id": 13, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) - sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) + (sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) - sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0))", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Used", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 20, + "y": 9 + }, + "height": "1px", + "id": 14, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) + (sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0))", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Total", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 8, + "x": 0, + "y": 12 + }, + "hiddenSeries": false, + "id": 2051, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1- (avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode=\"idle\"}[5m])))", + "format": "time_series", + "hide": false, + "instant": false, + "intervalFactor": 1, + "legendFormat": "Cluster", + "refId": "A" + }, + { + "expr": "1- (avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode=\"idle\"}[5m])) by (instance))", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{ node }}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU usage (5m avg)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percentunit", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 8, + "x": 8, + "y": 12 + }, + "hiddenSeries": false, + "id": 2052, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "100 * (1 - sum({__name__=~\"node_memory_MemAvailable_bytes|windows_os_physical_memory_free_bytes\"}) / sum({__name__=~\"node_memory_MemTotal_bytes|windows_cs_physical_memory_bytes\"}))", + "format": "time_series", + "hide": false, + "instant": false, + "intervalFactor": 1, + "legendFormat": "Cluster", + "refId": "A" + }, + { + "expr": "100 * (1- sum({__name__=~\"node_memory_MemAvailable_bytes|windows_os_physical_memory_free_bytes\"}) by (instance) / sum({__name__=~\"node_memory_MemTotal_bytes|windows_cs_physical_memory_bytes\"}) by (instance))", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{ node }}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percent", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 8, + "x": 16, + "y": 12 + }, + "hiddenSeries": false, + "id": 2053, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "((sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) + (sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"} OR on() vector(0)))) / (sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) + (sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0)))) * 100", + "legendFormat": "Cluster", + "refId": "A" + }, + { + "expr": "((sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) by (instance)) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) by (instance)) * 100", + "hide": false, + "legendFormat": "{{ instance }}", + "refId": "B" + }, + { + "expr": "((sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) by (instance)) / sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) by (instance)) * 100", + "hide": false, + "legendFormat": "{{ instance }}", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Filesystem usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "percent", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "folderId": 0, + "gridPos": { + "h": 15, + "w": 12, + "x": 0, + "y": 18 + }, + "headings": true, + "id": 3, + "limit": 30, + "links": [], + "query": "", + "recent": true, + "search": true, + "starred": false, + "tags": [], + "title": "Dashboards", + "type": "dashlist" + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 18 + }, + "id": 2055, + "options": { + "content": "## About Rancher Monitoring\n\nRancher Monitoring is a Helm chart developed by Rancher that is powered by [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator). It is based on the upstream [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) Helm chart maintained by the Prometheus community.\n\nBy default, the chart deploys Grafana alongside a set of Grafana dashboards curated by the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) project.\n\nFor more information on how Rancher Monitoring differs from [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack), please view the CHANGELOG.md of the rancher-monitoring chart located in the [rancher/charts](https://github.com/rancher/charts) repository.\n\nFor more information about how to configure Rancher Monitoring, please view the [Rancher docs](https://rancher.com/docs/rancher/v2.x/en/).\n\n", + "mode": "markdown" + }, + "pluginVersion": "7.1.0", + "timeFrom": null, + "timeShift": null, + "title": "", + "type": "text" + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": { + "hidden": true, + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ], + "type": "timepicker" + }, + "timezone": "browser", + "title": "Home", + "uid": "rancher-home-1", + "version": 5 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/home/rancher-default-home.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/home/rancher-default-home.json new file mode 100755 index 000000000..86829f012 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/home/rancher-default-home.json @@ -0,0 +1,1273 @@ +{ + "annotations": { + "list": [] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "id": null, + "links": [], + "panels": [ + { + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 1, + "title": "", + "type": "welcome" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 8, + "x": 0, + "y": 4 + }, + "height": "180px", + "id": 6, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(1 - (avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode=\"idle\"}[5m])))) * 100", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "65, 90", + "title": "CPU Utilization", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 8, + "x": 8, + "y": 4 + }, + "height": "180px", + "id": 4, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(1 - sum({__name__=~\"node_memory_MemAvailable_bytes|windows_os_physical_memory_free_bytes\"}) / sum({__name__=~\"node_memory_MemTotal_bytes|windows_cs_physical_memory_bytes\"})) * 100", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "65, 90", + "title": "Memory Utilization", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 8, + "x": 16, + "y": 4 + }, + "height": "180px", + "id": 7, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "1 - (((sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) OR on() vector(0)) + (sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0))) / ((sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) OR on() vector(0)) + (sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0))))", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "metric": "", + "refId": "A", + "step": 10 + } + ], + "thresholds": "65, 90", + "title": "Disk Utilization", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 0, + "y": 9 + }, + "height": "1px", + "id": 11, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": " cores", + "postfixFontSize": "30%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode!=\"idle\"}[5m]))", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "CPU Used", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 4, + "y": 9 + }, + "height": "1px", + "id": 12, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": " cores", + "postfixFontSize": "30%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kube_node_status_allocatable_cpu_cores{})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "CPU Total", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 8, + "y": 9 + }, + "height": "1px", + "id": 9, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "20%", + "prefix": "", + "prefixFontSize": "20%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum({__name__=~\"node_memory_MemTotal_bytes|windows_cs_physical_memory_bytes\"}) - sum({__name__=~\"node_memory_MemAvailable_bytes|windows_os_physical_memory_free_bytes\"})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Memory Used", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 12, + "y": 9 + }, + "height": "1px", + "id": 10, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum (kube_node_status_allocatable_memory_bytes{})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Memory Total", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 16, + "y": 9 + }, + "height": "1px", + "id": 13, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) - sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) OR on() vector(0)) + (sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) - sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0))", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Disk Used", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 20, + "y": 9 + }, + "height": "1px", + "id": 14, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) OR on() vector(0)) + (sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0))", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Disk Total", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 8, + "x": 0, + "y": 12 + }, + "hiddenSeries": false, + "id": 2051, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode=\"idle\"}[$__rate_interval])))", + "format": "time_series", + "hide": false, + "instant": false, + "intervalFactor": 1, + "legendFormat": "Cluster", + "refId": "A" + }, + { + "expr": "1 - avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\", mode=\"idle\"}[$__rate_interval])) by (instance)", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{ instance }}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percentunit", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 8, + "x": 8, + "y": 12 + }, + "hiddenSeries": false, + "id": 2052, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "100 * (1 - sum({__name__=~\"node_memory_MemAvailable_bytes|windows_os_physical_memory_free_bytes\"}) / sum({__name__=~\"node_memory_MemTotal_bytes|windows_cs_physical_memory_bytes\"}))", + "format": "time_series", + "hide": false, + "instant": false, + "intervalFactor": 1, + "legendFormat": "Cluster", + "refId": "A" + }, + { + "expr": "100 * (1- sum({__name__=~\"node_memory_MemAvailable_bytes|windows_os_physical_memory_free_bytes\"}) by (instance) / sum({__name__=~\"node_memory_MemTotal_bytes|windows_cs_physical_memory_bytes\"}) by (instance))", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{ instance }}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percent", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 8, + "x": 16, + "y": 12 + }, + "hiddenSeries": false, + "id": 2053, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(1 - ((sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) OR on() vector(0)) + (sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"} OR on() vector(0)))) / ((sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) OR on() vector(0)) + (sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0)))) * 100", + "legendFormat": "Cluster", + "refId": "A" + }, + { + "expr": "(1 - (sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) by (instance)) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) by (instance)) * 100", + "hide": false, + "legendFormat": "{{ instance }}", + "refId": "B" + }, + { + "expr": "(1 - (sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) by (instance)) / sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) by (instance)) * 100", + "hide": false, + "legendFormat": "{{ instance }}", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "percent", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "folderId": 0, + "gridPos": { + "h": 15, + "w": 12, + "x": 0, + "y": 18 + }, + "headings": true, + "id": 3, + "limit": 30, + "links": [], + "query": "", + "recent": true, + "search": true, + "starred": false, + "tags": [], + "title": "Dashboards", + "type": "dashlist" + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 18 + }, + "id": 2055, + "options": { + "content": "## About Rancher Monitoring\n\nRancher Monitoring is a Helm chart developed by Rancher that is powered by [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator). It is based on the upstream [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) Helm chart maintained by the Prometheus community.\n\nBy default, the chart deploys Grafana alongside a set of Grafana dashboards curated by the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) project.\n\nFor more information on how Rancher Monitoring differs from [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack), please view the CHANGELOG.md of the rancher-monitoring chart located in the [rancher/charts](https://github.com/rancher/charts) repository.\n\nFor more information about how to configure Rancher Monitoring, please view the [Rancher docs](https://rancher.com/docs/rancher/v2.x/en/).\n\n", + "mode": "markdown" + }, + "pluginVersion": "7.1.0", + "timeFrom": null, + "timeShift": null, + "title": "", + "type": "text" + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "hidden": true, + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ], + "type": "timepicker" + }, + "timezone": "browser", + "title": "Home", + "uid": "rancher-home-1", + "version": 5 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/kubernetes-components-metrics-detail.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/kubernetes-components-metrics-detail.json new file mode 100755 index 000000000..81f1618a7 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/kubernetes-components-metrics-detail.json @@ -0,0 +1,508 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 30, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(apiserver_request_total[5m])) by (instance, code)", + "interval": "", + "legendFormat": "{{code}}({{instance}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "API Server Request Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load5({{instance}})" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"deployment\"}) by (instance, name)", + "interval": "", + "legendFormat": "Deployment depth({{instance}})", + "refId": "A" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"volumes\"}) by (instance, name)", + "interval": "", + "legendFormat": "Volumes depth({{instance}})", + "refId": "B" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"replicaset\"}) by (instance, name)", + "interval": "", + "legendFormat": "Replicaset depth({{instance}})", + "refId": "C" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"service\"}) by (instance, name)", + "interval": "", + "legendFormat": "Service depth({{instance}})", + "refId": "D" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"serviceaccount\"}) by (instance, name)", + "interval": "", + "legendFormat": "Serviceaccount depth({{instance}})", + "refId": "E" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"endpoint\"}) by (instance, name)", + "interval": "", + "legendFormat": "Endpoint depth({{instance}})", + "refId": "F" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"daemonset\"}) by (instance, name)", + "interval": "", + "legendFormat": "Daemonset depth({{instance}})", + "refId": "G" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"deployment\"}) by (instance, name)", + "interval": "", + "legendFormat": "Deployment depth({{instance}})", + "refId": "H" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"statefulset\"}) by (instance, name)", + "interval": "", + "legendFormat": "Statefulset depth({{instance}})", + "refId": "I" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"replicationmanager\"}) by (instance, name)", + "interval": "", + "legendFormat": "ReplicationManager depth({{instance}})", + "refId": "J" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Controller Manager Queue Depth", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_pod_status_scheduled{condition=\"false\"})", + "interval": "", + "legendFormat": "Scheduling failed pods", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Scheduling Failed Pods", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"reading\"}) by (instance)", + "interval": "", + "legendFormat": "Reading({{instance}})", + "refId": "A" + }, + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"waiting\"}) by (instance)", + "interval": "", + "legendFormat": "Waiting({{instance}})", + "refId": "B" + }, + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"writing\"}) by (instance)", + "interval": "", + "legendFormat": "Writing({{instance}})", + "refId": "C" + }, + { + "expr": "sum(ceil(increase(nginx_ingress_controller_nginx_process_connections_total{state=\"accepted\"}[5m]))) by (instance)", + "interval": "", + "legendFormat": "Accepted({{instance}})", + "refId": "D" + }, + { + "expr": "sum(ceil(increase(nginx_ingress_controller_nginx_process_connections_total{state=\"handled\"}[5m]))) by (instance)", + "interval": "", + "legendFormat": "Handled({{instance}})", + "refId": "E" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Ingress Controller Connections", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Kubernetes Components Metrics Detail", + "uid": "rancher-k8s-detail-1", + "version": 5 + } \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/kubernetes-components-metrics-summary.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/kubernetes-components-metrics-summary.json new file mode 100755 index 000000000..937341b48 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/kubernetes-components-metrics-summary.json @@ -0,0 +1,508 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 31, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(apiserver_request_total[5m])) by (instance)", + "interval": "", + "legendFormat": "{{code}}({{instance}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "API Server Request Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load5({{instance}})" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"deployment\"}) by (name)", + "interval": "", + "legendFormat": "Deployment depth", + "refId": "A" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"volumes\"}) by (name)", + "interval": "", + "legendFormat": "Volumes depth", + "refId": "B" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"replicaset\"}) by (name)", + "interval": "", + "legendFormat": "Replicaset depth", + "refId": "C" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"service\"}) by (name)", + "interval": "", + "legendFormat": "Service depth", + "refId": "D" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"serviceaccount\"}) by (name)", + "interval": "", + "legendFormat": "Serviceaccount depth", + "refId": "E" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"endpoint\"}) by (name)", + "interval": "", + "legendFormat": "Endpoint depth", + "refId": "F" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"daemonset\"}) by (name)", + "interval": "", + "legendFormat": "Daemonset depth", + "refId": "G" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"deployment\"}) by (name)", + "interval": "", + "legendFormat": "Deployment depth", + "refId": "H" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"statefulset\"}) by (name)", + "interval": "", + "legendFormat": "Statefulset depth", + "refId": "I" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"replicationmanager\"}) by (name)", + "interval": "", + "legendFormat": "ReplicationManager depth({{instance}})", + "refId": "J" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Controller Manager Queue Depth", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_pod_status_scheduled{condition=\"false\"})", + "interval": "", + "legendFormat": "Scheduling failed pods", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Scheduling Failed Pods", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"reading\"})", + "interval": "", + "legendFormat": "Reading", + "refId": "A" + }, + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"waiting\"})", + "interval": "", + "legendFormat": "Waiting", + "refId": "B" + }, + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"writing\"})", + "interval": "", + "legendFormat": "Writing", + "refId": "C" + }, + { + "expr": "sum(ceil(increase(nginx_ingress_controller_nginx_process_connections_total{state=\"accepted\"}[5m])))", + "interval": "", + "legendFormat": "Accepted", + "refId": "D" + }, + { + "expr": "sum(ceil(increase(nginx_ingress_controller_nginx_process_connections_total{state=\"handled\"}[5m])))", + "interval": "", + "legendFormat": "Handled", + "refId": "E" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Ingress Controller Connections", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Kubernetes Components Metrics Summary", + "uid": "rancher-k8s-summary-1", + "version": 5 + } \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-etcd-nodes.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-etcd-nodes.json new file mode 100755 index 000000000..cdbc2c056 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-etcd-nodes.json @@ -0,0 +1,670 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 32, + "links": [], + "panels": [ + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_network_client_grpc_received_bytes_total{job=\"kube-etcd\"}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Client Traffic In ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(rate(etcd_network_client_grpc_sent_bytes_total{job=\"kube-etcd\"}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Client Traffic Out ({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "GRPC Client Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "Kbits", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load[5m]({{instance}})" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(etcd_debugging_mvcc_db_total_size_in_bytes) by (instance)", + "interval": "", + "legendFormat": "DB Size ({{instance}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "DB Size", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(grpc_server_started_total{grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) by (instance) - sum(grpc_server_handled_total{grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) by (instance)", + "interval": "", + "legendFormat": "Watch Streams ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(grpc_server_started_total{grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) by (instance) - sum(grpc_server_handled_total{grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) by (instance)", + "interval": "", + "legendFormat": "Lease Watch Stream ({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Active Streams", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_server_proposals_committed_total[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Proposal Committed ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(rate(etcd_server_proposals_applied_total[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Proposal Applied ({{instance}})", + "refId": "B" + }, + { + "expr": "sum(rate(etcd_server_proposals_failed_total[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Proposal Failed ({{instance}})", + "refId": "C" + }, + { + "expr": "sum(etcd_server_proposals_pending) by (instance)", + "interval": "", + "legendFormat": "Proposal Pending ({{instance}})", + "refId": "D" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Raft Proposals", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(grpc_server_started_total{grpc_type=\"unary\"}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "RPC Rate ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(rate(grpc_server_handled_total{grpc_type=\"unary\",grpc_code!=\"OK\"}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "RPC Failure Rate ({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "RPC Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "decimals": null, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_wal_fsync_duration_seconds_bucket[$__rate_interval])) by (instance, le))", + "interval": "", + "legendFormat": "WAL fsync ({{instance}})", + "refId": "A" + }, + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_backend_commit_duration_seconds_bucket[$__rate_interval])) by (instance, le))", + "interval": "", + "legendFormat": "DB fsync ({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Sync Duration", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 2, + "format": "ms", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / etcd (Nodes)", + "uid": "rancher-etcd-nodes-1", + "version": 5 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-etcd.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-etcd.json new file mode 100755 index 000000000..3610956db --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-etcd.json @@ -0,0 +1,652 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 33, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_network_client_grpc_received_bytes_total{job=\"kube-etcd\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Client Traffic In", + "refId": "A" + }, + { + "expr": "sum(rate(etcd_network_client_grpc_sent_bytes_total{job=\"kube-etcd\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Client Traffic Out", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "GRPC Client Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "Kbits", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(etcd_debugging_mvcc_db_total_size_in_bytes)", + "interval": "", + "legendFormat": "DB Size", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "DB Size", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(grpc_server_started_total{grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"})", + "interval": "", + "legendFormat": "Watch Streams", + "refId": "A" + }, + { + "expr": "sum(grpc_server_started_total{grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"})", + "interval": "", + "legendFormat": "Lease Watch Stream", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Active Streams", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_server_proposals_committed_total[$__rate_interval]))", + "interval": "", + "legendFormat": "Proposal Committed", + "refId": "A" + }, + { + "expr": "sum(rate(etcd_server_proposals_applied_total[$__rate_interval]))", + "interval": "", + "legendFormat": "Proposal Applied", + "refId": "B" + }, + { + "expr": "sum(rate(etcd_server_proposals_failed_total[$__rate_interval]))", + "interval": "", + "legendFormat": "Proposal Failed", + "refId": "C" + }, + { + "expr": "sum(etcd_server_proposals_pending)", + "interval": "", + "legendFormat": "Proposal Pending", + "refId": "D" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Raft Proposals", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(grpc_server_started_total{grpc_type=\"unary\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "RPC Rate", + "refId": "A" + }, + { + "expr": "sum(rate(grpc_server_handled_total{grpc_type=\"unary\",grpc_code!=\"OK\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "RPC Failure Rate", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "RPC Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "decimals": null, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_wal_fsync_duration_seconds_bucket[$__rate_interval])) by (instance, le))", + "interval": "", + "legendFormat": "WAL fsync", + "refId": "A" + }, + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_backend_commit_duration_seconds_bucket[$__rate_interval])) by (instance, le))", + "interval": "", + "legendFormat": "DB fsync", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Sync Duration", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 2, + "format": "ms", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / etcd", + "uid": "rancher-etcd-1", + "version": 4 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-k8s-components-nodes.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-k8s-components-nodes.json new file mode 100755 index 000000000..9de59be49 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-k8s-components-nodes.json @@ -0,0 +1,510 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 30, + "links": [], + "panels": [ + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(apiserver_request_total[$__rate_interval])) by (instance, code)", + "interval": "", + "legendFormat": "{{code}}({{instance}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "API Server Request Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load[5m]({{instance}})" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"deployment\"}) by (instance, name)", + "interval": "", + "legendFormat": "Deployment Depth ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"volumes\"}) by (instance, name)", + "interval": "", + "legendFormat": "Volumes Depth ({{instance}})", + "refId": "B" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"replicaset\"}) by (instance, name)", + "interval": "", + "legendFormat": "ReplicaSet Depth ({{instance}})", + "refId": "C" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"service\"}) by (instance, name)", + "interval": "", + "legendFormat": "Service Depth ({{instance}})", + "refId": "D" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"serviceaccount\"}) by (instance, name)", + "interval": "", + "legendFormat": "ServiceAccount Depth ({{instance}})", + "refId": "E" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"endpoint\"}) by (instance, name)", + "interval": "", + "legendFormat": "Endpoint Depth ({{instance}})", + "refId": "F" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"daemonset\"}) by (instance, name)", + "interval": "", + "legendFormat": "DaemonSet Depth ({{instance}})", + "refId": "G" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"statefulset\"}) by (instance, name)", + "interval": "", + "legendFormat": "StatefulSet Depth ({{instance}})", + "refId": "H" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"replicationmanager\"}) by (instance, name)", + "interval": "", + "legendFormat": "ReplicationManager Depth ({{instance}})", + "refId": "I" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Controller Manager Queue Depth", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_pod_status_scheduled{condition=\"false\"})", + "interval": "", + "legendFormat": "Failed To Schedule", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Pod Scheduling Status", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"reading\"}) by (instance)", + "interval": "", + "legendFormat": "Reading ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"waiting\"}) by (instance)", + "interval": "", + "legendFormat": "Waiting ({{instance}})", + "refId": "B" + }, + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"writing\"}) by (instance)", + "interval": "", + "legendFormat": "Writing ({{instance}})", + "refId": "C" + }, + { + "expr": "sum(ceil(increase(nginx_ingress_controller_nginx_process_connections_total{state=\"accepted\"}[$__rate_interval]))) by (instance)", + "interval": "", + "legendFormat": "Accepted ({{instance}})", + "refId": "D" + }, + { + "expr": "sum(ceil(increase(nginx_ingress_controller_nginx_process_connections_total{state=\"handled\"}[$__rate_interval]))) by (instance)", + "interval": "", + "legendFormat": "Handled ({{instance}})", + "refId": "E" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Ingress Controller Connections", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Kubernetes Components (Nodes)", + "uid": "rancher-k8s-components-nodes-1", + "version": 5 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-k8s-components.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-k8s-components.json new file mode 100755 index 000000000..ddb0caca5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-k8s-components.json @@ -0,0 +1,502 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 31, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(apiserver_request_total[$__rate_interval])) by (code)", + "interval": "", + "legendFormat": "{{code}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "API Server Request Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load[5m]({{instance}})" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"deployment\"}) by (name)", + "interval": "", + "legendFormat": "Deployment Depth", + "refId": "A" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"volumes\"}) by (name)", + "interval": "", + "legendFormat": "Volumes Depth", + "refId": "B" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"replicaset\"}) by (name)", + "interval": "", + "legendFormat": "Replicaset Depth", + "refId": "C" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"service\"}) by (name)", + "interval": "", + "legendFormat": "Service Depth", + "refId": "D" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"serviceaccount\"}) by (name)", + "interval": "", + "legendFormat": "ServiceAccount Depth", + "refId": "E" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"endpoint\"}) by (name)", + "interval": "", + "legendFormat": "Endpoint Depth", + "refId": "F" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"daemonset\"}) by (name)", + "interval": "", + "legendFormat": "DaemonSet Depth", + "refId": "G" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"statefulset\"}) by (name)", + "interval": "", + "legendFormat": "StatefulSet Depth", + "refId": "H" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"replicationmanager\"}) by (name)", + "interval": "", + "legendFormat": "ReplicationManager Depth", + "refId": "I" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Controller Manager Queue Depth", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_pod_status_scheduled{condition=\"false\"})", + "interval": "", + "legendFormat": "Failed To Schedule", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Pod Scheduling Status", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"reading\"})", + "interval": "", + "legendFormat": "Reading", + "refId": "A" + }, + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"waiting\"})", + "interval": "", + "legendFormat": "Waiting", + "refId": "B" + }, + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"writing\"})", + "interval": "", + "legendFormat": "Writing", + "refId": "C" + }, + { + "expr": "sum(ceil(increase(nginx_ingress_controller_nginx_process_connections_total{state=\"accepted\"}[$__rate_interval])))", + "interval": "", + "legendFormat": "Accepted", + "refId": "D" + }, + { + "expr": "sum(ceil(increase(nginx_ingress_controller_nginx_process_connections_total{state=\"handled\"}[$__rate_interval])))", + "interval": "", + "legendFormat": "Handled", + "refId": "E" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Ingress Controller Connections", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Kubernetes Components", + "uid": "rancher-k8s-components-1", + "version": 5 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/linux/linux-metrics-detail.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/linux/linux-metrics-detail.json new file mode 100755 index 000000000..04c88d71c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/linux/linux-metrics-detail.json @@ -0,0 +1,768 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 28, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (avg(irate(node_cpu_seconds_total{mode=\"idle\"}[$__rate_interval])) by (instance))", + "interval": "", + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load5({{instance}})" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_load5) by (instance)", + "interval": "", + "legendFormat": "Load5({{instance}})", + "refId": "A" + }, + { + "expr": "sum(node_load1) by (instance)", + "interval": "", + "legendFormat": "Load1({{instance}})", + "refId": "B" + }, + { + "expr": "sum(node_load15) by (instance)", + "interval": "", + "legendFormat": "Load15({{instance}})", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Load Average", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - sum(node_memory_MemAvailable_bytes) by (instance) / sum(node_memory_MemTotal_bytes) by (instance)", + "interval": "", + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) by (instance) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) by (instance))", + "interval": "", + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(node_disk_read_bytes_total[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Read({{instance}})", + "refId": "A" + }, + { + "expr": "sum(irate(node_disk_written_bytes_total[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Write({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(node_network_receive_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Receive errors({{instance}})", + "refId": "A" + }, + { + "expr": "sum(irate(node_network_receive_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Receive packets({{instance}})", + "refId": "B" + }, + { + "expr": "sum(irate(node_network_transmit_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Transmit errors({{instance}})", + "refId": "C" + }, + { + "expr": "sum(irate(node_network_receive_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Receive dropped({{instance}})", + "refId": "D" + }, + { + "expr": "sum(irate(node_network_transmit_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Transmit dropped({{instance}})", + "refId": "E" + }, + { + "expr": "sum(irate(node_network_transmit_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Transmit packets({{instance}})", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Packets", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 14 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(node_network_transmit_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[5m])) by (instance)", + "interval": "", + "legendFormat": "Transmit({{instance}})", + "refId": "A" + }, + { + "expr": "sum(irate(node_network_receive_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[5m])) by (instance)", + "interval": "", + "legendFormat": "Receive({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Linux / Cluster Metrics Detail", + "uid": "rancher-linux-detail-1", + "version": 3 + } \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/linux/linux-metrics-summary.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/linux/linux-metrics-summary.json new file mode 100755 index 000000000..e314a7a64 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/linux/linux-metrics-summary.json @@ -0,0 +1,768 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 29, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (avg(irate(node_cpu_seconds_total{mode=\"idle\"}[$__rate_interval])))", + "interval": "", + "legendFormat": "CPU usage", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load5({{instance}})" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_load5) by (instance)", + "interval": "", + "legendFormat": "Load5({{instance}})", + "refId": "A" + }, + { + "expr": "sum(node_load1) by (instance)", + "interval": "", + "legendFormat": "Load1({{instance}})", + "refId": "B" + }, + { + "expr": "sum(node_load15) by (instance)", + "interval": "", + "legendFormat": "Load15({{instance}})", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Load Average", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - sum(node_memory_MemAvailable_bytes) / sum(node_memory_MemTotal_bytes)", + "interval": "", + "legendFormat": "Memory usage", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"})", + "interval": "", + "legendFormat": "Disk usage", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(node_disk_read_bytes_total[$__rate_interval]))", + "interval": "", + "legendFormat": "Read", + "refId": "A" + }, + { + "expr": "sum(irate(node_disk_written_bytes_total[$__rate_interval]))", + "interval": "", + "legendFormat": "Write", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(node_network_receive_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive errors", + "refId": "A" + }, + { + "expr": "sum(irate(node_network_receive_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive packets", + "refId": "B" + }, + { + "expr": "sum(irate(node_network_transmit_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit errors", + "refId": "C" + }, + { + "expr": "sum(irate(node_network_receive_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive dropped", + "refId": "D" + }, + { + "expr": "sum(irate(node_network_transmit_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit dropped", + "refId": "E" + }, + { + "expr": "sum(irate(node_network_transmit_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit packets", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Packets", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 14 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(node_network_transmit_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit", + "refId": "A" + }, + { + "expr": "sum(irate(node_network_receive_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Linux / Cluster Metrics Summary", + "uid": "rancher-linux-summary-1", + "version": 3 + } \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/nodes/rancher-node-detail.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/nodes/rancher-node-detail.json new file mode 100755 index 000000000..0b57efa2e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/nodes/rancher-node-detail.json @@ -0,0 +1,789 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 28, + "links": [], + "panels": [ + { + "aliasColors": { + "{{mode}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\", instance=\"$instance\"}[$__rate_interval])) by (mode)", + "interval": "", + "legendFormat": "{{mode}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load[5m]" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_load5{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[5m]))", + "interval": "", + "legendFormat": "Load[5m]", + "refId": "A" + }, + { + "expr": "sum(node_load1{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[1m]))", + "interval": "", + "legendFormat": "Load[1m]", + "refId": "B" + }, + { + "expr": "sum(node_load15{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[15m]))", + "interval": "", + "legendFormat": "Load[15m]", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Load Average", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (node_memory_MemAvailable_bytes{instance=~\"$instance\"} OR windows_os_physical_memory_free_bytes{instance=~\"$instance\"}) / (node_memory_MemTotal_bytes{instance=~\"$instance\"} OR windows_cs_physical_memory_bytes{instance=~\"$instance\"})", + "interval": "", + "legendFormat": "Total", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{device}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\", instance=~\"$instance\"} OR windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\", instance=~\"$instance\"}) by (device) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\", instance=~\"$instance\"} OR windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\", instance=~\"$instance\"}) by (device))", + "interval": "", + "legendFormat": "{{device}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{device}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_disk_read_bytes_total{instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_logical_disk_read_bytes_total{instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Read ({{device}})", + "refId": "A" + }, + { + "expr": "sum(rate(node_disk_written_bytes_total{instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_logical_disk_write_bytes_total{instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Write ({{device}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{device}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_network_receive_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_received_errors{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Receive Errors ({{device}})", + "refId": "A" + }, + { + "expr": "sum(rate(node_network_receive_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_received_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Receive Total ({{device}})", + "refId": "B" + }, + { + "expr": "sum(rate(node_network_transmit_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_outbound_errors{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Transmit Errors ({{device}})", + "refId": "C" + }, + { + "expr": "sum(rate(node_network_receive_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_received_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Receive Dropped ({{device}})", + "refId": "D" + }, + { + "expr": "sum(rate(node_network_transmit_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_outbound_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Transmit Dropped ({{device}})", + "refId": "E" + }, + { + "expr": "sum(rate(node_network_transmit_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Transmit Total ({{device}})", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{device}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 14 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_network_transmit_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Transmit Total ({{device}})", + "refId": "A" + }, + { + "expr": "sum(rate(node_network_receive_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_net_packets_received_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Receive Total ({{device}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "instance", + "query": "label_values({__name__=~\"node_exporter_build_info|windows_exporter_build_info\"}, instance)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Node (Detail)", + "uid": "rancher-node-detail-1", + "version": 3 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/nodes/rancher-node.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/nodes/rancher-node.json new file mode 100755 index 000000000..7324c4164 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/nodes/rancher-node.json @@ -0,0 +1,776 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 28, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\", instance=\"$instance\", mode=\"idle\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Total", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load[5m]" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_load5{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[5m]))", + "interval": "", + "legendFormat": "Load[5m]", + "refId": "A" + }, + { + "expr": "sum(node_load1{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[1m]))", + "interval": "", + "legendFormat": "Load[1m]", + "refId": "B" + }, + { + "expr": "sum(node_load15{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[15m]))", + "interval": "", + "legendFormat": "Load[15m]", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Load Average", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - sum(node_memory_MemAvailable_bytes{instance=~\"$instance\"} OR windows_os_physical_memory_free_bytes{instance=~\"$instance\"}) / sum(node_memory_MemTotal_bytes{instance=~\"$instance\"} OR windows_cs_physical_memory_bytes{instance=~\"$instance\"})", + "interval": "", + "legendFormat": "Total", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\", instance=~\"$instance\"} OR windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\", instance=~\"$instance\"}) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\", instance=~\"$instance\"} OR windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\", instance=~\"$instance\"}))", + "interval": "", + "legendFormat": "Total", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_disk_read_bytes_total{instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_logical_disk_read_bytes_total{instance=~\"$instance\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Read", + "refId": "A" + }, + { + "expr": "sum(rate(node_disk_written_bytes_total{instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_logical_disk_write_bytes_total{instance=~\"$instance\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Write", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(rate(node_network_receive_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_errors{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Receive Errors", + "refId": "A" + }, + { + "expr": "(sum(rate(node_network_receive_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Receive Total", + "refId": "B" + }, + { + "expr": "(sum(rate(node_network_transmit_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_outbound_errors{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Transmit Errors", + "refId": "C" + }, + { + "expr": "(sum(rate(node_network_receive_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Receive Dropped", + "refId": "D" + }, + { + "expr": "(sum(rate(node_network_transmit_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_outbound_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Transmit Dropped", + "refId": "E" + }, + { + "expr": "(sum(rate(node_network_transmit_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Transmit Total", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 14 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_network_transmit_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit Total", + "refId": "A" + }, + { + "expr": "sum(rate(node_network_receive_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_net_packets_received_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive Total", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "instance", + "query": "label_values({__name__=~\"node_exporter_build_info|windows_exporter_build_info\"}, instance)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Node", + "uid": "rancher-node-1", + "version": 3 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/pods/rancher-pod-containers.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/pods/rancher-pod-containers.json new file mode 100755 index 000000000..b9e840977 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/pods/rancher-pod-containers.json @@ -0,0 +1,620 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 28, + "iteration": 1618265214337, + "links": [], + "panels": [ + { + "aliasColors": { + "{{container}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(container_cpu_cfs_throttled_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "CFS throttled ({{container}})", + "refId": "A" + }, + { + "expr": "sum(rate(container_cpu_system_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_cpu_usage_seconds_kernelmode{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "System ({{container}})", + "refId": "B" + }, + { + "expr": "sum(rate(container_cpu_usage_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_cpu_usage_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Total ({{container}})", + "refId": "C" + }, + { + "expr": "sum(rate(container_cpu_user_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_cpu_usage_seconds_usermode{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "User ({{container}})", + "refId": "D" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "cpu", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{container}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_memory_working_set_bytes{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"} OR windows_container_memory_usage_commit_bytes{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"}) by (container)", + "interval": "", + "legendFormat": "({{container}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "kbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{container}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(container_network_receive_packets_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_network_receive_packets_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Receive Total ({{container}})", + "refId": "A" + }, + { + "expr": "sum(rate(container_network_transmit_packets_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_network_transmit_packets_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Transmit Total ({{container}})", + "refId": "B" + }, + { + "expr": "sum(rate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_network_receive_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Receive Dropped ({{container}})", + "refId": "C" + }, + { + "expr": "sum(rate(container_network_receive_errors_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Receive Errors ({{container}})", + "refId": "D" + }, + { + "expr": "sum(rate(container_network_transmit_errors_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Transmit Errors ({{container}})", + "refId": "E" + }, + { + "expr": "sum(rate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_network_transmit_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Transmit Dropped ({{container}})", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{container}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(container_network_receive_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_network_receive_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Receive Total ({{container}})", + "refId": "A" + }, + { + "expr": "sum(rate(container_network_transmit_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_network_transmit_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Transmit Total ({{container}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{container}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(container_fs_writes_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Write ({{container}})", + "refId": "A" + }, + { + "expr": "sum(rate(container_fs_reads_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Read ({{container}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": false, + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "query": "label_values({__name__=~\"container_.*|windows_container_.*\", namespace!=\"\"}, namespace)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "pod", + "query": "label_values({__name__=~\"container_.*|windows_container_.*\", namespace=\"$namespace\", pod!=\"\"}, pod)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Pod (Containers)", + "uid": "rancher-pod-containers-1", + "version": 8 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/pods/rancher-pod.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/pods/rancher-pod.json new file mode 100755 index 000000000..65b509243 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/pods/rancher-pod.json @@ -0,0 +1,620 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 28, + "iteration": 1618265214337, + "links": [], + "panels": [ + { + "aliasColors": { + "": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(container_cpu_cfs_throttled_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "CFS throttled", + "refId": "A" + }, + { + "expr": "sum(rate(container_cpu_system_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_cpu_usage_seconds_kernelmode{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "System", + "refId": "B" + }, + { + "expr": "sum(rate(container_cpu_usage_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_cpu_usage_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Total", + "refId": "C" + }, + { + "expr": "sum(rate(container_cpu_user_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_cpu_usage_seconds_usermode{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "User", + "refId": "D" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "cpu", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_memory_working_set_bytes{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"} OR windows_container_memory_usage_commit_bytes{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"})", + "interval": "", + "legendFormat": "Total", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "kbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(container_network_receive_packets_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_network_receive_packets_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive Total", + "refId": "A" + }, + { + "expr": "sum(rate(container_network_transmit_packets_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_network_transmit_packets_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit Total", + "refId": "B" + }, + { + "expr": "sum(rate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_network_receive_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive Dropped", + "refId": "C" + }, + { + "expr": "sum(rate(container_network_receive_errors_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive Errors", + "refId": "D" + }, + { + "expr": "sum(rate(container_network_transmit_errors_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit Errors", + "refId": "E" + }, + { + "expr": "sum(rate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_network_transmit_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit Dropped", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(container_network_receive_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_network_receive_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive Total", + "refId": "A" + }, + { + "expr": "sum(rate(container_network_transmit_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_network_transmit_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit Total", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(container_fs_writes_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Write", + "refId": "A" + }, + { + "expr": "sum(rate(container_fs_reads_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Read", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": false, + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "query": "label_values({__name__=~\"container_.*|windows_container_.*\", namespace!=\"\"}, namespace)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "pod", + "query": "label_values({__name__=~\"container_.*|windows_container_.*\", namespace=\"$namespace\", pod!=\"\"}, pod)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Pod", + "uid": "rancher-pod-1", + "version": 8 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/rancher-default-home.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/rancher-default-home.json new file mode 100755 index 000000000..d2921bf86 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/rancher-default-home.json @@ -0,0 +1,1275 @@ +{ + "annotations": { + "list": [ + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "id": null, + "links": [], + "panels": [ + { + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 1, + "title": "", + "type": "welcome" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 8, + "x": 0, + "y": 4 + }, + "height": "180px", + "id": 6, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(1 - avg(irate(node_cpu_seconds_total{mode=\"idle\"}[5m]))) * 100", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "65, 90", + "title": "CPU usage (5m avg)", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 8, + "x": 8, + "y": 4 + }, + "height": "180px", + "id": 4, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(1 - sum(node_memory_MemAvailable_bytes{})/ sum(node_memory_MemTotal_bytes{})) * 100", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "65, 90", + "title": "Memory usage", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 8, + "x": 16, + "y": 4 + }, + "height": "180px", + "id": 7, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"})\n - sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"})) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) * 100", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "", + "metric": "", + "refId": "A", + "step": 10 + } + ], + "thresholds": "65, 90", + "title": "Filesystem usage", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 0, + "y": 9 + }, + "height": "1px", + "id": 11, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": " cores", + "postfixFontSize": "30%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(1 - (avg(irate(node_cpu_seconds_total{mode=\"idle\"}[5m])))) * sum(kube_node_status_allocatable_cpu_cores{})", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Used", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 4, + "y": 9 + }, + "height": "1px", + "id": 12, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": " cores", + "postfixFontSize": "30%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum (kube_node_status_allocatable_cpu_cores{})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Total", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 8, + "y": 9 + }, + "height": "1px", + "id": 9, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "20%", + "prefix": "", + "prefixFontSize": "20%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(node_memory_MemTotal_bytes{device!~\"rootfs|HarddiskVolume.+\"}) - sum(node_memory_MemAvailable_bytes{device!~\"rootfs|HarddiskVolume.+\"})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Used", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 12, + "y": 9 + }, + "height": "1px", + "id": 10, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum (kube_node_status_allocatable_memory_bytes{})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Total", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 16, + "y": 9 + }, + "height": "1px", + "id": 13, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\",})\n - sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Used", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 20, + "y": 9 + }, + "height": "1px", + "id": 14, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Total", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 8, + "x": 0, + "y": 12 + }, + "hiddenSeries": false, + "id": 2051, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1- (avg(irate(node_cpu_seconds_total{mode=\"idle\"}[5m])))", + "format": "time_series", + "hide": false, + "instant": false, + "intervalFactor": 1, + "legendFormat": "Cluster", + "refId": "A" + }, + { + "expr": "1- (avg(irate(node_cpu_seconds_total{mode=\"idle\"}[5m])) by (node))", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{ node }}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU usage (5m avg)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percentunit", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 8, + "x": 8, + "y": 12 + }, + "hiddenSeries": false, + "id": 2052, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "100 * (1 - sum(node_memory_MemAvailable_bytes) / sum(node_memory_MemTotal_bytes))", + "format": "time_series", + "hide": false, + "instant": false, + "intervalFactor": 1, + "legendFormat": "Cluster", + "refId": "A" + }, + { + "expr": "100 * (1- sum(node_memory_MemAvailable_bytes) by (node) / sum(node_memory_MemTotal_bytes) by (node))", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{ node }}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percent", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 8, + "x": 16, + "y": 12 + }, + "hiddenSeries": false, + "id": 2053, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"})\n - sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"})\n ) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) * 100 ", + "format": "time_series", + "hide": false, + "instant": false, + "intervalFactor": 1, + "legendFormat": "Cluster", + "refId": "A" + }, + { + "expr": "((sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) by (node) - sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) by (node)) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) by (node)) * 100\n", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{ node }}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Filesystem usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "percent", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "folderId": 0, + "gridPos": { + "h": 15, + "w": 12, + "x": 0, + "y": 18 + }, + "headings": true, + "id": 3, + "limit": 30, + "links": [], + "query": "", + "recent": true, + "search": true, + "starred": false, + "tags": [], + "title": "Dashboards", + "type": "dashlist" + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 18 + }, + "id": 2055, + "options": { + "content": "## About Rancher Monitoring\n\nRancher Monitoring is a Helm chart developed by Rancher that is powered by [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator). It is based on the upstream [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) Helm chart maintained by the Prometheus community.\n\nBy default, the chart deploys Grafana alongside a set of Grafana dashboards curated by the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) project.\n\nFor more information on how Rancher Monitoring differs from [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack), please view the CHANGELOG.md of the rancher-monitoring chart located in the [rancher/charts](https://github.com/rancher/charts) repository.\n\nFor more information about how to configure Rancher Monitoring, please view the [Rancher docs](https://rancher.com/docs/rancher/v2.x/en/).\n\n", + "mode": "markdown" + }, + "pluginVersion": "7.1.0", + "timeFrom": null, + "timeShift": null, + "title": "", + "type": "text" + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": { + "hidden": true, + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ], + "type": "timepicker" + }, + "timezone": "browser", + "title": "Home", + "uid": "hjvnWYFMz", + "version": 5 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/windows/windows-metrics-detail.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/windows/windows-metrics-detail.json new file mode 100755 index 000000000..9d400c2c9 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/windows/windows-metrics-detail.json @@ -0,0 +1,768 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 28, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (avg(irate(windows_cpu_time_total{mode=\"idle\"}[$__rate_interval])) by (instance))", + "interval": "", + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load5({{instance}})" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(avg_over_time(windows_system_processor_queue_length[5m])) by (instance)", + "interval": "", + "legendFormat": "Load5({{instance}})", + "refId": "A" + }, + { + "expr": "sum(avg_over_time(windows_system_processor_queue_length[1m])) by (instance)", + "interval": "", + "legendFormat": "Load1({{instance}})", + "refId": "B" + }, + { + "expr": "sum(avg_over_time(windows_system_processor_queue_length[15m])) by (instance)", + "interval": "", + "legendFormat": "Load15({{instance}})", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Load Average", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (sum(windows_os_physical_memory_free_bytes) by (instance) / sum(windows_cs_physical_memory_bytes) by (instance))", + "interval": "", + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) by (instance) / sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) by (instance))", + "interval": "", + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(windows_logical_disk_read_bytes_total[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Read({{instance}})", + "refId": "A" + }, + { + "expr": "sum(irate(windows_logical_disk_write_bytes_total[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Write({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(windows_net_packets_received_errors{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Receive errors({{instance}})", + "refId": "A" + }, + { + "expr": "sum(irate(windows_net_packets_received_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Receive packets({{instance}})", + "refId": "B" + }, + { + "expr": "sum(irate(windows_net_packets_outbound_errors{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Transmit errors({{instance}})", + "refId": "C" + }, + { + "expr": "sum(irate(windows_net_packets_received_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Receive dropped({{instance}})", + "refId": "D" + }, + { + "expr": "sum(irate(windows_net_packets_outbound_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Transmit dropped({{instance}})", + "refId": "E" + }, + { + "expr": "sum(irate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Transmit packets({{instance}})", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Packets", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 14 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Transmit({{instance}})", + "refId": "A" + }, + { + "expr": "sum(irate(windows_net_packets_received_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Receive({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Windows / Cluster Metrics Detail", + "uid": "rancher-windows-detail-1", + "version": 3 + } \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/windows/windows-metrics-summary.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/windows/windows-metrics-summary.json new file mode 100755 index 000000000..d517eb389 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/windows/windows-metrics-summary.json @@ -0,0 +1,768 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 29, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (avg(irate(windows_cpu_time_total{mode=\"idle\"}[$__rate_interval])))", + "interval": "", + "legendFormat": "CPU usage", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load5({{instance}})" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(avg_over_time(windows_system_processor_queue_length[5m])) by (instance)", + "interval": "", + "legendFormat": "Load5({{instance}})", + "refId": "A" + }, + { + "expr": "sum(avg_over_time(windows_system_processor_queue_length[1m])) by (instance)", + "interval": "", + "legendFormat": "Load1({{instance}})", + "refId": "B" + }, + { + "expr": "sum(avg_over_time(windows_system_processor_queue_length[15m])) by (instance)", + "interval": "", + "legendFormat": "Load15({{instance}})", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Load Average", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - sum(windows_os_physical_memory_free_bytes) / sum(windows_cs_physical_memory_bytes)", + "interval": "", + "legendFormat": "Memory usage", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) / sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"})", + "interval": "", + "legendFormat": "Disk usage", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(windows_logical_disk_read_bytes_total[$__rate_interval]))", + "interval": "", + "legendFormat": "Read", + "refId": "A" + }, + { + "expr": "sum(irate(windows_logical_disk_write_bytes_total[$__rate_interval]))", + "interval": "", + "legendFormat": "Write", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(windows_net_packets_received_errors{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive errors", + "refId": "A" + }, + { + "expr": "sum(irate(windows_net_packets_received_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive packets", + "refId": "B" + }, + { + "expr": "sum(irate(windows_net_packets_outbound_errors{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit errors", + "refId": "C" + }, + { + "expr": "sum(irate(windows_net_packets_received_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive dropped", + "refId": "D" + }, + { + "expr": "sum(irate(windows_net_packets_outbound_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit dropped", + "refId": "E" + }, + { + "expr": "sum(irate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit packets", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Packets", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 14 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit", + "refId": "A" + }, + { + "expr": "sum(irate(windows_net_packets_received_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Windows / Cluster Metrics Summary", + "uid": "rancher-windows-summary-1", + "version": 3 + } \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/workloads/rancher-workload-pods.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/workloads/rancher-workload-pods.json new file mode 100755 index 000000000..52cc77ce0 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/workloads/rancher-workload-pods.json @@ -0,0 +1,636 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 28, + "iteration": 1618265214337, + "links": [], + "panels": [ + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(rate(container_cpu_cfs_throttled_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "CFS throttled ({{pod}})", + "refId": "A" + }, + { + "expr": "(sum(rate(container_cpu_system_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_kernelmode{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "System ({{pod}})", + "refId": "B" + }, + { + "expr": "(sum(rate(container_cpu_usage_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Total ({{pod}})", + "refId": "C" + }, + { + "expr": "(sum(rate(container_cpu_user_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_usermode{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "User ({{pod}})", + "refId": "D" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "cpu", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(container_memory_working_set_bytes{namespace=~\"$namespace\"} OR windows_container_memory_usage_commit_bytes{namespace=~\"$namespace\"}) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "({{pod}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "kbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(rate(container_network_receive_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_receive_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Receive Total ({{pod}})", + "refId": "A" + }, + { + "expr": "(sum(rate(container_network_transmit_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_transmit_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Transmit Total ({{pod}})", + "refId": "B" + }, + { + "expr": "(sum(rate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_receive_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Receive Dropped ({{pod}})", + "refId": "C" + }, + { + "expr": "(sum(rate(container_network_receive_errors_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Receive Errors ({{pod}})", + "refId": "D" + }, + { + "expr": "(sum(rate(container_network_transmit_errors_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Transmit Errors ({{pod}})", + "refId": "E" + }, + { + "expr": "(sum(rate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_transmit_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Transmit Dropped ({{pod}})", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(rate(container_network_receive_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_receive_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Receive Total ({{pod}})", + "refId": "A" + }, + { + "expr": "(sum(rate(container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Transmit Total ({{pod}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(rate(container_fs_writes_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Write ({{pod}})", + "refId": "A" + }, + { + "expr": "(sum(rate(container_fs_reads_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Read ({{pod}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": false, + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "query": "query_result(kube_pod_info{namespace!=\"\"} * on(pod) group_right(namespace, created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod))", + "refresh": 2, + "regex": "/.*namespace=\"([^\"]*)\"/", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "kind", + "query": "query_result(kube_pod_info{namespace=\"$namespace\", created_by_kind!=\"\"} * on(pod) group_right(namespace, created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod))", + "refresh": 2, + "regex": "/.*created_by_kind=\"([^\"]*)\"/", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "workload", + "query": "query_result(kube_pod_info{namespace=\"$namespace\", created_by_kind=\"$kind\", created_by_name!=\"\"} * on(pod) group_right(namespace, created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod))", + "refresh": 2, + "regex": "/.*created_by_name=\"([^\"]*)\"/", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Workload (Pods)", + "uid": "rancher-workload-pods-1", + "version": 8 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/workloads/rancher-workload.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/workloads/rancher-workload.json new file mode 100755 index 000000000..cb4bc5986 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/workloads/rancher-workload.json @@ -0,0 +1,636 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 28, + "iteration": 1618265214337, + "links": [], + "panels": [ + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum((sum(rate(container_cpu_cfs_throttled_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "CFS throttled", + "refId": "A" + }, + { + "expr": "sum((sum(rate(container_cpu_system_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_kernelmode{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "System", + "refId": "B" + }, + { + "expr": "sum((sum(rate(container_cpu_usage_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Total", + "refId": "C" + }, + { + "expr": "sum((sum(rate(container_cpu_user_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_usermode{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "User", + "refId": "D" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "cpu", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum((sum(container_memory_working_set_bytes{namespace=~\"$namespace\"} OR windows_container_memory_usage_commit_bytes{namespace=~\"$namespace\"}) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Total", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "kbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum((sum(rate(container_network_receive_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_receive_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Receive Total", + "refId": "A" + }, + { + "expr": "sum((sum(rate(container_network_transmit_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_transmit_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Transmit Total", + "refId": "B" + }, + { + "expr": "sum((sum(rate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_receive_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Receive Dropped", + "refId": "C" + }, + { + "expr": "sum((sum(rate(container_network_receive_errors_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Receive Errors", + "refId": "D" + }, + { + "expr": "sum((sum(rate(container_network_transmit_errors_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Transmit Errors", + "refId": "E" + }, + { + "expr": "sum((sum(rate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_transmit_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Transmit Dropped", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum((sum(rate(container_network_receive_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_receive_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Receive Total", + "refId": "A" + }, + { + "expr": "sum((sum(rate(container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Transmit Total", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum((sum(rate(container_fs_writes_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Write", + "refId": "A" + }, + { + "expr": "sum((sum(rate(container_fs_reads_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Read", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": false, + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "query": "query_result(kube_pod_info{namespace!=\"\"} * on(pod) group_right(namespace, created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod))", + "refresh": 2, + "regex": "/.*namespace=\"([^\"]*)\"/", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "kind", + "query": "query_result(kube_pod_info{namespace=\"$namespace\", created_by_kind!=\"\"} * on(pod) group_right(namespace, created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod))", + "refresh": 2, + "regex": "/.*created_by_kind=\"([^\"]*)\"/", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "workload", + "query": "query_result(kube_pod_info{namespace=\"$namespace\", created_by_kind=\"$kind\", created_by_name!=\"\"} * on(pod) group_right(namespace, created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod))", + "refresh": 2, + "regex": "/.*created_by_name=\"([^\"]*)\"/", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Workload", + "uid": "rancher-workload-1", + "version": 8 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/NOTES.txt b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/NOTES.txt new file mode 100755 index 000000000..371f3ae39 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/NOTES.txt @@ -0,0 +1,4 @@ +{{ $.Chart.Name }} has been installed. Check its status by running: + kubectl --namespace {{ template "kube-prometheus-stack.namespace" . }} get pods -l "release={{ $.Release.Name }}" + +Visit https://github.com/prometheus-operator/kube-prometheus for instructions on how to create & configure Alertmanager and Prometheus instances using the Operator. diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/_helpers.tpl new file mode 100755 index 000000000..123cbad6d --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/_helpers.tpl @@ -0,0 +1,200 @@ +# Rancher +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +{{/* +https://github.com/helm/helm/issues/4535#issuecomment-477778391 +Usage: {{ include "call-nested" (list . "SUBCHART_NAME" "TEMPLATE") }} +e.g. {{ include "call-nested" (list . "grafana" "grafana.fullname") }} +*/}} +{{- define "call-nested" }} +{{- $dot := index . 0 }} +{{- $subchart := index . 1 | splitList "." }} +{{- $template := index . 2 }} +{{- $values := $dot.Values }} +{{- range $subchart }} +{{- $values = index $values . }} +{{- end }} +{{- include $template (dict "Chart" (dict "Name" (last $subchart)) "Values" $values "Release" $dot.Release "Capabilities" $dot.Capabilities) }} +{{- end }} + +# Special Exporters +{{- define "exporter.kubeEtcd.enabled" -}} +{{- if or .Values.kubeEtcd.enabled .Values.rkeEtcd.enabled .Values.kubeAdmEtcd.enabled .Values.rke2Etcd.enabled -}} +"true" +{{- end -}} +{{- end }} + +{{- define "exporter.kubeControllerManager.enabled" -}} +{{- if or .Values.kubeControllerManager.enabled .Values.rkeControllerManager.enabled .Values.k3sServer.enabled .Values.kubeAdmControllerManager.enabled .Values.rke2ControllerManager.enabled -}} +"true" +{{- end -}} +{{- end }} + +{{- define "exporter.kubeScheduler.enabled" -}} +{{- if or .Values.kubeScheduler.enabled .Values.rkeScheduler.enabled .Values.k3sServer.enabled .Values.kubeAdmScheduler.enabled .Values.rke2Scheduler.enabled -}} +"true" +{{- end -}} +{{- end }} + +{{- define "exporter.kubeProxy.enabled" -}} +{{- if or .Values.kubeProxy.enabled .Values.rkeProxy.enabled .Values.k3sServer.enabled .Values.kubeAdmProxy.enabled .Values.rke2Proxy.enabled -}} +"true" +{{- end -}} +{{- end }} + +{{- define "exporter.kubeControllerManager.jobName" -}} +{{- if .Values.k3sServer.enabled -}} +k3s-server +{{- else -}} +kube-controller-manager +{{- end -}} +{{- end }} + +{{- define "exporter.kubeScheduler.jobName" -}} +{{- if .Values.k3sServer.enabled -}} +k3s-server +{{- else -}} +kube-scheduler +{{- end -}} +{{- end }} + +{{- define "exporter.kubeProxy.jobName" -}} +{{- if .Values.k3sServer.enabled -}} +k3s-server +{{- else -}} +kube-proxy +{{- end -}} +{{- end }} + +{{- define "kubelet.serviceMonitor.resourcePath" -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if not (eq .Values.kubelet.serviceMonitor.resourcePath "/metrics/resource/v1alpha1") -}} +{{ .Values.kubelet.serviceMonitor.resourcePath }} +{{- else if semverCompare ">=1.20.0-0" $kubeTargetVersion -}} +/metrics/resource +{{- else -}} +/metrics/resource/v1alpha1 +{{- end -}} +{{- end }} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# Prometheus Operator + +{{/* vim: set filetype=mustache: */}} +{{/* Expand the name of the chart. This is suffixed with -alertmanager, which means subtract 13 from longest 63 available */}} +{{- define "kube-prometheus-stack.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 50 | trimSuffix "-" -}} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +The components in this chart create additional resources that expand the longest created name strings. +The longest name that gets created adds and extra 37 characters, so truncation should be 63-35=26. +*/}} +{{- define "kube-prometheus-stack.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 26 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 26 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 26 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* Fullname suffixed with operator */}} +{{- define "kube-prometheus-stack.operator.fullname" -}} +{{- printf "%s-operator" (include "kube-prometheus-stack.fullname" .) -}} +{{- end }} + +{{/* Fullname suffixed with prometheus */}} +{{- define "kube-prometheus-stack.prometheus.fullname" -}} +{{- printf "%s-prometheus" (include "kube-prometheus-stack.fullname" .) -}} +{{- end }} + +{{/* Fullname suffixed with alertmanager */}} +{{- define "kube-prometheus-stack.alertmanager.fullname" -}} +{{- printf "%s-alertmanager" (include "kube-prometheus-stack.fullname" .) -}} +{{- end }} + +{{/* Create chart name and version as used by the chart label. */}} +{{- define "kube-prometheus-stack.chartref" -}} +{{- replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name -}} +{{- end }} + +{{/* Generate basic labels */}} +{{- define "kube-prometheus-stack.labels" }} +chart: {{ template "kube-prometheus-stack.chartref" . }} +release: {{ $.Release.Name | quote }} +heritage: {{ $.Release.Service | quote }} +{{- if .Values.commonLabels}} +{{ toYaml .Values.commonLabels }} +{{- end }} +{{- end }} + +{{/* Create the name of kube-prometheus-stack service account to use */}} +{{- define "kube-prometheus-stack.operator.serviceAccountName" -}} +{{- if .Values.prometheusOperator.serviceAccount.create -}} + {{ default (include "kube-prometheus-stack.operator.fullname" .) .Values.prometheusOperator.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.prometheusOperator.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* Create the name of prometheus service account to use */}} +{{- define "kube-prometheus-stack.prometheus.serviceAccountName" -}} +{{- if .Values.prometheus.serviceAccount.create -}} + {{ default (include "kube-prometheus-stack.prometheus.fullname" .) .Values.prometheus.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.prometheus.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* Create the name of alertmanager service account to use */}} +{{- define "kube-prometheus-stack.alertmanager.serviceAccountName" -}} +{{- if .Values.alertmanager.serviceAccount.create -}} + {{ default (include "kube-prometheus-stack.alertmanager.fullname" .) .Values.alertmanager.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.alertmanager.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "kube-prometheus-stack.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/alertmanager.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/alertmanager.yaml new file mode 100755 index 000000000..8967c86ff --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/alertmanager.yaml @@ -0,0 +1,147 @@ +{{- if .Values.alertmanager.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: Alertmanager +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: +{{- if .Values.alertmanager.alertmanagerSpec.image }} + image: {{ template "system_default_registry" . }}{{ .Values.alertmanager.alertmanagerSpec.image.repository }}:{{ .Values.alertmanager.alertmanagerSpec.image.tag }} + version: {{ .Values.alertmanager.alertmanagerSpec.image.tag }} + {{- if .Values.alertmanager.alertmanagerSpec.image.sha }} + sha: {{ .Values.alertmanager.alertmanagerSpec.image.sha }} + {{- end }} +{{- end }} + replicas: {{ .Values.alertmanager.alertmanagerSpec.replicas }} + listenLocal: {{ .Values.alertmanager.alertmanagerSpec.listenLocal }} + serviceAccountName: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }} +{{- if .Values.alertmanager.alertmanagerSpec.externalUrl }} + externalUrl: "{{ tpl .Values.alertmanager.alertmanagerSpec.externalUrl . }}" +{{- else if and .Values.alertmanager.ingress.enabled .Values.alertmanager.ingress.hosts }} + externalUrl: "http://{{ tpl (index .Values.alertmanager.ingress.hosts 0) . }}{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}" +{{- else if not (or (kindIs "invalid" .Values.global.cattle.url) (kindIs "invalid" .Values.global.cattle.clusterId)) }} + externalUrl: "{{ .Values.global.cattle.url }}/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Values.namespaceOverride }}/services/http:{{ template "kube-prometheus-stack.fullname" . }}-alertmanager:{{ .Values.alertmanager.service.port }}/proxy" +{{- else }} + externalUrl: http://{{ template "kube-prometheus-stack.fullname" . }}-alertmanager.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.alertmanager.service.port }} +{{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 4 }} +{{- if .Values.alertmanager.alertmanagerSpec.nodeSelector }} +{{ toYaml .Values.alertmanager.alertmanagerSpec.nodeSelector | indent 4 }} +{{- end }} + paused: {{ .Values.alertmanager.alertmanagerSpec.paused }} + logFormat: {{ .Values.alertmanager.alertmanagerSpec.logFormat | quote }} + logLevel: {{ .Values.alertmanager.alertmanagerSpec.logLevel | quote }} + retention: {{ .Values.alertmanager.alertmanagerSpec.retention | quote }} +{{- if .Values.alertmanager.alertmanagerSpec.secrets }} + secrets: +{{ toYaml .Values.alertmanager.alertmanagerSpec.secrets | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.configSecret }} + configSecret: {{ .Values.alertmanager.alertmanagerSpec.configSecret }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.configMaps }} + configMaps: +{{ toYaml .Values.alertmanager.alertmanagerSpec.configMaps | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.alertmanagerConfigSelector }} + alertmanagerConfigSelector: +{{ toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfigSelector | indent 4}} +{{ else }} + alertmanagerConfigSelector: {} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.alertmanagerConfigNamespaceSelector }} + alertmanagerConfigNamespaceSelector: +{{ toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfigNamespaceSelector | indent 4}} +{{ else }} + alertmanagerConfigNamespaceSelector: {} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.resources }} + resources: +{{ toYaml .Values.alertmanager.alertmanagerSpec.resources | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.routePrefix }} + routePrefix: "{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}" +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.securityContext }} + securityContext: +{{ toYaml .Values.alertmanager.alertmanagerSpec.securityContext | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.storage }} + storage: +{{ toYaml .Values.alertmanager.alertmanagerSpec.storage | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.podMetadata }} + podMetadata: +{{ toYaml .Values.alertmanager.alertmanagerSpec.podMetadata | indent 4 }} +{{- end }} +{{- if or .Values.alertmanager.alertmanagerSpec.podAntiAffinity .Values.alertmanager.alertmanagerSpec.affinity }} + affinity: +{{- if .Values.alertmanager.alertmanagerSpec.affinity }} +{{ toYaml .Values.alertmanager.alertmanagerSpec.affinity | indent 4 }} +{{- end }} +{{- if eq .Values.alertmanager.alertmanagerSpec.podAntiAffinity "hard" }} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: {{ .Values.alertmanager.alertmanagerSpec.podAntiAffinityTopologyKey }} + labelSelector: + matchExpressions: + - {key: app, operator: In, values: [alertmanager]} + - {key: prometheus, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-alertmanager]} +{{- else if eq .Values.alertmanager.alertmanagerSpec.podAntiAffinity "soft" }} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: {{ .Values.alertmanager.alertmanagerSpec.podAntiAffinityTopologyKey }} + labelSelector: + matchExpressions: + - {key: app, operator: In, values: [alertmanager]} + - {key: prometheus, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-alertmanager]} +{{- end }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 4 }} +{{- if .Values.alertmanager.alertmanagerSpec.tolerations }} +{{ toYaml .Values.alertmanager.alertmanagerSpec.tolerations | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.topologySpreadConstraints }} + topologySpreadConstraints: +{{ toYaml .Values.alertmanager.alertmanagerSpec.topologySpreadConstraints | indent 4 }} +{{- end }} +{{- if .Values.global.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.global.imagePullSecrets | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.containers }} + containers: +{{ toYaml .Values.alertmanager.alertmanagerSpec.containers | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.initContainers }} + initContainers: +{{ toYaml .Values.alertmanager.alertmanagerSpec.initContainers | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.priorityClassName }} + priorityClassName: {{.Values.alertmanager.alertmanagerSpec.priorityClassName }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.additionalPeers }} + additionalPeers: +{{ toYaml .Values.alertmanager.alertmanagerSpec.additionalPeers | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.volumes }} + volumes: +{{ toYaml .Values.alertmanager.alertmanagerSpec.volumes | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.volumeMounts }} + volumeMounts: +{{ toYaml .Values.alertmanager.alertmanagerSpec.volumeMounts | indent 4 }} +{{- end }} + portName: {{ .Values.alertmanager.alertmanagerSpec.portName }} +{{- if .Values.alertmanager.alertmanagerSpec.clusterAdvertiseAddress }} + clusterAdvertiseAddress: {{ .Values.alertmanager.alertmanagerSpec.clusterAdvertiseAddress }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.forceEnableClusterMode }} + forceEnableClusterMode: {{ .Values.alertmanager.alertmanagerSpec.forceEnableClusterMode }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/cleanupSecret.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/cleanupSecret.yaml new file mode 100755 index 000000000..908955697 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/cleanupSecret.yaml @@ -0,0 +1,88 @@ +{{- if and (.Values.alertmanager.enabled) (not .Values.alertmanager.alertmanagerSpec.useExistingSecret) (.Values.alertmanager.secret.cleanupOnUninstall) }} +apiVersion: batch/v1 +kind: Job +metadata: + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-delete-policy": hook-succeeded, hook-failed + "helm.sh/hook-weight": "5" +spec: + template: + metadata: + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete + labels: {{ include "kube-prometheus-stack.labels" . | nindent 8 }} + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + spec: + serviceAccountName: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete +{{- if .Values.alertmanager.secret.securityContext }} + securityContext: +{{ toYaml .Values.alertmanager.secret.securityContext | indent 8 }} +{{- end }} + containers: + - name: delete-secret + image: {{ template "system_default_registry" . }}{{ .Values.alertmanager.secret.image.repository }}:{{ .Values.alertmanager.secret.image.tag }} + imagePullPolicy: {{ .Values.alertmanager.secret.image.pullPolicy }} + command: + - /bin/sh + - -c + - > + if kubectl get secret -n {{ template "kube-prometheus-stack.namespace" . }} alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-alertmanager > /dev/null 2>&1; then + kubectl delete secret -n {{ template "kube-prometheus-stack.namespace" . }} alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-alertmanager + fi; + restartPolicy: OnFailure + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-delete-policy": hook-succeeded, hook-failed + "helm.sh/hook-weight": "3" +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: ['get', 'delete'] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-delete-policy": hook-succeeded, hook-failed + "helm.sh/hook-weight": "3" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete +subjects: +- kind: ServiceAccount + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete + namespace: {{ template "kube-prometheus-stack.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-delete-policy": hook-succeeded, hook-failed + "helm.sh/hook-weight": "3" +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/ingress.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/ingress.yaml new file mode 100755 index 000000000..50fab1455 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/ingress.yaml @@ -0,0 +1,65 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.ingress.enabled }} +{{- $pathType := .Values.alertmanager.ingress.pathType | default "" }} +{{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager" }} +{{- $servicePort := .Values.alertmanager.service.port -}} +{{- $routePrefix := list .Values.alertmanager.alertmanagerSpec.routePrefix }} +{{- $paths := .Values.alertmanager.ingress.paths | default $routePrefix -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} +apiVersion: networking.k8s.io/v1beta1 +{{ else }} +apiVersion: extensions/v1beta1 +{{ end -}} +kind: Ingress +metadata: + name: {{ $serviceName }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- if .Values.alertmanager.ingress.annotations }} + annotations: +{{ toYaml .Values.alertmanager.ingress.annotations | indent 4 }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager +{{- if .Values.alertmanager.ingress.labels }} +{{ toYaml .Values.alertmanager.ingress.labels | indent 4 }} +{{- end }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + {{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1") }} + {{- if .Values.alertmanager.ingress.ingressClassName }} + ingressClassName: {{ .Values.alertmanager.ingress.ingressClassName }} + {{- end }} + {{- end }} + rules: + {{- if .Values.alertmanager.ingress.hosts }} + {{- range $host := .Values.alertmanager.ingress.hosts }} + - host: {{ tpl $host $ }} + http: + paths: + {{- range $p := $paths }} + - path: {{ tpl $p $ }} + {{- if $pathType }} + pathType: {{ $pathType }} + {{- end }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end -}} + {{- end -}} + {{- else }} + - http: + paths: + {{- range $p := $paths }} + - path: {{ tpl $p $ }} + {{- if $pathType }} + pathType: {{ $pathType }} + {{- end }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end -}} + {{- end -}} + {{- if .Values.alertmanager.ingress.tls }} + tls: +{{ tpl (toYaml .Values.alertmanager.ingress.tls | indent 4) . }} + {{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/ingressperreplica.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/ingressperreplica.yaml new file mode 100755 index 000000000..3d673b2c8 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/ingressperreplica.yaml @@ -0,0 +1,62 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.servicePerReplica.enabled .Values.alertmanager.ingressPerReplica.enabled }} +{{- $pathType := .Values.alertmanager.ingressPerReplica.pathType | default "" }} +{{- $count := .Values.alertmanager.alertmanagerSpec.replicas | int -}} +{{- $servicePort := .Values.alertmanager.service.port -}} +{{- $ingressValues := .Values.alertmanager.ingressPerReplica -}} +apiVersion: v1 +kind: List +metadata: + name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-ingressperreplica + namespace: {{ template "kube-prometheus-stack.namespace" . }} +items: +{{ range $i, $e := until $count }} + - kind: Ingress + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} + apiVersion: networking.k8s.io/v1beta1 + {{ else }} + apiVersion: extensions/v1beta1 + {{ end -}} + metadata: + name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }} + namespace: {{ template "kube-prometheus-stack.namespace" $ }} + labels: + app: {{ include "kube-prometheus-stack.name" $ }}-alertmanager +{{ include "kube-prometheus-stack.labels" $ | indent 8 }} + {{- if $ingressValues.labels }} +{{ toYaml $ingressValues.labels | indent 8 }} + {{- end }} + {{- if $ingressValues.annotations }} + annotations: +{{ toYaml $ingressValues.annotations | indent 8 }} + {{- end }} + spec: + {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1") ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1") }} + {{- if $ingressValues.ingressClassName }} + ingressClassName: {{ $ingressValues.ingressClassName }} + {{- end }} + {{- end }} + rules: + - host: {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }} + http: + paths: + {{- range $p := $ingressValues.paths }} + - path: {{ tpl $p $ }} + {{- if $pathType }} + pathType: {{ $pathType }} + {{- end }} + backend: + serviceName: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }} + servicePort: {{ $servicePort }} + {{- end -}} + {{- if or $ingressValues.tlsSecretName $ingressValues.tlsSecretPerReplica.enabled }} + tls: + - hosts: + - {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }} + {{- if $ingressValues.tlsSecretPerReplica.enabled }} + secretName: {{ $ingressValues.tlsSecretPerReplica.prefix }}-{{ $i }} + {{- else }} + secretName: {{ $ingressValues.tlsSecretName }} + {{- end }} + {{- end }} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/podDisruptionBudget.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/podDisruptionBudget.yaml new file mode 100755 index 000000000..1dbe809cd --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/podDisruptionBudget.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + {{- if .Values.alertmanager.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.alertmanager.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.alertmanager.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.alertmanager.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: + app: alertmanager + alertmanager: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/psp-role.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/psp-role.yaml new file mode 100755 index 000000000..d64d1f813 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/psp-role.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +rules: +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} +- apiGroups: ['policy'] +{{- else }} +- apiGroups: ['extensions'] +{{- end }} + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "kube-prometheus-stack.fullname" . }}-alertmanager +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/psp-rolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/psp-rolebinding.yaml new file mode 100755 index 000000000..9248cc8dd --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/psp-rolebinding.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager +subjects: + - kind: ServiceAccount + name: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/psp.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/psp.yaml new file mode 100755 index 000000000..6fa445009 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/psp.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager +{{- if .Values.global.rbac.pspAnnotations }} + annotations: +{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }} +{{- end }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + privileged: false + # Required to prevent escalations to root. + # allowPrivilegeEscalation: false + # This is redundant with non-root + disallow privilege escalation, + # but we can provide it for defense in depth. + #requiredDropCapabilities: + # - ALL + # Allow core volume types. + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'secret' + - 'downwardAPI' + - 'persistentVolumeClaim' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + # Permits the container to run with root privileges as well. + rule: 'RunAsAny' + seLinux: + # This policy assumes the nodes are using AppArmor rather than SELinux. + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} + diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/secret.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/secret.yaml new file mode 100755 index 000000000..9d9bdabfa --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/secret.yaml @@ -0,0 +1,166 @@ +{{- if and (.Values.alertmanager.enabled) (not .Values.alertmanager.alertmanagerSpec.useExistingSecret) }} +{{- if .Release.IsInstall }} +{{- $secretName := (printf "alertmanager-%s-alertmanager" (include "kube-prometheus-stack.fullname" .)) }} +{{- if (lookup "v1" "Secret" (include "kube-prometheus-stack.namespace" .) $secretName) }} +{{- required (printf "Cannot overwrite existing secret %s in namespace %s." $secretName (include "kube-prometheus-stack.namespace" .)) "" }} +{{- end }}{{- end }} +apiVersion: v1 +kind: Secret +metadata: + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install + namespace: {{ template "kube-prometheus-stack.namespace" . }} + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-delete-policy": hook-succeeded, hook-failed + "helm.sh/hook-weight": "3" +{{- if .Values.alertmanager.secret.annotations }} +{{ toYaml .Values.alertmanager.secret.annotations | indent 4 }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +data: +{{- if .Values.alertmanager.tplConfig }} + alertmanager.yaml: {{ tpl (toYaml .Values.alertmanager.config) . | b64enc | quote }} +{{- else }} + alertmanager.yaml: {{ toYaml .Values.alertmanager.config | b64enc | quote }} +{{- end}} +{{- range $key, $val := .Values.alertmanager.templateFiles }} + {{ $key }}: {{ $val | b64enc | quote }} +{{- end }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-delete-policy": hook-succeeded, hook-failed + "helm.sh/hook-weight": "5" +spec: + template: + metadata: + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install + labels: {{ include "kube-prometheus-stack.labels" . | nindent 8 }} + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + spec: + serviceAccountName: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install +{{- if .Values.alertmanager.secret.securityContext }} + securityContext: +{{ toYaml .Values.alertmanager.secret.securityContext | indent 8 }} +{{- end }} + containers: + - name: copy-pre-install-secret + image: {{ template "system_default_registry" . }}{{ .Values.alertmanager.secret.image.repository }}:{{ .Values.alertmanager.secret.image.tag }} + imagePullPolicy: {{ .Values.alertmanager.secret.image.pullPolicy }} + command: + - /bin/sh + - -c + - > + if kubectl get secret -n {{ template "kube-prometheus-stack.namespace" . }} alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-alertmanager > /dev/null 2>&1; then + echo "Secret already exists" + exit 1 + fi; + kubectl patch secret -n {{ template "kube-prometheus-stack.namespace" . }} --dry-run -o yaml + alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install + -p '{{ printf "{\"metadata\":{\"name\": \"alertmanager-%s-alertmanager\"}}" (include "kube-prometheus-stack.fullname" .) }}' + | kubectl apply -f -; + kubectl annotate secret -n {{ template "kube-prometheus-stack.namespace" . }} + alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-alertmanager + helm.sh/hook- helm.sh/hook-delete-policy- helm.sh/hook-weight-; + restartPolicy: OnFailure + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-delete-policy": hook-succeeded, hook-failed + "helm.sh/hook-weight": "3" +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: ['create', 'get', 'patch'] +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-delete-policy": hook-succeeded, hook-failed + "helm.sh/hook-weight": "3" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install +subjects: +- kind: ServiceAccount + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install + namespace: {{ template "kube-prometheus-stack.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-delete-policy": hook-succeeded, hook-failed + "helm.sh/hook-weight": "3" +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-delete-policy": hook-succeeded, hook-failed + "helm.sh/hook-weight": "3" +spec: + privileged: false + allowPrivilegeEscalation: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/service.yaml new file mode 100755 index 000000000..bbcc60f2b --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/service.yaml @@ -0,0 +1,50 @@ +{{- if .Values.alertmanager.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + self-monitor: {{ .Values.alertmanager.serviceMonitor.selfMonitor | quote }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.alertmanager.service.labels }} +{{ toYaml .Values.alertmanager.service.labels | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.service.annotations }} + annotations: +{{ toYaml .Values.alertmanager.service.annotations | indent 4 }} +{{- end }} +spec: +{{- if .Values.alertmanager.service.clusterIP }} + clusterIP: {{ .Values.alertmanager.service.clusterIP }} +{{- end }} +{{- if .Values.alertmanager.service.externalIPs }} + externalIPs: +{{ toYaml .Values.alertmanager.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.alertmanager.service.loadBalancerIP }} +{{- end }} +{{- if .Values.alertmanager.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.alertmanager.service.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} +{{- end }} + ports: + - name: {{ .Values.alertmanager.alertmanagerSpec.portName }} + {{- if eq .Values.alertmanager.service.type "NodePort" }} + nodePort: {{ .Values.alertmanager.service.nodePort }} + {{- end }} + port: {{ .Values.alertmanager.service.port }} + targetPort: {{ .Values.alertmanager.service.targetPort }} + protocol: TCP +{{- if .Values.alertmanager.service.additionalPorts }} +{{ toYaml .Values.alertmanager.service.additionalPorts | indent 2 }} +{{- end }} + selector: + app: alertmanager + alertmanager: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + type: "{{ .Values.alertmanager.service.type }}" +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/serviceaccount.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/serviceaccount.yaml new file mode 100755 index 000000000..c5e6e9228 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.alertmanager.serviceAccount.annotations }} + annotations: +{{ toYaml .Values.alertmanager.serviceAccount.annotations | indent 4 }} +{{- end }} +imagePullSecrets: +{{ toYaml .Values.global.imagePullSecrets | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/servicemonitor.yaml new file mode 100755 index 000000000..a699accb8 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/servicemonitor.yaml @@ -0,0 +1,42 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceMonitor.selfMonitor }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + release: {{ $.Release.Name | quote }} + self-monitor: "true" + namespaceSelector: + matchNames: + - {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }} + endpoints: + - port: {{ .Values.alertmanager.alertmanagerSpec.portName }} + {{- if .Values.alertmanager.serviceMonitor.interval }} + interval: {{ .Values.alertmanager.serviceMonitor.interval }} + {{- end }} + {{- if .Values.alertmanager.serviceMonitor.scheme }} + scheme: {{ .Values.alertmanager.serviceMonitor.scheme }} + {{- end }} + {{- if .Values.alertmanager.serviceMonitor.bearerTokenFile }} + bearerTokenFile: {{ .Values.alertmanager.serviceMonitor.bearerTokenFile }} + {{- end }} + {{- if .Values.alertmanager.serviceMonitor.tlsConfig }} + tlsConfig: {{ toYaml .Values.alertmanager.serviceMonitor.tlsConfig | nindent 6 }} + {{- end }} + path: "{{ trimSuffix "/" .Values.alertmanager.alertmanagerSpec.routePrefix }}/metrics" +{{- if .Values.alertmanager.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.alertmanager.serviceMonitor.metricRelabelings | indent 6) . }} +{{- end }} +{{- if .Values.alertmanager.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.alertmanager.serviceMonitor.relabelings | indent 6 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/serviceperreplica.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/serviceperreplica.yaml new file mode 100755 index 000000000..0f12ae879 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/serviceperreplica.yaml @@ -0,0 +1,46 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.servicePerReplica.enabled }} +{{- $count := .Values.alertmanager.alertmanagerSpec.replicas | int -}} +{{- $serviceValues := .Values.alertmanager.servicePerReplica -}} +apiVersion: v1 +kind: List +metadata: + name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-serviceperreplica + namespace: {{ template "kube-prometheus-stack.namespace" . }} +items: +{{- range $i, $e := until $count }} + - apiVersion: v1 + kind: Service + metadata: + name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }} + namespace: {{ template "kube-prometheus-stack.namespace" $ }} + labels: + app: {{ include "kube-prometheus-stack.name" $ }}-alertmanager +{{ include "kube-prometheus-stack.labels" $ | indent 8 }} + {{- if $serviceValues.annotations }} + annotations: +{{ toYaml $serviceValues.annotations | indent 8 }} + {{- end }} + spec: + {{- if $serviceValues.clusterIP }} + clusterIP: {{ $serviceValues.clusterIP }} + {{- end }} + {{- if $serviceValues.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := $serviceValues.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} + {{- end }} + ports: + - name: {{ $.Values.alertmanager.alertmanagerSpec.portName }} + {{- if eq $serviceValues.type "NodePort" }} + nodePort: {{ $serviceValues.nodePort }} + {{- end }} + port: {{ $serviceValues.port }} + targetPort: {{ $serviceValues.targetPort }} + selector: + app: alertmanager + alertmanager: {{ template "kube-prometheus-stack.fullname" $ }}-alertmanager + statefulset.kubernetes.io/pod-name: alertmanager-{{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }} + type: "{{ $serviceValues.type }}" +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/core-dns/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/core-dns/service.yaml new file mode 100755 index 000000000..f77db4199 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/core-dns/service.yaml @@ -0,0 +1,24 @@ +{{- if .Values.coreDns.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-coredns + labels: + app: {{ template "kube-prometheus-stack.name" . }}-coredns + jobLabel: coredns +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +spec: + clusterIP: None + ports: + - name: http-metrics + port: {{ .Values.coreDns.service.port }} + protocol: TCP + targetPort: {{ .Values.coreDns.service.targetPort }} + selector: + {{- if .Values.coreDns.service.selector }} +{{ toYaml .Values.coreDns.service.selector | indent 4 }} + {{- else}} + k8s-app: kube-dns + {{- end}} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/core-dns/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/core-dns/servicemonitor.yaml new file mode 100755 index 000000000..f34549048 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/core-dns/servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.coreDns.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-coredns + namespace: "kube-system" + labels: + app: {{ template "kube-prometheus-stack.name" . }}-coredns +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + jobLabel: jobLabel + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-coredns + release: {{ $.Release.Name | quote }} + namespaceSelector: + matchNames: + - "kube-system" + endpoints: + - port: http-metrics + {{- if .Values.coreDns.serviceMonitor.interval}} + interval: {{ .Values.coreDns.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token +{{- if .Values.coreDns.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.coreDns.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.coreDns.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.coreDns.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-api-server/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-api-server/servicemonitor.yaml new file mode 100755 index 000000000..b7ea3817c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-api-server/servicemonitor.yaml @@ -0,0 +1,36 @@ +{{- if .Values.kubeApiServer.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-apiserver + namespace: default + labels: + app: {{ template "kube-prometheus-stack.name" . }}-apiserver +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + endpoints: + - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.kubeApiServer.serviceMonitor.interval }} + interval: {{ .Values.kubeApiServer.serviceMonitor.interval }} + {{- end }} + port: https + scheme: https +{{- if .Values.kubeApiServer.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubeApiServer.serviceMonitor.metricRelabelings | indent 6) . }} +{{- end }} +{{- if .Values.kubeApiServer.relabelings }} + relabelings: +{{ toYaml .Values.kubeApiServer.relabelings | indent 6 }} +{{- end }} + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + serverName: {{ .Values.kubeApiServer.tlsConfig.serverName }} + insecureSkipVerify: {{ .Values.kubeApiServer.tlsConfig.insecureSkipVerify }} + jobLabel: {{ .Values.kubeApiServer.serviceMonitor.jobLabel }} + namespaceSelector: + matchNames: + - default + selector: +{{ toYaml .Values.kubeApiServer.serviceMonitor.selector | indent 4 }} +{{- end}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-controller-manager/endpoints.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-controller-manager/endpoints.yaml new file mode 100755 index 000000000..413193028 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-controller-manager/endpoints.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.endpoints }} +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-controller-manager + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager + k8s-app: kube-controller-manager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +subsets: + - addresses: + {{- range .Values.kubeControllerManager.endpoints }} + - ip: {{ . }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.kubeControllerManager.service.port }} + protocol: TCP +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-controller-manager/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-controller-manager/service.yaml new file mode 100755 index 000000000..d55ca2a10 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-controller-manager/service.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-controller-manager + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager + jobLabel: kube-controller-manager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +spec: + clusterIP: None + ports: + - name: http-metrics + port: {{ .Values.kubeControllerManager.service.port }} + protocol: TCP + targetPort: {{ .Values.kubeControllerManager.service.targetPort }} +{{- if .Values.kubeControllerManager.endpoints }}{{- else }} + selector: + {{- if .Values.kubeControllerManager.service.selector }} +{{ toYaml .Values.kubeControllerManager.service.selector | indent 4 }} + {{- else}} + component: kube-controller-manager + {{- end}} +{{- end }} + type: ClusterIP +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-controller-manager/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-controller-manager/servicemonitor.yaml new file mode 100755 index 000000000..38e2b1970 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-controller-manager/servicemonitor.yaml @@ -0,0 +1,44 @@ +{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-controller-manager + namespace: "kube-system" + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + jobLabel: jobLabel + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager + release: {{ $.Release.Name | quote }} + namespaceSelector: + matchNames: + - "kube-system" + endpoints: + - port: http-metrics + {{- if .Values.kubeControllerManager.serviceMonitor.interval }} + interval: {{ .Values.kubeControllerManager.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.kubeControllerManager.serviceMonitor.https }} + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + {{- if .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify }} + insecureSkipVerify: {{ .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify }} + {{- end }} + {{- if .Values.kubeControllerManager.serviceMonitor.serverName }} + serverName: {{ .Values.kubeControllerManager.serviceMonitor.serverName }} + {{- end }} + {{- end }} +{{- if .Values.kubeControllerManager.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubeControllerManager.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubeControllerManager.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.kubeControllerManager.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-dns/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-dns/service.yaml new file mode 100755 index 000000000..c7bf142d5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-dns/service.yaml @@ -0,0 +1,28 @@ +{{- if .Values.kubeDns.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-dns + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-dns + jobLabel: kube-dns +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +spec: + clusterIP: None + ports: + - name: http-metrics-dnsmasq + port: {{ .Values.kubeDns.service.dnsmasq.port }} + protocol: TCP + targetPort: {{ .Values.kubeDns.service.dnsmasq.targetPort }} + - name: http-metrics-skydns + port: {{ .Values.kubeDns.service.skydns.port }} + protocol: TCP + targetPort: {{ .Values.kubeDns.service.skydns.targetPort }} + selector: + {{- if .Values.kubeDns.service.selector }} +{{ toYaml .Values.kubeDns.service.selector | indent 4 }} + {{- else}} + k8s-app: kube-dns + {{- end}} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-dns/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-dns/servicemonitor.yaml new file mode 100755 index 000000000..28d06ae83 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-dns/servicemonitor.yaml @@ -0,0 +1,46 @@ +{{- if .Values.kubeDns.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-dns + namespace: "kube-system" + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-dns +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + jobLabel: jobLabel + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-dns + release: {{ $.Release.Name | quote }} + namespaceSelector: + matchNames: + - "kube-system" + endpoints: + - port: http-metrics-dnsmasq + {{- if .Values.kubeDns.serviceMonitor.interval }} + interval: {{ .Values.kubeDns.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token +{{- if .Values.kubeDns.serviceMonitor.dnsmasqMetricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubeDns.serviceMonitor.dnsmasqMetricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubeDns.serviceMonitor.dnsmasqRelabelings }} + relabelings: +{{ toYaml .Values.kubeDns.serviceMonitor.dnsmasqRelabelings | indent 4 }} +{{- end }} + - port: http-metrics-skydns + {{- if .Values.kubeDns.serviceMonitor.interval }} + interval: {{ .Values.kubeDns.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token +{{- if .Values.kubeDns.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubeDns.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubeDns.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.kubeDns.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-etcd/endpoints.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-etcd/endpoints.yaml new file mode 100755 index 000000000..8f07a5cc2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-etcd/endpoints.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.endpoints }} +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-etcd + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd + k8s-app: etcd-server +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +subsets: + - addresses: + {{- range .Values.kubeEtcd.endpoints }} + - ip: {{ . }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.kubeEtcd.service.port }} + protocol: TCP +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-etcd/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-etcd/service.yaml new file mode 100755 index 000000000..b2677e280 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-etcd/service.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-etcd + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd + jobLabel: kube-etcd +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +spec: + clusterIP: None + ports: + - name: http-metrics + port: {{ .Values.kubeEtcd.service.port }} + protocol: TCP + targetPort: {{ .Values.kubeEtcd.service.targetPort }} +{{- if .Values.kubeEtcd.endpoints }}{{- else }} + selector: + {{- if .Values.kubeEtcd.service.selector }} +{{ toYaml .Values.kubeEtcd.service.selector | indent 4 }} + {{- else}} + component: etcd + {{- end}} +{{- end }} + type: ClusterIP +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-etcd/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-etcd/servicemonitor.yaml new file mode 100755 index 000000000..d5816f441 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-etcd/servicemonitor.yaml @@ -0,0 +1,50 @@ +{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-etcd + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + jobLabel: jobLabel + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd + release: {{ $.Release.Name | quote }} + namespaceSelector: + matchNames: + - "kube-system" + endpoints: + - port: http-metrics + {{- if .Values.kubeEtcd.serviceMonitor.interval }} + interval: {{ .Values.kubeEtcd.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if eq .Values.kubeEtcd.serviceMonitor.scheme "https" }} + scheme: https + tlsConfig: + {{- if .Values.kubeEtcd.serviceMonitor.serverName }} + serverName: {{ .Values.kubeEtcd.serviceMonitor.serverName }} + {{- end }} + {{- if .Values.kubeEtcd.serviceMonitor.caFile }} + caFile: {{ .Values.kubeEtcd.serviceMonitor.caFile }} + {{- end }} + {{- if .Values.kubeEtcd.serviceMonitor.certFile }} + certFile: {{ .Values.kubeEtcd.serviceMonitor.certFile }} + {{- end }} + {{- if .Values.kubeEtcd.serviceMonitor.keyFile }} + keyFile: {{ .Values.kubeEtcd.serviceMonitor.keyFile }} + {{- end}} + insecureSkipVerify: {{ .Values.kubeEtcd.serviceMonitor.insecureSkipVerify }} + {{- end }} +{{- if .Values.kubeEtcd.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubeEtcd.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubeEtcd.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.kubeEtcd.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-proxy/endpoints.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-proxy/endpoints.yaml new file mode 100755 index 000000000..2cb756d15 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-proxy/endpoints.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.endpoints }} +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-proxy + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy + k8s-app: kube-proxy +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +subsets: + - addresses: + {{- range .Values.kubeProxy.endpoints }} + - ip: {{ . }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.kubeProxy.service.port }} + protocol: TCP +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-proxy/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-proxy/service.yaml new file mode 100755 index 000000000..6a93319ef --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-proxy/service.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-proxy + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy + jobLabel: kube-proxy +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +spec: + clusterIP: None + ports: + - name: http-metrics + port: {{ .Values.kubeProxy.service.port }} + protocol: TCP + targetPort: {{ .Values.kubeProxy.service.targetPort }} +{{- if .Values.kubeProxy.endpoints }}{{- else }} + selector: + {{- if .Values.kubeProxy.service.selector }} +{{ toYaml .Values.kubeProxy.service.selector | indent 4 }} + {{- else}} + k8s-app: kube-proxy + {{- end}} +{{- end }} + type: ClusterIP +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-proxy/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-proxy/servicemonitor.yaml new file mode 100755 index 000000000..ed1632682 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-proxy/servicemonitor.yaml @@ -0,0 +1,38 @@ +{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-proxy + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + jobLabel: jobLabel + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy + release: {{ $.Release.Name | quote }} + namespaceSelector: + matchNames: + - "kube-system" + endpoints: + - port: http-metrics + {{- if .Values.kubeProxy.serviceMonitor.interval }} + interval: {{ .Values.kubeProxy.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.kubeProxy.serviceMonitor.https }} + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + {{- end}} +{{- if .Values.kubeProxy.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ toYaml .Values.kubeProxy.serviceMonitor.metricRelabelings | indent 4 }} +{{- end }} +{{- if .Values.kubeProxy.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.kubeProxy.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-scheduler/endpoints.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-scheduler/endpoints.yaml new file mode 100755 index 000000000..f4ad60fd6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-scheduler/endpoints.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.endpoints }} +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-scheduler + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler + k8s-app: kube-scheduler +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +subsets: + - addresses: + {{- range .Values.kubeScheduler.endpoints }} + - ip: {{ . }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.kubeScheduler.service.port }} + protocol: TCP +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-scheduler/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-scheduler/service.yaml new file mode 100755 index 000000000..7a9c53da0 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-scheduler/service.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-scheduler + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler + jobLabel: kube-scheduler +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +spec: + clusterIP: None + ports: + - name: http-metrics + port: {{ .Values.kubeScheduler.service.port}} + protocol: TCP + targetPort: {{ .Values.kubeScheduler.service.targetPort}} +{{- if .Values.kubeScheduler.endpoints }}{{- else }} + selector: + {{- if .Values.kubeScheduler.service.selector }} +{{ toYaml .Values.kubeScheduler.service.selector | indent 4 }} + {{- else}} + component: kube-scheduler + {{- end}} +{{- end }} + type: ClusterIP +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-scheduler/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-scheduler/servicemonitor.yaml new file mode 100755 index 000000000..7caef4f58 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-scheduler/servicemonitor.yaml @@ -0,0 +1,44 @@ +{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-scheduler + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + jobLabel: jobLabel + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler + release: {{ $.Release.Name | quote }} + namespaceSelector: + matchNames: + - "kube-system" + endpoints: + - port: http-metrics + {{- if .Values.kubeScheduler.serviceMonitor.interval }} + interval: {{ .Values.kubeScheduler.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.kubeScheduler.serviceMonitor.https }} + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + {{- if .Values.kubeScheduler.serviceMonitor.insecureSkipVerify }} + insecureSkipVerify: {{ .Values.kubeScheduler.serviceMonitor.insecureSkipVerify }} + {{- end}} + {{- if .Values.kubeScheduler.serviceMonitor.serverName }} + serverName: {{ .Values.kubeScheduler.serviceMonitor.serverName }} + {{- end}} + {{- end}} +{{- if .Values.kubeScheduler.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubeScheduler.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubeScheduler.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.kubeScheduler.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-state-metrics/serviceMonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-state-metrics/serviceMonitor.yaml new file mode 100755 index 000000000..5b723b214 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-state-metrics/serviceMonitor.yaml @@ -0,0 +1,34 @@ +{{- if .Values.kubeStateMetrics.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-state-metrics + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-state-metrics +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + jobLabel: app.kubernetes.io/name + endpoints: + - port: http + {{- if .Values.kubeStateMetrics.serviceMonitor.interval }} + interval: {{ .Values.kubeStateMetrics.serviceMonitor.interval }} + {{- end }} + honorLabels: true +{{- if .Values.kubeStateMetrics.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubeStateMetrics.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubeStateMetrics.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.kubeStateMetrics.serviceMonitor.relabelings | indent 4 }} +{{- end }} + selector: + matchLabels: +{{- if .Values.kubeStateMetrics.serviceMonitor.selectorOverride }} +{{ toYaml .Values.kubeStateMetrics.serviceMonitor.selectorOverride | indent 6 }} +{{ else }} + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: "{{ $.Release.Name }}" +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kubelet/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kubelet/servicemonitor.yaml new file mode 100755 index 000000000..15811312c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kubelet/servicemonitor.yaml @@ -0,0 +1,151 @@ +{{- if .Values.kubelet.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kubelet + namespace: {{ .Values.kubelet.namespace }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kubelet +{{- include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + endpoints: + {{- if .Values.kubelet.serviceMonitor.https }} + - port: https-metrics + scheme: https + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecureSkipVerify: true + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + honorLabels: true +{{- if .Values.kubelet.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubelet.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.kubelet.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.cAdvisor }} + - port: https-metrics + scheme: https + path: /metrics/cadvisor + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }} + {{- end }} + honorLabels: true + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecureSkipVerify: true + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token +{{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }} + relabelings: +{{ toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | indent 4 }} +{{- end }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.probes }} + - port: https-metrics + scheme: https + path: /metrics/probes + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + honorLabels: true + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecureSkipVerify: true + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token +{{- if .Values.kubelet.serviceMonitor.probesMetricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubelet.serviceMonitor.probesMetricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.probesRelabelings }} + relabelings: +{{ toYaml .Values.kubelet.serviceMonitor.probesRelabelings | indent 4 }} +{{- end }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.resource }} + - port: https-metrics + scheme: https + path: {{ include "kubelet.serviceMonitor.resourcePath" . }} + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + honorLabels: true + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecureSkipVerify: true + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token +{{- if .Values.kubelet.serviceMonitor.resourceMetricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubelet.serviceMonitor.resourceMetricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.resourceRelabelings }} + relabelings: +{{ toYaml .Values.kubelet.serviceMonitor.resourceRelabelings | indent 4 }} +{{- end }} +{{- end }} + {{- else }} + - port: http-metrics + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + honorLabels: true +{{- if .Values.kubelet.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubelet.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.kubelet.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.cAdvisor }} + - port: http-metrics + path: /metrics/cadvisor + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + honorLabels: true +{{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }} + relabelings: +{{ toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | indent 4 }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.resource }} + - port: http-metrics + path: {{ include "kubelet.serviceMonitor.resourcePath" . }} + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + honorLabels: true +{{- if .Values.kubelet.serviceMonitor.resourceMetricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubelet.serviceMonitor.resourceMetricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.resourceRelabelings }} + relabelings: +{{ toYaml .Values.kubelet.serviceMonitor.resourceRelabelings | indent 4 }} +{{- end }} +{{- end }} +{{- end }} + {{- end }} + jobLabel: k8s-app + namespaceSelector: + matchNames: + - {{ .Values.kubelet.namespace }} + selector: + matchLabels: + k8s-app: kubelet +{{- end}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/node-exporter/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/node-exporter/servicemonitor.yaml new file mode 100755 index 000000000..5ca5f1b75 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/node-exporter/servicemonitor.yaml @@ -0,0 +1,32 @@ +{{- if .Values.nodeExporter.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-node-exporter + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-node-exporter +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + jobLabel: {{ .Values.nodeExporter.jobLabel }} + selector: + matchLabels: + app: prometheus-node-exporter + release: {{ $.Release.Name }} + endpoints: + - port: metrics + {{- if .Values.nodeExporter.serviceMonitor.interval }} + interval: {{ .Values.nodeExporter.serviceMonitor.interval }} + {{- end }} + {{- if .Values.nodeExporter.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.nodeExporter.serviceMonitor.scrapeTimeout }} + {{- end }} +{{- if .Values.nodeExporter.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.nodeExporter.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.nodeExporter.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.nodeExporter.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/configmap-dashboards.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/configmap-dashboards.yaml new file mode 100755 index 000000000..f11af8285 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/configmap-dashboards.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +{{- $files := .Files.Glob "dashboards/*.json" }} +{{- if $files }} +apiVersion: v1 +kind: ConfigMapList +items: +{{- range $path, $fileContents := $files }} +{{- $dashboardName := regexReplaceAll "(^.*/)(.*)\\.json$" $path "${2}" }} +- apiVersion: v1 + kind: ConfigMap + metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) $dashboardName | trunc 63 | trimSuffix "-" }} + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 6 }} + data: + {{ $dashboardName }}.json: {{ $.Files.Get $path | toJson }} +{{- end }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/configmaps-datasources.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/configmaps-datasources.yaml new file mode 100755 index 000000000..c6700d84e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/configmaps-datasources.yaml @@ -0,0 +1,43 @@ +{{- if and .Values.grafana.enabled .Values.grafana.sidecar.datasources.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-grafana-datasource + namespace: {{ default .Values.grafana.sidecar.datasources.searchNamespace (include "kube-prometheus-stack.namespace" .) }} +{{- if .Values.grafana.sidecar.datasources.annotations }} + annotations: +{{ toYaml .Values.grafana.sidecar.datasources.annotations | indent 4 }} +{{- end }} + labels: + {{ $.Values.grafana.sidecar.datasources.label }}: "1" + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + datasource.yaml: |- + apiVersion: 1 + datasources: +{{- $scrapeInterval := .Values.grafana.sidecar.datasources.defaultDatasourceScrapeInterval | default .Values.prometheus.prometheusSpec.scrapeInterval | default "30s" }} +{{- if .Values.grafana.sidecar.datasources.defaultDatasourceEnabled }} + - name: Prometheus + type: prometheus + url: http://{{ template "kube-prometheus-stack.fullname" . }}-prometheus:{{ .Values.prometheus.service.port }}/{{ trimPrefix "/" .Values.prometheus.prometheusSpec.routePrefix }} + access: proxy + isDefault: true + jsonData: + timeInterval: {{ $scrapeInterval }} +{{- if .Values.grafana.sidecar.datasources.createPrometheusReplicasDatasources }} +{{- range until (int .Values.prometheus.prometheusSpec.replicas) }} + - name: Prometheus-{{ . }} + type: prometheus + url: http://prometheus-{{ template "kube-prometheus-stack.fullname" $ }}-prometheus-{{ . }}.prometheus-operated:9090/{{ trimPrefix "/" $.Values.prometheus.prometheusSpec.routePrefix }} + access: proxy + isDefault: false + jsonData: + timeInterval: {{ $scrapeInterval }} +{{- end }} +{{- end }} +{{- end }} +{{- if .Values.grafana.additionalDataSources }} +{{ tpl (toYaml .Values.grafana.additionalDataSources | indent 4) . }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/apiserver.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/apiserver.yaml new file mode 100755 index 000000000..efed40873 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/apiserver.yaml @@ -0,0 +1,1747 @@ +{{- /* +Generated from 'apiserver' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled .Values.kubeApiServer.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "apiserver" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + apiserver.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "panels": [ + { + "content": "The SLO (service level objective) and other metrics displayed on this dashboard are for informational purposes only.", + "datasource": null, + "description": "The SLO (service level objective) and other metrics displayed on this dashboard are for informational purposes only.", + "gridPos": { + "h": 2, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 2, + "mode": "markdown", + "span": 12, + "title": "Notice", + "type": "text" + } + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "decimals": 3, + "description": "How many percent of requests (both read and write) in 30 days have been answered successfully and fast enough?", + "format": "percentunit", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 3, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 4, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "apiserver_request:availability30d{verb=\"all\", cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Availability (30d) > 99.000%", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "decimals": 3, + "description": "How much error budget is left looking at our 0.990% availability guarantees?", + "fill": 10, + "fillGradient": 0, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 8, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "100 * (apiserver_request:availability30d{verb=\"all\", cluster=\"$cluster\"} - 0.990000)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "errorbudget", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "ErrorBudget (30d) > 99.000%", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "decimals": 3, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "decimals": 3, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "decimals": 3, + "description": "How many percent of read requests (LIST,GET) in 30 days have been answered successfully and fast enough?", + "format": "percentunit", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 5, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "apiserver_request:availability30d{verb=\"read\", cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Read Availability (30d)", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "How many read requests (LIST,GET) per second do the apiservers get by code?", + "fill": 10, + "fillGradient": 0, + "gridPos": { + + }, + "id": 6, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + { + "alias": "/2../i", + "color": "#56A64B" + }, + { + "alias": "/3../i", + "color": "#F2CC0C" + }, + { + "alias": "/4../i", + "color": "#3274D9" + }, + { + "alias": "/5../i", + "color": "#E02F44" + } + ], + "spaceLength": 10, + "span": 3, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (code) (code_resource:apiserver_request_total:rate5m{verb=\"read\", cluster=\"$cluster\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}} code {{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Read SLI - Requests", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "reqps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "reqps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "How many percent of read requests (LIST,GET) per second are returned with errors (5xx)?", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 7, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"read\",code=~\"5..\", cluster=\"$cluster\"}) / sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"read\", cluster=\"$cluster\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}} resource {{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Read SLI - Errors", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "How many seconds is the 99th percentile for reading (LIST|GET) a given resource?", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 8, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "cluster_quantile:apiserver_request_duration_seconds:histogram_quantile{verb=\"read\", cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}} resource {{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Read SLI - Duration", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "decimals": 3, + "description": "How many percent of write requests (POST|PUT|PATCH|DELETE) in 30 days have been answered successfully and fast enough?", + "format": "percentunit", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 9, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "apiserver_request:availability30d{verb=\"write\", cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Write Availability (30d)", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "How many write requests (POST|PUT|PATCH|DELETE) per second do the apiservers get by code?", + "fill": 10, + "fillGradient": 0, + "gridPos": { + + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + { + "alias": "/2../i", + "color": "#56A64B" + }, + { + "alias": "/3../i", + "color": "#F2CC0C" + }, + { + "alias": "/4../i", + "color": "#3274D9" + }, + { + "alias": "/5../i", + "color": "#E02F44" + } + ], + "spaceLength": 10, + "span": 3, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (code) (code_resource:apiserver_request_total:rate5m{verb=\"write\", cluster=\"$cluster\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}} code {{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Write SLI - Requests", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "reqps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "reqps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "How many percent of write requests (POST|PUT|PATCH|DELETE) per second are returned with errors (5xx)?", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 11, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"write\",code=~\"5..\", cluster=\"$cluster\"}) / sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"write\", cluster=\"$cluster\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}} resource {{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Write SLI - Errors", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "How many seconds is the 99th percentile for writing (POST|PUT|PATCH|DELETE) a given resource?", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 12, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "cluster_quantile:apiserver_request_duration_seconds:histogram_quantile{verb=\"write\", cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}} resource {{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Write SLI - Duration", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 13, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(workqueue_adds_total{job=\"apiserver\", instance=~\"$instance\", cluster=\"$cluster\"}[5m])) by (instance, name)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Work Queue Add Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 14, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(workqueue_depth{job=\"apiserver\", instance=~\"$instance\", cluster=\"$cluster\"}[5m])) by (instance, name)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Work Queue Depth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 15, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{job=\"apiserver\", instance=~\"$instance\", cluster=\"$cluster\"}[5m])) by (instance, name, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Work Queue Latency", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 16, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "process_resident_memory_bytes{job=\"apiserver\",instance=~\"$instance\", cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 17, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(process_cpu_seconds_total{job=\"apiserver\",instance=~\"$instance\", cluster=\"$cluster\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 18, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_goroutines{job=\"apiserver\",instance=~\"$instance\", cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Goroutines", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(apiserver_request_total, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "instance", + "options": [ + + ], + "query": "label_values(apiserver_request_total{job=\"apiserver\", cluster=\"$cluster\"}, instance)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / API server", + "uid": "09ec8aa1e996d6ffcd6817bbaff4db1b", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/cluster-total.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/cluster-total.yaml new file mode 100755 index 000000000..fde561c82 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/cluster-total.yaml @@ -0,0 +1,1882 @@ +{{- /* +Generated from 'cluster-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "cluster-total" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + cluster-total.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "panels": [ + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 2, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Current Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 1 + }, + "id": 3, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Received", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 1 + }, + "id": 4, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Transmitted", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "columns": [ + { + "text": "Time", + "value": "Time" + }, + { + "text": "Value #A", + "value": "Value #A" + }, + { + "text": "Value #B", + "value": "Value #B" + }, + { + "text": "Value #C", + "value": "Value #C" + }, + { + "text": "Value #D", + "value": "Value #D" + }, + { + "text": "Value #E", + "value": "Value #E" + }, + { + "text": "Value #F", + "value": "Value #F" + }, + { + "text": "Value #G", + "value": "Value #G" + }, + { + "text": "Value #H", + "value": "Value #H" + }, + { + "text": "namespace", + "value": "namespace" + } + ], + "datasource": "$datasource", + "fill": 1, + "fontSize": "90%", + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 10 + }, + "id": 5, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null as zero", + "renderer": "flot", + "scroll": true, + "showHeader": true, + "sort": { + "col": 0, + "desc": false + }, + "spaceLength": 10, + "span": 24, + "styles": [ + { + "alias": "Time", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Time", + "thresholds": [ + + ], + "type": "hidden", + "unit": "short" + }, + { + "alias": "Current Bandwidth Received", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Current Bandwidth Transmitted", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Average Bandwidth Received", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Average Bandwidth Transmitted", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Rate of Received Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Received Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #H", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Namespace", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down", + "linkUrl": "d/8b7a8b326d7a6f1f04244066368c67af/kubernetes-networking-namespace-pods?orgId=1&refresh=30s&var-namespace=$__cell", + "pattern": "namespace", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "H", + "step": 10 + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Status", + "type": "table" + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 10 + }, + "id": 6, + "panels": [ + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 11 + }, + "id": 7, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Rate of Bytes Received", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 11 + }, + "id": 8, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Rate of Bytes Transmitted", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Average Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 11 + }, + "id": 9, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Bandwidth History", + "titleSize": "h6", + "type": "row" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 12 + }, + "id": 10, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 21 + }, + "id": 11, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 30 + }, + "id": 12, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 31 + }, + "id": 13, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 40 + }, + "id": 14, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Packets", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 31 + }, + "id": 15, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 50 + }, + "id": 16, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 59 + }, + "id": 17, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 59 + }, + "id": 18, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + { + "targetBlank": true, + "title": "What is TCP Retransmit?", + "url": "https://accedian.com/enterprises/blog/network-packet-loss-retransmissions-and-duplicate-acknowledgements/" + } + ], + "minSpan": 24, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(rate(node_netstat_Tcp_RetransSegs{cluster=\"$cluster\"}[$interval:$resolution]) / rate(node_netstat_Tcp_OutSegs{cluster=\"$cluster\"}[$interval:$resolution])) by (instance))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of TCP Retransmits out of all sent segments", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 59 + }, + "id": 19, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + { + "targetBlank": true, + "title": "Why monitor SYN retransmits?", + "url": "https://github.com/prometheus/node_exporter/issues/1023#issuecomment-408128365" + } + ], + "minSpan": 24, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(rate(node_netstat_TcpExt_TCPSynRetrans{cluster=\"$cluster\"}[$interval:$resolution]) / rate(node_netstat_Tcp_RetransSegs{cluster=\"$cluster\"}[$interval:$resolution])) by (instance))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of TCP SYN Retransmits out of all retransmits", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Errors", + "titleSize": "h6", + "type": "row" + } + ], + "refresh": "10s", + "rows": [ + + ], + "schemaVersion": 18, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "resolution", + "options": [ + { + "selected": false, + "text": "30s", + "value": "30s" + }, + { + "selected": true, + "text": "5m", + "value": "5m" + }, + { + "selected": false, + "text": "1h", + "value": "1h" + } + ], + "query": "30s,5m,1h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": null, + "multi": false, + "name": "interval", + "options": [ + { + "selected": true, + "text": "4h", + "value": "4h" + } + ], + "query": "4h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + }, + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 1, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Networking / Cluster", + "uid": "ff635a025bcfea7bc3dd4f508990a3e9", + "version": 0 + } +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/controller-manager.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/controller-manager.yaml new file mode 100755 index 000000000..675cbe618 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/controller-manager.yaml @@ -0,0 +1,1153 @@ +{{- /* +Generated from 'controller-manager' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +{{- if (include "exporter.kubeControllerManager.enabled" .)}} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "controller-manager" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + controller-manager.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 2, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 2, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(up{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Up", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "min" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 3, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(workqueue_adds_total{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\"}[5m])) by (instance, name)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Work Queue Add Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(workqueue_depth{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\"}[5m])) by (instance, name)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Work Queue Depth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 5, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\"}[5m])) by (instance, name, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Work Queue Latency", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 6, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\",code=~\"2..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "2xx", + "refId": "A" + }, + { + "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\",code=~\"3..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "3xx", + "refId": "B" + }, + { + "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\",code=~\"4..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "4xx", + "refId": "C" + }, + { + "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\",code=~\"5..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "5xx", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Kube API Request Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 7, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 8, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\", verb=\"POST\"}[5m])) by (verb, url, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Post Request Latency 99th Quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 8, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\", verb=\"GET\"}[5m])) by (verb, url, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Get Request Latency 99th Quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 9, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "process_resident_memory_bytes{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(process_cpu_seconds_total{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\",instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 11, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_goroutines{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Goroutines", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "instance", + "options": [ + + ], + "query": "label_values(process_cpu_seconds_total{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\"}, instance)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Controller Manager", + "uid": "72e0e05bef5099e5f049b05fdc429ed4", + "version": 0 + } +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/etcd.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/etcd.yaml new file mode 100755 index 000000000..78f230581 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/etcd.yaml @@ -0,0 +1,1118 @@ +{{- /* +Generated from 'etcd' from https://raw.githubusercontent.com/etcd-io/website/master/content/docs/current/op-guide/grafana.json +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +{{- if (include "exporter.kubeEtcd.enabled" .)}} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "etcd" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + etcd.json: |- + { + "annotations": { + "list": [] + }, + "description": "etcd sample Grafana dashboard with Prometheus", + "editable": true, + "gnetId": null, + "hideControls": false, + "links": [], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "editable": true, + "height": "250px", + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "$datasource", + "editable": true, + "error": false, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "id": 28, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "targets": [ + { + "expr": "sum(etcd_server_has_leader{job=\"$cluster\"})", + "intervalFactor": 2, + "legendFormat": "", + "metric": "etcd_server_has_leader", + "refId": "A", + "step": 20 + } + ], + "thresholds": "", + "title": "Up", + "type": "singlestat", + "valueFontSize": "200%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "id": 23, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 5, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(grpc_server_started_total{job=\"$cluster\",grpc_type=\"unary\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "RPC Rate", + "metric": "grpc_server_started_total", + "refId": "A", + "step": 2 + }, + { + "expr": "sum(rate(grpc_server_handled_total{job=\"$cluster\",grpc_type=\"unary\",grpc_code!=\"OK\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "RPC Failed Rate", + "metric": "grpc_server_handled_total", + "refId": "B", + "step": 2 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "RPC Rate", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "id": 41, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(grpc_server_started_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"})", + "intervalFactor": 2, + "legendFormat": "Watch Streams", + "metric": "grpc_server_handled_total", + "refId": "A", + "step": 4 + }, + { + "expr": "sum(grpc_server_started_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"})", + "intervalFactor": 2, + "legendFormat": "Lease Streams", + "metric": "grpc_server_handled_total", + "refId": "B", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Active Streams", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "showTitle": false, + "title": "Row" + }, + { + "collapse": false, + "editable": true, + "height": "250px", + "panels": [ + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "decimals": null, + "editable": true, + "error": false, + "fill": 0, + "grid": {}, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "etcd_mvcc_db_total_size_in_bytes{job=\"$cluster\"}", + "hide": false, + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} DB Size", + "metric": "", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "DB Size", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "grid": {}, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 1, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 4, + "stack": false, + "steppedLine": true, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_wal_fsync_duration_seconds_bucket{job=\"$cluster\"}[5m])) by (instance, le))", + "hide": false, + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} WAL fsync", + "metric": "etcd_disk_wal_fsync_duration_seconds_bucket", + "refId": "A", + "step": 4 + }, + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_backend_commit_duration_seconds_bucket{job=\"$cluster\"}[5m])) by (instance, le))", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} DB fsync", + "metric": "etcd_disk_backend_commit_duration_seconds_bucket", + "refId": "B", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Disk Sync Duration", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "id": 29, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "process_resident_memory_bytes{job=\"$cluster\"}", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Resident Memory", + "metric": "process_resident_memory_bytes", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Memory", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "title": "New row" + }, + { + "collapse": false, + "editable": true, + "height": "250px", + "panels": [ + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 5, + "id": 22, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 3, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "rate(etcd_network_client_grpc_received_bytes_total{job=\"$cluster\"}[5m])", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Client Traffic In", + "metric": "etcd_network_client_grpc_received_bytes_total", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Client Traffic In", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 5, + "id": 21, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 3, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "rate(etcd_network_client_grpc_sent_bytes_total{job=\"$cluster\"}[5m])", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Client Traffic Out", + "metric": "etcd_network_client_grpc_sent_bytes_total", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Client Traffic Out", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "id": 20, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_network_peer_received_bytes_total{job=\"$cluster\"}[5m])) by (instance)", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Peer Traffic In", + "metric": "etcd_network_peer_received_bytes_total", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Peer Traffic In", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "decimals": null, + "editable": true, + "error": false, + "fill": 0, + "grid": {}, + "id": 16, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_network_peer_sent_bytes_total{job=\"$cluster\"}[5m])) by (instance)", + "hide": false, + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Peer Traffic Out", + "metric": "etcd_network_peer_sent_bytes_total", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Peer Traffic Out", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "Bps", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "title": "New row" + }, + { + "collapse": false, + "editable": true, + "height": "250px", + "panels": [ + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "id": 40, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_server_proposals_failed_total{job=\"$cluster\"}[5m]))", + "intervalFactor": 2, + "legendFormat": "Proposal Failure Rate", + "metric": "etcd_server_proposals_failed_total", + "refId": "A", + "step": 2 + }, + { + "expr": "sum(etcd_server_proposals_pending{job=\"$cluster\"})", + "intervalFactor": 2, + "legendFormat": "Proposal Pending Total", + "metric": "etcd_server_proposals_pending", + "refId": "B", + "step": 2 + }, + { + "expr": "sum(rate(etcd_server_proposals_committed_total{job=\"$cluster\"}[5m]))", + "intervalFactor": 2, + "legendFormat": "Proposal Commit Rate", + "metric": "etcd_server_proposals_committed_total", + "refId": "C", + "step": 2 + }, + { + "expr": "sum(rate(etcd_server_proposals_applied_total{job=\"$cluster\"}[5m]))", + "intervalFactor": 2, + "legendFormat": "Proposal Apply Rate", + "refId": "D", + "step": 2 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Raft Proposals", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "decimals": 0, + "editable": true, + "error": false, + "fill": 0, + "id": 19, + "isNew": true, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "changes(etcd_server_leader_changes_seen_total{job=\"$cluster\"}[1d])", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Total Leader Elections Per Day", + "metric": "etcd_server_leader_changes_seen_total", + "refId": "A", + "step": 2 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Total Leader Elections Per Day", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "title": "New row" + } + ], + "schemaVersion": 13, + "sharedCrosshair": false, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [], + "query": "label_values(etcd_server_has_leader, job)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-15m", + "to": "now" + }, + "timepicker": { + "now": true, + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "etcd", + "uid": "c2f4e12cdf69feb95caa41a5a1b423d9", + "version": 215 + } +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-coredns.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-coredns.yaml new file mode 100755 index 000000000..8e4eaec61 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-coredns.yaml @@ -0,0 +1,1529 @@ +{{- /* Added manually, can be changed in-place. */ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled .Values.coreDns.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-coredns" | trunc 63 | trimSuffix "-" }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-coredns.json: |- + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "A dashboard for the CoreDNS DNS server with updated metrics for version 1.7.0+. Based on the CoreDNS dashboard by buhay.", + "editable": true, + "gnetId": 12539, + "graphTooltip": 0, + "iteration": 1603798405693, + "links": [ + { + "icon": "external link", + "tags": [], + "targetBlank": true, + "title": "CoreDNS.io", + "type": "link", + "url": "https://coredns.io" + } + ], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "total", + "yaxis": 2 + } + ], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(coredns_dns_request_count_total{instance=~\"$instance\"}[5m])) by (proto) or\nsum(rate(coredns_dns_requests_total{instance=~\"$instance\"}[5m])) by (proto)", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}", + "refId": "A", + "step": 60 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Requests (total)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "total", + "yaxis": 2 + }, + { + "alias": "other", + "yaxis": 2 + } + ], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(coredns_dns_request_type_count_total{instance=~\"$instance\"}[5m])) by (type) or \nsum(rate(coredns_dns_requests_total{instance=~\"$instance\"}[5m])) by (type)", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{type}}"}}", + "refId": "A", + "step": 60 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Requests (by qtype)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "total", + "yaxis": 2 + } + ], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(coredns_dns_request_count_total{instance=~\"$instance\"}[5m])) by (zone) or\nsum(rate(coredns_dns_requests_total{instance=~\"$instance\"}[5m])) by (zone)", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{zone}}"}}", + "refId": "A", + "step": 60 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Requests (by zone)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "total", + "yaxis": 2 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(coredns_dns_request_do_count_total{instance=~\"$instance\"}[5m])) or\nsum(rate(coredns_dns_do_requests_total{instance=~\"$instance\"}[5m]))", + "interval": "", + "intervalFactor": 2, + "legendFormat": "DO", + "refId": "A", + "step": 40 + }, + { + "expr": "sum(rate(coredns_dns_request_count_total{instance=~\"$instance\"}[5m])) or\nsum(rate(coredns_dns_requests_total{instance=~\"$instance\"}[5m]))", + "interval": "", + "intervalFactor": 2, + "legendFormat": "total", + "refId": "B", + "step": 40 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Requests (DO bit)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 6, + "x": 12, + "y": 7 + }, + "hiddenSeries": false, + "id": 10, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "tcp:90", + "yaxis": 2 + }, + { + "alias": "tcp:99 ", + "yaxis": 2 + }, + { + "alias": "tcp:50", + "yaxis": 2 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_request_size_bytes_bucket{instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:99 ", + "refId": "A", + "step": 60 + }, + { + "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_request_size_bytes_bucket{instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:90", + "refId": "B", + "step": 60 + }, + { + "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_request_size_bytes_bucket{instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:50", + "refId": "C", + "step": 60 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Requests (size, udp)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 6, + "x": 18, + "y": 7 + }, + "hiddenSeries": false, + "id": 12, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "tcp:90", + "yaxis": 1 + }, + { + "alias": "tcp:99 ", + "yaxis": 1 + }, + { + "alias": "tcp:50", + "yaxis": 1 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_request_size_bytes_bucket{instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:99 ", + "refId": "A", + "step": 60 + }, + { + "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_request_size_bytes_bucket{instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:90", + "refId": "B", + "step": 60 + }, + { + "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_request_size_bytes_bucket{instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:50", + "refId": "C", + "step": 60 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Requests (size,tcp)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 14 + }, + "hiddenSeries": false, + "id": 14, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(coredns_dns_response_rcode_count_total{instance=~\"$instance\"}[5m])) by (rcode) or\nsum(rate(coredns_dns_responses_total{instance=~\"$instance\"}[5m])) by (rcode)", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{rcode}}"}}", + "refId": "A", + "step": 40 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Responses (by rcode)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 14 + }, + "hiddenSeries": false, + "id": 32, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_request_duration_seconds_bucket{instance=~\"$instance\"}[5m])) by (le, job))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "99%", + "refId": "A", + "step": 40 + }, + { + "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_request_duration_seconds_bucket{instance=~\"$instance\"}[5m])) by (le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "90%", + "refId": "B", + "step": 40 + }, + { + "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_request_duration_seconds_bucket{instance=~\"$instance\"}[5m])) by (le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "50%", + "refId": "C", + "step": 40 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Responses (duration)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 21 + }, + "hiddenSeries": false, + "id": 18, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "udp:50%", + "yaxis": 1 + }, + { + "alias": "tcp:50%", + "yaxis": 2 + }, + { + "alias": "tcp:90%", + "yaxis": 2 + }, + { + "alias": "tcp:99%", + "yaxis": 2 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_response_size_bytes_bucket{instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)) ", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:99%", + "refId": "A", + "step": 40 + }, + { + "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_response_size_bytes_bucket{instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)) ", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:90%", + "refId": "B", + "step": 40 + }, + { + "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_response_size_bytes_bucket{instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)) ", + "hide": false, + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:50%", + "metric": "", + "refId": "C", + "step": 40 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Responses (size, udp)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 21 + }, + "hiddenSeries": false, + "id": 20, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "udp:50%", + "yaxis": 1 + }, + { + "alias": "tcp:50%", + "yaxis": 1 + }, + { + "alias": "tcp:90%", + "yaxis": 1 + }, + { + "alias": "tcp:99%", + "yaxis": 1 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_response_size_bytes_bucket{instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto)) ", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:99%", + "refId": "A", + "step": 40 + }, + { + "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_response_size_bytes_bucket{instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto)) ", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:90%", + "refId": "B", + "step": 40 + }, + { + "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_response_size_bytes_bucket{instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le, proto)) ", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:50%", + "metric": "", + "refId": "C", + "step": 40 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Responses (size, tcp)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 28 + }, + "hiddenSeries": false, + "id": 22, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(coredns_cache_size{instance=~\"$instance\"}) by (type) or\nsum(coredns_cache_entries{instance=~\"$instance\"}) by (type)", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{type}}"}}", + "refId": "A", + "step": 40 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Cache (size)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "decbytes", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 28 + }, + "hiddenSeries": false, + "id": 24, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "misses", + "yaxis": 2 + } + ], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(coredns_cache_hits_total{instance=~\"$instance\"}[5m])) by (type)", + "hide": false, + "intervalFactor": 2, + "legendFormat": "hits:{{"{{type}}"}}", + "refId": "A", + "step": 40 + }, + { + "expr": "sum(rate(coredns_cache_misses_total{instance=~\"$instance\"}[5m])) by (type)", + "hide": false, + "intervalFactor": 2, + "legendFormat": "misses", + "refId": "B", + "step": 40 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Cache (hitrate)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": "10s", + "schemaVersion": 26, + "style": "dark", + "tags": [ + "dns", + "coredns" + ], + "templating": { + "list": [ + { + "current": { + "selected": true, + "text": "default", + "value": "default" + }, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "queryValue": "", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "allValue": ".*", + "current": { + "selected": true, + "text": "All", + "value": "$__all" + }, + "datasource": "$datasource", + "definition": "label_values(up{job=\"coredns\"}, instance)", + "hide": 0, + "includeAll": true, + "label": "Instance", + "multi": false, + "name": "instance", + "options": [], + "query": "label_values(up{job=\"coredns\"}, instance)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 3, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-3h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "utc", + "title": "CoreDNS", + "uid": "vkQ0UHxik", + "version": 2 + } +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml new file mode 100755 index 000000000..9639fc15c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml @@ -0,0 +1,2582 @@ +{{- /* +Generated from 'k8s-resources-cluster' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-cluster" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-resources-cluster.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "100px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 1, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - avg(rate(node_cpu_seconds_total{mode=\"idle\", cluster=\"$cluster\"}[$__rate_interval]))", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "CPU Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable_cpu_cores{cluster=\"$cluster\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "CPU Requests Commitment", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable_cpu_cores{cluster=\"$cluster\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "CPU Limits Commitment", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - sum(:node_memory_MemAvailable_bytes:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable_memory_bytes{cluster=\"$cluster\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "Memory Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable_memory_bytes{cluster=\"$cluster\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "Memory Requests Commitment", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable_memory_bytes{cluster=\"$cluster\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "Memory Limits Commitment", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Headlines", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Pods", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Workloads", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to workloads", + "linkUrl": "./d/a87fb0d919ec0ea5f6543124e16c42a5/k8s-resources-workloads-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Namespace", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell", + "pattern": "namespace", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(kube_pod_owner{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "count(avg(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\"}) by (workload, namespace)) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_memory_rss{cluster=\"$cluster\", container!=\"\"}) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage (w/o cache)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 10, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Pods", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Workloads", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to workloads", + "linkUrl": "./d/a87fb0d919ec0ea5f6543124e16c42a5/k8s-resources-workloads-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Namespace", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell", + "pattern": "namespace", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(kube_pod_owner{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "count(avg(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\"}) by (workload, namespace)) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(container_memory_rss{cluster=\"$cluster\", container!=\"\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(container_memory_rss{cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sum(container_memory_rss{cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Requests by Namespace", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Requests", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 11, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Current Receive Bandwidth", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Current Transmit Bandwidth", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Rate of Received Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Received Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Namespace", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell", + "pattern": "namespace", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Network Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 12, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 13, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 14, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Container Bandwidth by Namespace: Received", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 15, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Container Bandwidth by Namespace: Transmitted", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 16, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 17, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 18, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 19, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(node_cpu_seconds_total, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Compute Resources / Cluster", + "uid": "efa86fd1d0c121a26444b636a3f509a8", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml new file mode 100755 index 000000000..40355c6b8 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml @@ -0,0 +1,2286 @@ +{{- /* +Generated from 'k8s-resources-namespace' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-namespace" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-resources-namespace.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "100px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "CPU Utilisation (from requests)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "CPU Utilisation (from limits)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_requests_memory_bytes{namespace=\"$namespace\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "Memory Utilization (from requests)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_limits_memory_bytes{namespace=\"$namespace\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "Memory Utilisation (from limits)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Headlines", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "quota - requests", + "color": "#F2495C", + "dashes": true, + "fill": 0, + "hideTooltip": true, + "legend": false, + "linewidth": 2, + "stack": false + }, + { + "alias": "quota - limits", + "color": "#FF9830", + "dashes": true, + "fill": 0, + "hideTooltip": true, + "legend": false, + "linewidth": 2, + "stack": false + } + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.cpu\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "quota - requests", + "legendLink": null, + "step": 10 + }, + { + "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.cpu\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "quota - limits", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "quota - requests", + "color": "#F2495C", + "dashes": true, + "fill": 0, + "hideTooltip": true, + "legend": false, + "linewidth": 2, + "stack": false + }, + { + "alias": "quota - limits", + "color": "#FF9830", + "dashes": true, + "fill": 0, + "hideTooltip": true, + "legend": false, + "linewidth": 2, + "stack": false + } + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.memory\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "quota - requests", + "legendLink": null, + "step": 10 + }, + { + "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.memory\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "quota - limits", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage (w/o cache)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Usage (RSS)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Usage (Cache)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Usage (Swap)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #H", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(kube_pod_container_resource_requests_memory_bytes{namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(kube_pod_container_resource_limits_memory_bytes{namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(container_memory_rss{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sum(container_memory_cache{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + }, + { + "expr": "sum(container_memory_swap{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "H", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 9, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Current Receive Bandwidth", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Current Transmit Bandwidth", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Rate of Received Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Received Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Network Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 10, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 11, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 12, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 13, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 14, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 15, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 1, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", + "refresh": 1, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Compute Resources / Namespace (Pods)", + "uid": "85a562078cdf77779eaa1add43ccec1e", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-node.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-node.yaml new file mode 100755 index 000000000..ce6628ae5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-node.yaml @@ -0,0 +1,978 @@ +{{- /* +Generated from 'k8s-resources-node' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-node" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-resources-node.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\", container!=\"\"}) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage (w/o cache)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Usage (RSS)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Usage (Cache)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Usage (Swap)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #H", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(kube_pod_container_resource_requests_memory_bytes{node=~\"$node\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(kube_pod_container_resource_limits_memory_bytes{node=~\"$node\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_memory_rss{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_memory_cache{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_memory_swap{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "H", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Quota", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 1, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": true, + "name": "node", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, node)", + "refresh": 1, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Compute Resources / Node (Pods)", + "uid": "200ac8fdbfbb74b39aff88118e4d1c2c", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml new file mode 100755 index 000000000..6badcf173 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml @@ -0,0 +1,1772 @@ +{{- /* +Generated from 'k8s-resources-pod' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-pod" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-resources-pod.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "requests", + "color": "#F2495C", + "fill": 0, + "hideTooltip": true, + "legend": true, + "linewidth": 2, + "stack": false + }, + { + "alias": "limits", + "color": "#FF9830", + "fill": 0, + "hideTooltip": true, + "legend": true, + "linewidth": 2, + "stack": false + } + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\", cluster=\"$cluster\"}) by (container)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}container{{`}}`}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"})\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "requests", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"})\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "limits", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 2, + "legend": { + "avg": false, + "current": true, + "max": true, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(increase(container_cpu_cfs_throttled_periods_total{namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\", container!=\"\", cluster=\"$cluster\"}[5m])) by (container) /sum(increase(container_cpu_cfs_periods_total{namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\", container!=\"\", cluster=\"$cluster\"}[5m])) by (container)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}container{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + { + "colorMode": "critical", + "fill": true, + "line": true, + "op": "gt", + "value": 0.25, + "yaxis": "left" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Throttling", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Throttling", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Container", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "container", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "requests", + "color": "#F2495C", + "dashes": true, + "fill": 0, + "hideTooltip": true, + "legend": false, + "linewidth": 2, + "stack": false + }, + { + "alias": "limits", + "color": "#FF9830", + "dashes": true, + "fill": 0, + "hideTooltip": true, + "legend": false, + "linewidth": 2, + "stack": false + } + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\", container!=\"\", image!=\"\"}) by (container)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}container{{`}}`}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"})\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "requests", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"})\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "limits", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Usage (RSS)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Usage (Cache)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Usage (Swap)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #H", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Container", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "container", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\", container!=\"\", image!=\"\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", image!=\"\"}) by (container) / sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container) / sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(container_memory_rss{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sum(container_memory_cache{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + }, + { + "expr": "sum(container_memory_swap{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "H", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 6, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 7, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_bytes_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 8, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 9, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 10, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 11, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 1, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", + "refresh": 1, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "pod", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\", namespace=\"$namespace\"}, pod)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Compute Resources / Pod", + "uid": "6581e46e4e5c7ba40a07646395ef7b23", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml new file mode 100755 index 000000000..931934f23 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml @@ -0,0 +1,2034 @@ +{{- /* +Generated from 'k8s-resources-workload' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-workload" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-resources-workload.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 5, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Current Receive Bandwidth", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Current Transmit Bandwidth", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Rate of Received Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Received Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Network Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Container Bandwidth by Pod: Received", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Container Bandwidth by Pod: Transmitted", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 10, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 11, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 12, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 13, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 1, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", + "refresh": 1, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "workload", + "options": [ + + ], + "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\"}, workload)", + "refresh": 1, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "type", + "options": [ + + ], + "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\"}, workload_type)", + "refresh": 1, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Compute Resources / Workload", + "uid": "a164a7f0339f99e89cea5cb47e9be617", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml new file mode 100755 index 000000000..dd3b25065 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml @@ -0,0 +1,2195 @@ +{{- /* +Generated from 'k8s-resources-workloads-namespace' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-workloads-namespace" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-resources-workloads-namespace.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "quota - requests", + "color": "#F2495C", + "dashes": true, + "fill": 0, + "hideTooltip": true, + "legend": false, + "linewidth": 2, + "stack": false + }, + { + "alias": "quota - limits", + "color": "#FF9830", + "dashes": true, + "fill": 0, + "hideTooltip": true, + "legend": false, + "linewidth": 2, + "stack": false + } + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}} - {{`{{`}}workload_type{{`}}`}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.cpu\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "quota - requests", + "legendLink": null, + "step": 10 + }, + { + "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.cpu\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "quota - limits", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Running Pods", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Workload", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "./d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-workload=$__cell&var-type=$__cell_2", + "pattern": "workload", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Workload Type", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "workload_type", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "count(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}) by (workload, workload_type)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "quota - requests", + "color": "#F2495C", + "dashes": true, + "fill": 0, + "hideTooltip": true, + "legend": false, + "linewidth": 2, + "stack": false + }, + { + "alias": "quota - limits", + "color": "#FF9830", + "dashes": true, + "fill": 0, + "hideTooltip": true, + "legend": false, + "linewidth": 2, + "stack": false + } + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}} - {{`{{`}}workload_type{{`}}`}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.memory\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "quota - requests", + "legendLink": null, + "step": 10 + }, + { + "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.memory\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "quota - limits", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Running Pods", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Workload", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "./d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-workload=$__cell&var-type=$__cell_2", + "pattern": "workload", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Workload Type", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "workload_type", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "count(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}) by (workload, workload_type)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 5, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Current Receive Bandwidth", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Current Transmit Bandwidth", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Rate of Received Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Received Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Workload", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-workload=$__cell&var-type=$type", + "pattern": "workload", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Workload Type", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "workload_type", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Network Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Container Bandwidth by Workload: Received", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Container Bandwidth by Workload: Transmitted", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 10, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 11, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 12, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 13, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "deployment", + "value": "deployment" + }, + "datasource": "$datasource", + "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\".+\"}, workload_type)", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "type", + "options": [ + + ], + "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\".+\"}, workload_type)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 1, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", + "refresh": 1, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Compute Resources / Namespace (Workloads)", + "uid": "a87fb0d919ec0ea5f6543124e16c42a5", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/kubelet.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/kubelet.yaml new file mode 100755 index 000000000..f72ff5875 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/kubelet.yaml @@ -0,0 +1,2533 @@ +{{- /* +Generated from 'kubelet' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled .Values.kubelet.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "kubelet" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + kubelet.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 2, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 2, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(up{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Up", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "min" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 3, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 2, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kubelet_running_pods{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}) OR sum(kubelet_running_pod_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": "", + "title": "Running Pods", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "min" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 4, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 2, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kubelet_running_containers{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}) OR sum(kubelet_running_container_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": "", + "title": "Running Container", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "min" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 5, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 2, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(volume_manager_total_volumes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\", state=\"actual_state_of_world\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": "", + "title": "Actual Volume Count", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "min" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 6, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 2, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(volume_manager_total_volumes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",state=\"desired_state_of_world\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": "", + "title": "Desired Volume Count", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "min" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 7, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 2, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(rate(kubelet_node_config_error{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": "", + "title": "Config Error Count", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "min" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 8, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kubelet_runtime_operations_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (operation_type, instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_type{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Operation Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 9, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kubelet_runtime_operations_errors_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, operation_type)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_type{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Operation Error Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 10, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(kubelet_runtime_operations_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, operation_type, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_type{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Operation duration 99th quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 11, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kubelet_pod_start_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} pod", + "refId": "A" + }, + { + "expr": "sum(rate(kubelet_pod_worker_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} worker", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Pod Start Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 12, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(kubelet_pod_start_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} pod", + "refId": "A" + }, + { + "expr": "histogram_quantile(0.99, sum(rate(kubelet_pod_worker_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} worker", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Pod Start Duration", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 13, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(storage_operation_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, operation_name, volume_plugin)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_name{{`}}`}} {{`{{`}}volume_plugin{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Storage Operation Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 14, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(storage_operation_errors_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, operation_name, volume_plugin)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_name{{`}}`}} {{`{{`}}volume_plugin{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Storage Operation Error Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 15, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(storage_operation_duration_seconds_bucket{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance, operation_name, volume_plugin, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_name{{`}}`}} {{`{{`}}volume_plugin{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Storage Operation Duration 99th quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 16, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kubelet_cgroup_manager_duration_seconds_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance, operation_type)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}operation_type{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Cgroup manager operation rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 17, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(kubelet_cgroup_manager_duration_seconds_bucket{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance, operation_type, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_type{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Cgroup manager 99th quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Pod lifecycle event generator", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 18, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kubelet_pleg_relist_duration_seconds_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "PLEG relist rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 19, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_interval_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "PLEG relist interval", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 20, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "PLEG relist duration", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 21, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"2..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "2xx", + "refId": "A" + }, + { + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"3..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "3xx", + "refId": "B" + }, + { + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"4..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "4xx", + "refId": "C" + }, + { + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"5..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "5xx", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "RPC Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 22, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance, verb, url, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Request duration 99th quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 23, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "process_resident_memory_bytes{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 24, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 25, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_goroutines{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Goroutines", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "instance", + "options": [ + + ], + "query": "label_values(kubelet_runtime_operations_total{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\"}, instance)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Kubelet", + "uid": "3138fa155d5915769fbded898ac09fd9", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/namespace-by-pod.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/namespace-by-pod.yaml new file mode 100755 index 000000000..20def0a8d --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/namespace-by-pod.yaml @@ -0,0 +1,1464 @@ +{{- /* +Generated from 'namespace-by-pod' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "namespace-by-pod" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + namespace-by-pod.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "panels": [ + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 2, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Current Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "decimals": 0, + "format": "time_series", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 1 + }, + "height": 9, + "id": 3, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "minSpan": 12, + "nullPointMode": "connected", + "nullText": null, + "options": { + "fieldOptions": { + "calcs": [ + "last" + ], + "defaults": { + "max": 10000000000, + "min": 0, + "title": "$namespace", + "unit": "Bps" + }, + "mappings": [ + + ], + "override": { + + }, + "thresholds": [ + { + "color": "dark-green", + "index": 0, + "value": null + }, + { + "color": "dark-yellow", + "index": 1, + "value": 5000000000 + }, + { + "color": "dark-red", + "index": 2, + "value": 7000000000 + } + ], + "values": false + } + }, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 12, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution]))", + "format": "time_series", + "instant": null, + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Received", + "type": "gauge", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "decimals": 0, + "format": "time_series", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 1 + }, + "height": 9, + "id": 4, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "minSpan": 12, + "nullPointMode": "connected", + "nullText": null, + "options": { + "fieldOptions": { + "calcs": [ + "last" + ], + "defaults": { + "max": 10000000000, + "min": 0, + "title": "$namespace", + "unit": "Bps" + }, + "mappings": [ + + ], + "override": { + + }, + "thresholds": [ + { + "color": "dark-green", + "index": 0, + "value": null + }, + { + "color": "dark-yellow", + "index": 1, + "value": 5000000000 + }, + { + "color": "dark-red", + "index": 2, + "value": 7000000000 + } + ], + "values": false + } + }, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 12, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution]))", + "format": "time_series", + "instant": null, + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Transmitted", + "type": "gauge", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "columns": [ + { + "text": "Time", + "value": "Time" + }, + { + "text": "Value #A", + "value": "Value #A" + }, + { + "text": "Value #B", + "value": "Value #B" + }, + { + "text": "Value #C", + "value": "Value #C" + }, + { + "text": "Value #D", + "value": "Value #D" + }, + { + "text": "Value #E", + "value": "Value #E" + }, + { + "text": "Value #F", + "value": "Value #F" + }, + { + "text": "pod", + "value": "pod" + } + ], + "datasource": "$datasource", + "fill": 1, + "fontSize": "100%", + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 10 + }, + "id": 5, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null as zero", + "renderer": "flot", + "scroll": true, + "showHeader": true, + "sort": { + "col": 0, + "desc": false + }, + "spaceLength": 10, + "span": 24, + "styles": [ + { + "alias": "Time", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Time", + "thresholds": [ + + ], + "type": "hidden", + "unit": "short" + }, + { + "alias": "Bandwidth Received", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Bandwidth Transmitted", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Rate of Received Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Received Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down", + "linkUrl": "d/7a18067ce943a40ae25454675c19ff5c/kubernetes-networking-pod?orgId=1&refresh=30s&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Status", + "type": "table" + }, + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 19 + }, + "id": 6, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 20 + }, + "id": 7, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 20 + }, + "id": 8, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 29 + }, + "id": 9, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 30 + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 30 + }, + "id": 11, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Packets", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 30 + }, + "id": 12, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 40 + }, + "id": 13, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 40 + }, + "id": 14, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Errors", + "titleSize": "h6", + "type": "row" + } + ], + "refresh": "10s", + "rows": [ + + ], + "schemaVersion": 18, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 1, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".+", + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "kube-system", + "value": "kube-system" + }, + "datasource": "$datasource", + "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "resolution", + "options": [ + { + "selected": false, + "text": "30s", + "value": "30s" + }, + { + "selected": true, + "text": "5m", + "value": "5m" + }, + { + "selected": false, + "text": "1h", + "value": "1h" + } + ], + "query": "30s,5m,1h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": null, + "multi": false, + "name": "interval", + "options": [ + { + "selected": true, + "text": "4h", + "value": "4h" + } + ], + "query": "4h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Networking / Namespace (Pods)", + "uid": "8b7a8b326d7a6f1f04244066368c67af", + "version": 0 + } +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/namespace-by-workload.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/namespace-by-workload.yaml new file mode 100755 index 000000000..adecffa09 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/namespace-by-workload.yaml @@ -0,0 +1,1736 @@ +{{- /* +Generated from 'namespace-by-workload' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "namespace-by-workload" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + namespace-by-workload.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "panels": [ + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 2, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Current Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 1 + }, + "id": 3, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}} workload {{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Received", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 1 + }, + "id": 4, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}} workload {{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Transmitted", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "columns": [ + { + "text": "Time", + "value": "Time" + }, + { + "text": "Value #A", + "value": "Value #A" + }, + { + "text": "Value #B", + "value": "Value #B" + }, + { + "text": "Value #C", + "value": "Value #C" + }, + { + "text": "Value #D", + "value": "Value #D" + }, + { + "text": "Value #E", + "value": "Value #E" + }, + { + "text": "Value #F", + "value": "Value #F" + }, + { + "text": "Value #G", + "value": "Value #G" + }, + { + "text": "Value #H", + "value": "Value #H" + }, + { + "text": "workload", + "value": "workload" + } + ], + "datasource": "$datasource", + "fill": 1, + "fontSize": "90%", + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 10 + }, + "id": 5, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null as zero", + "renderer": "flot", + "scroll": true, + "showHeader": true, + "sort": { + "col": 0, + "desc": false + }, + "spaceLength": 10, + "span": 24, + "styles": [ + { + "alias": "Time", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Time", + "thresholds": [ + + ], + "type": "hidden", + "unit": "short" + }, + { + "alias": "Current Bandwidth Received", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Current Bandwidth Transmitted", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Average Bandwidth Received", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Average Bandwidth Transmitted", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Rate of Received Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Received Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #H", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Workload", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down", + "linkUrl": "d/728bf77cc1166d2f3133bf25846876cc/kubernetes-networking-workload?orgId=1&refresh=30s&var-namespace=$namespace&var-type=$type&var-workload=$__cell", + "pattern": "workload", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "H", + "step": 10 + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Status", + "type": "table" + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 19 + }, + "id": 6, + "panels": [ + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 20 + }, + "id": 7, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}} workload {{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Rate of Bytes Received", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 20 + }, + "id": 8, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}} workload {{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Rate of Bytes Transmitted", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Average Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 29 + }, + "id": 9, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Bandwidth HIstory", + "titleSize": "h6", + "type": "row" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 38 + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 38 + }, + "id": 11, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 39 + }, + "id": 12, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 40 + }, + "id": 13, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 40 + }, + "id": 14, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Packets", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 40 + }, + "id": 15, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 41 + }, + "id": 16, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 41 + }, + "id": 17, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Errors", + "titleSize": "h6", + "type": "row" + } + ], + "refresh": "10s", + "rows": [ + + ], + "schemaVersion": 18, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 1, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "kube-system", + "value": "kube-system" + }, + "datasource": "$datasource", + "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "deployment", + "value": "deployment" + }, + "datasource": "$datasource", + "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\"}, workload_type)", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "type", + "options": [ + + ], + "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\"}, workload_type)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "resolution", + "options": [ + { + "selected": false, + "text": "30s", + "value": "30s" + }, + { + "selected": true, + "text": "5m", + "value": "5m" + }, + { + "selected": false, + "text": "1h", + "value": "1h" + } + ], + "query": "30s,5m,1h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": null, + "multi": false, + "name": "interval", + "options": [ + { + "selected": true, + "text": "4h", + "value": "4h" + } + ], + "query": "4h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Networking / Namespace (Workload)", + "uid": "bbb2a765a623ae38130206c7d94a160f", + "version": 0 + } +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml new file mode 100755 index 000000000..7ef72f97a --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml @@ -0,0 +1,964 @@ +{{- /* +Generated from 'node-cluster-rsrc-use' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled .Values.nodeExporter.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "node-cluster-rsrc-use" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + node-cluster-rsrc-use.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(\n instance:node_cpu_utilisation:rate1m{job=\"node-exporter\"}\n*\n instance:node_num_cpu:sum{job=\"node-exporter\"}\n)\n/ scalar(sum(instance:node_num_cpu:sum{job=\"node-exporter\"}))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Utilisation", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_load1_per_cpu:ratio{job=\"node-exporter\"}\n/ scalar(count(instance:node_load1_per_cpu:ratio{job=\"node-exporter\"}))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Saturation (load1 per CPU)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_memory_utilisation:ratio{job=\"node-exporter\"}\n/ scalar(count(instance:node_memory_utilisation:ratio{job=\"node-exporter\"}))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Utilisation", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_vmstat_pgmajfault:rate1m{job=\"node-exporter\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Saturation (Major Page Faults)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "rps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/ Receive/", + "stack": "A" + }, + { + "alias": "/ Transmit/", + "stack": "B", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_network_receive_bytes_excluding_lo:rate1m{job=\"node-exporter\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Receive", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + }, + { + "expr": "instance:node_network_transmit_bytes_excluding_lo:rate1m{job=\"node-exporter\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Transmit", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Net Utilisation (Bytes Receive/Transmit)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/ Receive/", + "stack": "A" + }, + { + "alias": "/ Transmit/", + "stack": "B", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_network_receive_drop_excluding_lo:rate1m{job=\"node-exporter\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Receive", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + }, + { + "expr": "instance:node_network_transmit_drop_excluding_lo:rate1m{job=\"node-exporter\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Transmit", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Net Saturation (Drops Receive/Transmit)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "rps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance_device:node_disk_io_time_seconds:rate1m{job=\"node-exporter\"}\n/ scalar(count(instance_device:node_disk_io_time_seconds:rate1m{job=\"node-exporter\"}))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}device{{`}}`}}", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk IO Utilisation", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance_device:node_disk_io_time_weighted_seconds:rate1m{job=\"node-exporter\"}\n/ scalar(count(instance_device:node_disk_io_time_weighted_seconds:rate1m{job=\"node-exporter\"}))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}device{{`}}`}}", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk IO Saturation", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Disk IO", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum without (device) (\n max without (fstype, mountpoint) (\n node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\"} - node_filesystem_avail_bytes{job=\"node-exporter\", fstype!=\"\"}\n )\n) \n/ scalar(sum(max without (fstype, mountpoint) (node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\"})))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk Space Utilisation", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Disk Space", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "utc", + "title": "USE Method / Cluster", + "uid": "", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/node-rsrc-use.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/node-rsrc-use.yaml new file mode 100755 index 000000000..9defce091 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/node-rsrc-use.yaml @@ -0,0 +1,991 @@ +{{- /* +Generated from 'node-rsrc-use' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled .Values.nodeExporter.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "node-rsrc-use" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + node-rsrc-use.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_cpu_utilisation:rate1m{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Utilisation", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Utilisation", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_load1_per_cpu:ratio{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Saturation", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Saturation (Load1 per CPU)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_memory_utilisation:ratio{job=\"node-exporter\", job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Memory", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Utilisation", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_vmstat_pgmajfault:rate1m{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Major page faults", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Saturation (Major Page Faults)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Receive/", + "stack": "A" + }, + { + "alias": "/Transmit/", + "stack": "B", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_network_receive_bytes_excluding_lo:rate1m{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Receive", + "legendLink": null, + "step": 10 + }, + { + "expr": "instance:node_network_transmit_bytes_excluding_lo:rate1m{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Transmit", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Net Utilisation (Bytes Receive/Transmit)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Receive/", + "stack": "A" + }, + { + "alias": "/Transmit/", + "stack": "B", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_network_receive_drop_excluding_lo:rate1m{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Receive drops", + "legendLink": null, + "step": 10 + }, + { + "expr": "instance:node_network_transmit_drop_excluding_lo:rate1m{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Transmit drops", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Net Saturation (Drops Receive/Transmit)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "rps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Net", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "instance_device:node_disk_io_time_seconds:rate1m{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk IO Utilisation", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "instance_device:node_disk_io_time_weighted_seconds:rate1m{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk IO Saturation", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Disk IO", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 -\n(\n max without (mountpoint, fstype) (node_filesystem_avail_bytes{job=\"node-exporter\", fstype!=\"\", instance=\"$instance\"})\n/\n max without (mountpoint, fstype) (node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\", instance=\"$instance\"})\n)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk Space Utilisation", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Disk Space", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "instance", + "multi": false, + "name": "instance", + "options": [ + + ], + "query": "label_values(up{job=\"node-exporter\"}, instance)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "utc", + "title": "USE Method / Node", + "uid": "", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/nodes.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/nodes.yaml new file mode 100755 index 000000000..8c67344c4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/nodes.yaml @@ -0,0 +1,997 @@ +{{- /* +Generated from 'nodes' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "nodes" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + nodes.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 2, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(\n (1 - rate(node_cpu_seconds_total{job=\"node-exporter\", mode=\"idle\", instance=\"$instance\"}[$__interval]))\n/ ignoring(cpu) group_left\n count without (cpu)( node_cpu_seconds_total{job=\"node-exporter\", mode=\"idle\", instance=\"$instance\"})\n)\n", + "format": "time_series", + "interval": "1m", + "intervalFactor": 5, + "legendFormat": "{{`{{`}}cpu{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 0, + "fillGradient": 0, + "gridPos": { + + }, + "id": 3, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "node_load1{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "1m load average", + "refId": "A" + }, + { + "expr": "node_load5{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "5m load average", + "refId": "B" + }, + { + "expr": "node_load15{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "15m load average", + "refId": "C" + }, + { + "expr": "count(node_cpu_seconds_total{job=\"node-exporter\", instance=\"$instance\", mode=\"idle\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "logical cores", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Load Average", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 9, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(\n node_memory_MemTotal_bytes{job=\"node-exporter\", instance=\"$instance\"}\n-\n node_memory_MemFree_bytes{job=\"node-exporter\", instance=\"$instance\"}\n-\n node_memory_Buffers_bytes{job=\"node-exporter\", instance=\"$instance\"}\n-\n node_memory_Cached_bytes{job=\"node-exporter\", instance=\"$instance\"}\n)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "memory used", + "refId": "A" + }, + { + "expr": "node_memory_Buffers_bytes{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "memory buffers", + "refId": "B" + }, + { + "expr": "node_memory_Cached_bytes{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "memory cached", + "refId": "C" + }, + { + "expr": "node_memory_MemFree_bytes{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "memory free", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "$datasource", + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 5, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "100 -\n(\n avg(node_memory_MemAvailable_bytes{job=\"node-exporter\", instance=\"$instance\"})\n/\n avg(node_memory_MemTotal_bytes{job=\"node-exporter\", instance=\"$instance\"})\n* 100\n)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "80, 90", + "title": "Memory Usage", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 0, + "fillGradient": 0, + "gridPos": { + + }, + "id": 6, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + { + "alias": "/ read| written/", + "yaxis": 1 + }, + { + "alias": "/ io time/", + "yaxis": 2 + } + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(node_disk_read_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+\"}[$__interval])", + "format": "time_series", + "interval": "1m", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}} read", + "refId": "A" + }, + { + "expr": "rate(node_disk_written_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+\"}[$__interval])", + "format": "time_series", + "interval": "1m", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}} written", + "refId": "B" + }, + { + "expr": "rate(node_disk_io_time_seconds_total{job=\"node-exporter\", instance=\"$instance\", device=~\"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+\"}[$__interval])", + "format": "time_series", + "interval": "1m", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}} io time", + "refId": "C" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 7, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + { + "alias": "used", + "color": "#E0B400" + }, + { + "alias": "available", + "color": "#73BF69" + } + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n max by (device) (\n node_filesystem_size_bytes{job=\"node-exporter\", instance=\"$instance\", fstype!=\"\"}\n -\n node_filesystem_avail_bytes{job=\"node-exporter\", instance=\"$instance\", fstype!=\"\"}\n )\n)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "used", + "refId": "A" + }, + { + "expr": "sum(\n max by (device) (\n node_filesystem_avail_bytes{job=\"node-exporter\", instance=\"$instance\", fstype!=\"\"}\n )\n)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "available", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk Space Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 0, + "fillGradient": 0, + "gridPos": { + + }, + "id": 8, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(node_network_receive_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__interval])", + "format": "time_series", + "interval": "1m", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Network Received", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 0, + "fillGradient": 0, + "gridPos": { + + }, + "id": 9, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(node_network_transmit_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__interval])", + "format": "time_series", + "interval": "1m", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Network Transmitted", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "instance", + "options": [ + + ], + "query": "label_values(node_exporter_build_info{job=\"node-exporter\"}, instance)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "Nodes", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml new file mode 100755 index 000000000..180087aa3 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml @@ -0,0 +1,577 @@ +{{- /* +Generated from 'persistentvolumesusage' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "persistentvolumesusage" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + persistentvolumesusage.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 2, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 9, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(\n sum without(instance, node) (kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n -\n sum without(instance, node) (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n)\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "Used Space", + "refId": "A" + }, + { + "expr": "sum without(instance, node) (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "Free Space", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Volume Space Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "$datasource", + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 3, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "max without(instance,node) (\n(\n kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n -\n kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n)\n/\nkubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n* 100)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "80, 90", + "title": "Volume Space Usage", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 9, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum without(instance, node) (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "Used inodes", + "refId": "A" + }, + { + "expr": "(\n sum without(instance, node) (kubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n -\n sum without(instance, node) (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n)\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": " Free inodes", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Volume inodes Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "$datasource", + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 5, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "max without(instance,node) (\nkubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n/\nkubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n* 100)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "80, 90", + "title": "Volume inodes Usage", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kubelet_volume_stats_capacity_bytes, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "Namespace", + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\"}, namespace)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "PersistentVolumeClaim", + "multi": false, + "name": "volume", + "options": [ + + ], + "query": "label_values(kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\"}, persistentvolumeclaim)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-7d", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Persistent Volumes", + "uid": "919b92a8e8041bd567af9edab12c840c", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/pod-total.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/pod-total.yaml new file mode 100755 index 000000000..1790df788 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/pod-total.yaml @@ -0,0 +1,1228 @@ +{{- /* +Generated from 'pod-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "pod-total" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + pod-total.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "panels": [ + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 2, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Current Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "decimals": 0, + "format": "time_series", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 1 + }, + "height": 9, + "id": 3, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "minSpan": 12, + "nullPointMode": "connected", + "nullText": null, + "options": { + "fieldOptions": { + "calcs": [ + "last" + ], + "defaults": { + "max": 10000000000, + "min": 0, + "title": "$namespace: $pod", + "unit": "Bps" + }, + "mappings": [ + + ], + "override": { + + }, + "thresholds": [ + { + "color": "dark-green", + "index": 0, + "value": null + }, + { + "color": "dark-yellow", + "index": 1, + "value": 5000000000 + }, + { + "color": "dark-red", + "index": 2, + "value": 7000000000 + } + ], + "values": false + } + }, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 12, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution]))", + "format": "time_series", + "instant": null, + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Received", + "type": "gauge", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "decimals": 0, + "format": "time_series", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 1 + }, + "height": 9, + "id": 4, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "minSpan": 12, + "nullPointMode": "connected", + "nullText": null, + "options": { + "fieldOptions": { + "calcs": [ + "last" + ], + "defaults": { + "max": 10000000000, + "min": 0, + "title": "$namespace: $pod", + "unit": "Bps" + }, + "mappings": [ + + ], + "override": { + + }, + "thresholds": [ + { + "color": "dark-green", + "index": 0, + "value": null + }, + { + "color": "dark-yellow", + "index": 1, + "value": 5000000000 + }, + { + "color": "dark-red", + "index": 2, + "value": 7000000000 + } + ], + "values": false + } + }, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 12, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution]))", + "format": "time_series", + "instant": null, + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Transmitted", + "type": "gauge", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 10 + }, + "id": 5, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 11 + }, + "id": 6, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 11 + }, + "id": 7, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 20 + }, + "id": 8, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 21 + }, + "id": 9, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 21 + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Packets", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 21 + }, + "id": 11, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 32 + }, + "id": 12, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 32 + }, + "id": 13, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Errors", + "titleSize": "h6", + "type": "row" + } + ], + "refresh": "10s", + "rows": [ + + ], + "schemaVersion": 18, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 1, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".+", + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "kube-system", + "value": "kube-system" + }, + "datasource": "$datasource", + "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".+", + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}, pod)", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "pod", + "options": [ + + ], + "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}, pod)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "resolution", + "options": [ + { + "selected": false, + "text": "30s", + "value": "30s" + }, + { + "selected": true, + "text": "5m", + "value": "5m" + }, + { + "selected": false, + "text": "1h", + "value": "1h" + } + ], + "query": "30s,5m,1h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": null, + "multi": false, + "name": "interval", + "options": [ + { + "selected": true, + "text": "4h", + "value": "4h" + } + ], + "query": "4h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Networking / Pod", + "uid": "7a18067ce943a40ae25454675c19ff5c", + "version": 0 + } +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml new file mode 100755 index 000000000..89c6c4be1 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml @@ -0,0 +1,1670 @@ +{{- /* +Generated from 'prometheus-remote-write' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled .Values.prometheus.prometheusSpec.remoteWriteDashboards }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "prometheus-remote-write" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + prometheus-remote-write.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "60s", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 2, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(\n prometheus_remote_storage_highest_timestamp_in_seconds{cluster=~\"$cluster\", instance=~\"$instance\"} \n- \n ignoring(remote_name, url) group_right(instance) (prometheus_remote_storage_queue_highest_sent_timestamp_seconds{cluster=~\"$cluster\", instance=~\"$instance\"} != 0)\n)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Highest Timestamp In vs. Highest Timestamp Sent", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 3, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "clamp_min(\n rate(prometheus_remote_storage_highest_timestamp_in_seconds{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) \n- \n ignoring (remote_name, url) group_right(instance) rate(prometheus_remote_storage_queue_highest_sent_timestamp_seconds{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n, 0)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate[5m]", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Timestamps", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(\n prometheus_remote_storage_samples_in_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n- \n ignoring(remote_name, url) group_right(instance) (rate(prometheus_remote_storage_succeeded_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]))\n- \n (rate(prometheus_remote_storage_dropped_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_dropped_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate, in vs. succeeded or dropped [5m]", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Samples", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 5, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "minSpan": 6, + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_remote_storage_shards{cluster=~\"$cluster\", instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Shards", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 6, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_remote_storage_shards_max{cluster=~\"$cluster\", instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Max Shards", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 7, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_remote_storage_shards_min{cluster=~\"$cluster\", instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Min Shards", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 8, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_remote_storage_shards_desired{cluster=~\"$cluster\", instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Desired Shards", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Shards", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 9, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_remote_storage_shard_capacity{cluster=~\"$cluster\", instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Shard Capacity", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_remote_storage_pending_samples{cluster=~\"$cluster\", instance=~\"$instance\"} or prometheus_remote_storage_samples_pending{cluster=~\"$cluster\", instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Pending Samples", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Shard Details", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 11, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_tsdb_wal_segment_current{cluster=~\"$cluster\", instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "TSDB Current Segment", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 12, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_wal_watcher_current_segment{cluster=~\"$cluster\", instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}consumer{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Remote Write Current Segment", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Segments", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 13, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_remote_storage_dropped_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_dropped_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Dropped Samples", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 14, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_remote_storage_failed_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_failed_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Failed Samples", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 15, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_remote_storage_retried_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_retried_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Retried Samples", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 16, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_remote_storage_enqueue_retries_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Enqueue Retries", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Misc. Rates", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "prometheus-mixin" + ], + "templating": { + "list": [ + { + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": { + "selected": true, + "text": "All", + "value": "$__all" + }, + "value": { + "selected": true, + "text": "All", + "value": "$__all" + } + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "instance", + "options": [ + + ], + "query": "label_values(prometheus_build_info, instance)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": { + "selected": true, + "text": "All", + "value": "$__all" + }, + "value": { + "selected": true, + "text": "All", + "value": "$__all" + } + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": true, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_container_info{image=~\".*prometheus.*\"}, cluster)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "url", + "options": [ + + ], + "query": "label_values(prometheus_remote_storage_shards{cluster=~\"$cluster\", instance=~\"$instance\"}, url)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "Prometheus / Remote Write", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/prometheus.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/prometheus.yaml new file mode 100755 index 000000000..f3292faf2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/prometheus.yaml @@ -0,0 +1,1227 @@ +{{- /* +Generated from 'prometheus' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "prometheus" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + prometheus.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "60s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Count", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "hidden", + "unit": "short" + }, + { + "alias": "Uptime", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Instance", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "instance", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Job", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "job", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Version", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "version", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "count by (job, instance, version) (prometheus_build_info{job=~\"$job\", instance=~\"$instance\"})", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "max by (job, instance) (time() - process_start_time_seconds{job=~\"$job\", instance=~\"$instance\"})", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Prometheus Stats", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Prometheus Stats", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(prometheus_target_sync_length_seconds_sum{job=~\"$job\",instance=~\"$instance\"}[5m])) by (scrape_job) * 1e3", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}scrape_job{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Target Sync", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ms", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(prometheus_sd_discovered_targets{job=~\"$job\",instance=~\"$instance\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Targets", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Targets", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Discovery", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_target_interval_length_seconds_sum{job=~\"$job\",instance=~\"$instance\"}[5m]) / rate(prometheus_target_interval_length_seconds_count{job=~\"$job\",instance=~\"$instance\"}[5m]) * 1e3", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}interval{{`}}`}} configured", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Scrape Interval Duration", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ms", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job) (rate(prometheus_target_scrapes_exceeded_sample_limit_total[1m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "exceeded sample limit: {{`{{`}}job{{`}}`}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum by (job) (rate(prometheus_target_scrapes_sample_duplicate_timestamp_total[1m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "duplicate timestamp: {{`{{`}}job{{`}}`}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum by (job) (rate(prometheus_target_scrapes_sample_out_of_bounds_total[1m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "out of bounds: {{`{{`}}job{{`}}`}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum by (job) (rate(prometheus_target_scrapes_sample_out_of_order_total[1m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "out of order: {{`{{`}}job{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Scrape failures", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_tsdb_head_samples_appended_total{job=~\"$job\",instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}job{{`}}`}} {{`{{`}}instance{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Appended Samples", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Retrieval", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_tsdb_head_series{job=~\"$job\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}job{{`}}`}} {{`{{`}}instance{{`}}`}} head series", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Head Series", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_tsdb_head_chunks{job=~\"$job\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}job{{`}}`}} {{`{{`}}instance{{`}}`}} head chunks", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Head Chunks", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Storage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_engine_query_duration_seconds_count{job=~\"$job\",instance=~\"$instance\",slice=\"inner_eval\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}job{{`}}`}} {{`{{`}}instance{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Query Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 10, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "max by (slice) (prometheus_engine_query_duration_seconds{quantile=\"0.9\",job=~\"$job\",instance=~\"$instance\"}) * 1e3", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}slice{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Stage Duration", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ms", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Query", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "prometheus-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "selected": true, + "text": "All", + "value": "$__all" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": "job", + "multi": true, + "name": "job", + "options": [ + + ], + "query": "label_values(prometheus_build_info, job)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "selected": true, + "text": "All", + "value": "$__all" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": "instance", + "multi": true, + "name": "instance", + "options": [ + + ], + "query": "label_values(prometheus_build_info, instance)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "utc", + "title": "Prometheus / Overview", + "uid": "", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/proxy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/proxy.yaml new file mode 100755 index 000000000..a7cecd5dd --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/proxy.yaml @@ -0,0 +1,1232 @@ +{{- /* +Generated from 'proxy' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +{{- if (include "exporter.kubeProxy.enabled" .)}} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "proxy" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + proxy.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 2, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 2, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(up{job=\"{{ include "exporter.kubeProxy.jobName" . }}\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Up", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "min" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 3, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 5, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kubeproxy_sync_proxy_rules_duration_seconds_count{job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "rate", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rules Sync Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 5, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99,rate(kubeproxy_sync_proxy_rules_duration_seconds_bucket{job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rule Sync Latency 99th Quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 5, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kubeproxy_network_programming_duration_seconds_count{job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "rate", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Network Programming Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 6, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(kubeproxy_network_programming_duration_seconds_bucket{job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Network Programming Latency 99th Quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 7, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\",code=~\"2..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "2xx", + "refId": "A" + }, + { + "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\",code=~\"3..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "3xx", + "refId": "B" + }, + { + "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\",code=~\"4..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "4xx", + "refId": "C" + }, + { + "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\",code=~\"5..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "5xx", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Kube API Request Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 8, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 8, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{job=\"{{ include "exporter.kubeProxy.jobName" . }}\",instance=~\"$instance\",verb=\"POST\"}[5m])) by (verb, url, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Post Request Latency 99th Quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 9, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\", verb=\"GET\"}[5m])) by (verb, url, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Get Request Latency 99th Quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "process_resident_memory_bytes{job=\"{{ include "exporter.kubeProxy.jobName" . }}\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 11, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(process_cpu_seconds_total{job=\"{{ include "exporter.kubeProxy.jobName" . }}\",instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 12, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_goroutines{job=\"{{ include "exporter.kubeProxy.jobName" . }}\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Goroutines", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "instance", + "options": [ + + ], + "query": "label_values(kubeproxy_network_programming_duration_seconds_bucket{job=\"{{ include "exporter.kubeProxy.jobName" . }}\"}, instance)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Proxy", + "uid": "632e265de029684c40b21cb76bca4f94", + "version": 0 + } +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/scheduler.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/scheduler.yaml new file mode 100755 index 000000000..eba5d160c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/scheduler.yaml @@ -0,0 +1,1076 @@ +{{- /* +Generated from 'scheduler' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +{{- if (include "exporter.kubeScheduler.enabled" .)}} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "scheduler" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + scheduler.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 2, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 2, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(up{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Up", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "min" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 3, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 5, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(scheduler_e2e_scheduling_duration_seconds_count{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}[5m])) by (instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} e2e", + "refId": "A" + }, + { + "expr": "sum(rate(scheduler_binding_duration_seconds_count{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}[5m])) by (instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} binding", + "refId": "B" + }, + { + "expr": "sum(rate(scheduler_scheduling_algorithm_duration_seconds_count{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}[5m])) by (instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} scheduling algorithm", + "refId": "C" + }, + { + "expr": "sum(rate(scheduler_volume_scheduling_duration_seconds_count{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}[5m])) by (instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} volume", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Scheduling Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 5, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\",instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} e2e", + "refId": "A" + }, + { + "expr": "histogram_quantile(0.99, sum(rate(scheduler_binding_duration_seconds_bucket{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\",instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} binding", + "refId": "B" + }, + { + "expr": "histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\",instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} scheduling algorithm", + "refId": "C" + }, + { + "expr": "histogram_quantile(0.99, sum(rate(scheduler_volume_scheduling_duration_seconds_bucket{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\",instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} volume", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Scheduling latency 99th Quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 5, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\",code=~\"2..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "2xx", + "refId": "A" + }, + { + "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\",code=~\"3..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "3xx", + "refId": "B" + }, + { + "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\",code=~\"4..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "4xx", + "refId": "C" + }, + { + "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\",code=~\"5..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "5xx", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Kube API Request Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 6, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 8, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\", verb=\"POST\"}[5m])) by (verb, url, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Post Request Latency 99th Quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 7, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\", verb=\"GET\"}[5m])) by (verb, url, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Get Request Latency 99th Quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 8, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "process_resident_memory_bytes{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 9, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(process_cpu_seconds_total{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_goroutines{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Goroutines", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "instance", + "options": [ + + ], + "query": "label_values(process_cpu_seconds_total{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\"}, instance)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Scheduler", + "uid": "2e6b6a3b4bddf1427b3a55aa1311c656", + "version": 0 + } +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/statefulset.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/statefulset.yaml new file mode 100755 index 000000000..3512fada2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/statefulset.yaml @@ -0,0 +1,928 @@ +{{- /* +Generated from 'statefulset' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "statefulset" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + statefulset.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 2, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "cores", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 4, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\", namespace=\"$namespace\", pod=~\"$statefulset.*\"}[3m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "CPU", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 3, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "GB", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 4, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(container_memory_usage_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\", namespace=\"$namespace\", pod=~\"$statefulset.*\"}) / 1024^3", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Memory", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 4, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "Bps", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 4, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(rate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$statefulset.*\"}[3m])) + sum(rate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",pod=~\"$statefulset.*\"}[3m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Network", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "height": "100px", + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 5, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "max(kube_statefulset_replicas{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", statefulset=\"$statefulset\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Desired Replicas", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 6, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "min(kube_statefulset_status_replicas_current{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", statefulset=\"$statefulset\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Replicas of current version", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 7, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "max(kube_statefulset_status_observed_generation{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", statefulset=\"$statefulset\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Observed Generation", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 8, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "max(kube_statefulset_metadata_generation{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Metadata Generation", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 9, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "max(kube_statefulset_replicas{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "replicas specified", + "refId": "A" + }, + { + "expr": "max(kube_statefulset_status_replicas{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "replicas created", + "refId": "B" + }, + { + "expr": "min(kube_statefulset_status_replicas_ready{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "ready", + "refId": "C" + }, + { + "expr": "min(kube_statefulset_status_replicas_current{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "replicas of current version", + "refId": "D" + }, + { + "expr": "min(kube_statefulset_status_replicas_updated{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "updated", + "refId": "E" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Replicas", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_statefulset_metadata_generation, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "Namespace", + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kube_statefulset_metadata_generation{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "Name", + "multi": false, + "name": "statefulset", + "options": [ + + ], + "query": "label_values(kube_statefulset_metadata_generation{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\"}, statefulset)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / StatefulSets", + "uid": "a31c1f46e6f727cb37c0d731a7245005", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/workload-total.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/workload-total.yaml new file mode 100755 index 000000000..cd4e2364d --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/workload-total.yaml @@ -0,0 +1,1438 @@ +{{- /* +Generated from 'workload-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "workload-total" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + workload-total.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "panels": [ + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 2, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Current Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 1 + }, + "id": 3, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}} pod {{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Received", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 1 + }, + "id": 4, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}} pod {{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Transmitted", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 10 + }, + "id": 5, + "panels": [ + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 11 + }, + "id": 6, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}} pod {{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Rate of Bytes Received", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 11 + }, + "id": 7, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}} pod {{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Rate of Bytes Transmitted", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Average Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 11 + }, + "id": 8, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Bandwidth HIstory", + "titleSize": "h6", + "type": "row" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 12 + }, + "id": 9, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 12 + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 21 + }, + "id": 11, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 22 + }, + "id": 12, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 22 + }, + "id": 13, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Packets", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 22 + }, + "id": 14, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 23 + }, + "id": 15, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 23 + }, + "id": 16, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Errors", + "titleSize": "h6", + "type": "row" + } + ], + "refresh": "10s", + "rows": [ + + ], + "schemaVersion": 18, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 1, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".+", + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "kube-system", + "value": "kube-system" + }, + "datasource": "$datasource", + "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\"}, workload)", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "workload", + "options": [ + + ], + "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\"}, workload)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "deployment", + "value": "deployment" + }, + "datasource": "$datasource", + "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\"}, workload_type)", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "type", + "options": [ + + ], + "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\"}, workload_type)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "resolution", + "options": [ + { + "selected": false, + "text": "30s", + "value": "30s" + }, + { + "selected": true, + "text": "5m", + "value": "5m" + }, + { + "selected": false, + "text": "1h", + "value": "1h" + } + ], + "query": "30s,5m,1h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": null, + "multi": false, + "name": "interval", + "options": [ + { + "selected": true, + "text": "4h", + "value": "4h" + } + ], + "query": "4h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Networking / Workload", + "uid": "728bf77cc1166d2f3133bf25846876cc", + "version": 0 + } +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/etcd.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/etcd.yaml new file mode 100755 index 000000000..ac54228e9 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/etcd.yaml @@ -0,0 +1,1118 @@ +{{- /* +Generated from 'etcd' from https://raw.githubusercontent.com/etcd-io/website/master/content/docs/current/op-guide/grafana.json +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +{{- if (include "exporter.kubeEtcd.enabled" .)}} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "etcd" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + etcd.json: |- + { + "annotations": { + "list": [] + }, + "description": "etcd sample Grafana dashboard with Prometheus", + "editable": true, + "gnetId": null, + "hideControls": false, + "links": [], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "editable": true, + "height": "250px", + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "$datasource", + "editable": true, + "error": false, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "id": 28, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "targets": [ + { + "expr": "sum(etcd_server_has_leader{job=\"$cluster\"})", + "intervalFactor": 2, + "legendFormat": "", + "metric": "etcd_server_has_leader", + "refId": "A", + "step": 20 + } + ], + "thresholds": "", + "title": "Up", + "type": "singlestat", + "valueFontSize": "200%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "id": 23, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 5, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(grpc_server_started_total{job=\"$cluster\",grpc_type=\"unary\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "RPC Rate", + "metric": "grpc_server_started_total", + "refId": "A", + "step": 2 + }, + { + "expr": "sum(rate(grpc_server_handled_total{job=\"$cluster\",grpc_type=\"unary\",grpc_code!=\"OK\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "RPC Failed Rate", + "metric": "grpc_server_handled_total", + "refId": "B", + "step": 2 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "RPC Rate", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "id": 41, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(grpc_server_started_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"})", + "intervalFactor": 2, + "legendFormat": "Watch Streams", + "metric": "grpc_server_handled_total", + "refId": "A", + "step": 4 + }, + { + "expr": "sum(grpc_server_started_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"})", + "intervalFactor": 2, + "legendFormat": "Lease Streams", + "metric": "grpc_server_handled_total", + "refId": "B", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Active Streams", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "showTitle": false, + "title": "Row" + }, + { + "collapse": false, + "editable": true, + "height": "250px", + "panels": [ + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "decimals": null, + "editable": true, + "error": false, + "fill": 0, + "grid": {}, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "etcd_mvcc_db_total_size_in_bytes{job=\"$cluster\"}", + "hide": false, + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} DB Size", + "metric": "", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "DB Size", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "grid": {}, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 1, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 4, + "stack": false, + "steppedLine": true, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_wal_fsync_duration_seconds_bucket{job=\"$cluster\"}[5m])) by (instance, le))", + "hide": false, + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} WAL fsync", + "metric": "etcd_disk_wal_fsync_duration_seconds_bucket", + "refId": "A", + "step": 4 + }, + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_backend_commit_duration_seconds_bucket{job=\"$cluster\"}[5m])) by (instance, le))", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} DB fsync", + "metric": "etcd_disk_backend_commit_duration_seconds_bucket", + "refId": "B", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Disk Sync Duration", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "id": 29, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "process_resident_memory_bytes{job=\"$cluster\"}", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Resident Memory", + "metric": "process_resident_memory_bytes", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Memory", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "title": "New row" + }, + { + "collapse": false, + "editable": true, + "height": "250px", + "panels": [ + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 5, + "id": 22, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 3, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "rate(etcd_network_client_grpc_received_bytes_total{job=\"$cluster\"}[5m])", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Client Traffic In", + "metric": "etcd_network_client_grpc_received_bytes_total", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Client Traffic In", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 5, + "id": 21, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 3, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "rate(etcd_network_client_grpc_sent_bytes_total{job=\"$cluster\"}[5m])", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Client Traffic Out", + "metric": "etcd_network_client_grpc_sent_bytes_total", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Client Traffic Out", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "id": 20, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_network_peer_received_bytes_total{job=\"$cluster\"}[5m])) by (instance)", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Peer Traffic In", + "metric": "etcd_network_peer_received_bytes_total", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Peer Traffic In", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "decimals": null, + "editable": true, + "error": false, + "fill": 0, + "grid": {}, + "id": 16, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_network_peer_sent_bytes_total{job=\"$cluster\"}[5m])) by (instance)", + "hide": false, + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Peer Traffic Out", + "metric": "etcd_network_peer_sent_bytes_total", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Peer Traffic Out", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "Bps", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "title": "New row" + }, + { + "collapse": false, + "editable": true, + "height": "250px", + "panels": [ + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "id": 40, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_server_proposals_failed_total{job=\"$cluster\"}[5m]))", + "intervalFactor": 2, + "legendFormat": "Proposal Failure Rate", + "metric": "etcd_server_proposals_failed_total", + "refId": "A", + "step": 2 + }, + { + "expr": "sum(etcd_server_proposals_pending{job=\"$cluster\"})", + "intervalFactor": 2, + "legendFormat": "Proposal Pending Total", + "metric": "etcd_server_proposals_pending", + "refId": "B", + "step": 2 + }, + { + "expr": "sum(rate(etcd_server_proposals_committed_total{job=\"$cluster\"}[5m]))", + "intervalFactor": 2, + "legendFormat": "Proposal Commit Rate", + "metric": "etcd_server_proposals_committed_total", + "refId": "C", + "step": 2 + }, + { + "expr": "sum(rate(etcd_server_proposals_applied_total{job=\"$cluster\"}[5m]))", + "intervalFactor": 2, + "legendFormat": "Proposal Apply Rate", + "refId": "D", + "step": 2 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Raft Proposals", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "decimals": 0, + "editable": true, + "error": false, + "fill": 0, + "id": 19, + "isNew": true, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "changes(etcd_server_leader_changes_seen_total{job=\"$cluster\"}[1d])", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Total Leader Elections Per Day", + "metric": "etcd_server_leader_changes_seen_total", + "refId": "A", + "step": 2 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Total Leader Elections Per Day", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "title": "New row" + } + ], + "schemaVersion": 13, + "sharedCrosshair": false, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [], + "query": "label_values(etcd_server_has_leader, job)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-15m", + "to": "now" + }, + "timepicker": { + "now": true, + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "etcd", + "uid": "c2f4e12cdf69feb95caa41a5a1b423d9", + "version": 215 + } +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-cluster-rsrc-use.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-cluster-rsrc-use.yaml new file mode 100755 index 000000000..2b8eac4df --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-cluster-rsrc-use.yaml @@ -0,0 +1,959 @@ +{{- /* +Generated from 'k8s-cluster-rsrc-use' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-cluster-rsrc-use" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-cluster-rsrc-use.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "node:cluster_cpu_utilisation:ratio{cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}node{{`}}`}}", + "legendLink": "./d/4ac4f123aae0ff6dbaf4f4f66120033b/k8s-node-rsrc-use", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_cpu_saturation_load1:{cluster=\"$cluster\"} / scalar(sum(min(kube_pod_info{cluster=\"$cluster\"}) by (node)))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}node{{`}}`}}", + "legendLink": "./d/4ac4f123aae0ff6dbaf4f4f66120033b/k8s-node-rsrc-use", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Saturation (Load1)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "node:cluster_memory_utilisation:ratio{cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}node{{`}}`}}", + "legendLink": "./d/4ac4f123aae0ff6dbaf4f4f66120033b/k8s-node-rsrc-use", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_memory_swap_io_bytes:sum_rate{cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}node{{`}}`}}", + "legendLink": "./d/4ac4f123aae0ff6dbaf4f4f66120033b/k8s-node-rsrc-use", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Saturation (Swap I/O)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_disk_utilisation:avg_irate{cluster=\"$cluster\"} / scalar(:kube_pod_info_node_count:{cluster=\"$cluster\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}node{{`}}`}}", + "legendLink": "./d/4ac4f123aae0ff6dbaf4f4f66120033b/k8s-node-rsrc-use", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk IO Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_disk_saturation:avg_irate{cluster=\"$cluster\"} / scalar(:kube_pod_info_node_count:{cluster=\"$cluster\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}node{{`}}`}}", + "legendLink": "./d/4ac4f123aae0ff6dbaf4f4f66120033b/k8s-node-rsrc-use", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk IO Saturation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Disk", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_net_utilisation:sum_irate{cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}node{{`}}`}}", + "legendLink": "./d/4ac4f123aae0ff6dbaf4f4f66120033b/k8s-node-rsrc-use", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Net Utilisation (Transmitted)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_net_saturation:sum_irate{cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}node{{`}}`}}", + "legendLink": "./d/4ac4f123aae0ff6dbaf4f4f66120033b/k8s-node-rsrc-use", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Net Saturation (Dropped)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(max(node_filesystem_size_bytes{fstype=~\"ext[234]|btrfs|xfs|zfs\", cluster=\"$cluster\"} - node_filesystem_avail_bytes{fstype=~\"ext[234]|btrfs|xfs|zfs\", cluster=\"$cluster\"}) by (device,pod,namespace)) by (pod,namespace)\n/ scalar(sum(max(node_filesystem_size_bytes{fstype=~\"ext[234]|btrfs|xfs|zfs\", cluster=\"$cluster\"}) by (device,pod,namespace)))\n* on (namespace, pod) group_left (node) node_namespace_pod:kube_pod_info:{cluster=\"$cluster\"}\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}node{{`}}`}}", + "legendLink": "./d/4ac4f123aae0ff6dbaf4f4f66120033b/k8s-node-rsrc-use", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk Capacity", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Storage", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(:kube_pod_info_node_count:, cluster)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Kubernetes / USE Method / Cluster", + "uid": "a6e7d1362e1ddbb79db21d5bb40d7137", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-node-rsrc-use.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-node-rsrc-use.yaml new file mode 100755 index 000000000..101252086 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-node-rsrc-use.yaml @@ -0,0 +1,986 @@ +{{- /* +Generated from 'k8s-node-rsrc-use' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-node-rsrc-use" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-node-rsrc-use.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_cpu_utilisation:avg1m{cluster=\"$cluster\", node=\"$node\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Utilisation", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_cpu_saturation_load1:{cluster=\"$cluster\", node=\"$node\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Saturation", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Saturation (Load1)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_memory_utilisation:{cluster=\"$cluster\", node=\"$node\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Memory", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_memory_swap_io_bytes:sum_rate{cluster=\"$cluster\", node=\"$node\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Swap IO", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Saturation (Swap I/O)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_disk_utilisation:avg_irate{cluster=\"$cluster\", node=\"$node\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Utilisation", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk IO Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_disk_saturation:avg_irate{cluster=\"$cluster\", node=\"$node\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Saturation", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk IO Saturation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Disk", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_net_utilisation:sum_irate{cluster=\"$cluster\", node=\"$node\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Utilisation", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Net Utilisation (Transmitted)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_net_saturation:sum_irate{cluster=\"$cluster\", node=\"$node\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Saturation", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Net Saturation (Dropped)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Net", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_filesystem_usage:{cluster=\"$cluster\"}\n* on (namespace, pod) group_left (node) node_namespace_pod:kube_pod_info:{cluster=\"$cluster\", node=\"$node\"}\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Disk", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(:kube_pod_info_node_count:, cluster)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "node", + "multi": false, + "name": "node", + "options": [ + + ], + "query": "label_values(kube_node_info{cluster=\"$cluster\"}, node)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Kubernetes / USE Method / Node", + "uid": "4ac4f123aae0ff6dbaf4f4f66120033b", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-cluster.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-cluster.yaml new file mode 100755 index 000000000..e068214bc --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-cluster.yaml @@ -0,0 +1,1479 @@ +{{- /* +Generated from 'k8s-resources-cluster' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-cluster" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-resources-cluster.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "100px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - avg(rate(node_cpu_seconds_total{mode=\"idle\", cluster=\"$cluster\"}[1m]))", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "CPU Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\"}) / sum(node:node_num_cpu:sum{cluster=\"$cluster\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "CPU Requests Commitment", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\"}) / sum(node:node_num_cpu:sum{cluster=\"$cluster\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "CPU Limits Commitment", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - sum(:node_memory_MemFreeCachedBuffers_bytes:sum{cluster=\"$cluster\"}) / sum(:node_memory_MemTotal_bytes:sum{cluster=\"$cluster\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "Memory Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\"}) / sum(:node_memory_MemTotal_bytes:sum{cluster=\"$cluster\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "Memory Requests Commitment", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\"}) / sum(:node_memory_MemTotal_bytes:sum{cluster=\"$cluster\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "Memory Limits Commitment", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Headlines", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Pods", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": true, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Workloads", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": true, + "linkTooltip": "Drill down to workloads", + "linkUrl": "./d/a87fb0d919ec0ea5f6543124e16c42a5/k8s-resources-workloads-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Namespace", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell", + "pattern": "namespace", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "count(mixin_pod_workload{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "count(avg(mixin_pod_workload{cluster=\"$cluster\"}) by (workload, namespace)) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sum(namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_memory_rss{cluster=\"$cluster\", container_name!=\"\"}) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage (w/o cache)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 10, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Pods", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": true, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Workloads", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": true, + "linkTooltip": "Drill down to workloads", + "linkUrl": "./d/a87fb0d919ec0ea5f6543124e16c42a5/k8s-resources-workloads-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Namespace", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell", + "pattern": "namespace", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "count(mixin_pod_workload{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "count(avg(mixin_pod_workload{cluster=\"$cluster\"}) by (workload, namespace)) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(container_memory_rss{cluster=\"$cluster\", container_name!=\"\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(container_memory_rss{cluster=\"$cluster\", container_name!=\"\"}) by (namespace) / sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sum(container_memory_rss{cluster=\"$cluster\", container_name!=\"\"}) by (namespace) / sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Requests by Namespace", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Requests", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(:kube_pod_info_node_count:, cluster)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Kubernetes / Compute Resources / Cluster", + "uid": "efa86fd1d0c121a26444b636a3f509a8", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-namespace.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-namespace.yaml new file mode 100755 index 000000000..af3664731 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-namespace.yaml @@ -0,0 +1,963 @@ +{{- /* +Generated from 'k8s-resources-namespace' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-namespace" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-resources-namespace.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod_name)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod_name{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(label_replace(namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}, \"pod\", \"$1\", \"pod_name\", \"(.*)\")) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(label_replace(namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}, \"pod\", \"$1\", \"pod_name\", \"(.*)\")) by (pod) / sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(label_replace(namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}, \"pod\", \"$1\", \"pod_name\", \"(.*)\")) by (pod) / sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container_name!=\"\"}) by (pod_name)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod_name{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage (w/o cache)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Usage (RSS)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Usage (Cache)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Usage (Swap", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #H", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(label_replace(container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container_name!=\"\"}, \"pod\", \"$1\", \"pod_name\", \"(.*)\")) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(label_replace(container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container_name!=\"\"}, \"pod\", \"$1\", \"pod_name\", \"(.*)\")) by (pod) / sum(kube_pod_container_resource_requests_memory_bytes{namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(label_replace(container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container_name!=\"\"}, \"pod\", \"$1\", \"pod_name\", \"(.*)\")) by (pod) / sum(kube_pod_container_resource_limits_memory_bytes{namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(label_replace(container_memory_rss{cluster=\"$cluster\", namespace=\"$namespace\",container_name!=\"\"}, \"pod\", \"$1\", \"pod_name\", \"(.*)\")) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sum(label_replace(container_memory_cache{cluster=\"$cluster\", namespace=\"$namespace\",container_name!=\"\"}, \"pod\", \"$1\", \"pod_name\", \"(.*)\")) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + }, + { + "expr": "sum(label_replace(container_memory_swap{cluster=\"$cluster\", namespace=\"$namespace\",container_name!=\"\"}, \"pod\", \"$1\", \"pod_name\", \"(.*)\")) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "H", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Quota", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(:kube_pod_info_node_count:, cluster)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "namespace", + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Kubernetes / Compute Resources / Namespace (Pods)", + "uid": "85a562078cdf77779eaa1add43ccec1e", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-pod.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-pod.yaml new file mode 100755 index 000000000..536a2c704 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-pod.yaml @@ -0,0 +1,1006 @@ +{{- /* +Generated from 'k8s-resources-pod' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-pod" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-resources-pod.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{namespace=\"$namespace\", pod_name=\"$pod\", container_name!=\"POD\", cluster=\"$cluster\"}) by (container_name)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}container_name{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Container", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "container", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(label_replace(namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\", container_name!=\"POD\"}, \"container\", \"$1\", \"container_name\", \"(.*)\")) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(label_replace(namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\"}, \"container\", \"$1\", \"container_name\", \"(.*)\")) by (container) / sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(label_replace(namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\"}, \"container\", \"$1\", \"container_name\", \"(.*)\")) by (container) / sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_memory_rss{cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\", container_name!=\"POD\", container_name!=\"\"}) by (container_name)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}container_name{{`}}`}} (RSS)", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum(container_memory_cache{cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\", container_name!=\"POD\", container_name!=\"\"}) by (container_name)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}container_name{{`}}`}} (Cache)", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum(container_memory_swap{cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\", container_name!=\"POD\", container_name!=\"\"}) by (container_name)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}container_name{{`}}`}} (Swap)", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Usage (RSS)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Usage (Cache)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Usage (Swap", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #H", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Container", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "container", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(label_replace(container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\", container_name!=\"POD\", container_name!=\"\"}, \"container\", \"$1\", \"container_name\", \"(.*)\")) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(label_replace(container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\"}, \"container\", \"$1\", \"container_name\", \"(.*)\")) by (container) / sum(kube_pod_container_resource_requests_memory_bytes{namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(label_replace(container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\", container_name!=\"\"}, \"container\", \"$1\", \"container_name\", \"(.*)\")) by (container) / sum(kube_pod_container_resource_limits_memory_bytes{namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(label_replace(container_memory_rss{cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\", container_name != \"\", container_name != \"POD\"}, \"container\", \"$1\", \"container_name\", \"(.*)\")) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sum(label_replace(container_memory_cache{cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\", container_name != \"\", container_name != \"POD\"}, \"container\", \"$1\", \"container_name\", \"(.*)\")) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + }, + { + "expr": "sum(label_replace(container_memory_swap{cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\", container_name != \"\", container_name != \"POD\"}, \"container\", \"$1\", \"container_name\", \"(.*)\")) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "H", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Quota", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(:kube_pod_info_node_count:, cluster)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "namespace", + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "pod", + "multi": false, + "name": "pod", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\", namespace=\"$namespace\"}, pod)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Kubernetes / Compute Resources / Pod", + "uid": "6581e46e4e5c7ba40a07646395ef7b23", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-workload.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-workload.yaml new file mode 100755 index 000000000..f5844b505 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-workload.yaml @@ -0,0 +1,936 @@ +{{- /* +Generated from 'k8s-resources-workload' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-workload" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-resources-workload.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n label_replace(\n namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(\n label_replace(\n namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(\n label_replace(\n namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(\n label_replace(\n namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n label_replace(\n container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container_name!=\"\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n ) by (pod)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(\n label_replace(\n container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container_name!=\"\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n ) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(\n label_replace(\n container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container_name!=\"\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n ) by (pod)\n/sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(\n label_replace(\n container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container_name!=\"\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n ) by (pod)\n/sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Quota", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(:kube_pod_info_node_count:, cluster)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "namespace", + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "workload", + "multi": false, + "name": "workload", + "options": [ + + ], + "query": "label_values(mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}, workload)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "type", + "multi": false, + "name": "type", + "options": [ + + ], + "query": "label_values(mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\"}, workload_type)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Kubernetes / Compute Resources / Workload", + "uid": "a164a7f0339f99e89cea5cb47e9be617", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-workloads-namespace.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-workloads-namespace.yaml new file mode 100755 index 000000000..8a8b5077b --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-workloads-namespace.yaml @@ -0,0 +1,972 @@ +{{- /* +Generated from 'k8s-resources-workloads-namespace' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-workloads-namespace" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-resources-workloads-namespace.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n label_replace(\n namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n) by (workload, workload_type)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}} - {{`{{`}}workload_type{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Running Pods", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Workload", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down", + "linkUrl": "./d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-workload=$__cell&var-type=$__cell_2", + "pattern": "workload", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Workload Type", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "workload_type", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "count(mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}) by (workload, workload_type)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(\n label_replace(\n namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(\n label_replace(\n namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(\n label_replace(\n namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n label_replace(\n container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container_name!=\"\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n ) by (workload, workload_type)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}} - {{`{{`}}workload_type{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Running Pods", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Workload", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down", + "linkUrl": "./d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-workload=$__cell&var-type=$__cell_2", + "pattern": "workload", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Workload Type", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "workload_type", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "count(mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}) by (workload, workload_type)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(\n label_replace(\n container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container_name!=\"\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n ) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(\n label_replace(\n container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container_name!=\"\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n ) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(\n label_replace(\n container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container_name!=\"\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n ) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Quota", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(:kube_pod_info_node_count:, cluster)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "namespace", + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Kubernetes / Compute Resources / Namespace (Workloads)", + "uid": "a87fb0d919ec0ea5f6543124e16c42a5", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/nodes.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/nodes.yaml new file mode 100755 index 000000000..17a97dae1 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/nodes.yaml @@ -0,0 +1,1383 @@ +{{- /* +Generated from 'nodes' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "nodes" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + nodes.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 2, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "max(node_load1{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "load 1m", + "refId": "A" + }, + { + "expr": "max(node_load5{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "load 5m", + "refId": "B" + }, + { + "expr": "max(node_load15{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "load 15m", + "refId": "C" + }, + { + "expr": "count(node_cpu_seconds_total{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\", mode=\"user\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "logical cores", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "System load", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 3, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (cpu) (irate(node_cpu_seconds_total{cluster=\"$cluster\", job=\"node-exporter\", mode!=\"idle\", instance=\"$instance\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cpu{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Usage Per Core", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": "true", + "avg": "true", + "current": "true", + "max": "false", + "min": "false", + "rightSide": "true", + "show": "true", + "total": "false", + "values": "true" + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 9, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "max (sum by (cpu) (irate(node_cpu_seconds_total{cluster=\"$cluster\", job=\"node-exporter\", mode!=\"idle\", instance=\"$instance\"}[2m])) ) * 100\n", + "format": "time_series", + "intervalFactor": 10, + "legendFormat": "{{`{{`}} cpu {{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percent", + "label": null, + "logBase": 1, + "max": 100, + "min": 0, + "show": true + }, + { + "format": "percent", + "label": null, + "logBase": 1, + "max": 100, + "min": 0, + "show": true + } + ] + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "$datasource", + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 5, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "avg(sum by (cpu) (irate(node_cpu_seconds_total{cluster=\"$cluster\", job=\"node-exporter\", mode!=\"idle\", instance=\"$instance\"}[2m]))) * 100\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "80, 90", + "title": "CPU Usage", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 6, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 9, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "max(\n node_memory_MemTotal_bytes{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}\n - node_memory_MemFree_bytes{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}\n - node_memory_Buffers_bytes{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}\n - node_memory_Cached_bytes{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}\n)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "memory used", + "refId": "A" + }, + { + "expr": "max(node_memory_Buffers_bytes{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "memory buffers", + "refId": "B" + }, + { + "expr": "max(node_memory_Cached_bytes{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "memory cached", + "refId": "C" + }, + { + "expr": "max(node_memory_MemFree_bytes{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "memory free", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "$datasource", + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 7, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "max(\n (\n (\n node_memory_MemTotal_bytes{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}\n - node_memory_MemFree_bytes{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}\n - node_memory_Buffers_bytes{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}\n - node_memory_Cached_bytes{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}\n )\n / node_memory_MemTotal_bytes{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}\n ) * 100)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "80, 90", + "title": "Memory Usage", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 8, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + { + "alias": "read", + "yaxis": 1 + }, + { + "alias": "io time", + "yaxis": 2 + } + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "max(rate(node_disk_read_bytes_total{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}[2m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "read", + "refId": "A" + }, + { + "expr": "max(rate(node_disk_written_bytes_total{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}[2m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "written", + "refId": "B" + }, + { + "expr": "max(rate(node_disk_io_time_seconds_total{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}[2m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "io time", + "refId": "C" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "ms", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 9, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "max by (namespace, pod, device) ((node_filesystem_size_bytes{cluster=\"$cluster\", fstype=~\"ext[234]|btrfs|xfs|zfs\", instance=\"$instance\", job=\"node-exporter\"} - node_filesystem_avail_bytes{cluster=\"$cluster\", fstype=~\"ext[234]|btrfs|xfs|zfs\", instance=\"$instance\", job=\"node-exporter\"}) / node_filesystem_size_bytes{cluster=\"$cluster\", fstype=~\"ext[234]|btrfs|xfs|zfs\", instance=\"$instance\", job=\"node-exporter\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "disk used", + "refId": "A" + }, + { + "expr": "max by (namespace, pod, device) (node_filesystem_avail_bytes{cluster=\"$cluster\", fstype=~\"ext[234]|btrfs|xfs|zfs\", instance=\"$instance\", job=\"node-exporter\"} / node_filesystem_size_bytes{cluster=\"$cluster\", fstype=~\"ext[234]|btrfs|xfs|zfs\", instance=\"$instance\", job=\"node-exporter\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "disk free", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk Space Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "max(rate(node_network_receive_bytes_total{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\", device!~\"lo\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Network Received", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 11, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "max(rate(node_network_transmit_bytes_total{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\", device!~\"lo\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Network Transmitted", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 12, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 9, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "max(\n node_filesystem_files{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}\n - node_filesystem_files_free{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}\n)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "inodes used", + "refId": "A" + }, + { + "expr": "max(node_filesystem_files_free{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "inodes free", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Inodes Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "$datasource", + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 13, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "max(\n (\n (\n node_filesystem_files{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}\n - node_filesystem_files_free{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}\n )\n / node_filesystem_files{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}\n ) * 100)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "80, 90", + "title": "Inodes Usage", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "instance", + "options": [ + + ], + "query": "label_values(node_boot_time_seconds{cluster=\"$cluster\", job=\"node-exporter\"}, instance)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Kubernetes / Nodes", + "uid": "fa49a4706d07a042595b664c87fb33ea", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/persistentvolumesusage.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/persistentvolumesusage.yaml new file mode 100755 index 000000000..f6bc2955c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/persistentvolumesusage.yaml @@ -0,0 +1,573 @@ +{{- /* +Generated from 'persistentvolumesusage' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "persistentvolumesusage" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + persistentvolumesusage.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 2, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 9, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(\n sum without(instance, node) (kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n -\n sum without(instance, node) (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n)\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "Used Space", + "refId": "A" + }, + { + "expr": "sum without(instance, node) (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "Free Space", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Volume Space Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "$datasource", + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 3, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(\n kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n -\n kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n)\n/\nkubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n* 100\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "80, 90", + "title": "Volume Space Usage", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 9, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum without(instance, node) (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "Used inodes", + "refId": "A" + }, + { + "expr": "(\n sum without(instance, node) (kubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n -\n sum without(instance, node) (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n)\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": " Free inodes", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Volume inodes Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "$datasource", + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 5, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n/\nkubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n* 100\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "80, 90", + "title": "Volume inodes Usage", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kubelet_volume_stats_capacity_bytes, cluster)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "Namespace", + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\"}, namespace)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "PersistentVolumeClaim", + "multi": false, + "name": "volume", + "options": [ + + ], + "query": "label_values(kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\"}, persistentvolumeclaim)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-7d", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Kubernetes / Persistent Volumes", + "uid": "919b92a8e8041bd567af9edab12c840c", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/pods.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/pods.yaml new file mode 100755 index 000000000..3b1e1539d --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/pods.yaml @@ -0,0 +1,680 @@ +{{- /* +Generated from 'pods' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "pods" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + pods.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "$datasource", + "enable": true, + "expr": "time() == BOOL timestamp(rate(kube_pod_container_status_restarts_total{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[2m]) > 0)", + "hide": false, + "iconColor": "rgba(215, 44, 44, 1)", + "name": "Restarts", + "showIn": 0, + "tags": [ + "restart" + ], + "type": "rows" + } + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 2, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by(container_name) (container_memory_usage_bytes{job=\"kubelet\", cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\", container_name=~\"$container\", container_name!=\"POD\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Current: {{`{{`}} container_name {{`}}`}}", + "refId": "A" + }, + { + "expr": "sum by(container) (kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\", pod=\"$pod\", container=~\"$container\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Requested: {{`{{`}} container {{`}}`}}", + "refId": "B" + }, + { + "expr": "sum by(container) (kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\", pod=\"$pod\", container=~\"$container\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Limit: {{`{{`}} container {{`}}`}}", + "refId": "C" + }, + { + "expr": "sum by(container_name) (container_memory_cache{job=\"kubelet\", namespace=\"$namespace\", pod_name=~\"$pod\", container_name=~\"$container\", container_name!=\"POD\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Cache: {{`{{`}} container_name {{`}}`}}", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 3, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (container_name) (rate(container_cpu_usage_seconds_total{job=\"kubelet\", cluster=\"$cluster\", namespace=\"$namespace\", image!=\"\", pod_name=\"$pod\", container_name=~\"$container\", container_name!=\"POD\"}[1m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Current: {{`{{`}} container_name {{`}}`}}", + "refId": "A" + }, + { + "expr": "sum by(container) (kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\", pod=\"$pod\", container=~\"$container\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Requested: {{`{{`}} container {{`}}`}}", + "refId": "B" + }, + { + "expr": "sum by(container) (kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\", pod=\"$pod\", container=~\"$container\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Limit: {{`{{`}} container {{`}}`}}", + "refId": "C" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum by (pod_name) (rate(container_network_receive_bytes_total{job=\"kubelet\", cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\"}[1m])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "RX: {{`{{`}} pod_name {{`}}`}}", + "refId": "A" + }, + { + "expr": "sort_desc(sum by (pod_name) (rate(container_network_transmit_bytes_total{job=\"kubelet\", cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\"}[1m])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "TX: {{`{{`}} pod_name {{`}}`}}", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 5, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "max by (container) (kube_pod_container_status_restarts_total{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container=~\"$container\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Restarts: {{`{{`}} container {{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Total Restarts Per Container", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "Namespace", + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "Pod", + "multi": false, + "name": "pod", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\", namespace=~\"$namespace\"}, pod)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": "Container", + "multi": false, + "name": "container", + "options": [ + + ], + "query": "label_values(kube_pod_container_info{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}, container)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Kubernetes / Pods", + "uid": "ab4f13a9892a76a4d21ce8c2445bf4ea", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/statefulset.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/statefulset.yaml new file mode 100755 index 000000000..01dbf1265 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/statefulset.yaml @@ -0,0 +1,926 @@ +{{- /* +Generated from 'statefulset' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "statefulset" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + statefulset.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 2, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "cores", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 4, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubelet\", cluster=\"$cluster\", namespace=\"$namespace\", pod_name=~\"$statefulset.*\"}[3m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "CPU", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 3, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "GB", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 4, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(container_memory_usage_bytes{job=\"kubelet\", cluster=\"$cluster\", namespace=\"$namespace\", pod_name=~\"$statefulset.*\"}) / 1024^3", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Memory", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 4, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "Bps", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 4, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(rate(container_network_transmit_bytes_total{job=\"kubelet\", cluster=\"$cluster\", namespace=\"$namespace\", pod_name=~\"$statefulset.*\"}[3m])) + sum(rate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=\"$namespace\",pod_name=~\"$statefulset.*\"}[3m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Network", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "height": "100px", + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 5, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "max(kube_statefulset_replicas{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", statefulset=\"$statefulset\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Desired Replicas", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 6, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "min(kube_statefulset_status_replicas_current{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", statefulset=\"$statefulset\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Replicas of current version", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 7, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "max(kube_statefulset_status_observed_generation{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", statefulset=\"$statefulset\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Observed Generation", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 8, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "max(kube_statefulset_metadata_generation{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Metadata Generation", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 9, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "max(kube_statefulset_replicas{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "replicas specified", + "refId": "A" + }, + { + "expr": "max(kube_statefulset_status_replicas{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "replicas created", + "refId": "B" + }, + { + "expr": "min(kube_statefulset_status_replicas_ready{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "ready", + "refId": "C" + }, + { + "expr": "min(kube_statefulset_status_replicas_current{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "replicas of current version", + "refId": "D" + }, + { + "expr": "min(kube_statefulset_status_replicas_updated{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "updated", + "refId": "E" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Replicas", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_statefulset_metadata_generation, cluster)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "Namespace", + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kube_statefulset_metadata_generation{job=\"kube-state-metrics\"}, namespace)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "Name", + "multi": false, + "name": "statefulset", + "options": [ + + ], + "query": "label_values(kube_statefulset_metadata_generation{job=\"kube-state-metrics\", namespace=\"$namespace\"}, statefulset)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Kubernetes / StatefulSets", + "uid": "a31c1f46e6f727cb37c0d731a7245005", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/namespaces.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/namespaces.yaml new file mode 100755 index 000000000..39ed210ed --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/namespaces.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled (not .Values.grafana.defaultDashboards.useExistingNamespace) }} +apiVersion: v1 +kind: Namespace +metadata: + name: {{ .Values.grafana.defaultDashboards.namespace }} + labels: + name: {{ .Values.grafana.defaultDashboards.namespace }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + annotations: +{{- if not .Values.grafana.defaultDashboards.cleanupOnUninstall }} + helm.sh/resource-policy: "keep" +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/servicemonitor.yaml new file mode 100755 index 000000000..1e839d707 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/servicemonitor.yaml @@ -0,0 +1,32 @@ +{{- if and .Values.grafana.enabled .Values.grafana.serviceMonitor.selfMonitor }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-grafana + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-grafana +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: {{ $.Release.Name | quote }} + namespaceSelector: + matchNames: + - {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }} + endpoints: + - port: {{ .Values.grafana.service.portName }} + {{- if .Values.grafana.serviceMonitor.interval }} + interval: {{ .Values.grafana.serviceMonitor.interval }} + {{- end }} + path: {{ .Values.grafana.serviceMonitor.path | quote }} +{{- if .Values.grafana.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.grafana.serviceMonitor.metricRelabelings | indent 6) . }} +{{- end }} +{{- if .Values.grafana.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.grafana.serviceMonitor.relabelings | indent 6 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml new file mode 100755 index 000000000..249af770a --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission +{{- include "kube-prometheus-stack.labels" $ | indent 4 }} +rules: + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - update +{{- if .Values.global.rbac.pspEnabled }} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} + - apiGroups: ['policy'] +{{- else }} + - apiGroups: ['extensions'] +{{- end }} + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "kube-prometheus-stack.fullname" . }}-admission +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml new file mode 100755 index 000000000..31fd2def0 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission +{{- include "kube-prometheus-stack.labels" $ | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-prometheus-stack.fullname" . }}-admission +subjects: + - kind: ServiceAccount + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml new file mode 100755 index 000000000..e86610cb7 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml @@ -0,0 +1,65 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission-create + namespace: {{ template "kube-prometheus-stack.namespace" . }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission-create +{{- include "kube-prometheus-stack.labels" $ | indent 4 }} +spec: + {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} + # Alpha feature since k8s 1.12 + ttlSecondsAfterFinished: 0 + {{- end }} + template: + metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission-create +{{- with .Values.prometheusOperator.admissionWebhooks.patch.podAnnotations }} + annotations: +{{ toYaml . | indent 8 }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission-create +{{- include "kube-prometheus-stack.labels" $ | indent 8 }} + spec: + {{- if .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }} + priorityClassName: {{ .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }} + {{- end }} + containers: + - name: create + {{- if .Values.prometheusOperator.admissionWebhooks.patch.image.sha }} + image: {{ template "system_default_registry" . }}{{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }}@sha256:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.sha }} + {{- else }} + image: {{ template "system_default_registry" . }}{{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }} + {{- end }} + imagePullPolicy: {{ .Values.prometheusOperator.admissionWebhooks.patch.image.pullPolicy }} + args: + - create + - --host={{ template "kube-prometheus-stack.operator.fullname" . }},{{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }}.svc + - --namespace={{ template "kube-prometheus-stack.namespace" . }} + - --secret-name={{ template "kube-prometheus-stack.fullname" . }}-admission + resources: +{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.resources | indent 12 }} + restartPolicy: OnFailure + serviceAccountName: {{ template "kube-prometheus-stack.fullname" . }}-admission + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- with .Values.prometheusOperator.admissionWebhooks.patch.nodeSelector }} +{{ toYaml . | indent 8 }} +{{- end }} + {{- with .Values.prometheusOperator.admissionWebhooks.patch.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- with .Values.prometheusOperator.admissionWebhooks.patch.tolerations }} +{{ toYaml . | indent 8 }} +{{- end }} + securityContext: + runAsGroup: 2000 + runAsNonRoot: true + runAsUser: 2000 +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml new file mode 100755 index 000000000..c2742073f --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -0,0 +1,66 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission-patch + namespace: {{ template "kube-prometheus-stack.namespace" . }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch +{{- include "kube-prometheus-stack.labels" $ | indent 4 }} +spec: + {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} + # Alpha feature since k8s 1.12 + ttlSecondsAfterFinished: 0 + {{- end }} + template: + metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission-patch +{{- with .Values.prometheusOperator.admissionWebhooks.patch.podAnnotations }} + annotations: +{{ toYaml . | indent 8 }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch +{{- include "kube-prometheus-stack.labels" $ | indent 8 }} + spec: + {{- if .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }} + priorityClassName: {{ .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }} + {{- end }} + containers: + - name: patch + {{- if .Values.prometheusOperator.admissionWebhooks.patch.image.sha }} + image: {{ template "system_default_registry" . }}{{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }}@sha256:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.sha }} + {{- else }} + image: {{ template "system_default_registry" . }}{{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }} + {{- end }} + imagePullPolicy: {{ .Values.prometheusOperator.admissionWebhooks.patch.image.pullPolicy }} + args: + - patch + - --webhook-name={{ template "kube-prometheus-stack.fullname" . }}-admission + - --namespace={{ template "kube-prometheus-stack.namespace" . }} + - --secret-name={{ template "kube-prometheus-stack.fullname" . }}-admission + - --patch-failure-policy={{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }} + resources: +{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.resources | indent 12 }} + restartPolicy: OnFailure + serviceAccountName: {{ template "kube-prometheus-stack.fullname" . }}-admission + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- with .Values.prometheusOperator.admissionWebhooks.patch.nodeSelector }} +{{ toYaml . | indent 8 }} +{{- end }} + {{- with .Values.prometheusOperator.admissionWebhooks.patch.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- with .Values.prometheusOperator.admissionWebhooks.patch.tolerations }} +{{ toYaml . | indent 8 }} +{{- end }} + securityContext: + runAsGroup: 2000 + runAsNonRoot: true + runAsUser: 2000 +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml new file mode 100755 index 000000000..5834c483c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml @@ -0,0 +1,54 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app: {{ template "kube-prometheus-stack.name" . }}-admission +{{- if .Values.global.rbac.pspAnnotations }} + annotations: +{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }} +{{- end }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + privileged: false + # Required to prevent escalations to root. + # allowPrivilegeEscalation: false + # This is redundant with non-root + disallow privilege escalation, + # but we can provide it for defense in depth. + #requiredDropCapabilities: + # - ALL + # Allow core volume types. + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'secret' + - 'downwardAPI' + - 'persistentVolumeClaim' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + # Permits the container to run with root privileges as well. + rule: 'RunAsAny' + seLinux: + # This policy assumes the nodes are using AppArmor rather than SELinux. + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml new file mode 100755 index 000000000..d229f76ef --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + namespace: {{ template "kube-prometheus-stack.namespace" . }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission +{{- include "kube-prometheus-stack.labels" $ | indent 4 }} +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml new file mode 100755 index 000000000..f4b1fbf0e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + namespace: {{ template "kube-prometheus-stack.namespace" . }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission +{{- include "kube-prometheus-stack.labels" $ | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-prometheus-stack.fullname" . }}-admission +subjects: + - kind: ServiceAccount + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml new file mode 100755 index 000000000..2048f049c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + namespace: {{ template "kube-prometheus-stack.namespace" . }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission +{{- include "kube-prometheus-stack.labels" $ | indent 4 }} +imagePullSecrets: +{{ toYaml .Values.global.imagePullSecrets | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml new file mode 100755 index 000000000..b67df54bf --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml @@ -0,0 +1,41 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled }} +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission +{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }} + annotations: + certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }} + cert-manager.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission +{{- include "kube-prometheus-stack.labels" $ | indent 4 }} +webhooks: + - name: prometheusrulemutate.monitoring.coreos.com + {{- if .Values.prometheusOperator.admissionWebhooks.patch.enabled }} + failurePolicy: Ignore + {{- else }} + failurePolicy: {{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }} + {{- end }} + rules: + - apiGroups: + - monitoring.coreos.com + apiVersions: + - "*" + resources: + - prometheusrules + operations: + - CREATE + - UPDATE + clientConfig: + service: + namespace: {{ template "kube-prometheus-stack.namespace" . }} + name: {{ template "kube-prometheus-stack.operator.fullname" $ }} + path: /admission-prometheusrules/mutate + {{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} + caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }} + {{- end }} + admissionReviewVersions: ["v1", "v1beta1"] + sideEffects: None +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml new file mode 100755 index 000000000..249488e41 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml @@ -0,0 +1,41 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled }} +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission +{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }} + annotations: + certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }} + cert-manager.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission +{{- include "kube-prometheus-stack.labels" $ | indent 4 }} +webhooks: + - name: prometheusrulemutate.monitoring.coreos.com + {{- if .Values.prometheusOperator.admissionWebhooks.patch.enabled }} + failurePolicy: Ignore + {{- else }} + failurePolicy: {{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }} + {{- end }} + rules: + - apiGroups: + - monitoring.coreos.com + apiVersions: + - "*" + resources: + - prometheusrules + operations: + - CREATE + - UPDATE + clientConfig: + service: + namespace: {{ template "kube-prometheus-stack.namespace" . }} + name: {{ template "kube-prometheus-stack.operator.fullname" $ }} + path: /admission-prometheusrules/validate + {{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} + caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }} + {{- end }} + admissionReviewVersions: ["v1", "v1beta1"] + sideEffects: None +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/certmanager.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/certmanager.yaml new file mode 100755 index 000000000..090e6a5bb --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/certmanager.yaml @@ -0,0 +1,57 @@ +{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled -}} +{{- if not .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef -}} +# Create a selfsigned Issuer, in order to create a root CA certificate for +# signing webhook serving certificates +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-self-signed-issuer + namespace: {{ template "kube-prometheus-stack.namespace" . }} +spec: + selfSigned: {} +--- +# Generate a CA Certificate used to sign certificates for the webhook +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-root-cert + namespace: {{ template "kube-prometheus-stack.namespace" . }} +spec: + secretName: {{ template "kube-prometheus-stack.fullname" . }}-root-cert + duration: 43800h # 5y + issuerRef: + name: {{ template "kube-prometheus-stack.fullname" . }}-self-signed-issuer + commonName: "ca.webhook.kube-prometheus-stack" + isCA: true +--- +# Create an Issuer that uses the above generated CA certificate to issue certs +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-root-issuer + namespace: {{ template "kube-prometheus-stack.namespace" . }} +spec: + ca: + secretName: {{ template "kube-prometheus-stack.fullname" . }}-root-cert +{{- end }} +--- +# generate a serving certificate for the apiservices to use +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + namespace: {{ template "kube-prometheus-stack.namespace" . }} +spec: + secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission + duration: 8760h # 1y + issuerRef: + {{- if .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef }} + {{- toYaml .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef | nindent 4 }} + {{- else }} + name: {{ template "kube-prometheus-stack.fullname" . }}-root-issuer + {{- end }} + dnsNames: + - {{ template "kube-prometheus-stack.operator.fullname" . }} + - {{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }} + - {{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }}.svc +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/clusterrole.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/clusterrole.yaml new file mode 100755 index 000000000..e5568534c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/clusterrole.yaml @@ -0,0 +1,80 @@ +{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-operator + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +rules: +- apiGroups: + - monitoring.coreos.com + resources: + - alertmanagers + - alertmanagers/finalizers + - alertmanagerconfigs + - prometheuses + - prometheuses/finalizers + - thanosrulers + - thanosrulers/finalizers + - servicemonitors + - podmonitors + - probes + - prometheusrules + verbs: + - '*' +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + verbs: + - list + - delete +- apiGroups: + - "" + resources: + - services + - services/finalizers + - endpoints + verbs: + - get + - create + - update + - delete +- apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/clusterrolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/clusterrolebinding.yaml new file mode 100755 index 000000000..c9ab0ab87 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/clusterrolebinding.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-operator + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-prometheus-stack.fullname" . }}-operator +subjects: +- kind: ServiceAccount + name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/deployment.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/deployment.yaml new file mode 100755 index 000000000..6e72acfa0 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/deployment.yaml @@ -0,0 +1,145 @@ +{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }} +{{- if .Values.prometheusOperator.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-operator + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-operator + release: {{ $.Release.Name | quote }} + template: + metadata: + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{ include "kube-prometheus-stack.labels" . | indent 8 }} +{{- if .Values.prometheusOperator.podLabels }} +{{ toYaml .Values.prometheusOperator.podLabels | indent 8 }} +{{- end }} +{{- if .Values.prometheusOperator.podAnnotations }} + annotations: +{{ toYaml .Values.prometheusOperator.podAnnotations | indent 8 }} +{{- end }} + spec: + {{- if .Values.prometheusOperator.priorityClassName }} + priorityClassName: {{ .Values.prometheusOperator.priorityClassName }} + {{- end }} + containers: + - name: {{ template "kube-prometheus-stack.name" . }} + {{- if .Values.prometheusOperator.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.prometheusOperator.image.repository }}:{{ .Values.prometheusOperator.image.tag }}@sha256:{{ .Values.prometheusOperator.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.prometheusOperator.image.repository }}:{{ .Values.prometheusOperator.image.tag }}" + {{- end }} + imagePullPolicy: "{{ .Values.prometheusOperator.image.pullPolicy }}" + args: + {{- if .Values.prometheusOperator.kubeletService.enabled }} + - --kubelet-service={{ .Values.prometheusOperator.kubeletService.namespace }}/{{ template "kube-prometheus-stack.fullname" . }}-kubelet + {{- end }} + {{- if .Values.prometheusOperator.logFormat }} + - --log-format={{ .Values.prometheusOperator.logFormat }} + {{- end }} + {{- if .Values.prometheusOperator.logLevel }} + - --log-level={{ .Values.prometheusOperator.logLevel }} + {{- end }} + {{- if .Values.prometheusOperator.denyNamespaces }} + - --deny-namespaces={{ .Values.prometheusOperator.denyNamespaces | join "," }} + {{- end }} + {{- with $.Values.prometheusOperator.namespaces }} + {{ $ns := .additional }} + {{- if .releaseNamespace }} + {{- $ns = append $ns $namespace }} + {{- end }} + - --namespaces={{ $ns | join "," }} + {{- end }} + - --localhost=127.0.0.1 + {{- if .Values.prometheusOperator.prometheusDefaultBaseImage }} + - --prometheus-default-base-image={{ .Values.prometheusOperator.prometheusDefaultBaseImage }} + {{- end }} + {{- if .Values.prometheusOperator.alertmanagerDefaultBaseImage }} + - --alertmanager-default-base-image={{ .Values.prometheusOperator.alertmanagerDefaultBaseImage }} + {{- end }} + {{- if .Values.prometheusOperator.prometheusConfigReloaderImage.sha }} + - --prometheus-config-reloader={{ template "system_default_registry" . }}{{ .Values.prometheusOperator.prometheusConfigReloaderImage.repository }}:{{ .Values.prometheusOperator.prometheusConfigReloaderImage.tag }}@sha256:{{ .Values.prometheusOperator.prometheusConfigReloaderImage.sha }} + {{- else }} + - --prometheus-config-reloader={{ template "system_default_registry" . }}{{ .Values.prometheusOperator.prometheusConfigReloaderImage.repository }}:{{ .Values.prometheusOperator.prometheusConfigReloaderImage.tag }} + {{- end }} + - --config-reloader-cpu={{ .Values.prometheusOperator.configReloaderCpu }} + - --config-reloader-memory={{ .Values.prometheusOperator.configReloaderMemory }} + {{- if .Values.prometheusOperator.alertmanagerInstanceNamespaces }} + - --alertmanager-instance-namespaces={{ .Values.prometheusOperator.alertmanagerInstanceNamespaces | join "," }} + {{- end }} + {{- if .Values.prometheusOperator.prometheusInstanceNamespaces }} + - --prometheus-instance-namespaces={{ .Values.prometheusOperator.prometheusInstanceNamespaces | join "," }} + {{- end }} + {{- if .Values.prometheusOperator.thanosRulerInstanceNamespaces }} + - --thanos-ruler-instance-namespaces={{ .Values.prometheusOperator.thanosRulerInstanceNamespaces | join "," }} + {{- end }} + {{- if .Values.prometheusOperator.secretFieldSelector }} + - --secret-field-selector={{ .Values.prometheusOperator.secretFieldSelector }} + {{- end }} + {{- if .Values.prometheusOperator.clusterDomain }} + - --cluster-domain={{ .Values.prometheusOperator.clusterDomain }} + {{- end }} + {{- if .Values.prometheusOperator.tls.enabled }} + - --web.enable-tls=true + - --web.cert-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.crt{{ else }}cert{{ end }} + - --web.key-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.key{{ else }}key{{ end }} + - --web.listen-address=:{{ .Values.prometheusOperator.tls.internalPort }} + - --web.tls-min-version={{ .Values.prometheusOperator.tls.tlsMinVersion }} + ports: + - containerPort: {{ .Values.prometheusOperator.tls.internalPort }} + name: https + {{- else }} + ports: + - containerPort: 8080 + name: http + {{- end }} + resources: +{{ toYaml .Values.prometheusOperator.resources | indent 12 }} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true +{{- if .Values.prometheusOperator.tls.enabled }} + volumeMounts: + - name: tls-secret + mountPath: /cert + readOnly: true + volumes: + - name: tls-secret + secret: + defaultMode: 420 + secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission +{{- end }} + {{- with .Values.prometheusOperator.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} + {{- end }} +{{- if .Values.prometheusOperator.securityContext }} + securityContext: +{{ toYaml .Values.prometheusOperator.securityContext | indent 8 }} +{{- end }} + serviceAccountName: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }} +{{- if .Values.prometheusOperator.hostNetwork }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet +{{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- with .Values.prometheusOperator.nodeSelector }} +{{ toYaml . | indent 8 }} +{{- end }} + {{- with .Values.prometheusOperator.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- with .Values.prometheusOperator.tolerations }} +{{ toYaml . | indent 8 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/psp-clusterrole.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/psp-clusterrole.yaml new file mode 100755 index 000000000..d667d6275 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/psp-clusterrole.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-operator-psp + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +rules: +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} +- apiGroups: ['policy'] +{{- else }} +- apiGroups: ['extensions'] +{{- end }} + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "kube-prometheus-stack.fullname" . }}-operator +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/psp-clusterrolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/psp-clusterrolebinding.yaml new file mode 100755 index 000000000..c538cd173 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/psp-clusterrolebinding.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-operator-psp + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-prometheus-stack.fullname" . }}-operator-psp +subjects: + - kind: ServiceAccount + name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/psp.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/psp.yaml new file mode 100755 index 000000000..18d1d37df --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/psp.yaml @@ -0,0 +1,51 @@ +{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-operator + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{- if .Values.global.rbac.pspAnnotations }} + annotations: +{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }} +{{- end }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + privileged: false + # Required to prevent escalations to root. + # allowPrivilegeEscalation: false + # This is redundant with non-root + disallow privilege escalation, + # but we can provide it for defense in depth. + #requiredDropCapabilities: + # - ALL + # Allow core volume types. + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'secret' + - 'downwardAPI' + - 'persistentVolumeClaim' + hostNetwork: {{ .Values.prometheusOperator.hostNetwork }} + hostIPC: false + hostPID: false + runAsUser: + # Permits the container to run with root privileges as well. + rule: 'RunAsAny' + seLinux: + # This policy assumes the nodes are using AppArmor rather than SELinux. + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/service.yaml new file mode 100755 index 000000000..8ccb2bb2d --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/service.yaml @@ -0,0 +1,55 @@ +{{- if .Values.prometheusOperator.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-operator + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.prometheusOperator.service.labels }} +{{ toYaml .Values.prometheusOperator.service.labels | indent 4 }} +{{- end }} +{{- if .Values.prometheusOperator.service.annotations }} + annotations: +{{ toYaml .Values.prometheusOperator.service.annotations | indent 4 }} +{{- end }} +spec: +{{- if .Values.prometheusOperator.service.clusterIP }} + clusterIP: {{ .Values.prometheusOperator.service.clusterIP }} +{{- end }} +{{- if .Values.prometheusOperator.service.externalIPs }} + externalIPs: +{{ toYaml .Values.prometheusOperator.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.prometheusOperator.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.prometheusOperator.service.loadBalancerIP }} +{{- end }} +{{- if .Values.prometheusOperator.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.prometheusOperator.service.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} +{{- end }} + ports: + {{- if not .Values.prometheusOperator.tls.enabled }} + - name: http + {{- if eq .Values.prometheusOperator.service.type "NodePort" }} + nodePort: {{ .Values.prometheusOperator.service.nodePort }} + {{- end }} + port: 8080 + targetPort: http + {{- end }} + {{- if .Values.prometheusOperator.tls.enabled }} + - name: https + {{- if eq .Values.prometheusOperator.service.type "NodePort"}} + nodePort: {{ .Values.prometheusOperator.service.nodePortTls }} + {{- end }} + port: 443 + targetPort: https + {{- end }} + selector: + app: {{ template "kube-prometheus-stack.name" . }}-operator + release: {{ $.Release.Name | quote }} + type: "{{ .Values.prometheusOperator.service.type }}" +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/serviceaccount.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/serviceaccount.yaml new file mode 100755 index 000000000..ab41797e3 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +imagePullSecrets: +{{ toYaml .Values.global.imagePullSecrets | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/servicemonitor.yaml new file mode 100755 index 000000000..b7bd952bb --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/servicemonitor.yaml @@ -0,0 +1,44 @@ +{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.serviceMonitor.selfMonitor }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-operator + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + endpoints: + {{- if .Values.prometheusOperator.tls.enabled }} + - port: https + scheme: https + tlsConfig: + serverName: {{ template "kube-prometheus-stack.operator.fullname" . }} + ca: + secret: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + key: {{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}ca.crt{{ else }}ca{{ end }} + optional: false + {{- else }} + - port: http + {{- end }} + honorLabels: true + {{- if .Values.prometheusOperator.serviceMonitor.interval }} + interval: {{ .Values.prometheusOperator.serviceMonitor.interval }} + {{- end }} +{{- if .Values.prometheusOperator.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.prometheusOperator.serviceMonitor.metricRelabelings | indent 6) . }} +{{- end }} +{{- if .Values.prometheusOperator.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.prometheusOperator.serviceMonitor.relabelings | indent 6 }} +{{- end }} + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-operator + release: {{ $.Release.Name | quote }} + namespaceSelector: + matchNames: + - {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/_rules.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/_rules.tpl new file mode 100755 index 000000000..83245c089 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/_rules.tpl @@ -0,0 +1,38 @@ +{{- /* +Generated file. Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- define "rules.names" }} +rules: + - "alertmanager.rules" + - "general.rules" + - "k8s.rules" + - "kube-apiserver.rules" + - "kube-apiserver-availability.rules" + - "kube-apiserver-error" + - "kube-apiserver-slos" + - "kube-prometheus-general.rules" + - "kube-prometheus-node-alerting.rules" + - "kube-prometheus-node-recording.rules" + - "kube-scheduler.rules" + - "kube-state-metrics" + - "kubelet.rules" + - "kubernetes-absent" + - "kubernetes-resources" + - "kubernetes-storage" + - "kubernetes-system" + - "kubernetes-system-apiserver" + - "kubernetes-system-kubelet" + - "kubernetes-system-controller-manager" + - "kubernetes-system-scheduler" + - "node-exporter.rules" + - "node-exporter" + - "node.rules" + - "node-network" + - "node-time" + - "prometheus-operator" + - "prometheus.rules" + - "prometheus" + - "kubernetes-apps" + - "etcd" +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalAlertRelabelConfigs.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalAlertRelabelConfigs.yaml new file mode 100755 index 000000000..bff930981 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalAlertRelabelConfigs.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigs }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-am-relabel-confg + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- if .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations }} + annotations: +{{ toYaml .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations | indent 4 }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus-am-relabel-confg +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +data: + additional-alert-relabel-configs.yaml: {{ toYaml .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigs | b64enc | quote }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalAlertmanagerConfigs.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalAlertmanagerConfigs.yaml new file mode 100755 index 000000000..8aebc96c3 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalAlertmanagerConfigs.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-am-confg + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- if .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations }} + annotations: +{{ toYaml .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations | indent 4 }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus-am-confg +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +data: + additional-alertmanager-configs.yaml: {{ toYaml .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs | b64enc | quote }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalPrometheusRules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalPrometheusRules.yaml new file mode 100755 index 000000000..794e9ad27 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalPrometheusRules.yaml @@ -0,0 +1,40 @@ +{{- if or .Values.additionalPrometheusRules .Values.additionalPrometheusRulesMap}} +apiVersion: v1 +kind: List +items: +{{- if .Values.additionalPrometheusRulesMap }} +{{- range $prometheusRuleName, $prometheusRule := .Values.additionalPrometheusRulesMap }} + - apiVersion: monitoring.coreos.com/v1 + kind: PrometheusRule + metadata: + name: {{ template "kube-prometheus-stack.name" $ }}-{{ $prometheusRuleName }} + namespace: {{ template "kube-prometheus-stack.namespace" $ }} + labels: + app: {{ template "kube-prometheus-stack.name" $ }} +{{ include "kube-prometheus-stack.labels" $ | indent 8 }} + {{- if $prometheusRule.additionalLabels }} +{{ toYaml $prometheusRule.additionalLabels | indent 8 }} + {{- end }} + spec: + groups: +{{ toYaml $prometheusRule.groups| indent 8 }} +{{- end }} +{{- else }} +{{- range .Values.additionalPrometheusRules }} + - apiVersion: monitoring.coreos.com/v1 + kind: PrometheusRule + metadata: + name: {{ template "kube-prometheus-stack.name" $ }}-{{ .name }} + namespace: {{ template "kube-prometheus-stack.namespace" $ }} + labels: + app: {{ template "kube-prometheus-stack.name" $ }} +{{ include "kube-prometheus-stack.labels" $ | indent 8 }} + {{- if .additionalLabels }} +{{ toYaml .additionalLabels | indent 8 }} + {{- end }} + spec: + groups: +{{ toYaml .groups| indent 8 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalScrapeConfigs.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalScrapeConfigs.yaml new file mode 100755 index 000000000..21d9429d8 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalScrapeConfigs.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.prometheusSpec.additionalScrapeConfigs }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-scrape-confg + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- if .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations }} + annotations: +{{ toYaml .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations | indent 4 }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus-scrape-confg +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +data: + additional-scrape-configs.yaml: {{ tpl (toYaml .Values.prometheus.prometheusSpec.additionalScrapeConfigs) $ | b64enc | quote }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/clusterrole.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/clusterrole.yaml new file mode 100755 index 000000000..3585b5db1 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/clusterrole.yaml @@ -0,0 +1,30 @@ +{{- if and .Values.prometheus.enabled .Values.global.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +rules: +# This permission are not in the kube-prometheus repo +# they're grabbed from https://github.com/prometheus/prometheus/blob/master/documentation/examples/rbac-setup.yml +- apiGroups: [""] + resources: + - nodes + - nodes/metrics + - services + - endpoints + - pods + verbs: ["get", "list", "watch"] +- apiGroups: + - "networking.k8s.io" + resources: + - ingresses + verbs: ["get", "list", "watch"] +- nonResourceURLs: ["/metrics", "/metrics/cadvisor"] + verbs: ["get"] +{{- if .Values.prometheus.additionalRulesForClusterRole }} +{{ toYaml .Values.prometheus.additionalRulesForClusterRole | indent 0 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/clusterrolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/clusterrolebinding.yaml new file mode 100755 index 000000000..9fc4f65da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/clusterrolebinding.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.prometheus.enabled .Values.global.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus +subjects: + - kind: ServiceAccount + name: {{ template "kube-prometheus-stack.prometheus.serviceAccountName" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- end }} + diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/ingress.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/ingress.yaml new file mode 100755 index 000000000..4d45873a7 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/ingress.yaml @@ -0,0 +1,65 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.ingress.enabled }} +{{- $pathType := .Values.prometheus.ingress.pathType | default "" }} +{{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" }} +{{- $servicePort := .Values.prometheus.service.port -}} +{{- $routePrefix := list .Values.prometheus.prometheusSpec.routePrefix }} +{{- $paths := .Values.prometheus.ingress.paths | default $routePrefix -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} +apiVersion: networking.k8s.io/v1beta1 +{{ else }} +apiVersion: extensions/v1beta1 +{{ end -}} +kind: Ingress +metadata: +{{- if .Values.prometheus.ingress.annotations }} + annotations: +{{ toYaml .Values.prometheus.ingress.annotations | indent 4 }} +{{- end }} + name: {{ $serviceName }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.prometheus.ingress.labels }} +{{ toYaml .Values.prometheus.ingress.labels | indent 4 }} +{{- end }} +spec: + {{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1") }} + {{- if .Values.prometheus.ingress.ingressClassName }} + ingressClassName: {{ .Values.prometheus.ingress.ingressClassName }} + {{- end }} + {{- end }} + rules: + {{- if .Values.prometheus.ingress.hosts }} + {{- range $host := .Values.prometheus.ingress.hosts }} + - host: {{ tpl $host $ }} + http: + paths: + {{- range $p := $paths }} + - path: {{ tpl $p $ }} + {{- if $pathType }} + pathType: {{ $pathType }} + {{- end }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end -}} + {{- end -}} + {{- else }} + - http: + paths: + {{- range $p := $paths }} + - path: {{ tpl $p $ }} + {{- if $pathType }} + pathType: {{ $pathType }} + {{- end }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end -}} + {{- end -}} + {{- if .Values.prometheus.ingress.tls }} + tls: +{{ tpl (toYaml .Values.prometheus.ingress.tls | indent 4) . }} + {{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/ingressThanosSidecar.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/ingressThanosSidecar.yaml new file mode 100755 index 000000000..69de0f663 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/ingressThanosSidecar.yaml @@ -0,0 +1,64 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.thanosIngress.enabled }} +{{- $pathType := .Values.prometheus.thanosIngress.pathType | default "" }} +{{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" }} +{{- $thanosPort := .Values.prometheus.thanosIngress.servicePort -}} +{{- $routePrefix := list .Values.prometheus.prometheusSpec.routePrefix }} +{{- $paths := .Values.prometheus.thanosIngress.paths | default $routePrefix -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} +apiVersion: networking.k8s.io/v1beta1 +{{ else }} +apiVersion: extensions/v1beta1 +{{ end -}} +kind: Ingress +metadata: +{{- if .Values.prometheus.thanosIngress.annotations }} + annotations: +{{ toYaml .Values.prometheus.thanosIngress.annotations | indent 4 }} +{{- end }} + name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-gateway + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.prometheus.thanosIngress.labels }} +{{ toYaml .Values.prometheus.thanosIngress.labels | indent 4 }} +{{- end }} +spec: + {{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1") }} + {{- if .Values.prometheus.thanosIngress.ingressClassName }} + ingressClassName: {{ .Values.prometheus.thanosIngress.ingressClassName }} + {{- end }} + {{- end }} + rules: + {{- if .Values.prometheus.thanosIngress.hosts }} + {{- range $host := .Values.prometheus.thanosIngress.hosts }} + - host: {{ tpl $host $ }} + http: + paths: + {{- range $p := $paths }} + - path: {{ tpl $p $ }} + {{- if $pathType }} + pathType: {{ $pathType }} + {{- end }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $thanosPort }} + {{- end -}} + {{- end -}} + {{- else }} + - http: + paths: + {{- range $p := $paths }} + - path: {{ tpl $p $ }} + {{- if $pathType }} + pathType: {{ $pathType }} + {{- end }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $thanosPort }} + {{- end -}} + {{- end -}} + {{- if .Values.prometheus.thanosIngress.tls }} + tls: +{{ toYaml .Values.prometheus.thanosIngress.tls | indent 4 }} + {{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/ingressperreplica.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/ingressperreplica.yaml new file mode 100755 index 000000000..33143775b --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/ingressperreplica.yaml @@ -0,0 +1,62 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.servicePerReplica.enabled .Values.prometheus.ingressPerReplica.enabled }} +{{- $pathType := .Values.prometheus.ingressPerReplica.pathType | default "" }} +{{- $count := .Values.prometheus.prometheusSpec.replicas | int -}} +{{- $servicePort := .Values.prometheus.servicePerReplica.port -}} +{{- $ingressValues := .Values.prometheus.ingressPerReplica -}} +apiVersion: v1 +kind: List +metadata: + name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-ingressperreplica + namespace: {{ template "kube-prometheus-stack.namespace" $ }} +items: +{{ range $i, $e := until $count }} + - kind: Ingress + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} + apiVersion: networking.k8s.io/v1beta1 + {{ else }} + apiVersion: extensions/v1beta1 + {{ end -}} + metadata: + name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }} + namespace: {{ template "kube-prometheus-stack.namespace" $ }} + labels: + app: {{ include "kube-prometheus-stack.name" $ }}-prometheus +{{ include "kube-prometheus-stack.labels" $ | indent 8 }} + {{- if $ingressValues.labels }} +{{ toYaml $ingressValues.labels | indent 8 }} + {{- end }} + {{- if $ingressValues.annotations }} + annotations: +{{ toYaml $ingressValues.annotations | indent 8 }} + {{- end }} + spec: + {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1") ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1") }} + {{- if $ingressValues.ingressClassName }} + ingressClassName: {{ $ingressValues.ingressClassName }} + {{- end }} + {{- end }} + rules: + - host: {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }} + http: + paths: + {{- range $p := $ingressValues.paths }} + - path: {{ tpl $p $ }} + {{- if $pathType }} + pathType: {{ $pathType }} + {{- end }} + backend: + serviceName: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }} + servicePort: {{ $servicePort }} + {{- end -}} + {{- if or $ingressValues.tlsSecretName $ingressValues.tlsSecretPerReplica.enabled }} + tls: + - hosts: + - {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }} + {{- if $ingressValues.tlsSecretPerReplica.enabled }} + secretName: {{ $ingressValues.tlsSecretPerReplica.prefix }}-{{ $i }} + {{- else }} + secretName: {{ $ingressValues.tlsSecretName }} + {{- end }} + {{- end }} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/nginx-config.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/nginx-config.yaml new file mode 100755 index 000000000..3f346ca4c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/nginx-config.yaml @@ -0,0 +1,66 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: prometheus-nginx-proxy-config + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.prometheus.annotations }} + annotations: +{{ toYaml .Values.prometheus.annotations | indent 4 }} +{{- end }} +data: + nginx.conf: |- + worker_processes auto; + error_log /dev/stdout warn; + pid /var/cache/nginx/nginx.pid; + + events { + worker_connections 1024; + } + + http { + include /etc/nginx/mime.types; + log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)'; + + proxy_connect_timeout 10; + proxy_read_timeout 180; + proxy_send_timeout 5; + proxy_buffering off; + proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g; + + server { + listen 8081; + access_log off; + + gzip on; + gzip_min_length 1k; + gzip_comp_level 2; + gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png; + gzip_vary on; + gzip_disable "MSIE [1-6]\."; + + proxy_set_header Host $host; + + location / { + proxy_cache my_zone; + proxy_cache_valid 200 302 1d; + proxy_cache_valid 301 30d; + proxy_cache_valid any 5m; + proxy_cache_bypass $http_cache_control; + add_header X-Proxy-Cache $upstream_cache_status; + add_header Cache-Control "public"; + + proxy_pass http://localhost:9090/; + + sub_filter_types text/html; + sub_filter_once off; + sub_filter 'var PATH_PREFIX = "";' 'var PATH_PREFIX = ".";'; + + if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) { + expires 90d; + } + } + } + } diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/podDisruptionBudget.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/podDisruptionBudget.yaml new file mode 100755 index 000000000..573317a32 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/podDisruptionBudget.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + {{- if .Values.prometheus.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.prometheus.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.prometheus.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.prometheus.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: + app: prometheus + prometheus: {{ template "kube-prometheus-stack.fullname" . }}-prometheus +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/podmonitors.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/podmonitors.yaml new file mode 100755 index 000000000..95d568e13 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/podmonitors.yaml @@ -0,0 +1,37 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.additionalPodMonitors }} +apiVersion: v1 +kind: List +items: +{{- range .Values.prometheus.additionalPodMonitors }} + - apiVersion: monitoring.coreos.com/v1 + kind: PodMonitor + metadata: + name: {{ .name }} + namespace: {{ template "kube-prometheus-stack.namespace" $ }} + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-prometheus +{{ include "kube-prometheus-stack.labels" $ | indent 8 }} + {{- if .additionalLabels }} +{{ toYaml .additionalLabels | indent 8 }} + {{- end }} + spec: + podMetricsEndpoints: +{{ toYaml .podMetricsEndpoints | indent 8 }} + {{- if .jobLabel }} + jobLabel: {{ .jobLabel }} + {{- end }} + {{- if .namespaceSelector }} + namespaceSelector: +{{ toYaml .namespaceSelector | indent 8 }} + {{- end }} + selector: +{{ toYaml .selector | indent 8 }} + {{- if .podTargetLabels }} + podTargetLabels: +{{ toYaml .podTargetLabels | indent 8 }} + {{- end }} + {{- if .sampleLimit }} + sampleLimit: {{ .sampleLimit }} + {{- end }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/prometheus.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/prometheus.yaml new file mode 100755 index 000000000..9c30c814c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/prometheus.yaml @@ -0,0 +1,319 @@ +{{- if .Values.prometheus.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: Prometheus +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.prometheus.annotations }} + annotations: +{{ toYaml .Values.prometheus.annotations | indent 4 }} +{{- end }} +spec: + alerting: + alertmanagers: +{{- if .Values.prometheus.prometheusSpec.alertingEndpoints }} +{{ toYaml .Values.prometheus.prometheusSpec.alertingEndpoints | indent 6 }} +{{- else if .Values.alertmanager.enabled }} + - namespace: {{ template "kube-prometheus-stack.namespace" . }} + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + port: {{ .Values.alertmanager.alertmanagerSpec.portName }} + {{- if .Values.alertmanager.alertmanagerSpec.routePrefix }} + pathPrefix: "{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}" + {{- end }} + apiVersion: {{ .Values.alertmanager.apiVersion }} +{{- else }} + [] +{{- end }} +{{- if .Values.prometheus.prometheusSpec.apiserverConfig }} + apiserverConfig: +{{ toYaml .Values.prometheus.prometheusSpec.apiserverConfig | indent 4}} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.image }} + image: {{ template "system_default_registry" . }}{{ .Values.prometheus.prometheusSpec.image.repository }}:{{ .Values.prometheus.prometheusSpec.image.tag }} + version: {{ .Values.prometheus.prometheusSpec.image.tag }} + {{- if .Values.prometheus.prometheusSpec.image.sha }} + sha: {{ .Values.prometheus.prometheusSpec.image.sha }} + {{- end }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.externalLabels }} + externalLabels: +{{ tpl (toYaml .Values.prometheus.prometheusSpec.externalLabels | indent 4) . }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.prometheusExternalLabelNameClear }} + prometheusExternalLabelName: "" +{{- else if .Values.prometheus.prometheusSpec.prometheusExternalLabelName }} + prometheusExternalLabelName: "{{ .Values.prometheus.prometheusSpec.prometheusExternalLabelName }}" +{{- end }} +{{- if .Values.prometheus.prometheusSpec.replicaExternalLabelNameClear }} + replicaExternalLabelName: "" +{{- else if .Values.prometheus.prometheusSpec.replicaExternalLabelName }} + replicaExternalLabelName: "{{ .Values.prometheus.prometheusSpec.replicaExternalLabelName }}" +{{- end }} +{{- if .Values.prometheus.prometheusSpec.externalUrl }} + externalUrl: "{{ tpl .Values.prometheus.prometheusSpec.externalUrl . }}" +{{- else if and .Values.prometheus.ingress.enabled .Values.prometheus.ingress.hosts }} + externalUrl: "http://{{ tpl (index .Values.prometheus.ingress.hosts 0) . }}{{ .Values.prometheus.prometheusSpec.routePrefix }}" +{{- else if not (or (kindIs "invalid" .Values.global.cattle.url) (kindIs "invalid" .Values.global.cattle.clusterId)) }} + externalUrl: "{{ .Values.global.cattle.url }}/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Values.namespaceOverride }}/services/http:{{ template "kube-prometheus-stack.fullname" . }}-prometheus:{{ .Values.prometheus.service.port }}/proxy" +{{- else }} + externalUrl: http://{{ template "kube-prometheus-stack.fullname" . }}-prometheus.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.prometheus.service.port }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }} + ignoreNamespaceSelectors: {{ .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }} +{{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 4 }} +{{- if .Values.prometheus.prometheusSpec.nodeSelector }} +{{ toYaml .Values.prometheus.prometheusSpec.nodeSelector | indent 4 }} +{{- end }} + paused: {{ .Values.prometheus.prometheusSpec.paused }} + replicas: {{ .Values.prometheus.prometheusSpec.replicas }} + shards: {{ .Values.prometheus.prometheusSpec.shards }} + logLevel: {{ .Values.prometheus.prometheusSpec.logLevel }} + logFormat: {{ .Values.prometheus.prometheusSpec.logFormat }} + listenLocal: {{ .Values.prometheus.prometheusSpec.listenLocal }} + enableAdminAPI: {{ .Values.prometheus.prometheusSpec.enableAdminAPI }} +{{- if .Values.prometheus.prometheusSpec.scrapeInterval }} + scrapeInterval: {{ .Values.prometheus.prometheusSpec.scrapeInterval }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.scrapeTimeout }} + scrapeTimeout: {{ .Values.prometheus.prometheusSpec.scrapeTimeout }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.evaluationInterval }} + evaluationInterval: {{ .Values.prometheus.prometheusSpec.evaluationInterval }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.resources }} + resources: +{{ toYaml .Values.prometheus.prometheusSpec.resources | indent 4 }} +{{- end }} + retention: {{ .Values.prometheus.prometheusSpec.retention | quote }} +{{- if .Values.prometheus.prometheusSpec.retentionSize }} + retentionSize: {{ .Values.prometheus.prometheusSpec.retentionSize | quote }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.walCompression }} + walCompression: {{ .Values.prometheus.prometheusSpec.walCompression }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.routePrefix }} + routePrefix: {{ .Values.prometheus.prometheusSpec.routePrefix | quote }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.secrets }} + secrets: +{{ toYaml .Values.prometheus.prometheusSpec.secrets | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.configMaps }} + configMaps: +{{ toYaml .Values.prometheus.prometheusSpec.configMaps | indent 4 }} +{{- end }} + serviceAccountName: {{ template "kube-prometheus-stack.prometheus.serviceAccountName" . }} +{{- if .Values.prometheus.prometheusSpec.serviceMonitorSelector }} + serviceMonitorSelector: +{{ toYaml .Values.prometheus.prometheusSpec.serviceMonitorSelector | indent 4 }} +{{ else if .Values.prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues }} + serviceMonitorSelector: + matchLabels: + release: {{ $.Release.Name | quote }} +{{ else }} + serviceMonitorSelector: {} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.serviceMonitorNamespaceSelector }} + serviceMonitorNamespaceSelector: +{{ toYaml .Values.prometheus.prometheusSpec.serviceMonitorNamespaceSelector | indent 4 }} +{{ else }} + serviceMonitorNamespaceSelector: {} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.podMonitorSelector }} + podMonitorSelector: +{{ toYaml .Values.prometheus.prometheusSpec.podMonitorSelector | indent 4 }} +{{ else if .Values.prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues }} + podMonitorSelector: + matchLabels: + release: {{ $.Release.Name | quote }} +{{ else }} + podMonitorSelector: {} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.podMonitorNamespaceSelector }} + podMonitorNamespaceSelector: +{{ toYaml .Values.prometheus.prometheusSpec.podMonitorNamespaceSelector | indent 4 }} +{{ else }} + podMonitorNamespaceSelector: {} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.probeSelector }} + probeSelector: +{{ toYaml .Values.prometheus.prometheusSpec.probeSelector | indent 4 }} +{{ else if .Values.prometheus.prometheusSpec.probeSelectorNilUsesHelmValues }} + probeSelector: + matchLabels: + release: {{ $.Release.Name | quote }} +{{ else }} + probeSelector: {} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.probeNamespaceSelector }} + probeNamespaceSelector: +{{ toYaml .Values.prometheus.prometheusSpec.probeNamespaceSelector | indent 4 }} +{{ else }} + probeNamespaceSelector: {} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.remoteRead }} + remoteRead: +{{ toYaml .Values.prometheus.prometheusSpec.remoteRead | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.remoteWrite }} + remoteWrite: +{{ toYaml .Values.prometheus.prometheusSpec.remoteWrite | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.securityContext }} + securityContext: +{{ toYaml .Values.prometheus.prometheusSpec.securityContext | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.ruleNamespaceSelector }} + ruleNamespaceSelector: +{{ toYaml .Values.prometheus.prometheusSpec.ruleNamespaceSelector | indent 4 }} +{{ else }} + ruleNamespaceSelector: {} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.ruleSelector }} + ruleSelector: +{{ toYaml .Values.prometheus.prometheusSpec.ruleSelector | indent 4}} +{{- else if .Values.prometheus.prometheusSpec.ruleSelectorNilUsesHelmValues }} + ruleSelector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }} + release: {{ $.Release.Name | quote }} +{{ else }} + ruleSelector: {} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.storageSpec }} + storage: +{{ toYaml .Values.prometheus.prometheusSpec.storageSpec | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.podMetadata }} + podMetadata: +{{ tpl (toYaml .Values.prometheus.prometheusSpec.podMetadata | indent 4) . }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.query }} + query: +{{ toYaml .Values.prometheus.prometheusSpec.query | indent 4}} +{{- end }} +{{- if or .Values.prometheus.prometheusSpec.podAntiAffinity .Values.prometheus.prometheusSpec.affinity }} + affinity: +{{- if .Values.prometheus.prometheusSpec.affinity }} +{{ toYaml .Values.prometheus.prometheusSpec.affinity | indent 4 }} +{{- end }} +{{- if eq .Values.prometheus.prometheusSpec.podAntiAffinity "hard" }} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: {{ .Values.prometheus.prometheusSpec.podAntiAffinityTopologyKey }} + labelSelector: + matchExpressions: + - {key: app, operator: In, values: [prometheus]} + - {key: prometheus, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-prometheus]} +{{- else if eq .Values.prometheus.prometheusSpec.podAntiAffinity "soft" }} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: {{ .Values.prometheus.prometheusSpec.podAntiAffinityTopologyKey }} + labelSelector: + matchExpressions: + - {key: app, operator: In, values: [prometheus]} + - {key: prometheus, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-prometheus]} +{{- end }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 4 }} +{{- if .Values.prometheus.prometheusSpec.tolerations }} +{{ toYaml .Values.prometheus.prometheusSpec.tolerations | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.topologySpreadConstraints }} + topologySpreadConstraints: +{{ toYaml .Values.prometheus.prometheusSpec.topologySpreadConstraints | indent 4 }} +{{- end }} +{{- if .Values.global.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.global.imagePullSecrets | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.additionalScrapeConfigs }} + additionalScrapeConfigs: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-scrape-confg + key: additional-scrape-configs.yaml +{{- end }} +{{- if .Values.prometheus.prometheusSpec.additionalScrapeConfigsSecret.enabled }} + additionalScrapeConfigs: + name: {{ .Values.prometheus.prometheusSpec.additionalScrapeConfigsSecret.name }} + key: {{ .Values.prometheus.prometheusSpec.additionalScrapeConfigsSecret.key }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs }} + additionalAlertManagerConfigs: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-am-confg + key: additional-alertmanager-configs.yaml +{{- end }} +{{- if .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigs }} + additionalAlertRelabelConfigs: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-am-relabel-confg + key: additional-alert-relabel-configs.yaml +{{- end }} +{{- if .Values.prometheus.prometheusSpec.containers }} + containers: +{{ tpl .Values.prometheus.prometheusSpec.containers $ | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.initContainers }} + initContainers: +{{ toYaml .Values.prometheus.prometheusSpec.initContainers | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.priorityClassName }} + priorityClassName: {{ .Values.prometheus.prometheusSpec.priorityClassName }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.thanos }} + thanos: +{{ toYaml .Values.prometheus.prometheusSpec.thanos | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.disableCompaction }} + disableCompaction: {{ .Values.prometheus.prometheusSpec.disableCompaction }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.portName }} + portName: {{ .Values.prometheus.prometheusSpec.portName }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.volumes }} + volumes: +{{ toYaml .Values.prometheus.prometheusSpec.volumes | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.volumeMounts }} + volumeMounts: +{{ toYaml .Values.prometheus.prometheusSpec.volumeMounts | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.arbitraryFSAccessThroughSMs }} + arbitraryFSAccessThroughSMs: +{{ toYaml .Values.prometheus.prometheusSpec.arbitraryFSAccessThroughSMs | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.overrideHonorLabels }} + overrideHonorLabels: {{ .Values.prometheus.prometheusSpec.overrideHonorLabels }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.overrideHonorTimestamps }} + overrideHonorTimestamps: {{ .Values.prometheus.prometheusSpec.overrideHonorTimestamps }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }} + ignoreNamespaceSelectors: {{ .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.enforcedNamespaceLabel }} + enforcedNamespaceLabel: {{ .Values.prometheus.prometheusSpec.enforcedNamespaceLabel }} +{{- $prometheusDefaultRulesExcludedFromEnforce := (include "rules.names" .) | fromYaml }} + prometheusRulesExcludedFromEnforce: +{{- range $prometheusDefaultRulesExcludedFromEnforce.rules }} + - ruleNamespace: "{{ template "kube-prometheus-stack.namespace" $ }}" + ruleName: "{{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) . | trunc 63 | trimSuffix "-" }}" +{{- end }} +{{- if .Values.prometheus.prometheusSpec.prometheusRulesExcludedFromEnforce }} +{{ toYaml .Values.prometheus.prometheusSpec.prometheusRulesExcludedFromEnforce | indent 4 }} +{{- end }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.queryLogFile }} + queryLogFile: {{ .Values.prometheus.prometheusSpec.queryLogFile }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.enforcedSampleLimit }} + enforcedSampleLimit: {{ .Values.prometheus.prometheusSpec.enforcedSampleLimit }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.allowOverlappingBlocks }} + allowOverlappingBlocks: {{ .Values.prometheus.prometheusSpec.allowOverlappingBlocks }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/psp-clusterrole.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/psp-clusterrole.yaml new file mode 100755 index 000000000..a279fb241 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/psp-clusterrole.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-psp + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +rules: +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} +- apiGroups: ['policy'] +{{- else }} +- apiGroups: ['extensions'] +{{- end }} + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "kube-prometheus-stack.fullname" . }}-prometheus +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/psp-clusterrolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/psp-clusterrolebinding.yaml new file mode 100755 index 000000000..27b73b74b --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/psp-clusterrolebinding.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-psp + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-psp +subjects: + - kind: ServiceAccount + name: {{ template "kube-prometheus-stack.prometheus.serviceAccountName" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- end }} + diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/psp.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/psp.yaml new file mode 100755 index 000000000..08da5e124 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/psp.yaml @@ -0,0 +1,62 @@ +{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{- if .Values.global.rbac.pspAnnotations }} + annotations: +{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }} +{{- end }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + privileged: false + # Required to prevent escalations to root. + # allowPrivilegeEscalation: false + # This is redundant with non-root + disallow privilege escalation, + # but we can provide it for defense in depth. + #requiredDropCapabilities: + # - ALL + # Allow core volume types. + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'secret' + - 'downwardAPI' + - 'persistentVolumeClaim' +{{- if .Values.prometheus.podSecurityPolicy.volumes }} +{{ toYaml .Values.prometheus.podSecurityPolicy.volumes | indent 4 }} +{{- end }} + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + # Permits the container to run with root privileges as well. + rule: 'RunAsAny' + seLinux: + # This policy assumes the nodes are using AppArmor rather than SELinux. + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + readOnlyRootFilesystem: false +{{- if .Values.prometheus.podSecurityPolicy.allowedCapabilities }} + allowedCapabilities: +{{ toYaml .Values.prometheus.podSecurityPolicy.allowedCapabilities | indent 4 }} +{{- end }} +{{- if .Values.prometheus.podSecurityPolicy.allowedHostPaths }} + allowedHostPaths: +{{ toYaml .Values.prometheus.podSecurityPolicy.allowedHostPaths | indent 4 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/alertmanager.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/alertmanager.rules.yaml new file mode 100755 index 000000000..387a67715 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/alertmanager.rules.yaml @@ -0,0 +1,70 @@ +{{- /* +Generated from 'alertmanager.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.alertmanager }} +{{- $alertmanagerJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager" }} +{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: alertmanager.rules + rules: + - alert: AlertmanagerConfigInconsistent + annotations: + message: 'The configuration of the instances of the Alertmanager cluster `{{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.service {{`}}`}}` are out of sync. + + {{`{{`}} range printf "alertmanager_config_hash{namespace=\"%s\",service=\"%s\"}" $labels.namespace $labels.service | query {{`}}`}} + + Configuration hash for pod {{`{{`}} .Labels.pod {{`}}`}} is "{{`{{`}} printf "%.f" .Value {{`}}`}}" + + {{`{{`}} end {{`}}`}} + + ' + expr: count by(namespace,service) (count_values by(namespace,service) ("config_hash", alertmanager_config_hash{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"})) != 1 + for: 5m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: AlertmanagerFailedReload + annotations: + message: Reloading Alertmanager's configuration has failed for {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod{{`}}`}}. + expr: alertmanager_config_last_reload_successful{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"} == 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: AlertmanagerMembersInconsistent + annotations: + message: Alertmanager has not found all other members of the cluster. + expr: |- + alertmanager_cluster_members{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"} + != on (service) GROUP_LEFT() + count by (service) (alertmanager_cluster_members{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}) + for: 5m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/etcd.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/etcd.yaml new file mode 100755 index 000000000..85287315c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/etcd.yaml @@ -0,0 +1,181 @@ +{{- /* +Generated from 'etcd' group from https://raw.githubusercontent.com/etcd-io/website/master/content/docs/v3.4.0/op-guide/etcd3_alert.rules.yml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.etcd }} +{{- if (include "exporter.kubeEtcd.enabled" .)}} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "etcd" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: etcd + rules: + - alert: etcdInsufficientMembers + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": insufficient members ({{`{{`}} $value {{`}}`}}).' + expr: sum(up{job=~".*etcd.*"} == bool 1) by (job) < ((count(up{job=~".*etcd.*"}) by (job) + 1) / 2) + for: 3m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdNoLeader + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": member {{`{{`}} $labels.instance {{`}}`}} has no leader.' + expr: etcd_server_has_leader{job=~".*etcd.*"} == 0 + for: 1m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfLeaderChanges + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": instance {{`{{`}} $labels.instance {{`}}`}} has seen {{`{{`}} $value {{`}}`}} leader changes within the last hour.' + expr: rate(etcd_server_leader_changes_seen_total{job=~".*etcd.*"}[15m]) > 3 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfFailedGRPCRequests + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.grpc_method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + 100 * sum(rate(grpc_server_handled_total{job=~".*etcd.*", grpc_code!="OK"}[5m])) BY (job, instance, grpc_service, grpc_method) + / + sum(rate(grpc_server_handled_total{job=~".*etcd.*"}[5m])) BY (job, instance, grpc_service, grpc_method) + > 1 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfFailedGRPCRequests + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.grpc_method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + 100 * sum(rate(grpc_server_handled_total{job=~".*etcd.*", grpc_code!="OK"}[5m])) BY (job, instance, grpc_service, grpc_method) + / + sum(rate(grpc_server_handled_total{job=~".*etcd.*"}[5m])) BY (job, instance, grpc_service, grpc_method) + > 5 + for: 5m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdGRPCRequestsSlow + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": gRPC requests to {{`{{`}} $labels.grpc_method {{`}}`}} are taking {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + histogram_quantile(0.99, sum(rate(grpc_server_handling_seconds_bucket{job=~".*etcd.*", grpc_type="unary"}[5m])) by (job, instance, grpc_service, grpc_method, le)) + > 0.15 + for: 10m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdMemberCommunicationSlow + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": member communication with {{`{{`}} $labels.To {{`}}`}} is taking {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + histogram_quantile(0.99, rate(etcd_network_peer_round_trip_time_seconds_bucket{job=~".*etcd.*"}[5m])) + > 0.15 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfFailedProposals + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}} proposal failures within the last hour on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: rate(etcd_server_proposals_failed_total{job=~".*etcd.*"}[15m]) > 5 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighFsyncDurations + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": 99th percentile fync durations are {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + histogram_quantile(0.99, rate(etcd_disk_wal_fsync_duration_seconds_bucket{job=~".*etcd.*"}[5m])) + > 0.5 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighCommitDurations + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": 99th percentile commit durations {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + histogram_quantile(0.99, rate(etcd_disk_backend_commit_duration_seconds_bucket{job=~".*etcd.*"}[5m])) + > 0.25 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfFailedHTTPRequests + annotations: + message: '{{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}' + expr: |- + sum(rate(etcd_http_failed_total{job=~".*etcd.*", code!="404"}[5m])) BY (method) / sum(rate(etcd_http_received_total{job=~".*etcd.*"}[5m])) + BY (method) > 0.01 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfFailedHTTPRequests + annotations: + message: '{{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + sum(rate(etcd_http_failed_total{job=~".*etcd.*", code!="404"}[5m])) BY (method) / sum(rate(etcd_http_received_total{job=~".*etcd.*"}[5m])) + BY (method) > 0.05 + for: 10m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHTTPRequestsSlow + annotations: + message: etcd instance {{`{{`}} $labels.instance {{`}}`}} HTTP requests to {{`{{`}} $labels.method {{`}}`}} are slow. + expr: |- + histogram_quantile(0.99, rate(etcd_http_successful_duration_seconds_bucket[5m])) + > 0.15 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/general.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/general.rules.yaml new file mode 100755 index 000000000..80771f4f8 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/general.rules.yaml @@ -0,0 +1,56 @@ +{{- /* +Generated from 'general.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.general }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "general.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: general.rules + rules: + - alert: TargetDown + annotations: + message: '{{`{{`}} printf "%.4g" $value {{`}}`}}% of the {{`{{`}} $labels.job {{`}}`}}/{{`{{`}} $labels.service {{`}}`}} targets in {{`{{`}} $labels.namespace {{`}}`}} namespace are down.' + expr: 100 * (count(up == 0) BY (job, namespace, service) / count(up) BY (job, namespace, service)) > 10 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: Watchdog + annotations: + message: 'This is an alert meant to ensure that the entire alerting pipeline is functional. + + This alert is always firing, therefore it should always be firing in Alertmanager + + and always fire against a receiver. There are integrations with various notification + + mechanisms that send a notification when this alert is not firing. For example the + + "DeadMansSnitch" integration in PagerDuty. + + ' + expr: vector(1) + labels: + severity: none +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/k8s.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/k8s.rules.yaml new file mode 100755 index 000000000..19511e8fb --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/k8s.rules.yaml @@ -0,0 +1,117 @@ +{{- /* +Generated from 'k8s.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.k8s }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "k8s.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: k8s.rules + rules: + - expr: |- + sum by (cluster, namespace, pod, container) ( + rate(container_cpu_usage_seconds_total{job="kubelet", metrics_path="/metrics/cadvisor", image!="", container!="POD"}[5m]) + ) * on (cluster, namespace, pod) group_left(node) topk by (cluster, namespace, pod) ( + 1, max by(cluster, namespace, pod, node) (kube_pod_info{node!=""}) + ) + record: node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate + - expr: |- + container_memory_working_set_bytes{job="kubelet", metrics_path="/metrics/cadvisor", image!=""} + * on (namespace, pod) group_left(node) topk by(namespace, pod) (1, + max by(namespace, pod, node) (kube_pod_info{node!=""}) + ) + record: node_namespace_pod_container:container_memory_working_set_bytes + - expr: |- + container_memory_rss{job="kubelet", metrics_path="/metrics/cadvisor", image!=""} + * on (namespace, pod) group_left(node) topk by(namespace, pod) (1, + max by(namespace, pod, node) (kube_pod_info{node!=""}) + ) + record: node_namespace_pod_container:container_memory_rss + - expr: |- + container_memory_cache{job="kubelet", metrics_path="/metrics/cadvisor", image!=""} + * on (namespace, pod) group_left(node) topk by(namespace, pod) (1, + max by(namespace, pod, node) (kube_pod_info{node!=""}) + ) + record: node_namespace_pod_container:container_memory_cache + - expr: |- + container_memory_swap{job="kubelet", metrics_path="/metrics/cadvisor", image!=""} + * on (namespace, pod) group_left(node) topk by(namespace, pod) (1, + max by(namespace, pod, node) (kube_pod_info{node!=""}) + ) + record: node_namespace_pod_container:container_memory_swap + - expr: |- + sum by (namespace) ( + sum by (namespace, pod) ( + max by (namespace, pod, container) ( + kube_pod_container_resource_requests_memory_bytes{job="kube-state-metrics"} + ) * on(namespace, pod) group_left() max by (namespace, pod) ( + kube_pod_status_phase{phase=~"Pending|Running"} == 1 + ) + ) + ) + record: namespace:kube_pod_container_resource_requests_memory_bytes:sum + - expr: |- + sum by (namespace) ( + sum by (namespace, pod) ( + max by (namespace, pod, container) ( + kube_pod_container_resource_requests_cpu_cores{job="kube-state-metrics"} + ) * on(namespace, pod) group_left() max by (namespace, pod) ( + kube_pod_status_phase{phase=~"Pending|Running"} == 1 + ) + ) + ) + record: namespace:kube_pod_container_resource_requests_cpu_cores:sum + - expr: |- + max by (cluster, namespace, workload, pod) ( + label_replace( + label_replace( + kube_pod_owner{job="kube-state-metrics", owner_kind="ReplicaSet"}, + "replicaset", "$1", "owner_name", "(.*)" + ) * on(replicaset, namespace) group_left(owner_name) topk by(replicaset, namespace) ( + 1, max by (replicaset, namespace, owner_name) ( + kube_replicaset_owner{job="kube-state-metrics"} + ) + ), + "workload", "$1", "owner_name", "(.*)" + ) + ) + labels: + workload_type: deployment + record: namespace_workload_pod:kube_pod_owner:relabel + - expr: |- + max by (cluster, namespace, workload, pod) ( + label_replace( + kube_pod_owner{job="kube-state-metrics", owner_kind="DaemonSet"}, + "workload", "$1", "owner_name", "(.*)" + ) + ) + labels: + workload_type: daemonset + record: namespace_workload_pod:kube_pod_owner:relabel + - expr: |- + max by (cluster, namespace, workload, pod) ( + label_replace( + kube_pod_owner{job="kube-state-metrics", owner_kind="StatefulSet"}, + "workload", "$1", "owner_name", "(.*)" + ) + ) + labels: + workload_type: statefulset + record: namespace_workload_pod:kube_pod_owner:relabel +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml new file mode 100755 index 000000000..7b00b54a7 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml @@ -0,0 +1,160 @@ +{{- /* +Generated from 'kube-apiserver-availability.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserverAvailability }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-apiserver-availability.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - interval: 3m + name: kube-apiserver-availability.rules + rules: + - expr: |- + 1 - ( + ( + # write too slow + sum(increase(apiserver_request_duration_seconds_count{verb=~"POST|PUT|PATCH|DELETE"}[30d])) + - + sum(increase(apiserver_request_duration_seconds_bucket{verb=~"POST|PUT|PATCH|DELETE",le="1"}[30d])) + ) + + ( + # read too slow + sum(increase(apiserver_request_duration_seconds_count{verb=~"LIST|GET"}[30d])) + - + ( + ( + sum(increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope=~"resource|",le="0.1"}[30d])) + or + vector(0) + ) + + + sum(increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope="namespace",le="0.5"}[30d])) + + + sum(increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope="cluster",le="5"}[30d])) + ) + ) + + # errors + sum(code:apiserver_request_total:increase30d{code=~"5.."} or vector(0)) + ) + / + sum(code:apiserver_request_total:increase30d) + labels: + verb: all + record: apiserver_request:availability30d + - expr: |- + 1 - ( + sum(increase(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[30d])) + - + ( + # too slow + ( + sum(increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[30d])) + or + vector(0) + ) + + + sum(increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[30d])) + + + sum(increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[30d])) + ) + + + # errors + sum(code:apiserver_request_total:increase30d{verb="read",code=~"5.."} or vector(0)) + ) + / + sum(code:apiserver_request_total:increase30d{verb="read"}) + labels: + verb: read + record: apiserver_request:availability30d + - expr: |- + 1 - ( + ( + # too slow + sum(increase(apiserver_request_duration_seconds_count{verb=~"POST|PUT|PATCH|DELETE"}[30d])) + - + sum(increase(apiserver_request_duration_seconds_bucket{verb=~"POST|PUT|PATCH|DELETE",le="1"}[30d])) + ) + + + # errors + sum(code:apiserver_request_total:increase30d{verb="write",code=~"5.."} or vector(0)) + ) + / + sum(code:apiserver_request_total:increase30d{verb="write"}) + labels: + verb: write + record: apiserver_request:availability30d + - expr: avg_over_time(code_verb:apiserver_request_total:increase1h[30d]) * 24 * 30 + record: code_verb:apiserver_request_total:increase30d + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"2.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"2.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"2.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"2.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"2.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"2.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"3.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"3.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"3.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"3.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"3.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"3.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"4.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"4.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"4.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"4.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"4.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"4.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"5.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"5.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"5.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"5.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"5.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"5.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code) (code_verb:apiserver_request_total:increase30d{verb=~"LIST|GET"}) + labels: + verb: read + record: code:apiserver_request_total:increase30d + - expr: sum by (code) (code_verb:apiserver_request_total:increase30d{verb=~"POST|PUT|PATCH|DELETE"}) + labels: + verb: write + record: code:apiserver_request_total:increase30d +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml new file mode 100755 index 000000000..0f44ccc10 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml @@ -0,0 +1,95 @@ +{{- /* +Generated from 'kube-apiserver-slos' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserverSlos }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-apiserver-slos" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kube-apiserver-slos + rules: + - alert: KubeAPIErrorBudgetBurn + annotations: + description: The API server is burning too much error budget. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapierrorbudgetburn + summary: The API server is burning too much error budget. + expr: |- + sum(apiserver_request:burnrate1h) > (14.40 * 0.01000) + and + sum(apiserver_request:burnrate5m) > (14.40 * 0.01000) + for: 2m + labels: + long: 1h + severity: critical + short: 5m +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeAPIErrorBudgetBurn + annotations: + description: The API server is burning too much error budget. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapierrorbudgetburn + summary: The API server is burning too much error budget. + expr: |- + sum(apiserver_request:burnrate6h) > (6.00 * 0.01000) + and + sum(apiserver_request:burnrate30m) > (6.00 * 0.01000) + for: 15m + labels: + long: 6h + severity: critical + short: 30m +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeAPIErrorBudgetBurn + annotations: + description: The API server is burning too much error budget. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapierrorbudgetburn + summary: The API server is burning too much error budget. + expr: |- + sum(apiserver_request:burnrate1d) > (3.00 * 0.01000) + and + sum(apiserver_request:burnrate2h) > (3.00 * 0.01000) + for: 1h + labels: + long: 1d + severity: warning + short: 2h +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeAPIErrorBudgetBurn + annotations: + description: The API server is burning too much error budget. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapierrorbudgetburn + summary: The API server is burning too much error budget. + expr: |- + sum(apiserver_request:burnrate3d) > (1.00 * 0.01000) + and + sum(apiserver_request:burnrate6h) > (1.00 * 0.01000) + for: 3h + labels: + long: 3d + severity: warning + short: 6h +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-apiserver.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-apiserver.rules.yaml new file mode 100755 index 000000000..eddc1e40f --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-apiserver.rules.yaml @@ -0,0 +1,358 @@ +{{- /* +Generated from 'kube-apiserver.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserver }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-apiserver.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kube-apiserver.rules + rules: + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[1d])) + - + ( + ( + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[1d])) + or + vector(0) + ) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[1d])) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[1d])) + ) + ) + + + # errors + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[1d])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[1d])) + labels: + verb: read + record: apiserver_request:burnrate1d + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[1h])) + - + ( + ( + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[1h])) + or + vector(0) + ) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[1h])) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[1h])) + ) + ) + + + # errors + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[1h])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[1h])) + labels: + verb: read + record: apiserver_request:burnrate1h + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[2h])) + - + ( + ( + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[2h])) + or + vector(0) + ) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[2h])) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[2h])) + ) + ) + + + # errors + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[2h])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[2h])) + labels: + verb: read + record: apiserver_request:burnrate2h + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[30m])) + - + ( + ( + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[30m])) + or + vector(0) + ) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[30m])) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[30m])) + ) + ) + + + # errors + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[30m])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[30m])) + labels: + verb: read + record: apiserver_request:burnrate30m + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[3d])) + - + ( + ( + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[3d])) + or + vector(0) + ) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[3d])) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[3d])) + ) + ) + + + # errors + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[3d])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[3d])) + labels: + verb: read + record: apiserver_request:burnrate3d + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[5m])) + - + ( + ( + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[5m])) + or + vector(0) + ) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[5m])) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[5m])) + ) + ) + + + # errors + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[5m])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[5m])) + labels: + verb: read + record: apiserver_request:burnrate5m + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[6h])) + - + ( + ( + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[6h])) + or + vector(0) + ) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[6h])) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[6h])) + ) + ) + + + # errors + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[6h])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[6h])) + labels: + verb: read + record: apiserver_request:burnrate6h + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1d])) + - + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[1d])) + ) + + + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[1d])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1d])) + labels: + verb: write + record: apiserver_request:burnrate1d + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1h])) + - + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[1h])) + ) + + + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[1h])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1h])) + labels: + verb: write + record: apiserver_request:burnrate1h + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[2h])) + - + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[2h])) + ) + + + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[2h])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[2h])) + labels: + verb: write + record: apiserver_request:burnrate2h + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[30m])) + - + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[30m])) + ) + + + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[30m])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[30m])) + labels: + verb: write + record: apiserver_request:burnrate30m + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[3d])) + - + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[3d])) + ) + + + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[3d])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[3d])) + labels: + verb: write + record: apiserver_request:burnrate3d + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m])) + - + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[5m])) + ) + + + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[5m])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m])) + labels: + verb: write + record: apiserver_request:burnrate5m + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[6h])) + - + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[6h])) + ) + + + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[6h])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[6h])) + labels: + verb: write + record: apiserver_request:burnrate6h + - expr: sum by (code,resource) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[5m])) + labels: + verb: read + record: code_resource:apiserver_request_total:rate5m + - expr: sum by (code,resource) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m])) + labels: + verb: write + record: code_resource:apiserver_request_total:rate5m + - expr: histogram_quantile(0.99, sum by (le, resource) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET"}[5m]))) > 0 + labels: + quantile: '0.99' + verb: read + record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.99, sum by (le, resource) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m]))) > 0 + labels: + quantile: '0.99' + verb: write + record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.99, sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",subresource!="log",verb!~"LIST|WATCH|WATCHLIST|DELETECOLLECTION|PROXY|CONNECT"}[5m])) without(instance, pod)) + labels: + quantile: '0.99' + record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.9, sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",subresource!="log",verb!~"LIST|WATCH|WATCHLIST|DELETECOLLECTION|PROXY|CONNECT"}[5m])) without(instance, pod)) + labels: + quantile: '0.9' + record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.5, sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",subresource!="log",verb!~"LIST|WATCH|WATCHLIST|DELETECOLLECTION|PROXY|CONNECT"}[5m])) without(instance, pod)) + labels: + quantile: '0.5' + record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml new file mode 100755 index 000000000..e54bee587 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml @@ -0,0 +1,31 @@ +{{- /* +Generated from 'kube-prometheus-general.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubePrometheusGeneral }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-prometheus-general.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kube-prometheus-general.rules + rules: + - expr: count without(instance, pod, node) (up == 1) + record: count:up1 + - expr: count without(instance, pod, node) (up == 0) + record: count:up0 +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml new file mode 100755 index 000000000..27271f1b5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml @@ -0,0 +1,39 @@ +{{- /* +Generated from 'kube-prometheus-node-recording.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubePrometheusNodeRecording }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-prometheus-node-recording.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kube-prometheus-node-recording.rules + rules: + - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[3m])) BY (instance) + record: instance:node_cpu:rate:sum + - expr: sum(rate(node_network_receive_bytes_total[3m])) BY (instance) + record: instance:node_network_receive_bytes:rate:sum + - expr: sum(rate(node_network_transmit_bytes_total[3m])) BY (instance) + record: instance:node_network_transmit_bytes:rate:sum + - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) WITHOUT (cpu, mode) / ON(instance) GROUP_LEFT() count(sum(node_cpu_seconds_total) BY (instance, cpu)) BY (instance) + record: instance:node_cpu:ratio + - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) + record: cluster:node_cpu:sum_rate5m + - expr: cluster:node_cpu_seconds_total:rate5m / count(sum(node_cpu_seconds_total) BY (instance, cpu)) + record: cluster:node_cpu:ratio +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml new file mode 100755 index 000000000..3c0ff31b0 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml @@ -0,0 +1,65 @@ +{{- /* +Generated from 'kube-scheduler.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubeScheduler }} +{{- if (include "exporter.kubeScheduler.enabled" .)}} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-scheduler.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kube-scheduler.rules + rules: + - expr: histogram_quantile(0.99, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + labels: + quantile: '0.99' + record: cluster_quantile:scheduler_e2e_scheduling_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + labels: + quantile: '0.99' + record: cluster_quantile:scheduler_scheduling_algorithm_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.99, sum(rate(scheduler_binding_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + labels: + quantile: '0.99' + record: cluster_quantile:scheduler_binding_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.9, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + labels: + quantile: '0.9' + record: cluster_quantile:scheduler_e2e_scheduling_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.9, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + labels: + quantile: '0.9' + record: cluster_quantile:scheduler_scheduling_algorithm_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.9, sum(rate(scheduler_binding_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + labels: + quantile: '0.9' + record: cluster_quantile:scheduler_binding_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.5, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + labels: + quantile: '0.5' + record: cluster_quantile:scheduler_e2e_scheduling_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.5, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + labels: + quantile: '0.5' + record: cluster_quantile:scheduler_scheduling_algorithm_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.5, sum(rate(scheduler_binding_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + labels: + quantile: '0.5' + record: cluster_quantile:scheduler_binding_duration_seconds:histogram_quantile +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-state-metrics.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-state-metrics.yaml new file mode 100755 index 000000000..0fa5032ba --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-state-metrics.yaml @@ -0,0 +1,59 @@ +{{- /* +Generated from 'kube-state-metrics' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubeStateMetrics }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-state-metrics" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kube-state-metrics + rules: + - alert: KubeStateMetricsListErrors + annotations: + description: kube-state-metrics is experiencing errors at an elevated rate in list operations. This is likely causing it to not be able to expose metrics about Kubernetes objects correctly or at all. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatemetricslisterrors + summary: kube-state-metrics is experiencing errors in list operations. + expr: |- + (sum(rate(kube_state_metrics_list_total{job="kube-state-metrics",result="error"}[5m])) + / + sum(rate(kube_state_metrics_list_total{job="kube-state-metrics"}[5m]))) + > 0.01 + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeStateMetricsWatchErrors + annotations: + description: kube-state-metrics is experiencing errors at an elevated rate in watch operations. This is likely causing it to not be able to expose metrics about Kubernetes objects correctly or at all. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatemetricswatcherrors + summary: kube-state-metrics is experiencing errors in watch operations. + expr: |- + (sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics",result="error"}[5m])) + / + sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics"}[5m]))) + > 0.01 + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubelet.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubelet.rules.yaml new file mode 100755 index 000000000..8712b9ff5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubelet.rules.yaml @@ -0,0 +1,39 @@ +{{- /* +Generated from 'kubelet.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubelet.enabled .Values.defaultRules.rules.kubelet }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubelet.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubelet.rules + rules: + - expr: histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_duration_seconds_bucket[5m])) by (instance, le) * on(instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"}) + labels: + quantile: '0.99' + record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.9, sum(rate(kubelet_pleg_relist_duration_seconds_bucket[5m])) by (instance, le) * on(instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"}) + labels: + quantile: '0.9' + record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.5, sum(rate(kubelet_pleg_relist_duration_seconds_bucket[5m])) by (instance, le) * on(instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"}) + labels: + quantile: '0.5' + record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-apps.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-apps.yaml new file mode 100755 index 000000000..198bbb845 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-apps.yaml @@ -0,0 +1,298 @@ +{{- /* +Generated from 'kubernetes-apps' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesApps }} +{{- $targetNamespace := .Values.defaultRules.appNamespacesTarget }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-apps" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-apps + rules: + - alert: KubePodCrashLooping + annotations: + description: Pod {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}} ({{`{{`}} $labels.container {{`}}`}}) is restarting {{`{{`}} printf "%.2f" $value {{`}}`}} times / 10 minutes. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepodcrashlooping + summary: Pod is crash looping. + expr: rate(kube_pod_container_status_restarts_total{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[10m]) * 60 * 5 > 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubePodNotReady + annotations: + description: Pod {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}} has been in a non-ready state for longer than 15 minutes. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepodnotready + summary: Pod has been in a non-ready state for more than 15 minutes. + expr: |- + sum by (namespace, pod) ( + max by(namespace, pod) ( + kube_pod_status_phase{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}", phase=~"Pending|Unknown"} + ) * on(namespace, pod) group_left(owner_kind) topk by(namespace, pod) ( + 1, max by(namespace, pod, owner_kind) (kube_pod_owner{owner_kind!="Job"}) + ) + ) > 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeDeploymentGenerationMismatch + annotations: + description: Deployment generation for {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.deployment {{`}}`}} does not match, this indicates that the Deployment has failed but has not been rolled back. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedeploymentgenerationmismatch + summary: Deployment generation mismatch due to possible roll-back + expr: |- + kube_deployment_status_observed_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_deployment_metadata_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeDeploymentReplicasMismatch + annotations: + description: Deployment {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.deployment {{`}}`}} has not matched the expected number of replicas for longer than 15 minutes. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedeploymentreplicasmismatch + summary: Deployment has not matched the expected number of replicas. + expr: |- + ( + kube_deployment_spec_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_deployment_status_replicas_available{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + ) and ( + changes(kube_deployment_status_replicas_updated{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[5m]) + == + 0 + ) + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeStatefulSetReplicasMismatch + annotations: + description: StatefulSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.statefulset {{`}}`}} has not matched the expected number of replicas for longer than 15 minutes. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatefulsetreplicasmismatch + summary: Deployment has not matched the expected number of replicas. + expr: |- + ( + kube_statefulset_status_replicas_ready{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_statefulset_status_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + ) and ( + changes(kube_statefulset_status_replicas_updated{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[5m]) + == + 0 + ) + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeStatefulSetGenerationMismatch + annotations: + description: StatefulSet generation for {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.statefulset {{`}}`}} does not match, this indicates that the StatefulSet has failed but has not been rolled back. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatefulsetgenerationmismatch + summary: StatefulSet generation mismatch due to possible roll-back + expr: |- + kube_statefulset_status_observed_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_statefulset_metadata_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeStatefulSetUpdateNotRolledOut + annotations: + description: StatefulSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.statefulset {{`}}`}} update has not been rolled out. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatefulsetupdatenotrolledout + summary: StatefulSet update has not been rolled out. + expr: |- + ( + max without (revision) ( + kube_statefulset_status_current_revision{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + unless + kube_statefulset_status_update_revision{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + ) + * + ( + kube_statefulset_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_statefulset_status_replicas_updated{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + ) + ) and ( + changes(kube_statefulset_status_replicas_updated{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[5m]) + == + 0 + ) + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeDaemonSetRolloutStuck + annotations: + description: DaemonSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.daemonset {{`}}`}} has not finished or progressed for at least 15 minutes. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedaemonsetrolloutstuck + summary: DaemonSet rollout is stuck. + expr: |- + ( + ( + kube_daemonset_status_current_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + ) or ( + kube_daemonset_status_number_misscheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + 0 + ) or ( + kube_daemonset_updated_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + ) or ( + kube_daemonset_status_number_available{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + ) + ) and ( + changes(kube_daemonset_updated_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[5m]) + == + 0 + ) + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeContainerWaiting + annotations: + description: Pod {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}} container {{`{{`}} $labels.container{{`}}`}} has been in waiting state for longer than 1 hour. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubecontainerwaiting + summary: Pod container waiting longer than 1 hour + expr: sum by (namespace, pod, container) (kube_pod_container_status_waiting_reason{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}) > 0 + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeDaemonSetNotScheduled + annotations: + description: '{{`{{`}} $value {{`}}`}} Pods of DaemonSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.daemonset {{`}}`}} are not scheduled.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedaemonsetnotscheduled + summary: DaemonSet pods are not scheduled. + expr: |- + kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + - + kube_daemonset_status_current_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeDaemonSetMisScheduled + annotations: + description: '{{`{{`}} $value {{`}}`}} Pods of DaemonSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.daemonset {{`}}`}} are running where they are not supposed to run.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedaemonsetmisscheduled + summary: DaemonSet pods are misscheduled. + expr: kube_daemonset_status_number_misscheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeJobCompletion + annotations: + description: Job {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.job_name {{`}}`}} is taking more than 12 hours to complete. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubejobcompletion + summary: Job did not complete in time + expr: kube_job_spec_completions{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - kube_job_status_succeeded{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0 + for: 12h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeJobFailed + annotations: + description: Job {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.job_name {{`}}`}} failed to complete. Removing failed job after investigation should clear this alert. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubejobfailed + summary: Job failed to complete. + expr: kube_job_failed{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeHpaReplicasMismatch + annotations: + description: HPA {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.hpa {{`}}`}} has not matched the desired number of replicas for longer than 15 minutes. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubehpareplicasmismatch + summary: HPA has not matched descired number of replicas. + expr: |- + (kube_hpa_status_desired_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_hpa_status_current_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}) + and + (kube_hpa_status_current_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + > + kube_hpa_spec_min_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}) + and + (kube_hpa_status_current_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + < + kube_hpa_spec_max_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}) + and + changes(kube_hpa_status_current_replicas[15m]) == 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeHpaMaxedOut + annotations: + description: HPA {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.hpa {{`}}`}} has been running at max replicas for longer than 15 minutes. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubehpamaxedout + summary: HPA is running at max replicas + expr: |- + kube_hpa_status_current_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + == + kube_hpa_spec_max_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-resources.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-resources.yaml new file mode 100755 index 000000000..898f8eed2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-resources.yaml @@ -0,0 +1,159 @@ +{{- /* +Generated from 'kubernetes-resources' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesResources }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-resources" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-resources + rules: + - alert: KubeCPUOvercommit + annotations: + description: Cluster has overcommitted CPU resource requests for Pods and cannot tolerate node failure. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubecpuovercommit + summary: Cluster has overcommitted CPU resource requests. + expr: |- + sum(namespace:kube_pod_container_resource_requests_cpu_cores:sum{}) + / + sum(kube_node_status_allocatable_cpu_cores) + > + (count(kube_node_status_allocatable_cpu_cores)-1) / count(kube_node_status_allocatable_cpu_cores) + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeMemoryOvercommit + annotations: + description: Cluster has overcommitted memory resource requests for Pods and cannot tolerate node failure. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubememoryovercommit + summary: Cluster has overcommitted memory resource requests. + expr: |- + sum(namespace:kube_pod_container_resource_requests_memory_bytes:sum{}) + / + sum(kube_node_status_allocatable_memory_bytes) + > + (count(kube_node_status_allocatable_memory_bytes)-1) + / + count(kube_node_status_allocatable_memory_bytes) + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeCPUQuotaOvercommit + annotations: + description: Cluster has overcommitted CPU resource requests for Namespaces. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubecpuquotaovercommit + summary: Cluster has overcommitted CPU resource requests. + expr: |- + sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="cpu"}) + / + sum(kube_node_status_allocatable_cpu_cores) + > 1.5 + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeMemoryQuotaOvercommit + annotations: + description: Cluster has overcommitted memory resource requests for Namespaces. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubememoryquotaovercommit + summary: Cluster has overcommitted memory resource requests. + expr: |- + sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="memory"}) + / + sum(kube_node_status_allocatable_memory_bytes{job="kube-state-metrics"}) + > 1.5 + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeQuotaAlmostFull + annotations: + description: Namespace {{`{{`}} $labels.namespace {{`}}`}} is using {{`{{`}} $value | humanizePercentage {{`}}`}} of its {{`{{`}} $labels.resource {{`}}`}} quota. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubequotaalmostfull + summary: Namespace quota is going to be full. + expr: |- + kube_resourcequota{job="kube-state-metrics", type="used"} + / ignoring(instance, job, type) + (kube_resourcequota{job="kube-state-metrics", type="hard"} > 0) + > 0.9 < 1 + for: 15m + labels: + severity: info +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeQuotaFullyUsed + annotations: + description: Namespace {{`{{`}} $labels.namespace {{`}}`}} is using {{`{{`}} $value | humanizePercentage {{`}}`}} of its {{`{{`}} $labels.resource {{`}}`}} quota. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubequotafullyused + summary: Namespace quota is fully used. + expr: |- + kube_resourcequota{job="kube-state-metrics", type="used"} + / ignoring(instance, job, type) + (kube_resourcequota{job="kube-state-metrics", type="hard"} > 0) + == 1 + for: 15m + labels: + severity: info +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeQuotaExceeded + annotations: + description: Namespace {{`{{`}} $labels.namespace {{`}}`}} is using {{`{{`}} $value | humanizePercentage {{`}}`}} of its {{`{{`}} $labels.resource {{`}}`}} quota. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubequotaexceeded + summary: Namespace quota has exceeded the limits. + expr: |- + kube_resourcequota{job="kube-state-metrics", type="used"} + / ignoring(instance, job, type) + (kube_resourcequota{job="kube-state-metrics", type="hard"} > 0) + > 1 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: CPUThrottlingHigh + annotations: + description: '{{`{{`}} $value | humanizePercentage {{`}}`}} throttling of CPU in namespace {{`{{`}} $labels.namespace {{`}}`}} for container {{`{{`}} $labels.container {{`}}`}} in pod {{`{{`}} $labels.pod {{`}}`}}.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-cputhrottlinghigh + summary: Processes experience elevated CPU throttling. + expr: |- + sum(increase(container_cpu_cfs_throttled_periods_total{container!="", }[5m])) by (container, pod, namespace) + / + sum(increase(container_cpu_cfs_periods_total{}[5m])) by (container, pod, namespace) + > ( 25 / 100 ) + for: 15m + labels: + severity: info +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-storage.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-storage.yaml new file mode 100755 index 000000000..527e6e308 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-storage.yaml @@ -0,0 +1,75 @@ +{{- /* +Generated from 'kubernetes-storage' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesStorage }} +{{- $targetNamespace := .Values.defaultRules.appNamespacesTarget }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-storage" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-storage + rules: + - alert: KubePersistentVolumeFillingUp + annotations: + description: The PersistentVolume claimed by {{`{{`}} $labels.persistentvolumeclaim {{`}}`}} in Namespace {{`{{`}} $labels.namespace {{`}}`}} is only {{`{{`}} $value | humanizePercentage {{`}}`}} free. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepersistentvolumefillingup + summary: PersistentVolume is filling up. + expr: |- + kubelet_volume_stats_available_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} + / + kubelet_volume_stats_capacity_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} + < 0.03 + for: 1m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubePersistentVolumeFillingUp + annotations: + description: Based on recent sampling, the PersistentVolume claimed by {{`{{`}} $labels.persistentvolumeclaim {{`}}`}} in Namespace {{`{{`}} $labels.namespace {{`}}`}} is expected to fill up within four days. Currently {{`{{`}} $value | humanizePercentage {{`}}`}} is available. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepersistentvolumefillingup + summary: PersistentVolume is filling up. + expr: |- + ( + kubelet_volume_stats_available_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} + / + kubelet_volume_stats_capacity_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} + ) < 0.15 + and + predict_linear(kubelet_volume_stats_available_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"}[6h], 4 * 24 * 3600) < 0 + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubePersistentVolumeErrors + annotations: + description: The persistent volume {{`{{`}} $labels.persistentvolume {{`}}`}} has status {{`{{`}} $labels.phase {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepersistentvolumeerrors + summary: PersistentVolume is having issues with provisioning. + expr: kube_persistentvolume_status_phase{phase=~"Failed|Pending",job="kube-state-metrics"} > 0 + for: 5m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml new file mode 100755 index 000000000..2ed298b35 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml @@ -0,0 +1,98 @@ +{{- /* +Generated from 'kubernetes-system-apiserver' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesSystem }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system-apiserver" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-system-apiserver + rules: + - alert: KubeClientCertificateExpiration + annotations: + description: A client certificate used to authenticate to the apiserver is expiring in less than 7.0 days. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeclientcertificateexpiration + summary: Client certificate is about to expire. + expr: apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and on(job) histogram_quantile(0.01, sum by (job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 604800 + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeClientCertificateExpiration + annotations: + description: A client certificate used to authenticate to the apiserver is expiring in less than 24.0 hours. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeclientcertificateexpiration + summary: Client certificate is about to expire. + expr: apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and on(job) histogram_quantile(0.01, sum by (job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 86400 + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: AggregatedAPIErrors + annotations: + description: An aggregated API {{`{{`}} $labels.name {{`}}`}}/{{`{{`}} $labels.namespace {{`}}`}} has reported errors. It has appeared unavailable {{`{{`}} $value | humanize {{`}}`}} times averaged over the past 10m. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-aggregatedapierrors + summary: An aggregated API has reported errors. + expr: sum by(name, namespace)(increase(aggregator_unavailable_apiservice_count[10m])) > 4 + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: AggregatedAPIDown + annotations: + description: An aggregated API {{`{{`}} $labels.name {{`}}`}}/{{`{{`}} $labels.namespace {{`}}`}} has been only {{`{{`}} $value | humanize {{`}}`}}% available over the last 10m. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-aggregatedapidown + summary: An aggregated API is down. + expr: (1 - max by(name, namespace)(avg_over_time(aggregator_unavailable_apiservice[10m]))) * 100 < 85 + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- if .Values.kubeApiServer.enabled }} + - alert: KubeAPIDown + annotations: + description: KubeAPI has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapidown + summary: Target disappeared from Prometheus target discovery. + expr: absent(up{job="apiserver"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} + - alert: KubeAPITerminatedRequests + annotations: + description: The apiserver has terminated {{`{{`}} $value | humanizePercentage {{`}}`}} of its incoming requests. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapiterminatedrequests + summary: The apiserver has terminated {{`{{`}} $value | humanizePercentage {{`}}`}} of its incoming requests. + expr: sum(rate(apiserver_request_terminations_total{job="apiserver"}[10m])) / ( sum(rate(apiserver_request_total{job="apiserver"}[10m])) + sum(rate(apiserver_request_terminations_total{job="apiserver"}[10m])) ) > 0.20 + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml new file mode 100755 index 000000000..bbb5f9e23 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml @@ -0,0 +1,43 @@ +{{- /* +Generated from 'kubernetes-system-controller-manager' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create }} +{{- if (include "exporter.kubeControllerManager.enabled" .)}} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system-controller-manager" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-system-controller-manager + rules: +{{- if (include "exporter.kubeControllerManager.enabled" .)}} + - alert: KubeControllerManagerDown + annotations: + description: KubeControllerManager has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubecontrollermanagerdown + summary: Target disappeared from Prometheus target discovery. + expr: absent(up{job="{{ include "exporter.kubeControllerManager.jobName" . }}"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml new file mode 100755 index 000000000..4d536ec2d --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml @@ -0,0 +1,188 @@ +{{- /* +Generated from 'kubernetes-system-kubelet' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesSystem }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system-kubelet" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-system-kubelet + rules: + - alert: KubeNodeNotReady + annotations: + description: '{{`{{`}} $labels.node {{`}}`}} has been unready for more than 15 minutes.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubenodenotready + summary: Node is not ready. + expr: kube_node_status_condition{job="kube-state-metrics",condition="Ready",status="true"} == 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeNodeUnreachable + annotations: + description: '{{`{{`}} $labels.node {{`}}`}} is unreachable and some workloads may be rescheduled.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubenodeunreachable + summary: Node is unreachable. + expr: (kube_node_spec_taint{job="kube-state-metrics",key="node.kubernetes.io/unreachable",effect="NoSchedule"} unless ignoring(key,value) kube_node_spec_taint{job="kube-state-metrics",key=~"ToBeDeletedByClusterAutoscaler|cloud.google.com/impending-node-termination|aws-node-termination-handler/spot-itn"}) == 1 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletTooManyPods + annotations: + description: Kubelet '{{`{{`}} $labels.node {{`}}`}}' is running at {{`{{`}} $value | humanizePercentage {{`}}`}} of its Pod capacity. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubelettoomanypods + summary: Kubelet is running at capacity. + expr: |- + count by(node) ( + (kube_pod_status_phase{job="kube-state-metrics",phase="Running"} == 1) * on(instance,pod,namespace,cluster) group_left(node) topk by(instance,pod,namespace,cluster) (1, kube_pod_info{job="kube-state-metrics"}) + ) + / + max by(node) ( + kube_node_status_capacity_pods{job="kube-state-metrics"} != 1 + ) > 0.95 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeNodeReadinessFlapping + annotations: + description: The readiness status of node {{`{{`}} $labels.node {{`}}`}} has changed {{`{{`}} $value {{`}}`}} times in the last 15 minutes. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubenodereadinessflapping + summary: Node readiness status is flapping. + expr: sum(changes(kube_node_status_condition{status="true",condition="Ready"}[15m])) by (node) > 2 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletPlegDurationHigh + annotations: + description: The Kubelet Pod Lifecycle Event Generator has a 99th percentile duration of {{`{{`}} $value {{`}}`}} seconds on node {{`{{`}} $labels.node {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletplegdurationhigh + summary: Kubelet Pod Lifecycle Event Generator is taking too long to relist. + expr: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile{quantile="0.99"} >= 10 + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletPodStartUpLatencyHigh + annotations: + description: Kubelet Pod startup 99th percentile latency is {{`{{`}} $value {{`}}`}} seconds on node {{`{{`}} $labels.node {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletpodstartuplatencyhigh + summary: Kubelet Pod startup latency is too high. + expr: histogram_quantile(0.99, sum(rate(kubelet_pod_worker_duration_seconds_bucket{job="kubelet", metrics_path="/metrics"}[5m])) by (instance, le)) * on(instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"} > 60 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletClientCertificateExpiration + annotations: + description: Client certificate for Kubelet on node {{`{{`}} $labels.node {{`}}`}} expires in {{`{{`}} $value | humanizeDuration {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletclientcertificateexpiration + summary: Kubelet client certificate is about to expire. + expr: kubelet_certificate_manager_client_ttl_seconds < 604800 + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletClientCertificateExpiration + annotations: + description: Client certificate for Kubelet on node {{`{{`}} $labels.node {{`}}`}} expires in {{`{{`}} $value | humanizeDuration {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletclientcertificateexpiration + summary: Kubelet client certificate is about to expire. + expr: kubelet_certificate_manager_client_ttl_seconds < 86400 + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletServerCertificateExpiration + annotations: + description: Server certificate for Kubelet on node {{`{{`}} $labels.node {{`}}`}} expires in {{`{{`}} $value | humanizeDuration {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletservercertificateexpiration + summary: Kubelet server certificate is about to expire. + expr: kubelet_certificate_manager_server_ttl_seconds < 604800 + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletServerCertificateExpiration + annotations: + description: Server certificate for Kubelet on node {{`{{`}} $labels.node {{`}}`}} expires in {{`{{`}} $value | humanizeDuration {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletservercertificateexpiration + summary: Kubelet server certificate is about to expire. + expr: kubelet_certificate_manager_server_ttl_seconds < 86400 + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletClientCertificateRenewalErrors + annotations: + description: Kubelet on node {{`{{`}} $labels.node {{`}}`}} has failed to renew its client certificate ({{`{{`}} $value | humanize {{`}}`}} errors in the last 5 minutes). + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletclientcertificaterenewalerrors + summary: Kubelet has failed to renew its client certificate. + expr: increase(kubelet_certificate_manager_client_expiration_renew_errors[5m]) > 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletServerCertificateRenewalErrors + annotations: + description: Kubelet on node {{`{{`}} $labels.node {{`}}`}} has failed to renew its server certificate ({{`{{`}} $value | humanize {{`}}`}} errors in the last 5 minutes). + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletservercertificaterenewalerrors + summary: Kubelet has failed to renew its server certificate. + expr: increase(kubelet_server_expiration_renew_errors[5m]) > 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- if .Values.prometheusOperator.kubeletService.enabled }} + - alert: KubeletDown + annotations: + description: Kubelet has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletdown + summary: Target disappeared from Prometheus target discovery. + expr: absent(up{job="kubelet", metrics_path="/metrics"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml new file mode 100755 index 000000000..f4f5589f4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml @@ -0,0 +1,43 @@ +{{- /* +Generated from 'kubernetes-system-scheduler' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubeScheduler }} +{{- if (include "exporter.kubeScheduler.enabled" .)}} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system-scheduler" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-system-scheduler + rules: +{{- if (include "exporter.kubeScheduler.enabled" .)}} + - alert: KubeSchedulerDown + annotations: + description: KubeScheduler has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeschedulerdown + summary: Target disappeared from Prometheus target discovery. + expr: absent(up{job="{{ include "exporter.kubeScheduler.jobName" . }}"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system.yaml new file mode 100755 index 000000000..52230c62e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system.yaml @@ -0,0 +1,55 @@ +{{- /* +Generated from 'kubernetes-system' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesSystem }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-system + rules: + - alert: KubeVersionMismatch + annotations: + description: There are {{`{{`}} $value {{`}}`}} different semantic versions of Kubernetes components running. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeversionmismatch + summary: Different semantic versions of Kubernetes components running. + expr: count(count by (gitVersion) (label_replace(kubernetes_build_info{job!~"kube-dns|coredns"},"gitVersion","$1","gitVersion","(v[0-9]*.[0-9]*).*"))) > 1 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeClientErrors + annotations: + description: Kubernetes API server client '{{`{{`}} $labels.job {{`}}`}}/{{`{{`}} $labels.instance {{`}}`}}' is experiencing {{`{{`}} $value | humanizePercentage {{`}}`}} errors.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeclienterrors + summary: Kubernetes API server client is experiencing errors. + expr: |- + (sum(rate(rest_client_requests_total{code=~"5.."}[5m])) by (instance, job) + / + sum(rate(rest_client_requests_total[5m])) by (instance, job)) + > 0.01 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node-exporter.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node-exporter.rules.yaml new file mode 100755 index 000000000..ddb737647 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node-exporter.rules.yaml @@ -0,0 +1,79 @@ +{{- /* +Generated from 'node-exporter.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/node-exporter-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.node }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node-exporter.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: node-exporter.rules + rules: + - expr: |- + count without (cpu) ( + count without (mode) ( + node_cpu_seconds_total{job="node-exporter"} + ) + ) + record: instance:node_num_cpu:sum + - expr: |- + 1 - avg without (cpu, mode) ( + rate(node_cpu_seconds_total{job="node-exporter", mode="idle"}[1m]) + ) + record: instance:node_cpu_utilisation:rate1m + - expr: |- + ( + node_load1{job="node-exporter"} + / + instance:node_num_cpu:sum{job="node-exporter"} + ) + record: instance:node_load1_per_cpu:ratio + - expr: |- + 1 - ( + node_memory_MemAvailable_bytes{job="node-exporter"} + / + node_memory_MemTotal_bytes{job="node-exporter"} + ) + record: instance:node_memory_utilisation:ratio + - expr: rate(node_vmstat_pgmajfault{job="node-exporter"}[1m]) + record: instance:node_vmstat_pgmajfault:rate1m + - expr: rate(node_disk_io_time_seconds_total{job="node-exporter", device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"}[1m]) + record: instance_device:node_disk_io_time_seconds:rate1m + - expr: rate(node_disk_io_time_weighted_seconds_total{job="node-exporter", device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"}[1m]) + record: instance_device:node_disk_io_time_weighted_seconds:rate1m + - expr: |- + sum without (device) ( + rate(node_network_receive_bytes_total{job="node-exporter", device!="lo"}[1m]) + ) + record: instance:node_network_receive_bytes_excluding_lo:rate1m + - expr: |- + sum without (device) ( + rate(node_network_transmit_bytes_total{job="node-exporter", device!="lo"}[1m]) + ) + record: instance:node_network_transmit_bytes_excluding_lo:rate1m + - expr: |- + sum without (device) ( + rate(node_network_receive_drop_total{job="node-exporter", device!="lo"}[1m]) + ) + record: instance:node_network_receive_drop_excluding_lo:rate1m + - expr: |- + sum without (device) ( + rate(node_network_transmit_drop_total{job="node-exporter", device!="lo"}[1m]) + ) + record: instance:node_network_transmit_drop_excluding_lo:rate1m +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node-exporter.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node-exporter.yaml new file mode 100755 index 000000000..3be497c1f --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node-exporter.yaml @@ -0,0 +1,262 @@ +{{- /* +Generated from 'node-exporter' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/node-exporter-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.node }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node-exporter" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: node-exporter + rules: + - alert: NodeFilesystemSpaceFillingUp + annotations: + description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left and is filling up. + summary: Filesystem is predicted to run out of space within the next 24 hours. + expr: |- + ( + node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 40 + and + predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 24*60*60) < 0 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeFilesystemSpaceFillingUp + annotations: + description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left and is filling up fast. + summary: Filesystem is predicted to run out of space within the next 4 hours. + expr: |- + ( + node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 15 + and + predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 4*60*60) < 0 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeFilesystemAlmostOutOfSpace + annotations: + description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left. + summary: Filesystem has less than 5% space left. + expr: |- + ( + node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 5 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeFilesystemAlmostOutOfSpace + annotations: + description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left. + summary: Filesystem has less than 3% space left. + expr: |- + ( + node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 3 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeFilesystemFilesFillingUp + annotations: + description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left and is filling up. + summary: Filesystem is predicted to run out of inodes within the next 24 hours. + expr: |- + ( + node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 40 + and + predict_linear(node_filesystem_files_free{job="node-exporter",fstype!=""}[6h], 24*60*60) < 0 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeFilesystemFilesFillingUp + annotations: + description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left and is filling up fast. + summary: Filesystem is predicted to run out of inodes within the next 4 hours. + expr: |- + ( + node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 20 + and + predict_linear(node_filesystem_files_free{job="node-exporter",fstype!=""}[6h], 4*60*60) < 0 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeFilesystemAlmostOutOfFiles + annotations: + description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left. + summary: Filesystem has less than 5% inodes left. + expr: |- + ( + node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 5 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeFilesystemAlmostOutOfFiles + annotations: + description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left. + summary: Filesystem has less than 3% inodes left. + expr: |- + ( + node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 3 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeNetworkReceiveErrs + annotations: + description: '{{`{{`}} $labels.instance {{`}}`}} interface {{`{{`}} $labels.device {{`}}`}} has encountered {{`{{`}} printf "%.0f" $value {{`}}`}} receive errors in the last two minutes.' + summary: Network interface is reporting many receive errors. + expr: rate(node_network_receive_errs_total[2m]) / rate(node_network_receive_packets_total[2m]) > 0.01 + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeNetworkTransmitErrs + annotations: + description: '{{`{{`}} $labels.instance {{`}}`}} interface {{`{{`}} $labels.device {{`}}`}} has encountered {{`{{`}} printf "%.0f" $value {{`}}`}} transmit errors in the last two minutes.' + summary: Network interface is reporting many transmit errors. + expr: rate(node_network_transmit_errs_total[2m]) / rate(node_network_transmit_packets_total[2m]) > 0.01 + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeHighNumberConntrackEntriesUsed + annotations: + description: '{{`{{`}} $value | humanizePercentage {{`}}`}} of conntrack entries are used.' + summary: Number of conntrack are getting close to the limit. + expr: (node_nf_conntrack_entries / node_nf_conntrack_entries_limit) > 0.75 + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeTextFileCollectorScrapeError + annotations: + description: Node Exporter text file collector failed to scrape. + summary: Node Exporter text file collector failed to scrape. + expr: node_textfile_scrape_error{job="node-exporter"} == 1 + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeClockSkewDetected + annotations: + message: Clock on {{`{{`}} $labels.instance {{`}}`}} is out of sync by more than 300s. Ensure NTP is configured correctly on this host. + summary: Clock skew detected. + expr: |- + ( + node_timex_offset_seconds > 0.05 + and + deriv(node_timex_offset_seconds[5m]) >= 0 + ) + or + ( + node_timex_offset_seconds < -0.05 + and + deriv(node_timex_offset_seconds[5m]) <= 0 + ) + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeClockNotSynchronising + annotations: + message: Clock on {{`{{`}} $labels.instance {{`}}`}} is not synchronising. Ensure NTP is configured on this host. + summary: Clock not synchronising. + expr: |- + min_over_time(node_timex_sync_status[5m]) == 0 + and + node_timex_maxerror_seconds >= 16 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeRAIDDegraded + annotations: + description: RAID array '{{`{{`}} $labels.device {{`}}`}}' on {{`{{`}} $labels.instance {{`}}`}} is in degraded state due to one or more disks failures. Number of spare drives is insufficient to fix issue automatically. + summary: RAID Array is degraded + expr: node_md_disks_required - ignoring (state) (node_md_disks{state="active"}) > 0 + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeRAIDDiskFailure + annotations: + description: At least one device in RAID array on {{`{{`}} $labels.instance {{`}}`}} failed. Array '{{`{{`}} $labels.device {{`}}`}}' needs attention and possibly a disk swap. + summary: Failed device in RAID array + expr: node_md_disks{state="fail"} > 0 + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node-network.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node-network.yaml new file mode 100755 index 000000000..9a6955ae9 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node-network.yaml @@ -0,0 +1,37 @@ +{{- /* +Generated from 'node-network' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.network }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node-network" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: node-network + rules: + - alert: NodeNetworkInterfaceFlapping + annotations: + message: Network interface "{{`{{`}} $labels.device {{`}}`}}" changing it's up status often on node-exporter {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}}" + expr: changes(node_network_up{job="node-exporter",device!~"veth.+"}[2m]) > 2 + for: 2m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node.rules.yaml new file mode 100755 index 000000000..c841e6f6e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node.rules.yaml @@ -0,0 +1,51 @@ +{{- /* +Generated from 'node.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.node }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: node.rules + rules: + - expr: |- + topk by(namespace, pod) (1, + max by (node, namespace, pod) ( + label_replace(kube_pod_info{job="kube-state-metrics",node!=""}, "pod", "$1", "pod", "(.*)") + )) + record: 'node_namespace_pod:kube_pod_info:' + - expr: |- + count by (cluster, node) (sum by (node, cpu) ( + node_cpu_seconds_total{job="node-exporter"} + * on (namespace, pod) group_left(node) + node_namespace_pod:kube_pod_info: + )) + record: node:node_num_cpu:sum + - expr: |- + sum( + node_memory_MemAvailable_bytes{job="node-exporter"} or + ( + node_memory_Buffers_bytes{job="node-exporter"} + + node_memory_Cached_bytes{job="node-exporter"} + + node_memory_MemFree_bytes{job="node-exporter"} + + node_memory_Slab_bytes{job="node-exporter"} + ) + ) by (cluster) + record: :node_memory_MemAvailable_bytes:sum +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/prometheus-operator.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/prometheus-operator.yaml new file mode 100755 index 000000000..d1c1f6545 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/prometheus-operator.yaml @@ -0,0 +1,113 @@ +{{- /* +Generated from 'prometheus-operator' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.prometheusOperator }} +{{- $operatorJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "operator" }} +{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus-operator" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: prometheus-operator + rules: + - alert: PrometheusOperatorListErrors + annotations: + description: Errors while performing List operations in controller {{`{{`}}$labels.controller{{`}}`}} in {{`{{`}}$labels.namespace{{`}}`}} namespace. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatorlisterrors + summary: Errors while performing list operations in controller. + expr: (sum by (controller,namespace) (rate(prometheus_operator_list_operations_failed_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[10m])) / sum by (controller,namespace) (rate(prometheus_operator_list_operations_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[10m]))) > 0.4 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusOperatorWatchErrors + annotations: + description: Errors while performing watch operations in controller {{`{{`}}$labels.controller{{`}}`}} in {{`{{`}}$labels.namespace{{`}}`}} namespace. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatorwatcherrors + summary: Errors while performing watch operations in controller. + expr: (sum by (controller,namespace) (rate(prometheus_operator_watch_operations_failed_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[10m])) / sum by (controller,namespace) (rate(prometheus_operator_watch_operations_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[10m]))) > 0.4 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusOperatorSyncFailed + annotations: + description: Controller {{`{{`}} $labels.controller {{`}}`}} in {{`{{`}} $labels.namespace {{`}}`}} namespace fails to reconcile {{`{{`}} $value {{`}}`}} objects. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatorsyncfailed + summary: Last controller reconciliation failed + expr: min_over_time(prometheus_operator_syncs{status="failed",job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) > 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusOperatorReconcileErrors + annotations: + description: '{{`{{`}} $value | humanizePercentage {{`}}`}} of reconciling operations failed for {{`{{`}} $labels.controller {{`}}`}} controller in {{`{{`}} $labels.namespace {{`}}`}} namespace.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatorreconcileerrors + summary: Errors while reconciling controller. + expr: (sum by (controller,namespace) (rate(prometheus_operator_reconcile_errors_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]))) / (sum by (controller,namespace) (rate(prometheus_operator_reconcile_operations_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]))) > 0.1 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusOperatorNodeLookupErrors + annotations: + description: Errors while reconciling Prometheus in {{`{{`}} $labels.namespace {{`}}`}} Namespace. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatornodelookuperrors + summary: Errors while reconciling Prometheus. + expr: rate(prometheus_operator_node_address_lookup_errors_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) > 0.1 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusOperatorNotReady + annotations: + description: Prometheus operator in {{`{{`}} $labels.namespace {{`}}`}} namespace isn't ready to reconcile {{`{{`}} $labels.controller {{`}}`}} resources. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatornotready + summary: Prometheus operator not ready + expr: min by(namespace, controller) (max_over_time(prometheus_operator_ready{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) == 0) + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusOperatorRejectedResources + annotations: + description: Prometheus operator in {{`{{`}} $labels.namespace {{`}}`}} namespace rejected {{`{{`}} printf "%0.0f" $value {{`}}`}} {{`{{`}} $labels.controller {{`}}`}}/{{`{{`}} $labels.resource {{`}}`}} resources. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatorrejectedresources + summary: Resources rejected by Prometheus operator + expr: min_over_time(prometheus_operator_managed_resources{state="rejected",job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) > 0 + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/prometheus.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/prometheus.yaml new file mode 100755 index 000000000..c9c805eea --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/prometheus.yaml @@ -0,0 +1,258 @@ +{{- /* +Generated from 'prometheus' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.prometheus }} +{{- $prometheusJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" }} +{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: prometheus + rules: + - alert: PrometheusBadConfig + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has failed to reload its configuration. + summary: Failed Prometheus configuration reload. + expr: |- + # Without max_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + max_over_time(prometheus_config_last_reload_successful{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) == 0 + for: 10m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusNotificationQueueRunningFull + annotations: + description: Alert notification queue of Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is running full. + summary: Prometheus alert notification queue predicted to run full in less than 30m. + expr: |- + # Without min_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + ( + predict_linear(prometheus_notifications_queue_length{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m], 60 * 30) + > + min_over_time(prometheus_notifications_queue_capacity{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + ) + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusErrorSendingAlertsToSomeAlertmanagers + annotations: + description: '{{`{{`}} printf "%.1f" $value {{`}}`}}% errors while sending alerts from Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} to Alertmanager {{`{{`}}$labels.alertmanager{{`}}`}}.' + summary: Prometheus has encountered more than 1% errors sending alerts to a specific Alertmanager. + expr: |- + ( + rate(prometheus_notifications_errors_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + / + rate(prometheus_notifications_sent_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + ) + * 100 + > 1 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusErrorSendingAlertsToAnyAlertmanager + annotations: + description: '{{`{{`}} printf "%.1f" $value {{`}}`}}% minimum errors while sending alerts from Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} to any Alertmanager.' + summary: Prometheus encounters more than 3% errors sending alerts to any Alertmanager. + expr: |- + min without(alertmanager) ( + rate(prometheus_notifications_errors_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + / + rate(prometheus_notifications_sent_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + ) + * 100 + > 3 + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusNotConnectedToAlertmanagers + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is not connected to any Alertmanagers. + summary: Prometheus is not connected to any Alertmanagers. + expr: |- + # Without max_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + max_over_time(prometheus_notifications_alertmanagers_discovered{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) < 1 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusTSDBReloadsFailing + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has detected {{`{{`}}$value | humanize{{`}}`}} reload failures over the last 3h. + summary: Prometheus has issues reloading blocks from disk. + expr: increase(prometheus_tsdb_reloads_failures_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[3h]) > 0 + for: 4h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusTSDBCompactionsFailing + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has detected {{`{{`}}$value | humanize{{`}}`}} compaction failures over the last 3h. + summary: Prometheus has issues compacting blocks. + expr: increase(prometheus_tsdb_compactions_failed_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[3h]) > 0 + for: 4h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusNotIngestingSamples + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is not ingesting samples. + summary: Prometheus is not ingesting samples. + expr: rate(prometheus_tsdb_head_samples_appended_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) <= 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusDuplicateTimestamps + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is dropping {{`{{`}} printf "%.4g" $value {{`}}`}} samples/s with different values but duplicated timestamp. + summary: Prometheus is dropping samples with duplicate timestamps. + expr: rate(prometheus_target_scrapes_sample_duplicate_timestamp_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusOutOfOrderTimestamps + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is dropping {{`{{`}} printf "%.4g" $value {{`}}`}} samples/s with timestamps arriving out of order. + summary: Prometheus drops samples with out-of-order timestamps. + expr: rate(prometheus_target_scrapes_sample_out_of_order_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusRemoteStorageFailures + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} failed to send {{`{{`}} printf "%.1f" $value {{`}}`}}% of the samples to {{`{{`}} $labels.remote_name{{`}}`}}:{{`{{`}} $labels.url {{`}}`}} + summary: Prometheus fails to send samples to remote storage. + expr: |- + ( + rate(prometheus_remote_storage_failed_samples_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + / + ( + rate(prometheus_remote_storage_failed_samples_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + + + rate(prometheus_remote_storage_succeeded_samples_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + ) + ) + * 100 + > 1 + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusRemoteWriteBehind + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} remote write is {{`{{`}} printf "%.1f" $value {{`}}`}}s behind for {{`{{`}} $labels.remote_name{{`}}`}}:{{`{{`}} $labels.url {{`}}`}}. + summary: Prometheus remote write is behind. + expr: |- + # Without max_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + ( + max_over_time(prometheus_remote_storage_highest_timestamp_in_seconds{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + - on(job, instance) group_right + max_over_time(prometheus_remote_storage_queue_highest_sent_timestamp_seconds{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + ) + > 120 + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusRemoteWriteDesiredShards + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} remote write desired shards calculation wants to run {{`{{`}} $value {{`}}`}} shards for queue {{`{{`}} $labels.remote_name{{`}}`}}:{{`{{`}} $labels.url {{`}}`}}, which is more than the max of {{`{{`}} printf `prometheus_remote_storage_shards_max{instance="%s",job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}` $labels.instance | query | first | value {{`}}`}}. + summary: Prometheus remote write desired shards calculation wants to run more than configured max shards. + expr: |- + # Without max_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + ( + max_over_time(prometheus_remote_storage_shards_desired{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + > + max_over_time(prometheus_remote_storage_shards_max{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + ) + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusRuleFailures + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has failed to evaluate {{`{{`}} printf "%.0f" $value {{`}}`}} rules in the last 5m. + summary: Prometheus is failing rule evaluations. + expr: increase(prometheus_rule_evaluation_failures_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0 + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusMissingRuleEvaluations + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has missed {{`{{`}} printf "%.0f" $value {{`}}`}} rule group evaluations in the last 5m. + summary: Prometheus is missing rule evaluations due to slow rule group evaluation. + expr: increase(prometheus_rule_group_iterations_missed_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusTargetLimitHit + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has dropped {{`{{`}} printf "%.0f" $value {{`}}`}} targets because the number of targets exceeded the configured target_limit. + summary: Prometheus has dropped targets because some scrape configs have exceeded the targets limit. + expr: increase(prometheus_target_scrape_pool_exceeded_target_limit_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/alertmanager.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/alertmanager.rules.yaml new file mode 100755 index 000000000..71159849c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/alertmanager.rules.yaml @@ -0,0 +1,63 @@ +{{- /* +Generated from 'alertmanager.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.alertmanager }} +{{- $operatorJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "operator" }} +{{- $alertmanagerJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager" }} +{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: alertmanager.rules + rules: + - alert: AlertmanagerConfigInconsistent + annotations: + message: The configuration of the instances of the Alertmanager cluster `{{`{{`}}$labels.service{{`}}`}}` are out of sync. + expr: count_values("config_hash", alertmanager_config_hash{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}) BY (service) / ON(service) GROUP_LEFT() label_replace(max(prometheus_operator_spec_replicas{job="{{ $operatorJob }}",namespace="{{ $namespace }}",controller="alertmanager"}) by (name, job, namespace, controller), "service", "$1", "name", "(.*)") != 1 + for: 5m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: AlertmanagerFailedReload + annotations: + message: Reloading Alertmanager's configuration has failed for {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod{{`}}`}}. + expr: alertmanager_config_last_reload_successful{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"} == 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: AlertmanagerMembersInconsistent + annotations: + message: Alertmanager has not found all other members of the cluster. + expr: |- + alertmanager_cluster_members{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"} + != on (service) GROUP_LEFT() + count by (service) (alertmanager_cluster_members{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}) + for: 5m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/etcd.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/etcd.yaml new file mode 100755 index 000000000..048410bc3 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/etcd.yaml @@ -0,0 +1,181 @@ +{{- /* +Generated from 'etcd' group from https://raw.githubusercontent.com/etcd-io/website/master/content/docs/v3.4.0/op-guide/etcd3_alert.rules.yml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.etcd }} +{{- if (include "exporter.kubeEtcd.enabled" .)}} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "etcd" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: etcd + rules: + - alert: etcdInsufficientMembers + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": insufficient members ({{`{{`}} $value {{`}}`}}).' + expr: sum(up{job=~".*etcd.*"} == bool 1) by (job) < ((count(up{job=~".*etcd.*"}) by (job) + 1) / 2) + for: 3m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdNoLeader + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": member {{`{{`}} $labels.instance {{`}}`}} has no leader.' + expr: etcd_server_has_leader{job=~".*etcd.*"} == 0 + for: 1m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfLeaderChanges + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": instance {{`{{`}} $labels.instance {{`}}`}} has seen {{`{{`}} $value {{`}}`}} leader changes within the last hour.' + expr: rate(etcd_server_leader_changes_seen_total{job=~".*etcd.*"}[15m]) > 3 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfFailedGRPCRequests + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.grpc_method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + 100 * sum(rate(grpc_server_handled_total{job=~".*etcd.*", grpc_code!="OK"}[5m])) BY (job, instance, grpc_service, grpc_method) + / + sum(rate(grpc_server_handled_total{job=~".*etcd.*"}[5m])) BY (job, instance, grpc_service, grpc_method) + > 1 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfFailedGRPCRequests + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.grpc_method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + 100 * sum(rate(grpc_server_handled_total{job=~".*etcd.*", grpc_code!="OK"}[5m])) BY (job, instance, grpc_service, grpc_method) + / + sum(rate(grpc_server_handled_total{job=~".*etcd.*"}[5m])) BY (job, instance, grpc_service, grpc_method) + > 5 + for: 5m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdGRPCRequestsSlow + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": gRPC requests to {{`{{`}} $labels.grpc_method {{`}}`}} are taking {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + histogram_quantile(0.99, sum(rate(grpc_server_handling_seconds_bucket{job=~".*etcd.*", grpc_type="unary"}[5m])) by (job, instance, grpc_service, grpc_method, le)) + > 0.15 + for: 10m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdMemberCommunicationSlow + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": member communication with {{`{{`}} $labels.To {{`}}`}} is taking {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + histogram_quantile(0.99, rate(etcd_network_peer_round_trip_time_seconds_bucket{job=~".*etcd.*"}[5m])) + > 0.15 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfFailedProposals + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}} proposal failures within the last hour on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: rate(etcd_server_proposals_failed_total{job=~".*etcd.*"}[15m]) > 5 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighFsyncDurations + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": 99th percentile fync durations are {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + histogram_quantile(0.99, rate(etcd_disk_wal_fsync_duration_seconds_bucket{job=~".*etcd.*"}[5m])) + > 0.5 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighCommitDurations + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": 99th percentile commit durations {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + histogram_quantile(0.99, rate(etcd_disk_backend_commit_duration_seconds_bucket{job=~".*etcd.*"}[5m])) + > 0.25 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfFailedHTTPRequests + annotations: + message: '{{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}' + expr: |- + sum(rate(etcd_http_failed_total{job=~".*etcd.*", code!="404"}[5m])) BY (method) / sum(rate(etcd_http_received_total{job=~".*etcd.*"}[5m])) + BY (method) > 0.01 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfFailedHTTPRequests + annotations: + message: '{{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + sum(rate(etcd_http_failed_total{job=~".*etcd.*", code!="404"}[5m])) BY (method) / sum(rate(etcd_http_received_total{job=~".*etcd.*"}[5m])) + BY (method) > 0.05 + for: 10m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHTTPRequestsSlow + annotations: + message: etcd instance {{`{{`}} $labels.instance {{`}}`}} HTTP requests to {{`{{`}} $labels.method {{`}}`}} are slow. + expr: |- + histogram_quantile(0.99, rate(etcd_http_successful_duration_seconds_bucket[5m])) + > 0.15 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/general.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/general.rules.yaml new file mode 100755 index 000000000..cde6feb5c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/general.rules.yaml @@ -0,0 +1,56 @@ +{{- /* +Generated from 'general.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.general }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "general.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: general.rules + rules: + - alert: TargetDown + annotations: + message: '{{`{{`}} $value {{`}}`}}% of the {{`{{`}} $labels.job {{`}}`}} targets are down.' + expr: 100 * (count(up == 0) BY (job) / count(up) BY (job)) > 10 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: Watchdog + annotations: + message: 'This is an alert meant to ensure that the entire alerting pipeline is functional. + + This alert is always firing, therefore it should always be firing in Alertmanager + + and always fire against a receiver. There are integrations with various notification + + mechanisms that send a notification when this alert is not firing. For example the + + "DeadMansSnitch" integration in PagerDuty. + + ' + expr: vector(1) + labels: + severity: none +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/k8s.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/k8s.rules.yaml new file mode 100755 index 000000000..08aa7fe2b --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/k8s.rules.yaml @@ -0,0 +1,83 @@ +{{- /* +Generated from 'k8s.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.k8s }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "k8s.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: k8s.rules + rules: + - expr: sum(rate(container_cpu_usage_seconds_total{job="kubelet", image!="", container_name!=""}[5m])) by (namespace) + record: namespace:container_cpu_usage_seconds_total:sum_rate + - expr: sum(container_memory_usage_bytes{job="kubelet", image!="", container_name!=""}) by (namespace) + record: namespace:container_memory_usage_bytes:sum + - expr: |- + sum by (namespace, pod_name, container_name) ( + rate(container_cpu_usage_seconds_total{job="kubelet", image!="", container_name!=""}[5m]) + ) + record: namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate + - expr: |- + sum by(namespace) ( + kube_pod_container_resource_requests_memory_bytes{job="kube-state-metrics"} + * on (endpoint, instance, job, namespace, pod, service) + group_left(phase) (kube_pod_status_phase{phase=~"^(Pending|Running)$"} == 1) + ) + record: namespace_name:kube_pod_container_resource_requests_memory_bytes:sum + - expr: |- + sum by (namespace) ( + kube_pod_container_resource_requests_cpu_cores{job="kube-state-metrics"} + * on (endpoint, instance, job, namespace, pod, service) + group_left(phase) (kube_pod_status_phase{phase=~"^(Pending|Running)$"} == 1) + ) + record: namespace_name:kube_pod_container_resource_requests_cpu_cores:sum + - expr: |- + sum( + label_replace( + label_replace( + kube_pod_owner{job="kube-state-metrics", owner_kind="ReplicaSet"}, + "replicaset", "$1", "owner_name", "(.*)" + ) * on(replicaset, namespace) group_left(owner_name) kube_replicaset_owner{job="kube-state-metrics"}, + "workload", "$1", "owner_name", "(.*)" + ) + ) by (namespace, workload, pod) + labels: + workload_type: deployment + record: mixin_pod_workload + - expr: |- + sum( + label_replace( + kube_pod_owner{job="kube-state-metrics", owner_kind="DaemonSet"}, + "workload", "$1", "owner_name", "(.*)" + ) + ) by (namespace, workload, pod) + labels: + workload_type: daemonset + record: mixin_pod_workload + - expr: |- + sum( + label_replace( + kube_pod_owner{job="kube-state-metrics", owner_kind="StatefulSet"}, + "workload", "$1", "owner_name", "(.*)" + ) + ) by (namespace, workload, pod) + labels: + workload_type: statefulset + record: mixin_pod_workload +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-apiserver.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-apiserver.rules.yaml new file mode 100755 index 000000000..e3a929692 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-apiserver.rules.yaml @@ -0,0 +1,39 @@ +{{- /* +Generated from 'kube-apiserver.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserver }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-apiserver.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kube-apiserver.rules + rules: + - expr: histogram_quantile(0.99, sum(rate(apiserver_request_latencies_bucket{job="apiserver"}[5m])) without(instance, pod)) / 1e+06 + labels: + quantile: '0.99' + record: cluster_quantile:apiserver_request_latencies:histogram_quantile + - expr: histogram_quantile(0.9, sum(rate(apiserver_request_latencies_bucket{job="apiserver"}[5m])) without(instance, pod)) / 1e+06 + labels: + quantile: '0.9' + record: cluster_quantile:apiserver_request_latencies:histogram_quantile + - expr: histogram_quantile(0.5, sum(rate(apiserver_request_latencies_bucket{job="apiserver"}[5m])) without(instance, pod)) / 1e+06 + labels: + quantile: '0.5' + record: cluster_quantile:apiserver_request_latencies:histogram_quantile +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-prometheus-node-alerting.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-prometheus-node-alerting.rules.yaml new file mode 100755 index 000000000..a8d5400cb --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-prometheus-node-alerting.rules.yaml @@ -0,0 +1,47 @@ +{{- /* +Generated from 'kube-prometheus-node-alerting.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubePrometheusNodeAlerting }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-prometheus-node-alerting.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kube-prometheus-node-alerting.rules + rules: + - alert: NodeDiskRunningFull + annotations: + message: Device {{`{{`}} $labels.device {{`}}`}} of node-exporter {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}} will be full within the next 24 hours. + expr: '(node:node_filesystem_usage: > 0.85) and (predict_linear(node:node_filesystem_avail:[6h], 3600 * 24) < 0)' + for: 30m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeDiskRunningFull + annotations: + message: Device {{`{{`}} $labels.device {{`}}`}} of node-exporter {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}} will be full within the next 2 hours. + expr: '(node:node_filesystem_usage: > 0.85) and (predict_linear(node:node_filesystem_avail:[30m], 3600 * 2) < 0)' + for: 10m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-prometheus-node-recording.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-prometheus-node-recording.rules.yaml new file mode 100755 index 000000000..87f072fd0 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-prometheus-node-recording.rules.yaml @@ -0,0 +1,41 @@ +{{- /* +Generated from 'kube-prometheus-node-recording.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubePrometheusNodeRecording }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-prometheus-node-recording.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kube-prometheus-node-recording.rules + rules: + - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait"}[3m])) BY (instance) + record: instance:node_cpu:rate:sum + - expr: sum((node_filesystem_size_bytes{mountpoint="/"} - node_filesystem_free_bytes{mountpoint="/"})) BY (instance) + record: instance:node_filesystem_usage:sum + - expr: sum(rate(node_network_receive_bytes_total[3m])) BY (instance) + record: instance:node_network_receive_bytes:rate:sum + - expr: sum(rate(node_network_transmit_bytes_total[3m])) BY (instance) + record: instance:node_network_transmit_bytes:rate:sum + - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait"}[5m])) WITHOUT (cpu, mode) / ON(instance) GROUP_LEFT() count(sum(node_cpu_seconds_total) BY (instance, cpu)) BY (instance) + record: instance:node_cpu:ratio + - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait"}[5m])) + record: cluster:node_cpu:sum_rate5m + - expr: cluster:node_cpu_seconds_total:rate5m / count(sum(node_cpu_seconds_total) BY (instance, cpu)) + record: cluster:node_cpu:ratio +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-scheduler.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-scheduler.rules.yaml new file mode 100755 index 000000000..e8de8ed6e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-scheduler.rules.yaml @@ -0,0 +1,65 @@ +{{- /* +Generated from 'kube-scheduler.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubeScheduler }} +{{- if (include "exporter.kubeScheduler.enabled" .)}} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-scheduler.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kube-scheduler.rules + rules: + - expr: histogram_quantile(0.99, sum(rate(scheduler_e2e_scheduling_latency_microseconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) / 1e+06 + labels: + quantile: '0.99' + record: cluster_quantile:scheduler_e2e_scheduling_latency:histogram_quantile + - expr: histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_latency_microseconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) / 1e+06 + labels: + quantile: '0.99' + record: cluster_quantile:scheduler_scheduling_algorithm_latency:histogram_quantile + - expr: histogram_quantile(0.99, sum(rate(scheduler_binding_latency_microseconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) / 1e+06 + labels: + quantile: '0.99' + record: cluster_quantile:scheduler_binding_latency:histogram_quantile + - expr: histogram_quantile(0.9, sum(rate(scheduler_e2e_scheduling_latency_microseconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) / 1e+06 + labels: + quantile: '0.9' + record: cluster_quantile:scheduler_e2e_scheduling_latency:histogram_quantile + - expr: histogram_quantile(0.9, sum(rate(scheduler_scheduling_algorithm_latency_microseconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) / 1e+06 + labels: + quantile: '0.9' + record: cluster_quantile:scheduler_scheduling_algorithm_latency:histogram_quantile + - expr: histogram_quantile(0.9, sum(rate(scheduler_binding_latency_microseconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) / 1e+06 + labels: + quantile: '0.9' + record: cluster_quantile:scheduler_binding_latency:histogram_quantile + - expr: histogram_quantile(0.5, sum(rate(scheduler_e2e_scheduling_latency_microseconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) / 1e+06 + labels: + quantile: '0.5' + record: cluster_quantile:scheduler_e2e_scheduling_latency:histogram_quantile + - expr: histogram_quantile(0.5, sum(rate(scheduler_scheduling_algorithm_latency_microseconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) / 1e+06 + labels: + quantile: '0.5' + record: cluster_quantile:scheduler_scheduling_algorithm_latency:histogram_quantile + - expr: histogram_quantile(0.5, sum(rate(scheduler_binding_latency_microseconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) / 1e+06 + labels: + quantile: '0.5' + record: cluster_quantile:scheduler_binding_latency:histogram_quantile +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-absent.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-absent.yaml new file mode 100755 index 000000000..85d27cc77 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-absent.yaml @@ -0,0 +1,159 @@ +{{- /* +Generated from 'kubernetes-absent' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesAbsent }} +{{- $operatorJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "operator" }} +{{- $prometheusJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" }} +{{- $alertmanagerJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager" }} +{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-absent" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-absent + rules: +{{- if .Values.alertmanager.enabled }} + - alert: AlertmanagerDown + annotations: + message: Alertmanager has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-alertmanagerdown + expr: absent(up{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- if .Values.kubeDns.enabled }} + - alert: CoreDNSDown + annotations: + message: CoreDNS has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-corednsdown + expr: absent(up{job="kube-dns"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- if .Values.kubeApiServer.enabled }} + - alert: KubeAPIDown + annotations: + message: KubeAPI has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapidown + expr: absent(up{job="apiserver"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- if (include "exporter.kubeControllerManager.enabled" .)}} + - alert: KubeControllerManagerDown + annotations: + message: KubeControllerManager has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubecontrollermanagerdown + expr: absent(up{job="{{ include "exporter.kubeControllerManager.jobName" . }}"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- if (include "exporter.kubeScheduler.enabled" .)}} + - alert: KubeSchedulerDown + annotations: + message: KubeScheduler has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeschedulerdown + expr: absent(up{job="{{ include "exporter.kubeScheduler.jobName" . }}"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- if .Values.kubeStateMetrics.enabled }} + - alert: KubeStateMetricsDown + annotations: + message: KubeStateMetrics has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatemetricsdown + expr: absent(up{job="kube-state-metrics"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- if .Values.prometheusOperator.kubeletService.enabled }} + - alert: KubeletDown + annotations: + message: Kubelet has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletdown + expr: absent(up{job="kubelet"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- if .Values.nodeExporter.enabled }} + - alert: NodeExporterDown + annotations: + message: NodeExporter has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodeexporterdown + expr: absent(up{job="node-exporter"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} + - alert: PrometheusDown + annotations: + message: Prometheus has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusdown + expr: absent(up{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- if .Values.prometheusOperator.enabled }} + - alert: PrometheusOperatorDown + annotations: + message: PrometheusOperator has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatordown + expr: absent(up{job="{{ $operatorJob }}",namespace="{{ $namespace }}"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-apps.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-apps.yaml new file mode 100755 index 000000000..e7a41ca2a --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-apps.yaml @@ -0,0 +1,200 @@ +{{- /* +Generated from 'kubernetes-apps' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesApps }} +{{- $targetNamespace := .Values.defaultRules.appNamespacesTarget }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-apps" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-apps + rules: + - alert: KubePodCrashLooping + annotations: + message: Pod {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}} ({{`{{`}} $labels.container {{`}}`}}) is restarting {{`{{`}} printf "%.2f" $value {{`}}`}} times / 5 minutes. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepodcrashlooping + expr: rate(kube_pod_container_status_restarts_total{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[15m]) * 60 * 5 > 0 + for: 1h + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubePodNotReady + annotations: + message: Pod {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}} has been in a non-ready state for longer than an hour. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepodnotready + expr: sum by (namespace, pod) (kube_pod_status_phase{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}", phase=~"Pending|Unknown"}) > 0 + for: 1h + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeDeploymentGenerationMismatch + annotations: + message: Deployment generation for {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.deployment {{`}}`}} does not match, this indicates that the Deployment has failed but has not been rolled back. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedeploymentgenerationmismatch + expr: |- + kube_deployment_status_observed_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_deployment_metadata_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeDeploymentReplicasMismatch + annotations: + message: Deployment {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.deployment {{`}}`}} has not matched the expected number of replicas for longer than an hour. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedeploymentreplicasmismatch + expr: |- + kube_deployment_spec_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_deployment_status_replicas_available{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + for: 1h + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeStatefulSetReplicasMismatch + annotations: + message: StatefulSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.statefulset {{`}}`}} has not matched the expected number of replicas for longer than 15 minutes. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatefulsetreplicasmismatch + expr: |- + kube_statefulset_status_replicas_ready{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_statefulset_status_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeStatefulSetGenerationMismatch + annotations: + message: StatefulSet generation for {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.statefulset {{`}}`}} does not match, this indicates that the StatefulSet has failed but has not been rolled back. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatefulsetgenerationmismatch + expr: |- + kube_statefulset_status_observed_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_statefulset_metadata_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeStatefulSetUpdateNotRolledOut + annotations: + message: StatefulSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.statefulset {{`}}`}} update has not been rolled out. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatefulsetupdatenotrolledout + expr: |- + max without (revision) ( + kube_statefulset_status_current_revision{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + unless + kube_statefulset_status_update_revision{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + ) + * + ( + kube_statefulset_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_statefulset_status_replicas_updated{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + ) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeDaemonSetRolloutStuck + annotations: + message: Only {{`{{`}} $value {{`}}`}}% of the desired Pods of DaemonSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.daemonset {{`}}`}} are scheduled and ready. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedaemonsetrolloutstuck + expr: |- + kube_daemonset_status_number_ready{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + / + kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} * 100 < 100 + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeDaemonSetNotScheduled + annotations: + message: '{{`{{`}} $value {{`}}`}} Pods of DaemonSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.daemonset {{`}}`}} are not scheduled.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedaemonsetnotscheduled + expr: |- + kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + - + kube_daemonset_status_current_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeDaemonSetMisScheduled + annotations: + message: '{{`{{`}} $value {{`}}`}} Pods of DaemonSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.daemonset {{`}}`}} are running where they are not supposed to run.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedaemonsetmisscheduled + expr: kube_daemonset_status_number_misscheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeCronJobRunning + annotations: + message: CronJob {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.cronjob {{`}}`}} is taking more than 1h to complete. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubecronjobrunning + expr: time() - kube_cronjob_next_schedule_time{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 3600 + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeJobCompletion + annotations: + message: Job {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.job_name {{`}}`}} is taking more than one hour to complete. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubejobcompletion + expr: kube_job_spec_completions{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - kube_job_status_succeeded{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0 + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeJobFailed + annotations: + message: Job {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.job_name {{`}}`}} failed to complete. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubejobfailed + expr: kube_job_status_failed{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0 + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-resources.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-resources.yaml new file mode 100755 index 000000000..b34b442f3 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-resources.yaml @@ -0,0 +1,121 @@ +{{- /* +Generated from 'kubernetes-resources' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesResources }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-resources" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-resources + rules: + - alert: KubeCPUOvercommit + annotations: + message: Cluster has overcommitted CPU resource requests for Pods and cannot tolerate node failure. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubecpuovercommit + expr: |- + sum(namespace_name:kube_pod_container_resource_requests_cpu_cores:sum) + / + sum(node:node_num_cpu:sum) + > + (count(node:node_num_cpu:sum)-1) / count(node:node_num_cpu:sum) + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeMemOvercommit + annotations: + message: Cluster has overcommitted memory resource requests for Pods and cannot tolerate node failure. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubememovercommit + expr: |- + sum(namespace_name:kube_pod_container_resource_requests_memory_bytes:sum) + / + sum(node_memory_MemTotal_bytes) + > + (count(node:node_num_cpu:sum)-1) + / + count(node:node_num_cpu:sum) + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeCPUOvercommit + annotations: + message: Cluster has overcommitted CPU resource requests for Namespaces. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubecpuovercommit + expr: |- + sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="cpu"}) + / + sum(node:node_num_cpu:sum) + > 1.5 + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeMemOvercommit + annotations: + message: Cluster has overcommitted memory resource requests for Namespaces. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubememovercommit + expr: |- + sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="memory"}) + / + sum(node_memory_MemTotal_bytes{job="node-exporter"}) + > 1.5 + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeQuotaExceeded + annotations: + message: Namespace {{`{{`}} $labels.namespace {{`}}`}} is using {{`{{`}} printf "%0.0f" $value {{`}}`}}% of its {{`{{`}} $labels.resource {{`}}`}} quota. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubequotaexceeded + expr: |- + 100 * kube_resourcequota{job="kube-state-metrics", type="used"} + / ignoring(instance, job, type) + (kube_resourcequota{job="kube-state-metrics", type="hard"} > 0) + > 90 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: CPUThrottlingHigh + annotations: + message: '{{`{{`}} printf "%0.0f" $value {{`}}`}}% throttling of CPU in namespace {{`{{`}} $labels.namespace {{`}}`}} for container {{`{{`}} $labels.container_name {{`}}`}} in pod {{`{{`}} $labels.pod_name {{`}}`}}.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-cputhrottlinghigh + expr: |- + 100 * sum(increase(container_cpu_cfs_throttled_periods_total{container_name!="", }[5m])) by (container_name, pod_name, namespace) + / + sum(increase(container_cpu_cfs_periods_total{}[5m])) by (container_name, pod_name, namespace) + > 25 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-storage.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-storage.yaml new file mode 100755 index 000000000..6469fffc5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-storage.yaml @@ -0,0 +1,72 @@ +{{- /* +Generated from 'kubernetes-storage' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesStorage }} +{{- $targetNamespace := .Values.defaultRules.appNamespacesTarget }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-storage" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-storage + rules: + - alert: KubePersistentVolumeUsageCritical + annotations: + message: The PersistentVolume claimed by {{`{{`}} $labels.persistentvolumeclaim {{`}}`}} in Namespace {{`{{`}} $labels.namespace {{`}}`}} is only {{`{{`}} printf "%0.2f" $value {{`}}`}}% free. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepersistentvolumeusagecritical + expr: |- + 100 * kubelet_volume_stats_available_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}"} + / + kubelet_volume_stats_capacity_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}"} + < 3 + for: 1m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubePersistentVolumeFullInFourDays + annotations: + message: Based on recent sampling, the PersistentVolume claimed by {{`{{`}} $labels.persistentvolumeclaim {{`}}`}} in Namespace {{`{{`}} $labels.namespace {{`}}`}} is expected to fill up within four days. Currently {{`{{`}} printf "%0.2f" $value {{`}}`}}% is available. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepersistentvolumefullinfourdays + expr: |- + 100 * ( + kubelet_volume_stats_available_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}"} + / + kubelet_volume_stats_capacity_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}"} + ) < 15 + and + predict_linear(kubelet_volume_stats_available_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}"}[6h], 4 * 24 * 3600) < 0 + for: 5m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubePersistentVolumeErrors + annotations: + message: The persistent volume {{`{{`}} $labels.persistentvolume {{`}}`}} has status {{`{{`}} $labels.phase {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepersistentvolumeerrors + expr: kube_persistentvolume_status_phase{phase=~"Failed|Pending",job="kube-state-metrics"} > 0 + for: 5m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-system.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-system.yaml new file mode 100755 index 000000000..da232057b --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-system.yaml @@ -0,0 +1,184 @@ +{{- /* +Generated from 'kubernetes-system' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesSystem }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-system + rules: + - alert: KubeNodeNotReady + annotations: + message: '{{`{{`}} $labels.node {{`}}`}} has been unready for more than an hour.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubenodenotready + expr: kube_node_status_condition{job="kube-state-metrics",condition="Ready",status="true"} == 0 + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeVersionMismatch + annotations: + message: There are {{`{{`}} $value {{`}}`}} different semantic versions of Kubernetes components running. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeversionmismatch + expr: count(count by (gitVersion) (label_replace(kubernetes_build_info{job!~"kube-dns|coredns"},"gitVersion","$1","gitVersion","(v[0-9]*.[0-9]*.[0-9]*).*"))) > 1 + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeClientErrors + annotations: + message: Kubernetes API server client '{{`{{`}} $labels.job {{`}}`}}/{{`{{`}} $labels.instance {{`}}`}}' is experiencing {{`{{`}} printf "%0.0f" $value {{`}}`}}% errors.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeclienterrors + expr: |- + (sum(rate(rest_client_requests_total{code=~"5.."}[5m])) by (instance, job) + / + sum(rate(rest_client_requests_total[5m])) by (instance, job)) + * 100 > 1 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeClientErrors + annotations: + message: Kubernetes API server client '{{`{{`}} $labels.job {{`}}`}}/{{`{{`}} $labels.instance {{`}}`}}' is experiencing {{`{{`}} printf "%0.0f" $value {{`}}`}} errors / second. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeclienterrors + expr: sum(rate(ksm_scrape_error_total{job="kube-state-metrics"}[5m])) by (instance, job) > 0.1 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletTooManyPods + annotations: + message: Kubelet {{`{{`}} $labels.instance {{`}}`}} is running {{`{{`}} $value {{`}}`}} Pods, close to the limit of 110. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubelettoomanypods + expr: kubelet_running_pod_count{job="kubelet"} > 110 * 0.9 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeAPILatencyHigh + annotations: + message: The API server has a 99th percentile latency of {{`{{`}} $value {{`}}`}} seconds for {{`{{`}} $labels.verb {{`}}`}} {{`{{`}} $labels.resource {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapilatencyhigh + expr: cluster_quantile:apiserver_request_latencies:histogram_quantile{job="apiserver",quantile="0.99",subresource!="log",verb!~"^(?:LIST|WATCH|WATCHLIST|PROXY|CONNECT)$"} > 1 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeAPILatencyHigh + annotations: + message: The API server has a 99th percentile latency of {{`{{`}} $value {{`}}`}} seconds for {{`{{`}} $labels.verb {{`}}`}} {{`{{`}} $labels.resource {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapilatencyhigh + expr: cluster_quantile:apiserver_request_latencies:histogram_quantile{job="apiserver",quantile="0.99",subresource!="log",verb!~"^(?:LIST|WATCH|WATCHLIST|PROXY|CONNECT)$"} > 4 + for: 10m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeAPIErrorsHigh + annotations: + message: API server is returning errors for {{`{{`}} $value {{`}}`}}% of requests. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapierrorshigh + expr: |- + sum(rate(apiserver_request_count{job="apiserver",code=~"^(?:5..)$"}[5m])) + / + sum(rate(apiserver_request_count{job="apiserver"}[5m])) * 100 > 3 + for: 10m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeAPIErrorsHigh + annotations: + message: API server is returning errors for {{`{{`}} $value {{`}}`}}% of requests. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapierrorshigh + expr: |- + sum(rate(apiserver_request_count{job="apiserver",code=~"^(?:5..)$"}[5m])) + / + sum(rate(apiserver_request_count{job="apiserver"}[5m])) * 100 > 1 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeAPIErrorsHigh + annotations: + message: API server is returning errors for {{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.verb {{`}}`}} {{`{{`}} $labels.resource {{`}}`}} {{`{{`}} $labels.subresource {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapierrorshigh + expr: |- + sum(rate(apiserver_request_count{job="apiserver",code=~"^(?:5..)$"}[5m])) by (resource,subresource,verb) + / + sum(rate(apiserver_request_count{job="apiserver"}[5m])) by (resource,subresource,verb) * 100 > 10 + for: 10m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeAPIErrorsHigh + annotations: + message: API server is returning errors for {{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.verb {{`}}`}} {{`{{`}} $labels.resource {{`}}`}} {{`{{`}} $labels.subresource {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapierrorshigh + expr: |- + sum(rate(apiserver_request_count{job="apiserver",code=~"^(?:5..)$"}[5m])) by (resource,subresource,verb) + / + sum(rate(apiserver_request_count{job="apiserver"}[5m])) by (resource,subresource,verb) * 100 > 5 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeClientCertificateExpiration + annotations: + message: A client certificate used to authenticate to the apiserver is expiring in less than 7.0 days. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeclientcertificateexpiration + expr: apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and histogram_quantile(0.01, sum by (job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 604800 + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeClientCertificateExpiration + annotations: + message: A client certificate used to authenticate to the apiserver is expiring in less than 24.0 hours. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeclientcertificateexpiration + expr: apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and histogram_quantile(0.01, sum by (job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 86400 + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/node-network.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/node-network.yaml new file mode 100755 index 000000000..c75f1ae07 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/node-network.yaml @@ -0,0 +1,57 @@ +{{- /* +Generated from 'node-network' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.network }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node-network" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: node-network + rules: + - alert: NetworkReceiveErrors + annotations: + message: Network interface "{{`{{`}} $labels.device {{`}}`}}" showing receive errors on node-exporter {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}}" + expr: rate(node_network_receive_errs_total{job="node-exporter",device!~"veth.+"}[2m]) > 0 + for: 2m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NetworkTransmitErrors + annotations: + message: Network interface "{{`{{`}} $labels.device {{`}}`}}" showing transmit errors on node-exporter {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}}" + expr: rate(node_network_transmit_errs_total{job="node-exporter",device!~"veth.+"}[2m]) > 0 + for: 2m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeNetworkInterfaceFlapping + annotations: + message: Network interface "{{`{{`}} $labels.device {{`}}`}}" changing it's up status often on node-exporter {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}}" + expr: changes(node_network_up{job="node-exporter",device!~"veth.+"}[2m]) > 2 + for: 2m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/node-time.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/node-time.yaml new file mode 100755 index 000000000..b7a2fc92f --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/node-time.yaml @@ -0,0 +1,37 @@ +{{- /* +Generated from 'node-time' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.time }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node-time" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: node-time + rules: + - alert: ClockSkewDetected + annotations: + message: Clock skew detected on node-exporter {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}}. Ensure NTP is configured correctly on this host. + expr: abs(node_timex_offset_seconds{job="node-exporter"}) > 0.03 + for: 2m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/node.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/node.rules.yaml new file mode 100755 index 000000000..2bc7af3a9 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/node.rules.yaml @@ -0,0 +1,202 @@ +{{- /* +Generated from 'node.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.node }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: node.rules + rules: + - expr: sum(min(kube_pod_info) by (node)) + record: ':kube_pod_info_node_count:' + - expr: max(label_replace(kube_pod_info{job="kube-state-metrics"}, "pod", "$1", "pod", "(.*)")) by (node, namespace, pod) + record: 'node_namespace_pod:kube_pod_info:' + - expr: |- + count by (node) (sum by (node, cpu) ( + node_cpu_seconds_total{job="node-exporter"} + * on (namespace, pod) group_left(node) + node_namespace_pod:kube_pod_info: + )) + record: node:node_num_cpu:sum + - expr: 1 - avg(rate(node_cpu_seconds_total{job="node-exporter",mode="idle"}[1m])) + record: :node_cpu_utilisation:avg1m + - expr: |- + 1 - avg by (node) ( + rate(node_cpu_seconds_total{job="node-exporter",mode="idle"}[1m]) + * on (namespace, pod) group_left(node) + node_namespace_pod:kube_pod_info:) + record: node:node_cpu_utilisation:avg1m + - expr: |- + node:node_cpu_utilisation:avg1m + * + node:node_num_cpu:sum + / + scalar(sum(node:node_num_cpu:sum)) + record: node:cluster_cpu_utilisation:ratio + - expr: |- + sum(node_load1{job="node-exporter"}) + / + sum(node:node_num_cpu:sum) + record: ':node_cpu_saturation_load1:' + - expr: |- + sum by (node) ( + node_load1{job="node-exporter"} + * on (namespace, pod) group_left(node) + node_namespace_pod:kube_pod_info: + ) + / + node:node_num_cpu:sum + record: 'node:node_cpu_saturation_load1:' + - expr: |- + 1 - + sum(node_memory_MemFree_bytes{job="node-exporter"} + node_memory_Cached_bytes{job="node-exporter"} + node_memory_Buffers_bytes{job="node-exporter"}) + / + sum(node_memory_MemTotal_bytes{job="node-exporter"}) + record: ':node_memory_utilisation:' + - expr: sum(node_memory_MemFree_bytes{job="node-exporter"} + node_memory_Cached_bytes{job="node-exporter"} + node_memory_Buffers_bytes{job="node-exporter"}) + record: :node_memory_MemFreeCachedBuffers_bytes:sum + - expr: sum(node_memory_MemTotal_bytes{job="node-exporter"}) + record: :node_memory_MemTotal_bytes:sum + - expr: |- + sum by (node) ( + (node_memory_MemFree_bytes{job="node-exporter"} + node_memory_Cached_bytes{job="node-exporter"} + node_memory_Buffers_bytes{job="node-exporter"}) + * on (namespace, pod) group_left(node) + node_namespace_pod:kube_pod_info: + ) + record: node:node_memory_bytes_available:sum + - expr: |- + sum by (node) ( + node_memory_MemTotal_bytes{job="node-exporter"} + * on (namespace, pod) group_left(node) + node_namespace_pod:kube_pod_info: + ) + record: node:node_memory_bytes_total:sum + - expr: |- + (node:node_memory_bytes_total:sum - node:node_memory_bytes_available:sum) + / + node:node_memory_bytes_total:sum + record: node:node_memory_utilisation:ratio + - expr: |- + (node:node_memory_bytes_total:sum - node:node_memory_bytes_available:sum) + / + scalar(sum(node:node_memory_bytes_total:sum)) + record: node:cluster_memory_utilisation:ratio + - expr: |- + 1e3 * sum( + (rate(node_vmstat_pgpgin{job="node-exporter"}[1m]) + + rate(node_vmstat_pgpgout{job="node-exporter"}[1m])) + ) + record: :node_memory_swap_io_bytes:sum_rate + - expr: |- + 1 - + sum by (node) ( + (node_memory_MemFree_bytes{job="node-exporter"} + node_memory_Cached_bytes{job="node-exporter"} + node_memory_Buffers_bytes{job="node-exporter"}) + * on (namespace, pod) group_left(node) + node_namespace_pod:kube_pod_info: + ) + / + sum by (node) ( + node_memory_MemTotal_bytes{job="node-exporter"} + * on (namespace, pod) group_left(node) + node_namespace_pod:kube_pod_info: + ) + record: 'node:node_memory_utilisation:' + - expr: 1 - (node:node_memory_bytes_available:sum / node:node_memory_bytes_total:sum) + record: 'node:node_memory_utilisation_2:' + - expr: |- + 1e3 * sum by (node) ( + (rate(node_vmstat_pgpgin{job="node-exporter"}[1m]) + + rate(node_vmstat_pgpgout{job="node-exporter"}[1m])) + * on (namespace, pod) group_left(node) + node_namespace_pod:kube_pod_info: + ) + record: node:node_memory_swap_io_bytes:sum_rate + - expr: avg(irate(node_disk_io_time_seconds_total{job="node-exporter",device=~"nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+"}[1m])) + record: :node_disk_utilisation:avg_irate + - expr: |- + avg by (node) ( + irate(node_disk_io_time_seconds_total{job="node-exporter",device=~"nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+"}[1m]) + * on (namespace, pod) group_left(node) + node_namespace_pod:kube_pod_info: + ) + record: node:node_disk_utilisation:avg_irate + - expr: avg(irate(node_disk_io_time_weighted_seconds_total{job="node-exporter",device=~"nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+"}[1m])) + record: :node_disk_saturation:avg_irate + - expr: |- + avg by (node) ( + irate(node_disk_io_time_weighted_seconds_total{job="node-exporter",device=~"nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+"}[1m]) + * on (namespace, pod) group_left(node) + node_namespace_pod:kube_pod_info: + ) + record: node:node_disk_saturation:avg_irate + - expr: |- + max by (instance, namespace, pod, device) ((node_filesystem_size_bytes{fstype=~"ext[234]|btrfs|xfs|zfs"} + - node_filesystem_avail_bytes{fstype=~"ext[234]|btrfs|xfs|zfs"}) + / node_filesystem_size_bytes{fstype=~"ext[234]|btrfs|xfs|zfs"}) + record: 'node:node_filesystem_usage:' + - expr: max by (instance, namespace, pod, device) (node_filesystem_avail_bytes{fstype=~"ext[234]|btrfs|xfs|zfs"} / node_filesystem_size_bytes{fstype=~"ext[234]|btrfs|xfs|zfs"}) + record: 'node:node_filesystem_avail:' + - expr: |- + sum(irate(node_network_receive_bytes_total{job="node-exporter",device!~"veth.+"}[1m])) + + sum(irate(node_network_transmit_bytes_total{job="node-exporter",device!~"veth.+"}[1m])) + record: :node_net_utilisation:sum_irate + - expr: |- + sum by (node) ( + (irate(node_network_receive_bytes_total{job="node-exporter",device!~"veth.+"}[1m]) + + irate(node_network_transmit_bytes_total{job="node-exporter",device!~"veth.+"}[1m])) + * on (namespace, pod) group_left(node) + node_namespace_pod:kube_pod_info: + ) + record: node:node_net_utilisation:sum_irate + - expr: |- + sum(irate(node_network_receive_drop_total{job="node-exporter",device!~"veth.+"}[1m])) + + sum(irate(node_network_transmit_drop_total{job="node-exporter",device!~"veth.+"}[1m])) + record: :node_net_saturation:sum_irate + - expr: |- + sum by (node) ( + (irate(node_network_receive_drop_total{job="node-exporter",device!~"veth.+"}[1m]) + + irate(node_network_transmit_drop_total{job="node-exporter",device!~"veth.+"}[1m])) + * on (namespace, pod) group_left(node) + node_namespace_pod:kube_pod_info: + ) + record: node:node_net_saturation:sum_irate + - expr: |- + max( + max( + kube_pod_info{job="kube-state-metrics", host_ip!=""} + ) by (node, host_ip) + * on (host_ip) group_right (node) + label_replace( + (max(node_filesystem_files{job="node-exporter", mountpoint="/"}) by (instance)), "host_ip", "$1", "instance", "(.*):.*" + ) + ) by (node) + record: 'node:node_inodes_total:' + - expr: |- + max( + max( + kube_pod_info{job="kube-state-metrics", host_ip!=""} + ) by (node, host_ip) + * on (host_ip) group_right (node) + label_replace( + (max(node_filesystem_files_free{job="node-exporter", mountpoint="/"}) by (instance)), "host_ip", "$1", "instance", "(.*):.*" + ) + ) by (node) + record: 'node:node_inodes_free:' +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/prometheus-operator.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/prometheus-operator.yaml new file mode 100755 index 000000000..a8a8915b6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/prometheus-operator.yaml @@ -0,0 +1,49 @@ +{{- /* +Generated from 'prometheus-operator' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.prometheusOperator }} +{{- $operatorJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "operator" }} +{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus-operator" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: prometheus-operator + rules: + - alert: PrometheusOperatorReconcileErrors + annotations: + message: Errors while reconciling {{`{{`}} $labels.controller {{`}}`}} in {{`{{`}} $labels.namespace {{`}}`}} Namespace. + expr: rate(prometheus_operator_reconcile_errors_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) > 0.1 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusOperatorNodeLookupErrors + annotations: + message: Errors while reconciling Prometheus in {{`{{`}} $labels.namespace {{`}}`}} Namespace. + expr: rate(prometheus_operator_node_address_lookup_errors_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) > 0.1 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/prometheus.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/prometheus.rules.yaml new file mode 100755 index 000000000..0480c83b5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/prometheus.rules.yaml @@ -0,0 +1,139 @@ +{{- /* +Generated from 'prometheus.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.prometheus }} +{{- $prometheusJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" }} +{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: prometheus.rules + rules: + - alert: PrometheusConfigReloadFailed + annotations: + description: Reloading Prometheus' configuration has failed for {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} + summary: Reloading Prometheus' configuration failed + expr: prometheus_config_last_reload_successful{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"} == 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusNotificationQueueRunningFull + annotations: + description: Prometheus' alert notification queue is running full for {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}} $labels.pod{{`}}`}} + summary: Prometheus' alert notification queue is running full + expr: predict_linear(prometheus_notifications_queue_length{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m], 60 * 30) > prometheus_notifications_queue_capacity{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"} + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusErrorSendingAlerts + annotations: + description: Errors while sending alerts from Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}} $labels.pod{{`}}`}} to Alertmanager {{`{{`}}$labels.Alertmanager{{`}}`}} + summary: Errors while sending alert from Prometheus + expr: rate(prometheus_notifications_errors_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) / rate(prometheus_notifications_sent_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0.01 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusErrorSendingAlerts + annotations: + description: Errors while sending alerts from Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}} $labels.pod{{`}}`}} to Alertmanager {{`{{`}}$labels.Alertmanager{{`}}`}} + summary: Errors while sending alerts from Prometheus + expr: rate(prometheus_notifications_errors_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) / rate(prometheus_notifications_sent_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0.03 + for: 10m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusNotConnectedToAlertmanagers + annotations: + description: Prometheus {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod{{`}}`}} is not connected to any Alertmanagers + summary: Prometheus is not connected to any Alertmanagers + expr: prometheus_notifications_alertmanagers_discovered{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"} < 1 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusTSDBReloadsFailing + annotations: + description: '{{`{{`}}$labels.job{{`}}`}} at {{`{{`}}$labels.instance{{`}}`}} had {{`{{`}}$value | humanize{{`}}`}} reload failures over the last four hours.' + summary: Prometheus has issues reloading data blocks from disk + expr: increase(prometheus_tsdb_reloads_failures_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[2h]) > 0 + for: 12h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusTSDBCompactionsFailing + annotations: + description: '{{`{{`}}$labels.job{{`}}`}} at {{`{{`}}$labels.instance{{`}}`}} had {{`{{`}}$value | humanize{{`}}`}} compaction failures over the last four hours.' + summary: Prometheus has issues compacting sample blocks + expr: increase(prometheus_tsdb_compactions_failed_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[2h]) > 0 + for: 12h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusTSDBWALCorruptions + annotations: + description: '{{`{{`}}$labels.job{{`}}`}} at {{`{{`}}$labels.instance{{`}}`}} has a corrupted write-ahead log (WAL).' + summary: Prometheus write-ahead log is corrupted + expr: prometheus_tsdb_wal_corruptions_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"} > 0 + for: 4h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusNotIngestingSamples + annotations: + description: Prometheus {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod{{`}}`}} isn't ingesting samples. + summary: Prometheus isn't ingesting samples + expr: rate(prometheus_tsdb_head_samples_appended_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) <= 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusTargetScrapesDuplicate + annotations: + description: '{{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has many samples rejected due to duplicate timestamps but different values' + summary: Prometheus has many samples rejected + expr: increase(prometheus_target_scrapes_sample_duplicate_timestamp_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/service.yaml new file mode 100755 index 000000000..8676b81ea --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/service.yaml @@ -0,0 +1,60 @@ +{{- if .Values.prometheus.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus + self-monitor: {{ .Values.prometheus.serviceMonitor.selfMonitor | quote }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.prometheus.service.labels }} +{{ toYaml .Values.prometheus.service.labels | indent 4 }} +{{- end }} +{{- if .Values.prometheus.service.annotations }} + annotations: +{{ toYaml .Values.prometheus.service.annotations | indent 4 }} +{{- end }} +spec: +{{- if .Values.prometheus.service.clusterIP }} + clusterIP: {{ .Values.prometheus.service.clusterIP }} +{{- end }} +{{- if .Values.prometheus.service.externalIPs }} + externalIPs: +{{ toYaml .Values.prometheus.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.prometheus.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.prometheus.service.loadBalancerIP }} +{{- end }} +{{- if .Values.prometheus.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.prometheus.service.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} +{{- end }} + ports: + - name: {{ .Values.prometheus.prometheusSpec.portName }} + {{- if eq .Values.prometheus.service.type "NodePort" }} + nodePort: {{ .Values.prometheus.service.nodePort }} + {{- end }} + port: {{ .Values.prometheus.service.port }} + targetPort: {{ .Values.prometheus.service.targetPort }} + {{- if .Values.prometheus.thanosIngress.enabled }} + - name: grpc + {{- if eq .Values.prometheus.service.type "NodePort" }} + nodePort: {{ .Values.prometheus.thanosIngress.nodePort }} + {{- end }} + port: {{ .Values.prometheus.thanosIngress.servicePort }} + targetPort: {{ .Values.prometheus.thanosIngress.servicePort }} + {{- end }} +{{- if .Values.prometheus.service.additionalPorts }} +{{ toYaml .Values.prometheus.service.additionalPorts | indent 2 }} +{{- end }} + selector: + app: prometheus + prometheus: {{ template "kube-prometheus-stack.fullname" . }}-prometheus +{{- if .Values.prometheus.service.sessionAffinity }} + sessionAffinity: {{ .Values.prometheus.service.sessionAffinity }} +{{- end }} + type: "{{ .Values.prometheus.service.type }}" +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/serviceThanosSidecar.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/serviceThanosSidecar.yaml new file mode 100755 index 000000000..7c33379cb --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/serviceThanosSidecar.yaml @@ -0,0 +1,30 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.thanosService.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-discovery + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-thanos-discovery +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.prometheus.thanosService.labels }} +{{ toYaml .Values.prometheus.thanosService.labels | indent 4 }} +{{- end }} +{{- if .Values.prometheus.thanosService.annotations }} + annotations: +{{ toYaml .Values.prometheus.thanosService.annotations | indent 4 }} +{{- end }} +spec: + type: {{ .Values.prometheus.thanosService.type }} + clusterIP: {{ .Values.prometheus.thanosService.clusterIP }} + ports: + - name: {{ .Values.prometheus.thanosService.portName }} + port: {{ .Values.prometheus.thanosService.port }} + targetPort: {{ .Values.prometheus.thanosService.targetPort }} + {{- if eq .Values.prometheus.thanosService.type "NodePort" }} + nodePort: {{ .Values.prometheus.thanosService.nodePort }} + {{- end }} + selector: + app: prometheus + prometheus: {{ template "kube-prometheus-stack.fullname" . }}-prometheus +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/serviceaccount.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/serviceaccount.yaml new file mode 100755 index 000000000..862d5f8e4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kube-prometheus-stack.prometheus.serviceAccountName" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.prometheus.serviceAccount.annotations }} + annotations: +{{ toYaml .Values.prometheus.serviceAccount.annotations | indent 4 }} +{{- end }} +imagePullSecrets: +{{ toYaml .Values.global.imagePullSecrets | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/servicemonitor.yaml new file mode 100755 index 000000000..356c013ff --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/servicemonitor.yaml @@ -0,0 +1,42 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.serviceMonitor.selfMonitor }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus + release: {{ $.Release.Name | quote }} + self-monitor: "true" + namespaceSelector: + matchNames: + - {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }} + endpoints: + - port: {{ .Values.prometheus.prometheusSpec.portName }} + {{- if .Values.prometheus.serviceMonitor.interval }} + interval: {{ .Values.prometheus.serviceMonitor.interval }} + {{- end }} + {{- if .Values.prometheus.serviceMonitor.scheme }} + scheme: {{ .Values.prometheus.serviceMonitor.scheme }} + {{- end }} + {{- if .Values.prometheus.serviceMonitor.tlsConfig }} + tlsConfig: {{ toYaml .Values.prometheus.serviceMonitor.tlsConfig | nindent 6 }} + {{- end }} + {{- if .Values.prometheus.serviceMonitor.bearerTokenFile }} + bearerTokenFile: {{ .Values.prometheus.serviceMonitor.bearerTokenFile }} + {{- end }} + path: "{{ trimSuffix "/" .Values.prometheus.prometheusSpec.routePrefix }}/metrics" +{{- if .Values.prometheus.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.prometheus.serviceMonitor.metricRelabelings | indent 6) . }} +{{- end }} +{{- if .Values.prometheus.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.prometheus.serviceMonitor.relabelings | indent 6 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/servicemonitors.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/servicemonitors.yaml new file mode 100755 index 000000000..a78d1cd00 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/servicemonitors.yaml @@ -0,0 +1,38 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.additionalServiceMonitors }} +apiVersion: v1 +kind: List +items: +{{- range .Values.prometheus.additionalServiceMonitors }} + - apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + metadata: + name: {{ .name }} + namespace: {{ template "kube-prometheus-stack.namespace" $ }} + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-prometheus +{{ include "kube-prometheus-stack.labels" $ | indent 8 }} + {{- if .additionalLabels }} +{{ toYaml .additionalLabels | indent 8 }} + {{- end }} + spec: + endpoints: +{{ toYaml .endpoints | indent 8 }} + {{- if .jobLabel }} + jobLabel: {{ .jobLabel }} + {{- end }} + {{- if .namespaceSelector }} + namespaceSelector: +{{ toYaml .namespaceSelector | indent 8 }} + {{- end }} + selector: +{{ toYaml .selector | indent 8 }} + {{- if .targetLabels }} + targetLabels: +{{ toYaml .targetLabels | indent 8 }} + {{- end }} + {{- if .podTargetLabels }} + podTargetLabels: +{{ toYaml .podTargetLabels | indent 8 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/serviceperreplica.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/serviceperreplica.yaml new file mode 100755 index 000000000..1a5543362 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/serviceperreplica.yaml @@ -0,0 +1,46 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.servicePerReplica.enabled }} +{{- $count := .Values.prometheus.prometheusSpec.replicas | int -}} +{{- $serviceValues := .Values.prometheus.servicePerReplica -}} +apiVersion: v1 +kind: List +metadata: + name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-serviceperreplica + namespace: {{ template "kube-prometheus-stack.namespace" . }} +items: +{{- range $i, $e := until $count }} + - apiVersion: v1 + kind: Service + metadata: + name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }} + namespace: {{ template "kube-prometheus-stack.namespace" $ }} + labels: + app: {{ include "kube-prometheus-stack.name" $ }}-prometheus +{{ include "kube-prometheus-stack.labels" $ | indent 8 }} + {{- if $serviceValues.annotations }} + annotations: +{{ toYaml $serviceValues.annotations | indent 8 }} + {{- end }} + spec: + {{- if $serviceValues.clusterIP }} + clusterIP: {{ $serviceValues.clusterIP }} + {{- end }} + {{- if $serviceValues.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := $serviceValues.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} + {{- end }} + ports: + - name: {{ $.Values.prometheus.prometheusSpec.portName }} + {{- if eq $serviceValues.type "NodePort" }} + nodePort: {{ $serviceValues.nodePort }} + {{- end }} + port: {{ $serviceValues.port }} + targetPort: {{ $serviceValues.targetPort }} + selector: + app: prometheus + prometheus: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus + statefulset.kubernetes.io/pod-name: prometheus-{{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }} + type: "{{ $serviceValues.type }}" +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/clusterrole.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/clusterrole.yaml new file mode 100755 index 000000000..a115de7ca --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/clusterrole.yaml @@ -0,0 +1,131 @@ +{{- if and .Values.global.rbac.create .Values.global.rbac.userRoles.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: monitoring-admin + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} + {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }} + rbac.authorization.k8s.io/aggregate-to-admin: "true" + {{- end }} +rules: +- apiGroups: + - monitoring.coreos.com + resources: + - alertmanagers + - prometheuses + - prometheuses/finalizers + - alertmanagers/finalizers + verbs: + - 'get' + - 'list' + - 'watch' +- apiGroups: + - monitoring.coreos.com + resources: + - thanosrulers + - thanosrulers/finalizers + - servicemonitors + - podmonitors + - prometheusrules + - podmonitors + - probes + - probes/finalizers + - alertmanagerconfigs + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: monitoring-edit + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} + {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }} + rbac.authorization.k8s.io/aggregate-to-edit: "true" + {{- end }} +rules: +rules: +- apiGroups: + - monitoring.coreos.com + resources: + - alertmanagers + - prometheuses + - prometheuses/finalizers + - alertmanagers/finalizers + verbs: + - 'get' + - 'list' + - 'watch' +- apiGroups: + - monitoring.coreos.com + resources: + - thanosrulers + - thanosrulers/finalizers + - servicemonitors + - podmonitors + - prometheusrules + - podmonitors + - probes + - alertmanagerconfigs + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: monitoring-view + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} + {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }} + rbac.authorization.k8s.io/aggregate-to-view: "true" + {{- end }} +rules: +- apiGroups: + - monitoring.coreos.com + resources: + - alertmanagers + - prometheuses + - prometheuses/finalizers + - alertmanagers/finalizers + - thanosrulers + - thanosrulers/finalizers + - servicemonitors + - podmonitors + - prometheusrules + - podmonitors + - probes + - probes/finalizers + - alertmanagerconfigs + verbs: + - 'get' + - 'list' + - 'watch' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: monitoring-ui-view + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - services/proxy + resourceNames: + - "http:{{ template "kube-prometheus-stack.fullname" . }}-prometheus:{{ .Values.prometheus.service.port }}" + - "https:{{ template "kube-prometheus-stack.fullname" . }}-prometheus:{{ .Values.prometheus.service.port }}" + - "http:{{ template "kube-prometheus-stack.fullname" . }}-alertmanager:{{ .Values.alertmanager.service.port }}" + - "https:{{ template "kube-prometheus-stack.fullname" . }}-alertmanager:{{ .Values.alertmanager.service.port }}" + - "http:{{ include "call-nested" (list . "grafana" "grafana.fullname") }}:{{ .Values.grafana.service.port }}" + - "https:{{ include "call-nested" (list . "grafana" "grafana.fullname") }}:{{ .Values.grafana.service.port }}" + verbs: + - 'get' +- apiGroups: + - "" + resourceNames: + - {{ template "kube-prometheus-stack.fullname" . }}-prometheus + - {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + - {{ include "call-nested" (list . "grafana" "grafana.fullname") }} + resources: + - endpoints + verbs: + - list +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/config-role.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/config-role.yaml new file mode 100755 index 000000000..f48ffc827 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/config-role.yaml @@ -0,0 +1,48 @@ +{{- if and .Values.global.rbac.create .Values.global.rbac.userRoles.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: monitoring-config-admin + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: monitoring-config-edit + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: monitoring-config-view + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - 'get' + - 'list' + - 'watch' +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboard-role.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboard-role.yaml new file mode 100755 index 000000000..d2f81976a --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboard-role.yaml @@ -0,0 +1,47 @@ +{{- if and .Values.global.rbac.create .Values.global.rbac.userRoles.create .Values.grafana.enabled }} +{{- if .Values.grafana.defaultDashboardsEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: monitoring-dashboard-admin + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: monitoring-dashboard-edit + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: monitoring-dashboard-view + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - 'get' + - 'list' + - 'watch' +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/addons/ingress-nginx-dashboard.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/addons/ingress-nginx-dashboard.yaml new file mode 100755 index 000000000..20c57dd2a --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/addons/ingress-nginx-dashboard.yaml @@ -0,0 +1,18 @@ +# Source: +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled .Values.ingressNginx.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "ingress-nginx" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/ingress-nginx/*").AsConfig | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/cluster-dashboards.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/cluster-dashboards.yaml new file mode 100755 index 000000000..d73b25745 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/cluster-dashboards.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: rancher-default-dashboards-cluster + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/rancher/cluster/*").AsConfig | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/default-dashboard.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/default-dashboard.yaml new file mode 100755 index 000000000..8865efa93 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/default-dashboard.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: rancher-default-dashboards-home + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/rancher/home/*").AsConfig | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/etcd-dashboards.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/etcd-dashboards.yaml new file mode 100755 index 000000000..72bc8fdef --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/etcd-dashboards.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: rancher-default-dashboards-etcd + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/rancher/etcd/*").AsConfig | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/k8s-dashboards.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/k8s-dashboards.yaml new file mode 100755 index 000000000..37afc6495 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/k8s-dashboards.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: rancher-default-dashboards-k8s + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/rancher/k8s/*").AsConfig | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/linux-dashboards.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/linux-dashboards.yaml new file mode 100755 index 000000000..08c39d6a1 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/linux-dashboards.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: rancher-default-dashboards-linux + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/rancher/linux/*").AsConfig | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/nodes-dashboards.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/nodes-dashboards.yaml new file mode 100755 index 000000000..172c36e9d --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/nodes-dashboards.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: rancher-default-dashboards-nodes + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/rancher/nodes/*").AsConfig | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/pods-dashboards.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/pods-dashboards.yaml new file mode 100755 index 000000000..940f18869 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/pods-dashboards.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: rancher-default-dashboards-pods + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/rancher/pods/*").AsConfig | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/windows-dashboards.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/windows-dashboards.yaml new file mode 100755 index 000000000..98c9e18d9 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/windows-dashboards.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled .Values.global.cattle.windows.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: rancher-default-dashboards-windows + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/rancher/windows/*").AsConfig | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/workload-dashboards.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/workload-dashboards.yaml new file mode 100755 index 000000000..d146dacdd --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/workload-dashboards.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: rancher-default-dashboards-workloads + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/rancher/workloads/*").AsConfig | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/default-dashboard.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/default-dashboard.yaml new file mode 100755 index 000000000..faf6d3baf --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/default-dashboard.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "home" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/rancher/*").AsConfig | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/exporters/ingress-nginx/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/exporters/ingress-nginx/service.yaml new file mode 100755 index 000000000..d256576ad --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/exporters/ingress-nginx/service.yaml @@ -0,0 +1,24 @@ +{{- if .Values.ingressNginx.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-ingress-nginx + labels: + app: {{ template "kube-prometheus-stack.name" . }}-ingress-nginx + jobLabel: ingress-nginx +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: {{ .Values.ingressNginx.namespace }} +spec: + clusterIP: None + ports: + - name: http-metrics + port: {{ .Values.ingressNginx.service.port }} + protocol: TCP + targetPort: {{ .Values.ingressNginx.service.targetPort }} + selector: + {{- if .Values.ingressNginx.service.selector }} +{{ toYaml .Values.ingressNginx.service.selector | indent 4 }} + {{- else }} + app: ingress-nginx + {{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/exporters/ingress-nginx/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/exporters/ingress-nginx/servicemonitor.yaml new file mode 100755 index 000000000..643778772 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/exporters/ingress-nginx/servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.ingressNginx.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-ingress-nginx + namespace: {{ .Values.ingressNginx.namespace }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-ingress-nginx +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + jobLabel: jobLabel + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-ingress-nginx + release: {{ $.Release.Name | quote }} + namespaceSelector: + matchNames: + - {{ .Values.ingressNginx.namespace }} + endpoints: + - port: http-metrics + {{- if .Values.ingressNginx.serviceMonitor.interval}} + interval: {{ .Values.ingressNginx.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token +{{- if .Values.ingressNginx.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.ingressNginx.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.ingressNginx.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.ingressNginx.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/hardened.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/hardened.yaml new file mode 100755 index 000000000..f9bf57c7e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/hardened.yaml @@ -0,0 +1,124 @@ +{{- $namespaces := dict "_0" .Release.Namespace -}} +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled (not .Values.grafana.defaultDashboards.useExistingNamespace) -}} +{{- $_ := set $namespaces "_1" .Values.grafana.defaultDashboards.namespace -}} +{{- end -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-patch-sa + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-patch-sa + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +spec: + template: + metadata: + name: {{ .Chart.Name }}-patch-sa + labels: + app: {{ .Chart.Name }}-patch-sa + spec: + serviceAccountName: {{ .Chart.Name }}-patch-sa + securityContext: + runAsNonRoot: true + runAsUser: 1000 + restartPolicy: Never + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + containers: + {{- range $_, $ns := $namespaces }} + - name: patch-sa-{{ $ns }} + image: {{ template "system_default_registry" $ }}{{ $.Values.global.kubectl.repository }}:{{ $.Values.global.kubectl.tag }} + imagePullPolicy: {{ $.Values.global.kubectl.pullPolicy }} + command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] + args: ["-n", "{{ $ns }}"] + {{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Chart.Name }}-patch-sa + labels: + app: {{ .Chart.Name }}-patch-sa +rules: +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: ['get', 'patch'] +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ .Chart.Name }}-patch-sa +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-patch-sa + labels: + app: {{ .Chart.Name }}-patch-sa +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Chart.Name }}-patch-sa +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-patch-sa + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-patch-sa + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-patch-sa +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ .Chart.Name }}-patch-sa + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-patch-sa +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- range $_, $ns := $namespaces }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-allow-all + namespace: {{ $ns }} +spec: + podSelector: {} + ingress: + - {} + egress: + - {} + policyTypes: + - Ingress + - Egress +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/ingress-nginx-dashboard.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/ingress-nginx-dashboard.yaml new file mode 100755 index 000000000..20c57dd2a --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/ingress-nginx-dashboard.yaml @@ -0,0 +1,18 @@ +# Source: +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled .Values.ingressNginx.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "ingress-nginx" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/ingress-nginx/*").AsConfig | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/validate-install-crd.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/validate-install-crd.yaml new file mode 100755 index 000000000..ac7921f58 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/validate-install-crd.yaml @@ -0,0 +1,21 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.coreos.com/v1alpha1/AlertmanagerConfig" false -}} +# {{- set $found "monitoring.coreos.com/v1/Alertmanager" false -}} +# {{- set $found "monitoring.coreos.com/v1/PodMonitor" false -}} +# {{- set $found "monitoring.coreos.com/v1/Probe" false -}} +# {{- set $found "monitoring.coreos.com/v1/Prometheus" false -}} +# {{- set $found "monitoring.coreos.com/v1/PrometheusRule" false -}} +# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} +# {{- set $found "monitoring.coreos.com/v1/ThanosRuler" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/values.yaml new file mode 100755 index 000000000..924e4c67e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/values.yaml @@ -0,0 +1,2954 @@ +# Default values for kube-prometheus-stack. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Rancher Monitoring Configuration + +## Configuration for prometheus-adapter +## ref: https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-adapter +## +prometheus-adapter: + enabled: true + prometheus: + # Change this if you change the namespaceOverride or nameOverride of prometheus-operator + url: http://rancher-monitoring-prometheus.cattle-monitoring-system.svc + port: 9090 + psp: + create: true + +## RKE PushProx Monitoring +## ref: https://github.com/rancher/charts/tree/dev-v2.5-source/packages/rancher-pushprox +## +rkeControllerManager: + enabled: false + metricsPort: 10252 + component: kube-controller-manager + clients: + port: 10011 + useLocalhost: true + nodeSelector: + node-role.kubernetes.io/controlplane: "true" + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +rkeScheduler: + enabled: false + metricsPort: 10251 + component: kube-scheduler + clients: + port: 10012 + useLocalhost: true + nodeSelector: + node-role.kubernetes.io/controlplane: "true" + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +rkeProxy: + enabled: false + metricsPort: 10249 + component: kube-proxy + clients: + port: 10013 + useLocalhost: true + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +rkeEtcd: + enabled: false + metricsPort: 2379 + component: kube-etcd + clients: + port: 10014 + https: + enabled: true + certDir: /etc/kubernetes/ssl + certFile: kube-etcd-*.pem + keyFile: kube-etcd-*-key.pem + caCertFile: kube-ca.pem + nodeSelector: + node-role.kubernetes.io/etcd: "true" + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +## k3s PushProx Monitoring +## ref: https://github.com/rancher/charts/tree/dev-v2.5-source/packages/rancher-pushprox +## +k3sServer: + enabled: false + metricsPort: 10249 + component: k3s-server + clients: + port: 10013 + useLocalhost: true + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +## KubeADM PushProx Monitoring +## ref: https://github.com/rancher/charts/tree/dev-v2.5-source/packages/rancher-pushprox +## +kubeAdmControllerManager: + enabled: false + metricsPort: 10257 + component: kube-controller-manager + clients: + port: 10011 + useLocalhost: true + https: + enabled: true + useServiceAccountCredentials: true + insecureSkipVerify: true + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +kubeAdmScheduler: + enabled: false + metricsPort: 10259 + component: kube-scheduler + clients: + port: 10012 + useLocalhost: true + https: + enabled: true + useServiceAccountCredentials: true + insecureSkipVerify: true + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +kubeAdmProxy: + enabled: false + metricsPort: 10249 + component: kube-proxy + clients: + port: 10013 + useLocalhost: true + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +kubeAdmEtcd: + enabled: false + metricsPort: 2381 + component: kube-etcd + clients: + port: 10014 + useLocalhost: true + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +## rke2 PushProx Monitoring +## ref: https://github.com/rancher/charts/tree/dev-v2.5-source/packages/rancher-pushprox +## +rke2ControllerManager: + enabled: false + metricsPort: 10252 + component: kube-controller-manager + clients: + port: 10011 + useLocalhost: true + nodeSelector: + node-role.kubernetes.io/master: "true" + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +rke2Scheduler: + enabled: false + metricsPort: 10251 + component: kube-scheduler + clients: + port: 10012 + useLocalhost: true + nodeSelector: + node-role.kubernetes.io/master: "true" + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +rke2Proxy: + enabled: false + metricsPort: 10249 + component: kube-proxy + clients: + port: 10013 + useLocalhost: true + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +rke2Etcd: + enabled: false + metricsPort: 2381 + component: kube-etcd + clients: + port: 10014 + useLocalhost: true + nodeSelector: + node-role.kubernetes.io/etcd: "true" + tolerations: + - effect: "NoSchedule" + key: node-role.kubernetes.io/master + operator: "Equal" + +## Component scraping nginx-ingress-controller +## +ingressNginx: + enabled: false + + ## The namespace to search for your nginx-ingress-controller + ## + namespace: ingress-nginx + + service: + port: 9913 + targetPort: 10254 + # selector: + # app: ingress-nginx + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + +# Prometheus Operator Configuration + +## Provide a name in place of kube-prometheus-stack for `app:` labels +## NOTE: If you change this value, you must update the prometheus-adapter.prometheus.url +## +nameOverride: "rancher-monitoring" + +## Override the deployment namespace +## NOTE: If you change this value, you must update the prometheus-adapter.prometheus.url +## +namespaceOverride: "cattle-monitoring-system" + +## Provide a k8s version to auto dashboard import script example: kubeTargetVersionOverride: 1.16.6 +## +kubeTargetVersionOverride: "" + +## Provide a name to substitute for the full names of resources +## +fullnameOverride: "" + +## Labels to apply to all resources +## +commonLabels: {} +# scmhash: abc123 +# myLabel: aakkmd + +## Create default rules for monitoring the cluster +## +defaultRules: + create: true + rules: + alertmanager: true + etcd: true + general: true + k8s: true + kubeApiserver: true + kubeApiserverAvailability: true + kubeApiserverError: true + kubeApiserverSlos: true + kubelet: true + kubePrometheusGeneral: true + kubePrometheusNodeAlerting: true + kubePrometheusNodeRecording: true + kubernetesAbsent: true + kubernetesApps: true + kubernetesResources: true + kubernetesStorage: true + kubernetesSystem: true + kubeScheduler: true + kubeStateMetrics: true + network: true + node: true + prometheus: true + prometheusOperator: true + time: true + + ## Runbook url prefix for default rules + runbookUrl: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md# + ## Reduce app namespace alert scope + appNamespacesTarget: ".*" + + ## Labels for default rules + labels: {} + ## Annotations for default rules + annotations: {} + + ## Additional labels for PrometheusRule alerts + additionalRuleLabels: {} + +## Deprecated way to provide custom recording or alerting rules to be deployed into the cluster. +## +# additionalPrometheusRules: [] +# - name: my-rule-file +# groups: +# - name: my_group +# rules: +# - record: my_record +# expr: 100 * my_record + +## Provide custom recording or alerting rules to be deployed into the cluster. +## +additionalPrometheusRulesMap: {} +# rule-name: +# groups: +# - name: my_group +# rules: +# - record: my_record +# expr: 100 * my_record + +## +global: + cattle: + systemDefaultRegistry: "" + ## Windows Monitoring + ## ref: https://github.com/rancher/charts/tree/dev-v2.5-source/packages/rancher-windows-exporter + ## Runs https://github.com/prometheus-community/windows_exporter as a DaemonSet + ## Relies on the existence of a wins server of version v0.1.0+ on every Windows host to allow + ## windows_exporter to run as a host process that can publish host metrics to a port on the Pod + windows: + enabled: false + kubectl: + repository: rancher/kubectl + tag: v1.20.2 + pullPolicy: IfNotPresent + rbac: + ## Create RBAC resources for ServiceAccounts and users + ## + create: true + + userRoles: + ## Create default user ClusterRoles to allow users to interact with Prometheus CRs, ConfigMaps, and Secrets + create: true + ## Aggregate default user ClusterRoles into default k8s ClusterRoles + aggregateToDefaultRoles: true + + pspEnabled: true + pspAnnotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + ## Reference to one or more secrets to be used when pulling images + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + imagePullSecrets: [] + # - name: "image-pull-secret" + +## Configuration for alertmanager +## ref: https://prometheus.io/docs/alerting/alertmanager/ +## +alertmanager: + + ## Deploy alertmanager + ## + enabled: true + + ## Api that prometheus will use to communicate with alertmanager. Possible values are v1, v2 + ## + apiVersion: v2 + + ## Service account for Alertmanager to use. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + create: true + name: "" + annotations: {} + + ## Configure pod disruption budgets for Alertmanager + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget + ## This configuration is immutable once created and will require the PDB to be deleted to be changed + ## https://github.com/kubernetes/kubernetes/issues/45398 + ## + podDisruptionBudget: + enabled: false + minAvailable: 1 + maxUnavailable: "" + + ## Alertmanager configuration directives + ## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file + ## https://prometheus.io/webtools/alerting/routing-tree-editor/ + ## + ## Example Slack Config + ## config: + ## route: + ## group_by: ['job'] + ## group_wait: 30s + ## group_interval: 5m + ## repeat_interval: 3h + ## receiver: 'slack-notifications' + ## receivers: + ## - name: 'slack-notifications' + ## slack_configs: + ## - send_resolved: true + ## text: '{{ template "slack.rancher.text" . }}' + ## api_url: + ## templates: + ## - /etc/alertmanager/config/*.tmpl + config: + global: + resolve_timeout: 5m + route: + group_by: ['job'] + group_wait: 30s + group_interval: 5m + repeat_interval: 12h + receiver: 'null' + routes: + - match: + alertname: Watchdog + receiver: 'null' + receivers: + - name: 'null' + templates: + - '/etc/alertmanager/config/*.tmpl' + + ## Pass the Alertmanager configuration directives through Helm's templating + ## engine. If the Alertmanager configuration contains Alertmanager templates, + ## they'll need to be properly escaped so that they are not interpreted by + ## Helm + ## ref: https://helm.sh/docs/developing_charts/#using-the-tpl-function + ## https://prometheus.io/docs/alerting/configuration/#tmpl_string + ## https://prometheus.io/docs/alerting/notifications/ + ## https://prometheus.io/docs/alerting/notification_examples/ + tplConfig: false + + ## Alertmanager template files to format alerts + ## By default, templateFiles are placed in /etc/alertmanager/config/ and if + ## they have a .tmpl file suffix will be loaded. See config.templates above + ## to change, add other suffixes. If adding other suffixes, be sure to update + ## config.templates above to include those suffixes. + ## ref: https://prometheus.io/docs/alerting/notifications/ + ## https://prometheus.io/docs/alerting/notification_examples/ + ## + templateFiles: + rancher_defaults.tmpl: |- + {{- define "slack.rancher.text" -}} + {{ template "rancher.text_multiple" . }} + {{- end -}} + + {{- define "rancher.text_multiple" -}} + *[GROUP - Details]* + One or more alarms in this group have triggered a notification. + + {{- if gt (len .GroupLabels.Values) 0 }} + *Group Labels:* + {{- range .GroupLabels.SortedPairs }} + • *{{ .Name }}:* `{{ .Value }}` + {{- end }} + {{- end }} + {{- if .ExternalURL }} + *Link to AlertManager:* {{ .ExternalURL }} + {{- end }} + + {{- range .Alerts }} + {{ template "rancher.text_single" . }} + {{- end }} + {{- end -}} + + {{- define "rancher.text_single" -}} + {{- if .Labels.alertname }} + *[ALERT - {{ .Labels.alertname }}]* + {{- else }} + *[ALERT]* + {{- end }} + {{- if .Labels.severity }} + *Severity:* `{{ .Labels.severity }}` + {{- end }} + {{- if .Labels.cluster }} + *Cluster:* {{ .Labels.cluster }} + {{- end }} + {{- if .Annotations.summary }} + *Summary:* {{ .Annotations.summary }} + {{- end }} + {{- if .Annotations.message }} + *Message:* {{ .Annotations.message }} + {{- end }} + {{- if .Annotations.description }} + *Description:* {{ .Annotations.description }} + {{- end }} + {{- if .Annotations.runbook_url }} + *Runbook URL:* <{{ .Annotations.runbook_url }}|:spiral_note_pad:> + {{- end }} + {{- with .Labels }} + {{- with .Remove (stringSlice "alertname" "severity" "cluster") }} + {{- if gt (len .) 0 }} + *Additional Labels:* + {{- range .SortedPairs }} + • *{{ .Name }}:* `{{ .Value }}` + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- with .Annotations }} + {{- with .Remove (stringSlice "summary" "message" "description" "runbook_url") }} + {{- if gt (len .) 0 }} + *Additional Annotations:* + {{- range .SortedPairs }} + • *{{ .Name }}:* `{{ .Value }}` + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end -}} + + ingress: + enabled: false + + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + + annotations: {} + + labels: {} + + ## Hosts must be provided if Ingress is enabled. + ## + hosts: [] + # - alertmanager.domain.com + + ## Paths to use for ingress rules - one path should match the alertmanagerSpec.routePrefix + ## + paths: [] + # - / + + ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) + ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types + # pathType: ImplementationSpecific + + ## TLS configuration for Alertmanager Ingress + ## Secret must be manually created in the namespace + ## + tls: [] + # - secretName: alertmanager-general-tls + # hosts: + # - alertmanager.example.com + + ## Configuration for Alertmanager secret + ## + secret: + + # Should the Alertmanager Config Secret be cleaned up on an uninstall? + # This is set to false by default to prevent the loss of alerting configuration on an uninstall + # Only used Alertmanager is deployed and alertmanager.alertmanagerSpec.useExistingSecret=false + # + cleanupOnUninstall: false + + # The image used to manage the Alertmanager Config Secret's lifecycle + # Only used Alertmanager is deployed and alertmanager.alertmanagerSpec.useExistingSecret=false + # + image: + repository: rancher/rancher-agent + tag: v2.5.7 + pullPolicy: IfNotPresent + + securityContext: + runAsNonRoot: true + runAsUser: 1000 + + annotations: {} + + ## Configuration for creating an Ingress that will map to each Alertmanager replica service + ## alertmanager.servicePerReplica must be enabled + ## + ingressPerReplica: + enabled: false + + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + + annotations: {} + labels: {} + + ## Final form of the hostname for each per replica ingress is + ## {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }} + ## + ## Prefix for the per replica ingress that will have `-$replicaNumber` + ## appended to the end + hostPrefix: "" + ## Domain that will be used for the per replica ingress + hostDomain: "" + + ## Paths to use for ingress rules + ## + paths: [] + # - / + + ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) + ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types + # pathType: ImplementationSpecific + + ## Secret name containing the TLS certificate for alertmanager per replica ingress + ## Secret must be manually created in the namespace + tlsSecretName: "" + + ## Separated secret for each per replica Ingress. Can be used together with cert-manager + ## + tlsSecretPerReplica: + enabled: false + ## Final form of the secret for each per replica ingress is + ## {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }} + ## + prefix: "alertmanager" + + ## Configuration for Alertmanager service + ## + service: + annotations: {} + labels: {} + clusterIP: "" + + ## Port for Alertmanager Service to listen on + ## + port: 9093 + ## To be used with a proxy extraContainer port + ## + targetPort: 9093 + ## Port to expose on each node + ## Only used if service.type is 'NodePort' + ## + nodePort: 30903 + ## List of IP addresses at which the Prometheus server service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + + ## Additional ports to open for Alertmanager service + additionalPorts: [] + + externalIPs: [] + loadBalancerIP: "" + loadBalancerSourceRanges: [] + ## Service type + ## + type: ClusterIP + + ## Configuration for creating a separate Service for each statefulset Alertmanager replica + ## + servicePerReplica: + enabled: false + annotations: {} + + ## Port for Alertmanager Service per replica to listen on + ## + port: 9093 + + ## To be used with a proxy extraContainer port + targetPort: 9093 + + ## Port to expose on each node + ## Only used if servicePerReplica.type is 'NodePort' + ## + nodePort: 30904 + + ## Loadbalancer source IP ranges + ## Only used if servicePerReplica.type is "LoadBalancer" + loadBalancerSourceRanges: [] + ## Service type + ## + type: ClusterIP + + ## If true, create a serviceMonitor for alertmanager + ## + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + selfMonitor: true + + ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. + scheme: "" + + ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. + ## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig + tlsConfig: {} + + bearerTokenFile: "" + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + ## Settings affecting alertmanagerSpec + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#alertmanagerspec + ## + alertmanagerSpec: + ## Standard object’s metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata + ## Metadata Labels and Annotations gets propagated to the Alertmanager pods. + ## + podMetadata: {} + + ## Image of Alertmanager + ## + image: + repository: rancher/mirrored-prom-alertmanager + tag: v0.21.0 + sha: "" + + ## If true then the user will be responsible to provide a secret with alertmanager configuration + ## So when true the config part will be ignored (including templateFiles) and the one in the secret will be used + ## + useExistingSecret: false + + ## Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the + ## Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/. + ## + secrets: [] + + ## ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. + ## The ConfigMaps are mounted into /etc/alertmanager/configmaps/. + ## + configMaps: [] + + ## ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains configuration for + ## this Alertmanager instance. Defaults to 'alertmanager-' The secret is mounted into /etc/alertmanager/config. + ## + # configSecret: + + ## AlertmanagerConfigs to be selected to merge and configure Alertmanager with. + ## + alertmanagerConfigSelector: {} + ## Example which selects all alertmanagerConfig resources + ## with label "alertconfig" with values any of "example-config" or "example-config-2" + # alertmanagerConfigSelector: + # matchExpressions: + # - key: alertconfig + # operator: In + # values: + # - example-config + # - example-config-2 + # + ## Example which selects all alertmanagerConfig resources with label "role" set to "example-config" + # alertmanagerConfigSelector: + # matchLabels: + # role: example-config + + ## Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. + ## + alertmanagerConfigNamespaceSelector: {} + ## Example which selects all namespaces + ## with label "alertmanagerconfig" with values any of "example-namespace" or "example-namespace-2" + # alertmanagerConfigNamespaceSelector: + # matchExpressions: + # - key: alertmanagerconfig + # operator: In + # values: + # - example-namespace + # - example-namespace-2 + + ## Example which selects all namespaces with label "alertmanagerconfig" set to "enabled" + # alertmanagerConfigNamespaceSelector: + # matchLabels: + # alertmanagerconfig: enabled + + ## Define Log Format + # Use logfmt (default) or json logging + logFormat: logfmt + + ## Log level for Alertmanager to be configured with. + ## + logLevel: info + + ## Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the + ## running cluster equal to the expected size. + replicas: 1 + + ## Time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression + ## [0-9]+(ms|s|m|h) (milliseconds seconds minutes hours). + ## + retention: 120h + + ## Storage is the definition of how storage will be used by the Alertmanager instances. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/storage.md + ## + storage: {} + # volumeClaimTemplate: + # spec: + # storageClassName: gluster + # accessModes: ["ReadWriteOnce"] + # resources: + # requests: + # storage: 50Gi + # selector: {} + + + ## The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. string false + ## + externalUrl: + + ## The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, + ## but the server serves requests under a different route prefix. For example for use with kubectl proxy. + ## + routePrefix: / + + ## If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions. + ## + paused: false + + ## Define which Nodes the Pods are scheduled on. + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Define resources requests and limits for single Pods. + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + limits: + memory: 500Mi + cpu: 1000m + requests: + memory: 100Mi + cpu: 100m + + ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node. + ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided. + ## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node. + ## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured. + ## + podAntiAffinity: "" + + ## If anti-affinity is enabled sets the topologyKey to use for anti-affinity. + ## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone + ## + podAntiAffinityTopologyKey: kubernetes.io/hostname + + ## Assign custom affinity rules to the alertmanager instance + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + affinity: {} + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/e2e-az-name + # operator: In + # values: + # - e2e-az1 + # - e2e-az2 + + ## If specified, the pod's tolerations. + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + + ## If specified, the pod's topology spread constraints. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + # labelSelector: + # matchLabels: + # app: alertmanager + + ## SecurityContext holds pod-level security attributes and common container settings. + ## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: + runAsGroup: 2000 + runAsNonRoot: true + runAsUser: 1000 + fsGroup: 2000 + + ## ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP. + ## Note this is only for the Alertmanager UI, not the gossip communication. + ## + listenLocal: false + + ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod. + ## + containers: [] + + # Additional volumes on the output StatefulSet definition. + volumes: [] + + # Additional VolumeMounts on the output StatefulSet definition. + volumeMounts: [] + + ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes + ## (permissions, dir tree) on mounted volumes before starting prometheus + initContainers: [] + + ## Priority class assigned to the Pods + ## + priorityClassName: "" + + ## AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster. + ## + additionalPeers: [] + + ## PortName to use for Alert Manager. + ## + portName: "web" + + ## ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918 + ## + clusterAdvertiseAddress: false + + ## ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica. + ## Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each. + forceEnableClusterMode: false + + +## Using default values from https://github.com/grafana/helm-charts/blob/main/charts/grafana/values.yaml +## +grafana: + enabled: true + namespaceOverride: "" + + ## Grafana's primary configuration + ## NOTE: values in map will be converted to ini format + ## ref: http://docs.grafana.org/installation/configuration/ + ## + grafana.ini: + users: + auto_assign_org_role: Viewer + auth: + disable_login_form: false + auth.anonymous: + enabled: true + org_role: Viewer + auth.basic: + enabled: false + dashboards: + # Modify this value to change the default dashboard shown on the main Grafana page + default_home_dashboard_path: /tmp/dashboards/rancher-default-home.json + security: + # Required to embed dashboards in Rancher Cluster Overview Dashboard on Cluster Explorer + allow_embedding: true + + deploymentStrategy: + type: Recreate + + ## Deploy default dashboards. + ## + defaultDashboardsEnabled: true + + # Additional options for defaultDashboards + defaultDashboards: + # The default namespace to place defaultDashboards within + namespace: cattle-dashboards + # Whether to create the default namespace as a Helm managed namespace or use an existing namespace + # If false, the defaultDashboards.namespace will be created as a Helm managed namespace + useExistingNamespace: false + # Whether the Helm managed namespace created by this chart should be left behind on a Helm uninstall + # If you place other dashboards in this namespace, then they will be deleted on a helm uninstall + # Ignore if useExistingNamespace is true + cleanupOnUninstall: false + + adminPassword: prom-operator + + ingress: + ## If true, Grafana Ingress will be created + ## + enabled: false + + ## Annotations for Grafana Ingress + ## + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + + ## Labels to be added to the Ingress + ## + labels: {} + + ## Hostnames. + ## Must be provided if Ingress is enable. + ## + # hosts: + # - grafana.domain.com + hosts: [] + + ## Path for grafana ingress + path: / + + ## TLS configuration for grafana Ingress + ## Secret must be manually created in the namespace + ## + tls: [] + # - secretName: grafana-general-tls + # hosts: + # - grafana.example.com + + sidecar: + dashboards: + enabled: true + label: grafana_dashboard + searchNamespace: cattle-dashboards + + ## Annotations for Grafana dashboard configmaps + ## + annotations: {} + multicluster: false + datasources: + enabled: true + defaultDatasourceEnabled: true + + # If not defined, will use prometheus.prometheusSpec.scrapeInterval or its default + # defaultDatasourceScrapeInterval: 15s + + ## Annotations for Grafana datasource configmaps + ## + annotations: {} + + ## Create datasource for each Pod of Prometheus StatefulSet; + ## this uses headless service `prometheus-operated` which is + ## created by Prometheus Operator + ## ref: https://git.io/fjaBS + createPrometheusReplicasDatasources: false + label: grafana_datasource + + extraConfigmapMounts: [] + # - name: certs-configmap + # mountPath: /etc/grafana/ssl/ + # configMap: certs-configmap + # readOnly: true + + ## Configure additional grafana datasources (passed through tpl) + ## ref: http://docs.grafana.org/administration/provisioning/#datasources + additionalDataSources: [] + # - name: prometheus-sample + # access: proxy + # basicAuth: true + # basicAuthPassword: pass + # basicAuthUser: daco + # editable: false + # jsonData: + # tlsSkipVerify: true + # orgId: 1 + # type: prometheus + # url: https://{{ printf "%s-prometheus.svc" .Release.Name }}:9090 + # version: 1 + + ## Passed to grafana subchart and used by servicemonitor below + ## + service: + portName: nginx-http + ## Port for Grafana Service to listen on + ## + port: 80 + ## To be used with a proxy extraContainer port + ## + targetPort: 8080 + ## Port to expose on each node + ## Only used if service.type is 'NodePort' + ## + nodePort: 30950 + ## Service type + ## + type: ClusterIP + + proxy: + image: + repository: rancher/mirrored-library-nginx + tag: 1.19.2-alpine + + ## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod + extraContainers: | + - name: grafana-proxy + args: + - nginx + - -g + - daemon off; + - -c + - /nginx/nginx.conf + image: "{{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" + ports: + - containerPort: 8080 + name: nginx-http + protocol: TCP + volumeMounts: + - mountPath: /nginx + name: grafana-nginx + - mountPath: /var/cache/nginx + name: nginx-home + securityContext: + runAsUser: 101 + runAsGroup: 101 + + ## Volumes that can be used in containers + extraContainerVolumes: + - name: nginx-home + emptyDir: {} + - name: grafana-nginx + configMap: + name: grafana-nginx-proxy-config + items: + - key: nginx.conf + mode: 438 + path: nginx.conf + + ## If true, create a serviceMonitor for grafana + ## + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + selfMonitor: true + + # Path to use for scraping metrics. Might be different if server.root_url is set + # in grafana.ini + path: "/metrics" + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + resources: + limits: + memory: 200Mi + cpu: 200m + requests: + memory: 100Mi + cpu: 100m + +## Component scraping the kube api server +## +kubeApiServer: + enabled: true + tlsConfig: + serverName: kubernetes + insecureSkipVerify: false + + ## If your API endpoint address is not reachable (as in AKS) you can replace it with the kubernetes service + ## + relabelings: [] + # - sourceLabels: + # - __meta_kubernetes_namespace + # - __meta_kubernetes_service_name + # - __meta_kubernetes_endpoint_port_name + # action: keep + # regex: default;kubernetes;https + # - targetLabel: __address__ + # replacement: kubernetes.default.svc:443 + + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + jobLabel: component + selector: + matchLabels: + component: apiserver + provider: kubernetes + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + +## Component scraping the kubelet and kubelet-hosted cAdvisor +## +kubelet: + enabled: true + namespace: kube-system + + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## Enable scraping the kubelet over https. For requirements to enable this see + ## https://github.com/prometheus-operator/prometheus-operator/issues/926 + ## + https: true + + ## Enable scraping /metrics/cadvisor from kubelet's service + ## + cAdvisor: true + + ## Enable scraping /metrics/probes from kubelet's service + ## + probes: true + + ## Enable scraping /metrics/resource from kubelet's service + ## This is disabled by default because container metrics are already exposed by cAdvisor + ## + resource: false + # From kubernetes 1.18, /metrics/resource/v1alpha1 renamed to /metrics/resource + resourcePath: "/metrics/resource/v1alpha1" + ## Metric relabellings to apply to samples before ingestion + ## + cAdvisorMetricRelabelings: [] + # - sourceLabels: [__name__, image] + # separator: ; + # regex: container_([a-z_]+); + # replacement: $1 + # action: drop + # - sourceLabels: [__name__] + # separator: ; + # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) + # replacement: $1 + # action: drop + + ## Metric relabellings to apply to samples before ingestion + ## + probesMetricRelabelings: [] + # - sourceLabels: [__name__, image] + # separator: ; + # regex: container_([a-z_]+); + # replacement: $1 + # action: drop + # - sourceLabels: [__name__] + # separator: ; + # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) + # replacement: $1 + # action: drop + + # relabel configs to apply to samples before ingestion. + # metrics_path is required to match upstream rules and charts + ## + cAdvisorRelabelings: + - sourceLabels: [__metrics_path__] + targetLabel: metrics_path + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + probesRelabelings: + - sourceLabels: [__metrics_path__] + targetLabel: metrics_path + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + resourceRelabelings: + - sourceLabels: [__metrics_path__] + targetLabel: metrics_path + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + metricRelabelings: [] + # - sourceLabels: [__name__, image] + # separator: ; + # regex: container_([a-z_]+); + # replacement: $1 + # action: drop + # - sourceLabels: [__name__] + # separator: ; + # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) + # replacement: $1 + # action: drop + + # relabel configs to apply to samples before ingestion. + # metrics_path is required to match upstream rules and charts + ## + relabelings: + - sourceLabels: [__metrics_path__] + targetLabel: metrics_path + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + +## Component scraping the kube controller manager +## +kubeControllerManager: + enabled: false + + ## If your kube controller manager is not deployed as a pod, specify IPs it can be found on + ## + endpoints: [] + # - 10.141.4.22 + # - 10.141.4.23 + # - 10.141.4.24 + + ## If using kubeControllerManager.endpoints only the port and targetPort are used + ## + service: + enabled: true + port: 10252 + targetPort: 10252 + # selector: + # component: kube-controller-manager + + serviceMonitor: + enabled: true + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## Enable scraping kube-controller-manager over https. + ## Requires proper certs (not self-signed) and delegated authentication/authorization checks + ## + https: false + + # Skip TLS certificate validation when scraping + insecureSkipVerify: null + + # Name of the server to use when validating TLS certificate + serverName: null + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + +## Component scraping coreDns. Use either this or kubeDns +## +coreDns: + enabled: true + service: + port: 9153 + targetPort: 9153 + # selector: + # k8s-app: kube-dns + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + +## Component scraping kubeDns. Use either this or coreDns +## +kubeDns: + enabled: false + service: + dnsmasq: + port: 10054 + targetPort: 10054 + skydns: + port: 10055 + targetPort: 10055 + # selector: + # k8s-app: kube-dns + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + dnsmasqMetricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + dnsmasqRelabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + +## Component scraping etcd +## +kubeEtcd: + enabled: false + + ## If your etcd is not deployed as a pod, specify IPs it can be found on + ## + endpoints: [] + # - 10.141.4.22 + # - 10.141.4.23 + # - 10.141.4.24 + + ## Etcd service. If using kubeEtcd.endpoints only the port and targetPort are used + ## + service: + enabled: true + port: 2379 + targetPort: 2379 + # selector: + # component: etcd + + ## Configure secure access to the etcd cluster by loading a secret into prometheus and + ## specifying security configuration below. For example, with a secret named etcd-client-cert + ## + ## serviceMonitor: + ## scheme: https + ## insecureSkipVerify: false + ## serverName: localhost + ## caFile: /etc/prometheus/secrets/etcd-client-cert/etcd-ca + ## certFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client + ## keyFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key + ## + serviceMonitor: + enabled: true + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + scheme: http + insecureSkipVerify: false + serverName: "" + caFile: "" + certFile: "" + keyFile: "" + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + +## Component scraping kube scheduler +## +kubeScheduler: + enabled: false + + ## If your kube scheduler is not deployed as a pod, specify IPs it can be found on + ## + endpoints: [] + # - 10.141.4.22 + # - 10.141.4.23 + # - 10.141.4.24 + + ## If using kubeScheduler.endpoints only the port and targetPort are used + ## + service: + enabled: true + port: 10251 + targetPort: 10251 + # selector: + # component: kube-scheduler + + serviceMonitor: + enabled: true + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + ## Enable scraping kube-scheduler over https. + ## Requires proper certs (not self-signed) and delegated authentication/authorization checks + ## + https: false + + ## Skip TLS certificate validation when scraping + insecureSkipVerify: null + + ## Name of the server to use when validating TLS certificate + serverName: null + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + +## Component scraping kube proxy +## +kubeProxy: + enabled: false + + ## If your kube proxy is not deployed as a pod, specify IPs it can be found on + ## + endpoints: [] + # - 10.141.4.22 + # - 10.141.4.23 + # - 10.141.4.24 + + service: + enabled: true + port: 10249 + targetPort: 10249 + # selector: + # k8s-app: kube-proxy + + serviceMonitor: + enabled: true + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## Enable scraping kube-proxy over https. + ## Requires proper certs (not self-signed) and delegated authentication/authorization checks + ## + https: false + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + +## Component scraping kube state metrics +## +kubeStateMetrics: + enabled: true + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + ## Override serviceMonitor selector + ## + selectorOverride: {} + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + +## Configuration for kube-state-metrics subchart +## +kube-state-metrics: + namespaceOverride: "" + rbac: + create: true + podSecurityPolicy: + enabled: true + resources: + limits: + cpu: 100m + memory: 200Mi + requests: + cpu: 100m + memory: 130Mi + +## Deploy node exporter as a daemonset to all nodes +## +nodeExporter: + enabled: true + + ## Use the value configured in prometheus-node-exporter.podLabels + ## + jobLabel: jobLabel + + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## How long until a scrape request times out. If not set, the Prometheus default scape timeout is used. + ## + scrapeTimeout: "" + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - sourceLabels: [__name__] + # separator: ; + # regex: ^node_mountstats_nfs_(event|operations|transport)_.+ + # replacement: $1 + # action: drop + + ## relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + +## Configuration for prometheus-node-exporter subchart +## +prometheus-node-exporter: + namespaceOverride: "" + podLabels: + ## Add the 'node-exporter' label to be used by serviceMonitor to match standard common usage in rules and grafana dashboards + ## + jobLabel: node-exporter + extraArgs: + - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/) + - --collector.filesystem.ignored-fs-types=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$ + service: + port: 9796 + targetPort: 9796 + resources: + limits: + cpu: 200m + memory: 50Mi + requests: + cpu: 100m + memory: 30Mi + +## Manages Prometheus and Alertmanager components +## +prometheusOperator: + enabled: true + + ## Prometheus-Operator v0.39.0 and later support TLS natively. + ## + tls: + enabled: true + # Value must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants + tlsMinVersion: VersionTLS13 + # The default webhook port is 10250 in order to work out-of-the-box in GKE private clusters and avoid adding firewall rules. + internalPort: 10250 + + ## Admission webhook support for PrometheusRules resources added in Prometheus Operator 0.30 can be enabled to prevent incorrectly formatted + ## rules from making their way into prometheus and potentially preventing the container from starting + admissionWebhooks: + failurePolicy: Fail + enabled: true + ## A PEM encoded CA bundle which will be used to validate the webhook's server certificate. + ## If unspecified, system trust roots on the apiserver are used. + caBundle: "" + ## If enabled, generate a self-signed certificate, then patch the webhook configurations with the generated data. + ## On chart upgrades (or if the secret exists) the cert will not be re-generated. You can use this to provide your own + ## certs ahead of time if you wish. + ## + patch: + enabled: true + image: + repository: rancher/mirrored-jettech-kube-webhook-certgen + tag: v1.5.0 + sha: "" + pullPolicy: IfNotPresent + resources: {} + ## Provide a priority class name to the webhook patching job + ## + priorityClassName: "" + podAnnotations: {} + nodeSelector: {} + affinity: {} + tolerations: [] + # Use certmanager to generate webhook certs + certManager: + enabled: false + # issuerRef: + # name: "issuer" + # kind: "ClusterIssuer" + + ## Namespaces to scope the interaction of the Prometheus Operator and the apiserver (allow list). + ## This is mutually exclusive with denyNamespaces. Setting this to an empty object will disable the configuration + ## + namespaces: {} + # releaseNamespace: true + # additional: + # - kube-system + + ## Namespaces not to scope the interaction of the Prometheus Operator (deny list). + ## + denyNamespaces: [] + + ## Filter namespaces to look for prometheus-operator custom resources + ## + alertmanagerInstanceNamespaces: [] + prometheusInstanceNamespaces: [] + thanosRulerInstanceNamespaces: [] + + ## The clusterDomain value will be added to the cluster.peer option of the alertmanager. + ## Without this specified option cluster.peer will have value alertmanager-monitoring-alertmanager-0.alertmanager-operated:9094 (default value) + ## With this specified option cluster.peer will have value alertmanager-monitoring-alertmanager-0.alertmanager-operated.namespace.svc.cluster-domain:9094 + ## + # clusterDomain: "cluster.local" + + ## Service account for Alertmanager to use. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + create: true + name: "" + + ## Configuration for Prometheus operator service + ## + service: + annotations: {} + labels: {} + clusterIP: "" + + ## Port to expose on each node + ## Only used if service.type is 'NodePort' + ## + nodePort: 30080 + + nodePortTls: 30443 + + ## Additional ports to open for Prometheus service + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services + ## + additionalPorts: [] + + ## Loadbalancer IP + ## Only use if service.type is "LoadBalancer" + ## + loadBalancerIP: "" + loadBalancerSourceRanges: [] + + ## Service type + ## NodePort, ClusterIP, LoadBalancer + ## + type: ClusterIP + + ## List of IP addresses at which the Prometheus server service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + ## Labels to add to the operator pod + ## + podLabels: {} + + ## Annotations to add to the operator pod + ## + podAnnotations: {} + + ## Assign a PriorityClassName to pods if set + # priorityClassName: "" + + ## Define Log Format + # Use logfmt (default) or json logging + # logFormat: logfmt + + ## Decrease log verbosity to errors only + # logLevel: error + + ## If true, the operator will create and maintain a service for scraping kubelets + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/helm/prometheus-operator/README.md + ## + kubeletService: + enabled: true + namespace: kube-system + + ## Create a servicemonitor for the operator + ## + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + ## Scrape timeout. If not set, the Prometheus default scrape timeout is used. + scrapeTimeout: "" + selfMonitor: true + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + ## Resource limits & requests + ## + resources: + limits: + cpu: 200m + memory: 500Mi + requests: + cpu: 100m + memory: 100Mi + + # Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), + # because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working + ## + hostNetwork: false + + ## Define which Nodes the Pods are scheduled on. + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Tolerations for use with node taints + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + + ## Assign custom affinity rules to the prometheus operator + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + affinity: {} + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/e2e-az-name + # operator: In + # values: + # - e2e-az1 + # - e2e-az2 + dnsConfig: {} + # nameservers: + # - 1.2.3.4 + # searches: + # - ns1.svc.cluster-domain.example + # - my.dns.search.suffix + # options: + # - name: ndots + # value: "2" + # - name: edns0 + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + + ## Prometheus-operator image + ## + image: + repository: rancher/mirrored-prometheus-operator-prometheus-operator + tag: v0.46.0 + sha: "" + pullPolicy: IfNotPresent + + ## Prometheus image to use for prometheuses managed by the operator + ## + # prometheusDefaultBaseImage: quay.io/prometheus/prometheus + + ## Alertmanager image to use for alertmanagers managed by the operator + ## + # alertmanagerDefaultBaseImage: quay.io/prometheus/alertmanager + + ## Prometheus-config-reloader image to use for config and rule reloading + ## + prometheusConfigReloaderImage: + repository: rancher/mirrored-prometheus-operator-prometheus-config-reloader + tag: v0.46.0 + sha: "" + + ## Set the prometheus config reloader side-car CPU limit + ## + configReloaderCpu: 100m + + ## Set the prometheus config reloader side-car memory limit + ## + configReloaderMemory: 50Mi + + ## Set a Field Selector to filter watched secrets + ## + secretFieldSelector: "" + +## Deploy a Prometheus instance +## +prometheus: + + enabled: true + + ## Annotations for Prometheus + ## + annotations: {} + + ## Service account for Prometheuses to use. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + create: true + name: "" + + # Service for thanos service discovery on sidecar + # Enable this can make Thanos Query can use + # `--store=dnssrv+_grpc._tcp.${kube-prometheus-stack.fullname}-thanos-discovery.${namespace}.svc.cluster.local` to discovery + # Thanos sidecar on prometheus nodes + # (Please remember to change ${kube-prometheus-stack.fullname} and ${namespace}. Not just copy and paste!) + thanosService: + enabled: false + annotations: {} + labels: {} + portName: grpc + port: 10901 + targetPort: "grpc" + clusterIP: "None" + + ## Service type + ## + type: ClusterIP + + ## Port to expose on each node + ## + nodePort: 30901 + + ## Service type + ## + type: ClusterIP + + ## Port to expose on each node + ## + nodePort: 30901 + + ## Configuration for Prometheus service + ## + service: + annotations: {} + labels: {} + clusterIP: "" + + ## Port for Prometheus Service to listen on + ## + port: 9090 + + ## To be used with a proxy extraContainer port + targetPort: 8081 + + ## List of IP addresses at which the Prometheus server service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + ## Port to expose on each node + ## Only used if service.type is 'NodePort' + ## + nodePort: 30090 + + ## Loadbalancer IP + ## Only use if service.type is "LoadBalancer" + loadBalancerIP: "" + loadBalancerSourceRanges: [] + ## Service type + ## + type: ClusterIP + + sessionAffinity: "" + + ## Configuration for creating a separate Service for each statefulset Prometheus replica + ## + servicePerReplica: + enabled: false + annotations: {} + + ## Port for Prometheus Service per replica to listen on + ## + port: 9090 + + ## To be used with a proxy extraContainer port + targetPort: 9090 + + ## Port to expose on each node + ## Only used if servicePerReplica.type is 'NodePort' + ## + nodePort: 30091 + + ## Loadbalancer source IP ranges + ## Only used if servicePerReplica.type is "LoadBalancer" + loadBalancerSourceRanges: [] + ## Service type + ## + type: ClusterIP + + ## Configure pod disruption budgets for Prometheus + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget + ## This configuration is immutable once created and will require the PDB to be deleted to be changed + ## https://github.com/kubernetes/kubernetes/issues/45398 + ## + podDisruptionBudget: + enabled: false + minAvailable: 1 + maxUnavailable: "" + + # Ingress exposes thanos sidecar outside the cluster + thanosIngress: + enabled: false + + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + + annotations: {} + labels: {} + servicePort: 10901 + + ## Port to expose on each node + ## Only used if service.type is 'NodePort' + ## + nodePort: 30901 + + ## Hosts must be provided if Ingress is enabled. + ## + hosts: [] + # - thanos-gateway.domain.com + + ## Paths to use for ingress rules + ## + paths: [] + # - / + + ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) + ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types + # pathType: ImplementationSpecific + + ## TLS configuration for Thanos Ingress + ## Secret must be manually created in the namespace + ## + tls: [] + # - secretName: thanos-gateway-tls + # hosts: + # - thanos-gateway.domain.com + + ingress: + enabled: false + + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + + annotations: {} + labels: {} + + ## Hostnames. + ## Must be provided if Ingress is enabled. + ## + # hosts: + # - prometheus.domain.com + hosts: [] + + ## Paths to use for ingress rules - one path should match the prometheusSpec.routePrefix + ## + paths: [] + # - / + + ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) + ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types + # pathType: ImplementationSpecific + + ## TLS configuration for Prometheus Ingress + ## Secret must be manually created in the namespace + ## + tls: [] + # - secretName: prometheus-general-tls + # hosts: + # - prometheus.example.com + + ## Configuration for creating an Ingress that will map to each Prometheus replica service + ## prometheus.servicePerReplica must be enabled + ## + ingressPerReplica: + enabled: false + + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + + annotations: {} + labels: {} + + ## Final form of the hostname for each per replica ingress is + ## {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }} + ## + ## Prefix for the per replica ingress that will have `-$replicaNumber` + ## appended to the end + hostPrefix: "" + ## Domain that will be used for the per replica ingress + hostDomain: "" + + ## Paths to use for ingress rules + ## + paths: [] + # - / + + ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) + ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types + # pathType: ImplementationSpecific + + ## Secret name containing the TLS certificate for Prometheus per replica ingress + ## Secret must be manually created in the namespace + tlsSecretName: "" + + ## Separated secret for each per replica Ingress. Can be used together with cert-manager + ## + tlsSecretPerReplica: + enabled: false + ## Final form of the secret for each per replica ingress is + ## {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }} + ## + prefix: "prometheus" + + ## Configure additional options for default pod security policy for Prometheus + ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + podSecurityPolicy: + allowedCapabilities: [] + allowedHostPaths: [] + volumes: [] + + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + selfMonitor: true + + ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. + scheme: "" + + ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. + ## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#tlsconfig + tlsConfig: {} + + bearerTokenFile: + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + ## Settings affecting prometheusSpec + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + prometheusSpec: + ## If true, pass --storage.tsdb.max-block-duration=2h to prometheus. This is already done if using Thanos + ## + disableCompaction: false + ## APIServerConfig + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#apiserverconfig + ## + apiserverConfig: {} + + ## Interval between consecutive scrapes. + ## Defaults to 30s. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/release-0.44/pkg/prometheus/promcfg.go#L180-L183 + ## + scrapeInterval: "" + + ## Number of seconds to wait for target to respond before erroring + ## + scrapeTimeout: "" + + ## Interval between consecutive evaluations. + ## + evaluationInterval: "" + + ## ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP. + ## + listenLocal: false + + ## EnableAdminAPI enables Prometheus the administrative HTTP API which includes functionality such as deleting time series. + ## This is disabled by default. + ## ref: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis + ## + enableAdminAPI: false + + ## Image of Prometheus. + ## + image: + repository: rancher/mirrored-prometheus-prometheus + tag: v2.24.0 + sha: "" + + ## Tolerations for use with node taints + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + + ## If specified, the pod's topology spread constraints. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + # labelSelector: + # matchLabels: + # app: prometheus + + ## Alertmanagers to which alerts will be sent + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#alertmanagerendpoints + ## + ## Default configuration will connect to the alertmanager deployed as part of this release + ## + alertingEndpoints: [] + # - name: "" + # namespace: "" + # port: http + # scheme: http + # pathPrefix: "" + # tlsConfig: {} + # bearerTokenFile: "" + # apiVersion: v2 + + ## External labels to add to any time series or alerts when communicating with external systems + ## + externalLabels: {} + + ## Name of the external label used to denote replica name + ## + replicaExternalLabelName: "" + + ## If true, the Operator won't add the external label used to denote replica name + ## + replicaExternalLabelNameClear: false + + ## Name of the external label used to denote Prometheus instance name + ## + prometheusExternalLabelName: "" + + ## If true, the Operator won't add the external label used to denote Prometheus instance name + ## + prometheusExternalLabelNameClear: false + + ## External URL at which Prometheus will be reachable. + ## + externalUrl: "" + + ## Ignore NamespaceSelector settings from the PodMonitor and ServiceMonitor configs + ## If true, PodMonitors and ServiceMonitors can only discover Pods and Services within the namespace they are deployed into + ## + ignoreNamespaceSelectors: false + + ## Define which Nodes the Pods are scheduled on. + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. + ## The Secrets are mounted into /etc/prometheus/secrets/. Secrets changes after initial creation of a Prometheus object are not + ## reflected in the running Pods. To change the secrets mounted into the Prometheus Pods, the object must be deleted and recreated + ## with the new list of secrets. + ## + secrets: [] + + ## ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. + ## The ConfigMaps are mounted into /etc/prometheus/configmaps/. + ## + configMaps: [] + + ## QuerySpec defines the query command line flags when starting Prometheus. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#queryspec + ## + query: {} + + ## Namespaces to be selected for PrometheusRules discovery. + ## If nil, select own namespace. Namespaces to be selected for ServiceMonitor discovery. + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage + ## + ruleNamespaceSelector: {} + + ## If true, a nil or {} value for prometheus.prometheusSpec.ruleSelector will cause the + ## prometheus resource to be created with selectors based on values in the helm deployment, + ## which will also match the PrometheusRule resources created + ## + ruleSelectorNilUsesHelmValues: false + + ## PrometheusRules to be selected for target discovery. + ## If {}, select all PrometheusRules + ## + ruleSelector: {} + ## Example which select all PrometheusRules resources + ## with label "prometheus" with values any of "example-rules" or "example-rules-2" + # ruleSelector: + # matchExpressions: + # - key: prometheus + # operator: In + # values: + # - example-rules + # - example-rules-2 + # + ## Example which select all PrometheusRules resources with label "role" set to "example-rules" + # ruleSelector: + # matchLabels: + # role: example-rules + + ## If true, a nil or {} value for prometheus.prometheusSpec.serviceMonitorSelector will cause the + ## prometheus resource to be created with selectors based on values in the helm deployment, + ## which will also match the servicemonitors created + ## + serviceMonitorSelectorNilUsesHelmValues: false + + ## ServiceMonitors to be selected for target discovery. + ## If {}, select all ServiceMonitors + ## + serviceMonitorSelector: {} + ## Example which selects ServiceMonitors with label "prometheus" set to "somelabel" + # serviceMonitorSelector: + # matchLabels: + # prometheus: somelabel + + ## Namespaces to be selected for ServiceMonitor discovery. + ## + serviceMonitorNamespaceSelector: {} + ## Example which selects ServiceMonitors in namespaces with label "prometheus" set to "somelabel" + # serviceMonitorNamespaceSelector: + # matchLabels: + # prometheus: somelabel + + ## If true, a nil or {} value for prometheus.prometheusSpec.podMonitorSelector will cause the + ## prometheus resource to be created with selectors based on values in the helm deployment, + ## which will also match the podmonitors created + ## + podMonitorSelectorNilUsesHelmValues: false + + ## PodMonitors to be selected for target discovery. + ## If {}, select all PodMonitors + ## + podMonitorSelector: {} + ## Example which selects PodMonitors with label "prometheus" set to "somelabel" + # podMonitorSelector: + # matchLabels: + # prometheus: somelabel + + ## Namespaces to be selected for PodMonitor discovery. + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage + ## + podMonitorNamespaceSelector: {} + + ## If true, a nil or {} value for prometheus.prometheusSpec.probeSelector will cause the + ## prometheus resource to be created with selectors based on values in the helm deployment, + ## which will also match the probes created + ## + probeSelectorNilUsesHelmValues: true + + ## Probes to be selected for target discovery. + ## If {}, select all Probes + ## + probeSelector: {} + ## Example which selects Probes with label "prometheus" set to "somelabel" + # probeSelector: + # matchLabels: + # prometheus: somelabel + + ## Namespaces to be selected for Probe discovery. + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage + ## + probeNamespaceSelector: {} + + ## How long to retain metrics + ## + retention: 10d + + ## Maximum size of metrics + ## + retentionSize: "" + + ## Enable compression of the write-ahead log using Snappy. + ## + walCompression: false + + ## If true, the Operator won't process any Prometheus configuration changes + ## + paused: false + + ## Number of replicas of each shard to deploy for a Prometheus deployment. + ## Number of replicas multiplied by shards is the total number of Pods created. + ## + replicas: 1 + + ## EXPERIMENTAL: Number of shards to distribute targets onto. + ## Number of replicas multiplied by shards is the total number of Pods created. + ## Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved. + ## Increasing shards will not reshard data either but it will continue to be available from the same instances. + ## To query globally use Thanos sidecar and Thanos querier or remote write data to a central location. + ## Sharding is done on the content of the `__address__` target meta-label. + ## + shards: 1 + + ## Log level for Prometheus be configured in + ## + logLevel: info + + ## Log format for Prometheus be configured in + ## + logFormat: logfmt + + ## Prefix used to register routes, overriding externalUrl route. + ## Useful for proxies that rewrite URLs. + ## + routePrefix: / + + ## Standard object’s metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata + ## Metadata Labels and Annotations gets propagated to the prometheus pods. + ## + podMetadata: {} + # labels: + # app: prometheus + # k8s-app: prometheus + + ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node. + ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided. + ## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node. + ## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured. + podAntiAffinity: "" + + ## If anti-affinity is enabled sets the topologyKey to use for anti-affinity. + ## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone + ## + podAntiAffinityTopologyKey: kubernetes.io/hostname + + ## Assign custom affinity rules to the prometheus instance + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + affinity: {} + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/e2e-az-name + # operator: In + # values: + # - e2e-az1 + # - e2e-az2 + + ## The remote_read spec configuration for Prometheus. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#remotereadspec + remoteRead: [] + # - url: http://remote1/read + + ## The remote_write spec configuration for Prometheus. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#remotewritespec + remoteWrite: [] + # - url: http://remote1/push + + ## Enable/Disable Grafana dashboards provisioning for prometheus remote write feature + remoteWriteDashboards: false + + ## Resource limits & requests + ## + resources: + limits: + memory: 1500Mi + cpu: 1000m + requests: + memory: 750Mi + cpu: 750m + + ## Prometheus StorageSpec for persistent data + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/storage.md + ## + storageSpec: {} + ## Using PersistentVolumeClaim + ## + # volumeClaimTemplate: + # spec: + # storageClassName: gluster + # accessModes: ["ReadWriteOnce"] + # resources: + # requests: + # storage: 50Gi + # selector: {} + + ## Using tmpfs volume + ## + # emptyDir: + # medium: Memory + + # Additional volumes on the output StatefulSet definition. + volumes: + - name: nginx-home + emptyDir: {} + - name: prometheus-nginx + configMap: + name: prometheus-nginx-proxy-config + defaultMode: 438 + + # Additional VolumeMounts on the output StatefulSet definition. + volumeMounts: [] + + ## AdditionalScrapeConfigs allows specifying additional Prometheus scrape configurations. Scrape configurations + ## are appended to the configurations generated by the Prometheus Operator. Job configurations must have the form + ## as specified in the official Prometheus documentation: + ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are + ## appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility + ## to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible + ## scrape configs are going to break Prometheus after the upgrade. + ## + ## The scrape configuration example below will find master nodes, provided they have the name .*mst.*, relabel the + ## port to 2379 and allow etcd scraping provided it is running on all Kubernetes master nodes + ## + additionalScrapeConfigs: [] + # - job_name: kube-etcd + # kubernetes_sd_configs: + # - role: node + # scheme: https + # tls_config: + # ca_file: /etc/prometheus/secrets/etcd-client-cert/etcd-ca + # cert_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client + # key_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key + # relabel_configs: + # - action: labelmap + # regex: __meta_kubernetes_node_label_(.+) + # - source_labels: [__address__] + # action: replace + # targetLabel: __address__ + # regex: ([^:;]+):(\d+) + # replacement: ${1}:2379 + # - source_labels: [__meta_kubernetes_node_name] + # action: keep + # regex: .*mst.* + # - source_labels: [__meta_kubernetes_node_name] + # action: replace + # targetLabel: node + # regex: (.*) + # replacement: ${1} + # metric_relabel_configs: + # - regex: (kubernetes_io_hostname|failure_domain_beta_kubernetes_io_region|beta_kubernetes_io_os|beta_kubernetes_io_arch|beta_kubernetes_io_instance_type|failure_domain_beta_kubernetes_io_zone) + # action: labeldrop + + ## If additional scrape configurations are already deployed in a single secret file you can use this section. + ## Expected values are the secret name and key + ## Cannot be used with additionalScrapeConfigs + additionalScrapeConfigsSecret: {} + # enabled: false + # name: + # key: + + ## additionalPrometheusSecretsAnnotations allows to add annotations to the kubernetes secret. This can be useful + ## when deploying via spinnaker to disable versioning on the secret, strategy.spinnaker.io/versioned: 'false' + additionalPrometheusSecretsAnnotations: {} + + ## AdditionalAlertManagerConfigs allows for manual configuration of alertmanager jobs in the form as specified + ## in the official Prometheus documentation https://prometheus.io/docs/prometheus/latest/configuration/configuration/#. + ## AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator. + ## As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this + ## feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release + ## notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade. + ## + additionalAlertManagerConfigs: [] + # - consul_sd_configs: + # - server: consul.dev.test:8500 + # scheme: http + # datacenter: dev + # tag_separator: ',' + # services: + # - metrics-prometheus-alertmanager + + ## AdditionalAlertRelabelConfigs allows specifying Prometheus alert relabel configurations. Alert relabel configurations specified are appended + ## to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the + ## official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. + ## As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the + ## possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel + ## configs are going to break Prometheus after the upgrade. + ## + additionalAlertRelabelConfigs: [] + # - separator: ; + # regex: prometheus_replica + # replacement: $1 + # action: labeldrop + + ## SecurityContext holds pod-level security attributes and common container settings. + ## This defaults to non root user with uid 1000 and gid 2000. + ## https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md + ## + securityContext: + runAsGroup: 2000 + runAsNonRoot: true + runAsUser: 1000 + fsGroup: 2000 + + ## Priority class assigned to the Pods + ## + priorityClassName: "" + + ## Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment. + ## This section is experimental, it may change significantly without deprecation notice in any release. + ## This is experimental and may change significantly without backward compatibility in any release. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#thanosspec + ## + thanos: {} + + proxy: + image: + repository: rancher/mirrored-library-nginx + tag: 1.19.2-alpine + + ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to a Prometheus pod. + ## if using proxy extraContainer update targetPort with proxy container port + containers: | + - name: prometheus-proxy + args: + - nginx + - -g + - daemon off; + - -c + - /nginx/nginx.conf + image: "{{ template "system_default_registry" . }}{{ .Values.prometheus.prometheusSpec.proxy.image.repository }}:{{ .Values.prometheus.prometheusSpec.proxy.image.tag }}" + ports: + - containerPort: 8081 + name: nginx-http + protocol: TCP + volumeMounts: + - mountPath: /nginx + name: prometheus-nginx + - mountPath: /var/cache/nginx + name: nginx-home + securityContext: + runAsUser: 101 + runAsGroup: 101 + + ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes + ## (permissions, dir tree) on mounted volumes before starting prometheus + initContainers: [] + + ## PortName to use for Prometheus. + ## + portName: "nginx-http" + + ## ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files + ## on the file system of the Prometheus container e.g. bearer token files. + arbitraryFSAccessThroughSMs: false + + ## OverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in ServiceMonitor + ## or PodMonitor to true, this overrides honor_labels to false. + overrideHonorLabels: false + + ## OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs. + overrideHonorTimestamps: false + + ## IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from the podmonitor and servicemonitor + ## configs, and they will only discover endpoints within their current namespace. Defaults to false. + ignoreNamespaceSelectors: false + + ## EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. + ## The label value will always be the namespace of the object that is being created. + ## Disabled by default + enforcedNamespaceLabel: "" + + ## PrometheusRulesExcludedFromEnforce - list of prometheus rules to be excluded from enforcing of adding namespace labels. + ## Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair + prometheusRulesExcludedFromEnforce: [] + + ## QueryLogFile specifies the file to which PromQL queries are logged. Note that this location must be writable, + ## and can be persisted using an attached volume. Alternatively, the location can be set to a stdout location such + ## as /dev/stdout to log querie information to the default Prometheus log stream. This is only available in versions + ## of Prometheus >= 2.16.0. For more details, see the Prometheus docs (https://prometheus.io/docs/guides/query-log/) + queryLogFile: false + + ## EnforcedSampleLimit defines global limit on number of scraped samples that will be accepted. This overrides any SampleLimit + ## set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the SampleLimit to keep overall + ## number of samples/series under the desired limit. Note that if SampleLimit is lower that value will be taken instead. + enforcedSampleLimit: false + + ## AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. This is still experimental + ## in Prometheus so it may change in any upcoming release. + allowOverlappingBlocks: false + + additionalRulesForClusterRole: [] + # - apiGroups: [ "" ] + # resources: + # - nodes/proxy + # verbs: [ "get", "list", "watch" ] + + additionalServiceMonitors: [] + ## Name of the ServiceMonitor to create + ## + # - name: "" + + ## Additional labels to set used for the ServiceMonitorSelector. Together with standard labels from + ## the chart + ## + # additionalLabels: {} + + ## Service label for use in assembling a job name of the form

    M_$do6l8i>Zj2cR+Q>#39HE_PL}f z14l7nip#KSNa)%9nS2~Pn~pR_n}%$7!Uc>5ai-hv=Wcp3y=!J+v2}%V>{ulj5Z>`z zIi3&n=qgc}`%BI@sS?n5DZw;h}hhpAzq$g77 z#tFlvInzO}w-Jei4wf5-FlaIgnnnM(?wXYc-v>3w- zICcd9$y`>1@ks*+9Y{3qN_asv#nQawr2qhN2HMVfv#%gG_2CY}hDp%|k|+JGNFHIE)? zkpzj>+HuE66pa ze}nc+%lj|L^Sbhhs3u_HxiwQKBIh%&8Q3UV&ASUFRPY+3I0v!)DRMy8{2odU| z?V-)L#E8dhsfT1YwFy~Cf654zNDJ8!`Psg|Qci}eAr{H5Ho<3i#}ocB$5;r^ab$oI_@nN{!`V1ZGV- zjAUwI^4Jgl*?2wmoUVu@|6 zKVJZg_0V!=FxQQIDug1{K0%nMQeqMR82D;6iE=jNCv8zpEsZ0e$rZ6)wuU65@Tix3#QNbxNTbqPI zSbs|iC&JF4ms=NdGGhUbx9r$A7>KPH$%3|*h;%P-PVMVR+Q5`K)94l_F`6>Cib}wo zDFIse&-b=|(a~+FIp7L7F&iH-MGGc0c$`#bXJbR;$-y>g0U`sR2JCQ?T^4EdSGw=j z3|W{26bTi!Gyeyx&7{0zN&#%>;nV)l=eRS)yHvh;MxLH42^{kX?x}@pWHUd0Ct2!P zOF;`C|E*+{zl|*|E#{3aKTwxf?`y7T&C5EqDkR=uMFzpLCt!pko6%uzAdGwuNMIcq zN=_i$PCfxVn!jf`zz9{BYvmH;ZdX9G=_!jnHd0WiITy%f(s3LAI<;J#NjkSk7EE}S z1z=$=WB`^5(seF|t$0O?s9>1I#-fJ(M5QLFRCE4q&dsB(Giv`SrZyrCDtU0&RHe2A z;c-b-W*XWB+qSa{7uZu``i2Fp?z_!IX=#iu)szcdVDq(|v5vRaUp1pxv0-stcH4T>b-3wNoWyQlAd#$V+7&`t62P3by^k{Xlbc zExDKw>bMh&k~6F`gG(1*5G+geMpTNe%?SZ6#TJXKHPGIpt-6KF&7gMm-ZIOLkFJg_ zM({*(Z|M`Qs?|KKa3znV^K=0k3K7gKv6z+X@jBbWE|KW<`X5DmVjJ>9@32ex6LB*n zy7v%?#g@KY_jZ zvd0H~DiZo66m&09J9>4AY8C1iqcgS*!dl1x0*fSY7Wcaqo-q7Z$p#TJWGrVx5mom~ z_=l?_Rcwkmso8M%X7sMch+SITe&>mpl=s?j+Fp_`@~anN zHRUK}xiCn|&ntFXljSA1r)9fRvu7}4rQG25HlV^kN7L5@1pr|6XH~DXRPfi6laaTC z$Gb&kY2B4l81M9!&?ipWO>x_*#T9I=<56_J0NJhu79<)R8p_-}l>T6)SKMK_4L7vw zAkR2CNs-#r7TFDx25DMDh#!B(Z6SyFL5GNxJzrgn1$@TlS$pE||7oD;px4%=c6Q*0 zCqoxMUJ%!)G99;JPIBAqVd|sU!SMR#w=VXb-BFX_L zT@1@n85Sm5j2G`NXB2TFrA)KoF1__&S_d;rZCkKUa5JDTk&KTVPm!L+E|E7ARjD<{&ytk@S3Y&TzniV zxkR3_vyXXaD_{t(abOtgn*^8}8`JHnP_le%UJ?o4D(}Qe&J7{hLEaV(7A;SMo*`Mh4emEfxd?{VvOWN$0DXoaO^sMQy)DOW0m5MO4Qu|WkXG$TV#%evZxcf*A4SiguM zxOo`E$m1#RXBri!(KMlOH-Ecjyo29$t2pNgz7`sUxKuh^v5@~hM{yR`au}}Z3c{%6 zsLu^xGz(*RJ5R`tCVdNt!#aSh+IC!LY|VAx3Hodzqt;5^?HVq6pV0K7WsI z>Y0O%kJE}QGWVRirlMQAgQ(kLoK2V&{tJM%c7O6Op!5b}4NJCwM1^VMvW1ED zs_9$ZaAwaGiPagUq9n+>K3q_u*}g^@eIU_T$7I93g>y@@le{#URm!&ro?EGbt3RM1 zJS$6l|A&u->E~|YV}Lj6h4Ov?&9G@doVrYV*}_MLS7tBhHL4-2f0v%hZk9RNzJl3`)997P9xjUWaKoM`Z)-zq&q3d9|)S7*(Cga zlI)g+t5lePu?}5zrp*YcyKnRyGV64UNBTRahSUyt@JW=}s+`0ibOJZu-6swdPX%CO z8?+~Mof%zJcK#3!ty0^eOhTf>_!#g5wMYBqLG3aB{ZQs<0S3DDp_1ID0 zctCbA*|Ixh+CQG7BVVgF<|*B{oV2%g)S0I!Ib;uQsM%5~i)9o}v5j0lxvLJdcOM#5 z!Uih=ze-;T%$dDy#!LNjE18j|+GBlvopD0=3YfHN$A)qDZ+pqs`a$V~KuCj0JnH7; zNK^5J5QH3`=}&ymYA|%U8#Yi;p2fmm5PxeI1w7@sccvQlQuG@MiMGfJco#<>HwU+_ zrBP^KtF$K?o=c6hzotIE8o9g;fANF@N$_YjNToD0)hs>6ObC~$HOuNu1|lu8eoc4~ zLE4{BpRCOx;?nGXStmFNz|6VV8kp!}IR~eI-cUG%cE3N@aqziM!j(vXIR4pG@RKB| zr&ZY70RA(=N_BuP&LQG*3FI(W3p;da>Z+ojRElp9`z%l4T5I{S_BUs#p1=kn{rJ_u@kC{j(BtN&w^?$uihT>Iq#F z|DsJ9*(}1rA`u0O{T$UD2<`} zCSv(&pg_p8mXAb$(6K{AIJ5=j_&0-s0EO4jf*gTEUF-1YRQF8SDL%WWm8&PFc+Hn& zT@COoWEm1C2FDmcdwcWi{`)he;-$C*I1pangCz#sF{iZVHDfXA$q#t^fSZX;>&x58 zabaW9O<(pSk2TYKyW#iD_1A!=^0G8@Ih~5F3>=S{F>OE7A%6q<3*Ke8399_XO|?C9 za4Yh{F!(m{s$81D<-YD&^+?kvU!a)aAk&+cxJO93f&M&nYi@V3GdSss=f5TVgfG!O zN`6x&Sm$EZp*#4~DMVy2fueL$_K4shKz-l!}@mgv<1@$GXQPigsD|@9V1HwyJ>Jwo%nj<$DwCX^<)1< zCJbgNy?)V77lin>+xxQ-y|Vs-mDAe0m{_^PEg#U!K3(nF(G}(L(&^c=M7&gx6c`Fg zB2lnlP)!#_Z>FSMC;&UJ9})nb{p4wM3ujhx_E(4Q$&WXjk(c7D`Kezu(En}2by__q z^rvYvp3A<4Q|j!#c(vnzW4~Go#l?l2o{JVmH|sX(&Y|-_r`S)LlC_URncu?P|3M)B zvsbo*FKr~MzhBf(}QMgXYe-)Ueo!vpn z`<02^;SZ)Lp+8NnU4Y0Prh5m{AF3)}Euq0I)+W&O?`CGCH$v?xwbnjZ>MA2h)}R%2 zTrC&YS=bIU2ivirVj-~wG_3ogt~1vs>VT!u5S3XNT*VVlLQWj9f5f(IhxRiE!tc&c*E`9qAu zOw^7S{n1KSUxu-VkA;(Yk`3dvSU7W4g^v{kwW2=xp)4nGtERaO{w0~c< zA21-?DZ^2`WuNoI)8+()#Ef zm%OD=7c%&HZdJayj}8iW@8(s{>V}>}sOH8-SlyO|L#{sj2p>M%@W3>>2%9`p#cye48d5akB^1v)ai=d z@aYPk41NKmv0LQdujP8tp6}nr*L$~va!)tH%v>2>l($}(+>Y}YryQcf(YY>nZLSra zq{W6GruOcGg?po9+j1dT&U2f`93@Bkz#)Z{RcIZl-dFv62R+G2p)n*K`vB`JvagtP z?G+CpsLxn^n?+x+QRNYs068=+ct6J%*vtkdAINui9Ej45%`YGfmGRyvK83-`dbJwuBf?nuBRtj>DR25$^~-{qvsdI zw7{5e3UdWFNZ`Q~X4gX`rI6%!e$3zPwfDl%rMKA8jO6ZI6mqC3^e2 zXhcB3nkZ6qk0*Uy3Cc6pnXW zlx*w)v{_nRC2e0swPv$n8#8gwrFtxtvsofs1iE%mx7X&j{+o9KMfIGHg^9*o;vy=j z`0zfdPHJHg>)X_F$9!64zH*y(#m@_(o+5c+^8nN`LuJ>15Z8vd>};?x$fPgv1ke1w z_a1ruY%jSmBePl>W}*EIU8)8D#WeZCPgPVptvLuCD65y~xg>s0r2B88ChF}1L>TW< zd<~N6An8o};|N^Z=ep91k=c9kF}NE&USvvB1~ldOoOA+c&bJZLMN6z7Rip9IF zn34!E0{mIc@m+#P%aRdRc0EkOVMNIxrC!I)r1VDFY(nB#EsU`Rc#}y?I3cY9!$5{s zslLpg?JJT~A?QgUYz=Awe)OaTc90c7XC?$Wc_Qksrvbcgwwir_n#|YMK=%*x{55;s zb>Uuw!XV)+YX8 zz0k8`SprLI#4sX+e&kR2EMCwNxlz<;6}}?o``1h6+aDf|s$LT+2yv}QT>*DXVvGXz zO7@}|ObkBzSP+m0_##?GbA}OfR{iXLR8WLSiCq*Q>wJT`j-dpd-k2rYl2C(|!`&}) z7i57CIb+7KkQNHJJL5%{+THf1ik|lWP<2nim3+~{z>`TPw(S#}6Wg|J+qP}nb~14$ zwr$&(_{;q7y$|2R>C=1f>V7y?UDappwbpNv{c)72u;@k@@ROpkGHZ%4m$O>>FVpWC zvEiNS#w5v)o`b6^Zj8Cg4T%>2856;$Gb_B#me5VIB2Ey>c%9?&9NNU{za${wkyT5C zM+l?4&&wNh?ssTt9wv>6*ZZALNi!(0+K0TZi{x8uEhLpca%duAR4T zn0wjtL1VnXcGLRrDyMyjgIxwp_&|5lEaIrfv1=I!LEgQ-U3Z^TZEa{4tWxE_MzFm} zFnjuYM6x{>L;THh{us=B8}#2-wuM_!2|c=RZ};GVR{a%O%h@vtGN0ISJUxEjcQLXO zIWYu%A|svmr{3WP%y_F^-Pu3=_5RYs;gpNMqw%62(+MxGdgC`=$zYwu-Y!mi*+uJ$ z*hQFBE6DwNLEx2v!)ge9Dk&WeP}1M~rPqep0J)CFMK5+U{x~1j2Hhidr|$GWi~)Rw zjT0dUDTCm(L!dQ7rm^ho`hCG~jzhnh`U>dH*%T*ozfeK367kX8-3<$j1u^yd#MTOf zhKGzWVW(*-+9OlP-V`JDqTK~wAKF!=p_?V1LfTk}x)TG$H3k=bdhO;y}~%Vs%oDM73U-615n9!{87p8rN}M5pcD( z<`)*D0<&+eao+Qt+e`X#;rZ&Mc=p|}_%K#%RWOR6gy_MR!rN+zn*bnb1r5n>fISZ@ zX{gz4I4ROfBYKK~K>MpT+6sz#gCoYoN_<&M3DB<`&`Iz6qof&8*_yiQ2XNyf?O06W zZ}U%xF)hj}T;u+nw(p`r)9DMs)r#zCQnza3{B{GU@!8ysRqR)yHstu}&QS?)lRsR8(AGU#P*-JKmDyML&>gMjac9*t8|XZuBO*g_9Wt*Y&T zu({SK;V0_qVa9bYz1aF(JHqdl2DNMFOs!%zq}+eCpM`Rt(smsCFIiikc=1zKRG>AR zLucVX;L>55R8Hsl2w3PeM164?7Ha@UB$13#maBzFKo(iG#P5ihN%M|Ypjh2ex1z!k zROg{ox|D|~qNJShZlo9tE+i;h!+j!##gX%`4QrrhE8GTD8na}Q8XQ85n3B2(T2Gmz zr)5`{>G-3iDvz2bBNcN=u4WjUCeV>KNu_Aj3n>FQ3xDR45b0VvA-8AM%-J%BXUuSA z?~u07+2A{uT8=T%82T7wK+NIpZL>l`2{R?AR$@~1dD?7~28#hILemn}kFRRoYGMry zEhI0{C{&uX=v$X9kJD|sj+o+~GKHWkf|;(Ncv-TRGg_O%gzC8~q-SgHl9DllCE$L| zYr9xEVa55INb#!IDNJidhUR^hWH2>ixm@;F;Gb)$rM_xjIl8rvkVPa@<$y5xAwS>^ zO(9M0#-&<}x|zQQ#i1&P*Z&q+)ROP!n7UPd(O)_1^zF5XZAu|p?C4(Rh;g;+txs`^ z4oOe?W&*76VdX+&>epzW7*~tAs(bd7tv{4pxR?ErFMC>_SEmzN$T<9I{t6!7nILxvr{7$hW}swhDFOC{WYJYTNu`MTo#yS-eiYx{AXtK<7+`}IU;+wJ*rdA_{e^YS!#?(6<> z*;>2p^+k8^m{)tjPFZgDLRSm_x%9N>1K7{h;3GfXM+pv+XqXEU_3M;dNEjBvFfY7s zO)$?HC#@~@eRa)*o_i$FQwy}47fO;6`zY7NVovlk^|j-mFrN+Mrbsb_gvm6#GZ{kh zz7GY@DYYFH{*H5aGop^tt!5o-Dc18=r4>*pD{Ui`cA)66#JLKk)H^ijy(o=~Hb$6I zQ0+oLDtmH&xV&!SOF3|(zi{g^l%G_%eLs;AGW&~;sJ<*4AUx2#CR!Ce)*riF&EhEP-)}uE*d#z)x=NTdn?3LTdU|5*CcH=R?QRqKlfhn^ z!^Z)A=hlX>vjd1{R(&!%IKq8*_v`1mpHARi71X$vm6VS{(O=RWm2CB`3H;%Nlj_tU zCrAVx9ah%G)mu92JQ`1qdi8&{oA_d_n}fnVYNhe(s?b7bf0){k-z07L$I)635QOyu zPM{6q?|qlz&gDL$zTY=!<~l1T%tKh8<~cqG7osa2z_BuR--J9pv9a8JWHGz1TJ0MC zRJJq;@{MeHFRQIq82IbsJU*?>0di}uuCi6Y$Ey=`+ty?FD^}gQV-<~gQSLIifA)T2WvIsu}0OufU7zQHsX`Ug{oFn%wt!FW~E9IDYtziS3POU z-;8D2=$TT~;nR?cj4BQ$AR@nLOw4{Q9dA{aJE<{Q2wrE)!*(Xt!L#80k|Ni>$_T=2 zXT%_@o@*w)u>efi;7f8IUo`s8bG|D#3V8&r*8EDW=m9Gg zEXHfbEM??b6ziaNa-KvTif~f-wao9KSc$sED4NEYGw{NPj&lWEyAJgP|k-UfD3T)G2Rci_*sR(P-i=rj>9 z{RRM&;zZ0$Vsu^lat}^tkHEmzas6N0OMa8R1e6`Oor#avOtMaC-)X)|)C|zf*(^W8%4N_y9M}RR7a<-ym4Owovso+@Df% zC6P2N?`ZbtVSCd8q~~aP!jlANb+7?mphSu$MJ5?t>DP2+;PmXypNJO=?kf+_3r>@W z%byB?*dSnTRFdEEwROx#s#iO) z`W-CF+eKytY``Ef zD2p9+XTY#Oi?k|(1q?dl;MWkBR5D;;|uO9-5d}{Xz_gU*83zc z-@ZphR*s@I%pq~AQ9I3Qn=O-z*`8*bD`Vv5uWAA?*nz%_W`j_a1V3Q78%dy#%?at%C-n;G<94b9+OnC-SM~gIfOE zr8CQnj;zn-FV$U5FRt5szD*<2Zp)#$*2Jzrx_*hc-r>(QWu0Ek*$GHS4h+Y9=Rc6q zv(4R}qNGEp(L4qwgFKf2c@mHR5F>w%8g4@^hy9I#BnPZ@QE?={>lSp0PTw^8`c!>n zT4K8Ardq|8`M%ZE+9V6y&fU{~F?DrU*LJBFxD}qJR^MNq0H50%c? ztgJ%=K|a&JmfY->A)>Z@pTcWFv%Ju*;9Q1);!&S%epXz7c16eKD%X;-89!pajJ-0} z;H8&|Y<{*GrbWxn{QLe;B$Gg#YW!1(DQBq{v9RV|(SbPWGna~nf9$&roMhiYwA{^w zKBN_W`3NjS0PXOUO2!s2gF`=9ak<3A+2aeSfOw4~kwk|B#PfhGft{uXCHhNHHB@u` z3^(7o;QpLVF}dd3;yoe!1Sav(eOeXlwH^c|CA)cW_Vt5~+#nhkA(hJ0LesFk8HY39 zZeyX7JmewNlQQnNs>DVh@@n$)phK4-@)->D$u!jzBmYO)bp#q#<5w(csUP_l`Wax1 zf}O1knX~7V$CmPEdmf7tjml@?o@GWoj^UGoW?BVuQQEa#lcFM(JhD9XTm?)h~}>U$sb zmt@g3PSzJ<_SZZ{NNmQ}{n7e$_uH~<&-Uoo%hO}p*FF2ta>|z?@1)NnB;OU|J0>6P zcbs_wI$oJd68dv_a~Qh}gs&tH&b;JD;uZt(+Q4WE69nF%`o}?M=irD-&w_;O#!Hek zTAeJr#zA$X%kh3S%80da-J`pw!hE*2OK&zd0|a5QTBWBQtFmWmmQ}?oe8;NN`ncm< zxt5)0k>aR@O6hhd;OqG7DpP;)*N;qyo26J`QdX+cq?e3ucS(A%;5y7jtlqad`OX@6&!=@`yG z&T3jT#Y?Mx1o6qarig^2+_THNdCDrpD^W@2xhn7M2Zzg*@&rL5ovu7g2_{rqi(H~; zXxd8^AhsVcX%fBatCohqEvYr&t(+%qKp1;yXkM3j0m6-Ed%e`%q6P==J+Ux2txZRjt`S&(~Svurqm#L=#+85x1;c zn6G*2rg%Jb45f8nW@~FtPG%*dJ)Zxl26?)@T&|6*=^C!5CM}urUo_x8VfnYT$#a(2 zBe1POg?gdcfP&5rnGe+$=9Kb+^WJ&;rtU1=ujVpc0$Dp&7&?|*{vDLrT5vYHohbh! z_R$MxD8osBYtqc-xCXp7rjFa2rLo=&vbfnD&l$Z@&h0b4aSGQ@3wBq$BuKhb2L9qU1-J7nn|#3BrB~!!Nc4cYt&iuj)EN}y5l;`$asDoS z#*O<1%2niBLM(flb2g&r@_exTNAYOqYK?#75-vtF8V1@7K#&NKtdyGf7dlW#PI4Wn zeW?+kRdCs23eGmyGRP*HPc6;)%^BS=mR4mr06mKdf)GJY1r#osq9edOsSW$-5g++_ zTuGLq)XiMDndS{TAQ2TdFs*k*^4W(Xg1X{b23~baN?E?=5Yt(^1$h*N%^Ed{rWQOt zqigJ=LLq(5f;fD~9<(R&=Xps>ZzE?UeP}nid&~cU)szFHW7cm!p(;peQfIx53wCQA zL5sJ^&jdmNQN8+s1P@b}I++XLHCAHxK4aAMvJt@`ORSz@%#!bHHyYjIrT!)qmAlu} z?Ypiv_mv)F$N`W7%&V3PHI_)6axYtESVO3`DEp0`K3s)CZpJt7!+o)vRDR-tk@7=4O&5V;5>^S-6Ap6BUApCcoeG1&UKD#RCf(@X4bJ5d(#RW`?F;ED zt;Jn69qxO|Km7MU=JeCuxKg$v3?>e z9&nM2jy!y#ofWZfO~s0mvW#5?+p2|53|{*s0-$x4X?4xGM7W0NEy4xEL%zZN>1-zF z<~fkd6%*#u?(&e7b`gag3o35q)y@{t$zAYvy@nV=ZyVd4@)wc$QwX z@3i#0j{FWi_*>CfnQ6<}`z}fvEN>lVrMerg5VZ}!*1U?=iVa!8-rYhR#^aqVb9+up z8FhJ(y`;-i@3QqK`4nJH1O`E1>04B(;$Sg%*RY8N<1oaKQ%agS@)KwXfYe)u+KCOp zgn57uzHb#}7VKmA+c01}!b)87vmQ5JWnj_~5tHEZ6l@K-6+cED8v=(k=Nft(Yl!HZ zZYr#rWfD>U6C=NbVI2M6K{vh%5fbH+0%U@Nw=mmsJ;o5)@KOUDglf(pKzgbN968>; zG=*80{?6p?=+Tnb?RS5#0G)8#h9^uNmr-&QXk3VUG2Zp|uGg^~BX$cI6LVNMzNI1tWa0VUkL3B1-mL4WfibS2Yz(C<` z$c$k)n(7qXvZi<^8_yKw6p}<)Z$K(th;S@bQEVH6UEEWIbUWv? zatXWUS{6vk_x0VglMbb^HhzWx`k;^%+}2Y(k29gT^>WdzjP1-W4L-euI=KHR%p+i; zokHMu@TJK|mmcx{$$BEr&TqReDw-c%xXSoD!H+N8rb^sqI^NoMAkfXuBVY3M4uap& z_h=J^RK7@g0l#NEaU{xkxlrM1{k2m&-jOK-V#+_F61JO<`<#}8q5>B*Ssk2UkfnkZ zQ^S=%xff44C-83R;j2}9I72dcN9d6uFqIB{faDq!5q zd`ioW5Jti@-r`XoU59ltxhFIPLKb%Mn;5uR-dZoo0`-QJZ}DLm3u?aXOWGAreGyjD zYJmPkAsV&u2V6v^3c?~A<=F?o(96Z;i$F0h$nk^Kvdv`cxx$?4Y;ZRNll^Kc<)_BC zcIAO^Vh;nwItiXxeI`J1a&iT|2tt5#=IaR(3;Ux1eHp_YJeiDqbzdjPRlwb(GLqx73KdI&nLA%M}xNWyeLM zK)R}XA*o}n=7J)*WmTQDo^Zb7PhN>LW*NSb_E^AY!5H}18J!L~=%dCm@;ON%9KwNQ z*&9T3PHLiX&~j^ag+e;_)<3tBefWq~dH_Z1&&f`^OOns34)Yj3boOgiZ%^h3gEp{F z|0z}!u5p`@`$MAOf;ig4u-F`2q4eQ=OJjWjw|yG`8x1nG{c)(YrLQz|^Hpi*=3bqK}G zi@96_YeN4(wECQedwzw7pBQ3a7~j$Nv_R9v&jTliuO*#=9Pz$c zog)ijPK=K0@4pIA`>@@P8(wK?w1+ym{&mDqQ*7P&woe7`9c3Mi-L+#H>%XyH_QfuU zZ-{j!LdUB&z)KHAj{=Gbd#@(#zE1pG*p_*KA%OnxMrsTJj#=FHG6wI7(~}i74nwrq z_wJWDw@Env{#%PW_teP&Q>Saj0&%YhD+L~rjIg2UL0~=U!|u_2m|6gEiK8V3JReuc zDpv%N$ad2&C`4;gUpV9!zI(SQ4H*t)$6Rw9mR+C`x5lSNG%TkiNDU1)jnBJSXaKziFb#^{xTrp4P!v^ ziuA|E-x!j-V?g#W4T=4oI*s|?;dT@QQaAVa6a&)Mzm?A9R$#*rV3to-ckG`Phnw?lmBt z&7je6_nmj}jytV(z~O7wQ%t78Xfd(qn8Tn5F9O+xkb7@2>L5VXY}CFN4(Whi9nERx zo3%RMAK~G^Zet3 z28f{yQovMx6d>8vl9g5-KDR$n^m4SnF|Js^6_ogkbZP5{e8rV!b#qLqfY^=cBi*O@ zo!q2aI@91m(6I&47^KV&jl6NK5n&=AQe=*PS`4J>>zmL*ejIo zN$TkH1Gf+TB8d63iQJv&4(CPiYhuqT6B3u;e5<@-Qs<#vCo3^1c`Vyf?Og7A(_y=N zsMaqpf$caFz6ryuzNhZGJyN2)V9LVaVHXgoIa{Y3Pl$G$O^u6^7fr%IqCve@cW{i< zmB?974N`zxXW5mJ0RKa)&=JuRLX%Q?q}9|E);-O^J|#jZ2S6mNmVc10*61*~y1!aT zj_=l;X0~ZypkbT~Y|8!y_DObE_>51-+YLB2xA+aJoG@8A(W37pl&g5x>nPip^;G8e znoBlqFH*pVy@Yq{1Wvgpk|?M~srB^QFVsQRmf#n;L~F%71RR+S8P9;_013ySIfO|A zu0{xult2q3CE~<}p>r3LHBuN+75A{v#$HlGCW><|4e|51G)6K771WQ zY6?RnF*|~bP?#?tY5o{0S3d}Ze6;K~5=EYgh=qh`5Gbq{;b6rOgyq%`7@F-B zQ<`VOCP7WbHLy>xPodH(R=Fe=8a;823b-Z5@EjTu73phZ5$XFyFVeTdD-!V3L2Op2 z*LfYNalpyPyoHG4YIIOH5sLKC2rID{qF$@cS;lzcGGXzXrs1@qa<2Hq!Ns66eN`jnNrPX*x8rJ&V^HM&5IJ3&1PEVPG zFnOrfG%v6(`ERS$kJh<+vM|Dv7f-^mD_bzqMSQ14wpDS?kyH5i+`^y3#1}5yt%312 zwbxmu3|W&Q$u@Od(LACPbL9&OW~3|0<|Ux{;{8Qd-SD$tn3+^j(A>_}-daeM#?1m% z6qQ<%=$*ukTXB6Pl|=@C2@oU`MOtJrBF>&JR&uIGn866j96p0GpBAdLAt8kvG0VuN zfG{86Kb~Po@CcA`3<9X^n)7#6Rd-BANDh%VXVdpVvm}VhHB%u$^^;`>qwd8ieF!c1 z7m03S2qD%)T6*`HaRec&&OpDB6*q74r$kixIO>$fMCG3piZ*}Lipg1nQeL5}hi6gA zv#L(zzAFzq{sGRQ&Ei*c*p zwu2xe6M=+j5ELAjwu6ii0MndM^`O6C+IH&#wI6+rxgU++qPrgrFJ8&*>mrc%$3Rjt zXO0cMNC<((lE2>d2R9i8V&GUl6AsgyfP)>DFRB`RZ+zS|4Q8*>me4_hB*a07h@O&XiD2ASdivk6Pmr0k3nDwq=?!)lvzn z;Vjf@V?mX=KK_H<_5HG)bgcfz*7y^*&YSLf^R^%#pk9FT<@L(z2GRFsuQ7-Qt`MIe z<@P7V6=u#!bOmN`Ne+9Afa2HRXt`;5vooy18D=Qy&3!h9OVRvtZUKMmX~a3!UvZRS zq_@CU!_eB$xlROH)?a+h5Tg%j-%qUMIvv5K8f(Yw@cm)?pOgJl^*;26vk<|q7~BKY zU(C}{Z-qqdwAFbTiz>#_?LX;pU+Van#pp(@byEV3%Ghr zg=#OL72M6Z`;e38zbN0ttKf@rm$9q9>Op3e;2BlBB7Y*34fY^!HaW`iIAk<*CdRzp zv^|qNkZRSQ7=S;v6y{*;zSgG%j%pi>MMznxWHdSZbbzc{I0k*qSRUF|=Cr@U)lZHpYi>Ex&=*4E!dq1cB4EF2$&9W19b+ za1wC%+M{;XX#oY4d8e05XieGzx6b2=aOkoT-c2KmT_t~sLyK}8`gu5tr1ASCF{>V+ zeIG;MS!Q;UeV+6SJ27MHj>3QIXWQ$h`zv9_)gpGZdx^eNbUy+Zq~0W@tGsMaVnkLv zOKBG@3@}S#1vNi#S zvnGWZ-GRt`3`yhDTY{%XUHxvMZS(TULHyw*g?b%9p5nu;)Lx0S0BH4WcF93kUPsU$ zL0KJjCn&UT4puz)GYO^Ch?tV#Zje@$HF>wa>92zRdE&pQT0T^SI%Rji&2@nS33>#X z)o&V#N3E@D#;+1N`UM{r^35!i3E}C-c!MZ&^~0OhDLmMjM1$1Jw?Rh@S_2ExoUGJH zsK`gG-y;snHUxiBZ>dp714S$+DP%k}$8@~f7QkUrvolF=O5#lABUohBIRLz~34z_F zBu7Ewcf+Z?*}kubNAG`>by-xs0V|69_esS?3DTP6jhSR*SoKStDC~8V4&2}$Ks}2f z%=zs(>rwonQC5?4imEBH7R9m0!o^kykObRR@FvN`@)Gv@S;>g)qp02uB=Ms`Xf4aA zfbz0$sBf4z2We_6ftO>amzI##dIGyq^2Y zkvr!B7B5?7IPmWvEbF3;WvUY~?UQ{^b~S$Y+0sSL-J@*N<{98Ri;@BUVNJj*h`{mEQ2Rb7ARS)HUB_~IkZw6umF;=?x~7%~*J>}Y;PjTYn{Z*KBP>J#4KSZz zs<_vM{ef`ZNsq0Mw9aL15hzObO-Sj4-Ga6YdvwuNGYOS z%~HXX*r3z7I6=P(6Fqk=RvXMT$S2dXR=?;^L!OtJxb}C3$VFtU`|ifcR)-%4E>LCo zo0aM#+M0(!cJZ)gFu=8sdAxt;daVlijt;(DA6dQc=w?nm&?0R>CH=)?6WfJL@-l5@ zj3MyJOKdT%&z@0!e67}OA})cU{->eA*q{)4q<-o5=`v07VM&94Lm&--kiHqD9@`ITvaJ9WDPHMsas z51`1G@@`1jeeIrGr%JP-yhz^Ge?lJwFa5a)we|ZR;#?lCGScWusGh3c;@NT`2Nj z9$IST^9ybe1{WGeixI+ds(Uxzy@n6JmA;J2(d>c(jIx<;0xE?u1lI^-siV^OlS2_I!CDj22l%y3t z2l_gG&Ajh;$~9cE+U`0yB_I3BeJcN^gomx;c~PlaK!gVkKJ-XBCE5#*b^S)8o(<+j z6;8nqC9j03%uOoSgFOlf$pBixFvm*Eejr`xclz77iS$@q#4QFCs#n9(Y*cQ92xao^ z+=r9LY1%?sk&0bG{^Cl^CuGZ+PbIoO{@6&_I0C(^WmJQ@3>yfUvRLd_vyE85rC@Ob zbZ9!&>kN1Uxq81s3K@*XsA|=!U{$_da;;^DbubU95g3*OzQ`>2QouXT7Fx8^5arn~ zZ9m?{jDX9OZO@JjvwDyX>gIAL0@90{g(10xqhe9|o|sjp?0renNp4wEEfi#mADdXM zhWS}@6kNvbb7QarH>dzAHMkNukwoLTQA~wRwQFp$J$u|>a#6T0KUeL93%55P&emz1 z8}tqj@G+H6D$-8FQ?gVUJw&~2y$$nzo@pQn{0P20`ZdmWs}Uhw+Rg*$t`|(r#tA!- z0A)?pZ;uaYX)eFm+rO`jW)`xfXf#~pQc5mrn?^Y0QYEmNcppAWYYFkz?7l-$$y}-1 zuwps_k54ge+&bB~m1ti)mUWW{FYJ;`IN7+!FSX>r5bpVd%d-gEUBYH1Bf0dz!-sf* z28zj>dDdBE|2$}VRFg(TQW!*MugGxudIbMhS}|8(`{zo0Q^^Vqb#ew95u!~l=c!vk9*-9>#z|^ zL=fmhei)vO03gw<`j9-S(M4p*GvC57;d;p)B)jaG<(5h0g7uCgXfNnEWI2$p^jjR8 zddT(YI%s{=D^{OfSo%9uaraRqz}Tdph@A_Mhfgs=L?;(Jr+c&E!moH4s&|a_lP(ZV zCZKN02H2`65^jLjDg?f)_wA;>L56HNicoUX6i0wA3r1N5NYc~c=$9*!p}P^KyD*-x zPk|nG=>eYO>Y1#ykg!7th1f;;h+DsMP-raBEpdTD8ajV+^l-Pw-dNi-%V!VR1Ro=M zT(D4c9>l80^ z@~7<6C)Dc;<@^a0cLKf_!QG1<_@85DYjmZ*1$8MzJpX)Ts}B^0F$LxqH6=(?jUef6 zMbxvJVhd(6hpbQ!C7{|pQZEqeWa3s0C@-4_C`9sKB^2O5NifeQu+s|TyC+?nsEKwF z;vR8SVYZPLX1T+Bt{duwHiwm6{5AhkcAReN71-n#SoEQH5e4oP8dbU*gd$%rksYic zMcXx+4K8#=C$_=TQ&vqURAx;N9IbcHaH6=p9<6)SZV(yv#({}(Q=bVWpTRLJJwd1< zGc+0b%e8(#`!~Pe5`^(6nUP>mcpnLW_t&!T$9#{BeMB=I71{DJ+i}mvhZAt${jQ={ z2J`F0{{$Vb7BmaS2vh`}wr9X}TyGLI>w4{U3cptSF&V4|n!U^(xQVugo|4Zl-4;F# zR?0I`T#4Kp)fXi3qm%8x4V0 zEr!J*#mGsDFwvsQ0$CUm&E9;Z?3yOO%J66yI;a6fbwtGgxh<4f_vnn7lamg;L?<~~ zdg-ho-O9-~a00j{<_6_+YcQT7~O&m4e5!^LD>*Z5ae*irDCb4NnT%H$m3mBC{iNcE4o6;y)Mw|JQVJj>T|%>F7b++9#M8KwPO5k&!k0w2+?*GKbBIOyUy|pv3d8 zsm9d2(OPR9+~W)b&B$P?qhEc0rg%{zTMwpbE>H+J3kypBA8K*uget>5nwN!RH4Pti z>xZHK6Q47JU0LvI>(AnQmFpL~YT|jL)u)dCaK%gP|5(M?p|dFltV&VCN3$xp9?t(g zyTZ`@4_kcG{SRAQ1Nnz7@_c#bePfGj&v&XORd8H-)!nTcL($;_-9NFhWux5HCN$-{ zASNgnHkoco@n?pbu!!vpovxxF!8~=~C;pyTVE>?-hVuWatv_HVoRV+(&3)ly-%_E5z1i}U7Kn9?=U8L=$3J?}JEb))Y{@VcT4VEv zU5B-UPNb$;N%qsP+Gd*0`uLVM@<0J*&ZyZK9{4AJbOx{>=Cv`=ZdB2ns=)qVf=n7#>d^46BE1`+H zPkAw`{^5(c-LMx$x)qS$_~IWgOi|K5KQ8nVjfEJ#0~M+w>6FB_@=f6mZSF`@Y(M1j%?46G+z6Y+vl@t%wBtIMG5V%K4;+<3zmf2moLiJkyc6ByP8QA~6p(vic= zR3bLkY7{YYVWH%IKu~u3jszRU{SBj){aP2+ffhcJwn0#~F&uXr)1X4rAq!xYdr~E8_*^jNvWweRZfA(UiOCY!< zF4zL0MJO;sZ9~hM|9|*m2}SrF*pb5iH@+xMzke0tN$3+&7-k1~aR|p3=<7EK=kT*_ z$OnFd(8kYnHYdjH72n|LYf_vQ@#tea-sqm)2zXFcO6g3@0LTT{nVj)?nF?u9B`}5! zOph#;Lr3URl@tIvRjw<3W&LAe#6UXQff5ps%I4bB$@{f?_K~DDTU4vmrU)Pz4hai; zll*NGltB3nQcERHrm_sEE?LfjFe~W-_?YtSd;KJmSImGWM+72Yiq)(;K58CvU&T>` z*FZkR(Y>r;TuMNr=ZBRGi-tfaVNYQu7P?R!Ig8rxYzfMeOse-q!1;zor`La4(>GU_9&l~%P`ORF z2g&rqaBO2&Z=?ix+*^i!Bi*Vtax|HZ^gLacPprvQWX znzBw z2UR&#KiNH_w{EerAVxxd6O8dUJoWE&Yl(nD3SJGXXlrLRL0lxGMkLD=A`n}R{|H78 zBHMn(1N1tWn0PkBgGmhcZ++1%=YK3khPx6+&Hp19?eVaPZ6}I+SU$_Y=efV9vumT` z*>po?t)n{Y4Wl~$?-~=!@9F<;wa;7nJJU4^`cR-MLW1G0+(uRRSt{3hhVDcw=Gehe zZ@s1>NG_hKD)^VUokgMtccKTW>DzCPI#(ZF9_CwyR{0>_2)kz2cW$XZh9aTjr%HDQS0xyzYe#ajY86?+@P8sq4_( zj?iu(%Z((3jd?XeRq{s!`*_?un6w$+(~RBptm9wGT~}iElE$be>~nx&Eozn=pi2EDumXhvoN6S zXZ(jS=D?k;9_vDd-nirb%2)?#4S#E3ddS&dtV*wecr}5eK$WGd|q~6 zNu7j0z7a-^8O-UnT$gWzadX*EuJ}}4BjU%hx(fS%B`bp(VhGH6V8tKKdKT9=#mI!C zF(}Ub*NwJG<77+zN4Z#R=}=HWRw;#~rXp_x{7HYn7Bgbu!PEZc;}`aqvVk4R7`Gh> zJS!oVG}y%f8S*C6mGLx_zr<%sg^qeJf5vG|xne$;nv zJ}7W=u^7Zy$w|mfRRttjMK~Z%O%klV$+D}u2Qs4#+ys!mvBw$$!#Y>-X)|gDRj>b3 zS+dU3!>^{yOOJwwLzu^k#N7NFNIBg+*G^-qs7L_*dW3Fg5>b;eO{cq~rX)`&!N0e< z7l(MPfh&*Tn#w)T*{K18oj{99It6Wk{L#KgnXbz^>9i zm_~J^K{k_U!h^;+q7#K&=lhq7%k90e>ft-gfs=~MHv|<^%W|2Xd^3z+R|NOmSr5@8 zELfsBkIp%FK}4{On^o8--wb0s1I0k^&oV23diZAcc*HL0XLUw>6h%~9aGOs>T`~}B zQt22`$X7|DmdXsRP~}iWQ2@(rgi->2E#0W)ox=1r>R+{^q_+VVzzlRFjp{Uwof_B< z86rUEk7B~xe+*;QH^ay}wBq)UVH9zK=XmSh7k%Jydg6m2eg$%hArK9E! zl%by;XY5=fliTR#e+**{<0NCgc=6F0v+Up)h>K@{hMobl`tNUs(Fk*($mh_CPR4m^ zCBuE*rlryH@m|BOfeZ*pOvIF0@W@{c>C`H^Ki_Pz3S~7;uSk{%_z*0>zNaJhdUWsdLSLoT)YgQpdC=qY)KG+G8 z?h#8;`&(hW)7baQmhF-(AYc z+{QKSc7=gU;J*psOy5_e18l`@k^$ydklbnrLf?_pNX-%g0W-Yx%ubc!^aF+%XyYKt zU#AD9ou0=jik-CrWeuQ*baZsm4hqzf5?dJ8qJ7a03AO}I55YQPG{HXm%Rku}j|6JF zC)BZwCC7jL8)0;pR>YS4hcNaQxLDLWSqQ$yw}_y0c6Yogh*3fLT_Cx@CpdTbC6_c&5`BPhcQA3a}ZWwNsNM=`8~k*MzrZX^C*LW#L^W4F5A2v+ucfJ4(tl;|)gK zaFf>8zh;7J?tL}3w#Cred($A=4~KdIw#pO7HFgUUL|Pn| zP*ovyTkt8g9nKI2+&@y~@u#=GcLoKX;p0fJSUX@O(0`c#J6k~DtwIjlsl8x7JXIl{ zWWV=Q-z5zhN|*id*CXmdM88I{x>e4PW%48;QNw%8d;cWKKZVA*rU7ePgl;P?)pi>c zUj07v?+0Eabp?HhlGOdC9!6Ntk6Gner2VpP2P=xWx4yA0F5|Jfh95yX6QImvQi z#dyu(2<<;f?^bB}W0bOH^rr0S6vSRKXgimbv-zK!=U=zn>DJ7mpn}Cn5hjnU#?-ne zOh7+oUC|pRq&;evwppb^Q< z6LUutxD4P-z(rVSZv{}4m$sWj<6N;K^>Zoz;A-qfWwU{!c!RX%F16#}X=k~3^bZJP z0$QiMDvzIU~r-Xl-yBaj6I%cX+r0U-A6a`%WJYhNu)3>J zV{$$E|794rg3-VNE-#F{y@sSLTc^VaFmT>a9u1HMB;^mwXQwR%M?$M1x5IFPa3=Wg zf~xn-z8OZSdz06r$74X^vnK5AL(Im45z_TgA5+7B3}YX;we$y!P33m4X=w*0Vhnb{nYj1pTfhJLFb?cB7V)YLxEiA()^5FVtqpbCy(tNyg8 zxI0;BMe}i1o|h+xp3e;dfon}W-viED2he5;OFYD+@nnL8(c-_dQ=YjOdW3>S1~}SWvE^;RG+H=1cz;^M*P1cP z4QGGhtjp_>9i2YTwW+cFyi4g-r4BCRmtazyY(iDmHdSJ)<63l-R3AbC$^1(ZKQ2+c z$3WKl7$wUzX}>-DFEHQFaMywqm=|H+57;2 z&Zv8KYSDZzm=xmFt&bzQ;2N+vcmk$YtZP&^kP#Y1=dzVZo{36MBkM7!I1vATjNMa| zWKp{&>Pp+TZQHhO+qP}nW~H;zw(ZPH+jeLDXYbv8`sSRQ6*G7fF(TH8=l$NPlZr0O z(YFZ6OzSovyy&Xq%cN?x%Z_2B$A2d8_ban&Mek&@2lj06;rTD{zjj)dN4p#!@u=;% z=);=wBG6^oKd#@;GHSN$fjBVqwSSw#9T?3u*1H>RMf>X>UbnB~^FMxKaax>w_3&c!bHu(2K}U z|oK4JMWF>>>#di|891t)Y+@rp<+Rvdr%o`bfr@)CbnsZuodKk%seg%PQ&tRewTe(3g&m zlIDGW{qIhaxbC^RiIHXBZDDzya5Uk^+Dm7p--NLDn`v2MHM(3cG-k4Q1zHyuwbY7XY=ed8ArEV;rPa5fdWzqUO`XP z1xr}Og~E}p7;QN^+dFVHeJC|r2nrRaaAbi~lYED_7lsDsvPtrB`JanuG9p*Or{e7sRhlg%aM;mw{+JH8%Gf_Wf>kG1#nt$ zYNjY}DHAJG3Oj?MPi~oWL|C#s?bKGLnw5ijVq@`?4zNw&R<~Wm3vs^Poqt25-z<#i z|Jhw~p5oPl&dPWew#_EIbJ?-F+50IY-|}5?tax;}rCN)JX=1@cS9v^MlB)Z;xBAXl z;yz@FIp@Cv50O8C2bT|U36UkfIliykWc#Pok2wG~5;f4k#spdBt?IQp-YVTO)Fx>r zaP7Pm9ogA&BiINYhYEg{i4aF>N1rOZWfLf_L420nV&%CACza{C@0mg5$je3`Krd6|?v&dL7d#6QkQ#Ts@K0dScoG&!PqAcd0gNir}J3*gTjAlzQL76Qy!c!Mm=UPm@3A^K|$mXd~cY z7zdSZDy6j^Y#5Q<)0)BBAC5jAE>3=*S8rzvece0ym%*$BxPmZUQRd_(3XC)nl7?8D zE=727$BE5GLQT|G(OO&h2`8Qe!$=3Hr;q*ElBqBNPaU3lLH|42u#Nz`tv&AE{YK% zn;M)5)*?Xk90Gz?SxjGSItg??4DB*4vjfOO^_R^vvj8HY;L-4@()d0_y>tC1zfJ{d z-V;;J1A5ukj0v~xW@KikkdCRw^7*%q+Xfr6%v!b1fMqTU8YFf%{P)xS?5^7Bo2@Vg z9{YL0^LH`9FZ2QRpB*giYD^@SQ3A>^2?qWwcw$G-lug;4TsiyxqKueMrZ?B9GtP`c z-ZUzEksH{UNfK6WWAyXC$UIdPck#gjK*ggI_Vn>ue@lZdzK0_Un&QEZ{^Dc#!efS} zU5o7Z>s|mmhG@5hqs@Z;gFWxdykol(?N#r4zjrd|YFozPehPnSYLyL`x=c+VirG|j z`ho=LedGo<4*+FGW^q8n?iKXD#Jo1Vd`Y^s+_dT&!6%zk z$jJgHt!7O!F7uL_IigW-Or<(+tr$kHegod}g$4+_BWV`cF{_ZqKzm`mfXvH5X;SXS zp{d~xwm_N+pujk}i=#PMAQK52DLZmw})b`Gy(J6ne;b zAc=gV5m5?~|GrF7C?LdzIN|5g4FnvX`%0;n0qjT`$~pwvB9-sNERGL@0xqFjV5MQ- zm8$eQZ!u~nIgyLU{a5%w+J&RKp>O%q)jK?LOEQ_hncAb9KErnuFZw6>;KGoDo8GKG zJNTqTAp!_On`KHXuh&P7ZCZOGgeTrwKPiW4*cjFbgX}i8(!A9oh=;@oB!`B0vbihh z3u_l8%4vk+l1-{x!(Bzezbyq^z6da zO$0i_LX?>?#Ml5Z+-nd`kxC)LkWgss^o1OgWs6P|mTTz*YqHIfA9#pfBliC<|B%B0 zj3dR@<_s7`k6}!H#U4iHhL(z-0H35J z0-*s%BIo8PEg;+=P=7O`XsqG45*N)!?>P1^U`R?xMB)}n88hxC{irbqWUgsOESv_& z)h8WSIL@fpE2U(fMsjq3?YJU42BXz@m#jTw7u+slP#QEPOam%JgO)GwF#PKpODqhVmkq&yB5|J^X5iHLWsy9A%CI}momDw7?8nAbhD zpD)CR%W95V3B6#Q(J{?Pi$yde3(MBKD7$4efDMadw6!`qKyx{%p6yZ}1biWzPfyHe z5&oynYvi0c2-}``48x;k2||Rb282{iGjXUkJfXp zB@`@%LZ6zW<(gWnb?_WvoL3Um<6Mb5|C~(@PDq2!-lWI69gON+kJi<|J%M|Is_nb_f*zKgFOIy06t~I(rb5t|oMqI>-WatcF9kN+iLX~jlX(W zNDT^!j9n#@7t;KP%jcMPqFL!#L4^`kp{1e(E*h6mLag5Iht=WBP9tp6-Ayw|GP?~* zwT3EmnY2(^meuKHXCIdRM=~Vo2M5;$V@QT`0C&6Z|5Pv0xOfWzEo<7W#|*UY4+gNH|25m&{U_1IWq zvg>ZQ9Z7m(Q&5yJeF*vahsV!rHv>C=;4tD})6v#t1n)xHFyMe#y~AH`Yh&$~ZW+-_ zNk4QhJ$yE%&Vy0qmG_?uG9#Clt^Z!l+;e1VlNvRDKmO+yo-Wzpv+buI&}j~gDjzyO z)8R9IAgjl&c}81l;wO~VRd>V5fy=jn(ngPl-iB} z!KRlMt*IU4?Xq>ugT}TX;c0!pbGe1yfXK!{0W{>~oLhI=ojcW&OhIZ7XQ{s9E zo5wWUQmG2em@~;aP8|25)s|-O_Oce-tTFk_gC&3AK;|~kNJV0By>l6NN!i5C%=z4s zfB5fEHPAU7e#6&KGyuuBlFWRFdy2_42Wv*^-dI)*QU6`;h&IM?WektVLYd_KsieAY zf>`w+KJkAP*apiZ5VXKrM2sf@! z7j0nugLeBfobn*gng51%78Y|3-JVtm`G(AnHtkVoSIXtGFq)ySeT&xmwyJ^f?%6zYvq&B9?{y}@%9lB=N=^1?UfOCEI|2TVPfUpOM zQN=T3a?hatFl}EKk8g0v|2X^KNSs4R`?@&!mPQR>L^)E_ z?cd5;k9RsfxXA3x8G%u*@`Df5;Srv{GPjuoB~tEt)WTJSb60q}>vWR>WQATR0dfIC zfJE_C3=065iJ)kXHYk^1?c9s}FijPZJ!UdfqN`uJ7*;XBGfQo~s%B|*{4+e`g$|`p zx74h#3Da!9LYBo3C^VGyE9oS=3rJ>KuE@+;2ko|@yoBs-Ic-C~-`?5S4nCh-<&h+I zs`W*}b^_=>S@LcfR+rU1QFQy9rb&=3P20ZG=f-J}7aP-@UUuLwSY#Fyo$l8m>XZ2L z+o*56x<|8{nHJy8Q~n`)N^Xl5ezmSRKKNdWAi}%=FMPEXYJ}PvG&v^S@7|^9$UvAkMLJv@Xg|OwJfJHfnsN+fqcb)?M2PS zWs{dt7JQ1POXz2bTwuj81bC_mzL7v)YCCAIn?d2Um;xjT;_gtibyn~cl=?QFTWY~; z*os=2CK2#WXI50aO05d+)zjX%Rw=0=qXGLhDij{#1l&L_HHOUVoS~I<#X$QCg8(a* z!;E5QZ&qRi1@b{k?r2sW^eY5)kkY{vvImpMwsZnpF6)0^c}O&g?93pvD;>oun?v?6 z0)33Sm6J(eyEKdJJoWy$@0HuzQt2SZr*t%n;?DFxk9E!c@72e-vf6#DLxFaSy5et~(_gSn6e^B=}EPJoTVPpitJ*eZ~?I$HvN1K=Xarvk(%V6Uxv_ z5xQE|o}B@BYyn7=2v7f036=r@aB)W0@dk^|tn|a_sO+8~c~5d^5JSX_-j zAeD7uKkeEkn~LO=*O@N*Og@1^rqAQZ?}DXx@luz@aq3qtRll8>~i*wO`sF z$&F!o4{pR7rp|{|A~Mi~)Jiy`sh;e{;n=*x_yQk9$W-)CsqbHzot^+4sgjD%S4@@O zw}91jXvb=NTOTt&f5_?eba>-&7JhM-K+v27nr+T>aH-lqv*;^Zc&4Tn_IjkMz}{xc zK&u8547}x^-N;f;ZGA0P7PmF@%Yx@&jcKd4p(?{Y{+V-@mhbn-Y-nP6AbR(wwO-jE zHB8p_@pF3h8}ds@=RrKgWlsdlg71+Hb>&WYt<&Xv)5De;9~4K4X_p- zKRSTSAXMIXy!(3V3Wf21RqM&7l5Mn>Y9e-(V+y4`P=vOmDh^oe|D&8{MQuUK1I8T+ zXQ}!v3zd}MT)B~yd?<*~rtAj+XepHdpDZ&6vzwuUB&*CMrC*;4<7jd0sp5yk>>!ty zV(fU_!eCvOp!(=0C8`t-LshOBq_ePa8amFEYPi6$Js_HxS_Ibica~tfo#)q5KZBEzuKDecsJ>Cz{5Y(oe}$%HE-Wle3O~y*K6^2be^e+GaOoK z*PKMEci2Q>8dJNQylBY4{fy%8`9F=lw>TFd9+yc5DCfu6!+xdfjBBJ~3IT^2o!@7p zSaAkH5zV%ZVE}dc(l{D;pP)NgD^oN{_2N&C%^5*BUug2i_OG{h9Q)AM@zw?T`;!_? zM+`$uR=W`>ynL}#3)S346Z4t#9P$OL}1p_9X>HmJP6l#~yB7(%-sqIFdj|9|t zg6IGnYyZsoXY4+V*VDeb^d>D#)~hgEi6SR|inRkZkh15mj=Egg=IftN`(izytz)Lo zx*gV$wpm1UB9MiK&+|9?-oi+obG`?*KVys&prSME_eX64G^jH#&q8fg1Oq(mp+{6-C%&bl>jj{| zZeFs@dY${rP<(RDB+v7eJjng*A#s>IzvEGw{6$gXCwZEu__mv&_%;$}^PhEDvhVTF zRW7}s17DnR7e&bquae~Ve?RwszX}1G<~W!ljZp(^G{8=Tinj7Z$+G;=Uz3`i)q3HT zHoNAc3H2lrrLy>Ce*?~aPL_b=_+@oQ2#a4F9`~QEPGqMBv&kIkkO+|+p>y7OWDK%n zp>;k9`Jvqsq{PF>{3}AW6)aOurX{eo{HnV2sYnWS*q`z()IbH2bH+R?J2PEf>ld?c z=b4X;?E-tL)C^>7>plc*&(~Kn^Gc)0q z7kq+n5F&$EQZ$=WI-aZ7JEbS#O%W?=974bxQ6CeU1k;T{cIuFDF7|l8=IJF2sqTd9 zmn#d-Rg)?W-=*jR>B9?|5ln18NJ(k*s`OR#yzSY}bo9w$-Q;3o3gcnJHQM)8K(CUf`kWFd($Lw8XKg_;xOaI%+ z&fVEzeHQ`=&Lnx0^SOd@E!$hF(OMv>L+kcOvz}kG8nBUpH20^=k0#D3d#utlM+YS* z9DZgD2P2uP0%9-4ccWL*ez7!LXLhdFgl$9>uLz)A^fEV^8S%Jc zXw^mj_`haE@31u;CUBf4c3KKV078aS zLIzuT5*Pb{_OsyrHD^j&mS+K};9-%QtG}Yj42-wg`7&BcTh3Cl-Mkzx*?YuN3bQJ| zI4#X;JLnRV3;g?t!7XmM{={@5(MZF!G$cLVVldT^e(mBFA(u0j5wM5EMiE2BgtKF;7@zG{=Zc&7nQQUQ#Cb_f1;wFHshT|@A6*aNE zU~Cpb_U1J)4j1PCKs)SzK|5NJzW(0)db4jU`-$~F!LZCm8PvO5l1ImJdTZq<57A8h z;Xi0c1Ec$$@su^vpCz`I`Ia>j7znEqYz`04x!yWS57TX6Q zE7H8bQU%yKJuMbzpi~hFYo_#f05_>R@#Aau9xv7XOzRfuKhn;Ex7zUu;wERzhKfDu z*(SeRS=Kdth@@fkKhhqgDIWus;W~8{pXY*&;_6NVwmjO%DRdsFlC={V?5g<9RnjEG z)et~T9YoSRcjiPQGnjrF7oKe_hzymv>9QgcN!tRAyjemu?zDD5q~l8H7y3I?y1HAW zHNg$j(4H- zRCVkbi7gU+cB4=eq0Q+Ff~-d}f8_Ym_4AKU#a-Gf;1>ZcPKiJ2B5 zWyXEg3TjfYE3;j=M6*L*aZ-vd@cRe{i?Ie+!^ALv-tSd08Dc=;$$@yObJ_{NR$5YX zwQD1y6*pHxfTiaV7Q5K*EH^0`C1W*EzqjNR&=IymBE=vMf~p-YiPx55LY+@F8OFQj zUw?S=#E1>2DJP+inWAHtQ@iCliKns8;qa#$A3daF(QPEGn-wAd@d z4P*y3LF3_53Q5+Jd+H2Ijt;ZnRH%RB`scw`H#gP+8>d$1*C=wsA|^IQtxw8-8X8 zp@g`Cq;*eLlG)*gCWLEn=KT&DV7`aXJsgk*h}CbQO+w=iXI-7fo#1j zG{$JQZ_P|$6|3>vGw?dYxld2lTv*y^#3fB{{SvyYFE7IswY_U&Aapj6N*Fa*0j{1a zAxTuPdWB9nILt(YXFA1b1`uXjB;}ipE^|5lQ$%~Obf-)Hna38VT?t=$ZPj<+Rgixv zK-?!Ff;d=bnzZ#>MJ(*+?a-lx$wr=@VS=C?GpRi^WxB_N7tWlvK{uzp!*H*)xz3e6 z7ularR7|Gvgz+9-I1WU(_n=?hm@(HLaDpzT)HC=0)lN}q-6hGK&hTC7m+2G}}$>}UGpEgT- zZCqFfSl|SE%I&Lq$M|@%-fjc->Uh+R4vU~yNSqkE-sVQFK9F}Jd(R=NdWd9~8Bt5Pb#mYYHiCn5%^9Q7Xrf70pUtmn9fbElMl3d(~GMN6RJmYYZ;Y-P)ny;Im+52zBZU?=Yltekv}sH^M7 z0)^@r=wdB;Sm*Y(tOcIxEaMjHgqU)rMDBt2VLEOy%>_}V?wpub^NtT>&Yf~(`^0XP zXcy(;Q^8gGd(E}XrZC))K-IG*j$dbHaz8gCZqSQyS7W=J-|V&k@0F5pb zP>cF~?S=Ag&&nh`>d{>OqE$L-0iaEIF-^KPeS)3>U_uNO^@8Xzzyhyzr%S#qUX2(? zP*=>&unwm2@UO!=frAvyjC;}xw#v*}9M*=o#|Rz8o68+p>WR<1bvpPld zqr{NeEkjKwb4os+=9ls2`-OMLL25PncEnNenyM^9$m&^0GJ&4*;?_Wp5dxnJwhr)& z70<*40_u>76M7IUNDAiA$5>El|TDcxR-1+z>{D)Tv;Cp#m& zZ4F56Ji{R*x34nq6ZH!zABr$EyR0H&t(I6z6=VF(QT8XwqF>UTDK~~Qv!JAS`{0KS zqAIj{u;jkJ^~-Eyc_|ja0bNb03SY9{6oPye*e!@+3x^>|KG+d@dNAHmYES>C`*cWs zhxeV_yARfA4+=>y{iUDm7%Bi1N>oa9JCX}E$TzSiVty(Hwrq%I6lRTzZsql()w^6$ z%?f-6a}+TCCYCq15IJrG?y$Gpazrtcraa|zYn7s2YP2p~-Ed>woI17^ObsC`jo@srwm zXI_+3Vx3}}5uiMXJ+xPRp-~mt2}Dnkk>!!zs@rBke}z>XgFPFF89W~pB9XnzkwHkU z<|O29M{J-;Y*52jwg_oM*eddziFzI3J~mwl|SYCN3m#pb%}IFMbCOh38q;i1;>MF z;p9-*B!8`FC%R5Q8H-JFB}HQ;y|fXe1u%Vp)#e<}*WRZoPhLTkhili){?YD-YX>kt)GG=^_o4 zc~bz$m*b(Ge&qVHB`rZ>{W#oz4w`1AS<0Gs9bnK-BOw)lVzKD?=Ri~&VHd{dBb3z5 z@U#M}Bg?~FcU31lvBFVGG1Y~oZHvJpqN^ZoCB794YVNky*T79&*2X8+M4G#4_*QAN zOZcGJ_}4a2sD8Ny3bPcjg^i>2Z}o~+kB^V_YZ$qOw4O-0K1q55Y+jTu7BOmsmS<=j zUp^A=E0B^h^{`=?G}*v+8hVV}IBuXvC|Ax>RKIiR`0MmUVw5Gqdr7c2N5kjp&ApAV z9Gu)ZEwqhpT{NZN&kMh$_*Fdu{rx&I;UZu7H2=1XNoNqQl*yNNn?;JEyYn8K2U8?l zK$<|haECC;Od3I&U~ZX5YUdHI@I`UyBR+@b>0ylI4t7awLb-59cp=@V4|dJPl#V`9 zICi-)DjmEb12cj2J(ssrL6Pz0iiE-RN54fkhO=3IT)rB_HISqTV(RZ}q{JVMv62RX zlOUY$4>Dn*pV_-_GNqZP8NM0fp!EhW`$w8P=<7P%+T-9Rt=g53Q|R&i@}j*WVraG{6V?$%}H+H)z4iSZ{iNP9dz0wQm0^1I*N(6UQ-L;~^4b4*>P zRg^^~Q5AL*HALIk^krfy^THstG40@hgv%xO%Zj{t-&aF@=jKlXrtrk|ZlRA{rs0k8Y@qQpwcMHFf+n8$HVi?xV}4Wh)HJvmveR9Q1hJf*rhez)+xMq{a|%)=5+rORUj z=kY?&ZbucJG3zUNlR;H~H>U|Xq$c}HD?=Zp+&qC@86tAg6P?=O0aD0{JX6W3A#sdS z$wh*`OI&kQeo~HBJbe4pLU%qbPbkg8wKT| zbm#L#so=ahm4p_<>TGuH>ZG@$s-L4O*4eaZY8KfeqmS^o?nX|%kQNdcS87XYhrrTs zyB%%B>dAR8@hI!Cw0LSu$m*LJQMiT=JT%27?1ciJN^L_;Ru2qo85nH_MZ-vQEacd_ zX9H7S4Cu?KSt}8@N_Z3XVv&fep|6Bx=&>V7TPX&xl~OKS?|!P8+i>~N7+tq^UOqk$ zEed>A=)ptYcV1fK_lMti+%eXx-0RE~-^#c2_v_8fWmFy)4&TlV^?u?{w;~JF$hWP# zE(PhBrg8}}#g^n1t!)yYhHsg6wNbD%fULqes*V(+g2A9RgD>C zA|$BEghS($BN334WAIndrVYjTHI<0kg{pCNvB%HWN9|T3BM1}%$ej?w8^ekaKA3*p zrCD(ud%ywq`hKA>_1D4tz2bU}(Xf&#T~s?SKo_0AlqZ0B41ae^$aknE;~&4_oe*LI z??V<;T{z5|D9#7!97U!)Z=Ia5qBmF^fD%chDo5@xEy#7g0}bqbQiBH7xHW~p#l6;j zb_iv~@_a0o7oD7H(klyUNV?ksB4(?-ZSIuktoE6IZJg~!R}97wvn=quBYhc_ihUf5 z^PA07!fhSJV-GAn2_8i9xT2rarfjts(=;e23Klm;Zw2KB_aId&kD>j&Jw=LVp+ap- z3M0&zm+WAUrrC;ksp~UWBizF1PmeO9=%Er>%HrM1JZyA&0A7e5t*rCifgbRa$77^~ z2M5(ymM;Dt4_Pf1EOv4vVvXL6s-CCT*D}8|&T#ja_-fXygBFs5-eePpfNS4ip$i>^ zMUT5g#1?x)sl)x1-6Y;a`b|alTb>&pF5cpP>(Gkc;K8-Mm(I@%=zvgf5~j39^ER3K zPXhzvjMLLE3C=`fdxsO4ExLo6bB&2tW$GP_m!*a#I8Tqk8^C9K+GQ}VM88Fo|DM>C$=utVVQMnON? z8Mm32Dd`E2GHaKy39Mqvz|{xL$7WVVF4BMC|N1w`Sn(M!O%dnb!knG#`XqH$8q<&X zFZ%^9zaVW|mrm9bRKYUNa6!ce&t&ZI%1)7s&xTIfLWdyfn|{LY+me%W;=cIHv5fXm@ z(mn5+;RvtlV3d&i{oJWOel3^j!Nq7b7CfF_Gx<(=cCYnB@quV1{Kq*5d0{u^1vv% zP5IE|m&e@3dFb!u%2Y`v&BIUIEcF#S*%sPBkue-9r&N~sFPCJ~o=y0tiP&-qBP7f6 z%Vqq65P98x+M!W^4}B%uSoXkpC8-6ozh%1{@4wQPfo7C$@khXQ`1Yt&O~oy_mKlKQ zf(v?)08xq4ScbxDQ$Yk)ZTYit5mQ5_I0PIxCAT1Ol9oj0qZE67vrpMVrV8tX>~wW- z*!6&V1Y4;Vs#g1vF|#b^^znT3qFNDLjXGuZ)$dvA&>TgqvX5c^2WqYJGH@OEq6qVU zYN8Z)l0qqKSV4m%&lG?hc9DyXcO^QQ?OMv9uz@;bhl@46@GVrUDb}rcra{diaZ8#< z`)Hb1GxfcUy7f5%iC9MX;|%Mhl;+~8nK;8~;f*o2w*Cs?LR^63C(uys@$a~o)pu~0 zBY2r#%sbYtI56|V(pV`8GDGwg>+8-QZ#ni5AO*QixXQrgaL)iJ4d}P>A`R9CVmuKu z&-i99P#Ihg@EF9wS;yygxn%ECdxu5=*n}TQ%&bfB2>K0^0Dg9iN!Lh&g_(;7ea8rM}PG93^tH}i#MwD+b9m7F@^B`)J zW5`vCK1SZ>7;=~W&+^JnDcbD)6=lS|MI?h9qLilSA(8=9-A&#*BRD|<{l5+fKYysv zGeQvcI2sslQH-ypa(_8)gM2m{n8Q~GH-H0Ha*&sIownNyws{R=e|yNq+{ZUY^ zH%Zx|4_Qgrw-2&)k43M%)ZdAUzMG=iK-QE!Gn*u;?}k2{uJiMF(#jVe_ge53yju<} z>0BQS@c0HVTx!vG=h=TV028hiNhvWFNa8BQ2hU5x_w|TG*yOB#&0OJTszAgNb;6an49p90pRk1h>Dd%N--VfAzdQ{0jAMszBW{DK4hIHV4%FsU)(_j3~I^I z8%Lfi*|(t@F+t}ihv~*A(H2YznN>Vyn78XF-+ORW+vG>Cq&T9;pppsW}qenRAR9PD6+)DHqYG-k?bn2*@5u zUoD`-Ygu&Lx7@T`PY1uTa}JtHm{_HZ4BCG0Y;G=#Qw)s9baz3g>J$~QMO8pd-;)S^ zMUwB?2EfUUxcCri(D-k#KVBan1Rk~ddsR^?^2^V8UVv=XT?9(PDL)|5kr-!AJvd(U zq%XJOw&t@%9#POJHA26gwc>EU4mac7$t?l3(HIp)%i`CK9`aHo*?W*#K^~$@{uG?u zC}Q%?rem13ATp}`sROTB#Ps)jO0tKXf+{g=%Us(ic}4mnnRDw4AQ49-J>*Jwo3Og1 zzdkAvZFPnS?@ElZ-92qi(KJtg$lQ(#+j)$K4r2@|nCwKs<)z*3-rg^Vj3FD~=(FW1AJ6A%U`S)h3~I(t zcm0Z3(Kw5=^CVk4IDDKL-te+2wdJgBYqCcCjq*D!*(^ou4~cBF#n>dJ0=;#eS2>Pb z1mIW0yw*W7H+_xXu@3>;l~GyCoY*Qx(^NX^fL0w#*Kr~AQZC`>s3qdrIUZ8APcxRG z)aHC3oatq|oK|Uf`{1T!;{rotXT=MGLQROjDG0xtdLk>&Ux_xpG&%C#l5H7@mz z@BG7og|W~cW>zx z4EXTgL5ir{g8O#=9v7=C6suFy8;aXL!|lV3)BXIp*MJ26Ibt(GVd{YYB<}q|wCSVE z@Gv#p%k*-oPCsIlM6Mpb*$ov6_C|dqe$|jL477}iG?M%epQeH+5mDqOnc($>G%@cy z`6`{o2;q=0j>rQCEA5z%VJjeS-}uhc8j&kSrQRN~X&9NS%FY3=*ASbnH(b^ph;J3cV?1!$#j|W$sJGDD8e>b*6gdsBIjY z!y#|L3DtANLHkSerhx-0|NEf1*~`m$7h4Ts;KQbYsCdUM6QrcEO7cn}T~GXE(LZ*V6#DOaSeJVC=q`RU`7;#^9Ml;HRt*r$aC&bn{MI2n+J`EL(hwY@u6$V*+Q3oXAkle#F;<`&aRIK*>w0 znY3+*A=Xxs>dGIQ^USbp7>`613Q<3S)_ibQ@Cjr_%bL9Xzk;jmI|^B6VQ(l@_Lw&1 z4EG`MJ`YYR*H9Pmf?czX(w2fR(LpdeVT~v7<2#qXqf&H4PZ@fGOT6*Hy=b@=GcN{sr#un(kjuW-fASZY}1fWJ*@7!6uhH z1jL@)4I2q3h#(I0z#0n#6*o)+4pQ_KQb*G(>E!c1+Rq4xCIiK%Vi@NgCWHD^I~LBjI^jMg%VuHQ`gPBM%1Dx#D1#>%iG1+db$Let-|?vtIc=sNU*k3CW@ zlB~=c_uRwq0GrZ+;5nqJ^>6_;4nx;5GRPz7%-Q=&b^}Oj1ldP<+8N-m61mN*T6nXs zS3p3G3G>vkXkr-t0a|!22A_Z@x;k(8B3Wj@S!}aK3}67e4OtJwej`p>_qV0EW-gft z{_e3c%I4-pi(Wm{YSk6dE8Vru=L9Uk?U=;>mkAWsmNHJebkO$~sO#~mYA8h@nS6z>T?d7U!IqCbX1w{LoWTq!#{_MI-a&`Y zoyf1ChC5$sv82Fbh#^Ur&SSVxs*b_^AbPGynWDschu&jIkbOyT+BJ_QX=gU+f3Y14 z+~wlaapk*7{;5K5P$5b|H%$?xT0@x-dpf$?>FK(<`qDBr zwMfga-_H845NW0!a~-9b7?s|yBU7?d-Yn%vh%=HYr0PqlL#KPtB9|%`e&y@yTz~I< zXyw)`Ird40e9v2bskJP9gW2?$>(v-p9~ZZp(^$mbkBwQELa+`*OevF^^>A?zpxMzu z(5N|f%Rw3;rm6gM6;~!Ltid4;32BXL$p+3)!~zjenp=i;S;MNA;i{&e>ehJpUQS!* zdLm+n>2ug{BKJz0`okg-t=L#2YmA8)3Z)oU(g?4g{a>E!pYX@Ia(|mYKhfrf2KQ{BJbEud3q9mC@!eBeY(KFUoRBY%2)}Gg+y+X5>o;vM4 zo79({96`)xN5-OCo5G><)hE## zUb6Iy5kaJ;t;vN-7e;Y9OMC-6)H>yA>b#WFgkHTUvJN)(q#oa{zl?ca2H!;Yx#uXH zqO~{T9)5Oy`Jq{8+ zi1hlK!=Kq451BX>Hz3hTbfoZ=FLe&&D8FxB#ZG06wG3OTRA~PFRp23ckeMiKjmkZe zT-vsUpK7(mCM#9(izSFeT9VVh$|(t| zCZ8cOoze+U($0UV9k+vqPDWHRPHJy+y2>a~Zs~`bWMwf0UL{6Gnc1{Q6FV zcq0m|f020sfIN2*d7}v((hTf#;m^|6LDoA0({Qk>7zE7+zLC0eaNmuOXc)Rc8F7%` z-5_$TU^}|l1AM;-c%NbI41B!^L|gw!A-Ztm>tYznhgj!RLBDItCjI~$fx$;`b3B<~ z2$@^}tehak9kG*}M*$dD5leg^*Svw>V3*Mr4KOEVfStJAw$(a`j9Yg^5}EDRa+Ny$ zXCDHAHUG9B<9y5lQ+Q~{oj>VeH6>zQ-zI8U7Z!aef+Q+QVO-l2zvoe(L|AsvDg@?N zLGbE_f#03Wur&ube zs`*Zjl+~g?-`6LUeAQ%@nC2H~R%X@*fP9XFSz zfEE-oMfmh-UNe05C&(d~b#m~*MMKaE zW@~#vPtNQR_pA_2M}DRpW&ctTz?{B&&bmY;##HTMZlf;kBLe=IZ8dfP`d6r}TApOT zu?+RuYqqBU_Qxc9@T=7B*>I{W{V8VUZ(4W#f;){zOQxheQtcN2Ts>TC=3Qg2dQ>=l zY}J3?H+GK@L@NiZf|W+*pF;w*TaT?Pefy3$vMWF+%}$b5#aL~PA_Ae*MAtFFBbdi1 zAmUL1YG$T60aW|x3z(^BT9)x_HsndIQ^fT;jVN~>>!@#^7D;^TIV0 zhwhnFtk|$THs>TJ(}U|32C<>ZlKw>_1@K@nlx(SqkN;K`>xb$^f`8(e`1LnpF3y~f zvs)1)`&%`EFsA9XGT{9#Z7M3eTMn-G;yl=x#odU&LL*Z`w5w3|9+j1DU)CJg=w6Eq z8a(xAVF6d0B!NF&R`T>-uXc6oF=qJWnlT7Iacv6TLi!>4_q8l0Ab+0aA4YKO_dSqI zfvt6uOC+!SJr>dG4@C1`z*rtPXiD-T z*q9)sD52LO{jAHK+7RT4Efy4%REPUbyXU{+P2zZS-D!O6FEBAER8z7qw^Bz<2YT|A zUW0_sj|aTz8eb3J@9Qb3UC7Dl(z%I&LK_oaaMYm~4W-pW%eC|~25U-{IqD6>=QQKw z!nz+F0r!cr^q?i6nkQg+_&6#R4%y{b)7%egw`Ig%(56@D141 zb>SZrYaR6(NzKBDG|1TH%f_n~YNFOOirQpbof~1BD|4eGn0NdgV`a)5uf*^}*%|iZ zW)6;@yW$63tC0VKkj~?KT4nfQ4-g$H91_>10264*n!YFNU9-z67+o-eQ0s<*;?aCi z)w4ij_NCw)N@USy?Tk#m&bPV{qv~)lC`Qi^RY~^b_zz)9@3fB!uR_%3is#Mq<6kH&2h8t z+xZEZEA$Y`&|=7?fb{A{={*Rr>w6Cmp5=Z|UVmLUnxbN$xxTz8WCIh5am_vZQJ7RK zLRL-ieMW$L@MjZtpn#`4m`9u30_QiOb%Je=sEciGE5= z%Qi|~4bndu67S8D4HMlcDK&`=Nn5#NN!^^m`D+O~wVBy#*IZ!d`)+z~Ml zqIvYXWBxG%)y7Y(q|9*L8kKp*B3^IwzOQ@xbm#xT|F$JeMPm#{$_e7b{mOPDXDrX% zL5}+PvEF0LjWr*`;*6)QH+0TKezH4@BMRV+3d%yr^>%{awfXhwyLU$kJR_k0*nK7A zHMMsoeiwi{_}>6>U#}c?jjmB(D;LO>zn#Qt61>!Ar=>B|-hA54;?PxL6$4PD)pkrR z)sGJLhtS}0R>Q5N5`{eNz294eGE2U0B!6L2Ob6w_pN}H)jtTT^B@w`kSvykIz1cLT zP_tU0IV4Ln*MYJv>FDVd@1ib-kO_})8v$hnKcl&2e?4|SphQ}_db zPo>HPj%L_n7@#_wE~6a6f*W%R4XH_8+J!>IWcI2oV>ja zJRNPXEZaqxysQJ^H+EY=`Lr4w@yJDi+Ki57@a;`K)%2)QgY|_$$#ba4S=$*@e4wy2b+A3iyl*tQrBN_c5NF!6c;SKG zofIls4WzXXC4Dh2DpUZqzM>kSH3-{w}Bmn4-DkgcfBwu~? zDFZF=R1j009Mir*lrSFC`uAx!9CZh^n@UxdEz-gZoBvy;R>Nip;vr@_JpGqN0sV>~ zjuMKDEV}TUhA*-Z9kI6a z#Y^04-jF29!_4OkB=6|(6BREKyAX0OM8TBW#Z}3 zS1^ljWurMJqE7SBrzWElcy@aW<@+Rvoq zAwL}L6}e)8&@XQ3Mv_Lq`_1mqYr-Bqq+rM)dktYbOnN`XAQfy%Z|8>d0cz$XMC~xt zC;c`~Qf4rYqJJNsG30X;efI)nsKiTqCjo@`DVVb@Eyl~r{wW;Oq}u#-p#|J?x?HoU zc>8}oy%OYfOkEQ;iLY0#iC`M=^|i&r3!2nQpcdS$>thzxLHMA7S&6Z=Unbt zXHBmrn?kLvRul)gj9I3#LBHwH%tSjIbP()iIQCd; zHqGYFUY44RSdEufF}25smx@i5ut*qVZR~uQ-Xcw%A;8pL4!2Dka+^8l6t?LO^35W9 zc>7Ziu7Fr(ZXw(F{c)>;+8EqSbZ3#@l0?yER@-AiHJ&MoEcXTBcW4TX3zOl7RC>LI zA+;N!kTw<1kh^Tmi(}t_j$C?d4Cd+lT<_?+48A(XQI{%GEA?YC?`aZ5hS#asjwV*S z5EcoV+j;?-nrg?Sili`?|ZAmgpMNaH^Ax)E-Azf$XyN zX}&7EC>tQaFeob+qvU!}OQ`?MutX%`XO#{&g0pSpCqAPeB9N*8puu~|cz+R*Tan{t zjKg54Gtk=XnamnTV7vjLy-_396epP69Q*R=~FI4(ru|sQGxh*cA*+srT;V zXjOA1>jDPg1-!Pns#MZQzeT<~oV*EgIrnUlTR9=2s<9H%O^eiwwc-&EHbR0+Q9BpO z(`>Sqm#d0p_PRjwT*5za0)jw0Awbed^iGdQSu);EzBC&}$N+mVniH)Br325b7S*q4 z9}qPb--%YyMTLfuc7=_oD*nb(cjz=UCKiDvi8ot+#YKWR&~ou*bhe2ch-3jYuDg2D zX#o$#RMcuZ)GsP73S$wn3x0Z4h7zOTu;@}qx7GKB@=Al$)iIIAQB-1zI46B;;At3g zA>hVOlrzo3no*)2AeOaTn6p=S@ zo?WQK5h$MMdU%ivDE;Ri$<&ptqFL#s1fJp-8%>`k$ftYOWL7N;aPw;}C|K#WmqzZl z;_d^lR?9d6a&O=!!O*Fd&MBA%voq5KpfK-uIj;zvw5wZKkt50v+JF_Z@$XEpTnp*v z>seYn1?@leZ2gtU%0nY%YP7`*Q_E>_FwI=+xi2hTAz9~Ct(1w!vO{~LgD4w z4g_sLT%SK+YAx#@(7sosY;DE* zTFt%~j%l)I2>ODgZ!T2XY;1ejxpux|U9rv%v?bLvy7hv2v9!~ase)0u7r}$m5)a}Y z;hX*s`vr51)r@e&I!XAK?EOf!rWibEM6$fzm_vEXEkUcRIFv83(%pqH*ouoo-RztT zM8KUvlT#XUpB;BsCS@nlQ*(S)dTce4`{+d*R)ElxbbXZ@dspUA&(usrW?mnkrNdIp z#r^4W6{%Sdv!@Y8t#U@5rXAZ|XP+b%fLY~ZL!ggn+W(CKJIPnK)Rl>SZSEj>@7=O_yYeIFQ6IO)PS zsB!?=iZ2na)g^izk}b07jgsecfXzKV8`qT{5OBC4dI7SwEkNp8fc}zXDKR#43cjpe zC_5&g{n;4l2)cuaoy<@F=&Zq*Oc49bdb-S+R&C!3j1Pa`Us)#8$!)+X?8fpg1jxV;5n}uvuO`L<-je2-dJx?D zsv^L^tf+~$bbrU*D#s;stx+c(Gk9^5wo2qKIjMo6!aomUZwe9c-j`1Wk~H3Xm7wS1 z58JM9hf2T=+}w7BOk{wNm_iuR(EZcXod~LJi%w?m9f06)kVPicXN+ro}dgh=HTi}0OT9=B7m|^&nIykbCYY&`9m07KgC5-gbrg$rXF%n zn#4Jb()M;;uS0Nn1qwh;3)vhi$z>A3>g&{d7R*x&x*jcn;>|Lp^&q~mCBfz`8tyr-^vfdZVJ@L>-Ik;fXQk^ZJV7zSkP=L$> z+6}4Fz4HtdV77r6@<18a%OLGDK8P`b7yu}nmE;ESRGg|H$NTrGrKiluhYhxx9@1vt zYsg|p2P({l{XEs#MWsNuQB&=b5bOEQyCEQQ$f+@tX%(ENL!{0G=|j?Ou@?*K4615b zg-OQJ3#;YtVg1x7Z3Ai%B`X&__p%tVu&NaQoFLMBV4HZGE%iv-eGXxm`#-DLvd3hq z%;T1um{_lxzSS*Jr(oG*$mWJ)8tmsf;|7E3&S5Q1N|h043! za7d%X_J(u4%&>0A|32k%o!;@n&I`uEfhxcVOf4VqVSgkYQ4n&8q8ZoGb-LbG{iP$X z?G;ukCZF*F(i0LOfs7AdV&^`=CHzDssxWgZF7r(L#ET`h1s-G}$lzE?pdU1eRp{g$ z3yP)myHf04~0^-X4pfVg&GQq>Mf*pkH(P$Ro zR~Qu)1qRgV%M-Dfyb>9^aUTwupe|#XQIoyXCwHEd#zeiC6v)*p%Ytb0x7kDP{P|8f zly+@CzSlnzfEz%v;?A7v&AI=y)ufeaKsyvO?XDhj^xj7j!CeMoK9|gJ4_=-_J)Ked zxK8)ciwt&KYx3}~^p(Jz+1qBkG_SUj8EL9LzU;*uCxownNw0S37<2P+m29n_l)m|c z)StGqwx!9KK_G`W;`OZY5ct}LX~5mJg^KxJ!MgSj8k{*aLCNVv~-U^?MhycxQh{Co>zR8^r)RIZ3?+*!$I7Q6h{2 z{?!7dEE^og4wl*gWN+SMw0Sz~iO0bk}JWMH4%6@d8hq`qM&<|=ydRbv*C?BZMeUMzMv)W5XU zI`6Kb0Z2BsgEE9tnb)>V82RnoKrdPO<6fOW820W|6z7IrnSZ;%iR|-wA@&I0=M%*; z*a+qUT9eSCO&QfY*qtYj3L^T!?atBG38X%~PnJ=9wBnYlL7#xw$fkfc5Lue@sBI0E z<5%wDX%Ffxem_zJ&$IWU=k+w-kcLO4=v~xxK=hsoi-sDBLfy*(C^j~7w(W(LGO;N%y$JGl|1%g zvU8{GBs1|PaL7ySxDn5CU@R4w$rp$yt*N$t#6>lfG{l$$pN}{F%+#*n5a|`?F)ALi z^xfUGGk0V!ah}2HA@#0Io{VjF-J|M}qEEh1vB7?-H$BM!K5+}@dF**^d$}ha_Isstrb7%@mXVpNxpC!2vzL?23 zNUN{V3qAr?`J1Aym=8_z_*mG_o^$sq@9w%G(Bfj_fn)!6sHlTWsunJFb=R4~mzsjUeUPDUd+%QauRJ+%fcD_{uRJ}lp%gCp;XOT~ z!N_cSL-_)bM*a?rM(YDUTi24~0^2$V*w4PJIme1y1k%hdw){&URWo4L+XLgOZHysV zMb$NOr#}CihyC1ps6857EGVXghIRk1>&)eeJkb2`0NyDua*-=HOmYN42eAdyq4n5a zIrhsreycPg`+P*9>z#_&=!VBRuJBzoUvrEHCBBd|rYu8yMKtEzUis_rbS$>K2)m^! z%W|SGV_bm;c2Nhnyc&DSOqxcC@i;7|dK`O+EWCVcliR2jju+u6EAymxe0qurG7K{} zO%M*4=qc4J>^hNsh~RSwPt=J+p42c8dN3@82b5?t0KU+JTlOsMIGmP{p-DA6UC zA($kCtb0)SVGudfJm+VP-yv5(wgLdN{ER-mi?j5bV#>)gb_(u24zECA zFPEBEMuk>|!Ct!y!wj63I#3~DY`)fi7*xf_=5WNqud}7;KVFN(J^*27ELYsSo-Ht8 zW~69JRK$AwgiKnOrx}XpG>1aAE-l{=Xw!xLPA(1f3zN?0KnLmbWl_5B`4^bu7-y2kC9U@sj!cFbW@H3m#p7i)~65$@n> zOawAf2R0#R8xnPm4(uAEPs;cN8};(@PzT^GeA7L43awAgI)lFA)A?lJaK#sG^)tM9 zp7#0P)sX)AKE?F*M20kK40OhusMo_%HCDs-JJ8d8!%?oc6LxaC7`yG28!oq_JjN-9 zsBm=WJMJH)-@raqVyI|qgDA~4LBwF*_<~~Qs@g6d!l(Nh-oZW<8wRN0JN9I)HzCzhB{il%iAPj9%) zr&4+{9qcK@wzogs0z*L$<_d1m`rZ^?&r4#tfbwW_%HIprSLlm-S*jRRN`z7LA7PDd z0?Z5*4W@ACMcA>PH-`77Veq}WeJ9qdzO0IW-iatBn>I<3^Mw~4B<|%a!Ia8jwRZJj zyt_=L6BbF8==O)gl%U{W^58{wb`M_|=-r!S^}j08vTwdd6E2KxUq*axi@iZwP28B5 zrQ6E}XGZ^;&PF>0W;?4`&8HeA`fHDGFN!s_X=`_S6L6SL)+1+)&;CAudr!W+IujTk z?j=;UDicZG>OVZYByj5)j0OD%BQk!P|IY0xH6 z^ev-X2uNuprA8)6rHj(ZAl<%Y3-m6utxhmyY10P3Cdibj%R0uTli#QWiVkWeb4h_xBU7 zQb&b$e!vP!+U>OmpZn8ckEoXp7{*sf?e0jqaTrz%Mz?{!$`dz!r+R2WI$VQfEy@!} zkI>Y9r1^bi)%_DCvt^Nlr1uWMcZKcyiLK^|1u5`)n1sWKl0!QvkWNyGt#)bFR^FZ+a4VoFAPD%DJk6228ph7A2v z4lj^B0EpCa%5`JJB6r_pAwv@j9ie{XtInYbNaY$3+|@jplC_D4{$1$NZB#O&BT73UKs$<{eC98#h}tM?WEi^m$Jf(Nykig>>R*{6 zm@oXS`IkJly6DhPsAHhLyn|>pw>ucf18hG=MRSG`b2iAy-8jD>o&uXF4(7=^Vl_<# z8oeGtIN{wmUPAG;C?OzeEi;Rj zF_)`q>XoT|J~O6I%ZwuRz31@wm~cXMbq*&!EEoH*TsGFTdQg3e&OXrMhaU;fpOxCC&|^2_$@%>bj3IN=Mi!qeFamyOhCCd0GP zt|~zUWnrMtgzR1iK9HV+-CcwJYC$S@d8ve;3VJ>h+E_ zoVwE;O+dJ!rx~#lwNUXoF_Bs^b9s&rgFwlyXD}{iKqA*Awxk(+ztw6N(mrcP2e6Q6 zu*LzPMCWlyxLHXj%)M+BygS_5I{E&QZ>O;p%jQ}YGM0y;*fI2$0@6H6!Y}zHKB|v{ zhp+u57=rF0Glbm0)EazY_ff5|UB$0Q~j7SIz28@Ln zJ)iRD=xJYk=QfU-lb)84`|d^v6nvK}+>`&eS}fmPMZfmUS7zcbibEEzq+WFK&3V>1xYVPKM81l~cRRrN8NWi1=% zmiS*2am_AVxqyXsB%5?wrcA{g2UyXC@5X3x?_kw|dEfG5&aX$rCmDZcQqIo8T0{j4 zs)E1wuZ+lAgW^plo%&}8&`^`gUh3$6NtQ0!Et#IWku9a%IBd%n#X{;rIE{=aEgQ(7G5MLs3DwrTu&}{g>=RO@aaG zH&88s;zL4qB~vkRMUf#%xprLCI_{=tKEzC7rDWemuS4V(z#pW4tBnHWvhkQta8s$8 zT|RJ^DoJ@G_z_|?ojw0=n^D0}dbp&*MuP|`su@;3WQP0w(tLTGM2(iP_YrbcN?uAwH8rPM!m9AG@&6h&ur)9%T1-FTbC}5ExaAymZ1-diLU|4V3D+z10|+@`o}M zPUUsS^Yqdb;Y`Z0jAx}T?R~o8QOJqiOdq0$Y9Ujfsq?5~lW8Y2i~MLv`Jj3dAcA@l zT}*?IiqEQ#^ERJxyI6*Fyk+|hOFR)R&gO`fN33Z{l7#n&Ml;;_Hbe1-tNV2OX2}y( z&hm2Zc()5rN5Pk8=IpnWg=-!YexI$!1{R^W%(WiN4;-q4DZt7ec+ipI*@|#7O2i-0 zS0>-L7QIQOd2Wpc2UA2Ox9$uQ6OWXnv%f-)-NuT2KNROxYN{BC4>ViGbvtfv_ecNb zJQ2S?euJ%_@4Y3w?}Hs(@3;HNRJtCIr=g0}pXd9?ou1EgxF1nn-mAsCvZ8{co-XcJ zt&YTxVD6r(q4WgaNrj>^Vk((5NO88Q^_igfXpbLNMjC?JwTZWzA9F{Ccg%iRE7nbJ z1QH}g-}91g>u0Qz@?_NG)j~s#{`gg|Ts5fT(~6zVJMOOxZDqyqsV0F?->DStlZ>-( z)Bho?zH@UWcgHdK1(DWAB{!f z@da)gq$b<0%D#bKe-$UmPe*llK=H53K(`RfJ8V;K^q;;+jQEHwxH87j(^;=Kd!EqO zAL_Bd0jMWrM)*Vd+ZdWnZrfyY z(AgIRVjHiK$+~UvJb3+7>G5Hg{H2wHh}6~sOJeXSNrwW7%HO6c8YWHLYdDf_odskYF^u~5oaIePpU6AJPMGBUWvNjcdt^0Bc$I$?_0 zS(Ba%%{Yaj0SMEr^gosu+)*EnN@3c$BTO65U?CJkD9Mna-{=%E~s9`pdB zVw;%eDaF`E_0@!hszd|xzqYPbqrEB-k%z07?R%?+)7C+a%U(RQXlwgnM;4?bXg!Cd znQpVQnhKOB_r`CpZm5us&t8iVLR7O_Ixrt-*afs;_VpinqUb?fj)?CYIn#u*KC7uQvv zk?)1?I-{R8jJ24rlCO)A-)q2iv}Oo`-L#q`&;#RihXEnrekfEh`)vod$%oVA}mH00MZlD(~hW(Ri6M#j+eZhcNAXHDli35+Vb&+<-j zW60M&v?Pd?TZXQbNLv4`p?%a~XIaX}z>F9+-!sDtsaHGj3w|0zBkjH&dlSs-3z$nt zmIt}h${8}Q^0JBpkQ7yVXfNaY2gfZQoY&(g%^kOjp>AR(&sImS#P)Qzofh%e9|0Dl zX{uG{JB=wtG7;C%ourAvr5C>pZq_ulCSU}4ywHw@C-V|@B;O*i_GK#b`F_mXy@;>M z7uq+9{ebAYZYGQjHyuxO_KZRvn-?-nh`h-p>;!amP4lq8>*8*+Y4k3&m_=e)P}~SW z2lRD;=8-N**%?q)cOUZZxeTuWZ6 z_H4|*O3<1wSg`d&W)iQn78oT$=8p=P*u*MyrGS0krQdU#Zf%1V*u>z23UvHV+l{uL zC>$FQO$4-l9&tf!BB&POi3S4)^}}!|XI5jkMMI>_9KB+FXoAsZAfFQUJN~aJH?b=p ze463R-tP3Up7j;l7r47Uha z5y&O1cvTG+pnRB(K+xRnCAQm)aZKiM^lJar?Kkv~t`eEQ{wuBM$a&6>(lr>Zq4>!C zhotk#%dRx8KojqUlop7TS=wsnfzI3hw}|L;uxC-@>04TK_Io$1yEKP+AVSNxJGq(=+dF1A*oGq*JI;QQXGUO1 z^fV#{NI2e9NQ0f&7>LKfP7UQ${|iVnHGm}>q8}Qql^`|Rr}|5y;Xh>l|Iujrjn`c= z`Q2@IVSQljR>#=M!(al8&Snu~!{MMWlTO2-Z{n8gwMOOthl+B)_f8`lMA5A0o@0*rB?=%M2%W?N24``F4FU|*+66xPS*?g7I>JY) zLGs4qsM15F0E^!jVyY1F3rJ%WI9aCdVlU^HX>jnJhQ0cSJb(r%Q%hz(qcFv>*ogAwY( zjm&0j>lS4Gc9uP4*;^Oe5`#Z%`EzMeDvD?(wRk=3WPhl%c2{?49)sNnqa*b}))H#A z=M07UXM(*)a4aQJwlE4?#1L}?KB>jENz(T;8Qn-i%N3%?Ns*8YmN90{kQEGa>*7%m zbV7{gM%g7thKl0T(xObQjMPO3ow9nPOK+JGaSB8UsWOACGKEc9KdhkEOX%JwW*~TT z3w_+gDc9(zlcgsQ^m5#tfZG2*q#FBl@}m%UWD0;W5dVg${FHNN8k!M@!r-z*=PEJR z|8Ug|zVW6Z&prQdxN3RQZp!hoCkZ4fV>Z`rcfeF{jO~?psc~hth{%sw@H>7SzmJEq z*I~3V08zzpWF~mR)%-+~<7~Rn75l5&og2KMkb8b;PcG(O`{k;+=T!DxP>C&8zvDBU zp5wCH>l9SV`tZTB-N$&v7D)RdMe6oAgpwIA=T@3nikGO6m=)I#?+gN2K>)d)emTu# zod>O9DM<`*L2QifiJYEJZk_v8f|bNKi_3&cHyX2W!by3KTpm<1-yD@x_4x#1trpCm zbLCaHCYoHwJ?YzV0+Rt(Y*Zvjf>a0;77L>9g0f#6=H|y z9Hzg|HZr(8(CpmCtj_VG%5-4Hl<6N$wth3c3LM4^c#*5ki$)60WwkHc71;LJw2|tq zZr85pUAzA_wtGyv2S<@5hT1Gy0~tnM}7Yz2rGF%k`!7yxOs7i_JIq!!r4Ba2eK*Ej^T?Et;CxWAlW4 zWFVB!$PE78?<#Y$c!4p%5a{ztNw?1^_${}ICD0d-5(dTyjHuF9g$o5Ou+OuFz74gn zaTpJj9|YG{HCe6F%#;7s46$sxFrd15|l$=c{@(78N7BvrnXgq>0w+g zBA@?Yl{FFCTb4CcQ_EtPWxWP7?UiywJ(FGxoVz(K21D*h{p>9)>74Li3(Y=cenj!| z)eJJ@iSeeI+~5?Y>wi#&$b~jA1YY}fWmw1GM=<86-Map-E(Zn&2em*C3w%sbmVooF zQczQCKT?rO`bj@BkmFKq_-Jv4%L?7iU!8ScjS^Pn+K4rvb`LB_-AeT<`g@B98&dXt=7vA4e~^82K|{-MIQc#CU2d8H#zuUA6_t`M*ZPq=8G2GY*wyUnCkdCIOF7X$p|0JHF|i*zCT}hK5R$6KZsXY6F=KV4ZhQdH`xYRtPh?Qw8)=L5+B>||56{iwg`|V zo%>&w<@9JbJUiM|66M-HRtEMvl_Fj!hCY(^an>yqJ9D2LI$NMb>DEH7TT2II)-xAS zk8dW=`Q*YsQL-R;sHE8dHy}x4YuKgCShtU*`%`2qq?v399lULifJNzZQOMCKI_#YC zSE4K0`!jv2u01-iWK5J7Ch{YNN2yi(B5RG$P_)NxEbrOWZQ*~szS2pO>4ZD+Y=5cV z;lnDQ(8b-oc+zE#fCr8nwY}#gW&883>F4SCG?^w{hR$P7t*32wG!v2t)% z@pn(6V;Fl-&3;E_%xjIjEhdwJg@qcb9UWSoi>zzimBIB0Ne%DAPNO8(GtkrvQS`~w zx>MqW%_9FEvo08DUf#>YP=Nn(!rnxsee_hy*(l91%Jpr>*Nj1B6`?%?q%194bM%k- zy)o@=k{&h>*2nVS&6eKkbxr1lcO}(GdnCaSVRdh>vMi$c(mOl3^_#3iqBpmj-eX_c z(8yX<)fpZ&;}T4HwLwQ60DjE0hzuiDL!ZR29FqJJY|Idwr?io4P!Idd`>Ro}m1)oE zGUZNVB=-n3eRtlZv2BXz<-?7km-m6%itl)89k_`8t1S%!X}P!|k$_c)DS1<#ok9#8ZYME52bLUok2U(s8H&8VU9$nsMSx>pxixNvJXR3k-xiV(nc zM}`&9>tJ)$5tym9;NXh*gsMFfH{vMkzNj&alw|(x#X#MeA}>kjYjJC7>v%@%E$q7R zBK8qt&0d?uAvf5~ud`g5#E)*=#+5-X2PRiVB~eljjyy(1w%-MfD#mz34e<)tLiNtm z$LiA9ug_$rfu)V1fyQi^5owL@*n$x)ZN!Vgz#_*U_IXWqh6!ZMc8Zo*v1^oAskNSG zA=NSZZ*!0CP|jH_({0iO{$~sS)Z9t2u{*xeU)5q;L-=|1>dKr;M7*C|w24|{%c^dvD~NK0 z9Kbm>JzIrrFZFMoZd{`wSb8Y#q8htpTWW-L-w2`PYbb6v<%@6|P5a*whsk$?FLb-<5jmR)zHlya*c)P%l(RR{ zUu&4>@+xkUhV!EU-a_nmp*2)LIyNK0O96bk`pt$TTn8RDG^?iHsHFw-M(zIdo<0Rx z=9^P2j^zSR^GdPjUt_cqPwK`qT&^vnKc|Ye@ zH){QtR;0|6Kn5XG{TrP6r!mH7)~?LBXVI?g)bz>4)WO&iqaFd3tz*V^y;r86vi0%o z?>1y&t+eag$uWMs!b{-O{T^RANGfn_bZVq6z5LdUg*|GOn@Dv=CXP&HM)XFs1a{AM z5{Q%v@}VkK_ALu{K5^UnMDtQ2mbL>DrC><1B8pC?JEtuQ<7a7$Dt9YDVi6U94Px9= zC8S;FEp^9mjME^3qW{J*1(F`;Eu(A0;tsBf4rqvsg~zKD0&o7EU@|915n{yGQZdq~ z_296q9aNGSOEcCeARUN*I-B!hh%nKjtePhvjP=PbOzF1QDi|9nMn*G<#@&JaaiG?V zVUdoDAO6GG&o3~HNinJ}1d744%^%U=6Dj9$e7+urf}M#@^NfAR zrb%#eieQm0L6vY8o^KM5IJi%I-ars-D-F#g9wV|vs=6Fs?k4nXD=?~zRt;>wxDYrr z!C{SIDbs7KnXe*njx*1@x5bzuaW|+kGpj#4h+J^T7Q5PW(*7dLR(8nRbyUXin-25*U#RG~tOxHw~SuLYd-i zr?qjrn7Z=}gSLgp%wA)s*8YlK2aTd0!;jBbIhm`bv-(ZwF-?Em4AZ{+&(3l|Oz4LR01MgBf0Iasa7)sE>0#TMcRpxxrYwgf}RaI?b_{5j#@$o)G+h36-1| zkq~)f$99>$uD$s*0)$v>P*aS7RWGEax{L=E`y~u}dQ0KZ(Q_bKNOVsI=@u@tVkya% zyt!64pCT2LF&f}w88_0?Pi4n>??-9YFr*Y#9k=)lj##SQu`)NN)7mx3@ zxEaxoqwc)}kBeenU4FO)+}s)LT&ECh{Rp%m{a>ILqvS7rXi&N6O7Vn(P*5FEhBv+= zg1AOjYJ)obzC&pvt?lS{*Ri(P@90``L>|2}G5*}^r9UM3u?#941)+HK`+Nuh=s*IZ z3*0Iuu{M#_4+t{$g79FuAL|hP@nCO8(RYQaC!^=Y2wP#yy)QBs3_{SDJ8)Cy_M&9D zd)~7}xB{&8^JD1Flo?z^cu_3*v23|w`hP^zrmGCN`R|ZTAIQVeyB79|g&Wg9IiwGX zrVbcZ92nhLUebr}NU`xTY*B4@LWBllS;AXx1_)-9lQ=qUFJoScqZot5?5(1XScX5p zj0-K{J9DUfsQtR8R$!4o^mET-Z;CK!BnfS+79$9dk};AVArau(j*@MLv_ z9+7>12xQ*gRI%>u5P@^;?T~$Xmdd=o{Q2SiFa8Mf&Aq(=w(jqd`)_R966u?VKI#8F z8S91e={W*%1=8m^`HN#nipO^&n<9Y<+|Ax{QFK0h4HxY1kg2f_`Xndr95LsOOa2aD zJCT4Q@TErFo&quy?3WXN{qu*9V2_NLyZL_ypFu&nakpKp1bg5eT>qW<9k5*w3cC4U z7w}jM_Vd9ZZoeT-sh3qtDnR4aZB3ZGXwVd^dFfzmQr-jF6>IQr>U71>Vn|3SAVUM( zyg4tWG|l-~B|STS!j+9DqVaNwo!txw!p1^& zr7|hC7iU|ckf!07sMQE)oCm>u8gbA+5_S!g0Pmr4=F92-Veg&7D{I>L&2-YS-Rao2 zZQHhOyJOq7o$MGL+qP{x|9s!|y>rdX`5euAvTM~|tMY^>V8DsMN-sZi$lcM zI(0hSJKbPCAoQvp-Y(RiTjvfyANP+^#jn%wu}DHT!!6y_$C|(8)X99};D>e_>W+*B z8bqAi_JvEmL(8}IR0U54aSN2&@dInVK5gzNLFUZ#~to@IniWu7w;q-I` z_#~qWiiV~}25C4>~u~oaBn?I z$Oy};g~NX5M-y_P!Q;Fi3(mDL+FS3yn+$GZFj;BXFCQhYNbdBqRXs|;@O~zQKBN+a zSsox~wjCHc~8XG2XZ4*<|F**3a_R&WR$!K@+#(#<{-`)9nF4fc>)XGh? zJri4rJO(6^FTzR__scMB37`-jV;1K-i#oE6=XuNX5sY<37qI6nlBRQ#4MZOE37BSf zw|-ByHbU#lV!n1(qf*e!2A;H1GMV_Ae`Mms_Parg&)(^N%&{S*&lIq93#gtOdtOP^li^a6J#Rm5Jdn<=C90XR#wb zr(D(C0~bg!(>sDw-2Zv!lZ5-7z&?viGGeRyX?Jr{0*`)Gqn)BVv3Kssf0tNP7!Mmh zIDWX2W>SewE8GRjyki173hgt-&y>ebg8VbY0AP4hS!G2uuH)~nqcoa6HG#ODtA0Rc zTJpg8RV7epSkNlImy5#Or8nzenquLPnmz9OdUDVuu_c$H`e;KlDXYHZUsu?8n~=Gcm9oC6{x@g zgECAN(ESY=*{>S-rDqy{2LF`v>GF1S*yn9W$w3CjVm7YgBrKJs{UyiN z2VZ;kjaO|&Ki78SjXzl{3@jel?si)%JY24~Kkn&MejTIRMP3T;hL*N(OZUs=;cLQ_ z!*63&P)x^rgvmiM!7IGq;_8V~mibY_Ua22g0Dy~SqPWn&d6>~bG-=;l6p752(h&51 z^zp+i7G-i2(BrHZ+D_z!8{);4y=p?6041GR8al1VQ-n)|>DiUUj z=KXkX&HH6|@;2isSpM&*F8^yt_#ibiR2|N(x!oG8udpfsp6*M%za8ea!geF1Dal&H zQJi3}sE}{J8%GvZmVcFeke&01S-`uTWz=@#0O}r>$?|D3F7z>(k9aaJ^`TeYEOnSo zHcRyf(*A^ivs?YS2c`L|dnC{96 z2Yl$c@&(faNz)gIJdC7+&Ro6LC@v!LM4GMdi^=p&I6jm@^$=WGnHU`te__JX;1-@ehZV0 z8n^4qO`(CM=+$S+wTT(QCE68x!W5S1RtW2909dWPy{DiHTMj9X$@`?PaJ9z$XY=;g zRW=#;DT1p6-ngG-To({>0y~^cU zYD#mK6p2Kq2@_^_BF!&!B)F?l74WzD8yZ8cpDUXZ!pYf64D$`|J7ih=^?R*uns@l6 zb)0d^Yb_9)hhBs4E-x~aowxfMe50;fgZg{mi9j~Js6s{I5@~dka>Va0hB?sqJEw}^ z<4*fq8FqHB!#~z&qjWVgNG_}!7%gvHcb&shbO4kkNIDSdY!je^Ky>5WSbPcctUsoe zy5cxxf5H)m&tO(c0HruA7kkdvoZu|0TnC-l&zTIxfTL>~)6tOuJnHj9`CX zSCJI|Bo~r5R$`aR^1C*4N`m-J(I3wgt5a8MTTctl}9W{93jVa zb+zvDE{Ytm2^KBp9Y%@D7mqK3Jq2!PweOBycA2YQ0qWc#L~9M2Z&g$e5|T~%x=o;- zNTp9ch71|>Ig|5&vyCumW5kQNOxhkKPE2)ubwmA7yn9qj1-U^~6oO%yFQmc*t*%KK$ zy<}fTzDWHgnmh%SyQg?MWsPFY=6geC$hxhai?xNODW9Y1g$8u8PMRhl6>7~I;~1X&emw49M1wm7giQyrFbk^3*DU*w`)AGjEP zVcT4D;INjgY4al}aOyjiA^FZ4wd6w;-Wqb7LTpsYWv6JqIh33ZQB?xxw{G2}l8ADY z(edth-3*1YnG1g3R6vtO%jf=pTwKWfRJw0r^L_ptHg=1@j6WS{u2^zRiU>YlsdX0v zjxQ9Pj3E9;4M1&0(1j>r>5HR=-LSfwa>{q^{im-TZk&A^=-YTaqWrkV=@dwl7#y@lT!q`@=BjJxgH-(t0UjE z?!GLyVNe|D74gIeUC+Jx%!*l3!zj>S-qBT{_^gi(Q;-kOJd)@C#vO`Kzkc=(8p(Y; zy}hk<(>dcIF=3ze1Xd7Is^-JgI&@eqLtq>mcIOCCz|8gbaV@d(5Oe4NhNZPa6W7;i zhPQ-@-Z~1$taL-b#EXZaKkCpuRL|U>T}2d|vsZ0c+UOk?3e*Z00_yS`zxDhhV7fd# zY8g#Yank96R$2xlP|F_4r;bIfb6frLOZL7B75o?Y!t5w?n&n~K19`{9F}E9$(n9EG z4FrOVFjxt#neH&3Ar~!LrX?pPQb=)xZ|pQ{%KKgu1)lFxt<~XVl?u3Jg|x@wz;0&i zT|L9`Nt~{cfAzoei@OlI+9Rx)wtQh;=kX~el%mi2j$*{;f=F88_ZM77M!_7vS7NsW zi`w@ciny`4%mU7L{zG>0c)stlUnfsr=Kk81-svxd_WI=uGaIy1Y`aexEChAY)!72aR->t6=TWf>^0 z1n$3zOtUt0H+Lnel_L%xZwKzOhF$alCHtSZXkhhzz5$-(TCk7l^`P+>$hBP}fiyc} zO-4+63O7GXSxAtiw`?(dRI0Ad3z$hlPYw)xOWbxFq!g>7{(IfTpvYWwppTPqE13{h2q?zbY zh8tgmIkU+2;4xPyB$#J*fC*RIs=)SvJO1_8Z%Li8zz~nG>tc9l`tFNMvUcqyh9muK z(&h8rLdV3aO9)Qw%qogS5mz&R=-4R0R8y7hk92zgd&&WIVLto01Am34-({`zq@_Ld zgVQw5Q4=7Dlw}s}=|Iv%Sj=WmrF|<=%0}pLMLbLUKKsZ^)0){(qLi?!g4?P7&@C}f z=L`*H4|p-aiXqX|gBfpHU(glLzMM!O#vxT#7-QV0yVO&aRLE;jC#{9xgI+^=I`9SS zaEy%}Lq$(CgNiVIhby9$VN?mDH6mX+ac?4_wkvOJjJ|k;jGSSW2*WUdXB3Nl5XD_7 zJH=2sw%`(brg&&B6+4HxM4`W5`F8J<4!{=)KD6vtcumFr+3V9IoDD6+Y=kI79e6zN7fMNeUW|~9OO=~KX1(JW#OScx%PAKSG#ec zNe1lhBaWPNH5#M(1(t7WleHy2R}+?!hn8idx$~0l;hG`%4~do`_;uy=mkS^@gmq8R ztkM#RtkWs!DG%1Oei(1amqpK@$ppQ`c8Q!ou%G^fE{T-6*5^;t*n41Z$!l|v(qD$- zpI;8?(t++@s)Z|FklK7V)W}I3alieX^E8pt-tJJtPILK&Fa_aE>?j*BV%>>{{(__X*L#w9MwD^vVQ9Q+z4(vE zjmM8K$D+<+a}5h~9Zr0>UGT<4Q1_`6b<2zKbMLxQy(Y#R75H{-yhzELYlz(qtV}8}froi+-v=j86(_>#EmUv3Ba@vUUA!EhEAz1JuE`jEk8tL#vc@pJ# z4SBQ{gS3WaJ#OsC$Ki?0VEv(_W_i4{EBFba7KQH0?qnoH3w|!AU0rwTQ4sld(CIX1ke3PC8SE=+S9evXb*&fZ);6(ck4^X+x0fU35*(#M+h^-7 z9X_}nI?GPRI6LcIc(L*_J*Tdb{lz72X=D6^Ynx_h)T=9<>gjT#q>%byE^_ta!cA*N z^6D`svug>)_>yG$m2lF(^Nx9Azy7{P4FVDP3ay1ycOY>_uCZd77v!Y_Tg}0u)JMJT zSP0dSyJ!>bGQq4VJ;ACS`vO=@)>}9NJkvl-+NK8p!<%_`?_2niI}Gq}GNsZmuBWL= zDf6pWC=7q*|KnBTe(D#|IH-IOUk2(f`xI!R@XL6#1mj>I&5OkP!!wnFOyz!vmutiep7Mi#KRt?Y>6Jv*T|gcz z&0-N2IzV~uI2DD??gzQ1xQc=EQN00Mm~T}wl_3;jv)@?>lq94czk4~A;j=5pm@(*q z!2N<+oKh`VjTrIE=V5pU39a*&j(?1?aI37fDsU%Vh{wYyQiwi~FOvK&OJ>~q(Vf2q zy-DC}n<4$+AS1X)22FwI^2!r7Z$bO=iXi>?G2t@129YVkP-r?=ks=h}2p-w#{S3`WrEgiX z6{3lR$EF`TqzH0>JPur8Z=?OuYdtn3E~J^`$@A0y;RoCwNG3!_Y9<*yqX6iz(We@H z>{HCC;ggVz7$`aJzR8|i%{J1pX&3Rr8zM)c1kuk*%>>sp%qw6|tG3gqKisFYbY>v@mJb{_Zri&Eb^T zw>S1hzKas0<~6;wDmvy5Vu5fH%UFg-4JZh>nhYt5D0FGipP}h8C``xOqye)+$xtip zOl*wfsRXWSG&2L+1oLQA4=2~KmYyL$Gg*;si!^091$1!guP9$Pl@k@$5 zB&w2txK@fRerr{F&8})9q$}EiVe6dkl=wxbixoHgN>$bzc7v*RkUQZ6cbWyu5_FH- zNM7g*b&@0SdXb zHdw3cbtt)pe3QN_Sri3s0K%6&%%8WSfS?E1^EAk0#pS~#D}I+|Y}8}TKcS}MpL9t# zRqt(tlJ?|;;dPx?QK($M#agewO8efiw8;X)Nm>2Ll5JA%kH|2cm)^}pQ^%OXXXYGa zRY%JVc3rnGu~pX6uf|bpi33ctQMe}4@|5f(s4(`#B|NkcA7?zW5?<*h!?@?~aD(0- zDyLLhG+$meTxB>AtsIue@F63@BuS8^ zFU%#@c~va|{S36EHB#q%pPi)ISN@yV{j$+l?^&2rV&%H2k>XC0*^=l(pSjb=nyUjx zM?|C>swa;5F2u5nXh;XnR&F1Lo?pt~x_~3lHKzr0r<69A2V#n~&Tcou8n{tk?cG}t zG3O%tiz~5pf3Z$hc?4~rGu>D+oohY9)qtA!aLM>Y354TgvNU-tgTnVXS!1|guee0iRErIwP3n4aN)9k2D>*`0X^^d}8LJYnVmz^YQ`r6INY!i{|r! zneFQUCMY5~(gu>cnQ81^IDcZ^Lmj=YDMMhr+~60ZMr(WbSB7ZAoa5`uEPTrprL?u|z)|=ago@h{MBP@nK{gTYvp#Z&MHkL`KpY=9&%Ie%2q zk+%jG{|cVtoqs=fUk@f891va=fVhNoII%l%MoUR@1rN1*g7G33A-;|&dl@HPi?~to zbU3@XKef$L0rW1eJE*2a!6l&cN20*_uZmJ{g}k}mZtv>Dhs{f2XH>?oG?!zV^CObG z#~zj|r8rN1o!taeq}tM&?2ZnT<)s{GTP$PKOP;bDiWoX^Jtc=Vhe-t8EdzGV=`TM1yW z9lf7b-!)3nPtSVtS3l2`f2f-d6};6}DG6`Ppe!#R5mgXvaXWv7FlWCiy+c98_&e#^ zgI~d+uX87OQ?aE!IOO#z%YsLZnbuE6&A}NnqpKo2>~w%GxZ}@ttzhpq$T$W$*Ay8> zaaHVTpeNS|rPV6o3fAXBdWxoePyuP1GdzbE5#eu9u~j*~0S#I{wNa`FC3;QVk(h!^ zsD=IL(=3+Ao_|rtm!jd1WY<^;HqY0rxOh{mf93d-MUPIMS^Nqj_t5s)yL}Ezg*>+f zV!coD9cq&QnqLWNgu5M9+w|9EYV>GPetMF2-(8EZdN#dkzFJ#|?EbokBiZp0bi^Mi zp$K4dP>@HcbKbbXK1fUM?sTudZS=mGQtvG+JkWt2W*$=)PufH++N^%Hbl6_Ok?-O- zj&%-5a^8`HI0kY)IqkzntBcC2a8@UB^|S1l+9$TszY5IyIGDRAa^Km&?wYpp?&zuE z-O%}6TX==ST=0sEO36+cMVe<6M)t6xq=Es$JNm~9A-t0~MOnRGi+^8^#VWe1a*2I+yFC>EK)tn%Mw_p7}RFnM>um{iB=BrBe8qMtdIx*#lin0lt5C4D5-R~3R#DQm*Fn*W2?|$3nk-sCZ z6r^^UyyT-^S$awF@3eeGA}&@?7H9wum9>{-1?A&weD`6TNrjC50ChV zwZut+#PRlfAkkf%0y~wvpu!TVz4q)PrNm79nS_U1stWpc24}1`vk3^ErtI3rB+egQ zs_k4L!WVzaD6g**?Zz@Dkj*}s=$yUm9wmSdUNF&$PjPXLRYcGb6lY zj=VcELAnvSw|LU-k944Y_nq&cS zK9@Dg8GA=sqkiZTPIDCqJ4$jDefD*qRK75Kx=Lxtm~3D)pH<6nD5`3oWbne3B6lwS92dYe<4){2eriaCDz zoK0g2i+x08STScX03G02GZZ#8A0#6=0K|z3-Ji*%CML;BcjfYKDHSAsNTh6y`J?(< zl)c~>DG3w}?D9LM%n0gD?ks#d)oR_u8+#H^ELiOd=@D0nMu=`IY{DASe-8b9u0O~w z1ZGGG!+?N?p=dZZxgNDWj{ZJluT)K303S&4Ye)|pvy)L6luRU0-Ash%p2=Tn6x!R9M`hrJhq?n z%jak>8U1V_Bp)-o%pB;;4jG;b!XM|*zisONHj!Hn2-fwn$x`7~ri`mg+zm&}QxOsv z>gM>caOuj~R%Ts*<@m+n(DkEm9{@x6NFbW?F^stI!R4{7FDGGUCvmrRoMx=0U>cp76l3U$uCvm@Z|Wf)$1*%3QuK0A5r-%rEq{Be=!jjnYz5(?sw#(Q zjhprT*-XX0!m8WWZu%h6qeh=_%Lh;gSvXuz9W0M)xNYzvcjO!w*L7z_NXXJ3dIjQk zTB50`ROwHXY`pm)jgvY0yiGFAUy-mU)ReN}|KEcTa|zf;e;ebp`ME`Ydw|b~jpiF^ASW%J z@9FX4$P~=MM$EKT&ZCbTxwX+t2KtuofjWrZdzeR~j)?$yn)5{14Z3uMK0dWnh&u;x zc9<9LuDrG@xIt~>q?7HOYG|GWvmHtiX#2hv{wMArl7%Gpg)K1Tjbbo2vltrMUH?If zHXOXr@MTIhgEaqp!+dWJjyMi0frfRv1^axBEHco#K;Zxdp2mL|-HL zdtp4y?I*Xo=bIgDt+m=KHqkg7EsNIf=-ab{xLA3xtBXnlZ7rSnoS9R|@Qgl3H3X{E z9$%K;N|rQR-12a09GzYmw)ko!Y`Tx$34BDZy9ooQ+2qd`MyQ%u0eHR z4(W-I+`;rjH2V;ri@KoLzg{ItI-|ldCllkP0Zvrz-eHi zt&lJQaBUZo8}8Xq8sD$UZ2@qC^I+K~`hcej0j7wVqtb57M>J zui=gnBK@CO11TalMCqW|TFd^m)hd|O5_SP|tDlA!S*~AYQ*iP)(c;k00;?myo*>3l z02X3#B>2=4$p~UL{NVEN9Y;)UfJqfvXcl;tVz)xS6*4E4^}3=A ztrmD3@NSw<><4!v9C0!MTy&3GKcCQ!V9t_EYGQgf2y)QP~Hs zSDqLK2N)hiu2=FvI7f^|N|FGwW}Z2AC~s9NW)u*E7T`1nUW8Zh&vG?LJ-mRaMkb`X ze@Hk(1oSzfr#`n8OZ6w}rc$hy^OI@f5Tz0TU2vC%!<7#ppFLnVLGnpmVC0<`77rm;)UPzmx{7%x>P^=wUwD}f}PjgMEL1J7@ zOcXd4)UBL!Dxg}g6f=S6i4%;@qlC<>dPZc`Jb?{g<<8@!N>#5B4@1&uDhsj*aK#E) zMZmZ{I4Q?yNNvuum9rbdF|SN&9>i?J%T^T*@-+1OQn<7TN@8%o#L7wSH-*r{iU{eIA|k(M&}lp$h!Vuz7ohE^l3 zGA#xyAo=)?>cMi40|&zYCI>d-Tj?|B$;&;BR4CIw8teH&)iUR(n~2k|HToL@YHM_jmFS z0I(!(d7ff}VtbFg9#mw|ieS@#pCR>l7de@xE&CGqsM?&-+(Wz6;OU6kh2=je|L;GX zAFiA8AL4Jel|N$4pz@}h6SSeq*(=4&Z5gFyH?6|ENz0&T7FiI-qqIL(9@9(6RlLX_^1>5 zDbN}lz)m674muHo?Hu^Km`|g6 zF6h&0K40xUQm;+vxsZ44<0t0fT(m>!c%mDe`O+~Z^qf4BGDV^8VT_C-8Nc?%BlPEX$tS|& z6fwI{M72VPw1P#o0!1_6Cx}3knID0@>^foPxG!(t0wZiATd&ong7(G(tkVO5J64BSaj}@~v3rjmBk|_k^vT>_7mo&PZQY9)6 z0LHe3`TJM#)G2h;R!S10QqkyO-sN|>2)d<1qM|ri>#N<4|zwMddqk&{?yGV!qMbr9cSCAxc>6^Wg23`*)jc%->; zf2HdKGQD+w0$gAAm>XwE`l*ITXDbdK_bQJho=5#}I9zvMKUJFNZz&r~s!phyZJr~f za5~1)TN|4L7S#EOCFtiI$_r-cIR(kPRY-dT-rORpVb88{4NFs#s|aPVimb3^kL3$s z{Re^GK)o&nGJ(@XkiTsvaW51ZaKcApmitZIQWM1pRf&uHhl?~3Uwi>f1`q0H@%$kA zOyc9imbaw0Y44EHi@dL)1LD(cO=wMkjJ0F+7kS$sAJI6iNJb-fD3nYq`F$pU?93fG z-~B>puti9R28#ozJIipw6sd&8^mA|{hi><_gu2R?+2nGgxefkTh?H`DgKmaQsQ<4J zzut+@J{9B9zli@|#Q!hi{}=K9i}?RV{Qn~Ue-Zz`i2q;2|1aYI7xDl93Gs&(UY^L= zlN)kpU6DZf*)lZ*=Q#mtX$Bq86A6Lt|HIpPl~-afO&8Y#Hw&BYQW7hN-2`Cka!?Uo z%I1}P7`i{Wu*e&YJQ@Kc99=c8*YW&N9l%SeCY4IuY-NsJb!d;Aanm{iK|1~pcUUU| zW*OPPGl79SSqnpl#Yu$f3P%KUW{QqU&-|eVouu7qGJt9_a1uwo7flR4uwQpN2oWsz zszGu^EFU6g3Yt{$PR_QUz}?7@&s+r|$vt$3%(~}%xW0u?h8UsgM;n-`v1H4kS?~l+ z;;Ta8q10(sY8uAdA7LiE?{is5#M%v#sUTNOKIgn!Qdvy5=te?2MZ|Zz%=QO)q)om^z-fPU z66Yk&)Wmm1Ln)4-ljNf|!rOP&>zKd%1f@p=(i2VP@m9*lZZmPv0??lzl*H&S|JR{= z@8RpKEO>oy@x1R-_X%#gC0N0=yjtM$0dz;jE}I4WRIXIX4?X0w%I`|Sa`DEM~TkfrfuT*1<-dTqY? z>3GF5wlhn>XjMryVrL?!iy~q+6oC$NfiI(FkveyIaD9jAu-2c)ybJco@EP{3mXLZ6 zENRmy*w^R<#)wsksh^y4dEL;S?1+x%KCVzHpX}&?g^1RBz{D+dC^33o6eGzt!xL*b zB3;M;!9^@*xr~phf*d1|hlusncDx23d}N`4l>W|nxW}#NM;Vu_cZQwgycd!! zF&%Ypdyy*DHIY5|b|r?9jZ^fHKa?|9ImHCy3?T-+g0fLXMXye7Wb^-IpJpz45M-+= zZR&f$ZMCwIr;uPyG}+_3OayC#WYh|X;2#=MtY19BGa_IWbXL1t#dnOc!l)QWB}R|c zCn!(|=CsTv3G>O6BY)wrW!NwupnB}96(^jhEdX&T=YbKC^{WIeM`#yyoIn*!A%Z4g z451oS{DS}3b=J1Sy~umy+qD!s$xj0uPjz6tPhDSty4;&O{5SETo%gc;oq~qkkk9tl zVi;k{9cy2TV6{c70f+NTw0icK>pqn(-!GK-WGs#My*ekqqTyZkSvEJPeM?6$CDxz# zbiy=FqEpbTKn)h!t!`>};u*sIaRuhJaBLPrb$)&2t}oy{Cvn71JDydKkSN>5fLd{CbDC{DxHq@|>5E}%4SI@5=ZISl=+ zzA2#=p!*WOP!}!lB3Z1)vu}7+juY#)Rc>z${byZ{FDl>)*Jg)uW_!ycYd=2o;}Slj z0i&4VtSw3sP|cum%1n+ZE#vd)t26aA_Vwi3xjyPU>}&N^_agclGvs@&`>oS_cNlAk zT!TP-cvKAKcY zvYH^?pZ;Ta4?CgQ0$&wu7rw2+ih(!YdixPo2b7UfGYm;wuQ3VD(F;>4OInpR@`psm z(~dS6D?9n&=|R&3`m|2GfAA{xM!yNU;SrUjN-+Sq!nuDPiL~*8tOtWpM1xOisWcR^ z1iE(7c|tlsp*jMW-R;MXFPcJVG>YfYMP^=KcJ155UvWuE5gHyXSkFnWmO>kUQd!a3 zz6V+}NIH``{!tOV5sW+y(SC1n#{{m4crtYn>pYCAB9_769siIxsc7h_9=nGpDgg3e z)t8(h=viK{Bgq?3Afk>LCt=)wyoc3iME2qTcn`M&Z|+wU2^brseWqR8(%Bs5rFjT( z182WlKF1&EPh_8+iBsS4P`KU-$^Xg-%Y@R)q;+^`EZL;ho?qLjki;=YPccH!j7V48 z%9!jsQ^=Tyu4O3E+_LKpQai)Xc+9jkDw2;*da?8D=d~L3d*K*!bb!oo35y^nudW9v zO@S&~O(54BAFM7-35=0H&4MNXMGYUGOit~F7{h3@U(jwI!1mC4bpqdfTtZ_SYT^o? zvh{iv%rv!92|a9>+ib2Ib*VKPe>$j z^PBtmf1blBRMD4j%^`h7UQCv^T)Xaepzn|FPPKcuzdIR;S9)9$HC6R&7samWEMUw| zdRxf`WAnkvNXpm|3YX3(G(>48l${y)i?oQwqjx$GbA=639Ap3cXgoBTRVT?hSgLCH zc{=ObDGvSs%|aka?7vUshuzo+pGy#qii#oQ$@FL&lons~b*GN@-)<4{F!t z`5{?TlFK%)%#@hB7q99eb7(y{l-uzjhE(jM9hE5-tMy_^AnLrA%}9eAgY65sFn-@; zY~R0Yq={`+(8VxtZd!3`{tSedZLy*%f%k=;*vh@5xrV=+eAs^8{;W78*LkBdwv^Sa zeH>P3a^}}KD#n#Be5^&ez?*2fZLCgDpxN=liU6~K#a1_-z^y;3;(rS~ZScXTufMda ziJq+`KyEgve!wWk=r*ZCP3Q_&gIr3**3|}7l)%v5D?*K};=mx`s4G0`Uc^GGyLW&Z z#!#YSmIot@LnCy&yh8Qis3JYSyq!}5d1{?39bGllOrO~k>*Tag>GTP`Nr1lEsC8-2 z2OGEi8R^SkNsXJr(l2(H)|+b2Hw8myG(0^<1#r*3W!jpzE{y^-ft`Pv&{&~Y75~AH z)AL_`BV9C%fKsJ}FS@?R2-w#lu~qyz2c9{=gwgbFQ6iCdfib&FpO-Kzw>)eR5gW1;-=oY=xqfs zX_R>SYE@LUH-A!kCS#V-j~?$6jWk4XJ$$+pRM@VQqCxn62@Cg z+-w(n@YrDbqSZ+On{}upZLD;6awx@_#6V4(fO|~Ni2rDHew&ChKhZIeG|zlUT&5=2 zJM#XX^zatlCYoyEJ+u9ZZ3{(+UWX{G^w!R8U;FAN?_C$c{Oy1L;mOP#)Ujj?*ZtilW2Ud4cyE#~unvE-^24jj&!frR)n--~Pe4q4mU4jIsjgN4!=(=U*1s`U^-M0;joi7uV8?|< z$MO(@W0C5O$!h@e47cZ^bQf39!KtuXyhL(GPx&JtV96}vshONtT?e20@f~jZ$dvTy zngLYxEn+L`l$gjqbJEY=iWEN+Ffsi`Bn7uo5sBTW0I>w8<_%X_UPz8=;-Am~bm=X^ zEg>B{($}(J?*8W%%Ml^;o9=<-8z_qxA<=T55#nUgqMazE7o>J7mg$3lpy_9 z2x`W627B$vhNo~`9Ct{ugNE%FN<``m55vF0YdJZ6s~ANo`*dItk)2DP zY*?o}_IA3SGCinyCfyf}jm{7&NCBhLJ;)9@q6N{D06PMg`%QZApBjPQXOAIcuRwMZ z>(x%&0@2KWhwRsmcOM72w!)6qced2RongswDzmMXK;G!$p@q8Bxvre}nTCt4RsWqae>3;6;f+mnGPCWTHBs(w%@R>Ynt4Q-0oyfcY8g=fp$byzMNmO3 zhKZ>xk@#yAOw7i?LA;r&y|BxubgCl}=rHZGK@!7qm>pzITJyC~s&^;L%1j)2K%%rWBqZKbknnl9HlEr*DKv3f!dl3^ zF?i0%C}(Z1=mq(cc*fK}fzn{s)=<0kiQpmSCl|uzge2^CEw_KM#)b;-PTnfNEe3vP zUi;0=U^aPQ^>`lT9cx$oAH<|VLdv%Rls}7H(W-g&X=OJII_Ndi$Yz(y?9}@rr4{M5 zu4HzL;xv?j!v$TPN&SLtLCw(VfbxJg&;Rgkg*U$M54`>U&*E^M+NckC%5W02=o@p= zk+YjVY07l=&^&5}h>fg{K2_wiKC6sa5X3*qqfeNJG=MXGQ|g3SKs$bL7h_ z8Nx`?$Tf_cHGLPSe|Ujre{~K^#PiN2mf{35ZzwQBXci5tV%w~y(sKxFVB1UxyjpM^ zkM_vS#l|4hmQb4ePs#hgcDuR*v;Mrc{dNdpqR-SFZ zX-XBFJJW`=+X#(ckL|vsxrELB9OI(4$EDvNkkrgqSzk9bz^DW+XCbS+NQb zUTDgv8+x48X-)#_IX=ShRXQc*R6iqbqxVh&Y6GS>(ntZYf5CS9InOL z%?7qQzzvZ?q-V1Ieq@cQUXW%XQWTN*H7&SiD@Buy0nFhqfb|+$MtzY{wi2gGHbx?< zk{1~xf2vJtGqzf>MEy5XNqc31=ZB}fHf;UL{@Z`+FQ8vZ!tX^SaJYsC?eS;(55qzl zkW(9M(HLgqU=ftMSTBZVS%-vNV13)xLK={SvD7(e(vp!6;?7j0o{?LyGBkeyd*26f z{h1||D`;;X|46^gv7 z8S)NmEk!KC{oy-@2Tj3BE>gJEn=6Hr%j@m%(!{PA?i4F4Q|e9ILAbbsqw272Q#SNf zOETBHazXyQw;&t<u98~{9^BS$omEj&aViyH;M#|R>D&!jby?6ipU~qq?hF`Z3wmyn$`*{r!6#3whCn{A`svUBSV>bp3 z`=KV5p-y;L6f92%rbr31;59fAbc&LZHOt|E!q65{GFfHdSU2unhyk?4;E%Wy{a~a2 zT3Q(9Rk9`%6TWUQJbSVn62s^@G0}tVbbc0BP>2CrivK=CALVsMrQ*q-Gm$*#5yzZX zXBR)-_1^1@Feev3-jORVA41VCwkm1+en`m!rj$NAlVl^HVkX$uEEFNvLRv_tq1C9g zkQ3mE*(2zqWH{8N9x6nA4ZE$v_Vty#_ZpMBlic!oTW5O9PY3h17ZrJ=Uet)K-LxS0 zym(8lTbZ^odu8_{Ts9GT9;!xpg0(?a1M2>xE=8_C(`}J4`Ifw3pVc2;%*cz+E2;mH ztCf7=Gn?FOYrHmuaGMajB{QV@>6Pl`^-w+4!h1e}2g^o0l2oAU17hR|D@%bnDh{R_ z8~};f7Nyv78Sr3&WdpW=+hrPIae}Lm@}ywsB3rQcVG+g$buyUQ8r)+mFQ~G8GU9RLB6eaXVUtTjtcg%);VlGS2!Cx)hE9sqX(h@8e0UFn6f>0|fh#g_gea&rCWJJXFu4{Hb=`c6HANEd}_bG|8z5=Ti<`WdEPFKQvMEgzebB|Zt{&T5pYAbax8@OwuRN$ zd?#8*mm96IJ!KC40pABX1wR*9vfY>q?>1Bm9I~x41%4!0SiRD|bc? zp<5??Yhm6st@aB(J;RcE58;35Ta;P^qXE+v7rq4iG|%l%KB7CyGrHs%S9^Urzgl#H zCnZe4leYUv^`Y$#fPWTY_*x4W)Mhpa`De1_?-U!vTp3nXmf?)6lCfFa9^wi5Km9q~ z8dj_r_8Hq)$wrG|f0|YD%&ZnK>)i*mZ&vT>cdd_CGo7B}2eu~xB;HDtkomsLA50}M zTu3pyFlWgZ*p)G733TQYTOB)5pV$fm#=6l@kS>ws3J}F!GoG1_!I?8r&tG7w;sE#I z^ibcP7qw|8^QSg#gjn~&MSZ2qymGy?o3x~W>A>?-WfQJa+8q9R8~3@K{fng~g=xdUL3HW!$(8Y6hA78D@w9)qCnlNZYks z*k=z8-}=vBdop0qLKIczMpXm$9Xo#HVQG}7F|Mpeh-^j5$dcD(z_lV^^BKdL>EVK9 zjbC1Lfsm~_C9gsEc>SOM^M7t&?7kCNkk^0w!ygvp$`sMztge+x z<^Vc}4m7JGnff9ChJaD%FvzJ>*AfcwKCt~9m%gC9#?D<)<<8%4f%08ppRlyG!7Ko= zD8+x^V)NV!iD@Sdmqzh3nS1h9CJ>t$&y;KQV@;Ycj)4HLj6>~#2ey~}-g?yybNg=4 zmYTaI@=TTY=wh~U--(W*2s%k^L{1CK3DE;4yR~`Ntdoamy%Zh9j%2DbivvI`-Cri9 z31isO^1(ZHi{o98TRr3&h>P(vJ66|s(Oos#OrW1BKXlZt|{=54q3)(_E zjQ^e%ty(J(RV5%0Ms1pcuHnoOu?Yhr@+%Hv)|Idfc(RP(+d%4~US9%73>J{#84G7C z+(w)%H>-n`?Ln$7UT&SA2i0{uheeR2|1cRmGQxuo9x45UBSTZdsp||wvFxY^ZhF@>4TG*$Zq#`I-Sf;XB^w<^=#^TBe#9rfk;@w zh9X#kl%xCC-vJK3NRjvuWjo#qFL5OD2;Vs8;GEyjt-a6b5i-O$jWNOI*XZ?yN!8GN ztJh^i>U*4#H?C>sj~mjN5-VKhh0X&(kb$&8SKsC;QL5Ki5Hw`5e})8ER<{oHG`7X|P0#Ouu& zG&RlD4YP-ei52b(+T(n1Qc%0y#DVOoS>X~fFGdo)E}<;6C^JTYI{*`Ud@3E?z0d0I zO}ucKD_aN_qr&R!<&NsDK5ViE?rbJqfxxeyH^5ox1@lY2@Pl(K7^5rew~tPjvxo8l z*ZKMFNa{dW<*`q@TAUUldDH;QPKDC?6uX`m{^)P-cG1z_{sR2%;@K`?PG>DBKbF^_ zl;-GkRv_$%{g`-1A@d)8OwDdPYL0@ZmTwSFKh|L?<#@H%fwnpUymN`|0k;Ou#YDv- z7$W5HDtW8{0qQNV+wiwwvq_*Gp@394BXUKVjXUUuOJU^+v%!ycgl2`;kS9O`FaG=> zdgIpb0kVa1B-Db2Kw>kg*Br6?x1F4sSDWv=>FT;9(SO|QY9=@Rw&PS3LvN8@f;SJg z*t-_FETKOS+{{?cl9}y}C_iEZ70K}u;CKn(fA$eC0i11Gu2#yC>Hzm*AmFTm(z`vd z49-fe(pLleULXP~*tw%bCnu+;Cnx$gK~3DYxu5-rNSU!5CRMna_q67XJh-iW?6!5S z>uRqU!uJZYZgIqiQBby!JO5#?gV!FnCI??N)L`(uljmx%Sr)|~$Xn&|&^)2&HGFuQ zRqb2#!0DQ-S-lN!5n70Nxg%9ccq7kp%hvulr@HBn5dVoTy+~o>CzswC%c*m306use zZJhRP$u~*4K^t6qNq2QgI>>Xnp*)UtZ^Y*zq51&q3ihuUvU6P&29ljsJ>BKIC~)tT z2J2r+A6mOBnl)rpmjjPWyyg)}#2%@5#9d%M#RX+Rh;;E@(x~A5EA?zQg0La$iq*K@ zqFmYITkXZb^*HdbOnh`QA19-d$d=@^-Zy@KO>)|IWL89AmO!NVZI+3sG?*y_SNlAZb zIr%&?B?|tcRW2IVtPrQ`wrFrkSj&s8XDU2RhlkFrf_#Cg8*_GIwCPI ztNVgwpQDgOKERVbOIdx`hY}Gs@JMrqEn~HYoa07@6e#gx^4Dx^hI0kBsA!1Waum}b zLNmb)=1HJ}eMDVO8i)s!0A*{^U*iJwKr$r{`405dhVz;cOipcJLCOqRXq>PgfV`cUPD1kd{wf#q<>2G3!2o+aJ<+OBVQ_17 z;H&vLv1WZr6D;NKtU5*LS50yHR%kapa2!vfjjpM^=^l`;&u!i=+=}``eWa8PDFerF z)F!Aa5;=ySY|VfB^l{ox!@7$6;S082(*~_DUzxN%8;xLA_5L*q?Q^!P_S)+pVLS>q z{^V!Y`*x5HdVDB|Y7A=D)PFkmDJgS6c8n%u(J$OM_*Pm9C@iv}IcYF0 zd8i?8ePu(9kX@?XZG(i)}w*$!b0$LbW>(7=DXl3xJ|B8yOq~ zcquE*YUOUPYPz8X8K+rlR1VtKjC>J5&-OY(@EG z<3Uuz6Kg!1&7?o&^}mH)nip@-A4L7SP|wAR&l>cwV$z~+xoTHv9M?eWh|65RdnVo& zY9SnU9Vs&FpCfy7xVH|Qyz6S$u~F8X8EBv^0Sy9BJu(Zhb#2(3o3)>_C)Fo~~JDD_oto&FYf!jBQA?QKMnQlxrPP z-H9LtUHtF)Z7hdKOgMqA=bZ2a3uw5OO2)zKc)SdGL6;$N{k-%G5L(iP;)Vrs0J~m+ zmN#szmcq3bATPG%Vce1FKam|AVJfYwj8lWQ*9*gZi%RkUzv?}m^xJ<|L9}A7;^L=w ze|N4?elqFUDoNKP(L&cr9)oEP4}|ESv3rkl-9bP9v&9AU)Xh}?Q@58RE2BqS_wJ4H z0JNOQQxKkLYFu*B<*~p|C+gDc1ifyuDv0`YppbZ|tm@&9CKP`B*AI9@B^3MWy!#3-%VbLu5TqQXZ0_f=k+@{&omfGEv+|Z$nYZAlU_I5ie}PO zySuoRGC2D22S88wpTGU^t!FTwDpEbs-|>X^O_LOb)YwR=sLUg%xRzM!zu4aTK))5FzsO_U%FWxqBA(DCGz8=xo$=qik{)#L9`fp0Zczn zi}$;6c-DRlo&0rtD%8nbKCN%9#43SMqgrg^Vgo0fhe1sGGwj*s(ca#_nX3Oj8@7$= zfi3x>z;pzKqPJ>?UW7mA;3Vu^#h5&mu}z#Ij0RI#$UFaA3xqc(v#Ve}|F@gIpfUtz0% zy8RQ{2Fy&_Yq_sj!^-5q|J#Ary6YRBxPa7@V%$AoL_i$p5Z&%5vF@Hr?>{w3^TWtGh3b*s~qq1zO_c05Bow5Xz%jz{LeqJpIpUNXKD?{JGL@sNs5a1H?|r6xE} z(&Q7Fc7IooD}!H*kKI17Swf*utY@XeH4K&!djjB--?Li6R#8Y_wve1EMft5FpIGB+ z6l_v#2`;qxp36TSq5qcv!J@DXyzB&N(E7JVBJ{Mv7O?!bxM1ZnjONSSUBPrj|i8@-zh9;2;gQCxYoXLL_q8ki(qEQ4)uFk=>}0 z9{X{WR6j#9NFU%qj*{JkxRM7Lk)s61uqGRBItc!~*IV#p?JiRYe9 zna+l#I>17mAajtf+R}D)_^1=adYP*er6q4Zu^{tMLcG=PlYyiITcY`J+{b;9O}2!C zY@mG2p*B!b18$;(hJ$jTB+aTYSGFz5tl3e`GR)dB{Mr3h`aM(KXCvlpkcrWGG;G;9 z(xhz{Y?W1Dp5M0HW!2lEy^9*&$dh1S^)|%C7r7Vr&=CEse6i{l&XM?*)W_Gr{bmcM{e8{$$-v_U(dXk)C32{L#2 z7f1OOQ_R{?CdMw)VxnRYw}#=3mP%Z=!TQ*@4MlF^D1puxxRIZOvl?-8l!b5h(ZVuaEm)^cnUwe{=j zM#)v1imVo>15BgzYsRsf{99=pajl1z-#ImLonFwjF}z?qmBbZQhy{nSEBRaG;b ztq6D84LY#Otc;SW^Im{FQYyewuF#W;Evi|g!$wra|8T^LT!S0^_-&l&N9s(iX=&cjwe)ZnLPr!wL-z;bCb_M|-@ZpH*4F&g z&4K(*eg^h=>@As4EE`l1%p3IGw`fhvR;UIM?>ega58p>Gw^*e-Rvq6Bd{C>Z0?>1% zm8)GPly&R;z9c;8-9xIQ$Q`+|VF%u8Vzt{SZ8h@Tk9sVm#D-Ex)dk1kw}A@$*|Np9 ziODJdCp_6rCf6ShgGY@txWnaPv7-i`4r?DvVNFNo4NA*fTZ7t7n`Hzzhc7K#T**Lg zV8{-cbL~ZF(*3OS2Ys9G;dvoq^x>K;DQ^-ec;NBwbmFvJ0%gLwEgD)CrsbaY8d2)3 zb6v*R@l9d?EdYqUz_r0^^ZTT10I9zghiQdtY&uqwlJhspFO4&A_?yDM5hquT3)5Zh z1@4r|){qjHo?D=SYClJ_K! zW|oTrUPefn)<6saCh&;dy`_Zol4jh=BR?DG4izsk0Ef@)r%OMgp*J2FT1P0@CTi}R?|AO%F>xHiaUIrTe8ZYDNRD{JY zmzsP{!?fe=-^RA%AMkj`TxyuSc#xlq6aUluOL5G^ zpu16y&PbD;Wu#i2sj7Sx-LhsSZCD-6fOn2ERul?VgWaPGQmu@T$8XV7A*5G~#Ue;M zQ(nBKX1p`-^&)kHdFn~=dFIZin!m$)Gh zIGSZ#H>HayZifE+_8R>R5~qQz)~o@I?2@f9jb>7Ez@go0-5PNSML5%>mzP zYCfNvtLO7@g|qmE^V>W!J-K`SygZ-GfsDP#Y`lQ&WCI-zm4la*dFN);1#0Tgw;Rc& z^T-^|vI}R>c|>+{>jIe;X=vi%9J#3Mx7bMRh)lPM`EAibcQLtaDTj;AOA81^{=BuZ zY_y=%;cPWu4q8y8{}|aX^DH{w%sDcGLZh?HQgX}UgI8k$SL3tCoSd*=!~Hp9!U zyaS=6of4os-Lo38g#wQa=<0UCoZnsxdtPRY;ewx{f&6`?28HY&YvJIgA?vE~O@*Ux z|5<(e$qvci%?pMaxn1LOCRUsD@;lB}PYe1x^(oTP%(6qJ>qaIrbU50P&qrX{dk^EG zm9mn11rFoh`pj5Arq;U!$)=hf(o4}f>pK>Evm&AB{acxRW8d%EFkr;sqF@hDUwaM) zx?8pkQUql#3KfRF@+P}Ykb6=itR%1EFHM75T`kT@<4!hVMwbwfF8Z*_ZIGEoj)Qu zvaNFZb~P@0HVnJxkv8mY7<_>@xM@4PO;_RkMXd3fK(_iq;wR+lC4KPUt#HZsr?wz9 z%8HgZqz1c0W^8unzzq|Iepa-(bjg!a102Y#f|{+nNDXg6S2ABXKh+WYtK5WGEwz2X zx){`om$X^6i_?s)9R>MJ#cnj)vqixcXKO5)Ak^iiri->=H9yPAh7@Oosa6F=LY6Q_xo;7`%k8RMQ5@L{(JCw)k*Kr<~#d8Ig&GlOfJ6w{3?>aLrvYn id8)J|^~rx7%ds5Gu^h{@l>ZL^0RR7So~Eh*at;8O+t8o@ literal 0 HcmV?d00001 diff --git a/released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.204.tgz b/released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.204.tgz new file mode 100755 index 0000000000000000000000000000000000000000..b1158d3faf42213570599441e52b7eb001a50750 GIT binary patch literal 114192 zcmb@tV{m3c*Y_Jtl8Noi#JG|xww;M>+qP{^Y-eKIwr!geJGpY^zMu0R)O$Xj{?NU; z>%VqY_pYw)y?$#GMt#Qs`%n1-fYBI;D>4{~%dkm%aIzXQt1=iXv07*2z2C7TLNER0#w$NnOy*V2X2@%)O71U05`V3%EFx7*QHHT8 zJ~U*AR`&8Tl|ap`v%vD&Qo>L9uk85TBYs?ujg1|D<#@lpb@+LGPK~is*7UrcKVDpe zt_~ktc6>jtdg2p#qqp7<*X1AWDCK@yIXQfhA!7>RS+-)lJwOqova-ZSS%}0)tR_ty zgaZanvW7|q=OhoTq<)S_XC*)uI=arjMCJh&aAQ^heS{SvB`fQ-jknxGXkx6HtJhHy z)+m?o8MnyN7IZ@ZjV@nQ<{y9@+?VG+v!N6b6sBXNnVC*9$BL|A8QrG@{guqFlIAJo zJP^@c>aVC@MsHIO6^VAb-sf8cpvJ5(Oc}@G=RvTy>93U?-zE=`-*d;x!Rr^!4EABx zltm6spw_k{3s6B?&s*?siZ*&REV&=2*Rv~AD)pb?+O$cJ{!921pk%3`u_$IqL$HM* zSvq5aLY0PeD?>u1Np-k^MT-2u!^2RND2W-1!^a5OBnX>$6m9dtb~VtdaJl4gcXtRr zXCA8ak2*zD_CY&G^T_jSv?zs#V0b?K1Y)sXwsg-MB~K>dfd%K+&|iYDPGgDTq?`W2curTY5sx=NjoTa2=;4aq zo+uyX0p>YU-vkD>sVowR-p9KZ9gJeX>dW^Q>NO%tozL7c(=1(inC|#x zNAE?ikZdIsaMzm{Jj+30t1~E1hfv!Y9Q6_Z9hceXp}(8SD8k#GA3vQTL@2?;3|VoD zGGRDFgh}qQLgbee)(LFX)y|ZnrE18_{!ZK#OU3ul9@$GhO3c&n9oROrl(}S*-;1h6 z5J*1f-A(+puUVqUNd($sTI}HO4U<5gGTE`dp&iEzg2lQeCd4T;EZj0nuS$(}!}Azv z=7~jQ(2eKYTjtmpczSm}ZuV_3{`AAc%xg5~nbjL4`(J+W>1bT8CISsu({x_oF-CmQ zf+R~2JGb8Y_M@DSJxDZ17xcB`_@vBP8}{Y*e#M@7w{zY7`gRfj4F9jLv*6&fST!c3G&46gyB!r z^YalD7cv9RQSHwGt^8jCeOw2#UiMUoEhw8W$+38mxD6}uzSwr~0=1~>3ihO>BlD7`yjUrf?TveHxcYauS9 zOzH0J@Nn?+r-Z?^XfZWQ*4;JDPW;$w3p;wrSjT);S z>ElQG^oUqez_GUjLD{M;crJ5HO8s~yP5L3g%gjwqZKRr{{-gaVaLK~_LznC#W~!gE ziJ_)UBS)3;zTeLxJ^hx$gTA|jXDm6)pypM}ZDPRI0hQcilLA_Lj6Zyr#I*nSPU>k* zI8Bv+C5a3?!JtAwj_lwr_0C*nW567<8It|FLfa(k%@t> z)nlP=5JT!HQs!8DHu$T5ade!IUv=39mhC1Ak zX#=MV)U%Uqz5dnB$BFyc6L)Lv2R&R3q5hyptnw6U*Ua!6=j4FWyGzA}v` z8}@ICF&P~`d=V?vekJ*-);06@WckjZ7nkspIf{)6Vjkc2d~y5px~se^E7a*9PDE!M zp}yXk!4C#hbU*e^IU1oIW=80&(B@)0Ysh{PJF0Ui>Tv62G`aOfGJ|7NLW8jB46?X|gQb#}G|&zqlq@D|}!P zP)jyqLuDRaR-ZoNqtc>=nExh7uOen{xbYTn9sk=JHgM;;@zZ8sQzVd!{yRI%$`g5_ zA)At!qjd7^jN1&(e+q*ZJ&#;S$`@67tHZY||>7yiq?un+h zG8_yfJ(PkqtqPXK?I5@5K|D~7nMS`N1%iyEZzJLzieD3im}tIu8wYs}d<^lQxRS#T zyPnUt4ea1a)|^bPw+JiRMV z2b}w+m~xLY%EaLYg44yAc&C%3(>3a~<-E-m4(#~k-;LiMujAH8Wg3E6yS`(n8eqgL zOIva;&ZsaA)Fx)MZWMvre($jp`0Q|qT=vKZEgA39K4h2MedSCQqaB&LISSi@NPKj>iN8_Y4OUCV_LR=!G&NUL~U~@H$F#{cZQCO|z(0 zm;TTaIXsIlo9c5hdB~&|AlRGpJfr33Igw3CB;_cY7(*+DOobiAlV1*EpY=*JwH)%rcoyOdzvh%O)QLReN^k{* z_+kc4GghSGfHD zNxbEu4H+jb9HE%kzieuSx$%Dm;OK`31{O+U38xuL(uSmwucSE6YJ{F)s30e1ZAeJY zf=cp&ng2xS3iXgurnVZwJkrD^WzF@z|&A+J?`b-$$2L_sCw(f`eEP|X3LCq+ctqO^hS?+8cll^ zDRtzxvo8+19chFTobZNzcEOd<>RSTFHyk9bU%L%u>g)$cx)&g_dLX*V5J0wyd9>7J z(D#5#m_549F%`jLW6h)l1Lh{d%&4}lTP@1t;>nCqUTjjH2%X9lg~k%-Q^qo8F^^!g z$*mK=Fo6TL&Q{a3!HS>gDv{L}?rA{;^?yZrj|fV?*I&i@qcPzUS`up8DxgT@#}sV- zoJN$l(Gtj-`K&a7(^}x5uZDfsV0=7h=@mkDxVKHoOgzg(0cB66D+2juXesRAZ&Klj zqjKqgY9wXGSe3Z^Ri(SFd!gGV46Ez7{?eyJV26S}VGklNy|uJ#&8acShN4(4Jo-%( zoWgC|q;DMiX7tHc2tUp*A|JDATwf8S7t0-t$RHOBmt`teHmJdzElrs&ggr=?L$z@ z#YsW3{J2cf9dGHKg#kPcm#;DztP)qb^rIB77qkpNeu4_2kMy@IkZtw3wxgZ1G<+&r zO4T&M=|YL%J$QN-zT#2csv!Mz-r?F>w%}UZ{3Hjf?eNw{DRO-qMa@6VsZwyMTaRxj z>75Xi#~hd#y7TvHh8B=rfqmigKDli(i|H3zXmE)b(Cs4tNAHyg+l|XpW7_*2Kv2&$ zPrJs-FIv7uchL#Jpxs;*j=?vc8BZ|lyI`rui0L|h3!vbkD=rDR*Nb#5Grn(2I94Qx zkNQ=872-$t?~Voy;w0zCDe7zCtt?;~$`2oMxeQ)r4uEJC{iQ;K3aT6EszOBb zC7Kump1}n(&|ygstNw@&BacfVYJq{wW@NcCj$HGK3v`*#z${U(1sgfqLstPxnGYJG z1TH(gp`g(Mheq)GDfz0BnB_}JV9&) z88D!s#$Q(n?%79W61F?ILx?JM}eF(jhh^kdtRype8NBRkpTZ)njZilt?-Oiq1&P_Qk^L+ih*4m^&; z9&jbawK#y;_SscAn}p0znOO~WdPcL@HANd|2J9*+eZ-PxH`Tg5ErA2ZUYSGfjz*gm znlC6$l=_9R!@F>Kuu;o-EfO|yflLFvc|RU-1G8;wJ4?9iswwnsd1_&Gtb~1#oovXW zqSz3~WB=t$sQ8X2KmDHRI>8UyAkDnfbgfK#AZ{ z-Cc~=bE-J>x*u3l{9--2t+{AcZl|N8*ucu76k*kq;6K#aGN}yU@ zB(wddjXQ6gP4zXBO~;aa zKL7YG;goTSow4&7C4q4MT<2IOff6i>q&mNE1U=Dg_A%vs&2jF?VKmr9%%Z{@t0d#c zT|{PcCk(ATE;-xVE$->hv&3phGZj;adnQb_h2t;puk66FF~oNBje%E3mAm~J&SNh; z_xjs!_?5$4{*$Gq!2eu7`NuG+ij_6!Jdo& z(PpArmMP`mY>Ab4BKE{!1-mBF)PQL(pUrMf8HA$L($Kgr2i<4QY`SPe6(nf8q1Ajz z^`2gwX=o9S^9`#){c-_EFchC`wAz_-kwFj|k8%_Y5(?L{h)5U_)A+_yFxb6g4zlo~ zZ21n?6CZKA&&C3#Br;G|l6it0WLslO^r0twtuUV4Tu{plQXz8B6gH_9$a7`WMwjBI z$xsLXHqe|^Zfe#Js0qorhB0q3qt{cuZ>4~Fw)U}a9QuVsHzY`1jVW_HP5!?i0H0f9A8g;GE?oU z+}T8;Nt^}cRY@#_0%qIOwRD2>=jF@+$0c!TB<$_Q2ZUBbGcy~yOqz*^MM8#HNW53%Jj$ZgEVaACl zR@pHqg23~`*3j%=2yWs{%CzzU;~)targwW>1f&MPRj0Ji(6h5#vT?rIQufgGxcsMN zd9Ro6oO*tfKHO6RKwtAo-dBsUT@e?Y)k~~D9)|9!T$QY{w1SVQkjW3BF3mKg{$dkT zMi2-7!dj5OTy3#3$mp84&y%mb2D54+uSbIY{*D8&#L(?!I~!9?>Rn?>dDSlN+HALa z%#$@3uZc8nFwu|5KNNdBm#~+OAw=VB`U)V;6Gt5|+_&8PX}<;dTY-?1H!k?O^;4$v zm*IcTDrw&iLA!z-eOACW1R>dzUhWDJb!KPpG7tLP%*|6mXhRG4Z@z6o<-hGz6USvE z`7<8Z-NUj!eO-j`x#B$YFW`)3$Gj0TKh#b9=AYdVeT#mPLjb#k4@3xEGwifu8-)?J zVcKNJI|w3;qe9V~>6o*bH0a2`7clZDc?~wWjbxLVp#w zcMsQ;#Z$SbTi~$l=Or4L+E=k@wR_E{xGm?~JV}RR3bVuS80Z27N$&|R;u(4%GWzka zm9FD=(jn}y`gcjL&?;QUI2F^386_MIhuk5>8rucGWk%Z8`U3by9*8x#K4t7Rfp1aMW{r-*rvlu}>|26UdN&d&8nZfzmZb_UWg?^3c(6ON5RTEogrs{T;xCM7zR|%WX8*75j_0uW%kWuj{EZRW2M(+r zpAnh&C+>gcvHz5QIpQzN{8Oc-sQ{hYskIfPNy4h-=_@PIB&TW(YYo}SdXZ`atyq6J zW83h2t$^FA(&(bJ`yuWOo7>oRjBSjXC6$Ns>!lk{KcVIu5rqU;R zwL#qv<8?7cj#=6$j19+9mfatE4{x>E_*rImC*H$J`l^}FHQ~eXmE8dFO!-kTjs@+x z;dNRk1|EAI7?W#0Y7#c`6KmP~!QLx(bQ>=|{9~ zFGP=&KTc6pvo3HREf9#9MOA-RUzyJ#n1Dotq;{AKo4|Ai9tg5T>9LWfL>z7jzCkkC|8WN_*bLU~P<2Z0oAbX^%pnPFiW40ZdGa2+V}mjI2nI!%8uWqk)qh8qeR ztioWu$;o?7y82CbC+L>}O?aUr5>3TA`)un98d6VM1fRyjz?2%&3=cJ0^18_l%D1D` zU%?GZcP3DqN!lFWF+~b$Vyn^ui3$4GfpU?wrIF~xePIu^#t6jd8^Hib0s%uX8@bv%$4U_? zoNb7Tx`dk2VN9X~UG-mEkmD!l?!5Y$s#)NYGmrRJ9hBoc_!WPo4d2ic9wOkfb8mSq?SIK?4N#zv-4<|Dg$b5db2AWnW!BoM^~gnR?p9~0cq)P;%KQFz7YKyW^S z*-gOFpGVd-17^VCGJAcGyUG1)%m1GU_5n!0bnMX?(A3t61Qu0e#?;-(SN5HeGD`awK@e9u`Wnj#dE8d(!W?lUa=ke5 zPxVQ)5Wc#QCS$1yg|nRI&Ih=<`bemT&+yVSe;m$0y3xLTyz5V1=Z?ZeCNLl!gfRHP zA-(E)V+!Vz?E%~ZG^;zKDd=xUERv3X{SC1gS1eopELrTDt|ymDFBlWSFFOtVfw_xn zeM|ps(~p`4eKRz+T{?-zYlhNl22-O`ZCYOc)siy3NZwGP7;uU*xSA||#{w)Y@64^+ z{;jT&uXe2i7ycS~QL8=#P3+%sqmZ5nWT&etu3>g~G>A)I%zMKCpJW9+xASY*?*@K~ z540?&R&mnGnf8I6I_dW|C*(}@CgHoR-xc(omoOs)fr1$V4FjzpZ(w#wxR?K*q?Il0 zF=xqMJ`9mlX6WU^;E|upycfz`pUme9J>V)V3xccL zA*vvR0EOl{dn{WH_*=7jBiB-`Dh2_N#D>3_!=Hng*&G#&k(zsfgMlQzE;KPXg*%P6 z@L}oro;%P?NcrU2}gbX{~rtGLwPjzfY9x~k_t=ng%x zLP?}yKYKSQBwTrXzPL(eY;GvIJ>`41WhZ0cNx}t1xyaB>wX|&?? z;*1+Fv1wwg&7O2RmN>#iK@=}0=9^|AbKRg&)5!XZY^^Lz#FW#UY%FB4p zzmjRf1b9bmp%5uFm?kw*d4;tLIBi2UOBSgCw7DBAkZYhwLiafY`8#{=pa-DYR$U^@ z+34Kke~eRxauAX2LCDs@Zy?sfJLG#zo(T}yrOhs7}r`zuX5U-ph5FZx)N1FuOgf+GaV7d z>^^zb3@cKl`oTDM!^*Ag&>IRVVm>A5I)vDqus3a!u*Lk%6awtxWTF)P1 zQgGUlTX#e|Q?va7`Fu3<##6nloJW-dyFIU$s$Qo23kVYD+YUJc<#FHktc@kSE;#EYXxsW-J;$}y_t>>*k-tCw=SMaH~%?&5P9RYWf5Y<~sOnJCSE zD+wQ6z*RDt%x5CMgLu-h^(d)E$zvBvV5&Q ze1|QE(Q;f3OEM|AR26#;I;6p(bL*RWWD9vMRZ+l z+;riel{u(|Hyr5*k5DGAG+L*j*vkwJI2tav2=vA%0|>n^)lxT1tGPo@l{g#i8@7EsAE^oLoogovO+wmb>}Uzqd}C-rf6hj7sN%Oxo{1{tcf%MAt4}P zyS5f{^RCc)SCgyp#KayCOb^a{EjGaIR~@h4)R}lbJT&r^ z=7-A)X@j&30SnVi>yXc*)@%BUyckzBSO3=yH)g4@uKnV_jVFsLJ6~blzb0<@9Ax*) z=+V6LXUr1f%!#?@a4r>xQOk}pKjuyBRq9trR~iv@qN=JG(-E+vly#LyOIBE z$M^6lUAf`flDJiEn|?u*L%Dj{-|F@iS=xu ziXdXsqezg4f~*h?z6EAOV{o16C%ng*Xcq|7lX-P&@jmwoQl zt8f&EFPrF;GW$pyRTM6qIYg+7$x?DFOxd>$u1GSx!QbQtygA#(CGc)5UkI&zD?^Ak?+|KFdW= zT2lH0X^=|wOEgXMWqp^fH0~D6_`E^8=33d;%6R&^8srTOlB(|+3;`mo#(GaA&t81a1EP{y$IB>^vh=n!%6_ZOy!9KASF*7K&I8yaR|LGPw_${P%PhTlk5H|{hQSvEv zm&BA?ULrQ1AGWJ5>d9Ym|B<@z?>_G!RlU6XaFw0Pf^{08_Lcj9EIL`lbxO!8Z>40PyNhU57;8pvh zIY)bM7O8#(5%S_&Tb7z-h>KJtWXoh=bHXJinn#OAyJ}q}0c?BIirnw6{-&}AtiLIU z9y3b|j}ElYAKQy6uY8z?%2Y`ti;p`Sj*TnQ<| zE#aO{H{_*&@^wg&!3}5s1bt_ zd9u}g)-b-bKCso*_Saeoy*3TxxXp^SO_9Q1^;BfYa_kjVbz6l5Un(4Et=MMBsJm-2 zF^GeAcOE;M>5F@Zt`0pin#p))8r_LYYR9$xuNwYOzZjL)=x_?hgIR1_Sr?DgZnFqv z@u6gNDDy9VW7jP9ui`__UB~e_$o*fw|J-8C{`-`F)?Xj$c8{=D`R!4b2}DwM(T=wQ zvp4G)-@frZcRF^M=Bshc;79@^+Chn6rA&;AbPQ(B?WLuFuKSI%{OGtgB*PEE=!)3e z7KV_>e5g!OUWnIuV2=@D$KDPhZnyxI z*lxyX5mf`he2Z*RPRqrA6W_@g~0@zEB((m@mcU{-zrBQSlHa{A+ zcmzwMN{Qgdp(JQynUJyCuVGJbQWQ)uA)Wf&qq$ICFKe-d zV?6m$)w+v=D#0eE6~4x(JKS(jS8Q7ZN`N(VZz?T$d;7)bKl52DW9*?Hh z9%owo+CE<|Kemokc2KYWD&fsVPrLVbcs!?IcD~^%&jZ1liExE~0gICC_gHw2O{81VS&pHg4LgzHBpR$=-2+~R>kbL_#@C# z7E7@eI5EU*z(P}4*D0htz|u2tSgphznOj1$0}0I5(+vyWNld01XR~KZ=x;PC#VPPC zk_R3xvgp<;zS6FUWe1yBC1B%KX%4-!TyVeyUToYQ!aPu*x>oY|n|GJN_6loK`)gdJf>rS!bPA&OnP{i0{-MCrQlA!(5xUg~w2 zKF?E$lh3saYKrPiNShZ@sQ2L{$c|f;QfSZ>#fgl7!QMyvHErgQt!$NPlnB3RGoS%9 zsV#AJE}k{HKjKl@ZSb7WeEKYBBYa(X9dVtpNhitD;mCxOqmb_UYZnCJMAjW$-In-6 zzxDW%6EZ;x_=7}IzmdC$Na_qs`%o*Urpw3(4)+WJj?H=Sw&1kRfit=%KBt?&CFKM7 zA;DyV@1iu~t~meSWKtDTFsY`;B~pvx$=NhKN%s}k!-9F#!mf{S7Erx8L$_(xKsR(!GeTw6BsSIe8>LuG8t8+R7*KYE@3~91ano+US z_d$jNhtL_;CdVr=Gl{{E=zq2|AcTuCBYG3OcgWSSJxI4Nq*!byty-svS^w?xryBL~ z=Z=j}nH>2g#wlb{6 zj`N%G2oH2Kw3*9}>NchK28Ii*5dtoKprh71Vf(BLD5~dOYD`ExI=yr_{vEnum8A)) zxZ$+@xS~lTFWG9$g_ZN8G|f3|p>=(IFZ{!;8ZkfQy=~d4Ae9A0JuEJUDU%M)4p)HHeiP|x_}fXyr)Gl$;_r8##?9YJ^eI#qD3WLZER;F3 zlHcO%u4n8-(n0Mxw8$DXn{0IObGR~fdY@Y{%zwF~g zSYIdXr*Y^7U?Y_uu0V9T_6{e3V$7t^2$kMOl6=38)8=~~qXC~rl3!`_{KXFg%*7AL zxf}nr;{cz@|CBp;CemkLJPD7(|MdS4sU6S%a(Zr?HQY|H#7%J7MR-Y8AJX8<)k0Kh z)?IcTq?K}xe^=#b&tlbJcKT+4h*QjrPzqlZ+$c80QUw0p@fP%ML4KCMl(d!sH;3(n z(BMH|fKp-{v05xHAGSjkk7oo2=A3C|DG{Qtd%g>8e1vNhI2sN6ApF{l5R4~Wc(fQx z&z1jnIcw-V;fX7Q+7|gI=>RNPOwv+jo`;c#Ce(a`5t>l|CtZaIfdC#s<`!k)noaec zTzn4S9kG56m8`KOU88UU^M{XUez$0?QK$bktQRzUL9g!Nwa`~2_C_;;vDGL|g zgux~lbFZ*n)Ay!+*Aa$b!i7&|+#(qG-*<-?f9~W3BkN}FIm;h$$0Ch6 z8;Y)yu|5Qy8=y!~tW7LZL?oiBp-?74rC4=9gAwVLcOR-FavwBWg~4^q_LCY3@9 zi3@~M`vG(e!)y@pnJ^RfwIgwQVTNLs%36oDxoWL!p|zWXs=4;IJ!Z+pCw4@mV=Hh; znTOW0Cfo8N?gg6Wun)uKF-n`73(7FI>-JX|$obnuagw9LpN@g>xXk@0#^Bp@AxMvQ zvY-QQCan#8RD@(PybKI;$u#vvzngv+@+d_gS4txns+7% zV=L`(SLUqaiI!iT)D?R$}1hO@2}g6jJp807Gc_~ zy4yqlf@`pr`}T9hI67H=-n0GutOTt?zJJ-kW6vxSrY!9}iFQXqJ=oZiO_AVD9+ZoB zM<#TCFRHN6+G-uOQ}7Av6g5=f_4$=J4u;4Dbm%kD*u1{A2l`V|e{XQI8EE`-damu9 z4D8{0J$@E{Q|);9gyr~pL}kLBz}?_%l(k4u7cG!nbk!=!@5+2DT?$4qt+jV^drn0f zi^ZQxctsuF#(ZrKvsWPC+BUI!ys9u@XS5E*;fz_qKo>!WKilQR=-g_UvNgUe?RLE z5!j$V41G+>eL)=E?P1h47O?yQ7O?-$JU3ecDH5o9Py85K?%G;F4atYemgmS!j@3Hykw?#WK<5IqVwhw}^N^b_ zG^@MmkL{i9CC&io6vv|JJSBhGRJz;?qcLMJq(KuSf{<(rr$bDU0 zuMG=Fi)<9ZyD25Ux9_E`w2%Jyo%(W|AF95nCbzBIav3#J$sAYT{17z~9f*|uxR>|q zv~-8*isOY;YaTO*LnB9iDMMm+SJE-6BG9x&y0SF^;zOCHoZ}EfkVc52();ab0@;jx zm+*Ajbzl>+lXbx4_(oFR?Dod)4-N+*AI9kQ(j^jzm)~CgS&h>%L8R4jqLq%MLNxdf7Mkh1d#>UvX&(J(z-mrI-Vdg<)E_nalltz8;0h!F1hWNJ z_mOvlIonkc$0XI|F@d7eR^`i2?zCz8(2%B~Gp=Iwi1w0Yj$jKtR>3Zfel;xPUb zPao%4T6t{yWd_3fdfW=mu<0J13CK{g;Y=DaqnJv@Vyr=GapCz^C+Q3KF$(mO-kgaL{$WGi)yUw>3%WW2CW_qZY(R(GFY5(YmEKx1=f>%0eY9pn_Lu%(x=8+ zw>Aoc=TMx+B8mUG(>^54M*H=mJB$4L4<$}~`rxZAsLTgOY#NGvC}z#46p7yI`fb+(Z{&$*5nN^8 z6ffKk2|Of?m5TM=r_d*oER(L-c)GIuAg+wpLwnVQRih5xNG#@kaopg*09Z|;2Ja>L zFYWzmb;Iif?I&>nzT-SWRAE84dS@$|SY2o6Gcj75j^H?XE+1?3Jd)mW^7002h2J8g z7KF>p5FUqyNYhGrpInr?SkXYq#;Jb4{ZImHd>cT{fvk?=IH(0!oV4;okuIb1b~vL- z0!Ta}{uBIJ;JLO%ssFRCh=$H7L}D#+&PxcfvapUMn>T|A#tSxXHKm6-m@o$u1OiIA zE2|C7{kfF+s^JhdHvBV+nqeOfQni^?4kf_5fLS%cI9nw|9PBRWGt% zPj?A^^AR(likMK1Ejb*JrBd)unqPT0kj=jotj*x7U|3$LntN?I^Y;F+^}oyD zpD~1@6sq7OH&se!8PdL)XL((8`CT22bc5%RDkgOv;pCQ$vhCQKGH(B<`Q<*$WW zN=C-9PO*k_6Aba;)J*CLwwhb&j-Ku&&zk>MCYYw#;{Qd;P01Bxyi;>b?+!k}Z(U$g zlTDhI7z$0DjXKTP%Li~BV;)`KNnq+tM*KUjmS+0?OUj?sSFIA1w`3O5QP5~s`k(w@umV9`mhEE1#NLqJ5NP_x0C_?BH3dnxH8u%L?5iiE9*0h0A z>c*T@ZDv+1eciXaZ}Wm-WZgRrvLj{(o0ovvhQRk>*#gTn4=7M5Paey0614$=~} z_kU4tfoKv~TE52=a-AgBEX}~nlI-;heP2FmzaYH6_B%*>3Fp#>pk>^sVxi&5pZ%mC zB^?_x1>(p3t^5MvH~$;nem*2aG7384B#;IXN)n>rL8k)$+~n?T#9Z7EtPoaDF!+Mk zO+0N^V|R0^ck!)qH)OwCAn9_oUi##-<<0L)evgO#RC@cGuBPvjvzeJd;D5dE)q&^x z>IOf0mOF&}Ijwql0Z^X07*bmUV7$+?|I1mRd>{vL#MFO`b}`6kP%pKACAF_;G#dky zSklc&G2N|s-M?vlz=J>Mj*ow9$uFcsKN{b@A8Vi7-lj35s@>H4ft@=wJ*;~Go?d)u zWj&;horULmhV83kzDlI3dU`bqOPeb=Npwt8Z6Y`J8XB^_Y#GtE3GDdM&$*^2qnI=7)>EZ%Xbv=Vc5Uw1Ak( zhkZOTI^zMQjQkJRUJL=kpuR;1uyXFzg}KalMsn=`57ve=^36iS%uCw6{}0!Ga=Au2 z^zLSmp-{a_sT70kP93DiO_`#YwPjbN{eys`Y*9q3Kp1*M}S`E!JaH z7U1ViCz^V28Jw_137UFjzzHo)dCM$d^;>gVBC_!qHrDH^DvX_2U|pL3?};O4#wJiCV%jy@Xx#+rv@-&UA8 z2d(3Pa%c&Czm!g2!PC)^ovY$TF|`<7MCeY`=CunM7KYI)rp-UHZa6uc3>(>gQ}nwu zO~op+*3!yHB~4KVlQ*F+V1t#78kjR~JrZ@7B4PXAF|QyGB%zMyK*LgWyeo^KsA}C$ zU@oL%WGpc!O>m{=L7eKtwtPX16|v2JQ8Xg#HhqD?8P1UzFz#858&+VFS*aaHLoY?v zqSUg6RRj->CPZ==l&_1I70x4Eh6D(U$_0lPiX~CVbVHjGJKa;{;b6|jV%qLRSUdV&ZrgV!`WrslsJUvoa zp7CLTwN>ydNWm1KU^qWe;mwAG2S1?@3)@s1T>T83is`y?9%XJ?Bo1;H_H#JB@_=q! zf#n&TnKujzZeAlE5GQNhLRu?3lI<?bobi~RfgRa{Qf4NQp zLok1Y48pcU?A>rNqlTur{|^EUUfGYqSds$zP5o?hAm7C-)P$S7D#zeD$uL$na!IPr zEXu+Obeh_$$is>hn{*K*{rwwdB8+YY%Q=6=*RBo+11;d_7y&5F_vIsL8)@9(D^)cq zLncMBXWDI{9$JgJ`qpjf4#lY=h53}%tC7Z?r~2K#G^7n4s{Bsn0wf>|hevzin>we? zi&xQ+^WWx|k;?%yUd4a0=ie{a|5DI@xbwz4mg1jo>+|)$H1vo3e{}CXP}7|MJo!MA z(M!Da?iJTf$qvFKbv1p%!=z?EtJxKtdy7pTyHX-jU;X)tmv9553Z0Ck8CLH#_5W&P zd!`Pr{r`+RwSNl|zi=VUZ9#CfI8|)XVlGIfJ7*PnJ~RBE$a8U7@Bc=g%LwKh2|tw+ z^Lgqzz$1{P+96^Sf1w)Pip5nS{nnF3IJ&6uWLTqJddOhN9q`5- zrg(>1?W36RH{_TxtVUo`fzBz=M?bQ^C%d%Ey{nJ1U|`JBqdDfx zQwLSaOx07@xUZ3SUGm8*a0kPH#v4^`pPoTqS8lbtf32_!6ifN&STN2Zb^4wvqB!*T zYSyY47BX}3H9u+VT!B^UyyD3Dy<5jWadm6^=ub0(LujWl-HkvmsTT?Y1HCzV<_|Gm zcs3U4m=rB{iJnUEpyJ9kA%|GbbLT1`Z}pJN$4H8Xv_Y5 zeht&Kd-{R#BwS8Isye@N;g_^uF!9#3u(arg$lYc;!Bl5v)CF-=Z>0rtvS$qZG^ccz zI8;%y(PhJ9y#b|8{^>nwENXCr^}?%WQs0;EYMHEI1*c*~gb#d@%!ja`!aKdPLRGJA z$d1Am|Vhv)S$4Cp{@ODan>`J7p-c8(qS+Mh$f97auodL#~sJpv;3-oQbz}a zL9$Y??CgRanUH%1U$eWMh#_X8HN2cV%!1{z=4l_u$1$$O0$qV{)UXiPy;5iT{}4}# zVp7eO{~=F`h&CHV0k>jvoSKnl61OxNoGEM^97vmvW9dv90+yAAT z&RxHVGy1>pGDMpHL!ZAWw7iR1bf-vBYgk&*x$pj zX8*@Xf2-{eW#hRSnJIcDsU8z5zX)<@KRQa z6($N($F9msAg`0wMIj74C!C?zAapgH13Lpq6d@?qC{N(~;_|6_;36%b(KQg=IqAo< zIoSa(P^PbldcOnG`Ut;KUf021K1TQe`RG2D1PV4)+4=!p63w#7%6^&Y(DO17@7N`M zl%;`bg{$`C&T^N0D9T;b1;oquA+}wRkv9z``B^B{9ks2hU2%goqbOh{vQVv;hzrUx zD1`|Q1{GTT3W7aK2mw@AEUsrHkg7T{r>#GX)>P2TFGsv}5#8C6&UP`)R0qJQPSvlG zWY+z(&caA*5Aq0mRYzXCDhg;i%$uC1ogRVmXbJ+T$xw-!*e1Bt&bvr+`!t0Ul)%?P zv=LB$22B-7XNa<@COJ6NdgJ+^o^Km*#F9J&(R8}YA}YZrr&PyN4LOToaCD*tf?mbQ zUG=T4UwkBWd;e4vXClvaMpNo_|GAjVYP`s``*Hku_|2|QR`w8WY?m?@{3qFPd$^{d za(`mdS9b8mrpnmo{5>z-#^`=XdSiDyWrUrG>h=pE8f26aC@!C;c7$n4G*x+@iqV)6 zp+Ll$f9b=`ypH_URq5tLas3NM(2j)Vmj4N9N zClWQ$(=?AToia~jfp7=FXe#~8LdN;IQErmbAuO`BEyV);HA#p98z?#mI8{|bkx-@( z)vL^cv_G14(ToB~cL14IrR}y@V_{MkDsa>oFomquMW+!jGjaHpDsD8QYh~|nT@#yJ zaR9a+uc=XwqcgP`+Wb00wlIjK=QI{jJW!F5B@SK)HFm`CFlPF`&Sc~od;pW!7>31vB|L%#3dW6P?^&rL~>b9In1&o4kI=_DrLukJCGPy8tTVVFU8V@NWUVAVY(n6U{*?+F7f zVHAjnlIhbKlDNqr%`ilW$_VFtt}~>1zs@4dxG^ZLEvhrdZd*+wJVp?~J?zj(BZgL$ zAv01854hNGXg7uIW#`RUd#B-4fL1V_A~~z?x7xfGGSZV#;?iM>AA05;7d0 za2Kf`XWfSx>G!!DXigI!zJ}8NCe;r_F_Pj&h)CI**NG zaLwVM-&lg^4$AHvIU{{!b-eaplRE_(<47m@D$Bs^OYq&I603*=NVUAE6kCwa$Y)?l zzOA_$6DcMdvoi>K8LegZniTmCr)?mhJiG$&7ANHM;Afw12sZM!=ZR|oVsam=JY$dv zgu^z;BwlEc^r}=sm}~;NJO-}r8~Tk$Yp!91o6M0s$@yM|l+QqD)z36#O8nSw>LKpO_T8|ilH6R9}EGBLoAP1>}U-)zL&+0I$!YYF}Upm=fR zdAn(b zS2R!amuO2eI#~c}vwT~Fvf3=ksod#%$A$a@+!5U_$t*iNfyss#aM;^c zWQM<%Tr*yE(>A0Xq=A&Zpz^P~9C4xN>~TES1KJv9=Der6OYXIW;#_kColzI~sO6c@ zIsf7l&F>{GF(e+HNg;;l1;(`A!V*f_Y~E#B&8m@~YBlk~((zS+;S9Fap}Bbw;q68n zOAzYCsrp11!3p{hxmi=mn>IDUm5~aU3Gv}A+oSb0Iw6`elM%=kS(wIoALVKY|0MWb zw^amq3*p_ooq$4*T49ACnOKn;zhG9DAff4s_>WV3B)5DDq9h?EO~0f#NQ4szL{8|u zJJ0;c`MN6SA0;LLsDoXXcvX^Bdec{LB*O5c<_5J@^y6gT+Pye^@#wmZe zi)5LR_@WQvma0Co(VMpwv%MC3-^_1|X+TNMNs=@Rad;ybQ+6-MDO&r1^CelJ2 z2>$Tj*UO^hf>0$zBMV9a-7&i9gRU@v>^Ne*OhO)PuL2><2r|Ga>*`V>WPjIEKg`$! z(+F?^2GVKRy$uF9OQ`5%IgXyQ;M02k@M-E3V^iWJ2tAb3pjQfASA2}0QC_-hjj)KTdu`DZH-gZr+WlA-0vQ1+8O zMw*Ktowh8uO%XEs2NVi0!SVjkD&LA7L$I6Zf+m#2!|lin{&104l}ZjV?aunEThMLR zU^*@X-4A(E@u|I0=s0RjqNb6J92rgmNGAc7g>=6v0djdO8xbXnE~DXE14&=UD0)gX zgsW){R7TU_+3`PJI*>T$yV;+kZpJMwY=r2PG0e;qbIJ7ebzT6_1y|I>5-eW}MyTf% zdkcDgE_{`GXTORM9JObY#IcpOV#7YAYuhkQcB6xFK#^TQ+Y^^%EL@#zU(bbMAr6w(F`o&Pti&6O#NTV{ zN47f=;!8)HY>5J7`5;?%G&!lgwW>u!>}YV*M$N`+Slm#7+UHwhKN2P7-=WJ&V*L#6 z3<4;p3~zd}5o#edzubOGsp0E#KYf$%SnYcEfn@)EL1avu%GBay{&#`6K2kWP?5agp z$cybsp%Q{%N`L?Q`kD?W5r-|4gINbc z-So-_uRfve+q_X&^o7{fFL=C#8mUW_wy3lK3RQt0-v5NiBWJ^*@^=H@OH-@?8Z&Yn zkN@ZobvjoM5O`4}^s?v!70{wL26I8dcZU_j z=NMXRa>*MY6d3}ADNKVC|IzdE?2b3lyfjVpD(JmpHgMNS3RlU6hES^OzjFp?+~3Mr=y1PY)xA`H8b7 z`WI>%8+dnp{Npt{W2JC50v{dwbM9=IG?+3YYVGVKgy3*{B)GN+fB?)Xo^wF;u6#IL z3-;kxk9K&_Fy0vx>W)gJ29h<@cz1~L_6MuK(eos^rNI~UMFnJ!tTMVjPtiTN3pin9 zA~2;YSS@IxFSxi_>&y1Js4*rCJ)%Vd?Ye~Y#buD8)+K=ppYCp22&TTQHm9rGb{#EF z!wlEN<_s+k0|bZjVo)G%PNCOi!{Jt}rHBgDq2X7%!;;k3pK^$*1~P4%q3%Ee@>;H{ z>@Y?Vs2VJ-{`NSThBsr|$2a%)DzqKU_NYA+JvatMIh2yE#;yh?>-@yd4aEJgUff@y z%&hDdGo`&j++QV~_tVnDF5Mk+>pwDhcWv<(4!ivAks~3U zrIGTI2F~H-V(lhN0TG=s_svV#H;oSkgUy!)lQ>S-QX9QGs|PKN`Rb*gYSoQvo! zRGsJlnCE-Z#Bel6xG-d*c*eB3b8k13rmb39Kx(J6K>M7D=)%!cvbIE-VGt(imYj^` z>x#2)7x$mGXE>;GmRbBBJ~ZwD=`>MjmTk@mZSOeTa#`r{5GQScF+m&JvLCfE(DPhY z*}QSw8It5piegnGwpCY~12ant+kYUB z@voyggvCj+yCM+Ve~q^<^H|spxvc%(@Sb~9zkr<&CwtgaVQUe zCUxi~{Kut}q&iNObhmQYxx}OiyWtEKoK|_=4$CHaq?#J}X4x*)5J2QGyD~$Pvk+}g zw7G#>INe096ypv3ARQ2CdeLCkmcZ!1%UZ5p870F|$gag8xEzfovfMFt0}?jSkyrko z*+Bp|ke?jB3sXQdQwf^gF*+i+Jo*hAd=24R6p*ujwCO zv8M21fOeZ#B9UP{E6ud4wE2w=;^nByw|elq2rSkFDPJd2IO9`Se{M(AP?{E4&fQ|* zn~jS1O694gwp)Q#IKTlhG+>|=&CxBHke2CuU(BZ7k(sI?dZFu}wv(YxdWw3B^A^R(#K zcOCb1Hk~%Hd#Pkgc{od(lSGr~ks)8TG94LkR)OsDpL0-VhvGwB%E-}n z*zd`%Wah_DJKq(!kxau}b5HxP_Ii+(uMwv!*YgjA&GaHh6nG74BXq9ehoO;VP%k>h zktfzV&TLMzq#y;<^(Daw+-RlT?pLVWNyBP;IW=%`4J_h2FjVVBa^y|iL=2o!-!ApHO`E3WjF&;?__*9kr>?TKT`J?ctc~1WOeK$I`RcAGP{8^7h z;@a`7L-lX^%?O7olBViU4Kt}DO?kLLQ97H)Yxgees&x*Tn7j-qv9%c(Y!&1G{4>WM~Ax08K9z60QQsUw=d zp{RK=xEKnP(tUT6mgE(|#viLVhnjf|k#Eacabra76TKidnMUz?8(X#Bi#r_Wc&}Wq zJ0i>UjR^@=^#zO=^!yG6@bZ>L_mZx0NI4;kU>cmD<+v97f#!%1-tFK%V~r4pDQRbI z6tURtg18_5ABOse?^&7T<~CR^cCW0Mic+v?(i*Gg$W+D%mH>WZ`dD}MV9df-X!B+X zx+vpJ)dQL+NN?IT0^76Dd3jk2e|bhbI$T|?qkfDX4CVlAI5#0;V}stBWfA9)KUDK3 zF>YW(BF2n4iCP(`zJQ$sHE^oceN74QcAfm|ioEJ|QaLPE^4B8|`2Dzsd=&r088LDb zf8^p<#l!9aix%-{XE&ujrtA-I>;QERsXi5%8uu773^-sbqkEAr0srn3J3dipZq1gv5$YYVV<^=`=HgUti@bjy&kd`Whedd%OOqmX%IaNq z!ALh}LpEsFyH=*-GJ9{U$+mG7^mMj;Ax&(!y&z$#&h_LMse8ek;#Bgv6}iGus+}nt zT6PTLJl9#_gq-IV3x9n_E#9c7_K@@LdY*zI7wuAW?Hb}iQ;6)U>UG3$+=v$NxPZ7- zm2F(*+*Gms1WP__OB?FPyj5pL&`7$@ zxa?MEe>lyyF9vI*w)ZPd>~Y?%86)UkNw9FmTWR+5hHLtc ztS+vr9Ku!HPqa*d62J(Z1De}&R6td_rPsA36@2|D<)DQLitJL(oYNN8Qb6ZXw^gSW zNUGyedXa`mO$IUFhS?-leGZd%18ZePmdh;6p9|FKw6v|x1p{t;T7s+`%?-M3+Qo1N zTXX@Qa8da=hseL+1pWFVcD*L9Pue^361O&6!9K^Ie_G!VzpM`s-erKW!@R@3B7EK@ zH*7^kFkVsMdcw#Q;uhixjQ?}fO>Lx(6u!N|7e8YHZTl%dY(lkUz`g@V8-&Smxib(j z_B>IOPoAwo8721uoL3tO1AIJW&v(Jc$;17hDO%{rNjA~?2h_Q zFWanM&6;uhsxDb;!Uh87R?wr$U~DvQw~Y?6c+sWpBoep#aW*|scH*)P?%*O|GSwhl zUH(k7na!=zo^+J`wrmGa`&X;v80A5T9|bRjwg)Dv{CQS|NKp@h6t;{`k#G!}KCepu z4TcR~b`?uohx|{FdBpvmBRT@M$X*z;{ItOA<_@QKAHTKGknAMh;lzKbsG!8lg=*<9 zlucRqS{?v-8O&T_ghE_xyS<%Z;6`!}NUi$DF$jx9b@)^aEV3PQSe{O?T-ZPdP4q0zP`(M?k0mr>< z6*S~V77>=Jz~18n(tuVtfBsxT13c6RwA1kh?s`U2klxN=g2+m$d1z97uo@i)Fm!R* z@_bXKbuSBYir9f`j4MU)vr(ZXSj^gXr^{ey+OHDWDxa#~7Riq7plIN;qS3;_me&fU zK*ZYYB5}A61YjhEXKv^QVO#vz1@dT@W@_XOJ+nNP$5T_+o5 zK0s2>?vu`A{w@gb+RC8Yd3ZMEed_*X5(A0%TXJ96d%wo?29h_RMzC;mUC!?~L12eTc?@Pf>>t2G~{ z#Z>RwW0-Chm^8PhqDawD3Ud4C zG{ujAkuo|l$sR>xQX|1%SF5ENL@Biw(_O378`3x8dS_k=rJ!ZD{@son<8@7ESAW-J z+^39=SRNHb_68eg-par+c9QPG@-6-&Z1TP`DSgWLMNP*v;FWeL^VaoQi-85UO1{An z-yEc(GI%4nvu8?PhOVTOF2J?6WcTLIpTKf{{@a)rd?OmQU!PeO+sJ9~<)adPb*d~K zy%xcR8wm?W3xDuOPp77ea7b7aLjtAxSRueRnh{H9njEm#ZIM|Tq<`0O6}qWCDl6EF zu3QodUYHKWh?bTyhSN${rtE2RimH&zcJUFAa<}^xC6wy`_3DKy#D$I^DEgK!0C_91 zqcCpza;=D-A7O9P67K#)kq>iS*3SR@kSGg@ZIOarUq-j~YQ<4=x?;=+)d=OwrL;hzPl8`-CvetH1sf9RA zY`i+yqFZLUC*x<7k^0r^U8KW%$LKYq*!s9}?Wi$oKM;a_rqw0w9Cc&(oxipKI*ouzPc&Koh(!0S`w*@J(ZB$puzdK{F*bd0=B zwTHBwTe{(nqT(IB6pYtlFM8YG9C(Tm)6N~1r0}k}i_CL6v>G<(_K3MVId9Oy12@83 zE~9d-UChlQp>#mYMck~+^0))t`&c&E%k5!ybjaNSq=ymHz=rZzWi_~p;cx~qQxKte z4x3?sH#puXSNtVDg!U=W{ki{W2E%b)>tSPzY+oHX^bRsc*;Izh*42k$wvOclwk%DC zMo8sRv(xOvfBh#r1QqP)MfUj``f?(fE@mhEO}D2Vv!_YxNdWb7LvcF%mYK!HbOjs#9FZ^EHi+@O-L?}4KI67()h+@4dJhen&pRtx@wJ*GvC#p zn^))SlBiz~Ff{dV!s;PxGu&-ay{O>DQ)8}?hPE3+rt<#U)^*~a>rITl?Y<=8_~kDU-!yyRXQNYREyyn48oQw;~Kyzg-xK zc?l`6SheYf;7sn_>CcW$bVL?Xc$tqGatKX{@}Sp>D?hB8;dtjWZwtW5TAZ$ayI0Zb z#)T!Ee8?c`2dFL&9OiPpuqD$tY;^_gxeWUd|yl*w%acZ8tG(Sw&!Dcw7?^Ca5ou z#0FO64b7=Vl(`VW?&2hP*4~2HKJZC;|2@E7O9OL#>nI2$Xw`>shO+KRXf^~xBESl+ zbcXGkxc4r1Bcm1P_d%ZDFkR0E2ps%X%(eWD4mvpH*_-s=X?J$oi$e$EbQl}JF={85 z>$4n0-n=KwTnVqpk?<`vS>_P*cdHy{&iEF5_9 z2QLT)?m5kn#`kzk)ZW}--pEd7q`M8Ty8o7lWFx&UwlM&xZTD)-6)L~mpLG@5LT}JI z54B$}7`{G58DoAq*6otu&hElsl`PT%QOiJfK8(ub`Et(GEAjgQV|>*f+Xz;fi< ziAt%f1S+%hyv}+GEw5z9-?*(-O4gEo1m3WDu##?!4Ep7*34_W((Qapc(gPu#FWx%u zQ`HVTQlrB+HxTMNEd4O2Xn>(!{##8X9nDY7-LZasy+;xvQ30|SK4jJbBG%l-u}`z& z4CJm|X`ztfYq;;;7RjP#2_JS{eu{V~_xaru-|sr=V8AcJ{WoyylDDef6l;S(o+HBxp%uRn|=0b{@ImOq!>A5L3sDdb&zC$;<@ ziXdg+wO7q3`TB@6UmL_hH zB+y6_mvDj!2(IKhgRq%C@KUc1rG*BCQD_2aW~8sq0hSHqqfxGgQJRfHf*n(KsD@4- zOS-w!zZI|p2XAlRk_bq|5#5*&y5|vkNAc8Htt6K;sinn;EDn2(zR)R;mH^)G zT^Pw+uFwq4-tXfi9Ca49FDNFLD2t1WAGX;Ww%KK;^Q*Qq;^9sc$g0#nSR0WfF}=+x znfF~#BAU5@Dts+)G#(JT+z06n)^pnoiLxV;UR8qG)m;Z^_!^hfAOAFVmEz3RL6=At z#jub6CXMa1uxqNU%Kcu5G!d-%AG)oR{JIn085#AjO>>mGH7jXM(FXte|sT6+b0n zuECt?a#MBbFu_v@fhyq9K=#`GE>m06hp7(L<%LMQ#bO7yOfw*)QNRUG)2)D4ine|{ z)mtW~UT)cKR(8BmPOAKytTy#NV;0q~**4KXk2ZW}Qy%BRBu5M>f1A?+UzL9x>f(C(~yI9}^on4@%PjR!PIS z#-lmCjK6DEwh$S^5ehiuK&z@Ke7s1H-_7zrqna3c;t)Z+l^J-l=4(*ScBTT57z3J< zIlAXLO5_Ak-d-{(dLZT-$BXKBbcAnPKx^Qup@q(9!G0_q7uJ{pvLkQ$`1X|iAak^T z?yJfj45O{*0Y#Q)Z9jld$eK}qndvZ+cnXU%o*b|1oQZtN(wd7XgwL+{&+kBk zB45diYVIImLL^}%=6|~Ra@f(4evir=!}5mvBdM2UmC&fvRwlfy{FTc`6|yDdN{Ajg zAnga>GAm{kb|fT%&}TcXiJGCF9{(eB@^mm-iLm&7cd)!DYmt20O7+pKsI3&cm`LKC z806VWvxStnc`R!9;LsFH&8BI{WeoSFBJ2veoN0QrVdB(T5V;rc@>gYVGAu}i?8;~t zgeuE3PdQDW6b)ME;>;?EYpJh6?{*vmbjgd}ue3J75}_%y6cv?MOiI)C`w*xjpSut$ z=gzXS?IFs8j7V<)6x(@QEE0|<3&*1dKRbZrcDO46`;$b}#e@i%+d5#dsdnvmYeRl) zv_&vt44!i`%jes*k!4fvg*Vx<)EHz9^_@2vili3ZSviE^*_ui>O+a%HV)( zr(W;rwaKzqzB{(LDN5UfEpwd+Nv{(z(t{+y*ke2setY|+8I`S8@F+a@95vo&oAmN7 zBV8^foLWD$W^P~r+649kx&*PUsgrr0UsA+r`?x+j`4IJz_Tch9Ey+DY$xum>bvH2` z7l?tSuwTDVzBF(KcWy`Ms#SpDTr1^b_FN+5Ng?baDOo{P#W4;#PdV5y!?<-wOeS}{2_LY{4Sm+hbQtr;N+!IOt;!}W6}kb26470;OA~;D!qGl zQMq%~ay-=~6cFCgRwa=Scsna-&r0~b_@cPIh(so2s7Kb4PWHe$ zky+>Av$8Fc0B~~hMCc#VtkUYY>&r6?_j*e1?NtkM?emvHp&$E`b^_L}{wfo?Oa7|X zTby<1ZVrk?=Yifx{!4o_C)Z3Ho&H8dBAQqZY=&@t;k9A(VtzI-p8_xU3XB| z5vSbQ_CQ(1%aX!xXIne{>^1%Fu~{9@nR&M$vdi&|b-*W4_G`|RB9xqwwgwG?MpSYF zNNuL7DWP5DA<*ojet*F@K|O~}>)WzaJdf`8sNZK8S=7P?jDW81&$gSBV?I}-1L+mO z!~pQmQ2`+`qw%MW!xN}gPTpX6y##xzw^~^0UC}^ny8F1xqzRq8WzX(VZl7*WVl*Fp zL$dsRHw|{^z8!8j#56%IAn9CAr17#Dgg!WWh%1r|mrh0g-*2GJncGvSiLAADD9!e) zfpp_y+Il&4OC5S7fA!>lH|}fPFQG$gf60qbKb<++wkYXLCaTYmC%@H`SW|5A$5{{N z=8gkwO#E7O9fYiQZJLS)Y$Mo}PI%hZ1_nmw6Oj9f%f};|3^@q))LW(JX3w4O0c>Im zkm`vvR4xVs_^Da+NQ-4jv=;CCJ6-e7X0Z$UO_H8NIij&vm|+?pNIoC9GiK%Dxx*93 zB2(W*D|ff6sLi3SME@-gSnh#jRR2jt*d({ZRInv)fs_%R-^uCJk&`6ao8OSG0(!dj zbb_cuzmyzdLZuDpjNPMFoBYd*FHnX`tM%zrs^%M}0W9#IF^)e8PRBc@_#RCJ&Ky|3 z7j8tyZkP@Y+p7m423LzU;jiYs?x-`iL|cH_yLZ$ly4OJfKMkQHp0JD(X!}z(E{jas zUnDJ{n8yx-9)%28A4e5;QL6bqD0XG_uR4P(2nAF}G+=?mAT2>p?NjqV%M#S0&vA5j*-1OR@P)r;liCYw;vzu^sm$@9X3KkP`qM#(RLM}}ftkqzKiFr%MtV7IAyLTjqkS80CP4xJZ&DD66C{G6^VS>}Q322>)!UcRgvNyq?uD25cR6{!=? ztZrmwH7D>M0qbv6^7c|x^yKoDxYglPUnTn2+yg^F$U-U7;Wbe{_8GStiOkepUO=k}JD%?{_-d^NnsX&*Y)4Z3Dp!dHLB8Qw)zb zfvP**t1MBzE09}@gdteJrHB(@SIEn)3ptrFzs6fm{2L7Tm1yz!)`!S+HxUkPt0vmO zq&eegXM17jQkcq$|Lie78o2LQ*MR8Q4&*#hC7hVe7r&wf7aBZH`jWG83Ch$^2b2Jj zfm0)OWbuBpH2N#u_o;Mg=y+t2ZKiYoTl4jVyi*E(EQpb_f$ztdbGiEzo<&B^F1sRF z2cg_Y6U{IN{#-T^RMEM-X0Cp#QAqCP)izD$4G8v!B5u*UwATfO2}f`f;i1K@@#=lC?lq&41kO@(VFMVW>xi2?#e}0lkVn zXyaKYm8>&JlYe*0#7iDLr8mFo3Iyx{4Jtb+TnZ@Y7N{p11#q=PycWEyPEW|FX z0<0oFJPu7pSO+qjHxW$4qEGEuH~>k>{D0QTod2jBW7<-s3ETN!p@XAW+F!cEp-zeG zKeUKv4X_-bg_HByy^;S8_Vf02H0*-FbhxnO_>dd87cL4{-nXFjprF#3%iohqOjROaZ7OE znSi;8+BJR;vp%=5IldjO5Y2srMSGyx&S{OSdL~n(huK(wT5g5ktlmu2*%f(?&S2Vq zEOijqQXDyrV=0_Qlq=PBh(Ip0{N*Zt8}6j<3kzlf0G{qn_bYGyF7|D~5>T&qA&}Ix zm8f{StFAYkThRH$LBy+`8V#yU?2}Z~y~gV8HKnLstzSvVy)um`AqNOFm&9E->{olj z^v|RjM9osQTxc}oI;s@-1LBt{z8!OWv{E{&N83B# z3MI<2F()4TX^L$DgIYOnomvSPoAkVfUe8T^Ri+RzIS{=-SvzsjBM$!yO8j%WR#QA0 z5c+r-yCFA?Ap26Yk`T0dU^M-!!qxiAGT_S}c6sK*jUoyLBb8lN|!TW53`tMQ3- zpXtRyLUaEO+9Yt!k7t>*zMi9~!~`~~%oFNH^<&w3;WUAD+I;k~JojKpxZYUmGCGZo zV>Lxw`pQBmpcd4mRy%Q#NiWs%RSDf%v?-^o9&L(Fy4*Dvbx>5>`&m9cF*R>=&O$K- z(=#GD24S(p6UeHg4 zukY!}tEP~g_;E;&?^z|HO%mraAF9ToMl5&WuSO6X@*?d}G<;@pR4-;xH&;fk$R&6L z^PofMKSQC$w_!w65|UA<6vKnE)HwcFePvcs~~zr$z7XIypL`x5=w%(QoE@$t+HRtfwg<@1 zq;eQxcvQ?1+&AclQ!a+-zF&=;QvjY$XEL7v1BbyaEm}SO?WU!mBAAQF8bP+ns;*?Q zH45GjXYFV^>0Idga(A`ArIQUj#Rgavx3t%$iI4}=h29kTcrK8)89?s#w`W@;i{nbo3Z*+p!BUItJAv+tjZ692Jw|60~T6dLnL&!R--#_0*U2M4TWt zr^xjk+cWYp6ez4LRWk(CPM?5g!L|x@_IIkYkR1kDaC=r1W&Qofo+FIKw79a!1F(B* zqd|8W@h;>8FcEqL$ciljJS|K(duzn?fXCOvb-CzXOUU;rTD96mNJXh8qp61#Gq-jA zWrkefbftPFazSsvU19qq%;F&oO0}k4xyV?a@xlKq+TA(4ZDor$jr|0Y z2?m~BB!m#lSg4SJe;?L^N|Mzmw+&beU||WY0c^Q>#XWDtB*dCYVsAQORQ6uPgfedtxFo z-pM~i%l>OW_D~v7%fX}WKCfgyf+c6#RA0{H+l?fxWF6|BX;Dw@Uwg-$gb1$MALet- zbC-~rdFInurHAVbPrZncu}e;Q{0qIr6{ogVXs*n2%tZ&HDh>3tiT3D9co#>PkK<>{(gd{c6^08e&r|g?UsE4H4g55X-C=lx@i3|18#n5SOLNB_ zBLWs`^-_9+!A6s8+q!VD;LhjKCuvKVxHNk}#tBUl5p&+Yh9$aK?!h7S8w!We-uLGQ z4nFq@N@)uCA%JW3pXRC|O}!8*AOP&mzGyD`FYNUSqA7t+Nn*Q-tE*sxoWyLNe`?)Z z<6U23IKq|oDW-m&Ut*In_obvbT4ZOQ_$|d3d2#&)pm2h(e1;ZrtlRs%KR21CZAzVixSWx^l81@3*1(X)F%c-NNzMS*2wMh3}l9Bq$r9>e^2gXmZy;g$z z+j@KjVc@q6EAWdMr!ZZTI}REKz@!6#q8jk%R}Y6rhv%RZj=z&hnQ8Qh_?U*pCFgd8 z7oq72ycQlTwQhlxn>*Rq0E7~MK5;9_KKD0o^gLl7oJ1<(n%ula{T2lR2iDfa;gxMS zd9B`S2vy4uEX`f3*qMf3eC9iR+?~bYo=b_vg>7BK!S7lIw!*^Iiw4N(V@L?WtfD^g z2C4p1$o_kc>VEhz&%CCZ?}ilTOO`eFxWotA`}h8w=61rT-LuGpgC7hqS?R$Y{~_!% zyjx^Y1&1w(q;LWc*ATe*2uh*UokvvaQWG%KCQn^bMLBx*tN%5%X8^MXVG7 z?3&&KQS$R)EW5UD#joufi4X{e^vY#htpM@uwC^V?V721~E7v`!oFZeBd(OX)eJ0{M51ufpoX@I-b_)q=y!i@7#0GS^W56@-QG99QeIyJCiOo^rLAzPSd7UT@3A^G_`$)eK%Je*};jM4wMF2EBiX}%D!_) zyC_bIlC_6Tna9l9|AsH&Yh1dW`*@(auXeJS2)Ch~FHgRLW)rsQTo;`Op`PnaAxW+^ z%;3{bGhVKgEa&nN!9tTgOo}2=CzW;M@inS;>W4=;X@|BOM+lhH@EKJ6%)_rE@(T3( z2|t=j-XaO_l_!cuW*Y_P2TB$zIw&qo5ArNiN3IKG=N9Nt{A7n2-nQ7$!oRtjYD(A( zr}lvI>$#T7QV+D*XGtAZ{R`7H=t@09+dk)dYW`s;)YHVaU6Wx_hxyh9+0ieAsVyg5 zdH^0jbRCL)?ST#A&_>sQqtdYW#SU4~E5s;>cN&BZ(h2z_iF+E34Z>bx<+zB&0r{`& zdwf0$Z&`u^wz|r8vOi}+0UpOEO=ml$P=Dl+k;JIx^t5J5fnGxS=GZklpO>BRoul=j zZ)WBST_qe-Ou7(kRQihsufPDYk|VhHZ4f*@mK7nE6`lyd3sZCrhCoz+TlON{RhTUS z9neYpp=g_-q+XcopO$nJQOWvm;UyO*a8e@Wk_Yt!o*wj7vDu>Y*LR7i&y!0nE|@j* zbqFh!oK#>HTpUe zr@5-6(N+5Aa$Dt{MrqrO$ewjAV&0RvYF%TFzZI&c0!6>4%XamqV%5qE&7~_LTVL;v zbt#H25%oq{=+W&c>ZlT-`=hE<3~H+W>vIEPcik?TJdy_hi050BpSuW4pKHX99AlfH z4#%PUk5~Y)jak3`YF~oC*duzAE@mxdLcI^zCcgi_-6g8Yc$f{Sea}{ zr&3hv{8-VFtfbB1D-3yazHTIu%bctNvzpp40{zDq+TSmf(X!?l+30QAC?b#`eYugb zoG8?#J7YI%yb;&vn=$rdN(v8(9<~GUv2EJeecBkK!$O`9jus=nc5COjQP&|CFKi02 zwQho!n~$|vo{-;j!LLpu>=caMLi9oV{2~w=h`u0QkL77~kPaJn#co|a42W72YlyxS zZs%%52s}~`I!a>`5(OIR`%9D_;oJ*!_4VUP&7V8pS$6RA z!7U;DSIzBT0Emv4f}|FlrG0>0>Ha+Dkz^94&&J8SNZ}zlY*Hz;4gN@`_wr=QMhFK7 z8Htp8KSoP`=_^-3ki`uG#i>*(jf+w6mSvU68ENKY)|qJkvM@+V$UlF2m3NuZ`ou3C zDQt(z(Ue^crurD&wq^#Oe$S*LkX00@SQ&z~(!ezTl~!tm_F6bcF3vHhcBp>+gcdrn zih2tjR-ZUF<^zh_mY56e*0w_T*+)^a0G_lf3M5VB;=J)l39D^#po^&q@^sQ0kSwu4 z0BHM^>|`4W3Q8o_0y5lEUsu#HOE_6bz5qfA6 zP0fX%xv)}rFOpfYQ&_;$o900y(pkjNUa)#i+y5K`?0-j!O=Vlzg^)JRlKRbwdB^Rd z5sKo{uJfcVhof@8x}*Iip1r9z8R(dy)HR--;JL8jx6n1qiY_oN|3bce(w8NQfuXF5B1RRzTVcJ_YZFxS>yJM zkF?$wi~@C22+K9ZOL>3U{&QU^j-c;iLPYv+a8ewfwsZM{SSF-|@0jpCKP~zxAZxGF z<&Z7JFp!s8O4Q@+&L1V7Pdx>mPsjaDe?2jlPnPaDyV3$?*EY-BOp3*h6O=bo5?r&C z^yS3qHnLk1Llijc%5Tih*xr8!I4e58g~n4GBf z)mROWflo6<=B483brp17f>trj=Dk(xYH7fP`q&-3u&Wfst7u+lWLmL|GobuWIn4k!ilDa59 z()lK9{d_4py>WA_C7}i_hkHQP9`H6Fa@MS25iKNcPu7d<*2C78R=!TA)OnH!sl|MZ5+sn8mtgRqt`Tj^~;i ze;r*W?3q$(*)Hw6pTvSgQ@S%JV^v*>afb>zi>0wGuf9hy!vB@&EK4*9Nybg>(b}ovwaAp4KgyKA!>oc`$7#*U~zpv)z0trJeWG&ZtmUi^AWj9N4$^k56fK-&~ z|5N~~_ot?jrgR~f)H>JH3f7<(wK~^Qh<2Tp+oISzh5`;$?BG^aM~)xX+C2H7)i|Q; zIC`c)7LqznW+oo`a7I_7CWoOKt!HO}5uGTmmxQAFgoPobl2JG+g&!xZp=+ zZFLA147FMB>|?c+pS7$>T!l+E0^V%q1l$#C>Ra-X_Ebdve>cMFu z6y?TTrg@-c+nLry6U?5{G%&WA-1Sv522|dy8L7&u+wXn-t=p5XrI0>1i+p?N3FJ4r zA0VQ)lWw%80HMK<@Jha2O{XcmYZHNWyHoV=lT_$rw3E)|+Yl{QfhXQI^jFYooTV06 zgd;zzONK`ZvL+mY=^;17+OX6b4BNnUlX!SIBz;SH3C@cC_!Ma#_F1FMH;zW4;HDLk z7!*X0gB?A;3gPT&Q+($!j-HdA9^?P&Mhg;rm#f^HtuVYOxXT?E(fXT+Y8Z;v|?|8u*5rnQ4y@6sn$o|L( z-%8h{hYT!c<2J4?7`oub@@g{7KmEiW?Y7vtIcF#voTWjIkLph; zsHqxzM)D_9k(9cJ`pUyfUT<=rpu%2D#>zJ0Z-2K#UPDoDb-?yqErl zOkY-AjH#=I1D#~+pn#A)Z~r8wa4KhTO~(8f>^ckX;$;pqu5jhc*lkJ(*^iu~74xgl zy@Art(t2H}soFaw351Oq)=9rJ#@@1Sa6ztE8HHD_Pwp(`>=N60dApi|ztJlrhDm3y zrVH(i2ImXx;iLIuVirTZx;v-pp&uG!p#Eif@(H@LMK;cj?$#iiTg&OleROv?4(r9H z?K%Tuv%1dk8VE2~aVwKi+x4!wb{}KV^7-|ItoWH|@b3hZx{@_dTp|&Wib}1(7?3-wr|dmb zsnV5BZfFBJYR2VSxSm7HRL7yE)C5dQr$(x`m_l)+G0sNAo%GLFbi#OuI#tf#Ywq`;I#&a73Ux$&al+F8h>#CS4J8c|@K_)8}#ugqNZ-m^=e)O}`Z zqX?l~_zA&@DQokSb!N%I+QlZqH(@_A^=0z1VR{HF8faAKp5ZE7u z5?@$al(%Y~7BaS&^MPo__*vU-0pA z&G(@(e=TfQ3)X|}t!p>`^R-<1f}VCLkxCrEueC>&(o3oUBqUhgiGM53^JvsLmVoSg z`2LX^f25&YSj#;29y12}rVy^c&#*h=`eg#Q(mt ztLgT7+nP|@@%=bodij37->}p3{Rs0TrWf-unNgUCO#OMbYj;I=t;W=C0UDghH?1IE zMoR7C4mt`gLhLaaoXQ67N1d_XX8r8=752^2Mj!+a9NP4oT~2r`SULB-ScDnU{h7Nm zDG@1VwKVcb9eCg{y;HL`vip4tWM*OIP==Pe?yHPCQLmPCrmeuRN2?*Sq_N;URDG-X zwj!XDxIQ|i!7Ftp#k;Z0Befo>dse$C?ZNJ3=Tnw^#VKLujx`BY2fao@S7^?n)AN}M zeC3VXrEaOE?jIzkuQ)cDeQawtc0%`v+1^O>#CZ+3pSzhgl89;=%f%!(B+$&wMRe-3 zp05}KL(yg}{zI5H&++WBV7KkQQ{V1Wds8UI{%@CNeRBKQ0{yqQsUZ!d_0;njXG#nB8YB_VWiS-0Oq{MNT`Ys;(94`WRvjT_w(ABNH3kl}mk=rHAO( z%_i}d?7B86t5VMD5pzlEIfe;T;&Njg8$Y(u7hsLz7VCw|hO*m0GC&`cj+dNm<73$E zrfb;e_KkQ>8%uB#8SC@6!y84D#4-qm;gh?NXR){vN-Q(sdhA3?i4E@{>K+2E#FS|f ztF_tlcu`fw8Pmkd-91r5+@$3nCbF#z(5aa4>ZIah6^YEWG+#P2v-W^#A9W?nT2q$L zZLKOScX9(fOK$s9`SwjVNM^@!Mp>-lO7dGO(n)K4DTtHH2ETdlS+n(wOZc+1Gko-O zUsf#R)HS7HO>xX%N;oVlhN5z+lrNZk+u4o=V@n}qCnqmx0s(kRbJG=CsRzJu_BGo2 zJNs@=X!jZ9F|>NqW&))wh!Wxa3luE!8csWU$aGeBDL??}c3j`3GB8zTz*BR&wL^LY z$;-QmyCHN>fhZ{v4TfbVl!wZdt(H=?7gRCOu~4?N>mc&0Z02#M->zRTLOa?1!Kgss zYo1RgF$FS%O$_K^PG4_cVR_!w#+D{>boe9}b(p%^$(1Wg9!e4lC(;E&PW zba!9;hOwI~w^|RD-#U#HOuwU2(oi-b?P9&xtIHjN?cl zEHQ8Y66YoXxRye>SRGW zxsBSRMyO6$8PcuiPRl>?Uik04t*{R$xrj&)2B+s4Fmp|Q;J6hb4FgM}?fydIq+H|u z2)>jmH^&Rl?*BthO3jq%9?2jA?gJ3fGE@)63Gb)c+lAAmnzWw|5 zaJc2P^j2rqs~YJR>+LKoUDY92S}iy5N*gt?+G0;ho%n*=2On))*Lfa;X3P&!w3v+z zC@?WXxU${7(ZlWZY4$3hhuxd`Bc`9+mK>O_k~8UEvJQoxl3%E-b^ir=Z9wJ>iA+o}wE zf4vxcYLt)8W?t;yX7{HiKoRC_;z(>0?ChR;J3DXp3VHh}nlDBOYR}E+UxRaV_ za4%*hYk}SVapMDL4E!v41N$3+|MFfL7pYyQV+M3Q8^q;S$$!9Blwo)J{TOaKe7O8F5SRcv8O^4W~l|JkR&c;I_s`8O? z8~76#Q>Wl~pRcjCUI}L+uDl(pbpC*e&V6WGe&K(fM z5R(RhsbKhQ$Yld-uMS@V-U^F+M^>a48QY_M6K73^BrgV=L_-|^`F1C$rZ}87zC8yK zUpb@oHJa@eUP?}(11K_xXega^2+7GM9k@9OBN-Snxu9gcGn?*Cm~+&a6{c^qRO1c( zv_yqJg0h~gyUKmhuVh{{6jNBz@@$&vhHb&KJ&W0;4BBrF7)9Fcd9|)Ju`7^nUNc{A z^Cp-#PO#+c`^Gbde|pae9I0zpj#`+>ENR_VApZ4YCI}B*k7xu$TYTCnv5fC9Iuc~{< zUWeAK^U8^5rN(8wazKfc#g%`(q|i|oYzwTe5Mutm10NLM0r-1&pfTo;zxBw|D@>2IU1xK=%6xd}P>zCE9uLB`DN+RYsEl5x;1zGE24 zGhKdKaG;wLRMb4U4M_Q(gnX0EyTMI=hfjZ7zz&E_eS17zx$S&@wCub*_0Rb=y>gkxfR8DqqB`rAZGAeEfZHm6yYkt|T5fNcKyS981tBO#HnoeH zDY>|fjh9${&CZmp>*S=!ngneSXG<zb0iTTQK&a_qL@^e6f7`=b1K?v_dXdt{xnIF{%x^I3M|FDO@<(dMu4EDb*bvJ8CRRVy6`Q^P*H6u_aNaft!>Y(As0BwN))-mBK-J3jhBK98NlSZZ%`H8rQFbCNNhF9T}9Ufyq4!=vZbbyrf7 zP8tYd)?u>5vvBO^!z{7;qTGA&a{V#>1eqLD9Il7%?@qVGJ1-xgEg3Ukf6E~nC(2`| zGF%VPAv_jl6NZ>ee-S@{a7S}K@oP?6+8r-~tdD8n_WkABSPHVV+ZoIzyI#co9^X7e z>!%aFFP@g7i#2x2%ZENW5$BRO4ns}Y$j{|v`7;^h%~J}&AxjSBkcqcyo_!kr7o2^y z^wT+3zi1l-P}DQ+C(&i5pX(piYQ}Y!yjL#EQ`|$|gO^he>ZS%y=*G=)&B8>Jm*Ow2 zN>jxw0)dn;QBmYg;5+4p>X=aPG=k!}(Avu-(oQeO?Ba!GlFhg_7>;hp08W6SpbCVP zM$_eQp1A@3Z^?%)Gnf8PUD0zf=9AGgA_6rd5z?Qawxm}G9Sjxy9YP58Eg9wc$O+Q> zZd3AfRNGZ1HYI&jx}c8ne+AVjRcgXG6DJ6f*swbr_5luFL}pN7E9agN^BaIO{Yz2k zSgCrnddrvf!6VAs?adZ6!OXY&J!u!~^gk=G7%ayLX@{J7 zcr~&l+F2PCx|3sVcXu74?uu>Z-GD#&WK=#j+nG1qxe-<^$}F_5pJPnih(rFYHmeNO zE2YHPL&&qN*2)7m&*a5}u2L~kN6&O~!VYd}SkclKu|sIvc2G$n>l~t_bg;53oKv>p zZlL<}upn`eud#t#Y!sc``*L_K8)_nCAzF%T@}VdEn$Nb)<8^r1 zOK%G3%|CeSt_9@N5+wl`$FO35E>r3HVG^tV4gVsIW5n~!eE zVF2P0kYt?SaMHr-*_!kJauU=U)adoz87Ed&tjy*5mr4a+85(E|bHeQHwwBj#A%{#S z@aF#HmunjpTx0ZjRfC@FH!f+gE9f>v&Q=($A6hND$IrqBI(*5753?sWA2Fd^PZFD5 zKD(~UA}0DDsK3-KH=tRuN}WdfgUZWfWazj6`%WLfI3+H(Yc$E~y9ZP*e}=3?GN#@B zv3yf$!;QRV3bIj;1*3u7xGl1LhIgcK5BXwPv57!bce69{rmcv>LOqd{DOSAg{XFO? zI%n+t3y<%E8&!xgRxPV&ma%T<4Ek7V7JVg~(YYChvxUDwZ*p!D}q9U}>k`>d|-=N1HBj_pBW z`8HZ&`7}miIot<+GYk|Xa1n+4-x{6>qjTtE++0ns3<4Qi^Yn} zI3XMuk_1jxY#R++Nc)ypJ*Vm=`9*4c<9t{P_TF=jC>2+I@2HH-n;klp_6Xsb67xota z174@Fjx8e}O}ro~;$E#@xdFw-6x+!@{Jj!#rE`XG`qPRCL~lKPLs@t(@Zjh&22ZoN zNcb%_HBO6&t=gO^p#)4T3i)e$fK;MPSP&PjY1pFl;FF+hNK`pAE_pljVg!CUGA{U( z=I;i6VekT@%E`eJu$asHuLd!mNui6Sml5>`2uw3z!orHpI3P(+)H^YC;ZfiBQTK`8 zmv4dx9egjFXAUb!OrdsK}S?M>v*UbMm z8mok~x;FG@v}JScKr1w~y*-Fb$xd-pa>V69Fv%A3piQu9&_xj!F|EyMVN1$eg|7r( z>)|aPl@~LFNtZX)8Ig|MWXYMT>KC@uQ^)FP=+rp)tKCmpOFlySmt>JFDxYso9hV$? z@^TDkz=VNo^6PHY;F-ImR8Jz=r%1sLswr3Ss!HC=9gm$6j= z4*k8KMSopw zD9)(A$9z59ybzLuJcrsegVI@^W*04X9dd=~a8gc~#dQA!^YPaQB?a$+h^`II;;27?eBOzk(b;b{5-BsQ1B zgmTI$oZNSQbh$E^CQxzx%NP?@(QhC6g_aENyfv@gzb@HyxeHbyPNdlbON+`XD=aJ- z=@NYq&h4n$yBeOh5!`wtKAhta+{lG}XkUIixCJfd-*|IAx7sO>XEy<$!GlE zr1b9t<(uz+OAw<-zuf(u(pNXDpWJ}rpW*)-jq^@;eThX}#{|7$9BF=15(V$$HlS1I z_`S_(L#`|qlUpY4-g34S8;_3)dBd0quU!16_MNAW=